Skip to content

Commit

Permalink
Gracefully degrade tsh db ls in case fetching roles fails. (#12318)
Browse files Browse the repository at this point in the history
Tener authored Apr 29, 2022

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature.
1 parent 8c24aff commit 8e0421e
Showing 3 changed files with 12 additions and 5 deletions.
2 changes: 1 addition & 1 deletion tool/tsh/db.go
Original file line number Diff line number Diff line change
@@ -71,7 +71,7 @@ func onListDatabases(cf *CLIConf) error {

roleSet, err := services.FetchRoles(profile.Roles, cluster, profile.Traits)
if err != nil {
return trace.Wrap(err)
log.Debugf("Failed to fetch user roles: %v.", err)
}

sort.Slice(databases, func(i, j int) bool {
5 changes: 5 additions & 0 deletions tool/tsh/tsh.go
Original file line number Diff line number Diff line change
@@ -1705,6 +1705,11 @@ func serializeDatabases(databases []types.Database, format string) (string, erro
}

func getUsersForDb(database types.Database, roleSet services.RoleSet) string {
// may happen if fetching the role set failed for any reason.
if roleSet == nil {
return "(unknown)"
}

dbUsers := roleSet.EnumerateDatabaseUsers(database)
allowed := dbUsers.Allowed()

10 changes: 6 additions & 4 deletions tool/tsh/tsh_test.go
Original file line number Diff line number Diff line change
@@ -2100,34 +2100,36 @@ func Test_getUsersForDb(t *testing.T) {
database: dbProd,
result: "[dev]",
},

{
name: "roleDevStage x dbStage",
roles: services.RoleSet{roleDevStage},
database: dbStage,
result: "[*], except: [superuser]",
},

{
name: "roleDevStage x dbProd",
roles: services.RoleSet{roleDevStage},
database: dbProd,
result: "(none)",
},

{
name: "roleDevProd x dbStage",
roles: services.RoleSet{roleDevProd},
database: dbStage,
result: "(none)",
},

{
name: "roleDevProd x dbProd",
roles: services.RoleSet{roleDevProd},
database: dbProd,
result: "[dev]",
},
{
name: "no role set",
roles: nil,
database: dbProd,
result: "(unknown)",
},
}

for _, tc := range testCases {

0 comments on commit 8e0421e

Please sign in to comment.