consul/agent/config/testdata/full-config.json

743 lines
20 KiB
JSON
Raw Normal View History

{
"acl_agent_master_token": "furuQD0b",
"acl_agent_token": "cOshLOQ2",
"acl_datacenter": "m3urck3z",
"acl_default_policy": "ArK3WIfE",
"acl_down_policy": "vZXMfMP0",
"acl_enable_key_list_policy": true,
"acl_master_token": "C1Q1oIwh",
"acl_replication_token": "LMmgy5dO",
"acl_token": "O1El0wan",
"acl_ttl": "18060s",
"acl" : {
"enabled" : true,
"down_policy" : "03eb2aee",
"default_policy" : "72c2e7a0",
"enable_key_list_policy": true,
"enable_token_persistence": true,
"policy_ttl": "1123s",
"role_ttl": "9876s",
"token_ttl": "3321s",
"enable_token_replication" : true,
"msp_disable_bootstrap": true,
"tokens" : {
"master" : "8a19ac27",
"initial_management" : "3820e09a",
"agent_master" : "64fd0e08",
"agent_recovery" : "1dba6aba",
"replication" : "5795983a",
"agent" : "bed2377c",
"default" : "418fdff1",
"managed_service_provider": [
{
"accessor_id": "first",
"secret_id": "fb0cee1f-2847-467c-99db-a897cff5fd4d"
},
{
"accessor_id": "second",
"secret_id": "1046c8da-e166-4667-897a-aefb343db9db"
}
]
}
},
"addresses": {
"dns": "93.95.95.81",
"http": "83.39.91.39",
"https": "95.17.17.19",
"grpc": "32.31.61.91"
},
"advertise_addr": "17.99.29.16",
"advertise_addr_wan": "78.63.37.19",
"advertise_reconnect_timeout": "0s",
"audit": {
"enabled": true
},
"auto_config": {
"enabled": false,
"intro_token": "OpBPGRwt",
"intro_token_file": "gFvAXwI8",
"dns_sans": ["6zdaWg9J"],
"ip_sans": ["198.18.99.99"],
"server_addresses": ["198.18.100.1"],
"authorization": {
"enabled": true,
"static": {
"allow_reuse": true,
"claim_mappings": {
"node": "node"
},
"list_claim_mappings": {
"foo": "bar"
},
"bound_issuer": "consul",
"bound_audiences": ["consul-cluster-1"],
"claim_assertions": ["value.node == \"${node}\""],
"jwt_validation_pub_keys": ["-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERVchfCZng4mmdvQz1+sJHRN40snC\nYt8NjYOnbnScEXMkyoUmASr88gb7jaVAVt3RYASAbgBjB2Z+EUizWkx5Tg==\n-----END PUBLIC KEY-----"]
}
}
},
"autopilot": {
"cleanup_dead_servers": true,
"disable_upgrade_migration": true,
"last_contact_threshold": "12705s",
"max_trailing_logs": 17849,
"min_quorum": 3,
"redundancy_zone_tag": "3IsufDJf",
"server_stabilization_time": "23057s",
"upgrade_version_tag": "W9pDwFAL"
},
"bind_addr": "16.99.34.17",
"bootstrap_expect": 53,
"cache": {
"entry_fetch_max_burst": 42,
"entry_fetch_rate": 0.334
},
"use_streaming_backend": true,
"ca_file": "erA7T0PM",
"ca_path": "mQEN1Mfp",
"cert_file": "7s4QAzDk",
"check": {
"id": "fZaCAXww",
"name": "OOM2eo0f",
"notes": "zXzXI9Gt",
"service_id": "L8G0QNmR",
"token": "oo4BCTgJ",
"status": "qLykAl5u",
"args": ["f3BemRjy", "e5zgpef7"],
"http": "29B93haH",
"header": {
"hBq0zn1q": [ "2a9o9ZKP", "vKwA5lR6" ],
"f3r6xFtM": [ "RyuIdDWv", "QbxEcIUM" ]
},
"method": "Dou0nGT5",
"body": "5PBQd2OT",
"disable_redirects": true,
"output_max_size": 4096,
