Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Snowflake Trusted Cluster Access tctl auth sign call on leaf cluster #17262

Open
smallinsky opened this issue Oct 11, 2022 · 0 comments
Open

Snowflake Trusted Cluster Access tctl auth sign call on leaf cluster #17262

smallinsky opened this issue Oct 11, 2022 · 0 comments
Assignees
@smallinsky
Labels
bug snowflake test-plan-problem Issues which have been surfaced by running the manual release test plan

Comments

@smallinsky
Copy link
Contributor

Expected behavior:
Snowflake database certs should be property generated by tge tctl auth sign command in multi trusted cluster setup

Current behavior:

When the following tctl auth sign command is generated for snowflake format on leaf cluster

tctl  -c teleport-leaf.yaml auth sign --format=snowflake --out=snowflake-leaf

The handler returns:

ERROR REPORT:
Original Error: *errors.errorString expected database CA to have only one entry, found 2
Stack Trace:
	github.com/gravitational/teleport/tool/tctl/common/auth_command.go:368 github.com/gravitational/teleport/tool/tctl/common.(*AuthCommand).generateSnowflakeKey
	github.com/gravitational/teleport/tool/tctl/common/auth_command.go:342 github.com/gravitational/teleport/tool/tctl/common.(*AuthCommand).GenerateAndSignKeys
	github.com/gravitational/teleport/tool/tctl/common/auth_command.go:153 github.com/gravitational/teleport/tool/tctl/common.(*AuthCommand).TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:201 github.com/gravitational/teleport/tool/tctl/common.TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:92 github.com/gravitational/teleport/tool/tctl/common.Run
	github.com/gravitational/teleport/e/tool/tctl/main.go:20 main.main
	runtime/proc.go:250 runtime.main
	runtime/asm_amd64.s:1594 runtime.goexit
User Message: expected database CA to have only one entry, found 2

This is probably cause by:

teleport/tool/tctl/common/auth_command.go

Lines 370 to 377 in 85a1cdb

databaseCA, err := clusterAPI.GetCertAuthorities(ctx, types.DatabaseCA, false)
if err != nil {
return trace.Wrap(err)
}
if len(databaseCA) != 1 {
return trace.Errorf("expected database CA to have only one entry, found %d", len(databaseCA))
}

where the len(databaseCA) == 1 assumption is incorrect in case of multiple trusted clusters.

Bug details:

  • Teleport version: v11.0.0-alpha.2
  • Root Leaf cluster setup
  • Database Access: Snowflake
@smallinsky smallinsky added bug test-plan-problem Issues which have been surfaced by running the manual release test plan snowflake labels Oct 11, 2022
@smallinsky smallinsky mentioned this issue Oct 11, 2022
Closed
@smallinsky smallinsky self-assigned this Oct 11, 2022
@smallinsky smallinsky mentioned this issue Oct 11, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@smallinsky smallinsky

Labels
bug snowflake test-plan-problem Issues which have been surfaced by running the manual release test plan
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@smallinsky