boundary

Commit Graph

Author	SHA1	Message	Date
Jim	dc89ca28a1	feat: add API support for additional LDAP auth method fields. (#3679 ) * feat (auth/ldap): add Repo support for max page size and deref aliases (#3670) * chore: update cap/ldap dependency This latest version of cap/ldap adds support for MaxPageSize and DerefAliases * feat (auth/ldap): add MaxPageSize and DerefAliases to storage proto * feat (api/authmethods): add new ldap fields. Add support for maximum_page_size and dereference_aliases * feat (auth/ldap): schema changes to support new LDAP attributes * feat (auth/ldap): add Repo support for max page size and deref aliases * feat (handlers/ldap): add support for new fields (#3674) Added API support for new ldap fields: MaximumPageSize and DereferenceAliases * chore: add CHANGELOG entry for new api auth ldap fields	3 years ago
Elim Tsiagbey	fabd4093de	feat: Worker Connectivity Health Check (#3650 ) * feat: Worker Connectivity Health Check Add worker upstream connection state. API calls to the worker's ops `/heath?worker_info=1` endpoint should now return a new filed called `upstream_connection_state` ``` { "worker_process_info":{ "state":"active", "active_session_count":0, "upstream_connection_state":"READY" } } ``` The states returned will be GRPC connection states: https://grpc.github.io/grpc/core/md_doc_connectivity-semantics-and-api.html There could be multiple upstream addresses but GRPC manual resolver determines the state of the connection.	3 years ago
Johan Brandhorst-Satzkorn	90cf20d0dd	handlers/targets/tcp: run tests in parallel (#3639 ) This reduces the runtime from 79s to 24s on my machine	3 years ago
hashicorp-copywrite[bot]	29da0bcb92	[COMPLIANCE] License changes (#3567 ) * Adding explicit MPL license for sub-package. This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at https://hashi.co/bsl-blog, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * Update copyright file headers to BUS-1.1 * Rerun make gen This will pick up the last of the license changes * Revert "Rerun make gen" This reverts commit `dbe0968bff`. * Remove copywrite from generation script The current version of copywrite is not sophisticated enough to only apply the copywrite changes to certain subdirectories, so to avoid accidentally relicensing our api and sdk modules, we will stop running the copywrite script until such time that it can do the right thing. * License protobuf API as MPL The protobuf API files are used to generate the SDK, since we want the SDK to be MPL, the protobuf files must also be MPL. This extends to all protobuf files whose sources end up in the SDK directory, including: - internal/proto/controller/api - internal/proto/controller/custom_options - internal/proto/plugin It also includes the generated service directory in internal/gen/controller/api/services, since they are generated from the protobuf sources used for the SDK. * Change website license file name This makes the naming scheme consistent with the rest of the repository. * Add note on licensing to README * Set copywrite license to BUSL * Revert "Add note on licensing to README" This reverts commit `4d865a91a7`. --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>	3 years ago
Lars Lehtonen	ecadeaee2d	internal/daemon/controller/handlers/sessions: fix dropped error (#3529 )	3 years ago
Jim	f8ea8c9744	fix (ldap): support only updating the bind-dn and/or bind-password (#3511 ) * fix (ldap): support only updating the bind-dn and/or bind-password * chore: changelog entry for PR #3511	3 years ago
Irena Rindos	39953fe329	fix(targets): return LookupTargets error in AuthorizeSession (#3484 ) * fix(targets): return LookupTargets error in AuthorizeSession	3 years ago
Jim	474afe4671	fix: allow ldap managed grps to be set and removed as principals… (#3363 )	3 years ago
Jim	84cc3a5988	fix(ldap managed grp): allow ldap managed grps to be added as principals (#3361 )	3 years ago
Jeff Mitchell	8322916fb4	Remove all deprecated Err/Wrap/E calls (#3286 )	3 years ago
Jeff Mitchell	feb3aea38f	Support multiple IDs in grants (#3263 ) This allows specifying multiple IDs in grants via an `ids` field, which will eventually become the normal way to specify IDs. Internally, each grant with multiple IDs turns into multiple ACL grants each with a single ID; to make this distinction clearer and allow for better separation of concerns an AclGrant type has been introduced, so really multiple IDs in a Grant turn into multiple AclGrants. The nice thing about doing it this way is that it becomes purely a parsing concern; no actual validation logic has changed. For backwards compatibility with grants already stored in roles, we do not error out if `id` is specified. However, eventually we will simply not support grants with `id` coming via the API; they will fail API validation, such that new grants will require the use of the updated `ids` field. A follow-on PR will plumb this through the service handlers/API/CLI, but I decided to do it in separate chunks to make reviewing easier, given that they are easily separable into the internal and external aspects of the change. * Add CLI/API checks around using ID in grants (#3264) * Plumb through some contexts to remove a lot of deprecated errors (#3268)	3 years ago
Jeff Mitchell	929ede1c18	Modify some tests to expose error cases that weren't being exposed (#3302 )	3 years ago
Jeff Mitchell	74e8491f85	Disallow updates on all types of KMS workers (#3295 ) This also slightly changes delete logic and ensures authorized actions match what is allowable.	3 years ago
Todd	5a68d789ec	Initialize base context when creating New worker and not at start (#3294 )	3 years ago
Michael Milton	fbf56793c6	Add snapshot job (#3282 ) * snapshot job * update census to include context, controller to include snapshot registry * no need to export runFn in snapshot	3 years ago
Jim	2b3e50ebdd	fix (listing): return all resources from listing requests (#3278 )	3 years ago
Jim	5029be9999	fix: allow responses larger than the default 4194304 recv msg size (#3276 )	3 years ago
Todd	2d102a61c5	HcpbWorkers no longer must be KMS workers for LookupHcpbWorkers (#3269 )	3 years ago
Louis Ruch	281f217dcc	feat(plugins): Refactor host plugins to boundary plugins (#3262 )	3 years ago
Jim	d4e537c88d	chore: updgrade pgx direct deps to v5 (#3258 )	3 years ago
Jeff Mitchell	3d5bed9ce8	Don't allow managed workers to be deleted (#3254 ) This also adds checks to ensure the tag cannot be added to workers via the API.	3 years ago
Timothy Messier	f64f03ed46	fix(targets): Support authorize session request with target name (#3252 ) For requests to the target authorize session endpoint we support passing a target name instead of an id. This means that `req.GetId()` might not be the target's public id. Since the first thing authorize session does includes retrieving the target as part of the authorization checks, this subtype check can leverage the public id of the target instead of using the request. Fixes: `6178dd516e`	3 years ago
Todd	fb1ea92a30	Pass both the control and data context into handle	3 years ago
Todd	6178dd516e	Let a target subtype validate the authorize session's session state	3 years ago
Jim	21e4827178	fix(Upstream Msg): limit types used in tests	3 years ago
Jim	7dc15f1f39	fix(Upstream Msg): limit types supported in toMsgType(...)	3 years ago
Jim	d49fde2299	feat(cli/session-recordings): add download cmd	3 years ago
Jim	9207ec08f2	feat: add request ctx stream interceptor	3 years ago
Jim	0c465706cc	chore: increment base version to 0.13.0	3 years ago
Jeff Mitchell	18e59998e9	Add storage bucket worker filter handling	3 years ago
Todd	25d50d1077	Add tests for recording collection actions on scopes	3 years ago
Todd	cfe0dc08d9	Add session recording service stuff	3 years ago
Todd	59ae4b5901	Expand the recorder manager interface	3 years ago
Johan Brandhorst-Satzkorn	328b039138	scopes: fix test expectation	3 years ago
Jim	ac67b8d7f5	chore: fix typo in workerUpstreamMessageServiceServer godoc	3 years ago
Louis Ruch	1662445e8e	feat(storage): Wire up storage buckets in session recording	3 years ago
Louis Ruch	8ea61054cd	feat(storage): Add support for Storage Bucket API	3 years ago
Todd	feb87e717e	Add Closed error code and rename recorder cache to manager	3 years ago
Danielle Miu	a4a14fc7fc	merged commit for plugin rework, storage bucket sql and proto, storage bucket secret rewrapping, storage bucket repository	3 years ago
Johan Brandhorst-Satzkorn	ad62df6b36	cluster: pass controller ext to authorize conn Make the controller extension availalbe to the protocol context constructor.	3 years ago
