Matt Keeler
e3783a75e7
Refactor to make this much less confusing
2018-07-03 11:04:19 -04:00
Matt Keeler
554035974e
Add a bunch of comments about preventing multi-cname
...
Hopefully this a bit clearer as to the reasoning
2018-07-03 10:32:52 -04:00
Matt Keeler
22c2be5bf1
Fix some edge cases and add some tests.
2018-07-02 16:58:52 -04:00
Matt Keeler
9a8500412b
Only allow 1 CNAME when querying for a service.
...
This just makes sure that if multiple services are registered with unique service addresses that we don’t blast back multiple CNAMEs for the same service DNS name and keeps us within the DNS specs.
2018-07-02 16:12:06 -04:00
Kyle Havlovitz
1492243e0a
connect/ca: add logic for pruning old stale RootCA entries
2018-07-02 10:35:05 -07:00
Matt Keeler
8a12d803fd
Merge pull request #4315 from hashicorp/bugfix/fix-server-enterprise
...
Move starting enterprise functionality
2018-07-02 12:28:10 -04:00
Pierre Souchay
bd023f352e
Updated swith case to use same branch for async-cache and extend-cache
2018-07-02 17:39:34 +02:00
Pierre Souchay
1e7665c0d5
Updated documentation and adding more test case for async-cache
2018-07-01 23:50:30 +02:00
Pierre Souchay
abde81a3e7
Added async-cache with similar behaviour as extend-cache but asynchronously
2018-07-01 23:50:30 +02:00
Pierre Souchay
9406ca1c95
Only send one single ACL cache refresh across network when TTL is over
...
It will allow the following:
* when connectivity is limited (saturated linnks between DCs), only one
single request to refresh an ACL will be sent to ACL master DC instead
of statcking ACL refresh queries
* when extend-cache is used for ACL, do not wait for result, but refresh
the ACL asynchronously, so no delay is not impacting slave DC
* When extend-cache is not used, keep the existing blocking mechanism,
but only send a single refresh request.
This will fix https://github.com/hashicorp/consul/issues/3524
2018-07-01 23:50:30 +02:00
Abhishek Chanda
36306c0076
Change bind_port to an int
2018-06-30 14:18:13 +01:00
Matt Keeler
22b7b688a3
Move starting enterprise functionality
2018-06-29 17:38:29 -04:00
Mitchell Hashimoto
6ef28dece0
agent/config: parse upstreams with multiple service definitions
2018-06-28 15:13:33 -05:00
Mitchell Hashimoto
e155d58b19
Merge pull request #4297 from hashicorp/b-intention-500-2
...
agent: 400 error on invalid UUID format, api handles errors properly
2018-06-28 05:27:19 +02:00
Matt Keeler
0f70034082
Move default uuid test into the consul package
2018-06-27 09:21:58 -04:00
Matt Keeler
d1a8f9cb3f
go fmt changes
2018-06-27 09:07:22 -04:00
Mitchell Hashimoto
1c3e9af316
agent: 400 error on invalid UUID format, api handles errors properly
2018-06-27 07:40:06 +02:00
Matt Keeler
cf69ec42a4
Make sure to generate UUIDs when services are registered without one
...
This makes the behavior line up with the docs and expected behavior
2018-06-26 17:04:08 -04:00
mkeeler
28141971f9
Release v1.2.0
2018-06-25 19:45:20 +00:00
mkeeler
6813a99081
Merge remote-tracking branch 'connect/f-connect'
2018-06-25 19:42:51 +00:00
Kyle Havlovitz
162daca4d7
revert go changes to hide rotation config
2018-06-25 12:26:18 -07:00
Kyle Havlovitz
c20bbf8760
connect/ca: hide the RotationPeriod config field since it isn't used yet
2018-06-25 12:26:18 -07:00
Mitchell Hashimoto
a76f652fd2
agent: convert the proxy bind_port to int if it is a float
2018-06-25 12:26:18 -07:00
Matt Keeler
677d6dac80
Remove x509 name constraints
...
These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.
2018-06-25 12:26:10 -07:00
Matt Keeler
163fe11101
Make sure we omit the Kind value in JSON if empty
2018-06-25 12:26:10 -07:00
Jack Pearkes
105c4763dc
update UI to latest
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
3baa67cdef
connect/ca: pull the cluster ID from config during a rotation
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
8c2c9705d9
connect/ca: use weak type decoding in the Vault config parsing
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
b4ef7bb64d
connect/ca: leave blank root key/cert out of the default config (unnecessary)
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
050da22473
connect/ca: undo the interface changes and use sign-self-issued in Vault
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
914d9e5e20
connect/ca: add leaf verify check to cross-signing tests
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
bc997688e3
connect/ca: update Consul provider to use new cross-sign CSR method
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
8a70ea64a6
connect/ca: update Vault provider to add cross-signing methods
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
6a2fc00997
connect/ca: add URI SAN support to the Vault provider
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
226a59215d
connect/ca: fix vault provider URI SANs and test
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
1a8ac686b2
connect/ca: add the Vault CA provider
2018-06-25 12:25:41 -07:00
Paul Banks
51fc48e8a6
Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift
2018-06-25 12:25:41 -07:00
Paul Banks
e33bfe249e
Note leadership issues in comments
2018-06-25 12:25:41 -07:00
Paul Banks
b5f24a21cb
Fix test broken by final telemetry PR change!
2018-06-25 12:25:40 -07:00
Paul Banks
e514570dfa
Actually return Intermediate certificates bundled with a leaf!
2018-06-25 12:25:40 -07:00
Matt Keeler
e22b9c8e15
Output the service Kind in the /v1/internal/ui/services endpoint
2018-06-25 12:25:40 -07:00
Paul Banks
17789d4fe3
register TCP check for managed proxies
2018-06-25 12:25:40 -07:00
Paul Banks
280f14d64c
Make proxy only listen after initial certs are fetched
2018-06-25 12:25:40 -07:00
Paul Banks
420ae3df69
Limit proxy telemetry config to only be visible with authenticated with a proxy token
2018-06-25 12:25:39 -07:00
Paul Banks
597e55e8e2
Misc test fixes
2018-06-25 12:25:39 -07:00
Paul Banks
c6ef6a61c9
Refactor to use embedded struct.
