Boundary enables identity-based access management for dynamic infrastructure.

Last update: Jan 9, 2023

Related tags

Overview

Boundary

Please note: We take Boundary's security and our users' trust very seriously. If you believe you have found a security issue in Boundary, please responsibly disclose by contacting us at [email protected].

Boundary provides simple and secure access to hosts and services.

Traditional approaches like SSH bastion hosts or VPNs require distributing and managing credentials, configuring network controls like firewalls, and exposing the private network. Boundary provides a secure way to access hosts and critical systems without having to manage credentials or expose your network, and is entirely open source.

Boundary is designed to be straightforward to understand, highly scalable, and resilient. It can run in clouds, on-prem, secure enclaves and more, and does not require an agent to be installed on every end host.

Unlike firewalls, Boundary performs per-access authentication and authorization checks, allowing for much higher level mappings of users to services or hosts than at network layers. Although complementary to secrets managers (like HashiCorp's own Vault), Boundary fills a different niche, allowing the credential that is eventually used to be hidden entirely from the user.

Getting Started

Boundary consists of two server components: Controllers, which serve the API and coordinate session requests; and Workers, which perform the actual session handling. A normal Boundary installation will consist of one or more Controllers paired with one or more Workers. A single Boundary binary can act in either of these two modes.

Additionally, Boundary provides a client that provides access to request and connect to authorized sessions.

Boundary does not require software to be installed on the endpoint hosts and services.

Requirements

Boundary has two external dependencies: a SQL database, and one or more KMSes. Both are readily available from cloud vendors, but can be satisfied by on-premises technologies as well.

The database contains Boundary's configuration and session information and must be accessible by Controller nodes. Values that are secrets (such as credentials) are encrypted in the database. Currently, PostgreSQL is supported as a database and has been tested with Postgres 11 and above. Boundary uses only common extensions and both hosted and self-run instances are supported. In most instances all that is needed is a database endpoint and appropriate credentials.
Any cloud KMS or Vault's Transit Secrets Engine can be used to satisfy the KMS requirement. Currently, two keys within the KMS are required: one for authenticating other cluster components, which must be accessible by both Controllers and Workers; and one for encrypting secret values in the database, which need only be accessible to Controllers. These keys can be changed over time (so long as the original key remains available for any decryption needs), and key derivation is used extensively to avoid key sprawl of these high-value keys. If available, other keys can be used for other purposes, such as recovery functionality and encryption of sensitive values in Boundary's config file.

Boundary has a dev mode that can be used for testing. In this mode both a Controller and Worker are started with a single command, and they have the following properties:

The Controller will start a PostgreSQL Docker container to use as storage. This container will be shut down and removed (if possible) when the Controller is (gracefully) shut down.
The Controller will use an internal KMS with ephemeral keys

Trying out Boundary

Running Boundary in a more permanent context requires a few more steps, such as writing some simple configuration files to tell the nodes how to reach their database and KMS. The steps below, along with the extra information needed for permanent installations, are detailed in our Installation Guide.

Build and Start Boundary in Dev Mode

If you have the following requirements met locally:

Golang v1.16 or greater
Docker

You can get up and running with Boundary quickly. Simply run:

make dev

This will build Boundary. (The first time this is run it will fetch and compile UI assets; which will take a few extra minutes.) Once complete, run Boundary in dev mode:

$GOPATH/bin/boundary dev

Please note that development may require other tools; to install the set of tools at the versions used by the Boundary team, run:

make tools

Without doing so, you may encounter errors while running make dev. It is important to also note that using make tools will install various tools used for Boundary development to the normal Go binary directory; this may overwrite or take precedence over tools that might already be installed on the system.

Specify a UI Commitish at Build Time

By default the UI will be built from a preselected commit ID from the UI repo. A different commitish from which to build UI assets may be specified via the UI_COMMITISH environment variable. For example:

UI_COMMITISH=feature-branch make build-ui

will update your local UI assets.

UI Build Troubleshooting

UI assets are built within a Docker container. If you encounter issues with this build step, trying increasing memory and swap available to Docker.

UI Development

It would be impractical to rebuild the binary on every change when actively developing the UI. To make UI development more convenient, the binary supports a passthrough directory. This is an arbitrary local directory from which UI assets are served. Note this option is only available in dev mode. For example:

BOUNDARY_DEV_PASSTHROUGH_DIRECTORY=/boundary-ui/ui/admin/dist ~/go/bin/boundary dev

Download and Run from Release Page

Download the latest release of the server binary and appropriate desktop client(s) from our releases page

Start Boundary

Start the server binary with:

boundary dev

This will start a Controller service listening on http://127.0.0.1:9200 for incoming API requests and a Worker service listening on http://127.0.0.1:9202 for incoming session requests. It will also create various default resources and display various useful pieces of information, such as a login name and password that can be used to authenticate.

Configuring Resources

For a simple test of Boundary in dev mode you don't generally need to configure any resources at all! But it's useful to understand what dev mode did for you so you can then take further steps. By default, dev mode will create:

The global Scope for initial authentication, containing a Password-type Auth Method, along with an Account for login.
An organization Scope under global, and a project Scope inside the organization.
A Host Catalog with a default Host Set, which itself contains a Host with the address of the local machine (127.0.0.1)
A Target mapping the Host Set to a set of connection parameters, with a default port of 22 (e.g. SSH)

You can of course go into Boundary's web UI or use its API to change these default values, for instance if you want to connect to a different host or need to modify the port on which to to connect.

Making the Connection

Next, let's actually make a connection to your local SSH daemon via Boundary:

Authenticate to Boundary; using default dev values, this would be boundary authenticate password -auth-method-id ampw_1234567890 -login-name admin -password password. (Note that if you do not include the password flag you will be prompted for it.)
Run boundary connect ssh -target-id ttcp_1234567890. If you want to adjust the username, pass -username <name> to the command.

A lot more is possible with Boundary, even at this early stage. Check out the possibilities for target configuration to test out limiting (or increasing) the number of connections per session or setting a maximum time limit; try canceling an active session from the sessions page or via boundary sessions, make your own commands with boundary connect -exec, and so on.

Going Further

This example is a simple way to get started but omits several key steps that could be taken in a production context:

Using a firewall or other means to restrict the set of hosts allowed to connect to a local service to only Boundary Worker nodes, thereby making Boundary the only means of ingress to a host
Using the Boundary Terraform provider to easily integrate Boundary with your existing code-based infrastructure
Pointing a BI tool (PowerBI, Tableau, etc.) at Boundary's session warehouse to generate insights and look for anomalies with respect to session access

There are many, many more things that Boundary will do in the future in terms of integrations, features, and more. We have a long roadmap planned out, so stay tuned for information about new features and capabilities!

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance.

Comments

Attempting to delete a stale active session throws a duplicate key violation
Describe the bug

When deleting old stale but still active sessions Boundary reports the following error from the controller

2021-03-31T22:21:52.261Z [ERROR] controller: error performing termination of completed sessions: error="session.(Repository).TerminateCompletedSessions: db.DoTx: session.(Repository).TerminateCompletedSessions: db.Exec: duplicate key value violates unique constraint "session_state_session_id_end_time_key": unique constraint violation:

To Reproduce Steps to reproduce the behavior:

Open several sessions to the same target

I think let the session timeout due to OS sleep or similar - I left a session or two open and my Mac went to sleep

Session apparently remains active even though the terminal process is no long running but unable to be deleted from

Expected behavior

Sessions should be cancellable without a dependency violation

Additional context

I attempt to remove the session via the Boundary desktop application and CLI with same result

The session I tried to cancel has long since been closed from the client but has remained stuck here

From the CLI same error is presented

➜ ~ boundary sessions cancel -id s_tURbHPlAvP Error from controller when performing cancel on session: Error information: Kind: InvalidArgument Message: Invalid request. Request attempted to make second resource with the same field value that must be unique. Status: 400 ➜ ~

Boundary CLI version

Version information: Git Revision: bc565922fbd3a18c9f6a22cd2e80a93df0d7cd45 Version Number: 0.1.7

Boundary Server Version

/ $ boundary version Version information: Git Revision: c0f33f982c87c0eb4127cb16cf06b03a37b91dbd Version Number: 0.1.8 / $

I am running Boundary server in Docker on Kubernetes backed by Postgres
bug
opened by dylanrhysscott 28

Sessions are not closing/terminated [ICU-1257]

Describe the bug Sessions are displayed as active in the webui and cli and stay active after cancelling the connection.

To Reproduce

Create a connection
Shutdown boundary with connection still active
Start boundary(usually the next day)
Connection is still displayed in the view way beyond it's TTL

Expected behavior For the connection to be closed when boundary is shut downed and no longer displayed as active. And be able to cancel the connecting without it popping back up.

Additional context The way we have boundary setup currently, it's shutdown at the end of day so my guess is this is what is causing the issues.

