boundary

Commit Graph

Author	SHA1	Message	Date
Johan Brandhorst-Satzkorn	3c29308673	chore: Add license headers to all files	3 years ago
Hugo	e455e31f9e	fix(target): Incorrectly allowing whitespace on Target's address field (#2862 )	3 years ago
Haotian	43f0ba89cf	feat(credentiallibraries): support vault ssh certificates	3 years ago
Hugo	0bee55aa19	fix(target): Correct accounting of updated rows when deleting address (#2799 ) If an update call was made to a target that removed an address, for a target that already did not have an address, the incorrect number of rows updated was being reported. During the update the target's version was correctly being updated, resulting in one row being updated. However then the delete call would result in zero rows being deleted, since there was no address associated with the target, and this would replace the value for the returned rowsUpdated. This resulted in the target service thinking that no update happened, and it would report an error.	3 years ago
Damian Debkowski	1d3930a711	feat(handlers): Support address field on a Target	3 years ago
Hugo Vieira	c82d2efb14	feat(cli): Implement address flag for boundary targets create/update This commit adds CLI support for addresses to be attached directly to a Target, for all current types of Target (ssh and tcp). It also clarifies the relevant documentation regarding the autogen of API option functionality.	3 years ago
Irena Rindos	9135cc7668	In absence of ingress filter, use directly connected worker (#2757 ) * directly connected ingress filtering	3 years ago
Irena Rindos	834a2a88f7	feat(targets): Addition of egress and ingress worker filters (#2654 ) * feat(targets): Addition of egress and ingress worker filters	3 years ago
Johan Brandhorst-Satzkorn	edd323b73a	Key Rotation/Destruction (#2477 ) (#2607 ) * Key Rotation/Destruction (#2477) * fix: Correct kms.CreateKeys comment This method does not return anything. * feat(kms): Add new ListKeys method The new ListKeys method wraps the underlying KMS wrapper, returning all the keys in the scope specified. * feat(scopes): Add new scope actions for key management Adds list-keys, rotate-keys and revoke-keys actions for scopes. * feat(scopes): Add ListKeys API endpoint This new endpoint lists all keys in a scope * feat(api): Add ListKeys to Scopes client This has to be a custom function because it is a custom action and doesn't map well to any of the existing templates, or generalises well in a way that would make it reasonable to create a new template. * feat(cli): Add new scopes list-keys command * add RotateKeys function to the kms repository * Add Rotate Keys Endpoint to Scopes Api (#2360) * add rotate keys endpoint * add tests for RotateKeys endpoint * remove that one comment I forgot about * addressing more PR comments * Add Rotate Keys CLI Command (#2395) * add cli command and client * add bats tests * fix some info text and pr comments * write a new rotate keys description * Add Missing DEK Foreign Keys (#2408) * add missing fks * mark key as nullable in gorm * update tests to use a new wrapper with a real key_id * fix formatting in test and add keys for auth_token test * replace key values * revert postgres_40_01_test.go * style: reformat sql for readability * refactor: change type of key_id columns to kms_private_id * Store key_id and scope_id with oplog entries, re-type columns referencing data key version (#2431) * fix(db): Correct types of data key version referencers * fix(oplog): Fix missing error handling * feat(oplog): Store key_id and scope_id with oplog entries This migration truncates all existing oplog entries, as migrating existing data would have been complex and likely unnecessary. * Update view references * Always delete oplog entries when dropping keys * Fix rebase issues * Fix sql tests * Add schema for new kms destruction jobs (#2479) * feat: Add schema for new kms destruction jobs The schema lets us manage destruction jobs per-table while providing a guarantee that only one run is running at a time. * Apply suggestions from code review Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * Fix table reference and tests Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * update domain, api, and cli to all include key versions in outputs (#2472) * update domain, api, and cli to all include key versions in outputs * fix go sum * add migration to fix immutable error * fix final test issue as well as make gen issue * rebase and fix * address johan pr comments * make gen, didn't realize comments were included * update migrations based on new migration 55 file 03 * Move migrations to 56 * feat: Add key version rewrapping function registry (#2478) The new RegisterTableRewrapFn can be used by a domain to register a callback to use when rewrapping data in a specific table name. * feat(kms): Add scopeId to RewrapFn (#2539) This makes it much easier for rewrap functions to look up the correct wrapper and limit the number of rows searched. * Update Root Cert Proto Definition (#2542) * update root cert proto definition to properly identify public_key as the table primary key * add the test fix as well * Rewrap Functions for Encrypted Tables (#2532) * add oidc rewrap * add argon2 config rewrap * add auth token rewrapping * add worker auth cert rewrapping * check the err * add username password credential rewrapping * add ssh private key credential rewrapping * add vault client certificate rewrap function * add host catalog secret rewrap function * cleanup a little * add host vault token rewrap function * add session credential rewrap function * add session rewrap function * add worker auth rewrap function * update test to include full assert gamut * add session rewrap function TEST * bring all tests up to current standards, make more readable, and include full assert gamut * rework all rewrap functions to utilize scope id * update comments, queries, sql refs, etc, in response to PR comments * forgot a comment * remove hmac updates and fix a couple comments again * Rewrapping Registered Tables Test (#2555) * add the registered table test as well as the two missing rewrap functions * address pr comments, add db r/w conversions, cmp.diff, sql comment, remove (now) faulty immutable test * Add ability to list key version destruction jobs, recurring jobs and destroying key versions (#2498) * feat(kms): Add ability to list data key version destruction jobs * feat(scopes): Add ListKeyVersionDestructionJobs * feat(cli): Add list-key-version-destruction-jobs * feat(kms): Add recurring job that performs table rewrapping The new recurring job runs for each job table with a registered rewrapping callback. It attempts to become the running run and start its rewrapping, gracefully handling sudden interruptions by resuming it's work if it finds evidence of sudden interruption. * feat(kms): Add recurring job for destroying key versions The new job monitors the database for data key version destruction jobs that have finished rewrapping all its data, performing the final data key version revocation. * feat(kms): Add DestroyKeyVersion DestroyKeyVersion immediately destroys a key version if it is a root key version or a data key version which encrypts no data. If the data key version encrypts data which needs to be rewrapped, it queues an asynchronous job to complete the rewrapping operation. * feat(scopes): Add DestroyKeyVersion API endpoint * feat(cli): Add scopes destroy-key-version CLI command * Ensure all secret updates include key ID (#2556) * feat(all): Ensure all secret updates include key ID When updating a secret, it is paramount that the key ID is also updated, as it is the only means we have of ensuring that we only destroy keys once there is no more data associated with the key. * Remove fix to session repository for now This breaks the current private key derivation method * add new encrypt/decrypt funcs and made necessary proto changes (#2557) * add new encrypt/decrypt funcs and made necessary proto changes * address all PR comments * fix test panic * add param checking to rewraps * fix(schema): Correctly organize migrations again * Review comments part 1 * Review comments part 2 * Review comments part 3 * Store cert private key, encrypt tofu token (#2583) * fix(session): store cert private key, encrypt tofu token Previously, we would derive a session certificate private key from the session key used in each project, and not store the key. We would also encrypt the tofu token with the database key but not store a reference to this key in the database. This change fixes this by replacing our key derivation with a key generation step, and instead store the generated key, encrypted, in the database. We also ensure that any new tofu tokens are encrypted with the same key. To handle existing sessions, we lazily rewrite the sessions whenever a user lists them. There is a minor risk that a user could end up destroying the database key that encrypts the tofu token before that session has been rewrapped, but this is going to be rare and temporary. * feat(session): Allow the random source for secrets to be configured * Review comments * Minor fixes * More minor fixes * More small fixes Co-authored-by: Danielle Miu <dani.miu@hashicorp.com> Co-authored-by: Danielle <29378233+DanielleMiu@users.noreply.github.com> Co-authored-by: Michael Gaffney <mike@gaffney.cc> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * fix(session): Unset session key ID when scope is deleted Unsetting the key ID allows the session to live beyond the lifetime of the scope, while allowing the scope to cascade delete its keys. * fix(migrations): Rewrite migration 56 tests These tests can no longer use the normal test helpers as they try to use the new oplog table structure, so we have to manually write all the interactions. * fix(migrations): Rename migration 58 file name This was the name used in the release branch, update it to the new migration number. * fix(e2e): Add some comments and debug to kms tests * fix(session): Handle empty project and user IDs in read When a project or user is deleted, the session is automatically canceled and the respective field on the session is unset. LookupSession did not handle this case gracefully, and would error on decryption in this state. Skip decrypting sessions that do not have either a user or project to avoid this error. The decrypted values are not used for a canceled session. * Fix worker test * Increase test timeout Co-authored-by: Danielle Miu <dani.miu@hashicorp.com> Co-authored-by: Danielle <29378233+DanielleMiu@users.noreply.github.com> Co-authored-by: Michael Gaffney <mike@gaffney.cc> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	3 years ago