Johan Brandhorst-Satzkorn	5837d6f387	target: add PostSessionAuthorization callback The callback is called for any steps that need to be performed after a successful authorization but before returning to the user.	3 years ago
Johan Brandhorst-Satzkorn	13e1196797	target: add error handling to authorize session Attempt to undo operations if there are failures during session authorization.	3 years ago
Johan Brandhorst-Satzkorn	517fc91ebf	target: return selected worker when authorizing	3 years ago
Johan Brandhorst-Satzkorn	6d219bd5d1	target: add controller extension to service handler The controller extension can be used to access types unavailable in OSS.	3 years ago
Todd	bc48f2d0e0	Add monitor session job proto and controller changes This adds a new Job type that is for generic session state monitoring. Monitoring sessions does not include any information about specific connections.	3 years ago
Jim	4d60f42210	feat(bsr): add bsr kms support in config, dev and tests	3 years ago
Louis Ruch	798a1f952a	feat(storage): Add support for storage plugins	3 years ago
Damian Debkowski	9ef94892f4	test(plugin): Support storage service in loopback plugin	3 years ago
Louis Ruch	351444f1bd	refact(plugin): Move host loopback plugin into internal/plugin/loopback	3 years ago
Todd	4c801cca18	update the recording msg type enums	3 years ago
Todd	e2a681a66a	stop exporting registerUpstreamMessageTypeSpecifier	3 years ago
Todd	dbe3473874	Add CreateChannel enum for upstream message handler	3 years ago
Jim	8cd0e8595f	refact: split UpstreamMessageHandler into two interfaces Originally, UpstreamMessageHandler was used by controllerUpstreamMessageServiceServer.UpstreamMessage to process (aka handle) an upstream message and by SendUpstreamMessage to send an upstream msg. We split UpstreamMessageHandler into two interfaces so we can register handlers independently of a senders.	3 years ago
Jim	3995f2e6ae	feat: add proper audit events for UpstreamMessage The upstream messages all basically looked the same; regardless of which message was sent. This PR adds DetailsUpstreamMessage to audit events emitted by UpstreamMessage requests/response	3 years ago
Jim	c4b31313a6	feat (controller): define a ControllerExtension	3 years ago
Todd	68dc4da50e	Add CloseConnectionRecording enums to the upstream message service	3 years ago
Johan Brandhorst-Satzkorn	7632143861	add session recording API definitions	3 years ago
Jim	f9b45ca5b7	refact: extend registerControllerUpstreamMessageService to reg hdrs Extend registerControllerUpstreamMessageService to register upstream message handlers	3 years ago
Jim	9f01e1b3c1	refact: RegisterUpstreamMessageHandler stop returning dup err Stop returning an error if RegisterUpstreamMessageHandler is called multiple times, since it provides little/no value and creates invalid errors when more than one test controller is started across all the unit tests.	3 years ago
Jim	410bec1e00	feature(worker/controller): register UpstreamMessageServiceServer	3 years ago
Jim	20cf521cc0	feat(bsr): add bsr kms support in config, dev and tests	3 years ago
Jim	a8574621c7	refact(tests): upstream msg tests for node enrollment chg	3 years ago
Louis Ruch	def8e47f32	feat(storage): Add pluginInfo to storageBucket	3 years ago
Louis Ruch	52fbc6410c	feat(storage): Add interface, options and errors	3 years ago
Jim	b9cc441227	feature (handlers): add UpstreamMessageService and its oss impl. Define OSS protos for UpstreamMessageService rpc which defines a way to send an upstream message to a controller (across multi-hops if needed). Implement OSS versions of both workers and controllers for the UpstreamMessageService. The upstream requests/responses are encrypted using the originating worker's NodeCredential's key. The worker always forwards the request upstream. The controller attends to find a registered UpstreamMessageHandler to handle the msg; if none if found, then an Unimplemented status error is returned.	3 years ago
Todd	bd2bca987d	Add the first iteration of the recorder cache and wire it in	3 years ago
Michael Milton	9ae2bdfae6	feat: license util config (#3248 ) * feat: license util config * address comments * introduce census job * add job * fix import groups * remove pointers	3 years ago
Jeff Mitchell	769a7c9e1c	Remove cleanup calls for test controller/worker (#3245 ) A previous commit added a call to t.Cleanup in the NewTestController/NewTestWorker commands; as a result these statements are no longer needed.	3 years ago
Hugo	dba7d88523	fix(handlers/scopes): Whitespace on Name and Description fields (#3235 ) This commit fixes the behaviour of scopes where whitespace was allowed (and thus persisted) in the Name and Description fields. It also adds some more tests for scope Create and Updateto cover more error cases. For scope update, `handlers.ValidateUpdateRequest` exists, however this was not used as it does not work properly for requests where the `global` scope is updated. In `ValidateUpdateRequest`, an ID check is performed and it assumes there's always a resource prefix (eg: "p", "o") and an identifier (random numbers and letters) after the prefix. This fails for `global`. See `handlers.ValidId`.	3 years ago
Jeff Mitchell	e8559d142a	Fix worker auth rotation test (#3243 ) Most of the changes here are changes or enhancements that are useful for tests. The crux of the issue was that I had pulled up one var to the package level so it could be read from tests, but that var was not being reset between tests. It's not even used in tests anymore, so I put it back to function-local.	3 years ago
Jeff Mitchell	d5ad1f078a	Fix test timing (#3241 )	3 years ago
Jeff Mitchell	e0787f4de0	Simplify worker auth rotation timing logic (#3237 ) * Simplify worker auth rotation timing logic * Add some jitter	3 years ago
Jeff Mitchell	6f4f51cc9f	Fix display of next rotation time (#3236 )	3 years ago
Jeff Mitchell	5716a30813	Update nodeenrollment to fix TLS issue; add debug (#3231 ) * Add more logging to worker auth rotation and test flags This makes it much easier to figure out when and why rotation is happening and control it for tests/debugging. * Update auth rotation logic Because we were looking at validity period of client certs, which may not have matched the actual rotation interval, it was possible (mostly in test scenarios) for the rotation to happen multiple times on the roots before we actually hit the worker rotation interval. This changes how the interval is calculated by looking at the difference between not-after values on the certs to understand the rotation interval being used by the controller. We then use that as the starting point for calculating a next-rotation time.	3 years ago
Jeff Mitchell	77fd51fb12	Add more logging to worker auth rotation and test flags This makes it much easier to figure out when and why rotation is happening and control it for tests/debugging. Remove cert skew Cherry-picked from release/0.12.x	3 years ago
Jeff Mitchell	037dc0cf18	Add missing nil check in test	3 years ago
Jeff Mitchell	f9f7ee2cc4	Fix build	3 years ago
Jeff Mitchell	bbe9719e19	Add tracking of worker used for injection (#3204 )	3 years ago
Elim Tsiagbey	a2f8d87bfb	Add support for setting, adding & deleting LDAP account assoicated to a user (#3198 )	3 years ago
Jeff Mitchell	c6d7dc01a0	Exit before filtering if no workers are listed (#3196 ) This is just an early error message to avoid running the filtering function if there are no workers to begin with.	3 years ago
Jim	667ea285be	feature (boundary dev): add support for dev ldap auth method (#3192 )	3 years ago
Jeff Mitchell	e7bf134710	Enhance tcp client port vet logic (#3175 )	3 years ago
Jeff Mitchell	20391e3503	Add default client port to targets and use in connect command (#2767 )	3 years ago
Damian Debkowski	c5b1b7bbc7	fix(handler): return human readable error for json cred w/ empty object (#3109 ) * fix(handler): return human readable error for json cred w/ empty object * fix(handler): sync error messages for create/update json cred * fix(handler): sync error logic for create/update json cred	3 years ago
Jim	a4f54cb98f	refactor (events): QOL fix: turn off events for tests. (#3163 )	3 years ago
Hugo Vieira	45dc8251ec	feat(api): Support plugin host external_name field	3 years ago
Jeff Mitchell	bdf7bf7702	Do not allow PKI-KMS workers to have names updated via API (#3143 ) Do not allow PKI-KMS workers to have names updated via API This would cause their public IDs to change, which we do not want. Descriptions are also disallowed, since those come from the config file. This also adds logic to allow upgrading from old KMS method to new, with a test. Co-authored-by: Irena Rindos <irenarindos@users.noreply.github.com>	3 years ago
