Fix CA rotation watcher not starting when database svc enabled w/ no …

…cfg (#13470) * fix CA rotation watcher not starting when database svc enabled w/ no cfg * move shouldInitDatabase test to db_test.go and t.Parallel()
gravitational · Jun 15, 2022 · 5b6e9b6 · 5b6e9b6
1 parent b2b2312
commit 5b6e9b6
Show file tree

Hide file tree

Showing 4 changed files with 86 additions and 13 deletions.
diff --git a/lib/service/db.go b/lib/service/db.go
@@ -31,12 +31,16 @@ import (
 	"github.com/gravitational/trace"
 )
 
+func (process *TeleportProcess) shouldInitDatabases() bool {
+	databasesCfg := len(process.Config.Databases.Databases) > 0
+	resourceMatchersCfg := len(process.Config.Databases.ResourceMatchers) > 0
+	awsMatchersCfg := len(process.Config.Databases.AWSMatchers) > 0
+	anyCfg := databasesCfg || resourceMatchersCfg || awsMatchersCfg
+
+	return process.Config.Databases.Enabled && anyCfg
+}
+
 func (process *TeleportProcess) initDatabases() {
-	if len(process.Config.Databases.Databases) == 0 &&
-		len(process.Config.Databases.ResourceMatchers) == 0 &&
-		len(process.Config.Databases.AWSMatchers) == 0 {
-		return
-	}
 	process.registerWithAuthServer(types.RoleDatabase, DatabasesIdentityEvent)
 	process.RegisterCriticalFunc("db.init", process.initDatabaseService)
 }

diff --git a/lib/service/db_test.go b/lib/service/db_test.go
@@ -0,0 +1,69 @@
+/*
+Copyright 2022 Gravitational, Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+package service
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/require"
+)
+
+func TestTeleportProcess_shouldInitDatabases(t *testing.T) {
+	t.Parallel()
+	tests := []struct {
+		name   string
+		config DatabasesConfig
+		want   bool
+	}{
+		{
+			name: "disabled",
+			config: DatabasesConfig{
+				Enabled: false,
+			},
+			want: false,
+		},
+		{
+			name: "enabled but no config",
+			config: DatabasesConfig{
+				Enabled: true,
+			},
+			want: false,
+		},
+		{
+			name: "enabled with config",
+			config: DatabasesConfig{
+				Enabled: true,
+				Databases: []Database{
+					{
+						Name: "foo",
+					},
+				},
+			},
+			want: true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			p := &TeleportProcess{
+				Config: &Config{
+					Databases: tt.config,
+				},
+			}
+			require.Equal(t, tt.want, p.shouldInitDatabases())
+		})
+	}
+}
diff --git a/lib/service/service.go b/lib/service/service.go
@@ -673,7 +673,7 @@ func NewTeleport(cfg *Config, opts ...NewTeleportOption) (*TeleportProcess, erro
 	// create the data directory if it's missing
 	_, err = os.Stat(cfg.DataDir)
 	if os.IsNotExist(err) {
-		err := os.MkdirAll(cfg.DataDir, os.ModeDir|0700)
+		err := os.MkdirAll(cfg.DataDir, os.ModeDir|0o700)
 		if err != nil {
 			if errors.Is(err, fs.ErrPermission) {
 				cfg.Log.Errorf("Teleport does not have permission to write to: %v. Ensure that you are running as a user with appropriate permissions.", cfg.DataDir)
@@ -874,7 +874,7 @@ func NewTeleport(cfg *Config, opts ...NewTeleportOption) (*TeleportProcess, erro
 	if cfg.Apps.Enabled {
 		eventMapping.In = append(eventMapping.In, AppsReady)
 	}
-	if cfg.Databases.Enabled {
+	if process.shouldInitDatabases() {
 		eventMapping.In = append(eventMapping.In, DatabasesReady)
 	}
 	if cfg.Metrics.Enabled {
@@ -930,7 +930,7 @@ func NewTeleport(cfg *Config, opts ...NewTeleportOption) (*TeleportProcess, erro
 		warnOnErr(process.closeImportedDescriptors(teleport.ComponentApp), process.log)
 	}
 
-	if cfg.Databases.Enabled {
+	if process.shouldInitDatabases() {
 		process.initDatabases()
 		serviceStarted = true
 	} else {
@@ -968,7 +968,7 @@ func NewTeleport(cfg *Config, opts ...NewTeleportOption) (*TeleportProcess, erro
 
 	// create the new pid file only after started successfully
 	if cfg.PIDFile != "" {
-		f, err := os.OpenFile(cfg.PIDFile, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0666)
+		f, err := os.OpenFile(cfg.PIDFile, os.O_CREATE|os.O_WRONLY|os.O_TRUNC, 0o666)
 		if err != nil {
 			return nil, trace.ConvertSystemError(err)
 		}
@@ -2214,7 +2214,7 @@ func (process *TeleportProcess) initUploaderService(uploaderCfg filesessions.Upl
 	for i := 1; i < len(path); i++ {
 		dir := filepath.Join(path[:i+1]...)
 		log.Infof("Creating directory %v.", dir)
-		err := os.Mkdir(dir, 0755)
+		err := os.Mkdir(dir, 0o755)
 		err = trace.ConvertSystemError(err)
 		if err != nil {
 			if !trace.IsAlreadyExists(err) {
@@ -4255,10 +4255,10 @@ func initSelfSignedHTTPSCert(cfg *Config) (err error) {
 		return trace.Wrap(err)
 	}
 
-	if err := os.WriteFile(keyPath, creds.PrivateKey, 0600); err != nil {
+	if err := os.WriteFile(keyPath, creds.PrivateKey, 0o600); err != nil {
 		return trace.Wrap(err, "error writing key PEM")
 	}
-	if err := os.WriteFile(certPath, creds.Cert, 0600); err != nil {
+	if err := os.WriteFile(certPath, creds.Cert, 0o600); err != nil {
 		return trace.Wrap(err, "error writing key PEM")
 	}
 	return nil

diff --git a/lib/service/service_test.go b/lib/service/service_test.go
@@ -211,7 +211,7 @@ func TestServiceCheckPrincipals(t *testing.T) {
 		ServerIdentity: tlsServer.Identity,
 	}
 
-	var tests = []struct {
+	tests := []struct {
 		inPrincipals  []string
 		inDNS         []string
 		outRegenerate bool