Paul Banks
3a00574a13
Persist proxy state through agent restart
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
418ed161dc
agent: agent service registration supports Connect native services
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
9249662c6c
agent: leaf endpoint accepts name, not service ID
...
This change is important so that requests can made representing a
service that may not be registered with the same local agent.
2018-06-14 09:42:20 -07:00
Paul Banks
73f2a49ef1
Fix broken api test for service Meta (logical conflict rom OSS). Add test that would make this much easier to catch in future.
2018-06-14 09:42:17 -07:00
Paul Banks
834ed1d25f
Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes.
2018-06-14 09:42:16 -07:00
Paul Banks
5abf47472d
Verify trust domain on /authorize calls
2018-06-14 09:42:16 -07:00
Paul Banks
30d90b3be4
Generate CSR using real trust-domain
2018-06-14 09:42:16 -07:00
Mitchell Hashimoto
b4f990bc6c
agent: verify local proxy tokens for CA leaf + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
8f7b5f93cd
agent: verify proxy token for ProxyConfig endpoint + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
52665f7d23
agent: clean up defaulting of proxy configuration
...
This cleans up and unifies how proxy settings defaults are applied.
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
ed14e9edf8
agent: resolve some conflicts and fix tests
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
669268f85c
agent: start proxy manager
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
f64a002f68
agent: start/stop proxies
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
536f31571b
agent: change connect command paths to be slices, not strings
...
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
Paul Banks
02ab461dae
TLS watching integrated into Service with some basic tests.
...
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
Paul Banks
dcd277de8a
Wire up agent leaf endpoint to cache framework to support blocking.
2018-06-14 09:42:07 -07:00
Paul Banks
6f566f750e
Basic `watch` support for connect proxy config and certificate endpoints.
...
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
- Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
- Integration into `connect` is partially done here but still WIP
2018-06-14 09:42:05 -07:00
Mitchell Hashimoto
5abd43a567
agent: resolve flaky test by checking cache hits increase, rather than
...
exact
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
73838c9afa
agent: use helper/retry instead of timing related tests
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
a1f8cb9570
agent: augment /v1/connect/authorize to cache intentions
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
9e44a319d3
agent: check cache hit count to verify CA root caching, background update
2018-06-14 09:42:00 -07:00
Paul Banks
a90f69faa4
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
2018-06-14 09:41:58 -07:00
Paul Banks
cbd8606651
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test.
2018-06-14 09:41:57 -07:00
Paul Banks
44afb5c699
Agent Connect Proxy config endpoint with hash-based blocking
2018-06-14 09:41:57 -07:00
Paul Banks
c2266b134a
HTTP agent registration allows proxy to be defined.
2018-06-14 09:41:57 -07:00
Paul Banks
280382c25f
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works.
...
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
2018-06-14 09:41:57 -07:00
Mitchell Hashimoto
62b746c380
agent: rename authorize param ClientID to ClientCertURI
2018-06-14 09:41:56 -07:00
Mitchell Hashimoto
b3584b6355
agent: ACL checks for authorize, default behavior
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
5364a8cd90
agent: /v1/agent/connect/authorize is functional, with tests
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
58b6f476e8
agent: /v1/connect/ca/leaf/:service_id
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
748a0bb824
agent: CA root HTTP endpoints
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
767d2eaef6
agent: commenting some tests
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
f9a55aa7e0
agent: clarified a number of comments per PR feedback
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
4cc4de1ff6
agent: remove ConnectProxyServiceName
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
4207bb42c0
agent: validate service entry on register
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
c43ccd024a
agent/local: anti-entropy for connect proxy services
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
6cd9e0e37c
agent: /v1/agent/services test with connect proxies (works w/ no change)
2018-06-14 09:41:46 -07:00
Kyle Havlovitz
a480434517
Remove the script field from checks in favor of args
2018-05-08 15:31:53 -07:00
Pierre Souchay
ee47eb7d7d
Added Missing Service Meta synchronization and field
2018-04-21 17:34:29 +02:00
Josh Soref
1dd8c378b9
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
James Phillips
cf30d409c9
Moves ACL disabled response logic down into endpoints.
...
This lets us make the registration of endpoints less fancy, on the
road to adding a registration mechanism.
2017-11-29 18:36:52 -08:00
James Phillips
021373d72e
Makes the metrics ACL test call the right endpoint.
...
This also required setting up a proper in-mem sink so we don't get
metrics-related errors.
Fixes #3655
2017-11-06 21:50:04 -08:00
Frank Schroeder
1dab004335
Decouple the code that executes checks from the agent
2017-10-25 11:18:07 +02:00
Frank Schroeder
da604495a0
local state: address review comments
...
* move non-blocking notification mechanism into ae.Trigger
* move Pause/Resume into separate type
2017-10-23 10:56:04 +02:00
Frank Schroeder
ea92ee308a
local state: tests compile
2017-10-23 10:56:03 +02:00
Frank Schroeder
138aa25280
Revert "local state: tests compile"
...
This reverts commit 1af52bf7be02d952e16e14209899a9715451f7ba.
2017-10-23 10:08:34 +02:00
Frank Schroeder
c72d21813b
Revert "local state: address review comments"
...
This reverts commit 1d315075b15647db7fcd42986c9c5673cbb77a77.
2017-10-23 10:08:33 +02:00
Frank Schroeder
40e17f9f01
local state: address review comments
...
* move non-blocking notification mechanism into ae.Trigger
* move Pause/Resume into separate type
2017-10-23 08:03:18 +02:00
Frank Schroeder
884f98f8aa
local state: tests compile
2017-10-23 08:03:18 +02:00
James Phillips
3d52f42715
Fixes API client for ScriptArgs and updates documentation. ( #3589 )
...
* Updates the API client to support the current `ScriptArgs` parameter
for checks.
* Updates docs for checks to explain the `ScriptArgs` parameter issue.
* Adds mappings for "args" and "script-args" to give th API parity
with config.
* Adds checks on return codes.
* Removes debug logging that shows empty when args are used.
2017-10-18 11:28:39 -07:00