CLOUDP-188104: Deployment Resource Tagging

config/crd/bases/atlas.mongodb.com_atlasdeployments.yaml

@@ -231,6 +231,28 @@ spec:
                     type: array
                   rootCertType:
                     type: string
+                  tags:
+                    description: Key-value pairs for resource tagging.
+                    items:
+                      description: TagSpec holds a key-value pair for resource tagging
+                        on this deployment.
+                      properties:
+                        key:
+                          maxLength: 255
+                          minLength: 1
+                          pattern: ^[a-zA-Z0-9][a-zA-Z0-9 @_.+`;`-]*$
+                          type: string
+                        value:
+                          maxLength: 255
+                          minLength: 1
+                          pattern: ^[a-zA-Z0-9][a-zA-Z0-9@_.+`;`-]*$
+                          type: string
+                      required:
+                      - key
+                      - value
+                      type: object
+                    maxItems: 50
+                    type: array
                   versionReleaseSystem:
                     type: string
                 type: object
@@ -574,6 +596,28 @@ spec:
                           type: string
                       type: object
                     type: array
+                  tags:
+                    description: Key-value pairs for resource tagging.
+                    items:
+                      description: TagSpec holds a key-value pair for resource tagging
+                        on this deployment.
+                      properties:
+                        key:
+                          maxLength: 255
+                          minLength: 1
+                          pattern: ^[a-zA-Z0-9][a-zA-Z0-9 @_.+`;`-]*$
+                          type: string
+                        value:
+                          maxLength: 255
+                          minLength: 1
+                          pattern: ^[a-zA-Z0-9][a-zA-Z0-9@_.+`;`-]*$
+                          type: string
+                      required:
+                      - key
+                      - value
+                      type: object
+                    maxItems: 50
+                    type: array
                 required:
                 - name
                 - providerSettings
@@ -747,6 +791,28 @@ spec:
                     required:
                     - providerName
                     type: object
+                  tags:
+                    description: Key-value pairs for resource tagging.
+                    items:
+                      description: TagSpec holds a key-value pair for resource tagging
+                        on this deployment.
+                      properties:
+                        key:
+                          maxLength: 255
+                          minLength: 1
+                          pattern: ^[a-zA-Z0-9][a-zA-Z0-9 @_.+`;`-]*$
+                          type: string
+                        value:
+                          maxLength: 255
+                          minLength: 1
+                          pattern: ^[a-zA-Z0-9][a-zA-Z0-9@_.+`;`-]*$
+                          type: string
+                      required:
+                      - key
+                      - value
+                      type: object
+                    maxItems: 50
+                    type: array
                 required:
                 - name
                 - providerSettings

go.mod

@@ -22,7 +22,7 @@ require (
 	github.com/pborman/uuid v1.2.1
 	github.com/sethvargo/go-password v0.2.0
 	github.com/stretchr/testify v1.8.4
-	go.mongodb.org/atlas v0.31.0
+	go.mongodb.org/atlas v0.32.0
 	go.mongodb.org/mongo-driver v1.12.0
 	go.uber.org/zap v1.24.0
 	golang.org/x/sync v0.3.0

go.sum

@@ -313,6 +313,7 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq
 github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
 github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
 github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno=
 github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
 github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
 github.com/onsi/gomega v1.27.10 h1:naR28SdDFlqrG6kScpT8VWpu1xWY5nJRCF3XaYyBjhI=
@@ -393,8 +394,8 @@ github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de
 github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
 github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
-go.mongodb.org/atlas v0.31.0 h1:NgLqsNYm6wDYeDUO90etw1sl8T1U2DUKu36eUdnrFSI=
-go.mongodb.org/atlas v0.31.0/go.mod h1:L4BKwVx/OeEhOVjCSdgo90KJm4469iv7ZLzQms/EPTg=
+go.mongodb.org/atlas v0.32.0 h1:6uHwus8Bz+h1Ax75Pf3qo3kWCwnaUYav+SxSMU2RGiQ=
+go.mongodb.org/atlas v0.32.0/go.mod h1:L4BKwVx/OeEhOVjCSdgo90KJm4469iv7ZLzQms/EPTg=
 go.mongodb.org/mongo-driver v1.12.0 h1:aPx33jmn/rQuJXPQLZQ8NtfPQG8CaqgLThFtqRb0PiE=
 go.mongodb.org/mongo-driver v1.12.0/go.mod h1:AZkxhPnFJUoH7kZlFkVKucV20K387miPfm7oimrSmK0=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

pkg/api/v1/atlasdeployment_types.go

@@ -119,6 +119,11 @@ type DeploymentSpec struct {
 	// +kubebuilder:validation:Pattern:=^[a-zA-Z0-9][a-zA-Z0-9-]*$
 	Name string `json:"name"`
 
