mirror of https://github.com/hashicorp/boundary
release/0.19.x
release/0.20.x
release/0.21.x
irindos-backport-moby-21
irindos-backport-moby-20
irindos-backport-moby-19
irin-backport-net-21
irin-backport-net-20
irin-backport-net-19
main
dependabot/go_modules/go-7e20a5201d
backport/irindos-replace-docker-moby/personally-valid-chow
backport/irindos-replace-docker-moby/distinctly-able-werewolf
backport/irindos-replace-docker-moby/mistakenly-better-cat
ICU-18816
backport/irindos-bump-net/thankfully-becoming-horse
backport/irindos-bump-net/directly-many-buck
backport/irindos-bump-net/strangely-organic-grizzly
dependabot/github_actions/actions-a6b2392464
jefferai-add-pins
bgajjala_valid-output-field
backport/louis-auth/formerly-neat-emu
louis-dhc
bgajjala-0.19.x-cve-fix
anilvpatel-fix-boundary-kms-display-metadata
bgajjala-0.19.x-changelog
irindos-update-postgres
backport/bgajjala_update-version-0.19.5-change-log/evidently-giving-jaybird
backport/bgajjala_update-version-0.19.5-change-log/readily-key-ox
bgajjala_0.21-vuln-fix
backport-pr-6235
feat/test-security-scan
moduli-e2e-admin-ui
rderr-boundary-docker-db-update
backport/wongtonyb-tcp-pending-test-fix/subtly-moved-bee
backport/irindos-kms-bump/actually-loyal-bluegill
backport/irindos-kms-bump/easily-fit-mallard
backport/irindos-grpc-sdk-api-bump/precisely-quick-tarpon
backport/irindos-grpc-sdk-api-bump/vertically-wise-colt
backport/irindos-grpc-sdk-api-bump/directly-maximum-monkey
backport/irindos-kms-bump/endlessly-tops-anchovy
backport/irindos-grpc-bump/unduly-hopeful-muskrat
backport/irindos-grpc-bump/personally-elegant-condor
backport/irindos-grpc-bump/blatantly-amused-pangolin
backport/irindos-bump-go-dbw-version/instantly-quality-bluegill
backport/irindos-bump-go-dbw-version/currently-mint-stork
backport/irindos-bump-go-dbw-version/poorly-included-hornet
moduli-e2e-loglevel-debug
jefferai-proxyv2-test-1-rebase
jefferai-proxyv2-test-1-merge
backport/dependabot/go_modules/go-security-812415d43e/curiously-master-cougar
backport/dependabot/go_modules/go-security-812415d43e/initially-sweeping-lacewing
backport/dependabot/go_modules/go-security-812415d43e/barely-accurate-ibex
backport/dependabot/go_modules/go-security-812415d43e/directly-unbiased-antelope
chore/dependency-bump
bgajjala-bexpr-poc
dkanney-get-token
llb-app-token
backport/aditya2548-update-cve-changelog-0.21/adequately-careful-gobbler
backport/aditya2548-update-cve-changelog-0.19/evidently-clear-gopher
backport/moduli-bats-alias-flake/luckily-keen-ghoul
bgajjala-type-confusion-fix
ddebko-skip-iputils
bgajjala-bexpr-fix
llb-desktop-client-sort-backup
improve-testoutput
backport/irindos-bump-go/externally-champion-kid
rand-read-reverting
bosorawis-stop-revoking-expired-vault-creds
bosorawis-stop-renewing-and-revoking-expired-vault-lease
bosorawis-stop-renewing-expired-vault-token
backport/bosorawis-stop-renewing-expired-vault-token/properly-striking-aardvark
test_crypto_rand
bumped-ui-commit-95f72e1
update-ui-changelog
backport/update-ui-changelog/ideally-eternal-doberman
bump-ui-commit-4fc3244
wongtonyb-connectcli-stdoutpipe-ff
llb-password-credential-type-clean
recovered-work
llb-password-credential-fix
llb-password-credential-type-backup
mikemountain-sql-schema-and-pgtap
backport/dkanney-add-plugin-ibm-key-protect-kms/terminally-vocal-duckling
stable-website
backport/dheath-fix-redirects-2/extremely-gorgeous-troll
backport/am-add-winrdp-err/barely-bold-jaybird
app-token-prototype
dheath-worker-config-name
ICU-17720-storage-protobufs
backport/rdp-docs/actively-classic-adder
backport/ICU-14484-redis-connect/greatly-immortal-cardinal
bump-ui-commit-39dedc6
scc/backport-content-change
drohan-rdp-beta-doc-updates
scc/backport-redirects
dheath-spe-1219-controller-config
style-nonce
irindos-fix-nz-tests
manjeet-04-recovery-plugin-proto
llb-recovery
dkanney-expose-warehouse-tables-over-mcp-server
backport/dheath-clarify-known-issue-message/especially-fun-lioness
louis-tests
louis-testing
backport/bosorawis-add-test-to-migration-fix/surely-relevant-tiger
backport/bosorawis-add-test-to-migration-fix/hardly-optimal-ape
mikemountain-fix-rollback-bug-on-hook-failures
llb-normalized-grants-tests-only
dkanney-merge-main-into-release/0.19.x
dkanney-release/0.19.x-rebase-on-c97605b
dkanney-make-gen-release/0.19.x
mikemountain-add-create-default-and-admin-role-options
mikemountain-fix-migration-drop-cascade
backport/pnpm-migration/socially-star-sponge
backport/bump-ui-commit-2d34717/uniquely-amazing-gnat
backport/dheath-add-client-agent-commands/preferably-lenient-marten
backport/dheath-add-client-agent-commands/presumably-moved-bluejay
mikemountain-fix-makefile-sed-issue
mikemountain-add-createdefaultrole-and-createadminrole-options
backport/boundry/mini-doc-day-2/informally-mutual-poodle
anwittin-changelog-update-1-19-3
backport/dkanney-cve-suppression-for-0.19.2/secondly-unified-terrier
backport/add-ui-entries-changelog/suitably-large-puma
release/0.18.x
release/0.17.x
bosorawis-domain-iam-implement-role-grant-scopes
bosorawis-domain-iam-implement-list-role-grant-scopes
backport/ddebko-update-changelog/previously-adapting-hare
backport/ddebko-update-changelog/initially-whole-bison
tsccr-auto-pinning/trusted/2025-04-01
bosorawis-domain-iam-create-role
elimt-auth-tokens-grants-test
backport/vanphan24-patch-1---public_addr-note/poorly-smiling-dingo
backport/vanphan24-patch-1---public_addr-note/forcibly-proven-pheasant
backport/vanphan24-patch-1---public_addr-note/eminently-renewed-pika
mikemountain-changelog-0.19.1
boundry/mini-doc-day
elimt-grants-data-migration
jbrandhorst-prevent-enourmous-estimated-counts
backport/jbrandhorst-update-azure-plugin/largely-amused-tetra
judith/edu-web-codeowners
backport/docs/config-examples-fix/suddenly-eternal-rat
backport/docs/config-examples-fix/rationally-immortal-kangaroo
jbrandhorst-prototype-db-iface-changes
bumpui-commit-835b302c1
bump-commit-835b302c1
irindos-test
backport/bump-ui-commit-ae1e6d2/notably-secure-malamute
bosorawis-grants-tests-for-accounts-resource
release/0.16.x
jbrandhorst-remove-dependabot-actions
elimt-gcp-multiple-targets
backport/artifact-manifest/main/mainly-proven-snake/vaguely-next-foal
jimlambrt-cache-refresh-win
ddebko-optimize-cluster-tests
jbrandhorst-revert-awssdk-update
ddebko-revert-awskms
moduli-vgt
backport/ryan/ICU-15359/steadily-content-finch
jbrandhorst-remove-wget
backport/ci/update-security-scanner-token/strangely-sweeping-wildcat
dheath-telemetry-doc
bosorawis-labweek-per-authmethod-ttl
backport/jbrandhorst-clarify-ts-configuration-reload/lately-quiet-civet
fix-security-scanner
jimlambrt-cache-soft-delete-user
jimlambrt-cache-speedup-refresh
hugo-dhc-manual-tests
backport/irindos-update-changelog-0.17.2/gently-grand-titmouse
jbrandhorst-context-cause
jbrandhorst-go-api-paging
backport/irindos-update-changelog/horribly-super-crayfish
jbrandhorst-fix-security-scanner
uruemu/app-token-service
dheath-IA-POC
llb-app-tokens
jefferai-rbac-caching
release/0.15.x
irindos-custom-cli-dump
jefferai-proxyv2-test-2
jefferai-proxyv2-test-1
llb-worker-storage-bucket-state
dmiu_vault-response-wrapping
release/0.14.x
release/0.13.x
single-write-errors
elimt-release-0.16.1-mod-update
backport/alanknight_update_dependencies/personally-champion-robin
irindos-cause-split-brain
backport/uruemu/session-recording-observation-events/plainly-tender-guinea
labweek/event-streaming
alanknight_sessions_includeterminated
jbrandhorst-node-enrollment-test
alanknight_labweek_search_tui
jbrandhorst-help-api
flakey-test-TestRotationTicking
lab-week/event-streaming
dheath-docsdays-multi-hop-concept
irindos-update-apisdk
jefferai-random-reader-through-nodee
dgreeninger-vault-integration-howto
backport/dheath-ICU-12878/obviously-intense-calf
backport/irindos-update-bsr-detail/publicly-merry-kangaroo
carlos
dgreeninger-vault-integrations2
SMRE-7-release-pipeline
tmessi-cp-monthly-active-users
backport/jbrandhorst-update-runc/carefully-supreme-mole
jefferai-proxy-in-api
jbrandhorst-fuzz-dns-validator
syncing-file-buffer
jefferai-initial-resources-test
tmessi-target-list-reduce-query-params
elimt-oidc-prompts-changelog
tmessi-rate-limit-sys-event
tmessi-rate-limit-unlimited
DoNotDelete-plugin-sdk-0.3.0
app-token-read
moduli-e2e-logout-test
mikemountain-iam-groups-list-pagination
jimlambrt-more-multierror-bits
llb-worker-local-storage-state
moduli-e2e-authorize-session-scope-test
mikemountain-iam-user-list-pagination
mikemountain-iam-role-list-pagination
mikemountain-auth-handlers-pagination
mikemountain-auth-domain-pagination
AdamBouhmad-patch-1
mikemountain-managed-groups-list-pagination
mikemountain-sessions-list-pagination
mikemountain-refactor-auth-methods-domain-layer
mikemountain-auth-token-domain-list-pagination
mikemountain-refactor-accounts-domain-layer
backport/jimlambrt-ldap-mtls-fix-changelog/forcibly-cunning-katydid
backport/dmiu_add-valid-principals-ssh-cert/manually-stirred-mutt
elimt-cpu-consumption-changelog
backport/jimlambrt-fix-oplog-keys/gladly-included-aardvark
elimt-worker-local-storage-proto
release/0.14.1
alanknight_warnings
jimlambrt-go-version
jbrandhorst-experimenting
mikemountain-refactor-accounts-base-repo
releng-test-cgo-enabled
readme-update
rab-permissions-docs-rebase
jimlambrt-make-gen
jimlambrt-auth-ldap-fixes
jimlambrt-drop-oplog-scopeid-fk
backport/jefferai-icu-10786/subtly-legal-chigger
ajayreshc-plugin-proto-observability
backport/dheath-elur-edits/humbly-comic-hornet
compliance/license-update
mikemountain-purge-pagination-tables
mikemountain-prototype-table-trigger-job
dmiu_client-connection-via-unix-socket
dmiu_plugin-error-handling
backport/danny-knights-documentation/hopefully-giving-goat
backport/xw-worker-docs/mildly-talented-newt
backport/irindos-bsr-check-nano-decode/implicitly-hip-turkey
jimlambrt-update-cap
backport/xw-worker-docs/honestly-composed-minnow
backport/dheath-reorg-session-recording-operations/terribly-alert-bug
backport/docs/cli-commands/internally-bursting-condor
backport/docs/cli-commands/eagerly-chief-yeti
backport/dheath-fix-toc-typo/overly-funky-gelding
backport/dheath-fix-headings-1/mistakenly-mint-panther
backport/edorion-patch-3/entirely-direct-barnacle
backport/edorion-patch-2/amazingly-inspired-prawn
backport/edorion-patch-1/properly-desired-mastiff
backport/dheath-host-discovery/gradually-dominant-bunny
backport/irindos-fix-mlock-typo/preferably-enormous-mustang
backport/dheath-update-target-client-port/mainly-loving-heron
backport/irindos-0130-release-notes/actually-unbiased-bunny
jimlambrt-gldap-dep
jimlambrt-cache-poc
backport/dheath-fix-spacing-bullets/code/severely-decent-walleye
llb-jefferai
backport/dheath-bsr-key-req/adversely-great-teal
backport/Postgres-version-recommendation/badly-major-goshawk
backport/irindos-update-storage-bucket-docs/shortly-worthy-foal
backport/dheath-fix-code-blocks/endlessly-closing-alpaca
backport/what-is-boundary-changes/terminally-famous-goshawk
xinglu-permissions-docs
release/0.12.x
hz-cli-print-cert
jefferai-test-stream-interceptor
manthony-controller-led-auth
tmessi-interface-to-any
zs.test-api-docs-preview
tmessi-fix-ui-build
jefferai-unsettable-bools
test-gh-fix
dmiu_plugin-restructure
sarah-test-transient
ahuang/test-mod-cache
test-changing-nofile-limit
try-test-splitting
tmessi-ci-gh-actions-mariano
jimlambrt-ldap-changelog
backport/alanknight_pkiworkers_docs/clearly-driven-raptor
backport/alanknight_pkiworkers_docs/rapidly-rational-chamois
backport/alanknight_pkiworkers_docs/wholly-pumped-dinosaur
backport/rab-0_12_0_cve-link/partly-singular-bison
eneil/test-changes
test-rm-product-metadata
jimlambrt-ldap-wh
backport/bump-ui-commit-onboarding-update/firmly-flexible-mallard
jimlambrt-ldap-ongoing
release/0.5.x
release/0.6.x
release/0.7.x
release/0.8.x
release/0.9.x
release/0.10.x
release/0.11.x
backport/dheath-add-frontmatter-ref-arch/normally-smooth-werewolf
backport/dheath-release-notes-0.11/probably-legal-walrus
backport/dheath-release-notes-0.11/grossly-advanced-alien
tmessi-sqltest-postgres-versions
backport/ks.update-alert-docs/miserably-valued-seahorse
RELENG-305
daniellemiu_remove-session-id-from-retrieveCredential
release/0.11.2
backport/set-product-version/briefly-knowing-fowl
backport/dheath-template-params-rewrite/totally-thankful-buzzard
mktg-tf-999fc08cd5edb8632f8f6995f9998396
tmessi-sqllit
hz-active-conns-main
hugoamvieira-bud-update-changelog1
backport/dheath-vault-credential-templating/carefully-striking-jaybird
sam/set-product-version
hz-active-conns-cherrypick
backport/dheath-boundary-v-others/adequately-genuine-badger
backport/dheath-boundary-v-others/readily-rich-squirrel
backport/dheath-boundary-v-others/sadly-splendid-lion
hz-db-consistency-2
chore-bump-ui-commit
hz-active-connections-re
hz-active-connections
jefferai-eph-testing
kevin/boundary-ga-link-fixes
jefferai-skip-shared-lock-acquisition
jefferai-hosts-on-targets
jefferai-gen-add-set-remove
manthony/QTI-317
b/set-version-docker
chore-bump-ui
qti/nomad-deployment
jimlambrt-go-dbw-dep-update
rename_boundary_service
jimlambrt-worker-dag
qti-275
llb-project-scope-refactor
mgaffney-rename-catalog-column
