From 7ae3708c02c089f39e9b03d25a271184f9c064f3 Mon Sep 17 00:00:00 2001
From: Alex Vandiver <alexmv@zulip.com>
Date: Fri, 15 Jul 2022 16:38:00 -0700
Subject: [PATCH] teleport: Add explicit WebAuthn config, not just U2F.

WebAuthn is the default, replacing U2F, in Teleport 10 and above[1].
While Teleport can derive a WebAuthn configuration from a U2F
configuration[2], it's useful to be explicit.

[1]: https://goteleport.com/docs/access-controls/guides/webauthn/
[2]: https://goteleport.com/docs/access-controls/guides/webauthn/#u2f
---
 puppet/zulip_ops/files/teleport_server.yaml | 7 ++-----
 1 file changed, 2 insertions(+), 5 deletions(-)

diff --git a/puppet/zulip_ops/files/teleport_server.yaml b/puppet/zulip_ops/files/teleport_server.yaml
index 52a0878064c04..4789e622de582 100644
--- a/puppet/zulip_ops/files/teleport_server.yaml
+++ b/puppet/zulip_ops/files/teleport_server.yaml
@@ -12,11 +12,8 @@ auth_service:
     second_factor: on
     u2f:
       app_id: https://teleport.zulipchat.net
-      facets:
-        - https://teleport.zulipchat.net:443
-        - https://teleport.zulipchat.net
-        - teleport.zulipchat.net:443
-        - teleport.zulipchat.net
+    webauthn:
+      rp_id: teleport.zulipchat.net
 
 proxy_service:
   enabled: "yes"