"tcp": "JY6fTTcw",
"h2ping": "rQ8eyCSF",
2021-10-05 01:36:18 +00:00
"h2ping_use_tls": false,
"interval": "18714s",
"docker_container_id": "qF66POS9",
"shell": "sOnDy228",
"tls_server_name": "7BdnzBYk",
"tls_skip_verify": true,
"timeout": "5954s",
"deregister_critical_service_after": "13209s"
},
"checks": [
{
"id": "uAjE6m9Z",
"name": "QsZRGpYr",
"notes": "VJ7Sk4BY",
"service_id": "lSulPcyz",
"token": "toO59sh8",
"status": "9RlWsXMV",
"args": ["4BAJttck", "4D2NPtTQ"],
"http": "dohLcyQ2",
"header": {
"ZBfTin3L": [ "1sDbEqYG", "lJGASsWK" ],
"Ui0nU99X": [ "LMccm3Qe", "k5H5RggQ" ]
},
"method": "aldrIQ4l",
"body": "wSjTy7dg",
"disable_redirects": true,
"tcp": "RJQND605",
"h2ping": "9N1cSb5B",
2021-10-05 01:36:18 +00:00
"h2ping_use_tls": false,
"interval": "22164s",
"output_max_size": 4096,
"docker_container_id": "ipgdFtjd",
"shell": "qAeOYy0M",
"tls_server_name": "bdeb5f6a",
"tls_skip_verify": true,
"timeout": "1813s",
"deregister_critical_service_after": "14232s"
},
{
"id": "Cqq95BhP",
"name": "3qXpkS0i",
"notes": "sb5qLTex",
"service_id": "CmUUcRna",
"token": "a3nQzHuy",
"status": "irj26nf3",
"args": ["9s526ogY", "gSlOHj1w"],
"http": "yzhgsQ7Y",
"header": {
"zcqwA8dO": [ "qb1zx0DL", "sXCxPFsD" ],
"qxvdnSE9": [ "6wBPUYdF", "YYh8wtSZ" ]
},
"method": "gLrztrNw",
"body": "0jkKgGUC",
"disable_redirects": false,
"tcp": "4jG5casb",
"h2ping": "HCHU7gEb",
2021-10-05 01:36:18 +00:00
"h2ping_use_tls": false,
"interval": "28767s",
"output_max_size": 4096,
"docker_container_id": "THW6u7rL",
"shell": "C1Zt3Zwh",
"tls_server_name": "6adc3bfb",
"tls_skip_verify": true,
"timeout": "18506s",
"deregister_critical_service_after": "2366s"
}
],
"check_update_interval": "16507s",
"client_addr": "93.83.18.19",
"config_entries": {
"bootstrap": [
{
"kind": "proxy-defaults",
"name": "global",
"config": {
"foo": "bar",
"bar": 1.0
}
}
]
},
"auto_encrypt": {
"tls": false,
"dns_san": ["a.com", "b.com"],
"ip_san": ["192.168.4.139", "192.168.4.140"],
"allow_tls": true
},
"connect": {
"ca_provider": "consul",
"ca_config": {
"root_cert_ttl": "96360h",
"intermediate_cert_ttl": "8760h",
"leaf_cert_ttl": "1h",
"csr_max_per_second": 100,
"csr_max_concurrent": 2
},
"enable_mesh_gateway_wan_federation": false,
"enabled": true,
"enable_serverless_plugin": true
},
"gossip_lan" : {
"gossip_nodes": 6,
"gossip_interval" : "25252s",
"retransmit_mult" : 1234,
"suspicion_mult" : 1235,
"probe_interval" : "101ms",
"probe_timeout" : "102ms"
},
"gossip_wan" : {
"gossip_nodes" : 2,
"gossip_interval" : "6966s",
"retransmit_mult" : 16384,
"suspicion_mult" : 16385,
"probe_interval" : "103ms",
"probe_timeout" : "104ms"
},
"datacenter": "rzo029wg",
"default_query_time": "16743s",
"disable_anonymous_signature": true,
"disable_coordinates": true,
"disable_host_node_id": true,
"disable_http_unprintable_char_filter": true,
"disable_keyring_file": true,
"disable_remote_exec": true,
