improve config parse and moved endpoint to a GET

gravitational · Dec 18, 2024 · 8f658e7 · 8f658e7
1 parent 353fcec
commit 8f658e7
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 5 deletions.
diff --git a/lib/web/apiserver.go b/lib/web/apiserver.go
@@ -994,7 +994,7 @@ func (h *Handler) bindDefaultEndpoints() {
 	h.GET("/webapi/scripts/integrations/configure/listdatabases-iam.sh", h.WithLimiter(h.awsOIDCConfigureListDatabasesIAM))
 	h.POST("/webapi/sites/:site/integrations/aws-oidc/:name/deployservice", h.WithClusterAuth(h.awsOIDCDeployService))
 	h.POST("/webapi/sites/:site/integrations/aws-oidc/:name/deploydatabaseservices", h.WithClusterAuth(h.awsOIDCDeployDatabaseServices))
-	h.POST("/webapi/sites/:site/integrations/aws-oidc/:name/listdeployeddatabaseservices", h.WithClusterAuth(h.awsOIDCListDeployedDatabaseService))
+	h.GET("/webapi/sites/:site/integrations/aws-oidc/:name/listdeployeddatabaseservices", h.WithClusterAuth(h.awsOIDCListDeployedDatabaseService))
 	h.GET("/webapi/scripts/integrations/configure/deployservice-iam.sh", h.WithLimiter(h.awsOIDCConfigureDeployServiceIAM))
 	h.POST("/webapi/sites/:site/integrations/aws-oidc/:name/ec2", h.WithClusterAuth(h.awsOIDCListEC2))
 	h.POST("/webapi/sites/:site/integrations/aws-oidc/:name/eksclusters", h.WithClusterAuth(h.awsOIDCListEKSClusters))

diff --git a/lib/web/integrations_awsoidc.go b/lib/web/integrations_awsoidc.go
@@ -323,6 +323,7 @@ func fetchRelevantAWSRegions(ctx context.Context, authClient databaseGetter, dis
 			ResourceType: types.KindDatabaseService,
 			Limit:        defaults.MaxIterationLimit,
 			StartKey:     nextPageKey,
+			Labels:       map[string]string{types.AWSOIDCAgentLabel: types.True},
 		}
 		page, err := client.GetResourcePage[types.DatabaseService](ctx, authClient, req)
 		if err != nil {
@@ -458,8 +459,15 @@ func matchingLabelsFromDeployedService(deployedDatabaseService *integrationv1.De
 		return nil, trace.BadParameter("unexpected command size, expected at least 3 args, got %d", len(commandArgs))
 	}
 
-	// The --config-string flag's value is the last argument.
-	teleportConfigString := commandArgs[len(commandArgs)-1]
+	// The command should have a --config-string flag and then the teleport's base64 encoded configuration as argument
+	teleportConfigStringFlagIdx := slices.Index(commandArgs, "--config-string")
+	if teleportConfigStringFlagIdx == -1 {
+		return nil, trace.BadParameter("missing --config-string flag in container command")
+	}
+	if len(commandArgs) < teleportConfigStringFlagIdx+1 {
+		return nil, trace.BadParameter("missing --config-string argument in container command")
+	}
+	teleportConfigString := commandArgs[teleportConfigStringFlagIdx+1]
 
 	labelMatchers, err := deployserviceconfig.ParseResourceLabelMatchers(teleportConfigString)
 	if err != nil {

diff --git a/lib/web/integrations_awsoidc_test.go b/lib/web/integrations_awsoidc_test.go
@@ -1298,6 +1298,44 @@ func TestAWSOIDCListDeployedDatabaseServices(t *testing.T) {
 				}}
 			},
 		},
+		{
+			name:        "service exist but was changed and --config-string argument is missing",
+			integration: "my-integration",
+			regions:     []string{"us-west-2"},
+			servicesPerRegion: func(t *testing.T) map[string][]*integrationv1.DeployedDatabaseService {
+				command := buildCommandDeployedDatabaseService(t, true, types.Labels{"vpc": []string{"vpc1", "vpc2"}})
+				command = command[:len(command)-1]
+				return map[string][]*integrationv1.DeployedDatabaseService{
+					"us-west-2": dummyDeployedDatabaseServices(1, command),
+				}
+			},
+			expectedServices: func(t *testing.T) []ui.AWSOIDCDeployedDatabaseService {
+				return []ui.AWSOIDCDeployedDatabaseService{{
+					Name:                "database-service-vpc-0",
+					DashboardURL:        "url",
+					ValidTeleportConfig: false,
+				}}
+			},
+		},
+		{
+			name:        "service exist but was changed and --config-string flag is missing",
+			integration: "my-integration",
+			regions:     []string{"us-west-2"},
+			servicesPerRegion: func(t *testing.T) map[string][]*integrationv1.DeployedDatabaseService {
+				command := buildCommandDeployedDatabaseService(t, true, types.Labels{"vpc": []string{"vpc1", "vpc2"}})
+				command[1] = "--no-config-string"
+				return map[string][]*integrationv1.DeployedDatabaseService{
+					"us-west-2": dummyDeployedDatabaseServices(1, command),
+				}
+			},
+			expectedServices: func(t *testing.T) []ui.AWSOIDCDeployedDatabaseService {
+				return []ui.AWSOIDCDeployedDatabaseService{{
+					Name:                "database-service-vpc-0",
+					DashboardURL:        "url",
+					ValidTeleportConfig: false,
+				}}
+			},
+		},
 		{
 			name:        "supports pagination",
 			integration: "my-integration",
@@ -1330,9 +1368,10 @@ func TestAWSOIDCListDeployedDatabaseServices(t *testing.T) {
 				integration:       tt.integration,
 				servicesPerRegion: tt.servicesPerRegion(t),
 			}
-			got, err := listDeployedDatabaseServices(ctx, logger, tt.integration, tt.regions, clt)
+			actual, err := listDeployedDatabaseServices(ctx, logger, tt.integration, tt.regions, clt)
 			require.NoError(t, err)
-			require.Equal(t, tt.expectedServices(t), got)
+			expected := tt.expectedServices(t)
+			require.Equal(t, expected, actual)
 		})
 	}
 }