├── .actrc.local.sample ├── .gitattributes ├── .github ├── CODEOWNERS ├── HOWTO.md ├── ISSUE_TEMPLATE │ ├── bug_report.yml │ └── config.yml ├── PULL_REQUEST_TEMPLATE.md ├── actions │ ├── build-push-image │ │ └── action.yaml │ ├── certify-openshift-images │ │ ├── Dockerfile │ │ ├── action.yaml │ │ └── entrypoint.sh │ ├── gen-install-scripts │ │ ├── Dockerfile │ │ ├── action.yml │ │ └── entrypoint.sh │ └── set-tag │ │ ├── Dockerfile │ │ ├── action.yml │ │ └── entrypoint.sh ├── codecov.yml ├── dependabot.yml └── workflows │ ├── build-test-app.yml │ ├── check-licenses.yml │ ├── cleanup-all.yml │ ├── cleanup-gov-test.yml │ ├── cleanup-test.yml │ ├── cloud-tests-filter.yml │ ├── cloud-tests.yml │ ├── devbox-update.yml │ ├── license-header-check.yml │ ├── lint.yaml │ ├── openshift-upgrade-test.yaml │ ├── rebuild-released-images.yaml │ ├── release-branch.yml │ ├── release-openshift.yaml │ ├── release-post-merge.yml │ ├── remove-label.yml │ ├── reports.yml │ ├── sboms-pr.yaml │ ├── stale.yml │ ├── sync-helm-charts.yaml │ ├── test-e2e-gov.yml │ ├── test-e2e.yml │ ├── test-int.yml │ ├── test-unit.yml │ ├── test.yml │ ├── tests-selectable.yaml │ ├── update-helm.yaml │ ├── update-licenses.yml │ └── validate-manifests.yml ├── .gitignore ├── .gitmodules ├── .golangci.yml ├── .licenses-gomod.sha256 ├── .mockery.yaml ├── .pre-commit-config.yaml ├── CODE_OF_CONDUCT.md ├── Dockerfile.post-install ├── LICENSE ├── Makefile ├── PROJECT ├── README.md ├── SECURITY.md ├── actions.txt ├── api ├── atlascustomresource.go ├── condition.go ├── condition_test.go ├── credentials.go ├── doc.go ├── localref.go ├── option.go ├── status.go ├── v1 │ ├── alert_configurations.go │ ├── alert_configurations_test.go │ ├── atlasbackupcompliancepolicy_types.go │ ├── atlasbackupcompliancepolicy_types_test.go │ ├── atlasbackuppolicy_types.go │ ├── atlasbackupschedule_types.go │ ├── atlasbackupschedule_types_test.go │ ├── atlascustomresource.go │ ├── atlascustomresource_test.go │ ├── atlascustomrole_types.go │ ├── atlasdatabaseuser_types.go │ ├── atlasdatafederation_types.go │ ├── atlasdeployment_types.go │ ├── atlasfederatedauth_types.go │ ├── atlasfederatedauth_types_test.go │ ├── atlasipaccesslist_types.go │ ├── atlasnetworkcontainer_types.go │ ├── atlasnetworkcontainer_types_test.go │ ├── atlasnetworkpeering_types.go │ ├── atlasnetworkpeering_types_test.go │ ├── atlasprivateendpoint_types.go │ ├── atlasproject_types.go │ ├── atlasproject_types_test.go │ ├── atlassearchindex_types.go │ ├── atlassearchindexconfig_types.go │ ├── atlasstreamconnection_types.go │ ├── atlasstreaminstance_types.go │ ├── atlasteam_types.go │ ├── auditing.go │ ├── authmode │ │ └── authmode.go │ ├── cloud_provider_integration.go │ ├── common │ │ └── common.go │ ├── custom_roles.go │ ├── encryption_at_rest.go │ ├── externalreference.go │ ├── global_deployment.go │ ├── groupversion_info.go │ ├── networkpeer.go │ ├── privateendpoint.go │ ├── project │ │ ├── integration.go │ │ ├── ipaccesslist.go │ │ └── maintenancewindow.go │ ├── project_reference_cel_test.go │ ├── project_settings.go │ ├── project_teams.go │ ├── projectref.go │ ├── provider │ │ └── provider.go │ ├── serverless_private_endpoint.go │ ├── status │ │ ├── alert_configurations.go │ │ ├── atlasdatabaseuser.go │ │ ├── atlasdeployment.go │ │ ├── atlasfederatedauth.go │ │ ├── atlasipaccesslist.go │ │ ├── atlasnetworkcontainer.go │ │ ├── atlasnetworkpeering.go │ │ ├── atlasprivateendpoint.go │ │ ├── atlasproject.go │ │ ├── atlasstreamconnection.go │ │ ├── atlasstreaminstance.go │ │ ├── backupcompliancepolicy.go │ │ ├── backuppolicy.go │ │ ├── backupschedule.go │ │ ├── cloud_provider_integration.go │ │ ├── custom_roles.go │ │ ├── datafederation.go │ │ ├── deployment_searchindex.go │ │ ├── doc.go │ │ ├── global_deployment.go │ │ ├── networkpeer.go │ │ ├── privateendpoint.go │ │ ├── project_team.go │ │ ├── prometheus.go │ │ ├── searchindex.go │ │ ├── serverless_private_endpoint.go │ │ ├── team.go │ │ └── zz_generated.deepcopy.go │ └── zz_generated.deepcopy.go └── zz_generated.deepcopy.go ├── bundle.Dockerfile ├── bundle ├── manifests │ ├── atlas.mongodb.com_atlasbackupcompliancepolicies.yaml │ ├── atlas.mongodb.com_atlasbackuppolicies.yaml │ ├── atlas.mongodb.com_atlasbackupschedules.yaml │ ├── atlas.mongodb.com_atlascustomroles.yaml │ ├── atlas.mongodb.com_atlasdatabaseusers.yaml │ ├── atlas.mongodb.com_atlasdatafederations.yaml │ ├── atlas.mongodb.com_atlasdeployments.yaml │ ├── atlas.mongodb.com_atlasfederatedauths.yaml │ ├── atlas.mongodb.com_atlasipaccesslists.yaml │ ├── atlas.mongodb.com_atlasnetworkcontainers.yaml │ ├── atlas.mongodb.com_atlasnetworkpeerings.yaml │ ├── atlas.mongodb.com_atlasprivateendpoints.yaml │ ├── atlas.mongodb.com_atlasprojects.yaml │ ├── atlas.mongodb.com_atlassearchindexconfigs.yaml │ ├── atlas.mongodb.com_atlasstreamconnections.yaml │ ├── atlas.mongodb.com_atlasstreaminstances.yaml │ ├── atlas.mongodb.com_atlasteams.yaml │ ├── mongodb-atlas-controller-manager-metrics-service_v1_service.yaml │ ├── mongodb-atlas-kubernetes.clusterserviceversion.yaml │ └── mongodb-atlas-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml ├── metadata │ └── annotations.yaml └── tests │ └── scorecard │ └── config.yaml ├── cmd ├── main.go ├── main_test.go └── post-install │ └── main.go ├── config ├── crd │ ├── bases │ │ ├── atlas.mongodb.com_atlasbackupcompliancepolicies.yaml │ │ ├── atlas.mongodb.com_atlasbackuppolicies.yaml │ │ ├── atlas.mongodb.com_atlasbackupschedules.yaml │ │ ├── atlas.mongodb.com_atlascustomroles.yaml │ │ ├── atlas.mongodb.com_atlasdatabaseusers.yaml │ │ ├── atlas.mongodb.com_atlasdatafederations.yaml │ │ ├── atlas.mongodb.com_atlasdeployments.yaml │ │ ├── atlas.mongodb.com_atlasfederatedauths.yaml │ │ ├── atlas.mongodb.com_atlasipaccesslists.yaml │ │ ├── atlas.mongodb.com_atlasnetworkcontainers.yaml │ │ ├── atlas.mongodb.com_atlasnetworkpeerings.yaml │ │ ├── atlas.mongodb.com_atlasprivateendpoints.yaml │ │ ├── atlas.mongodb.com_atlasprojects.yaml │ │ ├── atlas.mongodb.com_atlassearchindexconfigs.yaml │ │ ├── atlas.mongodb.com_atlasstreamconnections.yaml │ │ ├── atlas.mongodb.com_atlasstreaminstances.yaml │ │ └── atlas.mongodb.com_atlasteams.yaml │ ├── kustomization.yaml │ └── kustomizeconfig.yaml ├── default │ └── kustomization.yaml ├── manager │ ├── controller_manager_config.yaml │ ├── kustomization.yaml │ └── manager.yaml ├── manifests │ ├── bases │ │ └── mongodb-atlas-kubernetes.clusterserviceversion.yaml │ └── kustomization.yaml ├── prometheus │ ├── kustomization.yaml │ └── monitor.yaml ├── rbac │ ├── atlasbackuppolicy_editor_role.yaml │ ├── atlasbackuppolicy_viewer_role.yaml │ ├── atlasbackupschedule_editor_role.yaml │ ├── atlasbackupschedule_viewer_role.yaml │ ├── atlasdeployment_editor_role.yaml │ ├── atlasdeployment_viewer_role.yaml │ ├── atlasfederatedauth_editor_role.yaml │ ├── atlasfederatedauth_viewer_role.yaml │ ├── atlasipaccesslist_editor_role.yaml │ ├── atlasipaccesslist_viewer_role.yaml │ ├── atlasnetworkcontainer_editor_role.yaml │ ├── atlasnetworkcontainer_viewer_role.yaml │ ├── atlasnetworkpeering_editor_role.yaml │ ├── atlasnetworkpeering_viewer_role.yaml │ ├── atlasprivateendpoint_editor_role.yaml │ ├── atlasprivateendpoint_viewer_role.yaml │ ├── atlasproject_editor_role.yaml │ ├── atlasproject_viewer_role.yaml │ ├── atlassearchindexconfig_editor_role.yaml │ ├── atlassearchindexconfig_viewer_role.yaml │ ├── atlasstreamconnections_editor_role.yaml │ ├── atlasstreamconnections_viewer_role.yaml │ ├── atlasstreaminstances_editor_role.yaml │ ├── atlasstreaminstances_viewer_role.yaml │ ├── atlasteam_editor_role.yaml │ ├── atlasteam_viewer_role.yaml │ ├── clusterwide │ │ ├── kustomization.yaml │ │ ├── role.yaml │ │ └── role_binding.yaml │ ├── kustomization.yaml │ ├── leader_election_role.yaml │ ├── leader_election_role_binding.yaml │ ├── namespaced │ │ ├── kustomization.yaml │ │ ├── role.yaml │ │ └── role_binding.yaml │ └── service_account.yaml ├── release │ ├── base │ │ ├── allinone │ │ │ └── kustomization.yaml │ │ ├── clusterwide │ │ │ └── kustomization.yaml │ │ └── namespaced │ │ │ ├── kustomization.yaml │ │ │ └── manager_watched_namespace_patch.json │ ├── dev │ │ ├── allinone │ │ │ └── kustomization.yaml │ │ ├── clusterwide │ │ │ └── kustomization.yaml │ │ ├── dev_patch.json │ │ ├── namespaced │ │ │ └── kustomization.yaml │ │ └── openshift │ │ │ ├── kustomization.yaml │ │ │ └── manager_watch_namespace_patch.json │ └── prod │ │ ├── allinone │ │ └── kustomization.yaml │ │ ├── clusterwide │ │ └── kustomization.yaml │ │ ├── namespaced │ │ └── kustomization.yaml │ │ ├── openshift │ │ ├── kustomization.yaml │ │ └── manager_watch_namespace_patch.json │ │ └── prod_patch.json ├── samples │ ├── atlas_v1_atlasbackupcompliancepolicy.yaml │ ├── atlas_v1_atlasbackuppolicy.yaml │ ├── atlas_v1_atlasbackupschedule.yaml │ ├── atlas_v1_atlascustomrole.yaml │ ├── atlas_v1_atlasdatabaseuser.yaml │ ├── atlas_v1_atlasdatafederation.yaml │ ├── atlas_v1_atlasdeployment.yaml │ ├── atlas_v1_atlasfederatedauth.yaml │ ├── atlas_v1_atlasipaccesslist.yaml │ ├── atlas_v1_atlasnetworkcontainer.yaml │ ├── atlas_v1_atlasnetworkpeering.yaml │ ├── atlas_v1_atlasprivateendpoint.yaml │ ├── atlas_v1_atlasproject.yaml │ ├── atlas_v1_atlasproject_with_maintenance_window.yaml │ ├── atlas_v1_atlassearchindexconfigs.yaml │ ├── atlas_v1_atlasstreamconnection.yaml │ ├── atlas_v1_atlasstreaminstance.yaml │ ├── atlas_v1_atlasteam.yaml │ └── kustomization.yaml ├── scorecard │ ├── bases │ │ └── config.yaml │ ├── kustomization.yaml │ └── patches │ │ ├── basic.config.yaml │ │ └── olm.config.yaml └── webhook │ ├── kustomization.yaml │ ├── kustomizeconfig.yaml │ └── service.yaml ├── deploy ├── all-in-one.yaml ├── clusterwide │ ├── clusterwide-config.yaml │ └── crds.yaml ├── crds │ ├── atlas.mongodb.com_atlasbackupcompliancepolicies.yaml │ ├── atlas.mongodb.com_atlasbackuppolicies.yaml │ ├── atlas.mongodb.com_atlasbackupschedules.yaml │ ├── atlas.mongodb.com_atlascustomroles.yaml │ ├── atlas.mongodb.com_atlasdatabaseusers.yaml │ ├── atlas.mongodb.com_atlasdatafederations.yaml │ ├── atlas.mongodb.com_atlasdeployments.yaml │ ├── atlas.mongodb.com_atlasfederatedauths.yaml │ ├── atlas.mongodb.com_atlasipaccesslists.yaml │ ├── atlas.mongodb.com_atlasnetworkcontainers.yaml │ ├── atlas.mongodb.com_atlasnetworkpeerings.yaml │ ├── atlas.mongodb.com_atlasprivateendpoints.yaml │ ├── atlas.mongodb.com_atlasprojects.yaml │ ├── atlas.mongodb.com_atlassearchindexconfigs.yaml │ ├── atlas.mongodb.com_atlasstreamconnections.yaml │ ├── atlas.mongodb.com_atlasstreaminstances.yaml │ └── atlas.mongodb.com_atlasteams.yaml ├── namespaced │ ├── crds.yaml │ └── namespaced-config.yaml └── openshift │ ├── crds.yaml │ └── openshift.yaml ├── devbox.json ├── devbox.lock ├── docs ├── annotations.md ├── dev │ ├── ci.md │ ├── image-sboms.md │ ├── img.png │ ├── olm.md │ ├── openshift-cluster-install.md │ ├── operator-sdk-notes.md │ ├── release.md │ ├── signed-images.md │ └── start-guide.md ├── gcpPrivateEndpoint.md ├── grafana │ └── sample_dashboard.json ├── helpers │ └── certs │ │ ├── cert.yaml │ │ └── issuer.yaml ├── metrics-via-grafana.md ├── project-integration.md ├── release-notes │ └── release-notes-template.md ├── releases │ ├── sdlc-compliance.template.md │ ├── v2.2.1 │ │ ├── linux-amd64.sbom.json │ │ ├── linux-arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.2.2 │ │ ├── linux-amd64.sbom.json │ │ ├── linux-arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.3.0 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.3.1 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.4.0 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.4.1 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.5.0 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.6.0 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.6.1 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.7.0 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.7.1 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.8.0 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md │ ├── v2.8.1 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md │ └── v2.8.2 │ │ ├── linux_amd64.sbom.json │ │ ├── linux_arm64.sbom.json │ │ └── sdlc-compliance.md ├── secret-management │ ├── external-secrets │ │ ├── Readme.md │ │ ├── atlas.yaml │ │ ├── dbuser.yaml │ │ ├── vault-default.yaml │ │ └── vault-system.yaml │ └── secrets-store-csi │ │ ├── Readme.md │ │ ├── ako-patch.yaml │ │ ├── atlas.yaml │ │ ├── dbuser.yaml │ │ └── placeholder.yaml ├── testing.md └── x509-user.md ├── dotenv.sample ├── fast.Dockerfile ├── flakes └── go │ ├── flake.lock │ └── flake.nix ├── force-compile.timestamp ├── go.mod ├── go.sum ├── hack ├── boilerplate.go.txt └── licenses │ ├── Apache-2.0 │ ├── LICENSE │ └── README │ ├── BSD-3-Clause │ ├── LICENSE │ └── README │ ├── MIT │ ├── LICENSE │ └── README │ └── THIRD-PARTY-NOTICES ├── helm-charts ├── atlas-advanced │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── atlas-deployment.yaml │ │ ├── atlas-mongodb-user-secret.yaml │ │ ├── atlas-mongodb-user.yaml │ │ ├── atlas-project.yaml │ │ └── atlas-secret.yaml │ └── values.yaml ├── atlas-basic │ ├── .helmignore │ ├── Chart.yaml │ ├── templates │ │ ├── _helpers.tpl │ │ ├── atlas-deployment.yaml │ │ ├── atlas-mongodb-user-secret.yaml │ │ ├── atlas-mongodb-user.yaml │ │ ├── atlas-project.yaml │ │ └── atlas-secret.yaml │ └── values.yaml ├── atlas-deployment │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── atlas-deployment.yaml │ │ ├── atlas-mongodb-user-secret.yaml │ │ ├── atlas-mongodb-user.yaml │ │ ├── atlas-project.yaml │ │ └── atlas-secret.yaml │ └── values.yaml ├── atlas-operator-crds │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── atlas.mongodb.com_atlasbackupcompliancepolicies.yaml │ │ ├── atlas.mongodb.com_atlasbackuppolicies.yaml │ │ ├── atlas.mongodb.com_atlasbackupschedules.yaml │ │ ├── atlas.mongodb.com_atlascustomroles.yaml │ │ ├── atlas.mongodb.com_atlasdatabaseusers.yaml │ │ ├── atlas.mongodb.com_atlasdatafederations.yaml │ │ ├── atlas.mongodb.com_atlasdeployments.yaml │ │ ├── atlas.mongodb.com_atlasfederatedauths.yaml │ │ ├── atlas.mongodb.com_atlasipaccesslists.yaml │ │ ├── atlas.mongodb.com_atlasnetworkcontainers.yaml │ │ ├── atlas.mongodb.com_atlasnetworkpeerings.yaml │ │ ├── atlas.mongodb.com_atlasprivateendpoints.yaml │ │ ├── atlas.mongodb.com_atlasprojects.yaml │ │ ├── atlas.mongodb.com_atlassearchindexconfigs.yaml │ │ ├── atlas.mongodb.com_atlasstreamconnections.yaml │ │ ├── atlas.mongodb.com_atlasstreaminstances.yaml │ │ └── atlas.mongodb.com_atlasteams.yaml │ └── values.yaml └── atlas-operator │ ├── .helmignore │ ├── Chart.lock │ ├── Chart.yaml │ ├── README.md │ ├── rbac.yaml │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── cluster-roles.yaml │ ├── deployment.yaml │ ├── global-secret.yaml │ ├── roles.yaml │ └── serviceaccount.yaml │ └── values.yaml ├── internal ├── cmp │ ├── normalize.go │ ├── normalize_test.go │ └── sort.go ├── collection │ ├── collection.go │ └── collection_test.go ├── compare │ └── comparation.go ├── compat │ ├── json_slice_merge.go │ ├── json_slice_merge_test.go │ ├── jsoncopy.go │ └── jsoncopy_test.go ├── controller │ ├── atlas │ │ ├── api_error.go │ │ ├── client.go │ │ ├── provider.go │ │ └── provider_test.go │ ├── atlasbackupcompliancepolicy │ │ ├── atlasbackupcompliancepolicy_controller.go │ │ └── atlasbackupcompliancepolicy_controller_test.go │ ├── atlascustomrole │ │ ├── atlascustomrole_controller.go │ │ ├── atlascustomrole_controller_test.go │ │ ├── custom_role.go │ │ └── custom_role_test.go │ ├── atlasdatabaseuser │ │ ├── atlasdatabaseuser_controller.go │ │ ├── atlasdatabaseuser_controller_test.go │ │ ├── databaseuser.go │ │ └── databaseuser_test.go │ ├── atlasdatafederation │ │ ├── connectionsecrets.go │ │ ├── datafederation.go │ │ ├── datafederation_client.go │ │ ├── datafederation_controller.go │ │ ├── datafederation_controller_test.go │ │ ├── private_endpoint.go │ │ └── private_endpoint_test.go │ ├── atlasdeployment │ │ ├── advanced_deployment.go │ │ ├── advanced_deployment_test.go │ │ ├── atlasdeployment_controller.go │ │ ├── atlasdeployment_controller_test.go │ │ ├── backup.go │ │ ├── customzonemapping.go │ │ ├── customzonemapping_test.go │ │ ├── deployment_test.go │ │ ├── flex_deployment.go │ │ ├── flex_deployment_test.go │ │ ├── managed_namespaces.go │ │ ├── managed_namespaces_test.go │ │ ├── search_nodes.go │ │ ├── search_nodes_test.go │ │ ├── searchindex.go │ │ ├── searchindex_test.go │ │ ├── searchindexes.go │ │ ├── searchindexes_test.go │ │ ├── serverless_deployment.go │ │ ├── serverless_deployment_test.go │ │ ├── serverless_private_endpoint.go │ │ └── serverless_private_endpoint_test.go │ ├── atlasfederatedauth │ │ ├── atlasfederated_auth.go │ │ ├── atlasfederated_auth_controller.go │ │ └── atlasfederated_auth_controller_test.go │ ├── atlasipaccesslist │ │ ├── atlasipaccesslist_controller.go │ │ ├── atlasipaccesslist_controller_test.go │ │ ├── state.go │ │ ├── state_test.go │ │ ├── transitions.go │ │ └── transitions_test.go │ ├── atlasnetworkcontainer │ │ ├── atlasnetworkcontainer_controller.go │ │ ├── atlasnetworkcontainer_controller_test.go │ │ ├── state.go │ │ ├── state_test.go │ │ └── transitions.go │ ├── atlasnetworkpeering │ │ ├── atlasnetworkpeering_controller.go │ │ ├── atlasnetworkpeering_controller_test.go │ │ ├── state.go │ │ ├── state_test.go │ │ ├── transition.go │ │ └── transition_test.go │ ├── atlasprivateendpoint │ │ ├── atlasprivateendpoint_controller.go │ │ ├── atlasprivateendpoint_controller_test.go │ │ ├── privateendpoint.go │ │ └── privateendpoint_test.go │ ├── atlasproject │ │ ├── alert_configurations.go │ │ ├── atlasproject_controller.go │ │ ├── atlasproject_controller_test.go │ │ ├── auditing.go │ │ ├── auditing_test.go │ │ ├── backupcompliancepolicy.go │ │ ├── backupcompliancepolicy_test.go │ │ ├── cloud_provider_integration.go │ │ ├── cloud_provider_integration_test.go │ │ ├── custom_roles.go │ │ ├── custom_roles_test.go │ │ ├── encryption_at_rest.go │ │ ├── encryption_at_rest_test.go │ │ ├── integrations.go │ │ ├── integrations_test.go │ │ ├── ipaccess_list.go │ │ ├── ipaccess_list_test.go │ │ ├── maintenancewindow.go │ │ ├── maintenancewindow_test.go │ │ ├── network_peering.go │ │ ├── network_peering_test.go │ │ ├── private_endpoint.go │ │ ├── private_endpoint_test.go │ │ ├── project.go │ │ ├── project_settings.go │ │ ├── project_settings_test.go │ │ ├── project_test.go │ │ ├── team_reconciler.go │ │ ├── team_reconciler_test.go │ │ ├── teams.go │ │ ├── teams_test.go │ │ └── x509_auth.go │ ├── atlassearchindexconfig │ │ ├── atlassearchindexconfig_controller.go │ │ └── atlassearchindexconfig_controller_test.go │ ├── atlasstream │ │ ├── atlasstream_connection.go │ │ ├── atlasstream_connection_controller.go │ │ ├── atlasstream_connection_controller_test.go │ │ ├── atlasstream_connection_test.go │ │ ├── atlasstream_instance_controller.go │ │ ├── atlasstream_instance_controller_test.go │ │ ├── transitions.go │ │ └── transitions_test.go │ ├── connectionsecret │ │ ├── connectionsecrets.go │ │ ├── connectionsecrets_test.go │ │ ├── ensuresecret.go │ │ ├── ensuresecret_test.go │ │ ├── listsecrets.go │ │ └── listsecrets_test.go │ ├── customresource │ │ ├── customresource.go │ │ ├── customresource_test.go │ │ ├── finalizer.go │ │ ├── protection.go │ │ └── protection_test.go │ ├── reconciler │ │ ├── credentials.go │ │ ├── credentials_test.go │ │ ├── project.go │ │ └── reconciler.go │ ├── registry.go │ ├── statushandler │ │ ├── handler.go │ │ ├── patch.go │ │ └── patch_test.go │ ├── validate │ │ ├── deployment.go │ │ ├── deployment_test.go │ │ ├── instance_size.go │ │ ├── instance_size_test.go │ │ ├── tags.go │ │ ├── validate.go │ │ └── validate_test.go │ ├── watch │ │ ├── predicates.go │ │ └── predicates_test.go │ └── workflow │ │ ├── context.go │ │ ├── reason.go │ │ ├── result.go │ │ ├── status.go │ │ └── status_test.go ├── dryrun │ ├── error.go │ ├── error_queue.go │ ├── manager.go │ ├── manager_test.go │ ├── transport.go │ └── transport_test.go ├── featureflags │ ├── featureflag.go │ └── featureflag_test.go ├── httputil │ ├── decoratedclient.go │ ├── decoratedclient_test.go │ ├── digestclient.go │ ├── loggedclient.go │ └── transportclient.go ├── indexer │ ├── atlasbackupcompliancepolicies.go │ ├── atlasbackupcompliancepolicies_test.go │ ├── atlasbackuppolicies.go │ ├── atlasbackuppolicies_test.go │ ├── atlasbackupschedules.go │ ├── atlasbackupschedules_test.go │ ├── atlascustomrolecredentials.go │ ├── atlascustomrolesprojects.go │ ├── atlascustomrolesprojects_test.go │ ├── atlasdatabaseusercredentials.go │ ├── atlasdatabaseuserprojects.go │ ├── atlasdatabaseuserprojects_test.go │ ├── atlasdatabaseusersecrets.go │ ├── atlasdatabaseusersecrets_test.go │ ├── atlasdatafederationprojects.go │ ├── atlasdatafederationprojects_test.go │ ├── atlasdeploymentcredentials.go │ ├── atlasfederatedauthsecret.go │ ├── atlasfederatedauthsecret_test.go │ ├── atlasipaccesslistcredentials.go │ ├── atlasipaccesslistprojects.go │ ├── atlasnetworkcontainercredentials.go │ ├── atlasnetworkcontainerprojects.go │ ├── atlasnetworkcontainerprojects_test.go │ ├── atlasnetworkpeeringbycontainer.go │ ├── atlasnetworkpeeringbycontainer_test.go │ ├── atlasnetworkpeeringcredentials.go │ ├── atlasnetworkpeeringsprojects.go │ ├── atlasnetworkpeeringsprojects_test.go │ ├── atlasprivateendpointcredentials.go │ ├── atlasprivateendpointsprojects.go │ ├── atlasprivateendpointsprojects_test.go │ ├── atlasprojectsecrets.go │ ├── atlasprojectsecrets_test.go │ ├── atlasreferredprojects.go │ ├── atlassearchindexconfigs.go │ ├── atlassearchindexconfigs_test.go │ ├── atlasstreamconnections.go │ ├── atlasstreamconnections_test.go │ ├── atlasstreaminstances.go │ ├── atlasstreaminstances_test.go │ ├── atlasteams.go │ ├── atlasteams_test.go │ ├── indexer.go │ ├── indexer_test.go │ ├── localcredentials.go │ └── localcredentials_test.go ├── kube │ ├── kube.go │ └── kube_test.go ├── mocks │ ├── atlas │ │ ├── advanced_clusters.go │ │ ├── alert_configurations.go │ │ ├── auditing.go │ │ ├── cloud_provider_access.go │ │ ├── cloud_provider_snapshot_backup_policies.go │ │ ├── containers.go │ │ ├── custom_db_roles.go │ │ ├── encryption_at_rest.go │ │ ├── global_clusters.go │ │ ├── integrations.go │ │ ├── maintenance_window.go │ │ ├── network_peering.go │ │ ├── private_endpoints.go │ │ ├── projects.go │ │ ├── provider.go │ │ ├── serverless_instances.go │ │ ├── teams.go │ │ └── third_party_integration.go │ └── translation │ │ ├── atlas_deployments_service.go │ │ ├── atlas_users_service.go │ │ ├── audit.go │ │ ├── custom_role_service.go │ │ ├── data_federation_service.go │ │ ├── datafederation_private_endpoint_service.go │ │ ├── deployment.go │ │ ├── deployment_service.go │ │ ├── encryption_at_rest_service.go │ │ ├── endpoint_interface.go │ │ ├── endpoint_service.go │ │ ├── global_cluster_service.go │ │ ├── ip_access_list_service.go │ │ ├── maintenance_window_service.go │ │ ├── network_container_service.go │ │ ├── network_peering_service.go │ │ ├── private_endpoint_service.go │ │ ├── project_referrer.go │ │ ├── project_referrer_object.go │ │ ├── project_service.go │ │ ├── team_projects_service.go │ │ ├── team_roles_service.go │ │ ├── team_users_service.go │ │ └── teams_service.go ├── operator │ ├── builder.go │ └── builder_test.go ├── pointer │ ├── pointer.go │ └── pointer_test.go ├── set │ ├── identifiable.go │ └── identifiable_test.go ├── stringutil │ ├── stringutil.go │ └── stringutil_test.go ├── timeutil │ ├── timeutil.go │ └── timeutil_test.go ├── translation │ ├── audit │ │ ├── audit.go │ │ ├── conversion.go │ │ └── conversion_test.go │ ├── customroles │ │ ├── conversion.go │ │ └── custom_roles.go │ ├── datafederation │ │ ├── conversion.go │ │ ├── conversion_endpoints.go │ │ ├── conversion_endpoints_test.go │ │ ├── conversion_test.go │ │ ├── datafederation.go │ │ └── datafederationendpoints.go │ ├── dbuser │ │ ├── conversion.go │ │ ├── conversion_test.go │ │ ├── dbuser.go │ │ ├── dbuser_test.go │ │ └── internal_test.go │ ├── deployment │ │ ├── compare.go │ │ ├── compare_test.go │ │ ├── conversion.go │ │ ├── conversion_test.go │ │ ├── deployment.go │ │ └── deployment_test.go │ ├── encryptionatrest │ │ ├── conversion.go │ │ ├── conversion_test.go │ │ └── encryptionatrest.go │ ├── errors.go │ ├── ipaccesslist │ │ ├── conversion.go │ │ ├── conversion_test.go │ │ ├── ipaccesslist.go │ │ └── ipaccesslist_test.go │ ├── maintenancewindow │ │ ├── conversion.go │ │ ├── conversion_test.go │ │ └── maintenancewindow.go │ ├── networkcontainer │ │ ├── conversion.go │ │ ├── conversion_test.go │ │ ├── networkcontainer.go │ │ └── networkcontainer_test.go │ ├── networkpeering │ │ ├── conversion.go │ │ ├── conversion_test.go │ │ ├── networkpeering.go │ │ └── networkpeering_test.go │ ├── paging │ │ ├── list.go │ │ └── list_test.go │ ├── privateendpoint │ │ ├── conversion.go │ │ ├── privateendpoint.go │ │ └── privateendpoint_test.go │ ├── project │ │ ├── conversion.go │ │ ├── project.go │ │ └── project_test.go │ ├── searchindex │ │ ├── fake │ │ │ └── fake.go │ │ ├── searchIndexsvc.go │ │ ├── searchindex.go │ │ └── searchindex_test.go │ ├── tag │ │ └── tag.go │ └── teams │ │ ├── conversion.go │ │ ├── conversion_test.go │ │ ├── teams.go │ │ └── teams_test.go └── version │ ├── version.go │ └── version_test.go ├── licenses.csv ├── major-version ├── scripts ├── augment-sbom.sh ├── build_catalog.sh ├── build_catalogsource.sh ├── build_subscription.sh ├── bump-helm-chart-version.sh ├── create-signed-commit.sh ├── create_kind_cluster.sh ├── create_x509.go ├── deploy.sh ├── e2e_local.sh ├── gen-sdlc-checklist.sh ├── generate_upload_sbom.sh ├── get-docker-sbom-plugin.sh ├── gh-access-token.sh ├── github-actions │ └── await_image_push.sh ├── helm-upd-crds.sh ├── helm-upd-rbac.sh ├── launch-ci-e2e.sh ├── list-actions.sh ├── openshift-upgrade-test.sh ├── openshift │ ├── catalogsource.yaml │ ├── install-config.yaml │ ├── operatorgroup.yaml │ └── subscription.yaml ├── release-helm.sh ├── release-redhat-certified.sh ├── release-redhat-openshift.sh ├── release-redhat.sh ├── retry.sh ├── sign-multiarch.sh ├── sign.sh ├── slackit.sh ├── split_roles_yaml.sh ├── store-sbom-in-s3.sh ├── supported-releases.sh ├── upload-to-kondukto.sh ├── verify.sh ├── version-check.sh └── vulncheck.sh ├── test ├── app │ ├── Dockerfile │ ├── go.mod │ ├── go.sum │ ├── helm │ │ ├── .helmignore │ │ ├── Chart.yaml │ │ ├── templates │ │ │ └── test-app.yaml │ │ └── values.yaml │ └── main.go ├── e2e │ ├── alert_config_test.go │ ├── annotations_test.go │ ├── atlas_gov_test.go │ ├── auditing_test.go │ ├── backup_compliance_test.go │ ├── backup_config_test.go │ ├── bundle_test.go │ ├── cache_watch_test.go │ ├── cloud_provider_integration_test.go │ ├── configuration_test.go │ ├── custom_roles_test.go │ ├── datafederation_pe_test.go │ ├── db_users_oidc_test.go │ ├── db_users_test.go │ ├── dry_run_test.go │ ├── e2e_suite_test.go │ ├── encryption_at_rest_test.go │ ├── flex_deployment_test.go │ ├── free_tier_test.go │ ├── global_deployment_test.go │ ├── helm_chart_test.go │ ├── independent_customroles_test.go │ ├── integration_test.go │ ├── ipaccesslist_test.go │ ├── multinamespace_test.go │ ├── network_container_controller_test.go │ ├── network_peering_controller_test.go │ ├── network_peering_test.go │ ├── operator_type_wide_test.go │ ├── output │ │ └── keep-directory.txt │ ├── private_link_test.go │ ├── privateendpoint_test.go │ ├── project_settings_test.go │ ├── searchindex_test.go │ ├── searchnodes_test.go │ ├── teams_test.go │ └── x509_test.go ├── helm │ ├── flex_test.go │ └── flex_values.yaml ├── helper │ ├── access │ │ └── ipaccesslist_matcher.go │ ├── atlas │ │ └── waiters.go │ ├── cel │ │ ├── cel.go │ │ ├── cel_test.go │ │ ├── fake │ │ │ ├── resource.go │ │ │ ├── test.mongodb.com_resources.yaml │ │ │ └── zz_generated.deepcopy.go │ │ └── pattern.go │ ├── cloud │ │ ├── aws │ │ │ ├── aws.go │ │ │ └── vpc.go │ │ ├── azure │ │ │ ├── azure.go │ │ │ └── vpc.go │ │ └── google │ │ │ ├── google.go │ │ │ └── vpc.go │ ├── cmd │ │ └── cmd.go │ ├── conditions │ │ └── conditions.go │ ├── control │ │ └── enable.go │ ├── decoder │ │ └── decoder.go │ ├── e2e │ │ ├── actions │ │ │ ├── actions.go │ │ │ ├── annotations_related.go │ │ │ ├── cloud │ │ │ │ ├── aws.go │ │ │ │ ├── azure.go │ │ │ │ ├── gcp.go │ │ │ │ ├── gcp_test.go │ │ │ │ └── provider.go │ │ │ ├── cloudaccess │ │ │ │ ├── aws_roles.go │ │ │ │ └── roles.go │ │ │ ├── conditions.go │ │ │ ├── deploy │ │ │ │ └── deploy_operator.go │ │ │ ├── helm_related.go │ │ │ ├── kube │ │ │ │ ├── resources.go │ │ │ │ └── statuses.go │ │ │ ├── project_flow.go │ │ │ └── steps.go │ │ ├── actrc │ │ │ └── properties.go │ │ ├── api │ │ │ ├── atlas │ │ │ │ └── atlas.go │ │ │ ├── aws │ │ │ │ └── aws_resources_generator.go │ │ │ ├── azure │ │ │ │ └── azure.go │ │ │ └── gcp │ │ │ │ └── gcp.go │ │ ├── appclient │ │ │ └── test_app_client.go │ │ ├── cli │ │ │ ├── cli.go │ │ │ ├── helm │ │ │ │ ├── dependency.go │ │ │ │ ├── helm.go │ │ │ │ └── prepare_value_file.go │ │ │ ├── kustomize │ │ │ │ └── kustomize.go │ │ │ ├── oc │ │ │ │ └── oc.go │ │ │ ├── opm │ │ │ │ └── opm.go │ │ │ └── podman │ │ │ │ └── podman.go │ │ ├── config │ │ │ ├── config.go │ │ │ └── kind.yaml │ │ ├── data │ │ │ ├── atlasdeployment_advanced_multi_region_helm.yaml │ │ │ ├── atlasdeployment_backup.yaml │ │ │ ├── atlasdeployment_backup_update.yaml │ │ │ ├── atlasdeployment_backup_update_remove_backup.yaml │ │ │ ├── atlasdeployment_basic_free.yaml │ │ │ ├── atlasdeployment_basic_update.yaml │ │ │ ├── atlasdeployment_basic_with_keep_resource_policy.yaml │ │ │ ├── atlasdeployment_flex.yaml │ │ │ ├── atlasdeployment_multiregion_aws.yaml │ │ │ ├── atlasdeployment_multiregion_aws_update.yaml │ │ │ ├── atlasdeployment_multiregion_azure.yaml │ │ │ ├── atlasdeployment_multiregion_azure_update.yaml │ │ │ ├── atlasdeployment_multiregion_gcp.yaml │ │ │ ├── atlasdeployment_multiregion_multicloud_gcp_aws.yaml │ │ │ ├── atlasdeployment_standard.yaml │ │ │ ├── atlasproject.yaml │ │ │ ├── deployments.go │ │ │ ├── project.go │ │ │ └── user.go │ │ ├── debug │ │ │ └── debug.go │ │ ├── fixtest │ │ │ └── remove_duplicates.go │ │ ├── k8s │ │ │ ├── k8s.go │ │ │ ├── operator.go │ │ │ └── pod_logs.go │ │ ├── model │ │ │ ├── atlas_key_type.go │ │ │ ├── catalogsource.go │ │ │ ├── dataprovider.go │ │ │ ├── dbuser.go │ │ │ ├── deployment.go │ │ │ ├── project.go │ │ │ ├── project_integration.go │ │ │ ├── team.go │ │ │ └── user_input.go │ │ ├── operator │ │ │ ├── dir.go │ │ │ └── operator.go │ │ └── utils │ │ │ └── utils.go │ ├── events │ │ └── events.go │ ├── maintenance │ │ └── maintenancewindow_matcher.go │ ├── resources │ │ └── customresources.go │ └── retry │ │ ├── retry.go │ │ └── retry_test.go └── int │ ├── atlas_streams_test.go │ ├── backup_protected_test.go │ ├── clusterwide │ ├── dbuser_test.go │ └── integration_suite_test.go │ ├── databaseuser_protected_test.go │ ├── databaseuser_unprotected_test.go │ ├── datafederation_protect_test.go │ ├── datafederation_test.go │ ├── deployment_independent_test.go │ ├── deployment_protected_test.go │ ├── deployment_test.go │ ├── deployment_unprotected_test.go │ ├── federated_auth_test.go │ ├── integration_suite_test.go │ ├── project_protect_test.go │ ├── project_test.go │ └── syncperiod_test.go ├── tools ├── clean │ ├── atlas │ │ ├── atlas.go │ │ ├── clusters.go │ │ ├── data_federation.go │ │ ├── data_federation_private_endpoints.go │ │ ├── encryption_at_rest.go │ │ ├── network_peering.go │ │ ├── private_endpoints.go │ │ ├── projects.go │ │ └── teams.go │ ├── go.mod │ ├── go.sum │ ├── main.go │ └── provider │ │ ├── aws.go │ │ ├── azure.go │ │ └── gcp.go ├── compute-test-labels │ ├── compute-test-labels │ ├── main.go │ └── main_test.go ├── makejwt │ ├── go.mod │ ├── go.sum │ ├── main.go │ └── main_test.go └── metrics │ ├── flakiness.go │ ├── flakiness_test.go │ ├── go.mod │ ├── go.sum │ ├── main.go │ ├── query.go │ ├── query_test.go │ ├── regressions.go │ ├── regressions_test.go │ ├── report.go │ ├── samples │ ├── testWorkflowJobs-runId-7279810816-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7279811174-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7286202616-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7286620009-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7286620520-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7286667430-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7287842010-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7288664648-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7290326565-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7290442004-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7290495820-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7290521288-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7290884379-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7291192245-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7291316921-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7292061192-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7292075192-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7292087340-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7292094432-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7297950294-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7297989693-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7298016013-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7298034823-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7298057239-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7298209304-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7298226578-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7298233489-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7298248151-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7298298750-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7300718625-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7301077094-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7301175270-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7301224532-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7301308875-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7301407555-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7301786643-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7302039521-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7302238254-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7327558470-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7356887498-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7383310170-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7395187489-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7395272890-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7396191797-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7397742838-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7398029909-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7398148729-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7398163094-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7398196026-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7398824388-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7398965975-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7399169165-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7399807521-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7401002609-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7401044442-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7406924811-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7407192654-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7420108965-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7426321469-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7446243830-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7447962840-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7458387454-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7458390571-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7458393045-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7459132971-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7459499441-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7459499515-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7473285939-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7474246776-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7474341649-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7474448049-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7476340708-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7477869406-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7478333573-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7478412525-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7478477052-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7490845852-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7491011759-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7505943795-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7531375942-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7533070029-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7538345786-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7538490196-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7539076343-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7539290135-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7539455043-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7539682120-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7539772598-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7540899285-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7540971894-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7544870366-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7552790677-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7559756133-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7582864206-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7624094771-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7626975440-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7627095973-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7653413997-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7669248537-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7695650651-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7695716105-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7708084260-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7708088124-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7708099079-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7708184800-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7708243393-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7708358048-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7708361439-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7708765798-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7725915700-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7727116703-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7754962815-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7756321622-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7759161695-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7781486743-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7784812845-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7784873358-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7785033268-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7786070931-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7796445827-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7796448065-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7796455188-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7796456352-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7796456485-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7796584886-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7796585153-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7803236719-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7811879033-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7815701483-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7817641353-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7819080352-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7827253513-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7827706094-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7832413860-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7832694419-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7884159548-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7884291816-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7884595284-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7884602478-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7884684484-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7885122187-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7888652617-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7904966648-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7905160036-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7905288311-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7905510072-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7905566915-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7905655466-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7905756316-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7905878905-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7905992418-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7906086584-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7906352733-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7918652361-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7918829253-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7919827354-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7920082234-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7920190122-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7921850522-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7929741784-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7929887222-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7929977346-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7932800825-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7933543771-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7970096367-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7970103075-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7970654169-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7970920212-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7975316826-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7975535104-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7975847635-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7976791386-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7976947029-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7977459314-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7986353892-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7990654993-filter-all-page-1.json │ ├── testWorkflowJobs-runId-7990994408-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8003739967-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8007560595-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8010202885-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8015850917-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8016480407-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8016553966-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8016615853-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8017627913-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8017684297-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8017906136-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8020978068-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8021238743-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8022150081-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8022313884-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8022368049-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8022507818-filter-all-page-1.json │ ├── testWorkflowJobs-runId-8022635064-filter-all-page-1.json │ ├── testWorkflowRuns-branch--event-pull_request-page-1.json │ ├── testWorkflowRuns-branch--event-pull_request-page-2.json │ ├── testWorkflowRuns-branch--event-pull_request-page-3.json │ ├── testWorkflowRuns-branch--event-pull_request-page-4.json │ ├── testWorkflowRuns-branch--event-pull_request-page-5.json │ └── testWorkflowRuns-branch-main-event-push-page-1.json │ └── types.go └── vuln-ignore /.actrc.local.sample: -------------------------------------------------------------------------------- 1 | # Push to Docker Registry 2 | -s DOCKER_USERNAME= 3 | -s DOCKER_PASSWORD= 4 | # Update this data with your cloud-qa custom data 5 | -s ATLAS_ORG_ID= 6 | -s ATLAS_PUBLIC_KEY= 7 | -s ATLAS_PRIVATE_KEY= 8 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | go.mod text eol=lf 2 | go.sum text eol=lf merge=union -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @mongodb/atlas_kubernetes_team 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/config.yml: -------------------------------------------------------------------------------- 1 | blank_issues_enabled: false 2 | contact_links: 3 | - name: MongoDB Feedback 4 | url: https://feedback.mongodb.com/forums/924355-ops-tools 5 | about: Use our Feedback page to make feature requests. 6 | - name: MongoDB Atlas Support 7 | url: https://support.mongodb.com/ 8 | about: Support is provided under MongoDB Atlas support plans. Please submit support questions within the Atlas UI. 9 | - name: MongoDB Atlas 10 | url: https://www.mongodb.com/cloud/atlas 11 | about: Learn more about MongoDB Atlas 12 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | # Summary 2 | 3 | 4 | 5 | ## Proof of Work 6 | 7 | 8 | 9 | ## Checklist 10 | - [ ] Have you linked a jira ticket and/or is the ticket in the title? 11 | - [ ] Have you checked whether your jira ticket required DOCSP changes? 12 | - [ ] Have you checked for release_note changes? 13 | - [ ] Have you signed our [CLA](https://www.mongodb.com/legal/contributor-agreement)? 14 | 15 | ## Reminder (Please remove this when merging) 16 | - Please try to Approve or Reject Changes the PR, keep PRs in review as short as possible 17 | - Remember the following Communication Standards - use comment prefixes for clarity: 18 | * **blocking**: Must be addressed before approval. 19 | * **follow-up**: Can be addressed in a later PR or ticket. 20 | * **q**: Clarifying question. 21 | * **nit**: Non-blocking suggestions. 22 | * **note**: Side-note, non-actionable. Example: Praise 23 | * --> no prefix is considered a question 24 | 25 | -------------------------------------------------------------------------------- /.github/actions/certify-openshift-images/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM registry.access.redhat.com/ubi8/ubi:latest 2 | 3 | RUN yum install -y \ 4 | bzip2 \ 5 | gzip \ 6 | tar \ 7 | iptables \ 8 | yum-utils \ 9 | jq 10 | 11 | RUN yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo && \ 12 | yum list docker-ce --showduplicates | sort -r && \ 13 | yum install -y \ 14 | docker-ce \ 15 | docker-ce-cli \ 16 | containerd.io 17 | 18 | RUN yum clean all 19 | 20 | RUN curl -LO https://github.com/redhat-openshift-ecosystem/openshift-preflight/releases/latest/download/preflight-linux-amd64 && \ 21 | chmod +x ./preflight-linux-amd64 && \ 22 | mv ./preflight-linux-amd64 /usr/local/bin/preflight 23 | 24 | COPY ./entrypoint.sh /home/entrypoint.sh 25 | RUN chmod +x /home/entrypoint.sh 26 | 27 | # Code file to execute when the docker container starts up (`entrypoint.sh`) 28 | ENTRYPOINT ["/home/entrypoint.sh"] 29 | -------------------------------------------------------------------------------- /.github/actions/certify-openshift-images/action.yaml: -------------------------------------------------------------------------------- 1 | name: 'certify-openshift-images' 2 | description: 'Push image to RedHat Connect for certification' 3 | inputs: 4 | registry: 5 | description: Name of the registry to certify from 6 | required: true 7 | default: "quay.io" 8 | repository: 9 | description: The name of repository of the image to be certified 10 | required: true 11 | version: 12 | description: The version of the image to be certified 13 | required: true 14 | registry_password: 15 | description: The password to access the quay.io registry 16 | required: true 17 | rhcc_token: 18 | description: The Redhat certification central API token 19 | required: true 20 | rhcc_project: 21 | description: The Redhat certification central project id 22 | required: true 23 | submit: 24 | description: Whether or not to submit the result of the preflight 25 | required: true 26 | default: false 27 | runs: 28 | using: 'docker' 29 | image: 'Dockerfile' 30 | env: 31 | REGISTRY: ${{ inputs.registry }} 32 | REPOSITORY: ${{ inputs.repository }} 33 | VERSION: ${{ inputs.version }} 34 | REGISTRY_PASSWORD: ${{ inputs.registry_password }} 35 | RHCC_TOKEN: ${{ inputs.rhcc_token }} 36 | RHCC_PROJECT: ${{ inputs.rhcc_project }} 37 | SUBMIT: ${{ inputs.submit }} -------------------------------------------------------------------------------- /.github/actions/certify-openshift-images/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -eou pipefail 18 | 19 | docker login -u mongodb+mongodb_atlas_kubernetes -p "${REGISTRY_PASSWORD}" "${REGISTRY}" 20 | 21 | submit_flag=--submit 22 | if [ "${SUBMIT}" == "false" ]; then 23 | submit_flag= 24 | fi 25 | 26 | echo "Check and Submit result to RedHat Connect" 27 | # Send results to RedHat if preflight finished wthout errors 28 | preflight check container "${REGISTRY}/${REPOSITORY}:${VERSION}" \ 29 | --pyxis-api-token="${RHCC_TOKEN}" \ 30 | --certification-project-id="${RHCC_PROJECT}" \ 31 | --docker-config="${HOME}/.docker/config.json" \ 32 | ${submit_flag} 33 | -------------------------------------------------------------------------------- /.github/actions/gen-install-scripts/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM golang:1.24 2 | 3 | ENV KUBECTL_VERSION 1.18.12 4 | ENV GO111MODULE on 5 | 6 | RUN go install github.com/mikefarah/yq/v4@latest 7 | 8 | # Install 9 | RUN curl -L https://storage.googleapis.com/kubernetes-release/release/v${KUBECTL_VERSION}/bin/linux/amd64/kubectl -o /usr/bin/kubectl && \ 10 | chmod +x /usr/bin/kubectl 11 | 12 | RUN cd /usr/local/bin &&\ 13 | curl -L https://raw.githubusercontent.com/kubernetes-sigs/kustomize/master/hack/install_kustomize.sh | bash 14 | 15 | RUN CONTROLLER_GEN_TMP_DIR=$(mktemp -d) && \ 16 | cd $CONTROLLER_GEN_TMP_DIR && \ 17 | go mod init tmp && \ 18 | go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.17.2 && \ 19 | rm -rf $CONTROLLER_GEN_TMP_DIR && \ 20 | CONTROLLER_GEN=${GOBIN}/controller-gen 21 | 22 | RUN curl -LO https://github.com/operator-framework/operator-sdk/releases/download/v1.34.1/operator-sdk_linux_amd64 && \ 23 | chmod +x operator-sdk_linux_amd64 && \ 24 | mv operator-sdk_linux_amd64 /usr/local/bin/operator-sdk 25 | 26 | # Copies your code file from your action repository to the filesystem path `/` of the container 27 | COPY entrypoint.sh /home/entrypoint.sh 28 | RUN chmod +x /home/entrypoint.sh 29 | # Code file to execute when the docker container starts up (`entrypoint.sh`) 30 | ENTRYPOINT ["/home/entrypoint.sh"] 31 | -------------------------------------------------------------------------------- /.github/actions/gen-install-scripts/action.yml: -------------------------------------------------------------------------------- 1 | name: 'create all-in-one files' 2 | description: 'Generate installation kustomized configs in one file `all-in-one`' 3 | inputs: 4 | IMAGE_URL: 5 | description: "Operator image" 6 | required: true 7 | VERSION: 8 | description: "Version of the Operator" 9 | required: true 10 | ENV: 11 | description: "Kustomize patch name (environment configuration patch)" 12 | required: true 13 | runs: 14 | using: 'docker' 15 | image: 'Dockerfile' 16 | -------------------------------------------------------------------------------- /.github/actions/set-tag/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine/git:latest 2 | 3 | # Copies your code file from your action repository to the filesystem path `/` of the container 4 | COPY entrypoint.sh /home/entrypoint.sh 5 | RUN chmod +x /home/entrypoint.sh 6 | # Code file to execute when the docker container starts up (`entrypoint.sh`) 7 | ENTRYPOINT ["/home/entrypoint.sh"] 8 | -------------------------------------------------------------------------------- /.github/actions/set-tag/action.yml: -------------------------------------------------------------------------------- 1 | name: 'Setup tag for docker image' 2 | description: 'Setup tag for docker image: branch name with commit ID' 3 | outputs: 4 | tag: 5 | description: 'tag for the image' 6 | runs: 7 | using: 'docker' 8 | image: 'Dockerfile' 9 | -------------------------------------------------------------------------------- /.github/actions/set-tag/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | #set -eou pipefail 18 | 19 | git config --global --add safe.directory /github/workspace 20 | 21 | # Setup tag name 22 | commit_id=$(git rev-parse --short HEAD) 23 | branch_name=${GITHUB_HEAD_REF-} 24 | if [ -z "${branch_name}" ]; then 