luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/config/testdata/TestRuntimeConfig_Sanitize....

513 lines
14 KiB
Plaintext
Raw Normal View History

config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
{
"ACLEnableKeyListPolicy": false,
Rename `ACLMasterToken` => `ACLInitialManagementToken` (#11746)
2021-12-07 12:39:28 +00:00
"ACLInitialManagementToken": "hidden",
config: remove ACLResolver settings from RuntimeConfig
2021-08-06 22:59:05 +00:00
"ACLResolverSettings": {
"ACLDefaultPolicy": "",
"ACLDownPolicy": "",
"ACLPolicyTTL": "0s",
"ACLRoleTTL": "0s",
"ACLTokenTTL": "0s",
"ACLsEnabled": false,
"Datacenter": "",
acl: some acl authz refactors for nodes (#10909)
2021-08-25 18:43:11 +00:00
"EnterpriseMeta": {},
config: remove ACLResolver settings from RuntimeConfig
2021-08-06 22:59:05 +00:00
"NodeName": ""
},
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"ACLTokenReplication": false,
"ACLTokens": {
agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744)
2021-12-07 12:12:47 +00:00
"ACLAgentRecoveryToken": "hidden",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"ACLAgentToken": "hidden",
Adding experimental support for a more efficient LogStore implementation (#16176) * Adding experimental support for a more efficient LogStore implementation * Adding changelog entry * Fix go mod tidy issues
2023-02-08 16:50:22 +00:00
"ACLConfigFileRegistrationToken": "hidden",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"ACLDefaultToken": "hidden",
"ACLReplicationToken": "hidden",
"DataDir": "",
"EnablePersistence": false,
"EnterpriseConfig": {}
},
"ACLsEnabled": false,
"AEInterval": "0s",
"AdvertiseAddrLAN": "",
"AdvertiseAddrWAN": "",
"AdvertiseReconnectTimeout": "0s",
"AllowWriteHTTPFrom": [
"127.0.0.0/8",
"::1/128"
],
"AutoConfig": {
"Authorizer": {
"AllowReuse": false,
"AuthMethod": {
"ACLAuthMethodEnterpriseFields": {},
"Config": {},
"Description": "",
"DisplayName": "",
"EnterpriseMeta": {},
"MaxTokenTTL": "0s",
"Name": "",
"RaftIndex": {
"CreateIndex": 0,
"ModifyIndex": 0
},
"TokenLocality": "",
"Type": ""
},
"ClaimAssertions": [],
"Enabled": false
},
"DNSSANs": [],
"Enabled": false,
"IPSANs": [],
"IntroToken": "hidden",
"IntroTokenFile": "",
"ServerAddresses": []
},
"AutoEncryptAllowTLS": false,
"AutoEncryptDNSSAN": [],
"AutoEncryptIPSAN": [],
"AutoEncryptTLS": false,
auto-reload configuration when config files change (#12329) * add config watcher to the config package * add logging to watcher * add test and refactor to add WatcherEvent. * add all API calls and fix a bug with recreated files * add tests for watcher * remove the unnecessary use of context * Add debug log and a test for file rename * use inode to detect if the file is recreated/replaced and only listen to create events. * tidy ups (#1535) * tidy ups * Add tests for inode reconcile * fix linux vs windows syscall * fix linux vs windows syscall * fix windows compile error * increase timeout * use ctime ID * remove remove/creation test as it's a use case that fail in linux * fix linux/windows to use Ino/CreationTime * fix the watcher to only overwrite current file id * fix linter error * fix remove/create test * set reconcile loop to 200 Milliseconds * fix watcher to not trigger event on remove, add more tests * on a remove event try to add the file back to the watcher and trigger the handler if success * fix race condition * fix flaky test * fix race conditions * set level to info * fix when file is removed and get an event for it after * fix to trigger handler when we get a remove but re-add fail * fix error message * add tests for directory watch and fixes * detect if a file is a symlink and return an error on Add * rename Watcher to FileWatcher and remove symlink deref * add fsnotify@v1.5.1 * fix go mod * do not reset timer on errors, rename OS specific files * rename New func * events trigger on write and rename * add missing test * fix flaking tests * fix flaky test * check reconcile when removed * delete invalid file * fix test to create files with different mod time. * back date file instead of sleeping * add watching file in agent command. * fix watcher call to use new API * add configuration and stop watcher when server stop * add certs as watched files * move FileWatcher to the agent start instead of the command code * stop watcher before replacing it * save watched files in agent * add add and remove interfaces to the file watcher * fix remove to not return an error * use `Add` and `Remove` to update certs files * fix tests * close events channel on the file watcher even when the context is done * extract `NotAutoReloadableRuntimeConfig` is a separate struct * fix linter errors * add Ca configs and outgoing verify to the not auto reloadable config * add some logs and fix to use background context * add tests to auto-config reload * remove stale test * add tests to changes to config files * add check to see if old cert files still trigger updates * rename `NotAutoReloadableRuntimeConfig` to `StaticRuntimeConfig` * fix to re add both key and cert file. Add test to cover this case. * review suggestion Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * add check to static runtime config changes * fix test * add changelog file * fix review comments * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * update flag description Co-authored-by: FFMMM <FFMMM@users.noreply.github.com> * fix compilation error * add static runtime config support * fix test * fix review comments * fix log test * Update .changelog/12329.txt Co-authored-by: Dan Upton <daniel@floppy.co> * transfer tests to runtime_test.go * fix filewatcher Replace to not deadlock. * avoid having lingering locks Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * split ReloadConfig func * fix warning message Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * convert `FileWatcher` into an interface * fix compilation errors * fix tests * extract func for adding and removing files Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com> Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: FFMMM <FFMMM@users.noreply.github.com> Co-authored-by: Daniel Upton <daniel@floppy.co>
2022-03-31 19:11:49 +00:00
"AutoReloadConfig": false,
