From eeaeda335bd2b2f34cda0dfb429064f61baede82 Mon Sep 17 00:00:00 2001
From: Chye Lin Chee <chyelin.chee@mongodb.com>
Date: Thu, 19 Mar 2026 10:25:28 -0700
Subject: [PATCH] SERVER-121808 Add gRPC gate for proxy UDS tests (#49792)

GitOrigin-RevId: c7b1e1c66d9d17f3981e917d428191d9d1ca7fc1
---
 .../auth/client_source_authentication_restriction_mode.js   | 6 ++++++
 .../server-security/dollar_audit_mixed_version_mongods.js   | 2 +-
 .../load_balanced_server_status_metrics.js                  | 1 +
 jstests/sharding/proxy_protocol_connect.js                  | 1 +
 jstests/ssl/ssl_x509_roles.js                               | 2 +-
 jstests/ssl/x509_client.js                                  | 2 +-
 6 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/jstests/auth/client_source_authentication_restriction_mode.js b/jstests/auth/client_source_authentication_restriction_mode.js
index 9e593849f17..6cc83fe6621 100644
--- a/jstests/auth/client_source_authentication_restriction_mode.js
+++ b/jstests/auth/client_source_authentication_restriction_mode.js
@@ -13,6 +13,12 @@ if (!isLinux()) {
     quit();
 }
 
+// Proxy protocol is not supported over gRPC.
+if (jsTestOptions().shellGRPC) {
+    jsTestLog("Test is not compatible with gRPC.");
+    quit();
+}
+
 function runTest(mongosCon, mode, proxyIngressAddress, proxyIngressPort, restrictionAddress) {
     // Use a direct, non-proxied connection to the server to run setup operations.
     const adminMongo = new Mongo(mongosCon.host);
diff --git a/jstests/multiVersion/genericBinVersion/server-security/dollar_audit_mixed_version_mongods.js b/jstests/multiVersion/genericBinVersion/server-security/dollar_audit_mixed_version_mongods.js
index 23a3d13264e..7dc3bf149d2 100644
--- a/jstests/multiVersion/genericBinVersion/server-security/dollar_audit_mixed_version_mongods.js
+++ b/jstests/multiVersion/genericBinVersion/server-security/dollar_audit_mixed_version_mongods.js
@@ -155,7 +155,7 @@ function testDollarAuditPropagation(st, fcv, isLoadBalanced = false, proxy_serve
     st.stop();
 }
 
-{
+if (!_isWindows() && !jsTestOptions().shellGRPC) {
     // Test the expected metadata is propagated in a load balanced cluster using the latestFCV.
     jsTest.log(
         `Testing FCV ${latestFCV} metadata propagation in sharded cluster with mixed versions with a load balanced connection`,
diff --git a/jstests/sharding/load_balancer_support/load_balanced_server_status_metrics.js b/jstests/sharding/load_balancer_support/load_balanced_server_status_metrics.js
index aa2bb250c34..32130337518 100644
--- a/jstests/sharding/load_balancer_support/load_balanced_server_status_metrics.js
+++ b/jstests/sharding/load_balancer_support/load_balanced_server_status_metrics.js
@@ -3,6 +3,7 @@
  * @tags: [
  *   # TODO (SERVER-85629): Re-enable this test once redness is resolved in multiversion suites.
  *   DISABLED_TEMPORARILY_DUE_TO_FCV_UPGRADE,
+ *   grpc_incompatible,
  *   requires_fcv_80,
  * ]
  */
diff --git a/jstests/sharding/proxy_protocol_connect.js b/jstests/sharding/proxy_protocol_connect.js
index 2148a64538b..4b075246e8a 100644
--- a/jstests/sharding/proxy_protocol_connect.js
+++ b/jstests/sharding/proxy_protocol_connect.js
@@ -1,6 +1,7 @@
 /**
  * Validate we can connect over the proxy protocol port with the protocol appended.
  * @tags: [
+ *   grpc_incompatible,
  *   requires_fcv_52,
  * ]
  */
diff --git a/jstests/ssl/ssl_x509_roles.js b/jstests/ssl/ssl_x509_roles.js
index 5d1013490c3..563b14bcbcf 100644
--- a/jstests/ssl/ssl_x509_roles.js
+++ b/jstests/ssl/ssl_x509_roles.js
@@ -161,7 +161,7 @@ jsTest.log.info("4. Testing x.509 auth to mongos with x509 roles disabled");
 // forwards X.509 identity (DN + roles) via PROXY protocol v2 TLVs over a Unix domain socket.
 // Architecture:  [shell] --TLS--> [proxy] --PP2+UDS--> [mongod/mongos]
 // ============================================================================
-if (!isWindows) {
+if (!isWindows && !jsTestOptions().shellGRPC) {
     /**
      * Creates a proxy protocol server that terminates TLS on ingress, extracts the client cert DN
      * and mongoRoles extension from the TLS handshake, and forwards them as PP2 TLVs to the
diff --git a/jstests/ssl/x509_client.js b/jstests/ssl/x509_client.js
index 116198fc184..2b8ffd49c19 100644
--- a/jstests/ssl/x509_client.js
+++ b/jstests/ssl/x509_client.js
@@ -148,7 +148,7 @@ const x509_options = {
 // forwards X.509 identity via PROXY protocol v2 TLVs over a Unix domain socket.
 // Architecture:  [shell] --TLS--> [proxy] --PP2+UDS--> [mongod/mongos]
 // ============================================================================
-if (!isWindows) {
+if (!isWindows && !jsTestOptions().shellGRPC) {
     /**
      * Creates a proxy protocol server that terminates TLS on ingress, extracts the client cert DN
      * (and roles if present) from the TLS handshake, and forwards them as PP2 TLVs to the target's