Mitchell Hashimoto
7f83ae1faf
website: document proxy security settings
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
0d6dcbd2f1
agent: disallow API registration with managed proxy if not enabled
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
f7fc026e18
agent/config: AllowManagedAPIRegistration
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
ed98d65c2b
agent/proxy: AllowRoot to disable executing managed proxies when root
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
5ae32837f7
agent/proxy: set the proper arguments so we only run the helper process
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
4897ca6545
agent/config: add AllowManagedRoot
2018-06-25 12:25:11 -07:00
Kyle Havlovitz
82a4b3c13f
connect: fix two CA tests that were broken in a previous PR ( #60 )
2018-06-25 12:25:10 -07:00
Paul Banks
01fefd3d92
Return defensive error if API response is jank
2018-06-25 12:25:10 -07:00
Paul Banks
e7a345cb9a
Refactor resolver logic to be clearer
2018-06-25 12:25:10 -07:00
Paul Banks
41a29a469e
Fix roots race with CA setup hammering bug and defensive nil check hit during obscure upgrade scenario
2018-06-25 12:25:10 -07:00
Mitchell Hashimoto
4b7ca952d6
website: example typo
2018-06-25 12:25:10 -07:00
Mitchell Hashimoto
c809840c90
website: clarify custom proxy integration and custom managed proxies
2018-06-25 12:25:10 -07:00
Paul Banks
12a46cd996
Fix "fail open" wording
...
"fail open" implies that we just allow anything if an agent gets partitioned which is not the right meaning!
2018-06-25 12:25:10 -07:00
Kyle Havlovitz
5d005df8c6
docs: add Connect CA overview
2018-06-25 12:25:10 -07:00
Kyle Havlovitz
860bf825a3
docs: add agent config options for connect/CA
2018-06-25 12:25:10 -07:00
Kyle Havlovitz
aafa3ca64a
agent: format all CA config fields
2018-06-25 12:25:09 -07:00
Kyle Havlovitz
edbeeeb23c
agent: update accepted CA config fields and defaults
2018-06-25 12:25:09 -07:00
Mitchell Hashimoto
316bdbe010
agent/proxy: fix build on Windows
2018-06-25 12:24:18 -07:00
Mitchell Hashimoto
070c91cb23
website: update security model
2018-06-25 12:24:18 -07:00
Mitchell Hashimoto
d1e48b4790
website: clarify namespaces, conflict
2018-06-25 12:24:17 -07:00
Paul Banks
541cbae5f5
More misc comment cleanup
2018-06-25 12:24:17 -07:00
Paul Banks
0824d1df5f
Misc comment cleanups
2018-06-25 12:24:16 -07:00
Paul Banks
e57aa52ca6
Warn about killing proxies in dev mode
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
71216631d7
api: update intention struct for precedence
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
fb0a58e682
website: clarify tiebreaker behavior
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
f6685177f0
website: document the precedence table
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
028aa78e83
agent/consul: set precedence value on struct itself
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
1f5398e17c
website: document multi-DC, caching, clarify prepared queries and
...
multi-DC
2018-06-25 12:24:15 -07:00
Mitchell Hashimoto
9ebd27522b
website: fix typo
2018-06-25 12:24:15 -07:00
Mitchell Hashimoto
927b45bf91
agent/config: move ports to `ports` structure, update docs
2018-06-25 12:24:15 -07:00
Paul Banks
ecfda7cda5
Fix unreachable code warning from go vet
2018-06-25 12:24:15 -07:00
Paul Banks
d1c67d90bc
Fixs a few issues that stopped this working in real life but not caught by tests:
...
- Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed.
- Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart
- Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later
- Naming things
2018-06-25 12:24:14 -07:00
Mitchell Hashimoto
77a8003475
api: change Connect to a query option
2018-06-25 12:24:14 -07:00
Mitchell Hashimoto
8d66d1045a
connect: remove old unused code
2018-06-25 12:24:14 -07:00
Mitchell Hashimoto
6ea59241d1
website: address feedback
2018-06-25 12:24:14 -07:00
Paul Banks
85d6502ab3
Don't kill proxies on agent shutdown; backport manager close fix
2018-06-25 12:24:13 -07:00
Paul Banks
b2ff583392
Test for adopted process Stop race and fix
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
03131398c4
website: Go native integration with Connect
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
f522249e6b
website: connect native overview
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
caae034f3b
command/connect/proxy: can specify prepared query upstream types
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
e587b7c161
connect: support prepared query resolution
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
7a4463013d
connect: resolver works with native services
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
21f27c1842
website: clarify where constraints go
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
b55f0641e6
api: support ExecuteConnect
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
62d4aaa33e
agent: accept connect param for execute
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
daf46c9cfa
agent/consul: support a Connect option on prepared query request
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
440b1b2d97
agent/consul: prepared query supports "Connect" field
2018-06-25 12:24:11 -07:00
Mitchell Hashimoto
8bcadddda7
agent: intention create returns 500 for bad body
2018-06-25 12:24:10 -07:00
Mitchell Hashimoto
297e4f272e
api: support native connect
2018-06-25 12:24:10 -07:00
Mitchell Hashimoto
1830c6b308
agent: switch ConnectNative to an embedded struct
2018-06-25 12:24:10 -07:00