status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/agent
History
R.B. Boyer e3cd4a8539
connect: use stronger validation that ingress gateways have compatible protocols defined for their upstreams (#8470) 
Fixes #8466

Since Consul 1.8.0 there was a bug in how ingress gateway protocol
compatibility was enforced. At the point in time that an ingress-gateway
config entry was modified the discovery chain for each upstream was
checked to ensure the ingress gateway protocol matched. Unfortunately
future modifications of other config entries were not validated against
existing ingress-gateway definitions, such as:

1. create tcp ingress-gateway pointing to 'api' (ok)
2. create service-defaults for 'api' setting protocol=http (worked, but not ok)
3. create service-splitter or service-router for 'api' (worked, but caused an agent panic)

If you were to do these in a different order, it would fail without a
crash:

1. create service-defaults for 'api' setting protocol=http (ok)
2. create service-splitter or service-router for 'api' (ok)
3. create tcp ingress-gateway pointing to 'api' (fail with message about
   protocol mismatch)

This PR introduces the missing validation. The two new behaviors are:

1. create tcp ingress-gateway pointing to 'api' (ok)
2. (NEW) create service-defaults for 'api' setting protocol=http ("ok" for back compat)
3. (NEW) create service-splitter or service-router for 'api' (fail with
   message about protocol mismatch)

