Fix auth enforcement test, pass --auth credentials

aclark4life · aclark4life · commit 175c1c164bfc · 2026-04-22T17:09:48.000-04:00
ping is on MongoDB's auth bypass list and always succeeds even when
--auth is enabled, so the unauthenticated connection check never
actually tested auth enforcement. Use listDatabases instead, which
requires authentication and will fail without credentials.

Addresses the inconsistency where connect_mongodb was called without
credentials against auth-enabled deployments. These tests now verify
that user creation worked and that bob's credentials are valid.
diff --git a/.evergreen/tests/test-mongodb-runner.sh b/.evergreen/tests/test-mongodb-runner.sh
@@ -16,12 +16,14 @@ pushd $SCRIPT_DIR/.. > /dev/null
 function connect_mongodb() {
   local use_tls=false
   local use_auth=false
+  local eval_cmd='db.runCommand({"ping":1})'
 
   # Parse flags
   while [[ $# -gt 0 ]]; do
     case "$1" in
       --ssl) use_tls=true; shift ;;
       --auth) use_auth=true; shift ;;
+      --eval-cmd) eval_cmd="$2"; shift 2 ;;
       *) echo "Unknown option: $1"; return 1 ;;
     esac
   done
@@ -37,7 +39,7 @@ function connect_mongodb() {
   fi
   echo "Connecting to server..."
   # shellcheck disable=SC2068
-  $MONGODB_BINARIES/mongosh "$URI" ${TLS_OPTS[@]:-} --eval "db.runCommand({\"ping\":1})"
+  $MONGODB_BINARIES/mongosh "$URI" ${TLS_OPTS[@]:-} --eval "$eval_cmd"
   echo "Connecting to server... done."
 }
 
@@ -46,18 +48,18 @@ bash ./run-mongodb.sh start
 connect_mongodb
 
 bash ./run-mongodb.sh start --topology standalone --auth
-connect_mongodb
+connect_mongodb --auth
 
 bash ./run-mongodb.sh start --version 7.0 --topology replica_set --ssl
 connect_mongodb --ssl
 
 bash ./run-mongodb.sh start --version latest --topology sharded_cluster --auth --ssl
-connect_mongodb --ssl
+connect_mongodb --ssl --auth
 
 # Verify that auth is enforced when starting with AUTH=auth SSL=yes.
 # An unauthenticated connection must be rejected, and an authenticated one must succeed.
 AUTH=auth SSL=yes bash ./run-mongodb.sh start
-if connect_mongodb --ssl 2>/dev/null; then
+if connect_mongodb --ssl --eval-cmd 'db.adminCommand({listDatabases:1})' 2>/dev/null; then
   echo "ERROR: unauthenticated connection should have been rejected on an auth+ssl server"
   exit 1
 fi