Haotian	5b26634b8a	feat(ui): serve controller metadata from ui handler (#3120 ) * adds noop metadata function to OSS UI handler * removes old-style build tags for UI handler files	3 years ago
Jeff Mitchell	163ce184b8	KMS-PKI Workers (#3101 ) This adds a new mechanism for worker authentication that uses the third-party arbitration of the original KMS flow by leveraging recently-added capabilities in nodeenrollment to support a registration wrapper. This allows for workers to be registered to the system with just a name and a matching wrapper, while at the same time allowing these workers to be used for private Vault access and multi-hop as they contain per-worker encryption keys and support rotation. Nodes using this mode will generate and rotate credentials in-memory (using another recently added nodeenrollment capability) so will have a new set of keys on every startup. This has the side effect of ensuring that there is never a conflict or re-use of these credentials. Note that the normal test worker flow was using the now-deprecated KMS method; there is still a test that uses this (explicitly) but all other tests using test workers that did not specify a specific PKI flow now actually use this mechanism. This means there is fairly decent test coverage in a general sense, plus the specific tests updated/added for this feature. This also adds a new KMS type that can be used to have distinct KMSes for upstream authentication vs. accepting from downstream.	3 years ago
Elim Tsiagbey	16f48686a7	Refactor Target Repository (#3092 ) - Refactor the Target domain repository functions so that they no longer return 4 different types. `Target` struct now contains `HostSource` & `CredentialSources` with Getters & Setters - Extending `Target` to contain `HostSource` & `CredentialSources` enables `funcs` to just return `Target` instead of multiple return types. This also allows easy future refactors and extensions of `Target`	3 years ago
Jeff Mitchell	fc664eb35f	Improve grant validation (#3081 ) This adds several relationships into the resource package that are then made use of to improve the grant validation that runs during Parse. By understanding mappings between ID and resource type the validation checks can far better align with actual allowed grant formats so we can find several common misunderstandings before they simply result in an authorization failure. In the future some of these functions could be used in the logic in the actual ACL checks but it's not currently necessary and I don't want to lump that change in with this. Note that the tests have not meaningfully changed, but they _have_ had to be updated because the stricter validation is actually catching issues.	3 years ago
Jeff Mitchell	164e6cf212	Update nodeenrollment to 0.1.19 (#3090 )	3 years ago
Jim	86192f75eb	feature (auth/ldap): add LDAP auth method along with associated accounts and managed groups (#2912 ) * feature (auth): required schema changes for auth ldap method (#2669) chore (auth/ldap): move schema changes to next avail migration number * feature (auth/ldap): define AuthMethod and all its value objects (#2703) * feature (auth/ldap): storage protos * feature (auth/ldap): define AuthMethod and all its value objects * feature (auth/ldap): add repo and reading an auth method (#2718) * feature (auth/ldap): add Repository.CreateAuthMethod(...) and Repository.DeleteAuthMethod(...) (#2724) * feature (auth/ldap): add Repository.UpdateAuthMethod(...) (#2739) * feature (auth/ldap): add Account * feature (auth/ldap): add AuthMethod.EnableGroups * fix (auth/ldap): refactor AuthMethod.oplog to enforce proper constraints * feature (auth/ldap): add Account repo functions * refactor (auth/ldap): remove entry attributes from account Realized the entry attributes could have absolutely anything in them (including binary data) and since we absolutely don't have to have them there's just no reason to take on the risk. * feature (auth/ldap): add AuthMethod.UseTokenGroups * feature (auth/ldap): add Authenticate(...) * refactor (auth/ldap): ensure options take a context as the 1st parameter * feature (auth/ldap): add Account attribute maps * chore (auth/ldap): make fmt deltas * feature (auth/ldap): add managed groups (#2760) * tests (auth/ldap): add missing unit test to Repository.DeleteAccount(...) Add bits to test the delete operation when you're not able to generate oplog metadata * feature (auth/ldap): add managed groups fixup! feature (auth/ldap): add managed groups (#2760) * feature (auth/ldap): service proto definition (#2761) * feature (handlers/authmethods): add handlers for ldap auth method operations (#2794) * feature (auth/ldap): add Account attribute maps * chore (auth/ldap): update cap/ldap to latest version * feature (auth/ldap): add ldap api generation definitions * feature (authmethods): add ldap repo NewService(...) * feature (authmethods/ldap): add proper mask_mapping to protobufs * feature (authmethods): add support to get an ldap auth method * refactor (auth/ldap): export TestGenerateCA(...) * feature (authmethods): add support to create an ldap auth method * feature (authmethods): add support to delete an ldap auth method * feature (authmethods): add support to list ldap auth methods * refactor (auth/ldap): make urls optional for NewAuthMethod(...) * refactor (auth/ldap): export ldap.TestInvalidPem * chore: make fmt changes * fix (auth/ldap): properly handle group search config Add constraints and tests to ensure when an ldap AuthMethod.EnableGroups is true, and UseTokenGroups is false; that there's a GroupDn configured for finding a user's associated groups * feature (authmethods): add support to update an ldap auth methods * chore (db/ldap): tmp mv migrations so there's no conflict with ongoing work * feature (verifier): add ldap auth method to verifier bits * fix (controller): prevent panic when controller stops when there's no listener * feature (authmethods): add support to authenticate via ldap auth methods * chore (migrations): fix whitespace in stmt * chore: fmt fixup * tests (auth/ldap): invalid err msg * feature (cli/authmethods): add support for ldap auth-methods CRUD and authenticate (#2810) * feature (authmethods): add CLI support for ldap auth methods CRUD * tests (api/auth): ldap auth method classification tests * feature (authmethods): add CLI support for ldap auth authenticate * feature (auth/ldap): set request timeouts for ldap server connections * feature (handlers/authmethods): handle u_anon listing properly. * feature (account/handers): ldap account and managed group CRUDL APIs (#2852) * feature (auth/ldap) add repository Listing of ManagedGroupMemberAccount * feature (controller/handlers): add ldapRepoFn to accounts service * feature (auth/ldap) register ldap managed group subtype * feature (account/handlers): ldap account CRUDL APIs * feature (controller/handlers): add ldapRepo to managed groups service * feature (account/handlers): ldap managed group CRUDL APIs * docs (domain): add LDAP accounts, auth-methods and managed groups (#2857) * feature (ldap/cli) add ldap accounts and managed groups CRUDL commands (#2856) * fix (handlers/authmethods): fix ldap authorized actions (#2892) * feature (cli/ldap/authenticate): use primary auth method if none is provided (#2890) * fix (auth/ldap): support setting the state attribute * feature (cli/ldap/authenticate): use primary auth method if none is provided * feature (wh/ldap) add tests for new ldap auth method and accounts (#2919) * refactor (migrations/ldap): mv to correct directory * chore: add copyright headers * fix (api/authmethods/ldap): renumber new LdapAuthMethodAttributes field * fix (auth/ldap): allow the auth method state to be updated (#2951) * chore: update sdk and api versions for llb - this is tmp until merging * tests (managed groups): add required errContains for new test	3 years ago
Jeff Mitchell	b76b24a4ad	Move prefixes for many packages into the globals package (#3069 ) This is a prerequisite for some enhancements to grant validation	3 years ago
Todd	6adc0c86b5	Rename downstream router to receiver (#3068 ) This was done previously but these were missed.	3 years ago
Irena Rindos	1821cb4631	Use tofu token from controller (#3064 ) * initial commit	3 years ago
Jeff Mitchell	b2bab45c13	Port over changes (#3061 ) (#3062 )	3 years ago
