tests + lint

Author: filipcirtog

.evergreen-tasks.yml

@@ -585,16 +585,6 @@ tasks:
     commands:
       - func: "e2e_test"
 
-  - name: e2e_sharded_cluster_scram_sha_256_switch_project
-    tags: [ "patch-run" ]
-    commands:
-      - func: "e2e_test"
-
-  - name: e2e_replica_set_scram_sha_256_switch_project
-    tags: [ "patch-run" ]
-    commands:
-      - func: "e2e_test"
-
   - name: e2e_sharded_cluster_scram_sha_1_user_connectivity
     tags: [ "patch-run" ]
     commands:
@@ -700,6 +690,36 @@ tasks:
     commands:
       - func: "e2e_test"
 
+  - name: e2e_sharded_cluster_scram_sha_256_switch_project
+    tags: [ "patch-run" ]
+    commands:
+      - func: "e2e_test"
+
+  - name: e2e_sharded_cluster_scram_sha_1_switch_project
+    tags: [ "patch-run" ]
+    commands:
+      - func: "e2e_test"
+
+  - name: e2e_sharded_cluster_x509_switch_project
+    tags: [ "patch-run" ]
+    commands:
+      - func: "e2e_test"
+
+  - name: e2e_replica_set_scram_sha_256_switch_project
+    tags: [ "patch-run" ]
+    commands:
+      - func: "e2e_test"
+
+  - name: e2e_replica_set_scram_sha_1_switch_project
+    tags: [ "patch-run" ]
+    commands:
+      - func: "e2e_test"
+
+  - name: e2e_replica_set_x509_switch_project
+    tags: [ "patch-run" ]
+    commands:
+      - func: "e2e_test"
+
   # TODO: not used in any variant
   - name: e2e_replica_set_scram_x509_internal_cluster
     tags: [ "patch-run" ]

.evergreen.yml

@@ -710,11 +710,15 @@ task_groups:
       - e2e_replica_set_scram_x509_ic_manual_certs
       - e2e_sharded_cluster_scram_sha_1_upgrade
       - e2e_sharded_cluster_scram_sha_256_user_connectivity
-      - e2e_sharded_cluster_scram_sha_256_switch_project
-      - e2e_replica_set_scram_sha_256_switch_project
       - e2e_sharded_cluster_scram_sha_1_user_connectivity
       - e2e_sharded_cluster_scram_x509_ic_manual_certs
       - e2e_sharded_cluster_external_access
+      - e2e_sharded_cluster_scram_sha_256_switch_project
+      - e2e_sharded_cluster_scram_sha_1_switch_project
+      - e2e_sharded_cluster_x509_switch_project
+      - e2e_replica_set_scram_sha_256_switch_project
+      - e2e_replica_set_scram_sha_1_switch_project
+      - e2e_replica_set_x509_switch_project
       # e2e_auth_transitions_task_group
       - e2e_replica_set_scram_sha_and_x509
       - e2e_replica_set_x509_to_scram_transition

controllers/om/automation_config.go

@@ -20,8 +20,9 @@ import (
 )
 
 // The constants for the authentication secret
-const agentAuthenticationSecretSuffix = "-agent-auth-secret"
-const autoPwdSecretKey = "automation-agent-password"
+const (
+	autoPwdSecretKey = "automation-agent-password"
+)
 
 // AutomationConfig maintains the raw map in the Deployment field
 // and constructs structs to make use of go's type safety
@@ -435,15 +436,21 @@ func (ac *AutomationConfig) EnsureKeyFileContents() error {
 	return nil
 }
 
+// AuthSecretName for a given mdbName (`mdbName`) returns the name of
+// the secret associated with it.
+func AuthSecretName(mdbName string) string {
+	return fmt.Sprintf("%s-agent-auth-secre", mdbName)
+}
+
 // EnsurePassword makes sure that there is an Automation Agent password
 // that the agents will use to communicate with the deployments. The password
 // is returned, so it can be provided to the other agents
 // EnsurePassword makes sure that there is an Automation Agent password
 // that the agents will use to communicate with the deployments. The password
 // is returned, so it can be provided to the other agents.
 func (ac *AutomationConfig) EnsurePassword(k8sClient secret.GetUpdateCreator, ctx context.Context, mdbNamespacedName *types.NamespacedName) (string, error) {
-	secretNamespacedName := client.ObjectKey{Name: mdbNamespacedName.Name + agentAuthenticationSecretSuffix, Namespace: mdbNamespacedName.Namespace}
-
+	secretName := AuthSecretName(mdbNamespacedName.Name)
+	secretNamespacedName := client.ObjectKey{Name: secretName, Namespace: mdbNamespacedName.Namespace}
 	var password string
 
