consul

Commit Graph

Author	SHA1	Message	Date
Matt Keeler	91150cca59	Fixup formatting	6 years ago
Matt Keeler	3807e04de9	Revert PR 4294 - Catalog Register: Generate UUID for services registered without one UUID auto-generation here causes trouble in a few cases. The biggest being older nodes reregistering will fail when the UUIDs are different and the names match This reverts commit `0f70034082`. This reverts commit `d1a8f9cb3f`. This reverts commit `cf69ec42a4`.	6 years ago
Matt Keeler	7572ca0f37	Merge pull request #4374 from hashicorp/feature/proxy-env-vars Setup managed proxy environment with API client env vars	6 years ago
Paul Banks	8405b41f2b	Update proxy config docs and add test for ipv6	6 years ago
Paul Banks	bb9a5c703b	Default managed proxy TCP check address sanely when proxy is bound to 0.0.0.0. This also provides a mechanism to configure custom address or disable the check entirely from managed proxy config.	6 years ago
Matt Keeler	0f56ed2d01	Set api.Config’s InsecureSkipVerify to the value of !RuntimeConfig.VerifyOutgoing	6 years ago
Matt Keeler	22e4058893	Use type switch instead of .Network for more reliably detecting UnixAddrs	6 years ago
Matt Keeler	700a275ddf	Look specifically for tcp instead of unix Add runtime -> api.Config tests	6 years ago
Matt Keeler	c8df4b824c	Update proxy manager test - test passing ProxyEnv vars	6 years ago
Kyle Havlovitz	f95c6807e7	connect: use reflect.DeepEqual instead for test	6 years ago
Matt Keeler	98ead2a8f8	Merge pull request #3983 from pierresouchay/node_renaming Allow changing Node names since Node now have IDs	6 years ago
Kyle Havlovitz	4e5fb6bc19	connect: add provider state to snapshots	6 years ago
Kyle Havlovitz	462ace4867	connect: update leader initializeCA comment	6 years ago
Kyle Havlovitz	1d3f4b5099	connect: persist intermediate CAs on leader change	6 years ago
Matt Keeler	c54b43bef3	PR Updates Proxy now doesn’t need to know anything about the api as we pass env vars to it instead of the api config.	6 years ago
Matt Keeler	4d1ead10b3	Merge pull request #4371 from hashicorp/bugfix/gh-4358 Remove https://prefix from TLSConfig.Address	6 years ago
Pierre Souchay	fecae3de21	When renaming a node, ensure the name is not taken by another node. Since DNS is case insensitive and DB as issues when similar names with different cases are added, check for unicity based on case insensitivity. Following another big incident we had in our cluster, we also validate that adding/renaming a not does not conflicts with case insensitive matches. We had the following error once: - one node called: mymachine.MYDC.mydomain was shut off - another node (different ID) was added with name: mymachine.mydc.mydomain before 72 hours When restarting the consul server of domain, the consul server restarted failed to start since it detected an issue in RAFT database because mymachine.MYDC.mydomain and mymachine.mydc.mydomain had the same names. Checking at registration time with case insensitivity should definitly fix those issues and avoid Consul DB corruption.	6 years ago
Matt Keeler	bd76a34002	Merge pull request #4365 from pierresouchay/fix_test_warning Fixed compilation warning about wrong type	6 years ago
Matt Keeler	3b6eef8ec6	Pass around an API Config object and convert to env vars for the managed proxy	6 years ago
Pierre Souchay	7d2e4b77ec	Use %q, not %s as it used to	6 years ago
Matt Keeler	0fd7e97c2d	Merge remote-tracking branch 'origin/master' into bugfix/prevent-multi-cname	6 years ago
Matt Keeler	d19c7d8882	Merge pull request #4303 from pierresouchay/non_blocking_acl Only send one single ACL cache refresh across network when TTL is over	6 years ago
