boundary

Commit Graph

Author	SHA1	Message	Date
Haotian	340cfb0d88	refactor(metric): adds filter function to collector init method (#2695 )	3 years ago
Todd	a0600138fa	Fix wrapped reverse grpc listener (#2687 )	3 years ago
Todd	b6c0ccc1e8	Refactor proxy handler to separate connection and protocol handling (#2678 )	3 years ago
Haotian	fbd0a8272b	feat(metric): adds accepted/closed connections counters to worker and controller servers (#2668 ) * adds counters and changelog entry	3 years ago
Irena Rindos	5b162a4433	add worker version to network graph (#2672 ) * add worker version to network graph	3 years ago
Danielle	5f8d292ea1	Inject Custom Response Headers By Status (#2587 ) * add custom ResponseWriter struct to inject custom response headers based on status code * docs * upgrade listenerutil * fix config tests * replace all instances of "data:" with "data:" to reflect changes to listenerutil swapping strings.HasPrefix in favor of mux.Handler for ui request matching * set ui path as const * add custom response headers to changelog	3 years ago
Irena Rindos	834a2a88f7	feat(targets): Addition of egress and ingress worker filters (#2654 ) * feat(targets): Addition of egress and ingress worker filters	3 years ago
Haotian	2b84013379	Revert " feat(metric): adds accepted/closed connections counters for controller and worker cluster connections (#2656 )" for failing a build test (#2660 ) This reverts commit `80f72b8511`.	3 years ago
Haotian	80f72b8511	feat(metric): adds accepted/closed connections counters for controller and worker cluster connections (#2656 ) same contents as PR https://github.com/hashicorp/boundary/pull/2593 but this time actually push to main	3 years ago
Johan Brandhorst-Satzkorn	8908dccf6d	Forward port some release fixes (#2631 ) * fix(worker): Verify contents of loaded session (#2629) * fix(worker): Verify contents of loaded session Previously, it was possible for an empty private key to be used when the session had no user or project associated with it. The new checks guarantee that we will fail gracefully in these cases. * Check against len instead of nil * Add CHANGELOG * fix(session): Always invoke all parts of session cancel trigger The session cancelation trigger would not set the key_id to null appropriately if another one of the fields on the session was already null, since that case statement would be matched first. The new structure matches all statements, in case any of them have special logic (such as in the project case).	3 years ago
Irena Rindos	70e20b5cf5	revert merge llb-multihop-sessions (#2628 )	3 years ago
Johan Brandhorst-Satzkorn	edd323b73a	Key Rotation/Destruction (#2477 ) (#2607 ) * Key Rotation/Destruction (#2477) * fix: Correct kms.CreateKeys comment This method does not return anything. * feat(kms): Add new ListKeys method The new ListKeys method wraps the underlying KMS wrapper, returning all the keys in the scope specified. * feat(scopes): Add new scope actions for key management Adds list-keys, rotate-keys and revoke-keys actions for scopes. * feat(scopes): Add ListKeys API endpoint This new endpoint lists all keys in a scope * feat(api): Add ListKeys to Scopes client This has to be a custom function because it is a custom action and doesn't map well to any of the existing templates, or generalises well in a way that would make it reasonable to create a new template. * feat(cli): Add new scopes list-keys command * add RotateKeys function to the kms repository * Add Rotate Keys Endpoint to Scopes Api (#2360) * add rotate keys endpoint * add tests for RotateKeys endpoint * remove that one comment I forgot about * addressing more PR comments * Add Rotate Keys CLI Command (#2395) * add cli command and client * add bats tests * fix some info text and pr comments * write a new rotate keys description * Add Missing DEK Foreign Keys (#2408) * add missing fks * mark key as nullable in gorm * update tests to use a new wrapper with a real key_id * fix formatting in test and add keys for auth_token test * replace key values * revert postgres_40_01_test.go * style: reformat sql for readability * refactor: change type of key_id columns to kms_private_id * Store key_id and scope_id with oplog entries, re-type columns referencing data key version (#2431) * fix(db): Correct types of data key version referencers * fix(oplog): Fix missing error handling * feat(oplog): Store key_id and scope_id with oplog entries This migration truncates all existing oplog entries, as migrating existing data would have been complex and likely unnecessary. * Update view references * Always delete oplog entries when dropping keys * Fix rebase issues * Fix sql tests * Add schema for new kms destruction jobs (#2479) * feat: Add schema for new kms destruction jobs