Commit Graph

746 Commits (api-gw-docs-broken-link)

Author SHA1 Message Date
Mark Anderson 751fe7e314 Fixup more structs_test
4 years ago
Mark Anderson 4d0346bc46 Fixup filtering tests
4 years ago
Daniel Nephin 347f3d2128
Merge pull request #10155 from hashicorp/dnephin/config-entry-remove-fields
4 years ago
Daniel Nephin c8c85523e1 config-entries: add a test for the API client
4 years ago
Mark Anderson 8040f91a43 Add support for downstreams
4 years ago
Mark Anderson 583ae65d5b Convert mode to string representation
4 years ago
Mark Anderson 06f0f79218 Continue working through proxy and agent
4 years ago
Mark Anderson 8b1217417a First changes for unix domain sockets upstreams
4 years ago
Freddy ed1082510d
Fixup discovery chain handling in transparent mode (#10168)
4 years ago
Daniel Nephin a07a58a873 config-entry: use custom MarshalJSON for mesh type
4 years ago
Daniel Nephin 62efaaab21 config-entry: remove Kind and Name field from Mesh config entry
4 years ago
Freddy 701b49f772
Rename cluster config files to mesh as well (#10148)
4 years ago
Freddy 078c40425f
Rename "cluster" config entry to "mesh" (#10127)
4 years ago
Daniel Nephin 2e4dc7b705
Merge pull request #10045 from hashicorp/dnephin/state-proxy-defaults
4 years ago
Freddy f265dd635f
Disallow * as service-defaults name (#10069)
4 years ago
R.B. Boyer 70f1ba3a2b
fix test when run in enterprise (#10048)
4 years ago
freddygv a0f3591aee Don't panic on nil UpstreamConfiguration.Clone()
4 years ago
Daniel Nephin b57b3726d2 state: remove unnecessary kind index
4 years ago
Freddy 3be304be16
Merge pull request #10016 from hashicorp/topology-update
4 years ago
Freddy 439a7fce2d
Split Upstream.Identifier() so non-empty namespace is always prepended in ent (#10031)
4 years ago
R.B. Boyer 4db8b78854
connect: update centralized upstreams representation in service-defaults (#10015)
4 years ago
Matt Keeler bbf5993534
Move static token resolution into the ACLResolver (#10013)
4 years ago
freddygv 8e74eaa684 Update viz endpoint to include topology from intentions
4 years ago
freddygv e1808af729 Fixup tests
4 years ago
freddygv 7cb3f32672 Convert new tproxy structs in api module into ptrs
4 years ago
Freddy 8fc60a6ca6
Merge pull request #10000 from hashicorp/remove-upstream-cfg-validation
4 years ago
freddygv 932fbddd27 Augment intention decision summary with DefaultAllow mode
4 years ago
freddygv b8ed82b808 Fixup bexpr filtering
4 years ago
freddygv d7c43049fa Remove zero-value validation of upstream cfg structs
4 years ago
freddygv 7bd51ff536 Replace TransparentProxy bool with ProxyMode
4 years ago
freddygv 98ba582797 Fixup mesh gateway docs
4 years ago
Tara Tufano 9deb52e868
add http2 ping health checks (#8431)
4 years ago
freddygv b21224a4c8 PR comments
4 years ago
freddygv ab752c1c86 Avoid sending zero-value upstream defaults from api
4 years ago
freddygv 986bcccbea Pass down upstream defaults to client proxies
4 years ago
freddygv 77ead5cca9 Prevent wildcard destinations for proxies and upstreams
4 years ago
freddygv 458eb41be1 Prevent synthetic upstreams without addresses from failing duplicate ip/port validation
4 years ago
R.B. Boyer d4c401b350
missed build tag on this file (#9974)
4 years ago
R.B. Boyer 499fee73b3
connect: add toggle to globally disable wildcard outbound network access when transparent proxy is enabled (#9973)
4 years ago
