1f845c995a
consul: Ensure authoritative cache is purged after update
2014-08-18 15:46:59 -07:00
6492f06a3e
consul: Provide ETag to avoid expensive policy fetch
2014-08-18 15:46:59 -07:00
7473bd2fc9
consul: ACL enforcement for KV updates
2014-08-18 15:46:24 -07:00
ea015710e9
consul: ACL enforcement for key reads
2014-08-18 15:46:24 -07:00
7299ef1a82
consul: Filter keys, refactor to interface
2014-08-18 15:46:24 -07:00
d38fd8eb1d
consul: Helpers to filter on ACL rules
2014-08-18 15:46:24 -07:00
17ee7f5057
consul: Starting token enforcement
2014-08-18 15:46:23 -07:00
5561148c8e
consul: Prevent resolution of root policy
2014-08-18 15:46:23 -07:00
8c5bb94c74
consul: Resolve parent ACLs
2014-08-18 15:46:23 -07:00
8153537e86
consul: Support management tokens
2014-08-18 15:46:23 -07:00
9e16caa497
consul: Adding some metrics for ACL usage
2014-08-18 15:46:23 -07:00
5da5df716d
consul: Create anonymous and master tokens
2014-08-18 15:46:22 -07:00
bbde4beefd
consul: Testing down policies and multi-DC
2014-08-18 15:46:22 -07:00
846cc66e6d
consul: Testing ACL resolution
2014-08-18 15:46:22 -07:00
61b80e912c
consul: Use Etag for policy caching
2014-08-18 15:46:22 -07:00
db8f896c58
consul: Support conditional policy fetch
2014-08-18 15:46:22 -07:00
edcd69019c
consul: Verify compilation of rules
2014-08-18 15:46:22 -07:00
9a4778b7d3
consul: Enable ACL lookup
2014-08-18 15:46:22 -07:00
bd124a8da3
consul: Pulling in ACLs
2014-08-18 15:46:21 -07:00
6f7bf36ee9
agent: ACL endpoint tests
2014-08-18 15:46:21 -07:00
bdf9516f96
consul: ACL Endpoint tests
2014-08-18 15:46:21 -07:00
ea31f37dd6
consul: Adding ACL endpoint
2014-08-18 15:46:21 -07:00
b41e36868e
consul: register the ACL queries
2014-08-18 15:46:21 -07:00
8a3a0faacf
consul: FSM support for ACLsg
2014-08-18 15:46:21 -07:00
101d7da90a
consul: Adding ACLs to the state store
2014-08-18 15:46:21 -07:00
da52fda65f
consul: ACL structs
2014-08-18 15:46:21 -07:00
ca6a8aef55
agent: Adding ACL master token
2014-08-18 15:46:20 -07:00
ebae394863
consul: ACL setting passthrough
2014-08-18 15:46:20 -07:00
90816cca98
Run `go fmt`
2014-07-24 01:09:55 +02:00
78a69b61a3
Don't override `ServiceTags`
2014-07-23 23:42:22 +02:00
31037338a3
Change order of fixtures
2014-07-23 23:42:22 +02:00
9dc67edf7f
Make service tag filter case-insensitive
2014-07-23 23:42:22 +02:00
2727c158a6
Make service index case-insensitive
2014-07-23 23:42:22 +02:00
ff93acda28
Lowercase index key and lookup value if flag is set
2014-07-23 23:42:22 +02:00
f7263e8e7a
Add case-insensitive flag to `MDBIndex`
2014-07-23 23:42:21 +02:00
75e631ee94
Add helper for lowercase list of strings
2014-07-23 23:42:21 +02:00
bf26a9160f
consul: Defer serf handler until initialized. Fixes #254 .
2014-07-22 09:36:58 -04:00
020802f7a5
Merge pull request #233 from nelhage/tls-no-subjname
...
Restore the 0.2 TLS verification behavior.
2014-07-01 13:41:00 -07:00
627b2e455f
Add some basic smoke tests for wrapTLSclient.
...
Check the success case, and check that we reject a self-signed
certificate.
2014-06-29 18:11:32 -07:00
0a2476b20e
Restore the 0.2 TLS verification behavior.
...
Namely, don't check the DNS names in TLS certificates when connecting to
other servers.
As of golang 1.3, crypto/tls no longer natively supports doing partial
verification (verifying the cert issuer but not the hostname), so we
have to disable verification entirely and then do the issuer
verification ourselves. Fortunately, crypto/x509 makes this relatively
straightforward.
If the "server_name" configuration option is passed, we preserve the
existing behavior of checking that server name everywhere.
No option is provided to retain the current behavior of checking the
remote certificate against the local node name, since that behavior
seems clearly buggy and unintentional, and I have difficulty imagining
it is actually being used anywhere. It would be relatively
straightforward to restore if desired, however.
2014-06-28 13:32:42 -07:00
80b86c9ee9
Rename Expect to BootstrapExpect. Fixes #223 .
2014-06-19 17:08:55 -07:00
406d19f483
consul: Minor cleanups
2014-06-18 16:15:28 -07:00
fff6546c75
Minor cleanup to logic and testsuite.
...
Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-18 18:47:05 -04:00
a2fea2ce55
Utilise new raft.SetPeers() method, move expect logic to leader.go.
...
This way, we don't use EnableSingleMode, nor cause chaos adding peers.
Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-18 12:03:30 -04:00
31c392813c
Add expect bootstrap '-expect=n' mode.
...
This allows for us to automatically bootstrap a cluster of nodes after
'n' number of server nodes join. All servers must have the same 'n' set, or
they will fail to join the cluster; all servers will not join the peer set
until they hit 'n' server nodes.
If the raft commit index is not empty, '-expect=n' does nothing because it
thinks you've already bootstrapped.
Signed-off-by: Robert Xu <robxu9@gmail.com>
2014-06-16 17:40:33 -04:00
91373968a8
Adding server_name configuration for TLS
2014-06-13 11:10:27 -07:00
987c078957
Seems like we should actually check the reference count.
2014-06-13 11:25:01 -05:00
ea054b8847
consul: Start RPC before Raft, wait to accept connecitons
2014-06-11 10:17:58 -07:00
1812eedad9
consul: start RPC after fully initialized. Fixes #160
2014-06-11 09:46:44 -07:00
2e18774c02
consul: Avoid network for server RPC. Fixes #148 .
2014-06-10 19:12:36 -07:00
Armon Dadgar