Mitchell Hashimoto
536f31571b
agent: change connect command paths to be slices, not strings
...
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
76c6849ffe
agent/local: store proxy on local state, wip, not working yet
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
659ab7ee2d
agent/proxy: exponential backoff on restarts
2018-06-14 09:42:07 -07:00
Mitchell Hashimoto
c2f50f1688
agent/proxy: Daemon works, tests cover it too
2018-06-14 09:42:07 -07:00
Mitchell Hashimoto
c47ad68f25
wip
2018-06-14 09:42:07 -07:00
Paul Banks
02ab461dae
TLS watching integrated into Service with some basic tests.
...
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
Paul Banks
dcd277de8a
Wire up agent leaf endpoint to cache framework to support blocking.
2018-06-14 09:42:07 -07:00
Kyle Havlovitz
b28e11fdd3
Fill out connect CA rpc endpoint tests
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
0e184f3f5b
Fix config tests
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
7c0976208d
Add tests for the built in CA's state store table
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
19b9399f2f
Add more tests for built-in provider
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
a29f3c6b96
Fix some inconsistencies around the CA provider code
2018-06-14 09:42:06 -07:00
Paul Banks
153808db7c
Don't allow connect watches in agent/cli yet
2018-06-14 09:42:06 -07:00
Paul Banks
072b2a79ca
Support legacy watch.HandlerFunc type for backward compat reduces impact of change
2018-06-14 09:42:05 -07:00
Paul Banks
6f566f750e
Basic watch
support for connect proxy config and certificate endpoints.
...
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
- Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
- Integration into `connect` is partially done here but still WIP
2018-06-14 09:42:05 -07:00
Kyle Havlovitz
2167713226
Add CA config to connect section of agent config
2018-06-14 09:42:05 -07:00
Kyle Havlovitz
02fef5f9a2
Move ConsulCAProviderConfig into structs package
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
887cc98d7e
Simplify the CAProvider.Sign method
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
44b30476cb
Simplify the CA provider interface by moving some logic out
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
aa10fb2f48
Clarify some comments and names around CA bootstrapping
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
5abd43a567
agent: resolve flaky test by checking cache hits increase, rather than
...
exact
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
73838c9afa
agent: use helper/retry instead of timing related tests
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
dcb2671d10
agent/cache: address PR feedback, lots of typos
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
07d878a157
agent/cache: address feedback, clarify comments
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
ad3928b6bd
agent/cache: don't every block on NotifyCh
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
3f80a9f330
agent/cache: unit tests for ExpiryHeap, found a bug!
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
1c31e34e5b
agent/cache: send the total entries count on eviction to go-metrics
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
ec559d77bd
agent/cache: make edge case with prev/next idx == 0 handled better
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
b319d06276
agent/cache: rework how expiry data is stored to be more efficient
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
449bbd817d
agent/cache: initial TTL work
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
3c6acbda5d
agent/cache: send the RefreshTimeout into the backend fetch
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
257fc34e51
agent/cache: on error, return from Get immediately, don't block forever
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
e9d58ca219
agent/cache: lots of comment/doc updates
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
a1f8cb9570
agent: augment /v1/connect/authorize to cache intentions
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
56774f24d0
agent/cache-types: support intention match queries
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
109bb946e9
agent/cache: return the error as part of Get
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
6ecc2da7ff
agent/cache: integrate go-metrics so the cache is debuggable
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
3b6c46b7d7
agent/structs: DCSpecificRequest sets all the proper fields for
...
CacheInfo
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
ccd7eeef1a
agent/cache-types/ca-leaf: proper result for timeout, race on setting CA
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
4509589427
agent/cache: support timeouts for cache reads and empty fetch results
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
b0f70f17db
agent/cache-types: rename to separate root and leaf cache types
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
e3b1c400e5
agent/cache-types: got basic CA leaf caching work, major problems still
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
9e44a319d3
agent: check cache hit count to verify CA root caching, background update
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
8bb4fd95a6
agent: initialize the cache and cache the CA roots
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
286217cbd8
agent/cache: partition by DC/ACL token
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
72c82a9b29
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
ecc789ddb5
agent/cache: ConnectCA roots caching type
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
c69df79e0c
agent/cache: blank cache key means to always fetch
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
8584e9262e
agent/cache: initial kind-of working cache
2018-06-14 09:42:00 -07:00
Kyle Havlovitz
43f13d5a0b
Add cross-signing mechanism to root rotation
2018-06-14 09:42:00 -07:00