Fix an issue Oracle access failed through trusted cluster (#42880)

* Fix an issue Oracle access failed through trusted cluster * add note on profile.Cluster
gravitational · Jun 13, 2024 · e33400a · e33400a
1 parent 097e076
commit e33400a
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 9 deletions.
diff --git a/lib/client/db/dbcmd/dbcmd.go b/lib/client/db/dbcmd/dbcmd.go
@@ -112,12 +112,19 @@ func (s SystemExecer) LookPath(file string) (string, error) {
 type CLICommandBuilder struct {
 	tc          *client.TeleportClient
 	rootCluster string
-	profile     *client.ProfileStatus
-	db          *tlsca.RouteToDatabase
-	host        string
-	port        int
-	options     connectionCommandOpts
-	uid         utils.UID
+	// profile is the currently selected tsh profile.
+	//
+	// Note that profile.Cluster indicates the cluster selected with `tsh login
+	// <root/leaf>`. However, the target cluster can be overwritten with
+	// --cluster flag. Therefore profile.Cluster is not suitable for
+	// determining the target cluster or the root cluster. Use tc.SiteName for
+	// the target cluster and rootCluster for root cluster.
+	profile *client.ProfileStatus
+	db      *tlsca.RouteToDatabase
+	host    string
+	port    int
+	options connectionCommandOpts
+	uid     utils.UID
 }
 
 func NewCmdBuilder(tc *client.TeleportClient, profile *client.ProfileStatus,
@@ -757,7 +764,7 @@ func (j *jdbcOracleThinConnection) ConnString() string {
 }
 
 func (c *CLICommandBuilder) getOracleCommand() (*exec.Cmd, error) {
-	tnsAdminPath := c.profile.OracleWalletDir(c.profile.Cluster, c.db.ServiceName)
+	tnsAdminPath := c.profile.OracleWalletDir(c.tc.SiteName, c.db.ServiceName)
 	if runtime.GOOS == constants.WindowsOS {
 		tnsAdminPath = strings.ReplaceAll(tnsAdminPath, `\`, `\\`)
 	}

diff --git a/lib/client/db/dbcmd/dbcmd_test.go b/lib/client/db/dbcmd/dbcmd_test.go
@@ -74,6 +74,7 @@ func TestCLICommandBuilderGetConnectCommand(t *testing.T) {
 		Name:     "example.com",
 		Username: "bob",
 		Dir:      "/tmp",
+		Cluster:  "example.com",
 	}
 
 	tests := []struct {
@@ -619,7 +620,7 @@ func TestCLICommandBuilderGetConnectCommand(t *testing.T) {
 			opts:         []ConnectCommandFunc{WithLocalProxy("localhost", 12345, "")},
 			execer:       &fakeExec{},
 			databaseName: "oracle01",
-			cmd:          []string{"sql", "-L", "jdbc:oracle:thin:@tcps://localhost:12345/oracle01?TNS_ADMIN=/tmp/keys/example.com/bob-db/mysql-wallet"},
+			cmd:          []string{"sql", "-L", "jdbc:oracle:thin:@tcps://localhost:12345/oracle01?TNS_ADMIN=/tmp/keys/example.com/bob-db/db.example.com/mysql-wallet"},
 			wantErr:      false,
 		},
 		{
@@ -628,7 +629,7 @@ func TestCLICommandBuilderGetConnectCommand(t *testing.T) {
 			opts:         []ConnectCommandFunc{WithLocalProxy("localhost", 12345, ""), WithPrintFormat()},
 			execer:       &fakeExec{},
 			databaseName: "oracle01",
-			cmd:          []string{"sql", "-L", "'jdbc:oracle:thin:@tcps://localhost:12345/oracle01?TNS_ADMIN=/tmp/keys/example.com/bob-db/mysql-wallet'"},
+			cmd:          []string{"sql", "-L", "'jdbc:oracle:thin:@tcps://localhost:12345/oracle01?TNS_ADMIN=/tmp/keys/example.com/bob-db/db.example.com/mysql-wallet'"},
 			wantErr:      false,
 		},
 		{
@@ -947,6 +948,7 @@ func TestConvertCommandError(t *testing.T) {
 		Name:     "example.com",
 		Username: "bob",
 		Dir:      homePath,
+		Cluster:  "example.com",
 	}
 
 	tests := []struct {