diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 6c4b0ee2d5..c09d688986 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -405,7 +405,6 @@ jobs: artifact-name: "boundary_${{ needs.set-product-version.outputs.product-version }}_linux_amd64.zip" go-version: ${{ needs.product-metadata.outputs.go-version }} edition: ${{ needs.product-metadata.outputs.product-edition }} - docker-image-name: ${{ needs.build-docker.outputs.name }} docker-image-file: "boundary_default_linux_amd64_${{ needs.set-product-version.outputs.product-version }}_${{ github.sha }}.docker.dev.tar" secrets: inherit bats: diff --git a/.github/workflows/enos-run.yml b/.github/workflows/enos-run.yml index b245383a76..c8f6f3538c 100644 --- a/.github/workflows/enos-run.yml +++ b/.github/workflows/enos-run.yml @@ -15,9 +15,6 @@ on: go-version: required: true type: string - docker-image-name: - required: false - type: string docker-image-file: required: false type: string @@ -96,7 +93,6 @@ jobs: ENOS_VAR_crt_bundle_path: ./support/boundary.zip ENOS_VAR_test_email: ${{ secrets.SERVICE_USER_EMAIL }} ENOS_VAR_boundary_edition: ${{ inputs.edition }} - ENOS_VAR_boundary_docker_image_name: ${{ inputs.docker-image-name }} ENOS_VAR_boundary_docker_image_file: ./support/boundary_docker_image.tar ENOS_VAR_go_version: ${{ inputs.go-version }} ENOS_VAR_gcp_project_id: ${{ secrets.GCP_PROJECT_ID_CI }} diff --git a/CHANGELOG.md b/CHANGELOG.md index 3725001495..ed96d31f9f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,14 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. +## Next + +## 0.20.1 (2025/11/03) + +### New and Improved + +* Added a complete IBM Key Protect wrapper implementation with configuration options and KMS client integration ([PR](https://github.com/hashicorp/go-kms-wrapping/pull/292)) + ## 0.20.0 (2025/09/25) ### New and Improved @@ -17,8 +25,8 @@ Canonical reference for changes, improvements, and bugfixes for Boundary. * Adds support to parse User-Agent headers and emit them in telemetry events ([PR](https://github.com/hashicorp/boundary/pull/5645)). * cli: Added `boundary connect cassandra` command for connecting to Cassandra targets. - This new helper command allows users to authorize sessions against Cassandra - targets and automatically invoke a Cassandra client with the appropriate + This new helper command allows users to authorize sessions against Cassandra + targets and automatically invoke a Cassandra client with the appropriate connection parameters and credentials. Currently only username/password credentials are automatically attached. * ui: Improved load times for resource tables with search and filtering capabilities by replacing indexeddb for local data storage with sqlite (WASM) and OPFS ([PR](https://github.com/hashicorp/boundary-ui/pull/2984)) diff --git a/api/proxy/option.go b/api/proxy/option.go index 3f37d89c33..936f053fb1 100644 --- a/api/proxy/option.go +++ b/api/proxy/option.go @@ -39,6 +39,7 @@ type Options struct { WithSkipSessionTeardown bool withSessionTeardownTimeout time.Duration withApiClient *api.Client + withInactivityTimeout time.Duration } // Option is a function that takes in an options struct and sets values or @@ -142,3 +143,12 @@ func WithApiClient(with *api.Client) Option { return nil } } + +// WithInactivityTimeout provides an optional duration after which a session +// with no active connections will be cancelled +func WithInactivityTimeout(with time.Duration) Option { + return func(o *Options) error { + o.withInactivityTimeout = with + return nil + } +} diff --git a/api/proxy/proxy.go b/api/proxy/proxy.go index 8aa89bac9a..99f16bb4f5 100644 --- a/api/proxy/proxy.go +++ b/api/proxy/proxy.go @@ -34,26 +34,28 @@ import ( const sessionCancelTimeout = 30 * time.Second type ClientProxy struct { - tofuToken string - cachedListenerAddress *ua.String - connectionsLeft *atomic.Int32 - connsLeftCh chan int32 - callerConnectionsLeftCh chan int32 - apiClient *api.Client - sessionAuthzData *targets.SessionAuthorizationData - createTime time.Time - expiration time.Time - ctx context.Context - cancel context.CancelFunc - transport *http.Transport - workerAddr string - listenAddrPort netip.AddrPort - listener *atomic.Value - listenerCloseOnce *sync.Once - clientTlsConf *tls.Config - connWg *sync.WaitGroup - started *atomic.Bool - skipSessionTeardown bool + tofuToken string + cachedListenerAddress *ua.String + connectionsLeft *atomic.Int32 + activeConns *atomic.Int32 + connsLeftCh chan int32 + callerConnsLeftCh chan int32 + apiClient *api.Client + sessionAuthzData *targets.SessionAuthorizationData + createTime time.Time + expiration time.Time + ctx context.Context + cancel context.CancelFunc + transport *http.Transport + workerAddr string + listenAddrPort netip.AddrPort + listener *atomic.Value + listenerCloseOnce *sync.Once + clientTlsConf *tls.Config + connWg *sync.WaitGroup + started *atomic.Bool + skipSessionTeardown bool + closeReason *atomic.Value } // New creates a new client proxy. The given context should be cancelable; once @@ -90,17 +92,19 @@ func New(ctx context.Context, authzToken string, opt ...Option) (*ClientProxy, e } p := &ClientProxy{ - cachedListenerAddress: ua.NewString(""), - connsLeftCh: make(chan int32), - connectionsLeft: new(atomic.Int32), - listener: new(atomic.Value), - listenerCloseOnce: new(sync.Once), - connWg: new(sync.WaitGroup), - listenAddrPort: opts.WithListenAddrPort, - callerConnectionsLeftCh: opts.WithConnectionsLeftCh, - started: new(atomic.Bool), - skipSessionTeardown: opts.WithSkipSessionTeardown, - apiClient: opts.withApiClient, + cachedListenerAddress: ua.NewString(""), + connsLeftCh: make(chan int32), + connectionsLeft: new(atomic.Int32), + activeConns: new(atomic.Int32), + listener: new(atomic.Value), + listenerCloseOnce: new(sync.Once), + connWg: new(sync.WaitGroup), + listenAddrPort: opts.WithListenAddrPort, + callerConnsLeftCh: opts.WithConnectionsLeftCh, + started: new(atomic.Bool), + skipSessionTeardown: opts.WithSkipSessionTeardown, + apiClient: opts.withApiClient, + closeReason: new(atomic.Value), } if opts.WithListener != nil { @@ -142,7 +146,7 @@ func New(ctx context.Context, authzToken string, opt ...Option) (*ClientProxy, e // We don't _rely_ on client-side timeout verification but this prevents us // seeming to be ready for a connection that will immediately fail when we // try to actually make it - p.ctx, p.cancel = context.WithDeadline(ctx, p.expiration) + p.ctx, p.cancel = context.WithDeadlineCause(ctx, p.expiration, fmt.Errorf("Session has expired")) transport := cleanhttp.DefaultTransport() transport.DisableKeepAlives = false @@ -212,6 +216,17 @@ func (p *ClientProxy) Start(opt ...Option) (retErr error) { // Ensure closing the listener runs on any other return condition defer listenerCloseFunc() + // automatically close the proxy when inactive + proxyAutoClose := time.AfterFunc(10*time.Minute, func() { + p.cancel() + p.setCloseReason("Inactivity timeout reached") + }) + + activeConnCh := make(chan int32) + activeConnFn := func(d int32) { + activeConnCh <- p.activeConns.Add(d) + } + fin := make(chan error, 10) p.connWg.Add(1) go func() { @@ -243,8 +258,10 @@ func (p *ClientProxy) Start(opt ...Option) (retErr error) { return } } + activeConnFn(1) p.connWg.Add(1) go func() { + defer activeConnFn(-1) defer listeningConn.Close() defer p.connWg.Done() wsConn, err := p.getWsConn(p.ctx) @@ -305,27 +322,40 @@ func (p *ClientProxy) Start(opt ...Option) (retErr error) { }() defer p.connWg.Done() defer listenerCloseFunc() - for { select { case <-p.ctx.Done(): + if err := context.Cause(p.ctx); !errors.Is(err, context.Canceled) { + p.setCloseReason(err.Error()) + } return case connsLeft := <-p.connsLeftCh: p.connectionsLeft.Store(connsLeft) - if p.callerConnectionsLeftCh != nil { - p.callerConnectionsLeftCh <- connsLeft + if p.callerConnsLeftCh != nil { + p.callerConnsLeftCh <- connsLeft } if connsLeft == 0 { // Close the listener as we can't authorize any more // connections + p.setCloseReason("No connections left in session") return } + case activeConns := <-activeConnCh: + switch { + case activeConns > 0: + // always stop the timer when a new connection is made, + // even if timeout opt is 0 + proxyAutoClose.Stop() + case opts.withInactivityTimeout <= 0: + // no timeout was set, timer should not be reset for inactivity + case activeConns == 0: + proxyAutoClose.Reset(opts.withInactivityTimeout) + } } } }() p.connWg.Wait() - defer p.cancel() { // the go funcs are done, so we can safely close the chan and range over any errors @@ -367,6 +397,25 @@ func (p *ClientProxy) CloseSession(sessionTeardownTimeout time.Duration) error { return nil } +// CloseReason returns the reason why the proxy was closed, if the proxy closed +// itself. If the proxy is still running or the proxy was closed externally, an +// empty string is returned. +func (p *ClientProxy) CloseReason() string { + switch r := p.closeReason.Load().(type) { + case string: + return r + default: + return "" + } +} + +// setCloseReason updates the reason the proxy closed from an empty string to the +// provided string. setCloseReason only accepts the first provided reason for +// closing, all other calls are ignored. +func (p *ClientProxy) setCloseReason(reason string) { + p.closeReason.CompareAndSwap(nil, reason) +} + // ListenerAddress returns the address of the client proxy listener. Because the // listener is started with Start(), this could be called before listening // occurs. To avoid returning until we have a valid value, pass a context; diff --git a/enos/README.md b/enos/README.md index 7511d97695..9ecc555977 100644 --- a/enos/README.md +++ b/enos/README.md @@ -66,6 +66,8 @@ following lines 127.0.0.1 localhost worker 127.0.0.1 localhost vault ``` +### AWS Credentials +Copy the AWS Account credentials from doormat and set it in the terminal, where the enos commands are run. ## Executing Scenarios From the `enos` directory: diff --git a/enos/enos-scenario-e2e-docker-base-plus.hcl b/enos/enos-scenario-e2e-docker-base-plus.hcl index 26413d646a..2974fef247 100644 --- a/enos/enos-scenario-e2e-docker-base-plus.hcl +++ b/enos/enos-scenario-e2e-docker-base-plus.hcl @@ -81,7 +81,7 @@ scenario "e2e_docker_base_plus" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster] database_network = local.network_cluster postgres_address = step.create_boundary_database.address diff --git a/enos/enos-scenario-e2e-docker-base-with-gcp.hcl b/enos/enos-scenario-e2e-docker-base-with-gcp.hcl index 106f8590b3..a24e25cda0 100644 --- a/enos/enos-scenario-e2e-docker-base-with-gcp.hcl +++ b/enos/enos-scenario-e2e-docker-base-with-gcp.hcl @@ -82,7 +82,7 @@ scenario "e2e_docker_base_with_gcp" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster] database_network = local.network_cluster postgres_address = step.create_boundary_database.address diff --git a/enos/enos-scenario-e2e-docker-base-with-vault.hcl b/enos/enos-scenario-e2e-docker-base-with-vault.hcl index 4e19859f42..6b8cd1c306 100644 --- a/enos/enos-scenario-e2e-docker-base-with-vault.hcl +++ b/enos/enos-scenario-e2e-docker-base-with-vault.hcl @@ -83,7 +83,7 @@ scenario "e2e_docker_base_with_vault" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster] database_network = local.network_cluster postgres_address = step.create_boundary_database.address diff --git a/enos/enos-scenario-e2e-docker-base-with-worker.hcl b/enos/enos-scenario-e2e-docker-base-with-worker.hcl index 0fda20cf29..ad398c821b 100644 --- a/enos/enos-scenario-e2e-docker-base-with-worker.hcl +++ b/enos/enos-scenario-e2e-docker-base-with-worker.hcl @@ -99,7 +99,7 @@ scenario "e2e_docker_base_with_worker" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster, local.network_database] database_network = local.network_database postgres_address = step.create_boundary_database.address @@ -143,7 +143,7 @@ scenario "e2e_docker_base_with_worker" { step.create_boundary ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name boundary_license = var.boundary_edition != "oss" ? step.read_license.license : "" config_file = "worker-config.hcl" container_name = "worker" diff --git a/enos/enos-scenario-e2e-docker-base.hcl b/enos/enos-scenario-e2e-docker-base.hcl index e4ae9cdeb6..a57b865411 100644 --- a/enos/enos-scenario-e2e-docker-base.hcl +++ b/enos/enos-scenario-e2e-docker-base.hcl @@ -81,7 +81,7 @@ scenario "e2e_docker_base" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster] database_network = local.network_cluster postgres_address = step.create_boundary_database.address diff --git a/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl b/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl index 15dc01b90a..451c4a0eec 100644 --- a/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl +++ b/enos/enos-scenario-e2e-docker-worker-registration-controller-led.hcl @@ -99,7 +99,7 @@ scenario "e2e_docker_worker_registration_controller_led" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster, local.network_database] database_network = local.network_database postgres_address = step.create_boundary_database.address @@ -113,7 +113,7 @@ scenario "e2e_docker_worker_registration_controller_led" { depends_on = [step.create_boundary] variables { address = step.create_boundary.address - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = local.network_cluster login_name = step.create_boundary.login_name password = step.create_boundary.password @@ -157,7 +157,7 @@ scenario "e2e_docker_worker_registration_controller_led" { step.create_boundary ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name boundary_license = var.boundary_edition != "oss" ? step.read_license.license : "" config_file = "worker-config-controller-led.hcl" container_name = "worker" diff --git a/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl b/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl index 93651ecbd4..208a0850f4 100644 --- a/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl +++ b/enos/enos-scenario-e2e-docker-worker-registration-worker-led.hcl @@ -99,7 +99,7 @@ scenario "e2e_docker_worker_registration_worker_led" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster, local.network_database] database_network = local.network_database postgres_address = step.create_boundary_database.address @@ -144,7 +144,7 @@ scenario "e2e_docker_worker_registration_worker_led" { step.create_boundary ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name boundary_license = var.boundary_edition != "oss" ? step.read_license.license : "" config_file = "worker-config-worker-led.hcl" container_name = "worker" @@ -165,7 +165,7 @@ scenario "e2e_docker_worker_registration_worker_led" { ] variables { address = step.create_boundary.address - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = local.network_cluster login_name = step.create_boundary.login_name password = step.create_boundary.password diff --git a/enos/enos-scenario-e2e-ui-docker.hcl b/enos/enos-scenario-e2e-ui-docker.hcl index 7128afe10a..7acc96c9fd 100644 --- a/enos/enos-scenario-e2e-ui-docker.hcl +++ b/enos/enos-scenario-e2e-ui-docker.hcl @@ -81,7 +81,7 @@ scenario "e2e_ui_docker" { step.build_boundary_docker_image ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name network_name = [local.network_cluster] database_network = local.network_cluster postgres_address = step.create_boundary_database.address @@ -124,7 +124,7 @@ scenario "e2e_ui_docker" { step.create_boundary ] variables { - image_name = matrix.builder == "crt" ? var.boundary_docker_image_name : step.build_boundary_docker_image.image_name + image_name = step.build_boundary_docker_image.image_name boundary_license = var.boundary_edition != "oss" ? step.read_license.license : "" config_file = "worker-config.hcl" container_name = "worker" diff --git a/enos/enos-variables.hcl b/enos/enos-variables.hcl index c8e4021557..4bcac203af 100644 --- a/enos/enos-variables.hcl +++ b/enos/enos-variables.hcl @@ -25,12 +25,6 @@ variable "enos_user" { } # Test configs -variable "boundary_docker_image_name" { - description = "Name:Tag of Docker image to use" - type = string - default = "docker.io/hashicorp/boundary:latest" -} - variable "boundary_docker_image_file" { description = "Path to Boundary Docker image" type = string diff --git a/enos/modules/aws_boundary/boundary-instances.tf b/enos/modules/aws_boundary/boundary-instances.tf index 7362884e6b..3f4bd7a204 100644 --- a/enos/modules/aws_boundary/boundary-instances.tf +++ b/enos/modules/aws_boundary/boundary-instances.tf @@ -26,6 +26,11 @@ resource "aws_instance" "controller" { encrypted = true } + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } + tags = merge(local.common_tags, { Name = "${local.name_prefix}-boundary-controller-${count.index}-${split(":", data.aws_caller_identity.current.user_id)[1]}" @@ -54,6 +59,11 @@ resource "aws_instance" "worker" { encrypted = true } + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } + tags = merge(local.common_tags, { Name = "${local.name_prefix}-boundary-worker-${count.index}-${split(":", data.aws_caller_identity.current.user_id)[1]}", diff --git a/enos/modules/aws_boundary/rds.tf b/enos/modules/aws_boundary/rds.tf index 76f5335b99..699866d366 100644 --- a/enos/modules/aws_boundary/rds.tf +++ b/enos/modules/aws_boundary/rds.tf @@ -6,14 +6,18 @@ resource "aws_db_subnet_group" "boundary" { subnet_ids = data.aws_subnets.infra.ids } +data "aws_rds_engine_version" "default" { + engine = var.db_engine +} + resource "aws_db_instance" "boundary" { count = var.db_create == true ? 1 : 0 identifier = "boundary-db-${random_string.cluster_id.result}" allocated_storage = var.db_storage storage_type = var.db_storage_type iops = var.db_storage_iops - engine = var.db_engine - engine_version = var.db_engine == "aurora-postgres" ? null : var.db_version + engine = data.aws_rds_engine_version.default.engine + engine_version = data.aws_rds_engine_version.default.version instance_class = var.db_class monitoring_interval = var.db_monitoring_interval monitoring_role_arn = var.db_monitoring_role_arn diff --git a/enos/modules/aws_boundary/variables.tf b/enos/modules/aws_boundary/variables.tf index 81ffe02676..5a55a00a6e 100644 --- a/enos/modules/aws_boundary/variables.tf +++ b/enos/modules/aws_boundary/variables.tf @@ -136,12 +136,6 @@ variable "db_class" { default = "db.t4g.small" } -variable "db_version" { - description = "AWS RDS DBS engine version (for postgres/mysql)" - type = string - default = "15.7" -} - variable "db_engine" { description = "AWS RDS DB engine type" type = string @@ -406,4 +400,4 @@ variable "vault_transit_token" { description = "vault token used for kms transit in the boundary config" type = string default = "" -} \ No newline at end of file +} diff --git a/enos/modules/aws_rdp_domain_controller/main.tf b/enos/modules/aws_rdp_domain_controller/main.tf index 931ef40087..8516313aa0 100644 --- a/enos/modules/aws_rdp_domain_controller/main.tf +++ b/enos/modules/aws_rdp_domain_controller/main.tf @@ -302,6 +302,7 @@ resource "aws_instance" "domain_controller" { metadata_options { http_endpoint = "enabled" + http_tokens = "required" instance_metadata_tags = "enabled" } get_password_data = true diff --git a/enos/modules/aws_rdp_member_server/main.tf b/enos/modules/aws_rdp_member_server/main.tf index 86b5ba6878..1b712788d8 100644 --- a/enos/modules/aws_rdp_member_server/main.tf +++ b/enos/modules/aws_rdp_member_server/main.tf @@ -234,6 +234,7 @@ ${var.domain_admin_password} metadata_options { http_endpoint = "enabled" + http_tokens = "required" instance_metadata_tags = "enabled" } get_password_data = true diff --git a/enos/modules/aws_rdp_member_server_with_worker/main.tf b/enos/modules/aws_rdp_member_server_with_worker/main.tf index ccd2ad5a32..3b91f6234b 100644 --- a/enos/modules/aws_rdp_member_server_with_worker/main.tf +++ b/enos/modules/aws_rdp_member_server_with_worker/main.tf @@ -251,6 +251,7 @@ ${var.domain_admin_password} metadata_options { http_endpoint = "enabled" + http_tokens = "required" instance_metadata_tags = "enabled" } get_password_data = true diff --git a/enos/modules/aws_target/main.tf b/enos/modules/aws_target/main.tf index 2179a550b0..e7694cf9b1 100644 --- a/enos/modules/aws_target/main.tf +++ b/enos/modules/aws_target/main.tf @@ -126,13 +126,18 @@ resource "aws_instance" "target" { "Type" : "target", "Project" : "Enos", "Project Name" : "qti-enos-boundary", - "Environment" : var.environment + "Environment" : var.environment, "Enos User" : var.enos_user, }) root_block_device { encrypted = true } + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } } resource "enos_remote_exec" "wait" { diff --git a/enos/modules/aws_vault/vault-instances.tf b/enos/modules/aws_vault/vault-instances.tf index 2fd1b092c4..8ed35ce60a 100644 --- a/enos/modules/aws_vault/vault-instances.tf +++ b/enos/modules/aws_vault/vault-instances.tf @@ -17,6 +17,11 @@ resource "aws_instance" "vault_instance" { Type = local.vault_cluster_tag }, ) + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } } resource "enos_remote_exec" "install_dependencies" { diff --git a/enos/modules/aws_windows_client/main.tf b/enos/modules/aws_windows_client/main.tf index 837a9dbc6e..b616ef88be 100644 --- a/enos/modules/aws_windows_client/main.tf +++ b/enos/modules/aws_windows_client/main.tf @@ -253,6 +253,7 @@ resource "aws_instance" "client" { metadata_options { http_endpoint = "enabled" + http_tokens = "required" instance_metadata_tags = "enabled" } get_password_data = true diff --git a/enos/modules/aws_worker/main.tf b/enos/modules/aws_worker/main.tf index a7ba4d11e1..e92061a439 100644 --- a/enos/modules/aws_worker/main.tf +++ b/enos/modules/aws_worker/main.tf @@ -161,6 +161,11 @@ resource "aws_instance" "worker" { Name = "${var.name_prefix}-boundary-worker-${split(":", data.aws_caller_identity.current.user_id)[1]}", }, ) + + metadata_options { + http_endpoint = "enabled" + http_tokens = "required" + } } resource "enos_bundle_install" "worker" { diff --git a/enos/modules/build_boundary_docker_crt/main.tf b/enos/modules/build_boundary_docker_crt/main.tf index 1f27ee6041..d8d80e3ccc 100644 --- a/enos/modules/build_boundary_docker_crt/main.tf +++ b/enos/modules/build_boundary_docker_crt/main.tf @@ -27,6 +27,21 @@ resource "enos_local_exec" "load_docker_image" { inline = ["docker load -i ${var.path}"] } +locals { + boundary_docker_image_name = replace( + element( + split("\n", trimspace(enos_local_exec.load_docker_image.stdout)), + -1 + ), + "Loaded image: ", + "" + ) +} + output "cli_zip_path" { value = var.cli_build_path } + +output "image_name" { + value = local.boundary_docker_image_name +} diff --git a/enos/modules/docker_boundary/main.tf b/enos/modules/docker_boundary/main.tf index 5cc7f3ccf8..e443412f90 100644 --- a/enos/modules/docker_boundary/main.tf +++ b/enos/modules/docker_boundary/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } tls = { diff --git a/enos/modules/docker_ldap/main.tf b/enos/modules/docker_ldap/main.tf index 6b860f9ed5..4f11cdba79 100644 --- a/enos/modules/docker_ldap/main.tf +++ b/enos/modules/docker_ldap/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } enos = { diff --git a/enos/modules/docker_minio/main.tf b/enos/modules/docker_minio/main.tf index 2d76c39502..4abf07fac0 100644 --- a/enos/modules/docker_minio/main.tf +++ b/enos/modules/docker_minio/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } enos = { diff --git a/enos/modules/docker_network/main.tf b/enos/modules/docker_network/main.tf index 18901a8e51..2ebefad70e 100644 --- a/enos/modules/docker_network/main.tf +++ b/enos/modules/docker_network/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } } } diff --git a/enos/modules/docker_openssh_server/main.tf b/enos/modules/docker_openssh_server/main.tf index 2fb4b70efe..833e030f85 100644 --- a/enos/modules/docker_openssh_server/main.tf +++ b/enos/modules/docker_openssh_server/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } tls = { diff --git a/enos/modules/docker_openssh_server_ca_key/main.tf b/enos/modules/docker_openssh_server_ca_key/main.tf index cf1441aefe..7a63e0cd54 100644 --- a/enos/modules/docker_openssh_server_ca_key/main.tf +++ b/enos/modules/docker_openssh_server_ca_key/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } tls = { diff --git a/enos/modules/docker_postgres/main.tf b/enos/modules/docker_postgres/main.tf index 2a4df84b37..b5b1988529 100644 --- a/enos/modules/docker_postgres/main.tf +++ b/enos/modules/docker_postgres/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } enos = { diff --git a/enos/modules/docker_vault/main.tf b/enos/modules/docker_vault/main.tf index 1103325de8..3b03a5d2a5 100644 --- a/enos/modules/docker_vault/main.tf +++ b/enos/modules/docker_vault/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } tls = { diff --git a/enos/modules/docker_worker/main.tf b/enos/modules/docker_worker/main.tf index 6ce3172084..2fb2a55312 100644 --- a/enos/modules/docker_worker/main.tf +++ b/enos/modules/docker_worker/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } tls = { @@ -72,7 +72,7 @@ resource "docker_image" "boundary" { } locals { - recording_storage_path = "/recordings" + recording_storage_path = "/boundary/recordings" port_ops = var.port + 1 } @@ -96,13 +96,9 @@ resource "docker_container" "worker" { capabilities { add = ["IPC_LOCK"] } - mounts { - type = "tmpfs" - target = local.recording_storage_path - } - mounts { - type = "tmpfs" - target = "/boundary/logs" + tmpfs = { + (local.recording_storage_path) = "mode=1777" + "/boundary/logs" = "mode=1777" } upload { content = templatefile("${abspath(path.module)}/${var.config_file}", { diff --git a/enos/modules/test_e2e_docker/main.tf b/enos/modules/test_e2e_docker/main.tf index 180f5f5fca..772f225214 100644 --- a/enos/modules/test_e2e_docker/main.tf +++ b/enos/modules/test_e2e_docker/main.tf @@ -5,7 +5,7 @@ terraform { required_providers { docker = { source = "kreuzwerker/docker" - version = "3.0.1" + version = "3.6.2" } enos = { diff --git a/go.mod b/go.mod index 2bda5ef12b..e494efd877 100644 --- a/go.mod +++ b/go.mod @@ -99,7 +99,7 @@ require ( google.golang.org/genproto/googleapis/api v0.0.0-20250818200422-3122310a409c google.golang.org/grpc v1.75.0 google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 - google.golang.org/protobuf v1.36.8 + google.golang.org/protobuf v1.36.10 gopkg.in/natefinch/lumberjack.v2 v2.2.1 gorm.io/driver/postgres v1.6.0 mvdan.cc/gofumpt v0.9.0 diff --git a/go.sum b/go.sum index 6bf85e89d3..a1541df078 100644 --- a/go.sum +++ b/go.sum @@ -724,8 +724,8 @@ google.golang.org/grpc v1.75.0 h1:+TW+dqTd2Biwe6KKfhE5JpiYIBWq865PhKGSXiivqt4= google.golang.org/grpc v1.75.0/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 h1:F29+wU6Ee6qgu9TddPgooOdaqsxTMunOoj8KA5yuS5A= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1/go.mod h1:5KF+wpkbTSbGcR9zteSqZV6fqFOWBl4Yde8En8MryZA= -google.golang.org/protobuf v1.36.8 h1:xHScyCOEuuwZEc6UtSOvPbAT4zRh0xcNRYekJwfqyMc= -google.golang.org/protobuf v1.36.8/go.mod h1:fuxRtAxBytpl4zzqUh6/eyUujkJdNiuEkXntxiD/uRU= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/alias/target/store/alias.pb.go b/internal/alias/target/store/alias.pb.go index 45afe38a3f..441744f9c0 100644 --- a/internal/alias/target/store/alias.pb.go +++ b/internal/alias/target/store/alias.