mirror of
https://github.com/status-im/consul.git
synced 2025-01-15 00:04:47 +00:00
f8a2ae2606
* tlsutil: initial implementation of types/TLSVersion tlsutil: add test for parsing deprecated agent TLS version strings tlsutil: return TLSVersionInvalid with error tlsutil: start moving tlsutil cipher suite lookups over to types/tls tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup agent: attempt to use types in runtime config agent: implement b.tlsVersion validation in config builder agent: fix tlsVersion nil check in builder tlsutil: update to renamed ParseTLSVersion and goTLSVersions tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion tlsutil: disable invalid config parsing tests tlsutil: update tests auto_config: lookup old config strings from base.TLSMinVersion auto_config: update endpoint tests to use TLS types agent: update runtime_test to use TLS types agent: update TestRuntimeCinfig_Sanitize.golden agent: update config runtime tests to expect TLS types * website: update Consul agent tls_min_version values * agent: fixup TLS parsing and compilation errors * test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test * tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites * test: revert autoconfig tls min version fixtures to old format * types: add TLSVersions public function * agent: add warning for deprecated TLS version strings * agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder * tlsutil(BREAKING): change default TLS min version to TLS 1.2 * agent: move ParseCiphers logic from tlsutil into agent config builder * tlsutil: remove unused CipherString function * agent: fixup import for types package * Revert "tlsutil: remove unused CipherString function" This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c. * agent: fixup config builder and runtime tests * tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig * test: move TLS cipher suites parsing test from tlsutil into agent config builder tests * agent: remove parseCiphers helper from auto_config_endpoint_test * test: remove unused imports from tlsutil * agent: remove resolved FIXME comment * tlsutil: remove TODO and FIXME in cipher suite validation * agent: prevent setting inherited cipher suite config when TLS 1.3 is specified * changelog: add entry for converting agent config to TLS types * agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now * tlsutil: remove config tests for values checked at agent config builder boundary * tlsutil: remove tls version check from loadProtocolConfig * tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites * website: update search link for supported Consul agent cipher suites * website: apply review suggestions for tls_min_version description * website: attempt to clean up markdown list formatting for tls_min_version * website: moar linebreaks to fix tls_min_version formatting * Revert "website: moar linebreaks to fix tls_min_version formatting" This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c. * autoconfig: translate old values for TLSMinVersion * agent: rename var for translated value of deprecated TLS version value * Update agent/config/deprecated.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent: fix lint issue * agent: fixup deprecated config test assertions for updated warning Co-authored-by: Dan Upton <daniel@floppy.co>
