From 180758d5387a9602da2d09fc1b7717af711a1088 Mon Sep 17 00:00:00 2001
From: STeve Huang <xin.huang@goteleport.com>
Date: Mon, 24 Feb 2025 13:19:21 -0500
Subject: [PATCH] fix arrows in diagram

---
 rfd/0202-db-multi-session-mfa.md | 43 ++++++++++++++++----------------
 1 file changed, 22 insertions(+), 21 deletions(-)

diff --git a/rfd/0202-db-multi-session-mfa.md b/rfd/0202-db-multi-session-mfa.md
index e1ab87ecba789..e2a02bc6b054b 100644
--- a/rfd/0202-db-multi-session-mfa.md
+++ b/rfd/0202-db-multi-session-mfa.md
@@ -40,18 +40,18 @@ metadata:
 spec:
   options:
     require_session_mfa: true
-+    # Defaults to 'per-session'. Valid values are:
-+    # - 'per-session': MFA is required for every session.
-+    # - 'multi-session': Allows reuse of a MFA for multiple sessions. Currently only
-+    #    supported for `tsh db exec` command with WebAuthn as the second factor.
-+    requie_session_mfa_mode: "multi-session"
++   # Defaults to 'per-session'. Valid values are:
++   # - 'per-session': MFA is required for every session.
++   # - 'multi-session': Allows reuse of a MFA for multiple sessions. Currently only
++   #    supported for `tsh db exec` command with WebAuthn as the second factor.
++   requie_session_mfa_mode: "multi-session"
   allow:
     db_labels:
       'env': 'dev'
     db_users: ["mysql"]
 ```
 
-I would like to execute a query on multiple databases:
+I would like to execute the same query on multiple databases:
 ```bash
 $ tsh db exec --db-user mysql --exec-query "select @@hostname" mysql-db1 mysql-db2
 MFA is required to execute database sessions
@@ -67,7 +67,7 @@ Executing command for 'mysql-db2':
 mysql-db2-hostname
 ```
 
-I would like to search databases by labels and run the sql scripts in parallel:
+I would like to search databases by labels and run the sql script in parallel:
 ```bash
 $ tsh db exec --search-by-labels env=dev --db-user mysql --exec-query "source my_script.sql" --log-dir exec-logs --max-connections 3
 Found 5 databases:
@@ -105,16 +105,17 @@ sequenceDiagram
     participant tsh
     participant Teleport
     
-    user -> tsh: tsh db exec
-    tsh -> Teleport: CreateAuthenticateChallengeRequest<br/>Scope: SCOPE_DATABASE_MULTI_SESSION<br/>Reuse: true
-    Teleport -> tsh: challenge
-    tsh -> user: prompt
-    user -> tsh: tap
-    tsh -> Teleport: WebAuthn login
-    Teleport -> tsh: MFA Response
+    user --> tsh: tsh db exec
+    tsh --> Teleport: CreateAuthenticateChallengeRequest<br/>Scope: SCOPE_DATABASE_MULTI_SESSION<br/>Reuse: true
+    Teleport --> tsh: challenge
+    tsh --> user: prompt
+    user --> tsh: tap
+    tsh --> Teleport: WebAuthn login
+    Teleport --> tsh: MFA Response
     loop
-        tsh -> Teleport: GenerateUserCerts with MFA response
-        Teleport -> tsh: User cert with database route
+        tsh --> Teleport: GenerateUserCerts with MFA response
+        Teleport --> tsh: User cert with database route
+        tsh --> user: run db command and print output
     end
 ```
 
@@ -125,11 +126,11 @@ version: v7
 spec:
   options:
     require_session_mfa: true
-+    # Defaults to 'per-session'. Valid values are:
-+    # - 'per-session': MFA is required for every session.
-+    # - 'multi-session': Allows reuse of a MFA for multiple sessions. Currently only
-+    #    supported for `tsh db exec` command with WebAuthn as the second factor.
-+    requie_session_mfa_mode: "multi-session"
++   # Defaults to 'per-session'. Valid values are:
++   # - 'per-session': MFA is required for every session.
++   # - 'multi-session': Allows reuse of a MFA for multiple sessions. Currently only
++   #    supported for `tsh db exec` command with WebAuthn as the second factor.
++   requie_session_mfa_mode: "multi-session"
 ```
 
 Mode defaults to `per-session` if not set. If a resource matches a role set with