consul

Commit Graph

Author	SHA1	Message	Date
Matt Keeler	0f70034082	Move default uuid test into the consul package	7 years ago
Matt Keeler	d1a8f9cb3f	go fmt changes	7 years ago
Mitchell Hashimoto	1c3e9af316	agent: 400 error on invalid UUID format, api handles errors properly	7 years ago
Matt Keeler	cf69ec42a4	Make sure to generate UUIDs when services are registered without one This makes the behavior line up with the docs and expected behavior	7 years ago
mkeeler	28141971f9	Release v1.2.0	7 years ago
mkeeler	6813a99081	Merge remote-tracking branch 'connect/f-connect'	7 years ago
Kyle Havlovitz	162daca4d7	revert go changes to hide rotation config	7 years ago
Kyle Havlovitz	c20bbf8760	connect/ca: hide the RotationPeriod config field since it isn't used yet	7 years ago
Mitchell Hashimoto	a76f652fd2	agent: convert the proxy bind_port to int if it is a float	7 years ago
Matt Keeler	677d6dac80	Remove x509 name constraints These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.	7 years ago
Matt Keeler	163fe11101	Make sure we omit the Kind value in JSON if empty	7 years ago
Jack Pearkes	105c4763dc	update UI to latest	7 years ago
Kyle Havlovitz	3baa67cdef	connect/ca: pull the cluster ID from config during a rotation	7 years ago
Kyle Havlovitz	8c2c9705d9	connect/ca: use weak type decoding in the Vault config parsing	7 years ago
Kyle Havlovitz	b4ef7bb64d	connect/ca: leave blank root key/cert out of the default config (unnecessary)	7 years ago
Kyle Havlovitz	050da22473	connect/ca: undo the interface changes and use sign-self-issued in Vault	7 years ago
Kyle Havlovitz	914d9e5e20	connect/ca: add leaf verify check to cross-signing tests	7 years ago
Kyle Havlovitz	bc997688e3	connect/ca: update Consul provider to use new cross-sign CSR method	7 years ago
Kyle Havlovitz	8a70ea64a6	connect/ca: update Vault provider to add cross-signing methods	7 years ago
Kyle Havlovitz	6a2fc00997	connect/ca: add URI SAN support to the Vault provider	7 years ago
Kyle Havlovitz	226a59215d	connect/ca: fix vault provider URI SANs and test	7 years ago
Kyle Havlovitz	1a8ac686b2	connect/ca: add the Vault CA provider	7 years ago
Paul Banks	51fc48e8a6	Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift	7 years ago
Paul Banks	e33bfe249e	Note leadership issues in comments	7 years ago
Paul Banks	b5f24a21cb	Fix test broken by final telemetry PR change!	7 years ago
Paul Banks	e514570dfa	Actually return Intermediate certificates bundled with a leaf!	7 years ago
Matt Keeler	e22b9c8e15	Output the service Kind in the /v1/internal/ui/services endpoint	7 years ago
Paul Banks	17789d4fe3	register TCP check for managed proxies	7 years ago
Paul Banks	280f14d64c	Make proxy only listen after initial certs are fetched	7 years ago
Paul Banks	420ae3df69	Limit proxy telemetry config to only be visible with authenticated with a proxy token	7 years ago
Paul Banks	597e55e8e2	Misc test fixes	7 years ago
Paul Banks	c6ef6a61c9	Refactor to use embedded struct.	7 years ago
Paul Banks	9f559da913	Revert telemetry config changes ready for cleaner approach	7 years ago
Paul Banks	38405bd4a9	Allow user override of proxy telemetry config	7 years ago
Paul Banks	7649d630c6	Basic proxy telemetry working; not sure if it's too ugly; need to instrument things we care about	7 years ago
Paul Banks	d83f2e8e21	Expose telemetry config from RuntimeConfig to proxy config endpoint	7 years ago
Paul Banks	8aeb7bd206	Disable TestAgent proxy execution properly	7 years ago
Paul Banks	2e223ea2b7	Fix hot loop in cache for RPC returning zero index.	7 years ago
