Kyle Havlovitz
02fef5f9a2
Move ConsulCAProviderConfig into structs package
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
887cc98d7e
Simplify the CAProvider.Sign method
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
44b30476cb
Simplify the CA provider interface by moving some logic out
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
aa10fb2f48
Clarify some comments and names around CA bootstrapping
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
43f13d5a0b
Add cross-signing mechanism to root rotation
2018-06-14 09:42:00 -07:00
Kyle Havlovitz
bbfcb278e1
Add the root rotation mechanism to the CA config endpoint
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
a585a0ba10
Have the built in CA store its state in raft
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
80eddb0bfb
Fix the testing endpoint's root set op
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
fc9ef9741b
Hook the CA RPC endpoint into the provider interface
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
a40db26ffe
Add CA bootstrapping on establishing leadership
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
e26819ed9c
Add the bootstrap config for the CA
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
ebdda17a30
Add CA config set to fsm operations
2018-06-14 09:41:58 -07:00
Kyle Havlovitz
f7ff16669f
Add the Connect CA config to the state store
2018-06-14 09:41:58 -07:00
Paul Banks
9d11cd9bf4
Fix various test failures and vet warnings.
...
Intention de-duplication in previously merged PR actualy failed some tests that were not caught be me or CI. I ran the test files for state changes but they happened not to trigger this case so I made sure they did first and then fixed. That fixed some upstream intention endpoint tests that I'd not run as part of testing the previous fix.
2018-06-14 09:41:58 -07:00
Paul Banks
280382c25f
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works.
...
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
2018-06-14 09:41:57 -07:00
Paul Banks
adc5589329
Allow duplicate source or destination, but enforce uniqueness across all four.
2018-06-14 09:41:57 -07:00
Mitchell Hashimoto
1985655dff
agent/consul/state: ensure exactly one active CA exists when setting
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
da1bc48372
agent/connect: rename SpiffeID to CertURI
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
b0315811b9
agent/connect: use proper keyusage fields for CA and leaf
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
2026cf3753
agent/consul: encode issued cert serial number as hex encoded
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
746f80639a
agent: /v1/connect/ca/configuration PUT for setting configuration
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
2dfca5dbc2
agent/consul/fsm,state: snapshot/restore for CA roots
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
17d6b437d2
agent/consul/fsm,state: tests for CA root related changes
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
a8510f8224
agent/consul: set more fields on the issued cert
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
58b6f476e8
agent: /v1/connect/ca/leaf/:service_id
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
80a058a573
agent/consul: CAS operations for setting the CA root
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
712888258b
agent/consul: tests for CA endpoints
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
1928c07d0c
agent/consul: key the public key of the CSR, verify in test
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
9a8653f45e
agent/consul: test for ConnectCA.Sign
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
a360c5cca4
agent/consul: basic sign endpoint not tested yet
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
24830f4cfa
agent/consul: RPC endpoints to list roots
2018-06-14 09:41:50 -07:00
Mitchell Hashimoto
cfb62677c0
agent/consul/state: CARoot structs and initial state store
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
7e8d606717
agent: address PR feedback
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
f9a55aa7e0
agent: clarified a number of comments per PR feedback
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
62cbb892e3
agent/consul: Health.ServiceNodes ACL check for Connect
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
641c982480
agent/consul: Catalog endpoint ACL requirements for Connect proxies
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
566c98b2fc
agent/consul: require name for proxies
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
daaa6e2403
agent: clean up connect/non-connect duplication by using shared methods
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
119ffe3ed9
agent/consul: implement Health.ServiceNodes for Connect, DNS works
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
253256352c
agent/consul: Catalog.ServiceNodes supports Connect filtering
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
06957f6d7f
agent/consul/state: ConnectServiceNodes
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
200100d3f4
agent/consul: enforce ACL on ProxyDestination
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
8a72826483
agent/consul: proxy registration and tests
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
8777ff139c
agent: test /v1/catalog/node/:node to list connect proxies
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
761b561946
agent: /v1/catalog/service/:service works with proxies
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
58bff8dd05
agent/consul/state: convert proxy test to testify/assert
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
09568ce7b5
agent/consul/state: service registration with proxy works
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
23ee0888ec
agent/consul: convert intention ACLs to testify/assert
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
6a8bba7d48
agent/consul,structs: add tests for ACL filter and prefix for intentions
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
3e10a1ae7a
agent/consul: Intention.Match ACLs
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
db44a98a2d
agent/consul: Intention.Get ACLs
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
fd840da97a
agent/consul: Intention.Apply ACL on rename
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
14ca93e09c
agent/consul: tests for ACLs on Intention.Apply update/delete
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
c54be9bc09
agent/consul: Basic ACL on Intention.Apply
2018-06-14 09:41:44 -07:00
Mitchell Hashimoto
1d0b4ceedb
agent: convert all intention tests to testify/assert
2018-06-14 09:41:44 -07:00
Mitchell Hashimoto
f07340e94f
agent/consul/fsm,state: snapshot/restore for intentions
2018-06-14 09:41:44 -07:00
Mitchell Hashimoto
6f33b2d070
agent: use UTC time for intention times, move empty list check to
...
