feat(mongo): Add MongoDB connection support for Boundary CLI #6033
Conversation
There was a problem hiding this comment.
We'll probably need an update to enos/modules/test_e2e_docker/test.sh, similar to what's happening in here: https://github.com/hashicorp/boundary/pull/6001/files. Something to install a mongoDB client in the runtime environment of the tests. You can test the commands to use by creating a golang:1.25 container and running them.
|
I’ve added the MongoDB client (mongosh) to the e2e Docker test runtime. It installs via the MongoDB APT key and repo, and I verified it inside a golang:1.25 container (mongosh --version). @johanbrandhorst I also removed the explicit Boundary DB/server startup from the Mongo test since the E2E infrastructure already starts Boundary. @Balaji2198 |
|
@enbiyagoral This is very cool! Did you get a chance to run the tests locally (and if so, which CLI did you use)? Would you mind sharing your output? Getting some conflicting errors my end as I am trying to verify with |
|
Hm, pushing did not seem to run CI for us, we might have to recreate the PR altogether. |
oh sorry, what I did:
The test passes, and mongosh successfully connects to the MongoDB target through Boundary! @bgajjala8 |
|
The test seems to pass at first glance, but I noticed an authentication error in the output. Do you know what might be causing this, and are you seeing the same issue locally? I’m seeing this issue on my end as well. |
- Add -auth-source flag with default value 'admin' for root users - Add BOUNDARY_CONNECT_MONGO_AUTH_SOURCE environment variable support - Update documentation with new flag and correct mongosh default - Improve MongoDB test with explicit auth-source parameter - Fix Docker configuration formatting for better readability This ensures MongoDB root users authenticate against the admin database by default while allowing flexibility for custom authentication databases.
… and container hostname
|
Hi folks(@johanbrandhorst, @bgajjala8), after a few intense weeks working with Terraform and Terragrunt, I’m happy to share an update. At my first availability, I set up the test environment with Enos and ran my test. The results look promising: |
testing/internal/e2e/tests/base/target_tcp_connect_mongo_test.go
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
@enbiyagoral (Question): Was there a specific reason to use connection strings rather than building using mongosh flags? I looked at the help menu and noticed there are options to use flags.
➜ boundary git:(pr/enbiyagoral/6033) ✗ mongosh --help
$ mongosh [options] [db address] [file names (ending in .js or .mongodb)]
Options:
-h, --help Show this usage information
-f, --file [arg] Load the specified mongosh script
--host [arg] Server to connect to
--port [arg] Port to connect to
--build-info Show build information
--version Show version information
--quiet Silence output from the shell during the connection process
--shell Run the shell after executing files
--nodb Don't connect to mongod on startup - no 'db address' [arg] expected
--norc Will not run the '.mongoshrc.js' file on start up
--eval [arg] Evaluate javascript
--json[=canonical|relaxed] Print result of --eval as Extended JSON, including errors
--retryWrites[=true|false] Automatically retry write operations upon transient network errors (Default: true)
Authentication Options:
-u, --username [arg] Username for authentication
-p, --password [arg] Password for authentication
--authenticationDatabase [arg] User source (defaults to dbname)
--authenticationMechanism [arg] Authentication mechanism
--awsIamSessionToken [arg] AWS IAM Temporary Session Token ID
--gssapiServiceName [arg] Service name to use when authenticating using GSSAPI/Kerberos
--sspiHostnameCanonicalization [arg] Specify the SSPI hostname canonicalization (none or forward, available on Windows)
--sspiRealmOverride [arg] Specify the SSPI server realm (available on Windows)
| func (m *mongoFlags) buildArgs(c *Command, port, ip, _ string, creds proxy.Credentials) (args, envs []string, retCreds proxy.Credentials, retErr error) { | ||
| var username, password string | ||
|
|
||
| retCreds = creds |
There was a problem hiding this comment.
If we use flag we can probably make it look similar to postgres impl. Could look something like...
args = append(args, "--host", ip)
if port != "" {
args = append(args, "--port", port)
}
switch {
case username != "":
args = append(args, "-u", username)
case c.flagUsername != "":
args = append(args, "-u", c.flagUsername)
}
if password != "" {
args = append(args, "-p", password)
if c.flagDbname == "" {
c.UI.Warn("Credentials are being brokered but no -dbname parameter provided.......")
}
}
if c.flagAuthSource != "" {
args = append(args, "--authenticationDatabase", c.flagAuthSource)
}
if c.flagDbname != "" {
args = append(args, c.flagDbname)
}
This PR adds MongoDB connection support to the Boundary CLI. Users can now securely and easily connect to MongoDB targets using the boundary connect mongo command.
What's Added?
boundary connect mongocommandTesting
Notes
This PR follows the same architecture and UX as the existing helper commands for PostgreSQL and MySQL.