From c2f33fe4335beeeccc647d6bcfa0b61d4b45c8f8 Mon Sep 17 00:00:00 2001
From: Tiago Silva <tiago.silva@goteleport.com>
Date: Fri, 25 Apr 2025 20:17:55 +0100
Subject: [PATCH] fix: fixes a possible panic during auth start if upsert
 operation fails

This PR fixes a possible panic caused by a failure caused by a backend
failure. If the failure occurs, we replaced the user object with the
result of the `{Upsert|Create}User` operation. If the operation fails,
both calls return `nil, err` and when building the error stream, we
accessed a nil user.

Signed-off-by: Tiago Silva <tiago.silva@goteleport.com>
---
 lib/auth/init.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/auth/init.go b/lib/auth/init.go
index 6b8f6fbbfe499..2c7c32f5e46b3 100644
--- a/lib/auth/init.go
+++ b/lib/auth/init.go
@@ -1223,13 +1223,13 @@ func createPresetUsers(ctx context.Context, um PresetUsers) error {
 
 		if types.IsSystemResource(user) {
 			// System resources *always* get reset on every auth startup
-			if user, err := um.UpsertUser(ctx, user); err != nil {
+			if _, err := um.UpsertUser(ctx, user); err != nil {
 				return trace.Wrap(err, "failed upserting system user %s", user.GetName())
 			}
 			continue
 		}
 
-		if user, err := um.CreateUser(ctx, user); err != nil && !trace.IsAlreadyExists(err) {
+		if _, err := um.CreateUser(ctx, user); err != nil && !trace.IsAlreadyExists(err) {
 			return trace.Wrap(err, "failed creating preset user %s", user.GetName())
 		}
 	}