Using SAML app gives ConditionalCheckFailedException on backend with DynamoDB

[greedy52]

Expected behavior: Using SAML app should have one audit log per logic/click from WebUI. Backend should not error when emitting the event. (the event is saml.idp.auth, with display name SAML IDP authentication)

Current behavior: Only first-time login gives an audit log. Proxy/Auth throws errors on audit event emitted on the same session ID after first login.

Related issue: Thanks to https://github.com/gravitational/teleport/pull/38495, now we are catching this. Prior to #38495, it was likely silently overwriting the same key.

Bug details:

• Teleport version: v15
• Recreation steps
  • Enterprise
  • DynamoDB backend
  • On Teleport Web UI -> Access Management -> Enroll New Resource -> SAML Application
  • I tested with https://sptest.iamshowcase.com/instructions#start as the SAML service provider using IDP-initiated flow
  • Once SAML App is created, log in multiple times from Teleport Web UI and observe error logs on Proxy and Auth
• Debug logs

  2024-03-26T13:38:55Z ERRO             Failed to emit audit event of type: saml.idp.auth. error:[
  ERROR REPORT:
  Original Error: trace.aggregate ConditionalCheckFailedException: The conditional request failed
  {
  RespMetadata: {
  StatusCode: 400,
  RequestID: "KU1GTG2BN1SKD36DND9HHKBB9FVV4KQNSO5AEMVJF66Q9ASUAAJG"
  },
  Message_: "The conditional request failed"
  }
  Stack Trace:
  github.com/gravitational/teleport/lib/events/emitter.go:315 github.com/gravitational/teleport/lib/events.(*MultiEmitter).EmitAuditEvent
  github.com/gravitational/teleport/lib/events/emitter.go:178 github.com/gravitational/teleport/lib/events.(*CheckingEmitter).EmitAuditEvent
  github.com/gravitational/teleport/lib/events/usageevents/usageevents.go:70 github.com/gravitational/teleport/lib/events/usageevents.(*UsageLogger).EmitAuditEvent
  github.com/gravitational/teleport/lib/auth/auth_with_roles.go:3917 github.com/gravitational/teleport/lib/auth.(*ServerWithRoles).EmitAuditEvent
  github.com/gravitational/teleport/lib/auth/grpcserver.go:187 github.com/gravitational/teleport/lib/auth.(*GRPCServer).EmitAuditEvent
  github.com/gravitational/teleport/api@v0.0.0/client/proto/authservice.pb.go:21521 github.com/gravitational/teleport/api/client/proto._AuthService_EmitAuditEvent_Handler.func1
  github.com/gravitational/teleport/lib/auth/middleware.go:513 github.com/gravitational/teleport/lib/auth.(*Middleware).withAuthenticatedUserUnaryInterceptor
  google.golang.org/grpc@v1.62.1/server.go:1203 google.golang.org/grpc.getChainUnaryHandler.func1
  github.com/gravitational/teleport/lib/limiter/limiter.go:155 github.com/gravitational/teleport/lib/auth.(*Middleware).UnaryInterceptors.(*Limiter).UnaryServerInterceptorWithCustomRate.func1
  google.golang.org/grpc@v1.62.1/server.go:1203 google.golang.org/grpc.getChainUnaryHandler.func1
  github.com/gravitational/teleport/api@v0.0.0/utils/grpc/interceptors/errors.go:76 github.com/gravitational/teleport/api/utils/grpc/interceptors.GRPCServerUnaryErrorInterceptor
  google.golang.org/grpc@v1.62.1/server.go:1203 google.golang.org/grpc.getChainUnaryHandler.func1
  github.com/grpc-ecosystem/go-grpc-middleware/v2@v2.0.1/interceptors/server.go:22 github.com/gravitational/teleport/lib/auth.(*Middleware).UnaryInterceptors.(*ServerMetrics).UnaryServerInterceptor.UnaryServerInterceptor.func2
  google.golang.org/grpc@v1.62.1/server.go:1203 google.golang.org/grpc.getChainUnaryHandler.func1
  go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.49.0/interceptor.go:326 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc.UnaryServerInterceptor.func1
  google.golang.org/grpc@v1.62.1/server.go:1194 google.golang.org/grpc.NewServer.chainUnaryServerInterceptors.chainUnaryInterceptors.func1
  github.com/gravitational/teleport/api@v0.0.0/client/proto/authservice.pb.go:21523 github.com/gravitational/teleport/api/client/proto._AuthService_EmitAuditEvent_Handler
  google.golang.org/grpc@v1.62.1/server.go:1386 google.golang.org/grpc.(*Server).processUnaryRPC
  google.golang.org/grpc@v1.62.1/server.go:1797 google.golang.org/grpc.(*Server).handleStream
  google.golang.org/grpc@v1.62.1/server.go:1027 google.golang.org/grpc.(*Server).serveStreams.func2.1
  runtime/asm_amd64.s:1695 runtime.goexit

[greedy52]

Can this be closed now?