CLOUDP-283291: Support export private endpoint custom resource (#3498)

Author: helderjs

docs/command/atlas-kubernetes-config-generate.txt

@@ -60,7 +60,7 @@ Options
    * - --operatorVersion
      - string
      - false
-     - Version of Atlas Kubernetes Operator to generate resources for. This value defaults to "2.5.0".
+     - Version of Atlas Kubernetes Operator to generate resources for. This value defaults to "2.6.0".
    * - --orgId
      - string
      - false

go.mod

@@ -30,7 +30,7 @@ require (
 	github.com/mholt/archives v0.0.0-20241207175349-5e373c52f8aa
 	github.com/mongodb-forks/digest v1.1.0
 	github.com/mongodb-labs/cobra2snooty v0.18.2
-	github.com/mongodb/mongodb-atlas-kubernetes/v2 v2.5.0
+	github.com/mongodb/mongodb-atlas-kubernetes/v2 v2.6.0
 	github.com/pelletier/go-toml v1.9.5
 	github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c
 	github.com/shirou/gopsutil/v4 v4.24.11
@@ -56,11 +56,11 @@ require (
 	google.golang.org/grpc v1.69.0
 	google.golang.org/protobuf v1.36.0
 	gopkg.in/yaml.v3 v3.0.1
-	k8s.io/api v0.31.3
-	k8s.io/apiextensions-apiserver v0.31.3
-	k8s.io/apimachinery v0.31.3
-	k8s.io/apiserver v0.31.3
-	k8s.io/client-go v0.31.3
+	k8s.io/api v0.32.0
+	k8s.io/apiextensions-apiserver v0.32.0
+	k8s.io/apimachinery v0.32.0
+	k8s.io/apiserver v0.32.0
+	k8s.io/client-go v0.32.0
 	sigs.k8s.io/controller-runtime v0.19.3
 	sigs.k8s.io/kind v0.25.0
 	sigs.k8s.io/yaml v1.4.0
@@ -109,9 +109,9 @@ require (
 	github.com/go-logr/logr v1.4.2 // indirect
 	github.com/go-logr/stdr v1.2.2 // indirect
 	github.com/go-ole/go-ole v1.2.6 // indirect
-	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonpointer v0.21.0 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
-	github.com/go-openapi/swag v0.22.4 // indirect
+	github.com/go-openapi/swag v0.23.0 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang-jwt/jwt/v5 v5.2.1 // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
@@ -130,7 +130,6 @@ require (
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
 	github.com/hashicorp/golang-lru/v2 v2.0.7 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/imdario/mergo v0.3.12 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
 	github.com/josharian/intern v1.0.0 // indirect
 	github.com/json-iterator/go v1.1.12 // indirect
@@ -170,6 +169,7 @@ require (
 	github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
 	go.mongodb.org/atlas-sdk/v20231115008 v20231115008.5.0 // indirect
+	go.mongodb.org/atlas-sdk/v20241113001 v20241113001.0.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.1.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect
@@ -187,14 +187,13 @@ require (
 	golang.org/x/text v0.21.0 // indirect
 	golang.org/x/time v0.8.0 // indirect
 	google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect
-	google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect
+	google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/ini.v1 v1.67.0 // indirect
-	gopkg.in/yaml.v2 v2.4.0 // indirect
 	k8s.io/klog/v2 v2.130.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20240228011516-70dd3763d340 // indirect
-	k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 // indirect
-	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect
+	k8s.io/utils v0.0.0-20241104100929-3ea5e8cea738 // indirect
+	sigs.k8s.io/json v0.0.0-20241010143419-9aa6b5e7a4b3 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.4.2 // indirect
 )

go.sum

@@ -234,6 +234,28 @@ func (e *ConfigExporter) exportProject() ([]runtime.Object, string, error) {
 		e.dictionaryForAtlasNames,
 	))
 
