boundary

Commit Graph

Author	SHA1	Message	Date
Damian Debkowski	ab58b24142	refactor(user_passsword) change all references of user_password into username_password (#2189 ) * (refactor) change all sql references of user_password to username_password * refactor(pkg) renamed pkg userpassword to usernamepassword * refactor(proto) updated protocol buffers to use UsernamePassword * refactor(code) updated references from UserPassword to UsernamePassword in golang files * refactor(test) updated unit tests to reference UsernamePassword changes * refactor(ddtest) updated references in dbtests to use UsernamePassword * chore(sql-test) fixed spelling issue * chore(sql) added and updated comments in migartion & tables. fixed indentations * chore(proto) updated comments to reflect username_password changes * refactor(tests) updated unit tests to replace user-password with username-password * refactor(cmd) updated cmd help text to use username * chore(tests) update test name & comments * fix(cmd) fixed cmd usage definition for credentials update * refactor(tests) removed out of scope changes * fix(sql) incremented sql migration id & updated migration comments	4 years ago
Jim	bd167da7d1	fix (worker): send workerId when authorizing session (#2207 ) * fix (worker): send workerId when authorizing session Send the workerId returned from the last success worker status when authorizing a session. * fixup! fix (worker): send workerId when authorizing session * fixup! fix (worker): send workerId when authorizing session * refactor (worker): deprecate workerId in ActivateSessionRequest It wasn't being used anywho * fixup! fix (worker): send workerId when authorizing session * Update LookupSessionRequest Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	4 years ago
Jeff Mitchell	704d68848c	Merge remote-tracking branch 'origin/main' into llb-byow	4 years ago
Louis Ruch	68eb6e2bed	chore(targets): remove deprecated credential libraries on target resources (#1533 )	4 years ago
Louis Ruch	58d546cdd4	feat(credential): Add static credential store and username_password credential	4 years ago
Jim	9dde83aea7	feature (byow): classify status msg data (#2181 ) Classifying the data allows it to appropriately included in audit events	4 years ago
Jeff Mitchell	5d3facf561	Merge remote-tracking branch 'origin/main' into llb-byow	4 years ago
irenarindos	16d95262a6	feature(worker): add workerKeyId to status	4 years ago
Timothy Messier	e79714e93f	feat(session): Add include_termianted option to list endpoint	4 years ago
Jim	37cc61e4c9	feature (worker): Add audit data classification to CreateWorker(...) api (#2153 )	4 years ago
Jim	fdf43fc4fe	feature (worker): add CreateWorker(...) service (aka API) (#2143 )	4 years ago
Haotian	1830605a7e	refact(servers) Update api for new worker and controller server tables (#2101 ) * Discontinue support for old Server message in ServerCoordinationService. Split message into ServerWorkerStatus and UpstreamServer (which currently contains controller addresses). Remove unnecessary fields. Modify workerStatusServer to use new fields. Co-authored-by: Todd <github@quaddi.com>	4 years ago
Todd	fa2efe9878	Create the Worker API resource and the CRUDL operation definitions for a worker. (#2114 )	4 years ago
irenarindos	9e27605213	refact(servers): Split server table into worker and controller	4 years ago
Johan Brandhorst-Satzkorn	f69fbf2255	feat(proto): Format protobuf files with buf (#2033 ) Formats all protobuf files with buf format. This ensures a consistent style across all our protobuf files, similar to gofumpt.	4 years ago
Timothy Messier	3be5c44907	feat(target): Classify resources for audit events	4 years ago
Johan Brandhorst-Satzkorn	8c452b0991	feat(authmethods): Add classification to all fields	4 years ago
Timothy Messier	2ade7f34a8	feat(users): Classify resources for audit events	4 years ago
Timothy Messier	006fa3a85a	feat(session): Classify resources for audit events	4 years ago
Timothy Messier	38a3960047	feat(role): Classify resources for audit events	4 years ago
Timothy Messier	6ad9aba505	feat(credentialstore): Classify resources for audit events	4 years ago
Timothy Messier	9d3a57cbb0	refact(credentialstore): Switch subtype attributes to oneof This updates the credential store resources to use a oneof for attributes. This allows requests to the credential store service to leverage the new subtypes.AttributeTransformerInterceptor so that attributes are strongly typed prior to the service handler.	4 years ago
Timothy Messier	00e57b20a2	feat(credentiallibrary): Classify resources for audit events	4 years ago
