diff --git a/integration/helpers/instance.go b/integration/helpers/instance.go index 2cf0995cef4fe..5635dd4c33a6b 100644 --- a/integration/helpers/instance.go +++ b/integration/helpers/instance.go @@ -672,7 +672,7 @@ func (i *TeleInstance) createTeleportProcess(tconf *servicecfg.Config) (*service } // CreateWithConf creates a new instance of Teleport using the supplied config -func (i *TeleInstance) CreateWithConf(_ *testing.T, tconf *servicecfg.Config) error { +func (i *TeleInstance) CreateWithConf(t *testing.T, tconf *servicecfg.Config) error { i.Config = tconf var err error i.Process, err = i.createTeleportProcess(tconf) @@ -689,7 +689,7 @@ func (i *TeleInstance) CreateWithConf(_ *testing.T, tconf *servicecfg.Config) er // create users and roles if they don't exist, or sign their keys if they're // already present auth := i.Process.GetAuthServer() - ctx := context.TODO() + ctx := t.Context() for _, user := range i.Secrets.Users { teleUser, err := types.NewUser(user.Username) @@ -1379,6 +1379,18 @@ func (i *TeleInstance) Start() error { "received_events_count", len(receivedEvents), ) + // Wait for any SSH instances to be visible in the inventory before returning + // to prevent any immediate connection attempts from failing because the host + // has not yet been propagated to the caches. + expectedNodes := len(i.Nodes) + if i.Config.SSH.Enabled { + expectedNodes++ + } + + if err := i.WaitForNodeCount(context.Background(), i.Secrets.SiteName, expectedNodes); err != nil { + return trace.Wrap(err) + } + return nil } @@ -1957,6 +1969,10 @@ func (i *TeleInstance) WaitForNodeCount(ctx context.Context, clusterName string, iterWaitTime = time.Second ) + if count <= 0 || i.Config == nil || !i.Config.Auth.Enabled || !i.Config.Proxy.Enabled { + return nil + } + err := retryutils.RetryStaticFor(deadline, iterWaitTime, func() error { cluster, err := i.Tunnel.Cluster(ctx, clusterName) if err != nil { diff --git a/integration/hostuser_test.go b/integration/hostuser_test.go index d614be3ec9ee2..f5db6b65f704f 100644 --- a/integration/hostuser_test.go +++ b/integration/hostuser_test.go @@ -680,8 +680,6 @@ func TestRootLoginAsHostUser(t *testing.T) { require.NoError(t, instance.StopAll()) }) - instance.WaitForNodeCount(context.Background(), helpers.Site, 1) - tests := []struct { name string command []string @@ -759,6 +757,7 @@ func TestRootStaticHostUsers(t *testing.T) { require.NoError(t, instance.StopAll()) }) nodeCfg := servicecfg.MakeDefaultConfig() + nodeCfg.SSH.DisableCreateHostUser = false nodeCfg.SSH.Labels = map[string]string{ "foo": "bar", } diff --git a/integration/integration_test.go b/integration/integration_test.go index ce0978d09ebcd..ebee0ab262bc5 100644 --- a/integration/integration_test.go +++ b/integration/integration_test.go @@ -218,10 +218,7 @@ func testDifferentPinnedIP(t *testing.T, suite *integrationTestSuite) { tconf := suite.defaultServiceConfig() tconf.Auth.Enabled = true tconf.Proxy.Enabled = true - tconf.Proxy.DisableWebService = true - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = true - tconf.SSH.DisableCreateHostUser = true teleInstance := suite.NewTeleportInstance(t) @@ -240,8 +237,6 @@ func testDifferentPinnedIP(t *testing.T, suite *integrationTestSuite) { site := teleInstance.GetSiteAPI(helpers.Site) require.NotNil(t, site) - require.NoError(t, teleInstance.WaitForNodeCount(t.Context(), helpers.Site, 1)) - connectionProblem := func(t require.TestingT, err error, i ...any) { require.Error(t, err, i...) require.True(t, trace.IsConnectionProblem(err), "expected a connection problem error, got: %v", err) @@ -298,10 +293,7 @@ func testAuthLocalNodeControlStream(t *testing.T, suite *integrationTestSuite) { tconf := suite.defaultServiceConfig() tconf.Auth.Enabled = true tconf.Proxy.Enabled = true - tconf.Proxy.DisableWebService = true - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = true - tconf.SSH.DisableCreateHostUser = true // deliberately create a teleport instance that will end up binding // unspecified addr (`0.0.0.0`/`::`). we use this further down to confirm @@ -423,8 +415,6 @@ func testAuditOn(t *testing.T, suite *integrationTestSuite) { tconf.Auth.AuditConfig = auditConfig tconf.Auth.SessionRecordingConfig = recConfig tconf.Proxy.Enabled = true - tconf.Proxy.DisableWebService = true - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = true return t, nil, nil, tconf } @@ -446,7 +436,7 @@ func testAuditOn(t *testing.T, suite *integrationTestSuite) { site := teleport.GetSiteAPI(helpers.Site) require.NotNil(t, site) - ctx := context.Background() + ctx := t.Context() // wait for both nodes to show up, otherwise // we'll have trouble connecting to the node below. @@ -747,7 +737,6 @@ func (s *integrationTestSuite) newTeleportIoT(t *testing.T, logins []string) *he tconf.Proxy.Enabled = true tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = false @@ -786,7 +775,7 @@ func replaceNewlines(in string) string { // TestUUIDBasedProxy verifies that attempts to proxy to nodes using ambiguous // hostnames fails with the correct error, and that proxying by UUID succeeds. func testUUIDBasedProxy(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() tr := utils.NewTracer(utils.ThisFunction()).Start() defer tr.Stop() @@ -835,7 +824,7 @@ func testUUIDBasedProxy(t *testing.T, suite *integrationTestSuite) { // testSSHTracker verifies that an SSH session creates a tracker for sessions. func testSSHTracker(t *testing.T, suite *integrationTestSuite) { - ctx, cancel := context.WithCancel(context.Background()) + ctx, cancel := context.WithCancel(t.Context()) defer cancel() teleport := suite.newTeleport(t, nil, true) @@ -896,7 +885,7 @@ func testInteractiveReverseTunnel(t *testing.T, suite *integrationTestSuite) { } func testSessionRecordingModes(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() tr := utils.NewTracer(utils.ThisFunction()).Start() defer tr.Stop() @@ -909,8 +898,6 @@ func testSessionRecordingModes(t *testing.T, suite *integrationTestSuite) { cfg := suite.defaultServiceConfig() cfg.Auth.Enabled = true cfg.Auth.SessionRecordingConfig = recConfig - cfg.Proxy.DisableWebService = true - cfg.Proxy.DisableWebInterface = true cfg.Proxy.Enabled = true cfg.SSH.Enabled = true @@ -961,7 +948,6 @@ func testSessionRecordingModes(t *testing.T, suite *integrationTestSuite) { filesessions.SetOpenFileFunc(os.OpenFile) } - teleport.WaitForNodeCount(ctx, helpers.Site, 1) for name, test := range map[string]struct { recordingMode constants.SessionRecordingMode expectSessionFailure bool @@ -1121,7 +1107,7 @@ func testLeafProxySessionRecording(t *testing.T, suite *integrationTestSuite) { }) require.NoError(t, err) - ctx := context.Background() + ctx := t.Context() clt, err := tc.ConnectToCluster(ctx) require.NoError(t, err) t.Cleanup(func() { @@ -1229,8 +1215,6 @@ func testCustomReverseTunnel(t *testing.T, suite *integrationTestSuite) { conf.Auth.Enabled = true conf.Proxy.Enabled = true conf.Proxy.DisableWebService = false - conf.Proxy.DisableWebInterface = true - conf.Proxy.DisableDatabaseProxy = true conf.Proxy.TunnelPublicAddrs = []utils.NetAddr{ { // Connect on the address that refuses connection on purpose @@ -1463,7 +1447,7 @@ func testIPPropagation(t *testing.T, suite *integrationTestSuite) { testGRPCNodeConnection := func(t *testing.T, instance *helpers.TeleInstance, clusterName, nodeName string) { person := NewTerminal(250) - ctx := context.Background() + ctx := t.Context() tc, err := instance.NewClient(helpers.ClientConfig{ Login: suite.Me.Username, @@ -1512,7 +1496,7 @@ func testIPPropagation(t *testing.T, suite *integrationTestSuite) { } testGRPCAuthConnection := func(t *testing.T, instance *helpers.TeleInstance, clusterName string) { - ctx := context.Background() + ctx := t.Context() tc, err := instance.NewClient(helpers.ClientConfig{ Login: suite.Me.Username, @@ -1716,7 +1700,7 @@ func testShutdown(t *testing.T, suite *integrationTestSuite) { tc.Stdin = term tc.Stdout = term - sshCtx, sshCancel := context.WithCancel(context.Background()) + sshCtx, sshCancel := context.WithCancel(t.Context()) t.Cleanup(sshCancel) go func() { sshErr <- tc.SSH(sshCtx, nil) @@ -1741,7 +1725,7 @@ func