"disable_update_check": true,
"discard_check_output": true,
"discovery_max_stale": "5s",
"domain": "7W1xXSqd",
"alt_domain": "1789hsd",
"dns_config": {
"allow_stale": true,
"a_record_limit": 29907,
"disable_compression": true,
"enable_truncate": true,
"max_stale": "29685s",
"node_ttl": "7084s",
"only_passing": true,
"recursor_timeout": "4427s",
"service_ttl": {
"*": "32030s"
},
"udp_answer_limit": 29909,
"use_cache": true,
"cache_max_age": "5m",
"prefer_namespace": true
},
"enable_acl_replication": true,
"enable_agent_tls_for_checks": true,
"enable_central_service_config": false,
"enable_debug": true,
"enable_script_checks": true,
"enable_local_script_checks": true,
"enable_syslog": true,
"encrypt": "A4wELWqH",
"encrypt_verify_incoming": true,
"encrypt_verify_outgoing": true,
"http_config": {
"block_endpoints": [ "RBvAFcGD", "fWOWFznh" ],
"allow_write_http_from": [ "127.0.0.1/8", "22.33.44.55/32", "0.0.0.0/0" ],
"response_headers": {
"M6TKa9NP": "xjuxjOzQ",
"JRCrHZed": "rl0mTx81"
},
"use_cache": false,
"max_header_bytes": 10
},
"key_file": "IEkkwgIA",
"leave_on_terminate": true,
"license_path": "/path/to/license.lic",
"limits": {
"http_max_conns_per_client": 100,
"https_handshake_timeout": "2391ms",
"rpc_handshake_timeout": "1932ms",
"rpc_rate": 12029.43,
"rpc_max_burst": 44848,
"rpc_max_conns_per_client": 2954,
"kv_max_value_size": 1234567800,
"txn_max_req_len": 567800000
},
"log_level": "k1zo9Spt",
"log_json": true,
"max_query_time": "18237s",
"node_id": "AsUIlw99",
"node_meta": {
"5mgGQMBk": "mJLtVMSG",
"A7ynFMJB": "0Nx6RGab"
},
"node_name": "otlLxGaI",
"non_voting_server": true,
"partition": "",
"performance": {
"leave_drain_time": "8265s",
"raft_multiplier": 5,
"rpc_hold_timeout": "15707s"
},
"pid_file": "43xN80Km",
"ports": {
"dns": 7001,
"http": 7999,
"https": 15127,
"server": 3757,
"grpc": 4881,
"sidecar_min_port": 8888,
"sidecar_max_port": 9999,
"expose_min_port": 1111,
"expose_max_port": 2222
},
"protocol": 30793,
"primary_datacenter": "ejtmd43d",
"primary_gateways": [ "aej8eeZo", "roh2KahS" ],
"primary_gateways_interval": "18866s",
"raft_protocol": 3,
"raft_snapshot_threshold": 16384,
"raft_snapshot_interval": "30s",
"raft_trailing_logs": 83749,
"raft_boltdb": {
"NoFreelistSync": true
},
"read_replica": true,
"reconnect_timeout": "23739s",
"reconnect_timeout_wan": "26694s",
"recursors": [ "63.38.39.58", "92.49.18.18" ],
"rejoin_after_leave": true,
"retry_interval": "8067s",
"retry_interval_wan": "28866s",
"retry_join": [ "pbsSFY7U", "l0qLtWij" ],
"retry_join_wan": [ "PFsR02Ye", "rJdQIhER" ],
"retry_max": 913,
"retry_max_wan": 23160,
"rpc": {"enable_streaming": true},
"segment_limit": 123,
"serf_lan": "99.43.63.15",
"serf_wan": "67.88.33.19",
"server": true,
"server_name": "Oerr9n1G",
"service": {
"id": "dLOXpSCI",
"name": "o1ynPkp0",
"meta": {
"mymeta": "data"
},
"tagged_addresses": {
"lan": {
"address": "2d79888a",
"port": 2143
