consul/agent/config/testdata/full-config.hcl

813 lines
22 KiB
HCL
Raw Normal View History

# Copyright (c) HashiCorp, Inc.
[COMPLIANCE] License changes (#18443) * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-08-11 13:12:13 +00:00
# SPDX-License-Identifier: BUSL-1.1
acl_agent_master_token = "furuQD0b"
acl_agent_token = "cOshLOQ2"
acl_datacenter = "m3urck3z"
acl_default_policy = "ArK3WIfE"
acl_down_policy = "vZXMfMP0"
acl_enable_key_list_policy = true
acl_master_token = "C1Q1oIwh"
acl_replication_token = "LMmgy5dO"
acl_token = "O1El0wan"
acl_ttl = "18060s"
acl = {
enabled = true
down_policy = "03eb2aee"
default_policy = "72c2e7a0"
enable_key_list_policy = true
enable_token_persistence = true
policy_ttl = "1123s"
role_ttl = "9876s"
token_ttl = "3321s"
enable_token_replication = true
msp_disable_bootstrap = true
tokens = {
master = "8a19ac27",
initial_management = "3820e09a",
agent_master = "64fd0e08",
agent_recovery = "1dba6aba",
replication = "5795983a",
agent = "bed2377c",
default = "418fdff1",
managed_service_provider = [
{
accessor_id = "first",
secret_id = "fb0cee1f-2847-467c-99db-a897cff5fd4d"
},
{
accessor_id = "second",
secret_id = "1046c8da-e166-4667-897a-aefb343db9db"
}
]
}
}
addresses = {
dns = "93.95.95.81"
http = "83.39.91.39"
https = "95.17.17.19"
grpc = "32.31.61.91"
grpc_tls = "23.14.88.19"
}
advertise_addr = "17.99.29.16"
advertise_addr_wan = "78.63.37.19"
advertise_reconnect_timeout = "0s"
audit = {
enabled = true
}
auto_config = {
enabled = false
intro_token = "OpBPGRwt"
intro_token_file = "gFvAXwI8"
dns_sans = ["6zdaWg9J"]
ip_sans = ["198.18.99.99"]
server_addresses = ["198.18.100.1"]
authorization = {
enabled = true
static {
allow_reuse = true
claim_mappings = {
node = "node"
}
list_claim_mappings = {
foo = "bar"
}
bound_issuer = "consul"
bound_audiences = ["consul-cluster-1"]
claim_assertions = ["value.node == \"${node}\""]
jwt_validation_pub_keys = ["-----BEGIN PUBLIC KEY-----\nMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAERVchfCZng4mmdvQz1+sJHRN40snC\nYt8NjYOnbnScEXMkyoUmASr88gb7jaVAVt3RYASAbgBjB2Z+EUizWkx5Tg==\n-----END PUBLIC KEY-----"]
}
}
}
autopilot = {
cleanup_dead_servers = true
disable_upgrade_migration = true
last_contact_threshold = "12705s"
max_trailing_logs = 17849
min_quorum = 3
redundancy_zone_tag = "3IsufDJf"
server_stabilization_time = "23057s"
upgrade_version_tag = "W9pDwFAL"
}
bind_addr = "16.99.34.17"
bootstrap_expect = 53
cache = {
entry_fetch_max_burst = 42
entry_fetch_rate = 0.334
},
use_streaming_backend = true
ca_file = "erA7T0PM"
ca_path = "mQEN1Mfp"
cert_file = "7s4QAzDk"
check = {
id = "fZaCAXww"
name = "OOM2eo0f"
notes = "zXzXI9Gt"
service_id = "L8G0QNmR"
token = "oo4BCTgJ"
status = "qLykAl5u"
args = ["f3BemRjy", "e5zgpef7"]
http = "29B93haH"
header = {
hBq0zn1q = [ "2a9o9ZKP", "vKwA5lR6" ]
f3r6xFtM = [ "RyuIdDWv", "QbxEcIUM" ]
}
method = "Dou0nGT5"
body = "5PBQd2OT"
disable_redirects = true
tcp = "JY6fTTcw"
h2ping = "rQ8eyCSF"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "18714s"
output_max_size = 4096
docker_container_id = "qF66POS9"
shell = "sOnDy228"
2022-06-07 17:27:14 +00:00
os_service = "aZaCAXww"
tls_server_name = "7BdnzBYk"
tls_skip_verify = true
timeout = "5954s"
deregister_critical_service_after = "13209s"
},
checks = [
{
id = "uAjE6m9Z"
