luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent
History
Freddy 6ef38eaea7
Configure upstream TLS context with peer root certs (#13321) 
For mTLS to work between two proxies in peered clusters with different root CAs,
proxies need to configure their outbound listener to use different root certificates
for validation.

Up until peering was introduced proxies would only ever use one set of root certificates
to validate all mesh traffic, both inbound and outbound. Now an upstream proxy
may have a leaf certificate signed by a CA that's different from the dialing proxy's.

This PR makes changes to proxycfg and xds so that the upstream TLS validation
uses different root certificates depending on which cluster is being dialed.
 		2022-06-01 15:53:52 -06:00
..
ae sdk: add TestLogLevel for setting log level in tests 2022-02-03 13:42:28 -05:00
auto-config peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
cache proxycfg: remove dependency on `cache.UpdateEvent` (#13144) 2022-05-20 15:47:40 +01:00
cache-types Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
checks Merge pull request #12685 from hashicorp/http-check-redirect-option 2022-04-07 11:29:27 -07:00
config test: regenerate golden files (#13336) 2022-06-01 15:17:03 -05:00
configentry Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
connect Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
consul Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
debug bulk rewrite using this script 2022-01-20 10:46:23 -06:00
dns test: fix incorrect use of t instead of r in retry test (#13146) 2022-05-19 14:00:07 -05:00
exec re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
grpc Specify go_package explicitly 2022-05-24 10:22:53 -07:00
local Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
metadata partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
mock
pool Add timeout to Client RPC calls (#11500) 2022-04-21 16:21:35 -04:00
proxycfg Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
proxycfg-glue Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
proxycfg-sources Fix a flaky test (#13282) 2022-05-27 13:25:08 -04:00
router sdk: add TestLogLevel for setting log level in tests 2022-02-03 13:42:28 -05:00
routine-leak-checker Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
rpc Return SPIFFE ID for connect proxies in PeerMeta 2022-05-31 09:55:37 -06:00
rpcclient/health Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
structs update gateway-services table with endpoints (#13217) 2022-05-31 16:20:12 -04:00
submatview proxycfg: remove dependency on `cache.UpdateEvent` (#13144) 2022-05-20 15:47:40 +01:00
systemd
token agent/token: rename `agent_master` to `agent_recovery` (internally) (#11744) 2021-12-07 12:12:47 +00:00
uiserver Reimplement fs.FileInfo interface (#13315) 2022-06-01 11:09:51 -04:00
xds Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
acl.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
acl_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
acl_endpoint_legacy.go http: update legacy ACL endpoints to return an error 2021-08-17 13:09:29 -04:00
acl_endpoint_legacy_test.go agent: Ensure partition is considered in agent endpoints (#11427) 2021-10-26 15:20:57 -04:00
acl_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
acl_oss.go agent: support `X-Consul-Results-Filtered-By-ACLs` header in agent-local endpoints (#11610) 2021-12-03 20:36:28 +00:00
acl_test.go Retry on bad dogstatsd connection (#13091) 2022-05-19 16:03:46 -04:00
agent.go Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
agent_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
agent_endpoint_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
agent_endpoint_oss_test.go Add oss test 2022-05-09 10:07:19 -07:00
agent_endpoint_test.go remove a source of test panics (#13227) 2022-05-25 14:33:00 -05:00
agent_oss.go proxycfg: replace direct agent cache usage with interfaces (#13320) 2022-06-01 16:18:06 +01:00
agent_test.go Update go version to 1.18.1 2022-04-18 11:41:10 -04:00
apiserver.go
apiserver_test.go
catalog_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
catalog_endpoint_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
catalog_endpoint_test.go [OSS] Fix merge central config tests (#13309) 2022-05-31 12:04:19 -07:00
check.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
config_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
config_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_auth.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_ca_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_ca_endpoint_test.go Update go version to 1.18.1 2022-04-18 11:41:10 -04:00
coordinate_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
coordinate_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
delegate_mock_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
denylist.go
denylist_test.go
discovery_chain_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
discovery_chain_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
dns.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
dns_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
dns_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
enterprise_delegate_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
event_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
event_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
federation_state_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
health_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
health_endpoint_test.go [OSS] Fix merge central config tests (#13309) 2022-05-31 12:04:19 -07:00
http.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
http_decode_test.go add test cases for h2ping_use_tls default behavior 2021-10-09 17:12:52 -04:00
http_oss.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
http_oss_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
http_register.go [sync oss] api: add peering api module (#12911) 2022-05-02 11:49:05 -07:00
http_test.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
intentions_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
intentions_endpoint_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
intentions_endpoint_test.go remove a source of test panics (#13227) 2022-05-25 14:33:00 -05:00
keyring.go Allows keyring operations on client agents 2022-02-24 17:24:57 +00:00
keyring_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
kvs_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
kvs_endpoint_test.go Add content type headers to raw KV responses 2021-04-14 16:20:22 -04:00
metrics.go agent: move agent tls metric monitor to a more appropriate place 2021-10-27 16:26:09 -04:00
metrics_test.go add more labels to RequestRecorder (#12727) 2022-04-12 10:50:25 -07:00
nodeid.go
nodeid_test.go
notify.go
notify_test.go
operator_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
operator_endpoint_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
operator_endpoint_test.go Fix defaults for autopilot config update 2021-07-06 18:39:40 -04:00
peering_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
peering_endpoint_oss_test.go [sync oss] api: add peering api module (#12911) 2022-05-02 11:49:05 -07:00
peering_endpoint_test.go api: ensure peering API endpoints do not use protobufs (#13204) 2022-05-25 13:43:35 -05:00
prepared_query_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
prepared_query_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
reload.go
remote_exec.go
remote_exec_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
retry_join.go agent: refactor the agent delegate interface to be partition friendly (#11429) 2021-10-26 15:08:55 -05:00
retry_join_test.go
service_checks_test.go
service_manager.go Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
service_manager_test.go Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
session_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
session_endpoint_test.go
setup.go Retry on bad dogstatsd connection (#13091) 2022-05-19 16:03:46 -04:00
setup_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
sidecar_service.go agent: ensure that most agent behavior correctly respects partition configuration (#10880) 2021-08-19 15:09:42 -05:00
sidecar_service_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
signal_unix.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
signal_windows.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
snapshot_endpoint.go
snapshot_endpoint_test.go
status_endpoint.go
status_endpoint_test.go
streaming_test.go regenerate expired certs (#11462) 2021-11-01 11:40:16 -04:00
testagent.go Retry on bad dogstatsd connection (#13091) 2022-05-19 16:03:46 -04:00
testagent_test.go
translate_addr.go
txn_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
txn_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
ui_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
ui_endpoint_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
ui_endpoint_test.go Support for connect native services in topology view. (#12098) 2022-02-16 16:51:54 -05:00
user_event.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
user_event_test.go Update 4 non-acl tests that used the legacy ACL.Apply 2021-09-21 17:57:29 -04:00
util.go Remove some usage of md5 from the system (#11491) 2021-11-04 13:07:54 -07:00
util_test.go Remove some usage of md5 from the system (#11491) 2021-11-04 13:07:54 -07:00
watch_handler.go
watch_handler_test.go