Most of the groundwork was laid in previous PRs between adding the cert-monitor package to extracting the logic of signing certificates out of the connect_ca_endpoint.go code and into a method on the server.
This also refactors the auto-config package a bit to split things out into multiple files.
Refactoring of the agentpb package.
First move the whole thing to the top-level proto package name.
Secondly change some things around internally to have sub-packages.
# Conflicts:
# agent/consul/state/acl.go
# agent/consul/state/acl_test.go
Instead it has an interface which can be mocked for better unit testing that is deterministic and not prone to flakiness.
# Conflicts:
# agent/pool/pool.go
On the servers they must have a certificate.
On the clients they just have to set verify_outgoing to true to attempt TLS connections for RPCs.
Eventually we may relax these restrictions but right now all of the settings we push down (acl tokens, acl related settings, certificates, gossip key) are sensitive and shouldn’t be transmitted over an unencrypted connection. Our guides and docs should recoommend verify_server_hostname on the clients as well.
Another reason to do this is weird things happen when making an insecure RPC when TLS is not enabled. Basically it tries TLS anyways. We should probably fix that to make it clearer what is going on.
Matt Keeler
Daniel Nephin
Matt Keeler