From efdba78609b64891332a9d1312b800d8c664966a Mon Sep 17 00:00:00 2001 From: Zac Bergquist Date: Tue, 19 Nov 2024 12:13:40 -0700 Subject: [PATCH] Look for a license in the default location if no config is provided (#49148) Prior to this change, the code that determines where to look for a license file would only run when a config file is provided. When running teleport start without a config file, the license file path would be an empty string and loading would fail. Closes #47764 --- .../pages/includes/config-reference/auth-service.yaml | 3 +-- lib/config/configuration_test.go | 11 ++++++----- lib/service/servicecfg/config.go | 1 + lib/service/servicecfg/config_test.go | 2 ++ 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/pages/includes/config-reference/auth-service.yaml b/docs/pages/includes/config-reference/auth-service.yaml index c3c4ddf383061..abd0938fe67fd 100644 --- a/docs/pages/includes/config-reference/auth-service.yaml +++ b/docs/pages/includes/config-reference/auth-service.yaml @@ -356,8 +356,7 @@ auth_service: routing_strategy: unambiguous_match # License file to start auth server with. Note that this setting is ignored - # in the Teleport Community Edition and is required only for Teleport Pro, Business - # and Enterprise subscription plans. + # in the Teleport Community Edition and is required only for Teleport Enterprise. # # The path can be either absolute or relative to the configured `data_dir` # and should point to the license file obtained from Teleport Download diff --git a/lib/config/configuration_test.go b/lib/config/configuration_test.go index cc110c629be5b..f66fe33109904 100644 --- a/lib/config/configuration_test.go +++ b/lib/config/configuration_test.go @@ -1923,11 +1923,6 @@ func TestLicenseFile(t *testing.T) { cfg := servicecfg.MakeDefaultConfig() - // the license file should be empty by default, as we can only fill - // in the default (/license.pem) after we know what the - // data dir is supposed to be - require.Empty(t, cfg.Auth.LicenseFile) - for i, tc := range testCases { t.Run(fmt.Sprintf("test%d", i), func(t *testing.T) { fc := new(FileConfig) @@ -1941,6 +1936,12 @@ func TestLicenseFile(t *testing.T) { } } +func TestLicenseFileNoConfig(t *testing.T) { + cfg := servicecfg.MakeDefaultConfig() + require.NoError(t, Configure(new(CommandLineFlags), cfg, false /* legacy app flags */)) + require.Equal(t, filepath.Join(defaults.DataDir, defaults.LicenseFile), cfg.Auth.LicenseFile) +} + // TestFIPS makes sure configuration is correctly updated/enforced when in // FedRAMP/FIPS 140-2 mode. func TestFIPS(t *testing.T) { diff --git a/lib/service/servicecfg/config.go b/lib/service/servicecfg/config.go index bdc36f0416523..b756dc0359ca9 100644 --- a/lib/service/servicecfg/config.go +++ b/lib/service/servicecfg/config.go @@ -564,6 +564,7 @@ func ApplyDefaults(cfg *Config) { cfg.Auth.NetworkingConfig = types.DefaultClusterNetworkingConfig() cfg.Auth.SessionRecordingConfig = types.DefaultSessionRecordingConfig() cfg.Auth.Preference = types.DefaultAuthPreference() + cfg.Auth.LicenseFile = filepath.Join(cfg.DataDir, defaults.LicenseFile) defaults.ConfigureLimiter(&cfg.Auth.Limiter) cfg.Proxy.WebAddr = *defaults.ProxyWebListenAddr() diff --git a/lib/service/servicecfg/config_test.go b/lib/service/servicecfg/config_test.go index d23362be2d60b..4fd2d6ba49474 100644 --- a/lib/service/servicecfg/config_test.go +++ b/lib/service/servicecfg/config_test.go @@ -22,6 +22,7 @@ import ( "fmt" "io" "log/slog" + "path/filepath" "regexp" "strings" "testing" @@ -90,6 +91,7 @@ func TestDefaultConfig(t *testing.T) { require.Equal(t, defaults.LimiterMaxConcurrentUsers, auth.Limiter.MaxNumberOfUsers) require.Equal(t, lite.GetName(), config.Auth.StorageConfig.Type) require.Empty(t, auth.StorageConfig.Params[defaults.BackendPath]) + require.Equal(t, filepath.Join(defaults.DataDir, defaults.LicenseFile), config.Auth.LicenseFile) // SSH section ssh := config.SSH