search

gravitational / teleport

The easiest, and most secure way to access and protect all of your infrastructure.
https://goteleport.com
GNU Affero General Public License v3.0
16.96k stars 1.7k forks source link

Teleport Connect with Oracle DBs #42689

Open scottpgallagher opened 3 weeks ago

scottpgallagher commented 3 weeks ago

Expected behavior: Teleport Connect would work with Oracle DBs

Current behavior: When using Teleport Connect with Oracle DBs there is an error as Connect isn't creating the oracle-wallet directory and it's subitems

Bug details:

Copyright (c) 1982, 2024, Oracle.  All rights reserved.

  USER          = 
  URL           = jdbc:oracle:thin:@tcps://localhost:51083/XE?TNS_ADMIN=/Users/scottgallagher/Library/Application Support/Teleport Connect/tsh/keys/solutionengs.teleport.sh/scott.gallagher@goteleport.com-db/solutionengs.teleport.sh/oracle-wallet
  Error Message = IO Error: Connection closed, connect lapse 60611 ms., Authentication lapse 0 ms.
ls Library/Application\ Support/Teleport\ Connect/tsh/keys/solutionengs.teleport.sh/scott.gallagher@goteleport.com-db/solutionengs.teleport.sh/
oracle-x509.pem
tree .tsh
.tsh
├── current-profile
├── keys
│   └── solutionengs.teleport.sh
│       ├── cas
│       │   └── solutionengs.teleport.sh.pem
│       ├── certs.pem
│       ├── scott.gallagher@goteleport.com
│       ├── scott.gallagher@goteleport.com-db
│       │   ├── proxy-localca.pem
│       │   └── solutionengs.teleport.sh
│       │       ├── oracle-wallet
│       │       │   ├── ojdbc.properties
│       │       │   ├── sqlnet.ora
│       │       │   ├── tnsnames.ora
│       │       │   └── wallet.jks
│       │       └── oracle-x509.pem
ravicious commented 2 weeks ago

Does it work if you launch tsh db connect from within a local terminal tab in Connect?

scottpgallagher commented 2 weeks ago

It gives me a similar error tying with tsh in the Connect terminal 

tsh db connect --db-user=alice --db-name=XE oracle                                                                                   ─╯

SQLcl: Release 24.1 Production on Mon Jun 17 08:18:13 2024

Copyright (c) 1982, 2024, Oracle.  All rights reserved.

  USER          = 
  URL           = jdbc:oracle:thin:@tcps://localhost:63475/XE?TNS_ADMIN=/Users/scottgallagher/Library/Application Support/Teleport Connect/tsh/keys/scott.teleportdemo.com/scott.gallagher@goteleport.com-db/scott.teleportdemo.com/oracle-wallet
  Error Message = IO Error: IO Error PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target, connect lapse 143 ms., Authentication lapse 0 ms.

ERROR: exit status 1
ravicious commented 2 weeks ago

I wonder if it's the same as #42878. Though you're not connecting to a leaf cluster, right?

scottpgallagher commented 2 weeks ago

Looks similar, but this is not through a leaf cluster