So I'm having this issue currently with multiple sessions and have seen the issue come back several times. Only way i've found to "fix" this is to reinitialize the db which i would like to avoid.

boundary sessions read -id s_0P4gIy6IG6

Session information:
  Auth Token ID:        at_7c30sq3trl
  Created Time:         Thu, 21 Jan 2021 16:03:07 CET
  Endpoint:             tcp://url
  Expiration Time:      Fri, 22 Jan 2021 00:03:07 CET
  Host ID:              hst_GojaoqThFC
  Host Set ID:          hsst_3snDcq1TsV
  ID:                   s_0P4gIy6IG6
  Status:               terminated
  Target ID:            ttcp_p2xUpl4ZHU
  Termination Reason:   canceled
  Type:                 tcp
  Updated Time:         Fri, 29 Jan 2021 12:14:40 CET
  User ID:              u_TWZ6052pWZ
  Version:              31

  Scope:
    ID:                 p_j3z93Fl705
    Name:               test
    Parent Scope ID:    o_c4HqJ42HzW
    Type:               project

  States:
    Start Time:         Thu, 21 Jan 2021 16:04:17 CET
    Status:             terminated

    End Time:           Thu, 21 Jan 2021 16:04:17 CET
    Start Time:         Thu, 21 Jan 2021 16:03:11 CET
    Status:             canceling

    End Time:           Thu, 21 Jan 2021 16:03:11 CET
    Start Time:         Thu, 21 Jan 2021 16:03:08 CET
    Status:             active

    End Time:           Thu, 21 Jan 2021 16:03:08 CET
    Start Time:         Thu, 21 Jan 2021 16:03:07 CET
    Status:             pending

And for a list in the scope i get the following output

boundary sessions list -scope-id p_j3z93Fl705 | grep -A 6 s_0P4gIy6IG6
  ID:                 s_0P4gIy6IG6
    Status:           canceling
    Created Time:     Thu, 21 Jan 2021 16:03:07 CET
    Expiration Time:  Fri, 22 Jan 2021 00:03:07 CET
    Updated Time:     Fri, 29 Jan 2021 12:14:40 CET
    User ID:          u_TWZ6052pWZ
    Target ID:        ttcp_p2xUpl4ZHU
--
  ID:                 s_0P4gIy6IG6
    Status:           terminated
    Created Time:     Thu, 21 Jan 2021 16:03:07 CET
    Expiration Time:  Fri, 22 Jan 2021 00:03:07 CET
    Updated Time:     Fri, 29 Jan 2021 12:14:40 CET
    User ID:          u_TWZ6052pWZ
    Target ID:        ttcp_p2xUpl4ZHU
--
  ID:                 s_0P4gIy6IG6
    Status:           pending
    Created Time:     Thu, 21 Jan 2021 16:03:07 CET
    Expiration Time:  Fri, 22 Jan 2021 00:03:07 CET
    Updated Time:     Fri, 29 Jan 2021 12:14:40 CET
    User ID:          u_TWZ6052pWZ
    Target ID:        ttcp_p2xUpl4ZHU
--
  ID:                 s_0P4gIy6IG6
    Status:           active
    Created Time:     Thu, 21 Jan 2021 16:03:07 CET
    Expiration Time:  Fri, 22 Jan 2021 00:03:07 CET
    Updated Time:     Fri, 29 Jan 2021 12:14:40 CET
    User ID:          u_TWZ6052pWZ
    Target ID:        ttcp_p2xUpl4ZHU

Cancelling the session has no effect in the cli or through the web ui and this is how it looks in the webui. When i press cancel all 4 close for a small second and pop right back up. There is still a username and target displayed in the image below

So i also went and checked in the db and saw the following while only 1 or 2 sessions at max should be active.

select count(*) from session_state where state = 'active';
 count 
-------
    98
(1 row)

Also saw this issue in version 0.1.2

boundary -version

Version information:
  Git Revision:        b5d84495a33b72a3139bd224d3cfcd4cbaad7b98
  Version Number:      0.1.3

question

opened by Akisaji 22

Issue with secrets storage on Ubuntu

@jefferai taking conversation here with Katakoda issue as well I am in process of writing a blog on neat installation steps for Ubuntu/Centos There are few things that do not seem to work and if I can get them resolved then we can have a neat install step which can be helpful for others in the community as well I believe

I am planning to tell on 3 environments bare centos 7 VM , Ubuntu 18.04 Vm and katakoda ubuntu playground

For Ubuntu I have bellow error s:

boundary authenticate password -auth-method-id=ampw_1234567890 \
>     -login-name=admin -password=password
Error reading auth token from system credential store: exec: "dbus-launch": executable file not found in $PATH

Authentication information:
  Account ID:      apw_EJK7s6DcCQ
  Auth Method ID:  ampw_1234567890
  Expiration Time: Thu, 22 Oct 2020 10:17:30 BST
  Token:
  at_h1qSNMdB1c_s125wLmVW7LgzNKf1TFeNrFDRUZNcR2qeWkNyjZ7Qd6E2DWGsyPT9KmPKZkxBaQps7JKkbeeoJEwt7xXMyR6YKjEkqbrFWcsCdXm8rYgqjsFJwUYS2WBFbNh2
  User ID:         u_1234567890
Error saving auth token to system credential store: exec: "dbus-launch": executable file not found in $PATH

Installed dbus

apt install dbus-x11

boundary authenticate password -auth-method-id=ampw_1234567890     -login-name=admin -password=password
Error reading auth token from system credential store: The name org.freedesktop.secrets was not provided by any .service files

Authentication information:
  Account ID:      apw_EJK7s6DcCQ
  Auth Method ID:  ampw_1234567890
  Expiration Time: Thu, 22 Oct 2020 10:19:18 BST
  Token:
  at_VqoR4tBhxy_s18pG3buSH7fMcBVL1YP14NXipTgeg4Jm9aVd3WXL2WCpUvqs8xnCwnNC7D41zejxUfRYhJPGMvCcp1mbN1q9cPyM5AAJRvakFGQUNLC5ZjiyyoTuic4ZpoQUmu9XXtC2YY2u9BTdJDg8
  User ID:         u_1234567890
Error saving auth token to system credential store: The name org.freedesktop.secrets was not provided by any .service files

Next installed

sudo apt-get install -y gnome-keyring

boundary authenticate password -auth-method-id=ampw_1234567890     -login-name=admin -password=password
Error reading auth token from system credential store: failed to unlock correct collection '/org/freedesktop/secrets/aliases/default'

Authentication information:
  Account ID:      apw_EJK7s6DcCQ
  Auth Method ID:  ampw_1234567890
  Expiration Time: Thu, 22 Oct 2020 10:21:00 BST
  Token:
  at_7y54bPBIDx_s13PefhTbtKamPce8iph3t8HMK85nJWEBh9n2JXCk6oiWQ9K9qusfJDx6TEJPLoGo8GPqbawpLAxtMgk9aS5wyzr3S6qVgMG7S939K93pUXLffE7a5KXdwAc464p42rV2
  User ID:         u_1234567890
Error saving auth token to system credential store: failed to unlock correct collection '/org/freedesktop/secrets/aliases/default'

ok Katakoda after the documentation steps

apt install dbus-x11

boundary authenticate password -auth-method-id=ampw_1234567890 \
>     -login-name=admin -password=password
panic: runtime error: slice bounds out of range [237:151]

goroutine 1 [running]:
github.com/godbus/dbus.getSessionBusPlatformAddress(0x17d1fc7, 0x18, 0x0, 0x0)
        /root/go/pkg/mod/github.com/godbus/[email protected]+incompatible/conn_other.go:30 +0x295
github.com/godbus/dbus.getSessionBusAddress(0x0, 0x0, 0x0, 0x0)
        /root/go/pkg/mod/github.com/godbus/[email protected]+incompatible/conn.go:96 +0xf8
github.com/godbus/dbus.SessionBusPrivate(0x0, 0x40d900, 0xc0003f5c80)
        /root/go/pkg/mod/github.com/godbus/[email protected]+incompatible/conn.go:101 +0x25
github.com/godbus/dbus.SessionBus(0x0, 0x0, 0x0)
        /root/go/pkg/mod/github.com/godbus/[email protected]+incompatible/conn.go:73 +0xb5
github.com/zalando/go-keyring/secret_service.NewSecretService(0x7, 0x1b, 0x7)
        /root/go/pkg/mod/github.com/zalando/[email protected]/secret_service/secret_service.go:50 +0x26
github.com/zalando/go-keyring.secretServiceProvider.Get(0x17dc55a, 0x1d, 0x17b78d7, 0x7, 0x0, 0x0, 0x0, 0x0)
        /root/go/pkg/mod/github.com/zalando/[email protected]/keyring_linux.go:78 +0x59
github.com/zalando/go-keyring.Get(...)
        /root/go/pkg/mod/github.com/zalando/[email protected]/keyring.go:32
github.com/hashicorp/boundary/internal/cmd/base.(*Command).ReadTokenFromKeyring(0xc0003cb080, 0x17b78d7, 0x7, 0x7)
        /go/internal/cmd/base/base.go:232 +0x77
github.com/hashicorp/boundary/internal/cmd/base.(*Command).Client(0xc0003cb080, 0xc0005dfbe8, 0x2, 0x2, 0x0, 0x0, 0x44aad5)
        /go/internal/cmd/base/base.go:217 +0x389
github.com/hashicorp/boundary/internal/cmd/commands/authenticate.(*PasswordCommand).Run(0xc000501440, 0xc00003a210, 0x3, 0x3, 0xc0000aae40)
        /go/internal/cmd/commands/authenticate/password.go:116 +0x136
github.com/mitchellh/cli.(*CLI).Run(0xc000498640, 0xc000498640, 0xc0000abce0, 0xc0000aada0)
        /root/go/pkg/mod/github.com/mitchellh/[email protected]/cli.go:262 +0x1cf
github.com/hashicorp/boundary/internal/cmd.RunCustom(0xc00003a1f0, 0x5, 0x5, 0xc0005dfe60, 0xc00007c058)
        /go/internal/cmd/main.go:186 +0x846
github.com/hashicorp/boundary/internal/cmd.Run(...)
        /go/internal/cmd/main.go:92
main.main()
        /go/cmd/boundary/main.go:13 +0xda

opened by saiyam1814 21

managed-groups don't seem to actually get role grants
Not sure if anyone else has had this problem, but i haven't found the exact same one in here.

Describe the bug It seems like when trying to add managed-groups as principals in roles, it doesn't actually grant the users in said groups any rights. My guess is that it's because the managed-groups use the account objects and not the user objects.

To Reproduce Steps to reproduce the behavior:

setup boundary with an oidc

set the oidc to map users with managed-groups

add managed-groups as principals in roles

login with oidc and confirm that the user is actually in said managed group (probably with an admin user)

not being able to do anyting with the oidc-user

Expected behavior i would expect the user to have the grants from the role it's supposed to have and be able to do the things that it's allowed

Additional context if I explicitly add the user object or a normal group as a principle in the role, it works as expected. it's only a problem with managed groups
opened by randriksen 20

refusing to activate session errors after upgrading to 0.10.1

Describe the bug

In one of my use cases for boundary, I use it to allow terraform to connect to database servers to configure them, using

boundary connect -target-id $target_id -host-id "$host_id -listen-port=35567

When running terraform, there are many connections, and after a few seconds I start getting errors from the boundary agent

Proxy listening information:
  Address:             127.0.0.1
  Connection Limit:    -1
  Expiration:          Sat, 13 Aug 2022 16:58:49 CEST
  Port:                35567
  Protocol:            tcp
  Session ID:          s_vDI8YXc0xj
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"
error reading handshake result: failed to read protobuf message: failed to get reader: received close frame: status = StatusInternalError and reason = "refusing to activate session"

Running single sessions works fine, and running terraform with parallism 1 can work together with target.

