backport of commit 0b0389f

hashicorp · Oct 22, 2024 · 713ad8f · 713ad8f
1 parent a862dc1
commit 713ad8f
Show file tree

Hide file tree

Showing 198 changed files with 1,174 additions and 7,817 deletions.
diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -14,26 +14,8 @@ jobs:
   backport:
     if: github.event.pull_request.merged
     runs-on: ${{ fromJSON(vars.RUNNER) }}
-    container: hashicorpdev/backport-assistant:0.5.1
+    container: hashicorpdev/backport-assistant:0.2.3
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-        with:
-          fetch-depth: 0 # Fetch all branches and tags
-      - name: Check if any migrations have changed
-        run: |
-          if git diff --exit-code --name-only "origin/${{ github.event.pull_request.base.ref }}"...HEAD -- internal/db/schema/migrations; then
-            echo "No migrations have changed, continuing with backport"
-          else
-            # Post comment on PR.
-            echo "Posting new backport-failure GitHub comment under PR #${{ github.event.pull_request.number }}"
-            curl -sX POST \
-              -H "Accept: application/vnd.github+json" \
-              -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \
-              -d '{"body": "Backport Assistant: you attempted to automatically backport changes in this PR, but because it contained changes to migration files, this was rejected. Please carefully manually backport the changes."}' \
-              "$GITHUB_API_URL/repos/$GITHUB_REPOSITORY/issues/${{ github.event.pull_request.number }}/comments"
-            echo "Migrations have changed, refusing to backport. Please carefully manually backport the changes."
-            exit 1
-          fi
       - name: Backport changes to stable-website
         run: |
           backport-assistant backport -automerge

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -108,7 +108,7 @@ jobs:
           repository: boundary
           version: ${{ needs.set-product-version.outputs.product-version }}
           product: ${{ env.PKG_NAME }}
-      - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+      - uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: metadata.json
           path: ${{ steps.generate-metadata-file.outputs.filepath }}
@@ -279,12 +279,12 @@ jobs:
           echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV"
           echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV"
       - name: Upload RPM package
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: ${{ env.RPM_PACKAGE }}
           path: out/${{ env.RPM_PACKAGE }}
       - name: Upload DEB package
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: ${{ env.DEB_PACKAGE }}
           path: out/${{ env.DEB_PACKAGE }}

diff --git a/.github/workflows/enos-run.yml b/.github/workflows/enos-run.yml
@@ -119,7 +119,7 @@ jobs:
           key: ${{ needs.setup.outputs.go-cache-key }}
           restore-keys: |
             ${{ runner.os }}-go
-          fail-on-cache-miss: false
+          fail-on-cache-miss: true
       - name: Set up Terraform
         uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36    # TSCCR: loading action configs: failed to query HEAD reference: failed to get advertised references: authorization failed
         with:
@@ -218,7 +218,7 @@ jobs:
         run: |
           mv ${{ steps.download-docker.outputs.download-path }}/*.tar enos/support/boundary_docker_image.tar
       - name: Set up Node.js
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
         if: contains(matrix.filter, 'e2e_ui')
         with:
           node-version: '16.x'
@@ -266,7 +266,7 @@ jobs:
           SCENARIO=$(echo "${{ matrix.filter }}" | cut -d' ' -f1)
           echo fragment="${SCENARIO}" >> "$GITHUB_OUTPUT"
       - name: Upload e2e tests output
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: test-${{ steps.split.outputs.fragment }}
           path: enos/*.log
@@ -279,7 +279,7 @@ jobs:
           docker logs database
       - name: Upload e2e UI tests debug info
         if: contains(matrix.filter, 'e2e_ui') && steps.run.outcome == 'failure'
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: test-e2e-ui-debug
           path: enos/support/src/boundary-ui/ui/admin/tests/e2e/artifacts/test-failures
@@ -292,7 +292,7 @@ jobs:
           enos scenario launch --timeout 60m0s --chdir ./enos ${{ matrix.filter }}
       - name: Upload Debug Data
         if: ${{ always() && steps.run_retry.outcome == 'failure' }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           # The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals.
           name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }}
@@ -327,7 +327,7 @@ jobs:
           env
           find ./enos -name "scenario.tf" -exec cat {} \;
       - name: Send Slack message if Run and Retry fails (or if something else went wrong)
-        uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
         # steps.run.outcome reports as failure when there is an error in `Run Enos scenario`
         # failure() captures errors before `Run Enos scenario`
         # failure() does not capture errors in `Run Enos scenario` due to continue-on-error
@@ -341,7 +341,7 @@ jobs:
         env:
           SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_TOKEN }}
       - name: Send Slack message if Run but Retry passes
-        uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
         if: ${{ steps.run.outcome == 'failure' && steps.run_retry.outcome != 'failure' }}
         with:
           channel-id: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_CHANNEL_ID }}

diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml
@@ -49,7 +49,7 @@ jobs:
         run: go test ./internal/perms -fuzz=FuzzParse -fuzztime=30s
       - name: Upload fuzz failure seed corpus as run artifact
         if: failure()
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
         with:
           name: fuzz-corpus
           path: ./internal/perms/testdata/fuzz

diff --git a/.github/workflows/jira.yml b/.github/workflows/jira.yml
@@ -22,7 +22,7 @@ jobs:
       id: boundary-team-role
       run: |
         TEAM=boundary
-        ROLE="$(gh api orgs/hashicorp/teams/${TEAM}/memberships/${{ github.actor }} | jq -r '.role | select(.!=null)')"
+        ROLE="$(hub api orgs/hashicorp/teams/${TEAM}/memberships/${{ github.actor }} | jq -r '.role | select(.!=null)')"
         if [[ -n ${ROLE} ]]; then
           echo "Actor ${{ github.actor }} is a ${TEAM} team member, skipping ticket creation"
         else

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
@@ -34,7 +34,7 @@ jobs:
         cache: false
 
     - name: Set up Python
-      uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
+      uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
       with:
         python-version: 3.x
 
@@ -79,7 +79,7 @@ jobs:
         repository: "$PWD"
 
     - name: Upload SARIF file
-      uses: github/codeql-action/upload-sarif@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0
+      uses: github/codeql-action/upload-sarif@5c02493ebfd65b28fd3b082c65e5af2cd745d91f # codeql-bundle-v2.18.2
       with:
         sarif_file: results.sarif
 
diff --git a/.github/workflows/test-cli-ui_oss.yml b/.github/workflows/test-cli-ui_oss.yml
@@ -36,7 +36,7 @@ jobs:
           path: /tmp/bats-cli-ui-deps
           key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4-vault-1.12.2
       - name: Set up Node for Bats install
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
         with:
           node-version: 16
       - name: Install Bats via NPM
@@ -112,7 +112,7 @@ jobs:
           make -C internal/tests/cli test-vault-down
       - name: Send Slack message
         if: ${{ failure() }}
-        uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
+        uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
         with:
           channel-id: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_CHANNEL_ID }}
           payload: |

diff --git a/.github/workflows/test-race.yml b/.github/workflows/test-race.yml
@@ -109,7 +109,7 @@ jobs:
           key: ${{ needs.setup.outputs.go-cache-key }}
           restore-keys: |
             ${{ runner.os }}-go
-          fail-on-cache-miss: false
+          fail-on-cache-miss: true
       - name: Test ${{ matrix.module }} Module
         run: |
           make test-${{ matrix.module }}
@@ -141,7 +141,7 @@ jobs:
           key: ${{ needs.setup.outputs.go-cache-key }}
           restore-keys: |
             ${{ runner.os }}-go
-          fail-on-cache-miss: false
+          fail-on-cache-miss: true
       - name: Set up plugin cache
         id: plugin-cache
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -109,7 +109,7 @@ jobs:
           key: ${{ needs.setup.outputs.go-cache-key }}
           restore-keys: |
             ${{ runner.os }}-go
-          fail-on-cache-miss: false
+          fail-on-cache-miss: true
       - name: Test ${{ matrix.module }} Module
         run: |
           make test-${{ matrix.module }}
@@ -141,7 +141,7 @@ jobs:
           key: ${{ needs.setup.outputs.go-cache-key }}
           restore-keys: |
             ${{ runner.os }}-go
-          fail-on-cache-miss: false
+          fail-on-cache-miss: true
       - name: Set up plugin cache
         id: plugin-cache
         uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2

diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.23.1
+1.22.5
diff --git a/.release/linux/package/etc/boundary.d/worker.hcl b/.release/linux/package/etc/boundary.d/worker.hcl
@@ -13,7 +13,7 @@
 #   description = "A default worker created demonstration"
 
 #   # Workers must be able to reach controllers on :9201
-#   initial_upstreams = [
+#   controllers = [
 #     "10.0.0.1",
 #     "10.0.0.2",
 #     "10.0.0.3",

diff --git a/.semgrep/event-with-info-msg.yaml b/.semgrep/event-with-info-msg.yaml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,80 +4,9 @@ Canonical reference for changes, improvements, and bugfixes for Boundary.
 
 ## Next
 
-* Introduces soft-delete for users within the client cache.
-  ([PR](https://github.com/hashicorp/boundary/pull/5173)).
-
-## 0.18.0 (2024/10/01)
-### New and Improved
-
-* Add support for dynamic host catalog plugins running in Boundary workers:
-  Boundary plugins that handle dynamic host catalog operations (such as the
-  [AWS](https://github.com/hashicorp/boundary-plugin-aws/tree/main/plugin/service/host)
-  and [Azure](https://github.com/hashicorp/boundary-plugin-azure) plugins) can
-  now run on workers. ([PR](https://github.com/hashicorp/boundary/pull/5137))
-
-* Dynamic host catalogs worker filter support (Enterprise and HCP Boundary
-  only): Operators can now set a worker filter when creating a dynamic host
-  catalog. When set, all of the plugin requests will be sent to the matching
-  worker for processing. ([PR](https://github.com/hashicorp/boundary/pull/5137))
-
-* AWS dynamic host catalogs `AssumeRole` authentication support: Operators can
-  now set-up AWS dynamic host catalogs using Amazon's `AssumeRole`
-  authentication paradigm by providing a valid Role ARN when creating the host
-  catalog. ([PR](https://github.com/hashicorp/boundary/pull/5137) and
-  [PR](https://github.com/hashicorp/boundary-plugin-aws/pull/49))
-
-* Improved MinIO storage plugin compatibility with other services by dropping
-  the checksum headers in `PutObject`.
-  ([PR](https://github.com/hashicorp/boundary-plugin-minio/pull/23))
-
-* ui: Add UI support for searching and pagination of aliases.
-  ([PR](https://github.com/hashicorp/boundary-ui/pull/2498))
-
-* ui: Add UI support for filtering and pagination of session recordings.
-  ([PR](https://github.com/hashicorp/boundary-ui/pull/2502))
-
-* ui: Improve multi-scope grants select/deselect process.
-  ([PR](https://github.com/hashicorp/boundary-ui/pull/2435))
-
-### Bug Fixes
-
-* Prevented a data-race in Boundary's event logging system.
-  ([PR](https://github.com/hashicorp/boundary/pull/5139))
-
-* Update Storage Bucket type icon in Target view.
-  ([PR](https://github.com/hashicorp/boundary-ui/pull/2503))
-
-* Allow user to retry with authentication is pending with OIDC.
-  ([PR](https://github.com/hashicorp/boundary-ui/pull/2512))
-
-### Deprecations/Changes
-
-* Remove deprecated `controllers` field from the worker config, which was deprecated in 0.9.0 for
-`initial_upstreams`([PR](https://github.com/hashicorp/boundary/pull/5125))
-
 ## 0.17.2 (2024/09/25)
 
