open-consul/agent
Freddy 5eace88ce2
Expose HTTP-based paths through Connect proxy (#6446)
Fixes: #5396

This PR adds a proxy configuration stanza called expose. These flags register
listeners in Connect sidecar proxies to allow requests to specific HTTP paths from outside of the node. This allows services to protect themselves by only
listening on the loopback interface, while still accepting traffic from non
Connect-enabled services.

Under expose there is a boolean checks flag that would automatically expose all
registered HTTP and gRPC check paths.

This stanza also accepts a paths list to expose individual paths. The primary
use case for this functionality would be to expose paths for third parties like
Prometheus or the kubelet.

Listeners for requests to exposed paths are be configured dynamically at run
time. Any time a proxy, or check can be registered, a listener can also be
created.

In this initial implementation requests to these paths are not
authenticated/encrypted.
2019-09-25 20:55:52 -06:00
..
ae Add -sidecar-for and new /agent/service/:service_id endpoint (#4691) 2018-10-10 16:55:34 +01:00
agentpb Add support for implementing new requests with protobufs instea… (#6502) 2019-09-20 14:37:22 -04:00
cache Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
cache-types Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
checks Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
config Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
connect connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs (#6492) 2019-09-23 12:52:35 -05:00
consul Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
debug fix comment typos (#4890) 2018-11-02 12:00:39 -05:00
exec
local Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
metadata New ACLs (#4791) 2018-10-19 12:04:07 -04:00
mock
pool snapshot: add TLS support to HalfCloser interface (#6216) 2019-08-12 12:47:02 -04:00
proxycfg Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
router Distinguish between DC not existing and not being available (#6399) 2019-09-03 09:46:24 -06:00
structs Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
systemd
token ACL Token Persistence and Reloading (#5328) 2019-02-27 14:28:31 -05:00
xds Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
acl.go connect: remove managed proxies (#6220) 2019-08-09 15:19:30 -04:00
acl_endpoint.go ACL Token ID Initialization (#5307) 2019-04-30 11:45:36 -04:00
acl_endpoint_legacy.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
acl_endpoint_legacy_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
acl_endpoint_test.go ACL Token ID Initialization (#5307) 2019-04-30 11:45:36 -04:00
acl_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
agent.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
agent_endpoint.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
agent_endpoint_test.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
agent_test.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
bindata_assetfs.go update bindata_assetfs.go 2019-09-12 19:39:58 +00:00
blacklist.go
blacklist_test.go
catalog_endpoint.go resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
catalog_endpoint_test.go connect: remove managed proxies (#6220) 2019-08-09 15:19:30 -04:00
check.go agent: tolerate more failure scenarios during service registration with central config enabled (#6472) 2019-09-24 10:04:48 -05:00
config.go Make a few config entry endpoints return 404s and allow for snake_case and lowercase key names. (#5748) 2019-04-30 18:19:19 -04:00
config_endpoint.go Centralized Config CLI (#5731) 2019-04-30 16:27:16 -07:00
config_endpoint_test.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
connect_auth.go fix typos reported by golangci-lint:misspell (#5434) 2019-03-06 11:13:28 -06:00
connect_ca_endpoint.go Fix CA pruning when CA config uses string durations. (#4669) 2018-09-13 15:43:00 +01:00
connect_ca_endpoint_test.go connect: Support RSA keys in addition to ECDSA (#6055) 2019-07-30 17:47:39 -04:00
coordinate_endpoint.go
coordinate_endpoint_test.go test: add additional http status code assertions in coordinate HTTP API tests (#6410) 2019-08-29 09:55:05 -05:00
discovery_chain_endpoint.go connect: expose an API endpoint to compile the discovery chain (#6248) 2019-08-02 15:34:54 -05:00
discovery_chain_endpoint_test.go connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340) 2019-08-19 13:03:03 -05:00
dns.go Merge Consul OSS branch 'master' at commit e91f73f59249f5756896b10890e9298e7c1fbacc 2019-06-30 02:00:31 +00:00
