Add database initialization command (#400)

internal/cmd/base/base.go

@@ -432,6 +432,9 @@ func (f *FlagSets) NewFlagSet(name string) *FlagSet {
 
 // Completions returns the completions for this flag set.
 func (f *FlagSets) Completions() complete.Flags {
+	if f == nil {
+		return nil
+	}
 	return f.completions
 }
 

internal/cmd/base/servers.go

@@ -461,7 +461,7 @@ func (b *Server) CreateDevDatabase(dialect string, opt ...Option) error {
 
 	b.Database.LogMode(true)
 
-	if err := b.CreateGlobalKmsKeys(); err != nil {
+	if err := b.CreateGlobalKmsKeys(context.Background()); err != nil {
 		return err
 	}
 
@@ -472,7 +472,7 @@ func (b *Server) CreateDevDatabase(dialect string, opt ...Option) error {
 		return nil
 	}
 
-	if err := b.CreateInitialAuthMethod(); err != nil {
+	if err := b.CreateInitialAuthMethod(context.Background()); err != nil {
 		return err
 	}
 
@@ -482,7 +482,7 @@ func (b *Server) CreateDevDatabase(dialect string, opt ...Option) error {
 	return nil
 }
 
-func (b *Server) CreateGlobalKmsKeys() error {
+func (b *Server) CreateGlobalKmsKeys(ctx context.Context) error {
 	rw := db.New(b.Database)
 
 	kmsRepo, err := kms.NewRepository(rw, rw)
@@ -499,13 +499,13 @@ func (b *Server) CreateGlobalKmsKeys() error {
 		return fmt.Errorf("error adding config keys to kms: %w", err)
 	}
 
-	ctx, cancel := context.WithCancel(context.Background())
+	cancelCtx, cancel := context.WithCancel(ctx)
 	go func() {
 		<-b.ShutdownCh
 		cancel()
 	}()
 
-	_, err = kms.CreateKeysTx(ctx, rw, rw, b.RootKms, b.SecureRandomReader, scope.Global.String())
+	_, err = kms.CreateKeysTx(cancelCtx, rw, rw, b.RootKms, b.SecureRandomReader, scope.Global.String())
 	if err != nil {
 		return fmt.Errorf("error creating global scope kms keys: %w", err)
 	}
@@ -513,7 +513,7 @@ func (b *Server) CreateGlobalKmsKeys() error {
 	return nil
 }
 
-func (b *Server) CreateInitialAuthMethod() error {
+func (b *Server) CreateInitialAuthMethod(ctx context.Context) error {
 	rw := db.New(b.Database)
 
 	kmsRepo, err := kms.NewRepository(rw, rw)
@@ -546,13 +546,13 @@ func (b *Server) CreateInitialAuthMethod() error {
 		}
 	}
 
-	ctx, cancel := context.WithCancel(context.Background())
+	cancelCtx, cancel := context.WithCancel(ctx)
 	go func() {
 		<-b.ShutdownCh
 		cancel()
 	}()
 