Daniel Nephin d879fe581d state: Move UpstreamDownstream to state package
4 years ago
Daniel Nephin 65f5b99247 state: add tests for mesh-topology table indexers
4 years ago
Freddy 1c13aa23f1
Merge pull request #9900 from hashicorp/ent-fixes
4 years ago
Freddy 0bab999fe4
Merge pull request #9899 from hashicorp/wildcard-ixn-oss
4 years ago
freddygv 098b9af901 Fixup enterprise tests from tproxy changes
4 years ago
freddygv 9713e3ba38 Add methods to check intention has wildcard src or dst
4 years ago
freddygv 52bf00de8b Split up normalizing from defaulting values for upstream cfg
4 years ago
freddygv f4f45af6d0 Merge master and fix upstream config protocol defaulting
4 years ago
Freddy 8207b832df
Add TransparentProxy option to proxy definitions
4 years ago
Freddy c664938bae
Add per-upstream configuration to service-defaults
4 years ago
freddygv a54d6a9010 Update proxycfg for transparent proxy
4 years ago
Daniel Nephin 9f03e23e44
Merge pull request #9881 from hashicorp/dnephin/state-index-service-check-nodes
4 years ago
Daniel Nephin bd6332ae25
Merge pull request #9863 from hashicorp/dnephin/config-entry-kind-name
4 years ago
Christopher Broglie f0307c73e5 Add support for configuring TLS ServerName for health checks
4 years ago
Daniel Nephin 34eb6c01ff state: convert services.node and checks.node indexes
4 years ago
freddygv 4bdbcff9c0 Fixup upstream test
4 years ago
freddygv 6090cfcf68 PR comments
4 years ago
freddygv 7df846aa24 Pass MeshGateway config in service config request
4 years ago
freddygv 8b46d8dcbb Restore old Envoy prefix on escape hatches
4 years ago
freddygv 93c3c1780d Only lowercase the protocol when normalizing
4 years ago
freddygv 41b2ba1e58 Add omitempty across the board for UpstreamConfig
4 years ago
freddygv 756ab4c546 Fixup protobufs and tests
4 years ago
freddygv df1f3995f8 Update service manager to store centrally configured upstreams
4 years ago
freddygv 6fd30d0384 Add TransparentProxy opt to proxy definition
4 years ago
freddygv 306ef7d252 Restore old escape hatch alias
4 years ago
freddygv e3dc2a49df Turn Limits and PassiveHealthChecks into pointers
4 years ago
freddygv acec711a6a Update server-side config resolution and client-side merging
4 years ago
freddygv 1710ec87d2 finish moving UpstreamConfig and related fields to structs pkg
4 years ago
Daniel Nephin b06b3dd8f8 state: move ConfigEntryKindName
4 years ago
Daniel Nephin 71b0f0a7a6 structs: remove EnterpriseMeta.GetNamespace
4 years ago
freddygv 87cde19b4c Create new types for service-defaults upstream cfg
4 years ago
Daniel Nephin 5c8a6311b6
Merge pull request #9703 from pierresouchay/streaming_tags_and_case_insensitive
4 years ago
John Cowen 5892e75452
ui: Remove any trailing fullstop/period DNS characters from Gateways UI API (#9752)
4 years ago
Mark Anderson b9d22f48cd
Add fields to the /acl/auth-methods endpoint. (#9741)
4 years ago
Daniel Nephin d1772ae305 structs: rename EnterpriseMeta constructor
4 years ago
Pierre Souchay 6f91085869 Use lower case for serviceName computation of cache keys
4 years ago
R.B. Boyer 03790a1f91
server: add OSS stubs supporting validation of source namespaces in service-intentions config entries (#9527)
4 years ago
Daniel Nephin 29ce5ec575 structs: fix caching of ServiceSpecificRequest when ingress=true
4 years ago
kevinkengne 2e7e78999d
add completeness test for types with CacheInfo method (#9480)
4 years ago