name = "QsZRGpYr"
notes = "VJ7Sk4BY"
service_id = "lSulPcyz"
token = "toO59sh8"
status = "9RlWsXMV"
args = ["4BAJttck", "4D2NPtTQ"]
http = "dohLcyQ2"
header = {
"ZBfTin3L" = [ "1sDbEqYG", "lJGASsWK" ]
"Ui0nU99X" = [ "LMccm3Qe", "k5H5RggQ" ]
}
method = "aldrIQ4l"
body = "wSjTy7dg"
disable_redirects = true
tcp = "RJQND605"
h2ping = "9N1cSb5B"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "22164s"
output_max_size = 4096
docker_container_id = "ipgdFtjd"
shell = "qAeOYy0M"
2022-06-07 17:27:14 +00:00
os_service = "aAjE6m9Z"
tls_server_name = "bdeb5f6a"
tls_skip_verify = true
timeout = "1813s"
deregister_critical_service_after = "14232s"
},
{
id = "Cqq95BhP"
name = "3qXpkS0i"
notes = "sb5qLTex"
service_id = "CmUUcRna"
token = "a3nQzHuy"
status = "irj26nf3"
args = ["9s526ogY", "gSlOHj1w"]
http = "yzhgsQ7Y"
header = {
"zcqwA8dO" = [ "qb1zx0DL", "sXCxPFsD" ]
"qxvdnSE9" = [ "6wBPUYdF", "YYh8wtSZ" ]
}
method = "gLrztrNw"
body = "0jkKgGUC"
disable_redirects = false
tcp = "4jG5casb"
h2ping = "HCHU7gEb"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "28767s"
output_max_size = 4096
docker_container_id = "THW6u7rL"
shell = "C1Zt3Zwh"
2022-06-07 17:27:14 +00:00
os_service = "aqq95BhP"
tls_server_name = "6adc3bfb"
tls_skip_verify = true
timeout = "18506s"
deregister_critical_service_after = "2366s"
}
]
check_update_interval = "16507s"
client_addr = "93.83.18.19"
config_entries {
# This is using the repeated block-to-array HCL magic
bootstrap {
kind = "proxy-defaults"
name = "global"
config {
foo = "bar"
bar = 1.0
}
}
}
auto_encrypt = {
tls = false
dns_san = ["a.com", "b.com"]
ip_san = ["192.168.4.139", "192.168.4.140"]
allow_tls = true
}
cloud {
resource_id = "N43DsscE"
client_id = "6WvsDZCP"
client_secret = "lCSMHOpB"
hostname = "DH4bh7aC"
auth_url = "332nCdR2"
scada_address = "aoeusth232"
}
connect {
ca_provider = "consul"
ca_config {
intermediate_cert_ttl = "8760h"
leaf_cert_ttl = "1h"
root_cert_ttl = "96360h"
# hack float since json parses numbers as float and we have to
# assert against the same thing
csr_max_per_second = 100.0
csr_max_concurrent = 2.0
}
enable_mesh_gateway_wan_federation = false
enabled = true
}
gossip_lan {
gossip_nodes = 6
gossip_interval = "25252s"
retransmit_mult = 1234
suspicion_mult = 1235
probe_interval = "101ms"
probe_timeout = "102ms"
}
gossip_wan {
gossip_nodes = 2
gossip_interval = "6966s"
retransmit_mult = 16384
suspicion_mult = 16385
probe_interval = "103ms"
probe_timeout = "104ms"
}
datacenter = "rzo029wg"
default_query_time = "16743s"
disable_anonymous_signature = true
disable_coordinates = true
disable_host_node_id = true
disable_http_unprintable_char_filter = true
disable_keyring_file = true
disable_remote_exec = true
disable_update_check = true
discard_check_output = true
discovery_max_stale = "5s"
domain = "7W1xXSqd"
alt_domain = "1789hsd"
dns_config {
allow_stale = true
a_record_limit = 29907
disable_compression = true
enable_truncate = true
max_stale = "29685s"
node_ttl = "7084s"
only_passing = true
recursor_timeout = "4427s"
service_ttl = {
"*" = "32030s"
}
udp_answer_limit = 29909
use_cache = true
cache_max_age = "5m"
prefer_namespace = true
}
enable_acl_replication = true
enable_agent_tls_for_checks = true
enable_central_service_config = false
enable_debug = true
enable_script_checks = true