The schema lets us manage destruction jobs per-table while providing a guarantee that only one run is running at a time. * Apply suggestions from code review Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * Fix table reference and tests Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * update domain, api, and cli to all include key versions in outputs (#2472) * update domain, api, and cli to all include key versions in outputs * fix go sum * add migration to fix immutable error * fix final test issue as well as make gen issue * rebase and fix * address johan pr comments * make gen, didn't realize comments were included * update migrations based on new migration 55 file 03 * Move migrations to 56 * feat: Add key version rewrapping function registry (#2478) The new RegisterTableRewrapFn can be used by a domain to register a callback to use when rewrapping data in a specific table name. * feat(kms): Add scopeId to RewrapFn (#2539) This makes it much easier for rewrap functions to look up the correct wrapper and limit the number of rows searched. * Update Root Cert Proto Definition (#2542) * update root cert proto definition to properly identify public_key as the table primary key * add the test fix as well * Rewrap Functions for Encrypted Tables (#2532) * add oidc rewrap * add argon2 config rewrap * add auth token rewrapping * add worker auth cert rewrapping * check the err * add username password credential rewrapping * add ssh private key credential rewrapping * add vault client certificate rewrap function * add host catalog secret rewrap function * cleanup a little * add host vault token rewrap function * add session credential rewrap function * add session rewrap function * add worker auth rewrap function * update test to include full assert gamut * add session rewrap function TEST * bring all tests up to current standards, make more readable, and include full assert gamut * rework all rewrap functions to utilize scope id * update comments, queries, sql refs, etc, in response to PR comments * forgot a comment * remove hmac updates and fix a couple comments again * Rewrapping Registered Tables Test (#2555) * add the registered table test as well as the two missing rewrap functions * address pr comments, add db r/w conversions, cmp.diff, sql comment, remove (now) faulty immutable test * Add ability to list key version destruction jobs, recurring jobs and destroying key versions (#2498) * feat(kms): Add ability to list data key version destruction jobs * feat(scopes): Add ListKeyVersionDestructionJobs * feat(cli): Add list-key-version-destruction-jobs * feat(kms): Add recurring job that performs table rewrapping The new recurring job runs for each job table with a registered rewrapping callback. It attempts to become the running run and start its rewrapping, gracefully handling sudden interruptions by resuming it's work if it finds evidence of sudden interruption. * feat(kms): Add recurring job for destroying key versions The new job monitors the database for data key version destruction jobs that have finished rewrapping all its data, performing the final data key version revocation. * feat(kms): Add DestroyKeyVersion DestroyKeyVersion immediately destroys a key version if it is a root key version or a data key version which encrypts no data. If the data key version encrypts data which needs to be rewrapped, it queues an asynchronous job to complete the rewrapping operation. * feat(scopes): Add DestroyKeyVersion API endpoint * feat(cli): Add scopes destroy-key-version CLI command * Ensure all secret updates include key ID (#2556) * feat(all): Ensure all secret updates include key ID When updating a secret, it is paramount that the key ID is also updated, as it is the only means we have of ensuring that we only destroy keys once there is no more data associated with the key. * Remove fix to session repository for now This breaks the current private key derivation method * add new encrypt/decrypt funcs and made necessary proto changes (#2557) * add new encrypt/decrypt funcs and made necessary proto changes * address all PR comments * fix test panic * add param checking to rewraps * fix(schema): Correctly organize migrations again * Review comments part 1 * Review comments part 2 * Review comments part 3 * Store cert private key, encrypt tofu token (#2583) * fix(session): store cert private key, encrypt tofu token Previously, we would derive a session certificate private key from the session key used in each project, and not store the key. We would also encrypt the tofu token with the database key but not store a reference to this key in the database. This change fixes this by replacing our key derivation with a key generation step, and instead store the generated