consul

Commit Graph

Author	SHA1	Message	Date
Paul Banks	1722734313	Verify trust domain on /authorize calls	7 years ago
Paul Banks	b4803eca59	Generate CSR using real trust-domain	7 years ago
Mitchell Hashimoto	e54e69d11f	agent: verify local proxy tokens for CA leaf + tests	7 years ago
Mitchell Hashimoto	a099c27b07	agent: verify proxy token for ProxyConfig endpoint + tests	7 years ago
Mitchell Hashimoto	171bf8d599	agent: clean up defaulting of proxy configuration This cleans up and unifies how proxy settings defaults are applied.	7 years ago
Mitchell Hashimoto	3d3eee2f6e	agent: resolve some conflicts and fix tests	7 years ago
Mitchell Hashimoto	1a2b28602c	agent: start proxy manager	7 years ago
Mitchell Hashimoto	476ea7b04a	agent: start/stop proxies	7 years ago
Mitchell Hashimoto	aaa2431350	agent: change connect command paths to be slices, not strings This matches other executable configuration and allows us to cleanly separate executable from arguments without trying to emulate shell parsing.	7 years ago
Paul Banks	e0e12e165b	TLS watching integrated into Service with some basic tests. There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.	7 years ago
Paul Banks	90c574ebaa	Wire up agent leaf endpoint to cache framework to support blocking.	7 years ago
Paul Banks	cd88b2a351	Basic `watch` support for connect proxy config and certificate endpoints. - Includes some bug fixes for previous `api` work and `agent` that weren't tested - Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches. - Integration into `connect` is partially done here but still WIP	7 years ago
Mitchell Hashimoto	8c1d5a2cdc	agent: resolve flaky test by checking cache hits increase, rather than exact	7 years ago
Mitchell Hashimoto	051f004683	agent: use helper/retry instead of timing related tests	7 years ago
Mitchell Hashimoto	6c01e402e0	agent: augment /v1/connect/authorize to cache intentions	7 years ago
Mitchell Hashimoto	917a9e63d5	agent: check cache hit count to verify CA root caching, background update	7 years ago
Paul Banks	36dbd878c9	Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.	7 years ago
Paul Banks	d73f079d0f	Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test.	7 years ago
Paul Banks	2a69663448	Agent Connect Proxy config endpoint with hash-based blocking	7 years ago
Paul Banks	3e3f0e1f31	HTTP agent registration allows proxy to be defined.	7 years ago
Paul Banks	88541bba17	Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works. Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.	7 years ago
Mitchell Hashimoto	95da20ffd7	agent: rename authorize param ClientID to ClientCertURI	7 years ago
Mitchell Hashimoto	ac72a0c5fd	agent: ACL checks for authorize, default behavior	7 years ago
Mitchell Hashimoto	86a8ce45b9	agent: /v1/agent/connect/authorize is functional, with tests	7 years ago
Mitchell Hashimoto	c2588262b7	agent: /v1/connect/ca/leaf/:service_id	7 years ago
Mitchell Hashimoto	571d9aa785	agent: CA root HTTP endpoints	7 years ago
Mitchell Hashimoto	22a0eb6c67	agent: commenting some tests	7 years ago
Mitchell Hashimoto	6313bc5615	agent: clarified a number of comments per PR feedback	7 years ago
Mitchell Hashimoto	3b07686648	agent: remove ConnectProxyServiceName	7 years ago
Mitchell Hashimoto	714026dfb7	agent: validate service entry on register	7 years ago
Mitchell Hashimoto	9781cb1ace	agent/local: anti-entropy for connect proxy services	7 years ago
Mitchell Hashimoto	68107e9767	agent: /v1/agent/services test with connect proxies (works w/ no change)	7 years ago
Matt Keeler	08e26d10b8	Merge branch 'master' of github.com:hashicorp/consul into rpc-limiting # Conflicts: # agent/agent.go # agent/consul/client.go	7 years ago
Kyle Havlovitz	b73323aa42	Remove the script field from checks in favor of args	7 years ago
Pierre Souchay	c152cb7bdf	Added Missing Service Meta synchronization and field	7 years ago
Jared Wasinger	255492bb2d	add unit tests: limits configuration should be reloadable	7 years ago
