From 58cc0245d0e37ef10422052eaecbb088b12e0b21 Mon Sep 17 00:00:00 2001
From: Gabriel Corado <gabriel.oliveira@goteleport.com>
Date: Tue, 26 Dec 2023 15:35:20 -0300
Subject: [PATCH] refactor(types): change role signup string return

---
 api/types/provisioning_test.go |  7 +++++++
 api/types/system_role.go       |  6 +++---
 lib/auth/auth_test.go          | 22 ++++++++++++++++++++++
 3 files changed, 32 insertions(+), 3 deletions(-)

diff --git a/api/types/provisioning_test.go b/api/types/provisioning_test.go
index 3bed97a57c81a..1a6ebc6219911 100644
--- a/api/types/provisioning_test.go
+++ b/api/types/provisioning_test.go
@@ -965,3 +965,10 @@ func TestProvisionTokenV2_CaseInsensitiveRoles(t *testing.T) {
 		require.Equal(t, SystemRoles{RoleNode, RoleAuth}, tok.GetRoles())
 	})
 }
+
+func TestProvisionTokenV2_SignupRole(t *testing.T) {
+	t.Parallel()
+	tok, err := NewProvisionToken("token", SystemRoles{RoleSignup}, time.Now())
+	require.NoError(t, err)
+	require.Equal(t, SystemRoles{RoleSignup}, tok.GetRoles())
+}
diff --git a/api/types/system_role.go b/api/types/system_role.go
index 1de865f7aecca..a98c04e06032d 100644
--- a/api/types/system_role.go
+++ b/api/types/system_role.go
@@ -264,11 +264,11 @@ func (r *SystemRole) Set(v string) error {
 	return nil
 }
 
-// String returns debug-friendly representation of this teleport role.
+// String returns the system role string representation. Returned values must
+// match (case-insensitive) the role mappings; otherwise, the validation check
+// will fail.
 func (r *SystemRole) String() string {
 	switch *r {
-	case RoleSignup:
-		return "Password"
 	case RoleTrustedCluster:
 		return "trusted_cluster"
 	default:
diff --git a/lib/auth/auth_test.go b/lib/auth/auth_test.go
index da09bac3d0e8a..2bef43c0cbb0a 100644
--- a/lib/auth/auth_test.go
+++ b/lib/auth/auth_test.go
@@ -3339,3 +3339,25 @@ func TestInstallerCRUD(t *testing.T) {
 	require.Error(t, err)
 	require.True(t, trace.IsNotFound(err))
 }
+
+func TestGetTokens(t *testing.T) {
+	t.Parallel()
+	s := newAuthSuite(t)
+	ctx := context.Background()
+
+	_, _, err := CreateUserAndRole(s.a, "username", []string{"username"}, nil)
+	require.NoError(t, err)
+	_, err = s.a.CreateResetPasswordToken(ctx, CreateUserTokenRequest{
+		Name: "username",
+		TTL:  time.Minute,
+		Type: UserTokenTypeResetPasswordInvite,
+	})
+	require.NoError(t, err)
+
+	for _, role := range types.LocalServiceMappings() {
+		generateTestToken(ctx, t, types.SystemRoles{role}, s.a.GetClock().Now().Add(time.Minute*30), s.a)
+	}
+
+	_, err = s.a.GetTokens(ctx)
+	require.NoError(t, err)
+}