Paul Banks
|
d73f079d0f
|
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test.
|
2018-06-14 09:41:57 -07:00 |
Paul Banks
|
2a69663448
|
Agent Connect Proxy config endpoint with hash-based blocking
|
2018-06-14 09:41:57 -07:00 |
Paul Banks
|
3e3f0e1f31
|
HTTP agent registration allows proxy to be defined.
|
2018-06-14 09:41:57 -07:00 |
Paul Banks
|
e6071051cf
|
Added connect proxy config and local agent state setup on boot.
|
2018-06-14 09:41:57 -07:00 |
Paul Banks
|
88541bba17
|
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works.
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
|
2018-06-14 09:41:57 -07:00 |
Paul Banks
|
ed9f07c361
|
Allow duplicate source or destination, but enforce uniqueness across all four.
|
2018-06-14 09:41:57 -07:00 |
Paul Banks
|
10db79c8ae
|
Rework connect/proxy and command/connect/proxy. End to end demo working again
|
2018-06-14 09:41:57 -07:00 |
Paul Banks
|
aa19be4651
|
Remove old connect client and proxy implementation
|
2018-06-14 09:41:56 -07:00 |
Paul Banks
|
26e65f6bfd
|
connect.Service based implementation after review feedback.
|
2018-06-14 09:41:56 -07:00 |
Paul Banks
|
69d5efdbbd
|
Original proxy and connect.Client implementation. Working end to end.
|
2018-06-14 09:41:56 -07:00 |
Mitchell Hashimoto
|
95da20ffd7
|
agent: rename authorize param ClientID to ClientCertURI
|
2018-06-14 09:41:56 -07:00 |
Mitchell Hashimoto
|
97f5414d94
|
api: rename Authorize field to ClientCertURI
|
2018-06-14 09:41:56 -07:00 |
Mitchell Hashimoto
|
9638466b88
|
api: fix up some comments and rename IssuedCert to LeafCert
|
2018-06-14 09:41:56 -07:00 |
Mitchell Hashimoto
|
4689d8373a
|
api: IntentionMatch
|
2018-06-14 09:41:56 -07:00 |
Mitchell Hashimoto
|
663a12d96b
|
api: starting intention endpoints, reorganize files slightly
|
2018-06-14 09:41:55 -07:00 |
Mitchell Hashimoto
|
263e2c7cf7
|
api: endpoints for working with CA roots, agent authorize, etc.
|
2018-06-14 09:41:55 -07:00 |
Mitchell Hashimoto
|
6e57233913
|
agent: add TODO for verification
|
2018-06-14 09:41:55 -07:00 |
Mitchell Hashimoto
|
5a47a53c70
|
acl: IntentionDefault => IntentionDefaultAllow
|
2018-06-14 09:41:55 -07:00 |
Mitchell Hashimoto
|
ac72a0c5fd
|
agent: ACL checks for authorize, default behavior
|
2018-06-14 09:41:55 -07:00 |
Mitchell Hashimoto
|
6dc2db94ea
|
agent/structs: String format for Intention, used for logging
|
2018-06-14 09:41:55 -07:00 |
Mitchell Hashimoto
|
fb7bccc690
|
agent: bolster commenting for clearer understandability
|
2018-06-14 09:41:55 -07:00 |
Mitchell Hashimoto
|
9a987d6452
|
agent: default deny on connect authorize endpoint
|
2018-06-14 09:41:54 -07:00 |
Mitchell Hashimoto
|
86a8ce45b9
|
agent: /v1/agent/connect/authorize is functional, with tests
|
2018-06-14 09:41:54 -07:00 |
Mitchell Hashimoto
|
3ef0b93159
|
agent/connect: Authorize for CertURI
|
2018-06-14 09:41:54 -07:00 |
Mitchell Hashimoto
|
70d1d5bf06
|
