Merge remote-tracking branch 'origin/main' into 8107-dev

package.json

@@ -90,5 +90,8 @@
     "packages/*",
     "configs/*",
     "scripts"
-  ]
+  ],
+  "overrides": {
+    "mongodb-client-encryption": "6.0.0"
+  }
 }

packages/compass-e2e-tests/helpers/commands/connect-form.ts

@@ -184,10 +184,6 @@ export async function getConnectFormState(
       browser,
       Selectors.ConnectionFormTlsAllowInvalidCertificatesCheckbox
     ),
-    useSystemCA: getCheckboxValue(
-      browser,
-      Selectors.ConnectionFormTlsUseSystemCACheckbox
-    ),
   });
 
   // Proxy/SSH
@@ -688,8 +684,7 @@ export async function setConnectFormState(
     state.clientKeyPassword ||
     state.tlsInsecure ||
     state.tlsAllowInvalidHostnames ||
-    state.tlsAllowInvalidCertificates ||
-    state.useSystemCA
+    state.tlsAllowInvalidCertificates
   ) {
     await browser.navigateToConnectTab('TLS/SSL');
 
@@ -729,9 +724,6 @@ export async function setConnectFormState(
         Selectors.ConnectionFormTlsAllowInvalidCertificatesCheckbox
       );
     }
-    if (state.useSystemCA) {
-      await browser.clickParent(Selectors.ConnectionFormTlsUseSystemCACheckbox);
-    }
   }
 
   // Proxy/SSH
@@ -951,12 +943,12 @@ export async function setupDefaultConnections(browser: CompassBrowser) {
   This is intended to be used by most test files (ones that don't care too much
   about the intricacies about connections) in a before() hook after starting
   compass.
-  
+
   A beforeEach() hook can then use await browser.disconnectAll() to
   disconnect all connections and use browser.connectToDefaults() to connect
   to the existing connections without having to create them again via the
   connection form.
-  
+
   Then every test in that file starts with two connections that have the same
   databases and collections. This forces tests to always encounter the "worst
   case" where there are multiple connections connected and the database and

packages/compass-e2e-tests/helpers/connect-form-state.ts

@@ -55,7 +55,6 @@ export interface ConnectFormState {
   tlsInsecure?: boolean;
   tlsAllowInvalidHostnames?: boolean;
   tlsAllowInvalidCertificates?: boolean;
-  useSystemCA?: boolean;
 
   // Proxy/SSH
   proxyMethod?: 'none' | 'password' | 'identity' | 'socks';

packages/compass-e2e-tests/helpers/selectors.ts

@@ -138,8 +138,6 @@ export const ConnectionFormTlsAllowInvalidHostnamesCheckbox =
   '[data-testid="tlsAllowInvalidHostnames-input"]';
 export const ConnectionFormTlsAllowInvalidCertificatesCheckbox =
   '[data-testid="tlsAllowInvalidCertificates-input"]';
-export const ConnectionFormTlsUseSystemCACheckbox =
-  '[data-testid="useSystemCA-input"]';
 export const ConnectionFormProxyMethodRadios =
   '#ssh-options-radio-box-group input[type="radio"]';
 export const ConnectionFormInputSshPasswordHost =

packages/compass-e2e-tests/tests/connection-form.test.ts

@@ -58,7 +58,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -92,7 +91,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -132,7 +130,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -172,7 +169,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -218,7 +214,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -264,7 +259,6 @@ describe('Connection form', function () {
       tlsInsecure: true,
       tlsAllowInvalidHostnames: true,
       tlsAllowInvalidCertificates: true,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -294,26 +288,6 @@ describe('Connection form', function () {
     );
   });
 
-  it('parses and formats a URI for TLS with system CA', async function () {
-    const fixturesPath = path.resolve(__dirname, '..', 'fixtures');
-    const tlsCAFile = path.join(fixturesPath, 'ca.pem');
-
-    await browser.setConnectFormState({
-      hosts: ['localhost:27017'],
-      sslConnection: 'ON',
-      tlsCAFile,
-      useSystemCA: true,
-    });
-
-    const state = await browser.getConnectFormState();
-    expect(state.tlsCAFile).to.equal(undefined); // tlsCAFile is unset by useSystemCA
-    expect(state.useSystemCA).to.equal(true);
-
-    expect(
-      await browser.$(Selectors.ConnectionFormStringInput).getValue()
-    ).to.equal('mongodb://localhost:27017/?tls=true');
-  });
-
   it('parses and formats a URI for Kerberos authentication', async function () {
     const connectionString =
       'mongodb://principal@localhost:27017/?authMechanism=GSSAPI&authSource=%24external&authMechanismProperties=SERVICE_NAME%3Aservice+name%2CCANONICALIZE_HOST_NAME%3Aforward%2CSERVICE_REALM%3Aservice+realm';
@@ -338,7 +312,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -381,7 +354,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -426,7 +398,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -473,7 +444,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -515,7 +485,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'primary',
       replicaSet: 'replica-set',
       defaultDatabase: 'default-db',
@@ -569,7 +538,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -616,7 +584,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -661,7 +628,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -787,7 +753,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
       readPreference: 'defaultReadPreference',
       fleStoreCredentials: false,
       fleEncryptedFieldsMap: DEFAULT_FLE_ENCRYPTED_FIELDS_MAP,
@@ -843,7 +808,6 @@ describe('Connection form', function () {
       tlsAllowInvalidCertificates: false,
       tlsAllowInvalidHostnames: false,
       tlsInsecure: false,
-      useSystemCA: false,
     });
   });
 

packages/compass-e2e-tests/tests/connection.test.ts

@@ -834,38 +834,6 @@ describe('Connection form', function () {
     expect(result).to.have.property('ok', 1);
   });
 
