I have deployed Boundary in HA and all seems to be OK. I can connect to the website and can login without an issue.
I have then tried to authenticate via the CLi and have gone through the instructions verbatum:
export BOUNDARY_ADDR=“http://boundary-*****.eu-west-1.elb.amazonaws.com”
export AUTH_ID="ampw_*"
boundary authenticate password -auth-method-id=$AUTH_ID -login-name=admin -password=
Once I run this I get the following, which doesn’t make any sense to me:
Error from controller when performing authentication
Error information:
Kind:
Message: Invalid fields provided in request.
Status: 400
context: Error from controller when performing authentication
Field-specific Errors:
Name: -credentials
Error: This is a required field.
Name: -credentials.login-name
Error: This is a required field.
Name: -credentials.password
Error: This is a required field.
I cannot work out what is wrong, so that I am able to authenticate to Boundary.
Any suggestions welcome.
perhaps AUTH_ID (with an underscore) and then not -password= with no value… just leave off -password and enter the pass when prompted.
Thanks for the reply,
boundary authenticate password -auth-method-id=$AUTH_ID -login-name=admin
but I get the exact same message:
Error from controller when performing authentication
Error information:
Kind:
Message: Invalid fields provided in request.
Status: 400
context: Error from controller when performing authentication
Field-specific Errors:
Name: -credentials
Error: This is a required field.
Name: -credentials.login-name
Error: This is a required field.
Name: -credentials.password
Error: This is a required field.
Hum… I’m not able to reproduce your issue.
❯ boundary version
Version information:
Git Revision: dd272536554f47c2dcf52cf842da9d7e703dec83+CHANGES
Version Number: 0.8.1
❯ boundary authenticate password -auth-method-id ampw_9FpMGWsJgc -login-name admin
Password is not set as flag or in env, please enter it now (will be hidden):
Authentication information:
Account ID: acctpw_eBQx91foNX
Auth Method ID: ampw_9FpMGWsJgc
Expiration Time: Sun, 19 Jun 2022 18:37:44 EDT
User ID: u_byrdGvrtDm
The token was successfully stored in the chosen keyring and is not displayed here.
You could try a direct POST via curl…
curl -X POST -H "Content-Type: application/json" -d '{"attributes":{"login_name":"admin","password":"<your-admin-passwd>"},"command":"login"}' 'http://127.0.0.1:9200/v1/auth-methods/<your-pwd-auth-method-id>:authenticate'
This is the result:
curl: (28) Failed to connect to boundary-xxxx.eu-west-1.elb.amazonaws.com port 9200 after 225019 ms: Operation timed out
Even though the load balancer is listening on port 9200.
Yeah, it’s strange, I’m on the latest version of boundary too:
Version information:
Git Revision: dd272536554f47c2dcf52cf842da9d7e703dec83
Version Number: 0.8.1
OK, I’m getting a bit further now. Did a trace and it was timing out on the LB. So, I realised I wasn’t listening on port 9200. So I’ve added that now. I have rerun the curl statement and I have now got the following message (which seems strangely similar to the original one):
{“status”:400, “code”:“InvalidArgument”, “message”:“Invalid fields provided in request.”, “details”:{“request_fields”:[{“name”:“credentials”, “description”:“This is a required field.”}, {“name”:“credentials.login_name”, “description”:“This is a required field.”}, {“name”:“credentials.password”, “description”:“This is a required field.”}]}}
As far as I can see, I have provided these details, so not sure why this is giving me this error.
This is the command I ran (removing sensitive info with )
curl -X POST -H “Content-Type: application/json” -d '{“attributes”:{“login_name”:“admin”,“password”:"ZHswkrecHhEy****"},“command”:“login”}’ ‘http://boundary-30241****.eu-west-1.elb.amazonaws.com:9200/v1/auth-methods/ampw_****euQC2:authenticate’
I think perhaps you’re using an older boundary server? the credentials attribute referenced in the error msg was deprecated and then removed back in Sept 2021: boundary/CHANGELOG.md at main · hashicorp/boundary · GitHub
Here’s the PR where it was removed, after being previously deprecated: chore(authenticate): remove deprecated authenticate:login and credentials field by louisruch · Pull Request #1534 · hashicorp/boundary · GitHub
So it sort of appears you’re sending the new API attributes to an older version of boundary.