Paul Banks	43b48bc06b	Get agent cache tests passing without global hit count (which is racy). Few other fixes in here just to get a clean run locally - they are all also fixed in other PRs but shouldn't conflict. This should be robust to timing between goroutines now.	7 years ago
Mitchell Hashimoto	155bb67c52	Update UI for beta3	7 years ago
Mitchell Hashimoto	6b1e0a3003	agent/cache: always schedule the refresh	7 years ago
Mitchell Hashimoto	7cbbac43a3	agent: clarify comment	7 years ago
Mitchell Hashimoto	a08faf5a11	agent: add additional assertion to test	7 years ago
Paul Banks	2c21ead80e	More test tweaks	7 years ago
Paul Banks	05a8097c5d	Fix misc test failures (some from other PRs)	7 years ago
Paul Banks	382ce8f98a	Only set precedence on write path	7 years ago
Paul Banks	4a54f8f7e3	Fix some tests failures caused by the sorting change and some cuased by previous UpdatePrecedence() change	7 years ago
Paul Banks	bf7a62e0e0	Sort intention list by precedence	7 years ago
Mitchell Hashimoto	181fbcc9b9	agent: intention update/delete responess match ACL/KV behavior	7 years ago
Mitchell Hashimoto	3c17144fb5	agent/structs: JSON marshal the configuration for a managed proxy	7 years ago
Mitchell Hashimoto	e9e6514c9b	agent: disallow deregistering a managed proxy directly	7 years ago
Mitchell Hashimoto	66a573e496	agent: deregister service deregisters the proxy along with it	7 years ago
Mitchell Hashimoto	a82726f0b8	agent: RemoveProxy also removes the proxy service	7 years ago
Mitchell Hashimoto	e2653bec02	Fix broken tests from PR merge related to proxy secure defaults	7 years ago
Mitchell Hashimoto	cf9b377c78	agent/cache: always fetch with minimum index of 1 at least	7 years ago
Mitchell Hashimoto	6a438c25d0	agent/proxy: remove debug println	7 years ago
Mitchell Hashimoto	0d6dcbd2f1	agent: disallow API registration with managed proxy if not enabled	7 years ago
Mitchell Hashimoto	f7fc026e18	agent/config: AllowManagedAPIRegistration	7 years ago
Mitchell Hashimoto	ed98d65c2b	agent/proxy: AllowRoot to disable executing managed proxies when root	7 years ago
Mitchell Hashimoto	5ae32837f7	agent/proxy: set the proper arguments so we only run the helper process	7 years ago
Mitchell Hashimoto	4897ca6545	agent/config: add AllowManagedRoot	7 years ago
Kyle Havlovitz	82a4b3c13f	connect: fix two CA tests that were broken in a previous PR (#60 )	7 years ago
Paul Banks	41a29a469e	Fix roots race with CA setup hammering bug and defensive nil check hit during obscure upgrade scenario	7 years ago
Kyle Havlovitz	aafa3ca64a	agent: format all CA config fields	7 years ago
Kyle Havlovitz	edbeeeb23c	agent: update accepted CA config fields and defaults	7 years ago
Mitchell Hashimoto	316bdbe010	agent/proxy: fix build on Windows	7 years ago
Paul Banks	0824d1df5f	Misc comment cleanups	7 years ago
Paul Banks	e57aa52ca6	Warn about killing proxies in dev mode	7 years ago
Mitchell Hashimoto	028aa78e83	agent/consul: set precedence value on struct itself	7 years ago
Mitchell Hashimoto	927b45bf91	agent/config: move ports to `ports` structure, update docs	7 years ago
Paul Banks	d1c67d90bc	Fixs a few issues that stopped this working in real life but not caught by tests: - Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed. - Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart - Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later - Naming things	7 years ago
Paul Banks	85d6502ab3	Don't kill proxies on agent shutdown; backport manager close fix	7 years ago
Paul Banks	b2ff583392	Test for adopted process Stop race and fix	7 years ago
