consul/agent/xds
Matt Keeler e4ea9b0a96
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675)
Main Changes:

• method signature updates everywhere to account for passing around enterprise meta.
• populate the EnterpriseAuthorizerContext for all ACL related authorizations.
• ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing.
• Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation.

Secondary Changes:

• Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies.
• Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure)
• AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise.
• Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally.
• Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token.
• Added a bunch of ACL test helpers for inserting ACL resource test data.
2019-10-24 14:38:09 -04:00
..
testdata agent: allow mesh gateways to initialize even if there are no connect services registered yet (#6576) 2019-10-17 16:46:49 -05:00
clusters.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
clusters_test.go agent: allow mesh gateways to initialize even if there are no connect services registered yet (#6576) 2019-10-17 16:46:49 -05:00
config.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
config_test.go connect: allow overriding envoy listener bind_address (#6033) 2019-07-05 16:06:47 +01:00
endpoints.go connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340) 2019-08-19 13:03:03 -05:00
endpoints_test.go agent: allow mesh gateways to initialize even if there are no connect services registered yet (#6576) 2019-10-17 16:46:49 -05:00
failover_math.go connect: fix failover through a mesh gateway to a remote datacenter (#6259) 2019-08-05 13:30:35 -05:00
failover_math_test.go connect: fix failover through a mesh gateway to a remote datacenter (#6259) 2019-08-05 13:30:35 -05:00
golden_test.go Connect: allow configuring Envoy for L7 Observability (#5558) 2019-04-29 17:27:57 +01:00
listeners.go xds: tcp services using the discovery chain should not assume RDS during LDS (#6623) 2019-10-17 16:44:59 -05:00
listeners_test.go agent: allow mesh gateways to initialize even if there are no connect services registered yet (#6576) 2019-10-17 16:46:49 -05:00
naming.go connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340) 2019-08-19 13:03:03 -05:00
response.go activate most discovery chain features in xDS for envoy (#6024) 2019-07-01 22:10:51 -05:00
routes.go connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340) 2019-08-19 13:03:03 -05:00
routes_test.go connect: introduce ExternalSNI field on service-defaults (#6324) 2019-08-19 12:19:44 -05:00
server.go ACL Authorizer overhaul (#6620) 2019-10-15 16:58:50 -04:00
server_test.go Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675) 2019-10-24 14:38:09 -04:00
testing.go Upgrade xDS (go-control-plane) API to support Envoy 1.10. (#5872) 2019-06-07 07:10:43 -05:00
xds.go Update links to envoy docs on xDS protocol (#5871) 2019-06-03 11:03:05 -05:00