2018-06-25 12:25:39 -07:00
Paul Banks
9f559da913
Revert telemetry config changes ready for cleaner approach
2018-06-25 12:25:39 -07:00
Paul Banks
38405bd4a9
Allow user override of proxy telemetry config
2018-06-25 12:25:38 -07:00
Paul Banks
7649d630c6
Basic proxy telemetry working; not sure if it's too ugly; need to instrument things we care about
2018-06-25 12:25:38 -07:00
Paul Banks
d83f2e8e21
Expose telemetry config from RuntimeConfig to proxy config endpoint
2018-06-25 12:25:38 -07:00
Paul Banks
8aeb7bd206
Disable TestAgent proxy execution properly
2018-06-25 12:25:38 -07:00
Paul Banks
2e223ea2b7
Fix hot loop in cache for RPC returning zero index.
2018-06-25 12:25:37 -07:00
Paul Banks
43b48bc06b
Get agent cache tests passing without global hit count (which is racy).
...
Few other fixes in here just to get a clean run locally - they are all also fixed in other PRs but shouldn't conflict.
This should be robust to timing between goroutines now.
2018-06-25 12:25:37 -07:00
Mitchell Hashimoto
155bb67c52
Update UI for beta3
2018-06-25 12:25:16 -07:00
Mitchell Hashimoto
6b1e0a3003
agent/cache: always schedule the refresh
2018-06-25 12:25:14 -07:00
Mitchell Hashimoto
7cbbac43a3
agent: clarify comment
2018-06-25 12:25:14 -07:00
Mitchell Hashimoto
a08faf5a11
agent: add additional assertion to test
2018-06-25 12:25:13 -07:00
Paul Banks
2c21ead80e
More test tweaks
2018-06-25 12:25:13 -07:00
Paul Banks
05a8097c5d
Fix misc test failures (some from other PRs)
2018-06-25 12:25:13 -07:00
Paul Banks
382ce8f98a
Only set precedence on write path
2018-06-25 12:25:13 -07:00
Paul Banks
4a54f8f7e3
Fix some tests failures caused by the sorting change and some cuased by previous UpdatePrecedence() change
2018-06-25 12:25:13 -07:00
Paul Banks
bf7a62e0e0
Sort intention list by precedence
2018-06-25 12:25:13 -07:00
Mitchell Hashimoto
181fbcc9b9
agent: intention update/delete responess match ACL/KV behavior
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
3c17144fb5
agent/structs: JSON marshal the configuration for a managed proxy
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
e9e6514c9b
agent: disallow deregistering a managed proxy directly
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
66a573e496
agent: deregister service deregisters the proxy along with it
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
a82726f0b8
agent: RemoveProxy also removes the proxy service
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
e2653bec02
Fix broken tests from PR merge related to proxy secure defaults
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
cf9b377c78
agent/cache: always fetch with minimum index of 1 at least
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
6a438c25d0
agent/proxy: remove debug println
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
0d6dcbd2f1
agent: disallow API registration with managed proxy if not enabled
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
f7fc026e18
agent/config: AllowManagedAPIRegistration
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
ed98d65c2b
agent/proxy: AllowRoot to disable executing managed proxies when root
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
5ae32837f7
agent/proxy: set the proper arguments so we only run the helper process
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
4897ca6545
agent/config: add AllowManagedRoot
2018-06-25 12:25:11 -07:00
Kyle Havlovitz
82a4b3c13f
connect: fix two CA tests that were broken in a previous PR ( #60 )
2018-06-25 12:25:10 -07:00
Paul Banks
41a29a469e
Fix roots race with CA setup hammering bug and defensive nil check hit during obscure upgrade scenario
2018-06-25 12:25:10 -07:00
Kyle Havlovitz
aafa3ca64a
agent: format all CA config fields
2018-06-25 12:25:09 -07:00
Kyle Havlovitz
edbeeeb23c
agent: update accepted CA config fields and defaults
2018-06-25 12:25:09 -07:00
Mitchell Hashimoto
316bdbe010
agent/proxy: fix build on Windows
2018-06-25 12:24:18 -07:00
Paul Banks
0824d1df5f
Misc comment cleanups
2018-06-25 12:24:16 -07:00
Paul Banks
e57aa52ca6
Warn about killing proxies in dev mode
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
028aa78e83
agent/consul: set precedence value on struct itself
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
927b45bf91
agent/config: move ports to `ports` structure, update docs
2018-06-25 12:24:15 -07:00
Paul Banks
d1c67d90bc
Fixs a few issues that stopped this working in real life but not caught by tests:
...
- Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed.
- Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart
- Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later
- Naming things
2018-06-25 12:24:14 -07:00
Paul Banks
85d6502ab3
Don't kill proxies on agent shutdown; backport manager close fix
2018-06-25 12:24:13 -07:00
Paul Banks
b2ff583392
Test for adopted process Stop race and fix
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
62d4aaa33e
agent: accept connect param for execute
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
daf46c9cfa
agent/consul: support a Connect option on prepared query request
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
440b1b2d97
agent/consul: prepared query supports "Connect" field
2018-06-25 12:24:11 -07:00
Mitchell Hashimoto
8bcadddda7
agent: intention create returns 500 for bad body
2018-06-25 12:24:10 -07:00
Mitchell Hashimoto
1830c6b308
agent: switch ConnectNative to an embedded struct
2018-06-25 12:24:10 -07:00
Paul Banks
df2cb30b01
Make tests pass and clean proxy persistence. No detached child changes yet.
...
This is a good state for persistence stuff to re-start the detached child work that got mixed up last time.
2018-06-25 12:24:10 -07:00
Paul Banks
cdc7cfaa36
Abandon daemonize for simpler solution (preserving history):
...
Reverts:
- bdb274852ae469c89092d6050697c0ff97178465
- 2c689179c4f61c11f0016214c0fc127a0b813bfe
- d62e25c4a7ab753914b6baccd66f88ffd10949a3
- c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
- 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
- 85c3f8df3eabc00f490cd392213c3b928a85aa44
2018-06-25 12:24:10 -07:00
Paul Banks
a2fe604191
WIP
2018-06-25 12:24:09 -07:00
Paul Banks
8cf4b3a6eb
Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy
2018-06-25 12:24:09 -07:00
Mitchell Hashimoto
827b671d4a
agent/proxy: Manager.Close also has to stop all proxy watchers
2018-06-25 12:24:09 -07:00
Paul Banks
ef9c40643e
Fix import tooling fail
2018-06-25 12:24:09 -07:00
Paul Banks
ba0fb58a72
Make daemoinze an option on test binary without hacks. Misc fixes for racey or broken tests. Still failing on several though.
2018-06-25 12:24:09 -07:00
Paul Banks
2b377dc624
Run daemon processes as a detached child.
...
This turns out to have a lot more subtelty than we accounted for. The test suite is especially prone to races now we can only poll the child and many extra levels of indirectoin are needed to correctly run daemon process without it becoming a Zombie.
