cherry-picks for release 1.1.x (#382)

* fix: Allow users to set OIDC maxAge value to 0 to require immediate reauth (#364) * fix: Allow users to set OIDC maxAge value to 0 to require immediate reauth Previously, setting 0 as a value for maxAge in an OIDC resource block would not update Boundary, as it was getting treated as a nil value in the provider. This fix addresses that issue, ensuring that both setting the value to 0 will require immediate reauthorisation, as well as removing the maxAge paramater defaulting the reauth time length to the TTL of the chose OIDC provider * Update doc strings, fix imports, and run go generate * add changes to CHANGELOG * spelling: host_set_plugin exmaple to example * Update target.md (#349) Update docs for Target resource removing `scope_id` from `boundary_host` resources to prevent error ``` ╷ │ Error: Unsupported argument │ │ on main.tf line 79, in resource "boundary_host" "foo": │ 79: scope_id = boundary_scope.project.id │ │ An argument named "scope_id" is not expected here. ``` * feature: add worker_filter option to Boundary Credential Store Vault (#375) * feature: add worker_filter option to Boundary Credential Store Vault * Update changelog * chore: update deps * small fixes for cherry-picks * downgrade hclog --------- Co-authored-by: mocofound <aharness@hashicorp.com> Co-authored-by: Steven Zamborsky <97125550+stevenzamborsky@users.noreply.github.com> Co-authored-by: Louis Ruch <louisruch@gmail.com>
hashicorp · Apr 21, 2023 · 96c688b · 96c688b
1 parent f58bb09
commit 96c688b
Show file tree

Hide file tree

Showing 27 changed files with 437 additions and 285 deletions.
diff --git a/.go-version b/.go-version
@@ -1 +1 @@
-1.19.1
+1.20
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,14 @@
 
 Canonical reference for changes, improvements, and bugfixes for the Boundary Terraform provider.
 
+## Next
+
+### New and Improved
+* Add support for credential store vault worker filters ([PR](https://github.com/hashicorp/terraform-provider-boundary/pull/375))
+
+### Bug Fix
+* Allow users to set OIDC maxAge value to 0 to require immediate reauth ([PR](https://github.com/hashicorp/terraform-provider-boundary/pull/364))
+
 ## 1.1.4 (February 15, 2023)
 
 ### New and Improved

diff --git a/Dockerfile b/Dockerfile
@@ -1,7 +1,7 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-FROM golang:1.19
+FROM golang:1.20
 
 WORKDIR /go/src/terraform-provider-boundary
 COPY . .

diff --git a/README.md b/README.md
@@ -9,7 +9,7 @@ Requirements
 ------------
 
 -	[Terraform](https://www.terraform.io/downloads.html) >= 0.12.x
--	[Go](https://golang.org/doc/install) >= 1.19
+-	[Go](https://golang.org/doc/install) >= 1.20
 
 Building The Provider
 ---------------------

diff --git a/docs/resources/auth_method_oidc.md b/docs/resources/auth_method_oidc.md
@@ -32,9 +32,9 @@ The OIDC auth method resource allows you to configure a Boundary auth_method_oid
 - `description` (String) The auth method description.
 - `disable_discovered_config_validation` (Boolean) Disables validation logic ensuring that the OIDC provider's information from its discovery endpoint matches the information here. The validation is only performed at create or update time.
 - `idp_ca_certs` (List of String) A list of CA certificates to trust when validating the IdP's token signatures.
-- `is_primary_for_scope` (Boolean) When true, makes this auth method the primary auth method for the scope in which it resides. The primary auth method for a scope means the the user will be automatically created when they login using an OIDC account.
+- `is_primary_for_scope` (Boolean) When true, makes this auth method the primary auth method for the scope in which it resides. The primary auth method for a scope means the user will be automatically created when they login using an OIDC account.
 - `issuer` (String) The issuer corresponding to the provider, which must match the issuer field in generated tokens.
-- `max_age` (Number) The max age to provide to the provider, indicating how much time is allowed to have passed since the last authentication before the user is challenged again.
+- `max_age` (Number) The max age to provide to the provider, indicating how much time is allowed to have passed since the last authentication before the user is challenged again. A value of 0 sets an immediate requirement for all users to reauthenticate, and an unset maxAge results in a Terraform value of -1 and the default TTL of the chosen OIDC will be used.
 - `name` (String) The auth method name. Defaults to the resource name.
 - `signing_algorithms` (List of String) Allowed signing algorithms for the provider's issued tokens.
 - `state` (String) Can be one of 'inactive', 'active-private', or 'active-public'. Currently automatically set to active-public.

