Go to file
Mike Morris 8020fb2098
agent: convert listener config to TLS types (#12522)
* tlsutil: initial implementation of types/TLSVersion

tlsutil: add test for parsing deprecated agent TLS version strings

tlsutil: return TLSVersionInvalid with error

tlsutil: start moving tlsutil cipher suite lookups over to types/tls

tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup

agent: attempt to use types in runtime config

agent: implement b.tlsVersion validation in config builder

agent: fix tlsVersion nil check in builder

tlsutil: update to renamed ParseTLSVersion and goTLSVersions

tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion

tlsutil: disable invalid config parsing tests

tlsutil: update tests

auto_config: lookup old config strings from base.TLSMinVersion

auto_config: update endpoint tests to use TLS types

agent: update runtime_test to use TLS types

agent: update TestRuntimeCinfig_Sanitize.golden

agent: update config runtime tests to expect TLS types

* website: update Consul agent tls_min_version values

* agent: fixup TLS parsing and compilation errors

* test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test

* tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites

* test: revert autoconfig tls min version fixtures to old format

* types: add TLSVersions public function

* agent: add warning for deprecated TLS version strings

* agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder

* tlsutil(BREAKING): change default TLS min version to TLS 1.2

* agent: move ParseCiphers logic from tlsutil into agent config builder

* tlsutil: remove unused CipherString function

* agent: fixup import for types package

* Revert "tlsutil: remove unused CipherString function"

This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c.

* agent: fixup config builder and runtime tests

* tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig

* test: move TLS cipher suites parsing test from tlsutil into agent config builder tests

* agent: remove parseCiphers helper from auto_config_endpoint_test

* test: remove unused imports from tlsutil

* agent: remove resolved FIXME comment

* tlsutil: remove TODO and FIXME in cipher suite validation

* agent: prevent setting inherited cipher suite config when TLS 1.3 is specified

* changelog: add entry for converting agent config to TLS types

* agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now

* tlsutil: remove config tests for values checked at agent config builder boundary

* tlsutil: remove tls version check from loadProtocolConfig

* tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites

* website: update search link for supported Consul agent cipher suites

* website: apply review suggestions for tls_min_version description

* website: attempt to clean up markdown list formatting for tls_min_version

* website: moar linebreaks to fix tls_min_version formatting

* Revert "website: moar linebreaks to fix tls_min_version formatting"

This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c.

* autoconfig: translate old values for TLSMinVersion

* agent: rename var for translated value of deprecated TLS version value

* Update agent/config/deprecated.go

Co-authored-by: Dan Upton <daniel@floppy.co>

* agent: fix lint issue

* agent: fixup deprecated config test assertions for updated warning

Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 15:32:25 -04:00
.changelog agent: convert listener config to TLS types (#12522) 2022-03-24 15:32:25 -04:00
.circleci ui: App-ify Lock Sessions (#12482) 2022-03-14 16:54:49 +00:00
.github Remove setup-qemu step from Docker build job (#12387) 2022-02-24 12:35:47 -08:00
.release Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
acl ACL pkg updates to support Agentless RPCs 2022-03-24 17:01:06 +05:30
agent agent: convert listener config to TLS types (#12522) 2022-03-24 15:32:25 -04:00
api fix godoc comment for Namespaces client method 2022-02-18 04:15:55 +00:00
bench Gets benchmarks running again and does a rough pass for 0.7.1. 2016-11-29 13:02:26 -08:00
build-support remove gogo from pbservice 2022-03-23 12:18:01 -04:00
command Support per-listener TLS configuration ⚙️ (#12504) 2022-03-18 10:46:58 +00:00
connect bulk rewrite using this script 2022-01-20 10:46:23 -06:00
contributing Move contributing to docs 2021-08-30 16:17:09 -04:00
docs Restructure gRPC server setup (#12586) 2022-03-22 12:40:24 +00:00
grafana add readme outlining how to edit and publish 2021-01-12 14:47:11 -08:00
internal testing: remove unnecessary calls to freeport 2021-11-29 12:19:43 -05:00
ipaddr Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
lib remove Telemetry.MergeDefaults (#12606) 2022-03-24 10:37:04 -07:00
logging bulk rewrite using this script 2022-01-20 10:46:23 -06:00
proto remove gogo from pbservice 2022-03-23 12:18:01 -04:00
sdk raft: update to v1.3.5 (#12325) 2022-02-14 13:48:52 -06:00
sentinel re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
service_os re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
snapshot Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
terraform terraform: remove modules in repo (#5085) 2019-04-04 16:31:43 -07:00
test connect: Update supported Envoy versions to include 1.19.3 and 1.18.6 2022-02-24 16:59:33 -08:00
testrpc ca: remove unused provider.ActiveRoot call 2022-01-06 16:56:48 -05:00
tlsutil agent: convert listener config to TLS types (#12522) 2022-03-24 15:32:25 -04:00
types agent: convert listener config to TLS types (#12522) 2022-03-24 15:32:25 -04:00
ui ui: Tile CSS component (#12570) 2022-03-23 10:34:26 +00:00
version update main to reflect it is v1.12.0-dev (#12157) 2022-01-21 15:03:11 -06:00
website agent: convert listener config to TLS types (#12522) 2022-03-24 15:32:25 -04:00
.dockerignore Update the scripting 2018-06-14 21:42:47 -04:00
.gitattributes Initial commit 2013-11-04 14:15:27 -08:00
.gitignore website: remove netlify artifacts and port missing redirects over to new format (#9601) 2021-01-21 10:16:17 -05:00
.golangci.yml ci: Add explanation in forbidigo (#12140) 2022-01-20 13:07:10 -05:00
CHANGELOG.md Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
Dockerfile Update docker image base to alpine:3.15 (#12276) 2022-02-04 13:56:39 -08:00
GNUmakefile split `pbcommon` to `pbcommon` and `pbcommongogo` (#12587) 2022-03-22 16:30:00 -04:00
INTERNALS.md Move contributing to docs 2021-08-30 16:17:09 -04:00
LICENSE Initial commit 2013-11-04 14:15:27 -08:00
NOTICE.md add copyright notice file 2018-07-09 10:58:26 -07:00
README.md Adjust README header to work in light and dark modes 2022-02-07 16:46:46 -08:00
Vagrantfile Adds a basic Linux Vagrant setup, stolen from Nomad. 2017-10-06 08:10:12 -07:00
codecov.yml Update all the references in CI and makefile to the bindata file location 2020-10-01 16:19:10 +01:00
go.mod remove gogo from pbservice 2022-03-23 12:18:01 -04:00
go.sum remove gogo from pbservice 2022-03-23 12:18:01 -04:00
main.go cmd: introduce a shim to expose Stdout/Stderr writers 2021-06-02 16:51:34 -04:00
main_test.go Adding basic CLI infrastructure 2013-12-19 11:22:08 -08:00
package-lock.json Adding UI screenshots to L7 overview 2022-01-10 14:34:00 -05:00

README.md

Consul logo Consul

Docker Pulls Go Report Card

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

Consul provides several key features:

  • Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

  • Service Mesh/Service Segmentation - Consul Connect enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections without being aware of Connect at all.

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.

  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.

  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

Consul runs on Linux, macOS, FreeBSD, Solaris, and Windows and includes an optional browser based UI. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

A few quick start guides are available on the Consul website:

Documentation

Full, comprehensive documentation is available on the Consul website:

https://www.consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance. For contributions specifically to the browser based UI, please refer to the UI's README.md for guidance.