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/alias/target/store/v1/alias.proto diff --git a/internal/auth/ldap/store/ldap.pb.go b/internal/auth/ldap/store/ldap.pb.go index 2f2b4dee64..e4b6bd0b26 100644 --- a/internal/auth/ldap/store/ldap.pb.go +++ b/internal/auth/ldap/store/ldap.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/auth/ldap/store/v1/ldap.proto diff --git a/internal/auth/oidc/request/request.pb.go b/internal/auth/oidc/request/request.pb.go index b6b89b9121..7081fb4b7b 100644 --- a/internal/auth/oidc/request/request.pb.go +++ b/internal/auth/oidc/request/request.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/auth/oidc/request/v1/request.proto diff --git a/internal/auth/oidc/store/oidc.pb.go b/internal/auth/oidc/store/oidc.pb.go index 47039df05e..c129444268 100644 --- a/internal/auth/oidc/store/oidc.pb.go +++ b/internal/auth/oidc/store/oidc.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/auth/oidc/store/v1/oidc.proto diff --git a/internal/auth/password/store/argon2.pb.go b/internal/auth/password/store/argon2.pb.go index 5d88974fc7..0a9b4f6184 100644 --- a/internal/auth/password/store/argon2.pb.go +++ b/internal/auth/password/store/argon2.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/auth/password/store/v1/argon2.proto diff --git a/internal/auth/password/store/password.pb.go b/internal/auth/password/store/password.pb.go index c56e5028aa..43063b5bbc 100644 --- a/internal/auth/password/store/password.pb.go +++ b/internal/auth/password/store/password.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/auth/password/store/v1/password.proto diff --git a/internal/auth/store/account.pb.go b/internal/auth/store/account.pb.go index 7b0e024c3a..ba502c8ee4 100644 --- a/internal/auth/store/account.pb.go +++ b/internal/auth/store/account.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/auth/store/v1/account.proto diff --git a/internal/auth/store/auth_method.pb.go b/internal/auth/store/auth_method.pb.go index 55a0beee57..4f4e6fecac 100644 --- a/internal/auth/store/auth_method.pb.go +++ b/internal/auth/store/auth_method.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/auth/store/v1/auth_method.proto diff --git a/internal/authtoken/store/authtoken.pb.go b/internal/authtoken/store/authtoken.pb.go index 3d21f28a5c..75557a2bb8 100644 --- a/internal/authtoken/store/authtoken.pb.go +++ b/internal/authtoken/store/authtoken.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/authtoken/store/v1/authtoken.proto diff --git a/internal/bsr/gen/ssh/v1/ssh_chunks.pb.go b/internal/bsr/gen/ssh/v1/ssh_chunks.pb.go index 00cf17bfdb..09a3ce8841 100644 --- a/internal/bsr/gen/ssh/v1/ssh_chunks.pb.go +++ b/internal/bsr/gen/ssh/v1/ssh_chunks.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: ssh/v1/ssh_chunks.proto diff --git a/internal/cmd/commands/connect/connect.go b/internal/cmd/commands/connect/connect.go index 5525cee958..f5acb8e6d8 100644 --- a/internal/cmd/commands/connect/connect.go +++ b/internal/cmd/commands/connect/connect.go @@ -59,15 +59,16 @@ var ( type Command struct { *base.Command - flagAuthzToken string - flagListenAddr string - flagListenPort int64 - flagTargetId string - flagTargetName string - flagHostId string - flagExec string - flagUsername string - flagDbname string + flagAuthzToken string + flagListenAddr string + flagListenPort int64 + flagTargetId string + flagTargetName string + flagHostId string + flagExec string + flagUsername string + flagDbname string + flagInactiveTimeout time.Duration // HTTP httpFlags @@ -209,6 +210,13 @@ func (c *Command) Flags() *base.FlagSets { Usage: "Target scope name, if authorizing the session via scope parameters and target name. Mutually exclusive with -scope-id.", }) + f.DurationVar(&base.DurationVar{ + Name: "inactive-timeout", + Target: &c.flagInactiveTimeout, + Completion: complete.PredictAnything, + Usage: "How long to wait between connections before closing the session. Increase this value if the proxy closes during long-running processes, or use -1 to disable the timeout.", + }) + switch c.Func { case "connect": f.StringVar(&base.StringVar{ @@ -487,11 +495,32 @@ func (c *Command) Run(args []string) (retCode int) { clientProxyCloseCh := make(chan struct{}) connCountCloseCh := make(chan struct{}) + if c.flagInactiveTimeout == 0 { + // no timeout was specified by the user, so use our defaults based on subcommand + switch c.Func { + case "connect": + // connect is when there is no subcommand specified, this case should + // have the most generous timeout + apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(30*time.Second)) + case "rdp": + // rdp has a gui, so give the user a chance to click "reconnect" + apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(5*time.Second)) + case "ssh": + // one second is probably enough for ssh + apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(time.Second)) + default: + // for other protocols, give some extra leeway just in case + apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(3*time.Second)) + } + } else { + apiProxyOpts = append(apiProxyOpts, apiproxy.WithInactivityTimeout(c.flagInactiveTimeout)) + } + proxyError := new(atomic.Error) go func() { defer close(clientProxyCloseCh) - if err = clientProxy.Start(); err != nil { - c.proxyCancel() + defer c.proxyCancel() + if err = clientProxy.Start(apiProxyOpts...); err != nil { proxyError.Store(err) } }() @@ -574,10 +603,8 @@ func (c *Command) Run(args []string) (retCode int) { if c.execCmdReturnValue != nil { // Don't print out in this case, so ensure we clear it termInfo.Reason = "" - } else if time.Now().After(clientProxy.SessionExpiration()) { - termInfo.Reason = "Session has expired" - } else if clientProxy.ConnectionsLeft() == 0 { - termInfo.Reason = "No connections left in session" + } else if r := clientProxy.CloseReason(); r != "" { + termInfo.Reason = r } else if err := proxyError.Load(); err != nil { termInfo.Reason = "Error from proxy client: " + err.Error() } @@ -784,10 +811,9 @@ func (c *Command) handleExec(clientProxy *apiproxy.ClientProxy, passthroughArgs cmd.Stdin = os.Stdin cmd.Stdout = os.Stdout cmd.Stderr = os.Stderr + cmdExit := make(chan struct{}) - if err := cmd.Run(); err != nil { - exitCode := 2 - + cmdError := func(err error) { if exitError, ok := err.(*exec.ExitError); ok { if exitError.Success() { c.execCmdReturnValue.Store(0) @@ -800,8 +826,30 @@ func (c *Command) handleExec(clientProxy *apiproxy.ClientProxy, passthroughArgs } c.PrintCliError(fmt.Errorf("Failed to run command: %w", err)) - c.execCmdReturnValue.Store(int32(exitCode)) + c.execCmdReturnValue.Store(2) return } - c.execCmdReturnValue.Store(0) + + go func() { + defer close(cmdExit) + if err := cmd.Start(); err != nil { + cmdError(err) + return + } + if err := cmd.Wait(); err != nil { + cmdError(err) + return + } + c.execCmdReturnValue.Store(0) + }() + + for { + select { + case <-c.proxyCtx.Done(): + // the proxy exited for some reason, end the cmd since connections are no longer possible + _ = endProcess(cmd.Process) + case <-cmdExit: + return + } + } } diff --git a/internal/cmd/commands/connect/end_process_nonwindows.go b/internal/cmd/commands/connect/end_process_nonwindows.go new file mode 100644 index 0000000000..bc66eb0523 --- /dev/null +++ b/internal/cmd/commands/connect/end_process_nonwindows.go @@ -0,0 +1,19 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build !windows + +package connect + +import ( + "os" + "syscall" +) + +// endProcess gracefully ends the provided os process +func endProcess(p *os.Process) error { + if p == nil { + return nil + } + return p.Signal(syscall.SIGTERM) +} diff --git a/internal/cmd/commands/connect/end_process_windows.go b/internal/cmd/commands/connect/end_process_windows.go new file mode 100644 index 0000000000..e5389d3a83 --- /dev/null +++ b/internal/cmd/commands/connect/end_process_windows.go @@ -0,0 +1,18 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +//go:build windows + +package connect + +import ( + "os" +) + +// endProcess kills the provided os process +func endProcess(p *os.Process) error { + if p == nil { + return nil + } + return p.Kill() +} diff --git a/internal/cmd/commands/connect/rdp.go b/internal/cmd/commands/connect/rdp.go index 24ce167801..ffabfe4c24 100644 --- a/internal/cmd/commands/connect/rdp.go +++ b/internal/cmd/commands/connect/rdp.go @@ -59,7 +59,7 @@ func (r *rdpFlags) buildArgs(c *Command, port, ip, addr string) []string { case "mstsc.exe": args = append(args, "/v", addr) case "open": - args = append(args, "-n", "-W", fmt.Sprintf("rdp://full%saddress=s%s%s", "%20", "%3A", url.QueryEscape(addr))) + args = append(args, "-W", fmt.Sprintf("rdp://full%saddress=s%s%s", "%20", "%3A", url.QueryEscape(addr))) } return args } diff --git a/internal/credential/static/store/static.pb.go b/internal/credential/static/store/static.pb.go index ed5b8b7730..d8b368a1d5 100644 --- a/internal/credential/static/store/static.pb.go +++ b/internal/credential/static/store/static.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/credential/static/store/v1/static.proto diff --git a/internal/credential/store/credential.pb.go b/internal/credential/store/credential.pb.go index ee4f5dfdd7..d5b1f0e997 100644 --- a/internal/credential/store/credential.pb.go +++ b/internal/credential/store/credential.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/credential/store/v1/credential.proto diff --git a/internal/credential/vault/store/vault.pb.go b/internal/credential/vault/store/vault.pb.go index b7e5c63b50..7f22e504c6 100644 --- a/internal/credential/vault/store/vault.pb.go +++ b/internal/credential/vault/store/vault.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/credential/vault/store/v1/vault.proto diff --git a/internal/daemon/controller/handlers/targets/credentials.go b/internal/daemon/controller/handlers/targets/credentials.go index 82279a944b..5d1a5ae73d 100644 --- a/internal/daemon/controller/handlers/targets/credentials.go +++ b/internal/daemon/controller/handlers/targets/credentials.go @@ -27,6 +27,16 @@ func dynamicToWorkerCredential(ctx context.Context, cred credential.Dynamic) (se const op = "targets.dynamicToWorkerCredential" var workerCred *serverpb.Credential switch c := cred.(type) { + case credential.UsernamePasswordDomain: + workerCred = &serverpb.Credential{ + Credential: &serverpb.Credential_UsernamePasswordDomain{ + UsernamePasswordDomain: &serverpb.UsernamePasswordDomain{ + Username: c.Username(), + Password: string(c.Password()), + Domain: c.Domain(), + }, + }, + } case credential.UsernamePassword: workerCred = &serverpb.Credential{ Credential: &serverpb.Credential_UsernamePassword{ diff --git a/internal/daemon/worker/handler.go b/internal/daemon/worker/handler.go index a0d0691166..96781d6aaa 100644 --- a/internal/daemon/worker/handler.go +++ b/internal/daemon/worker/handler.go @@ -283,7 +283,15 @@ func (w *Worker) handleProxy(listenerCfg *listenerutil.ListenerConfig, sessionMa runProxy, err := handleProxyFn(ctx, ctx, decryptFn, cc, pDialer, acResp.GetConnectionId(), protocolCtx, w.recorderManager, proxyHandlers.WithLogger(w.logger)) if err != nil { conn.Close(proxyHandlers.WebsocketStatusProtocolSetupError, "unable to setup proxying") - event.WriteError(ctx, op, err) + + switch { + case errors.Match(errors.T(errors.WindowsRDPClientEarlyDisconnection), err): + // This is known behavior with Windows Remote Desktop clients and does not + // indicate a problem with the worker or the proxy. + // There is no need to log an error event here. + default: + event.WriteError(ctx, op, err) + } return } diff --git a/internal/db/db_test/db_test.pb.go b/internal/db/db_test/db_test.pb.go index 39fcf184df..06f6f32174 100644 --- a/internal/db/db_test/db_test.pb.go +++ b/internal/db/db_test/db_test.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/db/db_test/v1/db_test.proto diff --git a/internal/db/timestamp/timestamp.pb.go b/internal/db/timestamp/timestamp.pb.go index 3d74293d4a..357c44f7ca 100644 --- a/internal/db/timestamp/timestamp.pb.go +++ b/internal/db/timestamp/timestamp.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/timestamp/v1/timestamp.proto diff --git a/internal/errors/code.go b/internal/errors/code.go index 222dbfcbd0..3aac53406d 100644 --- a/internal/errors/code.go +++ b/internal/errors/code.go @@ -69,6 +69,9 @@ const ( InvalidListToken Code = 136 // InvalidListToken represents an error where the provided list token is invalid Paused Code = 137 // Paused represents an error when an operation cannot be completed because the thing being operated on is paused + // Note: Currently unused in OSS + WindowsRDPClientEarlyDisconnection Code = 138 // WindowsRDPClientEarlyDisconnection represents an error when a Windows RDP client disconnects early, a known behavior with Windows Remote Desktop clients + AuthAttemptExpired Code = 198 // AuthAttemptExpired represents an expired authentication attempt AuthMethodInactive Code = 199 // AuthMethodInactive represents an error that means the auth method is not active. diff --git a/internal/errors/code_test.go b/internal/errors/code_test.go index 6afd68d2d4..c19aa8375d 100644 --- a/internal/errors/code_test.go +++ b/internal/errors/code_test.go @@ -455,6 +455,11 @@ func TestCode_Both_String_Info(t *testing.T) { c: Paused, want: Paused, }, + { + name: "WindowsRDPClientEarlyDisconnection", + c: WindowsRDPClientEarlyDisconnection, + want: WindowsRDPClientEarlyDisconnection, + }, { name: "ImmutableColumn", c: ImmutableColumn, diff --git a/internal/errors/info.go b/internal/errors/info.go index ce2e1f89e4..e54ba27933 100644 --- a/internal/errors/info.go +++ b/internal/errors/info.go @@ -347,6 +347,10 @@ var errorCodeInfo = map[Code]Info{ Message: "paused", Kind: State, }, + WindowsRDPClientEarlyDisconnection: { + Message: "rdp client disconnected early", + Kind: State, + }, ExternalPlugin: { Message: "plugin error", Kind: External, diff --git a/internal/gen/controller.swagger.json b/internal/gen/controller.swagger.json index 1dd3cbf431..14082834ed 100644 --- a/internal/gen/controller.swagger.json +++ b/internal/gen/controller.swagger.json @@ -3,7 +3,7 @@ "info": { "title": "Boundary controller HTTP API", "description": "Welcome to the Boundary controller HTTP API documentation. This page provides a reference guide for using the Boundary controller API, a JSON-based HTTP API. The API implements commonly seen HTTP API patterns for status codes, paths, and errors. See the [API overview](https://developer.hashicorp.com/boundary/docs/api-clients/api) for more information.\n\nBefore you read this page, it is useful to understand Boundary's [domain model](https://developer.hashicorp.com/boundary/docs/concepts/domain-model) and to be aware of the terminology used here. To get started, search for the service you want to interact with in the sidebar to the left. Each resource in Boundary, such as accounts and credential stores, has its own service. Each service contains all the API endpoints for the resource.\n## Status codes\n- `2XX`: Boundary returns a code between `200` and `299` on success. Generally this is `200`, but implementations should be prepared to accept any `2XX` status code as indicating success. If a call returns a `2XX` code that is not `200`, it follows well-understood semantics for those status codes.\n- `400`: Boundary returns `400` when a command cannot be completed due to invalid user input, except for a properly-formatted identifier that does not map to an existing resource, which returns a `404` as discussed below.\n- `401`: Boundary returns `401` if no authentication token is provided or if the provided token is invalid. A valid token that simply does not have permission for a resource returns a `403` instead. A token that is invalid or missing, but where the anonymous user (`u_anon`) is able to successfully perform the action, will not return a `401` but instead will return the result of the action.\n- `403`: Boundary returns `403` if a provided token was valid but does not have the grants required to perform the requested action.\n- `404`: Boundary returns `404` if a resource cannot be found. Note that this happens _prior_ to authentication/authorization checking in nearly all cases as the resource information (such as its scope, available actions, etc.) is a required part of that check. As a result, an action against a resource that does not exist returns a `404` instead of a `401` or `403`. While this could be considered an information leak, since IDs are randomly generated and this only discloses whether an ID is valid, it's tolerable as it allows for far simpler and more robust client implementation.\n- `405`: Boundary returns a `405` to indicate that the method (HTTP verb or custom action) is not implemented for the given resource.\n- `429`: Boundary returns a `429` if any of the API rate limit quotas have been exhausted for the resource and action. It includes the `Retry-After` header so that the client knows how long to wait before making a new request.\n- `500`: Boundary returns `500` if an error occurred that is not (directly) tied to invalid user input. If a `500` is generated, information about the error is logged to Boundary's server log but is not generally provided to the client.\n- `503`: Boundary returns a `503` if it is unable to store a quota due to the API rate limit being exceeded. It includes the `Retry-After` header so that the client knows how long to wait before making a new request.\n## List pagination\nBoundary uses [API pagination](https://developer.hashicorp.com/boundary/docs/api-clients/api/pagination) to support searching and filtering large lists of results efficiently.", - "version": "0.20.0", + "version": "0.20.1", "contact": { "name": "HashiCorp Boundary", "url": "https://www.boundaryproject.io/" diff --git a/internal/gen/controller/api/empty_msg.pb.go b/internal/gen/controller/api/empty_msg.pb.go index 5f298bbb64..4569322504 100644 --- a/internal/gen/controller/api/empty_msg.pb.go +++ b/internal/gen/controller/api/empty_msg.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/v1/empty_msg.proto diff --git a/internal/gen/controller/api/error.pb.go b/internal/gen/controller/api/error.pb.go index e9775bcd27..6f5e37ea34 100644 --- a/internal/gen/controller/api/error.pb.go +++ b/internal/gen/controller/api/error.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/v1/error.proto diff --git a/internal/gen/controller/api/services/account_service.pb.go b/internal/gen/controller/api/services/account_service.pb.go index 4af3c82974..aaeff8262b 100644 --- a/internal/gen/controller/api/services/account_service.pb.go +++ b/internal/gen/controller/api/services/account_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/account_service.proto diff --git a/internal/gen/controller/api/services/alias_service.pb.go b/internal/gen/controller/api/services/alias_service.pb.go index 6e4fe188d1..624c8dcff2 100644 --- a/internal/gen/controller/api/services/alias_service.pb.go +++ b/internal/gen/controller/api/services/alias_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/alias_service.proto diff --git a/internal/gen/controller/api/services/auth_method_service.pb.go b/internal/gen/controller/api/services/auth_method_service.pb.go index 1c860101b8..0e193628d0 100644 --- a/internal/gen/controller/api/services/auth_method_service.pb.go +++ b/internal/gen/controller/api/services/auth_method_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/auth_method_service.proto diff --git a/internal/gen/controller/api/services/authtokens_service.pb.go b/internal/gen/controller/api/services/authtokens_service.pb.go index d0f59f9c80..3fafc3dadb 100644 --- a/internal/gen/controller/api/services/authtokens_service.pb.go +++ b/internal/gen/controller/api/services/authtokens_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/authtokens_service.proto diff --git a/internal/gen/controller/api/services/billing_service.pb.go b/internal/gen/controller/api/services/billing_service.pb.go index 79386833be..de59e08c08 100644 --- a/internal/gen/controller/api/services/billing_service.pb.go +++ b/internal/gen/controller/api/services/billing_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/billing_service.proto diff --git a/internal/gen/controller/api/services/credential_library_service.pb.go b/internal/gen/controller/api/services/credential_library_service.pb.go index f740114982..a216b017bf 100644 --- a/internal/gen/controller/api/services/credential_library_service.pb.go +++ b/internal/gen/controller/api/services/credential_library_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/credential_library_service.proto diff --git a/internal/gen/controller/api/services/credential_service.pb.go b/internal/gen/controller/api/services/credential_service.pb.go index 425bbe9e5d..52a893c637 100644 --- a/internal/gen/controller/api/services/credential_service.pb.go +++ b/internal/gen/controller/api/services/credential_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/credential_service.proto diff --git a/internal/gen/controller/api/services/credential_store_service.pb.go b/internal/gen/controller/api/services/credential_store_service.pb.go index 2c88ac3a95..4d8df5c450 100644 --- a/internal/gen/controller/api/services/credential_store_service.pb.go +++ b/internal/gen/controller/api/services/credential_store_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/credential_store_service.proto diff --git a/internal/gen/controller/api/services/doc.pb.go b/internal/gen/controller/api/services/doc.pb.go index 6923f7958c..2aa6f4e5c6 100644 --- a/internal/gen/controller/api/services/doc.pb.go +++ b/internal/gen/controller/api/services/doc.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/doc.proto diff --git a/internal/gen/controller/api/services/group_service.pb.go b/internal/gen/controller/api/services/group_service.pb.go index aa74acf0af..1c99f2e232 100644 --- a/internal/gen/controller/api/services/group_service.pb.go +++ b/internal/gen/controller/api/services/group_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/group_service.proto diff --git a/internal/gen/controller/api/services/host_catalog_service.pb.go b/internal/gen/controller/api/services/host_catalog_service.pb.go index 3e000c495b..653dc6587a 100644 --- a/internal/gen/controller/api/services/host_catalog_service.pb.go +++ b/internal/gen/controller/api/services/host_catalog_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/host_catalog_service.proto diff --git a/internal/gen/controller/api/services/host_service.pb.go b/internal/gen/controller/api/services/host_service.pb.go index d0552a1192..f334b21f26 100644 --- a/internal/gen/controller/api/services/host_service.pb.go +++ b/internal/gen/controller/api/services/host_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/host_service.proto diff --git a/internal/gen/controller/api/services/host_set_service.pb.go b/internal/gen/controller/api/services/host_set_service.pb.go index 288e2f4753..119d878a6f 100644 --- a/internal/gen/controller/api/services/host_set_service.pb.go +++ b/internal/gen/controller/api/services/host_set_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/host_set_service.proto diff --git a/internal/gen/controller/api/services/list.pb.go b/internal/gen/controller/api/services/list.pb.go index 57f4a647a2..0d3d436e0f 100644 --- a/internal/gen/controller/api/services/list.pb.go +++ b/internal/gen/controller/api/services/list.