agent/consul
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
67b017c95c
agent/consul/fsm: switch tests to use structs.TestIntention
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
3a00564411
agent/consul/state: need to set Meta for intentions for tests
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
027dad8672
agent/consul/state: remove TODO
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
37f66e47ed
agent: use testing intention to get valid intentions
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
04bd4af99c
agent/consul: set default intention SourceType, validate it
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
8e2462e301
agent/structs: Intention validation
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
d34ee200de
agent/consul: support intention description, meta is non-nil
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
e81d1c88b7
agent/consul/fsm: add tests for intention requests
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
2b047fb09b
agent,agent/consul: set default namespaces
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
e630d65d9d
agent/consul: set CreatedAt, UpdatedAt on intentions
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
e9d208bcb6
agent/consul: RPC endpoint for Intention.Match
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
987b7ce0a2
agent/consul/state: IntentionMatch for performing match resolution
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
bebe6870ff
agent/consul: test that Apply works to delete an intention
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
95e1c92edf
agent/consul/state,fsm: support for deleting intentions
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
32ad54369c
agent/consul: creating intention must not have ID set
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
f219c766cb
agent/consul: support updating intentions
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
37572829ab
agent: GET /v1/connect/intentions/:id
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
2a8a2f8167
agent/consul: Intention.Get endpoint
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
48b9a43f1d
agent/consul: Intention.Apply, FSM methods, very little validation
2018-06-14 09:41:39 -07:00
Mitchell Hashimoto
b19a289596
agent/consul: start Intention RPC endpoints, starting with List
2018-06-14 09:41:39 -07:00
Mitchell Hashimoto
8b0ac7d9c5
agent/consul/state: list intentions
2018-06-14 09:41:39 -07:00
Mitchell Hashimoto
c05bed86e1
agent/consul/state: initial work on intentions memdb table
2018-06-14 09:41:39 -07:00
Guido Iaquinti
3ed73961b3
Attach server.Name label to client.rpc.failed
2018-06-13 14:56:14 +01:00
Guido Iaquinti
bda575074e
Attach server.ID label to client.rpc.failed
2018-06-13 14:53:44 +01:00
Guido Iaquinti
edd6a69541
Client: add metric for failed RPC calls to server
2018-06-13 12:35:45 +01:00
Matt Keeler
c41fa6c010
Add a Client ReloadConfig test
2018-06-11 16:23:51 -04:00
Matt Keeler
c5d9c2362f
Merge branch 'master' of github.com:hashicorp/consul into rpc-limiting
...
# Conflicts:
# agent/agent.go
# agent/consul/client.go
2018-06-11 16:11:36 -04:00
Matt Keeler
c589991452
Apply the limits to the clients rpcLimiter
2018-06-11 15:51:17 -04:00
Matt Keeler
14661a417b
Allow for easy enterprise/oss coexistence
...
Uses struct/interface embedding with the embedded structs/interfaces being empty for oss. Also methods on the server/client types are defaulted to do nothing for OSS
2018-05-24 10:36:42 -04:00
Wim
88514d6a82
Add support for reverse lookup of services
2018-05-19 19:39:02 +02:00
Preetha Appan
7400a78f8a
Change default raft threshold config values and add a section to upgrade notes
2018-05-11 10:45:41 -05:00
Preetha Appan
e28c5fbb4e
Also make snapshot interval configurable
2018-05-11 10:43:24 -05:00
Preetha Appan
eb4bc79118
Make raft snapshot commit threshold configurable
2018-05-11 10:43:24 -05:00
Jack Pearkes
e611b1728a
Merge pull request #4097 from hashicorp/remove-deprecated
...
Remove deprecated check/service fields and metric names
2018-05-10 15:45:49 -07:00
Kyle Havlovitz
60307ef328
Remove deprecated metric names
2018-05-08 16:23:15 -07:00
Paul Banks
c55885efd8
Merge pull request #3970 from pierresouchay/node_health_should_change_service_index
...
