status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
8,220 Commits 445 Branches 179 Tags 481 MiB
Commit Graph

1018 Commits

Author SHA1 Message Date
Mitchell Hashimoto 0e8c0b7b48
agent/proxy: implement snapshotting for daemons 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto b7580f4fad
agent/proxy: manager configures the daemon pid path to write pids 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 1e7f253b53
agent/proxy: write pid file whenever the daemon process changes 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 09dcb0be98
agent/proxy: change LogDir to DataDir to reuse for other things 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 5e6bd8291c
agent/proxy: make the logs test a bit more robust by waiting for file 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto d00ff7cb58
agent/proxy: don't create the directory in newProxy 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 6cdacd1fd9
agent/proxy: send logs to the correct location for daemon proxies 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto ba00fa3548
agent: add additional tests for defaulting in AddProxy 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 171bf8d599
agent: clean up defaulting of proxy configuration 
This cleans up and unifies how proxy settings defaults are applied.
 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 3d3eee2f6e
agent: resolve some conflicts and fix tests 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto d9bd4ffebd
agent/local: clarify the non-risk of a full buffer 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 437689e83c
agent/local: remove outdated comment 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 6ae95d754c
agent: use os.Executable 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 39974df52a
agent/proxy: local state event coalescing 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto b0f377b519
agent/proxy: implement force kill of unresponsive proxy process 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 6539280f2a
agent: fix crash that could happen if proxy was nil on load 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 420edc4c1e
agent/proxy: pull exit status extraction to constrained file 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 1a2b28602c
agent: start proxy manager 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 7879e1d2ef
agent/proxy: detect config change to stop/start proxies 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 2d60684a8b
agent/proxy: test removing proxies and stopping them 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto fcd2ab2338
agent/proxy: manager and basic tests, not great coverage yet coming soon 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto 2bd39a84a6
agent/local: add Notify mechanism for proxy changes 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto 476ea7b04a
agent: start/stop proxies 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto fbfc6fce66
agent/proxy: clean up usage, can't be restarted 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto aaa2431350
agent: change connect command paths to be slices, not strings 
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto 7355a614fe
agent/local: store proxy on local state, wip, not working yet 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto ffd284de36
agent/proxy: exponential backoff on restarts 2018-06-14 09:42:07 -07:00
Mitchell Hashimoto aa08a4cb46
agent/proxy: Daemon works, tests cover it too 2018-06-14 09:42:07 -07:00
Mitchell Hashimoto e14fa850d8
wip 2018-06-14 09:42:07 -07:00
Paul Banks e0e12e165b
TLS watching integrated into Service with some basic tests. 
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
 2018-06-14 09:42:07 -07:00
Paul Banks 90c574ebaa
Wire up agent leaf endpoint to cache framework to support blocking. 2018-06-14 09:42:07 -07:00
Kyle Havlovitz a4d18f0eaa
Fill out connect CA rpc endpoint tests 2018-06-14 09:42:06 -07:00
Kyle Havlovitz b081c34255
Fix config tests 2018-06-14 09:42:06 -07:00
Kyle Havlovitz cce7f1cca1
Add tests for the built in CA's state store table 2018-06-14 09:42:06 -07:00
Kyle Havlovitz 15fbc2fd97
Add more tests for built-in provider 2018-06-14 09:42:06 -07:00
Kyle Havlovitz edcfdb37af
Fix some inconsistencies around the CA provider code 2018-06-14 09:42:06 -07:00
Paul Banks 1b197d934a
Don't allow connect watches in agent/cli yet 2018-06-14 09:42:06 -07:00
Paul Banks e8c510332c
Support legacy watch.HandlerFunc type for backward compat reduces impact of change 2018-06-14 09:42:05 -07:00
Paul Banks cd88b2a351
Basic `watch` support for connect proxy config and certificate endpoints. 
