Fail loading an ACL config if the provided file is empty and enforceTableACLConfig is true (vitessio#17274) (#173)

Signed-off-by: garfthoffman <[email protected]>
Signed-off-by: Mohamed Hamza <[email protected]>
Co-authored-by: garfthoffman <[email protected]>

Author: mhamza15

go/vt/tableacl/tableacl.go

@@ -110,6 +110,10 @@ func (tacl *tableACL) init(configFile string, aclCB func()) error {
 		log.Infof("unable to read tableACL config file: %v  Error: %v", configFile, err)
 		return err
 	}
+	if len(data) == 0 {
+		return errors.New("tableACL config file is empty")
+	}
+
 	config := &tableaclpb.Config{}
 	if err := config.UnmarshalVT(data); err != nil {
 		// try to parse tableacl as json file

go/vt/tableacl/tableacl_test.go

@@ -23,6 +23,7 @@ import (
 	"reflect"
 	"testing"
 
+	"github.com/stretchr/testify/require"
 	"google.golang.org/protobuf/proto"
 
 	"vitess.io/vitess/go/vt/tableacl/acl"
@@ -74,6 +75,19 @@ func TestInitWithValidConfig(t *testing.T) {
 	}
 }
 
+func TestInitWithEmptyConfig(t *testing.T) {
+	tacl := tableACL{factory: &simpleacl.Factory{}}
+	f, err := os.CreateTemp("", "tableacl")
+	require.NoError(t, err)
+
+	defer os.Remove(f.Name())
+	err = f.Close()
+	require.NoError(t, err)
+
+	err = tacl.init(f.Name(), func() {})
+	require.Error(t, err)
+}
+
 func TestInitFromProto(t *testing.T) {
 	tacl := tableACL{factory: &simpleacl.Factory{}}
 	readerACL := tacl.Authorized("my_test_table", READER)