Mitchell Hashimoto	62d4aaa33e	agent: accept connect param for execute	7 years ago
Mitchell Hashimoto	daf46c9cfa	agent/consul: support a Connect option on prepared query request	7 years ago
Mitchell Hashimoto	440b1b2d97	agent/consul: prepared query supports "Connect" field	7 years ago
Mitchell Hashimoto	8bcadddda7	agent: intention create returns 500 for bad body	7 years ago
Mitchell Hashimoto	1830c6b308	agent: switch ConnectNative to an embedded struct	7 years ago
Paul Banks	df2cb30b01	Make tests pass and clean proxy persistence. No detached child changes yet. This is a good state for persistence stuff to re-start the detached child work that got mixed up last time.	7 years ago
Paul Banks	cdc7cfaa36	Abandon daemonize for simpler solution (preserving history): Reverts: - bdb274852ae469c89092d6050697c0ff97178465 - 2c689179c4f61c11f0016214c0fc127a0b813bfe - d62e25c4a7ab753914b6baccd66f88ffd10949a3 - c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191 - 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb - 85c3f8df3eabc00f490cd392213c3b928a85aa44	7 years ago
Paul Banks	a2fe604191	WIP	7 years ago
Paul Banks	8cf4b3a6eb	Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy	7 years ago
Mitchell Hashimoto	827b671d4a	agent/proxy: Manager.Close also has to stop all proxy watchers	7 years ago
Paul Banks	ef9c40643e	Fix import tooling fail	7 years ago
Paul Banks	ba0fb58a72	Make daemoinze an option on test binary without hacks. Misc fixes for racey or broken tests. Still failing on several though.	7 years ago
Paul Banks	2b377dc624	Run daemon processes as a detached child. This turns out to have a lot more subtelty than we accounted for. The test suite is especially prone to races now we can only poll the child and many extra levels of indirectoin are needed to correctly run daemon process without it becoming a Zombie. I ran this test suite in a loop with parallel enabled to verify for races (-race doesn't find any as they are logical inter-process ones not actual data races). I made it through ~50 runs before hitting an error due to timing which is much better than before. I want to go back and see if we can do better though. Just getting this up.	7 years ago
Paul Banks	e21723a891	Persist proxy state through agent restart	7 years ago
Mitchell Hashimoto	eb3fcb39b3	agent/consul/state: support querying by Connect native	7 years ago
Mitchell Hashimoto	6b745964c4	agent/cache: update comment from PR review to clarify	7 years ago
Mitchell Hashimoto	424272361d	agent: agent service registration supports Connect native services	7 years ago
Mitchell Hashimoto	d6a823ad0d	agent/consul: support catalog registration with Connect native	7 years ago
Mitchell Hashimoto	d609ad216b	agent/cache: update comments	7 years ago
Mitchell Hashimoto	839d3c323d	agent/cache: correct test name	7 years ago
Mitchell Hashimoto	45e49f31de	agent/cache: change behavior to return error rather than retry The cache behavior should not be to mask errors and retry. Instead, it should aim to return errors as quickly as possible. We do that here.	7 years ago
Mitchell Hashimoto	311d503fb0	agent/cache: perform backoffs on error retries on blocking queries	7 years ago
Matt Keeler	3afa4f9c7e	Merge pull request #4234 from hashicorp/feature/default-new-ui Switch over to defaulting to the new UI	7 years ago
Matt Keeler	af910bda39	Merge pull request #4216 from hashicorp/rpc-limiting Make RPC limits reloadable	7 years ago
