search

mongodb / mongodb-atlas-kubernetes

MongoDB Atlas Kubernetes Operator - Manage your MongoDB Atlas clusters from Kubernetes
http://www.mongodb.com/cloud/atlas
Apache License 2.0
151 stars 78 forks source link

Integration ResourceRefNamespaced uses incorrect namespace #725

Closed Desuuuu closed 2 years ago

Desuuuu commented 2 years ago

What did you do to encounter the bug?

What did you expect? The reference should use the provided namespace, or the project namespace if unspecified.

What happened instead? In both cases, the operator produces an error similar to this:

{"level":"WARN","time":"2022-10-21T14:24:47.890Z","msg":"Update Integrations","atlasproject":"default/my-project","Can not convert kube integration":"Secret \"slack-token\" not found"}

Operator Information

Additional context This condition is causing the issue: https://github.com/mongodb/mongodb-atlas-kubernetes/blob/4e6130ec419246b5a7a0491b9e1cbfcd48403e90/pkg/api/v1/common/common.go#L49-L52

Different namespace:

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: slack-token
  namespace: slack
  labels:
    atlas.mongodb.com/type: credentials
stringData:
  password: slacktoken
---
apiVersion: atlas.mongodb.com/v1
kind: AtlasProject
metadata:
  name: my-project
  namespace: default
spec:
  name: my-project
  connectionSecretRef:
    name: atlas-secret
  integrations:
  - type: SLACK
    teamName: my-team
    channelName: my-channel
    apiTokenRef:
      name: slack-token
      namespace: slack

Same namespace:

apiVersion: v1
kind: Secret
type: Opaque
metadata:
  name: slack-token
  namespace: default
  labels:
    atlas.mongodb.com/type: credentials
stringData:
  password: slacktoken
---
apiVersion: atlas.mongodb.com/v1
kind: AtlasProject
metadata:
  name: my-project
  namespace: default
spec:
  name: my-project
  connectionSecretRef:
    name: atlas-secret
  integrations:
  - type: SLACK
    teamName: my-team
    channelName: my-channel
    apiTokenRef:
      name: slack-token
fabritsius commented 2 years ago

Hey @Desuuuu,

Thanks for the issue.

Similar issues might come up if the secret isn't labeled atlas.mongodb.com/type=credentials, like this:

kubectl label secret slack-token atlas.mongodb.com/type=credentials -n mongodb-atlas-system

Let me know if this helps 😌

Desuuuu commented 2 years ago

It does not help. As you can see in the two examples I provided, my secret is already labeled.

The problem is pretty obvious when you look at the piece of code I linked to above: the condition is inverted.

fabritsius commented 2 years ago

Ah, yeah, now I see it, thank you! Will be fixed in the Monday release 👌

Desuuuu commented 2 years ago

This fixed the case where a different namespace is specified, but not the case where no namespace is specified.

https://github.com/mongodb/mongodb-atlas-kubernetes/blob/0c2d71e4f1e4f53badd06e4308a5bb36994e1cb9/pkg/api/v1/common/common.go#L44-L55

The GetObject method, which ultimately determines which namespace is used, still returns an invalid key (empty namespace) when rn.Namespace is empty.