Commit Graph

646 Commits (0827c9422227720752d421eada1cf74c71685486)

Author SHA1 Message Date
freddygv 19e3954603 Move compound service names to use ServiceName type
5 years ago
Chris Piraino 6fa48c9512
Allow users to set hosts to the wildcard specifier when TLS is disabled (#8083)
5 years ago
Chris Piraino 496e683360
Merge pull request #8064 from hashicorp/ingress/health-query-param
5 years ago
Chris Piraino c1d329c5dd Remove TODO note about ingress API, it is done!
5 years ago
Daniel Nephin 08f1ed16b4
Merge pull request #7900 from hashicorp/dnephin/add-linter-staticcheck-2
5 years ago
Hans Hasselberg 242994a016
acl: do not resolve local tokens from remote dcs (#8068)
5 years ago
Daniel Nephin c66c533d73
Merge pull request #7964 from hashicorp/dnephin/remove-patch-slice-of-maps-forward-compat
5 years ago
Daniel Nephin 75cbbe2702 config: add HookWeakDecodeFromSlice
5 years ago
Hans Hasselberg 98eea08d3b
Tokens converted from legacy ACLs get their Hash computed (#8047)
5 years ago
Daniel Nephin ce6cc094a1 intentions: fix a bug in Intention.SetHash
5 years ago
Daniel Nephin 99eb583ebc
Replace goe/verify.Values with testify/require.Equal (#7993)
5 years ago
R.B. Boyer 833211c14c
acl: allow auth methods created in the primary datacenter to optionally create global tokens (#7899)
5 years ago
Jono Sosulska c554ba9e10
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
5 years ago
Daniel Nephin c88fae0aac ci: Add staticcheck and fix most errors
5 years ago
Daniel Nephin 4f2bff174d
Merge pull request #7963 from hashicorp/dnephin/replace-lib-translate-keys
5 years ago
Daniel Nephin 6a2d7d77c0 config: use the new HookTranslateKeys instead of lib.TranslateKeys
5 years ago
Daniel Nephin 8ced4300c8 Add alias struct tags for new decode hook
5 years ago
R.B. Boyer 77f2e54618
create lib/stringslice package (#7934)
5 years ago
Daniel Nephin 600645b5f9 Add unconvert linter
5 years ago
Daniel Nephin 47238a693d
Merge pull request #7819 from hashicorp/dnephin/remove-t.Parallel-1
5 years ago
Freddy b3ec383d04
Gateway Services Nodes UI Endpoint (#7685)
5 years ago
Kyle Havlovitz 136549205c
Merge pull request #7759 from hashicorp/ingress/tls-hosts
5 years ago
Kyle Havlovitz 8d140ce9af Disallow the blanket wildcard prefix from being used as custom host
5 years ago
Daniel Nephin e60bb9f102 test: Remove t.Parallel() from agent/structs tests
5 years ago
Freddy c32a4f1ece
Fix up enterprise compatibility for gateways (#7813)
5 years ago
Chris Piraino 0c22eacca8 Add TLS field to ingress API structs
5 years ago
Chris Piraino 0b9ba9660d Validate hosts input in ingress gateway config entry
5 years ago
Kyle Havlovitz f14c54e25e Add TLS option and DNS SAN support to ingress config
5 years ago
Chris Piraino d8517bd6fd Better document wildcard specifier interactions
5 years ago
Kyle Havlovitz f9672f9bf1 Make sure IngressHosts isn't parsed during JSON decode
5 years ago
Chris Piraino f40833d094 Allow Hosts field to be set on an ingress config entry
5 years ago
Chris Piraino b73a13fc9e Remove service_subset field from ingress config entry
5 years ago
Kyle Havlovitz 247f9eaf13 Allow ingress gateways to route traffic based on Host header
5 years ago
R.B. Boyer a854e4d9c5
acl: oss plumbing to support auth method namespace rules in enterprise (#7794)
5 years ago
R.B. Boyer 22eb016153
acl: add MaxTokenTTL field to auth methods (#7779)
5 years ago
R.B. Boyer ca52ba7068
acl: add DisplayName field to auth methods (#7769)
5 years ago
R.B. Boyer b282268408
sdk: extracting testutil.RequireErrorContains from various places it was duplicated (#7753)
5 years ago
Freddy 137a2c32c6
TLS Origination for Terminating Gateways (#7671)
5 years ago
freddygv 915db10903 Avoid deleting mappings for services linked to other gateways on dereg
5 years ago
freddygv c9385129ae Require service:read to read terminating-gateway config
5 years ago
Chris Piraino 115d2d5db5
Expect default enterprise metadata in gateway tests (#7664)
5 years ago
Kyle Havlovitz e9e8c0e730
Ingress Gateways for TCP services (#7509)
5 years ago
Daniel Nephin f46d1b5c94 agent/structs: Remove ServiceID.Init and CheckID.Init
5 years ago
Freddy 9eb1867fbb
Terminating gateway discovery (#7571)
5 years ago
Freddy aae14b3951
Add decode rules for Expose cfg in service-defaults (#7611)
5 years ago
Matt Keeler 0e7d3d93b3
Enable filtering language support for the v1/connect/intentions… (#7593)
5 years ago
Freddy 90576060bc
Add config entry for terminating gateways (#7545)
5 years ago
Kyle Havlovitz c911174327
Add config entry/state for Ingress Gateways (#7483)
5 years ago
Freddy 18d356899c
Enable CLI to register terminating gateways (#7500)
5 years ago
Alejandro Baez bafa69bb69
Add PolicyReadByName for API (#6615)
5 years ago
R.B. Boyer 85a08bf8ed
server: strip local ACL tokens from RPCs during forwarding if crossing datacenters (#7419)
5 years ago
R.B. Boyer 6adad71125
wan federation via mesh gateways (#6884)
5 years ago
Matt Keeler 7584dfe8c8 Fix session backwards incompatibility with 1.6.x and earlier.
