1341 Commits

Author SHA1 Message Date
Mitchell Hashimoto
7543d270e2
agent/local: support local alias checks 2018-07-12 09:36:10 -07:00
Mitchell Hashimoto
4a67beb734
agent: run alias checks 2018-07-12 09:36:10 -07:00
Mitchell Hashimoto
60c75b88da
agent/checks: reflect node failure as alias check failure 2018-07-12 09:36:10 -07:00
Mitchell Hashimoto
f0658a0ede
agent/config: support configuring alias check 2018-07-12 09:36:10 -07:00
Mitchell Hashimoto
632e4a2c69
agent/checks: add Alias check type 2018-07-12 09:36:09 -07:00
mkeeler
39f93f011e
Release v1.2.1 2018-07-12 16:33:56 +00:00
Matt Keeler
63d5c069fc
Merge pull request #4379 from hashicorp/persist-intermediates
connect: persist intermediate CAs on leader change
2018-07-12 12:09:13 -04:00
Paul Banks
9015cd62ab
Merge pull request #4381 from hashicorp/proxy-check-default
Proxy check default
2018-07-12 17:08:35 +01:00
Matt Keeler
0e83059d1f
Revert "Allow changing Node names since Node now have IDs" 2018-07-12 11:19:21 -04:00
Matt Keeler
91150cca59 Fixup formatting 2018-07-12 10:14:26 -04:00
Matt Keeler
3807e04de9 Revert PR 4294 - Catalog Register: Generate UUID for services registered without one
UUID auto-generation here causes trouble in a few cases. The biggest being older
nodes reregistering will fail when the UUIDs are different and the names match

This reverts commit 0f700340828f464449c2e0d5a82db0bc5456d385.
This reverts commit d1a8f9cb3f6f48dd9c8d0bc858031ff6ccff51d0.
This reverts commit cf69ec42a418ab6594a6654e9545e12160f30970.
2018-07-12 10:06:50 -04:00
Matt Keeler
7572ca0f37
Merge pull request #4374 from hashicorp/feature/proxy-env-vars
Setup managed proxy environment with API client env vars
2018-07-12 09:13:54 -04:00
Paul Banks
8405b41f2b
Update proxy config docs and add test for ipv6 2018-07-12 13:07:48 +01:00
Paul Banks
bb9a5c703b
Default managed proxy TCP check address sanely when proxy is bound to 0.0.0.0.
This also provides a mechanism to configure custom address or disable the check entirely from managed proxy config.
2018-07-12 12:57:10 +01:00
Matt Keeler
0f56ed2d01 Set api.Config’s InsecureSkipVerify to the value of !RuntimeConfig.VerifyOutgoing 2018-07-12 07:49:23 -04:00
Matt Keeler
22e4058893 Use type switch instead of .Network for more reliably detecting UnixAddrs 2018-07-12 07:30:17 -04:00
Matt Keeler
700a275ddf Look specifically for tcp instead of unix
Add runtime -> api.Config tests
2018-07-11 17:25:36 -04:00
Matt Keeler
c8df4b824c Update proxy manager test - test passing ProxyEnv vars 2018-07-11 16:50:27 -04:00
Kyle Havlovitz
f95c6807e7
connect: use reflect.DeepEqual instead for test 2018-07-11 13:10:58 -07:00
Matt Keeler
98ead2a8f8
Merge pull request #3983 from pierresouchay/node_renaming
Allow changing Node names since Node now have IDs
2018-07-11 16:03:02 -04:00
Kyle Havlovitz
4e5fb6bc19
connect: add provider state to snapshots 2018-07-11 11:34:49 -07:00
Kyle Havlovitz
462ace4867
connect: update leader initializeCA comment 2018-07-11 10:00:42 -07:00
Kyle Havlovitz
1d3f4b5099
connect: persist intermediate CAs on leader change 2018-07-11 09:44:30 -07:00
Matt Keeler
c54b43bef3 PR Updates
Proxy now doesn’t need to know anything about the api as we pass env vars to it instead of the api config.
2018-07-11 09:44:54 -04:00
Matt Keeler
4d1ead10b3
Merge pull request #4371 from hashicorp/bugfix/gh-4358
Remove https://prefix from TLSConfig.Address
2018-07-11 08:50:10 -04:00
Pierre Souchay
fecae3de21 When renaming a node, ensure the name is not taken by another node.
Since DNS is case insensitive and DB as issues when similar names with different
cases are added, check for unicity based on case insensitivity.

Following another big incident we had in our cluster, we also validate
that adding/renaming a not does not conflicts with case insensitive
matches.

