Problem with setting role grants

simonfrey · December 17, 2020, 3:04pm

I try to connect to a target with following command:

boundary connect -target-id ttcp_YrLzMjBym4 -listen-port 9200

When I add a grant to my role like following it works (obviously, as it is a wildcard):

id=*;type=*;actions=authorize-session

when trying to narrow the scope down to only that certain target I can not connect anymore:

id=ttcp_YrLzMjBym4;type=*;actions=authorize-session

Error output with the second grant configuration:

Error from controller when performing authorize-session against target: 
Error information:
  Code:
  Message:             Forbidden
  Status:              403

jeff · December 18, 2020, 5:57pm

This is https://github.com/hashicorp/boundary/pull/839 which will be fixed in the shortly-upcoming 0.1.3. Sorry about that!

simonfrey · December 21, 2020, 10:13am

Thanks for the info! When will 0.1.3 be available in the ubuntu repos? I see it is released on the github page, but neither the ubuntu repo nor the HC download page points to it yet.

ywyt738 · December 28, 2020, 8:18am

On 0.1.3 It doesn’t work.

jorhett · December 28, 2020, 7:31pm

Did you recreate it? On 0.1.2 it would have lowercased the grant thus causing it to (still) not match. Remove the grant and add it again if you haven’t already.

ywyt738 · December 29, 2020, 5:35am

Thanks. I recreated the role. It’s ok.