diff --git a/docs/pages/includes/config-reference/auth-service.yaml b/docs/pages/includes/config-reference/auth-service.yaml index 7574d59880e4d..1b0ff0b0a6999 100644 --- a/docs/pages/includes/config-reference/auth-service.yaml +++ b/docs/pages/includes/config-reference/auth-service.yaml @@ -342,8 +342,7 @@ auth_service: routing_strategy: unambiguous_match # License file to start auth server with. Note that this setting is ignored - # in the Teleport Community Edition and is required only for Teleport Pro, Business - # and Enterprise subscription plans. + # in the Teleport Community Edition and is required only for Teleport Enterprise. # # The path can be either absolute or relative to the configured `data_dir` # and should point to the license file obtained from Teleport Download diff --git a/lib/config/configuration_test.go b/lib/config/configuration_test.go index eece0bcffa812..e57a4c9d42116 100644 --- a/lib/config/configuration_test.go +++ b/lib/config/configuration_test.go @@ -1980,11 +1980,6 @@ func TestLicenseFile(t *testing.T) { cfg := servicecfg.MakeDefaultConfig() - // the license file should be empty by default, as we can only fill - // in the default (/license.pem) after we know what the - // data dir is supposed to be - require.Empty(t, cfg.Auth.LicenseFile) - for i, tc := range testCases { t.Run(fmt.Sprintf("test%d", i), func(t *testing.T) { fc := new(FileConfig) @@ -1998,6 +1993,12 @@ func TestLicenseFile(t *testing.T) { } } +func TestLicenseFileNoConfig(t *testing.T) { + cfg := servicecfg.MakeDefaultConfig() + require.NoError(t, Configure(new(CommandLineFlags), cfg, false /* legacy app flags */)) + require.Equal(t, filepath.Join(defaults.DataDir, defaults.LicenseFile), cfg.Auth.LicenseFile) +} + // TestFIPS makes sure configuration is correctly updated/enforced when in // FedRAMP/FIPS 140-2 mode. func TestFIPS(t *testing.T) { diff --git a/lib/service/servicecfg/config.go b/lib/service/servicecfg/config.go index 70e6e40695cb0..aceda2be99be5 100644 --- a/lib/service/servicecfg/config.go +++ b/lib/service/servicecfg/config.go @@ -556,6 +556,7 @@ func ApplyDefaults(cfg *Config) { cfg.Auth.NetworkingConfig = types.DefaultClusterNetworkingConfig() cfg.Auth.SessionRecordingConfig = types.DefaultSessionRecordingConfig() cfg.Auth.Preference = types.DefaultAuthPreference() + cfg.Auth.LicenseFile = filepath.Join(cfg.DataDir, defaults.LicenseFile) defaults.ConfigureLimiter(&cfg.Auth.Limiter) cfg.Proxy.WebAddr = *defaults.ProxyWebListenAddr() diff --git a/lib/service/servicecfg/config_test.go b/lib/service/servicecfg/config_test.go index a4c8949fdeb8f..8d1331b621505 100644 --- a/lib/service/servicecfg/config_test.go +++ b/lib/service/servicecfg/config_test.go @@ -22,6 +22,7 @@ import ( "fmt" "io" "log/slog" + "path/filepath" "regexp" "strings" "testing" @@ -89,6 +90,7 @@ func TestDefaultConfig(t *testing.T) { require.Equal(t, defaults.LimiterMaxConcurrentUsers, auth.Limiter.MaxNumberOfUsers) require.Equal(t, lite.GetName(), config.Auth.StorageConfig.Type) require.Empty(t, auth.StorageConfig.Params[defaults.BackendPath]) + require.Equal(t, filepath.Join(defaults.DataDir, defaults.LicenseFile), config.Auth.LicenseFile) // SSH section ssh := config.SSH