diff --git a/.github/workflows/actionlint.yml b/.github/workflows/actionlint.yml index f26b2b6486d..36363e0389c 100644 --- a/.github/workflows/actionlint.yml +++ b/.github/workflows/actionlint.yml @@ -11,7 +11,7 @@ jobs: actionlint: runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Check workflow files uses: docker://docker.mirror.hashicorp.services/rhysd/actionlint@sha256:5acca218639222e4afbc82fc6e9ef56cbe646ade3b07f3f5ec364b638258a244 with: diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6c4b0ee2d50..9fa274718bb 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -26,10 +26,10 @@ jobs: base-product-version: $${{ steps.set-product-version.outputs.base-product-version }} prerelease-product-version: ${{ steps.set-product-version.outputs.prerelease-product-version }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set Product version id: set-product-version - uses: hashicorp/actions-set-product-version@v2 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/actions-set-product-version@v2 product-metadata: needs: set-product-version @@ -39,7 +39,7 @@ jobs: product-edition: ${{ steps.get-product-edition.outputs.product-edition }} go-version: ${{ steps.get-go-version.outputs.go-version }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Determine Go version id: get-go-version # We use .go-version as our source of truth for current Go @@ -48,7 +48,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -58,7 +58,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -86,7 +86,7 @@ jobs: runs-on: ${{ fromJSON(vars.BUILDER_LINUX) }} steps: - name: 'Checkout directory' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - run: | echo "Product Version - ${{ needs.set-product-version.outputs.product-version }}" echo "Product Prerelease - ${{ needs.set-product-version.outputs.prerelease-product-version }}" @@ -100,15 +100,15 @@ jobs: filepath: ${{ steps.generate-metadata-file.outputs.filepath }} steps: - name: 'Checkout directory' - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Generate metadata file id: generate-metadata-file - uses: hashicorp/actions-generate-metadata@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/actions-generate-metadata@v1 with: repository: boundary version: ${{ needs.set-product-version.outputs.product-version }} product: ${{ env.PKG_NAME }} - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: metadata.json path: ${{ steps.generate-metadata-file.outputs.filepath }} @@ -137,9 +137,9 @@ jobs: GOPRIVATE: "github.com/hashicorp" GO111MODULE: on steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: ${{ matrix.go }} cache: false @@ -149,7 +149,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -163,7 +163,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 + uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -175,7 +175,7 @@ jobs: CGO_ENABLED: "0" PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }} METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }} - uses: hashicorp/actions-go-build@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/actions-go-build@v1 with: product_name: ${{ env.PKG_NAME }} product_version: ${{ needs.set-product-version. outputs.product-version }} @@ -205,11 +205,11 @@ jobs: GO111MODULE: on steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Git run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: ${{ matrix.go }} cache: false @@ -219,7 +219,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -231,7 +231,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 + uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -243,7 +243,7 @@ jobs: CGO_ENABLED: "0" PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }} METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }} - uses: hashicorp/actions-go-build@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/actions-go-build@v1 with: product_name: ${{ env.PKG_NAME }} product_version: ${{ needs.set-product-version. outputs.product-version }} @@ -259,7 +259,7 @@ jobs: run: | mkdir -p "$LICENSE_DIR" && cp LICENSE "$LICENSE_DIR/LICENSE.txt" - name: Package - uses: hashicorp/actions-packaging-linux@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/actions-packaging-linux@v1 with: name: ${{ github.event.repository.name }} description: "HashiCorp Boundary - Identity-based access management for dynamic infrastructure" @@ -279,12 +279,12 @@ jobs: echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV" echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV" - name: Upload RPM package - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ env.RPM_PACKAGE }} path: out/${{ env.RPM_PACKAGE }} - name: Upload DEB package - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: ${{ env.DEB_PACKAGE }} path: out/${{ env.DEB_PACKAGE }} @@ -307,9 +307,9 @@ jobs: GO111MODULE: on steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: ${{ matrix.go }} cache: false @@ -319,7 +319,7 @@ jobs: echo "go-build=$(go env GOCACHE)" >> "$GITHUB_OUTPUT" echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -331,7 +331,7 @@ jobs: id: set-sha run: echo "sha=$(head -n1 internal/ui/VERSION | cut -d ' ' -f1)" >> "$GITHUB_OUTPUT" - name: Download UI artifact - uses: dawidd6/action-download-artifact@ac66b43f0e6a346234dd65d4d0c8fbb31cb316e5 # v11 + uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927 # v19 with: workflow: build-admin-ui.yaml commit: ${{ steps.set-sha.outputs.sha }} @@ -343,7 +343,7 @@ jobs: CGO_ENABLED: "0" PRERELEASE_PRODUCT_VERSION: ${{ needs.set-product-version.outputs.prerelease-product-version }} METADATA_PRODUCT_VERSION: ${{ needs.product-metadata.outputs.product-edition }} - uses: hashicorp/actions-go-build@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/actions-go-build@v1 with: product_name: ${{ env.PKG_NAME }} product_version: ${{ needs.set-product-version. outputs.product-version }} @@ -364,16 +364,14 @@ jobs: strategy: matrix: arch: ["arm", "arm64", "386", "amd64"] - outputs: - name: docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor-version }}-dev-${{ github.sha }} env: repo: ${{ github.event.repository.name }} version: ${{ needs.set-product-version.outputs.product-version }} minor-version: ${{ needs.product-metadata.outputs.product-minor-version }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Docker Build (Action) - uses: hashicorp/actions-docker-build@v2 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/actions-docker-build@v2 with: version: ${{ env.version }} target: default @@ -384,9 +382,6 @@ jobs: public.ecr.aws/hashicorp/${{ env.repo }}:${{ env.version }} # Per-commit dev images follow the naming convention MAJOR.MINOR-dev # And MAJOR.MINOR-dev-$COMMITSHA - dev_tags: | - docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor-version }}-dev - docker.io/hashicorppreview/${{ env.repo }}:${{ env.minor-version }}-dev-${{ github.sha }} enos: name: Enos @@ -405,8 +400,7 @@ jobs: artifact-name: "boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip" go-version: ${{ needs.product-metadata.outputs.go-version }} edition: ${{ needs.product-metadata.outputs.product-edition }} - docker-image-name: ${{ needs.build-docker.outputs.name }} - docker-image-file: "boundary_default_linux_amd64_${{ needs.set-product-version.outputs.product-version }}_${{ github.sha }}.docker.dev.tar" + docker-image-file: "boundary_default_linux_amd64_${{ needs.set-product-version.outputs.product-version }}_${{ github.sha }}.docker.tar" secrets: inherit bats: uses: ./.github/workflows/test-cli-ui_oss.yml diff --git a/.github/workflows/enos-fmt.yml b/.github/workflows/enos-fmt.yml index 392a8965f16..0d46bbc1182 100644 --- a/.github/workflows/enos-fmt.yml +++ b/.github/workflows/enos-fmt.yml @@ -18,11 +18,11 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: terraform_wrapper: false - - uses: hashicorp/action-setup-enos@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + - uses: hashicorp/action-setup-enos@v1 with: github-token: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} - name: "check formatting" diff --git a/.github/workflows/enos-run.yml b/.github/workflows/enos-run.yml index b245383a76a..3e5bb1da5c5 100644 --- a/.github/workflows/enos-run.yml +++ b/.github/workflows/enos-run.yml @@ -15,9 +15,6 @@ on: go-version: required: true type: string - docker-image-name: - required: false - type: string docker-image-file: required: false type: string @@ -31,11 +28,11 @@ jobs: go-cache-key: ${{ steps.go-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: ${{ inputs.go-version }} cache: false @@ -50,7 +47,7 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -96,7 +93,6 @@ jobs: ENOS_VAR_crt_bundle_path: ./support/boundary.zip ENOS_VAR_test_email: ${{ secrets.SERVICE_USER_EMAIL }} ENOS_VAR_boundary_edition: ${{ inputs.edition }} - ENOS_VAR_boundary_docker_image_name: ${{ inputs.docker-image-name }} ENOS_VAR_boundary_docker_image_file: ./support/boundary_docker_image.tar ENOS_VAR_go_version: ${{ inputs.go-version }} ENOS_VAR_gcp_project_id: ${{ secrets.GCP_PROJECT_ID_CI }} @@ -105,14 +101,15 @@ jobs: ENOS_VAR_gcp_private_key: ${{ secrets.GCP_PRIVATE_KEY_CI }} steps: - name: Checkout - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: ${{ inputs.go-version }} cache: false - name: Set up Go modules cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + id: go-mod-cache + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -122,15 +119,19 @@ jobs: restore-keys: | ${{ runner.os }}-go fail-on-cache-miss: false + - name: Downloads Go modules if cache miss + if: steps.go-mod-cache.outputs.cache-hit != 'true' + run: | + go mod download - name: Set up Terraform - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 with: # the terraform wrapper will break Terraform execution in enos because # it changes the output to text when we expect it to be JSON. terraform_wrapper: false - name: Import GPG key for Boundary pass keystore id: import_gpg - uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 + uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0 with: gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }} passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }} @@ -141,7 +142,7 @@ jobs: echo "trusted-key ${{ secrets.ENOS_GPG_UID }}" >> ~/.gnupg/gpg.conf cat ~/.gnupg/gpg.conf - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -161,7 +162,7 @@ jobs: if: contains(matrix.filter, 'gcp') uses: google-github-actions/setup-gcloud@aa5489c8933f4cc7a4f7d45035b3b1440c9c10db # v3.0.1 - name: Set up Enos - uses: hashicorp/action-setup-enos@v1 # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/action-setup-enos@v1 with: github-token: ${{ secrets.SERVICE_USER_GITHUB_TOKEN }} - name: Prepare scenario dependencies @@ -173,7 +174,7 @@ jobs: echo "debug_data_artifact_name=enos-debug-data_$(echo ${{ matrix.filter }} | sed -e 's/ /_/g' | sed -e 's/:/=/g')" >> "$GITHUB_OUTPUT" - name: Set up dependency cache id: dep-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: /tmp/test-deps key: enos-test-deps-password-store-1.7.4-vault-1.12.2 @@ -211,7 +212,7 @@ jobs: ssh -V - name: Download Boundary Linux AMD64 bundle id: download - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.1 with: name: ${{ inputs.artifact-name }} path: ./enos/support/downloads @@ -221,7 +222,7 @@ jobs: mv ${{steps.download.outputs.download-path}}/*.zip enos/support/boundary.zip - name: Download Boundary Linux AMD64 docker image if: contains(matrix.filter, 'e2e_docker') - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.1 id: download-docker with: name: ${{ inputs.docker-image-file }} @@ -261,11 +262,24 @@ jobs: SCENARIO=$(echo "${{ matrix.filter }}" | cut -d' ' -f1,3 | sed 's/:/_/g') echo fragment="${SCENARIO}" >> "$GITHUB_OUTPUT" - name: Upload e2e tests output - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: test-${{ steps.split.outputs.fragment }} path: enos/*.log retention-days: 5 + archive: false + - name: Get logs from controller container + # Retrieve logs from the worker container on a failed + # run to help diagnose a deadlock issue + if: contains(matrix.filter, 'e2e_docker') && steps.run.outcome == 'failure' + run: | + docker logs boundary + - name: Get logs from worker container + # Retrieve logs from the worker container on a failed + # run to help diagnose a deadlock issue + if: contains(matrix.filter, 'e2e_docker') && contains(matrix.filter, 'worker') && steps.run.outcome == 'failure' + run: | + docker logs worker - name: Get logs from postgres container # Retrieve logs from the postgres container on a failed # run to help diagnose a deadlock issue @@ -280,7 +294,7 @@ jobs: enos scenario launch --timeout 60m0s --chdir ./enos ${{ matrix.filter }} - name: Upload Debug Data if: ${{ always() && steps.run_retry.outcome == 'failure' }} - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: # The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals. name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }} @@ -315,7 +329,7 @@ jobs: env find ./enos -name "scenario.tf" -exec cat {} \; - name: Send Slack message if Run and Retry fails (or if something else went wrong) - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 # steps.run.outcome reports as failure when there is an error in `Run Enos scenario` # failure() captures errors before `Run Enos scenario` # failure() does not capture errors in `Run Enos scenario` due to continue-on-error @@ -327,7 +341,7 @@ jobs: channel: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_CHANNEL_ID }} text: ":x: e2e tests failed (${{ matrix.filter }}): ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}\n*Branch:* ${{ github.event.ref }}\n*SHA:* <${{ github.event.head_commit.url }}|${{ github.event.after }}>" - name: Send Slack message if Run but Retry passes - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 if: ${{ steps.run.outcome == 'failure' && steps.run_retry.outcome != 'failure' }} with: method: chat.postMessage diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index e0a34beffe1..2f7c456465e 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -33,8 +33,8 @@ jobs: fuzz-grants-parse: name: Fuzz grants.Parse runs-on: ubuntu-latest - steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + steps: + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Determine Go version id: get-go-version # We use .go-version as our source of truth for current Go @@ -42,14 +42,14 @@ jobs: run: | echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + - uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" - shell: bash run: go test ./internal/perms -fuzz=FuzzParse -fuzztime=30s - name: Upload fuzz failure seed corpus as run artifact if: failure() - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 with: name: fuzz-corpus path: ./internal/perms/testdata/fuzz diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml index 8ea0a50f334..b8ecbe2330d 100644 --- a/.github/workflows/linting.yml +++ b/.github/workflows/linting.yml @@ -13,7 +13,7 @@ jobs: name: "Run Linter" runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Determine Go version @@ -24,9 +24,10 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" + cache: false - name: Install Dependencies # if we really need to we can update this to run `make tools` # later but its just not necessary to only run linters diff --git a/.github/workflows/make-gen-delta.yml b/.github/workflows/make-gen-delta.yml index 3c6a66b02c4..38334d7f2e0 100644 --- a/.github/workflows/make-gen-delta.yml +++ b/.github/workflows/make-gen-delta.yml @@ -12,7 +12,7 @@ jobs: name: "Check for uncommitted changes from make gen" runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Determine Go version @@ -23,7 +23,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" - name: Running go mod tidy diff --git a/.github/workflows/schema-diff.yml b/.github/workflows/schema-diff.yml index 750746afe5a..6b996637c0a 100644 --- a/.github/workflows/schema-diff.yml +++ b/.github/workflows/schema-diff.yml @@ -30,7 +30,7 @@ jobs: if: '! github.event.pull_request.draft' runs-on: ubuntu-latest steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Generate Schema Diff diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml index 01ac62fc673..bc3301e54b8 100644 --- a/.github/workflows/security-scan.yml +++ b/.github/workflows/security-scan.yml @@ -8,7 +8,7 @@ on: - 'main' paths-ignore: - 'website/**' - + jobs: scan: runs-on: ${{ fromJSON(vars.RUNNER_LARGE) }} @@ -17,7 +17,7 @@ jobs: github.actor != 'dependabot[bot]' && github.actor != 'hc-github-team-secure-boundary' steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Determine Go version id: get-go-version @@ -28,7 +28,7 @@ jobs: echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -39,7 +39,7 @@ jobs: python-version: 3.x - name: Clone Security Scanner repo - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: repository: hashicorp/security-scanner token: ${{ secrets.PRODSEC_SCANNER_READ_ONLY }} diff --git a/.github/workflows/test-ci-bootstrap-oss.yml b/.github/workflows/test-ci-bootstrap-oss.yml index 680628e98ae..2446c128d09 100644 --- a/.github/workflows/test-ci-bootstrap-oss.yml +++ b/.github/workflows/test-ci-bootstrap-oss.yml @@ -27,11 +27,11 @@ jobs: TF_TOKEN_app_terraform_io: ${{ secrets.TF_API_TOKEN }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up Terraform - uses: hashicorp/setup-terraform@b9cd54a3c349d3f38e8881555d616ced269862dd # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed + uses: hashicorp/setup-terraform@5e8dbf3c6d9deaf4193ca7a8fb23f2ac83bb6c85 # v4.0.0 - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} diff --git a/.github/workflows/test-ci-cleanup-oss.yml b/.github/workflows/test-ci-cleanup-oss.yml index d391c424d09..4af3c8ae145 100644 --- a/.github/workflows/test-ci-cleanup-oss.yml +++ b/.github/workflows/test-ci-cleanup-oss.yml @@ -16,7 +16,7 @@ jobs: regions: ${{steps.regions.outputs.regions}} steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -43,7 +43,7 @@ jobs: steps: - name: Configure AWS credentials id: aws-configure - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} @@ -52,7 +52,7 @@ jobs: role-skip-session-tagging: true role-duration-seconds: 3600 mask-aws-account-id: false - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Configure run: | cp enos/ci/aws-nuke.yml . @@ -79,7 +79,7 @@ jobs: region: ${{ fromJSON(needs.setup.outputs.regions) }} steps: - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@a03048d87541d1d9fcf2ecf528a4a65ba9bd7838 # v5.0.0 + uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID_CI }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY_CI }} diff --git a/.github/workflows/test-cli-ui_oss.yml b/.github/workflows/test-cli-ui_oss.yml index 4dba97a2445..d7d4a270830 100644 --- a/.github/workflows/test-cli-ui_oss.yml +++ b/.github/workflows/test-cli-ui_oss.yml @@ -16,10 +16,10 @@ jobs: runs-on: ${{ fromJSON(vars.RUNNER) }} name: CLI tests steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Import GPG key for Boundary pass keystore id: import_gpg - uses: crazy-max/ghaction-import-gpg@e89d40939c28e39f97cf32126055eeae86ba74ec # v6.3.0 + uses: crazy-max/ghaction-import-gpg@2dc316deee8e90f13e1a351ab510b4d5bc0c82cd # v7.0.0 with: gpg_private_key: ${{ secrets.ENOS_GPG_PRIVATE_KEY }} passphrase: ${{ secrets.ENOS_GPG_PASSPHRASE }} @@ -31,7 +31,7 @@ jobs: cat ~/.gnupg/gpg.conf - name: Set up Bats CLI UI tests dependency cache id: dep-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: /tmp/bats-cli-ui-deps key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4-vault-1.12.2 @@ -73,7 +73,7 @@ jobs: run: | unzip /tmp/bats-cli-ui-deps/vault.zip -d /usr/local/bin - name: Download Linux AMD64 Boundary bundle - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + uses: actions/download-artifact@70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 # v8.0.1 with: name: ${{ inputs.artifact-name }} path: /tmp @@ -112,7 +112,7 @@ jobs: make -C internal/tests/cli test-vault-down - name: Send Slack message if: ${{ failure() }} - uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a # v2.1.1 + uses: slackapi/slack-github-action@45a88b9581bfab2566dc881e2cd66d334e621e2c # v3.0.3 with: method: chat.postMessage token: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_TOKEN }} diff --git a/.github/workflows/test-race.yml b/.github/workflows/test-race.yml index 254a89938cb..cc6a1865ef2 100644 --- a/.github/workflows/test-race.yml +++ b/.github/workflows/test-race.yml @@ -25,7 +25,7 @@ jobs: plugin-cache-key: ${{ steps.plugin-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Determine Go version @@ -36,7 +36,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -51,7 +51,7 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -74,7 +74,7 @@ jobs: echo "path=plugins/**/assets/*.gz" >> "$GITHUB_OUTPUT" - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ steps.plugin-cache-paths.outputs.path }} @@ -93,14 +93,14 @@ jobs: matrix: module: ["api", "sdk"] steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -125,15 +125,14 @@ jobs: ulimit -Sa echo "Hard limits" ulimit -Ha - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - id: go-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -154,7 +153,7 @@ jobs: fi - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ needs.setup.outputs.plugin-cache-path }} @@ -174,7 +173,7 @@ jobs: until pg_isready -h 127.0.0.1; do docker container inspect boundary-sql-tests &> /dev/null || exit 255; sleep 1; done - name: Test - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 env: TEST_PACKAGE: "./..." TEST_TIMEOUT: 120m diff --git a/.github/workflows/test-sql.yml b/.github/workflows/test-sql.yml index 47c6b04a655..2173598c140 100644 --- a/.github/workflows/test-sql.yml +++ b/.github/workflows/test-sql.yml @@ -18,7 +18,7 @@ jobs: postgres-version: [ alpine, 13-alpine, 14-alpine, 15-alpine, 16-alpine, 17-alpine ] name: SQL Tests ${{ matrix.postgres-version }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Run SQL PgTap Tests run: | make test-sql POSTGRES_DOCKER_IMAGE_BASE=docker.mirror.hashicorp.services/postgres PG_DOCKER_TAG=${{ matrix.postgres-version }} diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 3cdbba36b16..592f8602c3c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -25,7 +25,7 @@ jobs: plugin-cache-key: ${{ steps.plugin-cache-key.outputs.key }} runs-on: ${{ fromJSON(vars.RUNNER) }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 with: fetch-depth: '0' - name: Determine Go version @@ -36,7 +36,7 @@ jobs: echo "Building with Go $(cat .go-version)" echo "go-version=$(cat .go-version)" >> "$GITHUB_OUTPUT" - name: Set up Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "${{ steps.get-go-version.outputs.go-version }}" cache: false @@ -51,7 +51,7 @@ jobs: echo "go-mod=$(go env GOMODCACHE)" >> "$GITHUB_OUTPUT" echo "go-bin=$(go env GOPATH)/bin" >> "$GITHUB_OUTPUT" - name: Set up Go modules cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ steps.go-cache-paths.outputs.go-build }} @@ -74,7 +74,7 @@ jobs: echo "path=plugins/**/assets/*.gz" >> "$GITHUB_OUTPUT" - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ steps.plugin-cache-paths.outputs.path }} @@ -93,14 +93,14 @@ jobs: matrix: module: ["api", "sdk"] steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -125,15 +125,14 @@ jobs: ulimit -Sa echo "Hard limits" ulimit -Ha - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Set up go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 + uses: actions/setup-go@4b73464bb391d4059bd26b0524d20df3927bd417 # v6.3.0 with: go-version: "${{ needs.setup.outputs.go-version }}" cache: false - name: Set up Go modules cache - id: go-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ needs.setup.outputs.cache-go-build }} @@ -154,7 +153,7 @@ jobs: fi - name: Set up plugin cache id: plugin-cache - uses: actions/cache@0400d5f644dc74513175e3cd8d07132dd4860809 # v4.2.4 + uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5.0.3 with: path: | ${{ needs.setup.outputs.plugin-cache-path }} @@ -174,7 +173,7 @@ jobs: until pg_isready -h 127.0.0.1; do docker container inspect boundary-sql-tests &> /dev/null || exit 255; sleep 1; done - name: Test - uses: nick-fields/retry@ce71cc2ab81d554ebbe88c79ab5975992d79ba08 # v3.0.2 + uses: nick-fields/retry@ad984534de44a9489a53aefd81eb77f87c70dc60 # v4.0.0 env: TEST_PACKAGE: "./..." TESTARGS: -v diff --git a/.github/workflows/trigger-merge-to-downstream.yml b/.github/workflows/trigger-merge-to-downstream.yml index 0f86d3de80f..19657a9c8e7 100644 --- a/.github/workflows/trigger-merge-to-downstream.yml +++ b/.github/workflows/trigger-merge-to-downstream.yml @@ -18,7 +18,7 @@ jobs: DOWNSTREAM_TOK: ${{ secrets.DOWNSTREAM_TOK }} DOWNSTREAM_WORKFLOW: ${{ vars.DOWNSTREAM_WORKFLOW }} steps: - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 - name: Trigger Merge run: | ./scripts/trigger-merge-to-downstream-gha ${{ github.ref_name }} diff --git a/.go-version b/.go-version index d905a6d1d61..f1968aa8818 100644 --- a/.go-version +++ b/.go-version @@ -1 +1 @@ -1.25.1 +1.25.7 diff --git a/.release/boundary-artifacts.hcl b/.release/boundary-artifacts.hcl index 6a04a451d04..fef2aef69ac 100644 --- a/.release/boundary-artifacts.hcl +++ b/.release/boundary-artifacts.hcl @@ -36,13 +36,9 @@ artifacts { "boundary_${version_linux}-1_i386.deb", ] container = [ - "boundary_default_linux_386_${version}_${commit_sha}.docker.dev.tar", "boundary_default_linux_386_${version}_${commit_sha}.docker.tar", - "boundary_default_linux_amd64_${version}_${commit_sha}.docker.dev.tar", "boundary_default_linux_amd64_${version}_${commit_sha}.docker.tar", - "boundary_default_linux_arm64_${version}_${commit_sha}.docker.dev.tar", "boundary_default_linux_arm64_${version}_${commit_sha}.docker.tar", - "boundary_default_linux_arm_${version}_${commit_sha}.docker.dev.tar", "boundary_default_linux_arm_${version}_${commit_sha}.docker.tar", ] } diff --git a/.release/ci.hcl b/.release/ci.hcl index 7ebec018352..bfee833ccf8 100644 --- a/.release/ci.hcl +++ b/.release/ci.hcl @@ -7,7 +7,7 @@ project "boundary" { team = "#proj-boundary-release-engineering" slack { - notification_channel = "C01BWLSMJ03" + notification_channel = "C09LCN8EY0H" } github { diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index d2a8b6bd20f..b82bb262a36 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -34,7 +34,13 @@ container { # iputils@20240905-r0 https://nvd.nist.gov/vuln/detail/CVE-2025-48964 # # Boundary does not utilize ping in iputils. - "CVE-2025-48964" + "CVE-2025-48964", + + # libgcrypt@1.10.3-r1 https://nvd.nist.gov/vuln/detail/CVE-2026-41989 + # + # Boundary currently uses this indirectly via the alpine base image for docker. + # Currently there is no base image fix available. + "CVE-2026-41989", ] } } diff --git a/CHANGELOG.md b/CHANGELOG.md index 37250014952..9193a612ead 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,33 +2,60 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. +## Next + +## 0.20.3 (2026/04/30) + +### New and Improved +* Added support for new `debug` flag to expose pprof endpoints for debugging purposes. ([PR](https://github.com/hashicorp/boundary/pull/6644)) + +### Security + +* Updated jackc/pgx/v5 dependency to v5.9.2 to address GHSA-j88v-2chj-qfwx, GO-2026-4771, GO-2026-4772, and GHSA-9jj7-4m8r-rfcm ([PR](https://github.com/hashicorp/boundary/pull/6607), [PR](https://github.com/hashicorp/boundary/pull/6617)) +* Updated Azure/go-ntlmssp dependency to v0.1.1 to address GHSA-pjcq-xvwq-hhpj ([PR](https://github.com/hashicorp/boundary/pull/6625)) + +## 0.20.2 (2026/02/10) + +### Security + +- Go version bumped to 1.25.7 to address CVE-2025-61730 ([PR](https://github.com/hashicorp/boundary/pull/6409)) +- Go Cryptography dependency update to address CVE-2025-58181 and CVE-2025-47914 + ([PR](https://github.com/hashicorp/boundary/pull/6272)) + +## 0.20.1 (2025/11/03) + +### New and Improved + +- Added a complete IBM Key Protect wrapper implementation with configuration options and KMS client integration ([PR](https://github.com/hashicorp/go-kms-wrapping/pull/292)) + ## 0.20.0 (2025/09/25) ### New and Improved -* Added support for RDP targets and RDP credential injection for connecting to +- Added support for RDP targets and RDP credential injection for connecting to Windows machines. RDP credential injection supports both NTLM and Kerberos authentication. -* Added new credential type for username, password, and domain credentials. -* cli: Added `boundary connect mysql` command for connecting to MySQL targets. +- Added new credential type for username, password, and domain credentials. +- cli: Added `boundary connect mysql` command for connecting to MySQL targets. This new helper command allows users to authorize sessions against MySQL targets and automatically invoke a MySQL client with the appropriate connection parameters and credentials. -* Adds support to parse User-Agent headers and emit them in telemetry events +- Adds support to parse User-Agent headers and emit them in telemetry events ([PR](https://github.com/hashicorp/boundary/pull/5645)). -* cli: Added `boundary connect cassandra` command for connecting to Cassandra targets. - This new helper command allows users to authorize sessions against Cassandra - targets and automatically invoke a Cassandra client with the appropriate +- cli: Added `boundary connect cassandra` command for connecting to Cassandra targets. + This new helper command allows users to authorize sessions against Cassandra + targets and automatically invoke a Cassandra client with the appropriate connection parameters and credentials. Currently only username/password credentials are automatically attached. -* ui: Improved load times for resource tables with search and filtering capabilities by replacing indexeddb for local data storage with sqlite (WASM) and OPFS ([PR](https://github.com/hashicorp/boundary-ui/pull/2984)) +- ui: Improved load times for resource tables with search and filtering capabilities by replacing indexeddb for local data storage with sqlite (WASM) and OPFS ([PR](https://github.com/hashicorp/boundary-ui/pull/2984)) ### Bug fixes -* ui: Fixed rendering bug where header for the Host details page rendered multiple times ([PR](https://github.com/hashicorp/boundary-ui/pull/2980)) -* ui: Fixed bug where worker tags could not be removed when creating a new worker ([PR](https://github.com/hashicorp/boundary-ui/pull/2928)) + +- ui: Fixed rendering bug where header for the Host details page rendered multiple times ([PR](https://github.com/hashicorp/boundary-ui/pull/2980)) +- ui: Fixed bug where worker tags could not be removed when creating a new worker ([PR](https://github.com/hashicorp/boundary-ui/pull/2928)) ### Deprecations/Changes -* Modified parsing logic for various IP/host/address fields across Boundary. +- Modified parsing logic for various IP/host/address fields across Boundary. Notably, for some fields, Boundary previously required bracket-enclosed IPv6 addresses (eg: `[::1]`). With this change, if the provided address is just an IPv6 literal, enclosing the address in brackets is not valid. @@ -37,51 +64,54 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. ([PR](https://github.com/hashicorp/boundary/pull/5599)) ## 0.19.2 (2025/05/08) + ### New and Improved -* ui: Populate subject for OIDC account name displays. +- ui: Populate subject for OIDC account name displays. ([PR](https://github.com/hashicorp/boundary-ui/pull/2757)). -* ui: Improved performance when initially fetching large sets of resources. +- ui: Improved performance when initially fetching large sets of resources. ([PR](https://github.com/hashicorp/boundary-ui/pull/2752)). -* ui: Improved search & filtering behavior when using search field. +- ui: Improved search & filtering behavior when using search field. ([PR](https://github.com/hashicorp/boundary-ui/pull/2735)). ### Bug fixes -* Fixed an issue in the worker where closing an SSH channel failed to exit a +- Fixed an issue in the worker where closing an SSH channel failed to exit a loop, which would cause a massive spike in CPU usage over time. This change only affects Enterprise. -* ui: Fix an issue where the user could not change the key_type of a +- ui: Fix an issue where the user could not change the key_type of a Vault SSH Certificate credential library. ([PR](https://github.com/hashicorp/boundary-ui/pull/2790)). ## 0.19.1 (2025/03/04) + ### New and Improved -* Adds support for Azure Virtual Machine Scale Sets in the Azure plugin +- Adds support for Azure Virtual Machine Scale Sets in the Azure plugin ([PR](https://github.com/hashicorp/boundary-plugin-azure/pull/22)). ## 0.19.0 (2025/02/10) + ### New and Improved -* Introduces soft-delete for users within the client cache. +- Introduces soft-delete for users within the client cache. ([PR](https://github.com/hashicorp/boundary/pull/5173)). -* GCP dynamic host catalog: Add dynamic host catalog support for +- GCP dynamic host catalog: Add dynamic host catalog support for discovering GCP Compute Engine VM Instances. ([PR](https://github.com/hashicorp/boundary/pull/5229)). -* The worker domain has been refactored to create clear domain functions for worker operations, improve readability and -maintainability of worker queries, and improve DB performance. ([PR](https://github.com/hashicorp/boundary/pull/5338)). -* Adds support for dual-stack networking for AWS operations. +- The worker domain has been refactored to create clear domain functions for worker operations, improve readability and + maintainability of worker queries, and improve DB performance. ([PR](https://github.com/hashicorp/boundary/pull/5338)). +- Adds support for dual-stack networking for AWS operations. ([PR](https://github.com/hashicorp/boundary-plugin-aws/pull/52)) - * **Note**: As a consequence of updating AWS SDK dependencies to enable + - **Note**: As a consequence of updating AWS SDK dependencies to enable dual-stack support, this Boundary release may consume more memory. From our testing, the increase seems to be around 1.6x, however this may vary depending on your deployment architecture. -* The worker <-> controller communications have been refactored to improve performance +- The worker <-> controller communications have been refactored to improve performance and reliability at large scale. Workers older than v0.19.0 will remain supported until the release of v0.20.0, in accordance with [our worker/controller compatiblity policy](https://developer.hashicorp.com/boundary/docs/enterprise/supported-versions#control-plane-and-worker-compatibility). -* Add concurrency limit on the password hashing of all password auth methods. +- Add concurrency limit on the password hashing of all password auth methods. ([PR](https://github.com/hashicorp/boundary-plugin-aws/pull/5437)). This avoids bursty memory and CPU use during concurrent password auth method @@ -90,173 +120,180 @@ maintainability of worker queries, and improve DB performance. ([PR](https://git value in the controller stanza, or the new `BOUNDARY_CONTROLLER_CONCURRENT_PASSWORD_HASH_WORKERS` environment variable. The default limit is 1. -* ui: Improve worker filter workflow for targets, vault credential-stores, and storage-buckets. ([PR](https://github.com/hashicorp/boundary-ui/pull/2614)). + +- ui: Improve worker filter workflow for targets, vault credential-stores, and storage-buckets. ([PR](https://github.com/hashicorp/boundary-ui/pull/2614)). ### Bug fixes -* Fix bug in applying BOUNDARY_MAX_RETRIES for boundary cli. Previously +- Fix bug in applying BOUNDARY_MAX_RETRIES for boundary cli. Previously setting this environment variable would result in a max retries of 2, regardless of the value set. ([PR](https://github.com/hashicorp/boundary/pull/5385)). -* Fix bug in parsing IPv6 addresses. Previously setting a target address or the +- Fix bug in parsing IPv6 addresses. Previously setting a target address or the initial upstream address in the config file would result in a malformed value. ([PR](https://github.com/hashicorp/boundary/pull/5221)). -* Fix an issue where, when starting a session, the connection limit always displays 0. +- Fix an issue where, when starting a session, the connection limit always displays 0. ([PR](https://github.com/hashicorp/boundary/pull/5396)). -* Fix bug which caused the `children` keyword not to apply the appropriate +- Fix bug which caused the `children` keyword not to apply the appropriate permissions for a number of resources. - ([PR](https://github.com/hashicorp/boundary/pull/5418)). -* Fix bug where database transactions were not using the correct reader & writer functions + ([PR](https://github.com/hashicorp/boundary/pull/5418)). +- Fix bug where database transactions were not using the correct reader & writer functions and context. - ([PR](https://github.com/hashicorp/boundary/pull/5522)). -* Remove unnecessary subquery from alias refresh - ([PR](https://github.com/hashicorp/boundary/pull/5481)). + ([PR](https://github.com/hashicorp/boundary/pull/5522)). +- Remove unnecessary subquery from alias refresh + ([PR](https://github.com/hashicorp/boundary/pull/5481)). ### Security -* Go Networking dependency update to address CVE-2024-45338 and GO-2024-3333 - ([PR])(https://github.com/hashicorp/boundary/pull/5405). -* Go Cryptography dependency update to address CVE-2024-45337 - ([PR](https://github.com/hashicorp/boundary/pull/5354)). +- Go Networking dependency update to address CVE-2024-45338 and GO-2024-3333 + ([PR])(https://github.com/hashicorp/boundary/pull/5405). +- Go Cryptography dependency update to address CVE-2024-45337 + ([PR](https://github.com/hashicorp/boundary/pull/5354)). ## 0.18.3 (2025/02/10) (Enterprise only) + ### Bug fixes -* Fix bug where database transactions were not using the correct reader & writer functions +- Fix bug where database transactions were not using the correct reader & writer functions and context. - ([PR](https://github.com/hashicorp/boundary/pull/5522)). -* Remove unnecessary subquery from alias refresh - ([PR](https://github.com/hashicorp/boundary/pull/5481)). + ([PR](https://github.com/hashicorp/boundary/pull/5522)). +- Remove unnecessary subquery from alias refresh + ([PR](https://github.com/hashicorp/boundary/pull/5481)). ### Security -* Go Networking dependency update to address CVE-2024-45338 and GO-2024-3333 - ([PR])(https://github.com/hashicorp/boundary/pull/5406). -* Go Cryptography dependency update to address CVE-2024-45337 - ([PR](https://github.com/hashicorp/boundary/pull/5365)). +- Go Networking dependency update to address CVE-2024-45338 and GO-2024-3333 + ([PR])(https://github.com/hashicorp/boundary/pull/5406). +- Go Cryptography dependency update to address CVE-2024-45337 + ([PR](https://github.com/hashicorp/boundary/pull/5365)). ## 0.17.4 (2025/02/10) (Enterprise only) + ### Bug fixes -* Fix bug where database transactions were not using the correct reader & writer functions +- Fix bug where database transactions were not using the correct reader & writer functions and context. - ([PR](https://github.com/hashicorp/boundary/pull/5522)). -* Remove unnecessary subquery from alias refresh - ([PR](https://github.com/hashicorp/boundary/pull/5481)). + ([PR](https://github.com/hashicorp/boundary/pull/5522)). +- Remove unnecessary subquery from alias refresh + ([PR](https://github.com/hashicorp/boundary/pull/5481)). ### Security -* Go Networking dependency update to address CVE-2024-45338 and GO-2024-3333 - ([PR])(https://github.com/hashicorp/boundary/pull/5528). -* Go Cryptography dependency update to address CVE-2024-45337 - ([PR](https://github.com/hashicorp/boundary/pull/5366)). +- Go Networking dependency update to address CVE-2024-45338 and GO-2024-3333 + ([PR])(https://github.com/hashicorp/boundary/pull/5528). +- Go Cryptography dependency update to address CVE-2024-45337 + ([PR](https://github.com/hashicorp/boundary/pull/5366)). ## 0.18.2 (2024/12/12) + ### Bug fixes -* Fixed an issue where session recordings would fail when large numbers of +- Fixed an issue where session recordings would fail when large numbers of sessions were created around the same time. ([PR](https://github.com/hashicorp/boundary-plugin-aws/pull/55)) -* Fixed an issue where the controller would incorrectly handle HTTP requests +- Fixed an issue where the controller would incorrectly handle HTTP requests and stop prematurely. ([PR](https://github.com/hashicorp/boundary/pull/5304)) ## 0.17.3 (2024/12/12) + ### Bug fixes -* Fixed an issue where session recordings would fail when large numbers of +- Fixed an issue where session recordings would fail when large numbers of sessions were created around the same time. ([PR](https://github.com/hashicorp/boundary-plugin-aws/pull/55)) -* Fixed an issue where the controller would incorrectly handle HTTP requests +- Fixed an issue where the controller would incorrectly handle HTTP requests and stop prematurely. ([PR](https://github.com/hashicorp/boundary/pull/5304)) ## 0.18.1 (2024/11/21) + ### New and Improved -* Delete terminated sessions in batches to avoid long running jobs. +- Delete terminated sessions in batches to avoid long running jobs. ([PR](https://github.com/hashicorp/boundary/pull/5201)) ### Bug fixes -* Fix an issue where users would lose access to managed groups if +- Fix an issue where users would lose access to managed groups if there are more than 10,000 managed groups in the auth method used. ([PR](https://github.com/hashicorp/boundary/pull/5242)) -* Fix an issue where only the first 10,000 members of a managed group +- Fix an issue where only the first 10,000 members of a managed group are returned when getting the managed group, and a similar issue where only the first 10,000 managed groups an account is part of is included when getting the account. ([PR](https://github.com/hashicorp/boundary/pull/5245)) ## 0.18.0 (2024/10/01) + ### New and Improved -* Add support for dynamic host catalog plugins running in Boundary workers: +- Add support for dynamic host catalog plugins running in Boundary workers: Boundary plugins that handle dynamic host catalog operations (such as the [AWS](https://github.com/hashicorp/boundary-plugin-aws/tree/main/plugin/service/host) and [Azure](https://github.com/hashicorp/boundary-plugin-azure) plugins) can now run on workers. ([PR](https://github.com/hashicorp/boundary/pull/5137)) -* Dynamic host catalogs worker filter support (Enterprise and HCP Boundary +- Dynamic host catalogs worker filter support (Enterprise and HCP Boundary only): Operators can now set a worker filter when creating a dynamic host catalog. When set, all of the plugin requests will be sent to the matching worker for processing. ([PR](https://github.com/hashicorp/boundary/pull/5137)) -* AWS dynamic host catalogs `AssumeRole` authentication support: Operators can +- AWS dynamic host catalogs `AssumeRole` authentication support: Operators can now set-up AWS dynamic host catalogs using Amazon's `AssumeRole` authentication paradigm by providing a valid Role ARN when creating the host catalog. ([PR](https://github.com/hashicorp/boundary/pull/5137) and [PR](https://github.com/hashicorp/boundary-plugin-aws/pull/49)) -* Improved MinIO storage plugin compatibility with other services by dropping +- Improved MinIO storage plugin compatibility with other services by dropping the checksum headers in `PutObject`. ([PR](https://github.com/hashicorp/boundary-plugin-minio/pull/23)) -* ui: Add UI support for searching and pagination of aliases. +- ui: Add UI support for searching and pagination of aliases. ([PR](https://github.com/hashicorp/boundary-ui/pull/2498)) -* ui: Add UI support for filtering and pagination of session recordings. +- ui: Add UI support for filtering and pagination of session recordings. ([PR](https://github.com/hashicorp/boundary-ui/pull/2502)) -* ui: Improve multi-scope grants select/deselect process. +- ui: Improve multi-scope grants select/deselect process. ([PR](https://github.com/hashicorp/boundary-ui/pull/2435)) ### Bug Fixes -* Prevented a data-race in Boundary's event logging system. +- Prevented a data-race in Boundary's event logging system. ([PR](https://github.com/hashicorp/boundary/pull/5139)) -* Update Storage Bucket type icon in Target view. +- Update Storage Bucket type icon in Target view. ([PR](https://github.com/hashicorp/boundary-ui/pull/2503)) -* Allow user to retry with authentication is pending with OIDC. +- Allow user to retry with authentication is pending with OIDC. ([PR](https://github.com/hashicorp/boundary-ui/pull/2512)) ### Deprecations/Changes -* Remove deprecated `controllers` field from the worker config, which was deprecated in 0.9.0 for -`initial_upstreams`([PR](https://github.com/hashicorp/boundary/pull/5125)) +- Remove deprecated `controllers` field from the worker config, which was deprecated in 0.9.0 for + `initial_upstreams`([PR](https://github.com/hashicorp/boundary/pull/5125)) ## 0.17.2 (2024/09/25) ### New and Improved -* Improve performance of grants query by reducing the number of rows that need +- Improve performance of grants query by reducing the number of rows that need to be returned. ([PR](https://github.com/hashicorp/boundary/pull/5126)) -* Add several indexes to database tables to improve performance of cascading +- Add several indexes to database tables to improve performance of cascading deletes/updates to session tables. ([PR](https://github.com/hashicorp/boundary/pull/5126)) -* Reorder indexes on several join tables to improve performance of grants query. +- Reorder indexes on several join tables to improve performance of grants query. ([PR](https://github.com/hashicorp/boundary/pull/5126)) -* Make client cache sqlite database persistent between restarts of the client +- Make client cache sqlite database persistent between restarts of the client cache daemon. ([PR](https://github.com/hashicorp/boundary/pull/5126)) -* Improve client cache performance by adding indexes, limiting results, +- Improve client cache performance by adding indexes, limiting results, and insuring only one refresh is running at a time for a given user and resource. ([PR](https://github.com/hashicorp/boundary/pull/5126)) -* Add pagination support to client API and use pagination when caching +- Add pagination support to client API and use pagination when caching resources in client cache. ([PR](https://github.com/hashicorp/boundary/pull/5101) and ([PR](https://github.com/hashicorp/boundary/pull/5107) ### Bug Fixes -* The Go API properly uses the passed in value for `WithRecursive` and +- The Go API properly uses the passed in value for `WithRecursive` and `WithSkipCurlOutput` instead of always setting to true regardless of the passed-in value. ([PR](https://github.com/hashicorp/boundary/pull/5066)) @@ -264,45 +301,45 @@ maintainability of worker queries, and improve DB performance. ([PR](https://git ### New and Improved -* Add `GetDownstreamWorkersTimeout` config option which represents the period of +- Add `GetDownstreamWorkersTimeout` config option which represents the period of time (as a duration) timeout for GetDownstreamWorkers call in DownstreamWorkerTicker. This is currently not documented and considered internal. ([PR](https://github.com/hashicorp/boundary/pull/5007)) ### Bug Fixes -* Fixed issue where storage policies were not deleted when scopes are deleted +- Fixed issue where storage policies were not deleted when scopes are deleted ([PR](https://github.com/hashicorp/boundary/pull/5014)) -* Contains Bug Fixes from 0.16.3 +- Contains Bug Fixes from 0.16.3 ### Security -* Contains Security Fixes from 0.16.3 +- Contains Security Fixes from 0.16.3 ## 0.16.3 (2024/08/21) ### New and Improved -* Add `GetDownstreamWorkersTimeout` config option which represents the period of +- Add `GetDownstreamWorkersTimeout` config option which represents the period of time (as a duration) timeout for GetDownstreamWorkers call in DownstreamWorkerTicker. This is currently not documented and considered internal. ([PR](https://github.com/hashicorp/boundary/pull/5007)) ### Bug Fixes -* Minio large file support: Disable multipart uploads via minio to fix an issue +- Minio large file support: Disable multipart uploads via minio to fix an issue where the file checksum is set incorrectly on each part of the upload, causing it to fail. This change fixes file uploads larger than 16MB and limits upload sizes to 5GB. ([PR](https://github.com/hashicorp/boundary/pull/5013)) and ([PR](https://github.com/hashicorp/boundary-plugin-minio/pull/21)) -* Resolved an issue where session authorization was returning a `401` if the +- Resolved an issue where session authorization was returning a `401` if the alias is non-existent or the alias does not resolve to anything. A `404` status code is now returned. ([PR](https://github.com/hashicorp/boundary/pull/5006))) ### Security -* curl (enterprise): The curl binary is no longer included in the published +- curl (enterprise): The curl binary is no longer included in the published Docker container images for Boundary Enterprise to address the CVE-2024-7264 vulnerability. [CVE-2024-7264](https://github.com/advisories/GHSA-97c4-2w4v-c7r8) @@ -311,25 +348,25 @@ maintainability of worker queries, and improve DB performance. ([PR](https://git ### New and Improved -* SBC (Storage Bucket Credential): This release introduces, SBC, a resource that -represents credentials for authentication and authorization with an external -object store. There are two SBC types, managed secret and environmental. -([PR](https://github.com/hashicorp/boundary/pull/4933)), -([PR](https://github.com/hashicorp/boundary-plugin-minio/pull/18)) and -([PR](https://github.com/hashicorp/boundary-plugin-aws/pull/46)) - * SBC State: This release introduces, SBC State, which represents the ability - for a worker to perform a specific action using the storage bucket. SBC - permission types (write, read, & delete) represent an action that is required - for the storage bucket to do as a routine task on an external object store. - Each permission type has a permission state (ok, error, unknown). - * SBC Worker Filtering: For protocol aware workers that require interaction - with an external storage service, the workers will be filtered by the SBC - state depending on the action and permission required. -* ui: Add multiple grant scope support for roles +- SBC (Storage Bucket Credential): This release introduces, SBC, a resource that + represents credentials for authentication and authorization with an external + object store. There are two SBC types, managed secret and environmental. + ([PR](https://github.com/hashicorp/boundary/pull/4933)), + ([PR](https://github.com/hashicorp/boundary-plugin-minio/pull/18)) and + ([PR](https://github.com/hashicorp/boundary-plugin-aws/pull/46)) + - SBC State: This release introduces, SBC State, which represents the ability + for a worker to perform a specific action using the storage bucket. SBC + permission types (write, read, & delete) represent an action that is required + for the storage bucket to do as a routine task on an external object store. + Each permission type has a permission state (ok, error, unknown). + - SBC Worker Filtering: For protocol aware workers that require interaction + with an external storage service, the workers will be filtered by the SBC + state depending on the action and permission required. +- ui: Add multiple grant scope support for roles ([PR](https://github.com/hashicorp/boundary-ui/pull/2388)) -* ui: Add API tags support for workers and improve worker filtering for targets +- ui: Add API tags support for workers and improve worker filtering for targets ([PR](https://github.com/hashicorp/boundary-ui/pull/2393)) -* Updated grpc to 1.61.1([PR](https://github.com/hashicorp/boundary/pull/4983)) +- Updated grpc to 1.61.1([PR](https://github.com/hashicorp/boundary/pull/4983)) ### Bug Fixes @@ -337,51 +374,51 @@ object store. There are two SBC types, managed secret and environmental. ### New and Improved -* Updated Minio plugin to allow for potential use with other S3-compatible -storage providers. -([PR](https://github.com/hashicorp/boundary-plugin-minio/pull/16)) and -([PR](https://github.com/hashicorp/boundary-plugin-minio/pull/17)) +- Updated Minio plugin to allow for potential use with other S3-compatible + storage providers. + ([PR](https://github.com/hashicorp/boundary-plugin-minio/pull/16)) and + ([PR](https://github.com/hashicorp/boundary-plugin-minio/pull/17)) ### Bug Fixes -* Fixed a bug where a worker credential rotation request suceeded on the -controller but the response to the worker was lost. This resulted in the -controller using a separate set of credentials than the worker, causing the -worker to be unable to connect to the controller. The fix implements the new -nodeenrollment library NodeIdLoader interface, which ensures that on store, if -worker NodeInformation has a previous key set, the worker will check and correct -its stored credential set to match. LodeNodeInformation was also updated to fix -a bug where in this split credential scenario, the current credential key was -assumed to be the incoming worker key, which caused the wrong key information to -be populated for the key id. -([PR](https://github.com/hashicorp/boundary/pull/4870)) +- Fixed a bug where a worker credential rotation request suceeded on the + controller but the response to the worker was lost. This resulted in the + controller using a separate set of credentials than the worker, causing the + worker to be unable to connect to the controller. The fix implements the new + nodeenrollment library NodeIdLoader interface, which ensures that on store, if + worker NodeInformation has a previous key set, the worker will check and correct + its stored credential set to match. LodeNodeInformation was also updated to fix + a bug where in this split credential scenario, the current credential key was + assumed to be the incoming worker key, which caused the wrong key information to + be populated for the key id. + ([PR](https://github.com/hashicorp/boundary/pull/4870)) ### New and Improved -* Allow descriptions to contain newlines and other whitespace +- Allow descriptions to contain newlines and other whitespace ([PR](https://github.com/hashicorp/boundary/pull/2599)) -* Listed roles contain grant scope ID information +- Listed roles contain grant scope ID information ([PR](https://github.com/hashicorp/boundary/pull/4893)) ### Deprecations/Changes -* The `grant_scope_id` field on roles, which was deprecated in 0.15.0, has been removed. +- The `grant_scope_id` field on roles, which was deprecated in 0.15.0, has been removed. ([PR](https://github.com/hashicorp/boundary/pull/4886)) ## 0.16.1 (2024/05/30) ### New and Improved -* The observation tag was added to session recording and storage bucket proto messages for telemetry purposes. If you enable telemetry and observation events, Boundary will now collect data about session recording and storage buckets. -([PR](https://github.com/hashicorp/boundary/pull/4824)) and ([PR](https://github.com/hashicorp/boundary/pull/4825)) +- The observation tag was added to session recording and storage bucket proto messages for telemetry purposes. If you enable telemetry and observation events, Boundary will now collect data about session recording and storage buckets. + ([PR](https://github.com/hashicorp/boundary/pull/4824)) and ([PR](https://github.com/hashicorp/boundary/pull/4825)) ### Deprecations/Changes -* The `boundary daemon` command has been deprecated in favor of the new +- The `boundary daemon` command has been deprecated in favor of the new `boundary cache` command. The behavior remains the same. The `boundary search` command is unchanged. ([PR](https://github.com/hashicorp/boundary/pull/4808)) -* The include_terminated field in the list sessions request will be removed +- The include_terminated field in the list sessions request will be removed in an upcoming release. After the deprecation process is complete and the field is removed terminated sessions will be returned in all list session responses unless filtered out using the filter field. @@ -389,7 +426,7 @@ be populated for the key id. ### Bug Fixes -* Fix a dead lock issue where the controller could get stuck with all of its +- Fix a dead lock issue where the controller could get stuck with all of its available database connections being stuck in `idle in transaction`. If a controller is configured to have a `max_open_connections`, and was under sufficient load in the form of requests from workers interacting with @@ -404,69 +441,69 @@ be populated for the key id. the cluster's listener configuration. ([PR](https://github.com/hashicorp/boundary/pull/4803) and [PR](https://github.com/hashicorp/boundary/pull/4805)) -* LDAP account attribute maps. Account attribute maps have been supported since +- LDAP account attribute maps. Account attribute maps have been supported since the introduction of LDAP authentication, however a bug was present where we wouldn't take those into account upon authenticating (when receiving the information from the LDAP server). This is now resolved - ([PR]((https://github.com/hashicorp/boundary/pull/4788))). + ([PR](<(https://github.com/hashicorp/boundary/pull/4788)>)). ## 0.16.0 (2024/04/30) ### New and Improved -* Target aliases have been added: You can now create an alias for a target. In +- Target aliases have been added: You can now create an alias for a target. In most situations where you would use a target id, you can now instead use the alias value. Create an alias with `boundary aliases create target -value - example.boundary -destination-id ttcp_1234567890` and connect to a target +example.boundary -destination-id ttcp_1234567890` and connect to a target using an alias using `boundary connect example.boundary` -* Worker local storage state: Self managed workers that are configured to be +- Worker local storage state: Self managed workers that are configured to be used for session recordings will report the state of the its disk space. To learn more about this new feature, refer to the [documentation](http://developer.hashicorp.com/boundary/docs/configuration/session-recording/create-storage-bucket#local-storage). -* MinIO storage plugin: You can now create a storage bucket that allows Boundary +- MinIO storage plugin: You can now create a storage bucket that allows Boundary to interoperate with a MinIO cluster for Session Recording storage. This includes some added functionality such as credential rotation and credential management. To learn more about the plugin, refer to the [readme](https://github.com/hashicorp/boundary-plugin-minio?tab=readme-ov-file#minio-plugin-for-hashicorp-boundary). - *Note:* Due to a library incompatibility, this release is not yet compatible + _Note:_ Due to a library incompatibility, this release is not yet compatible with the `netbsd` operating system. Please refer to the following [documentation](http://developer.hashicorp.com/boundary/docs/configuration/session-recording/create-storage-bucket) to learn how to create a storage bucket. -* ui: Add UI support for filtering and pagination +- ui: Add UI support for filtering and pagination ([PR](https://github.com/hashicorp/boundary-ui/pull/2237)) -* ui: Add UI support for MinIO (Enterprise and HCP Boundary only) +- ui: Add UI support for MinIO (Enterprise and HCP Boundary only) ([PR](https://github.com/hashicorp/boundary-ui/pull/2248)) ### Added dependency -* postgres `citext` dependency added to enable aliases to be globally unique in +- postgres `citext` dependency added to enable aliases to be globally unique in a case insensitive way. ## 0.15.4 (2024/04/09) ### Security -* Go version bumped to 1.22.2 to address +- Go version bumped to 1.22.2 to address [CVE-2023-45288](https://github.com/advisories/GHSA-4v7x-pqxf-cx7m) ## 0.15.3 (2024/03/21) ### Bug Fixes -* Fix a nil pointer error in the client cache daemon when a refresh was forced +- Fix a nil pointer error in the client cache daemon when a refresh was forced performing a boundary search. ([PR](https://github.com/hashicorp/boundary/pull/4503)) -* workers: Workers connecting over high latency connections, or to controllers +- workers: Workers connecting over high latency connections, or to controllers with high latency between the controller and the database, could time out and throw errors that may not have been recoverable if it was during initial registration ([PR](https://github.com/hashicorp/boundary/pull/4535)) -* Resolved an issue introduced in 0.14 where, after successfully deleting an AWS S3 +- Resolved an issue introduced in 0.14 where, after successfully deleting an AWS S3 Storage Bucket with credential rotation enabled, Boundary could not delete the associated IAM Access Key resource ### New and Improved -* templating: A new templating function `coalesce` can be used to match a +- templating: A new templating function `coalesce` can be used to match a template against multiple