Error running database migrations: 1 error occurred:
        * error running migrations: migration failed: syntax error at or near "function" (column 13) in line 80:
begin;

  -- wh_rollup_connections calculates the aggregate values from
  -- wh_session_connection_accumulating_fact for p_session_id and updates
  -- wh_session_accumulating_fact for p_session_id with those values.
  create or replace function wh_rollup_connections(p_session_id wt_public_id)
    returns void
  as $$
  declare
    session_row wh_session_accumulating_fact%rowtype;
  begin
    with
    session_totals (session_id, total_connection_count, total_bytes_up, total_bytes_down) as (
      select session_id,
             sum(connection_count),
             sum(bytes_up),
             sum(bytes_down)
        from wh_session_connection_accumulating_fact
       where session_id = p_session_id
       group by session_id
    )
    update wh_session_accumulating_fact
       set total_connection_count = session_totals.total_connection_count,
           total_bytes_up         = session_totals.total_bytes_up,
           total_bytes_down       = session_totals.total_bytes_down
      from session_totals
     where wh_session_accumulating_fact.session_id = session_totals.session_id
    returning wh_session_accumulating_fact.* into strict session_row;
  end;
  $$ language plpgsql;

  --
  -- Session triggers
  --

  -- wh_insert_session returns an after insert trigger for the session table
  -- which inserts a row in wh_session_accumulating_fact for the new session.
  -- wh_insert_session also calls the wh_upsert_host and wh_upsert_user
  -- functions which can result in new rows in wh_host_dimension and
  -- wh_user_dimension respectively.
  create or replace function wh_insert_session()
    returns trigger
  as $$
  declare
    new_row wh_session_accumulating_fact%rowtype;
  begin
    with
    pending_timestamp (date_dim_id, time_dim_id, ts) as (
      select wh_date_id(start_time), wh_time_id(start_time), start_time
        from session_state
       where session_id = new.public_id
         and state = 'pending'
    )
    insert into wh_session_accumulating_fact (
           session_id,
           auth_token_id,
           host_id,
           user_id,
           session_pending_date_id,
           session_pending_time_id,
           session_pending_time
    )
    select new.public_id,
           new.auth_token_id,
           wh_upsert_host(new.host_id, new.host_set_id, new.target_id),
           wh_upsert_user(new.user_id, new.auth_token_id),
           pending_timestamp.date_dim_id,
           pending_timestamp.time_dim_id,
           pending_timestamp.ts
      from pending_timestamp
      returning * into strict new_row;
    return null;
  end;
  $$ language plpgsql;

  create trigger wh_insert_session
    after insert on session
    for each row
    execute function wh_insert_session();

  --
  -- Session Connection triggers
  --

  -- wh_insert_session_connection returns an after insert trigger for the
  -- session_connection table which inserts a row in
  -- wh_session_connection_accumulating_fact for the new session connection.
  -- wh_insert_session_connection also calls wh_rollup_connections which can
  -- result in updates to wh_session_accumulating_fact.
  create or replace function wh_insert_session_connection()
    returns trigger
  as $$
  declare
    new_row wh_session_connection_accumulating_fact%rowtype;
  begin
    with
    authorized_timestamp (date_dim_id, time_dim_id, ts) as (
      select wh_date_id(start_time), wh_time_id(start_time), start_time
        from session_connection_state
       where connection_id = new.public_id
         and state = 'authorized'
    ),
    session_dimension (host_dim_id, user_dim_id) as (
      select host_id, user_id
        from wh_session_accumulating_fact
       where session_id = new.session_id
    )
    insert into wh_session_connection_accumulating_fact (
           connection_id,
           session_id,
           host_id,
           user_id,
           connection_authorized_date_id,
           connection_authorized_time_id,
           connection_authorized_time,
           client_tcp_address,
           client_tcp_port_number,
           endpoint_tcp_address,
           endpoint_tcp_port_number,
           bytes_up,
           bytes_down
    )
    select new.public_id,
           new.session_id,
           session_dimension.host_dim_id,
           session_dimension.user_dim_id,
           authorized_timestamp.date_dim_id,
           authorized_timestamp.time_dim_id,
           authorized_timestamp.ts,
           new.client_tcp_address,
           new.client_tcp_port,
           new.endpoint_tcp_address,
           new.endpoint_tcp_port,
           new.bytes_up,
           new.bytes_down
      from authorized_timestamp,
           session_dimension
      returning * into strict new_row;
    perform wh_rollup_connections(new.session_id);
    return null;
  end;
  $$ language plpgsql;

  create trigger wh_insert_session_connection
    after insert on session_connection
    for each row
    execute function wh_insert_session_connection();

  -- wh_update_session_connection returns an after update trigger for the
  -- session_connection table which updates a row in
  -- wh_session_connection_accumulating_fact for the session connection.
  -- wh_update_session_connection also calls wh_rollup_connections which can
  -- result in updates to wh_session_accumulating_fact.
  create or replace function wh_update_session_connection()
    returns trigger
  as $$
  declare
    updated_row wh_session_connection_accumulating_fact%rowtype;
  begin
        update wh_session_connection_accumulating_fact
           set client_tcp_address       = new.client_tcp_address,
               client_tcp_port_number   = new.client_tcp_port,
               endpoint_tcp_address     = new.endpoint_tcp_address,
               endpoint_tcp_port_number = new.endpoint_tcp_port,
               bytes_up                 = new.bytes_up,
               bytes_down               = new.bytes_down
         where connection_id = new.public_id
     returning * into strict updated_row;
    perform wh_rollup_connections(new.session_id);
    return null;
  end;
  $$ language plpgsql;

  create trigger wh_update_session_connection
    after update on session_connection
    for each row
    execute function wh_update_session_connection();

