filter field is not sent by
admin UI (PR).-attr or
-secret values that contained colons
(PR)ssh Target Type With Credential Injection (HCP Boundary only): Boundary has
gained a new ssh target type. Using this type, username/password or SSH
private key credentials can be sourced from vault credential libraries or
static credentials and injected into the SSH session between a client and
end host. This allows users to securely SSH to remote hosts while never being
in possession of a valid credential for that target host.ssh_private_key credential type
that allows submitting a username/private key (and optional passphrase) to
Boundary for use with credential injection or brokering workflows.boundary connect ssh Credential Brokering Enhancements: we have extended
support into the boundary connect ssh helper for brokered credentials of
ssh_private_key type; the command will automatically pass the credentials to
the ssh process (PR).boundary authenticate, boundary accounts: Enables use of env:// and
file:// syntax to specify location of a password
(PR)boundary dev, boundary server
and boundary database init
(Issue,
PR).boundary accounts change-password: Fixed being prompted for confirmation of
the current password instead of the new one
(PR)-token flag in CLI: Passing a token this way can
reveal the token to any user or service that can look at process information.
This flag must now reference a file on disk or an env var. Direct usage of the
BOUNDARY_TOKEN env var is also deprecated as it can show up in environment
information; the env:// format now supported by the -token flag causes the
Boundary process to read it instead of the shell so is safer.
(PR)-password flag in CLI: The same change made above for
-token has also been applied to -password or, for supporting resource
types, -current-password and -new-password.
(PR)azure host plugin: Support multiple MSI identities
(PRcanceling state to terminated.
(PR)pki which
authenticates to Boundary using a new certificate-based method, allowing for
worker deployment without using a shared KMS.static,
which simply takes in a user-supplied credential and stores it (encrypted)
directly in Boundary. Currently, the static credential store can hold
credentials of type username_password. These credentials can act as
credential sources for targets, similar to credential libraries from the
vault credential store, and thus can be brokered to users at session
authorization time. PRboundary connect Credential Brokering Integration: we have extended integration
into the boundary connect helpers. A new sshpass style has been added to the
ssh helper, when used, if the credential contains a username/password and sshpass
is installed, the command will automatically pass the credentials to the ssh process.
Additionally, the default ssh helper will now use the username of the brokered credential.
PR.credential libraries with respect to Target resources.
The library fields and actions were deprecated in Boundary 0.5.0,
please use credential sources instead. See changelog referenced above for
more details (PR).user_password credential type has been renamed to
username_password to remove any inconsistency over what the credential type is.
All existing user_password typed credential libraries will be migrated to
username_password (PR).event.newError: missing error: invalid parameter and handle session cancel
with no TOFU token (Issue,
PR)wh_network_address_group
(which is now referenced by wh_host_dimension),
wh_network_address_dimension, and wh_network_address_group_membership.
(PR)authorize-session) will be returned.description field for workers now supports being set
from environment variables or a file on disk
(PR)max_open_connections field for the database field in controllers now supports being set
from environment variables or a file on disk
(PR)execution_dir field for plugins now supports being set from environment variables
or a file on disk.(PR)description field for controllers now supports being set
from environment variables or a file on disk
(PR)worker-auth KMS key
(PR)h2) specification that could
result in no shared cipher suites between the Boundary API listener and those
clients. (PR)*) action grants.
If affected, please update grant actions as follows:set-host-sets -> set-hostsadd-host-sets -> add-hostsremove-host-sets -> remove-hosts
(PR).auth-methods/<id>:authenticate:login action that was
deprecated in Boundary 0.2.0, please use
auth-methods/<id>:authenticate instead.
(PR).credential field within auth-methods/<id>:authenticate
action. This field was deprecated in Boundary 0.2.0, please use
attributes instead.
(PR).credential-store, credential-library, and
managed-group would not be accepted as specific type values in grant
strings. Also, fix authorized actions not showing credential-store values in
project scope output. (PR)sessions collection actions not being visible when reading a
scope (PR)u_anon) with no token and the list was started in a
scope where the user does not have permission
(PR)type=<type>;output_fields=<fields> with no action
specified. In some code paths this format would trigger an error when
validating even though it is correctly handled within the ACL code.
(PR)boundary targets authorize-session
(issue,
PR).wh_user_dimension table:
auth_method_external_id, auth_account_external_id,
auth_account_full_name, and auth_account_email.
(PR)principals with roles, where the principal IDs can be a users, groups, and
managed groups, rather than having them split out, and should result in an
easier user experience once those features roll out compared to having
separate flags and fields. In this 0.5 release the Boundary CLI has gained
parallel application-credential-source flags to the existing
application-credential-library flags, as well as boundary targets add/remove/set-credential-sources commands that parallel boundary targets add/remove/set-credential-libraries commands. This parallelism extends to
the API actions and the grants system. In 0.6, the library versions of
these commands, flags, and actions will be removed.OIDC Accounts: When performing a read on an oidc type account, the
original token and userinfo claims are provided in the output. This can make
it significantly easier to write filters to create managed
groups.
(PR)
Controllers will now mark connections as closed in the database if the worker has not reported its status; this can be seen as the controller counterpart to the worker-side session cleanup functionality released in 0.4.0. As with the worker, the timeout for this behavior is 15s.
Workers will shut down connections gracefully upon shutdown of the worker, both closing the connection and sending a request to mark the connection as closed in the database.
Pressing CTRL-C (or sending a SIGINT) when Boundary is already shutting down due to a CTRL-C or interrupt will now cause Boundary to immediately shut down non-gracefully. This may leave various parts of the Boundary deployment (namely sessions or connections) in an inconsistent state.
Events: Boundary has moved from writing hclog entries to emitting events.
There are four types of Boundary events: error, system, observation and
audit. All events are emitted as
cloudevents and we
support both a cloudevents-json format and custom Boundary
cloudevents-text format.
Notes:
"-log-format json" and "-event-format cloudevents-json" when starting
Boundary.BOUNDARY_DEVELOPER_ENABLE_EVENTS equals true. We
anticipate many changes for audit events before they are generally available
including what data is included and different options for
redacting/encrypting that data.PRs: hclog json,text formats, log adapters, unneeded log deps, update eventlogger, convert from hclog to events, event filtering, cloudevents node, system events, convert errors to events, integrate events into servers, event pkg name, events using ctx, add eventer, and base event types
kms purposes in separate blocks (as
well as the error message)
(issue,
PR)