testShutdown(t *testing.T, suite *integrationTestSuite) { require.NoError(t, err) go func() { - err := utils.ProxyConn(context.Background(), term, stream) + err := utils.ProxyConn(t.Context(), term, stream) sshErr <- err }() }, @@ -1757,7 +1741,6 @@ func testShutdown(t *testing.T, suite *integrationTestSuite) { cfg.Auth.Enabled = true cfg.Auth.Preference.SetSecondFactor("off") cfg.Proxy.DisableWebService = false - cfg.Proxy.DisableWebInterface = true cfg.Proxy.Enabled = true cfg.SSH.Enabled = true @@ -1788,7 +1771,7 @@ func testShutdown(t *testing.T, suite *integrationTestSuite) { }, 10*time.Second, 200*time.Millisecond) // initiate shutdown - shutdownContext := teleport.Process.StartShutdown(context.Background()) + shutdownContext := teleport.Process.StartShutdown(t.Context()) require.Eventually(t, func() bool { // TODO: check that we either get a connection that fully works or a connection refused error @@ -1909,14 +1892,9 @@ func testClientIdleConnection(t *testing.T, suite *integrationTestSuite) { netConfig := types.DefaultClusterNetworkingConfig() netConfig.SetClientIdleTimeout(3 * time.Second) - tconf := servicecfg.MakeDefaultConfig() + tconf := suite.defaultServiceConfig() tconf.SSH.Enabled = true - tconf.Logger = logtest.NewLogger() - tconf.Proxy.DisableWebService = true - tconf.Proxy.DisableWebInterface = true tconf.Auth.NetworkingConfig = netConfig - tconf.CircuitBreakerConfig = breaker.NoopBreakerConfig() - tconf.InstanceMetadataClient = imds.NewDisabledIMDSClient() instance := suite.NewTeleportWithConfig(t, nil, nil, tconf) t.Cleanup(func() { require.NoError(t, instance.StopAll()) }) @@ -1944,7 +1922,7 @@ func testClientIdleConnection(t *testing.T, suite *integrationTestSuite) { cl.Stdin = reader // Terminate the session after 2x the idle timeout - ctx, cancel := context.WithTimeout(context.Background(), netConfig.GetClientIdleTimeout()*2) + ctx, cancel := context.WithTimeout(t.Context(), netConfig.GetClientIdleTimeout()*2) defer cancel() sessionErr <- cl.SSH(ctx, nil) } @@ -2077,7 +2055,7 @@ func testDisconnectScenarios(t *testing.T, suite *integrationTestSuite) { } func runDisconnectTest(t *testing.T, suite *integrationTestSuite, tc disconnectTestCase) { - ctx, cancel := context.WithCancel(context.Background()) + ctx, cancel := context.WithCancel(t.Context()) defer cancel() teleport := suite.NewTeleportInstance(t) @@ -2107,8 +2085,6 @@ func runDisconnectTest(t *testing.T, suite *integrationTestSuite, tc disconnectT cfg.Auth.Enabled = true cfg.Auth.NetworkingConfig = netConfig cfg.Auth.SessionRecordingConfig = recConfig - cfg.Proxy.DisableWebService = true - cfg.Proxy.DisableWebInterface = true cfg.Proxy.Enabled = true cfg.SSH.Enabled = true @@ -2121,9 +2097,6 @@ func runDisconnectTest(t *testing.T, suite *integrationTestSuite, tc disconnectT tc.concurrentConns = 1 } - err = teleport.WaitForNodeCount(ctx, helpers.Site, 1) - require.NoError(t, err) - asyncErrors := make(chan error, 1) for range tc.concurrentConns { @@ -2242,7 +2215,7 @@ func enterInput(ctx context.Context, person *Terminal, command, pattern string) // testEnvironmentVariables validates that session specific environment // variables set by Teleport are present. func testEnvironmentVariables(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() tr := utils.NewTracer(utils.ThisFunction()).Start() defer tr.Stop() @@ -2299,7 +2272,7 @@ func testInvalidLogins(t *testing.T, suite *integrationTestSuite) { }) require.NoError(t, err) - err = tc.SSH(context.Background(), cmd) + err = tc.SSH(t.Context(), cmd) require.ErrorContains(t, err, "failed connecting to host localhost: looking up remote cluster \"wrong-site\"\n\tnot found") } @@ -2347,11 +2320,11 @@ func testTwoClustersTunnel(t *testing.T, suite *integrationTestSuite) { }) } - slog.InfoContext(context.Background(), "Tests done,cleaning up") + slog.InfoContext(t.Context(), "Tests done,cleaning up") } func twoClustersTunnel(t *testing.T, suite *integrationTestSuite, now time.Time, proxyRecordMode string, execCountSiteA, execCountSiteB int) { - ctx := context.Background() + ctx := t.Context() // start