I ran this test suite in a loop with parallel enabled to verify for races (-race doesn't find any as they are logical inter-process ones not actual data races). I made it through ~50 runs before hitting an error due to timing which is much better than before. I want to go back and see if we can do better though. Just getting this up.
2018-06-25 12:24:08 -07:00
Paul Banks
e21723a891
Persist proxy state through agent restart
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
eb3fcb39b3
agent/consul/state: support querying by Connect native
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
6b745964c4
agent/cache: update comment from PR review to clarify
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
424272361d
agent: agent service registration supports Connect native services
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
d6a823ad0d
agent/consul: support catalog registration with Connect native
2018-06-25 12:24:07 -07:00
Mitchell Hashimoto
d609ad216b
agent/cache: update comments
2018-06-25 12:24:07 -07:00
Mitchell Hashimoto
839d3c323d
agent/cache: correct test name
2018-06-25 12:24:07 -07:00
Mitchell Hashimoto
45e49f31de
agent/cache: change behavior to return error rather than retry
...
The cache behavior should not be to mask errors and retry. Instead, it
should aim to return errors as quickly as possible. We do that here.
2018-06-25 12:24:07 -07:00
Mitchell Hashimoto
311d503fb0
agent/cache: perform backoffs on error retries on blocking queries
2018-06-25 12:24:06 -07:00
Matt Keeler
3afa4f9c7e
Merge pull request #4234 from hashicorp/feature/default-new-ui
...
Switch over to defaulting to the new UI
2018-06-20 09:10:08 -04:00
Matt Keeler
af910bda39
Merge pull request #4216 from hashicorp/rpc-limiting
...
Make RPC limits reloadable
2018-06-20 09:05:28 -04:00
Matt Keeler
0d4e8676d1
Merge pull request #4215 from hashicorp/feature/config-node-meta-dns-txt
...
Add configuration entry to control including TXT records for node meta in DNS responses
2018-06-20 08:53:04 -04:00
Matt Keeler
7f7c703118
Update the runtime tests
2018-06-19 13:59:26 -04:00
Matt Keeler
8216816e3f
Make filtering out TXT RRs only apply when they would end up in Additional section
...
ANY queries are no longer affected.
2018-06-19 10:08:16 -04:00
Matt Keeler
197e2f69d5
Switch over to defaulting to the new UI
2018-06-15 09:20:13 -04:00
Kyle Havlovitz
ab4a9a94f4
Re-use uint8ToString
2018-06-14 09:42:23 -07:00
Kyle Havlovitz
5683d628c4
Support giving the duration as a string in CA config
2018-06-14 09:42:22 -07:00
Mitchell Hashimoto
eb2a6952ba
address comment feedback
2018-06-14 09:42:22 -07:00
Mitchell Hashimoto
cd39f09693
agent: leaf endpoint accepts name, not service ID
...
This change is important so that requests can made representing a
service that may not be registered with the same local agent.
2018-06-14 09:42:20 -07:00
Mitchell Hashimoto
1906fe1c0d
agent: address feedback
2018-06-14 09:42:20 -07:00
Mitchell Hashimoto
0accfc1628
agent: rename test to check
2018-06-14 09:42:18 -07:00
Mitchell Hashimoto
d1c21a8629
agent: implement HTTP endpoint
2018-06-14 09:42:18 -07:00
Mitchell Hashimoto
2a29679e9d
agent/consul: forward request if necessary
2018-06-14 09:42:17 -07:00
Mitchell Hashimoto
54ac5adb08
agent: comments to point to differing logic
2018-06-14 09:42:17 -07:00
Mitchell Hashimoto
d68462fca6
agent/consul: implement Intention.Test endpoint
2018-06-14 09:42:17 -07:00
Paul Banks
a80559e439
Make invalid clusterID be fatal
2018-06-14 09:42:17 -07:00
Paul Banks
140f3f5a44
Fix logical conflicts with CA refactor
2018-06-14 09:42:17 -07:00
Paul Banks
c58d47ba59
Fix broken api test for service Meta (logical conflict rom OSS). Add test that would make this much easier to catch in future.
2018-06-14 09:42:17 -07:00
Paul Banks
f4b8e8c96d
Add default CA config back - I didn't add it and causes nil panics
2018-06-14 09:42:17 -07:00
Paul Banks
1228a5839a
Ooops remove the CA stuff from actual server defaults and make it test server only
2018-06-14 09:42:16 -07:00
Paul Banks
4aeab3897c
Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes.
2018-06-14 09:42:16 -07:00
Paul Banks
bc07ff4983
Comment cleanup
2018-06-14 09:42:16 -07:00
Paul Banks
1722734313
Verify trust domain on /authorize calls
2018-06-14 09:42:16 -07:00
Paul Banks
b4803eca59
Generate CSR using real trust-domain
2018-06-14 09:42:16 -07:00
Paul Banks
622a475eb1
Add CSR signing verification of service ACL, trust domain and datacenter.
2018-06-14 09:42:16 -07:00
Paul Banks
c1f2025d96
Return TrustDomain from CARoots RPC
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
e00088e8ee
Rename some of the CA structs/files
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
6e9f1f8acb
Add more metadata to structs.CARoot
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
627aa80d5a
Use provider state table for a global serial index
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
988510f53c
Add test for ca config http endpoint
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
de72834b8c
Move connect CA provider to separate package
2018-06-14 09:42:15 -07:00
Mitchell Hashimoto
4f3b5647e5
agent/cache: change uint8 to uint
2018-06-14 09:42:15 -07:00
Mitchell Hashimoto
fc5508f8a3
agent/cache: string through attempt rather than storing on the entry
2018-06-14 09:42:15 -07:00
Mitchell Hashimoto
cfcd733609
agent/cache: implement refresh backoff
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
bc605a1576
agent/consul: change provider wait from goto to a loop
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
c8b65217c3
agent/consul: check nil on getCAProvider result
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
9b3495dddb
agent/consul: retry reading provider a few times
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
e54e69d11f
agent: verify local proxy tokens for CA leaf + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
a099c27b07
agent: verify proxy token for ProxyConfig endpoint + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
6e386ba6be
agent/proxy: pass proxy ID as an env var
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
37dde6d64a
agent/config: add managed proxy upstreams config to skip
...
agent/config will turn [{}] into {} (single element maps into a single
map) to work around HCL issues. These are resolved in HCL2 which I'm
sure Consul will switch to eventually.
This breaks the connect proxy configuration in service definition FILES
since we call this patch function. For now, let's just special-case skip
this. In the future we maybe Consul will adopt HCL2 and fix it, or we
can do something else if we want. This works and is tested.
