add custom agent path code#804
Draft
nammn wants to merge 13 commits intovm-migration-feature-branchfrom
Draft
Conversation
Bumps [cryptography](https://github.com/pyca/cryptography) from 46.0.4 to 46.0.5. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst">cryptography's changelog</a>.</em></p> <blockquote> <p>46.0.5 - 2026-02-10</p> <pre><code> * An attacker could create a malicious public key that reveals portions of your private key when using certain uncommon elliptic curves (binary curves). This version now includes additional security checks to prevent this attack. This issue only affects binary elliptic curves, which are rarely used in real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and Atuin Automated Vulnerability Discovery Engine** for reporting the issue. **CVE-2026-26007** * Support for ``SECT*`` binary elliptic curves is deprecated and will be removed in the next release. <p>.. v46-0-4:<br /> </code></pre></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pyca/cryptography/commit/06e120e682cb200e3f7050c02f0bcdac90c4c6ad"><code>06e120e</code></a> bump version for 46.0.5 release (<a href="https://redirect.github.com/pyca/cryptography/issues/14289">#14289</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c"><code>0eebb9d</code></a> EC check key on cofactor > 1 (<a href="https://redirect.github.com/pyca/cryptography/issues/14287">#14287</a>)</li> <li><a href="https://github.com/pyca/cryptography/commit/bedf6e186b814f69a3f54f51252c23a71d44ed2e"><code>bedf6e1</code></a> fix openssl version on 46 branch (<a href="https://redirect.github.com/pyca/cryptography/issues/14220">#14220</a>)</li> <li>See full diff in <a href="https://github.com/pyca/cryptography/compare/46.0.4...46.0.5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/mongodb/mongodb-kubernetes/network/alerts). </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Avoid having to copy files into test image build context by building the image from the repo root.
# Summary
## Why
- Unit tests were slow due to actual time.Sleep() calls and HTTP retry
delays, causing unnecessary wait times during test execution.
- Using Synctest to speed up slow unit tests (which were relying on
sleeps and go scheduler scheduling)
- test changed and speedup:
## What
- Adopted Go testing/synctest to eliminate real-time waits in time-based
tests (PVC resize, StatefulSet deletion)
- Configured HTTP clients in tests to retry immediately instead of
waiting seconds between attempts
- Fixed CI to only create Python venv for Python tests, not Go tests
Test | Before | After
-- | -- | --
TestReconcilePVCResizeShardedCluster | 3.06s | 0.03s
TestReconcilePVCResizeMultiCluster | 3.06s | 0.05s
TestHandlePVCResize | 1.00s | 0.00s
TestIsMemberClusterHealthy | 3.00s | 0.00s
TestRetriesOnWritingAutomationConfig | 3.00s | 0.05s
## Proof of Work
- passing unit tests
## Checklist
- [x] Have you linked a jira ticket and/or is the ticket in the title?
- [x] Have you checked whether your jira ticket required DOCSP changes?
- [x] Have you added changelog file?
- use `skip-changelog` label if not needed
- refer to [Changelog files and Release
Notes](https://github.com/mongodb/mongodb-kubernetes/blob/master/CONTRIBUTING.md#changelog-files-and-release-notes)
section in CONTRIBUTING.md for more details
Collaborator
Author
|
Warning This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite. This stack of pull requests is managed by Graphite. Learn more about stacking. |
nammn
added
the
skip-changelog
Graphite App
# Summary
Clean up the Makefile by removing stale, unused, and broken targets, and
use `$(USER)` for dev image versioning so each developer gets images
tagged with their username instead of the generic `dev`.
