github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/agent
History
Hans Hasselberg 42eec33b0e
Update HCP bootstrapping to support existing clusters 1.15.x version (#17305) 
* Persist HCP management token from server config

We want to move away from injecting an initial management token into
Consul clusters linked to HCP. The reasoning is that by using a separate
class of token we can have more flexibility in terms of allowing HCP's
token to co-exist with the user's management token.

Down the line we can also more easily adjust the permissions attached to
HCP's token to limit it's scope.

With these changes, the cloud management token is like the initial
management token in that iit has the same global management policy and
if it is created it effectively bootstraps the ACL system.

* Update SDK and mock HCP server

The HCP management token will now be sent in a special field rather than
as Consul's "initial management" token configuration.

This commit also updates the mock HCP server to more accurately reflect
the behavior of the CCM backend.

* Refactor HCP bootstrapping logic and add tests

We want to allow users to link Consul clusters that already exist to
HCP. Existing clusters need care when bootstrapped by HCP, since we do
not want to do things like change ACL/TLS settings for a running
cluster.

Additional changes:

* Deconstruct MaybeBootstrap so that it can be tested. The HCP Go SDK
  requires HTTPS to fetch a token from the Auth URL, even if the backend
  server is mocked. By pulling the hcp.Client creation out we can modify
  its TLS configuration in tests while keeping the secure behavior in
  production code.

* Add light validation for data received/loaded.

* Sanitize initial_management token from received config, since HCP will
  only ever use the CloudConfig.MangementToken.

