Commit Graph

996 Commits (070c91cb23c3e78b97952083faf86e32a76c7037)

Author SHA1 Message Date
Mitchell Hashimoto 1cfb0f1922
agent/cache: initial kind-of working cache
7 years ago
Kyle Havlovitz 33418afd3c
Add cross-signing mechanism to root rotation
7 years ago
Kyle Havlovitz d83fbfc766
Add the root rotation mechanism to the CA config endpoint
7 years ago
Kyle Havlovitz f9d92d795e
Have the built in CA store its state in raft
7 years ago
Kyle Havlovitz 30c1973e8b
Fix the testing endpoint's root set op
7 years ago
Kyle Havlovitz 75f62e3117
Update the CA config endpoint to enable GETs
7 years ago
Kyle Havlovitz ab737ef0f8
Hook the CA RPC endpoint into the provider interface
7 years ago
Kyle Havlovitz 1f6501895f
Add CA bootstrapping on establishing leadership
7 years ago
Kyle Havlovitz 682f105c7c
Add the bootstrap config for the CA
7 years ago
Kyle Havlovitz 9fc33d2a62
Add the CA provider interface and built-in provider
7 years ago
Kyle Havlovitz 1787f88618
Add CA config set to fsm operations
7 years ago
Kyle Havlovitz 6b3416e480
Add the Connect CA config to the state store
7 years ago
Paul Banks 36dbd878c9
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
7 years ago
Paul Banks 730da74369
Fix various test failures and vet warnings.
7 years ago
Paul Banks 1e72ad66f5
Refactor localBlockingQuery to use memdb.WatchSet. Much simpler and correct as a bonus!
7 years ago
Paul Banks 8d09381b96
Super ugly hack to get TeamCity build to work for this PR without adding a vendor that is being added elsewhere and will conflict...
7 years ago
Paul Banks d73f079d0f
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test.
7 years ago
Paul Banks 2a69663448
Agent Connect Proxy config endpoint with hash-based blocking
7 years ago
Paul Banks 3e3f0e1f31
HTTP agent registration allows proxy to be defined.
7 years ago
Paul Banks e6071051cf
Added connect proxy config and local agent state setup on boot.
7 years ago
Paul Banks 88541bba17
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works.
7 years ago
Paul Banks ed9f07c361
Allow duplicate source or destination, but enforce uniqueness across all four.
7 years ago
Paul Banks 10db79c8ae
Rework connect/proxy and command/connect/proxy. End to end demo working again
7 years ago
Paul Banks 26e65f6bfd
connect.Service based implementation after review feedback.
7 years ago
Mitchell Hashimoto 95da20ffd7
agent: rename authorize param ClientID to ClientCertURI
7 years ago
Mitchell Hashimoto 6e57233913
agent: add TODO for verification
7 years ago
Mitchell Hashimoto 5a47a53c70
acl: IntentionDefault => IntentionDefaultAllow
7 years ago
Mitchell Hashimoto ac72a0c5fd
agent: ACL checks for authorize, default behavior
7 years ago
Mitchell Hashimoto 6dc2db94ea
agent/structs: String format for Intention, used for logging
7 years ago
Mitchell Hashimoto fb7bccc690
agent: bolster commenting for clearer understandability
7 years ago
Mitchell Hashimoto 9a987d6452
agent: default deny on connect authorize endpoint
7 years ago
Mitchell Hashimoto 86a8ce45b9
agent: /v1/agent/connect/authorize is functional, with tests
7 years ago
Mitchell Hashimoto 3ef0b93159
agent/connect: Authorize for CertURI
7 years ago
Mitchell Hashimoto 70d1d5bf06
agent: get rid of method checks since they're done in the http layer
7 years ago
Paul Banks 9309422fd9
Add Connect agent, catalog and health endpoints to api Client
7 years ago
Mitchell Hashimoto 845f7cd8ad
agent/consul/state: ensure exactly one active CA exists when setting
7 years ago
Mitchell Hashimoto ffe4cdfc15
agent/connect: support any values in the URL
7 years ago
Mitchell Hashimoto 75bf0e1638
