Reorganize service config test fields (#34208)

* Reorganize process config test fields * Move PollingPeriod back from Testing field * Fix comment text Co-authored-by: Nic Klaassen <nic@goteleport.com> --------- Co-authored-by: Nic Klaassen <nic@goteleport.com>
2024-10-19 08:43:58 +00:00 · 2023-11-16 00:29:07 -05:00 · 2023-11-16 00:29:07 -05:00 · a4be12fbcf
parent 2dd1abbf58
commit a4be12fbcf
10 changed files with 72 additions and 87 deletions
--- a/e2e/aws/fixtures_test.go
+++ b/e2e/aws/fixtures_test.go
@ -139,8 +139,8 @@ func newTeleportConfig(t *testing.T) *servicecfg.Config {
 	tconf.Console = nil
 	tconf.Proxy.DisableWebInterface = true
 	tconf.PollingPeriod = 500 * time.Millisecond
-	tconf.ClientTimeout = time.Second
-	tconf.ShutdownTimeout = 2 * tconf.ClientTimeout
+	tconf.Testing.ClientTimeout = time.Second
+	tconf.Testing.ShutdownTimeout = 2 * tconf.Testing.ClientTimeout
 	return tconf
 }

--- a/integration/assist/command_test.go
+++ b/integration/assist/command_test.go
@ -225,7 +225,7 @@ func setupTeleport(t *testing.T, testDir, openaiMockURL string) *helpers.TeleIns
 	rcConf.Auth.AssistAPIKey = "test"
 	openAIConfig := openai.DefaultConfig("test")
 	openAIConfig.BaseURL = openaiMockURL + "/v1"
-	rcConf.OpenAIConfig = &openAIConfig
+	rcConf.Testing.OpenAIConfig = &openAIConfig
 	require.NoError(t, err)
 	rcConf.CircuitBreakerConfig = breaker.NoopBreakerConfig()

--- a/integration/helpers/instance.go
+++ b/integration/helpers/instance.go
@ -436,7 +436,7 @@ func (i *TeleInstance) GenerateConfig(t *testing.T, trustedSecrets []*InstanceSe
 	}
 	tconf.Log = i.Log
 	tconf.DataDir = dataDir
-	tconf.UploadEventsC = i.UploadEventsC
+	tconf.Testing.UploadEventsC = i.UploadEventsC
 	tconf.CachePolicy.Enabled = true
 	tconf.Auth.ClusterName, err = services.NewClusterNameWithRandomID(types.ClusterNameSpecV2{
 		ClusterName: i.Secrets.SiteName,
@ -677,7 +677,7 @@ func (i *TeleInstance) StartNodeWithTargetPort(tconf *servicecfg.Config, authPor
 	}

 	tconf.SetToken("token")
-	tconf.UploadEventsC = i.UploadEventsC
+	tconf.Testing.UploadEventsC = i.UploadEventsC
 	tconf.CachePolicy = servicecfg.CachePolicy{
 		Enabled: true,
 	}
@ -732,7 +732,7 @@ func (i *TeleInstance) StartApp(conf *servicecfg.Config) (*service.TeleportProce
 		Addr:        i.Web,
 	})
 	conf.SetToken("token")
-	conf.UploadEventsC = i.UploadEventsC
+	conf.Testing.UploadEventsC = i.UploadEventsC
 	conf.Auth.Enabled = false
 	conf.Proxy.Enabled = false

@ -782,7 +782,7 @@ func (i *TeleInstance) StartApps(configs []*servicecfg.Config) ([]*service.Telep
 				Addr:        i.Web,
 			})
 			cfg.SetToken("token")
-			cfg.UploadEventsC = i.UploadEventsC
+			cfg.Testing.UploadEventsC = i.UploadEventsC
 			cfg.Auth.Enabled = false
 			cfg.Proxy.Enabled = false