possible values, returning the first non-empty value. As an example, this can be used in a credential library to allow a username value that might be comprised of a name or login name depending on @@ -477,29 +514,29 @@ be populated for the key id. ### Bug Fixes -* Go version bump 1.21.8 to address (CVE-2024-24783, CVE-2023-45290, +- Go version bump 1.21.8 to address (CVE-2024-24783, CVE-2023-45290, CVE-2023-45289, CVE-2024-24785, CVE-2024-24784) -* Protobuf Go update to address [CVE-2024-24786](https://github.com/advisories/GHSA-8r3f-844c-mc37) +- Protobuf Go update to address [CVE-2024-24786](https://github.com/advisories/GHSA-8r3f-844c-mc37) ## 0.15.1 (2024/02/28) ### Bug Fixes -* cli: Update proxy listener to not close when the number of connections left +- cli: Update proxy listener to not close when the number of connections left for the session is zero. The listener will refuse new connections when the number of connections left is zero but existing connections will be active. This fixes a CLI client issue where sessions with max connection count configured were closed when the number of connections left hit 0. ([Issue](https://github.com/hashicorp/boundary/issues/4364), ([PR](https://github.com/hashicorp/boundary/pull/4389))) -* Fix issue where the websocket connection was throwing closing errors during +- Fix issue where the websocket connection was throwing closing errors during the session teardown. ([PR](https://github.com/hashicorp/boundary/pull/4389)) ### New and Improved -* feat: support added for tracking and reporting monthly active users for +- feat: support added for tracking and reporting monthly active users for the purpose of billing. It adds a new API endpoint, `/v1/billing:monthly-active-users` and new cli command, `boundary billing monthly-active-users` that can be used to view the monthly @@ -509,61 +546,61 @@ be populated for the key id. ### Deprecations/Changes -* Per the note in Boundary 0.13.0, the previous `kms` worker method has been +- Per the note in Boundary 0.13.0, the previous `kms` worker method has been removed. Since 0.13.0, unless the `use_deprecated_kms_auth_method` value was set on the worker config, the new `kms` mechanism was already being used; this is simply no longer an available option. -* Per the notes in Boundary 0.12.0 and 0.14.0, it is now an error if an address +- Per the notes in Boundary 0.12.0 and 0.14.0, it is now an error if an address on a host or target contains a port. As of this release, this restriction also affects existing addresses (not just creation/updating via the API) so any existing addresses containing a port will not be able to be used as part of a target's session authorization call. -* The `grant_scope_id` field on roles is now deprecated in favor of the multiple +- The `grant_scope_id` field on roles is now deprecated in favor of the multiple grant scope support. -* Per the note in Boundary 0.13.1, the `id` field in grants has changed to `ids` +- Per the note in Boundary 0.13.1, the `id` field in grants has changed to `ids` which allows multiple ids to be included; existing grants submitted to Boundary will continue to work, but grants using "id" can no longer be added to or set on a role. -* All list endpoints except workers now return the first 1000 items instead +- All list endpoints except workers now return the first 1000 items instead of all items if no parameters are provided. The number of items returned can be configured through the new controller configuration value `max_page_size`. The Admin UI, CLI and api package automatically paginate results. ### New and Improved -* Multiple grant scopes in roles: Roles now support multiple grant scopes, along +- Multiple grant scopes in roles: Roles now support multiple grant scopes, along with the special values `this`, `children` (global/org only) to apply to all direct children of a scope, and `descendants` (global only) to apply to all descendants of a scope. These use the new actions `add-grant-scopes`, `set-grant-scopes`, and `remove-grant-scopes` on roles. For now the `grant_scope_id` field on roles will continue to be able to be set, which will set a single grant scope, but this capability is now deprecated. -* Policies (Enterprise and HCP Boundary only): This release introduces Policies, a +- Policies (Enterprise and HCP Boundary only): This release introduces Policies, a Boundary resource that represents a Governance Policy to enforce. The first implementation targets Storage Policies, which enables administrators to automate the process of retention and deletion of Session Recordings, ensuring that they're only retaining data that is explicitly required from a security/compliance perspective. - * ui: Add full UI support for Storage Policies managing the lifecycle of Session Recordings. - ([PR](https://github.com/hashicorp/boundary-ui/pull/2089)) -* New generic commands `read`, `update`, and `delete` have been added. These + - ui: Add full UI support for Storage Policies managing the lifecycle of Session Recordings. + ([PR](https://github.com/hashicorp/boundary-ui/pull/2089)) +- New generic commands `read`, `update`, and `delete` have been added. These allow operating on resources by directly specifying the ID of the resource as the next parameter (e.g. `boundary update ttcp_1234567890`). Subtypes do not need to be specified (e.g. that command is equivalent to `boundary targets - update tcp -id ttcp_1234567890`), and any flags given after the ID are passed +update tcp -id ttcp_1234567890`), and any flags given after the ID are passed through to the type-specific subcommand. Once the ID has been entered, autocomplete is also supported. ([PR](https://github.com/hashicorp/boundary/pull/3992)) -* The `key_id` parameter within SSH Certificate Credential Libraries now accepts +- The `key_id` parameter within SSH Certificate Credential Libraries now accepts the use of templated parameters ([PR](https://github.com/hashicorp/boundary/pull/4215)) -* List endpoint pagination: All list endpoints except workers now support pagination. - * api: All list endpoints except workers have added support for pagination. +- List endpoint pagination: All list endpoints except workers now support pagination. + - api: All list endpoints except workers have added support for pagination. The api package automatically paginates until the end of the results. The new `WithListToken`` option can be used to request a list of updated and deleted resources relative to the last result received. - * config: add new controller field `max_page_size` for controlling the default and max size + - config: add new controller field `max_page_size` for controlling the default and max size of pages when paginating through results. -* New command `search` has been added allowing quick searching of targets or +- New command `search` has been added allowing quick searching of targets or sessions. It utilizes a client side cache also added in this release. The client side cache starts itself automatically in the background when successfully executing any command that communicates with a Boundary controller. To disable @@ -578,11 +615,11 @@ be populated for the key id. ### New and Improved -* Added the ability to enforce rate limits on the Controller API. This version +- Added the ability to enforce rate limits on the Controller API. This version enables rate limits by default. For details on the default rate limits, how to configure rate limits, and how to disable rate limiting see the noted PR. ([PR](https://github.com/hashicorp/boundary/pull/4092)) -* Add support for OIDC prompts. Using prompts, the Relying Party (RP) can +- Add support for OIDC prompts. Using prompts, the Relying Party (RP) can customize the authentication and authorization flow to suit their specific needs and improve the user experience. [OIDC Authentication request] (https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest) server. @@ -590,12 +627,12 @@ be populated for the key id. ### Bug Fixes -* Update go-kms-wrapping/extras/kms dependency to allow external wrappers - without a key id to be used within a KMS config stanza. Note: this fix allows +- Update go-kms-wrapping/extras/kms dependency to allow external wrappers + without a key id to be used within a KMS config stanza. Note: this fix allows GCP KMS keys to be again with Boundary, which had stopped working in v0.13.0. ([PR](https://github.com/hashicorp/boundary/pull/4058)) -* Two Vault client settings were not being properly used when constructing a +- Two Vault client settings were not being properly used when constructing a Vault client. ([PR](https://github.com/hashicorp/boundary/pull/3973)) The `TLS Skip Verify` setting was only being set if a `CA Cert` was also @@ -608,7 +645,7 @@ be populated for the key id. ### Security -* deps: Bump Go version to v1.21.5. This is to address multiple security +- deps: Bump Go version to v1.21.5. This is to address multiple security vulnerabilities. Most notable for boundary is a fix in net/http to limit chunked data overhead. See https://groups.google.com/g/golang-announce/c/iLGK3x6yuN @@ -616,20 +653,20 @@ be populated for the key id. ### New and Improved -* Expose Valid Principals for Vault SSH Signed Certs: Allow users to add +- Expose Valid Principals for Vault SSH Signed Certs: Allow users to add additional valid principals when creating a vault ssh signed cert credential library ([PR](https://github.com/hashicorp/boundary/pull/3791)). ### Bug Fixes -* High CPU consumption: A background GRPC connection state check caused high CPU +- High CPU consumption: A background GRPC connection state check caused high CPU utilization. This was caused by a long running loop that was checking for GRPC connection state changes between a worker and an upstream connection address. The loop was not correctly waiting for GRPC connection state changes before running. The issue was fixed by correctly updating the state that determines when the loop in GRPC connection state check should run. ([PR](https://github.com/hashicorp/boundary/pull/3884)) -* LDAP auth methods: Fix encoding of mTLS client key which prevented Boundary +- LDAP auth methods: Fix encoding of mTLS client key which prevented Boundary from making mTLS connections to an LDAP server ([Issue](https://github.com/hashicorp/boundary/issues/3927), [PR](https://github.com/hashicorp/boundary/pull/3929)). @@ -638,7 +675,7 @@ be populated for the key id. ### Security -* deps: Bump Go version to v1.21.3; gRPC to v1.58.3; golang.org/x/net to +- deps: Bump Go version to v1.21.3; gRPC to v1.58.3; golang.org/x/net to v0.17.0. This is to address a security vulnerability in the HTTP stack where a malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. @@ -647,18 +684,18 @@ be populated for the key id. ### Deprecations/Changes -* Per the note in Boundary 0.12.0, the `vault` credential library subtype has +- Per the note in Boundary 0.12.0, the `vault` credential library subtype has now been removed in favor of `vault-generic`. For example, instead of `boundary credential-libraries create vault`, you must use `boundary - credential-libraries create vault-generic`. -* Per the note in Boundary 0.12.0, errors returned from the cli when using the +credential-libraries create vault-generic`. +- Per the note in Boundary 0.12.0, errors returned from the cli when using the `-format=json` option will now only use the `status_code` field. The `status` field has been removed. -* Per the note in Boundary 0.12.0, targets require a default port value. Ports +- Per the note in Boundary 0.12.0, targets require a default port value. Ports defined as part of a host address were ignored but allowed as part of a target definition; from 0.14.0 onwards, any port defined on a host address will now become an error. -* Targets: Per the note in Boundary 0.10.10, target Application Credentials has +- Targets: Per the note in Boundary 0.10.10, target Application Credentials has been renamed to Brokered Credentials. `application-credential-source` has been removed as a field. `brokered-credential-source` should be used instead. ([PR](https://github.com/hashicorp/boundary/pull/3728), [deprecated @@ -666,40 +703,40 @@ be populated for the key id. ### New and Improved -* cli: Add support for specifying a command that will be executed on the remote host when +- cli: Add support for specifying a command that will be executed on the remote host when using the `boundary connect ssh` subcommand. ([Issue](https://github.com/hashicorp/boundary/issues/3631), [PR](https://github.com/hashicorp/boundary/pull/3633)). -* feat: add API support for additional LDAP auth method fields: +- feat: add API support for additional LDAP auth method fields: `maximum_page_size` and `dereference_aliases` ([PR](https://github.com/hashicorp/boundary/pull/3679)). -* feat: add worker upstream connection status to ops health check +- feat: add worker upstream connection status to ops health check ([PR](https://github.com/hashicorp/boundary/pull/3650)). -* feat: allow HCP cluster id to be sourced from file or env variable - ([PR](https://github.com/hashicorp/boundary/pull/3709)). -* feat: add support for telemetry events via flag or Boundary configuration +- feat: allow HCP cluster id to be sourced from file or env variable + ([PR](https://github.com/hashicorp/boundary/pull/3709)). +- feat: add support for telemetry events via flag or Boundary configuration (requires observation events to be enabled). Deny filter now filters coordination worker status from observation events by default. (This behavior is overridden by any user specified allow or deny filters) ([PR](https://github.com/hashicorp/boundary/pull/3753)). -* ui: Add full UI support for LDAP auth method +- ui: Add full UI support for LDAP auth method ([PR](https://github.com/hashicorp/boundary-ui/pull/1782)) -* ui: Add new attribute fields to storage bucket to support the assume role service in AWS. +- ui: Add new attribute fields to storage bucket to support the assume role service in AWS. ([PR](https://github.com/hashicorp/boundary-ui/pull/1901)) ### Bug Fixes -* LDAP auth methods: allow bind-dn and bind-password to be updated +- LDAP auth methods: allow bind-dn and bind-password to be updated independently. ([PR](https://github.com/hashicorp/boundary/pull/3511)) -* targets: Fix address field not being populated if the number of targets on a +- targets: Fix address field not being populated if the number of targets on a list returns more than 10000 entries ([PR](https://github.com/hashicorp/boundary/pull/3644)) -* cli: Fix issue when using the `authenticate` command against a password auth +- cli: Fix issue when using the `authenticate` command against a password auth method on Windows where the password would be swallowed when the login name is submitted ([PR](https://github.com/hashicorp/boundary/pull/3800)) -* worker: Fix an issue that could cause intermittent startup issues on slow +- worker: Fix an issue that could cause intermittent startup issues on slow systems ([PR](https://github.com/hashicorp/boundary/pull/3803)) -* cli: Remove websocket max message size. This fixes issues where large message +- cli: Remove websocket max message size. This fixes issues where large message sizes are sent to the client from a worker which resulted in the connection being terminated, as is the case with an scp download when using an SSH Target. ([PR](https://github.com/hashicorp/boundary/pull/3808)) @@ -708,7 +745,7 @@ be populated for the key id. ### Security -* deps: Bump Go version to v1.21.5. This is to address multiple security +- deps: Bump Go version to v1.21.5. This is to address multiple security vulnerabilities. Most notable for boundary is a fix in net/http to limit chunked data overhead. See https://groups.google.com/g/golang-announce/c/iLGK3x6yuN @@ -716,27 +753,27 @@ be populated for the key id. ### New and Improved -* roles: In grants, the `id` field has been changed to `ids` (but `id` will +- roles: In grants, the `id` field has been changed to `ids` (but `id` will still be accepted for now, up until 0.15.0). In the `ids` field, multiple IDs can now be specified in a grant, either via commas (text format) or array (JSON format). ([PR](https://github.com/hashicorp/boundary/pull/3263)). -* dev environment: When running `boundary dev` the initial LDAP auth-method with an +- dev environment: When running `boundary dev` the initial LDAP auth-method with an ID of `amldap_1234567890` is now in a public-active state, so it will be returned in the response from `boundary auth-methods list` ### Deprecations/Changes -* Grants can now accept more than one ID per grant string (or entry in JSON) via +- Grants can now accept more than one ID per grant string (or entry in JSON) via the `ids` parameter. In 0.15.0 the ability to add new grants via the `id` parameter will be removed. ### Bug Fixes -* PKI worker authentication: A worker authentication record can be stored more than once, if it matches the +- PKI worker authentication: A worker authentication record can be stored more than once, if it matches the existing record for that worker auth key ID. Fixes an edge case where a worker attempted authorization and the controller successfully stored the worker auth record but went down before returning authorization details to the worker. ([PR](https://github.com/hashicorp/boundary/pull/3389)) -* LDAP managed groups: adding/setting/removing a principal to a role now works +- LDAP managed groups: adding/setting/removing a principal to a role now works properly when it's an LDAP managed group. ([PR](https://github.com/hashicorp/boundary/pull/3361) and [PR](https://github.com/hashicorp/boundary/pull/3363)) @@ -745,15 +782,15 @@ be populated for the key id. ### New and Improved -* SSH Session Recordings (Enterprise and HCP Boundary only): SSH targets can now +- SSH Session Recordings (Enterprise and HCP Boundary only): SSH targets can now be configured to record sessions. Recordings are signed and stored in a Storage Bucket. Recordings can be played back in the admin UI. - * Storage Buckets: This release introduces Storage Buckets, a Boundary + - Storage Buckets: This release introduces Storage Buckets, a Boundary resource that represents a bucket in an external object store. Storage Buckets can be defined at the global or org scope. When associated with an SSH target, the storage bucket is used to store session recordings. This release includes support for AWS S3 only. - * BSR (Boundary Session Recording) file format: BSR is a new specification + - BSR (Boundary Session Recording) file format: BSR is a new specification that defines a hierarchical directory structure of files and a binary file format. The contents of a BSR include all data transmitted between a user and a target during a single session, relevant session metadata and summary @@ -764,34 +801,34 @@ be populated for the key id. It also supports converting an SSH channel recording into an [asciicast](https://github.com/asciinema/asciinema/blob/develop/doc/asciicast-v2.md) format that is playable by asciinema. - * To learn more about this new feature, refer to the + - To learn more about this new feature, refer to the [documentation](http://developer.hashicorp.com/boundary/docs/configuration/session-recording). -* KMS workers: KMS workers now have feature parity with PKI workers (they +- KMS workers: KMS workers now have feature parity with PKI workers (they support multi-hop and Vault private access) and support separate KMSes for authenticating downstreams across different networks. See the [worker configuration documentation](https://developer.hashicorp.com/boundary/docs/configuration/worker) for more information. ([PR](https://github.com/hashicorp/boundary/pull/3101)) -* roles: Perform additional validity checking on grants at submission time +- roles: Perform additional validity checking on grants at submission time ([PR](https://github.com/hashicorp/boundary/pull/3081)) -* targets: The new `default_client_port` field allows specifying the default +- targets: The new `default_client_port` field allows specifying the default port to use on the client side when connecting to a target, unless overridden by the client via `-listen-port` ([PR](https://github.com/hashicorp/boundary/pull/2767)) -* cli/api/sdk: New LDAP auth method type added with support for create, read, +- cli/api/sdk: New LDAP auth method type added with support for create, read, update, delete, and list (see new cli `ldap` subcommands available on CRUDL operations for examples), as well as the ability to authenticate against it via the SDK, CLI, admin UI, and desktop client. ([PR](https://github.com/hashicorp/boundary/pull/2912)) -* ui: Display external names when listing dynamic hosts ([PR](https://github.com/hashicorp/boundary-ui/pull/1664)) -* ui: Add support for LDAP authentication ([PR](https://github.com/hashicorp/boundary-ui/pull/1645)) -* Dynamic Host Catalog: You can now view the AWS or Azure host name when listing hosts in CLI, +- ui: Display external names when listing dynamic hosts ([PR](https://github.com/hashicorp/boundary-ui/pull/1664)) +- ui: Add support for LDAP authentication ([PR](https://github.com/hashicorp/boundary-ui/pull/1645)) +- Dynamic Host Catalog: You can now view the AWS or Azure host name when listing hosts in CLI, admin console, and desktop client. ([PR](https://github.com/hashicorp/boundary/pull/3074)) -* Add configuration for license reporting (Enterprise only) +- Add configuration for license reporting (Enterprise only) ### Deprecations/Changes -* With the introduction of the new KMS variant for worker registration (as +- With the introduction of the new KMS variant for worker registration (as described below), using the deprecated behavior requires opting-in. This is only recommended if compatibility with pre-0.13 workers using the KMS auth method is required. Requiring opting in removes some potentially confusing @@ -801,7 +838,7 @@ be populated for the key id. transition to the new method will happen automatically. To go back to the old method after that will require the worker to be deleted and re-added with the `use_deprecated_kms_auth_method` config field specified. -* When grants are added to roles additional validity checking is now performed. +- When grants are added to roles additional validity checking is now performed. This extra validity checking is designed to reject grants that are not [documented grant formats](https://developer.hashicorp.com/boundary/docs/concepts/security/permissions/permission-grant-formats) @@ -810,37 +847,37 @@ be populated for the key id. never result in permissions being granted, causing confusion. As a result, attempting to write such grants into roles may now result in an error; the error message gives hints for resolution. -* `WithAutomaticVersioning` for auth tokens in Go SDK: this option was +- `WithAutomaticVersioning` for auth tokens in Go SDK: this option was incorrectly being generated for auth token resources, which do not support versioning. This is technically a breaking change, but it was a no-op option anyways that there was no reason to be using. It has now been removed. -* Plugins: With the introduction of the storage plugin service, the Azure and AWS Host plugin +- Plugins: With the introduction of the storage plugin service, the Azure and AWS Host plugin repositories have been renamed to drop the `host` element of the repository name: - - - https://github.com/hashicorp/boundary-plugin-host-aws -> https://github.com/hashicorp/boundary-plugin-aws - - https://github.com/hashicorp/boundary-plugin-host-azure -> https://github.com/hashicorp/boundary-plugin-azure + - https://github.com/hashicorp/boundary-plugin-host-aws -> https://github.com/hashicorp/boundary-plugin-aws + - https://github.com/hashicorp/boundary-plugin-host-azure -> https://github.com/hashicorp/boundary-plugin-azure Similarly the `plugins/host` package has been renamed to `plugins/boundary` ([PR1](https://github.com/hashicorp/boundary/pull/3262), [PR2](https://github.com/hashicorp/boundary-plugin-aws/pull/24), [PR3](https://github.com/hashicorp/boundary-plugin-azure/pull/12), [PR4](https://github.com/hashicorp/boundary/pull/3266)). -* PostgreSQL 12 or greater is now required. PostgreSQL 11 is no longer + +- PostgreSQL 12 or greater is now required. PostgreSQL 11 is no longer supported. ### Bug Fixes -* targets: `authorize-session` now works properly when using a target's name as +- targets: `authorize-session` now works properly when using a target's name as the identifier and the target name contains one or more slashes ([PR](https://github.com/hashicorp/boundary/pull/3249)) -* resource listing: API requests to list a resource (targets, sessions, users, +- resource listing: API requests to list a resource (targets, sessions, users, etc) now properly return all resources the callers has appropriate permission to list ([PR](https://github.com/hashicorp/boundary/pull/3278)) -* sessions: Fix a bug that contributed to slow response times when listing +- sessions: Fix a bug that contributed to slow response times when listing sessions that had a large number of connections ([PR](https://github.com/hashicorp/boundary/pull/3280)) -* ui: Fix `client secret` bug for OIDC authentication methods([PR](https://github.com/hashicorp/boundary-ui/pull/1698)) -* ui: Fix linking to a Host from the Host Set screen of a Dynamic Host Catalog ([PR](https://github.com/hashicorp/boundary-ui/pull/1659)) +- ui: Fix `client secret` bug for OIDC authentication methods([PR](https://github.com/hashicorp/boundary-ui/pull/1698)) +- ui: Fix linking to a Host from the Host Set screen of a Dynamic Host Catalog ([PR](https://github.com/hashicorp/boundary-ui/pull/1659)) ## 0.12.3 (2023/05/26) @@ -849,7 +886,7 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Bug Fixes -* workers: A bug in PKI worker auth rotation could mean that after a rotation +- workers: A bug in PKI worker auth rotation could mean that after a rotation the controller (or upstream worker) and downstream worker side could pick different certificate chains for authentication, with the only remedy being to re-authorize the workers. This has been fixed. If this bug was previously hit, @@ -860,7 +897,7 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Security -* Boundary now uses Go 1.19.8 to address CVE-2023-24536. See the +- Boundary now uses Go 1.19.8 to address CVE-2023-24536. See the [Go announcement](https://groups.google.com/g/golang-announce/c/Xdv6JL9ENs8) for more details. @@ -868,7 +905,7 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Bug Fixes -* cli: Fix fallback parsing of un-typed credentials for `boundary connect`. +- cli: Fix fallback parsing of un-typed credentials for `boundary connect`. When using a vault credential library with no credential type set, boundary will perform a best effort attempt to parse any brokered credentials. If the credentials are successfully parsed, they can be used by the subprocess @@ -879,15 +916,15 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. correctly parsed. This fallback parsing is now fixed, but in order to support older clients, credential libraries will need to be recreated with a credential type. [PR](https://github.com/hashicorp/boundary/pull/2989) -* ui: Fix credential library not saving correctly when trying to save it as a +- ui: Fix credential library not saving correctly when trying to save it as a generic secrets type. ([PR](https://github.com/hashicorp/boundary-ui/pull/1640)) -* sessions: Fix tofu token retrieval. ([PR](https://github.com/hashicorp/boundary/pull/3064)) +- sessions: Fix tofu token retrieval. ([PR](https://github.com/hashicorp/boundary/pull/3064)) ## 0.12.0 (2023/01/24) ### Deprecations/Changes -* In Boundary 0.9.0, targets were updated to require a default port value. This +- In Boundary 0.9.0, targets were updated to require a default port value. This had been the original intention; it was a mistake that it was optional. Unfortunately, due to a separate defect in the update verification logic for static hosts, it was possible for a host to be updated (but not created) with @@ -899,7 +936,7 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. 0.14.0, this will become an error instead. As a consequence, it means that the fallback logic for targets that did not have a default port defined is no longer in service; all targets must now have a default port defined. -* With the introduction of `vault-ssh-certificate` credential libraries, the +- With the introduction of `vault-ssh-certificate` credential libraries, the `vault` credential library subtype is being renamed to `vault-generic` to denote it as a credential library that can be used in a generalized way to issue credentials from vault. Existing credential libraries with the @@ -907,15 +944,15 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. `vault` will still be accepted as a valid subtype in API requests to the credential libraries endpoints, but is deprecated. Instead `vault-generic` should be used. In addition the `boundary credential-libraries create - vault` and `boundary credential-libraries update vault` subcommands will +vault` and `boundary credential-libraries update vault` subcommands will still function, but are deprecated. Instead `boundary credential-libraries - create vault-generic` and `boundary credential-libraries update - vault-generic` should be used. Also note that any credential library created +create vault-generic` and `boundary credential-libraries update +vault-generic` should be used. Also note that any credential library created using the subtype of `vault`, either via the API or via the deprecated subcommand, will have the subtype set to `vault-generic`. The deprecated subtype and subcommands will be removed in boundary 0.14.0, at which point `vault-generic` must be used. -* In Boundary 0.1.8 using the `-format=json` option with the cli would provide +- In Boundary 0.1.8 using the `-format=json` option with the cli would provide a `status_code` for successful API requests from the cli. However, in the case where an error was returned, the JSON would use `status` instead. This inconsistency has been fixed, with `status_code` being used in both cases. @@ -924,54 +961,54 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### New and Improved -* Direct Address Targets: You can now set an address directly on a target, +- Direct Address Targets: You can now set an address directly on a target, bypassing the need for host catalogs, host sets and hosts. ([PR](https://github.com/hashicorp/boundary/pull/2613)) -* Custom Response Headers: Adds ability to set api and ui response headers based +- Custom Response Headers: Adds ability to set api and ui response headers based on status code. Includes default secure CSP and other headers. ([PR](https://github.com/hashicorp/boundary/pull/2587)) -* metrics: Adds accepted connections and closed connections counters to keep track +- metrics: Adds accepted connections and closed connections counters to keep track downstream connections for worker and controller servers. ([PR](https://github.com/hashicorp/boundary/pull/2668)) -* Egress and Ingress worker filters: The target `worker_filter` field has been deprecated and - replaced with egress and ingress worker filters. Egress worker filters determine which workers are - used to access targets. Ingress worker filters (HCP Boundary only) determine which workers are - used to connect with a client to initiate a session. ([PR](https://github.com/hashicorp/boundary/pull/2654)) -* Multi-Hop Sessions (HCP Boundary only): Multi-hop PKI workers can communicate with each other to serve - 2 primary purposes: authentication and session proxying. This results in the ability to chain - multiple workers together to access services hidden under layers of network security. Multi-hop - workers can also establish a TCP session through multiple workers, with the ability to reverse - proxy and establish a connection. -* Vault SSH certificate credential library: A new credential library that uses +- Egress and Ingress worker filters: The target `worker_filter` field has been deprecated and + replaced with egress and ingress worker filters. Egress worker filters determine which workers are + used to access targets. Ingress worker filters (HCP Boundary only) determine which workers are + used to connect with a client to initiate a session. ([PR](https://github.com/hashicorp/boundary/pull/2654)) +- Multi-Hop Sessions (HCP Boundary only): Multi-hop PKI workers can communicate with each other to serve + 2 primary purposes: authentication and session proxying. This results in the ability to chain + multiple workers together to access services hidden under layers of network security. Multi-hop + workers can also establish a TCP session through multiple workers, with the ability to reverse + proxy and establish a connection. +- Vault SSH certificate credential library: A new credential library that uses the vault ssh secret engine to generate ssh private key and certificates. The library can be used as an injected application credential source for targets that support credential injection. ([PR](https://github.com/hashicorp/boundary/pull/2860)) -* ui: Add support for managed groups in add-principals list. +- ui: Add support for managed groups in add-principals list. ([PR](https://github.com/hashicorp/boundary-ui/pull/1548)) ### Bug Fixes -* plugins: Ignore `SIGHUP` sent to parent process; some init systems, notably +- plugins: Ignore `SIGHUP` sent to parent process; some init systems, notably `dumb-init`, would pass them along to the child processes and cause the plugin to exit ([PR](https://github.com/hashicorp/boundary/pull/2677)) -* data warehouse: Fix bug that caused credential dimensions to not get - associated with session facts ([PR](https://github.com/hashicorp/boundary/pull/2787)). -* sessions: Fix two authorizeSession race conditions in handleProxy. ([PR](https://github.com/hashicorp/boundary/pull/2795)) -* cli: When using `-format=json` the JSON was inconsistent in how it reported +- data warehouse: Fix bug that caused credential dimensions to not get + associated with session facts ([PR](https://github.com/hashicorp/boundary/pull/2787)). +- sessions: Fix two authorizeSession race conditions in handleProxy. ([PR](https://github.com/hashicorp/boundary/pull/2795)) +- cli: When using `-format=json` the JSON was inconsistent in how it reported status codes. In successful cases it would use `status_code`, but in error cases it would use `status`. Now `status_code` is used in both cases. In error cases `status` is still populated, see the deprecations above for more details. ([PR](https://github.com/hashicorp/boundary/pull/2887)) -* database: Add job that automatically cleans up completed runs in the `job_run` table. +- database: Add job that automatically cleans up completed runs in the `job_run` table. ([PR](https://github.com/hashicorp/boundary/pull/2866)) -* core: Linux packages now have vendor label and set the default label to HashiCorp. +- core: Linux packages now have vendor label and set the default label to HashiCorp. This fix is implemented for any future releases, but will not be updated for historical releases. ## 0.11.2 (2022/12/09) ### Security -* Boundary now uses Go 1.19.4 to address security vulnerability (CVE-2022-41717) See the +- Boundary now uses Go 1.19.4 to address security vulnerability (CVE-2022-41717) See the [Go announcement](https://groups.google.com/g/golang-announce/c/L_3rmdT0BMU) for more details. @@ -979,31 +1016,31 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### New and Improved -* Vault Parameter Templating: In `vault` credential libraries, the paths and any +- Vault Parameter Templating: In `vault` credential libraries, the paths and any POST bodies can contain templated parameters using Go template syntax (similar to Consul-Template). The following template parameters are supported (note that account values are tied to the account associated with the token making the call): - * `{{ .User.Id }}`: the user's ID - * `{{ .User.Name }}`: the user's name (from the user resource) - * `{{ .User.FullName }}`: the user's name (from the account corresponding to + - `{{ .User.Id }}`: the user's ID + - `{{ .User.Name }}`: the user's name (from the user resource) + - `{{ .User.FullName }}`: the user's name (from the account corresponding to the primary auth method in the user's scope; this may not be populated or maybe different than the account name in the template) - * `{{ .User.Email }}`: the user's email address (same caveat as `FullName`) - * `{{ .Account.Id }}`: the account's ID - * `{{ .Account.Name }}`: the account's name (from the account resource) - * `{{ .Account.LoginName }}`: the account's login name (if used by that type + - `{{ .User.Email }}`: the user's email address (same caveat as `FullName`) + - `{{ .Account.Id }}`: the account's ID + - `{{ .Account.Name }}`: the account's name (from the account resource) + - `{{ .Account.LoginName }}`: the account's login name (if used by that type of account) - * `{{ .Account.Subject }}`: the account's subject (if used by that type + - `{{ .Account.Subject }}`: the account's subject (if used by that type of account) - * `{{ .Account.Email }}`: the account's email (if used by that type + - `{{ .Account.Email }}`: the account's email (if used by that type of account) - Additionally, there is currently a single function that strips the rest of a - string after a specified substring; this is useful for pulling an user/account name from an email address. In the following example it uses the account email can be any other parameter: + Additionally, there is currently a single function that strips the rest of a + string after a specified substring; this is useful for pulling an user/account name from an email address. In the following example it uses the account email can be any other parameter: + - `{{ truncateFrom .Account.Email "@" }}`: this would turn `foo@example.com` into `foo` - * `{{ truncateFrom .Account.Email "@" }}`: this would turn `foo@example.com` into `foo` -* Per-scope key lifecycle management: You can now manage the lifecycles of both Key +- Per-scope key lifecycle management: You can now manage the lifecycles of both Key Encryption Keys (KEKs) and Data Encryption Keys (DEKs) using the new key rotation and key version destruction functionality. To learn more about this new feature, refer to the @@ -1012,37 +1049,38 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. Upgrade notice: If the Database purpose DEK for a scope is destroyed, you must use the API to cancel any sessions that predate the upgrade. ([PR](https://github.com/hashicorp/boundary/pull/2477)) -* session: The amount of bytes received and transmitted over a session + +- session: The amount of bytes received and transmitted over a session is now recorded and persisted. ([PR](https://github.com/hashicorp/boundary/pull/2503)) ### Bug Fixes -* accounts: Deleted auth accounts would still show up as being associated with a +- accounts: Deleted auth accounts would still show up as being associated with a User when reading the User ([PR](https://github.com/hashicorp/boundary/pull/2528)) -* sessions: Fix workers not being in random order when returned to clients at +- sessions: Fix workers not being in random order when returned to clients at `authorize-session` time, which could allow one worker to bear the majority of sessions ([PR](https://github.com/hashicorp/boundary/pull/2544)) -* workers: In some error conditions when sending status to controllers, errors +- workers: In some error conditions when sending status to controllers, errors could be written to stdout along with a message that they could not successfully be evented instead of being written to the event log ([PR](https://github.com/hashicorp/boundary/pull/2544)) -* workers: Fixed a panic that can happen in certain situations +- workers: Fixed a panic that can happen in certain situations ([PR](https://github.com/hashicorp/boundary/pull/2553)) -* sessions: Fixed a panic in a controller when a worker is deleted while +- sessions: Fixed a panic in a controller when a worker is deleted while sessions are ongoing ([PR](https://github.com/hashicorp/boundary/pull/2612)) -* sessions: Fixed a panic in a worker when a user with an active +- sessions: Fixed a panic in a worker when a user with an active session is deleted ([PR](https://github.com/hashicorp/boundary/pull/2629)) -* sessions: Fixed a bug where reading a session after its associated project +- sessions: Fixed a bug where reading a session after its associated project had been deleted would result in an error ([PR](https://github.com/hashicorp/boundary/pull/2615)) -* config: Fixed a bug where supplying multiple KMS blocks with the same purpose +- config: Fixed a bug where supplying multiple KMS blocks with the same purpose would silently ignore all but the last block ([PR](https://github.com/hashicorp/boundary/pull/2639)) ### Deprecations/Changes -* In order to standardize on the templating format, [templates in +- In order to standardize on the templating format, [templates in grants](https://developer.hashicorp.com/boundary/docs/concepts/security/permissions/permission-grant-formats#templates) now are documented to use the new capitalization and format; however, the previous style will continue to work. @@ -1051,7 +1089,7 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Known Issues -* PKI workers in past versions did not store a prior encryption key, and a bug +- PKI workers in past versions did not store a prior encryption key, and a bug prior to 0.11.0 meant that auth rotations could happen more frequently than expected. This could cause some race issues around rotation time. However, there was another issue where a past worker authentication record could be @@ -1065,54 +1103,54 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Bug Fixes -* scopes: Organizations could be prevented from being deleted if some resources +- scopes: Organizations could be prevented from being deleted if some resources remained ([PR](https://github.com/hashicorp/boundary/pull/2465)) -* workers: Authentication rotation could occur prior to the expected time +- workers: Authentication rotation could occur prior to the expected time ([PR](https://github.com/hashicorp/boundary/pull/2484)) -* workers: When looking up worker authentication records, an old record could be +- workers: When looking up worker authentication records, an old record could be returned instead of the new one, leading to errors for encryption or decryption operations ([PR](https://github.com/hashicorp/boundary/pull/2495)) ### New and Improved -* vault: (HCP Boundary only): Private Vault clusters can be used with HCP Boundary by using PKI workers +- vault: (HCP Boundary only): Private Vault clusters can be used with HCP Boundary by using PKI workers deployed in the same network as a private cluster. Tags are used to control which PKI workers can manage private Vault requests by specifying a `worker_filter` attribute when configuring a Vault credential store. -* credentials: There is now a `json` credential type supported by `static` +- credentials: There is now a `json` credential type supported by `static` credential stores that allows submitting a generic JSON object to Boundary for use with credential brokering workflows ([PR](https://github.com/hashicorp/boundary/pull/2423)) -* ui: Add support for worker management +- ui: Add support for worker management ([PR](https://github.com/hashicorp/boundary-ui/pull/1229)) -* ui: Add support for PKI worker registration +- ui: Add support for PKI worker registration ([PR](https://github.com/hashicorp/boundary-ui/pull/1244)) -* ui: Add support for Static Credential Stores +- ui: Add support for Static Credential Stores ([PR](https://github.com/hashicorp/boundary-ui/pull/1193)) -* ui: Add support for Username & Password Credentials +- ui: Add support for Username & Password Credentials ([PR](https://github.com/hashicorp/boundary-ui/pull/1205)) -* ui: Add support for Username & Key Pair Credentials +- ui: Add support for Username & Key Pair Credentials ([PR](https://github.com/hashicorp/boundary-ui/pull/1266)) -* ui (HCP Boundary only): SSH Target creation along with injected application +- ui (HCP Boundary only): SSH Target creation along with injected application credential support ([PR](https://github.com/hashicorp/boundary-ui/pull/1027)) -* ui (HCP Boundary only): Update vault credential stores to support private +- ui (HCP Boundary only): Update vault credential stores to support private vault access ([PR](https://github.com/hashicorp/boundary-ui/pull/1318)) -* ui: Improve quick setup wizard onboarding guide resource names +- ui: Improve quick setup wizard onboarding guide resource names ([PR](https://github.com/hashicorp/boundary-ui/pull/1328)) -* ui: Updates to host catalog and host set forms and “Learn More” links +- ui: Updates to host catalog and host set forms and “Learn More” links ([PR](https://github.com/hashicorp/boundary-ui/pull/1342)) -* workers: Added the ability to read and reinitialize the Worker certificate +- workers: Added the ability to read and reinitialize the Worker certificate authority ([PR1](https://github.com/hashicorp/boundary/pull/2312), [PR2](https://github.com/hashicorp/boundary/pull/2387)) -* workers: Return the worker Boundary binary version on worker list and read +- workers: Return the worker Boundary binary version on worker list and read ([PR](https://github.com/hashicorp/boundary/pull/2377)) -* workers: Addition of worker graceful shutdown, triggered by an initial +- workers: Addition of worker graceful shutdown, triggered by an initial `SIGINT` or `SIGTERM` ([PR](https://github.com/hashicorp/boundary/pull/2455)) -* workers: Retain one previous encryption/decryption key after authentication +- workers: Retain one previous encryption/decryption key after authentication rotation ([PR](https://github.com/hashicorp/boundary/pull/2495)) ### Deprecations/Changes -* In 0.5.0, the `add-host-sets`, `remove-host-sets`, and `set-host-sets` actions +- In 0.5.0, the `add-host-sets`, `remove-host-sets`, and `set-host-sets` actions on targets were deprecated in favor of `add-host-sources`, `remove-host-sources`, and `set-host-sources`. Originally these actions and API calls were to be removed in 0.6, but this was delayed to give extra time @@ -1128,13 +1166,13 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Known Issues -* There is bug that prevents deleting an org in some circumstances. This can be +- There is bug that prevents deleting an org in some circumstances. This can be worked around by first deleting all projects in the org, then deleting the org. This will be fixed in 0.11.0. ### Bug Fixes -* grants: Properly resolve "only self" for permissions. When generating +- grants: Properly resolve "only self" for permissions. When generating permissions from grants, if a single grant was limited only to a set of "self" actions and that was the last grant parsed (which would be semi-random depending on a number of factors), the overall set of permissions would be @@ -1148,13 +1186,13 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Known Issues -* There is bug that prevents deleting an org in some circumstances. This can be +- There is bug that prevents deleting an org in some circumstances. This can be worked around by first deleting all projects in the org, then deleting the org. This will be fixed in 0.11.0. ### New and Improved -* Controller-led worker authorization: This is a second authorization option for +- Controller-led worker authorization: This is a second authorization option for the workers using PKI-based authentication that was introduced in Boundary 0.10.0. In 0.10.0, the only mode available was "worker-led", in which a worker generates an authorization request which can be submitted to a controller to @@ -1165,47 +1203,47 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. not authorized and this token is provided, it will use the token to authorize itself to the controller and set up PKI-based authentication. ([PR](https://github.com/hashicorp/boundary/pull/2413)) -* Initial upstreams reloading on `SIGHUP`: Workers will now re-read the +- Initial upstreams reloading on `SIGHUP`: Workers will now re-read the `initial_upstreams` value from the configuration file when given a SIGHUP. This allows a worker to reconnect to controllers if the full set of controllers has been changed over at the same time, without having to restart the worker. ([PR](https://github.com/hashicorp/boundary/pull/2417)) -* Database URL reloading on `SIGHUP`: Controllers will now re-read the database - url value from the configuration file when given a SIGHUP. This is - particularly useful for allowing database credentials to rotate and - signaling the controller to use the new credentials without the need for a - restart. ([PR](https://github.com/hashicorp/boundary/pull/2422)) -* Additional improvements to response time for listing sessions and targets - ([PR](https://github.com/hashicorp/boundary/pull/2342)). +- Database URL reloading on `SIGHUP`: Controllers will now re-read the database + url value from the configuration file when given a SIGHUP. This is + particularly useful for allowing database credentials to rotate and + signaling the controller to use the new credentials without the need for a + restart. ([PR](https://github.com/hashicorp/boundary/pull/2422)) +- Additional improvements to response time for listing sessions and targets + ([PR](https://github.com/hashicorp/boundary/pull/2342)). ### Bug Fixes -* aws host catalog: Fix an issue where the request to list hosts could timeout +- aws host catalog: Fix an issue where the request to list hosts could timeout on a large number of hosts ([Issue](https://github.com/hashicorp/boundary/issues/2224), [PR](https://github.com/hashicorp/boundary-plugin-host-aws/pull/17)) -* aws host catalog: Fix an issue where filters could become unreadable in the UI +- aws host catalog: Fix an issue where filters could become unreadable in the UI if only one filter was created and was set by the CLI or directly via the API ([PR1](https://github.com/hashicorp/boundary/pull/2376), [PR2](https://github.com/hashicorp/boundary-plugin-host-aws/pull/16)) -* aws host catalog: Use provided region for IAM calls in addition to EC2 +- aws host catalog: Use provided region for IAM calls in addition to EC2 ([Issue](https://github.com/hashicorp/boundary/issues/2233), [PR](https://github.com/hashicorp/boundary-plugin-host-aws/pull/18)) -* azure host catalog: Fix hosts not being found depending on the exact filter +- azure host catalog: Fix hosts not being found depending on the exact filter used because different filters return values with different casing ([PR](https://github.com/hashicorp/boundary-plugin-host-azure/pull/8)) -* sessions: Fix an issue where sessions could not have more than one connection +- sessions: Fix an issue where sessions could not have more than one connection ([Issue](https://github.com/hashicorp/boundary/issues/2362), [PR](https://github.com/hashicorp/boundary/pull/2369)) -* workers: Fix repeating error in logs when connected to HCP Boundary about an +- workers: Fix repeating error in logs when connected to HCP Boundary about an unimplemented HcpbWorkers call ([PR](https://github.com/hashicorp/boundary/pull/2361)) -* workers: Fix a panic that could occur when `workers:create:worker-led` (e.g. +- workers: Fix a panic that could occur when `workers:create:worker-led` (e.g. via `boundary workers create worker-led`) was given an invalid token ([PR](https://github.com/hashicorp/boundary/pull/2388)) -* workers: Add the ability to set API-based worker tags via the CLI +- workers: Add the ability to set API-based worker tags via the CLI ([PR](https://github.com/hashicorp/boundary/pull/2266)) -* vault: Correctly handle Vault credential stores and libraries that are linked +- vault: Correctly handle Vault credential stores and libraries that are linked to an expired Vault token ([Issue](https://github.com/hashicorp/boundary/issues/2179), [PR](https://github.com/hashicorp/boundary/pull/2399)) @@ -1214,13 +1252,13 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Known Issues -* There is bug that prevents deleting an org in some circumstances. This can be +- There is bug that prevents deleting an org in some circumstances. This can be worked around by first deleting all projects in the org, then deleting the org. This will be fixed in 0.11.0. ### Bug Fixes -* db: Fix an issue with migrations failing due to not updating the project_id +- db: Fix an issue with migrations failing due to not updating the project_id value for the host plugin set ([Issue](https://github.com/hashicorp/boundary/issues/2349#issuecomment-1229953874), [PR](https://github.com/hashicorp/boundary/pull/2407)). @@ -1229,13 +1267,13 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Known Issues -* There is bug that prevents deleting an org in some circumstances. This can be +- There is bug that prevents deleting an org in some circumstances. This can be worked around by first deleting all projects in the org, then deleting the org. This will be fixed in 0.11.0. ### Security -* Fix security vulnerability CVE-2022-36130: Boundary up to 0.10.1 did not +- Fix security vulnerability CVE-2022-36130: Boundary up to 0.10.1 did not properly perform data integrity checks to ensure that host-set and credential-source resources being added to a target were associated with the same scope as the target. This could allow privilege escalation via allowing a @@ -1246,19 +1284,19 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Bug Fixes -* db: Fix an issue with migrations affecting clusters that contain credential +- db: Fix an issue with migrations affecting clusters that contain credential libraries or static credentials. ([Issue](https://github.com/hashicorp/boundary/issues/2349)), ([PR](https://github.com/hashicorp/boundary/pull/2351)). -* managed groups: Fix an issue where the `filter` field is not sent by admin UI +- managed groups: Fix an issue where the `filter` field is not sent by admin UI ([PR](https://github.com/hashicorp/boundary-ui/pull/1238)). -* host sets: Fix an issue causing host sets to not display in UI when using the +- host sets: Fix an issue causing host sets to not display in UI when using the aws plugin ([PR](https://github.com/hashicorp/boundary-ui/pull/1251)) -* plugins: Fixes regression from 0.9.0 causing a failure to start when using +- plugins: Fixes regression from 0.9.0 causing a failure to start when using multiple KMS blocks of the same type ([PR1](https://github.com/hashicorp/go-secure-stdlib/pull/43), [PR2](https://github.com/hashicorp/boundary/pull/2346)) -* cli: Fixed errors related to URL detection when passing in `-attr` or +- cli: Fixed errors related to URL detection when passing in `-attr` or `-secret` values that contained colons ([PR](https://github.com/hashicorp/boundary/pull/2353)) @@ -1266,62 +1304,62 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Known Issues -* Migration to this version may fail if the cluster contains credential +- Migration to this version may fail if the cluster contains credential libraries. This will be fixed shortly in 0.10.1. ### New and Improved -* `ssh` Target Type With Credential Injection (HCP Boundary only): Boundary has +- `ssh` Target Type With Credential Injection (HCP Boundary only): Boundary has gained a new `ssh` target type. Using this type, username/password or SSH private key credentials can be sourced from `vault` credential libraries or `static` credentials and injected into the SSH session between a client and end host. This allows users to securely SSH to remote hosts while never being in possession of a valid credential for that target host. -* SSH Private Key Credentials: There is now an `ssh_private_key` credential type +- SSH Private Key Credentials: There is now an `ssh_private_key` credential type that allows submitting a username/private key (and optional passphrase) to Boundary for use with credential injection or brokering workflows. -* `boundary connect ssh` Credential Brokering Enhancements: we have extended +- `boundary connect ssh` Credential Brokering Enhancements: we have extended support into the `boundary connect ssh` helper for brokered credentials of `ssh_private_key` type; the command will automatically pass the credentials to the `ssh` process ([PR](https://github.com/hashicorp/boundary/pull/2267)). -* `boundary authenticate`, `boundary accounts`: Enables use of `env://` and +- `boundary authenticate`, `boundary accounts`: Enables use of `env://` and `file://` syntax to specify location of a password ([PR](https://github.com/hashicorp/boundary/pull/2325)) ### Bug Fixes -* cli: Correctly cleanup plugins after exiting `boundary dev`, `boundary server` +- cli: Correctly cleanup plugins after exiting `boundary dev`, `boundary server` and `boundary database init` ([Issue](https://github.com/hashicorp/boundary/issues/2332), [PR](https://github.com/hashicorp/boundary/pull/2333)). -* `boundary accounts change-password`: Fixed being prompted for confirmation of +- `boundary accounts change-password`: Fixed being prompted for confirmation of the current password instead of the new one ([PR](https://github.com/hashicorp/boundary/pull/2325)) ### Deprecations/Changes -* API Module: Changed the return types that reference interfaces into their +- API Module: Changed the return types that reference interfaces into their expected typed definition. Type casting is only allowed against interface types, therefore to mitigate compiler errors please remove any type casting done against the return values. ([Issue](https://github.com/hashicorp/boundary/issues/2122), [PR](https://github.com/hashicorp/boundary/pull/2238)) -* Targets: Rename Application credentials to Brokered credentials +- Targets: Rename Application credentials to Brokered credentials ([PR](https://github.com/hashicorp/boundary/pull/2260)). -* Host plugins: Plugin-type host catalogs/sets/hosts now use typed prefixes for +- Host plugins: Plugin-type host catalogs/sets/hosts now use typed prefixes for any newly-created resources. Existing resources will not be affected. ([PR](https://github.com/hashicorp/boundary/pull/2256)) -* Credential stores: Static-type credential stores/credentials now use typed +- Credential stores: Static-type credential stores/credentials now use typed prefixes for any newly-created resources. Existing resources will not be affected. ([PR](https://github.com/hashicorp/boundary/pull/2256)) -* Change of behavior on `-token` flag in CLI: Passing a token this way can +- Change of behavior on `-token` flag in CLI: Passing a token this way can reveal the token to any user or service that can look at process information. This flag must now reference a file on disk or an env var. Direct usage of the `BOUNDARY_TOKEN` env var is also deprecated as it can show up in environment information; the `env://` format now supported by the `-token` flag causes the Boundary process to read it instead of the shell so is safer. ([PR](https://github.com/hashicorp/boundary/pull/2327)) -* Change of behavior on `-password` flag in CLI: The same change made above for +- Change of behavior on `-password` flag in CLI: The same change made above for `-token` has also been applied to `-password` or, for supporting resource types, `-current-password` and `-new-password`. ([PR](https://github.com/hashicorp/boundary/pull/2327)) @@ -1330,23 +1368,23 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### New and Improved -* `azure` host plugin: Support multiple MSI identities +- `azure` host plugin: Support multiple MSI identities ([PR](https://github.com/hashicorp/go-kms-wrapping/pull/97)) ### Bug Fixes -* scheduler: Fix regression causing controller names of less than 10 characters +- scheduler: Fix regression causing controller names of less than 10 characters to fail to register jobs ([PR](https://github.com/hashicorp/boundary/pull/2226)). -* sessions: Fix an additional case from the changes in the 0.8.x series that +- sessions: Fix an additional case from the changes in the 0.8.x series that could result in sessions never moving from `canceling` state to terminated. ([PR](https://github.com/hashicorp/boundary/pull/2229)) -* The plugin execution_dir configuration parameter is now respected by kms plugins too +- The plugin execution_dir configuration parameter is now respected by kms plugins too ([PR](https://github.com/hashicorp/boundary/pull/2239)). ### Deprecations/Changes -* sessions: The default connect limit for new sessions changed from 1 to unlimited (-1). +- sessions: The default connect limit for new sessions changed from 1 to unlimited (-1). Specific connection limits is an advanced feature of Boundary and this setting is more friendly for new users. ([PR](https://github.com/hashicorp/boundary/pull/2234)) @@ -1355,63 +1393,63 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Known Issues -* If a controller's defined name in a configuration file is less than 10 +- If a controller's defined name in a configuration file is less than 10 characters, errors may be seen on startup related to registration of jobs. This is a regression in this version and will be fixed in the next release. ### New and Improved -* PKI Workers: This release introduces a new worker type `pki` which +- PKI Workers: This release introduces a new worker type `pki` which authenticates to Boundary using a new certificate-based method, allowing for worker deployment without using a shared KMS. -* Credentials: This release introduces a new credential store type `static`, +- Credentials: This release introduces a new credential store type `static`, which simply takes in a user-supplied credential and stores it (encrypted) directly in Boundary. Currently, the `static` credential store can hold credentials of type `username_password`. These credentials can act as credential sources for targets, similar to credential libraries from the `vault` credential store, and thus can be brokered to users at session authorization time. ([PR](https://github.com/hashicorp/boundary/pull/2174)) -* `boundary connect` Credential Brokering Integration: we have extended integration +- `boundary connect` Credential Brokering Integration: we have extended integration into the `boundary connect` helpers. A new `sshpass` style has been added to the `ssh` helper, when used, if the credential contains a username/password and `sshpass` is installed, the command will automatically pass the credentials to the `ssh` process. Additionally, the default `ssh` helper will now use the `username` of the brokered credential. ([PR](https://github.com/hashicorp/boundary/pull/2191)). -* controller: Improve response time for listing sessions. +- controller: Improve response time for listing sessions. This also creates a new periodic job that will delete terminated sessions after 1 hour. See Deprecations/Changes for some additional details. ([PR](https://github.com/hashicorp/boundary/pull/2160)). -* event filtering: Change event filters to use lowercase and snake case for data +- event filtering: Change event filters to use lowercase and snake case for data elements like the rest of Boundary filters do. -* ui: Use include_terminated flag for listing sessions. +- ui: Use include_terminated flag for listing sessions. ([PR](https://github.com/hashicorp/boundary-ui/pull/1126)). -* ui: Add Quick Setup onboarding guide. +- ui: Add Quick Setup onboarding guide. ([PR](https://github.com/hashicorp/boundary-ui/pull/1140)). ### Bug Fixes -* The plugin execution_dir configuration parameter is now respected. +- The plugin execution_dir configuration parameter is now respected. ([PR](https://github.com/hashicorp/boundary/pull/2183)). -* ui: Fix Users page not updating fields correctly. +- ui: Fix Users page not updating fields correctly. ([PR](https://github.com/hashicorp/boundary-ui/pull/1105)). ### Deprecations/Changes -* Targets: Removes support for `credential libraries` with respect to Target resources. +- Targets: Removes support for `credential libraries` with respect to Target resources. The `library` `fields` and `actions` were deprecated in [Boundary 0.5.0](#050-20210802), please use `credential sources` instead. See changelog referenced above for more details ([PR](https://github.com/hashicorp/boundary/pull/1533)). -* Credential Libraries: The `user_password` credential type has been renamed to +- Credential Libraries: The `user_password` credential type has been renamed to `username_password` to remove any inconsistency over what the credential type is. All existing `user_password` typed credential libraries will be migrated to `username_password` ([PR](https://github.com/hashicorp/boundary/pull/2154)). -* controller: Change the default behavior of the session list endpoint +- controller: Change the default behavior of the session list endpoint to no longer include sessions in a terminated state and introduces a new query parameter/cli flag to include the terminated sessions. This also removes the connection information from the list response. ([PR](https://github.com/hashicorp/boundary/pull/2160)). -* Anonymous user permissions: In order to reduce the risk of accidental and +- Anonymous user permissions: In order to reduce the risk of accidental and unintended granting of permissions to anonymous users, the permissions system now only allows certain actions on certain resources to be assigned to the anonymous user; currently these are the same permissions as assigned in @@ -1424,37 +1462,38 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Bug Fixes -* controller: Do not shut down cluster listener when it receives an invalid +- controller: Do not shut down cluster listener when it receives an invalid packet ([Issue](https://github.com/hashicorp/boundary/issues/2072), [PR](https://github.com/hashicorp/boundary/pull/2073)) -* session: update cancel_session() function to check for terminated state +- session: update cancel_session() function to check for terminated state ([Issue](https://github.com/hashicorp/boundary/issues/2064), [PR](https://github.com/hashicorp/boundary/pull/2065)) ## 0.8.0 (2022/05/03) ### New and Improved -* metrics: Provide metrics for controllers and workers -* controller: Add health endpoint ([PR](https://github.com/hashicorp/boundary/pull/1882)) -* controller: Improve response time for listing sessions and targets. + +- metrics: Provide metrics for controllers and workers +- controller: Add health endpoint ([PR](https://github.com/hashicorp/boundary/pull/1882)) +- controller: Improve response time for listing sessions and targets. ([PR](https://github.com/hashicorp/boundary/pull/2049)) -* ui: Add support for worker filters in targets -* ui: Add manual refresh button in sessions list -* Audit events are no longer a WIP ([PR](https://github.com/hashicorp/boundary/pull/2031)). +- ui: Add support for worker filters in targets +- ui: Add manual refresh button in sessions list +- Audit events are no longer a WIP ([PR](https://github.com/hashicorp/boundary/pull/2031)). ### Bug Fixes -* worker: create new error to prevent `event.newError: missing error: invalid - parameter` and handle session cancel with no TOFU token +- worker: create new error to prevent `event.newError: missing error: invalid +parameter` and handle session cancel with no TOFU token ([Issue](https://github.com/hashicorp/boundary/issues/1902), [PR](https://github.com/hashicorp/boundary/pull/1929)) -* controller: Reconcile DEKs with existing scopes +- controller: Reconcile DEKs with existing scopes ([Issue](https://github.com/hashicorp/boundary/issues/1856), [PR](https://github.com/hashicorp/boundary/pull/1976)) -* controller: Fix for retrieving sessions that could result in incomplete +- controller: Fix for retrieving sessions that could result in incomplete results when there is a large number (10k+) of sessions. ([PR](https://github.com/hashicorp/boundary/pull/2049)) -* session: update session state trigger to prevent transitions to invalid states +- session: update session state trigger to prevent transitions to invalid states ([Issue](https://github.com/hashicorp/boundary/issues/2040), [PR](https://github.com/hashicorp/boundary/pull/2046)) @@ -1462,11 +1501,11 @@ open-source release of 0.12.3; the same fixes will be in 0.13.0 OSS. ### Bug Fixes -* sessions: Sessions and session connections have been refactored to better -isolate transactions and prevent resource contention that caused deadlocks. -([Issue](https://github.com/hashicorp/boundary/issues/1812), +- sessions: Sessions and session connections have been refactored to better + isolate transactions and prevent resource contention that caused deadlocks. + ([Issue](https://github.com/hashicorp/boundary/issues/1812), [PR](https://github.com/hashicorp/boundary/pull/1919)) -* scheduler: Fix bug that causes erroneous logs when racing controllers +- scheduler: Fix bug that causes erroneous logs when racing controllers attempted to run jobs ([Issue](https://github.com/hashicorp/boundary/issues/1903), [PR](https://github.com/hashicorp/boundary/pull/1914)). @@ -1475,74 +1514,75 @@ isolate transactions and prevent resource contention that caused deadlocks. ### New and Improved -* cli: Update authentication examples to remove password flag and make +- cli: Update authentication examples to remove password flag and make subcommend selection a bit clearer ([PR](https://github.com/hashicorp/boundary/pull/1835)) -* Data Warehouse: Add addresses on plugin based hosts to the database warehouse. +- Data Warehouse: Add addresses on plugin based hosts to the database warehouse. 