Open corkrean opened 1 year ago
Here are the logs from the tctl create -f
command on a large auth connector file:
2022-10-11T21:52:41Z DEBU [SQLITE] Connected to: file:%2Fvar%2Flib%2Fteleport%2Fproc%2Fsqlite.db?_busy_timeout=10000&_sync=FULL&_txlock=immediate, poll stream period: 1s lite/lite.go:246
2022-10-11T21:52:41Z DEBU [SQLITE] journal_mode=delete, synchronous=2, busy_timeout=10000 lite/lite.go:293
2022-10-11T21:52:41Z DEBU Connecting to: [{127.0.0.1:3025 tcp }]. authclient/authclient.go:53
2022-10-11T21:52:41Z DEBU [SAML] SSO: OBUFUSCATED
2022-10-11T21:52:41Z DEBU [SAML] Issuer: http://www.okta.com/exk6tpg4bl7fL217y5d7 services/saml.go:103
2022-10-11T21:52:41Z DEBU [SAML] ACS: OBFUSCATED
ERROR REPORT:
Original Error: *status.Error rpc error: code = Unknown desc = ValidationException: Item size has exceeded the maximum allowed size
status code: 400, request id: GNJSC0P9EMSQDCTESNJ032STEFVV4KQNSO5AEMVJF66Q9ASUAAJG
Stack Trace:
/go/src/github.com/gravitational/teleport/api/client/client.go:1683 github.com/gravitational/teleport/api/client.(*Client).UpsertSAMLConnector
/go/src/github.com/gravitational/teleport/e/tool/tctl/resource_command.go:84 main.(*ResourceCommandE).createConnector
/go/src/github.com/gravitational/teleport/tool/tctl/common/resource_command.go:283 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).Create
/go/src/github.com/gravitational/teleport/tool/tctl/common/resource_command.go:159 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).TryRun
/go/src/github.com/gravitational/teleport/e/tool/tctl/resource_command.go:42 main.(*ResourceCommandE).TryRun
/go/src/github.com/gravitational/teleport/tool/tctl/common/tctl.go:186 github.com/gravitational/teleport/tool/tctl/common.Run
/go/src/github.com/gravitational/teleport/e/tool/tctl/main.go:20 main.main
/opt/go/src/runtime/proc.go:250 runtime.main
/opt/go/src/runtime/asm_amd64.s:1571 runtime.goexit
User Message: rpc error: code = Unknown desc = ValidationException: Item size has exceeded the maximum allowed size
status code: 400, request id: GNJSC0P9EMSQDCTESNJ032STEFVV4KQNSO5AEMVJF66Q9ASUAAJG
What would you like Teleport to do? Split auth connectors with thousands of mappings into multiple DynamoDB items to accommodate DynamoDB's 400kb item size limit.
What problem does this solve? DynamoDB has an item size limit of 400kb. This prevents auth connectors with thousands of mappings from being stored in DynamoDB.
If a workaround exists, please include it. Use ETCD for cluster state storage.