We had the following error once:

 - one node called: mymachine.MYDC.mydomain was shut off
 - another node (different ID) was added with name: mymachine.mydc.mydomain before
   72 hours

When restarting the consul server of domain, the consul server restarted failed
to start since it detected an issue in RAFT database because
mymachine.MYDC.mydomain and mymachine.mydc.mydomain had the same names.

Checking at registration time with case insensitivity should definitly fix
those issues and avoid Consul DB corruption.
2018-07-11 14:42:54 +02:00
Matt Keeler
bd76a34002
Merge pull request #4365 from pierresouchay/fix_test_warning
Fixed compilation warning about wrong type
2018-07-10 16:53:29 -04:00
Matt Keeler
3b6eef8ec6 Pass around an API Config object and convert to env vars for the managed proxy 2018-07-10 12:13:51 -04:00
Pierre Souchay
7d2e4b77ec Use %q, not %s as it used to 2018-07-10 16:52:08 +02:00
Matt Keeler
0fd7e97c2d Merge remote-tracking branch 'origin/master' into bugfix/prevent-multi-cname 2018-07-10 10:26:45 -04:00
Matt Keeler
d19c7d8882
Merge pull request #4303 from pierresouchay/non_blocking_acl
Only send one single ACL cache refresh across network when TTL is over
2018-07-10 08:57:33 -04:00
Matt Keeler
d066fb7b18
Merge pull request #4362 from hashicorp/bugfix/gh-4354
Ensure TXT RRs always end up in the Additional section except for ANY or TXT queries
2018-07-10 08:50:31 -04:00
Pierre Souchay
b112bdd52d Fixed compilation warning about wrong type
It fixes the following warnings:

  agent/config/builder.go:1201: Errorf format %q has arg s of wrong type *string
  agent/config/builder.go:1240: Errorf format %q has arg s of wrong type *string
2018-07-09 23:43:56 +02:00
Paul Banks
41c3a4ac8e
Merge pull request #4038 from pierresouchay/ACL_additional_info
Track calls blocked by ACLs using metrics
2018-07-09 20:21:21 +01:00
MagnumOpus21
371f0c3d5f Tests/Proxy : Changed function name to match the system being tested. 2018-07-09 13:18:57 -04:00
MagnumOpus21
9d57b72e81 Resolved merge conflicts 2018-07-09 12:48:34 -04:00
MagnumOpus21
300330e24b Agent/Proxy: Formatting and test cases fix 2018-07-09 12:46:10 -04:00
Matt Keeler
962f6a1816 Remove https://prefix from TLSConfig.Address 2018-07-09 12:31:15 -04:00
Matt Keeler
cbf8f14451 Ensure TXT RRs always end up in the Additional section except for ANY or TXT queries
This also changes where the enforcement of the enable_additional_node_meta_txt configuration gets applied.

formatNodeRecord returns the main RRs and the meta/TXT RRs in separate slices. Its then up to the caller to add to the appropriate sections or not.
2018-07-09 12:30:11 -04:00
MagnumOpus21
94e8ff55cf Proxy/Tests: Added test cases to check env variables 2018-07-09 12:28:29 -04:00
MagnumOpus21
6cecf2961d Agent/Proxy : Properly passes env variables to child 2018-07-09 12:28:29 -04:00
Pierre Souchay
ff53648df2 Merge remote-tracking branch 'origin/master' into ACL_additional_info 2018-07-07 14:09:18 +02:00
Pierre Souchay
0e4e451a56 Fixed indentation in test 2018-07-07 14:03:34 +02:00
Kyle Havlovitz
401b206a2e
Store the time CARoot is rotated out instead of when to prune 2018-07-06 16:05:25 -07:00
MagnumOpus21
1cd1b55682 Agent/Proxy : Properly passes env variables to child 2018-07-05 22:04:29 -04:00
Matt Keeler
e3783a75e7 Refactor to make this much less confusing 2018-07-03 11:04:19 -04:00
Matt Keeler
554035974e Add a bunch of comments about preventing multi-cname
Hopefully this a bit clearer as to the reasoning
2018-07-03 10:32:52 -04:00
Matt Keeler
22c2be5bf1 Fix some edge cases and add some tests. 2018-07-02 16:58:52 -04:00
Matt Keeler
9a8500412b Only allow 1 CNAME when querying for a service.
This just makes sure that if multiple services are registered with unique service addresses that we don’t blast back multiple CNAMEs for the same service DNS name and keeps us within the DNS specs.
2018-07-02 16:12:06 -04:00
Kyle Havlovitz
1492243e0a
connect/ca: add logic for pruning old stale RootCA entries 2018-07-02 10:35:05 -07:00