tctl users add fails on auth-only cluster

[hugoShaka]

Expected behaviour:

• Install a new Teleport cluster

  Teleport.yaml

  teleport:
    nodename: ip-172-31-0-17-ca-central-1-compute-internal
    advertise_ip: 172.31.0.17
    log:
      output: stderr
      severity: INFO
    data_dir: /var/lib/teleport
    storage:
      type: dynamodb
      region: ca-central-1
      table_name: hugo-test-17
      audit_events_uri: dynamodb://hugo-test-17-events
      audit_sessions_uri: s3://hugo-test-teleport-17-tf/records
  
  ssh_service:
    enabled: no
  
  proxy_service:
    enabled: no
  
  auth_service:
    enabled: yes
    proxy_protocol: on
    public_addr: hugo-test-17-auth-ae28cc874d2bb6f4.elb.ca-central-1.amazonaws.com:3025
    keep_alive_interval: 1m
    keep_alive_count_max: 3
    listen_addr: 0.0.0.0:3025
    authentication:
      type: local
      second_factor: on
      webauthn:
        rp_id: hugo-test-17.teleportdemo.net
    cluster_name: hugo-test-17
    license_file: /var/lib/teleport/license.pem

• I SSH on the auth server

• The auth is running but the proxy not yet

• I can create my first user:

  tctl users add teleport-admin --roles=editor,access --logins=root,ec2-user
  

Current behaviour:

tctl fails with the following error:

$> tctl users add teleport-admin --roles=editor,access --logins=root,ec2-user

ERROR: failed to handle SSO MFA ceremony
	missing required field ProxyAddr

This is an issue as I need to create resources with tctl to fix my proxies, but tctl refuses to work until I got at least a proxy 😅 .

Bug details:

• Teleport version: 17.0.0-alpha.5
• Recreation steps: run a Teleport cluster with no proxy and try to use tctl users add
• Debug logs:

2024-11-07T21:17:05Z DEBU [SQLITE]    Connected to database database:file:/var/lib/teleport/proc/sqlite.db?_busy_timeout=10000&_sync=FULL&_txlock=immediate poll_stream_period:1s lite/lite.go:259
2024-11-07T21:17:05Z DEBU [SQLITE]    retrieved pragma values journal_mode:delete synchronous:2 busy_timeout:10000 lite/lite.go:310
2024-11-07T21:17:05Z DEBU  Auth client connecting auth_servers:[{0.0.0.0:3025 tcp }] authclient/authclient.go:63

ERROR REPORT:
Original Error: *trace.BadParameterError missing required field ProxyAddr
Stack Trace:
	github.com/gravitational/teleport/lib/client/sso/redirector.go:139 github.com/gravitational/teleport/lib/client/sso.NewRedirector
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:267 github.com/gravitational/teleport/tool/tctl/common.TryRun.func2
	github.com/gravitational/teleport/[email protected]/mfa/ceremony.go:73 github.com/gravitational/teleport/api/mfa.(*Ceremony).Run
	github.com/gravitational/teleport/[email protected]/client/mfa.go:35 github.com/gravitational/teleport/api/client.(*Client).PerformMFACeremony
	github.com/gravitational/teleport/[email protected]/mfa/ceremony.go:137 github.com/gravitational/teleport/api/mfa.PerformAdminActionMFACeremony
	github.com/gravitational/teleport/tool/tctl/common/user_command.go:301 github.com/gravitational/teleport/tool/tctl/common.(*UserCommand).Add
	github.com/gravitational/teleport/tool/tctl/common/user_command.go:159 github.com/gravitational/teleport/tool/tctl/common.(*UserCommand).TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:278 github.com/gravitational/teleport/tool/tctl/common.TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:109 github.com/gravitational/teleport/tool/tctl/common.Run
	github.com/gravitational/teleport/tool/tctl/main.go:26 main.main
	runtime/proc.go:272 runtime.main
	runtime/asm_arm64.s:1223 runtime.goexit
User Message: failed to handle SSO MFA ceremony
	missing required field ProxyAddr