Releases · hashicorp/boundary

15 Apr 00:59

hashicorp-ci

v0.2.0

7bf6fad

v0.2.0

0.2.0 (2021/04/14)

Deprecations/Changes

The auth-methods/<id>:authenticate:login action is deprecated and will be
removed in a few releases. (Yes, this was meant to deprecate the
authenticate action; apologies for going back on this!) To better support
future auth methods, and especially the potential for plugins, rather than
defining custom actions on the URL path the authenticate action will consume
both a map of parameters but also a command parameter that specifies the
type of command. This allows workflows that require multiple steps, such as
OIDC, to not require custom subactions. Additionally, the credentials map in
the authenticate action has been renamed attributes to better match other
types of resources. credentials will still work for now but will be removed
in a few releases. Finally, in the Go SDK, the Authenticate function now
requires a command value to be passed in.
Related to the above change, the output of an API
auth-methods/<id>:authenticate call will return the given command value
and a map of attributes that depend on the given command. On the SDK side, the
output of the Authenticate function returns a map, from which a concrete
type can be easily umarshaled (see the updated authenticate password command
for an example).
Anonymous scope/auth method listing: When listing auth methods and scopes
without authentication (that is, as the anonymous user u_anon), only
information necessary for navigation to an auth method and authenticating to
the auth method is now output. Granting u_anon list access to other resource
types will not currently filter any information out.

New and Improved

cli/api/sdk: New OIDC auth method type added with support for create, read,
update, delete, and list (see new cli oidc subcommands available on CRUDL
operations for examples).
PR
cli: support to login using an OIDC auth method (see the new authenticate password oidc subcommand for an example)
PR
server: When performing recursive listing, list action is not longer
required to be granted to the calling user. Instead, the given scope acts as
the root point (so only results under that scope will be shown), and list
grant is evaluated per-scope.
PR
database init: If the database is already initialized, return 0 as the exit
code. This matches how the database migrate command works.
PR

Bug Fixes

server: Roles for auto generated scopes are now generated at database init.
PR
cli: Don't panic on certain commands when outputting in json format
(Issue,
PR)

Assets 2

10 Mar 16:09

hashicorp-ci

v0.1.8

c0f33f9

v0.1.8

0.1.8 (2021/03/09)

Changes/Deprecations

api: A few functions have changed places. Notably, instead of ResponseMap()
and ResponseBody(), resources simply expose Response(). This higher-level
response object contains the map and body, and also exposes StatusCode() in
place of indivdidual resources.
PR
cli: In json output format, a resource item is now an object under the
top-level key item; a list of resource items is now an list of objects under
the top-level key items. This preserves the top level for putting in other
useful information later on (and the HTTP status code is included now).
PR
cli: In json output format, errors are now serialized as a JSON object with
an error key instead of outputting normal text
PR
cli: All errors, including API errors, are now written to stderr. Previously
in the default table format, API errors would be written to stdout.
PR
cli: Error return codes have been standardized across CLI commands. An error
code of 1 indicates an error generated from the actual controller API; an
error code of 2 is an error encountered due to the CLI command's logic; and
an error code of 3 indicates an error that was caused due to user input to
the command. (There is some nuance sometimes whether an error is really due to
user input or not, but we attempt to be consistent.)
PR

New and Improved

list filtering: Listing now supports filtering results before being returned
to the user. The filtering takes place server side and uses boolean
expressions against the JSON representation of returned items. See the
documentation
for more details. (PR 1)
(PR 2)
(PR 3)
server: Officially support reloading TLS parameters on SIGHUP. (This likely
worked before but wasn't fully tested.)
(PR)
server: On SIGHUP, worker
tags will be
re-parsed and new values used
(PR)
server: In addition to the existing tls_min_version listener configuration
value, tls_max_version is now supported. This should generally be left blank
but can be useful for situations where e.g. a load balancer has broken TLS 1.3
support, or does not support TLS 1.3 and flags it as a disallowed value.