+	if e.featureValidator.IsResourceSupported(features.ResourceAtlasPrivateEndpoint) {
+		privateEndpoints, err := project.BuildPrivateEndpointCustomResources(
+			e.dataProvider,
+			project.PrivateEndpointRequest{
+				ProjectName:         projectData.Project.Name,
+				ProjectID:           e.projectID,
+				TargetNamespace:     e.targetNamespace,
+				Version:             e.operatorVersion,
+				Credentials:         credentialsName,
+				IndependentResource: e.independentResources,
+				Dictionary:          e.dictionaryForAtlasNames,
+			},
+		)
+		if err != nil {
+			return nil, "", err
+		}
+
+		for _, privateEndpoint := range privateEndpoints {
+			r = append(r, &privateEndpoint)
+		}
+	}
+
 	// DB users
 	usersData, relatedSecrets, err := dbusers.BuildDBUsers(
 		e.dataProvider,

internal/kubernetes/operator/config_exporter.go

@@ -27,7 +27,7 @@ import (
 )
 
 const (
-	LatestOperatorMajorVersion          = "2.5.0"
+	LatestOperatorMajorVersion          = "2.6.0"
 	maxDepth                            = 100
 	ResourceVersion                     = "mongodb.com/atlas-resource-version"
 	ResourceAtlasProject                = "atlasprojects"
@@ -41,6 +41,7 @@ const (
 	ResourceAtlasStreamInstance         = "atlasstreaminstances"
 	ResourceAtlasStreamConnection       = "atlasstreamconnections"
 	ResourceAtlasBackupCompliancePolicy = "atlasbackupcompliancepolicies"
+	ResourceAtlasPrivateEndpoint        = "atlasprivateendpoints"
 )
 
 var (
@@ -52,17 +53,7 @@ var (
 	ErrDocumentHasNoSpec         = errors.New("document contains no Spec")
 
 	versionsToResourcesMap = map[string][]resource{
-		"2.2.0": {
-			resource{ResourceAtlasDatabaseUser, NopPatcher()},
-			resource{ResourceAtlasProject, NopPatcher()},
-			resource{ResourceAtlasDeployment, NopPatcher()},
-			resource{ResourceAtlasBackupSchedule, NopPatcher()},
-			resource{ResourceAtlasBackupPolicy, NopPatcher()},
-			resource{ResourceAtlasTeam, NopPatcher()},
-			resource{ResourceAtlasDataFederation, NopPatcher()},
-			resource{ResourceAtlasFederatedAuth, NopPatcher()},
-		},
-		"2.3.0": {
+		"2.4.0": {
 			resource{ResourceAtlasDatabaseUser, NopPatcher()},
 			resource{ResourceAtlasProject, NopPatcher()},
 			resource{ResourceAtlasDeployment, NopPatcher()},
@@ -73,8 +64,9 @@ var (
 			resource{ResourceAtlasFederatedAuth, NopPatcher()},
 			resource{ResourceAtlasStreamInstance, NopPatcher()},
 			resource{ResourceAtlasStreamConnection, NopPatcher()},
+			resource{ResourceAtlasBackupCompliancePolicy, NopPatcher()},
 		},
-		"2.4.0": {
+		"2.5.0": {
 			resource{ResourceAtlasDatabaseUser, NopPatcher()},
 			resource{ResourceAtlasProject, NopPatcher()},
 			resource{ResourceAtlasDeployment, NopPatcher()},
@@ -87,7 +79,7 @@ var (
 			resource{ResourceAtlasStreamConnection, NopPatcher()},
 			resource{ResourceAtlasBackupCompliancePolicy, NopPatcher()},
 		},
-		"2.5.0": {
+		"2.6.0": {
 			resource{ResourceAtlasDatabaseUser, NopPatcher()},
 			resource{ResourceAtlasProject, NopPatcher()},
 			resource{ResourceAtlasDeployment, NopPatcher()},
@@ -99,6 +91,7 @@ var (
 			resource{ResourceAtlasStreamInstance, NopPatcher()},
 			resource{ResourceAtlasStreamConnection, NopPatcher()},
 			resource{ResourceAtlasBackupCompliancePolicy, NopPatcher()},
+			resource{ResourceAtlasPrivateEndpoint, NopPatcher()},
 		},
 	}
 )

