Simplify resolution

Signed-off-by: jose.vazquez <[email protected]>

Author: josvazg

internal/mocks/atlas/provider.go

@@ -12,11 +12,10 @@ import (
 )
 
 type TestProvider struct {
-	ClientFunc               func(secretRef *client.ObjectKey, log *zap.SugaredLogger) (*mongodbatlas.Client, string, error)
-	SdkClientFunc            func(secretRef *client.ObjectKey, log *zap.SugaredLogger) (*admin.APIClient, string, error)
-	IsCloudGovFunc           func() bool
-	IsSupportedFunc          func() bool
-	GlobalFallbackSecretFunc func() *client.ObjectKey
+	ClientFunc      func(secretRef *client.ObjectKey, log *zap.SugaredLogger) (*mongodbatlas.Client, string, error)
+	SdkClientFunc   func(secretRef *client.ObjectKey, log *zap.SugaredLogger) (*admin.APIClient, string, error)
+	IsCloudGovFunc  func() bool
+	IsSupportedFunc func() bool
 }
 
 func (f *TestProvider) Client(_ context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*mongodbatlas.Client, string, error) {
@@ -34,7 +33,3 @@ func (f *TestProvider) IsCloudGov() bool {
 func (f *TestProvider) IsResourceSupported(_ api.AtlasCustomResource) bool {
 	return f.IsSupportedFunc()
 }
-
-func (f *TestProvider) GlobalFallbackSecret() *client.ObjectKey {
-	return f.GlobalFallbackSecretFunc()
-}

internal/translation/dbuser/dbuser_test.go

@@ -22,13 +22,12 @@ import (
 
 func TestNewAtlasDatabaseUsersService(t *testing.T) {
 	ctx := context.Background()
-	secretRef := &types.NamespacedName{}
 	provider := &atlas.TestProvider{
 		SdkClientFunc: func(_ *client.ObjectKey, _ *zap.SugaredLogger) (*admin.APIClient, string, error) {
 			return &admin.APIClient{}, "", nil
 		},
-		GlobalFallbackSecretFunc: func() *client.ObjectKey { return secretRef },
 	}
+	secretRef := &types.NamespacedName{}
 	log := zap.S()
 	users, err := NewAtlasDatabaseUsersService(ctx, provider, secretRef, log)
 	require.NoError(t, err)
@@ -38,13 +37,12 @@ func TestNewAtlasDatabaseUsersService(t *testing.T) {
 func TestFailedNewAtlasDatabaseUsersService(t *testing.T) {
 	expectedErr := errors.New("fake error")
 	ctx := context.Background()
-	secretRef := &types.NamespacedName{}
 	provider := &atlas.TestProvider{
 		SdkClientFunc: func(_ *client.ObjectKey, _ *zap.SugaredLogger) (*admin.APIClient, string, error) {
 			return nil, "", expectedErr
 		},
-		GlobalFallbackSecretFunc: func() *client.ObjectKey { return secretRef },
 	}
+	secretRef := &types.NamespacedName{}
 	log := zap.S()
 	users, err := NewAtlasDatabaseUsersService(ctx, provider, secretRef, log)
 	require.Nil(t, users)

pkg/controller/atlas/provider.go

@@ -32,13 +32,12 @@ type Provider interface {
 	SdkClient(ctx context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*admin.APIClient, string, error)
 	IsCloudGov() bool
 	IsResourceSupported(resource api.AtlasCustomResource) bool
-	GlobalFallbackSecret() *client.ObjectKey
 }
 
 type ProductionProvider struct {
 	k8sClient       client.Client
 	domain          string
-	globalSecretRef *client.ObjectKey
+	globalSecretRef client.ObjectKey
 }
 
 type credentialsSecret struct {
@@ -47,7 +46,7 @@ type credentialsSecret struct {
 	PrivateKey string
 }
 