I've also tried to re-initialize the database, no change.

To Reproduce Steps to reproduce the behavior:

Run boundary connect -target-id $target_id -host-id "$host_id -listen-port=XX
Run many simultaneous connections against the listen port
See error

Expected behavior The boundary agent is able to serve the connections. This worked fine with 0.9.1.

Additional context worker.log controller.log

opened by umglurf 16

database migration failed

Hi i updated (0.10.0) via yum but am unable to start the service without a db migration which fails:

[[email protected] ~]# boundary database migrate -config /etc/boundary.hcl 
{"id":"2wDjWNR1F5","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent","data":{"@original-log-level":"none","@original-log-name":"aws","msg":"configuring client automatic mTLS"}},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.01721969+02:00"}
{"id":"zmK1HzTdgk","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent","data":{"@original-log-level":"none","@original-log-name":"aws","args":["/tmp/198135332/boundary-plugin-host-aws.gz"],"msg":"starting plugin","path":"/tmp/198135332/boundary-plugin-host-aws.gz"}},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.040366907+02:00"}
{"id":"CDl5AezqRk","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent","data":{"@original-log-level":"none","@original-log-name":"aws","msg":"plugin started","path":"/tmp/198135332/boundary-plugin-host-aws.gz","pid":2843753}},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.041835792+02:00"}
{"id":"23Fd4tBi8l","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent","data":{"@original-log-level":"none","@original-log-name":"aws","msg":"waiting for RPC address","path":"/tmp/198135332/boundary-plugin-host-aws.gz"}},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.041967976+02:00"}
{"id":"t2UtSbEwlT","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent","data":{"@original-log-level":"none","@original-log-name":"aws.boundary-plugin-host-aws.gz","msg":"configuring server automatic mTLS","timestamp":"2022-08-11T12:12:27.048+0200"}},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.051652254+02:00"}
{"id":"oAFr5Fgykl","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent","data":{"@original-log-level":"none","@original-log-name":"aws","msg":"using plugin","version":1}},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.071383708+02:00"}
{"id":"cPch05q4rO","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent","data":{"@original-log-level":"none","@original-log-name":"aws.boundary-plugin-host-aws.gz","address":"/tmp/plugin4191081567","msg":"plugin address","network":"unix","timestamp":"2022-08-11T12:12:27.071+0200"}},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.071556204+02:00"}
{"id":"IQmjeYTzm2","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent","data":{"@original-log-level":"none","@original-log-name":"aws.stdio","msg":"waiting for stdio data"}},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.101386232+02:00"}
{"id":"2wskOah8s5","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent","data":{"@original-log-level":"none","@original-log-name":"aws.stdio","err":{},"msg":"received EOF, stopping recv loop"}},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.10232096+02:00"}
{"id":"ocWb3s6n5R","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent","data":{"@original-log-level":"none","@original-log-name":"aws","msg":"plugin process exited","path":"/tmp/198135332/boundary-plugin-host-aws.gz","pid":2843753}},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.103074512+02:00"}
{"id":"s5swA4wAOW","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"system","data":{"version":"v0.1","op":"github.com/hashicorp/boundary/internal/observability/event.(*HclogLoggerAdapter).writeEvent","data":{"@original-log-level":"none","@original-log-name":"aws","msg":"plugin exited"}},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.103160544+02:00"}
{"id":"Nno42OYF7f","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"postgres.(Postgres).Run: migration failed, on line 0: -- drop constraint so we can migrate enm values\n  alter table credential_purpose_enm\n    drop constraint only_predefined_credential_purposes_allowed;\n\n  -- update egress to injected_application\n  update credential_purpose_enm\n     set name = 'injected_application'\n   where name = 'egress';\n\n  -- update application to brokered\n  update credential_purpose_enm\n     set name = 'brokered'\n   where name = 'application';\n\n  -- delete ingress as it will no longer be used\n  delete from credential_purpose_enm\n   where name = 'ingress';\n\n  -- Add new constraint that only allows 'brokered' and new 'injected_application'\n  -- This replaces the constraint defined in 10/03_credential.up.sql\n  alter table credential_purpose_enm\n    add constraint only_predefined_credential_purposes_allowed\n      check (\n        name in (\n          'brokered',\n          'injected_application'\n        )\n      );\n\n  -- update comment on table   \n  comment on table credential_purpose_enm is\n    'credential_purpose_enm is an enumeration table for credential purposes. '\n    'It contains rows for representing the brokered, and injected_application credential purposes.';: immutable column: target_credential_library.credential_purpose: integrity violation: error #1003","error_fields":{"Code":1003,"Msg":"migration failed, on line 0: -- drop constraint so we can migrate enm values\n  alter table credential_purpose_enm\n    drop constraint only_predefined_credential_purposes_allowed;\n\n  -- update egress to injected_application\n  update credential_purpose_enm\n     set name = 'injected_application'\n   where name = 'egress';\n\n  -- update application to brokered\n  update credential_purpose_enm\n     set name = 'brokered'\n   where name = 'application';\n\n  -- delete ingress as it will no longer be used\n  delete from credential_purpose_enm\n   where name = 'ingress';\n\n  -- Add new constraint that only allows 'brokered' and new 'injected_application'\n  -- This replaces the constraint defined in 10/03_credential.up.sql\n  alter table credential_purpose_enm\n    add constraint only_predefined_credential_purposes_allowed\n      check (\n        name in (\n          'brokered',\n          'injected_application'\n        )\n      );\n\n  -- update comment on table   \n  comment on table credential_purpose_enm is\n    'credential_purpose_enm is an enumeration table for credential purposes. '\n    'It contains rows for representing the brokered, and injected_application credential purposes.';","Op":"postgres.(Postgres).Run","Wrapped":{"Code":1003,"Msg":"immutable column: target_credential_library.credential_purpose","Op":"","Wrapped":null}},"id":"e_ITVsq4g33K","version":"v0.1","op":"postgres.(Postgres).Run"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.25653352+02:00"}
{"id":"dduUrQgYgk","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"postgres.(Postgres).setVersion: unknown, unknown: error #0: ERROR: current transaction is aborted, commands ignored until end of transaction block (SQLSTATE 25P02)","error_fields":{"Code":0,"Msg":"","Op":"postgres.(Postgres).setVersion","Wrapped":{"Severity":"ERROR","Code":"25P02","Message":"current transaction is aborted, commands ignored until end of transaction block","Detail":"","Hint":"","Position":0,"InternalPosition":0,"InternalQuery":"","Where":"","SchemaName":"","TableName":"","ColumnName":"","DataTypeName":"","ConstraintName":"","File":"postgres.c","Line":1682,"Routine":"exec_bind_message"}},"id":"e_OYx6YX3oBy","version":"v0.1","op":"postgres.(Postgres).setVersion"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.257584522+02:00"}
{"id":"yFj9uY26zn","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"postgres.(Postgres).Run: postgres.(Postgres).setVersion: unknown, unknown: error #0: ERROR: current transaction is aborted, commands ignored until end of transaction block (SQLSTATE 25P02)","error_fields":{"Code":0,"Msg":"","Op":"postgres.(Postgres).Run","Wrapped":{"Code":0,"Msg":"","Op":"postgres.(Postgres).setVersion","Wrapped":{"Severity":"ERROR","Code":"25P02","Message":"current transaction is aborted, commands ignored until end of transaction block","Detail":"","Hint":"","Position":0,"InternalPosition":0,"InternalQuery":"","Where":"","SchemaName":"","TableName":"","ColumnName":"","DataTypeName":"","ConstraintName":"","File":"postgres.c","Line":1682,"Routine":"exec_bind_message"}}},"id":"e_Oc5hNYhcUn","version":"v0.1","op":"postgres.(Postgres).Run"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.257765962+02:00"}
{"id":"otuSOfK0Db","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"postgres.(Postgres).setVersion: unknown, unknown: error #0: ERROR: current transaction is aborted, commands ignored until end of transaction block (SQLSTATE 25P02)","error_fields":{"Code":0,"Msg":"","Op":"postgres.(Postgres).setVersion","Wrapped":{"Severity":"ERROR","Code":"25P02","Message":"current transaction is aborted, commands ignored until end of transaction block","Detail":"","Hint":"","Position":0,"InternalPosition":0,"InternalQuery":"","Where":"","SchemaName":"","TableName":"","ColumnName":"","DataTypeName":"","ConstraintName":"","File":"postgres.c","Line":1682,"Routine":"exec_bind_message"}},"id":"e_itYS9l1kig","version":"v0.1","op":"postgres.(Postgres).setVersion"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.26063903+02:00"}
{"id":"wetyQK73aN","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"postgres.(Postgres).Run: postgres.(Postgres).setVersion: unknown, unknown: error #0: ERROR: current transaction is aborted, commands ignored until end of transaction block (SQLSTATE 25P02)","error_fields":{"Code":0,"Msg":"","Op":"postgres.(Postgres).Run","Wrapped":{"Code":0,"Msg":"","Op":"postgres.(Postgres).setVersion","Wrapped":{"Severity":"ERROR","Code":"25P02","Message":"current transaction is aborted, commands ignored until end of transaction block","Detail":"","Hint":"","Position":0,"InternalPosition":0,"InternalQuery":"","Where":"","SchemaName":"","TableName":"","ColumnName":"","DataTypeName":"","ConstraintName":"","File":"postgres.c","Line":1682,"Routine":"exec_bind_message"}}},"id":"e_QkJ8a49xcq","version":"v0.1","op":"postgres.(Postgres).Run"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.260748373+02:00"}
{"id":"UESUdcMi6l","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"postgres.(Postgres).setVersion: unknown, unknown: error #0: ERROR: current transaction is aborted, commands ignored until end of transaction block (SQLSTATE 25P02)","error_fields":{"Code":0,"Msg":"","Op":"postgres.(Postgres).setVersion","Wrapped":{"Severity":"ERROR","Code":"25P02","Message":"current transaction is aborted, commands ignored until end of transaction block","Detail":"","Hint":"","Position":0,"InternalPosition":0,"InternalQuery":"","Where":"","SchemaName":"","TableName":"","ColumnName":"","DataTypeName":"","ConstraintName":"","File":"postgres.c","Line":1682,"Routine":"exec_bind_message"}},"id":"e_aBY8cQsfUs","version":"v0.1","op":"postgres.(Postgres).setVersion"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.261316739+02:00"}
{"id":"KvNQYjqHyf","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"postgres.(Postgres).Run: postgres.(Postgres).setVersion: unknown, unknown: error #0: ERROR: current transaction is aborted, commands ignored until end of transaction block (SQLSTATE 25P02)","error_fields":{"Code":0,"Msg":"","Op":"postgres.(Postgres).Run","Wrapped":{"Code":0,"Msg":"","Op":"postgres.(Postgres).setVersion","Wrapped":{"Severity":"ERROR","Code":"25P02","Message":"current transaction is aborted, commands ignored until end of transaction block","Detail":"","Hint":"","Position":0,"InternalPosition":0,"InternalQuery":"","Where":"","SchemaName":"","TableName":"","ColumnName":"","DataTypeName":"","ConstraintName":"","File":"postgres.c","Line":1682,"Routine":"exec_bind_message"}}},"id":"e_bCTn5FgDB7","version":"v0.1","op":"postgres.(Postgres).Run"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.261424296+02:00"}
{"id":"GahOotjFvq","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"postgres.(Postgres).setVersion: unknown, unknown: error #0: ERROR: current transaction is aborted, commands ignored until end of transaction block (SQLSTATE 25P02)","error_fields":{"Code":0,"Msg":"","Op":"postgres.(Postgres).setVersion","Wrapped":{"Severity":"ERROR","Code":"25P02","Message":"current transaction is aborted, commands ignored until end of transaction block","Detail":"","Hint":"","Position":0,"InternalPosition":0,"InternalQuery":"","Where":"","SchemaName":"","TableName":"","ColumnName":"","DataTypeName":"","ConstraintName":"","File":"postgres.c","Line":1682,"Routine":"exec_bind_message"}},"id":"e_SEu1J9TTXn","version":"v0.1","op":"postgres.(Postgres).setVersion"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.261976942+02:00"}
{"id":"8eAn8OrZ3r","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"postgres.(Postgres).Run: postgres.(Postgres).setVersion: unknown, unknown: error #0: ERROR: current transaction is aborted, commands ignored until end of transaction block (SQLSTATE 25P02)","error_fields":{"Code":0,"Msg":"","Op":"postgres.(Postgres).Run","Wrapped":{"Code":0,"Msg":"","Op":"postgres.(Postgres).setVersion","Wrapped":{"Severity":"ERROR","Code":"25P02","Message":"current transaction is aborted, commands ignored until end of transaction block","Detail":"","Hint":"","Position":0,"InternalPosition":0,"InternalQuery":"","Where":"","SchemaName":"","TableName":"","ColumnName":"","DataTypeName":"","ConstraintName":"","File":"postgres.c","Line":1682,"Routine":"exec_bind_message"}}},"id":"e_lZfs3GrCCq","version":"v0.1","op":"postgres.(Postgres).Run"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.262075142+02:00"}
{"id":"D6o4CefzYs","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"postgres.(Postgres).CommitRun: unknown, unknown: error #0: commit unexpectedly resulted in rollback","error_fields":{"Code":0,"Msg":"","Op":"postgres.(Postgres).CommitRun","Wrapped":{}},"id":"e_o03IUjjptB","version":"v0.1","op":"postgres.(Postgres).CommitRun"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.262512893+02:00"}
{"id":"USAzmI1SlQ","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"schema.(Manager).runMigrations: postgres.(Postgres).CommitRun: unknown, unknown: error #0: commit unexpectedly resulted in rollback","error_fields":{"Code":0,"Msg":"","Op":"schema.(Manager).runMigrations","Wrapped":{"Code":0,"Msg":"","Op":"postgres.(Postgres).CommitRun","Wrapped":{}}},"id":"e_K49SmgeJg9","version":"v0.1","op":"schema.(Manager).runMigrations"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.262633846+02:00"}
{"id":"s2nSM2tcpB","source":"https://hashicorp.com/boundary/bastion01.prd.TLD/boundary-database-migrate","specversion":"1.0","type":"error","data":{"error":"schema.(Manager).ApplyMigrations: schema.(Manager).runMigrations: postgres.(Postgres).CommitRun: unknown, unknown: error #0: commit unexpectedly resulted in rollback","error_fields":{"Code":0,"Msg":"","Op":"schema.(Manager).ApplyMigrations","Wrapped":{"Code":0,"Msg":"","Op":"schema.(Manager).runMigrations","Wrapped":{"Code":0,"Msg":"","Op":"postgres.(Postgres).CommitRun","Wrapped":{}}}},"id":"e_BePmsLN7N2","version":"v0.1","op":"schema.(Manager).ApplyMigrations"},"datacontentype":"application/cloudevents","time":"2022-08-11T12:12:27.262714839+02:00"}
Error running database migrations: schema.(Manager).ApplyMigrations: schema.(Manager).runMigrations: postgres.(Postgres).CommitRun: unknown, unknown: error #0: commit unexpectedly resulted in rollback

