Commit Graph

770 Commits (62688107affc75861a8d2f89caca9a982523beca)

Author SHA1 Message Date
Daniel Nephin b29faa3e50 ca: fix stored CARoot representation with Vault provider
3 years ago
Daniel Nephin 32ef9c5d5c ca: add some godoc and func for finding leaf signing cert
3 years ago
freddygv 5e1f7b7c36 Prevent partition-exports entry from OSS usage
3 years ago
Dhia Ayachi bb83624950
Partition session checks store (#11638)
3 years ago
Iryna Shustava 0ee456649f
connect: Support auth methods for the vault connect CA provider (#11573)
3 years ago
R.B. Boyer 1e02460bd1
re-run gofmt on 1.17 (#11579)
3 years ago
R.B. Boyer eb21649f82
partitions: various refactors to support partitioning the serf LAN pool (#11568)
3 years ago
freddygv e5b7c4713f Accept partition for ingress services
3 years ago
Daniel Upton 50a1f20ff9
xds: prefer fed state gateway definitions if they're fresher (#11522)
3 years ago
Dhia Ayachi 7916268c40
refactor session state store tables to use the new index pattern (#11525)
3 years ago
Dhia Ayachi 520cb5858c
KV state store refactoring and partitioning (#11510)
3 years ago
Daniel Nephin 8ba760a2fc acl: remove id and revision from Policy constructors
3 years ago
Daniel Nephin 7c679c11e6 acl: remove Policy.ID and Policy.Revision
3 years ago
Connor efe4b21287
Support Vault Namespaces explicitly in CA config (#11477)
3 years ago
Mark Anderson 7e8228a20b
Remove some usage of md5 from the system (#11491)
3 years ago
FFMMM 4ddf973a31
add root_cert_ttl option for consul connect, vault ca providers (#11428)
3 years ago
Daniel Nephin 51d8417545
Merge pull request #10690 from tarat44/h2c-support-in-ping-checks
3 years ago
Daniel Upton d47b7311b8
Support Check-And-Set deletion of config entries (#11419)
3 years ago
freddygv ac96ce6552 Ensure partition-exports kind gets marshalled
3 years ago
freddygv 43360eb216 Rework acl exports interface
3 years ago
Freddy b1b6f682e1
Merge pull request #11416 from hashicorp/ap/exports-update
3 years ago
R.B. Boyer ef559dfdd4
agent: refactor the agent delegate interface to be partition friendly (#11429)
3 years ago
freddygv 8aefdc31da Remove outdated partition label from test
3 years ago
freddygv 5c24ed61a8 Rename service-exports to partition-exports
3 years ago
Daniel Nephin 65d48e5042 state: remove support for updating legacy ACL tokens
3 years ago
Daniel Nephin 3390f85ab4 acl: remove ACLTokenTypeManagement
3 years ago
Daniel Nephin 32b4ad42ac acl: remove ACLTokenTypeClient,
3 years ago
Daniel Nephin c77e5747b1 acl: remove EmbeddedPolicy
3 years ago
Daniel Nephin 1344137ce2 acl: move the legacy ACL struct to the one package where it is used
3 years ago
Daniel Nephin 531f2f8a3f acl: remove most of the rest of structs/acl_legacy.go
3 years ago
Kyle Havlovitz 04cd2c983e Add new service-exports config entry
3 years ago
Jared Kirschner 14af8cb7a9
Merge pull request #11293 from bisakhmondal/service_filter
3 years ago
R.B. Boyer cc2abb79ba
acl: small OSS refactors to help ensure that auth methods with namespace rules work with partitions (#11323)
3 years ago
Bisakh Mondal a350a383d3
add service resolver subset filter validation
3 years ago
tarat44 166269f93b preload json values in structs to determine defaults
3 years ago
tarat44 ecdcfd6360 only set default on H2PingUseTLS if H2PING is set
3 years ago
tarat44 1e8e44d442 fix formatting
3 years ago
tarat44 c1ed3a9a94 change config option to H2PingUseTLS
3 years ago
tarat44 3c9f5a73d9 add support for h2c in h2 ping health checks
3 years ago
Daniel Nephin 3ac910606c acl: remove reading of serf acl tags
3 years ago
Daniel Nephin 8e9773e20b acl: remove ACL.GetPolicy endpoint and resolve legacy acls
3 years ago
Daniel Nephin 6e1ebd3df7 acl: remove the last of the legacy FSM
3 years ago
Daniel Nephin ed928511ca acl: remove bootstrap-init FSM operation
3 years ago
Daniel Nephin 05f0cc3993 acl: remove ACLDelete FSM command, and state store function
3 years ago
Daniel Nephin 966e50e00e acl: remove legacy field to ACLBoostrap
3 years ago
Daniel Nephin ea4a8343cd
Merge pull request #11177 from hashicorp/dnephin/remove-entmeta-methods
3 years ago
Daniel Nephin 4c579a49ed
Merge pull request #10986 from hashicorp/dnephin/acl-legacy-remove-rpc
3 years ago
Daniel Nephin eb632c53a2 structs: rename the last helper method.
