CLOUDP-314920 Telemetry for Custom Roles

MaciejKaras · MaciejKaras · commit 30cead725b46 · 2025-06-10T13:35:13.000+02:00
diff --git a/go.mod b/go.mod
@@ -13,8 +13,6 @@ require (
 	github.com/hashicorp/go-retryablehttp v0.7.7
 	github.com/hashicorp/vault/api v1.16.0
 	github.com/imdario/mergo v0.3.15
-	github.com/onsi/ginkgo/v2 v2.17.1
-	github.com/onsi/gomega v1.32.0
 	github.com/pkg/errors v0.9.1
 	github.com/prometheus/client_golang v1.22.0
 	github.com/r3labs/diff/v3 v3.0.1
@@ -56,15 +54,13 @@ require (
 	github.com/go-openapi/jsonpointer v0.19.6 // indirect
 	github.com/go-openapi/jsonreference v0.20.2 // indirect
 	github.com/go-openapi/swag v0.22.3 // indirect
-	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.4 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/gnostic-models v0.6.8 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
diff --git a/go.sum b/go.sum
@@ -10,9 +10,6 @@ github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK3
 github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE=
 github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=
 github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
-github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
-github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
-github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -113,7 +110,6 @@ github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T
 github.com/hashicorp/vault/api v1.16.0 h1:nbEYGJiAPGzT9U4oWgaaB0g+Rj8E59QuHKyA5LhwQN4=
 github.com/hashicorp/vault/api v1.16.0/go.mod h1:KhuUhzOD8lDSk29AtzNjgAu2kxRA9jL9NAbkFlqvkBA=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
-github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/imdario/mergo v0.3.15 h1:M8XP7IuFNsqUx6VPK2P9OSmsYsI/YFaGil0uD21V3dM=
 github.com/imdario/mergo v0.3.15/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY=
 github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
@@ -288,7 +284,6 @@ golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190904154756-749cb33beabd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191005200804-aed5e4c7ecf9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191120155948-bd437916bb0e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
-golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200323222414-85ca7c5b95cd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
diff --git a/pkg/telemetry/collector.go b/pkg/telemetry/collector.go
@@ -227,6 +227,7 @@ func getMdbEvents(ctx context.Context, operatorClusterClient kubeclient.Client,
 				Type:                     string(item.Spec.GetResourceType()),
 				IsRunningEnterpriseImage: images.IsEnterpriseImage(imageURL),
 				ExternalDomains:          getExternalDomainProperty(item),
+				CustomRoles:              getCustomRoles(item.Spec.Security),
 				AuthenticationModes:      getAuthenticationModes(item.Spec.Security),
 				AuthenticationAgentMode:  getAuthenticationAgentMode(item.Spec.Security),
 			}
@@ -267,6 +268,7 @@ func addMultiEvents(ctx context.Context, operatorClusterClient kubeclient.Client
 			Type:                     string(item.Spec.GetResourceType()),
 			IsRunningEnterpriseImage: images.IsEnterpriseImage(imageURL),
 			ExternalDomains:          getExternalDomainPropertyForMongoDBMulti(item),
+			CustomRoles:              getCustomRoles(item.Spec.Security),
 			AuthenticationModes:      getAuthenticationModes(item.Spec.Security),
