Mitchell Hashimoto
4fa92e7d0c
website: document proxy security settings
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
f551413714
agent: disallow API registration with managed proxy if not enabled
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
a8ec3064f5
agent/config: AllowManagedAPIRegistration
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
c30affa4b6
agent/proxy: AllowRoot to disable executing managed proxies when root
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
be83efe61e
agent/proxy: set the proper arguments so we only run the helper process
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
a7690301f9
agent/config: add AllowManagedRoot
2018-06-25 12:25:11 -07:00
Kyle Havlovitz
549dc22944
connect: fix two CA tests that were broken in a previous PR ( #60 )
2018-06-25 12:25:10 -07:00
Paul Banks
a8d3131de9
Return defensive error if API response is jank
2018-06-25 12:25:10 -07:00
Paul Banks
f6a804029f
Refactor resolver logic to be clearer
2018-06-25 12:25:10 -07:00
Paul Banks
3433020fa6
Fix roots race with CA setup hammering bug and defensive nil check hit during obscure upgrade scenario
2018-06-25 12:25:10 -07:00
Mitchell Hashimoto
866dac5db2
website: example typo
2018-06-25 12:25:10 -07:00
Mitchell Hashimoto
00068d6d35
website: clarify custom proxy integration and custom managed proxies
2018-06-25 12:25:10 -07:00
Paul Banks
57595dae2a
Fix "fail open" wording
...
"fail open" implies that we just allow anything if an agent gets partitioned which is not the right meaning!
2018-06-25 12:25:10 -07:00
Kyle Havlovitz
86200f2d03
docs: add Connect CA overview
2018-06-25 12:25:10 -07:00
Kyle Havlovitz
e401384194
docs: add agent config options for connect/CA
2018-06-25 12:25:10 -07:00
Kyle Havlovitz
1ce8361aa2
agent: format all CA config fields
2018-06-25 12:25:09 -07:00
Kyle Havlovitz
a242e5b130
agent: update accepted CA config fields and defaults
2018-06-25 12:25:09 -07:00
Mitchell Hashimoto
7846206753
agent/proxy: fix build on Windows
2018-06-25 12:24:18 -07:00
Mitchell Hashimoto
67d8cae7d0
website: update security model
2018-06-25 12:24:18 -07:00
Mitchell Hashimoto
f0e9076b8b
website: clarify namespaces, conflict
2018-06-25 12:24:17 -07:00
Paul Banks
d0c2f88aba
More misc comment cleanup
2018-06-25 12:24:17 -07:00
Paul Banks
6c77f7883e
Misc comment cleanups
2018-06-25 12:24:16 -07:00
Paul Banks
d0674cdd7a
Warn about killing proxies in dev mode
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
7e796fd07b
api: update intention struct for precedence
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
dc7d662731
website: clarify tiebreaker behavior
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
2244844bee
website: document the precedence table
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
4ebddd6adb
agent/consul: set precedence value on struct itself
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
dd042db965
website: document multi-DC, caching, clarify prepared queries and
...
multi-DC
2018-06-25 12:24:15 -07:00
Mitchell Hashimoto
db72f1018c
website: fix typo
2018-06-25 12:24:15 -07:00
Mitchell Hashimoto
61c7e33a22
agent/config: move ports to ports
structure, update docs
2018-06-25 12:24:15 -07:00
Paul Banks
01594710c6
Fix unreachable code warning from go vet
2018-06-25 12:24:15 -07:00
Paul Banks
d140612350
Fixs a few issues that stopped this working in real life but not caught by tests:
...
- Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed.
- Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart
- Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later
- Naming things
2018-06-25 12:24:14 -07:00
Mitchell Hashimoto
36adf98cc4
api: change Connect to a query option
2018-06-25 12:24:14 -07:00
Mitchell Hashimoto
83a06df778
connect: remove old unused code
2018-06-25 12:24:14 -07:00
Mitchell Hashimoto
cc4871842c
website: address feedback
2018-06-25 12:24:14 -07:00
Paul Banks
3df45ac7f1
Don't kill proxies on agent shutdown; backport manager close fix
2018-06-25 12:24:13 -07:00
Paul Banks
877390cd28
Test for adopted process Stop race and fix
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
d8715f910b
website: Go native integration with Connect
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
ce5e2a9ed2
website: connect native overview
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
692f1ef357
command/connect/proxy: can specify prepared query upstream types
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
4f8fbd53d3
connect: support prepared query resolution
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
489c84f953
connect: resolver works with native services
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
53c62b7a97
website: clarify where constraints go
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
5bc17838f3
api: support ExecuteConnect
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
e016f37ae7
agent: accept connect param for execute
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
52c10d2208
agent/consul: support a Connect option on prepared query request
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
e8c899b1b8
agent/consul: prepared query supports "Connect" field
2018-06-25 12:24:11 -07:00
Mitchell Hashimoto
e3562e39cc
agent: intention create returns 500 for bad body
2018-06-25 12:24:10 -07:00
Mitchell Hashimoto
62512adb84
api: support native connect
2018-06-25 12:24:10 -07:00
Mitchell Hashimoto
ad382d7351
agent: switch ConnectNative to an embedded struct
2018-06-25 12:24:10 -07:00