boundary

Commit Graph

Author	SHA1	Message	Date
Damian Debkowski	162a857a29	feat(sbc): Add domain changes for SBC	2 years ago
Jeff Mitchell	4e0c2d79ac	Add grant scope IDs to role list (#4893 ) This adds grant_scope_ids in the output of role listing. The lookup for grant scope IDs was changed to allow taking in a set of roles instead of just a single role, and the results are collated afterwards. --------- Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>	2 years ago
Johan Brandhorst-Satzkorn	c6f3c375f3	api: remove deprecated grant_scope_id field (#4886 ) * api: remove deprecated grant_scope_id field The grant_scope_id field was deprecated in 0.15.0, so we can remove it for 0.17.0. * Fix tests * Fix more tests * Remove an option and some related code that stuck around * Fix bats tests --------- Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	2 years ago
Jeff Mitchell	d547e0d459	Add test ability to reinitialize worker auth roots on startup (#4895 )	2 years ago
Irena Rindos	61e7ab4738	Allow descriptions to contain newlines and other whitespace (#2599 ) * Allow names and descriptions to contain newlines and other whitespace * separate validate name from validate description * update changelog --------- Co-authored-by: Danielle Miu <29378233+DanielleMiu@users.noreply.github.com>	2 years ago
David Bond	0c25dbad13	Use appropriate gRPC error codes for OIDC (#4877 ) This commit makes modifications to the OIDC request handlers to return appropriate gRPC status codes on errors. Before this change, boundary presents the internal error codes to clients. This causes problems for reverse proxies, as these status codes are mapped to non-standard HTTP response codes which are ultimately all turned into 500 responses when 4xx status codes are more appropriate and descriptive of the error returned. Some modifications in this commit include calls to `event.WriteError` so that the internal error is written to the controller log for visibility. Comments about potential duplicate logs are now removed as `event.WriteError` is not called when using functions from the `handlers` package. Signed-off-by: David Bond <davidsbond93@gmail.com>	2 years ago
Michael Li	e18e3ab783	test: Fix tests due to time (#4855 ) * test(billing): Calculate time deltas from a fixed time Some time calculations are impacted when using the current day vs. the start of the month. * test(db): Conditionally skip tests at end of month Certain tests fail when run on the last day of the month because of edge cases in the setup of test data (for example, if today is May 31 and NZ time is June 1). This adds conditional logic to skip those tests when run on the last day of a month. * CR: typo	2 years ago
Timothy Messier	a2c529b9d1	fix(controller): Use max request duration cluster listener (#4805 ) The cluster listener supports a `max_request_duration` option, and defaults to 90 seconds. However, this configuration was not being use when processing grpc requests from the listener. This meant that requests from worker to controller could hang indefinitely and contributed to the recently fixed issue with database connections being stuck in `idle in transaction`. This commit adds a grpc interceptor that ensures each request has a deadline set to the max request duration for the listener. Refs: `29cd7bc9d6`	2 years ago
Irena Rindos	16d23fa55f	bug(scopes): scopes list returns 500 without perms (#4731 )	2 years ago
Todd	7df9144fbf	Fix typos in request validation errors for aliases (#4671 ) * Fix typos in request validation errors for aliases * Add format validation for destination id field.	2 years ago
Todd	0d67b86543	Add ListResolvableAliases to the user service (#4609 ) * Add ListResolvableAliases to the user service There are a few non common ways this method uses our ACL and grant system. A user is able to list resolvable aliases for another user if they are granted permission to do so. That means we had to load the grants for the user being listed for and not the requester when determining if an alias is able to resolve to a destination for which the requested user has permission. Similarly, the grant hash used for the list pagination is required to be that of the user being listed and not the requester.	2 years ago
dani	1a77e4da86	Boundary Plugin MinIO (#4621 ) feat(storage): Add storage support for MinIO via new built-in plugin	2 years ago
Louis Ruch	c376d06355	feat: Add support for correlationId	2 years ago
Elim Tsiagbey	2c140b1e09	feat: Local Storage State API & CLI - add `local_storage_state` value to API & CLI	2 years ago
Elim Tsiagbey	3bef063c72	feat: Filter workers by local storage state function - add functionality to filter worker by local storage state. - add feature constraint for local storage state	2 years ago
Louis Ruch	e9e3d7cad5	feat(session): Include session recording id in auth-session resp (#4593 )	2 years ago
