status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/agent
History
Matt Keeler 35e67b1d1a
Fix CA Replication when ACLs are enabled (#6201) 
Secondary CA initialization steps are:

• Wait until the primary will be capable of signing intermediate certs. We use serf metadata to check the versions of servers in the primary which avoids needing a token like the previous implementation that used RPCs. We require at least one alive server in the primary and the all alive servers meet the version requirement.
• Initialize the secondary CA by getting the primary to sign an intermediate

When a primary dc is configured, if no existing CA is initialized and for whatever reason we cannot initialize a secondary CA the secondary DC will remain without a CA. As soon as it can it will initialize the secondary CA by pulling the primaries roots and getting the primary to sign an intermediate.

This also fixes a segfault that can happen during leadership revocation. There was a spot in the secondaryCARootsWatch that was getting the CA Provider and executing methods on it without nil checking. Under normal circumstances it wont be nil but during leadership revocation it gets nil'ed out. Therefore there is a period of time between closing the stop chan and when the go routine is actually stopped where it could read a nil provider and cause a segfault.
 		2019-07-26 15:57:57 -04:00
..
ae Add -sidecar-for and new /agent/service/:service_id endpoint (#4691) 2018-10-10 16:55:34 +01:00
cache Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
cache-types add test for discovery chain agent cache-type (#6130) 2019-07-15 10:09:52 -05:00
checks Merge Consul OSS branch 'master' at commit ef257b084d 2019-07-20 02:00:29 +00:00
config Merge Consul OSS branch master at commit b3541c4f34 2019-07-26 10:34:24 -05:00
connect Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
consul Fix CA Replication when ACLs are enabled (#6201) 2019-07-26 15:57:57 -04:00
debug fix comment typos (#4890) 2018-11-02 12:00:39 -05:00
exec fix go vet issue 2017-10-25 19:30:35 +02:00
local Flaky test overhaul (#6100) 2019-07-12 09:52:26 -06:00
metadata New ACLs (#4791) 2018-10-19 12:04:07 -04:00
mock agent: replace docker check 2017-07-18 20:24:38 +02:00
pool tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
proxycfg connect: rework how the service resolver subset OnlyPassing flag works (#6173) 2019-07-23 20:20:24 -05:00
proxyprocess Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
router Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
structs Merge Consul OSS branch master at commit b3541c4f34 2019-07-26 10:34:24 -05:00
systemd agent: notify systemd after JoinLAN (#2121) 2017-06-21 06:43:55 +02:00
token ACL Token Persistence and Reloading (#5328) 2019-02-27 14:28:31 -05:00
xds connect: allow L7 routers to match on http methods (#6164) 2019-07-23 20:56:39 -05:00
acl.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
acl_endpoint.go ACL Token ID Initialization (#5307) 2019-04-30 11:45:36 -04:00
acl_endpoint_legacy.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
acl_endpoint_legacy_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
acl_endpoint_test.go ACL Token ID Initialization (#5307) 2019-04-30 11:45:36 -04:00
acl_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
agent.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
agent_endpoint.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
agent_endpoint_test.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
agent_test.go Allow raft TrailingLogs to be configured. (#6186) 2019-07-23 15:19:57 +01:00
bindata_assetfs.go update bindata_assetfs.go 2019-07-25 23:41:16 +00:00
blacklist.go Adds the ability to blacklist specific HTTP endpoints. (#3252) 2017-07-10 13:51:25 -07:00
blacklist_test.go Adds the ability to blacklist specific HTTP endpoints. (#3252) 2017-07-10 13:51:25 -07:00
catalog_endpoint.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
catalog_endpoint_test.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
check.go Decouple the code that executes checks from the agent 2017-10-25 11:18:07 +02:00
config.go Make a few config entry endpoints return 404s and allow for snake_case and lowercase key names. (#5748) 2019-04-30 18:19:19 -04:00
config_endpoint.go Centralized Config CLI (#5731) 2019-04-30 16:27:16 -07:00
config_endpoint_test.go handle structs.ConfigEntry decoding similarly to api.ConfigEntry decoding (#6106) 2019-07-12 12:20:30 -05:00
connect_auth.go fix typos reported by golangci-lint:misspell (#5434) 2019-03-06 11:13:28 -06:00
connect_ca_endpoint.go Fix CA pruning when CA config uses string durations. (#4669) 2018-09-13 15:43:00 +01:00