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
 - Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
 - Integration into `connect` is partially done here but still WIP
 2018-06-14 09:42:05 -07:00
Kyle Havlovitz daa8dd1779
Add CA config to connect section of agent config 2018-06-14 09:42:05 -07:00
Kyle Havlovitz 32d1eae28b
Move ConsulCAProviderConfig into structs package 2018-06-14 09:42:04 -07:00
Kyle Havlovitz 315b8bf594
Simplify the CAProvider.Sign method 2018-06-14 09:42:04 -07:00
Kyle Havlovitz c6e1b72ccb
Simplify the CA provider interface by moving some logic out 2018-06-14 09:42:04 -07:00
Kyle Havlovitz a325388939
Clarify some comments and names around CA bootstrapping 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto 8c1d5a2cdc
agent: resolve flaky test by checking cache hits increase, rather than 
exact
 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto 051f004683
agent: use helper/retry instead of timing related tests 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto bd3b8e042a
agent/cache: address PR feedback, lots of typos 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 02b20a0353
agent/cache: address feedback, clarify comments 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto af1d70b026
agent/cache: don't every block on NotifyCh 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 724b829104
agent/cache: unit tests for ExpiryHeap, found a bug! 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 194b256861
agent/cache: send the total entries count on eviction to go-metrics 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto e0d964188c
agent/cache: make edge case with prev/next idx == 0 handled better 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 3b550d2b72
agent/cache: rework how expiry data is stored to be more efficient 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 595193a781
agent/cache: initial TTL work 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto 1df99514ca
agent/cache: send the RefreshTimeout into the backend fetch 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto db4c47df27
agent/cache: on error, return from Get immediately, don't block forever 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto cc2c98f961
agent/cache: lots of comment/doc updates 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto 6c01e402e0
agent: augment /v1/connect/authorize to cache intentions 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto 0f3f3d13ca
agent/cache-types: support intention match queries 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto e1c1b8812a
agent/cache: return the error as part of Get 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 00e7ab3cd5
agent/cache: integrate go-metrics so the cache is debuggable 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 9f3dbf7b2a
agent/structs: DCSpecificRequest sets all the proper fields for 
CacheInfo
 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto be873d2558
agent/cache-types/ca-leaf: proper result for timeout, race on setting CA 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto fcb15e15ae
agent/cache: support timeouts for cache reads and empty fetch results 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto e81942df7a
agent/cache-types: rename to separate root and leaf cache types 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 8e7c517db1
agent/cache-types: got basic CA leaf caching work, major problems still 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 917a9e63d5
agent: check cache hit count to verify CA root caching, background update 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto 6902d721d6
agent: initialize the cache and cache the CA roots 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto c329b4cb34
agent/cache: partition by DC/ACL token 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto e3c1162881
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto b0db5657c4
agent/cache: ConnectCA roots caching type 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto 975be337a9
agent/cache: blank cache key means to always fetch 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto 1cfb0f1922
agent/cache: initial kind-of working cache 2018-06-14 09:42:00 -07:00
Kyle Havlovitz 33418afd3c
Add cross-signing mechanism to root rotation 2018-06-14 09:42:00 -07:00
Kyle Havlovitz d83fbfc766
Add the root rotation mechanism to the CA config endpoint 2018-06-14 09:41:59 -07:00
Kyle Havlovitz f9d92d795e
Have the built in CA store its state in raft 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 30c1973e8b
Fix the testing endpoint's root set op 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 75f62e3117
Update the CA config endpoint to enable GETs 2018-06-14 09:41:59 -07:00
Kyle Havlovitz ab737ef0f8
Hook the CA RPC endpoint into the provider interface 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 1f6501895f
Add CA bootstrapping on establishing leadership 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 682f105c7c
Add the bootstrap config for the CA 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 9fc33d2a62
Add the CA provider interface and built-in provider 2018-06-14 09:41:58 -07:00
Kyle Havlovitz 1787f88618
Add CA config set to fsm operations 2018-06-14 09:41:58 -07:00
Kyle Havlovitz 6b3416e480
Add the Connect CA config to the state store 2018-06-14 09:41:58 -07:00
Paul Banks 36dbd878c9
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list. 2018-06-14 09:41:58 -07:00
Paul Banks 730da74369
Fix various test failures and vet warnings. 
Intention de-duplication in previously merged PR actualy failed some tests that were not caught be me or CI. I ran the test files for state changes but they happened not to trigger this case so I made sure they did first and then fixed. That fixed some upstream intention endpoint tests that I'd not run as part of testing the previous fix.
 2018-06-14 09:41:58 -07:00
Paul Banks 1e72ad66f5
Refactor localBlockingQuery to use memdb.WatchSet. Much simpler and correct as a bonus! 2018-06-14 09:41:58 -07:00
Paul Banks 8d09381b96
Super ugly hack to get TeamCity build to work for this PR without adding a vendor that is being added elsewhere and will conflict... 2018-06-14 09:41:58 -07:00
Paul Banks d73f079d0f
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test. 2018-06-14 09:41:57 -07:00
Paul Banks 2a69663448
Agent Connect Proxy config endpoint with hash-based blocking 2018-06-14 09:41:57 -07:00
Paul Banks 3e3f0e1f31
HTTP agent registration allows proxy to be defined. 2018-06-14 09:41:57 -07:00
Paul Banks e6071051cf
Added connect proxy config and local agent state setup on boot. 2018-06-14 09:41:57 -07:00
Paul Banks 88541bba17
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works. 
