consul/agent
R.B. Boyer 6ba776b4f3
agent: protect the ui metrics proxy endpoint behind ACLs (#9099)
This ensures the metrics proxy endpoint is ACL protected behind a
wildcard `service:read` and `node:read` set of rules. For Consul
Enterprise these will need to span all namespaces:

```
service_prefix "" { policy = "read" }
node_prefix ""    { policy = "read" }

namespace_prefix "" {
  service_prefix "" { policy = "read" }
  node_prefix ""    { policy = "read" }
}
```

This PR contains just the backend changes. The frontend changes to
actually pass the consul token header to the proxy through the JS plugin
will come in another PR.
2020-11-04 12:50:03 -06:00
..
ae testutil: NewLogBuffer - buffer logs until a test fails 2020-07-21 12:50:40 -04:00
auto-config lib/retry: Refactor to reduce the interface surface 2020-10-04 18:12:42 -04:00
cache lib/ttlcache: unexport key and additional godoc 2020-10-20 19:16:03 -04:00
cache-types streaming: apply filter to a single item 2020-10-19 18:24:02 -04:00
checks Return grpc serving status in health check errors 2020-09-22 21:16:58 +03:00
config agent: introduce path allow list for requests going through the metrics proxy (#9059) 2020-10-30 16:49:54 -05:00
connect stream: Use a no-op event publisher if streaming is disabled 2020-10-28 13:54:19 -04:00
consul state: ensure we unblock intentions queries upon the upgrade to config entries (#9062) 2020-10-29 15:28:31 -05:00
debug
dns config: move NodeName validation to config validation 2020-08-17 17:25:02 -04:00
exec
grpc agent/grpc: add connection count metrics 2020-10-27 16:49:49 -04:00
local Notify alias checks when aliased service is [de]registered (#8456) 2020-08-12 09:47:41 -06:00
metadata ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
mock checks: when a service does not exists in an alias, consider it failing (#7384) 2020-06-04 14:50:52 +02:00
pool server: add gRPC server for streaming events 2020-09-08 12:10:41 -04:00
proxycfg Fix text type assertion 2020-09-14 16:28:40 -06:00
router agent/router: refactor calculation of delay between rebalances. 2020-10-15 15:59:36 -04:00
routine-leak-checker agent: enable enable_central_service_config by default (#8746) 2020-10-01 09:19:14 -05:00
rpc/subscribe stream: Use a no-op event publisher if streaming is disabled 2020-10-28 13:54:19 -04:00
rpcclient/health streaming: disable streaming when requesting connect events 2020-10-26 11:55:49 -04:00
structs server: config entry replication now correctly uses namespaces in comparisons (#9024) 2020-10-23 13:41:54 -05:00
submatview streaming: improve godoc for cache-type 2020-10-06 13:52:02 -04:00
systemd
token token: OSS support for enterprise tokens 2020-08-31 15:10:15 -04:00
uiserver auto-updated agent/uiserver/bindata_assetfs.go from commit 0f6c0a5c1 2020-11-04 09:37:51 +00:00
xds connect: add support for envoy 1.16.0, drop support for 1.12.x, and bump point releases as well (#8944) 2020-10-22 13:46:19 -05:00
acl.go added permission denied error message (#8044) 2020-09-22 20:36:07 +02:00
acl_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
acl_endpoint_legacy.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
acl_endpoint_legacy_test.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
acl_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
acl_test.go agent/token: Move token persistence out of agent 2020-08-31 15:00:34 -04:00
agent.go streaming: disable streaming when requesting connect events 2020-10-26 11:55:49 -04:00
agent_endpoint.go connect: support defining intentions using layer 7 criteria (#8839) 2020-10-06 17:09:13 -05:00
agent_endpoint_test.go agent: enable enable_central_service_config by default (#8746) 2020-10-01 09:19:14 -05:00
agent_oss.go agent/token: Move token persistence out of agent 2020-08-31 15:00:34 -04:00
agent_test.go Fix: service LocallyRegisteredAsSidecar property is not persisted 2020-10-13 19:38:58 +02:00
apiserver.go agent: add apiServers type for managing HTTP servers 2020-09-03 13:40:12 -04:00
apiserver_test.go agent: add apiServers type for managing HTTP servers 2020-09-03 13:40:12 -04:00
catalog_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
catalog_endpoint_test.go Add api mod support for /catalog/gateway-services (#8278) 2020-07-10 13:01:45 -06:00
check.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
config_endpoint.go connect: intentions are now managed as a new config entry kind "service-intentions" (#8834) 2020-10-06 13:24:05 -05:00
config_endpoint_test.go Expect default enterprise metadata in gateway tests (#7664) 2020-04-20 09:02:35 -05:00
connect_auth.go Return intention info in svc topology endpoint (#8853) 2020-10-07 18:35:34 -06:00
connect_ca_endpoint.go Add capability for the v1/connect/ca/roots endpoint to return a PEM encoded certificate chain (#8774) 2020-10-09 10:43:33 -04:00
connect_ca_endpoint_test.go Add capability for the v1/connect/ca/roots endpoint to return a PEM encoded certificate chain (#8774) 2020-10-09 10:43:33 -04:00
coordinate_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
coordinate_endpoint_test.go Fix a number of problems found by staticcheck 2020-05-19 16:50:14 -04:00
denylist.go Replace whitelist/blacklist terminology with allowlist/denylist (#7971) 2020-05-29 14:19:16 -04:00
denylist_test.go Replace whitelist/blacklist terminology with allowlist/denylist (#7971) 2020-05-29 14:19:16 -04:00