i am able to revert to 0.91 and start the service but then replacing the binary with 0.10 i get the above again

opened by hijak 15

Target-to-Worker connections

Is your feature request related to a problem? Please describe. Reaching targets that are in environments where a worker can't be deployed, or the target refuses all inbound connections (even SSH) and uses a reverse tunnel to allow connection.

Describe the solution you'd like Either the ability to connect to other client machines as a valid target or to configure target hosts to connect to the worker (instead of worker to target).

Explain any additional use-cases A very specific example is a host managed by a vendor that is deployed to a customer network. In order to manage the device the vendor must be able to connect to the host, but customer networks can change and tend to block inbound connections, especially if the host is placed behind a DMZ.
enhancement

opened by jrauen 15
Dynamic host set: EC2 DescribeInstances API calls timeout
Describe the bug Using dynamic host sets (AWS specifically, haven't tried the Azure one yet) in a large environment results in the following error:

{"id":"<REDACTED>","source":"https://hashicorp.com/boundary/4466e4d3c372/controller","specversion":"1.0","type":"error","data":{"error":"rpc error: code = Unknown desc = error running DescribeInstances for host set id \"<REDACTED>\": SerializationError: failed decoding EC2 Query response\n\tstatus code: 200, request id: 55f65e01-476e-4b4d-93b0-9e38b419b445\ncaused by: context deadline exceeded (Client.Timeout or context cancellation while reading body)","error_fields":{},"id":"<REDACTED>","version":"v0.1","op":"plugin.(SetSyncJob).syncSets","info":{"catalog id":"<REDACTED>","msg":"listing hosts"}},"datacontentype":"application/cloudevents","time":"2022-06-21T08:40:33.258736566Z"}

We tried splitting it into multiple host sets with different filters, still some queries timed out. The biggest dynamic host sets we managed to produce were around 300 hosts. Some queries should've returned less hosts but timed out as well so host count might not be the only factor here.

To Reproduce

Create a dynamic host catalog and a host set with the instance-state-name=running filter to fetch all running EC2 instances within an environment containing 1000s of instances

Tail the controller log

See error mentioned above

Expected behavior All running EC2 instances should be populated under the host set / catalog.

Additional context Boundary version: 0.9 Setup: Docker on EC2 VMs

Looking at the AWS plugin code it seems the DescribeInstances call uses the default HTTP client with the default timeout config. We're suggesting exposing some config to control the timeout of such calls.

We opened a similar issue for the AWS plugin repo as it might require changes in both repos.
triage
opened by psypuff 14
Dev getting started docs for common dev platforms
disclaimers:

im on a mac

im on a m1 mac

i was actively developing with go but have taken 2-4 years off day to day go– i may be just outta tune with the "go way"

Is your feature request related to a problem? Please describe. current makefile has ~/.go/bin/go test which assumes my go is installed there...

the official golang.org instructions puts the go bin at /usr/local/go/bin/go. i have also used brew for go in the past which puts it somewhere else (where... i don't remember).

my guess is the main team on this repo uses a tool im not familiar with that installs go at ~/.go/bin/go. that makes me think ya'll have a tool with rbenv vibes... i'd be very into that. the go ecosystem in the past has forced me to use the whole GOPATH thing and that doesn't really fit my normal ~/code/... project structure.

something as simple as a list of tools/setup tips from the core team would be gr8.

Describe the solution you'd like md docs on how to get dev setup running for generic mac and linux. (personally i would love m1 mac specific section but thats a "me problem"...)

Describe alternatives you've considered installing/symlinking go at/to ~/.go/bin/go.

Explain any additional use-cases n/a

Additional context

i tried to follow this repo's aws instructions on building a boundary binary: https://github.com/hashicorp/boundary-reference-architecture/tree/main/deployment/aws#deploy

i had to install gox using google fu and stackoverflow trolling (could very well be my fault on this one...)

