github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/agent
History
Matt Keeler e4ea9b0a96
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 
Main Changes:

• method signature updates everywhere to account for passing around enterprise meta.
• populate the EnterpriseAuthorizerContext for all ACL related authorizations.
• ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing.
• Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation.

Secondary Changes:

• Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies.
• Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure)
• AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise.
• Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally.
• Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token.
• Added a bunch of ACL test helpers for inserting ACL resource test data.
 		2019-10-24 14:38:09 -04:00
..
ae Add -sidecar-for and new /agent/service/:service_id endpoint (#4691) 2018-10-10 16:55:34 +01:00
agentpb Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
cache agent: cache notifications work after error if the underlying RPC returns index=1 (#6547) 2019-09-26 10:42:17 -05:00
cache-types connect: connect CA Roots in secondary datacenters should use a SigningKeyID derived from their local intermediate (#6513) 2019-09-26 11:54:14 -05:00
checks Checks to passing/critical only after reaching a consecutive success/failure threshold (#5739) 2019-10-14 21:49:49 +01:00
config fix: incorrect struct tag and WaitGroup usage (#6649) 2019-10-18 13:59:29 -04:00
connect Use encoding/json instead of jsonpb even for protobuf types (#6572) 2019-10-02 15:32:15 -04:00
consul Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
debug fix comment typos (#4890) 2018-11-02 12:00:39 -05:00
exec
local Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
metadata New ACLs (#4791) 2018-10-19 12:04:07 -04:00
mock
pool snapshot: add TLS support to HalfCloser interface (#6216) 2019-08-12 12:47:02 -04:00
proxycfg agent: allow mesh gateways to initialize even if there are no connect services registered yet (#6576) 2019-10-17 16:46:49 -05:00
router Do not surface left servers (#6420) 2019-10-08 22:16:00 -05:00
structs Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
systemd
token agent: updates to the agent token trigger anti-entropy full syncs (#6577) 2019-10-04 13:37:34 -05:00
xds Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
acl.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
acl_endpoint.go Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
acl_endpoint_legacy.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
acl_endpoint_legacy_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
acl_endpoint_test.go ACL Token ID Initialization (#5307) 2019-04-30 11:45:36 -04:00
acl_test.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
agent.go Store check type in catalog (#6561) 2019-10-17 20:33:11 +02:00
agent_endpoint.go regression tests for existing agent/ decoding behavior (#6624) 2019-10-22 15:26:24 -07:00
agent_endpoint_test.go Store check type in catalog (#6561) 2019-10-17 20:33:11 +02:00
agent_test.go Store check type in catalog (#6561) 2019-10-17 20:33:11 +02:00
bindata_assetfs.go ui: UI Release Merge (ui-staging merge) (#6527) 2019-09-30 14:47:49 +01:00
blacklist.go
blacklist_test.go
catalog_endpoint.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
catalog_endpoint_test.go Store check type in catalog (#6561) 2019-10-17 20:33:11 +02:00
check.go agent: tolerate more failure scenarios during service registration with central config enabled (#6472) 2019-09-24 10:04:48 -05:00
config.go Make a few config entry endpoints return 404s and allow for snake_case and lowercase key names. (#5748) 2019-04-30 18:19:19 -04:00
config_endpoint.go agent: cache notifications work after error if the underlying RPC returns index=1 (#6547) 2019-09-26 10:42:17 -05:00
config_endpoint_test.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
connect_auth.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
connect_ca_endpoint.go Fix CA pruning when CA config uses string durations. (#4669) 2018-09-13 15:43:00 +01:00
connect_ca_endpoint_test.go connect: Support RSA keys in addition to ECDSA (#6055) 2019-07-30 17:47:39 -04:00
coordinate_endpoint.go
coordinate_endpoint_test.go test: add additional http status code assertions in coordinate HTTP API tests (#6410) 2019-08-29 09:55:05 -05:00
discovery_chain_endpoint.go connect: expose an API endpoint to compile the discovery chain (#6248) 2019-08-02 15:34:54 -05:00