},
"wan": {
"address": "d4db85e2",
"port": 6109
}
},
"tags": ["nkwshvM5", "NTDWn3ek"],
"address": "cOlSOhbp",
"token": "msy7iWER",
"port": 24237,
"weights": {
"passing": 100,
"warning": 1
},
"enable_tag_override": true,
"check": {
"id": "RMi85Dv8",
"name": "iehanzuq",
"status": "rCvn53TH",
"notes": "fti5lfF3",
"args": ["16WRUmwS", "QWk7j7ae"],
"http": "dl3Fgme3",
"header": {
"rjm4DEd3": ["2m3m2Fls"],
"l4HwQ112": ["fk56MNlo", "dhLK56aZ"]
},
"method": "9afLm3Mj",
"body": "wVVL2V6f",
"disable_redirects": true,
"tcp": "fjiLFqVd",
"h2ping": "5NbNWhan",
2021-10-05 01:36:18 +00:00
"h2ping_use_tls": false,
"interval": "23926s",
"output_max_size": 4096,
"docker_container_id": "dO5TtRHk",
"shell": "e6q2ttES",
"tls_server_name": "ECSHk8WF",
"tls_skip_verify": true,
"timeout": "38483s",
"deregister_critical_service_after": "68787s"
},
"checks": [
{
"id": "Zv99e9Ka",
"name": "sgV4F7Pk",
"notes": "yP5nKbW0",
"status": "7oLMEyfu",
"args": ["5wEZtZpv", "0Ihyk8cS"],
"http": "KyDjGY9H",
"header": {
"gv5qefTz": [ "5Olo2pMG", "PvvKWQU5" ],
"SHOVq1Vv": [ "jntFhyym", "GYJh32pp" ]
},
"method": "T66MFBfR",
"body": "OwGjTFQi",
"disable_redirects": true,
"tcp": "bNnNfx2A",
"h2ping": "qC1pidiW",
2021-10-05 01:36:18 +00:00
"h2ping_use_tls": false,
"interval": "22224s",
"output_max_size": 4096,
"docker_container_id": "ipgdFtjd",
"shell": "omVZq7Sz",
"tls_server_name": "axw5QPL5",
"tls_skip_verify": true,
"timeout": "18913s",
"deregister_critical_service_after": "8482s"
},
{
"id": "G79O6Mpr",
"name": "IEqrzrsd",
"notes": "SVqApqeM",
"status": "XXkVoZXt",
"args": ["wD05Bvao", "rLYB7kQC"],
"http": "kyICZsn8",
"header": {
"4ebP5vL4": [ "G20SrL5Q", "DwPKlMbo" ],
"p2UI34Qz": [ "UsG1D0Qh", "NHhRiB6s" ]
},
"method": "ciYHWors",
"body": "lUVLGYU7",
"disable_redirects": false,
"tcp": "FfvCwlqH",
"h2ping": "spI3muI3",
2021-10-05 01:36:18 +00:00
"h2ping_use_tls": false,
"interval": "12356s",
"output_max_size": 4096,
"docker_container_id": "HBndBU6R",
"shell": "hVI33JjA",
"tls_server_name": "7uwWOnUS",
"tls_skip_verify": true,
"timeout": "38282s",
"deregister_critical_service_after": "4992s"
}
],
"connect": {
"native": true
}
},
"services": [
{
"id": "wI1dzxS4",
"name": "7IszXMQ1",
"tags": ["0Zwg8l6v", "zebELdN5"],
"address": "9RhqPSPB",
"token": "myjKJkWH",
"port": 72219,
"enable_tag_override": true,
"check": {
"id": "qmfeO5if",
"name": "atDGP7n5",
"status": "pDQKEhWL",
"notes": "Yt8EDLev",
"args": ["81EDZLPa", "bPY5X8xd"],
"http": "qzHYvmJO",
"header": {
"UkpmZ3a3": ["2dfzXuxZ"],
"cVFpko4u": ["gGqdEB6k", "9LsRo22u"]
},
"method": "X5DrovFc",
"body": "WeikigLh",
"disable_redirects": true,
"tcp": "ICbxkpSF",
"h2ping": "7s7BbMyb",
2021-10-05 01:36:18 +00:00
"h2ping_use_tls": false,
"interval": "24392s",
"output_max_size": 4096,
"docker_container_id": "ZKXr68Yb",
"shell": "CEfzx0Fo",
"tls_server_name": "4f191d4F",
"tls_skip_verify": true,
"timeout": "38333s",
