mongodb · lsierant · Jul 8, 2025 · Jul 4, 2025 · Jul 8, 2025 · Jul 11, 2025
@@ -392,9 +392,9 @@ spec:
             - name: RELATED_IMAGE_MONGODB_IMAGE_8_0_0_ubi9
               value: "quay.io/mongodb/mongodb-enterprise-server:8.0.0-ubi9"
             - name: RELATED_IMAGE_MDB_SEARCH_IMAGE_1_47_0
-              value: "quay.io/mongodb/mongodb-search-community:1.47.0"
+              value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-search-community:1.47.0"
             - name: MDB_SEARCH_COMMUNITY_REPO_URL
-              value: "quay.io/mongodb"
+              value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev"
             - name: MDB_SEARCH_COMMUNITY_NAME
               value: "mongodb-search-community"
             - name: MDB_SEARCH_COMMUNITY_VERSION

@@ -3,6 +3,7 @@ package operator
 import (
 	"context"
 	"fmt"
+	"k8s.io/utils/ptr"
 	"testing"
 
 	"github.com/ghodss/yaml"
@@ -73,21 +74,41 @@ func newSearchReconciler(
 }
 
 func buildExpectedMongotConfig(search *searchv1.MongoDBSearch, mdbc *mdbcv1.MongoDBCommunity) mongot.Config {
-	return mongot.Config{CommunityPrivatePreview: mongot.CommunityPrivatePreview{
-		MongodHostAndPort: fmt.Sprintf(
-			"%s.%s.svc.cluster.local:%d",
-			mdbc.ServiceName(), mdbc.Namespace,
-			mdbc.GetMongodConfiguration().GetDBPort(),
-		),
-		QueryServerAddress: fmt.Sprintf("localhost:%d", search.GetMongotPort()),
-		KeyFilePath:        "/mongot/keyfile/keyfile",
-		DataPath:           "/mongot/data/config.yml",
-		Metrics: mongot.Metrics{
+	return mongot.Config{
+		SyncSource: mongot.ConfigSyncSource{
+			ReplicaSet: mongot.ConfigReplicaSet{
+				HostAndPort:    fmt.Sprintf("%s.%s.svc.cluster.local:%d", mdbc.Name+"-svc", search.Namespace, 27017),
+				Username:       "__system",
+				PasswordFile:   "/tmp/keyfile",
+				TLS:            ptr.To(false),
+				ReadPreference: ptr.To("secondaryPreferred"),
+			},
+		},
+		Storage: mongot.ConfigStorage{
+			DataPath: "/mongot/data/config.yml",
+		},
+		Server: mongot.ConfigServer{
+			Wireproto: &mongot.ConfigWireproto{
+				Address: "0.0.0.0:27027",
+				Authentication: &mongot.ConfigAuthentication{
+					Mode:    "keyfile",
+					KeyFile: "/tmp/keyfile",
+				},
+				TLS: mongot.ConfigTLS{Mode: "disabled"},
+			},
+		},
+		Metrics: mongot.ConfigMetrics{
 			Enabled: true,
-			Address: fmt.Sprintf("localhost:%d", search.GetMongotMetricsPort()),
+			Address: fmt.Sprintf("localhost:%d", searchv1.MongotDefaultMetricsPort),
+		},
+		HealthCheck: mongot.ConfigHealthCheck{
+			Address: "0.0.0.0:8080",
 		},
-		Logging: mongot.Logging{Verbosity: "DEBUG"},
-	}}
+		Logging: mongot.ConfigLogging{
+			Verbosity: "DEBUG",
+			LogPath:   nil,
+		},
+	}
 }
 
 func TestMongoDBSearchReconcile_NotFound(t *testing.T) {

@@ -5,6 +5,7 @@ import (
 	"crypto/sha256"
 	"encoding/base32"
 	"fmt"
+	"k8s.io/utils/ptr"
 	"strings"
 
