luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
8,711 Commits 1 Branch 1 Tag 358 MiB
Commit Graph

1137 Commits

Author SHA1 Message Date
Matt Keeler 9f8991e0cc Fix issue with choosing a client addr that is 0.0.0.0 or :: 2018-07-16 16:30:15 -04:00
mkeeler ba67087e3c
Release v1.2.1 2018-07-12 16:33:56 +00:00
Matt Keeler cc46d59269
Merge pull request #4379 from hashicorp/persist-intermediates 
connect: persist intermediate CAs on leader change
 2018-07-12 12:09:13 -04:00
Paul Banks 6fe7faa554
Merge pull request #4381 from hashicorp/proxy-check-default 
Proxy check default
 2018-07-12 17:08:35 +01:00
Matt Keeler 965fc9cf62
Revert "Allow changing Node names since Node now have IDs" 2018-07-12 11:19:21 -04:00
Matt Keeler d8a4d9137b Fixup formatting 2018-07-12 10:14:26 -04:00
Matt Keeler d63c5807cf Revert PR 4294 - Catalog Register: Generate UUID for services registered without one 
UUID auto-generation here causes trouble in a few cases. The biggest being older
nodes reregistering will fail when the UUIDs are different and the names match

This reverts commit 0f700340828f464449c2e0d5a82db0bc5456d385.
This reverts commit d1a8f9cb3f6f48dd9c8d0bc858031ff6ccff51d0.
This reverts commit cf69ec42a418ab6594a6654e9545e12160f30970.
 2018-07-12 10:06:50 -04:00
Matt Keeler 0a365b1a4f
Merge pull request #4374 from hashicorp/feature/proxy-env-vars 
Setup managed proxy environment with API client env vars
 2018-07-12 09:13:54 -04:00
Paul Banks 8b54b87599
Update proxy config docs and add test for ipv6 2018-07-12 13:07:48 +01:00
Paul Banks 9223102331
Default managed proxy TCP check address sanely when proxy is bound to 0.0.0.0. 
This also provides a mechanism to configure custom address or disable the check entirely from managed proxy config.
 2018-07-12 12:57:10 +01:00
Matt Keeler eccadda019 Set api.Config’s InsecureSkipVerify to the value of !RuntimeConfig.VerifyOutgoing 2018-07-12 07:49:23 -04:00
Matt Keeler 240e2affcd Use type switch instead of .Network for more reliably detecting UnixAddrs 2018-07-12 07:30:17 -04:00
Matt Keeler 09ff064bc7 Look specifically for tcp instead of unix 
Add runtime -> api.Config tests
 2018-07-11 17:25:36 -04:00
Matt Keeler ebf3319211 Update proxy manager test - test passing ProxyEnv vars 2018-07-11 16:50:27 -04:00
Kyle Havlovitz 2a40f93ac8
connect: use reflect.DeepEqual instead for test 2018-07-11 13:10:58 -07:00
Matt Keeler 42729d5aff
Merge pull request #3983 from pierresouchay/node_renaming 
Allow changing Node names since Node now have IDs
 2018-07-11 16:03:02 -04:00
Kyle Havlovitz f9a35a9338
connect: add provider state to snapshots 2018-07-11 11:34:49 -07:00
Kyle Havlovitz 9c21cc7ac9
connect: update leader initializeCA comment 2018-07-11 10:00:42 -07:00
Kyle Havlovitz db254f0991
connect: persist intermediate CAs on leader change 2018-07-11 09:44:30 -07:00
Matt Keeler 1e5e9fd8cd PR Updates 
Proxy now doesn’t need to know anything about the api as we pass env vars to it instead of the api config.
 2018-07-11 09:44:54 -04:00
Matt Keeler bda7cb1448
Merge pull request #4371 from hashicorp/bugfix/gh-4358 
Remove https://prefix from TLSConfig.Address
 2018-07-11 08:50:10 -04:00
Pierre Souchay 3d0a960470 When renaming a node, ensure the name is not taken by another node. 
Since DNS is case insensitive and DB as issues when similar names with different
cases are added, check for unicity based on case insensitivity.

Following another big incident we had in our cluster, we also validate
that adding/renaming a not does not conflicts with case insensitive
matches.

We had the following error once:

 - one node called: mymachine.MYDC.mydomain was shut off
 - another node (different ID) was added with name: mymachine.mydc.mydomain before
   72 hours

When restarting the consul server of domain, the consul server restarted failed
to start since it detected an issue in RAFT database because
mymachine.MYDC.mydomain and mymachine.mydc.mydomain had the same names.