-	_, err = pwRepo.CreateAuthMethod(ctx, authMethod, password.WithPublicId(b.DevAuthMethodId))
+	_, err = pwRepo.CreateAuthMethod(cancelCtx, authMethod, password.WithPublicId(b.DevAuthMethodId))
 	if err != nil {
 		return fmt.Errorf("error saving auth method to the db: %w", err)
 	}
@@ -580,7 +580,7 @@ func (b *Server) CreateInitialAuthMethod() error {
 	if err != nil {
 		return fmt.Errorf("error creating new in memory auth account: %w", err)
 	}
-	acct, err = pwRepo.CreateAccount(ctx, scope.Global.String(), acct, password.WithPassword(b.DevPassword))
+	acct, err = pwRepo.CreateAccount(cancelCtx, scope.Global.String(), acct, password.WithPassword(b.DevPassword))
 	if err != nil {
 		return fmt.Errorf("error saving auth account to the db: %w", err)
 	}
@@ -598,14 +598,14 @@ func (b *Server) CreateInitialAuthMethod() error {
 	}
 	pr.Name = "Generated Global Scope Admin Role"
 	pr.Description = `Provides admin grants to all authenticated users within the "global" scope`
-	defPermsRole, err := iamRepo.CreateRole(ctx, pr)
+	defPermsRole, err := iamRepo.CreateRole(cancelCtx, pr)
 	if err != nil {
 		return fmt.Errorf("error creating role for default generated grants: %w", err)
 	}
-	if _, err := iamRepo.AddRoleGrants(ctx, defPermsRole.PublicId, defPermsRole.Version, []string{"id=*;actions=*"}); err != nil {
+	if _, err := iamRepo.AddRoleGrants(cancelCtx, defPermsRole.PublicId, defPermsRole.Version, []string{"id=*;actions=*"}); err != nil {
 		return fmt.Errorf("error creating grant for default generated grants: %w", err)
 	}
-	if _, err := iamRepo.AddPrincipalRoles(ctx, defPermsRole.PublicId, defPermsRole.Version+1, []string{"u_auth"}, nil); err != nil {
+	if _, err := iamRepo.AddPrincipalRoles(cancelCtx, defPermsRole.PublicId, defPermsRole.Version+1, []string{"u_auth"}, nil); err != nil {
 		return fmt.Errorf("error adding principal to role for default generated grants: %w", err)
 	}
 

internal/cmd/commands.go

@@ -12,6 +12,7 @@ import (
 	"github.com/hashicorp/boundary/internal/cmd/commands/authtokens"
 	"github.com/hashicorp/boundary/internal/cmd/commands/config"
 	"github.com/hashicorp/boundary/internal/cmd/commands/controller"
+	"github.com/hashicorp/boundary/internal/cmd/commands/database"
 	"github.com/hashicorp/boundary/internal/cmd/commands/dev"
 	"github.com/hashicorp/boundary/internal/cmd/commands/groups"
 	"github.com/hashicorp/boundary/internal/cmd/commands/hostcatalogs"
@@ -237,6 +238,17 @@ func initCommands(ui, serverCmdUi cli.Ui, runOpts *RunOptions) {
 			}, nil
 		},
 
+		"database": func() (cli.Command, error) {
+			return &database.Command{
+				Command: base.NewCommand(ui),
+			}, nil
+		},
+		"database init": func() (cli.Command, error) {
+			return &database.InitCommand{
+				Command: base.NewCommand(ui),
+			}, nil
+		},
+
 		"groups": func() (cli.Command, error) {
 			return &groups.Command{
 				Command: base.NewCommand(ui),

internal/cmd/commands/controller/controller.go

@@ -9,7 +9,6 @@ import (
 	"github.com/hashicorp/boundary/internal/auth/password"
 	"github.com/hashicorp/boundary/internal/cmd/base"
 	"github.com/hashicorp/boundary/internal/cmd/config"
-	"github.com/hashicorp/boundary/internal/db"
 	"github.com/hashicorp/boundary/internal/servers/controller"
 	"github.com/hashicorp/boundary/sdk/strutil"
 	"github.com/hashicorp/boundary/sdk/wrapper"
@@ -219,7 +218,7 @@ func (c *Command) Run(args []string) int {
 		return 1
 	}
 	if c.RootKms == nil {
-		c.UI.Error("Controller KMS not found after parsing KMS blocks")
+		c.UI.Error("Root KMS not found after parsing KMS blocks")
 		return 1
 	}
 	if c.WorkerAuthKms == nil {
@@ -320,10 +319,6 @@ func (c *Command) Run(args []string) int {
 			return 1
 		}
 		c.DatabaseUrl = strings.TrimSpace(dbaseUrl)
-		if err := db.InitStore("postgres", nil, c.DatabaseUrl); err != nil {
-			c.UI.Error(fmt.Errorf("Error running database migrations: %w", err).Error())
-			return 1
-		}
 		if err := c.ConnectToDatabase("postgres"); err != nil {
 			c.UI.Error(fmt.Errorf("Error connecting to database: %w", err).Error())
 			return 1