3 new dimension tables have been added including `wh_network_address_group` (which is now referenced by `wh_host_dimension`), `wh_network_address_dimension`, and `wh_network_address_group_membership`. ([PR](https://github.com/hashicorp/boundary/pull/1855)) -* ui: Add support for dynamic host catalog. AWS and Azure plugin-based CRUD operations. +- ui: Add support for dynamic host catalog. AWS and Azure plugin-based CRUD operations. ### Bug Fixes -* targets: Specifying a plugin based host id when authorizing a session +- targets: Specifying a plugin based host id when authorizing a session now works. ([PR](https://github.com/hashicorp/boundary/pull/1853)) -* targets: DNS names are now properly parsed when selecting an endpoint +- targets: DNS names are now properly parsed when selecting an endpoint for authorizing a session. ([PR](https://github.com/hashicorp/boundary/pull/1849)) -* hosts: Static hosts now include the host sets they are in. +- hosts: Static hosts now include the host sets they are in. ([PR](https://github.com/hashicorp/boundary/pull/1828)) ## 0.7.4 (2022/01/18) ### Deprecations/Changes -* In newly-created scopes, if default role creation is not disabled, the roles +- In newly-created scopes, if default role creation is not disabled, the roles will now contain a grant to allow listing targets. This will still be subject to listing visibility rules, so only targets the user is granted some action on (such as `authorize-session`) will be returned. ### New and Improved -* config: The `description` field for workers now supports being set +- config: The `description` field for workers now supports being set from environment variables or a file on disk ([PR](https://github.com/hashicorp/boundary/pull/1783)) -* config: The `max_open_connections` field for the database field in controllers now supports being set +- config: The `max_open_connections` field for the database field in controllers now supports being set from environment variables or a file on disk ([PR](https://github.com/hashicorp/boundary/pull/1776)) -* config: The `execution_dir` field for plugins now supports being set from environment variables +- config: The `execution_dir` field for plugins now supports being set from environment variables or a file on disk.([PR](https://github.com/hashicorp/boundary/pull/1772)) -* config: Add support for reading worker controllers off of environment +- config: Add support for reading worker controllers off of environment variables as well as files. ([PR](https://github.com/hashicorp/boundary/pull/1765)) -* config: The `description` field for controllers now supports being set +- config: The `description` field for controllers now supports being set from environment variables or a file on disk ([PR](https://github.com/hashicorp/boundary/pull/1766)) -* config: Add support for reading worker tags off of environment variables +- config: Add support for reading worker tags off of environment variables as well as files. ([PR](https://github.com/hashicorp/boundary/pull/1758)) -* config: Add support for go-sockaddr templates to Worker and Controller +- config: Add support for go-sockaddr templates to Worker and Controller addresses. ([PR](https://github.com/hashicorp/boundary/pull/1731)) -* controllers/workers: Add client IP to inbound request information which is included in +- controllers/workers: Add client IP to inbound request information which is included in Boundary events ([PR](https://github.com/hashicorp/boundary/pull/1678)) -* host: Plugin-based host catalogs will now schedule updates for all +- host: Plugin-based host catalogs will now schedule updates for all of its host sets when its attributes are updated. ([PR](https://github.com/hashicorp/boundary/pull/1736)) -* scopes: Default roles in newly-created scopes now contain a grant to allow +- scopes: Default roles in newly-created scopes now contain a grant to allow listing targets. ([PR](https://github.com/hashicorp/boundary/pull/1803)) -* plugins/aws: AWS plugin based hosts now include DNS names in addition to the +- plugins/aws: AWS plugin based hosts now include DNS names in addition to the IP addresses they already provide. ### Bug Fixes -* session: Fix duplicate sessions and invalid session state transitions. ([PR](https://github.com/hashicorp/boundary/pull/1793)) + +- session: Fix duplicate sessions and invalid session state transitions. ([PR](https://github.com/hashicorp/boundary/pull/1793)) ## 0.7.3 (2021/12/16) ### Bug Fixes -* target: Fix permission bug which prevents the UI from being able to add and remove +- target: Fix permission bug which prevents the UI from being able to add and remove host sources on a target. ([PR](https://github.com/hashicorp/boundary/pull/1794)) -* credential: Fix panic during credential issue when a nil secret is received. This can +- credential: Fix panic during credential issue when a nil secret is received. This can occur when using the Vault KV backend which returns a nil secret and no error if the secret does not exist. ([PR](https://github.com/hashicorp/boundary/pull/1798)) @@ -1550,7 +1590,7 @@ isolate transactions and prevent resource contention that caused deadlocks. ### Security -* Boundary now uses Go 1.17.5 to address a security vulnerability (CVE-2021-44716) where +- Boundary now uses Go 1.17.5 to address a security vulnerability (CVE-2021-44716) where an attacker can cause unbounded memory growth in a Go server accepting HTTP/2 requests. See the [Go announcement](https://groups.google.com/g/golang-announce/c/hcmEScgc00k) for more details. ([PR](https://github.com/hashicorp/boundary/pull/1789)) @@ -1559,7 +1599,7 @@ isolate transactions and prevent resource contention that caused deadlocks. ### Bug Fixes -* db: Fix panic invoking the CLI on Windows. Some changes to how the binary is +- db: Fix panic invoking the CLI on Windows. Some changes to how the binary is initialized resulted in running some functions on every startup that looked for some embedded files. However, Go's embed package does not use OS-specific path separators, so a mismatch between path separators caused a failure in the @@ -1569,28 +1609,28 @@ isolate transactions and prevent resource contention that caused deadlocks. ### Deprecations/Changes -* tls: Boundary's support for TLS 1.0/1.1 on the API listener was broken. Rather +- tls: Boundary's support for TLS 1.0/1.1 on the API listener was broken. Rather than fix this, we are simply not supporting TLS 1.0/1.1 as they are insecure. ### New and Improved -* Boundary now supports dynamic discovery of host resources using our (currently +- Boundary now supports dynamic discovery of host resources using our (currently internal) new plugin system. See the [documentation](https://www.developer.hashicorp.com/boundary/docs) for configuration instructions. Currently, only Azure and AWS are supported, but more providers will be following in future releases. -* workers: The existing worker connection replay prevention logic has been +- workers: The existing worker connection replay prevention logic has been enhanced to be more robust against attackers that have decryption access to the shared `worker-auth` KMS key ([PR](https://github.com/hashicorp/boundary/pull/1641)) ### Bug Fixes -* tls: Support TLS 1.2 for more clients. This was broken for some clients due to +- tls: Support TLS 1.2 for more clients. This was broken for some clients due to a missing mandated cipher suite of the HTTP/2 (`h2`) specification that could result in no shared cipher suites between the Boundary API listener and those clients. ([PR](https://github.com/hashicorp/boundary/pull/1637)) -* vault: Fix credential store support when using Vault namespaces +- vault: Fix credential store support when using Vault namespaces ([Issue](https://github.com/hashicorp/boundary/issues/1597), [PR](https://github.com/hashicorp/boundary/pull/1660)) @@ -1598,19 +1638,19 @@ isolate transactions and prevent resource contention that caused deadlocks. ### Deprecations/Changes -* permissions: Fix bug in _Host Sets_ service that authenticated requests +- permissions: Fix bug in _Host Sets_ service that authenticated requests againist incorrect grant actions. This bug affects the _SetHosts_, _AddHosts_ and _RemoveHosts_ paths that do not have wildcard (`*`) action grants. If affected, please update grant actions as follows: -* * `set-host-sets` -> `set-hosts` -* * `add-host-sets` -> `add-hosts` -* * `remove-host-sets` -> `remove-hosts` - ([PR](https://github.com/hashicorp/boundary/pull/1549)). -* Removes support for the `auth-methods/:authenticate:login` action that was +- - `set-host-sets` -> `set-hosts` +- - `add-host-sets` -> `add-hosts` +- - `remove-host-sets` -> `remove-hosts` + ([PR](https://github.com/hashicorp/boundary/pull/1549)). +- Removes support for the `auth-methods/:authenticate:login` action that was deprecated in [Boundary 0.2.0](#020-20210414), please use `auth-methods/:authenticate` instead. ([PR](https://github.com/hashicorp/boundary/pull/1534)). -* Removes support for the `credential` field within `auth-methods/:authenticate` +- Removes support for the `credential` field within `auth-methods/:authenticate` action. This field was deprecated in [Boundary 0.2.0](#020-20210414), please use `attributes` instead. ([PR](https://github.com/hashicorp/boundary/pull/1534)). @@ -1619,34 +1659,34 @@ isolate transactions and prevent resource contention that caused deadlocks. ### Bug Fixes -* grants: Fix issue where `credential-store`, `credential-library`, and +- grants: Fix issue where `credential-store`, `credential-library`, and `managed-group` would not be accepted as specific `type` values in grant strings. Also, fix authorized actions not showing `credential-store` values in project scope output. ([PR](https://github.com/hashicorp/boundary/pull/1524)) -* actions: Fix `sessions` collection actions not being visible when reading a +- actions: Fix `sessions` collection actions not being visible when reading a scope ([PR](https://github.com/hashicorp/boundary/pull/1527)) -* credential stores: Fix credential stores not showing authorized collection +- credential stores: Fix credential stores not showing authorized collection actions ([PR](https://github.com/hashicorp/boundary/pull/1530)) ## 0.6.0 (2021/09/03) ### New and Improved -* ui: Reflect user authorized actions in the UI: users now see only actionable +- ui: Reflect user authorized actions in the UI: users now see only actionable items for which they have permissions granted. -* ui: Icons refreshed for a friendlier look and feel. +- ui: Icons refreshed for a friendlier look and feel. ### Bug Fixes -* controller: Fix issue with recursive listing across services when using the +- controller: Fix issue with recursive listing across services when using the unauthenticated user (`u_anon`) with no token and the list was started in a scope where the user does not have permission ([PR](https://github.com/hashicorp/boundary/pull/1478)) -* grants: Fix grant format `type=;output_fields=` with no action +- grants: Fix grant format `type=;output_fields=` with no action specified. In some code paths this format would trigger an error when validating even though it is correctly handled within the ACL code. ([PR](https://github.com/hashicorp/boundary/pull/1474)) -* targets: Fix panic when using `boundary targets authorize-session` +- targets: Fix panic when using `boundary targets authorize-session` ([Issue](https://github.com/hashicorp/boundary/issues/1488), [PR](https://github.com/hashicorp/boundary/pull/1496)) @@ -1654,7 +1694,7 @@ isolate transactions and prevent resource contention that caused deadlocks. ### New and Improved -* Data Warehouse: Add OIDC auth method and accounts to the database warehouse. +- Data Warehouse: Add OIDC auth method and accounts to the database warehouse. Four new columns have been added to the `wh_user_dimension` table: `auth_method_external_id`, `auth_account_external_id`, `auth_account_full_name`, and `auth_account_email`. @@ -1662,19 +1702,19 @@ isolate transactions and prevent resource contention that caused deadlocks. ### Bug Fixes -* events: Fix panic when using the `hclog-text` event's format. +- events: Fix panic when using the `hclog-text` event's format. ([PR](https://github.com/hashicorp/boundary/pull/1456)) -* oidc managed groups: Allow colons in selector paths +- oidc managed groups: Allow colons in selector paths ([PR](https://github.com/hashicorp/boundary/pull/1453)) ## 0.5.0 (2021/08/02) ### Deprecations/Changes -* With respect to Target resources, two naming changes are taking place. Note +- With respect to Target resources, two naming changes are taking place. Note that these are not affecting the resources themselves, only the fields on Target resources that map them to targets: -* * _Credential Libraries_: In Target definitions, the field referring to +- - _Credential Libraries_: In Target definitions, the field referring to attached credential libraries is being renamed to the more abstract _credential sources_. In the future Boundary will gain the ability to internally store static credentials that are not generated or fetched @@ -1687,11 +1727,11 @@ isolate transactions and prevent resource contention that caused deadlocks. separate flags and fields. In this 0.5 release the Boundary CLI has gained parallel `application-credential-source` flags to the existing `application-credential-library` flags, as well as `boundary targets - add/remove/set-credential-sources` commands that parallel `boundary targets - add/remove/set-credential-libraries` commands. This parallelism extends to +add/remove/set-credential-sources` commands that parallel `boundary targets +add/remove/set-credential-libraries` commands. This parallelism extends to the API actions and the grants system. In 0.6, the _library_ versions of these commands, flags, and actions will be removed. -* * _Host Sets_: Similarly, in Target definitions, the field referring to +- - _Host Sets_: Similarly, in Target definitions, the field referring to attached host sets is being renamed to the more abstract _host sources_. In the future Boundary will allow attaching some host types directly, and possibly other mechanisms for gathering hosts for targets, so the _sources_ @@ -1702,24 +1742,24 @@ isolate transactions and prevent resource contention that caused deadlocks. ### New and Improved -* OIDC Accounts: When performing a `read` on an `oidc` type account, the +- OIDC Accounts: When performing a `read` on an `oidc` type account, the original token and userinfo claims are provided in the output. This can make it significantly easier to write filters to create [managed groups](https://www.developer.hashicorp.com/boundary/docs/rbac/users/managed-groups). ([PR](https://github.com/hashicorp/boundary/pull/1419)) -* Controllers will now mark connections as closed in the database if the worker +- Controllers will now mark connections as closed in the database if the worker has not reported its status; this can be seen as the controller counterpart to the worker-side session cleanup functionality released in 0.4.0. As with the worker, the timeout for this behavior is 15s. -* Workers will shut down connections gracefully upon shutdown of the worker, +- Workers will shut down connections gracefully upon shutdown of the worker, both closing the connection and sending a request to mark the connection as closed in the database. -* Pressing CTRL-C (or sending a SIGINT) when Boundary is already shutting +- Pressing CTRL-C (or sending a SIGINT) when Boundary is already shutting down due to a CTRL-C or interrupt will now cause Boundary to immediately shut down non-gracefully. This may leave various parts of the Boundary deployment (namely sessions or connections) in an inconsistent state. -* Events: Boundary has moved from writing hclog entries to emitting events. +- Events: Boundary has moved from writing hclog entries to emitting events. There are four types of Boundary events: `error`, `system`, `observation` and `audit`. All events are emitted as [cloudevents](https://github.com/cloudevents/spec/blob/v1.0.1/spec.md) and we @@ -1727,64 +1767,64 @@ isolate transactions and prevent resource contention that caused deadlocks. `cloudevents-text` format. **Notes**: - * There are still a few lingering hclog bits within Boundary. If you wish to + - There are still a few lingering hclog bits within Boundary. If you wish to only output json from Boundary logging/events then you should specify both `"-log-format json"` and `"-event-format cloudevents-json"` when starting Boundary. - * Filtering events: hclog log levels have been replaced by optional sets + - Filtering events: hclog log levels have been replaced by optional sets of allow and deny event [filters](https://www.developer.hashicorp.com/boundary/docs/filtering) which are specified via configuration, or in the case of "boundary dev" there are new new cmd flags. - * Observation events are MVP and contain a minimal set of observations about a + - Observation events are MVP and contain a minimal set of observations about a request. Observations are aggregated for each request, so only one observation event will be emitted per request. We anticipate that a rich set of aggregate data about each request will be developed over time. - * Audit events are a WIP and will only be emitted if they are both enabled - and the env var `BOUNDARY_DEVELOPER_ENABLE_EVENTS` equals true. We + - Audit events are a WIP and will only be emitted if they are both enabled + and the env var `BOUNDARY_DEVELOPER_ENABLE_EVENTS` equals true. We anticipate many changes for audit events before they are generally available including what data is included and different options for redacting/encrypting that data. - PRs: - [hclog json,text formats](https://github.com/hashicorp/boundary/pull/1440), - [log adapters](https://github.com/hashicorp/boundary/pull/1434), - [unneeded log deps](https://github.com/hashicorp/boundary/pull/1433), - [update eventlogger](https://github.com/hashicorp/boundary/pull/1411), - [convert from hclog to events](https://github.com/hashicorp/boundary/pull/1409), - [event filtering](https://github.com/hashicorp/boundary/pull/1404), - [cloudevents node](https://github.com/hashicorp/boundary/pull/1390), - [system events](https://github.com/hashicorp/boundary/pull/1360), - [convert errors to events](https://github.com/hashicorp/boundary/pull/1358), - [integrate events into servers](https://github.com/hashicorp/boundary/pull/1355), - [event pkg name](https://github.com/hashicorp/boundary/pull/1284), - [events using ctx](https://github.com/hashicorp/boundary/pull/1277), - [add eventer](https://github.com/hashicorp/boundary/pull/1276), - [and base event types](https://github.com/hashicorp/boundary/pull/1275) + [hclog json,text formats](https://github.com/hashicorp/boundary/pull/1440), + [log adapters](https://github.com/hashicorp/boundary/pull/1434), + [unneeded log deps](https://github.com/hashicorp/boundary/pull/1433), + [update eventlogger](https://github.com/hashicorp/boundary/pull/1411), + [convert from hclog to events](https://github.com/hashicorp/boundary/pull/1409), + [event filtering](https://github.com/hashicorp/boundary/pull/1404), + [cloudevents node](https://github.com/hashicorp/boundary/pull/1390), + [system events](https://github.com/hashicorp/boundary/pull/1360), + [convert errors to events](https://github.com/hashicorp/boundary/pull/1358), + [integrate events into servers](https://github.com/hashicorp/boundary/pull/1355), + [event pkg name](https://github.com/hashicorp/boundary/pull/1284), + [events using ctx](https://github.com/hashicorp/boundary/pull/1277), + [add eventer](https://github.com/hashicorp/boundary/pull/1276), + [and base event types](https://github.com/hashicorp/boundary/pull/1275) + ### Bug Fixes -* config: Fix error when populating all `kms` purposes in separate blocks (as +- config: Fix error when populating all `kms` purposes in separate blocks (as well as the error message) ([Issue](https://github.com/hashicorp/boundary/issues/1305), [PR](https://github.com/hashicorp/boundary/pull/1384)) -* server: Fix panic on worker startup failure when the server was not also +- server: Fix panic on worker startup failure when the server was not also configured as a controller ([PR](https://github.com/hashicorp/boundary/pull/1432)) ### New and Improved -* docker: Add support for muti-arch docker images (amd64/arm64) via Docker buildx +- docker: Add support for muti-arch docker images (amd64/arm64) via Docker buildx ## 0.4.0 (2021/06/29) ### New and Improved -* Credential Stores: This release introduces Credential Stores, with the first +- Credential Stores: This release introduces Credential Stores, with the first implementation targeting Vault. A credential store can be created that accepts a Vault periodic token (which it will keep refreshed) and connection information allowing it to make requests to Vault. -* Credential Libraries: This release introduces Credential Libraries, with the +- Credential Libraries: This release introduces Credential Libraries, with the first implementation targeting Vault. Credential libraries describe how to make a request to fetch a credential from the credential store. The first credential library is the `generic` type that takes in a user-defined request @@ -1792,18 +1832,18 @@ isolate transactions and prevent resource contention that caused deadlocks. When a credential library is used to fetch a credential, if the credential contains a lease, Boundary will keep the credential refreshed, and revoke the credential when the session that requested it is finished. -* Credential Brokering: Credential libraries can be attached to targets; when a +- Credential Brokering: Credential libraries can be attached to targets; when a session is authorized against that target, a credential will be fetched from the library that is then relayed to the client. The client can then use this information to make a connection, allowing them to gain the benefit of dynamic credential generation from Vault, but without needing their own Vault login/token (see NOTE below). -* `boundary connect` Credential Brokering Integration: Additionally, we have +- `boundary connect` Credential Brokering Integration: Additionally, we have started integration into the `boundary connect` helpers, starting in this release with the Postgres helper; if the credential contains a username/password and `boundary connect postgres` is the helper being used, the command will automatically pass the credentials to the `psql` process. -* The worker will now close any existing proxy connections it is handling when +- The worker will now close any existing proxy connections it is handling when it cannot make a status request to the controller. The timeout for this behavior is currently 15 seconds. @@ -1815,18 +1855,18 @@ Boundary) but it's worth repeating. ### Bug Fixes -* scheduler: removes a Postgres check constraint, on the length of the controller name, +- scheduler: removes a Postgres check constraint, on the length of the controller name, causing an error when the scheduler attempts to run jobs ([Issue](https://github.com/hashicorp/boundary/issues/1309), [PR](https://github.com/hashicorp/boundary/pull/1310)). -* Docker: update entrypoint script to handle more Boundary subcommands for +- Docker: update entrypoint script to handle more Boundary subcommands for better UX ## 0.3.0 (2021/06/08) ### Deprecations/Changes -* `password` account IDs: When the `oidc` auth method came out, accounts were +- `password` account IDs: When the `oidc` auth method came out, accounts were given the prefix `acctoidc`. Unfortunately, accounts in the `password` method were using `apw`...oops. We're standardizing on `acct` and have updated the `password` method to generate new IDs with `acctpw` prefixes. @@ -1834,16 +1874,16 @@ Boundary) but it's worth repeating. ### New and Improved -* oidc: The new Managed Groups feature allows groups of accounts to be created +- oidc: The new Managed Groups feature allows groups of accounts to be created based on an authenticating user's JWT or User Info data. This data uses the same filtering syntax found elsewhere in Boundary to provide a rich way to specify the criteria for group membership. Once defined, authenticated users are added to or removed from these groups as appropriateds each time they authenticate. These groups are treated like other role principals and can be added to roles to provide grants to users. -* dev: Predictable IDs in `boundary dev` mode now extend to the accounts created +- dev: Predictable IDs in `boundary dev` mode now extend to the accounts created in the default `password` and `oidc` auth methods. -* mlock: Add a Docker entrypoint script and modify Dockerfiles to handle mlock +- mlock: Add a Docker entrypoint script and modify Dockerfiles to handle mlock in a fashion similar to Vault ([PR](https://github.com/hashicorp/boundary/pull/1269)) @@ -1851,7 +1891,7 @@ Boundary) but it's worth repeating. ### Deprecations/Changes -* The behavior when `cors_enabled` is not specified for a listener is changing +- The behavior when `cors_enabled` is not specified for a listener is changing to be equivalent to a `cors_allowed_origins` value of `*`; that is, accept all origins. This allows Boundary, by default, to have the admin UI and desktop client work without further specification of origins by the operator. This is @@ -1860,45 +1900,45 @@ Boundary) but it's worth repeating. v0.2.1 due to a bug found in v0.2.0 that caused all origins to always be allowed, but fixing that bug exposed that the default behavior was difficult for users to configure to simply get up and running. -* If a `cancel` operation is run on a session already in a canceling or +- If a `cancel` operation is run on a session already in a canceling or terminated state, a `200` and the session information will be returned instead of an error. ### New and Improved -* sessions: Return a `200` and session information when canceling an +- sessions: Return a `200` and session information when canceling an already-canceled or terminated session ([PR](https://github.com/hashicorp/boundary/pull/1243)) ### Bug Fixes -* cors: Change the default allowed origins when `cors_enabled` is not specified +- cors: Change the default allowed origins when `cors_enabled` is not specified to be `*`. ([PR](https://github.com/hashicorp/boundary/pull/1249)) ## 0.2.2 (2021/05/17) ### New and Improved -* Inline OIDC authentication flow: when the OIDC authentication flow succeeds, +- Inline OIDC authentication flow: when the OIDC authentication flow succeeds, the third-party provider browser window is automatically closed and the user is returned to the admin UI. ### Bug Fixes -* oidc: If provider returns an `aud` claim as a `string` or `[]string`, +- oidc: If provider returns an `aud` claim as a `string` or `[]string`, Boundary will properly parse the claims JSON. ([Issue](https://github.com/hashicorp/cap/issues/37), [PR](https://github.com/hashicorp/boundary/pull/1231)) -* sessions: Clean up connections that are dangling after a worker dies (is +- sessions: Clean up connections that are dangling after a worker dies (is restarted, powered off, etc.) This fixes some cases where a session never goes to `terminated` state because connections are not properly marked closed. ([Issue 1](https://github.com/hashicorp/boundary/issues/894), [Issue 2](https://github.com/hashicorp/boundary/issues/1055), [PR](https://github.com/hashicorp/boundary/pull/1220)) -* sessions: Add some missing API-level checks when session cancellation was +- sessions: Add some missing API-level checks when session cancellation was requested. It's much easier than interpreting the domain-level check failures. ([PR](https://github.com/hashicorp/boundary/pull/1223)) -* authenticate: When authenticating with OIDC and `json` format output, the +- authenticate: When authenticating with OIDC and `json` format output, the command will no longer print out a notice that it's opening your web browser ([Issue](https://github.com/hashicorp/boundary/issues/1193), [PR](https://github.com/hashicorp/boundary/pull/1213)) @@ -1907,10 +1947,10 @@ Boundary) but it's worth repeating. ### Deprecations/Changes -* API `delete` actions now result in a `204` status code and no body when +- API `delete` actions now result in a `204` status code and no body when successful. This was not the case previously due to a technical limitation which has now been solved. -* When using a `delete` command within the CLI we now either show success or +- When using a `delete` command within the CLI we now either show success or treat the `404` error the same as any other `404` error, that is, it results in a non-zero status code and an error message. This makes `delete` actions behave the same as other commands, all of which pass through errors to the @@ -1918,14 +1958,14 @@ Boundary) but it's worth repeating. to see whether an error was `404` or something else from within scripts, in conjunction with checking that the returned status code matches the API error status code (`1`). -* When outputting from the CLI in JSON format, the resource information under +- When outputting from the CLI in JSON format, the resource information under `item` or `items` (depending on the action) now exactly matches the JSON sent across the wire by the controller, as opposed to matching the Go SDK representation which could result in some extra fields being shown or fields having Go-specific types. This includes `delete` actions which previously would show an object indicating existence, but now show no `item` on success or the API's `404` error. -* Permissions in new scope default roles have been updated to include support +- Permissions in new scope default roles have been updated to include support for `list`, `read:self`, and `delete:self` on `auth-token` resources. This allows a user to list and manage their own authentication tokens. (As is the case with other resources, `list` will still be limited to returning tokens on @@ -1935,7 +1975,7 @@ Boundary) but it's worth repeating. ### New and Improved -* permissions: Improving upon the work put into 0.2.0 to limit the fields that +- permissions: Improving upon the work put into 0.2.0 to limit the fields that are returned when listing as the anonymous user, grants now support a new `output_fields` section. This takes in a comma-delimited (or in JSON format, array) set of values that correspond to the JSON fields returned from an API @@ -1949,7 +1989,7 @@ Boundary) but it's worth repeating. documentation](https://www.developer.hashicorp.com/boundary/docs/rbac) for more information on why and when to use this. This currently only applies to top-level fields in the response. -* cli/api/sdk: Add support to request additional OIDC claims scope values from +- cli/api/sdk: Add support to request additional OIDC claims scope values from the OIDC provider when making an authentication request. ([PR](https://github.com/hashicorp/boundary/pull/1175)). @@ -1970,54 +2010,55 @@ Boundary) but it's worth repeating. For information on claims scope values see: [Scope Claims in the OIDC specification](https://openid.net/specs/openid-connect-core-1_0.html#ScopeClaims) -* cli: Match JSON format output with the across-the-wire API JSON format +- cli: Match JSON format output with the across-the-wire API JSON format ([PR](https://github.com/hashicorp/boundary/pull/1155)) -* api: Return `204` instead of an empty object on successful `delete` operations +- api: Return `204` instead of an empty object on successful `delete` operations ([PR](https://github.com/hashicorp/boundary/pull/1155)) -* actions: The new `no-op` action allows a grant to be given to a principals +- actions: The new `no-op` action allows a grant to be given to a principals without conveying any actionable result. Since resources do not appear in list results if the principal has no actions granted on that resource, this can be used to allow principals to see values in list results without also giving `read` or other capabilities on the resources. The default scope permissions have been updated to convey `no-op,list` instead of `read,list`. ([PR](https://github.com/hashicorp/boundary/pull/1138)) -* cli/api/sdk: User resources have new attributes for: - * Primary Account ID - * Login Name - * Full Name - * Email +- cli/api/sdk: User resources have new attributes for: + - Primary Account ID + - Login Name + - Full Name + - Email These new user attributes correspond to attributes from the user's primary auth method account. These attributes will be empty when the user has no account in the primary auth method for their scope, or there is no designated primary auth method for their scope. -* cli: Support for reading and deleting the user's own token via the new + +- cli: Support for reading and deleting the user's own token via the new `read:self` and `delete:self` actions on auth tokens. If no token ID is provided, the stored token's ID will be used (after prompting), or `"self"` can be set as the value of the `-id` parameter to trigger this behavior without prompting. ([PR](https://github.com/hashicorp/boundary/pull/1162)) -* cli: New `logout` command deletes the current token in Boundary and forgets it +- cli: New `logout` command deletes the current token in Boundary and forgets it from the local system credential store, respecting `-token-name` ([PR](https://github.com/hashicorp/boundary/pull/1134)) -* config: The `name` field for workers and controllers now supports being set +- config: The `name` field for workers and controllers now supports being set from environment variables or a file on disk ([PR](https://github.com/hashicorp/boundary/pull/1181)) ### Bug Fixes -* cors: Fix allowing all origins by default +- cors: Fix allowing all origins by default ([PR](https://github.com/hashicorp/boundary/pull/1134)) -* cli: It is now an error to run `boundary database migrate` on an uninitalized db. +- cli: It is now an error to run `boundary database migrate` on an uninitalized db. Use `boundary database init` instead. ([PR](https://github.com/hashicorp/boundary/pull/1184)) -* cli: Correctly honor the `-format` flag when running `boundary database init` +- cli: Correctly honor the `-format` flag when running `boundary database init` ([PR](https://github.com/hashicorp/boundary/pull/1204)) ## 0.2.0 (2021/04/14) ### Known Issues -* By default, CORS support will allow all origins. This is due to a bug in how +- By default, CORS support will allow all origins. This is due to a bug in how the set of allowed origins was processed, in conjunction with changes to CORS behavior to automatically include the origin of the Desktop Client. This will be fixed in 0.2.1. In the meantime, this can be worked around by either @@ -2028,7 +2069,7 @@ Boundary) but it's worth repeating. ### Deprecations/Changes -* The `auth-methods/:authenticate:login` action is deprecated and will be +- The `auth-methods/:authenticate:login` action is deprecated and will be removed in a few releases. (Yes, this was meant to deprecate the `authenticate` action; apologies for going back on this!) To better support future auth methods, and especially the potential for plugins, rather than @@ -2040,13 +2081,13 @@ Boundary) but it's worth repeating. types of resources. `credentials` will still work for now but will be removed in a few releases. Finally, in the Go SDK, the `Authenticate` function now requires a `command` value to be passed in. -* Related to the above change, the output of an API +- Related to the above change, the output of an API `auth-methods/:authenticate` call will return the given `command` value and a map of attributes that depend on the given command. On the SDK side, the output of the `Authenticate` function returns a map, from which a concrete type can be easily umarshaled (see the updated `authenticate password` command for an example). -* Anonymous scope/auth method listing: When listing auth methods and scopes +- Anonymous scope/auth method listing: When listing auth methods and scopes without authentication (that is, as the anonymous user `u_anon`), only information necessary for navigation to an auth method and authenticating to the auth method is now output. Granting `u_anon` list access to other resource @@ -2054,24 +2095,24 @@ Boundary) but it's worth repeating. ### New and Improved -* cli/api/sdk: New OIDC auth method type added with support for create, read, +- cli/api/sdk: New OIDC auth method type added with support for create, read, update, delete, and list (see new cli `oidc` subcommands available on CRUDL operations for examples), as well as the ability to authenticate against it via the SDK, CLI, admin UI, and desktop client. ([PR](https://github.com/hashicorp/boundary/pull/1090)) -* server: When performing recursive listing, `list` action is no longer required +- server: When performing recursive listing, `list` action is no longer required to be granted to the calling user. Instead, the given scope acts as the root point (so only results under that scope will be shown), and `list` grant is evaluated per-scope. ([PR](https://github.com/hashicorp/boundary/pull/1016)) -* database init: If the database is already initialized, return 0 as the exit +- database init: If the database is already initialized, return 0 as the exit code. This matches how the `database migrate` command works. ([PR](https://github.com/hashicorp/boundary/pull/1033)) ### Bug Fixes -* server: Roles for auto generated scopes are now generated at database init. +- server: Roles for auto generated scopes are now generated at database init. ([PR](https://github.com/hashicorp/boundary/pull/996)) -* cli: Don't panic on certain commands when outputting in `json` format +- cli: Don't panic on certain commands when outputting in `json` format ([Issue](https://github.com/hashicorp/boundary/pull/992), [PR](https://github.com/hashicorp/boundary/pull/1095)) @@ -2082,7 +2123,7 @@ Boundary) but it's worth repeating. These are specific known issues in the release that we feel are impactful enough to call out in this changelog. The full set of open issues is on GitHub. -* cli: When authenticating, changing a password, or a couple of other specific +- cli: When authenticating, changing a password, or a couple of other specific actions on the CLI, if the output format is specified as `json`, the command will panic (after the API call executes). This is due to a preexisting bug that was exposed by the JSON changes described in the changes section below. @@ -2091,35 +2132,35 @@ to call out in this changelog. The full set of open issues is on GitHub. test was using the normal table output since the output was ignored anyways. As a result, our CLI tests did not catch this panic. Our apologies, and we will fix this in the next release. -* Initially Created Scopes: Starting in 0.1.6, When initial scopes are created +- Initially Created Scopes: Starting in 0.1.6, When initial scopes are created when executing `boundary database init`, the associated admin roles aren't created. The intended behavior is to have a role which granted the auto created admin the grant `"id=*;type=*;actions=*"` for each auto generated - scope. To set your data to the intended state you can add a role for the - admin user in the generated scopes. An outline of the steps to do this can + scope. To set your data to the intended state you can add a role for the + admin user in the generated scopes. An outline of the steps to do this can be found in this [gist](https://gist.github.com/talanknight/98492dc68d894f67742086eb41fdb506). This will be fixed in the next release. ### Changes/Deprecations -* sdk (Go API library): A few functions have changed places. Notably, instead of +- sdk (Go API library): A few functions have changed places. Notably, instead of `ResponseMap()` and `ResponseBody()`, resources simply expose `Response()`. This higher-level response object contains the map and body, and also exposes `StatusCode()` in place of indivdidual resources. ([PR](https://github.com/hashicorp/boundary/pull/962)) -* cli: In `json` output format, a resource item is now an object under the +- cli: In `json` output format, a resource item is now an object under the top-level key `item`; a list of resource items is now an list of objects under the top-level key `items`. This preserves the top level for putting in other useful information later on (and the HTTP status code is included now). ([PR](https://github.com/hashicorp/boundary/pull/962)) -* cli: In `json` output format, errors are now serialized as a JSON object with +- cli: In `json` output format, errors are now serialized as a JSON object with an `error` key instead of outputting normal text ([PR](https://github.com/hashicorp/boundary/pull/962)) -* cli: All errors, including API errors, are now written to `stderr`. Previously +- cli: All errors, including API errors, are now written to `stderr`. Previously in the default table format, API errors would be written to `stdout`. ([PR](https://github.com/hashicorp/boundary/pull/962)) -* cli: Error return codes have been standardized across CLI commands. An error +- cli: Error return codes have been standardized across CLI commands. An error code of `1` indicates an error generated from the actual controller API; an error code of `2` is an error encountered due to the CLI command's logic; and an error code of `3` indicates an error that was caused due to user input to @@ -2129,79 +2170,79 @@ to call out in this changelog. The full set of open issues is on GitHub. ### New and Improved -* list filtering: Listing now supports filtering results before being returned +- list filtering: Listing now supports filtering results before being returned to the user. The filtering takes place server side and uses boolean expressions against the JSON representation of returned items. See [the documentation](https://www.developer.hashicorp.com/boundary/docs/filtering) for more details. ([PR 1](https://github.com/hashicorp/boundary/pull/952)) ([PR 2](https://github.com/hashicorp/boundary/pull/957)) ([PR 3](https://github.com/hashicorp/boundary/pull/967)) -* server: Officially support reloading TLS parameters on `SIGHUP`. (This likely +- server: Officially support reloading TLS parameters on `SIGHUP`. (This likely worked before but wasn't fully tested.) ([PR](https://github.com/hashicorp/boundary/pull/959)) -* server: On `SIGHUP`, [worker +- server: On `SIGHUP`, [worker tags](https://www.developer.hashicorp.com/boundary/docs/workers/worker-tags) will be re-parsed and new values used ([PR](https://github.com/hashicorp/boundary/pull/959)) -* server: In addition to the existing `tls_min_version` listener configuration +- server: In addition to the existing `tls_min_version` listener configuration value, `tls_max_version` is now supported. This should generally be left blank but can be useful for situations where e.g. a load balancer has broken TLS 1.3 support, or does not support TLS 1.3 and flags it as a disallowed value. ## 0.1.7 (2021/02/16) -*Note:* This release fixes an upgrade issue affecting users on Postgres 11 +_Note:_ This release fixes an upgrade issue affecting users on Postgres 11 upgrading to 0.1.5 or 0.1.6 and makes a modification to the `boundary dev` environment. It is otherwise identical to 0.1.6; see the entry for that version for more details. ### Changes/Deprecations -* `boundary dev` now uses Postgres 11 by default, rather than Postgres 12. +- `boundary dev` now uses Postgres 11 by default, rather than Postgres 12. ### Bug Fixes -* server: Fix an issue with migrations affecting Postgres 11 +- server: Fix an issue with migrations affecting Postgres 11 ([PR](https://github.com/hashicorp/boundary/pull/940)) ## 0.1.6 (2021/02/12) ### Changes/Deprecations -* authentication: The `auth-methods/:authenticate` action is deprecated and +- authentication: The `auth-methods/:authenticate` action is deprecated and will be removed in a few releases. Instead, each auth method will define its own action or actions that are valid. This is necessary to support multi-step authentication schemes in upcoming releases. For the `password` auth method, the new action is `auth-methods/:authenticate:login`. -* permissions: Update some errors to make them more descriptive, and disallow +- permissions: Update some errors to make them more descriptive, and disallow permissions in some forms where they will never take effect, preventing possible confusion (existing grants already saved to the database will not be affected as this is only filtered when grants are added/set on a role): - * `id=;actions=` where one of the actions is `create` + - `id=;actions=` where one of the actions is `create` or `list`. By definition this format operates only on individual resources so `create` and `list` will never work - * `type=;actions=` where one of the actions is _not_ + - `type=;actions=` where one of the actions is _not_ `create` or `list`. This format operates only on collections so assigning more actions this way will never work -* CORS: CORS is now turned on by default when running with `boundary server` +- CORS: CORS is now turned on by default when running with `boundary server` with a `cors_allowed_origins` value of `serve://boundary`. You can disable it with `cors_enabled = false`, or if you want to change parameters, set `cors_enabled = true` and the other related configuration values. ### New and Improved -* server: When running single-server mode and `controllers` is not specified in +- server: When running single-server mode and `controllers` is not specified in the `worker` block, use `public_cluster_addr` if given ([PR](https://github.com/hashicorp/boundary/pull/904)) -* server: `public_cluster_addr` in the `controller` block can now be specified +- server: `public_cluster_addr` in the `controller` block can now be specified as a `file://` or `env://` URL to read the value from a file or env var ([PR](https://github.com/hashicorp/boundary/pull/907)) -* server: Add `read` action to default scope grant +- server: Add `read` action to default scope grant ([PR](https://github.com/hashicorp/boundary/pull/913)) -* server: `public_cluster_addr` in the `controller` block can now be specified +- server: `public_cluster_addr` in the `controller` block can now be specified as a `file://` or `env://` URL to read the value from a file or env var ([PR](https://github.com/hashicorp/boundary/pull/907)) -* sessions: Add `read:self` and `cancel:self` actions and enable them by default +- sessions: Add `read:self` and `cancel:self` actions and enable them by default (in new project scopes) for all sessions. This allows a user to read or cancel any session that is associated with their user ID. `read` and `cancel` actions are still available that allow performing these actions on sessions that are @@ -2209,34 +2250,34 @@ for more details. ### Bug Fixes -* api: Fix nil pointer panic that could occur when using TLS +- api: Fix nil pointer panic that could occur when using TLS ([Issue](https://github.com/hashicorp/boundary/pull/902), [PR](https://github.com/hashicorp/boundary/pull/901)) -* server: When shutting down a controller release the shared advisory lock with +- server: When shutting down a controller release the shared advisory lock with a non-canceled context. ([Issue](https://github.com/hashicorp/boundary/pull/909), [PR](https://github.com/hashicorp/boundary/pull/918)) -* targets: If a worker filter references a key that doesn't exist, treat it as a +- targets: If a worker filter references a key that doesn't exist, treat it as a non-match rather than an error ([PR](https://github.com/hashicorp/boundary/pull/900)) ## 0.1.5 (2021/01/29) -*NOTE*: This version requires a database migration via the new `boundary +_NOTE_: This version requires a database migration via the new `boundary database migrate` command. ### Security -* Boundary now uses Go's new execabs package for execution of binaries in +- Boundary now uses Go's new execabs package for execution of binaries in `boundary connect`. This is for defense-in-depth rather than a specific issue. See the [Go blog post](https://blog.golang.org/path-security) for more details. ([PR](https://github.com/hashicorp/boundary/pull/873)) ### Changes/Deprecations -* controller/worker: Require names to be all lowercase. This removes ambiguity +- controller/worker: Require names to be all lowercase. This removes ambiguity or accidental mismatching when using upcoming filtering features. -* api/cli: Due to visibility changes on collection listing, a list will not +- api/cli: Due to visibility changes on collection listing, a list will not include any resources if the user only has `list` as an authorized action. As a result `scope list`, which is used by the UI to populate the login scope dropdown, will be empty if the role granting the `u_anon` user `list` @@ -2244,32 +2285,32 @@ database migrate` command. ### New and Improved -* targets: You can now specify a Boolean-expression filter against worker tags +- targets: You can now specify a Boolean-expression filter against worker tags to control which workers are allowed to handle any given target's sessions ([PR](https://github.com/hashicorp/boundary/pull/862)) -* api/cli: On listing/reading, return a list of actions the user is authorized +- api/cli: On listing/reading, return a list of actions the user is authorized to perform on the identified resources or their associated collections ([PR](https://github.com/hashicorp/boundary/pull/870)) -* api/cli: Most resource types now support recursive listing, allowing listing +- api/cli: Most resource types now support recursive listing, allowing listing to occur down a scope tree ([PR](https://github.com/hashicorp/boundary/pull/885)) -* cli: Add a `database migrate` command which updates a database's schema to the +- cli: Add a `database migrate` command which updates a database's schema to the version supported by the boundary binary ([PR](https://github.com/hashicorp/boundary/pull/872)). ### Bug Fixes -* controller/db: Correctly check if db init previously completed successfully +- controller/db: Correctly check if db init previously completed successfully when starting a controller or when running `database init` ([Issue](https://github.com/hashicorp/boundary/issues/805)) ([PR](https://github.com/hashicorp/boundary/pull/842)) -* cli: When `output-curl-string` is used with `update` or `add-/remove-/set-` +- cli: When `output-curl-string` is used with `update` or `add-/remove-/set-` commands and automatic versioning is being used (that is, no `-version` flag is given), it will now display the final call instead of the `GET` that fetches the current version ([Issue](https://github.com/hashicorp/boundary/issues/856)) ([PR](https://github.com/hashicorp/boundary/pull/858)) -* db: Fix panic in `database init` when controller config block is missing +- db: Fix panic in `database init` when controller config block is missing ([Issue](https://github.com/hashicorp/boundary/issues/819)) ([PR](https://github.com/hashicorp/boundary/pull/851)) @@ -2277,16 +2318,16 @@ database migrate` command. ### New and Improved -* controller: Improved error handling in iam repo +- controller: Improved error handling in iam repo ([PR](https://github.com/hashicorp/boundary/pull/841)) -* controller: Improved error handling in db +- controller: Improved error handling in db ([PR](https://github.com/hashicorp/boundary/pull/815)) ### Bug Fixes -* servers: Fix erronious global unicast check that disallowed valid addresses +- servers: Fix erronious global unicast check that disallowed valid addresses from being assigned ([PR](https://github.com/hashicorp/boundary/pull/845)) -* cli: Fix (hopefully) panic some users