 	"github.com/blang/semver"
@@ -207,19 +208,41 @@ func buildSearchHeadlessService(search *searchv1.MongoDBSearch) corev1.Service {
 }
 
 func createMongotConfig(search *searchv1.MongoDBSearch, db SearchSourceDBResource) mongot.Config {
-	return mongot.Config{CommunityPrivatePreview: mongot.CommunityPrivatePreview{
-		MongodHostAndPort:  fmt.Sprintf("%s.%s.svc.cluster.local:%d", db.DatabaseServiceName(), db.GetNamespace(), db.DatabasePort()),
-		QueryServerAddress: fmt.Sprintf("localhost:%d", search.GetMongotPort()),
-		KeyFilePath:        "/mongot/keyfile/keyfile",
-		DataPath:           "/mongot/data/config.yml",
-		Metrics: mongot.Metrics{
+	return mongot.Config{
+		SyncSource: mongot.ConfigSyncSource{
+			ReplicaSet: mongot.ConfigReplicaSet{
+				HostAndPort:    fmt.Sprintf("%s.%s.svc.cluster.local:%d", db.DatabaseServiceName(), db.GetNamespace(), db.DatabasePort()),
+				Username:       "__system",
+				PasswordFile:   "/tmp/keyfile",
+				TLS:            ptr.To(false),
+				ReadPreference: ptr.To("secondaryPreferred"),
+			},
+		},
+		Storage: mongot.ConfigStorage{
+			DataPath: "/mongot/data/config.yml",
+		},
+		Server: mongot.ConfigServer{
+			Wireproto: &mongot.ConfigWireproto{
+				Address: "0.0.0.0:27027",
+				Authentication: &mongot.ConfigAuthentication{
+					Mode:    "keyfile",
+					KeyFile: "/tmp/keyfile",
+				},
+				TLS: mongot.ConfigTLS{Mode: "disabled"},
+			},
+		},
+		Metrics: mongot.ConfigMetrics{
 			Enabled: true,
 			Address: fmt.Sprintf("localhost:%d", search.GetMongotMetricsPort()),
 		},
-		Logging: mongot.Logging{
+		HealthCheck: mongot.ConfigHealthCheck{
+			Address: "0.0.0.0:8080",
+		},
+		Logging: mongot.ConfigLogging{
 			Verbosity: "DEBUG",
+			LogPath:   nil,
 		},
-	}}
+	}
 }
 
 func GetMongodConfigParameters(search *searchv1.MongoDBSearch) map[string]interface{} {

@@ -180,7 +180,12 @@ func mongodbSearchContainer(mdbSearch *searchv1.MongoDBSearch, volumeMounts []co
 		container.WithCommand([]string{"sh"}),
 		container.WithArgs([]string{
 			"-c",
-			"/mongot-community/mongot --config /mongot/config/config.yml",
+			`
+cp /mongot/keyfile/keyfile /tmp/keyfile
+chown 2000:2000 /tmp/keyfile
+chmod 0600 /tmp/keyfile
+/mongot-community/mongot --config /mongot/config/config.yml
+`,
 		}),
 		containerSecurityContext,
 	)

@@ -2,7 +2,6 @@
 
 import pytest
 from kubetester.kubetester import fixture as yaml_fixture
-from kubetester.kubetester import skip_if_local
 from kubetester.opsmanager import MongoDBOpsManager
 from kubetester.phase import Phase
 from pytest import fixture
@@ -65,7 +64,6 @@ def test_appdb_monitoring_group_was_created(self, ops_manager: MongoDBOpsManager
     def test_admin_config_map(self, ops_manager: MongoDBOpsManager):
         ops_manager.get_automation_config_tester().reached_version(1)
 
-    @skip_if_local
     def test_om_connectivity(self, ops_manager: MongoDBOpsManager):
         ops_manager.get_om_tester().assert_healthiness()
         # todo check the backing db group, automation config and data integrity
@@ -112,7 +110,6 @@ def test_appdb(self, ops_manager: MongoDBOpsManager, custom_appdb_version: str):
     def test_admin_config_map(self, ops_manager: MongoDBOpsManager):
         ops_manager.get_automation_config_tester().reached_version(2)
 
-    @skip_if_local
     def test_om_connectivity(self, ops_manager: MongoDBOpsManager):
         ops_manager.get_om_tester().assert_healthiness()
 
