add monitoring ee2e test

Author: nammn

docker/mongodb-kubernetes-tests/tests/opsmanager/withMonitoredAppDB/om_ops_manager_appdb_monitoring_tls.py

@@ -101,3 +101,33 @@ def test_new_database_is_monitored_after_restart(ops_manager: MongoDBOpsManager)
     # We want to retrieve measurements from "new_database" which will indicate
     # that the monitoring agents are working with the new credentials.
     ops_manager.assert_monitoring_data_exists(database_name=database_name, timeout=1200, all_hosts=False)
+
+
+@mark.e2e_om_appdb_monitoring_tls
+def test_monitoring_works_after_tls_disable(ops_manager: MongoDBOpsManager):
+    """
+    CLOUDP-351614: Verify monitoring continues to work after disabling TLS.
+    When TLS is disabled, the monitoring config should not contain stale TLS params.
+    """
+    ops_manager.load()
+
+    # Transition to allowTLS mode first (required before disabling TLS)
+    ops_manager["spec"]["applicationDatabase"]["additionalMongodConfig"] = {
+        "net": {"tls": {"mode": "allowTLS"}}
+    }
+    ops_manager.update()
+    ops_manager.appdb_status().assert_reaches_phase(Phase.Running, timeout=1200)
+
+    # Disable TLS on AppDB
+    ops_manager["spec"]["applicationDatabase"]["security"]["certsSecretPrefix"] = None
+    ops_manager["spec"]["applicationDatabase"]["security"]["tls"]["enabled"] = False
+    ops_manager.update()
+    ops_manager.appdb_status().assert_reaches_phase(Phase.Running, timeout=1200)
+
+    # Verify monitoring agents are still healthy after TLS disable
+    tester = ops_manager.get_om_tester(ops_manager.app_db_name())
+    agents_after = tester.api_read_monitoring_agents()
+    appdb_hostnames = ops_manager.get_appdb_hostnames_for_monitoring()
+    appdb_agents_after = [a for a in agents_after if a["hostname"] in appdb_hostnames]
+    assert all(a["stateName"] in ["ACTIVE", "STANDBY"] for a in appdb_agents_after), \
+        f"Monitoring agents should be healthy after TLS disable: {appdb_agents_after}"