Mitchell Hashimoto
e2653bec02
Fix broken tests from PR merge related to proxy secure defaults
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
0d6dcbd2f1
agent: disallow API registration with managed proxy if not enabled
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
927b45bf91
agent/config: move ports to `ports` structure, update docs
2018-06-25 12:24:15 -07:00
Mitchell Hashimoto
1830c6b308
agent: switch ConnectNative to an embedded struct
2018-06-25 12:24:10 -07:00
Paul Banks
e21723a891
Persist proxy state through agent restart
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
424272361d
agent: agent service registration supports Connect native services
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
cd39f09693
agent: leaf endpoint accepts name, not service ID
...
This change is important so that requests can made representing a
service that may not be registered with the same local agent.
2018-06-14 09:42:20 -07:00
Paul Banks
c58d47ba59
Fix broken api test for service Meta (logical conflict rom OSS). Add test that would make this much easier to catch in future.
2018-06-14 09:42:17 -07:00
Paul Banks
4aeab3897c
Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes.
2018-06-14 09:42:16 -07:00
Paul Banks
1722734313
Verify trust domain on /authorize calls
2018-06-14 09:42:16 -07:00
Paul Banks
b4803eca59
Generate CSR using real trust-domain
2018-06-14 09:42:16 -07:00
Mitchell Hashimoto
e54e69d11f
agent: verify local proxy tokens for CA leaf + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
a099c27b07
agent: verify proxy token for ProxyConfig endpoint + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
171bf8d599
agent: clean up defaulting of proxy configuration
...
This cleans up and unifies how proxy settings defaults are applied.
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
3d3eee2f6e
agent: resolve some conflicts and fix tests
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
1a2b28602c
agent: start proxy manager
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
476ea7b04a
agent: start/stop proxies
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
aaa2431350
agent: change connect command paths to be slices, not strings
...
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
Paul Banks
e0e12e165b
TLS watching integrated into Service with some basic tests.
...
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
Paul Banks
90c574ebaa
Wire up agent leaf endpoint to cache framework to support blocking.
2018-06-14 09:42:07 -07:00
Paul Banks
cd88b2a351
Basic `watch` support for connect proxy config and certificate endpoints.
...
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
- Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
- Integration into `connect` is partially done here but still WIP
2018-06-14 09:42:05 -07:00
Mitchell Hashimoto
8c1d5a2cdc
agent: resolve flaky test by checking cache hits increase, rather than
...
exact
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
051f004683
agent: use helper/retry instead of timing related tests
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
6c01e402e0
agent: augment /v1/connect/authorize to cache intentions
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
917a9e63d5
agent: check cache hit count to verify CA root caching, background update
2018-06-14 09:42:00 -07:00
Paul Banks
36dbd878c9
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
2018-06-14 09:41:58 -07:00
Paul Banks
d73f079d0f
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test.
2018-06-14 09:41:57 -07:00
Paul Banks
2a69663448
Agent Connect Proxy config endpoint with hash-based blocking
2018-06-14 09:41:57 -07:00
Paul Banks
3e3f0e1f31
HTTP agent registration allows proxy to be defined.
2018-06-14 09:41:57 -07:00
Paul Banks
88541bba17
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works.
...
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
2018-06-14 09:41:57 -07:00
Mitchell Hashimoto
95da20ffd7
agent: rename authorize param ClientID to ClientCertURI
2018-06-14 09:41:56 -07:00
Mitchell Hashimoto
ac72a0c5fd
agent: ACL checks for authorize, default behavior
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
86a8ce45b9
agent: /v1/agent/connect/authorize is functional, with tests
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
c2588262b7
agent: /v1/connect/ca/leaf/:service_id
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
571d9aa785
agent: CA root HTTP endpoints
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
22a0eb6c67
agent: commenting some tests
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
6313bc5615
agent: clarified a number of comments per PR feedback
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
3b07686648
agent: remove ConnectProxyServiceName
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
714026dfb7
agent: validate service entry on register
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
9781cb1ace
agent/local: anti-entropy for connect proxy services
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
68107e9767
agent: /v1/agent/services test with connect proxies (works w/ no change)
2018-06-14 09:41:46 -07:00
Kyle Havlovitz
b73323aa42
Remove the script field from checks in favor of args
2018-05-08 15:31:53 -07:00
Pierre Souchay
c152cb7bdf
Added Missing Service Meta synchronization and field
2018-04-21 17:34:29 +02:00
Josh Soref
94835a2715
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
James Phillips
29367cd5ae
Moves ACL disabled response logic down into endpoints.
...
This lets us make the registration of endpoints less fancy, on the
road to adding a registration mechanism.
2017-11-29 18:36:52 -08:00
James Phillips
aa199ab6ba
Makes the metrics ACL test call the right endpoint.
...
This also required setting up a proper in-mem sink so we don't get
metrics-related errors.
Fixes #3655
2017-11-06 21:50:04 -08:00
Frank Schroeder
8f145559d8
Decouple the code that executes checks from the agent
2017-10-25 11:18:07 +02:00
Frank Schroeder
de57b16d99
local state: address review comments
...
* move non-blocking notification mechanism into ae.Trigger
* move Pause/Resume into separate type
2017-10-23 10:56:04 +02:00
Frank Schroeder
b803bf3091
local state: tests compile
2017-10-23 10:56:03 +02:00
Frank Schroeder
9ed4b2d631
Revert "local state: tests compile"
...
This reverts commit 1af52bf7be
.
2017-10-23 10:08:34 +02:00