agent/connect: support SpiffeIDSigning
7 years ago
Mitchell Hashimoto 17ca8ad083
agent/connect: rename SpiffeID to CertURI
7 years ago
Mitchell Hashimoto 0cbcb07d61
agent/connect: use proper keyusage fields for CA and leaf
7 years ago
Mitchell Hashimoto 73442ada5a
agent/connect: address PR feedback for the CA.go file
7 years ago
Mitchell Hashimoto d28ee70a56
agent: implement an always-200 authorize endpoint
7 years ago
Mitchell Hashimoto a54d1af421
agent/consul: encode issued cert serial number as hex encoded
7 years ago
Mitchell Hashimoto 4210003c86
agent/structs: hide some fields from JSON
7 years ago
Mitchell Hashimoto 63d674d07d
agent: /v1/connect/ca/configuration PUT for setting configuration
7 years ago
Mitchell Hashimoto 1c3dbc83ff
agent/consul/fsm,state: snapshot/restore for CA roots
7 years ago
Mitchell Hashimoto 90f423fd02
agent/consul/fsm,state: tests for CA root related changes
7 years ago
Mitchell Hashimoto 1c72639d60
agent/consul: set more fields on the issued cert
7 years ago
Mitchell Hashimoto c2588262b7
agent: /v1/connect/ca/leaf/:service_id
7 years ago
Mitchell Hashimoto 571d9aa785
agent: CA root HTTP endpoints
7 years ago
Mitchell Hashimoto e40afd6a73
agent/consul: CAS operations for setting the CA root
7 years ago
Mitchell Hashimoto 578db06600
agent/consul: tests for CA endpoints
7 years ago
Mitchell Hashimoto 891cd22ad9
agent/consul: key the public key of the CSR, verify in test
7 years ago
Mitchell Hashimoto d768d5e9a7
agent/consul: test for ConnectCA.Sign
7 years ago
Mitchell Hashimoto f4ec28bfe3
agent/consul: basic sign endpoint not tested yet
7 years ago
Mitchell Hashimoto 548ce190d5
agent/connect: package for agent-related Connect, parse SPIFFE IDs
7 years ago
Mitchell Hashimoto 6d294b6bb4
agent/structs: json omit QueryMeta
7 years ago
Mitchell Hashimoto e7536e5485
agent: /v1/connect/ca/roots
7 years ago
Mitchell Hashimoto 5a950190f3
agent/consul: RPC endpoints to list roots
7 years ago
Mitchell Hashimoto 130098b7b5
agent/consul/state: CARoot structs and initial state store
7 years ago
Mitchell Hashimoto 4d852e62a3
agent: address PR feedback
7 years ago
Mitchell Hashimoto 22a0eb6c67
agent: commenting some tests
7 years ago
Mitchell Hashimoto 6313bc5615
agent: clarified a number of comments per PR feedback
7 years ago
Mitchell Hashimoto 353953fcd2
agent/consul: Health.ServiceNodes ACL check for Connect
7 years ago
Mitchell Hashimoto b6c0cb7115
agent/consul: Catalog endpoint ACL requirements for Connect proxies
7 years ago
Mitchell Hashimoto 3b07686648
agent: remove ConnectProxyServiceName
7 years ago
Mitchell Hashimoto 2feef5f7a3
agent/consul: require name for proxies
7 years ago
Mitchell Hashimoto 714026dfb7
agent: validate service entry on register
7 years ago
Mitchell Hashimoto 125fb96ff1
agent/structs: tests for PartialClone and IsSame for proxy fields
7 years ago
Mitchell Hashimoto 9781cb1ace
agent/local: anti-entropy for connect proxy services
7 years ago
Mitchell Hashimoto 44ec8d94d2
agent: clean up connect/non-connect duplication by using shared methods
7 years ago
Mitchell Hashimoto 368137b81b
agent: /v1/health/connect/:service
7 years ago
Mitchell Hashimoto 7d79f9c46f
agent/consul: implement Health.ServiceNodes for Connect, DNS works
7 years ago
Mitchell Hashimoto 406366c45b
agent: working DNS for Connect queries, I think, but have to
7 years ago
Mitchell Hashimoto fd33b76ec2
agent: /v1/catalog/connect/:service
7 years ago
Mitchell Hashimoto e01914a025
agent/consul: Catalog.ServiceNodes supports Connect filtering
7 years ago
Mitchell Hashimoto 2062e37270
agent/consul/state: ConnectServiceNodes
