v0.7.4

0.7.4 (2022/01/18)

Deprecations/Changes

• In newly-created scopes, if default role creation is not disabled, the roles
  will now contain a grant to allow listing targets. This will still be subject
  to listing visibility rules, so only targets the user is granted some action
  on (such as authorize-session) will be returned.

New and Improved

• config: The description field for workers now supports being set
  from environment variables or a file on disk
  (PR)
• config: The max_open_connections field for the database field in controllers now supports being set
  from environment variables or a file on disk
  (PR)
• config: The execution_dir field for plugins now supports being set from environment variables
  or a file on disk.(PR)
• config: Add support for reading worker controllers off of environment
  variables as well as files. (PR)
• config: The description field for controllers now supports being set
  from environment variables or a file on disk
  (PR)
• config: Add support for reading worker tags off of environment variables
  as well as files. (PR)
• config: Add support for go-sockaddr templates to Worker and Controller
  addresses. (PR)
• controllers/workers: Add client IP to inbound request information which is included in
  Boundary events (PR)
• host: Plugin-based host catalogs will now schedule updates for all
  of its host sets when its attributes are updated.
  (PR)
• scopes: Default roles in newly-created scopes now contain a grant to allow
  listing targets. (PR)
• plugins/aws: AWS plugin based hosts now include DNS names in addition to the
  IP addresses they already provide.

Bug Fixes

• session: Fix duplicate sessions and invalid session state transitions. (PR)

v0.7.3

0.7.3 (2021/12/16)

Bug Fixes

• target: Fix permission bug which prevents the UI from being able to add and remove
  host sources on a target. (PR)
• credential: Fix panic during credential issue when a nil secret is received. This can
  occur when using the Vault KV backend which returns a nil secret and no error if the
  secret does not exist. (PR)

v0.7.2

0.7.2 (2021/12/14)

Security

• Boundary now uses Go 1.17.5 to address a security vulnerability (CVE-2021-44716) where
  an attacker can cause unbounded memory growth in a Go server accepting HTTP/2 requests.
  See the Go announcement for
  more details. (PR)

v0.7.1

0.7.1 (2021/11/18)

Bug Fixes

• db: Fix panic invoking the CLI on Windows. Some changes to how the binary is
  initialized resulted in running some functions on every startup that looked
  for some embedded files. However, Go's embed package does not use OS-specific
  path separators, so a mismatch between path separators caused a failure in the
  function. (PR)

v0.7.0

0.7.0 (2021/11/17)

Deprecations/Changes

• tls: Boundary's support for TLS 1.0/1.1 on the API listener was broken. Rather
  than fix this, we are simply not supporting TLS 1.0/1.1 as they are insecure.

New and Improved

• Boundary now supports dynamic discovery of host resources using our (currently
  internal) new plugin system. See the
  documentation for configuration
  instructions. Currently, only Azure and AWS are supported, but more providers
  will be following in future releases.
• workers: The existing worker connection replay prevention logic has been
  enhanced to be more robust against attackers that have decryption access to
  the shared worker-auth KMS key
  (PR)

Bug Fixes

• tls: Support TLS 1.2 for more clients. This was broken for some clients due to
  a missing mandated cipher suite of the HTTP/2 (h2) specification that could
  result in no shared cipher suites between the Boundary API listener and those
  clients. (PR)
• vault: Fix credential store support when using Vault namespaces
  (Issue,
  PR)

v0.6.2

0.6.2 (2021/09/27)

Deprecations/Changes

• permissions: Fix bug in Host Sets service that authenticated requests
  againist incorrect grant actions. This bug affects the SetHosts, AddHosts
  and RemoveHosts paths that do not have wildcard (*) action grants.
  If affected, please update grant actions as follows:
• • set-host-sets -> set-hosts
• • add-host-sets -> add-hosts
• • remove-host-sets -> remove-hosts
    (PR).
• Removes support for the auth-methods/<id>:authenticate:login action that was
  deprecated in Boundary 0.2.0, please use
  auth-methods/<id>:authenticate instead.
  (PR).
• Removes support for the credential field within auth-methods/<id>:authenticate
  action. This field was deprecated in Boundary 0.2.0, please use
  attributes instead.
  (PR).

v0.6.1

0.6.1 (2021/09/14)

Bug Fixes

• grants: Fix issue where credential-store, credential-library, and
  managed-group would not be accepted as specific type values in grant
  strings. Also, fix authorized actions not showing credential-store values in
  project scope output. (PR)
• actions: Fix sessions collection actions not being visible when reading a
  scope (PR)
• credential stores: Fix credential stores not showing authorized collection
  actions (PR)

v0.6.0

0.6.0 (2021/09/03)

New and Improved

• ui: Reflect user authorized actions in the UI: users now see only actionable
  items for which they have permissions granted.
• ui: Icons refreshed for a friendlier look and feel.

