Commit Graph

2115 Commits (b3db907bdfc25bbc239058b64b0a0b3904560c59)

Author SHA1 Message Date
Kyle Havlovitz f9672f9bf1 Make sure IngressHosts isn't parsed during JSON decode
5 years ago
Chris Piraino c44f877758 Comment why it is ok to expect upstreams slice to not be empty
5 years ago
Chris Piraino 881760f701 xds: Use only the port number as the configured route name
5 years ago
Kyle Havlovitz 89e6b16815 Filter wildcard gateway services to match listener protocol
5 years ago
Chris Piraino f40833d094 Allow Hosts field to be set on an ingress config entry
5 years ago
Chris Piraino b73a13fc9e Remove service_subset field from ingress config entry
5 years ago
Kyle Havlovitz 711d1389aa Support multiple listeners referencing the same service in gateway definitions
5 years ago
Kyle Havlovitz 247f9eaf13 Allow ingress gateways to route traffic based on Host header
5 years ago
R.B. Boyer a854e4d9c5
acl: oss plumbing to support auth method namespace rules in enterprise (#7794)
5 years ago
R.B. Boyer 3242d0816d
test: make the kube auth method test helper use freeport (#7788)
5 years ago
Hans Hasselberg 096a2f2f02 network_segments: stop advertising segment tags
5 years ago
Hans Hasselberg 995a24b8e4 agent: refactor to use a single addrFn
5 years ago
Hans Hasselberg 6994c0d47f agent: rename local/global to src/dst
5 years ago
Chris Piraino 69b44fb942
Construct a default destination if one does not exist for service-router (#7783)
5 years ago
R.B. Boyer 22eb016153
acl: add MaxTokenTTL field to auth methods (#7779)
5 years ago
R.B. Boyer ca52ba7068
acl: add DisplayName field to auth methods (#7769)
5 years ago
Hans Hasselberg c4093c87cc
agent: don't let left nodes hold onto their node-id (#7747)
5 years ago
Matt Keeler daec810e34
Merge pull request #7714 from hashicorp/oss-sync/msp-agent-token
5 years ago
Matt Keeler cbe3a70f56
Update enterprise configurations to be in OSS
5 years ago
R.B. Boyer 9533451a63
acl: refactor the authmethod.Validator interface (#7760)
5 years ago
R.B. Boyer 54ba8e3868
acl: change authmethod.Validator to take a logger (#7758)
5 years ago
R.B. Boyer 8927b54121
test: move some test helpers over from enterprise (#7754)
5 years ago
R.B. Boyer b282268408
sdk: extracting testutil.RequireErrorContains from various places it was duplicated (#7753)
5 years ago
Hans Hasselberg 51549bd232
rpc: oss changes for network area connection pooling (#7735)
5 years ago
Freddy 021f0ee36e
Watch fallback channel for gateways that do not exist (#7715)
5 years ago
Matt Keeler 7a4c73acaf
Updates to allow for using an enterprise specific token as the agents token
5 years ago
Matt Keeler bec3fb7c18
Some boilerplate to allow for ACL Bootstrap disabling configurability
5 years ago
Freddy 137a2c32c6
TLS Origination for Terminating Gateways (#7671)
5 years ago
freddygv 4710410cb5 Remove fallthrough
5 years ago
freddygv d1e6d668c2 Add authz filter when creating filterchain
5 years ago
freddygv 034d7d83d4 Fix snapshot IsEmpty
5 years ago
freddygv 3afe816a94 Clean up dead code, issue addressed by passing ws to serviceGatewayNodes
5 years ago
Freddy 3b1b24c2ce Update agent/proxycfg/state_test.go
5 years ago
freddygv eddd5bd73b PR comments
5 years ago
freddygv 77bb2f1002 Fix internal endpoint test
5 years ago
freddygv d82e7e8c2a Fix listener error handling
5 years ago
freddygv 6abc71f915 Skip filter chain creation if no client cert
5 years ago
freddygv 915db10903 Avoid deleting mappings for services linked to other gateways on dereg
5 years ago
freddygv cd28d4125d Re-fix bug in CheckConnectServiceNodes
5 years ago
freddygv 09a8e5f36d Use golden files for gateway certs and fix listener test flakiness