Daniel Nephin 2187808803 structs: add tests for String() methods
4 years ago
Daniel Nephin d113f0e690 structs: Fix printing of IDs
4 years ago
Matt Keeler 85e5da53d5
Special case the error returned when we have a Raft leader but are not tracking it in the ServerLookup (#9487)
4 years ago
R.B. Boyer d921690bfe
acl: global tokens created by auth methods now correctly replicate to secondary datacenters (#9351)
4 years ago
Kyle Havlovitz c4eff420be
Merge pull request #9009 from hashicorp/update-secondary-ca
4 years ago
Kyle Havlovitz 0bfda4481f Add CA server delegate interface for testing
4 years ago
Kyle Havlovitz 9be7c6401c connect: update some function comments in CA manager
4 years ago
Matt Keeler 66fd23d67f
Refactor to call non-voting servers read replicas (#9191)
4 years ago
R.B. Boyer c7233ba871
server: remove config entry CAS in legacy intention API bridge code (#9151)
4 years ago
R.B. Boyer c003871c54
server: break up Intention.Apply monolithic method (#9007)
4 years ago
Matt Keeler c048e86bb2
Switch to using the external autopilot module
4 years ago
Daniel Nephin b532e092dc structs: add a namespace test for CheckServiceNode.CanRead
4 years ago
Daniel Nephin c42fe5ae43 subscribe: set the request namespace
4 years ago
Daniel Nephin a5dd2001cf stream: remove Event.Key
4 years ago
R.B. Boyer 58387fef0a
server: config entry replication now correctly uses namespaces in comparisons (#9024)
4 years ago
Freddy 9c04cbc40f
Add HasExact to topology endpoint (#9010)
4 years ago
Daniel Nephin 8b601fdcac
Merge pull request #8771 from amenzhinsky/fix-grpc-use-tls-mapping
4 years ago
s-christoff 9bb348c6c7
Enhance the output of consul snapshot inspect (#8787)
4 years ago
Freddy 13df5d5bf8
Add protocol to the topology endpoint response (#8868)
4 years ago
Daniel Nephin da6400192b
Merge pull request #8768 from hashicorp/streaming/add-subscribe-service
4 years ago
Freddy da91e999f6
Return intention info in svc topology endpoint (#8853)
4 years ago
Daniel Nephin 21c21191f4 structs: add CheckServiceNode.CanRead
4 years ago
R.B. Boyer 1b413b0444
connect: support defining intentions using layer 7 criteria (#8839)
4 years ago
R.B. Boyer a2a8e9c783
connect: intentions are now managed as a new config entry kind "service-intentions" (#8834)
4 years ago
R.B. Boyer 4998a08c56
server: create new memdb table for storing system metadata (#8703)
4 years ago
freddygv 413a894a1a Do not evaluate discovery chain for topology upstreams
4 years ago
freddygv cf7b7fcdd6 Single DB txn for ServiceTopology and other PR comments
4 years ago
freddygv f906b94351 Add func to combine up+downstream queries
4 years ago
freddygv b012d8374e support querying upstreams/downstreams from registrations
4 years ago
Aliaksandr Mianzhynski 74cfba7065 Fix GRPCUseTLS flag HTTP API mapping
4 years ago
freddygv 9fa1b13df9 Resolve conflicts
4 years ago
R.B. Boyer 0fb088aac3
agent: make the json/hcl decoding of ConnectProxyConfig fully work with CamelCase and snake_case (#8741)
4 years ago
Paul Banks 7d58901ae8
Fix bad int -> string conversions caught by go vet changes in 1.15 (#8739)
4 years ago
Kyle Havlovitz 35bb09f85c
Merge pull request #8646 from hashicorp/common-intermediate-ttl
4 years ago
freddygv 7fd518ff1d Merge master
4 years ago
freddygv 7b9d1b41d5 Resolve conflicts against master
4 years ago
freddygv 768dbaa68d Add session flag to cookie config
4 years ago
freddygv eab90ea9fa Revert EnvoyConfig nesting