Timothy Messier	3d4ba0389e	refact(credentiallibrary): Switch subtype attributes to oneof This updates the credential library resources to use a oneof for attributes. This allows requests to the credential library service to leverage the new subtypes.AttributeTransformerInterceptor so that attributes are strongly typed prior to the service handler.	4 years ago
Timothy Messier	95315a3e0a	feat(groups): Classify resources for audit events	4 years ago
Timothy Messier	e2eca03d26	feat(managedgroups): Classify resources for audit events	4 years ago
Timothy Messier	5d6cb0009d	refact(managed-groups): Switch subtype attributes to oneof This updates the credential store resources to use a oneof for attributes. This allows requests to the credential store service to leverage the new subtypes.AttributeTransformerInterceptor so that attributes are strongly typed prior to the service handler.	4 years ago
Johan Brandhorst-Satzkorn	fc6cddfc7f	feat(authtokens): Add classification to all fields (#1996 )	4 years ago
Johan Brandhorst-Satzkorn	d51ce41db8	feat(hostsets): Classify all proto fields	4 years ago
Johan Brandhorst-Satzkorn	8fa3e8dee0	feat(hostcatalogs): Classify all proto fields	4 years ago
Johan Brandhorst-Satzkorn	5440195cce	feat(hosts): Classify host proto fields	4 years ago
Johan Brandhorst-Satzkorn	a2bff4efdf	feat(authmethods): Add typed attributes to authenticate request and response The AuthenticateRequest and AuthenticateResponse types have a complex mapping rule system, which requires a pair of custom callback functions.	4 years ago
Johan Brandhorst-Satzkorn	53481146fd	feat(authmethods): add well typed attribute options (#1972 ) Add well typed attribute options to the authmethods proto definitions, while hiding them from being rendered in the openapiv2 spec.	4 years ago
Timothy Messier	e76c48ad36	feat(account): Mark auth_method_id as a source id for subtypes	4 years ago
Johan Brandhorst-Satzkorn	6e6efeee71	feat(account): Add gotags classification Add gotag classification to all account proto and service definitions.	4 years ago
Johan Brandhorst-Satzkorn	6a37bd9710	Upgrade grpc-gateway version to v2.10.0 (#1954 ) This new version will let us hide fields from the OpenAPI output	4 years ago
Johan Brandhorst-Satzkorn	80b2c9230f	refact(authmethods): Add top level token type to Authenticate (#2010 ) Other parts of the system make use of a "type" field, while the AuthenticateResponse sets a "token_type" on the response attributes directly. Rename this field to "type", and move it up to the response level, to be more consistent with other RPCs. Also adds a new field to the AuthenticateRequest, "type" which will replace the "token_type" field over time.	4 years ago
Johan Brandhorst-Satzkorn	b1d6a1da9a	Switch to buf for protobuf generation (#1944 ) * Install buf with go install This reduces the impact of using buf on our dependency closure, which was significant. It also avoids potential issues with building buf given our own internal dependency constraints. This has caused issues (including crashes!) in the past. See https://github.com/cockroachdb/cockroach/issues/67216#issuecomment-874176186 for more discussion on using tool dependencies generally, and https://github.com/bufbuild/buf/issues/52 for an example of where this sort of thing caused an issue for a user. * Upgrade buf version We should migrate to v1 sooner rather than later, as it has some breaking changes from v0. * Change buf lint/breaking commands These commands were moved up one level for v1 * Migrate to buf.yaml to v1 * Remove unused imports These were uncovered by using "buf lint". * Use buf v1.3.1 * Depend on googleapis and grpc-gateway via BSR * Switch to buf for proto generation * Remove third party dependency * Remove unused tools and scripts * Move local protos up one level * Temporarily don't fail on breaking changes * Generate CI config * Fix generation of controller.json * Replace use of deprecated flag * Remove unused import, regenerate files * Remove temporary skipping over breaking check	4 years ago
Hugo	244237cd2f	feat(controller): Add health endpoint (#1882 ) * feat(controller): New health service and server This change also implements a new listener purpose, `ops`. `ops` (short for operations) is a new listener purpose that is responsible for serving Boundary's operations endpoints, like health and possibly metrics. At Startup: `ops` listeners get configured as late as possible to catch any errors with the startup process; At Shutdown: If the health endpoint has been set-up, we introduce a configurable delay in the process. This is to enable the health endpoint to report unhealthy for that amount of time. `ops` listeners are also the last listeners to be shutdown.	4 years ago