Johan Brandhorst-Satzkorn	18eed58ec5	fix(targets): Use correct error string in enterprise (#2984 ) In enterprise the error is different, so we need a different test error string to compare against. Create a variable that can be overwritten in the enterprise repo.	3 years ago
Johan Brandhorst-Satzkorn	8a0ee97f3b	fix(targets): Readd WorkerFilterDeprecationMessage (#2982 ) This variable is updated in the enterprise repo and needs to stay.	3 years ago
Johan Brandhorst-Satzkorn	ac3543bdfb	fix(targets): Use correct field name in deprecation warning (#2978 )	3 years ago
Todd	fe5b554370	AuthorizedDownstreamWorkers now separated from AuthorizedWorkers to maintain API compatibility (#2957 ) * AuthorizedDownstreamWorkers now separated from AuthorizedWorkers to maintain API compatibility	3 years ago
Todd	3461caee41	fix downstream manager test (#2950 )	3 years ago
Johan Brandhorst-Satzkorn	cf412b95a2	fix: Support streaming HTTP responses (#2956 ) * all: Upgrade listenerutil dependency The new listenerutil implements http.Flusher, which is necessary for streaming responses from the grpc-gateway to work. * daemon/controller: Remove newline delimiter in streaming responses The default gRPC-Gateway HTTPBody marshaler uses newlines as a delimiter. This introduces newlines in our streamed responses. Wrapping the default marshaler lets us define a nil delimiter, which ensures our streaming responses are unaffected by the server side chunking.	3 years ago
Todd	1e89be1b1a	Downstream worker connections are tracked by worker id (#2949 ) When possible downstream workers will include their worker id information in the connections they establish with the upstream using the nodeenrollment library. The tracking listener now tracks connections that are connected in this same way instead of just connections of type *tls.Conn.	3 years ago
Eng Zer Jun	6403b0f389	test: use `t.TempDir` to create temporary test directory (#2922 ) This commit replaces `os.MkdirTemp` with `t.TempDir` in tests. The directory created by `t.TempDir` is automatically removed when the test and all its subtests [complete. Prior to this commit, temporary directory created using `os.MkdirTemp` needs to be removed manually by calling `os.RemoveAll`, which is omitted in some tests. The error handling boilerplate e.g. defer func() { if err := os.RemoveAll(dir); err != nil { t.Fatal(err) } } is also tedious, but `t.TempDir` handles this for us nicely. Reference: https://pkg.go.dev/testing#T.TempDir Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>	3 years ago
Damian Debkowski	cabe362534	fix(handler): return targetId as hostId for cli edge case support (#2920 )	3 years ago
Jeff Mitchell	1e9057d8a3	Update KMS references	3 years ago
Damian Debkowski	84b410974b	fix(handlers): return error when updating json cred w/ empty obj (#2903 ) * fix(handlers): return error when updating json cred w/ empty obj * chore(handlers): split cond stmt & refactor func name	3 years ago
Timothy Messier	e25b0e7888	fix(credentiallibraries): Fallback logic to support 0.11.x cli (#2910 )	3 years ago
Johan Brandhorst-Satzkorn	3c29308673	chore: Add license headers to all files	3 years ago
Timothy Messier	718e183a1e	fix(credentiallibraries): Correctly populate attrs for vault-generic (#2901 )	3 years ago
Irena Rindos	4114b41527	Filter managed workers from egress workers when the host address is unsafe (#2899 )	3 years ago
Hugo	e455e31f9e	fix(target): Incorrectly allowing whitespace on Target's address field (#2862 )	3 years ago
Timothy Messier	12a53bbfa9	feat(target): Allow vault ssh cert library as credential source This allows the new vault ssh certificate credential library to be used as an injected application credential source.	3 years ago
Timothy Messier	1aaaf4af1d	feat(controller): Translate ssh certificate credentials for worker	3 years ago
Haotian	43f0ba89cf	feat(credentiallibraries): support vault ssh certificates	3 years ago
Todd	d8aea569c5	Only return live workers in ListHcpbWorkersResponse (#2876 )	3 years ago
Irena Rindos	a030c15403	Support HCPBInt in hcpb_cluster_id field (#2880 ) * initial commit	3 years ago
Johan Brandhorst-Satzkorn	55259029f1	Add job run cleaner (#2866 ) * chore: remove duplicate import * feat: Add job run cleaner The new job cleans job runs older than a configured interval. Configure the job to clean jobs older than 1 minute.	3 years ago
Irena Rindos	ed9f2b2730	bug(workers): Check initial upstreams for an HCBP environment (#2869 )	3 years ago
Jeff Mitchell	19180af0eb	Fix target port handling (#2846 ) * Fix target port handling This fixes two issues that compounded on each other (see the Changelog update for more information): * The verification logic for hosts was not correct for update operations (in multiple ways) which meant that a host could be updated after creation to have a port. Targets had a previously fixed bug where they did not require a default port, which meant that ports could be used from hosts * A recent (unreleased) change had prioritized any port coming from the host over the default port, which would mean there was no way if a host had a port specified to use it in multiple targets. This fixes the update verification logic, and strikes a middle ground between breaking things and not by allowing existing addresses with ports to be used with targets but ignoring that port, instead requiring targets to have default port set at authorize time (currently there is backwards compat that does not require this due to the original optional port bug). * Update CHANGELOG.md Co-authored-by: Johan Brandhorst-Satzkorn <johan.brandhorst@gmail.com>	3 years ago
Irena Rindos	00a73f64d9	bug(sessions): Fix authorizeSession race conditions in handleProxy (#2795 ) * initial commit	3 years ago
Todd	d66b92abe0	Add directly connected downstream workers to the worker resource api (#2831 )	3 years ago
Todd	87b09d5e27	Rename router to receiver for secondary connections (#2816 )	3 years ago
Todd	b359561e51	Filter WorkerList by feature and go from version string to version.Info (#2807 )	3 years ago
Jim	e64163ad1d	fix (controller): prevent panic when controller stops when there's no listener (#2793 )	3 years ago
Todd	bc409bc7d4	Graceful shutdown blocks on running proxy handler connections (#2789 )	3 years ago
Todd	38b74ce897	Provide a worker decryption function to proxy handlers (#2784 )	3 years ago
Todd	0b87acb896	Always call PostConnectionHook in dialer and fix Dial bug (#2783 )	3 years ago
Irena Rindos	bb281e494f	Fix status NPE if worker has been sitting waiting for registration (#2781 )	3 years ago
Irena Rindos	5d5dc7524c	update dial function doc to include options (#2776 )	3 years ago
Irena Rindos	d3d1fa0b55	initial commit (#2768 )	3 years ago
Irena Rindos	beb97ac9f2	SSH Proxy support (#2736 ) * initial commit	3 years ago
Hugo	1fb960575f	Merge pull request #2613 from hashicorp/llb-target-address Assign a Network Address to a Target	3 years ago
Irena Rindos	a403b3904c	initial commit (#2735 )	3 years ago
Hugo Vieira	f85da3ee2b	feat(cmd): Create target using address on boundary dev / database init Creates a target using an address for boundary dev and when first init-ing boundary (boundary database init). It also makes this newly created target the default one (ttcp_1234567890). The target using host sources is now a secondary target (ttcp_0987654321).	3 years ago
Damian Debkowski	1d3930a711	feat(handlers): Support address field on a Target	3 years ago
Johan Brandhorst-Satzkorn	61c90c5623	Add grant parsing fuzz test (#2534 ) * testing(perms): Add Parse fuzz test I ran this for a few minutes and it didn't discover anything catastrophic. * Add roundtrip tests * Fix invalid unicode parsing, empty output fields * Do the unicode conversion once on input * Remove incorrect fix for empty output fields * Allow empty output_fields This is the same behavior as output_fields=, * Add tests back, make JSON behaviour consistent * Rework the output fields mechanism to fix some bugs such as properly handling no fields * Change signature of Fields Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	3 years ago
Irena Rindos	9135cc7668	In absence of ingress filter, use directly connected worker (#2757 ) * directly connected ingress filtering	3 years ago
Irena Rindos	24bbf57a19	AuthorizeConnection with filters (#2734 ) * AuthorizeConnection with filters	3 years ago
Irena Rindos	7db9fc59ce	Expose State() *structpb.Struct interface through the metric connection trackers	3 years ago
Irena Rindos	5c73e43912	revert 2712 (#2713 )	3 years ago
Irena Rindos	a135127524	Move dialingListener setAddresses	3 years ago