the http proxy, we need to make sure this was not used ph := &helpers.ProxyHandler{} ts := httptest.NewServer(ph) @@ -2378,16 +2351,12 @@ func twoClustersTunnel(t *testing.T, suite *integrationTestSuite, now time.Time, acfg := suite.defaultServiceConfig() acfg.Auth.Enabled = true acfg.Proxy.Enabled = true - acfg.Proxy.DisableWebService = true - acfg.Proxy.DisableWebInterface = true acfg.SSH.Enabled = true bcfg := suite.defaultServiceConfig() bcfg.Auth.Enabled = true bcfg.Auth.SessionRecordingConfig = recConfig bcfg.Proxy.Enabled = true - bcfg.Proxy.DisableWebService = true - bcfg.Proxy.DisableWebInterface = true bcfg.SSH.Enabled = false require.NoError(t, b.CreateEx(t, a.Secrets.AsSlice(), bcfg)) @@ -2464,9 +2433,6 @@ func twoClustersTunnel(t *testing.T, suite *integrationTestSuite, now time.Time, require.NoError(t, err) tc.Stdout = &outputB - // Wait for the target host to appear in the inventory before connecting to it. - b.WaitForNodeCount(ctx, b.Secrets.SiteName, 1) - err = tc.SSH(ctx, cmd) require.NoError(t, err) require.Equal(t, outputA.String(), outputB.String()) @@ -2583,7 +2549,7 @@ func testTwoClustersProxy(t *testing.T, suite *integrationTestSuite) { // and we switch to local persistent caches func testHA(t *testing.T, suite *integrationTestSuite) { t.Setenv("TELEPORT_UNSTABLE_SKIP_VERSION_UPGRADE_CHECK", "1") - ctx := context.Background() + ctx := t.Context() tr := utils.NewTracer(utils.ThisFunction()).Start() defer tr.Stop() @@ -2681,7 +2647,7 @@ func testHA(t *testing.T, suite *integrationTestSuite) { // TestMapRoles tests local to remote role mapping and access patterns func testMapRoles(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() tr := utils.NewTracer(utils.ThisFunction()).Start() defer tr.Stop() @@ -2710,7 +2676,6 @@ func testMapRoles(t *testing.T, suite *integrationTestSuite) { tconf := suite.defaultServiceConfig() tconf.SSH.Enabled = enableSSH tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true return t, nil, tconf } lib.SetInsecureDevMode(true) @@ -2990,7 +2955,7 @@ func standardPortsOrMuxSetup(t *testing.T, mux bool, fds *[]*servicecfg.FileDesc } func createAndUpdateTrustedClusters(t *testing.T, suite *integrationTestSuite, test trustedClusterTest) { - ctx := context.Background() + ctx := t.Context() username := suite.Me.Username clusterMain := "cluster-main" @@ -3033,7 +2998,6 @@ func createAndUpdateTrustedClusters(t *testing.T, suite *integrationTestSuite, t makeConfig := func(instance *helpers.TeleInstance, enableSSH bool) (*testing.T, *servicecfg.Config) { tconf := suite.defaultServiceConfig() tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = enableSSH tconf, err := instance.GenerateConfig(t, nil, tconf) require.NoError(t, err) @@ -3100,7 +3064,7 @@ func createAndUpdateTrustedClusters(t *testing.T, suite *integrationTestSuite, t } func trustedClusters(t *testing.T, suite *integrationTestSuite, test trustedClusterTest) { - ctx := context.Background() + ctx := t.Context() username := suite.Me.Username clusterMain := "cluster-main" @@ -3160,7 +3124,6 @@ func trustedClusters(t *testing.T, suite *integrationTestSuite, test trustedClus makeConfig := func(enableSSH bool) (*testing.T, []*helpers.InstanceSecrets, *servicecfg.Config) { tconf := suite.defaultServiceConfig() tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = enableSSH return t, nil, tconf } @@ -3343,7 +3306,7 @@ func trustedClusters(t *testing.T, suite *integrationTestSuite, test trustedClus } func trustedDisabledCluster(t *testing.T, suite *integrationTestSuite, test trustedClusterTest) { - ctx := context.Background() + ctx := t.Context() username := suite.Me.Username clusterMain := "cluster-main" @@ -3406,7 +3369,6 @@ func trustedDisabledCluster(t *testing.T, suite *integrationTestSuite, test trus makeConfig := func(instance *helpers.TeleInstance, enableSSH bool) (*testing.T, *servicecfg.Config) { tconf := suite.defaultServiceConfig() tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = enableSSH tconf, err := instance.GenerateConfig(t, nil, tconf) require.NoError(t, err) @@ -3483,7 +3445,7 @@ func trustedDisabledCluster(t *testing.T, suite *integrationTestSuite, test trus } func trustedClustersRoleMapChanges(t *testing.T, suite *integrationTestSuite, test trustedClusterTest) { - ctx := context.Background() + ctx := t.Context() username := suite.Me.Username clusterMain := "cluster-main" @@ -3545,7 +3507,6 @@ func trustedClustersRoleMapChanges(t *testing.T, suite *integrationTestSuite, te makeConfig := func(instance *helpers.TeleInstance, enableSSH bool) (*testing.T, *servicecfg.Config) { tconf := suite.defaultServiceConfig() tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = enableSSH tconf, err := instance.GenerateConfig(t, nil, tconf) require.NoError(t, err) @@ -3630,7 +3591,7 @@ func trustedClustersRoleMapChanges(t *testing.T, suite *integrationTestSuite, te } func testTrustedTunnelNode(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() username := suite.Me.Username clusterMain := "cluster-main" @@ -3654,7 +3615,6 @@ func testTrustedTunnelNode(t *testing.T, suite *integrationTestSuite) { makeConfig := func(enableSSH bool) (*testing.T, []*helpers.InstanceSecrets, *servicecfg.Config) { tconf := suite.defaultServiceConfig() tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = enableSSH tconf.CachePolicy.MaxRetryPeriod = time.Millisecond * 500 return t, nil, tconf @@ -3761,7 +3721,7 @@ func testTrustedTunnelNode(t *testing.T, suite *integrationTestSuite) { // Use assert package to get access to the returned error. In this way we can log it. if !assert.Eventually(t, func() bool { - err = tunnelClient.SSH(context.Background(), cmd) + err = tunnelClient.SSH(t.Context(), cmd) return err == nil }, 10*time.Second, 200*time.Millisecond) { require.FailNow(t, "Failed to established SSH connection", err) @@ -3775,7 +3735,7 @@ func testTrustedTunnelNode(t *testing.T, suite *integrationTestSuite) { } func testTrustedClusterAgentless(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() username := suite.Me.Username clusterMain := "cluster-main" @@ -3797,7 +3757,6 @@ func testTrustedClusterAgentless(t *testing.T, suite *integrationTestSuite) { makeConfig := func(enableSSH bool) (*testing.T, []*helpers.InstanceSecrets, *servicecfg.Config) { tconf := suite.defaultServiceConfig() tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = enableSSH return t, nil, tconf } @@ -3887,7 +3846,6 @@ func testTrustedClusterAgentless(t *testing.T, suite *integrationTestSuite) { err = main.WaitForNodeCount(ctx, clusterAux, 1) require.NoError(t, err) - // connect to leaf agentless node creds, err := helpers.GenerateUserCreds(helpers.UserCredsRequest{ Process: main.Process, @@ -3924,7 +3882,7 @@ func testTrustedClusterAgentless(t *testing.T, suite *integrationTestSuite) { // TestDiscoveryRecovers ensures that discovery protocol recovers from a bad discovery // state (all known proxies are offline). func testDiscoveryRecovers(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() tr := utils.NewTracer(utils.ThisFunction()).Start() defer tr.Stop() @@ -4059,7 +4017,7 @@ func testDiscoveryRecovers(t *testing.T, suite *integrationTestSuite) { // TestDiscovery tests case for multiple proxies and a reverse tunnel // agent that eventually connnects to the right proxy func testDiscovery(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() tr := utils.NewTracer(utils.ThisFunction()).Start() defer tr.Stop() @@ -4192,7 +4150,7 @@ func testDiscovery(t *testing.T, suite *integrationTestSuite) { // nodes will reconnect when network connection between the proxy and node // is restored. func testReverseTunnelCollapse(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() tr := utils.NewTracer(utils.ThisFunction()).Start() t.Cleanup(func() { tr.Stop() }) @@ -4221,8 +4179,6 @@ func testReverseTunnelCollapse(t *testing.T, suite *integrationTestSuite) { }, } tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true - tconf.Proxy.DisableALPNSNIListener = true tconf.SSH.Enabled = false @@ -4346,7 +4302,7 @@ func testReverseTunnelCollapse(t *testing.T, suite *integrationTestSuite) { // TestDiscoveryNode makes sure the discovery