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
965a902474
agent/structs: validate service definitions, port required for proxy
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
9a62bce03b
agent/config: default connect enabled in dev mode
...
This enables `consul agent -dev` to begin using Connect features with
the built-in CA. I think this is expected behavior since you can imagine
that new users would want to try.
There is no real downside since we're just using the built-in CA.
2018-06-14 09:42:13 -07:00
Paul Banks
d13be6b952
Make CSR work with jank domain
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
de3f49a880
agent/proxy: delete pid file on Stop
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
aaca1fbcf5
agent: increase timer for blocking cache endpoints
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
b4ba31c61b
agent/proxy: address PR feedback
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
f5e7993249
agent: clarify why we Kill still
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
2809203408
agent: restore proxy snapshot but still Kill proxies
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
718aabe35f
agent/proxy: check if process is alive in addition to Wait
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
f5ccc65295
agent: only set the proxy manager data dir if its set
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
1a32435a4d
agent/proxy: improve comments on snapshotting
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
e0bbe66427
agent/proxy: implement periodic snapshotting in the manager
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
13ff115436
agent/proxy: check if process is alive
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
0e8c0b7b48
agent/proxy: implement snapshotting for daemons
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
b7580f4fad
agent/proxy: manager configures the daemon pid path to write pids
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
1e7f253b53
agent/proxy: write pid file whenever the daemon process changes
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
09dcb0be98
agent/proxy: change LogDir to DataDir to reuse for other things
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
5e6bd8291c
agent/proxy: make the logs test a bit more robust by waiting for file
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
d00ff7cb58
agent/proxy: don't create the directory in newProxy
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
6cdacd1fd9
agent/proxy: send logs to the correct location for daemon proxies
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
ba00fa3548
agent: add additional tests for defaulting in AddProxy
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
171bf8d599
agent: clean up defaulting of proxy configuration
...
This cleans up and unifies how proxy settings defaults are applied.
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
3d3eee2f6e
agent: resolve some conflicts and fix tests
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
d9bd4ffebd
agent/local: clarify the non-risk of a full buffer
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
437689e83c
agent/local: remove outdated comment
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
6ae95d754c
agent: use os.Executable
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
39974df52a
agent/proxy: local state event coalescing
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
b0f377b519
agent/proxy: implement force kill of unresponsive proxy process
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
6539280f2a
agent: fix crash that could happen if proxy was nil on load
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
420edc4c1e
agent/proxy: pull exit status extraction to constrained file
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
1a2b28602c
agent: start proxy manager
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
7879e1d2ef
agent/proxy: detect config change to stop/start proxies
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
2d60684a8b
agent/proxy: test removing proxies and stopping them
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
fcd2ab2338
agent/proxy: manager and basic tests, not great coverage yet coming soon
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
2bd39a84a6
agent/local: add Notify mechanism for proxy changes
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
476ea7b04a
agent: start/stop proxies
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
fbfc6fce66
agent/proxy: clean up usage, can't be restarted
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
aaa2431350
agent: change connect command paths to be slices, not strings
...
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
7355a614fe
agent/local: store proxy on local state, wip, not working yet
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
ffd284de36
agent/proxy: exponential backoff on restarts
2018-06-14 09:42:07 -07:00
Mitchell Hashimoto
aa08a4cb46
agent/proxy: Daemon works, tests cover it too
2018-06-14 09:42:07 -07:00
Mitchell Hashimoto
e14fa850d8
wip
2018-06-14 09:42:07 -07:00
Paul Banks
e0e12e165b
TLS watching integrated into Service with some basic tests.
...
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
Paul Banks
90c574ebaa
Wire up agent leaf endpoint to cache framework to support blocking.
2018-06-14 09:42:07 -07:00
Kyle Havlovitz
a4d18f0eaa
Fill out connect CA rpc endpoint tests
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
b081c34255
Fix config tests
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
cce7f1cca1
Add tests for the built in CA's state store table
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
15fbc2fd97
Add more tests for built-in provider
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
edcfdb37af
Fix some inconsistencies around the CA provider code
2018-06-14 09:42:06 -07:00
Paul Banks
1b197d934a
Don't allow connect watches in agent/cli yet
2018-06-14 09:42:06 -07:00
Paul Banks
e8c510332c
Support legacy watch.HandlerFunc type for backward compat reduces impact of change
2018-06-14 09:42:05 -07:00
Paul Banks
cd88b2a351
Basic `watch` support for connect proxy config and certificate endpoints.
...
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
- Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
- Integration into `connect` is partially done here but still WIP
2018-06-14 09:42:05 -07:00
Kyle Havlovitz
daa8dd1779
Add CA config to connect section of agent config
2018-06-14 09:42:05 -07:00
Kyle Havlovitz
32d1eae28b
Move ConsulCAProviderConfig into structs package
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
315b8bf594
Simplify the CAProvider.Sign method
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
c6e1b72ccb
Simplify the CA provider interface by moving some logic out
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
a325388939
Clarify some comments and names around CA bootstrapping
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
8c1d5a2cdc
agent: resolve flaky test by checking cache hits increase, rather than
...
exact
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
051f004683
agent: use helper/retry instead of timing related tests
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
bd3b8e042a
agent/cache: address PR feedback, lots of typos
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
02b20a0353
agent/cache: address feedback, clarify comments
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
af1d70b026
agent/cache: don't every block on NotifyCh
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
724b829104
agent/cache: unit tests for ExpiryHeap, found a bug!
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
194b256861
agent/cache: send the total entries count on eviction to go-metrics
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
e0d964188c
agent/cache: make edge case with prev/next idx == 0 handled better
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
3b550d2b72
agent/cache: rework how expiry data is stored to be more efficient
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
595193a781
agent/cache: initial TTL work
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
1df99514ca
agent/cache: send the RefreshTimeout into the backend fetch
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
db4c47df27
agent/cache: on error, return from Get immediately, don't block forever
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
cc2c98f961
agent/cache: lots of comment/doc updates
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
6c01e402e0
agent: augment /v1/connect/authorize to cache intentions
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
0f3f3d13ca
agent/cache-types: support intention match queries
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
e1c1b8812a
agent/cache: return the error as part of Get
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
00e7ab3cd5
agent/cache: integrate go-metrics so the cache is debuggable
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
9f3dbf7b2a
agent/structs: DCSpecificRequest sets all the proper fields for
...
