Kyle Havlovitz
9c21cc7ac9
connect: update leader initializeCA comment
2018-07-11 10:00:42 -07:00
Kyle Havlovitz
db254f0991
connect: persist intermediate CAs on leader change
2018-07-11 09:44:30 -07:00
Paul Banks
dae66b1afc
Merge pull request #4038 from pierresouchay/ACL_additional_info
...
Track calls blocked by ACLs using metrics
2018-07-09 20:21:21 +01:00
MagnumOpus21
9bc5fe7fe5
Tests/Proxy : Changed function name to match the system being tested.
2018-07-09 13:18:57 -04:00
MagnumOpus21
3a00c5a834
Resolved merge conflicts
2018-07-09 12:48:34 -04:00
MagnumOpus21
0b50b84429
Agent/Proxy: Formatting and test cases fix
2018-07-09 12:46:10 -04:00
MagnumOpus21
f0af60612c
Proxy/Tests: Added test cases to check env variables
2018-07-09 12:28:29 -04:00
MagnumOpus21
4a8814ea01
Agent/Proxy : Properly passes env variables to child
2018-07-09 12:28:29 -04:00
Pierre Souchay
9128de5b11
Merge remote-tracking branch 'origin/master' into ACL_additional_info
2018-07-07 14:09:18 +02:00
Kyle Havlovitz
883b2a518a
Store the time CARoot is rotated out instead of when to prune
2018-07-06 16:05:25 -07:00
MagnumOpus21
e79f630adf
Agent/Proxy : Properly passes env variables to child
2018-07-05 22:04:29 -04:00
Kyle Havlovitz
3c520019e9
connect/ca: add logic for pruning old stale RootCA entries
2018-07-02 10:35:05 -07:00
Matt Keeler
ad40be86d5
Merge pull request #4315 from hashicorp/bugfix/fix-server-enterprise
...
Move starting enterprise functionality
2018-07-02 12:28:10 -04:00
Abhishek Chanda
37377d8779
Change bind_port to an int
2018-06-30 14:18:13 +01:00
Matt Keeler
02719c52ff
Move starting enterprise functionality
2018-06-29 17:38:29 -04:00
Mitchell Hashimoto
f213c55723
agent/config: parse upstreams with multiple service definitions
2018-06-28 15:13:33 -05:00
Mitchell Hashimoto
b6969b336b
Merge pull request #4297 from hashicorp/b-intention-500-2
...
agent: 400 error on invalid UUID format, api handles errors properly
2018-06-28 05:27:19 +02:00
Matt Keeler
66af873639
Move default uuid test into the consul package
2018-06-27 09:21:58 -04:00
Matt Keeler
dbc407cec9
go fmt changes
2018-06-27 09:07:22 -04:00
Mitchell Hashimoto
03b683f702
agent: 400 error on invalid UUID format, api handles errors properly
2018-06-27 07:40:06 +02:00
Matt Keeler
95291ec5ed
Make sure to generate UUIDs when services are registered without one
...
This makes the behavior line up with the docs and expected behavior
2018-06-26 17:04:08 -04:00
mkeeler
f8355d608a
Release v1.2.0
2018-06-25 19:45:20 +00:00
mkeeler
1da3c42867
Merge remote-tracking branch 'connect/f-connect'
2018-06-25 19:42:51 +00:00
Kyle Havlovitz
d436463d75
revert go changes to hide rotation config
2018-06-25 12:26:18 -07:00
Kyle Havlovitz
837f23441d
connect/ca: hide the RotationPeriod config field since it isn't used yet
2018-06-25 12:26:18 -07:00
Mitchell Hashimoto
54ad6fc050
agent: convert the proxy bind_port to int if it is a float
2018-06-25 12:26:18 -07:00
Matt Keeler
b3ba709b3d
Remove x509 name constraints
...
These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.
2018-06-25 12:26:10 -07:00
Matt Keeler
8b27c3268a
Make sure we omit the Kind value in JSON if empty
2018-06-25 12:26:10 -07:00
Jack Pearkes
0c43a0f448
update UI to latest
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
859eaea5c4
connect/ca: pull the cluster ID from config during a rotation
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
a67bfa2c1b
connect/ca: use weak type decoding in the Vault config parsing
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
fcc5dc6110
connect/ca: leave blank root key/cert out of the default config (unnecessary)
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
f3089a6647
connect/ca: undo the interface changes and use sign-self-issued in Vault
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
f79e3e3fa5
connect/ca: add leaf verify check to cross-signing tests
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
cea94d0bcf
connect/ca: update Consul provider to use new cross-sign CSR method
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
675555c4ff
connect/ca: update Vault provider to add cross-signing methods
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
a97c44c1ba
connect/ca: add URI SAN support to the Vault provider
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
7b0845ccde
connect/ca: fix vault provider URI SANs and test
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
a98b85b25c
connect/ca: add the Vault CA provider
2018-06-25 12:25:41 -07:00
Paul Banks
6ecc0c8099
Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift
2018-06-25 12:25:41 -07:00
Paul Banks
b4fbeb0453
Note leadership issues in comments
2018-06-25 12:25:41 -07:00
Paul Banks
21fb98ad5a
Fix test broken by final telemetry PR change!
2018-06-25 12:25:40 -07:00
Paul Banks
824a9b4943
Actually return Intermediate certificates bundled with a leaf!
2018-06-25 12:25:40 -07:00
Matt Keeler
cbf31a467f
Output the service Kind in the /v1/internal/ui/services endpoint
2018-06-25 12:25:40 -07:00
Paul Banks
1d6e1ace11
register TCP check for managed proxies
2018-06-25 12:25:40 -07:00
Paul Banks
d1810ba338
Make proxy only listen after initial certs are fetched
2018-06-25 12:25:40 -07:00
Paul Banks
42e28fa4d1
Limit proxy telemetry config to only be visible with authenticated with a proxy token
2018-06-25 12:25:39 -07:00
Paul Banks
ba6e909ed7
Misc test fixes
2018-06-25 12:25:39 -07:00
Paul Banks
ca68136ac7
Refactor to use embedded struct.
2018-06-25 12:25:39 -07:00
Paul Banks
6deadef6bd
Revert telemetry config changes ready for cleaner approach
2018-06-25 12:25:39 -07:00