7 years ago
Mitchell Hashimoto 7ed26e2c64
agent/consul: enforce ACL on ProxyDestination
7 years ago
Mitchell Hashimoto 0c0c0a58e7
agent/consul: proxy registration and tests
7 years ago
Mitchell Hashimoto 68107e9767
agent: /v1/agent/services test with connect proxies (works w/ no change)
7 years ago
Mitchell Hashimoto 4d4a8443e8
agent: test /v1/catalog/node/:node to list connect proxies
7 years ago
Mitchell Hashimoto 6e257ea51c
agent: /v1/catalog/service/:service works with proxies
7 years ago
Mitchell Hashimoto 63e4a35827
agent/consul/state: convert proxy test to testify/assert
7 years ago
Mitchell Hashimoto 21c6fc623a
agent/consul/state: service registration with proxy works
7 years ago
Mitchell Hashimoto a621afe72c
agent/consul: convert intention ACLs to testify/assert
7 years ago
Mitchell Hashimoto 9dc8aa0fb3
agent/consul,structs: add tests for ACL filter and prefix for intentions
7 years ago
Mitchell Hashimoto 5ac649af7f
agent/consul: Intention.Match ACLs
7 years ago
Mitchell Hashimoto 4d87601bf4
agent/consul: Intention.Get ACLs
7 years ago
Mitchell Hashimoto 9bbbb73734
agent/consul: Intention.Apply ACL on rename
7 years ago
Mitchell Hashimoto 01b644e213
agent/consul: tests for ACLs on Intention.Apply update/delete
7 years ago
Mitchell Hashimoto a67ff1c0dc
agent/consul: Basic ACL on Intention.Apply
7 years ago
Mitchell Hashimoto 0719ff6905
agent: convert all intention tests to testify/assert
7 years ago
Mitchell Hashimoto 454ef7d106
agent/consul/fsm,state: snapshot/restore for intentions
7 years ago
Mitchell Hashimoto 80d068aaa4
agent: use UTC time for intention times, move empty list check to
7 years ago
Mitchell Hashimoto 370b2599a1
agent/consul/fsm: switch tests to use structs.TestIntention
7 years ago
Mitchell Hashimoto 97e2a73145
agent/consul/state: need to set Meta for intentions for tests
7 years ago
Mitchell Hashimoto ad42f42a17
agent/consul/state: remove TODO
7 years ago
Mitchell Hashimoto 70858598e4
agent: use testing intention to get valid intentions
7 years ago
Mitchell Hashimoto ab4ea3efb4
agent/consul: set default intention SourceType, validate it
7 years ago
Mitchell Hashimoto d92993f75b
agent/structs: Intention validation
7 years ago
Mitchell Hashimoto 82a50245e0
agent/consul: support intention description, meta is non-nil
7 years ago
Mitchell Hashimoto c12690b837
agent/consul/fsm: add tests for intention requests
7 years ago
Mitchell Hashimoto a9743f4f15
agent,agent/consul: set default namespaces
7 years ago
Mitchell Hashimoto 10c370c0fb
agent/consul: set CreatedAt, UpdatedAt on intentions
7 years ago
Mitchell Hashimoto d57a3ca2af
agent: GET /v1/connect/intentions/match
7 years ago
Mitchell Hashimoto 93de03fe8b
agent/consul: RPC endpoint for Intention.Match
7 years ago
Mitchell Hashimoto f93edadbbe
agent/consul/state: IntentionMatch for performing match resolution
7 years ago
Mitchell Hashimoto 377479c01a
agent/structs: IntentionPrecedenceSorter for sorting based on precedence
7 years ago
Mitchell Hashimoto dca483b4a2
agent: PUT /v1/connect/intentions/:id
7 years ago
Mitchell Hashimoto faeb583162
agent: DELETE /v1/connect/intentions/:id
7 years ago
Mitchell Hashimoto fb02e53536
agent/consul: test that Apply works to delete an intention
7 years ago
Mitchell Hashimoto 4417f37ede
agent/consul/state,fsm: support for deleting intentions
7 years ago
Mitchell Hashimoto 1b44c1befa
agent/consul: creating intention must not have ID set
7 years ago
Mitchell Hashimoto 771b1737e3
agent/consul: support updating intentions
7 years ago
Mitchell Hashimoto 0d96cdc0a5
agent: GET /v1/connect/intentions/:id
7 years ago
Mitchell Hashimoto 274bfdd864