CacheInfo
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
be873d2558
agent/cache-types/ca-leaf: proper result for timeout, race on setting CA
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
fcb15e15ae
agent/cache: support timeouts for cache reads and empty fetch results
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
e81942df7a
agent/cache-types: rename to separate root and leaf cache types
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
8e7c517db1
agent/cache-types: got basic CA leaf caching work, major problems still
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
917a9e63d5
agent: check cache hit count to verify CA root caching, background update
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
6902d721d6
agent: initialize the cache and cache the CA roots
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
c329b4cb34
agent/cache: partition by DC/ACL token
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
e3c1162881
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
b0db5657c4
agent/cache: ConnectCA roots caching type
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
975be337a9
agent/cache: blank cache key means to always fetch
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
1cfb0f1922
agent/cache: initial kind-of working cache
2018-06-14 09:42:00 -07:00
Kyle Havlovitz
33418afd3c
Add cross-signing mechanism to root rotation
2018-06-14 09:42:00 -07:00
Kyle Havlovitz
d83fbfc766
Add the root rotation mechanism to the CA config endpoint
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
f9d92d795e
Have the built in CA store its state in raft
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
30c1973e8b
Fix the testing endpoint's root set op
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
75f62e3117
Update the CA config endpoint to enable GETs
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
ab737ef0f8
Hook the CA RPC endpoint into the provider interface
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
1f6501895f
Add CA bootstrapping on establishing leadership
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
682f105c7c
Add the bootstrap config for the CA
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
9fc33d2a62
Add the CA provider interface and built-in provider
2018-06-14 09:41:58 -07:00
Kyle Havlovitz
1787f88618
Add CA config set to fsm operations
2018-06-14 09:41:58 -07:00
Kyle Havlovitz
6b3416e480
Add the Connect CA config to the state store
2018-06-14 09:41:58 -07:00
Paul Banks
36dbd878c9
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
2018-06-14 09:41:58 -07:00
Paul Banks
730da74369
Fix various test failures and vet warnings.
...
Intention de-duplication in previously merged PR actualy failed some tests that were not caught be me or CI. I ran the test files for state changes but they happened not to trigger this case so I made sure they did first and then fixed. That fixed some upstream intention endpoint tests that I'd not run as part of testing the previous fix.
2018-06-14 09:41:58 -07:00
Paul Banks
1e72ad66f5
Refactor localBlockingQuery to use memdb.WatchSet. Much simpler and correct as a bonus!
2018-06-14 09:41:58 -07:00
Paul Banks
8d09381b96
Super ugly hack to get TeamCity build to work for this PR without adding a vendor that is being added elsewhere and will conflict...
2018-06-14 09:41:58 -07:00
Paul Banks
d73f079d0f
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test.
2018-06-14 09:41:57 -07:00
Paul Banks
2a69663448
Agent Connect Proxy config endpoint with hash-based blocking
2018-06-14 09:41:57 -07:00
Paul Banks
3e3f0e1f31
HTTP agent registration allows proxy to be defined.
2018-06-14 09:41:57 -07:00
Paul Banks
e6071051cf
Added connect proxy config and local agent state setup on boot.
2018-06-14 09:41:57 -07:00
Paul Banks
88541bba17
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works.
...
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
2018-06-14 09:41:57 -07:00
Paul Banks
ed9f07c361
Allow duplicate source or destination, but enforce uniqueness across all four.
2018-06-14 09:41:57 -07:00
Paul Banks
10db79c8ae
Rework connect/proxy and command/connect/proxy. End to end demo working again
2018-06-14 09:41:57 -07:00
Paul Banks
26e65f6bfd
connect.Service based implementation after review feedback.
2018-06-14 09:41:56 -07:00
Mitchell Hashimoto
95da20ffd7
agent: rename authorize param ClientID to ClientCertURI
2018-06-14 09:41:56 -07:00
Mitchell Hashimoto
6e57233913
agent: add TODO for verification
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
5a47a53c70
acl: IntentionDefault => IntentionDefaultAllow
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
ac72a0c5fd
agent: ACL checks for authorize, default behavior
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
6dc2db94ea
agent/structs: String format for Intention, used for logging
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
fb7bccc690
agent: bolster commenting for clearer understandability
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
9a987d6452
agent: default deny on connect authorize endpoint
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
86a8ce45b9
agent: /v1/agent/connect/authorize is functional, with tests
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
3ef0b93159
agent/connect: Authorize for CertURI
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
70d1d5bf06
agent: get rid of method checks since they're done in the http layer
2018-06-14 09:41:54 -07:00
Paul Banks
9309422fd9
Add Connect agent, catalog and health endpoints to api Client
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
845f7cd8ad
agent/consul/state: ensure exactly one active CA exists when setting
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
ffe4cdfc15
agent/connect: support any values in the URL
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
75bf0e1638
agent/connect: support SpiffeIDSigning
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
17ca8ad083
agent/connect: rename SpiffeID to CertURI
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
0cbcb07d61
agent/connect: use proper keyusage fields for CA and leaf
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
73442ada5a
agent/connect: address PR feedback for the CA.go file
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
d28ee70a56
agent: implement an always-200 authorize endpoint
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
a54d1af421
agent/consul: encode issued cert serial number as hex encoded
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
4210003c86
agent/structs: hide some fields from JSON
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
63d674d07d
agent: /v1/connect/ca/configuration PUT for setting configuration
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
1c3dbc83ff
agent/consul/fsm,state: snapshot/restore for CA roots
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
90f423fd02
agent/consul/fsm,state: tests for CA root related changes
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
1c72639d60
agent/consul: set more fields on the issued cert
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
c2588262b7
agent: /v1/connect/ca/leaf/:service_id
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
571d9aa785
agent: CA root HTTP endpoints
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
e40afd6a73
agent/consul: CAS operations for setting the CA root
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
578db06600
agent/consul: tests for CA endpoints
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
891cd22ad9
agent/consul: key the public key of the CSR, verify in test
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
d768d5e9a7
agent/consul: test for ConnectCA.Sign
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
f4ec28bfe3
agent/consul: basic sign endpoint not tested yet
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
548ce190d5
agent/connect: package for agent-related Connect, parse SPIFFE IDs
2018-06-14 09:41:50 -07:00
Mitchell Hashimoto
6d294b6bb4
agent/structs: json omit QueryMeta
2018-06-14 09:41:50 -07:00
Mitchell Hashimoto
e7536e5485
agent: /v1/connect/ca/roots
2018-06-14 09:41:50 -07:00
Mitchell Hashimoto
5a950190f3
agent/consul: RPC endpoints to list roots
2018-06-14 09:41:50 -07:00
Mitchell Hashimoto
130098b7b5
agent/consul/state: CARoot structs and initial state store
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
4d852e62a3
agent: address PR feedback
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
22a0eb6c67
agent: commenting some tests
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
6313bc5615
agent: clarified a number of comments per PR feedback
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
353953fcd2
agent/consul: Health.ServiceNodes ACL check for Connect
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
b6c0cb7115
agent/consul: Catalog endpoint ACL requirements for Connect proxies
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
3b07686648
agent: remove ConnectProxyServiceName
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
2feef5f7a3
agent/consul: require name for proxies
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
714026dfb7
agent: validate service entry on register
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
125fb96ff1
agent/structs: tests for PartialClone and IsSame for proxy fields
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
9781cb1ace
agent/local: anti-entropy for connect proxy services
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
44ec8d94d2
agent: clean up connect/non-connect duplication by using shared methods
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
368137b81b
agent: /v1/health/connect/:service
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
7d79f9c46f
agent/consul: implement Health.ServiceNodes for Connect, DNS works
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
406366c45b
agent: working DNS for Connect queries, I think, but have to
...