25 | branch_name=$(echo "$GITHUB_REF" | awk -F'/' '{print $3}') 26 | fi 27 | branch_name=$(echo "${branch_name}" | awk '{print substr($0, 1, 15)}' | sed 's/\//-/g; s/\./-/g') 28 | tag="${branch_name}-${commit_id}" 29 | echo "tag=$tag" >> "$GITHUB_OUTPUT" 30 | -------------------------------------------------------------------------------- /.github/codecov.yml: -------------------------------------------------------------------------------- 1 | comment: false 2 | 3 | github_checks: 4 | annotations: false 5 | 6 | coverage: 7 | status: 8 | project: 9 | default: false 10 | operator: 11 | paths: 12 | - "!tests/" 13 | - "!tools/" 14 | tests: 15 | paths: "test/" 16 | tools: 17 | paths: "tools/" 18 | 19 | component_management: 20 | default_rules: # default rules that will be inherited by all components 21 | statuses: 22 | - type: project 23 | target: auto 24 | informational: true 25 | individual_components: 26 | - component_id: operator 27 | name: operator 28 | paths: 29 | - "!tests/" 30 | - "!tools/" 31 | - component_id: test-helpers 32 | name: test-helpers 33 | paths: 34 | - test/** 35 | - component_id: tools 36 | name: tools 37 | paths: 38 | - tools/** 39 | statuses: 40 | - type: project 41 | target: auto 42 | threshold: 5 43 | informational: true 44 | - type: patch -------------------------------------------------------------------------------- /.github/dependabot.yml: -------------------------------------------------------------------------------- 1 | version: 2 2 | updates: 3 | - package-ecosystem: gomod 4 | directory: "/" 5 | schedule: 6 | interval: weekly 7 | day: tuesday 8 | reviewers: 9 | - "igor-karpukhin" 10 | - "helderjs" 11 | - "josvazg" 12 | - "roothorp" 13 | - "s-urbaniak" 14 | - package-ecosystem: github-actions 15 | directory: "/" 16 | schedule: 17 | interval: weekly 18 | day: tuesday 19 | reviewers: 20 | - "igor-karpukhin" 21 | - "helderjs" 22 | - "josvazg" 23 | - "roothorp" 24 | - "s-urbaniak" 25 | - package-ecosystem: gomod 26 | directory: "/tools/clean" 27 | schedule: 28 | interval: weekly 29 | day: tuesday 30 | reviewers: 31 | - "igor-karpukhin" 32 | - "helderjs" 33 | - "josvazg" 34 | - "roothorp" 35 | - "s-urbaniak" 36 | - package-ecosystem: gomod 37 | directory: "/tools/makejwt" 38 | schedule: 39 | interval: weekly 40 | day: tuesday 41 | reviewers: 42 | - "igor-karpukhin" 43 | - "helderjs" 44 | - "josvazg" 45 | - "roothorp" 46 | - "s-urbaniak" 47 | - package-ecosystem: gomod 48 | directory: "/tools/metrics" 49 | schedule: 50 | interval: weekly 51 | day: tuesday 52 | reviewers: 53 | - "igor-karpukhin" 54 | - "helderjs" 55 | - "josvazg" 56 | - "roothorp" 57 | - "s-urbaniak" 58 | -------------------------------------------------------------------------------- /.github/workflows/build-test-app.yml: -------------------------------------------------------------------------------- 1 | name: Build test application and push it to repository 2 | 3 | on: 4 | push: 5 | paths: 6 | - 'test/app/**' 7 | - '!test/app/helm/**' 8 | branches: 9 | - main 10 | workflow_dispatch: 11 | 12 | jobs: 13 | build-test-app: 14 | name: Build test app and push it 15 | runs-on: ubuntu-latest 16 | env: 17 | REGISTRY: quay.io 18 | REPOSITORY: mongodb/mongodb-atlas-kubernetes-operator-test-app 19 | 20 | steps: 21 | - name: Check out code 22 | uses: actions/checkout@v4 23 | 24 | - name: Login to Quay registry 25 | uses: docker/login-action@v3 26 | with: 27 | registry: ${{ env.REGISTRY }} 28 | username: mongodb+mongodb_atlas_kubernetes 29 | password: ${{ secrets.QUAY_PASSWORD }} 30 | - name: Prepare docker image tag 31 | id: prepare-docker-image-tag 32 | run: | 33 | TAGS="${{ env.REGISTRY }}/${{ env.REPOSITORY }}:latest" 34 | echo "tags=$TAGS" >> $GITHUB_OUTPUT 35 | - name: Push Image to repo 36 | uses: docker/build-push-action@v6 37 | with: 38 | context: test/app 39 | push: true 40 | tags: ${{ steps.prepare-docker-image-tag.outputs.tags }} 41 | -------------------------------------------------------------------------------- /.github/workflows/check-licenses.yml: -------------------------------------------------------------------------------- 1 | name: Check Licenses 2 | 3 | on: 4 | workflow_call: 5 | 6 | jobs: 7 | check-licenses: 8 | name: Check Licenses 9 | runs-on: ubuntu-latest 10 | steps: 11 | - uses: actions/checkout@v4 12 | with: 13 | ref: ${{github.event.pull_request.head.sha}} 14 | - name: Install devbox 15 | uses: jetify-com/devbox-install-action@v0.13.0 16 | with: 17 | enable-cache: 'true' 18 | - name: Run testing 19 | run: devbox run -- 'make check-licenses' 20 | -------------------------------------------------------------------------------- /.github/workflows/cleanup-all.yml: -------------------------------------------------------------------------------- 1 | name: Clean All Atlas organizations 2 | 3 | on: 4 | workflow_dispatch: 5 | inputs: 6 | lifetime: 7 | description: "Lifetime of project in hours" 8 | type: number 9 | default: 1 10 | required: true 11 | 12 | jobs: 13 | clean-tests: 14 | uses: ./.github/workflows/cleanup-test.yml 15 | with: 16 | lifetime: 1 17 | 18 | clean-gov-tests: 19 | uses: ./.github/workflows/cleanup-gov-test.yml 20 | with: 21 | lifetime: 1 22 | -------------------------------------------------------------------------------- /.github/workflows/cloud-tests.yml: -------------------------------------------------------------------------------- 1 | name: CloudTests 2 | 3 | on: 4 | workflow_call: 5 | 6 | concurrency: 7 | group: cloud-tests-${{ github.ref == 'refs/heads/main' && 'main' || github.actor || github.triggering_actor }} 8 | cancel-in-progress: true 9 | 10 | jobs: 11 | allowed: 12 | name: Allowed 13 | runs-on: ubuntu-latest 14 | if: | 15 | github.event_name == 'workflow_dispatch' || 16 | github.event_name == 'merge_group' || 17 | github.ref == 'refs/heads/main' || 18 | (github.event.pull_request.head.repo.full_name == github.repository && github.actor != 'dependabot[bot]') || 19 | contains(github.event.pull_request.labels.*.name, 'safe-to-test') 20 | steps: 21 | - name: allowed message 22 | run: echo "Allowed to run" 23 | 24 | int-tests: 25 | needs: allowed 26 | uses: ./.github/workflows/test-int.yml 27 | secrets: inherit 28 | 29 | e2e-tests: 30 | needs: allowed 31 | uses: ./.github/workflows/test-e2e.yml 32 | secrets: inherit 33 | 34 | test-e2e-gov: 35 | needs: 36 | - allowed 37 | uses: ./.github/workflows/test-e2e-gov.yml 38 | secrets: inherit 39 | 40 | openshift-upgrade-test: 41 | needs: allowed 42 | uses: ./.github/workflows/openshift-upgrade-test.yaml 43 | secrets: inherit 44 | -------------------------------------------------------------------------------- /.github/workflows/license-header-check.yml: -------------------------------------------------------------------------------- 1 | name: License Header Check 2 | 3 | on: 4 | workflow_call: 5 | 6 | jobs: 7 | license-check: 8 | runs-on: ubuntu-latest 9 | steps: 10 | - name: Checkout code 11 | uses: actions/checkout@v4 12 | - name: Set up Go 13 | uses: actions/setup-go@v5 14 | with: 15 | go-version-file: "${{ github.workspace }}/go.mod" 16 | - name: Install addlicense 17 | run: go install github.com/google/addlicense@latest 18 | - name: Check license headers 19 | run: | 20 | $(go env GOPATH)/bin/addlicense \ 21 | -check \ 22 | -l apache \ 23 | -c "MongoDB Inc" \ 24 | -ignore "**/*.md" \ 25 | -ignore "**/*.yaml" \ 26 | -ignore "**/*.yml" \ 27 | -ignore "**/*Dockerfile" . 28 | -------------------------------------------------------------------------------- /.github/workflows/lint.yaml: -------------------------------------------------------------------------------- 1 | # Check for every push 2 | name: Lint 3 | 4 | on: 5 | workflow_call: 6 | 7 | jobs: 8 | lint: 9 | name: lint 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v4 13 | with: 14 | ref: ${{github.event.pull_request.head.sha}} 15 | - name: Install devbox 16 | uses: jetify-com/devbox-install-action@v0.13.0 17 | with: 18 | enable-cache: 'true' 19 | - name: Run lint 20 | run: devbox run -- 'make lint' 21 | - name: Run ShellCheck 22 | uses: bewuethr/shellcheck-action@v2 23 | env: 24 | SHELLCHECK_OPTS: -e SC2148 -e SC2086 -e SC2148 25 | - name: Run govulncheck 26 | run: devbox run -- 'make vulncheck' 27 | -------------------------------------------------------------------------------- /.github/workflows/remove-label.yml: -------------------------------------------------------------------------------- 1 | name: Remove Labels 2 | 3 | on: [ pull_request, pull_request_target ] 4 | 5 | jobs: 6 | remove-safe-to-test-label: 7 | runs-on: ubuntu-latest 8 | name: Remove Label 9 | steps: 10 | - name: Remove safe-to-test Label 11 | uses: actions-ecosystem/action-remove-labels@v1 12 | with: 13 | labels: safe-to-test 14 | -------------------------------------------------------------------------------- /.github/workflows/reports.yml: -------------------------------------------------------------------------------- 1 | name: CI Reports 2 | 3 | on: 4 | schedule: 5 | - cron: "0 7 * * 1" # At 7:00 on Monday 6 | workflow_dispatch: 7 | 8 | jobs: 9 | check-licenses: 10 | name: CI Reports 11 | runs-on: ubuntu-latest 12 | environment: release 13 | env: 14 | GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} 15 | SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} 16 | steps: 17 | - uses: actions/checkout@v4 18 | 19 | - name: Install devbox 20 | uses: jetify-com/devbox-install-action@v0.13.0 21 | with: 22 | enable-cache: 'true' 23 | 24 | - name: Send Regressions Report 25 | run: devbox run -- 'make slack-report REPORT_TYPE=regressions' 26 | 27 | - name: Send Flakiness Report 28 | run: devbox run -- 'make slack-report REPORT_TYPE=flakiness' 29 | -------------------------------------------------------------------------------- /.github/workflows/test-unit.yml: -------------------------------------------------------------------------------- 1 | name: Unit Tests 2 | 3 | on: 4 | workflow_call: 5 | 6 | jobs: 7 | unit-test: 8 | name: Unit tests 9 | runs-on: ubuntu-latest 10 | steps: 11 | - uses: actions/checkout@v4 12 | with: 13 | ref: ${{github.event.pull_request.head.sha}} 14 | submodules: 'true' 15 | 16 | - name: Install devbox 17 | uses: jetify-com/devbox-install-action@v0.13.0 18 | with: 19 | enable-cache: 'true' 20 | 21 | - name: Run testing 22 | run: devbox run -- 'go test -race -v ./... -coverprofile=coverage.out' 23 | 24 | - name: Test tools 25 | run: devbox run -- 'make test-tools' 26 | 27 | - name: Upload coverage to Codecov 28 | uses: codecov/codecov-action@v5 29 | with: 30 | name: unit-tests 31 | flags: unit 32 | token: ${{ secrets.CODECOV_TOKEN }} 33 | files: coverage.out 34 | verbose: true 35 | -------------------------------------------------------------------------------- /.github/workflows/validate-manifests.yml: -------------------------------------------------------------------------------- 1 | name: Validate Manifests 2 | 3 | on: 4 | workflow_call: 5 | 6 | jobs: 7 | validate-manifests: 8 | name: Validate Manifests 9 | runs-on: ubuntu-latest 10 | steps: 11 | - uses: actions/checkout@v4 12 | with: 13 | ref: ${{github.event.pull_request.head.sha}} 14 | - name: Install devbox 15 | uses: jetify-com/devbox-install-action@v0.13.0 16 | with: 17 | enable-cache: 'true' 18 | - name: Run testing 19 | run: devbox run -- 'make validate-manifests' 20 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Binaries for programs and plugins 2 | *.exe 3 | *.exe~ 4 | *.dll 5 | *.so 6 | *.dylib 7 | bin 8 | 9 | # Test binary, build with `go test -c` 10 | *.test 11 | 12 | # Output of the go coverage tool, specifically when used with LiteIDE 13 | *.out 14 | 15 | # Kubernetes Generated files - skip generated files, except for vendored files 16 | 17 | !vendor/**/zz_generated.* 18 | 19 | # editor and IDE paraphernalia 20 | .idea 21 | *.swp 22 | *.swo 23 | *~ 24 | .vscode/ 25 | 26 | # act tool 27 | .actrc 28 | .env 29 | event_*.json 30 | 31 | # any custom files created by developers and not intended for public use should start with "my-" 32 | my-* 33 | tags 34 | testbin/ 35 | 36 | # don't include generated files from e2e tests 37 | test/e2e/data/ 38 | test/e2e/output/ 39 | 40 | node_modules 41 | tmp/ 42 | 43 | # ready to work samples 44 | deploy/ 45 | 46 | # ignore tool binaries 47 | tools/clean/clean 48 | tools/makejwt/makejwt 49 | tools/metrics/metrics 50 | 51 | # ignore the ako.siging key local copy 52 | ako.pem 53 | 54 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mongodb/mongodb-atlas-kubernetes/b7b271983af582f896924de7a7af5186e61f64c5/.gitmodules -------------------------------------------------------------------------------- /.licenses-gomod.sha256: -------------------------------------------------------------------------------- 1 | 100644 3893c3f0d83f885500876db2c0f9fa995613c25a go.mod 2 | -------------------------------------------------------------------------------- /.mockery.yaml: -------------------------------------------------------------------------------- 1 | with-expecter: true 2 | disable-version-string: true 3 | dir: internal/mocks/translation 4 | outpkg: translation 5 | filename: "{{ .InterfaceName | snakecase }}.go" 6 | mockname: "{{.InterfaceName}}Mock" 7 | all: true 8 | packages: 9 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/ipaccesslist: 10 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/project: 11 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/dbuser: 12 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/deployment: 13 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/customroles: 14 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/datafederation: 15 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/teams: 16 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/privateendpoint: 17 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/maintenancewindow: 18 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/encryptionatrest: 19 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/networkcontainer: 20 | github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/networkpeering: 21 | -------------------------------------------------------------------------------- /.pre-commit-config.yaml: -------------------------------------------------------------------------------- 1 | # checkout other hooks in https://pre-commit.com/hooks.html 2 | repos: 3 | - repo: https://github.com/golangci/golangci-lint 4 | rev: v1.46.2 5 | hooks: 6 | - id: golangci-lint 7 | - repo: https://github.com/shellcheck-py/shellcheck-py 8 | rev: v0.7.1.1 9 | hooks: 10 | - id: shellcheck 11 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Code of Conduct 2 | 3 | This project has adopted the [MongoDB Code of Conduct](https://www.mongodb.com/community-code-of-conduct). 4 | If you see any violations of the above or have any other concerns or questions please contact us 5 | using the following email alias: community-conduct@mongodb.com. 6 | -------------------------------------------------------------------------------- /Dockerfile.post-install: -------------------------------------------------------------------------------- 1 | # Build the manager binary 2 | FROM golang:1.23 as builder 3 | 4 | ENV CGO_ENABLED=0 5 | ENV GOOS=linux 6 | ENV GOARCH=amd64 7 | 8 | WORKDIR /workspace 9 | # Copy the Go Modules manifests 10 | COPY go.mod go.mod 11 | COPY go.sum go.sum 12 | # cache deps before building and copying source so that we don't need to re-download as much 13 | # and so that source changes don't invalidate our downloaded layer 14 | RUN go mod download 15 | 16 | # Copy the go source 17 | COPY cmd/post-install/main.go cmd/post-install/main.go 18 | COPY pkg/ pkg/ 19 | COPY Makefile Makefile 20 | COPY hack/licenses licenses 21 | 22 | RUN make post-install-hook 23 | 24 | FROM busybox 25 | 26 | LABEL name="MongoDB Atlas Operator Post Install Hook" \ 27 | maintainer="support@mongodb.com" \ 28 | vendor="MongoDB" \ 29 | release="1" \ 30 | summary="MongoDB Atlas Operator Post Install Hook Image" 31 | 32 | WORKDIR / 33 | COPY --from=builder /workspace/bin/helm-post-install . 34 | COPY hack/licenses licenses 35 | 36 | ENTRYPOINT ["/helm-post-install"] 37 | -------------------------------------------------------------------------------- /SECURITY.md: -------------------------------------------------------------------------------- 1 | # Security Policy 2 | 3 | ## Reporting a Vulnerability 4 | 5 | Any security concerns or vulnerabilities discovered in one of MongoDB’s products or hosted services 6 | can be responsibly disclosed by utilizing one of the methods described in our [create a vulnerability report](https://docs.mongodb.com/manual/tutorial/create-a-vulnerability-report/) docs page. 7 | 8 | While we greatly appreciate community reports regarding security issues, at this time MongoDB does not provide compensation for vulnerability reports. 9 | -------------------------------------------------------------------------------- /actions.txt: -------------------------------------------------------------------------------- 1 | actions-ecosystem/action-remove-labels 2 | actions/cache 3 | actions/checkout 4 | actions/create-release 5 | actions/setup-go 6 | actions/stale 7 | actions/upload-artifact 8 | actions/upload-release-asset 9 | bewuethr/shellcheck-action 10 | codecov/codecov-action 11 | docker/build-push-action 12 | docker/login-action 13 | docker/setup-buildx-action 14 | dorny/paths-filter 15 | golangci/golangci-lint-action 16 | helm/kind-action 17 | peter-evans/create-or-update-comment 18 | peter-evans/find-comment 19 | -------------------------------------------------------------------------------- /api/credentials.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package api 16 | 17 | import "sigs.k8s.io/controller-runtime/pkg/client" 18 | 19 | type LocalRef string 20 | 21 | // +k8s:deepcopy-gen=false 22 | 23 | // CredentialsProvider gives access to custom local credentials 24 | type CredentialsProvider interface { 25 | Credentials() *LocalObjectReference 26 | } 27 | 28 | // +k8s:deepcopy-gen=false 29 | 30 | // ObjectWithCredentials is a Kubernetes Object interface with credentials 31 | type ObjectWithCredentials interface { 32 | client.Object 33 | CredentialsProvider 34 | } 35 | -------------------------------------------------------------------------------- /api/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package api 16 | 17 | // +k8s:deepcopy-gen=package 18 | -------------------------------------------------------------------------------- /api/localref.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package api 16 | 17 | // LocalObjectReference is a reference to an object in the same namespace as the referent 18 | type LocalObjectReference struct { 19 | // Name of the resource being referred to 20 | // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names 21 | Name string `json:"name"` 22 | } 23 | -------------------------------------------------------------------------------- /api/option.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package api 16 | 17 | // +k8s:deepcopy-gen=false 18 | 19 | // Option is the function that is applied to the status field of an Atlas Custom Resource. 20 | // This is the way to handle some random data that need to be written to status. 21 | type Option interface{} 22 | -------------------------------------------------------------------------------- /api/v1/auditing.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package v1 16 | 17 | // Auditing represents MongoDB Maintenance Windows 18 | type Auditing struct { 19 | // Indicates whether the auditing system captures successful authentication attempts for audit filters using the "atype" : "authCheck" auditing event. For more information, see auditAuthorizationSuccess 20 | // +optional 21 | AuditAuthorizationSuccess bool `json:"auditAuthorizationSuccess,omitempty"` 22 | // JSON-formatted audit filter used by the project 23 | // +optional 24 | AuditFilter string `json:"auditFilter,omitempty"` 25 | // Denotes whether or not the project associated with the {GROUP-ID} has database auditing enabled. 26 | // +optional 27 | Enabled bool `json:"enabled,omitempty"` 28 | } 29 | -------------------------------------------------------------------------------- /api/v1/externalreference.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package v1 16 | 17 | type ExternalProjectReference struct { 18 | // ID is the Atlas project ID 19 | // +kubebuilder:validation:Required 20 | ID string `json:"id"` 21 | } 22 | -------------------------------------------------------------------------------- /api/v1/groupversion_info.go: -------------------------------------------------------------------------------- 1 | // Copyright 2020 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | // Package v1 contains API Schema definitions for the mongodb.com v1 API group 16 | // +kubebuilder:object:generate=true 17 | // +groupName=mongodb.com 18 | package v1 19 | 20 | import ( 21 | "k8s.io/apimachinery/pkg/runtime/schema" 22 | "sigs.k8s.io/controller-runtime/pkg/scheme" 23 | ) 24 | 25 | var ( 26 | // GroupVersion is group version used to register these objects 27 | GroupVersion = schema.GroupVersion{Group: "atlas.mongodb.com", Version: "v1"} 28 | 29 | // SchemeBuilder is used to add go types to the GroupVersionKind scheme 30 | SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} 31 | 32 | // AddToScheme adds the types in this group-version to the given scheme. 33 | AddToScheme = SchemeBuilder.AddToScheme 34 | ) 35 | -------------------------------------------------------------------------------- /api/v1/provider/provider.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package provider 16 | 17 | const ( 18 | ProviderAWS ProviderName = "AWS" 19 | ProviderGCP ProviderName = "GCP" 20 | ProviderAzure ProviderName = "AZURE" 21 | ProviderTenant ProviderName = "TENANT" 22 | ProviderServerless ProviderName = "SERVERLESS" 23 | ) 24 | 25 | type ProviderName string 26 | type CloudProviders map[ProviderName]struct{} 27 | 28 | func (cp *CloudProviders) IsSupported(name ProviderName) bool { 29 | _, ok := (*cp)[name] 30 | 31 | return ok 32 | } 33 | 34 | func SupportedProviders() CloudProviders { 35 | return CloudProviders{ 36 | ProviderAWS: {}, 37 | ProviderGCP: {}, 38 | ProviderAzure: {}, 39 | } 40 | } 41 | -------------------------------------------------------------------------------- /api/v1/status/atlasfederatedauth.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package status 16 | 17 | import ( 18 | "github.com/mongodb/mongodb-atlas-kubernetes/v2/api" 19 | ) 20 | 21 | type AtlasFederatedAuthStatus struct { 22 | api.Common `json:",inline"` 23 | } 24 | 25 | // +k8s:deepcopy-gen=false 26 | 27 | type AtlasFederatedAuthStatusOption func(s *AtlasFederatedAuthStatus) 28 | -------------------------------------------------------------------------------- /api/v1/status/atlasnetworkcontainer.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package status 16 | 17 | import "github.com/mongodb/mongodb-atlas-kubernetes/v2/api" 18 | 19 | // AtlasNetworkContainerStatus is a status for the AtlasNetworkContainer Custom resource. 20 | // Not the one included in the AtlasProject 21 | type AtlasNetworkContainerStatus struct { 22 | api.Common `json:",inline"` 23 | 24 | // ID record the identifier of the container in Atlas 25 | ID string `json:"id,omitempty"` 26 | 27 | // Provisioned is true when clusters have been deployed to the container before 28 | // the last reconciliation 29 | Provisioned bool `json:"provisioned,omitempty"` 30 | } 31 | 32 | // +kubebuilder:object:generate=false 33 | 34 | type AtlasNetworkContainerStatusOption func(s *AtlasNetworkContainerStatus) 35 | -------------------------------------------------------------------------------- /api/v1/status/atlasstreamconnection.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package status 16 | 17 | import ( 18 | "github.com/mongodb/mongodb-atlas-kubernetes/v2/api" 19 | "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1/common" 20 | ) 21 | 22 | type AtlasStreamConnectionStatus struct { 23 | api.Common `json:",inline"` 24 | // List of instances using the connection configuration 25 | Instances []common.ResourceRefNamespaced `json:"instances,omitempty"` 26 | } 27 | 28 | // +kubebuilder:object:generate=false 29 | 30 | type AtlasStreamConnectionStatusOption func(s *AtlasStreamConnectionStatus) 31 | -------------------------------------------------------------------------------- /api/v1/status/backupcompliancepolicy.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package status 16 | 17 | import ( 18 | "github.com/mongodb/mongodb-atlas-kubernetes/v2/api" 19 | ) 20 | 21 | // +kubebuilder:object:generate=false 22 | 23 | type AtlasBackupCompliancePolicyStatusOption func(s *BackupCompliancePolicyStatus) 24 | 25 | type BackupCompliancePolicyStatus struct { 26 | api.Common `json:",inline"` 27 | } 28 | -------------------------------------------------------------------------------- /api/v1/status/datafederation.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package status 16 | 17 | import ( 18 | "github.com/mongodb/mongodb-atlas-kubernetes/v2/api" 19 | ) 20 | 21 | type DataFederationStatus struct { 22 | api.Common `json:",inline"` 23 | 24 | // MongoDBVersion is the version of MongoDB the cluster runs, in . format. 25 | MongoDBVersion string `json:"mongoDBVersion,omitempty"` 26 | } 27 | 28 | // +k8s:deepcopy-gen=false 29 | 30 | type DataFederationStatusOption func(s *DataFederationStatus) 31 | -------------------------------------------------------------------------------- /api/v1/status/doc.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package status 16 | 17 | // +k8s:deepcopy-gen=package 18 | -------------------------------------------------------------------------------- /api/v1/status/project_team.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package status 16 | 17 | import ( 18 | "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1/common" 19 | ) 20 | 21 | type ProjectTeamStatus struct { 22 | ID string `json:"id,omitempty"` 23 | TeamRef common.ResourceRefNamespaced `json:"teamRef"` 24 | } 25 | -------------------------------------------------------------------------------- /api/v1/status/prometheus.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package status 16 | 17 | type Prometheus struct { 18 | // +optional 19 | Scheme string `json:"scheme,omitempty"` 20 | // +optional 21 | DiscoveryURL string `json:"prometheusDiscoveryURL,omitempty"` 22 | } 23 | -------------------------------------------------------------------------------- /api/v1/status/searchindex.