Matt Keeler	0d4e8676d1	Merge pull request #4215 from hashicorp/feature/config-node-meta-dns-txt Add configuration entry to control including TXT records for node meta in DNS responses	7 years ago
Matt Keeler	7f7c703118	Update the runtime tests	7 years ago
Matt Keeler	8216816e3f	Make filtering out TXT RRs only apply when they would end up in Additional section ANY queries are no longer affected.	7 years ago
Matt Keeler	197e2f69d5	Switch over to defaulting to the new UI	7 years ago
Kyle Havlovitz	ab4a9a94f4	Re-use uint8ToString	7 years ago
Kyle Havlovitz	5683d628c4	Support giving the duration as a string in CA config	7 years ago
Mitchell Hashimoto	eb2a6952ba	address comment feedback	7 years ago
Mitchell Hashimoto	cd39f09693	agent: leaf endpoint accepts name, not service ID This change is important so that requests can made representing a service that may not be registered with the same local agent.	7 years ago
Mitchell Hashimoto	1906fe1c0d	agent: address feedback	7 years ago
Mitchell Hashimoto	0accfc1628	agent: rename test to check	7 years ago
Mitchell Hashimoto	d1c21a8629	agent: implement HTTP endpoint	7 years ago
Mitchell Hashimoto	2a29679e9d	agent/consul: forward request if necessary	7 years ago
Mitchell Hashimoto	54ac5adb08	agent: comments to point to differing logic	7 years ago
Mitchell Hashimoto	d68462fca6	agent/consul: implement Intention.Test endpoint	7 years ago
Paul Banks	a80559e439	Make invalid clusterID be fatal	7 years ago
Paul Banks	140f3f5a44	Fix logical conflicts with CA refactor	7 years ago
Paul Banks	c58d47ba59	Fix broken api test for service Meta (logical conflict rom OSS). Add test that would make this much easier to catch in future.	7 years ago
Paul Banks	f4b8e8c96d	Add default CA config back - I didn't add it and causes nil panics	7 years ago
Paul Banks	1228a5839a	Ooops remove the CA stuff from actual server defaults and make it test server only	7 years ago
Paul Banks	4aeab3897c	Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes.	7 years ago
Paul Banks	bc07ff4983	Comment cleanup	7 years ago
Paul Banks	1722734313	Verify trust domain on /authorize calls	7 years ago
Paul Banks	b4803eca59	Generate CSR using real trust-domain	7 years ago
Paul Banks	622a475eb1	Add CSR signing verification of service ACL, trust domain and datacenter.	7 years ago
Paul Banks	c1f2025d96	Return TrustDomain from CARoots RPC	7 years ago
Kyle Havlovitz	e00088e8ee	Rename some of the CA structs/files	7 years ago
Kyle Havlovitz	6e9f1f8acb	Add more metadata to structs.CARoot	7 years ago
Kyle Havlovitz	627aa80d5a	Use provider state table for a global serial index	7 years ago
Kyle Havlovitz	988510f53c	Add test for ca config http endpoint	7 years ago
Kyle Havlovitz	de72834b8c	Move connect CA provider to separate package	7 years ago
Mitchell Hashimoto	4f3b5647e5	agent/cache: change uint8 to uint	7 years ago
Mitchell Hashimoto	fc5508f8a3	agent/cache: string through attempt rather than storing on the entry	7 years ago
Mitchell Hashimoto	cfcd733609	agent/cache: implement refresh backoff	7 years ago
Mitchell Hashimoto	bc605a1576	agent/consul: change provider wait from goto to a loop	7 years ago
Mitchell Hashimoto	c8b65217c3	agent/consul: check nil on getCAProvider result	7 years ago
Mitchell Hashimoto	9b3495dddb	agent/consul: retry reading provider a few times	7 years ago
Mitchell Hashimoto	e54e69d11f	agent: verify local proxy tokens for CA leaf + tests	7 years ago
Mitchell Hashimoto	a099c27b07	agent: verify proxy token for ProxyConfig endpoint + tests	7 years ago
Mitchell Hashimoto	6e386ba6be	agent/proxy: pass proxy ID as an env var	7 years ago