Matt Keeler	d066fb7b18	Merge pull request #4362 from hashicorp/bugfix/gh-4354 Ensure TXT RRs always end up in the Additional section except for ANY or TXT queries	6 years ago
Pierre Souchay	b112bdd52d	Fixed compilation warning about wrong type It fixes the following warnings: agent/config/builder.go:1201: Errorf format %q has arg s of wrong type string agent/config/builder.go:1240: Errorf format %q has arg s of wrong type string	6 years ago
Paul Banks	41c3a4ac8e	Merge pull request #4038 from pierresouchay/ACL_additional_info Track calls blocked by ACLs using metrics	6 years ago
MagnumOpus21	371f0c3d5f	Tests/Proxy : Changed function name to match the system being tested.	6 years ago
MagnumOpus21	9d57b72e81	Resolved merge conflicts	6 years ago
MagnumOpus21	300330e24b	Agent/Proxy: Formatting and test cases fix	6 years ago
Matt Keeler	962f6a1816	Remove https://prefix from TLSConfig.Address	6 years ago
Matt Keeler	cbf8f14451	Ensure TXT RRs always end up in the Additional section except for ANY or TXT queries This also changes where the enforcement of the enable_additional_node_meta_txt configuration gets applied. formatNodeRecord returns the main RRs and the meta/TXT RRs in separate slices. Its then up to the caller to add to the appropriate sections or not.	6 years ago
MagnumOpus21	94e8ff55cf	Proxy/Tests: Added test cases to check env variables	6 years ago
MagnumOpus21	6cecf2961d	Agent/Proxy : Properly passes env variables to child	6 years ago
Pierre Souchay	ff53648df2	Merge remote-tracking branch 'origin/master' into ACL_additional_info	6 years ago
Pierre Souchay	0e4e451a56	Fixed indentation in test	6 years ago
Kyle Havlovitz	401b206a2e	Store the time CARoot is rotated out instead of when to prune	6 years ago
MagnumOpus21	1cd1b55682	Agent/Proxy : Properly passes env variables to child	6 years ago
Matt Keeler	e3783a75e7	Refactor to make this much less confusing	7 years ago
Matt Keeler	554035974e	Add a bunch of comments about preventing multi-cname Hopefully this a bit clearer as to the reasoning	7 years ago
Matt Keeler	22c2be5bf1	Fix some edge cases and add some tests.	7 years ago
Matt Keeler	9a8500412b	Only allow 1 CNAME when querying for a service. This just makes sure that if multiple services are registered with unique service addresses that we don’t blast back multiple CNAMEs for the same service DNS name and keeps us within the DNS specs.	7 years ago
Kyle Havlovitz	1492243e0a	connect/ca: add logic for pruning old stale RootCA entries	7 years ago
Matt Keeler	8a12d803fd	Merge pull request #4315 from hashicorp/bugfix/fix-server-enterprise Move starting enterprise functionality	7 years ago
Pierre Souchay	bd023f352e	Updated swith case to use same branch for async-cache and extend-cache	7 years ago
Pierre Souchay	1e7665c0d5	Updated documentation and adding more test case for async-cache	7 years ago
Pierre Souchay	abde81a3e7	Added async-cache with similar behaviour as extend-cache but asynchronously	7 years ago
Pierre Souchay	9406ca1c95	Only send one single ACL cache refresh across network when TTL is over It will allow the following: * when connectivity is limited (saturated linnks between DCs), only one single request to refresh an ACL will be sent to ACL master DC instead of statcking ACL refresh queries * when extend-cache is used for ACL, do not wait for result, but refresh the ACL asynchronously, so no delay is not impacting slave DC * When extend-cache is not used, keep the existing blocking mechanism, but only send a single refresh request. This will fix https://github.com/hashicorp/consul/issues/3524	7 years ago
Abhishek Chanda	36306c0076	Change bind_port to an int	7 years ago
Matt Keeler	22b7b688a3	Move starting enterprise functionality	7 years ago
Mitchell Hashimoto	6ef28dece0	agent/config: parse upstreams with multiple service definitions	7 years ago
