ci(NODE-3891): unskip failing tests with authentication is enabled (#4572)

baileympearson · durran · web-flow · commit 49bfdd382293 · 2025-07-02T00:44:15.000+02:00
Co-authored-by: Durran Jordan &lt;durran@gmail.com&gt;
diff --git a/.evergreen/config.yml b/.evergreen/config.yml
@@ -1788,6 +1788,7 @@ tasks:
             - {key: VERSION, value: latest}
             - {key: SSL, value: ssl}
             - {key: TOPOLOGY, value: server}
+            - {key: AUTH, value: auth}
       - func: install dependencies
       - func: bootstrap mongo-orchestration
       - func: run tls tests
@@ -1802,6 +1803,7 @@ tasks:
             - {key: VERSION, value: '8.0'}
             - {key: SSL, value: ssl}
             - {key: TOPOLOGY, value: server}
+            - {key: AUTH, value: auth}
       - func: install dependencies
       - func: bootstrap mongo-orchestration
       - func: run tls tests
@@ -1816,6 +1818,7 @@ tasks:
             - {key: VERSION, value: '7.0'}
             - {key: SSL, value: ssl}
             - {key: TOPOLOGY, value: server}
+            - {key: AUTH, value: auth}
       - func: install dependencies
       - func: bootstrap mongo-orchestration
       - func: run tls tests
@@ -1830,6 +1833,7 @@ tasks:
             - {key: VERSION, value: '6.0'}
             - {key: SSL, value: ssl}
             - {key: TOPOLOGY, value: server}
+            - {key: AUTH, value: auth}
       - func: install dependencies
       - func: bootstrap mongo-orchestration
       - func: run tls tests
@@ -1844,6 +1848,7 @@ tasks:
             - {key: VERSION, value: '5.0'}
             - {key: SSL, value: ssl}
             - {key: TOPOLOGY, value: server}
+            - {key: AUTH, value: auth}
       - func: install dependencies
       - func: bootstrap mongo-orchestration
       - func: run tls tests
@@ -1858,6 +1863,7 @@ tasks:
             - {key: VERSION, value: '4.4'}
             - {key: SSL, value: ssl}
             - {key: TOPOLOGY, value: server}
+            - {key: AUTH, value: auth}
       - func: install dependencies
       - func: bootstrap mongo-orchestration
       - func: run tls tests
@@ -1872,6 +1878,7 @@ tasks:
             - {key: VERSION, value: '4.2'}
             - {key: SSL, value: ssl}
             - {key: TOPOLOGY, value: server}
+            - {key: AUTH, value: auth}
       - func: install dependencies
       - func: bootstrap mongo-orchestration
       - func: run tls tests
diff --git a/.evergreen/generate_evergreen_tasks.js b/.evergreen/generate_evergreen_tasks.js
@@ -317,9 +317,8 @@ for (const VERSION of TLS_VERSIONS) {
       updateExpansions({
         VERSION,
         SSL: 'ssl',
-        TOPOLOGY: 'server'
-        // TODO: NODE-3891 - fix tests broken when AUTH enabled
-        // AUTH: 'auth'
+        TOPOLOGY: 'server',
+        AUTH: 'auth'
       }),
       { func: 'install dependencies' },
       { func: 'bootstrap mongo-orchestration' },
diff --git a/test/integration/causal-consistency/causal_consistency.prose.test.js b/test/integration/causal-consistency/causal_consistency.prose.test.js
@@ -4,7 +4,6 @@ const { LEGACY_HELLO_COMMAND } = require('../../mongodb');
 
 const { setupDatabase } = require('../shared');
 const { expect } = require('chai');
-const { skipBrokenAuthTestBeforeEachHook } = require('../../tools/runner/hooks/configuration');
 
 const ignoredCommands = [LEGACY_HELLO_COMMAND, 'endSessions'];
 const test = { commands: { started: [], succeeded: [] } };
@@ -15,21 +14,12 @@ describe('Causal Consistency - prose tests', function () {
     return setupDatabase(this.configuration);
   });
 