5 years ago
Matt Keeler e231d62bc9
Make the config entry and leaf cert cache types ns aware (#7256)
5 years ago
Hans Hasselberg 6739fe6e83
connect: add validations around intermediate cert ttl (#7213)
5 years ago
Akshay Ganeshen 8beb716414
feat: support sending body in HTTP checks (#6602)
5 years ago
Matt Keeler d0cd092e3b
Catalog + Namespace OSS changes. (#7219)
5 years ago
R.B. Boyer 8c596953b0
agent: ensure that we always use the same settings for msgpack (#7245)
5 years ago
Matt Keeler 9e5fd7f925
OSS Changes for various config entry namespacing bugs (#7226)
5 years ago
Matt Keeler dfb0177dbc
Testing updates to support namespaced testing of the agent/xds… (#7185)
5 years ago
Matt Keeler 6855a778c2
Updates to the Txn API for namespaces (#7172)
5 years ago
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130)
5 years ago
Matt Keeler c09693e545
Updates to Config Entries and Connect for Namespaces (#7116)
5 years ago
Hans Hasselberg 804eb17094
connect: check if intermediate cert needs to be renewed. (#6835)
5 years ago
Aestek ba8fd8296f Add support for dual stack IPv4/IPv6 network (#6640)
5 years ago
Matt Keeler 663cf1e9a8
AuthMethod updates to support alternate namespace logins (#7029)
5 years ago
Matt Keeler 8bd34e126f
Intentions ACL enforcement updates (#7028)
5 years ago
R.B. Boyer 10f04a8c4a connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011)
5 years ago
Matt Keeler fa2003d7cb
Move Session.CheckIDs into OSS only code. (#6993)
5 years ago
Matt Keeler a78f7d7a34
OSS changes for implementing token based namespace inferencing
5 years ago
Matt Keeler 80d13d500b
Miscellaneous acl package cleanup
5 years ago
Matt Keeler 0b346616e9
Rename EnterpriseAuthorizerContext -> AuthorizerContext
5 years ago
Matt Keeler 5934f803bf
Sync of OSS changes to support namespaces (#6909)
5 years ago
rerorero 34649b8820 [ci] fix: go-fmt fails on master branch (#6906)
5 years ago
Matt Keeler 2343413bf0
Fix the TestAPI_CatalogRegistration test
5 years ago
Matt Keeler 8f0ab0129e
Miscellaneous Fixes (#6896)
5 years ago
Matt Keeler a704ebe639
Add Namespace support to the API module and the CLI commands (#6874)
5 years ago
Matt Keeler deb91f3d3c
[Feature] API: Add a internal endpoint to query for ACL authori… (#6888)
5 years ago
Matt Keeler b069d6777b
OSS KV Modifications to Support Namespaces
5 years ago
Matt Keeler 7b471f6bf8
OSS Modifications necessary for sessions namespacing
5 years ago
Paul Banks cd1b613352
connect: Add AWS PCA provider (#6795)
5 years ago
Paul Banks b621910618
Support Connect CAs that can't cross sign (#6726)
5 years ago
Paul Banks 45d57ca601
connect: Allow CA Providers to store small amount of state (#6751)
5 years ago
Matt Keeler ab5a05f71d
Fix type name (#6728)
5 years ago
Matt Keeler 825e19bc5f
Add DirEntry method to fill enterprise authz context
5 years ago
Paul Banks 87699eca2f
Fix support for RSA CA keys in Connect. (#6638)
5 years ago
Matt Keeler 5d687ce6a9
Fix the Synthetic Policy Tests (#6715)
5 years ago
Sarah Adams 78ad8203a4
Use encoding/json as JSON decoder instead of mapstructure (#6680)
5 years ago
Matt Keeler 79f78632e1
Update the ACL Resolver to allow for Consul Enterprise specific hooks. (#6687)
5 years ago
Matt Keeler e4ea9b0a96
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675)
5 years ago
Freddy 60f6ec0c2f
Store check type in catalog (#6561)
5 years ago
Matt Keeler 973341a592
ACL Authorizer overhaul (#6620)
5 years ago
PHBourquin 039615641e Checks to passing/critical only after reaching a consecutive success/failure threshold (#5739)
5 years ago
R.B. Boyer c4b92d5534
connect: connect CA Roots in secondary datacenters should use a SigningKeyID derived from their local intermediate (#6513)
5 years ago
Matt Keeler 76cf54068b
Expand the QueryOptions and QueryMeta interfaces (#6545)
