Add Ports field to app spec

lib/config/configuration_test.go

@@ -2486,6 +2486,19 @@ app_service:
 			name:   "TCP app with only end port",
 			outErr: require.Error,
 		},
+		{
+			inConfigString: `
+app_service:
+  enabled: true
+  apps:
+    - name: foo
+      uri: "tcp://127.0.0.1"
+      tcp_ports:
+      - port: 78787
+`,
+			name:   "TCP app with port bigger than 65535",
+			outErr: require.Error,
+		},
 	}
 
 	for _, tt := range tests {

lib/config/fileconf.go

@@ -2081,11 +2081,11 @@ type AppAWS struct {
 // PortRange can be used to describe a single port in which case the Port field is the port and the
 // EndPort field is 0.
 type PortRange struct {
-	// Port describes the start of the range. It must be between 1-65535.
-	Port uint32 `yaml:"port"`
-	// EndPort describes the end of the range, inclusive. It must be between 2-65535 and be greater
-	// than Port when describing a port range. When describing a single port, it must be set to 0.
-	EndPort uint32 `yaml:"end_port,omitempty"`
+	// Port describes the start of the range. It must be greater than 0.
+	Port uint16 `yaml:"port"`
+	// EndPort describes the end of the range, inclusive. When describing a port range, it must be
+	// greater than 2 and be greater than Port. When describing a single port, it must be set to 0.
+	EndPort uint16 `yaml:"end_port,omitempty"`
 }
 
 // Proxy is a `proxy_service` section of the config file:

lib/service/service.go

@@ -6772,8 +6772,8 @@ func makeApplicationTCPPorts(servicePorts []servicecfg.PortRange) []*types.PortR
 	ports := make([]*types.PortRange, 0, len(servicePorts))
 	for _, portRange := range servicePorts {
 		ports = append(ports, &types.PortRange{
-			Port:    portRange.Port,
-			EndPort: portRange.EndPort,
+			Port:    uint32(portRange.Port),
+			EndPort: uint32(portRange.EndPort),
 		})
 	}
 	return ports

lib/service/servicecfg/app.go

@@ -136,10 +136,10 @@ type CORS struct {
 // EndPort field is 0.
 type PortRange struct {
 	// Port describes the start of the range. It must be between 1-65535.
-	Port uint32
+	Port uint16
 	// EndPort describes the end of the range, inclusive. It must be between 2-65535 and be greater
 	// than Port when describing a port range. When describing a single port, it must be set to 0.
-	EndPort uint32
+	EndPort uint16
 }
 
 // CheckAndSetDefaults validates an application.

lib/service/servicecfg/config_test.go

@@ -235,10 +235,13 @@ func TestCheckAppTCPPorts(t *testing.T) {
 			check: hasNoErr(),
 		},
 		{
-			name: "valid non-TCP app with ports ignored",
+			// Ports are validated only for TCP apps to allow for some forwards compatibility.
+			// If HTTP apps support port ranges in the future, old versions of Teleport shouldn't hard
+			// fail to make downgrades easier.
+			name: "valid non-TCP app with invalid ports ignored",
 			uri:  "http://localhost:8000",
 			tcpPorts: []PortRange{
-				PortRange{Port: 123456789},
+				PortRange{Port: 0},
 				PortRange{Port: 10, EndPort: 2},
 			},
 			check: hasNoErr(),
@@ -251,27 +254,13 @@ func TestCheckAppTCPPorts(t *testing.T) {
 			},
 			check: hasErrTypeBadParameter(),
 		},
-		{
-			name: "port bigger than 65535",
-			tcpPorts: []PortRange{
-				PortRange{Port: 78787},
-			},
-			check: hasErrTypeBadParameter(),
-		},
 		{
 			name: "end port smaller than 2",
 			tcpPorts: []PortRange{
 				PortRange{Port: 5, EndPort: 1},
 			},
 			check: hasErrTypeBadParameterAndContains("end port must be between"),
 		},
-		{
-			name: "end port bigger than 65535",
-			tcpPorts: []PortRange{
-				PortRange{Port: 1, EndPort: 78787},
-			},
-			check: hasErrTypeBadParameter(),
-		},
 		{
 			name: "end port smaller than port",
 			tcpPorts: []PortRange{