internal/cmd/commands/database/database.go

@@ -0,0 +1,48 @@
+package database
+
+import (
+	"github.com/hashicorp/boundary/internal/cmd/base"
+	"github.com/mitchellh/cli"
+	"github.com/posener/complete"
+)
+
+var _ cli.Command = (*Command)(nil)
+var _ cli.CommandAutocomplete = (*Command)(nil)
+
+type Command struct {
+	*base.Command
+}
+
+func (c *Command) Synopsis() string {
+	return "Manage Boundary's database"
+}
+
+func (c *Command) Help() string {
+	return base.WrapForHelpText([]string{
+		"Usage: boundary database [sub command] [options] [args]",
+		"",
+		"  This command allows operations on Boundary's database. Example:",
+		"",
+		"    Initialize the database:",
+		"",
+		`      $ boundary database init`,
+		"",
+		"  Please see the database subcommand help for detailed usage information.",
+	})
+}
+
+func (c *Command) Flags() *base.FlagSets {
+	return nil
+}
+
+func (c *Command) AutocompleteArgs() complete.Predictor {
+	return complete.PredictAnything
+}
+
+func (c *Command) AutocompleteFlags() complete.Flags {
+	return c.Flags().Completions()
+}
+
+func (c *Command) Run(args []string) int {
+	return cli.RunResultHelp
+}

internal/cmd/commands/database/funcs.go

@@ -0,0 +1,37 @@
+package database
+
+import (
+	"github.com/hashicorp/boundary/internal/cmd/base"
+)
+
+type AuthMethodInfo struct {
+	AuthMethodId string `json:"auth_method_id"`
+	LoginName    string `json:"login_name"`
+	Password     string `json:"password"`
+	ScopeId      string `json:"scope_id"`
+}
+
+func generateInitialAuthMethodTableOutput(in *AuthMethodInfo) string {
+	nonAttributeMap := map[string]interface{}{
+		"Scope ID":       in.ScopeId,
+		"Auth Method ID": in.AuthMethodId,
+		"Login Name":     in.LoginName,
+		"Password":       in.Password,
+	}
+
+	maxLength := 0
+	for k := range nonAttributeMap {
+		if len(k) > maxLength {
+			maxLength = len(k)
+		}
+	}
+
+	ret := []string{"", "Initial auth method information:"}
+
+	ret = append(ret,
+		// We do +2 because there is another +2 offset for host sets below
+		base.WrapMap(2, maxLength+2, nonAttributeMap),
+	)
+
+	return base.WrapForHelpText(ret)
+}