5 years ago
Freddy fdd10dd8b8
Expose HTTP-based paths through Connect proxy (#6446)
5 years ago
Matt Keeler 51dcd126b7
Add support for implementing new requests with protobufs instea… (#6502)
5 years ago
Pierre Souchay be50400c62 Distinguish between DC not existing and not being available (#6399)
5 years ago
R.B. Boyer fd1c62ee8b
connect: ensure time.Duration fields retain their human readable forms in the API (#6348)
5 years ago
R.B. Boyer 561b2fe606
connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340)
5 years ago
R.B. Boyer ae79cdab1b
connect: introduce ExternalSNI field on service-defaults (#6324)
5 years ago
R.B. Boyer 1a485011d0
connect: updating a service-defaults config entry should leave an unset protocol alone (#6342)
5 years ago
R.B. Boyer 3975cb89bf
agent: blocking central config RPCs iterations should not interfere with each other (#6316)
5 years ago
hashicorp-ci 5919c7c184 Merge Consul OSS branch 'master' at commit 8f7586b339
5 years ago
Sarah Adams 8ff1f481fe
add flag to allow /operator/keyring requests to only hit local servers (#6279)
5 years ago
Mike Morris 65be58703c
connect: remove managed proxies (#6220)
5 years ago
R.B. Boyer 8e22d80e35
connect: fix failover through a mesh gateway to a remote datacenter (#6259)
5 years ago
R.B. Boyer c395affc93
connect: expose an API endpoint to compile the discovery chain (#6248)
5 years ago
R.B. Boyer dcb609af83
connect: detect and prevent circular discovery chain references (#6246)
5 years ago
R.B. Boyer f02924fafe
connect: simplify the compiled discovery chain data structures (#6242)
5 years ago
R.B. Boyer 6393edba53
connect: reconcile how upstream configuration works with discovery chains (#6225)
5 years ago
R.B. Boyer 8564b6bb38
connect: validate upstreams and prevent duplicates (#6224)
5 years ago
Paul Banks e87cef2bb8 Revert "connect: support AWS PCA as a CA provider" (#6251)
5 years ago
Todd Radel 3497b7c00d
connect: support AWS PCA as a CA provider (#6189)
5 years ago
Todd Radel 2552f4a11a
connect: Support RSA keys in addition to ECDSA (#6055)
5 years ago
R.B. Boyer c6c4a2251a Merge Consul OSS branch master at commit b3541c4f34
5 years ago
Jeff Mitchell 94c73d0c92 Chunking support (#6172)
5 years ago
Matt Keeler 3053342198
Envoy Mesh Gateway integration tests (#6187)
5 years ago
R.B. Boyer ad9e7b6ae9
connect: allow L7 routers to match on http methods (#6164)
5 years ago
R.B. Boyer 85cf2706e6
connect: change router syntax for matching query parameters to resemble the syntax for matching paths and headers for consistency. (#6163)
5 years ago
R.B. Boyer 1dbd92e091
connect: validate and test more of the L7 config entries (#6156)
5 years ago
R.B. Boyer e039dfd7f8
connect: rework how the service resolver subset OnlyPassing flag works (#6173)
5 years ago
Matt Keeler d7fe8befa9
Update go-bexpr (#6190)
5 years ago
Matt Keeler 4728329aeb
Various Gateway Fixes (#6093)
5 years ago
R.B. Boyer bcd2de3a2e
implement some missing service-router features and add more xDS testing (#6065)
5 years ago
R.B. Boyer 9138a97054
Fix bug in service-resolver redirects if the destination uses a default resolver. (#6122)
5 years ago
R.B. Boyer 67a36e3452
handle structs.ConfigEntry decoding similarly to api.ConfigEntry decoding (#6106)
5 years ago
Matt Keeler 6e65811db2
Envoy CLI bind addresses (#6107)
5 years ago
Matt Keeler 3eb3ee5a15
Merge pull request #6053 from hashicorp/gateways_and_resolvers
6 years ago
R.B. Boyer 43770b9391
digest the proxy-defaults protocol into the graph (#6050)
6 years ago
Matt Keeler 3b6d5e382a Implement caching for config entry lists
6 years ago
R.B. Boyer 4bdb690a25
activate most discovery chain features in xDS for envoy (#6024)
6 years ago
Matt Keeler bdebe62fd0
Fix some tests that I broke when refactoring the ConfigSnapshot (#6051)
6 years ago