4 years ago
Kyle Havlovitz 2f7210bde2 Move IntermediateCertTTL to common CA config
4 years ago
freddygv cd4cf5161f Update resolver defaulting
4 years ago
freddygv eaa250cc80 Ensure resolver node with LB isn't considered default
4 years ago
freddygv ef877449ce Move valid policies to pkg level
4 years ago
freddygv f81fe6a1a1 Remove LB infix and move injection to xds
4 years ago
R.B. Boyer 119e945c3e
connect: all config entries pick up a meta field (#8596)
4 years ago
R.B. Boyer d0f74cd1e8
connect: fix bug in preventing some namespaced config entry modifications (#8601)
4 years ago
freddygv 63f79e5f9b Restructure structs and other PR comments
4 years ago
freddygv 0236e169bb Add documentation for resolver LB cfg
4 years ago
freddygv 81115b6eaa Compile down LB policy to disco chain nodes
4 years ago
freddygv ff56a64b08 Add LB policy to service-resolver
4 years ago
Jack 9e1c6727f9
Add http2 and grpc support to ingress gateways (#8458)
4 years ago
R.B. Boyer 74d5df7c7a
xds: use envoy's rbac filter to handle intentions entirely within envoy (#8569)
4 years ago
Daniel Nephin 07ad662131 Fix panic when decoding 'Connect: null'
4 years ago
Hans Hasselberg a932aafc91
add primary keys to list keyring (#8522)
4 years ago
R.B. Boyer e3cd4a8539
connect: use stronger validation that ingress gateways have compatible protocols defined for their upstreams (#8470)
4 years ago
Kyle Havlovitz c39a275666 fsm: Fix snapshot bug with restoring node/service/check indexes
4 years ago
freddygv aa6c59dbfc end to end changes to pass gatewayservices to /ui/services/
4 years ago
Matt Keeler 2ee9fe0a4d
Move generation of the CA Configuration from the agent code into a method on the RuntimeConfig (#8363)
4 years ago
Matt Keeler 2713c0e682
Refactor the agentpb package (#8362)
4 years ago
Daniel Nephin 5d36f98710 agent/consul: Add support for NotModified to two endpoints
4 years ago
Yury Evtikhov 10361dd210 DNS: add IsErrQueryNotFound function for easier error evaluation
4 years ago
Yury Evtikhov 8d18422f19 DNS: fix agent returning SERVFAIL where NXDOMAIN should be returned
4 years ago
R.B. Boyer 462f0f37ed
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194)
5 years ago
Freddy 10d6e9c458
Split up unused key validation for oss/ent (#8189)
5 years ago
Chris Piraino df48db0abd
Merge pull request #7932 from hashicorp/ingress/internal-ui-endpoint-multiple-ports
5 years ago
Chris Piraino f213d3592a remove obsolete comments about test parallelization
5 years ago
Chris Piraino b3db907bdf Update gateway-services-nodes API endpoint to allow multiple addresses
5 years ago
freddygv c791fbc79c Update namespaces subject-verb agreement
5 years ago
freddygv 044d027ff8 Remove break
5 years ago
freddygv 70810b0602 Let users know namespaces are ent only in config entry decode
5 years ago
Daniel Nephin 068b43df90 Enable gofmt simplify
5 years ago
Matt Keeler d3881dd754
ACL Node Identities (#7970)
5 years ago
freddygv cd927eed5e Remove unused method and fixup docs ref
5 years ago
freddygv 19e3954603 Move compound service names to use ServiceName type
5 years ago
Chris Piraino 6fa48c9512
Allow users to set hosts to the wildcard specifier when TLS is disabled (#8083)
5 years ago
Chris Piraino 496e683360
Merge pull request #8064 from hashicorp/ingress/health-query-param
5 years ago
Chris Piraino c1d329c5dd Remove TODO note about ingress API, it is done!
