CLOUDP-280012: Add http dry run transport for Atlas

internal/controller/atlas/provider.go

@@ -8,16 +8,18 @@ import (
 	"runtime"
 	"strings"
 
-	"go.mongodb.org/atlas-sdk/v20231115008/admin"
+	"github.com/mongodb-forks/digest"
+	adminv20231115008 "go.mongodb.org/atlas-sdk/v20231115008/admin"
 	adminv20241113001 "go.mongodb.org/atlas-sdk/v20241113001/admin"
 	"go.mongodb.org/atlas/mongodbatlas"
 	"go.uber.org/zap"
 	corev1 "k8s.io/api/core/v1"
+	"k8s.io/client-go/tools/record"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
-	//v20241113001
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/api"
 	akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1"
+	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/dryrun"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/httputil"
 	"github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/version"
 )
@@ -31,21 +33,22 @@ const (
 
 type Provider interface {
 	Client(ctx context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*mongodbatlas.Client, string, error)
-	SdkClient(ctx context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*admin.APIClient, string, error)
+	SdkClient(ctx context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*adminv20231115008.APIClient, string, error)
 	SdkClientSet(ctx context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*ClientSet, string, error)
 	IsCloudGov() bool
 	IsResourceSupported(resource api.AtlasCustomResource) bool
 }
 
 type ClientSet struct {
-	//SdkClient20231115008 *admin.APIClient
+	SdkClient20231115008 *adminv20231115008.APIClient
 	SdkClient20241113001 *adminv20241113001.APIClient
 }
 
 type ProductionProvider struct {
 	k8sClient       client.Client
 	domain          string
 	globalSecretRef client.ObjectKey
+	dryRunRecorder  record.EventRecorder
 }
 
 type credentialsSecret struct {
@@ -54,11 +57,12 @@ type credentialsSecret struct {
 	PrivateKey string
 }
 
-func NewProductionProvider(atlasDomain string, globalSecretRef client.ObjectKey, k8sClient client.Client) *ProductionProvider {
+func NewProductionProvider(atlasDomain string, globalSecretRef client.ObjectKey, k8sClient client.Client, dryRunRecorder record.EventRecorder) *ProductionProvider {
 	return &ProductionProvider{
 		k8sClient:       k8sClient,
 		domain:          atlasDomain,
 		globalSecretRef: globalSecretRef,
+		dryRunRecorder:  dryRunRecorder,
 	}
 }
 
@@ -111,7 +115,9 @@ func (p *ProductionProvider) Client(ctx context.Context, secretRef *client.Objec
 		httputil.Digest(secretData.PublicKey, secretData.PrivateKey),
 		httputil.LoggingTransport(log),
 	}
-	httpClient, err := httputil.DecorateClient(&http.Client{Transport: http.DefaultTransport}, clientCfg...)
+
+	transport := p.newDryRunTransport(http.DefaultTransport)
+	httpClient, err := httputil.DecorateClient(&http.Client{Transport: transport}, clientCfg...)
 	if err != nil {
 		return nil, "", err
 	}
@@ -121,48 +127,58 @@ func (p *ProductionProvider) Client(ctx context.Context, secretRef *client.Objec
 	return c, secretData.OrgID, err
 }
 
-func (p *ProductionProvider) SdkClient(ctx context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*admin.APIClient, string, error) {
-	secretData, err := getSecrets(ctx, p.k8sClient, secretRef, &p.globalSecretRef)
+func (p *ProductionProvider) SdkClient(ctx context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*adminv20231115008.APIClient, string, error) {
+	clientSet, orgID, err := p.SdkClientSet(ctx, secretRef, log)
 	if err != nil {
 		return nil, "", err
 	}
 
-	// TODO review we need add a custom logger to http client
-	//httpClientWithCustomLogger := http.DefaultClient
-	//err = httputil.LoggingTransport(log)(http.DefaultClient)
-	//if err != nil {
-	//	return nil, "", err
-	//}
+	// Special case: SdkClient only returns the v20231115008 client.
+	return clientSet.SdkClient20231115008, orgID, nil
+}
 
-	c, err := NewClient(p.domain, secretData.PublicKey, secretData.PrivateKey)
+func (p *ProductionProvider) SdkClientSet(ctx context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*ClientSet, string, error) {
+	secretData, err := getSecrets(ctx, p.k8sClient, secretRef, &p.globalSecretRef)
 	if err != nil {
 		return nil, "", err
 	}
 
-	return c, secretData.OrgID, nil
-}
+	var transport http.RoundTripper = digest.NewTransport(secretData.PublicKey, secretData.PrivateKey)
+	transport = p.newDryRunTransport(transport)
+	transport = httputil.NewLoggingTransport(log, false, transport)
 
-func (p *ProductionProvider) SdkClientSet(ctx context.Context, secretRef *client.ObjectKey, log *zap.SugaredLogger) (*ClientSet, string, error) {
-	secretData, err := getSecrets(ctx, p.k8sClient, secretRef, &p.globalSecretRef)
+	httpClient := &http.Client{Transport: transport}
+
+	clientv20231115008, err := adminv20231115008.NewClient(
+		adminv20231115008.UseBaseURL(p.domain),
+		adminv20231115008.UseHTTPClient(httpClient),
+		adminv20231115008.UseUserAgent(operatorUserAgent()))
 	if err != nil {
 		return nil, "", err
 	}
 