key, encrypted, in the database. We also ensure that any new tofu tokens are encrypted with the same key. To handle existing sessions, we lazily rewrite the sessions whenever a user lists them. There is a minor risk that a user could end up destroying the database key that encrypts the tofu token before that session has been rewrapped, but this is going to be rare and temporary. * feat(session): Allow the random source for secrets to be configured * Review comments * Minor fixes * More minor fixes * More small fixes Co-authored-by: Danielle Miu <dani.miu@hashicorp.com> Co-authored-by: Danielle <29378233+DanielleMiu@users.noreply.github.com> Co-authored-by: Michael Gaffney <mike@gaffney.cc> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * fix(session): Unset session key ID when scope is deleted Unsetting the key ID allows the session to live beyond the lifetime of the scope, while allowing the scope to cascade delete its keys. * fix(migrations): Rewrite migration 56 tests These tests can no longer use the normal test helpers as they try to use the new oplog table structure, so we have to manually write all the interactions. * fix(migrations): Rename migration 58 file name This was the name used in the release branch, update it to the new migration number. * fix(e2e): Add some comments and debug to kms tests * fix(session): Handle empty project and user IDs in read When a project or user is deleted, the session is automatically canceled and the respective field on the session is unset. LookupSession did not handle this case gracefully, and would error on decryption in this state. Skip decrypting sessions that do not have either a user or project to avoid this error. The decrypted values are not used for a canceled session. * Fix worker test * Increase test timeout Co-authored-by: Danielle Miu <dani.miu@hashicorp.com> Co-authored-by: Danielle <29378233+DanielleMiu@users.noreply.github.com> Co-authored-by: Michael Gaffney <mike@gaffney.cc> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	3 years ago
Irena Rindos	781b03d080	dataplane management (#2624 )	3 years ago
Irena Rindos	011a7cf640	Dataplane routing (#2623 ) * addition of dataplane routing	3 years ago
Todd	426e6aaa79	Check that the returned resources before referencing them (#2612 )	3 years ago
Jeff Mitchell	0c96c6ff6c	Split grace period into multiple config values (#2578 ) (#2603 ) Co-authored-by: Todd <github@quaddi.com>	3 years ago
Todd	2a4ce02de6	Disconnect PKI workers from upstreams when they are no longer authorized (#2515 )	4 years ago
Irena Rindos	b26814a3cc	move user variables into globals (#2580 ) * move user variables into globals	4 years ago
Irena Rindos	946dab487e	enable recovery user to list targets and sessions (#2576 ) * enable recovery user to list targets and sessions	4 years ago
Jeff Mitchell	cede1aec93	Add initial templating support to Vault credential libraries (#2569 ) (#2575 ) Add initial templating support to Vault credential libraries This adds support for templating various account and user values into Vault dynamic credential library POST bodies and GET/POST paths. It also unifies how parameters are used in grants, with backwards compatibility.	4 years ago
Hugo Vieira	d206635d74	fix(connection): Make bytes up and down a signed 64-bit integer This fixes a theoretical issue with database interaction. Because the fields in the database are signed 64-bit integers, it's theoretically possible to overflow them if we're using unsigned 64-bit integers in the application code.	4 years ago
Hugo Vieira	c81398cbf3	feat(worker): Report bytes up and down on Status updates With this commit, the Worker now sends BytesUp and BytesDown for each of the connections it handles to the Controller in the Status request. The Controller then persists these fields to the database. There is also a new trigger to prevent bytes_up and bytes_down to change after a connection has been closed, as the last update to a session_connection row should be the one that is performed as part of the connection closure process.	4 years ago
Hugo	f023f05c11	feat(worker): Report bytes up/down on Worker connection closure Introduces data about bytes read and written to the connection close payload. No changes are required in the Controller because the RPC messages already contained the required fields. As of this commit, bytes_up and bytes_down columns in the session_connection table are now populated when a connection closes. Refs: #2509	4 years ago
Hugo	1bb80624b8	feat(worker): net.Conn implementation to count Bytes Read and Written This commit introduces a new net.Conn implementation (countingConn) that will keep track of bytes read and written for a particular client connection. This is then implemented into the worker code using interface composition. Refs: #2501	4 years ago
