luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/consul
History
Freddy 6ef38eaea7
Configure upstream TLS context with peer root certs (#13321) 
For mTLS to work between two proxies in peered clusters with different root CAs,
proxies need to configure their outbound listener to use different root certificates
for validation.

Up until peering was introduced proxies would only ever use one set of root certificates
to validate all mesh traffic, both inbound and outbound. Now an upstream proxy
may have a leaf certificate signed by a CA that's different from the dialing proxy's.

This PR makes changes to proxycfg and xds so that the upstream TLS validation
uses different root certificates depending on which cluster is being dialed.
 		2022-06-01 15:53:52 -06:00
..
auth acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
authmethod acl: Adjust region handling in AWS IAM auth method (#12774) 2022-04-13 14:31:37 -05:00
autopilotevents peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
discoverychain xds: ensure that all connect timeout configs can apply equally to tproxy direct dial connections (#12711) 2022-04-07 16:58:21 -05:00
fsm [OSS] Add upsert handling for receiving CheckServiceNode (#13061) 2022-05-12 15:04:44 -06:00
prepared_query peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
state update gateway-services table with endpoints (#13217) 2022-05-31 16:20:12 -04:00
stream test: fix flaky test TestEventBufferFuzz (#13175) 2022-05-23 09:22:30 -05:00
testdata ca: examine the full chain in newCARoot 2022-02-17 18:21:30 -05:00
usagemetrics Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
wanfed grpc: ensure that streaming gRPC requests work over mesh gateway based wan federation (#10838) 2021-08-24 16:28:44 -05:00
acl.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_authmethod.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_authmethod_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
acl_client.go Merge pull request #12165 from hashicorp/dnephin/acl-resolve-token 2022-01-31 13:27:49 -05:00
acl_endpoint.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_endpoint_legacy.go acl: remove most of the rest of structs/acl_legacy.go 2021-10-25 17:20:06 -04:00
acl_endpoint_oss.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_endpoint_test.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
acl_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
acl_replication.go acl: remove legacy ACL replication 2021-09-03 12:42:06 -04:00
acl_replication_test.go Rename `ACLMasterToken` => `ACLInitialManagementToken` (#11746) 2021-12-07 12:39:28 +00:00
acl_replication_types.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
acl_server.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_server_oss.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_test.go Upgrade golangci-lint for go v1.18 (#13176) 2022-05-23 10:26:45 -04:00
acl_token_exp.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_token_exp_test.go [OSS] Remove remaining references to master (#11827) 2022-01-20 12:47:50 +00:00
auto_config_backend.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
auto_config_backend_test.go [OSS] Remove remaining references to master (#11827) 2022-01-20 12:47:50 +00:00
auto_config_endpoint.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
auto_config_endpoint_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
auto_encrypt_endpoint.go rpc: remove unnecessary arg to ForwardRPC 2021-05-06 13:30:07 -04:00
auto_encrypt_endpoint_test.go Support per-listener TLS configuration ⚙️ (#12504) 2022-03-18 10:46:58 +00:00
autopilot.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
autopilot_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
autopilot_test.go Add event generation for autopilot state updates (#12626) 2022-04-19 13:03:03 -04:00
catalog_endpoint.go Enable servers to configure arbitrary proxies from the catalog (#13244) 2022-05-27 12:38:52 +01:00
catalog_endpoint_test.go update gateway-services table with endpoints (#13217) 2022-05-31 16:20:12 -04:00
client.go Add timeout to Client RPC calls (#11500) 2022-04-21 16:21:35 -04:00
client_serf.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
client_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
cluster_test.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
config.go update raft to v1.3.8 (#12844) 2022-04-25 10:19:26 -04:00
config_endpoint.go Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
config_endpoint_test.go remove remaining shim runStep functions (#13015) 2022-05-10 16:24:45 -05:00
config_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
config_replication.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
config_replication_test.go server: partly fix config entry replication issue that prevents replication in some circumstances (#12307) 2022-02-23 17:27:48 -06:00
config_test.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
connect_ca_endpoint.go ConnectCA.Sign gRPC Endpoint (#12787) 2022-04-14 14:26:14 +01:00
connect_ca_endpoint_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
coordinate_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
coordinate_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
discovery_chain_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
discovery_chain_endpoint_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
enterprise_client_oss.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
enterprise_config_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
enterprise_server_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
enterprise_server_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
federation_state_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
federation_state_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
federation_state_replication.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
federation_state_replication_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
filter.go acl: some acl authz refactors for nodes (#10909) 2021-08-25 13:43:11 -05:00
filter_test.go acl: remove id and revision from Policy constructors 2021-11-05 15:45:08 -04:00
flood.go
gateway_locator.go rpc: improve docs for blockingQuery 2022-02-15 14:20:14 -05:00
gateway_locator_test.go rpc: improve docs for blockingQuery 2022-02-15 14:20:14 -05:00
grpc_integration_test.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
health_endpoint.go Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
health_endpoint_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