[BUGFIX] When a node level check is removed, ensure all services of node are notified
2018-05-08 16:44:50 +01:00
Pierre Souchay
ee47eb7d7d
Added Missing Service Meta synchronization and field
2018-04-21 17:34:29 +02:00
Pierre Souchay
1b55e3559b
Allow renaming nodes when ID is unchanged
2018-04-18 15:39:38 +02:00
Kyle Havlovitz
be10300d06
Update make static-assets goal and run format
2018-04-13 09:57:25 -07:00
Matt Keeler
ed94d356e0
Merge pull request #4023 from hashicorp/f-near-ip
...
Add near=_ip support for prepared queries
2018-04-12 12:10:48 -04:00
Matt Keeler
aa9151738a
GH-3798: A couple more PR updates
...
Test HTTP/DNS source IP without header/extra EDNS data.
Add WARN log for when prepared query with near=_ip is executed without specifying the source ip
2018-04-12 10:10:37 -04:00
Matt Keeler
3a0f7789ec
GH-3798: A few more PR updates
2018-04-11 20:32:35 -04:00
Matt Keeler
de3a9be3d0
GH-3798: Updates for PR
...
Allow DNS peer IP as the source IP.
Break early when the right node was found for executing the preapred query.
Update docs
2018-04-11 17:02:04 -04:00
Matt Keeler
89cd24aeca
GH-3798: Add near=_ip support for prepared queries
2018-04-10 14:50:50 -04:00
Paul Banks
2ed0d2afcd
Allow ignoring checks by ID when defining a PreparedQuery. Fixes #3727 .
2018-04-10 14:04:16 +01:00
Preetha Appan
d9d9944179
Renames agent API layer for service metadata to "meta" for consistency
2018-03-28 09:04:50 -05:00
Preetha
8dacb12c79
Merge pull request #3881 from pierresouchay/service_metadata
...
Feature Request: Support key-value attributes for services
2018-03-27 16:33:57 -05:00
Pierre Souchay
b9ae4e647f
Added validation of ServiceMeta in Catalog
...
Fixed Error Message when ServiceMeta is not valid
Added Unit test for adding a Service with badly formatted ServiceMeta
2018-03-27 22:22:42 +02:00
Preetha Appan
17a011b9bd
fix typo and remove comment
2018-03-27 14:28:05 -05:00
Preetha Appan
6d16afc65c
Remove unnecessary nil checks
2018-03-27 10:59:42 -05:00
Preetha Appan
c21c2da690
Fix test and remove unused method
2018-03-27 09:44:41 -05:00
Preetha Appan
512f9a50fc
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-26 14:21:06 -05:00
Pierre Souchay
eccb56ade0
Added support for renaming nodes when their IP does not change
2018-03-26 16:44:13 +02:00
Pierre Souchay
90d2f7bca1
Merge remote-tracking branch 'origin/master' into node_health_should_change_service_index
2018-03-22 13:07:11 +01:00
Pierre Souchay
9cc9dce848
More test cases
2018-03-22 12:41:06 +01:00
Pierre Souchay
7e8e4e014b
Added new test regarding checks index
2018-03-22 12:20:25 +01:00
Pierre Souchay
a8b66fb7aa
Fixed minor typo in comments
...
Might fix unstable travis build
2018-03-22 10:30:10 +01:00
Josh Soref
1dd8c378b9
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
Pierre Souchay
3eb287f57d
Fixed typo in comments
2018-03-19 17:12:08 +01:00
Pierre Souchay
eb2a4eaea3
Refactoring to have clearer code without weird bool
2018-03-19 16:12:54 +01:00
Pierre Souchay
a5f6ac0df4
[BUGFIX] When a node level check is removed, ensure all services of node are notified
...
Bugfix for https://github.com/hashicorp/consul/pull/3899
When a node level check is removed (example: maintenance),
some watchers on services might have to recompute their state.
If those nodes are performing blocking queries, they have to be notified.
While their state was updated when node-level state did change or was added
this was not the case when the check was removed. This fixes it.
2018-03-19 14:14:03 +01:00
Devin Canterberry
881d20c606
🐛 Formatting changes only; add missing trailing commas
2018-03-15 10:19:46 -07:00
Mitchell Hashimoto
fbac58280e
agent/consul/fsm: begin using testify/assert
2018-03-06 09:48:15 -08:00
Paul Banks
628dcc9793
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index
...