  --
  -- Session State trigger
  --

  -- wh_insert_session_state returns an after insert trigger for the
  -- session_state table which updates wh_session_accumulating_fact.
  create or replace function wh_insert_session_state()
    returns trigger
  as $$
  declare
    date_col text;
    time_col text;
    ts_col text;
    q text;
    session_row wh_session_accumulating_fact%rowtype;
  begin
    if new.state = 'pending' then
      -- The pending state is the first state which is handled by the
      -- wh_insert_session trigger. The update statement in this trigger will
      -- fail for the pending state because the row for the session has not yet
      -- been inserted into the wh_session_accumulating_fact table.
      return null;
    end if;

    date_col = 'session_' || new.state || '_date_id';
    time_col = 'session_' || new.state || '_time_id';
    ts_col   = 'session_' || new.state || '_time';

    q = format('update wh_session_accumulating_fact
                   set (%I, %I, %I) = (select wh_date_id(%L), wh_time_id(%L), %L::timestamptz)
                 where session_id = %L
                returning *',
                date_col,       time_col,       ts_col,
                new.start_time, new.start_time, new.start_time,
                new.session_id);
    execute q into strict session_row;

    return null;
  end;
  $$ language plpgsql;

  create trigger wh_insert_session_state
    after insert on session_state
    for each row
    execute function wh_insert_session_state();

  --
  -- Session Connection State trigger
  --

  -- wh_insert_session_connection_state returns an after insert trigger for the
  -- session_connection_state table which updates
  -- wh_session_connection_accumulating_fact.
  create or replace function wh_insert_session_connection_state()
    returns trigger
  as $$
  declare
    date_col text;
    time_col text;
    ts_col text;
    q text;
    connection_row wh_session_connection_accumulating_fact%rowtype;
  begin
    if new.state = 'authorized' then
      -- The authorized state is the first state which is handled by the
      -- wh_insert_session_connection trigger. The update statement in this
      -- trigger will fail for the authorized state because the row for the
      -- session connection has not yet been inserted into the
      -- wh_session_connection_accumulating_fact table.
      return null;
    end if;

    date_col = 'connection_' || new.state || '_date_id';
    time_col = 'connection_' || new.state || '_time_id';
    ts_col   = 'connection_' || new.state || '_time';

    q = format('update wh_session_connection_accumulating_fact
                   set (%I, %I, %I) = (select wh_date_id(%L), wh_time_id(%L), %L::timestamptz)
                 where connection_id = %L
                returning *',
                date_col,       time_col,       ts_col,
                new.start_time, new.start_time, new.start_time,
                new.connection_id);
    execute q into strict connection_row;

    return null;
  end;
  $$ language plpgsql;

  create trigger wh_insert_session_connection_state
    after insert on session_connection_state
    for each row
    execute function wh_insert_session_connection_state();

commit;

 (details: pq: syntax error at or near "function")

minikube start
@FOR /f "tokens=*" %i IN ('minikube -p minikube docker-env') DO @%i
boundary dev

Error creating dev database container: unable to start dev database with dialect postgres: could not connect to docker: dial tcp [::1]:32770: connectex: No connection could be made because the target machine actively refused it.

CONTAINER ID        IMAGE                  COMMAND                  CREATED             STATUS              PORTS                NAMES
3675ac38c494        postgres:12            "docker-entrypoint.s…"   3 minutes ago       Up 3 minutes        0.0.0.0:32770->5432/tcp   reverent_mcclintock

url = "postgres://postgres:password@localhost:%s?sslmode=disable"

boundary dev -host-address=192.168.99.100

boundary dev -host-address="$(minikube ip)"

Canonical Grants:
    id=hcst_mixedcase;type=*;actions=*

The adapter operation failed due to a server error

Oct 16 03:15:40 ip-10-0-101-209 boundary[1295]: 2020-10-16T03:15:40.383Z [ERROR] controller: internal error returned: error id=WfbRQxeQdl error="unable to create user: create: password account: invalid login name; must be all-lowercase alphanumeric: invalid parameter"

boundary dev -api-listen-address="[2001:db8::1:cee:c0de:b0b]:8080"

listener "tcp" {
  address = "[2001:db8::1:cee:c0de:b0b]:8080"
  purpose = "api"
}

[Unit]
Description=boundary controller

[Service]
ExecStart=/usr/local/bin/boundary server -config /etc/boundary/boundary-controller.hcl
User=boundary
Group=boundary
LimitMEMLOCK=infinity
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK

[Install]
WantedBy=multi-user.target

boundary authenticate password -auth-method-id=ampw_1234567890 \
>     -login-name=admin -password=password
Error reading auth token from system credential store: exec: "dbus-launch": executable file not found in $PATH

Authentication information:
  Account ID:      apw_EJK7s6DcCQ
  Auth Method ID:  ampw_1234567890
  Expiration Time: Thu, 22 Oct 2020 10:17:30 BST
  Token:
  at_h1qSNMdB1c_s125wLmVW7LgzNKf1TFeNrFDRUZNcR2qeWkNyjZ7Qd6E2DWGsyPT9KmPKZkxBaQps7JKkbeeoJEwt7xXMyR6YKjEkqbrFWcsCdXm8rYgqjsFJwUYS2WBFbNh2
  User ID:         u_1234567890
Error saving auth token to system credential store: exec: "dbus-launch": executable file not found in $PATH

apt install dbus-x11

boundary authenticate password -auth-method-id=ampw_1234567890     -login-name=admin -password=password
Error reading auth token from system credential store: The name org.freedesktop.secrets was not provided by any .service files

