CLOUDP-314903 [OIDC] CRD Config Propagation to Automation Config #60

MaciejKaras · 2025-04-29T15:40:20Z

Summary

Core Functionality Enhancements:

Added a new authentication mechanism, MongoDB-OIDC, to the list of supported mechanisms in the authentication_mechanism.go file.
Introduced the OIDCProviderConfigs field in the AutomationConfig struct and implemented logic to merge and apply OIDC configurations into the deployment in the automation_config.go file.
Removed default value for groupClaim because the value groups can result in hard to debug misconfiguration.

API and Configuration Updates:

Added the IsOIDCEnabled() method in the Security struct and AuthResource interface to check if OIDC is enabled.
Updated the Options struct in the authentication.go file to include OIDCProviderConfigs.

Test Coverage:

Added comprehensive test cases for OIDC provider configurations in automation_config_test.go, including scenarios for merging, clearing, and modifying configurations.
Updated the TestAutomationConfigEquality test to include OIDC provider configurations.

JSON Configuration Example:

Updated the automation_config.json test data file to include sample OIDC provider configurations for testing purposes.

Proof of Work

Checklist

Have you linked a jira ticket and/or is the ticket in the title?
Have you checked whether your jira ticket required DOCSP changes?
Have you checked for release_note changes?

Reminder (Please remove this when merging)

Please try to Approve or Reject Changes the PR, keep PRs in review as short as possible
Our Short Guide for PRs: Link
Remember the following Communication Standards - use comment prefixes for clarity:
- blocking: Must be addressed before approval.
- follow-up: Can be addressed in a later PR or ticket.
- q: Clarifying question.
- nit: Non-blocking suggestions.
- note: Side-note, non-actionable. Example: Praise
- --> no prefix is considered a question

…-crd-validations

…rd-propagation

…-crd-propagation # Conflicts: # controllers/operator/authentication/authentication_mechanism.go

…-propagation

mircea-cosbuc

LGTM, I think my comments just require clarification rather than changes.

api/v1/mdb/mongodb_types.go

controllers/om/automation_config.go

controllers/om/automation_config_test.go

controllers/om/automation_config.go

docker/mongodb-kubernetes-tests/tests/webhooks/fixtures/invalid_oidc_mongodb_community.yaml

docker/mongodb-kubernetes-tests/tests/webhooks/e2e_mongodb_validation_webhook.py

controllers/operator/authentication/oidc.go

controllers/operator/authentication/oidc_test.go

lsierant

I've left few comments: most are minor, but I've put a blocking one regarding MergoDelete.
I also miss a bit a proper e2e test verifying the automation config changes in a real world scenario.

anandsyncs · 2025-06-02T06:27:16Z

evergreen retry

# Conflicts: # api/v1/mdb/mongodb_types.go

lsierant

LGTM! Great work 👏

MaciejKaras added 16 commits April 27, 2025 13:35

CRD changes

f0b6a96

Authorization package refactor - part 1

d344589

Authorization package refactor - part 2

99479f1

Added validation logic + tests

7c23143

Add URL test validation

8cba1c1

Fixed MDB Multi code

2528892

Merge branch 'feature/mk-authorization-refactor' into feature/mk-oidc…

1eaf9ab

…-crd-validations

Propagating CRD values

6d27458

Moved OIDCProviderConfigs to Deployment.Auth where it belongs

81e6107

Fixed migrating to mongodb-kubernetes repository

024fa63

Fixed unit tests + CRD generation

7a53fd7

Add unit tests

97a5c99

Temporal fix for AC

6dd4976

Fix kubebuilder validation rules

8b34222

Fixes for util.ParseURL

1cbe97a

Proper OIDC AC merging

0ce0874

MaciejKaras force-pushed the feature/mk-oidc-crd-propagation branch from cad403d to 0ce0874 Compare April 30, 2025 07:46

MaciejKaras and others added 13 commits April 30, 2025 09:51

Unit test fixes

e4cfb11

Fixed issue with disabling OIDC

1667045

Resolve review comments

e882a8c

Added getMechanismByName() func and removed global variables

8f5ff0a

Review fixes

e533976

Merge branch 'master' into feature/mk-oidc-crd-validations

279886f

Add one more validation test

a8306a7

Merge branch 'master' into feature/mk-authorization-refactor

866d6ae

Merge branch 'feature/mk-oidc-crd-validations' into feature/mk-oidc-c…

09e4628

…rd-propagation

Merge branch 'feature/mk-authorization-refactor' into feature/mk-oidc…

23de25e

…-crd-propagation # Conflicts: # controllers/operator/authentication/authentication_mechanism.go

Fix bug

bcc1136

Merge remote-tracking branch 'origin/master' into feature/mk-oidc-crd…

2c08662

…-propagation

Fix linter

68750a4

Merge branch 'master' into feature/mk-oidc-crd-propagation

5df3e5c

anandsyncs self-requested a review May 27, 2025 14:38

mircea-cosbuc approved these changes May 28, 2025

View reviewed changes

api/v1/mdb/mongodb_types.go Show resolved Hide resolved

controllers/om/automation_config.go Outdated Show resolved Hide resolved

controllers/om/automation_config_test.go Show resolved Hide resolved

anandsyncs and others added 2 commits May 28, 2025 14:17

Update controllers/operator/authentication/oidc.go

aad26e6

fix typo

05903d5

vinilage approved these changes May 28, 2025

View reviewed changes