discovery_chain_endpoint_test.go connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340) 2019-08-19 13:03:03 -05:00
dns.go Merge Consul OSS branch 'master' at commit e91f73f592 2019-06-30 02:00:31 +00:00
dns_test.go Merge Consul OSS branch 'master' at commit e91f73f592 2019-06-30 02:00:31 +00:00
enterprise_delegate_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
event_endpoint.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
event_endpoint_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
health_endpoint.go Filter non-passing nodes without modifying cache 2019-04-16 10:29:34 -06:00
health_endpoint_test.go Store check type in catalog (#6561) 2019-10-17 20:33:11 +02:00
http.go Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
http_decode_test.go regression tests for existing agent/ decoding behavior (#6624) 2019-10-22 15:26:24 -07:00
http_oss.go Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
http_oss_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
http_register.go Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
http_test.go sdk: add freelist tracking and ephemeral port range skipping to freeport 2019-09-17 14:30:43 -05:00
intentions_endpoint.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
intentions_endpoint_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
keyring.go add flag to allow /operator/keyring requests to only hit local servers (#6279) 2019-08-12 11:11:11 -07:00
keyring_test.go test: ensure all TestAgent constructions use a constructor (#6443) 2019-09-05 10:24:36 -07:00
kvs_endpoint.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
kvs_endpoint_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
notify.go Fixes memory leak when blocking on /event/list (#4482) 2018-08-02 14:54:48 +01:00
notify_test.go Fixes memory leak when blocking on /event/list (#4482) 2018-08-02 14:54:48 +01:00
operator_endpoint.go add flag to allow /operator/keyring requests to only hit local servers (#6279) 2019-08-12 11:11:11 -07:00
operator_endpoint_test.go add flag to allow /operator/keyring requests to only hit local servers (#6279) 2019-08-12 11:11:11 -07:00
prepared_query_endpoint.go Support Agent Caching for Service Discovery Results (#4541) 2018-10-10 16:55:34 +01:00
prepared_query_endpoint_test.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
remote_exec.go
remote_exec_test.go Update retries that weren't using retry.R (#6146) 2019-07-16 14:47:45 -06:00
retry_join.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
retry_join_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
service_checks_test.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
service_manager.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
service_manager_test.go agent: tolerate more failure scenarios during service registration with central config enabled (#6472) 2019-09-24 10:04:48 -05:00
session_endpoint.go
session_endpoint_test.go tests: actually have TestSessionTTLRenew sleep during execution (#5669) 2019-04-17 15:52:23 -05:00
sidecar_service.go Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
sidecar_service_test.go test: don't leak agent goroutines in TestAgent_sidecarServiceFromNodeService (#6396) 2019-08-26 15:19:59 -05:00
signal_unix.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
signal_windows.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
snapshot_endpoint.go
snapshot_endpoint_test.go add wait to TestSnapshot 2019-02-22 17:34:45 -05:00
status_endpoint.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
status_endpoint_test.go Fix flaky tests (#6229) 2019-07-29 15:07:25 -04:00
testagent.go Add support for parameterizing the ACL config used with a TestA… (#6559) 2019-09-27 17:06:43 -04:00
testagent_test.go
translate_addr.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
txn_endpoint.go txn: don't try to decode request bodies > raft.SuggestedMaxDataSize (#6422) 2019-08-30 10:41:25 -07:00
txn_endpoint_test.go txn: don't try to decode request bodies > raft.SuggestedMaxDataSize (#6422) 2019-08-30 10:41:25 -07:00
ui_endpoint.go Implement Kind based ServiceDump and caching of the ServiceDump RPC 2019-07-01 16:28:30 -04:00
ui_endpoint_test.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
user_event.go
user_event_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
util.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
util_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
watch_handler.go Move the watch package into the api module (#5664) 2019-04-26 12:33:01 -04:00
watch_handler_test.go Move the watch package into the api module (#5664) 2019-04-26 12:33:01 -04:00