Matt Keeler 8d953f5840 Implement Mesh Gateways
6 years ago
Matt Keeler 4bc1277315 Include a content hash of the intention for use during replication
6 years ago
Matt Keeler 3943e38133 Implement Kind based ServiceDump and caching of the ServiceDump RPC
6 years ago
R.B. Boyer 2ad516aeaf
do some initial config entry graph validation during writes (#6047)
6 years ago
hashicorp-ci 43bda6fb76 Merge Consul OSS branch 'master' at commit e91f73f592
6 years ago
Hans Hasselberg 33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597)
6 years ago
R.B. Boyer 6a52f9f9fb
initial version of L7 config entry compiler (#5994)
6 years ago
R.B. Boyer ceef44bbc9
adding new config entries for L7 discovery chain (unused) (#5987)
6 years ago
hashicorp-ci f4304e2e5b Merge Consul OSS branch 'master' at commit 4eb73973b6
6 years ago
Pierre Souchay 0e907f5aa8 Support for maximum size for Output of checks (#5233)
6 years ago
Matt Keeler 43c5ba0304
New Cache Types (#5995)
6 years ago
Aestek b839f52195 kv: do not trigger watches when setting the same value (#5885)
6 years ago
Matt Keeler f3d9b999ee
Add tagged addresses for services (#5965)
6 years ago
R.B. Boyer 40336fd353
agent: fix several data races and bugs related to node-local alias checks (#5876)
6 years ago
R.B. Boyer 20eefeea11
acl: a role binding rule for a role that does not exist should be ignored (#5778)
6 years ago
R.B. Boyer b4371bcccd
acl: enforce that you cannot persist tokens and roles with missing links except during replication (#5779)
6 years ago
Matt Keeler 42d32db817
Fix ConfigEntryResponse binary marshaller and ensure we watch the chan in ConfigEntry.Get even when no entry exists. (#5773)
6 years ago
Paul Banks 8f5b16ebaf
Fix uint8 conversion issues for service config response maps.
6 years ago
Paul Banks 0cfb6051ea Add integration test for central config; fix central config WIP (#5752)
6 years ago
Matt Keeler 69f902608c
Update to use a consulent build tag instead of just ent (#5759)
6 years ago
Matt Keeler d0f410cd84
Make a few config entry endpoints return 404s and allow for snake_case and lowercase key names. (#5748)
6 years ago
Matt Keeler 4daa1585b0
ACL Token ID Initialization (#5307)
6 years ago
Kyle Havlovitz aba54cec55 Add HTTP endpoints for config entry management (#5718)
6 years ago
Paul Banks 421ecd32fc
Connect: allow configuring Envoy for L7 Observability (#5558)
6 years ago
R.B. Boyer e47d7eeddb acl: adding support for kubernetes auth provider login (#5600)
6 years ago
R.B. Boyer cc1aa3f973 acl: adding Roles to Tokens (#5514)
6 years ago
R.B. Boyer 7928305279 making ACLToken.ExpirationTime a *time.Time value instead of time.Time (#5663)
6 years ago
R.B. Boyer db43fc3a20 acl: ACL Tokens can now be assigned an optional set of service identities (#5390)
6 years ago
R.B. Boyer 2144bd7fbd acl: tokens can be created with an optional expiration time (#5353)
6 years ago
Matt Keeler 5befe0f5d5
Implement config entry replication (#5706)
6 years ago
Kyle Havlovitz c269369760 Make central service config opt-in and rework the initial registration
6 years ago
Kyle Havlovitz 88e1d8ce03 Fill out the service manager functionality and fix tests
6 years ago
Kyle Havlovitz 7c25869e67 Add the service registration manager to the agent
6 years ago
Kyle Havlovitz b186c3020c
Merge pull request #5615 from hashicorp/config-entry-rpc
6 years ago
Kyle Havlovitz fed7595d45 Rename config entry ACL methods
6 years ago
Matt Keeler afa1cc98d1
Implement data filtering of some endpoints (#5579)
6 years ago
Kyle Havlovitz 690e9dd2c0 Move the ACL logic into the ConfigEntry interface
6 years ago
Kyle Havlovitz f2ed482680 Add RPC endpoints for config entry operations
6 years ago
Kyle Havlovitz a2fa9a0019 Cleaned up some error handling/comments around config entries
6 years ago