-  beforeEach(
-    skipBrokenAuthTestBeforeEachHook({
-      skippedTests: [
-        '2. The first read in a causally consistent session must not send afterClusterTime to the server',
-        'case: successful read with causal consistency',
-        'case: second operation is findOne',
-        'case: successful insert',
-        '6. A read operation in a ClientSession that is not causally consistent should not include the afterClusterTime parameter in the command sent to the server'
-      ]
-    })
-  );
-
   beforeEach(function () {
     test.commands = { started: [], succeeded: [] };
-    test.client = this.configuration.newClient({ w: 1 }, { maxPoolSize: 1, monitorCommands: true });
+    test.client = this.configuration.newClient(
+      { w: 1 },
+      { maxPoolSize: 1, monitorCommands: true, __skipPingOnConnect: true }
+    );
     test.client.on('commandStarted', event => {
       if (ignoredCommands.indexOf(event.commandName) === -1) test.commands.started.push(event);
     });
diff --git a/test/integration/client-side-encryption/client_side_encryption.spec.test.ts b/test/integration/client-side-encryption/client_side_encryption.spec.test.ts
@@ -8,53 +8,6 @@ import {
 } from '../../tools/spec-runner';
 import { runUnifiedSuite } from '../../tools/unified-spec-runner/runner';
 
-const isAuthEnabled = process.env.AUTH === 'auth';
-
-// 'TODO: NODE-3891 - fix tests broken when AUTH enabled'
-const skippedAuthTests = [
-  'Insert a document with auto encryption using the AWS provider with temporary credentials',
-  'Insert a document with auto encryption using Azure KMS provider',
-  '$rename works if target value has same encryption options',
-  'Bulk write with encryption',
-  'Insert with bypassAutoEncryption',
-  'Insert with bypassAutoEncryption for local schema',
-  'ping is bypassed',
-  'deleteOne with deterministic encryption',
-  'deleteMany with deterministic encryption',
-  'distinct with deterministic encryption',
-  'Find with deterministic encryption',
-  'Find with $in with deterministic encryption',
-  'findOneAndReplace with deterministic encryption',
-  'findOneAndUpdate with deterministic encryption',
-  'Insert a document with auto encryption using GCP KMS provider',
-  'getMore with encryption',
-  'unset works with an encrypted field',
-  'updateOne with deterministic encryption',
-  'updateMany with deterministic encryption',
-  'replaceOne with encryption',
-  'Insert with encryption on a missing key',
-  'A local schema should override',
-  'Count with deterministic encryption',
-  'Insert a document with auto encryption using local KMS provider',
-  'Insert with encryption using key alt name',
-  'insertMany with encryption',
-  'insertOne with encryption',
-  'findOneAndDelete with deterministic encryption',
-  '$unset works with an encrypted field',
-  'Insert a document with auto encryption using KMIP KMS provider'
-];
-
-// TODO(NODE-6048): Int32 and Long not allowed as batchSize option to cursor.
-const skippedNoAuthTests = ['getMore with encryption'];
-
-const SKIPPED_TESTS = new Set([
-  ...(isAuthEnabled ? skippedAuthTests.concat(skippedNoAuthTests) : skippedNoAuthTests),
-  ...[
-    // the node driver does not have a mapReduce helper
-    'mapReduce deterministic encryption (unsupported)'
-  ]
-]);
-
 describe('Client Side Encryption (Legacy)', function () {
   const testContext = new TestRunnerContext({ requiresCSFLE: true });
   const testSuites = gatherTestSuites(
@@ -70,8 +23,11 @@ describe('Client Side Encryption (Legacy)', function () {
 