Mitchell Hashimoto	e155d58b19	Merge pull request #4297 from hashicorp/b-intention-500-2 agent: 400 error on invalid UUID format, api handles errors properly	7 years ago
Matt Keeler	0f70034082	Move default uuid test into the consul package	7 years ago
Matt Keeler	d1a8f9cb3f	go fmt changes	7 years ago
Mitchell Hashimoto	1c3e9af316	agent: 400 error on invalid UUID format, api handles errors properly	7 years ago
Matt Keeler	cf69ec42a4	Make sure to generate UUIDs when services are registered without one This makes the behavior line up with the docs and expected behavior	7 years ago
mkeeler	28141971f9	Release v1.2.0	7 years ago
mkeeler	6813a99081	Merge remote-tracking branch 'connect/f-connect'	7 years ago
Kyle Havlovitz	162daca4d7	revert go changes to hide rotation config	7 years ago
Kyle Havlovitz	c20bbf8760	connect/ca: hide the RotationPeriod config field since it isn't used yet	7 years ago
Mitchell Hashimoto	a76f652fd2	agent: convert the proxy bind_port to int if it is a float	7 years ago
Matt Keeler	677d6dac80	Remove x509 name constraints These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.	7 years ago
Matt Keeler	163fe11101	Make sure we omit the Kind value in JSON if empty	7 years ago
Jack Pearkes	105c4763dc	update UI to latest	7 years ago
Kyle Havlovitz	3baa67cdef	connect/ca: pull the cluster ID from config during a rotation	7 years ago
Kyle Havlovitz	8c2c9705d9	connect/ca: use weak type decoding in the Vault config parsing	7 years ago
Kyle Havlovitz	b4ef7bb64d	connect/ca: leave blank root key/cert out of the default config (unnecessary)	7 years ago
Kyle Havlovitz	050da22473	connect/ca: undo the interface changes and use sign-self-issued in Vault	7 years ago
Kyle Havlovitz	914d9e5e20	connect/ca: add leaf verify check to cross-signing tests	7 years ago
Kyle Havlovitz	bc997688e3	connect/ca: update Consul provider to use new cross-sign CSR method	7 years ago
Kyle Havlovitz	8a70ea64a6	connect/ca: update Vault provider to add cross-signing methods	7 years ago
Kyle Havlovitz	6a2fc00997	connect/ca: add URI SAN support to the Vault provider	7 years ago
Kyle Havlovitz	226a59215d	connect/ca: fix vault provider URI SANs and test	7 years ago
Kyle Havlovitz	1a8ac686b2	connect/ca: add the Vault CA provider	7 years ago
Paul Banks	51fc48e8a6	Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift	7 years ago
Paul Banks	e33bfe249e	Note leadership issues in comments	7 years ago
Paul Banks	b5f24a21cb	Fix test broken by final telemetry PR change!	7 years ago
Paul Banks	e514570dfa	Actually return Intermediate certificates bundled with a leaf!	7 years ago
Matt Keeler	e22b9c8e15	Output the service Kind in the /v1/internal/ui/services endpoint	7 years ago
Paul Banks	17789d4fe3	register TCP check for managed proxies	7 years ago
Paul Banks	280f14d64c	Make proxy only listen after initial certs are fetched	7 years ago
Paul Banks	420ae3df69	Limit proxy telemetry config to only be visible with authenticated with a proxy token	7 years ago
Paul Banks	597e55e8e2	Misc test fixes	7 years ago
Paul Banks	c6ef6a61c9	Refactor to use embedded struct.	7 years ago
Paul Banks	9f559da913	Revert telemetry config changes ready for cleaner approach	7 years ago
Paul Banks	38405bd4a9	Allow user override of proxy telemetry config	7 years ago
Paul Banks	7649d630c6	Basic proxy telemetry working; not sure if it's too ugly; need to instrument things we care about	7 years ago
Paul Banks	d83f2e8e21	Expose telemetry config from RuntimeConfig to proxy config endpoint	7 years ago
Paul Banks	8aeb7bd206	Disable TestAgent proxy execution properly	7 years ago
Paul Banks	2e223ea2b7	Fix hot loop in cache for RPC returning zero index.	7 years ago