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package status 16 | 17 | import ( 18 | "github.com/mongodb/mongodb-atlas-kubernetes/v2/api" 19 | ) 20 | 21 | type AtlasSearchIndexConfigStatus struct { 22 | api.Common `json:",inline"` 23 | } 24 | 25 | // +kubebuilder:object:generate=false 26 | 27 | type AtlasSearchIndexConfigStatusOption func(s *AtlasSearchIndexConfigStatus) 28 | -------------------------------------------------------------------------------- /bundle.Dockerfile: -------------------------------------------------------------------------------- 1 | FROM scratch 2 | 3 | LABEL com.redhat.openshift.versions="v4.8-v4.18" 4 | LABEL com.redhat.delivery.backport=true 5 | LABEL com.redhat.delivery.operator.bundle=true 6 | 7 | # Core bundle labels. 8 | LABEL operators.operatorframework.io.bundle.mediatype.v1=registry+v1 9 | LABEL operators.operatorframework.io.bundle.manifests.v1=manifests/ 10 | LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ 11 | LABEL operators.operatorframework.io.bundle.package.v1=mongodb-atlas-kubernetes 12 | LABEL operators.operatorframework.io.bundle.channels.v1=stable 13 | LABEL operators.operatorframework.io.bundle.channel.default.v1=stable 14 | LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.34.1 15 | LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 16 | LABEL operators.operatorframework.io.metrics.project_layout=go.kubebuilder.io/v4 17 | 18 | # Labels for testing. 19 | LABEL operators.operatorframework.io.test.mediatype.v1=scorecard+v1 20 | LABEL operators.operatorframework.io.test.config.v1=tests/scorecard/ 21 | 22 | # Copy files to locations specified by labels. 23 | COPY bundle/manifests /manifests/ 24 | COPY bundle/metadata /metadata/ 25 | COPY bundle/tests/scorecard /tests/scorecard/ 26 | -------------------------------------------------------------------------------- /bundle/manifests/mongodb-atlas-controller-manager-metrics-service_v1_service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | creationTimestamp: null 5 | labels: 6 | app.kubernetes.io/component: controller 7 | app.kubernetes.io/instance: mongodb-atlas-kubernetes-operator 8 | app.kubernetes.io/name: mongodb-atlas-kubernetes-operator 9 | name: mongodb-atlas-controller-manager-metrics-service 10 | spec: 11 | ports: 12 | - name: https 13 | port: 8443 14 | targetPort: https 15 | selector: 16 | app.kubernetes.io/component: controller 17 | app.kubernetes.io/instance: mongodb-atlas-kubernetes-operator 18 | app.kubernetes.io/name: mongodb-atlas-kubernetes-operator 19 | status: 20 | loadBalancer: {} 21 | -------------------------------------------------------------------------------- /bundle/manifests/mongodb-atlas-metrics-reader_rbac.authorization.k8s.io_v1_clusterrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRole 3 | metadata: 4 | creationTimestamp: null 5 | name: mongodb-atlas-metrics-reader 6 | rules: 7 | - nonResourceURLs: 8 | - /metrics 9 | verbs: 10 | - get 11 | -------------------------------------------------------------------------------- /bundle/metadata/annotations.yaml: -------------------------------------------------------------------------------- 1 | annotations: 2 | # Core bundle annotations. 3 | operators.operatorframework.io.bundle.mediatype.v1: registry+v1 4 | operators.operatorframework.io.bundle.manifests.v1: manifests/ 5 | operators.operatorframework.io.bundle.metadata.v1: metadata/ 6 | operators.operatorframework.io.bundle.package.v1: mongodb-atlas-kubernetes 7 | operators.operatorframework.io.bundle.channels.v1: stable 8 | operators.operatorframework.io.bundle.channel.default.v1: stable 9 | operators.operatorframework.io.metrics.builder: operator-sdk-v1.34.1 10 | operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 11 | operators.operatorframework.io.metrics.project_layout: go.kubebuilder.io/v4 12 | 13 | # Annotations for testing. 14 | operators.operatorframework.io.test.mediatype.v1: scorecard+v1 15 | operators.operatorframework.io.test.config.v1: tests/scorecard/ 16 | -------------------------------------------------------------------------------- /config/crd/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # This kustomization.yaml is not intended to be run by itself, 2 | # since it depends on service name and namespace that are out of this kustomize package. 3 | # It should be run by config/default 4 | resources: 5 | - bases/atlas.mongodb.com_atlasdeployments.yaml 6 | - bases/atlas.mongodb.com_atlasprojects.yaml 7 | - bases/atlas.mongodb.com_atlasdatabaseusers.yaml 8 | - bases/atlas.mongodb.com_atlasdatafederations.yaml 9 | - bases/atlas.mongodb.com_atlasbackuppolicies.yaml 10 | - bases/atlas.mongodb.com_atlasbackupschedules.yaml 11 | - bases/atlas.mongodb.com_atlasteams.yaml 12 | - bases/atlas.mongodb.com_atlasfederatedauths.yaml 13 | - bases/atlas.mongodb.com_atlasstreaminstances.yaml 14 | - bases/atlas.mongodb.com_atlasstreamconnections.yaml 15 | - bases/atlas.mongodb.com_atlassearchindexconfigs.yaml 16 | - bases/atlas.mongodb.com_atlasbackupcompliancepolicies.yaml 17 | - bases/atlas.mongodb.com_atlasprivateendpoints.yaml 18 | - bases/atlas.mongodb.com_atlascustomroles.yaml 19 | - bases/atlas.mongodb.com_atlasipaccesslists.yaml 20 | - bases/atlas.mongodb.com_atlasnetworkcontainers.yaml 21 | - bases/atlas.mongodb.com_atlasnetworkpeerings.yaml 22 | configurations: 23 | - kustomizeconfig.yaml 24 | -------------------------------------------------------------------------------- /config/crd/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # This file is for teaching kustomize how to substitute name and namespace reference in CRD 2 | nameReference: 3 | - kind: Service 4 | version: v1 5 | fieldSpecs: 6 | - kind: CustomResourceDefinition 7 | group: apiextensions.k8s.io 8 | path: spec/conversion/webhookClientConfig/service/name 9 | 10 | namespace: 11 | - kind: CustomResourceDefinition 12 | group: apiextensions.k8s.io 13 | path: spec/conversion/webhookClientConfig/service/namespace 14 | create: false 15 | 16 | varReference: 17 | - path: metadata/annotations 18 | -------------------------------------------------------------------------------- /config/default/kustomization.yaml: -------------------------------------------------------------------------------- 1 | # 'default' folder is always used by operator-sdk to generate CSV bundles - so we just point to 2 | # the prod configurations 3 | resources: 4 | - ../release/prod/allinone 5 | -------------------------------------------------------------------------------- /config/manager/controller_manager_config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 2 | kind: ControllerManagerConfig 3 | health: 4 | healthProbeBindAddress: :8081 5 | metrics: 6 | bindAddress: 127.0.0.1:8080 7 | webhook: 8 | port: 9443 9 | leaderElection: 10 | leaderElect: true 11 | resourceName: 06d035fb.mongodb.com 12 | -------------------------------------------------------------------------------- /config/manager/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manager.yaml 3 | 4 | generatorOptions: 5 | disableNameSuffixHash: true 6 | apiVersion: kustomize.config.k8s.io/v1beta1 7 | kind: Kustomization 8 | images: 9 | - name: controller 10 | newName: mongodb/mongodb-atlas-kubernetes-operator 11 | newTag: 2.8.2 12 | -------------------------------------------------------------------------------- /config/manifests/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../default 3 | - ../samples 4 | - ../scorecard 5 | -------------------------------------------------------------------------------- /config/prometheus/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - monitor.yaml 3 | -------------------------------------------------------------------------------- /config/prometheus/monitor.yaml: -------------------------------------------------------------------------------- 1 | 2 | # Prometheus Monitor Service (Metrics) 3 | apiVersion: monitoring.coreos.com/v1 4 | kind: ServiceMonitor 5 | metadata: 6 | labels: 7 | control-plane: controller-manager 8 | name: controller-manager-metrics-monitor 9 | namespace: system 10 | spec: 11 | endpoints: 12 | - path: /metrics 13 | port: https 14 | selector: 15 | matchLabels: 16 | control-plane: controller-manager 17 | -------------------------------------------------------------------------------- /config/rbac/atlasbackuppolicy_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasbackuppolicies. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasbackuppolicy-editor-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasbackuppolicies 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - atlas.mongodb.com 21 | resources: 22 | - atlasbackuppolicies/status 23 | verbs: 24 | - get -------------------------------------------------------------------------------- /config/rbac/atlasbackuppolicy_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasbackuppolicies. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasbackuppolicy-viewer-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasbackuppolicies 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - atlas.mongodb.com 17 | resources: 18 | - atlasbackuppolicies/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/atlasbackupschedule_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasbackupschedules. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasbackupschedule-editor-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasbackupschedules 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - atlas.mongodb.com 21 | resources: 22 | - atlasbackupschedules/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/atlasbackupschedule_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasbackupschedules. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasbackupschedule-viewer-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasbackupschedules 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - atlas.mongodb.com 17 | resources: 18 | - atlasbackupschedules/status 19 | verbs: 20 | - get -------------------------------------------------------------------------------- /config/rbac/atlasdeployment_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasclusters. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasdeployment-editor-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasdeployments 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - atlas.mongodb.com 21 | resources: 22 | - atlasdeployments/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/atlasdeployment_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasclusters. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasdeployment-viewer-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasdeployments 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - atlas.mongodb.com 17 | resources: 18 | - atlasdeployments/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/atlasfederatedauth_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasfederatedauths. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasfederatedauth-editor-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasfederatedauths 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - atlas.mongodb.com 21 | resources: 22 | - atlasfederatedauths/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/atlasfederatedauth_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasfederatedauths. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasfederatedauth-viewer-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasfederatedauths 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - atlas.mongodb.com 17 | resources: 18 | - atlasfederatedauths/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/atlasipaccesslist_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasipaccesslists. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: mongodb-atlas-kubernetes 7 | app.kubernetes.io/managed-by: kustomize 8 | name: atlasipaccesslist-editor-role 9 | rules: 10 | - apiGroups: 11 | - atlas.mongodb.com 12 | resources: 13 | - atlasipaccesslists 14 | verbs: 15 | - create 16 | - delete 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | - apiGroups: 23 | - atlas.mongodb.com 24 | resources: 25 | - atlasipaccesslists/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/rbac/atlasipaccesslist_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasipaccesslists. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: mongodb-atlas-kubernetes 7 | app.kubernetes.io/managed-by: kustomize 8 | name: atlasipaccesslist-viewer-role 9 | rules: 10 | - apiGroups: 11 | - atlas.mongodb.com 12 | resources: 13 | - atlasipaccesslists 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - apiGroups: 19 | - atlas.mongodb.com 20 | resources: 21 | - atlasipaccesslists/status 22 | verbs: 23 | - get 24 | -------------------------------------------------------------------------------- /config/rbac/atlasnetworkcontainer_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasnetworkcontainers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: mongodb-atlas-kubernetes 7 | app.kubernetes.io/managed-by: kustomize 8 | name: atlasnetworkcontainer-editor-role 9 | rules: 10 | - apiGroups: 11 | - atlas.mongodb.com 12 | resources: 13 | - atlasnetworkcontainers 14 | verbs: 15 | - create 16 | - delete 17 | - get 18 | - list 19 | - patch 20 | - update 21 | - watch 22 | - apiGroups: 23 | - atlas.mongodb.com 24 | resources: 25 | - atlasnetworkcontainers/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/rbac/atlasnetworkcontainer_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasnetworkcontainers. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: mongodb-atlas-kubernetes 7 | app.kubernetes.io/managed-by: kustomize 8 | name: atlasnetworkcontainer-viewer-role 9 | rules: 10 | - apiGroups: 11 | - atlas.mongodb.com 12 | resources: 13 | - atlasnetworkcontainers 14 | verbs: 15 | - get 16 | - list 17 | - watch 18 | - apiGroups: 19 | - atlas.mongodb.com 20 | resources: 21 | - atlasnetworkcontainers/status 22 | verbs: 23 | - get 24 | -------------------------------------------------------------------------------- /config/rbac/atlasnetworkpeering_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasnetworkpeerings. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: atlasnetworkpeering-editor-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: ako-scaffolding 10 | app.kubernetes.io/part-of: ako-scaffolding 11 | app.kubernetes.io/managed-by: kustomize 12 | name: atlasnetworkpeering-editor-role 13 | rules: 14 | - apiGroups: 15 | - atlas.mongodb.com 16 | resources: 17 | - atlasnetworkpeerings 18 | verbs: 19 | - create 20 | - delete 21 | - get 22 | - list 23 | - patch 24 | - update 25 | - watch 26 | - apiGroups: 27 | - atlas.mongodb.com 28 | resources: 29 | - atlasnetworkpeerings/status 30 | verbs: 31 | - get 32 | -------------------------------------------------------------------------------- /config/rbac/atlasnetworkpeering_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasnetworkpeerings. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | labels: 6 | app.kubernetes.io/name: clusterrole 7 | app.kubernetes.io/instance: atlasnetworkpeering-viewer-role 8 | app.kubernetes.io/component: rbac 9 | app.kubernetes.io/created-by: ako-scaffolding 10 | app.kubernetes.io/part-of: ako-scaffolding 11 | app.kubernetes.io/managed-by: kustomize 12 | name: atlasnetworkpeering-viewer-role 13 | rules: 14 | - apiGroups: 15 | - atlas.mongodb.com 16 | resources: 17 | - atlasnetworkpeerings 18 | verbs: 19 | - get 20 | - list 21 | - watch 22 | - apiGroups: 23 | - atlas.mongodb.com 24 | resources: 25 | - atlasnetworkpeerings/status 26 | verbs: 27 | - get 28 | -------------------------------------------------------------------------------- /config/rbac/atlasprivateendpoint_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasprivateendpoints. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasprivateendpoint-editor-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasprivateendpoints 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - atlas.mongodb.com 21 | resources: 22 | - atlasprivateendpoints/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/atlasprivateendpoint_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasprivateendpoints. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasprivateendpoint-viewer-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasprivateendpoints 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - atlas.mongodb.com 17 | resources: 18 | - atlasprivateendpoints/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/atlasproject_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasprojects. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasproject-editor-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasprojects 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - atlas.mongodb.com 21 | resources: 22 | - atlasprojects/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/atlasproject_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasprojects. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasproject-viewer-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasprojects 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - atlas.mongodb.com 17 | resources: 18 | - atlasprojects/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/atlassearchindexconfig_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlassearchindexsconfigs. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlassearchindexconfig-editor-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlassearchindexconfigs 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - atlas.mongodb.com 21 | resources: 22 | - atlassearchindexconfigs/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/atlassearchindexconfig_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasprojects. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlassearchindexconfig-viewer-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlassearchindexconfigs 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - atlas.mongodb.com 17 | resources: 18 | - atlassearchindexconfigs/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/atlasstreamconnections_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasstreamconnections. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasstreamconnections-editor-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasstreamconnections 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - atlas.mongodb.com 21 | resources: 22 | - atlasstreamconnections/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/atlasstreamconnections_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasstreamconnections. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasstreamconnections-viewer-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasstreamconnections 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - atlas.mongodb.com 17 | resources: 18 | - atlasstreamconnections/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/atlasstreaminstances_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasstreaminstances. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasstreaminstances-editor-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasstreaminstances 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - atlas.mongodb.com 21 | resources: 22 | - atlasstreaminstances/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/atlasstreaminstances_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasstreaminstances. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasstreaminstances-viewer-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasstreaminstances 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - atlas.mongodb.com 17 | resources: 18 | - atlasstreaminstances/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/atlasteam_editor_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to edit atlasteams. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasteam-editor-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasteams 11 | verbs: 12 | - create 13 | - delete 14 | - get 15 | - list 16 | - patch 17 | - update 18 | - watch 19 | - apiGroups: 20 | - atlas.mongodb.com 21 | resources: 22 | - atlasteams/status 23 | verbs: 24 | - get 25 | -------------------------------------------------------------------------------- /config/rbac/atlasteam_viewer_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions for end users to view atlasteams. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: atlasteam-viewer-role 6 | rules: 7 | - apiGroups: 8 | - atlas.mongodb.com 9 | resources: 10 | - atlasteams 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - apiGroups: 16 | - atlas.mongodb.com 17 | resources: 18 | - atlasteams/status 19 | verbs: 20 | - get 21 | -------------------------------------------------------------------------------- /config/rbac/clusterwide/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - ../service_account.yaml 5 | - ../leader_election_role.yaml 6 | - ../leader_election_role_binding.yaml 7 | -------------------------------------------------------------------------------- /config/rbac/clusterwide/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: ClusterRoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: ClusterRole 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: operator 12 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role.yaml: -------------------------------------------------------------------------------- 1 | # permissions to do leader election. 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: Role 4 | metadata: 5 | name: leader-election-role 6 | rules: 7 | - apiGroups: 8 | - coordination.k8s.io 9 | resources: 10 | - leases 11 | verbs: 12 | - get 13 | - list 14 | - watch 15 | - create 16 | - update 17 | - patch 18 | - delete 19 | - apiGroups: 20 | - "" 21 | resources: 22 | - configmaps 23 | verbs: 24 | - get 25 | - list 26 | - watch 27 | - create 28 | - update 29 | - patch 30 | - delete 31 | - apiGroups: 32 | - "" 33 | resources: 34 | - events 35 | verbs: 36 | - create 37 | - patch 38 | -------------------------------------------------------------------------------- /config/rbac/leader_election_role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: leader-election-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: leader-election-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: operator 12 | -------------------------------------------------------------------------------- /config/rbac/namespaced/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - role.yaml 3 | - role_binding.yaml 4 | - ../service_account.yaml 5 | - ../leader_election_role.yaml 6 | - ../leader_election_role_binding.yaml 7 | -------------------------------------------------------------------------------- /config/rbac/namespaced/role_binding.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: rbac.authorization.k8s.io/v1 2 | kind: RoleBinding 3 | metadata: 4 | name: manager-rolebinding 5 | roleRef: 6 | apiGroup: rbac.authorization.k8s.io 7 | kind: Role 8 | name: manager-role 9 | subjects: 10 | - kind: ServiceAccount 11 | name: operator 12 | -------------------------------------------------------------------------------- /config/rbac/service_account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: operator -------------------------------------------------------------------------------- /config/release/base/allinone/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: mongodb-atlas-system 2 | 3 | namePrefix: mongodb-atlas- 4 | 5 | # Labels to add to all resources and selectors. 6 | commonLabels: 7 | app.kubernetes.io/component: controller 8 | app.kubernetes.io/name: mongodb-atlas-kubernetes-operator 9 | app.kubernetes.io/instance: mongodb-atlas-kubernetes-operator 10 | 11 | resources: 12 | - ../../../manager 13 | - ../../../crd 14 | - ../../../rbac/clusterwide 15 | -------------------------------------------------------------------------------- /config/release/base/clusterwide/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: mongodb-atlas-system 2 | 3 | namePrefix: mongodb-atlas- 4 | 5 | # Labels to add to all resources and selectors. 6 | commonLabels: 7 | app.kubernetes.io/component: controller 8 | app.kubernetes.io/name: mongodb-atlas-kubernetes-operator 9 | app.kubernetes.io/instance: mongodb-atlas-kubernetes-operator 10 | 11 | resources: 12 | - ../../../manager 13 | - ../../../rbac/clusterwide 14 | -------------------------------------------------------------------------------- /config/release/base/namespaced/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: mongodb-atlas-system 2 | 3 | namePrefix: mongodb-atlas- 4 | 5 | # Labels to add to all resources and selectors. 6 | commonLabels: 7 | app.kubernetes.io/component: controller 8 | app.kubernetes.io/name: mongodb-atlas-kubernetes-operator 9 | app.kubernetes.io/instance: mongodb-atlas-kubernetes-operator 10 | 11 | resources: 12 | - ../../../manager 13 | - ../../../rbac/namespaced 14 | 15 | patches: 16 | - path: manager_watched_namespace_patch.json 17 | target: 18 | group: apps 19 | version: v1 20 | kind: Deployment 21 | name: operator 22 | -------------------------------------------------------------------------------- /config/release/base/namespaced/manager_watched_namespace_patch.json: -------------------------------------------------------------------------------- 1 | [ 2 | {"op": "add", 3 | "path": "/spec/template/spec/containers/0/env/0", 4 | "value": { 5 | "name": "WATCH_NAMESPACE", 6 | "valueFrom": { 7 | "fieldRef": { 8 | "fieldPath": "metadata.namespace" 9 | } 10 | } 11 | } 12 | } 13 | ] 14 | -------------------------------------------------------------------------------- /config/release/dev/allinone/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base/allinone 3 | 4 | patches: 5 | - path: ../dev_patch.json 6 | target: 7 | group: apps 8 | version: v1 9 | kind: Deployment 10 | name: mongodb-atlas-operator -------------------------------------------------------------------------------- /config/release/dev/clusterwide/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base/clusterwide 3 | 4 | 5 | patches: 6 | - path: ../dev_patch.json 7 | target: 8 | group: apps 9 | version: v1 10 | kind: Deployment 11 | name: mongodb-atlas-operator -------------------------------------------------------------------------------- /config/release/dev/dev_patch.json: -------------------------------------------------------------------------------- 1 | [ 2 | {"op": "replace", 3 | "path": "/spec/template/spec/containers/0/args/3", 4 | "value": "--log-level=debug" 5 | }, 6 | {"op": "add", 7 | "path": "/spec/template/spec/containers/0/args/0", 8 | "value": "--atlas-domain=https://cloud-qa.mongodb.com/" 9 | } 10 | ] 11 | -------------------------------------------------------------------------------- /config/release/dev/namespaced/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base/namespaced 3 | 4 | 5 | patches: 6 | - path: ../dev_patch.json 7 | target: 8 | group: apps 9 | version: v1 10 | kind: Deployment 11 | name: mongodb-atlas-operator -------------------------------------------------------------------------------- /config/release/dev/openshift/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: mongodb-atlas-system 2 | 3 | namePrefix: mongodb-atlas- 4 | 5 | # Labels to add to all resources and selectors. 