Mitchell Hashimoto	37dde6d64a	agent/config: add managed proxy upstreams config to skip agent/config will turn [{}] into {} (single element maps into a single map) to work around HCL issues. These are resolved in HCL2 which I'm sure Consul will switch to eventually. This breaks the connect proxy configuration in service definition FILES since we call this patch function. For now, let's just special-case skip this. In the future we maybe Consul will adopt HCL2 and fix it, or we can do something else if we want. This works and is tested.	7 years ago
Mitchell Hashimoto	965a902474	agent/structs: validate service definitions, port required for proxy	7 years ago
Mitchell Hashimoto	9a62bce03b	agent/config: default connect enabled in dev mode This enables `consul agent -dev` to begin using Connect features with the built-in CA. I think this is expected behavior since you can imagine that new users would want to try. There is no real downside since we're just using the built-in CA.	7 years ago
Paul Banks	d13be6b952	Make CSR work with jank domain	7 years ago
Mitchell Hashimoto	de3f49a880	agent/proxy: delete pid file on Stop	7 years ago
Mitchell Hashimoto	aaca1fbcf5	agent: increase timer for blocking cache endpoints	7 years ago
Mitchell Hashimoto	b4ba31c61b	agent/proxy: address PR feedback	7 years ago
Mitchell Hashimoto	f5e7993249	agent: clarify why we Kill still	7 years ago
Mitchell Hashimoto	2809203408	agent: restore proxy snapshot but still Kill proxies	7 years ago
Mitchell Hashimoto	718aabe35f	agent/proxy: check if process is alive in addition to Wait	7 years ago
Mitchell Hashimoto	f5ccc65295	agent: only set the proxy manager data dir if its set	7 years ago
Mitchell Hashimoto	1a32435a4d	agent/proxy: improve comments on snapshotting	7 years ago
Mitchell Hashimoto	e0bbe66427	agent/proxy: implement periodic snapshotting in the manager	7 years ago
Mitchell Hashimoto	13ff115436	agent/proxy: check if process is alive	7 years ago
Mitchell Hashimoto	0e8c0b7b48	agent/proxy: implement snapshotting for daemons	7 years ago
Mitchell Hashimoto	b7580f4fad	agent/proxy: manager configures the daemon pid path to write pids	7 years ago
Mitchell Hashimoto	1e7f253b53	agent/proxy: write pid file whenever the daemon process changes	7 years ago
Mitchell Hashimoto	09dcb0be98	agent/proxy: change LogDir to DataDir to reuse for other things	7 years ago
Mitchell Hashimoto	5e6bd8291c	agent/proxy: make the logs test a bit more robust by waiting for file	7 years ago
Mitchell Hashimoto	d00ff7cb58	agent/proxy: don't create the directory in newProxy	7 years ago
Mitchell Hashimoto	6cdacd1fd9	agent/proxy: send logs to the correct location for daemon proxies	7 years ago
Mitchell Hashimoto	ba00fa3548	agent: add additional tests for defaulting in AddProxy	7 years ago
Mitchell Hashimoto	171bf8d599	agent: clean up defaulting of proxy configuration This cleans up and unifies how proxy settings defaults are applied.	7 years ago
Mitchell Hashimoto	3d3eee2f6e	agent: resolve some conflicts and fix tests	7 years ago
Mitchell Hashimoto	d9bd4ffebd	agent/local: clarify the non-risk of a full buffer	7 years ago
Mitchell Hashimoto	437689e83c	agent/local: remove outdated comment	7 years ago
Mitchell Hashimoto	6ae95d754c	agent: use os.Executable	7 years ago
Mitchell Hashimoto	39974df52a	agent/proxy: local state event coalescing	7 years ago
Mitchell Hashimoto	b0f377b519	agent/proxy: implement force kill of unresponsive proxy process	7 years ago
Mitchell Hashimoto	6539280f2a	agent: fix crash that could happen if proxy was nil on load	7 years ago