457 lines
13 KiB
Plaintext
457 lines
13 KiB
Plaintext
{
|
|
"ACLEnableKeyListPolicy": false,
|
|
"ACLInitialManagementToken": "hidden",
|
|
"ACLResolverSettings": {
|
|
"ACLDefaultPolicy": "",
|
|
"ACLDownPolicy": "",
|
|
"ACLPolicyTTL": "0s",
|
|
"ACLRoleTTL": "0s",
|
|
"ACLTokenTTL": "0s",
|
|
"ACLsEnabled": false,
|
|
"Datacenter": "",
|
|
"EnterpriseMeta": {},
|
|
"NodeName": ""
|
|
},
|
|
"ACLTokenReplication": false,
|
|
"ACLTokens": {
|
|
"ACLAgentRecoveryToken": "hidden",
|
|
"ACLAgentToken": "hidden",
|
|
"ACLDefaultToken": "hidden",
|
|
"ACLReplicationToken": "hidden",
|
|
"DataDir": "",
|
|
"EnablePersistence": false,
|
|
"EnterpriseConfig": {}
|
|
},
|
|
"ACLsEnabled": false,
|
|
"AEInterval": "0s",
|
|
"AdvertiseAddrLAN": "",
|
|
"AdvertiseAddrWAN": "",
|
|
"AdvertiseReconnectTimeout": "0s",
|
|
"AllowWriteHTTPFrom": [
|
|
"127.0.0.0/8",
|
|
"::1/128"
|
|
],
|
|
"AutoConfig": {
|
|
"Authorizer": {
|
|
"AllowReuse": false,
|
|
"AuthMethod": {
|
|
"ACLAuthMethodEnterpriseFields": {},
|
|
"Config": {},
|
|
"Description": "",
|
|
"DisplayName": "",
|
|
"EnterpriseMeta": {},
|
|
"MaxTokenTTL": "0s",
|
|
"Name": "",
|
|
"RaftIndex": {
|
|
"CreateIndex": 0,
|
|
"ModifyIndex": 0
|
|
},
|
|
"TokenLocality": "",
|
|
"Type": ""
|
|
},
|
|
"ClaimAssertions": [],
|
|
"Enabled": false
|
|
},
|
|
"DNSSANs": [],
|
|
"Enabled": false,
|
|
"IPSANs": [],
|
|
"IntroToken": "hidden",
|
|
"IntroTokenFile": "",
|
|
"ServerAddresses": []
|
|
},
|
|
"AutoEncryptAllowTLS": false,
|
|
"AutoEncryptDNSSAN": [],
|
|
"AutoEncryptIPSAN": [],
|
|
"AutoEncryptTLS": false,
|
|
"AutopilotCleanupDeadServers": false,
|
|
"AutopilotDisableUpgradeMigration": false,
|
|
"AutopilotLastContactThreshold": "0s",
|
|
"AutopilotMaxTrailingLogs": 0,
|
|
"AutopilotMinQuorum": 0,
|
|
"AutopilotRedundancyZoneTag": "",
|
|
"AutopilotServerStabilizationTime": "0s",
|
|
"AutopilotUpgradeVersionTag": "",
|
|
"BindAddr": "127.0.0.1",
|
|
"Bootstrap": false,
|
|
"BootstrapExpect": 0,
|
|
"Cache": {
|
|
"EntryFetchMaxBurst": 42,
|
|
"EntryFetchRate": 0.334,
|
|
"Logger": null
|
|
},
|
|
"CheckDeregisterIntervalMin": "0s",
|
|
"CheckOutputMaxSize": 4096,
|
|
"CheckReapInterval": "0s",
|
|
"CheckUpdateInterval": "0s",
|
|
"Checks": [
|
|
{
|
|
"AliasNode": "",
|
|
"AliasService": "",
|
|
"Body": "",
|
|
"DeregisterCriticalServiceAfter": "0s",
|
|
"DockerContainerID": "",
|
|
"EnterpriseMeta": {},
|
|
"FailuresBeforeCritical": 0,
|
|
"FailuresBeforeWarning": 0,
|
|
"GRPC": "",
|
|
"GRPCUseTLS": false,
|
|
"H2PING": "",
|
|
"H2PingUseTLS": false,
|
|
"HTTP": "",
|
|
"Header": {},
|
|