@ -844,7 +844,7 @@ func (i *TeleInstance) StartDatabase(conf *servicecfg.Config) (*service.Teleport
 		Addr:        i.Web,
 	})
 	conf.SetToken("token")
-	conf.UploadEventsC = i.UploadEventsC
+	conf.Testing.UploadEventsC = i.UploadEventsC
 	conf.Databases.Enabled = true
 	conf.Auth.Enabled = false
 	conf.Proxy.Enabled = false
@ -906,7 +906,7 @@ func (i *TeleInstance) StartKube(t *testing.T, conf *servicecfg.Config, clusterN
 		Addr:        i.Web,
 	})
 	conf.SetToken("token")
-	conf.UploadEventsC = i.UploadEventsC
+	conf.Testing.UploadEventsC = i.UploadEventsC
 	conf.Auth.Enabled = false
 	conf.Proxy.Enabled = false
 	conf.Apps.Enabled = false
@ -956,7 +956,7 @@ func (i *TeleInstance) StartNodeAndProxy(t *testing.T, name string) (sshPort, we
 	tconf.SetToken("token")
 	tconf.HostUUID = name
 	tconf.Hostname = name
-	tconf.UploadEventsC = i.UploadEventsC
+	tconf.Testing.UploadEventsC = i.UploadEventsC
 	tconf.DataDir = dataDir
 	tconf.CachePolicy = servicecfg.CachePolicy{
 		Enabled: true,
@ -1049,7 +1049,7 @@ func (i *TeleInstance) StartProxy(cfg ProxyConfig, opts ...Option) (reversetunne
 	tconf.SetAuthServerAddress(*authServer)
 	tconf.CachePolicy = servicecfg.CachePolicy{Enabled: true}
 	tconf.DataDir = dataDir
-	tconf.UploadEventsC = i.UploadEventsC
+	tconf.Testing.UploadEventsC = i.UploadEventsC
 	tconf.HostUUID = cfg.Name
 	tconf.Hostname = cfg.Name
 	tconf.SetToken("token")
--- a/integration/integration_test.go
+++ b/integration/integration_test.go
@ -1495,7 +1495,7 @@ func testIPPropagation(t *testing.T, suite *integrationTestSuite) {

 			conf.DataDir = t.TempDir()
 			conf.SetToken("token")
-			conf.UploadEventsC = i.UploadEventsC
+			conf.Testing.UploadEventsC = i.UploadEventsC
 			conf.SetAuthServerAddress(*utils.MustParseAddr(net.JoinHostPort(i.Hostname, helpers.PortStr(t, i.Web))))
 			conf.HostUUID = name
 			conf.Hostname = name
@ -5686,8 +5686,8 @@ func (s *integrationTestSuite) rotationConfig(disableWebService bool) *servicecf
 	tconf.Proxy.DisableDatabaseProxy = true
 	tconf.Proxy.DisableALPNSNIListener = true
 	tconf.PollingPeriod = time.Second
-	tconf.ClientTimeout = time.Second
-	tconf.ShutdownTimeout = 2 * tconf.ClientTimeout
+	tconf.Testing.ClientTimeout = time.Second
+	tconf.Testing.ShutdownTimeout = 2 * tconf.Testing.ClientTimeout
 	tconf.MaxRetryPeriod = time.Second
 	return tconf
 }
@ -7589,7 +7589,7 @@ func testListResourcesAcrossClusters(t *testing.T, suite *integrationTestSuite)

 			conf.DataDir = t.TempDir()
 			conf.SetToken("token")
-			conf.UploadEventsC = i.UploadEventsC
+			conf.Testing.UploadEventsC = i.UploadEventsC
 			conf.SetAuthServerAddress(*utils.MustParseAddr(net.JoinHostPort(i.Hostname, helpers.PortStr(t, i.Web))))
 			conf.HostUUID = name
 			conf.Hostname = name
--- a/integration/kube_integration_test.go
+++ b/integration/kube_integration_test.go
@ -1328,8 +1328,8 @@ func (s *KubeSuite) teleKubeConfig(hostname string) *servicecfg.Config {
 	tconf.SSH.Enabled = true
 	tconf.Proxy.DisableWebInterface = true
 	tconf.PollingPeriod = 500 * time.Millisecond
-	tconf.ClientTimeout = time.Second
-	tconf.ShutdownTimeout = 2 * tconf.ClientTimeout
+	tconf.Testing.ClientTimeout = time.Second
+	tconf.Testing.ShutdownTimeout = 2 * tconf.Testing.ClientTimeout

