Add LDAP support to AtlasDatabaseUser (#2334)

Author: tvdw-mongodb

api/v1/atlasdatabaseuser_types.go

@@ -110,6 +110,13 @@ type AtlasDatabaseUserSpec struct {
 	// +kubebuilder:validation:Enum:=NONE;MANAGED;CUSTOMER
 	// +optional
 	X509Type string `json:"x509Type,omitempty"`
+
+	// Part of the Lightweight Directory Access Protocol (LDAP) record that
+	// the database uses to authenticate this database user on the LDAP host.
+	// +kubebuilder:default:=NONE
+	// +kubebuilder:validation:Enum:=NONE;GROUP;USER
+	// +optional
+	LDAPAuthType string `json:"ldapAuthType,omitempty"`
 }
 
 // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object

config/crd/bases/atlas.mongodb.com_atlasdatabaseusers.yaml

@@ -120,6 +120,16 @@ spec:
                   - value
                   type: object
                 type: array
+              ldapAuthType:
+                default: NONE
+                description: |-
+                  Part of the Lightweight Directory Access Protocol (LDAP) record that
+                  the database uses to authenticate this database user on the LDAP host.
+                enum:
+                - NONE
+                - GROUP
+                - USER
+                type: string
               oidcAuthType:
                 default: NONE
                 description: |-

internal/controller/atlasdatabaseuser/databaseuser_test.go

@@ -2116,6 +2116,7 @@ func TestHasChanged(t *testing.T) {
 					OIDCAuthType: "NONE",
 					AWSIAMType:   "NONE",
 					X509Type:     "NONE",
+					LDAPAuthType: "NONE",
 				},
 				ProjectID: "project-id",
 			},
@@ -2126,6 +2127,7 @@ func TestHasChanged(t *testing.T) {
 					OIDCAuthType: "NONE",
 					AWSIAMType:   "NONE",
 					X509Type:     "NONE",
+					LDAPAuthType: "NONE",
 				},
 				ProjectID: "project-id",
 			},
@@ -2141,6 +2143,7 @@ func TestHasChanged(t *testing.T) {
 					OIDCAuthType: "NONE",
 					AWSIAMType:   "NONE",
 					X509Type:     "MANAGED",
+					LDAPAuthType: "NONE",
 				},
 				ProjectID: "project-id",
 			},
@@ -2151,6 +2154,7 @@ func TestHasChanged(t *testing.T) {
 					OIDCAuthType: "NONE",
 					AWSIAMType:   "NONE",
 					X509Type:     "NONE",
+					LDAPAuthType: "NONE",
 				},
 				ProjectID: "project-id",
 			},
@@ -2166,6 +2170,7 @@ func TestHasChanged(t *testing.T) {
 					OIDCAuthType: "NONE",
 					AWSIAMType:   "NONE",
 					X509Type:     "NONE",
+					LDAPAuthType: "NONE",
 				},
 				ProjectID: "project-id",
 			},
@@ -2176,6 +2181,7 @@ func TestHasChanged(t *testing.T) {
 					OIDCAuthType: "NONE",
 					AWSIAMType:   "NONE",
 					X509Type:     "NONE",
+					LDAPAuthType: "NONE",
 				},
 				ProjectID: "project-id",
 			},

internal/translation/dbuser/conversion.go

@@ -133,6 +133,7 @@ func fromAtlas(dbUser *admin.CloudDatabaseUser) (*User, error) {
 			OIDCAuthType:    dbUser.GetOidcAuthType(),
 			AWSIAMType:      dbUser.GetAwsIAMType(),
 			X509Type:        dbUser.GetX509Type(),
+			LDAPAuthType:    dbUser.GetLdapAuthType(),
 		},
 	}
 	if err := normalize(u.AtlasDatabaseUserSpec); err != nil {
@@ -161,6 +162,7 @@ func toAtlas(au *User) (*admin.CloudDatabaseUser, error) {
 		Username:        au.Username,
 		Password:        pointer.MakePtrOrNil(au.Password),
 		OidcAuthType:    pointer.MakePtrOrNil(au.OIDCAuthType),
+		LdapAuthType:    pointer.MakePtrOrNil(au.LDAPAuthType),
 	}, nil
 }
 

internal/translation/dbuser/conversion_test.go

@@ -272,6 +272,7 @@ func TestDiffSpecs(t *testing.T) {
 					spec.OIDCAuthType = "IDP_GROUP"
 					spec.AWSIAMType = "USER"
 					spec.X509Type = "MANAGED"
+					spec.LDAPAuthType = "GROUP"
 					return spec
 				}(),
 			},
@@ -282,6 +283,7 @@ func TestDiffSpecs(t *testing.T) {
 				"oidcAuthType",
 				"awsIamType",
 				"x509Type",
+				"ldapAuthType",
 			},
 		},