boundary

Commit Graph

Author	SHA1	Message	Date
Jeff Mitchell	bb6ece69b6	Remove unused struct member	6 years ago
Jeff Mitchell	9cbc7b5c3d	Add connection close call from worker to controller (#387 )	6 years ago
Jeff Mitchell	7ff4b7f106	Send connected RPC to controller (#386 )	6 years ago
Jeff Mitchell	4669c95999	Pass more session info around, make proxy UX nicer (#385 )	6 years ago
Todd Knight	e937b0ea27	Sessions Read/List/Cancel API and SDK (#369 )	6 years ago
Jeff Mitchell	f7e48ec836	Plumb connection limit to proxy and output it (#384 )	6 years ago
Jeff Mitchell	7db0e2a5ed	Fix database check	6 years ago
Jeff Mitchell	697ea561e0	Fix breakage from dual merges	6 years ago
Jim	5764b2c70a	return States as a field of Connection repo operations. (#382 )	6 years ago
Jeff Mitchell	edffc7863d	Change connection limit to -1 for unlimited so it works with TF (#383 ) * Migrate connection limit unlimited value to -1 * Fix authorization check	6 years ago
Jeff Mitchell	5214f14105	Work on connection authorization (#381 )	6 years ago
Jim	223591d835	return connection authz info from session.AuthorizeConnection (#380 )	6 years ago
Jim	66400c9cff	changes needed for sessions.AuthorizeConnection (#377 )	6 years ago
Jeff Mitchell	ee7cdde7de	Add trace code for when we add port to controller address	6 years ago
Jeff Mitchell	5bf555cca2	Remove connection idle timeout seconds for now (#379 )	6 years ago
Jeff Mitchell	e002326293	Plumb timeouts to worker and set appropriate deadlines (#378 )	6 years ago
Jeff Mitchell	0a3f9b8357	Rename connection idle timeout duration -> seconds and sessions max duration -> seconds (#376 )	6 years ago
Jeff Mitchell	62baef1b7e	Add multi connection parameters through targets and into session creation (#375 ) * Update protos and gen * Add new values to targets CLI command * Lots more plumbing of new parameters through everything * allow fields to be set to zero value. * Disallow set but empty name/description strings in create/update verifiers Co-authored-by: Jim Lambert <jlambert@hashicorp.com>	6 years ago
Jeff Mitchell	07a7e9750a	Tie together the database-driven session handling with the worker and add relevant CLI comands (#370 )	6 years ago
Jim	e7e70b1b94	new domain functions for the session repo (#368 )	6 years ago
Jim	7e927203e8	schema changes to support multi-connections (#372 )	6 years ago
Jeff Mitchell	ff8ce053e1	Don't try to recreate resources when adding test cluster members	6 years ago
Jeff Mitchell	8bef1d734a	Fix mismatch in default role creation permissions	6 years ago
Jim	611288bdc7	basic sessions (#337 )	6 years ago
Jeff Mitchell	0a44ed3edd	Fix global scope lookup (#367 ) The changed auth logic + verify logic in the scope handler pass the parent ID for validation, which is correct, as a scope lives in its parent ID. However, the global scope has no parent, and the changes resulted in an empty ID being passed in rather than the global scope itself. This fixes that lookup.	6 years ago
Jeff Mitchell	a67d5c8abb	When logging urls, also log method	6 years ago
Jeff Mitchell	37e9fed2e3	Allow not destroying dev databases (#366 ) This also shifts some logic around to better prepare for non-dev-mode workloads, although it does not actually call the KMS creation functions and initial auth method creation from non-dev commands yet.	6 years ago
Jeff Mitchell	c4e2b88022	Add database URL. (#365 ) * Add database URL. This allows specification of either a file://, env://, or other string. If it starts with file:// or env:// the actual value will be read from those resources. * Tidy up the KMS output * Also run migrations in test mode when specifying the URL	6 years ago
Jeff Mitchell	4ef0c57a39	Fix r_default description typo	6 years ago
Jeff Mitchell	3c13e4765d	Verbose isn't actually used right now so don't expose it; fix some wording for scope id flag	6 years ago
Jeff Mitchell	570e52cabb	Add missing set-grants to role command	6 years ago
Todd Knight	f96fa25157	Add Auth Account id to Auth Token response (#363 )	6 years ago
Jeff Mitchell	f4ad22b247	Move default port to a TCP target attribute (#361 )	6 years ago
Jeff Mitchell	eb88d0381a	Fix default port update handling	6 years ago
Jeff Mitchell	a598fdfb13	Fix targets CLI command	6 years ago
Jeff Mitchell	97985883df	Fix token storage	6 years ago
Jeff Mitchell	a00ee7a948	Add Result types to Go SDK and properly populate body/map fields (#358 )	6 years ago
