[v9] backport #11503 : respect TELEPORT_HOME variable when reading profiles

api/types/constants.go

@@ -33,6 +33,10 @@ const (
 	// True holds "true" string value
 	True = "true"
 
+	// HomeEnvVar specifies the home location for tsh configuration
+	// and data
+	HomeEnvVar = "TELEPORT_HOME"
+
 	// KindNamespace is a namespace
 	KindNamespace = "namespace"
 

lib/service/cfg.go

@@ -255,6 +255,10 @@ type Config struct {
 
 	// ConnectFailureC is a channel to notify of failures to connect to auth (used in tests).
 	ConnectFailureC chan time.Duration
+
+	// TeleportHome is the path to tsh configuration and data, used
+	// for loading profiles when TELEPORT_HOME is set
+	TeleportHome string
 }
 
 // ApplyToken assigns a given token to all internal services but only if token

tool/tctl/common/tctl.go

@@ -149,6 +149,11 @@ func Run(commands []CLICommand) {
 		return
 	}
 
+	cfg.TeleportHome = os.Getenv(types.HomeEnvVar)
+	if cfg.TeleportHome != "" {
+		cfg.TeleportHome = filepath.Clean(cfg.TeleportHome)
+	}
+
 	// configure all commands with Teleport configuration (they share 'cfg')
 	clientConfig, err := applyConfig(&ccf, cfg)
 	if err != nil {
@@ -337,7 +342,7 @@ func loadConfigFromProfile(ccf *GlobalCLIFlags, cfg *service.Config) (*authclien
 	log.WithFields(log.Fields{"proxy": profile.ProxyURL.String(), "user": profile.Username}).Debugf("Found active profile.")
 
 	c := client.MakeDefaultConfig()
-	if err := c.LoadProfile("", proxyAddr); err != nil {
+	if err := c.LoadProfile(cfg.TeleportHome, proxyAddr); err != nil {
 		return nil, trace.Wrap(err)
 	}
 	keyStore, err := client.NewFSLocalKeyStore(c.KeysDir)

tool/tsh/kube.go

@@ -848,7 +848,7 @@ func buildKubeConfigUpdate(cf *CLIConf, kubeStatus *kubernetesStatus) (*kubeconf
 	}
 
 	if cf.HomePath != "" {
-		v.Exec.Env[homeEnvVar] = cf.HomePath
+		v.Exec.Env[types.HomeEnvVar] = cf.HomePath
 	}
 
 	// Only switch the current context if kube-cluster is explicitly set on the command line.

tool/tsh/tsh.go

@@ -342,7 +342,6 @@ const (
 	loginEnvVar       = "TELEPORT_LOGIN"
 	bindAddrEnvVar    = "TELEPORT_LOGIN_BIND_ADDR"
 	proxyEnvVar       = "TELEPORT_PROXY"
-	homeEnvVar        = "TELEPORT_HOME"
 	// TELEPORT_SITE uses the older deprecated "site" terminology to refer to a
 	// cluster. All new code should use TELEPORT_CLUSTER instead.
 	siteEnvVar             = "TELEPORT_SITE"
@@ -2565,7 +2564,7 @@ func setSiteNameFromEnv(cf *CLIConf, fn envGetter) {
 
 // setTeleportHomeFromEnv sets home directory from environment if configured.
 func setTeleportHomeFromEnv(cf *CLIConf, fn envGetter) {
-	if homeDir := fn(homeEnvVar); homeDir != "" {
+	if homeDir := fn(types.HomeEnvVar); homeDir != "" {
 		cf.HomePath = path.Clean(homeDir)
 	}
 }

tool/tsh/tsh_test.go

@@ -887,7 +887,7 @@ func TestEnvFlags(t *testing.T) {
 		}))
 		t.Run("TELEPORT_HOME set", testEnvFlag(testCase{
 			envMap: map[string]string{
-				homeEnvVar: "teleport-data/",
+				types.HomeEnvVar: "teleport-data/",
 			},
 			outCLIConf: CLIConf{
 				HomePath: "teleport-data",
@@ -898,7 +898,7 @@ func TestEnvFlags(t *testing.T) {
 				HomePath: "teleport-data",
 			},
 			envMap: map[string]string{
-				homeEnvVar: "teleport-data/",
+				types.HomeEnvVar: "teleport-data/",
 			},
 			outCLIConf: CLIConf{
 				HomePath: "teleport-data",