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/list.proto diff --git a/internal/gen/controller/api/services/managed_group_service.pb.go b/internal/gen/controller/api/services/managed_group_service.pb.go index fef579da40..0805cbbb4d 100644 --- a/internal/gen/controller/api/services/managed_group_service.pb.go +++ b/internal/gen/controller/api/services/managed_group_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/managed_group_service.proto diff --git a/internal/gen/controller/api/services/policy_service.pb.go b/internal/gen/controller/api/services/policy_service.pb.go index b5e175cf01..d06a0e677a 100644 --- a/internal/gen/controller/api/services/policy_service.pb.go +++ b/internal/gen/controller/api/services/policy_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/policy_service.proto diff --git a/internal/gen/controller/api/services/role_service.pb.go b/internal/gen/controller/api/services/role_service.pb.go index 9cf13c03db..0a5c66a257 100644 --- a/internal/gen/controller/api/services/role_service.pb.go +++ b/internal/gen/controller/api/services/role_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/role_service.proto diff --git a/internal/gen/controller/api/services/scope_service.pb.go b/internal/gen/controller/api/services/scope_service.pb.go index 9cf1c51406..d421a5dc24 100644 --- a/internal/gen/controller/api/services/scope_service.pb.go +++ b/internal/gen/controller/api/services/scope_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/scope_service.proto diff --git a/internal/gen/controller/api/services/session_recording_service.pb.go b/internal/gen/controller/api/services/session_recording_service.pb.go index 7812197cae..70957ab4cf 100644 --- a/internal/gen/controller/api/services/session_recording_service.pb.go +++ b/internal/gen/controller/api/services/session_recording_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/session_recording_service.proto diff --git a/internal/gen/controller/api/services/session_service.pb.go b/internal/gen/controller/api/services/session_service.pb.go index b44b1a7b8d..40d2f7f554 100644 --- a/internal/gen/controller/api/services/session_service.pb.go +++ b/internal/gen/controller/api/services/session_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/session_service.proto diff --git a/internal/gen/controller/api/services/storage_bucket_service.pb.go b/internal/gen/controller/api/services/storage_bucket_service.pb.go index d1db4bf537..babcb18554 100644 --- a/internal/gen/controller/api/services/storage_bucket_service.pb.go +++ b/internal/gen/controller/api/services/storage_bucket_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/storage_bucket_service.proto diff --git a/internal/gen/controller/api/services/target_service.pb.go b/internal/gen/controller/api/services/target_service.pb.go index 4201e99fbd..6c2cef08e3 100644 --- a/internal/gen/controller/api/services/target_service.pb.go +++ b/internal/gen/controller/api/services/target_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/target_service.proto diff --git a/internal/gen/controller/api/services/user_service.pb.go b/internal/gen/controller/api/services/user_service.pb.go index 8612281869..34da3c1370 100644 --- a/internal/gen/controller/api/services/user_service.pb.go +++ b/internal/gen/controller/api/services/user_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/user_service.proto diff --git a/internal/gen/controller/api/services/worker_service.pb.go b/internal/gen/controller/api/services/worker_service.pb.go index de6409b7d8..028dbd86e5 100644 --- a/internal/gen/controller/api/services/worker_service.pb.go +++ b/internal/gen/controller/api/services/worker_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/services/v1/worker_service.proto diff --git a/internal/gen/controller/auth/auth.pb.go b/internal/gen/controller/auth/auth.pb.go index 41423b54c9..d934b8de74 100644 --- a/internal/gen/controller/auth/auth.pb.go +++ b/internal/gen/controller/auth/auth.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/auth/v1/auth.proto diff --git a/internal/gen/controller/servers/servers.pb.go b/internal/gen/controller/servers/servers.pb.go index e329b2bde3..6e04c87b41 100644 --- a/internal/gen/controller/servers/servers.pb.go +++ b/internal/gen/controller/servers/servers.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/servers/v1/servers.proto diff --git a/internal/gen/controller/servers/services/credential.pb.go b/internal/gen/controller/servers/services/credential.pb.go index e0ae9dae36..f36edc601b 100644 --- a/internal/gen/controller/servers/services/credential.pb.go +++ b/internal/gen/controller/servers/services/credential.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/servers/services/v1/credential.proto diff --git a/internal/gen/controller/servers/services/server_coordination_service.pb.go b/internal/gen/controller/servers/services/server_coordination_service.pb.go index fbc292f5a7..686250d298 100644 --- a/internal/gen/controller/servers/services/server_coordination_service.pb.go +++ b/internal/gen/controller/servers/services/server_coordination_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/servers/services/v1/server_coordination_service.proto diff --git a/internal/gen/controller/servers/services/session_service.pb.go b/internal/gen/controller/servers/services/session_service.pb.go index bc495b3ae1..2d175ba20a 100644 --- a/internal/gen/controller/servers/services/session_service.pb.go +++ b/internal/gen/controller/servers/services/session_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/servers/services/v1/session_service.proto diff --git a/internal/gen/controller/servers/services/upstream_message_service.pb.go b/internal/gen/controller/servers/services/upstream_message_service.pb.go index 3001147f3d..1cab692701 100644 --- a/internal/gen/controller/servers/services/upstream_message_service.pb.go +++ b/internal/gen/controller/servers/services/upstream_message_service.pb.go @@ -2,7 +2,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/servers/services/v1/upstream_message_service.proto diff --git a/internal/gen/controller/tokens/tokens.pb.go b/internal/gen/controller/tokens/tokens.pb.go index 5574065726..1c5931b2bc 100644 --- a/internal/gen/controller/tokens/tokens.pb.go +++ b/internal/gen/controller/tokens/tokens.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/tokens/v1/tokens.proto diff --git a/internal/gen/errors/errors.pb.go b/internal/gen/errors/errors.pb.go index 887c0dadb3..58d77c320f 100644 --- a/internal/gen/errors/errors.pb.go +++ b/internal/gen/errors/errors.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: errors/v1/errors.proto diff --git a/internal/gen/ops/services/health_service.pb.go b/internal/gen/ops/services/health_service.pb.go index 3a3e0cdf46..14e5c30f30 100644 --- a/internal/gen/ops/services/health_service.pb.go +++ b/internal/gen/ops/services/health_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: ops/services/v1/health_service.proto diff --git a/internal/gen/testing/attribute/attribute.pb.go b/internal/gen/testing/attribute/attribute.pb.go index b14adad8f9..4bb3a93bf6 100644 --- a/internal/gen/testing/attribute/attribute.pb.go +++ b/internal/gen/testing/attribute/attribute.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: testing/attribute/v1/attribute.proto diff --git a/internal/gen/testing/event/event.pb.go b/internal/gen/testing/event/event.pb.go index 71ec9454bf..a546202111 100644 --- a/internal/gen/testing/event/event.pb.go +++ b/internal/gen/testing/event/event.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: testing/event/v1/event.proto diff --git a/internal/gen/testing/interceptor/greeter.pb.go b/internal/gen/testing/interceptor/greeter.pb.go index 4c254bc44d..10b8f99505 100644 --- a/internal/gen/testing/interceptor/greeter.pb.go +++ b/internal/gen/testing/interceptor/greeter.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: testing/interceptor/v1/greeter.proto diff --git a/internal/gen/testing/protooptions/service.pb.go b/internal/gen/testing/protooptions/service.pb.go index fa098cc804..961f7dc4d5 100644 --- a/internal/gen/testing/protooptions/service.pb.go +++ b/internal/gen/testing/protooptions/service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: testing/options/v1/service.proto diff --git a/internal/gen/worker/health/health_service.pb.go b/internal/gen/worker/health/health_service.pb.go index fa326afb8a..5189cc1b53 100644 --- a/internal/gen/worker/health/health_service.pb.go +++ b/internal/gen/worker/health/health_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: worker/health/v1/health_service.proto diff --git a/internal/gen/worker/servers/services/host_service.pb.go b/internal/gen/worker/servers/services/host_service.pb.go index a4257de0b6..b3298518be 100644 --- a/internal/gen/worker/servers/services/host_service.pb.go +++ b/internal/gen/worker/servers/services/host_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: worker/servers/services/v1/host_service.proto diff --git a/internal/host/plugin/store/host.pb.go b/internal/host/plugin/store/host.pb.go index 4d9888c8e9..021bde8b79 100644 --- a/internal/host/plugin/store/host.pb.go +++ b/internal/host/plugin/store/host.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/host/plugin/store/v1/host.proto diff --git a/internal/host/static/store/static.pb.go b/internal/host/static/store/static.pb.go index ea94df4299..ddfaf2f86d 100644 --- a/internal/host/static/store/static.pb.go +++ b/internal/host/static/store/static.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/host/static/store/v1/static.proto diff --git a/internal/host/store/host.pb.go b/internal/host/store/host.pb.go index c265562460..34712236b4 100644 --- a/internal/host/store/host.pb.go +++ b/internal/host/store/host.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/host/store/v1/host.proto diff --git a/internal/iam/store/group.pb.go b/internal/iam/store/group.pb.go index 7c7e6c66eb..a2058b04d2 100644 --- a/internal/iam/store/group.pb.go +++ b/internal/iam/store/group.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/group.proto diff --git a/internal/iam/store/group_member.pb.go b/internal/iam/store/group_member.pb.go index ce9e2a9e09..4056b73a01 100644 --- a/internal/iam/store/group_member.pb.go +++ b/internal/iam/store/group_member.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/group_member.proto diff --git a/internal/iam/store/principal_role.pb.go b/internal/iam/store/principal_role.pb.go index 94f96bc22b..4e1571e9d5 100644 --- a/internal/iam/store/principal_role.pb.go +++ b/internal/iam/store/principal_role.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/principal_role.proto diff --git a/internal/iam/store/role.pb.go b/internal/iam/store/role.pb.go index 13b0f71610..5a2f643b9b 100644 --- a/internal/iam/store/role.pb.go +++ b/internal/iam/store/role.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/role.proto diff --git a/internal/iam/store/role_global.pb.go b/internal/iam/store/role_global.pb.go index 6c25c44638..8d125342ad 100644 --- a/internal/iam/store/role_global.pb.go +++ b/internal/iam/store/role_global.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/role_global.proto diff --git a/internal/iam/store/role_global_individual_org_grant_scope.pb.go b/internal/iam/store/role_global_individual_org_grant_scope.pb.go index a6b0a84231..2e814d5785 100644 --- a/internal/iam/store/role_global_individual_org_grant_scope.pb.go +++ b/internal/iam/store/role_global_individual_org_grant_scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/role_global_individual_org_grant_scope.proto diff --git a/internal/iam/store/role_global_individual_project_grant_scope.pb.go b/internal/iam/store/role_global_individual_project_grant_scope.pb.go index 350c1e41cc..43c681a25f 100644 --- a/internal/iam/store/role_global_individual_project_grant_scope.pb.go +++ b/internal/iam/store/role_global_individual_project_grant_scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/role_global_individual_project_grant_scope.proto diff --git a/internal/iam/store/role_grant.pb.go b/internal/iam/store/role_grant.pb.go index 072ec8fc5a..4f2ddfab94 100644 --- a/internal/iam/store/role_grant.pb.go +++ b/internal/iam/store/role_grant.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/role_grant.proto diff --git a/internal/iam/store/role_grant_scope.pb.go b/internal/iam/store/role_grant_scope.pb.go index b735bce002..36bde9a0f4 100644 --- a/internal/iam/store/role_grant_scope.pb.go +++ b/internal/iam/store/role_grant_scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/role_grant_scope.proto diff --git a/internal/iam/store/role_org.pb.go b/internal/iam/store/role_org.pb.go index 8f36096e76..2237069a11 100644 --- a/internal/iam/store/role_org.pb.go +++ b/internal/iam/store/role_org.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/role_org.proto diff --git a/internal/iam/store/role_org_individual_grant_scope.pb.go b/internal/iam/store/role_org_individual_grant_scope.pb.go index 56af65e01e..6b3333362d 100644 --- a/internal/iam/store/role_org_individual_grant_scope.pb.go +++ b/internal/iam/store/role_org_individual_grant_scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/role_org_individual_grant_scope.proto diff --git a/internal/iam/store/role_project.pb.go b/internal/iam/store/role_project.pb.go index 10a84f9a2b..8bb6fb1585 100644 --- a/internal/iam/store/role_project.pb.go +++ b/internal/iam/store/role_project.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/role_project.proto diff --git a/internal/iam/store/scope.pb.go b/internal/iam/store/scope.pb.go index 6f6af3913b..7d0e5a09e4 100644 --- a/internal/iam/store/scope.pb.go +++ b/internal/iam/store/scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/scope.proto diff --git a/internal/iam/store/user.pb.go b/internal/iam/store/user.pb.go index 3c92019e3a..4cecca0949 100644 --- a/internal/iam/store/user.pb.go +++ b/internal/iam/store/user.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/iam/store/v1/user.proto diff --git a/internal/kms/store/audit_key.pb.go b/internal/kms/store/audit_key.pb.go index b68571808c..6533fd44e1 100644 --- a/internal/kms/store/audit_key.pb.go +++ b/internal/kms/store/audit_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/kms/store/v1/audit_key.proto diff --git a/internal/kms/store/data_key_version_destruction_job.pb.go b/internal/kms/store/data_key_version_destruction_job.pb.go index b0de7b9bef..9cad1d0c0c 100644 --- a/internal/kms/store/data_key_version_destruction_job.pb.go +++ b/internal/kms/store/data_key_version_destruction_job.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/kms/store/v1/data_key_version_destruction_job.proto diff --git a/internal/kms/store/data_key_version_destruction_job_progress.pb.go b/internal/kms/store/data_key_version_destruction_job_progress.pb.go index cd66f13f10..33c22fcbf3 100644 --- a/internal/kms/store/data_key_version_destruction_job_progress.pb.go +++ b/internal/kms/store/data_key_version_destruction_job_progress.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/kms/store/v1/data_key_version_destruction_job_progress.proto diff --git a/internal/kms/store/data_key_version_destruction_job_run.pb.go b/internal/kms/store/data_key_version_destruction_job_run.pb.go index b9f76379b9..a35d311fc2 100644 --- a/internal/kms/store/data_key_version_destruction_job_run.pb.go +++ b/internal/kms/store/data_key_version_destruction_job_run.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/kms/store/v1/data_key_version_destruction_job_run.proto diff --git a/internal/kms/store/data_key_version_destruction_job_run_allowed_table_name.pb.go b/internal/kms/store/data_key_version_destruction_job_run_allowed_table_name.pb.go index 154afac654..39744dc600 100644 --- a/internal/kms/store/data_key_version_destruction_job_run_allowed_table_name.pb.go +++ b/internal/kms/store/data_key_version_destruction_job_run_allowed_table_name.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/kms/store/v1/data_key_version_destruction_job_run_allowed_table_name.proto diff --git a/internal/kms/store/database_key.pb.go b/internal/kms/store/database_key.pb.go index 33406a5226..db022f3b31 100644 --- a/internal/kms/store/database_key.pb.go +++ b/internal/kms/store/database_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/kms/store/v1/database_key.proto diff --git a/internal/kms/store/oidc_key.pb.go b/internal/kms/store/oidc_key.pb.go index 0e78c00317..882570da1c 100644 --- a/internal/kms/store/oidc_key.pb.go +++ b/internal/kms/store/oidc_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/kms/store/v1/oidc_key.proto diff --git a/internal/kms/store/oplog_key.pb.go b/internal/kms/store/oplog_key.pb.go index df473d75ad..2ec45de91d 100644 --- a/internal/kms/store/oplog_key.pb.go +++ b/internal/kms/store/oplog_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/kms/store/v1/oplog_key.proto diff --git a/internal/kms/store/root_key.pb.go b/internal/kms/store/root_key.pb.go index 7223de2e18..ae34eec630 100644 --- a/internal/kms/store/root_key.pb.go +++ b/internal/kms/store/root_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/kms/store/v1/root_key.proto diff --git a/internal/kms/store/session_key.pb.go b/internal/kms/store/session_key.pb.go index 104a904630..948fcacaca 100644 --- a/internal/kms/store/session_key.pb.go +++ b/internal/kms/store/session_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/kms/store/v1/session_key.proto diff --git a/internal/kms/store/token_key.pb.go b/internal/kms/store/token_key.pb.go index dcd48e4f26..f3b963a6dc 100644 --- a/internal/kms/store/token_key.pb.go +++ b/internal/kms/store/token_key.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/kms/store/v1/token_key.proto diff --git a/internal/oplog/any_operation.pb.go b/internal/oplog/any_operation.pb.go index 43d741134d..5a2f5dfcbe 100644 --- a/internal/oplog/any_operation.pb.go +++ b/internal/oplog/any_operation.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/oplog/v1/any_operation.proto diff --git a/internal/oplog/oplog_test/oplog_test.pb.go b/internal/oplog/oplog_test/oplog_test.pb.go index 42614d82b9..7bcc14646f 100644 --- a/internal/oplog/oplog_test/oplog_test.pb.go +++ b/internal/oplog/oplog_test/oplog_test.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/oplog/test/v1/oplog_test.proto diff --git a/internal/oplog/store/oplog.pb.go b/internal/oplog/store/oplog.pb.go index 14b7c6f191..702913ca26 100644 --- a/internal/oplog/store/oplog.pb.go +++ b/internal/oplog/store/oplog.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/oplog/store/v1/oplog.proto diff --git a/internal/plugin/store/plugin.pb.go b/internal/plugin/store/plugin.pb.go index 03abb1ab32..8c8f3e2b3e 100644 --- a/internal/plugin/store/plugin.pb.go +++ b/internal/plugin/store/plugin.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/plugin/store/v1/plugin.proto diff --git a/internal/policy/storage/store/policy.pb.go b/internal/policy/storage/store/policy.pb.go index 50ade62b8a..fac6d33acc 100644 --- a/internal/policy/storage/store/policy.pb.go +++ b/internal/policy/storage/store/policy.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/policy/storage/store/v1/policy.proto diff --git a/internal/policy/store/policy.pb.go b/internal/policy/store/policy.pb.go index 55c805e957..84615442d7 100644 --- a/internal/policy/store/policy.pb.go +++ b/internal/policy/store/policy.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/policy/store/v1/policy.proto diff --git a/internal/scheduler/job/store/job.pb.go b/internal/scheduler/job/store/job.pb.go index 48b983f3e2..feebc833f7 100644 --- a/internal/scheduler/job/store/job.pb.go +++ b/internal/scheduler/job/store/job.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/job/store/v1/job.proto diff --git a/internal/server/store/controller.pb.go b/internal/server/store/controller.pb.go index 53f2120f7f..db93572a1a 100644 --- a/internal/server/store/controller.pb.go +++ b/internal/server/store/controller.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/servers/store/v1/controller.proto diff --git a/internal/server/store/root_certificate.pb.go b/internal/server/store/root_certificate.pb.go index 27067d30e5..0eea841e87 100644 --- a/internal/server/store/root_certificate.pb.go +++ b/internal/server/store/root_certificate.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/servers/store/v1/root_certificate.proto diff --git a/internal/server/store/worker.pb.go b/internal/server/store/worker.pb.go index ab61eb2931..b9900f0d1b 100644 --- a/internal/server/store/worker.pb.go +++ b/internal/server/store/worker.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/servers/store/v1/worker.proto diff --git a/internal/server/store/worker_auth.pb.go b/internal/server/store/worker_auth.pb.go index 57e1d6f60e..e75cbeedd8 100644 --- a/internal/server/store/worker_auth.pb.go +++ b/internal/server/store/worker_auth.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/servers/store/v1/worker_auth.proto diff --git a/internal/storage/plugin/store/storage.pb.go b/internal/storage/plugin/store/storage.pb.go index a0c15c0bd5..ddf9ef78e8 100644 --- a/internal/storage/plugin/store/storage.pb.go +++ b/internal/storage/plugin/store/storage.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/storage/plugin/store/v1/storage.proto diff --git a/internal/target/store/target.pb.go b/internal/target/store/target.pb.go index 6380cebc2f..bd664138ea 100644 --- a/internal/target/store/target.pb.go +++ b/internal/target/store/target.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/target/store/v1/target.proto diff --git a/internal/target/targettest/store/target.pb.go b/internal/target/targettest/store/target.pb.go index 9bce9aeab5..44519f3d28 100644 --- a/internal/target/targettest/store/target.pb.go +++ b/internal/target/targettest/store/target.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/target/targettest/store/v1/target.proto diff --git a/internal/target/tcp/store/target.pb.go b/internal/target/tcp/store/target.pb.go index c171827564..c4c5624ed0 100644 --- a/internal/target/tcp/store/target.pb.go +++ b/internal/target/tcp/store/target.