Commit Graph

8571 Commits

Author SHA1 Message Date
Mitchell Hashimoto 7f83ae1faf website: document proxy security settings 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto 0d6dcbd2f1 agent: disallow API registration with managed proxy if not enabled 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto f7fc026e18 agent/config: AllowManagedAPIRegistration 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto ed98d65c2b agent/proxy: AllowRoot to disable executing managed proxies when root 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto 5ae32837f7 agent/proxy: set the proper arguments so we only run the helper process 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto 4897ca6545 agent/config: add AllowManagedRoot 2018-06-25 12:25:11 -07:00
Kyle Havlovitz 82a4b3c13f connect: fix two CA tests that were broken in a previous PR (#60) 2018-06-25 12:25:10 -07:00
Paul Banks 01fefd3d92 Return defensive error if API response is jank 2018-06-25 12:25:10 -07:00
Paul Banks e7a345cb9a Refactor resolver logic to be clearer 2018-06-25 12:25:10 -07:00
Paul Banks 41a29a469e Fix roots race with CA setup hammering bug and defensive nil check hit during obscure upgrade scenario 2018-06-25 12:25:10 -07:00
Mitchell Hashimoto 4b7ca952d6 website: example typo 2018-06-25 12:25:10 -07:00
Mitchell Hashimoto c809840c90 website: clarify custom proxy integration and custom managed proxies 2018-06-25 12:25:10 -07:00
Paul Banks 12a46cd996 Fix "fail open" wording
"fail open" implies that we just allow anything if an agent gets partitioned which is not the right meaning!
2018-06-25 12:25:10 -07:00
Kyle Havlovitz 5d005df8c6 docs: add Connect CA overview 2018-06-25 12:25:10 -07:00
Kyle Havlovitz 860bf825a3 docs: add agent config options for connect/CA 2018-06-25 12:25:10 -07:00
Kyle Havlovitz aafa3ca64a agent: format all CA config fields 2018-06-25 12:25:09 -07:00
Kyle Havlovitz edbeeeb23c agent: update accepted CA config fields and defaults 2018-06-25 12:25:09 -07:00
Mitchell Hashimoto 316bdbe010 agent/proxy: fix build on Windows 2018-06-25 12:24:18 -07:00
Mitchell Hashimoto 070c91cb23 website: update security model 2018-06-25 12:24:18 -07:00
Mitchell Hashimoto d1e48b4790 website: clarify namespaces, conflict 2018-06-25 12:24:17 -07:00
Paul Banks 541cbae5f5 More misc comment cleanup 2018-06-25 12:24:17 -07:00
Paul Banks 0824d1df5f Misc comment cleanups 2018-06-25 12:24:16 -07:00
Paul Banks e57aa52ca6 Warn about killing proxies in dev mode 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto 71216631d7 api: update intention struct for precedence 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto fb0a58e682 website: clarify tiebreaker behavior 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto f6685177f0 website: document the precedence table 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto 028aa78e83 agent/consul: set precedence value on struct itself 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto 1f5398e17c website: document multi-DC, caching, clarify prepared queries and
multi-DC
2018-06-25 12:24:15 -07:00
Mitchell Hashimoto 9ebd27522b website: fix typo 2018-06-25 12:24:15 -07:00
Mitchell Hashimoto 927b45bf91 agent/config: move ports to `ports` structure, update docs 2018-06-25 12:24:15 -07:00
Paul Banks ecfda7cda5 Fix unreachable code warning from go vet 2018-06-25 12:24:15 -07:00
Paul Banks d1c67d90bc Fixs a few issues that stopped this working in real life but not caught by tests:
- Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed.
 - Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart
 - Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later
 - Naming things
2018-06-25 12:24:14 -07:00
Mitchell Hashimoto 77a8003475 api: change Connect to a query option 2018-06-25 12:24:14 -07:00
Mitchell Hashimoto 8d66d1045a connect: remove old unused code 2018-06-25 12:24:14 -07:00
Mitchell Hashimoto 6ea59241d1 website: address feedback 2018-06-25 12:24:14 -07:00
Paul Banks 85d6502ab3 Don't kill proxies on agent shutdown; backport manager close fix 2018-06-25 12:24:13 -07:00
Paul Banks b2ff583392 Test for adopted process Stop race and fix 2018-06-25 12:24:13 -07:00
Mitchell Hashimoto 03131398c4 website: Go native integration with Connect 2018-06-25 12:24:13 -07:00
Mitchell Hashimoto f522249e6b website: connect native overview 2018-06-25 12:24:13 -07:00
Mitchell Hashimoto caae034f3b command/connect/proxy: can specify prepared query upstream types 2018-06-25 12:24:13 -07:00
Mitchell Hashimoto e587b7c161 connect: support prepared query resolution 2018-06-25 12:24:13 -07:00
Mitchell Hashimoto 7a4463013d connect: resolver works with native services 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto 21f27c1842 website: clarify where constraints go 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto b55f0641e6 api: support ExecuteConnect 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto 62d4aaa33e agent: accept connect param for execute 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto daf46c9cfa agent/consul: support a Connect option on prepared query request 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto 440b1b2d97 agent/consul: prepared query supports "Connect" field 2018-06-25 12:24:11 -07:00
Mitchell Hashimoto 8bcadddda7 agent: intention create returns 500 for bad body 2018-06-25 12:24:10 -07:00
Mitchell Hashimoto 297e4f272e api: support native connect 2018-06-25 12:24:10 -07:00
Mitchell Hashimoto 1830c6b308 agent: switch ConnectNative to an embedded struct 2018-06-25 12:24:10 -07:00