CLOUDP-305560: Add Atlas Integration CRD

Signed-off-by: jose.vazquez <[email protected]>

Author: josvazg

PROJECT

@@ -143,4 +143,12 @@ resources:
   kind: AtlasNetworkPeering
   path: github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1
   version: v1
+- api:
+    crdVersion: v1
+    namespaced: true
+  domain: mongodb.com
+  group: atlas
+  kind: AtlasIntegration
+  path: github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1
+  version: v1
 version: "3"

api/v1/atlasintegration_types.go

@@ -0,0 +1,187 @@
+/*
+Copyright 2025 MongoDB.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package v1
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1/status"
+)
+
+func init() {
+	SchemeBuilder.Register(&AtlasIntegration{}, &AtlasIntegrationList{})
+}
+
+// +kubebuilder:object:root=true
+
+// AtlasIntegration is the Schema for the atlas 3rd party inegrations API.
+type AtlasIntegration struct {
+	metav1.TypeMeta   `json:",inline"`
+	metav1.ObjectMeta `json:"metadata,omitempty"`
+
+	Spec   AtlasIntegrationSpec          `json:"spec,omitempty"`
+	Status status.AtlasIntegrationStatus `json:"status,omitempty"`
+}
+
+// AtlasIntegrationSpec contains the expected configuration for an integration
+// +kubebuilder:validation:XValidation:rule="(has(self.externalProjectRef) && !has(self.projectRef)) || (!has(self.externalProjectRef) && has(self.projectRef))",message="must define only one project reference through externalProjectRef or projectRef"
+// +kubebuilder:validation:XValidation:rule="(has(self.externalProjectRef) && has(self.connectionSecret)) || !has(self.externalProjectRef)",message="must define a local connection secret when referencing an external project"
+// +kubebuilder:validation:XValidation:rule="has(self.type) && self.type.size() != 0",message="must define a type of integration"
+// +kubebuilder:validation:XValidation:rule="!has(self.datadog) || (self.type == 'DATADOG' && has(self.datadog))",message="only DATADOG type may set datadog fields"
+// +kubebuilder:validation:XValidation:rule="!has(self.microsoftTeams) || (self.type == 'MICROSOFT_TEAMS' && has(self.microsoftTeams))",message="only MICROSOFT_TEAMS type may set microsoftTeams fields"
+// +kubebuilder:validation:XValidation:rule="!has(self.newRelic) || (self.type == 'NEW_RELIC' && has(self.newRelic))",message="only NEW_RELIC type may set newRelic fields"
+// +kubebuilder:validation:XValidation:rule="!has(self.opsGenie) || (self.type == 'OPS_GENIE' && has(self.opsGenie))",message="only OPS_GENIE type may set opsGenie fields"
+// +kubebuilder:validation:XValidation:rule="!has(self.prometheus) || (self.type == 'PROMETHEUS' && has(self.prometheus))",message="only PROMETHEUS type may set prometheus fields"
+// +kubebuilder:validation:XValidation:rule="!has(self.pagerDuty) || (self.type == 'PAGER_DUTY' && has(self.pagerDuty))",message="only PAGER_DUTY type may set pagerDuty fields"
+// +kubebuilder:validation:XValidation:rule="!has(self.slack) || (self.type == 'SLACK' && has(self.slack))",message="only SLACK type may set slack fields"
+// +kubebuilder:validation:XValidation:rule="!has(self.victorOps) || (self.type == 'VICTOR_OPS' && has(self.victorOps))",message="only VICTOR_OPS type may set victorOps fields"
+// +kubebuilder:validation:XValidation:rule="!has(self.webhook) || (self.type == 'WEBHOOK' && has(self.webhook))",message="only WEBHOOK type may set webhook fields"
+type AtlasIntegrationSpec struct {
+	ProjectDualReference `json:",inline"`
+
+	// ID of the integration in Atlas. May be omitted to create a new one.
+	// +kubebuilder:validation:Optional
+	ID *string `json:"id"`
+
+	// Type of the integration
+	// +kubebuilder:validation:Enum:=DATADOG;MICROSOFT_TEAMS;NEW_RELIC;OPS_GENIE;PAGER_DUTY;PROMETHEUS;SLACK;VICTOR_OPS;WEBHOOK
+	// +kubebuilder:validation:Required
+	Type string `json:"type"`
+
+	Datadog *DatadogIntegration `json:"datadog,omitempty"`
+
+	MicrosoftTeams *MicrosoftTeamsIntegration `json:"microsoftTeams,omitempty"`
+