Jeff Mitchell	b86430c2af	Add some common account bits and change over some getOpts -> GetOpts funcs (#2565 ) (#2566 ) This is a precursor to another upcoming PR that will make use of these changes, but it makes that PR more manageable.	4 years ago
Johan Brandhorst-Satzkorn	f57454b6b9	Rewrite interface{} to any (#2535 ) * chore: Rewrite interface{} to any * Add ignore revs	4 years ago
Irena Rindos	2ab6ca6a84	Remove unrelated error from error message (#2558 )	4 years ago
Todd	73f7004c74	Add RLocks for all read access to s.connInfoMaps in a session (#2553 ) * Add RLocks for all read access to s.connInfoMaps in a session	4 years ago
Jeff Mitchell	37273d7a9c	Fix two items: (#2544 ) * Randomize order of worker output. This uses the standard rand.Shuffle() call; cribbed from https://pkg.go.dev/math/rand#example-Shuffle * Have some error/eventing in the worker status path use the base context instead of the status-call-specific context to allow eventing after a timeout event	4 years ago
Haotian	3be8b6efed	refactor(metric): move common metrics functions out of 'internal' directory (#2536 )	4 years ago
Todd	412e7a2418	Add interfaces and error codes for processing downstream router connections (#2511 ) * Add interfaces and error codes for processing downstream router connections	4 years ago
Louis Ruch	f23a28cf01	chore: Add white space (#2516 )	4 years ago
Todd	2f68c604c5	Add test helper for creating a multihop worker setup (#2513 ) * Add test helper for creating a multihop worker setup.	4 years ago
Irena Rindos	4493dfd527	use prior and current worker auth keys (#2495 ) * use prior and current worker auth keys	4 years ago
Jeff Mitchell	74a007bfdd	Adapt to new nodeenrollment X25519KeyProducer interface (#2491 )	4 years ago
Louis Ruch	b7684a857a	feat(ssh): Use HostId as HostKeyAlias for connect ssh helper (#2490 )	4 years ago
Todd	d270513b5a	Add error printing when cluster listeners and their consumers error. (#2488 )	4 years ago
Irena Rindos	bd4f5f3801	update worker auth rotate (#2484 )	4 years ago
Todd	06fd086004	Add health endpoint for worker (#2442 ) * Return worker process information in the health endpoint. Experimental: The worker_info and returned worker_process_info fields are experimental and can change or be removed without notice. When a user passes in "worker_info=1" or "worker_info=true" and a worker is running the returned json will be returned with a key named "worker_process_info" which value is a json object with information about the worker process.	4 years ago
Irena Rindos	d951e1ebc1	Worker graceful shutdown (#2455 ) * add graceful shutdown to worker	4 years ago
Damian Debkowski	546c5dc5be	feat: static json credentials (#2423 )	4 years ago
Irena Rindos	821d8317dc	address op state review feedback (#2453 ) * address op state review feedback	4 years ago
Jeff Mitchell	53b5e532d5	Remove deprecated methods/fields on targets (#2393 )	4 years ago
Jeff Mitchell	37fb9815ce	Add session endpoint test for #2448 (#2450 )	4 years ago
Louis Ruch	50490d71ae	chore(targets): Improve help and errors around ssh targets (#2445 )	4 years ago
Louis Ruch	5812a42ba3	feat(scheduler): set intervals from config (#2443 )	4 years ago
Irena Rindos	fc0ead73e6	feat(workers): worker operational state (#2427 ) * feat(workers): worker operational state	4 years ago
Hugo Vieira	8ab9ffbcac	refact(cmd): Encapsulate some functionality on Command and Server This commit extracts 3 separate pieces of functionality into their own function/method: - Extracts the database opening with the intention to have a function that performs all that functionality but returns the created database object rather than setting it to the Server structure. - Extracts database validation logic, to provide a common code path for upcoming functionality. - Expose schema manager on the Command struct as well as providing common functions to acquire shared lock/close.	4 years ago
Timothy Messier	047a66e87d	fix(worker): Improper reload when running as controller and worker (#2438 ) In cases where the server was started with both a controller and worker stanza, the reload of the config was not properly setting the initial upstream value on the new config. In this case the value is derived from other config values and not necessarily set directly. This now properly initializes the new config so that initial upstream is set in the same manner as the first load. Blame: `5d0cdf680f`	4 years ago
Irena Rindos	18dff62b7b	Merge BYOW GA branch to main (#2398 ) * feat(workers): Add ability to read and reinitialize cert authority (#2312) * feat(workers): Return Release Version on worker list and read (#2377) * feat(cli): Read and reinitialize worker certificate authority (#2387)	4 years ago