implement Health endpoints to be sure
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
fd33b76ec2
agent: /v1/catalog/connect/:service
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
e01914a025
agent/consul: Catalog.ServiceNodes supports Connect filtering
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
2062e37270
agent/consul/state: ConnectServiceNodes
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
7ed26e2c64
agent/consul: enforce ACL on ProxyDestination
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
0c0c0a58e7
agent/consul: proxy registration and tests
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
68107e9767
agent: /v1/agent/services test with connect proxies (works w/ no change)
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
4d4a8443e8
agent: test /v1/catalog/node/:node to list connect proxies
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
6e257ea51c
agent: /v1/catalog/service/:service works with proxies
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
63e4a35827
agent/consul/state: convert proxy test to testify/assert
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
21c6fc623a
agent/consul/state: service registration with proxy works
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
a621afe72c
agent/consul: convert intention ACLs to testify/assert
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
9dc8aa0fb3
agent/consul,structs: add tests for ACL filter and prefix for intentions
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
5ac649af7f
agent/consul: Intention.Match ACLs
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
4d87601bf4
agent/consul: Intention.Get ACLs
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
9bbbb73734
agent/consul: Intention.Apply ACL on rename
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
01b644e213
agent/consul: tests for ACLs on Intention.Apply update/delete
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
a67ff1c0dc
agent/consul: Basic ACL on Intention.Apply
2018-06-14 09:41:44 -07:00
Mitchell Hashimoto
0719ff6905
agent: convert all intention tests to testify/assert
2018-06-14 09:41:44 -07:00
Mitchell Hashimoto
454ef7d106
agent/consul/fsm,state: snapshot/restore for intentions
2018-06-14 09:41:44 -07:00
Mitchell Hashimoto
80d068aaa4
agent: use UTC time for intention times, move empty list check to
...
agent/consul
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
370b2599a1
agent/consul/fsm: switch tests to use structs.TestIntention
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
97e2a73145
agent/consul/state: need to set Meta for intentions for tests
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
ad42f42a17
agent/consul/state: remove TODO
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
70858598e4
agent: use testing intention to get valid intentions
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
ab4ea3efb4
agent/consul: set default intention SourceType, validate it
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
d92993f75b
agent/structs: Intention validation
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
82a50245e0
agent/consul: support intention description, meta is non-nil
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
c12690b837
agent/consul/fsm: add tests for intention requests
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
a9743f4f15
agent,agent/consul: set default namespaces
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
10c370c0fb
agent/consul: set CreatedAt, UpdatedAt on intentions
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
d57a3ca2af
agent: GET /v1/connect/intentions/match
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
93de03fe8b
agent/consul: RPC endpoint for Intention.Match
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
f93edadbbe
agent/consul/state: IntentionMatch for performing match resolution
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
377479c01a
agent/structs: IntentionPrecedenceSorter for sorting based on precedence
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
dca483b4a2
agent: PUT /v1/connect/intentions/:id
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
faeb583162
agent: DELETE /v1/connect/intentions/:id
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
fb02e53536
agent/consul: test that Apply works to delete an intention
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
4417f37ede
agent/consul/state,fsm: support for deleting intentions
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
1b44c1befa
agent/consul: creating intention must not have ID set
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
771b1737e3
agent/consul: support updating intentions
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
0d96cdc0a5
agent: GET /v1/connect/intentions/:id
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
274bfdd864
agent: POST /v1/connect/intentions
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
5a1fb35d6e
agent: GET /v1/connect/intentions endpoint
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
e8c4156f07
agent/consul: Intention.Get endpoint
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
9e307e178e
agent/consul: Intention.Apply, FSM methods, very little validation
2018-06-14 09:41:39 -07:00
Mitchell Hashimoto
212a272989
agent/consul: start Intention RPC endpoints, starting with List
2018-06-14 09:41:39 -07:00
Mitchell Hashimoto
9639bfb1be
agent/consul/state: list intentions
2018-06-14 09:41:39 -07:00
Mitchell Hashimoto
cc8a6f7f15
agent/consul/state: initial work on intentions memdb table
2018-06-14 09:41:39 -07:00
Guido Iaquinti
f7fe6c2a87
Attach server.Name label to client.rpc.failed
2018-06-13 14:56:14 +01:00
Guido Iaquinti
3d230dee80
Attach server.ID label to client.rpc.failed
2018-06-13 14:53:44 +01:00
Guido Iaquinti
e85e63c18c
Client: add metric for failed RPC calls to server
2018-06-13 12:35:45 +01:00
Matt Keeler
40e6d9c720
Fixup a weird merge problem
2018-06-11 16:27:39 -04:00
Matt Keeler
0df7cd22aa
Add a Client ReloadConfig test
2018-06-11 16:23:51 -04:00
Matt Keeler
08e26d10b8
Merge branch 'master' of github.com:hashicorp/consul into rpc-limiting
...
# Conflicts:
# agent/agent.go
# agent/consul/client.go
2018-06-11 16:11:36 -04:00
Matt Keeler
65746b2f8f
Apply the limits to the clients rpcLimiter
2018-06-11 15:51:17 -04:00
Matt Keeler
6cc0422408
Add configuration entry to control including TXT records for node meta in DNS responses
...
If set to false, the only way to retrieve TXT records for node meta is to specifically query for TXT records.
2018-06-11 11:49:04 -04:00
Pierre Souchay
c83124a94c
Removed labels from new ACL denied metrics
2018-06-08 11:56:46 +02:00
Pierre Souchay
064f8ad170
Removed consul prefix from metrics as requested by @kyhavlov
2018-06-08 11:51:50 +02:00
Matt Keeler
88a8c5e968
Merge pull request #4156 from hashicorp/enterprise-coexistence
...