6 | commonLabels: 7 | app.kubernetes.io/component: controller 8 | app.kubernetes.io/name: mongodb-atlas-kubernetes-operator 9 | app.kubernetes.io/instance: mongodb-atlas-kubernetes-operator 10 | 11 | resources: 12 | - ../../../manager 13 | - ../../../rbac/namespaced 14 | 15 | patches: 16 | - path: manager_watch_namespace_patch.json 17 | target: 18 | group: apps 19 | version: v1 20 | kind: Deployment 21 | name: operator 22 | -------------------------------------------------------------------------------- /config/release/dev/openshift/manager_watch_namespace_patch.json: -------------------------------------------------------------------------------- 1 | [ 2 | {"op": "add", 3 | "path": "/spec/template/spec/containers/0/env/0", 4 | "value": { 5 | "name": "WATCH_NAMESPACE", 6 | "valueFrom": { 7 | "fieldRef": { 8 | "fieldPath": "metadata.annotations['olm.targetNamespaces']" 9 | } 10 | } 11 | } 12 | } 13 | ] 14 | -------------------------------------------------------------------------------- /config/release/prod/allinone/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base/allinone 3 | 4 | patches: 5 | - path: ../prod_patch.json 6 | target: 7 | group: apps 8 | version: v1 9 | kind: Deployment 10 | name: mongodb-atlas-operator -------------------------------------------------------------------------------- /config/release/prod/clusterwide/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base/clusterwide 3 | 4 | 5 | patches: 6 | - path: ../prod_patch.json 7 | target: 8 | group: apps 9 | version: v1 10 | kind: Deployment 11 | name: mongodb-atlas-operator -------------------------------------------------------------------------------- /config/release/prod/namespaced/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - ../../base/namespaced 3 | 4 | 5 | patches: 6 | - path: ../prod_patch.json 7 | target: 8 | group: apps 9 | version: v1 10 | kind: Deployment 11 | name: mongodb-atlas-operator -------------------------------------------------------------------------------- /config/release/prod/openshift/kustomization.yaml: -------------------------------------------------------------------------------- 1 | namespace: mongodb-atlas-system 2 | 3 | namePrefix: mongodb-atlas- 4 | 5 | # Labels to add to all resources and selectors. 6 | commonLabels: 7 | app.kubernetes.io/component: controller 8 | app.kubernetes.io/name: mongodb-atlas-kubernetes-operator 9 | app.kubernetes.io/instance: mongodb-atlas-kubernetes-operator 10 | 11 | resources: 12 | - ../../../manager 13 | - ../../../rbac/namespaced 14 | 15 | patches: 16 | - path: ./manager_watch_namespace_patch.json 17 | target: 18 | group: apps 19 | version: v1 20 | kind: Deployment 21 | name: operator 22 | -------------------------------------------------------------------------------- /config/release/prod/openshift/manager_watch_namespace_patch.json: -------------------------------------------------------------------------------- 1 | [ 2 | {"op": "add", 3 | "path": "/spec/template/spec/containers/0/env/0", 4 | "value": { 5 | "name": "WATCH_NAMESPACE", 6 | "valueFrom": { 7 | "fieldRef": { 8 | "fieldPath": "metadata.annotations['olm.targetNamespaces']" 9 | } 10 | } 11 | } 12 | } 13 | ] 14 | -------------------------------------------------------------------------------- /config/release/prod/prod_patch.json: -------------------------------------------------------------------------------- 1 | [ 2 | {"op": "add", 3 | "path": "/spec/template/spec/containers/0/args/0", 4 | "value": "--atlas-domain=https://cloud.mongodb.com/" 5 | } 6 | ] -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasbackupcompliancepolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasBackupCompliancePolicy 3 | metadata: 4 | name: my-backup-compliance-policy 5 | spec: 6 | authorizedEmail: john.doe@example.com 7 | authorizedUserFirstName: John 8 | authorizedUserLastName: Doe 9 | copyProtectionEnabled: false 10 | encryptionAtRestEnabled: false 11 | onDemandPolicy: 12 | retentionUnit: weeks 13 | retentionValue: 3 14 | overwriteBackupPolicies: false 15 | pointInTimeEnabled: true 16 | restoreWindowDays: 42 17 | scheduledPolicyItems: 18 | - frequencyInterval: 2 19 | frequencyType: daily 20 | retentionUnit: days 21 | retentionValue: 7 -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasbackuppolicy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasBackupPolicy 3 | metadata: 4 | name: atlasbackuppolicy-sample 5 | spec: 6 | items: 7 | - frequencyType: hourly 8 | frequencyInterval: 6 9 | retentionUnit: days 10 | retentionValue: 2 11 | - frequencyType: daily 12 | frequencyInterval: 1 13 | retentionUnit: days 14 | retentionValue: 7 15 | - frequencyType: weekly 16 | frequencyInterval: 1 17 | retentionUnit: weeks 18 | retentionValue: 4 19 | - frequencyType: monthly 20 | frequencyInterval: 15 21 | retentionUnit: months 22 | retentionValue: 12 23 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasbackupschedule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasBackupSchedule 3 | metadata: 4 | name: atlasbackupschedule-sample 5 | spec: 6 | autoExportEnabled: false 7 | referenceHourOfDay: 10 8 | referenceMinuteOfHour: 10 9 | restoreWindowDays: 2 10 | copySettings: 11 | - regionName: US_WEST_1 12 | cloudProvider: AWS 13 | shouldCopyOplogs: false 14 | frequencies: 15 | - WEEKLY 16 | useOrgAndGroupNamesInExportPrefix: true 17 | policy: 18 | name: atlasbackuppolicy-sample 19 | 20 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlascustomrole.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasCustomRole 3 | metadata: 4 | name: shard-operator-role 5 | spec: 6 | projectRef: 7 | name: my-project 8 | role: 9 | name: my-role 10 | actions: 11 | - name: getShardMap 12 | resources: 13 | - cluster: true 14 | - name: shardingState 15 | resources: 16 | - cluster: true 17 | - name: connPoolStats 18 | resources: 19 | - cluster: true 20 | - name: getLog 21 | resources: 22 | - cluster: true 23 | inheritedRoles: 24 | - name: operator-role-1 25 | database: admin 26 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasdatabaseuser.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDatabaseUser 3 | metadata: 4 | name: my-database-user 5 | spec: 6 | projectRef: 7 | name: my-project 8 | databaseName: admin 9 | roles: 10 | - databaseName: admin 11 | roleName: readWriteAnyDatabase 12 | username: theuser 13 | passwordSecretRef: 14 | name: the-user-password 15 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasdatafederation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDataFederation 3 | metadata: 4 | name: my-data-federation 5 | namespace: mongodb-atlas-system 6 | spec: 7 | projectRef: 8 | name: my-project 9 | namespace: mongodb-atlas-system 10 | name: my-data-federation 11 | privateEndpoints: 12 | - endpointId: vpce-03f9eeaa764e32454 13 | provider: AWS 14 | type: DATA_LAKE 15 | storage: 16 | stores: 17 | - name: http-test 18 | provider: http 19 | databases: 20 | - name: test-db-1 21 | collections: 22 | - name: test-collection-1 23 | dataSources: 24 | - storeName: http-test 25 | urls: 26 | - https://data.cityofnewyork.us/api/views/vfnx-vebw/rows.csv 27 | 28 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasdeployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: my-atlas-deployment 5 | spec: 6 | projectRef: 7 | name: my-project 8 | backupRef: 9 | name: atlasbackupschedule-sample 10 | deploymentSpec: 11 | name: "test-deployment" 12 | clusterType: REPLICASET 13 | backupEnabled: true 14 | mongoDBMajorVersion: "7.0" 15 | replicationSpecs: 16 | - zoneName: "Zone 1" 17 | regionConfigs: 18 | - providerName: AWS 19 | regionName: US_EAST_1 20 | priority: 7 21 | electableSpecs: 22 | instanceSize: M10 23 | nodeCount: 3 24 | tags: 25 | - key: team 26 | value: atlas-operator 27 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasfederatedauth.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasFederatedAuth 3 | metadata: 4 | name: atlas-default-federated-auth 5 | namespace: mongodb-atlas-system 6 | spec: 7 | enabled: true 8 | connectionSecretRef: 9 | name: my-org-secret 10 | namespace: mongodb-atlas-system 11 | domainAllowList: 12 | - my-org-domain.com 13 | domainRestrictionEnabled: true 14 | ssoDebugEnabled: false 15 | postAuthRoleGrants: 16 | - ORG_MEMBER 17 | roleMappings: 18 | - externalGroupName: org-admin 19 | roleAssignments: 20 | - role: ORG_OWNER 21 | - externalGroupName: dev-team 22 | roleAssignments: 23 | - role: ORG_GROUP_CREATOR 24 | - projectName: dev-project 25 | role: GROUP_OWNER 26 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasipaccesslist.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasIPAccessList 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: mongodb-atlas-kubernetes 6 | name: atlasipaccesslist-sample 7 | spec: 8 | projectRef: 9 | name: my-project 10 | entries: 11 | - cidrBlock: 192.168.1.0/24 12 | - ipAddress: 10.0.0.1 13 | deleteAfterDate: 2025-01-20T23:59:59+02:00 14 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasnetworkcontainer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasNetworkContainer 3 | metadata: 4 | labels: 5 | app.kubernetes.io/name: mongodb-atlas-kubernetes 6 | app.kubernetes.io/managed-by: kustomize 7 | name: atlasnetworkcontainer-sample 8 | spec: 9 | externalProjectRef: 10 | projectId: 66e2f2b621571b7e69a89b66 11 | connectionSecret: 12 | name: atlas-connection-secret 13 | provider: AWS 14 | cidrBlock: 10.11.0.0/16 15 | region: US_EAST_1 16 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasnetworkpeering.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasNetworkPeering 3 | metadata: 4 | name: atlasnetworkpeering-sample 5 | spec: 6 | projectRef: 7 | name: atlas-project 8 | namespace: namespace 9 | provider: AWS 10 | containerId: "623412394512350" 11 | awsConfiguration: 12 | accepterRegionName: US_EAST_1 13 | awsAccountId: "23214235145" 14 | routeTableCidrBlock: "10.11.0.0/16" 15 | vpcId: "vpcid-7123782134" 16 | containerRegion: US_EAST_1 17 | atlasCidrBlock: "10.12.0.0/16" 18 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasprivateendpoint.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasPrivateEndpoint 3 | metadata: 4 | name: atlasprivateendpoint-sample 5 | spec: 6 | projectRef: 7 | name: my-project 8 | provider: AWS 9 | region: EU_CENTRAL_1 10 | awsConfiguration: 11 | id: vpce-f4k34w51d 12 | 13 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasproject.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasProject 3 | metadata: 4 | name: my-project 5 | spec: 6 | name: Test Atlas Operator Project 7 | projectIpAccessList: 8 | - ipAddress: "192.0.2.15" 9 | comment: "IP address for Application Server A" 10 | - cidrBlock: "203.0.113.0/24" 11 | comment: "CIDR block for Application Server B - D" 12 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasproject_with_maintenance_window.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasProject 3 | metadata: 4 | name: my-project 5 | spec: 6 | name: Test Atlas Operator Project 7 | projectIpAccessList: 8 | - ipAddress: "192.0.2.15" 9 | comment: "IP address for Application Server A" 10 | maintenanceWindow: 11 | dayOfWeek: 3 12 | hourOfDay: 5 13 | autoDefer: true 14 | 15 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlassearchindexconfigs.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasSearchIndexConfig 3 | metadata: 4 | name: atlassearchindexconfig-sample 5 | spec: 6 | analyzer: lucene.standard 7 | analyzers: 8 | - name: test-analyzer 9 | tokenizer: 10 | type: whiteSpace 11 | whitespace: 12 | maxTokenLenght: 200 13 | tokenFilters: 14 | - type: asciiFolding 15 | asciiFolding: 16 | originalTokens: omit 17 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasstreamconnection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasStreamConnection 3 | metadata: 4 | name: my-streamconnection-kafka 5 | spec: 6 | name: "kafka-config" 7 | type: "Kafka" 8 | kafkaConfig: 9 | authentication: 10 | credentials: 11 | name: kafka-userpass 12 | mechanism: SCRAM-512 13 | bootstrapServers: "kafka.server1:9001,kafka.server2:9002,kafka.server3:9003" 14 | security: 15 | protocol: SSL 16 | certificate: 17 | name: kafka-cert 18 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasstreaminstance.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasStreamInstance 3 | metadata: 4 | name: my-streaminstance-sample 5 | spec: 6 | name: my-instance 7 | clusterConfig: 8 | provider: AWS 9 | region: VIRGINIA_USA 10 | tier: SP30 11 | connectionRegistry: 12 | - name: my-streamconnection-sample 13 | projectRef: 14 | name: my-project 15 | -------------------------------------------------------------------------------- /config/samples/atlas_v1_atlasteam.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasTeam 3 | metadata: 4 | name: atlasteam-sample 5 | spec: 6 | name: "my-team" 7 | usernames: 8 | - "username@mongodb.com" 9 | -------------------------------------------------------------------------------- /config/samples/kustomization.yaml: -------------------------------------------------------------------------------- 1 | ## Append samples you want in your CSV to this file as resources ## 2 | # Dev note: renaming these files is not allowed as operator-sdk later uses them 3 | # to generate proper CSV documents 4 | resources: 5 | - atlas_v1_atlasdeployment.yaml 6 | - atlas_v1_atlasproject.yaml 7 | - atlas_v1_atlasdatabaseuser.yaml 8 | - atlas_v1_atlasbackuppolicy.yaml 9 | - atlas_v1_atlasbackupschedule.yaml 10 | - atlas_v1_atlasteam.yaml 11 | - atlas_v1_atlasipaccesslist.yaml 12 | - atlas_v1_atlasnetworkcontainer.yaml 13 | - atlas_v1_atlasnetworkpeering.yaml 14 | - atlas_v1_atlasstreaminstance.yaml 15 | - atlas_v1_atlasstreamconnection.yaml 16 | - atlas_v1_atlasdatafederation.yaml 17 | - atlas_v1_atlasfederatedauth.yaml 18 | - atlas_v1_atlasprivateendpoint.yaml 19 | - atlas_v1_atlassearchindexconfigs.yaml 20 | - atlas_v1_atlasbackupcompliancepolicy.yaml 21 | - atlas_v1_atlascustomrole.yaml 22 | # +kubebuilder:scaffold:manifestskustomizesamples 23 | -------------------------------------------------------------------------------- /config/scorecard/bases/config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: scorecard.operatorframework.io/v1alpha3 2 | kind: Configuration 3 | metadata: 4 | name: config 5 | stages: 6 | - parallel: true 7 | tests: [] 8 | -------------------------------------------------------------------------------- /config/scorecard/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - bases/config.yaml 3 | patchesJson6902: 4 | - path: patches/basic.config.yaml 5 | target: 6 | group: scorecard.operatorframework.io 7 | version: v1alpha3 8 | kind: Configuration 9 | name: config 10 | - path: patches/olm.config.yaml 11 | target: 12 | group: scorecard.operatorframework.io 13 | version: v1alpha3 14 | kind: Configuration 15 | name: config 16 | # +kubebuilder:scaffold:patchesJson6902 17 | -------------------------------------------------------------------------------- /config/scorecard/patches/basic.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - basic-check-spec 7 | image: quay.io/operator-framework/scorecard-test:v1.2.0 8 | labels: 9 | suite: basic 10 | test: basic-check-spec-test 11 | -------------------------------------------------------------------------------- /config/scorecard/patches/olm.config.yaml: -------------------------------------------------------------------------------- 1 | - op: add 2 | path: /stages/0/tests/- 3 | value: 4 | entrypoint: 5 | - scorecard-test 6 | - olm-bundle-validation 7 | image: quay.io/operator-framework/scorecard-test:v1.2.0 8 | labels: 9 | suite: olm 10 | test: olm-bundle-validation-test 11 | - op: add 12 | path: /stages/0/tests/- 13 | value: 14 | entrypoint: 15 | - scorecard-test 16 | - olm-crds-have-validation 17 | image: quay.io/operator-framework/scorecard-test:v1.2.0 18 | labels: 19 | suite: olm 20 | test: olm-crds-have-validation-test 21 | - op: add 22 | path: /stages/0/tests/- 23 | value: 24 | entrypoint: 25 | - scorecard-test 26 | - olm-crds-have-resources 27 | image: quay.io/operator-framework/scorecard-test:v1.2.0 28 | labels: 29 | suite: olm 30 | test: olm-crds-have-resources-test 31 | - op: add 32 | path: /stages/0/tests/- 33 | value: 34 | entrypoint: 35 | - scorecard-test 36 | - olm-spec-descriptors 37 | image: quay.io/operator-framework/scorecard-test:v1.2.0 38 | labels: 39 | suite: olm 40 | test: olm-spec-descriptors-test 41 | - op: add 42 | path: /stages/0/tests/- 43 | value: 44 | entrypoint: 45 | - scorecard-test 46 | - olm-status-descriptors 47 | image: quay.io/operator-framework/scorecard-test:v1.2.0 48 | labels: 49 | suite: olm 50 | test: olm-status-descriptors-test 51 | -------------------------------------------------------------------------------- /config/webhook/kustomization.yaml: -------------------------------------------------------------------------------- 1 | resources: 2 | - manifests.yaml 3 | - service.yaml 4 | 5 | configurations: 6 | - kustomizeconfig.yaml 7 | -------------------------------------------------------------------------------- /config/webhook/kustomizeconfig.yaml: -------------------------------------------------------------------------------- 1 | # the following config is for teaching kustomize where to look at when substituting vars. 2 | # It requires kustomize v2.1.0 or newer to work properly. 3 | nameReference: 4 | - kind: Service 5 | version: v1 6 | fieldSpecs: 7 | - kind: MutatingWebhookConfiguration 8 | group: admissionregistration.k8s.io 9 | path: webhooks/clientConfig/service/name 10 | - kind: ValidatingWebhookConfiguration 11 | group: admissionregistration.k8s.io 12 | path: webhooks/clientConfig/service/name 13 | 14 | namespace: 15 | - kind: MutatingWebhookConfiguration 16 | group: admissionregistration.k8s.io 17 | path: webhooks/clientConfig/service/namespace 18 | create: true 19 | - kind: ValidatingWebhookConfiguration 20 | group: admissionregistration.k8s.io 21 | path: webhooks/clientConfig/service/namespace 22 | create: true 23 | 24 | varReference: 25 | - path: metadata/annotations 26 | -------------------------------------------------------------------------------- /config/webhook/service.yaml: -------------------------------------------------------------------------------- 1 | 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: webhook-service 6 | namespace: system 7 | spec: 8 | ports: 9 | - port: 443 10 | targetPort: 9443 11 | -------------------------------------------------------------------------------- /devbox.json: -------------------------------------------------------------------------------- 1 | { 2 | "packages": [ 3 | "yq-go@latest", 4 | "kubebuilder@4.1.1", 5 | "jq@latest", 6 | "path:flakes/go", 7 | "gotests@latest", 8 | "act@latest", 9 | "kubectl@latest", 10 | "docker@latest", 11 | "kustomize@4.3", 12 | "git@latest", 13 | "gettext@latest", 14 | "wget@latest", 15 | "cosign@latest", 16 | "kubernetes-helm@latest", 17 | "govulncheck@latest", 18 | "gotools@latest", 19 | "ginkgo@latest", 20 | "operator-sdk@1.36.1", 21 | "shellcheck@latest", 22 | "golangci-lint@2.0.0", 23 | "kubernetes-controller-tools@0.17.2", 24 | "setup-envtest@0.18.2", 25 | "awscli2@latest", 26 | "go-mockery@latest", 27 | "docker-sbom@latest" 28 | ] 29 | } 30 | -------------------------------------------------------------------------------- /docs/annotations.md: -------------------------------------------------------------------------------- 1 | # Annotations 2 | 3 | Annotations allow you to modify the default behaviour of the operator. 4 | 5 | They can be added to `metadata.annotations` like here: 6 | 7 | ``` 8 | apiVersion: atlas.mongodb.com/v1 9 | kind: AtlasProject 10 | metadata: 11 | name: my-project 12 | annotations: 13 | mongodb.com/atlas-resource-policy: keep 14 | spec: 15 | name: Test Atlas Operator Project 16 | ``` 17 | 18 | ### mongodb.com/atlas-resource-policy=keep 19 | 20 | If `mongodb.com/atlas-resource-policy` is set to `keep` operator will not delete the Atlas resource when you delete the k8s resource. 21 | 22 | ### mongodb.com/atlas-reconciliation-policy=skip 23 | 24 | If `mongodb.com/atlas-reconciliation-policy` is set to `skip` the operator doesn't start the reconciliation for the resource. 25 | 26 | This allows to pause the syncing with the spec for as long as this annotation is added. This might be useful if you want to make manual changes to resource and do not want the operator to undo them. As soon as this annotation is removed the operator should reconcile the resource and sync it back with the spec. -------------------------------------------------------------------------------- /docs/dev/img.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mongodb/mongodb-atlas-kubernetes/b7b271983af582f896924de7a7af5186e61f64c5/docs/dev/img.png -------------------------------------------------------------------------------- /docs/helpers/certs/cert.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Certificate 3 | metadata: 4 | name: mongodb-atlas-x509 5 | namespace: mongodb-atlas-system 6 | spec: 7 | secretName: mongodb-atlas-x509 8 | secretTemplate: 9 | labels: 10 | atlas.mongodb.com/type: credentials 11 | duration: 2160h # 90d 12 | renewBefore: 360h # 15d 13 | subject: 14 | organizations: 15 | - mongodb 16 | commonName: x509-testing-user 17 | isCA: true 18 | privateKey: 19 | algorithm: RSA 20 | encoding: PKCS1 21 | size: 2048 22 | dnsNames: 23 | - example.com 24 | issuerRef: 25 | name: default-issuer 26 | -------------------------------------------------------------------------------- /docs/helpers/certs/issuer.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: cert-manager.io/v1 2 | kind: Issuer 3 | metadata: 4 | name: default-issuer 5 | namespace: mongodb-atlas-system 6 | spec: 7 | selfSigned: {} 8 | -------------------------------------------------------------------------------- /docs/project-integration.md: -------------------------------------------------------------------------------- 1 | # Project with Third Party Integration 2 | 3 | ### Sample 4 | 5 | Operator support 3rd Party Integration with following [services](https://www.mongodb.com/docs/atlas/reference/api/third-party-integration-settings-create/) 6 | 7 | For example DATADOG requare (according documentation): 8 | - type = DATADOG 9 | - apiKey = Your API Key. 10 | - region = Indicates which API URL to use, either US or EU. Datadog will use US by default. 11 | 12 | 13 | ``` 14 | apiVersion: atlas.mongodb.com/v1 15 | kind: AtlasProject 16 | metadata: 17 | name: my-project 18 | spec: 19 | name: TestAtlasOperatorProjectIntegration3 20 | connectionSecretRef: 21 | name: my-atlas-key 22 | projectIpAccessList: 23 | - ipAddress: "0.0.0.0/1" 24 | comment: "Everyone has access. For the test purpose only." 25 | - ipAddress: "128.0.0.0/1" 26 | comment: "Everyone has access. For the test purpose only." 27 | integrations: 28 | - type: "DATADOG" 29 | apiKeyRef: 30 | name: key-name 31 | namespace: key-namespace 32 | region: "US" 33 | ``` 34 | -------------------------------------------------------------------------------- /docs/release-notes/release-notes-template.md: -------------------------------------------------------------------------------- 1 | # MongoDB Atlas Operator x.y.z 2 | 3 | > See the internal "Release Note Authoring Guidance" Wiki page for details 4 | 5 | ## Warnings 6 | 7 | > Put here anything that user needs to know to use this version. In most cases, this section will be empty and removed. 8 | 9 | ## New features, improvements and bug fixes 10 | 11 | > Mention shipped things in this particular order. In any improvements need migration guides, please include them here as well. 12 | 13 | ## Deprecations and removals 14 | 15 | > First deprecations and then removals. 16 | 17 | Images can be found at: https://quay.io/mongodb/mongodb-atlas-kubernetes-operator 18 | 19 | Supported Kubernetes versions: `e.g. 1.27-1.29` 20 | Supported OpenShift versions: `e.g 4.14` 21 | -------------------------------------------------------------------------------- /docs/secret-management/external-secrets/Readme.md: -------------------------------------------------------------------------------- 1 | # Automated secret provisioning with External Secrets 2 | 3 | The Atlas Kubernetes Operator consumes credentials from Kubernetes Secrets, continuously waiting for changes in them. 4 | 5 | With this, the Operator is ready to support both manually or automatically deployed secrets. Among the automated secrets, one popular solution is to provision the secrets directly off the company's or team's Vault service of choice. One Open Source tool allowing for this automation is [External Secrets](https://external-secrets.io/latest/). 6 | 7 | In this directory we have a couple of examples on how you would integrate the Operator Atlas credentials and DB User Password with a Hashicorp Vault. 8 | 9 | For more details, please check out the documentation at [External Secrets](https://external-secrets.io/latest/) directly. 10 | 11 | Here are some pointers to popular External Secrets providers: 12 | 13 | - [Hashicorp Vault](https://external-secrets.io/latest/provider/hashicorp-vault/). 14 | - [AWS Secrets Manager](https://external-secrets.io/latest/provider/aws-secrets-manager/) or [Parameters Store](https://external-secrets.io/latest/provider/aws-parameter-store/). 15 | - [Azure Key Vault](https://external-secrets.io/latest/provider/azure-key-vault/). 16 | - [Google Cloud Secret Manager](https://external-secrets.io/latest/provider/google-secrets-manager/). 