jimlambrt-repo
jimlambrt-byow-create-ongoing
docs-install-dir
jimlambrt-yugabyte
release/0.8.1
jefferai-session-listing-style
new-metrics-doc
jimlambrt-kms-refactor
test-build-downloading-ui-artifact
jefferai-remove-alpnmux
test-workflow
plugin-error-code-conversion
add-desktop-vault-credential-clickthrough
test-kms
sarah-test
crt
release/0.7.3
vancluever-persisted-creds-maintenance-job
release/0.7.2
hostcatalog-updates-074
vancluever-persisted-creds-maintenance-job-abandoned-timestamponly
mgaffney-update-mappers2
brk.feat/mdx-v2
release_notes_07
build-abd695e5bc42d01e4412bf6c76211c3fc93a93d7-96b4bb6d1c841f3
jeff-windows-asset-embedding
build-bc27190474ad4863d3c7541f35467c84d8b17621-6e6387801f8e1b6e
jeff-ci-error-investigation
jimlambrt-update-db-docs
vancluever-plugin-hostcatalogs-catch-duplicate-name-early
vancluever-hostcatalogsecret-crud
backport/add-reference-architectures-docs-2/sadly-exotic-cattle
jeff-migrate-host-set-members
backport/nq.web.upgrade-analytics-package/factually-modern-mastodon
backport/nq.add-fathom-analytics/luckily-definite-fawn
jeff-shared-host-lookup
ac.homepage-refresh
build-07c5c00f557ccc6d58ac065fa6c267f576860ac2-b6d44bfa8919b067
zs.hero-video-tweaks
jeff-plugin-threadsafe-map
jimlambrt-events-inbound-interceptor
jimlambrt-events-no-default-stderr-sink
jimlambrt-gorm-v2
vancluever-plugin-hostcatalogs-manager-launch-and-hooks
vancluever-plugin-hostcatalogs-manager
build-7746916d59c46491d77b4381b9e0bfee7f2960c1-aa2e5699399125ec
vscode-customization
build-3fc2cf4df5820b2465e10a4fe12d03e563c9ea36-aa2e5699399125ec
vancluever-plugin-hostcatalogs
build-02c0764e1100301622a8cb916a7e3e6224fec79e-aa2e5699399125ec
build-02c0764e1100301622a8cb916a7e3e6224fec79e-7d2e41b4124999b9
vancluever-move-host-resoruce-address-up-to-top-level
christoff-event-api
christoff-event-storage-protobuf
jeff-add-migration-hooks
jeff-robbarnes-testing
christoff-db-prince
build-5f88243ddc6182db9c71ba84fd401040de4f5d41-ee438ecfea1e5f6d
jimlambrt-oidc-ctx
jimlambrt-remove-threshold
jimlambrt-event-logger-dep
vancluever-plugin-prototype
boundary-toc-draft
boundary-draft-toc
mdeggies-ui-build-fix-commit
christoff-fix-build-ui
jimlambrt-event-resource
build-0b66464a3a173d5cd28a41924fb661d9e68b33c5-7706fefd870195c1
build-48e55f156a0fbdcb4e1e711b04271e57bc8f952e-7706fefd870195c1
build-7f9bc768a02832ebfd96387f8ea48b56975ab391-7706fefd870195c1
build-14c7993c2cc5a9ad92025453c2dbe66651a98359-7706fefd870195c1
build-f48382828610d294361ee6630c11972d501678fb-7706fefd870195c1
jimlambrt-events-integration-updates
jeff-vault-target-sad-cli
origin/vancluever/worker-unit-testing
vancluever/worker-status-connection-close
vancluever/controller-session-cleanup
jimlambrt-hclog-sink-prototyping
jimlambrt-encrypt-node
build-407a21991aa7dc550967720466d4b10c2e02ee1c-af038697addc95f7
pw-prefix-docs
jimlambrt-dry-out-eventer
jimlambrt-events-eventer
jimlambrt-o11y-wip
jimlambrt-o11y-audit-encrypt-filter
build-95e6a736e5d92c824843675122618828c94b89d0-855628175bd6dd2b
build-ed5e34082c60ac49d2501f1ac68f6bd36925c169-96c1fa474bdc9213
build-79c1d90fa58c43e8bdbd1b3a27ea57b8329461d6-855628175bd6dd2b
build-a87fe5f803e2b28fa008158d8a080aa3fe65184e-6a9de274fa82c0d3
packagespec-0.2.6/main
build-3c994f66f877224fd1d75e6ce3ff4efb3aa9a0ad-f8da55a155fec372
build-b0fbd9b905aa8ef091936636d8d7463e728de64c-f8da55a155fec372
build-c3cbf23eaba7c37a4e7a2829c19e8bb2f63efc10-f8da55a155fec372
build-c3cbf23eaba7c37a4e7a2829c19e8bb2f63efc10-d2d108249f2b472e
build-f7e7e54fd8f07011fd36e71cca494d2621017aff-f8da55a155fec372
eventmvp
jimlambrt-oidc-user-name-email-with-scopes
build-7bf6fad7e235ff9ba8fa904904afd1b6deb40082-604d79ffd095ac1d
build-6c003c94f7a49dba6ae2ad524d4e830929c2a363-604d79ffd095ac1d
build-db29c83daf377602e31a5aaebb5252c10e6da4bd-604d79ffd095ac1d
feature-enable-ui-oidc
jimlambrt-oidc-wip
backport/br.stackmenu/thoroughly-tidy-jaybird
jimlambrt-oidc-primary-bool
jimlambrt-oidc-wip-primary-bool
jimlambrt-oidc-wip-disable-discovered
jimlambrt-oidc-wip-uniq-names
jimlambrt-oidc-wip-fix-migrations
jimlambrt-oidc-predictable-auth-oidc-acct-ids
build-c0f33f982c87c0eb4127cb16cf06b03a37b91dbd-ac2d26e9788a0ad5
jeff-update-tls-max-version
jimlambrt-oidc-op-state-changes
revert-937-jimlambrt-oidc-providers-and-repo-reads
jimlambrt-oidc-eff-dating
malnick/dt-client-videos
build-bc565922fbd3a18c9f6a22cd2e80a93df0d7cd45-8df1aef0cf650f
build-c45916918a4e71d3c9f3b47d058ce1e2075e8f5d-eee4aa2684a7d81e
build-9761f1deee3fceeb4e9a11696e3a15de813c6979-eee4aa2684a7d81e
docs-desktop
malnick/jeff-publicclusteraddr-env
mgaffney-ICU-1063-target-hosts
ICU-1063-target-hosts
binary-test-harness
build-ba6c0df8ca56eff0f01d9717da1b1435898408d3-1a2da1c180d096ae
build-f8577519b6fb152ddb19b2e4a7dcf8e9b1e82f58-33843d4ffce619b7
build-b5d84495a33b72a3139bd224d3cfcd4cbaad7b98-6d31fbde972f7762
fix-base-image-reference
jeff-websocket-netconn-framewrapping
build-d8020842ae8b6c742b94538baada313d7eb52809-96150adb9f0307e8
build-a39bad1ab0159ba4fe91365e9ddec93f04d795e3-96150adb9f0307e8
build-353360bbcf38badecbc8b2ebfaeae3597e704a6f-96150adb9f0307e8
jeff-dynamic-groups-exp
malnick-patch-1
build-eccd68d73c3edf14863ecfd31f9023063b809d5a-8bc67ea0caf8607a
build-3b9ef13f173683e82a68b7fb47ed491ac025518f-8bc67ea0caf8607a
build-be498b301567249e8b913e79591af378f0fa5cd6-8bc67ea0caf8607a
jeff-recovery-config-hcl-string
jeff-worker-unix-public-addr
issue-701
chlg-subheader
build-e08ab98a2b128ee202eae46551da23c831b4acfc-13facd1eb832bef
build-7b7fbfa2c1af4c7ee2f60857cedb22f19daffc4f-ccf4cf2f99886942
br.boundary-releases
build-ce40b69ffa93e0b68a045114847ca498732f18b9-19422f9faecfc500
br.download-boundary
nq.website.remove-auth
hashiconf
cli-data
chore-ui-v0.1.0
Docs-landing-page
jm.add-hashi-stack-menu
prefix-format-err
jeff-error-cli-update
malnick-err-cli-update
cli-printer
helpful-text
build-a1765d5838b0fe61ad80af4b3c2d5e514595d216-e4376ac9df46687f
integration-test
db_env_var
build-2647dd2d665b71b5da76a9964b4c272985d37ea0-748714d3a36e1911
build-44575137078a4c177fc9a16b16faf98494b49130-4344d637dfb974c4
build-ad364714b47113baf7e87e9a382d03b8f73b896a-93a6ac5d68844c75
admin-docs
cli-labels
jimlambrt-assoc-changes
build-be1555d9b0325d7d8078451c19df46d0aa514c40-77765297f95ba814
uniq-name
examples
jimlambrt-session-basics
rm-tribal
jimlambrt-targets-store
external-kms
kms-proto
jeff-migrate-debugging
e2e
docs-project-resource
mgaffney/wt-demo-1
iam-basics
revert-143-remove-projects-from-grants
jimlambrt-auth-additions
dev-test-db
mgaffney/static-hosts
mgaffney/make-tests-faster
apigen
mgaffney/db-init
sdk/v0.0.59
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.2
v0.6.1
v0.6.0
v0.5.1
sdk/v0.0.7
v0.5.0
api/v0.0.15
v0.4.0
v0.3.0
v0.2.3
v0.2.2
v0.2.1
api/v0.0.10
v0.2.0
v0.1.8
v0.1.7
v0.1.6
v0.1.5
v0.1.4
v0.1.3
v0.1.2
v0.1.1
v0.1.0
api/v0.0.1
api/v0.0.11
api/v0.0.12
api/v0.0.13
api/v0.0.14
api/v0.0.16
api/v0.0.17
api/v0.0.18
api/v0.0.19
api/v0.0.2
api/v0.0.20
api/v0.0.21
api/v0.0.22
api/v0.0.23
api/v0.0.24
api/v0.0.25
api/v0.0.26
api/v0.0.27
api/v0.0.28
api/v0.0.29
api/v0.0.3
api/v0.0.30
api/v0.0.31
api/v0.0.32
api/v0.0.33
api/v0.0.34
api/v0.0.35
api/v0.0.36
api/v0.0.37
api/v0.0.38
api/v0.0.39
api/v0.0.4
api/v0.0.40
api/v0.0.41
api/v0.0.42
api/v0.0.43
api/v0.0.44
api/v0.0.45
api/v0.0.46
api/v0.0.47
api/v0.0.48
api/v0.0.49
api/v0.0.5
api/v0.0.50
api/v0.0.51
api/v0.0.52
api/v0.0.53
api/v0.0.54
api/v0.0.55
api/v0.0.56
api/v0.0.57
api/v0.0.58
api/v0.0.59
api/v0.0.6
api/v0.0.60
api/v0.0.61
api/v0.0.7
api/v0.0.8
api/v0.0.9
sdk/v0.0.1
sdk/v0.0.10
sdk/v0.0.11
sdk/v0.0.12
sdk/v0.0.13
sdk/v0.0.14
sdk/v0.0.15
sdk/v0.0.16
sdk/v0.0.17
sdk/v0.0.18
sdk/v0.0.19
sdk/v0.0.2
sdk/v0.0.20
sdk/v0.0.21
sdk/v0.0.22
sdk/v0.0.23
sdk/v0.0.24
sdk/v0.0.25
sdk/v0.0.26
sdk/v0.0.27
sdk/v0.0.28
sdk/v0.0.29
sdk/v0.0.3
sdk/v0.0.30
sdk/v0.0.31
sdk/v0.0.32
sdk/v0.0.33
sdk/v0.0.34
sdk/v0.0.35
sdk/v0.0.36
sdk/v0.0.37
sdk/v0.0.38
sdk/v0.0.39
sdk/v0.0.4
sdk/v0.0.40
sdk/v0.0.41
sdk/v0.0.42
sdk/v0.0.43
sdk/v0.0.44
sdk/v0.0.45
sdk/v0.0.46
sdk/v0.0.47
sdk/v0.0.48
sdk/v0.0.49
sdk/v0.0.5
sdk/v0.0.50
sdk/v0.0.51
sdk/v0.0.52
sdk/v0.0.53
sdk/v0.0.54
sdk/v0.0.55
sdk/v0.0.56
sdk/v0.0.57
sdk/v0.0.58
sdk/v0.0.6
sdk/v0.0.8
sdk/v0.0.9
v0.1.0-beta.1
v0.1.0-beta.2
v0.1.0-beta.3
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.10.4
v0.10.5
v0.11.0
v0.11.1
v0.11.2
v0.12.0
v0.12.1
v0.12.2
v0.13.0
v0.13.1
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.14.5
v0.15.0
v0.15.1
v0.15.2
v0.15.3
v0.15.4
v0.15.5
v0.16.0
v0.16.1
v0.16.2
v0.16.3
v0.17.0
v0.17.1
v0.17.2
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.19.2
v0.19.3
v0.19.5
v0.20.0
v0.20.1
v0.20.3
v0.21.0
v0.21.1
v0.21.2
v0.21.3
v0.7.5
v0.7.6
v0.8.0
v0.8.1
v0.9.0
v0.9.1
${ item.name }
${ noResults }
313 Commits (bumped-ui-commit-95f72e1)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Bharath Gajjala
|
d4f7bd55d1 |
feat(cli): Add password credential CLI commands (#6117)
|
6 months ago |
|
Bharath Gajjala
|
11c4fd7580 |
feat(handlers): CRUDL support for static password credential (#6181)
|
6 months ago |
Justin Nguyen
|
82745e16be |
feat(handlers): Implement CRUDL for vault generic Password credential (#6161)
|
6 months ago |
|
Bharath Gajjala
|
5cf33fa8b3 |
feat(credentials): Add PasswordAttributes credential type (#6110)
|
6 months ago |
dani
|
4a7342b074
|
fix(credential/vault): add case for upd creds in injected creds switch (#6226)
|
6 months ago |
Hugo
|
84dd5543cf |
feat(handlers/credentiallibraries): Support Vault LDAP credential library
|
6 months ago |
Irena Rindos
|
b6849b1c15
|
fix(sess): grab kms wrapper before tx (#6052)
|
8 months ago |
dependabot[bot]
|
959fe3ebd3
|
chore(deps): bump the go group across 7 directories with 5 updates (#6035)
* chore(deps): bump the go group across 7 directories with 5 updates Bumps the go group with 4 updates in the / directory: [github.com/coder/websocket](https://github.com/coder/websocket), [github.com/docker/docker](https://github.com/docker/docker), [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) and [mvdan.cc/gofumpt](https://github.com/mvdan/gofumpt). Bumps the go group with 2 updates in the /api directory: [github.com/coder/websocket](https://github.com/coder/websocket) and [github.com/hashicorp/boundary/sdk](https://github.com/hashicorp/boundary). Bumps the go group with 1 update in the /plugins/boundary/mains/aws directory: [github.com/hashicorp/boundary/sdk](https://github.com/hashicorp/boundary). Bumps the go group with 1 update in the /plugins/boundary/mains/azure directory: [github.com/hashicorp/boundary/sdk](https://github.com/hashicorp/boundary). Bumps the go group with 1 update in the /plugins/boundary/mains/gcp directory: [github.com/hashicorp/boundary/sdk](https://github.com/hashicorp/boundary). Bumps the go group with 1 update in the /plugins/boundary/mains/minio directory: [github.com/hashicorp/boundary/sdk](https://github.com/hashicorp/boundary). Bumps the go group with 1 update in the /sdk directory: [github.com/coder/websocket](https://github.com/coder/websocket). Updates `github.com/coder/websocket` from 1.8.13 to 1.8.14 - [Release notes](https://github.com/coder/websocket/releases) - [Commits](https://github.com/coder/websocket/compare/v1.8.13...v1.8.14) Updates `github.com/docker/docker` from 28.3.3+incompatible to 28.4.0+incompatible - [Release notes](https://github.com/docker/docker/releases) - [Commits](https://github.com/docker/docker/compare/v28.3.3...v28.4.0) Updates `github.com/prometheus/client_golang` from 1.23.0 to 1.23.2 - [Release notes](https://github.com/prometheus/client_golang/releases) - [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md) - [Commits](https://github.com/prometheus/client_golang/compare/v1.23.0...v1.23.2) Updates `mvdan.cc/gofumpt` from 0.8.0 to 0.9.0 - [Release notes](https://github.com/mvdan/gofumpt/releases) - [Changelog](https://github.com/mvdan/gofumpt/blob/master/CHANGELOG.md) - [Commits](https://github.com/mvdan/gofumpt/compare/v0.8.0...v0.9.0) Updates `github.com/coder/websocket` from 1.8.13 to 1.8.14 - [Release notes](https://github.com/coder/websocket/releases) - [Commits](https://github.com/coder/websocket/compare/v1.8.13...v1.8.14) Updates `github.com/hashicorp/boundary/sdk` from 0.0.54 to 0.0.55 - [Release notes](https://github.com/hashicorp/boundary/releases) - [Changelog](https://github.com/hashicorp/boundary/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/boundary/compare/api/v0.0.54...api/v0.0.55) Updates `github.com/hashicorp/boundary/sdk` from 0.0.54 to 0.0.55 - [Release notes](https://github.com/hashicorp/boundary/releases) - [Changelog](https://github.com/hashicorp/boundary/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/boundary/compare/api/v0.0.54...api/v0.0.55) Updates `github.com/hashicorp/boundary/sdk` from 0.0.54 to 0.0.55 - [Release notes](https://github.com/hashicorp/boundary/releases) - [Changelog](https://github.com/hashicorp/boundary/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/boundary/compare/api/v0.0.54...api/v0.0.55) Updates `github.com/hashicorp/boundary/sdk` from 0.0.54 to 0.0.55 - [Release notes](https://github.com/hashicorp/boundary/releases) - [Changelog](https://github.com/hashicorp/boundary/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/boundary/compare/api/v0.0.54...api/v0.0.55) Updates `github.com/hashicorp/boundary/sdk` from 0.0.54 to 0.0.55 - [Release notes](https://github.com/hashicorp/boundary/releases) - [Changelog](https://github.com/hashicorp/boundary/blob/main/CHANGELOG.md) - [Commits](https://github.com/hashicorp/boundary/compare/api/v0.0.54...api/v0.0.55) Updates `github.com/coder/websocket` from 1.8.13 to 1.8.14 - [Release notes](https://github.com/coder/websocket/releases) - [Commits](https://github.com/coder/websocket/compare/v1.8.13...v1.8.14) --- updated-dependencies: - dependency-name: github.com/coder/websocket dependency-version: 1.8.