Authentication information:
  Account ID:      apw_EJK7s6DcCQ
  Auth Method ID:  ampw_1234567890
  Expiration Time: Thu, 22 Oct 2020 10:19:18 BST
  Token:
  at_VqoR4tBhxy_s18pG3buSH7fMcBVL1YP14NXipTgeg4Jm9aVd3WXL2WCpUvqs8xnCwnNC7D41zejxUfRYhJPGMvCcp1mbN1q9cPyM5AAJRvakFGQUNLC5ZjiyyoTuic4ZpoQUmu9XXtC2YY2u9BTdJDg8
  User ID:         u_1234567890
Error saving auth token to system credential store: The name org.freedesktop.secrets was not provided by any .service files

sudo apt-get install -y gnome-keyring

boundary authenticate password -auth-method-id=ampw_1234567890     -login-name=admin -password=password
Error reading auth token from system credential store: failed to unlock correct collection '/org/freedesktop/secrets/aliases/default'

Authentication information:
  Account ID:      apw_EJK7s6DcCQ
  Auth Method ID:  ampw_1234567890
  Expiration Time: Thu, 22 Oct 2020 10:21:00 BST
  Token:
  at_7y54bPBIDx_s13PefhTbtKamPce8iph3t8HMK85nJWEBh9n2JXCk6oiWQ9K9qusfJDx6TEJPLoGo8GPqbawpLAxtMgk9aS5wyzr3S6qVgMG7S939K93pUXLffE7a5KXdwAc464p42rV2
  User ID:         u_1234567890
Error saving auth token to system credential store: failed to unlock correct collection '/org/freedesktop/secrets/aliases/default'

apt install dbus-x11

boundary authenticate password -auth-method-id=ampw_1234567890 \
>     -login-name=admin -password=password
panic: runtime error: slice bounds out of range [237:151]

goroutine 1 [running]:
github.com/godbus/dbus.getSessionBusPlatformAddress(0x17d1fc7, 0x18, 0x0, 0x0)
        /root/go/pkg/mod/github.com/godbus/[email protected]+incompatible/conn_other.go:30 +0x295
github.com/godbus/dbus.getSessionBusAddress(0x0, 0x0, 0x0, 0x0)
        /root/go/pkg/mod/github.com/godbus/[email protected]+incompatible/conn.go:96 +0xf8
github.com/godbus/dbus.SessionBusPrivate(0x0, 0x40d900, 0xc0003f5c80)
        /root/go/pkg/mod/github.com/godbus/[email protected]+incompatible/conn.go:101 +0x25
github.com/godbus/dbus.SessionBus(0x0, 0x0, 0x0)
        /root/go/pkg/mod/github.com/godbus/[email protected]+incompatible/conn.go:73 +0xb5
github.com/zalando/go-keyring/secret_service.NewSecretService(0x7, 0x1b, 0x7)
        /root/go/pkg/mod/github.com/zalando/[email protected]/secret_service/secret_service.go:50 +0x26
github.com/zalando/go-keyring.secretServiceProvider.Get(0x17dc55a, 0x1d, 0x17b78d7, 0x7, 0x0, 0x0, 0x0, 0x0)
        /root/go/pkg/mod/github.com/zalando/[email protected]/keyring_linux.go:78 +0x59
github.com/zalando/go-keyring.Get(...)
        /root/go/pkg/mod/github.com/zalando/[email protected]/keyring.go:32
github.com/hashicorp/boundary/internal/cmd/base.(*Command).ReadTokenFromKeyring(0xc0003cb080, 0x17b78d7, 0x7, 0x7)
        /go/internal/cmd/base/base.go:232 +0x77
github.com/hashicorp/boundary/internal/cmd/base.(*Command).Client(0xc0003cb080, 0xc0005dfbe8, 0x2, 0x2, 0x0, 0x0, 0x44aad5)
        /go/internal/cmd/base/base.go:217 +0x389
github.com/hashicorp/boundary/internal/cmd/commands/authenticate.(*PasswordCommand).Run(0xc000501440, 0xc00003a210, 0x3, 0x3, 0xc0000aae40)
        /go/internal/cmd/commands/authenticate/password.go:116 +0x136
github.com/mitchellh/cli.(*CLI).Run(0xc000498640, 0xc000498640, 0xc0000abce0, 0xc0000aada0)
        /root/go/pkg/mod/github.com/mitchellh/[email protected]/cli.go:262 +0x1cf
github.com/hashicorp/boundary/internal/cmd.RunCustom(0xc00003a1f0, 0x5, 0x5, 0xc0005dfe60, 0xc00007c058)
        /go/internal/cmd/main.go:186 +0x846
github.com/hashicorp/boundary/internal/cmd.Run(...)
        /go/internal/cmd/main.go:92
main.main()
        /go/cmd/boundary/main.go:13 +0xda

user@ubuntu:~$ boundary authenticate password -auth-method-id=ampw_1234567890 -login-name=admin
Password is not set as flag or in env, please enter it now (will be hidden): 
Error opening keyring: Specified keyring backend not available
Token must be provided via BOUNDARY_TOKEN env var or -token flag. Reading the token can also be disabled via -keyring-type=none.

