Paul Banks
|
44afb5c699
|
Agent Connect Proxy config endpoint with hash-based blocking
|
2018-06-14 09:41:57 -07:00 |
|
Paul Banks
|
c2266b134a
|
HTTP agent registration allows proxy to be defined.
|
2018-06-14 09:41:57 -07:00 |
|
Paul Banks
|
78e48fd547
|
Added connect proxy config and local agent state setup on boot.
|
2018-06-14 09:41:57 -07:00 |
|
Paul Banks
|
280382c25f
|
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works.
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
|
2018-06-14 09:41:57 -07:00 |
|
Paul Banks
|
adc5589329
|
Allow duplicate source or destination, but enforce uniqueness across all four.
|
2018-06-14 09:41:57 -07:00 |
|
Paul Banks
|
51b1bc028d
|
Rework connect/proxy and command/connect/proxy. End to end demo working again
|
2018-06-14 09:41:57 -07:00 |
|
Paul Banks
|
67669abf82
|
Remove old connect client and proxy implementation
|
2018-06-14 09:41:56 -07:00 |
|
Paul Banks
|
2d6a2ce1e3
|
connect.Service based implementation after review feedback.
|
2018-06-14 09:41:56 -07:00 |
|
Paul Banks
|
800deb693c
|
Original proxy and connect.Client implementation. Working end to end.
|
2018-06-14 09:41:56 -07:00 |
|
Mitchell Hashimoto
|
62b746c380
|
agent: rename authorize param ClientID to ClientCertURI
|
2018-06-14 09:41:56 -07:00 |
|
Mitchell Hashimoto
|
26f254fac0
|
api: rename Authorize field to ClientCertURI
|
2018-06-14 09:41:56 -07:00 |
|
Mitchell Hashimoto
|
9de861d722
|
api: fix up some comments and rename IssuedCert to LeafCert
|
2018-06-14 09:41:56 -07:00 |
|
Mitchell Hashimoto
|
c0894f0f50
|
api: IntentionMatch
|
2018-06-14 09:41:56 -07:00 |
|
Mitchell Hashimoto
|
9c33068394
|
api: starting intention endpoints, reorganize files slightly
|
2018-06-14 09:41:55 -07:00 |
|
Mitchell Hashimoto
|
b5b301aa2a
|
api: endpoints for working with CA roots, agent authorize, etc.
|
2018-06-14 09:41:55 -07:00 |
|
Mitchell Hashimoto
|
94e7a0a3c1
|
agent: add TODO for verification
|
2018-06-14 09:41:55 -07:00 |
|
Mitchell Hashimoto
|
f983978fb8
|
acl: IntentionDefault => IntentionDefaultAllow
|
2018-06-14 09:41:55 -07:00 |
|
Mitchell Hashimoto
|
b3584b6355
|
agent: ACL checks for authorize, default behavior
|
2018-06-14 09:41:55 -07:00 |
|
Mitchell Hashimoto
|
3e0e0a94a7
|
agent/structs: String format for Intention, used for logging
|
2018-06-14 09:41:55 -07:00 |
|
Mitchell Hashimoto
|
3f80808379
|
agent: bolster commenting for clearer understandability
|
2018-06-14 09:41:55 -07:00 |
|
Mitchell Hashimoto
|
c6269cda37
|
agent: default deny on connect authorize endpoint
|
2018-06-14 09:41:54 -07:00 |
|
Mitchell Hashimoto
|
5364a8cd90
|
agent: /v1/agent/connect/authorize is functional, with tests
|
2018-06-14 09:41:54 -07:00 |
|
Mitchell Hashimoto
|
7af99667b6
|
agent/connect: Authorize for CertURI
|
2018-06-14 09:41:54 -07:00 |
|
Mitchell Hashimoto
|
68fa4a83b1
|
agent: get rid of method checks since they're done in the http layer
|
2018-06-14 09:41:54 -07:00 |
|
Paul Banks
|
3efe3f8aff
|
