consul/agent/consul
Matt Keeler 3c4413cbed ACL Node Identities (#7970)
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
2020-06-16 16:55:01 +00:00
..
authmethod Replace whitelist/blacklist terminology with allowlist/denylist (#7971) 2020-06-01 10:40:14 -05:00
autopilot Merge pull request #7894 from hashicorp/dnephin/add-linter-staticcheck-1 2020-05-21 17:01:15 +00:00
discoverychain Construct a default destination if one does not exist for service-router (#7783) 2020-05-05 10:49:50 -05:00
fsm Tokens converted from legacy ACLs get their Hash computed (#8047) (#8054) 2020-06-08 23:36:55 +02:00
prepared_query Merge pull request #7894 from hashicorp/dnephin/add-linter-staticcheck-1 2020-05-21 17:01:15 +00:00
state ACL Node Identities (#7970) 2020-06-16 16:55:01 +00:00
testdata Fix support for RSA CA keys in Connect. (#6638) 2019-11-01 13:20:26 +00:00
wanfed wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
acl.go ACL Node Identities (#7970) 2020-06-16 16:55:01 +00:00
acl_authmethod.go ACL Node Identities (#7970) 2020-06-16 16:55:01 +00:00
acl_authmethod_oss.go acl: add auth method for JWTs (#7846) 2020-05-11 20:59:29 -05:00
acl_authmethod_test.go acl: refactor the authmethod.Validator interface (#7760) 2020-05-01 17:35:28 -05:00
acl_client.go Fix identity resolution on clients and in secondary dcs (#7862) 2020-05-13 13:00:08 -04:00
acl_endpoint.go ACL Node Identities (#7970) 2020-06-16 16:55:01 +00:00
acl_endpoint_legacy.go Some boilerplate to allow for ACL Bootstrap disabling configurability 2020-04-28 09:42:46 -04:00
acl_endpoint_oss.go acl: add auth method for JWTs (#7846) 2020-05-11 20:59:29 -05:00
acl_endpoint_test.go ACL Node Identities (#7970) 2020-06-16 16:55:01 +00:00
acl_oss.go Allow the PolicyResolve and RoleResolve endpoints to process na… (#7296) 2020-02-13 14:55:27 -05:00
acl_oss_test.go Update the ACL Resolver to allow for Consul Enterprise specific hooks. (#6687) 2019-10-25 11:06:16 -04:00
acl_replication.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
acl_replication_legacy.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
acl_replication_legacy_test.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_replication_test.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_replication_types.go AuthMethod updates to support alternate namespace logins (#7029) 2020-01-14 10:09:29 -05:00
acl_server.go Fix identity resolution on clients and in secondary dcs (#7862) 2020-05-13 13:00:08 -04:00
acl_server_oss.go Allow the bootstrap endpoint to be disabled in enterprise. (#7614) 2020-04-14 11:45:39 -04:00
acl_test.go ACL Node Identities (#7970) 2020-06-16 16:55:01 +00:00
acl_token_exp.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
acl_token_exp_test.go acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
auto_encrypt.go Merge pull request #7966 from hashicorp/pool_improvements 2020-06-05 19:03:24 +00:00
auto_encrypt_endpoint.go auto_encrypt: check previously ignored error (#6604) 2020-02-03 10:35:11 +01:00
auto_encrypt_endpoint_test.go auto_encrypt: set dns and ip san for k8s and provide configuration (#6944) 2020-01-17 23:25:26 +01:00
auto_encrypt_test.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
autopilot.go Remove failed nodes from serfWAN (#6028) 2019-06-28 12:40:07 -05:00
autopilot_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
autopilot_test.go Fix flaky TestAutopilot_BootstrapExpect (#7242) 2020-02-10 14:52:58 -06:00
catalog_endpoint.go Merge pull request #8099 from hashicorp/gateway-services-endpoint 2020-06-12 21:15:25 +00:00
catalog_endpoint_test.go Merge pull request #8099 from hashicorp/gateway-services-endpoint 2020-06-12 21:15:25 +00:00
client.go Merge pull request #7966 from hashicorp/pool_improvements 2020-06-05 19:03:24 +00:00
client_serf.go agent: differentiate wan vs lan loggers in memberlist and serf (#7205) 2020-02-05 09:52:43 -06:00
client_test.go Merge pull request #7966 from hashicorp/pool_improvements 2020-06-05 19:03:24 +00:00