 	// set kubernetes specific parameters
 	tconf.Proxy.Kube.Enabled = true
@ -1347,8 +1347,8 @@ func (s *KubeSuite) teleAuthConfig(hostname string) *servicecfg.Config {
 	tconf.Console = nil
 	tconf.Log = s.log
 	tconf.PollingPeriod = 500 * time.Millisecond
-	tconf.ClientTimeout = time.Second
-	tconf.ShutdownTimeout = 2 * tconf.ClientTimeout
+	tconf.Testing.ClientTimeout = time.Second
+	tconf.Testing.ShutdownTimeout = 2 * tconf.Testing.ClientTimeout
 	tconf.Proxy.Enabled = false
 	tconf.SSH.Enabled = false
 	tconf.CircuitBreakerConfig = breaker.NoopBreakerConfig()
--- a/integration/proxy/proxy_test.go
+++ b/integration/proxy/proxy_test.go
@ -612,7 +612,7 @@ func TestKubePROXYProtocol(t *testing.T) {
 				helpers.NewListener(t, service.ListenerKube, &tconf.FileDescriptors))

 			// Force Proxy kube server multiplexer to check required PROXY lines on all connections
-			tconf.Options = []servicecfg.Option{servicecfg.WithKubeMultiplexerIgnoreSelfConnectionsOption()}
+			tconf.Testing.KubeMultiplexerIgnoreSelfConnections = true

 			kubeRole, err := types.NewRole(k8RoleName, kubeRoleSpec)
 			require.NoError(t, err)
--- a/lib/service/connect.go
+++ b/lib/service/connect.go
@ -113,7 +113,7 @@ func (process *TeleportProcess) reconnectToAuthService(role types.SystemRole) (*

 		// Used for testing that auth service will attempt to reconnect in the provided duration.
 		select {
-		case process.Config.ConnectFailureC <- retry.Duration():
+		case process.Config.Testing.ConnectFailureC <- retry.Duration():
 		default:
 		}

@ -137,8 +137,8 @@ func (process *TeleportProcess) authServerTooOld(resp *proto.PingResponse) error
 	}

 	version := teleport.Version
-	if process.Config.TeleportVersion != "" {
-		version = process.Config.TeleportVersion
+	if process.Config.Testing.TeleportVersion != "" {
+		version = process.Config.Testing.TeleportVersion
 	}
 	teleportVersion, err := semver.NewVersion(version)
 	if err != nil {
@ -1169,7 +1169,7 @@ func (process *TeleportProcess) newClientThroughTunnel(addr string, tlsConfig *t
 		Context:   process.ExitContext(),
 		ProxyAddr: addr,
 		Insecure:  lib.IsInsecureDevMode(),
-		Timeout:   process.Config.ClientTimeout,
+		Timeout:   process.Config.Testing.ClientTimeout,
 	})

 	resolver, err := reversetunnelclient.CachingResolver(process.ExitContext(), resolver, process.Clock)
@ -1194,7 +1194,7 @@ func (process *TeleportProcess) newClientThroughTunnel(addr string, tlsConfig *t
 			apiclient.LoadTLS(tlsConfig),
 		},
 		CircuitBreakerConfig: process.Config.CircuitBreakerConfig,
-		DialTimeout:          process.Config.ClientTimeout,
+		DialTimeout:          process.Config.Testing.ClientTimeout,
 	})
 	if err != nil {
 		return nil, trace.Wrap(err)
@ -1215,10 +1215,10 @@ func (process *TeleportProcess) newClientThroughTunnel(addr string, tlsConfig *t

 func (process *TeleportProcess) newClientDirect(authServers []utils.NetAddr, tlsConfig *tls.Config, role types.SystemRole) (*auth.Client, error) {
 	var cltParams []roundtrip.ClientParam
-	if process.Config.ClientTimeout != 0 {
+	if process.Config.Testing.ClientTimeout != 0 {
 		cltParams = []roundtrip.ClientParam{
-			auth.ClientParamIdleConnTimeout(process.Config.ClientTimeout),
-			auth.ClientParamResponseHeaderTimeout(process.Config.ClientTimeout),
+			auth.ClientParamIdleConnTimeout(process.Config.Testing.ClientTimeout),
+			auth.ClientParamResponseHeaderTimeout(process.Config.Testing.ClientTimeout),
 		}
 	}