helper_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
intention_endpoint.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
intention_endpoint_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
internal_endpoint.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
internal_endpoint_test.go update gateway-services table with endpoints (#13217) 2022-05-31 16:20:12 -04:00
issue_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
kvs_endpoint.go Add source of authority annotations to the PermissionDeniedError output. (#12567) 2022-03-18 10:32:25 -07:00
kvs_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
leader.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
leader_connect.go Add virtual IP generation for term gateway backed services 2022-01-12 12:08:49 -08:00
leader_connect_ca.go Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
leader_connect_ca_test.go Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
leader_connect_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
leader_federation_state_ae.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
leader_federation_state_ae_test.go Rename `ACLMasterToken` => `ACLInitialManagementToken` (#11746) 2021-12-07 12:39:28 +00:00
leader_intentions.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
leader_intentions_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
leader_intentions_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
leader_intentions_test.go configentry: make a new package to hold shared config entry structs that aren't used for RPC or the FSM (#12384) 2022-02-22 10:36:36 -06:00
leader_metrics.go ca: use the new leaf signing lookup func in leader metrics 2022-01-06 16:55:49 -05:00
leader_oss_test.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
leader_peering.go [OSS] Add upsert handling for receiving CheckServiceNode (#13061) 2022-05-12 15:04:44 -06:00
leader_peering_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
leader_test.go Enable servers to configure arbitrary proxies from the catalog (#13244) 2022-05-27 12:38:52 +01:00
logging.go
logging_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
merge.go catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
merge_oss.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
merge_oss_test.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
merge_service_config.go Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
merge_service_config_test.go Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
merge_test.go catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
operator_autopilot_endpoint.go Enable running autopilot state updates on all servers (#12617) 2022-04-07 10:48:48 -04:00
operator_autopilot_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
operator_endpoint.go
operator_raft_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
operator_raft_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
options.go add more labels to RequestRecorder (#12727) 2022-04-12 10:50:25 -07:00
options_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
peering_backend.go monitor leadership in peering service (#13257) 2022-05-26 17:55:16 -07:00
peering_backend_oss.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
peering_backend_oss_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
peering_backend_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
prepared_query_endpoint.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
prepared_query_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
raft_rpc.go rpc: authorize raft requests (#10925) 2021-08-26 15:04:32 -07:00
replication.go Apply suggestions from code review 2022-01-26 12:24:13 -05:00
replication_test.go Move some things around to allow for license updating via config reload 2021-05-25 09:57:50 -04:00
rpc.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
rpc_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
rtt.go agent: ensure that most agent behavior correctly respects partition configuration (#10880) 2021-08-19 15:09:42 -05:00
rtt_test.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
segment_oss.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
serf_filter.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
serf_test.go
server.go monitor leadership in peering service (#13257) 2022-05-26 17:55:16 -07:00
server_connect.go Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
server_lookup.go
server_lookup_test.go ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
server_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
server_overview.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
server_overview_test.go oss: Add overview UI internal endpoint 2022-03-22 17:05:09 -07:00
server_register.go Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
server_serf.go Support per-listener TLS configuration ⚙️ (#12504) 2022-03-18 10:46:58 +00:00
server_test.go monitor leadership in peering service (#13257) 2022-05-26 17:55:16 -07:00
session_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
session_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
session_timers.go
session_timers_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
session_ttl.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
session_ttl_test.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
snapshot_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
snapshot_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
stats_fetcher.go introduce EmptyReadRequest for status_endpoint (#12653) 2022-03-29 18:05:45 -07:00
stats_fetcher_test.go Maybe fix another data race in a test 2020-12-22 18:53:54 -05:00
status_endpoint.go introduce EmptyReadRequest for status_endpoint (#12653) 2022-03-29 18:05:45 -07:00
status_endpoint_test.go Support per-listener TLS configuration ⚙️ (#12504) 2022-03-18 10:46:58 +00:00
subscribe_backend.go Move to using a shared EventPublisher (#12673) 2022-04-12 09:47:42 -04:00
subscribe_backend_test.go Restructure gRPC server setup (#12586) 2022-03-22 12:40:24 +00:00
system_metadata.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
system_metadata_test.go testing: Revert assertion for virtual IP flag (#11932) 2022-01-04 11:24:56 -05:00
txn_endpoint.go Add source of authority annotations to the PermissionDeniedError output. (#12567) 2022-03-18 10:32:25 -07:00
txn_endpoint_test.go Enable servers to configure arbitrary proxies from the catalog (#13244) 2022-05-27 12:38:52 +01:00
util.go catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
util_test.go acl: remove legacy ACL upgrades from Server 2021-09-29 15:19:23 -04:00