diff --git a/docs/resources/host_set_plugin.md b/docs/resources/host_set_plugin.md
@@ -50,13 +50,13 @@ resource "boundary_host_catalog_plugin" "aws_example" {
 
 resource "boundary_host_set_plugin" "web" {
   name            = "My web host set plugin"
-  host_catalog_id = boundary_host_catalog_plugin.aws_exmaple.id
+  host_catalog_id = boundary_host_catalog_plugin.aws_example.id
   attributes_json = jsonencode({ "filters" = "tag:service-type=web" })
 }
 
 resource "boundary_host_set_plugin" "foobar" {
   name                = "My foobar host set plugin"
-  host_catalog_id     = boundary_host_catalog_plugin.aws_exmaple.id
+  host_catalog_id     = boundary_host_catalog_plugin.aws_example.id
   preferred_endpoints = ["cidr:54.0.0.0/8"]
   attributes_json = jsonencode({
     "filters" = "tag-key=foo",
@@ -66,7 +66,7 @@ resource "boundary_host_set_plugin" "foobar" {
 
 resource "boundary_host_set_plugin" "launch" {
   name                  = "My launch host set plugin"
-  host_catalog_id       = boundary_host_catalog_plugin.aws_exmaple.id
+  host_catalog_id       = boundary_host_catalog_plugin.aws_example.id
   sync_interval_seconds = 60
   attributes_json = jsonencode({
     "filters" = "tag:development=prod,dev",
@@ -102,13 +102,13 @@ resource "boundary_host_catalog_plugin" "azure_example" {
 
 resource "boundary_host_set_plugin" "database" {
   name            = "My database host set plugin"
-  host_catalog_id = boundary_host_catalog_plugin.azure_exmaple.id
+  host_catalog_id = boundary_host_catalog_plugin.azure_example.id
   attributes_json = jsonencode({ "filter" = "tagName eq 'service-type' and tagValue eq 'database'" })
 }
 
 resource "boundary_host_set_plugin" "foodev" {
   name                  = "My foodev host set plugin"
-  host_catalog_id       = boundary_host_catalog_plugin.azure_exmaple.id
+  host_catalog_id       = boundary_host_catalog_plugin.azure_example.id
   preferred_endpoints   = ["cidr:54.0.0.0/8"]
   sync_interval_seconds = 60
   attributes_json = jsonencode({

diff --git a/docs/resources/target.md b/docs/resources/target.md
@@ -61,15 +61,13 @@ resource "boundary_host" "foo" {
   type            = "static"
   name            = "foo"
   host_catalog_id = boundary_host_catalog.foo.id
-  scope_id        = boundary_scope.project.id
   address         = "10.0.0.1"
 }
 
 resource "boundary_host" "bar" {
   type            = "static"
   name            = "bar"
   host_catalog_id = boundary_host_catalog.foo.id
-  scope_id        = boundary_scope.project.id
   address         = "10.0.0.1"
 }
 

diff --git a/examples/resources/boundary_host_set_plugin/resource.tf b/examples/resources/boundary_host_set_plugin/resource.tf
@@ -35,13 +35,13 @@ resource "boundary_host_catalog_plugin" "aws_example" {
 
 resource "boundary_host_set_plugin" "web" {
   name            = "My web host set plugin"
-  host_catalog_id = boundary_host_catalog_plugin.aws_exmaple.id
+  host_catalog_id = boundary_host_catalog_plugin.aws_example.id
   attributes_json = jsonencode({ "filters" = "tag:service-type=web" })
 }
 
 resource "boundary_host_set_plugin" "foobar" {
   name                = "My foobar host set plugin"
-  host_catalog_id     = boundary_host_catalog_plugin.aws_exmaple.id
+  host_catalog_id     = boundary_host_catalog_plugin.aws_example.id
   preferred_endpoints = ["cidr:54.0.0.0/8"]
   attributes_json = jsonencode({
     "filters" = "tag-key=foo",
@@ -51,7 +51,7 @@ resource "boundary_host_set_plugin" "foobar" {
 