discovery_chain_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
discovery_chain_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
dns.go dns: remove goto INVALID and a naked return 2020-10-21 15:16:03 -04:00
dns_oss.go Update gateway-services-nodes API endpoint to allow multiple addresses 2020-06-24 16:35:23 -05:00
dns_test.go test: update tags for database service registrations and queries (#8693) 2020-09-16 14:05:01 -04:00
enterprise_delegate_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
event_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
event_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
federation_state_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
health_endpoint.go health: change the name of UseStreamingBackend config 2020-10-23 17:47:01 -04:00
health_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
http.go agent: protect the ui metrics proxy endpoint behind ACLs (#9099) 2020-11-04 12:50:03 -06:00
http_decode_test.go Fix GRPCUseTLS flag HTTP API mapping 2020-09-29 18:29:56 +03:00
http_oss.go uiserver: upstream refactors done elsewhere (#8891) 2020-10-09 08:32:39 -05:00
http_oss_test.go agent/http: un-embed the HTTPServer 2020-07-02 17:21:12 -04:00
http_register.go Add /v1/internal/ui/metrics-proxy API endpoint that proxies to a configured metrics provider backend. 2020-10-08 17:32:29 +01:00
http_test.go Refactor uiserver to separate package, cleaner Reloading 2020-10-01 11:32:25 +01:00
intentions_endpoint.go agent: allow the /v1/connect/intentions/match endpoint to use the agent cache (#8875) 2020-10-08 14:51:53 -05:00
intentions_endpoint_oss_test.go connect: various changes to make namespaces for intentions work more like for other subsystems (#8194) 2020-06-26 16:59:15 -05:00
intentions_endpoint_test.go agent: allow the /v1/connect/intentions/match endpoint to use the agent cache (#8875) 2020-10-08 14:51:53 -05:00
keyring.go agent: Move setupKeyring functions to keyring.go 2020-08-13 11:58:21 -04:00
keyring_test.go testing: Remove all the defer os.Removeall 2020-08-14 19:58:53 -04:00
kvs_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
kvs_endpoint_test.go Fix a number of problems found by staticcheck 2020-05-19 16:50:14 -04:00
nodeid.go Remove check that hostID is a uuid. 2020-08-12 13:05:10 -04:00
nodeid_test.go testing: Remove all the defer os.Removeall 2020-08-14 19:58:53 -04:00
notify.go
notify_test.go
operator_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
operator_endpoint_test.go thread local-only through the layers 2020-08-11 13:41:53 +02:00
prepared_query_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
prepared_query_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
reload.go Refactor uiserver to separate package, cleaner Reloading 2020-10-01 11:32:25 +01:00
remote_exec.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
remote_exec_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
retry_join.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
retry_join_test.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
service_checks_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
service_manager.go agent: when enable_central_service_config is enabled ensure agent reload doesn't revert check state to critical (#8747) 2020-09-24 16:24:04 -05:00
service_manager_test.go agent: enable enable_central_service_config by default (#8746) 2020-10-01 09:19:14 -05:00
session_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
session_endpoint_test.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
setup.go Merge pull request #9026 from hashicorp/dnephin/streaming-without-cache-query-param 2020-10-28 12:33:25 -04:00
sidecar_service.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
sidecar_service_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
signal_unix.go
signal_windows.go
snapshot_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
snapshot_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
status_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
status_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
testagent.go Refactor uiserver to separate package, cleaner Reloading 2020-10-01 11:32:25 +01:00
testagent_test.go config: Make Source an interface 2020-08-10 12:46:28 -04:00
translate_addr.go Add the v1/catalog/node-services/:node endpoint (#7115) 2020-01-24 09:27:25 -05:00
txn_endpoint.go api: rename HTTPServer to HTTPHandlers 2020-09-18 17:38:23 -04:00
txn_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
ui_endpoint.go agent: protect the ui metrics proxy endpoint behind ACLs (#9099) 2020-11-04 12:50:03 -06:00
ui_endpoint_oss_test.go agent: protect the ui metrics proxy endpoint behind ACLs (#9099) 2020-11-04 12:50:03 -06:00
ui_endpoint_test.go agent: introduce path allow list for requests going through the metrics proxy (#9059) 2020-10-30 16:49:54 -05:00
user_event.go subscribe: Add steps to rpc/subscribe tests 2020-10-08 15:38:01 -04:00
user_event_test.go test: update tags for database service registrations and queries (#8693) 2020-09-16 14:05:01 -04:00
util.go agent: ensure that we always use the same settings for msgpack (#7245) 2020-02-07 15:50:24 -06:00
util_test.go testing: use t.Cleanup in testutil.TempFile 2020-08-14 20:06:01 -04:00
watch_handler.go watch: Allow args from different types 2020-07-10 17:18:32 -04:00
watch_handler_test.go watch: Allow args from different types 2020-07-10 17:18:32 -04:00