consul

Commit Graph

Author	SHA1	Message	Date
Chris Piraino	136099d834	Fix flakey health check reload test (#7490 ) This test would occasionally fail because we checked for a status of "critical" initially. This races with the actual healthcheck being run and declared passing. We instead use a ttl health check so that we don't rely on timing at all.	5 years ago
Daniel Nephin	266bdf7465	agent: Remove xdsServer field The field is only referenced from a single method, it can be a local var	5 years ago
Daniel Nephin	326453eaa1	dns: Remove a few unused params	5 years ago
Daniel Nephin	61ec7aa5c9	ci: Run all connect/ca tests from the integration suite To reduce the chance of some tests not being run because it does not match the regex passed to '-run'. Also document why some tests are allowed to be skipped on CI.	5 years ago
Daniel Nephin	f4a35dfd84	ci: Do not skip tests because of missing binaries on CI If the CI environment is not correct for running tests the tests should fail, so that we don't accidentally stop running some tests because of a change to our CI environment. Also removed a duplicate delcaration from init. I believe one was overriding the other as they are both in the same package.	5 years ago
Kim Ngo	bef693df9c	agent/xds: Update mesh gateway to use service router timeout (#7444 ) * website/connect/proxy/envoy: specify timeout precedence for services behind mesh gateway	5 years ago
Matt Keeler	80db61193c	Fix ACL mode advertisement and detection (#7451 ) These changes are necessary to ensure advertisement happens correctly even when datacenters are connected via network areas in Consul enterprise. This also changes how we check if ACLs can be upgraded within the local datacenter. Previously we would iterate through all LAN members. Now we just use the ServerLookup type to iterate through all known servers in the DC.	5 years ago
Freddy	709932f088	Update MSP token and filtering (#7431 )	5 years ago
Hans Hasselberg	7777891aa6	tls: remove old ciphers (#7282 ) Following advice from: https://github.com/ssllabs/research/wiki/SSL-and-TLS-Deployment-Best-Practices, this PR removes old ciphers.	5 years ago
R.B. Boyer	85a08bf8ed	server: strip local ACL tokens from RPCs during forwarding if crossing datacenters (#7419 ) Fixes #7414	5 years ago
Kyle Havlovitz	955ee64b95	Merge pull request #7373 from hashicorp/acl-segments-fix Add stub methods for ACL/segment bug fix from enterprise	5 years ago
R.B. Boyer	6adad71125	wan federation via mesh gateways (#6884 ) This is like a Möbius strip of code due to the fact that low-level components (serf/memberlist) are connected to high-level components (the catalog and mesh-gateways) in a twisty maze of references which make it hard to dive into. With that in mind here's a high level summary of what you'll find in the patch: There are several distinct chunks of code that are affected: * new flags and config options for the server * retry join WAN is slightly different * retry join code is shared to discover primary mesh gateways from secondary datacenters * because retry join logic runs in the agent and the results of that operation for primary mesh gateways are needed in the server there are some methods like `RefreshPrimaryGatewayFallbackAddresses` that must occur at multiple layers of abstraction just to pass the data down to the right layer. * new cache type `FederationStateListMeshGatewaysName` for use in `proxycfg/xds` layers * the function signature for RPC dialing picked up a new required field (the node name of the destination) * several new RPCs for manipulating a FederationState object: `FederationState:{Apply,Get,List,ListMeshGateways}` * 3 read-only internal APIs for debugging use to invoke those RPCs from curl * raft and fsm changes to persist these FederationStates * replication for FederationStates as they are canonically stored in the Primary and replicated to the Secondaries. * a special derivative of anti-entropy that runs in secondaries to snapshot their local mesh gateway `CheckServiceNodes` and sync them into their upstream FederationState in the primary (this works in conjunction with the replication to distribute addresses for all mesh gateways in all DCs to all other DCs) * a "gateway locator" convenience object to make use of this data to choose the addresses of gateways to use for any given RPC or gossip operation to a remote DC. This gets data from the "retry join" logic in the agent and also directly calls into the FSM. * RPC (`:8300`) on