enable_local_script_checks = true
enable_syslog = true
encrypt = "A4wELWqH"
encrypt_verify_incoming = true
encrypt_verify_outgoing = true
experiments = [
"foo"
]
http_config {
block_endpoints = [ "RBvAFcGD", "fWOWFznh" ]
allow_write_http_from = [ "127.0.0.1/8", "22.33.44.55/32", "0.0.0.0/0" ]
response_headers = {
"M6TKa9NP" = "xjuxjOzQ"
"JRCrHZed" = "rl0mTx81"
}
use_cache = false
max_header_bytes = 10
}
key_file = "IEkkwgIA"
leave_on_terminate = true
license_path = "/path/to/license.lic"
limits {
http_max_conns_per_client = 100
https_handshake_timeout = "2391ms"
rpc_handshake_timeout = "1932ms"
rpc_client_timeout = "62s"
rpc_rate = 12029.43
rpc_max_burst = 44848
rpc_max_conns_per_client = 2954
kv_max_value_size = 1234567800
txn_max_req_len = 567800000
adding config for request_limits (#15531) * server: add placeholder glue for rate limit handler This commit adds a no-op implementation of the rate-limit handler and adds it to the `consul.Server` struct and setup code. This allows us to start working on the net/rpc and gRPC interceptors and config logic. * Add handler errors * Set the global read and write limits * fixing multilimiter moving packages * Fix typo * Simplify globalLimit usage * add multilimiter and tests * exporting LimitedEntity * Apply suggestions from code review Co-authored-by: John Murret <john.murret@hashicorp.com> * add config update and rename config params * add doc string and split config * Apply suggestions from code review Co-authored-by: Dan Upton <daniel@floppy.co> * use timer to avoid go routine leak and change the interface * add comments to tests * fix failing test * add prefix with config edge, refactor tests * Apply suggestions from code review Co-authored-by: Dan Upton <daniel@floppy.co> * refactor to apply configs for limiters under a prefix * add fuzz tests and fix bugs found. Refactor reconcile loop to have a simpler logic * make KeyType an exported type * split the config and limiter trees to fix race conditions in config update * rename variables * fix race in test and remove dead code * fix reconcile loop to not create a timer on each loop * add extra benchmark tests and fix tests * fix benchmark test to pass value to func * server: add placeholder glue for rate limit handler This commit adds a no-op implementation of the rate-limit handler and adds it to the `consul.Server` struct and setup code. This allows us to start working on the net/rpc and gRPC interceptors and config logic. * Set the global read and write limits * fixing multilimiter moving packages * add server configuration for global rate limiting. * remove agent test * remove added stuff from handler * remove added stuff from multilimiter * removing unnecessary TODOs * Removing TODO comment from handler * adding in defaulting to infinite * add disabled status in there * adding in documentation for disabled mode. * make disabled the default. * Add mock and agent test * addig documentation and missing mock file. * Fixing test TestLoad_IntegrationWithFlags * updating docs based on PR feedback. * Updating Request Limits mode to use int based on PR feedback. * Adding RequestLimits struct so we have a nested struct in ReloadableConfig. * fixing linting references * Update agent/consul/rate/handler.go Co-authored-by: Dan Upton <daniel@floppy.co> * Update agent/consul/config.go Co-authored-by: Dan Upton <daniel@floppy.co> * removing the ignore of the request limits in JSON. addingbuilder logic to convert any read rate or write rate less than 0 to rate.Inf * added conversion function to convert request limits object to handler config. * Updating docs to reflect gRPC and RPC are rate limit and as a result, HTTP requests are as well. * Updating values for TestLoad_FullConfig() so that they were different and discernable. * Updating TestRuntimeConfig_Sanitize * Fixing TestLoad_IntegrationWithFlags test * putting nil check in place * fixing rebase * removing change for missing error checks. will put in another PR * Rebasing after default multilimiter config change * resolving rebase issues * updating reference for incomingRPCLimiter to use interface * updating interface * Updating interfaces * Fixing mock reference Co-authored-by: Daniel Upton <daniel@floppy.co> Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2022-12-13 20:09:55 +00:00
request_limits {
mode = "permissive"
read_rate = 99.0
write_rate = 101.0
}
}
locality = {
region = "us-east-2"
zone = "us-east-2b"
}
log_level = "k1zo9Spt"
log_json = true
max_query_time = "18237s"
node_id = "AsUIlw99"
node_meta {
"5mgGQMBk" = "mJLtVMSG"
"A7ynFMJB" = "0Nx6RGab"
}
node_name = "otlLxGaI"
non_voting_server = true
partition = ""
peering {
enabled = true
}
performance {
leave_drain_time = "8265s"
raft_multiplier = 5
rpc_hold_timeout = "15707s"
grpc_keepalive_interval = "33s"
grpc_keepalive_timeout = "22s"
}
pid_file = "43xN80Km"
ports {
dns = 7001
http = 7999
https = 15127
server = 3757
grpc = 4881
grpc_tls = 5201
proxy_min_port = 2000
proxy_max_port = 3000
sidecar_min_port = 8888
sidecar_max_port = 9999
expose_min_port = 1111
expose_max_port = 2222
}
protocol = 30793
primary_datacenter = "ejtmd43d"
primary_gateways = [ "aej8eeZo", "roh2KahS" ]
primary_gateways_interval = "18866s"
raft_protocol = 3
raft_snapshot_threshold = 16384
raft_snapshot_interval = "30s"
raft_trailing_logs = 83749
raft_logstore {
backend = "wal"
disable_log_cache = true
verification {
enabled = true
interval = "12345s"
}
boltdb {
no_freelist_sync = true
}
wal {
segment_size_mb = 15
}
}
read_replica = true
reconnect_timeout = "23739s"
reconnect_timeout_wan = "26694s"
recursors = [ "63.38.39.58", "92.49.18.18" ]
rejoin_after_leave = true
reporting = {
license = {
enabled = false
}
}
retry_interval = "8067s"
retry_interval_wan = "28866s"
retry_join = [ "pbsSFY7U", "l0qLtWij" ]
retry_join_wan = [ "PFsR02Ye", "rJdQIhER" ]
retry_max = 913
retry_max_wan = 23160
rpc {
enable_streaming = true
}
segment_limit = 123
serf_lan = "99.43.63.15"
serf_wan = "67.88.33.19"
server = true
server_name = "Oerr9n1G"
agent: prevent very old servers re-joining a cluster with stale data (#17171) * agent: configure server lastseen timestamp Signed-off-by: Dan Bond <danbond@protonmail.com> * use correct config Signed-off-by: Dan Bond <danbond@protonmail.com> * add comments Signed-off-by: Dan Bond <danbond@protonmail.com> * use default age in test golden data Signed-off-by: Dan Bond <danbond@protonmail.com> * add changelog Signed-off-by: Dan Bond <danbond@protonmail.com> * fix runtime test Signed-off-by: Dan Bond <danbond@protonmail.com> * agent: add server_metadata Signed-off-by: Dan Bond <danbond@protonmail.com> * update comments Signed-off-by: Dan Bond <danbond@protonmail.com> * correctly check if metadata file does not exist Signed-off-by: Dan Bond <danbond@protonmail.com> * follow instructions for adding new config Signed-off-by: Dan Bond <danbond@protonmail.com> * add comments Signed-off-by: Dan Bond <danbond@protonmail.com> * update comments Signed-off-by: Dan Bond <danbond@protonmail.com> * Update agent/agent.