+	NewRelic *NewRelicIntegration `json:"newRelic,omitempty"`
+
+	OpsGenie *OpsGenieIntegration `json:"opsGenie,omitempty"`
+
+	PagerDuty *PagerDutyIntegration `json:"pagerDuty,omitempty"`
+
+	Prometheus *PrometheusIntegration `json:"prometheus,omitempty"`
+
+	Slack *SlackIntegration `json:"slack,omitempty"`
+
+	VictorOps *VictorOpsIntegration `json:"victorOps,omitempty"`
+
+	Webhook *WebhookIntegration `json:"webhook,omitempty"`
+}
+
+type DatadogIntegration struct {
+	// APIKeySecret is the name of a secret containing the datadog api key
+	// +kubebuilder:validation:Required
+	APIKeySecret string `json:"apiKeySecret"`
+
+	// Region is the Datadog region
+	// +kubebuilder:validation:Required
+	Region string `json:"region"`
+
+	// SendCollectionLatencyMetrics flags whether or not to send collection latency metrics
+	// +kubebuilder:validation:Required
+	SendCollectionLatencyMetrics bool `json:"sendCollectionLatencyMetrics"`
+
+	// SendDatabaseMetrics flags whether or not to send database metrics
+	// +kubebuilder:validation:Required
+	SendDatabaseMetrics bool `json:"sendDatabaseMetrics"`
+}
+
+type MicrosoftTeamsIntegration struct {
+	// URLSecret is the name of a secret containing the microsoft teams secret URL
+	// +kubebuilder:validation:Required
+	URLSecret string `json:"apiKeySecret"`
+}
+
+type NewRelicIntegration struct {
+	// CredentialsSecret is the name of a secret containing new relic's credentials:
+	// account id, license key, read and write tokens
+	// +kubebuilder:validation:Required
+	CredentialsSecret string `json:"credentialsSecret"`
+}
+
+type OpsGenieIntegration struct {
+	// APIKeySecret is the name of a secret containing Ops Genie's API key
+	// +kubebuilder:validation:Required
+	APIKeySecret string `json:"apiKeySecret"`
+
+	// Region is the Ops Genie region
+	// +kubebuilder:validation:Required
+	Region string `json:"region"`
+}
+
+type PagerDutyIntegration struct {
+	// ServiceKeySecret is the name of a secret containing Pager Duty service key
+	// +kubebuilder:validation:Required
+	ServiceKeySecret string `json:"serviceKeySecret"`
+
+	// Region is the Pager Duty region
+	// +kubebuilder:validation:Required
+	Region string `json:"region"`
+}
+
+type PrometheusIntegration struct {
+	// UsernameSecret is the name of a secret containing the Prometehus username
+	// +kubebuilder:validation:Required
+	UsernameSecret string `json:"usernameSecret"`
+
+	// ServiceDiscovery to be used by Prometheus
+	// +kubebuilder:validation:Enum:=file;http
+	// +kubebuilder:validation:Required
+	ServiceDiscovery string `json:"region"`
+
+	// Enabled flags whether or not Prometheus integration is enabled
+	// +kubebuilder:validation:Required
+	Enabled bool `json:"sendCollectionLatencyMetrics"`
+}
+
+type SlackIntegration struct {
+	// APITokenSecret is the name of a secret containing the Slack API token
+	// +kubebuilder:validation:Required
+	APITokenSecret string `json:"usernameSecret"`
+
+	// ChannelName to be used by Prometheus
+	// +kubebuilder:validation:Required
+	ChannelName string `json:"channelName"`
+
+	// TeamName flags whether or not Prometheus integration is enabled
+	// +kubebuilder:validation:Required
+	TeamName string `json:"teamName"`
+}
+
+type VictorOpsIntegration struct {
+	// KeysSecret is the name of a secret containing Victor Ops API and routing keys
+	// +kubebuilder:validation:Required
+	KeysSecret string `json:"keySecret"`
+}
+
+type WebhookIntegration struct {
+	// URLSecret is the name of a secret containing Webhook URL and secret
+	// +kubebuilder:validation:Required
+	URLSecret string `json:"keySecret"`
+}
+
+// +kubebuilder:object:root=true
+
+// AtlasIntegrationList contains a list of Atlas Integrations.
+type AtlasIntegrationList struct {
+	metav1.TypeMeta `json:",inline"`
+	metav1.ListMeta `json:"metadata,omitempty"`
+	Items           []AtlasIntegration `json:"items"`
+}
+
+func (i *AtlasIntegration) ProjectDualRef() *ProjectDualReference {
+	return &i.Spec.ProjectDualReference
+}