-func NewProductionProvider(atlasDomain string, globalSecretRef *client.ObjectKey, k8sClient client.Client) *ProductionProvider {
+func NewProductionProvider(atlasDomain string, globalSecretRef client.ObjectKey, k8sClient client.Client) *ProductionProvider {
 	return &ProductionProvider{
 		k8sClient:       k8sClient,
 		domain:          atlasDomain,
@@ -94,7 +93,7 @@ func (p *ProductionProvider) IsResourceSupported(resource api.AtlasCustomResourc
 }
 
 func (p *ProductionProvider) Client(ctx context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*mongodbatlas.Client, string, error) {
-	secretData, err := getSecrets(ctx, p.k8sClient, secretRef)
+	secretData, err := getSecrets(ctx, p.k8sClient, secretRef, &p.globalSecretRef)
 	if err != nil {
 		return nil, "", err
 	}
@@ -114,7 +113,7 @@ func (p *ProductionProvider) Client(ctx context.Context, secretRef *client.Objec
 }
 
 func (p *ProductionProvider) SdkClient(ctx context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*admin.APIClient, string, error) {
-	secretData, err := getSecrets(ctx, p.k8sClient, secretRef)
+	secretData, err := getSecrets(ctx, p.k8sClient, secretRef, &p.globalSecretRef)
 	if err != nil {
 		return nil, "", err
 	}
@@ -134,14 +133,11 @@ func (p *ProductionProvider) SdkClient(ctx context.Context, secretRef *client.Ob
 	return c, secretData.OrgID, nil
 }
 
-func (p *ProductionProvider) GlobalFallbackSecret() *client.ObjectKey {
-	return p.globalSecretRef
-}
-
-func getSecrets(ctx context.Context, k8sClient client.Client, secretRef *client.ObjectKey) (*credentialsSecret, error) {
+func getSecrets(ctx context.Context, k8sClient client.Client, secretRef, fallbackRef *client.ObjectKey) (*credentialsSecret, error) {
 	if secretRef == nil {
-		return nil, fmt.Errorf("secret reference cannot be nil")
+		secretRef = fallbackRef
 	}
+
 	secret := &corev1.Secret{}
 	if err := k8sClient.Get(ctx, *secretRef, secret); err != nil {
 		return nil, fmt.Errorf("failed to read Atlas API credentials from the secret %s: %w", secretRef.String(), err)

pkg/controller/atlas/provider_test.go

@@ -20,7 +20,7 @@ import (
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/version"
 )
 
-func TestProviderClient(t *testing.T) {
+func TestProvider_Client(t *testing.T) {
 	secret := &corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name:      "api-secret",
@@ -44,19 +44,19 @@ func TestProviderClient(t *testing.T) {
 		WithObjects(secret).
 		Build()
 
-	t.Run("should return Atlas API client and organization id from the passed in connection secret even with the global secret unset", func(t *testing.T) {
-		p := NewProductionProvider("https://cloud.mongodb.com/", nil, k8sClient)
+	t.Run("should return Atlas API client and organization id using global secret", func(t *testing.T) {
+		p := NewProductionProvider("https://cloud.mongodb.com/", client.ObjectKey{Name: "api-secret", Namespace: "default"}, k8sClient)
 
-		c, id, err := p.Client(context.Background(), objectKey(secret), zaptest.NewLogger(t).Sugar())
+		c, id, err := p.Client(context.Background(), nil, zaptest.NewLogger(t).Sugar())
 		assert.NoError(t, err)
 		assert.Equal(t, "1234567890", id)
 		assert.NotNil(t, c)
 	})
 
-	t.Run("should return Atlas API client and organization id from the passed in connection secret even with the global secret set", func(t *testing.T) {
-		p := NewProductionProvider("https://cloud.mongodb.com/", &client.ObjectKey{Name: "global-secret", Namespace: "default"}, k8sClient)
+	t.Run("should return Atlas API client and organization id using connection secret", func(t *testing.T) {
+		p := NewProductionProvider("https://cloud.mongodb.com/", client.ObjectKey{Name: "global-secret", Namespace: "default"}, k8sClient)
 