Paul Banks	43b48bc06b	Get agent cache tests passing without global hit count (which is racy). Few other fixes in here just to get a clean run locally - they are all also fixed in other PRs but shouldn't conflict. This should be robust to timing between goroutines now.	7 years ago
Mitchell Hashimoto	155bb67c52	Update UI for beta3	7 years ago
Mitchell Hashimoto	6b1e0a3003	agent/cache: always schedule the refresh	7 years ago
Mitchell Hashimoto	7cbbac43a3	agent: clarify comment	7 years ago
Mitchell Hashimoto	a08faf5a11	agent: add additional assertion to test	7 years ago
Paul Banks	2c21ead80e	More test tweaks	7 years ago
Paul Banks	05a8097c5d	Fix misc test failures (some from other PRs)	7 years ago
Paul Banks	382ce8f98a	Only set precedence on write path	7 years ago
Paul Banks	4a54f8f7e3	Fix some tests failures caused by the sorting change and some cuased by previous UpdatePrecedence() change	7 years ago
Paul Banks	bf7a62e0e0	Sort intention list by precedence	7 years ago
Mitchell Hashimoto	181fbcc9b9	agent: intention update/delete responess match ACL/KV behavior	7 years ago
Mitchell Hashimoto	3c17144fb5	agent/structs: JSON marshal the configuration for a managed proxy	7 years ago
Mitchell Hashimoto	e9e6514c9b	agent: disallow deregistering a managed proxy directly	7 years ago
Mitchell Hashimoto	66a573e496	agent: deregister service deregisters the proxy along with it	7 years ago
Mitchell Hashimoto	a82726f0b8	agent: RemoveProxy also removes the proxy service	7 years ago
Mitchell Hashimoto	e2653bec02	Fix broken tests from PR merge related to proxy secure defaults	7 years ago
Mitchell Hashimoto	cf9b377c78	agent/cache: always fetch with minimum index of 1 at least	7 years ago
Mitchell Hashimoto	6a438c25d0	agent/proxy: remove debug println	7 years ago
Mitchell Hashimoto	0d6dcbd2f1	agent: disallow API registration with managed proxy if not enabled	7 years ago
Mitchell Hashimoto	f7fc026e18	agent/config: AllowManagedAPIRegistration	7 years ago
Mitchell Hashimoto	ed98d65c2b	agent/proxy: AllowRoot to disable executing managed proxies when root	7 years ago
Mitchell Hashimoto	5ae32837f7	agent/proxy: set the proper arguments so we only run the helper process	7 years ago
Mitchell Hashimoto	4897ca6545	agent/config: add AllowManagedRoot	7 years ago
Kyle Havlovitz	82a4b3c13f	connect: fix two CA tests that were broken in a previous PR (#60 )	7 years ago
Paul Banks	41a29a469e	Fix roots race with CA setup hammering bug and defensive nil check hit during obscure upgrade scenario	7 years ago
Kyle Havlovitz	aafa3ca64a	agent: format all CA config fields	7 years ago
Kyle Havlovitz	edbeeeb23c	agent: update accepted CA config fields and defaults	7 years ago
Mitchell Hashimoto	316bdbe010	agent/proxy: fix build on Windows	7 years ago
Paul Banks	0824d1df5f	Misc comment cleanups	7 years ago
Paul Banks	e57aa52ca6	Warn about killing proxies in dev mode	7 years ago
Mitchell Hashimoto	028aa78e83	agent/consul: set precedence value on struct itself	7 years ago
Mitchell Hashimoto	927b45bf91	agent/config: move ports to `ports` structure, update docs	7 years ago
Paul Banks	d1c67d90bc	Fixs a few issues that stopped this working in real life but not caught by tests: - Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed. - Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart - Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later - Naming things	7 years ago
Paul Banks	85d6502ab3	Don't kill proxies on agent shutdown; backport manager close fix	7 years ago
Paul Banks	b2ff583392	Test for adopted process Stop race and fix	7 years ago
Mitchell Hashimoto	62d4aaa33e	agent: accept connect param for execute	7 years ago
Mitchell Hashimoto	daf46c9cfa	agent/consul: support a Connect option on prepared query request	7 years ago
