status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-22 11:40:06 +00:00
Code Issues Projects Releases Wiki Activity
9,049 Commits 445 Branches 179 Tags 489 MiB
Commit Graph

1251 Commits

Author SHA1 Message Date
MagnumOpus21
6cecf2961d Agent/Proxy : Properly passes env variables to child 2018-07-09 12:28:29 -04:00
Pierre Souchay
ff53648df2 Merge remote-tracking branch 'origin/master' into ACL_additional_info 2018-07-07 14:09:18 +02:00
Pierre Souchay
0e4e451a56 Fixed indentation in test 2018-07-07 14:03:34 +02:00
Kyle Havlovitz
401b206a2e
Store the time CARoot is rotated out instead of when to prune 2018-07-06 16:05:25 -07:00
MagnumOpus21
1cd1b55682 Agent/Proxy : Properly passes env variables to child 2018-07-05 22:04:29 -04:00
Matt Keeler
e3783a75e7 Refactor to make this much less confusing 2018-07-03 11:04:19 -04:00
Matt Keeler
554035974e Add a bunch of comments about preventing multi-cname 
Hopefully this a bit clearer as to the reasoning
 2018-07-03 10:32:52 -04:00
Matt Keeler
22c2be5bf1 Fix some edge cases and add some tests. 2018-07-02 16:58:52 -04:00
Matt Keeler
9a8500412b Only allow 1 CNAME when querying for a service. 
This just makes sure that if multiple services are registered with unique service addresses that we don’t blast back multiple CNAMEs for the same service DNS name and keeps us within the DNS specs.
 2018-07-02 16:12:06 -04:00
Kyle Havlovitz
1492243e0a
connect/ca: add logic for pruning old stale RootCA entries 2018-07-02 10:35:05 -07:00
Matt Keeler
8a12d803fd
Merge pull request #4315 from hashicorp/bugfix/fix-server-enterprise 
Move starting enterprise functionality
 2018-07-02 12:28:10 -04:00
Pierre Souchay
bd023f352e Updated swith case to use same branch for async-cache and extend-cache 2018-07-02 17:39:34 +02:00
Pierre Souchay
1e7665c0d5 Updated documentation and adding more test case for async-cache 2018-07-01 23:50:30 +02:00
Pierre Souchay
abde81a3e7 Added async-cache with similar behaviour as extend-cache but asynchronously 2018-07-01 23:50:30 +02:00
Pierre Souchay
9406ca1c95 Only send one single ACL cache refresh across network when TTL is over 
It will allow the following:

 * when connectivity is limited (saturated linnks between DCs), only one
   single request to refresh an ACL will be sent to ACL master DC instead
   of statcking ACL refresh queries
 * when extend-cache is used for ACL, do not wait for result, but refresh
   the ACL asynchronously, so no delay is not impacting slave DC
 * When extend-cache is not used, keep the existing blocking mechanism,
   but only send a single refresh request.

