Kyle Havlovitz
d6ca015a42
connect/ca: add configurable leaf cert TTL
2018-07-16 13:33:37 -07:00
Mitchell Hashimoto
5bc27feb0b
agent/structs: check is alias if node is empty
2018-07-12 09:36:11 -07:00
Mitchell Hashimoto
f0658a0ede
agent/config: support configuring alias check
2018-07-12 09:36:10 -07:00
Kyle Havlovitz
4e5fb6bc19
connect: add provider state to snapshots
2018-07-11 11:34:49 -07:00
Kyle Havlovitz
401b206a2e
Store the time CARoot is rotated out instead of when to prune
2018-07-06 16:05:25 -07:00
Kyle Havlovitz
1492243e0a
connect/ca: add logic for pruning old stale RootCA entries
2018-07-02 10:35:05 -07:00
Matt Keeler
163fe11101
Make sure we omit the Kind value in JSON if empty
2018-06-25 12:26:10 -07:00
Kyle Havlovitz
1a8ac686b2
connect/ca: add the Vault CA provider
2018-06-25 12:25:41 -07:00
Mitchell Hashimoto
7cbbac43a3
agent: clarify comment
2018-06-25 12:25:14 -07:00
Paul Banks
2c21ead80e
More test tweaks
2018-06-25 12:25:13 -07:00
Paul Banks
4a54f8f7e3
Fix some tests failures caused by the sorting change and some cuased by previous UpdatePrecedence() change
2018-06-25 12:25:13 -07:00
Mitchell Hashimoto
3c17144fb5
agent/structs: JSON marshal the configuration for a managed proxy
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
028aa78e83
agent/consul: set precedence value on struct itself
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
daf46c9cfa
agent/consul: support a Connect option on prepared query request
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
440b1b2d97
agent/consul: prepared query supports "Connect" field
2018-06-25 12:24:11 -07:00
Mitchell Hashimoto
1830c6b308
agent: switch ConnectNative to an embedded struct
2018-06-25 12:24:10 -07:00
Mitchell Hashimoto
eb3fcb39b3
agent/consul/state: support querying by Connect native
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
424272361d
agent: agent service registration supports Connect native services
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
d6a823ad0d
agent/consul: support catalog registration with Connect native
2018-06-25 12:24:07 -07:00
Mitchell Hashimoto
0accfc1628
agent: rename test to check
2018-06-14 09:42:18 -07:00
Mitchell Hashimoto
d68462fca6
agent/consul: implement Intention.Test endpoint
2018-06-14 09:42:17 -07:00
Paul Banks
c1f2025d96
Return TrustDomain from CARoots RPC
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
6e9f1f8acb
Add more metadata to structs.CARoot
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
627aa80d5a
Use provider state table for a global serial index
2018-06-14 09:42:15 -07:00
Mitchell Hashimoto
965a902474
agent/structs: validate service definitions, port required for proxy
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
171bf8d599
agent: clean up defaulting of proxy configuration
...
This cleans up and unifies how proxy settings defaults are applied.
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
1a2b28602c
agent: start proxy manager
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
fcd2ab2338
agent/proxy: manager and basic tests, not great coverage yet coming soon
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
476ea7b04a
agent: start/stop proxies
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
aaa2431350
agent: change connect command paths to be slices, not strings
...
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
Paul Banks
e0e12e165b
TLS watching integrated into Service with some basic tests.
...
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
Kyle Havlovitz
edcfdb37af
Fix some inconsistencies around the CA provider code
2018-06-14 09:42:06 -07:00
Paul Banks
cd88b2a351
Basic `watch` support for connect proxy config and certificate endpoints.
...
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
- Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
- Integration into `connect` is partially done here but still WIP
2018-06-14 09:42:05 -07:00
Kyle Havlovitz
32d1eae28b
Move ConsulCAProviderConfig into structs package
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
c6e1b72ccb
Simplify the CA provider interface by moving some logic out
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
a325388939
Clarify some comments and names around CA bootstrapping
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
bd3b8e042a
agent/cache: address PR feedback, lots of typos
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
0f3f3d13ca
agent/cache-types: support intention match queries
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
9f3dbf7b2a
agent/structs: DCSpecificRequest sets all the proper fields for
...
CacheInfo
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
e3c1162881
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
b0db5657c4
agent/cache: ConnectCA roots caching type
2018-06-14 09:42:00 -07:00
Kyle Havlovitz
33418afd3c
Add cross-signing mechanism to root rotation
2018-06-14 09:42:00 -07:00
Kyle Havlovitz
d83fbfc766
Add the root rotation mechanism to the CA config endpoint
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
f9d92d795e
Have the built in CA store its state in raft
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
ab737ef0f8
Hook the CA RPC endpoint into the provider interface
2018-06-14 09:41:59 -07:00
Paul Banks
36dbd878c9
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
2018-06-14 09:41:58 -07:00
Paul Banks
2a69663448
Agent Connect Proxy config endpoint with hash-based blocking
2018-06-14 09:41:57 -07:00
Paul Banks
3e3f0e1f31
HTTP agent registration allows proxy to be defined.
2018-06-14 09:41:57 -07:00
Paul Banks
e6071051cf
Added connect proxy config and local agent state setup on boot.
