Test connection string works when mounted into pod (mongodb#882)

Author: chatton

.action_templates/jobs/tests.yaml

@@ -52,3 +52,5 @@ tests:
           distro: ubi
         - test-name: replica_set_custom_persistent_volume
           distro: ubi
+        - test-name: replica_set_mount_connection_string
+          distro: ubi

.github/workflows/e2e-fork.yml

@@ -134,6 +134,8 @@ jobs:
           distro: ubi
         - test-name: replica_set_custom_persistent_volume
           distro: ubi
+        - test-name: replica_set_mount_connection_string
+          distro: ubi
     steps:
     # template: .action_templates/steps/cancel-previous.yaml
     - name: Cancel Previous Runs

.github/workflows/e2e.yml

@@ -140,6 +140,8 @@ jobs:
           distro: ubi
         - test-name: replica_set_custom_persistent_volume
           distro: ubi
+        - test-name: replica_set_mount_connection_string
+          distro: ubi
     steps:
     # template: .action_templates/steps/cancel-previous.yaml
     - name: Cancel Previous Runs

.gitignore

@@ -94,3 +94,5 @@ Dockerfile.ubi-*
 Dockerfile.ubuntu-*
 
 diagnostics
+
+!test/test-app/Dockerfile

api/v1/mongodbcommunity_types.go

@@ -668,25 +668,26 @@ func (m MongoDBCommunity) AutomationConfigArbitersThisReconciliation() int {
 
 // MongoURI returns a mongo uri which can be used to connect to this deployment
 func (m MongoDBCommunity) MongoURI(clusterDomain string) string {
-	return fmt.Sprintf("mongodb://%s", strings.Join(m.Hosts(clusterDomain), ","))
+	return fmt.Sprintf("mongodb://%s/?replicaSet=%s", strings.Join(m.Hosts(clusterDomain), ","), m.Name)
 }
 
 // MongoSRVURI returns a mongo srv uri which can be used to connect to this deployment
 func (m MongoDBCommunity) MongoSRVURI(clusterDomain string) string {
 	if clusterDomain == "" {
 		clusterDomain = defaultClusterDomain
 	}
-	return fmt.Sprintf("mongodb+srv://%s.%s.svc.%s", m.ServiceName(), m.Namespace, clusterDomain)
+	return fmt.Sprintf("mongodb+srv://%s.%s.svc.%s/?replicaSet=%s", m.ServiceName(), m.Namespace, clusterDomain, m.Name)
 }
 
 // MongoAuthUserURI returns a mongo uri which can be used to connect to this deployment
 // and includes the authentication data for the user
 func (m MongoDBCommunity) MongoAuthUserURI(user scram.User, password string, clusterDomain string) string {
-	return fmt.Sprintf("mongodb://%s:%s@%s/%s?ssl=%t",
+	return fmt.Sprintf("mongodb://%s:%s@%s/%s?replicaSet=%s&ssl=%t",
 		url.QueryEscape(user.Username),
 		url.QueryEscape(password),
 		strings.Join(m.Hosts(clusterDomain), ","),
 		user.Database,
+		m.Name,
 		m.Spec.Security.TLS.Enabled)
 }
 
@@ -696,13 +697,14 @@ func (m MongoDBCommunity) MongoAuthUserSRVURI(user scram.User, password string,
 	if clusterDomain == "" {
 		clusterDomain = defaultClusterDomain
 	}
-	return fmt.Sprintf("mongodb+srv://%s:%s@%s.%s.svc.%s/%s?ssl=%t",
+	return fmt.Sprintf("mongodb+srv://%s:%s@%s.%s.svc.%s/%s?replicaSet=%s&ssl=%t",
 		url.QueryEscape(user.Username),
 		url.QueryEscape(password),
 		m.ServiceName(),
 		m.Namespace,
 		clusterDomain,
 		user.Database,
+		m.Name,
 		m.Spec.Security.TLS.Enabled)
 }
 