Louis Ruch	425a56179f	feat(worker): Implement egress credentials Egress credentials Issued during AuthorizeSession are stored in the session repo. These credentials are retrieved and stored in-memory on the worker during the LookupSession call. Each proxy handler will need to handle the credentials as required.	4 years ago
Jim	baa1d88f1f	feature: Add client ip to inbound request information (#1678 ) * feature: Add client ip to inbound request information * feature (workers): Add the user's client IP to a session's connection information (#1749)	4 years ago
Todd Knight	884e1f2d18	Merge branch 'main' into plugin-hostcatalogs # Conflicts: # go.mod # sdk/go.mod	5 years ago
Jim	048fceaf54	feature (workers): Add audit events for worker requests (#1681 ) * feature (audit events): Add interceptor for auditing worker requests * feature (events): Add default deny filter for worker status events * feature (worker audit events): Add tags to SessionService req/resp	5 years ago
Jeff Mitchell	80d41b9044	Merge branch 'main' into plugin-hostcatalogs	5 years ago
Timothy Messier	36f1ae75f7	feat(sdk): Add support for egress credentials to target service	5 years ago
Jim	8ae6e9892f	feature (events/audit): Add auth info to audit events (#1644 )	5 years ago
Jeff Mitchell	b1a72bd445	Merge remote-tracking branch 'origin/main' into plugin-hostcatalogs	5 years ago
Jim	a679300b50	feature (events): Classify auth method request/resp messages for audit events. (#1640 ) * refactor (oidc): Stop emitting error for not found token id Stop emitting errors when authtoken repo.IssueAuthToken is called and there's if no pending token. It's not an "normal" state and not an error condition. * feature (audit tagging): Add tags for auth method requests/responses Including testing functions for asserting audit events created when a service is called	5 years ago
Jim	99d6da4121	feature (events): Add audit request interceptors (#1620 )	5 years ago
Jeff Mitchell	0fd906d964	Merge branch 'main' into plugin-hostcatalogs	5 years ago
Jim	769416c2ff	refactor (controller): Use a grpc server for the grpc-gateway (#1576 ) * refactor (controller): Use a grpc server for the grpc-gateway This starts a grpc server for the grpc-gateway. The new gateway server uses an in-memory listener which also supports "dialing", so the http proxy can connect to the in-memory listener. This change allows us to use all grpc server features and was in part motivated by a need for an interceptor of inbound requests. With that said, having a "proper" grpc server for the gateway will provide a lot more flexibility and capabilities moving forward. The request context will still be verified via middleware in the http proxy (see wrapHandlerWithCommonFuncs). This verified context will be serialized into a protobuf and sent along to the grpc-gateway via metadata where an interceptor will add the verified request info to the request's context (see requestCtxInterceptor). The interceptor will verify the serialized request info via a shared ticket with it's companion in-memory http proxy. FYI: the ticket is simply random base62 string (see db.NewPrivateId). This change also necessitated a minor change to services. We need to return an empty response instead of nil, nil when there are no errors and the response is empty. * refactor (handlers): Rename gRPC Gateway filter Originally, this was called an OutgoingInterceptor, which is an unfortunate name since it's not an interceptor. Now that we're refactoring the gateway stuff and have proper interceptors, renaming this should remove ambiguity * refactor: Rework how 204 with empty msg is handled Recent changes to grpc gateway has necessitated a change to how 204s are handled by the gateway * tests (bats): Check status codes for delete operations	5 years ago
Jeff Mitchell	158ab09952	Merge branch 'main' into plugin-hostcatalogs	5 years ago
Jim	c8b29ded1c	Events: Add outbound detail protobufs, request status code, and update event encrypt filter. (#1569 ) * feat (events): Add status code to audit events * feat (events): Add the resp proto msg to every audit event * chore (events): Update eventlogger dep This latest version will redact any map and/or map field which isn't explicitly classified via a Taggable interface * feat (events): Begin to add tagging to response proto msgs	5 years ago
Jeff Mitchell	7d71618df0	Add more host-catalog and host-set CLI support (#1567 ) Add more host-catalog and host-set CLI support Co-authored-by: Todd <T.Alan.Knight@gmail.com>	5 years ago