3 years ago
Daniel Nephin 8d8c1f9d5e structs: remove another helper
3 years ago
Daniel Nephin 6d72517682 structs: remove two methods that were only used once each.
3 years ago
Chris S. Kim 5c37819d09
Cleanup unnecessary normalizing method (#11169)
3 years ago
Paul Banks 7b4cbe3143 Final readability tweaks from review
3 years ago
Paul Banks 07f81991df Refactor SDS validation to make it more contained and readable
3 years ago
Paul Banks 2281d883b9 Fix some more Enterprise Normalization issues affecting tests
3 years ago
Paul Banks 659321d008 Handle namespaces in route names correctly; add tests for enterprise
3 years ago
Paul Banks 4e39f03d5b Add ingress-gateway config for SDS
3 years ago
Daniel Nephin e7c63004a8 acl: remove a couple legacy ACL operation constants
3 years ago
Daniel Nephin 868bfc7a0a acl: Remove unused ACLPolicyIDType
3 years ago
Daniel Nephin aee8a9511d
Merge pull request #10985 from hashicorp/dnephin/acl-legacy-remove-replication
3 years ago
R.B. Boyer ca73abdea1
acl: fix intention:*:write checks (#11061)
3 years ago
Freddy fcef19f94b
acl: small resolver changes to account for partitions (#11052)
3 years ago
Freddy e18f3c1f6d
Update error texts (#11022)
3 years ago
Daniel Nephin 1f9479603c
Add failures_before_warning to checks (#10969)
3 years ago
Paul Banks b38e84df63 Include namespace and partition in error messages when validating ingress header manip
3 years ago
Paul Banks 1079089f20 Refactor HTTPHeaderModifiers.MergeDefaults based on feedback
3 years ago
Paul Banks 9e4e204e96 Fix enterprise test failures caused by differences in normalizing EnterpriseMeta
3 years ago
Paul Banks 3004eadd08 Fix enterprise discovery chain tests; Fix multi-level split merging
3 years ago
Paul Banks b5ae00d753 Remove unnecessary check
3 years ago
Paul Banks 1b9632531a Integration tests for all new header manip features
3 years ago
Paul Banks e22cc9c53a Header manip for split legs plumbing
3 years ago
Paul Banks f439dfc04f Ingress gateway header manip plumbing
3 years ago
Paul Banks d776a2d236 Add HTTP header manip for router and splitter entries
3 years ago
Paul Banks 46e4041283 Header manip and validation added for ingress-gateway entries
3 years ago
Chris S. Kim 9bbfa048a2
Sync enterprise changes to oss (#10994)
3 years ago
Kyle Havlovitz a14950025a
Merge pull request #10984 from hashicorp/mesh-resource
3 years ago
Dhia Ayachi bc0e4f2f46
partition dicovery chains (#10983)
3 years ago
Daniel Nephin f063402b29 acl: remove ACL.IsSame
3 years ago
Daniel Nephin d63cef1219 acl: remove legacy ACL replication
3 years ago
R.B. Boyer ee372a854a acl: adding a new mesh resource
3 years ago
Dhia Ayachi 09197c989c
add partition to SNI when partition is non default (#10917)
3 years ago
Chris S. Kim 45dcc8b553
api: expose upstream routing configurations in topology view (#10811)
3 years ago
R.B. Boyer a6d22efb49
acl: some acl authz refactors for nodes (#10909)
3 years ago
freddygv 85878685b7 Fixup proxy config test fixtures
3 years ago
Dhia Ayachi 1950ebbe1f
oss portion of ent #1069 (#10883)
3 years ago
R.B. Boyer 097e1645e3
agent: ensure that most agent behavior correctly respects partition configuration (#10880)
3 years ago
R.B. Boyer 310e775a8a
state: partition nodes and coordinates in the state store (#10859)
3 years ago
Daniel Nephin e637cd71f3 acl: use authz consistently as the variable name for an acl.Authorizer