17 | -------------------------------------------------------------------------------- /docs/secret-management/external-secrets/atlas.yaml: -------------------------------------------------------------------------------- 1 | # atlas External Secret CRD specifies a reference to the Atlas account 2 | # credentials to be fetched from the Vault for the atlas system namespace 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: atlas 7 | namespace: mongodb-atlas-system 8 | spec: 9 | refreshInterval: "15s" 10 | secretStoreRef: 11 | name: vault-store # defined at vault-system.yaml 12 | kind: SecretStore 13 | target: 14 | name: mongodb-atlas-operator-api-key 15 | template: 16 | metadata: 17 | labels: 18 | atlas.mongodb.com/type: credentials 19 | data: 20 | - secretKey: orgId 21 | remoteRef: 22 | key: secret/data/kube01/external-secrets/atlas-account 23 | property: orgId 24 | - secretKey: publicApiKey 25 | remoteRef: 26 | key: secret/data/kube01/external-secrets/atlas-account 27 | property: publicApiKey 28 | - secretKey: privateApiKey 29 | remoteRef: 30 | key: secret/data/kube01/external-secrets/atlas-account 31 | property: privateApiKey 32 | -------------------------------------------------------------------------------- /docs/secret-management/external-secrets/dbuser.yaml: -------------------------------------------------------------------------------- 1 | # dbuser External Secret CRD specifies a reference to the db user password 2 | # to be fetched from the Vault for the default namespace 3 | apiVersion: external-secrets.io/v1beta1 4 | kind: ExternalSecret 5 | metadata: 6 | name: dbuser 7 | namespace: default 8 | spec: 9 | refreshInterval: "15s" 10 | secretStoreRef: 11 | name: vault-store # defined at vault-default.yaml 12 | kind: SecretStore 13 | target: 14 | name: dbuser-password 15 | template: 16 | metadata: 17 | labels: 18 | atlas.mongodb.com/type: credentials 19 | data: 20 | - secretKey: password 21 | remoteRef: 22 | key: secret/data/kube01/external-secrets/db-user 23 | property: password 24 | -------------------------------------------------------------------------------- /docs/secret-management/external-secrets/vault-default.yaml: -------------------------------------------------------------------------------- 1 | # vault-store Secrets Store CRD specifies a Vault access to be used 2 | # to fetch secrets for the atlas default namespace 3 | # 4 | # Example parameters: 5 | # - This is the config for cluster "kube01" out of possibly many others. 6 | # - Hashicorp Vault: https://vault.internal.io 7 | # - Vault OIDC Auth mount point for kube01: jwt-kube01 8 | # - Service Account mapped to the Vault Role: {name: default, ns: default} 9 | # - Vault Role mapped to the Service Account: jwt-kube01-default 10 | # - OIDC audience "aud" at the JWT token: vault 11 | apiVersion: external-secrets.io/v1beta1 12 | kind: SecretStore 13 | metadata: 14 | name: vault-store 15 | namespace: default 16 | spec: 17 | provider: 18 | vault: 19 | server: "https://vault.internal.io" 20 | path: "secret" 21 | version: "v2" 22 | auth: 23 | jwt: 24 | path: "jwt-kube01" 25 | role: "jwt-kube01-default" 26 | kubernetesServiceAccountToken: 27 | expirationSeconds: 600 28 | serviceAccountRef: 29 | name: "default" 30 | audiences: 31 | - vault 32 | -------------------------------------------------------------------------------- /docs/secret-management/external-secrets/vault-system.yaml: -------------------------------------------------------------------------------- 1 | # vault-store Secrets Store CRD specifies a Vault access to be used 2 | # to fetch secrets for the atlas system namespace 3 | # 4 | # Example parameters: 5 | # - This is the config for cluster "kube01" out of possibly many others. 6 | # - Hashicorp Vault: https://vault.internal.io 7 | # - Vault OIDC Auth mount point for kube01: jwt-kube01 8 | # - Service Account mapped to the Vault Role: {name: default, ns: mongodb-atlas-system} 9 | # - Vault Role mapped to the Service Account: jwt-kube01-system 10 | # - OIDC audience "aud" at the JWT token: vault 11 | apiVersion: external-secrets.io/v1beta1 12 | kind: SecretStore 13 | metadata: 14 | name: vault-store 15 | namespace: mongodb-atlas-system 16 | spec: 17 | provider: 18 | vault: 19 | server: "https://vault.internal.io" 20 | path: "secret" 21 | version: "v2" 22 | auth: 23 | jwt: 24 | path: "jwt-kube01" 25 | role: "jwt-kube01-system" 26 | kubernetesServiceAccountToken: 27 | expirationSeconds: 600 28 | serviceAccountRef: 29 | name: "default" 30 | audiences: 31 | - vault 32 | -------------------------------------------------------------------------------- /docs/secret-management/secrets-store-csi/ako-patch.yaml: -------------------------------------------------------------------------------- 1 | # ako-patch adds a container to the AKO pod to fetch the Atlas credentials 2 | # using the Secret Store CSI driver's "atlas" Secret Provider Class 3 | spec: 4 | template: 5 | spec: 6 | containers: 7 | - name: system-secret-placeholder 8 | image: mongodb/atlas 9 | command: ["sleep", "infinity"] 10 | volumeMounts: 11 | - name: secrets-store-mount 12 | mountPath: "/mnt/secrets-store" 13 | readOnly: true 14 | volumes: 15 | - name: secrets-store-mount 16 | csi: 17 | driver: secrets-store.csi.k8s.io 18 | readOnly: true 19 | volumeAttributes: 20 | secretProviderClass: atlas # defined at atlas.yaml 21 | -------------------------------------------------------------------------------- /docs/secret-management/secrets-store-csi/dbuser.yaml: -------------------------------------------------------------------------------- 1 | # vault Secret Provider Class CRD specifies a CSI Vault access 2 | # and secrets to be fetched to the default namespace 3 | # 4 | # Example parameters: 5 | # - This is the config for cluster "kube01" out of possibly many others. 6 | # - Hashicorp Vault: https://vault.internal.io 7 | # - Vault Kubernetes Auth mount point for kube01: k8s-kube01 8 | # - Service Account mapped to the Vault Role: {name: default, ns: default} 9 | # - Vault Role mapped to the Service Account: k8s-kube01-default 10 | apiVersion: secrets-store.csi.x-k8s.io/v1 11 | kind: SecretProviderClass 12 | metadata: 13 | name: dbuser 14 | namespace: default 15 | spec: 16 | provider: vault 17 | secretObjects: 18 | - data: 19 | - key: password 20 | objectName: dbuser 21 | secretName: dbuser-password 22 | type: Opaque 23 | labels: 24 | atlas.mongodb.com/type: credentials 25 | parameters: 26 | vaultAddress: https://vault.internal.io 27 | vaultKubernetesMountPath: k8s-kube01 28 | roleName: k8s-kube01-role 29 | objects: | 30 | - objectName: "dbuser" 31 | secretPath: "secret/data/kube01/secrets-store/db-user" 32 | secretKey: "password" 33 | -------------------------------------------------------------------------------- /docs/secret-management/secrets-store-csi/placeholder.yaml: -------------------------------------------------------------------------------- 1 | # secret-placeholder is a sentinel pod used just to ensure the CSI driver will 2 | # fetch the dbuser credentials and sync them as a Kubernetes Cluster for the 3 | # Atlas Database User CRD to use it and produce a connection string from it 4 | kind: Pod 5 | apiVersion: v1 6 | metadata: 7 | name: secret-placeholder 8 | spec: 9 | containers: 10 | - image: mongodb/atlas 11 | command: ["sleep", "infinity"] 12 | name: secret-placeholder 13 | volumeMounts: 14 | - name: secrets-store-mount 15 | mountPath: "/mnt/secrets-store" 16 | readOnly: true 17 | volumes: 18 | - name: secrets-store-mount 19 | csi: 20 | driver: secrets-store.csi.k8s.io 21 | readOnly: true 22 | volumeAttributes: 23 | secretProviderClass: dbuser # defined at dbuser.yaml 24 | -------------------------------------------------------------------------------- /dotenv.sample: -------------------------------------------------------------------------------- 1 | # prepare a .env file with contents such as these 2 | DOCKER_REGISTRY=localhost:5000 3 | 4 | -------------------------------------------------------------------------------- /fast.Dockerfile: -------------------------------------------------------------------------------- 1 | # TODO: Eventually replace main Dockerfile 2 | FROM golang:1.24 as certs-source 3 | ARG GOTOOLCHAIN=auto 4 | 5 | # Using rolling tag to stay on latest UBI 9 6 | FROM registry.access.redhat.com/ubi9/ubi:latest as ubi-certs 7 | FROM registry.access.redhat.com/ubi9/ubi-micro:latest 8 | 9 | ARG TARGETOS 10 | ARG TARGETARCH 11 | ENV TARGET_ARCH=${TARGETARCH} 12 | ENV TARGET_OS=${TARGETOS} 13 | 14 | LABEL name="MongoDB Atlas Operator" \ 15 | maintainer="support@mongodb.com" \ 16 | vendor="MongoDB" \ 17 | release="1" \ 18 | summary="MongoDB Atlas Operator Image" \ 19 | description="MongoDB Atlas Operator is a Kubernetes Operator allowing to manage MongoDB Atlas resources not leaving Kubernetes cluster" \ 20 | io.k8s.display-name="MongoDB Atlas Operator" \ 21 | io.k8s.description="MongoDB Atlas Operator is a Kubernetes Operator allowing to manage MongoDB Atlas resources not leaving Kubernetes cluster" \ 22 | io.openshift.tags="mongodb,atlas" \ 23 | io.openshift.maintainer.product="MongoDB" \ 24 | License="Apache-2.0" 25 | 26 | WORKDIR / 27 | COPY bin/${TARGET_OS}/${TARGET_ARCH}/manager . 28 | COPY hack/licenses licenses 29 | COPY --from=ubi-certs /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem 30 | 31 | USER 1001:0 32 | ENTRYPOINT ["/manager"] 33 | -------------------------------------------------------------------------------- /flakes/go/flake.nix: -------------------------------------------------------------------------------- 1 | { 2 | description = "A flake for Go 1.24.2"; 3 | inputs = { 4 | nixpkgs.url = "github:NixOS/nixpkgs"; 5 | flake-utils.url = "github:numtide/flake-utils"; 6 | }; 7 | outputs = { self, nixpkgs, flake-utils }: 8 | flake-utils.lib.eachDefaultSystem (system: 9 | let 10 | pkgs = import nixpkgs { inherit system; }; 11 | in 12 | { 13 | packages.default = pkgs.go_1_24.overrideAttrs (old: { 14 | version = "1.24.2"; 15 | src = pkgs.fetchurl { 16 | url = "https://golang.org/dl/go1.24.2.linux-amd64.tar.gz"; 17 | sha256 = "sha256-aAl71oCDnLydRkoO3OT3wzOXXiepAkaJDp8QeMfnAq0="; 18 | }; 19 | }); 20 | }); 21 | } 22 | -------------------------------------------------------------------------------- /force-compile.timestamp: -------------------------------------------------------------------------------- 1 | 2024-08-02T07:02:09+00:00 2 | -------------------------------------------------------------------------------- /hack/boilerplate.go.txt: -------------------------------------------------------------------------------- 1 | //Copyright 2025 MongoDB Inc 2 | // 3 | //Licensed under the Apache License, Version 2.0 (the "License"); 4 | //you may not use this file except in compliance with the License. 5 | //You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | //Unless required by applicable law or agreed to in writing, software 10 | //distributed under the License is distributed on an "AS IS" BASIS, 11 | //WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | //See the License for the specific language governing permissions and 13 | //limitations under the License. -------------------------------------------------------------------------------- /hack/licenses/Apache-2.0/README: -------------------------------------------------------------------------------- 1 | # Components licensed under: Apache License Version 2.0 2 | 3 | ## github.com/prometheus/client_model/go 4 | 5 | ## k8s.io/apimachinery 6 | 7 | ## k8s.io/utils 8 | 9 | ## gomodules.xyz/jsonpatch/v2 10 | 11 | ## github.com/xdg/stringprep 12 | 13 | ## gopkg.in/yaml.v2 14 | 15 | ## github.com/prometheus/common 16 | 17 | ## github.com/matttproud/golang_protobuf_extensions/pbutil 18 | 19 | ## k8s.io/kube-openapi/pkg/util/proto 20 | 21 | ## github.com/prometheus/procfs 22 | 23 | ## github.com/modern-go/reflect2 24 | 25 | ## github.com/googleapis/gnostic 26 | 27 | ## github.com/google/gofuzz 28 | 29 | ## k8s.io/klog 30 | 31 | ## sigs.k8s.io/controller-runtime 32 | 33 | ## k8s.io/client-go 34 | 35 | ## github.com/golang/groupcache/lru 36 | 37 | ## github.com/prometheus/client_golang/prometheus 38 | 39 | ## k8s.io/api 40 | 41 | ## github.com/modern-go/concurrent 42 | 43 | ## github.com/go-logr/logr 44 | 45 | ## k8s.io/apiextensions-apiserver/pkg/apis/apiextensions 46 | 47 | ## bson@1.1.1 48 | 49 | ## require_optional@1.0.1 50 | -------------------------------------------------------------------------------- /hack/licenses/BSD-3-Clause/README: -------------------------------------------------------------------------------- 1 | # Components licensed under: BSD 3-Clause License 2 | 3 | ## gopkg.in/fsnotify.v1 4 | 5 | ## golang.org/x/oauth2 6 | 7 | ## golang.org/x/time/rate 8 | 9 | ## golang.org/x/crypto/ssh/terminal 10 | 11 | ## github.com/pmezard/go-difflib/difflib 12 | 13 | ## github.com/gogo/protobuf 14 | 15 | ## github.com/spf13/pflag 16 | 17 | ## github.com/golang/protobuf 18 | 19 | ## github.com/prometheus/common/internal/bitbucket.org/ww/goautoneg 20 | 21 | ## github.com/evanphx/json-patch 22 | 23 | ## github.com/google/go-cmp/cmp 24 | 25 | ## gopkg.in/inf.v0 26 | 27 | ## golang.org/x/net 28 | 29 | ## golang.org/x/sys/unix 30 | 31 | ## github.com/google/uuid 32 | 33 | ## golang.org/x/xerrors 34 | 35 | ## github.com/imdario/mergo 36 | 37 | ## golang.org/x/text 38 | -------------------------------------------------------------------------------- /hack/licenses/MIT/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: 6 | 7 | The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software. 8 | 9 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 10 | -------------------------------------------------------------------------------- /hack/licenses/MIT/README: -------------------------------------------------------------------------------- 1 | # Components licensed under: MIT License 2 | 3 | ## go.uber.org/multierr 4 | 5 | ## github.com/spf13/cast 6 | 7 | ## github.com/blang/semver 8 | 9 | ## go.uber.org/zap 10 | 11 | ## github.com/beorn7/perks/quantile 12 | 13 | ## github.com/stretchr/testify/assert 14 | 15 | ## go.uber.org/atomic 16 | 17 | ## github.com/json-iterator/go 18 | 19 | ## sigs.k8s.io/yaml 20 | 21 | ## memory-pager@1.5.0 22 | 23 | ## resolve-from@2.0.0 24 | 25 | ## safe-buffer@5.2.0 26 | 27 | ## saslprep@1.0.3 28 | 29 | ## sparse-bitfield@3.0.3 30 | -------------------------------------------------------------------------------- /hack/licenses/THIRD-PARTY-NOTICES: -------------------------------------------------------------------------------- 1 | Third-party notices 2 | ------------------- 3 | 4 | This product uses third-party libraries or other resources that may 5 | be distributed under licenses different than the MongoDB software. 6 | 7 | Please contact the MongoDB Legal Department if you need a required license to 8 | be added this list, or you would like a copy of the source code from a library in this list. 9 | 10 | https://www.mongodb.com/contact?jmp=docs 11 | 12 | The attached notices are provided for information only. 13 | 14 | Source code for open source libraries can be obtained from MongoDB. 15 | 16 | In the case of components licensed under multiple licenses, 17 | MongoDB has indicated which license it elects by listing the component 18 | under the corresponding license sub-directory. 19 | -------------------------------------------------------------------------------- /helm-charts/atlas-advanced/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /helm-charts/atlas-advanced/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: atlas-advanced 3 | description: This chart showcases Atlas Advanced (dedicated) deployment 4 | 5 | type: application 6 | 7 | version: 1.0.0 8 | 9 | keywords: 10 | - mongodb 11 | - database 12 | - nosql 13 | home: https://github.com/mongodb/mongodb-atlas-kubernetes 14 | icon: https://webimages.mongodb.com/_com_assets/cms/kuyjf3vea2hg34taa-horizontal_default_slate_blue.svg 15 | appVersion: "2.4.1" 16 | maintainers: 17 | - name: MongoDB 18 | email: support@mongodb.com 19 | -------------------------------------------------------------------------------- /helm-charts/atlas-advanced/templates/atlas-mongodb-user-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ include "atlas-advanced.fullname" $ }}-{{ .Values.dbUser.name }} 5 | namespace: {{ $.Release.Namespace }} 6 | labels: 7 | atlas.mongodb.com/type: "credentials" 8 | {{- include "atlas-advanced.labels" $ | nindent 4 }} 9 | type: Opaque 10 | stringData: 11 | password: {{ .Values.dbUser.password | default (randAlphaNum 32 | b64enc)| quote }} 12 | -------------------------------------------------------------------------------- /helm-charts/atlas-advanced/templates/atlas-mongodb-user.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDatabaseUser 3 | metadata: 4 | name: {{ include "atlas-advanced.fullname" $ }}-{{ .Values.dbUser.name }} 5 | namespace: {{ $.Release.Namespace }} 6 | labels: 7 | {{- include "atlas-advanced.labels" $ | nindent 4 }} 8 | spec: 9 | username: {{ .Values.dbUser.name }} 10 | databaseName: {{ .Values.dbUser.databaseName }} 11 | passwordSecretRef: 12 | name: {{ include "atlas-advanced.fullname" $ }}-{{ .Values.dbUser.name }} 13 | projectRef: 14 | name: {{ include "atlas-advanced.projectfullname" $ }} 15 | namespace: {{ $.Release.Namespace }} 16 | roles: 17 | - roleName: "readWriteAnyDatabase" 18 | databaseName: "admin" 19 | -------------------------------------------------------------------------------- /helm-charts/atlas-advanced/templates/atlas-project.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasProject 3 | metadata: 4 | name: {{ include "atlas-advanced.projectfullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "atlas-advanced.labels" . | nindent 4 }} 8 | spec: 9 | name: {{ include "atlas-advanced.projectfullname" . }} 10 | connectionSecretRef: 11 | name: {{ include "atlas-advanced.fullname" . }}-secret 12 | namespace: {{ $.Release.Namespace }} 13 | projectIpAccessList: 14 | - comment: "Example" 15 | cidrBlock: {{ .Values.project.cidrEntry }} 16 | -------------------------------------------------------------------------------- /helm-charts/atlas-advanced/templates/atlas-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: Opaque 4 | metadata: 5 | name: {{ include "atlas-advanced.fullname" . }}-secret 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | atlas.mongodb.com/type: "credentials" 9 | data: 10 | orgId: {{ .Values.secret.orgID | b64enc }} 11 | publicApiKey: {{ .Values.secret.publicKey | b64enc }} 12 | privateApiKey: {{ .Values.secret.privateKey | b64enc }} 13 | -------------------------------------------------------------------------------- /helm-charts/atlas-basic/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /helm-charts/atlas-basic/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: atlas-basic 3 | description: This chart showcases Atlas Basic (shared) deployment 4 | 5 | type: application 6 | 7 | version: 1.0.0 8 | 9 | keywords: 10 | - mongodb 11 | - database 12 | - nosql 13 | home: https://github.com/mongodb/mongodb-atlas-kubernetes 14 | icon: https://webimages.mongodb.com/_com_assets/cms/kuyjf3vea2hg34taa-horizontal_default_slate_blue.svg 15 | appVersion: "2.4.1" 16 | maintainers: 17 | - name: MongoDB 18 | email: support@mongodb.com 19 | -------------------------------------------------------------------------------- /helm-charts/atlas-basic/templates/atlas-deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: {{ include "atlas-basic.fullname" $ }} 5 | labels: 6 | {{- include "atlas-basic.labels" $ | nindent 4 }} 7 | namespace: {{ $.Release.Namespace }} 8 | spec: 9 | projectRef: 10 | name: {{ include "atlas-basic.projectfullname" $ }} 11 | namespace: {{ $.Release.Namespace }} 12 | deploymentSpec: 13 | name: {{ include "atlas-basic.fullname" $ }} 14 | clusterType: REPLICASET 15 | replicationSpecs: 16 | - zoneName: Zone 1 17 | regionConfigs: 18 | - electableSpecs: 19 | instanceSize: {{ include "getInstanceSizeOrFail" $ }} 20 | nodeCount: 1 21 | providerName: TENANT 22 | backingProviderName: {{ include "getProviderNameOrFail" $ }} 23 | regionName: {{ .Values.deployment.regionName }} 24 | priority: 7 25 | -------------------------------------------------------------------------------- /helm-charts/atlas-basic/templates/atlas-mongodb-user-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | metadata: 4 | name: {{ include "atlas-basic.fullname" $ }}-{{ .Values.dbUser.name }} 5 | namespace: {{ $.Release.Namespace }} 6 | labels: 7 | atlas.mongodb.com/type: "credentials" 8 | {{- include "atlas-basic.labels" $ | nindent 4 }} 9 | type: Opaque 10 | stringData: 11 | password: {{ .Values.dbUser.password | default (randAlphaNum 32 | b64enc)| quote }} 12 | -------------------------------------------------------------------------------- /helm-charts/atlas-basic/templates/atlas-mongodb-user.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDatabaseUser 3 | metadata: 4 | name: {{ include "atlas-basic.fullname" $ }}-{{ .Values.dbUser.name }} 5 | namespace: {{ $.Release.Namespace }} 6 | labels: 7 | {{- include "atlas-basic.labels" $ | nindent 4 }} 8 | spec: 9 | username: {{ .Values.dbUser.name }} 10 | databaseName: {{ .Values.dbUser.databaseName }} 11 | passwordSecretRef: 12 | name: {{ include "atlas-basic.fullname" $ }}-{{ .Values.dbUser.name }} 13 | projectRef: 14 | name: {{ include "atlas-basic.projectfullname" $ }} 15 | namespace: {{ $.Release.Namespace }} 16 | roles: 17 | - roleName: "readWriteAnyDatabase" 18 | databaseName: "admin" 19 | -------------------------------------------------------------------------------- /helm-charts/atlas-basic/templates/atlas-project.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasProject 3 | metadata: 4 | name: {{ include "atlas-basic.projectfullname" . }} 5 | namespace: {{ .Release.Namespace }} 6 | labels: 7 | {{- include "atlas-basic.labels" . | nindent 4 }} 8 | spec: 9 | name: {{ include "atlas-basic.projectfullname" . }} 10 | connectionSecretRef: 11 | name: {{ include "atlas-basic.fullname" . }}-secret 12 | namespace: {{ $.Release.Namespace }} 13 | projectIpAccessList: 14 | - comment: "Example" 15 | cidrBlock: {{ .Values.project.cidrEntry }} 16 | -------------------------------------------------------------------------------- /helm-charts/atlas-basic/templates/atlas-secret.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Secret 3 | type: Opaque 4 | metadata: 5 | name: {{ include "atlas-basic.fullname" . }}-secret 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | atlas.mongodb.com/type: "credentials" 9 | data: 10 | orgId: {{ .Values.secret.orgID | b64enc }} 11 | publicApiKey: {{ .Values.secret.publicKey | b64enc }} 12 | privateApiKey: {{ .Values.secret.privateKey | b64enc }} 13 | -------------------------------------------------------------------------------- /helm-charts/atlas-deployment/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /helm-charts/atlas-deployment/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: atlas-deployment 3 | description: A Helm chart to manage Atlas resources with Atlas operator 4 | 5 | type: application 6 | 7 | version: 2.8.0 8 | 9 | keywords: 10 | - mongodb 11 | - database 12 | - nosql 13 | home: https://github.com/mongodb/mongodb-enterprise-kubernetes 14 | icon: https://webimages.mongodb.com/_com_assets/cms/kuyjf3vea2hg34taa-horizontal_default_slate_blue.svg 15 | appVersion: "2.8.0" 16 | maintainers: 17 | - name: MongoDB 18 | email: support@mongodb.com 19 | -------------------------------------------------------------------------------- /helm-charts/atlas-deployment/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 2 | Thank you for installing {{ .Chart.Name }}. 3 | 4 | Your release is named {{ .Release.Name }}. 5 | 6 | {{- if .Values.users }} 7 | User connection secrets are: 8 | {{- range $index, $user := .Values.users }} 9 | User {{ $index }}: {{ $user.username }} 10 | Secret name: {{ include "atlas-deployment.fullname" $ }}-{{ $user.username }} 11 | Secret namespace: {{ $.Release.Namespace }} 12 | 13 | {{- end }} 14 | {{- end }} 15 | To learn more about the release, try: 16 | 17 | $ helm status {{ .Release.Name }} 18 | $ helm get all {{ .Release.Name }} 19 | -------------------------------------------------------------------------------- /helm-charts/atlas-deployment/templates/atlas-mongodb-user-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.project.create }} 2 | {{- range .Values.users }} 3 | --- 4 | apiVersion: v1 5 | kind: Secret 6 | metadata: 7 | name: {{ include "atlas-deployment.fullname" $ }}-{{ .username }} 8 | namespace: {{ $.Release.Namespace }} 9 | labels: 10 | atlas.mongodb.com/type: "credentials" 11 | {{- include "atlas-deployment.labels" $ | nindent 4 }} 12 | type: Opaque 13 | stringData: 14 | password: {{ .password | default (randAlphaNum 32 | b64enc)| quote }} 15 | {{- end }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /helm-charts/atlas-deployment/templates/atlas-mongodb-user.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.project.create }} 2 | {{- range .Values.users }} 3 | --- 4 | apiVersion: atlas.mongodb.com/v1 5 | kind: AtlasDatabaseUser 6 | metadata: 7 | name: {{ include "atlas-deployment.fullname" $ }}-{{ .username }} 8 | namespace: {{ $.Release.Namespace }} 9 | labels: 10 | {{- include "atlas-deployment.labels" $ | nindent 4 }} 11 | spec: 12 | username: {{ .username }} 13 | databaseName: {{ .databaseName }} 14 | passwordSecretRef: 15 | name: {{ include "atlas-deployment.fullname" $ }}-{{ .username }} 16 | projectRef: 17 | name: {{ include "atlas-deployment.projectfullname" $ }} 18 | roles: 19 | {{- toYaml .roles | nindent 4 }} 20 | {{- if .deleteAfterDate }} 21 | deleteAfterDate: {{ .deleteAfterDate }} 22 | {{- end }} 23 | {{- if .labels }} 24 | labels: 25 | {{- toYaml .labels | nindent 4 }} 26 | {{- end }} 27 | {{- if .scopes }} 28 | scopes: 29 | {{- toYaml .scopes | nindent 4 }} 30 | {{- end }} 31 | {{- end }} 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /helm-charts/atlas-deployment/templates/atlas-project.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.project.create }} 2 | apiVersion: atlas.mongodb.com/v1 3 | kind: AtlasProject 4 | metadata: 5 | name: {{ include "atlas-deployment.projectfullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | labels: 8 | {{- include "atlas-deployment.labels" . | nindent 4 }} 9 | {{- if .Values.project.annotations }} 10 | annotations: 11 | {{ toYaml .Values.project.annotations | indent 4 }} 12 | {{- end }} 13 | spec: 14 | name: {{ .Values.project.atlasProjectName }} 15 | {{- if not .Values.atlas.secret.global }} 16 | connectionSecretRef: 17 | {{- if .Values.atlas.secret.existing }} 18 | name: {{ .Values.atlas.secret.existing }} 19 | {{- else if .Values.atlas.secret.setCustomName }} 20 | name: {{ .Values.atlas.secret.setCustomName }} 21 | {{- else }} 22 | name: {{ include "atlas-deployment.fullname" . }}-secret 23 | {{- end }} 24 | {{- end }} 25 | projectIpAccessList: 26 | {{- with .Values.project.projectIpAccessList }} 27 | {{- toYaml . | nindent 2 }} 28 | {{- end }} 29 | {{- end }} 30 | -------------------------------------------------------------------------------- /helm-charts/atlas-deployment/templates/atlas-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (not .Values.atlas.secret.global) (not .Values.atlas.secret.existing) }} 2 | apiVersion: v1 3 | kind: Secret 4 | type: Opaque 5 | metadata: 6 | {{- if .Values.atlas.secret.setCustomName }} 7 | name: {{ .Values.atlas.secret.setCustomName}} 8 | {{- else }} 9 | name: {{ include "atlas-deployment.fullname" . }}-secret 10 | {{- end }} 11 | namespace: {{ .Release.Namespace }} 12 | labels: 13 | atlas.mongodb.com/type: "credentials" 14 | {{- include "atlas-deployment.labels" . | nindent 4 }} 15 | annotations: 16 | 'helm.sh/hook': post-delete,pre-install,pre-upgrade 17 | data: 18 | orgId: {{ .Values.atlas.secret.orgId| b64enc }} 19 | publicApiKey: {{ .Values.atlas.secret.publicApiKey| b64enc }} 20 | privateApiKey: {{ .Values.atlas.secret.privateApiKey| b64enc }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /helm-charts/atlas-operator-crds/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /helm-charts/atlas-operator-crds/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: mongodb-atlas-operator-crds 3 | description: MongoDB Atlas Operator CRDs - Helm chart for installing and upgrading Custom Resource Definitions (CRDs) for the Atlas Operator. 