Skip to main content

mongodb_session resource

Use the mongodb_session Chef InSpec audit resource to run MongoDB command against a MongoDB Database.



This resource is distributed with Chef InSpec and is automatically available for use.


A mongodb_session resource block declares the user, password, and database to use for the session and then the command to be run:

describe mongodb_session(user: “username”, password: “password”, database: “test”).query(key: value) do its(“params”) { should match(/expected-result/) } end


  • mongodb_session declares a user, password, and database, connecting locally, with permission to run the query.
  • query contains the query to be run.
  • its("params") { should eq(/expected-result/) } compares the results of the query against the expected result in the test

Optional Parameters

The mongodb_session InSpec resource accepts user, password, host, port, auth_source, auth_mech, ssl, ssl_cert, ssl_ca_cert, and auth_mech_properties parameters.

In Particular:


The server host IP address. Default value:


The server port. Default value: 27017.


The authentication mechanism. The available options are: :scram, :scram256, :mongodb_x509, and :aws. Default value: :scram.

See the MongoDB documentation on Ruby driver authentication for more information.


The database where the user’s authentication credentials are stored. The default value is the database name that is passed as a parameter to the resource.


Whether to use the SSL security protocol or not. Set to true to use SSL transport, default value: false. See the MongoDB documentation on Ruby Driver authentication for more information.


Path to the SSL certificate file.


Path to the SSL Certificate Authority (CA) certificate file.


Path to SSL key file.


A hash of the authentication mechanism properties. This option is generally used with the AWS authentication mechanism. See the MongoDB documentation on Ruby Driver authentication using AWS for more information.

MongoDB Query Reference Documentation

This resource uses the MongoDB Ruby Driver to fetch the data.


The following examples show how to use this Chef InSpec audit resource.

Test the roles information using the rolesInfo command in MongoDB

describe mongodb_session(user: "foo", password: "bar", database: "test").query(rolesInfo: "dbAdmin").params["roles"].first do
  its(["role"]) { should eq "dbAdmin" }

Test the MongoDB user role

describe mongodb_session(user: "foo", password: "bar", database: "test").query(usersInfo: "foo").params["users"].first["roles"].first do
  its(["role"]) { should eq "readWrite" }

Test the database parameters

describe mongodb_session(user: "foo", password: "bar", database: "test").query(rolesInfo: "dbAdmin") do
  its("params") { should_not be_empty }
  its("params") { should include "roles" }


For a full list of available matchers, see our Universal Matchers page.

This resource has the following special matchers.


The params contains all the query data.

Edit this page on GitHub

Thank you for your feedback!


Search Results