Todd	a4ea99047f	Remove Prefix Id and Plugin Name fields (#1563 ) * Remove Prefix Id and Plugin Name fields. Creating catalogs now require either the plugin id or the name of the plugin resource (but not both). Host Catalogs and Host Sets API resources now have a read only plugin field populated with plugin info. Host Catalogs have a plugin id field as a top level field.	5 years ago
Todd	0ba217cbfa	Run `make tools` and `make gen` now that the dependencies have been updated. (#1552 )	5 years ago
Louis Ruch	6000f20ae5	chore(authenticate): remove deprecated authenticate:login and credentials field (#1534 ) * chore(authenticate): remove deprecated authenticate:login * Update changelog	5 years ago
Jeff Mitchell	7fc712de44	Bump protoc	5 years ago
Jeff Mitchell	2649d1b966	Move protooptions to sdk/pbs (#1486 ) This prevents a reverse dependency from sdk on the main module.	5 years ago
Jeff Mitchell	b13975cb6a	Move API resource pbs to new location (#1484 ) This moves the generated pb files to the `sdk` module. This allows third parties to make use of them if desired (e.g. in upcoming plugins) and moves away from the `gen` nomenclature in the directory, since we are going to be adding some extra interface functions to the messages.	5 years ago
Louis Ruch	31af49e76d	refactor(worker): Move tcp_proxy into its own package (#1458 ) * refactor(worker): Move tcp_proxy into its own package This refactors: - the tcp_proxy.go into worker/proxy/tcp - add a missing unit test for the HandleTcpProxyV1 - refactors session.go into worker/session, needed to avoid import cycle - adds a baseline for a mock controller session client - go lint fixes * Add sleep between spinning listener goroutine and dialing Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	5 years ago
Todd Knight	39cc245966	Make gen after make tools. Includes make fmt of existing non generated files. (#1438 )	5 years ago
Jeff Mitchell	f8a51b987c	Migrate target host sets -> host sources (#1424 ) This follows the same model as https://github.com/hashicorp/boundary/pull/1413 See there and CHANGELOG for more details.	5 years ago
Jeff Mitchell	ab6f3eaeb4	Migrate credential-library nomenclature around targets to credential-source (#1413 ) See the CHANGELOG entry for more information. Co-authored-by: Jim <jlambert@hashicorp.com> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	5 years ago
Jeff Mitchell	528d54b4ad	Add token/userinfo claims to account read output (#1419 ) This is very useful when trying to write managed groups filters as you can directly look at the structure of the claims for the accounts you're trying to filter. The output of the claims in text format on the CLI currently leaves something to be desired. I started revamping some of the formatting functions and it quickly got very fragile. Fundamentally at this point we're likely better off -- now that we have a good idea what our output format/standards are like -- rewriting the formatting code. I'll take that as a tasker as I have a lot of ideas...	5 years ago
Jeff Mitchell	7c3d5be4f6	Update format of secret to return both raw and decoded when possible (#1372 )	5 years ago
Jeff Mitchell	86c9a90554	Update target credential library service, API, SDK, CLI (#1343 )	5 years ago
Michael Gaffney	df35699c4e	Integrate with Vault to retrieve and manage per session credentials (#1308 ) * Fix down migrations * Udpates due to merge * Sentinel values only have to be greater than 0 * Create credential related sdk structs and methods. * Post merge interface updating. * Removing scratch code that was not cleaned up. * updates * Convert client certificate and client certificate keys into pem blocks and validate. * Add newline at end of file. * Faster check for "s" at the end of a resource name when generating from templates. * make fmt * updates * Add dynamic credentials to a session * Refactor: move contents of file * updates * Updates * Add InvalidDynamicCredential error * Assign credentials * Allow updating client certificates seperate from the client certificate key. * Replace application purpose string with enum value * PR feedback / fix go test . * Delete dead code * Use common view * Refactor: extract interface and rename method * Refactor: move code to eliminate privPurpLibrary * Add comment to requestMap * Refactor: do not export methods on an unexported struct * Update internal/db/schema/migrations/postgres/10/03_vault_credential.up.sql Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * Add comments to credential Purpose constants * Reorder switch statements to handle errors first * PR feedback * update * fix merge * Organizing