3 years ago
Kyle Havlovitz 073b6c8411 oss: Rename default partition
3 years ago
Daniel Nephin d3325b0253
Merge pull request #10612 from bigmikes/acl-replication-fix
3 years ago
Daniel Nephin 5b2e5882b4 acl: move check for Intention.DestinationName into Authorizer
3 years ago
Daniel Nephin 9cdd823ffc
Merge pull request #10737 from hashicorp/dnephin/remove-authorizer-nil-checks
3 years ago
Evan Culver 710bd90ef7
checks: Add Interval and Timeout to API response (#10717)
3 years ago
Daniel Nephin f497d5ab30 acl: remove many instances of authz == nil
3 years ago
Evan Culver 727b81a757 Fix intention endpoint test
3 years ago
Chris S. Kim 9c3af1a429
sync enterprise files with oss (#10705)
3 years ago
Chris S. Kim 91c90a672a
agent: update proxy upstreams to inherit namespace from service (#10688)
3 years ago
R.B. Boyer 96b97d6554
replumbing a bunch of api and agent structs for partitions (#10681)
3 years ago
R.B. Boyer fc9b1a277d
sync changes to oss files made in enterprise (#10670)
3 years ago
R.B. Boyer 188e8dc51f
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669)
3 years ago
Evan Culver 0527dcff57
acls: Show `AuthMethodNamespace` when reading/listing ACL token meta (#10598)
3 years ago
Giulio Micheloni 814ef6b103 acl: fix error type into a string type for serialization issue
3 years ago
Giulio Micheloni 529fe737ef acl: acl replication routine to report the last error message
3 years ago
Evan Culver 13bd86527b
Add support for returning ACL secret IDs for accessors with acl:write (#10546)
3 years ago
Daniel Nephin 2c4f22a9f0
Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period
3 years ago
jkirschner-hashicorp 5f73de6fbc
Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable
3 years ago
Daniel Nephin 3a045cca8d ca: remove unused RotationPeriod field
3 years ago
Jared Kirschner bd536151e1 Replace use of 'sane' where appropriate
3 years ago
Daniel Nephin 16b21b0864 http: add an X-Consul-Query-Backend header to responses
3 years ago
R.B. Boyer ed8a901be7
connect: include optional partition prefixes in SPIFFE identifiers (#10507)
3 years ago
R.B. Boyer e3835ac6a1
structs: prohibit config entries from referencing more than one partition at a time (#10478)
3 years ago
R.B. Boyer 8344b7fe2e
structs: prevent service-defaults upstream configs from using wildcard names or namespaces (#10475)
3 years ago
R.B. Boyer ac50db9087
structs: add some missing config entry validation and clean up tests (#10465)
3 years ago
Freddy 3ee66b2e9a
Omit empty tproxy config in JSON responses (#10402)
4 years ago
Freddy ffb13f35f1
Rename CatalogDestinationsOnly (#10397)
4 years ago
Freddy 33bd9b5be8
Relax validation for expose.paths config (#10394)
4 years ago
Freddy 429f9d8bb8
Add flag for transparent proxies to dial individual instances (#10329)
4 years ago
Daniel Nephin ba15f92a8a structs: fix cache keys
4 years ago
Daniel Nephin 920ae31598 structs: add two cache completeness tests types that implement cache.Request
4 years ago
Daniel Nephin 46dfdb611f structs: improve the interface of assertCacheInfoKeyIsComplete
4 years ago
Daniel Nephin 7c2957e24d structs: Add more cache key tests
4 years ago
Dhia Ayachi f785c5b332
RPC Timeout/Retries account for blocking requests (#8978)
4 years ago
R.B. Boyer 597448da47
server: ensure that central service config flattening properly resets the state each time (#10239)