4 | type: application 5 | version: 2.8.2 6 | appVersion: 2.8.2 7 | kubeVersion: ">=1.15.0-0" 8 | keywords: 9 | - mongodb 10 | - atlas 11 | - database 12 | - cluster 13 | - nosql 14 | home: https://github.com/mongodb/mongodb-atlas-kubernetes 15 | icon: https://camo.githubusercontent.com/d473c25e361fb2206f06bdcf24028e8d52bc30d1/68747470733a2f2f6d6f6e676f64622d6b756265726e657465732d6f70657261746f722e73332e616d617a6f6e6177732e636f6d2f696d672f4c6561662d466f7265737425343032782e706e67 16 | maintainers: 17 | - name: MongoDB 18 | email: support@mongodb.com 19 | -------------------------------------------------------------------------------- /helm-charts/atlas-operator-crds/README.md: -------------------------------------------------------------------------------- 1 | # MongoDB Atlas Operator CRDs Helm Chart 2 | 3 | A Helm chart for installing and upgrading Custom Resource Definitions (CRDs) for 4 | the [MongoDB Atlas 5 | Operator](https://github.com/mongodb/mongodb-atlas-kubernetes). These CRDs are 6 | required by the [Atlas Operator](../atlas-operator/) to work. 7 | 8 | This Helm chart can be installed manually, following these instructions. If needed, it can 9 | also be installed automatically as a dependency by the [Atlas 10 | Operator](../atlas-operator/). 11 | 12 | ## Usage 13 | 14 | _If you haven't done it yet, [add the MongoDB Helm repository](../README.md)._ 15 | 16 | Installing the CRDs into the Kubernetes Cluster: 17 | 18 | ``` 19 | helm install atlas-operator-crds mongodb/mongodb-atlas-operator-crds 20 | ``` 21 | 22 | Upgrading the CRDs: 23 | 24 | ``` 25 | helm upgrade atlas-operator-crds mongodb/mongodb-atlas-operator-crds 26 | ``` 27 | -------------------------------------------------------------------------------- /helm-charts/atlas-operator-crds/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Thank you for installing {{ .Chart.Name }}. -------------------------------------------------------------------------------- /helm-charts/atlas-operator-crds/values.yaml: -------------------------------------------------------------------------------- 1 | # Resources additional labels 2 | extraLabels: {} 3 | -------------------------------------------------------------------------------- /helm-charts/atlas-operator/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /helm-charts/atlas-operator/Chart.lock: -------------------------------------------------------------------------------- 1 | dependencies: 2 | - name: mongodb-atlas-operator-crds 3 | repository: https://mongodb.github.io/helm-charts 4 | version: 2.4.1 5 | digest: sha256:4ae6643aae938eecdf6ee5ca73228da694bcbb9bcfff1b8b5e6f33e0940d8d9f 6 | generated: "2024-10-09T21:04:17.267528+02:00" 7 | -------------------------------------------------------------------------------- /helm-charts/atlas-operator/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: mongodb-atlas-operator 3 | description: |- 4 | MongoDB Atlas Operator - a Helm chart for installing and upgrading Atlas Operator: the official Kubernetes operator allowing to manage MongoDB Atlas resources from Kubernetes 5 | type: application 6 | version: 2.8.2 7 | appVersion: 2.8.2 8 | kubeVersion: ">=1.15.0-0" 9 | keywords: 10 | - mongodb 11 | - atlas 12 | - database 13 | - cluster 14 | - nosql 15 | home: https://github.com/mongodb/mongodb-atlas-kubernetes 16 | icon: https://webimages.mongodb.com/_com_assets/cms/kuyjf3vea2hg34taa-horizontal_default_slate_blue.svg 17 | maintainers: 18 | - name: MongoDB 19 | email: support@mongodb.com 20 | dependencies: 21 | - name: mongodb-atlas-operator-crds 22 | version: "2.8.1" 23 | repository: "file://../../helm-charts/atlas-operator-crds" 24 | condition: mongodb-atlas-operator-crds.enabled 25 | -------------------------------------------------------------------------------- /helm-charts/atlas-operator/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | Thank you for installing {{ .Chart.Name }}. -------------------------------------------------------------------------------- /helm-charts/atlas-operator/templates/cluster-roles.yaml: -------------------------------------------------------------------------------- 1 | {{- $operatorName := include "mongodb-atlas-operator.name" . -}} 2 | 3 | {{- if not .Values.watchNamespaces }} 4 | 5 | apiVersion: rbac.authorization.k8s.io/v1 6 | kind: ClusterRole 7 | metadata: 8 | name: "{{ $operatorName }}" 9 | labels: 10 | {{- include "mongodb-atlas-operator.labels" $ | nindent 4 }} 11 | rules: 12 | {{- range (.Files.Lines "rbac.yaml") }} 13 | {{ . -}} 14 | {{- end }} 15 | 16 | --- 17 | apiVersion: rbac.authorization.k8s.io/v1 18 | kind: ClusterRoleBinding 19 | metadata: 20 | name: {{ $operatorName }} 21 | labels: 22 | {{- include "mongodb-atlas-operator.labels" $ | nindent 4 }} 23 | roleRef: 24 | apiGroup: rbac.authorization.k8s.io 25 | kind: ClusterRole 26 | name: {{ $operatorName }} 27 | subjects: 28 | - kind: ServiceAccount 29 | name: {{ include "mongodb-atlas-operator.serviceAccountName" . }} 30 | namespace: {{ $.Release.Namespace }} 31 | 32 | {{- end }} 33 | -------------------------------------------------------------------------------- /helm-charts/atlas-operator/templates/global-secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.globalConnectionSecret.publicApiKey}} 2 | apiVersion: v1 3 | kind: Secret 4 | type: Opaque 5 | metadata: 6 | name: "{{ include "mongodb-atlas-operator.name" . }}-api-key" 7 | labels: 8 | atlas.mongodb.com/type: "credentials" 9 | {{- include "mongodb-atlas-operator.labels" . | nindent 4 }} 10 | data: 11 | orgId: {{ .Values.globalConnectionSecret.orgId| b64enc }} 12 | publicApiKey: {{ .Values.globalConnectionSecret.publicApiKey| b64enc }} 13 | privateApiKey: {{ .Values.globalConnectionSecret.privateApiKey| b64enc }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /helm-charts/atlas-operator/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "mongodb-atlas-operator.serviceAccountName" . }} 6 | labels: 7 | {{- include "mongodb-atlas-operator.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /internal/collection/collection.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package collection 16 | 17 | func CopyWithSkip[T comparable](list []T, skip T) []T { 18 | newList := make([]T, 0, len(list)) 19 | 20 | for _, item := range list { 21 | if item != skip { 22 | newList = append(newList, item) 23 | } 24 | } 25 | 26 | return newList 27 | } 28 | 29 | func Keys[K comparable, V any](m map[K]V) []K { 30 | s := make([]K, 0, len(m)) 31 | 32 | for k := range m { 33 | s = append(s, k) 34 | } 35 | 36 | return s 37 | } 38 | 39 | func MapDiff[K comparable, V any](a, b map[K]V) map[K]V { 40 | d := make(map[K]V, len(a)) 41 | for i, val := range a { 42 | if _, ok := b[i]; !ok { 43 | d[i] = val 44 | } 45 | } 46 | 47 | return d 48 | } 49 | -------------------------------------------------------------------------------- /internal/compare/comparation.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package compare 16 | 17 | func IsEqualWithoutOrder[T comparable](a, b []T) bool { 18 | if len(a) != len(b) { 19 | return false 20 | } 21 | m := make(map[T]bool, len(a)) 22 | for _, item := range a { 23 | m[item] = true 24 | } 25 | for _, item := range b { 26 | if _, ok := m[item]; !ok { 27 | return false 28 | } 29 | } 30 | return true 31 | } 32 | 33 | func PtrValuesEqual[T comparable](a, b *T) bool { 34 | if a == nil && b == nil { 35 | return true 36 | } 37 | if a == nil || b == nil { 38 | return false 39 | } 40 | return *a == *b 41 | } 42 | 43 | func Contains[T comparable](a []T, b T) bool { 44 | for _, item := range a { 45 | if item == b { 46 | return true 47 | } 48 | } 49 | return false 50 | } 51 | -------------------------------------------------------------------------------- /internal/compat/jsoncopy.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package compat 16 | 17 | import "encoding/json" 18 | 19 | // JSONCopy will copy src to dst via JSON serialization/deserialization. 20 | func JSONCopy(dst, src interface{}) error { 21 | b, err := json.Marshal(src) 22 | if err != nil { 23 | return err 24 | } 25 | 26 | err = json.Unmarshal(b, &dst) 27 | if err != nil { 28 | return err 29 | } 30 | 31 | return nil 32 | } 33 | -------------------------------------------------------------------------------- /internal/controller/atlas/client.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package atlas 16 | 17 | import "go.mongodb.org/atlas-sdk/v20231115008/admin" 18 | 19 | func NewClient(domain, publicKey, privateKey string) (*admin.APIClient, error) { 20 | return admin.NewClient( 21 | admin.UseBaseURL(domain), 22 | admin.UseDigestAuth(publicKey, privateKey), 23 | admin.UseUserAgent(operatorUserAgent()), 24 | ) 25 | } 26 | -------------------------------------------------------------------------------- /internal/controller/validate/tags.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package validate 16 | 17 | import ( 18 | "errors" 19 | 20 | akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1" 21 | ) 22 | 23 | func Tags(tags []*akov2.TagSpec) error { 24 | tagsMap := make(map[string]struct{}, len(tags)) 25 | 26 | for _, currTag := range tags { 27 | if _, ok := tagsMap[currTag.Key]; ok { 28 | return errors.New("duplicate keys found in tags, this is forbidden") 29 | } 30 | 31 | tagsMap[currTag.Key] = struct{}{} 32 | } 33 | 34 | return nil 35 | } 36 | -------------------------------------------------------------------------------- /internal/featureflags/featureflag_test.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package featureflags 16 | 17 | import ( 18 | "testing" 19 | 20 | "github.com/stretchr/testify/assert" 21 | ) 22 | 23 | func Test_FeatureFlags(t *testing.T) { 24 | t.Run("Should parse feature without a value", func(t *testing.T) { 25 | f := NewFeatureFlags(func() []string { 26 | return []string{"FEATURE_TEST"} 27 | }) 28 | assert.True(t, f.IsFeaturePresent("FEATURE_TEST")) 29 | }) 30 | 31 | t.Run("Should parse feature with a value", func(t *testing.T) { 32 | f := NewFeatureFlags(func() []string { 33 | return []string{"FEATURE_TEST=true"} 34 | }) 35 | assert.True(t, f.IsFeaturePresent("FEATURE_TEST")) 36 | assert.Equal(t, "true", f.GetFeatureValue("FEATURE_TEST")) 37 | }) 38 | } 39 | -------------------------------------------------------------------------------- /internal/httputil/decoratedclient.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package httputil 16 | 17 | import "net/http" 18 | 19 | type ClientOpt func(*http.Client) error 20 | 21 | // DecorateClient performs some custom modifications to an http Client 22 | func DecorateClient(c *http.Client, opts ...ClientOpt) (*http.Client, error) { 23 | for _, opt := range opts { 24 | if err := opt(c); err != nil { 25 | return nil, err 26 | } 27 | } 28 | return c, nil 29 | } 30 | -------------------------------------------------------------------------------- /internal/httputil/digestclient.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package httputil 16 | 17 | import ( 18 | "net/http" 19 | 20 | "github.com/mongodb-forks/digest" 21 | ) 22 | 23 | // Digest is the option adding digest authentication capability to an http client 24 | func Digest(publicKey, privateKey string) ClientOpt { 25 | return func(c *http.Client) error { 26 | t := &digest.Transport{ 27 | Username: publicKey, 28 | Password: privateKey, 29 | Transport: c.Transport, 30 | } 31 | c.Transport = t 32 | return nil 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /internal/httputil/transportclient.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package httputil 16 | 17 | import "net/http" 18 | 19 | // CustomTransport is the option adding a custom transport on a http Client 20 | func CustomTransport(t http.RoundTripper) ClientOpt { 21 | return func(c *http.Client) error { 22 | c.Transport = t 23 | return nil 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /internal/indexer/atlascustomrolecredentials.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package indexer 16 | 17 | import ( 18 | "go.uber.org/zap" 19 | "sigs.k8s.io/controller-runtime/pkg/reconcile" 20 | 21 | akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1" 22 | ) 23 | 24 | const ( 25 | AtlasCustomRoleCredentialsIndex = "atlascustomrole.credentials" 26 | ) 27 | 28 | func NewAtlasCustomRoleByCredentialIndexer(logger *zap.Logger) *LocalCredentialIndexer { 29 | return NewLocalCredentialsIndexer(AtlasCustomRoleCredentialsIndex, &akov2.AtlasCustomRole{}, logger) 30 | } 31 | 32 | func CustomRoleRequests(list *akov2.AtlasCustomRoleList) []reconcile.Request { 33 | requests := make([]reconcile.Request, 0, len(list.Items)) 34 | for _, item := range list.Items { 35 | requests = append(requests, toRequest(&item)) 36 | } 37 | return requests 38 | } 39 | -------------------------------------------------------------------------------- /internal/indexer/atlasdatabaseusercredentials.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package indexer 16 | 17 | import ( 18 | "go.uber.org/zap" 19 | "sigs.k8s.io/controller-runtime/pkg/reconcile" 20 | 21 | akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1" 22 | ) 23 | 24 | const ( 25 | AtlasDatabaseUserCredentialsIndex = "atlasdatabaseuser.credentials" 26 | ) 27 | 28 | func NewAtlasDatabaseUserByCredentialIndexer(logger *zap.Logger) *LocalCredentialIndexer { 29 | return NewLocalCredentialsIndexer(AtlasDatabaseUserCredentialsIndex, &akov2.AtlasDatabaseUser{}, logger) 30 | } 31 | 32 | func DatabaseUserRequests(list *akov2.AtlasDatabaseUserList) []reconcile.Request { 33 | requests := make([]reconcile.Request, 0, len(list.Items)) 34 | for _, item := range list.Items { 35 | requests = append(requests, toRequest(&item)) 36 | } 37 | return requests 38 | } 39 | -------------------------------------------------------------------------------- /internal/indexer/atlasdeploymentcredentials.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package indexer 16 | 17 | import ( 18 | "go.uber.org/zap" 19 | "sigs.k8s.io/controller-runtime/pkg/reconcile" 20 | 21 | akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1" 22 | ) 23 | 24 | const ( 25 | AtlasDeploymentCredentialsIndex = "atlasdeployment.credentials" 26 | ) 27 | 28 | func NewAtlasDeploymentByCredentialIndexer(logger *zap.Logger) *LocalCredentialIndexer { 29 | return NewLocalCredentialsIndexer(AtlasDeploymentCredentialsIndex, &akov2.AtlasDeployment{}, logger) 30 | } 31 | 32 | func DeploymentRequests(list *akov2.AtlasDeploymentList) []reconcile.Request { 33 | requests := make([]reconcile.Request, 0, len(list.Items)) 34 | for _, item := range list.Items { 35 | requests = append(requests, toRequest(&item)) 36 | } 37 | return requests 38 | } 39 | -------------------------------------------------------------------------------- /internal/mocks/translation/audit.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package translation 16 | 17 | import ( 18 | "context" 19 | 20 | "github.com/mongodb/mongodb-atlas-kubernetes/v2/internal/translation/audit" 21 | ) 22 | 23 | type AuditLogMock struct { 24 | GetFunc func(projectID string) (*audit.AuditConfig, error) 25 | UpdateFunc func(projectID string, auditing *audit.AuditConfig) error 26 | } 27 | 28 | func (c *AuditLogMock) Get(_ context.Context, projectID string) (*audit.AuditConfig, error) { 29 | return c.GetFunc(projectID) 30 | } 31 | func (c *AuditLogMock) Update(_ context.Context, projectID string, auditing *audit.AuditConfig) error { 32 | return c.UpdateFunc(projectID, auditing) 33 | } 34 | -------------------------------------------------------------------------------- /internal/stringutil/stringutil.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package stringutil 16 | 17 | import "time" 18 | 19 | // Contains returns true if there is at least one string in `slice` 20 | // that is equal to `s`. 21 | func Contains(slice []string, s string) bool { 22 | for _, item := range slice { 23 | if item == s { 24 | return true 25 | } 26 | } 27 | return false 28 | } 29 | 30 | // StringToTime parses the given string and returns the resulting time. 31 | // The expected format is identical to the format returned by Atlas API, documented as ISO 8601 timestamp format in UTC. 32 | // Example formats: "2023-07-18T16:12:23Z", "2023-07-18T16:12:23.456Z" 33 | func StringToTime(val string) (time.Time, error) { 34 | return time.Parse(time.RFC3339Nano, val) 35 | } 36 | -------------------------------------------------------------------------------- /internal/translation/errors.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package translation 16 | 17 | import "errors" 18 | 19 | // ErrNotFound is the error returned if no entity could be found. 20 | var ErrNotFound = errors.New("not found") 21 | -------------------------------------------------------------------------------- /internal/version/version.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package version 16 | 17 | import ( 18 | "regexp" 19 | "strings" 20 | ) 21 | 22 | const DefaultVersion = "unknown" 23 | 24 | // Version set by the linker during link time. 25 | var Version = DefaultVersion 26 | 27 | func IsRelease(v string) bool { 28 | return v != DefaultVersion && 29 | regexp.MustCompile(`^[0-9]+\.[0-9]+\.[0-9]+[-certified]*$`).Match([]byte(strings.TrimSpace(v))) 30 | } 31 | -------------------------------------------------------------------------------- /major-version: -------------------------------------------------------------------------------- 1 | 2 2 | 3 | -------------------------------------------------------------------------------- /scripts/get-docker-sbom-plugin.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -euxo pipefail 18 | 19 | version=${DOCKER_SBOM_PLUGIN_VERSION} 20 | os=${OS:-linux} 21 | arch=${ARCH:-amd64} 22 | target=tmp/sbom-cli-plugin.tgz 23 | 24 | mkdir -p tmp 25 | download_url_base=https://github.com/docker/sbom-cli-plugin/releases/download 26 | url="${download_url_base}/v${version}/sbom-cli-plugin_${version}_${os}_${arch}.tar.gz" 27 | 28 | curl -L "${url}" -o "${target}" 29 | tar zxvf "${target}" docker-sbom 30 | chmod +x docker-sbom 31 | ./docker-sbom 32 | -------------------------------------------------------------------------------- /scripts/gh-access-token.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -euo pipefail 18 | 19 | repo_installation_id() { 20 | REPO=$1 21 | JWT=$2 22 | curl -s -X GET -H "Accept: application/vnd.github+json" \ 23 | -H "Authorization: Bearer ${JWT}" \ 24 | -H "X-GitHub-Api-Version: 2022-11-28" \ 25 | "https://api.github.com/repos/${REPO}/installation" | jq .id 26 | } 27 | 28 | repo_access_token() { 29 | REPO=$1 30 | JWT=$2 31 | INSTALL_ID=$(repo_installation_id "${REPO}" "${JWT}") 32 | curl -s -X POST -H "Accept: application/vnd.github+json" \ 33 | -H "Authorization: Bearer ${JWT}" \ 34 | -H "X-GitHub-Api-Version: 2022-11-28" \ 35 | "https://api.github.com/app/installations/${INSTALL_ID}/access_tokens" | jq -rc .token 36 | } 37 | 38 | JWT=$(tools/makejwt/makejwt -appId="${APP_ID}" -key="${RSA_PEM_KEY_BASE64}") 39 | 40 | repo_access_token "${REPO}" "${JWT}" 41 | -------------------------------------------------------------------------------- /scripts/github-actions/await_image_push.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -e 18 | 19 | image="$1" 20 | timeout="$2" 21 | 22 | echo "wait for pulling $image for $timeout min" 23 | 24 | ok="OK" 25 | command=$(docker pull "$image" | awk -v RS="" '!/not found/{print "'"$ok"'"}' || true) 26 | 27 | while [[ "$command" != "$ok" ]] && [[ "$time" -lt "$timeout" ]]; do 28 | echo "...wait for pulling $image" 29 | sleep 1m 30 | ((time = time + 3)) 31 | command=$(docker pull "$image" | awk -v RS="" '!/not found/{print "'"$ok"'"}' || true) 32 | done 33 | 34 | if [[ "$command" != "$ok" ]]; then 35 | exit 1 36 | fi 37 | 38 | echo OK 39 | -------------------------------------------------------------------------------- /scripts/helm-upd-rbac.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -eou pipefail 18 | 19 | echo "Working dir: $(pwd)" 20 | 21 | if [[ -z "${HELM_RBAC_FILE}" ]]; then 22 | echo "HELM_RBAC_FILE is not set" 23 | exit 1 24 | fi 25 | 26 | if [ ! -f "${HELM_RBAC_FILE}" ]; then 27 | echo "File ${HELM_RBAC_FILE} does not exist. Skipping RBAC validation" 28 | exit 0 29 | fi 30 | 31 | yq '.spec.install.spec.clusterPermissions[0].rules' ./bundle/manifests/mongodb-atlas-kubernetes.clusterserviceversion.yaml > rbac.yaml 32 | 33 | echo "Comparing RBAC for CSV to RBAC in AKO helm chart" 34 | if ! diff rbac.yaml "$HELM_RBAC_FILE"; then 35 | echo "Copying RBAC" 36 | cp rbac.yaml "$HELM_RBAC_FILE" 37 | else 38 | echo "No changes detected" 39 | fi 40 | -------------------------------------------------------------------------------- /scripts/launch-ci-e2e.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -euo pipefail 18 | 19 | helm version 20 | go version 21 | cd test/e2e 22 | 23 | # no `long-run`, no `broken` tests. `Long-run` tests run as a separate job 24 | if [[ $TEST_NAME == "long-run" ]]; then 25 | filter="long-run && !broken"; 26 | else 27 | filter="$TEST_NAME && !long-run && !broken"; 28 | fi 29 | 30 | AKO_E2E_TEST=1 ginkgo --output-interceptor-mode=none --label-filter="${filter}" --timeout 120m --nodes=10 \ 31 | --flake-attempts=1 --race --cover --v --coverpkg=github.com/mongodb/mongodb-atlas-kubernetes/v2/pkg/... \ 32 | --coverprofile=coverprofile.out 33 | -------------------------------------------------------------------------------- /scripts/list-actions.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | # List used actions recursively, iunclkuding transitively used actions 17 | 18 | set -eao pipefail 19 | 20 | actions=() 21 | while IFS='' read -r line; do actions+=("${line}"); done < <(grep -r "uses: " .github |awk -F: '{print $3}' |sort -u |grep -v '.github/' | awk -F@ '{print $1}' |sort -u) 22 | 23 | for action in "${actions[@]}"; do 24 | while IFS='' read -r line; do actions+=("${line}"); done < <(curl -s "https://raw.githubusercontent.com/${action}/main/action.yml" | grep 'uses: ' |awk -F: '{print $3}' | awk -F@ '{print $1}' |sort -u) 25 | done 26 | 27 | for action in "${actions[@]}"; do 28 | echo "${action}" 29 | done 30 | 31 | -------------------------------------------------------------------------------- /scripts/openshift/catalogsource.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: CatalogSource 3 | metadata: 4 | name: mongodb-atlas-kubernetes-local 5 | spec: 6 | sourceType: grpc 7 | image: docker.io/ikarpukhin/mongodb-atlas-catalog:0.5.0 8 | displayName: MongoDB Atlas operator 9 | publisher: MongoDB 10 | updateStrategy: 11 | registryPoll: 12 | interval: 10m 13 | -------------------------------------------------------------------------------- /scripts/openshift/install-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | baseDomain: mongokubernetes.com 3 | compute: 4 | - architecture: amd64 5 | hyperthreading: Enabled 6 | name: worker 7 | platform: 8 | aws: 9 | type: m5.large 10 | replicas: 2 11 | controlPlane: 12 | architecture: amd64 13 | hyperthreading: Enabled 14 | name: master 15 | platform: 16 | aws: 17 | type: t3.xlarge 18 | replicas: 3 19 | metadata: 20 | creationTimestamp: null 21 | name: atlas.operator 22 | networking: 23 | clusterNetwork: 24 | - cidr: 10.128.0.0/14 25 | hostPrefix: 23 26 | machineNetwork: 27 | - cidr: 10.0.0.0/16 28 | networkType: OpenShiftSDN 29 | serviceNetwork: 30 | - 172.30.0.0/16 31 | platform: 32 | aws: 33 | region: eu-west-3 34 | publish: External 35 | pullSecret: 36 | sshKey: | 37 | ssh-rsa 38 | -------------------------------------------------------------------------------- /scripts/openshift/operatorgroup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1 2 | kind: OperatorGroup 3 | metadata: 4 | name: mongodb-group 5 | namespace: mongodb-atlas-operator-system-test 6 | spec: 7 | targetNamespaces: 8 | - "mongodb-atlas-operator-system-test" 9 | -------------------------------------------------------------------------------- /scripts/openshift/subscription.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: operators.coreos.com/v1alpha1 2 | kind: Subscription 3 | metadata: 4 | name: mongodb-atlas-operator-local 5 | namespace: mongodb-atlas-operator-system-test 6 | spec: 7 | channel: beta 8 | name: mongodb-atlas-kubernetes 9 | source: mongodb-atlas-kubernetes-local 10 | sourceNamespace: openshift-marketplace 11 | installPlanApproval: Automatic 12 | -------------------------------------------------------------------------------- /scripts/release-helm.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -euo pipefail 18 | 19 | ACCESS_TOKEN=$(REPO="mongodb/helm-charts" ./scripts/gh-access-token.sh) 20 | 21 | curl -s --fail-with-body -X POST -H "Accept: application/vnd.github+json" \ 22 | -H "Authorization: Bearer ${ACCESS_TOKEN}"\ 23 | -H "X-GitHub-Api-Version: 2022-11-28" \ 24 | -d '{"ref":"main","inputs":{"version":"'"${VERSION}"'"}}' \ 25 | https://api.github.com/repos/mongodb/helm-charts/actions/workflows/post-atlas-operator-release.yaml/dispatches 26 | -------------------------------------------------------------------------------- /scripts/release-redhat-openshift.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -eou pipefail 18 | 19 | version=${1:?"pass the version as the parameter, e.g \"0.5.0\""} 20 | 21 | operatorhub="${RH_COMMUNITY_OPERATORHUB_REPO_PATH}/operators/mongodb-atlas-kubernetes/${version}" 22 | openshift="${RH_COMMUNITY_OPENSHIFT_REPO_PATH}/operators/mongodb-atlas-kubernetes/${version}" 23 | 24 | cd "${RH_COMMUNITY_OPENSHIFT_REPO_PATH}" 25 | 26 | git fetch upstream main 27 | git reset --hard upstream/main 28 | 29 | cp -r "${operatorhub}" "${openshift}" 30 | 31 | git checkout -b "mongodb-atlas-operator-community-${version}" 32 | git add "operators/mongodb-atlas-kubernetes/${version}" 33 | git commit -m "MongoDB Atlas Operator ${version}" --signoff 34 | git push origin "mongodb-atlas-operator-community-${version}" 35 | -------------------------------------------------------------------------------- /scripts/retry.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -euo pipefail 18 | 19 | max_retries=${MAX_RETRIES:-7} 20 | backoff=${BACKOFF:-1} 21 | 22 | retries=0 23 | until (( retries == max_retries )) || "${@}"; do 24 | sleep "$(( (retries++)*backoff ))" 25 | done 26 | exit $? 