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/storage/target/tcp/store/v1/target.proto diff --git a/internal/tests/api/proxy/proxy_test.go b/internal/tests/api/proxy/proxy_test.go index aa78af56ef..877ccc916e 100644 --- a/internal/tests/api/proxy/proxy_test.go +++ b/internal/tests/api/proxy/proxy_test.go @@ -19,6 +19,7 @@ import ( "github.com/hashicorp/boundary/internal/tests/helper" "github.com/hashicorp/go-hclog" "github.com/stretchr/testify/require" + "go.uber.org/atomic" _ "github.com/hashicorp/boundary/internal/daemon/controller/handlers/targets/tcp" ) @@ -140,3 +141,99 @@ func TestConnectionsLeft(t *testing.T) { // Wait to ensure cleanup and that the second-start logic works wg.Wait() } + +func TestConnectionTimeout(t *testing.T) { + require := require.New(t) + logger := hclog.New(&hclog.LoggerOptions{ + Name: t.Name(), + Level: hclog.Trace, + }) + + // Create controller and worker + conf, err := config.DevController() + require.NoError(err) + c1 := controller.NewTestController(t, &controller.TestControllerOpts{ + Config: conf, + InitialResourcesSuffix: "1234567890", + Logger: logger.Named("c1"), + WorkerRPCGracePeriod: helper.DefaultControllerRPCGracePeriod, + }) + helper.ExpectWorkers(t, c1) + + w1 := worker.NewTestWorker(t, &worker.TestWorkerOpts{ + WorkerAuthKms: c1.Config().WorkerAuthKms, + InitialUpstreams: c1.ClusterAddrs(), + Logger: logger.Named("w1"), + SuccessfulControllerRPCGracePeriodDuration: helper.DefaultControllerRPCGracePeriod, + Name: "w1", + }) + helper.ExpectWorkers(t, c1, w1) + + // Connect target + client := c1.Client() + client.SetToken(c1.Token().Token) + tcl := targets.NewClient(client) + tgt, err := tcl.Read(c1.Context(), "ttcp_1234567890") + require.NoError(err) + require.NotNil(tgt) + + // Create test server, update default port on target + ts := helper.NewTestTcpServer(t) + require.NotNil(t, ts) + defer ts.Close() + var sessionConnsLimit int32 = 2 + + tgt = updateTargetForProxy(t, c1.Context(), tcl, tgt, ts.Port(), sessionConnsLimit, w1.Name()) + + // Authorize session to get authorization data + sess, err := tcl.AuthorizeSession(c1.Context(), tgt.Item.Id) + require.NoError(err) + sessAuthz, err := sess.GetSessionAuthorization() + require.NoError(err) + + // Create a context we can cancel to stop the proxy, a channel for conns + // left, and a waitgroup to ensure cleanup + pxyCtx, pxyCancel := context.WithCancel(c1.Context()) + defer pxyCancel() + wg := new(sync.WaitGroup) + + pxy, err := proxy.New(pxyCtx, sessAuthz.AuthorizationToken) + require.NoError(err) + wg.Add(1) + done := atomic.NewBool(false) + go func() { + defer wg.Done() + require.NoError(pxy.Start(proxy.WithInactivityTimeout(time.Second))) + done.Store(true) + }() + + addr := pxy.ListenerAddress(context.Background()) + require.NotEmpty(addr) + addrPort, err := netip.ParseAddrPort(addr) + require.NoError(err) + + echo := []byte("echo") + readBuf := make([]byte, len(echo)) + + conn, err := net.DialTCP("tcp", nil, net.TCPAddrFromAddrPort(addrPort)) + require.NoError(err) + written, err := conn.Write(echo) + require.NoError(err) + require.Equal(written, len(echo)) + read, err := conn.Read(readBuf) + require.NoError(err) + require.Equal(read, len(echo)) + require.NoError(conn.Close()) + + start := time.Now() + for { + if done.Load() || time.Since(start) > time.Second*2 { + require.True(done.Load(), "proxy did not close itself within the expected time frame (2 seconds)") + break + } + time.Sleep(10 * time.Millisecond) + } + require.Equal("Inactivity timeout reached", pxy.CloseReason()) + pxyCancel() + wg.Wait() +} diff --git a/plugins/kms/mains/ibmkp/go.mod b/plugins/kms/mains/ibmkp/go.mod new file mode 100644 index 0000000000..89eba23df6 --- /dev/null +++ b/plugins/kms/mains/ibmkp/go.mod @@ -0,0 +1,41 @@ +module github.com/hashicorp/boundary/plugins/kms/mains/ibmkp + +go 1.25.0 + +require ( + github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 + github.com/hashicorp/go-kms-wrapping/wrappers/ibmkp/v2 v2.0.0 +) + +require ( + github.com/IBM/keyprotect-go-client v0.15.1 // indirect + github.com/davecgh/go-spew v1.1.1 // indirect + github.com/fatih/color v1.18.0 // indirect + github.com/golang/protobuf v1.5.4 // indirect + github.com/google/uuid v1.6.0 // indirect + github.com/hashicorp/go-cleanhttp v0.5.2 // indirect + github.com/hashicorp/go-hclog v1.6.3 // indirect + github.com/hashicorp/go-kms-wrapping/v2 v2.0.19 // indirect + github.com/hashicorp/go-plugin v1.7.0 // indirect + github.com/hashicorp/go-retryablehttp v0.7.8 // indirect + github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 // indirect + github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0 // indirect + github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect + github.com/hashicorp/go-sockaddr v1.0.7 // indirect + github.com/hashicorp/go-uuid v1.0.3 // indirect + github.com/hashicorp/yamux v0.1.2 // indirect + github.com/mattn/go-colorable v0.1.14 // indirect + github.com/mattn/go-isatty v0.0.20 // indirect + github.com/mitchellh/mapstructure v1.5.0 // indirect + github.com/oklog/run v1.2.0 // indirect + github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/ryanuber/go-glob v1.0.0 // indirect + github.com/stretchr/testify v1.11.1 // indirect + golang.org/x/net v0.44.0 // indirect + golang.org/x/sys v0.36.0 // indirect + golang.org/x/text v0.29.0 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 // indirect + google.golang.org/grpc v1.75.1 // indirect + google.golang.org/protobuf v1.36.10 // indirect + gopkg.in/yaml.v3 v3.0.1 // indirect +) diff --git a/plugins/kms/mains/ibmkp/go.sum b/plugins/kms/mains/ibmkp/go.sum new file mode 100644 index 0000000000..cd9cb5af98 --- /dev/null +++ b/plugins/kms/mains/ibmkp/go.sum @@ -0,0 +1,132 @@ +github.com/IBM/keyprotect-go-client v0.15.1 h1:m4qzqF5zOumRxKZ8s7vtK7A/UV/D278L8xpRG+WgT0s= +github.com/IBM/keyprotect-go-client v0.15.1/go.mod h1:asXtHwL/4uCHA221Vd/7SkXEi2pcRHDzPyyksc1DthE= +github.com/bufbuild/protocompile v0.14.1 h1:iA73zAf/fyljNjQKwYzUHD6AD4R8KMasmwa/FBatYVw= +github.com/bufbuild/protocompile v0.14.1/go.mod h1:ppVdAIhbr2H8asPk6k4pY7t9zB1OU5DoEw9xY/FUi1c= +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= +github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= +github.com/go-logr/logr v1.4.3 h1:CjnDlHq8ikf6E492q6eKboGOC0T8CDaOvkHCIg8idEI= +github.com/go-logr/logr v1.4.3/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= +github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= +github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek= +github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= +github.com/google/go-cmp v0.7.0 h1:wk8382ETsv4JYUZwIsn6YpYiWiBsYLSJiTsyBybVuN8= +github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX3N/iU= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542 h1:2VTzZjLZBgl62/EtslCrtky5vbi9dd7HrQPQIx6wqiw= +github.com/h2non/parth v0.0.0-20190131123155-b4df798d6542/go.mod h1:Ow0tF8D4Kplbc8s8sSb3V2oUCygFHVp8gC3Dn6U4MNI= +github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= +github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= +github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= +github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8 h1:/GIUjn9GkFXMk/8/irRdbdtmx8CcyeyWdVy/E5LvzyA= +github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.8/go.mod h1:JDc9UOD4EVRDIwPVethJcT5Ibi/Nas6eQDPtA60iwP0= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.19 h1:FX7HrkfkYomf4SlMrwzOP32FXuFltq34Qy/gXk1Tp5Y= +github.com/hashicorp/go-kms-wrapping/v2 v2.0.19/go.mod h1:wpZygQlPUUGt4Klgg+RlCaq/KRe8XinEzqTf7QmvrNo= +github.com/hashicorp/go-kms-wrapping/wrappers/ibmkp/v2 v2.0.0 h1:M2dN1Hd4BhAdJf9k07+I0vsSwuaOQ236lRYqSzUGZnE= +github.com/hashicorp/go-kms-wrapping/wrappers/ibmkp/v2 v2.0.0/go.mod h1:q7YuFP0xds3wMWJW1ouoLCcp9rVwO1Qf1ewM9MP9AKI= +github.com/hashicorp/go-plugin v1.7.0 h1:YghfQH/0QmPNc/AZMTFE3ac8fipZyZECHdDPshfk+mA= +github.com/hashicorp/go-plugin v1.7.0/go.mod h1:BExt6KEaIYx804z8k4gRzRLEvxKVb+kn0NMcihqOqb8= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.8 h1:ylXZWnqa7Lhqpk0L1P1LzDtGcCR0rPVUrx/c8Unxc48= +github.com/hashicorp/go-retryablehttp v0.7.8/go.mod h1:rjiScheydd+CxvumBsIrFKlx3iS0jrZ7LvzFGFmuKbw= +github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 h1:ET4pqyjiGmY09R5y+rSd70J2w45CtbWDNvGqWp/R3Ng= +github.com/hashicorp/go-secure-stdlib/base62 v0.1.2/go.mod h1:EdWO6czbmthiwZ3/PUsDV+UD1D5IRU4ActiaWGwt0Yw= +github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0 h1:U+kC2dOhMFQctRfhK0gRctKAPTloZdMU5ZJxaesJ/VM= +github.com/hashicorp/go-secure-stdlib/parseutil v0.2.0/go.mod h1:Ll013mhdmsVDuoIXVfBtvgGJsXDYkTw1kooNcoCXuE0= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= +github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= +github.com/hashicorp/go-sockaddr v1.0.7 h1:G+pTkSO01HpR5qCxg7lxfsFEZaG+C0VssTy/9dbT+Fw= +github.com/hashicorp/go-sockaddr v1.0.7/go.mod h1:FZQbEYa1pxkQ7WLpyXJ6cbjpT8q0YgQaK/JakXqGyWw= +github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= +github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= +github.com/hashicorp/yamux v0.1.2 h1:XtB8kyFOyHXYVFnwT5C3+Bdo8gArse7j2AQ0DA0Uey8= +github.com/hashicorp/yamux v0.1.2/go.mod h1:C+zze2n6e/7wshOZep2A70/aQU6QBRWJO/G6FT1wIns= +github.com/jhump/protoreflect v1.17.0 h1:qOEr613fac2lOuTgWN4tPAtLL7fUSbuJL5X5XumQh94= +github.com/jhump/protoreflect v1.17.0/go.mod h1:h9+vUUL38jiBzck8ck+6G/aeMX8Z4QUY/NiJPwPNi+8= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= +github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= +github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= +github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= +github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= +github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= +github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= +github.com/mattn/go-colorable v0.1.14 h1:9A9LHSqF/7dyVVX6g0U9cwm9pG3kP9gSzcuIPHPsaIE= +github.com/mattn/go-colorable v0.1.14/go.mod h1:6LmQG8QLFO4G5z1gPvYEzlUgJ2wF+stgPZH1UqBm1s8= +github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= +github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= +github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= +github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= +github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= +github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= +github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms= +github.com/oklog/run v1.2.0 h1:O8x3yXwah4A73hJdlrwo/2X6J62gE5qTMusH0dvz60E= +github.com/oklog/run v1.2.0/go.mod h1:mgDbKRSwPhJfesJ4PntqFUbKQRZ50NgmZTSPlFA0YFk= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/rogpeppe/go-internal v1.8.1 h1:geMPLpDpQOgVyCg5z5GoRwLHepNdb71NXb67XFkP+Eg= +github.com/rogpeppe/go-internal v1.8.1/go.mod h1:JeRgkft04UBgHMgCIwADu4Pn6Mtm5d4nPKWu0nJ5d+o= +github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= +github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= +github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= +github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1FQKckRals= +github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U= +github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/otel v1.37.0 h1:9zhNfelUvx0KBfu/gb+ZgeAfAgtWrfHJZcAqFC228wQ= +go.opentelemetry.io/otel v1.37.0/go.mod h1:ehE/umFRLnuLa/vSccNq9oS1ErUlkkK71gMcN34UG8I= +go.opentelemetry.io/otel/metric v1.37.0 h1:mvwbQS5m0tbmqML4NqK+e3aDiO02vsf/WgbsdpcPoZE= +go.opentelemetry.io/otel/metric v1.37.0/go.mod h1:04wGrZurHYKOc+RKeye86GwKiTb9FKm1WHtO+4EVr2E= +go.opentelemetry.io/otel/sdk v1.37.0 h1:ItB0QUqnjesGRvNcmAcU0LyvkVyGJ2xftD29bWdDvKI= +go.opentelemetry.io/otel/sdk v1.37.0/go.mod h1:VredYzxUvuo2q3WRcDnKDjbdvmO0sCzOvVAiY+yUkAg= +go.opentelemetry.io/otel/sdk/metric v1.37.0 h1:90lI228XrB9jCMuSdA0673aubgRobVZFhbjxHHspCPc= +go.opentelemetry.io/otel/sdk/metric v1.37.0/go.mod h1:cNen4ZWfiD37l5NhS+Keb5RXVWZWpRE+9WyVCpbo5ps= +go.opentelemetry.io/otel/trace v1.37.0 h1:HLdcFNbRQBE2imdSEgm/kwqmQj1Or1l/7bW6mxVK7z4= +go.opentelemetry.io/otel/trace v1.37.0/go.mod h1:TlgrlQ+PtQO5XFerSPUYG0JSgGyryXewPGyayAWSBS0= +golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I= +golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= +golang.org/x/sys v0.0.0-20200116001909-b77594299b42/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= +golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k= +golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks= +golang.org/x/text v0.29.0 h1:1neNs90w9YzJ9BocxfsQNHKuAT4pkghyXc4nhZ6sJvk= +golang.org/x/text v0.29.0/go.mod h1:7MhJOA9CD2qZyOKYazxdYMF85OwPdEr9jTtBpO7ydH4= +gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= +gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797 h1:CirRxTOwnRWVLKzDNrs0CXAaVozJoR4G9xvdRecrdpk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20251002232023-7c0ddcbb5797/go.mod h1:HSkG/KdJWusxU1F6CNrwNDjBMgisKxGnc5dAZfT0mjQ= +google.golang.org/grpc v1.75.1 h1:/ODCNEuf9VghjgO3rqLcfg8fiOP0nSluljWFlDxELLI= +google.golang.org/grpc v1.75.1/go.mod h1:JtPAzKiq4v1xcAB2hydNlWI2RnF85XXcV0mhKXr2ecQ= +google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= +google.golang.org/protobuf v1.36.10/go.mod h1:HTf+CrKn2C3g5S8VImy6tdcUvCska2kB7j23XfzDpco= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15 h1:YR8cESwS4TdDjEe65xsg0ogRM/Nc3DYOhEAlW+xobZo= +gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/h2non/gock.v1 v1.1.2 h1:jBbHXgGBK/AoPVfJh5x4r/WxIrElvbLel8TCZkkZJoY= +gopkg.in/h2non/gock.v1 v1.1.2/go.mod h1:n7UGz/ckNChHiK05rDoiC4MYSunEC/lyaUm2WWaDva0= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/plugins/kms/mains/ibmkp/main.go b/plugins/kms/mains/ibmkp/main.go new file mode 100644 index 0000000000..d196493a9a --- /dev/null +++ b/plugins/kms/mains/ibmkp/main.go @@ -0,0 +1,20 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package main + +import ( + "fmt" + "os" + + gkwp "github.com/hashicorp/go-kms-wrapping/plugin/v2" + "github.com/hashicorp/go-kms-wrapping/wrappers/ibmkp/v2" +) + +func main() { + if err := gkwp.ServePlugin(ibmkp.NewWrapper()); err != nil { + fmt.Println("Error serving plugin", err) + os.Exit(1) + } + os.Exit(0) +} diff --git a/sdk/pbs/controller/api/resources/accounts/account.pb.go b/sdk/pbs/controller/api/resources/accounts/account.pb.go index b22f800066..5a17d0d741 100644 --- a/sdk/pbs/controller/api/resources/accounts/account.pb.go +++ b/sdk/pbs/controller/api/resources/accounts/account.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/accounts/v1/account.proto diff --git a/sdk/pbs/controller/api/resources/aliases/alias.pb.go b/sdk/pbs/controller/api/resources/aliases/alias.pb.go index b51c297385..e08ea64946 100644 --- a/sdk/pbs/controller/api/resources/aliases/alias.pb.go +++ b/sdk/pbs/controller/api/resources/aliases/alias.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/aliases/v1/alias.proto diff --git a/sdk/pbs/controller/api/resources/authmethods/auth_method.pb.go b/sdk/pbs/controller/api/resources/authmethods/auth_method.pb.go index 2e323f5316..da9de35a9b 100644 --- a/sdk/pbs/controller/api/resources/authmethods/auth_method.pb.go +++ b/sdk/pbs/controller/api/resources/authmethods/auth_method.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/authmethods/v1/auth_method.proto diff --git a/sdk/pbs/controller/api/resources/authtokens/authtoken.pb.go b/sdk/pbs/controller/api/resources/authtokens/authtoken.pb.go index 1b7972e84c..e0a079970c 100644 --- a/sdk/pbs/controller/api/resources/authtokens/authtoken.pb.go +++ b/sdk/pbs/controller/api/resources/authtokens/authtoken.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/authtokens/v1/authtoken.proto diff --git a/sdk/pbs/controller/api/resources/billing/billing.pb.go b/sdk/pbs/controller/api/resources/billing/billing.pb.go index 058bd91cc8..f9e3a7bb4c 100644 --- a/sdk/pbs/controller/api/resources/billing/billing.pb.go +++ b/sdk/pbs/controller/api/resources/billing/billing.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/billing/v1/billing.proto diff --git a/sdk/pbs/controller/api/resources/credentiallibraries/credential_library.pb.go b/sdk/pbs/controller/api/resources/credentiallibraries/credential_library.pb.go index 6c02566714..aa2402579e 100644 --- a/sdk/pbs/controller/api/resources/credentiallibraries/credential_library.pb.go +++ b/sdk/pbs/controller/api/resources/credentiallibraries/credential_library.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/credentiallibraries/v1/credential_library.proto diff --git a/sdk/pbs/controller/api/resources/credentials/credential.pb.go b/sdk/pbs/controller/api/resources/credentials/credential.pb.go index 7321249443..ca908ac033 100644 --- a/sdk/pbs/controller/api/resources/credentials/credential.pb.go +++ b/sdk/pbs/controller/api/resources/credentials/credential.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/credentials/v1/credential.proto diff --git a/sdk/pbs/controller/api/resources/credentialstores/credential_store.pb.go b/sdk/pbs/controller/api/resources/credentialstores/credential_store.pb.go index 56af18ae98..32e351dbcd 100644 --- a/sdk/pbs/controller/api/resources/credentialstores/credential_store.pb.go +++ b/sdk/pbs/controller/api/resources/credentialstores/credential_store.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/credentialstores/v1/credential_store.proto diff --git a/sdk/pbs/controller/api/resources/groups/group.pb.go b/sdk/pbs/controller/api/resources/groups/group.pb.go index 00dbcb770f..8ea6641ab9 100644 --- a/sdk/pbs/controller/api/resources/groups/group.pb.go +++ b/sdk/pbs/controller/api/resources/groups/group.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/groups/v1/group.proto diff --git a/sdk/pbs/controller/api/resources/hostcatalogs/host_catalog.pb.go b/sdk/pbs/controller/api/resources/hostcatalogs/host_catalog.pb.go index 7e47134242..c4f1049680 100644 --- a/sdk/pbs/controller/api/resources/hostcatalogs/host_catalog.pb.go +++ b/sdk/pbs/controller/api/resources/hostcatalogs/host_catalog.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/hostcatalogs/v1/host_catalog.proto diff --git a/sdk/pbs/controller/api/resources/hosts/host.pb.go b/sdk/pbs/controller/api/resources/hosts/host.pb.go index 80f016c2a1..60d70d6338 100644 --- a/sdk/pbs/controller/api/resources/hosts/host.pb.go +++ b/sdk/pbs/controller/api/resources/hosts/host.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/hosts/v1/host.proto diff --git a/sdk/pbs/controller/api/resources/hostsets/host_set.pb.go b/sdk/pbs/controller/api/resources/hostsets/host_set.pb.go index 1507c8ef79..479fa04ca4 100644 --- a/sdk/pbs/controller/api/resources/hostsets/host_set.pb.go +++ b/sdk/pbs/controller/api/resources/hostsets/host_set.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/hostsets/v1/host_set.proto diff --git a/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go b/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go index f84b928325..c4d41b220e 100644 --- a/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go +++ b/sdk/pbs/controller/api/resources/managedgroups/managed_group.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/managedgroups/v1/managed_group.proto diff --git a/sdk/pbs/controller/api/resources/plugins/plugin.pb.go b/sdk/pbs/controller/api/resources/plugins/plugin.pb.go index 50b40aa4f4..903019a250 100644 --- a/sdk/pbs/controller/api/resources/plugins/plugin.pb.go +++ b/sdk/pbs/controller/api/resources/plugins/plugin.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/plugins/v1/plugin.proto diff --git a/sdk/pbs/controller/api/resources/policies/policy.pb.go b/sdk/pbs/controller/api/resources/policies/policy.pb.go index f67cef2ac3..6b1a952da3 100644 --- a/sdk/pbs/controller/api/resources/policies/policy.pb.go +++ b/sdk/pbs/controller/api/resources/policies/policy.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/policies/v1/policy.proto diff --git a/sdk/pbs/controller/api/resources/roles/role.pb.go b/sdk/pbs/controller/api/resources/roles/role.pb.go index 6ecf00ad67..757c169ddc 100644 --- a/sdk/pbs/controller/api/resources/roles/role.pb.go +++ b/sdk/pbs/controller/api/resources/roles/role.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/roles/v1/role.proto diff --git a/sdk/pbs/controller/api/resources/scopes/scope.pb.go b/sdk/pbs/controller/api/resources/scopes/scope.pb.go index af35e7ae04..c2b8b55703 100644 --- a/sdk/pbs/controller/api/resources/scopes/scope.pb.go +++ b/sdk/pbs/controller/api/resources/scopes/scope.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/scopes/v1/scope.proto diff --git a/sdk/pbs/controller/api/resources/session_recordings/session_recording.pb.go b/sdk/pbs/controller/api/resources/session_recordings/session_recording.pb.go index 7c727a3dc3..0c1448e884 100644 --- a/sdk/pbs/controller/api/resources/session_recordings/session_recording.pb.go +++ b/sdk/pbs/controller/api/resources/session_recordings/session_recording.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/sessionrecordings/v1/session_recording.proto diff --git a/sdk/pbs/controller/api/resources/sessions/session.pb.go b/sdk/pbs/controller/api/resources/sessions/session.pb.go index 24ad54d8e2..0d61275d0a 100644 --- a/sdk/pbs/controller/api/resources/sessions/session.pb.go +++ b/sdk/pbs/controller/api/resources/sessions/session.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/sessions/v1/session.proto diff --git a/sdk/pbs/controller/api/resources/storagebuckets/storage_bucket.pb.go b/sdk/pbs/controller/api/resources/storagebuckets/storage_bucket.pb.go index 04b7eafac6..ea80549991 100644 --- a/sdk/pbs/controller/api/resources/storagebuckets/storage_bucket.pb.go +++ b/sdk/pbs/controller/api/resources/storagebuckets/storage_bucket.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/storagebuckets/v1/storage_bucket.proto diff --git a/sdk/pbs/controller/api/resources/targets/target.pb.go b/sdk/pbs/controller/api/resources/targets/target.pb.go index 83d0ce6749..dbfe433365 100644 --- a/sdk/pbs/controller/api/resources/targets/target.pb.go +++ b/sdk/pbs/controller/api/resources/targets/target.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/targets/v1/target.proto diff --git a/sdk/pbs/controller/api/resources/users/user.pb.go b/sdk/pbs/controller/api/resources/users/user.pb.go index c6a6a0ba6b..b20ca3f9c5 100644 --- a/sdk/pbs/controller/api/resources/users/user.pb.go +++ b/sdk/pbs/controller/api/resources/users/user.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/users/v1/user.proto diff --git a/sdk/pbs/controller/api/resources/workers/worker.pb.go b/sdk/pbs/controller/api/resources/workers/worker.pb.go index b38821a39c..e66b402d2d 100644 --- a/sdk/pbs/controller/api/resources/workers/worker.pb.go +++ b/sdk/pbs/controller/api/resources/workers/worker.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/api/resources/workers/v1/worker.proto diff --git a/sdk/pbs/controller/protooptions/options.pb.go b/sdk/pbs/controller/protooptions/options.pb.go index d954b8025a..7053391cca 100644 --- a/sdk/pbs/controller/protooptions/options.pb.go +++ b/sdk/pbs/controller/protooptions/options.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/custom_options/v1/options.proto diff --git a/sdk/pbs/controller/protooptions/testing.pb.go b/sdk/pbs/controller/protooptions/testing.pb.go index 9aae4cf2b0..583c3b6bb4 100644 --- a/sdk/pbs/controller/protooptions/testing.pb.go +++ b/sdk/pbs/controller/protooptions/testing.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: controller/custom_options/v1/testing.proto diff --git a/sdk/pbs/plugin/host_plugin_service.pb.go b/sdk/pbs/plugin/host_plugin_service.pb.go index 271bdf9bab..23300133a6 100644 --- a/sdk/pbs/plugin/host_plugin_service.pb.go +++ b/sdk/pbs/plugin/host_plugin_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: plugin/v1/host_plugin_service.proto diff --git a/sdk/pbs/plugin/storage_plugin_service.pb.go b/sdk/pbs/plugin/storage_plugin_service.pb.go index eb4199288c..7044d0ae69 100644 --- a/sdk/pbs/plugin/storage_plugin_service.pb.go +++ b/sdk/pbs/plugin/storage_plugin_service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: plugin/v1/storage_plugin_service.proto diff --git a/sdk/pbs/proxy/proxy.pb.go b/sdk/pbs/proxy/proxy.pb.go index 0e5405fab8..5a676bfc1f 100644 --- a/sdk/pbs/proxy/proxy.pb.go +++ b/sdk/pbs/proxy/proxy.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.36.8 +// protoc-gen-go v1.36.10 // protoc (unknown) // source: worker/proxy/v1/proxy.proto diff --git a/version/VERSION b/version/VERSION index a881cf79f2..a158e5b625 100644 --- a/version/VERSION +++ b/version/VERSION @@ -1 +1 @@ -0.20.0 \ No newline at end of file +0.20.2 \ No newline at end of file diff --git a/website/content/docs/api-clients/desktop.mdx b/website/content/docs/api-clients/desktop.mdx index ba74487f21..d4e0d8be98 100644 --- a/website/content/docs/api-clients/desktop.mdx +++ b/website/content/docs/api-clients/desktop.mdx @@ -10,7 +10,7 @@ description: >- Boundary Desktop is a standalone application that provides a simple interface for browsing and connecting to targets on your local computer (macOS and Windows currently supported). Launch a session in Boundary Desktop and then make a connection -using your favorite tooling! +using your favorite tooling. ## Get started diff --git a/website/content/docs/api/index.mdx b/website/content/docs/api/index.mdx index caafd12f75..069e10dad0 100644 --- a/website/content/docs/api/index.mdx +++ b/website/content/docs/api/index.mdx @@ -13,7 +13,11 @@ Before reading this page, it is useful to understand Boundary's [domain model](/ Boundary's API is also described via OpenAPI v2; the version corresponding to any tag of Boundary's source code can be found in Boundary's [GitHub repository](https://github.com/hashicorp/boundary/blob/main/internal/gen/controller.swagger.json). --> **NOTE:** A rendered version of this generated API definition can be found on the [API page](/boundary/api-docs). + + +Refer to the [API page](/boundary/api-docs) for a rendered version of this generated API definition. + + Boundary's current API version is 1; all API paths begin with `/v1/`. diff --git a/website/content/docs/architecture/high-availability.mdx b/website/content/docs/architecture/high-availability.mdx index 6c57ec41bf..ab7eabe200 100644 --- a/website/content/docs/architecture/high-availability.mdx +++ b/website/content/docs/architecture/high-availability.mdx @@ -24,6 +24,8 @@ The following ports should be available: The general architecture for the server infrastructure requires 3 controllers and 3 workers. Note that it is possible to run a controller and worker within the same process, but the guide here assumes separate deployments. The documentation here uses virtual machines running on Amazon EC2 as the example environment, but this use case can be extrapolated to almost any cloud platform to suit operator needs: ![](/img/boundary-network.png) +![Boundary network diagram](/img/boundary-network_light.png#light-theme-only) +![Boundary network diagram](/img/boundary-network_dark.png#dark-theme-only) As shown above, Boundary is broken up into its controller and worker server components across 3 [EC2 instances](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance), in 3 separate [subnets](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/subnet), in three separate availability zones, with the controller API and UI being publically exposed by an [application load balancer (ALB)](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb). The worker and controller VM's are in independent [auto-scaling groups](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/autoscaling_group), allowing them to maintain their exact capacity. diff --git a/website/content/docs/client-agent/troubleshoot.mdx b/website/content/docs/client-agent/troubleshoot.mdx index 0a4f9ea0c6..5720a12bfd 100644 --- a/website/content/docs/client-agent/troubleshoot.mdx +++ b/website/content/docs/client-agent/troubleshoot.mdx @@ -273,7 +273,7 @@ Refer to the following table for known issues with the Client Agent that may aff | Issue | Description | | ----- | ----------- | -| SSH connection fails with man-in-the-middle warning | On Linux systems, the initial transparent session may be successful, but any subsequent connections prompt a warning that you may be experiencing a man-in-the-middle attack.

For more information, refer to [WARNING! Remote host indentification has changed! It is possible that someone is doing something nasty!](/boundary/docs/api-clients/client-agent#warning-remote-host-indentification-has-changed-it-is-possible-that-someone-is-doing-something-nasty) in the **Common error messages** section.| +| SSH connection fails with man-in-the-middle warning | On Linux systems, the initial transparent session may be successful, but any subsequent connections prompt a warning that you may be experiencing a man-in-the-middle attack.

