boundary

Commit Graph

Author	SHA1	Message	Date
Jeff Mitchell	b60e356b6c	Add username to SSH as well (#441 )	6 years ago
Jeff Mitchell	61a0ae02c1	Bring go-alpnmux in house for now	6 years ago
Jeff Mitchell	b650695e82	Add rdp/postgres subcommands (#437 )	6 years ago
Todd Knight	fd0da998e8	SDK error revamp (#432 ) SDK methods now return 1 error. To differentiate between Client errors and Server errors I've also implemented the AsServerError function which returns an *api.Error if it is an error originating from the remote server or nil otherwise.	6 years ago
Jeff Mitchell	94f9d952be	Add connect -exec and ssh subcommand support (#434 )	6 years ago
Jeff Mitchell	e86c11db62	Add session lifecycle info to controller's INFO log. (#431 ) This required some plumbing, but nothing major.	6 years ago
Jeff Mitchell	10a41c914e	Force worker to use the local controller when running in combined mode (#429 )	6 years ago
Christian Frichot	3940842c4d	Remove legacy references to Vault's API (#426 )	6 years ago
Jeff Mitchell	41a3c66ea1	Add names to init output (#428 )	6 years ago
Jeff Mitchell	7fcbffbe88	Remove not-set value. (#427 ) I don't think the conditions exist here that necessitated it being introduced into Vault, but I do sometimes see a baffling condition where the address coming from the flag is empty. I don't think we need this so take it out.	6 years ago
Jeff Mitchell	31fe9292b3	Instantiate default resources (#425 )	6 years ago
Jeff Mitchell	8d8a7358f8	Add AdditionalVerification function (#423 )	6 years ago
Todd Knight	278902db1a	Allow target type field to be included in an update. (#412 )	6 years ago
Todd Knight	2f8d7f0a32	API Errors: Hide and log internal errors (#411 )	6 years ago
Jeff Mitchell	03436a73de	Update CLI output functions to show scope info and cleanup (#416 )	6 years ago
Jeff Mitchell	38ce9d9eac	Combine controller and worker commands (#415 )	6 years ago
Jeff Mitchell	0a4669e96d	Remove dev mode from controller/worker, and streamline flags on dev command (#413 )	6 years ago
Michael Gaffney	36d465476c	Name all the check constraints in the database (#410 ) * Name all of the check constraints * Run 'make migrations'	6 years ago
Jim	57da9f918e	cancel a session when one of its FKs is set to null (#406 )	6 years ago
Michael Gaffney	f0c84de49c	Disambiguate auth_account scope_id by adding iam_user_scope_id column (#407 )	6 years ago
Jim	cfc76eb88f	add support for WithSessionIds in ListSesions (#395 )	6 years ago
Jeff Mitchell	262ff06042	Add public address config option (#405 )	6 years ago
Christian Frichot	475c6cdebe	Fix updated help text for the authenticate base command so it aligns with the password subcommand (#401 )	6 years ago
Christian Frichot	9e6c016223	Add JSON formatted output for authenticate password cli command (#402 )	6 years ago
Christian Frichot	874a7180ea	Fix segfault with boundary sessions help output (#403 )	6 years ago
Jeff Mitchell	e9b91f323f	Allow port to not be specified in listener address (#404 )	6 years ago
Jeff Mitchell	dd06615c2e	Add database initialization command (#400 )	6 years ago
Jeff Mitchell	7e3c174b70	Disallow deletion of r_default (#398 ) If it's a useful named resource and people accidentally delete it e.g. with TF, they can't get it back. This doesn't affect TF's ability to manage it, just delete.	6 years ago
Jeff Mitchell	f25186f78a	Standardize on one spelling of "canceled" (#399 )	6 years ago
Jeff Mitchell	35c3f5b717	Use 'at' for auth token prefix (#397 )	6 years ago
Jeff Mitchell	6a09e0966e	Fix some broken tests that were expecting nil but are now getting an empty struct	6 years ago
Todd Knight	21f5cc274f	Don't return nil, nil for API service methods. Add tests for updating w/ wrong version. (#396 )	6 years ago
Jeff Mitchell	1adbe64160	Update some tests that are failing due to 300 nano difference in time comparisons between create and lookup (#393 )	6 years ago