+	// Key-value pairs for resource tagging.
+	// +kubebuilder:validation:MaxItems=50
+	// +optional
+	Tags []*TagSpec `json:"tags,omitempty"`
+
 	// Positive integer that specifies the number of shards to deploy for a sharded deployment.
 	// The parameter is required if replicationSpecs are configured
 	// +kubebuilder:validation:Minimum=1
@@ -163,12 +168,16 @@ type AdvancedDeploymentSpec struct {
 	// After Atlas creates the deployment, you can't change its name.
 	// Can only contain ASCII letters, numbers, and hyphens.
 	// +kubebuilder:validation:Pattern:=^[a-zA-Z0-9][a-zA-Z0-9-]*$
-	Name                 string                     `json:"name,omitempty"`
-	Paused               *bool                      `json:"paused,omitempty"`
-	PitEnabled           *bool                      `json:"pitEnabled,omitempty"`
-	ReplicationSpecs     []*AdvancedReplicationSpec `json:"replicationSpecs,omitempty"`
-	RootCertType         string                     `json:"rootCertType,omitempty"`
-	VersionReleaseSystem string                     `json:"versionReleaseSystem,omitempty"`
+	Name             string                     `json:"name,omitempty"`
+	Paused           *bool                      `json:"paused,omitempty"`
+	PitEnabled       *bool                      `json:"pitEnabled,omitempty"`
+	ReplicationSpecs []*AdvancedReplicationSpec `json:"replicationSpecs,omitempty"`
+	RootCertType     string                     `json:"rootCertType,omitempty"`
+	// Key-value pairs for resource tagging.
+	// +kubebuilder:validation:MaxItems=50
+	// +optional
+	Tags                 []*TagSpec `json:"tags,omitempty"`
+	VersionReleaseSystem string     `json:"versionReleaseSystem,omitempty"`
 	// +optional
 	CustomZoneMapping []CustomZoneMapping `json:"customZoneMapping,omitempty"`
 	// +optional
@@ -205,9 +214,19 @@ type ServerlessSpec struct {
 	// +kubebuilder:validation:Pattern:=^[a-zA-Z0-9][a-zA-Z0-9-]*$
 	Name string `json:"name"`
 	// Configuration for the provisioned hosts on which MongoDB runs. The available options are specific to the cloud service provider.
-	ProviderSettings *ProviderSettingsSpec `json:"providerSettings"`
-
+	ProviderSettings *ProviderSettingsSpec       `json:"providerSettings"`
 	PrivateEndpoints []ServerlessPrivateEndpoint `json:"privateEndpoints,omitempty"`
+	// Key-value pairs for resource tagging.
+	// +kubebuilder:validation:MaxItems=50
+	// +optional
+	Tags []*TagSpec `json:"tags,omitempty"`
+}
+
+// ServerlessToAtlas converts the ServerlessSpec to native Atlas client Cluster format.
+func (s *ServerlessSpec) ServerlessToAtlas() (*mongodbatlas.Cluster, error) {
+	result := &mongodbatlas.Cluster{}
+	err := compat.JSONCopy(result, s)
+	return result, err
 }
 
 // BiConnector specifies BI Connector for Atlas configuration on this deployment.
@@ -216,6 +235,18 @@ type BiConnector struct {
 	ReadPreference string `json:"readPreference,omitempty"`
 }
 
+// TagSpec holds a key-value pair for resource tagging on this deployment.
+type TagSpec struct {
+	// +kubebuilder:validation:MaxLength:=255
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:Pattern:=^[a-zA-Z0-9][a-zA-Z0-9 @_.+`;`-]*$
+	Key string `json:"key"`
+	// +kubebuilder:validation:MaxLength:=255
+	// +kubebuilder:validation:MinLength:=1
+	// +kubebuilder:validation:Pattern:=^[a-zA-Z0-9][a-zA-Z0-9@_.+`;`-]*$
+	Value string `json:"value"`
+}
+
 // ConnectionStrings configuration for applications use to connect to this deployment.
 type ConnectionStrings struct {
 	Standard          string                `json:"standard,omitempty"`

pkg/api/v1/atlasdeployment_types_test.go

@@ -55,7 +55,6 @@ func init() {
 	excludedClusterFieldsTheirs["createDate"] = true
 	excludedClusterFieldsTheirs["versionReleaseSystem"] = true
 	excludedClusterFieldsTheirs["serverlessBackupOptions"] = true
-	excludedClusterFieldsTheirs["tags"] = true
 }
 
 func TestCompatibility(t *testing.T) {

pkg/api/v1/status/cloud_provider_access.go

@@ -56,7 +56,7 @@ func (c *CloudProviderAccessRole) FailedToAuthorise(errorMessage string) {
 	c.ErrorMessage = errorMessage
 }
 
-func (c *CloudProviderAccessRole) Update(role mongodbatlas.AWSIAMRole, isEmptyArn bool) {
+func (c *CloudProviderAccessRole) Update(role mongodbatlas.CloudProviderAccessRole, isEmptyArn bool) {
 	c.RoleID = role.RoleID
 	c.AtlasAssumedRoleExternalID = role.AtlasAssumedRoleExternalID
 	c.AtlasAWSAccountArn = role.AtlasAWSAccountARN

pkg/controller/atlasdeployment/atlasdeployment_controller.go

@@ -193,6 +193,13 @@ func (r *AtlasDeploymentReconciler) Reconcile(context context.Context, req ctrl.
 		deployment.Spec.DeploymentSpec = nil
 	}
 