protocol works with nodes. func testDiscoveryNode(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() tr := utils.NewTracer(utils.ThisFunction()).Start() defer tr.Stop() @@ -4376,8 +4332,6 @@ func testDiscoveryNode(t *testing.T, suite *integrationTestSuite) { }, } tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true - tconf.Proxy.DisableALPNSNIListener = true tconf.SSH.Enabled = false @@ -4568,8 +4522,6 @@ func testExternalClient(t *testing.T, suite *integrationTestSuite) { tconf.Auth.SessionRecordingConfig = recConfig tconf.Proxy.Enabled = true - tconf.Proxy.DisableWebService = true - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = true @@ -4664,8 +4616,6 @@ func testControlMaster(t *testing.T, suite *integrationTestSuite) { tconf.Auth.SessionRecordingConfig = recConfig tconf.Proxy.Enabled = true - tconf.Proxy.DisableWebService = true - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = true @@ -4758,8 +4708,6 @@ func testX11Forwarding(t *testing.T, suite *integrationTestSuite) { tconf.Auth.SessionRecordingConfig = recConfig tconf.Proxy.Enabled = true - tconf.Proxy.DisableWebService = true - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = true tconf.SSH.X11 = &x11.ServerConfig{ @@ -4918,9 +4866,6 @@ func testProxyHostKeyCheck(t *testing.T, suite *integrationTestSuite) { tconf.Auth.SessionRecordingConfig = recConfig tconf.Proxy.Enabled = true - tconf.Proxy.DisableWebService = true - tconf.Proxy.DisableWebInterface = true - return t, nil, nil, tconf } instance := suite.NewTeleportWithConfig(makeConfig()) @@ -4980,7 +4925,7 @@ func testProxyHostKeyCheck(t *testing.T, suite *integrationTestSuite) { func testAuditOff(t *testing.T, suite *integrationTestSuite) { tr := utils.NewTracer(utils.ThisFunction()).Start() defer tr.Stop() - ctx := context.Background() + ctx := t.Context() var err error @@ -5002,8 +4947,6 @@ func testAuditOff(t *testing.T, suite *integrationTestSuite) { tconf.Auth.SessionRecordingConfig = recConfig tconf.Proxy.Enabled = true - tconf.Proxy.DisableWebService = true - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = true @@ -5249,8 +5192,6 @@ func testPAM(t *testing.T, suite *integrationTestSuite) { tconf.Auth.Enabled = true tconf.Proxy.Enabled = true - tconf.Proxy.DisableWebService = true - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = true tconf.SSH.PAM.Enabled = tt.inEnabled @@ -5849,8 +5790,6 @@ func (s *integrationTestSuite) rotationConfig(disableWebService bool) *servicecf tconf := s.defaultServiceConfig() tconf.SSH.Enabled = true tconf.Proxy.DisableWebService = disableWebService - tconf.Proxy.DisableWebInterface = true - tconf.Proxy.DisableDatabaseProxy = true tconf.Proxy.DisableALPNSNIListener = true tconf.PollingPeriod = time.Second tconf.Testing.ClientTimeout = time.Second @@ -5895,7 +5834,7 @@ func runAndMatch(tc *client.TeleportClient, attempts int, command []string, patt func testWindowChange(t *testing.T, suite *integrationTestSuite) { tr := utils.NewTracer(utils.ThisFunction()).Start() defer tr.Stop() - ctx := context.Background() + ctx := t.Context() teleport := suite.newTeleport(t, nil, true) defer teleport.StopAll() @@ -6012,7 +5951,7 @@ func testWindowChange(t *testing.T, suite *integrationTestSuite) { // testList checks that the list of servers returned is identity aware. func testList(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() tr := utils.NewTracer(utils.ThisFunction()).Start() defer tr.Stop() @@ -6029,8 +5968,6 @@ func testList(t *testing.T, suite *integrationTestSuite) { tconf.Auth.Enabled = true tconf.Auth.SessionRecordingConfig = recConfig tconf.Proxy.Enabled = true - tconf.Proxy.DisableWebService = true - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = true tconf.SSH.Labels = map[string]string{ "role": "worker", @@ -6158,7 +6095,6 @@ func testCmdLabels(t *testing.T, suite *integrationTestSuite) { tconf.Auth.SessionRecordingConfig = recConfig tconf.Proxy.Enabled = true tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = true tconf.SSH.Labels = map[string]string{ "role": "worker", @@ -6263,9 +6199,6 @@ func