boundary

Commit Graph

Author	SHA1	Message	Date
Jeff Mitchell	c149bc4a79	Allow slashes in authorize-session when using target name (#3249 ) This requires specifying `**` as the selector in the proto, which will match any segments and simply requires that the verb is the last part of the URL, which it already is.	3 years ago
Jeff Mitchell	769a7c9e1c	Remove cleanup calls for test controller/worker (#3245 ) A previous commit added a call to t.Cleanup in the NewTestController/NewTestWorker commands; as a result these statements are no longer needed.	3 years ago
Johan Brandhorst-Satzkorn	e04438b7f8	authmethods: fix test broken by LDAP These tests were never updated for LDAP	3 years ago
Jim	667ea285be	feature (boundary dev): add support for dev ldap auth method (#3192 )	3 years ago
Jeff Mitchell	20391e3503	Add default client port to targets and use in connect command (#2767 )	3 years ago
Johan Brandhorst-Satzkorn	c1a61b9e34	internal/tests/cluster: switch flaky test to polling (#3153 ) * internal/tests/cluster: switch flaky test to polling Also extend deadline from 10 seconds to 1 minute, hopefully this should fix any flakiness in this test. * fixup! internal/tests/cluster: switch flaky test to polling	3 years ago
Jeff Mitchell	bdf7bf7702	Do not allow PKI-KMS workers to have names updated via API (#3143 ) Do not allow PKI-KMS workers to have names updated via API This would cause their public IDs to change, which we do not want. Descriptions are also disallowed, since those come from the config file. This also adds logic to allow upgrading from old KMS method to new, with a test. Co-authored-by: Irena Rindos <irenarindos@users.noreply.github.com>	3 years ago
Jeff Mitchell	163ce184b8	KMS-PKI Workers (#3101 ) This adds a new mechanism for worker authentication that uses the third-party arbitration of the original KMS flow by leveraging recently-added capabilities in nodeenrollment to support a registration wrapper. This allows for workers to be registered to the system with just a name and a matching wrapper, while at the same time allowing these workers to be used for private Vault access and multi-hop as they contain per-worker encryption keys and support rotation. Nodes using this mode will generate and rotate credentials in-memory (using another recently added nodeenrollment capability) so will have a new set of keys on every startup. This has the side effect of ensuring that there is never a conflict or re-use of these credentials. Note that the normal test worker flow was using the now-deprecated KMS method; there is still a test that uses this (explicitly) but all other tests using test workers that did not specify a specific PKI flow now actually use this mechanism. This means there is fairly decent test coverage in a general sense, plus the specific tests updated/added for this feature. This also adds a new KMS type that can be used to have distinct KMSes for upstream authentication vs. accepting from downstream.	3 years ago
Elim Tsiagbey	b2376356dd	Bats Tests: Target Host Sources (#3107 ) * Bats Tests: Target Host Sources - Add bats test coverage for adding a Host Source to a Target - Create `target_host_sources.bash` file with helper functions for bats test file ## Considerations Created new resources like a target & host catalog instead of using already created resources because the changes could affect existing tests and it made it easy to change the newly created resources	3 years ago
Jim	86192f75eb	feature (auth/ldap): add LDAP auth method along with associated accounts and managed groups (#2912 ) * feature (auth): required schema changes for auth ldap method (#2669) chore (auth/ldap): move schema changes to next avail migration number * feature (auth/ldap): define AuthMethod and all its value objects (#2703) * feature (auth/ldap): storage protos * feature (auth/ldap): define AuthMethod and all its value objects * feature (auth/ldap): add repo and reading an auth method (#2718) * feature (auth/ldap): add Repository.CreateAuthMethod(...) and Repository.DeleteAuthMethod(...) (#2724) * feature (auth/ldap): add Repository.UpdateAuthMethod(...) (#2739) * feature (auth/ldap): add Account * feature (auth/ldap): add AuthMethod.EnableGroups * fix (auth/ldap): refactor AuthMethod.oplog to enforce proper constraints * feature (auth/ldap): add Account repo functions * refactor (auth/ldap): remove entry attributes from account Realized the entry attributes could have absolutely anything in them (including binary data) and since we absolutely don't have to have them there's just no reason to take on the risk. * feature (auth/ldap): add AuthMethod.UseTokenGroups * feature (auth/ldap): add Authenticate(...) * refactor (auth/ldap): ensure options take a context as the 1st parameter * feature (auth/ldap): add Account attribute maps * chore (auth/ldap): make fmt deltas * feature (auth/ldap): add managed groups (#2760) * tests (auth/ldap): add missing unit test to Repository.DeleteAccount(...) Add bits to test the delete operation when you're not able to generate oplog metadata * feature (auth/ldap): add managed groups fixup! feature (auth/ldap): add managed groups (#2760) * feature (auth/ldap): service proto definition (#2761) * feature (handlers/authmethods): add handlers for ldap auth method operations (#2794) * feature (auth/ldap): add Account attribute maps * chore (auth/ldap): update cap/ldap to latest version * feature (auth/ldap): add ldap api generation definitions * feature (authmethods): add ldap repo NewService(...) * feature (authmethods/ldap): add proper mask_mapping to protobufs * feature (authmethods): add support to get an ldap auth method * refactor (auth/ldap): export TestGenerateCA(...) * feature (authmethods): add support to create an ldap auth method * feature (authmethods): add support to delete an ldap auth method * feature (authmethods): add support to list ldap auth methods * refactor (auth/ldap): make urls optional for NewAuthMethod(...) * refactor (auth/ldap): export ldap.TestInvalidPem * chore: make fmt changes * fix (auth/ldap): properly handle group search config Add constraints and tests to ensure when an ldap AuthMethod.EnableGroups is true, and UseTokenGroups is false; that there's a GroupDn configured for finding a user's associated groups * feature (authmethods): add support to update an ldap auth methods * chore (db/ldap): tmp mv migrations so there's no conflict with ongoing work * feature (verifier): add ldap auth method to verifier bits * fix (controller): prevent panic when controller stops when there's no listener * feature (authmethods): add support to authenticate via ldap auth methods * chore (migrations): fix whitespace in stmt * chore: fmt fixup * tests (auth/ldap): invalid err msg * feature (cli/authmethods): add support for ldap auth-methods CRUD and authenticate (#2810) * feature (authmethods): add CLI support for ldap auth methods CRUD * tests (api/auth): ldap auth method classification tests * feature (authmethods): add CLI support for ldap auth authenticate * feature (auth/ldap): set request timeouts for ldap server connections * feature (handlers/authmethods): handle u_anon listing properly. * feature (account/handers): ldap account and managed group CRUDL APIs (#2852) * feature (auth/ldap) add repository Listing of ManagedGroupMemberAccount * feature (controller/handlers): add ldapRepoFn to accounts service * feature (auth/ldap) register ldap managed group subtype * feature (account/handlers): ldap account CRUDL APIs * feature (controller/handlers): add ldapRepo to managed groups service * feature (account/handlers): ldap managed group CRUDL APIs * docs (domain): add LDAP accounts, auth-methods and managed groups (#2857) * feature (ldap/cli) add ldap accounts and managed groups CRUDL commands (#2856) * fix (handlers/authmethods): fix ldap authorized actions (#2892) * feature (cli/ldap/authenticate): use primary auth method if none is provided (#2890) * fix (auth/ldap): support setting the state attribute * feature (cli/ldap/authenticate): use primary auth method if none is provided * feature (wh/ldap) add tests for new ldap auth method and accounts (#2919) * refactor (migrations/ldap): mv to correct directory * chore: add copyright headers * fix (api/authmethods/ldap): renumber new LdapAuthMethodAttributes field * fix (auth/ldap): allow the auth method state to be updated (#2951) * chore: update sdk and api versions for llb - this is tmp until merging * tests (managed groups): add required errContains for new test	3 years ago
Damian Debkowski	bbbd6b1e51	backport 0.12.1 release (#3079 ) * chore: update version * fix(tests): break out of infinite loop for bats tests * chore: update changelog * fix: make-gen-delta check	3 years ago
Jeff Mitchell	b76b24a4ad	Move prefixes for many packages into the globals package (#3069 ) This is a prerequisite for some enhancements to grant validation	3 years ago
Johan Brandhorst-Satzkorn	3c29308673	chore: Add license headers to all files	3 years ago
Timothy Messier	718e183a1e	fix(credentiallibraries): Correctly populate attrs for vault-generic (#2901 )	3 years ago
Timothy Messier	f9a2f44f5b	test(cli): Add tests for vault-ssh-certificate credential library This adds tests for updating specific fields of the credential library.	3 years ago
