Look for a license in the default location if no config is provided (#…

…49148) Prior to this change, the code that determines where to look for a license file would only run when a config file is provided. When running teleport start without a config file, the license file path would be an empty string and loading would fail. Closes #47764
gravitational · Nov 19, 2024 · efdba78 · efdba78
1 parent f3de6e4
commit efdba78
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 7 deletions.
diff --git a/docs/pages/includes/config-reference/auth-service.yaml b/docs/pages/includes/config-reference/auth-service.yaml
@@ -356,8 +356,7 @@ auth_service:
     routing_strategy: unambiguous_match
 
     # License file to start auth server with. Note that this setting is ignored
-    # in the Teleport Community Edition and is required only for Teleport Pro, Business
-    # and Enterprise subscription plans.
+    # in the Teleport Community Edition and is required only for Teleport Enterprise.
     #
     # The path can be either absolute or relative to the configured `data_dir`
     # and should point to the license file obtained from Teleport Download

diff --git a/lib/config/configuration_test.go b/lib/config/configuration_test.go
@@ -1923,11 +1923,6 @@ func TestLicenseFile(t *testing.T) {
 
 	cfg := servicecfg.MakeDefaultConfig()
 
-	// the license file should be empty by default, as we can only fill
-	// in the default (<datadir>/license.pem) after we know what the
-	// data dir is supposed to be
-	require.Empty(t, cfg.Auth.LicenseFile)
-
 	for i, tc := range testCases {
 		t.Run(fmt.Sprintf("test%d", i), func(t *testing.T) {
 			fc := new(FileConfig)
@@ -1941,6 +1936,12 @@ func TestLicenseFile(t *testing.T) {
 	}
 }
 
+func TestLicenseFileNoConfig(t *testing.T) {
+	cfg := servicecfg.MakeDefaultConfig()
+	require.NoError(t, Configure(new(CommandLineFlags), cfg, false /* legacy app flags */))
+	require.Equal(t, filepath.Join(defaults.DataDir, defaults.LicenseFile), cfg.Auth.LicenseFile)
+}
+
 // TestFIPS makes sure configuration is correctly updated/enforced when in
 // FedRAMP/FIPS 140-2 mode.
 func TestFIPS(t *testing.T) {

diff --git a/lib/service/servicecfg/config.go b/lib/service/servicecfg/config.go
@@ -564,6 +564,7 @@ func ApplyDefaults(cfg *Config) {
 	cfg.Auth.NetworkingConfig = types.DefaultClusterNetworkingConfig()
 	cfg.Auth.SessionRecordingConfig = types.DefaultSessionRecordingConfig()
 	cfg.Auth.Preference = types.DefaultAuthPreference()
+	cfg.Auth.LicenseFile = filepath.Join(cfg.DataDir, defaults.LicenseFile)
 	defaults.ConfigureLimiter(&cfg.Auth.Limiter)
 
 	cfg.Proxy.WebAddr = *defaults.ProxyWebListenAddr()

diff --git a/lib/service/servicecfg/config_test.go b/lib/service/servicecfg/config_test.go
@@ -22,6 +22,7 @@ import (
 	"fmt"
 	"io"
 	"log/slog"
+	"path/filepath"
 	"regexp"
 	"strings"
 	"testing"
@@ -90,6 +91,7 @@ func TestDefaultConfig(t *testing.T) {
 	require.Equal(t, defaults.LimiterMaxConcurrentUsers, auth.Limiter.MaxNumberOfUsers)
 	require.Equal(t, lite.GetName(), config.Auth.StorageConfig.Type)
 	require.Empty(t, auth.StorageConfig.Params[defaults.BackendPath])
+	require.Equal(t, filepath.Join(defaults.DataDir, defaults.LicenseFile), config.Auth.LicenseFile)
 
 	// SSH section
 	ssh := config.SSH