releases.shpreview
HashiCorp/Boundary/v0.15.0

v0.15.0

January 30, 2024BoundaryView original ↗
$npx -y @buildinternet/releases show rel_vXzOO1ozJ1wQh5tt0qn6e

0.15.0 (2024/01/30)

Deprecations/Changes

  • Per the note in Boundary 0.13.0, the previous kms worker method has been removed. Since 0.13.0, unless the use_deprecated_kms_auth_method value was set on the worker config, the new kms mechanism was already being used; this is simply no longer an available option.
  • Per the notes in Boundary 0.12.0 and 0.14.0, it is now an error if an address on a host or target contains a port. As of this release, this restriction also affects existing addresses (not just creation/updating via the API) so any existing addresses containing a port will not be able to be used as part of a target's session authorization call.
  • The grant_scope_id field on roles is now deprecated in favor of the multiple grant scope support.
  • Per the note in Boundary 0.13.1, the id field in grants has changed to ids which allows multiple ids to be included; existing grants submitted to Boundary will continue to work, but grants using "id" can no longer be added to or set on a role.
  • All list endpoints except workers now return the first 1000 items instead of all items if no parameters are provided. The number of items returned can be configured through the new controller configuration value max_page_size. The Admin UI, CLI and api package automatically paginate results.

New and Improved

  • Multiple grant scopes in roles: Roles now support multiple grant scopes, along with the special values this, children (global/org only) to apply to all direct children of a scope, and descendants (global only) to apply to all descendants of a scope. These use the new actions add-grant-scopes, set-grant-scopes, and remove-grant-scopes on roles. For now the grant_scope_id field on roles will continue to be able to be set, which will set a single grant scope, but this capability is now deprecated.
  • Policies (Enterprise and HCP Boundary only): This release introduces Policies, a Boundary resource that represents a Governance Policy to enforce. The first implementation targets Storage Policies, which enables administrators to automate the process of retention and deletion of Session Recordings, ensuring that they're only retaining data that is explicitly required from a security/compliance perspective.
    • ui: Add full UI support for Storage Policies managing the lifecycle of Session Recordings. (PR)
  • New generic commands read, update, and delete have been added. These allow operating on resources by directly specifying the ID of the resource as the next parameter (e.g. boundary update ttcp_1234567890). Subtypes do not need to be specified (e.g. that command is equivalent to boundary targets update tcp -id ttcp_1234567890), and any flags given after the ID are passed through to the type-specific subcommand. Once the ID has been entered, autocomplete is also supported. (PR)
  • The key_id parameter within SSH Certificate Credential Libraries now accepts the use of templated parameters (PR)
  • List endpoint pagination: All list endpoints except workers now support pagination.
    • api: All list endpoints except workers have added support for pagination. The api package automatically paginates until the end of the results. The new `WithListToken`` option can be used to request a list of updated and deleted resources relative to the last result received.
    • config: add new controller field max_page_size for controlling the default and max size of pages when paginating through results.
  • New command search has been added allowing quick searching of targets or sessions. It utilizes a client side cache also added in this release. The client side cache starts itself automatically in the background when successfully executing any command that communicates with a Boundary controller. To disable the client cache from starting automatically set the BOUNDARY_SKIP_CACHE_DAEMON environment variable or pass the -skip-cache-daemon flag when running a command that may start it. Commands daemon start, daemon stop, daemon status, and daemon add-token were added to help manage the cache. The cache does not currently work with Boundary instances that require the use of client side certs.

Fetched April 8, 2026