Jeff Mitchell	1b2f73d1d4	Fix some old logic in some CLI commands (#357 )	6 years ago
Jeff Mitchell	6201357902	Use scope-specific token DEKs (#342 )	6 years ago
Todd Knight	b998591add	Adding and updating host address validation checks (#350 )	6 years ago
Todd Knight	33e7b4538e	WorkerCoordination and GetSession API refactoring (#354 ) * Possible api changes. * Worker API update. * Updating import alias name. * Moving session down a level as a member of the GetSessionResponse. * Marshal the auth flag into the GetSessionResponse proto instead of the session.	6 years ago
Jeff Mitchell	2914b4c14c	Use base58 for a few more user-facing values (#356 )	6 years ago
Jeff Mitchell	1f80edbffc	Add missing default-port flag to targets command (#355 )	6 years ago
Jeff Mitchell	41ed95bdec	Remove old-style pathing (#353 )	6 years ago
Jeff Mitchell	c689af4306	Implement a TOFU mechanism on auth to worker (#348 ) This sets us up to better support multiple connections per session at some future point.	6 years ago
Jim	e119466233	stop oplogging tokens and allow for a time skew (#343 )	6 years ago
Jeff Mitchell	60396e4384	Properly populate ScopeInfo from group member actions (#340 )	6 years ago
Jeff Mitchell	ff0d49b6e4	Use previous method of getting recovery wrapper	6 years ago
Jeff Mitchell	f8237fb945	Move some packages into SDK, out of internal	6 years ago
Jeff Mitchell	36f975a952	Add some recovery KMS functions needed for external clients (#339 )	6 years ago
Jeff Mitchell	f94f21fd97	Update API codes (#336 )	6 years ago
Todd Knight	99d5456d7a	Scopes type field and types in updates allowed (#335 )	6 years ago
Todd Knight	c3ecea172d	Generate new version of SDK resources and Add Tests (#331 )	6 years ago
Jim	96e4b1cdba	add option db.WithSkipVetForWrite(true) so the db tests don't get intercepted by app validation (#332 )	6 years ago
Todd Knight	1c2c078e0a	Adding Authz checks that support new pathing (#328 )	6 years ago
Jim	3d944a616f	fix name typo (#330 )	6 years ago
Jeff Mitchell	23156afa11	Add in most of the proxy flow (#326 )	6 years ago
Jeff Mitchell	1822c47ef5	Migrate KMS code to the new database DEKs (#324 )	6 years ago
Todd Knight	c55153ff3d	Fix allowed scope checks and added tests for creating in global scope. (#327 )	6 years ago
Michael Gaffney	4ae3a52056	Define session database schema (#322 ) * Define session database schema * Update comments * Add insert trigger for session state * Add canceling state and update foreign keys to 'set null' on delete	6 years ago
Todd Knight	37e56ab46b	Pathing updated to support new and old styles (#323 )	6 years ago
Jim	f29869b715	support for additional deks: oplog, session and token and new CreateKeysTx() (#321 )	6 years ago
Jeff Mitchell	ee35a92f7f	Fix space issue in protobuf that apparently doesn't matter? Also apparently postgres migrations weren't run.	6 years ago
Jim	f3dd62d5d8	database DEKs (#317 )	6 years ago
Todd Knight	544e78b593	Target Handler and SDK CRUDL & add\|set\|remove-host-sets methods. (#310 )	6 years ago
Todd Knight	24ec9620ca	fix: Correct missed name updates to OutgoingInterceptor.	6 years ago
Jeff Mitchell	c4522aa813	Update host sets and auth system to new paradigm (#319 )	6 years ago
Todd Knight	0aba6db720	Enable Split Cookies (#318 )	6 years ago
Jeff Mitchell	a4c20164f3	Add add/remove/set hosts functions to host-sets command (#316 )	6 years ago
Jim	09112d1e96	refactor and remove kms/common pkg (#315 )	6 years ago
Jeff Mitchell	514856c020	Fix broken CLI output	6 years ago
Jeff Mitchell	b8c8d29008	Switch ordering of CLI create/update vs static commands (#314 )	6 years ago
Jeff Mitchell	1f065316ee	Initial (#313 )	6 years ago
Jeff Mitchell	20aef738c4	Add host-catalogs CLI command. (#312 )	6 years ago
Jeff Mitchell	17ecb6f2ce	Separate accounts/host catalogs/host sets into their own packages (#311 )	6 years ago
Jeff Mitchell	936c970635	Remove unneeded and breaking test	6 years ago
Jeff Mitchell	28df6eb7b0	Update config encrypt/decrypt CLI command (#309 ) This updates the command to our emergent standards. It also enables using a separate config file for a config kms, which allows non-string values to be encrypted. This allowed some nice cleanup as well.	6 years ago
Jeff Mitchell	274afa6b02	Shave off an IAM lookup if the user is the anonymous user (#305 ) * Shave off an IAM lookup if the user is the anonymous user * Fix build * If authz failures are turned off, make the token type unknown instead of invalid * Change returned token format when authz failures are disabled * Change logic back * Fix logic	6 years ago