cluster_test.go A couple testing helper updates (#7694) 2020-04-27 12:17:38 -04:00
config.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
config_endpoint.go connect: ensure proxy-defaults protocol is used for upstreams (#7938) 2020-05-21 21:09:51 +00:00
config_endpoint_test.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
config_replication.go various tweaks on top of the hclog work (#7165) 2020-01-29 11:16:08 -06:00
config_replication_test.go Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 10:04:58 -05:00
connect_ca_endpoint.go Replace whitelist/blacklist terminology with allowlist/denylist (#7971) 2020-06-01 10:40:14 -05:00
connect_ca_endpoint_test.go Support Connect CAs that can't cross sign (#6726) 2019-11-11 21:36:22 +00:00
consul_ca_delegate.go connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011) 2020-01-09 16:32:19 +01:00
coordinate_endpoint.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
coordinate_endpoint_test.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
discovery_chain_endpoint.go Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 10:04:58 -05:00
discovery_chain_endpoint_test.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
enterprise_client_oss.go Sync some feature flag support from enterprise (#7167) 2020-01-29 13:21:38 -05:00
enterprise_config_oss.go Add EnterpriseConfig stubs (#6566) 2019-10-01 14:34:55 -04:00
enterprise_server_oss.go Fix ACL mode advertisement and detection (#7451) 2020-03-16 12:54:45 -04:00
federation_state_endpoint.go server: don't activate federation state replication or anti-entropy until all servers are running 1.8.0+ (#8014) 2020-06-04 21:05:49 +00:00
federation_state_endpoint_test.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
federation_state_replication.go server: don't activate federation state replication or anti-entropy until all servers are running 1.8.0+ (#8014) 2020-06-04 21:05:49 +00:00
federation_state_replication_test.go fix flaky TestReplication_FederationStates test due to race conditions (#7612) 2020-04-09 15:42:41 -05:00
filter.go Updates to the Txn API for namespaces (#7172) 2020-01-30 13:12:26 -05:00
filter_test.go OSS KV Modifications to Support Namespaces 2019-11-25 12:57:35 -05:00
flood.go agent: refactor to use a single addrFn 2020-05-05 21:08:10 +02:00
gateway_locator.go create lib/stringslice package (#7934) 2020-05-27 16:48:01 +00:00
gateway_locator_test.go agent: handle re-bootstrapping in a secondary datacenter when WAN federation via mesh gateways is configured (#7931) 2020-05-27 16:32:22 +00:00
health_endpoint.go Ingress Gateways for TCP services (#7509) 2020-04-16 14:00:48 -07:00
health_endpoint_test.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
helper_test.go A couple testing helper updates (#7694) 2020-04-27 12:17:38 -04:00
intention_endpoint.go Enable filtering language support for the v1/connect/intentions… (#7593) 2020-04-07 11:48:44 -04:00
intention_endpoint_test.go ACL Node Identities (#7970) 2020-06-16 16:55:01 +00:00
internal_endpoint.go Merge pull request #8099 from hashicorp/gateway-services-endpoint 2020-06-12 21:15:25 +00:00
internal_endpoint_test.go Merge pull request #8099 from hashicorp/gateway-services-endpoint 2020-06-12 21:15:25 +00:00
issue_test.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
kvs_endpoint.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
kvs_endpoint_test.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
leader.go ACL Node Identities (#7970) 2020-06-16 16:55:01 +00:00
leader_connect.go Ensure server requirements checks are done against ALL known se… (#7491) 2020-03-27 12:31:43 -04:00
leader_connect_test.go connect: add validations around intermediate cert ttl (#7213) 2020-02-11 00:05:49 +01:00
leader_federation_state_ae.go server: don't activate federation state replication or anti-entropy until all servers are running 1.8.0+ (#8014) 2020-06-04 21:05:49 +00:00
leader_federation_state_ae_test.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