"deregister_critical_service_after": "44214s"
},
"connect": {
"sidecar_service": {}
}
},
{
"id": "MRHVMZuD",
"name": "6L6BVfgH",
"tags": ["7Ale4y6o", "PMBW08hy"],
"address": "R6H6g8h0",
"token": "ZgY8gjMI",
"port": 38292,
"weights": {
"passing": 1979,
"warning": 6
},
"enable_tag_override": true,
"checks": [
{
"id": "GTti9hCo",
"name": "9OOS93ne",
"notes": "CQy86DH0",
"status": "P0SWDvrk",
"args": ["EXvkYIuG", "BATOyt6h"],
"http": "u97ByEiW",
"header": {
"MUlReo8L": [ "AUZG7wHG", "gsN0Dc2N" ],
"1UJXjVrT": [ "OJgxzTfk", "xZZrFsq7" ]
},
"method": "5wkAxCUE",
"body": "7CRjCJyz",
"disable_redirects": false,
"tcp": "MN3oA9D2",
"h2ping": "OV6Q2XEg",
2021-10-05 01:36:18 +00:00
"h2ping_use_tls": false,
"interval": "32718s",
"output_max_size": 4096,
"docker_container_id": "cU15LMet",
"shell": "nEz9qz2l",
"tls_server_name": "f43ouY7a",
"tls_skip_verify": true,
"timeout": "34738s",
"deregister_critical_service_after": "84282s"
},
{
"id": "UHsDeLxG",
"name": "PQSaPWlT",
"notes": "jKChDOdl",
"status": "5qFz6OZn",
"output_max_size": 4096,
"timeout": "4868s",
"ttl": "11222s",
"deregister_critical_service_after": "68482s"
}
],
"connect": {}
},
{
"id": "Kh81CPF6",
"kind": "connect-proxy",
"name": "Kh81CPF6-proxy",
"port": 31471,
"proxy": {
"config": {
"cedGGtZf": "pWrUNiWw"
},
"destination_service_id": "6L6BVfgH-id",
"destination_service_name": "6L6BVfgH",
"local_service_address": "127.0.0.2",
"local_service_port": 23759,
"expose": {
"checks": true,
"paths": [
{
"path": "/health",
"local_path_port": 8080,
"listener_port": 21500,
"protocol": "http"
}
]
},
"mode": "transparent",
"transparent_proxy": {
"outbound_listener_port": 10101,
"dialed_directly": true
},
"upstreams": [
{
"destination_name": "KPtAj2cb",
"local_bind_port": 4051,
"config": {
"kzRnZOyd": "nUNKoL8H"
}
},
{
"destination_name": "KSd8HsRl",
"destination_namespace": "9nakw0td",
2021-08-20 16:57:45 +00:00
"destination_partition": "part-9nakw0td",
"destination_type": "prepared_query",
"local_bind_address": "127.24.88.0",
"local_bind_port": 11884
},
{
"destination_name": "placeholder",
"destination_namespace": "9nakw0td",
2021-08-20 16:57:45 +00:00
"destination_partition": "part-9nakw0td",
"destination_type": "prepared_query",
"local_bind_socket_path": "/foo/bar/upstream",
"local_bind_socket_mode": "0600"
}
]
}
},
{
"id": "kvVqbwSE",
"kind": "mesh-gateway",
"name": "gw-primary-dc",
"port": 27147,
"proxy": {
"config": {
"1CuJHVfw" : "Kzqsa7yc"
}
}
}
],
"session_ttl_min": "26627s",
"skip_leave_on_interrupt": true,
"start_join": [ "LR3hGDoG", "MwVpZ4Up" ],
"start_join_wan": [ "EbFSc3nA", "kwXTh623" ],
"syslog_facility": "hHv79Uia",
"tagged_addresses": {
"7MYgHrYH": "dALJAhLD",
"h6DdBy6K": "ebrr9zZ8"
},
"telemetry": {
"circonus_api_app": "p4QOTe9j",
"circonus_api_token": "E3j35V23",
"circonus_api_url": "mEMjHpGg",
"circonus_broker_id": "BHlxUhed",
"circonus_broker_select_tag": "13xy1gHm",