internal/cmd/commands/database/init.go

@@ -0,0 +1,334 @@
+package database
+
+import (
+	"database/sql"
+	"fmt"
+	"strings"
+
+	"github.com/hashicorp/boundary/internal/cmd/base"
+	"github.com/hashicorp/boundary/internal/cmd/config"
+	"github.com/hashicorp/boundary/internal/db"
+	"github.com/hashicorp/boundary/internal/servers/controller"
+	"github.com/hashicorp/boundary/internal/types/scope"
+	"github.com/hashicorp/boundary/sdk/wrapper"
+	wrapping "github.com/hashicorp/go-kms-wrapping"
+	"github.com/hashicorp/vault/sdk/helper/mlock"
+	"github.com/mitchellh/cli"
+	"github.com/posener/complete"
+)
+
+var _ cli.Command = (*InitCommand)(nil)
+var _ cli.CommandAutocomplete = (*InitCommand)(nil)
+
+type InitCommand struct {
+	*base.Command
+	srv *base.Server
+
+	SighupCh      chan struct{}
+	childSighupCh []chan struct{}
+	ReloadedCh    chan struct{}
+	SigUSR2Ch     chan struct{}
+
+	Config     *config.Config
+	controller *controller.Controller
+
+	configWrapper wrapping.Wrapper
+
+	flagConfig                 string
+	flagConfigKms              string
+	flagLogLevel               string
+	flagLogFormat              string
+	flagMigrationUrl           string
+	flagSkipAuthMethodCreation bool
+}
+
+func (c *InitCommand) Synopsis() string {
+	return "Initialize Boundary's database"
+}
+
+func (c *InitCommand) Help() string {
+	helpText := `
+Usage: boundary database init [options]
+
+  Initialize Boundary's database:
+
+      $ boundary database init -config=/etc/boundary/controller.hcl
+
+  For a full list of examples, please see the documentation.
+
+` + c.Flags().Help()
+	return strings.TrimSpace(helpText)
+}
+
+func (c *InitCommand) Flags() *base.FlagSets {
+	set := c.FlagSet(base.FlagSetHTTP)
+
+	f := set.NewFlagSet("Command Options")
+
+	f.StringVar(&base.StringVar{
+		Name:   "config",
+		Target: &c.flagConfig,
+		Completion: complete.PredictOr(
+			complete.PredictFiles("*.hcl"),
+			complete.PredictFiles("*.json"),
+		),
+		Usage: "Path to the configuration file.",
+	})
+
+	f.StringVar(&base.StringVar{
+		Name:   "config-kms",
+		Target: &c.flagConfigKms,
+		Completion: complete.PredictOr(
+			complete.PredictFiles("*.hcl"),
+			complete.PredictFiles("*.json"),
+		),
+		Usage: `Path to a configuration file containing a "kms" block marked for "config" purpose, to perform decryption of the main configuration file. If not set, will look for such a block in the main configuration file, which has some drawbacks; see the help output for "boundary config encrypt -h" for details.`,
+	})
+
+	f.StringVar(&base.StringVar{
+		Name:       "log-level",
+		Target:     &c.flagLogLevel,
+		Default:    base.NotSetValue,
+		EnvVar:     "BOUNDARY_LOG_LEVEL",
+		Completion: complete.PredictSet("trace", "debug", "info", "warn", "err"),
+		Usage: "Log verbosity level. Supported values (in order of more detail to less) are " +
+			"\"trace\", \"debug\", \"info\", \"warn\", and \"err\".",
+	})
+
+	f.StringVar(&base.StringVar{
+		Name:       "log-format",
+		Target:     &c.flagLogFormat,
+		Default:    base.NotSetValue,
+		Completion: complete.PredictSet("standard", "json"),
+		Usage:      `Log format. Supported values are "standard" and "json".`,
+	})
+
+	f = set.NewFlagSet("Init Options")
+
+	f.BoolVar(&base.BoolVar{
+		Name:   "skip-auth-method-creation",
+		Target: &c.flagSkipAuthMethodCreation,