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent/config: add validation for duration with min Signed-off-by: Dan Bond <danbond@protonmail.com> * docs: add new server_rejoin_age_max config definition Signed-off-by: Dan Bond <danbond@protonmail.com> * agent: add unit test for checking server last seen Signed-off-by: Dan Bond <danbond@protonmail.com> * agent: log continually for 60s before erroring Signed-off-by: Dan Bond <danbond@protonmail.com> * pr comments Signed-off-by: Dan Bond <danbond@protonmail.com> * remove unneeded todo * agent: fix error message Signed-off-by: Dan Bond <danbond@protonmail.com> --------- Signed-off-by: Dan Bond <danbond@protonmail.com> Co-authored-by: Dan Upton <daniel@floppy.co>
2023-05-15 11:05:47 +00:00
server_rejoin_age_max = "604800s"
service = {
id = "dLOXpSCI"
name = "o1ynPkp0"
meta = {
mymeta = "data"
}
tagged_addresses = {
lan = {
address = "2d79888a"
port = 2143
}
wan = {
address = "d4db85e2"
port = 6109
}
}
tags = ["nkwshvM5", "NTDWn3ek"]
address = "cOlSOhbp"
token = "msy7iWER"
port = 24237
weights = {
passing = 100,
warning = 1
}
enable_tag_override = true
check = {
id = "RMi85Dv8"
name = "iehanzuq"
status = "rCvn53TH"
notes = "fti5lfF3"
args = ["16WRUmwS", "QWk7j7ae"]
http = "dl3Fgme3"
header = {
rjm4DEd3 = [ "2m3m2Fls" ]
l4HwQ112 = [ "fk56MNlo", "dhLK56aZ" ]
}
method = "9afLm3Mj"
body = "wVVL2V6f"
disable_redirects = true
tcp = "fjiLFqVd"
h2ping = "5NbNWhan"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "23926s"
docker_container_id = "dO5TtRHk"
shell = "e6q2ttES"
2022-06-07 17:27:14 +00:00
os_service = "RAa85Dv8"
tls_server_name = "ECSHk8WF"
tls_skip_verify = true
timeout = "38483s"
deregister_critical_service_after = "68787s"
}
checks = [
{
id = "Zv99e9Ka"
name = "sgV4F7Pk"
notes = "yP5nKbW0"
status = "7oLMEyfu"
args = ["5wEZtZpv", "0Ihyk8cS"]
http = "KyDjGY9H"
header = {
"gv5qefTz" = [ "5Olo2pMG", "PvvKWQU5" ]
"SHOVq1Vv" = [ "jntFhyym", "GYJh32pp" ]
}
method = "T66MFBfR"
body = "OwGjTFQi"
disable_redirects = true
tcp = "bNnNfx2A"
h2ping = "qC1pidiW"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "22224s"
output_max_size = 4096
docker_container_id = "ipgdFtjd"
shell = "omVZq7Sz"
2022-06-07 17:27:14 +00:00
os_service = "ZA99e9Ka"
tls_server_name = "axw5QPL5"
tls_skip_verify = true
timeout = "18913s"
deregister_critical_service_after = "8482s"
},
{
id = "G79O6Mpr"
name = "IEqrzrsd"
notes = "SVqApqeM"
status = "XXkVoZXt"
args = ["wD05Bvao", "rLYB7kQC"]
http = "kyICZsn8"
header = {
"4ebP5vL4" = [ "G20SrL5Q", "DwPKlMbo" ]
"p2UI34Qz" = [ "UsG1D0Qh", "NHhRiB6s" ]
}
method = "ciYHWors"
body = "lUVLGYU7"
disable_redirects = false
tcp = "FfvCwlqH"
h2ping = "spI3muI3"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "12356s"
output_max_size = 4096
docker_container_id = "HBndBU6R"
shell = "hVI33JjA"
