Frank Schroeder
5d1546b052
agent: use http.StatusBadRequest instead of 400
2017-08-23 22:36:23 +02:00
Frank Schroeder
14ab5c7641
agent: support go-discover retry-join for wan
2017-08-23 21:23:34 +02:00
Frank Schröder
a3934c263c
acl: consolidate error handling ( #3401 )
...
The error handling of the ACL code relies on the presence of certain
magic error messages. Since the error values are sent via RPC between
older and newer consul agents we cannot just replace the magic values
with typed errors and switch to type checks since this would break
compatibility with older clients.
Therefore, this patch moves all magic ACL error messages into the acl
package and provides default error values and helper functions which
determine the type of error.
2017-08-23 16:52:48 +02:00
Frank Schroeder
16c58da27d
agent: drop unused code
...
This code from http://github.com/hashicorp/consul/pull/3353 is no longer
required.
2017-08-22 00:02:46 +02:00
Frank Schroeder
bf96857b17
dns: replace nameserver lookup with consistent rpc call
...
This patch replaces the code which determines the list of servers in the
current cluster with an RPC call to get the list of active consul
service instances which only run on servers.
This replaces the previous implementation which was more complex and
relied on serf messages which can provide a different view than the
consistent response from the raft log.
As a side effect it makes the implementation independent of the server
and the agent which means it works consistently across both. Different
behavior for server and agent was the root cause for the bug in
http://github.com/hashicorp/consul/issue/3047 .
Fixes #3407
2017-08-22 00:02:46 +02:00
Frank Schroeder
4052c6d2d2
dns: split node lookup from request handling
2017-08-22 00:02:46 +02:00
Frank Schroeder
d4e3d4344a
dns: refactor label by unrolling loop
2017-08-22 00:02:46 +02:00
Frank Schroeder
70be1ab635
dns: move ttl closer to usage
2017-08-22 00:02:46 +02:00
James Phillips
f51d56c80c
Switches to using a read lock for the agent's RPC dispatcher.
...
This prevents RPC calls from getting serialized in this spot.
Fixes #3376
2017-08-09 18:51:55 -07:00
Frank Schröder
4b642fed2f
agent: honor deprecated flags for retry-join-{ec2,azure,gce} ( #3384 )
2017-08-09 16:18:30 -07:00
James Phillips
e8a83bb463
Revert "Return 403 rather than a 404 when acls cause all results to be filter…"
2017-08-09 15:06:57 -07:00
James Phillips
02a87df044
Revert "Ensure that we return a permission denied only if the list of keys/en…"
2017-08-09 15:06:20 -07:00
Preetha Appan
42fb49c00b
Added unit test case to kvs_endpointtest
2017-08-09 15:50:22 -05:00
Preetha Appan
3276891142
Ensure that we return a permission denied only if the list of keys/entries prior to filtering by ACL is non empty
2017-08-09 15:32:18 -05:00
Frank Schroeder
7cff50a4df
agent: move agent/consul/agent to agent/metadata
2017-08-09 14:36:52 +02:00
Frank Schroeder
c395599cea
agent: move agent/consul/servers to agent/router
2017-08-09 14:36:37 +02:00
Frank Schroeder
1acff3533e
agent: move agent/consul/structs to agent/structs
2017-08-09 14:32:12 +02:00
James Phillips
cb618918b3
Cleans up some go fmt issues.
2017-08-08 21:52:50 -07:00
James Phillips
7442039c2d
Fixes a vet error.
2017-08-08 16:00:18 -07:00
Kyle Havlovitz
cf02e3bc22
Merge pull request #3369 from hashicorp/metrics-enhancements
...
Add support for labels/filters from go-metrics
2017-08-08 13:55:30 -07:00
Kyle Havlovitz
c1c883f441
Add doc links for metrics endpoint
2017-08-08 13:05:38 -07:00
Kyle Havlovitz
0428e9fe9e
Update docs for metrics endpoint
2017-08-08 12:33:30 -07:00
Frank Schroeder
9fa237ddb6
dns: minor cleanups
2017-08-08 13:55:58 +02:00
Kyle Havlovitz
d5634fe2a8
Add support for labels/filters from go-metrics
2017-08-08 01:45:10 -07:00
Preetha Appan
72ae8c8f33
Go back to using <nodename>.node.dc.consul as the name of the ns record being returned.