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/docker/docker dependency-version: 28.4.0+incompatible dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/prometheus/client_golang dependency-version: 1.23.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: mvdan.cc/gofumpt dependency-version: 0.9.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: go - dependency-name: github.com/coder/websocket dependency-version: 1.8.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/hashicorp/boundary/sdk dependency-version: 0.0.55 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/hashicorp/boundary/sdk dependency-version: 0.0.55 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/hashicorp/boundary/sdk dependency-version: 0.0.55 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/hashicorp/boundary/sdk dependency-version: 0.0.55 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/hashicorp/boundary/sdk dependency-version: 0.0.55 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go - dependency-name: github.com/coder/websocket dependency-version: 1.8.14 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: go ... Signed-off-by: dependabot[bot] <support@github.com> * Format files with latest gofumpt --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com> |
8 months ago |
|
Irena Rindos
|
4527802c76 |
session(proxy cert):associate session with proxy certificates (#1606)
* ce: session(proxy cert):associate session with proxy certificates |
9 months ago |
irenarindos
|
92e6a6de26 |
rdp(repo): persist target proxy certificates
|
9 months ago |
|
Irena Rindos
|
cac944d948 |
chore(rdp): fix command text and cred conversion (#1656)
|
9 months ago |
Andrew Gaffney
|
f5cdf2a354 |
feat(api): Add RDP target attributes
|
9 months ago |
|
Hugo
|
7a6c4eeb56 |
feat(target): Enrich CredentialLibrary object with credential type
This allows for registered subtype-specific functions to perform logic using a credential library's credential types. |
9 months ago |
Andrew Gaffney
|
0824dd7d16 |
feat(handlers): CRUDL support for vault-generic Username-Password-Domain credentials (#1527)
--------- Co-authored-by: April-May <18632637+AprilMay0@users.noreply.github.com> |
9 months ago |
|
Hugo
|
fbcc256742 |
feat(handlers): Allow UPD brokered creds to be associated w/ Targets + Session auth
|
9 months ago |
|
Andrew Gaffney
|
f265ec4e5b |
feat(handlers): CRUDL support for static Username-Password-Domain credentials
|
9 months ago |
David Kanney
|
8a0c388a96
|
test(grants): Use 'continue' when iterating over expected outputs (#5981)
|
9 months ago |
Sorawis Nilparuk (Bo)
|
610aa340fc
|
fix authorized_collections_action not returning for host-catalog (#5899)
|
10 months ago |
|
Sorawis Nilparuk (Bo)
|
ababe653f9
|
add tests to all users API (#5879)
|
11 months ago |
|
Sorawis Nilparuk (Bo)
|
ee26fefc5e
|
bug: fix list target permissions resource ID overriding all resource grants (#5877)
* fix list target not handling all resources permissions * add test * fix same bug for session package * split target tests to two separate tests |
11 months ago |
|
David Kanney
|
807eb34a79
|
Remove plugins from host catalog init logic (#5875)
|
11 months ago |
|
David Kanney
|
e6e3c9b41e
|
Remove redundant TestCatalog initialization logic (#5874)
|
11 months ago |
|
Sorawis Nilparuk (Bo)
|
50303f9c18
|
bosorawis cherrypick authtoken.TestRoleGrantsForToken removal (#5872)
* bosorawis remove TestRoleGrantsForToken (#5840) * refactor auth method grants tests * refactor credential libraries grants tests * refactor hosts grants tests * refactor roles grants tests * refactor scopes grants tests * refactor tcp targets grants tests * refactor users grants tests * refactor worker grants tests * fix authmethod test broken during the refactor * remove authtoken.TestRoleGrantsForToken * add pinned ID test * correct event name * fix make gen and lint # Conflicts: # internal/daemon/controller/handlers/roles/grants_test.go # internal/daemon/controller/handlers/scopes/grants_test.go # internal/daemon/controller/handlers/targets/tcp/grants_test.go # internal/daemon/controller/handlers/workers/grants_test.go * remove one forgotten reference |
11 months ago |
Michael Milton
|
1f17313a39
|
Normalise grants and roles tables to improve grants query performance (#5846)
* Create function to define valid set of scopes for each resource (#5558) * Create function to define valid set of scopes for each resource * chore(iam): Update validScopeTypes() to use scope.AllowedIn() * chore(scope): Initialize with iota * feat(scope): Return an error instead scope.Unknown * feat(iam): Replace interface method `validScopeTypes` with `getResourceType` This allows us to call scope.AllowedIn() in one place vs in each implementation of `validScopeTypes` * chore(resource): Refactor other package functions into methods on resource.Type * fix(scope): Add defensive checks around invalid resource types * docs(resource): Add AllowedIn() to the areas to update when adding a new resource type * docs(resource): Improve error message when an invalid type is provided * test(grants): GrantsForUsers tests for Group resource (#5443) * test(grants): WIP: First stab at group associations * test(grants): Add GrantsForUser test for groups * chore(grants): Consolidate repetitive setup logic into functions * test(grants): Add GrantsForUser test for managed groups * test(grants): Add another user with different grants Ensure that non-applicable grants should not be returned because they are not applicable to the user * chore(grants): cleanup * chore(grants): Move common setup steps into a helper function * feat: Define new grants tables (#5486) Create new tables for grants: 1. `iam_role_global`: Roles that are placed in the global scope will be persisted in the `iam_role_global` table. A global role has a `grant_scope` which must be one of: * descendants * children * individual This enforces that a global role's grants either apply to: * All orgs and projects. * All orgs. * An individual set of orgs and/or projects. When the `grant_scope` is set to `individual`, entries for the specific set of orgs and/or projects can be added to the `iam_role_global_individual_grant_scope` table. Separately, a global role can be set to also apply its grant to the global scope by setting `grant_this_role_scope` to true. 2. `iam_role_org`: Roles that are placed in an org scope will be persisted in the `iam_role_org` table. An org role has a `grant_scope` which must be one of: * children * individual This enforces that an org role's grants either apply to: * All projects in the org. * An individual set of projects in the org. When the `grant_scope` is set to `individual`, entries for the specific set of projects can be added to the `iam_role_org_individual_grant_scope` table. **NOTE**: The projects must belong to the org's scope Separately, an org role can be set to also apply its grant to the org by setting `grant_this_role_scope` to true. 3. `resource_enm`: Contains all boundary resources. This is used by `iam_grant` to set the resource from a canonical_grant. 4. `iam_grant` Stores the canonical grant string and the resource for filtering on specific grants. Co-authored-by: Sorawis Nilparuk <sorawis.nilparuk@hashicorp.com> Co-authored-by: David Kanney <david.kanney@hashicorp.com> * add name scope id unique constraints to all iam_role tables (#5623) * Bosorawis domain iam role subtypes (#5626) * add subtype storage definitions * make gen * add all subtype definitions * add const for grant scope individual * remove unnecessary baseRole subtype * add new proto files to make target protobuild * make gen to get protoc-go-inject-tag * add clone, setTableName, and GetScope tests * add ResourceType and Actions test * add create and delete tests for globalROle * finish create and delete tests * add trigger for deleting base role * add trigger to sync update_time back to base iam_role table * add update tests * fix missing err checks * fix iam_role delete subtype trigger function name and use new.update_time instead of now() * add struct documentation to role subtypes * add version update check * add todo comment: * bosorawis sql split global grants scope table (#5638) * split iam_role_global_individual_grant_scope to have separate tables for org and project * small comment change * small comment change * WIP: add tests * remove grant_scope as immutable column * add trigger to delete individual grant scope when grant_scope changes * add a test that covers changing grant_scope * rename function and trigger in iam_role_global * improve assertion in sqltest for iam_role_global * update iam_role_org to delete redundant grants scope * minor comment fix * no longer handle individual grant scope deletion with triggers and rename some functions * add trigger test for grant_scope * rename delete_base_iam_role to delete_iam_role_subtype * SQL formatting use now() instead of interval * bosorawis domain iam implement getRoleScopeType (#5629) * implement getRoleScopeId * move query to query.go * improve notfound err message * improve other err messages * use named parameter and move getRoleScopeId implementation * moved getRoleScopeId test * rename getRoleScopeId to getRoleScopeType * fix public_id ambiguous error * undo unintended change to getUserWithAccount * fix the correct query * rename test * change error code to RecordNotFound * Update internal/iam/repository_role.go Co-authored-by: David Kanney <david.kanney@hashicorp.com> * switch to slice instead of counter --------- Co-authored-by: David Kanney <david.kanney@hashicorp.com> * domain: iam: upgrade repository code to use new tables (#5643) * implement getRoleScopeId * move query to query.go * improve notfound err message * improve other err messages * use named parameter and move getRoleScopeId implementation * moved getRoleScopeId test * rename getRoleScopeId to getRoleScopeType * fix public_id ambiguous error * undo unintended change to getUserWithAccount * fix the correct query * split iam_role_global_individual_grant_scope to have separate tables for org and project * small comment change * small comment change * WIP: add tests * remove grant_scope as immutable column * add trigger to delete individual grant scope when grant_scope changes * add a test that covers changing grant_scope * rename function and trigger in iam_role_global * improve assertion in sqltest for iam_role_global * update iam_role_org to delete redundant grants scope * minor comment fix * no longer handle individual grant scope deletion with triggers and rename some functions * rename test * add all subtype definitions * remove unnecessary baseRole subtype * add clone, setTableName, and GetScope tests * add ResourceType and Actions test * add create and delete tests for globalROle * finish create and delete tests * add trigger for deleting base role * add trigger to sync update_time back to base iam_role table * add update tests * fix missing err checks * fix iam_role delete subtype trigger function name and use new.update_time instead of now() * add struct documentation to role subtypes * add version update check * implement getRoleScopeId * implement getRoleScopeId * save * remove struct embedding from iam.Role * fix tests to use new iam.Role definition * repository_role_test.go move to new iam.Role model * repository_principal_role_test.go use new iam.Role model * repository_role_grant_test.go use new iam.Role model in test * add oplog info to sql schema * internal/iam/testing.go use new role schema in TestRole * add toRole helper function to all role subtype * remove tests that are no longer relevant * internal/iam/repository_scope.go use new iam model * internal/iam/repository_role_grant.go use new iam model * internal/iam/repository_principal_role.go use new iam model * internal/iam/repository_role_test.go add test case for global scoped role * internal/iam/repository_grant_scope.go use new iam model * fix query * make create and lookup role work and add tests * add role id to getRoleScopeId error message * make DeleteRole work with new model and add tests * fix update * ensure oplog.ReplayableMessage is implemented on all role subtypes * internal/iam/repository_role_grant.go fix slugging version properly * internal/iam/repository_role.go minor correction to error message saying org instead