Commit Graph

364 Commits (b86c018a19f317798bb277482f11b83ee081d4fc)

Author SHA1 Message Date
Kyle Havlovitz 401b206a2e
Store the time CARoot is rotated out instead of when to prune
6 years ago
Kyle Havlovitz 1492243e0a
connect/ca: add logic for pruning old stale RootCA entries
6 years ago
Matt Keeler 163fe11101 Make sure we omit the Kind value in JSON if empty
7 years ago
Kyle Havlovitz 1a8ac686b2 connect/ca: add the Vault CA provider
7 years ago
Mitchell Hashimoto 7cbbac43a3 agent: clarify comment
7 years ago
Paul Banks 2c21ead80e More test tweaks
7 years ago
Paul Banks 4a54f8f7e3 Fix some tests failures caused by the sorting change and some cuased by previous UpdatePrecedence() change
7 years ago
Mitchell Hashimoto 3c17144fb5 agent/structs: JSON marshal the configuration for a managed proxy
7 years ago
Mitchell Hashimoto 028aa78e83 agent/consul: set precedence value on struct itself
7 years ago
Mitchell Hashimoto daf46c9cfa agent/consul: support a Connect option on prepared query request
7 years ago
Mitchell Hashimoto 440b1b2d97 agent/consul: prepared query supports "Connect" field
7 years ago
Mitchell Hashimoto 1830c6b308 agent: switch ConnectNative to an embedded struct
7 years ago
Mitchell Hashimoto eb3fcb39b3 agent/consul/state: support querying by Connect native
7 years ago
Mitchell Hashimoto 424272361d agent: agent service registration supports Connect native services
7 years ago
Mitchell Hashimoto d6a823ad0d agent/consul: support catalog registration with Connect native
7 years ago
Mitchell Hashimoto 0accfc1628
agent: rename test to check
7 years ago
Mitchell Hashimoto d68462fca6
agent/consul: implement Intention.Test endpoint
7 years ago
Paul Banks c1f2025d96
Return TrustDomain from CARoots RPC
7 years ago
Kyle Havlovitz 6e9f1f8acb
Add more metadata to structs.CARoot
7 years ago
Kyle Havlovitz 627aa80d5a
Use provider state table for a global serial index
7 years ago
Mitchell Hashimoto 965a902474
agent/structs: validate service definitions, port required for proxy
7 years ago
Mitchell Hashimoto 171bf8d599
agent: clean up defaulting of proxy configuration
7 years ago
Mitchell Hashimoto 1a2b28602c
agent: start proxy manager
7 years ago
Mitchell Hashimoto fcd2ab2338
agent/proxy: manager and basic tests, not great coverage yet coming soon
7 years ago
Mitchell Hashimoto 476ea7b04a
agent: start/stop proxies
7 years ago
Mitchell Hashimoto aaa2431350
agent: change connect command paths to be slices, not strings
7 years ago
Paul Banks e0e12e165b
TLS watching integrated into Service with some basic tests.
7 years ago
Kyle Havlovitz edcfdb37af
Fix some inconsistencies around the CA provider code
7 years ago
Paul Banks cd88b2a351
Basic `watch` support for connect proxy config and certificate endpoints.
7 years ago
Kyle Havlovitz 32d1eae28b
Move ConsulCAProviderConfig into structs package
7 years ago
Kyle Havlovitz c6e1b72ccb
Simplify the CA provider interface by moving some logic out
7 years ago
Kyle Havlovitz a325388939
Clarify some comments and names around CA bootstrapping
7 years ago
Mitchell Hashimoto bd3b8e042a
agent/cache: address PR feedback, lots of typos
7 years ago
Mitchell Hashimoto 0f3f3d13ca
agent/cache-types: support intention match queries
7 years ago
Mitchell Hashimoto 9f3dbf7b2a
agent/structs: DCSpecificRequest sets all the proper fields for
7 years ago
Mitchell Hashimoto e3c1162881
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning
7 years ago
Mitchell Hashimoto b0db5657c4
agent/cache: ConnectCA roots caching type
7 years ago
Kyle Havlovitz 33418afd3c
Add cross-signing mechanism to root rotation
7 years ago
Kyle Havlovitz d83fbfc766
Add the root rotation mechanism to the CA config endpoint
7 years ago
Kyle Havlovitz f9d92d795e
Have the built in CA store its state in raft
7 years ago
Kyle Havlovitz ab737ef0f8
Hook the CA RPC endpoint into the provider interface
7 years ago
Paul Banks 36dbd878c9
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
7 years ago
Paul Banks 2a69663448
Agent Connect Proxy config endpoint with hash-based blocking
7 years ago
Paul Banks 3e3f0e1f31
HTTP agent registration allows proxy to be defined.