Irena Rindos	173e1587d0	Append initial worker upstreams if current upstreams are unresponsive (#2698 ) * Append initial worker upstreams if current upstreams are unresponsive	3 years ago
Todd	7a6983c463	Fix wrapped reverse grpc listener (#2702 )	3 years ago
Haotian	340cfb0d88	refactor(metric): adds filter function to collector init method (#2695 )	3 years ago
Todd	a0600138fa	Fix wrapped reverse grpc listener (#2687 )	3 years ago
Todd	b6c0ccc1e8	Refactor proxy handler to separate connection and protocol handling (#2678 )	3 years ago
Haotian	fbd0a8272b	feat(metric): adds accepted/closed connections counters to worker and controller servers (#2668 ) * adds counters and changelog entry	3 years ago
Irena Rindos	5b162a4433	add worker version to network graph (#2672 ) * add worker version to network graph	3 years ago
Danielle	5f8d292ea1	Inject Custom Response Headers By Status (#2587 ) * add custom ResponseWriter struct to inject custom response headers based on status code * docs * upgrade listenerutil * fix config tests * replace all instances of "data:" with "data:" to reflect changes to listenerutil swapping strings.HasPrefix in favor of mux.Handler for ui request matching * set ui path as const * add custom response headers to changelog	3 years ago
Irena Rindos	834a2a88f7	feat(targets): Addition of egress and ingress worker filters (#2654 ) * feat(targets): Addition of egress and ingress worker filters	3 years ago
Haotian	2b84013379	Revert " feat(metric): adds accepted/closed connections counters for controller and worker cluster connections (#2656 )" for failing a build test (#2660 ) This reverts commit `80f72b8511`.	3 years ago
Haotian	80f72b8511	feat(metric): adds accepted/closed connections counters for controller and worker cluster connections (#2656 ) same contents as PR https://github.com/hashicorp/boundary/pull/2593 but this time actually push to main	3 years ago
Johan Brandhorst-Satzkorn	8908dccf6d	Forward port some release fixes (#2631 ) * fix(worker): Verify contents of loaded session (#2629) * fix(worker): Verify contents of loaded session Previously, it was possible for an empty private key to be used when the session had no user or project associated with it. The new checks guarantee that we will fail gracefully in these cases. * Check against len instead of nil * Add CHANGELOG * fix(session): Always invoke all parts of session cancel trigger The session cancelation trigger would not set the key_id to null appropriately if another one of the fields on the session was already null, since that case statement would be matched first. The new structure matches all statements, in case any of them have special logic (such as in the project case).	3 years ago
Irena Rindos	70e20b5cf5	revert merge llb-multihop-sessions (#2628 )	3 years ago
Johan Brandhorst-Satzkorn	edd323b73a	Key Rotation/Destruction (#2477 ) (#2607 ) * Key Rotation/Destruction (#2477) * fix: Correct kms.CreateKeys comment This method does not return anything. * feat(kms): Add new ListKeys method The new ListKeys method wraps the underlying KMS wrapper, returning all the keys in the scope specified. * feat(scopes): Add new scope actions for key management Adds list-keys, rotate-keys and revoke-keys actions for scopes. * feat(scopes): Add ListKeys API endpoint This new endpoint lists all keys in a scope * feat(api): Add ListKeys to Scopes client This has to be a custom function because it is a custom action and doesn't map well to any of the existing templates, or generalises well in a way that would make it reasonable to create a new template. * feat(cli): Add new scopes list-keys command * add RotateKeys function to the kms repository * Add Rotate Keys Endpoint to Scopes Api (#2360) * add rotate keys endpoint * add tests for RotateKeys endpoint * remove that one comment I forgot about * addressing more PR comments * Add Rotate Keys CLI Command (#2395) * add cli command and client * add bats tests * fix some info text and pr comments * write a new rotate keys description * Add Missing DEK Foreign Keys (#2408) * add missing fks * mark key as nullable in gorm * update tests to use a new wrapper with a real key_id * fix formatting in test and add keys for auth_token test * replace key values * revert postgres_40_01_test.go * style: reformat sql for readability * refactor: change type of key_id columns to kms_private_id * Store key_id and scope_id with oplog entries, re-type columns referencing data key version (#2431) * fix(db): Correct types of data key version referencers * fix(oplog): Fix missing error handling * feat(oplog): Store key_id and scope_id with oplog entries This migration truncates all existing oplog entries, as migrating existing data would have been complex and likely unnecessary. * Update view references * Always delete oplog entries when dropping keys * Fix rebase issues * Fix sql tests * Add schema for new kms destruction jobs (#2479) * feat: Add schema for new kms destruction jobs The schema lets us manage destruction jobs per-table while providing a guarantee that only one run is running at a time. * Apply suggestions from code review Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * Fix table reference and tests Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * update domain, api, and cli to all include key versions in outputs (#2472) * update domain, api, and cli to all include key versions in outputs * fix go sum * add migration to fix immutable error * fix final test issue as well as make gen issue * rebase and fix * address johan pr comments * make gen, didn't realize comments were included * update migrations based on new migration 55 file 03 * Move migrations to 56 * feat: Add key version rewrapping function registry (#2478) The new RegisterTableRewrapFn can be used by a domain to register a callback to use when rewrapping data in a specific table name. * feat(kms): Add scopeId to RewrapFn (#2539) This makes it much easier for rewrap functions to look up the correct wrapper and limit the number of rows searched. * Update Root Cert Proto Definition (#2542) * update root cert proto definition to properly identify public_key as the table primary key * add the test fix as well * Rewrap Functions for Encrypted Tables (#2532) * add oidc rewrap * add argon2 config rewrap * add auth token rewrapping * add worker auth cert rewrapping * check the err * add username password credential rewrapping * add ssh private key credential rewrapping * add vault client certificate rewrap function * add host catalog secret rewrap function * cleanup a little * add host vault token rewrap function * add session credential rewrap function * add session rewrap function * add worker auth rewrap function * update test to include full assert gamut * add session rewrap function TEST * bring all tests up to current standards, make more readable, and include full assert gamut * rework all rewrap functions to utilize scope id * update comments, queries, sql refs, etc, in response to PR comments * forgot a comment * remove hmac updates and fix a couple comments again * Rewrapping Registered Tables Test (#2555) * add the registered table test as well as the two missing rewrap functions * address pr comments, add db r/w conversions, cmp.diff, sql comment, remove (now) faulty immutable test * Add ability to list key version destruction jobs, recurring jobs and destroying key versions (#2498) * feat(kms): Add ability to list data key version destruction jobs * feat(scopes): Add ListKeyVersionDestructionJobs * feat(cli): Add list-key-version-destruction-jobs * feat(kms): Add recurring job that performs table rewrapping The new recurring job runs for each job table with a registered rewrapping callback. It attempts to become the running run and start its rewrapping, gracefully handling sudden interruptions by resuming it's work if it finds evidence of sudden interruption. * feat(kms): Add recurring job for destroying key versions The new job monitors the database for data key version destruction jobs that have finished rewrapping all its data, performing the final data key version revocation. * feat(kms): Add DestroyKeyVersion DestroyKeyVersion immediately destroys a key version if it is a root key version or a data key version which encrypts no data. If the data key version encrypts data which needs to be rewrapped, it queues an asynchronous job to complete the rewrapping operation. * feat(scopes): Add DestroyKeyVersion API endpoint * feat(cli): Add scopes destroy-key-version CLI command * Ensure all secret updates include key ID (#2556) * feat(all): Ensure