of scope * internal/iam/repository_role_test.go add more update tests * add immutable_fields tests * fix rebase * change error code to RecordNotFound * refactor to use getScopeType * fix delete test * add getRoleScope utility function * repository_principal_role.go: refactor to remove multiple switch statements * repository_role_grant.go: refactor to reduce LOC * repository_role.go small refactor to use alloc func * repository_grant_scope.go refactor * review comments * implement getRoleScopeId * move query to query.go * improve notfound err message * improve other err messages * use named parameter and move getRoleScopeId implementation * moved getRoleScopeId test * rename getRoleScopeId to getRoleScopeType * fix public_id ambiguous error * undo unintended change to getUserWithAccount * fix the correct query * rename test * change error code to RecordNotFound * Update internal/iam/repository_role.go Co-authored-by: David Kanney <david.kanney@hashicorp.com> * switch to slice instead of counter * fix merge mistakes * handling special scopes in test function * fix TestRoleWithGrants * fix minor typo * make gen * fix comment typos * Bosorawis domain iam role use new model list role (#5676) * add and use new list roles query * run make gen * tweaked returned error * replace tabs with spaces in query string * missed one tab * remove leading spaces --------- Co-authored-by: David Kanney <david.kanney@hashicorp.com> * Domain: iam: Repository: update list-grant-scope and test setup to use new model (#5679) * implement getRoleScopeId * move query to query.go * improve notfound err message * improve other err messages * use named parameter and move getRoleScopeId implementation * moved getRoleScopeId test * rename getRoleScopeId to getRoleScopeType * fix public_id ambiguous error * undo unintended change to getUserWithAccount * fix the correct query * split iam_role_global_individual_grant_scope to have separate tables for org and project * small comment change * small comment change * WIP: add tests * remove grant_scope as immutable column * add trigger to delete individual grant scope when grant_scope changes * add a test that covers changing grant_scope * rename function and trigger in iam_role_global * improve assertion in sqltest for iam_role_global * update iam_role_org to delete redundant grants scope * minor comment fix * no longer handle individual grant scope deletion with triggers and rename some functions * rename test * add all subtype definitions * remove unnecessary baseRole subtype * add clone, setTableName, and GetScope tests * add ResourceType and Actions test * add create and delete tests for globalROle * finish create and delete tests * add trigger for deleting base role * add trigger to sync update_time back to base iam_role table * add update tests * fix missing err checks * fix iam_role delete subtype trigger function name and use new.update_time instead of now() * add struct documentation to role subtypes * add version update check * implement getRoleScopeId * implement getRoleScopeId * save * remove struct embedding from iam.Role * fix tests to use new iam.Role definition * repository_role_test.go move to new iam.Role model * repository_principal_role_test.go use new iam.Role model * repository_role_grant_test.go use new iam.Role model in test * add oplog info to sql schema * internal/iam/testing.go use new role schema in TestRole * add toRole helper function to all role subtype * remove tests that are no longer relevant * internal/iam/repository_scope.go use new iam model * internal/iam/repository_role_grant.go use new iam model * internal/iam/repository_principal_role.go use new iam model * internal/iam/repository_role_test.go add test case for global scoped role * internal/iam/repository_grant_scope.go use new iam model * fix query * make create and lookup role work and add tests * add role id to getRoleScopeId error message * make DeleteRole work with new model and add tests * fix update * ensure oplog.ReplayableMessage is implemented on all role subtypes * internal/iam/repository_role_grant.go fix slugging version properly * internal/iam/repository_role.go minor correction to error message saying org instead of scope * internal/iam/repository_role_test.go add more update tests * add immutable_fields tests * fix rebase * change error code to RecordNotFound * refactor to use getScopeType * fix delete test * add getRoleScope utility function * repository_principal_role.go: refactor to remove multiple switch statements * repository_role_grant.go: refactor to reduce LOC * repository_role.go small refactor to use alloc func * repository_grant_scope.go refactor * review comments * implement getRoleScopeId * move query to query.go * improve notfound err message * improve other err messages * use named parameter and move getRoleScopeId implementation * moved getRoleScopeId test * rename getRoleScopeId to getRoleScopeType * fix public_id ambiguous error * undo unintended change to getUserWithAccount * fix the correct query * rename test * change error code to RecordNotFound * Update internal/iam/repository_role.go Co-authored-by: David Kanney <david.kanney@hashicorp.com> * switch to slice instead of counter * fix merge mistakes * handling special scopes in test function * fix TestRoleWithGrants * fix minor typo * make gen * fix comment typos * Bosorawis domain iam role use new model list role (#5676) * add and use new list roles query * run make gen * tweaked returned error * replace tabs with spaces in query string * missed one tab * remove leading spaces * move ListRoleGrantScopes to repository_grant_scope.go * rename repository_grant_scope to repository_role_grant_scope * add proto definition for global role individual grant scope tables * fix test from removing embeded struct from RoleGrantScope * add grant_scope to proto definition * implement GlobalRoleIndividualOrgGrantScope and GlobalRoleIndividualProjectGrantScope * update comment * run make gen to update comment * implement OrgRoleIndividualGrantScope and add tests * implement part of ListRoleGrantScopes * Add more test * add more test cases and remove add-grants test * unexport listRoleGrantScopes * use reader from function parameter instead of struct method * rename test to match actual function * run make gen * unexport individual grants structs * unexport individual grants structs - missed one file * change TestRole and TestRoleGrantScope function to support new model * add validation for special scopes * add role_org_individual_grant_scope.pb.go to protobuild make target * remove dead code from listRoleGrantScopes * fix testRoleGrantScopeSpecial not handling org role special scope properly * add back query removed by rebase --------- Co-authored-by: David Kanney <david.kanney@hashicorp.com> * feat: grantsForUser for Global Resources (#5612) * feat: grantsForUser for Global Resources add query to fetch grants for a user for resources that are only globally scoped * Update query based on change to bifurcate individual table * Create subtests for different resources * Return grant.grant_scope instead of the request scope * Remove 'individual' subquery & unused reqScope parameter * Use sql.Named for better readability * Fix op function name * Remove individual grant scope logic from global resource repo function No need to handle individual grant scopes since global resources can only be queried via 'this' grant scope at the global scope. * Fix row scan order * Remove data gen function * Adjust query formatting Remove canonical_grant filter from query. `iam_grant.canonical_grant` is a primary key, so it can't be null anyway -- no need to filter out null canonical grants * Use the consts for u_auth and u_anon * Specify "empty" instead of "NULL" in struct field comment * Build query args with `pq.Array` instead of `fmt.Sprintf` * Fix TestGrantsForUserGlobalResources No longer using a hard-coded value for roleVersion * Refactor grantsForUserGlobalResources tests into testcases * go mod tidy * Update query comment for correctness --------- Co-authored-by: dkanney <dkanney@terpmail.umd.edu> Co-authored-by: dkanney <david.kanney@hashicorp.com> * Bosorawis domain iam implement role grant scopes all (#5701) * implement getRoleScopeId * move query to query.go * improve notfound err message * improve other err messages * use named parameter and move getRoleScopeId implementation * moved getRoleScopeId test * rename getRoleScopeId to getRoleScopeType * fix public_id ambiguous error * undo unintended change to getUserWithAccount * fix the correct query * split iam_role_global_individual_grant_scope to have separate tables for org and project * small comment change * small comment change * WIP: add tests * remove grant_scope as immutable column * add trigger to delete individual grant scope when grant_scope changes * add a test that covers changing grant_scope * rename function and trigger in iam_role_global * improve assertion in sqltest for iam_role_global * update iam_role_org to delete redundant grants scope * minor comment fix * no longer handle individual grant scope deletion with triggers and rename some functions * rename test * add all subtype definitions * remove unnecessary baseRole subtype * add clone, setTableName, and GetScope tests * add ResourceType and Actions test * add create and delete tests for globalROle * finish create and delete tests * add trigger for deleting base role * add trigger to sync update_time back to base iam_role table * add update tests * fix missing err checks * fix iam_role delete subtype trigger function name and use new.update_time instead of now() * add struct documentation to role subtypes * add version update check * implement getRoleScopeId * implement getRoleScopeId * save * remove struct embedding from iam.Role * fix tests to use new iam.Role definition * repository_role_test.go move to new iam.Role model * repository_principal_role_test.go use new iam.Role model * repository_role_grant_test.go use new iam.Role model in test * add oplog info to sql schema * internal/iam/testing.go use new role schema in TestRole * add toRole helper function to all role subtype * remove tests that are no longer relevant * internal/iam/repository_scope.go use new iam model * internal/iam/repository_role_grant.go use new iam model * internal/iam/repository_principal_role.go use new iam model * internal/iam/repository_role_test.go add test case for global scoped role * internal/iam/repository_grant_scope.go use new iam model * fix query * make create and lookup role work and add tests * add role id to getRoleScopeId error message * make DeleteRole work with new model and add tests * fix update * ensure oplog.ReplayableMessage is implemented on all role subtypes * internal/iam/repository_role_grant.go fix slugging version properly * internal/iam/repository_role.go minor correction to error message saying org instead of scope * internal/iam/repository_role_test.go add more update tests * add immutable_fields tests * fix rebase * change error code to RecordNotFound * refactor to use getScopeType * fix delete test * add getRoleScope utility function * repository_principal_role.go: refactor to remove multiple switch statements * repository_role_grant.go: refactor to reduce LOC * repository_role.go small refactor to use alloc func * repository_grant_scope.go refactor * review comments * implement getRoleScopeId * move query to query.go * improve notfound err message * improve other err messages * use named parameter and move getRoleScopeId implementation * moved getRoleScopeId test * rename getRoleScopeId to getRoleScopeType * fix public_id ambiguous error * undo unintended change to getUserWithAccount * fix the correct query * rename test * change error code to RecordNotFound * Update internal/iam/repository_role.go Co-authored-by: David Kanney <david.kanney@hashicorp.com> * switch to slice instead of counter * fix merge mistakes * handling special scopes in test function * fix TestRoleWithGrants * fix minor typo * make gen * fix comment typos * Bosorawis domain iam role use new model list role (#5676) * add and use new list roles query * run make gen * tweaked returned error * move ListRoleGrantScopes to repository_grant_scope.go * rename repository_grant_scope to repository_role_grant_scope * add proto definition for global role individual grant scope tables * fix test from removing embeded struct from RoleGrantScope * add grant_scope to proto definition * implement GlobalRoleIndividualOrgGrantScope and GlobalRoleIndividualProjectGrantScope * update comment * run make gen to update comment * implement OrgRoleIndividualGrantScope and add tests * implement part of ListRoleGrantScopes * Add more test * add more test cases and remove add-grants test * unexport listRoleGrantScopes * use reader from function parameter instead of struct method * rename test to match actual function * run make gen * unexport individual grants structs * unexport individual grants structs - missed one file * change TestRole and TestRoleGrantScope function to support