-		c, id, err := p.Client(context.Background(), objectKey(secret), zaptest.NewLogger(t).Sugar())
+		c, id, err := p.Client(context.Background(), &client.ObjectKey{Name: "api-secret", Namespace: "default"}, zaptest.NewLogger(t).Sugar())
 		assert.NoError(t, err)
 		assert.Equal(t, "1234567890", id)
 		assert.NotNil(t, c)
@@ -65,17 +65,17 @@ func TestProviderClient(t *testing.T) {
 
 func TestProvider_IsCloudGov(t *testing.T) {
 	t.Run("should return false for invalid domain", func(t *testing.T) {
-		p := NewProductionProvider("http://x:namedport", &client.ObjectKey{}, nil)
+		p := NewProductionProvider("http://x:namedport", client.ObjectKey{}, nil)
 		assert.False(t, p.IsCloudGov())
 	})
 
 	t.Run("should return false for commercial Atlas domain", func(t *testing.T) {
-		p := NewProductionProvider("https://cloud.mongodb.com/", &client.ObjectKey{}, nil)
+		p := NewProductionProvider("https://cloud.mongodb.com/", client.ObjectKey{}, nil)
 		assert.False(t, p.IsCloudGov())
 	})
 
 	t.Run("should return true for Atlas for government domain", func(t *testing.T) {
-		p := NewProductionProvider("https://cloud.mongodbgov.com/", &client.ObjectKey{}, nil)
+		p := NewProductionProvider("https://cloud.mongodbgov.com/", client.ObjectKey{}, nil)
 		assert.True(t, p.IsCloudGov())
 	})
 }
@@ -166,7 +166,7 @@ func TestProvider_IsResourceSupported(t *testing.T) {
 
 	for desc, data := range dataProvider {
 		t.Run(desc, func(t *testing.T) {
-			p := NewProductionProvider(data.domain, &client.ObjectKey{}, nil)
+			p := NewProductionProvider(data.domain, client.ObjectKey{}, nil)
 			assert.Equal(t, data.expectation, p.IsResourceSupported(data.resource))
 		})
 	}
@@ -210,10 +210,3 @@ func TestOperatorUserAgent(t *testing.T) {
 	require.Contains(t, userAgent, "MongoDBAtlasKubernetesOperator")
 	require.Contains(t, userAgent, version.Version)
 }
-
-func objectKey(obj client.Object) *client.ObjectKey {
-	return &client.ObjectKey{
-		Name:      obj.GetName(),
-		Namespace: obj.GetNamespace(),
-	}
-}

pkg/controller/atlasdatabaseuser/atlasdatabaseuser_controller.go

@@ -127,8 +127,7 @@ func (r *AtlasDatabaseUserReconciler) Reconcile(ctx context.Context, req ctrl.Re
 		return result.ReconcileResult(), nil
 	}
 
-	globalSecret := r.AtlasProvider.GlobalFallbackSecret()
-	credentialsSecret, err := customresource.ComputeSecret(globalSecret, project, databaseUser)
+	credentialsSecret, err := customresource.ComputeSecret(project, databaseUser)
 	if err != nil {
 		result = workflow.Terminate(workflow.Internal, err.Error())
 		workflowCtx.SetConditionFromResult(api.DatabaseUserReadyType, result)

pkg/controller/atlasdatabaseuser/databaseuser_test.go

@@ -16,7 +16,6 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/runtime"
 	utilruntime "k8s.io/apimachinery/pkg/util/runtime"
-	"sigs.k8s.io/controller-runtime/pkg/client"
 	"sigs.k8s.io/controller-runtime/pkg/client/fake"
 	"sigs.k8s.io/controller-runtime/pkg/reconcile"
 