Authentication information:
  Account ID:      apw_MxsVWAdqFV
  Auth Method ID:  ampw_1234567890
  Expiration Time: Sat, 07 Nov 2020 21:50:51 PST
  Token:
  at_Qt1d8azvau_s15nqPksvFhf9qBJa6m585ze8sZNyVadKrsgAXPAYQTkBMW2g4Ci6hqUhravqbfhqKP3GMy7YCHAde6atjDg1ut6Qjv5H5fXxENGh8v74DP42EuXMN6eaXJ6g4
  User ID:         u_1234567890
Error opening "pass" keyring: Specified keyring backend not available
The token printed above must be manually passed in via the BOUNDARY_TOKEN env var or -token flag. Storing the token can also be disabled via -keyring-type=none.
user@ubuntu:~$ export BOUNDARY_TOKEN=at_Qt1d8azvau_s15nqPksvFhf9qBJa6m585ze8sZNyVadKrsgAXPAYQTkBMW2g4Ci6hqUhravqbfhqKP3GMy7YCHAde6atjDg1ut6Qjv5H5fXxENGh8v74DP42EuXMN6eaXJ6g4
user@ubuntu:~$ boundary targets read -id ttcp_1234567890

Target information:
  Created Time:               Sat, 31 Oct 2020 22:47:05 PDT
  Description:                Provides an initial target in Boundary
  ID:                         ttcp_1234567890
  Name:                       Generated target
  Session Connection Limit:   1
  Session Max Seconds:        28800
  Type:                       tcp
  Updated Time:               Sat, 31 Oct 2020 22:47:05 PDT
  Version:                    1

  Scope:
    ID:                       p_1234567890
    Name:                     Generated project scope
    Parent Scope ID:          o_1234567890
    Type:                     project

  Host Sets:
    Host Catalog ID:          hcst_1234567890
    ID:                       hsst_1234567890

  Attributes:
    Default Port:             22
user@ubuntu:~$ boundary connect ssh -target-id ttcp_1234567890
ssh_exchange_identification: Connection closed by remote host
user@ubuntu:~$ boundary connect ssh -target-id ttcp_1234567890
ssh_exchange_identification: Connection closed by remote host
user@ubuntu:~$ ^C
user@ubuntu:~$ ^C
user@ubuntu:~$ sudo boundary connect ssh -target-id ttcp_1234567890
[sudo] password for user: 
Error opening keyring: Specified keyring backend not available
Token must be provided via BOUNDARY_TOKEN env var or -token flag. Reading the token can also be disabled via -keyring-type=none.
Error from controller when performing authorize-session against target: 
Error information:
  Code:                Unauthenticated
  Message:             Unauthenticated, or invalid token.
  Status:              401
user@ubuntu:~$ sudo boundary connect ssh -target-id ttcp_1234567890^C
user@ubuntu:~$ ^C
user@ubuntu:~$ boundary connect ssh -target-id ttcp_1234567890 -username user
ssh_exchange_identification: read: Connection reset by peer
user@ubuntu:~$ boundary connect ssh -target-id ttcp_1234567890 -username user
ssh_exchange_identification: Connection closed by remote host

Usage: boundary host catalogs list [options] [args]

  List host catalogs within an enclosing scope or resource. Example:

    $ boundary host catalogs list

Usage: boundary host-catalogs list [options] [args]

  List host catalogs within an enclosing scope or resource. Example:

    $ boundary host-catalogs list

[Unit]
Description=boundary controller

[Service]
ExecStart=/usr/local/bin/boundary controller -config /etc/boundary-controller.hcl
User=boundary
Group=boundary
LimitMEMLOCK=infinity
Capabilities=CAP_IPC_LOCK+ep
CapabilityBoundingSet=CAP_SYSLOG CAP_IPC_LOCK

[Install]
WantedBy=multi-user.target

listener "tcp" {
  purpose = "api"
  address = "127.0.0.1:9200"
  tls_disable = true
}

listener "tcp" {
  purpose = "cluster"
  address = "10.0.0.1:9200"
  tls_disable = true
}

kms "gcpckms" {
  purpose     = "root"
  credentials = "/usr/boundary/boundary-project-user-creds.json"
  project     = "<censored>"
  region      = "global"
  key_ring    = "boundary-test-1-jsw"
  crypto_key  = "boundary-test-jsw-1-key"
}
controller {
  name = "boundary-demo--controller"
  description = "An example controller"
  database {
    url = "postgresql://postgres:<censored>@<censored>5432/boundary-demo"
  }
}
# Disable memory lock: https://www.man7.org/linux/man-pages/man2/mlock.2.html
disable_mlock = true

sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com focal main"

https://www.boundaryproject.io/docs/installing/no-gen-resources

boundary database init -skip-initial-login-role -config /etc/boundary.hcl

-skip-initial-login-role ->  -skip-initial-login-role-creation

boundary database init -skip-initial-login-role -config /etc/boundary.hcl
flag provided but not defined: -skip-initial-login-role
boundary database init -skip-initial-login-role-creation -config /etc/boundary/boundary.hcl

boundary database init  -h
Usage: boundary database init [options]

  Initialize Boundary's database:

    $ boundary database init -config=/etc/boundary/controller.hcl

  Unless told not to via flags, some initial resources will be created, in the following order and in the indicated scopes:

    Initial Login Role (global)
    Password-Type Auth Method (global)
    Org Scope (global)
      Project Scope (org)
        Static-Type Host Catalog (project)
          Static-Type Host Set
          Static-Type Host
        Target (project)

  If flags are used to skip any of these resources, any resources that would be created afterwards are also skipped.

  For a full list of examples, please see the documentation.Connection Options:

  -addr=<string>
      Addr of the Boundary controller, as a complete URL (e.g.
      https://boundary.example.com:9200). This can also be specified via the
      BOUNDARY_ADDR environment variable.

