chore: upgrade dependencies

deployment/aws/aws/db.tf

@@ -3,11 +3,11 @@
 
 resource "aws_db_instance" "boundary" {
   allocated_storage   = 20
-  storage_type        = "gp2"
+  storage_type        = "gp3"
   engine              = "postgres"
-  engine_version      = "14.2"
+  engine_version      = "14.11"
   instance_class      = "db.t3.micro"
-  name                = "boundary"
+  db_name             = "boundary"
   username            = "boundary"
   password            = "boundarydemo"
   skip_final_snapshot = true

deployment/aws/aws/kms.tf

@@ -27,3 +27,18 @@ resource "aws_kms_key" "recovery" {
     Name = "${var.tag}-${random_pet.test.id}"
   }
 }
+
+resource "aws_kms_alias" "root" {
+  name          = "alias/boundary_root"
+  target_key_id = aws_kms_key.root.id
+}
+
+resource "aws_kms_alias" "worker_auth" {
+  name          = "alias/boundary_worker_auth"
+  target_key_id = aws_kms_key.worker_auth.id
+}
+
+resource "aws_kms_alias" "recovery" {
+  name          = "alias/boundary_recovery"
+  target_key_id = aws_kms_key.recovery.id
+}

deployment/aws/aws/net.tf

@@ -48,9 +48,9 @@ resource "aws_subnet" "private" {
 }
 
 resource "aws_eip" "nat" {
-  count = var.num_subnets_private
-  vpc   = true
-  tags  = local.tags
+  count  = var.num_subnets_private
+  domain = "vpc"
+  tags   = local.tags
 }
 
 resource "aws_nat_gateway" "private" {

deployment/aws/boundary/hosts.tf

@@ -1,26 +1,25 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-resource "boundary_host_catalog" "backend_servers" {
+resource "boundary_host_catalog_static" "backend_servers" {
   name        = "backend_servers"
   description = "Web servers for backend team"
-  type        = "static"
   scope_id    = boundary_scope.core_infra.id
 }
 
-resource "boundary_host" "backend_servers" {
+resource "boundary_host_static" "backend_servers" {
   for_each        = var.target_ips
   type            = "static"
   name            = "backend_server_${each.value}"
   description     = "Backend server #${each.value}"
   address         = each.key
-  host_catalog_id = boundary_host_catalog.backend_servers.id
+  host_catalog_id = boundary_host_catalog_static.backend_servers.id
 }
 
-resource "boundary_host_set" "backend_servers" {
+resource "boundary_host_set_static" "backend_servers" {
   type            = "static"
   name            = "backend_servers"
   description     = "Host set for backend servers"
-  host_catalog_id = boundary_host_catalog.backend_servers.id
-  host_ids        = [for host in boundary_host.backend_servers : host.id]
+  host_catalog_id = boundary_host_catalog_static.backend_servers.id
+  host_ids        = [for host in boundary_host_static.backend_servers : host.id]
 }

deployment/aws/boundary/main.tf

@@ -5,7 +5,7 @@ terraform {
   required_providers {
     boundary = {
       source  = "hashicorp/boundary"
-      version = "1.0.5"
+      version = "1.1.14"
     }
   }
 }

deployment/aws/boundary/principles.tf

@@ -3,54 +3,48 @@
 
 resource "boundary_user" "backend" {
   for_each    = var.backend_team
-  name        = each.key
+  name        = lower(each.key)
   description = "Backend user: ${each.key}"
   account_ids = [boundary_account_password.backend_user_acct[each.value].id]
   scope_id    = boundary_scope.org.id
 }
 
 resource "boundary_user" "frontend" {
   for_each    = var.frontend_team
-  name        = each.key
+  name        = lower(each.key)
   description = "Frontend user: ${each.key}"
   account_ids = [boundary_account_password.frontend_user_acct[each.value].id]
   scope_id    = boundary_scope.org.id
 }
 
 resource "boundary_user" "leadership" {
   for_each    = var.leadership_team
-  name        = each.key
+  name        = lower(each.key)
   description = "WARNING: Managers should be read-only"
   account_ids = [boundary_account_password.leadership_user_acct[each.value].id]
   scope_id    = boundary_scope.org.id
 }
 
 resource "boundary_account_password" "backend_user_acct" {
   for_each       = var.backend_team
-  name           = each.key
-  description    = "User account for ${each.key}"
-  type           = "password"
   login_name     = lower(each.key)
+  description    = "User account for ${each.key}"
   password       = "foofoofoo"
   auth_method_id = boundary_auth_method.password.id
 }
 