new model * add validation for special scopes * add role_org_individual_grant_scope.pb.go to protobuild make target * remove dead code from listRoleGrantScopes * fix testRoleGrantScopeSpecial not handling org role special scope properly * change proto grant_this default to true * make TestRole readback the role to get updated version * implement toRoleGrantScope function on the subtypes * implement conversion function * add tests and AddRoleGrantScope before refactor * working delete grant scope before refactor * remove unused functions * refactor repository_role_grant_scope.go * add tests for SetRoleGrantScopes * all tests passing * refactor repository_role_grant_scope.go again * run make gen * no longer embed Resource in roleScopeGranter interface and make interface all internal functions * add additional test case * fix minor typo * add a constraint check for iam_role_org.grant_scope * refactor and comment repository_role_grant_scope.go and add test cases * remove unused code * rename roleScopeGranter to roleGrantScopeUpdater * interface and function rename * address PR comments * remove redundant constraint on iam_role_org * address pr comments * grant this scope to role by default when creating a role * tweak comments and variable names --------- Co-authored-by: David Kanney <david.kanney@hashicorp.com> * feat: add grant_this_role_scope column to iam_role_project (#5738) * add grant_this_role_scope and sqltes for iam_project_role * update role_project.proto to add grant_this_role_scope field * fix missing fields in role_project.proto * support GrantThisRoleScope field in iam/testing.go * update repository_scope to set GrantThisRoleScope to true * add GrantThisRoleScope to projec role tests to role_test.go * add grant_this_role_scope check to query.go * update roleGrantScopeUpdater to split setGrantScope to setHierarchicalGrantScope and removeHierarchicalGrantScope * update create_role to set default vaule for iam_role_project.grant_this_role_scope * update set, add, delete, list role grant scopes to support grant_this_role_scope in project_role * rename methods * run make gen * make TestRole not bump version when creating roles with default 'this' grants * address pr comments * fix variable names * feat: grantsForUser for Org resources (#5663) * Create grantsForUser query for Org resources * Finish & format query * Change name of field in query From 'role_type' to 'role_parent_scope_id' * Finish grantsForUserOrgResources test - Refactor to match the usual testcase pattern - Use test functions to create test resources * Remove unnecessary check against GrantScopeThis "this" now has its own field and no longer lives alongside the other grant scopes, so we should not check for it against grantScope * Ignore children & descendant grant scopes when querying org resources The only grant_scope that mattters when querying org resources is 'this' * Refactor query to simplify repo function Create separate CTEs for each case: global special (children or descendant), global individual, and org (this). This allows us to query directly into perms.GrantTuple; no additional logic required. * feat: grantsForUser for Project resources (#5669) * Reuse testInput * Create grantsForUserProjectResources query * Create grantsForUserProjectResources repo func * Create tests for grantsForUserProjectResources * Split up CTEs by grant scope and simplify repo function * Add test cases for missing reqScope id * Remove unnecessary join to iam_scope_org table * Reuse 'roles_with_grants' CTE across the grantsForUser queriers * Change reqScope parameter type from `Scope` to `string` (#5748) * Change 'reqScope' parameter type to: string * Simplify grantsForUserGlobalQuery & repo func * Test: GrantsForUser for Accounts for various user to role relationships (#5631) * test(iam): Refactor GrantsForUser tests into a single test * test(iam): Extend TestGrantsForUser to include Account resource Note: These tests will fail until GrantsForUser is refactored to return only grants whose scopes are applicable to this resource * test(iam): test(iam): Add Target resource to TestGrantsForUser * feat: grantsForUser for recursive Global or Org resources (#5747) * Create query: grantsForUserGlobalAndOrgResourcesQuery * Create repo function: grantsForUserGlobalAndOrgResourcesRecursive * Create tests for grantsForUserGlobalAndOrgResources * Restrict recursive list for Global/Org resources to global scope only Return error for non-recursive scopes * Remove unused option parameter * Add additional scope and test cases - Test for grants against a resource with no permission granted for it - Test for grants against a specific resource id without an explicit type set in the grant string - Add a project scope to ensure its grants aren't returned * Return error when passed 'Unknown' or 'All' resource type * Use constants for 'unknown' & '*' resources * feat: grantsForUser for recursive Project resources (#5783) * Create query: grantsForUserProjectResourcesGlobalScopeQuery * Create query: grantsForUserProjectResourcesOrgScopeQuery * Create repo function: grantsForUserProjectResourcesRecursiveScopes * Add recursive testcases to existing grantsForUserProjectResource test function * Address PR feedback - Add testcases for Unknown & All resource types - Change a grant string to a pinned resource. Its resource type changed from Target type to Unknown type - Call through to grantsForUserProjectResources when reqScopeId is a project scope (i.e. a non-recursve scope) * Add 'Recursive' to query var naming * feat: migration hook grants refactor (#5733) * scaffolding * comments * rename migration number * implement FindIllegalAssociations for 97006 hook * refactor findIllegalAssociation query * implement RepairIllegalAssociations and refactor queries * make gen * fix missing err check * pr feedback fix hook fix message wording * sql formatting * update comment * sql formatting * Apply suggestions from code review Co-authored-by: David Kanney <david.kanney@hashicorp.com> * change 'illegal' to 'invalid' * pr comment feedback * small comment update --------- Co-authored-by: David Kanney <david.kanney@hashicorp.com> * feat: grantsForUser for Global/Org/Project resources (#5807) * Change naming to be consistent with other grantsForUser functions * Create grantsForUser query for global-scoped Global/Org/Proj resources * Create grantsForUser repo function for Global/Org/Proj resources * Create tests for grantsForUserGlobalOrOrgOrProjectResources * Create grantsForUser query for org-scoped Globa/Org/Proj resources * Add tests for grantsForUser Global/Org/Proj resource query's org & project request_scopes * Add clarifying comments and shorter naming convention * Add 'children' grant_scoped org roles to result set * feat: grants: add resource type parameters to GrantsForUser (#5750) * add resource.Type to auth.Verify callchain * remove WithType option * update internal/auth/additional_verification_test.go to no longer use WithType * handle explicit resource type in aclAndGrantHashForUser * update interceptor_test.go to use resource.Scope for testing auth.Verify * use resource.Scope to test Audit events * add godoc comment on GrantsForUser * add recursive options to iam * add recursive options to auth * internal/auth/ldap/managed_group_role_grants_test.go fix GrantsForUser signature * internal/daemon/controller/handlers/accounts/account_service_test.go fix GrantsForUser signature * update GrantsForUser godoc * replace GrantsForUser tests with a new version with scoped down grants * add mix type assignment to TestGrantsForUser * move GrantsForUser test to internal/iam/repository_role_grant_ext_test.go * remove unused options * rewrite GrantsForUser tests to match the new expectation * handle recursive call in s.authResult * fix missing import from rebase * resolve ListResolvableAlias destination permissions properly * use global scope for ListResolvableAlias aclAndGrantHashForUser * make auth.WithRecursive take boolean input * make iam.WithRecursive option takes a boolean input * auth/options_test.go add assertion for default option values * make gen * add back ACL tests to grants for user * Support previous grants use-cases (#5823) * rename parameter to TestManagedGroupMember * make replace old GrantsForUser with new queries * fix tests and bugs where global grants don't get resolved * remove unnecessary grants from grantsForUserProjectResourcesOrgScopeRecursiveQuery * return full grants for any recursive call * handle this and role scope ID in test * order list result by create time instead of update time * add missing err check * handle converting role scope ID to this in grant scope API * fix role service tests * correct default scope role name * add special handling in grantsForUser for scope resource * fix tests to match role creation that does not bump version * creating alias in invalid scope now returns permissions denied instead of internal * remove test which looks for account in an authmethod in project scope which is an invalid config * fix TestLdapManagedGroupRoleGrants to use scope appropriate resource for the test * fix TestFetchActionSetForId and split org/proj test cases * Validate reqScopeId for grantsForUserRecursive() * Update tests based on recursive grantsForUser changes * Remove last recursive function in favor of grantsForUserRecursive() * move Scope resource to be AllowedIn all scope types * allow multiple resouce types when calling auth.Verify down to GrantsForUsers * use append instead of ranging over slice * minor fix to tests * Skip default role creation to avoid returning default role in test * Update wantErrMsg to accommodate multiple resource types * Add new entries to TestGrantsForUser test results based on recursive query changes * Update unneccessaryRoles in recursive global/org test case based on changes to recursive query --------- Co-authored-by: dkanney <david.kanney@hashicorp.com> * Migrate roles and grants to new table structure (#5814) * Refactor migration files to create tables, functions, triggers, and complete the actual data migration in their own files. update migrations and tests clean up removed files rebase onto bosorawis-sql-grants-migration-hook * Add comments to migration files, clean up some formatting, and add 30k project roles to test migration efficiency update migrations go test file Delete duplicate test file * Fix formatting in migration files * Rename hook number to reflect new number of migration files split migrations into hook files, large test file, and more specific test functions * Include missed oss file * Apply suggestions from code review Co-authored-by: Sorawis Nilparuk (Bo) <sorawis.nilparuk@hashicorp.com> --------- Co-authored-by: Sorawis Nilparuk (Bo) <sorawis.nilparuk@hashicorp.com> * Refactor GrantsForUser subqueries to use aggregate functions (#5822) * Use shorter var name * Refactor grantsForUserGlobalResourcesQuery: Use aggregate function array_agg to reduce rows returned from DB Adding mutliple grants to a role exposes the need to aggregate certain fields (canonical_grant). - Before this change, a row is returned for each distinct canonical grant for each role. - After this change, only one row is returned per role. Each row contains an array of all canonical_grants that apply to the role. * Refactor grantsForUserOrgResourcesQuery: Use aggregate function array_agg to reduce rows returned from DB Adding mutliple grants to a role exposes the need to aggregate certain fields (individual_grant_scopes, canonical_grant). - Before this change, a row is returned for each distinct canonical grant for each role. - After this change, only one row is returned per role. Each row contains an array of all canonical_grants (and individual_grant_scopes) that apply to the role. * Refactor grantsForUserProjectResourcesQuery: Use aggregate function array_agg to reduce rows returned from DB Adding mutliple grants to a role exposes the need to aggregate certain fields (individual_grant_scopes, canonical_grant). - Before this change, a row is returned for each distinct canonical grant for each role. - After this change, only one row is returned per role. Each row contains an array of all canonical_grants (and individual_grant_scopes) that apply to the role. * Address PR feedback * Finish PR feedback * Remove unnecessary if-check * Match test name to function name * Refactor grantsForUserRecursiveQuery: Use aggregate function array_agg to reduce rows returned from DB * fix broken test (#5842) * update tests to not check a table that will be dropped in the migration (#5847) * Fix global scope's parent scope id (#5844) * Use variable over hard-coded string * 'global' scope should have no parent scope * Clean up migrated tables (#5837) * Refactor migration files to create tables, functions, triggers, and complete the actual data migration in their own files. update migrations and tests clean up removed files rebase onto bosorawis-sql-grants-migration-hook * Add comments to migration files, clean up some formatting, and add 30k project roles to test