luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent
History
Matt Keeler 7b49fc1529
Require enabling TLS to enable Auto Config (#8159) 
On the servers they must have a certificate.

On the clients they just have to set verify_outgoing to true to attempt TLS connections for RPCs.

Eventually we may relax these restrictions but right now all of the settings we push down (acl tokens, acl related settings, certificates, gossip key) are sensitive and shouldn’t be transmitted over an unencrypted connection. Our guides and docs should recoommend verify_server_hostname on the clients as well.

Another reason to do this is weird things happen when making an insecure RPC when TLS is not enabled. Basically it tries TLS anyways. We should probably fix that to make it clearer what is going on.
 		2020-06-19 16:38:14 -04:00
..
ae agent: ensure node info sync and full sync. (#7189) 2020-02-06 15:30:58 +01:00
agentpb Implement the insecure version of the Cluster.AutoConfig RPC endpoint 2020-06-17 11:25:29 -04:00
auto-config Require enabling TLS to enable Auto Config (#8159) 2020-06-19 16:38:14 -04:00
cache
cache-types Merge pull request #8034 from hashicorp/dnephin/add-linter-staticcheck-4 2020-06-17 12:16:02 -04:00
checks Enable gofmt simplify 2020-06-16 13:21:11 -04:00
config Require enabling TLS to enable Auto Config (#8159) 2020-06-19 16:38:14 -04:00
connect Merge pull request #8070 from hashicorp/dnephin/add-gofmt-simplify 2020-06-16 17:18:38 -04:00
consul Allow cancelling startup when performing auto-config (#8157) 2020-06-19 15:16:00 -04:00
debug
exec
local Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
metadata ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
mock
pool Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
proxycfg Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
router Enable gofmt simplify 2020-06-16 13:21:11 -04:00
structs Enable gofmt simplify 2020-06-16 13:21:11 -04:00
systemd
token Updates to allow for using an enterprise specific token as the agents token 2020-04-28 09:44:26 -04:00
xds Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
acl.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
acl_endpoint.go
acl_endpoint_legacy.go
acl_endpoint_legacy_test.go
acl_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
acl_test.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
agent.go Allow cancelling startup when performing auto-config (#8157) 2020-06-19 15:16:00 -04:00
agent_endpoint.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
agent_endpoint_test.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
agent_oss.go
agent_test.go Change auto config authorizer to allow for future extension 2020-06-18 15:22:24 -04:00
bindata_assetfs.go
catalog_endpoint.go
catalog_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
check.go
config_endpoint.go
config_endpoint_test.go
connect_auth.go
connect_ca_endpoint.go
connect_ca_endpoint_test.go
coordinate_endpoint.go
coordinate_endpoint_test.go
denylist.go
denylist_test.go
discovery_chain_endpoint.go
discovery_chain_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
dns.go
dns_oss.go
dns_test.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
enterprise_delegate_oss.go
event_endpoint.go
event_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
federation_state_endpoint.go
health_endpoint.go
health_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
http.go
http_decode_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
http_oss.go
http_oss_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
http_register.go
http_test.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
intentions_endpoint.go
intentions_endpoint_test.go
keyring.go
keyring_test.go
kvs_endpoint.go
kvs_endpoint_test.go
notify.go
notify_test.go
operator_endpoint.go
operator_endpoint_test.go
prepared_query_endpoint.go
prepared_query_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
remote_exec.go
remote_exec_test.go
retry_join.go
retry_join_test.go
service_checks_test.go
service_manager.go agent/service_manager: remove 'updateCh' field from serviceConfigWatch 2020-06-16 12:15:57 -04:00
service_manager_test.go
session_endpoint.go
session_endpoint_test.go ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
sidecar_service.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
sidecar_service_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
signal_unix.go
signal_windows.go
snapshot_endpoint.go
snapshot_endpoint_test.go
status_endpoint.go
status_endpoint_test.go
testagent.go Allow cancelling startup when performing auto-config (#8157) 2020-06-19 15:16:00 -04:00
testagent_test.go
translate_addr.go
txn_endpoint.go
txn_endpoint_test.go
ui_endpoint.go
ui_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
user_event.go
user_event_test.go
util.go
util_test.go ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
watch_handler.go
watch_handler_test.go