Enterprise/Licensing Cleanup
2018-06-05 10:50:32 -04:00
Jack Pearkes
aa1c993806
Merge pull request #4013 from sethvargo/sethvargo/user_agent
...
Add a helper for generating Consul's user-agent string
2018-06-01 09:13:38 -07:00
Matt Keeler
27fe219918
Merge pull request #4131 from pierresouchay/enable_full_dns_compression
...
Enable full dns compression
2018-06-01 10:42:03 -04:00
Matt Keeler
1fbe828c35
Add RunWithConfig and put Run signature back to normal
2018-05-31 20:22:14 -04:00
Matt Keeler
53fbe2b111
Update unit tests to reflect change to func signature
2018-05-31 17:20:16 -04:00
Matt Keeler
8e0e239e42
Allow passing in a config to the watch plan to use when creating the API client
...
This allows watches from consul agent config (rather than consul watch command) to be able to utilize HTTPs
2018-05-31 17:07:36 -04:00
Pierre Souchay
fa37f262eb
Fixed comments for max DNS records returned as requested by @mkeeler
2018-05-31 18:15:52 +02:00
Seth Vargo
accb85a6a9
Use new discover and useragent libs
2018-05-25 15:52:05 -04:00
Matt Keeler
b6e9abe926
Allow for easy enterprise/oss coexistence
...
Uses struct/interface embedding with the embedded structs/interfaces being empty for oss. Also methods on the server/client types are defaulted to do nothing for OSS
2018-05-24 10:36:42 -04:00
Matt Keeler
0d197c32dc
Add BadRequestError handling
2018-05-24 10:34:01 -04:00
Wim
16ce8d9ed2
Add service reverse lookup tests
2018-05-21 22:59:21 +02:00
Wim
d10e6d0292
Do reverse service lookup only if address doesn't match node
2018-05-21 22:27:41 +02:00
Wim
5c04864b28
Add support for reverse lookup of services
2018-05-19 19:39:02 +02:00
Pierre Souchay
bb92420873
Test fix, trying to pass Travis tests
2018-05-16 14:10:35 +02:00
Pierre Souchay
486417a0fc
Ensure to never send messages more than 64k
2018-05-16 12:47:35 +02:00
Pierre Souchay
cfa5986df7
Fixed unit tests and updated limits
2018-05-16 12:11:49 +02:00
Pierre Souchay
6e80b6b127
Re-Enable compression while computing Len(), so we can send more answers
...
This will fix https://github.com/hashicorp/consul/issues/4071
2018-05-16 11:00:51 +02:00
Matt Keeler
cfd09c88c6
Update bindata_assetfs for 1.1
2018-05-11 14:56:05 -04:00
Paul Banks
863ac12811
v1.1.0 UI Build
2018-05-11 17:05:20 +01:00
Paul Banks
ff37194fc0
Go fmt cleanup
2018-05-11 17:05:19 +01:00
Preetha Appan
ca67094619
Change default raft threshold config values and add a section to upgrade notes
2018-05-11 10:45:41 -05:00
Preetha Appan
3ff5fd6ec5
More docs and removed SnapShotInterval from raft timing struct stanza
2018-05-11 10:43:24 -05:00
Preetha Appan
d721da7b67
Also make snapshot interval configurable
2018-05-11 10:43:24 -05:00
Preetha Appan
ad09865562
fix spacing
2018-05-11 10:43:24 -05:00
Preetha Appan
66f31cd25a
Make raft snapshot commit threshold configurable
2018-05-11 10:43:24 -05:00
Kyle Havlovitz
876d251b95
Merge pull request #4108 from hashicorp/vendor-go-discover
...
Update go-discover and add triton provider
2018-05-10 17:29:00 -07:00
Kyle Havlovitz
48560848fc
Move cloud auto-join docs to a separate page and add Triton
2018-05-10 17:15:41 -07:00
Jack Pearkes
291e8b83ae
Merge pull request #4097 from hashicorp/remove-deprecated
...
Remove deprecated check/service fields and metric names
2018-05-10 15:45:49 -07:00
John Cowen
e5eeb0aa7c
UI V2 ( #4086 )
...
* Move settings to use the same service/route API as the rest of the app
* Put some ideas down for unit testing on adapters
* Favour `Model` over `Entity`
* Move away from using `reopen` to using Mixins
* Amend messages, comment/document some usage
* Make sure the returns are consistent in normalizePayload, also
Add some todo's in to remind me to think consider this further at a
later date. For example, is normalizePayload to be a hook or an
overridable method
* Start stripping back the HTML to semantics
* Use a variable rather than chaining
* Remove unused helpers
* Start picking through the new designs, start with listing pages
* First draft HTML for every page
* Making progress on the CSS
* Keep plugging away at the catalog css
* Looking at scrolling
* Wire up filtering
* Sort out filter counting, more or less done a few outstanding
* Start knocking the forms into shape
* Add in codemirror
* Keep moving forwards with the form like layouts
* Start looking at ACL editing page, add footer in
* Pull the filters back in, look at an autoresizer for scroll views
* First draft toggles
* 2nd draft healthcheck icons
* Tweak node healthcheck icons
* Looking at healthcheck detail icons
* Tweak the filter-bar and add selections to the in content tabs
* Add ACL create, pill-like acl type highlight
* Tweaking the main nav some more
* Working on the filter-bar and freetext-filter
* Masonry layout
* Stick with `checks` instead of healthy/unhealthy
* Fix up the filter numbers/counts
* Use the thead for a measure
* First draft tomography back in
* First draft DC dropdown
* Add a temporary create buttong to kv's
* Move KV and ACL to use a create page
* Move tags
* Run through old tests
* Injectable server
* Start adding test attributes
* Add some page objects
* More test attributes and pages
* Acl filter objects
* Add a page.. page object
* Clickable items in lists
* Add rest/spread babel plugin, remove mirage for now
* Add fix for ember-collection
* Keep track of acl filters
* ember-cli-page-object
* ember-test-selectors
* ui: update version of ui compile deps
* Update static assets
* Centralize radiogroup helper
* Rejig KV's and begin to clean it up
* Work around lack of Tags for the moment..