Bug Fixes

• controller: Fix issue with recursive listing across services when using the
  unauthenticated user (u_anon) with no token and the list was started in a
  scope where the user does not have permission
  (PR)
• grants: Fix grant format type=<type>;output_fields=<fields> with no action
  specified. In some code paths this format would trigger an error when
  validating even though it is correctly handled within the ACL code.
  (PR)
• targets: Fix panic when using boundary targets authorize-session
  (issue,
  PR).

v0.5.1

0.5.1 (2021/08/16)

New and Improved

• Data Warehouse: Add OIDC auth method and accounts to the database warehouse.
  Four new columns have been added to the wh_user_dimension table:
  auth_method_external_id, auth_account_external_id,
  auth_account_full_name, and auth_account_email.
  (PR)

Bug Fixes

• events: Fix panic when using the hclog-text event's format.
  (PR)
• oidc managed groups: Allow colons in selector paths
  (PR)

v0.5.0

0.5.0 (2021/08/02)

Deprecations/Changes

• With respect to Target resources, two naming changes are taking place. Note
  that these are not affecting the resources themselves, only the fields on
  Target resources that map them to targets:
• • Credential Libraries: In Target definitions, the field referring to
    attached credential libraries is being renamed to the more abstract
    credential sources. In the future Boundary will gain the ability to
    internally store static credentials that are not generated or fetched
    dynamically, and the sources terminology better reflects that the IDs
    provided are a source of credentials, whether via dynamic generation or via
    the credentials themselves. This will allow a paradigm similar to
    principals with roles, where the principal IDs can be a users, groups, and
    managed groups, rather than having them split out, and should result in an
    easier user experience once those features roll out compared to having
    separate flags and fields. In this 0.5 release the Boundary CLI has gained
    parallel application-credential-source flags to the existing
    application-credential-library flags, as well as boundary targets add/remove/set-credential-sources commands that parallel boundary targets add/remove/set-credential-libraries commands. This parallelism extends to
    the API actions and the grants system. In 0.6, the library versions of
    these commands, flags, and actions will be removed.
• • Host Sets: Similarly, in Target definitions, the field referring to
    attached host sets is being renamed to the more abstract host sources. In
    the future Boundary will allow attaching some host types directly, and
    possibly other mechanisms for gathering hosts for targets, so the sources
    terminology better reflects that the IDs provided are a source of hosts,
    whether via sets or via the hosts themselves. Like with credential sources,
    in this 0.5 release the Boundary CLI and API have gained parallel API
    actions and fields, and the set versions of these will be removed in 0.6.

New and Improved

• OIDC Accounts: When performing a read on an oidc type account, the
  original token and userinfo claims are provided in the output. This can make
  it significantly easier to write filters to create managed
  groups.
  (PR)

• Controllers will now mark connections as closed in the database if the worker
  has not reported its status; this can be seen as the controller counterpart to
  the worker-side session cleanup functionality released in 0.4.0. As with the
  worker, the timeout for this behavior is 15s.

• Workers will shut down connections gracefully upon shutdown of the worker,
  both closing the connection and sending a request to mark the connection as
  closed in the database.

• Pressing CTRL-C (or sending a SIGINT) when Boundary is already shutting
  down due to a CTRL-C or interrupt will now cause Boundary to immediately shut
  down non-gracefully. This may leave various parts of the Boundary deployment
  (namely sessions or connections) in an inconsistent state.

• Events: Boundary has moved from writing hclog entries to emitting events.
  There are four types of Boundary events: error, system, observation and
  audit. All events are emitted as
  cloudevents and we
  support both a cloudevents-json format and custom Boundary
  cloudevents-text format.

  Notes:

  • There are still a few lingering hclog bits within Boundary. If you wish to
    only output json from Boundary logging/events then you should specify both
    "-log-format json" and "-event-format cloudevents-json" when starting
    Boundary.
  • Filtering events: hclog log levels have been replaced by optional sets
    of allow and deny event
    filters which are
    specified via configuration, or in the case of "boundary dev" there are new
    new cmd flags.
  • Observation events are MVP and contain a minimal set of observations about a
    request. Observations are aggregated for each request, so only one
    observation event will be emitted per request. We anticipate that a rich set
    of aggregate data about each request will be developed over time.
  • Audit events are a WIP and will only be emitted if they are both enabled
    and the env var BOUNDARY_DEVELOPER_ENABLE_EVENTS equals true. We
    anticipate many changes for audit events before they are generally available
    including what data is included and different options for
    redacting/encrypting that data.

  PRs:
  hclog json,text formats,
  log adapters,
  unneeded log deps,
  update eventlogger,
  convert from hclog to events,
  event filtering,
  cloudevents node,
  system events,
  convert errors to events,
  integrate events into servers,
  event pkg name,
  events using ctx,
  add eventer,
  and base event types

Bug Fixes

• config: Fix error when populating all kms purposes in separate blocks (as
  well as the error message)
  (issue,
  PR)
• server: Fix panic on worker startup failure when the server was not also
  configured as a controller
  (PR)

New and Improved

• docker: Add support for muti-arch docker images (amd64/arm64) via Docker buildx