+		Usage:  "If not set, an auth method will not be created as part of initialization. If set, the recovery KMS will be needed to perform any actions.",
+	})
+
+	f.StringVar(&base.StringVar{
+		Name:    "migration-url",
+		Target:  &c.flagMigrationUrl,
+		Default: base.NotSetValue,
+		Usage:   `If set, overrides a migration URL set in config, and specifies the URL used to connect to the database for initialization. This can allow different permissions for the user running initialization vs. normal operation. This can refer to a file on disk (file://) from which a URL will be read; an env var (env://) from which the URL will be read; or a direct database URL.`,
+	})
+
+	return set
+}
+
+func (c *InitCommand) AutocompleteArgs() complete.Predictor {
+	return complete.PredictNothing
+}
+
+func (c *InitCommand) AutocompleteFlags() complete.Flags {
+	return c.Flags().Completions()
+}
+
+func (c *InitCommand) Run(args []string) int {
+	if result := c.ParseFlagsAndConfig(args); result > 0 {
+		return result
+	}
+
+	if c.configWrapper != nil {
+		defer func() {
+			if err := c.configWrapper.Finalize(c.Context); err != nil {
+				c.UI.Warn(fmt.Errorf("Error finalizing config kms: %w", err).Error())
+			}
+		}()
+	}
+
+	c.srv = base.NewServer(&base.Command{UI: c.UI})
+
+	if err := c.srv.SetupLogging(c.flagLogLevel, c.flagLogFormat, c.Config.LogLevel, c.Config.LogFormat); err != nil {
+		c.UI.Error(err.Error())
+		return 1
+	}
+
+	if err := c.srv.SetupKMSes(c.UI, c.Config); err != nil {
+		c.UI.Error(err.Error())
+		return 1
+	}
+
+	if c.srv.RootKms == nil {
+		c.UI.Error("Root KMS not found after parsing KMS blocks")
+		return 1
+	}
+
+	// If mlockall(2) isn't supported, show a warning. We disable this in dev
+	// because it is quite scary to see when first using Boundary. We also disable
+	// this if the user has explicitly disabled mlock in configuration.
+	if !c.Config.DisableMlock && !mlock.Supported() {
+		c.UI.Warn(base.WrapAtLength(
+			"WARNING! mlock is not supported on this system! An mlockall(2)-like " +
+				"syscall to prevent memory from being swapped to disk is not " +
+				"supported on this system. For better security, only run Boundary on " +
+				"systems where this call is supported. If you are running Boundary" +
+				"in a Docker container, provide the IPC_LOCK cap to the container."))
+	}
+
+	if c.Config.Database == nil {
+		c.UI.Error(`"database" config block not found`)
+		return 1
+	}
+
+	urlToParse := c.Config.Database.Url
+	if urlToParse == "" {
+		c.UI.Error(`"url" not specified in "database" config block"`)
+		return 1
+	}
+
+	var migrationUrlToParse string
+	if c.Config.Database.MigrationUrl != "" {
+		migrationUrlToParse = c.Config.Database.MigrationUrl
+	}
+	if c.flagMigrationUrl != "" && c.flagMigrationUrl != base.NotSetValue {
+		migrationUrlToParse = c.flagMigrationUrl
+	}
+	// Fallback to using database URL for everything
+	if migrationUrlToParse == "" {
+		migrationUrlToParse = urlToParse
+	}
+
+	dbaseUrl, err := config.ParseAddress(urlToParse)
+	if err != nil && err != config.ErrNotAUrl {
+		c.UI.Error(fmt.Errorf("Error parsing database url: %w", err).Error())
+		return 1
+	}
+
+	migrationUrl, err := config.ParseAddress(migrationUrlToParse)
+	if err != nil && err != config.ErrNotAUrl {
+		c.UI.Error(fmt.Errorf("Error parsing migration url: %w", err).Error())
+		return 1
+	}
+
+	// Core migrations using the migration URL
+	{