experience depending on their Linux +- cli: Fix (hopefully) panic some users experience depending on their Linux setup when running the binary ([Issue](https://github.com/hashicorp/boundary/issues/830)) ([PR](https://github.com/hashicorp/boundary/pull/846)) @@ -2295,7 +2336,7 @@ database migrate` command. ### Changes/Deprecations -* controller: Switch the session connection limit for dev mode and the initial +- controller: Switch the session connection limit for dev mode and the initial target when doing database initialization to `-1`. This makes it easier for people to start understanding Boundary while not hitting issues related to some programs/protocols needing multiple connections as they may not be easy @@ -2304,31 +2345,31 @@ database migrate` command. ### New and Improved -* controller, worker, cli: When the client quits before the session time is +- controller, worker, cli: When the client quits before the session time is over, but in a manner where the TOFU token will be locked, attempt canceling the session rather than leaving it open to time out ([PR](https://github.com/hashicorp/boundary/pull/831)) -* controller: Improved error handling in hosts, host catalog and host set +- controller: Improved error handling in hosts, host catalog and host set ([PR](https://github.com/hashicorp/boundary/pull/786)) -* controller: Relax account login name constraints to allow dash as valid +- controller: Relax account login name constraints to allow dash as valid character ([Issue](https://github.com/hashicorp/boundary/issues/759)) ([PR](https://github.com/hashicorp/boundary/pull/806)) -* cli/connect/http: Pass endpoint address through to allow setting TLS server +- cli/connect/http: Pass endpoint address through to allow setting TLS server name directly in most cases ([PR](https://github.com/hashicorp/boundary/pull/811)) -* cli/connect/kube: New `kube` subcommand for `boundary connect` that makes it +- cli/connect/kube: New `kube` subcommand for `boundary connect` that makes it easy to route `kubectl` commands through Boundary, including when using `kubectl proxy` ([PR](https://github.com/hashicorp/boundary/pull/816)) -* cli/server: Add some extra checks around valid/invalid combinations of +- cli/server: Add some extra checks around valid/invalid combinations of addresses to avoid hard-to-understand runtime issues ([PR](https://github.com/hashicorp/boundary/pull/838)) ### Bug Fixes -* cli: Ensure errors print to stderr when token is not found +- cli: Ensure errors print to stderr when token is not found ([Issue](https://github.com/hashicorp/boundary/issues/791)) ([PR](https://github.com/hashicorp/boundary/pull/799)) -* controller: Fix grant IDs being lowercased when being read back (and when +- controller: Fix grant IDs being lowercased when being read back (and when being used for permission evaluation) ([Issue](https://github.com/hashicorp/boundary/issues/794)) ([PR](https://github.com/hashicorp/boundary/pull/839)) @@ -2337,30 +2378,30 @@ database migrate` command. ### New and Improved -* docker: Official Docker image for `hashicorp/boundary` +- docker: Official Docker image for `hashicorp/boundary` ([PR](https://github.com/hashicorp/boundary/pull/755)) -* controller: Add ability to set public address for cluster purposes +- controller: Add ability to set public address for cluster purposes ([Issue](https://github.com/hashicorp/boundary/pull/758)) ([PR](https://github.com/hashicorp/boundary/pull/761)) -* ui: Improve scope awareness and navigation, including IAM for global scope +- ui: Improve scope awareness and navigation, including IAM for global scope ([PR](https://github.com/hashicorp/boundary-ui/pull/355)) -* ui: Add dark mode toggle +- ui: Add dark mode toggle ([Issue](https://github.com/hashicorp/boundary/issues/719)) ([PR](https://github.com/hashicorp/boundary-ui/pull/358)) -* ui: Add scope grants to roles +- ui: Add scope grants to roles ([PR](https://github.com/hashicorp/boundary-ui/pull/357)) -* ui: Add IAM resources to global scope +- ui: Add IAM resources to global scope ([PR](https://github.com/hashicorp/boundary-ui/pull/351)) ### Bug Fixes -* controller, worker: Fix IPv4-only check so `0.0.0.0` specified without a port +- controller, worker: Fix IPv4-only check so `0.0.0.0` specified without a port only listens on IPv4 ([PR](https://github.com/hashicorp/boundary/pull/752)) -* ui: Fix grant string corruption on updates +- ui: Fix grant string corruption on updates ([Issue](https://github.com/hashicorp/boundary/issues/757)) ([PR](https://github.com/hashicorp/boundary-ui/pull/356)) -* controller, cli: Fix mutual exclusivity bug with using -authz-token on `boundary connect` +- controller, cli: Fix mutual exclusivity bug with using -authz-token on `boundary connect` ([PR](https://github.com/hashicorp/boundary/pull/787)) ## 0.1.1 (2020/10/22) @@ -2372,46 +2413,46 @@ currently names of resources are case-sensitive, but in a future update they will become case-preserving but case-insensitive for comparisons (e.g. if using them to access targets). -* cli: There are two changes to token storage handling: - * Specifying `none` for the `-token-name` parameter has been deprecated in +- cli: There are two changes to token storage handling: + - Specifying `none` for the `-token-name` parameter has been deprecated in favor of specifying `none` for the new `-keyring-type` parameter. - * [`pass`](https://www.passwordstore.org/) is now the default keyring type on + - [`pass`](https://www.passwordstore.org/) is now the default keyring type on non-Windows/non-macOS platforms. See the [CLI docs page](https://www.developer.hashicorp.com/boundary/docs/commands) for more information. ### New and Improved -* cli: New `-keyring-type` option and `pass` keyring type for token storage +- cli: New `-keyring-type` option and `pass` keyring type for token storage ([Issue](https://github.com/hashicorp/boundary/issues/697)) ([PR](https://github.com/hashicorp/boundary/issues/731)) -* connect: Allow using `-target-name` in conjunction with either +- connect: Allow using `-target-name` in conjunction with either `-target-scope-id` or `-target-scope-name` to connect to targets, rather than the target's ID ([PR](https://github.com/hashicorp/boundary/pull/737)) -* controller: Allow API/Cluster listeners to be Unix domain sockets +- controller: Allow API/Cluster listeners to be Unix domain sockets ([Issue](https://github.com/hashicorp/boundary/pull/699)) ([PR](https://github.com/hashicorp/boundary/pull/705)) -* ui: Allow creating and assigning a host to a host set directly from the host +- ui: Allow creating and assigning a host to a host set directly from the host set view ([Issue](https://github.com/hashicorp/boundary/issues/710)) ([PR](https://github.com/hashicorp/boundary-ui/pull/350)) ### Bug Fixes -* cli: Fix database init when locale isn't English +- cli: Fix database init when locale isn't English ([Issue](https://github.com/hashicorp/boundary/issues/729)) ([PR](https://github.com/hashicorp/boundary/pull/736)) -* cli: Fix hyphenation in help output for resources with compound names +- cli: Fix hyphenation in help output for resources with compound names ([Issue](https://github.com/hashicorp/boundary/issues/686)) ([PR](https://github.com/hashicorp/boundary/pull/689)) -* controller: Allow connecting to Postgres when using remote Docker in dev mode +- controller: Allow connecting to Postgres when using remote Docker in dev mode ([Issue](https://github.com/hashicorp/boundary/issues/720) ([PR](https://github.com/hashicorp/boundary/pull/732)) -* controller, worker: Fix listening on IPv6 addresses +- controller, worker: Fix listening on IPv6 addresses ([Issue](https://github.com/hashicorp/boundary/issues/701)) ([PR](https://github.com/hashicorp/boundary/pull/703)) -* worker: Fix setting controller address for worker in dev mode +- worker: Fix setting controller address for worker in dev mode ([Issue](https://github.com/hashicorp/boundary/issues/727)) ([PR](https://github.com/hashicorp/boundary/pull/705)) diff --git a/Makefile b/Makefile index ef07c7935a3..495dbafab4a 100644 --- a/Makefile +++ b/Makefile @@ -66,12 +66,6 @@ install: build install-no-plugins: export SKIP_PLUGIN_BUILD=1 install-no-plugins: install -.PHONY: build-pprof -build-pprof: BUILD_TAGS+=pprof -build-pprof: - @echo "==> Building Boundary with memory pprof enabled" - @CGO_ENABLED=$(CGO_ENABLED) BUILD_TAGS='$(BUILD_TAGS)' sh -c "'$(CURDIR)/scripts/build.sh'" - .PHONY: build-memprof build-memprof: BUILD_TAGS+=memprofiler build-memprof: diff --git a/api/go.mod b/api/go.mod index b697013066c..a6be3e1598c 100644 --- a/api/go.mod +++ b/api/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/boundary/api -go 1.25.0 +go 1.25.7 require ( github.com/coder/websocket v1.8.14 @@ -20,8 +20,8 @@ require ( github.com/stretchr/testify v1.11.1 go.uber.org/atomic v1.11.0 golang.org/x/time v0.12.0 - google.golang.org/grpc v1.75.0 - google.golang.org/protobuf v1.36.8 + google.golang.org/grpc v1.79.3 + google.golang.org/protobuf v1.36.10 ) require ( @@ -38,8 +38,8 @@ require ( github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/sys v0.35.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect + golang.org/x/crypto v0.45.0 // indirect + golang.org/x/sys v0.39.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/api/go.sum b/api/go.sum index c2cf6324123..a5e9096d13f 100644 --- a/api/go.sum +++ b/api/go.sum @@ -124,24 +124,24 @@ go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q= +golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/api/proxy/option.go b/api/proxy/option.go index 3f37d89c33d..936f053fb1e 100644 --- a/api/proxy/option.go +++ b/api/proxy/option.go @@ -39,6 +39,7 @@ type Options struct { WithSkipSessionTeardown bool withSessionTeardownTimeout time.Duration withApiClient *api.Client + withInactivityTimeout time.Duration } // Option is a function that takes in an options struct and sets values or @@ -142,3 +143,12 @@ func WithApiClient(with *api.Client) Option { return nil } } + +// WithInactivityTimeout provides an optional duration after which a session +// with no active connections will be cancelled +func WithInactivityTimeout(with time.Duration) Option { + return func(o *Options) error { + o.withInactivityTimeout = with + return nil + } +} diff --git a/api/proxy/proxy.go b/api/proxy/proxy.go index 8aa89bac9ac..99f16bb4f5b 100644 --- a/api/proxy/proxy.go +++ b/api/proxy/proxy.go @@ -34,26 +34,28 @@ import ( const sessionCancelTimeout = 30 * time.Second type ClientProxy struct { - tofuToken string - cachedListenerAddress *ua.String - connectionsLeft *atomic.Int32 - connsLeftCh chan int32 - callerConnectionsLeftCh chan int32 - apiClient *api.Client - sessionAuthzData *targets.SessionAuthorizationData - createTime time.Time - expiration time.Time - ctx context.Context - cancel context.CancelFunc - transport *http.Transport - workerAddr string - listenAddrPort netip.AddrPort - listener *atomic.Value - listenerCloseOnce *sync.Once - clientTlsConf *tls.Config - connWg *sync.WaitGroup - started *atomic.Bool - skipSessionTeardown bool + tofuToken string + cachedListenerAddress *ua.String + connectionsLeft *atomic.Int32 + activeConns *atomic.Int32 + connsLeftCh chan int32 + callerConnsLeftCh chan int32 + apiClient *api.Client + sessionAuthzData *targets.SessionAuthorizationData + createTime time.Time + expiration time.Time + ctx context.Context + cancel context.CancelFunc + transport *http.Transport + workerAddr string + listenAddrPort netip.AddrPort + listener *atomic.Value + listenerCloseOnce *sync.Once + clientTlsConf *tls.Config + connWg *sync.WaitGroup + started *atomic.Bool + skipSessionTeardown bool + closeReason *atomic.Value } // New creates a new client proxy. The given context should be cancelable; once @@ -90,17 +92,19 @@ func New(ctx context.Context, authzToken string, opt ...Option) (*ClientProxy, e } p := &ClientProxy{ - cachedListenerAddress: ua.NewString(""), - connsLeftCh: make(chan int32), - connectionsLeft: new(atomic.Int32), - listener: new(atomic.Value), - listenerCloseOnce: new(sync.Once), - connWg: new(sync.WaitGroup), - listenAddrPort: opts.WithListenAddrPort, - callerConnectionsLeftCh: opts.WithConnectionsLeftCh, - started: new(atomic.Bool), - skipSessionTeardown: opts.WithSkipSessionTeardown, - apiClient: opts.withApiClient, + cachedListenerAddress: ua.NewString(""), + connsLeftCh: make(chan int32), + connectionsLeft: new(atomic.Int32), + activeConns: new(atomic.Int32), + listener: new(atomic.Value), + listenerCloseOnce: new(sync.Once), + connWg: new(sync.WaitGroup), + listenAddrPort: opts.WithListenAddrPort, + callerConnsLeftCh: opts.WithConnectionsLeftCh, + started: new(atomic.Bool), + skipSessionTeardown: opts.WithSkipSessionTeardown, + apiClient: opts.withApiClient, + closeReason: new(atomic.Value), } if opts.WithListener != nil { @@ -142,7 +146,7 @@ func New(ctx context.Context, authzToken string, opt ...Option) (*ClientProxy, e // We don't _rely_ on client-side timeout verification but this prevents us // seeming to be ready for a connection that will immediately fail when we // try to actually make it - p.ctx, p.cancel = context.WithDeadline(ctx, p.expiration) + p.ctx, p.cancel = context.WithDeadlineCause(ctx, p.expiration, fmt.Errorf("Session has expired")) transport := cleanhttp.DefaultTransport() transport.DisableKeepAlives = false @@ -212,6 +216,17 @@ func (p *ClientProxy) Start(opt ...Option) (retErr error) { // Ensure closing the listener runs on any other return condition defer listenerCloseFunc() + // automatically close the proxy when inactive + proxyAutoClose := time.AfterFunc(10*time.Minute, func() { + p.cancel() + p.setCloseReason("Inactivity timeout reached") + }) + + activeConnCh := make(chan int32) + activeConnFn := func(d int32) { + activeConnCh <- p.activeConns.Add(d) + } + fin := make(chan error, 10) p.connWg.Add(1) go func() { @@ -243,8 +258,10 @@ func (p *ClientProxy) Start(opt ...Option) (retErr error) { return } } + activeConnFn(1) p.connWg.Add(1) go func() { + defer activeConnFn(-1) defer listeningConn.Close() defer p.connWg.Done() wsConn, err := p.getWsConn(p.ctx) @@ -305,27 +322,40 @@ func (p *ClientProxy) Start(opt ...Option) (retErr error) { }() defer p.connWg.Done() defer listenerCloseFunc() - for { select { case <-p.ctx.Done(): + if err := context.Cause(p.ctx); !errors.Is(err, context.Canceled) { + p.setCloseReason(err.Error()) + } return case connsLeft := <-p.connsLeftCh: p.connectionsLeft.Store(connsLeft) - if p.callerConnectionsLeftCh != nil { - p.callerConnectionsLeftCh <- connsLeft + if p.callerConnsLeftCh != nil { + p.callerConnsLeftCh <- connsLeft } if connsLeft == 0 { // Close the listener as we can't authorize any more // connections + p.setCloseReason("No connections left in session") return } + case activeConns := <-activeConnCh: + switch { + case activeConns > 0: + // always stop the timer when a new connection is made, + // even if timeout opt is 0 + proxyAutoClose.Stop() + case opts.withInactivityTimeout <= 0: + // no timeout was set, timer should not be reset for inactivity + case activeConns == 0: + proxyAutoClose.Reset(opts.withInactivityTimeout) + } } } }() p.connWg.Wait() - defer p.cancel() { // the go funcs are done, so we can safely close the chan and range over any errors @@ -367,6 +397,25 @@ func (p *ClientProxy) CloseSession(sessionTeardownTimeout time.Duration) error { return nil } +// CloseReason returns the reason why the proxy was closed, if the proxy closed +// itself. If the proxy is still running or the proxy was closed externally, an +// empty string is returned. +func (p *ClientProxy) CloseReason() string { + switch r := p.closeReason.Load().(type) { + case string: + return r + default: + return "" + } +} + +// setCloseReason updates the reason the proxy closed from an empty string to the +// provided string. setCloseReason only accepts the first provided reason for +// closing, all other calls are ignored. +func (p *ClientProxy) setCloseReason(reason string) { + p.closeReason.CompareAndSwap(nil, reason) +} + // ListenerAddress returns the address of the client proxy listener. Because the // listener is started with Start(), this could be called before listening // occurs. To avoid returning until we have a valid value, pass a context; diff --git a/enos/README.md b/enos/README.md index 7511d97695f..9ecc5559773 100644 --- a/enos/README.md +++ b/enos/README.md @@ -66,6 +66,8 @@ following lines 127.0.0.1 localhost worker 127.0.0.1 localhost vault ``` +### AWS Credentials +Copy the AWS Account credentials from doormat and set it in the terminal, where the enos commands are run. ## Executing Scenarios From the `enos` directory: diff --git a/enos/ci/service-user-iam/main.tf b/enos/ci/service-user-iam/main.tf index 1d5136bcd00..1bc32898185 100644 --- a/enos/ci/service-user-iam/main.tf +++ b/enos/ci/service-user-iam/main.tf @@ -167,6 +167,7 @@ data "aws_iam_policy_document" "enos_policy_document" { "iam:CreateUserTag", "iam:DeleteAccessKey", "iam:DeleteInstanceProfile", + "iam:DeleteLoginProfile", "iam:DeletePolicy", "iam:DeleteRole", "iam:DeleteRole", @@ -187,16 +188,22 @@ data "aws_iam_policy_document" "enos_policy_document" { "iam:ListPolicyVersions", "iam:ListAccessKeys", "iam:ListAttachedRolePolicies", + "iam:ListAttachedUserPolicies", "iam:ListGroupsForUser", "iam:ListInstanceProfiles", "iam:ListInstanceProfilesForRole", + "iam:ListMFADevices", "iam:ListPolicies", "iam:ListRolePolicies", "iam:ListRoles", "iam:ListRoles", + "iam:ListServiceSpecificCredentials", + "iam:ListSigningCertificates", + "iam:ListSSHPublicKeys", "iam:ListUserPolicies", "iam:ListUsers", "iam:ListUserTags", + "iam:ListVirtualMFADevices", "iam:PassRole", "iam:PutRolePolicy", "iam:PutUserPolicy", diff --git a/enos/ci/service-user-iam/service-quotas.tf b/enos/ci/service-user-iam/service-quotas.tf index 80af663a844..a91416acaf1 100644 --- a/enos/ci/service-user-iam/service-quotas.tf +++ b/enos/ci/service-user-iam/service-quotas.tf @@ -26,7 +26,7 @@ resource "aws_servicequotas_service_quota" "vpcs_per_region_us_east_2" { provider = aws.us_east_2 quota_code = local.subnets_per_vpc service_code = "vpc" - value = 50 + value = 100 } resource "aws_servicequotas_service_quota" "rds_subnet_groups_us_east_2" { diff --git a/enos/enos-scenario-e2e-database.hcl b/enos/enos-scenario-e2e-database.hcl index 8c8bdbfbc28..4a6eb0999bf 100644 --- a/enos/enos-scenario-e2e-database.hcl +++ b/enos/enos-scenario-e2e-database.hcl @@ -129,6 +129,7 @@ scenario "e2e_database" { aws_host_set_filter1 = step.create_tag_inputs.tag_string max_page_size = 10 aws_region = var.aws_region + vault_version = var.vault_version } } diff --git a/enos/enos-scenario-e2e-docker-base-plus.hcl b/enos/enos-scenario-e2e-docker-base-plus.hcl index 26413d646ab..2974fef2470 100644 --- a/enos/enos-scenario-e2e-docker-base-plus.hcl +++ b/enos/enos-scenario-e2e-docker-base-plus.hcl @@ -81,7 +81,7 @@ scenario "e2e_docker_base_plus" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster] database_network = local.network_cluster postgres_address = step.create_boundary_database.address diff --git a/enos/enos-scenario-e2e-docker-base-with-gcp.hcl b/enos/enos-scenario-e2e-docker-base-with-gcp.hcl index 106f8590b3e..a24e25cda05 100644 --- a/enos/enos-scenario-e2e-docker-base-with-gcp.hcl +++ b/enos/enos-scenario-e2e-docker-base-with-gcp.hcl @@ -82,7 +82,7 @@ scenario "e2e_docker_base_with_gcp" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster] database_network = local.network_cluster postgres_address = step.create_boundary_database.address diff --git a/enos/enos-scenario-e2e-docker-base-with-vault.hcl b/enos/enos-scenario-e2e-docker-base-with-vault.hcl index 4e19859f42d..6b8cd1c3067 100644 --- a/enos/enos-scenario-e2e-docker-base-with-vault.hcl +++ b/enos/enos-scenario-e2e-docker-base-with-vault.hcl @@ -83,7 +83,7 @@ scenario "e2e_docker_base_with_vault" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster] database_network = local.network_cluster postgres_address = step.create_boundary_database.address diff --git a/enos/enos-scenario-e2e-docker-base-with-worker.hcl b/enos/enos-scenario-e2e-docker-base-with-worker.hcl index 0fda20cf296..ad398c821b0 100644 --- a/enos/enos-scenario-e2e-docker-base-with-worker.hcl +++ b/enos/enos-scenario-e2e-docker-base-with-worker.hcl @@ -99,7 +99,7 @@ scenario "e2e_docker_base_with_worker" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster, local.network_database] database_network = local.network_database postgres_address = step.create_boundary_database.address @@ -143,7 +143,7 @@ scenario "e2e_docker_base_with_worker" { step.create_boundary ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name boundary_license = var.boundary_edition != "oss" ? step.read_license.license : "" config_file = "worker-config.hcl" container_name = "worker" diff --git a/enos/enos-scenario-e2e-docker-base.hcl b/enos/enos-scenario-e2e-docker-base.hcl index e4ae9cdeb6b..a57b8654119 100644 --- a/enos/enos-scenario-e2e-docker-base.hcl +++ b/enos/enos-scenario-e2e-docker-base.hcl @@ -81,7 +81,7 @@ scenario "e2e_docker_base" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster] database_network = local.network_cluster postgres_address = step.create_boundary_database.address diff --git a/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl b/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl index 15dc01b90a6..451c4a0eeca 100644 --- a/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl +++ b/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl @@ -99,7 +99,7 @@ scenario "e2e_docker_worker_registration_controller_led" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster, local.network_database] database_network = local.network_database postgres_address = step.create_boundary_database.address @@ -113,7 +113,7 @@ scenario "e2e_docker_worker_registration_controller_led" { depends_on = [step.create_boundary] variables { address = step.create_boundary.address - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = local.network_cluster login_name = step.create_boundary.login_name password = step.create_boundary.password @@ -157,7 +157,7 @@ scenario "e2e_docker_worker_registration_controller_led" { step.create_boundary ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name boundary_license = var.boundary_edition != "oss" ? step.read_license.license : "" config_file = "worker-config-controller-led.hcl" container_name = "worker" diff --git a/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl b/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl index 93651ecbd46..208a0850f4c 100644 --- a/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl +++ b/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl @@ -99,7 +99,7 @@ scenario "e2e_docker_worker_registration_worker_led" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster, local.network_database] database_network = local.network_database postgres_address = step.create_boundary_database.address @@ -144,7 +144,7 @@ scenario "e2e_docker_worker_registration_worker_led" { step.create_boundary ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name boundary_license = var.boundary_edition != "oss" ? step.read_license.license : "" config_file = "worker-config-worker-led.hcl" container_name = "worker" @@ -165,7 +165,7 @@ scenario "e2e_docker_worker_registration_worker_led" { ] variables { address = step.create_boundary.address - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = local.network_cluster login_name = step.create_boundary.login_name password = step.create_boundary.password diff --git a/enos/enos-scenario-e2e-ui-docker.hcl b/enos/enos-scenario-e2e-ui-docker.hcl index 7128afe10a0..7acc96c9fda 100644 --- a/enos/enos-scenario-e2e-ui-docker.hcl +++ b/enos/enos-scenario-e2e-ui-docker.hcl @@ -81,7 +81,7 @@ scenario "e2e_ui_docker" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster] database_network = local.network_cluster postgres_address = step.create_boundary_database.address @@ -124,7 +124,7 @@ scenario "e2e_ui_docker" { step.create_boundary ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name boundary_license = var.boundary_edition != "oss" ? step.read_license.license : "" config_file = "worker-config.hcl" container_name = "worker" diff --git a/enos/enos-variables.hcl b/enos/enos-variables.hcl index c8e40215573..4bcac203af2 100644 --- a/enos/enos-variables.hcl +++ b/enos/enos-variables.hcl @@ -25,12 +25,6 @@ variable "enos_user" { } # Test configs -variable "boundary_docker_image_name" { - description = "Name:Tag of Docker image to use" - type = string - default = "docker.io/hashicorp/boundary:latest" -} - variable "boundary_docker_image_file" { description = "Path to Boundary Docker image" type = string diff --git a/enos/modules/aws_boundary/boundary-instances.tf b/enos/modules/aws_boundary/boundary-instances.tf index 7362884e6b8..3f4bd7a2046 100644 --- a/enos/modules/aws_boundary/boundary-instances.tf +++ b/enos/modules/aws_boundary/boundary-instances.tf @@ -26,6 +26,11 @@ resource "aws_instance" "controller" { encrypted = true } + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } + tags = merge(local.common_tags, { Name = "${local.name_prefix}-boundary-controller-${count.index}-${split(":", data.aws_caller_identity.current.user_id)[1]}" @@ -54,6 +59,11 @@ resource "aws_instance" "worker" { encrypted = true } + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } + tags = merge(local.common_tags, { Name = "${local.name_prefix}-boundary-worker-${count.index}-${split(":", data.aws_caller_identity.current.user_id)[1]}", diff --git a/enos/modules/aws_boundary/rds.tf b/enos/modules/aws_boundary/rds.tf index 76f5335b99a..13403779c7e 100644 --- a/enos/modules/aws_boundary/rds.tf +++ b/enos/modules/aws_boundary/rds.tf @@ -6,14 +6,19 @@ resource "aws_db_subnet_group" "boundary" { subnet_ids = data.aws_subnets.infra.ids } +data "aws_rds_engine_version" "default" { + engine = var.db_engine +} + resource "aws_db_instance" "boundary" { count = var.db_create == true ? 1 : 0 identifier = "boundary-db-${random_string.cluster_id.result}" allocated_storage = var.db_storage storage_type = var.db_storage_type + storage_encrypted = true iops = var.db_storage_iops - engine = var.db_engine - engine_version = var.db_engine == "aurora-postgres" ? null : var.db_version + engine = data.aws_rds_engine_version.default.engine + engine_version = data.aws_rds_engine_version.default.version instance_class = var.db_class monitoring_interval = var.db_monitoring_interval monitoring_role_arn = var.db_monitoring_role_arn diff --git a/enos/modules/aws_boundary/variables.tf b/enos/modules/aws_boundary/variables.tf index 81ffe026765..5a55a00a6ea 100644 --- a/enos/modules/aws_boundary/variables.tf +++ b/enos/modules/aws_boundary/variables.tf @@ -136,12 +136,6 @@ variable "db_class" { default = "db.t4g.small" } -variable "db_version" { - description = "AWS RDS DBS engine version (for postgres/mysql)" - type = string - default = "15.7" -} - variable "db_engine" { description = "AWS RDS DB engine type" type = string @@ -406,4 +400,4 @@ variable "vault_transit_token" { description = "vault token used for kms transit in the boundary config" type = string default = "" -} \ No newline at end of file +} diff --git a/enos/modules/aws_iam_setup/main.tf b/enos/modules/aws_iam_setup/main.tf index 6a848525c3d..846d4fcf97b 100644 --- a/enos/modules/aws_iam_setup/main.tf +++ b/enos/modules/aws_iam_setup/main.tf @@ -21,9 +21,7 @@ resource "aws_iam_user" "boundary" { name = "demo-${local.user_email}-${var.test_id}" tags = { boundary-demo = local.user_email } permissions_boundary = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:policy/DemoUser" - # If credential rotation is used, this is necessary to delete the user since a new access - # key will be generated. - force_destroy = var.enable_credential_rotation ? true : false + force_destroy = true } resource "aws_iam_user_policy" "boundary" { diff --git a/enos/modules/aws_rdp_domain_controller/main.tf b/enos/modules/aws_rdp_domain_controller/main.tf index 931ef400871..8516313aa0b 100644 --- a/enos/modules/aws_rdp_domain_controller/main.tf +++ b/enos/modules/aws_rdp_domain_controller/main.tf @@ -302,6 +302,7 @@ resource "aws_instance" "domain_controller" { metadata_options { http_endpoint = "enabled" + http_tokens = "required" instance_metadata_tags = "enabled" } get_password_data = true diff --git a/enos/modules/aws_rdp_member_server/main.tf b/enos/modules/aws_rdp_member_server/main.tf index 86b5ba68781..1b712788d8a 100644 --- a/enos/modules/aws_rdp_member_server/main.tf +++ b/enos/modules/aws_rdp_member_server/main.tf @@ -234,6 +234,7 @@ ${var.domain_admin_password} metadata_options { http_endpoint = "enabled" + http_tokens = "required" instance_metadata_tags = "enabled" } get_password_data = true diff --git a/enos/modules/aws_rdp_member_server_with_worker/main.tf b/enos/modules/aws_rdp_member_server_with_worker/main.tf index ccd2ad5a32c..3b91f6234b1 100644 --- a/enos/modules/aws_rdp_member_server_with_worker/main.tf +++ b/enos/modules/aws_rdp_member_server_with_worker/main.tf @@ -251,6 +251,7 @@ ${var.domain_admin_password} metadata_options { http_endpoint = "enabled" + http_tokens = "required" instance_metadata_tags = "enabled" } get_password_data = true diff --git a/enos/modules/aws_target/main.tf b/enos/modules/aws_target/main.tf index 2179a550b09..e7694cf9b11 100644 --- a/enos/modules/aws_target/main.tf +++ b/enos/modules/aws_target/main.tf @@ -126,13 +126,18 @@ resource "aws_instance" "target" { "Type" : "target", "Project" : "Enos", "Project Name" : "qti-enos-boundary", - "Environment" : var.environment + "Environment" : var.environment, "Enos User" : var.enos_user, }) root_block_device { encrypted = true } + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } } resource "enos_remote_exec" "wait" { diff --git a/enos/modules/aws_vault/vault-instances.tf b/enos/modules/aws_vault/vault-instances.tf index 2fd1b092c4f..8ed35ce60a4 100644 --- a/enos/modules/aws_vault/vault-instances.tf +++ b/enos/modules/aws_vault/vault-instances.tf @@ -17,6 +17,11 @@ resource "aws_instance" "vault_instance" { Type = local.vault_cluster_tag }, ) + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } } resource "enos_remote_exec" "install_dependencies" { diff --git a/enos/modules/aws_vpc/main.tf b/enos/modules/aws_vpc/main.tf index 60ae67d6db8..ca11c36fb86 100644 --- a/enos/modules/aws_vpc/main.tf +++ b/enos/modules/aws_vpc/main.tf @@ -70,10 +70,14 @@ data "aws_ami" "ubuntu" { most_recent = true count = length(local.architecture_filters) - # Currently latest LTS-1 filter { name = "name" - values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-*-server-*"] + values = ["hc-base-ubuntu-2404-*"] + } + + filter { + name = "state" + values = ["available"] } filter { @@ -86,7 +90,7 @@ data "aws_ami" "ubuntu" { values = [local.architecture_filters[count.index]] } - owners = ["099720109477"] # Canonical + owners = ["888995627335"] # ami-prod account } data "aws_ami" "rhel" { diff --git a/enos/modules/aws_vpc_ipv6/main.tf b/enos/modules/aws_vpc_ipv6/main.tf index f34496f3f3d..6a71eee081c 100644 --- a/enos/modules/aws_vpc_ipv6/main.tf +++ b/enos/modules/aws_vpc_ipv6/main.tf @@ -107,10 +107,14 @@ data "aws_ami" "ubuntu" { most_recent = true count = length(local.architecture_filters) - # Currently latest LTS-1 filter { name = "name" - values = ["ubuntu/images/hvm-ssd/ubuntu-jammy-22.04-*-server-*"] + values = ["hc-base-ubuntu-2404-*"] + } + + filter { + name = "state" + values = ["available"] } filter { @@ -123,7 +127,7 @@ data "aws_ami" "ubuntu" { values = [local.architecture_filters[count.index]] } - owners = ["099720109477"] # Canonical + owners = ["888995627335"] # ami-prod account } data "aws_ami" "rhel" { diff --git a/enos/modules/aws_windows_client/main.tf b/enos/modules/aws_windows_client/main.tf index 837a9dbc6e3..b616ef88be9 100644 --- a/enos/modules/aws_windows_client/main.tf +++ b/enos/modules/aws_windows_client/main.tf @@ -253,6 +253,7 @@ resource "aws_instance" "client" { metadata_options { http_endpoint = "enabled" + http_tokens = "required" instance_metadata_tags = "enabled" } get_password_data = true diff --git a/enos/modules/aws_worker/main.tf b/enos/modules/aws_worker/main.tf index a7ba4d11e10..e92061a439b 100644 --- a/enos/modules/aws_worker/main.tf +++ b/enos/modules/aws_worker/main.tf @@ -161,6 +161,11 @@ resource "aws_instance" "worker" { Name = "${var.name_prefix}-boundary-worker-${split(":", data.aws_caller_identity.current.user_id)[1]}", }, ) + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } } resource "enos_bundle_install" "worker" { diff --git a/enos/modules/build_boundary_docker_crt/main.tf b/enos/modules/build_boundary_docker_crt/main.tf index 1f27ee60415..d8d80e3ccc8 100644 --- a/enos/modules/build_boundary_docker_crt/main.tf +++ b/enos/modules/build_boundary_docker_crt/main.tf @@ -27,6 +27,21 @@ resource "enos_local_exec" "load_docker_image" { inline = ["docker load -i ${var.path}"] } +locals { + boundary_docker_image_name = replace( + element( + split("\n", trimspace(enos_local_exec.load_docker_image.stdout)), + -1 + ), + "Loaded image: ", + "" + ) +} + output "cli_zip_path" { value = var.cli_build_path } + +output "image_name" { + value = local.boundary_docker_image_name +} diff --git a/enos/modules/docker_boundary/main.tf b/enos/modules/docker_boundary/main.tf index 5cc7f3ccf86..e443412f90d 100644 --- a/enos/modules/docker_boundary/main.tf +++ b/enos/modules/docker_boundary/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } tls = { diff --git a/enos/modules/docker_ldap/main.tf b/enos/modules/docker_ldap/main.tf index 6b860f9ed54..4f11cdba797 100644 --- a/enos/modules/docker_ldap/main.tf +++ b/enos/modules/docker_ldap/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } enos = { diff --git a/enos/modules/docker_minio/main.tf b/enos/modules/docker_minio/main.tf index 2d76c39502a..4abf07fac06 100644 --- a/enos/modules/docker_minio/main.tf +++ b/enos/modules/docker_minio/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } enos = { diff --git a/enos/modules/docker_network/main.tf b/enos/modules/docker_network/main.tf index 18901a8e51d..2ebefad70ea 100644 --- a/enos/modules/docker_network/main.tf +++ b/enos/modules/docker_network/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } } } diff --git a/enos/modules/docker_openssh_server/main.tf b/enos/modules/docker_openssh_server/main.tf index 2fb4b70efe2..ae144b44a41 100644 --- a/enos/modules/docker_openssh_server/main.tf +++ b/enos/modules/docker_openssh_server/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } tls = { @@ -99,6 +99,10 @@ output "address" { value = docker_container.openssh_server.network_data[0].ip_address } +output "container_name" { + value = var.container_name +} + output "port" { value = "2222" } diff --git a/enos/modules/docker_openssh_server_ca_key/main.tf b/enos/modules/docker_openssh_server_ca_key/main.tf index cf1441aefe8..6ea8e8a31be 100644 --- a/enos/modules/docker_openssh_server_ca_key/main.tf +++ b/enos/modules/docker_openssh_server_ca_key/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } tls = { @@ -123,6 +123,10 @@ output "address" { value = docker_container.openssh_server.network_data[0].ip_address } +output "container_name" { + value = var.container_name +} + output "port" { value = "2222" } diff --git a/enos/modules/docker_postgres/main.tf b/enos/modules/docker_postgres/main.tf index 2a4df84b372..b5b19885297 100644 --- a/enos/modules/docker_postgres/main.tf +++ b/enos/modules/docker_postgres/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } enos = { diff --git a/enos/modules/docker_vault/main.tf b/enos/modules/docker_vault/main.tf index 1103325de81..3b03a5d2a54 100644 --- a/enos/modules/docker_vault/main.tf +++ b/enos/modules/docker_vault/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } tls = { diff --git a/enos/modules/docker_worker/main.tf b/enos/modules/docker_worker/main.tf index 6ce3172084a..2fb2a553127 100644 --- a/enos/modules/docker_worker/main.tf +++ b/enos/modules/docker_worker/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } tls = { @@ -72,7 +72,7 @@ resource "docker_image" "boundary" { } locals { - recording_storage_path = "/recordings" + recording_storage_path = "/boundary/recordings" port_ops = var.port + 1 } @@ -96,13 +96,9 @@ resource "docker_container" "worker" { capabilities { add = ["IPC_LOCK"] } - mounts { - type = "tmpfs" - target = local.recording_storage_path - } - mounts { - type = "tmpfs" - target = "/boundary/logs" + tmpfs = { + (local.recording_storage_path) = "mode=1777" + "/boundary/logs" = "mode=1777" } upload { content = templatefile("${abspath(path.module)}/${var.config_file}", { diff --git a/enos/modules/test_e2e/main.tf b/enos/modules/test_e2e/main.tf index 773e8600973..af4c0018efe 100644 --- a/enos/modules/test_e2e/main.tf +++ b/enos/modules/test_e2e/main.tf @@ -81,6 +81,11 @@ variable "vault_root_token" { type = string default = "" } +variable "vault_version" { + description = "Version of vault being tested, used to determine which tests to run" + type = string + default = "" +} variable "aws_access_key_id" { description = "Access Key Id for AWS IAM user used in dynamic host catalogs" type = string @@ -252,6 +257,7 @@ resource "enos_local_exec" "run_e2e_test" { VAULT_TOKEN = var.vault_root_token E2E_VAULT_ADDR_PUBLIC = var.vault_addr_public E2E_VAULT_ADDR_PRIVATE = var.vault_addr_private + E2E_VAULT_VERSION = var.vault_version E2E_AWS_ACCESS_KEY_ID = var.aws_access_key_id E2E_AWS_SECRET_ACCESS_KEY = var.aws_secret_access_key E2E_AWS_HOST_SET_FILTER = var.aws_host_set_filter1 diff --git a/enos/modules/test_e2e_docker/main.tf b/enos/modules/test_e2e_docker/main.tf index 180f5f5fca3..6bfb5dc338f 100644 --- a/enos/modules/test_e2e_docker/main.tf +++ b/enos/modules/test_e2e_docker/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } enos = { @@ -84,6 +84,11 @@ variable "target_address" { type = string default = "" } +variable "target_container_name" { + description = "Container Name of target" + type = string + default = "" +} variable "target_port" { description = "Port of target" type = string @@ -310,6 +315,7 @@ resource "enos_local_exec" "run_e2e_test" { E2E_PASSWORD_AUTH_METHOD_ID = var.auth_method_id E2E_PASSWORD_ADMIN_LOGIN_NAME = var.auth_login_name E2E_PASSWORD_ADMIN_PASSWORD = var.auth_password + E2E_TARGET_CONTAINER_NAME = var.target_container_name E2E_TARGET_ADDRESS = var.target_address E2E_TARGET_PORT = var.target_port E2E_SSH_USER = var.target_user diff --git a/enos/modules/test_e2e_docker/test.sh b/enos/modules/test_e2e_docker/test.sh index 56e2e6b0acb..d06e04d4472 100755 --- a/enos/modules/test_e2e_docker/test.sh +++ b/enos/modules/test_e2e_docker/test.sh @@ -90,22 +90,11 @@ echo "trusted-key $KEY_ID" >> ~/.gnupg/gpg.conf pass init $KEY_ID &>/dev/null # Install the vault cli -wget -O- https://apt.releases.hashicorp.com/gpg | gpg --batch --yes --dearmor -o /usr/share/keyrings/hashicorp-archive-keyring.gpg -export lines=$(gpg --no-default-keyring --keyring /usr/share/keyrings/hashicorp-archive-keyring.gpg --fingerprint --with-colons) -while read -r line -do - if [[ $line =~ "fpr"* ]]; then - if [[ "$(echo $line | sed -r 's/fpr|://g')" != "798AEC654E5C15428C8E42EEAA16FCBCA621E701" ]]; then - echo "HashiCorp key fingerprint does not match expected" - exit 1 - else - break - fi - fi -done <<< $lines -echo "deb [arch=$(dpkg --print-architecture) signed-by=/usr/share/keyrings/hashicorp-archive-keyring.gpg] https://apt.releases.hashicorp.com $(lsb_release -cs) main" | tee /etc/apt/sources.list.d/hashicorp.list -apt update -apt install vault -y +export vault_version="1.17.6" +export vault_arch=$(dpkg --print-architecture) +wget "https://releases.hashicorp.com/vault/${vault_version}/vault_${vault_version}_linux_${vault_arch}.zip" -O /tmp/vault.zip +unzip -o /tmp/vault.zip -d /usr/local/bin/ +rm /tmp/vault.zip # Install the docker cli wget -O- https://download.docker.com/linux/debian/gpg | gpg --batch --yes --dearmor -o /etc/apt/keyrings/docker.gpg @@ -117,6 +106,6 @@ apt update apt install docker-ce-cli -y # Run Tests -unzip /boundary.zip -d /usr/local/bin/ +unzip -o /boundary.zip -d /usr/local/bin/ cd /src/boundary go test -v -count=1 $TEST_PACKAGE -timeout $TEST_TIMEOUT | tee /testlogs/test-e2e-${TEST_PACKAGE##*/}.log diff --git a/enos/modules/test_e2e_docker/test_runner.sh b/enos/modules/test_e2e_docker/test_runner.sh index 9e8c330f558..1e77279176d 100644 --- a/enos/modules/test_e2e_docker/test_runner.sh +++ b/enos/modules/test_e2e_docker/test_runner.sh @@ -17,6 +17,7 @@ docker run \ -e "E2E_PASSWORD_AUTH_METHOD_ID=$E2E_PASSWORD_AUTH_METHOD_ID" \ -e "E2E_PASSWORD_ADMIN_LOGIN_NAME=$E2E_PASSWORD_ADMIN_LOGIN_NAME" \ -e "E2E_PASSWORD_ADMIN_PASSWORD=$E2E_PASSWORD_ADMIN_PASSWORD" \ + -e "E2E_TARGET_CONTAINER_NAME=$E2E_TARGET_CONTAINER_NAME" \ -e "E2E_TARGET_ADDRESS=$E2E_TARGET_ADDRESS" \ -e "E2E_TARGET_PORT=$E2E_TARGET_PORT" \ -e "E2E_SSH_USER=$E2E_SSH_USER" \ diff --git a/go.mod b/go.mod index 2bda5ef12b3..8bee3b2b993 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/boundary -go 1.25.0 +go 1.25.7 replace github.com/hashicorp/boundary/api => ./api @@ -32,10 +32,10 @@ require ( github.com/hashicorp/eventlogger/filters/encrypt v0.1.8-0.20231208142215-efdb51ec090d github.com/hashicorp/go-bexpr v0.1.14 github.com/hashicorp/go-cleanhttp v0.5.2 - github.com/hashicorp/go-dbw v0.1.5-0.20240909162114-6cee92b3da36 + github.com/hashicorp/go-dbw v0.1.5 github.com/hashicorp/go-hclog v1.6.3 github.com/hashicorp/go-kms-wrapping/extras/kms/v2 v2.0.0-20241126174344-f3b1a41a15fd - github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 + github.com/hashicorp/go-kms-wrapping/v2 v2.0.19 github.com/hashicorp/go-multierror v1.1.1 github.com/hashicorp/go-rate v0.0.0-20231204194614-cc8d401f70ab github.com/hashicorp/go-retryablehttp v0.7.8 @@ -57,11 +57,10 @@ require ( github.com/hashicorp/go-version v1.7.0 github.com/hashicorp/hcl v1.0.1-vault-7 github.com/hashicorp/mql v0.1.5 - github.com/hashicorp/nodeenrollment v0.2.14 + github.com/hashicorp/nodeenrollment v0.2.15 github.com/hashicorp/vault/api v1.20.0 github.com/iancoleman/strcase v0.3.0 - github.com/jackc/pgconn v1.14.3 - github.com/jackc/pgx/v5 v5.7.5 + github.com/jackc/pgx/v5 v5.9.2 github.com/jefferai/keyring v1.1.7-0.20220316160357-58a74bb55891 github.com/jimlambrt/gldap v0.1.14 github.com/kelseyhightower/envconfig v1.4.0 @@ -87,19 +86,19 @@ require ( github.com/stretchr/testify v1.11.1 github.com/zalando/go-keyring v0.2.6 go.uber.org/atomic v1.11.0 - golang.org/x/crypto v0.41.0 + golang.org/x/crypto v0.46.0 golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 - golang.org/x/net v0.43.0 - golang.org/x/sync v0.16.0 - golang.org/x/sys v0.35.0 - golang.org/x/term v0.34.0 - golang.org/x/text v0.28.0 - golang.org/x/tools v0.36.0 + golang.org/x/net v0.48.0 + golang.org/x/sync v0.19.0 + golang.org/x/sys v0.39.0 + golang.org/x/term v0.38.0 + golang.org/x/text v0.32.0 + golang.org/x/tools v0.39.0 google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de - google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c - google.golang.org/grpc v1.75.0 + google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 + google.golang.org/grpc v1.79.3 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 - google.golang.org/protobuf v1.36.8 + google.golang.org/protobuf v1.36.11 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gorm.io/driver/postgres v1.6.0 mvdan.cc/gofumpt v0.9.0 @@ -110,8 +109,8 @@ require ( dario.cat/mergo v1.0.1 // indirect github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect github.com/AlecAivazis/survey/v2 v2.3.2 // indirect - github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect - github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 // indirect + github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c // indirect + github.com/Azure/go-ntlmssp v0.1.1 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.2.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 // indirect @@ -132,16 +131,16 @@ require ( github.com/danieljoos/wincred v1.2.2 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/distribution/reference v0.6.0 // indirect - github.com/docker/cli v27.4.1+incompatible // indirect - github.com/docker/go-connections v0.5.0 // indirect + github.com/docker/cli v29.2.0+incompatible // indirect + github.com/docker/go-connections v0.6.0 // indirect github.com/docker/go-units v0.5.0 // indirect github.com/dustin/go-humanize v1.0.1 // indirect - github.com/dvsekhvalnov/jose2go v1.6.0 // indirect + github.com/dvsekhvalnov/jose2go v1.7.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/glebarez/go-sqlite v1.22.0 // indirect - github.com/go-asn1-ber/asn1-ber v1.5.7 // indirect - github.com/go-jose/go-jose/v3 v3.0.4 // indirect - github.com/go-jose/go-jose/v4 v4.1.1 // indirect + github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 // indirect + github.com/go-jose/go-jose/v3 v3.0.5 // indirect + github.com/go-jose/go-jose/v4 v4.1.4 // indirect github.com/go-ldap/ldap/v3 v3.4.8 // indirect github.com/go-logr/logr v1.4.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -159,10 +158,7 @@ require ( github.com/hashicorp/yamux v0.1.2 // indirect github.com/huandu/xstrings v1.4.0 // indirect github.com/imdario/mergo v0.3.16 // indirect - github.com/jackc/chunkreader/v2 v2.0.1 // indirect - github.com/jackc/pgio v1.0.0 // indirect github.com/jackc/pgpassfile v1.0.0 // indirect - github.com/jackc/pgproto3/v2 v2.3.3 // indirect github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 // indirect github.com/jackc/puddle/v2 v2.2.2 // indirect github.com/jefferai/go-libsecret v0.0.0-20210525195240-b53481abef97 // indirect @@ -173,21 +169,23 @@ require ( github.com/kardianos/osext v0.0.0-20190222173326-2bc1f35cddc0 // indirect github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect github.com/mattn/go-isatty v0.0.20 // indirect - github.com/mattn/go-sqlite3 v1.14.22 // indirect + github.com/mattn/go-sqlite3 v1.14.28 // indirect github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect github.com/moby/docker-image-spec v1.3.1 // indirect + github.com/moby/moby/api v1.53.0 // indirect + github.com/moby/moby/client v0.2.2 // indirect github.com/moby/sys/atomicwriter v0.1.0 // indirect github.com/moby/sys/user v0.4.0 // indirect - github.com/moby/term v0.5.0 // indirect + github.com/moby/term v0.5.2 // indirect github.com/mtibben/percent v0.2.1 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/ncruces/go-strftime v0.1.9 // indirect github.com/oklog/run v1.1.0 // indirect github.com/opencontainers/go-digest v1.0.0 // indirect github.com/opencontainers/image-spec v1.1.1 // indirect - github.com/opencontainers/runc v1.2.3 // indirect + github.com/opencontainers/runc v1.2.8 // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.2 // indirect @@ -204,25 +202,24 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect - github.com/xo/dburl v0.23.1 // indirect + github.com/xo/dburl v0.23.7 // indirect github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 // indirect - go.opentelemetry.io/otel v1.37.0 // indirect + go.opentelemetry.io/otel v1.39.0 // indirect go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 // indirect - go.opentelemetry.io/otel/metric v1.37.0 // indirect - go.opentelemetry.io/otel/trace v1.37.0 // indirect + go.opentelemetry.io/otel/metric v1.39.0 // indirect + go.opentelemetry.io/otel/trace v1.39.0 // indirect go.yaml.in/yaml/v2 v2.4.2 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect - golang.org/x/mod v0.27.0 // indirect - golang.org/x/oauth2 v0.30.0 // indirect + golang.org/x/mod v0.30.0 // indirect + golang.org/x/oauth2 v0.34.0 // indirect + golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 // indirect golang.org/x/time v0.12.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - gorm.io/driver/sqlite v1.5.6 // indirect - gorm.io/gorm v1.25.11 // indirect - gotest.tools/v3 v3.5.2 // indirect + gorm.io/driver/sqlite v1.5.7 // indirect + gorm.io/gorm v1.25.12 // indirect modernc.org/libc v1.41.0 // indirect modernc.org/mathutil v1.6.0 // indirect modernc.org/memory v1.7.2 // indirect diff --git a/go.sum b/go.sum index 6bf85e89d38..9fff32b02d2 100644 --- a/go.sum +++ b/go.sum @@ -9,10 +9,11 @@ github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 h1:/vQbFIOMb github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4/go.mod h1:hN7oaIRCjzsZ2dE+yG5k+rsdt3qcwykqK6HVGcKwsw4= github.com/AlecAivazis/survey/v2 v2.3.2 h1:TqTB+aDDCLYhf9/bD2TwSO8u8jDSmMUd2SUVO4gCnU8= github.com/AlecAivazis/survey/v2 v2.3.2/go.mod h1:TH2kPCDU3Kqq7pLbnCWwZXDBjnhZtmsCle5EiYDJ2fg= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= -github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= -github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358 h1:mFRzDkZVAjdal+s7s0MwaRv9igoPqLRdzOLzw/8Xvq8= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c h1:udKWzYgxTojEKWjV8V+WSxDXJ4NFATAsZjh8iIbsQIg= +github.com/Azure/go-ansiterm v0.0.0-20250102033503-faa5f7b0171c/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/Azure/go-ntlmssp v0.0.0-20221128193559-754e69321358/go.mod h1:chxPXzSsl7ZWRAuOIE23GDNzjWuZquvFlgA8xmpunjU= +github.com/Azure/go-ntlmssp v0.1.1 h1:l+FM/EEMb0U9QZE7mKNEDw5Mu3mFiaa2GKOoTSsNDPw= +github.com/Azure/go-ntlmssp v0.1.1/go.mod h1:NYqdhxd/8aAct/s4qSYZEerdPuH1liG2/X9DiVTbhpk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/DATA-DOG/go-sqlmock v1.5.2 h1:OcvFkGmslmlZibjAjaHm3L//6LiuBgolP7OputlJIzU= github.com/DATA-DOG/go-sqlmock v1.5.2/go.mod h1:88MAG/4G7SMwSE3CeA0ZKzrT5CiOU3OJ+JlNzwDqpNU= @@ -92,18 +93,18 @@ github.com/dhui/dktest v0.4.6 h1:+DPKyScKSEp3VLtbMDHcUq6V5Lm5zfZZVb0Sk7Ahom4= github.com/dhui/dktest v0.4.6/go.mod h1:JHTSYDtKkvFNFHJKqCzVzqXecyv+tKt8EzceOmQOgbU= github.com/distribution/reference v0.6.0 h1:0IXCQ5g4/QMHHkarYzh5l+u8T3t73zM5QvfrDyIgxBk= github.com/distribution/reference v0.6.0/go.mod h1:BbU0aIcezP1/5jX/8MP0YiH4SdvB5Y4f/wlDRiLyi3E= -github.com/docker/cli v27.4.1+incompatible h1:VzPiUlRJ/xh+otB75gva3r05isHMo5wXDfPRi5/b4hI= -github.com/docker/cli v27.4.1+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= +github.com/docker/cli v29.2.0+incompatible h1:9oBd9+YM7rxjZLfyMGxjraKBKE4/nVyvVfN4qNl9XRM= +github.com/docker/cli v29.2.0+incompatible/go.mod h1:JLrzqnKDaYBop7H2jaqPtU4hHvMKP+vjCwu2uszcLI8= github.com/docker/docker v28.4.0+incompatible h1:KVC7bz5zJY/4AZe/78BIvCnPsLaC9T/zh72xnlrTTOk= github.com/docker/docker v28.4.0+incompatible/go.mod h1:eEKB0N0r5NX/I1kEveEz05bcu8tLC/8azJZsviup8Sk= -github.com/docker/go-connections v0.5.0 h1:USnMq7hx7gwdVZq1L49hLXaFtUdTADjXGp+uj1Br63c= -github.com/docker/go-connections v0.5.0/go.mod h1:ov60Kzw0kKElRwhNs9UlUHAE/F9Fe6GLaXnqyDdmEXc= +github.com/docker/go-connections v0.6.0 h1:LlMG9azAe1TqfR7sO+NJttz1gy6KO7VJBh+pMmjSD94= +github.com/docker/go-connections v0.6.0/go.mod h1:AahvXYshr6JgfUJGdDCs2b5EZG/vmaMAntpSFH5BFKE= github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4= github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkpeCY= github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto= -github.com/dvsekhvalnov/jose2go v1.6.0 h1:Y9gnSnP4qEI0+/uQkHvFXeD2PLPJeXEL+ySMEA2EjTY= -github.com/dvsekhvalnov/jose2go v1.6.0/go.mod h1:QsHjhyTlD/lAVqn/NSbVZmSCGeDehTB/mPZadG+mhXU= +github.com/dvsekhvalnov/jose2go v1.7.0 h1:bnQc8+GMnidJZA8zc6lLEAb4xNrIqHwO+9TzqvtQZPo= +github.com/dvsekhvalnov/jose2go v1.7.0/go.mod h1:QsHjhyTlD/lAVqn/NSbVZmSCGeDehTB/mPZadG+mhXU= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -128,12 +129,12 @@ github.com/glebarez/go-sqlite v1.22.0/go.mod h1:PlBIdHe0+aUEFn+r2/uthrWq4FxbzugL github.com/glebarez/sqlite v1.11.0 h1:wSG0irqzP6VurnMEpFGer5Li19RpIRi2qvQz++w0GMw= github.com/glebarez/sqlite v1.11.0/go.mod h1:h8/o8j5wiAsqSPoWELDUdJXhjAhsVliSn7bWZjOhrgQ= github.com/go-asn1-ber/asn1-ber v1.5.5/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-asn1-ber/asn1-ber v1.5.7 h1:DTX+lbVTWaTw1hQ+PbZPlnDZPEIs0SS/GCZAl535dDk= -github.com/go-asn1-ber/asn1-ber v1.5.7/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= -github.com/go-jose/go-jose/v3 v3.0.4 h1:Wp5HA7bLQcKnf6YYao/4kpRpVMp/yf6+pJKV8WFSaNY= -github.com/go-jose/go-jose/v3 v3.0.4/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= -github.com/go-jose/go-jose/v4 v4.1.1 h1:JYhSgy4mXXzAdF3nUx3ygx347LRXJRrpgyU3adRmkAI= -github.com/go-jose/go-jose/v4 v4.1.1/go.mod h1:BdsZGqgdO3b6tTc6LSE56wcDbMMLuPsw5d4ZD5f94kA= +github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667 h1:BP4M0CvQ4S3TGls2FvczZtj5Re/2ZzkV9VwqPHH/3Bo= +github.com/go-asn1-ber/asn1-ber v1.5.8-0.20250403174932-29230038a667/go.mod h1:hEBeB/ic+5LoWskz+yKT7vGhhPYkProFKoKdwZRWMe0= +github.com/go-jose/go-jose/v3 v3.0.5 h1:BLLJWbC4nMZOfuPVxoZIxeYsn6Nl2r1fITaJ78UQlVQ= +github.com/go-jose/go-jose/v3 v3.0.5/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= +github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-kit/log v0.1.0/go.mod h1:zbhenjAZHb184qTLMA9ZjW7ThYL0H2mk7Q6pNt4vbaY= github.com/go-ldap/ldap/v3 v3.4.8 h1:loKJyspcRezt2Q3ZRMq2p/0v8iOurlmeXDPw6fikSvQ= github.com/go-ldap/ldap/v3 v3.4.8/go.mod h1:qS3Sjlu76eHfHGpUdWkAXQTw4beih+cHsco2jXlIXrk= @@ -210,16 +211,16 @@ github.com/hashicorp/go-bexpr v0.1.14 h1:uKDeyuOhWhT1r5CiMTjdVY4Aoxdxs6EtwgTGnlo github.com/hashicorp/go-bexpr v0.1.14/go.mod h1:gN7hRKB3s7yT+YvTdnhZVLTENejvhlkZ8UE4YVBS+Q8= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-dbw v0.1.5-0.20240909162114-6cee92b3da36 h1:rPD+2QPhCLq8mKMx2FnIaqR5PTNT+LzhjfacYWuvFzY= -github.com/hashicorp/go-dbw v0.1.5-0.20240909162114-6cee92b3da36/go.mod h1:/YHbfK7mgG9k09aB74Imw3fEOwno0eTtlFTTYGZ7SFk= +github.com/hashicorp/go-dbw v0.1.5 h1:ZVKMy5vXzWGOq01ta8dmt7kZ5MTNP+G7B3B0dTNAYI4= +github.com/hashicorp/go-dbw v0.1.5/go.mod h1:cYhssJhqO4FUvu92aHW7MfJ8axmFPeGwkotYx+rH8P4= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-kms-wrapping/extras/kms/v2 v2.0.0-20241126174344-f3b1a41a15fd h1:CmPn4FXkYbPgmIqAKU970nXOEWW0u2RYZ7NnB6f7jkQ= github.com/hashicorp/go-kms-wrapping/extras/kms/v2 v2.0.0-20241126174344-f3b1a41a15fd/go.mod h1:8G70jr/DzTk81B2Z+bXnvqWHwPq6GkoRWagyZsbX0U0= github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 h1:DLfC677GfKEpSAFpEWvl1vXsGpEcSHmbhBaPLrdDQHc= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.18/go.mod h1:t/eaR/mi2mw3klfl1WEAuiLKrlZ/Q8cosmsT+RIPLu0= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.19 h1:FX7HrkfkYomf4SlMrwzOP32FXuFltq34Qy/gXk1Tp5Y= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.19/go.mod h1:wpZygQlPUUGt4Klgg+RlCaq/KRe8XinEzqTf7QmvrNo= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= @@ -270,8 +271,8 @@ github.com/hashicorp/hcl v1.0.1-vault-7 h1:ag5OxFVy3QYTFTJODRzTKVZ6xvdfLLCA1cy/Y github.com/hashicorp/hcl v1.0.1-vault-7/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/mql v0.1.5 h1:oy7DfoabOP05ZjUwx7ZidwtMqVIEZnUYBkJaxHvBHo4= github.com/hashicorp/mql v0.1.5/go.mod h1:pRgMF50e0ItqpgRkjCPyNyt4tmlpx4Xz5Z4BEdyUYU4= -github.com/hashicorp/nodeenrollment v0.2.14 h1:/feF2MdMotgbG7E84wKd6d21r84b+9Mqfjt7viBkXwk= -github.com/hashicorp/nodeenrollment v0.2.14/go.mod h1:9wAx3p2SmSQ1vqUNCjGMt6Qr7xs8KcBxYzOOtVQJvcs= +github.com/hashicorp/nodeenrollment v0.2.15 h1:rX5OyWiefouqU0Q/Io/ke5bjzHqpUblEc1nB7fsONVU= +github.com/hashicorp/nodeenrollment v0.2.15/go.mod h1:bgNNmIdBkiNut//AhYp37LJ08/z/xaE5LgxtGC2epxg= github.com/hashicorp/vault/api v1.20.0 h1:KQMHElgudOsr+IbJgmbjHnCTxEpKs9LnozA1D3nozU4= github.com/hashicorp/vault/api v1.20.0/go.mod h1:GZ4pcjfzoOWpkJ3ijHNpEoAxKEsBJnVljyTe3jM2Sms= github.com/hashicorp/vault/sdk v0.11.0 h1:KP/tBUywaVcvOebAfMPNCCiXKeCNEbm3JauYmrZd7RI= @@ -291,23 +292,12 @@ github.com/iancoleman/strcase v0.3.0/go.mod h1:iwCmte+B7n89clKwxIoIXy/HfoL7AsD47 github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= -github.com/jackc/chunkreader/v2 v2.0.0/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= -github.com/jackc/chunkreader/v2 v2.0.1 h1:i+RDz65UE+mmpjTfyz0MoVTnzeYxroil2G82ki7MGG8= -github.com/jackc/chunkreader/v2 v2.0.1/go.mod h1:odVSm741yZoC3dpHEUXIqA9tQRhFrgOHwnPIn9lDKlk= -github.com/jackc/pgconn v1.14.3 h1:bVoTr12EGANZz66nZPkMInAV/KHD2TxH9npjXXgiB3w= -github.com/jackc/pgconn v1.14.3/go.mod h1:RZbme4uasqzybK2RK5c65VsHxoyaml09lx3tXOcO/VM= -github.com/jackc/pgio v1.0.0 h1:g12B9UwVnzGhueNavwioyEEpAmqMe1E/BN9ES+8ovkE= -github.com/jackc/pgio v1.0.0/go.mod h1:oP+2QK2wFfUWgr+gxjoBH9KGBb31Eio69xUb0w5bYf8= -github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65 h1:DadwsjnMwFjfWc9y5Wi/+Zz7xoE5ALHsRQlOctkOiHc= -github.com/jackc/pgmock v0.0.0-20210724152146-4ad1a8207f65/go.mod h1:5R2h2EEX+qri8jOWMbJCtaPWkrrNc7OHwsp2TCqp7ak= github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM= github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg= -github.com/jackc/pgproto3/v2 v2.3.3 h1:1HLSx5H+tXR9pW3in3zaztoEwQYRC9SQaYUHjTSUOag= -github.com/jackc/pgproto3/v2 v2.3.3/go.mod h1:WfJCnwN3HIg9Ish/j3sgWXnAfK8A9Y0bwXYU5xKaEdA= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761 h1:iCEnooe7UlwOQYpKFhBabPMi4aNAfoODPEFNiAnClxo= github.com/jackc/pgservicefile v0.0.0-20240606120523-5a60cdf6a761/go.mod h1:5TJZWKEWniPve33vlWYSoGYefn3gLQRzjfDlhSJ9ZKM= -github.com/jackc/pgx/v5 v5.7.5 h1:JHGfMnQY+IEtGM63d+NGMjoRpysB2JBwDr5fsngwmJs= -github.com/jackc/pgx/v5 v5.7.5/go.mod h1:aruU7o91Tc2q2cFp5h4uP3f6ztExVpyVv88Xl/8Vl8M= +github.com/jackc/pgx/v5 v5.9.2 h1:3ZhOzMWnR4yJ+RW1XImIPsD1aNSz4T4fyP7zlQb56hw= +github.com/jackc/pgx/v5 v5.9.2/go.mod h1:mal1tBGAFfLHvZzaYh77YS/eC6IX9OWbRV1QIIM0Jn4= github.com/jackc/puddle/v2 v2.2.2 h1:PR8nw+E/1w0GLuRFSmiioY6UooMp6KJv0/61nB7icHo= github.com/jackc/puddle/v2 v2.2.2/go.mod h1:vriiEXHvEE654aYKXXjOvZM39qJ0q+azkZFrfEOc3H4= github.com/jcmturner/aescts/v2 v2.0.0 h1:9YKLH6ey7H4eDBXW8khjYslgyqG2xZikXP0EQFKrle8= @@ -385,8 +375,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus= -github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= -github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= +github.com/mattn/go-sqlite3 v1.14.28 h1:ThEiQrnbtumT+QMknw63Befp/ce/nUPgBPMlRFEum7A= +github.com/mattn/go-sqlite3 v1.14.28/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b h1:j7+1HpAFS1zy5+Q4qx1fWh90gTKwiN4QCGoY9TWyyO4= github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b/go.mod h1:01TrycV0kFyexm33Z7vhZRXopbI8J3TDReVlkTgMUxE= github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA= @@ -412,14 +402,18 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/moby/docker-image-spec v1.3.1 h1:jMKff3w6PgbfSa69GfNg+zN/XLhfXJGnEx3Nl2EsFP0= github.com/moby/docker-image-spec v1.3.1/go.mod h1:eKmb5VW8vQEh/BAr2yvVNvuiJuY6UIocYsFu/DxxRpo= +github.com/moby/moby/api v1.53.0 h1:PihqG1ncw4W+8mZs69jlwGXdaYBeb5brF6BL7mPIS/w= +github.com/moby/moby/api v1.53.0/go.mod h1:8mb+ReTlisw4pS6BRzCMts5M49W5M7bKt1cJy/YbAqc= +github.com/moby/moby/client v0.2.2 h1:Pt4hRMCAIlyjL3cr8M5TrXCwKzguebPAc2do2ur7dEM= +github.com/moby/moby/client v0.2.2/go.mod h1:2EkIPVNCqR05CMIzL1mfA07t0HvVUUOl85pasRz/GmQ= github.com/moby/sys/atomicwriter v0.1.0 h1:kw5D/EqkBwsBFi0ss9v1VG3wIkVhzGvLklJ+w3A14Sw= github.com/moby/sys/atomicwriter v0.1.0/go.mod h1:Ul8oqv2ZMNHOceF643P6FKPXeCmYtlQMvpizfsSoaWs= github.com/moby/sys/sequential v0.6.0 h1:qrx7XFUd/5DxtqcoH1h438hF5TmOvzC/lspjy7zgvCU= github.com/moby/sys/sequential v0.6.0/go.mod h1:uyv8EUTrca5PnDsdMGXhZe6CCe8U/UiTWd+lL+7b/Ko= github.com/moby/sys/user v0.4.0 h1:jhcMKit7SA80hivmFJcbB1vqmw//wU61Zdui2eQXuMs= github.com/moby/sys/user v0.4.0/go.mod h1:bG+tYYYJgaMtRKgEmuueC0hJEAZWwtIbZTB+85uoHjs= -github.com/moby/term v0.5.0 h1:xt8Q1nalod/v7BqbG21f8mQPqH+xAaC9C3N3wfWbVP0= -github.com/moby/term v0.5.0/go.mod h1:8FzsFHVUBGZdbDsJw/ot+X+d5HLUbvklYLJ9uGfcI3Y= +github.com/moby/term v0.5.2 h1:6qk3FJAFDs6i/q3W/pQ97SX192qKfZgGjCQqfCJkgzQ= +github.com/moby/term v0.5.2/go.mod h1:d3djjFCrjnB+fl8NJux+EJzu0msscUP+f8it8hPkFLc= github.com/morikuni/aec v1.0.0 h1:nP9CBfwrvYnBRgY6qfDQkygYDmYwOilePFkwzv4dU8A= github.com/morikuni/aec v1.0.0/go.mod h1:BbKIizmSmc5MMPqRYbxO4ZU0S0+P200+tUnFx7PXmsc= github.com/mr-tron/base58 v1.2.0 h1:T/HDJBh4ZCPbU39/+c3rRvE0uKBQlU27+QI8LJ4t64o= @@ -441,8 +435,8 @@ github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM= github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040= github.com/opencontainers/image-spec v1.1.1/go.mod h1:qpqAh3Dmcf36wStyyWU+kCeDgrGnAve2nCC8+7h8Q0M= -github.com/opencontainers/runc v1.2.3 h1:fxE7amCzfZflJO2lHXf4y/y8M1BoAqp+FVmG19oYB80= -github.com/opencontainers/runc v1.2.3/go.mod h1:nSxcWUydXrsBZVYNSkTjoQ/N6rcyTtn+1SD5D4+kRIM= +github.com/opencontainers/runc v1.2.8 h1:RnEICeDReapbZ5lZEgHvj7E9Q3Eex9toYmaGBsbvU5Q= +github.com/opencontainers/runc v1.2.8/go.mod h1:cC0YkmZcuvr+rtBZ6T7NBoVbMGNAdLa/21vIElJDOzI= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/ory/dockertest/v3 v3.12.0 h1:3oV9d0sDzlSQfHtIaB5k6ghUCVMVLpAY8hwrqoCyRCw= github.com/ory/dockertest/v3 v3.12.0/go.mod h1:aKNDTva3cp8dwOWwb9cWuX84aH5akkxXRvO7KCwWVjE= @@ -529,8 +523,8 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -github.com/xo/dburl v0.23.1 h1:PX1RgQaaJV1S5iADcM1TT39OLrg5daeV6Hp7RYwVoYw= -github.com/xo/dburl v0.23.1/go.mod h1:B7/G9FGungw6ighV8xJNwWYQPMfn3gsi2sn5SE8Bzco= +github.com/xo/dburl v0.23.7 h1:UCiK8Dyll38NdDHVi7UOxhz5/ugWuyQGgQHdxfdEQDY= +github.com/xo/dburl v0.23.7/go.mod h1:uazlaAQxj4gkshhfuuYyvwCBouOmNnG2aDxTCFZpmL4= github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4= github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -538,24 +532,24 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8ua9s= github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0 h1:sbiXRNDSWJOTobXh5HyQKjq6wUC5tNybqjIqDpAY4CU= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.60.0/go.mod h1:69uWxva0WgAA/4bu2Yy70SLDBwZXuQ6PbBpbsa5iZrQ= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0 h1:1fTNlAIJZGWLP5FVu0fikVry1IsiUnXjf7QFvoNN3Xw= go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.35.0/go.mod h1:zjPK58DtkqQFn+YUMbx0M2XV3QgKU0gS9LeGohREyK4= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0 h1:xJ2qHD0C1BeYVTLLR9sX12+Qb95kfeD/byKj6Ky1pXg= go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp v1.35.0/go.mod h1:u5BF1xyjstDowA1R5QAO9JHzqK+ublenEW/dyqTjBVk= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= go.opentelemetry.io/proto/otlp v1.5.0 h1:xJvq7gMzB31/d406fB8U5CBdyQGw4P399D1aQWU/3i4= go.opentelemetry.io/proto/otlp v1.5.0/go.mod h1:keN8WnHxOy8PG0rQZjJJ5A2ebUoafqWp0eVQ4yIXvJ4= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= @@ -584,8 +578,8 @@ golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4 golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0 h1:R84qjqJb5nVJMxqWYb3np9L5ZsaDtB+a39EqjV0JSUM= golang.org/x/exp v0.0.0-20250408133849-7e4ce0ab07d0/go.mod h1:S9Xr4PYopiDyqSyp5NjCrhFrqg6A5zA2E/iPHPhqnS8= @@ -597,8 +591,8 @@ golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.27.0 h1:kb+q2PyFnEADO2IEF935ehFUXlWiNjJWtRNgBLSfbxQ= -golang.org/x/mod v0.27.0/go.mod h1:rWI627Fq0DEoudcK+MBkNkCe0EetEaDSwJJkCcjpazc= +golang.org/x/mod v0.30.0 h1:fDEXFVZ/fmCKProc/yAXXUijritrDzahmwwefnjoPFk= +golang.org/x/mod v0.30.0/go.mod h1:lAsf5O2EvJeSFMiBxXDki7sCgAxEUcZHXoXMKT4GJKc= golang.org/x/net v0.0.0-20180218175443-cbe0f9307d01/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -620,11 +614,11 @@ golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.22.