Kyle Havlovitz d16be2e269 Encode config entry FSM messages in a generic type
6 years ago
Kyle Havlovitz f6df5c9b3b Clean up service config state store methods
6 years ago
Kyle Havlovitz e199c37ee4
Add some basic normalize/validation logic for config entries
6 years ago
Kyle Havlovitz d92577c16b Fix fsm serialization and add snapshot/restore
6 years ago
Kyle Havlovitz 17aa6a5a34 Fill out state store/FSM functions and add tests
6 years ago
Kyle Havlovitz 9d07add047 Add config types and state store table
6 years ago
R.B. Boyer f4a3b9d518
fix typos reported by golangci-lint:misspell (#5434)
6 years ago
Matt Keeler 90040f8bff Fixes for CVE-2019-8336
6 years ago
Aestek f1cdfbe40e Allow DNS interface to use agent cache (#5300)
6 years ago
R.B. Boyer 324ba5df17
update TestStateStore_ACLBootstrap to not rely upon request mutation (#5335)
6 years ago
Matt Keeler acfd87c673
Improve Connect with Prepared Queries (#5291)
6 years ago
Hans Hasselberg 552e150536 correct name
6 years ago
Hans Hasselberg aebb50d47d simpler fix
6 years ago
Hans Hasselberg 5db185a7e4 do not export that type
6 years ago
Hans Hasselberg 7f44100101 fix marshalling
6 years ago
Hans Hasselberg d4790b2827 demo nomad problem
6 years ago
Matt Keeler d5a3ba6cda
Disregard rules when set on a management token (#5261)
6 years ago
Kyle Havlovitz 5bdf130767
Merge pull request #4869 from hashicorp/txn-checks
6 years ago
Paul Banks ef9f27cbc8
connect: tame thundering herd of CSRs on CA rotation (#5228)
6 years ago
Kyle Havlovitz 21380021af txn: update existing txn api docs with new operations
6 years ago
Matt Keeler 1ec5f2a27f
Store leaf cert indexes in raft and use for the ModifyIndex on the returned certs (#5211)
6 years ago
Paul Banks 0638e09b6e
connect: agent leaf cert caching improvements (#5091)
6 years ago
Hans Hasselberg 067027230b
connect: add tls config for vault connect ca provider (#5125)
6 years ago
Paul Banks b29bc906ee
bugfix: use ServiceTags to generate cache key hash (#4987)
6 years ago
Grégoire Seux 4f62a3b528 Implement /v1/agent/health/service/<service name> endpoint (#3551)
6 years ago
Kyle Havlovitz 67bac7a815 api: add support for new txn operations
6 years ago
Kyle Havlovitz 7759e9ea8b txn: add service operations
6 years ago
Kyle Havlovitz ab58986ac3 txn: add node operations
6 years ago
Kyle Havlovitz b371ea8783 Add check operations to transaction api
6 years ago
R.B. Boyer 934fae659f
acl: add stub hooks to support some plumbing in enterprise (#4951)
6 years ago
Paul Banks 54c2ff6aca
connect: remove additional trust-domain validation (#4934)
6 years ago
Kyle Havlovitz 4a73a59d70
Merge pull request #4917 from hashicorp/replication-token-cleanup
6 years ago
Kyle Havlovitz e8dd89359a
agent: fix formatting
6 years ago
R.B. Boyer 9211d2701d
fix comment typos (#4890)
6 years ago
Matt Keeler f9cf0eb36e Remaining ACL Unit Tests (#4852)
6 years ago
Kyle Havlovitz 819566f6b7 fsm: add Intention operations to transactions for internal use
6 years ago
Matt Keeler 18b29c45c4
New ACLs (#4791)
6 years ago
Kyle Havlovitz c617326470 re-add Connect multi-dc config changes
6 years ago
Jack Pearkes 8bcfbaffb6 Revert "Connect multi-dc config" (#4784)
6 years ago
Rebecca Zanzig 34e5516834 Support multiple tags for health and catalog http api endpoints (#4717)
6 years ago
Pierre Souchay 51b33ef015 [Performance On Large clusters] Reduce updates on large services (#4720)
6 years ago
Kyle Havlovitz 98d95cfa80 connect: add ExternalTrustDomain to CARoot fields
6 years ago
Paul Banks c9217c958e merge feedback: fix typos; actually use deliverLatest added previously but not plumbed in
6 years ago
Paul Banks 0f27ffd163 Proxy Config Manager (#4729)
6 years ago
Paul Banks e812f5516a Add -sidecar-for and new /agent/service/:service_id endpoint (#4691)
6 years ago
