releases.shpreview
HashiCorp/Boundary/v0.5.0

v0.5.0

August 5, 2021BoundaryView original ↗
$npx -y @buildinternet/releases show rel_LJjApw_ZGReh4I3ZVwSXU

0.5.0 (2021/08/02)

Deprecations/Changes

  • With respect to Target resources, two naming changes are taking place. Note that these are not affecting the resources themselves, only the fields on Target resources that map them to targets:
    • Credential Libraries: In Target definitions, the field referring to attached credential libraries is being renamed to the more abstract credential sources. In the future Boundary will gain the ability to internally store static credentials that are not generated or fetched dynamically, and the sources terminology better reflects that the IDs provided are a source of credentials, whether via dynamic generation or via the credentials themselves. This will allow a paradigm similar to principals with roles, where the principal IDs can be a users, groups, and managed groups, rather than having them split out, and should result in an easier user experience once those features roll out compared to having separate flags and fields. In this 0.5 release the Boundary CLI has gained parallel application-credential-source flags to the existing application-credential-library flags, as well as boundary targets add/remove/set-credential-sources commands that parallel boundary targets add/remove/set-credential-libraries commands. This parallelism extends to the API actions and the grants system. In 0.6, the library versions of these commands, flags, and actions will be removed.
    • Host Sets: Similarly, in Target definitions, the field referring to attached host sets is being renamed to the more abstract host sources. In the future Boundary will allow attaching some host types directly, and possibly other mechanisms for gathering hosts for targets, so the sources terminology better reflects that the IDs provided are a source of hosts, whether via sets or via the hosts themselves. Like with credential sources, in this 0.5 release the Boundary CLI and API have gained parallel API actions and fields, and the set versions of these will be removed in 0.6.

New and Improved

  • OIDC Accounts: When performing a read on an oidc type account, the original token and userinfo claims are provided in the output. This can make it significantly easier to write filters to create managed groups. (PR)

  • Controllers will now mark connections as closed in the database if the worker has not reported its status; this can be seen as the controller counterpart to the worker-side session cleanup functionality released in 0.4.0. As with the worker, the timeout for this behavior is 15s.

  • Workers will shut down connections gracefully upon shutdown of the worker, both closing the connection and sending a request to mark the connection as closed in the database.

  • Pressing CTRL-C (or sending a SIGINT) when Boundary is already shutting down due to a CTRL-C or interrupt will now cause Boundary to immediately shut down non-gracefully. This may leave various parts of the Boundary deployment (namely sessions or connections) in an inconsistent state.

  • Events: Boundary has moved from writing hclog entries to emitting events. There are four types of Boundary events: error, system, observation and audit. All events are emitted as cloudevents and we support both a cloudevents-json format and custom Boundary cloudevents-text format.

    Notes:

    • There are still a few lingering hclog bits within Boundary. If you wish to only output json from Boundary logging/events then you should specify both "-log-format json" and "-event-format cloudevents-json" when starting Boundary.
    • Filtering events: hclog log levels have been replaced by optional sets of allow and deny event filters which are specified via configuration, or in the case of "boundary dev" there are new new cmd flags.
    • Observation events are MVP and contain a minimal set of observations about a request. Observations are aggregated for each request, so only one observation event will be emitted per request. We anticipate that a rich set of aggregate data about each request will be developed over time.
    • Audit events are a WIP and will only be emitted if they are both enabled and the env var BOUNDARY_DEVELOPER_ENABLE_EVENTS equals true. We anticipate many changes for audit events before they are generally available including what data is included and different options for redacting/encrypting that data.

    PRs: hclog json,text formats, log adapters, unneeded log deps, update eventlogger, convert from hclog to events, event filtering, cloudevents node, system events, convert errors to events, integrate events into servers, event pkg name, events using ctx, add eventer, and base event types

Bug Fixes

  • config: Fix error when populating all kms purposes in separate blocks (as well as the error message) (issue, PR)
  • server: Fix panic on worker startup failure when the server was not also configured as a controller (PR)

New and Improved

  • docker: Add support for muti-arch docker images (amd64/arm64) via Docker buildx

Fetched April 8, 2026