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= +golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= +golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -632,8 +626,8 @@ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -661,8 +655,10 @@ golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54 h1:E2/AqCUMZGgd73TQkxUMcMla25GB9i/5HOdLr+uH7Vo= +golang.org/x/telemetry v0.0.0-20251111182119-bc8e575c7b54/go.mod h1:hKdjCMrbv9skySur+Nek8Hd0uJ0GuxJIoIX2payrIdQ= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210503060354-a79de5458b56/go.mod h1:tfny5GFUkzUvx4ps4ajbZsCe5lw1metzhBm9T3x7oIY= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= @@ -671,8 +667,8 @@ golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4= -golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw= +golang.org/x/term v0.38.0 h1:PQ5pkm/rLO6HnxFR7N2lJHOZX6Kez5Y1gDSJla6jo7Q= +golang.org/x/term v0.38.0/go.mod h1:bSEAKrOT1W+VSu9TSCMtoGEOUcKxOKgl3LE5QEF/xVg= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -681,8 +677,8 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -696,8 +692,8 @@ golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roY golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.36.0 h1:kWS0uv/zsvHEle1LbV5LE8QujrxB3wfQyxHfhOk0Qkg= -golang.org/x/tools v0.36.0/go.mod h1:WBDiHKJK8YgLHlcQPYQzNCkUxUypCaa5ZegCVutKm+s= +golang.org/x/tools v0.39.0 h1:ik4ho21kwuQln40uelmciQPp9SipgNDdrafrYA4TmQQ= +golang.org/x/tools v0.39.0/go.mod h1:JnefbkDPyD8UU2kI5fuf8ZX4/yUeh9W877ZeBONxUqQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -711,21 +707,21 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de h1:F6qOa9AZTYJXOUEr4jDysRDLrm4PHePlge4v4TGAlxY= google.golang.org/genproto v0.0.0-20240227224415-6ceb2ff114de/go.mod h1:VUhTRKeHn9wwcdrk73nvdC9gF178Tzhmt/qyaFcPLSo= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 h1:F29+wU6Ee6qgu9TddPgooOdaqsxTMunOoj8KA5yuS5A= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1/go.mod h1:5KF+wpkbTSbGcR9zteSqZV6fqFOWBl4Yde8En8MryZA= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -740,8 +736,6 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= -gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200605160147-a5ece683394c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -749,10 +743,10 @@ gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gorm.io/driver/postgres v1.6.0 h1:2dxzU8xJ+ivvqTRph34QX+WrRaJlmfyPqXmoGVjMBa4= gorm.io/driver/postgres v1.6.0/go.mod h1:vUw0mrGgrTK+uPHEhAdV4sfFELrByKVGnaVRkXDhtWo= -gorm.io/driver/sqlite v1.5.6 h1:fO/X46qn5NUEEOZtnjJRWRzZMe8nqJiQ9E+0hi+hKQE= -gorm.io/driver/sqlite v1.5.6/go.mod h1:U+J8craQU6Fzkcvu8oLeAQmi50TkwPEhHDEjQZXDah4= -gorm.io/gorm v1.25.11 h1:/Wfyg1B/je1hnDx3sMkX+gAlxrlZpn6X0BXRlwXlvHg= -gorm.io/gorm v1.25.11/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ= +gorm.io/driver/sqlite v1.5.7 h1:8NvsrhP0ifM7LX9G4zPB97NwovUakUxc+2V2uuf3Z1I= +gorm.io/driver/sqlite v1.5.7/go.mod h1:U+J8craQU6Fzkcvu8oLeAQmi50TkwPEhHDEjQZXDah4= +gorm.io/gorm v1.25.12 h1:I0u8i2hWQItBq1WfE0o2+WuL9+8L21K9e2HHSTE/0f8= +gorm.io/gorm v1.25.12/go.mod h1:xh7N7RHfYlNc5EmcI/El95gXusucDrQnHXe0+CgWcLQ= gotest.tools/v3 v3.5.2 h1:7koQfIKdy+I8UTetycgUqXWSDwpgv193Ka+qRsmBY8Q= gotest.tools/v3 v3.5.2/go.mod h1:LtdLGcnqToBH83WByAAi/wiwSFCArdFIUV/xxN4pcjA= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -767,3 +761,5 @@ modernc.org/sqlite v1.28.0 h1:Zx+LyDDmXczNnEQdvPuEfcFVA2ZPyaD7UCZDjef3BHQ= modernc.org/sqlite v1.28.0/go.mod h1:Qxpazz0zH8Z1xCFyi5GSL3FzbtZ3fvbjmywNogldEW0= mvdan.cc/gofumpt v0.9.0 h1:W0wNHMSvDBDIyZsm3nnGbVfgp5AknzBrGJnfLCy501w= mvdan.cc/gofumpt v0.9.0/go.mod h1:3xYtNemnKiXaTh6R4VtlqDATFwBbdXI8lJvH/4qk7mw= +pgregory.net/rapid v1.2.0 h1:keKAYRcjm+e1F0oAuU5F5+YPAWcyxNNRK2wud503Gnk= +pgregory.net/rapid v1.2.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= diff --git a/internal/alias/target/store/alias.pb.go b/internal/alias/target/store/alias.pb.go index 45afe38a3f5..7852b1d1e82 100644 --- a/internal/alias/target/store/alias.pb.go +++ b/internal/alias/target/store/alias.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/alias/target/store/v1/alias.proto diff --git a/internal/auth/ldap/auth_method_test.go b/internal/auth/ldap/auth_method_test.go index 16b9b1e9735..aa733fc740a 100644 --- a/internal/auth/ldap/auth_method_test.go +++ b/internal/auth/ldap/auth_method_test.go @@ -510,7 +510,7 @@ func Test_convertValueObjects(t *testing.T) { }, }, wantErrMatch: errors.T(errors.Unknown), - wantErrContains: "host contains an invalid IPv6 literal", + wantErrContains: "failed to parse address", }, { name: "invalid-client-cert", diff --git a/internal/auth/ldap/store/ldap.pb.go b/internal/auth/ldap/store/ldap.pb.go index 2f2b4dee64a..55a5b566ef6 100644 --- a/internal/auth/ldap/store/ldap.pb.go +++ b/internal/auth/ldap/store/ldap.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/auth/ldap/store/v1/ldap.proto diff --git a/internal/auth/oidc/request/request.pb.go b/internal/auth/oidc/request/request.pb.go index b6b89b91218..3a0770e7d06 100644 --- a/internal/auth/oidc/request/request.pb.go +++ b/internal/auth/oidc/request/request.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/auth/oidc/request/v1/request.proto diff --git a/internal/auth/oidc/store/oidc.pb.go b/internal/auth/oidc/store/oidc.pb.go index 47039df05ec..86fc449bb4a 100644 --- a/internal/auth/oidc/store/oidc.pb.go +++ b/internal/auth/oidc/store/oidc.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/auth/oidc/store/v1/oidc.proto diff --git a/internal/auth/password/store/argon2.pb.go b/internal/auth/password/store/argon2.pb.go index 5d88974fc70..05d56a2ee1e 100644 --- a/internal/auth/password/store/argon2.pb.go +++ b/internal/auth/password/store/argon2.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/auth/password/store/v1/argon2.proto diff --git a/internal/auth/password/store/password.pb.go b/internal/auth/password/store/password.pb.go index c56e5028aa2..beedc6b239c 100644 --- a/internal/auth/password/store/password.pb.go +++ b/internal/auth/password/store/password.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/auth/password/store/v1/password.proto diff --git a/internal/auth/store/account.pb.go b/internal/auth/store/account.pb.go index 7b0e024c3ae..a4fb5c9858b 100644 --- a/internal/auth/store/account.pb.go +++ b/internal/auth/store/account.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/auth/store/v1/account.proto diff --git a/internal/auth/store/auth_method.pb.go b/internal/auth/store/auth_method.pb.go index 55a0beee572..3f7b3115dea 100644 --- a/internal/auth/store/auth_method.pb.go +++ b/internal/auth/store/auth_method.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/auth/store/v1/auth_method.proto diff --git a/internal/authtoken/store/authtoken.pb.go b/internal/authtoken/store/authtoken.pb.go index 3d21f28a5ce..a0cb3cfefc6 100644 --- a/internal/authtoken/store/authtoken.pb.go +++ b/internal/authtoken/store/authtoken.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/authtoken/store/v1/authtoken.proto diff --git a/internal/bsr/gen/ssh/v1/ssh_chunks.pb.go b/internal/bsr/gen/ssh/v1/ssh_chunks.pb.go index 00cf17bfdb0..8c7c61384ee 100644 --- a/internal/bsr/gen/ssh/v1/ssh_chunks.pb.go +++ b/internal/bsr/gen/ssh/v1/ssh_chunks.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: ssh/v1/ssh_chunks.proto diff --git a/internal/cmd/base/pprof_off.go b/internal/cmd/base/pprof_off.go deleted file mode 100644 index e8e9cbb5bbc..00000000000 --- a/internal/cmd/base/pprof_off.go +++ /dev/null @@ -1,14 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -//go:build !pprof -// +build !pprof - -package base - -import ( - "context" -) - -func StartPprof(_ context.Context) { -} diff --git a/internal/cmd/base/pprof_on.go b/internal/cmd/base/pprof_on.go deleted file mode 100644 index 7c12a47e653..00000000000 --- a/internal/cmd/base/pprof_on.go +++ /dev/null @@ -1,28 +0,0 @@ -// Copyright (c) HashiCorp, Inc. -// SPDX-License-Identifier: BUSL-1.1 - -//go:build pprof -// +build pprof - -package base - -import ( - "context" - "errors" - "net/http" - - "github.com/hashicorp/boundary/internal/event" - - _ "net/http/pprof" -) - -func StartPprof(ctx context.Context) { - const op = "base.StartPprof" - go func() { - const addr = "localhost:6060" - event.WriteSysEvent(ctx, op, "starting pprof HTTP server", "addr", addr) - if err := http.ListenAndServe(addr, nil); err != nil && !errors.Is(err, http.ErrServerClosed) { - event.WriteSysEvent(ctx, op, "failed to serve pprof HTTP server", "error", err.Error()) - } - }() -} diff --git a/internal/cmd/commands/connect/connect.go b/internal/cmd/commands/connect/connect.go index 5525cee958b..f5acb8e6d8b 100644 --- a/internal/cmd/commands/connect/connect.go +++ b/internal/cmd/commands/connect/connect.go @@ -59,15 +59,16 @@ var ( type Command struct { *base.Command - flagAuthzToken string - flagListenAddr string - flagListenPort int64 - flagTargetId string - flagTargetName string - flagHostId string - flagExec string - flagUsername string - flagDbname string + flagAuthzToken string + flagListenAddr string + flagListenPort int64 + flagTargetId string + flagTargetName string + flagHostId string + flagExec string + flagUsername string + flagDbname string + flagInactiveTimeout time.Duration // HTTP httpFlags @@ -209,6 +210,13 @@ func (c *Command) Flags() *base.FlagSets { Usage: "Target scope name, if authorizing the session via scope parameters and target name. Mutually exclusive with -scope-id.", }) + f.DurationVar(&base.DurationVar{ + Name: "inactive-timeout", + Target: &c.flagInactiveTimeout, + Completion: complete.PredictAnything, + Usage: "How long to wait between connections before closing the session. Increase this value if the proxy closes during long-running processes, or use -1 to disable the timeout.", + }) + switch c.Func { case "connect": f.StringVar(&base.StringVar{ @@ -487,11 +495,32 @@ func (c *Command) Run(args []string) (retCode int) { clientProxyCloseCh := make(chan struct{}) connCountCloseCh := make(chan struct{}) + if c.flagInactiveTimeout == 0 { + // no timeout was specified by the user, so use our defaults based on subcommand + switch c.Func { + case "connect": + // connect is when there is no subcommand specified, this case should + // have the most generous timeout + apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(30*time.Second)) + case "rdp": + // rdp has a gui, so give the user a chance to click "reconnect" + apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(5*time.Second)) + case "ssh": + // one second is probably enough for ssh + apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(time.Second)) + default: + // for other protocols, give some extra leeway just in case + apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(3*time.Second)) + } + } else { + apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(c.flagInactiveTimeout)) + } + proxyError := new(atomic.Error) go func() { defer close(clientProxyCloseCh) - if err = clientProxy.Start(); err != nil { - c.proxyCancel() + defer c.proxyCancel() + if err = clientProxy.Start(apiProxyOpts...); err != nil { proxyError.Store(err) } }() @@ -574,10 +603,8 @@ func (c *Command) Run(args []string) (retCode int) { if c.execCmdReturnValue != nil { // Don't print out in this case, so ensure we clear it termInfo.Reason = "" - } else if time.Now().After(clientProxy.SessionExpiration()) { - termInfo.Reason = "Session has expired" - } else if clientProxy.ConnectionsLeft() == 0 { - termInfo.Reason = "No connections left in session" + } else if r := clientProxy.CloseReason(); r != "" { + termInfo.Reason = r } else if err := proxyError.Load(); err != nil { termInfo.Reason = "Error from proxy client: " + err.Error() } @@ -784,10 +811,9 @@ func (c *Command) handleExec(clientProxy *apiproxy.ClientProxy, passthroughArgs cmd.Stdin = os.Stdin cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr + cmdExit := make(chan struct{}) - if err := cmd.Run(); err != nil { - exitCode := 2 - + cmdError := func(err error) { if exitError, ok := err.(*exec.ExitError); ok { if exitError.Success() { c.execCmdReturnValue.Store(0) @@ -800,8 +826,30 @@ func (c *Command) handleExec(clientProxy *apiproxy.ClientProxy, passthroughArgs } c.PrintCliError(fmt.Errorf("Failed to run command: %w", err)) - c.execCmdReturnValue.Store(int32(exitCode)) + c.execCmdReturnValue.Store(2) return } - c.execCmdReturnValue.Store(0) + + go func() { + defer close(cmdExit) + if err := cmd.Start(); err != nil { + cmdError(err) + return + } + if err := cmd.Wait(); err != nil { + cmdError(err) + return + } + c.execCmdReturnValue.Store(0) + }() + + for { + select { + case <-c.proxyCtx.Done(): + // the proxy exited for some reason, end the cmd since connections are no longer possible + _ = endProcess(cmd.Process) + case <-cmdExit: + return + } + } } diff --git a/internal/cmd/commands/connect/end_process_nonwindows.go b/internal/cmd/commands/connect/end_process_nonwindows.go new file mode 100644 index 00000000000..bc66eb05233 --- /dev/null +++ b/internal/cmd/commands/connect/end_process_nonwindows.go @@ -0,0 +1,19 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build !windows + +package connect + +import ( + "os" + "syscall" +) + +// endProcess gracefully ends the provided os process +func endProcess(p *os.Process) error { + if p == nil { + return nil + } + return p.Signal(syscall.SIGTERM) +} diff --git a/internal/cmd/commands/connect/end_process_windows.go b/internal/cmd/commands/connect/end_process_windows.go new file mode 100644 index 00000000000..e5389d3a836 --- /dev/null +++ b/internal/cmd/commands/connect/end_process_windows.go @@ -0,0 +1,18 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build windows + +package connect + +import ( + "os" +) + +// endProcess kills the provided os process +func endProcess(p *os.Process) error { + if p == nil { + return nil + } + return p.Kill() +} diff --git a/internal/cmd/commands/connect/rdp.go b/internal/cmd/commands/connect/rdp.go index 24ce167801c..ffabfe4c24f 100644 --- a/internal/cmd/commands/connect/rdp.go +++ b/internal/cmd/commands/connect/rdp.go @@ -59,7 +59,7 @@ func (r *rdpFlags) buildArgs(c *Command, port, ip, addr string) []string { case "mstsc.exe": args = append(args, "/v", addr) case "open": - args = append(args, "-n", "-W", fmt.Sprintf("rdp://full%saddress=s%s%s", "%20", "%3A", url.QueryEscape(addr))) + args = append(args, "-W", fmt.Sprintf("rdp://full%saddress=s%s%s", "%20", "%3A", url.QueryEscape(addr))) } return args } diff --git a/internal/cmd/commands/dev/dev.go b/internal/cmd/commands/dev/dev.go index 803fb5a03aa..4621fdf37af 100644 --- a/internal/cmd/commands/dev/dev.go +++ b/internal/cmd/commands/dev/dev.go @@ -87,6 +87,7 @@ type Command struct { flagWorkerProxyListenAddr string flagWorkerPublicAddr string flagOpsListenAddr string + flagDebug bool flagUiPassthroughDir string flagRecoveryKey string flagDatabaseUrl string @@ -262,6 +263,13 @@ func (c *Command) Flags() *base.FlagSets { Usage: "Address to bind to for \"ops\" purpose. If this begins with a forward slash, it will be assumed to be a Unix domain socket path.", }) + f.BoolVar(&base.BoolVar{ + Name: "debug", + Target: &c.flagDebug, + Usage: "Enable debug mode. Currently this exposes pprof endpoints on the ops listener.", + Hidden: true, + }) + f.BoolVar(&base.BoolVar{ Name: "controller-only", Target: &c.flagControllerOnly, @@ -722,8 +730,6 @@ func (c *Command) Run(args []string) int { return base.CommandCliError } - base.StartPprof(c.Context) - if c.flagRecoveryKey != "" { c.Config.DevRecoveryKey = c.flagRecoveryKey } @@ -993,7 +999,7 @@ func (c *Command) Run(args []string) int { return base.CommandCliError } - opsServer, err := ops.NewServer(c.Context, c.Logger, c.controller, c.worker, c.Listeners...) + opsServer, err := ops.NewServer(c.Context, c.Logger, c.controller, c.worker, c.flagDebug, c.Listeners...) if err != nil { c.UI.Error(fmt.Errorf("Failed to start ops listeners: %w", err).Error()) return base.CommandCliError diff --git a/internal/cmd/commands/server/server.go b/internal/cmd/commands/server/server.go index b9d8bee85f2..1803b091a42 100644 --- a/internal/cmd/commands/server/server.go +++ b/internal/cmd/commands/server/server.go @@ -62,6 +62,7 @@ type Command struct { flagLogLevel string flagLogFormat string flagCombineLogs bool + flagDebug bool flagSkipPlugins bool flagSkipAliasTargetCreation bool flagWorkerDnsServer string @@ -148,7 +149,12 @@ func (c *Command) Flags() *base.FlagSets { Target: &c.flagWorkerAuthCaReinitialize, Hidden: true, }) - + f.BoolVar(&base.BoolVar{ + Name: "debug", + Target: &c.flagDebug, + Usage: "Enable debug mode. Currently this exposes pprof endpoints on the ops listener.", + Hidden: true, + }) f.BoolVar(&base.BoolVar{ Name: "skip-plugins", Target: &c.flagSkipPlugins, @@ -217,7 +223,6 @@ func (c *Command) Run(args []string) int { c.WorkerAuthDebuggingEnabled.Store(c.Config.EnableWorkerAuthDebugging) base.StartMemProfiler(c.Context) - base.StartPprof(c.Context) // Note: the checks directly after this must remain where they are because // they rely on the state of configured KMSes. @@ -548,7 +553,7 @@ func (c *Command) Run(args []string) int { return base.CommandCliError } - opsServer, err := ops.NewServer(c.Context, c.Logger, c.controller, c.worker, c.Listeners...) + opsServer, err := ops.NewServer(c.Context, c.Logger, c.controller, c.worker, c.flagDebug, c.Listeners...) if err != nil { c.UI.Error(err.Error()) return base.CommandCliError diff --git a/internal/cmd/ops/server.go b/internal/cmd/ops/server.go index 75a69e04483..a2258ebbd1f 100644 --- a/internal/cmd/ops/server.go +++ b/internal/cmd/ops/server.go @@ -11,6 +11,7 @@ import ( "fmt" "net" "net/http" + "net/http/pprof" "os" "time" @@ -39,7 +40,7 @@ type opsBundle struct { // NewServer iterates through all the listeners and sets up HTTP Servers for each, along with individual handlers. // If Controller is set-up, NewServer will set-up a health endpoint for it. -func NewServer(ctx context.Context, l hclog.Logger, c *controller.Controller, w *worker.Worker, listeners ...*base.ServerListener) (*Server, error) { +func NewServer(ctx context.Context, l hclog.Logger, c *controller.Controller, w *worker.Worker, enableDebug bool, listeners ...*base.ServerListener) (*Server, error) { const op = "ops.NewServer()" if l == nil { return nil, fmt.Errorf("%s: missing logger", op) @@ -57,7 +58,7 @@ func NewServer(ctx context.Context, l hclog.Logger, c *controller.Controller, w return nil, fmt.Errorf("%s: missing ops listener", op) } - h, err := createOpsHandler(ctx, ln.Config, c, w) + h, err := createOpsHandler(ctx, ln.Config, c, w, enableDebug) if err != nil { return nil, err } @@ -131,7 +132,7 @@ func (s *Server) WaitIfHealthExists(d time.Duration, ui cli.Ui) { <-time.After(d) } -func createOpsHandler(ctx context.Context, lncfg *listenerutil.ListenerConfig, c *controller.Controller, w *worker.Worker) (http.Handler, error) { +func createOpsHandler(_ context.Context, lncfg *listenerutil.ListenerConfig, c *controller.Controller, w *worker.Worker, enableDebug bool) (http.Handler, error) { mux := http.NewServeMux() var h http.Handler var err error @@ -156,6 +157,20 @@ func createOpsHandler(ctx context.Context, lncfg *listenerutil.ListenerConfig, c mux.Handle("/health", h) } mux.Handle("/metrics", promhttp.Handler()) + if enableDebug { + // Turn on pprof endpoints if debug is enabled. + mux.HandleFunc("/debug/pprof/", pprof.Index) + mux.HandleFunc("/debug/pprof/cmdline", pprof.Cmdline) + mux.HandleFunc("/debug/pprof/profile", pprof.Profile) + mux.HandleFunc("/debug/pprof/symbol", pprof.Symbol) + mux.HandleFunc("/debug/pprof/trace", pprof.Trace) + mux.Handle("/debug/pprof/block", pprof.Handler("block")) + mux.Handle("/debug/pprof/goroutine", pprof.Handler("goroutine")) + mux.Handle("/debug/pprof/heap", pprof.Handler("heap")) + mux.Handle("/debug/pprof/threadcreate", pprof.Handler("threadcreate")) + mux.Handle("/debug/pprof/mutex", pprof.Handler("mutex")) + mux.Handle("/debug/pprof/allocs", pprof.Handler("allocs")) + } return cleanhttp.PrintablePathCheckHandler(mux, nil), nil } diff --git a/internal/cmd/ops/server_test.go b/internal/cmd/ops/server_test.go index 65cbc036064..6f7b5f9bc1a 100644 --- a/internal/cmd/ops/server_test.go +++ b/internal/cmd/ops/server_test.go @@ -106,7 +106,7 @@ func TestNewServer(t *testing.T) { for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - s, err := NewServer(context.Background(), tt.logger, tt.c, tt.w, tt.listeners...) + s, err := NewServer(context.Background(), tt.logger, tt.c, tt.w, false, tt.listeners...) if tt.expErr { require.EqualError(t, err, tt.expErrMsg) require.Nil(t, s) @@ -297,7 +297,7 @@ func TestNewServerIntegration(t *testing.T) { err := bs.SetupListeners(nil, &configutil.SharedConfig{Listeners: tt.listeners}, []string{"ops"}) require.NoError(t, err) - s, err := NewServer(context.Background(), hclog.Default(), nil, nil, bs.Listeners...) + s, err := NewServer(context.Background(), hclog.Default(), nil, nil, false, bs.Listeners...) if tt.expErr { require.EqualError(t, err, tt.expErrMsg) require.Nil(t, s) @@ -597,7 +597,7 @@ func TestHealthEndpointLifecycle(t *testing.T) { require.NoError(t, err) // Controller has started and is set onto our Command object, start ops. - opsServer, err := NewServer(tc.Context(), hclog.Default(), tc.Controller(), nil, tc.Config().Listeners...) + opsServer, err := NewServer(tc.Context(), hclog.Default(), tc.Controller(), nil, false, tc.Config().Listeners...) require.NoError(t, err) opsServer.Start() @@ -692,6 +692,7 @@ func TestCreateOpsHandler(t *testing.T) { name string setupController bool setupWorker bool + enableDebug bool lncfg *listenerutil.ListenerConfig expErr bool expErrMsg string @@ -800,6 +801,28 @@ func TestCreateOpsHandler(t *testing.T) { expErr: true, expErrMsg: "controller.(Controller).GetHealthHandler: received nil listener config", }, + { + name: "pprof disabled by debug flag", + enableDebug: false, + lncfg: &listenerutil.ListenerConfig{}, + assertions: func(t *testing.T, addr string) { + rsp, err := http.Get("http://" + addr + "/debug/pprof/") + require.NoError(t, err) + require.Equal(t, http.StatusNotFound, rsp.StatusCode) + require.NoError(t, rsp.Body.Close()) + }, + }, + { + name: "pprof enabled by debug flag", + enableDebug: true, + lncfg: &listenerutil.ListenerConfig{}, + assertions: func(t *testing.T, addr string) { + rsp, err := http.Get("http://" + addr + "/debug/pprof/") + require.NoError(t, err) + require.Equal(t, http.StatusOK, rsp.StatusCode) + require.NoError(t, rsp.Body.Close()) + }, + }, } for _, tt := range tests { @@ -816,7 +839,7 @@ func TestCreateOpsHandler(t *testing.T) { w = tc.Worker() } - h, err := createOpsHandler(ctx, tt.lncfg, c, w) + h, err := createOpsHandler(ctx, tt.lncfg, c, w, tt.enableDebug) if tt.expErr { require.EqualError(t, err, tt.expErrMsg) require.Nil(t, h) diff --git a/internal/credential/static/store/static.pb.go b/internal/credential/static/store/static.pb.go index ed5b8b77303..09a634c21d8 100644 --- a/internal/credential/static/store/static.pb.go +++ b/internal/credential/static/store/static.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/credential/static/store/v1/static.proto diff --git a/internal/credential/store/credential.pb.go b/internal/credential/store/credential.pb.go index ee4f5dfdd7b..6d3b1270850 100644 --- a/internal/credential/store/credential.pb.go +++ b/internal/credential/store/credential.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/credential/store/v1/credential.proto diff --git a/internal/credential/vault/store/vault.pb.go b/internal/credential/vault/store/vault.pb.go index b7e5c63b508..79d50a9414b 100644 --- a/internal/credential/vault/store/vault.pb.go +++ b/internal/credential/vault/store/vault.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/credential/vault/store/v1/vault.proto diff --git a/internal/daemon/controller/handlers/targets/credentials.go b/internal/daemon/controller/handlers/targets/credentials.go index 82279a944b6..5d1a5ae73dc 100644 --- a/internal/daemon/controller/handlers/targets/credentials.go +++ b/internal/daemon/controller/handlers/targets/credentials.go @@ -27,6 +27,16 @@ func dynamicToWorkerCredential(ctx context.Context, cred credential.Dynamic) (se const op = "targets.dynamicToWorkerCredential" var workerCred *serverpb.Credential switch c := cred.(type) { + case credential.UsernamePasswordDomain: + workerCred = &serverpb.Credential{ + Credential: &serverpb.Credential_UsernamePasswordDomain{ + UsernamePasswordDomain: &serverpb.UsernamePasswordDomain{ + Username: c.Username(), + Password: string(c.Password()), + Domain: c.Domain(), + }, + }, + } case credential.UsernamePassword: workerCred = &serverpb.Credential{ Credential: &serverpb.Credential_UsernamePassword{ diff --git a/internal/daemon/controller/listeners.go b/internal/daemon/controller/listeners.go index d6982ffa35b..0b12b24bb63 100644 --- a/internal/daemon/controller/listeners.go +++ b/internal/daemon/controller/listeners.go @@ -163,9 +163,10 @@ func (c *Controller) configureForCluster(ln *base.ServerListener) (func(), error // need to handle individual listener shutdown. interceptingListener, err := protocol.NewInterceptingListener( &protocol.InterceptingListenerConfiguration{ - Context: c.baseContext, - Storage: workerAuthStorage, - BaseListener: ln.ClusterListener, + Context: c.baseContext, + Storage: workerAuthStorage, + BaseListener: ln.ClusterListener, + TlsHandshakeTimeout: 15 * time.Second, Options: []nodee.Option{ nodee.WithLogger(eventLogger), nodee.WithRegistrationWrapper(wrapperToUse), diff --git a/internal/daemon/worker/handler.go b/internal/daemon/worker/handler.go index a0d0691166e..96781d6aaa8 100644 --- a/internal/daemon/worker/handler.go +++ b/internal/daemon/worker/handler.go @@ -283,7 +283,15 @@ func (w *Worker) handleProxy(listenerCfg *listenerutil.ListenerConfig, sessionMa runProxy, err := handleProxyFn(ctx, ctx, decryptFn, cc, pDialer, acResp.GetConnectionId(), protocolCtx, w.recorderManager, proxyHandlers.WithLogger(w.logger)) if err != nil { conn.Close(proxyHandlers.WebsocketStatusProtocolSetupError, "unable to setup proxying") - event.WriteError(ctx, op, err) + + switch { + case errors.Match(errors.T(errors.WindowsRDPClientEarlyDisconnection), err): + // This is known behavior with Windows Remote Desktop clients and does not + // indicate a problem with the worker or the proxy. + // There is no need to log an error event here. + default: + event.WriteError(ctx, op, err) + } return } diff --git a/internal/daemon/worker/listeners.go b/internal/daemon/worker/listeners.go index 9b465202063..c81a95f3079 100644 --- a/internal/daemon/worker/listeners.go +++ b/internal/daemon/worker/listeners.go @@ -199,9 +199,10 @@ func (w *Worker) configureForWorker(ln *base.ServerListener, logger *log.Logger, interceptingListener, err := protocol.NewInterceptingListener( &protocol.InterceptingListenerConfiguration{ - Context: w.baseContext, - Storage: w.WorkerAuthStorage, - BaseListener: ln.ProxyListener, + Context: w.baseContext, + Storage: w.WorkerAuthStorage, + BaseListener: ln.ProxyListener, + TlsHandshakeTimeout: 15 * time.Second, BaseTlsConfiguration: &tls.Config{ GetConfigForClient: w.getSessionTls(sessionManager), }, diff --git a/internal/db/db_test/db_test.pb.go b/internal/db/db_test/db_test.pb.go index 39fcf184dfc..2c20edea61d 100644 --- a/internal/db/db_test/db_test.pb.go +++ b/internal/db/db_test/db_test.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/db/db_test/v1/db_test.proto diff --git a/internal/db/timestamp/timestamp.pb.go b/internal/db/timestamp/timestamp.pb.go index 3d74293d4ae..3b950a46d7d 100644 --- a/internal/db/timestamp/timestamp.pb.go +++ b/internal/db/timestamp/timestamp.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/timestamp/v1/timestamp.proto diff --git a/internal/errors/code.go b/internal/errors/code.go index 222dbfcbd0d..3aac53406d6 100644 --- a/internal/errors/code.go +++ b/internal/errors/code.go @@ -69,6 +69,9 @@ const ( InvalidListToken Code = 136 // InvalidListToken represents an error where the provided list token is invalid Paused Code = 137 // Paused represents an error when an operation cannot be completed because the thing being operated on is paused + // Note: Currently unused in OSS + WindowsRDPClientEarlyDisconnection Code = 138 // WindowsRDPClientEarlyDisconnection represents an error when a Windows RDP client disconnects early, a known behavior with Windows Remote Desktop clients + AuthAttemptExpired Code = 198 // AuthAttemptExpired represents an expired authentication attempt AuthMethodInactive Code = 199 // AuthMethodInactive represents an error that means the auth method is not active. diff --git a/internal/errors/code_test.go b/internal/errors/code_test.go index 6afd68d2d4e..c19aa8375df 100644 --- a/internal/errors/code_test.go +++ b/internal/errors/code_test.go @@ -455,6 +455,11 @@ func TestCode_Both_String_Info(t *testing.T) { c: Paused, want: Paused, }, + { + name: "WindowsRDPClientEarlyDisconnection", + c: WindowsRDPClientEarlyDisconnection, + want: WindowsRDPClientEarlyDisconnection, + }, { name: "ImmutableColumn", c: ImmutableColumn, diff --git a/internal/errors/info.go b/internal/errors/info.go index ce2e1f89e4f..e54ba27933a 100644 --- a/internal/errors/info.go +++ b/internal/errors/info.go @@ -347,6 +347,10 @@ var errorCodeInfo = map[Code]Info{ Message: "paused", Kind: State, }, + WindowsRDPClientEarlyDisconnection: { + Message: "rdp client disconnected early", + Kind: State, + }, ExternalPlugin: { Message: "plugin error", Kind: External, diff --git a/internal/gen/controller.swagger.json b/internal/gen/controller.swagger.json index 1dd3cbf431f..bb5af0af55e 100644 --- a/internal/gen/controller.swagger.json +++ b/internal/gen/controller.swagger.json @@ -3,7 +3,7 @@ "info": { "title": "Boundary controller HTTP API", "description": "Welcome to the Boundary controller HTTP API documentation. This page provides a reference guide for using the Boundary controller API, a JSON-based HTTP API. The API implements commonly seen HTTP API patterns for status codes, paths, and errors. See the [API overview](https://developer.hashicorp.com/boundary/docs/api-clients/api) for more information.\n\nBefore you read this page, it is useful to understand Boundary's [domain model](https://developer.hashicorp.com/boundary/docs/concepts/domain-model) and to be aware of the terminology used here. To get started, search for the service you want to interact with in the sidebar to the left. Each resource in Boundary, such as accounts and credential stores, has its own service. Each service contains all the API endpoints for the resource.\n## Status codes\n- `2XX`: Boundary returns a code between `200` and `299` on success. Generally this is `200`, but implementations should be prepared to accept any `2XX` status code as indicating success. If a call returns a `2XX` code that is not `200`, it follows well-understood semantics for those status codes.\n- `400`: Boundary returns `400` when a command cannot be completed due to invalid user input, except for a properly-formatted identifier that does not map to an existing resource, which returns a `404` as discussed below.\n- `401`: Boundary returns `401` if no authentication token is provided or if the provided token is invalid. A valid token that simply does not have permission for a resource returns a `403` instead. A token that is invalid or missing, but where the anonymous user (`u_anon`) is able to successfully perform the action, will not return a `401` but instead will return the result of the action.\n- `403`: Boundary returns `403` if a provided token was valid but does not have the grants required to perform the requested action.\n- `404`: Boundary returns `404` if a resource cannot be found. Note that this happens _prior_ to authentication/authorization checking in nearly all cases as the resource information (such as its scope, available actions, etc.) is a required part of that check. As a result, an action against a resource that does not exist returns a `404` instead of a `401` or `403`. While this could be considered an information leak, since IDs are randomly generated and this only discloses whether an ID is valid, it's tolerable as it allows for far simpler and more robust client implementation.\n- `405`: Boundary returns a `405` to indicate that the method (HTTP verb or custom action) is not implemented for the given resource.\n- `429`: Boundary returns a `429` if any of the API rate limit quotas have been exhausted for the resource and action. It includes the `Retry-After` header so that the client knows how long to wait before making a new request.\n- `500`: Boundary returns `500` if an error occurred that is not (directly) tied to invalid user input. If a `500` is generated, information about the error is logged to Boundary's server log but is not generally provided to the client.\n- `503`: Boundary returns a `503` if it is unable to store a quota due to the API rate limit being exceeded. It includes the `Retry-After` header so that the client knows how long to wait before making a new request.\n## List pagination\nBoundary uses [API pagination](https://developer.hashicorp.com/boundary/docs/api-clients/api/pagination) to support searching and filtering large lists of results efficiently.", - "version": "0.20.0", + "version": "0.20.3", "contact": { "name": "HashiCorp Boundary", "url": "https://www.boundaryproject.io/" diff --git a/internal/gen/controller/api/empty_msg.pb.go b/internal/gen/controller/api/empty_msg.pb.go index 5f298bbb645..ab6dd278c27 100644 --- a/internal/gen/controller/api/empty_msg.pb.go +++ b/internal/gen/controller/api/empty_msg.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/v1/empty_msg.proto diff --git a/internal/gen/controller/api/error.pb.go b/internal/gen/controller/api/error.pb.go index e9775bcd275..adcbc581da2 100644 --- a/internal/gen/controller/api/error.pb.go +++ b/internal/gen/controller/api/error.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/v1/error.proto diff --git a/internal/gen/controller/api/services/account_service.pb.go b/internal/gen/controller/api/services/account_service.pb.go index 4af3c82974b..d822200989e 100644 --- a/internal/gen/controller/api/services/account_service.pb.go +++ b/internal/gen/controller/api/services/account_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/account_service.proto diff --git a/internal/gen/controller/api/services/alias_service.pb.go b/internal/gen/controller/api/services/alias_service.pb.go index 6e4fe188d1a..6ffb2d0257c 100644 --- a/internal/gen/controller/api/services/alias_service.pb.go +++ b/internal/gen/controller/api/services/alias_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/alias_service.proto diff --git a/internal/gen/controller/api/services/auth_method_service.pb.go b/internal/gen/controller/api/services/auth_method_service.pb.go index 1c860101b81..2d82dac1172 100644 --- a/internal/gen/controller/api/services/auth_method_service.pb.go +++ b/internal/gen/controller/api/services/auth_method_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/auth_method_service.proto diff --git a/internal/gen/controller/api/services/authtokens_service.pb.go b/internal/gen/controller/api/services/authtokens_service.pb.go index d0f59f9c801..adc17f9c972 100644 --- a/internal/gen/controller/api/services/authtokens_service.pb.go +++ b/internal/gen/controller/api/services/authtokens_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/authtokens_service.proto diff --git a/internal/gen/controller/api/services/billing_service.pb.go b/internal/gen/controller/api/services/billing_service.pb.go index 79386833be6..2130ee270cb 100644 --- a/internal/gen/controller/api/services/billing_service.pb.go +++ b/internal/gen/controller/api/services/billing_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/billing_service.proto diff --git a/internal/gen/controller/api/services/credential_library_service.pb.go b/internal/gen/controller/api/services/credential_library_service.pb.go index f7401149828..a7ad06473c9 100644 --- a/internal/gen/controller/api/services/credential_library_service.pb.go +++ b/internal/gen/controller/api/services/credential_library_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/credential_library_service.proto diff --git a/internal/gen/controller/api/services/credential_service.pb.go b/internal/gen/controller/api/services/credential_service.pb.go index 425bbe9e5dd..49f23e493d0 100644 --- a/internal/gen/controller/api/services/credential_service.pb.go +++ b/internal/gen/controller/api/services/credential_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/credential_service.proto diff --git a/internal/gen/controller/api/services/credential_store_service.pb.go b/internal/gen/controller/api/services/credential_store_service.pb.go index 2c88ac3a950..6d2d8af6f3a 100644 --- a/internal/gen/controller/api/services/credential_store_service.pb.go +++ b/internal/gen/controller/api/services/credential_store_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/credential_store_service.proto diff --git a/internal/gen/controller/api/services/doc.pb.go b/internal/gen/controller/api/services/doc.pb.go index 6923f7958c6..1447839a598 100644 --- a/internal/gen/controller/api/services/doc.pb.go +++ b/internal/gen/controller/api/services/doc.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/doc.proto diff --git a/internal/gen/controller/api/services/group_service.pb.go b/internal/gen/controller/api/services/group_service.pb.go index aa74acf0af9..d8f614aea91 100644 --- a/internal/gen/controller/api/services/group_service.pb.go +++ b/internal/gen/controller/api/services/group_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/group_service.proto diff --git a/internal/gen/controller/api/services/host_catalog_service.pb.go b/internal/gen/controller/api/services/host_catalog_service.pb.go index 3e000c495b1..9dd31032595 100644 --- a/internal/gen/controller/api/services/host_catalog_service.pb.go +++ b/internal/gen/controller/api/services/host_catalog_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/host_catalog_service.proto diff --git a/internal/gen/controller/api/services/host_service.pb.go b/internal/gen/controller/api/services/host_service.pb.go index d0552a1192a..717025a0d89 100644 --- a/internal/gen/controller/api/services/host_service.pb.go +++ b/internal/gen/controller/api/services/host_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/host_service.proto diff --git a/internal/gen/controller/api/services/host_set_service.pb.go b/internal/gen/controller/api/services/host_set_service.pb.go index 288e2f47536..33b2eb294fa 100644 --- a/internal/gen/controller/api/services/host_set_service.pb.go +++ b/internal/gen/controller/api/services/host_set_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/host_set_service.proto diff --git a/internal/gen/controller/api/services/list.pb.go b/internal/gen/controller/api/services/list.pb.go index 57f4a647a22..e2c9f2bb229 100644 --- a/internal/gen/controller/api/services/list.pb.go +++ b/internal/gen/controller/api/services/list.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/list.proto diff --git a/internal/gen/controller/api/services/managed_group_service.pb.go b/internal/gen/controller/api/services/managed_group_service.pb.go index fef579da409..87dc032900d 100644 --- a/internal/gen/controller/api/services/managed_group_service.pb.go +++ b/internal/gen/controller/api/services/managed_group_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/managed_group_service.proto diff --git a/internal/gen/controller/api/services/policy_service.pb.go b/internal/gen/controller/api/services/policy_service.pb.go index b5e175cf01d..a304a8ecd8b 100644 --- a/internal/gen/controller/api/services/policy_service.pb.go +++ b/internal/gen/controller/api/services/policy_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/policy_service.proto diff --git a/internal/gen/controller/api/services/role_service.pb.go b/internal/gen/controller/api/services/role_service.pb.go index 9cf13c03db5..54b3586f203 100644 --- a/internal/gen/controller/api/services/role_service.pb.go +++ b/internal/gen/controller/api/services/role_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/role_service.proto diff --git a/internal/gen/controller/api/services/scope_service.pb.go b/internal/gen/controller/api/services/scope_service.pb.go index 9cf1c51406c..6f98999e9fd 100644 --- a/internal/gen/controller/api/services/scope_service.pb.go +++ b/internal/gen/controller/api/services/scope_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/scope_service.proto diff --git a/internal/gen/controller/api/services/session_recording_service.pb.go b/internal/gen/controller/api/services/session_recording_service.pb.go index 7812197cae6..b3513cd7664 100644 --- a/internal/gen/controller/api/services/session_recording_service.pb.go +++ b/internal/gen/controller/api/services/session_recording_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/session_recording_service.proto diff --git a/internal/gen/controller/api/services/session_service.pb.go b/internal/gen/controller/api/services/session_service.pb.go index b44b1a7b8df..e717c55707c 100644 --- a/internal/gen/controller/api/services/session_service.pb.go +++ b/internal/gen/controller/api/services/session_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/session_service.proto diff --git a/internal/gen/controller/api/services/storage_bucket_service.pb.go b/internal/gen/controller/api/services/storage_bucket_service.pb.go index d1db4bf5376..96392a2d215 100644 --- a/internal/gen/controller/api/services/storage_bucket_service.pb.go +++ b/internal/gen/controller/api/services/storage_bucket_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/storage_bucket_service.proto diff --git a/internal/gen/controller/api/services/target_service.pb.go b/internal/gen/controller/api/services/target_service.pb.go index 4201e99fbda..dade7e6cc4a 100644 --- a/internal/gen/controller/api/services/target_service.pb.go +++ b/internal/gen/controller/api/services/target_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/target_service.proto diff --git a/internal/gen/controller/api/services/user_service.pb.go b/internal/gen/controller/api/services/user_service.pb.go index 8612281869c..0a8d67f1c7a 100644 --- a/internal/gen/controller/api/services/user_service.pb.go +++ b/internal/gen/controller/api/services/user_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/user_service.proto diff --git a/internal/gen/controller/api/services/worker_service.pb.go b/internal/gen/controller/api/services/worker_service.pb.go index de6409b7d85..0914ffc72f7 100644 --- a/internal/gen/controller/api/services/worker_service.pb.go +++ b/internal/gen/controller/api/services/worker_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/services/v1/worker_service.proto diff --git a/internal/gen/controller/auth/auth.pb.go b/internal/gen/controller/auth/auth.pb.go index 41423b54c9a..8fe9ca53310 100644 --- a/internal/gen/controller/auth/auth.pb.go +++ b/internal/gen/controller/auth/auth.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/auth/v1/auth.proto diff --git a/internal/gen/controller/servers/servers.pb.go b/internal/gen/controller/servers/servers.pb.go index e329b2bde35..034dcd72358 100644 --- a/internal/gen/controller/servers/servers.pb.go +++ b/internal/gen/controller/servers/servers.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/servers/v1/servers.proto diff --git a/internal/gen/controller/servers/services/credential.pb.go b/internal/gen/controller/servers/services/credential.pb.go index e0ae9dae36d..7c70a464e6a 100644 --- a/internal/gen/controller/servers/services/credential.pb.go +++ b/internal/gen/controller/servers/services/credential.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/servers/services/v1/credential.proto diff --git a/internal/gen/controller/servers/services/server_coordination_service.pb.go b/internal/gen/controller/servers/services/server_coordination_service.pb.go index fbc292f5a70..cd71a33f1ec 100644 --- a/internal/gen/controller/servers/services/server_coordination_service.pb.go +++ b/internal/gen/controller/servers/services/server_coordination_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/servers/services/v1/server_coordination_service.proto diff --git a/internal/gen/controller/servers/services/session_service.pb.go b/internal/gen/controller/servers/services/session_service.pb.go index bc495b3ae1b..ee2eceda7b9 100644 --- a/internal/gen/controller/servers/services/session_service.pb.go +++ b/internal/gen/controller/servers/services/session_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/servers/services/v1/session_service.proto diff --git a/internal/gen/controller/servers/services/upstream_message_service.pb.go b/internal/gen/controller/servers/services/upstream_message_service.pb.go index 3001147f3d9..70c05563af1 100644 --- a/internal/gen/controller/servers/services/upstream_message_service.pb.go +++ b/internal/gen/controller/servers/services/upstream_message_service.pb.go @@ -2,7 +2,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/servers/services/v1/upstream_message_service.proto diff --git a/internal/gen/controller/tokens/tokens.pb.go b/internal/gen/controller/tokens/tokens.pb.go index 5574065726a..0b30b0f0e3d 100644 --- a/internal/gen/controller/tokens/tokens.pb.go +++ b/internal/gen/controller/tokens/tokens.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/tokens/v1/tokens.proto diff --git a/internal/gen/errors/errors.pb.go b/internal/gen/errors/errors.pb.go index 887c0dadb35..36f74da1e94 100644 --- a/internal/gen/errors/errors.pb.go +++ b/internal/gen/errors/errors.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: errors/v1/errors.proto diff --git a/internal/gen/ops/services/health_service.pb.go b/internal/gen/ops/services/health_service.pb.go index 3a3e0cdf467..ccf03b142c4 100644 --- a/internal/gen/ops/services/health_service.pb.go +++ b/internal/gen/ops/services/health_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: ops/services/v1/health_service.proto diff --git a/internal/gen/testing/attribute/attribute.pb.go b/internal/gen/testing/attribute/attribute.pb.go index b14adad8f96..800e74a9fb6 100644 --- a/internal/gen/testing/attribute/attribute.pb.go +++ b/internal/gen/testing/attribute/attribute.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: testing/attribute/v1/attribute.proto diff --git a/internal/gen/testing/event/event.pb.go b/internal/gen/testing/event/event.pb.go index 71ec9454bfe..63cb1e0fc30 100644 --- a/internal/gen/testing/event/event.pb.go +++ b/internal/gen/testing/event/event.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: testing/event/v1/event.proto diff --git a/internal/gen/testing/interceptor/greeter.pb.go b/internal/gen/testing/interceptor/greeter.pb.go index 4c254bc44d3..e2ee421a470 100644 --- a/internal/gen/testing/interceptor/greeter.pb.go +++ b/internal/gen/testing/interceptor/greeter.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: testing/interceptor/v1/greeter.proto diff --git a/internal/gen/testing/protooptions/service.pb.go b/internal/gen/testing/protooptions/service.pb.go index fa098cc8040..796ae22357f 100644 --- a/internal/gen/testing/protooptions/service.pb.go +++ b/internal/gen/testing/protooptions/service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: testing/options/v1/service.proto diff --git a/internal/gen/worker/health/health_service.pb.go b/internal/gen/worker/health/health_service.pb.go index fa326afb8a7..f11483b34d9 100644 --- a/internal/gen/worker/health/health_service.pb.go +++ b/internal/gen/worker/health/health_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: worker/health/v1/health_service.proto diff --git a/internal/gen/worker/servers/services/host_service.pb.go b/internal/gen/worker/servers/services/host_service.pb.go index a4257de0b66..46de838bbf0 100644 --- a/internal/gen/worker/servers/services/host_service.pb.go +++ b/internal/gen/worker/servers/services/host_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: worker/servers/services/v1/host_service.proto diff --git a/internal/host/plugin/store/host.pb.go b/internal/host/plugin/store/host.pb.go index 4d9888c8e9e..eb4e5649c49 100644 --- a/internal/host/plugin/store/host.pb.go +++ b/internal/host/plugin/store/host.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/host/plugin/store/v1/host.proto diff --git a/internal/host/static/store/static.pb.go b/internal/host/static/store/static.pb.go index ea94df42994..042c07193d0 100644 --- a/internal/host/static/store/static.pb.go +++ b/internal/host/static/store/static.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/host/static/store/v1/static.proto diff --git a/internal/host/store/host.pb.go b/internal/host/store/host.pb.go index c2655624600..dda0e848fbb 100644 --- a/internal/host/store/host.pb.go +++ b/internal/host/store/host.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/host/store/v1/host.proto diff --git a/internal/iam/store/group.pb.go b/internal/iam/store/group.pb.go index 7c7e6c66ebc..2810cd1a4b9 100644 --- a/internal/iam/store/group.pb.go +++ b/internal/iam/store/group.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/group.proto diff --git a/internal/iam/store/group_member.pb.go b/internal/iam/store/group_member.pb.go index ce9e2a9e092..0911eb435e8 100644 --- a/internal/iam/store/group_member.pb.go +++ b/internal/iam/store/group_member.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/group_member.proto diff --git a/internal/iam/store/principal_role.pb.go b/internal/iam/store/principal_role.pb.go index 94f96bc22b5..7a6fd3f20b5 100644 --- a/internal/iam/store/principal_role.pb.go +++ b/internal/iam/store/principal_role.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/principal_role.proto diff --git a/internal/iam/store/role.pb.go b/internal/iam/store/role.pb.go index 13b0f716101..d1ce6d2d6f6 100644 --- a/internal/iam/store/role.pb.go +++ b/internal/iam/store/role.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/role.proto diff --git a/internal/iam/store/role_global.pb.go b/internal/iam/store/role_global.pb.go index 6c25c44638b..ba66d3e90e2 100644 --- a/internal/iam/store/role_global.pb.go +++ b/internal/iam/store/role_global.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/role_global.proto diff --git a/internal/iam/store/role_global_individual_org_grant_scope.pb.go b/internal/iam/store/role_global_individual_org_grant_scope.pb.go index a6b0a842318..74279ceafe4 100644 --- a/internal/iam/store/role_global_individual_org_grant_scope.pb.go +++ b/internal/iam/store/role_global_individual_org_grant_scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/role_global_individual_org_grant_scope.proto diff --git a/internal/iam/store/role_global_individual_project_grant_scope.pb.go b/internal/iam/store/role_global_individual_project_grant_scope.pb.go index 350c1e41cc3..43457a217ba 100644 --- a/internal/iam/store/role_global_individual_project_grant_scope.pb.go +++ b/internal/iam/store/role_global_individual_project_grant_scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/role_global_individual_project_grant_scope.proto diff --git a/internal/iam/store/role_grant.pb.go b/internal/iam/store/role_grant.pb.go index 072ec8fc5a9..64df1c784e8 100644 --- a/internal/iam/store/role_grant.pb.go +++ b/internal/iam/store/role_grant.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/role_grant.proto diff --git a/internal/iam/store/role_grant_scope.pb.go b/internal/iam/store/role_grant_scope.pb.go index b735bce002c..58ad8b0401d 100644 --- a/internal/iam/store/role_grant_scope.pb.go +++ b/internal/iam/store/role_grant_scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/role_grant_scope.proto diff --git a/internal/iam/store/role_org.pb.go b/internal/iam/store/role_org.pb.go index 8f36096e763..e0958e9de1a 100644 --- a/internal/iam/store/role_org.pb.go +++ b/internal/iam/store/role_org.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/role_org.proto diff --git a/internal/iam/store/role_org_individual_grant_scope.pb.go b/internal/iam/store/role_org_individual_grant_scope.pb.go index 56af65e01e9..30566c48a18 100644 --- a/internal/iam/store/role_org_individual_grant_scope.pb.go +++ b/internal/iam/store/role_org_individual_grant_scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/role_org_individual_grant_scope.proto diff --git a/internal/iam/store/role_project.pb.go b/internal/iam/store/role_project.pb.go index 10a84f9a2b4..68367169d97 100644 --- a/internal/iam/store/role_project.pb.go +++ b/internal/iam/store/role_project.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/role_project.proto diff --git a/internal/iam/store/scope.pb.go b/internal/iam/store/scope.pb.go index 6f6af3913b1..82a0c36fbb3 100644 --- a/internal/iam/store/scope.pb.go +++ b/internal/iam/store/scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/scope.proto diff --git a/internal/iam/store/user.pb.go b/internal/iam/store/user.pb.go index 3c92019e3ae..fdae8338342 100644 --- a/internal/iam/store/user.pb.go +++ b/internal/iam/store/user.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/iam/store/v1/user.proto diff --git a/internal/kms/store/audit_key.pb.go b/internal/kms/store/audit_key.pb.go index b68571808c1..31e2e05f87d 100644 --- a/internal/kms/store/audit_key.pb.go +++ b/internal/kms/store/audit_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/kms/store/v1/audit_key.proto diff --git a/internal/kms/store/data_key_version_destruction_job.pb.go b/internal/kms/store/data_key_version_destruction_job.pb.go index b0de7b9bef3..b9c94ea2ea6 100644 --- a/internal/kms/store/data_key_version_destruction_job.pb.go +++ b/internal/kms/store/data_key_version_destruction_job.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/kms/store/v1/data_key_version_destruction_job.proto diff --git a/internal/kms/store/data_key_version_destruction_job_progress.pb.go b/internal/kms/store/data_key_version_destruction_job_progress.pb.go index cd66f13f104..87c71753401 100644 --- a/internal/kms/store/data_key_version_destruction_job_progress.pb.go +++ b/internal/kms/store/data_key_version_destruction_job_progress.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/kms/store/v1/data_key_version_destruction_job_progress.proto diff --git a/internal/kms/store/data_key_version_destruction_job_run.pb.go b/internal/kms/store/data_key_version_destruction_job_run.pb.go index b9f76379b94..f311fad8145 100644 --- a/internal/kms/store/data_key_version_destruction_job_run.pb.go +++ b/internal/kms/store/data_key_version_destruction_job_run.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/kms/store/v1/data_key_version_destruction_job_run.proto diff --git a/internal/kms/store/data_key_version_destruction_job_run_allowed_table_name.pb.go b/internal/kms/store/data_key_version_destruction_job_run_allowed_table_name.pb.go index 154afac6543..77ef51b73d4 100644 --- a/internal/kms/store/data_key_version_destruction_job_run_allowed_table_name.pb.go +++ b/internal/kms/store/data_key_version_destruction_job_run_allowed_table_name.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/kms/store/v1/data_key_version_destruction_job_run_allowed_table_name.proto diff --git a/internal/kms/store/database_key.pb.go b/internal/kms/store/database_key.pb.go index 33406a52268..a5947fac164 100644 --- a/internal/kms/store/database_key.pb.go +++ b/internal/kms/store/database_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/kms/store/v1/database_key.proto diff --git a/internal/kms/store/oidc_key.pb.go b/internal/kms/store/oidc_key.pb.go index 0e78c00317c..38ab45953c8 100644 --- a/internal/kms/store/oidc_key.pb.go +++ b/internal/kms/store/oidc_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/kms/store/v1/oidc_key.proto diff --git a/internal/kms/store/oplog_key.pb.go b/internal/kms/store/oplog_key.pb.go index df473d75adf..eca0fd4d57a 100644 --- a/internal/kms/store/oplog_key.pb.go +++ b/internal/kms/store/oplog_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/kms/store/v1/oplog_key.proto diff --git a/internal/kms/store/root_key.pb.go b/internal/kms/store/root_key.pb.go index 7223de2e189..17fc5d1ed93 100644 --- a/internal/kms/store/root_key.pb.go +++ b/internal/kms/store/root_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/kms/store/v1/root_key.proto diff --git a/internal/kms/store/session_key.pb.go b/internal/kms/store/session_key.pb.go index 104a9046305..34127c87c47 100644 --- a/internal/kms/store/session_key.pb.go +++ b/internal/kms/store/session_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/kms/store/v1/session_key.proto diff --git a/internal/kms/store/token_key.pb.go b/internal/kms/store/token_key.pb.go index dcd48e4f268..58d1663a314 100644 --- a/internal/kms/store/token_key.pb.go +++ b/internal/kms/store/token_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/kms/store/v1/token_key.proto diff --git a/internal/oplog/any_operation.pb.go b/internal/oplog/any_operation.pb.go index 43d741134de..337d538c8c7 100644 --- a/internal/oplog/any_operation.pb.go +++ b/internal/oplog/any_operation.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/oplog/v1/any_operation.proto diff --git a/internal/oplog/oplog_test/oplog_test.pb.go b/internal/oplog/oplog_test/oplog_test.pb.go index 42614d82b97..89cbf8474ab 100644 --- a/internal/oplog/oplog_test/oplog_test.pb.go +++ b/internal/oplog/oplog_test/oplog_test.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/oplog/test/v1/oplog_test.proto diff --git a/internal/oplog/store/oplog.pb.go b/internal/oplog/store/oplog.pb.go index 14b7c6f1918..cce108e087d 100644 --- a/internal/oplog/store/oplog.pb.go +++ b/internal/oplog/store/oplog.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/oplog/store/v1/oplog.proto diff --git a/internal/plugin/store/plugin.pb.go b/internal/plugin/store/plugin.pb.go index 03abb1ab322..71b0cd229b2 100644 --- a/internal/plugin/store/plugin.pb.go +++ b/internal/plugin/store/plugin.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/plugin/store/v1/plugin.proto diff --git a/internal/policy/storage/store/policy.pb.go b/internal/policy/storage/store/policy.pb.go index 50ade62b8a2..c446f0ad002 100644 --- a/internal/policy/storage/store/policy.pb.go +++ b/internal/policy/storage/store/policy.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/policy/storage/store/v1/policy.proto diff --git a/internal/policy/store/policy.pb.go b/internal/policy/store/policy.pb.go index 55c805e957e..39501b3ce96 100644 --- a/internal/policy/store/policy.pb.go +++ b/internal/policy/store/policy.