Hugo Vieira	bf1486f75e	refact(target): Add context to RepositoryFactory constructor `errors.New` requires a context, so I've made that available from the Controller, and updated all `NewDeprecated` functions to `New` while I was at it	4 years ago
Hugo Vieira	bf263fbd7d	perf(target): Use new Permissions object to determine resource access Using the new Permissions object, we can build a list of the level of access a user should have based on the grants they've been given, meaining we don't need to fetch all resources from the database to then remove the ones the user shouldn't be able to see. This commit also removes some unused options in `ListTargets` for the sake of simplicity.	4 years ago
Hugo Vieira	63196ee4ca	feat(target): Implement new WithPermissions option Also changes the Target RepositoryFactory to allow for passing options at construction time.	4 years ago
Hugo Vieira	224f8d2d4e	refact(controller): Move Target Repository Factory to the target package	4 years ago
Timothy Messier	eb61ac6304	refact(session): Add context to session factory This adds a context to the session.RepositoryFactory, allowing errors.NewDeprecated to be replaced with errors.New. It also removes the common.SessionRepoFactory, instead packages just directly import from the session package.	4 years ago
Timothy Messier	febf0b9984	refact(controller): Use session repo factory that takes options	4 years ago
Timothy Messier	68568828e6	perf(sessions): Use session repository with permissions This builds on previous performance improvements to the list behavior by reducing the number of queries against the database and the amount of data transfered in order to retrieve a list of sessions. Previously, a query was performed to retrieve a tuple of `(session_id, scope_id, user_id)` for the requested scope, including all child scopes if the request was recursive. These tuples were evaluated against the requesting user's grants to identify the sessions that they were authorized to list. In the case of clusters with a large number of sessions, this would result in a large amount of data needing to be transfered for sessions that would not be used. Then a second query would be used to retrieve the full session information for the session ids that were authorized. This changes the list behavior to evaluate a set of permissions from the requesting user's grants, use these permissions when constructing a session repository, and retrieve the list of sessions the user is authorized to list in a signle query. Ref: `d741034829` `32070678dc`	4 years ago
Timothy Messier	e4bb847ad1	feat(auth): Expose ACL from VerifyResults	4 years ago
Timothy Messier	39fedd843c	test(targets): Remove auth.DisabledAuthTestContext from tests Disabling the auth was resulting in some unrealistic tests setup and expectations. It also makes it difficult to refactor any behavior in the authn/authz flow since this option can bypass most of it.	4 years ago
Timothy Messier	02cef3d8a8	test(sessions): Remove auth.DisabledAuthTestContext from tests Disabling the auth was resulting in some unrealistic tests setup and expectations. It also makes it difficult to refactor any behavior in the authn/authz flow since this option can bypass most of it.	4 years ago
Hugo Vieira	ccb17df01a	feat(auth): Get all authorised scope info for a given list request	4 years ago
Haotian	5c715478e4	feat(workers): Add metrics for worker server-side grpc connections, refactor repeated code into common location (#2367 ) * feat(workers): added latencies histogram for server side multihop workers * refactor(daemon): combine common grpc metric functions into daemon/internal/metric Co-authored-by: Todd <github@quaddi.com>	4 years ago
Louis Ruch	d7c4c648ec	bug(vault): Correctly handle credential stores with expired tokens (#2399 ) * bug(vault): Correctly handle credential stores with expired tokens Boundary makes use of a database view to perform CRUD operations on Vault credential stores and libraries. This view did not include credential stores with tokens that have expired in Vault, causing errors when attempting to perform any action against them.	4 years ago
Jeff Mitchell	01fb949d0b	Add controller-led worker auth flow (#2413 ) This adds an action to the API that allows pulling out an activation token that can be given to a worker in its config (directly or via env or file). The worker can pass this along with its normal request in place of its normal nonce and the server will automatically accept it. Co-authored-by: Irena Rindos <irenarindos@users.noreply.github.com>	4 years ago