 resource "boundary_host_set_plugin" "launch" {
   name                  = "My launch host set plugin"
-  host_catalog_id       = boundary_host_catalog_plugin.aws_exmaple.id
+  host_catalog_id       = boundary_host_catalog_plugin.aws_example.id
   sync_interval_seconds = 60
   attributes_json = jsonencode({
     "filters" = "tag:development=prod,dev",
@@ -87,13 +87,13 @@ resource "boundary_host_catalog_plugin" "azure_example" {
 
 resource "boundary_host_set_plugin" "database" {
   name            = "My database host set plugin"
-  host_catalog_id = boundary_host_catalog_plugin.azure_exmaple.id
+  host_catalog_id = boundary_host_catalog_plugin.azure_example.id
   attributes_json = jsonencode({ "filter" = "tagName eq 'service-type' and tagValue eq 'database'" })
 }
 
 resource "boundary_host_set_plugin" "foodev" {
   name                  = "My foodev host set plugin"
-  host_catalog_id       = boundary_host_catalog_plugin.azure_exmaple.id
+  host_catalog_id       = boundary_host_catalog_plugin.azure_example.id
   preferred_endpoints   = ["cidr:54.0.0.0/8"]
   sync_interval_seconds = 60
   attributes_json = jsonencode({

diff --git a/go.mod b/go.mod
@@ -1,33 +1,33 @@
 module github.com/hashicorp/terraform-provider-boundary
 
-go 1.19
+go 1.20
 
 require (
-	github.com/hashicorp/boundary v0.12.0
+	github.com/hashicorp/boundary v0.12.2
 	github.com/hashicorp/boundary/api v0.0.34
 	github.com/hashicorp/boundary/sdk v0.0.30
 	github.com/hashicorp/cap v0.2.0
 	github.com/hashicorp/go-cty v1.4.1-0.20200723130312-85980079f637
-	github.com/hashicorp/go-kms-wrapping/v2 v2.0.6-0.20221122211539-47c893099f13
+	github.com/hashicorp/go-kms-wrapping/v2 v2.0.9-0.20230315135303-7bedb33a2280
 	github.com/hashicorp/go-secure-stdlib/configutil/v2 v2.0.7
 	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7
 	github.com/hashicorp/go-secure-stdlib/pluginutil/v2 v2.0.3
-	github.com/hashicorp/terraform-plugin-docs v0.13.0
+	github.com/hashicorp/terraform-plugin-docs v0.14.1
 	github.com/hashicorp/terraform-plugin-sdk/v2 v2.24.1
 	github.com/kr/pretty v0.3.1
 	github.com/mitchellh/go-homedir v1.1.0
-	github.com/stretchr/testify v1.8.1
-	golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa
+	github.com/stretchr/testify v1.8.2
+	golang.org/x/crypto v0.7.0
 )
 