Timothy Messier	e66ea15fef	fix(cli): Status code on api error When using the json output of the cli (`-format=json`), a successful call to the controller API would place the HTTP status code in the JSON as `status_code`. However, if there was an error from the API the status code would be placed in the JSON as `status`. In order to be consistent, this adds a `status_code` field to the error response case. For backwards compatibility it still populates `status` in the error case. This inconsistency was missed partially due to a bug in the CLI tests. The assertion on status code was not valid and would always be successful. Thus this also fixes the assertions and tests.	3 years ago
Hugo	e455e31f9e	fix(target): Incorrectly allowing whitespace on Target's address field (#2862 )	3 years ago
Timothy Messier	89a55632ba	feat(cli): Add vault ssh certificate credential library	3 years ago
Haotian	43f0ba89cf	feat(credentiallibraries): support vault ssh certificates	3 years ago
Hugo	0bee55aa19	fix(target): Correct accounting of updated rows when deleting address (#2799 ) If an update call was made to a target that removed an address, for a target that already did not have an address, the incorrect number of rows updated was being reported. During the update the target's version was correctly being updated, resulting in one row being updated. However then the delete call would result in zero rows being deleted, since there was no address associated with the target, and this would replace the value for the returned rowsUpdated. This resulted in the target service thinking that no update happened, and it would report an error.	3 years ago
Damian Debkowski	1d3930a711	feat(handlers): Support address field on a Target	3 years ago
Hugo Vieira	c82d2efb14	feat(cli): Implement address flag for boundary targets create/update This commit adds CLI support for addresses to be attached directly to a Target, for all current types of Target (ssh and tcp). It also clarifies the relevant documentation regarding the autogen of API option functionality.	3 years ago
Irena Rindos	9135cc7668	In absence of ingress filter, use directly connected worker (#2757 ) * directly connected ingress filtering	3 years ago
Irena Rindos	173e1587d0	Append initial worker upstreams if current upstreams are unresponsive (#2698 ) * Append initial worker upstreams if current upstreams are unresponsive	3 years ago
Irena Rindos	834a2a88f7	feat(targets): Addition of egress and ingress worker filters (#2654 ) * feat(targets): Addition of egress and ingress worker filters	3 years ago
Johan Brandhorst-Satzkorn	edd323b73a	Key Rotation/Destruction (#2477 ) (#2607 ) * Key Rotation/Destruction (#2477) * fix: Correct kms.CreateKeys comment This method does not return anything. * feat(kms): Add new ListKeys method The new ListKeys method wraps the underlying KMS wrapper, returning all the keys in the scope specified. * feat(scopes): Add new scope actions for key management Adds list-keys, rotate-keys and revoke-keys actions for scopes. * feat(scopes): Add ListKeys API endpoint This new endpoint lists all keys in a scope * feat(api): Add ListKeys to Scopes client This has to be a custom function because it is a custom action and doesn't map well to any of the existing templates, or generalises well in a way that would make it reasonable to create a new template. * feat(cli): Add new scopes list-keys command * add RotateKeys function to the kms repository * Add Rotate Keys Endpoint to Scopes Api (#2360) * add rotate keys endpoint * add tests for RotateKeys endpoint * remove that one comment I forgot about * addressing more PR comments * Add Rotate Keys CLI Command (#2395) * add cli command and client * add bats tests * fix some info text and pr comments * write a new rotate keys description * Add Missing DEK Foreign Keys (#2408) * add missing fks * mark key as nullable in gorm * update tests to use a new wrapper with a real key_id * fix formatting in test and add keys for auth_token test * replace key values * revert postgres_40_01_test.go * style: reformat sql for readability * refactor: change type of key_id columns to kms_private_id * Store key_id and scope_id with oplog entries, re-type columns referencing data key version (#2431) * fix(db): Correct types of data key version referencers * fix(oplog): Fix missing error handling * feat(oplog): Store key_id and scope_id with oplog entries This migration truncates all existing oplog entries, as migrating existing data would have been complex and likely unnecessary. * Update view references * Always delete oplog entries when dropping keys * Fix rebase issues * Fix sql tests * Add