UI step kept failing:

➜ boundary git:(main) XC_OSARCH=linux/amd64 make dev ==> UI assets found, use build-ui target to update ==> Building Boundary with dev and UI features enabled ==> Removing old directory... ==> Building... Number of parallel builds: 7 --> linux/amd64: github.com/hashicorp/boundary/cmd/boundary 1 errors occurred: --> linux/amd64 error: exit status 1 Stderr: internal/ui/assets.go:15:12: pattern .tmp/boundary-ui/ui/admin/dist: no matching files found make: *** [dev] Error 1

my goal with this issue is to dialog with core team and other looky-loo-would-be-contribs to enhance existing code contrib/dev guides.
build
opened by rileytg 13
Add generated API docs to website

This PR adds generated API documentation at the /api-docs route, using a component that leverages the Swagger file at internal/gen/controller.swagger.json.
website

opened by zchsh 13
ensure make tools executes before build-ui

make dev requires build-ui which executes a script that requires go-bindata binary that isn't installed without executing make tools. This pr ensures the tools make target is executed first.

opened by mootpt 11
chore(deps): bump json5 and tsconfig-paths in /website
Bumps json5 and tsconfig-paths. These dependencies needed to be updated together. Updates json5 from 2.2.0 to 2.2.3

Release notes

Sourced from json5's releases.

v2.2.3

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Changelog

Sourced from json5's changelog.

v2.2.3 [code, diff]

Fix: [email protected] is now the 'latest' release according to npm instead of v1.0.2. (#299)

v2.2.2 [code, diff]

Fix: Properties with the name __proto__ are added to objects and arrays. (#199) This also fixes a prototype pollution vulnerability reported by Jonathan Gregson! (#295).

v2.2.1 [code, diff]

Fix: Removed dependence on minimist to patch CVE-2021-44906. (#266)

Commits

c3a7524 2.2.3

94fd06d docs: update CHANGELOG for v2.2.3

3b8cebf docs(security): use GitHub security advisories

f0fd9e1 docs: publish a security policy

6a91a05 docs(template): bug -> bug report

14f8cb1 2.2.2

10cc7ca docs: update CHANGELOG for v2.2.2

7774c10 fix: add proto to objects and arrays

edde30a Readme: slight tweak to intro

97286f8 Improve example in readme

Additional commits viewable in compare view

Updates tsconfig-paths from 3.11.0 to 3.14.1

Changelog

Sourced from tsconfig-paths's changelog.

[3.14.1] - 2022-03-22

Fixed

Use minimist 1.2.6 for all depencencies becuase of pollution vulnerability. See PR #197. Thanks to @gopijaganthan for this fix!

[3.14.0] - 2022-03-13

Added

Support for path mapping starting with /. See PR #180, issue #113, and issue #128. Thanks to @benevbright for this fix!

[3.13.0] - 2022-03-03

Added

Include file extension in paths resolved from package.json "main" field. See PR #135 and issue #133. Thanks to @katywings for this fix!

[3.12.0] - 2021-08-24

Add support for baseUrl override using TS_NODE_BASEURL env var #185 and #114. Thanks to @ejhayes and @information-security for these PRs!

Commits

df9a47f v3.14.1

09d696f Update changelog for 3.14.1

22b9d74 Use minimist 1.2.6 for all deps

b5d9eac Fixing pollution vulnerability in minimist (#197)

8062f65 v3.14.0

8c62137 Update changelog for 3.14

02c37bc Fix the root path (#180)

60829c8 v3.13.0

87a9cb0 Update changelog for 3.13.0

95b7312 Add missing extensions

Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR

@dependabot recreate will recreate this PR, overwriting any edits that have been made to it

@dependabot merge will merge this PR after your CI passes on it

@dependabot squash and merge will squash and merge this PR after your CI passes on it

@dependabot cancel merge will cancel a previously requested merge and block automerging

@dependabot reopen will reopen this PR if it is closed

@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually

@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)

@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot use these labels will set the current labels as the default for future PRs for this repo and language

@dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language

@dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language

@dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

website dependencies javascript
opened by dependabot[bot] 0
refactor vault.(issueCredentialLibrary).retrieveCredential to no longer require sessionId
base branch needs to be updated to llb-vault-ssh-cert-injection (once created)

refactor vault.(issueCredentialLibrary).retrieveCredential to no longer use session id

remove dynamicCred's insertQuery and updateSessionQuery functions

update TestRepository_IssueCredentials to perform db lookup for issued credentials

core
opened by DanielleMiu 0
no tofu token but not in correct session state - Boundary Desktop 1.5 GUI bug
Hi @irenarindos, thanks for helping. I think i was able to find the root cause, it seems to be caused by Boundary-Desktop UI. When using the boundary.exe binary everything works as expected.

Should we track this bug in a new issue?

Steps to reproduce (working):

Extract boundary-desktop_1.5.0_windows_amd64

open powershell and switch to boundary-desktop_1.5.0_windows_amd64\Boundary\resources\app\cli

get a token .\boundary.exe authenticate password -login-name=user -auth-method-id=ampw_xxx -addr=https://boundary.domain.at/

connect to target .\boundary.exe connect -addr=https://boundary.domain.at -target-id=ttcp_xxx

Steps to reproduce (not working):

Open Boundary-Desktop

Login

Switch to Targets

Click Connect

Enter the connection string (localhost + random port) in your application (for example database management tool) & start the application

Boundary terminates the connection and application get a timeout

Originally posted by @tritonblaster in https://github.com/hashicorp/boundary/issues/2362#issuecomment-1363893528
opened by tritonblaster 0
Use primary auth method if no auth method ID is provided
Enable faster authentication workflows on the Boundary CLI. This PR allows short-hand usage of boundary authenticate with a primary auth method is set in the global scopes. This PR also modifies the password sub command to read in the login name. This is a requirement in order to get around flag rewriting between boundary authenticate and the password and oidc sub commands.

Here are a few examples:

Using the Primary Auth Method in Global Scope

boundary authenticate

Using the Primary Auth Method in a passed in scope:

boundary authenticate password -scope-id o_1234567890

Using flags to set the password login name and password (traditional)

boundary authenticate password -login-name foo -password $Up3r$3cure

Using a Specific Auth Method ID (traditional)

Password:

boundary authenticate password -login-name user -auth-method-id ampw_1234567890

OIDC:

boundary authenticate oidc -auth-method-id amoidc_1234567890

A few other notes:

If both auth method and scope ID flags are used, the auth method is preferred.

Flag usage is not allowed with boundary authenticate: if you prefer to pass your login name and/or password using flags for the password sub command, use boundary authenticate password ...

These changes are compatible with existing CLI usage, there are no breaking changes to existing usage.

core
opened by malnick 2

Releases(v0.11.2)

v0.11.2(Dec 9, 2022)
0.11.2 (2022/12/09)

Security

Boundary now uses Go 1.19.4 to address security vulnerability (CVE-2022-41717) See the Go announcement for more details.

Source code(tar.gz)
Source code(zip)
v0.11.1(Nov 29, 2022)
0.11.1 (2022/11/30)

New and Improved

Vault Parameter Templating: In vault credential libraries, the paths and any POST bodies can contain templated parameters using Go template syntax (similar to Consul-Template). The following template parameters are supported (note that account values are tied to the account associated with the token making the call):

{{ .User.Id }}: the user's ID

{{ .User.Name }}: the user's name (from the user resource)

{{ .User.FullName }}: the user's name (from the account corresponding to the primary auth method in the user's scope; this may not be populated or maybe different than the account name in the template)

{{ .User.Email }}: the user's email address (same caveat as FullName)

{{ .Account.Id }}: the account's ID

{{ .Account.Name }}: the account's name (from the account resource)

{{ .Account.LoginName }}: the account's login name (if used by that type of account)

{{ .Account.Subject }}: the account's subject (if used by that type of account)

{{ .Account.Email }}: the account's email (if used by that type of account)

Additionally, there is currently a single function that strips the rest of a string after a specified substring; this is useful for pulling an user/account name from an email address. In the following example it uses the account email can be any other parameter:

{{ truncateFrom .Account.Email "@" }}: this would turn [email protected] into foo

Per-scope key lifecycle management: You can now manage the lifecycles of both Key Encryption Keys (KEKs) and Data Encryption Keys (DEKs) using the new key rotation and key version destruction functionality. To learn more about this new feature, refer to the documentation.

Upgrade notice: If the Database purpose DEK for a scope is destroyed, you must use the API to cancel any sessions that predate the upgrade. (PR)

workers: PKI Worker daemons now get disconnected from upstreams when their corresponding resource is deleted (PR)

Bug Fixes

sessions: Fix workers not being in random order when returned to clients at authorize-session time, which could allow one worker to bear the majority of sessions (PR)

workers: In some error conditions when sending status to controllers, errors could be written to stdout along with a message that they could not successfully be evented instead of being written to the event log (PR)

workers: Fixed a panic that can happen in certain situations (PR)

sessions: Fixed a panic in a controller when a worker is deleted while sessions are ongoing (PR)

sessions: Fixed a panic in a worker when a user with an active session is deleted (PR)

sessions: Fixed a bug where reading a session after its associated project had been deleted would result in an error (PR)

config: Fixed a bug where supplying multiple KMS blocks with the same purpose would silently ignore all but the last block (PR)

Deprecations/Changes

In order to standardize on the templating format, templates in grants now are documented to use the new capitalization and format; however, the previous style will continue to work.

Source code(tar.gz)
Source code(zip)
v0.11.0(Sep 27, 2022)
0.11.0 (2022/09/27)

Known Issues

PKI workers in past versions did not store a prior encryption key, and a bug prior to 0.11.0 meant that auth rotations could happen more frequently than expected. This could cause some race issues around rotation time. However, there was another issue where a past worker authentication record could be looked up for some operations instead of the current one, made more likely by the too-frequent rotations. In 0.11.0 we attempt to ensure that the record that remains on upgrade is the most current one, but it is possible that the wrong one is chosen, leading to a failure for the worker to authenticate or for some operations to consistently fail. In this case, the worker will need to be deleted and re-authorized. We apologize for any issues this causes and this should be remedied going forward.

