Skip to content

Commit

Permalink
backport of commit 7bdc25c
Browse files Browse the repository at this point in the history
  • Loading branch information
Dan-Heath committed Oct 14, 2024
1 parent f2a68cc commit 3f0696e
Show file tree
Hide file tree
Showing 176 changed files with 2,525 additions and 647 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ jobs:
repository: boundary
version: ${{ needs.set-product-version.outputs.product-version }}
product: ${{ env.PKG_NAME }}
- uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
- uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: metadata.json
path: ${{ steps.generate-metadata-file.outputs.filepath }}
Expand Down Expand Up @@ -279,12 +279,12 @@ jobs:
echo "RPM_PACKAGE=$(basename out/*.rpm)" >> "$GITHUB_ENV"
echo "DEB_PACKAGE=$(basename out/*.deb)" >> "$GITHUB_ENV"
- name: Upload RPM package
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: ${{ env.RPM_PACKAGE }}
path: out/${{ env.RPM_PACKAGE }}
- name: Upload DEB package
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: ${{ env.DEB_PACKAGE }}
path: out/${{ env.DEB_PACKAGE }}
Expand Down
12 changes: 6 additions & 6 deletions .github/workflows/enos-run.yml
Original file line number Diff line number Diff line change
Expand Up @@ -218,7 +218,7 @@ jobs:
run: |
mv ${{ steps.download-docker.outputs.download-path }}/*.tar enos/support/boundary_docker_image.tar
- name: Set up Node.js
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
if: contains(matrix.filter, 'e2e_ui')
with:
node-version: '16.x'
Expand Down Expand Up @@ -266,7 +266,7 @@ jobs:
SCENARIO=$(echo "${{ matrix.filter }}" | cut -d' ' -f1)
echo fragment="${SCENARIO}" >> "$GITHUB_OUTPUT"
- name: Upload e2e tests output
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: test-${{ steps.split.outputs.fragment }}
path: enos/*.log
Expand All @@ -279,7 +279,7 @@ jobs:
docker logs database
- name: Upload e2e UI tests debug info
if: contains(matrix.filter, 'e2e_ui') && steps.run.outcome == 'failure'
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: test-e2e-ui-debug
path: enos/support/src/boundary-ui/ui/admin/tests/e2e/artifacts/test-failures
Expand All @@ -292,7 +292,7 @@ jobs:
enos scenario launch --timeout 60m0s --chdir ./enos ${{ matrix.filter }}
- name: Upload Debug Data
if: ${{ always() && steps.run_retry.outcome == 'failure' }}
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
# The name of the artifact is the same as the matrix scenario name with the spaces replaced with underscores and colons replaced by equals.
name: ${{ steps.prepare_scenario.outputs.debug_data_artifact_name }}
Expand Down Expand Up @@ -327,7 +327,7 @@ jobs:
env
find ./enos -name "scenario.tf" -exec cat {} \;
- name: Send Slack message if Run and Retry fails (or if something else went wrong)
uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
# steps.run.outcome reports as failure when there is an error in `Run Enos scenario`
# failure() captures errors before `Run Enos scenario`
# failure() does not capture errors in `Run Enos scenario` due to continue-on-error
Expand All @@ -341,7 +341,7 @@ jobs:
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_TOKEN }}
- name: Send Slack message if Run but Retry passes
uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
if: ${{ steps.run.outcome == 'failure' && steps.run_retry.outcome != 'failure' }}
with:
channel-id: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_CHANNEL_ID }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/fuzz.yml
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ jobs:
run: go test ./internal/perms -fuzz=FuzzParse -fuzztime=30s
- name: Upload fuzz failure seed corpus as run artifact
if: failure()
uses: actions/upload-artifact@834a144ee995460fba8ed112a2fc961b36a5ec5a # v4.3.6
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: fuzz-corpus
path: ./internal/perms/testdata/fuzz
Expand Down
4 changes: 2 additions & 2 deletions .github/workflows/security-scan.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ jobs:
cache: false

- name: Set up Python
uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1
uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0
with:
python-version: 3.x

Expand Down Expand Up @@ -79,7 +79,7 @@ jobs:
repository: "$PWD"

- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@5c02493ebfd65b28fd3b082c65e5af2cd745d91f # codeql-bundle-v2.18.2
uses: github/codeql-action/upload-sarif@5618c9fc1e675841ca52c1c6b1304f5255a905a0 # codeql-bundle-v2.19.0
with:
sarif_file: results.sarif

4 changes: 2 additions & 2 deletions .github/workflows/test-cli-ui_oss.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ jobs:
path: /tmp/bats-cli-ui-deps
key: enos-bats-cli-ui-deps-jq-1.6-password-store-1.7.4-vault-1.12.2
- name: Set up Node for Bats install
uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
with:
node-version: 16
- name: Install Bats via NPM
Expand Down Expand Up @@ -112,7 +112,7 @@ jobs:
make -C internal/tests/cli test-vault-down
- name: Send Slack message
if: ${{ failure() }}
uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0
uses: slackapi/slack-github-action@37ebaef184d7626c5f204ab8d3baff4262dd30f0 # v1.27.0
with:
channel-id: ${{ secrets.SLACK_BOUNDARY_TEST_BOT_CHANNEL_ID }}
payload: |
Expand Down
91 changes: 84 additions & 7 deletions internal/clientcache/cmd/cache/wrapper_register.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ import (
"github.com/hashicorp/boundary/internal/clientcache/internal/daemon"
"github.com/hashicorp/boundary/internal/cmd/base"
"github.com/hashicorp/boundary/internal/cmd/wrapper"
"github.com/hashicorp/boundary/version"
"github.com/mitchellh/cli"
)

Expand All @@ -33,28 +34,50 @@ func hook(ctx context.Context, baseCmd *base.Command, token string) {
if baseCmd.FlagSkipCacheDaemon {
return
}
if startDaemon(ctx, baseCmd) {
addTokenToCache(ctx, baseCmd, token)
started, err := startDaemon(ctx, baseCmd)
if err != nil {
// Failed to start the daemon, but we don't need to tell the user
// since the function already did
return
}
if !started {
// If we didn't have to start it, check that the version of the cache
// is current or newer than the CLI.
// We don't care if the cache is newer than the CLI, since we don't
// want to kill a cache started by a newer version of the CLI.
if !cacheVersionIsCurrentOrNewer(ctx, baseCmd) {
// If the cache is older than the current version, restart it
// Ignore errors stopping the daemon since it might have been stopped since
// we last tried to start the daemon.
_ = stopDaemon(ctx, baseCmd)
_, err = startDaemon(ctx, baseCmd)
if err != nil {
return
}
}
}

// Cache successfully started and version verified, add the token to the cache
addTokenToCache(ctx, baseCmd, token)
}

// startDaemon attempts to start a daemon and returns true if we have attempted to start
// the daemon and either it was successful or it was already running.
func startDaemon(ctx context.Context, baseCmd *base.Command) bool {
func startDaemon(ctx context.Context, baseCmd *base.Command) (started bool, _ error) {
// Ignore errors related to checking if the process is already running since
// this can fall back to running the process.
if dotPath, err := DefaultDotDirectory(ctx); err == nil {
pidPath := filepath.Join(dotPath, pidFileName)
if running, _ := pidFileInUse(ctx, pidPath); running != nil {
// return true since it is already running, no need to run it again.
return true
return false, nil
}
}

cmdName, err := os.Executable()
if err != nil {
baseCmd.UI.Error(fmt.Sprintf("unable to find boundary binary for cache startup: %s", err.Error()))
return false
return false, err
}

var stdErr bytes.Buffer
Expand All @@ -64,8 +87,41 @@ func startDaemon(ctx context.Context, baseCmd *base.Command) bool {
// We use Run here instead of Start because the command spawns off a subprocess and returns.
// We do not want to send the request to add a persona to the cache until we know the daemon
// has started up.
err = cmd.Run()
return err == nil || strings.Contains(stdErr.String(), "already running")
if err := cmd.Run(); err != nil {
baseCmd.UI.Error(fmt.Sprintf("unable to start cache: %s", err.Error()))
return false, err
}
return !strings.Contains(stdErr.String(), "already running"), nil
}