schema for new kms destruction jobs (#2479) * feat: Add schema for new kms destruction jobs The schema lets us manage destruction jobs per-table while providing a guarantee that only one run is running at a time. * Apply suggestions from code review Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * Fix table reference and tests Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * update domain, api, and cli to all include key versions in outputs (#2472) * update domain, api, and cli to all include key versions in outputs * fix go sum * add migration to fix immutable error * fix final test issue as well as make gen issue * rebase and fix * address johan pr comments * make gen, didn't realize comments were included * update migrations based on new migration 55 file 03 * Move migrations to 56 * feat: Add key version rewrapping function registry (#2478) The new RegisterTableRewrapFn can be used by a domain to register a callback to use when rewrapping data in a specific table name. * feat(kms): Add scopeId to RewrapFn (#2539) This makes it much easier for rewrap functions to look up the correct wrapper and limit the number of rows searched. * Update Root Cert Proto Definition (#2542) * update root cert proto definition to properly identify public_key as the table primary key * add the test fix as well * Rewrap Functions for Encrypted Tables (#2532) * add oidc rewrap * add argon2 config rewrap * add auth token rewrapping * add worker auth cert rewrapping * check the err * add username password credential rewrapping * add ssh private key credential rewrapping * add vault client certificate rewrap function * add host catalog secret rewrap function * cleanup a little * add host vault token rewrap function * add session credential rewrap function * add session rewrap function * add worker auth rewrap function * update test to include full assert gamut * add session rewrap function TEST * bring all tests up to current standards, make more readable, and include full assert gamut * rework all rewrap functions to utilize scope id * update comments, queries, sql refs, etc, in response to PR comments * forgot a comment * remove hmac updates and fix a couple comments again * Rewrapping Registered Tables Test (#2555) * add the registered table test as well as the two missing rewrap functions * address pr comments, add db r/w conversions, cmp.diff, sql comment, remove (now) faulty immutable test * Add ability to list key version destruction jobs, recurring jobs and destroying key versions (#2498) * feat(kms): Add ability to list data key version destruction jobs * feat(scopes): Add ListKeyVersionDestructionJobs * feat(cli): Add list-key-version-destruction-jobs * feat(kms): Add recurring job that performs table rewrapping The new recurring job runs for each job table with a registered rewrapping callback. It attempts to become the running run and start its rewrapping, gracefully handling sudden interruptions by resuming it's work if it finds evidence of sudden interruption. * feat(kms): Add recurring job for destroying key versions The new job monitors the database for data key version destruction jobs that have finished rewrapping all its data, performing the final data key version revocation. * feat(kms): Add DestroyKeyVersion DestroyKeyVersion immediately destroys a key version if it is a root key version or a data key version which encrypts no data. If the data key version encrypts data which needs to be rewrapped, it queues an asynchronous job to complete the rewrapping operation. * feat(scopes): Add DestroyKeyVersion API endpoint * feat(cli): Add scopes destroy-key-version CLI command * Ensure all secret updates include key ID (#2556) * feat(all): Ensure all secret updates include key ID When updating a secret, it is paramount that the key ID is also updated, as it is the only means we have of ensuring that we only destroy keys once there is no more data associated with the key. * Remove fix to session repository for now This breaks the current private key derivation method * add new encrypt/decrypt funcs and made necessary proto changes (#2557) * add new encrypt/decrypt funcs and made necessary proto changes * address all PR comments * fix test panic * add param checking to rewraps * fix(schema): Correctly organize migrations again * Review comments part 1 * Review comments part 2 * Review comments part 3 * Store cert private key, encrypt tofu token (#2583) * fix(session): store cert private key, encrypt tofu token Previously, we would derive a session certificate private key from the session key used in each project, and not store the key. We would also encrypt the