   generateTopologyTests(testSuites, testContext, (test, configuration) => {
     const { description } = test;
-    if (SKIPPED_TESTS.has(description)) {
-      return 'Skipped by generic test name skip filter.';
+    if (description === 'getMore with encryption') {
+      return `TODO(NODE-6048): Int32 and Long not allowed as batchSize option to cursor`;
+    }
+    if (description === 'mapReduce deterministic encryption (unsupported)') {
+      return `the Node driver does not have a mapReduce helper.`;
     }
     if (
       [
diff --git a/test/integration/connection-monitoring-and-pooling/connection.test.ts b/test/integration/connection-monitoring-and-pooling/connection.test.ts
@@ -14,14 +14,14 @@ import {
   makeClientMetadata,
   MongoClient,
   MongoClientAuthProviders,
+  type MongoClientOptions,
   MongoDBResponse,
   MongoServerError,
   ns,
   ServerHeartbeatStartedEvent,
   Topology
 } from '../../mongodb';
 import * as mock from '../../tools/mongodb-mock/index';
-import { skipBrokenAuthTestBeforeEachHook } from '../../tools/runner/hooks/configuration';
 import { processTick, sleep } from '../../tools/utils';
 import { assert as test, setupDatabase } from '../shared';
 
@@ -37,15 +37,6 @@ const commonConnectOptions = {
 };
 
 describe('Connection', function () {
-  beforeEach(
-    skipBrokenAuthTestBeforeEachHook({
-      skippedTests: [
-        'should support calling back multiple times on exhaust commands',
-        'should correctly connect to server using domain socket'
-      ]
-    })
-  );
-
   before(function () {
     return setupDatabase(this.configuration);
   });
@@ -182,13 +173,16 @@ describe('Connection', function () {
       metadata: {
         requires: { topology: 'single', os: '!win32' }
       },
-
       test: function (done) {
         const configuration = this.configuration;
-        client = configuration.newClient(
-          `mongodb://${encodeURIComponent('/tmp/mongodb-27017.sock')}?w=1`,
-          { maxPoolSize: 1 }
-        );
+        const uri = `mongodb://${encodeURIComponent('/tmp/mongodb-27017.sock')}?w=1`;
+        const options: MongoClientOptions = {
+          maxPoolSize: 1
+        };
+        if (this.configuration.options.auth) {
+          options.auth = this.configuration.options.auth;
+        }
+        client = configuration.newClient(uri, options);
 
         const db = client.db(configuration.db);
 
diff --git a/test/integration/enumerate_databases.test.ts b/test/integration/enumerate_databases.test.ts
@@ -6,11 +6,7 @@ import { TestBuilder, UnifiedTestSuiteBuilder } from '../tools/utils';
 
 const metadata: MongoDBMetadataUI = {
   requires: {
-    auth: 'enabled',
-
-    // 'TODO: NODE-3891 - fix tests broken when AUTH enabled'
-    //   These tests should work on a load balanced topology
-    topology: '!load-balanced'
+    auth: 'enabled'
   }
 };
 
diff --git a/test/integration/load-balancers/load_balancers.spec.test.ts b/test/integration/load-balancers/load_balancers.spec.test.ts
@@ -26,15 +26,9 @@ const filter = ({ description }) => {
 
   if (
     process.env.AUTH === 'auth' &&
-    [
-      'errors during authentication are processed',
-      'wait queue timeout errors include cursor statistics',
-      'wait queue timeout errors include transaction statistics',
-      'operations against non-load balanced clusters fail if URI contains loadBalanced=true',
-      'operations against non-load balanced clusters succeed if URI contains loadBalanced=false'
-    ].includes(description)
+    ['errors during authentication are processed'].includes(description)
   ) {
-    return 'TODO(NODE-3891): fix tests broken when AUTH enabled';
+    return 'TODO(NODE-7014): clear pool after handshake error in lb mode';
   }
 
   return false;
diff --git a/test/integration/node-specific/operation_examples.test.ts b/test/integration/node-specific/operation_examples.test.ts
@@ -1,5 +1,4 @@
 import { expect } from 'chai';
-import { format as f } from 'util';
 
 import {
   Code,
@@ -8,7 +7,6 @@ import {
   ProfilingLevel,
   ReturnDocument
 } from '../../mongodb';
-import { skipBrokenAuthTestBeforeEachHook } from '../../tools/runner/hooks/configuration';
 import { sleep as delay } from '../../tools/utils';
 import { setupDatabase } from '../shared';
 
@@ -27,16 +25,6 @@ describe('Operations', function () {
     return setupDatabase(this.configuration, ['integration_tests_2', 'hr', 'reporting']);
   });
 
