8110 Commits

Author SHA1 Message Date
Kyle Havlovitz
cce7f1cca1
Add tests for the built in CA's state store table 2018-06-14 09:42:06 -07:00
Kyle Havlovitz
15fbc2fd97
Add more tests for built-in provider 2018-06-14 09:42:06 -07:00
Kyle Havlovitz
edcfdb37af
Fix some inconsistencies around the CA provider code 2018-06-14 09:42:06 -07:00
Paul Banks
1b197d934a
Don't allow connect watches in agent/cli yet 2018-06-14 09:42:06 -07:00
Paul Banks
946e872f2f
Fix tests and listeners to work with Config changes (splitting host and port fields) 2018-06-14 09:42:05 -07:00
Paul Banks
e8c510332c
Support legacy watch.HandlerFunc type for backward compat reduces impact of change 2018-06-14 09:42:05 -07:00
Paul Banks
ab3df3d4a6
Working proxy config reload tests 2018-06-14 09:42:05 -07:00
Paul Banks
cd88b2a351
Basic watch support for connect proxy config and certificate endpoints.
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
 - Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
 - Integration into `connect` is partially done here but still WIP
2018-06-14 09:42:05 -07:00
Paul Banks
5310561c11
Refactor reloadableTLSConfig and verifyier shenanigans into simpler dynamicTLSConfig 2018-06-14 09:42:05 -07:00
Paul Banks
e00ca9a7b7
Connect verification and AuthZ 2018-06-14 09:42:05 -07:00
Kyle Havlovitz
daa8dd1779
Add CA config to connect section of agent config 2018-06-14 09:42:05 -07:00
Kyle Havlovitz
32d1eae28b
Move ConsulCAProviderConfig into structs package 2018-06-14 09:42:04 -07:00
Kyle Havlovitz
315b8bf594
Simplify the CAProvider.Sign method 2018-06-14 09:42:04 -07:00
Kyle Havlovitz
c6e1b72ccb
Simplify the CA provider interface by moving some logic out 2018-06-14 09:42:04 -07:00
Kyle Havlovitz
a325388939
Clarify some comments and names around CA bootstrapping 2018-06-14 09:42:04 -07:00
Paul Banks
18a34c6836
Fix racy connect network tests that always fail in Docker due to listen races 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
8c1d5a2cdc
agent: resolve flaky test by checking cache hits increase, rather than
exact
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
051f004683
agent: use helper/retry instead of timing related tests 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
bd3b8e042a
agent/cache: address PR feedback, lots of typos 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
02b20a0353
agent/cache: address feedback, clarify comments 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
af1d70b026
agent/cache: don't every block on NotifyCh 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
724b829104
agent/cache: unit tests for ExpiryHeap, found a bug! 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
194b256861
agent/cache: send the total entries count on eviction to go-metrics 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
e0d964188c
agent/cache: make edge case with prev/next idx == 0 handled better 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
3b550d2b72
agent/cache: rework how expiry data is stored to be more efficient 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
595193a781
agent/cache: initial TTL work 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
1df99514ca
agent/cache: send the RefreshTimeout into the backend fetch 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
db4c47df27
agent/cache: on error, return from Get immediately, don't block forever 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
ecb05cc957
Add Makefile hack for tests to run 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
cc2c98f961
agent/cache: lots of comment/doc updates 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
6c01e402e0
agent: augment /v1/connect/authorize to cache intentions 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
0f3f3d13ca
agent/cache-types: support intention match queries 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
e1c1b8812a
agent/cache: return the error as part of Get 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
00e7ab3cd5
agent/cache: integrate go-metrics so the cache is debuggable 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
9f3dbf7b2a
agent/structs: DCSpecificRequest sets all the proper fields for
CacheInfo
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
be873d2558
agent/cache-types/ca-leaf: proper result for timeout, race on setting CA 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
fcb15e15ae
agent/cache: support timeouts for cache reads and empty fetch results 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
e81942df7a
agent/cache-types: rename to separate root and leaf cache types 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
8e7c517db1
agent/cache-types: got basic CA leaf caching work, major problems still 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
917a9e63d5
agent: check cache hit count to verify CA root caching, background update 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
6902d721d6
agent: initialize the cache and cache the CA roots 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
c329b4cb34
agent/cache: partition by DC/ACL token 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
e3c1162881
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
b0db5657c4
agent/cache: ConnectCA roots caching type 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
975be337a9
agent/cache: blank cache key means to always fetch 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
1cfb0f1922
agent/cache: initial kind-of working cache 2018-06-14 09:42:00 -07:00
Kyle Havlovitz
33418afd3c
Add cross-signing mechanism to root rotation 2018-06-14 09:42:00 -07:00
Kyle Havlovitz
d83fbfc766
Add the root rotation mechanism to the CA config endpoint 2018-06-14 09:41:59 -07:00
Kyle Havlovitz
f9d92d795e
Have the built in CA store its state in raft 2018-06-14 09:41:59 -07:00
Kyle Havlovitz
30c1973e8b
Fix the testing endpoint's root set op 2018-06-14 09:41:59 -07:00