Josh Soref	94835a2715	Spelling (#3958 ) * spelling: another * spelling: autopilot * spelling: beginning * spelling: circonus * spelling: default * spelling: definition * spelling: distance * spelling: encountered * spelling: enterprise * spelling: expands * spelling: exits * spelling: formatting * spelling: health * spelling: hierarchy * spelling: imposed * spelling: independence * spelling: inspect * spelling: last * spelling: latest * spelling: client * spelling: message * spelling: minimum * spelling: notify * spelling: nonexistent * spelling: operator * spelling: payload * spelling: preceded * spelling: prepared * spelling: programmatically * spelling: required * spelling: reconcile * spelling: responses * spelling: request * spelling: response * spelling: results * spelling: retrieve * spelling: service * spelling: significantly * spelling: specifies * spelling: supported * spelling: synchronization * spelling: synchronous * spelling: themselves * spelling: unexpected * spelling: validations * spelling: value	7 years ago
James Phillips	29367cd5ae	Moves ACL disabled response logic down into endpoints. This lets us make the registration of endpoints less fancy, on the road to adding a registration mechanism.	7 years ago
James Phillips	aa199ab6ba	Makes the metrics ACL test call the right endpoint. This also required setting up a proper in-mem sink so we don't get metrics-related errors. Fixes #3655	7 years ago
Frank Schroeder	8f145559d8	Decouple the code that executes checks from the agent	7 years ago
Frank Schroeder	de57b16d99	local state: address review comments * move non-blocking notification mechanism into ae.Trigger * move Pause/Resume into separate type	7 years ago
Frank Schroeder	b803bf3091	local state: tests compile	7 years ago
Frank Schroeder	9ed4b2d631	Revert "local state: tests compile" This reverts commit `1af52bf7be`.	7 years ago
Frank Schroeder	46641e44d9	Revert "local state: address review comments" This reverts commit `1d315075b1`.	7 years ago
Frank Schroeder	1d315075b1	local state: address review comments * move non-blocking notification mechanism into ae.Trigger * move Pause/Resume into separate type	7 years ago
Frank Schroeder	1af52bf7be	local state: tests compile	7 years ago
James Phillips	53f67c3993	Fixes API client for ScriptArgs and updates documentation. (#3589 ) * Updates the API client to support the current `ScriptArgs` parameter for checks. * Updates docs for checks to explain the `ScriptArgs` parameter issue. * Adds mappings for "args" and "script-args" to give th API parity with config. * Adds checks on return codes. * Removes debug logging that shows empty when args are used.	7 years ago
Frank Schröder	759ef8a1d4	config: add generic method to translate between CamelCase and snake_case (#3557 ) * doc: document discrepancy between id and CheckID * doc: document enable_tag_override change * config: add TranslateKeys helper TranslateKeys makes it easier to map between different representations of internal structures. It allows to recursively map alias keys to canonical keys in structured maps. * config: use TranslateKeys for config file This also adds support for 'enabletagoverride' and removes the need for a separate CheckID alias field. * config: remove dead code * agent: use TranslateKeys for FixupCheckType * agent: translate enable_tag_override during service registration * doc: add '.hcl' as valid extension * config: map ScriptArgs to args * config: add comment for TranslateKeys	7 years ago
Frank Schröder	ce887a0c45	Provide stable config for agent/self (#3532 ) * config: provide stable config for /v1/agent/self (#3530) This patch adds a stable subset of the previous Config struct to the agent/self response. The actual runtime configuration is moved into DebugConfig and will be documented to change. Fixes #3530 * config: fix tests * doc: update api documentation for /v1/agent/self	7 years ago
Frank Schröder	21118cafeb	Recursive sanitize (#3505 ) * vendor: add github.com/sergi/go-diff/diffmatchpatch for diff'ing test output * config: refactor Sanitize to recursively clean runtime config and format complex fields * Removes an extra int cast. * Adds a top-level check test case for sanitization.	7 years ago
