Kyle Havlovitz
ed87949385
Merge pull request #4400 from hashicorp/leaf-cert-ttl
...
Add configurable leaf cert TTL to Connect CA
2018-07-25 17:53:25 -07:00
Paul Banks
8cbeb29e73
Fixes #4421 : General solution to stop blocking queries with index 0 ( #4437 )
...
* Fix theoretical cache collision bug if/when we use more cache types with same result type
* Generalized fix for blocking query handling when state store methods return zero index
* Refactor test retry to only affect CI
* Undo make file merge
* Add hint to error message returned to end-user requests if Connect is not enabled when they try to request cert
* Explicit error for Roots endpoint if connect is disabled
* Fix tests that were asserting old behaviour
2018-07-25 20:26:27 +01:00
Kyle Havlovitz
d6ca015a42
connect/ca: add configurable leaf cert TTL
2018-07-16 13:33:37 -07:00
Matt Keeler
7572ca0f37
Merge pull request #4374 from hashicorp/feature/proxy-env-vars
...
Setup managed proxy environment with API client env vars
2018-07-12 09:13:54 -04:00
Matt Keeler
7dfd2ab316
Add some tests for GenerateEnv
2018-07-12 07:43:51 -04:00
Matt Keeler
c54b43bef3
PR Updates
...
Proxy now doesn’t need to know anything about the api as we pass env vars to it instead of the api config.
2018-07-11 09:44:54 -04:00
Matt Keeler
3b6eef8ec6
Pass around an API Config object and convert to env vars for the managed proxy
2018-07-10 12:13:51 -04:00
Hamish
9043966efd
Fix lock and semaphore timeouts
2018-07-06 10:55:25 +01:00
Mitchell Hashimoto
1c3e9af316
agent: 400 error on invalid UUID format, api handles errors properly
2018-06-27 07:40:06 +02:00
Kyle Havlovitz
162daca4d7
revert go changes to hide rotation config
2018-06-25 12:26:18 -07:00
Kyle Havlovitz
c20bbf8760
connect/ca: hide the RotationPeriod config field since it isn't used yet
2018-06-25 12:26:18 -07:00
Kyle Havlovitz
bc997688e3
connect/ca: update Consul provider to use new cross-sign CSR method
2018-06-25 12:25:41 -07:00
Paul Banks
b5f24a21cb
Fix test broken by final telemetry PR change!
2018-06-25 12:25:40 -07:00
Paul Banks
597e55e8e2
Misc test fixes
2018-06-25 12:25:39 -07:00
Paul Banks
96c416012e
Misc rebase and test fixes
2018-06-25 12:25:38 -07:00
Paul Banks
43b48bc06b
Get agent cache tests passing without global hit count (which is racy).
...
Few other fixes in here just to get a clean run locally - they are all also fixed in other PRs but shouldn't conflict.
This should be robust to timing between goroutines now.
2018-06-25 12:25:37 -07:00
Paul Banks
05a8097c5d
Fix misc test failures (some from other PRs)
2018-06-25 12:25:13 -07:00
Kyle Havlovitz
82a4b3c13f
connect: fix two CA tests that were broken in a previous PR ( #60 )
2018-06-25 12:25:10 -07:00
Paul Banks
0824d1df5f
Misc comment cleanups
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
71216631d7
api: update intention struct for precedence
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
77a8003475
api: change Connect to a query option
2018-06-25 12:24:14 -07:00
Mitchell Hashimoto
b55f0641e6
api: support ExecuteConnect
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
297e4f272e
api: support native connect
2018-06-25 12:24:10 -07:00
Paul Banks
df2cb30b01
Make tests pass and clean proxy persistence. No detached child changes yet.
...
This is a good state for persistence stuff to re-start the detached child work that got mixed up last time.
2018-06-25 12:24:10 -07:00
Paul Banks
cdc7cfaa36
Abandon daemonize for simpler solution (preserving history):
...
Reverts:
- bdb274852ae469c89092d6050697c0ff97178465
- 2c689179c4f61c11f0016214c0fc127a0b813bfe
- d62e25c4a7ab753914b6baccd66f88ffd10949a3
- c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
- 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
- 85c3f8df3eabc00f490cd392213c3b928a85aa44
2018-06-25 12:24:10 -07:00
Paul Banks
ba0fb58a72
Make daemoinze an option on test binary without hacks. Misc fixes for racey or broken tests. Still failing on several though.
2018-06-25 12:24:09 -07:00
Kyle Havlovitz
74f225fcd2
Add client api support for CA config endpoints
2018-06-14 09:42:22 -07:00
Mitchell Hashimoto
3a6a750972
api: IntentionUpdate API
2018-06-14 09:42:20 -07:00
Mitchell Hashimoto
f27711a319
api: IntentionDelete + tests
2018-06-14 09:42:18 -07:00
Mitchell Hashimoto
272211e171
command/intention/get: the get command without tests
2018-06-14 09:42:18 -07:00
Mitchell Hashimoto
988d7d984a
command/intention/finder: package for finding based on src/dst
2018-06-14 09:42:18 -07:00
Mitchell Hashimoto
961e9c1eaf
command/intention/create
2018-06-14 09:42:18 -07:00
Mitchell Hashimoto
a5ecdc5798
api: IntentionCheck
2018-06-14 09:42:18 -07:00
Paul Banks
7c7c858a9a
More test cleanup
2018-06-14 09:42:16 -07:00
Paul Banks
4aeab3897c
Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes.
2018-06-14 09:42:16 -07:00
Mitchell Hashimoto
aaa2431350
agent: change connect command paths to be slices, not strings
...
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
Paul Banks
e0e12e165b
TLS watching integrated into Service with some basic tests.
...
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
Paul Banks
cd88b2a351
Basic `watch` support for connect proxy config and certificate endpoints.
...
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
- Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
- Integration into `connect` is partially done here but still WIP
2018-06-14 09:42:05 -07:00
Paul Banks
36dbd878c9
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
2018-06-14 09:41:58 -07:00
Paul Banks
88541bba17
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works.
...
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
2018-06-14 09:41:57 -07:00
Mitchell Hashimoto
97f5414d94
api: rename Authorize field to ClientCertURI
2018-06-14 09:41:56 -07:00
Mitchell Hashimoto
9638466b88
api: fix up some comments and rename IssuedCert to LeafCert
2018-06-14 09:41:56 -07:00
Mitchell Hashimoto
4689d8373a
api: IntentionMatch
2018-06-14 09:41:56 -07:00
Mitchell Hashimoto
663a12d96b
api: starting intention endpoints, reorganize files slightly
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
263e2c7cf7
api: endpoints for working with CA roots, agent authorize, etc.
2018-06-14 09:41:55 -07:00
Paul Banks
125555e1aa
require -> assert until rebase
2018-06-14 09:41:54 -07:00
Paul Banks
9309422fd9
Add Connect agent, catalog and health endpoints to api Client
2018-06-14 09:41:54 -07:00
Kyle Havlovitz
b73323aa42
Remove the script field from checks in favor of args
2018-05-08 15:31:53 -07:00
Pierre Souchay
c152cb7bdf
Added Missing Service Meta synchronization and field
2018-04-21 17:34:29 +02:00
Paul Banks
0d8993e338
Allow ignoring checks by ID when defining a PreparedQuery. Fixes #3727 .
2018-04-10 14:04:16 +01:00