tctl get all --with-secrets fails with expired SSO users

[webvictim]

Expected behavior

tctl get all --with-secrets (as described in the Backup/Restore docs) should produce a YAML dump of all the resources in the cluster.

Current behavior

tctl get all --with-secrets does not work when there is an expired SSO user in the user list.

ubuntu@ip-172-31-30-140:~$ sudo tctl get all --with-secrets
2024-02-09T18:01:57Z WARN             non_ad_hosts field is deprecated, prefer static_hosts instead config/configuration.go:2014
2024-02-09T18:01:57Z DEBU [SQLITE]    Connected to: file:/var/lib/teleport/proc/sqlite.db?_busy_timeout=10000&_sync=FULL&_txlock=immediate, poll stream period: 1s lite/lite.go:258
2024-02-09T18:01:57Z DEBU [SQLITE]    journal_mode=delete, synchronous=2, busy_timeout=10000 lite/lite.go:309
2024-02-09T18:01:57Z DEBU             Connecting to: [{127.0.0.1:3025 tcp }]. authclient/authclient.go:63

ERROR REPORT:
Original Error: *interceptors.RemoteError cannot itemTo user "[email protected]" without primary item "params"
Stack Trace:
	github.com/gravitational/teleport/[email protected]/client/client.go:1038 github.com/gravitational/teleport/api/client.(*Client).ListUsers
	github.com/gravitational/teleport/[email protected]/client/client.go:993 github.com/gravitational/teleport/api/client.(*Client).GetUsers
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:1725 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).getCollection
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:265 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).GetMany
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:288 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).GetAll
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:234 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).Get
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:204 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:244 github.com/gravitational/teleport/tool/tctl/common.TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:104 github.com/gravitational/teleport/tool/tctl/common.Run
	github.com/gravitational/teleport/e/tool/tctl/main.go:20 main.main
	runtime/proc.go:267 runtime.main
	runtime/asm_amd64.s:1650 runtime.goexit
User Message: cannot itemTo user "[email protected]" without primary item "params"

This seems to be related to the user specifically:

ubuntu@ip-172-31-30-140:~$ sudo tctl get user/[email protected] --with-secrets
2024-02-09T18:13:46Z WARN             non_ad_hosts field is deprecated, prefer static_hosts instead config/configuration.go:2014
2024-02-09T18:13:46Z DEBU [SQLITE]    Connected to: file:/var/lib/teleport/proc/sqlite.db?_busy_timeout=10000&_sync=FULL&_txlock=immediate, poll stream period: 1s lite/lite.go:258
2024-02-09T18:13:46Z DEBU [SQLITE]    journal_mode=delete, synchronous=2, busy_timeout=10000 lite/lite.go:309
2024-02-09T18:13:46Z DEBU             Connecting to: [{127.0.0.1:3025 tcp }]. authclient/authclient.go:63

ERROR REPORT:
Original Error: *interceptors.RemoteError cannot itemTo user "[email protected]" without primary item "params"
Stack Trace:
	github.com/gravitational/teleport/[email protected]/client/client.go:953 github.com/gravitational/teleport/api/client.(*Client).GetUser
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:1731 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).getCollection
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:240 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).Get
	github.com/gravitational/teleport/tool/tctl/common/resource_command.go:204 github.com/gravitational/teleport/tool/tctl/common.(*ResourceCommand).TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:244 github.com/gravitational/teleport/tool/tctl/common.TryRun
	github.com/gravitational/teleport/tool/tctl/common/tctl.go:104 github.com/gravitational/teleport/tool/tctl/common.Run
	github.com/gravitational/teleport/e/tool/tctl/main.go:20 main.main
	runtime/proc.go:267 runtime.main
	runtime/asm_amd64.s:1650 runtime.goexit
User Message: cannot itemTo user "[email protected]" without primary item "params"

Related bug: #6695
Related PR: #6779

Bug details:

• Teleport version: Teleport Enterprise v15.0.1 git:v15.0.1-0-gd347510 go1.21.6