Desktop app not working with v0.11

hashicorp / boundary

Boundary enables identity-based access management for dynamic infrastructure.

https://boundaryproject.io

Other

3.84k stars 287 forks source link

Desktop app not working with v0.11 #2697

Closed Akisaji closed 1 year ago

Akisaji commented 1 year ago

Recently we upgraded from v0.7.4 to v0.11.0 and with the upgrade no version of the desktop app works anymore for our devs.

From desktop app version 1.4.4 or greater, the desktop app can no longer connect to the boundary server and gives the following popup:

The URL used is the same URL as before the upgrade, and when reverting boundary version this URL works again.

While other version before 1.4.4 of the desktop app are able to connect to the boundary server but when trying to connect to a target the following error is shown:

Is this a fault in the boundary desktop app, or do we need to change something on the boundary setup?

Connecting through the CLI works just fine with the upgrades version of boundary.

If more info on the setup is required let me know

ghost commented 1 year ago

Hi there and thanks for your interest in Boundary. In order to better assist you, we'd like to learn more about your use case. To ensure the privacy of your sensitive information, we'd be happy to follow up via boundary-issues-investigations@hashicorp.com. Please email us at this address with the following information:

Subject: Desktop app not working with v0.11 #2697

Boundary controller (server) version
Boundary controller (server) OS
Boundary Desktop v1.4.4 OS
URL of your Boundary controller, which you were unable to connect to from Boundary Desktop v1.4.4

Thank you!

Akisaji commented 1 year ago

@randallmorey I tried to mail to boundary-issue-investigations@hashicorp.com with the additional info but i'm getting a failure mail that it can't be delivered. Is this the correct email?

ghost commented 1 year ago

@Akisaji I mistyped the email. Try this: boundary-issues-investigations@hashicorp.com

Akisaji commented 1 year ago

@randallmorey Still nothing..

Your message wasn't delivered to boundary-issues-investigations@hashicorp.com because the address couldn't be found, or is unable to receive mail.

covetocove commented 1 year ago

Apologies @Akisaji the issue you experienced should be solved now. Please try to resend.

covetocove commented 1 year ago

This issue appears to have been caused by u_anon, the user resource for unauthenticated Boundary users, having insufficient privileges. Anonymous user u_anon must be a member of a role with a grant to list auth methods and scopes to use Boundary Desktop.

Boundary autocreates a global_anon_listing role for u_anon in dev mode and HCP Boundary. The role has the following grants:

Adding these grants to a role in global scope and ensuring u_anon is a member should resolve the issue. id={{account.id}};actions=read,change-password id=*;type=scope;actions=list,no-op id=*;type=auth-method;actions=list,authenticate