 			AuthenticationAgentMode:  getAuthenticationAgentMode(item.Spec.Security),
 		}
@@ -531,6 +533,28 @@ func isExternalDomainSpecifiedInClusterSpecList(clusterSpecList mdbv1.ClusterSpe
 	return clusterSpecList.IsExternalDomainSpecifiedInClusterSpecList()
 }
 
+const (
+	CustomRoleNone       = "None"
+	CustomRoleEmbedded   = "Embedded"
+	CustomRoleReferenced = "Referenced"
+)
+
+func getCustomRoles(security *mdbv1.Security) string {
+	if security == nil {
+		return CustomRoleNone
+	}
+
+	if len(security.Roles) > 0 {
+		return CustomRoleEmbedded
+	}
+
+	if len(security.RoleRefs) > 0 {
+		return CustomRoleReferenced
+	}
+
+	return CustomRoleNone
+}
+
 func getAuthenticationModes(security *mdbv1.Security) []string {
 	if security == nil || security.Authentication == nil {
 		return nil
diff --git a/pkg/telemetry/collector_test.go b/pkg/telemetry/collector_test.go
@@ -70,6 +70,7 @@ func TestCollectDeploymentsSnapshot(t *testing.T) {
 					"type":                     "ReplicaSet",
 					"IsRunningEnterpriseImage": false,
 					"externalDomains":          ExternalDomainNone,
+					"customRoles":              CustomRoleNone,
 					"authenticationModeLDAP":   true,
 					"authenticationModeOIDC":   true,
 					"authenticationModeSCRAM":  true,
@@ -109,6 +110,7 @@ func TestCollectDeploymentsSnapshot(t *testing.T) {
 					"type":                     "ReplicaSet",
 					"IsRunningEnterpriseImage": false,
 					"externalDomains":          ExternalDomainNone,
+					"customRoles":              CustomRoleNone,
 					"authenticationModeSCRAM":  true,
 					"authenticationAgentMode":  util.SCRAM,
 				},
@@ -921,6 +923,139 @@ func TestCollectDeploymentsSnapshot(t *testing.T) {
 				},
 			},
 		},
+		"custom roles test": {
+			objects: []client.Object{
+				&mdbv1.MongoDB{
+					Spec: mdbv1.MongoDbSpec{
+						DbCommonSpec: mdbv1.DbCommonSpec{
+							ResourceType: mdbv1.ReplicaSet,
+							Security:     &mdbv1.Security{},
+						},
+					}, ObjectMeta: metav1.ObjectMeta{
+						UID:  "be4bacfc-fb41-4e29-b7d1-712460ed908c",
+						Name: "test-rs-no-roles",
+					},
+				},
+				&mdbv1.MongoDB{
+					Spec: mdbv1.MongoDbSpec{
+						DbCommonSpec: mdbv1.DbCommonSpec{
+							ResourceType: mdbv1.ReplicaSet,
+							Security: &mdbv1.Security{
+								Roles: []mdbv1.MongoDBRole{
+									{
+										Role: "test-role1",
+										Db:   "admin",
+										Privileges: []mdbv1.Privilege{
+											{
+												Actions: []string{"action1", "action2"},
+											},
+										},
+									},
+								},
+							},
+						},
+					}, ObjectMeta: metav1.ObjectMeta{
+						UID:  "c20a7cf1-a12d-4cee-a87e-7f61aa2bd878",
+						Name: "test-rs-embedded-roles",
+					},
+				},
+				&mdbv1.MongoDB{
+					Spec: mdbv1.MongoDbSpec{
+						DbCommonSpec: mdbv1.DbCommonSpec{
+							ResourceType: mdbv1.ReplicaSet,
+							Security: &mdbv1.Security{
+								RoleRefs: []mdbv1.MongoDBRoleRef{
+									{
+										Name: "test-role",
+										Kind: "ClusterMongoDBRole",
+									},
+								},
+							},
+						},
+					}, ObjectMeta: metav1.ObjectMeta{
+						UID:  "97822e48-fb51-4ba5-9993-26841b44a7a3",
+						Name: "test-rs-ref-roles",
+					},
+				},
+				&mdbmulti.MongoDBMultiCluster{
+					Spec: mdbmulti.MongoDBMultiSpec{
+						DbCommonSpec: mdbv1.DbCommonSpec{
+							ResourceType: mdbv1.ReplicaSet,
+						},
+					}, ObjectMeta: metav1.ObjectMeta{
+						UID:  "17e352f7-dcd1-4bfa-bc12-a2f4e637477b",
+						Name: "test-mrs-no-roles",