dns_test.go Merge Consul OSS branch 'master' at commit e91f73f59249f5756896b10890e9298e7c1fbacc 2019-06-30 02:00:31 +00:00
enterprise_delegate_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
event_endpoint.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
event_endpoint_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
health_endpoint.go Filter non-passing nodes without modifying cache 2019-04-16 10:29:34 -06:00
health_endpoint_test.go Merge branch 'master' into release/1-6 2019-07-12 14:51:25 -07:00
http.go connect: remove managed proxies (#6220) 2019-08-09 15:19:30 -04:00
http_oss.go connect: remove managed proxies (#6220) 2019-08-09 15:19:30 -04:00
http_oss_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
http_test.go sdk: add freelist tracking and ephemeral port range skipping to freeport 2019-09-17 14:30:43 -05:00
intentions_endpoint.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
intentions_endpoint_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
keyring.go add flag to allow /operator/keyring requests to only hit local servers (#6279) 2019-08-12 11:11:11 -07:00
keyring_test.go test: ensure all TestAgent constructions use a constructor (#6443) 2019-09-05 10:24:36 -07:00
kvs_endpoint.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
kvs_endpoint_test.go Pass a testing.T into NewTestAgent and TestAgent.Start (#5342) 2019-02-14 10:59:14 -05:00
notify.go Fixes memory leak when blocking on /event/list (#4482) 2018-08-02 14:54:48 +01:00
notify_test.go Fixes memory leak when blocking on /event/list (#4482) 2018-08-02 14:54:48 +01:00
operator_endpoint.go add flag to allow /operator/keyring requests to only hit local servers (#6279) 2019-08-12 11:11:11 -07:00
operator_endpoint_test.go add flag to allow /operator/keyring requests to only hit local servers (#6279) 2019-08-12 11:11:11 -07:00
prepared_query_endpoint.go Support Agent Caching for Service Discovery Results (#4541) 2018-10-10 16:55:34 +01:00
prepared_query_endpoint_test.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
remote_exec.go
remote_exec_test.go Update retries that weren't using retry.R (#6146) 2019-07-16 14:47:45 -06:00
retry_join.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
retry_join_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
service_checks_test.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
service_manager.go Expose HTTP-based paths through Connect proxy (#6446) 2019-09-25 20:55:52 -06:00
service_manager_test.go agent: tolerate more failure scenarios during service registration with central config enabled (#6472) 2019-09-24 10:04:48 -05:00
session_endpoint.go
session_endpoint_test.go tests: actually have TestSessionTTLRenew sleep during execution (#5669) 2019-04-17 15:52:23 -05:00
sidecar_service.go Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
sidecar_service_test.go test: don't leak agent goroutines in TestAgent_sidecarServiceFromNodeService (#6396) 2019-08-26 15:19:59 -05:00
signal_unix.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
signal_windows.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
snapshot_endpoint.go
snapshot_endpoint_test.go add wait to TestSnapshot 2019-02-22 17:34:45 -05:00
status_endpoint.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
status_endpoint_test.go Fix flaky tests (#6229) 2019-07-29 15:07:25 -04:00
testagent.go sdk: add freelist tracking and ephemeral port range skipping to freeport 2019-09-17 14:30:43 -05:00
testagent_test.go
translate_addr.go Add tagged addresses for services (#5965) 2019-06-17 10:51:50 -04:00
txn_endpoint.go txn: don't try to decode request bodies > raft.SuggestedMaxDataSize (#6422) 2019-08-30 10:41:25 -07:00
txn_endpoint_test.go txn: don't try to decode request bodies > raft.SuggestedMaxDataSize (#6422) 2019-08-30 10:41:25 -07:00
ui_endpoint.go Implement Kind based ServiceDump and caching of the ServiceDump RPC 2019-07-01 16:28:30 -04:00
ui_endpoint_test.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
user_event.go
user_event_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
util.go cli: forward SIGTERM to child process of 'lock' and 'watch' subcommands (#4737) 2018-10-02 15:57:21 -05:00
util_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
watch_handler.go Move the watch package into the api module (#5664) 2019-04-26 12:33:01 -04:00
watch_handler_test.go Move the watch package into the api module (#5664) 2019-04-26 12:33:01 -04:00