4 years ago
R.B. Boyer 7e1d7803b8
agent: ensure we hash the non-deprecated upstream fields on ServiceConfigRequest (#10240)
4 years ago
Iryna Shustava d7d44f6ae7
Save exposed ports in agent's store and expose them via API (#10173)
4 years ago
Mark Anderson 751fe7e314 Fixup more structs_test
4 years ago
Mark Anderson 4d0346bc46 Fixup filtering tests
4 years ago
Daniel Nephin 347f3d2128
Merge pull request #10155 from hashicorp/dnephin/config-entry-remove-fields
4 years ago
Daniel Nephin c8c85523e1 config-entries: add a test for the API client
4 years ago
Mark Anderson 8040f91a43 Add support for downstreams
4 years ago
Mark Anderson 583ae65d5b Convert mode to string representation
4 years ago
Mark Anderson 06f0f79218 Continue working through proxy and agent
4 years ago
Mark Anderson 8b1217417a First changes for unix domain sockets upstreams
4 years ago
Freddy ed1082510d
Fixup discovery chain handling in transparent mode (#10168)
4 years ago
Daniel Nephin a07a58a873 config-entry: use custom MarshalJSON for mesh type
4 years ago
Daniel Nephin 62efaaab21 config-entry: remove Kind and Name field from Mesh config entry
4 years ago
Freddy 701b49f772
Rename cluster config files to mesh as well (#10148)
4 years ago
Freddy 078c40425f
Rename "cluster" config entry to "mesh" (#10127)
4 years ago
Daniel Nephin 2e4dc7b705
Merge pull request #10045 from hashicorp/dnephin/state-proxy-defaults
4 years ago
Freddy f265dd635f
Disallow * as service-defaults name (#10069)
4 years ago
R.B. Boyer 70f1ba3a2b
fix test when run in enterprise (#10048)
4 years ago
freddygv a0f3591aee Don't panic on nil UpstreamConfiguration.Clone()
4 years ago
Daniel Nephin b57b3726d2 state: remove unnecessary kind index
4 years ago
Freddy 3be304be16
Merge pull request #10016 from hashicorp/topology-update
4 years ago
Freddy 439a7fce2d
Split Upstream.Identifier() so non-empty namespace is always prepended in ent (#10031)
4 years ago
R.B. Boyer 4db8b78854
connect: update centralized upstreams representation in service-defaults (#10015)
4 years ago
Matt Keeler bbf5993534
Move static token resolution into the ACLResolver (#10013)
4 years ago
freddygv 8e74eaa684 Update viz endpoint to include topology from intentions
4 years ago
freddygv e1808af729 Fixup tests
4 years ago
freddygv 7cb3f32672 Convert new tproxy structs in api module into ptrs
4 years ago
Freddy 8fc60a6ca6
Merge pull request #10000 from hashicorp/remove-upstream-cfg-validation
4 years ago
freddygv 932fbddd27 Augment intention decision summary with DefaultAllow mode
4 years ago
freddygv b8ed82b808 Fixup bexpr filtering
4 years ago
freddygv d7c43049fa Remove zero-value validation of upstream cfg structs
4 years ago
freddygv 7bd51ff536 Replace TransparentProxy bool with ProxyMode
4 years ago
freddygv 98ba582797 Fixup mesh gateway docs
4 years ago
Tara Tufano 9deb52e868
add http2 ping health checks (#8431)
4 years ago
freddygv b21224a4c8 PR comments
4 years ago
freddygv ab752c1c86 Avoid sending zero-value upstream defaults from api
4 years ago
freddygv 986bcccbea Pass down upstream defaults to client proxies
4 years ago
freddygv 77ead5cca9 Prevent wildcard destinations for proxies and upstreams
4 years ago
freddygv 458eb41be1 Prevent synthetic upstreams without addresses from failing duplicate ip/port validation
4 years ago
R.B. Boyer d4c401b350
missed build tag on this file (#9974)