 	data, err := secret.ReadStringData(ctx, k8sClient, secretNamespacedName)

docker/mongodb-kubernetes-tests/tests/authentication/fixtures/switch-project/replica-set-scram-sha-1-switch-project.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: replica-set-scram-sha-1-switch-project
+spec:
+  members: 3
+  version: 5.0.5
+  type: ReplicaSet
+  opsManager:
+    configMapRef:
+      name: my-project
+  credentials: my-credentials
+  logLevel: DEBUG
+  persistent: false
+  security:
+    authentication:
+      agents:
+        # This may look weird, but without it we'll get this from OpsManager:
+        # Cannot configure SCRAM-SHA-1 without using MONGODB-CR in te Agent Mode","reason":"Cannot configure SCRAM-SHA-1 without using MONGODB-CR in te Agent Mode
+        mode: MONGODB-CR
+      enabled: true
+      modes: ["SCRAM-SHA-1", "MONGODB-CR"]

…ca-set-scram-sha-256-switch-project.yaml …ca-set-scram-sha-256-switch-project.yamldocker/mongodb-kubernetes-tests/tests/authentication/fixtures/replica-set-scram-sha-256-switch-project.yaml renamed to docker/mongodb-kubernetes-tests/tests/authentication/fixtures/switch-project/replica-set-scram-sha-256-switch-project.yaml docker/mongodb-kubernetes-tests/tests/authentication/fixtures/replica-set-scram-sha-256-switch-project.yaml renamed to docker/mongodb-kubernetes-tests/tests/authentication/fixtures/switch-project/replica-set-scram-sha-256-switch-project.yaml

@@ -0,0 +1,23 @@
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: replica-set-x509-switch-project
+spec:
+  members: 3
+  version: 4.4.0-ent
+  type: ReplicaSet
+  opsManager:
+    configMapRef:
+      name: my-project
+  credentials: my-credentials
+  logLevel: DEBUG
+  persistent: false
+  security:
+    tls:
+      enabled: true
+    authentication:
+      agents:
+        mode: X509
+      enabled: true
+      modes: ["X509"]

docker/mongodb-kubernetes-tests/tests/authentication/fixtures/switch-project/replica-set-x509-switch-project.yaml

@@ -0,0 +1,26 @@
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: sharded-cluster-scram-sha-1-switch-project
+spec:
+  shardCount: 1
+  type: ShardedCluster
+  mongodsPerShardCount: 1
+  mongosCount: 1
+  configServerCount: 1
+  version: 5.0.5
+  opsManager:
+    configMapRef:
+      name: my-project
+  credentials: my-credentials
+  logLevel: DEBUG
+  persistent: true
+  security:
+    authentication:
+      agents:
+        # This may look weird, but without it we'll get this from OpsManager:
+        # Cannot configure SCRAM-SHA-1 without using MONGODB-CR in te Agent Mode","reason":"Cannot configure SCRAM-SHA-1 without using MONGODB-CR in te Agent Mode
+        mode: MONGODB-CR
+      enabled: true
+      modes: ["SCRAM-SHA-1", "MONGODB-CR"]

docker/mongodb-kubernetes-tests/tests/authentication/fixtures/switch-project/sharded-cluster-scram-sha-1-switch-project.yaml

@@ -0,0 +1,27 @@
+---
+apiVersion: mongodb.com/v1
+kind: MongoDB
+metadata:
+  name: sharded-cluster-x509-switch-project
+spec:
+  shardCount: 1
+  mongodsPerShardCount: 1
+  mongosCount: 1
+  configServerCount: 1
+  version: 4.4.0-ent
+  type: ShardedCluster
+
+  opsManager:
+    configMapRef:
+      name: my-project
+  credentials: my-credentials
+
+  persistent: true
+  security:
+    tls:
+      enabled: true
+    authentication:
+      agents:
+        mode: X509
+      enabled: true
+      modes: ["X509"]

…luster-scram-sha-256-switch-project.yaml …luster-scram-sha-256-switch-project.yamldocker/mongodb-kubernetes-tests/tests/authentication/fixtures/sharded-cluster-scram-sha-256-switch-project.yaml renamed to docker/mongodb-kubernetes-tests/tests/authentication/fixtures/switch-project/sharded-cluster-scram-sha-256-switch-project.yaml docker/mongodb-kubernetes-tests/tests/authentication/fixtures/sharded-cluster-scram-sha-256-switch-project.yaml renamed to docker/mongodb-kubernetes-tests/tests/authentication/fixtures/switch-project/sharded-cluster-scram-sha-256-switch-project.yaml

