Force directConnection=true for mongo clients (#52979)

Author: greedy52

lib/client/db/dbcmd/dbcmd.go

@@ -573,6 +573,18 @@ func (c *CLICommandBuilder) getMongoAddress() string {
 		serverSelectionTimeoutMS = envValue
 	}
 	query.Set("serverSelectionTimeoutMS", serverSelectionTimeoutMS)
+	// If directConnection is false (default for many clients), the client
+	// attempts to discover all servers in the replica set, and sends operations
+	// to the primary member.
+	// https://www.mongodb.com/docs/manual/reference/connection-string-options/#mongodb-urioption-urioption.directConnection
+	//
+	// Since Teleport is a proxy that appears only as a single server,
+	// directConnection should always be used.
+	//
+	// mongosh automatically adds the directConnection=true parameter. However,
+	// here we explicitly set it for other clients like MongoDB compass.
+	// https://www.mongodb.com/docs/mongodb-shell/connect/
+	query.Set("directConnection", "true")
 
 	address := url.URL{
 		Scheme:   connstring.SchemeMongoDB,

lib/client/db/dbcmd/dbcmd_test.go

@@ -332,7 +332,7 @@ func TestCLICommandBuilderGetConnectCommand(t *testing.T) {
 			cmd: []string{"mongo",
 				"--ssl",
 				"--sslPEMKeyFile", "/tmp/keys/example.com/bob-db/db.example.com/mysql.crt",
-				"mongodb://localhost:12345/mydb?serverSelectionTimeoutMS=5000",
+				"mongodb://localhost:12345/mydb?directConnection=true&serverSelectionTimeoutMS=5000",
 			},
 			wantErr: false,
 		},
@@ -347,7 +347,7 @@ func TestCLICommandBuilderGetConnectCommand(t *testing.T) {
 				},
 			},
 			cmd: []string{"mongo",
-				"mongodb://localhost:12345/mydb?serverSelectionTimeoutMS=5000",
+				"mongodb://localhost:12345/mydb?directConnection=true&serverSelectionTimeoutMS=5000",
 			},
 			wantErr: false,
 		},
@@ -365,7 +365,7 @@ func TestCLICommandBuilderGetConnectCommand(t *testing.T) {
 				"--tls",
 				"--tlsCertificateKeyFile", "/tmp/keys/example.com/bob-db/db.example.com/mysql.crt",
 				"--tlsUseSystemCA",
-				"mongodb://localhost:12345/mydb?serverSelectionTimeoutMS=5000",
+				"mongodb://localhost:12345/mydb?directConnection=true&serverSelectionTimeoutMS=5000",
 			},
 		},
 		{
@@ -385,7 +385,7 @@ func TestCLICommandBuilderGetConnectCommand(t *testing.T) {
 				"--tls",
 				"--tlsCertificateKeyFile", "/tmp/keys/example.com/bob-db/db.example.com/mysql.crt",
 				"--tlsCAFile", "/tmp/keys/example.com/cas/example.com.pem",
-				"mongodb://localhost:12345/mydb?serverSelectionTimeoutMS=5000",
+				"mongodb://localhost:12345/mydb?directConnection=true&serverSelectionTimeoutMS=5000",
 			},
 		},
 		{
@@ -399,7 +399,7 @@ func TestCLICommandBuilderGetConnectCommand(t *testing.T) {
 				},
 			},
 			cmd: []string{"mongosh",
-				"mongodb://localhost:12345/mydb?serverSelectionTimeoutMS=5000",
+				"mongodb://localhost:12345/mydb?directConnection=true&serverSelectionTimeoutMS=5000",
 			},
 		},
 		{
@@ -411,7 +411,7 @@ func TestCLICommandBuilderGetConnectCommand(t *testing.T) {
 				execOutput: map[string][]byte{}, // Cannot find either bin.
 			},
 			cmd: []string{"mongosh",
-				"mongodb://localhost:12345/mydb?serverSelectionTimeoutMS=5000",
+				"mongodb://localhost:12345/mydb?directConnection=true&serverSelectionTimeoutMS=5000",
 			},
 		},
 		{
@@ -427,7 +427,7 @@ func TestCLICommandBuilderGetConnectCommand(t *testing.T) {
 				},
 			},
 			cmd: []string{"mongo",
-				"mongodb://localhost:12345/docdb?serverSelectionTimeoutMS=5000",
+				"mongodb://localhost:12345/docdb?directConnection=true&serverSelectionTimeoutMS=5000",
 			},
 			wantErr: false,
 		},
@@ -442,7 +442,7 @@ func TestCLICommandBuilderGetConnectCommand(t *testing.T) {
 				},
 			},
 			cmd: []string{"mongosh",
-				"mongodb://localhost:12345/docdb?serverSelectionTimeoutMS=5000",
+				"mongodb://localhost:12345/docdb?directConnection=true&serverSelectionTimeoutMS=5000",
 				"--retryWrites=false",
 			},
 			wantErr: false,