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/policy/store/v1/policy.proto diff --git a/internal/scheduler/job/store/job.pb.go b/internal/scheduler/job/store/job.pb.go index 48b983f3e25..358d09ef90d 100644 --- a/internal/scheduler/job/store/job.pb.go +++ b/internal/scheduler/job/store/job.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/job/store/v1/job.proto diff --git a/internal/server/store/controller.pb.go b/internal/server/store/controller.pb.go index 53f2120f7f2..5729d2fe22d 100644 --- a/internal/server/store/controller.pb.go +++ b/internal/server/store/controller.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/servers/store/v1/controller.proto diff --git a/internal/server/store/root_certificate.pb.go b/internal/server/store/root_certificate.pb.go index 27067d30e52..e0821c9d469 100644 --- a/internal/server/store/root_certificate.pb.go +++ b/internal/server/store/root_certificate.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/servers/store/v1/root_certificate.proto diff --git a/internal/server/store/worker.pb.go b/internal/server/store/worker.pb.go index ab61eb2931e..cbf5aec6978 100644 --- a/internal/server/store/worker.pb.go +++ b/internal/server/store/worker.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/servers/store/v1/worker.proto diff --git a/internal/server/store/worker_auth.pb.go b/internal/server/store/worker_auth.pb.go index 57e1d6f60e2..09854e018e1 100644 --- a/internal/server/store/worker_auth.pb.go +++ b/internal/server/store/worker_auth.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/servers/store/v1/worker_auth.proto diff --git a/internal/session/repository_session_test.go b/internal/session/repository_session_test.go index 345daa024c0..cfb91884e79 100644 --- a/internal/session/repository_session_test.go +++ b/internal/session/repository_session_test.go @@ -34,7 +34,7 @@ import ( "github.com/hashicorp/boundary/internal/types/resource" wrapping "github.com/hashicorp/go-kms-wrapping/v2" "github.com/hashicorp/go-uuid" - "github.com/jackc/pgconn" + "github.com/jackc/pgx/v5/pgconn" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "google.golang.org/protobuf/types/known/timestamppb" diff --git a/internal/storage/plugin/store/storage.pb.go b/internal/storage/plugin/store/storage.pb.go index a0c15c0bd5f..098381cf4a6 100644 --- a/internal/storage/plugin/store/storage.pb.go +++ b/internal/storage/plugin/store/storage.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/storage/plugin/store/v1/storage.proto diff --git a/internal/target/store/target.pb.go b/internal/target/store/target.pb.go index 6380cebc2f2..83fed437576 100644 --- a/internal/target/store/target.pb.go +++ b/internal/target/store/target.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/target/store/v1/target.proto diff --git a/internal/target/targettest/store/target.pb.go b/internal/target/targettest/store/target.pb.go index 9bce9aeab5d..93046b92fa2 100644 --- a/internal/target/targettest/store/target.pb.go +++ b/internal/target/targettest/store/target.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/target/targettest/store/v1/target.proto diff --git a/internal/target/tcp/store/target.pb.go b/internal/target/tcp/store/target.pb.go index c1718275646..8df840cde74 100644 --- a/internal/target/tcp/store/target.pb.go +++ b/internal/target/tcp/store/target.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/storage/target/tcp/store/v1/target.proto diff --git a/internal/tests/api/proxy/proxy_test.go b/internal/tests/api/proxy/proxy_test.go index aa78af56efa..877ccc916e9 100644 --- a/internal/tests/api/proxy/proxy_test.go +++ b/internal/tests/api/proxy/proxy_test.go @@ -19,6 +19,7 @@ import ( "github.com/hashicorp/boundary/internal/tests/helper" "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/require" + "go.uber.org/atomic" _ "github.com/hashicorp/boundary/internal/daemon/controller/handlers/targets/tcp" ) @@ -140,3 +141,99 @@ func TestConnectionsLeft(t *testing.T) { // Wait to ensure cleanup and that the second-start logic works wg.Wait() } + +func TestConnectionTimeout(t *testing.T) { + require := require.New(t) + logger := hclog.New(&hclog.LoggerOptions{ + Name: t.Name(), + Level: hclog.Trace, + }) + + // Create controller and worker + conf, err := config.DevController() + require.NoError(err) + c1 := controller.NewTestController(t, &controller.TestControllerOpts{ + Config: conf, + InitialResourcesSuffix: "1234567890", + Logger: logger.Named("c1"), + WorkerRPCGracePeriod: helper.DefaultControllerRPCGracePeriod, + }) + helper.ExpectWorkers(t, c1) + + w1 := worker.NewTestWorker(t, &worker.TestWorkerOpts{ + WorkerAuthKms: c1.Config().WorkerAuthKms, + InitialUpstreams: c1.ClusterAddrs(), + Logger: logger.Named("w1"), + SuccessfulControllerRPCGracePeriodDuration: helper.DefaultControllerRPCGracePeriod, + Name: "w1", + }) + helper.ExpectWorkers(t, c1, w1) + + // Connect target + client := c1.Client() + client.SetToken(c1.Token().Token) + tcl := targets.NewClient(client) + tgt, err := tcl.Read(c1.Context(), "ttcp_1234567890") + require.NoError(err) + require.NotNil(tgt) + + // Create test server, update default port on target + ts := helper.NewTestTcpServer(t) + require.NotNil(t, ts) + defer ts.Close() + var sessionConnsLimit int32 = 2 + + tgt = updateTargetForProxy(t, c1.Context(), tcl, tgt, ts.Port(), sessionConnsLimit, w1.Name()) + + // Authorize session to get authorization data + sess, err := tcl.AuthorizeSession(c1.Context(), tgt.Item.Id) + require.NoError(err) + sessAuthz, err := sess.GetSessionAuthorization() + require.NoError(err) + + // Create a context we can cancel to stop the proxy, a channel for conns + // left, and a waitgroup to ensure cleanup + pxyCtx, pxyCancel := context.WithCancel(c1.Context()) + defer pxyCancel() + wg := new(sync.WaitGroup) + + pxy, err := proxy.New(pxyCtx, sessAuthz.AuthorizationToken) + require.NoError(err) + wg.Add(1) + done := atomic.NewBool(false) + go func() { + defer wg.Done() + require.NoError(pxy.Start(proxy.WithInactivityTimeout(time.Second))) + done.Store(true) + }() + + addr := pxy.ListenerAddress(context.Background()) + require.NotEmpty(addr) + addrPort, err := netip.ParseAddrPort(addr) + require.NoError(err) + + echo := []byte("echo") + readBuf := make([]byte, len(echo)) + + conn, err := net.DialTCP("tcp", nil, net.TCPAddrFromAddrPort(addrPort)) + require.NoError(err) + written, err := conn.Write(echo) + require.NoError(err) + require.Equal(written, len(echo)) + read, err := conn.Read(readBuf) + require.NoError(err) + require.Equal(read, len(echo)) + require.NoError(conn.Close()) + + start := time.Now() + for { + if done.Load() || time.Since(start) > time.Second*2 { + require.True(done.Load(), "proxy did not close itself within the expected time frame (2 seconds)") + break + } + time.Sleep(10 * time.Millisecond) + } + require.Equal("Inactivity timeout reached", pxy.CloseReason()) + pxyCancel() + wg.Wait() +} diff --git a/internal/tests/cli/boundary/_connect.bash b/internal/tests/cli/boundary/_connect.bash index bb8666289b2..6ba9bd43440 100644 --- a/internal/tests/cli/boundary/_connect.bash +++ b/internal/tests/cli/boundary/_connect.bash @@ -18,4 +18,4 @@ function connect_alias_with_host_id() { local hostid=$2 # Note: When this command returns, the session immediately goes into a "canceling" state echo "foo" | boundary connect $alias -host-id $hostid -exec nc -- {{boundary.ip}} {{boundary.port}} -} \ No newline at end of file +} diff --git a/internal/tests/cli/boundary/sessions.bats b/internal/tests/cli/boundary/sessions.bats index fd4f3bfe905..e2f04c12dee 100644 --- a/internal/tests/cli/boundary/sessions.bats +++ b/internal/tests/cli/boundary/sessions.bats @@ -11,12 +11,14 @@ load _helpers [ "$status" -eq 0 ] run connect_nc $DEFAULT_TARGET - echo "$output" + echo "connecting to $id: $output" + echo "status: $status" [ "$status" -eq 0 ] # Run twice so we have two values for later testing run connect_nc $DEFAULT_TARGET - echo "$output" + echo "connecting to $id: $output" + echo "status: $status" [ "$status" -eq 0 ] } @@ -26,12 +28,14 @@ load _helpers [ "$status" -eq 0 ] run connect_nc $DEFAULT_TARGET - echo "$output" + echo "connecting to $id: $output" + echo "status: $status" [ "$status" -eq 0 ] # Run twice so we have two values for later testing run connect_nc $DEFAULT_TARGET - echo "$output" + echo "connecting to $id: $output" + echo "status: $status" [ "$status" -eq 0 ] } diff --git a/internal/tests/cli/boundary/target.bats b/internal/tests/cli/boundary/target.bats index 4f8e953ae60..559194be2a0 100644 --- a/internal/tests/cli/boundary/target.bats +++ b/internal/tests/cli/boundary/target.bats @@ -29,6 +29,8 @@ load _target_host_sources @test "boundary/target/connect: unpriv user can connect to default target" { run connect_nc $DEFAULT_TARGET + echo "connecting to $id: $output" + echo "status: $status" [ "$status" -eq 0 ] } @@ -87,6 +89,7 @@ load _target_host_sources local id=$(target_id_from_name $DEFAULT_P_ID $TGT_NAME) run connect_nc $id echo "connecting to $id: $output" + echo "status: $status" [ "$status" -eq 0 ] } diff --git a/plugins/boundary/mains/aws/go.mod b/plugins/boundary/mains/aws/go.mod index 508f62b4055..5de7d173655 100644 --- a/plugins/boundary/mains/aws/go.mod +++ b/plugins/boundary/mains/aws/go.mod @@ -1,10 +1,10 @@ module github.com/hashicorp/boundary/plugins/boundary/mains/aws -go 1.25.0 +go 1.25.7 require ( github.com/hashicorp/boundary-plugin-aws v0.5.1 - github.com/hashicorp/boundary/sdk v0.0.55 + github.com/hashicorp/boundary/sdk v0.0.58 ) require ( @@ -37,7 +37,7 @@ require ( github.com/hashicorp/eventlogger/filters/encrypt v0.1.8-0.20231025104552-802587e608f0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect - github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 // indirect + github.com/hashicorp/go-kms-wrapping/v2 v2.0.20 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.7.0 // indirect github.com/hashicorp/go-secure-stdlib/awsutil/v2 v2.1.0 // indirect @@ -59,13 +59,13 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/stretchr/testify v1.11.1 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect - google.golang.org/grpc v1.75.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + golang.org/x/crypto v0.48.0 // indirect + golang.org/x/net v0.49.0 // indirect + golang.org/x/sys v0.41.0 // indirect + golang.org/x/text v0.34.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.11 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/plugins/boundary/mains/aws/go.sum b/plugins/boundary/mains/aws/go.sum index 6e0539145b1..71005e51b63 100644 --- a/plugins/boundary/mains/aws/go.sum +++ b/plugins/boundary/mains/aws/go.sum @@ -50,6 +50,8 @@ github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -71,8 +73,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/boundary-plugin-aws v0.5.1 h1:m8uV2YnmM4yQB3wJdwlIeOB+EdzMXrBJ2jMqf5FkRXc= github.com/hashicorp/boundary-plugin-aws v0.5.1/go.mod h1:EgAYE7ZFz1uLoDEutYYlxLRieWfxPXW7hSCSmp8jA/E= -github.com/hashicorp/boundary/sdk v0.0.55 h1:+1U2Nzw4snN62lNbztyczcFC3pN48gCZwyH6MTtVKII= -github.com/hashicorp/boundary/sdk v0.0.55/go.mod h1:Czlnppzciz//CzXDGRyeH9YRpZ/mCeN2EVirP1tJdGc= +github.com/hashicorp/boundary/sdk v0.0.58 h1:vkRFibdZEANlBMK950CjQP39EnnbV7X/mjwtL1sxq1Y= +github.com/hashicorp/boundary/sdk v0.0.58/go.mod h1:VYwVGAEaHTzihRXpzKZL6EhWBhll59Iul3PGLVL63ao= github.com/hashicorp/cli v1.1.7 h1:/fZJ+hNdwfTSfsxMBa9WWMlfjUZbX8/LnUxgAd7lCVU= github.com/hashicorp/cli v1.1.7/go.mod h1:e6Mfpga9OCT1vqzFuoGZiiF/KaG9CbUfO5s3ghU3YgU= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -88,8 +90,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 h1:DLfC677GfKEpSAFpEWvl1vXsGpEcSHmbhBaPLrdDQHc= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.18/go.mod h1:t/eaR/mi2mw3klfl1WEAuiLKrlZ/Q8cosmsT+RIPLu0= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.20 h1:afreZ1WJd0WI7v4NsMZ1aL7V/T59sxPuKmQDgGUja20= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.20/go.mod h1:NeK2Ul15t1zutp/dZzt28XQrGZHosbxE/QLNNfaWObM= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.7.0 h1:YghfQH/0QmPNc/AZMTFE3ac8fipZyZECHdDPshfk+mA= @@ -168,44 +170,44 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= +golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= +golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= +golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 h1:JLQynH/LBHfCTSbDWl+py8C+Rg/k1OVH3xfcaiANuF0= +google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:kSJwQxqmFXeo79zOmbrALdflXQeAYcUbgS7PbpMknCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 h1:mWPCjDEyshlQYzBpMNHaEof6UX1PmHcaUODUywQ0uac= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/plugins/boundary/mains/azure/go.mod b/plugins/boundary/mains/azure/go.mod index 964c0f8ccfa..b98c793bb5e 100644 --- a/plugins/boundary/mains/azure/go.mod +++ b/plugins/boundary/mains/azure/go.mod @@ -1,10 +1,10 @@ module github.com/hashicorp/boundary/plugins/boundary/mains/azure -go 1.25.0 +go 1.25.7 require ( github.com/hashicorp/boundary-plugin-azure v0.2.0 - github.com/hashicorp/boundary/sdk v0.0.55 + github.com/hashicorp/boundary/sdk v0.0.58 ) require ( @@ -29,7 +29,7 @@ require ( github.com/hashicorp/eventlogger/filters/encrypt v0.1.8-0.20231025104552-802587e608f0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect - github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 // indirect + github.com/hashicorp/go-kms-wrapping/v2 v2.0.20 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.7.0 // indirect github.com/hashicorp/go-retryablehttp v0.7.8 // indirect @@ -53,15 +53,15 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/stretchr/testify v1.11.1 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect - google.golang.org/grpc v1.75.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + golang.org/x/crypto v0.48.0 // indirect + golang.org/x/net v0.49.0 // indirect + golang.org/x/oauth2 v0.34.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.41.0 // indirect + golang.org/x/text v0.34.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.11 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/plugins/boundary/mains/azure/go.sum b/plugins/boundary/mains/azure/go.sum index fe717f9feb6..0cc81399fb7 100644 --- a/plugins/boundary/mains/azure/go.sum +++ b/plugins/boundary/mains/azure/go.sum @@ -72,6 +72,8 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -158,8 +160,8 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/hashicorp/boundary-plugin-azure v0.2.0 h1:JmsJamOb6IEWodQ7CJW9wJz09o+Q2fk1Cm0GnNruQuQ= github.com/hashicorp/boundary-plugin-azure v0.2.0/go.mod h1:V0zTGIqZQNYl9fl7q+NX13F4AyJ3pMGVlfopFfZr9O0= -github.com/hashicorp/boundary/sdk v0.0.55 h1:+1U2Nzw4snN62lNbztyczcFC3pN48gCZwyH6MTtVKII= -github.com/hashicorp/boundary/sdk v0.0.55/go.mod h1:Czlnppzciz//CzXDGRyeH9YRpZ/mCeN2EVirP1tJdGc= +github.com/hashicorp/boundary/sdk v0.0.58 h1:vkRFibdZEANlBMK950CjQP39EnnbV7X/mjwtL1sxq1Y= +github.com/hashicorp/boundary/sdk v0.0.58/go.mod h1:VYwVGAEaHTzihRXpzKZL6EhWBhll59Iul3PGLVL63ao= github.com/hashicorp/cli v1.1.7 h1:/fZJ+hNdwfTSfsxMBa9WWMlfjUZbX8/LnUxgAd7lCVU= github.com/hashicorp/cli v1.1.7/go.mod h1:e6Mfpga9OCT1vqzFuoGZiiF/KaG9CbUfO5s3ghU3YgU= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -177,8 +179,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 h1:DLfC677GfKEpSAFpEWvl1vXsGpEcSHmbhBaPLrdDQHc= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.18/go.mod h1:t/eaR/mi2mw3klfl1WEAuiLKrlZ/Q8cosmsT+RIPLu0= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.20 h1:afreZ1WJd0WI7v4NsMZ1aL7V/T59sxPuKmQDgGUja20= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.20/go.mod h1:NeK2Ul15t1zutp/dZzt28XQrGZHosbxE/QLNNfaWObM= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.7.0 h1:YghfQH/0QmPNc/AZMTFE3ac8fipZyZECHdDPshfk+mA= @@ -287,18 +289,18 @@ go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= go.opencensus.io v0.22.4/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -309,8 +311,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= +golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -369,16 +371,16 @@ golang.org/x/net v0.0.0-20200707034311-ab3426394381/go.mod h1:/O7V0waA8r7cgGh81R golang.org/x/net v0.0.0-20200822124328-c89045814202/go.mod h1:/O7V0waA8r7cgGh81Ro3o1hOxt32SMVPicZroKQ2sZA= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20210514164344-f6687ab2804c/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= +golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= +golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -387,8 +389,8 @@ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200317015054-43a5402ce75a/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20200625203802-6e8e738ad208/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -422,8 +424,8 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= +golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -431,8 +433,8 @@ golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= +golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -534,10 +536,10 @@ google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7Fc google.golang.org/genproto v0.0.0-20200729003335-053ba62fc06f/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200804131852-c06518451d9c/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20200825200019-8632dd797987/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= +google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 h1:JLQynH/LBHfCTSbDWl+py8C+Rg/k1OVH3xfcaiANuF0= +google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:kSJwQxqmFXeo79zOmbrALdflXQeAYcUbgS7PbpMknCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 h1:mWPCjDEyshlQYzBpMNHaEof6UX1PmHcaUODUywQ0uac= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -550,8 +552,8 @@ google.golang.org/grpc v1.28.0/go.mod h1:rpkK4SK4GF4Ach/+MFLZUBavHOvF2JJB5uozKKa google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -564,8 +566,8 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= diff --git a/plugins/boundary/mains/gcp/go.mod b/plugins/boundary/mains/gcp/go.mod index bd610e000a9..b0a26c5666b 100644 --- a/plugins/boundary/mains/gcp/go.mod +++ b/plugins/boundary/mains/gcp/go.mod @@ -1,10 +1,10 @@ module github.com/hashicorp/boundary/plugins/boundary/mains/gcp -go 1.25.0 +go 1.25.7 require ( github.com/hashicorp/boundary-plugin-gcp v0.1.0 - github.com/hashicorp/boundary/sdk v0.0.55 + github.com/hashicorp/boundary/sdk v0.0.58 ) require ( @@ -12,10 +12,11 @@ require ( cloud.google.com/go/auth v0.9.3 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute v1.28.0 // indirect - cloud.google.com/go/compute/metadata v0.7.0 // indirect + cloud.google.com/go/compute/metadata v0.9.0 // indirect cloud.google.com/go/iam v1.2.0 // indirect cloud.google.com/go/longrunning v0.6.0 // indirect cloud.google.com/go/resourcemanager v1.10.1 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect @@ -30,7 +31,7 @@ require ( github.com/hashicorp/eventlogger v0.2.11 // indirect github.com/hashicorp/eventlogger/filters/encrypt v0.1.8-0.20231025104552-802587e608f0 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect - github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 // indirect + github.com/hashicorp/go-kms-wrapping/v2 v2.0.20 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.7.0 // indirect github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 // indirect @@ -51,24 +52,24 @@ require ( github.com/ryanuber/go-glob v1.0.0 // indirect github.com/stretchr/testify v1.11.1 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect - go.opentelemetry.io/otel v1.37.0 // indirect - go.opentelemetry.io/otel/metric v1.37.0 // indirect - go.opentelemetry.io/otel/trace v1.37.0 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect + go.opentelemetry.io/otel v1.39.0 // indirect + go.opentelemetry.io/otel/metric v1.39.0 // indirect + go.opentelemetry.io/otel/trace v1.39.0 // indirect + golang.org/x/crypto v0.48.0 // indirect + golang.org/x/net v0.49.0 // indirect + golang.org/x/oauth2 v0.34.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.41.0 // indirect + golang.org/x/text v0.34.0 // indirect golang.org/x/time v0.12.0 // indirect google.golang.org/api v0.196.0 // indirect google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect - google.golang.org/grpc v1.75.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.11 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/plugins/boundary/mains/gcp/go.sum b/plugins/boundary/mains/gcp/go.sum index 30fe75df0e0..87b884dcadf 100644 --- a/plugins/boundary/mains/gcp/go.sum +++ b/plugins/boundary/mains/gcp/go.sum @@ -7,8 +7,8 @@ cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/compute v1.28.0 h1:OPtBxMcheSS+DWfci803qvPly3d4w7Eu5ztKBcFfzwk= cloud.google.com/go/compute v1.28.0/go.mod h1:DEqZBtYrDnD5PvjsKwb3onnhX+qjdCVM7eshj1XdjV4= -cloud.google.com/go/compute/metadata v0.7.0 h1:PBWF+iiAerVNe8UCHxdOt6eHLVc3ydFeOCw78U8ytSU= -cloud.google.com/go/compute/metadata v0.7.0/go.mod h1:j5MvL9PprKL39t166CoB1uVHfQMs4tFQZZcKwksXUjo= +cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs= +cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10= cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= cloud.google.com/go/longrunning v0.6.0 h1:mM1ZmaNsQsnb+5n1DNPeL0KwQd9jQRqSqSDEkBZr+aI= @@ -29,15 +29,24 @@ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kB github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= +github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w= +github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= +github.com/envoyproxy/go-control-plane v0.14.0 h1:hbG2kr4RuFj222B6+7T83thSPqLjwBIfQawTkC++2HA= +github.com/envoyproxy/go-control-plane/envoy v1.36.0 h1:yg/JjO5E7ubRyKX3m07GF3reDNEnfOboJ0QySbH736g= +github.com/envoyproxy/go-control-plane/envoy v1.36.0/go.mod h1:ty89S1YCCVruQAm9OtKeEkQLTb+Lkz0k8v9W0Oxsv98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/envoyproxy/protoc-gen-validate v1.3.0 h1:TvGH1wof4H33rezVKWSpqKz5NXWg5VPuZ0uONDT6eb4= +github.com/envoyproxy/protoc-gen-validate v1.3.0/go.mod h1:HvYl7zwPa5mffgyeTUHA9zHIH36nmrm7oCbo4YKoSWA= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= @@ -85,8 +94,8 @@ github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDP github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= github.com/hashicorp/boundary-plugin-gcp v0.1.0 h1:fIq07J0byp3qJ7aCC+oN+hLt11V5kjgzj3HpOa6r32o= github.com/hashicorp/boundary-plugin-gcp v0.1.0/go.mod h1:l15UQaKEEcppwrFGGVNBBVmAZqN5HaOk29dh5uVVztQ= -github.com/hashicorp/boundary/sdk v0.0.55 h1:+1U2Nzw4snN62lNbztyczcFC3pN48gCZwyH6MTtVKII= -github.com/hashicorp/boundary/sdk v0.0.55/go.mod h1:Czlnppzciz//CzXDGRyeH9YRpZ/mCeN2EVirP1tJdGc= +github.com/hashicorp/boundary/sdk v0.0.58 h1:vkRFibdZEANlBMK950CjQP39EnnbV7X/mjwtL1sxq1Y= +github.com/hashicorp/boundary/sdk v0.0.58/go.mod h1:VYwVGAEaHTzihRXpzKZL6EhWBhll59Iul3PGLVL63ao= github.com/hashicorp/cli v1.1.7 h1:/fZJ+hNdwfTSfsxMBa9WWMlfjUZbX8/LnUxgAd7lCVU= github.com/hashicorp/cli v1.1.7/go.mod h1:e6Mfpga9OCT1vqzFuoGZiiF/KaG9CbUfO5s3ghU3YgU= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -100,8 +109,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 h1:DLfC677GfKEpSAFpEWvl1vXsGpEcSHmbhBaPLrdDQHc= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.18/go.mod h1:t/eaR/mi2mw3klfl1WEAuiLKrlZ/Q8cosmsT+RIPLu0= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.20 h1:afreZ1WJd0WI7v4NsMZ1aL7V/T59sxPuKmQDgGUja20= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.20/go.mod h1:NeK2Ul15t1zutp/dZzt28XQrGZHosbxE/QLNNfaWObM= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.7.0 h1:YghfQH/0QmPNc/AZMTFE3ac8fipZyZECHdDPshfk+mA= @@ -162,13 +171,15 @@ github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zx github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.2.3 h1:NP0eAhjcjImqslEwo/1hq7gpajME0fTLTezBKDqfXqo= github.com/posener/complete v1.2.3/go.mod h1:WZIdtGGp+qx0sLrYKtIRAruyNpv6hFCicSgv7Sy7s/s= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/shopspring/decimal v1.3.1 h1:2Usl1nmF/WZucqkFZhnfFYxxxu8LG21F6nPQBE5gKV8= @@ -186,28 +197,28 @@ github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= +golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -218,16 +229,16 @@ golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73r golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= golang.org/x/net v0.0.0-20201110031124-69a78807bb2b/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= +golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= +golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -238,12 +249,12 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= +golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= +golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -263,17 +274,17 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= +google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 h1:JLQynH/LBHfCTSbDWl+py8C+Rg/k1OVH3xfcaiANuF0= +google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:kSJwQxqmFXeo79zOmbrALdflXQeAYcUbgS7PbpMknCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 h1:mWPCjDEyshlQYzBpMNHaEof6UX1PmHcaUODUywQ0uac= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg= google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -283,8 +294,8 @@ google.golang.org/protobuf v1.22.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2 google.golang.org/protobuf v1.23.0/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpADcykh3NcUnDUJcl1+ZksZNG86OlYog2l/sGQquU= google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/plugins/boundary/mains/minio/go.mod b/plugins/boundary/mains/minio/go.mod index 189a6df79e2..a0ff753583d 100644 --- a/plugins/boundary/mains/minio/go.mod +++ b/plugins/boundary/mains/minio/go.mod @@ -1,10 +1,10 @@ module github.com/hashicorp/boundary/plugins/boundary/mains/minio -go 1.25.0 +go 1.25.7 require ( github.com/hashicorp/boundary-plugin-minio v0.1.7 - github.com/hashicorp/boundary/sdk v0.0.55 + github.com/hashicorp/boundary/sdk v0.0.58 ) require ( @@ -20,7 +20,7 @@ require ( github.com/hashicorp/eventlogger v0.2.11 // indirect github.com/hashicorp/eventlogger/filters/encrypt v0.1.8-0.20231025104552-802587e608f0 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect - github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 // indirect + github.com/hashicorp/go-kms-wrapping/v2 v2.0.20 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-plugin v1.7.0 // indirect github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 // indirect @@ -47,13 +47,13 @@ require ( github.com/ryanuber/go-glob v1.0.0 // indirect github.com/secure-io/sio-go v0.3.1 // indirect github.com/stretchr/testify v1.11.1 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect - google.golang.org/grpc v1.75.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + golang.org/x/crypto v0.48.0 // indirect + golang.org/x/net v0.49.0 // indirect + golang.org/x/sys v0.41.0 // indirect + golang.org/x/text v0.34.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.11 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/plugins/boundary/mains/minio/go.sum b/plugins/boundary/mains/minio/go.sum index bb115d425b2..fcdbf02a382 100644 --- a/plugins/boundary/mains/minio/go.sum +++ b/plugins/boundary/mains/minio/go.sum @@ -20,6 +20,8 @@ github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/ github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/containerd/continuity v0.4.3 h1:6HVkalIp+2u1ZLH1J/pYX2oBVXlJZvh1X1A7bEZ9Su8= github.com/containerd/continuity v0.4.3/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -63,8 +65,8 @@ github.com/hashicorp/boundary-plugin-minio v0.1.7 h1:s6VVeYor6jm6+RtEjAgRahrsi6H github.com/hashicorp/boundary-plugin-minio v0.1.7/go.mod h1:x7qnQE0bGwsRCiBXMMad1u+nhsLAa2Jpbpu9P3ysNQ0= github.com/hashicorp/boundary-plugin-minio/madmin v0.1.0 h1:VH/D4t0L3wmVPn7a1DDqF4nSOTGuWktXLnDny98y63Y= github.com/hashicorp/boundary-plugin-minio/madmin v0.1.0/go.mod h1:y0Q45edl67+Q8CVtnMpDeneusJv8ypMXWrKDyTA82qI= -github.com/hashicorp/boundary/sdk v0.0.55 h1:+1U2Nzw4snN62lNbztyczcFC3pN48gCZwyH6MTtVKII= -github.com/hashicorp/boundary/sdk v0.0.55/go.mod h1:Czlnppzciz//CzXDGRyeH9YRpZ/mCeN2EVirP1tJdGc= +github.com/hashicorp/boundary/sdk v0.0.58 h1:vkRFibdZEANlBMK950CjQP39EnnbV7X/mjwtL1sxq1Y= +github.com/hashicorp/boundary/sdk v0.0.58/go.mod h1:VYwVGAEaHTzihRXpzKZL6EhWBhll59Iul3PGLVL63ao= github.com/hashicorp/cli v1.1.7 h1:/fZJ+hNdwfTSfsxMBa9WWMlfjUZbX8/LnUxgAd7lCVU= github.com/hashicorp/cli v1.1.7/go.mod h1:e6Mfpga9OCT1vqzFuoGZiiF/KaG9CbUfO5s3ghU3YgU= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -78,8 +80,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 h1:DLfC677GfKEpSAFpEWvl1vXsGpEcSHmbhBaPLrdDQHc= -github.com/hashicorp/go-kms-wrapping/v2 v2.0.18/go.mod h1:t/eaR/mi2mw3klfl1WEAuiLKrlZ/Q8cosmsT+RIPLu0= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.20 h1:afreZ1WJd0WI7v4NsMZ1aL7V/T59sxPuKmQDgGUja20= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.20/go.mod h1:NeK2Ul15t1zutp/dZzt28XQrGZHosbxE/QLNNfaWObM= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-plugin v1.7.0 h1:YghfQH/0QmPNc/AZMTFE3ac8fipZyZECHdDPshfk+mA= @@ -192,27 +194,27 @@ github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHo github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ= github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74= github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/crypto v0.48.0 h1:/VRzVqiRSggnhY7gNRxPauEQ5Drw9haKdM0jqfcCFts= +golang.org/x/crypto v0.48.0/go.mod h1:r0kV5h3qnFPlQnBSrULhlsRfryS2pmewsg+XfMgkVos= golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/net v0.49.0 h1:eeHFmOGUTtaaPSGNmjBKpbng9MulQsJURQUAfUwY++o= +golang.org/x/net v0.49.0/go.mod h1:/ysNB2EvaqvesRkuLAyjI1ycPZlQHM3q01F02UY/MV8= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -222,21 +224,21 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.41.0 h1:Ivj+2Cp/ylzLiEU89QhWblYnOE9zerudt9Ftecq2C6k= +golang.org/x/sys v0.41.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/text v0.34.0 h1:oL/Qq0Kdaqxa1KbNeMKwQq0reLCCaFtqu2eNuSeNHbk= +golang.org/x/text v0.34.0/go.mod h1:homfLqTYRFyVYemLBFl5GgL/DWEiH5wcsQ5gSh1yziA= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57 h1:JLQynH/LBHfCTSbDWl+py8C+Rg/k1OVH3xfcaiANuF0= +google.golang.org/genproto/googleapis/api v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:kSJwQxqmFXeo79zOmbrALdflXQeAYcUbgS7PbpMknCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57 h1:mWPCjDEyshlQYzBpMNHaEof6UX1PmHcaUODUywQ0uac= +google.golang.org/genproto/googleapis/rpc v0.0.0-20260209200024-4cfbd4190f57/go.mod h1:j9x/tPzZkyxcgEFkiKEEGxfvyumM01BEtsW8xzOahRQ= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/protobuf v1.36.11 h1:fV6ZwhNocDyBLK0dj+fg8ektcVegBBuEolpbTQyBNVE= +google.golang.org/protobuf v1.36.11/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/plugins/kms/mains/alicloudkms/go.mod b/plugins/kms/mains/alicloudkms/go.mod index 9c43adeef13..a3d282fa011 100644 --- a/plugins/kms/mains/alicloudkms/go.mod +++ b/plugins/kms/mains/alicloudkms/go.mod @@ -1,9 +1,9 @@ module github.com/hashicorp/boundary/plugins/kms/mains/alicloudkms -go 1.25.0 +go 1.25.7 require ( - github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 + github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 github.com/hashicorp/go-kms-wrapping/wrappers/alicloudkms/v2 v2.0.4 ) @@ -34,12 +34,12 @@ require ( github.com/rogpeppe/go-internal v1.8.1 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/stretchr/testify v1.11.1 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect - google.golang.org/grpc v1.75.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/plugins/kms/mains/alicloudkms/go.sum b/plugins/kms/mains/alicloudkms/go.sum index 20f5df5ed42..0d4da3419e6 100644 --- a/plugins/kms/mains/alicloudkms/go.sum +++ b/plugins/kms/mains/alicloudkms/go.sum @@ -2,6 +2,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.214 h1:4Z3mUiUTC2QezSy1N+Pz8CGb1pjx github.com/aliyun/alibaba-cloud-sdk-go v1.62.214/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs= github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -22,8 +24,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 h1:8Of1hlBVUGZqC3TBoVRaD6a2h9XaPhDuEAUHRZGPhnk= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9/go.mod h1:7egilz8lAcTD4oTAmfh/yV6RK+nI3XXNO1FyVb765Ig= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 h1:DLfC677GfKEpSAFpEWvl1vXsGpEcSHmbhBaPLrdDQHc= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18/go.mod h1:t/eaR/mi2mw3klfl1WEAuiLKrlZ/Q8cosmsT+RIPLu0= github.com/hashicorp/go-kms-wrapping/wrappers/alicloudkms/v2 v2.0.4 h1:8XgCt3ZDfE0MPBLJsUE4ZnPkFAF4K13Zxqyjx1lA22A= @@ -99,40 +101,40 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= go.uber.org/atomic v1.9.0 h1:ECmE8Bn/WFTYwEW/bpKD3M8VtR/zQVbavAoalC1PYyE= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= diff --git a/plugins/kms/mains/awskms/go.mod b/plugins/kms/mains/awskms/go.mod index 01d11eeb6f7..efdd2171dc3 100644 --- a/plugins/kms/mains/awskms/go.mod +++ b/plugins/kms/mains/awskms/go.mod @@ -1,9 +1,9 @@ module github.com/hashicorp/boundary/plugins/kms/mains/awskms -go 1.25.0 +go 1.25.7 require ( - github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 + github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.11 ) @@ -35,11 +35,11 @@ require ( github.com/rogpeppe/go-internal v1.8.1 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/stretchr/testify v1.11.1 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect - google.golang.org/grpc v1.75.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/plugins/kms/mains/awskms/go.sum b/plugins/kms/mains/awskms/go.sum index 8905e3c681e..28d29d3615d 100644 --- a/plugins/kms/mains/awskms/go.sum +++ b/plugins/kms/mains/awskms/go.sum @@ -3,6 +3,8 @@ github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= @@ -30,8 +32,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/S github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 h1:8Of1hlBVUGZqC3TBoVRaD6a2h9XaPhDuEAUHRZGPhnk= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9/go.mod h1:7egilz8lAcTD4oTAmfh/yV6RK+nI3XXNO1FyVb765Ig= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 h1:DLfC677GfKEpSAFpEWvl1vXsGpEcSHmbhBaPLrdDQHc= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18/go.mod h1:t/eaR/mi2mw3klfl1WEAuiLKrlZ/Q8cosmsT+RIPLu0= github.com/hashicorp/go-kms-wrapping/wrappers/awskms/v2 v2.0.11 h1:J9zGa9SlcOHT3SQTj0Vv3shHo0anWbs58weURGCgChI= @@ -101,22 +103,22 @@ github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5 github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -127,19 +129,19 @@ golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= diff --git a/plugins/kms/mains/azurekeyvault/go.mod b/plugins/kms/mains/azurekeyvault/go.mod index 7f2a571c668..781e8064326 100644 --- a/plugins/kms/mains/azurekeyvault/go.mod +++ b/plugins/kms/mains/azurekeyvault/go.mod @@ -1,9 +1,9 @@ module github.com/hashicorp/boundary/plugins/kms/mains/azurekeyvault -go 1.25.0 +go 1.25.7 require ( - github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 + github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.14 ) @@ -45,12 +45,12 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/stretchr/testify v1.11.1 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect - google.golang.org/grpc v1.75.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + golang.org/x/crypto v0.46.0 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/plugins/kms/mains/azurekeyvault/go.sum b/plugins/kms/mains/azurekeyvault/go.sum index c92ddf56589..902e4122096 100644 --- a/plugins/kms/mains/azurekeyvault/go.sum +++ b/plugins/kms/mains/azurekeyvault/go.sum @@ -62,8 +62,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 h1:8Of1hlBVUGZqC3TBoVRaD6a2h9XaPhDuEAUHRZGPhnk= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9/go.mod h1:7egilz8lAcTD4oTAmfh/yV6RK+nI3XXNO1FyVb765Ig= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 h1:DLfC677GfKEpSAFpEWvl1vXsGpEcSHmbhBaPLrdDQHc= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18/go.mod h1:t/eaR/mi2mw3klfl1WEAuiLKrlZ/Q8cosmsT+RIPLu0= github.com/hashicorp/go-kms-wrapping/wrappers/azurekeyvault/v2 v2.0.14 h1:oK4OQ5EPbx/66dAvitksV+OdrQ86SZEj3B6VSZrbdEY= @@ -125,32 +125,32 @@ github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -167,8 +167,8 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= @@ -177,20 +177,20 @@ golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/plugins/kms/mains/gcpckms/go.mod b/plugins/kms/mains/gcpckms/go.mod index d59eb46ca82..cf8877bbd2f 100644 --- a/plugins/kms/mains/gcpckms/go.mod +++ b/plugins/kms/mains/gcpckms/go.mod @@ -1,9 +1,9 @@ module github.com/hashicorp/boundary/plugins/kms/mains/gcpckms -go 1.25.0 +go 1.25.7 require ( - github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 + github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.13 ) @@ -11,10 +11,11 @@ require ( cloud.google.com/go v0.121.2 // indirect cloud.google.com/go/auth v0.16.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.8 // indirect - cloud.google.com/go/compute/metadata v0.7.0 // indirect + cloud.google.com/go/compute/metadata v0.9.0 // indirect cloud.google.com/go/iam v1.5.2 // indirect cloud.google.com/go/kms v1.22.0 // indirect cloud.google.com/go/longrunning v0.6.7 // indirect + github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/fatih/color v1.18.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect @@ -40,24 +41,24 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/stretchr/testify v1.11.1 // indirect - go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/auto/sdk v1.2.1 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 // indirect - go.opentelemetry.io/otel v1.37.0 // indirect - go.opentelemetry.io/otel/metric v1.37.0 // indirect - go.opentelemetry.io/otel/trace v1.37.0 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/oauth2 v0.30.0 // indirect - golang.org/x/sync v0.16.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect + go.opentelemetry.io/otel v1.39.0 // indirect + go.opentelemetry.io/otel/metric v1.39.0 // indirect + go.opentelemetry.io/otel/trace v1.39.0 // indirect + golang.org/x/crypto v0.46.0 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/oauth2 v0.34.0 // indirect + golang.org/x/sync v0.19.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect golang.org/x/time v0.12.0 // indirect google.golang.org/api v0.234.0 // indirect google.golang.org/genproto v0.0.0-20250519155744-55703ea1f237 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect - google.golang.org/grpc v1.75.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/plugins/kms/mains/gcpckms/go.sum b/plugins/kms/mains/gcpckms/go.sum index f69f794b824..b2b05cc4a2d 100644 --- a/plugins/kms/mains/gcpckms/go.sum +++ b/plugins/kms/mains/gcpckms/go.sum @@ -4,8 +4,8 @@ cloud.google.com/go/auth v0.16.1 h1:XrXauHMd30LhQYVRHLGvJiYeczweKQXZxsTbV9TiguU= cloud.google.com/go/auth v0.16.1/go.mod h1:1howDHJ5IETh/LwYs3ZxvlkXF48aSqqJUM+5o02dNOI= cloud.google.com/go/auth/oauth2adapt v0.2.8 h1:keo8NaayQZ6wimpNSmW5OPc283g65QNIiLpZnkHRbnc= cloud.google.com/go/auth/oauth2adapt v0.2.8/go.mod h1:XQ9y31RkqZCcwJWNSx2Xvric3RrU88hAYYbjDWYDL+c= -cloud.google.com/go/compute/metadata v0.7.0 h1:PBWF+iiAerVNe8UCHxdOt6eHLVc3ydFeOCw78U8ytSU= -cloud.google.com/go/compute/metadata v0.7.0/go.mod h1:j5MvL9PprKL39t166CoB1uVHfQMs4tFQZZcKwksXUjo= +cloud.google.com/go/compute/metadata v0.9.0 h1:pDUj4QMoPejqq20dK0Pg2N4yG9zIkYGdBtwLoEkH9Zs= +cloud.google.com/go/compute/metadata v0.9.0/go.mod h1:E0bWwX5wTnLPedCKqk3pJmVgCBSM6qQI1yTBdEb3C10= cloud.google.com/go/iam v1.5.2 h1:qgFRAGEmd8z6dJ/qyEchAuL9jpswyODjA2lS+w234g8= cloud.google.com/go/iam v1.5.2/go.mod h1:SE1vg0N81zQqLzQEwxL2WI6yhetBdbNQuTvIKCSkUHE= cloud.google.com/go/kms v1.22.0 h1:dBRIj7+GDeeEvatJeTB19oYZNV0aj6wEqSIT/7gLqtk= @@ -14,9 +14,18 @@ cloud.google.com/go/longrunning v0.6.7 h1:IGtfDWHhQCgCjwQjV9iiLnUta9LBCo8R9QmAFs cloud.google.com/go/longrunning v0.6.7/go.mod h1:EAFV3IZAKmM56TyiE6VAP3VoTzhZzySwI/YI1s/nRsY= github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5 h1:6xNmx7iTtyBRev0+D/Tv1FZd4SCg8axKApyNyRsAt/w= +github.com/cncf/xds/go v0.0.0-20251210132809-ee656c7534f5/go.mod h1:KdCmV+x/BuvyMxRnYBlmVaq4OLiKW6iRQfvC62cvdkI= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/envoyproxy/go-control-plane v0.14.0 h1:hbG2kr4RuFj222B6+7T83thSPqLjwBIfQawTkC++2HA= +github.com/envoyproxy/go-control-plane/envoy v1.36.0 h1:yg/JjO5E7ubRyKX3m07GF3reDNEnfOboJ0QySbH736g= +github.com/envoyproxy/go-control-plane/envoy v1.36.0/go.mod h1:ty89S1YCCVruQAm9OtKeEkQLTb+Lkz0k8v9W0Oxsv98= +github.com/envoyproxy/protoc-gen-validate v1.3.0 h1:TvGH1wof4H33rezVKWSpqKz5NXWg5VPuZ0uONDT6eb4= +github.com/envoyproxy/protoc-gen-validate v1.3.0/go.mod h1:HvYl7zwPa5mffgyeTUHA9zHIH36nmrm7oCbo4YKoSWA= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= @@ -41,8 +50,8 @@ github.com/googleapis/gax-go/v2 v2.14.2 h1:eBLnkZ9635krYIPD+ag1USrOAI0Nr0QYF3+/3 github.com/googleapis/gax-go/v2 v2.14.2/go.mod h1:ON64QhlJkhVtSqp4v1uaK92VyZ2gmvDQsweuyLV+8+w= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 h1:8Of1hlBVUGZqC3TBoVRaD6a2h9XaPhDuEAUHRZGPhnk= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9/go.mod h1:7egilz8lAcTD4oTAmfh/yV6RK+nI3XXNO1FyVb765Ig= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 h1:DLfC677GfKEpSAFpEWvl1vXsGpEcSHmbhBaPLrdDQHc= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18/go.mod h1:t/eaR/mi2mw3klfl1WEAuiLKrlZ/Q8cosmsT+RIPLu0= github.com/hashicorp/go-kms-wrapping/wrappers/gcpckms/v2 v2.0.13 h1:NGBZnF+yPRZ3gjFl69Y2m58/U0iyB2oH9HaznL9tekA= @@ -80,50 +89,52 @@ github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyua github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/oklog/run v1.1.0 h1:GEenZ1cK0+q0+wsJew9qUg/DyD8k3JzYsZAi5gYi2mA= github.com/oklog/run v1.1.0/go.mod h1:sVPdnTZT1zYwAJeCMu2Th4T21pA3FPOQRfWjQlk7DVU= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 h1:GFCKgmp0tecUJ0sJuv4pzYCqS9+RGSn52M3FUwPs+uo= +github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10/go.mod h1:t/avpk3KcrXxUnYOhZhMXJlSEyie6gQbtLq5NM3loB8= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= -github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= +github.com/rogpeppe/go-internal v1.14.1 h1:UQB4HGPB6osV0SQTLymcB4TgvyWu6ZyliaW0tI/otEQ= +github.com/rogpeppe/go-internal v1.14.1/go.mod h1:MaRKkUm5W0goXpeCfT7UZI6fk/L7L7so1lCWt35ZSgc= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0 h1:q4XOmH/0opmeuJtPsbFNivyl7bCt7yRBbeEm2sC/XtQ= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.61.0/go.mod h1:snMWehoOh2wsEwnvvwtDyFCxVeDAODenXHtn5vzrKjo= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0 h1:F7Jx+6hwnZ41NSFTO5q4LYDtJRXBf2PD0rNBkeB/lus= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.61.0/go.mod h1:UHB22Z8QsdRDrnAtX4PntOl36ajSxcdUMt1sF7Y6E7Q= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= -golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw= -golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= +golang.org/x/oauth2 v0.34.0 h1:hqK/t4AKgbqWkdkcAeI8XLmbK+4m4G5YeQRrmiotGlw= +golang.org/x/oauth2 v0.34.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= +golang.org/x/sync v0.19.0 h1:vV+1eWNmZ5geRlYjzm2adRgW2/mcpevXNg50YZtPCE4= +golang.org/x/sync v0.19.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= @@ -132,14 +143,14 @@ google.golang.org/api v0.234.0 h1:d3sAmYq3E9gdr2mpmiWGbm9pHsA/KJmyiLkwKfHBqU4= google.golang.org/api v0.234.0/go.mod h1:QpeJkemzkFKe5VCE/PMv7GsUfn9ZF+u+q1Q7w6ckxTg= google.golang.org/genproto v0.0.0-20250519155744-55703ea1f237 h1:2zGWyk04EwQ3mmV4dd4M4U7P/igHi5p7CBJEg1rI6A8= google.golang.org/genproto v0.0.0-20250519155744-55703ea1f237/go.mod h1:LhI4bRmX3rqllzQ+BGneexULkEjBf2gsAfkbeCA8IbU= -google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7 h1:FiusG7LWj+4byqhbvmB+Q93B/mOxJLN2DTozDuZm4EU= -google.golang.org/genproto/googleapis/api v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:kXqgZtrWaf6qS3jZOCnCH7WYfrvFjkC51bM8fz3RsCA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/plugins/kms/mains/ibmkp/go.mod b/plugins/kms/mains/ibmkp/go.mod new file mode 100644 index 00000000000..5780c151b95 --- /dev/null +++ b/plugins/kms/mains/ibmkp/go.mod @@ -0,0 +1,41 @@ +module github.com/hashicorp/boundary/plugins/kms/mains/ibmkp + +go 1.25.7 + +require ( + github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 + github.com/hashicorp/go-kms-wrapping/wrappers/ibmkp/v2 v2.0.0 +) + +require ( + github.com/IBM/keyprotect-go-client v0.15.1 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/fatih/color v1.18.0 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/hashicorp/go-cleanhttp v0.5.2 // indirect + github.com/hashicorp/go-hclog v1.6.3 // indirect + github.com/hashicorp/go-kms-wrapping/v2 v2.0.19 // indirect + github.com/hashicorp/go-plugin v1.7.0 // indirect + github.com/hashicorp/go-retryablehttp v0.7.8 // indirect + github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 // indirect + github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0 // indirect + github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect + github.com/hashicorp/go-sockaddr v1.0.7 // indirect + github.com/hashicorp/go-uuid v1.0.3 // indirect + github.com/hashicorp/yamux v0.1.2 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/oklog/run v1.2.0 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/ryanuber/go-glob v1.0.0 // indirect + github.com/stretchr/testify v1.11.1 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.10 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) diff --git a/plugins/kms/mains/ibmkp/go.sum b/plugins/kms/mains/ibmkp/go.sum new file mode 100644 index 00000000000..7e85efeefed --- /dev/null +++ b/plugins/kms/mains/ibmkp/go.sum @@ -0,0 +1,134 @@ +github.com/IBM/keyprotect-go-client v0.15.1 h1:m4qzqF5zOumRxKZ8s7vtK7A/UV/D278L8xpRG+WgT0s= +github.com/IBM/keyprotect-go-client v0.15.1/go.mod h1:asXtHwL/4uCHA221Vd/7SkXEi2pcRHDzPyyksc1DthE= +github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= +github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw= +github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= +github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 h1:8Of1hlBVUGZqC3TBoVRaD6a2h9XaPhDuEAUHRZGPhnk= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9/go.mod h1:7egilz8lAcTD4oTAmfh/yV6RK+nI3XXNO1FyVb765Ig= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.19 h1:FX7HrkfkYomf4SlMrwzOP32FXuFltq34Qy/gXk1Tp5Y= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.19/go.mod h1:wpZygQlPUUGt4Klgg+RlCaq/KRe8XinEzqTf7QmvrNo= +github.com/hashicorp/go-kms-wrapping/wrappers/ibmkp/v2 v2.0.0 h1:M2dN1Hd4BhAdJf9k07+I0vsSwuaOQ236lRYqSzUGZnE= +github.com/hashicorp/go-kms-wrapping/wrappers/ibmkp/v2 v2.0.0/go.mod h1:q7YuFP0xds3wMWJW1ouoLCcp9rVwO1Qf1ewM9MP9AKI= +github.com/hashicorp/go-plugin v1.7.0 h1:YghfQH/0QmPNc/AZMTFE3ac8fipZyZECHdDPshfk+mA= +github.com/hashicorp/go-plugin v1.7.0/go.mod h1:BExt6KEaIYx804z8k4gRzRLEvxKVb+kn0NMcihqOqb8= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48= +github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw= +github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 h1:ET4pqyjiGmY09R5y+rSd70J2w45CtbWDNvGqWp/R3Ng= +github.com/hashicorp/go-secure-stdlib/base62 v0.1.2/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= +github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0 h1:U+kC2dOhMFQctRfhK0gRctKAPTloZdMU5ZJxaesJ/VM= +github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0/go.mod h1:Ll013mhdmsVDuoIXVfBtvgGJsXDYkTw1kooNcoCXuE0= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= +github.com/hashicorp/go-sockaddr v1.0.7 h1:G+pTkSO01HpR5qCxg7lxfsFEZaG+C0VssTy/9dbT+Fw= +github.com/hashicorp/go-sockaddr v1.0.7/go.mod h1:FZQbEYa1pxkQ7WLpyXJ6cbjpT8q0YgQaK/JakXqGyWw= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/yamux v0.1.2 h1:XtB8kyFOyHXYVFnwT5C3+Bdo8gArse7j2AQ0DA0Uey8= +github.com/hashicorp/yamux v0.1.2/go.mod h1:C+zze2n6e/7wshOZep2A70/aQU6QBRWJO/G6FT1wIns= +github.com/jhump/protoreflect v1.17.0 h1:qOEr613fac2lOuTgWN4tPAtLL7fUSbuJL5X5XumQh94= +github.com/jhump/protoreflect v1.17.0/go.mod h1:h9+vUUL38jiBzck8ck+6G/aeMX8Z4QUY/NiJPwPNi+8= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= +github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= +github.com/oklog/run v1.2.0 h1:O8x3yXwah4A73hJdlrwo/2X6J62gE5qTMusH0dvz60E= +github.com/oklog/run v1.2.0/go.mod h1:mgDbKRSwPhJfesJ4PntqFUbKQRZ50NgmZTSPlFA0YFk= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= +github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= +github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= +github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= +gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= +gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/h2non/gock.v1 v1.1.2 h1:jBbHXgGBK/AoPVfJh5x4r/WxIrElvbLel8TCZkkZJoY= +gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaDva0= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/plugins/kms/mains/ibmkp/main.go b/plugins/kms/mains/ibmkp/main.go new file mode 100644 index 00000000000..d196493a9a1 --- /dev/null +++ b/plugins/kms/mains/ibmkp/main.go @@ -0,0 +1,20 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package main + +import ( + "fmt" + "os" + + gkwp "github.com/hashicorp/go-kms-wrapping/plugin/v2" + "github.com/hashicorp/go-kms-wrapping/wrappers/ibmkp/v2" +) + +func main() { + if err := gkwp.ServePlugin(ibmkp.NewWrapper()); err != nil { + fmt.Println("Error serving plugin", err) + os.Exit(1) + } + os.Exit(0) +} diff --git a/plugins/kms/mains/ocikms/go.mod b/plugins/kms/mains/ocikms/go.mod index 003392acd1a..8337bb35fb0 100644 --- a/plugins/kms/mains/ocikms/go.mod +++ b/plugins/kms/mains/ocikms/go.mod @@ -1,9 +1,9 @@ module github.com/hashicorp/boundary/plugins/kms/mains/ocikms -go 1.25.0 +go 1.25.7 require ( - github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 + github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 github.com/hashicorp/go-kms-wrapping/wrappers/ocikms/v2 v2.0.9 ) @@ -30,11 +30,11 @@ require ( github.com/ryanuber/go-glob v1.0.0 // indirect github.com/sony/gobreaker v0.5.0 // indirect github.com/stretchr/testify v1.11.1 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect - google.golang.org/grpc v1.75.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/plugins/kms/mains/ocikms/go.sum b/plugins/kms/mains/ocikms/go.sum index d8185c4540f..4bfaa1628be 100644 --- a/plugins/kms/mains/ocikms/go.sum +++ b/plugins/kms/mains/ocikms/go.sum @@ -1,5 +1,7 @@ github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -18,8 +20,8 @@ github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 h1:8Of1hlBVUGZqC3TBoVRaD6a2h9XaPhDuEAUHRZGPhnk= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9/go.mod h1:7egilz8lAcTD4oTAmfh/yV6RK+nI3XXNO1FyVb765Ig= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 h1:DLfC677GfKEpSAFpEWvl1vXsGpEcSHmbhBaPLrdDQHc= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18/go.mod h1:t/eaR/mi2mw3klfl1WEAuiLKrlZ/Q8cosmsT+RIPLu0= github.com/hashicorp/go-kms-wrapping/wrappers/ocikms/v2 v2.0.9 h1:rlKOPHzZ41QeV/H6UIX2wVkPhLzVK+nKhLRIbIAZ0Yc= @@ -80,38 +82,38 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= diff --git a/plugins/kms/mains/transit/go.mod b/plugins/kms/mains/transit/go.mod index 0e2317faa0f..8b5c4c1ae4c 100644 --- a/plugins/kms/mains/transit/go.mod +++ b/plugins/kms/mains/transit/go.mod @@ -1,9 +1,9 @@ module github.com/hashicorp/boundary/plugins/kms/mains/transit -go 1.25.0 +go 1.25.7 require ( - github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 + github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 github.com/hashicorp/go-kms-wrapping/wrappers/transit/v2 v2.0.13 ) @@ -11,7 +11,7 @@ require ( github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/fatih/color v1.18.0 // indirect - github.com/go-jose/go-jose/v4 v4.1.1 // indirect + github.com/go-jose/go-jose/v4 v4.1.4 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -37,13 +37,12 @@ require ( github.com/pmezard/go-difflib v1.0.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/stretchr/testify v1.11.1 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect golang.org/x/time v0.12.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 // indirect - google.golang.org/grpc v1.75.0 // indirect - google.golang.org/protobuf v1.36.8 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect + google.golang.org/grpc v1.79.3 // indirect + google.golang.org/protobuf v1.36.10 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/plugins/kms/mains/transit/go.sum b/plugins/kms/mains/transit/go.sum index c8922c81282..63c83414e54 100644 --- a/plugins/kms/mains/transit/go.sum +++ b/plugins/kms/mains/transit/go.sum @@ -2,14 +2,16 @@ github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/ github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= -github.com/go-jose/go-jose/v4 v4.1.1 h1:JYhSgy4mXXzAdF3nUx3ygx347LRXJRrpgyU3adRmkAI= -github.com/go-jose/go-jose/v4 v4.1.1/go.mod h1:BdsZGqgdO3b6tTc6LSE56wcDbMMLuPsw5d4ZD5f94kA= +github.com/go-jose/go-jose/v4 v4.1.4 h1:moDMcTHmvE6Groj34emNPLs/qtYXRVcd6S7NHbHz3kA= +github.com/go-jose/go-jose/v4 v4.1.4/go.mod h1:x4oUasVrzR7071A4TnHLGSPpNOm2a21K9Kf04k1rs08= github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= @@ -29,8 +31,8 @@ github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9n github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= -github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9 h1:8Of1hlBVUGZqC3TBoVRaD6a2h9XaPhDuEAUHRZGPhnk= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.9/go.mod h1:7egilz8lAcTD4oTAmfh/yV6RK+nI3XXNO1FyVb765Ig= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18 h1:DLfC677GfKEpSAFpEWvl1vXsGpEcSHmbhBaPLrdDQHc= github.com/hashicorp/go-kms-wrapping/v2 v2.0.18/go.mod h1:t/eaR/mi2mw3klfl1WEAuiLKrlZ/Q8cosmsT+RIPLu0= github.com/hashicorp/go-kms-wrapping/wrappers/transit/v2 v2.0.13 h1:UuDeq3nr0e+H9CrZM3dvpDGkWFSJYTtuTqVekn2za2k= @@ -90,42 +92,40 @@ github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7 h1:pFyd6EwwL2TqFf8emdthzeX+gZE1ElRq3iM8pui4KBY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250707201910-8d1bb00bc6a7/go.mod h1:qQ0YXyHHx3XkvlzUtpXDkS29lDSafHMZBAZDc03LQ3A= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/sdk/go.mod b/sdk/go.mod index 99fa6c02bb6..475194e6c9c 100644 --- a/sdk/go.mod +++ b/sdk/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/boundary/sdk -go 1.25.0 +go 1.25.7 require ( github.com/coder/websocket v1.8.14 @@ -15,9 +15,9 @@ require ( github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 github.com/hashicorp/hcl v1.0.0 github.com/stretchr/testify v1.11.1 - google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c - google.golang.org/grpc v1.75.0 - google.golang.org/protobuf v1.36.8 + google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 + google.golang.org/grpc v1.79.3 + google.golang.org/protobuf v1.36.10 ) require ( @@ -58,10 +58,10 @@ require ( github.com/ryanuber/go-glob v1.0.0 // indirect github.com/shopspring/decimal v1.3.1 // indirect github.com/spf13/cast v1.5.0 // indirect - golang.org/x/crypto v0.41.0 // indirect - golang.org/x/net v0.43.0 // indirect - golang.org/x/sys v0.35.0 // indirect - golang.org/x/text v0.28.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c // indirect + golang.org/x/crypto v0.46.0 // indirect + golang.org/x/net v0.48.0 // indirect + golang.org/x/sys v0.39.0 // indirect + golang.org/x/text v0.32.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/sdk/go.sum b/sdk/go.sum index 3407e9c8538..9fa8a85abf8 100644 --- a/sdk/go.sum +++ b/sdk/go.sum @@ -10,6 +10,8 @@ github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQ github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= +github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= +github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/coder/websocket v1.8.14 h1:9L0p0iKiNOibykf283eHkKUHHrpG7f65OE3BhhO7v9g= github.com/coder/websocket v1.8.14/go.mod h1:NX3SzP+inril6yawo5CQXx8+fk145lPDC6pumgx0mVg= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -137,32 +139,32 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= -go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= -go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= -go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= -go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= -go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= -go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= -go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= -go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= -go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= -go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= -go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +go.opentelemetry.io/auto/sdk v1.2.1 h1:jXsnJ4Lmnqd11kwkBV2LgLoFMZKizbCi5fNZ/ipaZ64= +go.opentelemetry.io/auto/sdk v1.2.1/go.mod h1:KRTj+aOaElaLi+wW1kO/DZRXwkF4C5xPbEe3ZiIhN7Y= +go.opentelemetry.io/otel v1.39.0 h1:8yPrr/S0ND9QEfTfdP9V+SiwT4E0G7Y5MO7p85nis48= +go.opentelemetry.io/otel v1.39.0/go.mod h1:kLlFTywNWrFyEdH0oj2xK0bFYZtHRYUdv1NklR/tgc8= +go.opentelemetry.io/otel/metric v1.39.0 h1:d1UzonvEZriVfpNKEVmHXbdf909uGTOQjA0HF0Ls5Q0= +go.opentelemetry.io/otel/metric v1.39.0/go.mod h1:jrZSWL33sD7bBxg1xjrqyDjnuzTUB0x1nBERXd7Ftcs= +go.opentelemetry.io/otel/sdk v1.39.0 h1:nMLYcjVsvdui1B/4FRkwjzoRVsMK8uL/cj0OyhKzt18= +go.opentelemetry.io/otel/sdk v1.39.0/go.mod h1:vDojkC4/jsTJsE+kh+LXYQlbL8CgrEcwmt1ENZszdJE= +go.opentelemetry.io/otel/sdk/metric v1.39.0 h1:cXMVVFVgsIf2YL6QkRF4Urbr/aMInf+2WKg+sEJTtB8= +go.opentelemetry.io/otel/sdk/metric v1.39.0/go.mod h1:xq9HEVH7qeX69/JnwEfp6fVq5wosJsY1mt4lLfYdVew= +go.opentelemetry.io/otel/trace v1.39.0 h1:2d2vfpEDmCJ5zVYz7ijaJdOF59xLomrvj7bjt6/qCJI= +go.opentelemetry.io/otel/trace v1.39.0/go.mod h1:88w4/PnZSazkGzz/w84VHpQafiU4EtqqlVdxWy+rNOA= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= go.uber.org/goleak v1.3.0/go.mod h1:CoHD4mav9JJNrW/WLlf7HGZPjdw8EucARQHekz1X6bE= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.41.0 h1:WKYxWedPGCTVVl5+WHSSrOBT0O8lx32+zxmHxijgXp4= -golang.org/x/crypto v0.41.0/go.mod h1:pO5AFd7FA68rFak7rOAGVuygIISepHftHnr8dr6+sUc= +golang.org/x/crypto v0.46.0 h1:cKRW/pmt1pKAfetfu+RCEvjvZkA9RimPbh7bhFjGVBU= +golang.org/x/crypto v0.46.0/go.mod h1:Evb/oLKmMraqjZ2iQTwDwvCtJkczlDuTmdJXoZVzqU0= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.43.0 h1:lat02VYK2j4aLzMzecihNvTlJNQUq316m2Mr9rnM6YE= -golang.org/x/net v0.43.0/go.mod h1:vhO1fvI4dGsIjh73sWfUVjj3N7CA9WkKJNQm2svM6Jg= +golang.org/x/net v0.48.0 h1:zyQRTTrjc33Lhh0fBgT/H3oZq9WuvRR5gPC70xpDiQU= +golang.org/x/net v0.48.0/go.mod h1:+ndRgGjkh8FGtu1w1FGbEC31if4VrNVMuKTgcAAnQRY= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -177,8 +179,8 @@ golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI= -golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= +golang.org/x/sys v0.39.0 h1:CvCKL8MeisomCi6qNZ+wbb0DN9E5AATixKsvNtMoMFk= +golang.org/x/sys v0.39.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -186,22 +188,22 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= -golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng= -golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU= +golang.org/x/text v0.32.0 h1:ZD01bjUt1FQ9WJ0ClOL5vxgxOI/sVCNgX1YtKwcY0mU= +golang.org/x/text v0.32.0/go.mod h1:o/rUWzghvpD5TXrTIBuJU77MTaN0ljMWE47kxGJQ7jY= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c h1:AtEkQdl5b6zsybXcbz00j1LwNodDuH6hVifIaNqk7NQ= -google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c/go.mod h1:ea2MjsO70ssTfCjiwHgI0ZFqcw45Ksuk2ckf9G468GA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c h1:qXWI/sQtv5UKboZ/zUk7h+mrf/lXORyI+n9DKDAusdg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250818200422-3122310a409c/go.mod h1:gw1tLEfykwDz2ET4a12jcXt4couGAm7IwsVaTy0Sflo= -google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= -google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217 h1:fCvbg86sFXwdrl5LgVcTEvNC+2txB5mgROGmRL5mrls= +google.golang.org/genproto/googleapis/api v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:+rXWjjaukWZun3mLfjmVnQi18E1AsFbDN9QdJ5YXLto= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217 h1:gRkg/vSppuSQoDjxyiGfN4Upv/h/DQmIR10ZU8dh4Ww= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251202230838-ff82c1b0f217/go.mod h1:7i2o+ce6H/6BluujYR+kqX3GKH+dChPTQU19wjRPiGk= +google.golang.org/grpc v1.79.3 h1:sybAEdRIEtvcD68Gx7dmnwjZKlyfuc61Dyo9pGXXkKE= +google.golang.org/grpc v1.79.3/go.mod h1:KmT0Kjez+0dde/v2j9vzwoAScgEPx/Bw1CYChhHLrHQ= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= diff --git a/sdk/pbs/controller/api/resources/accounts/account.pb.go b/sdk/pbs/controller/api/resources/accounts/account.pb.go index b22f800066e..2f6f85e13b6 100644 --- a/sdk/pbs/controller/api/resources/accounts/account.pb.go +++ b/sdk/pbs/controller/api/resources/accounts/account.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/accounts/v1/account.proto diff --git a/sdk/pbs/controller/api/resources/aliases/alias.pb.go b/sdk/pbs/controller/api/resources/aliases/alias.pb.go index b51c2973858..96f5867b27c 100644 --- a/sdk/pbs/controller/api/resources/aliases/alias.pb.go +++ b/sdk/pbs/controller/api/resources/aliases/alias.