2022-06-07 17:27:14 +00:00
os_service = "GAaO6Mpr"
tls_server_name = "7uwWOnUS"
tls_skip_verify = true
timeout = "38282s"
deregister_critical_service_after = "4992s"
}
]
connect {
native = true
}
locality = {
region = "us-west-1"
zone = "us-west-1a"
}
}
services = [
{
id = "wI1dzxS4"
name = "7IszXMQ1"
tags = ["0Zwg8l6v", "zebELdN5"]
address = "9RhqPSPB"
token = "myjKJkWH"
port = 72219
enable_tag_override = true
check = {
id = "qmfeO5if"
name = "atDGP7n5"
status = "pDQKEhWL"
notes = "Yt8EDLev"
args = ["81EDZLPa", "bPY5X8xd"]
http = "qzHYvmJO"
header = {
UkpmZ3a3 = [ "2dfzXuxZ" ]
cVFpko4u = [ "gGqdEB6k", "9LsRo22u" ]
}
method = "X5DrovFc"
body = "WeikigLh"
disable_redirects = true
tcp = "ICbxkpSF"
h2ping = "7s7BbMyb"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "24392s"
output_max_size = 4096
docker_container_id = "ZKXr68Yb"
shell = "CEfzx0Fo"
2022-06-07 17:27:14 +00:00
os_service = "amfeO5if"
tls_server_name = "4f191d4F"
tls_skip_verify = true
timeout = "38333s"
deregister_critical_service_after = "44214s"
}
connect {
sidecar_service {}
}
locality = {
region = "us-east-1"
zone = "us-east-1a"
}
},
{
id = "MRHVMZuD"
name = "6L6BVfgH"
tags = ["7Ale4y6o", "PMBW08hy"]
address = "R6H6g8h0"
token = "ZgY8gjMI"
port = 38292
weights = {
passing = 1979,
warning = 6
}
enable_tag_override = true
checks = [
{
id = "GTti9hCo"
name = "9OOS93ne"
notes = "CQy86DH0"
status = "P0SWDvrk"
args = ["EXvkYIuG", "BATOyt6h"]
http = "u97ByEiW"
header = {
"MUlReo8L" = [ "AUZG7wHG", "gsN0Dc2N" ]
"1UJXjVrT" = [ "OJgxzTfk", "xZZrFsq7" ]
}
method = "5wkAxCUE"
body = "7CRjCJyz"
disable_redirects = false
tcp = "MN3oA9D2"
h2ping = "OV6Q2XEg"
2021-10-05 01:36:18 +00:00
h2ping_use_tls = false
interval = "32718s"
output_max_size = 4096
docker_container_id = "cU15LMet"
shell = "nEz9qz2l"
2022-06-07 17:27:14 +00:00
os_service = "GTti9hCA"
tls_server_name = "f43ouY7a"
tls_skip_verify = true
timeout = "34738s"
deregister_critical_service_after = "84282s"
},
{
id = "UHsDeLxG"
name = "PQSaPWlT"
notes = "jKChDOdl"
status = "5qFz6OZn"
output_max_size = 4096
timeout = "4868s"
ttl = "11222s"
deregister_critical_service_after = "68482s"
}
]
connect {}
},
{
id = "Kh81CPF6"
name = "Kh81CPF6-proxy"
port = 31471
kind = "connect-proxy"
proxy {
destination_service_name = "6L6BVfgH"
destination_service_id = "6L6BVfgH-id"
local_service_address = "127.0.0.2"
local_service_port = 23759
config {
cedGGtZf = "pWrUNiWw"
}
upstreams = [
{
destination_name = "KPtAj2cb"
local_bind_port = 4051
config {
kzRnZOyd = "nUNKoL8H"
}
},
{
destination_type = "prepared_query"
destination_namespace = "9nakw0td"
2021-08-20 16:57:45 +00:00
destination_partition = "part-9nakw0td"
destination_name = "KSd8HsRl"
local_bind_port = 11884
local_bind_address = "127.24.88.0"
},
{
destination_type = "prepared_query"
destination_namespace = "9nakw0td"
2021-08-20 16:57:45 +00:00
destination_partition = "part-9nakw0td"
destination_name = "placeholder"
local_bind_socket_path = "/foo/bar/upstream"
local_bind_socket_mode = "0600"
},
]
expose {
checks = true
paths = [
{
path = "/health"
local_path_port = 8080
listener_port = 21500
protocol = "http"
}
]
}
mode = "transparent"
transparent_proxy = {
outbound_listener_port = 10101
dialed_directly = true
}
}
},
{
id = "kvVqbwSE"
kind = "mesh-gateway"