agent: get rid of method checks since they're done in the http layer
|
2018-06-14 09:41:54 -07:00 |
Paul Banks
|
125555e1aa
|
require -> assert until rebase
|
2018-06-14 09:41:54 -07:00 |
Paul Banks
|
9309422fd9
|
Add Connect agent, catalog and health endpoints to api Client
|
2018-06-14 09:41:54 -07:00 |
Mitchell Hashimoto
|
845f7cd8ad
|
agent/consul/state: ensure exactly one active CA exists when setting
|
2018-06-14 09:41:54 -07:00 |
Mitchell Hashimoto
|
ffe4cdfc15
|
agent/connect: support any values in the URL
|
2018-06-14 09:41:54 -07:00 |
Mitchell Hashimoto
|
75bf0e1638
|
agent/connect: support SpiffeIDSigning
|
2018-06-14 09:41:53 -07:00 |
Mitchell Hashimoto
|
17ca8ad083
|
agent/connect: rename SpiffeID to CertURI
|
2018-06-14 09:41:53 -07:00 |
Mitchell Hashimoto
|
0cbcb07d61
|
agent/connect: use proper keyusage fields for CA and leaf
|
2018-06-14 09:41:53 -07:00 |
Mitchell Hashimoto
|
73442ada5a
|
agent/connect: address PR feedback for the CA.go file
|
2018-06-14 09:41:53 -07:00 |
Mitchell Hashimoto
|
d28ee70a56
|
agent: implement an always-200 authorize endpoint
|
2018-06-14 09:41:53 -07:00 |
Mitchell Hashimoto
|
a54d1af421
|
agent/consul: encode issued cert serial number as hex encoded
|
2018-06-14 09:41:53 -07:00 |
Mitchell Hashimoto
|
4210003c86
|
agent/structs: hide some fields from JSON
|
2018-06-14 09:41:52 -07:00 |
Mitchell Hashimoto
|
63d674d07d
|
agent: /v1/connect/ca/configuration PUT for setting configuration
|
2018-06-14 09:41:52 -07:00 |
Mitchell Hashimoto
|
1c3dbc83ff
|
agent/consul/fsm,state: snapshot/restore for CA roots
|
2018-06-14 09:41:52 -07:00 |
Mitchell Hashimoto
|
90f423fd02
|
agent/consul/fsm,state: tests for CA root related changes
|
2018-06-14 09:41:52 -07:00 |
Mitchell Hashimoto
|
1c72639d60
|
agent/consul: set more fields on the issued cert
|
2018-06-14 09:41:52 -07:00 |
Mitchell Hashimoto
|
c2588262b7
|
agent: /v1/connect/ca/leaf/:service_id
|
2018-06-14 09:41:52 -07:00 |
Mitchell Hashimoto
|
571d9aa785
|
agent: CA root HTTP endpoints
|
2018-06-14 09:41:51 -07:00 |
Mitchell Hashimoto
|
e40afd6a73
|
agent/consul: CAS operations for setting the CA root
|
2018-06-14 09:41:51 -07:00 |
Mitchell Hashimoto
|
578db06600
|
agent/consul: tests for CA endpoints
|
2018-06-14 09:41:51 -07:00 |
Mitchell Hashimoto
|
891cd22ad9
|
agent/consul: key the public key of the CSR, verify in test
|
2018-06-14 09:41:51 -07:00 |
Mitchell Hashimoto
|
d768d5e9a7
|
agent/consul: test for ConnectCA.Sign
|
2018-06-14 09:41:51 -07:00 |
Mitchell Hashimoto
|
f4ec28bfe3
|
agent/consul: basic sign endpoint not tested yet
|
2018-06-14 09:41:51 -07:00 |
Mitchell Hashimoto
|
548ce190d5
|
agent/connect: package for agent-related Connect, parse SPIFFE IDs
|
2018-06-14 09:41:50 -07:00 |
Mitchell Hashimoto
|
7349c94c23
|
connect: create connect package for helpers
|
2018-06-14 09:41:50 -07:00 |
Mitchell Hashimoto
|
6d294b6bb4
|
agent/structs: json omit QueryMeta
|
2018-06-14 09:41:50 -07:00 |