Timothy Messier	5d0cdf680f	feat(worker): Support reloading of initial upstreams on SIGHUP (#2417 ) On a SIGHUP, if the worker's `initial_upstreams` config option has changed, it will use the new values as the address to send its status. Any previously discovered upstream addresses from previous status requests are dropped. Once a successful status request is made to the new addresses, the worker will resume its normal behavior of using the addresses from the response to the status request. This allows a worker to be deployed in a more stable way in a dynamic environment where controller IPs could change. In particular this helps with a case where all controllers are replaced with new controllers running on new IPs. To illustrate with an example, suppose there is an instance group of controllers instances. And there are worker instances that have their config rendered from consul-template that sets `initial_upstreams` to the IPs of the controller instances. If all controller instances are restarted or replaced at the same time and assigned new IPs, a new config will be rendered for the worker. Previously the only way for the worker to use the new value would be for the worker process to be restarted. Otherwise the worker would only know about the previous IPs and would fail to connect to the new controllers. However, a restart would mean any active sessions and session connections on the worker instance would be terminated. With this update, consul-template can send a SIGHUP to the worker, the worker will connect to the new controllers and resume normal status reporting, allowing the sessions and session connections to remain. The same principles would apply for other examples of dynamic environments such as nomad and kubernetes. See: https://github.com/hashicorp/consul-template https://www.nomadproject.io/docs/job-specification/template	4 years ago
Irena Rindos	db21ead31c	Vault proxy supporting code (#2415 ) * Vault proxy supporting methods	4 years ago
Jeff Mitchell	9b271d7dd8	Fix error about unimplemented HcpbWorkers call (#2361 ) Although there is a compile time check on the type, it will always succeed due to the Unimplemented embedding requirement. As a result, this PR also changes Unimplemented calls to Unsafe calls, which were added later "for those that prefer their code to break"; the comments on these state: // UnsafeXServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to XServiceServer will // result in compilation errors. See https://github.com/grpc/grpc-go/issues/4500#issuecomment-852597871 for some more context. I think we're fine with compilation errors though; we own both the server and client side of things and generally are going to add new methods only when we intend to also add them on the client side. Notably, what the comment does not indicate is that it will break at runtime; already it should return a suitable (404 or 405) error if the client requests a method that does not exist.	4 years ago
Irena Rindos	b4b95e0f0e	refactor(vault): add context and remove deprecated errors (#2396 ) * refact(vault): add context and remove deprecated errors	4 years ago
Johan Brandhorst-Satzkorn	aef9073fa6	Upgrade to Go 1.19 (#2347 )	4 years ago
Johan Brandhorst-Satzkorn	ac591d8283	fix(managed_groups): Fix validation function panic (#2390 ) The logic would panic if no attributes were specified. Ensure that attributes are non-nil before checking any sub fields.	4 years ago
Renato Costa	ec3d2ef360	Fix incorrect use of loop variable in parallel tests (#2389 ) This fixes occurences of a loop variable being captured in parallel tests. With the previous code, only the last test case is actually exercised. To work around this problem, we create a local copy of the range variable before the parallel test, as suggested in the documentation for the `testing` package: https://pkg.go.dev/testing#hdr-Subtests_and_Sub_benchmarks Issues were found automatically using the `loopvarcapture` linter.	4 years ago
Irena Rindos	dde0c35f23	Update request data in session manager (#2369 ) * bug(session): Update request data in session manager	4 years ago
Damian Debkowski	27e9f775be	feat: add initial migration hook	4 years ago
Jim	2818bb65cd	feature (downstreams): Add hooks for optional downstream workers/router (#2359 ) This includes the required interfaces, factories, error codes, etc	4 years ago
Jim	7aa7deafa3	chore: update go-dbw dependencies (#2298 ) * chore: update go-dbw dependencies This update included an update of the upstream gorm dependency. In the latest update, gorm appears to have become more sensitive when a slice is passed into operations. The ptr to slice must now be a ptr to slice of ptrs. This change required an update to how boundary handles slices of PrincipalRole, which now must return a ptr to PrincipalRole. There were also some tests that needed to be updated because of this change. * fixup! chore: update go-dbw dependencies	4 years ago