Bug Fixes

Fix bug preventing delete of org. (PR

scopes: Organizations could be prevented from being deleted if some resources remained (PR)

workers: Authentication rotation could occur prior to the expected time (PR)

workers: When looking up worker authentication records, an old record could be returned instead of the new one, leading to errors for encryption or decryption operations (PR)

New and Improved

vault: (HCP Boundary only): Private Vault clusters can be used with HCP Boundary by using PKI workers deployed in the same network as a private cluster. Tags are used to control which PKI workers can manage private Vault requests by specifying a worker_filter attribute when configuring a Vault credential store.

credentials: There is now a json credential type supported by static credential stores that allows submitting a generic JSON object to Boundary for use with credential brokering workflows (PR)

ui: Add support for worker management (PR)

ui: Add support for PKI worker registration (PR)

ui: Add support for Static Credential Stores (PR)

ui: Add support for Username & Password Credentials (PR)

ui: Add support for Username & Key Pair Credentials (PR)

ui (HCP Boundary only): SSH Target creation along with injected application credential support (PR)

ui (HCP Boundary only): Update vault credential stores to support private vault access (PR)

ui: Improve quick setup wizard onboarding guide resource names (PR)

ui: Updates to host catalog and host set forms and “Learn More” links (PR)

workers: Added the ability to read and reinitialize the Worker certificate authority (PR1, PR2)

workers: Return the worker Boundary binary version on worker list and read (PR)

workers: Addition of worker graceful shutdown, triggered by an initial SIGINT or SIGTERM (PR)

workers: Retain one previous encryption/decryption key after authentication rotation (PR)

Deprecations/Changes

In 0.5.0, the add-host-sets, remove-host-sets, and set-host-sets actions on targets were deprecated in favor of add-host-sources, remove-host-sources, and set-host-sources. Originally these actions and API calls were to be removed in 0.6, but this was delayed to give extra time for clients to switch over. This has now been fully switched over. A database migration will modify any grants in roles to have the new actions. This same changeover has been made for add-/remove-/set-credential-libraries to add-/remove-/set-credential-sources, although those actions would only be in grant strings in very rare circumstances as the -sources actions replaced the -libraries actions very quickly. (PR)

Source code(tar.gz)
Source code(zip)
v0.10.5(Sep 14, 2022)
0.10.5 (2022/09/13)

Bug Fixes

grants: Properly resolve "only self" for permissions. When generating permissions from grants, if a single grant was limited only to a set of "self" actions and that was the last grant parsed (which would be semi-random depending on a number of factors), the overall set of permissions would be marked as only-self. This would result in the generated permissions being more limiting then they should be based on the grants. This only impacts the sessions list endpoint. It would result in users that have been granted access to list other user's sessions to be unable to see these sessions in the list results (PR).

Source code(tar.gz)
Source code(zip)
v0.10.4(Sep 13, 2022)
0.10.4 (2022/09/13)

New and Improved

Controller-led worker authorization: This is a second authorization option for the workers using PKI-based authentication that was introduced in Boundary 0.10.0. In 0.10.0, the only mode available was "worker-led", in which a worker generates an authorization request which can be submitted to a controller to authorize the worker. With this new controller-led flow, a worker can be created via the controller API first and return a one-time-use authorization token. This token can then be made available to the worker at startup time via its configuration file, env var, or a file with the value. If the worker is not authorized and this token is provided, it will use the token to authorize itself to the controller and set up PKI-based authentication. (PR)

Initial upstreams reloading on SIGHUP: Workers will now re-read the initial_upstreams value from the configuration file when given a SIGHUP. This allows a worker to reconnect to controllers if the full set of controllers has been changed over at the same time, without having to restart the worker. (PR)

Bug Fixes

vault: Correctly handle Vault credential stores and libraries that are linked to an expired Vault token. (Issue, PR).

aws host catalog: Fix an issue where the request to list hosts could timeout on a large number of hosts (Issue, PR)

aws host catalog: Fix an issue where filters could become unreadable in the UI if only one filter was created and was set by the CLI or directly via the API (PR1, PR2)

aws host catalog: Use provided region for IAM calls in addition to EC2 (Issue, PR)

azure host catalog: Fix hosts not being found depending on the exact filter used because different filters return values with different casing (PR)

sessions: Fix an issue where sessions could not have more than one connection (Issue, PR)

workers: Fix repeating error in logs when connected to HCP Boundary about an unimplemented HcpbWorkers call (PR)

workers: Fix a panic that could occur when workers:create:worker-led (e.g. via boundary workers create worker-led) was given an invalid token (PR)

workers: Add the ability to set API-based worker tags via the CLI (PR)

Source code(tar.gz)
Source code(zip)
v0.10.3(Aug 30, 2022)
0.10.3 (2022/08/30)

Bug Fixes

db: Fix an issue with migrations failing due to not updating the project_id value for the host plugin set (Issue, PR).

Source code(tar.gz)
Source code(zip)
v0.10.2(Aug 23, 2022)
0.10.2 (2022/08/23)

Security

Fix security vulnerability CVE-2022-36130, Boundary up to 0.10.1 did not properly perform
authorization checks to ensure the resources were associated with the correct scopes,
allowing potential privilege escalation for authorized users of another scope. [HCSEC-2022-17]

Source code(tar.gz)
Source code(zip)
v0.10.1(Aug 11, 2022)
0.10.1 (2022/08/11)

Bug Fixes

db: Fix an issue with migrations affecting clusters that contain credential libraries or static credentials. (Issue), (PR).

Managed Groups: Fix an issue where the filter field is not sent by admin UI (PR).

Host Sets: Fix an issue causing host sets to not display in UI when using the aws plugin (PR)

Plugins: Fixes regression from 0.9.0 causing a failure to start when using multiple KMS blocks of the same type (PR1, PR2)

CLI: Fixed errors related to URL detection when passing in -attr or -secret values that contained colons (PR)

Source code(tar.gz)
Source code(zip)
v0.10.0(Aug 10, 2022)
0.10.0 (2022/08/10)

Known Issues

Migration to this version may fail if the cluster contains credential libraries. This will be fixed shortly in 0.10.1.

New and Improved

ssh Target Type With Credential Injection (HCP Boundary only): Boundary has gained a new ssh target type. Using this type, username/password or SSH private key credentials can be sourced from vault credential libraries or static credentials and injected into the SSH session between a client and end host. This allows users to securely SSH to remote hosts while never being in possession of a valid credential for that target host.

SSH Private Key Credentials: There is now an ssh_private_key credential type that allows submitting a username/private key (and optional passphrase) to Boundary for use with credential injection or brokering workflows.

boundary connect ssh Credential Brokering Enhancements: we have extended support into the boundary connect ssh helper for brokered credentials of ssh_private_key type; the command will automatically pass the credentials to the ssh process (PR).

boundary authenticate, boundary accounts: Enables use of env:// and file:// syntax to specify location of a password (PR)

Bug Fixes

cli: Correctly cleanup plugins after exiting boundary dev, boundary server and boundary database init (Issue, PR).

boundary accounts change-password: Fixed being prompted for confirmation of the current password instead of the new one (PR)

Deprecations/Changes

API Module: Changed the return types that reference interfaces into their expected typed definition. Type casting is only allowed against interface types, therefore to mitigate compiler errors please remove any type casting done against the return values. (Issue, PR)

Targets: Rename Application credentials to Brokered credentials (PR).

Host plugins: Plugin-type host catalogs/sets/hosts now use typed prefixes for any newly-created resources. Existing resources will not be affected. (PR)

Credential stores: Static-type credential stores/credentials now use typed prefixes for any newly-created resources. Existing resources will not be affected. (PR)

Change of behavior on -token flag in CLI: Passing a token this way can reveal the token to any user or service that can look at process information. This flag must now reference a file on disk or an env var. Direct usage of the BOUNDARY_TOKEN env var is also deprecated as it can show up in environment information; the env:// format now supported by the -token flag causes the Boundary process to read it instead of the shell so is safer. (PR)

Change of behavior on -password flag in CLI: The same change made above for -token has also been applied to -password or, for supporting resource types, -current-password and -new-password. (PR)

Source code(tar.gz)
Source code(zip)
v0.9.1(Jul 6, 2022)
0.9.1 (2022/07/06)

New and Improved

azure host plugin: Support multiple MSI identities (PR

Bug Fixes

scheduler: Fix regression causing controller names of less than 10 characters to fail to register jobs (PR).

sessions: Fix an additional case from the changes in the 0.8.x series that could result in sessions never moving from canceling state to terminated. (PR)

The plugin execution_dir configuration parameter is now respected by kms plugins too PR.

Deprecations/Changes

sessions: The default connect limit for new sessions changed from 1 to unlimited (-1). Specific connection limits is an advanced feature of Boundary and this setting is more friendly for new users. (PR)

Source code(tar.gz)
Source code(zip)
v0.9.0(Jun 20, 2022)
0.9.0 (2022/06/20)

New and Improved

PKI Workers: This release introduces a new worker type pki which authenticates to Boundary using a new certificate-based method, allowing for worker deployment without using a shared KMS.

Credentials: This release introduces a new credential store type static, which simply takes in a user-supplied credential and stores it (encrypted) directly in Boundary. Currently, the static credential store can hold credentials of type username_password. These credentials can act as credential sources for targets, similar to credential libraries from the vault credential store, and thus can be brokered to users at session authorization time. PR

boundary connect Credential Brokering Integration: we have extended integration into the boundary connect helpers. A new sshpass style has been added to the ssh helper, when used, if the credential contains a username/password and sshpass is installed, the command will automatically pass the credentials to the ssh process. Additionally, the default ssh helper will now use the username of the brokered credential. PR.

controller: Improve response time for listing sessions. This also creates a new periodic job that will delete terminated sessions after 1 hour. See Deprecations/Changes for some additional details. PR.

event filtering: Change event filters to use lowercase and snake case for data elements like the rest of Boundary filters do.

ui: Use include_terminated flag for listing sessions. PR.

ui: Add Quick Setup onboarding guide. PR.

Bug Fixes

The plugin execution_dir configuration parameter is now respected. PR.

ui: Fix Users page not updating fields correctly. PR.

Deprecations/Changes

Targets: Removes support for credential libraries with respect to Target resources. The library fields and actions were deprecated in Boundary 0.5.0, please use credential sources instead. See changelog referenced above for more details (PR).

Credential Libraries: The user_password credential type has been renamed to username_password to remove any inconsistency over what the credential type is. All existing user_password typed credential libraries will be migrated to username_password (PR).

controller: Change the default behavior of the session list endpoint to no longer include sessions in a terminated state and introduces a new query parameter/cli flag to include the terminated sessions. This also removes the connection information from the list response. PR.

Anonymous user permissions: In order to reduce the risk of accidental and unintended granting of permissions to anonymous users, the permissions system now only allows certain actions on certain resources to be assigned to the anonymous user; currently these are the same permissions as assigned in Boundary's default role permissions. If other use-cases arise this list can be expanded. See the documentation for more details.

