Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Some duration fields can't be parsed from duration strings like 5m #51516

Open
Joerger opened this issue Jan 27, 2025 · 1 comment
Open

Some duration fields can't be parsed from duration strings like 5m #51516

Joerger opened this issue Jan 27, 2025 · 1 comment
Labels
bug

Comments

@Joerger
Copy link
Contributor

Joerger commented Jan 27, 2025
edited
Loading

This issue applies to:

  • Role option mfa_verification_interval
  • Access Graph poll_interval
  • SystemClockMeasurement request_duration

In the docs, we say you can set mfa_verification_interval like this:

    # mfa_verification_interval optionally defines the maximum duration that can elapse between successive MFA verifications.
    # This variable is used to ensure that users are periodically prompted to verify their identity, enhancing
    # security by preventing prolonged sessions without re-authentication when using tsh proxy * derivatives.
    mfa_verification_interval: 1h

Whether you set this with tctl or the WebUI, this will result in an error:

ERROR REPORT:
Original Error: *trace.BadParameterError types.RoleV6.Spec: types.RoleSpecV6.Options: types.RoleOptions.MFAVerificationInterval: readUint64: unexpected character: �, error found in #10 byte of ...|nterval":"10m","perm|..., bigger context ...|"forward_agent":true,"mfa_verification_interval":"10m","permit_x11_forwarding":true,"port_forwarding|...
Stack Trace:
	github.com/gravitational/teleport/lib/services/role.go:3547 github.com/gravitational/teleport/lib/services.UnmarshalRoleV6
	github.com/gravitational/teleport/lib/services/role.go:3527 github.com/gravitational/teleport/lib/services.UnmarshalRole
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:494 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).createRole
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:385 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).Create
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:272 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:168 github.com/gravitational/teleport/tool/tctl/common.TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:79 github.com/gravitational/teleport/tool/tctl/common.Run
	github.com/gravitational/teleport/tool/tctl/main.go:32 main.main
	runtime/proc.go:272 runtime.main
	runtime/asm_arm64.s:1223 runtime.goexit
User Message: types.RoleV6.Spec: types.RoleSpecV6.Options: types.RoleOptions.MFAVerificationInterval: readUint64: unexpected character: �, error found in #10 byte of ...|nterval":"10m","perm|..., bigger context ...|"forward_agent":true,"mfa_verification_interval":"10m","permit_x11_forwarding":true,"port_forwarding|...

You actually have to set an int, and it's unclear to me without digging further whether the int needs to represent seconds or nanoseconds.

I ran into a similar issue before - to parse from a duration string you need to use our custom Duration casttype, e.g.:

int64 max_age = 6 [(gogoproto.casttype) = "Duration"];
@Joerger Joerger added the bug label Jan 27, 2025
@webvictim
Copy link
Contributor

This also applies to tsh login --ttl, although this might not be the same class of bug.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@webvictim @Joerger