the server sniffs the first byte of a new connection to determine if it's actually doing native TLS. If so it checks the ALPN header for protocol determination (just like how the existing system uses the type-byte marker). * 2 new kinds of protocols are exclusively decoded via this native TLS mechanism: one for ferrying "packet" operations (udp-like) from the gossip layer and one for "stream" operations (tcp-like). The packet operations re-use sockets (using length-prefixing) to cut down on TLS re-negotiation overhead. * the server instances specially wrap the `memberlist.NetTransport` when running with gateway federation enabled (in a `wanfed.Transport`). The general gist is that if it tries to dial a node in the SAME datacenter (deduced by looking at the suffix of the node name) there is no change. If dialing a DIFFERENT datacenter it is wrapped up in a TLS+ALPN blob and sent through some mesh gateways to eventually end up in a server's :8300 port. * a new flag when launching a mesh gateway via `consul connect envoy` to indicate that the servers are to be exposed. This sets a special service meta when registering the gateway into the catalog. * `proxycfg/xds` notice this metadata blob to activate additional watches for the FederationState objects as well as the location of all of the consul servers in that datacenter. * `xds:` if the extra metadata is in place additional clusters are defined in a DC to bulk sink all traffic to another DC's gateways. For the current datacenter we listen on a wildcard name (`server.<dc>.consul`) that load balances all servers as well as one mini-cluster per node (`<node>.server.<dc>.consul`) * the `consul tls cert create` command got a new flag (`-node`) to help create an additional SAN in certs that can be used with this flavor of federation.	5 years ago
Matt Keeler	e3891db55b	Gather instance counts of aggregated services (#7415 )	5 years ago
Pierre Souchay	864f7efffa	agent: configuration reload preserves check's statuses for services (#7345 ) This fixes issue #7318 Between versions 1.5.2 and 1.5.3, a regression has been introduced regarding health of services. A patch #6144 had been issued for HealthChecks of nodes, but not for healthchecks of services. What happened when a reload was: 1. save all healthcheck statuses 2. cleanup everything 3. add new services with healthchecks In step 3, the state of healthchecks was taken into account locally, so at step 3, but since we cleaned up at step 2, state was lost. This PR introduces the snap parameter, so step 3 can use information from step 1	5 years ago
Hans Hasselberg	c46e2ae59b	docs: add docs for kv_max_value_size (#7405 ) Apart from the added docs, the error messages are similar now and are pointing to the corresponding options. Fixes #6708.	5 years ago
Kim Ngo	a8f4123d37	agent/txn_endpoint: configure max txn request length (#7388 ) configure max transaction size separately from kv limit	5 years ago
Matt Keeler	7584dfe8c8	Fix session backwards incompatibility with 1.6.x and earlier.	5 years ago
John Cowen	e83fb1882c	Adds http_config.response_headers to the UI headers plus tests (#7369 )	5 years ago
Pierre Souchay	2300e2d4ba	agent: take Prometheus MIME-type header into account (#7371 ) This will avoid adding format=prometheus in request and to parse more easily metrics using Prometheus. This commit follows https://github.com/hashicorp/consul/pull/6514 as the PR has been closed and extends it by accepting old Prometheus mime-type.	5 years ago
Kyle Havlovitz	7c57837908	Add stub methods for ACL/segment bug fix from enterprise	5 years ago
Hans Hasselberg	e05ac57e8f	tls: support tls 1.3 (#7325 )	5 years ago
Matt Keeler	861f754dad	Properly detect no alt domain set (#7323 )	5 years ago
Matt Keeler	4c9577678e	xDS Mesh Gateway Resolver Subset Fixes (#7294 ) * xDS Mesh Gateway Resolver Subset Fixes The first fix was that clusters were being generated for every service resolver subset regardless of there being any service instances of the associated service in that dc. The previous logic didn’t care at all but now it will omit generating those clusters unless we also have service instances that should be proxied. The second fix was to respect the DefaultSubset of a service resolver so that mesh-gateways would configure the endpoints of the unnamed subset cluster to only those endpoints matched by the default subsets filters. * Refactor the gateway endpoint generation to be a little easier to read	5 years ago
