Add debug info

gravitational · Dec 9, 2024 · 5a255eb · 5a255eb
1 parent 7442f6d
commit 5a255eb
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 1 deletion.
diff --git a/integrations/operator/controllers/resources/databasev3_controller_test.go b/integrations/operator/controllers/resources/databasev3_controller_test.go
@@ -20,17 +20,20 @@ package resources_test
 
 import (
 	"context"
+	"fmt"
 	"testing"
 
 	"github.com/google/go-cmp/cmp"
 	"github.com/gravitational/trace"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	kclient "sigs.k8s.io/controller-runtime/pkg/client"
 
+	"github.com/gravitational/teleport/api/client"
 	"github.com/gravitational/teleport/api/types"
 	resourcesv1 "github.com/gravitational/teleport/integrations/operator/apis/resources/v1"
 	"github.com/gravitational/teleport/integrations/operator/controllers/reconcilers"
 	"github.com/gravitational/teleport/integrations/operator/controllers/resources/testlib"
+	ctrllog "sigs.k8s.io/controller-runtime/pkg/log"
 )
 
 // Spec matches https://goteleport.com/docs/enroll-resources/database-access/guides/dynamic-registration/
@@ -52,7 +55,37 @@ func (g *databaseV3TestingPrimitives) SetupTeleportFixtures(ctx context.Context)
 	return nil
 }
 
+func debug(ctx context.Context, teleportClient *client.Client) error {
+	log := ctrllog.FromContext(ctx)
+	log.Info("STARTING DEBUG DUMP")
+
+	roles, err := teleportClient.GetCurrentUserRoles(ctx)
+	if err != nil {
+		return trace.Wrap(err, "failed to get roles")
+	}
+
+	log.Info("ROLES:")
+	for _, role := range roles {
+		log.Info(fmt.Sprintf("ROLE NAME: %q", role.GetName()))
+		log.Info("ALLOW RULES:")
+		for i, rule := range role.GetRules(types.Allow) {
+			log.Info(fmt.Sprintf("RULE %d", i), "resources", rule.Resources, "actions", rule.Actions, "verbs", rule.Verbs, "where", rule.Where)
+		}
+		log.Info("DENY RULES:")
+		for i, rule := range role.GetRules(types.Deny) {
+			log.Info(fmt.Sprintf("RULE %d", i), "resources", rule.Resources, "actions", rule.Actions, "verbs", rule.Verbs, "where", rule.Where)
+		}
+	}
+
+	return nil
+}
+
 func (g *databaseV3TestingPrimitives) CreateTeleportResource(ctx context.Context, name string) error {
+	err := debug(ctx, g.setup.TeleportClient)
+	if err != nil {
+		return trace.Wrap(err, "debugging failed")
+	}
+
 	database, err := types.NewDatabaseV3(types.Metadata{Name: name}, databaseV3Spec)
 	if err != nil {
 		return trace.Wrap(err)

diff --git a/integrations/operator/controllers/resources/testlib/env.go b/integrations/operator/controllers/resources/testlib/env.go
@@ -122,12 +122,13 @@ func defaultTeleportServiceConfig(t *testing.T) (*helpers.TeleInstance, string)
 	rcConf.Proxy.DisableWebInterface = true
 	rcConf.SSH.Enabled = true
 	rcConf.Version = "v2"
+	rcConf.Databases.Enabled = true
 
 	roleName := ValidRandomResourceName("role-")
 	unrestricted := []string{"list", "create", "read", "update", "delete"}
 	role, err := types.NewRole(roleName, types.RoleSpecV6{
 		Allow: types.RoleConditions{
-			// the operator has wildcard noe labs to be able to see them
+			// the operator has wildcard node labs to be able to see them
 			// but has no login allowed, so it cannot SSH into them
 			NodeLabels: types.Labels{"*": []string{"*"}},
 			Rules: []types.Rule{