Irena Rindos	b26814a3cc	move user variables into globals (#2580 ) * move user variables into globals	3 years ago
Johan Brandhorst-Satzkorn	f57454b6b9	Rewrite interface{} to any (#2535 ) * chore: Rewrite interface{} to any * Add ignore revs	3 years ago
Damian Debkowski	546c5dc5be	feat: static json credentials (#2423 )	4 years ago
Jeff Mitchell	53b5e532d5	Remove deprecated methods/fields on targets (#2393 )	4 years ago
Louis Ruch	d7c4c648ec	bug(vault): Correctly handle credential stores with expired tokens (#2399 ) * bug(vault): Correctly handle credential stores with expired tokens Boundary makes use of a database view to perform CRUD operations on Vault credential stores and libraries. This view did not include credential stores with tokens that have expired in Vault, causing errors when attempting to perform any action against them.	4 years ago
Haotian	17ddc301a8	feat(cli): add/set/remove worker tags (#2266 ) * adds CLI commands for add/set/removing worker tags, and respective tests * adds StringSliceMapVar Flag to convert a string from the CLI to a map[string][]string value	4 years ago
Jeff Mitchell	02dd28f587	Add support for SSH private key passphrases (#2331 ) This adds support for encrypted SSH keys via passphrase. Co-authored-by: Louis Ruch <louisruch@gmail.com> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	4 years ago
Louis Ruch	a17e973712	feat(credentials): Refactor credential purposes (#2260 ) * feat(credentials): Refactor credential purposes * Application credentials have been refactored to Brokered credentials * Egress credentials have been refactored to Injected Application credentials Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	4 years ago
Jeff Mitchell	011e2e7425	Add ssh private key type and add type to static store (#2262 ) Co-authored-by: Louis Ruch <louisruch@gmail.com>	4 years ago
Jeff Mitchell	8c56a5648d	Migrate plugin host/set/catalog prefixes to typed (#2256 ) * Migrate plugin host/set/catalog prefixes to typed * Add credential store typing too	4 years ago
Jeff Mitchell	704d68848c	Merge remote-tracking branch 'origin/main' into llb-byow	4 years ago
Louis Ruch	68eb6e2bed	chore(targets): remove deprecated credential libraries on target resources (#1533 )	4 years ago
Louis Ruch	00dfea1244	feat(target): Add support for static credential as target credential sources	4 years ago
Louis Ruch	58d546cdd4	feat(credential): Add static credential store and username_password credential	4 years ago
Damian Debkowski	3441fa0447	(fix) added more context to error details for cli command (#2170 ) * (test) added more context to error details for cli commands * (fix) refactor solution to utilize custom error type casting * (test) added api unit test to validate InvalidArgumentError return message * Update internal/types/subtypes/error.go Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com> * (refactor) rename InvalidArgumentError into UnknownSubtypeIDError Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>	4 years ago
Todd	06a2f4ce9c	Require default ports to be defined for newly created tcp targets. (#2148 )	4 years ago
Jim	70c5da1048	feature (workers): add repository CreateWorker(...) (#2105 )	4 years ago
Timothy Messier	c2d632f1a2	test(targets): Prevent panic due to non-deterministic order (#2086 ) This test was using the third element in the result from a list request to craft the input for the next assertion. However, one of the test targets that is created does not have a default port set. Since the target list call is not ordered, sometimes this element could be the third element and a panic would result when default port interface was converted to a float64. This fixes the panic like: --- FAIL: TestList (1.31s) panic: interface conversion: interface {} is nil, not float64 [recovered] panic: interface conversion: interface {} is nil, not float64 goroutine 1694 [running]: testing.tRunner.func1.2({0x14b2320, 0xc002f486f0}) /prefix/usr/lib/go/src/testing/testing.go:1389 +0x24e testing.tRunner.func1() /prefix/usr/lib/go/src/testing/testing.go:1392 +0x39f panic({0x14b2320, 0xc002f486f0}) /prefix/usr/lib/go/src/runtime/panic.go:838 +0x207 github.com/hashicorp/boundary/internal/tests/api/targets_test.TestList(0xc000f81380) /go/src/github.com/hashicorp/boundary/internal/tests/api/targets/target_test.go:193 +0x174b testing.tRunner(0xc000f81380, 0x2b933a8) /prefix/usr/lib/go/src/testing/testing.go:1439 +0x102 created by testing.(*T).Run /prefix/usr/lib/go/src/testing/testing.go:1486 +0x35f FAIL github.com/hashicorp/boundary/internal/tests/api/targets 5.742s FAIL Refs: #2003	4 years ago