Mitchell Hashimoto	440b1b2d97	agent/consul: prepared query supports "Connect" field	7 years ago
Mitchell Hashimoto	8bcadddda7	agent: intention create returns 500 for bad body	7 years ago
Mitchell Hashimoto	1830c6b308	agent: switch ConnectNative to an embedded struct	7 years ago
Paul Banks	df2cb30b01	Make tests pass and clean proxy persistence. No detached child changes yet. This is a good state for persistence stuff to re-start the detached child work that got mixed up last time.	7 years ago
Paul Banks	cdc7cfaa36	Abandon daemonize for simpler solution (preserving history): Reverts: - bdb274852ae469c89092d6050697c0ff97178465 - 2c689179c4f61c11f0016214c0fc127a0b813bfe - d62e25c4a7ab753914b6baccd66f88ffd10949a3 - c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191 - 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb - 85c3f8df3eabc00f490cd392213c3b928a85aa44	7 years ago
Paul Banks	a2fe604191	WIP	7 years ago
Paul Banks	8cf4b3a6eb	Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy	7 years ago
Mitchell Hashimoto	827b671d4a	agent/proxy: Manager.Close also has to stop all proxy watchers	7 years ago
Paul Banks	ef9c40643e	Fix import tooling fail	7 years ago
Paul Banks	ba0fb58a72	Make daemoinze an option on test binary without hacks. Misc fixes for racey or broken tests. Still failing on several though.	7 years ago
Paul Banks	2b377dc624	Run daemon processes as a detached child. This turns out to have a lot more subtelty than we accounted for. The test suite is especially prone to races now we can only poll the child and many extra levels of indirectoin are needed to correctly run daemon process without it becoming a Zombie. I ran this test suite in a loop with parallel enabled to verify for races (-race doesn't find any as they are logical inter-process ones not actual data races). I made it through ~50 runs before hitting an error due to timing which is much better than before. I want to go back and see if we can do better though. Just getting this up.	7 years ago
Paul Banks	e21723a891	Persist proxy state through agent restart	7 years ago
Mitchell Hashimoto	eb3fcb39b3	agent/consul/state: support querying by Connect native	7 years ago
Mitchell Hashimoto	6b745964c4	agent/cache: update comment from PR review to clarify	7 years ago
Mitchell Hashimoto	424272361d	agent: agent service registration supports Connect native services	7 years ago
Mitchell Hashimoto	d6a823ad0d	agent/consul: support catalog registration with Connect native	7 years ago
Mitchell Hashimoto	d609ad216b	agent/cache: update comments	7 years ago
Mitchell Hashimoto	839d3c323d	agent/cache: correct test name	7 years ago
Mitchell Hashimoto	45e49f31de	agent/cache: change behavior to return error rather than retry The cache behavior should not be to mask errors and retry. Instead, it should aim to return errors as quickly as possible. We do that here.	7 years ago
Mitchell Hashimoto	311d503fb0	agent/cache: perform backoffs on error retries on blocking queries	7 years ago
Matt Keeler	3afa4f9c7e	Merge pull request #4234 from hashicorp/feature/default-new-ui Switch over to defaulting to the new UI	7 years ago
Matt Keeler	af910bda39	Merge pull request #4216 from hashicorp/rpc-limiting Make RPC limits reloadable	7 years ago
Matt Keeler	0d4e8676d1	Merge pull request #4215 from hashicorp/feature/config-node-meta-dns-txt Add configuration entry to control including TXT records for node meta in DNS responses	7 years ago
Matt Keeler	7f7c703118	Update the runtime tests	7 years ago
Matt Keeler	8216816e3f	Make filtering out TXT RRs only apply when they would end up in Additional section ANY queries are no longer affected.	7 years ago

1 2 3 4 5 ...

1232 Commits (0f27ffd163155293e881c290ed35693a7223495f)