This will fix https://github.com/hashicorp/consul/issues/3524
 2018-07-01 23:50:30 +02:00
Abhishek Chanda
36306c0076 Change bind_port to an int 2018-06-30 14:18:13 +01:00
Matt Keeler
22b7b688a3
Move starting enterprise functionality 2018-06-29 17:38:29 -04:00
Mitchell Hashimoto
6ef28dece0
agent/config: parse upstreams with multiple service definitions 2018-06-28 15:13:33 -05:00
Mitchell Hashimoto
e155d58b19
Merge pull request #4297 from hashicorp/b-intention-500-2 
agent: 400 error on invalid UUID format, api handles errors properly
 2018-06-28 05:27:19 +02:00
Matt Keeler
0f70034082 Move default uuid test into the consul package 2018-06-27 09:21:58 -04:00
Matt Keeler
d1a8f9cb3f go fmt changes 2018-06-27 09:07:22 -04:00
Mitchell Hashimoto
1c3e9af316
agent: 400 error on invalid UUID format, api handles errors properly 2018-06-27 07:40:06 +02:00
Matt Keeler
cf69ec42a4 Make sure to generate UUIDs when services are registered without one 
This makes the behavior line up with the docs and expected behavior
 2018-06-26 17:04:08 -04:00
mkeeler
28141971f9
Release v1.2.0 2018-06-25 19:45:20 +00:00
mkeeler
6813a99081 Merge remote-tracking branch 'connect/f-connect' 2018-06-25 19:42:51 +00:00
Kyle Havlovitz
162daca4d7 revert go changes to hide rotation config 2018-06-25 12:26:18 -07:00
Kyle Havlovitz
c20bbf8760 connect/ca: hide the RotationPeriod config field since it isn't used yet 2018-06-25 12:26:18 -07:00
Mitchell Hashimoto
a76f652fd2 agent: convert the proxy bind_port to int if it is a float 2018-06-25 12:26:18 -07:00
Matt Keeler
677d6dac80 Remove x509 name constraints 
These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.
 2018-06-25 12:26:10 -07:00
Matt Keeler
163fe11101 Make sure we omit the Kind value in JSON if empty 2018-06-25 12:26:10 -07:00
Jack Pearkes
105c4763dc update UI to latest 2018-06-25 12:25:42 -07:00
Kyle Havlovitz
3baa67cdef connect/ca: pull the cluster ID from config during a rotation 2018-06-25 12:25:42 -07:00
Kyle Havlovitz
8c2c9705d9 connect/ca: use weak type decoding in the Vault config parsing 2018-06-25 12:25:42 -07:00
Kyle Havlovitz
b4ef7bb64d connect/ca: leave blank root key/cert out of the default config (unnecessary) 2018-06-25 12:25:42 -07:00
Kyle Havlovitz
050da22473 connect/ca: undo the interface changes and use sign-self-issued in Vault 2018-06-25 12:25:42 -07:00
Kyle Havlovitz
914d9e5e20 connect/ca: add leaf verify check to cross-signing tests 2018-06-25 12:25:41 -07:00
Kyle Havlovitz
bc997688e3 connect/ca: update Consul provider to use new cross-sign CSR method 2018-06-25 12:25:41 -07:00
Kyle Havlovitz
8a70ea64a6 connect/ca: update Vault provider to add cross-signing methods 2018-06-25 12:25:41 -07:00
Kyle Havlovitz
6a2fc00997 connect/ca: add URI SAN support to the Vault provider 2018-06-25 12:25:41 -07:00
Kyle Havlovitz
226a59215d connect/ca: fix vault provider URI SANs and test 2018-06-25 12:25:41 -07:00
Kyle Havlovitz
1a8ac686b2 connect/ca: add the Vault CA provider 2018-06-25 12:25:41 -07:00
Paul Banks
51fc48e8a6 Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift 2018-06-25 12:25:41 -07:00
Paul Banks
e33bfe249e Note leadership issues in comments 2018-06-25 12:25:41 -07:00
Paul Banks
b5f24a21cb Fix test broken by final telemetry PR change! 2018-06-25 12:25:40 -07:00
Paul Banks
e514570dfa Actually return Intermediate certificates bundled with a leaf! 2018-06-25 12:25:40 -07:00
Matt Keeler
e22b9c8e15 Output the service Kind in the /v1/internal/ui/services endpoint 2018-06-25 12:25:40 -07:00
Paul Banks
17789d4fe3 register TCP check for managed proxies 2018-06-25 12:25:40 -07:00
Paul Banks
280f14d64c Make proxy only listen after initial certs are fetched 2018-06-25 12:25:40 -07:00
Paul Banks
420ae3df69 Limit proxy telemetry config to only be visible with authenticated with a proxy token 2018-06-25 12:25:39 -07:00
Paul Banks
597e55e8e2 Misc test fixes 2018-06-25 12:25:39 -07:00