open-consul/agent
Paul Glass 1ad327ddf5
Use agent token for service/check deregistration during anti-entropy (#16097)
Use only the agent token for deregistration during anti-entropy

The previous behavior had the agent attempt to use the "service" token
(i.e. from the `token` field in a service definition file), and if that
was not set then it would use the agent token.

The previous behavior was problematic because, if the service token had
been deleted, the deregistration request would fail. The agent would
retry the deregistration during each anti-entropy sync, and the
situation would never resolve.

The new behavior is to only/always use the agent token for service and
check deregistration during anti-entropy. This approach is:

* Simpler: No fallback logic to try different tokens
* Faster (slightly): No time spent attempting the service token
* Correct: The agent token is able to deregister services on that
  agent's node, because:
  * node:write permissions allow deregistration of services/checks on
    that node.
  * The agent token must have node:write permission, or else the agent
    is not be able to (de)register itself into the catalog

Co-authored-by: Vesa Hagström <weeezes@gmail.com>
2023-02-03 08:45:11 -06:00
..
ae
auto-config Protobuf Modernization (#15949) 2023-01-11 09:39:10 -05:00
cache xds: don't attempt to load-balance sessions for local proxies (#15789) 2023-01-18 12:33:21 -06:00
cache-types xds: don't attempt to load-balance sessions for local proxies (#15789) 2023-01-18 12:33:21 -06:00
checks Fix TLS_BadVerify test assertions on macOS (#15903) 2023-01-05 11:47:45 -06:00
config Add new config_file_service_registration token (#15828) 2023-01-10 10:24:02 -06:00
configentry Fix proxy-defaults incorrectly merging config on upstreams. (#16021) 2023-01-20 11:25:51 -06:00
connect Support Vault agent auth config for AWS/GCP CA provider auth (#15970) 2023-01-18 11:53:04 -08:00
consul rate: add prometheus definitions, docs, and clearer names (#15945) 2023-02-03 12:01:57 +00:00
debug
dns
envoyextensions improvement: prevent filter being added twice from any enovy extension (#16112) 2023-01-31 16:49:45 +00:00
exec
grpc-external xds: don't attempt to load-balance sessions for local proxies (#15789) 2023-01-18 12:33:21 -06:00
grpc-internal feat: apply retry policy to read only grpc endpoints (#16085) 2023-01-31 10:44:25 -05:00
grpc-middleware Protobuf Modernization (#15949) 2023-01-11 09:39:10 -05:00
hcp xds: don't attempt to load-balance sessions for local proxies (#15789) 2023-01-18 12:33:21 -06:00
local Use agent token for service/check deregistration during anti-entropy (#16097) 2023-02-03 08:45:11 -06:00
log-drop inject logger and create logdrop sink (#15822) 2023-01-06 11:33:53 -07:00
metadata Change serf-tag references to field references. 2022-08-31 16:38:42 -05:00
metrics emit metrics for global rate limiting (#15891) 2023-01-06 17:49:33 -06:00
mock
pool Use rpcHoldTimeout to calculate blocking timeout (#15541) 2022-11-24 10:13:02 -05:00
proxycfg Add extension validation on config save and refactor extensions. (#16110) 2023-01-30 15:35:26 -06:00
proxycfg-glue Remove legacy acl tokens (#15947) 2023-01-27 09:17:07 -06:00
proxycfg-sources xds: don't attempt to load-balance sessions for local proxies (#15789) 2023-01-18 12:33:21 -06:00
router Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
routine-leak-checker removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
rpc Remove legacy acl tokens (#15947) 2023-01-27 09:17:07 -06:00
rpcclient/health Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
structs APIGateway HTTPRoute scaffolding (#15859) 2023-02-01 07:59:49 -05:00
submatview xds: don't attempt to load-balance sessions for local proxies (#15789) 2023-01-18 12:33:21 -06:00
systemd
token Add new config_file_service_registration token (#15828) 2023-01-10 10:24:02 -06:00
uiserver removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
xds refactor: move service to service validation to troubleshoot package (#16132) 2023-02-02 22:18:10 -08:00
acl.go Output user-friendly name for anonymous token (#15884) 2023-01-09 12:28:53 -06:00
acl_endpoint.go Remove legacy acl tokens (#15947) 2023-01-27 09:17:07 -06:00
acl_endpoint_test.go Remove legacy acl tokens (#15947) 2023-01-27 09:17:07 -06:00
acl_oss.go
acl_test.go Remove legacy acl tokens (#15947) 2023-01-27 09:17:07 -06:00
agent.go Apply agent partition to load services and agent api (#16024) 2023-01-20 12:59:26 -05:00
agent_endpoint.go Apply agent partition to load services and agent api (#16024) 2023-01-20 12:59:26 -05:00
agent_endpoint_oss.go Apply agent partition to load services and agent api (#16024) 2023-01-20 12:59:26 -05:00
agent_endpoint_oss_test.go
agent_endpoint_test.go Warn when the token query param is used for auth (#16009) 2023-01-24 16:21:41 +00:00
agent_oss.go
agent_test.go Protobuf Modernization (#15949) 2023-01-11 09:39:10 -05:00
apiserver.go
apiserver_test.go
catalog_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
catalog_endpoint_oss.go