5 years ago
Daniel Nephin 08f1ed16b4
Merge pull request #7900 from hashicorp/dnephin/add-linter-staticcheck-2
5 years ago
Hans Hasselberg 242994a016
acl: do not resolve local tokens from remote dcs (#8068)
5 years ago
Daniel Nephin c66c533d73
Merge pull request #7964 from hashicorp/dnephin/remove-patch-slice-of-maps-forward-compat
5 years ago
Daniel Nephin 75cbbe2702 config: add HookWeakDecodeFromSlice
5 years ago
Hans Hasselberg 98eea08d3b
Tokens converted from legacy ACLs get their Hash computed (#8047)
5 years ago
Daniel Nephin ce6cc094a1 intentions: fix a bug in Intention.SetHash
5 years ago
Daniel Nephin 99eb583ebc
Replace goe/verify.Values with testify/require.Equal (#7993)
5 years ago
R.B. Boyer 833211c14c
acl: allow auth methods created in the primary datacenter to optionally create global tokens (#7899)
5 years ago
Jono Sosulska c554ba9e10
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
5 years ago
Daniel Nephin c88fae0aac ci: Add staticcheck and fix most errors
5 years ago
Daniel Nephin 4f2bff174d
Merge pull request #7963 from hashicorp/dnephin/replace-lib-translate-keys
5 years ago
Daniel Nephin 6a2d7d77c0 config: use the new HookTranslateKeys instead of lib.TranslateKeys
5 years ago
Daniel Nephin 8ced4300c8 Add alias struct tags for new decode hook
5 years ago
R.B. Boyer 77f2e54618
create lib/stringslice package (#7934)
5 years ago
Daniel Nephin 600645b5f9 Add unconvert linter
5 years ago
Daniel Nephin 47238a693d
Merge pull request #7819 from hashicorp/dnephin/remove-t.Parallel-1
5 years ago
Freddy b3ec383d04
Gateway Services Nodes UI Endpoint (#7685)
5 years ago
Kyle Havlovitz 136549205c
Merge pull request #7759 from hashicorp/ingress/tls-hosts
5 years ago
Kyle Havlovitz 8d140ce9af Disallow the blanket wildcard prefix from being used as custom host
5 years ago
Daniel Nephin e60bb9f102 test: Remove t.Parallel() from agent/structs tests
5 years ago
Freddy c32a4f1ece
Fix up enterprise compatibility for gateways (#7813)
5 years ago
Chris Piraino 0c22eacca8 Add TLS field to ingress API structs
5 years ago
Chris Piraino 0b9ba9660d Validate hosts input in ingress gateway config entry
5 years ago
Kyle Havlovitz f14c54e25e Add TLS option and DNS SAN support to ingress config
5 years ago
Chris Piraino d8517bd6fd Better document wildcard specifier interactions
5 years ago
Kyle Havlovitz f9672f9bf1 Make sure IngressHosts isn't parsed during JSON decode
5 years ago
Chris Piraino f40833d094 Allow Hosts field to be set on an ingress config entry
5 years ago
Chris Piraino b73a13fc9e Remove service_subset field from ingress config entry
5 years ago
Kyle Havlovitz 247f9eaf13 Allow ingress gateways to route traffic based on Host header
5 years ago
R.B. Boyer a854e4d9c5
acl: oss plumbing to support auth method namespace rules in enterprise (#7794)
5 years ago
R.B. Boyer 22eb016153
acl: add MaxTokenTTL field to auth methods (#7779)
5 years ago
R.B. Boyer ca52ba7068
acl: add DisplayName field to auth methods (#7769)
5 years ago
R.B. Boyer b282268408
sdk: extracting testutil.RequireErrorContains from various places it was duplicated (#7753)
5 years ago
Freddy 137a2c32c6
TLS Origination for Terminating Gateways (#7671)
5 years ago
freddygv 915db10903 Avoid deleting mappings for services linked to other gateways on dereg
5 years ago
freddygv c9385129ae Require service:read to read terminating-gateway config
5 years ago
Chris Piraino 115d2d5db5
Expect default enterprise metadata in gateway tests (#7664)