Frank Schröder	1e461110e6	agent: consolidate handling of 405 Method Not Allowed (#3405 ) * agent: consolidate http method not allowed checks This patch uses the error handling of the http handlers to handle HTTP method not allowed errors across all available endpoints. It also adds a test for testing whether the endpoints respond with the correct status code. * agent: do not panic on metrics tests * agent: drop other tests for MethodNotAllowed * agent: align /agent/join with reality /agent/join uses PUT instead of GET as documented. * agent: align /agent/check/{fail,warn,pass} with reality /agent/check/{fail,warn,pass} uses PUT instead of GET as documented. * fix some tests * Drop more tests for method not allowed * Align TestAgent_RegisterService_InvalidAddress with reality * Changes API client join to use PUT instead of GET. * Fixes agent endpoint verbs and removes obsolete tests. * Updates the change log.	7 years ago
Frank Schröder	12216583a1	New config parser, HCL support, multiple bind addrs (#3480 ) * new config parser for agent This patch implements a new config parser for the consul agent which makes the following changes to the previous implementation: * add HCL support * all configuration fragments in tests and for default config are expressed as HCL fragments * HCL fragments can be provided on the command line so that they can eventually replace the command line flags. * HCL/JSON fragments are parsed into a temporary Config structure which can be merged using reflection (all values are pointers). The existing merge logic of overwrite for values and append for slices has been preserved. * A single builder process generates a typed runtime configuration for the agent. The new implementation is more strict and fails in the builder process if no valid runtime configuration can be generated. Therefore, additional validations in other parts of the code should be removed. The builder also pre-computes all required network addresses so that no address/port magic should be required where the configuration is used and should therefore be removed. * Upgrade github.com/hashicorp/hcl to support int64 * improve error messages * fix directory permission test * Fix rtt test * Fix ForceLeave test * Skip performance test for now until we know what to do * Update github.com/hashicorp/memberlist to update log prefix * Make memberlist use the default logger * improve config error handling * do not fail on non-existing data-dir * experiment with non-uniform timeouts to get a handle on stalled leader elections * Run tests for packages separately to eliminate the spurious port conflicts * refactor private address detection and unify approach for ipv4 and ipv6. Fixes #2825 * do not allow unix sockets for DNS * improve bind and advertise addr error handling * go through builder using test coverage * minimal update to the docs * more coverage tests fixed * more tests * fix makefile * cleanup * fix port conflicts with external port server 'porter' * stop test server on error * do not run api test that change global ENV concurrently with the other tests * Run remaining api tests concurrently * no need for retry with the port number service * monkey patch race condition in go-sockaddr until we understand why that fails * monkey patch hcl decoder race condidtion until we understand why that fails * monkey patch spurious errors in strings.EqualFold from here * add test for hcl decoder race condition. Run with go test -parallel 128 * Increase timeout again * cleanup * don't log port allocations by default * use base command arg parsing to format help output properly * handle -dc deprecation case in Build * switch autopilot.max_trailing_logs to int * remove duplicate test case * remove unused methods * remove comments about flag/config value inconsistencies * switch got and want around since the error message was misleading. * Removes a stray debug log. * Removes a stray newline in imports. * Fixes TestACL_Version8. * Runs go fmt. * Adds a default case for unknown address types. * Reoders and reformats some imports. * Adds some comments and fixes typos. * Reorders imports. * add unix socket support for dns later * drop all deprecated flags and arguments * fix wrong field name * remove stray node-id file * drop unnecessary patch section in test * drop duplicate test * add test for LeaveOnTerm and SkipLeaveOnInt in client mode * drop "bla" and add clarifying comment for the test * split up tests to support