agent: POST /v1/connect/intentions
7 years ago
Mitchell Hashimoto 5a1fb35d6e
agent: GET /v1/connect/intentions endpoint
7 years ago
Mitchell Hashimoto e8c4156f07
agent/consul: Intention.Get endpoint
7 years ago
Mitchell Hashimoto 9e307e178e
agent/consul: Intention.Apply, FSM methods, very little validation
7 years ago
Mitchell Hashimoto 212a272989
agent/consul: start Intention RPC endpoints, starting with List
7 years ago
Mitchell Hashimoto 9639bfb1be
agent/consul/state: list intentions
7 years ago
Mitchell Hashimoto cc8a6f7f15
agent/consul/state: initial work on intentions memdb table
7 years ago
Guido Iaquinti f7fe6c2a87 Attach server.Name label to client.rpc.failed
7 years ago
Guido Iaquinti 3d230dee80 Attach server.ID label to client.rpc.failed
7 years ago
Guido Iaquinti e85e63c18c Client: add metric for failed RPC calls to server
7 years ago
Matt Keeler 88a8c5e968
Merge pull request #4156 from hashicorp/enterprise-coexistence
7 years ago
Jack Pearkes aa1c993806
Merge pull request #4013 from sethvargo/sethvargo/user_agent
7 years ago
Matt Keeler 27fe219918
Merge pull request #4131 from pierresouchay/enable_full_dns_compression
7 years ago
Matt Keeler 1fbe828c35 Add RunWithConfig and put Run signature back to normal
7 years ago
Matt Keeler 53fbe2b111 Update unit tests to reflect change to func signature
7 years ago
Matt Keeler 8e0e239e42 Allow passing in a config to the watch plan to use when creating the API client
7 years ago
Pierre Souchay fa37f262eb Fixed comments for max DNS records returned as requested by @mkeeler
7 years ago
Seth Vargo accb85a6a9
Use new discover and useragent libs
7 years ago
Matt Keeler b6e9abe926 Allow for easy enterprise/oss coexistence
7 years ago
Matt Keeler 0d197c32dc Add BadRequestError handling
7 years ago
Wim 16ce8d9ed2 Add service reverse lookup tests
7 years ago
Wim d10e6d0292 Do reverse service lookup only if address doesn't match node
7 years ago
Wim 5c04864b28 Add support for reverse lookup of services
7 years ago
Pierre Souchay bb92420873 Test fix, trying to pass Travis tests
7 years ago
Pierre Souchay 486417a0fc Ensure to never send messages more than 64k
7 years ago
Pierre Souchay cfa5986df7 Fixed unit tests and updated limits
7 years ago
Pierre Souchay 6e80b6b127 Re-Enable compression while computing Len(), so we can send more answers
7 years ago
Matt Keeler cfd09c88c6 Update bindata_assetfs for 1.1
7 years ago
Paul Banks 863ac12811
v1.1.0 UI Build
7 years ago
Paul Banks ff37194fc0
Go fmt cleanup
7 years ago
Preetha Appan ca67094619
Change default raft threshold config values and add a section to upgrade notes
7 years ago
Preetha Appan 3ff5fd6ec5
More docs and removed SnapShotInterval from raft timing struct stanza
7 years ago
Preetha Appan d721da7b67
Also make snapshot interval configurable
7 years ago
Preetha Appan ad09865562
fix spacing
7 years ago
Preetha Appan 66f31cd25a
Make raft snapshot commit threshold configurable
7 years ago
Kyle Havlovitz 876d251b95
Merge pull request #4108 from hashicorp/vendor-go-discover
7 years ago
Kyle Havlovitz 48560848fc
Move cloud auto-join docs to a separate page and add Triton
7 years ago
Jack Pearkes 291e8b83ae
Merge pull request #4097 from hashicorp/remove-deprecated
7 years ago
John Cowen e5eeb0aa7c
UI V2 (#4086)
7 years ago
Paul Banks 92c6fe0b1e
Make it work for WAN join too and add tests
7 years ago
Dominik Lekse ba9991a145
Added support for sockaddr templates in start-join and retry-join configuration
7 years ago
Kyle Havlovitz 75953273e2
Remove unused retry join structs from config
7 years ago
Kyle Havlovitz ba3971d2c1