  -ca-cert=<string>
      Path on the local disk to a single PEM-encoded CA certificate to
      verify the Controller or Worker's server's SSL certificate. This
      takes precedence over -ca-path. This can also be specified via the
      BOUNDARY_CACERT environment variable.

  -ca-path=<string>
      Path on the local disk to a directory of PEM-encoded CA certificates to
      verify the SSL certificate of the Controller. This can also be specified
      via the BOUNDARY_CAPATH environment variable.

  -client-cert=<string>
      Path on the local disk to a single PEM-encoded CA certificate to use
      for TLS authentication to the Boundary Controller. If this flag is
      specified, -client-key is also required. This can also be specified via
      the BOUNDARY_CLIENT_CERT environment variable.

  -client-key=<string>
      Path on the local disk to a single PEM-encoded private key matching the
      client certificate from -client-cert. This can also be specified via the
      BOUNDARY_CLIENT_KEY environment variable.

  -tls-insecure
      Disable verification of TLS certificates. Using this option is highly
      discouraged as it decreases the security of data transmissions to
      and from the Boundary server. The default is false. This can also be
      specified via the BOUNDARY_TLS_INSECURE environment variable.

  -tls-server-name=<string>
      Name to use as the SNI host when connecting to the Boundary server
      via TLS. This can also be specified via the BOUNDARY_TLS_SERVER_NAME
      environment variable.

Command Options:

  -config=<string>
      Path to the configuration file.

  -config-kms=<string>
      Path to a configuration file containing a "kms" block marked for
      "config" purpose, to perform decryption of the main configuration file.
      If not set, will look for such a block in the main configuration file,
      which has some drawbacks; see the help output for "boundary config
      encrypt -h" for details.

  -log-format=<string>
      Log format. Supported values are "standard" and "json".

  -log-level=<string>
      Log verbosity level. Supported values (in order of more detail to
      less) are "trace", "debug", "info", "warn", and "err". This can also be
      specified via the BOUNDARY_LOG_LEVEL environment variable.

Init Options:

  -migration-url=<string>
      If set, overrides a migration URL set in config, and specifies the
      URL used to connect to the database for initialization. This can allow
      different permissions for the user running initialization vs. normal
      operation. This can refer to a file on disk (file://) from which a URL
      will be read; an env var (env://) from which the URL will be read; or a
      direct database URL.

  -skip-auth-method-creation
      If not set, an auth method will not be created as part of
      initialization. If set, the recovery KMS will be needed to perform any
      actions. The default is false.

  -skip-host-resources-creation
      If not set, host resources (host catalog, host set, host) will not be
      created as part of initialization. The default is false.

  -skip-initial-login-role-creation
      If not set, a default role allowing necessary grants for logging in will
      not be created as part of initialization. If set, the recovery KMS will
      be needed to perform any actions. The default is false.

  -skip-scopes-creation
      If not set, scopes will not be created as part of initialization. The
      default is false.

  -skip-target-creation
      If not set, a target will not be created as part of initialization. The
      default is false.

boundary version
Version information:
  Git Revision:        d8020842ae8b6c742b94538baada313d7eb52809
  Version Number:      0.1.2

No saved credential found, continuing without
[{"id":"ampw_foobar","scope_id":"global","scope":{"id": ...

    boundary auth-methods list -format=json |  jq -r '.[] | select(.type=="password").id'

    boundary auth-methods list -format=json |grep -v 'No saved credential' | jq '.[]'

parse "postgresql://postgres:postgres": invalid port ":postgres" after host
Error parsing config file: At 10:3: key 'postgres' expected start of object ('{') or assignment ('=')

url = postgresql://postgres:postgres\#[email protected]:5432/postgres?sslmode=disable"
boundary database init -config /etc/boundary/boundary.hcl
Error parsing config file: At 9:43: illegal char escape

boundary version
Version information:
  Git Revision:        d8020842ae8b6c742b94538baada313d7eb52809
  Version Number:      0.1.2

2020-10-18T18:35:48.201Z [ERROR] worker: error making status request to controller: error="rpc error: code = Unavailable desc = last connection error: connection error: desc = "transport: Error while dialing unable to dial to controller: dial tcp 127.0.0.1:9201: connect: connection refused""

sudo boundary database init -config /etc/boundary/boundary.hcl
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x20 pc=0x126af3f]
goroutine 1 [running]:
github.com/hashicorp/boundary/internal/cmd/commands/database.(*InitCommand).Run(0xc0005401e0, 0xc00010c030, 0x2, 0x2, 0x0)
	/go/internal/cmd/commands/database/init.go:208 +0x2ff
github.com/mitchellh/cli.(*CLI).Run(0xc0003683c0, 0xc0003683c0, 0xc00052aa00, 0xc000074260)
	/root/go/pkg/mod/github.com/mitchellh/[email protected]/cli.go:262 +0x1cf
github.com/hashicorp/boundary/internal/cmd.RunCustom(0xc00010c010, 0x4, 0x4, 0xc000841e60, 0xc000080058)
	/go/internal/cmd/main.go:186 +0x846
github.com/hashicorp/boundary/internal/cmd.Run(...)
	/go/internal/cmd/main.go:92
main.main()
	/go/cmd/boundary/main.go:13 +0xda

boundary version
Version information:
  Git Revision:        d8020842ae8b6c742b94538baada313d7eb52809
  Version Number:      0.1.2