enterprise/non-enterprise tests * drop raft multiplier and derive values during build phase * sanitize runtime config reflectively and add test * detect invalid config fields * fix tests with invalid config fields * use different values for wan sanitiziation test * drop recursor in favor of recursors * allow dns_config.udp_answer_limit to be zero * make sure tests run on machines with multiple ips * Fix failing tests in a few more places by providing a bind address in the test * Gets rid of skipped TestAgent_CheckPerformanceSettings and adds case for builder. * Add porter to server_test.go to make tests there less flaky * go fmt	7 years ago
James Phillips	b1a15e0c3d	Adds open source side of network segments (feature is Enterprise-only).	7 years ago
Frank Schröder	a3934c263c	acl: consolidate error handling (#3401 ) The error handling of the ACL code relies on the presence of certain magic error messages. Since the error values are sent via RPC between older and newer consul agents we cannot just replace the magic values with typed errors and switch to type checks since this would break compatibility with older clients. Therefore, this patch moves all magic ACL error messages into the acl package and provides default error values and helper functions which determine the type of error.	7 years ago
Frank Schroeder	1acff3533e	agent: move agent/consul/structs to agent/structs	7 years ago
Kyle Havlovitz	c1c883f441	Add doc links for metrics endpoint	7 years ago
James Phillips	4bee2e49f5	Adds secure introduction for the ACL replication token. (#3357 ) Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.	7 years ago
James Phillips	496b0bcf07	Adds support for agent-side ACL token management via API instead of config files. (#3324 ) * Adds token store and removes all runtime use of config for ACL tokens. * Adds a new API for changing agent tokens on the fly.	7 years ago
James Phillips	0881e46111	Cleans up version 8 ACLs in the agent and the docs. (#3248 ) * Moves magic check and service constants into shared structs package. * Removes the "consul" service from local state. Since this service is added by the leader, it doesn't really make sense to also keep it in local state (which requires special ACLs to configure), and requires a bunch of special cases in the local state logic. This requires fewer special cases and makes ACL bootstrapping cleaner. * Makes coordinate update ACL log message a warning, similar to other AE warnings. * Adds much more detailed examples for bootstrapping ACLs. This can hopefully replace https://gist.github.com/slackpad/d89ce0e1cc0802c3c4f2d84932fa3234.	7 years ago
James Phillips	4a3604a3ee	Removes some useless comments.	8 years ago
James Phillips	6977e40077	Fixes watch tracking during reloads and fixes address issue. (#3189 ) This patch fixes watch registration through the config file and a broken log line when the watch registration fails. It also plumbs all the watch loading through a common function and tweaks the unit test to create the watch before the reload.	8 years ago
Frank Schröder	31a310f551	agent: notify systemd after JoinLAN (#2121 ) This patch adds support for notifying systemd via the NOTIFY_SOCKET by sending 'READY=1' to the socket after a successful JoinLAN. Fixes #2121	8 years ago
Frank Schroeder	c49a15d0f3	agent: move structs into consul/structs pkg * CheckDefinition * ServiceDefinition * CheckType	8 years ago
Frank Schroeder	1c75cf1af5	pkg refactor command/agent/* -> agent/* command/consul/* -> agent/consul/* command/agent/command{,_test}.go -> command/agent{,_test}.go command/base/command.go -> command/base.go command/base/* -> command/* commands.go -> command/commands.go The script which did the refactor is: ( cd $GOPATH/src/github.com/hashicorp/consul git mv command/agent/command.go command/agent.go git mv command/agent/command_test.go command/agent_test.go git mv command/agent/flag_slice_value{,_test}.go command/ git mv command/agent . git mv command/base/command.go command/base.go git mv command/base/config_util{,_test}.go command/ git mv commands.go command/ git mv consul agent rmdir command/base/ gsed -i -e 's\|package agent\|package command\|' command/agent{,_test}.go gsed -i -e 's\|package agent\|package command\|' command/flag_slice_value{,_test}.go gsed -i -e 's\|package base\|package command\|' command/base.go command/config_util{,_test}.go gsed -i -e 's\|package main\|package command\|' command/commands.go gsed -i -e 's\|base.Command\|BaseCommand\|' command/commands.go gsed -i -e 's\|agent.Command\|AgentCommand\|' command/commands.go gsed -i -e 's\|\tCommand:\|\tBaseCommand:\|' command/commands.go gsed -i -e 's\|base\.