migration efficiency update migrations go test file Delete duplicate test file * Fix formatting in migration files * Rename hook number to reflect new number of migration files split migrations into hook files, large test file, and more specific test functions * Drop unneeded iam_role_grant_scope table and unneeded name, description, and version columns from iam_role * fix whitespace * fix broken sql from removing iam role grant scope (#5860) * Ensure table drop also cascades changes to cross-table dependencies * fix broken pgtap from removing iam-role-grant-scope table * drop trigger which deletes from iam-role-grant-scope --------- Co-authored-by: Michael Milton <michael.milton@hashicorp.com> * test(groups): add grants tests for groups API (#5403) * first test with all the required setup * v1 of test * add primitive func and more test * refactor read tests into a single top level * move token generation to a function * add test for creates * add delete tests * add update test * only check for version and update_time * move setup resource into testcase to support grants with specific ID * add member tests * add group-member test example with multiple actions * remove duplicate group membership tests * ran make gen * fix missing parentID bug * fix typo * fix test names and add test cases * switch from google/uuid to hashicorp/go-uuid * add comment to groupmember tests * small comment change * pull shared test utility code from PR #5418 * refactor role grants out of authtoken package * unexport utility function * Remove dead code * lint and make gen * fix role cration logic * fix password TestAccountFunc implementation * implement TestAccountFunc for LDAP * implement TestAccountFunc for OIDC * implement TestUserFunc for managed groups * use managed groups in grants test * undo removal of authtoken.TestAuthTokenWithRoles for future refactor * switch from list to map based test case for create tests * undo merge mistakes * fix merge mistakes * lint * add setup examples * add output fields tests for getgroup * reimplement with reflect * add test for CreateGroup * add all single resource action tests * add list test * rename function argument * move AssertOutputFields to handlers package * fix lint * make gen * use proto.Message instead of custom interface * switch to hashicorp/go-uuid * fix typo * fix error message * id= to ids= * make generating test accounts more randomized * Trigger CI checks * refactor auth/iam grants test setup * move a test to _test package * lint * minor comment fix * use Id instead of ID * make user/account setup in iam returns account instead of just account ID * missed one change * reorganize tests * make gen * feat: add grants tests for billing resource (#5559) * first test with all the required setup * v1 of test * add primitive func and more test * refactor read tests into a single top level * move token generation to a function * add test for creates * add delete tests * add update test * only check for version and update_time * move setup resource into testcase to support grants with specific ID * add member tests * add group-member test example with multiple actions * remove duplicate group membership tests * ran make gen * fix missing parentID bug * fix typo * fix test names and add test cases * switch from google/uuid to hashicorp/go-uuid * add comment to groupmember tests * small comment change * pull shared test utility code from PR #5418 * refactor role grants out of authtoken package * unexport utility function * Remove dead code * lint and make gen * fix role cration logic * fix password TestAccountFunc implementation * implement TestAccountFunc for LDAP * implement TestAccountFunc for OIDC * implement TestUserFunc for managed groups * use managed groups in grants test * undo removal of authtoken.TestAuthTokenWithRoles for future refactor * switch from list to map based test case for create tests * undo merge mistakes * fix merge mistakes * lint * add setup examples * add output fields tests for getgroup * reimplement with reflect * add test for CreateGroup * add all single resource action tests * add list test * rename function argument * move AssertOutputFields to handlers package * fix lint * make gen * use proto.Message instead of custom interface * switch to hashicorp/go-uuid * fix typo * fix error message * id= to ids= * make generating test accounts more randomized * Trigger CI checks * refactor auth/iam grants test setup * lint * minor comment fix * use Id instead of ID * make user/account setup in iam returns account instead of just account ID * missed one change * reorganize tests * make gen * feat: add grants tests for billing resource add test coverage for testing grants with billing resource. This tests `monthly-active-users` action with billing. billing does not support output_fields so there are no tests for that * add negative test coverage for descendant scope and org scope * move negative tests to the billing resource * revert alias changes * revert alias test name change * resolve rebase conflict --------- Co-authored-by: Sorawis Nilparuk <sorawis.nilparuk@hashicorp.com> * Add grants tests for accounts (#5566) * first test with all the required setup * v1 of test * add primitive func and more test * small comment change * refactor role grants out of authtoken package * undo removal of authtoken.TestAuthTokenWithRoles for future refactor * undo merge mistakes * fix merge mistakes * Trigger CI checks * refactor auth/iam grants test setup * Trigger CI checks * add CRUDL tests * add change-password and set-password tests * add UpdateAccount, ChangePassword, SetPassword tests * add ListAccount output_fields test * make gen * fix error message * rebased against llb * make gen * fix post rebase * fix typo * make some tests use type-specific grants * fix rebase issue * add negative test to read * test(credentials): Add grants tests (#5608) * test(credentials): List tests * test(credentials): Get tests * test(credentials): Add "attributes" output_field & one its subtypes to the Read tests * test(credentials): Create tests * test(credentials): Update tests * test(credentials): Delete tests * test(credentials): Add additional test cases for pinned cred store id * feat: add grants tests for alias (#5550) * first test with all the required setup * v1 of test * add primitive func and more test * refactor read tests into a single top level * move token generation to a function * add test for creates * add delete tests * add update test * only check for version and update_time * move setup resource into testcase to support grants with specific ID * add member tests * add group-member test example with multiple actions * remove duplicate group membership tests * ran make gen * fix missing parentID bug * fix typo * fix test names and add test cases * switch from google/uuid to hashicorp/go-uuid * add comment to groupmember tests * small comment change * pull shared test utility code from PR #5418 * refactor role grants out of authtoken package * unexport utility function * Remove dead code * lint and make gen * fix role cration logic * fix password TestAccountFunc implementation * implement TestAccountFunc for LDAP * implement TestAccountFunc for OIDC * implement TestUserFunc for managed groups * use managed groups in grants test * undo removal of authtoken.TestAuthTokenWithRoles for future refactor * switch from list to map based test case for create tests * undo merge mistakes * fix merge mistakes * lint * add setup examples * add output fields tests for getgroup * reimplement with reflect * add test for CreateGroup * add all single resource action tests * add list test * rename function argument * move AssertOutputFields to handlers package * fix lint * make gen * use proto.Message instead of custom interface * switch to hashicorp/go-uuid * fix typo * fix error message * id= to ids= * make generating test accounts more randomized * Trigger CI checks * refactor auth/iam grants test setup * lint * minor comment fix * use Id instead of ID * make user/account setup in iam returns account instead of just account ID * missed one change * reorganize tests * make gen * feat: add grants tests for alias add test coverage for testing grants with alias resource. This tests all actions with aliases and different grant scopes * add tests for output fields * add more test cases for actions, id * update output assert to use shared assert function * rebase * use hashicorp/go-uuid instead of google/uuid --------- Co-authored-by: Sorawis Nilparuk <sorawis.nilparuk@hashicorp.com> Co-authored-by: Elim Tsiagbey <elim.tsiagbey@hashicorp.com> * test: add grants tests for host_catalogs (#5573) * first test with all the required setup * v1 of test * add primitive func and more test * refactor read tests into a single top level * move token generation to a function * add test for creates * add delete tests * add update test * only check for version and update_time * move setup resource into testcase to support grants with specific ID * add member tests * add group-member test example with multiple actions * remove duplicate group membership tests * ran make gen * fix missing parentID bug * fix typo * fix test names and add test cases * switch from google/uuid to hashicorp/go-uuid * add comment to groupmember tests * small comment change * pull shared test utility code from PR #5418 * refactor role grants out of authtoken package * unexport utility function * Remove dead code * lint and make gen * fix role cration logic * fix password TestAccountFunc implementation * implement TestAccountFunc for LDAP * implement TestAccountFunc for OIDC * implement TestUserFunc for managed groups * use managed groups in grants test * undo removal of authtoken.TestAuthTokenWithRoles for future refactor * switch from list to map based test case for create tests * undo merge mistakes * fix merge mistakes * lint * add setup examples * add output fields tests for getgroup * reimplement with reflect * add test for CreateGroup * add all single resource action tests * add list test * rename function argument * move AssertOutputFields to handlers package * fix lint * make gen * use proto.Message instead of custom interface * switch to hashicorp/go-uuid * fix typo * fix error message * id= to ids= * make generating test accounts more randomized * Trigger CI checks * refactor auth/iam grants test setup * move a test to _test package * lint * minor comment fix * use Id instead of ID * make user/account setup in iam returns account instead of just account ID * missed one change * reorganize tests * make gen * Trigger CI checks * test: add grants tests for host_catalogs * add test coverage for output fields and write actions * add missing error check assertions * fixup! address PR comments * fixup! fix lint errors * chore(host_catalogs_test): Remove duplicate import * test(hostcatalogs): Add tests for actions w/o grants * test(hostcatalogs): Use ldap managed group for all test cases * feat: add grants tests for billing resource (#5559) * first test with all the required setup * v1 of test * add primitive func and more test * refactor read tests into a single top level * move token generation to a function * add test for creates * add delete tests * add update test * only check for version and update_time * move setup resource into testcase to support grants with specific ID * add member tests * add group-member test example with multiple actions * remove duplicate group membership tests * ran make gen * fix missing parentID bug * fix typo * fix test names and add test cases * switch from google/uuid to hashicorp/go-uuid * add comment to groupmember tests * small comment change * pull shared test utility code from PR #5418 * refactor role grants out of authtoken package * unexport utility function * Remove dead code * lint and make gen * fix role cration logic * fix password TestAccountFunc implementation * implement TestAccountFunc for LDAP * implement TestAccountFunc for OIDC * implement TestUserFunc for managed groups * use managed groups in grants test * undo removal of authtoken.TestAuthTokenWithRoles for future refactor * switch from list to map based test case for create tests * undo merge mistakes * fix merge mistakes * lint * add setup examples * add output fields tests for getgroup * reimplement with reflect * add test for CreateGroup * add all single resource action tests * add list test * rename function argument * move AssertOutputFields to handlers package * fix lint * make gen * use proto.Message instead of custom interface * switch to hashicorp/go-uuid * fix typo * fix error message * id= to ids= * make generating test accounts more randomized * Trigger CI checks * refactor auth/iam grants test setup * lint * minor comment fix * use Id instead of ID * make user/account setup in iam returns account instead of just account ID * missed one change * reorganize tests * make gen * feat: add grants tests for billing resource add test coverage for testing grants with billing resource. This tests `monthly-active-users` action with