add a rate limiter to config auto-reload (#12490) * add config watcher to the config package * add logging to watcher * add test and refactor to add WatcherEvent. * add all API calls and fix a bug with recreated files * add tests for watcher * remove the unnecessary use of context * Add debug log and a test for file rename * use inode to detect if the file is recreated/replaced and only listen to create events. * tidy ups (#1535) * tidy ups * Add tests for inode reconcile * fix linux vs windows syscall * fix linux vs windows syscall * fix windows compile error * increase timeout * use ctime ID * remove remove/creation test as it's a use case that fail in linux * fix linux/windows to use Ino/CreationTime * fix the watcher to only overwrite current file id * fix linter error * fix remove/create test * set reconcile loop to 200 Milliseconds * fix watcher to not trigger event on remove, add more tests * on a remove event try to add the file back to the watcher and trigger the handler if success * fix race condition * fix flaky test * fix race conditions * set level to info * fix when file is removed and get an event for it after * fix to trigger handler when we get a remove but re-add fail * fix error message * add tests for directory watch and fixes * detect if a file is a symlink and return an error on Add * rename Watcher to FileWatcher and remove symlink deref * add fsnotify@v1.5.1 * fix go mod * do not reset timer on errors, rename OS specific files * rename New func * events trigger on write and rename * add missing test * fix flaking tests * fix flaky test * check reconcile when removed * delete invalid file * fix test to create files with different mod time. * back date file instead of sleeping * add watching file in agent command. * fix watcher call to use new API * add configuration and stop watcher when server stop * add certs as watched files * move FileWatcher to the agent start instead of the command code * stop watcher before replacing it * save watched files in agent * add add and remove interfaces to the file watcher * fix remove to not return an error * use `Add` and `Remove` to update certs files * fix tests * close events channel on the file watcher even when the context is done * extract `NotAutoReloadableRuntimeConfig` is a separate struct * fix linter errors * add Ca configs and outgoing verify to the not auto reloadable config * add some logs and fix to use background context * add tests to auto-config reload * remove stale test * add tests to changes to config files * add check to see if old cert files still trigger updates * rename `NotAutoReloadableRuntimeConfig` to `StaticRuntimeConfig` * fix to re add both key and cert file. Add test to cover this case. * review suggestion Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * add check to static runtime config changes * fix test * add changelog file * fix review comments * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * update flag description Co-authored-by: FFMMM <FFMMM@users.noreply.github.com> * fix compilation error * add static runtime config support * fix test * fix review comments * fix log test * Update .changelog/12329.txt Co-authored-by: Dan Upton <daniel@floppy.co> * transfer tests to runtime_test.go * fix filewatcher Replace to not deadlock. * avoid having lingering locks Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * split ReloadConfig func * fix warning message Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * convert `FileWatcher` into an interface * fix compilation errors * fix tests * extract func for adding and removing files * add a coalesceTimer with a very small timer * extract coaelsce Timer and add a shim for testing * add tests to coalesceTimer fix to send remaining events * set `coalesceTimer` to 1 Second * support symlink, fix a nil deref. * fix compile error * fix compile error * refactor file watcher rate limiting to be a Watcher implementation * fix linter issue * fix runtime config * fix runtime test * fix flaky tests * fix compile error * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * fix agent New to return an error if File watcher New return an error * quit timer loop if ctx is canceled * Apply suggestions from code review Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com> Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: FFMMM <FFMMM@users.noreply.github.com> Co-authored-by: Daniel Upton <daniel@floppy.co> Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-04-04 15:31:39 +00:00
"AutoReloadConfigCoalesceInterval": "0s",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"AutopilotCleanupDeadServers": false,
"AutopilotDisableUpgradeMigration": false,
"AutopilotLastContactThreshold": "0s",
"AutopilotMaxTrailingLogs": 0,
"AutopilotMinQuorum": 0,
"AutopilotRedundancyZoneTag": "",
"AutopilotServerStabilizationTime": "0s",
"AutopilotUpgradeVersionTag": "",
"BindAddr": "127.0.0.1",
"Bootstrap": false,
"BootstrapExpect": 0,
Fixup some more tests Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-02 21:26:41 +00:00
"BuildDate": "2019-11-20 05:00:00 +0000 UTC",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"Cache": {
"EntryFetchMaxBurst": 42,
cache: log a warning when Cache.Notify handles an error Without these warnings, errors are silently ignored, which can make debugging problems more challenging.
2021-02-12 17:43:36 +00:00
"EntryFetchRate": 0.334,
"Logger": null
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
},
"CheckDeregisterIntervalMin": "0s",
"CheckOutputMaxSize": 4096,
"CheckReapInterval": "0s",
"CheckUpdateInterval": "0s",
"Checks": [
{
"AliasNode": "",
"AliasService": "",
"Body": "",
"DeregisterCriticalServiceAfter": "0s",
Add a field to disable following redirects on http checks
2022-04-01 21:31:15 +00:00
"DisableRedirects": false,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"DockerContainerID": "",
"EnterpriseMeta": {},
"FailuresBeforeCritical": 0,
Revert "Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc" This reverts commit 74fb650b6b966588f8faeec26935a858af2b8bb5, reversing changes made to 58bd8173364effb98b9fd9f9b98d31dd887a9bac.
2021-09-08 15:48:41 +00:00
"FailuresBeforeWarning": 0,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"GRPC": "",
"GRPCUseTLS": false,
add http2 ping health checks (#8431) * add http2 ping checks * fix test issue * add h2ping check to config resources * add new test and docs for h2ping * fix grammatical inconsistency in H2PING documentation * resolve rebase conflicts, add test for h2ping tls verification failure * api documentation for h2ping * update test config data with H2PING * add H2PING to protocol buffers and update changelog * fix typo in changelog entry
2021-04-09 19:12:10 +00:00
"H2PING": "",
change config option to H2PingUseTLS
2021-10-05 01:36:18 +00:00
"H2PingUseTLS": false,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"HTTP": "",
"Header": {},
"ID": "",
"Interval": "0s",
"Method": "",
"Name": "zoo",
"Notes": "",
Remove the `connect.enable_serverless_plugin` agent configuration option (#15710)
2022-12-08 19:46:42 +00:00
"OSService": "",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"OutputMaxSize": 4096,
"ScriptArgs": [],
"ServiceID": "",
"Shell": "",
"Status": "",
"SuccessBeforePassing": 0,
"TCP": "",
Add support for configuring TLS ServerName for health checks Some TLS servers require SNI, but the Golang HTTP client doesn't include it in the ClientHello when connecting to an IP address. This change adds a new TLSServerName field to health check definitions to optionally set it. This fixes #9473.