rerorero	2630a949f7	fix: Destroying a session that doesn't exist returns status cod… (#6905 ) fix #6840	5 years ago
Wim	3a2c865ff6	Fix high cpu usage with IPv6 recursor address. Closes #6120 (#6128 )	5 years ago
Chris Piraino	47ff532735	Fixes envoy config when both RetryOn* values are set (#7280 )	5 years ago
Lars Lehtonen	6bcd596539	agent/proxycfg: fix dropped error in state.initWatchesMeshGateway() (#7267 )	5 years ago
Matt Keeler	b137060630	Allow the PolicyResolve and RoleResolve endpoints to process na… (#7296 )	5 years ago
Hans Hasselberg	315d57bfb1	agent: sensible keyring error (#7272 ) Fixes #7231. Before an agent would always emit a warning when there is an encrypt key in the configuration and an existing keyring stored, which is happening on restart. Now it only emits that warning when the encrypt key from the configuration is not part of the keyring.	5 years ago
Hans Hasselberg	cb0f94487c	config: increase http_max_conns_per_client default to 200 (#7289 )	5 years ago
R.B. Boyer	12876983cf	avoid 'panic: Log in goroutine after TestCacheGet_refreshAge has completed' (#7276 )	5 years ago
R.B. Boyer	80b1165976	fix use of hclog logger (#7264 )	5 years ago
Matt Keeler	f523469529	Merge branch 'master' of github.com:hashicorp/consul	5 years ago
hashicorp-ci	f0cac9260f	update bindata_assetfs.go	5 years ago
ShimmerGlass	68e0f6bf84	agent: add server raft.{last,applied}_index gauges (#6694 ) These metrics are useful for : * Tracking the rate of update to the db * Allow to have a rough idea of when an index originated	5 years ago
gaoxinge	216eb29d6b	tests: convert windows style path to posix style path to avoid hcl parsing error (#6351 )	5 years ago
Matt Keeler	e231d62bc9	Make the config entry and leaf cert cache types ns aware (#7256 )	5 years ago
Hans Hasselberg	6739fe6e83	connect: add validations around intermediate cert ttl (#7213 )	5 years ago
R.B. Boyer	73ba5d9990	make the TestRPC_RPCMaxConnsPerClient test less flaky (#7255 )	5 years ago
Sarah Christoff	6678c8898a	Fix flaky TestAutopilot_BootstrapExpect (#7242 )	5 years ago
Kit Patella	55f19a9eb2	rpc: measure blocking queries (#7224 ) * agent: measure blocking queries * agent.rpc: update docs to mention we only record blocking queries * agent.rpc: make go fmt happy * agent.rpc: fix non-atomic read and decrement with bitwise xor of uint64 0 * agent.rpc: clarify review question * agent.rpc: today I learned that one must declare all variables before interacting with goto labels * Update agent/consul/server.go agent.rpc: more precise comment on `Server.queriesBlocking` Co-Authored-By: Paul Banks <banks@banksco.de> * Update website/source/docs/agent/telemetry.html.md agent.rpc: improve queries_blocking description Co-Authored-By: Paul Banks <banks@banksco.de> * agent.rpc: fix some bugs found in review * add a note about the updated counter behavior to telemetry.md * docs: add upgrade-specific note on consul.rpc.quer{y,ies_blocking} behavior Co-authored-by: Paul Banks <banks@banksco.de>	5 years ago
Akshay Ganeshen	8beb716414	feat: support sending body in HTTP checks (#6602 )	5 years ago
Matt Keeler	4f21bbdb4e	OSS Changes for agent local state namespace testing (#7250 )	5 years ago
Matt Keeler	d0cd092e3b	Catalog + Namespace OSS changes. (#7219 ) * Various Prepared Query + Namespace things * Last round of OSS changes for a namespaced catalog	5 years ago
R.B. Boyer	8c596953b0	agent: ensure that we always use the same settings for msgpack (#7245 ) We set RawToString=true so that []uint8 => string when decoding an interface{}. We set the MapType so that map[interface{}]interface{} decodes to map[string]interface{}. Add tests to ensure that this doesn't break existing usages. Fixes #7223	5 years ago
Freddy	01855d8579	Remove outdated TODO (#7244 )	5 years ago
Matt Keeler	444517080b	Fix a bug with ACL enforcement of reads on namespaced config entries. (#7239 )	5 years ago
Kit Patella	9a220f3010	agent/consul server: fix LeaderTest_ChangeNodeID (#7236 ) * fix LeaderTest_ChangeNodeID to use StatusLeft and add waitForAnyLANLeave * unextract the waitFor... fn, simplify, and provide a more descriptive error	5 years ago
Matt Keeler	9e5fd7f925	OSS Changes for various config entry namespacing bugs (#7226 )	5 years ago