5 years ago
freddygv 840d27a9d5 Un-nest switch in gateway update handler
5 years ago
freddygv c0e1751878 Allow terminating-gateway to setup listener before servicegroups are known
5 years ago
freddygv 913b13f31f Add subset support
5 years ago
freddygv 9f233dece2 Fix ConnectQueryBlocking test
5 years ago
freddygv 86342e4bca Fix bug in CheckConnectServiceNodes
5 years ago
freddygv 219c78e586 Add xds cluster/listener/endpoint management
5 years ago
freddygv 24207226ca Add proxycfg state management for terminating-gateways
5 years ago
freddygv c9385129ae Require service:read to read terminating-gateway config
5 years ago
Matt Keeler a1648c61ae
A couple testing helper updates (#7694)
5 years ago
Kit Patella df14a7c694
Merge pull request #7699 from pierresouchay/fix_comment_misplaced
5 years ago
Chris Piraino ecc8a2d6f7 Allow ingress gateways to route through mesh gateways
5 years ago
Chris Piraino cb9df538d5 Add all the xds ingress tests
5 years ago
Chris Piraino 0ca9b606e8 Pull out setupTestVariationConfigEntriesAndSnapshot in proxycfg
5 years ago
Kyle Havlovitz e7b1ee55de Add http routing support and integration test to ingress gateways
5 years ago
Hans Hasselberg 1194fe441f
auto_encrypt: add validations for auto_encrypt.{tls,allow_tls} (#7704)
5 years ago
Pierre Souchay 5e79efc80f Fixed comment on wrong line.
5 years ago
Freddy 3956cff60f
Fix check deletion in anti-entropy sync (#7690)
5 years ago
Daniel Nephin d6e22a77e3 Remove deadcode
5 years ago
Daniel Nephin ff0d894101 agent: remove deadcode that called lib.TranslateKeys
5 years ago
Chris Piraino 115d2d5db5
Expect default enterprise metadata in gateway tests (#7664)
5 years ago
Kit Patella ccece5cd21 http: rename paresTokenResolveProxy to parseTokenWithDefault
5 years ago
Kit Patella e2467f4b2c
Merge pull request #7656 from hashicorp/feature/audit/oss-merge
5 years ago
Kit Patella 3b105435b8 agent,config: port enterprise only fields to embedded enterprise structs
5 years ago
Daniel Nephin 67d14d8349
Merge pull request #7641 from hashicorp/dnephin/agent-cache-request-info
5 years ago
Chris Piraino 6ef8ae9965
Fix bug where non-typical services are associated with gateways (#7662)
5 years ago
Daniel Nephin 81755c860a agent/cache: remove error return from fetch
5 years ago
Daniel Nephin 4ef9fc9f27 agent/cache: reduce function arguments by removing duplicates
5 years ago
Kit Patella 4a86cb12c1 config/runtime: fix an extra field in config sanitize
5 years ago
Daniel Nephin 5fe7043439 agent/cache: Make all cache options RegisterOptions
5 years ago
Kit Patella 927f584761 agent: stub out auditing functionality in OSS
5 years ago
Kyle Havlovitz e9e8c0e730
Ingress Gateways for TCP services (#7509)
5 years ago
Daniel Nephin f46d1b5c94 agent/structs: Remove ServiceID.Init and CheckID.Init
5 years ago
sasha ac9b330f6b
add DNSSAN and IPSAN to cache key (#7597)
5 years ago
Matt Keeler 6a78c24d67
Update the Client code to use the common version checking infra… (#7558)
5 years ago
Matt Keeler da893c36a1
Allow the bootstrap endpoint to be disabled in enterprise. (#7614)
5 years ago
Daniel Nephin 89f41bddfe Remove TTL from cacheEntryExpiry
5 years ago
Daniel Nephin 7246d8b6cb agent/cache: Reduce differences between notify implementations
5 years ago
Daniel Nephin 66fbb13976 agent/cache: Inline the refresh function to make recursion more obvious
5 years ago
Daniel Nephin faeaed5d0c agent/cache: Make the return values of getEntryLocked more obvious
5 years ago
Daniel Nephin e9e45545dd agent/cache: Small formatting improvements to improve readability
5 years ago
Daniel Nephin 329d76fd0e Remove SnapshotRPC passthrough