5 years ago
Kyle Havlovitz e9e8c0e730
Ingress Gateways for TCP services (#7509)
5 years ago
Daniel Nephin f46d1b5c94 agent/structs: Remove ServiceID.Init and CheckID.Init
5 years ago
Freddy 9eb1867fbb
Terminating gateway discovery (#7571)
5 years ago
Freddy aae14b3951
Add decode rules for Expose cfg in service-defaults (#7611)
5 years ago
Matt Keeler 0e7d3d93b3
Enable filtering language support for the v1/connect/intentions… (#7593)
5 years ago
Freddy 90576060bc
Add config entry for terminating gateways (#7545)
5 years ago
Kyle Havlovitz c911174327
Add config entry/state for Ingress Gateways (#7483)
5 years ago
Freddy 18d356899c
Enable CLI to register terminating gateways (#7500)
5 years ago
Alejandro Baez bafa69bb69
Add PolicyReadByName for API (#6615)
5 years ago
R.B. Boyer 85a08bf8ed
server: strip local ACL tokens from RPCs during forwarding if crossing datacenters (#7419)
5 years ago
R.B. Boyer 6adad71125
wan federation via mesh gateways (#6884)
5 years ago
Matt Keeler 7584dfe8c8 Fix session backwards incompatibility with 1.6.x and earlier.
5 years ago
Matt Keeler e231d62bc9
Make the config entry and leaf cert cache types ns aware (#7256)
5 years ago
Hans Hasselberg 6739fe6e83
connect: add validations around intermediate cert ttl (#7213)
5 years ago
Akshay Ganeshen 8beb716414
feat: support sending body in HTTP checks (#6602)
5 years ago
Matt Keeler d0cd092e3b
Catalog + Namespace OSS changes. (#7219)
5 years ago
R.B. Boyer 8c596953b0
agent: ensure that we always use the same settings for msgpack (#7245)
5 years ago
Matt Keeler 9e5fd7f925
OSS Changes for various config entry namespacing bugs (#7226)
5 years ago
Matt Keeler dfb0177dbc
Testing updates to support namespaced testing of the agent/xds… (#7185)
5 years ago
Matt Keeler 6855a778c2
Updates to the Txn API for namespaces (#7172)
5 years ago
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130)
5 years ago
Matt Keeler c09693e545
Updates to Config Entries and Connect for Namespaces (#7116)
5 years ago
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
5 years ago
Aestek ba8fd8296f Add support for dual stack IPv4/IPv6 network (#6640)
5 years ago
Matt Keeler 663cf1e9a8
AuthMethod updates to support alternate namespace logins (#7029)
5 years ago
Matt Keeler 8bd34e126f
Intentions ACL enforcement updates (#7028)
5 years ago
R.B. Boyer 10f04a8c4a connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011)
5 years ago
Matt Keeler fa2003d7cb
Move Session.CheckIDs into OSS only code. (#6993)
5 years ago
Matt Keeler a78f7d7a34
OSS changes for implementing token based namespace inferencing
5 years ago
Matt Keeler 80d13d500b
Miscellaneous acl package cleanup
5 years ago
Matt Keeler 0b346616e9
Rename EnterpriseAuthorizerContext -> AuthorizerContext
5 years ago
Matt Keeler 5934f803bf
Sync of OSS changes to support namespaces (#6909)
5 years ago
rerorero 34649b8820 [ci] fix: go-fmt fails on master branch (#6906)
5 years ago
Matt Keeler 2343413bf0
Fix the TestAPI_CatalogRegistration test
5 years ago
Matt Keeler 8f0ab0129e
Miscellaneous Fixes (#6896)
5 years ago
Matt Keeler a704ebe639
Add Namespace support to the API module and the CLI commands (#6874)
5 years ago
Matt Keeler deb91f3d3c
[Feature] API: Add a internal endpoint to query for ACL authori… (#6888)
5 years ago
Matt Keeler b069d6777b
OSS KV Modifications to Support Namespaces
5 years ago
Matt Keeler 7b471f6bf8