Todd	55fe70e643	Change 404 errors for aliases to 401s (#4575 ) * Change 404 errors for alias resolution to 401s --------- Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>	2 years ago
Jeff Mitchell	a4bafdf9f4	Remove unintended log statements (#4533 )	2 years ago
Jeff Mitchell	4542eef22b	Add templating coalesce function (#4492 )	2 years ago
Todd	868228847d	Add handler and API support for alias creation with target (#4508 ) * Add handler and API support for alias creation with target	2 years ago
Todd	f7631edcab	rename target2 import alias to talias (#4482 )	2 years ago
Todd	4bd38037b3	fixup! Create the alias service and resource (#4276 )	2 years ago
Todd	240f86f0a9	fixup! Resolve aliases prior to subtype attribute transforming interceptor (#4379 )	2 years ago
Todd	ce250cbc57	fixup! Create the alias service and resource (#4276 )	2 years ago
Todd	deab1d5f17	fixup! Create the alias service and resource (#4276 )	2 years ago
Irena Rindos	e80e9a6da5	feat(dev): create initial alias targets for boundary dev (#4433 ) * feat(dev): create initial alias targets for boundary dev	2 years ago
Irena Rindos	48d958e395	fix(aliases): check target alias host id on create and update (#4435 ) * fix(aliases): check target alias host id on create and update	2 years ago
Todd	5a17c9cd39	Resolve aliases prior to subtype attribute transforming interceptor (#4379 ) * Resolve aliases prior to subtype interceptor	2 years ago
Todd	78e10864c4	Add alias CLI CRUDL commands (#4353 ) * Add alias CLI CRUDL commands	2 years ago
Irena Rindos	eceb1fd40e	api(targets): add aliases to targets (#4337 ) * api(targets): add aliases to targets	2 years ago
Todd	3f3b624b54	Add alias resolution to target service (#4277 ) * Add aliases to target resource and alias resolution to target service * Wire up the target alias domain package to the target service handler * Adding alias resolution to target api tests	2 years ago
Todd	92181e272a	Create the alias service and resource (#4276 ) * Create the alias service and resource * Add alias generated API files and tests	2 years ago
Todd	e848e76b48	Create Alias Domain Object and Repo (#4275 ) * Create alias domain object resource * Add paginated listing * fixing ratelimit related panics * Address reviewer comments * remove NewAlias value checks	2 years ago
Michael Milton	2e69d59dd2	feat(billing): Add cli subcommand for monthly active user counts	2 years ago
Timothy Messier	111dc87ead	feat(billing): Fix end time comparision for all view	2 years ago
Timothy Messier	e09bf09a95	refact(billing): Use sql functions instead of views These functions will ensure that UTC time is used for billing queries, eliminating the need for the repository to set the timezone. This also means the repository no longern needs a writer.	2 years ago
Timothy Messier	5aafe66c3c	test(ratelimit): Update tests due to new endpoint	2 years ago
Michael Milton	280e9abb89	feat(billing): Add service handlers for monthly active user counts	2 years ago
Jeff Mitchell	35cef97bd4	Linter fixes PR 3 (#4415 ) * Linter fixes * fix(bsr): update test to register TEST protocol once --------- Co-authored-by: Damian Debkowski <damian.debkowski@hashicorp.com>	2 years ago
Johan Brandhorst-Satzkorn	e95eda7ca2	handlers: always return pagination parameters in list (#4373 ) * handlers/targets: always return pagination parameters in list * handlers/authmethods: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/accounts: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/authtokens: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/credentiallibraries: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/credentials: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/credentialstores: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/groups: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/host_catalogs: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/host_sets: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/hosts: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/managed_groups: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/roles: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/scopes: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/sessions: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so. * handlers/users: test for pagination parameters Note that this already always returned the pagination parameters, but now we have a test that it does so.	2 years ago
Jeff Mitchell	4068829509	Merge pull request #4401 from hashicorp/jefferai-linter-fixes Fix linter warnings, parts 1 and 2	2 years ago
Jeff Mitchell	49803e653c	Linter fixes numero 2 (#4408 )	2 years ago
Jeff Mitchell	25bce9e8ff	Fix linter warnings	2 years ago