@@ -139,6 +136,5 @@ def test_appdb(self, ops_manager: MongoDBOpsManager):
     def test_admin_config_map(self, ops_manager: MongoDBOpsManager):
         ops_manager.get_automation_config_tester().reached_version(3)
 
-    @skip_if_local
     def test_om_connectivity(self, ops_manager: MongoDBOpsManager):
         ops_manager.get_om_tester().assert_healthiness()
@@ -25,6 +25,25 @@ spec:
         - name: readWrite
           db: sample_mflix
       scramCredentialsSecretName: my-scram
+    - name: mongot-user
+      db: admin
+      passwordSecretRef: # a reference to the secret that will be used to generate the user's password
+        name: my-user-password
+      roles:
+        - new RoleName("readWriteAnyDatabase", RoleName.ADMIN_DB),
+        - new RoleName("clusterMonitor", RoleName.ADMIN_DB),
+        - new RoleName("readWrite", RoleName.LOCAL_DB),
+        - new RoleName("directShardOperations", RoleName.ADMIN_DB, "7.0"),
+        - new RoleName(NDSDBRole.BYPASS_DEFAULT_MAX_TIME_MS, RoleName.ADMIN_DB, "8.0"));
+        - name: readWriteAnyDatabase
+          db: admin
+        - name: clusterMonitor
+          db: admin
+        - name: readWrite
+          db: local
+        - name: readWrite
+          db: config
+      scramCredentialsSecretName: my-scram
   statefulSet:
     spec:
       template:

@@ -225,7 +225,11 @@ community:
 search:
   community:
     # Full Search container image url used for the MongoDB Community Search container will be constructed as {search.community.repo}/{search.community.name}:{search.community.version}
-    repo: quay.io/mongodb
+#    repo: quay.io/mongodb
+#    name: mongodb-search-community
+#    # default MongoDB Search version used; can be overridden by setting MongoDBSearch.spec.version field.
+#    version: 1.47.0
+    repo: 268558157000.dkr.ecr.us-east-1.amazonaws.com/dev
     name: mongodb-search-community
     # default MongoDB Search version used; can be overridden by setting MongoDBSearch.spec.version field.
     version: 1.47.0
@@ -1,41 +1,67 @@
 package mongot
 
 type Config struct {
-	CommunityPrivatePreview CommunityPrivatePreview `json:"communityPrivatePreview"`
+	SyncSource  ConfigSyncSource  `json:"syncSource"`
+	Storage     ConfigStorage     `json:"storage"`
+	Server      ConfigServer      `json:"server"`
+	Metrics     ConfigMetrics     `json:"metrics"`
+	HealthCheck ConfigHealthCheck `json:"healthCheck"`
+	Logging     ConfigLogging     `json:"logging"`
 }
 
-// CommunityPrivatePreview structure reflects private preview configuration from mongot:
-// https://github.com/10gen/mongot/blob/060ec179af062ac2639678f4a613b8ab02c21597/src/main/java/com/xgen/mongot/config/provider/community/CommunityConfig.java#L100
-// Comments are from the default config file: https://github.com/10gen/mongot/blob/375379e56a580916695a2f53e12fd4a99aa24f0b/deploy/community-resources/config.default.yml#L1-L0
-type CommunityPrivatePreview struct {
-	// Socket (IPv4/6) address of the sync source mongod
-	MongodHostAndPort string `json:"mongodHostAndPort"`
-
-	// Socket (IPv4/6) address on which to listen for wire protocol connections
-	QueryServerAddress string `json:"queryServerAddress"`
+type ConfigSyncSource struct {
+	ReplicaSet ConfigReplicaSet `json:"replicaSet"`
+}
 
-	// Keyfile used for mongod -> mongot authentication
-	KeyFilePath string `json:"keyFilePath"`
+type ConfigReplicaSet struct {
+	HostAndPort    string  `json:"hostAndPort"`
+	Username       string  `json:"username"`
+	PasswordFile   string  `json:"passwordFile"`
+	TLS            *bool   `json:"tls,omitempty"`
+	ReadPreference *string `json:"readPreference,omitempty"`
+}
 