 require (
 	github.com/99designs/go-keychain v0.0.0-20191008050251-8e49817e8af4 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/DATA-DOG/go-sqlmock v1.5.0 // indirect
 	github.com/Masterminds/goutils v1.1.1 // indirect
-	github.com/Masterminds/semver/v3 v3.1.1 // indirect
-	github.com/Masterminds/sprig/v3 v3.2.2 // indirect
-	github.com/Microsoft/go-winio v0.5.0 // indirect
+	github.com/Masterminds/semver/v3 v3.2.0 // indirect
+	github.com/Masterminds/sprig/v3 v3.2.3 // indirect
+	github.com/Microsoft/go-winio v0.5.2 // indirect
 	github.com/Nvveen/Gotty v0.0.0-20120604004816-cd527374f1e5 // indirect
 	github.com/agext/levenshtein v1.2.2 // indirect
 	github.com/alessio/shellescape v1.4.1 // indirect
@@ -38,17 +38,17 @@ require (
 	github.com/bgentry/speakeasy v0.1.0 // indirect
 	github.com/cenkalti/backoff/v3 v3.0.0 // indirect
 	github.com/cenkalti/backoff/v4 v4.1.3 // indirect
-	github.com/cespare/xxhash/v2 v2.1.2 // indirect
-	github.com/containerd/continuity v0.1.0 // indirect
+	github.com/cespare/xxhash/v2 v2.2.0 // indirect
+	github.com/containerd/continuity v0.3.0 // indirect
 	github.com/coreos/go-oidc/v3 v3.1.0 // indirect
 	github.com/danieljoos/wincred v1.1.2 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
-	github.com/docker/cli v20.10.7+incompatible // indirect
+	github.com/docker/cli v20.10.14+incompatible // indirect
 	github.com/docker/docker v20.10.9+incompatible // indirect
 	github.com/docker/go-connections v0.4.0 // indirect
 	github.com/docker/go-units v0.4.0 // indirect
 	github.com/dvsekhvalnov/jose2go v1.5.0 // indirect
-	github.com/fatih/color v1.13.0 // indirect
+	github.com/fatih/color v1.14.1 // indirect
 	github.com/fatih/structs v1.1.0 // indirect
 	github.com/godbus/dbus/v5 v5.0.6 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
@@ -62,47 +62,47 @@ require (
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.2 // indirect
 	github.com/hashicorp/dbassert v0.0.0-20210708202608-ecf920cf1ed8 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
-	github.com/hashicorp/eventlogger v0.1.1-0.20211106154408-4ff8da3a890c // indirect
-	github.com/hashicorp/eventlogger/filters/encrypt v0.1.7 // indirect
+	github.com/hashicorp/eventlogger v0.1.2-0.20230227112545-f26a3bdf6871 // indirect
+	github.com/hashicorp/eventlogger/filters/encrypt v0.1.8-0.20230227112545-f26a3bdf6871 // indirect
 	github.com/hashicorp/go-bexpr v0.1.10 // indirect
 	github.com/hashicorp/go-checkpoint v0.5.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
 	github.com/hashicorp/go-dbw v0.0.0-20220910135738-ed4505749995 // indirect
-	github.com/hashicorp/go-hclog v1.2.2 // indirect
+	github.com/hashicorp/go-hclog v1.3.1 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-kms-wrapping/extras/kms/v2 v2.0.0-20221122211539-47c893099f13 // indirect
 	github.com/hashicorp/go-kms-wrapping/plugin/v2 v2.0.3 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.6 // indirect
-	github.com/hashicorp/go-retryablehttp v0.7.0 // indirect
+	github.com/hashicorp/go-plugin v1.4.9 // indirect
+	github.com/hashicorp/go-retryablehttp v0.7.2 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/base62 v0.1.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/gatedwriter v0.1.1 // indirect
 	github.com/hashicorp/go-secure-stdlib/kv-builder v0.1.1 // indirect
-	github.com/hashicorp/go-secure-stdlib/listenerutil v0.1.5-0.20221130175209-f7789ac19a1f // indirect
+	github.com/hashicorp/go-secure-stdlib/listenerutil v0.1.5 // indirect
 	github.com/hashicorp/go-secure-stdlib/mlock v0.1.1 // indirect
 	github.com/hashicorp/go-secure-stdlib/reloadutil v0.1.1 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
-	github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.1 // indirect
+	github.com/hashicorp/go-secure-stdlib/tlsutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
-	github.com/hashicorp/hc-install v0.4.0 // indirect
+	github.com/hashicorp/hc-install v0.5.0 // indirect
 	github.com/hashicorp/hcl v1.0.0 // indirect
-	github.com/hashicorp/hcl/v2 v2.15.0 // indirect
+	github.com/hashicorp/hcl/v2 v2.16.2 // indirect