OSS Modifications necessary for sessions namespacing
5 years ago
Paul Banks cd1b613352
connect: Add AWS PCA provider (#6795)
5 years ago
Paul Banks b621910618
Support Connect CAs that can't cross sign (#6726)
5 years ago
Paul Banks 45d57ca601
connect: Allow CA Providers to store small amount of state (#6751)
5 years ago
Matt Keeler ab5a05f71d
Fix type name (#6728)
5 years ago
Matt Keeler 825e19bc5f
Add DirEntry method to fill enterprise authz context
5 years ago
Paul Banks 87699eca2f
Fix support for RSA CA keys in Connect. (#6638)
5 years ago
Matt Keeler 5d687ce6a9
Fix the Synthetic Policy Tests (#6715)
5 years ago
Sarah Adams 78ad8203a4
Use encoding/json as JSON decoder instead of mapstructure (#6680)
5 years ago
Matt Keeler 79f78632e1
Update the ACL Resolver to allow for Consul Enterprise specific hooks. (#6687)
5 years ago
Matt Keeler e4ea9b0a96
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675)
5 years ago
Freddy 60f6ec0c2f
Store check type in catalog (#6561)
5 years ago
Matt Keeler 973341a592
ACL Authorizer overhaul (#6620)
5 years ago
PHBourquin 039615641e Checks to passing/critical only after reaching a consecutive success/failure threshold (#5739)
5 years ago
R.B. Boyer c4b92d5534
connect: connect CA Roots in secondary datacenters should use a SigningKeyID derived from their local intermediate (#6513)
5 years ago
Matt Keeler 76cf54068b
Expand the QueryOptions and QueryMeta interfaces (#6545)
5 years ago
Freddy fdd10dd8b8
Expose HTTP-based paths through Connect proxy (#6446)
5 years ago
Matt Keeler 51dcd126b7
Add support for implementing new requests with protobufs instea… (#6502)
5 years ago
Pierre Souchay be50400c62 Distinguish between DC not existing and not being available (#6399)
5 years ago
R.B. Boyer fd1c62ee8b
connect: ensure time.Duration fields retain their human readable forms in the API (#6348)
5 years ago
R.B. Boyer 561b2fe606
connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340)
5 years ago
R.B. Boyer ae79cdab1b
connect: introduce ExternalSNI field on service-defaults (#6324)
5 years ago
R.B. Boyer 1a485011d0
connect: updating a service-defaults config entry should leave an unset protocol alone (#6342)
5 years ago
R.B. Boyer 3975cb89bf
agent: blocking central config RPCs iterations should not interfere with each other (#6316)
5 years ago
hashicorp-ci 5919c7c184 Merge Consul OSS branch 'master' at commit 8f7586b339
5 years ago
Sarah Adams 8ff1f481fe
add flag to allow /operator/keyring requests to only hit local servers (#6279)
5 years ago
Mike Morris 65be58703c
connect: remove managed proxies (#6220)
5 years ago
R.B. Boyer 8e22d80e35
connect: fix failover through a mesh gateway to a remote datacenter (#6259)
5 years ago
R.B. Boyer c395affc93
connect: expose an API endpoint to compile the discovery chain (#6248)
5 years ago
R.B. Boyer dcb609af83
connect: detect and prevent circular discovery chain references (#6246)
5 years ago
R.B. Boyer f02924fafe
connect: simplify the compiled discovery chain data structures (#6242)
5 years ago
R.B. Boyer 6393edba53
connect: reconcile how upstream configuration works with discovery chains (#6225)
5 years ago
R.B. Boyer 8564b6bb38
connect: validate upstreams and prevent duplicates (#6224)
5 years ago
Paul Banks e87cef2bb8 Revert "connect: support AWS PCA as a CA provider" (#6251)
5 years ago
Todd Radel 3497b7c00d
connect: support AWS PCA as a CA provider (#6189)
5 years ago
Todd Radel 2552f4a11a
connect: Support RSA keys in addition to ECDSA (#6055)
