From 7bdbe8ab8eb6b7cc4577b75e9733c19c1fc69233 Mon Sep 17 00:00:00 2001
From: Jeff Mitchell <jeffrey.mitchell@gmail.com>
Date: Tue, 30 May 2023 16:16:31 -0400
Subject: [PATCH] Update changelog (#3250)

---
 CHANGELOG.md                                    | 17 +++++++++++++++++
 .../api/services/target_service_grpc.pb.go      |  8 ++++++++
 2 files changed, 25 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 78347d307f..6914fc3f32 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -45,6 +45,23 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
   by the client via `-listen-port`
   ([PR](https://github.com/hashicorp/boundary/pull/2767))
 
+### Bug Fixes
+
+* targets: `authorize-session` now works properly when using a target's name as
+  the identifier and the target name contains one or more slashes
+  ([PR](https://github.com/hashicorp/boundary/pull/3249))
+
+## 0.12.3 (2023/05/26)
+
+### Bug Fixes
+
+* workers: A bug in PKI worker auth rotation could mean that after a rotation
+  the controller (or upstream worker) and downstream worker side could pick
+  different certificate chains for authentication, with the only remedy being to
+  re-authorize the workers. This has been fixed. If this bug was previously hit,
+  in some specific cases updating only the worker to 0.12.3 will fix it;
+  otherwise reauthorization will be necessary.
+
 ## 0.12.2 (2023/04/04)
 
 ### Security
diff --git a/internal/gen/controller/api/services/target_service_grpc.pb.go b/internal/gen/controller/api/services/target_service_grpc.pb.go
index 2ee4e350bd..ec29144017 100644
--- a/internal/gen/controller/api/services/target_service_grpc.pb.go
+++ b/internal/gen/controller/api/services/target_service_grpc.pb.go
@@ -47,6 +47,10 @@ type TargetServiceClient interface {
 	// is malformed or not provided an error is returned.
 	DeleteTarget(ctx context.Context, in *DeleteTargetRequest, opts ...grpc.CallOption) (*DeleteTargetResponse, error)
 	// AuthorizeSession creates authorization information from a given Target.
+	// Note that unlike most APIs, since we support using a target name along with
+	// scope ID or name to identify a target, this uses a pattern that allows the
+	// "id" field to have any number of segments, which works so long as the last
+	// part of the path is the verb, which is our normal pattern.
 	AuthorizeSession(ctx context.Context, in *AuthorizeSessionRequest, opts ...grpc.CallOption) (*AuthorizeSessionResponse, error)
 	// AddTargetHostSources adds Host Sources to this Target. The provided request
 	// must include the Target ID to which the Host Sources will be added. All
@@ -248,6 +252,10 @@ type TargetServiceServer interface {
 	// is malformed or not provided an error is returned.
 	DeleteTarget(context.Context, *DeleteTargetRequest) (*DeleteTargetResponse, error)
 	// AuthorizeSession creates authorization information from a given Target.
+	// Note that unlike most APIs, since we support using a target name along with
+	// scope ID or name to identify a target, this uses a pattern that allows the
+	// "id" field to have any number of segments, which works so long as the last
+	// part of the path is the verb, which is our normal pattern.
 	AuthorizeSession(context.Context, *AuthorizeSessionRequest) (*AuthorizeSessionResponse, error)
 	// AddTargetHostSources adds Host Sources to this Target. The provided request
 	// must include the Target ID to which the Host Sources will be added. All