From e5071b2ce7c18ae8dca60c0a4bfdda5ef5daa1bd Mon Sep 17 00:00:00 2001 From: Zac Bergquist Date: Thu, 31 Oct 2024 14:59:56 -0600 Subject: [PATCH] Properly default auth's storage config Most of our tests override cfg.DataDir, but auth's storage config still uses a hard-coded /var/lib/teleport for backend state. Instead of fixing this in a bunch of tests, we stop defaulting to /var/lib/teleport and set the storage dir only after we know what the configured data dir is. --- lib/service/service.go | 2 +- lib/service/servicecfg/config.go | 11 ++++++++++- lib/service/servicecfg/config_test.go | 3 +-- 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/lib/service/service.go b/lib/service/service.go index cef1270059802..91a3d7f04d0e1 100644 --- a/lib/service/service.go +++ b/lib/service/service.go @@ -6135,8 +6135,8 @@ func warnOnErr(ctx context.Context, err error, log *slog.Logger) { // initAuthStorage initializes the storage backend for the auth service. func (process *TeleportProcess) initAuthStorage() (backend.Backend, error) { ctx := context.TODO() - process.logger.DebugContext(process.ExitContext(), "Initializing auth backend.", "backend", process.Config.Auth.StorageConfig.Type) bc := process.Config.Auth.StorageConfig + process.logger.DebugContext(process.ExitContext(), "Initializing auth backend.", "type", bc.Type) bk, err := backend.New(ctx, bc.Type, bc.Params) if err != nil { return nil, trace.Wrap(err) diff --git a/lib/service/servicecfg/config.go b/lib/service/servicecfg/config.go index c64af7c0ff498..7aa7a4285acab 100644 --- a/lib/service/servicecfg/config.go +++ b/lib/service/servicecfg/config.go @@ -555,7 +555,7 @@ func ApplyDefaults(cfg *Config) { cfg.Auth.Enabled = true cfg.Auth.ListenAddr = *defaults.AuthListenAddr() cfg.Auth.StorageConfig.Type = lite.GetName() - cfg.Auth.StorageConfig.Params = backend.Params{defaults.BackendPath: filepath.Join(cfg.DataDir, defaults.BackendDir)} + cfg.Auth.StorageConfig.Params = make(backend.Params) cfg.Auth.StaticTokens = types.DefaultStaticTokens() cfg.Auth.AuditConfig = types.DefaultClusterAuditConfig() cfg.Auth.NetworkingConfig = types.DefaultClusterNetworkingConfig() @@ -657,6 +657,15 @@ func ValidateConfig(cfg *Config) error { return trace.BadParameter("config: please supply data directory") } + if cfg.Auth.Enabled { + if cfg.Auth.StorageConfig.Params.GetString(defaults.BackendPath) == "" { + if cfg.Auth.StorageConfig.Params == nil { + cfg.Auth.StorageConfig.Params = make(backend.Params) + } + cfg.Auth.StorageConfig.Params[defaults.BackendPath] = filepath.Join(cfg.DataDir, defaults.BackendDir) + } + } + for i := range cfg.Auth.Authorities { if err := services.ValidateCertAuthority(cfg.Auth.Authorities[i]); err != nil { return trace.Wrap(err) diff --git a/lib/service/servicecfg/config_test.go b/lib/service/servicecfg/config_test.go index d1d49c81342e1..86797e8fb0d8b 100644 --- a/lib/service/servicecfg/config_test.go +++ b/lib/service/servicecfg/config_test.go @@ -22,7 +22,6 @@ import ( "fmt" "io" "log/slog" - "path/filepath" "regexp" "strings" "testing" @@ -88,7 +87,7 @@ func TestDefaultConfig(t *testing.T) { require.Equal(t, localAuthAddr, auth.ListenAddr) require.Equal(t, int64(defaults.LimiterMaxConnections), auth.Limiter.MaxConnections) require.Equal(t, lite.GetName(), config.Auth.StorageConfig.Type) - require.Equal(t, filepath.Join(config.DataDir, defaults.BackendDir), auth.StorageConfig.Params[defaults.BackendPath]) + require.Empty(t, auth.StorageConfig.Params[defaults.BackendPath]) // SSH section ssh := config.SSH