Hans Hasselberg	6a18f01b42	agent: ensure node info sync and full sync. (#7189 ) This fixes #7020. There are two problems this PR solves: * if the node info changes it is highly likely to get service and check registration permission errors unless those service tokens have node:write. Hopefully services you register don’t have this permission. * the timer for a full sync gets reset for every partial sync which means that many partial syncs are preventing a full sync from happening Instead of syncing node info last, after services and checks, and possibly saving one RPC because it is included in every service sync, I am syncing node info first. It is only ever going to be a single RPC that we are only doing when node info has changed. This way we are guaranteed to sync node info even when something goes wrong with services or checks which is more likely because there are more syncs happening for them.	5 years ago
R.B. Boyer	0ecb4538c1	agent: differentiate wan vs lan loggers in memberlist and serf (#7205 ) This should be a helpful change until memberlist and serf can be properly switched to native hclog.	5 years ago
Matt Keeler	dceb107325	Fix disco chain graph validation for namespaces (#7217 ) Previously this happened to be validating only the chains in the default namespace. Now it will validate all chains in all namespaces when the global proxy-defaults is changed.	5 years ago
Matt Keeler	228da48f5d	Minor Non-Functional Updates (#7215 ) * Cleanup the discovery chain compilation route handling Nothing functionally should be different here. The real difference is that when creating new targets or handling route destinations we use the router config entries name and namespace instead of that of the top level request. Today they SHOULD always be the same but that may not always be the case. This hopefully also makes it easier to understand how the router entries are handled. * Refactor a small bit of the service manager tests in oss We used to use the stringHash function to compute part of the filename where things would get persisted to. This has been changed in the core code to calling the StringHash method on the ServiceID type. It just so happens that the new method will output the same value for anything in the default namespace (by design actually). However, logically this filename computation in the test should do the same thing as the core code itself so I updated it here. Also of note is that newer enterprise-only tests for the service manager cannot use the old stringHash function at all because it will produce incorrect results for non-default namespaces.	5 years ago
Freddy	cb77fc6d01	Add managed service provider token (#7218 ) Stubs for enterprise-only ACL token to be used by managed service providers.	5 years ago
Hans Hasselberg	f6ec8ed92b	agent: increase watchLimit to 8192. (#7200 ) The previous value was too conservative and users with many instances were having problems because of it. This change increases the limit to 8192 which reportedly fixed most of the issues with that. Related: #4984, #4986, #5050.	5 years ago
Matt Keeler	dfb0177dbc	Testing updates to support namespaced testing of the agent/xds… (#7185 ) * Various testing updates to support namespaced testing of the agent/xds package * agent/proxycfg package updates to support better namespace testing	5 years ago
Davor Kapsa	3cb4def563	auto_encrypt: check previously ignored error (#6604 )	5 years ago
hashicorp-ci	1fcf4bfc10	update bindata_assetfs.go	5 years ago
Hans Hasselberg	5531678e9e	Security fixes (#7182 ) * Mitigate HTTP/RPC Services Allow Unbounded Resource Usage Fixes #7159. Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> Co-authored-by: Paul Banks <banks@banksco.de>	5 years ago
Matt Keeler	d5f9268222	ACL enforcement for the agent/health/services endpoints (#7191 ) ACL enforcement for the agent/health/services endpoints	5 years ago
R.B. Boyer	cf29bd4dcf	cli: improve the file safety of 'consul tls' subcommands (#7186 ) - also fixing the signature of file.WriteAtomicWithPerms	5 years ago
Matt Keeler	d8c0be2c84	agent: add ACL enforcement to the v1/agent/health/service/* endpoints This adds acl enforcement to the two endpoints that were missing it. Note that in the case of getting a services health by its id, we still must first lookup the service so we still "leak" information about a service with that ID existing. There isn't really a way around it though as ACLs are meant to check service names.	5 years ago
Matt Keeler	6855a778c2	Updates to the Txn API for namespaces (#7172 ) * Updates to the Txn API for namespaces * Update agent/consul/txn_endpoint.go Co-Authored-By: R.B. Boyer <rb@hashicorp.com> Co-authored-by: R.B. Boyer <public@richardboyer.net>	5 years ago