all secret updates include key ID When updating a secret, it is paramount that the key ID is also updated, as it is the only means we have of ensuring that we only destroy keys once there is no more data associated with the key. * Remove fix to session repository for now This breaks the current private key derivation method * add new encrypt/decrypt funcs and made necessary proto changes (#2557) * add new encrypt/decrypt funcs and made necessary proto changes * address all PR comments * fix test panic * add param checking to rewraps * fix(schema): Correctly organize migrations again * Review comments part 1 * Review comments part 2 * Review comments part 3 * Store cert private key, encrypt tofu token (#2583) * fix(session): store cert private key, encrypt tofu token Previously, we would derive a session certificate private key from the session key used in each project, and not store the key. We would also encrypt the tofu token with the database key but not store a reference to this key in the database. This change fixes this by replacing our key derivation with a key generation step, and instead store the generated key, encrypted, in the database. We also ensure that any new tofu tokens are encrypted with the same key. To handle existing sessions, we lazily rewrite the sessions whenever a user lists them. There is a minor risk that a user could end up destroying the database key that encrypts the tofu token before that session has been rewrapped, but this is going to be rare and temporary. * feat(session): Allow the random source for secrets to be configured * Review comments * Minor fixes * More minor fixes * More small fixes Co-authored-by: Danielle Miu <dani.miu@hashicorp.com> Co-authored-by: Danielle <29378233+DanielleMiu@users.noreply.github.com> Co-authored-by: Michael Gaffney <mike@gaffney.cc> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * fix(session): Unset session key ID when scope is deleted Unsetting the key ID allows the session to live beyond the lifetime of the scope, while allowing the scope to cascade delete its keys. * fix(migrations): Rewrite migration 56 tests These tests can no longer use the normal test helpers as they try to use the new oplog table structure, so we have to manually write all the interactions. * fix(migrations): Rename migration 58 file name This was the name used in the release branch, update it to the new migration number. * fix(e2e): Add some comments and debug to kms tests * fix(session): Handle empty project and user IDs in read When a project or user is deleted, the session is automatically canceled and the respective field on the session is unset. LookupSession did not handle this case gracefully, and would error on decryption in this state. Skip decrypting sessions that do not have either a user or project to avoid this error. The decrypted values are not used for a canceled session. * Fix worker test * Increase test timeout Co-authored-by: Danielle Miu <dani.miu@hashicorp.com> Co-authored-by: Danielle <29378233+DanielleMiu@users.noreply.github.com> Co-authored-by: Michael Gaffney <mike@gaffney.cc> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	3 years ago
Irena Rindos	781b03d080	dataplane management (#2624 )	3 years ago
Irena Rindos	011a7cf640	Dataplane routing (#2623 ) * addition of dataplane routing	3 years ago
Todd	426e6aaa79	Check that the returned resources before referencing them (#2612 )	3 years ago
Jeff Mitchell	0c96c6ff6c	Split grace period into multiple config values (#2578 ) (#2603 ) Co-authored-by: Todd <github@quaddi.com>	3 years ago
Todd	2a4ce02de6	Disconnect PKI workers from upstreams when they are no longer authorized (#2515 )	4 years ago
Irena Rindos	b26814a3cc	move user variables into globals (#2580 ) * move user variables into globals	4 years ago
Irena Rindos	946dab487e	enable recovery user to list targets and sessions (#2576 ) * enable recovery user to list targets and sessions	4 years ago
Jeff Mitchell	cede1aec93	Add initial templating support to Vault credential libraries (#2569 ) (#2575 ) Add initial templating support to Vault credential libraries This adds support for templating various account and user values into Vault dynamic credential library POST bodies and GET/POST paths. It also unifies how parameters are used in grants, with backwards compatibility.	4 years ago
Hugo Vieira	d206635d74	fix(connection): Make bytes up and down a signed 64-bit integer This fixes a theoretical issue with database interaction. Because the fields in the database are signed 64-bit integers, it's theoretically possible to overflow them if we're using unsigned 64-bit integers in the application code.	4 years ago
Hugo Vieira	c81398cbf3	feat(worker): Report bytes up and down on Status updates With this commit, the Worker now sends BytesUp and BytesDown for each of the connections it handles to the Controller in the Status request. The Controller then persists these fields to the database. There is also a new trigger to prevent bytes_up and bytes_down to change after a connection has been closed, as the last update to a session_connection row should be the one that is performed as part of the connection closure process.	4 years ago
Hugo	f023f05c11	feat(worker): Report bytes up/down on Worker connection closure Introduces data about bytes read and written to the connection close payload. No changes are required in the Controller because the RPC messages already contained the required fields. As of this commit, bytes_up and bytes_down columns in the session_connection table are now populated when a connection closes. Refs: #2509	4 years ago
Hugo	1bb80624b8	feat(worker): net.Conn implementation to count Bytes Read and Written This commit introduces a new net.Conn implementation (countingConn) that will keep track of bytes read and written for a particular client connection. This is then implemented into the worker code using interface composition. Refs: #2501	4 years ago
Jeff Mitchell	b86430c2af	Add some common account bits and change over some getOpts -> GetOpts funcs (#2565 ) (#2566 ) This is a precursor to another upcoming PR that will make use of these changes, but it makes that PR more manageable.	4 years ago
Johan Brandhorst-Satzkorn	f57454b6b9	Rewrite interface{} to any (#2535 ) * chore: Rewrite interface{} to any * Add ignore revs	4 years ago
Irena Rindos	2ab6ca6a84	Remove unrelated error from error message (#2558 )	4 years ago
Todd	73f7004c74	Add RLocks for all read access to s.connInfoMaps in a session (#2553 ) * Add RLocks for all read access to s.connInfoMaps in a session	4 years ago
Jeff Mitchell	37273d7a9c	Fix two items: (#2544 ) * Randomize order of worker output. This uses the standard rand.Shuffle() call; cribbed from https://pkg.go.dev/math/rand#example-Shuffle * Have some error/eventing in the worker status path use the base context instead of the status-call-specific context to allow eventing after a timeout event	4 years ago
Haotian	3be8b6efed	refactor(metric): move common metrics functions out of 'internal' directory (#2536 )	4 years ago
Todd	412e7a2418	Add interfaces and error codes for processing downstream router connections (#2511 ) * Add interfaces and error codes for processing downstream router connections	4 years ago
Louis Ruch	f23a28cf01	chore: Add white space (#2516 )	4 years ago
Todd	2f68c604c5	Add test helper for creating a multihop worker setup (#2513 ) * Add test helper for creating a multihop worker setup.	4 years ago
Irena Rindos	4493dfd527	use prior and current worker auth keys (#2495 ) * use prior and current worker auth keys	4 years ago
Jeff Mitchell	74a007bfdd	Adapt to new nodeenrollment X25519KeyProducer interface (#2491 )	4 years ago
Louis Ruch	b7684a857a	feat(ssh): Use HostId as HostKeyAlias for connect ssh helper (#2490 )	4 years ago
Todd	d270513b5a	Add error printing when cluster listeners and their consumers error. (#2488 )	4 years ago
Irena Rindos	bd4f5f3801	update worker auth rotate (#2484 )	4 years ago
Todd	06fd086004	Add health endpoint for worker (#2442 ) * Return worker process information in the health endpoint. Experimental: The worker_info and returned worker_process_info fields are experimental and can change or be removed without notice. When a user passes in "worker_info=1" or "worker_info=true" and a worker is running the returned json will be returned with a key named "worker_process_info" which value is a json object with information about the worker process.	4 years ago
Irena Rindos	d951e1ebc1	Worker graceful shutdown (#2455 ) * add graceful shutdown to worker	4 years ago
