Paul Banks
|
e00ca9a7b7
|
Connect verification and AuthZ
|
2018-06-14 09:42:05 -07:00 |
Kyle Havlovitz
|
daa8dd1779
|
Add CA config to connect section of agent config
|
2018-06-14 09:42:05 -07:00 |
Kyle Havlovitz
|
32d1eae28b
|
Move ConsulCAProviderConfig into structs package
|
2018-06-14 09:42:04 -07:00 |
Kyle Havlovitz
|
315b8bf594
|
Simplify the CAProvider.Sign method
|
2018-06-14 09:42:04 -07:00 |
Kyle Havlovitz
|
c6e1b72ccb
|
Simplify the CA provider interface by moving some logic out
|
2018-06-14 09:42:04 -07:00 |
Kyle Havlovitz
|
a325388939
|
Clarify some comments and names around CA bootstrapping
|
2018-06-14 09:42:04 -07:00 |
Paul Banks
|
18a34c6836
|
Fix racy connect network tests that always fail in Docker due to listen races
|
2018-06-14 09:42:04 -07:00 |
Mitchell Hashimoto
|
8c1d5a2cdc
|
agent: resolve flaky test by checking cache hits increase, rather than
exact
|
2018-06-14 09:42:04 -07:00 |
Mitchell Hashimoto
|
051f004683
|
agent: use helper/retry instead of timing related tests
|
2018-06-14 09:42:04 -07:00 |
Mitchell Hashimoto
|
bd3b8e042a
|
agent/cache: address PR feedback, lots of typos
|
2018-06-14 09:42:03 -07:00 |
Mitchell Hashimoto
|
02b20a0353
|
agent/cache: address feedback, clarify comments
|
2018-06-14 09:42:03 -07:00 |
Mitchell Hashimoto
|
af1d70b026
|
agent/cache: don't every block on NotifyCh
|
2018-06-14 09:42:03 -07:00 |
Mitchell Hashimoto
|
724b829104
|
agent/cache: unit tests for ExpiryHeap, found a bug!
|
2018-06-14 09:42:03 -07:00 |
Mitchell Hashimoto
|
194b256861
|
agent/cache: send the total entries count on eviction to go-metrics
|
2018-06-14 09:42:03 -07:00 |
Mitchell Hashimoto
|
e0d964188c
|
agent/cache: make edge case with prev/next idx == 0 handled better
|
2018-06-14 09:42:03 -07:00 |
Mitchell Hashimoto
|
3b550d2b72
|
agent/cache: rework how expiry data is stored to be more efficient
|
2018-06-14 09:42:03 -07:00 |
Mitchell Hashimoto
|
595193a781
|
agent/cache: initial TTL work
|
2018-06-14 09:42:02 -07:00 |
Mitchell Hashimoto
|
1df99514ca
|
agent/cache: send the RefreshTimeout into the backend fetch
|
2018-06-14 09:42:02 -07:00 |
Mitchell Hashimoto
|
db4c47df27
|
agent/cache: on error, return from Get immediately, don't block forever
|
2018-06-14 09:42:02 -07:00 |
Mitchell Hashimoto
|
ecb05cc957
|
Add Makefile hack for tests to run
|
2018-06-14 09:42:02 -07:00 |
Mitchell Hashimoto
|
cc2c98f961
|
agent/cache: lots of comment/doc updates
|
2018-06-14 09:42:02 -07:00 |
Mitchell Hashimoto
|
6c01e402e0
|
agent: augment /v1/connect/authorize to cache intentions
|
2018-06-14 09:42:02 -07:00 |
Mitchell Hashimoto
|
0f3f3d13ca
|
agent/cache-types: support intention match queries
|
2018-06-14 09:42:02 -07:00 |
Mitchell Hashimoto
|
e1c1b8812a
|
agent/cache: return the error as part of Get
|
2018-06-14 09:42:01 -07:00 |
Mitchell Hashimoto
|
00e7ab3cd5
|
agent/cache: integrate go-metrics so the cache is debuggable
|
2018-06-14 09:42:01 -07:00 |