Todd	472d7d520a	Remove the server_id from session table, change it to worker_id on session_connection (#2070 ) * Remove the server_id from session table, change it to worker_id on session_connection This is step 1 in updating the worker table. The worker is becoming a public resource so it must have a public id. We drop the server_id column on the session_connection table and add the worker_id column so we can use the wt_public_key type. Since db migrations are applied while the controller is offline, it should be safe to assume all session connections are not in a running state, thus allowing us to null out all the worker ids in the session_connection table. For now we don't have very good enforcement of the wt_public_id constraints, since the id is currently defined in the worker config, but this will soon change and the worker's id will be generated by the controller.	4 years ago
Todd	b58dada40d	Move the server daemons into their own package (#2061 ) * Move the server daemons into their own package With this change the internal/server package now is dedicated to the server domain (workers and controllers) and not to the server daemons. The hope is that this will make it easier to keep the daemons decoupled from the representation of the servers in the database.	4 years ago
Johan Brandhorst-Satzkorn	7f9b294a7e	refact(all): Use testing.TB for test helpers Our test helper packages were not possible to use with benchmarks. This refactor switches to testing.TB to allow both tests and benchmarks to use the helpers.	4 years ago
Todd	a1cf3234ed	url.PathEscape resource ids in the sdk before sending building a request. (#2035 )	4 years ago
Timothy Messier	3be5c44907	feat(target): Classify resources for audit events	4 years ago
Timothy Messier	c8be4a9890	refact(target): Switch subtype attributes to oneof This updates the target resources to use a oneof for attributes. This allows requests to the targets service to leverage the new subtypes.AttributeTransformerInterceptor so that attributes are strongly typed prior to the service handler.	4 years ago
Johan Brandhorst-Satzkorn	8c452b0991	feat(authmethods): Add classification to all fields	4 years ago
Timothy Messier	2ade7f34a8	feat(users): Classify resources for audit events	4 years ago
Timothy Messier	006fa3a85a	feat(session): Classify resources for audit events	4 years ago
Timothy Messier	38a3960047	feat(role): Classify resources for audit events	4 years ago
Timothy Messier	4599e64cab	feat(event): Remove BOUNDARY_DEVELOPER_ENABLE_EVENTS env var	4 years ago
Timothy Messier	1af803780c	feat(controller): Reorder interceptor stack The new `subtype.AttributeTransformerInterceptor` can return an error if it fails to transform the attributes. This is mainly if invalid attribute fields were included for a particular subtype. This error case used to be checked in the grpc service handler functions. However, now that it is happening in the interceptor, the `errorInterceptor` needs to be moved up in the stack so that it will process the response of the new transformation interceptor. The `errorInterceptor` used to be after the `auditRequestInterceptor` and prior to the `auditResponseInterceptor`, meaning that the `auditResponseInterceptor` would have access to the result of the `errorInterceptor`. But it seems the `auditRequestInterceptor` does not use or need any of the headers set by the `errorInterceptor` so it should be safe to move the `errorInterceptor`. This is important since the `subtype.AttributeTransformerInterceptor` needs to be before the audit interceptors in the stack to properly transform requests/responses so they can be audited with the complete classification information.	4 years ago
Timothy Messier	6ad9aba505	feat(credentialstore): Classify resources for audit events	4 years ago
Timothy Messier	00e57b20a2	feat(credentiallibrary): Classify resources for audit events	4 years ago
Timothy Messier	95315a3e0a	feat(groups): Classify resources for audit events	4 years ago
Timothy Messier	e2eca03d26	feat(managedgroups): Classify resources for audit events	4 years ago
Timothy Messier	9643f7af76	test(managedgroups): Add api tests for managed-groups endpoints	4 years ago
Johan Brandhorst-Satzkorn	fc6cddfc7f	feat(authtokens): Add classification to all fields (#1996 )	4 years ago
Johan Brandhorst-Satzkorn	d51ce41db8	feat(hostsets): Classify all proto fields	4 years ago
Johan Brandhorst-Satzkorn	8fa3e8dee0	feat(hostcatalogs): Classify all proto fields	4 years ago
Johan Brandhorst-Satzkorn	5440195cce	feat(hosts): Classify host proto fields	4 years ago
Johan Brandhorst-Satzkorn	a2bff4efdf	feat(authmethods): Add typed attributes to authenticate request and response The AuthenticateRequest and AuthenticateResponse types have a complex mapping rule system, which requires a pair of custom callback functions.	4 years ago
Johan Brandhorst-Satzkorn	53481146fd	feat(authmethods): add well typed attribute options (#1972 ) Add well typed attribute options to the authmethods proto definitions, while hiding them from being rendered in the openapiv2 spec.	4 years ago

1 2

81 Commits (84b410974b73bfea8682f5fa63cc027ba145dfd4)