api/v1/atlasintegration_types_test.go

@@ -0,0 +1,181 @@
+package v1
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"k8s.io/apimachinery/pkg/runtime"
+
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1/common"
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/test/helper/cel"
+)
+
+func TestIntegrationCELChecks(t *testing.T) {
+	for _, tc := range []struct {
+		title          string
+		obj            *AtlasIntegration
+		expectedErrors []string
+	}{
+		{
+			title:          "fails with no type",
+			obj:            &AtlasIntegration{},
+			expectedErrors: []string{"spec: Invalid value: \"object\": must define a type of integration"},
+		},
+		{
+			title: "Datadog works",
+			obj: &AtlasIntegration{
+				Spec: AtlasIntegrationSpec{
+					Type: "DATADOG",
+					Datadog: &DatadogIntegration{
+						APIKeySecret:                 "api-key-secretname",
+						Region:                       "US",
+						SendCollectionLatencyMetrics: false,
+						SendDatabaseMetrics:          false,
+					},
+				},
+			},
+		},
+		{
+			title: "Microsoft Teams works",
+			obj: &AtlasIntegration{
+				Spec: AtlasIntegrationSpec{
+					Type: "MICROSOFT_TEAMS",
+					MicrosoftTeams: &MicrosoftTeamsIntegration{
+						URLSecret: "url-secretname",
+					},
+				},
+			},
+		},
+		{
+			title: "New Relic works",
+			obj: &AtlasIntegration{
+				Spec: AtlasIntegrationSpec{
+					Type: "NEW_RELIC",
+					NewRelic: &NewRelicIntegration{
+						CredentialsSecret: "credentials-secretname",
+					},
+				},
+			},
+		},
+		{
+			title: "Ops Genie works",
+			obj: &AtlasIntegration{
+				Spec: AtlasIntegrationSpec{
+					Type: "OPS_GENIE",
+					OpsGenie: &OpsGenieIntegration{
+						APIKeySecret: "api-key-secretname",
+						Region:       "US",
+					},
+				},
+			},
+		},
+		{
+			title: "Pager Duty works",
+			obj: &AtlasIntegration{
+				Spec: AtlasIntegrationSpec{
+					Type: "PAGER_DUTY",
+					PagerDuty: &PagerDutyIntegration{
+						ServiceKeySecret: "service-key-secretname",
+						Region:           "US",
+					},
+				},
+			},
+		},
+		{
+			title: "Prometheus duty works",
+			obj: &AtlasIntegration{
+				Spec: AtlasIntegrationSpec{
+					Type: "PROMETHEUS",
+					Prometheus: &PrometheusIntegration{
+						UsernameSecret:   "username-secretname",
+						ServiceDiscovery: "http",
+						Enabled:          false,
+					},
+				},
+			},
+		},
+		{
+			title: "Slack works",
+			obj: &AtlasIntegration{
+				Spec: AtlasIntegrationSpec{
+					Type: "SLACK",
+					Slack: &SlackIntegration{
+						APITokenSecret: "api-tooken-secretname",
+						ChannelName:    "channel",