the scheduler code and extract the individual store creation test helper function. * Run 'make fmt' * Create certificate when creating store. Allow vault address to be passed in as option * Refactor: rename database views and associated structs This change renames two database views and associated go structs to use a consistent naming pattern. Views ending in 'private' contain encrypted credentials needed for connecting to Vault. Views ending in 'public' mirror the 'private' views but do not include any encrypted values. This change does not include any changes to functionality or behavior. * Adding SAD target operations for credential libraries to the SDK. * Add status field and enumeration table for credential status * Refactor: rename Status to TokenStatus * Add status to vault credentials * Creating the template for the CLI and helper functions. * Add private database view for vault credentials * Add scope_id to view and cleanup TODO comment * Reformat embedded sql queries * Add vault client helpers * updates * white space * Add LookupLease test * CLI commands for Store work. Renamed fields in proto w/ vault prefix. * Test issue credentials with client TLS * Add additional checks to vault ping * Add an error for vault token capabilities and create a VaultToken error kind * Add support for working with Vault policies * Use Vault 1.7.2 for testing * Add testing helper for creating a vault client with a non-root token * Fix Vault renew lease test The Vault renew lease endpoint accepts an optional duration parameter for requesting the number of seconds to extend the lease by. However, Vault is not required to honor this request. * Add a var for the required capabilities of a boundary Vault token * Enhance the test helper for adding a policy to Vault * Allow the test role in postgresql to revoke credentials * Remove out of date comments * Enhance Vault test helpers for the database secrets engine * Reformat comments * Add a method for getting the capabilities of the current Vault token * Add revoke lease to internal Vault client * Reformat: combine err return line with check for nil line * Remove redundant checks in test code Remove checks in test code that are redundant with checks in the test harness. * Refactor CreateToken test helper to return the secret and the token * Fix build failures caused by signature change in vault.CreateToken * Fix Vault version and Vault API link in comments * ran `make gen` after merging from mgaffney-vault. * Remove Vault prefix from attribute fields in API, create a base CLI option for adding field prefixes. format now uses that prefix for error reporting. * Template now allows attaching attribute field prefixes. * Credential store uses PrefixAttributeFieldErrorsWithSubactionPrefix. * Fixing naming of vault flags and helper flags. * Updating more references to generated api methods. * Make the capabilities String method more readable * Add comment outlining PrintApiError usage of Options. * Refactor test to move declarations closer to first use * Fix comment * Implement revoke method on vault repository * Tests now verify certs, CA, and tokens, addresses can be updated in a store. * Added test for creating store with pk/cert in same field. * Allo updating certificates seperate from private key. Only contact backing vault service when updating token. * Fixing bad tests and removing unused code. * Adding tests for various ways of updating tokens. * Add private credential * Add token revocation job and cred renewal/revocation job * Regen after merge. * Fixing field mask related merge error. * Create Library CLI. Removes vault prefix from path. Adds a WithoutCleanup testOption for vault. * Set all credentials to revoked when a token is revoked * Fixing missed renaming update. * fix copy/paste error. * Fixing code generation errors after merge. * make gen after merge. * Update internal/cmd/commands/credentialstorescmd/vault_funcs.go Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * Update internal/cmd/commands/credentialstorescmd/vault_funcs.go Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * Update internal/cmd/commands/credentialstorescmd/vault_funcs.go Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> * Refactor: move migrations from 10 to 12 * Removing logic from transaction. * wrapping client errors in the calling op for CredentialStore's client() method. * Redact token * redact client key * updates * Add trigger to revoke credentials when session is canceled or terminated * Fixing some help text for some flags. * Add ability to load values from files (file://) or environment