* Some little css tweaks and start to remove possibles
* Working on the dc page and incidentals
1. Sort the datacenter-picker list
2. Add a selected state to the datacenter-picker
3. Make dc an {Name: dc}
4. Add an env helper to get to 'env vars' from within templates
* Click outside stuff for the datacenter-picker, is-active on nav
* Make sure the dropdown CTA can be active
* Bump ember add pluralize helper
* Little try at sass based custom queries
* Rejig tablular collection so it deals with resizing, actions
1. WIP: start building actions dropdowns
2. Move tabular collection to deal with resizing to rule out differences
* First draft actions dropdowns
* Add ports, selectable IP's
* Flash messages, plus general cleanup/consistency
1. Add ember-cli-flash for flash messages
2. Move everything to get() instead of item.get
3. Spotted a few things that weren't consistent
* DOn't go lower than zero
* First draft vertical menu
* Missed a get, tweak dropmenu tick
* Big cleanup
1. this.get(), this.set() > get(), set()
2. assign > {...{}, ...{}}
3. Seperator > separator
* WIP: settings
* Moved things into a ui-v2 folder
* Decide on a way to do the settings page whilst maintaining the url + dc's
* Start some error pages
* Remove base64 polyfill
* Tie in settings, fix atob bug, tweak layout css
* Centralize confirmations into a component
* Allow switching between the old and new UI with the CONSUL_UI_BETA env var
Currently all the assets are packaged into a single AssetFS and a prefix is configured to switch between the two.
* Attempt at some updates to integrate the v2 ui build into the main infrastructure
* Add redirect to index.html for unknown paths
* Allow redictor to /index.html for new ui when using -ui-dir
* Take ACLs to the correct place on save
* First pass breadcrumbs
* Remove datacenter selector on the index page
* Tweak overall layout
* Make buttons 'resets'
* Tweak last DC stuff
* Validations plus kv keyname viewing tweaks
* Pull sessions back in
* Tweak the env vars to be more reusable
* Move isAnon to the view
* No items and disabled acl css
* ACL and KV details
1. Unauthorized page
2. Make sure the ACL is always selected when it needs it
3. Check record deletion with a changeset
* Few more acl tweaks/corrections
* Add no items view to node > services
* Tags for node > services
* Make sure we have tags
* Fix up the labels on the tomography graph
* Add node link (agent) to kv sessions
* Duplicate up `create` for KV 'root creation'
* Safety check for health checks
* Fix up the grids
* Truncate td a's, fix kv columns
* Watch for spaces in KV id's
* Move actions to their own mixins for now at least
* Link reset to settings incase I want to type it in
* Tweak error page
* Cleanup healthcheck icons in service listing
* Centralize errors and make getting back easier
* Nice numbers
* Compact buttons
* Some incidental css cleanups
* Use 'Key / Value' for root
* Tweak tomography layout
* Fix single healthcheck unhealthy resource
* Get loading screen ready
* Fix healthy healthcheck tick
* Everything in header starts white
* First draft loader
* Refactor the entire backend to use proper unique keys, plus..
1. Make unique keys form dc + slug (uid)
2. Fun with errors...
* Tweak header colors
* Add noopener noreferrer to external links
* Add supers to setupController
* Implement cloning, using ember-data...
* Move the more expensive down the switch order
* First draft empty record cleanup..
* Add the cusomt store test
* Temporarily use the htmlSafe prototype to remove the console warning
* Encode hashes in urls
* Go back to using title for errors for now
* Start removing unused bulma
* Lint
* WIP: Start looking at failing tests
* Remove single redirect test
* Finish off error message styling
* Add full ember-data cache invalidation to avoid stale data...
* Add uncolorable warning icons
* More info icon
* Rearrange single service, plus tag printing
* Logo
* No quotes
* Add a simple startup logo
* Tweak healthcheck statuses
* Fix border-color for healthchecks
* Tweak node tabs
* Catch 401 ACL errors and rethrow with the provided error message
* Remove old acl unauth and error routes
* Missed a super
* Make 'All' refer to number of checks, not services
* Remove ember-resizer, add autoprefixer
* Don't show tomography if its not worth it, viewify it more also
* Little model cleanup
* Chevrons
* Find a way to reliably set the class of html from the view
* Consistent html
* Make sure session id's are visible as long as possible
* Fix single service check count
* Add filters and searchs to the query string
* Don't remember the selected tab
* Change text
* Eror tweaking
* Use chevrons on all breadcrumbs even in kv's
* Clean up a file
* Tweak some messaging
* Makesure the footer overlays whats in the page
* Tweak KV errors
* Move json toggle over to the right
* feedback-dialog along with copy buttons
* Better confirmation dialogs
* Add git sha comment
* Same title as old UI
* Allow defaults
* Make sure value is a string
* WIP: Scrolling dropdowns/confirmations
* Add to kv's
* Remove set
* First pass trace
* Better table rows
* Pull over the hashi code editor styles
* Editor tweaks
* Responsive tabs
* Add number formatting to tomography
* Review whats left todo
* Lint
* Add a coordinate ember data triplet
* Bump in a v2.0.0
* Update old tests
* Get coverage working again
* Make sure query keys are also encoded
* Don't test console.error
* Unit test some more utils
* Tweak the size of the tabular collections
* Clean up gitignore
* Fix copy button rollovers
* Get healthcheck 'icon icons' onto the text baseline
* Tweak healthcheck padding and alignment
* Make sure commas kick in in rtt, probably never get to that
* Improve vertical menu
* Tweak dropdown active state to not have a bg
* Tweak paddings
* Search entire string not just 'startsWith'
* Button states
* Most buttons have 1px border
* More button tweaks
* You can only view kv folders
* CSS cleanup reduction
* Form input states and little cleanup
* More CSS reduction
* Sort checks by importance
* Fix click outside on datacenter picker
* Make sure table th's also auto calculate properly
* Make sure `json` isn't remembered in KV editing
* Fix recursive deletion in KV's
* Centralize size
* Catch updateRecord
* Don't double envode
* model > item consistency
* Action loading and ACL tweaks
* Add settings dependencies to acl tests
* Better loading
* utf-8 base64 encode/decode
* Don't hang off a prototype for htmlSafe
* Missing base64 files...
* Get atob/btoa polyfill right
* Shadowy rollovers
* Disabled button styling for primaries
* autofocuses only onload for now
* Fix footer centering
* Beginning of 'notices'
* Remove the isLocked disabling as we are letting you do what the API does
* Don't forget the documentation link for sessions
* Updates are more likely
* Use exported constant
* Dont export redirectFS and a few other PR updates
* Remove the old bootstrap config which was used for the old UI skin
* Use curlies for multiple properties
2018-05-10 19:52:53 +01:00
Paul Banks
92c6fe0b1e
Make it work for WAN join too and add tests
2018-05-10 14:30:24 +01:00
Dominik Lekse
ba9991a145
Added support for sockaddr templates in start-join and retry-join configuration
2018-05-10 14:08:41 +01:00
Kyle Havlovitz
75953273e2
Remove unused retry join structs from config
2018-05-08 16:25:34 -07:00