Go to file
Mark Anderson 18193f2916
Support vault namespaces in connect CA (#12904)
* Support vault namespaces in connect CA

Follow on to some missed items from #12655

From an internal ticket "Support standard "Vault namespace in the
path" semantics for Connect Vault CA Provider"

Vault allows the namespace to be specified as a prefix in the path of
a PKI definition, but our usage of the Vault API includes calls that
don't support a namespaced key. In particular the sys.* family of
calls simply appends the key, instead of prefixing the namespace in
front of the path.

Unfortunately it is difficult to reliably parse a path with a
namespace; only vault knows what namespaces are present, and the '/'
separator can be inside a key name, as well as separating path
elements. This is in use in the wild; for example
'dc1/intermediate-key' is a relatively common naming schema.

Instead we add two new fields: RootPKINamespace and
IntermediatePKINamespace, which are the absolute namespace paths
'prefixed' in front of the respective PKI Paths.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-05-04 19:41:55 -07:00
.changelog Support vault namespaces in connect CA (#12904) 2022-05-04 19:41:55 -07:00
.circleci fix(ci): use correct variable syntax for build-distros job (#12933) 2022-05-04 10:45:23 -07:00
.github chore(ci): fix backport-assistant for stable website 2022-05-03 14:36:46 -04:00
.release Add config key to the promote-staging event 2022-05-03 11:58:14 -04:00
acl acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
agent Support vault namespaces in connect CA (#12904) 2022-05-04 19:41:55 -07:00
api Update mesh config tests 2022-05-04 08:50:59 -07:00
bench Gets benchmarks running again and does a rough pass for 0.7.1. 2016-11-29 13:02:26 -08:00
build-support Update go version to 1.18.1 2022-04-18 11:41:10 -04:00
command Merge pull request #12878 from hashicorp/ma/x-forwarded-client-cert 2022-05-04 11:05:44 -07:00
connect Update go version to 1.18.1 2022-04-18 11:41:10 -04:00
contributing Move contributing to docs 2021-08-30 16:17:09 -04:00
docs docs: simplify agent docs slugs 2022-04-11 17:38:47 -07:00
grafana add readme outlining how to edit and publish 2021-01-12 14:47:11 -08:00
internal Add timeout to Client RPC calls (#11500) 2022-04-21 16:21:35 -04:00
ipaddr Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
lib routine: fix that acl stops replicating after regaining leadership (#12295) (#12565) 2022-04-05 14:17:53 -04:00
logging peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
proto peering: Make Upstream peer-aware (#12900) 2022-04-29 18:12:51 -04:00
proto-public acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
sdk Update go version to 1.18.1 2022-04-18 11:41:10 -04:00
sentinel re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
service_os re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
snapshot Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
test ci: upgrade bats and the circle machine executors to get integration tests to function again (#12918) 2022-05-03 11:21:32 -05:00
testrpc peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
tlsutil Update go version to 1.18.1 2022-04-18 11:41:10 -04:00
types agent: convert listener config to TLS types (#12522) 2022-03-24 15:32:25 -04:00
ui ui:fixed bug where license was showing in oss (#12795) 2022-04-18 13:05:16 -07:00
version update main to reflect it is v1.12.0-dev (#12157) 2022-01-21 15:03:11 -06:00
website Support vault namespaces in connect CA (#12904) 2022-05-04 19:41:55 -07:00
.dockerignore Update the scripting 2018-06-14 21:42:47 -04:00
.gitattributes Initial commit 2013-11-04 14:15:27 -08:00
.gitignore changelog: snapshot-agent acl token fix for CLI and ENV 2022-04-25 16:46:55 -04:00
.golangci.yml ci: Add explanation in forbidigo (#12140) 2022-01-20 13:07:10 -05:00
CHANGELOG.md Update changelog for 1.12.0 2022-04-20 17:10:03 -07:00
Dockerfile Update docker image base to alpine:3.15 (#12276) 2022-02-04 13:56:39 -08:00
GNUmakefile Add versions compatibility tests between Consul (#12702) 2022-04-25 10:41:36 -04:00
LICENSE Initial commit 2013-11-04 14:15:27 -08:00
NOTICE.md add copyright notice file 2018-07-09 10:58:26 -07:00
README.md Adjust README header to work in light and dark modes 2022-02-07 16:46:46 -08:00
Vagrantfile Adds a basic Linux Vagrant setup, stolen from Nomad. 2017-10-06 08:10:12 -07:00
fixup_acl_move.sh Fixup script 2 2022-04-05 14:52:43 -07:00
go.mod Upgrade Raft to v1.3.9 for saturation metrics (#12865) 2022-04-27 17:17:31 +01:00
go.sum Upgrade Raft to v1.3.9 for saturation metrics (#12865) 2022-04-27 17:17:31 +01:00
main.go cmd: introduce a shim to expose Stdout/Stderr writers 2021-06-02 16:51:34 -04:00

README.md

Consul logo Consul

Docker Pulls Go Report Card

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

Consul provides several key features:

  • Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

  • Service Mesh/Service Segmentation - Consul Connect enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections without being aware of Connect at all.

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.

  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.

  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

Consul runs on Linux, macOS, FreeBSD, Solaris, and Windows and includes an optional browser based UI. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

A few quick start guides are available on the Consul website:

Documentation

Full, comprehensive documentation is available on the Consul website:

https://www.consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance. For contributions specifically to the browser based UI, please refer to the UI's README.md for guidance.