@ -1240,7 +1240,7 @@ func (process *TeleportProcess) newClientDirect(authServers []utils.NetAddr, tls
 		Credentials: []apiclient.Credentials{
 			apiclient.LoadTLS(tlsConfig),
 		},
-		DialTimeout:          process.Config.ClientTimeout,
+		DialTimeout:          process.Config.Testing.ClientTimeout,
 		CircuitBreakerConfig: process.Config.CircuitBreakerConfig,
 		DialOpts:             dialOpts,
 	}, cltParams...)
--- a/lib/service/service.go
+++ b/lib/service/service.go
@ -744,7 +744,7 @@ func waitAndReload(ctx context.Context, cfg servicecfg.Config, srv Process, newT
 		return nil, trace.BadParameter("the new service has failed to start")
 	}
 	cfg.Log.Infof("New service has started successfully.")
-	shutdownTimeout := cfg.ShutdownTimeout
+	shutdownTimeout := cfg.Testing.ShutdownTimeout
 	if shutdownTimeout == 0 {
 		// The default shutdown timeout is very generous to avoid disrupting
 		// longer running connections.
@ -1738,11 +1738,11 @@ func (process *TeleportProcess) initAuthService() error {

 	var embedderClient embedding.Embedder
 	if cfg.Auth.AssistAPIKey != "" {
-		// cfg.OpenAIConfig is set in tests to change the OpenAI API endpoint
+		// cfg.Testing.OpenAIConfig is set in tests to change the OpenAI API endpoint
 		// Like for proxy, if a custom OpenAIConfig is passed, the token from
 		// cfg.Auth.AssistAPIKey is ignored and the one from the config is used.
-		if cfg.OpenAIConfig != nil {
-			embedderClient = ai.NewClientFromConfig(*cfg.OpenAIConfig)
+		if cfg.Testing.OpenAIConfig != nil {
+			embedderClient = ai.NewClientFromConfig(*cfg.Testing.OpenAIConfig)
 		} else {
 			embedderClient = ai.NewClient(cfg.Auth.AssistAPIKey)
 		}
@ -1789,7 +1789,7 @@ func (process *TeleportProcess) initAuthService() error {
 			CipherSuites:            cfg.CipherSuites,
 			KeyStoreConfig:          cfg.Auth.KeyStore,
 			Emitter:                 checkingEmitter,
-			Streamer:                events.NewReportingStreamer(streamer, process.Config.UploadEventsC),
+			Streamer:                events.NewReportingStreamer(streamer, process.Config.Testing.UploadEventsC),
 			TraceClient:             traceClt,
 			FIPS:                    cfg.FIPS,
 			LoadAllCAs:              cfg.Auth.LoadAllCAs,
@ -2937,7 +2937,7 @@ func (process *TeleportProcess) initUploaderService() error {
 		Streamer:     uploaderClient,
 		ScanDir:      uploadsDir,
 		CorruptedDir: corruptedDir,
-		EventsC:      process.Config.UploadEventsC,
+		EventsC:      process.Config.Testing.UploadEventsC,
 	})
 	if err != nil {
 		return trace.Wrap(err)
@ -4098,7 +4098,7 @@ func (process *TeleportProcess) initProxyEndpoint(conn *Connector) error {
 				return ctx, trace.Wrap(err)
 			}),
 			PROXYSigner:     proxySigner,
-			OpenAIConfig:    cfg.OpenAIConfig,
+			OpenAIConfig:    cfg.Testing.OpenAIConfig,
 			NodeWatcher:     nodeWatcher,
 			AccessGraphAddr: accessGraphAddr,
 			TracerProvider:  process.TracingProvider,
@ -4504,11 +4504,8 @@ func (process *TeleportProcess) initProxyEndpoint(conn *Connector) error {
 			log.Infof("Starting Kube proxy on %v.", kubeListenAddr)