2021-02-25 06:35:34 +00:00
"TLSServerName": "",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"TLSSkipVerify": false,
"TTL": "0s",
"Timeout": "0s",
UDP check for service stanza #12221 (#12722) * UDP check for service stanza #12221 * add pass status on timeout condition * delete useless files * Update check_test.go improve comment in test * fix test * fix requested changes and update TestRuntimeConfig_Sanitize.golden * add freeport to TestCheckUDPCritical * improve comment for CheckUDP struct * fix requested changes * fix requested changes * fix requested changes * add UDP to proto * add UDP to proto and add a changelog * add requested test on agent_endpoint_test.go * add test for given endpoints * fix failing tests * add documentation for udp healthcheck * regenerate proto using buf * Update website/content/api-docs/agent/check.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/api-docs/agent/check.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/discovery/checks.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * add debug echo * add debug circle-ci * add debug circle-ci bash * use echo instead of status_stage * remove debug and status from devtools script and use echo instead * Update website/content/api-docs/agent/check.mdx Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * fix test * replace status_stage with status * replace functions with echo Co-authored-by: Dhia Ayachi <dhia@hashicorp.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-06-06 19:13:19 +00:00
"Token": "hidden",
"UDP": ""
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
}
],
"ClientAddrs": [],
add HCP integration component (#14723) * add HCP integration * lint: use non-deprecated logging interface
2022-09-26 18:58:15 +00:00
"Cloud": {
"AuthURL": "",
"ClientID": "id",
"ClientSecret": "hidden",
"Hostname": "",
Update HCP bootstrapping to support existing clusters (#16916) * Persist HCP management token from server config We want to move away from injecting an initial management token into Consul clusters linked to HCP. The reasoning is that by using a separate class of token we can have more flexibility in terms of allowing HCP's token to co-exist with the user's management token. Down the line we can also more easily adjust the permissions attached to HCP's token to limit it's scope. With these changes, the cloud management token is like the initial management token in that iit has the same global management policy and if it is created it effectively bootstraps the ACL system. * Update SDK and mock HCP server The HCP management token will now be sent in a special field rather than as Consul's "initial management" token configuration. This commit also updates the mock HCP server to more accurately reflect the behavior of the CCM backend. * Refactor HCP bootstrapping logic and add tests We want to allow users to link Consul clusters that already exist to HCP. Existing clusters need care when bootstrapped by HCP, since we do not want to do things like change ACL/TLS settings for a running cluster. Additional changes: * Deconstruct MaybeBootstrap so that it can be tested. The HCP Go SDK requires HTTPS to fetch a token from the Auth URL, even if the backend server is mocked. By pulling the hcp.Client creation out we can modify its TLS configuration in tests while keeping the secure behavior in production code. * Add light validation for data received/loaded. * Sanitize initial_management token from received config, since HCP will only ever use the CloudConfig.MangementToken. * Add changelog entry
2023-04-27 20:27:39 +00:00
"ManagementToken": "hidden",
adding configuration option cloud.scada_address (#14936) * adding scada_address * config tests * add changelog entry
2022-10-13 09:31:28 +00:00
"ResourceID": "cluster1",
Update HCP bootstrapping to support existing clusters (#16916) * Persist HCP management token from server config We want to move away from injecting an initial management token into Consul clusters linked to HCP. The reasoning is that by using a separate class of token we can have more flexibility in terms of allowing HCP's token to co-exist with the user's management token. Down the line we can also more easily adjust the permissions attached to HCP's token to limit it's scope. With these changes, the cloud management token is like the initial management token in that iit has the same global management policy and if it is created it effectively bootstraps the ACL system. * Update SDK and mock HCP server The HCP management token will now be sent in a special field rather than as Consul's "initial management" token configuration. This commit also updates the mock HCP server to more accurately reflect the behavior of the CCM backend. * Refactor HCP bootstrapping logic and add tests We want to allow users to link Consul clusters that already exist to HCP. Existing clusters need care when bootstrapped by HCP, since we do not want to do things like change ACL/TLS settings for a running cluster. Additional changes: * Deconstruct MaybeBootstrap so that it can be tested. The HCP Go SDK requires HTTPS to fetch a token from the Auth URL, even if the backend server is mocked. By pulling the hcp.Client creation out we can modify its TLS configuration in tests while keeping the secure behavior in production code. * Add light validation for data received/loaded. * Sanitize initial_management token from received config, since HCP will only ever use the CloudConfig.MangementToken. * Add changelog entry
2023-04-27 20:27:39 +00:00
"ScadaAddress": "",
"TLSConfig": null
add HCP integration component (#14723) * add HCP integration * lint: use non-deprecated logging interface
2022-09-26 18:58:15 +00:00
},
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"ConfigEntryBootstrap": [],
"ConnectCAConfig": {},
"ConnectCAProvider": "",
"ConnectEnabled": false,
"ConnectMeshGatewayWANFederationEnabled": false,
"ConnectSidecarMaxPort": 0,
"ConnectSidecarMinPort": 0,
"ConnectTestCALeafRootChangeSpread": "0s",
"ConsulCoordinateUpdateBatchSize": 0,
"ConsulCoordinateUpdateMaxBatches": 0,
"ConsulCoordinateUpdatePeriod": "15s",
"ConsulRaftElectionTimeout": "0s",
"ConsulRaftHeartbeatTimeout": "0s",
"ConsulRaftLeaderLeaseTimeout": "0s",
"ConsulServerHealthInterval": "0s",
"DNSARecordLimit": 0,
"DNSAddrs": [
"tcp://1.2.3.4:5678",
"udp://1.2.3.4:5678"
],
"DNSAllowStale": false,
"DNSAltDomain": "",
"DNSCacheMaxAge": "0s",
"DNSDisableCompression": false,
"DNSDomain": "",
"DNSEnableTruncate": false,
"DNSMaxStale": "0s",
"DNSNodeMetaTXT": false,
"DNSNodeTTL": "0s",
"DNSOnlyPassing": false,
"DNSPort": 0,
Add DNS recursor strategy option (#10611) This change adds a new `dns_config.recursor_strategy` option which controls how Consul queries DNS resolvers listed in the `recursors` config option. The supported options are `sequential` (default), and `random`. Closes #8807 Co-authored-by: Blake Covarrubias <blake@covarrubi.as> Co-authored-by: Priyanka Sengupta <psengupta@flatiron.com>
2021-07-19 22:22:51 +00:00
"DNSRecursorStrategy": "",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"DNSRecursorTimeout": "0s",
"DNSRecursors": [],
"DNSSOA": {
"Expire": 86400,
"Minttl": 0,
"Refresh": 3600,
"Retry": 600
},
"DNSServiceTTL": {},
"DNSUDPAnswerLimit": 0,
"DNSUseCache": false,
"DataDir": "",
"Datacenter": "",
"DefaultQueryTime": "0s",
"DevMode": false,
"DisableAnonymousSignature": false,
"DisableCoordinates": false,
"DisableHTTPUnprintableCharFilter": false,
"DisableHostNodeID": false,
"DisableKeyringFile": false,
"DisableRemoteExec": false,
"DisableUpdateCheck": false,
"DiscardCheckOutput": false,
"DiscoveryMaxStale": "0s",
"EnableAgentTLSForChecks": false,
"EnableCentralServiceConfig": false,
"EnableDebug": false,
"EnableLocalScriptChecks": false,
"EnableRemoteScriptChecks": false,
"EncryptKey": "hidden",
"EnterpriseRuntimeConfig": {},
"ExposeMaxPort": 0,
"ExposeMinPort": 0,
Revert "Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc" This reverts commit 74fb650b6b966588f8faeec26935a858af2b8bb5, reversing changes made to 58bd8173364effb98b9fd9f9b98d31dd887a9bac.