internal/kubernetes/operator/features/crds.go

@@ -0,0 +1,221 @@
+// Copyright 2024 MongoDB Inc
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package project
+
+import (
+	"fmt"
+	"strings"
+
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/kubernetes/operator/features"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/kubernetes/operator/resources"
+	"github.com/mongodb/mongodb-atlas-cli/atlascli/internal/store"
+	akoapi "github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api"
+	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api/v1"
+	akov2common "github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api/v1/common"
+	akov2status "github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/api/v1/status"
+	atlasv2 "go.mongodb.org/atlas-sdk/v20241113004/admin"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+)
+
+type PrivateEndpointRequest struct {
+	ProjectName         string
+	ProjectID           string
+	TargetNamespace     string
+	Version             string
+	Credentials         string
+	IndependentResource bool
+	Dictionary          map[string]string
+}
+
+func BuildPrivateEndpointCustomResources(
+	provider store.OperatorPrivateEndpointStore,
+	request PrivateEndpointRequest,
+) ([]akov2.AtlasPrivateEndpoint, error) {
+	services := make([]atlasv2.EndpointService, 0)
+
+	for _, cloud := range []string{"AWS", "AZURE", "GCP"} {
+		cloudServices, err := provider.PrivateEndpoints(request.ProjectID, cloud)
+		if err != nil {
+			return nil, err
+		}
+
+		services = append(services, cloudServices...)
+	}
+
+	privateEndpoints := make([]akov2.AtlasPrivateEndpoint, 0, len(services))
+	for _, service := range services {
+		resourceName := resources.NormalizeAtlasName(
+			fmt.Sprintf("%s-pe-%s-%s", request.ProjectName, service.GetCloudProvider(), strings.ToLower(strings.ReplaceAll(service.GetRegionName(), "_", ""))),
+			request.Dictionary,
+		)
+		resource := akov2.AtlasPrivateEndpoint{
+			TypeMeta: metav1.TypeMeta{
+				Kind:       "AtlasPrivateEndpoint",
+				APIVersion: "atlas.mongodb.com/v1",
+			},
+			ObjectMeta: metav1.ObjectMeta{
+				Name:      resourceName,
+				Namespace: request.TargetNamespace,
+				Labels: map[string]string{
+					features.ResourceVersion: request.Version,
+				},
+			},
+			Spec: akov2.AtlasPrivateEndpointSpec{
+				Provider: service.GetCloudProvider(),
+				Region:   service.GetRegionName(),
+			},
+			Status: akov2status.AtlasPrivateEndpointStatus{
+				Common: akoapi.Common{
+					Conditions: []akoapi.Condition{},
+				},
+			},
+		}
+
+		if request.IndependentResource {
+			resource.Spec.ExternalProject = &akov2.ExternalProjectReference{
+				ID: request.ProjectID,
+			}
+			resource.Spec.LocalCredentialHolder = akoapi.LocalCredentialHolder{
+				ConnectionSecret: &akoapi.LocalObjectReference{
+					Name: resources.NormalizeAtlasName(request.Credentials, request.Dictionary),
+				},
+			}
+		} else {
+			resource.Spec.Project = &akov2common.ResourceRefNamespaced{
+				Name:      request.ProjectName,
+				Namespace: request.TargetNamespace,
+			}
+		}
+
+		awsConfigs, err := buildAWSInterfaces(provider, request.ProjectID, service.GetId(), service.GetInterfaceEndpoints())