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
 2018-06-14 09:41:57 -07:00
Paul Banks ed9f07c361
Allow duplicate source or destination, but enforce uniqueness across all four. 2018-06-14 09:41:57 -07:00
Paul Banks 10db79c8ae
Rework connect/proxy and command/connect/proxy. End to end demo working again 2018-06-14 09:41:57 -07:00
Paul Banks 26e65f6bfd
connect.Service based implementation after review feedback. 2018-06-14 09:41:56 -07:00
Mitchell Hashimoto 95da20ffd7
agent: rename authorize param ClientID to ClientCertURI 2018-06-14 09:41:56 -07:00
Mitchell Hashimoto 6e57233913
agent: add TODO for verification 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto 5a47a53c70
acl: IntentionDefault => IntentionDefaultAllow 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto ac72a0c5fd
agent: ACL checks for authorize, default behavior 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto 6dc2db94ea
agent/structs: String format for Intention, used for logging 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto fb7bccc690
agent: bolster commenting for clearer understandability 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto 9a987d6452
agent: default deny on connect authorize endpoint 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 86a8ce45b9
agent: /v1/agent/connect/authorize is functional, with tests 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 3ef0b93159
agent/connect: Authorize for CertURI 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 70d1d5bf06
agent: get rid of method checks since they're done in the http layer 2018-06-14 09:41:54 -07:00
Paul Banks 9309422fd9
Add Connect agent, catalog and health endpoints to api Client 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 845f7cd8ad
agent/consul/state: ensure exactly one active CA exists when setting 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto ffe4cdfc15
agent/connect: support any values in the URL 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 75bf0e1638
agent/connect: support SpiffeIDSigning 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto 17ca8ad083
agent/connect: rename SpiffeID to CertURI 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto 0cbcb07d61
agent/connect: use proper keyusage fields for CA and leaf 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto 73442ada5a
agent/connect: address PR feedback for the CA.go file 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto d28ee70a56
agent: implement an always-200 authorize endpoint 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto a54d1af421
agent/consul: encode issued cert serial number as hex encoded 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto 4210003c86
agent/structs: hide some fields from JSON 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 63d674d07d
agent: /v1/connect/ca/configuration PUT for setting configuration 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 1c3dbc83ff
agent/consul/fsm,state: snapshot/restore for CA roots 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 90f423fd02
agent/consul/fsm,state: tests for CA root related changes 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 1c72639d60
agent/consul: set more fields on the issued cert 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto c2588262b7
agent: /v1/connect/ca/leaf/:service_id 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 571d9aa785
agent: CA root HTTP endpoints 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto e40afd6a73
agent/consul: CAS operations for setting the CA root 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 578db06600
agent/consul: tests for CA endpoints 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 891cd22ad9
agent/consul: key the public key of the CSR, verify in test 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto d768d5e9a7
agent/consul: test for ConnectCA.Sign 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto f4ec28bfe3
agent/consul: basic sign endpoint not tested yet 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 548ce190d5
agent/connect: package for agent-related Connect, parse SPIFFE IDs 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto 6d294b6bb4
agent/structs: json omit QueryMeta 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto e7536e5485
agent: /v1/connect/ca/roots 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto 5a950190f3
agent/consul: RPC endpoints to list roots 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto 130098b7b5
agent/consul/state: CARoot structs and initial state store 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 4d852e62a3
agent: address PR feedback 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 22a0eb6c67
agent: commenting some tests 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 6313bc5615
agent: clarified a number of comments per PR feedback 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 353953fcd2
agent/consul: Health.ServiceNodes ACL check for Connect 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto b6c0cb7115
agent/consul: Catalog endpoint ACL requirements for Connect proxies 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 3b07686648
agent: remove ConnectProxyServiceName 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 2feef5f7a3
agent/consul: require name for proxies 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 714026dfb7
agent: validate service entry on register 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 125fb96ff1
agent/structs: tests for PartialClone and IsSame for proxy fields 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 9781cb1ace
agent/local: anti-entropy for connect proxy services 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 44ec8d94d2
agent: clean up connect/non-connect duplication by using shared methods 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 368137b81b
agent: /v1/health/connect/:service 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 7d79f9c46f
agent/consul: implement Health.ServiceNodes for Connect, DNS works 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto 406366c45b
agent: working DNS for Connect queries, I think, but have to 
implement Health endpoints to be sure
 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto fd33b76ec2
agent: /v1/catalog/connect/:service 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto e01914a025
agent/consul: Catalog.ServiceNodes supports Connect filtering 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto 2062e37270
agent/consul/state: ConnectServiceNodes 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto 7ed26e2c64
agent/consul: enforce ACL on ProxyDestination 2018-06-14 09:41:47 -07:00