7 years ago
Paul Banks e6071051cf
Added connect proxy config and local agent state setup on boot.
7 years ago
Paul Banks ed9f07c361
Allow duplicate source or destination, but enforce uniqueness across all four.
7 years ago
Mitchell Hashimoto 95da20ffd7
agent: rename authorize param ClientID to ClientCertURI
7 years ago
Mitchell Hashimoto 6dc2db94ea
agent/structs: String format for Intention, used for logging
7 years ago
Mitchell Hashimoto 86a8ce45b9
agent: /v1/agent/connect/authorize is functional, with tests
7 years ago
Paul Banks 9309422fd9
Add Connect agent, catalog and health endpoints to api Client
7 years ago
Mitchell Hashimoto a54d1af421
agent/consul: encode issued cert serial number as hex encoded
7 years ago
Mitchell Hashimoto 4210003c86
agent/structs: hide some fields from JSON
7 years ago
Mitchell Hashimoto 63d674d07d
agent: /v1/connect/ca/configuration PUT for setting configuration
7 years ago
Mitchell Hashimoto c2588262b7
agent: /v1/connect/ca/leaf/:service_id
7 years ago
Mitchell Hashimoto e40afd6a73
agent/consul: CAS operations for setting the CA root
7 years ago
Mitchell Hashimoto 891cd22ad9
agent/consul: key the public key of the CSR, verify in test
7 years ago
Mitchell Hashimoto d768d5e9a7
agent/consul: test for ConnectCA.Sign
7 years ago
Mitchell Hashimoto f4ec28bfe3
agent/consul: basic sign endpoint not tested yet
7 years ago
Mitchell Hashimoto 6d294b6bb4
agent/structs: json omit QueryMeta
7 years ago
Mitchell Hashimoto 130098b7b5
agent/consul/state: CARoot structs and initial state store
7 years ago
Mitchell Hashimoto 6313bc5615
agent: clarified a number of comments per PR feedback
7 years ago
Mitchell Hashimoto 3b07686648
agent: remove ConnectProxyServiceName
7 years ago
Mitchell Hashimoto 2feef5f7a3
agent/consul: require name for proxies
7 years ago
Mitchell Hashimoto 125fb96ff1
agent/structs: tests for PartialClone and IsSame for proxy fields
7 years ago
Mitchell Hashimoto 9781cb1ace
agent/local: anti-entropy for connect proxy services
7 years ago
Mitchell Hashimoto e01914a025
agent/consul: Catalog.ServiceNodes supports Connect filtering
7 years ago
Mitchell Hashimoto 0c0c0a58e7
agent/consul: proxy registration and tests
7 years ago
Mitchell Hashimoto 6e257ea51c
agent: /v1/catalog/service/:service works with proxies
7 years ago
Mitchell Hashimoto 21c6fc623a
agent/consul/state: service registration with proxy works
7 years ago
Mitchell Hashimoto 9dc8aa0fb3
agent/consul,structs: add tests for ACL filter and prefix for intentions
7 years ago
Mitchell Hashimoto a67ff1c0dc
agent/consul: Basic ACL on Intention.Apply
7 years ago
Mitchell Hashimoto 0719ff6905
agent: convert all intention tests to testify/assert
7 years ago
Mitchell Hashimoto 70858598e4
agent: use testing intention to get valid intentions
7 years ago
Mitchell Hashimoto ab4ea3efb4
agent/consul: set default intention SourceType, validate it
7 years ago
Mitchell Hashimoto d92993f75b
agent/structs: Intention validation
7 years ago
Mitchell Hashimoto 82a50245e0
agent/consul: support intention description, meta is non-nil
7 years ago
Mitchell Hashimoto a9743f4f15
agent,agent/consul: set default namespaces
7 years ago
Mitchell Hashimoto 93de03fe8b
agent/consul: RPC endpoint for Intention.Match
7 years ago
Mitchell Hashimoto 377479c01a
agent/structs: IntentionPrecedenceSorter for sorting based on precedence
