No way to pass arguments to Mongo shell

[StephenWeatherford]

I think used to work by adding the arguments to the mongo.shell.path setting, but that no longer works. I think adding a new setting mongo.shell.arguments is the best approach. It will also help with testing.

[jecolvin]

Would this issue include being able to pass additional options to the MongoClient.connect() command? Our Mongo instance requires Server and Client validation, so would need to pass the sslCA, sslCert, sslKey and sslPass options in addition to a connection string.

[StephenWeatherford]

@yergi

This would allow passing anything additional to mongo.exe. I see these:
--ssl use SSL for all connections
--sslCAFile arg Certificate Authority file for SSL
--sslPEMKeyFile arg PEM certificate/key file for SSL
--sslPEMKeyPassword arg password for key in PEM file for SSL
--sslCRLFile arg Certificate Revocation List file for SSL
--sslAllowInvalidHostnames allow connections to servers with
non-matching hostnames
--sslAllowInvalidCertificates allow connections to servers with invalid
certificates
--sslFIPSMode activate FIPS 140-2 mode at startup
--sslCertificateSelector arg SSL Certificate in system store
--sslDisabledProtocols arg Comma separated list of TLS protocols to
disable [TLS1_0,TLS1_1,TLS1_2]
--retryWrites automatically retry write operations upon
transient network errors
--jsHeapLimitMB arg set the js scope's heap size limit

Authentication Options:
-u [ --username ] arg username for authentication
-p [ --password ] arg password for authentication
--authenticationDatabase arg user source (defaults to dbname)
--authenticationMechanism arg authentication mechanism
--gssapiServiceName arg (=mongodb) Service name to use when authenticating
using GSSAPI/Kerberos
--gssapiHostName arg Remote host name to use for purpose of
GSSAPI/Kerberos authentication

Note though that this is only for the scenarios where we go through the mongo shell, like when you have chained commands. Are you currently able to get your scenario to work correctly with simple queries such as db.col.find()?

[jecolvin]

I'm not; as I'm unable to connect to our instance via the extension. Ideally this would allow adding the arguments directly to the Node driver, as our client cert and its key are stored separately (that's the sslCert and sslKey arguments for .connect() in the Node driver). If I have to use the flags from the mongo shell directly it looks like we'll need to change our upstream process to store the client cert and its key in the same pem file.

[jecolvin]

Since SSL is a special case and its arguments can be passed via the .connect() method from the Node driver, would it make more sense to have a separate setting for those args? Perhaps a mongo.ssl setting that could be an object that needs to be passed to the server option, which constructs a Server instance. This would avoid having to pass the SSL flags in the shell on every call to the database.

The main difficulty I see with that is that the sslCA, sslKey, and sslCert options can't take a filepath str, the file has to be read and the contents passed.

[StephenWeatherford]

I think that makes sense. Would you mind adding a separate issue for that? Thanks.

[PrashanthCorp]

@StephenWeatherford , Does this fix #1126?

[StephenWeatherford]

Yes.

[StephenWeatherford]

Fixed by #1162