Boundary
Connect helpers
Boundary includes connect helpers that automatically accept host key prompts for you to help facilitate connections.
These are written as boundary connect <subcommand>
and are supported for the following connection types:
- HTTP
- Kubernetes
- PostgreSQL
- RDP
- SSH
If you want to pass additional flags to the client, you can add them to the command line separated by a double dash.
Boundary passes anything after the double dash to the executed client.
For example, the following command uses the SSH connect helper to pass -l some-other-user
to the SSH client:
$ boundary connect ssh -target-id ttcp_1234567890 -- -l some-other-user
Connect helpers also support a -style
flag that lets you override the default client and format arguments in a different style.
For example, besides the default style ssh
, the SSH connect helper supports a -style putty
option that lets you pass connection information to PuTTY.
One advantage to styles is that Boundary can provide information to the client in a format that makes sense.
For example, the -username
flag is used to specify a username other than the currently logged-in user.
This ensures that regardless of the -style
you choose, the username is properly passed to the executed client, and you don't have to figure out the syntax for yourself.
HTTP connect helper
The HTTP connect helper executes curl
, and passes information such as the HTTP path, method, and verb.
It can be useful to call API endpoints through the Boundary proxy.
The following example calls a weather API endpoint to get the rain forecast for New York:
$ boundary connect http -target-id ttcp_VlpkajEuuf -path '/v1/forecast?latitude=40.7143&longitude=-74.006&daily=precipitation_sum&timezone=America%2FNew_York'
The HTTP helper supports the following flags:
host
: Specifies the host value to use, and overrides the endpoint address from the session information.method
: Specifies the method to use. If you do not set this value, the helper uses the client's default method.path
: Specifies a path that Boundary appends to the generated URL.scheme
: Specifies the scheme to use. The default scheme ishttps
.style
: Specifies how the CLI attempts to invoke an HTTP client. The only supported style for the HTTP helper iscurl
.
For more information, refer to the connect http
command documenatation.
Kubernetes connect helper
The Kubernetes connect helper executes kubectl
by proxying the call through Boundary.
It can be useful to access a Kubernetes cluster that does not publicly expose its API server.
To pass subcommands to kubectl
, use --
followed by the command you want to pass.
The following example calls kubectl top node
:
$ boundary connect kube -target-id ttcp_Yq0QCUMSe2 -- top node
The Kubernetes helper supports the following flags:
host
: Specifies the host value to use, and overrides the endpoint address from the session information.scheme
: Specifies the scheme to use. The default scheme ishttps
.style
: Specifies how the CLI attempts to invoke a Kubernetes client. The only supported style for the Kubernetes helper iskubectl
.
For more information, refer to the connect kube
command documenatation.
PostgreSQL connect helper
The PostgreSQL helper executes psql
, and passes information such as the username and database name from the command line.
The following example connects to a PostgreSQL database named boundary
:
$ boundary connect postgres -target-id ttcp_eTcZMueUYv -username admin -dbname postgres
The PostgreSQL helper automatically injects brokered credentials, allowing you to access the PostgreSQL instance without knowing the username and password.
$ boundary connect postgres -target-id ttcp_eTcZMueUYv -dbname postgres
The PostgreSQL helper supports the following flags:
dbname
: Specifies the database name you want to pass through to the client.style
: Specifies how the CLI attempts to inovke a PostgreSQL client. The only supported style for the PostgreSQL helper ispsql
.username
: Specifies the username you want to pass through to the client.
For more information, refer to the connect postgres
command documenatation.
RDP connect helper
The RDP helper determines which RDP client to use depending on your operating system.
On Windows, it uses mstsc.exe
.
On Mac, it uses open
.
Other operating systems are not currently supported.
The following command executes the RDP client and establishes the connection through Boundary:
$ boundary connect rdp -target-id ttcp_eTcZMueUYv
The RDP helper supports the following flag:
style
: Specifies how the CLI attempts to inovke an RDP client. The RDP helper supports the stylesmstsc
andopen
.
For more information, refer to the connect rdp
command documenatation.
SSH connect helper
The SSH helper automatically executes SSH and passes connection information. An expected host ID is set to avoid warnings on future connections when a different port is allocated automatically. You must still accept a host key upon the first connection.
The following command connects to a target and automatically fills in the local address and port:
$ boundary connect ssh -target-id ttcp_1234567890
The SSH helper supports the following flags:
remote-command
: Specifies a command you want to run on the remote host. You can specify a complete command line, or you may include additonal arguments. If you include additional arguments, you must append them to the command and separate them using spaces.style
: Specifies how the CLI attempts to inovke an SSH client. The SSH helper supports the stylesssh
andputty
.username
: Specifies the username you want to pass through to the client.
For more information, refer to the connect ssh
command documenatation.