catalog_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
check.go
config_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
config_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
connect_auth.go
connect_ca_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
connect_ca_endpoint_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
coordinate_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
coordinate_endpoint_test.go Warn when the token query param is used for auth (#16009) 2023-01-24 16:21:41 +00:00
delegate_mock_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
denylist.go
denylist_test.go
discovery_chain_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
discovery_chain_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
dns.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
dns_oss.go Add peering `.service` and `.node` DNS lookups. (#15596) 2022-11-29 12:23:18 -06:00
dns_oss_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
dns_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
enterprise_delegate_oss.go
event_endpoint.go
event_endpoint_test.go Warn when the token query param is used for auth (#16009) 2023-01-24 16:21:41 +00:00
federation_state_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
health_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
health_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
http.go Warn when the token query param is used for auth (#16009) 2023-01-24 16:21:41 +00:00
http_decode_test.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
http_oss.go
http_oss_test.go
http_register.go Remove legacy acl tokens (#15947) 2023-01-27 09:17:07 -06:00
http_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
intentions_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
intentions_endpoint_oss_test.go
intentions_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
keyring.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
keyring_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
kvs_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
kvs_endpoint_test.go
metrics.go
metrics_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
nodeid.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
nodeid_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
notify.go
notify_test.go
operator_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
operator_endpoint_oss.go
operator_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
peering_endpoint.go Support Stale Queries for Trust Bundle Lookups (#14724) 2022-09-28 09:56:59 -07:00
peering_endpoint_oss_test.go
peering_endpoint_test.go Bring back parameter ServerExternalAddresses in GenerateToken endpoint (#15267) 2022-11-08 14:55:18 -06:00
prepared_query_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
prepared_query_endpoint_test.go Warn when the token query param is used for auth (#16009) 2023-01-24 16:21:41 +00:00
reload.go
remote_exec.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
remote_exec_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
retry_join.go Deprecate -join and -join-wan (#15598) 2022-12-14 20:28:25 +00:00
retry_join_test.go add HCP integration component (#14723) 2022-09-26 14:58:15 -04:00
service_checks_test.go Service http checks data source for agentless proxies (#14924) 2022-10-12 07:49:56 -07:00
service_manager.go Merge central config for GetEnvoyBootstrapParams (#14869) 2022-10-10 12:40:27 -05:00
service_manager_test.go Fix proxy-defaults incorrectly merging config on upstreams. (#16021) 2023-01-20 11:25:51 -06:00
session_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
session_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
setup.go inject logger and create logdrop sink (#15822) 2023-01-06 11:33:53 -07:00
setup_oss.go
sidecar_service.go PR #14057 follow up fix: service id parsing from sidecar id (#14541) 2022-09-09 09:47:10 -05:00
sidecar_service_test.go Backport test from ENT: "Fix missing test fields" (#15258) 2022-11-04 09:29:16 -05:00
signal_unix.go
signal_windows.go
snapshot_endpoint.go
snapshot_endpoint_test.go Warn when the token query param is used for auth (#16009) 2023-01-24 16:21:41 +00:00
status_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
status_endpoint_test.go
streaming_test.go
testagent.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
testagent_test.go
translate_addr.go
txn_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
txn_endpoint_test.go increase the size of txn to support vault (#14599) 2022-09-19 09:07:19 -07:00
ui_endpoint.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
ui_endpoint_oss_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
ui_endpoint_test.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
user_event.go Pass remote addr of incoming HTTP requests through to RPC(..) calls (#15700) 2022-12-14 09:24:22 -06:00
user_event_test.go Add new config_file_service_registration token (#15828) 2023-01-10 10:24:02 -06:00
util.go
util_test.go
watch_handler.go
watch_handler_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00