5 years ago
R.B. Boyer c6c4a2251a Merge Consul OSS branch master at commit b3541c4f34
5 years ago
Jeff Mitchell 94c73d0c92 Chunking support (#6172)
5 years ago
Matt Keeler 3053342198
Envoy Mesh Gateway integration tests (#6187)
5 years ago
R.B. Boyer ad9e7b6ae9
connect: allow L7 routers to match on http methods (#6164)
5 years ago
R.B. Boyer 85cf2706e6
connect: change router syntax for matching query parameters to resemble the syntax for matching paths and headers for consistency. (#6163)
5 years ago
R.B. Boyer 1dbd92e091
connect: validate and test more of the L7 config entries (#6156)
5 years ago
R.B. Boyer e039dfd7f8
connect: rework how the service resolver subset OnlyPassing flag works (#6173)
5 years ago
Matt Keeler d7fe8befa9
Update go-bexpr (#6190)
5 years ago
Matt Keeler 4728329aeb
Various Gateway Fixes (#6093)
5 years ago
R.B. Boyer bcd2de3a2e
implement some missing service-router features and add more xDS testing (#6065)
5 years ago
R.B. Boyer 9138a97054
Fix bug in service-resolver redirects if the destination uses a default resolver. (#6122)
5 years ago
R.B. Boyer 67a36e3452
handle structs.ConfigEntry decoding similarly to api.ConfigEntry decoding (#6106)
5 years ago
Matt Keeler 6e65811db2
Envoy CLI bind addresses (#6107)
5 years ago
Matt Keeler 3eb3ee5a15
Merge pull request #6053 from hashicorp/gateways_and_resolvers
6 years ago
R.B. Boyer 43770b9391
digest the proxy-defaults protocol into the graph (#6050)
6 years ago
Matt Keeler 3b6d5e382a Implement caching for config entry lists
6 years ago
R.B. Boyer 4bdb690a25
activate most discovery chain features in xDS for envoy (#6024)
6 years ago
Matt Keeler bdebe62fd0
Fix some tests that I broke when refactoring the ConfigSnapshot (#6051)
6 years ago
Matt Keeler 8d953f5840 Implement Mesh Gateways
6 years ago
Matt Keeler 4bc1277315 Include a content hash of the intention for use during replication
6 years ago
Matt Keeler 3943e38133 Implement Kind based ServiceDump and caching of the ServiceDump RPC
6 years ago
R.B. Boyer 2ad516aeaf
do some initial config entry graph validation during writes (#6047)
6 years ago
hashicorp-ci 43bda6fb76 Merge Consul OSS branch 'master' at commit e91f73f592
6 years ago
Hans Hasselberg 33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597)
6 years ago
R.B. Boyer 6a52f9f9fb
initial version of L7 config entry compiler (#5994)
6 years ago
R.B. Boyer ceef44bbc9
adding new config entries for L7 discovery chain (unused) (#5987)
6 years ago
hashicorp-ci f4304e2e5b Merge Consul OSS branch 'master' at commit 4eb73973b6
6 years ago
Pierre Souchay 0e907f5aa8 Support for maximum size for Output of checks (#5233)
6 years ago
Matt Keeler 43c5ba0304
New Cache Types (#5995)
6 years ago
Aestek b839f52195 kv: do not trigger watches when setting the same value (#5885)
6 years ago
Matt Keeler f3d9b999ee
Add tagged addresses for services (#5965)
6 years ago
R.B. Boyer 40336fd353
agent: fix several data races and bugs related to node-local alias checks (#5876)
6 years ago
R.B. Boyer 20eefeea11
acl: a role binding rule for a role that does not exist should be ignored (#5778)
6 years ago
R.B. Boyer b4371bcccd
acl: enforce that you cannot persist tokens and roles with missing links except during replication (#5779)
6 years ago
Matt Keeler 42d32db817
Fix ConfigEntryResponse binary marshaller and ensure we watch the chan in ConfigEntry.Get even when no entry exists. (#5773)
6 years ago