Commit Graph

120 Commits (ec755b4ba7cdbee391b51750238250948774e741)

Author SHA1 Message Date
Kyle Havlovitz ed87949385
Merge pull request #4400 from hashicorp/leaf-cert-ttl
6 years ago
Kyle Havlovitz ce10de036e
connect/ca: check LeafCertTTL when rotating expired roots
6 years ago
Kyle Havlovitz d6ca015a42
connect/ca: add configurable leaf cert TTL
6 years ago
Mitchell Hashimoto 5bc27feb0b
agent/structs: check is alias if node is empty
6 years ago
Mitchell Hashimoto f0658a0ede
agent/config: support configuring alias check
6 years ago
Kyle Havlovitz 4e5fb6bc19
connect: add provider state to snapshots
6 years ago
Kyle Havlovitz 401b206a2e
Store the time CARoot is rotated out instead of when to prune
7 years ago
Kyle Havlovitz 1492243e0a
connect/ca: add logic for pruning old stale RootCA entries
7 years ago
Matt Keeler 163fe11101 Make sure we omit the Kind value in JSON if empty
7 years ago
Kyle Havlovitz 1a8ac686b2 connect/ca: add the Vault CA provider
7 years ago
Mitchell Hashimoto 7cbbac43a3 agent: clarify comment
7 years ago
Paul Banks 2c21ead80e More test tweaks
7 years ago
Paul Banks 4a54f8f7e3 Fix some tests failures caused by the sorting change and some cuased by previous UpdatePrecedence() change
7 years ago
Mitchell Hashimoto 3c17144fb5 agent/structs: JSON marshal the configuration for a managed proxy
7 years ago
Mitchell Hashimoto 028aa78e83 agent/consul: set precedence value on struct itself
7 years ago
Mitchell Hashimoto daf46c9cfa agent/consul: support a Connect option on prepared query request
7 years ago
Mitchell Hashimoto 440b1b2d97 agent/consul: prepared query supports "Connect" field
7 years ago
Mitchell Hashimoto 1830c6b308 agent: switch ConnectNative to an embedded struct
7 years ago
Mitchell Hashimoto eb3fcb39b3 agent/consul/state: support querying by Connect native
7 years ago
Mitchell Hashimoto 424272361d agent: agent service registration supports Connect native services
7 years ago
Mitchell Hashimoto d6a823ad0d agent/consul: support catalog registration with Connect native
7 years ago
Mitchell Hashimoto 0accfc1628
agent: rename test to check
7 years ago
Mitchell Hashimoto d68462fca6
agent/consul: implement Intention.Test endpoint
7 years ago
Paul Banks c1f2025d96
Return TrustDomain from CARoots RPC
7 years ago
Kyle Havlovitz 6e9f1f8acb
Add more metadata to structs.CARoot
7 years ago
Kyle Havlovitz 627aa80d5a
Use provider state table for a global serial index
7 years ago
Mitchell Hashimoto 965a902474
agent/structs: validate service definitions, port required for proxy
7 years ago
Mitchell Hashimoto 171bf8d599
agent: clean up defaulting of proxy configuration
7 years ago
Mitchell Hashimoto 1a2b28602c
agent: start proxy manager
7 years ago
Mitchell Hashimoto fcd2ab2338
agent/proxy: manager and basic tests, not great coverage yet coming soon
7 years ago
Mitchell Hashimoto 476ea7b04a
agent: start/stop proxies
7 years ago
Mitchell Hashimoto aaa2431350
agent: change connect command paths to be slices, not strings
7 years ago
Paul Banks e0e12e165b
TLS watching integrated into Service with some basic tests.
7 years ago
Kyle Havlovitz edcfdb37af
Fix some inconsistencies around the CA provider code
7 years ago
Paul Banks cd88b2a351
Basic `watch` support for connect proxy config and certificate endpoints.
7 years ago
Kyle Havlovitz 32d1eae28b
Move ConsulCAProviderConfig into structs package
7 years ago
Kyle Havlovitz c6e1b72ccb
Simplify the CA provider interface by moving some logic out
7 years ago
Kyle Havlovitz a325388939
Clarify some comments and names around CA bootstrapping
7 years ago
Mitchell Hashimoto bd3b8e042a
agent/cache: address PR feedback, lots of typos
7 years ago
Mitchell Hashimoto 0f3f3d13ca
agent/cache-types: support intention match queries
7 years ago
Mitchell Hashimoto 9f3dbf7b2a
agent/structs: DCSpecificRequest sets all the proper fields for
7 years ago
Mitchell Hashimoto e3c1162881
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning
7 years ago
Mitchell Hashimoto b0db5657c4
agent/cache: ConnectCA roots caching type
7 years ago
Kyle Havlovitz 33418afd3c
Add cross-signing mechanism to root rotation
7 years ago
Kyle Havlovitz d83fbfc766
Add the root rotation mechanism to the CA config endpoint
7 years ago
Kyle Havlovitz f9d92d795e
Have the built in CA store its state in raft
7 years ago
Kyle Havlovitz ab737ef0f8
Hook the CA RPC endpoint into the provider interface
7 years ago
Paul Banks 36dbd878c9
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
7 years ago
Paul Banks 2a69663448
Agent Connect Proxy config endpoint with hash-based blocking
7 years ago
Paul Banks 3e3f0e1f31
HTTP agent registration allows proxy to be defined.
7 years ago