**Replaced `-v dev` with `-v $(USER)-dev`** in all `pipeline.py` calls
for dev image builds:
- `database`, `database-init-image`, `operator-image`, `om-init-image`,
`test-image`, `mco-test-image`, `readiness_probe`, `upgrade_hook`
**Removed broken targets** (referencing non-existent scripts/files):
- `build-and-push-database-image` —
`scripts/dev/build_push_database_image` doesn't exist, target was
unreferenced
- `status` — `scripts/dev/status` was deleted
- `generate-env-file` —
`mongodb-community-operator/scripts/dev/get_e2e_env_vars.py` doesn't
exist
- `docker-build` / `docker-push` — no root `Dockerfile` exists; leftover
operator-sdk scaffolding
**Removed stale usage entries** (documented but no target defined):
- `operator`, `full`, `appdb`, `recreate-e2e-kops`,
`recreate-e2e-openshift`, `log`, `status`, `dashboard`
**Removed unused variable:**
- `ENVTEST_ASSETS_DIR` — defined but never referenced
## Proof of Work
Validated with `make -n usage` — Makefile parses cleanly after changes.
## Checklist
- [x] Have you linked a jira ticket and/or is the ticket in the title?
- N/A — minor cleanup, no ticket
- [x] Have you checked whether your jira ticket required DOCSP changes?
- N/A
- [x] Have you added changelog file?
- use `skip-changelog` label if not needed
- refer to [Changelog files and Release
Notes](https://github.com/mongodb/mongodb-kubernetes/blob/master/CONTRIBUTING.md#changelog-files-and-release-notes)
section in CONTRIBUTING.md for more details
---------
Co-authored-by: Cursor <cursoragent@cursor.com>
Bumps the pip-deps group with 2 updates in the / directory: [botocore](https://github.com/boto/botocore) and [boto3](https://github.com/boto/boto3). Updates `botocore` from 1.42.45 to 1.42.50 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/boto/botocore/commit/11d064413d25b368cd2ba0442a26af65c6e246af"><code>11d0644</code></a> Merge branch 'release-1.42.50'</li> <li><a href="https://github.com/boto/botocore/commit/b6cb5d1c04ea2103486f9c747395496f8cdd114e"><code>b6cb5d1</code></a> Bumping version to 1.42.50</li> <li><a href="https://github.com/boto/botocore/commit/f0c2917b1e51b54320d38d6ffded4f222b5da403"><code>f0c2917</code></a> Update endpoints model</li> <li><a href="https://github.com/boto/botocore/commit/706f5c8630661f6a42b6ad0ec7e82d565e97f875"><code>706f5c8</code></a> Update to latest models</li> <li><a href="https://github.com/boto/botocore/commit/986db6c0ba1f227428c022f900a305c14e433029"><code>986db6c</code></a> Merge branch 'release-1.42.49'</li> <li><a href="https://github.com/boto/botocore/commit/1efd7be5a454fe5fa8d2b05d7e6d4873c92ebc01"><code>1efd7be</code></a> Merge branch 'release-1.42.49' into develop</li> <li><a href="https://github.com/boto/botocore/commit/d84c0f94df08cc8912b404664f6224dafeca9513"><code>d84c0f9</code></a> Bumping version to 1.42.49</li> <li><a href="https://github.com/boto/botocore/commit/ba87b14c7775c10c049bf787a30dc62ab9f2b8b9"><code>ba87b14</code></a> Update to latest models</li> <li><a href="https://github.com/boto/botocore/commit/2fc6b8735e2c35d6ac1fc4b0f5833fa024efafd6"><code>2fc6b87</code></a> Update CRT to 0.31.2 (<a href="https://redirect.github.com/boto/botocore/issues/3633">#3633</a>)</li> <li><a href="https://github.com/boto/botocore/commit/2c238cfebcb8d9151df52d7715c5c229b10f42bf"><code>2c238cf</code></a> Start testing Python 3.15 Alpha (<a href="https://redirect.github.com/boto/botocore/issues/3628">#3628</a>)</li> <li>Additional commits viewable in <a href="https://github.com/boto/botocore/compare/1.42.45...1.42.50">compare view</a></li> </ul> </details> <br /> Updates `boto3` from 1.42.45 to 1.42.50 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/boto/boto3/commit/330f2f86b7f6ee40b88de1a9f6d38adaccb468d5"><code>330f2f8</code></a> Merge