leader_routine_manager.go Merge pull request #7894 from hashicorp/dnephin/add-linter-staticcheck-1 2020-05-21 17:01:15 +00:00
leader_routine_manager_test.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
leader_test.go ACL Node Identities (#7970) 2020-06-16 16:55:01 +00:00
logging.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
logging_test.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
merge.go agent: don't let left nodes hold onto their node-id (#7747) 2020-05-04 18:39:08 +02:00
merge_test.go Skips unique node ID check for old versions of Consul. 2017-09-05 22:57:29 -07:00
operator_autopilot_endpoint.go Add managed service provider token (#7218) 2020-02-04 13:58:56 -07:00
operator_autopilot_endpoint_test.go Set MinQuorum variable in Autopilot (#6654) 2019-10-29 09:04:41 -05:00
operator_endpoint.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
operator_raft_endpoint.go Add managed service provider token (#7218) 2020-02-04 13:58:56 -07:00
operator_raft_endpoint_test.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
prepared_query_endpoint.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
prepared_query_endpoint_test.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
raft_rpc.go agent: move conn pool for muxed connections into separate pkg 2017-06-21 05:42:39 +02:00
replication.go server: don't activate federation state replication or anti-entropy until all servers are running 1.8.0+ (#8014) 2020-06-04 21:05:49 +00:00
replication_test.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
rpc.go Merge pull request #7966 from hashicorp/pool_improvements 2020-06-05 19:03:24 +00:00
rpc_test.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
rtt.go Added Coordinate.Node rpc endpoint and client api method 2017-10-26 19:16:40 -07:00
rtt_test.go Fix more unstable tests in agent and command 2018-09-12 14:49:27 +01:00
segment_oss.go Fix spelling of deregister (#7804) 2020-05-08 10:03:45 -04:00
serf_test.go pkg refactor 2017-06-10 18:52:45 +02:00
server.go Merge pull request #7966 from hashicorp/pool_improvements 2020-06-05 19:03:24 +00:00
server_lookup.go Fix ACL mode advertisement and detection (#7451) 2020-03-16 12:54:45 -04:00
server_lookup_test.go More cleanup from code review 2017-08-30 12:31:36 -05:00
server_oss.go Merge pull request #8099 from hashicorp/gateway-services-endpoint 2020-06-12 21:15:25 +00:00
server_serf.go Merge pull request #7966 from hashicorp/pool_improvements 2020-06-05 19:03:24 +00:00
server_test.go ACL Node Identities (#7970) 2020-06-16 16:55:01 +00:00
session_endpoint.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
session_endpoint_test.go acl: remove the deprecated `acl_enforce_version_8` option (#7991) 2020-06-01 10:40:22 -05:00
session_timers.go address review comments 2017-07-07 09:22:34 +02:00
session_timers_test.go rpc: refactor sessionTimers and fix racy tests 2017-07-07 09:22:34 +02:00
session_ttl.go agent: add server raft.{last,applied}_index gauges (#6694) 2020-02-11 10:50:18 +01:00
session_ttl_test.go OSS Modifications necessary for sessions namespacing 2019-11-25 12:07:04 -05:00
snapshot_endpoint.go Merge pull request #7966 from hashicorp/pool_improvements 2020-06-05 19:03:24 +00:00
snapshot_endpoint_test.go Merge pull request #7966 from hashicorp/pool_improvements 2020-06-05 19:03:24 +00:00
stats_fetcher.go Merge pull request #7966 from hashicorp/pool_improvements 2020-06-05 19:03:24 +00:00
stats_fetcher_test.go ci: Add staticcheck and fix most errors 2020-06-01 10:40:04 -05:00
status_endpoint.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
status_endpoint_test.go Merge pull request #7966 from hashicorp/pool_improvements 2020-06-05 19:03:24 +00:00
txn_endpoint.go Updates to the Txn API for namespaces (#7172) 2020-01-30 13:12:26 -05:00
txn_endpoint_test.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
util.go acl: refactor the authmethod.Validator interface (#7760) 2020-05-01 17:35:28 -05:00
util_test.go ci: Add staticcheck and fix most errors 2020-06-01 10:40:04 -05:00