billing. billing does not support output_fields so there are no tests for that * add negative test coverage for descendant scope and org scope * move negative tests to the billing resource * revert alias changes * revert alias test name change * resolve rebase conflict --------- Co-authored-by: Sorawis Nilparuk <sorawis.nilparuk@hashicorp.com> * Add grants tests for accounts (#5566) * first test with all the required setup * v1 of test * add primitive func and more test * small comment change * refactor role grants out of authtoken package * undo removal of authtoken.TestAuthTokenWithRoles for future refactor * undo merge mistakes * fix merge mistakes * Trigger CI checks * refactor auth/iam grants test setup * Trigger CI checks * add CRUDL tests * add change-password and set-password tests * add UpdateAccount, ChangePassword, SetPassword tests * add ListAccount output_fields test * make gen * fix error message * rebased against llb * make gen * fix post rebase * fix typo * make some tests use type-specific grants * fix rebase issue * add negative test to read * test(credentials): Add grants tests (#5608) * test(credentials): List tests * test(credentials): Get tests * test(credentials): Add "attributes" output_field & one its subtypes to the Read tests * test(credentials): Create tests * test(credentials): Update tests * test(credentials): Delete tests * test(credentials): Add additional test cases for pinned cred store id * feat: add grants tests for alias (#5550) * first test with all the required setup * v1 of test * add primitive func and more test * refactor read tests into a single top level * move token generation to a function * add test for creates * add delete tests * add update test * only check for version and update_time * move setup resource into testcase to support grants with specific ID * add member tests * add group-member test example with multiple actions * remove duplicate group membership tests * ran make gen * fix missing parentID bug * fix typo * fix test names and add test cases * switch from google/uuid to hashicorp/go-uuid * add comment to groupmember tests * small comment change * pull shared test utility code from PR #5418 * refactor role grants out of authtoken package * unexport utility function * Remove dead code * lint and make gen * fix role cration logic * fix password TestAccountFunc implementation * implement TestAccountFunc for LDAP * implement TestAccountFunc for OIDC * implement TestUserFunc for managed groups * use managed groups in grants test * undo removal of authtoken.TestAuthTokenWithRoles for future refactor * switch from list to map based test case for create tests * undo merge mistakes * fix merge mistakes * lint * add setup examples * add output fields tests for getgroup * reimplement with reflect * add test for CreateGroup * add all single resource action tests * add list test * rename function argument * move AssertOutputFields to handlers package * fix lint * make gen * use proto.Message instead of custom interface * switch to hashicorp/go-uuid * fix typo * fix error message * id= to ids= * make generating test accounts more randomized * Trigger CI checks * refactor auth/iam grants test setup * lint * minor comment fix * use Id instead of ID * make user/account setup in iam returns account instead of just account ID * missed one change * reorganize tests * make gen * feat: add grants tests for alias add test coverage for testing grants with alias resource. This tests all actions with aliases and different grant scopes * add tests for output fields * add more test cases for actions, id * update output assert to use shared assert function * rebase * use hashicorp/go-uuid instead of google/uuid --------- Co-authored-by: Sorawis Nilparuk <sorawis.nilparuk@hashicorp.com> Co-authored-by: Elim Tsiagbey <elim.tsiagbey@hashicorp.com> * test(hostcatalogs): Add an additional project to "create" test cases --------- Co-authored-by: Sorawis Nilparuk <sorawis.nilparuk@hashicorp.com> Co-authored-by: dkanney <dkanney@terpmail.umd.edu> Co-authored-by: David Kanney <david.kanney@hashicorp.com> * Add grants tests for authmethods (#5569) * test(authmethods): Simplify read actions test cases * test(authmethods): Create grants tests for write actions * test(authmethods): Create test cases for action: authenticate * test(authmethods): Update tests to use userFunc & other changes from upstream branch * test(authmethods): Add output_fields to ReadActions tests * test(authmethods): Add output_fields to WriteActions tests * chore(authmethods_test): Consolidate common output fields into a single struct * test(authmethods): Add test cases for project roles * test(authmethods): Fix authenticate testcases * test(authmethods): Add tests granting permission to specific ids using multiple roles * test(hostsets): add grants tests (#5591) * test(hostsets): List tests * test(hostsets): Get tests * test(hostsets): Create tests * test(hostsets): Update tests * test(hostsets): Delete tests * test(hostsets}: AddHostSetHosts tests * test(hostsets): RemoveHostSetHosts tests * test(hostsets): SetHostSetHosts tests * test(hostsets): Use unique host-catalog names to avoid duplicate key DB errors * test(hostsets): Add second project to enforce exclusivity when Listing host-sets * test: credentials store grants (#5592) * first test with all the required setup * v1 of test * add primitive func and more test * refactor read tests into a single top level * move token generation to a function * add test for creates * add delete tests * add update test * only check for version and update_time * move setup resource into testcase to support grants with specific ID * add member tests * add group-member test example with multiple actions * remove duplicate group membership tests * ran make gen * fix missing parentID bug * fix typo * fix test names and add test cases * switch from google/uuid to hashicorp/go-uuid * add comment to groupmember tests * small comment change * pull shared test utility code from PR #5418 * refactor role grants out of authtoken package * unexport utility function * Remove dead code * lint and make gen * fix role cration logic * fix password TestAccountFunc implementation * implement TestAccountFunc for LDAP * implement TestAccountFunc for OIDC * implement TestUserFunc for managed groups * use managed groups in grants test * undo removal of authtoken.TestAuthTokenWithRoles for future refactor * switch from list to map based test case for create tests * undo merge mistakes * fix merge mistakes * lint * add setup examples * add output fields tests for getgroup * reimplement with reflect * add test for CreateGroup * add all single resource action tests * add list test * rename function argument * move AssertOutputFields to handlers package * fix lint * make gen * use proto.Message instead of custom interface * switch to hashicorp/go-uuid * fix typo * fix error message * id= to ids= * make generating test accounts more randomized * Trigger CI checks * refactor auth/iam grants test setup * lint * minor comment fix * use Id instead of ID * make user/account setup in iam returns account instead of just account ID * missed one change * save * add list tests * add get test * add create and delete test * add delete and update tests * more tests * fix collection_authorized_actions grants not resolving * complete output_fields tests * fix import groups * make gen * fixed broken tests * fix rebase * switch all tests to TestUserGroupGrantsFunc * remove duplicate test * test: add grants tests for managed groups resource (#5642) * test: add grants tests for managed groups resource * PR reviews * address PR comments * test: add grants tests for auth tokens resource (#5644) * test: add grants tests for auth tokens resource * add authorized actions tests for resources with sub-resources (#5835) * add authorized actions tests for resources with sub-resources * make gen * bosorawis remove TestRoleGrantsForToken (#5840) * refactor auth method grants tests * refactor credential libraries grants tests * refactor hosts grants tests * refactor roles grants tests * refactor scopes grants tests * refactor tcp targets grants tests * refactor users grants tests * refactor worker grants tests * fix authmethod test broken during the refactor * remove authtoken.TestRoleGrantsForToken * add pinned ID test * correct event name * fix make gen and lint * Remove old test Role creation code Removing leftover logic from old grants data model because it caused Group-association tests to fail * update go mod * run make gen and move new migrations to new folder (#5862) * run make gen and move new migrations to new folder * make tools and make gen * update hook number * update prior migration * move 97005 to 97001 for consistency * test: add grants tests for session resource (#5855) * add grants tests for sessions * fix missing parentScopeId * make gen * Resolve GrantsForUser queries via resolveQuery() (#5836) * Add validation for nil resource type * Remove redundant recursive test * Refactor GrantsForUser() to perform query resolution & data mapping - Remove grantsForUser sub-functions - Resolve grantsForUser queries via resolveQuery() - resolveQuery() and map data to GrantTuples in GrantsForUser() * remove dead code --------- Co-authored-by: Sorawis Nilparuk <sorawis.nilparuk@hashicorp.com> * add grants tests for scope resource (#5845) (#5865) * 'List' tests for scopes * 'Get' tests for scopes * 'Create' tests for scopes * 'List Key Version Destruction Jobs' tests for scopes * Add output_fields testing to 'Get' test * Add additional test case for list-key-version-destruction-jobs * test: add grants tests for roles resource (#5864) * add grants tests for roles * make gen * test: add grants tests for worker resource (#5841) * add read createControllerLed createWorkerLed tests # Conflicts: # internal/daemon/controller/handlers/workers/grants_test.go * minor refactor * add output fields tests for list * add tests for addworkertags readcertificateauthority reinitializecertificateauthority * finish all worker api tests * fix make gen and lint * fix unchecked error lint * add missing output fields assertion * Bosorawis fix set role grant scope not handle children grant already exist (#5868) * add new test case where role already has children and attempt to set children and individual project * handle case where role already has children grant scope attempt to set children and project * test: add grants tests for target resource (#5861) * additional tests to target resource * add test coverage for SetTargetCredentialSources * make gen * review suggestions * test: add grants test for user resource and fix ACL bug (#5869) * add some list-resolvable-aliases tests * fix missing fields * add more test and found edge case with children grants * more list-resolvable test cases * fix edge case where resource ids not overlapping between parent and child are not considered * resolve conflict * remove name, version, description from expect output_fields * remove name and description from toProto and add godoc comment --------- Co-authored-by: David Kanney <david.kanney@hashicorp.com> Co-authored-by: Elim Tsiagbey <elim.tsiagbey@hashicorp.com> Co-authored-by: Sorawis Nilparuk <sorawis.nilparuk@hashicorp.com> Co-authored-by: Elim Tsiagbey <elimty02@gmail.com> Co-authored-by: dkanney <dkanney@terpmail.umd.edu> |
11 months ago |
|
Hugo
|
a65d5d8573
|
feat: Normalize fields across various Boundary components (#5599)
Normalizes various IP/Address/Host fields across Boundary resources/components to comply with IPv6 specifications. |
1 year ago |
|
Irena Rindos
|
f7c55678e0
|
chore: remove more dead code (#5640)
|
1 year ago |
|
Irena Rindos
|
28b9840878
|
chore: remove dead target service code (#5639)
|
1 year ago |
Johan Brandhorst-Satzkorn
|
3a49c8c483
|
Update golang.org deps and Go version (#5595)
* Update golang.org deps and Go version * Upgrade golangci-lint * all: fix new vet warnings https://github.com/golang/go/issues/60529 introduced a new vet warning for when format strings are used without arguments, which is technically a bug since it shouldn't be using the functions taking format string arguments in those cases. |
1 year ago |
Damian Debkowski
|
29ab0c3594
|
fix(handlers): resolve nil reference pointer for authorize session (#5596)
|
1 year ago |
|
Sorawis Nilparuk (Bo)
|
7c4451dc73
|
Bug: fix groups in children scopes being filtered out by grants (#5418)
