Armon Dadgar
1f845c995a
consul: Ensure authoritative cache is purged after update
2014-08-18 15:46:59 -07:00
Armon Dadgar
6492f06a3e
consul: Provide ETag to avoid expensive policy fetch
2014-08-18 15:46:59 -07:00
Armon Dadgar
7473bd2fc9
consul: ACL enforcement for KV updates
2014-08-18 15:46:24 -07:00
Armon Dadgar
ea015710e9
consul: ACL enforcement for key reads
2014-08-18 15:46:24 -07:00
Armon Dadgar
7299ef1a82
consul: Filter keys, refactor to interface
2014-08-18 15:46:24 -07:00
Armon Dadgar
d38fd8eb1d
consul: Helpers to filter on ACL rules
2014-08-18 15:46:24 -07:00
Armon Dadgar
17ee7f5057
consul: Starting token enforcement
2014-08-18 15:46:23 -07:00
Armon Dadgar
5561148c8e
consul: Prevent resolution of root policy
2014-08-18 15:46:23 -07:00
Armon Dadgar
8c5bb94c74
consul: Resolve parent ACLs
2014-08-18 15:46:23 -07:00
Armon Dadgar
8153537e86
consul: Support management tokens
2014-08-18 15:46:23 -07:00
Armon Dadgar
9e16caa497
consul: Adding some metrics for ACL usage
2014-08-18 15:46:23 -07:00
Armon Dadgar
5da5df716d
consul: Create anonymous and master tokens
2014-08-18 15:46:22 -07:00
Armon Dadgar
bbde4beefd
consul: Testing down policies and multi-DC
2014-08-18 15:46:22 -07:00
Armon Dadgar
846cc66e6d
consul: Testing ACL resolution
2014-08-18 15:46:22 -07:00
Armon Dadgar
61b80e912c
consul: Use Etag for policy caching
2014-08-18 15:46:22 -07:00
Armon Dadgar
db8f896c58
consul: Support conditional policy fetch
2014-08-18 15:46:22 -07:00
Armon Dadgar
edcd69019c
consul: Verify compilation of rules
2014-08-18 15:46:22 -07:00
Armon Dadgar
9a4778b7d3
consul: Enable ACL lookup
2014-08-18 15:46:22 -07:00
Armon Dadgar
bd124a8da3
consul: Pulling in ACLs
2014-08-18 15:46:21 -07:00
Armon Dadgar
6f7bf36ee9
agent: ACL endpoint tests
2014-08-18 15:46:21 -07:00
Armon Dadgar
bdf9516f96
consul: ACL Endpoint tests
2014-08-18 15:46:21 -07:00
Armon Dadgar
ea31f37dd6
consul: Adding ACL endpoint
2014-08-18 15:46:21 -07:00
Armon Dadgar
b41e36868e
consul: register the ACL queries
2014-08-18 15:46:21 -07:00
Armon Dadgar
8a3a0faacf
consul: FSM support for ACLsg
2014-08-18 15:46:21 -07:00
Armon Dadgar
101d7da90a
consul: Adding ACLs to the state store
2014-08-18 15:46:21 -07:00
Armon Dadgar
da52fda65f
consul: ACL structs
2014-08-18 15:46:21 -07:00
Armon Dadgar
ca6a8aef55
agent: Adding ACL master token
2014-08-18 15:46:20 -07:00
Armon Dadgar
ebae394863
consul: ACL setting passthrough
2014-08-18 15:46:20 -07:00
William Tisäter
90816cca98
Run `go fmt`
2014-07-24 01:09:55 +02:00
William Tisäter
78a69b61a3
Don't override `ServiceTags`
2014-07-23 23:42:22 +02:00
William Tisäter
31037338a3
Change order of fixtures
2014-07-23 23:42:22 +02:00
William Tisäter
9dc67edf7f
Make service tag filter case-insensitive
2014-07-23 23:42:22 +02:00
William Tisäter
2727c158a6
Make service index case-insensitive
2014-07-23 23:42:22 +02:00
William Tisäter
ff93acda28
Lowercase index key and lookup value if flag is set
2014-07-23 23:42:22 +02:00
William Tisäter
f7263e8e7a
Add case-insensitive flag to `MDBIndex`
2014-07-23 23:42:21 +02:00
William Tisäter
75e631ee94
Add helper for lowercase list of strings
2014-07-23 23:42:21 +02:00
Armon Dadgar
bf26a9160f
consul: Defer serf handler until initialized. Fixes #254 .
2014-07-22 09:36:58 -04:00
Armon Dadgar
020802f7a5
Merge pull request #233 from nelhage/tls-no-subjname
...
Restore the 0.2 TLS verification behavior.
2014-07-01 13:41:00 -07:00
Nelson Elhage
627b2e455f
Add some basic smoke tests for wrapTLSclient.
...
Check the success case, and check that we reject a self-signed
certificate.
2014-06-29 18:11:32 -07:00
Nelson Elhage
0a2476b20e
Restore the 0.2 TLS verification behavior.
...
Namely, don't check the DNS names in TLS certificates when connecting to
other servers.
As of golang 1.3, crypto/tls no longer natively supports doing partial
verification (verifying the cert issuer but not the hostname), so we
have to disable verification entirely and then do the issuer
verification ourselves. Fortunately, crypto/x509 makes this relatively
straightforward.
If the "server_name" configuration option is passed, we preserve the
existing behavior of checking that server name everywhere.
No option is provided to retain the current behavior of checking the
remote certificate against the local node name, since that behavior
seems clearly buggy and unintentional, and I have difficulty imagining
it is actually being used anywhere. It would be relatively
straightforward to restore if desired, however.
2014-06-28 13:32:42 -07:00
Armon Dadgar
80b86c9ee9
Rename Expect to BootstrapExpect. Fixes #223 .
2014-06-19 17:08:55 -07:00
Armon Dadgar
406d19f483
consul: Minor cleanups
2014-06-18 16:15:28 -07:00
Robert Xu
fff6546c75
Minor cleanup to logic and testsuite.
...
Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-18 18:47:05 -04:00
Robert Xu
a2fea2ce55
Utilise new raft.SetPeers() method, move expect logic to leader.go.
...
This way, we don't use EnableSingleMode, nor cause chaos adding peers.
Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-18 12:03:30 -04:00
Robert Xu
31c392813c
Add expect bootstrap '-expect=n' mode.
...
This allows for us to automatically bootstrap a cluster of nodes after
'n' number of server nodes join. All servers must have the same 'n' set, or
they will fail to join the cluster; all servers will not join the peer set
until they hit 'n' server nodes.
If the raft commit index is not empty, '-expect=n' does nothing because it
thinks you've already bootstrapped.
Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-16 17:40:33 -04:00
Armon Dadgar
91373968a8
Adding server_name configuration for TLS
2014-06-13 11:10:27 -07:00
Robert B Gordon
987c078957
Seems like we should actually check the reference count.
2014-06-13 11:25:01 -05:00
Armon Dadgar
ea054b8847
consul: Start RPC before Raft, wait to accept connecitons
2014-06-11 10:17:58 -07:00
Armon Dadgar
1812eedad9
consul: start RPC after fully initialized. Fixes #160
2014-06-11 09:46:44 -07:00
Armon Dadgar
2e18774c02
consul: Avoid network for server RPC. Fixes #148 .
2014-06-10 19:12:36 -07:00