Assign a Network Address to a Target

[hugoghx]

Summary:

This branch contains a set of commits that enable a Boundary Target to be directly configured with an address to create a session against, instead of having to create Host Catalogs, Host Sources and Hosts.

How to use (CLI):

Creating a tcp target with an address:

boundary targets create tcp -scope-id p_1234567890 -name test -default-port 22 -address "localhost"

Updating a tcp target with an address:

boundary targets update tcp -id ttcp_1234567890 -address "localhost"

Removing an address from a target:

boundary targets update tcp -id ttcp_1234567890 -address "null"

Notes:

• The address field can be a dns name or an ipv4 endpoint
• When deleting an address from a target, all active sessions using the target will be canceled. Changing the value of the address on a given target will not cancel any sessions.
• When adding or setting a host source to a target that has a network address directly configured to it, an error should be returned
• When setting a network address directly to a target that has a host source association, an error should be returned

Example of the error:

Error from controller when performing add-host-sources on target

Error information:
  Kind:                FailedPrecondition
  Message:             target.(Repository).AddTargetHostSources: error creating sets: db.DoTx:
  target.(Repository).AddTargetHostSources: unable to add host sources because a network address is directly assigned to the
  given target: integrity violation: error #409
  Status:              400
  context:             Error from controller when performing add-host-sources on target

Note: grpc-gateway maps Failed Precondition errors into http bad request errors because this deliberately doesn't translate to the similarly named '412 Precondition Failed' HTTP response status.

Concerns:

• database migration test 59_01 was deleted because of the breaking changes implemented into the domain code. which includes interacting with the target_address table. This test invoked functions in the domain code, such as LookupTarget & UpdateTarget, which now interacts with the target_address table. Because the target_address table does not exist until migration id 70, a postgress error is returned notifying the user that the table does not exist.

Important: We also have Terraform changes to implement client support for a Target using an address. Merging and releasing a provider with those changes is blocked until a Boundary version with the changes in this PR is released. After that, we can update the module imports on the PR and create a new Terraform provider release there.

[johanbrandhorst]

Should this be targeting the release branch? I assume not.

[hugoghx]

Should this be targeting the release branch? I assume not.

From what I know, that's how we're doing things now. We're not targeting main anymore, instead targeting release branches and then cherry-picking the commits into main when the PR is merged

[johanbrandhorst]

Should this be targeting the release branch? I assume not.

From what I know, that's how we're doing things now. We're not targeting main anymore, instead targeting release branches and then cherry-picking the commits into main when the PR is merged

Uh, I thought that was the case until we were doing a release, but I suppose you could be onto something, good point!

[johanbrandhorst]

Lets just make sure we don't merge this until 0.11.1 is out the door 😁

[ddebko]

Need to update the changelog

[johanbrandhorst]

Looks like the CHANGELOG needs an update too 😄

[hugoghx]

Rebasing off of main and squashing everything back into the original 10 commits now