From bc61d1ad7b3d721e58dedf0d20e32307f2a84bdf Mon Sep 17 00:00:00 2001 From: Steven Martin Date: Thu, 3 Oct 2024 13:04:55 -0400 Subject: [PATCH] [v14] Updates self-hosted db discover to use 2190h ttl for certificate (#47128) * Updates self-hosted db discover to use 2190h ttl * include link to creating cert/pairs for self-hosted db * update to lowercase variable Co-authored-by: Gavin Frazar * revert variable name * Refactor restart database messaging --------- Co-authored-by: Steven Martin Co-authored-by: Gavin Frazar Co-authored-by: Lisa Kim --- .../Discover/Database/MutualTls/MutualTls.tsx | 23 +++++++++++-------- .../Database/MutualTls/useMutualTls.ts | 3 ++- web/packages/teleport/src/config.ts | 7 ++++++ 3 files changed, 23 insertions(+), 10 deletions(-) diff --git a/web/packages/teleport/src/Discover/Database/MutualTls/MutualTls.tsx b/web/packages/teleport/src/Discover/Database/MutualTls/MutualTls.tsx index 09e03b3ad6e68..87d6f0040d80e 100644 --- a/web/packages/teleport/src/Discover/Database/MutualTls/MutualTls.tsx +++ b/web/packages/teleport/src/Discover/Database/MutualTls/MutualTls.tsx @@ -160,9 +160,7 @@ function DbEngineInstructions({ dbEngine }: { dbEngine: DatabaseEngine }) { }, ]} /> - - Restart the database server to apply the configuration. - + ); } @@ -251,9 +249,7 @@ function DbEngineInstructions({ dbEngine }: { dbEngine: DatabaseEngine }) { }, ]} /> - - Restart the database server to apply the configuration. - + See{' '} - - Restart the database server to apply the configuration. - + See{' '} ( + + Restart the database server to apply the configuration. The certificate is + valid for 90 days so this will require installing an{' '} + + updated certificate + {' '} + and restarting the database server before that to continue access. + +); diff --git a/web/packages/teleport/src/Discover/Database/MutualTls/useMutualTls.ts b/web/packages/teleport/src/Discover/Database/MutualTls/useMutualTls.ts index 9b7b680bfe39e..4989baecb67b0 100644 --- a/web/packages/teleport/src/Discover/Database/MutualTls/useMutualTls.ts +++ b/web/packages/teleport/src/Discover/Database/MutualTls/useMutualTls.ts @@ -110,7 +110,8 @@ function generateSignCertificateCurlCommand( if (!token) return ''; const requestUrl = cfg.getDatabaseSignUrl(clusterId); - const requestData = JSON.stringify({ hostname }); + const ttl = cfg.getDatabaseCertificateTTL(); + const requestData = JSON.stringify({ hostname, ttl }); // curl flag -OJ makes curl use the file name // defined from the response header. diff --git a/web/packages/teleport/src/config.ts b/web/packages/teleport/src/config.ts index 75c49ec26477d..7bd1c2bfe938d 100644 --- a/web/packages/teleport/src/config.ts +++ b/web/packages/teleport/src/config.ts @@ -98,6 +98,8 @@ const cfg = { dateFormat: 'YYYY-MM-DD', }, + defaultDatabaseTTL: '2190h', + routes: { root: '/web', discover: '/web/discover', @@ -680,6 +682,11 @@ const cfg = { return generatePath(cfg.api.dbSign, { clusterId }); }, + getDatabaseCertificateTTL() { + // the length of the certificate to request for the database + return cfg.defaultDatabaseTTL; + }, + getDesktopsUrl(clusterId: string, params: UrlResourcesParams) { return generateResourcePath(cfg.api.desktopsPath, { clusterId,