variables (env://). * Updating comments * fix bad merge * feedback * Adding issued credentials to sessions. * Error on capabilities * updates * Expose NewVaulTestServer * Add godoc * Adding generated SessionCredential struct for API. * Progress on building handler test for Authorize Session. * feedback * Update policies * Add 'revoke' as a status for Vault Tokens * Add delete_time to vault credential store * Create dynamic credentials at session creation time. * Tests pass with credentials attached to AuthorizedSession result. * Only call issue if there are credentials to issue. * Fixing output only issues. Adding type to credential library. * Fix test to clear un/pw generated. confirm generated un/pw changes from 1 authorize session call to another. * Update lookupTokenError * Add delete_time to private credential store * Refactor: move private store to separate file * Fixing tests for AuthorizeSession and verifying error cases. * Only create the credential repo if there are credentials to issue. * Rename Library field to CredentialLibrary. * Fixing missing change of Library to CredentialLibrary. * Removing Default SDK functions for fields which are required and update CLI to match. * Replace resource specific id variables with "id" and the input parmater for paths to be just a single string and the resource name as it should show up in the path. * Soft delete vault credential stores * Prevent new SQL functions from silently overwriting existing functions * Rename "Hmac" to "HMAC" in the human readable cli response table. * Fix tests * Add vault database cleanup jobs * Add ability to set the token period in the vault test harness * updates * Add not_null_columns func test * remove unused struct * Up no output timeout * Validate current vault token on addr update * Fix client cert change test * add cert test * Update revocation job where * Fix comment * Use Vault's default port in CLI help strings * Remove down migrations * Increase migration file numbers by 1 * Run make migrations * Move migrations from 12 to 10 * Increase Circle CI timeout for acceptance tests * Fix spelling mistake in error messages * ASD cmds for Target and returning credentials to AuthSession request (#1338) * Add Add/Set/Remove commands for libraries on Targets. Return credentials on AuthorizeSession request. Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com> Co-authored-by: Louis Ruch <louisruch@gmail.com> Co-authored-by: Todd Knight <T.Alan.Knight@gmail.com> Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	5 years ago
Jeff Mitchell	5c8a8c3998	Merge remote-tracking branch 'origin/main' into ICU-1573	5 years ago
Michael Gaffney	094bdcdd2b	protobuf: remove unused imports (#1267 ) This removes unused imports in the protobuf files which are reported as warnings by the protoc compiler.	5 years ago
Jeff Mitchell	306d4fb4d3	Add API/CLI for managed groups (#1265 )	5 years ago
Jeff Mitchell	179a49657e	Managed Groups service (#1262 )	5 years ago
Jeff Mitchell	6f34da8923	Add cleanup of dead connections no longer reported by a worker (#1220 )	5 years ago
Jim	2437cdcc8d	OIDC: add support for account claim maps (#1186 )	5 years ago
Jim	25e657fa51	Ongoing OIDC: support to request additional OIDC scopes from the IdP (#1175 )	5 years ago
Jim	75108cbc8b	Ongoing OIDC: return the primary account info along with the user. (#1145 )	5 years ago
Jim	358f5a61fb	bump protoc to v3.15.8 (#1147 )	5 years ago
Jeff Mitchell	be10cc4b42	Update grpc/proto deps (#1136 ) * Update grpc/proto deps * Make gen	5 years ago
Jim	f8f66abcf4	regen proto (#1109 )	5 years ago
Jeff Mitchell	90b30bad25	Use 202 for token polling endpoint instead of 204 (#1103 )	5 years ago
Todd Knight	71673ea161	Pass disable_discovered_config_validation in the API change-state call (#1100 )	5 years ago
Jim	dd0f34bc35	Add new OIDC auth method. (#1090 ) Co-authored-by: Todd Knight <T.Alan.Knight@gmail.com> Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com> Co-authored-by: Michael Gaffney <mgaffney@users.noreply.github.com>	5 years ago
Jeff Mitchell	6605b4c9f8	Revamp authenticate (#1025 )	5 years ago
Jeff Mitchell	fcbf372881	Bump proto/grpc deps (#1017 ) * Bump proto/grpc deps * Back out buf change * Run make gen	5 years ago
Jeff Mitchell	09e57a6624	Dep update: (#955 ) * grpc-gateway and friends * buf * go-swagger * protoc-gen-go-grpc/genproto	5 years ago
Todd Knight	97b404032b	Add ability to filter List*Requests (#952 )	5 years ago
Jeff Mitchell	c6fa737e51	Add a duplicate authenticate:login API verb (#912 )	5 years ago