Mitchell Hashimoto	420edc4c1e	agent/proxy: pull exit status extraction to constrained file	7 years ago
Mitchell Hashimoto	1a2b28602c	agent: start proxy manager	7 years ago
Mitchell Hashimoto	7879e1d2ef	agent/proxy: detect config change to stop/start proxies	7 years ago
Mitchell Hashimoto	2d60684a8b	agent/proxy: test removing proxies and stopping them	7 years ago
Mitchell Hashimoto	fcd2ab2338	agent/proxy: manager and basic tests, not great coverage yet coming soon	7 years ago
Mitchell Hashimoto	2bd39a84a6	agent/local: add Notify mechanism for proxy changes	7 years ago
Mitchell Hashimoto	476ea7b04a	agent: start/stop proxies	7 years ago
Mitchell Hashimoto	fbfc6fce66	agent/proxy: clean up usage, can't be restarted	7 years ago
Mitchell Hashimoto	aaa2431350	agent: change connect command paths to be slices, not strings This matches other executable configuration and allows us to cleanly separate executable from arguments without trying to emulate shell parsing.	7 years ago
Mitchell Hashimoto	7355a614fe	agent/local: store proxy on local state, wip, not working yet	7 years ago
Mitchell Hashimoto	ffd284de36	agent/proxy: exponential backoff on restarts	7 years ago
Mitchell Hashimoto	aa08a4cb46	agent/proxy: Daemon works, tests cover it too	7 years ago
Mitchell Hashimoto	e14fa850d8	wip	7 years ago
Paul Banks	e0e12e165b	TLS watching integrated into Service with some basic tests. There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.	7 years ago
Paul Banks	90c574ebaa	Wire up agent leaf endpoint to cache framework to support blocking.	7 years ago
Kyle Havlovitz	a4d18f0eaa	Fill out connect CA rpc endpoint tests	7 years ago
Kyle Havlovitz	b081c34255	Fix config tests	7 years ago
Kyle Havlovitz	cce7f1cca1	Add tests for the built in CA's state store table	7 years ago
Kyle Havlovitz	15fbc2fd97	Add more tests for built-in provider	7 years ago
Kyle Havlovitz	edcfdb37af	Fix some inconsistencies around the CA provider code	7 years ago
Paul Banks	1b197d934a	Don't allow connect watches in agent/cli yet	7 years ago
Paul Banks	e8c510332c	Support legacy watch.HandlerFunc type for backward compat reduces impact of change	7 years ago
Paul Banks	cd88b2a351	Basic `watch` support for connect proxy config and certificate endpoints. - Includes some bug fixes for previous `api` work and `agent` that weren't tested - Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches. - Integration into `connect` is partially done here but still WIP	7 years ago
Kyle Havlovitz	daa8dd1779	Add CA config to connect section of agent config	7 years ago
Kyle Havlovitz	32d1eae28b	Move ConsulCAProviderConfig into structs package	7 years ago
Kyle Havlovitz	315b8bf594	Simplify the CAProvider.Sign method	7 years ago
Kyle Havlovitz	c6e1b72ccb	Simplify the CA provider interface by moving some logic out	7 years ago
Kyle Havlovitz	a325388939	Clarify some comments and names around CA bootstrapping	7 years ago
Mitchell Hashimoto	8c1d5a2cdc	agent: resolve flaky test by checking cache hits increase, rather than exact	7 years ago
Mitchell Hashimoto	051f004683	agent: use helper/retry instead of timing related tests	7 years ago
Mitchell Hashimoto	bd3b8e042a	agent/cache: address PR feedback, lots of typos	7 years ago
Mitchell Hashimoto	02b20a0353	agent/cache: address feedback, clarify comments	7 years ago
Mitchell Hashimoto	af1d70b026	agent/cache: don't every block on NotifyCh	7 years ago
Mitchell Hashimoto	724b829104	agent/cache: unit tests for ExpiryHeap, found a bug!	7 years ago

... 2 3 4 5 6 ...

1232 Commits (0f27ffd163155293e881c290ed35693a7223495f)