+		c.srv.DatabaseUrl = strings.TrimSpace(migrationUrl)
+		ldb, err := sql.Open("postgres", c.srv.DatabaseUrl)
+		if err != nil {
+			c.UI.Error(fmt.Errorf("Error opening database to check init status: %w", err).Error())
+			return 1
+		}
+		_, err = ldb.QueryContext(c.Context, "select version from schema_migrations")
+		switch {
+		case err == nil:
+			if base.Format(c.UI) == "table" {
+				c.UI.Info("Database already initialized.")
+				return 0
+			}
+		case strings.Contains(err.Error(), "does not exist"):
+			// Doesn't exist so we continue on
+		default:
+			c.UI.Error(fmt.Errorf("Error querying database for init status: %w", err).Error())
+			return 1
+		}
+		ran, err := db.InitStore("postgres", nil, c.srv.DatabaseUrl)
+		if err != nil {
+			c.UI.Error(fmt.Errorf("Error running database migrations: %w", err).Error())
+			return 1
+		}
+		if !ran {
+			if base.Format(c.UI) == "table" {
+				c.UI.Info("Database already initialized.")
+				return 0
+			}
+		}
+		if base.Format(c.UI) == "table" {
+			c.UI.Info("Migrations successfully run.")
+		}
+	}
+
+	// Everything after is done with normal database URL and is affecting actual data
+	c.srv.DatabaseUrl = strings.TrimSpace(dbaseUrl)
+	if err := c.srv.ConnectToDatabase("postgres"); err != nil {
+		c.UI.Error(fmt.Errorf("Error connecting to database after migrations: %w", err).Error())
+		return 1
+	}
+	if err := c.srv.CreateGlobalKmsKeys(c.Context); err != nil {
+		c.UI.Error(fmt.Errorf("Error creating global-scope KMS keys: %w", err).Error())
+		return 1
+	}
+
+	if base.Format(c.UI) == "table" {
+		c.UI.Info("Global-scope KMS keys successfully created.")
+	}
+
+	if c.flagSkipAuthMethodCreation {
+		return 0
+	}
+
+	// Use an easy name, at least
+	c.srv.DevLoginName = "admin"
+	if err := c.srv.CreateInitialAuthMethod(c.Context); err != nil {
+		c.UI.Error(fmt.Errorf("Error creating initial auth method and user: %w", err).Error())
+		return 1
+	}
+
+	authMethodInfo := &AuthMethodInfo{
+		AuthMethodId: c.srv.DevAuthMethodId,
+		LoginName:    c.srv.DevLoginName,
+		Password:     c.srv.DevPassword,
+		ScopeId:      scope.Global.String(),
+	}
+	switch base.Format(c.UI) {
+	case "table":
+		c.UI.Output(generateInitialAuthMethodTableOutput(authMethodInfo))
+	case "json":
+		b, err := base.JsonFormatter{}.Format(authMethodInfo)
+		if err != nil {
+			c.UI.Error(fmt.Errorf("Error formatting as JSON: %w", err).Error())
+			return 1
+		}
+		c.UI.Output(string(b))
+	}
+
+	return 0
+}
+
+func (c *InitCommand) ParseFlagsAndConfig(args []string) int {
+	var err error
+
+	f := c.Flags()
+
+	if err = f.Parse(args); err != nil {
+		c.UI.Error(err.Error())
+		return 1
+	}
+
+	wrapperPath := c.flagConfig
+	if c.flagConfigKms != "" {
+		wrapperPath = c.flagConfigKms
+	}
+	wrapper, err := wrapper.GetWrapperFromPath(wrapperPath, "config")
+	if err != nil {
+		c.UI.Error(err.Error())
+		return 1
+	}
+	if wrapper != nil {
+		c.configWrapper = wrapper
+		if err := wrapper.Init(c.Context); err != nil {
+			c.UI.Error(fmt.Errorf("Could not initialize kms: %w", err).Error())
+			return 1
+		}
+	}
+
+	// Validation
+	switch {
+	case len(c.flagConfig) == 0:
+		c.UI.Error("Must specify a config file using -config")
+		return 1
+	}
+
+	c.Config, err = config.LoadFile(c.flagConfig, wrapper)
+	if err != nil {
+		c.UI.Error("Error parsing config: " + err.Error())
+		return 1
+	}
+
+	return 0
+}

