Commit Graph

362 Commits (4275e8fa82b3b54ee1ed04373fa8a659cce2e484)

Author SHA1 Message Date
Eric Haberkorn 4d6ff29392
Traffic Permissions Validations (#18907)
1 year ago
R.B. Boyer 633c6c9458
mesh: add ACL checks for xRoute resources (#18926)
1 year ago
R.B. Boyer 43a8dbb188
mesh: add ACL checks for DestinationPolicy resources (#18920)
1 year ago
Iryna Shustava d88888ee8b
catalog,mesh,auth: Bump versions to v2beta1 (#18930)
1 year ago
R.B. Boyer de231bbbdd
catalog: fix for new method argument (#18978)
1 year ago
R.B. Boyer ec6189fd2f
catalog: add ACL checks for FailoverPolicy resources (#18919)
1 year ago
R.B. Boyer ef6f2494c7
resource: allow for the ACLs.Read hook to request the entire data payload to perform the authz check (#18925)
1 year ago
Derek Menteer eb7e20307c
[NET-5589] Add jitter to xds v2 leaf cert watches (#18940)
1 year ago
Semir Patel d2be7577b9
tenancy: split up tenancy `types.go` into CE version (#18966)
1 year ago
Matt Keeler 53fcc5d9a5
Add protoc generator to emit resource type variables (#18957)
1 year ago
Eric Haberkorn f87ae3636c
Fix V2 Wildcard RBAC Regular Expressions (#18941)
1 year ago
Derek Menteer d4ed3047f8
[NET-5589] Optimize leaf watch diff on xds controller. (#18921)
1 year ago
John Murret 700d1bb37c
NET-5131 - support multiple ported upstreams tests (#18923)
1 year ago
Dhia Ayachi 341dc28ff9
Add namespace proto and registration (#18848)
1 year ago
R.B. Boyer d574473fd1
mesh: make FailoverPolicy work in xdsv2 and ProxyStateTemplate (#18900)
1 year ago
Nitya Dhanushkodi 3a2e62053a
v2: various fixes to make K8s tproxy multiport acceptance tests and manual explicit upstreams (single port) tests pass (#18874)
1 year ago
R.B. Boyer 07d916e84f
resource: ensure resource.AuthorizerContext properly strips the local… (#18908)
1 year ago
Eric Haberkorn 170417ac97
Honor Default Traffic Permissions in V2 (#18886)
1 year ago
Iryna Shustava 212793a4ee
mesh: only build tproxy outbound listener once per destination (#18836)
1 year ago
Semir Patel 62796a1454
resource: mutate and validate before acls on write (#18868)
1 year ago
R.B. Boyer dabbc9627b
mesh: normalize/default/validate tenancy components of mesh internal References (#18827)
1 year ago
R.B. Boyer 696aa1bbd2
mesh: update xds controller to synthesize empty endpoints when no endpoints ref is found (#18835)
1 year ago
R.B. Boyer b4d5178e5c
catalog: normalize/default/validate tenancy components of FailoverPolicy internal References (#18825)
1 year ago
Dhia Ayachi 4435e4a420
add v2 tenancy bridge Flag and v2 Tenancy Bridge initial implementation (#18830)
1 year ago
Iryna Shustava a89938e0c1
catalog: Default protocol to tcp in catalog.Service if unspecified (#18832)
1 year ago
R.B. Boyer 5cde50dee7
mesh: prevent writing a ComputedRoutes with no ported configs (#18833)
1 year ago
skpratt 1fda2965e8
Allow empty data writes for resources (#18819)
1 year ago
Iryna Shustava 6838441c54
Default to tcp protocol when workload protocol is unspecified (#18824)
1 year ago
Eric Haberkorn 21fdbbabbc
Wire up traffic permissions (#18812)
1 year ago
Semir Patel d3dad14030
resource: default peername to "local" for now (#18822)
1 year ago
R.B. Boyer 9c1a1ffcde
mesh: call the right mapper (#18818)
1 year ago
R.B. Boyer 66e1cdf40c
mesh: Wire ComputedRoutes into the ProxyStateTemplate via the sidecar controller (#18752)
1 year ago
skpratt e5808d85f7
register traffic permission and workload identity types (#18704)
1 year ago
Dhia Ayachi 658c27a684
add fuzz tests to resourcehcl package and fix some panics (#18798)
1 year ago
Iryna Shustava 7f2a1d9812
catalog: service endpoints inherits protocol from service when workload doesn't have one (#18792)
1 year ago
R.B. Boyer 07f54fe3b8
resource: add helper to normalize inner Reference tenancy during mutate (#18765)
1 year ago
Eric Haberkorn 12be06f8e5
