Merge pull request #1 from Dan-Heath/patch-1

docs: Add `telemetry_enabled` to controller.hcl

Author: stellarsquall

README.md

@@ -1,14 +1,8 @@
 # Docker Deployment
 
-This directory contains an example deployment of Boundary using docker-compose
-and Terraform. The lab environment is meant to accompany the Hashicorp Learn
-[Boundary event logging
-tutorial](https://developer.hashicorp.com/boundary/tutorials/self-managed-deployment/event-logging).
+This directory contains an example deployment of Boundary using docker-compose and Terraform. The lab environment accompanies the Hashicorp Learn [Boundary event logging tutorial](https://developer.hashicorp.com/boundary/tutorials/self-managed-deployment/event-logging).
 
-In this example, Boundary is deployed using the
-[hashicorp/boundary](https://hub.docker.com/r/hashicorp/boundary) Dockerhub
-image. The Boundary service ports are forwarded to the host machine to mimic
-being in a "public" network. 
+In this example, Boundary is deployed using the [hashicorp/boundary](https://hub.docker.com/r/hashicorp/boundary) Dockerhub image. The Boundary service ports are forwarded to the host machine to mimic being in a "public" network. 
 
 This deployment includes the following containers:
 
@@ -52,7 +46,7 @@ Login to the UI:
   - Auth method ID: find this in the UI when selecting the auth method or from TF output
 
 ```bash
-$ boundary authenticate password -login-name user1 -password password -auth-method-id <get_from_console_or_tf>
+$ boundary authenticate password -login-name user1 -password password -auth-method-id <get_id_from_console_or_tf>
 
 Authentication information:
   Account ID:      apw_gAE1rrpnG2
@@ -62,6 +56,7 @@ Authentication information:
 ```
 
 ## Audit logs and ELK
+
 The boundary controller is configured to write out audit events to a log file,
 `auditevents/controller.log`. The docker-compose.yml provides services for
 collecting and shipping these logs to elasticsearch with kibana for

compose/controller.hcl

@@ -57,6 +57,7 @@ events {
   audit_enabled        = true
   observations_enabled = true
   sysevents_enabled    = true
+  telemetry_enabled    = true
 
   sink "stderr" {
     name        = "all-events"

compose/docker-compose.yml

@@ -1,8 +1,6 @@
 # Copyright (c) HashiCorp, Inc.
 # SPDX-License-Identifier: MPL-2.0
 
-version: "3.8"
-
 networks:
   default:
   worker:
@@ -27,7 +25,7 @@ services:
         target: /etc/postgresql/
 
   db-init:
-    image: hashicorp/boundary:0.9.1
+    image: hashicorp/boundary:0.17.1
     command: ["database", "init", "-config", "/boundary/controller.hcl"]
     volumes:
       - "${PWD}/:/boundary/"
@@ -38,7 +36,7 @@ services:
         condition: service_healthy
 
   controller:
-    image: hashicorp/boundary:0.9.1
+    image: hashicorp/boundary:0.17.1
     cap_add:
       - IPC_LOCK
     # command: ["server", "-config", "/boundary/controller.hcl"]
@@ -66,7 +64,7 @@ services:
       retries: 5
 
   worker:
-    image: hashicorp/boundary:0.9.1
+    image: hashicorp/boundary:0.17.1
     command: ["server", "-config", "/boundary/worker.hcl"]
     volumes:
       - "${PWD}/:/boundary/"

compose/worker.hcl

@@ -16,7 +16,7 @@ worker {
   description = "A worker for a docker demo"
   address     = "worker"
   public_addr = "localhost:9202"
-  controllers = ["boundary"]
+  initial_upstreams = ["boundary"]
 }
 
 kms "aead" {

terraform/main.tf

@@ -3,9 +3,9 @@
 
 terraform {
   required_providers {
-    boundary = {
+    boundary  = {
       source  = "hashicorp/boundary"
-      version = "1.0.9"
+      version = "1.1.15"
     }
   }
 }
@@ -68,45 +68,44 @@ resource "boundary_account_password" "user" {
   for_each       = var.users
   name           = each.key
   description    = "User account for ${each.key}"
-  type           = "password"
   login_name     = lower(each.key)
   password       = "password"
   auth_method_id = boundary_auth_method.password.id
 }
 
 resource "boundary_role" "global_anon_listing" {
   scope_id = boundary_scope.global.id
+  principal_ids = ["u_anon"]
   grant_strings = [
-    "id=*;type=auth-method;actions=list,authenticate",
+    "ids=*;type=auth-method;actions=list,authenticate",
     "type=scope;actions=list",
-    "id={{account.id}};actions=read,change-password"
+    "ids={{account.id}};actions=read,change-password"
   ]
-  principal_ids = ["u_anon"]
 }
 
 resource "boundary_role" "org_anon_listing" {
-  scope_id = boundary_scope.org.id
+  scope_id      = boundary_scope.org.id
+  principal_ids = ["u_anon"]
   grant_strings = [
-    "id=*;type=auth-method;actions=list,authenticate",
+    "ids=*;type=auth-method;actions=list,authenticate",
     "type=scope;actions=list",
-    "id={{account.id}};actions=read,change-password"
+    "ids={{account.id}};actions=read,change-password"
   ]
-  principal_ids = ["u_anon"]
 }
 resource "boundary_role" "org_admin" {
-  scope_id       = "global"
-  grant_scope_id = boundary_scope.org.id
-  grant_strings  = ["id=*;type=*;actions=*"]
+  scope_id        = "global"
+  grant_scope_ids = [boundary_scope.org.id]
+  grant_strings   = ["ids=*;type=*;actions=*"]
   principal_ids = concat(
     [for user in boundary_user.user : user.id],
     ["u_auth"]
   )
 }
 
 resource "boundary_role" "proj_admin" {
-  scope_id       = boundary_scope.org.id
-  grant_scope_id = boundary_scope.project.id
-  grant_strings  = ["id=*;type=*;actions=*"]
+  scope_id        = boundary_scope.org.id
+  grant_scope_ids = [boundary_scope.project.id]
+  grant_strings   = ["ids=*;type=*;actions=*"]
   principal_ids = concat(
     [for user in boundary_user.user : user.id],
     ["u_auth"]
@@ -166,9 +165,9 @@ resource "boundary_target" "db" {
 }
 
 resource "boundary_host_static" "postgres" {
-  type        = "static"
-  name        = "postgres"
-  description = "Private postgres container"
+  type            = "static"
+  name            = "postgres"
+  description     = "Private postgres container"
   # DNS set via docker-compose
   address         = "postgres"
   host_catalog_id = boundary_host_catalog_static.databases.id

terraform/outputs.tf

@@ -2,5 +2,6 @@
 # SPDX-License-Identifier: MPL-2.0
 
 output "username" {
+  sensitive = true
   value = boundary_account_password.user
 }