Skip to content

v0.5.0
Compare
Choose a tag to compare
@hc-github-team-wg-packagespec hc-github-team-wg-packagespec released this 05 Aug 18:48
v0.5.0
477b541
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

0.5.0 (2021/08/02)

Deprecations/Changes

  • With respect to Target resources, two naming changes are taking place. Note
    that these are not affecting the resources themselves, only the fields on
    Target resources that map them to targets:
    • Credential Libraries: In Target definitions, the field referring to
      attached credential libraries is being renamed to the more abstract
      credential sources. In the future Boundary will gain the ability to
      internally store static credentials that are not generated or fetched
      dynamically, and the sources terminology better reflects that the IDs
      provided are a source of credentials, whether via dynamic generation or via
      the credentials themselves. This will allow a paradigm similar to
      principals with roles, where the principal IDs can be a users, groups, and
      managed groups, rather than having them split out, and should result in an
      easier user experience once those features roll out compared to having
      separate flags and fields. In this 0.5 release the Boundary CLI has gained
      parallel application-credential-source flags to the existing
      application-credential-library flags, as well as boundary targets add/remove/set-credential-sources commands that parallel boundary targets add/remove/set-credential-libraries commands. This parallelism extends to
      the API actions and the grants system. In 0.6, the library versions of
      these commands, flags, and actions will be removed.
    • Host Sets: Similarly, in Target definitions, the field referring to
      attached host sets is being renamed to the more abstract host sources. In
      the future Boundary will allow attaching some host types directly, and
      possibly other mechanisms for gathering hosts for targets, so the sources
      terminology better reflects that the IDs provided are a source of hosts,
      whether via sets or via the hosts themselves. Like with credential sources,
      in this 0.5 release the Boundary CLI and API have gained parallel API
      actions and fields, and the set versions of these will be removed in 0.6.

New and Improved

  • OIDC Accounts: When performing a read on an oidc type account, the
    original token and userinfo claims are provided in the output. This can make
    it significantly easier to write filters to create managed
    groups    .
    (PR)

  • Controllers will now mark connections as closed in the database if the worker
    has not reported its status; this can be seen as the controller counterpart to
    the worker-side session cleanup functionality released in 0.4.0. As with the
    worker, the timeout for this behavior is 15s.

  • Workers will shut down connections gracefully upon shutdown of the worker,
    both closing the connection and sending a request to mark the connection as
    closed in the database.

  • Pressing CTRL-C (or sending a SIGINT) when Boundary is already shutting
    down due to a CTRL-C or interrupt will now cause Boundary to immediately shut
    down non-gracefully. This may leave various parts of the Boundary deployment
    (namely sessions or connections) in an inconsistent state.

  • Events: Boundary has moved from writing hclog entries to emitting events.
    There are four types of Boundary events: error, system, observation and
    audit. All events are emitted as
    cloudevents and we
    support both a cloudevents-json format and custom Boundary
    cloudevents-text format.

    Notes:

    • There are still a few lingering hclog bits within Boundary. If you wish to
      only output json from Boundary logging/events then you should specify both
      "-log-format json" and "-event-format cloudevents-json" when starting
      Boundary.
    • Filtering events: hclog log levels have been replaced by optional sets
      of allow and deny event
      filters which are
      specified via configuration, or in the case of "boundary dev" there are new
      new cmd flags.
    • Observation events are MVP and contain a minimal set of observations about a
      request. Observations are aggregated for each request, so only one
      observation event will be emitted per request. We anticipate that a rich set
      of aggregate data about each request will be developed over time.
    • Audit events are a WIP and will only be emitted if they are both enabled
      and the env var BOUNDARY_DEVELOPER_ENABLE_EVENTS equals true. We
      anticipate many changes for audit events before they are generally available
      including what data is included and different options for
      redacting/encrypting that data.

    PRs:
    hclog json,text formats,
    log adapters,
    unneeded log deps,
    update eventlogger,
    convert from hclog to events,
    event filtering,
    cloudevents node,
    system events,
    convert errors to events,
    integrate events into servers,
    event pkg name,
    events using ctx,
    add eventer,
    and base event types

Bug Fixes

  • config: Fix error when populating all kms purposes in separate blocks (as
    well as the error message)
    (issue,
    PR)
  • server: Fix panic on worker startup failure when the server was not also
    configured as a controller
    (PR)

New and Improved

  • docker: Add support for muti-arch docker images (amd64/arm64) via Docker buildx
Assets 2
Loading