Jim	3af259ff69	chore: update deps (#4394 ) * chore: update deps * tests: update sqlmock tests for breaking chg * tests (handlers): sort grants in checkEqualGrants(...) sort the expected and got grants in checkEqualGrants(...) to make the test more deterministic. * tests (asciicast): update backspace enc in TestEventMarshal(...)	2 years ago
Jim	a61993abd7	fix (auth): event verify error (#4302 )	2 years ago
Jeff Mitchell	e91c4cbfe2	Remove support for 'id' field in grants (#4290 )	2 years ago
Louis Ruch	7921ce22fd	test(grant): Use ID to validate version check (#4274 ) * test(grant): Use ID to validate version check * Update docs from id to ids * Remove 'id' in 0.16.0	2 years ago
Jeff Mitchell	f5dd457b34	Multiple grant scope IDs (#4251 ) Co-authored-by: Timothy Messier <tim.messier@gmail.com> Co-authored-by: Todd <github@quaddi.com>	2 years ago
Jeff Mitchell	3414e09cbb	Remove announced deprecated code allowing ports in target addrs (#4265 ) We made it an error in the API to do this a while back; this cleans up the logic to disallow it for existing targets too.	2 years ago
Louis Ruch	22fcf8a2ba	Projects do not have perm to attach/detach policy	2 years ago
Jeff Mitchell	253d79116c	Swap id field in grants to ids since that's now standardized (#4250 ) * Swap id field in grants to ids since that's now standardized * Fix some tests I missed * Update generated resource table	2 years ago
Jeff Mitchell	e07503add4	Remove some long-standing commented code (#4242 ) This actually was implemented elsewhere for eventing but the commented code wasn't removed. We can finally be free.	2 years ago
Danielle Miu	e903947bef	Create delete_session_recording job and associated infra	2 years ago
Damian Debkowski	2dda19aafe	fix: reapply-storage-policy	2 years ago
Louis Ruch	f26243e9af	feat(recording): Delete Session Recording	2 years ago
Damian Debkowski	0a853c2262	feat(handler): reapply storage policy unimplemented	2 years ago
Johan Brandhorst-Satzkorn	07be75b7be	internal/handlers: add pagination to storage policies	2 years ago
Johan Brandhorst-Satzkorn	b454b28912	internal/handlers: add policy list resource type	2 years ago
Louis Ruch	360dd616ff	fix(rate-limiting): Add support for Scope-StoragePolicy actions	2 years ago
Louis Ruch	45de26bfe9	feat(scope): Add API for Attach/Detach StoragePolicy to scope	2 years ago
Damian Debkowski	6ca1bc3c3f	feat(handlers): utilize service func for scope service	2 years ago
Hugo	edbb33de5b	feat(handlers): Implement Policy Service This also includes adding new grant and type primitives, as well as package domain names.	2 years ago
Jeff Mitchell	9332179a01	Remove the deprecated old KMS worker auth mechanism (#3935 ) This has been superceded by the nodeenrollment-based KMS worker auth mechanism. This commit only removes the ability to connect with this mechanism; some upgrade logic will remain intact for a bit and can be removed later.	2 years ago
Timothy Messier	b3bc367534	feat(controller): Expose rate limiting headers via CORS (#4159 ) This adds a Access-Control-Expose-Headers response header to an Options request to allow the rate limiting related headers to be accessible via requests that are subject to CORS.	2 years ago
Johan Brandhorst-Satzkorn	3daa55b913	internal/handlers: add scope list pagination	2 years ago
Michael Milton	52b1c1b4c7	Managed group list pagination (#4208 ) * wip * managed groups pagination * address PR comments * missed one change	2 years ago
Johan Brandhorst-Satzkorn	b7e474d277	internal/handlers: add accounts pagination	2 years ago
Johan Brandhorst-Satzkorn	f38c79a5ce	internal/handlers: add host catalog pagination	2 years ago
Todd	40d9c3fd1d	Paginate iam groups (#4194 )	2 years ago
Michael Milton	8d50a0913f	Auth Method list pagination (#4165 ) * wip * implement list pagination for auth methods * remove unused code * update tests to fix sorting * address PR comments * simplify query, add token tests * change test name * wip sql testing * add boolean column to indicate whether auth methods should be returned to unauthenticated users, remove secrets from api response * is_active_public not null * remove secrets and unwrapping * move not null to immediately after data migration * order public_id descending * fix(db): Fix auth method migrations (#4193) * wip * fix db tests * fix failing api tests * reverse order of create time and update time in test --------- Co-authored-by: Michael Gaffney <mike@gaffney.cc>	2 years ago
Todd	0fad770d8a	Paginate iam user (#4185 ) * paginate iam user	2 years ago
Johan Brandhorst-Satzkorn	050bcdfec9	handlers/host_sets: implement pagination for host sets Adds protobuf types and handler logic to support pagination of host sets.	2 years ago
Johan Brandhorst-Satzkorn	f29d559d60	handlers/session_recordings: add pagination support	2 years ago
Johan Brandhorst-Satzkorn	24130c4313	handlers/storage_buckets: add pagination fields	2 years ago