+						TeamName:       "team",
+					},
+				},
+			},
+		},
+		{
+			title: "Victor ops works",
+			obj: &AtlasIntegration{
+				Spec: AtlasIntegrationSpec{
+					Type: "VICTOR_OPS",
+					VictorOps: &VictorOpsIntegration{
+						KeysSecret: "keys-secetname",
+					},
+				},
+			},
+		},
+		{
+			title: "Webhook works",
+			obj: &AtlasIntegration{
+				Spec: AtlasIntegrationSpec{
+					Type: "WEBHOOK",
+					Webhook: &WebhookIntegration{
+						URLSecret: "url-secretname",
+					},
+				},
+			},
+		},
+		{
+			title: "Prometheus on Pager Duty type fails",
+			obj: &AtlasIntegration{
+				Spec: AtlasIntegrationSpec{
+					Type:      "PAGER_DUTY",
+					PagerDuty: &PagerDutyIntegration{},
+					Prometheus: &PrometheusIntegration{
+						UsernameSecret:   "username-secretname",
+						ServiceDiscovery: "http",
+						Enabled:          false,
+					},
+				},
+			},
+			expectedErrors: []string{"spec: Invalid value: \"object\": only PROMETHEUS type may set prometheus fields"},
+		},
+		{
+			title: "Datadog on Webhook type fails",
+			obj: &AtlasIntegration{
+				Spec: AtlasIntegrationSpec{
+					Type: "WEBHOOK",
+					Datadog: &DatadogIntegration{
+						APIKeySecret:                 "api-key-secretname",
+						Region:                       "US",
+						SendCollectionLatencyMetrics: false,
+						SendDatabaseMetrics:          false,
+					},
+					Webhook: &WebhookIntegration{
+						URLSecret: "url-secretname",
+					},
+				},
+			},
+			expectedErrors: []string{"spec: Invalid value: \"object\": only DATADOG type may set datadog fields"},
+		},
+	} {
+		t.Run(tc.title, func(t *testing.T) {
+			// inject a project to avoid other CEL validations being hit
+			tc.obj.Spec.ProjectRef = &common.ResourceRefNamespaced{Name: "some-project"}
+			unstructuredObject, err := runtime.DefaultUnstructuredConverter.ToUnstructured(&tc.obj)
+			require.NoError(t, err)
+
+			crdPath := "../../config/crd/bases/atlas.mongodb.com_atlasintegrations.yaml"
+			validator, err := cel.VersionValidatorFromFile(t, crdPath, "v1")
+			assert.NoError(t, err)
+			errs := validator(unstructuredObject, nil)
+
+			require.Equal(t, tc.expectedErrors, cel.ErrorListAsStrings(errs))
+		})
+	}
+}

api/v1/project_reference_cel_test.go

@@ -63,6 +63,14 @@ var dualRefCRDs = []struct {
 		},
 		filename: "atlas.mongodb.com_atlasnetworkpeerings.yaml",
 	},
+	{
+		obj: &AtlasIntegration{
+			Spec: AtlasIntegrationSpec{ // Avoid triggering integration specific validations
+				Type: "DATADOG",
+			},
+		},
+		filename: "atlas.mongodb.com_atlasintegrations.yaml",
+	},
 }
 
 var testCases = []struct {