api/v1/mongodbcommunity_types_test.go

@@ -9,20 +9,20 @@ import (
 
 func TestMongoDB_MongoURI(t *testing.T) {
 	mdb := newReplicaSet(2, "my-rs", "my-namespace")
-	assert.Equal(t, mdb.MongoURI(""), "mongodb://my-rs-0.my-rs-svc.my-namespace.svc.cluster.local:27017,my-rs-1.my-rs-svc.my-namespace.svc.cluster.local:27017")
-	assert.Equal(t, mdb.MongoURI("my.cluster"), "mongodb://my-rs-0.my-rs-svc.my-namespace.svc.my.cluster:27017,my-rs-1.my-rs-svc.my-namespace.svc.my.cluster:27017")
+	assert.Equal(t, mdb.MongoURI(""), "mongodb://my-rs-0.my-rs-svc.my-namespace.svc.cluster.local:27017,my-rs-1.my-rs-svc.my-namespace.svc.cluster.local:27017/?replicaSet=my-rs")
+	assert.Equal(t, mdb.MongoURI("my.cluster"), "mongodb://my-rs-0.my-rs-svc.my-namespace.svc.my.cluster:27017,my-rs-1.my-rs-svc.my-namespace.svc.my.cluster:27017/?replicaSet=my-rs")
 	mdb = newReplicaSet(1, "my-single-rs", "my-single-namespace")
-	assert.Equal(t, mdb.MongoURI(""), "mongodb://my-single-rs-0.my-single-rs-svc.my-single-namespace.svc.cluster.local:27017")
-	assert.Equal(t, mdb.MongoURI("my.cluster"), "mongodb://my-single-rs-0.my-single-rs-svc.my-single-namespace.svc.my.cluster:27017")
+	assert.Equal(t, mdb.MongoURI(""), "mongodb://my-single-rs-0.my-single-rs-svc.my-single-namespace.svc.cluster.local:27017/?replicaSet=my-single-rs")
+	assert.Equal(t, mdb.MongoURI("my.cluster"), "mongodb://my-single-rs-0.my-single-rs-svc.my-single-namespace.svc.my.cluster:27017/?replicaSet=my-single-rs")
 	mdb = newReplicaSet(5, "my-big-rs", "my-big-namespace")
-	assert.Equal(t, mdb.MongoURI(""), "mongodb://my-big-rs-0.my-big-rs-svc.my-big-namespace.svc.cluster.local:27017,my-big-rs-1.my-big-rs-svc.my-big-namespace.svc.cluster.local:27017,my-big-rs-2.my-big-rs-svc.my-big-namespace.svc.cluster.local:27017,my-big-rs-3.my-big-rs-svc.my-big-namespace.svc.cluster.local:27017,my-big-rs-4.my-big-rs-svc.my-big-namespace.svc.cluster.local:27017")
-	assert.Equal(t, mdb.MongoURI("my.cluster"), "mongodb://my-big-rs-0.my-big-rs-svc.my-big-namespace.svc.my.cluster:27017,my-big-rs-1.my-big-rs-svc.my-big-namespace.svc.my.cluster:27017,my-big-rs-2.my-big-rs-svc.my-big-namespace.svc.my.cluster:27017,my-big-rs-3.my-big-rs-svc.my-big-namespace.svc.my.cluster:27017,my-big-rs-4.my-big-rs-svc.my-big-namespace.svc.my.cluster:27017")
+	assert.Equal(t, mdb.MongoURI(""), "mongodb://my-big-rs-0.my-big-rs-svc.my-big-namespace.svc.cluster.local:27017,my-big-rs-1.my-big-rs-svc.my-big-namespace.svc.cluster.local:27017,my-big-rs-2.my-big-rs-svc.my-big-namespace.svc.cluster.local:27017,my-big-rs-3.my-big-rs-svc.my-big-namespace.svc.cluster.local:27017,my-big-rs-4.my-big-rs-svc.my-big-namespace.svc.cluster.local:27017/?replicaSet=my-big-rs")
+	assert.Equal(t, mdb.MongoURI("my.cluster"), "mongodb://my-big-rs-0.my-big-rs-svc.my-big-namespace.svc.my.cluster:27017,my-big-rs-1.my-big-rs-svc.my-big-namespace.svc.my.cluster:27017,my-big-rs-2.my-big-rs-svc.my-big-namespace.svc.my.cluster:27017,my-big-rs-3.my-big-rs-svc.my-big-namespace.svc.my.cluster:27017,my-big-rs-4.my-big-rs-svc.my-big-namespace.svc.my.cluster:27017/?replicaSet=my-big-rs")
 	mdb = newReplicaSet(2, "my-rs", "my-namespace")
 	mdb.Spec.AdditionalMongodConfig.Object = map[string]interface{}{
 		"net.port": 40333.,
 	}
-	assert.Equal(t, mdb.MongoURI(""), "mongodb://my-rs-0.my-rs-svc.my-namespace.svc.cluster.local:40333,my-rs-1.my-rs-svc.my-namespace.svc.cluster.local:40333")
-	assert.Equal(t, mdb.MongoURI("my.cluster"), "mongodb://my-rs-0.my-rs-svc.my-namespace.svc.my.cluster:40333,my-rs-1.my-rs-svc.my-namespace.svc.my.cluster:40333")
+	assert.Equal(t, mdb.MongoURI(""), "mongodb://my-rs-0.my-rs-svc.my-namespace.svc.cluster.local:40333,my-rs-1.my-rs-svc.my-namespace.svc.cluster.local:40333/?replicaSet=my-rs")
+	assert.Equal(t, mdb.MongoURI("my.cluster"), "mongodb://my-rs-0.my-rs-svc.my-namespace.svc.my.cluster:40333,my-rs-1.my-rs-svc.my-namespace.svc.my.cluster:40333/?replicaSet=my-rs")
 }
 
