boundary
boundary copied to clipboard
hashicorp
Boundary UI in Recovery Workflow
Is your feature request related to a problem? Please describe. A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
When running in the recovery mode with no resources generated, if the user goes to the boundary UI on HTTP://localhost:9200 there is no message displayed just a blank screen.
Describe the solution you'd like A clear and concise description of what you want to happen.
When you are in the Recovery mode, if the user makes their way to the Boundary UI in recovery mode there should be a message saying something of the following
"Boundary is in Recovery Mode. Please use the Boundary CLI to manage your server."
Describe alternatives you've considered A clear and concise description of any alternative solutions or features you've considered.
N/A
Explain any additional use-cases If there are any use-cases that would help us understand the use/need/value please share them as they can help us decide on acceptance and prioritization.
N/A
Additional context Add any other context or screenshots about the feature request here.
The recovery workflow (https://www.boundaryproject.io/docs/concepts/security/data-encryption#the-recovery-kms-key) is supported by the CLI and API. Each request is authenticated separately, but there is no “recovery mode” or state into which Boundary enters, per se. The recovery workflow is very powerful, intended for limited administrative use. The UI does not support authenticating using a recovery workflow at this time. Is this a feature you’re looking for?
Well i was looking for just something on the Web interface saying something like the following
"Boundary is in Recovery Mode. Please use the Boundary CLI to manage your server."
Even before the username and password appears have the message displayed only if recovery mode is active.
@djdta There is a "recovery workflow" that may be used via the CLI and API. This workflow is intended as a backup method of authenticating with Boundary when other means have been lost, become inaccessible, or have yet to be created. Think of this as analogous to a root user with full privileges to perform almost any action within Boundary. Due to the sensitive nature of workflow, it is not currently accessible via the UI. A key point is that it is not a "mode" or state into which Boundary enters.
Hey @randallmorey
Totally understand what you mean, but I still believe from a non-developer perspective i believe a sysops administrator would benefit a great deal. Another idea could be boundary gets set up with no resources could you get a message any echo message out saying boundary is in recovery mode.
@djdta I just want to reiterate that there is no recovery mode. Boundary cannot enter a recovery mode because it does not exist.
When there are no resources at all (including no available auth methods), Boundary will report on that state when you visit in a browser:
Does this solve the problem?
It sounds like you are asking for helpful onboarding guidance and messaging when Boundary is running in a "brand new" scenario. This is a great idea and it's something we'll look into. Thank you for your interest in Boundary!