 	github.com/hashicorp/logutils v1.0.0 // indirect
 	github.com/hashicorp/nodeenrollment v0.1.18 // indirect
-	github.com/hashicorp/terraform-exec v0.17.3 // indirect
-	github.com/hashicorp/terraform-json v0.14.0 // indirect
-	github.com/hashicorp/terraform-plugin-go v0.14.1 // indirect
+	github.com/hashicorp/terraform-exec v0.18.1 // indirect
+	github.com/hashicorp/terraform-json v0.16.0 // indirect
+	github.com/hashicorp/terraform-plugin-go v0.14.3 // indirect
 	github.com/hashicorp/terraform-plugin-log v0.7.0 // indirect
-	github.com/hashicorp/terraform-registry-address v0.0.0-20220623143253-7d51757b572c // indirect
+	github.com/hashicorp/terraform-registry-address v0.1.0 // indirect
 	github.com/hashicorp/terraform-svchost v0.0.0-20200729002733-f050f53b9734 // indirect
 	github.com/hashicorp/vault/api v1.3.1 // indirect
 	github.com/hashicorp/vault/sdk v0.3.0 // indirect
-	github.com/hashicorp/yamux v0.1.0 // indirect
-	github.com/huandu/xstrings v1.3.2 // indirect
+	github.com/hashicorp/yamux v0.1.1 // indirect
+	github.com/huandu/xstrings v1.4.0 // indirect
 	github.com/imdario/mergo v0.3.13 // indirect
 	github.com/jackc/chunkreader/v2 v2.0.1 // indirect
 	github.com/jackc/pgconn v1.12.1 // indirect
@@ -120,26 +120,26 @@ require (
 	github.com/jinzhu/now v1.1.5 // indirect
 	github.com/kr/text v0.2.0 // indirect
 	github.com/lib/pq v1.10.2 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.17 // indirect
 	github.com/mattn/go-sqlite3 v2.0.3+incompatible // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mikesmitty/edkey v0.0.0-20170222072505-3356ea4e686a // indirect
-	github.com/mitchellh/cli v1.1.4 // indirect
+	github.com/mitchellh/cli v1.1.5 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-testing-interface v1.14.1 // indirect
 	github.com/mitchellh/go-wordwrap v1.0.1 // indirect
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
-	github.com/mitchellh/pointerstructure v1.2.0 // indirect
+	github.com/mitchellh/pointerstructure v1.2.1 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/mr-tron/base58 v1.2.0 // indirect
 	github.com/mtibben/percent v0.2.1 // indirect
-	github.com/oklog/run v1.0.0 // indirect
+	github.com/oklog/run v1.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
-	github.com/opencontainers/image-spec v1.0.1 // indirect
-	github.com/opencontainers/runc v1.0.2 // indirect
-	github.com/ory/dockertest/v3 v3.7.0 // indirect
+	github.com/opencontainers/image-spec v1.0.2 // indirect
+	github.com/opencontainers/runc v1.1.2 // indirect
+	github.com/ory/dockertest/v3 v3.9.1 // indirect
 	github.com/pierrec/lz4 v2.5.2+incompatible // indirect
 	github.com/pires/go-proxyproto v0.6.1 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
@@ -164,19 +164,20 @@ require (
 	github.com/xeipuuv/gojsonschema v1.2.0 // indirect
 	github.com/xo/dburl v0.11.0 // indirect
 	github.com/zalando/go-keyring v0.2.1 // indirect
-	github.com/zclconf/go-cty v1.12.1 // indirect
+	github.com/zclconf/go-cty v1.13.1 // indirect
 	go.uber.org/atomic v1.9.0 // indirect
-	golang.org/x/exp v0.0.0-20220921164117-439092de6870 // indirect
-	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
-	golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c // indirect
-	golang.org/x/sys v0.2.0 // indirect
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
-	golang.org/x/text v0.3.7 // indirect
-	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
+	golang.org/x/exp v0.0.0-20230224173230-c95f2b4c22f2 // indirect
+	golang.org/x/mod v0.8.0 // indirect
+	golang.org/x/net v0.8.0 // indirect
+	golang.org/x/oauth2 v0.4.0 // indirect
+	golang.org/x/sys v0.6.0 // indirect
+	golang.org/x/term v0.6.0 // indirect
+	golang.org/x/text v0.8.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/genproto v0.0.0-20220805133916-01dd62135a58 // indirect
-	google.golang.org/grpc v1.50.1 // indirect
-	google.golang.org/protobuf v1.28.1 // indirect
+	google.golang.org/genproto v0.0.0-20230303212802-e74f57abe488 // indirect
+	google.golang.org/grpc v1.53.0 // indirect
+	google.golang.org/protobuf v1.29.1 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect