consul

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

consul api-gateway kubernetes ecs service-discovery service-mesh vault

Tree: 77daebd3f8

History

Michael Zalimeni d9206fc7e2 [NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816 ) mesh: add options for HTTP incoming request normalization Expose global mesh configuration to enforce inbound HTTP request normalization on mesh traffic via Envoy xDS config. mesh: enable inbound URL path normalization by default mesh: add support for L7 header match contains and ignore_case Enable partial string and case-insensitive matching in L7 intentions header match rules. ui: support L7 header match contains and ignore_case Co-authored-by: Phil Renaud <phil@riotindustries.com> test: add request normalization integration bats tests Add both "positive" and "negative" test suites, showing normalization in action as well as expected results when it is not enabled, for the same set of test cases. Also add some alternative service container test helpers for verifying raw HTTP request paths, which is difficult to do with Fortio. docs: update security and reference docs for L7 intentions bypass prevention - Update security docs with best practices for service intentions configuration - Update configuration entry references for mesh and intentions to reflect new values and add guidance on usage		1 month ago
..
ae	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
auto-config	…
blockingquery	…
cache	…
cache-types	…
cacheshim	…
checks	…
config	Update raft to 1.7.0 and add configuration for prevote (#21758 )	2 months ago
configentry	…
connect	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
consul	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
debug	…
dns	…
envoyextensions	…
exec	…
grpc-external	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
grpc-internal	…
grpc-middleware	…
hcp	…
leafcert	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
local	…
log-drop	…
metadata	…
metrics	…
mock	…
pool	…
proxycfg	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
proxycfg-glue	…
proxycfg-sources	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
router	…
routine-leak-checker	…
rpc	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
rpcclient	…
structs	[NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816 )	1 month ago
submatview	…
systemd	…
token	…
uiserver	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
xds	[NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816 )	1 month ago
acl.go	…
acl_ce.go	…
acl_endpoint.go	…
acl_endpoint_test.go	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
acl_test.go	…
agent.go	Update raft to 1.7.0 and add configuration for prevote (#21758 )	2 months ago
agent_ce.go	…
agent_ce_test.go	…
agent_endpoint.go	…
agent_endpoint_ce.go	…
agent_endpoint_ce_test.go	…
agent_endpoint_test.go	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
agent_test.go	…
apiserver.go	…
apiserver_test.go	…
catalog_endpoint.go	…
catalog_endpoint_ce.go	…
catalog_endpoint_test.go	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
check.go	…
config_endpoint.go	…
config_endpoint_test.go	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
connect_ca_endpoint.go	…
connect_ca_endpoint_test.go	…
coordinate_endpoint.go	…
coordinate_endpoint_test.go	…
delegate_mock_test.go	…
denylist.go	…
denylist_test.go	…
discovery_chain_endpoint.go	…
discovery_chain_endpoint_test.go	…
dns.go	…
dns_ce.go	…
dns_ce_test.go	…
dns_node_lookup_test.go	…
dns_reverse_lookup_test.go	…
dns_service_lookup_test.go	…
dns_test.go	…
enterprise_delegate_ce.go	…
event_endpoint.go	…
event_endpoint_test.go	…
federation_state_endpoint.go	…
health_endpoint.go	…
health_endpoint_ce_test.go	…
health_endpoint_test.go	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
http.go	[Security] Fix XSS Vulnerability where content-type header wasn't explicitly set (#21704 )	2 months ago
http_ce.go	…
http_ce_test.go	…
http_decode_test.go	…
http_register.go	…
http_test.go	[Security] Fix XSS Vulnerability where content-type header wasn't explicitly set (#21704 )	2 months ago
intentions_endpoint.go	…
intentions_endpoint_ce_test.go	…
intentions_endpoint_test.go	…
keyring.go	…
keyring_test.go	…
kvs_endpoint.go	…
kvs_endpoint_test.go	…
metrics.go	…
metrics_test.go	…
nodeid.go	…
nodeid_test.go	…
notify.go	…
notify_test.go	…
operator_endpoint.go	…
operator_endpoint_ce.go	…
operator_endpoint_ce_test.go	…
operator_endpoint_test.go	…
peering_endpoint.go	…
peering_endpoint_ce_test.go	…
peering_endpoint_test.go	…
prepared_query_endpoint.go	…
prepared_query_endpoint_test.go	…
proxycfg_test.go	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
reload.go	…
remote_exec.go	…
remote_exec_test.go	…
retry_join.go	…
retry_join_test.go	…
service_checks_test.go	…
service_manager.go	…
service_manager_test.go	…
session_endpoint.go	…
session_endpoint_test.go	…
setup.go	…
setup_ce.go	…
sidecar_service.go	…
sidecar_service_test.go	…
signal_unix.go	…
signal_windows.go	…
snapshot_endpoint.go	…
snapshot_endpoint_test.go	…
status_endpoint.go	…
status_endpoint_test.go	…
streaming_test.go	…
testagent.go	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
testagent_test.go	…
translate_addr.go	…
txn_endpoint.go	…
txn_endpoint_test.go	…
ui_endpoint.go	…
ui_endpoint_ce_test.go	…
ui_endpoint_test.go	remove v2 tenancy, catalog, and mesh (#21592 )	3 months ago
user_event.go	…
user_event_test.go	…
util.go	…
util_test.go	…
watch_handler.go	…
watch_handler_test.go	…