-### New and Improved
-
-* Improve performance of grants query by reducing the number of rows that need
-  to be returned. ([PR](https://github.com/hashicorp/boundary/pull/5126))
-* Add several indexes to database tables to improve performance of cascading
-  deletes/updates to session tables.
-  ([PR](https://github.com/hashicorp/boundary/pull/5126))
-* Reorder indexes on several join tables to improve performance of grants query.
-  ([PR](https://github.com/hashicorp/boundary/pull/5126))
-* Make client cache sqlite database persistent between restarts of the client
-  cache daemon. ([PR](https://github.com/hashicorp/boundary/pull/5126))
-* Improve client cache performance by adding indexes, limiting results,
-  and insuring only one refresh is running at a time for a given user and
-  resource. ([PR](https://github.com/hashicorp/boundary/pull/5126))
-* Add pagination support to client API and use pagination when caching
-  resources in client cache.
-  ([PR](https://github.com/hashicorp/boundary/pull/5101) and
-  ([PR](https://github.com/hashicorp/boundary/pull/5107)
-
-### Bug Fixes
+### Changes
 
 * The Go API properly uses the passed in value for `WithRecursive` and
   `WithSkipCurlOutput` instead of always setting to true regardless of the
@@ -152,9 +81,6 @@ object store. There are two SBC types, managed secret and environmental.
   ([PR](https://github.com/hashicorp/boundary-ui/pull/2388))
 * ui: Add API tags support for workers and improve worker filtering for targets
   ([PR](https://github.com/hashicorp/boundary-ui/pull/2393))
-* Updated grpc to 1.61.1([PR](https://github.com/hashicorp/boundary/pull/4983))
-
-### Bug Fixes
 
 ## 0.16.2 (2024/06/10)
 

diff --git a/Makefile b/Makefile
@@ -37,7 +37,7 @@ golangci-lint:
 
 	if [ "$(GOLINT_INSTALLED)" = "" ]; then \
 		curl -sSfL \
-			https://raw.githubusercontent.com/golangci/golangci-lint/9a8a056e9fe49c0e9ed2287aedce1022c79a115b/install.sh | sh -s -- -b $(GO_PATH)/bin v1.60.3; \
+			https://raw.githubusercontent.com/golangci/golangci-lint/9a8a056e9fe49c0e9ed2287aedce1022c79a115b/install.sh | sh -s -- -b $(GO_PATH)/bin v1.55.2; \
 	fi;
 
 .PHONY: cleangen

diff --git a/api/client_test.go b/api/client_test.go
@@ -23,17 +23,11 @@ func TestConfigSetAddress(t *testing.T) {
 
 	tests := []test{
 		{
-			"ipv4",
+			"bare",
 			"http://127.0.0.1:9200",
 			"http://127.0.0.1:9200",
 			"",
 		},
-		{
-			"ipv6",
-			"http://[::1]:9200",
-			"http://[::1]:9200",
-			"",
-		},
 		{
 			"bare with version",
 			"http://127.0.0.1:9200/v1",

diff --git a/api/go.mod b/api/go.mod
@@ -1,6 +1,8 @@
 module github.com/hashicorp/boundary/api
 
-go 1.23.1
+go 1.21
+
+toolchain go1.21.5
 
 require (
 	github.com/hashicorp/boundary/sdk v0.0.48

diff --git a/api/hostcatalogs/host_catalog.gen.go b/api/hostcatalogs/host_catalog.gen.go
diff --git a/api/hostcatalogs/option.gen.go b/api/hostcatalogs/option.gen.go
diff --git a/api/proxy/proxy_test.go b/api/proxy/proxy_test.go
@@ -169,9 +169,6 @@ func testSessionAuth(t *testing.T) *targets.SessionAuthorizationData {
 			{
 				Address: "localhost:9202",
 			},
-			{
-				Address: "[::1]:9201",
-			},
 		},
 	}