backport of commit 9af9869

hashicorp · Jan 27, 2025 · 6614a28 · 6614a28
1 parent bdd2332
commit 6614a28
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 19 deletions.
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
@@ -5,6 +5,16 @@ container {
 	dependencies = true
 	alpine_secdb = true
 	secrets      = false
+
+	# Triage items that are _safe_ to ignore here. Note that this list should be
+	# periodically cleaned up to remove items that are no longer found by the scanner.
+	triage {
+		suppress {
+			vulnerabilities = [
+				"CVE-2024-13176", # [email protected]
+			]
+		}
+	}
 }
 
 binary {
@@ -13,4 +23,15 @@ binary {
 	osv          = true
 	oss_index    = true
 	nvd          = true
+
+	# Triage items that are _safe_ to ignore here. Note that this list should be
+	# periodically cleaned up to remove items that are no longer found by the scanner.
+	triage {
+		suppress {
+			vulnerabilities = [
+				"GO-2025-3408", # [email protected]
+				"GHSA-29qp-crvh-w22m", # [email protected]
+			]
+		}
+	}
 }
diff --git a/internal/alias/target/repository_alias_list_resolvable.go b/internal/alias/target/repository_alias_list_resolvable.go
@@ -91,11 +91,11 @@ func (r *Repository) listResolvableAliases(ctx context.Context, permissions []pe
 
 	var args []any
 	var destinationIdClauses []string
+	var whereClause string
 
 	switch {
 	case allDescendants:
-		// This matches all targets
-		destinationIdClauses = append(destinationIdClauses, "destination_id in (select public_id from target)")
+		whereClause = "destination_id is not null"
 	default:
 		// Add orgs with all permissions on children
 		if len(childAllScopes) > 0 {
@@ -118,10 +118,9 @@ func (r *Repository) listResolvableAliases(ctx context.Context, permissions []pe
 		if len(destinationIdClauses) == 0 && len(childAllScopes) == 0 {
 			return nil, time.Time{}, errors.New(ctx, errors.InvalidParameter, op, "no target ids or scope ids provided")
 		}
+		whereClause = fmt.Sprintf("destination_id is not null and (%s)", strings.Join(destinationIdClauses, " or "))
 	}
 
-	whereClause := fmt.Sprintf("destination_id is not null and (%s)", strings.Join(destinationIdClauses, " or "))
-
 	if opts.withStartPageAfterItem != nil {
 		whereClause = fmt.Sprintf("(create_time, public_id) < (@last_item_create_time, @last_item_id) and %s", whereClause)
 		args = append(args,
@@ -166,11 +165,11 @@ func (r *Repository) listResolvableAliasesRefresh(ctx context.Context, updatedAf
 
 	var args []any
 	var destinationIdClauses []string
+	var whereClause string
 
 	switch {
 	case allDescendants:
-		// This matches all targets
-		destinationIdClauses = append(destinationIdClauses, "destination_id in (select public_id from target)")
+		whereClause = fmt.Sprintf("update_time > @updated_after_time and destination_id is not null")
 	default:
 		// Add orgs with all permissions on children
 		if len(childAllScopes) > 0 {
@@ -193,10 +192,9 @@ func (r *Repository) listResolvableAliasesRefresh(ctx context.Context, updatedAf
 		if len(destinationIdClauses) == 0 && len(childAllScopes) == 0 {
 			return nil, time.Time{}, errors.New(ctx, errors.InvalidParameter, op, "no target ids or scope ids provided")
 		}
+		whereClause = fmt.Sprintf("update_time > @updated_after_time and destination_id is not null and (%s)",
+			strings.Join(destinationIdClauses, " or "))
 	}
-
-	whereClause := fmt.Sprintf("update_time > @updated_after_time and destination_id is not null and (%s)",
-		strings.Join(destinationIdClauses, " or "))
 	args = append(args,
 		sql.Named("updated_after_time", timestamp.New(updatedAfter)),
 	)
@@ -234,11 +232,10 @@ func (r *Repository) listRemovedResolvableAliasIds(ctx context.Context, since ti
 