name = "gw-primary-dc"
port = 27147
proxy {
config {
"1CuJHVfw" = "Kzqsa7yc"
}
}
}
]
session_ttl_min = "26627s"
skip_leave_on_interrupt = true
start_join = [ "LR3hGDoG", "MwVpZ4Up" ]
start_join_wan = [ "EbFSc3nA", "kwXTh623" ]
syslog_facility = "hHv79Uia"
tagged_addresses = {
"7MYgHrYH" = "dALJAhLD"
"h6DdBy6K" = "ebrr9zZ8"
}
telemetry {
circonus_api_app = "p4QOTe9j"
circonus_api_token = "E3j35V23"
circonus_api_url = "mEMjHpGg"
circonus_broker_id = "BHlxUhed"
circonus_broker_select_tag = "13xy1gHm"
circonus_check_display_name = "DRSlQR6n"
circonus_check_force_metric_activation = "Ua5FGVYf"
circonus_check_id = "kGorutad"
circonus_check_instance_id = "rwoOL6R4"
circonus_check_search_tag = "ovT4hT4f"
circonus_check_tags = "prvO4uBl"
circonus_submission_interval = "DolzaflP"
circonus_submission_url = "gTcbS93G"
enable_host_metrics = true
disable_hostname = true
dogstatsd_addr = "0wSndumK"
dogstatsd_tags = [ "3N81zSUB","Xtj8AnXZ" ]
retry_failed_connection = true
filter_default = true
prefix_filter = [ "+oJotS8XJ","-cazlEhGn" ]
metrics_prefix = "ftO6DySn"
prometheus_retention_time = "15s"
statsd_address = "drce87cy"
statsite_address = "HpFwKB8R"
disable_per_tenancy_usage_metrics = true
}
tls {
defaults {
ca_file = "a5tY0opl"
ca_path = "bN63LpXu"
cert_file = "hB4PoxkL"
key_file = "Po0hB1tY"
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
tls_min_version = "TLSv1_2"
verify_incoming = true
verify_outgoing = true
}
internal_rpc {
ca_file = "mKl19Utl"
ca_path = "lOp1nhPa"
cert_file = "dfJ4oPln"
key_file = "aL1Knkpo"
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
tls_min_version = "TLSv1_1"
verify_incoming = true
verify_outgoing = true
verify_server_hostname = true
}
https {
ca_file = "7Yu1PolM"
ca_path = "nu4PlHzn"
cert_file = "1yrhPlMk"
key_file = "1bHapOkL"
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
tls_min_version = "TLSv1_3"
verify_incoming = true
verify_outgoing = true
}
grpc {
ca_file = "lOp1nhJk"
ca_path = "fLponKpl"
cert_file = "a674klPn"
key_file = "1y4prKjl"
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA"
tls_min_version = "TLSv1_0"
verify_incoming = true
use_auto_cert = true
}
}
agent: convert listener config to TLS types (#12522) * tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 19:32:25 +00:00
tls_cipher_suites = "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256"
tls_min_version = "tls11"
tls_prefer_server_cipher_suites = true
translate_wan_addrs = true
ui_config {
dir = "pVncV4Ey"
content_path = "qp1WRhYH"
metrics_provider = "sgnaoa_lower_case"
metrics_provider_files = ["sgnaMFoa", "dicnwkTH"]
metrics_provider_options_json = "{\"DIbVQadX\": 1}"
metrics_proxy {
base_url = "http://foo.bar"
add_headers = [
{
name = "p3nynwc9"
value = "TYBgnN2F"
}
]
path_allowlist = ["/aSh3cu", "/eiK/2Th"]
}
dashboard_url_templates {
u2eziu2n_lower_case = "http://lkjasd.otr"
}
}
unix_sockets = {
group = "8pFodrV8"
mode = "E8sAwOv4"
user = "E0nB1DwA"
}
verify_incoming = true
verify_incoming_https = true
verify_incoming_rpc = true
verify_outgoing = true
verify_server_hostname = true
watches = [{
type = "key"
datacenter = "GyE6jpeW"
key = "j9lF1Tve"
handler = "90N7S4LN"
}, {
type = "keyprefix"
datacenter = "fYrl3F5d"
key = "sl3Dffu7"
args = ["dltjDJ2a", "flEa7C2d"]
}]
xds {
update_max_per_second = 9526.2
}