Jeff Mitchell	b53812a5c1	Add ability to skip automatic auth method creation (#306 ) This is useful if you, for instance, want Terraform to be 100% responsible for creation of resources (outside of the static ones that cannot be removed or modified, like u_anon). This will mean using the recovery mechanism for initial setup, but that isn't an issue once TF supports that :-)	6 years ago
Jeff Mitchell	490be8a7e4	Add ability to skip role creation on scope create (#308 ) * Initial work on scope creation skipping * Fix things	6 years ago
Todd Knight	e4da5e9ab5	add\|set\|remove-hosts for host-sets SDK and API (#304 ) * Adding ability to add host set members. * Adding SDK and API for add\|set\|remove hosts.	6 years ago
Jim	fcb61d4b67	targets repo (#298 )	6 years ago
Michael Gaffney	58dec98ea2	Rename table from servers to server (#307 )	6 years ago
Michael Gaffney	9ca8a4ec20	Host set members (#301 ) * Update host set member test * Add ListSetMembers method signature and doc * Move repository methods for host set members to new file * Add TestSetMembers * Implement ListSetMembers * Return hosts from ListSetMembers * Implement AddSetMembers * Implement DeleteSetMembers * Use sql.QueryContext not sql.Query * Implement SetSetMembers * Refactor: extract getHosts method * Refactor: extract createMembers method * Refactor: extract common functions * Return correct count of changed In SetSetMembers, retrieving the current list of hosts in the set happens after the transaction to modify the set has completed. This retrieval can result in an error but the number of modified rows is not effected. * Make list set members an unexported method * Get hosts within the same transaction as mutations of the set * Return hosts of set from LookupSet method * Return hosts of set from UpdateSet method * Remove listSetMembers * Fix merge conflict * Add NOTE and TODOs about using new pattern in "SetMembers" methods	6 years ago
Jeff Mitchell	39721047e4	Fix CORS test	6 years ago
Michael Gaffney	de162c5533	Replace and remove ErrNilParameter with ErrInvalidParameter (#295 )	6 years ago
Jeff Mitchell	8f579c75c3	paum -> ampw (#303 )	6 years ago
Jeff Mitchell	74544f6324	Encrypt tokens on the way out and decrypt on the way in (#302 ) * Encrypt tokens on the way out and decrypt on the way in This isn't a security feature related to tokens specifically; it's so that we can discard cryptographically bad tokens before we ever hit the DB. This way we can't pass through a DDoS to the database due to fetching obviously invalid token values. I'm using base58 to encode the resulting value as there aren't great base62 options, and allowing base64 / and + values can hamper usability by creating copying/highlighting breaks.	6 years ago
Jeff Mitchell	647d5502b5	Change ListServers to use SeachWhere (#300 )	6 years ago
Jeff Mitchell	ac4d9fa311	Add nonce storage and replay prevention test (#293 )	6 years ago
Jeff Mitchell	a1490228b8	Add address to worker status tracing	6 years ago
Todd Knight	c4d3414016	Add Host Set CUDLR handler and SDK (#290 )	6 years ago
Todd Knight	e423b6589e	Request Validation logic moved into a helper (#296 ) * Move all the validation logic into a helper tool. * Adding tests for verifier helpers.	6 years ago
Jeff Mitchell	414a2ab2c3	Remove some dead, dead, dead, dead code	6 years ago
Michael Gaffney	14dd7b49b2	Add method signatures for host set operations (#291 ) * Add method signatures for host set operations * Rename ReplaceSetMembers to SetSetMembers	6 years ago
Michael Gaffney	b24fc185a7	Export TestSets helper function (#292 )	6 years ago
Michael Gaffney	3a3cdd7219	Static host set repository methods (#289 ) * Implement CreateSet * Implement UpdateSet * Implement LookupSet * Implement ListSets * Implement DeleteSet * Remove unused parameter from test helper function * Update to use new kms structure * Remove unused parameter for test helper function * Fix resource-type string for host set	6 years ago
Jeff Mitchell	b47cca0329	Add (non-db aspects of) the recovery key workflow (#286 )	6 years ago
Todd Knight	d5678c4f80	Handler for Host CRUDL actions (#287 )	6 years ago
Todd Knight	7474e956dd	List Catalogs for Repo and API Handler (#288 )	6 years ago

1 2 3 4 5 ...

401 Commits (cli-labels)