5 years ago
Daniel Nephin 1f25bf88b8
Merge pull request #7596 from hashicorp/dnephin/agent-cache-type-entry
5 years ago
Pierre Souchay 1b4218a068
fix flaky TestReplication_FederationStates test due to race conditions (#7612)
5 years ago
Pierre Souchay 4a6569a4e3
tests: change default http_max_conns_per_client to 250 to ease tests (#7625)
5 years ago
Freddy 9eb1867fbb
Terminating gateway discovery (#7571)
5 years ago
Freddy aae14b3951
Add decode rules for Expose cfg in service-defaults (#7611)
5 years ago
Matt Keeler 0e7d3d93b3
Enable filtering language support for the v1/connect/intentions… (#7593)
5 years ago
Daniel Nephin 8549cc2d99
Merge pull request #7598 from pierresouchay/preallocation_of_dns_meta
5 years ago
Pierre Souchay d1d016d61d
[LINT] Close resp.Body to avoid linter complaining (#7600)
5 years ago
Pierre Souchay c9e01ed0a3 Pre-allocations of DNS meta to avoid several allocations
5 years ago
Daniel Nephin c9a87be6ee agent/cache: move typeEntry lookup to the edge
5 years ago
Pierre Souchay 73056fecf8 Fixed unstable test TestForwardSignals()
5 years ago
Pierre Souchay 09e638a9c6
tests: more tolerance to latency for unstable test `TestCacheNotifyPolling()`. (#7574)
5 years ago
Matt Keeler 8aec09aa8f
Ensure that token clone copies the roles (#7577)
5 years ago
Chris Piraino 584f90bbeb
Fix flapping of mesh gateway connect-service watches (#7575)
5 years ago
Pierre Souchay 2a8bf45e38
agent: show warning when enable_script_checks is enabled without safty net (#7437)
5 years ago
Andy Lindeman fb0a990e4d
agent: rewrite checks with proxy address, not local service address (#7518)
5 years ago
Andy Lindeman c1cb18c648
proxycfg: support path exposed with non-HTTP2 protocol (#7510)
5 years ago
Pierre Souchay be1c5c4b48
config: validate system limits against limits.http_max_conns_per_client (#7434)
5 years ago
Shaker Islam ac309d55f4
docs: document exported functions in agent.go (closes #7101) (#7366)
5 years ago
Pierre Souchay 08acd6a03e [FIX BUILD] fix build due to merge of #7562
5 years ago
Daniel Nephin 0d8edc3e27
Merge pull request #7562 from hashicorp/dnephin/remove-tname-from-name
5 years ago
Daniel Nephin 190fc3c732
Merge pull request #7533 from hashicorp/dnephin/xds-server-1
5 years ago
Emre Savcı 2083b7b04d
agent: add len, cap while initializing arrays
5 years ago
Daniel Nephin e759daafdd Rename NewTestAgentWithFields to StartTestAgent
5 years ago
Daniel Nephin f9f6b14533 Convert the remaining calls to NewTestAgentWithFields
5 years ago
Daniel Nephin 0c409d460f
Merge pull request #7470 from hashicorp/dnephin/dns-unused-params
5 years ago
Pierre Souchay 54b22c638d
config: allow running `consul agent -dev -ui-dir=some_path` (#7525)
5 years ago
Daniel Nephin 475659a132 Remove name from NewTestAgent
5 years ago
Freddy 90576060bc
Add config entry for terminating gateways (#7545)
5 years ago
Kyle Havlovitz c911174327
Add config entry/state for Ingress Gateways (#7483)
5 years ago
Daniel Nephin 9d959907a4
Merge pull request #7485 from hashicorp/dnephin/do-not-skip-tests-on-ci
5 years ago
Daniel Nephin ad7c78f134 Remove t.Name() from TestAgent.Name
5 years ago
Daniel Nephin 231c99f7b4 Document Agent.LogOutput
5 years ago
Daniel Nephin dd40a1535e testing: reduce verbosity of output log
5 years ago
Daniel Nephin 1d90ecc31d Remove unused token parameter
5 years ago
Daniel Nephin ef68e404a5 A little less 'just'
5 years ago
Daniel Nephin 002fc85ef2 Remove unused customEDSClusterJSON
5 years ago
Matt Keeler 028654410c
Ensure server requirements checks are done against ALL known se… (#7491)
5 years ago
Matt Keeler 74a665afc3