Paul Banks 1e7eace066 Add SidecarService Syntax sugar to Service Definition (#4686)
6 years ago
Paul Banks b83bbf248c Add Proxy Upstreams to Service Definition (#4639)
6 years ago
Paul Banks 88388d760d Support Agent Caching for Service Discovery Results (#4541)
6 years ago
Kyle Havlovitz d515d25856
Merge pull request #4644 from hashicorp/ca-refactor
6 years ago
Paul Banks 74f2a80a42
Fix CA pruning when CA config uses string durations. (#4669)
6 years ago
Kyle Havlovitz c112a72880
connect/ca: some cleanup and reorganizing of the new methods
6 years ago
Pierre Souchay eddcf228ea Implementation of Weights Data structures (#4468)
6 years ago
Kyle Havlovitz 546bdf8663
connect/ca: add Configure/GenerateRoot to provider interface
6 years ago
Kyle Havlovitz b51d76f469
fsm: add missing CA config to snapshot/restore logic
6 years ago
Kyle Havlovitz ed87949385
Merge pull request #4400 from hashicorp/leaf-cert-ttl
6 years ago
Kyle Havlovitz ce10de036e
connect/ca: check LeafCertTTL when rotating expired roots
6 years ago
Kyle Havlovitz d6ca015a42
connect/ca: add configurable leaf cert TTL
6 years ago
Mitchell Hashimoto 5bc27feb0b
agent/structs: check is alias if node is empty
6 years ago
Mitchell Hashimoto f0658a0ede
agent/config: support configuring alias check
6 years ago
Kyle Havlovitz 4e5fb6bc19
connect: add provider state to snapshots
6 years ago
Kyle Havlovitz 401b206a2e
Store the time CARoot is rotated out instead of when to prune
7 years ago
Kyle Havlovitz 1492243e0a
connect/ca: add logic for pruning old stale RootCA entries
7 years ago
Matt Keeler 163fe11101 Make sure we omit the Kind value in JSON if empty
7 years ago
Kyle Havlovitz 1a8ac686b2 connect/ca: add the Vault CA provider
7 years ago
Mitchell Hashimoto 7cbbac43a3 agent: clarify comment
7 years ago
Paul Banks 2c21ead80e More test tweaks
7 years ago
Paul Banks 4a54f8f7e3 Fix some tests failures caused by the sorting change and some cuased by previous UpdatePrecedence() change
7 years ago
Mitchell Hashimoto 3c17144fb5 agent/structs: JSON marshal the configuration for a managed proxy
7 years ago
Mitchell Hashimoto 028aa78e83 agent/consul: set precedence value on struct itself
7 years ago
Mitchell Hashimoto daf46c9cfa agent/consul: support a Connect option on prepared query request
7 years ago
Mitchell Hashimoto 440b1b2d97 agent/consul: prepared query supports "Connect" field
7 years ago
Mitchell Hashimoto 1830c6b308 agent: switch ConnectNative to an embedded struct
7 years ago
Mitchell Hashimoto eb3fcb39b3 agent/consul/state: support querying by Connect native
7 years ago
Mitchell Hashimoto 424272361d agent: agent service registration supports Connect native services
7 years ago
Mitchell Hashimoto d6a823ad0d agent/consul: support catalog registration with Connect native
7 years ago
Mitchell Hashimoto 0accfc1628
agent: rename test to check
7 years ago
Mitchell Hashimoto d68462fca6
agent/consul: implement Intention.Test endpoint
7 years ago
Paul Banks c1f2025d96
Return TrustDomain from CARoots RPC
7 years ago
Kyle Havlovitz 6e9f1f8acb
Add more metadata to structs.CARoot
7 years ago
Kyle Havlovitz 627aa80d5a
Use provider state table for a global serial index
7 years ago
Mitchell Hashimoto 965a902474
agent/structs: validate service definitions, port required for proxy
7 years ago
Mitchell Hashimoto 171bf8d599
agent: clean up defaulting of proxy configuration
7 years ago
Mitchell Hashimoto 1a2b28602c
agent: start proxy manager
7 years ago
Mitchell Hashimoto fcd2ab2338
agent/proxy: manager and basic tests, not great coverage yet coming soon
7 years ago
Mitchell Hashimoto 476ea7b04a
agent: start/stop proxies
7 years ago
Mitchell Hashimoto aaa2431350
agent: change connect command paths to be slices, not strings
7 years ago
Paul Banks e0e12e165b
TLS watching integrated into Service with some basic tests.