Jeff Mitchell	d3606e14b6	Set wrapper on client, not token, so it doesn't fail KMS recovery on update calls	6 years ago
Michael Gaffney	d52fb81e68	Change the default max session for a target to 8 hours (#392 ) * Change the default max session for a target to 8 hours * Run 'make migrations'	6 years ago
Jeff Mitchell	27d728875c	Cleanup session state enum (#394 ) It's up to the worker to understand what a change in state means, so there was no functional difference between simply sending a state change request and a cancel request.	6 years ago
Jim	b334aeff41	refactor CancelSession and updateStates to be idempotent (#390 )	6 years ago
Christian Frichot	72de1a6916	Fix WATCHTWER ENV variable names (#389 )	6 years ago
Jeff Mitchell	9b2646eaf9	Fix retry behavior with KMS recovery and misleading error message (#391 )	6 years ago
Jeff Mitchell	5747ea603e	Fix nil pointer with revamped chosen host ID logic	6 years ago
Jeff Mitchell	fcdaf129a3	Add missing continue in close function	6 years ago
Jeff Mitchell	33b0021547	Add Sessions CLI command and add session cleanup to worker (#388 )	6 years ago
Jeff Mitchell	bb6ece69b6	Remove unused struct member	6 years ago
Jeff Mitchell	9cbc7b5c3d	Add connection close call from worker to controller (#387 )	6 years ago
Jeff Mitchell	7ff4b7f106	Send connected RPC to controller (#386 )	6 years ago
Jeff Mitchell	4669c95999	Pass more session info around, make proxy UX nicer (#385 )	6 years ago
Todd Knight	e937b0ea27	Sessions Read/List/Cancel API and SDK (#369 )	6 years ago
Jeff Mitchell	f7e48ec836	Plumb connection limit to proxy and output it (#384 )	6 years ago
Jeff Mitchell	7db0e2a5ed	Fix database check	6 years ago
Jeff Mitchell	697ea561e0	Fix breakage from dual merges	6 years ago
Jim	5764b2c70a	return States as a field of Connection repo operations. (#382 )	6 years ago
Jeff Mitchell	edffc7863d	Change connection limit to -1 for unlimited so it works with TF (#383 ) * Migrate connection limit unlimited value to -1 * Fix authorization check	6 years ago
Jeff Mitchell	5214f14105	Work on connection authorization (#381 )	6 years ago
Jim	223591d835	return connection authz info from session.AuthorizeConnection (#380 )	6 years ago
Jim	66400c9cff	changes needed for sessions.AuthorizeConnection (#377 )	6 years ago
Jeff Mitchell	ee7cdde7de	Add trace code for when we add port to controller address	6 years ago
Jeff Mitchell	5bf555cca2	Remove connection idle timeout seconds for now (#379 )	6 years ago
Jeff Mitchell	e002326293	Plumb timeouts to worker and set appropriate deadlines (#378 )	6 years ago
Jeff Mitchell	0a3f9b8357	Rename connection idle timeout duration -> seconds and sessions max duration -> seconds (#376 )	6 years ago
Jeff Mitchell	62baef1b7e	Add multi connection parameters through targets and into session creation (#375 ) * Update protos and gen * Add new values to targets CLI command * Lots more plumbing of new parameters through everything * allow fields to be set to zero value. * Disallow set but empty name/description strings in create/update verifiers Co-authored-by: Jim Lambert <jlambert@hashicorp.com>	6 years ago
Jeff Mitchell	07a7e9750a	Tie together the database-driven session handling with the worker and add relevant CLI comands (#370 )	6 years ago
Jim	e7e70b1b94	new domain functions for the session repo (#368 )	6 years ago
Jim	7e927203e8	schema changes to support multi-connections (#372 )	6 years ago
Jeff Mitchell	ff8ce053e1	Don't try to recreate resources when adding test cluster members	6 years ago
Jeff Mitchell	8bef1d734a	Fix mismatch in default role creation permissions	6 years ago
Jim	611288bdc7	basic sessions (#337 )	6 years ago