-  beforeEach(
-    skipBrokenAuthTestBeforeEachHook({
-      skippedTests: [
-        'Should correctly connect to a replicaset',
-        'Should connect to mongos proxies using connectiong string With Promises',
-        'Should correctly connect to a replicaset With Promises'
-      ]
-    })
-  );
-
   /**************************************************************************
    *
    * COLLECTION TESTS
@@ -3244,14 +3232,7 @@ describe('Operations', function () {
 
     test: function () {
       const configuration = this.configuration;
-      const url = f(
-        'mongodb://%s,%s/%s?replicaSet=%s&readPreference=%s',
-        f('%s:%s', configuration.host, configuration.port),
-        f('%s:%s', configuration.host, configuration.port + 1),
-        'integration_test_',
-        configuration.replicasetName,
-        'primary'
-      );
+      const url = configuration.url();
 
       const client = configuration.newClient(url);
       return client.connect().then(function (client) {
@@ -3291,13 +3272,7 @@ describe('Operations', function () {
 
     test: function () {
       const configuration = this.configuration;
-      const url = f(
-        'mongodb://%s:%s,%s:%s/sharded_test_db?w=1',
-        configuration.host,
-        configuration.port,
-        configuration.host,
-        configuration.port + 1
-      );
+      const url = configuration.url();
 
       const client = configuration.newClient(url);
       return client.connect().then(function (client) {
diff --git a/test/integration/unified-test-format/unified_test_format.spec.test.ts b/test/integration/unified-test-format/unified_test_format.spec.test.ts
@@ -27,17 +27,6 @@ const filter: TestFilter = ({ description }) => {
     return 'TODO(NODE-5962): fix migration conflict in transaction tests';
   }
 
-  if (
-    process.env.AUTH === 'auth' &&
-    [
-      'FindOneAndUpdate is committed on first attempt',
-      'FindOneAndUpdate is not committed on first attempt',
-      'FindOneAndUpdate is never committed'
-    ].includes(description)
-  ) {
-    return 'TODO(NODE-3891): fix tests broken when AUTH enabled';
-  }
-
   return false;
 };
 
diff --git a/test/manual/tls_support.test.ts b/test/manual/tls_support.test.ts
@@ -3,6 +3,7 @@ import * as tls from 'node:tls';
 
 import { expect } from 'chai';
 import { promises as fs } from 'fs';
+import ConnectionString from 'mongodb-connection-string-url';
 import * as sinon from 'sinon';
 
 import {
@@ -33,7 +34,7 @@ describe('TLS Support', function () {
 
   it(
     'should connect with tls via client options',
-    makeConnectionTest(CONNECTION_STRING, tlsSettings)
+    makeConnectionTest(CONNECTION_STRING, {}, tlsSettings)
   );
 
   beforeEach(function () {
@@ -48,11 +49,7 @@ describe('TLS Support', function () {
 
   it(
     'should connect with tls via url options',
-    makeConnectionTest(
-      `${CONNECTION_STRING}?${Object.keys(tlsSettings)
-        .map(key => `${key}=${tlsSettings[key]}`)
-        .join('&')}`
-    )
+    makeConnectionTest(CONNECTION_STRING, tlsSettings, {})
   );
 
   context('when tls filepaths are provided', () => {
@@ -283,9 +280,17 @@ describe('TLS Support', function () {
   });
 });
 
-function makeConnectionTest(connectionString: string, clientOptions?: MongoClientOptions) {
+function makeConnectionTest(
+  connectionString: string,
+  uriOptions: Record<string, any>,
+  clientOptions?: MongoClientOptions
+) {
+  const uri = new ConnectionString(connectionString);
+  for (const [k, v] of Object.entries(uriOptions)) {
+    uri.searchParams.set(k, v);
+  }
   return async function () {
-    const client = new MongoClient(connectionString, clientOptions);
+    const client = new MongoClient(uri.toString(), clientOptions);
 
     await client.connect();
     await client.db('admin').command({ [LEGACY_HELLO_COMMAND]: 1 });
diff --git a/test/tools/runner/hooks/configuration.ts b/test/tools/runner/hooks/configuration.ts