7 years ago
Kyle Havlovitz edcfdb37af
Fix some inconsistencies around the CA provider code
7 years ago
Paul Banks cd88b2a351
Basic `watch` support for connect proxy config and certificate endpoints.
7 years ago
Kyle Havlovitz 32d1eae28b
Move ConsulCAProviderConfig into structs package
7 years ago
Kyle Havlovitz c6e1b72ccb
Simplify the CA provider interface by moving some logic out
7 years ago
Kyle Havlovitz a325388939
Clarify some comments and names around CA bootstrapping
7 years ago
Mitchell Hashimoto bd3b8e042a
agent/cache: address PR feedback, lots of typos
7 years ago
Mitchell Hashimoto 0f3f3d13ca
agent/cache-types: support intention match queries
7 years ago
Mitchell Hashimoto 9f3dbf7b2a
agent/structs: DCSpecificRequest sets all the proper fields for
7 years ago
Mitchell Hashimoto e3c1162881
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning
7 years ago
Mitchell Hashimoto b0db5657c4
agent/cache: ConnectCA roots caching type
7 years ago
Kyle Havlovitz 33418afd3c
Add cross-signing mechanism to root rotation
7 years ago
Kyle Havlovitz d83fbfc766
Add the root rotation mechanism to the CA config endpoint
7 years ago
Kyle Havlovitz f9d92d795e
Have the built in CA store its state in raft
7 years ago
Kyle Havlovitz ab737ef0f8
Hook the CA RPC endpoint into the provider interface
7 years ago
Paul Banks 36dbd878c9
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
7 years ago
Paul Banks 2a69663448
Agent Connect Proxy config endpoint with hash-based blocking
7 years ago
Paul Banks 3e3f0e1f31
HTTP agent registration allows proxy to be defined.
7 years ago
Paul Banks e6071051cf
Added connect proxy config and local agent state setup on boot.
7 years ago
Paul Banks ed9f07c361
Allow duplicate source or destination, but enforce uniqueness across all four.
7 years ago
Mitchell Hashimoto 95da20ffd7
agent: rename authorize param ClientID to ClientCertURI
7 years ago
Mitchell Hashimoto 6dc2db94ea
agent/structs: String format for Intention, used for logging
7 years ago
Mitchell Hashimoto 86a8ce45b9
agent: /v1/agent/connect/authorize is functional, with tests
7 years ago
Paul Banks 9309422fd9
Add Connect agent, catalog and health endpoints to api Client
7 years ago
Mitchell Hashimoto a54d1af421
agent/consul: encode issued cert serial number as hex encoded
7 years ago
Mitchell Hashimoto 4210003c86
agent/structs: hide some fields from JSON
7 years ago
Mitchell Hashimoto 63d674d07d
agent: /v1/connect/ca/configuration PUT for setting configuration
7 years ago
Mitchell Hashimoto c2588262b7
agent: /v1/connect/ca/leaf/:service_id
7 years ago
Mitchell Hashimoto e40afd6a73
agent/consul: CAS operations for setting the CA root
7 years ago
Mitchell Hashimoto 891cd22ad9
agent/consul: key the public key of the CSR, verify in test
7 years ago
Mitchell Hashimoto d768d5e9a7
agent/consul: test for ConnectCA.Sign
7 years ago
Mitchell Hashimoto f4ec28bfe3
agent/consul: basic sign endpoint not tested yet
7 years ago
Mitchell Hashimoto 6d294b6bb4
agent/structs: json omit QueryMeta
7 years ago
Mitchell Hashimoto 130098b7b5
agent/consul/state: CARoot structs and initial state store
7 years ago
Mitchell Hashimoto 6313bc5615
agent: clarified a number of comments per PR feedback
7 years ago
Mitchell Hashimoto 3b07686648
agent: remove ConnectProxyServiceName
7 years ago
Mitchell Hashimoto 2feef5f7a3
agent/consul: require name for proxies
7 years ago
Mitchell Hashimoto 125fb96ff1
agent/structs: tests for PartialClone and IsSame for proxy fields
7 years ago
Mitchell Hashimoto 9781cb1ace
agent/local: anti-entropy for connect proxy services
7 years ago
Mitchell Hashimoto e01914a025
agent/consul: Catalog.ServiceNodes supports Connect filtering
7 years ago
Mitchell Hashimoto 0c0c0a58e7
agent/consul: proxy registration and tests
7 years ago
Mitchell Hashimoto 6e257ea51c
agent: /v1/catalog/service/:service works with proxies
7 years ago
Mitchell Hashimoto 21c6fc623a
agent/consul/state: service registration with proxy works
7 years ago
Mitchell Hashimoto 9dc8aa0fb3
agent/consul,structs: add tests for ACL filter and prefix for intentions
7 years ago
Mitchell Hashimoto a67ff1c0dc