-	// Filesystem path that all mongot data will be stored at
+type ConfigStorage struct {
 	DataPath string `json:"dataPath"`
+}
 
-	// Options for metrics
-	Metrics Metrics `json:"metrics,omitempty"`
+type ConfigServer struct {
+	Wireproto *ConfigWireproto `json:"wireproto,omitempty"`
+}
+
+type ConfigWireproto struct {
+	Address        string                `json:"address"`
+	Authentication *ConfigAuthentication `json:"authentication,omitempty"`
+	TLS            ConfigTLS             `json:"tls"`
+}
 
-	// Options for logging
-	Logging Logging `json:"logging,omitempty"`
+type ConfigAuthentication struct {
+	Mode    string `json:"mode"`
+	KeyFile string `json:"keyFile"`
 }
 
-type Metrics struct {
-	// Whether to enable the Prometheus metrics endpoint
-	Enabled bool `json:"enabled"`
+type ConfigTLSMode string
+
+const (
+	ConfigTLSModeTLS      ConfigTLSMode = "TLS"
+	ConfigTLSModeDisabled ConfigTLSMode = "Disabled"
+)
+
+type ConfigTLS struct {
+	Mode               ConfigTLSMode `json:"mode"`
+	CertificateKeyFile *string       `json:"certificateKeyFile,omitempty"`
+}
+
+type ConfigMetrics struct {
+	Enabled bool   `json:"enabled"`
+	Address string `json:"address"`
+}
 
-	// Socket address (IPv4/6) on which the Prometheus /metrics endpoint will be exposed
+type ConfigHealthCheck struct {
 	Address string `json:"address"`
 }
 
-type Logging struct {
-	// Log level
-	Verbosity string `json:"verbosity"`
+type ConfigLogging struct {
+	Verbosity string  `json:"verbosity"`
+	LogPath   *string `json:"logPath,omitempty"`
 }
@@ -410,7 +410,7 @@ spec:
               value: "ubi8"
             # Community Env Vars End
             - name: MDB_SEARCH_COMMUNITY_REPO_URL
-              value: "quay.io/mongodb"
+              value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev"
             - name: MDB_SEARCH_COMMUNITY_NAME
               value: "mongodb-search-community"
             - name: MDB_SEARCH_COMMUNITY_VERSION

@@ -674,9 +674,9 @@ spec:
             - name: RELATED_IMAGE_MONGODB_IMAGE_8_0_0_ubi9
               value: "quay.io/mongodb/mongodb-enterprise-server:8.0.0-ubi9"
             - name: RELATED_IMAGE_MDB_SEARCH_IMAGE_1_47_0
-              value: "quay.io/mongodb/mongodb-search-community:1.47.0"
+              value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev/mongodb-search-community:1.47.0"
             - name: MDB_SEARCH_COMMUNITY_REPO_URL
-              value: "quay.io/mongodb"
+              value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev"
             - name: MDB_SEARCH_COMMUNITY_NAME
               value: "mongodb-search-community"
             - name: MDB_SEARCH_COMMUNITY_VERSION

@@ -406,7 +406,7 @@ spec:
               value: "ubi8"
             # Community Env Vars End
             - name: MDB_SEARCH_COMMUNITY_REPO_URL
-              value: "quay.io/mongodb"
+              value: "268558157000.dkr.ecr.us-east-1.amazonaws.com/dev"
             - name: MDB_SEARCH_COMMUNITY_NAME
               value: "mongodb-search-community"
             - name: MDB_SEARCH_COMMUNITY_VERSION

@@ -10,3 +10,8 @@ source "${script_dir}/variables/mongodb_latest"
 
 # This variable is needed otherwise the `fetch_om_information.sh` script is called and fails the test
 export OM_EXTERNALLY_CONFIGURED="true"
+
+# Temporary development images built from mongot master
+export MDB_SEARCH_COMMUNITY_VERSION="776d43523d185b6b234289e17c191712a3e6569b"
+export MDB_SEARCH_COMMUNITY_NAME="mongot/community"
+export MDB_SEARCH_COMMUNITY_REPO_URL="268558157000.dkr.ecr.eu-west-1.amazonaws.com"