\|\|' command/commands.go gsed -i -e 's\|command\.\|\|' command/commands.go gsed -i -e 's\|command\|c\|' main.go gsed -i -e 's\|range Commands\|range command.Commands\|' main.go gsed -i -e 's\|Commands: Commands\|Commands: command.Commands\|' main.go gsed -i -e 's\|base\.BoolValue\|BoolValue\|' command/operator_autopilot_set.go gsed -i -e 's\|base\.DurationValue\|DurationValue\|' command/operator_autopilot_set.go gsed -i -e 's\|base\.StringValue\|StringValue\|' command/operator_autopilot_set.go gsed -i -e 's\|base\.UintValue\|UintValue\|' command/operator_autopilot_set.go gsed -i -e 's\|\bCommand\b\|BaseCommand\|' command/base.go gsed -i -e 's\|BaseCommand Options\|Command Options\|' command/base.go gsed -i -e 's\|base.Command\|BaseCommand\|' command/.go gsed -i -e 's\|c\.Command\|c.BaseCommand\|g' command/.go gsed -i -e 's\|\tCommand:\|\tBaseCommand:\|' command/_test.go gsed -i -e 's\|base\.\|\|' command/_test.go gsed -i -e 's\|\bCommand\b\|AgentCommand\|' command/agent{,_test}.go gsed -i -e 's\|cmd.AgentCommand\|cmd.BaseCommand\|' command/agent.go gsed -i -e 's\|cli.AgentCommand = new(Command)\|cli.Command = new(AgentCommand)\|' command/agent_test.go gsed -i -e 's\|exec.AgentCommand\|exec.Command\|' command/agent_test.go gsed -i -e 's\|exec.BaseCommand\|exec.Command\|' command/agent_test.go gsed -i -e 's\|NewTestAgent\|agent.NewTestAgent\|' command/agent_test.go gsed -i -e 's\|= TestConfig\|= agent.TestConfig\|' command/agent_test.go gsed -i -e 's\|: RetryJoin\|: agent.RetryJoin\|' command/agent_test.go gsed -i -e 's\|\.\./\.\./\|../\|' command/config_util_test.go gsed -i -e 's\|\bverifyUniqueListeners\|VerifyUniqueListeners\|' agent/config{,_test}.go command/agent.go gsed -i -e 's\|\bserfLANKeyring\b\|SerfLANKeyring\|g' agent/{agent,keyring,testagent}.go command/agent.go gsed -i -e 's\|\bserfWANKeyring\b\|SerfWANKeyring\|g' agent/{agent,keyring,testagent}.go command/agent.go gsed -i -e 's\|\bNewAgent\b\|agent.New\|g' command/agent{,_test}.go gsed -i -e 's\|\bNewAgent\|New\|' agent/{acl_test,agent,testagent}.go gsed -i -e 's\|\bAgent\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bBool\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bConfig\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bDefaultConfig\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bDevConfig\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bMergeConfig\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bReadConfigPaths\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bParseMetaPair\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bSerfLANKeyring\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|\bSerfWANKeyring\b\|agent.&\|g' command/agent{,_test}.go gsed -i -e 's\|circonus\.agent\|circonus\|g' command/agent{,_test}.go gsed -i -e 's\|logger\.agent\|logger\|g' command/agent{,_test}.go gsed -i -e 's\|metrics\.agent\|metrics\|g' command/agent{,_test}.go gsed -i -e 's\|// agent.Agent\|// agent\|' command/agent{,_test}.go gsed -i -e 's\|a\.agent\.Config\|a.Config\|' command/agent{,_test}.go gsed -i -e 's\|agent\.AppendSliceValue\|AppendSliceValue\|' command/{configtest,validate}.go gsed -i -e 's\|consul/consul\|agent/consul\|' GNUmakefile gsed -i -e 's\|\.\./test\|../../test\|' agent/consul/server_test.go # fix imports f=$(grep -rl 'github.com/hashicorp/consul/command/agent' * \| grep '\.go') gsed -i -e 's\|github.com/hashicorp/consul/command/agent\|github.com/hashicorp/consul/agent\|' $f goimports -w $f f=$(grep -rl 'github.com/hashicorp/consul/consul' * \| grep '\.go') gsed -i -e 's\|github.com/hashicorp/consul/consul\|github.com/hashicorp/consul/agent/consul\|' $f goimports -w $f goimports -w command/*.go main.go )	8 years ago

1 2 3 4

164 Commits (a33c50ef0dd6f72e1f9c2047be919bb2ded0cd30)