Commit graph

8356 commits

Author SHA1 Message Date
Mitchell Hashimoto 4fa92e7d0c website: document proxy security settings 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto f551413714 agent: disallow API registration with managed proxy if not enabled 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto a8ec3064f5 agent/config: AllowManagedAPIRegistration 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto c30affa4b6 agent/proxy: AllowRoot to disable executing managed proxies when root 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto be83efe61e agent/proxy: set the proper arguments so we only run the helper process 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto a7690301f9 agent/config: add AllowManagedRoot 2018-06-25 12:25:11 -07:00
Kyle Havlovitz 549dc22944 connect: fix two CA tests that were broken in a previous PR (#60) 2018-06-25 12:25:10 -07:00
Paul Banks a8d3131de9 Return defensive error if API response is jank 2018-06-25 12:25:10 -07:00
Paul Banks f6a804029f Refactor resolver logic to be clearer 2018-06-25 12:25:10 -07:00
Paul Banks 3433020fa6 Fix roots race with CA setup hammering bug and defensive nil check hit during obscure upgrade scenario 2018-06-25 12:25:10 -07:00
Mitchell Hashimoto 866dac5db2 website: example typo 2018-06-25 12:25:10 -07:00
Mitchell Hashimoto 00068d6d35 website: clarify custom proxy integration and custom managed proxies 2018-06-25 12:25:10 -07:00
Paul Banks 57595dae2a Fix "fail open" wording
"fail open" implies that we just allow anything if an agent gets partitioned which is not the right meaning!
2018-06-25 12:25:10 -07:00
Kyle Havlovitz 86200f2d03 docs: add Connect CA overview 2018-06-25 12:25:10 -07:00
Kyle Havlovitz e401384194 docs: add agent config options for connect/CA 2018-06-25 12:25:10 -07:00
Kyle Havlovitz 1ce8361aa2 agent: format all CA config fields 2018-06-25 12:25:09 -07:00
Kyle Havlovitz a242e5b130 agent: update accepted CA config fields and defaults 2018-06-25 12:25:09 -07:00
Mitchell Hashimoto 7846206753 agent/proxy: fix build on Windows 2018-06-25 12:24:18 -07:00
Mitchell Hashimoto 67d8cae7d0 website: update security model 2018-06-25 12:24:18 -07:00
Mitchell Hashimoto f0e9076b8b website: clarify namespaces, conflict 2018-06-25 12:24:17 -07:00
Paul Banks d0c2f88aba More misc comment cleanup 2018-06-25 12:24:17 -07:00
Paul Banks 6c77f7883e Misc comment cleanups 2018-06-25 12:24:16 -07:00
Paul Banks d0674cdd7a Warn about killing proxies in dev mode 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto 7e796fd07b api: update intention struct for precedence 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto dc7d662731 website: clarify tiebreaker behavior 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto 2244844bee website: document the precedence table 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto 4ebddd6adb agent/consul: set precedence value on struct itself 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto dd042db965 website: document multi-DC, caching, clarify prepared queries and
multi-DC
2018-06-25 12:24:15 -07:00
Mitchell Hashimoto db72f1018c website: fix typo 2018-06-25 12:24:15 -07:00
Mitchell Hashimoto 61c7e33a22 agent/config: move ports to ports structure, update docs 2018-06-25 12:24:15 -07:00
Paul Banks 01594710c6 Fix unreachable code warning from go vet 2018-06-25 12:24:15 -07:00
Paul Banks d140612350 Fixs a few issues that stopped this working in real life but not caught by tests:
- Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed.
 - Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart
 - Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later
 - Naming things
2018-06-25 12:24:14 -07:00
Mitchell Hashimoto 36adf98cc4 api: change Connect to a query option 2018-06-25 12:24:14 -07:00
Mitchell Hashimoto 83a06df778 connect: remove old unused code 2018-06-25 12:24:14 -07:00
Mitchell Hashimoto cc4871842c website: address feedback 2018-06-25 12:24:14 -07:00
Paul Banks 3df45ac7f1 Don't kill proxies on agent shutdown; backport manager close fix 2018-06-25 12:24:13 -07:00
Paul Banks 877390cd28 Test for adopted process Stop race and fix 2018-06-25 12:24:13 -07:00
Mitchell Hashimoto d8715f910b website: Go native integration with Connect 2018-06-25 12:24:13 -07:00
Mitchell Hashimoto ce5e2a9ed2 website: connect native overview 2018-06-25 12:24:13 -07:00
Mitchell Hashimoto 692f1ef357 command/connect/proxy: can specify prepared query upstream types 2018-06-25 12:24:13 -07:00
Mitchell Hashimoto 4f8fbd53d3 connect: support prepared query resolution 2018-06-25 12:24:13 -07:00
Mitchell Hashimoto 489c84f953 connect: resolver works with native services 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto 53c62b7a97 website: clarify where constraints go 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto 5bc17838f3 api: support ExecuteConnect 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto e016f37ae7 agent: accept connect param for execute 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto 52c10d2208 agent/consul: support a Connect option on prepared query request 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto e8c899b1b8 agent/consul: prepared query supports "Connect" field 2018-06-25 12:24:11 -07:00
Mitchell Hashimoto e3562e39cc agent: intention create returns 500 for bad body 2018-06-25 12:24:10 -07:00
Mitchell Hashimoto 62512adb84 api: support native connect 2018-06-25 12:24:10 -07:00
Mitchell Hashimoto ad382d7351 agent: switch ConnectNative to an embedded struct 2018-06-25 12:24:10 -07:00