For more information, refer to [WARNING! Remote host indentification has changed! It is possible that someone is doing something nasty!](/boundary/docs/client-agent/troubleshoot#warning-remote-host-indentification-has-changed-it-is-possible-that-someone-is-doing-something-nasty) in the **Common error messages** section.| | Boundary Client Agent authentication does not persist across restarts | When you reboot, you are required to re-authenticate to the Client Agent before you can use transparent sessions. | | Windows installer prompts for restart | When you install Boundary, the Windows installer occasionally prompts you to restart your computer, however it is not necessary. | | Boundary Client Agent resumes on reboot | If the Client Agent is paused and the machine is rebooted, the Client Agent will be resumed after the reboot. | diff --git a/website/content/docs/configuration/kms/aead.mdx b/website/content/docs/configuration/kms/aead.mdx index d6e29dd4bf..e3b77bd526 100644 --- a/website/content/docs/configuration/kms/aead.mdx +++ b/website/content/docs/configuration/kms/aead.mdx @@ -29,3 +29,5 @@ kms "aead" { - `key` - The base64-encoded 256-bit encryption key. - `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. diff --git a/website/content/docs/configuration/kms/alicloudkms.mdx b/website/content/docs/configuration/kms/alicloudkms.mdx index 5c941ef8fa..78a0b25b47 100644 --- a/website/content/docs/configuration/kms/alicloudkms.mdx +++ b/website/content/docs/configuration/kms/alicloudkms.mdx @@ -24,6 +24,7 @@ kms "alicloudkms" { access_key = "0wNEpMMlzy7szvai" secret_key = "PupkTg8jdmau1cXxYacgE736PJj4cA" kms_key_id = "08c33a6f-4e0a-4a1b-a3fa-7ddfa1d4fb73" + key_id = "global_worker-auth" } ``` @@ -54,6 +55,10 @@ These parameters apply to the `kms` stanza in the Boundary configuration file: and decryption. May also be specified by the `ALICLOUDKMS_WRAPPER_KEY_ID` environment variable. +- `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. + ## Authentication Authentication-related values must be provided, either as environment diff --git a/website/content/docs/configuration/kms/awskms.mdx b/website/content/docs/configuration/kms/awskms.mdx index 72a3e8a808..667f3dea5e 100644 --- a/website/content/docs/configuration/kms/awskms.mdx +++ b/website/content/docs/configuration/kms/awskms.mdx @@ -22,6 +22,7 @@ kms "awskms" { secret_key = "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY" kms_key_id = "19ec80b0-dfdd-4d97-8164-c6examplekey" endpoint = "https://vpce-0e1bb1852241f8cc6-pzi0do8n.kms.us-east-1.vpce.amazonaws.com" + key_id = "global_worker-auth" } ``` @@ -78,6 +79,10 @@ These parameters apply to the `kms` stanza in the Boundary configuration file: Endpoint](https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html). If not set, Boundary will use the default API endpoint for your region. +- `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. + ## Authentication Authentication-related values must be provided, either as environment diff --git a/website/content/docs/configuration/kms/azurekeyvault.mdx b/website/content/docs/configuration/kms/azurekeyvault.mdx index 66b9275f16..bd9d657e98 100644 --- a/website/content/docs/configuration/kms/azurekeyvault.mdx +++ b/website/content/docs/configuration/kms/azurekeyvault.mdx @@ -25,6 +25,7 @@ kms "azurekeyvault" { client_secret = "DUJDS3..." vault_name = "hc-vault" key_name = "vault_key" + key_id = "global_worker-auth" } ``` @@ -53,6 +54,10 @@ These parameters apply to the `kms` stanza in the Vault configuration file: - `key_name` `(string: )`: The Key Vault key to use for encryption and decryption. May also be specified by the `AZUREKEYVAULT_WRAPPER_KEY_NAME` environment variable. +- `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. + ## Authentication Authentication-related values must be provided, either as environment diff --git a/website/content/docs/configuration/kms/gcpckms.mdx b/website/content/docs/configuration/kms/gcpckms.mdx index 5ff0f21ab5..d9a4f58fbe 100644 --- a/website/content/docs/configuration/kms/gcpckms.mdx +++ b/website/content/docs/configuration/kms/gcpckms.mdx @@ -24,6 +24,7 @@ kms "gcpckms" { region = "global" key_ring = "boundary-keyring" crypto_key = "boundary-key" + key_id = "global_worker-auth" } ``` @@ -53,6 +54,10 @@ These parameters apply to the `kms` stanza in the Boundary configuration file: encryption and decryption. May also be specified by the `GCPCKMS_WRAPPER_CRYPTO_KEY` environment variable. +- `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. + ## Authentication & permissions Authentication-related values must be provided, either as environment diff --git a/website/content/docs/configuration/kms/transit.mdx b/website/content/docs/configuration/kms/transit.mdx index 891ea9b16a..f3086c1d3c 100644 --- a/website/content/docs/configuration/kms/transit.mdx +++ b/website/content/docs/configuration/kms/transit.mdx @@ -22,6 +22,7 @@ kms "transit" { address = "https://vault:8200" token = "s.Qf1s5zigZ4OX6akYjQXJC1jY" disable_renewal = "false" + key_id = "global_worker-auth" // Key configuration key_name = "transit_key_name" @@ -87,6 +88,10 @@ These parameters apply to the `kms` stanza in the Vault configuration file: transmissions to and from the Vault server. This may also be specified using the `VAULT_SKIP_VERIFY` environment variable. +- `key_id` - The unique name of this key. +It is used to identify the key when you perform a root key migration. +You can use the `key_id` field with all KMS stanzas. + ## Authentication Authentication-related values must be provided, either as environment diff --git a/website/content/docs/credentials/rdp-testing-and-compatibility-matrix.mdx b/website/content/docs/credentials/rdp-testing-and-compatibility-matrix.mdx index e06f450362..d966dbc05c 100644 --- a/website/content/docs/credentials/rdp-testing-and-compatibility-matrix.mdx +++ b/website/content/docs/credentials/rdp-testing-and-compatibility-matrix.mdx @@ -194,9 +194,9 @@ A: This is a known issue. The client currently does not support more than one co A: No. At this time, only servers using traditional Kerberos or NTLMv2 authentication are supported. -**Q: The macOS RDP client is asking for a password. Is injection not working?** +**Q: The macOS Windows App is asking for a password. Is injection not working?** -A: This is a known behavior of the macOS client. You can leave the password field blank and proceed; Boundary will still inject the correct credentials in the background. +A: This is a known behavior of the macOS Windows App. You can leave the password field blank and proceed; Boundary will still inject the correct credentials in the background. ## More information diff --git a/website/content/docs/credentials/static-cred-boundary.mdx b/website/content/docs/credentials/static-cred-boundary.mdx index 89f73698e1..f26fff08d3 100644 --- a/website/content/docs/credentials/static-cred-boundary.mdx +++ b/website/content/docs/credentials/static-cred-boundary.mdx @@ -121,6 +121,6 @@ When you use credential brokering, Boundary centrally manages credentials and re Credential injection requires HCP Boundary or Boundary Enterprise, and it provides end users with a passwordless experience when they connect to targets. - [Configure a target for credential brokering](/boundary/docs/credentials/configure-credential-brokering) -- [Configure a target for credential injection](/boundary/docs/credentials/configure-credential-brokering) +- [Configure a target for credential injection](/boundary/docs/credentials/configure-credential-injection) To learn more about what is supported for the RDP credential injection beta and to view known issues, refer to [RDP credential injection compatibility](/boundary/docs/credentials/rdp-testing-and-compatibility-matrix). \ No newline at end of file diff --git a/website/content/docs/domain-model/credential-libraries.mdx b/website/content/docs/domain-model/credential-libraries.mdx index b6216d8c17..d08b57240b 100644 --- a/website/content/docs/domain-model/credential-libraries.mdx +++ b/website/content/docs/domain-model/credential-libraries.mdx @@ -59,7 +59,7 @@ Alternatively, you could set the `session_connection_limit` to `1` for any targe - `vault-path` - (required) The path in Vault to request credentials from. - `username` - (required) The username to use with the SSH certificate. -You can create a template for this value using [Vault credential library parameter templating](#vault-credential-library-parameter-templating). +You can create a template for this value using [Vault credential library parameter templating](#vault-generic-credential-library-parameter-templating). - `key_type` - (optional) The type of key to use for the generated SSH private key. The key type is either `ed25519`, `ecdsa`, or `rsa`. @@ -73,7 +73,7 @@ The number of bits depends on the `key_type` value you select: - `ttl` - (optional) The SSH certificate's time-to-live (TTL). -- `key_id` - (optional) The key ID for the created SSH certificate. +- `key_id` - (optional) The key ID for the created SSH certificate. You can create a template for this value using [Vault credential library parameter templating](#vault-certificates-library-parameter-templating). - `critical_options` - (optional) Any critical options that the certificate should be signed for. For more information, refer to the [list of critical options](https://github.com/openssh/openssh-portable/blob/5f93c4836527d9fda05de8944a1c7b4a205080c7/PROTOCOL.certkeys#L221-L269) supported by OpenSSH. @@ -86,11 +86,13 @@ Note that the `permit-pty` value should be set for an interactive shell to funct For more information, refer to OpenSSH's ["valid principals" definition](https://github.com/openssh/openssh-portable/blob/5f93c4836527d9fda05de8944a1c7b4a205080c7/PROTOCOL.certkeys#L176-L181) as well as Vault's documentation for the [SSH secrets engine](https://developer.hashicorp.com/vault/api-docs/secret/ssh#valid_principals). Note that all SSH certificates issued by a Vault SSH certificate credential library use the `SSH_CERT_TYPE_USER` certificate type mentioned in the OpenSSH definition link. -### Vault credential library parameter templating +### Vault parameter templating Sometimes it can be useful to provide information about a Boundary user or account when making a call to Vault. For example, this can allow picking the correct role when asking for database credentials (if roles are separated per-user), or providing a value to encode in an X.509 certificate generated by Vault. You can template user and account information into either the path in Vault, the `POST` request body, or both. -The following Vault template parameters are supported in Boundary. +#### Vault generic credential library parameter templating + +The following Vault template parameters are supported in Boundary's Vault generic credential library. Note that account values are tied to the account associated with the token used to make the call: - `{{.User.Id}}` - The user's ID. @@ -105,7 +107,15 @@ This value may not be populated, or it may be different from the account name us - `{{.Account.Subject}}` - The account's subject, if a subject is used by that type of account. - `{{.Account.Email}}` - The account's email, if email is used by that type of account. -Additionally, there are a couple of useful functions: +#### Vault certificates library parameter templating + +The following Vault template parameters are supported in Boundary's Vault certificate library. +Note that account values are tied to the account associated with the token used to make the call: + +- `{{.User.Name}}` - The user's name from the user resource. +- `{{.Account.Id}}` - The account's ID. + +#### Useful templating functions: The `truncateFrom` function strips the rest of a string after a specified substring. This function is useful for pulling a user or account name from an diff --git a/website/content/docs/domain-model/credential-stores.mdx b/website/content/docs/domain-model/credential-stores.mdx index 6b6538d190..38968f910f 100644 --- a/website/content/docs/domain-model/credential-stores.mdx +++ b/website/content/docs/domain-model/credential-stores.mdx @@ -122,8 +122,7 @@ removed from the credential store. #### Vault Boundary controller policy -The token Boundary receives must have the capabilities listed below. An explanation -for the use of each capability is given. +The token Boundary receives must have the capabilities in the policy below. An explanation for each capability is documented above the written policy. ```hcl # Allow Boundary to read and verify the properties of the token. This is @@ -165,14 +164,41 @@ path "sys/capabilities-self" { } ``` -The above [`boundary-controller` policy](https://boundaryproject.io/data/vault/boundary-controller-policy.hcl) is -available for download. Below is an example of writing this policy to Vault: +Follow the steps below to write this policy to Vault. + +Create the policy: ```shell-session -# Download the policy -$ curl https://boundaryproject.io/data/vault/boundary-controller-policy.hcl -O -s -L +$ cat > boundary-controller-policy.hcl <- + Understand the mechanisms involved in a secure Boundary deployment, which threats are considered part of the security model, and HCP Boundary's architecture. +--- + +# Security model + +Boundary brokers secure, auditable connections to infrastructure targets while keeping credentials hidden and enforcing least-privilege policy. +The security model ensures [confidentiality, integrity, authentication, and accountability](http://www.wikipedia.org/wiki/Information_security) for all access and session brokering operations. + +Defense in depth is crucial for secure privileged access management, and deployment requirements may differ dramatically depending on your use case. +This documentation may need to be adapted to your situation, but the general mechanisms for a secure Boundary deployment revolve around: + +- [mTLS](/boundary/docs/secure/encryption/connections-tls) - Mutual TLS authentication between client, controller, and worker components prevents unauthorized access by requiring all parties to present valid certificates. +This requirement protects internal communications and session brokering operations. +- [RBAC](/boundary/docs/rbac) - Boundary's allow-only permissions model enables authorization for authenticated connections by granting capabilities to roles which are then assigned to users, groups, or managed groups. +- [Scopes](/boundary/docs/domain-model) - Access to targets within organizations and projects can be controlled to allow for granular access to infrastructure resources. +- [Data encryption](/boundary/docs/secure/encryption/data-encryption) - Sensitive data stored in Boundary's database is protected using envelope encryption with external key management systems. + +The combination of these mechanisms creates a strong security posture, enabling administrators to enforce least-privilege access, decouple credentials from end users, maintain comprehensive audit logs, and ensure secure network traversal without direct connectivity to sensitive networks. + +## Threat model + +The following are the various parts of the Boundary threat model: + +- **Eavesdropping on any Boundary communication**. +All communication between clients, controllers, and workers is protected by TLS or mutually authenticated TLS, ensuring confidentiality and integrity. +- **Tampering with data at rest or in transit**. +Any unauthorized modification of session information, configuration, or persistent state should be detected, causing transaction abort or session termination. +- **Access to targets or controls without authentication or authorization**. +All requests must be authenticated and authorized according to defined granular policies. +- **Access to targets or controls without accountability**. +When audit logging is enabled, all access attempts and privileged operations must be logged before sensitive data is transmitted. +- **Confidentiality of managed credentials**. +Credentials brokered by Boundary must never be exposed to clients unless explicitly authorized, preventing credential leakage. +- **Availability of session brokering services**. +Boundary supports highly available deployments to maintain access in case of infrastructure failures. + +## Not in scope + +The following are explicitly not considered part of the Boundary threat model: + +- **Protecting against compromise of Boundary hosts (controllers, workers)**. +An attacker with arbitrary code execution or privileged access on controller or worker hosts can undermine security guarantees. +This includes access to: + - The Boundary data directory containing configuration and state + - Memory of running Boundary controller or worker processes + - The capability to run modified Boundary binaries + - The capability to redirect worker host network traffic +- **Protecting against compromise of end-user or administrator devices**. + - If an attacker compromises a user's device and obtains valid Boundary credentials, they can perform actions with those credentials' privileges. + - Brokered credentials may be returned to the user's device and displayed in plain text. + - Boundary Client Agent specifics: + - The Client Agent stores session credentials and related information in memory. + Boundary CLI persists auth tokens to platform-specific keyring storage. + If an attacker can read the memory of the Client Agent process or has compromised the OS user account under which the Client Agent is running and authenticated, they may be able to access these active session credentials. + - The Client Agent's security relies on the OS user context; an OS user can only connect to sessions managed by the Client Agent if they are the same OS user that initiated the DNS lookup that created the session. + Compromise of this OS user account bypasses the local protection. + - An attacker could subvert the Client Agent's DNS interception mechanism on the local host. +- **Protecting against vulnerabilities in external credential sources**. +Boundary integrates with systems like HashiCorp Vault, cloud IAM services, and other credential stores, but cannot protect against exploits targeting these external services. +- **Protecting against the leakage of the existence of resources**. +While Boundary protects credential details, an attacker with read access to the backend might be able to see that certain targets or auth methods exist, even if they cannot access them. +- **Protecting against network-level denial of service attacks**. +While Boundary supports high-availability configurations and provides rate limiting, it does not include inherent protections against volumetric DoS attacks targeting its network surfaces. +- **Protecting against target application vulnerabilities**. +Once a session is established to a target (SSH server, database, etc.), Boundary cannot protect against vulnerabilities in that target application. + +## HCP Boundary + +HCP Boundary is deployed onto a single AWS region across three availability zones in that region. +Each customer cluster is deployed as a Nomad job of Docker containers. +The Nomad jobs are controlled by an external service that accesses the Nomad cluster through the VPC's PrivateLink. + +![High-level diagram of HCP Boundary architecture](/img/security-model/boundary-architecture.png) + +For a given HCP Boundary cluster, the only user-accessible endpoints are the controllers, which have a randomly-generated 32-character cluster UUID, `https://.boundary.hashicorp.cloud`. +These machine-generated URLs provide no discernible patterns, guarding against the enumeration of controllers. + +### Tenancy model + +HCP Boundary uses a multi-tenant RDS Postgres cluster with a separate database per tenant. +This architecture uses security controls inherent to Postgres' database isolation. +All secret and sensitive row data is encrypted with scope-specific, per-tenant keys. + +This model is commonly referred to as a **siloed** multi-tenant database, as opposed to **bridge** or **pool** models. +A siloed model allows us to maintain the strictest security while simplifying the architecture. + +### Self-managed workers + +Self-managed workers are workers that are managed by administrators outside of the HCP infrastructure, in their cloud or on-premises environments. +Just like all Boundary worker-to-controller and client-to-worker communication, self-managed workers connect to the controller and clients over mutually-authenticated TLS. +For more information about how self-managed workers authenticate to the HCP Boundary controller, refer to [PKI-based worker authentication](/boundary/docs/secure/encryption/connections-tls#pki-based-worker-authentication). + +A compromised worker may result in the compromise of any targets assigned to the worker as well as the integrity of any log data provided by the compromised worker. + +### Storage + +The Boundary controller and worker infrastructure is stateless, whereby all state lives in the RDBMS. +Each HCP Boundary cluster is provided with a separate database inside of an Aurora Postgres cluster. +The [Vault database engine](/vault/docs/secrets/databases) provides access to the database using dynamic credentials that are regularly rotated. + +![High-level diagram of HCP Boundary data at rest](/img/security-model/data-at-rest.png) + +### Data encryption + +HCP Boundary clusters use the [Vault Transit secrets engine](/vault/docs/secrets/transit) for their root, recovery, and worker-auth KMS keys. +Boundary controllers are provided access to the Vault transit keys with a token that is assigned a policy that allows them to access only their individual keys. +These tokens are regularly rotated. + +Administrators may also use an external key management system, including Vault or HCP Vault, to manage the key-encrypting root key. +Refer to the [kms stanza](/boundary/docs/configuration/kms) documentation for more information about supported external KMS systems. + +### Data in transit + +All user-to-controller communication is performed over TLS. +Refer to the [TLS configuration options](/boundary/docs/configuration/listeners/tcp-listeners#tls) in the TCP listeners documentation. + +All other communication, including worker-to-controller and client-to-worker, is performed over mutually-authenticated TLS. +Boundary automatically generates and manages the TLS keys. + +![High-level diagram of HCP Boundary data in transit](/img/security-model/data-in-transit.png) + +### Identity + +The HCP Platform allows administrators to perform high-level cluster operations such as creation and deletion. +You can manage HCP users and their permissions using the [HCP Portal](https://portal.cloud.hashicorp.com). +Once you create an HCP Boundary cluster, you manage Boundary users and permissions within Boundary itself. + +When an administrator creates an HCP cluster tenant, they are prompted to create administrative credentials to bootstrap the cluster. +The administrator can then use Boundary-specific authentication methods to connect directly to the controller and perform administrative tasks. + +## More information + +Refer to the following topics for more information: + +- [TLS in Boundary](/boundary/docs/secure/encryption/connections-tls) +- [Permissions in Boundary](/boundary/docs/rbac) +- [Boundary domain model overview](/boundary/docs/domain-model) +- [Data encryption in Boundary](/boundary/docs/secure/encryption/data-encryption) \ No newline at end of file diff --git a/website/content/docs/session-recording/compliance/configure-storage-policy.mdx b/website/content/docs/session-recording/compliance/configure-storage-policy.mdx index 733df1a756..7f3f31d077 100644 --- a/website/content/docs/session-recording/compliance/configure-storage-policy.mdx +++ b/website/content/docs/session-recording/compliance/configure-storage-policy.mdx @@ -68,8 +68,8 @@ Complete the following steps to create a storage policy in Boundary for session - **Description**: `SOC 2 compliant storage policy for session recordings` - **Retention Policy**: `SOC 2 (7 years)` - **Deletion Policy**: `Custom` - Delete after: `2657` days - Toggle the switch beside **Allow orgs to override**. + - Delete after: `2657` days + - Toggle the switch beside **Allow orgs to override**. 1. Click **Save**. diff --git a/website/content/docs/session-recording/compliance/update-storage-policy.mdx b/website/content/docs/session-recording/compliance/update-storage-policy.mdx index 0adedf6206..f589ad58b6 100644 --- a/website/content/docs/session-recording/compliance/update-storage-policy.mdx +++ b/website/content/docs/session-recording/compliance/update-storage-policy.mdx @@ -69,8 +69,8 @@ The following is an example of updating the `soc2-policy` policy. - **Description**: `SOC 2 compliant storage policy for session recordings, V2` - **Retention Policy**: `SOC 2 (7 years)` - **Deletion Policy**: `Custom` - **Delete after**: `2757` days - Toggle the switch beside **Allow orgs to override** to the off position. + - **Delete after**: `2757` days + - Toggle the switch beside **Allow orgs to override** to the off position. 