From 5a255ebca3b606cc666a5aea2fca031370100e19 Mon Sep 17 00:00:00 2001 From: Fred Heinecke Date: Mon, 9 Dec 2024 01:41:02 -0600 Subject: [PATCH] Add debug info --- .../resources/databasev3_controller_test.go | 33 +++++++++++++++++++ .../controllers/resources/testlib/env.go | 3 +- 2 files changed, 35 insertions(+), 1 deletion(-) diff --git a/integrations/operator/controllers/resources/databasev3_controller_test.go b/integrations/operator/controllers/resources/databasev3_controller_test.go index 572d79125c17c..174886b1ab89a 100644 --- a/integrations/operator/controllers/resources/databasev3_controller_test.go +++ b/integrations/operator/controllers/resources/databasev3_controller_test.go @@ -20,6 +20,7 @@ package resources_test import ( "context" + "fmt" "testing" "github.com/google/go-cmp/cmp" @@ -27,10 +28,12 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" kclient "sigs.k8s.io/controller-runtime/pkg/client" + "github.com/gravitational/teleport/api/client" "github.com/gravitational/teleport/api/types" resourcesv1 "github.com/gravitational/teleport/integrations/operator/apis/resources/v1" "github.com/gravitational/teleport/integrations/operator/controllers/reconcilers" "github.com/gravitational/teleport/integrations/operator/controllers/resources/testlib" + ctrllog "sigs.k8s.io/controller-runtime/pkg/log" ) // Spec matches https://goteleport.com/docs/enroll-resources/database-access/guides/dynamic-registration/ @@ -52,7 +55,37 @@ func (g *databaseV3TestingPrimitives) SetupTeleportFixtures(ctx context.Context) return nil } +func debug(ctx context.Context, teleportClient *client.Client) error { + log := ctrllog.FromContext(ctx) + log.Info("STARTING DEBUG DUMP") + + roles, err := teleportClient.GetCurrentUserRoles(ctx) + if err != nil { + return trace.Wrap(err, "failed to get roles") + } + + log.Info("ROLES:") + for _, role := range roles { + log.Info(fmt.Sprintf("ROLE NAME: %q", role.GetName())) + log.Info("ALLOW RULES:") + for i, rule := range role.GetRules(types.Allow) { + log.Info(fmt.Sprintf("RULE %d", i), "resources", rule.Resources, "actions", rule.Actions, "verbs", rule.Verbs, "where", rule.Where) + } + log.Info("DENY RULES:") + for i, rule := range role.GetRules(types.Deny) { + log.Info(fmt.Sprintf("RULE %d", i), "resources", rule.Resources, "actions", rule.Actions, "verbs", rule.Verbs, "where", rule.Where) + } + } + + return nil +} + func (g *databaseV3TestingPrimitives) CreateTeleportResource(ctx context.Context, name string) error { + err := debug(ctx, g.setup.TeleportClient) + if err != nil { + return trace.Wrap(err, "debugging failed") + } + database, err := types.NewDatabaseV3(types.Metadata{Name: name}, databaseV3Spec) if err != nil { return trace.Wrap(err) diff --git a/integrations/operator/controllers/resources/testlib/env.go b/integrations/operator/controllers/resources/testlib/env.go index cbb45a86e0494..85bb48ddb1a51 100644 --- a/integrations/operator/controllers/resources/testlib/env.go +++ b/integrations/operator/controllers/resources/testlib/env.go @@ -122,12 +122,13 @@ func defaultTeleportServiceConfig(t *testing.T) (*helpers.TeleInstance, string) rcConf.Proxy.DisableWebInterface = true rcConf.SSH.Enabled = true rcConf.Version = "v2" + rcConf.Databases.Enabled = true roleName := ValidRandomResourceName("role-") unrestricted := []string{"list", "create", "read", "update", "delete"} role, err := types.NewRole(roleName, types.RoleSpecV6{ Allow: types.RoleConditions{ - // the operator has wildcard noe labs to be able to see them + // the operator has wildcard node labs to be able to see them // but has no login allowed, so it cannot SSH into them NodeLabels: types.Labels{"*": []string{"*"}}, Rules: []types.Rule{