Services Indexes modified per service instead of using a global Index
2018-03-02 16:24:43 +00:00
Pierre Souchay
85b73f8163
Simplified error handling for maxIndexForService
...
* added unit tests to ensure service index is properly garbage collected
* added Upgrade from Version 1.0.6 to higher section in documentation
2018-03-01 14:09:36 +01:00
Preetha Appan
77d35f1829
Remove extra newline
2018-02-21 13:21:47 -06:00
Preetha Appan
573500dc51
Unit test that calls revokeLeadership twice to make sure its idempotent
2018-02-21 12:48:53 -06:00
Preetha Appan
bd270b02ba
Make sure revokeLeadership is called if establishLeadership errors
2018-02-21 12:33:22 -06:00
Alex Dadgar
535842004c
Test autopilots start/stop idempotency
2018-02-21 10:19:30 -08:00
Alex Dadgar
4d99696f02
Improve autopilot shutdown to be idempotent
2018-02-20 15:51:59 -08:00
Pierre Souchay
e6d85cb36a
Fixed comments for function maxIndexForService
2018-02-20 23:57:28 +01:00
Pierre Souchay
b26ea3c230
[Revert] Only update services if tags are different
...
This patch did give some better results, but break watches on
the services of a node.
It is possible to apply the same optimization for nodes than
to services (one index per instance), but it would complicate
further the patch.
Let's do it in another PR.
2018-02-20 23:34:42 +01:00
Pierre Souchay
903e866835
Only update services if tags are different
2018-02-20 23:08:04 +01:00
Pierre Souchay
56d5c0bf22
Enable Raft index optimization per service name on health endpoint
...
Had to fix unit test in order to check properly indexes.
2018-02-20 01:35:50 +01:00
Pierre Souchay
ec1b278595
Get only first service to test whether we have to cleanup index of a service
2018-02-19 22:44:49 +01:00
Pierre Souchay
523feb0be4
Fixed comment about raftIndex + use test.Helper()
2018-02-19 19:30:25 +01:00
Pierre Souchay
4c188c1d08
Services Indexes modified per service instead of using a global Index
...
This patch improves the watches for services on large cluster:
each service has now its own index, such watches on a specific service
are not modified by changes in the global catalog.
It should improve a lot the performance of tools such as consul-template
or libraries performing watches on very large clusters with many
services/watches.
2018-02-19 18:29:22 +01:00
Veselkov Konstantin
05666113a4
remove golint warnings
2018-01-28 22:40:13 +04:00
Kyle Havlovitz
0e76d62846
Reset clusterHealth when autopilot starts
2018-01-23 12:52:28 -08:00
Kyle Havlovitz
6d1dbe6cc4
Move autopilot health loop into leader operations
2018-01-23 11:17:41 -08:00
James Phillips
62e97a6602
Fixes a `go fmt` cleanup.
2017-12-20 13:43:38 -08:00
Kyle Havlovitz
74b0c58831
Fix vet error
2017-12-18 18:04:42 -08:00
Kyle Havlovitz
dfc165a47b
Move autopilot initializing to oss file
2017-12-18 18:02:44 -08:00
Kyle Havlovitz
044c38aa7b
Move autopilot setup to a separate file
2017-12-18 16:55:51 -08:00
Kyle Havlovitz
9e1ba6fb4e
Make some final tweaks to autopilot package
2017-12-18 12:26:47 -08:00
Kyle Havlovitz
6b58df5898
Merge pull request #3737 from hashicorp/autopilot-refactor
...
Move autopilot to a standalone package
2017-12-15 14:09:40 -08:00
James Phillips
262cbbd9ca
Merge pull request #3728 from weiwei04/fix_globalRPC_goroutine_leak
...
fix globalRPC goroutine leak
2017-12-14 17:54:19 -08:00
Kyle Havlovitz
798aca92c5
Expose IsPotentialVoter for advanced autopilot logic
2017-12-13 17:53:51 -08:00
Kyle Havlovitz
a4ac148077
Merge branch 'master' into autopilot-refactor
2017-12-13 11:54:32 -08:00
Kyle Havlovitz
6c985132de
A few last autopilot adjustments
2017-12-13 11:19:17 -08:00
Kyle Havlovitz
77d92bf15c
More autopilot reorganizing
2017-12-13 10:57:37 -08:00
James Phillips
984de6e2e0
Adds TODOs referencing #3744 .
2017-12-13 10:52:06 -08:00
Kyle Havlovitz
f347c8a531
More refactoring to make autopilot consul-agnostic
2017-12-12 17:46:28 -08:00