boundary

Commit Graph

Author	SHA1	Message	Date
Jeff Mitchell	377d837df3	Update gen	5 years ago
s-christoff	6623be8bfb	Refactor internal/auth to return domain specific errors (#905 ) * Refactor internal/auth to return domain specific errors	5 years ago
Jeff Mitchell	1afa3a4b6c	Disallow an invalid grant format (#914 )	5 years ago
Jeff Mitchell	6cd97a4a6e	Add support for recursive listing (#885 )	5 years ago
Jeff Mitchell	6b58a3317d	Add recursive listing to roles (#881 ) This also lays the framework for adding recursive listing to the rest of the resources.	5 years ago
Jeff Mitchell	dcb15cffbd	Add authorized actions output on resources (#870 )	5 years ago
Jeff Mitchell	27919ab11b	Groundwork for returning authorized actions (#860 ) This returns authorized actions on targets to users when they perform an operation on a target, including listing. It also prevents users from seeing values in listing targets on which they have no permissions.	5 years ago
Jeff Mitchell	84c617dc49	Run make gen after the gofumpt update	5 years ago
Michael Gaffney	94cb79bbdd	See how Boundary would look with gofumpt applied (#853 ) * See how Boundary would look with https://github.com/mvdan/gofumpt applied Results of running `gofumpt -w -s .` * Update tools file and Makefile for gofumpt Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	5 years ago
Louis Ruch	bfbb179741	ICU-738/Refactor internal/db to domain errors (#815 ) * Refactor internal/db to domain errors	5 years ago
Jeff Mitchell	8b39faef1b	Rearrange some auth logic and add some opts useful for filtering/testing (#835 )	5 years ago
Jeff Mitchell	11b821a200	Bump deps (#818 )	5 years ago
Louis Ruch	d8f8d60418	Allow dash in account name (#806 ) * Allow dash in account name	5 years ago
Jim	af6ef1b687	Refactor existing sentinel errors (#774 )	6 years ago
Jeff Mitchell	813d21565f	Allow authorize-session to be invoked with target name (#737 )	6 years ago
Jeff Mitchell	1acd690299	Clear account ID if token does not map to a user It's possible there are acceptable use cases for still matching account ID if the account no longer maps to a user, but it's equally possible that this can cause confusion. Removing it seems safer.	6 years ago
Jeff Mitchell	9237d6f787	Rename authorize to authorize-session (#531 ) As pointed out by Rob, this makes it clearer what the action actually is. We were sort of torn on it before, but I've definitely come around to it.	6 years ago
Jeff Mitchell	fa700dc002	Add account ID templating (#518 ) * Remove default role and create via the same mechanism as other initial resources	6 years ago
Jeff Mitchell	6ddfe407a3	Update allowed formats of ACL strings (#508 )	6 years ago
Jim	1e71c55920	deprecate access to underlying *sql.DB via internal/db.DB() (#506 )	6 years ago
Jeff Mitchell	a38f40606e	Create default roles in scopes to allow authentication and listing scopes/auth methods (#502 )	6 years ago
Jeff Mitchell	cf3fa4522d	Swap base58 libraries (#472 ) * Swap base58 libraries This doesn't reduce binary size but it removes a metric ton of dependencies.	6 years ago
Jeff Mitchell	c30fd5620e	Add account add/set/remove to CLI (#473 )	6 years ago
Jeff Mitchell	8d8a7358f8	Add AdditionalVerification function (#423 )	6 years ago
Todd Knight	2f8d7f0a32	API Errors: Hide and log internal errors (#411 )	6 years ago
Jeff Mitchell	38ce9d9eac	Combine controller and worker commands (#415 )	6 years ago
Jeff Mitchell	9b2646eaf9	Fix retry behavior with KMS recovery and misleading error message (#391 )	6 years ago
Jeff Mitchell	62baef1b7e	Add multi connection parameters through targets and into session creation (#375 ) * Update protos and gen * Add new values to targets CLI command * Lots more plumbing of new parameters through everything * allow fields to be set to zero value. * Disallow set but empty name/description strings in create/update verifiers Co-authored-by: Jim Lambert <jlambert@hashicorp.com>	6 years ago
Jeff Mitchell	07a7e9750a	Tie together the database-driven session handling with the worker and add relevant CLI comands (#370 )	6 years ago
Jeff Mitchell	0a44ed3edd	Fix global scope lookup (#367 ) The changed auth logic + verify logic in the scope handler pass the parent ID for validation, which is correct, as a scope lives in its parent ID. However, the global scope has no parent, and the changes resulted in an empty ID being passed in rather than the global scope itself. This fixes that lookup.	6 years ago
Jeff Mitchell	6201357902	Use scope-specific token DEKs (#342 )	6 years ago
Jeff Mitchell	f8237fb945	Move some packages into SDK, out of internal	6 years ago
Jeff Mitchell	f94f21fd97	Update API codes (#336 )	6 years ago
Todd Knight	c3ecea172d	Generate new version of SDK resources and Add Tests (#331 )	6 years ago
Todd Knight	1c2c078e0a	Adding Authz checks that support new pathing (#328 )	6 years ago
Jeff Mitchell	c4522aa813	Update host sets and auth system to new paradigm (#319 )	6 years ago
Todd Knight	0aba6db720	Enable Split Cookies (#318 )	6 years ago
Jeff Mitchell	274afa6b02	Shave off an IAM lookup if the user is the anonymous user (#305 ) * Shave off an IAM lookup if the user is the anonymous user * Fix build * If authz failures are turned off, make the token type unknown instead of invalid * Change returned token format when authz failures are disabled * Change logic back * Fix logic	6 years ago
Michael Gaffney	de162c5533	Replace and remove ErrNilParameter with ErrInvalidParameter (#295 )	6 years ago
Jeff Mitchell	8f579c75c3	paum -> ampw (#303 )	6 years ago
Jeff Mitchell	74544f6324	Encrypt tokens on the way out and decrypt on the way in (#302 ) * Encrypt tokens on the way out and decrypt on the way in This isn't a security feature related to tokens specifically; it's so that we can discard cryptographically bad tokens before we ever hit the DB. This way we can't pass through a DDoS to the database due to fetching obviously invalid token values. I'm using base58 to encode the resulting value as there aren't great base62 options, and allowing base64 / and + values can hamper usability by creating copying/highlighting breaks.	6 years ago
Jeff Mitchell	ac4d9fa311	Add nonce storage and replay prevention test (#293 )	6 years ago
Jeff Mitchell	b47cca0329	Add (non-db aspects of) the recovery key workflow (#286 )	6 years ago
Jim	9570897032	basic keys mgmt repo (#264 )	6 years ago
Todd Knight	eaae887bbe	Don't require type for children of subtyped resources. (#285 )	6 years ago
Todd Knight	1deea8aa3a	Fixing missed documentation fix from PR 267.	6 years ago
Todd Knight	e14f968fc3	Account (Set\|Change)Passsword (#267 )	6 years ago
Jeff Mitchell	7b36571788	Change auth validity feedback (#273 ) * Change auth validity feedback Move from a bool indicating validity to lack of an error. This allows the error to be directly returned and typed. * Fix erroneous line	6 years ago
Todd Knight	23b437894a	Masks can now update attribute fields. (#271 )	6 years ago
Jeff Mitchell	bb6b189513	Create a default role on new scope creation (#265 )	6 years ago

1 2

88 Commits (02fabe21c541ec0f53bd530cb80e76e2a2d79bc0)