* add utility functions for grants tests * use passed in scopeID to create user * add test for groups list * groups: set ParentScopeId before FetchActionSetForId * add comment to TestRoleGrantsForToken * lint and ran make gen * fix import groups * add an additional test case * remove print * changelog * fix(alias): set parent scope id for alias resource (#5434) set the `ParentScopeId` before fetching authorized actions for alias * fix(worker): set parent scope id for worker resource (#5435) set the `ParentScopeId` before fetching authorized actions for worker * fix(user): children scopes being filtered out by grants for user (#5436) * fix(user): children scopes being filtered out by grants for user Resources are being filtered out due to missing ParentScopeId when constructing Resource to pass into authResults.FetchActionSetForId. * fix(scope): set parent scope id for worker resource (#5439) set the `ParentScopeId` before fetching authorized actions for worker * fix(target): set parent scope id for target resource (#5447) set the `ParentScopeId` before fetching authorized actions for target * fix(roles): set parent scope id for roles resource (#5452) * fix(roles): set parent scope id for roles resource set the `ParentScopeId` before fetching authorized actions for role resource * test(managed-group): add grants test coverage (#5453) * fix(managed-group): set parent scope id for managed-group resource set the ParentScopeId before fetching authorized actions for managed resource * fix(host): set parent scope id for host resource (#5455) set the `ParentScopeId` before fetching authorized actions for host resource * fix(host-set): set parent scope id for host-set resource (#5456) set the ParentScopeId before fetching authorized actions for host-set resource * fix(host-catalog): set parent scope id for host-catalog resource (#5457) set the ParentScopeId before fetching authorized actions for host-catalog resource * fix(credential-store): set parent scope id for credential-store resource (#5458) set the ParentScopeId before fetching authorized actions for credential-store resource * fix(authmethods): set parent scope ID for auth methods resource (#5448) * handlers/authmethods: fix children permission * documentation * formatting * fix(credential): set parent scope id for credential resource (#5459) set the `ParentScopeId` before fetching authorized actions for credential resource * fix(accounts): bug grants filter children accounts (#5431) * handlers/accounts: fix children grants filtering out results unexpectedly * make gen * fix(authtokens): set parent scope ID for auth token resource (#5451) * fix authtokens not passing children scope ID * make gen * fix(credential-libraries): set parent scope ID (#5463) * fix(common) set parent ID before fetching action setsparent ID before fetching action sets (#5467) * fix(common) set parent ID before fetching action sets * make gen * additional test * rename test * more tests * remove duplicate test * make gen * Update CHANGELOG.md Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com> --------- Co-authored-by: Elim Tsiagbey <elim.tsiagbey@hashicorp.com> Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com> |
1 year ago |
April Ayres
|
b18b586ec8
|
add noOp license validator function (#5468)
|
1 year ago |
|
Irena Rindos
|
dfe4f91be3
|
refactor(server): refactor worker tags (#5445)
* refactor(server): refactor worker tags |
1 year ago |
|
Johan Brandhorst-Satzkorn
|
ec0a3f964b
|
Worker status refactor (#5417)
* oss: feat(proto): statistics rpc added to server coordination service * oss: feat(session): add update statistics status service * oss: feat(handlers): add Statistics method to worker service server * oss: feat(worker): add statistics ticking * oss: internal/proto: define the new RoutingInfo RPC * oss: internal/server: repository changes for RoutingInfo RPC * oss: internal/daemon: add RoutingInfo handler to worker service The new RoutingInfo RPC is used to get information from the worker that is used to make routing decisions on the controller. It also handles the initial request from the worker. * oss: feat(db): server_worker_session_info table * oss: feat(proto): session info rpc for server coordination service * oss: feat(server): worker session info request data type * oss: feat(worker): session info ticker * oss: feat(handler): server coordination handler for session info * oss: feat(session): utilize session info request time for session cleanup * oss: proto: fix some gotags comments Some of these fields were missing comments, while others had incorrectly formatted comments. * oss: worker: send connection status to server This is required for the correct tracking of orphaned connections * oss: internal/daemon/worker: add function to wait for Statistics RPC * oss: internal/daemon/worker: add routing info RPC The new RoutingInfo RPC replaces part of the Status RPC, namely the part which is used by the controller and worker to perform decisions around the establishment of new sessions and new worker connections. * oss: internal/daemon/worker: remove unnecessary error check * oss: internal/daemon/worker: lock access to config and upstreams The new confLock protects access to the conf value and to the addressReceivers slice. * oss: worker: replace Status RPC with RoutingInfo * oss: worker: deprecate the Status RPC and related types The Status RPC and related messages have been replaced by the RoutingInfo/SessionInfo/Statistics RPCs. The controller will continue to support the Status RPC until two new minor versions have been released. * oss: internal/event: add default deny for new worker RPCs * oss: internal/daemon/worker: allow RPC interval to be set The new SessionInfo/RoutingInfo/Statistics RPCs run at long intervals, which make some of our cluster tests take a long time to complete. This allows their interval to be configured in tests. * oss: all: use TestWorkerRPCInterval in slow tests This should speed up these tests significantly. * oss: internal/tests/cluster: reset sys eventer in test --------- Co-authored-by: Damian Debkowski <damian.debkowski@hashicorp.com> |
1 year ago |
|
Hugo
|
846c849589
|
Worker Domain Refactor (#5338)
* feat(server): Refactor LookupWorkerByName to be a test method * feat(server): Split worker tags table * refact(worker): Export api and config tags * refact(server): Return worker id from UpsertWorkerStatus * refact(server): Create ListWorkerStorageBucketUpdates domain function * refact(server): Use dedicated HCPb-worker list func * refact(server): Create ConnectionRoute domain function * refact(handlers): Move worker selection logic to internal/server package This commit moves all the logic to select a worker to handle a session to the internal/server package. Most functions were moved to this package with no changes, however, there are a couple of notable exceptions: - Given that we don't use GRPC errors in repos, all errors were adjusted to use the internal/errors package instead. - StorageBucketFilterCredIdFn is now used to prevent the internal/server package from importing internal/storage/plugin, which would cause a dep cycle. Callers of SelectSessionWorkers must implement this func which is responsible for returning a storage bucket's worker filter as well as its associated credential id. - authorizeSessionWithWorkerFilter now receives an internal/server.(*Repository) object when called. This is transparent to SelectSessionWorkers callers as it is handled internally. * feat(server): Add FilteredWithFeatures fn and new server options * refact(server): create new list and lookup worker queries * test(server): Add WorkerList unit tests * feat(server): Implement WorkerList randomness using crypto/rand pkg * chore(db): add index to server_worker table * refact(server): prefix test method with Test * refact(server): rename Downstreamers interface to Graph * chore(server): unexport and rename method * chore: add doc string to WorkerAddress (#5420) --------- Co-authored-by: Irena Rindos <irenarindos@users.noreply.github.com> Co-authored-by: irenarindos <irena.rindos@gmail.com> |
1 year ago |
|
David Kanney
|
2342e4b644
|
fix(target): Assign session connection limit to SessionAuthorization.ConnectionLimit (#5396)
* fix(target): Assign session connection limit to SessionAuthorization.ConnectionLimit * test(target): Update TestAuthorizeSession & TestAuthorizeSessionTypedCredentials to check session connection limit |
1 year ago |
|
Johan Brandhorst-Satzkorn
|
a2be306eb4
|
More managed groups limit fixes (#5245)
* internal/handlers/managed_groups: ensure membership lookup is unlimited Previously, we would only show the first 10,000 members in the group, giving the impression that a complete list was performed. Now we list all members. * internal/handlers/accounts: ensure group lookup is unlimited Previously, we would only show the first 10,000 managed group memberships. Now we list all group memberships of an account. |
2 years ago |
|
dani
|
62c41191ff
|
[fix] allow IPv6 controllers, workers, and targets (#5221)
Co-authored-by: Damian Debkowski <damian.debkowski@hashicorp.com> |
2 years ago |
|
Hugo
|
b8046a3ef3 |
feat(handlers/host_catalogs): Support plugin host catalog worker filter
|
2 years ago |
Jeff Mitchell
|
62d4f8453b
|
Don't explode grants from the DB (#5104)
This removes the Cartesian product in the DB for GrantsForUser in favor
of returning the actual grant scope information and dealing with it in
application code.
(cherry picked from commit
|
2 years ago |
David Bond
|
660e2063a4
|
Return HTTP 400 status for inactive OIDC auth methods (#5048)
This commit modifies the OIDC authentication start method to return a 400 (Bad Request) error if a client attempts to start the authentication flow against an OIDC auth method that is set to inactive. This is something we noticed in our error logs in HCP Boundary that is impacting our SLOs. Previously this returned its own error code which is mapped to a 500 response. Tests have been updated to catch this new scenario. Signed-off-by: David Bond <davidsbond93@gmail.com> |
2 years ago |
Elim Tsiagbey
|
306c722750
|
feat: Add support for capturing URL actions in request info (#5044)
* feat: Add support for capturing URL actions in request info
- Pass request context to services to validate actions.
- Validate actions for auth methods during authentication. `/v1/auth-methods/{{AUTH_METHOD_ID}}:authenticate:callback` is currently only supported on `OIDC` auth methods. An error is thrown if `:callback` is not supported
|
2 years ago |
|
Elim Tsiagbey
|
123286cf94
|
feat: Validate LDAP URL port number (#5046)
Add validation for the port number in LDAP URLs. If a port number is provided, it is checked to ensure it is a valid integer and within the valid range. This validation helps prevent errors when configuring LDAP authentication. |
2 years ago |
|
Damian Debkowski
|
c0cf5c4e1b |
feat(api): return remote storage states for worker
|
2 years ago |
|
Damian Debkowski
|
00e4c5448b |
feat: workers filtered by sbc state
|
2 years ago |
|
Jeff Mitchell
|
4e0c2d79ac
|
Add grant scope IDs to role list (#4893)
This adds grant_scope_ids in the output of role listing. The lookup for grant scope IDs was changed to allow taking in a set of roles instead of just a single role, and the results are collated afterwards. --------- Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com> |
2 years ago |
|
Johan Brandhorst-Satzkorn
|
c6f3c375f3
|
api: remove deprecated grant_scope_id field (#4886)
* api: remove deprecated grant_scope_id field The grant_scope_id field was deprecated in 0.15.0, so we can remove it for 0.17.0. * Fix tests * Fix more tests * Remove an option and some related code that stuck around * Fix bats tests --------- Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com> |
2 years ago |
|
Irena Rindos
|
61e7ab4738
|
Allow descriptions to contain newlines and other whitespace (#2599)
* Allow names and descriptions to contain newlines and other whitespace * separate validate name from validate description * update changelog --------- Co-authored-by: Danielle Miu <29378233+DanielleMiu@users.noreply.github.com> |
2 years ago |
|
David Bond
|
0c25dbad13
|
Use appropriate gRPC error codes for OIDC (#4877)
This commit makes modifications to the OIDC request handlers to return appropriate gRPC status codes on errors. Before this change, boundary presents the internal error codes to clients. This causes problems for reverse proxies, as these status codes are mapped to non-standard HTTP response codes which are ultimately all turned into 500 responses when 4xx status codes are more appropriate and descriptive of the error returned. Some modifications in this commit include calls to `event.WriteError` so that the internal error is written to the controller log for visibility. Comments about potential duplicate logs are now removed as `event.WriteError` is not called when using functions from the `handlers` package. Signed-off-by: David Bond <davidsbond93@gmail.com> |
2 years ago |
Michael Li
|
e18e3ab783
|
test: Fix tests due to time (#4855)
* test(billing): Calculate time deltas from a fixed time Some time calculations are impacted when using the current day vs. the start of the month. * test(db): Conditionally skip tests at end of month Certain tests fail when run on the last day of the month because of edge cases in the setup of test data (for example, if today is May 31 and NZ time is June 1). This adds conditional logic to skip those tests when run on the last day of a month. * CR: typo |
2 years ago |
|
Irena Rindos
|
16d23fa55f
|
bug(scopes): scopes list returns 500 without perms (#4731)
|
2 years ago |