Add V2 TCP traffic permissions (#18771)
1 year ago
Nitya Dhanushkodi 78b170ad50
xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756)
1 year ago
R.B. Boyer 89e6725eee
mesh: create new routes-controller to reconcile xRoute types into a ComputedRoutes resource (#18460)
1 year ago
Poonam Jadhav 264166fcc0
fix: write endpoint errors out gracefully (#18743)
1 year ago
John Murret 62062fd4fd
NET-5132 - Configure multiport routing for connect proxies in TProxy mode (#18606)
1 year ago
Dhia Ayachi b1688ad856
Run copyright after running deep-copy as part of the Makefile/CI (#18741)
1 year ago
R.B. Boyer a69e901660
xds: update golden tests to be deterministic (#18707)
1 year ago
John Murret 3e78b4cf34
Prefix sidecar proxy test files with source and destination. (#18620)
1 year ago
Iryna Shustava 1557e1d6a3
sidecar-proxy controller: Add support for transparent proxy (NET-5069) (#18458)
1 year ago
R.B. Boyer acd9b3d1c4
test: update sidecarproxy/builder golden tests to use determinstic golden data (#18703)
1 year ago
Iryna Shustava 3c70e14713
sidecar-proxy controller: L4 controller with explicit upstreams (NET-3988) (#18352)
1 year ago
wangxinyi7 df9d12a56a
Net 2714/xw cli read command (#18462)
1 year ago
Semir Patel b96cff7436
resource: Require scope for resource registration (#18635)
1 year ago
Michael Zalimeni 699aa47416
fix: make UNSPECIFIED protocol pass validation (#18634)
1 year ago
Dhia Ayachi f8d77f027a
delete all v2 resources type when deleting a namespace (CE) (#18621)
1 year ago
Ashwin Venkatesh 797e42dc24
Watch the ProxyTracker from xDS controller (#18611)
1 year ago
John Murret 0e606504bc
NET-4944 - wire up controllers with proxy tracker (#18603)
1 year ago
John Murret 051f250edb
NET-5338 - NET-5338 - Run a v2 mode xds server (#18579)
1 year ago
Semir Patel 067a0112e2
resource: Make resource listbyowner tenancy aware (#18566)
1 year ago
R.B. Boyer 8a931241f2
chore: fix missing/incorrect license headers (#18555)
1 year ago
R.B. Boyer 5b88aae3b4
catalog: validating Protocol and Health enums on Service, Workload, and ServiceEndpoints (#18554)
1 year ago
Ashwin Venkatesh 4f9955d91e
Update trust bundle into proxy-state-template (#18550)
1 year ago
R.B. Boyer 17667a1c75
mesh: adding type aliases for mesh resource usage (#18448)
1 year ago
Ashwin Venkatesh 0d60380214
xds controller: resolve ServiceEndpoints references in ProxyStateTemp… (#18544)
1 year ago
R.B. Boyer 55723c541e
mesh: add validation for the new pbmesh resources (#18410)
1 year ago
R.B. Boyer 570c84d032
catalog: add failover mode enum validation (#18545)
1 year ago
Semir Patel 53e28a4963
OSS -> CE (community edition) changes (#18517)
1 year ago
Matt Keeler 547f4f8395
Reduce required type arguments for DecodedResource (#18540)
1 year ago
Iryna Shustava 0b580ffd22
bimapper: fix data race (#18519)
1 year ago
Iryna Shustava cc596ce772
bimapper: allow to untrack links and support reference or id (#18451)
1 year ago
Ashwin Venkatesh 97b41d946f
Support custom watches on controller (#18439)
1 year ago
Semir Patel 217107f627
resource: Make resource list tenancy aware (#18475)
1 year ago
Poonam Jadhav f88d4fe28f
Net-2707/list resource endpoint (#18444)
1 year ago
wangxinyi7 cda884ac81
read endpoint (#18268)
1 year ago
Poonam Jadhav 559c61e6b6
Net-2712/resource hcl parsing (#18250)
1 year ago
Poonam Jadhav 5717cbd466
Net-2708/delete resource endpoint (#18420)
1 year ago
hashicorp-copywrite[bot] 5fb9df1640
[COMPLIANCE] License changes (#18443)
1 year ago
Semir Patel bee12c6b1f
resource: Make resource write tenancy aware (#18423)
1 year ago
R.B. Boyer 42efc11b4e
catalog: adding a controller to reconcile FailoverPolicy resources (#18399)
1 year ago
R.B. Boyer bfc519f293
catalog: add FailoverPolicy mutation and validation hooks (#18390)
1 year ago
Matt Keeler 91d331bbaa
Add ServiceEndpoints Mutation hook tests (#18404)