# docker run --name boundary-controller -v /root/boundary/boundary-controller.hcl:/etc/boundary/boundary-controller.hcl -p 9200:9200 -p 9201:9201 -p 9202:9202 --ulimit memlock=-1:-1 hashicorp/boundary:0.1.2 server -config /etc/boundary/boundary-controller.hcl
==> Boundary server configuration:
      Transit Address: http://[controller host IP]:8200
     Transit Key Name: worker-auth
   Transit Mount Path: boundary
                  Cgo: disabled
           Listener 1: tcp (addr: "0.0.0.0:9200", max_request_duration: "1m30s", purpose: "api")
           Listener 2: tcp (addr: "0.0.0.0:9201", max_request_duration: "1m30s", purpose: "cluster")
            Log Level: info
                Mlock: supported: true, enabled: true
  Public Cluster Addr: 0.0.0.0:9201
              Version: Boundary v0.1.2
          Version Sha: d8020842ae8b6c742b94538baada313d7eb52809
==> Boundary server started! Log data will stream in below:

2020-12-02T19:56:16.034Z [INFO]  controller: worker successfully authed: name=boundary-demo-worker

# docker run --name boundary-worker -v /root/boundary/boundary-worker.hcl:/etc/boundary/boundary-worker.hcl -p 9200:9200 -p 9201:9201 -p 9202:9202 --ulimit memlock=-1:-1 hashicorp/boundary:0.1.2 server -config /etc/boundary/boundary-worker.hcl
==> Boundary server configuration:
     Transit Address: http://boundary-controller:8200
    Transit Key Name: worker-auth
  Transit Mount Path: boundary
                 Cgo: disabled
          Listener 1: tcp (addr: "0.0.0.0:9202", max_request_duration: "1m30s", purpose: "proxy")
           Log Level: info
               Mlock: supported: true, enabled:true
         Public Addr: [worker host IP]:9202
             Version: Boundary v0.1.2
         Version Sha: d8020842ae8b6c742b94538baada313d7eb52809
==> Boundary server started! Log data will stream in below:
2020-12-02T19:56:16.021Z [INFO]  worker: connected to controller: address=boundary-controller:9201
2020-12-02T19:56:18.112Z [ERROR] worker: error making status request to controller: error="rpc error: code = Unavailable desc = last connection error: connection error: desc = "transport: Error while dialing unable to dial to controller: dial tcp 0.0.0.0:9201: connect: connection refused""
2020-12-02T19:56:20.299Z [ERROR] worker: error making status request to controller: error="rpc error: code = Unavailable desc = last connection error: connection error: desc = "transport: Error while dialing unable to dial to controller: dial tcp 0.0.0.0:9201: connect: connection refused""
2020-12-02T19:56:21.995Z [ERROR] worker: error making status request to controller: error="rpc error: code = Unavailable desc = last connection error: connection error: desc = "transport: Error while dialing unable to dial to controller: dial tcp 0.0.0.0:9201: connect: connection refused""

listener "tcp" {
  purpose = "api"
  address = "0.0.0.0"
  public_address = "[controller host IP]"
  tls_disable = "true"
}

listener "tcp" {
  purpose = "cluster"
  address = "0.0.0.0"
  public_address = "[controller host IP]"
  tls_disable = "true"
}

controller {
  name = "demo-controller"
  description = "Demo Boundary controller"
  public_cluster_address = "[controller host IP]"
  database {
    url = "postgres://postgres:[redacted]@[controller host IP]:5432/boundary?sslmode=disable"
  }
}

kms "transit" {
  purpose = "root"
  address = "http://[controller host IP]:8200"
  token = "[redacted]"
  disable_renewal = "true"
  key_name = "root"
  mount_path = "boundary"
}

kms "transit" {
  purpose = "recovery"
  address = "http://[controller host IP]:8200"
  token = "[redacted]"
  disable_renewal = "true"
  key_name = "recovery"
  mount_path = "boundary"
}

kms "transit" {
  purpose = "worker-auth"
  address = "http://[controller host IP]:8200"
  token = "[redacted]"
  disable_renewal = "true"
  key_name = "worker-auth"
  mount_path = "boundary"
}

listener "tcp" {
  purpose = "proxy"
  address = "0.0.0.0"
  public_addr = "[worker host IP]"
  tls_disable = "true"
}

worker {
  name = "boundary-demo-worker"
  description = "Demo worker instance"
  address = "0.0.0.0"
  public_addr = "[worker host IP]"
  controllers = [
    "boundary-controller"
  ]
}

kms "transit" {
  purpose = "worker-auth"
  address = "http://boundary-controller:8200"
  token = "[redacted]"
  disable_renewal = "true"
  key_name = "worker-auth"
  mount_path = "boundary"
}

listener "unix" {
  purpose = "api"
  socket = "var/run/boundary/api.sock"
}

ubuntu@ip-10-0-20-207:~$ sudo boundary database init -skip-target-creation -skip-host-resources-creation -config /etc/boundary-controller.hcl
Error running database migrations: 1 error occurred:
	* error running migrations: migration failed: syntax error at or near "function" (column 13) in line 80:
begin;

  -- wh_rollup_connections calculates the aggregate values from
  -- wh_session_connection_accumulating_fact for p_session_id and updates
  -- wh_session_accumulating_fact for p_session_id with those values.
  create or replace function wh_rollup_connections(p_session_id wt_public_id)
    returns void
  as $$
  declare
    session_row wh_session_accumulating_fact%rowtype;
  begin
    with
    session_totals (session_id, total_connection_count, total_bytes_up, total_bytes_down) as (
      select session_id,
             sum(connection_count),
             sum(bytes_up),
             sum(bytes_down)
        from wh_session_connection_accumulating_fact
       where session_id = p_session_id
       group by session_id
    )
    update wh_session_accumulating_fact
       set total_connection_count = session_totals.total_connection_count,
           total_bytes_up         = session_totals.total_bytes_up,
           total_bytes_down       = session_totals.total_bytes_down
      from session_totals
     where wh_session_accumulating_fact.session_id = session_totals.session_id
    returning wh_session_accumulating_fact.* into strict session_row;
  end;
  $$ language plpgsql;