Remove deprecated metric names
7 years ago
Kyle Havlovitz b73323aa42
Remove the script field from checks in favor of args
7 years ago
Paul Banks b7fa3358d1
Merge pull request #3970 from pierresouchay/node_health_should_change_service_index
7 years ago
Kyle Havlovitz cc214d45b6
Remove support for EnableTagOverride in config files
7 years ago
Kyle Havlovitz 6461087c25
Remove support for CheckID field in service check definitions
7 years ago
Dino Lukman d538b5666c Fix telemetry default prefix filter
7 years ago
Jack Pearkes 733c0df0a0
Merge pull request #4021 from fomentia/master
7 years ago
Paul Banks c8db140ff7
Merge pull request #4047 from pierresouchay/added_missing_meta_in_service_definition
7 years ago
Pierre Souchay 303997ff55 Improved unit test (example close to actual value)
7 years ago
Paul Banks 4de68fcb4b
Merge pull request #4016 from pierresouchay/support_for_prometheus
7 years ago
Pierre Souchay eccc223480 Fixed Meta name for JSON + Added unit tests for HCL/JSON
7 years ago
Pierre Souchay 26388503e0 Removed Nanoseconds cast as requested by @banks
7 years ago
Pierre Souchay 62a68a008d Removed content negotiation of Prometheus as requested by @banks
7 years ago
Pierre Souchay c152cb7bdf Added Missing Service Meta synchronization and field
7 years ago
Pierre Souchay c715408c87 More Tests cases compression/no compression
7 years ago
Pierre Souchay 076ecf9712 Removed unecessary copy of Extra and index
7 years ago
Pierre Souchay 06a181955d Use safer stringVal()
7 years ago
Pierre Souchay 9bb15730a6 Added unit test on key length
7 years ago
Pierre Souchay 2f5e67534d Added unit tests for bad meta values
7 years ago
Pierre Souchay d2ab3deacf [BUGFIX] Added Service Meta support in configuration files
7 years ago
Pierre Souchay 36827418b7 Improved unit tests debug info when it fails
7 years ago
Pierre Souchay 728c5308df Fixed sync of Extra in binarySearch
7 years ago
Pierre Souchay 9243daeb0e Run new test in parallel
7 years ago
Pierre Souchay 5b4905e11d More test cases + travis flacky
7 years ago
Pierre Souchay fadfb95e07 Added Unit tests + fixed boudary limit
7 years ago
Pierre Souchay c838376dfa Added comment for function dnsBinaryTruncate
7 years ago
Pierre Souchay 94c0bf978a Perform a binary search to find optimal size of DNS responses
7 years ago
Kyle Havlovitz 2a636275ad
Update static assets
7 years ago
Kyle Havlovitz af4be34a2a
Update make static-assets goal and run format
7 years ago
Matt Keeler d926679278
Merge pull request #4023 from hashicorp/f-near-ip
7 years ago
Matt Keeler 0619efc254 GH-3798: More PR Updates
7 years ago
Matt Keeler 136efeb3be GH-3798: A couple more PR updates
7 years ago
Matt Keeler cec8d5145b GH-3798: A few more PR updates
7 years ago
Matt Keeler d065d3a6db GH-3798: Updates for PR
7 years ago
Matt Keeler 283a7942c4 GH-3798: Wrap DNS request validation in a retry
7 years ago
Jack Pearkes 265359959b
Merge pull request #4015 from hashicorp/ui-service-tags
7 years ago
Matt Keeler 5794fa8837 GH-3798: Add DNS near=_ip test
7 years ago
Matt Keeler de403d6515 GH-3798: Add HTTP prepared query near=_ip test
7 years ago
Matt Keeler 45a537def9 GH-3798: Add near=_ip support for prepared queries
7 years ago
Isaac Williams 01f5db46e8 Close HTTP response in Agent test (HTTPAPI_MethodNotAllowed_OSS)
7 years ago
Paul Banks 0d8993e338
Allow ignoring checks by ID when defining a PreparedQuery. Fixes #3727.
7 years ago
Pierre Souchay a680c8e91b Clearer documentation and comments for enabling Prometheus support
7 years ago
Pierre Souchay 27362320e8 Enable compression / automatic Mime-Type detection for Prometheus endpoint
7 years ago