tofu token with the database key but not store a reference to this key in the database. This change fixes this by replacing our key derivation with a key generation step, and instead store the generated key, encrypted, in the database. We also ensure that any new tofu tokens are encrypted with the same key. To handle existing sessions, we lazily rewrite the sessions whenever a user lists them. There is a minor risk that a user could end up destroying the database key that encrypts the tofu token before that session has been rewrapped, but this is going to be rare and temporary. * feat(session): Allow the random source for secrets to be configured * Review comments * Minor fixes * More minor fixes * More small fixes Co-authored-by: Danielle Miu <dani.miu@hashicorp.com> Co-authored-by: Danielle <29378233+DanielleMiu@users.noreply.github.com> Co-authored-by: Michael Gaffney <mike@gaffney.cc> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * fix(session): Unset session key ID when scope is deleted Unsetting the key ID allows the session to live beyond the lifetime of the scope, while allowing the scope to cascade delete its keys. * fix(migrations): Rewrite migration 56 tests These tests can no longer use the normal test helpers as they try to use the new oplog table structure, so we have to manually write all the interactions. * fix(migrations): Rename migration 58 file name This was the name used in the release branch, update it to the new migration number. * fix(e2e): Add some comments and debug to kms tests * fix(session): Handle empty project and user IDs in read When a project or user is deleted, the session is automatically canceled and the respective field on the session is unset. LookupSession did not handle this case gracefully, and would error on decryption in this state. Skip decrypting sessions that do not have either a user or project to avoid this error. The decrypted values are not used for a canceled session. * Fix worker test * Increase test timeout Co-authored-by: Danielle Miu <dani.miu@hashicorp.com> Co-authored-by: Danielle <29378233+DanielleMiu@users.noreply.github.com> Co-authored-by: Michael Gaffney <mike@gaffney.cc> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	3 years ago
Jeff Mitchell	0c96c6ff6c	Split grace period into multiple config values (#2578 ) (#2603 ) Co-authored-by: Todd <github@quaddi.com>	3 years ago
Michael Li	067530cdbf	fix(test): Retry websocket connection due to flaky failure (#2584 ) We have observed several unit tests occasionally fail when trying to read a handshake due to the following error: failed to read protobuf message: failed to get reader: received close frame: status = StatusProtocolError and reason = "received header with unexpected rsv bits set: false:false:true" After an investigation, it's still unclear how this happens. We are opting to just retry to mitigate the flakiness.	4 years ago
Irena Rindos	b26814a3cc	move user variables into globals (#2580 ) * move user variables into globals	4 years ago
Hugo Vieira	c81398cbf3	feat(worker): Report bytes up and down on Status updates With this commit, the Worker now sends BytesUp and BytesDown for each of the connections it handles to the Controller in the Status request. The Controller then persists these fields to the database. There is also a new trigger to prevent bytes_up and bytes_down to change after a connection has been closed, as the last update to a session_connection row should be the one that is performed as part of the connection closure process.	4 years ago
Johan Brandhorst-Satzkorn	f57454b6b9	Rewrite interface{} to any (#2535 ) * chore: Rewrite interface{} to any * Add ignore revs	4 years ago
Michael Li	5b0ff4f058	test(e2e): Port "credential stores deletion check" from bats test to e2e test suite The "can not read deleted $NEW_STORE static store" bats test was demonstrating flaky behavior where it would fail due to the credential store read still returning something valid. This check has been moved to an e2e test in order to add some retry logic to the check.	4 years ago
Todd	c2d02966c6	When checking authorized actions, read the worker we created for the test. (#2548 )	4 years ago
Michael Li	16e90ddd35	fix(bats): Fix flakiness in sessions.bats tests (#2537 ) The sessions.bats tests were seeing some flaky behavior when listing sessions but not getting the expected amount back. This is due to the connect_nc command that is currently used, which will immediately set the session to be "canceled" once it returns. This can cause subsequent operations to get unexpected results (sometimes, listing sessions would return an empty list if the created sessions go to a "terminated" state).	4 years ago