require -> assert until rebase
|
2018-06-14 09:41:54 -07:00 |
|
Paul Banks
|
894ee3c5b0
|
Add Connect agent, catalog and health endpoints to api Client
|
2018-06-14 09:41:54 -07:00 |
|
Mitchell Hashimoto
|
1985655dff
|
agent/consul/state: ensure exactly one active CA exists when setting
|
2018-06-14 09:41:54 -07:00 |
|
Mitchell Hashimoto
|
9d93c52098
|
agent/connect: support any values in the URL
|
2018-06-14 09:41:54 -07:00 |
|
Mitchell Hashimoto
|
8934f00d03
|
agent/connect: support SpiffeIDSigning
|
2018-06-14 09:41:53 -07:00 |
|
Mitchell Hashimoto
|
da1bc48372
|
agent/connect: rename SpiffeID to CertURI
|
2018-06-14 09:41:53 -07:00 |
|
Mitchell Hashimoto
|
b0315811b9
|
agent/connect: use proper keyusage fields for CA and leaf
|
2018-06-14 09:41:53 -07:00 |
|
Mitchell Hashimoto
|
434d8750ae
|
agent/connect: address PR feedback for the CA.go file
|
2018-06-14 09:41:53 -07:00 |
|
Mitchell Hashimoto
|
e0562f1c21
|
agent: implement an always-200 authorize endpoint
|
2018-06-14 09:41:53 -07:00 |
|
Mitchell Hashimoto
|
2026cf3753
|
agent/consul: encode issued cert serial number as hex encoded
|
2018-06-14 09:41:53 -07:00 |
|
Mitchell Hashimoto
|
deb55c436d
|
agent/structs: hide some fields from JSON
|
2018-06-14 09:41:52 -07:00 |
|
Mitchell Hashimoto
|
746f80639a
|
agent: /v1/connect/ca/configuration PUT for setting configuration
|
2018-06-14 09:41:52 -07:00 |
|
Mitchell Hashimoto
|
2dfca5dbc2
|
agent/consul/fsm,state: snapshot/restore for CA roots
|
2018-06-14 09:41:52 -07:00 |
|
Mitchell Hashimoto
|
17d6b437d2
|
agent/consul/fsm,state: tests for CA root related changes
|
2018-06-14 09:41:52 -07:00 |
|
Mitchell Hashimoto
|
a8510f8224
|
agent/consul: set more fields on the issued cert
|
2018-06-14 09:41:52 -07:00 |
|
Mitchell Hashimoto
|
58b6f476e8
|
agent: /v1/connect/ca/leaf/:service_id
|
2018-06-14 09:41:52 -07:00 |
|
Mitchell Hashimoto
|
748a0bb824
|
agent: CA root HTTP endpoints
|
2018-06-14 09:41:51 -07:00 |
|
Mitchell Hashimoto
|
80a058a573
|
agent/consul: CAS operations for setting the CA root
|
2018-06-14 09:41:51 -07:00 |
|
Mitchell Hashimoto
|
712888258b
|
agent/consul: tests for CA endpoints
|
2018-06-14 09:41:51 -07:00 |
|
Mitchell Hashimoto
|
1928c07d0c
|
agent/consul: key the public key of the CSR, verify in test
|
2018-06-14 09:41:51 -07:00 |
|
Mitchell Hashimoto
|
9a8653f45e
|
agent/consul: test for ConnectCA.Sign
|
2018-06-14 09:41:51 -07:00 |
|
Mitchell Hashimoto
|
a360c5cca4
|
agent/consul: basic sign endpoint not tested yet
|
2018-06-14 09:41:51 -07:00 |
|
Mitchell Hashimoto
|
6550ff9492
|
agent/connect: package for agent-related Connect, parse SPIFFE IDs
|
2018-06-14 09:41:50 -07:00 |
|
Mitchell Hashimoto
|
d4e232f69b
|
connect: create connect package for helpers
|
2018-06-14 09:41:50 -07:00 |
|
Mitchell Hashimoto
|
f433f61fdf
|
agent/structs: json omit QueryMeta
|
2018-06-14 09:41:50 -07:00 |
|
Mitchell Hashimoto
|
9ad2a12441
|
agent: /v1/connect/ca/roots
|
2018-06-14 09:41:50 -07:00 |
|