agent/consul: Basic ACL on Intention.Apply
7 years ago
Mitchell Hashimoto 0719ff6905
agent: convert all intention tests to testify/assert
7 years ago
Mitchell Hashimoto 70858598e4
agent: use testing intention to get valid intentions
7 years ago
Mitchell Hashimoto ab4ea3efb4
agent/consul: set default intention SourceType, validate it
7 years ago
Mitchell Hashimoto d92993f75b
agent/structs: Intention validation
7 years ago
Mitchell Hashimoto 82a50245e0
agent/consul: support intention description, meta is non-nil
7 years ago
Mitchell Hashimoto a9743f4f15
agent,agent/consul: set default namespaces
7 years ago
Mitchell Hashimoto 93de03fe8b
agent/consul: RPC endpoint for Intention.Match
7 years ago
Mitchell Hashimoto 377479c01a
agent/structs: IntentionPrecedenceSorter for sorting based on precedence
7 years ago
Mitchell Hashimoto 274bfdd864
agent: POST /v1/connect/intentions
7 years ago
Mitchell Hashimoto e8c4156f07
agent/consul: Intention.Get endpoint
7 years ago
Mitchell Hashimoto 9e307e178e
agent/consul: Intention.Apply, FSM methods, very little validation
7 years ago
Mitchell Hashimoto 212a272989
agent/consul: start Intention RPC endpoints, starting with List
7 years ago
Mitchell Hashimoto cc8a6f7f15
agent/consul/state: initial work on intentions memdb table
7 years ago
Wim 5c04864b28 Add support for reverse lookup of services
7 years ago
Kyle Havlovitz b73323aa42
Remove the script field from checks in favor of args
7 years ago
Matt Keeler d926679278
Merge pull request #4023 from hashicorp/f-near-ip
7 years ago
Matt Keeler 45a537def9 GH-3798: Add near=_ip support for prepared queries
7 years ago
Paul Banks 0d8993e338
Allow ignoring checks by ID when defining a PreparedQuery. Fixes #3727.
7 years ago
Preetha a67d27c756
Adds discovery_max_stale (#4004)
7 years ago
Preetha Appan c7581d68c6
Renames agent API layer for service metadata to "meta" for consistency
7 years ago
Pierre Souchay b259b1609c Merge remote-tracking branch 'origin/master' into service_metadata
7 years ago
Pierre Souchay 66fdf445e8 Added unit tests for structs and fixed PartialClone()
7 years ago
James Phillips c2a59f1e6c
Addresses additional state mutations.
7 years ago
Pierre Souchay 80dde5465b Added support for Service Metadata
7 years ago
James Phillips 5f31c8d8d3
Changes "TLS" to "GRPCUseTLS" since it only applies to GRPC checks.
7 years ago
Dmytro Kostiuchenko 1a10b08e82 Add gRPC health-check #3073
7 years ago
Kyle Havlovitz de28555671
Move autopilot to a standalone package
7 years ago
Kyle Havlovitz d3dd2b1402
Move check definition to a sub-struct
7 years ago
Kyle Havlovitz ce4e8c46fa
Add deregister critical service field and refactor duration parsing
7 years ago
Kyle Havlovitz d56936e27a
Added remaining HTTP health check fields to structs
7 years ago
Kyle Havlovitz a7c42a6c2a
Expose SkipNodeUpdate field and some health check info in the http api
7 years ago
preetapan 77c972f594 Fixes agent error handling when check definition is invalid. Distingu… (#3560)
7 years ago
James Phillips bb12368eac Makes RPC handling more robust when rolling servers. (#3561)
7 years ago
James Phillips 3bc6df5f0e
Adds script warning and fixes Docker args recognition.
7 years ago
Kyle Havlovitz 198ed6076d Clean up subprocess handling and make shell use optional (#3509)
7 years ago
Preetha Appan 3c4a108769 Move Raft protocol version for list peers end point to server side, fix unit tests. This fixes #3449
7 years ago
Frank Schröder 12216583a1 New config parser, HCL support, multiple bind addrs (#3480)
7 years ago
James Phillips 00605c0214
Shows the segment name in the keyring API and command output.
7 years ago
James Phillips 9258506dab Adds simple rate limiting for client agent RPC calls to Consul servers. (#3440)
7 years ago
Kyle Havlovitz 62102a537e
Organize segments for a cleaner split between enterprise and OSS
7 years ago
Kyle Havlovitz d129767657
Add agent.segment interpolation to prepared queries
7 years ago
James Phillips b1a15e0c3d
Adds open source side of network segments (feature is Enterprise-only).
7 years ago
Frank Schroeder 1acff3533e
agent: move agent/consul/structs to agent/structs
7 years ago