From 285ee63f92aa2055741798dc105f478e50059c49 Mon Sep 17 00:00:00 2001 From: Zac Bergquist Date: Sun, 17 Nov 2024 12:42:50 -0700 Subject: [PATCH] Look for a license in the default location if no config is provided Prior to this change, the code that determines where to look for a license file would only run when a config file is provided. When running teleport start without a config file, the license file path would be an empty string and loading would fail. Closes #47764 --- .../pages/includes/config-reference/auth-service.yaml | 3 +-- lib/config/configuration_test.go | 11 ++++++----- lib/service/servicecfg/config.go | 1 + lib/service/servicecfg/config_test.go | 2 ++ 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/docs/pages/includes/config-reference/auth-service.yaml b/docs/pages/includes/config-reference/auth-service.yaml index 7574d59880e4d..1b0ff0b0a6999 100644 --- a/docs/pages/includes/config-reference/auth-service.yaml +++ b/docs/pages/includes/config-reference/auth-service.yaml @@ -342,8 +342,7 @@ auth_service: routing_strategy: unambiguous_match # License file to start auth server with. Note that this setting is ignored - # in the Teleport Community Edition and is required only for Teleport Pro, Business - # and Enterprise subscription plans. + # in the Teleport Community Edition and is required only for Teleport Enterprise. # # The path can be either absolute or relative to the configured `data_dir` # and should point to the license file obtained from Teleport Download diff --git a/lib/config/configuration_test.go b/lib/config/configuration_test.go index 09a784bdbb9c3..64348a9fe0d03 100644 --- a/lib/config/configuration_test.go +++ b/lib/config/configuration_test.go @@ -1976,11 +1976,6 @@ func TestLicenseFile(t *testing.T) { cfg := servicecfg.MakeDefaultConfig() - // the license file should be empty by default, as we can only fill - // in the default (/license.pem) after we know what the - // data dir is supposed to be - require.Empty(t, cfg.Auth.LicenseFile) - for i, tc := range testCases { t.Run(fmt.Sprintf("test%d", i), func(t *testing.T) { fc := new(FileConfig) @@ -1994,6 +1989,12 @@ func TestLicenseFile(t *testing.T) { } } +func TestLicenseFileNoConfig(t *testing.T) { + cfg := servicecfg.MakeDefaultConfig() + require.NoError(t, Configure(new(CommandLineFlags), cfg, false /* legacy app flags */)) + require.Equal(t, filepath.Join(defaults.DataDir, defaults.LicenseFile), cfg.Auth.LicenseFile) +} + // TestFIPS makes sure configuration is correctly updated/enforced when in // FedRAMP/FIPS 140-2 mode. func TestFIPS(t *testing.T) { diff --git a/lib/service/servicecfg/config.go b/lib/service/servicecfg/config.go index 7aa7a4285acab..d3dd237da74cd 100644 --- a/lib/service/servicecfg/config.go +++ b/lib/service/servicecfg/config.go @@ -561,6 +561,7 @@ func ApplyDefaults(cfg *Config) { cfg.Auth.NetworkingConfig = types.DefaultClusterNetworkingConfig() cfg.Auth.SessionRecordingConfig = types.DefaultSessionRecordingConfig() cfg.Auth.Preference = types.DefaultAuthPreference() + cfg.Auth.LicenseFile = filepath.Join(cfg.DataDir, defaults.LicenseFile) defaults.ConfigureLimiter(&cfg.Auth.Limiter) cfg.Proxy.WebAddr = *defaults.ProxyWebListenAddr() diff --git a/lib/service/servicecfg/config_test.go b/lib/service/servicecfg/config_test.go index 86797e8fb0d8b..25dfe71342f63 100644 --- a/lib/service/servicecfg/config_test.go +++ b/lib/service/servicecfg/config_test.go @@ -22,6 +22,7 @@ import ( "fmt" "io" "log/slog" + "path/filepath" "regexp" "strings" "testing" @@ -88,6 +89,7 @@ func TestDefaultConfig(t *testing.T) { require.Equal(t, int64(defaults.LimiterMaxConnections), auth.Limiter.MaxConnections) require.Equal(t, lite.GetName(), config.Auth.StorageConfig.Type) require.Empty(t, auth.StorageConfig.Params[defaults.BackendPath]) + require.Equal(t, filepath.Join(defaults.DataDir, defaults.LicenseFile), config.Auth.LicenseFile) // SSH section ssh := config.SSH