* Add changelog entry

---------

Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
 		2023-05-12 23:01:18 +02:00
..
ae
auto-config Protobuf Modernization (#15949) 2023-01-11 09:39:10 -05:00
cache Revert "cache: refactor agent cache fetching to prevent unnecessary f… (#16818) 2023-03-30 11:16:33 -05:00
cache-types [OSS] Add Peer field to service-defaults upstream overrides (#15956) 2023-02-03 10:51:53 -05:00
checks ci: remove test-integrations CircleCI workflow (#16928) (#17049) 2023-04-19 11:28:59 -06:00
config Update HCP bootstrapping to support existing clusters 1.15.x version (#17305) 2023-05-12 23:01:18 +02:00
configentry [1.15.x] peering: ensure that merged central configs of peered upstreams for partitioned downstreams work (#17181) 2023-04-28 16:04:51 -05:00
connect ci: remove test-integrations CircleCI workflow (#16928) (#17049) 2023-04-19 11:28:59 -06:00
consul Update HCP bootstrapping to support existing clusters 1.15.x version (#17305) 2023-05-12 23:01:18 +02:00
debug
dns
envoyextensions Revert "feat: envoy extension - http local rate limit (#16196)" (#16373) 2023-02-22 14:59:53 -05:00
exec
grpc-external Backport of Fix issue with peer stream node cleanup. into release/1.15.x (#17247) 2023-05-08 15:32:35 -05:00
grpc-internal [1.15.x] grpc: ensure grpc resolver correctly uses lan/wan addresses on servers (#17285) 2023-05-11 11:11:05 -05:00
grpc-middleware Protobuf Modernization (#15949) 2023-01-11 09:39:10 -05:00
hcp Update HCP bootstrapping to support existing clusters 1.15.x version (#17305) 2023-05-12 23:01:18 +02:00
local Use agent token for service/check deregistration during anti-entropy (#16097) 2023-02-03 08:45:11 -06:00
log-drop inject logger and create logdrop sink (#15822) 2023-01-06 11:33:53 -07:00
metadata
metrics emit metrics for global rate limiting (#15891) 2023-01-06 17:49:33 -06:00
mock
pool Use rpcHoldTimeout to calculate blocking timeout (#15541) 2022-11-24 10:13:02 -05:00
proxycfg backport PR 15979 to 1.15.x (#17208) 2023-05-09 17:25:50 -07:00
proxycfg-glue backport of commit 4bb7d00c22 (#17210) 2023-05-02 20:46:53 +00:00
proxycfg-sources Backport of proxycfg: ensure that an irrecoverable error in proxycfg closes the xds session and triggers a replacement proxycfg watcher into release/1.15.x (#16529) 2023-03-03 21:00:25 +00:00
router Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
routine-leak-checker removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
rpc [1.15.x] grpc: ensure grpc resolver correctly uses lan/wan addresses on servers (#17285) 2023-05-11 11:11:05 -05:00
rpcclient/health Backport of Fix resolution of service resolvers with subsets for external upstreams into release/1.15.x (#16525) 2023-03-03 19:44:50 +00:00
structs backport PR 15979 to 1.15.x (#17208) 2023-05-09 17:25:50 -07:00
submatview xds: don't attempt to load-balance sessions for local proxies (#15789) 2023-01-18 12:33:21 -06:00
systemd
token Add new config_file_service_registration token (#15828) 2023-01-10 10:24:02 -06:00
uiserver removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
xds backport PR 15979 to 1.15.x (#17208) 2023-05-09 17:25:50 -07:00
acl.go Output user-friendly name for anonymous token (#15884) 2023-01-09 12:28:53 -06:00
acl_endpoint.go ACL error improvements: incomplete bootstrapping and non-existent token (#16105) 2023-02-08 23:49:44 +00:00
acl_endpoint_test.go ACL error improvements: incomplete bootstrapping and non-existent token (#16105) 2023-02-08 23:49:44 +00:00
acl_oss.go
acl_test.go revert method name change in xds server protocol for version compatibility (#16195) 2023-02-07 14:19:09 -06:00
agent.go Update HCP bootstrapping to support existing clusters 1.15.x version (#17305) 2023-05-12 23:01:18 +02:00
agent_endpoint.go refactor: remove troubleshoot module dependency on consul top level module (#16162) 2023-02-06 09:14:35 -08:00
agent_endpoint_oss.go Apply agent partition to load services and agent api (#16024) 2023-01-20 12:59:26 -05:00
agent_endpoint_oss_test.go
agent_endpoint_test.go Backport of Refactor xDS tests into release/1.15.x (#16741) 2023-03-22 20:51:58 +00:00
agent_oss.go
agent_oss_test.go feat: add reporting config with reload (#16977) 2023-04-13 11:42:08 -04:00
agent_test.go Revert "cache: refactor agent cache fetching to prevent unnecessary f… (#16818) 2023-03-30 11:16:33 -05:00
apiserver.go
apiserver_test.go
catalog_endpoint.go Add the `operator usage instances` command and api endpoint (#16205) 2023-02-08 12:07:21 -08:00
catalog_endpoint_oss.go
catalog_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
check.go
config_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
config_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
connect_auth.go
connect_ca_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
connect_ca_endpoint_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
coordinate_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
coordinate_endpoint_test.go Backport of [OSS] security: update go to 1.20.1 into release/1.15.x (#16314) 2023-02-17 21:00:25 +00:00
delegate_mock_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
denylist.go
denylist_test.go
discovery_chain_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
discovery_chain_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
dns.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
dns_oss.go Add peering `.service` and `.node` DNS lookups. (#15596) 2022-11-29 12:23:18 -06:00
dns_oss_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
dns_test.go backport of commit 20cd7f1f48 (#16510) 2023-03-02 21:17:22 +00:00
enterprise_delegate_oss.go
event_endpoint.go
event_endpoint_test.go Warn when the token query param is used for auth (#16009) 2023-01-24 16:21:41 +00:00
federation_state_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
health_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
health_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
http.go Warn when the token query param is used for auth (#16009) 2023-01-24 16:21:41 +00:00
http_decode_test.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
http_oss.go
http_oss_test.go
http_register.go Add the `operator usage instances` command and api endpoint (#16205) 2023-02-08 12:07:21 -08:00
http_test.go Backport of fix: add tls config to unix socket when https is used into release/1.15.x (#16336) 2023-02-21 13:43:27 +00:00
intentions_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
intentions_endpoint_oss_test.go
intentions_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
keyring.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
keyring_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
kvs_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
kvs_endpoint_test.go
metrics.go
metrics_test.go backport of commit 1180908144 (#16389) 2023-02-23 16:15:21 +00:00
nodeid.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
nodeid_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
notify.go
notify_test.go
operator_endpoint.go Add the `operator usage instances` command and api endpoint (#16205) 2023-02-08 12:07:21 -08:00
operator_endpoint_oss.go
operator_endpoint_oss_test.go Add the `operator usage instances` command and api endpoint (#16205) 2023-02-08 12:07:21 -08:00
operator_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
peering_endpoint.go
peering_endpoint_oss_test.go
peering_endpoint_test.go [1.15.x] grpc: ensure grpc resolver correctly uses lan/wan addresses on servers (#17285) 2023-05-11 11:11:05 -05:00
prepared_query_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
prepared_query_endpoint_test.go Backport of [OSS] security: update go to 1.20.1 into release/1.15.x (#16314) 2023-02-17 21:00:25 +00:00
proxycfg_test.go Backport of Refactor xDS tests into release/1.15.x (#16741) 2023-03-22 20:51:58 +00:00
reload.go
remote_exec.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
remote_exec_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
retry_join.go Deprecate -join and -join-wan (#15598) 2022-12-14 20:28:25 +00:00
retry_join_test.go
service_checks_test.go Service http checks data source for agentless proxies (#14924) 2022-10-12 07:49:56 -07:00
service_manager.go [OSS] Add Peer field to service-defaults upstream overrides (#15956) 2023-02-03 10:51:53 -05:00
service_manager_test.go [OSS] Add Peer field to service-defaults upstream overrides (#15956) 2023-02-03 10:51:53 -05:00
session_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
session_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
setup.go [1.15.x] grpc: ensure grpc resolver correctly uses lan/wan addresses on servers (#17285) 2023-05-11 11:11:05 -05:00
setup_oss.go
sidecar_service.go
sidecar_service_test.go Backport of Refactor xDS tests into release/1.15.x (#16741) 2023-03-22 20:51:58 +00:00
signal_unix.go
signal_windows.go
snapshot_endpoint.go
snapshot_endpoint_test.go Warn when the token query param is used for auth (#16009) 2023-01-24 16:21:41 +00:00
status_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
status_endpoint_test.go
streaming_test.go
testagent.go Revert "cache: refactor agent cache fetching to prevent unnecessary f… (#16818) 2023-03-30 11:16:33 -05:00
testagent_test.go
translate_addr.go
txn_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
txn_endpoint_test.go Backport of [OSS] security: update go to 1.20.1 into release/1.15.x (#16314) 2023-02-17 21:00:25 +00:00
ui_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
ui_endpoint_oss_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
ui_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
user_event.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
user_event_test.go Add new config_file_service_registration token (#15828) 2023-01-10 10:24:02 -06:00
util.go
util_test.go
watch_handler.go
watch_handler_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00