diff --git a/go/vt/tableacl/tableacl.go b/go/vt/tableacl/tableacl.go index 1b236cb1812..2bb48ca28f2 100644 --- a/go/vt/tableacl/tableacl.go +++ b/go/vt/tableacl/tableacl.go @@ -110,6 +110,10 @@ func (tacl *tableACL) init(configFile string, aclCB func()) error { log.Infof("unable to read tableACL config file: %v Error: %v", configFile, err) return err } + if len(data) == 0 { + return errors.New("tableACL config file is empty") + } + config := &tableaclpb.Config{} if err := config.UnmarshalVT(data); err != nil { // try to parse tableacl as json file diff --git a/go/vt/tableacl/tableacl_test.go b/go/vt/tableacl/tableacl_test.go index 388567b62e2..1f5e89a6a48 100644 --- a/go/vt/tableacl/tableacl_test.go +++ b/go/vt/tableacl/tableacl_test.go @@ -74,6 +74,21 @@ func TestInitWithValidConfig(t *testing.T) { } } +func TestInitWithEmptyConfig(t *testing.T) { + tacl := tableACL{factory: &simpleacl.Factory{}} + f, err := os.CreateTemp("", "tableacl") + if err != nil { + t.Fatal(err) + } + defer os.Remove(f.Name()) + if err := f.Close(); err != nil { + t.Fatal(err) + } + if err := tacl.init(f.Name(), func() {}); err == nil { + t.Fatal("tableACL config file is empty") + } +} + func TestInitFromProto(t *testing.T) { tacl := tableACL{factory: &simpleacl.Factory{}} readerACL := tacl.Authorized("my_test_table", READER) diff --git a/go/vt/vttablet/tabletserver/tabletserver.go b/go/vt/vttablet/tabletserver/tabletserver.go index 847de25eb02..8fb167efc80 100644 --- a/go/vt/vttablet/tabletserver/tabletserver.go +++ b/go/vt/vttablet/tabletserver/tabletserver.go @@ -367,6 +367,7 @@ func (tsv *TabletServer) initACL(tableACLConfigFile string, enforceTableACLConfi tsv.ClearQueryPlanCache() }, ) + // Log failure if either there was a problem loading the ACL, or if the ACL is empty if err != nil { log.Errorf("Fail to initialize Table ACL: %v", err) if enforceTableACLConfig {