+	if err := uniqueKey(&deployment.Spec); err != nil {
+		log.Errorw("failed to validate tags", "error", err)
+		result := workflow.Terminate(workflow.Internal, err.Error())
+		ctx.SetConditionFromResult(status.DeploymentReadyType, result)
+		return result.ReconcileResult(), nil
+	}
+
 	handleDeployment := r.selectDeploymentHandler(deployment)
 	if result, _ := handleDeployment(ctx, project, deployment, req); !result.IsOk() {
 		ctx.SetConditionFromResult(status.DeploymentReadyType, result)
@@ -205,7 +212,6 @@ func (r *AtlasDeploymentReconciler) Reconcile(context context.Context, req ctrl.
 			return result.ReconcileResult(), nil
 		}
 	}
-
 	return workflow.OK().ReconcileResult(), nil
 }
 
@@ -478,3 +484,24 @@ func (r *AtlasDeploymentReconciler) removeDeletionFinalizer(context context.Cont
 }
 
 type deploymentHandlerFunc func(ctx *workflow.Context, project *mdbv1.AtlasProject, deployment *mdbv1.AtlasDeployment, req reconcile.Request) (workflow.Result, error)
+
+// Parse through tags and verfiy that all keys are unique. Return error on duplicate key.
+func uniqueKey(deploymentSpec *mdbv1.AtlasDeploymentSpec) error {
+	store := make(map[string]string)
+	var arrTags []*mdbv1.TagSpec
+
+	if deploymentSpec.AdvancedDeploymentSpec != nil {
+		arrTags = deploymentSpec.AdvancedDeploymentSpec.Tags
+	} else {
+		arrTags = deploymentSpec.ServerlessSpec.Tags
+	}
+	for _, currTag := range arrTags {
+		if store[currTag.Key] == "" {
+			store[currTag.Key] = currTag.Value
+		} else {
+			err := errors.New("duplicate keys found in tags, this is forbidden")
+			return err
+		}
+	}
+	return nil
+}

pkg/controller/atlasdeployment/atlasdeployment_controller_test.go

@@ -0,0 +1,49 @@
+package atlasdeployment
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	mdbv1 "github.com/mongodb/mongodb-atlas-kubernetes/pkg/api/v1"
+)
+
+func TestUniqueKey(t *testing.T) {
+	//var deploymentSpec *mdbv1.AtlasDeploymentSpec
+	t.Run("Test duplicates in Advanced Deployment", func(t *testing.T) {
+		deploymentSpec := &mdbv1.AtlasDeploymentSpec{
+			AdvancedDeploymentSpec: &mdbv1.AdvancedDeploymentSpec{
+				Tags: []*mdbv1.TagSpec{{Key: "foo", Value: "true"}, {Key: "foo", Value: "false"}},
+			},
+		}
+		err := uniqueKey(deploymentSpec)
+		assert.Error(t, err)
+	})
+	t.Run("Test no duplicates in Advanced Deployment", func(t *testing.T) {
+		deploymentSpec := &mdbv1.AtlasDeploymentSpec{
+			AdvancedDeploymentSpec: &mdbv1.AdvancedDeploymentSpec{
+				Tags: []*mdbv1.TagSpec{{Key: "foo", Value: "true"}, {Key: "bar", Value: "false"}, {Key: "foobar", Value: "false"}},
+			},
+		}
+		err := uniqueKey(deploymentSpec)
+		assert.NoError(t, err)
+	})
+	t.Run("Test duplicates in Serverless Instance", func(t *testing.T) {
+		deploymentSpec := &mdbv1.AtlasDeploymentSpec{
+			ServerlessSpec: &mdbv1.ServerlessSpec{
+				Tags: []*mdbv1.TagSpec{{Key: "foo", Value: "true"}, {Key: "bar", Value: "false"}, {Key: "foo", Value: "false"}},
+			},
+		}
+		err := uniqueKey(deploymentSpec)
+		assert.Error(t, err)
+	})
+	t.Run("Test no duplicates in Serverless Instance", func(t *testing.T) {
+		deploymentSpec := &mdbv1.AtlasDeploymentSpec{
+			ServerlessSpec: &mdbv1.ServerlessSpec{
+				Tags: []*mdbv1.TagSpec{{Key: "foo", Value: "true"}, {Key: "bar", Value: "false"}},
+			},
+		}
+		err := uniqueKey(deploymentSpec)
+		assert.NoError(t, err)
+	})
+}

pkg/controller/atlasdeployment/deployment.go

@@ -28,6 +28,7 @@ func ConvertLegacyDeployment(deploymentSpec *mdbv1.AtlasDeploymentSpec) error {
 		Labels:                   legacy.Labels,
 		MongoDBMajorVersion:      legacy.MongoDBMajorVersion,
 		Name:                     legacy.Name,
+		Tags:                     legacy.Tags,
 		Paused:                   legacy.Paused,
 		PitEnabled:               legacy.PitEnabled,
 		ReplicationSpecs:         replicationSpecs,