@@ -168,8 +167,7 @@ func TestEnsureDatabaseUser(t *testing.T) {
 		Client: fakeClient,
 		Log:    log,
 		AtlasProvider: &atlas.TestProvider{
-			IsCloudGovFunc:           func() bool { return false },
-			GlobalFallbackSecretFunc: func() *client.ObjectKey { return nil },
+			IsCloudGovFunc: func() bool { return false },
 		},
 	}
 	for _, tc := range []struct {

pkg/controller/atlasproject/atlasproject_controller_test.go

@@ -145,7 +145,6 @@ func TestReconcile(t *testing.T) {
 					SdkClientFunc: func(secretRef *client.ObjectKey, log *zap.SugaredLogger) (*admin.APIClient, string, error) {
 						return tt.atlasSDKMocker(), "", nil
 					},
-					GlobalFallbackSecretFunc: func() *client.ObjectKey { return nil },
 				},
 			}
 

pkg/controller/atlasproject/teams_test.go

@@ -68,7 +68,6 @@ func TestUpdateTeamState(t *testing.T) {
 			ClientFunc: func(secretRef *client.ObjectKey, log *zap.SugaredLogger) (*mongodbatlas.Client, string, error) {
 				return &mongodbatlas.Client{}, "0987654321", nil
 			},
-			GlobalFallbackSecretFunc: func() *client.ObjectKey { return objectKey(secret) },
 		}
 		k8sClient := buildFakeKubernetesClient(secret, project, team)
 		reconciler := &AtlasProjectReconciler{
@@ -133,7 +132,6 @@ func TestUpdateTeamState(t *testing.T) {
 					Teams: teamsMock,
 				}, "0987654321", nil
 			},
-			GlobalFallbackSecretFunc: func() *client.ObjectKey { return objectKey(secret) },
 		}
 		k8sClient := buildFakeKubernetesClient(secret, project, team)
 		reconciler := &AtlasProjectReconciler{
@@ -206,7 +204,6 @@ func TestUpdateTeamState(t *testing.T) {
 							Teams: teamsMock,
 						}, "0987654321", nil
 					},
-					GlobalFallbackSecretFunc: func() *client.ObjectKey { return nil },
 				}
 				reconciler := &AtlasProjectReconciler{
 					Client:                   buildFakeKubernetesClient(project, team),
@@ -257,10 +254,3 @@ func reference(obj client.Object) *common.ResourceRefNamespaced {
 		Namespace: obj.GetNamespace(),
 	}
 }
-
-func objectKey(obj client.Object) *client.ObjectKey {
-	return &client.ObjectKey{
-		Name:      obj.GetName(),
-		Namespace: obj.GetNamespace(),
-	}
-}

pkg/controller/customresource/customresource.go

@@ -139,22 +139,7 @@ func SetAnnotation(resource api.AtlasCustomResource, key, value string) {
 	resource.SetAnnotations(annot)
 }
 
-func ComputeSecret(globalSecret *client.ObjectKey, project *akov2.AtlasProject, resource api.ResourceWithCredentials) (*client.ObjectKey, error) {
-	secret, err := resolveConnectionSecret(project, resource)
-	if err != nil {
-		return nil, err
-	}
-	if secret != nil {
-		return secret, nil
-	}
-	if globalSecret != nil {
-		return globalSecret, nil
-	}
-	return nil, fmt.Errorf("failed to find credentials secret from resource %q, Project %q or global credentials",
-		resource.GetName(), project.GetName())
-}
-
-func resolveConnectionSecret(project *akov2.AtlasProject, resource api.ResourceWithCredentials) (*client.ObjectKey, error) {
+func ComputeSecret(project *akov2.AtlasProject, resource api.ResourceWithCredentials) (*client.ObjectKey, error) {
 	if resource == nil {
 		return nil, fmt.Errorf("resource cannot be nil")
 	}