2021-09-08 15:48:41 +00:00
"GRPCAddrs": [],
"GRPCPort": 0,
Add separate grpc_tls port. To ease the transition for users, the original gRPC port can still operate in a deprecated mode as either plain-text or TLS mode. This behavior should be removed in a future release whenever we no longer support this. The resulting behavior from this commit is: `ports.grpc > 0 && ports.grpc_tls > 0` spawns both plain-text and tls ports. `ports.grpc > 0 && grpc.tls == undefined` spawns a single plain-text port. `ports.grpc > 0 && grpc.tls != undefined` spawns a single tls port (backwards compat mode).
2022-08-19 17:07:22 +00:00
"GRPCTLSAddrs": [],
"GRPCTLSPort": 0,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"GossipLANGossipInterval": "0s",
"GossipLANGossipNodes": 0,
"GossipLANProbeInterval": "0s",
"GossipLANProbeTimeout": "0s",
"GossipLANRetransmitMult": 0,
"GossipLANSuspicionMult": 0,
"GossipWANGossipInterval": "0s",
"GossipWANGossipNodes": 0,
"GossipWANProbeInterval": "0s",
"GossipWANProbeTimeout": "0s",
"GossipWANRetransmitMult": 0,
"GossipWANSuspicionMult": 0,
"HTTPAddrs": [
"tcp://1.2.3.4:5678",
"unix:///var/run/foo"
],
"HTTPBlockEndpoints": [],
"HTTPMaxConnsPerClient": 0,
"HTTPMaxHeaderBytes": 0,
"HTTPPort": 0,
"HTTPResponseHeaders": {},
"HTTPSAddrs": [],
"HTTPSHandshakeTimeout": "0s",
"HTTPSPort": 0,
"HTTPUseCache": false,
"KVMaxValueSize": 1234567800000000,
"LeaveDrainTime": "0s",
"LeaveOnTerm": false,
proxycfg: ensure that an irrecoverable error in proxycfg closes the xds session and triggers a replacement proxycfg watcher (#16497) Receiving an "acl not found" error from an RPC in the agent cache and the streaming/event components will cause any request loops to cease under the assumption that they will never work again if the token was destroyed. This prevents log spam (#14144, #9738). Unfortunately due to things like: - authz requests going to stale servers that may not have witnessed the token creation yet - authz requests in a secondary datacenter happening before the tokens get replicated to that datacenter - authz requests from a primary TO a secondary datacenter happening before the tokens get replicated to that datacenter The caller will get an "acl not found" *before* the token exists, rather than just after. The machinery added above in the linked PRs will kick in and prevent the request loop from looping around again once the tokens actually exist. For `consul-dataplane` usages, where xDS is served by the Consul servers rather than the clients ultimately this is not a problem because in that scenario the `agent/proxycfg` machinery is on-demand and launched by a new xDS stream needing data for a specific service in the catalog. If the watching goroutines are terminated it ripples down and terminates the xDS stream, which CDP will eventually re-establish and restart everything. For Consul client usages, the `agent/proxycfg` machinery is ahead-of-time launched at service registration time (called "local" in some of the proxycfg machinery) so when the xDS stream comes in the data is already ready to go. If the watching goroutines terminate it should terminate the xDS stream, but there's no mechanism to re-spawn the watching goroutines. If the xDS stream reconnects it will see no `ConfigSnapshot` and will not get one again until the client agent is restarted, or the service is re-registered with something changed in it. This PR fixes a few things in the machinery: - there was an inadvertent deadlock in fetching snapshot from the proxycfg machinery by xDS, such that when the watching goroutine terminated the snapshots would never be fetched. This caused some of the xDS machinery to get indefinitely paused and not finish the teardown properly. - Every 30s we now attempt to re-insert all locally registered services into the proxycfg machinery. - When services are re-inserted into the proxycfg machinery we special case "dead" ones such that we unilaterally replace them rather that doing that conditionally.
