luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/structs
History
Hans Hasselberg 02de4c8b76
add primary keys to list keyring (#8522) 
During gossip encryption key rotation it would be nice to be able to see if all nodes are using the same key. This PR adds another field to the json response from `GET v1/operator/keyring` which lists the primary keys in use per dc. That way an operator can tell when a key was successfully setup as primary key.

Based on https://github.com/hashicorp/serf/pull/611 to add primary key to list keyring output:

```json
[
  {
    "WAN": true,
    "Datacenter": "dc2",
    "Segment": "",
    "Keys": {
      "0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 6,
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 6
    },
    "PrimaryKeys": {
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 6
    },
    "NumNodes": 6
  },
  {
    "WAN": false,
    "Datacenter": "dc2",
    "Segment": "",
    "Keys": {
      "0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 8,
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
    },
    "PrimaryKeys": {
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
    },
    "NumNodes": 8
  },
  {
    "WAN": false,
    "Datacenter": "dc1",
    "Segment": "",
    "Keys": {
      "0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 3,
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
    },
    "PrimaryKeys": {
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
    },
    "NumNodes": 8
  }
]
```

I intentionally did not change the CLI output because I didn't find a good way of displaying this information. There are a couple of options that we could implement later:
* add a flag to show the primary keys
* add a flag to show json output

Fixes #3393.
 		2020-08-18 09:50:24 +02:00
..
acl.go ACL Node Identities (#7970) 2020-06-16 12:54:27 -04:00
acl_cache.go acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
acl_cache_test.go test: Remove t.Parallel() from agent/structs tests 2020-05-08 14:06:10 -04:00
acl_legacy.go ACL Node Identities (#7970) 2020-06-16 12:54:27 -04:00
acl_legacy_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
acl_oss.go ACL Node Identities (#7970) 2020-06-16 12:54:27 -04:00
acl_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
auto_encrypt.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
catalog.go Sync of OSS changes to support namespaces (#6909) 2019-12-09 21:26:41 -05:00
check_definition.go feat: support sending body in HTTP checks (#6602) 2020-02-10 09:27:12 -07:00
check_definition_test.go Replace goe/verify.Values with testify/require.Equal (#7993) 2020-06-02 12:41:25 -04:00
check_type.go feat: support sending body in HTTP checks (#6602) 2020-02-10 09:27:12 -07:00
config_entry.go Split up unused key validation for oss/ent (#8189) 2020-06-25 13:58:29 -06:00
config_entry_discoverychain.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
config_entry_discoverychain_oss.go Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 10:04:58 -05:00
config_entry_discoverychain_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
config_entry_gateways.go connect: use stronger validation that ingress gateways have compatible protocols defined for their upstreams (#8470) 2020-08-12 11:19:20 -05:00
config_entry_gateways_test.go connect: use stronger validation that ingress gateways have compatible protocols defined for their upstreams (#8470) 2020-08-12 11:19:20 -05:00
config_entry_oss.go Split up unused key validation for oss/ent (#8189) 2020-06-25 13:58:29 -06:00
config_entry_oss_test.go Split up unused key validation for oss/ent (#8189) 2020-06-25 13:58:29 -06:00
config_entry_test.go Split up unused key validation for oss/ent (#8189) 2020-06-25 13:58:29 -06:00
connect.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
connect_ca.go Move generation of the CA Configuration from the agent code into a method on the RuntimeConfig (#8363) 2020-07-23 16:05:28 -04:00
connect_ca_test.go connect: add validations around intermediate cert ttl (#7213) 2020-02-11 00:05:49 +01:00
connect_oss.go Intentions ACL enforcement updates (#7028) 2020-01-13 15:51:40 -05:00
connect_proxy_config.go Add alias struct tags for new decode hook 2020-05-27 16:24:47 -04:00
connect_proxy_config_oss.go Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 10:04:58 -05:00
connect_proxy_config_test.go Make sure IngressHosts isn't parsed during JSON decode 2020-05-06 15:06:14 -05:00
discovery_chain.go OSS Changes for various config entry namespacing bugs (#7226) 2020-02-06 10:52:25 -05:00
discovery_chain_oss.go Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 10:04:58 -05:00
errors.go DNS: add IsErrQueryNotFound function for easier error evaluation 2020-07-01 03:41:44 +01:00
federation_state.go wan federation via mesh gateways (#6884) 2020-03-09 15:59:02 -05:00
intention.go connect: various changes to make namespaces for intentions work more like for other subsystems (#8194) 2020-06-26 16:59:15 -05:00
intention_oss.go connect: various changes to make namespaces for intentions work more like for other subsystems (#8194) 2020-06-26 16:59:15 -05:00
intention_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
operator.go Move autopilot to a standalone package 2017-12-11 16:45:33 -08:00
prepared_query.go Catalog + Namespace OSS changes. (#7219) 2020-02-10 10:40:44 -05:00
prepared_query_test.go agent: move agent/consul/structs to agent/structs 2017-08-09 14:32:12 +02:00
protobuf_compat.go Refactor the agentpb package (#8362) 2020-07-23 11:24:20 -04:00
sanitize_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
service_definition.go OSS Changes for various config entry namespacing bugs (#7226) 2020-02-06 10:52:25 -05:00
service_definition_test.go Replace goe/verify.Values with testify/require.Equal (#7993) 2020-06-02 12:41:25 -04:00
snapshot.go agent: move agent/consul/structs to agent/structs 2017-08-09 14:32:12 +02:00
structs.go add primary keys to list keyring (#8522) 2020-08-18 09:50:24 +02:00
structs_filtering_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
structs_oss.go connect: various changes to make namespaces for intentions work more like for other subsystems (#8194) 2020-06-26 16:59:15 -05:00
structs_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
testing.go agent: ensure that we always use the same settings for msgpack (#7245) 2020-02-07 15:50:24 -06:00
testing_catalog.go Ingress Gateways for TCP services (#7509) 2020-04-16 14:00:48 -07:00
testing_connect_proxy_config.go Add -sidecar-for and new /agent/service/:service_id endpoint (#4691) 2018-10-10 16:55:34 +01:00
testing_intention.go Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 10:04:58 -05:00
testing_service_definition.go Add Proxy Upstreams to Service Definition (#4639) 2018-10-10 16:55:34 +01:00
txn.go OSS KV Modifications to Support Namespaces 2019-11-25 12:57:35 -05:00