Jeff Mitchell	cb3980cb8c	Remove list:self from main (#915 ) * Remove list:self from main As per futher discussions, we won't be supporting this, in favor of simply read:self and cancel:self (since listing now already filters out items on which you have no permissions). This doesn't remove list:self entirely from the code base as much of that will simply be converted to read:self and cancel:self -- that will be in a later PR. However, with this removed if we want to release we won't expose an API publicly that isn't going to stick around.	5 years ago
Todd Knight	02cd972043	Create Sessions List Self Action (#888 )	5 years ago
Jeff Mitchell	6cd97a4a6e	Add support for recursive listing (#885 )	5 years ago
Jeff Mitchell	6b58a3317d	Add recursive listing to roles (#881 ) This also lays the framework for adding recursive listing to the rest of the resources.	5 years ago
Jeff Mitchell	717a3b52ee	Add worker tagging (#862 ) This allows workers to have tags assigned to them, which can then be filtered to control which targets they are allowed to serve.	5 years ago
Jeff Mitchell	dcb15cffbd	Add authorized actions output on resources (#870 )	5 years ago
Jeff Mitchell	27919ab11b	Groundwork for returning authorized actions (#860 ) This returns authorized actions on targets to users when they perform an operation on a target, including listing. It also prevents users from seeing values in listing targets on which they have no permissions.	5 years ago
Jeff Mitchell	84c617dc49	Run make gen after the gofumpt update	5 years ago
Michael Gaffney	94cb79bbdd	See how Boundary would look with gofumpt applied (#853 ) * See how Boundary would look with https://github.com/mvdan/gofumpt applied Results of running `gofumpt -w -s .` * Update tools file and Makefile for gofumpt Co-authored-by: Jeff Mitchell <jeffrey.mitchell@gmail.com>	5 years ago
Jeff Mitchell	a6cca576a3	Attempt canceling sessions by the client (#831 ) * Attempt canceling sessions by the client In some circumstances (like a Ctrl-C), the client knows it's shutting down and the TOFU token will be lost. In this case it makes sense to cancel the session rather than have it time out. This introduces a command enum to the handshake message which can be used for the client to send commands to the worker -- in this case the only specified command is to cancel the session. It doesn't occur if the session is already timed out or if we can't authorize connections as this generally means the session is already invalid.	5 years ago
Jeff Mitchell	11b821a200	Bump deps (#818 )	5 years ago
Jeff Mitchell	d4a6efb363	Pass endpoint to the client (#811 ) This allows us to automatically set TLS parameters, useful for `boundary connect http` and some other features to come.	5 years ago
Todd Knight	aa4157639c	Change Format of API Error (#784 ) This is a wire breaking change for json errors since we have removed and renamed a few fields, and changed part of the structure of the returned json error. * Remove redundant fields in Status, details.error_id, details.TraceId and details.request_id from API errors. * Added wrapped errors and "ops" field to indicate the internal operation of the errors returned by the API. * Added error cli error reporting of Op and wrapped errors.	5 years ago
Jeff Mitchell	a37ba007f2	Update deps (#772 ) * Update deps This also updates for the new (and required) paradigm for registering service implementations as spelled out in https://github.com/grpc/grpc-go/issues/3385 * Roll back dockertest	6 years ago
Jeff Mitchell	813d21565f	Allow authorize-session to be invoked with target name (#737 )	6 years ago
Jeff Mitchell	1dd145e707	Fix up swagger title, which was in the authentication service	6 years ago
Jeff Mitchell	dd8973dd9f	Move authenticate service into auth method service (#635 ) This was always an RPC-only distinction and from that perspective it makes sense; however it causes the generated docs to treat it as an entirely separate service even though it's under the same collection path as auth methods and this is confusing.	6 years ago
Jeff Mitchell	7f00e61ab0	Migrate to newer grpc utilities and bump deps (#593 ) * Migrate to newer grpc utilities and bump deps * Revert grpc back as it was an accidental tag	6 years ago
Todd Knight	abe5e9b950	Add Termination Reason (#573 )	6 years ago
Jeff Mitchell	ae3a9e32cf	Remove proxy command You can now use -authz-token in `boundary connect` which also allows using the connect subcommands when you already have a token.	6 years ago
Jeff Mitchell	0c3d90fdd6	Erp, forgot to make gen	6 years ago
Jeff Mitchell	a38f40606e	Create default roles in scopes to allow authentication and listing scopes/auth methods (#502 )	6 years ago