2023-03-03 20:27:53 +00:00
"LocalProxyConfigResyncInterval": "0s",
add agent locality and replicate it across peer streams (#16522)
2023-03-07 19:05:23 +00:00
"Locality": {
"Region": "us-west-1",
"Zone": "us-west-1a"
},
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"Logging": {
"EnableSyslog": false,
"LogFilePath": "",
"LogJSON": false,
"LogLevel": "",
"LogRotateBytes": 0,
"LogRotateDuration": "0s",
"LogRotateMaxFiles": 0,
"Name": "",
"SyslogFacility": ""
},
"MaxQueryTime": "0s",
"NodeID": "",
"NodeMeta": {},
"NodeName": "",
peering: add config to enable/disable peering (#13867) * peering: add config to enable/disable peering Add config: ``` peering { enabled = true } ``` Defaults to true. When disabled: 1. All peering RPC endpoints will return an error 2. Leader won't start its peering establishment goroutines 3. Leader won't start its peering deletion goroutines
2022-07-22 22:20:21 +00:00
"PeeringEnabled": false,
block PeerName register requests (#13887) Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-29 21:36:22 +00:00
"PeeringTestAllowPeerRegistrations": false,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"PidFile": "",
"PrimaryDatacenter": "",
"PrimaryGateways": [
"pmgw_foo=bar pmgw_key=baz pmgw_secret=boom pmgw_bang=bar"
],
"PrimaryGatewaysInterval": "0s",
"RPCAdvertiseAddr": "",
"RPCBindAddr": "",
Remove the `connect.enable_serverless_plugin` agent configuration option (#15710)
2022-12-08 19:46:42 +00:00
"RPCClientTimeout": "0s",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"RPCConfig": {
"EnableStreaming": false
},
"RPCHandshakeTimeout": "0s",
"RPCHoldTimeout": "0s",
"RPCMaxBurst": 0,
"RPCMaxConnsPerClient": 0,
"RPCProtocol": 0,
"RPCRateLimit": 0,
Adding experimental support for a more efficient LogStore implementation (#16176) * Adding experimental support for a more efficient LogStore implementation * Adding changelog entry * Fix go mod tidy issues
2023-02-08 16:50:22 +00:00
"RaftLogStoreConfig": {
"Backend": "",
"BoltDB": {
"NoFreelistSync": false
},
"DisableLogCache": false,
"Verification": {
"Enabled": false,
"Interval": "0s"
},
"WAL": {
"SegmentSize": 0
}
config: add NoFreelistSync option # Conflicts: # agent/config/testdata/TestRuntimeConfig_Sanitize-enterprise.golden # agent/consul/server.go
2021-11-17 23:15:19 +00:00
},
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"RaftProtocol": 3,
"RaftSnapshotInterval": "0s",
"RaftSnapshotThreshold": 0,
"RaftTrailingLogs": 0,
"ReadReplica": false,
"ReconnectTimeoutLAN": "0s",
"ReconnectTimeoutWAN": "0s",
"RejoinAfterLeave": false,
feat: add reporting config with reload (#16890)
2023-04-11 19:04:02 +00:00
"Reporting": {
"License": {
"Enabled": false
}
},
adding config for request_limits (#15531) * server: add placeholder glue for rate limit handler This commit adds a no-op implementation of the rate-limit handler and adds it to the `consul.Server` struct and setup code. This allows us to start working on the net/rpc and gRPC interceptors and config logic. * Add handler errors * Set the global read and write limits * fixing multilimiter moving packages * Fix typo * Simplify globalLimit usage * add multilimiter and tests * exporting LimitedEntity * Apply suggestions from code review Co-authored-by: John Murret <john.murret@hashicorp.com> * add config update and rename config params * add doc string and split config * Apply suggestions from code review Co-authored-by: Dan Upton <daniel@floppy.co> * use timer to avoid go routine leak and change the interface * add comments to tests * fix failing test * add prefix with config edge, refactor tests * Apply suggestions from code review Co-authored-by: Dan Upton <daniel@floppy.co> * refactor to apply configs for limiters under a prefix * add fuzz tests and fix bugs found. Refactor reconcile loop to have a simpler logic * make KeyType an exported type * split the config and limiter trees to fix race conditions in config update * rename variables * fix race in test and remove dead code * fix reconcile loop to not create a timer on each loop * add extra benchmark tests and fix tests * fix benchmark test to pass value to func * server: add placeholder glue for rate limit handler This commit adds a no-op implementation of the rate-limit handler and adds it to the `consul.Server` struct and setup code. This allows us to start working on the net/rpc and gRPC interceptors and config logic. * Set the global read and write limits * fixing multilimiter moving packages * add server configuration for global rate limiting. * remove agent test * remove added stuff from handler * remove added stuff from multilimiter * removing unnecessary TODOs * Removing TODO comment from handler * adding in defaulting to infinite * add disabled status in there * adding in documentation for disabled mode. * make disabled the default. * Add mock and agent test * addig documentation and missing mock file. * Fixing test TestLoad_IntegrationWithFlags * updating docs based on PR feedback. * Updating Request Limits mode to use int based on PR feedback. * Adding RequestLimits struct so we have a nested struct in ReloadableConfig. * fixing linting references * Update agent/consul/rate/handler.go Co-authored-by: Dan Upton <daniel@floppy.co> * Update agent/consul/config.go Co-authored-by: Dan Upton <daniel@floppy.co> * removing the ignore of the request limits in JSON. addingbuilder logic to convert any read rate or write rate less than 0 to rate.Inf * added conversion function to convert request limits object to handler config. * Updating docs to reflect gRPC and RPC are rate limit and as a result, HTTP requests are as well. * Updating values for TestLoad_FullConfig() so that they were different and discernable. * Updating TestRuntimeConfig_Sanitize * Fixing TestLoad_IntegrationWithFlags test * putting nil check in place * fixing rebase * removing change for missing error checks. will put in another PR * Rebasing after default multilimiter config change * resolving rebase issues * updating reference for incomingRPCLimiter to use interface * updating interface * Updating interfaces * Fixing mock reference Co-authored-by: Daniel Upton <daniel@floppy.co> Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2022-12-13 20:09:55 +00:00
"RequestLimitsMode": 0,
"RequestLimitsReadRate": 0,
"RequestLimitsWriteRate": 0,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"RetryJoinIntervalLAN": "0s",
"RetryJoinIntervalWAN": "0s",
"RetryJoinLAN": [
"foo=bar key=hidden secret=hidden bang=bar"
],
"RetryJoinMaxAttemptsLAN": 0,
"RetryJoinMaxAttemptsWAN": 0,
"RetryJoinWAN": [
"wan_foo=bar wan_key=hidden wan_secret=hidden wan_bang=bar"
],
"Revision": "",
"SegmentLimit": 0,
"SegmentName": "",
"SegmentNameLimit": 0,
"Segments": [],
"SerfAdvertiseAddrLAN": "tcp://1.2.3.4:5678",
"SerfAdvertiseAddrWAN": "",
"SerfAllowedCIDRsLAN": [
"192.168.1.0/24",
"127.0.0.0/8"
],
"SerfAllowedCIDRsWAN": [],
"SerfBindAddrLAN": "",
"SerfBindAddrWAN": "",
"SerfPortLAN": 0,
"SerfPortWAN": 0,
"ServerMode": false,
"ServerName": "",
"ServerPort": 0,