Add information about which services are proxied to ui services… (#7417)
5 years ago
Daniel Nephin b5c7d292e4
Merge pull request #7516 from hashicorp/dnephin/remove-unused-method
5 years ago
Daniel Nephin bb8833a2d5 agent: Remove unused Encrypted from interface
5 years ago
Freddy 18d356899c
Enable CLI to register terminating gateways (#7500)
5 years ago
Daniel Nephin 33c7894123
Merge pull request #7498 from hashicorp/dnephin/small-cleanup
5 years ago
Alejandro Baez bafa69bb69
Add PolicyReadByName for API (#6615)
5 years ago
Chris Piraino 136099d834
Fix flakey health check reload test (#7490)
5 years ago
Daniel Nephin 266bdf7465 agent: Remove xdsServer field
5 years ago
Daniel Nephin 326453eaa1 dns: Remove a few unused params
5 years ago
Daniel Nephin 61ec7aa5c9 ci: Run all connect/ca tests from the integration suite
5 years ago
Daniel Nephin f4a35dfd84 ci: Do not skip tests because of missing binaries on CI
5 years ago
Kim Ngo bef693df9c
agent/xds: Update mesh gateway to use service router timeout (#7444)
5 years ago
Matt Keeler 80db61193c
Fix ACL mode advertisement and detection (#7451)
5 years ago
Freddy 709932f088
Update MSP token and filtering (#7431)
5 years ago
Hans Hasselberg 7777891aa6
tls: remove old ciphers (#7282)
5 years ago
R.B. Boyer 85a08bf8ed
server: strip local ACL tokens from RPCs during forwarding if crossing datacenters (#7419)
5 years ago
Kyle Havlovitz 955ee64b95
Merge pull request #7373 from hashicorp/acl-segments-fix
5 years ago
R.B. Boyer 6adad71125
wan federation via mesh gateways (#6884)
5 years ago
Matt Keeler e3891db55b
Gather instance counts of aggregated services (#7415)
5 years ago
Pierre Souchay 864f7efffa
agent: configuration reload preserves check's statuses for services (#7345)
5 years ago
Hans Hasselberg c46e2ae59b
docs: add docs for kv_max_value_size (#7405)
5 years ago
Kim Ngo a8f4123d37
agent/txn_endpoint: configure max txn request length (#7388)
5 years ago
Matt Keeler 7584dfe8c8 Fix session backwards incompatibility with 1.6.x and earlier.
5 years ago
John Cowen e83fb1882c
Adds http_config.response_headers to the UI headers plus tests (#7369)
5 years ago
Pierre Souchay 2300e2d4ba
agent: take Prometheus MIME-type header into account (#7371)
5 years ago
Kyle Havlovitz 7c57837908 Add stub methods for ACL/segment bug fix from enterprise
5 years ago
Hans Hasselberg e05ac57e8f
tls: support tls 1.3 (#7325)
5 years ago
Matt Keeler 861f754dad
Properly detect no alt domain set (#7323)
5 years ago
Matt Keeler 4c9577678e
xDS Mesh Gateway Resolver Subset Fixes (#7294)
5 years ago
rerorero 2630a949f7
fix: Destroying a session that doesn't exist returns status cod… (#6905)
5 years ago
Wim 3a2c865ff6
Fix high cpu usage with IPv6 recursor address. Closes #6120 (#6128)
5 years ago
Chris Piraino 47ff532735
Fixes envoy config when both RetryOn* values are set (#7280)
5 years ago
Lars Lehtonen 6bcd596539
agent/proxycfg: fix dropped error in state.initWatchesMeshGateway() (#7267)
5 years ago
Matt Keeler b137060630
Allow the PolicyResolve and RoleResolve endpoints to process na… (#7296)
5 years ago
Hans Hasselberg 315d57bfb1
agent: sensible keyring error (#7272)
5 years ago
Hans Hasselberg cb0f94487c
config: increase http_max_conns_per_client default to 200 (#7289)
5 years ago
R.B. Boyer 12876983cf
avoid 'panic: Log in goroutine after TestCacheGet_refreshAge has completed' (#7276)
5 years ago
R.B. Boyer 80b1165976
fix use of hclog logger (#7264)
5 years ago
Matt Keeler f523469529
Merge branch 'master' of github.com:hashicorp/consul
5 years ago
hashicorp-ci f0cac9260f
update bindata_assetfs.go
5 years ago
ShimmerGlass 68e0f6bf84
agent: add server raft.{last,applied}_index gauges (#6694)