4 years ago
R.B. Boyer 499fee73b3
connect: add toggle to globally disable wildcard outbound network access when transparent proxy is enabled (#9973)
4 years ago
Daniel Nephin d879fe581d state: Move UpstreamDownstream to state package
4 years ago
Daniel Nephin 65f5b99247 state: add tests for mesh-topology table indexers
4 years ago
Freddy 1c13aa23f1
Merge pull request #9900 from hashicorp/ent-fixes
4 years ago
Freddy 0bab999fe4
Merge pull request #9899 from hashicorp/wildcard-ixn-oss
4 years ago
freddygv 098b9af901 Fixup enterprise tests from tproxy changes
4 years ago
freddygv 9713e3ba38 Add methods to check intention has wildcard src or dst
4 years ago
freddygv 52bf00de8b Split up normalizing from defaulting values for upstream cfg
4 years ago
freddygv f4f45af6d0 Merge master and fix upstream config protocol defaulting
4 years ago
Freddy 8207b832df
Add TransparentProxy option to proxy definitions
4 years ago
Freddy c664938bae
Add per-upstream configuration to service-defaults
4 years ago
freddygv a54d6a9010 Update proxycfg for transparent proxy
4 years ago
Daniel Nephin 9f03e23e44
Merge pull request #9881 from hashicorp/dnephin/state-index-service-check-nodes
4 years ago
Daniel Nephin bd6332ae25
Merge pull request #9863 from hashicorp/dnephin/config-entry-kind-name
4 years ago
Christopher Broglie f0307c73e5 Add support for configuring TLS ServerName for health checks
4 years ago
Daniel Nephin 34eb6c01ff state: convert services.node and checks.node indexes
4 years ago
freddygv 4bdbcff9c0 Fixup upstream test
4 years ago
freddygv 6090cfcf68 PR comments
4 years ago
freddygv 7df846aa24 Pass MeshGateway config in service config request
4 years ago
freddygv 8b46d8dcbb Restore old Envoy prefix on escape hatches
4 years ago
freddygv 93c3c1780d Only lowercase the protocol when normalizing
4 years ago
freddygv 41b2ba1e58 Add omitempty across the board for UpstreamConfig
4 years ago
freddygv 756ab4c546 Fixup protobufs and tests
4 years ago
freddygv df1f3995f8 Update service manager to store centrally configured upstreams
4 years ago
freddygv 6fd30d0384 Add TransparentProxy opt to proxy definition
4 years ago
freddygv 306ef7d252 Restore old escape hatch alias
4 years ago
freddygv e3dc2a49df Turn Limits and PassiveHealthChecks into pointers
4 years ago
freddygv acec711a6a Update server-side config resolution and client-side merging
4 years ago
freddygv 1710ec87d2 finish moving UpstreamConfig and related fields to structs pkg
4 years ago
Daniel Nephin b06b3dd8f8 state: move ConfigEntryKindName
4 years ago
Daniel Nephin 71b0f0a7a6 structs: remove EnterpriseMeta.GetNamespace
4 years ago
freddygv 87cde19b4c Create new types for service-defaults upstream cfg
4 years ago
Daniel Nephin 5c8a6311b6
Merge pull request #9703 from pierresouchay/streaming_tags_and_case_insensitive
4 years ago
John Cowen 5892e75452
ui: Remove any trailing fullstop/period DNS characters from Gateways UI API (#9752)
4 years ago
Mark Anderson b9d22f48cd
Add fields to the /acl/auth-methods endpoint. (#9741)
4 years ago
Daniel Nephin d1772ae305 structs: rename EnterpriseMeta constructor
4 years ago
Pierre Souchay 6f91085869 Use lower case for serviceName computation of cache keys
4 years ago
R.B. Boyer 03790a1f91
server: add OSS stubs supporting validation of source namespaces in service-intentions config entries (#9527)
4 years ago