-	// Instead of constantly extending the interface above, consider grouping all SDK Clients here
-	// New SDK (v20241113001) SDK
-	c2024, err := adminv20241113001.NewClient(
+	clientv20241113001, err := adminv20241113001.NewClient(
 		adminv20241113001.UseBaseURL(p.domain),
-		adminv20241113001.UseDigestAuth(secretData.PublicKey, secretData.PrivateKey),
+		adminv20241113001.UseHTTPClient(httpClient),
 		adminv20241113001.UseUserAgent(operatorUserAgent()))
 	if err != nil {
 		return nil, "", err
 	}
 
 	return &ClientSet{
-		SdkClient20241113001: c2024,
+		SdkClient20231115008: clientv20231115008,
+		SdkClient20241113001: clientv20241113001,
 	}, secretData.OrgID, nil
 }
 
+func (p *ProductionProvider) newDryRunTransport(delegate http.RoundTripper) http.RoundTripper {
+	if p.dryRunRecorder == nil {
+		return delegate
+	}
+
+	return dryrun.NewDryRunTransport(p.dryRunRecorder, delegate)
+}
+
 func getSecrets(ctx context.Context, k8sClient client.Client, secretRef, fallbackRef *client.ObjectKey) (*credentialsSecret, error) {
 	if secretRef == nil {
 		secretRef = fallbackRef

internal/controller/atlas/provider_test.go

@@ -43,7 +43,7 @@ func TestProvider_Client(t *testing.T) {
 		Build()
 
 	t.Run("should return Atlas API client and organization id using global secret", func(t *testing.T) {
-		p := NewProductionProvider("https://cloud.mongodb.com/", client.ObjectKey{Name: "api-secret", Namespace: "default"}, k8sClient)
+		p := NewProductionProvider("https://cloud.mongodb.com/", client.ObjectKey{Name: "api-secret", Namespace: "default"}, k8sClient, nil)
 
 		c, id, err := p.Client(context.Background(), nil, zaptest.NewLogger(t).Sugar())
 		assert.NoError(t, err)
@@ -52,7 +52,7 @@ func TestProvider_Client(t *testing.T) {
 	})
 
 	t.Run("should return Atlas API client and organization id using connection secret", func(t *testing.T) {
-		p := NewProductionProvider("https://cloud.mongodb.com/", client.ObjectKey{Name: "global-secret", Namespace: "default"}, k8sClient)
+		p := NewProductionProvider("https://cloud.mongodb.com/", client.ObjectKey{Name: "global-secret", Namespace: "default"}, k8sClient, nil)
 
 		c, id, err := p.Client(context.Background(), &client.ObjectKey{Name: "api-secret", Namespace: "default"}, zaptest.NewLogger(t).Sugar())
 		assert.NoError(t, err)
@@ -63,17 +63,17 @@ func TestProvider_Client(t *testing.T) {
 
 func TestProvider_IsCloudGov(t *testing.T) {
 	t.Run("should return false for invalid domain", func(t *testing.T) {
-		p := NewProductionProvider("http://x:namedport", client.ObjectKey{}, nil)
+		p := NewProductionProvider("http://x:namedport", client.ObjectKey{}, nil, nil)
 		assert.False(t, p.IsCloudGov())
 	})
 
 	t.Run("should return false for commercial Atlas domain", func(t *testing.T) {
-		p := NewProductionProvider("https://cloud.mongodb.com/", client.ObjectKey{}, nil)
+		p := NewProductionProvider("https://cloud.mongodb.com/", client.ObjectKey{}, nil, nil)
 		assert.False(t, p.IsCloudGov())
 	})
 
 	t.Run("should return true for Atlas for government domain", func(t *testing.T) {
-		p := NewProductionProvider("https://cloud.mongodbgov.com/", client.ObjectKey{}, nil)
+		p := NewProductionProvider("https://cloud.mongodbgov.com/", client.ObjectKey{}, nil, nil)
 		assert.True(t, p.IsCloudGov())
 	})
 }
@@ -164,7 +164,7 @@ func TestProvider_IsResourceSupported(t *testing.T) {
 
 	for desc, data := range dataProvider {
 		t.Run(desc, func(t *testing.T) {
-			p := NewProductionProvider(data.domain, client.ObjectKey{}, nil)
+			p := NewProductionProvider(data.domain, client.ObjectKey{}, nil, nil)
 			assert.Equal(t, data.expectation, p.IsResourceSupported(data.resource))
 		})
 	}

internal/httputil/loggedclient.go

@@ -18,6 +18,14 @@ func LoggingTransport(log *zap.SugaredLogger) ClientOpt {
 	}
 }
 
+func NewLoggingTransport(log *zap.SugaredLogger, logBody bool, delegate http.RoundTripper) http.RoundTripper {
+	return &loggedRoundTripper{
+		rt:      delegate,
+		log:     log,
+		logBody: logBody,
+	}
+}
+
 type loggedRoundTripper struct {
 	rt      http.RoundTripper
 	log     *zap.SugaredLogger

internal/operator/builder.go

@@ -218,7 +218,7 @@ func (b *Builder) Build(ctx context.Context) (manager.Manager, error) {
 	}
 
 	if b.atlasProvider == nil {
-		b.atlasProvider = atlas.NewProductionProvider(b.atlasDomain, b.apiSecret, mgr.GetClient())
+		b.atlasProvider = atlas.NewProductionProvider(b.atlasDomain, b.apiSecret, mgr.GetClient(), nil)
 	}
 
 	projectReconciler := atlasproject.NewAtlasProjectReconciler(