In consideration for any existing users that may be inadvertently be
falling into item (2) above, that is now officiall a valid configuration
to be in. For anyone falling into item (3) above while you cannot use
the API to manufacture that scenario anymore, anyone that has old (now
bad) data will still be able to have the agent use them just enough to
generate a new agent/proxycfg error message rather than a panic.
Unfortunately we just don't have enough information to properly fix the
config entries.
 		2020-08-12 11:19:20 -05:00
..
ae testutil: NewLogBuffer - buffer logs until a test fails 2020-07-21 12:50:40 -04:00
auto-config auto-config: Avoid the marshal/unmarshal cycle in auto-config 2020-08-10 20:07:52 -04:00
cache agent/cache test for cache throttling. (#8396) 2020-07-30 14:41:13 +02:00
cache-types Return nil value on error. 2020-08-05 13:10:17 -04:00
cert-monitor Ensure certificates retrieved through the cache get persisted with auto-config (#8409) 2020-07-30 11:37:18 -04:00
checks testutil: NewLogBuffer - buffer logs until a test fails 2020-07-21 12:50:40 -04:00
config auto-config: Avoid the marshal/unmarshal cycle in auto-config 2020-08-10 20:07:52 -04:00
connect Fix issue with changing the agent token causing failure to renew the auto-encrypt certificate 2020-07-21 12:19:25 -04:00
consul connect: use stronger validation that ingress gateways have compatible protocols defined for their upstreams (#8470) 2020-08-12 11:19:20 -05:00
debug fix comment typos (#4890) 2018-11-02 12:00:39 -05:00
exec fix go vet issue 2017-10-25 19:30:35 +02:00
local Notify alias checks when aliased service is [de]registered (#8456) 2020-08-12 09:47:41 -06:00
metadata ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
mock checks: when a service does not exists in an alias, consider it failing (#7384) 2020-06-04 14:50:52 +02:00
pool Pass a logger to ConnPool and yamux, instead of an io.Writer 2020-08-05 13:25:08 -04:00
proxycfg Default Cache rate limiting options in New 2020-07-28 12:34:35 -04:00
router Refactor keyring ops: 2020-08-11 13:42:03 +02:00
routine-leak-checker Add a test for go routine leaks 2020-06-24 17:09:50 -04:00
structs connect: use stronger validation that ingress gateways have compatible protocols defined for their upstreams (#8470) 2020-08-12 11:19:20 -05:00
systemd agent: notify systemd after JoinLAN (#2121) 2017-06-21 06:43:55 +02:00
token Add ability for notifications when one of the agent tokens is updated (#8301) 2020-07-14 09:53:55 -04:00
xds connect: use stronger validation that ingress gateways have compatible protocols defined for their upstreams (#8470) 2020-08-12 11:19:20 -05:00
acl.go Remove ACLsEnabled from delegate interface 2020-07-03 17:00:20 -04:00
acl_endpoint.go Remove ACLsEnabled from delegate interface 2020-07-03 17:00:20 -04:00
acl_endpoint_legacy.go Use encoding/json as JSON decoder instead of mapstructure (#6680) 2019-10-29 11:13:36 -07:00
acl_endpoint_legacy_test.go ci: Add staticcheck and fix most errors 2020-05-28 11:59:58 -04:00
acl_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
acl_test.go Remove LogOutput from Agent 2020-08-05 14:00:44 -04:00
agent.go config: Make Source an interface 2020-08-10 12:46:28 -04:00
agent_endpoint.go Fix a bunch of unparam lint issues 2020-06-24 13:00:14 -04:00
agent_endpoint_test.go config: Make Source an interface 2020-08-10 12:46:28 -04:00
agent_oss.go Some boilerplate to allow for ACL Bootstrap disabling configurability 2020-04-28 09:42:46 -04:00
agent_test.go config: Make Source an interface 2020-08-10 12:46:28 -04:00
bindata_assetfs.go changelog: Update for 1.8.2, 1.7.6, 1.7.5 and 1.6.7 (#8462) 2020-08-07 18:58:09 -04:00
catalog_endpoint.go Make the Agent Cache more Context aware (#8092) 2020-06-15 11:01:25 -04:00
catalog_endpoint_test.go Add api mod support for /catalog/gateway-services (#8278) 2020-07-10 13:01:45 -06:00
check.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
config_endpoint.go Add connect expose CLI command 2020-06-05 14:54:29 -07:00
config_endpoint_test.go Expect default enterprise metadata in gateway tests (#7664) 2020-04-20 09:02:35 -05:00
connect_auth.go Make the Agent Cache more Context aware (#8092) 2020-06-15 11:01:25 -04:00
connect_ca_endpoint.go connect: Add AWS PCA provider (#6795) 2019-11-21 17:40:29 +00:00
connect_ca_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
coordinate_endpoint.go Use encoding/json as JSON decoder instead of mapstructure (#6680) 2019-10-29 11:13:36 -07:00
coordinate_endpoint_test.go Fix a number of problems found by staticcheck 2020-05-19 16:50:14 -04:00
denylist.go Replace whitelist/blacklist terminology with allowlist/denylist (#7971) 2020-05-29 14:19:16 -04:00
denylist_test.go Replace whitelist/blacklist terminology with allowlist/denylist (#7971) 2020-05-29 14:19:16 -04:00
discovery_chain_endpoint.go Make the Agent Cache more Context aware (#8092) 2020-06-15 11:01:25 -04:00
discovery_chain_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
dns.go DNS: add IsErrQueryNotFound function for easier error evaluation 2020-07-01 03:41:44 +01:00
dns_oss.go Update gateway-services-nodes API endpoint to allow multiple addresses 2020-06-24 16:35:23 -05:00
dns_test.go DNS: add test to verify NXDOMAIN is returned when a non-existent domain is queried over RPC 2020-07-01 01:51:16 +01:00
enterprise_delegate_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
event_endpoint.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
event_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
federation_state_endpoint.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
health_endpoint.go Make the Agent Cache more Context aware (#8092) 2020-06-15 11:01:25 -04:00
health_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
http.go Merge pull request #8231 from hashicorp/dnephin/unembed-HTTPServer-Server 2020-07-09 17:42:33 -04:00
http_decode_test.go Fix a bunch of unparam lint issues 2020-06-24 13:00:14 -04:00
http_oss.go connect: various changes to make namespaces for intentions work more like for other subsystems (#8194) 2020-06-26 16:59:15 -05:00
http_oss_test.go agent/http: un-embed the HTTPServer 2020-07-02 17:21:12 -04:00
http_register.go Internal endpoint to query intentions associated with a gateway (#8400) 2020-08-11 17:20:41 -06:00
http_test.go agent/http: Update TestSetupHTTPServer_HTTP2 2020-07-09 16:42:19 -04:00
intentions_endpoint.go connect: various changes to make namespaces for intentions work more like for other subsystems (#8194) 2020-06-26 16:59:15 -05:00
intentions_endpoint_oss_test.go connect: various changes to make namespaces for intentions work more like for other subsystems (#8194) 2020-06-26 16:59:15 -05:00
intentions_endpoint_test.go connect: various changes to make namespaces for intentions work more like for other subsystems (#8194) 2020-06-26 16:59:15 -05:00
keyring.go thread local-only through the layers 2020-08-11 13:41:53 +02:00
keyring_test.go thread local-only through the layers 2020-08-11 13:41:53 +02:00
kvs_endpoint.go docs: add docs for kv_max_value_size (#7405) 2020-03-09 11:13:40 +01:00
kvs_endpoint_test.go Fix a number of problems found by staticcheck 2020-05-19 16:50:14 -04:00
notify.go Fixes memory leak when blocking on /event/list (#4482) 2018-08-02 14:54:48 +01:00
notify_test.go Fixes memory leak when blocking on /event/list (#4482) 2018-08-02 14:54:48 +01:00
operator_endpoint.go thread local-only through the layers 2020-08-11 13:41:53 +02:00
operator_endpoint_test.go thread local-only through the layers 2020-08-11 13:41:53 +02:00
prepared_query_endpoint.go DNS: add IsErrQueryNotFound function for easier error evaluation 2020-07-01 03:41:44 +01:00
prepared_query_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
remote_exec.go Allow users to configure either unstructured or JSON logging (#7130) 2020-01-28 17:50:41 -06:00
remote_exec_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
retry_join.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
retry_join_test.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
service_checks_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
service_manager.go agent/service_manager: remove 'updateCh' field from serviceConfigWatch 2020-06-16 12:15:57 -04:00
service_manager_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
session_endpoint.go Fix session backwards incompatibility with 1.6.x and earlier. 2020-03-05 15:34:55 -05:00
session_endpoint_test.go ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
sidecar_service.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
sidecar_service_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
signal_unix.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
signal_windows.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
snapshot_endpoint.go Remove SnapshotRPC passthrough 2020-04-13 12:32:57 -04:00
snapshot_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
status_endpoint.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
status_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
testagent.go config: Make Source an interface 2020-08-10 12:46:28 -04:00
testagent_test.go config: Make Source an interface 2020-08-10 12:46:28 -04:00
translate_addr.go Add the v1/catalog/node-services/:node endpoint (#7115) 2020-01-24 09:27:25 -05:00
txn_endpoint.go docs: add docs for kv_max_value_size (#7405) 2020-03-09 11:13:40 +01:00
txn_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
ui_endpoint.go Internal endpoint to query intentions associated with a gateway (#8400) 2020-08-11 17:20:41 -06:00
ui_endpoint_test.go Internal endpoint to query intentions associated with a gateway (#8400) 2020-08-11 17:20:41 -06:00
user_event.go agent: ensure that we always use the same settings for msgpack (#7245) 2020-02-07 15:50:24 -06:00
user_event_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
util.go agent: ensure that we always use the same settings for msgpack (#7245) 2020-02-07 15:50:24 -06:00
util_test.go ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
watch_handler.go watch: Allow args from different types 2020-07-10 17:18:32 -04:00
watch_handler_test.go watch: Allow args from different types 2020-07-10 17:18:32 -04:00