Johan Brandhorst-Satzkorn	597ac645b2	internal/handlers: fix some comments	2 years ago
Johan Brandhorst-Satzkorn	f89e53d5f0	internal/handlers: tidy up test times	2 years ago
Johan Brandhorst-Satzkorn	17b6ad5c5c	handlers/hosts: implement pagination for hosts Adds protobuf types and handler logic to support pagination of hosts.	2 years ago
Todd	5aa560387c	Add pagination for iam Roles (#4161 ) * Add pagination for iam Roles	2 years ago
Johan Brandhorst-Satzkorn	df93313b9a	all: fix test failures after rebase The stability of the authorized_actions have been removed in main, so we need to add these sorts to all our new tests.	2 years ago
Johan Brandhorst-Satzkorn	0259f2f26b	internal/handlers: add credential store pagination	2 years ago
Todd	3558589c90	Return and consume InvalidListToken error code (#4141 ) * Return and consume InvalidListToken error code	2 years ago
Todd	2d18f82c9f	Rename refresh token errors to list error (#4138 )	2 years ago
Todd	b2fec2e4f0	Store and use refresh tokens in the client cache (#3857 ) * Refresh resources using refresh tokens	2 years ago
Michael Milton	6ba3676c37	Auth token pagination (#4113 ) * Add pagination support for auth tokens * change analyze count estimate comment * adjust queries for efficiency and security * even more efficient queries	2 years ago
Johan Brandhorst-Satzkorn	6b03363eb8	internal/handlers: add credential library pagination	2 years ago
Johan Brandhorst-Satzkorn	9f6ac602ee	internal/handlers: add credential pagination support	2 years ago
Michael Milton	9c3eb16046	Sessions list pagination (#4079 ) * Session list pagination refactor * address pr comments, add explanatory comments, clean up sql queries, move tests into proper files * fix build error * fix test error	2 years ago
Johan Brandhorst-Satzkorn	575e9641f8	Some pagination tweaks (#4074 ) * internal/target: fix some target tests We had dupes and missing test cases, this fixes them. * internal/handlers: move listtoken parsing into helper This significantly simplifies the parsing logic needed in each handler.	2 years ago
Johan Brandhorst-Satzkorn	00c4f825c7	handlers/targets: refactor for new pagination design Refactor the application layer to use the new domain layer pagination functionality.	2 years ago
Johan Brandhorst-Satzkorn	f062a8cd75	internal/handlers: add list token helpers Mostly a rename from refresh token, but also a new helper for assembling the final list token.	2 years ago
Johan Brandhorst-Satzkorn	5984f5bba6	handlers/targets: add pagination support	2 years ago
Johan Brandhorst-Satzkorn	a5b24e79b9	handlers: add refresh token helpers Helpers for parsing, marshalling and converting types to domain types.	2 years ago
Johan Brandhorst-Satzkorn	7b5a4be0ab	internal/auth: add GrantsHash method to results The new GrantsHash method can be used to track changes to a users grants across requests.	2 years ago
Johan Brandhorst-Satzkorn	7c996d0e02	internal/pagination: add new purge package The purge package contains a job that is used to purge records from the foo_deleted tables when they become older than 30 days.	2 years ago
Timothy Messier	a77c88ae5d	feat(ratelimit): Increase default values (#4129 ) This increases the default rate limits to: - 1,500 reqs / 30 seconds for list actions in total - 1,500 reqs / 30 seconds for list actions per IP address - 150 reqs / 30 seconds for list actions per auth token And for all other actions: - 30,000 reqs / 30 seconds for list actions in total - 30,000 reqs / 30 seconds for list actions per IP address - 3,000 reqs / 30 seconds for list actions per auth token This seems to be a reasonable default for a small to medium size cluster based on some scale testing. (cherry picked from commit `237c8b6084`)	2 years ago
Elim Tsiagbey	053421600d	feat(oidc-prompts): Add Validation for Prompts (#4130 ) Add validation to prevent "none" from being combined with multiple prompts. - Valid `["none"]` - Invalid `["none", "select_account"]` - Valid `["consent", "select_account"]`	2 years ago
Timothy Messier	758e7b8bf1	test(credentials): Disable rate limiting for test This test quickly polls a list endpoint, which exceeds the default rate limits before the test can complete in CI.	2 years ago
Timothy Messier	a7730b02ac	test(host_catalog): Fix flaky assertion	2 years ago
Timothy Messier	35b91c66de	refact(ratelimit): Rename MaxEntries to MaxQuotas	2 years ago
Timothy Messier	a150c588bb	feat(controller): Emit sys event detailing the rate limit configuration A sys event will be emitted when the controller is constructed, and if the rate limits are changed via a SIGHUP. The event contains the details of the rate limits for each combination of resource and action. This event can be used by operators to confirm the limits are set as they would expect based on the controller config.	2 years ago

1 2 3 4 5 ...

430 Commits (4e8fe7efae63992680b80e10fa0b780e2a994e96)