teleport fail to read app-name and app-uri from default configuration file

[lsaavedr]

Description

What happened:

if I try to start teleport it's throwing this error

$ teleport start --roles=node,app --auth-server=teleport.mysuperexample.com:3080
error: application name (--app-name) and URI (--app-uri) flags are both required to join application proxy to the cluster

What you expected to happen:

that teleport start flawlessly, reading app-name and app-uri from default configuration file /etc/teleport.yaml

How to reproduce it (as minimally and precisely as possible):

use the examples in documentation to add an app in default configuration file and try to run a node with roles: node,app

Environment

• Teleport version (use teleport version): v5.1.0
• Tsh version (use tsh version): v5.1.0
• OS (e.g. from /etc/os-release): Armbian 20.08.17 Buster
• Where are you running Teleport? (e.g. AWS, GCP, Dedicated Hardware): orange pi 4b (node) AWS (server)

[webvictim]

I believe that if you provide a --roles option on the command line, you have to also provide all config options for that role on the command line too. You should either put all settings in /etc/teleport.yaml, or provide them all on the command line. Here are some config file equivalents:

Setting --auth-server in /etc/teleport.yaml:

teleport:
  auth_servers: ['teleport.mysuperexample.com:3080']

--roles=node,app --app-name=myapp --app-uri=http://appserver:3000 in /etc/teleport.yaml:

app_service:
  enabled: true
  apps:
  - name: myapp
    uri: http://appserver:3000
ssh_service:
  enabled: true

[webvictim]

This does look like a bug. @russjones confirmed that the intended behaviour is that CLI flags and config file settings should be merged, with CLI flags taking precedence.

[lsaavedr]

Thanks!