 			var mopts []kubeproxy.ServeOption
-			for _, opt := range cfg.Options {
-				if _, ok := opt.(servicecfg.KubeMultiplexerIgnoreSelfConnectionsOption); ok {
+			if cfg.Testing.KubeMultiplexerIgnoreSelfConnections {
 				mopts = append(mopts, kubeproxy.WithMultiplexerIgnoreSelfConnections())
-					break
-				}
 			}

 			err := kubeServer.Serve(listeners.kube, mopts...)
--- a/lib/service/service_test.go
+++ b/lib/service/service_test.go
@ -821,8 +821,8 @@ func TestTeleportProcess_reconnectToAuth(t *testing.T) {
 	cfg.SSH.Enabled = true
 	cfg.MaxRetryPeriod = 5 * time.Millisecond
 	cfg.CircuitBreakerConfig = breaker.NoopBreakerConfig()
-	cfg.ConnectFailureC = make(chan time.Duration, 5)
-	cfg.ClientTimeout = time.Millisecond
+	cfg.Testing.ConnectFailureC = make(chan time.Duration, 5)
+	cfg.Testing.ClientTimeout = time.Millisecond
 	cfg.InstanceMetadataClient = cloud.NewDisabledIMDSClient()
 	cfg.Log = utils.NewLoggerForTests()
 	process, err := NewTeleport(cfg)
@ -842,7 +842,7 @@ func TestTeleportProcess_reconnectToAuth(t *testing.T) {
 	for i := 0; i < 5; i++ {
 		// wait for connection to fail
 		select {
-		case duration := <-process.Config.ConnectFailureC:
+		case duration := <-process.Config.Testing.ConnectFailureC:
 			stepMin := step * time.Duration(i) / 2
 			stepMax := step * time.Duration(i+1)

@ -916,7 +916,7 @@ func TestTeleportProcessAuthVersionCheck(t *testing.T) {
 	currentVersion, err := semver.NewVersion(teleport.Version)
 	require.NoError(t, err)
 	currentVersion.Major++
-	nodeCfg.TeleportVersion = currentVersion.String()
+	nodeCfg.Testing.TeleportVersion = currentVersion.String()

 	t.Run("with version check", func(t *testing.T) {
 		testVersionCheck(t, nodeCfg, false)
--- a/lib/service/servicecfg/config.go
+++ b/lib/service/servicecfg/config.go
@ -183,10 +183,6 @@ type Config struct {
 	// endpoint extended with additional /debug handlers
 	Debug bool

-	// UploadEventsC is a channel for upload events
-	// used in tests
-	UploadEventsC chan events.UploadEvent `json:"-"`
-
 	// FileDescriptors is an optional list of file descriptors for the process
 	// to inherit and use for listeners, used for in-process updates.
 	FileDescriptors []*FileDescriptor
@ -195,22 +191,12 @@ type Config struct {
 	// of sync agents, used to speed up integration tests.
 	PollingPeriod time.Duration

-	// ClientTimeout is set to override default client timeouts
-	// used by internal clients, used to speed up integration tests.
-	ClientTimeout time.Duration
-
-	// ShutdownTimeout is set to override default shutdown timeout.
-	ShutdownTimeout time.Duration
-
 	// CAPins are the SKPI hashes of the CAs used to verify the Auth Server.
 	CAPins []string

 	// Clock is used to control time in tests.
 	Clock clockwork.Clock

-	// TeleportVersion is used to control the Teleport version in tests.
-	TeleportVersion string
-
 	// FIPS means FedRAMP/FIPS 140-2 compliant configuration was requested.
 	FIPS bool

@ -237,9 +223,6 @@ type Config struct {
 	// MaxRetryPeriod is the maximum period between reconnection attempts to auth
 	MaxRetryPeriod time.Duration