Matt Keeler	cf27dff62f	Add some better waits to prevent CA is nil test flakes (#7171 )	5 years ago
Matt Keeler	0be862fe46	Small refactoring to move meta parsing into the switch statement (#7170 )	5 years ago
Matt Keeler	bfc03ec587	Fix a couple bugs regarding intentions with namespaces (#7169 )	5 years ago
Matt Keeler	61d8778210	Sync some feature flag support from enterprise (#7167 )	5 years ago
R.B. Boyer	d78b5008ce	various tweaks on top of the hclog work (#7165 )	5 years ago
Chris Piraino	401221de58	Allow users to configure either unstructured or JSON logging (#7130 ) * hclog Allow users to choose between unstructured and JSON logging	5 years ago
Matt Keeler	848938ad48	Output proper HTTP status codes for Txn requests that are too large (#7157 )	5 years ago
Kit Patella	0d336edb65	Add accessorID of token when ops are denied by ACL system (#7117 ) * agent: add and edit doc comments * agent: add ACL token accessorID to debugging traces * agent: polish acl debugging * agent: minor fix + string fmt over value interp * agent: undo export & fix logging field names * agent: remove note and migrate up to code review * Update agent/consul/acl.go Co-Authored-By: Matt Keeler <mkeeler@users.noreply.github.com> * agent: incorporate review feedback * Update agent/acl.go Co-Authored-By: R.B. Boyer <public@richardboyer.net> Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com> Co-authored-by: R.B. Boyer <public@richardboyer.net>	5 years ago
Anthony Scalisi	beb928f8de	fix spelling errors (#7135 )	5 years ago
hashicorp-ci	1194d2fbb7	update bindata_assetfs.go	5 years ago
Matt Keeler	c09693e545	Updates to Config Entries and Connect for Namespaces (#7116 )	5 years ago
Matt Keeler	bbc2eb1951	Add the v1/catalog/node-services/:node endpoint (#7115 ) The backing RPC already existed but the endpoint will be useful for other service syncing processes such as consul-k8s as this endpoint can return all services registered with a node regardless of namespacing.	5 years ago
Chris Piraino	59f1462801	Fix segfault when removing both a service and associated check (#7108 ) * Fix segfault when removing both a service and associated check updateSyncState creates entries in the services and checks maps for remote services/checks that are not found locally, so that we can then make sure to delete them in our reconciliation process. However, the values added to the map are missing key fields that the rest of the code expects to not be nil. * Add comment stating Check field can be nil	5 years ago
R.B. Boyer	0f44bcd3d8	agent: default the primary_datacenter to the datacenter if not configured (#7111 ) Something similar already happens inside of the server (agent/consul/server.go) but by doing it in the general config parsing for the agent we can have agent-level code rely on the PrimaryDatacenter field, too.	5 years ago
Hans Hasselberg	7d6ea82527	raft: increase raft notify buffer. (#6863 ) * Increase raft notify buffer. Fixes https://github.com/hashicorp/consul/issues/6852. Increasing the buffer helps recovering from leader flapping. It lowers the chances of the flapping leader to get into a deadlock situation like described in #6852.	5 years ago
Hans Hasselberg	11a571de95	agent: setup grpc server with auto_encrypt certs and add -https-port (#7086 ) * setup grpc server with TLS config used across consul. * add -https-port flag	5 years ago
Hans Hasselberg	82c556d1be	connect: use correct subject key id for leaf certificates. (#7091 )	5 years ago
R.B. Boyer	c91d0fa2c9	make TestCatalogNodes_Blocking less flaky (#7074 ) - Explicitly wait to start the test until the initial AE sync of the node. - Run the blocking query in the main goroutine to cut down on possible poor goroutine scheduling issues being to blame for delays. - If the blocking query is woken up with no index change, rerun the query. This may happen if the CI server is loaded and time dilation is happening.	5 years ago
R.B. Boyer	e2eb9f0585	test: ensure we don't ask vault to sign a leaf that outlives its CA when acting as a secondary (#7100 )	5 years ago
Hans Hasselberg	f0fc9aea7f	tests: fix autopilot test (#7092 )	5 years ago
Aestek	8fc736038a	agent: remove service sidecars in Agent.cleanupRegistration (#7022 ) Sidecar proxies were left behind when cleaning up after an unsuccessful registration. There are now also removed when the service is cleanup up.	5 years ago
Hans Hasselberg	9c1361c02b	raft: update raft to v1.1.2 (#7079 ) * update raft * use hclogger for raft.	5 years ago
