status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/api
History
Michael Zalimeni d9206fc7e2
[NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816) 
mesh: add options for HTTP incoming request normalization

Expose global mesh configuration to enforce inbound HTTP request
normalization on mesh traffic via Envoy xDS config.

mesh: enable inbound URL path normalization by default

mesh: add support for L7 header match contains and ignore_case

Enable partial string and case-insensitive matching in L7 intentions
header match rules.

ui: support L7 header match contains and ignore_case

Co-authored-by: Phil Renaud <phil@riotindustries.com>

test: add request normalization integration bats tests

Add both "positive" and "negative" test suites, showing normalization in
action as well as expected results when it is not enabled, for the same
set of test cases.

Also add some alternative service container test helpers for verifying
raw HTTP request paths, which is difficult to do with Fortio.

docs: update security and reference docs for L7 intentions bypass prevention

- Update security docs with best practices for service intentions
  configuration
- Update configuration entry references for mesh and intentions to
  reflect new values and add guidance on usage
 		2024-10-16 12:23:33 -04:00
..
watch watch: support -filter for consul watch: checks, services, nodes, service (#17780) 2023-06-23 12:00:46 -04:00
.copywrite.hcl [DO NOT MERGE UNTIL EOY] update year in LICENSE and copywrite files (#19780) 2024-01-02 08:41:12 -08:00
.golangci.yml ci: Use golangci-lint for linting 2020-03-17 13:43:40 -04:00
LICENSE [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
README.md Update the README for the Consul API (#15936) 2023-01-06 21:10:56 +00:00
acl.go remove v2 tenancy, catalog, and mesh (#21592) 2024-09-05 08:50:46 -06:00
acl_test.go Add support for querying tokens by service name. (#18667) 2023-09-06 10:52:45 -05:00
agent.go api: add `CheckRegisterOpts` method to Agent API (#18943) 2023-09-25 08:25:02 -07:00
agent_test.go [CC-7044] Start HCP manager as part of link creation (#20312) 2024-01-29 16:31:44 -06:00
api.go security: resolve incorrect type conversions (#21251) 2024-06-04 21:55:53 +00:00
api_test.go [NET-4968] Upgrade Go to 1.21 (#20062) 2024-01-12 09:57:38 -05:00
catalog.go api: ensure empty locality field is not transmitted to Consul (#17137) 2023-04-26 10:01:17 -05:00
catalog_test.go NET-4135 - Fix NodeMeta filtering Catalog List Services API (#18322) 2023-10-08 12:48:31 +00:00
ce_test.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
config_entry.go [NET-8091] Add file-system-certificate config entry for API gateway (#20873) 2024-04-15 16:45:05 -04:00
config_entry_discoverychain.go Case sensitive route match (#19647) 2024-01-22 09:23:24 -06:00
config_entry_discoverychain_test.go Case sensitive route match (#19647) 2024-01-22 09:23:24 -06:00
config_entry_exports.go NET-5824 Exported services api (#20015) 2024-01-23 10:06:59 +05:30
config_entry_exports_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_file_system_certificate.go [NET-8091] Add file-system-certificate config entry for API gateway (#20873) 2024-04-15 16:45:05 -04:00
config_entry_gateways.go NET-6821 Disable Terminating Gateway Auto Host Header Rewrite (#20802) 2024-03-12 15:37:20 -05:00
config_entry_gateways_test.go OSS -> CE (community edition) changes (#18517) 2023-08-22 09:46:03 -05:00
config_entry_inline_certificate.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_inline_certificate_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_intentions.go [NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816) 2024-10-16 12:23:33 -04:00
config_entry_intentions_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
config_entry_jwt_provider.go Expose JWKS cluster config through JWTProviderConfigEntry (#17978) 2023-07-04 09:12:06 -04:00
config_entry_jwt_provider_test.go Expose JWKS cluster config through JWTProviderConfigEntry (#17978) 2023-07-04 09:12:06 -04:00
config_entry_mesh.go [NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816) 2024-10-16 12:23:33 -04:00
config_entry_rate_limit_ip.go fix: allow snake case keys for ip based rate limit config entry (#19277) 2023-10-19 10:54:00 -04:00
config_entry_routes.go NET-6294 - v1 Agentless proxycfg datasource errors after v2 changes (#19365) 2023-10-27 14:06:38 -06:00
config_entry_routes_test.go Relplat 897 copywrite bot workarounds (#19200) 2023-10-16 08:53:31 -07:00
config_entry_sameness_group.go Fix a bug with disco chain config entry fetching (#17078) 2023-04-21 09:18:32 -04:00
config_entry_status.go Add the plumbing for APIGW JWT work (#18609) 2023-08-31 12:23:59 -04:00
config_entry_status_test.go Relplat 897 copywrite bot workarounds (#19200) 2023-10-16 08:53:31 -07:00
config_entry_test.go NET-5912/service-defaults protocol validation (#21593) 2024-08-26 11:10:57 -04:00
connect.go Rename hcp-metrics-collector to consul-telemetry-collector (#17327) 2023-05-16 14:36:05 -04:00
connect_ca.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
connect_ca_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
connect_intention.go Add sameness groups to service intentions. (#17064) 2023-04-20 12:16:04 -04:00
connect_intention_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
coordinate.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
coordinate_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
debug.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
debug_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
discovery_chain.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
discovery_chain_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
event.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
event_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
exported_services.go NET-5824 Exported services api (#20015) 2024-01-23 10:06:59 +05:30
go.mod api: remove dependency on proto-public, protobuf, and grpc (#21780) 2024-09-23 15:14:39 -05:00
go.sum api: remove dependency on proto-public, protobuf, and grpc (#21780) 2024-09-23 15:14:39 -05:00
health.go Add TCP+TLS Healthchecks (#18381) 2023-09-05 13:34:44 -07:00
health_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
internal.go Relplat 897 copywrite bot workarounds (#19200) 2023-10-16 08:53:31 -07:00
internal_test.go Relplat 897 copywrite bot workarounds (#19200) 2023-10-16 08:53:31 -07:00
kv.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
kv_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
lock.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
lock_test.go Retry lint fixes (#19151) 2023-12-06 12:11:32 -05:00
mock_api_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
namespace.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
namespace_test.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
operator.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_area.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_audit.go Relplat 897 copywrite bot workarounds (#19200) 2023-10-16 08:53:31 -07:00
operator_autopilot.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_autopilot_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_keyring.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_keyring_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_license.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_raft.go consul operator raft transfer-leader should send the id (#17107) 2023-09-15 14:38:59 -04:00
operator_raft_test.go consul operator raft transfer-leader should send the id (#17107) 2023-09-15 14:38:59 -04:00
operator_segment.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
operator_usage.go feat: include nodes count in operator usage endpoint and cli command (#17939) 2023-07-05 11:23:29 -04:00
operator_usage_test.go [API Gateway] Fix rate limiting for API gateways (#17631) 2023-06-09 08:22:32 -04:00
partition.go Update API and API Docs regarding disabling gossip for a partition. (#20669) 2024-02-26 12:14:39 -05:00
peering.go api: ensure empty locality field is not transmitted to Consul (#17137) 2023-04-26 10:01:17 -05:00
peering_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
prepared_query.go add peering_commontopo tests [NET-3700] (#17951) 2023-07-18 16:41:30 -07:00
prepared_query_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
raw.go add raw delete api method (#20737) 2024-03-05 08:52:55 -06:00
raw_test.go api: remove dependency on proto-public, protobuf, and grpc (#21780) 2024-09-23 15:14:39 -05:00
semaphore.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
semaphore_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
session.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
session_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
snapshot.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
snapshot_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
status.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
status_test.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
txn.go Add copyright headers for acl, api and bench folders (#16706) 2023-03-28 16:12:41 -04:00
txn_test.go Displays Consul version of each nodes in UI nodes section (#17754) 2023-07-12 13:34:39 -06:00