Jeff Mitchell	0a44ed3edd	Fix global scope lookup (#367 ) The changed auth logic + verify logic in the scope handler pass the parent ID for validation, which is correct, as a scope lives in its parent ID. However, the global scope has no parent, and the changes resulted in an empty ID being passed in rather than the global scope itself. This fixes that lookup.	6 years ago
Jeff Mitchell	a67d5c8abb	When logging urls, also log method	6 years ago
Jeff Mitchell	37e9fed2e3	Allow not destroying dev databases (#366 ) This also shifts some logic around to better prepare for non-dev-mode workloads, although it does not actually call the KMS creation functions and initial auth method creation from non-dev commands yet.	6 years ago
Jeff Mitchell	c4e2b88022	Add database URL. (#365 ) * Add database URL. This allows specification of either a file://, env://, or other string. If it starts with file:// or env:// the actual value will be read from those resources. * Tidy up the KMS output * Also run migrations in test mode when specifying the URL	6 years ago
Jeff Mitchell	4ef0c57a39	Fix r_default description typo	6 years ago
Jeff Mitchell	3c13e4765d	Verbose isn't actually used right now so don't expose it; fix some wording for scope id flag	6 years ago
Jeff Mitchell	570e52cabb	Add missing set-grants to role command	6 years ago
Todd Knight	f96fa25157	Add Auth Account id to Auth Token response (#363 )	6 years ago
Jeff Mitchell	f4ad22b247	Move default port to a TCP target attribute (#361 )	6 years ago
Jeff Mitchell	eb88d0381a	Fix default port update handling	6 years ago
Jeff Mitchell	a598fdfb13	Fix targets CLI command	6 years ago
Jeff Mitchell	97985883df	Fix token storage	6 years ago
Jeff Mitchell	a00ee7a948	Add Result types to Go SDK and properly populate body/map fields (#358 )	6 years ago
Jeff Mitchell	1b2f73d1d4	Fix some old logic in some CLI commands (#357 )	6 years ago
Jeff Mitchell	6201357902	Use scope-specific token DEKs (#342 )	6 years ago
Todd Knight	b998591add	Adding and updating host address validation checks (#350 )	6 years ago
Todd Knight	33e7b4538e	WorkerCoordination and GetSession API refactoring (#354 ) * Possible api changes. * Worker API update. * Updating import alias name. * Moving session down a level as a member of the GetSessionResponse. * Marshal the auth flag into the GetSessionResponse proto instead of the session.	6 years ago
Jeff Mitchell	2914b4c14c	Use base58 for a few more user-facing values (#356 )	6 years ago
Jeff Mitchell	1f80edbffc	Add missing default-port flag to targets command (#355 )	6 years ago
Jeff Mitchell	41ed95bdec	Remove old-style pathing (#353 )	6 years ago
Jeff Mitchell	c689af4306	Implement a TOFU mechanism on auth to worker (#348 ) This sets us up to better support multiple connections per session at some future point.	6 years ago
Jim	e119466233	stop oplogging tokens and allow for a time skew (#343 )	6 years ago
Jeff Mitchell	60396e4384	Properly populate ScopeInfo from group member actions (#340 )	6 years ago
Jeff Mitchell	ff0d49b6e4	Use previous method of getting recovery wrapper	6 years ago
Jeff Mitchell	f8237fb945	Move some packages into SDK, out of internal	6 years ago
Jeff Mitchell	36f975a952	Add some recovery KMS functions needed for external clients (#339 )	6 years ago
Jeff Mitchell	f94f21fd97	Update API codes (#336 )	6 years ago
Todd Knight	99d5456d7a	Scopes type field and types in updates allowed (#335 )	6 years ago
Todd Knight	c3ecea172d	Generate new version of SDK resources and Add Tests (#331 )	6 years ago
Jim	96e4b1cdba	add option db.WithSkipVetForWrite(true) so the db tests don't get intercepted by app validation (#332 )	6 years ago
Todd Knight	1c2c078e0a	Adding Authz checks that support new pathing (#328 )	6 years ago
Jim	3d944a616f	fix name typo (#330 )	6 years ago
Jeff Mitchell	23156afa11	Add in most of the proxy flow (#326 )	6 years ago
Jeff Mitchell	1822c47ef5	Migrate KMS code to the new database DEKs (#324 )	6 years ago

1 2 3 4 5 ...

443 Commits (malnick-err-cli-update)