agent: prevent very old servers re-joining a cluster with stale data (#17171) * agent: configure server lastseen timestamp Signed-off-by: Dan Bond <danbond@protonmail.com> * use correct config Signed-off-by: Dan Bond <danbond@protonmail.com> * add comments Signed-off-by: Dan Bond <danbond@protonmail.com> * use default age in test golden data Signed-off-by: Dan Bond <danbond@protonmail.com> * add changelog Signed-off-by: Dan Bond <danbond@protonmail.com> * fix runtime test Signed-off-by: Dan Bond <danbond@protonmail.com> * agent: add server_metadata Signed-off-by: Dan Bond <danbond@protonmail.com> * update comments Signed-off-by: Dan Bond <danbond@protonmail.com> * correctly check if metadata file does not exist Signed-off-by: Dan Bond <danbond@protonmail.com> * follow instructions for adding new config Signed-off-by: Dan Bond <danbond@protonmail.com> * add comments Signed-off-by: Dan Bond <danbond@protonmail.com> * update comments Signed-off-by: Dan Bond <danbond@protonmail.com> * Update agent/agent.go Co-authored-by: Dan Upton <daniel@floppy.co> * agent/config: add validation for duration with min Signed-off-by: Dan Bond <danbond@protonmail.com> * docs: add new server_rejoin_age_max config definition Signed-off-by: Dan Bond <danbond@protonmail.com> * agent: add unit test for checking server last seen Signed-off-by: Dan Bond <danbond@protonmail.com> * agent: log continually for 60s before erroring Signed-off-by: Dan Bond <danbond@protonmail.com> * pr comments Signed-off-by: Dan Bond <danbond@protonmail.com> * remove unneeded todo * agent: fix error message Signed-off-by: Dan Bond <danbond@protonmail.com> --------- Signed-off-by: Dan Bond <danbond@protonmail.com> Co-authored-by: Dan Upton <daniel@floppy.co>
2023-05-15 11:05:47 +00:00
"ServerRejoinAgeMax": "168h0m0s",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"Services": [
{
"Address": "",
"Check": {
"AliasNode": "",
"AliasService": "",
"Body": "",
"CheckID": "",
"DeregisterCriticalServiceAfter": "0s",
Add a field to disable following redirects on http checks
2022-04-01 21:31:15 +00:00
"DisableRedirects": false,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"DockerContainerID": "",
"FailuresBeforeCritical": 0,
Revert "Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc" This reverts commit 74fb650b6b966588f8faeec26935a858af2b8bb5, reversing changes made to 58bd8173364effb98b9fd9f9b98d31dd887a9bac.
2021-09-08 15:48:41 +00:00
"FailuresBeforeWarning": 0,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"GRPC": "",
"GRPCUseTLS": false,
add http2 ping health checks (#8431) * add http2 ping checks * fix test issue * add h2ping check to config resources * add new test and docs for h2ping * fix grammatical inconsistency in H2PING documentation * resolve rebase conflicts, add test for h2ping tls verification failure * api documentation for h2ping * update test config data with H2PING * add H2PING to protocol buffers and update changelog * fix typo in changelog entry
2021-04-09 19:12:10 +00:00
"H2PING": "",
change config option to H2PingUseTLS
2021-10-05 01:36:18 +00:00
"H2PingUseTLS": false,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"HTTP": "",
"Header": {},
"Interval": "0s",
"Method": "",
"Name": "blurb",
"Notes": "",
Remove the `connect.enable_serverless_plugin` agent configuration option (#15710)
2022-12-08 19:46:42 +00:00
"OSService": "",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"OutputMaxSize": 4096,
"ProxyGRPC": "",
"ProxyHTTP": "",
"ScriptArgs": [],
"Shell": "",
"Status": "",
"SuccessBeforePassing": 0,
"TCP": "",
Add support for configuring TLS ServerName for health checks Some TLS servers require SNI, but the Golang HTTP client doesn't include it in the ClientHello when connecting to an IP address. This change adds a new TLSServerName field to health check definitions to optionally set it. This fixes #9473.
2021-02-25 06:35:34 +00:00
"TLSServerName": "",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"TLSSkipVerify": false,
"TTL": "0s",
UDP check for service stanza #12221 (#12722) * UDP check for service stanza #12221 * add pass status on timeout condition * delete useless files * Update check_test.go improve comment in test * fix test * fix requested changes and update TestRuntimeConfig_Sanitize.golden * add freeport to TestCheckUDPCritical * improve comment for CheckUDP struct * fix requested changes * fix requested changes * fix requested changes * add UDP to proto * add UDP to proto and add a changelog * add requested test on agent_endpoint_test.go * add test for given endpoints * fix failing tests * add documentation for udp healthcheck * regenerate proto using buf * Update website/content/api-docs/agent/check.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/api-docs/agent/check.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/discovery/checks.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * Update website/content/docs/ecs/configuration-reference.mdx Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> * add debug echo * add debug circle-ci * add debug circle-ci bash * use echo instead of status_stage * remove debug and status from devtools script and use echo instead * Update website/content/api-docs/agent/check.mdx Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com> * fix test * replace status_stage with status * replace functions with echo Co-authored-by: Dhia Ayachi <dhia@hashicorp.com> Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com> Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-06-06 19:13:19 +00:00
"Timeout": "0s",
"UDP": ""
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
},
"Checks": [],
"Connect": null,
"EnableTagOverride": false,
"EnterpriseMeta": {},
"ID": "",
"Kind": "",
allow setting locality on services and nodes (#16581)
2023-03-10 14:36:15 +00:00
"Locality": null,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"Meta": {},
"Name": "foo",
"Port": 0,
"Proxy": null,
Fixup agent/config tests Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-05-05 01:30:20 +00:00
"SocketPath": "",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"TaggedAddresses": {},
"Tags": [],
"Token": "hidden",
"Weights": {
"Passing": 67,
"Warning": 3
}
}
],
"SessionTTLMin": "0s",
"SkipLeaveOnInt": false,