7 years ago
Mitchell Hashimoto 274bfdd864
agent: POST /v1/connect/intentions
7 years ago
Mitchell Hashimoto e8c4156f07
agent/consul: Intention.Get endpoint
7 years ago
Mitchell Hashimoto 9e307e178e
agent/consul: Intention.Apply, FSM methods, very little validation
7 years ago
Mitchell Hashimoto 212a272989
agent/consul: start Intention RPC endpoints, starting with List
7 years ago
Mitchell Hashimoto cc8a6f7f15
agent/consul/state: initial work on intentions memdb table
7 years ago
Wim 5c04864b28 Add support for reverse lookup of services
7 years ago
Kyle Havlovitz b73323aa42
Remove the script field from checks in favor of args
7 years ago
Matt Keeler d926679278
Merge pull request #4023 from hashicorp/f-near-ip
7 years ago
Matt Keeler 45a537def9 GH-3798: Add near=_ip support for prepared queries
7 years ago
Paul Banks 0d8993e338
Allow ignoring checks by ID when defining a PreparedQuery. Fixes #3727.
7 years ago
Preetha a67d27c756
Adds discovery_max_stale (#4004)
7 years ago
Preetha Appan c7581d68c6
Renames agent API layer for service metadata to "meta" for consistency
7 years ago
Pierre Souchay b259b1609c Merge remote-tracking branch 'origin/master' into service_metadata
7 years ago
Pierre Souchay 66fdf445e8 Added unit tests for structs and fixed PartialClone()
7 years ago
James Phillips c2a59f1e6c
Addresses additional state mutations.
7 years ago
Pierre Souchay 80dde5465b Added support for Service Metadata
7 years ago
James Phillips 5f31c8d8d3
Changes "TLS" to "GRPCUseTLS" since it only applies to GRPC checks.
7 years ago
Dmytro Kostiuchenko 1a10b08e82 Add gRPC health-check #3073
7 years ago
Kyle Havlovitz de28555671
Move autopilot to a standalone package
7 years ago
Kyle Havlovitz d3dd2b1402
Move check definition to a sub-struct
7 years ago
Kyle Havlovitz ce4e8c46fa
Add deregister critical service field and refactor duration parsing
7 years ago
Kyle Havlovitz d56936e27a
Added remaining HTTP health check fields to structs
7 years ago
Kyle Havlovitz a7c42a6c2a
Expose SkipNodeUpdate field and some health check info in the http api
7 years ago
preetapan 77c972f594 Fixes agent error handling when check definition is invalid. Distingu… (#3560)
7 years ago
James Phillips bb12368eac Makes RPC handling more robust when rolling servers. (#3561)
7 years ago
James Phillips 3bc6df5f0e
Adds script warning and fixes Docker args recognition.
7 years ago
Kyle Havlovitz 198ed6076d Clean up subprocess handling and make shell use optional (#3509)
7 years ago
Preetha Appan 3c4a108769 Move Raft protocol version for list peers end point to server side, fix unit tests. This fixes #3449
7 years ago
Frank Schröder 12216583a1 New config parser, HCL support, multiple bind addrs (#3480)
7 years ago
James Phillips 00605c0214
Shows the segment name in the keyring API and command output.
7 years ago
James Phillips 9258506dab Adds simple rate limiting for client agent RPC calls to Consul servers. (#3440)
7 years ago
Kyle Havlovitz 62102a537e
Organize segments for a cleaner split between enterprise and OSS
7 years ago
Kyle Havlovitz d129767657
Add agent.segment interpolation to prepared queries
7 years ago
James Phillips b1a15e0c3d
Adds open source side of network segments (feature is Enterprise-only).
7 years ago
Frank Schroeder 1acff3533e
agent: move agent/consul/structs to agent/structs
7 years ago