 func TestMongodConfiguration(t *testing.T) {

test/e2e/replica_set_mount_connection_string/replica_set_mount_connection_string_test.go

@@ -0,0 +1,110 @@
+package replica_set_mount_connection_string
+
+import (
+	"context"
+	"fmt"
+	"github.com/mongodb/mongodb-kubernetes-operator/test/e2e/util/wait"
+	"github.com/stretchr/testify/assert"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"os"
+	"testing"
+	"time"
+
+	. "github.com/mongodb/mongodb-kubernetes-operator/test/e2e/util/mongotester"
+
+	e2eutil "github.com/mongodb/mongodb-kubernetes-operator/test/e2e"
+	"github.com/mongodb/mongodb-kubernetes-operator/test/e2e/mongodbtests"
+	setup "github.com/mongodb/mongodb-kubernetes-operator/test/e2e/setup"
+)
+
+func TestMain(m *testing.M) {
+	code, err := e2eutil.RunTest(m)
+	if err != nil {
+		fmt.Println(err)
+	}
+	os.Exit(code)
+}
+
+// createPythonTestPod creates a pod with a simple python app which connects to a MongoDB database
+// using the connection string referenced within a given secret key.
+func createPythonTestPod(idx int, namespace, secretName, secretKey string) corev1.Pod {
+	return corev1.Pod{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:      fmt.Sprintf("test-pod-%d", idx),
+			Namespace: namespace,
+		},
+		Spec: corev1.PodSpec{
+			RestartPolicy: corev1.RestartPolicyNever,
+			Containers: []corev1.Container{
+				{
+					Name:       "python-app",
+					Image:      "quay.io/mongodb/mongodb-kubernetes-operator-test-app:1.0.0",
+					Command:    []string{"python", "main.py"},
+					WorkingDir: "/app",
+					Env: []corev1.EnvVar{
+						{
+							Name: "CONNECTION_STRING",
+							ValueFrom: &corev1.EnvVarSource{
+								SecretKeyRef: &corev1.SecretKeySelector{
+									LocalObjectReference: corev1.LocalObjectReference{
+										Name: secretName,
+									},
+									Key: secretKey,
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func TestMountConnectionString(t *testing.T) {
+	ctx := setup.Setup(t)
+	defer ctx.Teardown()
+
+	mdb, user := e2eutil.NewTestMongoDB(ctx, "mdb0", "")
+	scramUser := mdb.GetScramUsers()[0]
+
+	_, err := setup.GeneratePasswordForUser(ctx, user, "")
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	tester, err := FromResource(t, mdb)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	t.Run("Create MongoDB Resource", mongodbtests.CreateMongoDBResource(&mdb, ctx))
+	t.Run("Basic tests", mongodbtests.BasicFunctionality(&mdb))
+	t.Run("Keyfile authentication is configured", tester.HasKeyfileAuth(3))
+	t.Run("Test Basic Connectivity", tester.ConnectivitySucceeds())
+	t.Run("Test SRV Connectivity", tester.ConnectivitySucceeds(WithURI(mdb.MongoSRVURI("")), WithoutTls(), WithReplicaSet((mdb.Name))))
+	t.Run("Test Basic Connectivity with generated connection string secret",
+		tester.ConnectivitySucceeds(WithURI(mongodbtests.GetConnectionStringForUser(mdb, scramUser))))
+	t.Run("Test SRV Connectivity with generated connection string secret",
+		tester.ConnectivitySucceeds(WithURI(mongodbtests.GetSrvConnectionStringForUser(mdb, scramUser))))
+	t.Run("Ensure Authentication", tester.EnsureAuthenticationIsConfigured(3))
+	t.Run("AutomationConfig has the correct version", mongodbtests.AutomationConfigVersionHasTheExpectedVersion(&mdb, 1))
+
+	t.Run("Application Pod can connect to MongoDB using the generated standard connection string.", func(t *testing.T) {
+		testPod := createPythonTestPod(0, mdb.Namespace, fmt.Sprintf("%s-admin-%s", mdb.Name, user.Name), "connectionString.standard")
+		err := e2eutil.TestClient.Create(context.TODO(), &testPod, &e2eutil.CleanupOptions{
+			TestContext: ctx,
+		})
+		assert.NoError(t, err)
+		assert.NoError(t, wait.ForPodPhase(t, time.Minute*5, testPod, corev1.PodSucceeded))
+	})
+
+	t.Run("Application Pod can connect to MongoDB using the generated secret SRV connection string", func(t *testing.T) {
+		testPod := createPythonTestPod(1, mdb.Namespace, fmt.Sprintf("%s-admin-%s", mdb.Name, user.Name), "connectionString.standardSrv")
+		err := e2eutil.TestClient.Create(context.TODO(), &testPod, &e2eutil.CleanupOptions{
+			TestContext: ctx,
+		})
+		assert.NoError(t, err)
+		assert.NoError(t, wait.ForPodPhase(t, time.Minute*5, testPod, corev1.PodSucceeded))
+	})
+}