Source code(tar.gz)
Source code(zip)
v0.8.1(May 16, 2022)
0.8.1 (2022/05/13)

Bug Fixes

controller: Do not shut down cluster listener when it receives an invalid packet (Issue, PR)

session: update cancel_session() function to check for terminated state (Issue, PR)

Source code(tar.gz)
Source code(zip)
v0.8.0(May 3, 2022)
0.8.0 (2022/05/03)

New and Improved

metrics: provide metrics for controllers and workers

controller: new health endpoint (PR).

Improve response time for listing sessions and targets. PR

ui: Add support for worker filters in targets.

ui: Add manual refresh button in sessions list.

Bug Fixes

worker: create new error to prevent event.newError: missing error: invalid parameter and handle session cancel with no TOFU token (Issue, PR)

controller: Reconcile DEKs with existing scopes (Issue, PR)

Fix for retrieving sessions that could result in incomplete results when there is a large number (10k+) of sessions. PR

session: update session state trigger to prevent transitions to invalid states (Issue, PR)

Source code(tar.gz)
Source code(zip)
v0.7.6(Mar 16, 2022)
0.7.6 (2022/03/15)

Bug Fixes

sessions: Sessions and session connections have been refactored to better isolate transactions and prevent resource contention that caused deadlocks. (Issue, PR)

scheduler: Fix bug that causes erroneous logs when racing controllers attempted to run jobs (Issue, PR).

Source code(tar.gz)
Source code(zip)
v0.7.5(Feb 17, 2022)
0.7.5 (2022/02/17)

New and Improved

cli: Update authentication examples to remove password flag and make subcommend selection a bit clearer (PR)

Data Warehouse: Add addresses on plugin based hosts to the database warehouse. 3 new dimension tables have been added including wh_network_address_group (which is now referenced by wh_host_dimension), wh_network_address_dimension, and wh_network_address_group_membership. (PR)

ui: Add support for dynamic host catalog. AWS and Azure plugin-based CRUD operations.

Bug Fixes

targets: Specifying a plugin based host id when authorizing a session now works. (PR)

targets: DNS names are now properly parsed when selecting an endpoint for authorizing a session. (PR)

hosts: Static hosts now include the host sets they are in. (PR)

Source code(tar.gz)
Source code(zip)
v0.7.4(Jan 18, 2022)
0.7.4 (2022/01/18)

Deprecations/Changes

In newly-created scopes, if default role creation is not disabled, the roles will now contain a grant to allow listing targets. This will still be subject to listing visibility rules, so only targets the user is granted some action on (such as authorize-session) will be returned.

New and Improved

config: The description field for workers now supports being set from environment variables or a file on disk (PR)

config: The max_open_connections field for the database field in controllers now supports being set from environment variables or a file on disk (PR)

config: The execution_dir field for plugins now supports being set from environment variables or a file on disk.(PR)

config: Add support for reading worker controllers off of environment variables as well as files. (PR)

config: The description field for controllers now supports being set from environment variables or a file on disk (PR)

config: Add support for reading worker tags off of environment variables as well as files. (PR)

config: Add support for go-sockaddr templates to Worker and Controller addresses. (PR)

controllers/workers: Add client IP to inbound request information which is included in Boundary events (PR)

host: Plugin-based host catalogs will now schedule updates for all of its host sets when its attributes are updated. (PR)

scopes: Default roles in newly-created scopes now contain a grant to allow listing targets. (PR)

plugins/aws: AWS plugin based hosts now include DNS names in addition to the IP addresses they already provide.

Bug Fixes

session: Fix duplicate sessions and invalid session state transitions. (PR)

Source code(tar.gz)
Source code(zip)
v0.7.3(Dec 16, 2021)
0.7.3 (2021/12/16)

Bug Fixes

target: Fix permission bug which prevents the UI from being able to add and remove host sources on a target. (PR)

credential: Fix panic during credential issue when a nil secret is received. This can occur when using the Vault KV backend which returns a nil secret and no error if the secret does not exist. (PR)

Source code(tar.gz)
Source code(zip)
v0.7.2(Dec 15, 2021)
0.7.2 (2021/12/14)

Security

Boundary now uses Go 1.17.5 to address a security vulnerability (CVE-2021-44716) where an attacker can cause unbounded memory growth in a Go server accepting HTTP/2 requests. See the Go announcement for more details. (PR)

Source code(tar.gz)
Source code(zip)
v0.7.1(Nov 19, 2021)
0.7.1 (2021/11/18)

Bug Fixes

db: Fix panic invoking the CLI on Windows. Some changes to how the binary is initialized resulted in running some functions on every startup that looked for some embedded files. However, Go's embed package does not use OS-specific path separators, so a mismatch between path separators caused a failure in the function. (PR)

Source code(tar.gz)
Source code(zip)
v0.7.0(Nov 17, 2021)
0.7.0 (2021/11/17)

Deprecations/Changes

tls: Boundary's support for TLS 1.0/1.1 on the API listener was broken. Rather than fix this, we are simply not supporting TLS 1.0/1.1 as they are insecure.

New and Improved

Boundary now supports dynamic discovery of host resources using our (currently internal) new plugin system. See the documentation for configuration instructions. Currently, only Azure and AWS are supported, but more providers will be following in future releases.

workers: The existing worker connection replay prevention logic has been enhanced to be more robust against attackers that have decryption access to the shared worker-auth KMS key (PR)

Bug Fixes

tls: Support TLS 1.2 for more clients. This was broken for some clients due to a missing mandated cipher suite of the HTTP/2 (h2) specification that could result in no shared cipher suites between the Boundary API listener and those clients. (PR)

vault: Fix credential store support when using Vault namespaces (Issue, PR)

Source code(tar.gz)
Source code(zip)
v0.6.2(Sep 28, 2021)
0.6.2 (2021/09/27)

Deprecations/Changes

permissions: Fix bug in Host Sets service that authenticated requests
againist incorrect grant actions. This bug affects the SetHosts, AddHosts and RemoveHosts paths that do not have wildcard (*) action grants. If affected, please update grant actions as follows:

set-host-sets -> set-hosts

add-host-sets -> add-hosts

remove-host-sets -> remove-hosts (PR).

Removes support for the auth-methods/<id>:authenticate:login action that was deprecated in Boundary 0.2.0, please use auth-methods/<id>:authenticate instead. (PR).

Removes support for the credential field within auth-methods/<id>:authenticate action. This field was deprecated in Boundary 0.2.0, please use attributes instead. (PR).

Source code(tar.gz)
Source code(zip)
v0.6.1(Sep 15, 2021)
0.6.1 (2021/09/14)

Bug Fixes

grants: Fix issue where credential-store, credential-library, and managed-group would not be accepted as specific type values in grant strings. Also, fix authorized actions not showing credential-store values in project scope output. (PR)

actions: Fix sessions collection actions not being visible when reading a scope (PR)

credential stores: Fix credential stores not showing authorized collection actions (PR)

Source code(tar.gz)
Source code(zip)
v0.6.0(Sep 9, 2021)
0.6.0 (2021/09/03)

New and Improved

ui: Reflect user authorized actions in the UI: users now see only actionable items for which they have permissions granted.

ui: Icons refreshed for a friendlier look and feel.

Bug Fixes

controller: Fix issue with recursive listing across services when using the unauthenticated user (u_anon) with no token and the list was started in a scope where the user does not have permission (PR)

grants: Fix grant format type=<type>;output_fields=<fields> with no action specified. In some code paths this format would trigger an error when validating even though it is correctly handled within the ACL code. (PR)

targets: Fix panic when using boundary targets authorize-session (issue, PR).

Source code(tar.gz)
Source code(zip)
v0.5.1(Aug 19, 2021)
0.5.1 (2021/08/16)

New and Improved

Data Warehouse: Add OIDC auth method and accounts to the database warehouse. Four new columns have been added to the wh_user_dimension table: auth_method_external_id, auth_account_external_id, auth_account_full_name, and auth_account_email. (PR)

Bug Fixes

events: Fix panic when using the hclog-text event's format. (PR)

oidc managed groups: Allow colons in selector paths (PR)

Source code(tar.gz)
Source code(zip)
v0.5.0(Aug 5, 2021)
0.5.0 (2021/08/02)

Deprecations/Changes

With respect to Target resources, two naming changes are taking place. Note that these are not affecting the resources themselves, only the fields on Target resources that map them to targets:

Credential Libraries: In Target definitions, the field referring to attached credential libraries is being renamed to the more abstract credential sources. In the future Boundary will gain the ability to internally store static credentials that are not generated or fetched dynamically, and the sources terminology better reflects that the IDs provided are a source of credentials, whether via dynamic generation or via the credentials themselves. This will allow a paradigm similar to principals with roles, where the principal IDs can be a users, groups, and managed groups, rather than having them split out, and should result in an easier user experience once those features roll out compared to having separate flags and fields. In this 0.5 release the Boundary CLI has gained parallel application-credential-source flags to the existing application-credential-library flags, as well as boundary targets add/remove/set-credential-sources commands that parallel boundary targets add/remove/set-credential-libraries commands. This parallelism extends to the API actions and the grants system. In 0.6, the library versions of these commands, flags, and actions will be removed.

Host Sets: Similarly, in Target definitions, the field referring to attached host sets is being renamed to the more abstract host sources. In the future Boundary will allow attaching some host types directly, and possibly other mechanisms for gathering hosts for targets, so the sources terminology better reflects that the IDs provided are a source of hosts, whether via sets or via the hosts themselves. Like with credential sources, in this 0.5 release the Boundary CLI and API have gained parallel API actions and fields, and the set versions of these will be removed in 0.6.

New and Improved

OIDC Accounts: When performing a read on an oidc type account, the original token and userinfo claims are provided in the output. This can make it significantly easier to write filters to create managed groups. (PR)

Controllers will now mark connections as closed in the database if the worker has not reported its status; this can be seen as the controller counterpart to the worker-side session cleanup functionality released in 0.4.0. As with the worker, the timeout for this behavior is 15s.

Workers will shut down connections gracefully upon shutdown of the worker, both closing the connection and sending a request to mark the connection as closed in the database.

Pressing CTRL-C (or sending a SIGINT) when Boundary is already shutting down due to a CTRL-C or interrupt will now cause Boundary to immediately shut down non-gracefully. This may leave various parts of the Boundary deployment (namely sessions or connections) in an inconsistent state.