2017-08-07 16:02:33 -05:00
Frank Schroeder
8a9653bdf8
dns: keep NS names in consul domain
2017-08-07 11:11:55 +02:00
Frank Schroeder
f17bf78bb1
dns: postmaster -> hostmaster
2017-08-07 11:11:55 +02:00
Frank Schroeder
60608b455d
dns: we do not support zone transfers
2017-08-07 11:11:55 +02:00
Frank Schroeder
76b2538915
dns: drop CNAME for primary name server
2017-08-07 11:11:55 +02:00
Preetha Appan
7f34dc08a5
Added test case with IPV6 bind address for NS records, rewrote tests to use verify library and other code review feedback
2017-08-07 11:11:55 +02:00
Preetha Appan
76319f751d
Added back glue records in NS response, expanded unit test. Also reused same function used in node lookup for adding A/AAAA records in the extra section of the NS response
2017-08-07 11:11:55 +02:00
Preetha Appan
f01f17bda3
Don't add A records for NS requests, because the record being returned already resolves correctly. Also fixed all the unit tests, and ignored hostnames that don't meet valid dns hostname criteria
2017-08-07 11:11:55 +02:00
Frank Schroeder
7ea11c2f45
dns: provide correct SOA and NS responses
...
This patch changes the behavior of the DNS server as follows:
* The SOA response contains the SOA record in the Answer section instead
of the Authority section. It also contains NS records in the Authority
and the corresponding A glue records in the Extra section.
In addition, CNAMEs are added to the Extra section to make the
MNAME of the SOA record resolvable.
AAAA glue records are not yet supported.
* The NS response returns up to three random servers from the
consul cluster in the Answer section and the glue A
records in the Extra section.
AAAA glue records are not yet supported.
2017-08-07 11:11:55 +02:00
Preetha Appan
824fc4ee20
Unify regex used to identify invalid dns characters
2017-08-07 11:11:55 +02:00
Preetha Appan
37f75a393e
Use sanitized version of node name of server in NS record, and start with "server" rather than "ns"
2017-08-07 11:11:55 +02:00
Preetha Appan
794d1afe44
Removed a copy pasted irrelevant comment, and other code review feedback
2017-08-07 11:11:54 +02:00
Preetha Appan
f9db387097
Add NS records and A records for each server. Constructs ns host names using the advertise address of the server.
2017-08-07 11:11:54 +02:00
James Phillips
4bee2e49f5
Adds secure introduction for the ACL replication token. ( #3357 )
...
Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 15:39:31 -07:00
Frank Schroeder
9ffeba18ee
agent: fix code for updated go-discover signature
...
Closes #3351
2017-08-03 21:32:11 +02:00
James Phillips
c0a5ad7903
Adds a new /v1/acl/bootstrap API ( #3349 )
2017-08-02 17:05:18 -07:00
Miguel Prokop
6852dec3f2
agent: Fix script quoting on windows ( #1875 )
...
This patch fixes the quoting for executing scripts on windows
and splits the platform dependent code.
Fixes #1875
2017-08-02 17:01:21 +02:00
Frank Schroeder
2fac427cd4
agent: use github.com/hashicorp/go-discover
...
Replace the provider specific node discovery code
with go-discover to support AWS, Azure and GCE.
Fixes #3282
2017-08-01 11:41:43 +02:00
Preetha Appan
4076c0d741
Return nil instead of empty list when returning a PermissionDenied error, updated unit test
2017-07-31 17:23:20 -05:00
Preetha Appan
6336014a86
Return 403 rather than a 404 when acls cause all results to be filtered out. This fixes #2637
2017-07-31 13:50:29 -05:00
preetapan
0f494d8b86
Merge pull request #3332 from hashicorp/issue_3322
...
This fixes #3322
2017-07-28 17:54:30 -05:00
Preetha Appan
2d84cd2330
Tweaked parsing error message to quote properly
2017-07-28 17:52:35 -05:00
James Phillips
10b660d77a
Adds missing autopilot snapshot test and avoids snapshotting nil. ( #3333 )
2017-07-28 15:48:42 -07:00
Preetha Appan
5aeab1463b
Validate unix sockets and ip addresses as needed, more test cases
2017-07-28 17:18:10 -05:00
Preetha Appan
4cec55e8db
Modify ResolveTmplAddrs to parse advertise IPs, added test cases that fail to parse correctly
2017-07-28 15:01:32 -05:00
Preetha Appan
13c118ea51
Removed extra newlines
2017-07-28 10:51:11 -05:00