1 year ago
Semir Patel 63cc037110
resource: Make resource read tenancy aware (#18397)
1 year ago
R.B. Boyer 1ebd001a07
bimapper: fix a bug and add some more test coverage (#18387)
1 year ago
wangxinyi7 1f28ac2664
expose grpc as http endpoint (#18221)
1 year ago
R.B. Boyer 9c227e2c36
mesh: adding the protobuf types and resources backing mesh config v2 (#18351)
1 year ago
Iryna Shustava a33001f4d4
Register ProxyStateTemplate Resource (#18316)
1 year ago
R.B. Boyer 13ce787a3f
resource: adding various helpers for working with resources (#18342)
1 year ago
Semir Patel efb45fe851
resource: Add scope to resource type registration [NET-4976] (#18214)
1 year ago
Semir Patel ada767fc9f
resource: Pass resource to Write ACL hook instead of just resource Id [NET-4908] (#18192)
1 year ago
Semir Patel 003370ded0
Call resource mutate hook before validate hook (NET-4907) (#18178)
1 year ago
Iryna Shustava c328ba85bd
Split pbmesh.UpstreamsConfiguration as a resource out of pbmesh.Upstreams (#17991)
1 year ago
Dan Upton b117eb0126
resource: enforce consistent naming of resource types (#17611)
1 year ago
Dan Upton 48445dfa55
resource: add `AuthorizerContext` helper method (#17393)
1 year ago
Matt Keeler 37636eab71
Catalog V2 Container Based Integration Test (#17674)
1 year ago
Matt Keeler 653a886689
Implement a Catalog Controllers Lifecycle Integration Test (#17435)
1 year ago
Matt Keeler a5ba889034
Implement the service endpoints controller (#17216)
1 year ago
Matt Keeler 77f44fa878
Various bits of cleanup detected when using Go Workspaces (#17462)
1 year ago
Dan Stough d935c7b466
[OSS] gRPC Blocking Queries (#17426)
2 years ago
Matt Keeler 1d6a0c8f21
Add the workload health controller (#17215)
2 years ago
R.B. Boyer 21c6e0e8e6
fix two typos (#17389)
2 years ago
Matt Keeler d37572bd44
Add a Node health controller (#17214)
2 years ago
Dan Upton 879b775459
docs: initial documentation for the new State Store (#17315)
2 years ago
Matt Keeler 456156ebec
Add type validations for the catalog resources (#17211)
2 years ago
Dan Upton 6c24a66f73
resource: optionally compare timestamps in `EqualStatus` (#17275)
2 years ago
Semir Patel 40eefaba18
Reaper controller for cascading deletes of owner resources (#17256)
2 years ago
Dan Upton d53a1d4a27
resource: add helpers for more efficiently comparing IDs etc (#17224)
2 years ago
Dan Upton 972998203e
controller: deduplicate items in queue (#17168)
2 years ago
Dan Upton 6e1bc57469
Controller Runtime
2 years ago
Matt Keeler 34915670f2
Register new catalog & mesh protobuf types with the resource registry (#17225)
2 years ago
Semir Patel 991a002fcc
resource: List resources by owner (#17190)
2 years ago
Semir Patel 9fef1c7f17
Create tombstone on resource `Delete` (#17108)
2 years ago
Dan Upton eeaa636164
Cleanup from unblocking the pipeline 🧹 (#17121)
2 years ago
Semir Patel e7bb8fdf15
Fix or disable pipeline breaking changes that made it into main in last day or so (#17130)
2 years ago
Dan Upton b9c485dcb8
Controller Supervision (#17016)
2 years ago
Dan Upton ba4a314772
storage: fix bug where WatchList would (rarely) return duplicate events (#17067)
2 years ago
hashicorp-copywrite[bot] 9f81fc01e9
[COMPLIANCE] Add Copyright and License Headers (#16854)
2 years ago
Semir Patel 2f7d591702
Tenancy wildcard validaton for `Write`, `Read`, and `Delete` endpoints (#17004)
2 years ago
Semir Patel b8c9e133be
Add mutate hook to `Write` endpoint (#16958)
2 years ago
Semir Patel 3b83c7ee9a
Enforce ACLs on resource `Write` and `Delete` endpoints (#16956)
2 years ago
Dan Upton d595e6ade9
resource: `WriteStatus` endpoint (#16886)
2 years ago
Semir Patel 317240fca7
Resource validation hook for `Write` endpoint (#16950)
2 years ago
Semir Patel 686f49346c
Check acls on resource `Read`, `List`, and `WatchList` (#16842)
2 years ago
Dan Upton 4fa2537b3b