branch 'release-1.42.50'</li> <li><a href="https://github.com/boto/boto3/commit/064bae69e357a337a980ee4ea3af392bcc65bdf8"><code>064bae6</code></a> Bumping version to 1.42.50</li> <li><a href="https://github.com/boto/boto3/commit/ba768ccafea4cfc7ca5355dba2e4c3c4633e6e83"><code>ba768cc</code></a> Add changelog entries from botocore</li> <li><a href="https://github.com/boto/boto3/commit/5afca39dd6507a3feb12c1856b5df5002a8385b7"><code>5afca39</code></a> Merge branch 'release-1.42.49'</li> <li><a href="https://github.com/boto/boto3/commit/bcc554742801daab69e25ed6391a57aec2d30c50"><code>bcc5547</code></a> Merge branch 'release-1.42.49' into develop</li> <li><a href="https://github.com/boto/boto3/commit/aa389d721368aee0e1237b1a584fd43ef50ff823"><code>aa389d7</code></a> Bumping version to 1.42.49</li> <li><a href="https://github.com/boto/boto3/commit/5a257bd6fd9612d5e431f63f6974a292e434e8be"><code>5a257bd</code></a> Add changelog entries from botocore</li> <li><a href="https://github.com/boto/boto3/commit/62a5985c09f1129fc1a56825dba9c2c261ad4b3b"><code>62a5985</code></a> Merge branch 'release-1.42.48'</li> <li><a href="https://github.com/boto/boto3/commit/227e8908d90df076f91ed1c1b9f42dfad9fc7d1b"><code>227e890</code></a> Merge branch 'release-1.42.48' into develop</li> <li><a href="https://github.com/boto/boto3/commit/15a15f3166d033f5d1fafd25d09974c3275af833"><code>15a15f3</code></a> Bumping version to 1.42.48</li> <li>Additional commits viewable in <a href="https://github.com/boto/boto3/compare/1.42.45...1.42.50">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
### Summary Added field_validation="Strict" to create_namespaced_custom_object and patch_namespaced_custom_object calls. This ensures that unknown fields in custom resources are rejected with an error, matching the behavior of kubectl apply. Also fixed some wrong yamls in our e2e test along the way. Previously, unknown fields were silently ignored in e2e tests, which masked configuration errors when CRDs were not updated with new fields. ### Proof of Work Tests passing.
# Summary It looks like as part of [this PR](39479f2#diff-a5d642be1e9fae2b8be9f20d1644e720ba39456ea764a2a634f8591c8dd8d7a6), we accidentally changed the file permission for the prepare_local_e2e_run.sh file and because of that if we run the make target now we get the permission issue like below ``` make prepare-local-e2e kubectl delete mdbc,all,secrets -l e2e-test=true || true No resources found scripts/dev/prepare_local_e2e_run.sh make: scripts/dev/prepare_local_e2e_run.sh: Permission denied make: *** [prepare-local-e2e] Error 1 ``` It's a not a big deal and we can get around this, but wanted to push this to fix it on master. ## Proof of Work na ## Checklist - [x] Have you linked a jira ticket and/or is the ticket in the title? - [x] Have you checked whether your jira ticket required DOCSP changes? - [x] Have you added changelog file? - use `skip-changelog` label if not needed - refer to [Changelog files and Release Notes](https://github.com/mongodb/mongodb-kubernetes/blob/master/CONTRIBUTING.md#changelog-files-and-release-notes) section in CONTRIBUTING.md for more details
…m-migration-agent-path
Log the current AC version during polling to help debug version mismatches.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Added support for custom agent certificate paths to facilitate VM-to-K8s migrations. This allows specifying a custom path for the agent certificate file through a new
agentCertificatePathfield in theAgentAuthenticationstruct. When specified, the operator will mount the certificate at the custom path, while still maintaining the standard mount for operator use.Proof of Work
Examples
from running pod + yaml mount:
Checklist
skip-changeloglabel if not needed