+					},
+				},
+				&mdbmulti.MongoDBMultiCluster{
+					Spec: mdbmulti.MongoDBMultiSpec{
+						DbCommonSpec: mdbv1.DbCommonSpec{
+							ResourceType: mdbv1.ReplicaSet,
+							Security: &mdbv1.Security{
+								Roles: []mdbv1.MongoDBRole{
+									{
+										Role: "test-role1",
+										Db:   "admin",
+										Privileges: []mdbv1.Privilege{
+											{
+												Actions: []string{"action1", "action2"},
+											},
+										},
+									},
+								},
+							},
+						},
+					}, ObjectMeta: metav1.ObjectMeta{
+						UID:  "71368077-ea95-4564-acd6-09ec573fdf61",
+						Name: "test-mrs-embedded-roles",
+					},
+				},
+				&mdbmulti.MongoDBMultiCluster{
+					Spec: mdbmulti.MongoDBMultiSpec{
+						DbCommonSpec: mdbv1.DbCommonSpec{
+							ResourceType: mdbv1.ReplicaSet,
+							Security: &mdbv1.Security{
+								RoleRefs: []mdbv1.MongoDBRoleRef{
+									{
+										Name: "test-role",
+										Kind: "ClusterMongoDBRole",
+									},
+								},
+							},
+						},
+					}, ObjectMeta: metav1.ObjectMeta{
+						UID:  "a8a28c8a-6226-44fc-a8cd-e66a6942ffbd",
+						Name: "test-mrs-ref-roles",
+					},
+				},
+			},
+			expectedEventsWithProperties: []map[string]any{
+				{
+					"deploymentUID": "be4bacfc-fb41-4e29-b7d1-712460ed908c",
+					"customRoles":   CustomRoleNone,
+				},
+				{
+					"deploymentUID": "c20a7cf1-a12d-4cee-a87e-7f61aa2bd878",
+					"customRoles":   CustomRoleEmbedded,
+				},
+				{
+					"deploymentUID": "97822e48-fb51-4ba5-9993-26841b44a7a3",
+					"customRoles":   CustomRoleReferenced,
+				},
+				{
+					"deploymentUID": "17e352f7-dcd1-4bfa-bc12-a2f4e637477b",
+					"customRoles":   CustomRoleNone,
+				},
+				{
+					"deploymentUID": "71368077-ea95-4564-acd6-09ec573fdf61",
+					"customRoles":   CustomRoleEmbedded,
+				},
+				{
+					"deploymentUID": "a8a28c8a-6226-44fc-a8cd-e66a6942ffbd",
+					"customRoles":   CustomRoleReferenced,
+				},
+			},
+		},
 	}
 
 	for name, test := range tests {
diff --git a/pkg/telemetry/types.go b/pkg/telemetry/types.go
@@ -49,6 +49,7 @@ type DeploymentUsageSnapshotProperties struct {
 	Type                     string   `json:"type"` // RS, SC, OM, Single
 	IsRunningEnterpriseImage bool     `json:"IsRunningEnterpriseImage"`
 	ExternalDomains          string   `json:"externalDomains"`                   // None, Uniform, ClusterSpecific, Mixed
+	CustomRoles              string   `json:"customRoles,omitempty"`             // Custom roles used 	// None, Uniform, ClusterSpecific, Mixed
 	AuthenticationAgentMode  string   `json:"authenticationAgentMode,omitempty"` // Agent authentication mode
 	AuthenticationModes      []string `json:"-"`                                 // Deployment authentication modes
 }

Original file line number	Diff line number	Diff line change
`@@ -49,6 +49,7 @@ type DeploymentUsageSnapshotProperties struct {`
`49`	`49`	Type string `json:"type"` // RS, SC, OM, Single
`50`	`50`	IsRunningEnterpriseImage bool `json:"IsRunningEnterpriseImage"`
`51`	`51`	ExternalDomains string `json:"externalDomains"` // None, Uniform, ClusterSpecific, Mixed
	`52`	+ CustomRoles string `json:"customRoles,omitempty"` // Custom roles used // None, Uniform, ClusterSpecific, Mixed
`52`	`53`	AuthenticationAgentMode string `json:"authenticationAgentMode,omitempty"` // Agent authentication mode
`53`	`54`	AuthenticationModes []string `json:"-"` // Deployment authentication modes
`54`	`55`	`}`