DRIVERS-3434 Fix auth-ssl config for standalone#761
Merged
aclark4life merged 5 commits intomasterfrom Apr 23, 2026
Merged
Conversation
comandeo-mongo
changed the title
aclark4life
force-pushed
the
RUBY-3780-fix-auth-ssl-config
branch
from
27a87ad to
9e5268d
Compare
There was a problem hiding this comment.
Pull request overview
Updates the Evergreen mongodb-runner orchestration for standalone auth+TLS so authentication is actually enabled, and adds a regression check in the mongodb-runner self-test script.
Changes:
- Add
auth_keyto the standaloneauth-ssl.jsonorchestration config so auth is enabled under TLS. - Extend
.evergreen/tests/test-mongodb-runner.shto support authenticated connections and add an auth+ssl enforcement check.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
.evergreen/tests/test-mongodb-runner.sh |
Adds an --auth option to the connection helper and introduces a new auth+ssl enforcement check. |
.evergreen/orchestration/configs/servers/auth-ssl.json |
Adds auth_key to enable auth for the standalone auth+ssl server configuration. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
aclark4life
force-pushed
the
RUBY-3780-fix-auth-ssl-config
branch
3 times, most recently
from
ef4234c to
bafe047
Compare
aclark4life
force-pushed
the
RUBY-3780-fix-auth-ssl-config
branch
from
bafe047 to
175c1c1
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
test-mongodb-runner.sh:
- Fix connect_mongodb exit code propagation: bash disables set -e inside
functions called from an if condition, causing mongosh failures to be
swallowed. Use || result=$? to capture the real exit code.
- Add --eval-cmd flag so callers can supply a custom MongoDB command.
- Fix auth enforcement check: use db.adminCommand({listDatabases:1}),
which requires authentication even without an explicit auth source,
rather than ping which succeeds unauthenticated on some topologies.
- Pass --auth credentials when connecting to auth-enabled standalone
and sharded cluster servers.
mongodb_runner.py:
- Replace "npx -y mongodb-runner@^6.7.1" with a local npm install that
pins @mongodb-js/oidc-mock-provider to 0.13.7. npx does not support
npm overrides, and oidc-mock-provider 0.13.8+ pulled in yargs@18
(ESM-only), which cannot be require()'d on Node 16 (ERR_REQUIRE_ESM).
- Add --experimental-global-webcrypto to NODE_OPTIONS for Node 16-18.
The crypto global was not exposed until Node 19; the mongodb driver
uses it at startup. The flag was removed in Node 22, so it is only
added when node_major < 19.
- Fix Windows subprocess execution: Python cannot CreateProcess a .cmd
file without shell=True. Use shell=True and pass the command as a
string on win32 for both the npm install and the mongodb-runner Popen.
test-install-binaries.sh:
- Replace "npx -y mongodb-runner --help" with the same npm install +
overrides approach used in mongodb_runner.py.
- Source init-node-and-npm-env.sh after install-node.sh so the freshly
installed Node is on PATH (running install-node.sh as a subprocess
does not propagate its PATH changes to the caller).
- Use a subshell + cd for npm install instead of --prefix to avoid
MSYS2/Cygwin Unix-path translation issues when npm-cli.js runs as a
Windows process.
- Invoke node runner.js directly instead of the .bin/ POSIX shim.
The shim can have CRLF line endings on Windows, making the shebang
unresolvable and causing bash to return exit 127.
aclark4life
force-pushed
the
RUBY-3780-fix-auth-ssl-config
branch
from
46fe312 to
4a6bc11
Compare
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
- mongodb_runner.py: raise RuntimeError if shutil.which("npm") returns
None rather than passing None to subprocess, which would raise a
confusing TypeError or attempt to run a literal "None" command.
- test-install-binaries.sh: add trap to remove MR_INSTALL_DIR on EXIT
so the temp directory is cleaned up even if the script fails.
mktemp -d returns a /cygdrive/c/... path on Cygwin, which node.exe interprets as C:\cygdrive\c\... instead of C:\.... Use cygpath -m to convert to a Windows-native path before passing it to node.
addaleax
approved these changes
Apr 23, 2026
|
|
||
| npx does not support npm overrides, so we manage the install manually. | ||
| @mongodb-js/oidc-mock-provider 0.13.8+ switched to yargs@18 (ESM-only), which | ||
| cannot be require()'d on Node 16. Pinning to 0.13.7 keeps it on yargs@17. |
Contributor
There was a problem hiding this comment.
If it's necessary, we can undo the yargs bump.
But it might also be worth calling out that Node.js 16 has been EOL since 2023, and starting next month Node.js 22 will be the oldest supported release line.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
DRIVERS-3434
Summary
Changes in this PR
Test Plan
Checklist
Checklist for Author
Checklist for Reviewer