testDataTransfer(t *testing.T, suite *integrationTestSuite) { main := suite.newTeleport(t, nil, true) defer main.StopAll() - err := main.WaitForNodeCount(context.Background(), helpers.Site, 1) - require.NoError(t, err) - // Create a client to the above Teleport cluster. clientConfig := helpers.ClientConfig{ Login: suite.Me.Username, @@ -6358,7 +6291,6 @@ func testBPFInteractive(t *testing.T, suite *integrationTestSuite) { // Configure Proxy. tconf.Proxy.Enabled = true tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true // Configure Node. If session are being recorded at the proxy, don't enable // BPF to simulate an OpenSSH node. @@ -6486,7 +6418,6 @@ func testBPFExec(t *testing.T, suite *integrationTestSuite) { // Configure Proxy. tconf.Proxy.Enabled = true tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true // Configure Node. If session are being recorded at the proxy, don't enable // BPF to simulate an OpenSSH node. @@ -6607,7 +6538,6 @@ func testSSHExitCode(t *testing.T, suite *integrationTestSuite) { // Configure Proxy. tconf.Proxy.Enabled = true tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true // Configure Node. tconf.SSH.Enabled = true @@ -6689,7 +6619,6 @@ func testBPFSessionDifferentiation(t *testing.T, suite *integrationTestSuite) { // Configure Proxy. tconf.Proxy.Enabled = true tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true // Configure Node. If session are being recorded at the proxy, don't enable // BPF to simulate an OpenSSH node. @@ -6922,7 +6851,7 @@ func testSessionStartContainsAccessRequest(t *testing.T, suite *integrationTestS main := suite.newTeleport(t, nil, true) defer main.StopAll() - ctx := context.Background() + ctx := t.Context() // Get auth server authServer := main.Process.GetAuthServer() @@ -7234,6 +7163,10 @@ func (s *integrationTestSuite) defaultServiceConfig() *servicecfg.Config { cfg.CircuitBreakerConfig = breaker.NoopBreakerConfig() cfg.InstanceMetadataClient = imds.NewDisabledIMDSClient() cfg.DebugService.Enabled = false + cfg.Proxy.DisableDatabaseProxy = true + cfg.Proxy.DisableWebInterface = true + cfg.Proxy.DisableWebService = true + cfg.SSH.DisableCreateHostUser = true return cfg } @@ -7347,7 +7280,7 @@ func TestWebProxyInsecure(t *testing.T) { // TestTraitsPropagation makes sure that user traits are applied properly to // roles in root and leaf clusters. func TestTraitsPropagation(t *testing.T) { - ctx := context.Background() + ctx := t.Context() log := logtest.NewLogger() privateKey, publicKey, err := testauthority.New().GenerateKeyPair() @@ -7463,7 +7396,7 @@ func TestTraitsPropagation(t *testing.T) { // testSessionStreaming tests streaming events from session recordings. func testSessionStreaming(t *testing.T, suite *integrationTestSuite) { - ctx := context.Background() + ctx := t.Context() sessionID := session.ID(uuid.New().String()) teleport := suite.newTeleport(t, nil, true) defer teleport.StopAll() @@ -7529,7 +7462,7 @@ outer: type serviceCfgOpt func(cfg *servicecfg.Config, isRoot bool) func createTrustedClusterPair(t *testing.T, suite *integrationTestSuite, extraServices func(*testing.T, *helpers.TeleInstance, *helpers.TeleInstance), cfgOpts ...serviceCfgOpt) (*client.TeleportClient, *helpers.TeleInstance, *helpers.TeleInstance) { - ctx := context.Background() + ctx := t.Context() username := suite.Me.Username rootName := "root-test" leafName := "leaf-test" @@ -7584,7 +7517,6 @@ func createTrustedClusterPair(t *testing.T, suite *integrationTestSuite, extraSe makeConfig := func(isRoot bool) (*testing.T, []*helpers.InstanceSecrets, *servicecfg.Config) { tconf := suite.defaultServiceConfig() tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = false tconf.CachePolicy.MaxRetryPeriod = time.Millisecond * 500 @@ -7682,7 +7614,6 @@ func testJoinOverReverseTunnelOnly(t *testing.T, suite *integrationTestSuite) { mainConfig.Proxy.Enabled = true mainConfig.Proxy.DisableWebService = false - mainConfig.Proxy.DisableWebInterface = true mainConfig.Proxy.PROXYProtocolMode = proxyProtocolMode mainConfig.SSH.Enabled = false @@ -7733,7 +7664,6 @@ func testJoinOverReverseTunnelOnly(t *testing.T, suite *integrationTestSuite) { mainConfig.Proxy.Enabled = true mainConfig.Proxy.DisableWebService = false - mainConfig.Proxy.DisableWebInterface = true mainConfig.SSH.Enabled = false @@ -8180,9 +8110,6 @@ func testSFTP(t *testing.T, suite *integrationTestSuite) { teleport.StopAll() }) - err := teleport.WaitForNodeCount(context.Background(), helpers.Site, 1) - require.NoError(t, err) - agentlessHost := "agentless-node" agentlessNode := CreateAgentlessNode(t, teleport.Process.GetAuthServer(), helpers.Site, agentlessHost) @@ -8439,7 +8366,6 @@ func testWebSFTP(t *testing.T, suite *integrationTestSuite) { cfg.Auth.Preference.SetSecondFactor("off") cfg.Auth.PROXYProtocolMode = proxyProtocolMode cfg.Proxy.DisableWebService = false - cfg.Proxy.DisableWebInterface = true cfg.Proxy.Enabled = true cfg.SSH.Enabled = true teleport := suite.NewTeleportWithConfig(t, []string{"alice"}, nil, cfg) @@ -8467,7 +8393,6 @@ func testWebSFTP(t *testing.T, suite *integrationTestSuite) { Port: lbFrontend.Port(0), }) require.NoError(t, err) - require.NoError(t, teleport.WaitForNodeCount(t.Context(), helpers.Site, 1)) t.Run("upload", func(t *testing.T) { localFile := filepath.Join(t.TempDir(), "foo.txt") @@ -8515,7 +8440,7 @@ func testAgentlessConn(t *testing.T, tc, joinTC *client.TeleportClient, node *ty t.Helper() // connect to cluster - ctx := context.Background() + ctx := t.Context() clt, err := tc.ConnectToCluster(ctx) require.NoError(t, err) t.Cleanup(func() { @@ -8654,8 +8579,8 @@ func TestProxySSHPortMultiplexing(t *testing.T) { rcConf.DataDir = t.TempDir() rcConf.Auth.Preference.SetSecondFactor("off") rcConf.SSH.Enabled = false - rcConf.Proxy.DisableWebInterface = true rcConf.Proxy.DisableTLS = false + rcConf.Proxy.DisableWebInterface = true rcConf.Proxy.DisableALPNSNIListener = test.disableTLSRouting rcConf.CircuitBreakerConfig = breaker.NoopBreakerConfig() @@ -8842,6 +8767,7 @@ func TestConnectivityWithoutAuth(t *testing.T) { nodeCfg.Proxy.Enabled = true nodeCfg.Proxy.DisableWebService = false nodeCfg.Proxy.DisableWebInterface = true + nodeCfg.Proxy.DisableDatabaseProxy = true nodeCfg.FileDescriptors = append(nodeCfg.FileDescriptors, node.Fds...) nodeCfg.Proxy.SSHAddr.Addr = node.SSHProxy nodeCfg.Proxy.WebAddr.Addr = node.Web @@ -8981,6 +8907,7 @@ func TestConnectivityDuringAuthRestart(t *testing.T) { // Configure Proxy. nodeCfg.Proxy.Enabled = true nodeCfg.Proxy.DisableWebService = false + nodeCfg.Proxy.DisableDatabaseProxy = true nodeCfg.Proxy.DisableWebInterface = true nodeCfg.FileDescriptors = append(nodeCfg.FileDescriptors, node.Fds...) nodeCfg.Proxy.SSHAddr.Addr = node.SSHProxy @@ -9106,7 +9033,6 @@ func testModeratedSessions(t *testing.T, suite *integrationTestSuite) { cfg.Auth.Preference.(*types.AuthPreferenceV2).Spec.RequireMFAType = types.RequireMFAType_SESSION cfg.Auth.Preference.SetWebauthn(&types.Webauthn{RPID: "127.0.0.1"}) cfg.Proxy.DisableWebService = false - cfg.Proxy.DisableWebInterface = true cfg.Proxy.Enabled = true cfg.SSH.Enabled = true @@ -9287,8 +9213,8 @@ func testModeratedSessions(t *testing.T, suite *integrationTestSuite) { func testNegotiatedALPNProtocols(t *testing.T, suite *integrationTestSuite) { cfg := suite.defaultServiceConfig() cfg.Auth.Enabled = true + cfg.Proxy.DisableDatabaseProxy = false cfg.Proxy.DisableWebService = false - cfg.Proxy.DisableWebInterface = true cfg.Proxy.Enabled = true cfg.Proxy.Kube.Enabled = true @@ -9331,7 +9257,6 @@ func testForceListenerInTunnelMode(t *testing.T, suite *integrationTestSuite) { tconf.Proxy.Enabled = true tconf.Proxy.DisableWebService = false - tconf.Proxy.DisableWebInterface = true tconf.SSH.Enabled = false @@ -9459,7 +9384,7 @@ func testForceListenerInTunnelMode(t *testing.T, suite *integrationTestSuite) { func CreateAgentlessNode(t *testing.T, authServer *auth.Server, clusterName, nodeHostname string) *types.ServerV2 { t.Helper() - ctx := context.Background() + ctx := t.Context() openSSHCA, err := authServer.GetCertAuthority(ctx, types.CertAuthID{ Type: types.OpenSSHCA, DomainName: clusterName,