2018-06-14 09:41:57 -07:00
Paul Banks
ed9f07c361
Allow duplicate source or destination, but enforce uniqueness across all four.
2018-06-14 09:41:57 -07:00
Mitchell Hashimoto
95da20ffd7
agent: rename authorize param ClientID to ClientCertURI
2018-06-14 09:41:56 -07:00
Mitchell Hashimoto
6dc2db94ea
agent/structs: String format for Intention, used for logging
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
86a8ce45b9
agent: /v1/agent/connect/authorize is functional, with tests
2018-06-14 09:41:54 -07:00
Paul Banks
9309422fd9
Add Connect agent, catalog and health endpoints to api Client
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
a54d1af421
agent/consul: encode issued cert serial number as hex encoded
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
4210003c86
agent/structs: hide some fields from JSON
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
63d674d07d
agent: /v1/connect/ca/configuration PUT for setting configuration
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
c2588262b7
agent: /v1/connect/ca/leaf/:service_id
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
e40afd6a73
agent/consul: CAS operations for setting the CA root
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
891cd22ad9
agent/consul: key the public key of the CSR, verify in test
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
d768d5e9a7
agent/consul: test for ConnectCA.Sign
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
f4ec28bfe3
agent/consul: basic sign endpoint not tested yet
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
6d294b6bb4
agent/structs: json omit QueryMeta
2018-06-14 09:41:50 -07:00
Mitchell Hashimoto
130098b7b5
agent/consul/state: CARoot structs and initial state store
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
6313bc5615
agent: clarified a number of comments per PR feedback
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
3b07686648
agent: remove ConnectProxyServiceName
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
2feef5f7a3
agent/consul: require name for proxies
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
125fb96ff1
agent/structs: tests for PartialClone and IsSame for proxy fields
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
9781cb1ace
agent/local: anti-entropy for connect proxy services
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
e01914a025
agent/consul: Catalog.ServiceNodes supports Connect filtering
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
0c0c0a58e7
agent/consul: proxy registration and tests
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
6e257ea51c
agent: /v1/catalog/service/:service works with proxies
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
21c6fc623a
agent/consul/state: service registration with proxy works
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
9dc8aa0fb3
agent/consul,structs: add tests for ACL filter and prefix for intentions
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
a67ff1c0dc
agent/consul: Basic ACL on Intention.Apply
2018-06-14 09:41:44 -07:00
Mitchell Hashimoto
0719ff6905
agent: convert all intention tests to testify/assert
2018-06-14 09:41:44 -07:00
Mitchell Hashimoto
70858598e4
agent: use testing intention to get valid intentions
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
ab4ea3efb4
agent/consul: set default intention SourceType, validate it
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
d92993f75b
agent/structs: Intention validation
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
82a50245e0
agent/consul: support intention description, meta is non-nil
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
a9743f4f15
agent,agent/consul: set default namespaces
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
93de03fe8b
agent/consul: RPC endpoint for Intention.Match
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
377479c01a
agent/structs: IntentionPrecedenceSorter for sorting based on precedence
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
274bfdd864
agent: POST /v1/connect/intentions
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
e8c4156f07
agent/consul: Intention.Get endpoint
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
9e307e178e
agent/consul: Intention.Apply, FSM methods, very little validation
2018-06-14 09:41:39 -07:00
Mitchell Hashimoto
212a272989
agent/consul: start Intention RPC endpoints, starting with List
2018-06-14 09:41:39 -07:00
Mitchell Hashimoto
cc8a6f7f15
agent/consul/state: initial work on intentions memdb table
2018-06-14 09:41:39 -07:00
Wim
5c04864b28
Add support for reverse lookup of services
2018-05-19 19:39:02 +02:00
Kyle Havlovitz
b73323aa42
Remove the script field from checks in favor of args
2018-05-08 15:31:53 -07:00
Matt Keeler
d926679278
Merge pull request #4023 from hashicorp/f-near-ip
...
Add near=_ip support for prepared queries
2018-04-12 12:10:48 -04:00
Matt Keeler
45a537def9
GH-3798: Add near=_ip support for prepared queries
2018-04-10 14:50:50 -04:00
Paul Banks
0d8993e338
Allow ignoring checks by ID when defining a PreparedQuery. Fixes #3727 .
2018-04-10 14:04:16 +01:00
Preetha
a67d27c756
Adds discovery_max_stale ( #4004 )
...
Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 10:14:44 -05:00
Preetha Appan
c7581d68c6
Renames agent API layer for service metadata to "meta" for consistency
2018-03-28 09:04:50 -05:00
Pierre Souchay
b259b1609c
Merge remote-tracking branch 'origin/master' into service_metadata
2018-02-11 13:20:49 +01:00
Pierre Souchay
66fdf445e8
Added unit tests for structs and fixed PartialClone()
2018-02-09 01:37:45 +01:00
James Phillips
c2a59f1e6c
Addresses additional state mutations.
...
Did a sweep of 84d6ac2d51
and checked them all.
2018-02-07 07:02:10 -08:00
Pierre Souchay
80dde5465b
Added support for Service Metadata
2018-02-07 01:54:42 +01:00
James Phillips
5f31c8d8d3
Changes "TLS" to "GRPCUseTLS" since it only applies to GRPC checks.
2018-02-02 17:29:34 -08:00