"circonus_check_display_name": "DRSlQR6n",
"circonus_check_force_metric_activation": "Ua5FGVYf",
"circonus_check_id": "kGorutad",
"circonus_check_instance_id": "rwoOL6R4",
"circonus_check_search_tag": "ovT4hT4f",
"circonus_check_tags": "prvO4uBl",
"circonus_submission_interval": "DolzaflP",
"circonus_submission_url": "gTcbS93G",
"disable_hostname": true,
"dogstatsd_addr": "0wSndumK",
"dogstatsd_tags": [ "3N81zSUB","Xtj8AnXZ" ],
"retry_failed_connection": true,
"filter_default": true,
"prefix_filter": [ "+oJotS8XJ","-cazlEhGn" ],
"metrics_prefix": "ftO6DySn",
"prometheus_retention_time": "15s",
"statsd_address": "drce87cy",
"statsite_address": "HpFwKB8R"
},
"tls": {
"defaults": {
"ca_file": "a5tY0opl",
"ca_path": "bN63LpXu",
"cert_file": "hB4PoxkL",
"key_file": "Po0hB1tY",
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
"tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"tls_min_version": "TLSv1_2",
"verify_incoming": true,
"verify_outgoing": true
},
"internal_rpc": {
"ca_file": "mKl19Utl",
"ca_path": "lOp1nhPa",
"cert_file": "dfJ4oPln",
"key_file": "aL1Knkpo",
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
"tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"tls_min_version": "TLSv1_1",
"verify_incoming": true,
"verify_outgoing": true
},
"https": {
"ca_file": "7Yu1PolM",
"ca_path": "nu4PlHzn",
"cert_file": "1yrhPlMk",
"key_file": "1bHapOkL",
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
"tls_min_version": "TLSv1_3",
"verify_incoming": true,
"verify_outgoing": true
},
"grpc": {
"ca_file": "lOp1nhJk",
"ca_path": "fLponKpl",
"cert_file": "a674klPn",
"key_file": "1y4prKjl",
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
"tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA",
"tls_min_version": "TLSv1_0",
"verify_incoming": true
}
},
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
"tls_cipher_suites": "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
"tls_min_version": "tls11",
"tls_prefer_server_cipher_suites": true,
"translate_wan_addrs": true,
"ui_config": {
"dir": "pVncV4Ey",
"content_path": "qp1WRhYH",
"metrics_provider": "sgnaoa_lower_case",
"metrics_provider_files": ["sgnaMFoa", "dicnwkTH"],
"metrics_provider_options_json": "{\"DIbVQadX\": 1}",
"metrics_proxy": {
"base_url": "http://foo.bar",
"add_headers": [
{
"name": "p3nynwc9",
"value": "TYBgnN2F"
}
],
"path_allowlist": ["/aSh3cu", "/eiK/2Th"]
},
"dashboard_url_templates": {
"u2eziu2n_lower_case": "http://lkjasd.otr"
}
},
"unix_sockets": {
"group": "8pFodrV8",
"mode": "E8sAwOv4",
"user": "E0nB1DwA"
},
"verify_incoming": true,
"verify_incoming_https": true,
"verify_incoming_rpc": true,
"verify_outgoing": true,
"verify_server_hostname": true,
"watches": [
{
"type": "key",
"datacenter": "GyE6jpeW",
"key": "j9lF1Tve",
"handler": "90N7S4LN"
}, {
"type": "keyprefix",
"datacenter": "fYrl3F5d",
"key": "sl3Dffu7",
"args": ["dltjDJ2a", "flEa7C2d"]
}
]
}