Resource `Write` endpoint (#16786)
2 years ago
Dan Upton 671d5825ca
Raft storage backend (#16619)
2 years ago
Dan Upton 651549c97d
storage: fix resource leak in Watch (#16817)
2 years ago
Ronald b64674623e
Copyright headers for missing files/folders (#16708)
2 years ago
Dan Upton 81df781e5f
Add storage backend interface and in-memory implementation (#16538)
2 years ago
Poonam Jadhav 9c64731a56
feat: add category annotation to RPC and gRPC methods (#16646)
2 years ago
Semir Patel 5a3fec6238
Basic resource type registry (#16622)
2 years ago
Matt Keeler 84156afe87
Remove private prefix from proto-gen-rpc-glue e2e test (#16433)
2 years ago
Matt Keeler 085c0addc0
Protobuf Refactoring for Multi-Module Cleanliness (#16302)
2 years ago
Matt Keeler 5afd4657ec
Protobuf Modernization (#15949)
2 years ago
Dan Upton ee2d47da83
Fix missing comment in generated enterprise rate-limit file (#15895)
2 years ago
Dan Upton d4c435856b
grpc: `protoc` plugin for generating gRPC rate limit specifications (#15564)
2 years ago
Chris S. Kim cc819ad83b
[OSS] Add boilerplate for proto files implementing BlockableQuery (#15554)
2 years ago
Kyle Schochenmaier bf0f61a878
removes ioutil usage everywhere which was deprecated in go1.16 (#15297)
2 years ago
Chris S. Kim bde57c0dd0 Regenerate files according to 1.19.2 formatter
2 years ago
Chris S. Kim 3d05a8e9af Remove unused methods from template
2 years ago
Chris S. Kim 29a297d3e9
Refactor client RPC timeouts (#14965)
2 years ago
Paul Glass 77afe0e76e
Extract AWS auth implementation out of Consul (#13760)
2 years ago
alex 7c0daeade8
fix leader annotation (#13786)
2 years ago
alex b7043f7150
peering: add warning about AllowStaleRead (#13768)
2 years ago
Evan Culver 88449b1f1b
internal: port RPC glue changes from Enterprise (#13034)
3 years ago
Will Jordan c48120d005
Add timeout to Client RPC calls (#11500)
3 years ago
Paul Glass d79ca2f024
acl: Fix tag parsing for IAM users and roles in IAM auth method (#12797)
3 years ago
Paul Glass 99f373dde4
acl: Adjust region handling in AWS IAM auth method (#12774)
3 years ago
Paul Glass 706c844423
Add IAM Auth Method (#12583)
3 years ago
R.B. Boyer 4676960b93
proto-gen-rpc-glue: support QueryMeta and QueryOptions (#12637)
3 years ago
R.B. Boyer dc023cb0dd
proto-gen-rpc-glue: use a shallow copy of proto/pbcommon instead of a consul dependency (#12634)
3 years ago
R.B. Boyer 9736e33897
proto-gen-rpc-glue: fix behavior of renamed fields (#12633)
3 years ago
R.B. Boyer 3d725a1762
regenerate rpc glue stubs in protobuf files using comments (#12625)
3 years ago
Daniel Nephin e8312d6b5a testing: remove unnecessary calls to freeport
3 years ago
Daniel Nephin 56f9238d15 go-sso: remove returnFunc now that freeport handles return
3 years ago
Evan Culver c4c833fd0e
sso/oidc: add support for acr_values request parameter (#11026)
3 years ago
Daniel Nephin a6000e6ad8 state: add a regression test for state store schema
4 years ago
Daniel Nephin b9e60c0775 testing: skip slow tests with -short
4 years ago
Matt Keeler 51c3a605ad
Merge pull request #8035 from hashicorp/feature/auto-config/server-rpc
5 years ago
Daniel Nephin 5afcf5c1bc
Merge pull request #8034 from hashicorp/dnephin/add-linter-staticcheck-4
5 years ago
Matt Keeler 9b01f9423c
Implement the insecure version of the Cluster.AutoConfig RPC endpoint
5 years ago
Daniel Nephin 068b43df90 Enable gofmt simplify
5 years ago
Daniel Nephin cb050b280c ci: enable SA4006 staticcheck check
5 years ago
Daniel Nephin 600645b5f9 Add unconvert linter
5 years ago
R.B. Boyer 1efafd7523
acl: add auth method for JWTs (#7846)
5 years ago
Jeff Mitchell 4243c3ae42
Move internal/ to sdk/ (#5568)
6 years ago
Jeff Mitchell bb9af0dc37
Bump cleanhttp to be the same version as the other modules (#5563)
6 years ago
Jeff Mitchell 47c390025b
Convert to Go Modules (#5517)
6 years ago