test/e2e/util/wait/wait.go

@@ -181,6 +181,17 @@ func ForPodReadiness(t *testing.T, isReady bool, containerName string, timeout t
 	})
 }
 
+func ForPodPhase(t *testing.T, timeout time.Duration, pod corev1.Pod, podPhase corev1.PodPhase) error {
+	return wait.Poll(time.Second*3, timeout, func() (done bool, err error) {
+		err = e2eutil.TestClient.Get(context.TODO(), types.NamespacedName{Name: pod.Name, Namespace: pod.Namespace}, &pod)
+		if err != nil {
+			return false, err
+		}
+		t.Logf("Current phase %s, expected phase %s", pod.Status.Phase, podPhase)
+		return pod.Status.Phase == podPhase, nil
+	})
+}
+
 // waitForRuntimeObjectToExist waits until a runtime.Object of the given name exists
 // using the provided retryInterval and timeout provided.
 func waitForRuntimeObjectToExist(name string, retryInterval, timeout time.Duration, obj client.Object, namespace string) error {

test/test-app/Dockerfile

@@ -0,0 +1,11 @@
+FROM python:3.8-slim-buster
+
+WORKDIR /app
+
+COPY requirements.txt requirements.txt
+
+RUN pip3 install -r requirements.txt
+
+COPY main.py main.py
+
+CMD [ "python3", "/app/main.py"]

test/test-app/README.md

@@ -0,0 +1,9 @@
+This Dockerfile is a for an image which can be found
+[here](https://quay.io/repository/mongodb/mongodb-kubernetes-operator-test-app)
+
+The E2E tests use this to ensure that the secret generated by the operator can be mounted into an application pod and
+used to successfully connect with a Mongo client.
+
+```bash
+docker build . -t quay.io/mongodb/mongodb-kubernetes-operator-test-app:1.0.0
+```

test/test-app/main.py

@@ -0,0 +1,22 @@
+import os
+import sys
+
+from pymongo import MongoClient
+
+
+def main() -> int:
+    connection_string = os.getenv("CONNECTION_STRING")
+    print(f"Using connection String: {connection_string}")
+    client = MongoClient(connection_string)
+
+    try:
+        client.testing.col.insert_one({})
+    except Exception as e:
+        print(f"Error inserting document {e}")
+        return 1
+
+    return 0
+
+
+if __name__ == "__main__":
+    sys.exit(main())

test/test-app/requirements.txt

@@ -0,0 +1,2 @@
+PyMongo==4.0.1
+dnspython==2.2.0