-	// ConnectFailureC is a channel to notify of failures to connect to auth (used in tests).
-	ConnectFailureC chan time.Duration
-
 	// TeleportHome is the path to tsh configuration and data, used
 	// for loading profiles when TELEPORT_HOME is set
 	TeleportHome string
@ -256,17 +239,8 @@ type Config struct {
 	// InstanceMetadataClient specifies the instance metadata client.
 	InstanceMetadataClient cloud.InstanceMetadata

-	// OpenAIConfig contains the optional OpenAI client configuration used by
-	// auth and proxy. When it's not set (the default, we don't offer a way to
-	// set it when executing the regular Teleport binary) we use the default
-	// configuration with auth tokens passed from Auth.AssistAPIKey or
-	// Proxy.AssistAPIKey. We set this only when testing to avoid calls to reach
-	// the real OpenAI API.
-	// Note: When set, this overrides Auth and Proxy's AssistAPIKey settings.
-	OpenAIConfig *openai.ClientConfig
-
-	// Options provide a way to customize behavior of service initialization.
-	Options []Option
+	// Testing is a group of properties that are used in tests.
+	Testing ConfigTesting

 	// AccessGraph represents AccessGraph server config
 	AccessGraph AccessGraphConfig
@ -293,22 +267,36 @@ type Config struct {
 	authServers []utils.NetAddr
 }

-// Option allows to customize default behavior of service initialization defined by Config
-type Option interface {
-	Apply(any) error
-}
+type ConfigTesting struct {
+	// ConnectFailureC is a channel to notify of failures to connect to auth (used in tests).
+	ConnectFailureC chan time.Duration

-// KubeMultiplexerIgnoreSelfConnectionsOption signals that Proxy TLS server's listener should
+	// UploadEventsC is a channel for upload events used in tests
+	UploadEventsC chan events.UploadEvent `json:"-"`
+
+	// ClientTimeout is set to override default client timeouts
+	// used by internal clients, used to speed up integration tests.
+	ClientTimeout time.Duration
+
+	// ShutdownTimeout is set to override default shutdown timeout.
+	ShutdownTimeout time.Duration
+
+	// TeleportVersion is used to control the Teleport version in tests.
+	TeleportVersion string
+
+	// KubeMultiplexerIgnoreSelfConnections signals that Proxy TLS server's listener should
 	// require PROXY header if 'proxyProtocolMode: true' even from self connections. Used in tests as all connections are self
 	// connections there.
-type KubeMultiplexerIgnoreSelfConnectionsOption struct{}
+	KubeMultiplexerIgnoreSelfConnections bool

-func (k KubeMultiplexerIgnoreSelfConnectionsOption) Apply(input any) error {
-	return nil
-}
-
-func WithKubeMultiplexerIgnoreSelfConnectionsOption() KubeMultiplexerIgnoreSelfConnectionsOption {
-	return KubeMultiplexerIgnoreSelfConnectionsOption{}
+	// OpenAIConfig contains the optional OpenAI client configuration used by
+	// auth and proxy. When it's not set (the default, we don't offer a way to
+	// set it when executing the regular Teleport binary) we use the default
+	// configuration with auth tokens passed from Auth.AssistAPIKey or
+	// Proxy.AssistAPIKey. We set this only when testing to avoid calls to reach
+	// the real OpenAI API.
+	// Note: When set, this overrides Auth and Proxy's AssistAPIKey settings.
+	OpenAIConfig *openai.ClientConfig
 }

 // AccessGraphConfig represents TAG server config
@ -591,7 +579,7 @@ func ApplyDefaults(cfg *Config) {

 	cfg.RotationConnectionInterval = defaults.HighResPollingPeriod
 	cfg.MaxRetryPeriod = defaults.MaxWatcherBackoff
-	cfg.ConnectFailureC = make(chan time.Duration, 1)
+	cfg.Testing.ConnectFailureC = make(chan time.Duration, 1)
 	cfg.CircuitBreakerConfig = breaker.DefaultBreakerConfig(cfg.Clock)
 }