boundary

Commit Graph

Author	SHA1	Message	Date
Todd Knight	072b950540	Filter inactive and private oidc auth methods from unauthenticated list requests (#1110 )	5 years ago
Jeff Mitchell	412018fbb4	Update misleading Authenticated bool with new name and explanation. (#1111 )	5 years ago
Todd Knight	14c222709c	Make oidc auth callback redirect on most errors (#1105 )	5 years ago
Jim	d0f36f6a74	ensure that inbound auth method id matches request wrapper auth metho… (#1104 )	5 years ago
Jim	8f9c287233	properly handle ClientSecret updates (#1097 )	5 years ago
Jim	26c0c4479d	send MaxAge when set for auth method (#1094 )	5 years ago
Jim	dd0f34bc35	Add new OIDC auth method. (#1090 ) Co-authored-by: Todd Knight <T.Alan.Knight@gmail.com> Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	5 years ago
Michael Gaffney	aafbada3ae	Remove calls to `t.Helper()` from test methods (not helpers) (#1063 )	5 years ago
Jeff Mitchell	3c430678ae	Fix test scope errors (#1029 ) When using a disabled verifier context we were faking scope information. Due to other recent changes, this was now causing test errors. This adjusts that flow to actually query the DB, fixing tests and making them more like real code.	5 years ago
Jeff Mitchell	aa570f4e48	Honor child scope list permissions when recursing (#1016 ) Current behavior is that you need list grant on the parent scope when recursively listing, and this is sufficient. This is good for administrative workflows but can be unintuitive for resources that only exist at a project level. This change allows permissions on the child scope to also be taken into account, so that you can start a recursive list from a parent scope without direct list support on that scope but still get back child scopes for which list access is granted. This also fixes a bug where visibility of a scope for recursive listing would be based on whether the user had list resources for roles within that scope instead of for the resource type in question.	5 years ago
Jeff Mitchell	fcbf372881	Bump proto/grpc deps (#1017 ) * Bump proto/grpc deps * Back out buf change * Run make gen	5 years ago
Jeff Mitchell	68f8d7e595	Rerun make gen	5 years ago
Louis Ruch	e3e96a87fa	Fix error codes	5 years ago
Louis Ruch	7387cec475	Remove sentinel errors (#968 ) * Remove sentinal errors	5 years ago
Jeff Mitchell	377d837df3	Update gen	5 years ago
s-christoff	6623be8bfb	Refactor internal/auth to return domain specific errors (#905 ) * Refactor internal/auth to return domain specific errors	5 years ago
Jeff Mitchell	1afa3a4b6c	Disallow an invalid grant format (#914 )	5 years ago
Jeff Mitchell	6cd97a4a6e	Add support for recursive listing (#885 )	5 years ago
Jeff Mitchell	6b58a3317d	Add recursive listing to roles (#881 ) This also lays the framework for adding recursive listing to the rest of the resources.	5 years ago
Jeff Mitchell	dcb15cffbd	Add authorized actions output on resources (#870 )	5 years ago
Jeff Mitchell	27919ab11b	Groundwork for returning authorized actions (#860 ) This returns authorized actions on targets to users when they perform an operation on a target, including listing. It also prevents users from seeing values in listing targets on which they have no permissions.	5 years ago
Jeff Mitchell	84c617dc49	Run make gen after the gofumpt update	5 years ago
Michael Gaffney	94cb79bbdd	See how Boundary would look with gofumpt applied (#853 ) * See how Boundary would look with https://github.com/mvdan/gofumpt applied Results of running `gofumpt -w -s .` * Update tools file and Makefile for gofumpt Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	5 years ago
Louis Ruch	bfbb179741	ICU-738/Refactor internal/db to domain errors (#815 ) * Refactor internal/db to domain errors	5 years ago
Jeff Mitchell	8b39faef1b	Rearrange some auth logic and add some opts useful for filtering/testing (#835 )	5 years ago
Jeff Mitchell	11b821a200	Bump deps (#818 )	5 years ago
Louis Ruch	d8f8d60418	Allow dash in account name (#806 ) * Allow dash in account name	5 years ago
Jim	af6ef1b687	Refactor existing sentinel errors (#774 )	6 years ago
Jeff Mitchell	813d21565f	Allow authorize-session to be invoked with target name (#737 )	6 years ago
Jeff Mitchell	1acd690299	Clear account ID if token does not map to a user It's possible there are acceptable use cases for still matching account ID if the account no longer maps to a user, but it's equally possible that this can cause confusion. Removing it seems safer.	6 years ago
Jeff Mitchell	9237d6f787	Rename authorize to authorize-session (#531 ) As pointed out by Rob, this makes it clearer what the action actually is. We were sort of torn on it before, but I've definitely come around to it.	6 years ago
Jeff Mitchell	fa700dc002	Add account ID templating (#518 ) * Remove default role and create via the same mechanism as other initial resources	6 years ago
Jeff Mitchell	6ddfe407a3	Update allowed formats of ACL strings (#508 )	6 years ago
Jim	1e71c55920	deprecate access to underlying *sql.DB via internal/db.DB() (#506 )	6 years ago
Jeff Mitchell	a38f40606e	Create default roles in scopes to allow authentication and listing scopes/auth methods (#502 )	6 years ago
Jeff Mitchell	cf3fa4522d	Swap base58 libraries (#472 ) * Swap base58 libraries This doesn't reduce binary size but it removes a metric ton of dependencies.	6 years ago
Jeff Mitchell	c30fd5620e	Add account add/set/remove to CLI (#473 )	6 years ago
Jeff Mitchell	8d8a7358f8	Add AdditionalVerification function (#423 )	6 years ago
Todd Knight	2f8d7f0a32	API Errors: Hide and log internal errors (#411 )	6 years ago
Jeff Mitchell	38ce9d9eac	Combine controller and worker commands (#415 )	6 years ago
Jeff Mitchell	9b2646eaf9	Fix retry behavior with KMS recovery and misleading error message (#391 )	6 years ago
Jeff Mitchell	62baef1b7e	Add multi connection parameters through targets and into session creation (#375 ) * Update protos and gen * Add new values to targets CLI command * Lots more plumbing of new parameters through everything * allow fields to be set to zero value. * Disallow set but empty name/description strings in create/update verifiers Co-authored-by: Jim Lambert <jlambert@hashicorp.com>	6 years ago
Jeff Mitchell	07a7e9750a	Tie together the database-driven session handling with the worker and add relevant CLI comands (#370 )	6 years ago
Jeff Mitchell	0a44ed3edd	Fix global scope lookup (#367 ) The changed auth logic + verify logic in the scope handler pass the parent ID for validation, which is correct, as a scope lives in its parent ID. However, the global scope has no parent, and the changes resulted in an empty ID being passed in rather than the global scope itself. This fixes that lookup.	6 years ago
Jeff Mitchell	6201357902	Use scope-specific token DEKs (#342 )	6 years ago
Jeff Mitchell	f8237fb945	Move some packages into SDK, out of internal	6 years ago
Jeff Mitchell	f94f21fd97	Update API codes (#336 )	6 years ago
Todd Knight	c3ecea172d	Generate new version of SDK resources and Add Tests (#331 )	6 years ago
Todd Knight	1c2c078e0a	Adding Authz checks that support new pathing (#328 )	6 years ago
Jeff Mitchell	c4522aa813	Update host sets and auth system to new paradigm (#319 )	6 years ago

1 2 3

102 Commits (072b950540a6adeb030d6bba71591eed9a4f6ded)