27 | -------------------------------------------------------------------------------- /scripts/slackit.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | set -euo pipefail 17 | MESSAGE=$(cat) 18 | WEBHOOK=${1} 19 | curl -X POST -d "{\"text\":\"${MESSAGE}\"}" "${WEBHOOK}" 20 | -------------------------------------------------------------------------------- /scripts/split_roles_yaml.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -eou pipefail 18 | 19 | # This is the script that allows to avoid the restrictions from the controller-gen tool that puts both Role and ClusterRole 20 | # to the same role.yaml file (and kustomize doesn't provide an easy way to use only a single resource from file as a base) 21 | # So we simply split the 'config/rbac/roles.yaml' file into two new files 22 | if [[ -f config/rbac/role.yaml ]]; then 23 | awk '/---/{f="xx0"int(++i);} {if(NF!=0)print > f};' config/rbac/role.yaml 24 | # csplit config/rbac/role.yaml '/---/' '{*}' &> /dev/null - infinite repetition '{*}' is not working on BSD/OSx 25 | mv xx01 config/rbac/clusterwide/role.yaml 26 | mv xx02 config/rbac/namespaced/role.yaml 27 | rm config/rbac/role.yaml 28 | fi 29 | -------------------------------------------------------------------------------- /scripts/verify.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -euo pipefail 18 | 19 | REPO=${IMG_REPO:-docker.io/mongodb/mongodb-atlas-kubernetes-operator-prerelease} 20 | img_to_verify=${IMG:-$REPO:$VERSION} 21 | SIGNATURE_REPO=${SIGNATURE_REPO:-$REPO} 22 | 23 | SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) 24 | 25 | KEY_FILE=${KEY_FILE:-ako.pem} 26 | 27 | COSIGN_REPOSITORY="${SIGNATURE_REPO}" "${SCRIPT_DIR}"/retry.sh cosign verify \ 28 | --insecure-ignore-tlog --key="${KEY_FILE}" "${img_to_verify}" 29 | -------------------------------------------------------------------------------- /scripts/version-check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | set -euo pipefail 18 | 19 | BIN_VERSION=$("${BINARY}" -v) 20 | 21 | if [ "${BIN_VERSION}" == "unknown" ]; then 22 | echo "${BINARY} version ${BIN_VERSION}: was not set" 23 | exit 1 24 | elif [[ "${BIN_VERSION}" =~ .*-dirty ]]; then 25 | echo "${BINARY} version ${BIN_VERSION}: is dirty" 26 | exit 1 27 | elif [ "${BIN_VERSION}" != "${VERSION}" ]; then 28 | echo "${BINARY} version ${BIN_VERSION}: does not match expected ${VERSION}" 29 | exit 1 30 | fi 31 | 32 | echo "${BINARY} version ${BIN_VERSION}: OK" 33 | exit 0 34 | -------------------------------------------------------------------------------- /scripts/vulncheck.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright 2025 MongoDB Inc 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | 16 | 17 | ignore_file=${1:-./vuln-ignore} 18 | 19 | set -e 20 | govulncheck -version 21 | set +e 22 | 23 | ignore_lines=$(grep -v '^#' "${ignore_file}") 24 | check_cmd='govulncheck ./... |grep "Vulnerability #"' 25 | while IFS= read -r line; do 26 | if [ "${line}" != "" ]; then 27 | check_cmd+="|grep -v \"${line}\"" 28 | fi 29 | done <<< "${ignore_lines}" 30 | 31 | echo "${check_cmd}" 32 | vulns=$(eval "${check_cmd}") 33 | count=$(echo "${vulns}" |grep -c "\S") 34 | echo "govulncheck found $((count)) non ignored vulnerabilities" 35 | if (( count != 0 )); then 36 | echo "${vulns}" 37 | echo "FAIL" 38 | exit 1 39 | fi 40 | echo "PASS" 41 | -------------------------------------------------------------------------------- /test/app/Dockerfile: -------------------------------------------------------------------------------- 1 | # Please push to quay.io/mongodb/mongodb-atlas-kubernetes-operator-test-app:v1 2 | 3 | # Build the manager binary 4 | FROM golang:1.24 as builder 5 | 6 | WORKDIR /workspace 7 | # Copy the Go Modules manifests 8 | COPY go.mod go.mod 9 | COPY go.sum go.sum 10 | # cache deps before building and copying source so that we don't need to re-download as much 11 | # and so that source changes don't invalidate our downloaded layer 12 | RUN go mod download 13 | 14 | # Copy the go source 15 | COPY main.go main.go 16 | 17 | # Build 18 | RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 GO111MODULE=on go build -a -o test main.go 19 | 20 | # Use distroless as minimal base image to package the test binary 21 | # Refer to https://github.com/GoogleContainerTools/distroless for more details 22 | FROM gcr.io/distroless/static:nonroot 23 | WORKDIR / 24 | COPY --from=builder /workspace/ . 25 | USER nonroot:nonroot 26 | 27 | ENTRYPOINT ["/test"] 28 | -------------------------------------------------------------------------------- /test/app/go.mod: -------------------------------------------------------------------------------- 1 | module github.com/mongodb/mongodb-atlas-kubernetes/test/app 2 | 3 | go 1.24 4 | 5 | require ( 6 | github.com/gorilla/mux v1.8.0 7 | go.mongodb.org/mongo-driver v1.11.4 8 | ) 9 | 10 | require ( 11 | github.com/golang/snappy v0.0.1 // indirect 12 | github.com/klauspost/compress v1.13.6 // indirect 13 | github.com/montanaflynn/stats v0.0.0-20171201202039-1bf9dbcd8cbe // indirect 14 | github.com/pkg/errors v0.9.1 // indirect 15 | github.com/xdg-go/pbkdf2 v1.0.0 // indirect 16 | github.com/xdg-go/scram v1.1.1 // indirect 17 | github.com/xdg-go/stringprep v1.0.3 // indirect 18 | github.com/youmark/pkcs8 v0.0.0-20181117223130-1be2e3e5546d // indirect 19 | golang.org/x/crypto v0.35.0 // indirect 20 | golang.org/x/sync v0.11.0 // indirect 21 | golang.org/x/text v0.22.0 // indirect 22 | ) 23 | -------------------------------------------------------------------------------- /test/app/helm/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /test/app/helm/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: test-app 3 | description: Test application for atlas operator 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.1.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | appVersion: 0.1.0 24 | -------------------------------------------------------------------------------- /test/app/helm/templates/test-app.yaml: -------------------------------------------------------------------------------- 1 | #spring music test app 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ .Release.Name }} 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | replicas: 1 9 | selector: 10 | matchLabels: 11 | app: {{ .Release.Name }} 12 | template: 13 | metadata: 14 | labels: 15 | app: {{ .Release.Name }} 16 | spec: 17 | containers: 18 | - name: test-app 19 | image: {{ .Values.image }} 20 | envFrom: 21 | - secretRef: 22 | name: {{ .Values.connectionSecret }} 23 | env: 24 | - name: "PORT" 25 | value: {{ quote .Values.nodePort }} 26 | --- 27 | apiVersion: v1 28 | kind: Service 29 | metadata: 30 | name: {{ .Release.Name }} 31 | labels: 32 | app: {{ .Release.Name }} 33 | spec: 34 | type: NodePort 35 | selector: 36 | app: {{ .Release.Name }} 37 | ports: 38 | - protocol: TCP 39 | port: {{ .Values.nodePort }} 40 | targetPort: {{ .Values.nodePort }} 41 | nodePort: {{ .Values.nodePort }} 42 | -------------------------------------------------------------------------------- /test/app/helm/values.yaml: -------------------------------------------------------------------------------- 1 | # application parameters 2 | name: test-app-user1 3 | connectionSecret: new-brand 4 | image: mongodbinternal/test-app:latest 5 | nodePort: "30000" 6 | -------------------------------------------------------------------------------- /test/e2e/output/keep-directory.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mongodb/mongodb-atlas-kubernetes/b7b271983af582f896924de7a7af5186e61f64c5/test/e2e/output/keep-directory.txt -------------------------------------------------------------------------------- /test/helm/flex_values.yaml: -------------------------------------------------------------------------------- 1 | deployments: 2 | - flexSpec: 3 | name: flex-instance 4 | providerSettings: 5 | backingProviderName: AWS 6 | regionName: US_EAST_1 7 | -------------------------------------------------------------------------------- /test/helper/cloud/aws/aws.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package aws 16 | 17 | import ( 18 | "strings" 19 | 20 | "github.com/aws/aws-sdk-go/aws" 21 | "github.com/aws/aws-sdk-go/aws/session" 22 | ) 23 | 24 | func RegionCode(region string) string { 25 | return strings.ReplaceAll(strings.ToLower(region), "_", "-") 26 | } 27 | 28 | func newSession(region string) (*session.Session, error) { 29 | awsSession, err := session.NewSession(aws.NewConfig().WithRegion(region)) 30 | if err != nil { 31 | return nil, err 32 | } 33 | return awsSession, nil 34 | } 35 | -------------------------------------------------------------------------------- /test/helper/cmd/cmd.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package cmd 16 | 17 | import ( 18 | "bytes" 19 | "io" 20 | "os/exec" 21 | "testing" 22 | 23 | "github.com/stretchr/testify/require" 24 | ) 25 | 26 | // RunCommand executes the given command with the given arguments 27 | // and returns the resulting stdout and stderr as an io.Reader. 28 | // 29 | // If the command fails to run, the given test is being failed immediately. 30 | func RunCommand(t *testing.T, name string, args ...string) io.Reader { 31 | var result bytes.Buffer 32 | cmd := exec.Command(name, args...) 33 | cmd.Stdout = &result 34 | cmd.Stderr = &result 35 | err := cmd.Run() 36 | if err != nil { 37 | t.Log(result.String()) 38 | } 39 | require.NoError(t, err) 40 | return &result 41 | } 42 | -------------------------------------------------------------------------------- /test/helper/control/enable.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package control 16 | 17 | import ( 18 | "os" 19 | "strings" 20 | "testing" 21 | ) 22 | 23 | func Enabled(envvar string) bool { 24 | value := strings.ToLower(os.Getenv(envvar)) 25 | return value == "1" 26 | } 27 | 28 | func SkipTestUnless(t *testing.T, envvar string) { 29 | if !Enabled(envvar) { 30 | t.Skipf("Skipping tests, %s is not set", envvar) 31 | } 32 | } 33 | -------------------------------------------------------------------------------- /test/helper/e2e/actions/kube/resources.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package kube 16 | 17 | import ( 18 | "sigs.k8s.io/controller-runtime/pkg/client" 19 | 20 | akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1" 21 | "github.com/mongodb/mongodb-atlas-kubernetes/v2/test/helper/e2e/model" 22 | ) 23 | 24 | func GetProjectResource(data *model.TestDataProvider) (akov2.AtlasProject, error) { 25 | project := akov2.AtlasProject{} 26 | err := data.K8SClient.Get(data.Context, client.ObjectKey{Namespace: data.Resources.Namespace, 27 | Name: data.Resources.Project.ObjectMeta.GetName()}, &project) 28 | if err != nil { 29 | return akov2.AtlasProject{}, err 30 | } 31 | return project, nil 32 | } 33 | -------------------------------------------------------------------------------- /test/helper/e2e/cli/kustomize/kustomize.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package kustomize 16 | 17 | import ( 18 | cli "github.com/mongodb/mongodb-atlas-kubernetes/v2/test/helper/e2e/cli" 19 | ) 20 | 21 | func Version() { 22 | session := cli.Execute("kustomize", "version") 23 | session.Wait() 24 | } 25 | 26 | func Build(source string) []byte { 27 | session := cli.Execute("kustomize", "build", source) 28 | session.Wait("2m") 29 | return session.Out.Contents() 30 | } 31 | -------------------------------------------------------------------------------- /test/helper/e2e/cli/oc/oc.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package oc 16 | 17 | import ( 18 | . "github.com/onsi/gomega" 19 | . "github.com/onsi/gomega/gbytes" 20 | 21 | cli "github.com/mongodb/mongodb-atlas-kubernetes/v2/test/helper/e2e/cli" 22 | ) 23 | 24 | func Version() { 25 | session := cli.Execute("oc", "version") 26 | session.Wait() 27 | } 28 | 29 | func Login(code, serverAPI string) { 30 | session := cli.ExecuteWithoutWriter("oc", "login", "--token="+code, "--server="+serverAPI, "--insecure-skip-tls-verify") 31 | EventuallyWithOffset(1, session).Should(Say("Logged into"), "Can not login to "+serverAPI) 32 | } 33 | 34 | func Apply(path string) { 35 | session := cli.Execute("oc", "apply", "-f", path) 36 | session.Wait("2m") 37 | } 38 | 39 | func Delete(path string) { 40 | session := cli.Execute("oc", "delete", "-f", path) 41 | session.Wait("2m") 42 | } 43 | -------------------------------------------------------------------------------- /test/helper/e2e/cli/podman/podman.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package podman 16 | 17 | import ( 18 | . "github.com/onsi/gomega" 19 | "github.com/onsi/gomega/gexec" 20 | 21 | cli "github.com/mongodb/mongodb-atlas-kubernetes/v2/test/helper/e2e/cli" 22 | ) 23 | 24 | func Version() { 25 | session := cli.Execute("podman", "version") 26 | session.Wait() 27 | } 28 | 29 | func Login(registry, user, pass string) { 30 | session := cli.ExecuteWithoutWriter("podman", "login", "-u", user, "-p", pass, registry) 31 | Eventually(session, "2m", "10s").Should(gexec.Exit(0)) 32 | } 33 | 34 | func PushIndexCatalog(catalogURL string) { 35 | session := cli.Execute("podman", "push", catalogURL) 36 | Eventually(session, "5m", "10s").Should(gexec.Exit(0)) 37 | } 38 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_advanced_multi_region_helm.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-advanced 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | clusterType: GEOSHARDED 10 | name: advanced-deployment 11 | replicationSpecs: 12 | - numShards: 1 13 | zoneName: Zone 1 14 | regionConfigs: 15 | - electableSpecs: 16 | instanceSize: M10 17 | nodeCount: 3 18 | providerName: AZURE 19 | backingProviderName: AZURE 20 | regionName: EUROPE_NORTH 21 | priority: 7 22 | 23 | - numShards: 1 24 | zoneName: Zone 2 25 | regionConfigs: 26 | - electableSpecs: 27 | instanceSize: M10 28 | nodeCount: 3 29 | providerName: AWS 30 | backingProviderName: AWS 31 | regionName: US_EAST_1 32 | priority: 7 33 | 34 | - numShards: 1 35 | zoneName: Zone 3 36 | regionConfigs: 37 | - electableSpecs: 38 | instanceSize: M10 39 | nodeCount: 3 40 | providerName: GCP 41 | backingProviderName: GCP 42 | regionName: EASTERN_US 43 | priority: 7 44 | 45 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_backup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-backup 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | name: deployment-backup 10 | backupEnabled: true 11 | clusterType: REPLICASET 12 | replicationSpecs: 13 | - zoneName: Zone 1 14 | regionConfigs: 15 | - electableSpecs: 16 | instanceSize: M20 17 | nodeCount: 1 18 | providerName: AWS 19 | backingProviderName: AWS 20 | regionName: US_EAST_1 21 | priority: 7 22 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_backup_update.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-backup 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | name: deployment-backup 10 | backupEnabled: false 11 | clusterType: REPLICASET 12 | replicationSpecs: 13 | - zoneName: Zone 1 14 | regionConfigs: 15 | - electableSpecs: 16 | instanceSize: M20 17 | nodeCount: 1 18 | providerName: AWS 19 | backingProviderName: AWS 20 | regionName: US_EAST_1 21 | priority: 7 22 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_backup_update_remove_backup.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-backup 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | name: deployment-backup 10 | backupEnabled: false 11 | clusterType: REPLICASET 12 | replicationSpecs: 13 | - zoneName: Zone 1 14 | regionConfigs: 15 | - electableSpecs: 16 | instanceSize: M10 17 | nodeCount: 1 18 | providerName: AWS 19 | backingProviderName: AWS 20 | regionName: US_EAST_1 21 | priority: 7 22 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_basic_free.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-basic-free 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | name: deployment-basic 10 | replicationSpecs: 11 | - zoneName: Zone 1 12 | regionConfigs: 13 | - electableSpecs: 14 | instanceSize: M0 15 | nodeCount: 1 16 | providerName: TENANT 17 | backingProviderName: "AWS" 18 | regionName: US_EAST_1 19 | priority: 7 20 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_basic_update.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-basic 5 | spec: 6 | projectRef: 7 | name: my-project 8 | flexSpec: 9 | name: deployment-basic 10 | providerSettings: 11 | backingProviderName: AWS 12 | regionName: US_EAST_1 13 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_basic_with_keep_resource_policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlascluster-basic 5 | annotations: 6 | "mongodb.com/atlas-resource-policy": "keep" 7 | spec: 8 | projectRef: 9 | name: my-project 10 | flexSpec: 11 | name: cluster-basic 12 | providerSettings: 13 | backingProviderName: AWS 14 | regionName: US_EAST_1 15 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_flex.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-flex 5 | spec: 6 | projectRef: 7 | name: my-project 8 | flexSpec: 9 | name: flex-instance 10 | providerSettings: 11 | backingProviderName: AWS 12 | regionName: US_EAST_1 13 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_multiregion_aws.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-multiregion-aws 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | name: deployment-multiregion-aws 10 | providerBackupEnabled: true 11 | clusterType: REPLICASET 12 | replicationSpecs: 13 | - zoneName: US-Zone 14 | numShards: 1 15 | regionsConfig: 16 | - regionName: US_EAST_1 17 | providerName: AWS 18 | backingProviderName: AWS 19 | priority: 6 20 | electableSpecs: 21 | - instanceSize: M10 22 | nodeCount: 1 23 | - regionName: US_WEST_2 24 | providerName: AWS 25 | backingProviderName: AWS 26 | priority: 7 27 | electableSpecs: 28 | - instanceSize: M10 29 | nodeCount: 2 30 | providerSettings: 31 | instanceSizeName: M10 32 | providerName: AWS 33 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_multiregion_aws_update.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-multiregion-aws 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | name: deployment-multiregion-aws 10 | providerBackupEnabled: false 11 | clusterType: REPLICASET 12 | replicationSpecs: 13 | - zoneName: US-Zone 14 | regionsConfig: 15 | - regionName: US_EAST_1 16 | electableSpecs: 17 | instanceSize: M20 18 | nodeCount: 1 19 | providerName: AWS 20 | backingProviderName: AWS 21 | priority: 6 22 | - regionName: US_WEST_2 23 | electableSpecs: 24 | instanceSize: M20 25 | nodeCount: 2 26 | providerName: AWS 27 | backingProviderName: AWS 28 | priority: 7 29 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_multiregion_azure.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-multiregion-azure 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | name: deployment-multiregion-azure 10 | providerBackupEnabled: true 11 | clusterType: REPLICASET 12 | replicationSpecs: 13 | - zoneName: Europe 14 | numShards: 1 15 | regionConfigs: 16 | - regionName: NORWAY_EAST 17 | providerName: AZURE 18 | backingProviderName: AZURE 19 | priority: 6 20 | electableSpecs: 21 | nodeCount: 1 22 | instanceSize: M10 23 | 24 | - regionName: GERMANY_NORTH 25 | providerName: AZURE 26 | backingProviderName: AZURE 27 | priority: 7 28 | electableSpecs: 29 | nodeCount: 2 30 | instanceSize: M10 31 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_multiregion_azure_update.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-multiregion-azure 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | name: deployment-multiregion-azure 10 | providerBackupEnabled: true 11 | clusterType: REPLICASET 12 | replicationSpecs: 13 | - zoneName: Europe 14 | numShards: 1 15 | regionsConfig: 16 | - regionName: NORWAY_EAST 17 | providerName: AZURE 18 | backingProviderName: AZURE 19 | priority: 6 20 | electableSpecs: 21 | instanceSize: M20 22 | nodeCount: 1 23 | - regionName: GERMANY_NORTH 24 | providerName: AZURE 25 | backingProviderName: AZURE 26 | priority: 7 27 | electableSpecs: 28 | instanceSize: M20 29 | nodeCount: 2 30 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_multiregion_gcp.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-multiregion-gcp 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | name: deployment-multiregion-gcp 10 | providerBackupEnabled: true 11 | clusterType: REPLICASET 12 | replicationSpecs: 13 | - zoneName: US-Zone 14 | numShards: 1 15 | regionConfigs: 16 | - regionName: CENTRAL_US 17 | providerName: GCP 18 | backingProviderName: GCP 19 | priority: 6 20 | electableSpecs: 21 | - instanceSize: M10 22 | nodeCount: 1 23 | - regionName: EASTERN_US 24 | providerName: GCP 25 | backingProviderName: GCP 26 | priority: 7 27 | electableSpecs: 28 | - instanceSize: M10 29 | nodeCount: 2 30 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_multiregion_multicloud_gcp_aws.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-multiregion-gcp 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | name: deployment-multiregion-gcp 10 | providerBackupEnabled: true 11 | clusterType: REPLICASET 12 | replicationSpecs: 13 | - zoneName: US-Zone 14 | numShards: 1 15 | regionsConfig: 16 | - regionName: CENTRAL_US 17 | providerName: GCP 18 | backingProviderName: GCP 19 | priority: 6 20 | electableSpecs: 21 | instanceSize: M10 22 | nodeCount: 1 23 | - regionName: EASTERN_US 24 | providerName: GCP 25 | backingProviderName: GCP 26 | priority: 7 27 | electableSpecs: 28 | instanceSize: M10 29 | nodeCount: 2 30 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasdeployment_standard.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasDeployment 3 | metadata: 4 | name: atlas-deployment-standard 5 | spec: 6 | projectRef: 7 | name: my-project 8 | deploymentSpec: 9 | name: deployment-standard 10 | replicationSpecs: 11 | - zoneName: Zone 1 12 | numShards: 1 13 | regionConfigs: 14 | - regionName: US_EAST_1 15 | providerName: AWS 16 | backingProviderName: AWS 17 | priority: 7 18 | electableSpecs: 19 | instanceSize: M10 20 | nodeCount: 1 21 | -------------------------------------------------------------------------------- /test/helper/e2e/data/atlasproject.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: atlas.mongodb.com/v1 2 | kind: AtlasProject 3 | metadata: 4 | name: my-project 5 | spec: 6 | name: Test Atlas Operator Project 7 | connectionSecretRef: 8 | name: my-atlas-key 9 | projectIpAccessList: 10 | - cidrBlock: "0.0.0.0/1" 11 | comment: "Everyone has access. For the test purpose only." 12 | - cidrBlock: "128.0.0.0/1" 13 | comment: "Everyone has access. For the test purpose only." 14 | -------------------------------------------------------------------------------- /test/helper/e2e/debug/debug.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package debug 16 | 17 | import "encoding/json" 18 | 19 | // PrettyString is a utility function for displaying an indented json structure as a sring. 20 | func PrettyString(obj interface{}) string { 21 | return string(PrettyBytes(obj)) 22 | } 23 | 24 | // PrettyBytes is a utility function for displaying an indented json structure as a byte array. 25 | func PrettyBytes(obj interface{}) []byte { 26 | bytes, err := json.MarshalIndent(obj, "", " ") 27 | if err != nil { 28 | return nil 29 | } 30 | return bytes 31 | } 32 | -------------------------------------------------------------------------------- /test/helper/e2e/model/team.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package model 16 | 17 | import ( 18 | metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" 19 | 20 | akov2 "github.com/mongodb/mongodb-atlas-kubernetes/v2/api/v1" 21 | ) 22 | 23 | func NewTeam(name, namespace string) *akov2.AtlasTeam { 24 | return &akov2.AtlasTeam{ 25 | TypeMeta: metav1.TypeMeta{ 26 | Kind: "AtlasTeam", 27 | APIVersion: "atlas.mongodb.com/v1", 28 | }, 29 | ObjectMeta: metav1.ObjectMeta{ 30 | Name: name, 31 | Namespace: namespace, 32 | }, 33 | Spec: akov2.TeamSpec{ 34 | Name: name, 35 | Usernames: []akov2.TeamUser{}, 36 | }, 37 | } 38 | } 39 | -------------------------------------------------------------------------------- /tools/compute-test-labels/compute-test-labels: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mongodb/mongodb-atlas-kubernetes/b7b271983af582f896924de7a7af5186e61f64c5/tools/compute-test-labels/compute-test-labels -------------------------------------------------------------------------------- /tools/makejwt/go.mod: -------------------------------------------------------------------------------- 1 | module tools/makejwt 2 | 3 | go 1.24 4 | 5 | require github.com/golang-jwt/jwt/v5 v5.2.2 6 | -------------------------------------------------------------------------------- /tools/makejwt/go.sum: -------------------------------------------------------------------------------- 1 | github.com/golang-jwt/jwt/v5 v5.2.2 h1:Rl4B7itRWVtYIHFrSNd7vhTiz9UpLdi6gZhZ3wEeDy8= 2 | github.com/golang-jwt/jwt/v5 v5.2.2/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= 3 | -------------------------------------------------------------------------------- /tools/metrics/go.mod: -------------------------------------------------------------------------------- 1 | module tools/metrics 2 | 3 | go 1.24 4 | 5 | require ( 6 | github.com/google/go-github/v57 v57.0.0 7 | github.com/stretchr/testify v1.10.0 8 | ) 9 | 10 | require ( 11 | github.com/davecgh/go-spew v1.1.1 // indirect 12 | github.com/google/go-querystring v1.1.0 // indirect 13 | github.com/pmezard/go-difflib v1.0.0 // indirect 14 | gopkg.in/yaml.v3 v3.0.1 // indirect 15 | ) 16 | -------------------------------------------------------------------------------- /tools/metrics/regressions_test.go: -------------------------------------------------------------------------------- 1 | // Copyright 2025 MongoDB Inc 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package main 16 | 17 | import ( 18 | "testing" 19 | 20 | "github.com/stretchr/testify/assert" 21 | "github.com/stretchr/testify/require" 22 | ) 23 | 24 | func TestQueryRegressions(t *testing.T) { 25 | srs, err := QueryRegressions(newTestClient(), lastRecordingTime, Weekly, 3) 26 | assert.NoError(t, err) 27 | require.NotNil(t, srs) 28 | } 29 | -------------------------------------------------------------------------------- /tools/metrics/samples/testWorkflowJobs-runId-7383310170-filter-all-page-1.json: -------------------------------------------------------------------------------- 1 | {"total_count":0} -------------------------------------------------------------------------------- /vuln-ignore: -------------------------------------------------------------------------------- 1 | ## Use entries such as: 2 | ## # url comment/reason for ignoring 3 | ## GO-xxxx-yyyy 4 | --------------------------------------------------------------------------------