internal/cmd/config/config.go

@@ -113,7 +113,8 @@ type Worker struct {
 }
 
 type Database struct {
-	Url string `hcl:"url"`
+	Url          string `hcl:"url"`
+	MigrationUrl string `hcl:"migration_url"`
 }
 
 // DevWorker is a Config that is used for dev mode of Boundary

internal/db/db.go

@@ -65,7 +65,7 @@ func InitDbInDocker(dialect string) (cleanup func() error, retURL, container str
 	switch dialect {
 	case "postgres":
 		if os.Getenv("PG_URL") != "" {
-			if err := InitStore(dialect, func() error { return nil }, os.Getenv("PG_URL")); err != nil {
+			if _, err := InitStore(dialect, func() error { return nil }, os.Getenv("PG_URL")); err != nil {
 				return func() error { return nil }, os.Getenv("PG_URL"), "", fmt.Errorf("error initializing store: %w", err)
 			}
 			return func() error { return nil }, os.Getenv("PG_URL"), "", nil
@@ -75,7 +75,7 @@ func InitDbInDocker(dialect string) (cleanup func() error, retURL, container str
 	if err != nil {
 		return func() error { return nil }, "", "", fmt.Errorf("could not start docker: %w", err)
 	}
-	if err := InitStore(dialect, c, url); err != nil {
+	if _, err := InitStore(dialect, c, url); err != nil {
 		return func() error { return nil }, "", "", fmt.Errorf("error initializing store: %w", err)
 	}
 	return c, url, container, nil
@@ -132,8 +132,9 @@ func StartDbInDocker(dialect string) (cleanup func() error, retURL, container st
 	return cleanup, url, resource.Container.Name, nil
 }
 
-// InitStore will execute the migrations needed to initialize the store for tests
-func InitStore(dialect string, cleanup func() error, url string) error {
+// InitStore will execute the migrations needed to initialize the store. It
+// returns true if migrations actually ran; false if we were already current.
+func InitStore(dialect string, cleanup func() error, url string) (bool, error) {
 	var mErr *multierror.Error
 	// run migrations
 	source, err := migrations.NewMigrationSource(dialect)
@@ -144,7 +145,7 @@ func InitStore(dialect string, cleanup func() error, url string) error {
 				mErr = multierror.Append(mErr, fmt.Errorf("error cleaning up from creating driver: %w", err))
 			}
 		}
-		return mErr.ErrorOrNil()
+		return false, mErr.ErrorOrNil()
 	}
 	m, err := migrate.NewWithSourceInstance("httpfs", source, url)
 	if err != nil {
@@ -154,19 +155,22 @@ func InitStore(dialect string, cleanup func() error, url string) error {
 				mErr = multierror.Append(mErr, fmt.Errorf("error cleaning up from creating migrations: %w", err))
 			}
 		}
-		return mErr.ErrorOrNil()
+		return false, mErr.ErrorOrNil()
 
 	}
-	if err := m.Up(); err != nil && err != migrate.ErrNoChange {
+	if err := m.Up(); err != nil {
+		if err == migrate.ErrNoChange {
+			return false, nil
+		}
 		mErr = multierror.Append(mErr, fmt.Errorf("error running migrations: %w", err))
 		if cleanup != nil {
 			if err := cleanup(); err != nil {
 				mErr = multierror.Append(mErr, fmt.Errorf("error cleaning up from running migrations: %w", err))
 			}
 		}
-		return mErr.ErrorOrNil()
+		return false, mErr.ErrorOrNil()
 	}
-	return mErr.ErrorOrNil()
+	return true, mErr.ErrorOrNil()
 }
 
 // cleanupDockerResource will clean up the dockertest resources (postgres)

internal/servers/controller/testing.go

@@ -354,19 +354,19 @@ func NewTestController(t *testing.T, opts *TestControllerOpts) *TestController {
 
 	if opts.DatabaseUrl != "" {
 		tc.b.DatabaseUrl = opts.DatabaseUrl
-		if err := db.InitStore("postgres", nil, tc.b.DatabaseUrl); err != nil {
+		if _, err := db.InitStore("postgres", nil, tc.b.DatabaseUrl); err != nil {
 			t.Fatal(err)
 		}
 		if err := tc.b.ConnectToDatabase("postgres"); err != nil {
 			t.Fatal(err)
 		}
 		if !opts.DisableKmsKeyCreation {
-			if err := tc.b.CreateGlobalKmsKeys(); err != nil {
+			if err := tc.b.CreateGlobalKmsKeys(ctx); err != nil {
 				t.Fatal(err)
 			}
 		}
 		if !opts.DisableAuthMethodCreation {
-			if err := tc.b.CreateInitialAuthMethod(); err != nil {
+			if err := tc.b.CreateInitialAuthMethod(ctx); err != nil {
 				t.Fatal(err)
 			}
 		}