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/aliases/v1/alias.proto diff --git a/sdk/pbs/controller/api/resources/authmethods/auth_method.pb.go b/sdk/pbs/controller/api/resources/authmethods/auth_method.pb.go index 2e323f53166..f7e81d61940 100644 --- a/sdk/pbs/controller/api/resources/authmethods/auth_method.pb.go +++ b/sdk/pbs/controller/api/resources/authmethods/auth_method.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/authmethods/v1/auth_method.proto diff --git a/sdk/pbs/controller/api/resources/authtokens/authtoken.pb.go b/sdk/pbs/controller/api/resources/authtokens/authtoken.pb.go index 1b7972e84ce..905645c4749 100644 --- a/sdk/pbs/controller/api/resources/authtokens/authtoken.pb.go +++ b/sdk/pbs/controller/api/resources/authtokens/authtoken.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/authtokens/v1/authtoken.proto diff --git a/sdk/pbs/controller/api/resources/billing/billing.pb.go b/sdk/pbs/controller/api/resources/billing/billing.pb.go index 058bd91cc84..cf36d0b2ab1 100644 --- a/sdk/pbs/controller/api/resources/billing/billing.pb.go +++ b/sdk/pbs/controller/api/resources/billing/billing.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/billing/v1/billing.proto diff --git a/sdk/pbs/controller/api/resources/credentiallibraries/credential_library.pb.go b/sdk/pbs/controller/api/resources/credentiallibraries/credential_library.pb.go index 6c025667146..ee3b3b0fc17 100644 --- a/sdk/pbs/controller/api/resources/credentiallibraries/credential_library.pb.go +++ b/sdk/pbs/controller/api/resources/credentiallibraries/credential_library.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/credentiallibraries/v1/credential_library.proto diff --git a/sdk/pbs/controller/api/resources/credentials/credential.pb.go b/sdk/pbs/controller/api/resources/credentials/credential.pb.go index 7321249443e..5dda0b0ee14 100644 --- a/sdk/pbs/controller/api/resources/credentials/credential.pb.go +++ b/sdk/pbs/controller/api/resources/credentials/credential.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/credentials/v1/credential.proto diff --git a/sdk/pbs/controller/api/resources/credentialstores/credential_store.pb.go b/sdk/pbs/controller/api/resources/credentialstores/credential_store.pb.go index 56af18ae98b..97ccd6a28d8 100644 --- a/sdk/pbs/controller/api/resources/credentialstores/credential_store.pb.go +++ b/sdk/pbs/controller/api/resources/credentialstores/credential_store.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/credentialstores/v1/credential_store.proto diff --git a/sdk/pbs/controller/api/resources/groups/group.pb.go b/sdk/pbs/controller/api/resources/groups/group.pb.go index 00dbcb770fb..a8bbeae820c 100644 --- a/sdk/pbs/controller/api/resources/groups/group.pb.go +++ b/sdk/pbs/controller/api/resources/groups/group.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/groups/v1/group.proto diff --git a/sdk/pbs/controller/api/resources/hostcatalogs/host_catalog.pb.go b/sdk/pbs/controller/api/resources/hostcatalogs/host_catalog.pb.go index 7e47134242a..f37d9ac1d51 100644 --- a/sdk/pbs/controller/api/resources/hostcatalogs/host_catalog.pb.go +++ b/sdk/pbs/controller/api/resources/hostcatalogs/host_catalog.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/hostcatalogs/v1/host_catalog.proto diff --git a/sdk/pbs/controller/api/resources/hosts/host.pb.go b/sdk/pbs/controller/api/resources/hosts/host.pb.go index 80f016c2a10..93829e7117b 100644 --- a/sdk/pbs/controller/api/resources/hosts/host.pb.go +++ b/sdk/pbs/controller/api/resources/hosts/host.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/hosts/v1/host.proto diff --git a/sdk/pbs/controller/api/resources/hostsets/host_set.pb.go b/sdk/pbs/controller/api/resources/hostsets/host_set.pb.go index 1507c8ef79e..597eab527f5 100644 --- a/sdk/pbs/controller/api/resources/hostsets/host_set.pb.go +++ b/sdk/pbs/controller/api/resources/hostsets/host_set.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/hostsets/v1/host_set.proto diff --git a/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go b/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go index f84b928325f..e1a8f32fbe4 100644 --- a/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go +++ b/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/managedgroups/v1/managed_group.proto diff --git a/sdk/pbs/controller/api/resources/plugins/plugin.pb.go b/sdk/pbs/controller/api/resources/plugins/plugin.pb.go index 50b40aa4f43..5aafdc715d3 100644 --- a/sdk/pbs/controller/api/resources/plugins/plugin.pb.go +++ b/sdk/pbs/controller/api/resources/plugins/plugin.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/plugins/v1/plugin.proto diff --git a/sdk/pbs/controller/api/resources/policies/policy.pb.go b/sdk/pbs/controller/api/resources/policies/policy.pb.go index f67cef2ac3e..84455a7eb22 100644 --- a/sdk/pbs/controller/api/resources/policies/policy.pb.go +++ b/sdk/pbs/controller/api/resources/policies/policy.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/policies/v1/policy.proto diff --git a/sdk/pbs/controller/api/resources/roles/role.pb.go b/sdk/pbs/controller/api/resources/roles/role.pb.go index 6ecf00ad676..fe1e458f874 100644 --- a/sdk/pbs/controller/api/resources/roles/role.pb.go +++ b/sdk/pbs/controller/api/resources/roles/role.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/roles/v1/role.proto diff --git a/sdk/pbs/controller/api/resources/scopes/scope.pb.go b/sdk/pbs/controller/api/resources/scopes/scope.pb.go index af35e7ae042..676c44a0f41 100644 --- a/sdk/pbs/controller/api/resources/scopes/scope.pb.go +++ b/sdk/pbs/controller/api/resources/scopes/scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/scopes/v1/scope.proto diff --git a/sdk/pbs/controller/api/resources/session_recordings/session_recording.pb.go b/sdk/pbs/controller/api/resources/session_recordings/session_recording.pb.go index 7c727a3dc33..47d4c18d1b2 100644 --- a/sdk/pbs/controller/api/resources/session_recordings/session_recording.pb.go +++ b/sdk/pbs/controller/api/resources/session_recordings/session_recording.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/sessionrecordings/v1/session_recording.proto diff --git a/sdk/pbs/controller/api/resources/sessions/session.pb.go b/sdk/pbs/controller/api/resources/sessions/session.pb.go index 24ad54d8e21..7c6945af1df 100644 --- a/sdk/pbs/controller/api/resources/sessions/session.pb.go +++ b/sdk/pbs/controller/api/resources/sessions/session.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/sessions/v1/session.proto diff --git a/sdk/pbs/controller/api/resources/storagebuckets/storage_bucket.pb.go b/sdk/pbs/controller/api/resources/storagebuckets/storage_bucket.pb.go index 04b7eafac69..9133c2cc3e6 100644 --- a/sdk/pbs/controller/api/resources/storagebuckets/storage_bucket.pb.go +++ b/sdk/pbs/controller/api/resources/storagebuckets/storage_bucket.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/storagebuckets/v1/storage_bucket.proto diff --git a/sdk/pbs/controller/api/resources/targets/target.pb.go b/sdk/pbs/controller/api/resources/targets/target.pb.go index 83d0ce6749a..8b86358db79 100644 --- a/sdk/pbs/controller/api/resources/targets/target.pb.go +++ b/sdk/pbs/controller/api/resources/targets/target.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/targets/v1/target.proto diff --git a/sdk/pbs/controller/api/resources/users/user.pb.go b/sdk/pbs/controller/api/resources/users/user.pb.go index c6a6a0ba6b6..b7b595def08 100644 --- a/sdk/pbs/controller/api/resources/users/user.pb.go +++ b/sdk/pbs/controller/api/resources/users/user.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/users/v1/user.proto diff --git a/sdk/pbs/controller/api/resources/workers/worker.pb.go b/sdk/pbs/controller/api/resources/workers/worker.pb.go index b38821a39c9..76fcee47169 100644 --- a/sdk/pbs/controller/api/resources/workers/worker.pb.go +++ b/sdk/pbs/controller/api/resources/workers/worker.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/api/resources/workers/v1/worker.proto diff --git a/sdk/pbs/controller/protooptions/options.pb.go b/sdk/pbs/controller/protooptions/options.pb.go index d954b8025a4..937d8f83536 100644 --- a/sdk/pbs/controller/protooptions/options.pb.go +++ b/sdk/pbs/controller/protooptions/options.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/custom_options/v1/options.proto diff --git a/sdk/pbs/controller/protooptions/testing.pb.go b/sdk/pbs/controller/protooptions/testing.pb.go index 9aae4cf2b08..40bed78110d 100644 --- a/sdk/pbs/controller/protooptions/testing.pb.go +++ b/sdk/pbs/controller/protooptions/testing.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: controller/custom_options/v1/testing.proto diff --git a/sdk/pbs/plugin/host_plugin_service.pb.go b/sdk/pbs/plugin/host_plugin_service.pb.go index 271bdf9bab7..88dc1ec35ea 100644 --- a/sdk/pbs/plugin/host_plugin_service.pb.go +++ b/sdk/pbs/plugin/host_plugin_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: plugin/v1/host_plugin_service.proto diff --git a/sdk/pbs/plugin/storage_plugin_service.pb.go b/sdk/pbs/plugin/storage_plugin_service.pb.go index eb4199288c9..ae512557a58 100644 --- a/sdk/pbs/plugin/storage_plugin_service.pb.go +++ b/sdk/pbs/plugin/storage_plugin_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: plugin/v1/storage_plugin_service.proto diff --git a/sdk/pbs/proxy/proxy.pb.go b/sdk/pbs/proxy/proxy.pb.go index 0e5405fab8b..e82dda33f97 100644 --- a/sdk/pbs/proxy/proxy.pb.go +++ b/sdk/pbs/proxy/proxy.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.11 // protoc (unknown) // source: worker/proxy/v1/proxy.proto diff --git a/testing/TRACING.md b/testing/TRACING.md index f9fa37a32f2..71550b4e47c 100644 --- a/testing/TRACING.md +++ b/testing/TRACING.md @@ -1,19 +1,19 @@ # Tracing in Boundary Boundary includes a small number of runtime tracing user regions, which can be used to see where Boundary spends its time during execution. -To create a trace, we first need to expose the pprof endpoint. It is disabled by default. Exposing the pprof endpoint is as simple as building with the `pprof` build tag or running +To create a trace, we first need to expose the pprof endpoint. It is disabled by default. Exposing the pprof endpoint requires enabling the runtime `-debug` flag on a process with an `ops` listener. ``` -make build-pprof +make build +boundary dev -debug -ops-listen-address=127.0.0.1:9203 ``` -This will create a new HTTP endpoint on `localhost:6060` of the running binary. As such, it's only accessible to the users on the same machine. -Remember to remove this code again once you're done testing. +This will expose the pprof endpoints on the configured ops listener. With the example above, that means `127.0.0.1:9203`, so it's only accessible to users on the same machine. To create a trace, one can use any tool that allows creating HTTP requests, e.g. `curl`. To create a 3 second trace: ``` -$ curl -o trace.out http://localhost:6060/debug/pprof/trace?seconds=3 +$ curl -o trace.out http://127.0.0.1:9203/debug/pprof/trace?seconds=3 ``` Traces are most interesting if they contain some request handling, so it is recommended to prepare some HTTP requests that trigger the behavior you want to understand that you can run while the trace is being collected. diff --git a/testing/internal/e2e/boundary/version.go b/testing/internal/e2e/boundary/version.go new file mode 100644 index 00000000000..b5f914c1f00 --- /dev/null +++ b/testing/internal/e2e/boundary/version.go @@ -0,0 +1,49 @@ +// Copyright IBM Corp. 2020, 2026 +// SPDX-License-Identifier: BUSL-1.1 + +package boundary + +import ( + "context" + "encoding/json" + "testing" + + gvers "github.com/hashicorp/go-version" + "github.com/stretchr/testify/require" + + "github.com/hashicorp/boundary/testing/internal/e2e" + "github.com/hashicorp/boundary/version" +) + +// IsVersionAtLeast checks if the Boundary version running in the specified container is at least the given minimum version. +func IsVersionAtLeast(t testing.TB, ctx context.Context, containerName string, minVersion string) { + output := e2e.RunCommand( + ctx, + "docker", + e2e.WithArgs( + "exec", containerName, + "boundary", "version", + "-format", "json", + ), + ) + require.NoError(t, output.Err, "failed to get version from container %q: %s", containerName, string(output.Stderr)) + + var versionResult version.Info + err := json.Unmarshal(output.Stdout, &versionResult) + require.NoError(t, err) + + minSemVersion, err := gvers.NewSemver(minVersion) + require.NoError(t, err) + + containerVersion := versionResult.Semver() + require.NotNil(t, containerVersion, "failed to parse version %q from container %q", versionResult.VersionNumber(), containerName) + + if !containerVersion.GreaterThanOrEqual(minSemVersion) { + t.Skipf( + "Skipping test because container %q is running %q, but this test requires >= %q", + containerName, + versionResult.VersionNumber(), + minVersion, + ) + } +} diff --git a/testing/internal/e2e/infra/docker.go b/testing/internal/e2e/infra/docker.go index f84efb8f192..b2e70a4791f 100644 --- a/testing/internal/e2e/infra/docker.go +++ b/testing/internal/e2e/infra/docker.go @@ -183,10 +183,10 @@ func StartBoundary(t testing.TB, pool *dockertest.Pool, network *dockertest.Netw Networks: []*dockertest.Network{network}, ExposedPorts: []string{"9200/tcp", "9201/tcp", "9202/tcp", "9203/tcp"}, PortBindings: map[docker.Port][]docker.PortBinding{ - "9200/tcp": {{HostIP: "localhost", HostPort: "9200/tcp"}}, - "9201/tcp": {{HostIP: "localhost", HostPort: "9201/tcp"}}, - "9202/tcp": {{HostIP: "localhost", HostPort: "9202/tcp"}}, - "9203/tcp": {{HostIP: "localhost", HostPort: "9203/tcp"}}, + "9200/tcp": {{HostIP: "127.0.0.1", HostPort: "9200"}}, + "9201/tcp": {{HostIP: "127.0.0.1", HostPort: "9201"}}, + "9202/tcp": {{HostIP: "127.0.0.1", HostPort: "9202"}}, + "9203/tcp": {{HostIP: "127.0.0.1", HostPort: "9203"}}, }, CapAdd: []string{"IPC_LOCK"}, }) @@ -194,7 +194,7 @@ func StartBoundary(t testing.TB, pool *dockertest.Pool, network *dockertest.Netw return &Container{ Resource: resource, - UriLocalhost: "http://localhost:9200", + UriLocalhost: "http://127.0.0.1:9200", UriNetwork: "http://boundary:9200", } } @@ -223,13 +223,13 @@ func StartVault(t testing.TB, pool *dockertest.Pool, network *dockertest.Network Networks: []*dockertest.Network{network}, ExposedPorts: []string{"8200/tcp"}, PortBindings: map[docker.Port][]docker.PortBinding{ - "8200/tcp": {{HostIP: "localhost", HostPort: "8210/tcp"}}, + "8200/tcp": {{HostIP: "127.0.0.1", HostPort: "8210"}}, }, CapAdd: []string{"IPC_LOCK"}, }) require.NoError(t, err) - uriLocalhost := "http://localhost:8210" + uriLocalhost := "http://127.0.0.1:8210" return &Container{ Resource: resource, diff --git a/testing/internal/e2e/tests/database/env_test.go b/testing/internal/e2e/tests/database/env_test.go index eb308ccac97..163c82d54b8 100644 --- a/testing/internal/e2e/tests/database/env_test.go +++ b/testing/internal/e2e/tests/database/env_test.go @@ -10,6 +10,7 @@ type config struct { TargetSshKeyPath string `envconfig:"E2E_SSH_KEY_PATH" required:"true"` // e.g. /Users/username/key.pem TargetPort string `envconfig:"E2E_TARGET_PORT" default:"22"` VaultSecretPath string `envconfig:"E2E_VAULT_SECRET_PATH" default:"e2e_secrets"` + VaultVersion string `envconfig:"E2E_VAULT_VERSION" default:"1.17.6"` AwsAccessKeyId string `envconfig:"E2E_AWS_ACCESS_KEY_ID" required:"true"` AwsSecretAccessKey string `envconfig:"E2E_AWS_SECRET_ACCESS_KEY" required:"true"` AwsHostSetFilter string `envconfig:"E2E_AWS_HOST_SET_FILTER" required:"true"` // e.g. "tag:testtag=true" diff --git a/testing/internal/e2e/tests/database/migration_test.go b/testing/internal/e2e/tests/database/migration_test.go index 447b34a20d9..6fcf48e0715 100644 --- a/testing/internal/e2e/tests/database/migration_test.go +++ b/testing/internal/e2e/tests/database/migration_test.go @@ -89,7 +89,7 @@ func setupEnvironment(t testing.TB, c *config, boundaryRepo, boundaryTag string) }) // Start Vault - v, vaultToken := infra.StartVault(t, pool, network, "hashicorp/vault", "latest") + v, vaultToken := infra.StartVault(t, pool, network, "hashicorp/vault", c.VaultVersion) t.Cleanup(func() { if err := pool.Purge(v.Resource); err != nil { t.Logf("error purging pool: %v", err) diff --git a/version/VERSION b/version/VERSION index a881cf79f29..a4e543eba38 100644 --- a/version/VERSION +++ b/version/VERSION @@ -1 +1 @@ -0.20.0 \ No newline at end of file +0.20.4 \ No newline at end of file diff --git a/website/content/docs/api-clients/desktop.mdx b/website/content/docs/api-clients/desktop.mdx index ba74487f21f..d4e0d8be985 100644 --- a/website/content/docs/api-clients/desktop.mdx +++ b/website/content/docs/api-clients/desktop.mdx @@ -10,7 +10,7 @@ description: >- Boundary Desktop is a standalone application that provides a simple interface for browsing and connecting to targets on your local computer (macOS and Windows currently supported). Launch a session in Boundary Desktop and then make a connection -using your favorite tooling! +using your favorite tooling. ## Get started diff --git a/website/content/docs/api/index.mdx b/website/content/docs/api/index.mdx index caafd12f757..069e10dad06 100644 --- a/website/content/docs/api/index.mdx +++ b/website/content/docs/api/index.mdx @@ -13,7 +13,11 @@ Before reading this page, it is useful to understand Boundary's [domain model](/ Boundary's API is also described via OpenAPI v2; the version corresponding to any tag of Boundary's source code can be found in Boundary's [GitHub repository](https://github.com/hashicorp/boundary/blob/main/internal/gen/controller.swagger.json). --> **NOTE:** A rendered version of this generated API definition can be found on the [API page](/boundary/api-docs). + + +Refer to the [API page](/boundary/api-docs) for a rendered version of this generated API definition. + + Boundary's current API version is 1; all API paths begin with `/v1/`. diff --git a/website/content/docs/architecture/high-availability.mdx b/website/content/docs/architecture/high-availability.mdx index 6c57ec41bfb..ab7eabe2004 100644 --- a/website/content/docs/architecture/high-availability.mdx +++ b/website/content/docs/architecture/high-availability.mdx @@ -24,6 +24,8 @@ The following ports should be available: The general architecture for the server infrastructure requires 3 controllers and 3 workers. Note that it is possible to run a controller and worker within the same process, but the guide here assumes separate deployments. The documentation here uses virtual machines running on Amazon EC2 as the example environment, but this use case can be extrapolated to almost any cloud platform to suit operator needs: ![](/img/boundary-network.png) +![Boundary network diagram](/img/boundary-network_light.png#light-theme-only) +![Boundary network diagram](/img/boundary-network_dark.png#dark-theme-only) As shown above, Boundary is broken up into its controller and worker server components across 3 [EC2 instances](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance), in 3 separate [subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet), in three separate availability zones, with the controller API and UI being publically exposed by an [application load balancer (ALB)](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb). The worker and controller VM's are in independent [auto-scaling groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group), allowing them to maintain their exact capacity. diff --git a/website/content/docs/client-agent/troubleshoot.mdx b/website/content/docs/client-agent/troubleshoot.mdx index 0a4f9ea0c69..5720a12bfd8 100644 --- a/website/content/docs/client-agent/troubleshoot.mdx +++ b/website/content/docs/client-agent/troubleshoot.mdx @@ -273,7 +273,7 @@ Refer to the following table for known issues with the Client Agent that may aff | Issue | Description | | ----- | ----------- | -| SSH connection fails with man-in-the-middle warning | On Linux systems, the initial transparent session may be successful, but any subsequent connections prompt a warning that you may be experiencing a man-in-the-middle attack.

For more information, refer to [WARNING! Remote host indentification has changed! It is possible that someone is doing something nasty!](/boundary/docs/api-clients/client-agent#warning-remote-host-indentification-has-changed-it-is-possible-that-someone-is-doing-something-nasty) in the **Common error messages** section.| +| SSH connection fails with man-in-the-middle warning | On Linux systems, the initial transparent session may be successful, but any subsequent connections prompt a warning that you may be experiencing a man-in-the-middle attack.

For more information, refer to [WARNING! Remote host indentification has changed! It is possible that someone is doing something nasty!](/boundary/docs/client-agent/troubleshoot#warning-remote-host-indentification-has-changed-it-is-possible-that-someone-is-doing-something-nasty) in the **Common error messages** section.| | Boundary Client Agent authentication does not persist across restarts | When you reboot, you are required to re-authenticate to the Client Agent before you can use transparent sessions. | | Windows installer prompts for restart | When you install Boundary, the Windows installer occasionally prompts you to restart your computer, however it is not necessary. | | Boundary Client Agent resumes on reboot | If the Client Agent is paused and the machine is rebooted, the Client Agent will be resumed after the reboot. | diff --git a/website/content/docs/configuration/kms/aead.mdx b/website/content/docs/configuration/kms/aead.mdx index d6e29dd4bf7..e3b77bd5267 100644 --- a/website/content/docs/configuration/kms/aead.mdx +++ b/website/content/docs/configuration/kms/aead.mdx @@ -29,3 +29,5 @@ kms "aead" { - `key` - The base64-encoded 256-bit encryption key. - `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. diff --git a/website/content/docs/configuration/kms/alicloudkms.mdx b/website/content/docs/configuration/kms/alicloudkms.mdx index 5c941ef8fa2..78a0b25b474 100644 --- a/website/content/docs/configuration/kms/alicloudkms.mdx +++ b/website/content/docs/configuration/kms/alicloudkms.mdx @@ -24,6 +24,7 @@ kms "alicloudkms" { access_key = "0wNEpMMlzy7szvai" secret_key = "PupkTg8jdmau1cXxYacgE736PJj4cA" kms_key_id = "08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4fb73" + key_id = "global_worker-auth" } ``` @@ -54,6 +55,10 @@ These parameters apply to the `kms` stanza in the Boundary configuration file: and decryption. May also be specified by the `ALICLOUDKMS_WRAPPER_KEY_ID` environment variable. +- `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. + ## Authentication Authentication-related values must be provided, either as environment diff --git a/website/content/docs/configuration/kms/awskms.mdx b/website/content/docs/configuration/kms/awskms.mdx index 72a3e8a808b..667f3dea5ef 100644 --- a/website/content/docs/configuration/kms/awskms.mdx +++ b/website/content/docs/configuration/kms/awskms.mdx @@ -22,6 +22,7 @@ kms "awskms" { secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" kms_key_id = "19ec80b0-dfdd-4d97-8164-c6examplekey" endpoint = "https://vpce-0e1bb1852241f8cc6-pzi0do8n.kms.us-east-1.vpce.amazonaws.com" + key_id = "global_worker-auth" } ``` @@ -78,6 +79,10 @@ These parameters apply to the `kms` stanza in the Boundary configuration file: Endpoint](https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html). If not set, Boundary will use the default API endpoint for your region. +- `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. + ## Authentication Authentication-related values must be provided, either as environment diff --git a/website/content/docs/configuration/kms/azurekeyvault.mdx b/website/content/docs/configuration/kms/azurekeyvault.mdx index 66b9275f164..bd9d657e98a 100644 --- a/website/content/docs/configuration/kms/azurekeyvault.mdx +++ b/website/content/docs/configuration/kms/azurekeyvault.mdx @@ -25,6 +25,7 @@ kms "azurekeyvault" { client_secret = "DUJDS3..." vault_name = "hc-vault" key_name = "vault_key" + key_id = "global_worker-auth" } ``` @@ -53,6 +54,10 @@ These parameters apply to the `kms` stanza in the Vault configuration file: - `key_name` `(string: )`: The Key Vault key to use for encryption and decryption. May also be specified by the `AZUREKEYVAULT_WRAPPER_KEY_NAME` environment variable. +- `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. + ## Authentication Authentication-related values must be provided, either as environment diff --git a/website/content/docs/configuration/kms/gcpckms.mdx b/website/content/docs/configuration/kms/gcpckms.mdx index 5ff0f21ab57..d9a4f58fbe4 100644 --- a/website/content/docs/configuration/kms/gcpckms.mdx +++ b/website/content/docs/configuration/kms/gcpckms.mdx @@ -24,6 +24,7 @@ kms "gcpckms" { region = "global" key_ring = "boundary-keyring" crypto_key = "boundary-key" + key_id = "global_worker-auth" } ``` @@ -53,6 +54,10 @@ These parameters apply to the `kms` stanza in the Boundary configuration file: encryption and decryption. May also be specified by the `GCPCKMS_WRAPPER_CRYPTO_KEY` environment variable. +- `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. + ## Authentication & permissions Authentication-related values must be provided, either as environment diff --git a/website/content/docs/configuration/kms/transit.mdx b/website/content/docs/configuration/kms/transit.mdx index 891ea9b16a2..f3086c1d3cb 100644 --- a/website/content/docs/configuration/kms/transit.mdx +++ b/website/content/docs/configuration/kms/transit.mdx @@ -22,6 +22,7 @@ kms "transit" { address = "https://vault:8200" token = "s.Qf1s5zigZ4OX6akYjQXJC1jY" disable_renewal = "false" + key_id = "global_worker-auth" // Key configuration key_name = "transit_key_name" @@ -87,6 +88,10 @@ These parameters apply to the `kms` stanza in the Vault configuration file: transmissions to and from the Vault server. This may also be specified using the `VAULT_SKIP_VERIFY` environment variable. +- `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. + ## Authentication Authentication-related values must be provided, either as environment diff --git a/website/content/docs/credentials/rdp-testing-and-compatibility-matrix.mdx b/website/content/docs/credentials/rdp-testing-and-compatibility-matrix.mdx index e06f4503625..d966dbc05c4 100644 --- a/website/content/docs/credentials/rdp-testing-and-compatibility-matrix.mdx +++ b/website/content/docs/credentials/rdp-testing-and-compatibility-matrix.mdx @@ -194,9 +194,9 @@ A: This is a known issue. The client currently does not support more than one co A: No. At this time, only servers using traditional Kerberos or NTLMv2 authentication are supported. -**Q: The macOS RDP client is asking for a password. Is injection not working?** +**Q: The macOS Windows App is asking for a password. Is injection not working?** -A: This is a known behavior of the macOS client. You can leave the password field blank and proceed; Boundary will still inject the correct credentials in the background. +A: This is a known behavior of the macOS Windows App. You can leave the password field blank and proceed; Boundary will still inject the correct credentials in the background. ## More information diff --git a/website/content/docs/credentials/static-cred-boundary.mdx b/website/content/docs/credentials/static-cred-boundary.mdx index 89f73698e11..f26fff08d33 100644 --- a/website/content/docs/credentials/static-cred-boundary.mdx +++ b/website/content/docs/credentials/static-cred-boundary.mdx @@ -121,6 +121,6 @@ When you use credential brokering, Boundary centrally manages credentials and re Credential injection requires HCP Boundary or Boundary Enterprise, and it provides end users with a passwordless experience when they connect to targets. - [Configure a target for credential brokering](/boundary/docs/credentials/configure-credential-brokering) -- [Configure a target for credential injection](/boundary/docs/credentials/configure-credential-brokering) +- [Configure a target for credential injection](/boundary/docs/credentials/configure-credential-injection) To learn more about what is supported for the RDP credential injection beta and to view known issues, refer to [RDP credential injection compatibility](/boundary/docs/credentials/rdp-testing-and-compatibility-matrix). \ No newline at end of file diff --git a/website/content/docs/domain-model/credential-libraries.mdx b/website/content/docs/domain-model/credential-libraries.mdx index b6216d8c176..d08b57240b6 100644 --- a/website/content/docs/domain-model/credential-libraries.mdx +++ b/website/content/docs/domain-model/credential-libraries.mdx @@ -59,7 +59,7 @@ Alternatively, you could set the `session_connection_limit` to `1` for any targe - `vault-path` - (required) The path in Vault to request credentials from. - `username` - (required) The username to use with the SSH certificate. -You can create a template for this value using [Vault credential library parameter templating](#vault-credential-library-parameter-templating). +You can create a template for this value using [Vault credential library parameter templating](#vault-generic-credential-library-parameter-templating). - `key_type` - (optional) The type of key to use for the generated SSH private key. The key type is either `ed25519`, `ecdsa`, or `rsa`. @@ -73,7 +73,7 @@ The number of bits depends on the `key_type` value you select: - `ttl` - (optional) The SSH certificate's time-to-live (TTL). -- `key_id` - (optional) The key ID for the created SSH certificate. +- `key_id` - (optional) The key ID for the created SSH certificate. You can create a template for this value using [Vault credential library parameter templating](#vault-certificates-library-parameter-templating). - `critical_options` - (optional) Any critical options that the certificate should be signed for. For more information, refer to the [list of critical options](https://github.com/openssh/openssh-portable/blob/5f93c4836527d9fda05de8944a1c7b4a205080c7/PROTOCOL.certkeys#L221-L269) supported by OpenSSH. @@ -86,11 +86,13 @@ Note that the `permit-pty` value should be set for an interactive shell to funct For more information, refer to OpenSSH's ["valid principals" definition](https://github.com/openssh/openssh-portable/blob/5f93c4836527d9fda05de8944a1c7b4a205080c7/PROTOCOL.certkeys#L176-L181) as well as Vault's documentation for the [SSH secrets engine](https://developer.hashicorp.com/vault/api-docs/secret/ssh#valid_principals). Note that all SSH certificates issued by a Vault SSH certificate credential library use the `SSH_CERT_TYPE_USER` certificate type mentioned in the OpenSSH definition link. -### Vault credential library parameter templating +### Vault parameter templating Sometimes it can be useful to provide information about a Boundary user or account when making a call to Vault. For example, this can allow picking the correct role when asking for database credentials (if roles are separated per-user), or providing a value to encode in an X.509 certificate generated by Vault. You can template user and account information into either the path in Vault, the `POST` request body, or both. -The following Vault template parameters are supported in Boundary. +#### Vault generic credential library parameter templating + +The following Vault template parameters are supported in Boundary's Vault generic credential library. Note that account values are tied to the account associated with the token used to make the call: - `{{.User.Id}}` - The user's ID. @@ -105,7 +107,15 @@ This value may not be populated, or it may be different from the account name us - `{{.Account.Subject}}` - The account's subject, if a subject is used by that type of account. - `{{.Account.Email}}` - The account's email, if email is used by that type of account. -Additionally, there are a couple of useful functions: +#### Vault certificates library parameter templating + +The following Vault template parameters are supported in Boundary's Vault certificate library. +Note that account values are tied to the account associated with the token used to make the call: + +- `{{.User.Name}}` - The user's name from the user resource. +- `{{.Account.Id}}` - The account's ID. + +#### Useful templating functions: The `truncateFrom` function strips the rest of a string after a specified substring. This function is useful for pulling a user or account name from an diff --git a/website/content/docs/domain-model/credential-stores.mdx b/website/content/docs/domain-model/credential-stores.mdx index 6b6538d190f..38968f910ff 100644 --- a/website/content/docs/domain-model/credential-stores.mdx +++ b/website/content/docs/domain-model/credential-stores.mdx @@ -122,8 +122,7 @@ removed from the credential store. #### Vault Boundary controller policy -The token Boundary receives must have the capabilities listed below. An explanation -for the use of each capability is given. +The token Boundary receives must have the capabilities in the policy below. An explanation for each capability is documented above the written policy. ```hcl # Allow Boundary to read and verify the properties of the token. This is @@ -165,14 +164,41 @@ path "sys/capabilities-self" { } ``` -The above [`boundary-controller` policy](https://boundaryproject.io/data/vault/boundary-controller-policy.hcl) is -available for download. Below is an example of writing this policy to Vault: +Follow the steps below to write this policy to Vault. + +Create the policy: ```shell-session -# Download the policy -$ curl https://boundaryproject.io/data/vault/boundary-controller-policy.hcl -O -s -L +$ cat > boundary-controller-policy.hcl <- + Understand the mechanisms involved in a secure Boundary deployment, which threats are considered part of the security model, and HCP Boundary's architecture. +--- + +# Security model + +Boundary brokers secure, auditable connections to infrastructure targets while keeping credentials hidden and enforcing least-privilege policy. +The security model ensures [confidentiality, integrity, authentication, and accountability](http://www.wikipedia.org/wiki/Information_security) for all access and session brokering operations. + +Defense in depth is crucial for secure privileged access management, and deployment requirements may differ dramatically depending on your use case. +This documentation may need to be adapted to your situation, but the general mechanisms for a secure Boundary deployment revolve around: + +- [mTLS](/boundary/docs/secure/encryption/connections-tls) - Mutual TLS authentication between client, controller, and worker components prevents unauthorized access by requiring all parties to present valid certificates. +This requirement protects internal communications and session brokering operations. +- [RBAC](/boundary/docs/rbac) - Boundary's allow-only permissions model enables authorization for authenticated connections by granting capabilities to roles which are then assigned to users, groups, or managed groups. +- [Scopes](/boundary/docs/domain-model) - Access to targets within organizations and projects can be controlled to allow for granular access to infrastructure resources. +- [Data encryption](/boundary/docs/secure/encryption/data-encryption) - Sensitive data stored in Boundary's database is protected using envelope encryption with external key management systems. + +The combination of these mechanisms creates a strong security posture, enabling administrators to enforce least-privilege access, decouple credentials from end users, maintain comprehensive audit logs, and ensure secure network traversal without direct connectivity to sensitive networks. + +## Threat model + +The following are the various parts of the Boundary threat model: + +- **Eavesdropping on any Boundary communication**. +All communication between clients, controllers, and workers is protected by TLS or mutually authenticated TLS, ensuring confidentiality and integrity. +- **Tampering with data at rest or in transit**. +Any unauthorized modification of session information, configuration, or persistent state should be detected, causing transaction abort or session termination. +- **Access to targets or controls without authentication or authorization**. +All requests must be authenticated and authorized according to defined granular policies. +- **Access to targets or controls without accountability**. +When audit logging is enabled, all access attempts and privileged operations must be logged before sensitive data is transmitted. +- **Confidentiality of managed credentials**. +Credentials brokered by Boundary must never be exposed to clients unless explicitly authorized, preventing credential leakage. +- **Availability of session brokering services**. +Boundary supports highly available deployments to maintain access in case of infrastructure failures. + +## Not in scope + +The following are explicitly not considered part of the Boundary threat model: + +- **Protecting against compromise of Boundary hosts (controllers, workers)**. +An attacker with arbitrary code execution or privileged access on controller or worker hosts can undermine security guarantees. +This includes access to: + - The Boundary data directory containing configuration and state + - Memory of running Boundary controller or worker processes + - The capability to run modified Boundary binaries + - The capability to redirect worker host network traffic +- **Protecting against compromise of end-user or administrator devices**. + - If an attacker compromises a user's device and obtains valid Boundary credentials, they can perform actions with those credentials' privileges. + - Brokered credentials may be returned to the user's device and displayed in plain text. + - Boundary Client Agent specifics: + - The Client Agent stores session credentials and related information in memory. + Boundary CLI persists auth tokens to platform-specific keyring storage. + If an attacker can read the memory of the Client Agent process or has compromised the OS user account under which the Client Agent is running and authenticated, they may be able to access these active session credentials. + - The Client Agent's security relies on the OS user context; an OS user can only connect to sessions managed by the Client Agent if they are the same OS user that initiated the DNS lookup that created the session. + Compromise of this OS user account bypasses the local protection. + - An attacker could subvert the Client Agent's DNS interception mechanism on the local host. +- **Protecting against vulnerabilities in external credential sources**. +Boundary integrates with systems like HashiCorp Vault, cloud IAM services, and other credential stores, but cannot protect against exploits targeting these external services. +- **Protecting against the leakage of the existence of resources**. +While Boundary protects credential details, an attacker with read access to the backend might be able to see that certain targets or auth methods exist, even if they cannot access them. +- **Protecting against network-level denial of service attacks**. +While Boundary supports high-availability configurations and provides rate limiting, it does not include inherent protections against volumetric DoS attacks targeting its network surfaces. +- **Protecting against target application vulnerabilities**. +Once a session is established to a target (SSH server, database, etc.), Boundary cannot protect against vulnerabilities in that target application. + +## HCP Boundary + +HCP Boundary is deployed onto a single AWS region across three availability zones in that region. +Each customer cluster is deployed as a Nomad job of Docker containers. +The Nomad jobs are controlled by an external service that accesses the Nomad cluster through the VPC's PrivateLink. + +![High-level diagram of HCP Boundary architecture](/img/security-model/boundary-architecture.png) + +For a given HCP Boundary cluster, the only user-accessible endpoints are the controllers, which have a randomly-generated 32-character cluster UUID, `https://.boundary.hashicorp.cloud`. +These machine-generated URLs provide no discernible patterns, guarding against the enumeration of controllers. + +### Tenancy model + +HCP Boundary uses a multi-tenant RDS Postgres cluster with a separate database per tenant. +This architecture uses security controls inherent to Postgres' database isolation. +All secret and sensitive row data is encrypted with scope-specific, per-tenant keys. + +This model is commonly referred to as a **siloed** multi-tenant database, as opposed to **bridge** or **pool** models. +A siloed model allows us to maintain the strictest security while simplifying the architecture. + +### Self-managed workers + +Self-managed workers are workers that are managed by administrators outside of the HCP infrastructure, in their cloud or on-premises environments. +Just like all Boundary worker-to-controller and client-to-worker communication, self-managed workers connect to the controller and clients over mutually-authenticated TLS. +For more information about how self-managed workers authenticate to the HCP Boundary controller, refer to [PKI-based worker authentication](/boundary/docs/secure/encryption/connections-tls#pki-based-worker-authentication). + +A compromised worker may result in the compromise of any targets assigned to the worker as well as the integrity of any log data provided by the compromised worker. + +### Storage + +The Boundary controller and worker infrastructure is stateless, whereby all state lives in the RDBMS. +Each HCP Boundary cluster is provided with a separate database inside of an Aurora Postgres cluster. +The [Vault database engine](/vault/docs/secrets/databases) provides access to the database using dynamic credentials that are regularly rotated. + +![High-level diagram of HCP Boundary data at rest](/img/security-model/data-at-rest.png) + +### Data encryption + +HCP Boundary clusters use the [Vault Transit secrets engine](/vault/docs/secrets/transit) for their root, recovery, and worker-auth KMS keys. +Boundary controllers are provided access to the Vault transit keys with a token that is assigned a policy that allows them to access only their individual keys. +These tokens are regularly rotated. + +Administrators may also use an external key management system, including Vault or HCP Vault, to manage the key-encrypting root key. +Refer to the [kms stanza](/boundary/docs/configuration/kms) documentation for more information about supported external KMS systems. + +### Data in transit + +All user-to-controller communication is performed over TLS. +Refer to the [TLS configuration options](/boundary/docs/configuration/listeners/tcp-listeners#tls) in the TCP listeners documentation. + +All other communication, including worker-to-controller and client-to-worker, is performed over mutually-authenticated TLS. +Boundary automatically generates and manages the TLS keys. + +![High-level diagram of HCP Boundary data in transit](/img/security-model/data-in-transit.png) + +### Identity + +The HCP Platform allows administrators to perform high-level cluster operations such as creation and deletion. +You can manage HCP users and their permissions using the [HCP Portal](https://portal.cloud.hashicorp.com). +Once you create an HCP Boundary cluster, you manage Boundary users and permissions within Boundary itself. + +When an administrator creates an HCP cluster tenant, they are prompted to create administrative credentials to bootstrap the cluster. +The administrator can then use Boundary-specific authentication methods to connect directly to the controller and perform administrative tasks. + +## More information + +Refer to the following topics for more information: + +- [TLS in Boundary](/boundary/docs/secure/encryption/connections-tls) +- [Permissions in Boundary](/boundary/docs/rbac) +- [Boundary domain model overview](/boundary/docs/domain-model) +- [Data encryption in Boundary](/boundary/docs/secure/encryption/data-encryption) \ No newline at end of file diff --git a/website/content/docs/session-recording/compliance/configure-storage-policy.mdx b/website/content/docs/session-recording/compliance/configure-storage-policy.mdx index 733df1a7568..7f3f31d0777 100644 --- a/website/content/docs/session-recording/compliance/configure-storage-policy.mdx +++ b/website/content/docs/session-recording/compliance/configure-storage-policy.mdx @@ -68,8 +68,8 @@ Complete the following steps to create a storage policy in Boundary for session - **Description**: `SOC 2 compliant storage policy for session recordings` - **Retention Policy**: `SOC 2 (7 years)` - **Deletion Policy**: `Custom` - Delete after: `2657` days - Toggle the switch beside **Allow orgs to override**. + - Delete after: `2657` days + - Toggle the switch beside **Allow orgs to override**. 1. Click **Save**. diff --git a/website/content/docs/session-recording/compliance/update-storage-policy.mdx b/website/content/docs/session-recording/compliance/update-storage-policy.mdx index 0adedf6206d..f589ad58b6e 100644 --- a/website/content/docs/session-recording/compliance/update-storage-policy.mdx +++ b/website/content/docs/session-recording/compliance/update-storage-policy.mdx @@ -69,8 +69,8 @@ The following is an example of updating the `soc2-policy` policy. - **Description**: `SOC 2 compliant storage policy for session recordings, V2` - **Retention Policy**: `SOC 2 (7 years)` - **Deletion Policy**: `Custom` - **Delete after**: `2757` days - Toggle the switch beside **Allow orgs to override** to the off position. + - **Delete after**: `2757` days + - Toggle the switch beside **Allow orgs to override** to the off position. 1. Click **Save**. diff --git a/website/content/docs/session-recording/index.mdx b/website/content/docs/session-recording/index.mdx index 55d1eb0706e..d2b8b2ed1d6 100644 --- a/website/content/docs/session-recording/index.mdx +++ b/website/content/docs/session-recording/index.mdx @@ -68,7 +68,12 @@ Determining how much storage you need to allocate on workers and the external st When you estimate worker storage requirements, consider the number of concurrent sessions that will be recorded on that worker. Boundary writes the BSR to the worker's local storage while the session is active, and then moves it to the remote storage bucket when the session is closed. -When you estimate storage requirements for the external storage provider, consider your [storage policy](/boundary/docs/domain-model/storage-policy) and how long a BSR will be retained in the external storage bucket. +You use the `recording_storage_minimum_available_capacity` setting to configure the minimum amount of storage space that is required for workers to perform session recording operations. If a worker is at or below the storage threshold, Boundary does not use the worker to record sessions or play back recordings. +Boundary determines the worker's local storage state based on the capacity you configure. +If the worker falls below the storage threshold, or if it runs out of local disk space, it may impact your ability to record sessions. +Refer to [Local storage](/boundary/docs/session-recording/configuration/configure-worker-storage#local-storage) for more information about configuring storage capacity and the possible storage states. + +When you estimate storage requirements for the external storage provider, you should also consider your [storage policy](/boundary/docs/domain-model/storage-policy) and how long a BSR will be retained in the external storage bucket. @@ -81,7 +86,9 @@ Be careful when you use Secure File Copy (SCP) to transfer large files during a ## asciicast When you view recorded sessions using the CLI or Admin UI, Boundary can convert the recording into other formats for playback. -Currently Boundary supports converting the recording of an individual SSH channel into an [asciicast](https://github.com/asciinema/asciinema/blob/develop/doc/asciicast-v2.md) format to play back an interactive SSH session. +Currently Boundary supports converting the recording of an individual SSH channel into an asciicast format to play back an interactive SSH session. + +Refer to the [asciinema documentation](https://docs.asciinema.org/) for more information about the [asciicast](https://docs.asciinema.org/manual/asciicast/v3/) format. ### Limitations diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 35fa0cb82d7..54e25f9718a 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -238,6 +238,10 @@ "path": "secure/encryption/connections-tls" } ] + }, + { + "title": "Security model", + "path": "secure/security-model" } ] }, diff --git a/website/public/img/boundary-network.png b/website/public/img/boundary-network.png deleted file mode 100644 index 0695eae68d0..00000000000 Binary files a/website/public/img/boundary-network.png and /dev/null differ diff --git a/website/public/img/boundary-network_dark.png b/website/public/img/boundary-network_dark.png new file mode 100644 index 00000000000..a3778c473fd Binary files /dev/null and b/website/public/img/boundary-network_dark.png differ diff --git a/website/public/img/boundary-network_light.png b/website/public/img/boundary-network_light.png new file mode 100644 index 00000000000..683e5eab45f Binary files /dev/null and b/website/public/img/boundary-network_light.png differ diff --git a/website/public/img/security-model/boundary-architecture.png b/website/public/img/security-model/boundary-architecture.png new file mode 100644 index 00000000000..18b122702fe Binary files /dev/null and b/website/public/img/security-model/boundary-architecture.png differ diff --git a/website/public/img/security-model/data-at-rest.png b/website/public/img/security-model/data-at-rest.png new file mode 100644 index 00000000000..1bdd5c19662 Binary files /dev/null and b/website/public/img/security-model/data-at-rest.png differ diff --git a/website/public/img/security-model/data-in-transit.png b/website/public/img/security-model/data-in-transit.png new file mode 100644 index 00000000000..676005bec8c Binary files /dev/null and b/website/public/img/security-model/data-in-transit.png differ diff --git a/website/redirects.js b/website/redirects.js index 6ceb494b344..9e030a647ef 100644 --- a/website/redirects.js +++ b/website/redirects.js @@ -25,20 +25,75 @@ module.exports = [ permanent: true, }, { - source: '/boundary/docs/concepts/index', + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/what-is-boundary', + destination: '/boundary/docs/:version/what-is-boundary', + permanent: true, + }, + { + source: '/boundary/docs/concepts', destination: '/boundary/docs/what-is-boundary', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts', + destination: '/boundary/docs/:version/what-is-boundary', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:11|12|13|14|15)\\.x)/concepts/aliases', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:11|12|13)\\.x)/concepts/connection-workflows/:slug*', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:11|12|13|14|15|16|17)\\.x)/concepts/transparent-sessions', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:11|12|13)\\.x)/concepts/workers', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, { source: '/boundary/docs/roadmap', destination: '/boundary/docs/what-is-boundary', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:11|12|13|14|15|16|17|18)\\.x)/roadmap', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/roadmap', + destination: '/boundary/docs/:version/what-is-boundary', + permanent: true, + }, { source: '/boundary/docs/oss', destination: '/boundary/docs/what-is-boundary', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss', + destination: '/boundary/docs/:version/what-is-boundary', + permanent: true, + }, { source: '/boundary/docs/community', destination: '/boundary/docs/what-is-boundary', @@ -49,6 +104,12 @@ module.exports = [ destination: '/boundary/docs/overview/use-cases', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:11|12|13|14|15|16|17|18|19)\\.x)/use-cases', + destination: '/boundary/docs/:version/overview/use-cases', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:10)\\.x)/overview/use-cases', destination: '/boundary/docs/:version/use-cases', @@ -59,6 +120,12 @@ module.exports = [ destination: '/boundary/docs/overview/use-cases', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/other-software', + destination: '/boundary/docs/:version/overview/use-cases', + permanent: true, + }, { source: '/boundary/docs/overview/vs/zero-trust', destination: '/boundary/docs/overview/zero-trust', @@ -70,11 +137,22 @@ module.exports = [ destination: '/boundary/docs/:version/overview/vs/zero-trust', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/zero-trust', + destination: '/boundary/docs/:version/overview/zero-trust', + permanent: true, + }, { source: '/boundary/docs/overview/vs/bastion-hosts', destination: '/boundary/docs/overview/bastion-hosts', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/bastion-hosts', + destination: '/boundary/docs/:version/overview/bastion-hosts', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:11|12|13|14|15|16|17|18)\\.x)/overview/bastion-hosts', @@ -92,6 +170,11 @@ module.exports = [ destination: '/boundary/docs/:version/overview/vs/vpn', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/vpn', + destination: '/boundary/docs/:version/overview/vpn', + permanent: true, + }, { source: '/boundary/docs/overview/vs/pam', destination: '/boundary/docs/overview/pam', @@ -103,6 +186,11 @@ module.exports = [ destination: '/boundary/docs/:version/overview/vs/pam', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/pam', + destination: '/boundary/docs/:version/overview/pam', + permanent: true, + }, { source: '/boundary/docs/overview/vs/sdp', destination: '/boundary/docs/overview/sdp', @@ -114,6 +202,11 @@ module.exports = [ destination: '/boundary/docs/:version/overview/vs/sdp', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/sdp', + destination: '/boundary/docs/:version/overview/sdp', + permanent: true, + }, { source: '/boundary/docs/overview/vs/secrets-management', destination: '/boundary/docs/overview/secrets-management', @@ -125,6 +218,12 @@ module.exports = [ destination: '/boundary/docs/:version/overview/vs/secrets-management', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/secrets-management', + destination: '/boundary/docs/:version/overview/secrets-management', + permanent: true, + }, { source: '/boundary/docs/troubleshoot/faq', destination: '/boundary/docs/overview/faq', @@ -136,11 +235,36 @@ module.exports = [ destination: '/boundary/docs/:version/troubleshoot/faq', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/troubleshoot/faq', + destination: '/boundary/docs/:version/overview/faq', + permanent: true, + }, { source: '/boundary/docs/getting-started/installing', destination: '/boundary/docs/getting-started', permanent: true, }, + { + source: '/boundary/docs/installing', + destination: '/boundary/docs/getting-started', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/installing', + destination: '/boundary/docs/:version/install-boundary', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/installing', + destination: '/boundary/docs/:version/install-boundary', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing', + destination: '/boundary/docs/:version/deploy/self-managed', + permanent: true, + }, { source: '/boundary/docs/getting-started/installing/production', destination: '/boundary/docs/getting-started', @@ -151,6 +275,11 @@ module.exports = [ destination: '/boundary/docs/getting-started/dev-mode', permanent: true, }, + { + source: '/boundary/docs/getting-started/dev-mode/dev-mode', + destination: '/boundary/docs/getting-started/dev-mode', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/getting-started/dev-mode', @@ -163,17 +292,53 @@ module.exports = [ destination: '/boundary/docs/:version/getting-started/dev-mode/dev-mode', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss/installing/dev-mode', + destination: '/boundary/docs/:version/getting-started/dev-mode/dev-mode', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/getting-started/dev-mode/dev-mode', + destination: '/boundary/docs/:version/getting-started/dev-mode', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/dev-mode', + destination: '/boundary/docs/:version/getting-started/dev-mode', + permanent: true, + }, { source: '/boundary/docs/oss/installing/run-and-login', destination: '/boundary/docs/getting-started/dev-mode/run-and-login', permanent: true, }, + { + source: '/boundary/docs/getting-started/run-and-login', + destination: '/boundary/docs/getting-started/dev-mode/run-and-login', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/getting-started/dev-mode/run-and-login', destination: '/boundary/docs/:version/oss/installing/run-and-login', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18|19)\\.x)/getting-started/run-and-login', + destination: + '/boundary/docs/:version/getting-started/dev-mode/run-and-login', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18|19)\\.x)/oss/installing/run-and-login', + destination: + '/boundary/docs/:version/getting-started/dev-mode/run-and-login', + permanent: true, + }, { source: '/boundary/docs/oss/installing/connect-to-dev-target', destination: @@ -186,6 +351,32 @@ module.exports = [ destination: '/boundary/docs/:version/oss/installing/connect-to-dev-target', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18|)\\.x)/oss/installing/connect-to-dev-target', + destination: + '/boundary/docs/:version/getting-started/dev-mode/connect-to-dev-target', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/connect-to-dev-target', + destination: + '/boundary/docs/:version/getting-started/dev-mode/connect-to-dev-target', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/install-boundary/architecture/:slug*', + destination: '/boundary/docs/:version/install-boundary/:slug*', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/architecture/:slug*', + destination: '/boundary/docs/:version/architecture/:slug*', + permanent: true, + }, { source: '/boundary/docs/install-boundary/system-requirements', destination: '/boundary/docs/architecture/system-requirements', @@ -197,6 +388,31 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/system-requirements', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/installing/postgres', + destination: '/boundary/docs/:version/install-boundary/system-requirements', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/installing/postgres', + destination: + '/boundary/docs/:version/install-boundary/architecture/system-requirements', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/install-boundary/system-requirements', + destination: + '/boundary/docs/:version/install-boundary/architecture/system-requirements', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/system-requirements', + destination: '/boundary/docs/:version/architecture/system-requirements', + permanent: true, + }, { source: '/boundary/docs/install-boundary/architecture/system-requirements', destination: '/boundary/docs/architecture/system-requirements', @@ -214,6 +430,34 @@ module.exports = [ destination: '/boundary/docs/architecture/system-requirements', permanent: true, }, + { + source: '/boundary/docs/installing/postgres', + destination: '/boundary/docs/architecture/system-requirements', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/oss/installing/postgres', + destination: '/boundary/docs/:version/install-boundary/system-requirements', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/oss/installing/postgres', + destination: + '/boundary/docs/:version/install-boundary/architecture/system-requirements', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/postgres', + destination: '/boundary/docs/:version/architecture/system-requirements', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing/postgres', + destination: '/boundary/docs/:version/architecture/system-requirements', + permanent: true, + }, { source: '/boundary/docs/install-boundary/postgres', destination: '/boundary/docs/architecture/system-requirements', @@ -232,11 +476,23 @@ module.exports = [ '/boundary/docs/:version/install-boundary/architecture/recommended-architecture', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/install-boundary/recommended-architecture', + destination: + '/boundary/docs/:version/install-boundary/architecture/recommended-architecture', + permanent: true, + }, { source: '/boundary/docs/oss/installing/reference-architectures', destination: '/boundary/docs/architecture/recommended-architecture', permanent: true, }, + { + source: '/boundary/docs/installing/reference-architectures', + destination: '/boundary/docs/architecture/recommended-architecture', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/architecture/recommended-architecture', @@ -244,6 +500,48 @@ module.exports = [ '/boundary/docs/:version/oss/installing/reference-architectures', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/installing/reference-architectures', + destination: + '/boundary/docs/:version/install-boundary/recommended-architecture', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/installing/reference-architectures', + destination: + '/boundary/docs/:version/install-boundary/architecture/recommended-architecture', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/oss/installing/reference-architectures', + destination: + '/boundary/docs/:version/install-boundary/recommended-architecture', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/oss/installing/reference-architectures', + destination: + '/boundary/docs/:version/install-boundary/architecture/recommended-architecture', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/reference-architectures', + destination: + '/boundary/docs/:version/architecture/recommended-architecture', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing/reference-architectures', + destination: + '/boundary/docs/:version/architecture/recommended-architecture', + permanent: true, + }, { source: '/boundary/docs/install-boundary/recommended-architecture', destination: '/boundary/docs/architecture/recommended-architecture', @@ -256,6 +554,13 @@ module.exports = [ '/boundary/docs/:version/install-boundary/recommended-architecture', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/recommended-architecture', + destination: + '/boundary/docs/:version/architecture/recommended-architecture', + permanent: true, + }, { source: '/boundary/docs/install-boundary/architecture/fault-tolerance', destination: '/boundary/docs/architecture/fault-tolerance', @@ -279,11 +584,37 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/fault-tolerance', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/install-boundary/fault-tolerance', + destination: + '/boundary/docs/:version/install-boundary/architecture/fault-tolerance', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/fault-tolerance', + destination: '/boundary/docs/:version/architecture/fault-tolerance', + permanent: true, + }, { source: '/boundary/docs/install-boundary/architecture/high-availability', destination: '/boundary/docs/architecture/high-availability', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/installing/high-availability', + destination: '/boundary/docs/:version/install-boundary/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/installing/high-availability', + destination: + '/boundary/docs/:version/install-boundary/architecture/high-availability', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/architecture/high-availability', @@ -296,6 +627,11 @@ module.exports = [ destination: '/boundary/docs/architecture/high-availability', permanent: true, }, + { + source: '/boundary/docs/installing/high-availability', + destination: '/boundary/docs/architecture/high-availability', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/architecture/high-availability', @@ -309,27 +645,75 @@ module.exports = [ permanent: true, }, { - source: '/boundary/docs/install-boundary/high-availability', - destination: '/boundary/docs/architecture/high-availability', + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/high-availability', + destination: '/boundary/docs/:version/architecture/high-availability', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/architecture/high-availability', - destination: '/boundary/docs/:version/install-boundary/high-availability', + '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing/high-availability', + destination: '/boundary/docs/:version/architecture/high-availability', permanent: true, }, { - source: '/boundary/docs/install-boundary', + source: '/boundary/docs/install-boundary/high-availability', + destination: '/boundary/docs/architecture/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/architecture/high-availability', + destination: '/boundary/docs/:version/install-boundary/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/oss/installing/high-availability', + destination: '/boundary/docs/:version/install-boundary/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/install-boundary/high-availability', + destination: + '/boundary/docs/:version/install-boundary/architecture/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/oss/installing/high-availability', + destination: + '/boundary/docs/:version/install-boundary/architecture/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/high-availability', + destination: '/boundary/docs/:version/architecture/high-availability', + permanent: true, + }, + { + source: '/boundary/docs/install-boundary', destination: '/boundary/docs/deploy/self-managed', permanent: true, }, + { + source: '/boundary/docs/deploy', + destination: '/boundary/docs/getting-started', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/deploy/self-managed', destination: '/boundary/docs/:version/install-boundary', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary', + destination: '/boundary/docs/:version/deploy/self-managed', + permanent: true, + }, { source: '/boundary/docs/install-boundary/install', destination: '/boundary/docs/deploy/self-managed/install', @@ -341,6 +725,11 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/install', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/install', + destination: '/boundary/docs/:version/deploy/self-managed/install', + permanent: true, + }, { source: '/boundary/docs/install-boundary/deploy', destination: '/boundary/docs/deploy/self-managed/install', @@ -352,6 +741,22 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/deploy', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17)\\.x)/install-boundary/deploy', + destination: '/boundary/docs/:version/install-boundary/install', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/install-boundary/install', + destination: '/boundary/docs/:version/install-boundary/deploy', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/deploy', + destination: '/boundary/docs/:version/deploy/self-managed/install', + permanent: true, + }, { source: '/boundary/docs/install-boundary/self-managed/deploy', destination: '/boundary/docs/deploy/self-managed/install', @@ -369,6 +774,13 @@ module.exports = [ '/boundary/docs/:version/install-boundary/configure-controllers', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/configure-controllers', + destination: + '/boundary/docs/:version/deploy/self-managed/configure-controllers', + permanent: true, + }, { source: '/boundary/docs/install-boundary/configure-workers', destination: '/boundary/docs/deploy/self-managed/deploy-workers', @@ -380,28 +792,93 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/configure-workers', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/configure-workers', + destination: '/boundary/docs/:version/deploy/self-managed/deploy-workers', + permanent: true, + }, { source: '/boundary/docs/install-boundary/initialize', destination: '/boundary/docs/deploy/self-managed/initialize', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/install-boundary/initialize', + destination: '/boundary/docs/:version/install-boundary/no-gen-resources', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/installing/no-gen-resources', + destination: '/boundary/docs/:version/install-boundary/no-gen-resources', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/install-boundary/no-gen-resources', + destination: '/boundary/docs/:version/install-boundary/initialize', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/installing/no-gen-resources', + destination: '/boundary/docs/:version/install-boundary/initialize', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/self-managed/initialize', destination: '/boundary/docs/:version/install-boundary/initialize', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/initialize', + destination: '/boundary/docs/:version/deploy/self-managed/initialize', + permanent: true, + }, { source: '/boundary/docs/oss/installing/no-gen-resources', destination: '/boundary/docs/deploy/self-managed/initialize', permanent: true, }, + { + source: '/boundary/docs/installing/no-gen-resources', + destination: '/boundary/docs/deploy/self-managed/initialize', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/deploy/self-managed/initialize', destination: '/boundary/docs/:version/oss/installing/no-gen-resources', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/oss/installing/no-gen-resources', + destination: '/boundary/docs/:version/deploy/self-managed/initialize', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/oss/installing/no-gen-resources', + destination: '/boundary/docs/:version/install-boundary/no-gen-resources', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/oss/installing/no-gen-resources', + destination: '/boundary/docs/:version/install-boundary/initialize', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/no-gen-resources', + destination: '/boundary/docs/:version/deploy/self-managed/initialize', + permanent: true, + }, { source: '/boundary/docs/install-boundary/no-gen-resources', destination: '/boundary/docs/deploy/self-managed/initialize', @@ -413,6 +890,18 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/no-gen-resources', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/no-gen-resources', + destination: '/boundary/docs/:version/deploy/self-managed/initialize', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing/no-gen-resources', + destination: '/boundary/docs/:version/deploy/self-managed/initialize', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8)\\.x)/deploy/self-managed/initialize', @@ -430,6 +919,24 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/install-clients', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17)\\.x)/deploy/self-managed/install-clients', + destination: '/boundary/docs/:version/install-boundary', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/install-clients', + destination: '/boundary/docs/:version/deploy/self-managed/install-clients', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/install-boundary/install-clients', + destination: '/boundary/docs/:version/install-boundary', + permanent: true, + }, { source: '/boundary/docs/install-boundary/self-managed/install-clients', destination: '/boundary/docs/deploy/self-managed/install-clients', @@ -451,143 +958,122 @@ module.exports = [ permanent: true, }, { - source: '/boundary/docs/oss/installing', - destination: '/boundary/docs/deploy', - permanent: true, - }, - { - source: '/boundary/docs/getting-started/connect-to-target', - destination: '/boundary/docs/hcp/get-started/connect-to-target', + source: '/boundary/docs/installing/systemd', + destination: '/boundary/docs/deploy/self-managed/systemd', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/hcp/get-started/connect-to-target', - destination: '/boundary/docs/:version/getting-started/connect-to-target', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/installing/systemd', + destination: '/boundary/docs/:version/install-boundary/systemd', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8)\\.x)/targets/connections', - destination: '/boundary/docs/:version/getting-started/connect-to-target', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss/installing/systemd', + destination: '/boundary/docs/:version/install-boundary/systemd', permanent: true, }, { - source: '/boundary/docs/getting-started/deploy-and-login', - destination: '/boundary/docs/hcp/get-started/deploy-and-login', + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/systemd', + destination: '/boundary/docs/:version/deploy/self-managed/systemd', permanent: true, }, { - source: - '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/hcp/get-started/deploy-and-login', - destination: '/boundary/docs/:version/getting-started/deploy-and-login', + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing/systemd', + destination: '/boundary/docs/:version/deploy/self-managed/systemd', permanent: true, }, { - source: '/boundary/docs/install-boundary/terraform-patterns', - destination: '/boundary/docs/deploy/terraform-patterns', + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/deploy/self-managed/systemd', + destination: '/boundary/docs/:version/install-boundary', permanent: true, }, { - source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns', - destination: '/boundary/docs/:version/install-boundary/terraform-patterns', + source: '/boundary/docs/oss/installing', + destination: '/boundary/docs/deploy/self-managed', permanent: true, }, { source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-credentials-and-credential-stores', - destination: - '/boundary/docs/deploy/terraform-patterns/terraform-credentials-and-credential-stores', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss/installing', + destination: '/boundary/docs/:version/install-boundary', permanent: true, }, { - source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-credentials-and-credential-stores', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-credentials-and-credential-stores', + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing', + destination: '/boundary/docs/:version/deploy/self-managed', permanent: true, }, { - source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-groups-and-rbac', - destination: - '/boundary/docs/deploy/terraform-patterns/terraform-groups-and-rbac', + source: '/boundary/docs/getting-started/connect-to-target', + destination: '/boundary/docs/hcp/get-started/connect-to-target', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-groups-and-rbac', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-groups-and-rbac', + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13|14|15|16|17|18|19)\\.x)/getting-started/connect-to-target', + destination: '/boundary/docs/:version/hcp/get-started/connect-to-target', permanent: true, }, { source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-hosts-and-host-management', - destination: - '/boundary/docs/deploy/terraform-patterns/terraform-hosts-and-host-management', + '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/hcp/get-started/connect-to-target', + destination: '/boundary/docs/:version/getting-started/connect-to-target', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-hosts-and-host-management', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-hosts-and-host-management', + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8)\\.x)/targets/connections', + destination: '/boundary/docs/:version/getting-started/connect-to-target', permanent: true, }, { - source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-scopes', - destination: '/boundary/docs/deploy/terraform-patterns/terraform-scopes', + source: '/boundary/docs/getting-started/deploy-and-login', + destination: '/boundary/docs/hcp/get-started/deploy-and-login', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-scopes', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-scopes', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18|19)\\.x)/getting-started/deploy-and-login', + destination: '/boundary/docs/:version/hcp/get-started/deploy-and-login', permanent: true, }, { source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-session-recording', - destination: - '/boundary/docs/deploy/terraform-patterns/terraform-session-recording', + '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/hcp/get-started/deploy-and-login', + destination: '/boundary/docs/:version/getting-started/deploy-and-login', permanent: true, }, { - source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-session-recording', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-session-recording', + source: '/boundary/docs/install-boundary/terraform-patterns/:slug*', + destination: '/boundary/docs/deploy/terraform-patterns/:slug*', permanent: true, }, { source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-targets', - destination: '/boundary/docs/deploy/terraform-patterns/terraform-targets', + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/install-boundary/terraform-patterns/:slug*', + destination: '/boundary/docs/:version/install-boundary', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-pattern/terraform-targets', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-targets', + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/terraform-patterns/:slug*', + destination: '/boundary/docs/:version/deploy/terraform-patterns/:slug*', permanent: true, }, { source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-users-and-auth-methods', + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/:slug*', destination: - '/boundary/docs/deploy/terraform-patterns/terraform-users-and-auth-methods', + '/boundary/docs/:version/install-boundary/terraform-patterns/:slug*', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-users-and-auth-methods', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-users-and-auth-methods', + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/deploy/terraform-patterns/:slug*', + destination: '/boundary/docs/:version/install-boundary', permanent: true, }, { @@ -616,11 +1102,22 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/security/data-encryption', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/security/data-encryption', + destination: '/boundary/docs/:version/secure/encryption/data-encryption', + permanent: true, + }, { source: '/boundary/docs/concepts/security', destination: '/boundary/docs/secure/encryption/data-encryption', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/security', + destination: '/boundary/docs/:version/secure/encryption/data-encryption', + permanent: true, + }, { source: '/boundary/docs/concepts/security/connections-tls', destination: '/boundary/docs/secure/encryption/connections-tls', @@ -632,6 +1129,12 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/security/connections-tls', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/security/connections-tls', + destination: '/boundary/docs/:version/secure/encryption/connections-tls', + permanent: true, + }, { source: '/boundary/docs/oss/operations', destination: '/boundary/docs/monitor', @@ -652,11 +1155,22 @@ module.exports = [ destination: '/boundary/docs/:version/operations', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations', + destination: '/boundary/docs/:version/monitor', + permanent: true, + }, { source: '/boundary/docs/configuration/listener', destination: '/boundary/docs/monitor/listeners', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/listener/:slug*', + destination: '/boundary/docs/:version/monitor/listeners/:slug*', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/monitor/listeners', @@ -695,11 +1209,27 @@ module.exports = [ destination: '/boundary/docs/:version/oss/operations/metrics', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss/operations/metrics', + destination: '/boundary/docs/:version/operations/metrics', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/operations/metrics', + destination: '/boundary/docs/:version/monitor/metrics', + permanent: true, + }, { source: '/boundary/docs/operations/metrics', destination: '/boundary/docs/monitor/metrics', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/metrics', + destination: '/boundary/docs/:version/monitor/metrics', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:8|13|14|15|16|17|18)\\.x)/monitor/metrics', @@ -717,6 +1247,11 @@ module.exports = [ destination: '/boundary/docs/:version/operations/health', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/health', + destination: '/boundary/docs/:version/monitor/health', + permanent: true, + }, { source: '/boundary/docs/oss/operations/health', destination: '/boundary/docs/monitor/health', @@ -727,11 +1262,49 @@ module.exports = [ destination: '/boundary/docs/:version/oss/operations/health', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss/operations/health', + destination: '/boundary/docs/:version/operations/health', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/operations/health', + destination: '/boundary/docs/:version/monitor/health', + permanent: true, + }, { source: '/boundary/docs/configuration/events', destination: '/boundary/docs/monitor/events/events', permanent: true, }, + { + source: '/boundary/docs/monitor/events', + destination: '/boundary/docs/monitor/events/events', + permanent: true, + }, + { + source: '/boundary/docs/configuration/events/overview', + destination: '/boundary/docs/monitor/events/events', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/events', + destination: '/boundary/docs/:version/monitor/events/events', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/events/overview', + destination: '/boundary/docs/:version/monitor/events/events', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:10|11|12|13|14|15|16|17|18)\\.x)/configuration/events/overview', + destination: '/boundary/docs/:version/configuration/events', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:10|11|12|13|14|15|16|17|18)\\.x)/monitor/events/events', @@ -744,6 +1317,11 @@ module.exports = [ destination: '/boundary/docs/:version/configuration/events/overview', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/monitor/events', + destination: '/boundary/docs/:version/monitor/events/events', + permanent: true, + }, { source: '/boundary/docs/concepts/filtering/events', destination: '/boundary/docs/monitor/events/filter-events', @@ -755,11 +1333,29 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/filtering/events', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering/events', + destination: '/boundary/docs/:version/monitor/events/filter-events', + permanent: true, + }, { source: '/boundary/docs/configuration/events/common', destination: '/boundary/docs/monitor/events/common', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13|14|15|16|17|18)\\.x)/configuration/events/common-sink-parameters', + destination: '/boundary/docs/:version/configuration/events/common', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/events/common', + destination: '/boundary/docs/:version/monitor/events/common', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/monitor/events/common', @@ -777,6 +1373,18 @@ module.exports = [ destination: '/boundary/docs/:version/configuration/events/file', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13|14|15|16|17|18)\\.x)/configuration/events/file-sink', + destination: '/boundary/docs/:version/configuration/events/file', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/events/file', + destination: '/boundary/docs/:version/monitor/events/file', + permanent: true, + }, { source: '/boundary/docs/configuration/events/stderr', destination: '/boundary/docs/monitor/events/stderr', @@ -788,11 +1396,70 @@ module.exports = [ destination: '/boundary/docs/:version/configuration/events/stderr', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/configuration/events/stderr-sink', + destination: '/boundary/docs/:version/configuration/events/stderr', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/events/stderr', + destination: '/boundary/docs/:version/monitor/events/stderr', + permanent: true, + }, { source: '/boundary/docs/release-notes', destination: '/boundary/docs', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/release-notes', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13)\\.x)/release-notes/v0_14_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/release-notes/v0_15_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15)\\.x)/release-notes/v0_16_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)\\.x)/release-notes/v0_17_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/release-notes/v0_18_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/release-notes/v0_19_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19)\\.x)/release-notes/v0_20_0', + destination: '/boundary/docs/:version', + permanent: true, + }, { source: '/boundary/docs/configuration/worker', destination: '/boundary/docs/workers', @@ -804,16 +1471,44 @@ module.exports = [ destination: '/boundary/docs/:version/configuration/worker', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/worker', + destination: '/boundary/docs/:version/workers', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9)\\.x)/workers', destination: '/boundary/docs/:version/configuration/worker/overview', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:9)\\.x)/configuration/worker', + destination: '/boundary/docs/:version/configuration/worker/overview', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:10|11|12|13|14|15)\\.x)/configuration/worker/overview', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:10|11|12|13|14|15|16|17|18)\\.x)/workers/create', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, { source: '/boundary/docs/configuration/worker/worker-configuration', destination: '/boundary/docs/workers/registration', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:10|11|12|13|14)\\.x)/workers/registration', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/workers/registration', @@ -821,21 +1516,71 @@ module.exports = [ '/boundary/docs/:version/configuration/worker/worker-configuration', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13|14)\\.x)/configuration/worker/worker-configuration', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13|14|15|16|17|18)\\.x)/configuration/workers', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/worker/worker-configuration', + destination: '/boundary/docs/:version/workers/registration', + permanent: true, + }, { source: '/boundary/docs/configuration/worker/kms-worker', destination: '/boundary/docs/workers/registration', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/configuration/worker/kms-worker', + destination: + '/boundary/docs/:version/configuration/worker/worker-configuration', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/worker/kms-worker', + destination: '/boundary/docs/:version/workers/registration', + permanent: true, + }, { source: '/boundary/docs/configuration/worker/pki-worker', destination: '/boundary/docs/workers/registration', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/configuration/worker/pki-worker', + destination: + '/boundary/docs/:version/configuration/worker/worker-configuration', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/worker/pki-worker', + destination: '/boundary/docs/:version/workers/registration', + permanent: true, + }, { source: '/boundary/docs/concepts/connection-workflows/multi-hop', destination: '/boundary/docs/workers/multi-hop', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13)\\.x)/workers/multi-hop', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/workers/multi-hop', @@ -843,6 +1588,38 @@ module.exports = [ '/boundary/docs/:version/concepts/connection-workflows/multi-hop', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/connection-workflows/multi-hop', + destination: '/boundary/docs/:version/workers/multi-hop', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13)\\.x)/workers/multi-hop/enterprise', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13)\\.x)/workers/multi-hop/hcp', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/workers/multi-hop/enterprise', + destination: + '/boundary/docs/:version/concepts/connection-workflows/multi-hop', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/workers/multi-hop/hcp', + destination: + '/boundary/docs/:version/concepts/connection-workflows/multi-hop', + permanent: true, + }, { source: '/boundary/docs/concepts/filtering/worker-tags', destination: '/boundary/docs/workers/worker-tags', @@ -854,6 +1631,18 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/filtering/worker-tags', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/workers/filters', + destination: '/boundary/docs/:version/concepts/filtering/worker-tags', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering/worker-tags', + destination: '/boundary/docs/:version/workers/worker-tags', + permanent: true, + }, { source: '/boundary/docs/concepts/service-discovery', destination: '/boundary/docs/hosts', @@ -864,6 +1653,18 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/service-discovery', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/concepts/service-discovery', + destination: '/boundary/docs/:version/concepts/host-discovery', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/service-discovery', + destination: '/boundary/docs/:version/hosts', + permanent: true, + }, { source: '/boundary/docs/concepts/host-discovery', destination: '/boundary/docs/hosts', @@ -874,6 +1675,12 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/host-discovery', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/host-discovery/:slug*', + destination: '/boundary/docs/:version/hosts/:slug*', + permanent: true, + }, { source: '/boundary/docs/concepts/host-discovery/aws', destination: '/boundary/docs/hosts/aws', @@ -900,21 +1707,61 @@ module.exports = [ destination: '/boundary/docs/hosts/gcp', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/hosts/gcp', + destination: '/boundary/docs/:version/concepts/host-discovery', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:8|9|10|11|12)\\.x)/hosts/gcp', + destination: '/boundary/docs/:version/concepts/service-discovery', + permanent: true, + }, { source: '/boundary/docs/configuration/target-aliases', destination: '/boundary/docs/targets/configuration', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/configuration/target-aliases/:slug*', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:16|17)\\.x)/configuration/target-aliases/:slug*', + destination: '/boundary/docs/:version/concepts/aliases', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/targets/configuration', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/configuration', destination: '/boundary/docs/:version/configuration/target-aliases', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/target-aliases', + destination: '/boundary/docs/:version/targets/configuration', + permanent: true, + }, { source: '/boundary/docs/configuration/target-aliases/connect-target-alias', destination: '/boundary/docs/targets/connections/connect-target-alias', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/targets/connections/connect-target-alias', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/connections/connect-target-alias', @@ -922,6 +1769,13 @@ module.exports = [ '/boundary/docs/:version/configuration/target-aliases/connect-target-alias', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/target-aliases/connect-target-alias', + destination: + '/boundary/docs/:version/targets/connections/connect-target-alias', + permanent: true, + }, { source: '/boundary/docs/configuration/target-aliases/create-target-alias', destination: '/boundary/docs/targets/configuration/create-target-alias', @@ -929,9 +1783,22 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/configuration/create-target-alias', + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/targets/configuration/create-target-alias', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/configuration/create-target-alias', + destination: + '/boundary/docs/:version/configuration/target-aliases/create-target-alias', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/target-aliases/create-target-alias', destination: - '/boundary/docs/:version/configuration/target-aliases/create-target-alias', + '/boundary/docs/:version/targets/configuration/create-target-alias', permanent: true, }, { @@ -940,6 +1807,12 @@ module.exports = [ '/boundary/docs/targets/configuration/configure-transparent-sessions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/targets/configuration/configure-transparent-sessions', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/configuration/configure-transparent-sessions', @@ -947,22 +1820,47 @@ module.exports = [ '/boundary/docs/:version/configuration/target-aliases/transparent-sessions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/target-aliases/transparent-sessions', + destination: + '/boundary/docs/:version/targets/configuration/configure-transparent-sessions', + permanent: true, + }, { source: '/boundary/docs/concepts/connection-workflows', destination: '/boundary/docs/targets/connections', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13)\\.x)/targets/connections', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/targets/connections', destination: '/boundary/docs/:version/concepts/connection-workflows', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/connection-workflows', + destination: '/boundary/docs/:version/targets/connections', + permanent: true, + }, { source: '/boundary/docs/concepts/connection-workflows/connect-helpers', destination: '/boundary/docs/targets/connections/connect-helpers', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13)\\.x)/targets/connections/connect-helpers', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/targets/connections/connect-helpers', @@ -970,11 +1868,23 @@ module.exports = [ '/boundary/docs/:version/concepts/connection-workflows/connect-helpers', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/connection-workflows/connect-helpers', + destination: '/boundary/docs/:version/targets/connections/connect-helpers', + permanent: true, + }, { source: '/boundary/docs/concepts/connection-workflows/exec-flag', destination: '/boundary/docs/targets/connections/exec-flag', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13)\\.x)/targets/connections/exec-flag', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/targets/connections/exec-flag', @@ -982,6 +1892,12 @@ module.exports = [ '/boundary/docs/:version/concepts/connection-workflows/exec-flag', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/connection-workflows/exec-flag', + destination: '/boundary/docs/:version/targets/connections/exec-flag', + permanent: true, + }, { source: '/boundary/docs/common-workflows/workflow-ssh-proxycommand', destination: '/boundary/docs/targets/connections/workflow-ssh-proxycommand', @@ -993,6 +1909,12 @@ module.exports = [ destination: '/boundary/docs/targets/connections/workflow-ssh-proxycommand', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13)\\.x)/targets/connections/workflow-ssh-proxycommand', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/targets/connections/workflow-ssh-proxycommand', @@ -1000,16 +1922,65 @@ module.exports = [ '/boundary/docs/:version/concepts/connection-workflows/workflow-ssh-proxycommand', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/connection-workflows/workflow-ssh-proxycommand', + destination: + '/boundary/docs/:version/targets/connections/workflow-ssh-proxycommand', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/targets/connections/transparent-sessions', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/connections/transparent-sessions', + destination: + '/boundary/docs/:version/configuration/target-aliases/transparent-sessions', + permanent: true, + }, { source: '/boundary/docs/configuration/credential-management', destination: '/boundary/docs/credentials', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/credentials/:slug*', + destination: '/boundary/docs/:version/concepts/credential-management', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/credential-management/:slug*', + destination: '/boundary/docs/:version/credentials/:slug*', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/credentials', destination: '/boundary/docs/:version/configuration/credential-management', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/configuration/credential-management/:slug*', + destination: '/boundary/docs/:version/concepts/credential-management', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/credentials/rdp-testing-and-compatibility-matrix', + destination: '/boundary/docs/:version/configuration/credential-management', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/credentials/rdp-testing-and-compatibility-matrix', + destination: '/boundary/docs/:version/credentials', + permanent: true, + }, { source: '/boundary/docs/configuration/credential-management/configure-credential-brokering', @@ -1073,6 +2044,12 @@ module.exports = [ destination: '/boundary/docs/:version/configuration/session-recording', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording', + destination: '/boundary/docs/:version/session-recording', + permanent: true, + }, { source: '/boundary/docs/operations/session-recordings', destination: '/boundary/docs/session-recording', @@ -1085,6 +2062,13 @@ module.exports = [ '/boundary/docs/session-recording/configuration/configure-worker-storage', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/configuration/session-recording/configure-worker-storage', + destination: + '/boundary/docs/:version/configuration/session-recording/create-storage-bucket', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:16|17|18)\\.x)/session-recording/configuration/configure-worker-storage', @@ -1092,6 +2076,13 @@ module.exports = [ '/boundary/docs/:version/configuration/session-recording/configure-worker-storage', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/configure-worker-storage', + destination: + '/boundary/docs/:version/session-recording/configuration/configure-worker-storage', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/session-recording/configuration/configure-worker-storage', @@ -1105,6 +2096,13 @@ module.exports = [ '/boundary/docs/session-recording/configuration/storage-providers', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/storage-providers/:slug*', + destination: + '/boundary/docs/:version/session-recording/configuration/storage-providers/:slug*', + permanent: true, + }, { source: '/boundary/docs/configuration/session-recording/storage-providers/configure-s3', @@ -1112,6 +2110,18 @@ module.exports = [ '/boundary/docs/session-recording/configuration/storage-providers/configure-s3', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/configuration/session-recording/storage-providers/configure-s3', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/session-recording/configuration/storage-providers/configure-s3', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:16|17|18)\\.x)/session-recording/configuration/storage-providers/configure-s3', @@ -1126,6 +2136,18 @@ module.exports = [ '/boundary/docs/session-recording/configuration/storage-providers/configure-minio', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/configuration/session-recording/storage-providers/configure-minio', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/session-recording/configuration/storage-providers/configure-minio', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:16|17|18)\\.x)/session-recording/configuration/storage-providers/configure-minio', @@ -1140,6 +2162,18 @@ module.exports = [ '/boundary/docs/session-recording/configuration/storage-providers/configure-s3-compliant', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/configuration/session-recording/storage-providers/configure-s3-compliant', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/session-recording/configuration/storage-providers/configure-s3-compliant', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:17|18)\\.x)/session-recording/configuration/storage-providers/configure-s3-compliant', @@ -1161,6 +2195,13 @@ module.exports = [ '/boundary/docs/:version/configuration/session-recording/create-storage-bucket', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/create-storage-bucket', + destination: + '/boundary/docs/:version/session-recording/configuration/create-storage-bucket', + permanent: true, + }, { source: '/boundary/docs/configuration/session-recording/enable-session-recording', @@ -1175,6 +2216,19 @@ module.exports = [ '/boundary/docs/:version/configuration/session-recording/enable-session-recording', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/enable-session-recording', + destination: + '/boundary/docs/:version/session-recording/configuration/enable-session-recording', + permanent: true, + }, + { + source: '/boundary/docs/operations/manage-recorded-sessions', + destination: + '/boundary/docs/session-recording/configuration/manage-recorded-sessions', + permanent: true, + }, { source: '/boundary/docs/operations/session-recordings/manage-recorded-sessions', @@ -1182,6 +2236,30 @@ module.exports = [ '/boundary/docs/session-recording/configuration/manage-recorded-sessions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/operations/session-recordings', + destination: '/boundary/docs/:version/operations/manage-recorded-sessions', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/operations/session-recordings/manage-recorded-sessions', + destination: '/boundary/docs/:version/operations/manage-recorded-sessions', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/session-recording/configuration/manage-recorded-sessions', + destination: '/boundary/docs/:version/operations/manage-recorded-sessions', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/operations/manage-recorded-sessions', + destination: '/boundary/docs/:version/operations/session-recordings', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/session-recording/configuration/manage-recorded-sessions', @@ -1189,6 +2267,12 @@ module.exports = [ '/boundary/docs/:version/operations/session-recordings/manage-recorded-sessions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19|20)\\.x)/operations/manage-recorded-sessions', + destination: '/boundary/docs/:version/session-recording', + permanent: true, + }, { source: '/boundary/docs/troubleshoot/troubleshoot-recorded-sessions', destination: @@ -1202,6 +2286,13 @@ module.exports = [ '/boundary/docs/:version/troubleshoot/troubleshoot-recorded-sessions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/troubleshoot/troubleshoot-recorded-sessions', + destination: + '/boundary/docs/:version/session-recording/configuration/troubleshoot-recorded-sessions', + permanent: true, + }, { source: '/boundary/docs/configuration/session-recording/configure-storage-policy', @@ -1209,6 +2300,18 @@ module.exports = [ '/boundary/docs/session-recording/compliance/configure-storage-policy', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/configuration/session-recording/configure-storage-policy', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/session-recording/compliance/configure-storage-policy', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/session-recording/compliance/configure-storage-policy', @@ -1216,6 +2319,13 @@ module.exports = [ '/boundary/docs/:version/configuration/session-recording/configure-storage-policy', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/configure-storage-policy', + destination: + '/boundary/docs/:version/session-recording/compliance/configure-storage-policy', + permanent: true, + }, { source: '/boundary/docs/configuration/session-recording/update-storage-policy', @@ -1223,6 +2333,18 @@ module.exports = [ '/boundary/docs/session-recording/compliance/update-storage-policy', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/configuration/session-recording/update-storage-policy', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/session-recording/compliance/update-storage-policy', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/session-recording/compliance/update-storage-policy', @@ -1231,30 +2353,99 @@ module.exports = [ permanent: true, }, { - source: '/boundary/docs/operations/session-recordings/validate-data-store', - destination: - '/boundary/docs/session-recording/compliance/validate-data-store', + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/update-storage-policy', + destination: + '/boundary/docs/:version/session-recording/compliance/update-storage-policy', + permanent: true, + }, + { + source: '/boundary/docs/operations/session-recordings/validate-data-store', + destination: + '/boundary/docs/session-recording/compliance/validate-data-store', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/operations/session-recordings/validate-data-store', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/session-recording/compliance/validate-data-store', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/session-recording/compliance/validate-data-store', + destination: + '/boundary/docs/:version/operations/session-recordings/validate-data-store', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/session-recordings/validate-data-store', + destination: + '/boundary/docs/:version/session-recording/compliance/validate-data-store', + permanent: true, + }, + { + source: + '/boundary/docs/operations/session-recordings/validate-session-recordings', + destination: + '/boundary/docs/session-recording/compliance/validate-session-recordings', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/operations/session-recordings/validate-session-recordings', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/session-recording/compliance/validate-session-recordings', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/session-recording/compliance/validate-session-recordings', + destination: + '/boundary/docs/:version/operations/session-recordings/validate-session-recordings', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/session-recordings', + destination: '/boundary/docs/:version/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/session-recordings/manage-recorded-sessions', + destination: '/boundary/docs/:version/session-recording', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/session-recording/compliance/validate-data-store', + '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/session-recordings/validate-session-recordings', destination: - '/boundary/docs/:version/operations/session-recordings/validate-data-store', + '/boundary/docs/:version/session-recording/compliance/validate-session-recordings', permanent: true, }, { source: - '/boundary/docs/operations/session-recordings/validate-session-recordings', - destination: - '/boundary/docs/session-recording/compliance/validate-session-recordings', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/session-recording/data/bsr-file-structure', + destination: '/boundary/docs/:version/concepts/auditing', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/session-recording/compliance/validate-session-recordings', - destination: - '/boundary/docs/:version/operations/session-recordings/validate-session-recordings', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/session-recording/data/read-bsr-file', + destination: '/boundary/docs/:version/concepts/auditing', permanent: true, }, { @@ -1262,12 +2453,24 @@ module.exports = [ destination: '/boundary/docs/rbac', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/identity-access-management/:slug*', + destination: '/boundary/docs/:version/rbac/:slug*', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:17|18)\\.x)/rbac', destination: '/boundary/docs/:version/configuration/identity-access-management', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/configuration/identity-access-management', + destination: '/boundary/docs/:version/concepts/security/permissions', + permanent: true, + }, { source: '/boundary/docs/concepts/security/permissions', destination: '/boundary/docs/rbac', @@ -1275,7 +2478,20 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|1|14|15|16)\\.x)/rbac', + '/boundary/docs/:version(v0\\.(?:17|18)\\.x)/concepts/security/permissions/:slug*', + destination: '/boundary/docs/:version/rbac/:slug*', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/security/permissions/:slug*', + destination: + '/boundary/docs/:version/configuration/identity-access-management/:slug*', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)\\.x)/rbac', destination: '/boundary/docs/:version/concepts/security/permissions', permanent: true, }, @@ -1287,7 +2503,7 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|1|14|15|16)\\.x)/rbac/assignable-permissions', + '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|13|14|15|16)\\.x)/rbac/assignable-permissions', destination: '/boundary/docs/:version/concepts/security/permissions/assignable-permissions', permanent: true, @@ -1305,6 +2521,13 @@ module.exports = [ '/boundary/docs/:version/configuration/identity-access-management/assignable-permissions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/configuration/identity-access-management/assignable-permissions', + destination: + '/boundary/docs/:version/concepts/security/permissions/assignable-permissions', + permanent: true, + }, { source: '/boundary/docs/concepts/security/permissions/permission-grant-formats', @@ -1313,7 +2536,7 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|1|14|15|16)\\.x)/rbac/permission-grant-formats', + '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|13|14|15|16)\\.x)/rbac/permission-grant-formats', destination: '/boundary/docs/:version/concepts/security/permissions/permission-grant-formats', permanent: true, @@ -1324,6 +2547,13 @@ module.exports = [ destination: '/boundary/docs/rbac/permission-grant-formats', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/configuration/identity-access-management/permission-grant-formats', + destination: + '/boundary/docs/:version/concepts/security/permissions/permission-grant-formats', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:17|18)\\.x)/rbac/permission-grant-formats', @@ -1338,10 +2568,16 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|1|14|15|16|17|18)\\.x)/rbac/manage-roles', + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/rbac/manage-roles', destination: '/boundary/docs/:version/common-workflows/manage-roles', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/common-workflows/manage-roles', + destination: '/boundary/docs/:version/rbac/manage-roles', + permanent: true, + }, { source: '/boundary/docs/concepts/security/permissions/resource-table', destination: '/boundary/docs/rbac/resource-table', @@ -1349,7 +2585,7 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|1|14|15|16)\\.x)/rbac/resource-table', + '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|13|14|15|16)\\.x)/rbac/resource-table', destination: '/boundary/docs/:version/concepts/security/permissions/resource-table', permanent: true, @@ -1360,6 +2596,13 @@ module.exports = [ destination: '/boundary/docs/rbac/resource-table', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/configuration/identity-access-management/resource-table', + destination: + '/boundary/docs/:version/concepts/security/permissions/resource-table', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:17|18)\\.x)/rbac/resource-table', destination: @@ -1373,10 +2616,16 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|1|14|15|16|17|18)\\.x)/rbac/users/manage-users-groups', + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/rbac/users/manage-users-groups', destination: '/boundary/docs/:version/common-workflows/manage-users-groups', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/common-workflows/manage-users-groups', + destination: '/boundary/docs/:version/rbac/users/manage-users-groups', + permanent: true, + }, { source: '/boundary/docs/concepts/filtering/oidc-managed-groups', destination: '/boundary/docs/rbac/users/managed-groups', @@ -1389,6 +2638,25 @@ module.exports = [ '/boundary/docs/:version/concepts/filtering/oidc-managed-groups', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:4|5|6|7|8|9|10|11|12|13|14|15)\\.x)/concepts/filtering/managed-groups', + destination: + '/boundary/docs/:version/concepts/filtering/oidc-managed-groups', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:16|17|18)\\.x)/concepts/filtering/oidc-managed-groups', + destination: '/boundary/docs/:version/concepts/filtering/managed-groups', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering/oidc-managed-groups', + destination: '/boundary/docs/:version/rbac/users/managed-groups', + permanent: true, + }, { source: '/boundary/docs/concepts/filtering/managed-groups', destination: '/boundary/docs/rbac/users/managed-groups', @@ -1400,21 +2668,47 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/filtering/managed-groups', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering/managed-groups', + destination: '/boundary/docs/:version/rbac/users/managed-groups', + permanent: true, + }, { source: '/boundary/docs/integrations', destination: '/boundary/docs', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14|19)\\.x)/integrations', + destination: '/boundary/docs/:version', + permanent: true, + }, { source: '/boundary/docs/integrations/vault', destination: '/boundary/docs/vault', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/integrations/vault', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/vault', + destination: '/boundary/docs/:version', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/vault', destination: '/boundary/docs/:version/integrations/vault', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/integrations/vault', + destination: '/boundary/docs/:version/vault', + permanent: true, + }, { source: '/boundary/docs/api-clients/go-sdk', destination: '/boundary/docs/go-sdk', @@ -1426,26 +2720,70 @@ module.exports = [ destination: '/boundary/docs/:version/api-clients/go-sdk', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/go-sdk', + destination: '/boundary/docs/:version/go-sdk', + permanent: true, + }, { source: '/boundary/docs/api-clients/client-agent', destination: '/boundary/docs/client-agent', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/api-clients/client-agent', + destination: '/boundary/docs/:version', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/client-agent', destination: '/boundary/docs/:version/api-clients/client-agent', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/client-agent', + destination: '/boundary/docs/:version/client-agent', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/client-agent/:slug*', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/client-agent/:slug*', + destination: '/boundary/docs/:version/api-clients/client-agent', + permanent: true, + }, { source: '/boundary/docs/api-clients/client-cache', destination: '/boundary/docs/client-cache', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/api-clients/client-cache', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/client-cache', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/client-cache', destination: '/boundary/docs/:version/api-clients/client-cache', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/client-cache', + destination: '/boundary/docs/:version/client-cache', + permanent: true, + }, { source: '/boundary/docs/api-clients/api', destination: '/boundary/docs/api', @@ -1457,27 +2795,66 @@ module.exports = [ destination: '/boundary/docs/:version/api-clients/api', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/api', + destination: '/boundary/docs/:version/api', + permanent: true, + }, { source: '/boundary/docs/api-clients/api/pagination', destination: '/boundary/docs/api/pagination', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/api-clients/api/pagination', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/api/pagination', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/api/pagination', destination: '/boundary/docs/:version/api-clients/api/pagination', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/api/pagination', + destination: '/boundary/docs/:version/api/pagination', + permanent: true, + }, { source: '/boundary/docs/api-clients/api/rate-limiting', destination: '/boundary/docs/api/rate-limiting', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/api-clients/api/rate-limiting', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/api/rate-limiting', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/api/rate-limiting', destination: '/boundary/docs/:version/api-clients/api/rate-limiting', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/api/rate-limiting', + destination: '/boundary/docs/:version/api/rate-limiting', + permanent: true, + }, { source: '/boundary/docs/api-clients/cli', destination: '/boundary/docs/commands/', @@ -1489,6 +2866,89 @@ module.exports = [ destination: '/boundary/docs/:version/api-clients/cli', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18|19)\\.x)/api-clients/cli', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19)\\.x)/commands/connect/cassandra', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19)\\.x)/commands/connect/mysql', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: '/boundary/docs/commands/daemon/:slug*', + destination: '/boundary/docs/commands/cache/:slug*', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)\\.x)/commands/cache/:slug*', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/daemon/:slug*', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:17|18|19)\\.x)/commands/daemon/:slug*', + destination: '/boundary/docs/:version/commands/cache/:slug*', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/delete', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/read', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/search', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/update', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/roles/add-grant-scopes', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/roles/remove-grant-scopes', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/roles/set-grant-scopes', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, { source: '/boundary/docs/concepts/domain-model', destination: '/boundary/docs/domain-model', @@ -1500,6 +2960,12 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/domain-model', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/domain-model/:slug*', + destination: '/boundary/docs/:version/domain-model/:slug*', + permanent: true, + }, { source: '/boundary/docs/concepts/domain-model/accounts', destination: '/boundary/docs/domain-model/accounts', @@ -1516,6 +2982,18 @@ module.exports = [ destination: '/boundary/docs/domain-model/aliases', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15)\\.x)/concepts/domain-model/aliases', + destination: '/boundary/docs/:version/concepts/domain-model', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15)\\.x)/domain-model/aliases', + destination: '/boundary/docs/:version/concepts/domain-model', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:16|17|18)\\.x)/domain-model/aliases', @@ -1697,12 +3175,41 @@ module.exports = [ destination: '/boundary/docs/domain-model/storage-policy', permanent: true, }, + { + source: '/boundary/docs/concepts/domain-model/storage-policies', + destination: '/boundary/docs/domain-model/storage-policy', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/concepts/domain-model/storage-policy', + destination: '/boundary/docs/:version/concepts/domain-model', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/domain-model/storage-policy', + destination: '/boundary/docs/:version/concepts/domain-model', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/concepts/domain-model/storage-policies', + destination: '/boundary/docs/:version/concepts/domain-model', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/domain-model/storage-policy', destination: '/boundary/docs/:version/concepts/domain-model/storage-policy', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/concepts/domain-model/storage-policies', + destination: '/boundary/docs/:version/concepts/domain-model/storage-policy', + permanent: true, + }, { source: '/boundary/docs/concepts/domain-model/targets', destination: '/boundary/docs/domain-model/targets', @@ -1736,11 +3243,22 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/filtering', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering', + destination: '/boundary/docs/:version/filtering', + permanent: true, + }, { source: '/boundary/docs/concepts/filtering/resource-listing', destination: '/boundary/docs/filtering', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering/resource-listing', + destination: '/boundary/docs/:version/filtering', + permanent: true, + }, { source: '/boundary/docs/troubleshoot/common-errors', destination: '/boundary/docs/errors', @@ -1751,10 +3269,22 @@ module.exports = [ destination: '/boundary/docs/:version/troubleshoot/common-errors', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/troubleshoot/common-errors', + destination: '/boundary/docs/:version/errors', + permanent: true, + }, { source: '/boundary/docs/configuration/target-aliases/interoperability-matrix', destination: '/boundary/docs/interoperability-matrix/index', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/interoperability-matrix', + destination: '/boundary/docs/:version', + permanent: true, + }, ]