 	var args []any
 	var destinationIdClauses []string
-
+	var whereClause string
 	switch {
 	case allDescendants:
-		// This matches all targets
-		destinationIdClauses = append(destinationIdClauses, "destination_id not in (select public_id from target)")
+		whereClause = "update_time > @updated_after_time and destination_id is null"
 	default:
 		// Add orgs with all permissions on children
 		if len(childAllScopes) > 0 {
@@ -261,10 +258,9 @@ func (r *Repository) listRemovedResolvableAliasIds(ctx context.Context, since ti
 		if len(destinationIdClauses) == 0 && len(childAllScopes) == 0 {
 			return nil, time.Time{}, errors.New(ctx, errors.InvalidParameter, op, "no target ids or scope ids provided")
 		}
+		whereClause = fmt.Sprintf("update_time > @updated_after_time and (destination_id is null or (%s))",
+			strings.Join(destinationIdClauses, " and "))
 	}
-
-	whereClause := fmt.Sprintf("update_time > @updated_after_time and (destination_id is null or (%s))",
-		strings.Join(destinationIdClauses, " and "))
 	args = append(args,
 		sql.Named("updated_after_time", timestamp.New(since)),
 	)

diff --git a/internal/daemon/worker/worker.go b/internal/daemon/worker/worker.go
@@ -299,6 +299,7 @@ func New(ctx context.Context, conf *Config) (*Worker, error) {
 		for _, enabledPlugin := range w.conf.Server.EnabledPlugins {
 			switch {
 			case enabledPlugin == base.EnabledPluginHostAzure && !w.conf.SkipPlugins,
+				enabledPlugin == base.EnabledPluginGCP && !w.conf.SkipPlugins,
 				enabledPlugin == base.EnabledPluginAws && !w.conf.SkipPlugins:
 				pluginType := strings.ToLower(enabledPlugin.String())
 				client, cleanup, err := external_plugins.CreateHostPlugin(

diff --git a/internal/scheduler/job/repository_run.go b/internal/scheduler/job/repository_run.go
@@ -93,7 +93,7 @@ func (r *Repository) UpdateProgress(ctx context.Context, runId string, completed
 				// Failed to update run, either it does not exist or was in an invalid state
 				if err = r.LookupById(ctx, run); err != nil {
 					if errors.IsNotFoundError(err) {
-						return errors.Wrap(ctx, err, op, errors.WithMsg(fmt.Sprintf("job run %q does not exist", runId)))
+						return errors.Wrap(ctx, err, op, errors.WithMsg(fmt.Sprintf("job run %q does not exist", runId)), errors.WithoutEvent())
 					}
 					return errors.Wrap(ctx, err, op)
 				}

diff --git a/internal/scheduler/scheduler.go b/internal/scheduler/scheduler.go
@@ -332,8 +332,8 @@ func (s *Scheduler) updateRunningJobProgress(ctx context.Context, j *runningJob)
 	}
 	status := j.status()
 	_, err = repo.UpdateProgress(ctx, j.runId, status.Completed, status.Total, status.Retries)
-	if errors.Match(errors.T(errors.InvalidJobRunState), err) {
-		// Job has been persisted with a final run status, cancel job context to trigger early exit.
+	if errors.Match(errors.T(errors.InvalidJobRunState), err) || errors.IsNotFoundError(err) {
+		// Job has been persisted with a final run status or deleted, cancel job context to trigger early exit.
 		j.cancelCtx()
 		return nil
 	}

diff --git a/internal/ui/VERSION b/internal/ui/VERSION
@@ -1,4 +1,4 @@
-fed32aa57b1eace616c18c15647bc989b9549c39
+ae1e6d27489f3259e6622b9fdb5781a365eb5473
 # This file determines the version of the UI to embed in the boundary binary.
 # Update this file by running 'make update-ui-version' from the root of this repo.
 # Set UI_COMMITISH when running the above target to update to a specific version.