auto-reload configuration when config files change (#12329) * add config watcher to the config package * add logging to watcher * add test and refactor to add WatcherEvent. * add all API calls and fix a bug with recreated files * add tests for watcher * remove the unnecessary use of context * Add debug log and a test for file rename * use inode to detect if the file is recreated/replaced and only listen to create events. * tidy ups (#1535) * tidy ups * Add tests for inode reconcile * fix linux vs windows syscall * fix linux vs windows syscall * fix windows compile error * increase timeout * use ctime ID * remove remove/creation test as it's a use case that fail in linux * fix linux/windows to use Ino/CreationTime * fix the watcher to only overwrite current file id * fix linter error * fix remove/create test * set reconcile loop to 200 Milliseconds * fix watcher to not trigger event on remove, add more tests * on a remove event try to add the file back to the watcher and trigger the handler if success * fix race condition * fix flaky test * fix race conditions * set level to info * fix when file is removed and get an event for it after * fix to trigger handler when we get a remove but re-add fail * fix error message * add tests for directory watch and fixes * detect if a file is a symlink and return an error on Add * rename Watcher to FileWatcher and remove symlink deref * add fsnotify@v1.5.1 * fix go mod * do not reset timer on errors, rename OS specific files * rename New func * events trigger on write and rename * add missing test * fix flaking tests * fix flaky test * check reconcile when removed * delete invalid file * fix test to create files with different mod time. * back date file instead of sleeping * add watching file in agent command. * fix watcher call to use new API * add configuration and stop watcher when server stop * add certs as watched files * move FileWatcher to the agent start instead of the command code * stop watcher before replacing it * save watched files in agent * add add and remove interfaces to the file watcher * fix remove to not return an error * use `Add` and `Remove` to update certs files * fix tests * close events channel on the file watcher even when the context is done * extract `NotAutoReloadableRuntimeConfig` is a separate struct * fix linter errors * add Ca configs and outgoing verify to the not auto reloadable config * add some logs and fix to use background context * add tests to auto-config reload * remove stale test * add tests to changes to config files * add check to see if old cert files still trigger updates * rename `NotAutoReloadableRuntimeConfig` to `StaticRuntimeConfig` * fix to re add both key and cert file. Add test to cover this case. * review suggestion Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * add check to static runtime config changes * fix test * add changelog file * fix review comments * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * update flag description Co-authored-by: FFMMM <FFMMM@users.noreply.github.com> * fix compilation error * add static runtime config support * fix test * fix review comments * fix log test * Update .changelog/12329.txt Co-authored-by: Dan Upton <daniel@floppy.co> * transfer tests to runtime_test.go * fix filewatcher Replace to not deadlock. * avoid having lingering locks Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * split ReloadConfig func * fix warning message Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * convert `FileWatcher` into an interface * fix compilation errors * fix tests * extract func for adding and removing files Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com> Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: FFMMM <FFMMM@users.noreply.github.com> Co-authored-by: Daniel Upton <daniel@floppy.co>
2022-03-31 19:11:49 +00:00
"StaticRuntimeConfig": {
"EncryptVerifyIncoming": false,
"EncryptVerifyOutgoing": false
},
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"SyncCoordinateIntervalMin": "0s",
"SyncCoordinateRateTarget": 0,
Support per-listener TLS configuration ⚙️ (#12504) Introduces the capability to configure TLS differently for Consul's listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC port) which is useful in scenarios where you may want the HTTPS or gRPC interfaces to present a certificate signed by a well-known/public CA, rather than the certificate used for internal communication which must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
"TLS": {
"AutoTLS": false,
"Domain": "",
"EnableAgentTLSForChecks": false,
"GRPC": {
"CAFile": "",
"CAPath": "",
"CertFile": "",
"CipherSuites": [],
"KeyFile": "hidden",
"TLSMinVersion": "",
Add awareness of server mode to TLS configurator Preivously the TLS configurator would default to presenting auto TLS certificates as client certificates. Server agents should not have this behavior and should instead present the manually configured certs. The autoTLS certs for servers are exclusively used for peering and should not be used as the default for outbound communication.
2022-09-16 01:12:10 +00:00
"UseAutoCert": false,
Support per-listener TLS configuration ⚙️ (#12504) Introduces the capability to configure TLS differently for Consul's listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC port) which is useful in scenarios where you may want the HTTPS or gRPC interfaces to present a certificate signed by a well-known/public CA, rather than the certificate used for internal communication which must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
"VerifyIncoming": false,
"VerifyOutgoing": false,
Add awareness of server mode to TLS configurator Preivously the TLS configurator would default to presenting auto TLS certificates as client certificates. Server agents should not have this behavior and should instead present the manually configured certs. The autoTLS certs for servers are exclusively used for peering and should not be used as the default for outbound communication.
2022-09-16 01:12:10 +00:00
"VerifyServerHostname": false
Support per-listener TLS configuration ⚙️ (#12504) Introduces the capability to configure TLS differently for Consul's listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC port) which is useful in scenarios where you may want the HTTPS or gRPC interfaces to present a certificate signed by a well-known/public CA, rather than the certificate used for internal communication which must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
},
"HTTPS": {
"CAFile": "",
"CAPath": "",
"CertFile": "",
"CipherSuites": [],
"KeyFile": "hidden",
"TLSMinVersion": "",
Add awareness of server mode to TLS configurator Preivously the TLS configurator would default to presenting auto TLS certificates as client certificates. Server agents should not have this behavior and should instead present the manually configured certs. The autoTLS certs for servers are exclusively used for peering and should not be used as the default for outbound communication.
2022-09-16 01:12:10 +00:00
"UseAutoCert": false,
Support per-listener TLS configuration ⚙️ (#12504) Introduces the capability to configure TLS differently for Consul's listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC port) which is useful in scenarios where you may want the HTTPS or gRPC interfaces to present a certificate signed by a well-known/public CA, rather than the certificate used for internal communication which must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
"VerifyIncoming": false,
"VerifyOutgoing": false,
Add awareness of server mode to TLS configurator Preivously the TLS configurator would default to presenting auto TLS certificates as client certificates. Server agents should not have this behavior and should instead present the manually configured certs. The autoTLS certs for servers are exclusively used for peering and should not be used as the default for outbound communication.