  --
  -- Session triggers
  --

  -- wh_insert_session returns an after insert trigger for the session table
  -- which inserts a row in wh_session_accumulating_fact for the new session.
  -- wh_insert_session also calls the wh_upsert_host and wh_upsert_user
  -- functions which can result in new rows in wh_host_dimension and
  -- wh_user_dimension respectively.
  create or replace function wh_insert_session()
    returns trigger
  as $$
  declare
    new_row wh_session_accumulating_fact%rowtype;
  begin
    with
    pending_timestamp (date_dim_id, time_dim_id, ts) as (
      select wh_date_id(start_time), wh_time_id(start_time), start_time
        from session_state
       where session_id = new.public_id
         and state = 'pending'
    )
    insert into wh_session_accumulating_fact (
           session_id,
           auth_token_id,
           host_id,
           user_id,
           session_pending_date_id,
           session_pending_time_id,
           session_pending_time
    )
    select new.public_id,
           new.auth_token_id,
           wh_upsert_host(new.host_id, new.host_set_id, new.target_id),
           wh_upsert_user(new.user_id, new.auth_token_id),
           pending_timestamp.date_dim_id,
           pending_timestamp.time_dim_id,
           pending_timestamp.ts
      from pending_timestamp
      returning * into strict new_row;
    return null;
  end;
  $$ language plpgsql;

  create trigger wh_insert_session
    after insert on session
    for each row
    execute function wh_insert_session();

  --
  -- Session Connection triggers
  --

  -- wh_insert_session_connection returns an after insert trigger for the
  -- session_connection table which inserts a row in
  -- wh_session_connection_accumulating_fact for the new session connection.
  -- wh_insert_session_connection also calls wh_rollup_connections which can
  -- result in updates to wh_session_accumulating_fact.
  create or replace function wh_insert_session_connection()
    returns trigger
  as $$
  declare
    new_row wh_session_connection_accumulating_fact%rowtype;
  begin
    with
    authorized_timestamp (date_dim_id, time_dim_id, ts) as (
      select wh_date_id(start_time), wh_time_id(start_time), start_time
        from session_connection_state
       where connection_id = new.public_id
         and state = 'authorized'
    ),
    session_dimension (host_dim_id, user_dim_id) as (
      select host_id, user_id
        from wh_session_accumulating_fact
       where session_id = new.session_id
    )
    insert into wh_session_connection_accumulating_fact (
           connection_id,
           session_id,
           host_id,
           user_id,
           connection_authorized_date_id,
           connection_authorized_time_id,
           connection_authorized_time,
           client_tcp_address,
           client_tcp_port_number,
           endpoint_tcp_address,
           endpoint_tcp_port_number,
           bytes_up,
           bytes_down
    )
    select new.public_id,
           new.session_id,
           session_dimension.host_dim_id,
           session_dimension.user_dim_id,
           authorized_timestamp.date_dim_id,
           authorized_timestamp.time_dim_id,
           authorized_timestamp.ts,
           new.client_tcp_address,
           new.client_tcp_port,
           new.endpoint_tcp_address,
           new.endpoint_tcp_port,
           new.bytes_up,
           new.bytes_down
      from authorized_timestamp,
           session_dimension
      returning * into strict new_row;
    perform wh_rollup_connections(new.session_id);
    return null;
  end;
  $$ language plpgsql;

  create trigger wh_insert_session_connection
    after insert on session_connection
    for each row
    execute function wh_insert_session_connection();

  -- wh_update_session_connection returns an after update trigger for the
  -- session_connection table which updates a row in
  -- wh_session_connection_accumulating_fact for the session connection.
  -- wh_update_session_connection also calls wh_rollup_connections which can
  -- result in updates to wh_session_accumulating_fact.
  create or replace function wh_update_session_connection()
    returns trigger
  as $$
  declare
    updated_row wh_session_connection_accumulating_fact%rowtype;
  begin
        update wh_session_connection_accumulating_fact
           set client_tcp_address       = new.client_tcp_address,
               client_tcp_port_number   = new.client_tcp_port,
               endpoint_tcp_address     = new.endpoint_tcp_address,
               endpoint_tcp_port_number = new.endpoint_tcp_port,
               bytes_up                 = new.bytes_up,
               bytes_down               = new.bytes_down
         where connection_id = new.public_id
     returning * into strict updated_row;
    perform wh_rollup_connections(new.session_id);
    return null;
  end;
  $$ language plpgsql;

  create trigger wh_update_session_connection
    after update on session_connection
    for each row
    execute function wh_update_session_connection();