-  it('can connect to an Atlas with tlsUseSystemCA', async function () {
-    if (!hasAtlasEnvironmentVariables()) {
-      return this.skip();
-    }
-
-    const username = process.env.E2E_TESTS_ATLAS_USERNAME ?? '';
-    const password = process.env.E2E_TESTS_ATLAS_PASSWORD ?? '';
-    const host = process.env.E2E_TESTS_ATLAS_HOST ?? '';
-    const connectionName = this.test?.fullTitle() ?? '';
-
-    await browser.connectWithConnectionForm({
-      scheme: 'MONGODB_SRV',
-      authMethod: 'DEFAULT',
-      defaultUsername: username,
-      defaultPassword: password,
-      hosts: [host],
-      sslConnection: 'ON',
-      useSystemCA: true,
-      connectionName,
-    });
-
-    // NB: The fact that we can use the shell is a regression test for COMPASS-5802.
-    const result = await browser.shellEval(
-      connectionName,
-      'db.runCommand({ connectionStatus: 1 })',
-      true
-    );
-    await new Promise((resolve) => setTimeout(resolve, 10000));
-    assertNotError(result);
-    expect(result).to.have.property('ok', 1);
-  });
-
   it('can connect to Atlas Serverless', async function () {
     if (!hasAtlasEnvironmentVariables()) {
       return this.skip();
@@ -1155,7 +1123,6 @@ describe('System CA access', function () {
       await browser.connectWithConnectionForm({
         hosts: ['127.0.0.1:27091'],
         sslConnection: 'DEFAULT',
-        useSystemCA: true,
         connectionName,
       });
       const result = await browser.shellEval(
@@ -1192,6 +1159,7 @@ describe('System CA access', function () {
       } else {
         expect(systemCALogs[i].attr.asyncFallbackError).to.equal(null);
       }
+      expect(systemCALogs[i].attr.systemCertsError).to.equal(null);
     }
   });
 });

packages/compass-shell/package.json

@@ -56,9 +56,9 @@
     "@mongodb-js/compass-user-data": "^0.3.3",
     "@mongodb-js/compass-utils": "^0.6.9",
     "@mongodb-js/compass-workspaces": "^0.19.0",
-    "@mongosh/browser-repl": "^2.2.15",
-    "@mongosh/logging": "^2.2.15",
-    "@mongosh/node-runtime-worker-thread": "^2.2.15",
+    "@mongosh/browser-repl": "^2.3.0",
+    "@mongosh/logging": "^2.3.0",
+    "@mongosh/node-runtime-worker-thread": "^2.3.0",
     "bson": "^6.7.0",
     "compass-preferences-model": "^2.26.0",
     "hadron-app-registry": "^9.2.2",

packages/compass-web/polyfills/@mongodb-js/devtools-connect/index.ts

@@ -8,7 +8,8 @@ export async function connectMongoClient(
   MongoClient: any
 ): Promise<any> {
   // Remove options not understood by the plain Node.js driver
-  delete options.useSystemCA;
+  delete options.proxy;
+  delete options.applyProxyToOIDC;
   delete options.productDocsLink;
   delete options.productName;
   delete options.oidc;

packages/compass/package.json

@@ -181,11 +181,11 @@
     "email": "[email protected]"
   },
   "dependencies": {
-    "@mongosh/node-runtime-worker-thread": "^2.2.15",
+    "@mongosh/node-runtime-worker-thread": "^2.3.0",
     "clipboard": "^2.0.6",
     "kerberos": "^2.1.1",
     "keytar": "^7.9.0",
-    "mongodb-client-encryption": "^6.0.0",
+    "mongodb-client-encryption": "6.0.0",
     "os-dns-native": "^1.2.1",
     "system-ca": "^2.0.0"
   },

packages/connection-form/src/components/advanced-options-tabs/csfle-tab/kms-tls-options.tsx

@@ -38,14 +38,9 @@ function KMSTLSOptions({
     <>
       <TLSCertificateAuthority
         tlsCAFile={currentOptions.tlsCAFile}
-        useSystemCA={false /* TODO(COMPASS-5635) */}
-        hideUseSystemCA={true /* TODO(COMPASS-5635) */}
         disabled={false}
         handleTlsOptionChanged={(key, value) =>
-          handleFieldChanged(
-            key as 'tlsCAFile' /* COMPASS-5635 */,
-            value ?? undefined
-          )
+          handleFieldChanged(key, value ?? undefined)
         }
         displayDatabaseConnectionUserHints={false}
       />