Checking at registration time with case insensitivity should definitly fix
those issues and avoid Consul DB corruption.
 2018-07-11 14:42:54 +02:00
Matt Keeler a124512ce3
Merge pull request #4365 from pierresouchay/fix_test_warning 
Fixed compilation warning about wrong type
 2018-07-10 16:53:29 -04:00
Matt Keeler 358e6c8f6a Pass around an API Config object and convert to env vars for the managed proxy 2018-07-10 12:13:51 -04:00
Pierre Souchay 988acfdc67 Use %q, not %s as it used to 2018-07-10 16:52:08 +02:00
Matt Keeler 86ce52d0d3 Merge remote-tracking branch 'origin/master' into bugfix/prevent-multi-cname 2018-07-10 10:26:45 -04:00
Matt Keeler 22c5951ec4
Merge pull request #4303 from pierresouchay/non_blocking_acl 
Only send one single ACL cache refresh across network when TTL is over
 2018-07-10 08:57:33 -04:00
Matt Keeler 2762586b0e
Merge pull request #4362 from hashicorp/bugfix/gh-4354 
Ensure TXT RRs always end up in the Additional section except for ANY or TXT queries
 2018-07-10 08:50:31 -04:00
Pierre Souchay 455d8fbea6 Fixed compilation warning about wrong type 
It fixes the following warnings:

  agent/config/builder.go:1201: Errorf format %q has arg s of wrong type *string
  agent/config/builder.go:1240: Errorf format %q has arg s of wrong type *string
 2018-07-09 23:43:56 +02:00
Paul Banks dae66b1afc
Merge pull request #4038 from pierresouchay/ACL_additional_info 
Track calls blocked by ACLs using metrics
 2018-07-09 20:21:21 +01:00
MagnumOpus21 9bc5fe7fe5 Tests/Proxy : Changed function name to match the system being tested. 2018-07-09 13:18:57 -04:00
MagnumOpus21 3a00c5a834 Resolved merge conflicts 2018-07-09 12:48:34 -04:00
MagnumOpus21 0b50b84429 Agent/Proxy: Formatting and test cases fix 2018-07-09 12:46:10 -04:00
Matt Keeler 115893b7d8 Remove https://prefix from TLSConfig.Address 2018-07-09 12:31:15 -04:00
Matt Keeler a26deb44cf Ensure TXT RRs always end up in the Additional section except for ANY or TXT queries 
This also changes where the enforcement of the enable_additional_node_meta_txt configuration gets applied.

formatNodeRecord returns the main RRs and the meta/TXT RRs in separate slices. Its then up to the caller to add to the appropriate sections or not.
 2018-07-09 12:30:11 -04:00
MagnumOpus21 f0af60612c Proxy/Tests: Added test cases to check env variables 2018-07-09 12:28:29 -04:00
MagnumOpus21 4a8814ea01 Agent/Proxy : Properly passes env variables to child 2018-07-09 12:28:29 -04:00
Pierre Souchay 9128de5b11 Merge remote-tracking branch 'origin/master' into ACL_additional_info 2018-07-07 14:09:18 +02:00
Pierre Souchay 135ac85b21 Fixed indentation in test 2018-07-07 14:03:34 +02:00
Kyle Havlovitz 883b2a518a
Store the time CARoot is rotated out instead of when to prune 2018-07-06 16:05:25 -07:00
MagnumOpus21 e79f630adf Agent/Proxy : Properly passes env variables to child 2018-07-05 22:04:29 -04:00
Matt Keeler e9390fb5c7 Refactor to make this much less confusing 2018-07-03 11:04:19 -04:00
Matt Keeler 4d1bdd8fdb Add a bunch of comments about preventing multi-cname 
Hopefully this a bit clearer as to the reasoning
 2018-07-03 10:32:52 -04:00
Matt Keeler 22cc44877d Fix some edge cases and add some tests. 2018-07-02 16:58:52 -04:00
Matt Keeler e3859b4f04 Only allow 1 CNAME when querying for a service. 
This just makes sure that if multiple services are registered with unique service addresses that we don’t blast back multiple CNAMEs for the same service DNS name and keeps us within the DNS specs.
 2018-07-02 16:12:06 -04:00
Kyle Havlovitz 3c520019e9
connect/ca: add logic for pruning old stale RootCA entries 2018-07-02 10:35:05 -07:00
Matt Keeler ad40be86d5
Merge pull request #4315 from hashicorp/bugfix/fix-server-enterprise 
Move starting enterprise functionality
 2018-07-02 12:28:10 -04:00
Pierre Souchay 95a0ab9f99 Updated swith case to use same branch for async-cache and extend-cache 2018-07-02 17:39:34 +02:00
Pierre Souchay 6dfbbf1350 Updated documentation and adding more test case for async-cache 2018-07-01 23:50:30 +02:00
Pierre Souchay 382bec0897 Added async-cache with similar behaviour as extend-cache but asynchronously 2018-07-01 23:50:30 +02:00