Hans Hasselberg	804eb17094	connect: check if intermediate cert needs to be renewed. (#6835 ) Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates. This PR adds a check that renews the cert if it is half way through its validity period. In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests.	5 years ago
Hans Hasselberg	87f32c8ba6	auto_encrypt: set dns and ip san for k8s and provide configuration (#6944 ) * Add CreateCSRWithSAN * Use CreateCSRWithSAN in auto_encrypt and cache * Copy DNSNames and IPAddresses to cert * Verify auto_encrypt.sign returns cert with SAN * provide configuration options for auto_encrypt dnssan and ipsan * rename CreateCSRWithSAN to CreateCSR	5 years ago
Aestek	ba8fd8296f	Add support for dual stack IPv4/IPv6 network (#6640 ) * Use consts for well known tagged adress keys * Add ipv4 and ipv6 tagged addresses for node lan and wan * Add ipv4 and ipv6 tagged addresses for service lan and wan * Use IPv4 and IPv6 address in DNS	5 years ago
Aestek	5dc8875bd3	agent: do not deregister service checks twice (#6168 ) Deregistering a service from the catalog automatically deregisters its checks, however the agent still performs a deregister call for each service checks even after the service has been deregistered. With ACLs enabled this results in logs like: "message:consul: "Catalog.Deregister" RPC failed to server server_ip:8300: rpc error making call: rpc error making call: Unknown check 'check_id'" This change removes associated checks from the agent state when deregistering a service, which results in less calls to the servers and supresses the error logs.	5 years ago
Matej Urbas	ce023359fe	agent: configurable MaxQueryTime and DefaultQueryTime. (#3777 )	5 years ago
Freddy	e635b24215	Update force-leave ACL requirement to operator:write (#7033 )	5 years ago
Matt Keeler	663cf1e9a8	AuthMethod updates to support alternate namespace logins (#7029 )	5 years ago
Matt Keeler	8bd34e126f	Intentions ACL enforcement updates (#7028 ) * Renamed structs.IntentionWildcard to structs.WildcardSpecifier * Refactor ACL Config Get rid of remnants of enterprise only renaming. Add a WildcardName field for specifying what string should be used to indicate a wildcard. * Add wildcard support in the ACL package For read operations they can call anyAllowed to determine if any read access to the given resource would be granted. For write operations they can call allAllowed to ensure that write access is granted to everything. * Make v1/agent/connect/authorize namespace aware * Update intention ACL enforcement This also changes how intention:read is granted. Before the Intention.List RPC would allow viewing an intention if the token had intention:read on the destination. However Intention.Match allowed viewing if access was allowed for either the source or dest side. Now Intention.List and Intention.Get fall in line with Intention.Matches previous behavior. Due to this being done a few different places ACL enforcement for a singular intention is now done with the CanRead and CanWrite methods on the intention itself. * Refactor Intention.Apply to make things easier to follow.	5 years ago
Pierre Souchay	3bf2e640c7	rpc: log method when a server/server RPC call fails (#4548 ) Sometimes, we have lots of errors in cross calls between DCs (several hundreds / sec) Enrich the log in order to help diagnose the root cause of issue.	5 years ago
Matt Keeler	27f49eede9	Move where the service-resolver watch is done so that it happen… (#7025 ) Before we were issuing 1 watch for every service in the services listing which would have caused the agent to process many more identical events simultaneously.	5 years ago
R.B. Boyer	10f04a8c4a	connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011 )	5 years ago
R.B. Boyer	50c879923c	connect: ensure that updates to the secondary root CA configuration use the correct signing key ID values for comparison (#7012 ) Fixes #6886	5 years ago
Matt Keeler	fa2003d7cb	Move Session.CheckIDs into OSS only code. (#6993 )	5 years ago
hashicorp-ci	5e45e3470b	update bindata_assetfs.go	5 years ago
R.B. Boyer	abb1603a86	Restore a few more service-kind index updates so blocking in ServiceDump works in more cases (#6948 ) Restore a few more service-kind index updates so blocking in ServiceDump works in more cases Namely one omission was that check updates for dumped services were not unblocking. Also adds a ServiceDump state store test and also fix a watch bug with the normal dump. Follow-on from #6916	5 years ago

1 2 3 4 5 ...

1890 Commits (1.6.2)