Todd	1437d5452d	Filter out null named workers when looking up the worker id in bats (#2531 )	4 years ago
Todd	c9d902ebd0	Add worker create, list, read, update, and delete cli ui tests. (#2384 )	4 years ago
Johan Brandhorst-Satzkorn	5dbcda512a	Fix enos bats test errors (#2468 ) * test(cli): Remove skips in CI for cli tests * fix(enos): Fix enos bats tests The tests still sometimes suffer from timing issues, but I was able to run a successful run (setup, run, destroy) of the tests from my machine at least once. There were 2 issues: - Some tests in groups.bats were hardcoding the default user id - The default grants for a user in a project were missing the permission to connect to a target. We now add this explicitly. Co-authored-by: Timothy Messier <tim.messier@gmail.com>	4 years ago
Irena Rindos	d951e1ebc1	Worker graceful shutdown (#2455 ) * add graceful shutdown to worker	4 years ago
Damian Debkowski	546c5dc5be	feat: static json credentials (#2423 )	4 years ago
Timothy Messier	f28bcd4aa7	chore(cli): Run bats tests against boundary dev in CI Several of these tests are being skipped in the enos run. This seems to be due to differences in the setup that is performed. When these tests were run manually, `boundary dev` was used which performs some setup of resources automatically. However since enos uses a non-dev controller, a similar setup is performed via the enos modules. Until the discrepancies between the setup can be investigated, this adds a separate CI job to run the tests against `boundary dev`. These tests are all passing, without any being skipped. This test suite can still be useful even if the enos version is fixed, since this test suite will run much faster, and therefore identify failures sooner.	4 years ago
Timothy Messier	c41e31381d	test(cli): Fix session read and cancellation test	4 years ago
Jeff Mitchell	53b5e532d5	Remove deprecated methods/fields on targets (#2393 )	4 years ago
Louis Ruch	d7c4c648ec	bug(vault): Correctly handle credential stores with expired tokens (#2399 ) * bug(vault): Correctly handle credential stores with expired tokens Boundary makes use of a database view to perform CRUD operations on Vault credential stores and libraries. This view did not include credential stores with tokens that have expired in Vault, causing errors when attempting to perform any action against them.	4 years ago
Haotian	17ddc301a8	feat(cli): add/set/remove worker tags (#2266 ) * adds CLI commands for add/set/removing worker tags, and respective tests * adds StringSliceMapVar Flag to convert a string from the CLI to a map[string][]string value	4 years ago
Irena Rindos	dde0c35f23	Update request data in session manager (#2369 ) * bug(session): Update request data in session manager	4 years ago
Jeff Mitchell	02dd28f587	Add support for SSH private key passphrases (#2331 ) This adds support for encrypted SSH keys via passphrase. Co-authored-by: Louis Ruch <louisruch@gmail.com> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	4 years ago
Jeff Mitchell	3f5d265cfd	Update bats tests with new password paradigm	4 years ago
Jeff Mitchell	d92cbac37d	Update enos/bats with changes	4 years ago
Ryan Cragun	9169c6bacb	[QTI-220] Add infrastructure integration testing (#2282 ) * [QTI-275] Add infrastructure integration testing On pull requests that originate from branches of the `hashicorp/boundary` repo, we now conditionally dispatch infrastructure integration tests using the Enos framework. The `integration` Enos scenario includes two `builder` variants which allow developers or CI to deploy a Boundary cluster in AWS using either a local `boundary` install bundle or that which is produced in the `build` workflow for CRT. The `test` variants determine which type of infrastructure integration test to run. At present those options are `cli_ui` (Bats CLI tests) or `smoke` (creates target instances and a target host catalog and verifies that `boundary` works). In addition to the new workflow and quality scenarios, we simplified the some `build` workflow steps and added Go module caching to speed up the build pipeline. See the [enos/README.md](https://github.com/hashicorp/boundary/blob/main/enos/README.md) for a detailed explanation on how to configure and execute Enos scenarios from your machine. Signed-off-by: Ryan Cragun <me@ryan.ec> Co-authored-by: Rebecca Willett <rwillett@hashicorp.com> Co-authored-by: Josh Branch <jbrand@hashicorp.com>	4 years ago
Todd	1aad2627c8	OSS side of second downstream connections (see enterprise PR 69) (#2292 )	4 years ago

1 2 3 4

169 Commits (ac67b8d7f5dc98d7c1d7eed130b033106978a417)