@@ -0,0 +1,110 @@
+import pytest
+from kubetester import create_or_update_configmap, random_k8s_name, read_configmap
+from kubetester.kubetester import KubernetesTester
+from kubetester.kubetester import fixture as load_fixture
+from kubetester.mongodb import MongoDB
+from kubetester.mongotester import ReplicaSetTester
+from kubetester.phase import Phase
+
+# Constants
+MDB_RESOURCE_NAME = "replica-set-scram-sha-1-switch-project"
+MDB_FIXTURE_NAME = MDB_RESOURCE_NAME
+
+CONFIG_MAP_KEYS = {
+    "BASE_URL": "baseUrl",
+    "PROJECT_NAME": "projectName",
+    "ORG_ID": "orgId",
+}
+
+
+@pytest.fixture(scope="module")
+def replica_set(namespace: str) -> MongoDB:
+    """
+    Fixture to initialize the MongoDB resource for the replica set.
+
+    Dynamically updates the resource configuration based on the test context.
+    """
+    resource = MongoDB.from_yaml(load_fixture(f"switch-project/{MDB_FIXTURE_NAME}.yaml"), namespace=namespace)
+    return resource
+
+
+@pytest.fixture(scope="module")
+def project_name_prefix(namespace: str) -> str:
+    """
+    Generates a random Kubernetes project name prefix based on the namespace.
+
+    Ensures test isolation in a multi-namespace test environment.
+    """
+    return random_k8s_name(f"{namespace}-project-")
+
+
+@pytest.mark.e2e_replica_set_scram_sha_1_switch_project
+class TestReplicaSetCreationAndProjectSwitch(KubernetesTester):
+    """
+    E2E test suite for replica set creation, user connectivity with SCRAM-SHA-1 authentication and switching Ops Manager project reference.
+    """
+
+    def test_create_replica_set(self, custom_mdb_version: str, replica_set: MongoDB):
+        """
+        Test replica set creation ensuring resources are applied correctly and set reaches Running phase.
+        """
+        replica_set.set_version(custom_mdb_version)
+        replica_set.update()
+        replica_set.assert_reaches_phase(Phase.Running, timeout=600)
+
+    def test_replica_set_connectivity(self):
+        """
+        Verify connectivity to the original replica set.
+        """
+        ReplicaSetTester(MDB_RESOURCE_NAME, 3).assert_connectivity()
+
+    def test_ops_manager_state_correctly_updated_in_initial_replica_set(self, replica_set: MongoDB):
+        """
+        Ensure Ops Manager state is correctly updated in the original replica set.
+        """
+        tester = replica_set.get_automation_config_tester()
+        tester.assert_authentication_mechanism_enabled("MONGODB-CR")
+        tester.assert_authoritative_set(True)
+        tester.assert_authentication_enabled(2)
+        tester.assert_expected_users(0)
+
+    def test_switch_replica_set_project(
+        self, custom_mdb_version: str, replica_set: MongoDB, namespace: str, project_name_prefix: str
+    ):
+        """
+        Modify the replica set to switch its Ops Manager reference to a new project and verify lifecycle.
+        """
+        original_configmap = read_configmap(namespace=namespace, name="my-project")
+        new_project_name = f"{project_name_prefix}-second"
+        new_project_configmap = create_or_update_configmap(
+            namespace=namespace,
+            name=new_project_name,
+            data={
+                CONFIG_MAP_KEYS["BASE_URL"]: original_configmap[CONFIG_MAP_KEYS["BASE_URL"]],
+                CONFIG_MAP_KEYS["PROJECT_NAME"]: new_project_name,
+                CONFIG_MAP_KEYS["ORG_ID"]: original_configmap[CONFIG_MAP_KEYS["ORG_ID"]],
+            },
+        )
+
+        replica_set.load()
+        replica_set["spec"]["opsManager"]["configMapRef"]["name"] = new_project_configmap
+        replica_set.set_version(custom_mdb_version)
+        replica_set.update()
+
+        replica_set.assert_reaches_phase(Phase.Running, timeout=600)
+
+    def test_moved_replica_set_connectivity(self):
+        """
+        Verify connectivity to the replica set after switching projects.
+        """
+        ReplicaSetTester(MDB_RESOURCE_NAME, 3).assert_connectivity()
+
+    def test_ops_manager_state_correctly_updated_in_moved_replica_set(self, replica_set: MongoDB):
+        """
+        Ensure Ops Manager state is correctly updated in the moved replica set after the project switch.
+        """
+        tester = replica_set.get_automation_config_tester()
+        tester.assert_authentication_mechanism_enabled("MONGODB-CR")
+        tester.assert_authoritative_set(True)
+        tester.assert_authentication_enabled(2)
+        tester.assert_expected_users(0)