// stopDaemon makes a best effort attempt at stopping the cache daemon, if it is running
func stopDaemon(ctx context.Context, baseCmd *base.Command) error {
dotPath, err := DefaultDotDirectory(ctx)
if err != nil {
baseCmd.UI.Error(fmt.Sprintf("cannot find daemon directory: %s", err.Error()))
return err
}
pidPath := filepath.Join(dotPath, pidFileName)
running, err := pidFileInUse(ctx, pidPath)
if err != nil {
baseCmd.UI.Error(fmt.Sprintf("PID file in use: %s", err.Error()))
return err
}
if running == nil {
return nil
}

cmdName, err := os.Executable()
if err != nil {
baseCmd.UI.Error(fmt.Sprintf("unable to find boundary binary for cache startup: %s", err.Error()))
return err
}
cmd := exec.Command(cmdName, "cache", "stop")
if err := cmd.Run(); err != nil {
baseCmd.UI.Error(fmt.Sprintf("unable to stop cache: %s", err.Error()))
return err
}
return nil
}

// silentUi should not be used in situations where the UI is expected to be
Expand Down Expand Up @@ -108,6 +164,27 @@ func addTokenToCache(ctx context.Context, baseCmd *base.Command, token string) b
return err == nil && apiErr == nil
}

// cacheVersionIsCurrentOrNewer requests the version of the cache from the
// daemon, then compares it to the version of the CLI. If the cache version is
// greater than or equal to the CLI, it returns true. In all other cases, including
// errors, it returns false.
func cacheVersionIsCurrentOrNewer(ctx context.Context, baseCmd *base.Command) bool {
com := StatusCommand{Command: base.NewCommand(baseCmd.UI)}
// We do not want to print errors out from our background interactions with
// the daemon so use the silentUi to toss out anything that shouldn't be used
_, result, apiErr, err := com.Status(ctx)
if err != nil || apiErr != nil {
return false
}
cacheVersion := version.FromVersionString(result.Version)
if cacheVersion == nil {
return false
}
cliVersion := version.Get()

return cacheVersion.Semver().GreaterThanOrEqual(cliVersion.Semver())
}

// waitForDaemon continually looks for the unix socket until it is found or the
// provided context is done. It returns an error if the unix socket is not found
// before the context is done.
Expand Down
2 changes: 1 addition & 1 deletion internal/ui/VERSION
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
0d55812f647689f8c735d5c5f6aea0a524d18557
0ff91f9182cee072d3f4658d7ff7929cda23126f
# This file determines the version of the UI to embed in the boundary binary.
# Update this file by running 'make update-ui-version' from the root of this repo.
# Set UI_COMMITISH when running the above target to update to a specific version.
6 changes: 3 additions & 3 deletions website/content/docs/api-clients/api/index.mdx
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
---
layout: docs
page_title: API
description: |-
Boundary's HTTP API standards
page_title: API overview
description: >-
Learn about Boundary's HTTP API standards, status codes, path layout, methods, and headers. Understand how rate limiting helps manage system resources.
---

# API
Expand Down
3 changes: 2 additions & 1 deletion website/content/docs/api-clients/api/pagination.mdx
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
---
layout: docs
page_title: API list pagination
description: Learn how the API pagination and cache works in Boundary to prevent system resources from being overwhlemed and to help you find resources.
description: >-
Learn about API pagination and how the cache works in Boundary to prevent system resources from being overwhelmed and to help you find resources.
---

# API list pagination
Expand Down
3 changes: 2 additions & 1 deletion website/content/docs/api-clients/api/rate-limiting.mdx
Original file line number Diff line number Diff line change
@@ -1,7 +1,8 @@
---
layout: docs
page_title: API rate limiting
description: Learn how API rate limiting lets you configure limits on the rates of API requests in Boundary to help manage resources and prevent them from being overwhelmed.
description: >-
Learn how API rate limiting lets you configure limits on the rates of API requests in Boundary to help manage resources and prevent them from being overwhelmed.
---

# Rate limiting
Expand Down
Loading

0 comments on commit 3f0696e

Please sign in to comment.