+		if err != nil {
+			return nil, err
+		}
+		resource.Spec.AWSConfiguration = awsConfigs
+
+		azureConfigs, err := buildAzureInterfaces(provider, request.ProjectID, service.GetId(), service.GetPrivateEndpoints())
+		if err != nil {
+			return nil, err
+		}
+		resource.Spec.AzureConfiguration = azureConfigs
+
+		gcpConfigs, err := buildGCPInterfaces(provider, request.ProjectID, service.GetId(), service.GetEndpointGroupNames())
+		if err != nil {
+			return nil, err
+		}
+		resource.Spec.GCPConfiguration = gcpConfigs
+
+		privateEndpoints = append(privateEndpoints, resource)
+	}
+
+	return privateEndpoints, nil
+}
+
+func buildAWSInterfaces(
+	provider store.OperatorPrivateEndpointStore,
+	projectID string,
+	serviceID string,
+	interfaceIDs []string,
+) ([]akov2.AWSPrivateEndpointConfiguration, error) {
+	if len(interfaceIDs) == 0 {
+		return nil, nil
+	}
+
+	configs := make([]akov2.AWSPrivateEndpointConfiguration, 0, len(interfaceIDs))
+
+	for _, interfaceID := range interfaceIDs {
+		pe, err := provider.InterfaceEndpoint(projectID, "AWS", serviceID, interfaceID)
+		if err != nil {
+			return nil, err
+		}
+
+		configs = append(configs, akov2.AWSPrivateEndpointConfiguration{ID: pe.GetInterfaceEndpointId()})
+	}
+
+	return configs, nil
+}
+
+func buildAzureInterfaces(
+	provider store.OperatorPrivateEndpointStore,
+	projectID string,
+	serviceID string,
+	interfaceIDs []string,
+) ([]akov2.AzurePrivateEndpointConfiguration, error) {
+	if len(interfaceIDs) == 0 {
+		return nil, nil
+	}
+
+	configs := make([]akov2.AzurePrivateEndpointConfiguration, 0, len(interfaceIDs))
+
+	for _, interfaceID := range interfaceIDs {
+		pe, err := provider.InterfaceEndpoint(projectID, "AZURE", serviceID, interfaceID)
+		if err != nil {
+			return nil, err
+		}
+
+		configs = append(
+			configs,
+			akov2.AzurePrivateEndpointConfiguration{
+				ID: pe.GetPrivateEndpointResourceId(),
+				IP: pe.GetPrivateEndpointIPAddress(),
+			},
+		)
+	}
+
+	return configs, nil
+}
+
+func buildGCPInterfaces(
+	provider store.OperatorPrivateEndpointStore,
+	projectID string,
+	serviceID string,
+	interfaceIDs []string,
+) ([]akov2.GCPPrivateEndpointConfiguration, error) {
+	if len(interfaceIDs) == 0 {
+		return nil, nil
+	}
+
+	configs := make([]akov2.GCPPrivateEndpointConfiguration, 0, len(interfaceIDs))
+
+	for _, interfaceID := range interfaceIDs {
+		pe, err := provider.InterfaceEndpoint(projectID, "GCP", serviceID, interfaceID)
+		if err != nil {
+			return nil, err
+		}
+
+		gcpEPs := make([]akov2.GCPPrivateEndpoint, 0, len(pe.GetEndpoints()))
+		for _, gcpEP := range pe.GetEndpoints() {
+			gcpEPs = append(
+				gcpEPs,
+				akov2.GCPPrivateEndpoint{
+					Name: gcpEP.GetEndpointName(),
+					IP:   gcpEP.GetIpAddress(),
+				},
+			)
+		}
+
+		configs = append(
+			configs,
+			akov2.GCPPrivateEndpointConfiguration{
+				// GCP ProjectID is not returned by Atlas and therefore, need to be set by the user after resource is exported
+				ProjectID: "",
+				GroupName: pe.GetEndpointGroupName(),
+				Endpoints: gcpEPs,
+			},
+		)
+	}
+
+	return configs, nil
+}