5 years ago
gaoxinge 216eb29d6b
tests: convert windows style path to posix style path to avoid hcl parsing error (#6351)
5 years ago
Matt Keeler e231d62bc9
Make the config entry and leaf cert cache types ns aware (#7256)
5 years ago
Hans Hasselberg 6739fe6e83
connect: add validations around intermediate cert ttl (#7213)
5 years ago
R.B. Boyer 73ba5d9990
make the TestRPC_RPCMaxConnsPerClient test less flaky (#7255)
5 years ago
Sarah Christoff 6678c8898a
Fix flaky TestAutopilot_BootstrapExpect (#7242)
5 years ago
Kit Patella 55f19a9eb2
rpc: measure blocking queries (#7224)
5 years ago
Akshay Ganeshen 8beb716414
feat: support sending body in HTTP checks (#6602)
5 years ago
Matt Keeler 4f21bbdb4e
OSS Changes for agent local state namespace testing (#7250)
5 years ago
Matt Keeler d0cd092e3b
Catalog + Namespace OSS changes. (#7219)
5 years ago
R.B. Boyer 8c596953b0
agent: ensure that we always use the same settings for msgpack (#7245)
5 years ago
Freddy 01855d8579
Remove outdated TODO (#7244)
5 years ago
Matt Keeler 444517080b
Fix a bug with ACL enforcement of reads on namespaced config entries. (#7239)
5 years ago
Kit Patella 9a220f3010
agent/consul server: fix LeaderTest_ChangeNodeID (#7236)
5 years ago
Matt Keeler 9e5fd7f925
OSS Changes for various config entry namespacing bugs (#7226)
5 years ago
Hans Hasselberg 6a18f01b42
agent: ensure node info sync and full sync. (#7189)
5 years ago
R.B. Boyer 0ecb4538c1
agent: differentiate wan vs lan loggers in memberlist and serf (#7205)
5 years ago
Matt Keeler dceb107325
Fix disco chain graph validation for namespaces (#7217)
5 years ago
Matt Keeler 228da48f5d
Minor Non-Functional Updates (#7215)
5 years ago
Freddy cb77fc6d01
Add managed service provider token (#7218)
5 years ago
Hans Hasselberg f6ec8ed92b
agent: increase watchLimit to 8192. (#7200)
5 years ago
Matt Keeler dfb0177dbc
Testing updates to support namespaced testing of the agent/xds… (#7185)
5 years ago
Davor Kapsa 3cb4def563
auto_encrypt: check previously ignored error (#6604)
5 years ago
hashicorp-ci 1fcf4bfc10 update bindata_assetfs.go
5 years ago
Hans Hasselberg 5531678e9e
Security fixes (#7182)
5 years ago
Matt Keeler d5f9268222
ACL enforcement for the agent/health/services endpoints (#7191)
5 years ago
R.B. Boyer cf29bd4dcf
cli: improve the file safety of 'consul tls' subcommands (#7186)
5 years ago
Matt Keeler d8c0be2c84
agent: add ACL enforcement to the v1/agent/health/service/* endpoints
5 years ago
Matt Keeler 6855a778c2
Updates to the Txn API for namespaces (#7172)
5 years ago
Matt Keeler cf27dff62f
Add some better waits to prevent CA is nil test flakes (#7171)
5 years ago
Matt Keeler 0be862fe46
Small refactoring to move meta parsing into the switch statement (#7170)
5 years ago
Matt Keeler bfc03ec587
Fix a couple bugs regarding intentions with namespaces (#7169)
5 years ago
Matt Keeler 61d8778210
Sync some feature flag support from enterprise (#7167)
5 years ago
R.B. Boyer d78b5008ce
various tweaks on top of the hclog work (#7165)
5 years ago
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130)
5 years ago
Matt Keeler 848938ad48
Output proper HTTP status codes for Txn requests that are too large (#7157)
5 years ago
Kit Patella 0d336edb65
Add accessorID of token when ops are denied by ACL system (#7117)
5 years ago
Anthony Scalisi beb928f8de fix spelling errors (#7135)
5 years ago
hashicorp-ci 1194d2fbb7
update bindata_assetfs.go
5 years ago
Matt Keeler c09693e545
Updates to Config Entries and Connect for Namespaces (#7116)
5 years ago
Matt Keeler bbc2eb1951
Add the v1/catalog/node-services/:node endpoint (#7115)
5 years ago