Jeff Mitchell	7df1331e93	Update configutil/pluginutil deps (#2346 ) Fixes #2343	4 years ago
Louis Ruch	7fafadd70b	db: Add credential_sha256 to session_credentials (#2339 ) * db: Add credential_sha256 to session_credentials	4 years ago
Jeff Mitchell	02dd28f587	Add support for SSH private key passphrases (#2331 ) This adds support for encrypted SSH keys via passphrase. Co-authored-by: Louis Ruch <louisruch@gmail.com> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	4 years ago
Jeff Mitchell	07bca9dd66	Ensure initial upstreams is empty before hcpb worker listing (#2334 ) The intention of the code was to have one-hop-away workers list KMS workers to get initial upstreams, and have other workers continue using what was in their config file. However, nothing stops people from having initial_upstreams but _also_ adding a cluster ID in their config file, in which case we'd always run this check and replace the config-set initial upstreams. So, ensure the config-set initial upstreams is also len zero.	4 years ago
Jeff Mitchell	090b2b28f8	Clean up some dev config kms code (#2321 ) * Clean up some dev config kms code Although it didn't matter in the combined state, the KMS for auth storage was not actually being set properly if only a worker was being instantiated.	4 years ago
Jeff Mitchell	8800ec9c94	Reorganize logic to allow a poison pill (#2317 )	4 years ago
Jeff Mitchell	4bd249d347	Fix some missing net.JoinHostPort calls (#2305 )	4 years ago
Damian Debkowski	c25b9285c0	fix(test) uncomment ro tests for cred update (#2301 )	4 years ago
Todd	1aad2627c8	OSS side of second downstream connections (see enterprise PR 69) (#2292 )	4 years ago
Jeff Mitchell	67d789cb6d	When allowed_origins is "*" use that in response (#2289 )	4 years ago
irenarindos	4908aba546	feat(vault): Add unimplemented worker filter support to OSS	4 years ago
Louis Ruch	52c1a4f9f9	feat(targets): Support extraWorkerFilterFunc in target	4 years ago
Jeff Mitchell	8f2ef45a01	Update against new version of nodeenrollment split listener (#2280 )	4 years ago
Louis Ruch	a17e973712	feat(credentials): Refactor credential purposes (#2260 ) * feat(credentials): Refactor credential purposes * Application credentials have been refactored to Brokered credentials * Egress credentials have been refactored to Injected Application credentials Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	4 years ago
Jeff Mitchell	271cc8f781	Add ssh private key to CLI (#2265 )	4 years ago
Louis Ruch	ef5ac07f02	Add ssh_private_key support for Vault libraries and targets (#2263 ) * Add support for ssh_private_key credential type in Vault libraries * Add support for ssh_private_key credential type * Support jsonpointer for Vault library mapping overrides	4 years ago
Jeff Mitchell	011e2e7425	Add ssh private key type and add type to static store (#2262 ) Co-authored-by: Louis Ruch <louisruch@gmail.com>	4 years ago
Jeff Mitchell	8c56a5648d	Migrate plugin host/set/catalog prefixes to typed (#2256 ) * Migrate plugin host/set/catalog prefixes to typed * Add credential store typing too	4 years ago
Haotian	28f53a64b4	feat(workers): implement worker service add/set/remove api tags	4 years ago
Jeff Mitchell	fb3b2209e5	Add WithType to worker listing (#2252 )	4 years ago
Jeff Mitchell	81af61ae7d	Add client next protos to KMS connection info (#2246 ) This builds on the previous change in the nodeenrollment library to allow KMS connections to store incoming ALPN NextProto information.	4 years ago
Jeff Mitchell	1596ff3d1c	Update against new nodee conn type (#2245 )	4 years ago
Jeff Mitchell	6b48346bf3	Add managed worker address fetching (#2244 )	4 years ago
Jeff Mitchell	ca387223b8	Retry faster on initial status (#2243 ) Right now there is a bit of a race condition in that a status call that indirectly tells the controller that a worker is ready to accept sessions can have its response unable to be processed in time for an actual session to come in from a client. It's very unlikely but technically there. This changes where we check if we have ever successfully authenticated from the function called by the ticker to the ticker itself, allowing us to reset the timer to a very short time if we have not yet authenticated. We already have the initial timer set to 0 for "as soon as possible" behavior, but if that initial status failed we'd wait for the normal interval. Now we will instead continue with the "as soon as possible" behavior, and reduce the very unlikely race condition to extremely unlikely. (There are more permanent fixes but those are bigger and can come later.)	4 years ago
Todd	155c5f578b	Create session manager for workers to use to interact with sessions (#2235 )	4 years ago

1 2 3 4 5 ...

252 Commits (000fc7c0e014d01dbbcef87e8a62aa2f2b149641)