"ID": "",
|
|
"Interval": "0s",
|
|
"Method": "",
|
|
"Name": "zoo",
|
|
"Notes": "",
|
|
"OutputMaxSize": 4096,
|
|
"ScriptArgs": [],
|
|
"ServiceID": "",
|
|
"Shell": "",
|
|
"Status": "",
|
|
"SuccessBeforePassing": 0,
|
|
"TCP": "",
|
|
"TLSServerName": "",
|
|
"TLSSkipVerify": false,
|
|
"TTL": "0s",
|
|
"Timeout": "0s",
|
|
"Token": "hidden"
|
|
}
|
|
],
|
|
"ClientAddrs": [],
|
|
"ConfigEntryBootstrap": [],
|
|
"ConnectCAConfig": {},
|
|
"ConnectCAProvider": "",
|
|
"ConnectEnabled": false,
|
|
"ConnectMeshGatewayWANFederationEnabled": false,
|
|
"ConnectServerlessPluginEnabled": false,
|
|
"ConnectSidecarMaxPort": 0,
|
|
"ConnectSidecarMinPort": 0,
|
|
"ConnectTestCALeafRootChangeSpread": "0s",
|
|
"ConsulCoordinateUpdateBatchSize": 0,
|
|
"ConsulCoordinateUpdateMaxBatches": 0,
|
|
"ConsulCoordinateUpdatePeriod": "15s",
|
|
"ConsulRaftElectionTimeout": "0s",
|
|
"ConsulRaftHeartbeatTimeout": "0s",
|
|
"ConsulRaftLeaderLeaseTimeout": "0s",
|
|
"ConsulServerHealthInterval": "0s",
|
|
"DNSARecordLimit": 0,
|
|
"DNSAddrs": [
|
|
"tcp://1.2.3.4:5678",
|
|
"udp://1.2.3.4:5678"
|
|
],
|
|
"DNSAllowStale": false,
|
|
"DNSAltDomain": "",
|
|
"DNSCacheMaxAge": "0s",
|
|
"DNSDisableCompression": false,
|
|
"DNSDomain": "",
|
|
"DNSEnableTruncate": false,
|
|
"DNSMaxStale": "0s",
|
|
"DNSNodeMetaTXT": false,
|
|
"DNSNodeTTL": "0s",
|
|
"DNSOnlyPassing": false,
|
|
"DNSPort": 0,
|
|
"DNSRecursorStrategy": "",
|
|
"DNSRecursorTimeout": "0s",
|
|
"DNSRecursors": [],
|
|
"DNSSOA": {
|
|
"Expire": 86400,
|
|
"Minttl": 0,
|
|
"Refresh": 3600,
|
|
"Retry": 600
|
|
},
|
|
"DNSServiceTTL": {},
|
|
"DNSUDPAnswerLimit": 0,
|
|
"DNSUseCache": false,
|
|
"DataDir": "",
|
|
"Datacenter": "",
|
|
"DefaultQueryTime": "0s",
|
|
"DevMode": false,
|
|
"DisableAnonymousSignature": false,
|
|
"DisableCoordinates": false,
|
|
"DisableHTTPUnprintableCharFilter": false,
|
|
"DisableHostNodeID": false,
|
|
"DisableKeyringFile": false,
|
|
"DisableRemoteExec": false,
|
|
"DisableUpdateCheck": false,
|
|
"DiscardCheckOutput": false,
|
|
"DiscoveryMaxStale": "0s",
|
|
"EnableAgentTLSForChecks": false,
|
|
"EnableCentralServiceConfig": false,
|
|
"EnableDebug": false,
|
|
"EnableLocalScriptChecks": false,
|
|
"EnableRemoteScriptChecks": false,
|
|
"EncryptKey": "hidden",
|
|
"EncryptVerifyIncoming": false,
|
|
"EncryptVerifyOutgoing": false,
|
|
"EnterpriseRuntimeConfig": {},
|
|
"ExposeMaxPort": 0,
|
|
"ExposeMinPort": 0,
|
|
"GRPCAddrs": [],
|
|
"GRPCPort": 0,
|
|
"GossipLANGossipInterval": "0s",
|
|
"GossipLANGossipNodes": 0,
|
|
"GossipLANProbeInterval": "0s",
|
|
"GossipLANProbeTimeout": "0s",
|
|
"GossipLANRetransmitMult": 0,
|
|
"GossipLANSuspicionMult": 0,
|
|
"GossipWANGossipInterval": "0s",
|
|
"GossipWANGossipNodes": 0,
|
|
"GossipWANProbeInterval": "0s",
|
|
"GossipWANProbeTimeout": "0s",
|
|
"GossipWANRetransmitMult": 0,
|
|
"GossipWANSuspicionMult": 0,
|
|
"HTTPAddrs": [
|
|
"tcp://1.2.3.4:5678",
|
|
"unix:///var/run/foo"
|
|
],
|
|
"HTTPBlockEndpoints": [],
|
|
"HTTPMaxConnsPerClient": 0,
|
|
"HTTPMaxHeaderBytes": 0,
|
|
"HTTPPort": 0,
|
|
"HTTPResponseHeaders": {},
|
|
"HTTPSAddrs": [],
|
|
"HTTPSHandshakeTimeout": "0s",
|
|
"HTTPSPort": 0,
|
|
"HTTPUseCache": false,
|
|
"KVMaxValueSize": 1234567800000000,
|
|
"LeaveDrainTime": "0s",
|
|
"LeaveOnTerm": false,
|
|
"Logging": {
|
|
"EnableSyslog": false,
|
|
"LogFilePath": "",
|
|
"LogJSON": false,
|
|
"LogLevel": "",
|
|
"LogRotateBytes": 0,
|
|
"LogRotateDuration": "0s",
|
|
"LogRotateMaxFiles": 0,
|
|
"Name": "",
|
|
"SyslogFacility": ""
|
|
},
|
|
"MaxQueryTime": "0s",
|
|
"NodeID": "",
|
|
"NodeMeta": {},
|
|
"NodeName": "",
|
|
"PidFile": "",
|
|
"PrimaryDatacenter": "",
|
|
"PrimaryGateways": [
|
|
"pmgw_foo=bar pmgw_key=baz pmgw_secret=boom pmgw_bang=bar"
|
|
],
|
|
"PrimaryGatewaysInterval": "0s",
|
|
"RPCAdvertiseAddr": "",
|
|
"RPCBindAddr": "",
|
|
"RPCConfig": {
|
|
"EnableStreaming": false
|
|
},
|
|
"RPCHandshakeTimeout": "0s",
|
|
"RPCHoldTimeout": "0s",
|
|
"RPCMaxBurst": 0,
|
|
"RPCMaxConnsPerClient": 0,
|
|
"RPCProtocol": 0,
|
|
"RPCRateLimit": 0,
|
|
"RaftBoltDBConfig": {
|
|
"NoFreelistSync": false
|
|
},
|
|
"RaftProtocol": 3,
|
|
"RaftSnapshotInterval": "0s",
|
|
"RaftSnapshotThreshold": 0,
|
|
"RaftTrailingLogs": 0,
|
|
"ReadReplica": false,
|
|
"ReconnectTimeoutLAN": "0s",
|
|
"ReconnectTimeoutWAN": "0s",
|
|
"RejoinAfterLeave": false,
|
|
"RetryJoinIntervalLAN": "0s",
|
|
"RetryJoinIntervalWAN": "0s",
|
|
"RetryJoinLAN": [
|
|
"foo=bar key=hidden secret=hidden bang=bar"
|
|
],
|
|
"RetryJoinMaxAttemptsLAN": 0,
|
|
"RetryJoinMaxAttemptsWAN": 0,
|
|
"RetryJoinWAN": [
|
|
"wan_foo=bar wan_key=hidden wan_secret=hidden wan_bang=bar"
|
|
],
|
|
"Revision": "",
|
|
"SegmentLimit": 0,
|
|
"SegmentName": "",
|
|
"SegmentNameLimit": 0,
|
|
"Segments": [],
|
|
"SerfAdvertiseAddrLAN": "tcp://1.2.3.4:5678",
|
|
"SerfAdvertiseAddrWAN": "",
|
|
"SerfAllowedCIDRsLAN": [
|
|
"192.168.1.0/24",
|
|
"127.0.0.0/8"
|
|
],
|
|
"SerfAllowedCIDRsWAN": [],
|
|
"SerfBindAddrLAN": "",
|
|
"SerfBindAddrWAN": "",
|
|
"SerfPortLAN": 0,
|
|
"SerfPortWAN": 0,
|
|
"ServerMode": false,
|
|
"ServerName": "",
|
|
"ServerPort": 0,
|
|
"Services": [
|
|
{
|
|
"Address": "",
|
|
"Check": {
|
|
"AliasNode": "",
|
|
"AliasService": "",
|
|
"Body": "",
|
|
"CheckID": "",
|
|
"DeregisterCriticalServiceAfter": "0s",
|
|
"DockerContainerID": "",
|
|
"FailuresBeforeCritical": 0,
|
|
"FailuresBeforeWarning": 0,
|
|
"GRPC": "",
|
|
"GRPCUseTLS": false,
|
|
"H2PING": "",
|
|
"H2PingUseTLS": false,
|
|
"HTTP": "",
|
|
"Header": {},
|
|
"Interval": "0s",
|
|
"Method": "",
|
|
"Name": "blurb",
|
|
"Notes": "",
|
|
"OutputMaxSize": 4096,
|
|
"ProxyGRPC": "",
|
|
"ProxyHTTP": "",
|
|
"ScriptArgs": [],
|
|
"Shell": "",
|
|
"Status": "",
|
|
"SuccessBeforePassing": 0,
|
|
"TCP": "",
|
|
"TLSServerName": "",
|
|
"TLSSkipVerify": false,
|
|
"TTL": "0s",
|
|
"Timeout": "0s"
|
|
},
|
|
"Checks": [],
|
|
"Connect": null,