Damian Debkowski	546c5dc5be	feat: static json credentials (#2423 )	4 years ago
Irena Rindos	821d8317dc	address op state review feedback (#2453 ) * address op state review feedback	4 years ago
Jeff Mitchell	53b5e532d5	Remove deprecated methods/fields on targets (#2393 )	4 years ago
Jeff Mitchell	37fb9815ce	Add session endpoint test for #2448 (#2450 )	4 years ago
Louis Ruch	50490d71ae	chore(targets): Improve help and errors around ssh targets (#2445 )	4 years ago
Louis Ruch	5812a42ba3	feat(scheduler): set intervals from config (#2443 )	4 years ago
Irena Rindos	fc0ead73e6	feat(workers): worker operational state (#2427 ) * feat(workers): worker operational state	4 years ago
Hugo Vieira	8ab9ffbcac	refact(cmd): Encapsulate some functionality on Command and Server This commit extracts 3 separate pieces of functionality into their own function/method: - Extracts the database opening with the intention to have a function that performs all that functionality but returns the created database object rather than setting it to the Server structure. - Extracts database validation logic, to provide a common code path for upcoming functionality. - Expose schema manager on the Command struct as well as providing common functions to acquire shared lock/close.	4 years ago
Timothy Messier	047a66e87d	fix(worker): Improper reload when running as controller and worker (#2438 ) In cases where the server was started with both a controller and worker stanza, the reload of the config was not properly setting the initial upstream value on the new config. In this case the value is derived from other config values and not necessarily set directly. This now properly initializes the new config so that initial upstream is set in the same manner as the first load. Blame: `5d0cdf680f`	4 years ago
Irena Rindos	18dff62b7b	Merge BYOW GA branch to main (#2398 ) * feat(workers): Add ability to read and reinitialize cert authority (#2312) * feat(workers): Return Release Version on worker list and read (#2377) * feat(cli): Read and reinitialize worker certificate authority (#2387)	4 years ago
Hugo Vieira	bf1486f75e	refact(target): Add context to RepositoryFactory constructor `errors.New` requires a context, so I've made that available from the Controller, and updated all `NewDeprecated` functions to `New` while I was at it	4 years ago
Hugo Vieira	bf263fbd7d	perf(target): Use new Permissions object to determine resource access Using the new Permissions object, we can build a list of the level of access a user should have based on the grants they've been given, meaining we don't need to fetch all resources from the database to then remove the ones the user shouldn't be able to see. This commit also removes some unused options in `ListTargets` for the sake of simplicity.	4 years ago
Hugo Vieira	63196ee4ca	feat(target): Implement new WithPermissions option Also changes the Target RepositoryFactory to allow for passing options at construction time.	4 years ago
Hugo Vieira	224f8d2d4e	refact(controller): Move Target Repository Factory to the target package	4 years ago
Timothy Messier	eb61ac6304	refact(session): Add context to session factory This adds a context to the session.RepositoryFactory, allowing errors.NewDeprecated to be replaced with errors.New. It also removes the common.SessionRepoFactory, instead packages just directly import from the session package.	4 years ago
Timothy Messier	febf0b9984	refact(controller): Use session repo factory that takes options	4 years ago
Timothy Messier	68568828e6	perf(sessions): Use session repository with permissions This builds on previous performance improvements to the list behavior by reducing the number of queries against the database and the amount of data transfered in order to retrieve a list of sessions. Previously, a query was performed to retrieve a tuple of `(session_id, scope_id, user_id)` for the requested scope, including all child scopes if the request was recursive. These tuples were evaluated against the requesting user's grants to identify the sessions that they were authorized to list. In the case of clusters with a large number of sessions, this would result in a large amount of data needing to be transfered for sessions that would not be used. Then a second query would be used to retrieve the full session information for the session ids that were authorized. This changes the list behavior to evaluate a set of permissions from the requesting user's grants, use these permissions when constructing a session repository, and retrieve the list of sessions the user is authorized to list in a signle query. Ref: `d741034829` `32070678dc`	4 years ago
Timothy Messier	e4bb847ad1	feat(auth): Expose ACL from VerifyResults	4 years ago
Timothy Messier	39fedd843c	test(targets): Remove auth.DisabledAuthTestContext from tests Disabling the auth was resulting in some unrealistic tests setup and expectations. It also makes it difficult to refactor any behavior in the authn/authz flow since this option can bypass most of it.	4 years ago
Timothy Messier	02cef3d8a8	test(sessions): Remove auth.DisabledAuthTestContext from tests Disabling the auth was resulting in some unrealistic tests setup and expectations. It also makes it difficult to refactor any behavior in the authn/authz flow since this option can bypass most of it.	4 years ago
Hugo Vieira	ccb17df01a	feat(auth): Get all authorised scope info for a given list request	4 years ago
Haotian	5c715478e4	feat(workers): Add metrics for worker server-side grpc connections, refactor repeated code into common location (#2367 ) * feat(workers): added latencies histogram for server side multihop workers * refactor(daemon): combine common grpc metric functions into daemon/internal/metric Co-authored-by: Todd <github@quaddi.com>	4 years ago
Louis Ruch	d7c4c648ec	bug(vault): Correctly handle credential stores with expired tokens (#2399 ) * bug(vault): Correctly handle credential stores with expired tokens Boundary makes use of a database view to perform CRUD operations on Vault credential stores and libraries. This view did not include credential stores with tokens that have expired in Vault, causing errors when attempting to perform any action against them.	4 years ago
Jeff Mitchell	01fb949d0b	Add controller-led worker auth flow (#2413 ) This adds an action to the API that allows pulling out an activation token that can be given to a worker in its config (directly or via env or file). The worker can pass this along with its normal request in place of its normal nonce and the server will automatically accept it. Co-authored-by: Irena Rindos <irenarindos@users.noreply.github.com>	4 years ago
Timothy Messier	5d0cdf680f	feat(worker): Support reloading of initial upstreams on SIGHUP (#2417 ) On a SIGHUP, if the worker's `initial_upstreams` config option has changed, it will use the new values as the address to send its status. Any previously discovered upstream addresses from previous status requests are dropped. Once a successful status request is made to the new addresses, the worker will resume its normal behavior of using the addresses from the response to the status request. This allows a worker to be deployed in a more stable way in a dynamic environment where controller IPs could change. In particular this helps with a case where all controllers are replaced with new controllers running on new IPs. To illustrate with an example, suppose there is an instance group of controllers instances. And there are worker instances that have their config rendered from consul-template that sets `initial_upstreams` to the IPs of the controller instances. If all controller instances are restarted or replaced at the same time and assigned new IPs, a new config will be rendered for the worker. Previously the only way for the worker to use the new value would be for the worker process to be restarted. Otherwise the worker would only know about the previous IPs and would fail to connect to the new controllers. However, a restart would mean any active sessions and session connections on the worker instance would be terminated. With this update, consul-template can send a SIGHUP to the worker, the worker will connect to the new controllers and resume normal status reporting, allowing the sessions and session connections to remain. The same principles would apply for other examples of dynamic environments such as nomad and kubernetes. See: https://github.com/hashicorp/consul-template https://www.nomadproject.io/docs/job-specification/template	4 years ago
