Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

tctl get all --with-secrets fails with expired SSO users #38028

Closed
webvictim opened this issue Feb 9, 2024 · 0 comments · Fixed by #38655
Closed

tctl get all --with-secrets fails with expired SSO users #38028

webvictim opened this issue Feb 9, 2024 · 0 comments · Fixed by #38655
Assignees
@espadolini @rosstimothy
Labels
bug tctl tctl - Teleport admin tool

Comments

@webvictim
Copy link
Contributor

webvictim commented Feb 9, 2024
edited
Loading

Expected behavior

tctl get all --with-secrets (as described in the Backup/Restore docs) should produce a YAML dump of all the resources in the cluster.

Current behavior

tctl get all --with-secrets does not work when there is an expired SSO user in the user list.

ubuntu@ip-172-31-30-140:~$ sudo tctl get all --with-secrets
2024-02-09T18:01:57Z WARN             non_ad_hosts field is deprecated, prefer static_hosts instead config/configuration.go:2014
2024-02-09T18:01:57Z DEBU [SQLITE]    Connected to: file:/var/lib/teleport/proc/sqlite.db?_busy_timeout=10000&_sync=FULL&_txlock=immediate, poll stream period: 1s lite/lite.go:258
2024-02-09T18:01:57Z DEBU [SQLITE]    journal_mode=delete, synchronous=2, busy_timeout=10000 lite/lite.go:309
2024-02-09T18:01:57Z DEBU             Connecting to: [{127.0.0.1:3025 tcp }]. authclient/authclient.go:63

ERROR REPORT:
Original Error: *interceptors.RemoteError cannot itemTo user "gus@example.dev" without primary item "params"
Stack Trace:
	github.com/gravitational/teleport/api@v0.0.0/client/client.go:1038 github.com/gravitational/teleport/api/client.(*Client).ListUsers
	github.com/gravitational/teleport/api@v0.0.0/client/client.go:993 github.com/gravitational/teleport/api/client.(*Client).GetUsers
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:1725 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).getCollection
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:265 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).GetMany
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:288 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).GetAll
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:234 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).Get
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:204 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:244 github.com/gravitational/teleport/tool/tctl/common.TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:104 github.com/gravitational/teleport/tool/tctl/common.Run
	github.com/gravitational/teleport/e/tool/tctl/main.go:20 main.main
	runtime/proc.go:267 runtime.main
	runtime/asm_amd64.s:1650 runtime.goexit
User Message: cannot itemTo user "gus@example.dev" without primary item "params"

This seems to be related to the user specifically:

ubuntu@ip-172-31-30-140:~$ sudo tctl get user/gus@example.dev --with-secrets
2024-02-09T18:13:46Z WARN             non_ad_hosts field is deprecated, prefer static_hosts instead config/configuration.go:2014
2024-02-09T18:13:46Z DEBU [SQLITE]    Connected to: file:/var/lib/teleport/proc/sqlite.db?_busy_timeout=10000&_sync=FULL&_txlock=immediate, poll stream period: 1s lite/lite.go:258
2024-02-09T18:13:46Z DEBU [SQLITE]    journal_mode=delete, synchronous=2, busy_timeout=10000 lite/lite.go:309
2024-02-09T18:13:46Z DEBU             Connecting to: [{127.0.0.1:3025 tcp }]. authclient/authclient.go:63

ERROR REPORT:
Original Error: *interceptors.RemoteError cannot itemTo user "gus@example.dev" without primary item "params"
Stack Trace:
	github.com/gravitational/teleport/api@v0.0.0/client/client.go:953 github.com/gravitational/teleport/api/client.(*Client).GetUser
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:1731 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).getCollection
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:240 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).Get
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:204 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:244 github.com/gravitational/teleport/tool/tctl/common.TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:104 github.com/gravitational/teleport/tool/tctl/common.Run
	github.com/gravitational/teleport/e/tool/tctl/main.go:20 main.main
	runtime/proc.go:267 runtime.main
	runtime/asm_amd64.s:1650 runtime.goexit
User Message: cannot itemTo user "gus@example.dev" without primary item "params"

Related bug: #6695
Related PR: #6779

Bug details:

  • Teleport version: Teleport Enterprise v15.0.1 git:v15.0.1-0-gd347510 go1.21.6
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@espadolini espadolini

@rosstimothy rosstimothy

Labels
bug tctl tctl - Teleport admin tool
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Skip incomplete users in listUsersWithSecrets gravitational/teleport
4 participants
@espadolini @webvictim @fspmarshall @rosstimothy