|
|
"EnableTagOverride": false,
|
|
"EnterpriseMeta": {},
|
|
"ID": "",
|
|
"Kind": "",
|
|
"Meta": {},
|
|
"Name": "foo",
|
|
"Port": 0,
|
|
"Proxy": null,
|
|
"SocketPath": "",
|
|
"TaggedAddresses": {},
|
|
"Tags": [],
|
|
"Token": "hidden",
|
|
"Weights": {
|
|
"Passing": 67,
|
|
"Warning": 3
|
|
}
|
|
}
|
|
],
|
|
"SessionTTLMin": "0s",
|
|
"SkipLeaveOnInt": false,
|
|
"StartJoinAddrsLAN": [],
|
|
"StartJoinAddrsWAN": [],
|
|
"SyncCoordinateIntervalMin": "0s",
|
|
"SyncCoordinateRateTarget": 0,
|
|
"TLS": {
|
|
"AutoTLS": false,
|
|
"Domain": "",
|
|
"EnableAgentTLSForChecks": false,
|
|
"GRPC": {
|
|
"CAFile": "",
|
|
"CAPath": "",
|
|
"CertFile": "",
|
|
"CipherSuites": [],
|
|
"KeyFile": "hidden",
|
|
"TLSMinVersion": "",
|
|
"VerifyIncoming": false,
|
|
"VerifyOutgoing": false,
|
|
"VerifyServerHostname": false
|
|
},
|
|
"HTTPS": {
|
|
"CAFile": "",
|
|
"CAPath": "",
|
|
"CertFile": "",
|
|
"CipherSuites": [],
|
|
"KeyFile": "hidden",
|
|
"TLSMinVersion": "",
|
|
"VerifyIncoming": false,
|
|
"VerifyOutgoing": false,
|
|
"VerifyServerHostname": false
|
|
},
|
|
"InternalRPC": {
|
|
"CAFile": "",
|
|
"CAPath": "",
|
|
"CertFile": "",
|
|
"CipherSuites": [],
|
|
"KeyFile": "hidden",
|
|
"TLSMinVersion": "",
|
|
"VerifyIncoming": false,
|
|
"VerifyOutgoing": false,
|
|
"VerifyServerHostname": false
|
|
},
|
|
"NodeName": "",
|
|
"ServerName": ""
|
|
},
|
|
"TaggedAddresses": {},
|
|
"Telemetry": {
|
|
"AllowedPrefixes": [],
|
|
"BlockedPrefixes": [],
|
|
"CirconusAPIApp": "",
|
|
"CirconusAPIToken": "hidden",
|
|
"CirconusAPIURL": "",
|
|
"CirconusBrokerID": "",
|
|
"CirconusBrokerSelectTag": "",
|
|
"CirconusCheckDisplayName": "",
|
|
"CirconusCheckForceMetricActivation": "",
|
|
"CirconusCheckID": "",
|
|
"CirconusCheckInstanceID": "",
|
|
"CirconusCheckSearchTag": "",
|
|
"CirconusCheckTags": "",
|
|
"CirconusSubmissionInterval": "",
|
|
"CirconusSubmissionURL": "",
|
|
"Disable": false,
|
|
"DisableCompatOneNine": false,
|
|
"DisableHostname": false,
|
|
"DogstatsdAddr": "",
|
|
"DogstatsdTags": [],
|
|
"FilterDefault": false,
|
|
"MetricsPrefix": "",
|
|
"PrometheusOpts": {
|
|
"CounterDefinitions": [],
|
|
"Expiration": "0s",
|
|
"GaugeDefinitions": [],
|
|
"Name": "",
|
|
"Registerer": null,
|
|
"SummaryDefinitions": []
|
|
},
|
|
"StatsdAddr": "",
|
|
"StatsiteAddr": ""
|
|
},
|
|
"TranslateWANAddrs": false,
|
|
"TxnMaxReqLen": 5678000000000000,
|
|
"UIConfig": {
|
|
"ContentPath": "",
|
|
"DashboardURLTemplates": {},
|
|
"Dir": "",
|
|
"Enabled": false,
|
|
"MetricsProvider": "",
|
|
"MetricsProviderFiles": [],
|
|
"MetricsProviderOptionsJSON": "",
|
|
"MetricsProxy": {
|
|
"AddHeaders": [
|
|
{
|
|
"Name": "foo",
|
|
"Value": "hidden"
|
|
}
|
|
],
|
|
"BaseURL": "",
|
|
"PathAllowlist": []
|
|
}
|
|
},
|
|
"UnixSocketGroup": "",
|
|
"UnixSocketMode": "",
|
|
"UnixSocketUser": "",
|
|
"UseStreamingBackend": false,
|
|
"Version": "",
|
|
"VersionPrerelease": "",
|
|
"Watches": []
|
|
}
|