Commit Graph

8352 Commits

Author SHA1 Message Date
Jack Pearkes 315cc04536 website: fix a TODO in a page description 2018-06-25 12:26:11 -07:00
Jack Pearkes 36e1dd6ffd website: note windows support 2018-06-25 12:26:10 -07:00
Matt Keeler 98e98fa815 Remove build tags from vendored vault file to allow for this to merge properly into enterprise 2018-06-25 12:26:10 -07:00
Matt Keeler 677d6dac80 Remove x509 name constraints
These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.
2018-06-25 12:26:10 -07:00
Matt Keeler 163fe11101 Make sure we omit the Kind value in JSON if empty 2018-06-25 12:26:10 -07:00
Matt Keeler 01f82717b4 Vendor the vault api 2018-06-25 12:26:10 -07:00
Kyle Havlovitz 0b5d7277f9 website: fix example config in vault CA docs 2018-06-25 12:26:09 -07:00
Jack Pearkes e4f5753e06 bump to beta4 2018-06-25 12:26:01 -07:00
Mitchell Hashimoto 4acbe3fdf0 website: add vs. Envoy page 2018-06-25 12:25:43 -07:00
Mitchell Hashimoto e6e984a813 website: address Armon's feedback 2018-06-25 12:25:43 -07:00
Mitchell Hashimoto 834137fe55 website: remove redundant "as well" 2018-06-25 12:25:43 -07:00
Mitchell Hashimoto 7ad6f7b758 website: address pearkes feedback 2018-06-25 12:25:43 -07:00
Mitchell Hashimoto ec1322a95d website: address feedback 2018-06-25 12:25:43 -07:00
Mitchell Hashimoto 68826b2b76 website: istio vs. and nomad platform guide 2018-06-25 12:25:43 -07:00
Jack Pearkes 105c4763dc update UI to latest 2018-06-25 12:25:42 -07:00
Kyle Havlovitz 3baa67cdef connect/ca: pull the cluster ID from config during a rotation 2018-06-25 12:25:42 -07:00
Kyle Havlovitz 8c2c9705d9 connect/ca: use weak type decoding in the Vault config parsing 2018-06-25 12:25:42 -07:00
Kyle Havlovitz b4ef7bb64d connect/ca: leave blank root key/cert out of the default config (unnecessary) 2018-06-25 12:25:42 -07:00
Kyle Havlovitz 8e028b7dc6 website: add Vault CA provider doc sections 2018-06-25 12:25:42 -07:00
Kyle Havlovitz 050da22473 connect/ca: undo the interface changes and use sign-self-issued in Vault 2018-06-25 12:25:42 -07:00
Kyle Havlovitz 914d9e5e20 connect/ca: add leaf verify check to cross-signing tests 2018-06-25 12:25:41 -07:00
Kyle Havlovitz bc997688e3 connect/ca: update Consul provider to use new cross-sign CSR method 2018-06-25 12:25:41 -07:00
Kyle Havlovitz 8a70ea64a6 connect/ca: update Vault provider to add cross-signing methods 2018-06-25 12:25:41 -07:00
Kyle Havlovitz 6a2fc00997 connect/ca: add URI SAN support to the Vault provider 2018-06-25 12:25:41 -07:00
Kyle Havlovitz 226a59215d connect/ca: fix vault provider URI SANs and test 2018-06-25 12:25:41 -07:00
Kyle Havlovitz 1a8ac686b2 connect/ca: add the Vault CA provider 2018-06-25 12:25:41 -07:00
Paul Banks 51fc48e8a6 Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift 2018-06-25 12:25:41 -07:00
Paul Banks e33bfe249e Note leadership issues in comments 2018-06-25 12:25:41 -07:00
Paul Banks b5f24a21cb Fix test broken by final telemetry PR change! 2018-06-25 12:25:40 -07:00
Paul Banks e514570dfa Actually return Intermediate certificates bundled with a leaf! 2018-06-25 12:25:40 -07:00
John Cowen 9f8b87cdda Check for NOT connect-proxy 2018-06-25 12:25:40 -07:00
John Cowen cc3d578271 Filter Source and Destination menus by Kind 2018-06-25 12:25:40 -07:00
Matt Keeler e22b9c8e15 Output the service Kind in the /v1/internal/ui/services endpoint 2018-06-25 12:25:40 -07:00
Paul Banks 3a6024e1b0 Fix merge error 2018-06-25 12:25:40 -07:00
Paul Banks 17789d4fe3 register TCP check for managed proxies 2018-06-25 12:25:40 -07:00
Paul Banks 280f14d64c Make proxy only listen after initial certs are fetched 2018-06-25 12:25:40 -07:00
John Cowen d61a09ea28 Fix linting typo, caused the selection of future services to break 2018-06-25 12:25:40 -07:00
Paul Banks b562b9f66a Add proxy telemetry to docs 2018-06-25 12:25:39 -07:00
Paul Banks 420ae3df69 Limit proxy telemetry config to only be visible with authenticated with a proxy token 2018-06-25 12:25:39 -07:00
Paul Banks 597e55e8e2 Misc test fixes 2018-06-25 12:25:39 -07:00
Paul Banks c6ef6a61c9 Refactor to use embedded struct. 2018-06-25 12:25:39 -07:00
Paul Banks 2f8c1d2059 Remove go-diff vendor as assert.JSONEq output is way better for our case 2018-06-25 12:25:39 -07:00
Paul Banks 9f559da913 Revert telemetry config changes ready for cleaner approach 2018-06-25 12:25:39 -07:00
Paul Banks 32f362bad9 StartupTelemetry => InitTelemetry 2018-06-25 12:25:39 -07:00
Paul Banks 38405bd4a9 Allow user override of proxy telemetry config 2018-06-25 12:25:38 -07:00
Paul Banks 96c416012e Misc rebase and test fixes 2018-06-25 12:25:38 -07:00
Paul Banks dc260f42fa Basic proxy active conns and bandwidth telemetry 2018-06-25 12:25:38 -07:00
Paul Banks c08b6f6fec Add accessor and helpers to SDK for fetching self-name and client service ID 2018-06-25 12:25:38 -07:00
Paul Banks 7649d630c6 Basic proxy telemetry working; not sure if it's too ugly; need to instrument things we care about 2018-06-25 12:25:38 -07:00
Paul Banks a7038454fd WIP 2018-06-25 12:25:38 -07:00