connect_ca_endpoint_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
coordinate_endpoint.go Merge pull request #3885 from eddsteel/support-options-requests 2018-03-16 09:20:16 -05:00
coordinate_endpoint_test.go Update retries that weren't using retry.R (#6146) 2019-07-16 14:47:45 -06:00
dns.go Merge Consul OSS branch 'master' at commit e91f73f592 2019-06-30 02:00:31 +00:00
dns_test.go Merge Consul OSS branch 'master' at commit e91f73f592 2019-06-30 02:00:31 +00:00
enterprise_delegate_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
event_endpoint.go Fixes memory leak when blocking on /event/list (#4482) 2018-08-02 14:54:48 +01:00
event_endpoint_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
health_endpoint.go Filter non-passing nodes without modifying cache 2019-04-16 10:29:34 -06:00
health_endpoint_test.go Merge branch 'master' into release/1-6 2019-07-12 14:51:25 -07:00
http.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
http_oss.go Fix bug in service-resolver redirects if the destination uses a default resolver. (#6122) 2019-07-12 12:21:25 -05:00
http_oss_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
http_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
intentions_endpoint.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
intentions_endpoint_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
internal_endpoint.go Fix bug in service-resolver redirects if the destination uses a default resolver. (#6122) 2019-07-12 12:21:25 -05:00
keyring.go agent: move agent/consul/structs to agent/structs 2017-08-09 14:32:12 +02:00
keyring_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
kvs_endpoint.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
kvs_endpoint_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
notify.go Fixes memory leak when blocking on /event/list (#4482) 2018-08-02 14:54:48 +01:00
notify_test.go Fixes memory leak when blocking on /event/list (#4482) 2018-08-02 14:54:48 +01:00
operator_endpoint.go Support OPTIONS requests 2018-02-12 10:15:31 -08:00
operator_endpoint_test.go Merge pull request #5376 from hashicorp/fix-tests 2019-04-04 17:09:32 -04:00
prepared_query_endpoint.go Support Agent Caching for Service Discovery Results (#4541) 2018-10-10 16:55:34 +01:00
prepared_query_endpoint_test.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
remote_exec.go Decouple the code that executes checks from the agent 2017-10-25 11:18:07 +02:00
remote_exec_test.go Update retries that weren't using retry.R (#6146) 2019-07-16 14:47:45 -06:00
retry_join.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
retry_join_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
service_manager.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
service_manager_test.go Add integration test for central config; fix central config WIP (#5752) 2019-05-01 16:39:31 -07:00
session_endpoint.go Support OPTIONS requests 2018-02-12 10:15:31 -08:00
session_endpoint_test.go tests: actually have TestSessionTTLRenew sleep during execution (#5669) 2019-04-17 15:52:23 -05:00
sidecar_service.go Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
sidecar_service_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
signal_unix.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
signal_windows.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
snapshot_endpoint.go agent: consolidate handling of 405 Method Not Allowed (#3405) 2017-09-25 23:11:19 -07:00
snapshot_endpoint_test.go add wait to TestSnapshot 2019-02-22 17:34:45 -05:00
status_endpoint.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
status_endpoint_test.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
testagent.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
testagent_test.go New config parser, HCL support, multiple bind addrs (#3480) 2017-09-25 11:40:42 -07:00
translate_addr.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
txn_endpoint.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
txn_endpoint_test.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
ui_endpoint.go Implement Kind based ServiceDump and caching of the ServiceDump RPC 2019-07-01 16:28:30 -04:00
ui_endpoint_test.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
user_event.go Spelling (#3958) 2018-03-19 16:56:00 +00:00
user_event_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
util.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
util_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
watch_handler.go Move the watch package into the api module (#5664) 2019-04-26 12:33:01 -04:00
watch_handler_test.go Move the watch package into the api module (#5664) 2019-04-26 12:33:01 -04:00