Todd Knight	0eb35f49d5	Correcting a bunch of incorrect documentation for the different API services and resources. (#494 )	6 years ago
Jeff Mitchell	b1fc9fd547	Sanitize protos (#471 )	6 years ago
Jeff Mitchell	63224d094e	Make gen	6 years ago
Todd Knight	0e5a849402	Adding Add\|Set\|Remove Accounts on the user resource (#461 )	6 years ago
Jeff Mitchell	446286e251	Bump deps (#435 )	6 years ago
Jeff Mitchell	e86c11db62	Add session lifecycle info to controller's INFO log. (#431 ) This required some plumbing, but nothing major.	6 years ago
Todd Knight	2f8d7f0a32	API Errors: Hide and log internal errors (#411 )	6 years ago
Jeff Mitchell	f25186f78a	Standardize on one spelling of "canceled" (#399 )	6 years ago
Jeff Mitchell	27d728875c	Cleanup session state enum (#394 ) It's up to the worker to understand what a change in state means, so there was no functional difference between simply sending a state change request and a cancel request.	6 years ago
Jeff Mitchell	33b0021547	Add Sessions CLI command and add session cleanup to worker (#388 )	6 years ago
Jeff Mitchell	9cbc7b5c3d	Add connection close call from worker to controller (#387 )	6 years ago
Jeff Mitchell	7ff4b7f106	Send connected RPC to controller (#386 )	6 years ago
Jeff Mitchell	4669c95999	Pass more session info around, make proxy UX nicer (#385 )	6 years ago
Todd Knight	e937b0ea27	Sessions Read/List/Cancel API and SDK (#369 )	6 years ago
Jeff Mitchell	f7e48ec836	Plumb connection limit to proxy and output it (#384 )	6 years ago
Jeff Mitchell	edffc7863d	Change connection limit to -1 for unlimited so it works with TF (#383 ) * Migrate connection limit unlimited value to -1 * Fix authorization check	6 years ago
Jeff Mitchell	5214f14105	Work on connection authorization (#381 )	6 years ago
Jeff Mitchell	5bf555cca2	Remove connection idle timeout seconds for now (#379 )	6 years ago
Jeff Mitchell	e002326293	Plumb timeouts to worker and set appropriate deadlines (#378 )	6 years ago
Jeff Mitchell	0a3f9b8357	Rename connection idle timeout duration -> seconds and sessions max duration -> seconds (#376 )	6 years ago
Jeff Mitchell	62baef1b7e	Add multi connection parameters through targets and into session creation (#375 ) * Update protos and gen * Add new values to targets CLI command * Lots more plumbing of new parameters through everything * allow fields to be set to zero value. * Disallow set but empty name/description strings in create/update verifiers Co-authored-by: Jim Lambert <jlambert@hashicorp.com>	6 years ago
Jeff Mitchell	07a7e9750a	Tie together the database-driven session handling with the worker and add relevant CLI comands (#370 )	6 years ago
Todd Knight	f96fa25157	Add Auth Account id to Auth Token response (#363 )	6 years ago
Jeff Mitchell	f4ad22b247	Move default port to a TCP target attribute (#361 )	6 years ago
Jeff Mitchell	6201357902	Use scope-specific token DEKs (#342 )	6 years ago
Todd Knight	33e7b4538e	WorkerCoordination and GetSession API refactoring (#354 ) * Possible api changes. * Worker API update. * Updating import alias name. * Moving session down a level as a member of the GetSessionResponse. * Marshal the auth flag into the GetSessionResponse proto instead of the session.	6 years ago
Jeff Mitchell	41ed95bdec	Remove old-style pathing (#353 )	6 years ago
Jeff Mitchell	f94f21fd97	Update API codes (#336 )	6 years ago
Todd Knight	99d5456d7a	Scopes type field and types in updates allowed (#335 )	6 years ago
Todd Knight	c3ecea172d	Generate new version of SDK resources and Add Tests (#331 )	6 years ago
Todd Knight	1c2c078e0a	Adding Authz checks that support new pathing (#328 )	6 years ago
Jeff Mitchell	23156afa11	Add in most of the proxy flow (#326 )	6 years ago
Todd Knight	37e56ab46b	Pathing updated to support new and old styles (#323 )	6 years ago
Todd Knight	544e78b593	Target Handler and SDK CRUDL & add\|set\|remove-host-sets methods. (#310 )	6 years ago
Jeff Mitchell	c4522aa813	Update host sets and auth system to new paradigm (#319 )	6 years ago
Todd Knight	0aba6db720	Enable Split Cookies (#318 )	6 years ago
Jeff Mitchell	17ecb6f2ce	Separate accounts/host catalogs/host sets into their own packages (#311 )	6 years ago
Jeff Mitchell	490be8a7e4	Add ability to skip role creation on scope create (#308 ) * Initial work on scope creation skipping * Fix things	6 years ago
Todd Knight	c4d3414016	Add Host Set CUDLR handler and SDK (#290 )	6 years ago
Todd Knight	d5678c4f80	Handler for Host CRUDL actions (#287 )	6 years ago
Todd Knight	eaae887bbe	Don't require type for children of subtyped resources. (#285 )	6 years ago

1 2 3 4 5 ...

309 Commits (ea7ed5c1265bf4b7d283fbdcd4a695dd1bee7abe)