Move custom checks to Auth functions

gravitational · Dec 7, 2022 · 857fd1e · 857fd1e
1 parent d90872c
commit 857fd1e
Show file tree

Hide file tree

Showing 2 changed files with 26 additions and 13 deletions.
diff --git a/lib/config/configuration.go b/lib/config/configuration.go
@@ -664,17 +664,7 @@ func applyAuthConfig(fc *FileConfig, cfg *service.Config) error {
 
 	// Only override networking configuration if some of its fields is
 	// specified in file configuration.
-	customNetworkingConfig := fc.Auth.ClientIdleTimeout != 0 ||
-		fc.Auth.ClientIdleTimeoutMessage != "" ||
-		fc.Auth.WebIdleTimeout != 0 ||
-		fc.Auth.KeepAliveInterval != 0 ||
-		fc.Auth.KeepAliveCountMax != 0 ||
-		fc.Auth.SessionControlTimeout != 0 ||
-		fc.Auth.ProxyListenerMode != 0 ||
-		fc.Auth.RoutingStrategy != 0 ||
-		fc.Auth.TunnelStrategy != nil ||
-		fc.Auth.ProxyPingInterval != 0
-	if customNetworkingConfig {
+	if fc.Auth.hasCustomNetworkingConfig() {
 		cfg.Auth.NetworkingConfig, err = types.NewClusterNetworkingConfigFromConfigFile(types.ClusterNetworkingConfigSpecV2{
 			ClientIdleTimeout:        fc.Auth.ClientIdleTimeout,
 			ClientIdleTimeoutMessage: fc.Auth.ClientIdleTimeoutMessage,
@@ -694,8 +684,7 @@ func applyAuthConfig(fc *FileConfig, cfg *service.Config) error {
 
 	// Only override session recording configuration if either field is
 	// specified in file configuration.
-	customSessionRecordingConfig := fc.Auth.SessionRecording != "" || fc.Auth.ProxyChecksHostKeys != nil
-	if customSessionRecordingConfig {
+	if fc.Auth.hasCustomSessionRecording() {
 		cfg.Auth.SessionRecordingConfig, err = types.NewSessionRecordingConfigFromConfigFile(types.SessionRecordingConfigSpecV2{
 			Mode:                fc.Auth.SessionRecording,
 			ProxyChecksHostKeys: fc.Auth.ProxyChecksHostKeys,

diff --git a/lib/config/fileconf.go b/lib/config/fileconf.go
@@ -889,6 +889,30 @@ type Auth struct {
 	LoadAllCAs bool `yaml:"load_all_cas,omitempty"`
 }
 
+// hasCustomNetworkingConfig returns true if any of the networking
+// configuration fields have values different from an empty Auth.
+func (a *Auth) hasCustomNetworkingConfig() bool {
+	empty := Auth{}
+	return a.ClientIdleTimeout != empty.ClientIdleTimeout ||
+		a.ClientIdleTimeoutMessage != empty.ClientIdleTimeoutMessage ||
+		a.WebIdleTimeout != empty.WebIdleTimeout ||
+		a.KeepAliveInterval != empty.KeepAliveInterval ||
+		a.KeepAliveCountMax != empty.KeepAliveCountMax ||
+		a.SessionControlTimeout != empty.SessionControlTimeout ||
+		a.ProxyListenerMode != empty.ProxyListenerMode ||
+		a.RoutingStrategy != empty.RoutingStrategy ||
+		a.TunnelStrategy != empty.TunnelStrategy ||
+		a.ProxyPingInterval != empty.ProxyPingInterval
+}
+
+// hasCustomSessionRecording returns true if any of the session recording
+// configuration fields have values different from an empty Auth.
+func (a *Auth) hasCustomSessionRecording() bool {
+	empty := Auth{}
+	return a.SessionRecording != empty.SessionRecording ||
+		a.ProxyChecksHostKeys != empty.ProxyChecksHostKeys
+}
+
 // CAKeyParams configures how CA private keys will be created and stored.
 type CAKeyParams struct {
 	// PKCS11 configures a PKCS#11 HSM to be used for all CA private key generation and