`recursive` parameter in `scopesCheck` breaks with strict rbac

[macmiranda]

Another issue has been created in the main Boundary repo that I think is related to the recursive parameter in scopesCheck below https://github.com/hashicorp/boundary-ui/blob/0902e42cb05ecbab9bd6549eba1f705c17541541/ui/desktop/app/routes/scopes.js#L26

When recursive is true, at least one of your orgs must allow unauthenticated scopes list, otherwise the Boundary API will respond with a 500 status code, which makes the check fail and Boundary Desktop show the modal (thinking that it's actually talking to an older version of the API).

Originally posted by @macmiranda in https://github.com/hashicorp/boundary/issues/4370#issuecomment-1999332273

[cameronperera]

Hi @macmiranda,

Thanks for letting us know about this issue. I have been trying to replicate this in relation to the other issue you mentioned.

To properly replicate this issue, would you be able to share the grant string for your scopes that was causing the Boundary API to response with a 500?

[macmiranda]

Hi @cameronperera

To reproduce:

1. Start Boundary server in dev mode
2. Log in as admin
3. Modify the Global role Login Grants, Edit form, make sure Global is selected as the Grant Scope

(this is intentional. I don't want unauthenticated users to be able to see which scopes exist under the Global one. Since my auth method is global, users are able to authenticate themselves and then have access to other scopes)

4. On the CLI

   export BOUNDARY_ADDR=http://localhost:9200

   
   boundary scopes list -recursive
   Error from controller when performing list on scopes

Error information: Kind: Internal Message: output fields not found when building scope proto Status: 500 context: Error from controller when performing list on scopes

but without `-recursive`

boundary scopes list

Scope information: ID: o_1234567890 Name: Generated org scope Description: Provides an initial org scope in Boundary Authorized Actions: no-op