 resource "boundary_account_password" "frontend_user_acct" {
   for_each       = var.frontend_team
-  name           = each.key
-  description    = "User account for ${each.key}"
-  type           = "password"
   login_name     = lower(each.key)
+  description    = "User account for ${each.key}"
   password       = "foofoofoo"
   auth_method_id = boundary_auth_method.password.id
 }
 
 resource "boundary_account_password" "leadership_user_acct" {
   for_each       = var.leadership_team
-  name           = each.key
-  description    = "User account for ${each.key}"
-  type           = "password"
   login_name     = lower(each.key)
+  description    = "User account for ${each.key}"
   password       = "foofoofoo"
   auth_method_id = boundary_auth_method.password.id
 }

deployment/aws/boundary/roles.tf

@@ -7,9 +7,9 @@
 resource "boundary_role" "global_anon_listing" {
   scope_id = boundary_scope.global.id
   grant_strings = [
-    "id=*;type=auth-method;actions=list,authenticate",
+    "ids=*;type=auth-method;actions=list,authenticate",
     "type=scope;actions=list",
-    "id={{account.id}};actions=read,change-password"
+    "ids={{account.id}};actions=read,change-password"
   ]
   principal_ids = ["u_anon"]
 }
@@ -20,9 +20,9 @@ resource "boundary_role" "global_anon_listing" {
 resource "boundary_role" "org_anon_listing" {
   scope_id = boundary_scope.org.id
   grant_strings = [
-    "id=*;type=auth-method;actions=list,authenticate",
+    "ids=*;type=auth-method;actions=list,authenticate",
     "type=scope;actions=list",
-    "id={{account.id}};actions=read,change-password"
+    "ids={{account.id}};actions=read,change-password"
   ]
   principal_ids = ["u_anon"]
 }
@@ -33,7 +33,7 @@ resource "boundary_role" "org_admin" {
   scope_id       = boundary_scope.global.id
   grant_scope_id = boundary_scope.org.id
   grant_strings = [
-    "id=*;type=*;actions=*"
+    "ids=*;type=*;actions=*"
   ]
   principal_ids = concat(
     [for user in boundary_user.backend : user.id],
@@ -51,7 +51,7 @@ resource "boundary_role" "org_readonly" {
     boundary_group.leadership.id
   ]
   grant_strings = [
-    "id=*;type=*;actions=read"
+    "ids=*;type=*;actions=read"
   ]
   scope_id       = boundary_scope.global.id
   grant_scope_id = boundary_scope.org.id
@@ -64,7 +64,7 @@ resource "boundary_role" "project_admin" {
   scope_id       = boundary_scope.org.id
   grant_scope_id = boundary_scope.core_infra.id
   grant_strings = [
-    "id=*;type=*;actions=*"
+    "ids=*;type=*;actions=*"
   ]
   principal_ids = concat(
     [for user in boundary_user.backend : user.id],

deployment/aws/boundary/targets.tf

@@ -8,8 +8,8 @@ resource "boundary_target" "backend_servers_ssh" {
   scope_id                 = boundary_scope.core_infra.id
   session_connection_limit = -1
   default_port             = 22
-  host_set_ids = [
-    boundary_host_set.backend_servers.id
+  host_source_ids = [
+    boundary_host_set_static.backend_servers.id
   ]
 }
 
@@ -20,7 +20,7 @@ resource "boundary_target" "backend_servers_website" {
   scope_id                 = boundary_scope.core_infra.id
   session_connection_limit = -1
   default_port             = 8000
-  host_set_ids = [
-    boundary_host_set.backend_servers.id
+  host_source_ids = [
+    boundary_host_set_static.backend_servers.id
   ]
 }

deployment/aws/main.tf

@@ -5,15 +5,15 @@ terraform {
   required_providers {
     aws = {
       source = "hashicorp/aws"
-      version = "~> 3.0"
+      version = "~> 5.41"
     }
   }
 }
 
 module "aws" {
-  source           = "./aws"
-  boundary_bin     = var.boundary_bin
-  pub_ssh_key_path = var.pub_ssh_key_path
+  source            = "./aws"
+  boundary_bin      = var.boundary_bin
+  pub_ssh_key_path  = var.pub_ssh_key_path
   priv_ssh_key_path = var.priv_ssh_key_path
 }