README.md

Consul API Client

This package provides the api package which provides programmatic access to the full Consul API.

The full documentation is available on Godoc.

Usage

Below is an example of using the Consul client. To run the example, you must first install Consul and Go.

To run the client API, create a new Go module.

go mod init consul-demo

Copy the example code into a file called main.go in the directory where the module is defined. As seen in the example, the Consul API is often imported with the alias capi.

package main

import (
	"fmt"

	capi "github.com/hashicorp/consul/api"
)

func main() {
	// Get a new client
	client, err := capi.NewClient(capi.DefaultConfig())
	if err != nil {
		panic(err)
	}

	// Get a handle to the KV API
	kv := client.KV()

	// PUT a new KV pair
	p := &capi.KVPair{Key: "REDIS_MAXCLIENTS", Value: []byte("1000")}
	_, err = kv.Put(p, nil)
	if err != nil {
		panic(err)
	}

	// Lookup the pair
	pair, _, err := kv.Get("REDIS_MAXCLIENTS", nil)
	if err != nil {
		panic(err)
	}
	fmt.Printf("KV: %v %s\n", pair.Key, pair.Value)
}

Install the Consul API dependency with go mod tidy.

In a separate terminal window, start a local Consul server.

consul agent -dev -node machine

Run the example.

go run .

You should get the following result printed to the terminal.

KV: REDIS_MAXCLIENTS 1000

After running the code, you can also view the values in the Consul UI on your local machine at http://localhost:8500/ui/dc1/kv