status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
8,363 Commits 445 Branches 179 Tags 481 MiB
Commit Graph

84 Commits

Author SHA1 Message Date
Paul Banks b5f24a21cb Fix test broken by final telemetry PR change! 2018-06-25 12:25:40 -07:00
Paul Banks 280f14d64c Make proxy only listen after initial certs are fetched 2018-06-25 12:25:40 -07:00
Paul Banks 420ae3df69 Limit proxy telemetry config to only be visible with authenticated with a proxy token 2018-06-25 12:25:39 -07:00
Paul Banks 597e55e8e2 Misc test fixes 2018-06-25 12:25:39 -07:00
Paul Banks c6ef6a61c9 Refactor to use embedded struct. 2018-06-25 12:25:39 -07:00
Paul Banks 38405bd4a9 Allow user override of proxy telemetry config 2018-06-25 12:25:38 -07:00
Paul Banks 7649d630c6 Basic proxy telemetry working; not sure if it's too ugly; need to instrument things we care about 2018-06-25 12:25:38 -07:00
Paul Banks d83f2e8e21 Expose telemetry config from RuntimeConfig to proxy config endpoint 2018-06-25 12:25:38 -07:00
Paul Banks 43b48bc06b Get agent cache tests passing without global hit count (which is racy). 
Few other fixes in here just to get a clean run locally - they are all also fixed in other PRs but shouldn't conflict.

This should be robust to timing between goroutines now.
 2018-06-25 12:25:37 -07:00
Mitchell Hashimoto a08faf5a11 agent: add additional assertion to test 2018-06-25 12:25:13 -07:00
Paul Banks 2c21ead80e More test tweaks 2018-06-25 12:25:13 -07:00
Mitchell Hashimoto e9e6514c9b agent: disallow deregistering a managed proxy directly 2018-06-25 12:25:12 -07:00
Mitchell Hashimoto 66a573e496 agent: deregister service deregisters the proxy along with it 2018-06-25 12:25:12 -07:00
Mitchell Hashimoto e2653bec02 Fix broken tests from PR merge related to proxy secure defaults 2018-06-25 12:25:12 -07:00
Mitchell Hashimoto 0d6dcbd2f1 agent: disallow API registration with managed proxy if not enabled 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto 927b45bf91 agent/config: move ports to `ports` structure, update docs 2018-06-25 12:24:15 -07:00
Mitchell Hashimoto 1830c6b308 agent: switch ConnectNative to an embedded struct 2018-06-25 12:24:10 -07:00
Paul Banks e21723a891 Persist proxy state through agent restart 2018-06-25 12:24:08 -07:00
Mitchell Hashimoto 424272361d agent: agent service registration supports Connect native services 2018-06-25 12:24:08 -07:00
Mitchell Hashimoto cd39f09693
agent: leaf endpoint accepts name, not service ID 
This change is important so that requests can made representing a
service that may not be registered with the same local agent.
 2018-06-14 09:42:20 -07:00
Paul Banks c58d47ba59
Fix broken api test for service Meta (logical conflict rom OSS). Add test that would make this much easier to catch in future. 2018-06-14 09:42:17 -07:00
Paul Banks 4aeab3897c
Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes. 2018-06-14 09:42:16 -07:00
Paul Banks 1722734313
Verify trust domain on /authorize calls 2018-06-14 09:42:16 -07:00
Paul Banks b4803eca59
Generate CSR using real trust-domain 2018-06-14 09:42:16 -07:00
Mitchell Hashimoto e54e69d11f
agent: verify local proxy tokens for CA leaf + tests 2018-06-14 09:42:14 -07:00
Mitchell Hashimoto a099c27b07
agent: verify proxy token for ProxyConfig endpoint + tests 2018-06-14 09:42:14 -07:00
Mitchell Hashimoto 171bf8d599
agent: clean up defaulting of proxy configuration 
This cleans up and unifies how proxy settings defaults are applied.
 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 3d3eee2f6e
agent: resolve some conflicts and fix tests 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 1a2b28602c
agent: start proxy manager 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 476ea7b04a
agent: start/stop proxies 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto aaa2431350
agent: change connect command paths to be slices, not strings 
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
 2018-06-14 09:42:08 -07:00
Paul Banks e0e12e165b
TLS watching integrated into Service with some basic tests. 
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
 2018-06-14 09:42:07 -07:00
Paul Banks 90c574ebaa
Wire up agent leaf endpoint to cache framework to support blocking. 2018-06-14 09:42:07 -07:00
Paul Banks cd88b2a351
Basic `watch` support for connect proxy config and certificate endpoints. 
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
 - Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
 - Integration into `connect` is partially done here but still WIP
 2018-06-14 09:42:05 -07:00
Mitchell Hashimoto 8c1d5a2cdc
agent: resolve flaky test by checking cache hits increase, rather than 
exact
 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto 051f004683
agent: use helper/retry instead of timing related tests 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto 6c01e402e0
agent: augment /v1/connect/authorize to cache intentions 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto 917a9e63d5
agent: check cache hit count to verify CA root caching, background update 2018-06-14 09:42:00 -07:00
Paul Banks 36dbd878c9
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list. 2018-06-14 09:41:58 -07:00
Paul Banks d73f079d0f
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test. 2018-06-14 09:41:57 -07:00
Paul Banks 2a69663448
Agent Connect Proxy config endpoint with hash-based blocking 2018-06-14 09:41:57 -07:00
Paul Banks 3e3f0e1f31
HTTP agent registration allows proxy to be defined. 2018-06-14 09:41:57 -07:00
Paul Banks 88541bba17
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works. 
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
 2018-06-14 09:41:57 -07:00
Mitchell Hashimoto 95da20ffd7
agent: rename authorize param ClientID to ClientCertURI 2018-06-14 09:41:56 -07:00
Mitchell Hashimoto ac72a0c5fd
agent: ACL checks for authorize, default behavior 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto 86a8ce45b9
agent: /v1/agent/connect/authorize is functional, with tests 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto c2588262b7
agent: /v1/connect/ca/leaf/:service_id 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 571d9aa785
agent: CA root HTTP endpoints 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 22a0eb6c67
agent: commenting some tests 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 6313bc5615
agent: clarified a number of comments per PR feedback 2018-06-14 09:41:49 -07:00