Events: Boundary has moved from writing hclog entries to emitting events. There are four types of Boundary events: error, system, observation and audit. All events are emitted as cloudevents and we support both a cloudevents-json format and custom Boundary cloudevents-text format.

Notes:

There are still a few lingering hclog bits within Boundary. If you wish to only output json from Boundary logging/events then you should specify both "-log-format json" and "-event-format cloudevents-json" when starting Boundary.

Filtering events: hclog log levels have been replaced by optional sets of allow and deny event filters which are specified via configuration, or in the case of "boundary dev" there are new new cmd flags.

Observation events are MVP and contain a minimal set of observations about a request. Observations are aggregated for each request, so only one observation event will be emitted per request. We anticipate that a rich set of aggregate data about each request will be developed over time.

Audit events are a WIP and will only be emitted if they are both enabled and the env var BOUNDARY_DEVELOPER_ENABLE_EVENTS equals true. We anticipate many changes for audit events before they are generally available including what data is included and different options for redacting/encrypting that data.

PRs: hclog json,text formats, log adapters, unneeded log deps, update eventlogger, convert from hclog to events, event filtering, cloudevents node, system events, convert errors to events, integrate events into servers, event pkg name, events using ctx, add eventer, and base event types

Bug Fixes

config: Fix error when populating all kms purposes in separate blocks (as well as the error message) (issue, PR)

server: Fix panic on worker startup failure when the server was not also configured as a controller (PR)

New and Improved

docker: Add support for muti-arch docker images (amd64/arm64) via Docker buildx

Source code(tar.gz)
Source code(zip)
v0.4.0(Jun 30, 2021)
0.4.0 (2021/06/29)

New and Improved

Credential Stores: This release introduces Credential Stores, with the first implementation targeting Vault. A credential store can be created that accepts a Vault periodic token (which it will keep refreshed) and connection information allowing it to make requests to Vault.

Credential Libraries: This release introduces Credential Libraries, with the first implementation targeting Vault. Credential libraries describe how to make a request to fetch a credential from the credential store. The first credential library is the generic type that takes in a user-defined request body to send to Vault and thus can work for any type of Vault secrets engine. When a credential library is used to fetch a credential, if the credential contains a lease, Boundary will keep the credential refreshed, and revoke the credential when the session that requested it is finished.

Credential Brokering: Credential libraries can be attached to targets; when a session is authorized against that target, a credential will be fetched from the library that is then relayed to the client. The client can then use this information to make a connection, allowing them to gain the benefit of dynamic credential generation from Vault, but without needing their own Vault login/token (see NOTE below).

boundary connect Credential Brokering Integration: Additionally, we have started integration into the boundary connect helpers, starting in this release with the Postgres helper; if the credential contains a username/password and boundary connect postgres is the helper being used, the command will automatically pass the credentials to the psql process.

The worker will now close any existing proxy connections it is handling when it cannot make a status request to the worker. The timeout for this behavior is currently 15 seconds.

NOTE: When using credential brokering, remember that if the user can connect directly to the end resource, they can use the brokered username and password via that direct connection to skip Boundary. This isn't any different from normal Boundary behavior (if a user can directly connect, they can bypass Boundary) but it's worth repeating.

Bug Fixes

scheduler: removes a Postgres check constraint, on the length of the controller name, causing an error when the scheduler attempts to run jobs (issue, PR).

Source code(tar.gz)
Source code(zip)
v0.3.0(Jun 9, 2021)
0.3.0 (2021/06/08)

Deprecations/Changes

password account IDs: When the oidc auth method came out, accounts were given the prefix acctoidc. Unfortunately, accounts in the password method were using apw...oops. We're standardizing on acct and have updated the password method to generate new IDs with acctpw prefixes. Previously-generated prefixes will continue to work.

New and Improved

oidc: The new Managed Groups feature allows groups of accounts to be created based on an authenticating user's JWT or User Info data. This data uses the same filtering syntax found elsewhere in Boundary to provide a rich way to specify the criteria for group membership. Once defined, authenticated users are added to or removed from these groups as appropriateds each time they authenticate. These groups are treated like other role principals and can be added to roles to provide grants to users.

dev: Predictable IDs in boundary dev mode now extend to the accounts created in the default password and oidc auth methods.

mlock: Add a Docker entrypoint script and modify Dockerfiles to handle mlock in a fashion similar to Vault (PR)

Source code(tar.gz)
Source code(zip)
v0.2.3(May 24, 2021)
0.2.3 (2021/05/21)

Deprecations/Changes

The behavior when cors_enabled is not specified for a listener is changing to be equivalent to a cors_allowed_origins value of *; that is, accept all origins. This allows Boundary, by default, to have the admin UI and desktop client work without further specification of origins by the operator. This is only affecting default behavior; if cors_enabled is explicitly set to true, the behavior will be the same as before. This had been changed in v0.2.1 due to a bug found in v0.2.0 that caused all origins to always be allowed, but fixing that bug exposed that the default behavior was difficult for users to configure to simply get up and running.

If a cancel operation is run on a session already in a canceling or terminated state, a 200 and the session information will be returned instead of an error.

New and Improved

sessions: Return a 200 and session information when canceling an already-canceled or terminated session (PR)

Bug Fixes

cors: Change the default allowed origins when cors_enabled is not specified to be *. (PR)

Source code(tar.gz)
Source code(zip)
v0.2.2(May 19, 2021)
0.2.2 (2021/05/17)

New and Improved

Inline OIDC authentication flow: when the OIDC authentication flow succeeds, the third-party provider browser window is automatically closed and the user is returned to the admin UI.

Bug Fixes

oidc: If provider returns an aud claim as a string or []string, Boundary will properly parse the claims JSON. (issue, PR)

sessions: Clean up connections that are dangling after a worker dies (is restarted, powered off, etc.) This fixes some cases where a session never goes to terminated state because connections are not properly marked closed. (Issue 1, Issue 2, PR)

sessions: Add some missing API-level checks when session cancellation was requested. It's much easier than interpreting the domain-level check failures. (PR)

authenticate: When authenticating with OIDC and json format output, the command will no longer print out a notice that it's opening your web browser (Issue, PR)

Source code(tar.gz)
Source code(zip)
v0.2.1(May 6, 2021)
0.2.1 (2021/05/05)

Deprecations/Changes

API delete actions now result in a 204 status code and no body when successful. This was not the case previously due to a technical limitation which has now been solved.

When using a delete command within the CLI we now either show success or treat the 404 error the same as any other 404 error, that is, it results in a non-zero status code and an error message. This makes delete actions behave the same as other commands, all of which pass through errors to the CLI. Given -format json capability, it's relatively easy to perform a check to see whether an error was 404 or something else from within scripts, in conjunction with checking that the returned status code matches the API error status code (1).

When outputting from the CLI in JSON format, the resource information under item or items (depending on the action) now exactly matches the JSON sent across the wire by the controller, as opposed to matching the Go SDK representation which could result in some extra fields being shown or fields having Go-specific types. This includes delete actions which previously would show an object indicating existence, but now show no item on success or the API's 404 error.

Permissions in new scope default roles have been updated to include support for list, read:self, and delete:self on auth-token resources. This allows a user to list and manage their own authentication tokens. (As is the case with other resources, list will still be limited to returning tokens on which the user has authorization to perform actions, so granting this capability does not automatically give user the ability to list other users' authentication tokens.)

New and Improved

permissions: Improving upon the work put into 0.2.0 to limit the fields that are returned when listing as the anonymous user, grants now support a new output_fields section. This takes in a comma-delimited (or in JSON format, array) set of values that correspond to the JSON fields returned from an API call (for listing, this will be applied to each resource under the items field). If specified for a given ID or resource type (and scoped to specific actions, if included), only the given values will be returned in the output. If no output_fields are specified, the defaults are used. For authenticated users this defaults to all fields; for u_anon this defaults to the fields useful for navigating to and authenticating to the system. In either case, this is overridable. See the permissions documentation for more information on why and when to use this. This currently only applies to top-level fields in the response.

cli/api/sdk: Add support to request additional OIDC claims scope values from the OIDC provider when making an authentication request. (PR).

By default, Boundary only requests the "openid" claims scope value. Many providers, like Okta and Auth0 for example, will not return the standard claims of email and name when you request the default claims scope (openid).

Boundary uses the standard email and name claims to populate an OIDC account's Email and FullName attributes. If you'd like these account attributes populated, you'll need to reference your OIDC provider's documentation to learn which claims scopes are required to have these claims returned during the authentication process.

Boundary now provides a new OIDC auth method parameter claims_scopes which allows you to add multiple additional claims scope values to an OIDC auth method configuration.

For information on claims scope values see: Scope Claims in the OIDC specification

cli: Match JSON format output with the across-the-wire API JSON format (PR)

api: Return 204 instead of an empty object on successful delete operations (PR)

actions: The new no-op action allows a grant to be given to a principals without conveying any actionable result. Since resources do not appear in list results if the principal has no actions granted on that resource, this can be used to allow principals to see values in list results without also giving read or other capabilities on the resources. The default scope permissions have been updated to convey no-op,list instead of read,list. (PR)

cli/api/sdk: User resources have new attributes for:

Primary Account ID

Login Name

Full Name

Email

These new user attributes correspond to attributes from the user's primary auth method account. These attributes will be empty when the user has no account in the primary auth method for their scope, or there is no designated primary auth method for their scope.

cli: Support for reading and deleting the user's own token via the new read:self and delete:self actions on auth tokens. If no token ID is provided, the stored token's ID will be used (after prompting), or "self" can be set as the value of the -id parameter to trigger this behavior without prompting. (PR)

cli: New logout command deletes the current token in Boundary and forgets it from the local system credential store, respecting -token-name (PR)

config: The name field for workers and controllers now supports being set from environment variables or a file on disk (PR)

Bug Fixes

cors: Fix allowing all origins by default (PR)

cli: It is now an error to run boundary database migrate on an uninitalized db. Use boundary database init instead. (PR)

cli: Correctly honor the -format flag when running boundary database init (PR)

Source code(tar.gz)
Source code(zip)