Mitchell Hashimoto
|
9f3dbf7b2a
|
agent/structs: DCSpecificRequest sets all the proper fields for
CacheInfo
|
2018-06-14 09:42:01 -07:00 |
Mitchell Hashimoto
|
be873d2558
|
agent/cache-types/ca-leaf: proper result for timeout, race on setting CA
|
2018-06-14 09:42:01 -07:00 |
Mitchell Hashimoto
|
fcb15e15ae
|
agent/cache: support timeouts for cache reads and empty fetch results
|
2018-06-14 09:42:01 -07:00 |
Mitchell Hashimoto
|
e81942df7a
|
agent/cache-types: rename to separate root and leaf cache types
|
2018-06-14 09:42:01 -07:00 |
Mitchell Hashimoto
|
8e7c517db1
|
agent/cache-types: got basic CA leaf caching work, major problems still
|
2018-06-14 09:42:01 -07:00 |
Mitchell Hashimoto
|
917a9e63d5
|
agent: check cache hit count to verify CA root caching, background update
|
2018-06-14 09:42:00 -07:00 |
Mitchell Hashimoto
|
6902d721d6
|
agent: initialize the cache and cache the CA roots
|
2018-06-14 09:42:00 -07:00 |
Mitchell Hashimoto
|
c329b4cb34
|
agent/cache: partition by DC/ACL token
|
2018-06-14 09:42:00 -07:00 |
Mitchell Hashimoto
|
e3c1162881
|
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning
|
2018-06-14 09:42:00 -07:00 |
Mitchell Hashimoto
|
b0db5657c4
|
agent/cache: ConnectCA roots caching type
|
2018-06-14 09:42:00 -07:00 |
Mitchell Hashimoto
|
975be337a9
|
agent/cache: blank cache key means to always fetch
|
2018-06-14 09:42:00 -07:00 |
Mitchell Hashimoto
|
1cfb0f1922
|
agent/cache: initial kind-of working cache
|
2018-06-14 09:42:00 -07:00 |
Kyle Havlovitz
|
33418afd3c
|
Add cross-signing mechanism to root rotation
|
2018-06-14 09:42:00 -07:00 |
Kyle Havlovitz
|
d83fbfc766
|
Add the root rotation mechanism to the CA config endpoint
|
2018-06-14 09:41:59 -07:00 |
Kyle Havlovitz
|
f9d92d795e
|
Have the built in CA store its state in raft
|
2018-06-14 09:41:59 -07:00 |
Kyle Havlovitz
|
30c1973e8b
|
Fix the testing endpoint's root set op
|
2018-06-14 09:41:59 -07:00 |
Kyle Havlovitz
|
75f62e3117
|
Update the CA config endpoint to enable GETs
|
2018-06-14 09:41:59 -07:00 |
Kyle Havlovitz
|
ab737ef0f8
|
Hook the CA RPC endpoint into the provider interface
|
2018-06-14 09:41:59 -07:00 |
Kyle Havlovitz
|
1f6501895f
|
Add CA bootstrapping on establishing leadership
|
2018-06-14 09:41:59 -07:00 |
Kyle Havlovitz
|
682f105c7c
|
Add the bootstrap config for the CA
|
2018-06-14 09:41:59 -07:00 |
Kyle Havlovitz
|
9fc33d2a62
|
Add the CA provider interface and built-in provider
|
2018-06-14 09:41:58 -07:00 |
Kyle Havlovitz
|
1787f88618
|
Add CA config set to fsm operations
|
2018-06-14 09:41:58 -07:00 |
Kyle Havlovitz
|
6b3416e480
|
Add the Connect CA config to the state store
|
2018-06-14 09:41:58 -07:00 |
Paul Banks
|
36dbd878c9
|
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
|
2018-06-14 09:41:58 -07:00 |
Paul Banks
|
662e57d91b
|
Make test output more useful now we uses testify with multi-line error messages
|
2018-06-14 09:41:58 -07:00 |