1. Click **Save**. diff --git a/website/content/docs/session-recording/index.mdx b/website/content/docs/session-recording/index.mdx index 55d1eb0706..d2b8b2ed1d 100644 --- a/website/content/docs/session-recording/index.mdx +++ b/website/content/docs/session-recording/index.mdx @@ -68,7 +68,12 @@ Determining how much storage you need to allocate on workers and the external st When you estimate worker storage requirements, consider the number of concurrent sessions that will be recorded on that worker. Boundary writes the BSR to the worker's local storage while the session is active, and then moves it to the remote storage bucket when the session is closed. -When you estimate storage requirements for the external storage provider, consider your [storage policy](/boundary/docs/domain-model/storage-policy) and how long a BSR will be retained in the external storage bucket. +You use the `recording_storage_minimum_available_capacity` setting to configure the minimum amount of storage space that is required for workers to perform session recording operations. If a worker is at or below the storage threshold, Boundary does not use the worker to record sessions or play back recordings. +Boundary determines the worker's local storage state based on the capacity you configure. +If the worker falls below the storage threshold, or if it runs out of local disk space, it may impact your ability to record sessions. +Refer to [Local storage](/boundary/docs/session-recording/configuration/configure-worker-storage#local-storage) for more information about configuring storage capacity and the possible storage states. + +When you estimate storage requirements for the external storage provider, you should also consider your [storage policy](/boundary/docs/domain-model/storage-policy) and how long a BSR will be retained in the external storage bucket. @@ -81,7 +86,9 @@ Be careful when you use Secure File Copy (SCP) to transfer large files during a ## asciicast When you view recorded sessions using the CLI or Admin UI, Boundary can convert the recording into other formats for playback. -Currently Boundary supports converting the recording of an individual SSH channel into an [asciicast](https://github.com/asciinema/asciinema/blob/develop/doc/asciicast-v2.md) format to play back an interactive SSH session. +Currently Boundary supports converting the recording of an individual SSH channel into an asciicast format to play back an interactive SSH session. + +Refer to the [asciinema documentation](https://docs.asciinema.org/) for more information about the [asciicast](https://docs.asciinema.org/manual/asciicast/v3/) format. ### Limitations diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index 35fa0cb82d..54e25f9718 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -238,6 +238,10 @@ "path": "secure/encryption/connections-tls" } ] + }, + { + "title": "Security model", + "path": "secure/security-model" } ] }, diff --git a/website/public/img/boundary-network.png b/website/public/img/boundary-network.png deleted file mode 100644 index 0695eae68d..0000000000 Binary files a/website/public/img/boundary-network.png and /dev/null differ diff --git a/website/public/img/boundary-network_dark.png b/website/public/img/boundary-network_dark.png new file mode 100644 index 0000000000..a3778c473f Binary files /dev/null and b/website/public/img/boundary-network_dark.png differ diff --git a/website/public/img/boundary-network_light.png b/website/public/img/boundary-network_light.png new file mode 100644 index 0000000000..683e5eab45 Binary files /dev/null and b/website/public/img/boundary-network_light.png differ diff --git a/website/public/img/security-model/boundary-architecture.png b/website/public/img/security-model/boundary-architecture.png new file mode 100644 index 0000000000..18b122702f Binary files /dev/null and b/website/public/img/security-model/boundary-architecture.png differ diff --git a/website/public/img/security-model/data-at-rest.png b/website/public/img/security-model/data-at-rest.png new file mode 100644 index 0000000000..1bdd5c1966 Binary files /dev/null and b/website/public/img/security-model/data-at-rest.png differ diff --git a/website/public/img/security-model/data-in-transit.png b/website/public/img/security-model/data-in-transit.png new file mode 100644 index 0000000000..676005bec8 Binary files /dev/null and b/website/public/img/security-model/data-in-transit.png differ diff --git a/website/redirects.js b/website/redirects.js index 6ceb494b34..9e030a647e 100644 --- a/website/redirects.js +++ b/website/redirects.js @@ -25,20 +25,75 @@ module.exports = [ permanent: true, }, { - source: '/boundary/docs/concepts/index', + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/what-is-boundary', + destination: '/boundary/docs/:version/what-is-boundary', + permanent: true, + }, + { + source: '/boundary/docs/concepts', destination: '/boundary/docs/what-is-boundary', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts', + destination: '/boundary/docs/:version/what-is-boundary', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:11|12|13|14|15)\\.x)/concepts/aliases', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:11|12|13)\\.x)/concepts/connection-workflows/:slug*', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:11|12|13|14|15|16|17)\\.x)/concepts/transparent-sessions', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:11|12|13)\\.x)/concepts/workers', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, { source: '/boundary/docs/roadmap', destination: '/boundary/docs/what-is-boundary', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:11|12|13|14|15|16|17|18)\\.x)/roadmap', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/roadmap', + destination: '/boundary/docs/:version/what-is-boundary', + permanent: true, + }, { source: '/boundary/docs/oss', destination: '/boundary/docs/what-is-boundary', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss', + destination: '/boundary/docs/:version/overview/what-is-boundary', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss', + destination: '/boundary/docs/:version/what-is-boundary', + permanent: true, + }, { source: '/boundary/docs/community', destination: '/boundary/docs/what-is-boundary', @@ -49,6 +104,12 @@ module.exports = [ destination: '/boundary/docs/overview/use-cases', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:11|12|13|14|15|16|17|18|19)\\.x)/use-cases', + destination: '/boundary/docs/:version/overview/use-cases', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:10)\\.x)/overview/use-cases', destination: '/boundary/docs/:version/use-cases', @@ -59,6 +120,12 @@ module.exports = [ destination: '/boundary/docs/overview/use-cases', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/other-software', + destination: '/boundary/docs/:version/overview/use-cases', + permanent: true, + }, { source: '/boundary/docs/overview/vs/zero-trust', destination: '/boundary/docs/overview/zero-trust', @@ -70,11 +137,22 @@ module.exports = [ destination: '/boundary/docs/:version/overview/vs/zero-trust', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/zero-trust', + destination: '/boundary/docs/:version/overview/zero-trust', + permanent: true, + }, { source: '/boundary/docs/overview/vs/bastion-hosts', destination: '/boundary/docs/overview/bastion-hosts', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/bastion-hosts', + destination: '/boundary/docs/:version/overview/bastion-hosts', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:11|12|13|14|15|16|17|18)\\.x)/overview/bastion-hosts', @@ -92,6 +170,11 @@ module.exports = [ destination: '/boundary/docs/:version/overview/vs/vpn', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/vpn', + destination: '/boundary/docs/:version/overview/vpn', + permanent: true, + }, { source: '/boundary/docs/overview/vs/pam', destination: '/boundary/docs/overview/pam', @@ -103,6 +186,11 @@ module.exports = [ destination: '/boundary/docs/:version/overview/vs/pam', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/pam', + destination: '/boundary/docs/:version/overview/pam', + permanent: true, + }, { source: '/boundary/docs/overview/vs/sdp', destination: '/boundary/docs/overview/sdp', @@ -114,6 +202,11 @@ module.exports = [ destination: '/boundary/docs/:version/overview/vs/sdp', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/sdp', + destination: '/boundary/docs/:version/overview/sdp', + permanent: true, + }, { source: '/boundary/docs/overview/vs/secrets-management', destination: '/boundary/docs/overview/secrets-management', @@ -125,6 +218,12 @@ module.exports = [ destination: '/boundary/docs/:version/overview/vs/secrets-management', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/overview/vs/secrets-management', + destination: '/boundary/docs/:version/overview/secrets-management', + permanent: true, + }, { source: '/boundary/docs/troubleshoot/faq', destination: '/boundary/docs/overview/faq', @@ -136,11 +235,36 @@ module.exports = [ destination: '/boundary/docs/:version/troubleshoot/faq', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/troubleshoot/faq', + destination: '/boundary/docs/:version/overview/faq', + permanent: true, + }, { source: '/boundary/docs/getting-started/installing', destination: '/boundary/docs/getting-started', permanent: true, }, + { + source: '/boundary/docs/installing', + destination: '/boundary/docs/getting-started', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/installing', + destination: '/boundary/docs/:version/install-boundary', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/installing', + destination: '/boundary/docs/:version/install-boundary', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing', + destination: '/boundary/docs/:version/deploy/self-managed', + permanent: true, + }, { source: '/boundary/docs/getting-started/installing/production', destination: '/boundary/docs/getting-started', @@ -151,6 +275,11 @@ module.exports = [ destination: '/boundary/docs/getting-started/dev-mode', permanent: true, }, + { + source: '/boundary/docs/getting-started/dev-mode/dev-mode', + destination: '/boundary/docs/getting-started/dev-mode', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/getting-started/dev-mode', @@ -163,17 +292,53 @@ module.exports = [ destination: '/boundary/docs/:version/getting-started/dev-mode/dev-mode', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss/installing/dev-mode', + destination: '/boundary/docs/:version/getting-started/dev-mode/dev-mode', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/getting-started/dev-mode/dev-mode', + destination: '/boundary/docs/:version/getting-started/dev-mode', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/dev-mode', + destination: '/boundary/docs/:version/getting-started/dev-mode', + permanent: true, + }, { source: '/boundary/docs/oss/installing/run-and-login', destination: '/boundary/docs/getting-started/dev-mode/run-and-login', permanent: true, }, + { + source: '/boundary/docs/getting-started/run-and-login', + destination: '/boundary/docs/getting-started/dev-mode/run-and-login', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/getting-started/dev-mode/run-and-login', destination: '/boundary/docs/:version/oss/installing/run-and-login', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18|19)\\.x)/getting-started/run-and-login', + destination: + '/boundary/docs/:version/getting-started/dev-mode/run-and-login', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18|19)\\.x)/oss/installing/run-and-login', + destination: + '/boundary/docs/:version/getting-started/dev-mode/run-and-login', + permanent: true, + }, { source: '/boundary/docs/oss/installing/connect-to-dev-target', destination: @@ -186,6 +351,32 @@ module.exports = [ destination: '/boundary/docs/:version/oss/installing/connect-to-dev-target', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18|)\\.x)/oss/installing/connect-to-dev-target', + destination: + '/boundary/docs/:version/getting-started/dev-mode/connect-to-dev-target', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/connect-to-dev-target', + destination: + '/boundary/docs/:version/getting-started/dev-mode/connect-to-dev-target', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/install-boundary/architecture/:slug*', + destination: '/boundary/docs/:version/install-boundary/:slug*', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/architecture/:slug*', + destination: '/boundary/docs/:version/architecture/:slug*', + permanent: true, + }, { source: '/boundary/docs/install-boundary/system-requirements', destination: '/boundary/docs/architecture/system-requirements', @@ -197,6 +388,31 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/system-requirements', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/installing/postgres', + destination: '/boundary/docs/:version/install-boundary/system-requirements', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/installing/postgres', + destination: + '/boundary/docs/:version/install-boundary/architecture/system-requirements', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/install-boundary/system-requirements', + destination: + '/boundary/docs/:version/install-boundary/architecture/system-requirements', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/system-requirements', + destination: '/boundary/docs/:version/architecture/system-requirements', + permanent: true, + }, { source: '/boundary/docs/install-boundary/architecture/system-requirements', destination: '/boundary/docs/architecture/system-requirements', @@ -214,6 +430,34 @@ module.exports = [ destination: '/boundary/docs/architecture/system-requirements', permanent: true, }, + { + source: '/boundary/docs/installing/postgres', + destination: '/boundary/docs/architecture/system-requirements', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/oss/installing/postgres', + destination: '/boundary/docs/:version/install-boundary/system-requirements', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/oss/installing/postgres', + destination: + '/boundary/docs/:version/install-boundary/architecture/system-requirements', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/postgres', + destination: '/boundary/docs/:version/architecture/system-requirements', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing/postgres', + destination: '/boundary/docs/:version/architecture/system-requirements', + permanent: true, + }, { source: '/boundary/docs/install-boundary/postgres', destination: '/boundary/docs/architecture/system-requirements', @@ -232,11 +476,23 @@ module.exports = [ '/boundary/docs/:version/install-boundary/architecture/recommended-architecture', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/install-boundary/recommended-architecture', + destination: + '/boundary/docs/:version/install-boundary/architecture/recommended-architecture', + permanent: true, + }, { source: '/boundary/docs/oss/installing/reference-architectures', destination: '/boundary/docs/architecture/recommended-architecture', permanent: true, }, + { + source: '/boundary/docs/installing/reference-architectures', + destination: '/boundary/docs/architecture/recommended-architecture', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/architecture/recommended-architecture', @@ -244,6 +500,48 @@ module.exports = [ '/boundary/docs/:version/oss/installing/reference-architectures', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/installing/reference-architectures', + destination: + '/boundary/docs/:version/install-boundary/recommended-architecture', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/installing/reference-architectures', + destination: + '/boundary/docs/:version/install-boundary/architecture/recommended-architecture', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/oss/installing/reference-architectures', + destination: + '/boundary/docs/:version/install-boundary/recommended-architecture', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/oss/installing/reference-architectures', + destination: + '/boundary/docs/:version/install-boundary/architecture/recommended-architecture', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/reference-architectures', + destination: + '/boundary/docs/:version/architecture/recommended-architecture', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing/reference-architectures', + destination: + '/boundary/docs/:version/architecture/recommended-architecture', + permanent: true, + }, { source: '/boundary/docs/install-boundary/recommended-architecture', destination: '/boundary/docs/architecture/recommended-architecture', @@ -256,6 +554,13 @@ module.exports = [ '/boundary/docs/:version/install-boundary/recommended-architecture', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/recommended-architecture', + destination: + '/boundary/docs/:version/architecture/recommended-architecture', + permanent: true, + }, { source: '/boundary/docs/install-boundary/architecture/fault-tolerance', destination: '/boundary/docs/architecture/fault-tolerance', @@ -279,11 +584,37 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/fault-tolerance', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/install-boundary/fault-tolerance', + destination: + '/boundary/docs/:version/install-boundary/architecture/fault-tolerance', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/fault-tolerance', + destination: '/boundary/docs/:version/architecture/fault-tolerance', + permanent: true, + }, { source: '/boundary/docs/install-boundary/architecture/high-availability', destination: '/boundary/docs/architecture/high-availability', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/installing/high-availability', + destination: '/boundary/docs/:version/install-boundary/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/installing/high-availability', + destination: + '/boundary/docs/:version/install-boundary/architecture/high-availability', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/architecture/high-availability', @@ -296,6 +627,11 @@ module.exports = [ destination: '/boundary/docs/architecture/high-availability', permanent: true, }, + { + source: '/boundary/docs/installing/high-availability', + destination: '/boundary/docs/architecture/high-availability', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/architecture/high-availability', @@ -309,27 +645,75 @@ module.exports = [ permanent: true, }, { - source: '/boundary/docs/install-boundary/high-availability', - destination: '/boundary/docs/architecture/high-availability', + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/high-availability', + destination: '/boundary/docs/:version/architecture/high-availability', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/architecture/high-availability', - destination: '/boundary/docs/:version/install-boundary/high-availability', + '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing/high-availability', + destination: '/boundary/docs/:version/architecture/high-availability', permanent: true, }, { - source: '/boundary/docs/install-boundary', + source: '/boundary/docs/install-boundary/high-availability', + destination: '/boundary/docs/architecture/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/architecture/high-availability', + destination: '/boundary/docs/:version/install-boundary/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/oss/installing/high-availability', + destination: '/boundary/docs/:version/install-boundary/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/install-boundary/high-availability', + destination: + '/boundary/docs/:version/install-boundary/architecture/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/oss/installing/high-availability', + destination: + '/boundary/docs/:version/install-boundary/architecture/high-availability', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/high-availability', + destination: '/boundary/docs/:version/architecture/high-availability', + permanent: true, + }, + { + source: '/boundary/docs/install-boundary', destination: '/boundary/docs/deploy/self-managed', permanent: true, }, + { + source: '/boundary/docs/deploy', + destination: '/boundary/docs/getting-started', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/deploy/self-managed', destination: '/boundary/docs/:version/install-boundary', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary', + destination: '/boundary/docs/:version/deploy/self-managed', + permanent: true, + }, { source: '/boundary/docs/install-boundary/install', destination: '/boundary/docs/deploy/self-managed/install', @@ -341,6 +725,11 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/install', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/install', + destination: '/boundary/docs/:version/deploy/self-managed/install', + permanent: true, + }, { source: '/boundary/docs/install-boundary/deploy', destination: '/boundary/docs/deploy/self-managed/install', @@ -352,6 +741,22 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/deploy', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17)\\.x)/install-boundary/deploy', + destination: '/boundary/docs/:version/install-boundary/install', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/install-boundary/install', + destination: '/boundary/docs/:version/install-boundary/deploy', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/deploy', + destination: '/boundary/docs/:version/deploy/self-managed/install', + permanent: true, + }, { source: '/boundary/docs/install-boundary/self-managed/deploy', destination: '/boundary/docs/deploy/self-managed/install', @@ -369,6 +774,13 @@ module.exports = [ '/boundary/docs/:version/install-boundary/configure-controllers', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/configure-controllers', + destination: + '/boundary/docs/:version/deploy/self-managed/configure-controllers', + permanent: true, + }, { source: '/boundary/docs/install-boundary/configure-workers', destination: '/boundary/docs/deploy/self-managed/deploy-workers', @@ -380,28 +792,93 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/configure-workers', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/configure-workers', + destination: '/boundary/docs/:version/deploy/self-managed/deploy-workers', + permanent: true, + }, { source: '/boundary/docs/install-boundary/initialize', destination: '/boundary/docs/deploy/self-managed/initialize', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/install-boundary/initialize', + destination: '/boundary/docs/:version/install-boundary/no-gen-resources', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/installing/no-gen-resources', + destination: '/boundary/docs/:version/install-boundary/no-gen-resources', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/install-boundary/no-gen-resources', + destination: '/boundary/docs/:version/install-boundary/initialize', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/installing/no-gen-resources', + destination: '/boundary/docs/:version/install-boundary/initialize', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/self-managed/initialize', destination: '/boundary/docs/:version/install-boundary/initialize', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/initialize', + destination: '/boundary/docs/:version/deploy/self-managed/initialize', + permanent: true, + }, { source: '/boundary/docs/oss/installing/no-gen-resources', destination: '/boundary/docs/deploy/self-managed/initialize', permanent: true, }, + { + source: '/boundary/docs/installing/no-gen-resources', + destination: '/boundary/docs/deploy/self-managed/initialize', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/deploy/self-managed/initialize', destination: '/boundary/docs/:version/oss/installing/no-gen-resources', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/oss/installing/no-gen-resources', + destination: '/boundary/docs/:version/deploy/self-managed/initialize', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/oss/installing/no-gen-resources', + destination: '/boundary/docs/:version/install-boundary/no-gen-resources', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/oss/installing/no-gen-resources', + destination: '/boundary/docs/:version/install-boundary/initialize', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/no-gen-resources', + destination: '/boundary/docs/:version/deploy/self-managed/initialize', + permanent: true, + }, { source: '/boundary/docs/install-boundary/no-gen-resources', destination: '/boundary/docs/deploy/self-managed/initialize', @@ -413,6 +890,18 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/no-gen-resources', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/no-gen-resources', + destination: '/boundary/docs/:version/deploy/self-managed/initialize', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing/no-gen-resources', + destination: '/boundary/docs/:version/deploy/self-managed/initialize', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8)\\.x)/deploy/self-managed/initialize', @@ -430,6 +919,24 @@ module.exports = [ destination: '/boundary/docs/:version/install-boundary/install-clients', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17)\\.x)/deploy/self-managed/install-clients', + destination: '/boundary/docs/:version/install-boundary', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/install-clients', + destination: '/boundary/docs/:version/deploy/self-managed/install-clients', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/install-boundary/install-clients', + destination: '/boundary/docs/:version/install-boundary', + permanent: true, + }, { source: '/boundary/docs/install-boundary/self-managed/install-clients', destination: '/boundary/docs/deploy/self-managed/install-clients', @@ -451,143 +958,122 @@ module.exports = [ permanent: true, }, { - source: '/boundary/docs/oss/installing', - destination: '/boundary/docs/deploy', - permanent: true, - }, - { - source: '/boundary/docs/getting-started/connect-to-target', - destination: '/boundary/docs/hcp/get-started/connect-to-target', + source: '/boundary/docs/installing/systemd', + destination: '/boundary/docs/deploy/self-managed/systemd', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/hcp/get-started/connect-to-target', - destination: '/boundary/docs/:version/getting-started/connect-to-target', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/installing/systemd', + destination: '/boundary/docs/:version/install-boundary/systemd', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8)\\.x)/targets/connections', - destination: '/boundary/docs/:version/getting-started/connect-to-target', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss/installing/systemd', + destination: '/boundary/docs/:version/install-boundary/systemd', permanent: true, }, { - source: '/boundary/docs/getting-started/deploy-and-login', - destination: '/boundary/docs/hcp/get-started/deploy-and-login', + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing/systemd', + destination: '/boundary/docs/:version/deploy/self-managed/systemd', permanent: true, }, { - source: - '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/hcp/get-started/deploy-and-login', - destination: '/boundary/docs/:version/getting-started/deploy-and-login', + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/installing/systemd', + destination: '/boundary/docs/:version/deploy/self-managed/systemd', permanent: true, }, { - source: '/boundary/docs/install-boundary/terraform-patterns', - destination: '/boundary/docs/deploy/terraform-patterns', + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/deploy/self-managed/systemd', + destination: '/boundary/docs/:version/install-boundary', permanent: true, }, { - source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns', - destination: '/boundary/docs/:version/install-boundary/terraform-patterns', + source: '/boundary/docs/oss/installing', + destination: '/boundary/docs/deploy/self-managed', permanent: true, }, { source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-credentials-and-credential-stores', - destination: - '/boundary/docs/deploy/terraform-patterns/terraform-credentials-and-credential-stores', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss/installing', + destination: '/boundary/docs/:version/install-boundary', permanent: true, }, { - source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-credentials-and-credential-stores', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-credentials-and-credential-stores', + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/installing', + destination: '/boundary/docs/:version/deploy/self-managed', permanent: true, }, { - source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-groups-and-rbac', - destination: - '/boundary/docs/deploy/terraform-patterns/terraform-groups-and-rbac', + source: '/boundary/docs/getting-started/connect-to-target', + destination: '/boundary/docs/hcp/get-started/connect-to-target', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-groups-and-rbac', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-groups-and-rbac', + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13|14|15|16|17|18|19)\\.x)/getting-started/connect-to-target', + destination: '/boundary/docs/:version/hcp/get-started/connect-to-target', permanent: true, }, { source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-hosts-and-host-management', - destination: - '/boundary/docs/deploy/terraform-patterns/terraform-hosts-and-host-management', + '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/hcp/get-started/connect-to-target', + destination: '/boundary/docs/:version/getting-started/connect-to-target', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-hosts-and-host-management', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-hosts-and-host-management', + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8)\\.x)/targets/connections', + destination: '/boundary/docs/:version/getting-started/connect-to-target', permanent: true, }, { - source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-scopes', - destination: '/boundary/docs/deploy/terraform-patterns/terraform-scopes', + source: '/boundary/docs/getting-started/deploy-and-login', + destination: '/boundary/docs/hcp/get-started/deploy-and-login', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-scopes', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-scopes', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18|19)\\.x)/getting-started/deploy-and-login', + destination: '/boundary/docs/:version/hcp/get-started/deploy-and-login', permanent: true, }, { source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-session-recording', - destination: - '/boundary/docs/deploy/terraform-patterns/terraform-session-recording', + '/boundary/docs/:version(v0\\.(?:9|10|11|12)\\.x)/hcp/get-started/deploy-and-login', + destination: '/boundary/docs/:version/getting-started/deploy-and-login', permanent: true, }, { - source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-session-recording', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-session-recording', + source: '/boundary/docs/install-boundary/terraform-patterns/:slug*', + destination: '/boundary/docs/deploy/terraform-patterns/:slug*', permanent: true, }, { source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-targets', - destination: '/boundary/docs/deploy/terraform-patterns/terraform-targets', + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/install-boundary/terraform-patterns/:slug*', + destination: '/boundary/docs/:version/install-boundary', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-pattern/terraform-targets', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-targets', + '/boundary/docs/:version(v0\\.(?:19)\\.x)/install-boundary/terraform-patterns/:slug*', + destination: '/boundary/docs/:version/deploy/terraform-patterns/:slug*', permanent: true, }, { source: - '/boundary/docs/install-boundary/terraform-patterns/terraform-users-and-auth-methods', + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/:slug*', destination: - '/boundary/docs/deploy/terraform-patterns/terraform-users-and-auth-methods', + '/boundary/docs/:version/install-boundary/terraform-patterns/:slug*', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/deploy/terraform-patterns/terraform-users-and-auth-methods', - destination: - '/boundary/docs/:version/install-boundary/terraform-patterns/terraform-users-and-auth-methods', + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/deploy/terraform-patterns/:slug*', + destination: '/boundary/docs/:version/install-boundary', permanent: true, }, { @@ -616,11 +1102,22 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/security/data-encryption', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/security/data-encryption', + destination: '/boundary/docs/:version/secure/encryption/data-encryption', + permanent: true, + }, { source: '/boundary/docs/concepts/security', destination: '/boundary/docs/secure/encryption/data-encryption', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/security', + destination: '/boundary/docs/:version/secure/encryption/data-encryption', + permanent: true, + }, { source: '/boundary/docs/concepts/security/connections-tls', destination: '/boundary/docs/secure/encryption/connections-tls', @@ -632,6 +1129,12 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/security/connections-tls', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/security/connections-tls', + destination: '/boundary/docs/:version/secure/encryption/connections-tls', + permanent: true, + }, { source: '/boundary/docs/oss/operations', destination: '/boundary/docs/monitor', @@ -652,11 +1155,22 @@ module.exports = [ destination: '/boundary/docs/:version/operations', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations', + destination: '/boundary/docs/:version/monitor', + permanent: true, + }, { source: '/boundary/docs/configuration/listener', destination: '/boundary/docs/monitor/listeners', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/listener/:slug*', + destination: '/boundary/docs/:version/monitor/listeners/:slug*', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/monitor/listeners', @@ -695,11 +1209,27 @@ module.exports = [ destination: '/boundary/docs/:version/oss/operations/metrics', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss/operations/metrics', + destination: '/boundary/docs/:version/operations/metrics', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/operations/metrics', + destination: '/boundary/docs/:version/monitor/metrics', + permanent: true, + }, { source: '/boundary/docs/operations/metrics', destination: '/boundary/docs/monitor/metrics', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/metrics', + destination: '/boundary/docs/:version/monitor/metrics', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:8|13|14|15|16|17|18)\\.x)/monitor/metrics', @@ -717,6 +1247,11 @@ module.exports = [ destination: '/boundary/docs/:version/operations/health', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/health', + destination: '/boundary/docs/:version/monitor/health', + permanent: true, + }, { source: '/boundary/docs/oss/operations/health', destination: '/boundary/docs/monitor/health', @@ -727,11 +1262,49 @@ module.exports = [ destination: '/boundary/docs/:version/oss/operations/health', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/oss/operations/health', + destination: '/boundary/docs/:version/operations/health', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/oss/operations/health', + destination: '/boundary/docs/:version/monitor/health', + permanent: true, + }, { source: '/boundary/docs/configuration/events', destination: '/boundary/docs/monitor/events/events', permanent: true, }, + { + source: '/boundary/docs/monitor/events', + destination: '/boundary/docs/monitor/events/events', + permanent: true, + }, + { + source: '/boundary/docs/configuration/events/overview', + destination: '/boundary/docs/monitor/events/events', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/events', + destination: '/boundary/docs/:version/monitor/events/events', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/events/overview', + destination: '/boundary/docs/:version/monitor/events/events', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:10|11|12|13|14|15|16|17|18)\\.x)/configuration/events/overview', + destination: '/boundary/docs/:version/configuration/events', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:10|11|12|13|14|15|16|17|18)\\.x)/monitor/events/events', @@ -744,6 +1317,11 @@ module.exports = [ destination: '/boundary/docs/:version/configuration/events/overview', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/monitor/events', + destination: '/boundary/docs/:version/monitor/events/events', + permanent: true, + }, { source: '/boundary/docs/concepts/filtering/events', destination: '/boundary/docs/monitor/events/filter-events', @@ -755,11 +1333,29 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/filtering/events', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering/events', + destination: '/boundary/docs/:version/monitor/events/filter-events', + permanent: true, + }, { source: '/boundary/docs/configuration/events/common', destination: '/boundary/docs/monitor/events/common', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13|14|15|16|17|18)\\.x)/configuration/events/common-sink-parameters', + destination: '/boundary/docs/:version/configuration/events/common', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/events/common', + destination: '/boundary/docs/:version/monitor/events/common', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/monitor/events/common', @@ -777,6 +1373,18 @@ module.exports = [ destination: '/boundary/docs/:version/configuration/events/file', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13|14|15|16|17|18)\\.x)/configuration/events/file-sink', + destination: '/boundary/docs/:version/configuration/events/file', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/events/file', + destination: '/boundary/docs/:version/monitor/events/file', + permanent: true, + }, { source: '/boundary/docs/configuration/events/stderr', destination: '/boundary/docs/monitor/events/stderr', @@ -788,11 +1396,70 @@ module.exports = [ destination: '/boundary/docs/:version/configuration/events/stderr', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/configuration/events/stderr-sink', + destination: '/boundary/docs/:version/configuration/events/stderr', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/events/stderr', + destination: '/boundary/docs/:version/monitor/events/stderr', + permanent: true, + }, { source: '/boundary/docs/release-notes', destination: '/boundary/docs', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/release-notes', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13)\\.x)/release-notes/v0_14_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/release-notes/v0_15_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15)\\.x)/release-notes/v0_16_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)\\.x)/release-notes/v0_17_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/release-notes/v0_18_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/release-notes/v0_19_0', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19)\\.x)/release-notes/v0_20_0', + destination: '/boundary/docs/:version', + permanent: true, + }, { source: '/boundary/docs/configuration/worker', destination: '/boundary/docs/workers', @@ -804,16 +1471,44 @@ module.exports = [ destination: '/boundary/docs/:version/configuration/worker', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/worker', + destination: '/boundary/docs/:version/workers', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:9)\\.x)/workers', destination: '/boundary/docs/:version/configuration/worker/overview', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:9)\\.x)/configuration/worker', + destination: '/boundary/docs/:version/configuration/worker/overview', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:10|11|12|13|14|15)\\.x)/configuration/worker/overview', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:10|11|12|13|14|15|16|17|18)\\.x)/workers/create', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, { source: '/boundary/docs/configuration/worker/worker-configuration', destination: '/boundary/docs/workers/registration', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:10|11|12|13|14)\\.x)/workers/registration', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/workers/registration', @@ -821,21 +1516,71 @@ module.exports = [ '/boundary/docs/:version/configuration/worker/worker-configuration', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13|14)\\.x)/configuration/worker/worker-configuration', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13|14|15|16|17|18)\\.x)/configuration/workers', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/worker/worker-configuration', + destination: '/boundary/docs/:version/workers/registration', + permanent: true, + }, { source: '/boundary/docs/configuration/worker/kms-worker', destination: '/boundary/docs/workers/registration', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/configuration/worker/kms-worker', + destination: + '/boundary/docs/:version/configuration/worker/worker-configuration', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/worker/kms-worker', + destination: '/boundary/docs/:version/workers/registration', + permanent: true, + }, { source: '/boundary/docs/configuration/worker/pki-worker', destination: '/boundary/docs/workers/registration', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/configuration/worker/pki-worker', + destination: + '/boundary/docs/:version/configuration/worker/worker-configuration', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/worker/pki-worker', + destination: '/boundary/docs/:version/workers/registration', + permanent: true, + }, { source: '/boundary/docs/concepts/connection-workflows/multi-hop', destination: '/boundary/docs/workers/multi-hop', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13)\\.x)/workers/multi-hop', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/workers/multi-hop', @@ -843,6 +1588,38 @@ module.exports = [ '/boundary/docs/:version/concepts/connection-workflows/multi-hop', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/connection-workflows/multi-hop', + destination: '/boundary/docs/:version/workers/multi-hop', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13)\\.x)/workers/multi-hop/enterprise', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:9|10|11|12|13)\\.x)/workers/multi-hop/hcp', + destination: '/boundary/docs/:version/configuration/worker', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/workers/multi-hop/enterprise', + destination: + '/boundary/docs/:version/concepts/connection-workflows/multi-hop', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/workers/multi-hop/hcp', + destination: + '/boundary/docs/:version/concepts/connection-workflows/multi-hop', + permanent: true, + }, { source: '/boundary/docs/concepts/filtering/worker-tags', destination: '/boundary/docs/workers/worker-tags', @@ -854,6 +1631,18 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/filtering/worker-tags', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/workers/filters', + destination: '/boundary/docs/:version/concepts/filtering/worker-tags', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering/worker-tags', + destination: '/boundary/docs/:version/workers/worker-tags', + permanent: true, + }, { source: '/boundary/docs/concepts/service-discovery', destination: '/boundary/docs/hosts', @@ -864,6 +1653,18 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/service-discovery', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/concepts/service-discovery', + destination: '/boundary/docs/:version/concepts/host-discovery', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/service-discovery', + destination: '/boundary/docs/:version/hosts', + permanent: true, + }, { source: '/boundary/docs/concepts/host-discovery', destination: '/boundary/docs/hosts', @@ -874,6 +1675,12 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/host-discovery', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/host-discovery/:slug*', + destination: '/boundary/docs/:version/hosts/:slug*', + permanent: true, + }, { source: '/boundary/docs/concepts/host-discovery/aws', destination: '/boundary/docs/hosts/aws', @@ -900,21 +1707,61 @@ module.exports = [ destination: '/boundary/docs/hosts/gcp', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/hosts/gcp', + destination: '/boundary/docs/:version/concepts/host-discovery', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:8|9|10|11|12)\\.x)/hosts/gcp', + destination: '/boundary/docs/:version/concepts/service-discovery', + permanent: true, + }, { source: '/boundary/docs/configuration/target-aliases', destination: '/boundary/docs/targets/configuration', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/configuration/target-aliases/:slug*', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:16|17)\\.x)/configuration/target-aliases/:slug*', + destination: '/boundary/docs/:version/concepts/aliases', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/targets/configuration', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/configuration', destination: '/boundary/docs/:version/configuration/target-aliases', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/target-aliases', + destination: '/boundary/docs/:version/targets/configuration', + permanent: true, + }, { source: '/boundary/docs/configuration/target-aliases/connect-target-alias', destination: '/boundary/docs/targets/connections/connect-target-alias', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/targets/connections/connect-target-alias', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/connections/connect-target-alias', @@ -922,6 +1769,13 @@ module.exports = [ '/boundary/docs/:version/configuration/target-aliases/connect-target-alias', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/target-aliases/connect-target-alias', + destination: + '/boundary/docs/:version/targets/connections/connect-target-alias', + permanent: true, + }, { source: '/boundary/docs/configuration/target-aliases/create-target-alias', destination: '/boundary/docs/targets/configuration/create-target-alias', @@ -929,9 +1783,22 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/configuration/create-target-alias', + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/targets/configuration/create-target-alias', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/configuration/create-target-alias', + destination: + '/boundary/docs/:version/configuration/target-aliases/create-target-alias', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/target-aliases/create-target-alias', destination: - '/boundary/docs/:version/configuration/target-aliases/create-target-alias', + '/boundary/docs/:version/targets/configuration/create-target-alias', permanent: true, }, { @@ -940,6 +1807,12 @@ module.exports = [ '/boundary/docs/targets/configuration/configure-transparent-sessions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/targets/configuration/configure-transparent-sessions', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/configuration/configure-transparent-sessions', @@ -947,22 +1820,47 @@ module.exports = [ '/boundary/docs/:version/configuration/target-aliases/transparent-sessions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/target-aliases/transparent-sessions', + destination: + '/boundary/docs/:version/targets/configuration/configure-transparent-sessions', + permanent: true, + }, { source: '/boundary/docs/concepts/connection-workflows', destination: '/boundary/docs/targets/connections', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13)\\.x)/targets/connections', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/targets/connections', destination: '/boundary/docs/:version/concepts/connection-workflows', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/connection-workflows', + destination: '/boundary/docs/:version/targets/connections', + permanent: true, + }, { source: '/boundary/docs/concepts/connection-workflows/connect-helpers', destination: '/boundary/docs/targets/connections/connect-helpers', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13)\\.x)/targets/connections/connect-helpers', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/targets/connections/connect-helpers', @@ -970,11 +1868,23 @@ module.exports = [ '/boundary/docs/:version/concepts/connection-workflows/connect-helpers', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/connection-workflows/connect-helpers', + destination: '/boundary/docs/:version/targets/connections/connect-helpers', + permanent: true, + }, { source: '/boundary/docs/concepts/connection-workflows/exec-flag', destination: '/boundary/docs/targets/connections/exec-flag', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13)\\.x)/targets/connections/exec-flag', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/targets/connections/exec-flag', @@ -982,6 +1892,12 @@ module.exports = [ '/boundary/docs/:version/concepts/connection-workflows/exec-flag', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/connection-workflows/exec-flag', + destination: '/boundary/docs/:version/targets/connections/exec-flag', + permanent: true, + }, { source: '/boundary/docs/common-workflows/workflow-ssh-proxycommand', destination: '/boundary/docs/targets/connections/workflow-ssh-proxycommand', @@ -993,6 +1909,12 @@ module.exports = [ destination: '/boundary/docs/targets/connections/workflow-ssh-proxycommand', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13)\\.x)/targets/connections/workflow-ssh-proxycommand', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/targets/connections/workflow-ssh-proxycommand', @@ -1000,16 +1922,65 @@ module.exports = [ '/boundary/docs/:version/concepts/connection-workflows/workflow-ssh-proxycommand', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/connection-workflows/workflow-ssh-proxycommand', + destination: + '/boundary/docs/:version/targets/connections/workflow-ssh-proxycommand', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/targets/connections/transparent-sessions', + destination: '/boundary/docs/:version/concepts/domain-model/targets', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:18)\\.x)/targets/connections/transparent-sessions', + destination: + '/boundary/docs/:version/configuration/target-aliases/transparent-sessions', + permanent: true, + }, { source: '/boundary/docs/configuration/credential-management', destination: '/boundary/docs/credentials', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/credentials/:slug*', + destination: '/boundary/docs/:version/concepts/credential-management', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/credential-management/:slug*', + destination: '/boundary/docs/:version/credentials/:slug*', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/credentials', destination: '/boundary/docs/:version/configuration/credential-management', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/configuration/credential-management/:slug*', + destination: '/boundary/docs/:version/concepts/credential-management', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/credentials/rdp-testing-and-compatibility-matrix', + destination: '/boundary/docs/:version/configuration/credential-management', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/credentials/rdp-testing-and-compatibility-matrix', + destination: '/boundary/docs/:version/credentials', + permanent: true, + }, { source: '/boundary/docs/configuration/credential-management/configure-credential-brokering', @@ -1073,6 +2044,12 @@ module.exports = [ destination: '/boundary/docs/:version/configuration/session-recording', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording', + destination: '/boundary/docs/:version/session-recording', + permanent: true, + }, { source: '/boundary/docs/operations/session-recordings', destination: '/boundary/docs/session-recording', @@ -1085,6 +2062,13 @@ module.exports = [ '/boundary/docs/session-recording/configuration/configure-worker-storage', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/configuration/session-recording/configure-worker-storage', + destination: + '/boundary/docs/:version/configuration/session-recording/create-storage-bucket', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:16|17|18)\\.x)/session-recording/configuration/configure-worker-storage', @@ -1092,6 +2076,13 @@ module.exports = [ '/boundary/docs/:version/configuration/session-recording/configure-worker-storage', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/configure-worker-storage', + destination: + '/boundary/docs/:version/session-recording/configuration/configure-worker-storage', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/session-recording/configuration/configure-worker-storage', @@ -1105,6 +2096,13 @@ module.exports = [ '/boundary/docs/session-recording/configuration/storage-providers', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/storage-providers/:slug*', + destination: + '/boundary/docs/:version/session-recording/configuration/storage-providers/:slug*', + permanent: true, + }, { source: '/boundary/docs/configuration/session-recording/storage-providers/configure-s3', @@ -1112,6 +2110,18 @@ module.exports = [ '/boundary/docs/session-recording/configuration/storage-providers/configure-s3', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/configuration/session-recording/storage-providers/configure-s3', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/session-recording/configuration/storage-providers/configure-s3', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:16|17|18)\\.x)/session-recording/configuration/storage-providers/configure-s3', @@ -1126,6 +2136,18 @@ module.exports = [ '/boundary/docs/session-recording/configuration/storage-providers/configure-minio', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/configuration/session-recording/storage-providers/configure-minio', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15)\\.x)/session-recording/configuration/storage-providers/configure-minio', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:16|17|18)\\.x)/session-recording/configuration/storage-providers/configure-minio', @@ -1140,6 +2162,18 @@ module.exports = [ '/boundary/docs/session-recording/configuration/storage-providers/configure-s3-compliant', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/configuration/session-recording/storage-providers/configure-s3-compliant', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/session-recording/configuration/storage-providers/configure-s3-compliant', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:17|18)\\.x)/session-recording/configuration/storage-providers/configure-s3-compliant', @@ -1161,6 +2195,13 @@ module.exports = [ '/boundary/docs/:version/configuration/session-recording/create-storage-bucket', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/create-storage-bucket', + destination: + '/boundary/docs/:version/session-recording/configuration/create-storage-bucket', + permanent: true, + }, { source: '/boundary/docs/configuration/session-recording/enable-session-recording', @@ -1175,6 +2216,19 @@ module.exports = [ '/boundary/docs/:version/configuration/session-recording/enable-session-recording', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/enable-session-recording', + destination: + '/boundary/docs/:version/session-recording/configuration/enable-session-recording', + permanent: true, + }, + { + source: '/boundary/docs/operations/manage-recorded-sessions', + destination: + '/boundary/docs/session-recording/configuration/manage-recorded-sessions', + permanent: true, + }, { source: '/boundary/docs/operations/session-recordings/manage-recorded-sessions', @@ -1182,6 +2236,30 @@ module.exports = [ '/boundary/docs/session-recording/configuration/manage-recorded-sessions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/operations/session-recordings', + destination: '/boundary/docs/:version/operations/manage-recorded-sessions', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/operations/session-recordings/manage-recorded-sessions', + destination: '/boundary/docs/:version/operations/manage-recorded-sessions', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/session-recording/configuration/manage-recorded-sessions', + destination: '/boundary/docs/:version/operations/manage-recorded-sessions', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/operations/manage-recorded-sessions', + destination: '/boundary/docs/:version/operations/session-recordings', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/session-recording/configuration/manage-recorded-sessions', @@ -1189,6 +2267,12 @@ module.exports = [ '/boundary/docs/:version/operations/session-recordings/manage-recorded-sessions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19|20)\\.x)/operations/manage-recorded-sessions', + destination: '/boundary/docs/:version/session-recording', + permanent: true, + }, { source: '/boundary/docs/troubleshoot/troubleshoot-recorded-sessions', destination: @@ -1202,6 +2286,13 @@ module.exports = [ '/boundary/docs/:version/troubleshoot/troubleshoot-recorded-sessions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/troubleshoot/troubleshoot-recorded-sessions', + destination: + '/boundary/docs/:version/session-recording/configuration/troubleshoot-recorded-sessions', + permanent: true, + }, { source: '/boundary/docs/configuration/session-recording/configure-storage-policy', @@ -1209,6 +2300,18 @@ module.exports = [ '/boundary/docs/session-recording/compliance/configure-storage-policy', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/configuration/session-recording/configure-storage-policy', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/session-recording/compliance/configure-storage-policy', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/session-recording/compliance/configure-storage-policy', @@ -1216,6 +2319,13 @@ module.exports = [ '/boundary/docs/:version/configuration/session-recording/configure-storage-policy', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/configure-storage-policy', + destination: + '/boundary/docs/:version/session-recording/compliance/configure-storage-policy', + permanent: true, + }, { source: '/boundary/docs/configuration/session-recording/update-storage-policy', @@ -1223,6 +2333,18 @@ module.exports = [ '/boundary/docs/session-recording/compliance/update-storage-policy', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/configuration/session-recording/update-storage-policy', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/session-recording/compliance/update-storage-policy', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/session-recording/compliance/update-storage-policy', @@ -1231,30 +2353,99 @@ module.exports = [ permanent: true, }, { - source: '/boundary/docs/operations/session-recordings/validate-data-store', - destination: - '/boundary/docs/session-recording/compliance/validate-data-store', + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/session-recording/update-storage-policy', + destination: + '/boundary/docs/:version/session-recording/compliance/update-storage-policy', + permanent: true, + }, + { + source: '/boundary/docs/operations/session-recordings/validate-data-store', + destination: + '/boundary/docs/session-recording/compliance/validate-data-store', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/operations/session-recordings/validate-data-store', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/session-recording/compliance/validate-data-store', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/session-recording/compliance/validate-data-store', + destination: + '/boundary/docs/:version/operations/session-recordings/validate-data-store', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/session-recordings/validate-data-store', + destination: + '/boundary/docs/:version/session-recording/compliance/validate-data-store', + permanent: true, + }, + { + source: + '/boundary/docs/operations/session-recordings/validate-session-recordings', + destination: + '/boundary/docs/session-recording/compliance/validate-session-recordings', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/operations/session-recordings/validate-session-recordings', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:13)\\.x)/session-recording/compliance/validate-session-recordings', + destination: '/boundary/docs/:version/configuration/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/session-recording/compliance/validate-session-recordings', + destination: + '/boundary/docs/:version/operations/session-recordings/validate-session-recordings', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/session-recordings', + destination: '/boundary/docs/:version/session-recording', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/session-recordings/manage-recorded-sessions', + destination: '/boundary/docs/:version/session-recording', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/session-recording/compliance/validate-data-store', + '/boundary/docs/:version(v0\\.(?:19)\\.x)/operations/session-recordings/validate-session-recordings', destination: - '/boundary/docs/:version/operations/session-recordings/validate-data-store', + '/boundary/docs/:version/session-recording/compliance/validate-session-recordings', permanent: true, }, { source: - '/boundary/docs/operations/session-recordings/validate-session-recordings', - destination: - '/boundary/docs/session-recording/compliance/validate-session-recordings', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/session-recording/data/bsr-file-structure', + destination: '/boundary/docs/:version/concepts/auditing', permanent: true, }, { source: - '/boundary/docs/:version(v0\\.(?:14|15|16|17|18)\\.x)/session-recording/compliance/validate-session-recordings', - destination: - '/boundary/docs/:version/operations/session-recordings/validate-session-recordings', + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18)\\.x)/session-recording/data/read-bsr-file', + destination: '/boundary/docs/:version/concepts/auditing', permanent: true, }, { @@ -1262,12 +2453,24 @@ module.exports = [ destination: '/boundary/docs/rbac', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/configuration/identity-access-management/:slug*', + destination: '/boundary/docs/:version/rbac/:slug*', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:17|18)\\.x)/rbac', destination: '/boundary/docs/:version/configuration/identity-access-management', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/configuration/identity-access-management', + destination: '/boundary/docs/:version/concepts/security/permissions', + permanent: true, + }, { source: '/boundary/docs/concepts/security/permissions', destination: '/boundary/docs/rbac', @@ -1275,7 +2478,20 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|1|14|15|16)\\.x)/rbac', + '/boundary/docs/:version(v0\\.(?:17|18)\\.x)/concepts/security/permissions/:slug*', + destination: '/boundary/docs/:version/rbac/:slug*', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/security/permissions/:slug*', + destination: + '/boundary/docs/:version/configuration/identity-access-management/:slug*', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)\\.x)/rbac', destination: '/boundary/docs/:version/concepts/security/permissions', permanent: true, }, @@ -1287,7 +2503,7 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|1|14|15|16)\\.x)/rbac/assignable-permissions', + '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|13|14|15|16)\\.x)/rbac/assignable-permissions', destination: '/boundary/docs/:version/concepts/security/permissions/assignable-permissions', permanent: true, @@ -1305,6 +2521,13 @@ module.exports = [ '/boundary/docs/:version/configuration/identity-access-management/assignable-permissions', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/configuration/identity-access-management/assignable-permissions', + destination: + '/boundary/docs/:version/concepts/security/permissions/assignable-permissions', + permanent: true, + }, { source: '/boundary/docs/concepts/security/permissions/permission-grant-formats', @@ -1313,7 +2536,7 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|1|14|15|16)\\.x)/rbac/permission-grant-formats', + '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|13|14|15|16)\\.x)/rbac/permission-grant-formats', destination: '/boundary/docs/:version/concepts/security/permissions/permission-grant-formats', permanent: true, @@ -1324,6 +2547,13 @@ module.exports = [ destination: '/boundary/docs/rbac/permission-grant-formats', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/configuration/identity-access-management/permission-grant-formats', + destination: + '/boundary/docs/:version/concepts/security/permissions/permission-grant-formats', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:17|18)\\.x)/rbac/permission-grant-formats', @@ -1338,10 +2568,16 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|1|14|15|16|17|18)\\.x)/rbac/manage-roles', + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/rbac/manage-roles', destination: '/boundary/docs/:version/common-workflows/manage-roles', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/common-workflows/manage-roles', + destination: '/boundary/docs/:version/rbac/manage-roles', + permanent: true, + }, { source: '/boundary/docs/concepts/security/permissions/resource-table', destination: '/boundary/docs/rbac/resource-table', @@ -1349,7 +2585,7 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|1|14|15|16)\\.x)/rbac/resource-table', + '/boundary/docs/:version(v0\\.(?:8|9|10|11|12|13|14|15|16)\\.x)/rbac/resource-table', destination: '/boundary/docs/:version/concepts/security/permissions/resource-table', permanent: true, @@ -1360,6 +2596,13 @@ module.exports = [ destination: '/boundary/docs/rbac/resource-table', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16)\\.x)/configuration/identity-access-management/resource-table', + destination: + '/boundary/docs/:version/concepts/security/permissions/resource-table', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:17|18)\\.x)/rbac/resource-table', destination: @@ -1373,10 +2616,16 @@ module.exports = [ }, { source: - '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|1|14|15|16|17|18)\\.x)/rbac/users/manage-users-groups', + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/rbac/users/manage-users-groups', destination: '/boundary/docs/:version/common-workflows/manage-users-groups', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/common-workflows/manage-users-groups', + destination: '/boundary/docs/:version/rbac/users/manage-users-groups', + permanent: true, + }, { source: '/boundary/docs/concepts/filtering/oidc-managed-groups', destination: '/boundary/docs/rbac/users/managed-groups', @@ -1389,6 +2638,25 @@ module.exports = [ '/boundary/docs/:version/concepts/filtering/oidc-managed-groups', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:4|5|6|7|8|9|10|11|12|13|14|15)\\.x)/concepts/filtering/managed-groups', + destination: + '/boundary/docs/:version/concepts/filtering/oidc-managed-groups', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:16|17|18)\\.x)/concepts/filtering/oidc-managed-groups', + destination: '/boundary/docs/:version/concepts/filtering/managed-groups', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering/oidc-managed-groups', + destination: '/boundary/docs/:version/rbac/users/managed-groups', + permanent: true, + }, { source: '/boundary/docs/concepts/filtering/managed-groups', destination: '/boundary/docs/rbac/users/managed-groups', @@ -1400,21 +2668,47 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/filtering/managed-groups', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering/managed-groups', + destination: '/boundary/docs/:version/rbac/users/managed-groups', + permanent: true, + }, { source: '/boundary/docs/integrations', destination: '/boundary/docs', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14|19)\\.x)/integrations', + destination: '/boundary/docs/:version', + permanent: true, + }, { source: '/boundary/docs/integrations/vault', destination: '/boundary/docs/vault', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/integrations/vault', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/vault', + destination: '/boundary/docs/:version', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/vault', destination: '/boundary/docs/:version/integrations/vault', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/integrations/vault', + destination: '/boundary/docs/:version/vault', + permanent: true, + }, { source: '/boundary/docs/api-clients/go-sdk', destination: '/boundary/docs/go-sdk', @@ -1426,26 +2720,70 @@ module.exports = [ destination: '/boundary/docs/:version/api-clients/go-sdk', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/go-sdk', + destination: '/boundary/docs/:version/go-sdk', + permanent: true, + }, { source: '/boundary/docs/api-clients/client-agent', destination: '/boundary/docs/client-agent', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/api-clients/client-agent', + destination: '/boundary/docs/:version', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/client-agent', destination: '/boundary/docs/:version/api-clients/client-agent', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/client-agent', + destination: '/boundary/docs/:version/client-agent', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17)\\.x)/client-agent/:slug*', + destination: '/boundary/docs/:version', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:18)\\.x)/client-agent/:slug*', + destination: '/boundary/docs/:version/api-clients/client-agent', + permanent: true, + }, { source: '/boundary/docs/api-clients/client-cache', destination: '/boundary/docs/client-cache', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/api-clients/client-cache', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/client-cache', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/client-cache', destination: '/boundary/docs/:version/api-clients/client-cache', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/client-cache', + destination: '/boundary/docs/:version/client-cache', + permanent: true, + }, { source: '/boundary/docs/api-clients/api', destination: '/boundary/docs/api', @@ -1457,27 +2795,66 @@ module.exports = [ destination: '/boundary/docs/:version/api-clients/api', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/api', + destination: '/boundary/docs/:version/api', + permanent: true, + }, { source: '/boundary/docs/api-clients/api/pagination', destination: '/boundary/docs/api/pagination', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/api-clients/api/pagination', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/api/pagination', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/api/pagination', destination: '/boundary/docs/:version/api-clients/api/pagination', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/api/pagination', + destination: '/boundary/docs/:version/api/pagination', + permanent: true, + }, { source: '/boundary/docs/api-clients/api/rate-limiting', destination: '/boundary/docs/api/rate-limiting', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/api-clients/api/rate-limiting', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, + { + source: '/boundary/docs/:version(v0\\.(?:13|14)\\.x)/api/rate-limiting', + destination: '/boundary/docs/:version/api-clients/api', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/api/rate-limiting', destination: '/boundary/docs/:version/api-clients/api/rate-limiting', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/api-clients/api/rate-limiting', + destination: '/boundary/docs/:version/api/rate-limiting', + permanent: true, + }, { source: '/boundary/docs/api-clients/cli', destination: '/boundary/docs/commands/', @@ -1489,6 +2866,89 @@ module.exports = [ destination: '/boundary/docs/:version/api-clients/cli', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:13|14|15|16|17|18|19)\\.x)/api-clients/cli', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19)\\.x)/commands/connect/cassandra', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19)\\.x)/commands/connect/mysql', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: '/boundary/docs/commands/daemon/:slug*', + destination: '/boundary/docs/commands/cache/:slug*', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)\\.x)/commands/cache/:slug*', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/daemon/:slug*', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:17|18|19)\\.x)/commands/daemon/:slug*', + destination: '/boundary/docs/:version/commands/cache/:slug*', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/delete', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/read', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/search', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/update', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/roles/add-grant-scopes', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/roles/remove-grant-scopes', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/commands/roles/set-grant-scopes', + destination: '/boundary/docs/:version/commands', + permanent: true, + }, { source: '/boundary/docs/concepts/domain-model', destination: '/boundary/docs/domain-model', @@ -1500,6 +2960,12 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/domain-model', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/domain-model/:slug*', + destination: '/boundary/docs/:version/domain-model/:slug*', + permanent: true, + }, { source: '/boundary/docs/concepts/domain-model/accounts', destination: '/boundary/docs/domain-model/accounts', @@ -1516,6 +2982,18 @@ module.exports = [ destination: '/boundary/docs/domain-model/aliases', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15)\\.x)/concepts/domain-model/aliases', + destination: '/boundary/docs/:version/concepts/domain-model', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15)\\.x)/domain-model/aliases', + destination: '/boundary/docs/:version/concepts/domain-model', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:16|17|18)\\.x)/domain-model/aliases', @@ -1697,12 +3175,41 @@ module.exports = [ destination: '/boundary/docs/domain-model/storage-policy', permanent: true, }, + { + source: '/boundary/docs/concepts/domain-model/storage-policies', + destination: '/boundary/docs/domain-model/storage-policy', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/concepts/domain-model/storage-policy', + destination: '/boundary/docs/:version/concepts/domain-model', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/domain-model/storage-policy', + destination: '/boundary/docs/:version/concepts/domain-model', + permanent: true, + }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14)\\.x)/concepts/domain-model/storage-policies', + destination: '/boundary/docs/:version/concepts/domain-model', + permanent: true, + }, { source: '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/domain-model/storage-policy', destination: '/boundary/docs/:version/concepts/domain-model/storage-policy', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:15|16|17|18)\\.x)/concepts/domain-model/storage-policies', + destination: '/boundary/docs/:version/concepts/domain-model/storage-policy', + permanent: true, + }, { source: '/boundary/docs/concepts/domain-model/targets', destination: '/boundary/docs/domain-model/targets', @@ -1736,11 +3243,22 @@ module.exports = [ destination: '/boundary/docs/:version/concepts/filtering', permanent: true, }, + { + source: '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering', + destination: '/boundary/docs/:version/filtering', + permanent: true, + }, { source: '/boundary/docs/concepts/filtering/resource-listing', destination: '/boundary/docs/filtering', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/concepts/filtering/resource-listing', + destination: '/boundary/docs/:version/filtering', + permanent: true, + }, { source: '/boundary/docs/troubleshoot/common-errors', destination: '/boundary/docs/errors', @@ -1751,10 +3269,22 @@ module.exports = [ destination: '/boundary/docs/:version/troubleshoot/common-errors', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:19)\\.x)/troubleshoot/common-errors', + destination: '/boundary/docs/:version/errors', + permanent: true, + }, { source: '/boundary/docs/configuration/target-aliases/interoperability-matrix', destination: '/boundary/docs/interoperability-matrix/index', permanent: true, }, + { + source: + '/boundary/docs/:version(v0\\.(?:1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18)\\.x)/interoperability-matrix', + destination: '/boundary/docs/:version', + permanent: true, + }, ]