  --
  -- Session State trigger
  --

  -- wh_insert_session_state returns an after insert trigger for the
  -- session_state table which updates wh_session_accumulating_fact.
  create or replace function wh_insert_session_state()
    returns trigger
  as $$
  declare
    date_col text;
    time_col text;
    ts_col text;
    q text;
    session_row wh_session_accumulating_fact%rowtype;
  begin
    if new.state = 'pending' then
      -- The pending state is the first state which is handled by the
      -- wh_insert_session trigger. The update statement in this trigger will
      -- fail for the pending state because the row for the session has not yet
      -- been inserted into the wh_session_accumulating_fact table.
      return null;
    end if;

    date_col = 'session_' || new.state || '_date_id';
    time_col = 'session_' || new.state || '_time_id';
    ts_col   = 'session_' || new.state || '_time';

    q = format('update wh_session_accumulating_fact
                   set (%I, %I, %I) = (select wh_date_id(%L), wh_time_id(%L), %L::timestamptz)
                 where session_id = %L
                returning *',
                date_col,       time_col,       ts_col,
                new.start_time, new.start_time, new.start_time,
                new.session_id);
    execute q into strict session_row;

    return null;
  end;
  $$ language plpgsql;

  create trigger wh_insert_session_state
    after insert on session_state
    for each row
    execute function wh_insert_session_state();

  --
  -- Session Connection State trigger
  --

  -- wh_insert_session_connection_state returns an after insert trigger for the
  -- session_connection_state table which updates
  -- wh_session_connection_accumulating_fact.
  create or replace function wh_insert_session_connection_state()
    returns trigger
  as $$
  declare
    date_col text;
    time_col text;
    ts_col text;
    q text;
    connection_row wh_session_connection_accumulating_fact%rowtype;
  begin
    if new.state = 'authorized' then
      -- The authorized state is the first state which is handled by the
      -- wh_insert_session_connection trigger. The update statement in this
      -- trigger will fail for the authorized state because the row for the
      -- session connection has not yet been inserted into the
      -- wh_session_connection_accumulating_fact table.
      return null;
    end if;

    date_col = 'connection_' || new.state || '_date_id';
    time_col = 'connection_' || new.state || '_time_id';
    ts_col   = 'connection_' || new.state || '_time';

    q = format('update wh_session_connection_accumulating_fact
                   set (%I, %I, %I) = (select wh_date_id(%L), wh_time_id(%L), %L::timestamptz)
                 where connection_id = %L
                returning *',
                date_col,       time_col,       ts_col,
                new.start_time, new.start_time, new.start_time,
                new.connection_id);
    execute q into strict connection_row;

    return null;
  end;
  $$ language plpgsql;

  create trigger wh_insert_session_connection_state
    after insert on session_connection_state
    for each row
    execute function wh_insert_session_connection_state();

commit;

 (details: pq: syntax error at or near "function")

ubuntu@ip-10-0-20-207:~$ boundary -version

Version information:
  Git Revision:        eccd68d73c3edf14863ecfd31f9023063b809d5a
  Version Number:      0.1.1

ubuntu@ip-10-0-20-207:~$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.1 LTS
Release:	18.04
Codename:	bionic

controller {
  name = "dev-controller"
  description = "Dev"
  database {
    url = "postgresql://boundary:b0und@ry!@localhost:5432/boundary"
  }
}

listener "tcp" {
  # Should be the address of the NIC that the controller server will be reached on
  address = "10.0.20.207"
  # The purpose of this listener block
  purpose = "api"

  tls_disable = true

}

# Data-plane listener configuration block (used for worker coordination)
listener "tcp" {
  # Should be the IP of the NIC that the worker will connect on
  address = "10.0.20.207"
  # The purpose of this listener
  purpose = "cluster"

  tls_disable = true
}

# Root KMS configuration block: this is the root key for Boundary
# Use a production KMS such as AWS KMS in production installs
kms "aead" {
  purpose = "root"
  aead_type = "aes-gcm"
  key = "<REDACTED>"
  key_id = "global_root"
}

# Worker authorization KMS
# Use a production KMS such as AWS KMS for production installs
# This key is the same key used in the worker configuration
kms "aead" {
  purpose = "worker-auth"
  aead_type = "aes-gcm"
  key = "<REDACTED>"
  key_id = "global_worker-auth"
}

# Recovery KMS block: configures the recovery key for Boundary
# Use a production KMS such as AWS KMS for production installs
kms "aead" {
  purpose = "recovery"
  aead_type = "aes-gcm"
  key = "<REDACTED>"
  key_id = "global_recovery"
}```

boundary proxy -authz foo

Usage: boundary <command> [args]

...

boundary connect  -target-scope-id=p_Foo -target-name=foo

Proxy listening information:
  Address:             127.0.0.1
  Connection Limit:    1
...

$ boundary users add-accounts -id=u_BarFoo1234 -account=apw_FooBar1234
Error from controller when performing add-accounts on user:
Error information:
  Code:                Internal
  Error ID:            1B7vyMQ0bD
  Message:
  Status:              500

Nov 18 23:44:29 boundary-worker-01 boundary[41692]: 2020-11-18T23:44:29.946Z [ERROR] controller: internal error returned: error id=zJClPrNyng error="Status: 500, Code: "Internal", Error: "Unable to set accounts for the user: set associated accounts: set associated accounts: unable to associate ids: associate user with accounts: apw_FooBar1234 account is associated with a user u_BarFoo1234: invalid parameter.""
Nov 18 23:46:25 boundary-worker-01 boundary[41692]: 2020-11-18T23:46:25.956Z [ERROR] controller: internal error returned: error id=1B7vyMQ0bD error="Status: 500, Code: "Internal", Error: "Unable to add accounts to user: associate accounts: error associating account ids: associate accounts: associate user with accouts: failed to associate apw_FooBar1234 account: update: failed: pq: new row for relation \"auth_account\" violates check constraint \"user_and_auth_account_in_same_scope\".""

url = "postgresql://<servername>.postgres.database.azure.com:5432/postgres?user=<username>@<servername>&password=<password>&sslmode=require"