Irena Rindos	db21ead31c	Vault proxy supporting code (#2415 ) * Vault proxy supporting methods	4 years ago
Jeff Mitchell	9b271d7dd8	Fix error about unimplemented HcpbWorkers call (#2361 ) Although there is a compile time check on the type, it will always succeed due to the Unimplemented embedding requirement. As a result, this PR also changes Unimplemented calls to Unsafe calls, which were added later "for those that prefer their code to break"; the comments on these state: // UnsafeXServiceServer may be embedded to opt out of forward compatibility for this service. // Use of this interface is not recommended, as added methods to XServiceServer will // result in compilation errors. See https://github.com/grpc/grpc-go/issues/4500#issuecomment-852597871 for some more context. I think we're fine with compilation errors though; we own both the server and client side of things and generally are going to add new methods only when we intend to also add them on the client side. Notably, what the comment does not indicate is that it will break at runtime; already it should return a suitable (404 or 405) error if the client requests a method that does not exist.	4 years ago
Irena Rindos	b4b95e0f0e	refactor(vault): add context and remove deprecated errors (#2396 ) * refact(vault): add context and remove deprecated errors	4 years ago
Johan Brandhorst-Satzkorn	aef9073fa6	Upgrade to Go 1.19 (#2347 )	4 years ago
Johan Brandhorst-Satzkorn	ac591d8283	fix(managed_groups): Fix validation function panic (#2390 ) The logic would panic if no attributes were specified. Ensure that attributes are non-nil before checking any sub fields.	4 years ago
Renato Costa	ec3d2ef360	Fix incorrect use of loop variable in parallel tests (#2389 ) This fixes occurences of a loop variable being captured in parallel tests. With the previous code, only the last test case is actually exercised. To work around this problem, we create a local copy of the range variable before the parallel test, as suggested in the documentation for the `testing` package: https://pkg.go.dev/testing#hdr-Subtests_and_Sub_benchmarks Issues were found automatically using the `loopvarcapture` linter.	4 years ago
Irena Rindos	dde0c35f23	Update request data in session manager (#2369 ) * bug(session): Update request data in session manager	4 years ago
Damian Debkowski	27e9f775be	feat: add initial migration hook	4 years ago
Jim	2818bb65cd	feature (downstreams): Add hooks for optional downstream workers/router (#2359 ) This includes the required interfaces, factories, error codes, etc	4 years ago
Jim	7aa7deafa3	chore: update go-dbw dependencies (#2298 ) * chore: update go-dbw dependencies This update included an update of the upstream gorm dependency. In the latest update, gorm appears to have become more sensitive when a slice is passed into operations. The ptr to slice must now be a ptr to slice of ptrs. This change required an update to how boundary handles slices of PrincipalRole, which now must return a ptr to PrincipalRole. There were also some tests that needed to be updated because of this change. * fixup! chore: update go-dbw dependencies	4 years ago
Jeff Mitchell	7df1331e93	Update configutil/pluginutil deps (#2346 ) Fixes #2343	4 years ago
Louis Ruch	7fafadd70b	db: Add credential_sha256 to session_credentials (#2339 ) * db: Add credential_sha256 to session_credentials	4 years ago
Jeff Mitchell	02dd28f587	Add support for SSH private key passphrases (#2331 ) This adds support for encrypted SSH keys via passphrase. Co-authored-by: Louis Ruch <louisruch@gmail.com> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	4 years ago
Jeff Mitchell	07bca9dd66	Ensure initial upstreams is empty before hcpb worker listing (#2334 ) The intention of the code was to have one-hop-away workers list KMS workers to get initial upstreams, and have other workers continue using what was in their config file. However, nothing stops people from having initial_upstreams but _also_ adding a cluster ID in their config file, in which case we'd always run this check and replace the config-set initial upstreams. So, ensure the config-set initial upstreams is also len zero.	4 years ago
Jeff Mitchell	090b2b28f8	Clean up some dev config kms code (#2321 ) * Clean up some dev config kms code Although it didn't matter in the combined state, the KMS for auth storage was not actually being set properly if only a worker was being instantiated.	4 years ago
Jeff Mitchell	8800ec9c94	Reorganize logic to allow a poison pill (#2317 )	4 years ago
Jeff Mitchell	4bd249d347	Fix some missing net.JoinHostPort calls (#2305 )	4 years ago
Damian Debkowski	c25b9285c0	fix(test) uncomment ro tests for cred update (#2301 )	4 years ago
Todd	1aad2627c8	OSS side of second downstream connections (see enterprise PR 69) (#2292 )	4 years ago
Jeff Mitchell	67d789cb6d	When allowed_origins is "*" use that in response (#2289 )	4 years ago
irenarindos	4908aba546	feat(vault): Add unimplemented worker filter support to OSS	4 years ago
Louis Ruch	52c1a4f9f9	feat(targets): Support extraWorkerFilterFunc in target	4 years ago
Jeff Mitchell	8f2ef45a01	Update against new version of nodeenrollment split listener (#2280 )	4 years ago
Louis Ruch	a17e973712	feat(credentials): Refactor credential purposes (#2260 ) * feat(credentials): Refactor credential purposes * Application credentials have been refactored to Brokered credentials * Egress credentials have been refactored to Injected Application credentials Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	4 years ago
Jeff Mitchell	271cc8f781	Add ssh private key to CLI (#2265 )	4 years ago
Louis Ruch	ef5ac07f02	Add ssh_private_key support for Vault libraries and targets (#2263 ) * Add support for ssh_private_key credential type in Vault libraries * Add support for ssh_private_key credential type * Support jsonpointer for Vault library mapping overrides	4 years ago
Jeff Mitchell	011e2e7425	Add ssh private key type and add type to static store (#2262 ) Co-authored-by: Louis Ruch <louisruch@gmail.com>	4 years ago
Jeff Mitchell	8c56a5648d	Migrate plugin host/set/catalog prefixes to typed (#2256 ) * Migrate plugin host/set/catalog prefixes to typed * Add credential store typing too	4 years ago
Haotian	28f53a64b4	feat(workers): implement worker service add/set/remove api tags	4 years ago
Jeff Mitchell	fb3b2209e5	Add WithType to worker listing (#2252 )	4 years ago
Jeff Mitchell	81af61ae7d	Add client next protos to KMS connection info (#2246 ) This builds on the previous change in the nodeenrollment library to allow KMS connections to store incoming ALPN NextProto information.	4 years ago
Jeff Mitchell	1596ff3d1c	Update against new nodee conn type (#2245 )	4 years ago
Jeff Mitchell	6b48346bf3	Add managed worker address fetching (#2244 )	4 years ago
Jeff Mitchell	ca387223b8	Retry faster on initial status (#2243 ) Right now there is a bit of a race condition in that a status call that indirectly tells the controller that a worker is ready to accept sessions can have its response unable to be processed in time for an actual session to come in from a client. It's very unlikely but technically there. This changes where we check if we have ever successfully authenticated from the function called by the ticker to the ticker itself, allowing us to reset the timer to a very short time if we have not yet authenticated. We already have the initial timer set to 0 for "as soon as possible" behavior, but if that initial status failed we'd wait for the normal interval. Now we will instead continue with the "as soon as possible" behavior, and reduce the very unlikely race condition to extremely unlikely. (There are more permanent fixes but those are bigger and can come later.)	4 years ago
Todd	155c5f578b	Create session manager for workers to use to interact with sessions (#2235 )	4 years ago
Jeff Malnick	1f66685864	feat: set default connection limit to unlimited (-1) instead of 1 (#2234 ) This avoids the confusion behavior of a session terminating as soon as a single connection using that session is closed.	4 years ago
Damian Debkowski	3e9c99c217	refactor(user_password) rename all references of user_password to username_password (#2232 )	4 years ago
Damian Debkowski	afd4437492	fix(error) validate credential store id when creating username/password credentials (#2231 )	4 years ago
Todd	9af6c09c36	Move generated pb.go file in to the internal/gen directory (#2225 )	4 years ago
Todd	19b549c44a	Rename package servers to server (#2222 )	4 years ago

... 3 4 5 6 7 ...

547 Commits (deeac5c457e86c6c2bf6db50f00a385ecbf4a360)