2022-09-16 01:12:10 +00:00
"VerifyServerHostname": false
Support per-listener TLS configuration ⚙️ (#12504) Introduces the capability to configure TLS differently for Consul's listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC port) which is useful in scenarios where you may want the HTTPS or gRPC interfaces to present a certificate signed by a well-known/public CA, rather than the certificate used for internal communication which must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
},
"InternalRPC": {
"CAFile": "",
"CAPath": "",
"CertFile": "",
"CipherSuites": [],
"KeyFile": "hidden",
"TLSMinVersion": "",
Add awareness of server mode to TLS configurator Preivously the TLS configurator would default to presenting auto TLS certificates as client certificates. Server agents should not have this behavior and should instead present the manually configured certs. The autoTLS certs for servers are exclusively used for peering and should not be used as the default for outbound communication.
2022-09-16 01:12:10 +00:00
"UseAutoCert": false,
Support per-listener TLS configuration ⚙️ (#12504) Introduces the capability to configure TLS differently for Consul's listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC port) which is useful in scenarios where you may want the HTTPS or gRPC interfaces to present a certificate signed by a well-known/public CA, rather than the certificate used for internal communication which must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
"VerifyIncoming": false,
"VerifyOutgoing": false,
Add awareness of server mode to TLS configurator Preivously the TLS configurator would default to presenting auto TLS certificates as client certificates. Server agents should not have this behavior and should instead present the manually configured certs. The autoTLS certs for servers are exclusively used for peering and should not be used as the default for outbound communication.
2022-09-16 01:12:10 +00:00
"VerifyServerHostname": false
Support per-listener TLS configuration ⚙️ (#12504) Introduces the capability to configure TLS differently for Consul's listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC port) which is useful in scenarios where you may want the HTTPS or gRPC interfaces to present a certificate signed by a well-known/public CA, rather than the certificate used for internal communication which must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
},
"NodeName": "",
Add awareness of server mode to TLS configurator Preivously the TLS configurator would default to presenting auto TLS certificates as client certificates. Server agents should not have this behavior and should instead present the manually configured certs. The autoTLS certs for servers are exclusively used for peering and should not be used as the default for outbound communication.
2022-09-16 01:12:10 +00:00
"ServerMode": false,
Support per-listener TLS configuration ⚙️ (#12504) Introduces the capability to configure TLS differently for Consul's listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC port) which is useful in scenarios where you may want the HTTPS or gRPC interfaces to present a certificate signed by a well-known/public CA, rather than the certificate used for internal communication which must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
"ServerName": ""
},
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"TaggedAddresses": {},
"Telemetry": {
"AllowedPrefixes": [],
"BlockedPrefixes": [],
"CirconusAPIApp": "",
"CirconusAPIToken": "hidden",
"CirconusAPIURL": "",
"CirconusBrokerID": "",
"CirconusBrokerSelectTag": "",
"CirconusCheckDisplayName": "",
"CirconusCheckForceMetricActivation": "",
"CirconusCheckID": "",
"CirconusCheckInstanceID": "",
"CirconusCheckSearchTag": "",
"CirconusCheckTags": "",
"CirconusSubmissionInterval": "",
"CirconusSubmissionURL": "",
"Disable": false,
"DisableHostname": false,
"DogstatsdAddr": "",
"DogstatsdTags": [],
"FilterDefault": false,
"MetricsPrefix": "",
"PrometheusOpts": {
"CounterDefinitions": [],
"Expiration": "0s",
"GaugeDefinitions": [],
use *telemetry.MetricsPrefix as prometheus.PrometheusOpts.Name (#11290) Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2021-10-21 20:33:01 +00:00
"Name": "",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"Registerer": null,
"SummaryDefinitions": []
},
test: regenerate golden files (#13336) make envoy-regen go test ./agent/config -update
2022-06-01 20:17:03 +00:00
"RetryFailedConfiguration": false,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"StatsdAddr": "",
"StatsiteAddr": ""
},
"TranslateWANAddrs": false,
"TxnMaxReqLen": 5678000000000000,
"UIConfig": {
"ContentPath": "",
"DashboardURLTemplates": {},
"Dir": "",
"Enabled": false,
Add an internal env var for managed cluster config in the ui (#12796)
2022-04-15 16:55:52 +00:00
"HCPEnabled": false,
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"MetricsProvider": "",
"MetricsProviderFiles": [],
"MetricsProviderOptionsJSON": "",
"MetricsProxy": {
"AddHeaders": [
{
"Name": "foo",
"Value": "hidden"
}
],
"BaseURL": "",
"PathAllowlist": []
}
},
"UnixSocketGroup": "",
"UnixSocketMode": "",
"UnixSocketUser": "",
"UseStreamingBackend": false,
"Version": "",
Fix up enterprise version tag. Changes to how the version string was handled created small regression with the release of consul 1.12.0 enterprise. Many tools use the Config:Version field reported by the agent/self resource to determine whether Consul is an enterprise or OSS instance, expect something like 1.12.0+ent for enterprise and simply 1.12.0 for OSS. This was accidentally broken during the runup to 1.12.x This work fixes the value returned by both the self endpoint in ["Config"]["Version"] and the metrics consul.version field. Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-05 02:16:18 +00:00
"VersionMetadata": "",
config: Use golden for TestRuntimeConfig_Sanitize A golden file makes the expected value easier to work with. This change also removes a number of shims for enterprise and replaces them with a single one for the golden filename.
2020-12-21 17:36:38 +00:00
"VersionPrerelease": "",
proxycfg: rate-limit delivery of config snapshots (#14960) Adds a user-configurable rate limiter to proxycfg snapshot delivery, with a default limit of 250 updates per second. This addresses a problem observed in our load testing of Consul Dataplane where updating a "global" resource such as a wildcard intention or the proxy-defaults config entry could starve the Raft or Memberlist goroutines of CPU time, causing general cluster instability.
2022-10-14 14:52:00 +00:00
"Watches": [],
"XDSUpdateRateLimit": 0
Adding experimental support for a more efficient LogStore implementation (#16176) * Adding experimental support for a more efficient LogStore implementation * Adding changelog entry * Fix go mod tidy issues
2023-02-08 16:50:22 +00:00
}