open-consul/agent
Matt Keeler 7b49fc1529
Require enabling TLS to enable Auto Config (#8159)
On the servers they must have a certificate.

On the clients they just have to set verify_outgoing to true to attempt TLS connections for RPCs.

Eventually we may relax these restrictions but right now all of the settings we push down (acl tokens, acl related settings, certificates, gossip key) are sensitive and shouldn’t be transmitted over an unencrypted connection. Our guides and docs should recoommend verify_server_hostname on the clients as well.

Another reason to do this is weird things happen when making an insecure RPC when TLS is not enabled. Basically it tries TLS anyways. We should probably fix that to make it clearer what is going on.
2020-06-19 16:38:14 -04:00
..
ae
agentpb Implement the insecure version of the Cluster.AutoConfig RPC endpoint 2020-06-17 11:25:29 -04:00
auto-config Require enabling TLS to enable Auto Config (#8159) 2020-06-19 16:38:14 -04:00
cache Make the Agent Cache more Context aware (#8092) 2020-06-15 11:01:25 -04:00
cache-types Merge pull request #8034 from hashicorp/dnephin/add-linter-staticcheck-4 2020-06-17 12:16:02 -04:00
checks Enable gofmt simplify 2020-06-16 13:21:11 -04:00
config Require enabling TLS to enable Auto Config (#8159) 2020-06-19 16:38:14 -04:00
connect Merge pull request #8070 from hashicorp/dnephin/add-gofmt-simplify 2020-06-16 17:18:38 -04:00
consul Allow cancelling startup when performing auto-config (#8157) 2020-06-19 15:16:00 -04:00
debug
exec
local Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
metadata ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
mock checks: when a service does not exists in an alias, consider it failing (#7384) 2020-06-04 14:50:52 +02:00
pool Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
proxycfg Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
router Enable gofmt simplify 2020-06-16 13:21:11 -04:00
structs Enable gofmt simplify 2020-06-16 13:21:11 -04:00
systemd
token Updates to allow for using an enterprise specific token as the agents token 2020-04-28 09:44:26 -04:00
xds Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
acl.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
acl_endpoint.go test: move some test helpers over from enterprise (#7754) 2020-05-01 14:52:15 -05:00
acl_endpoint_legacy.go
acl_endpoint_legacy_test.go ci: Add staticcheck and fix most errors 2020-05-28 11:59:58 -04:00
acl_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
acl_test.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
agent.go Allow cancelling startup when performing auto-config (#8157) 2020-06-19 15:16:00 -04:00
agent_endpoint.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
agent_endpoint_test.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
agent_oss.go Some boilerplate to allow for ACL Bootstrap disabling configurability 2020-04-28 09:42:46 -04:00
agent_test.go Change auto config authorizer to allow for future extension 2020-06-18 15:22:24 -04:00
bindata_assetfs.go update bindata_assetfs.go 2020-05-28 14:39:37 -04:00
catalog_endpoint.go Make the Agent Cache more Context aware (#8092) 2020-06-15 11:01:25 -04:00
catalog_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
check.go
config_endpoint.go Add connect expose CLI command 2020-06-05 14:54:29 -07:00
config_endpoint_test.go Expect default enterprise metadata in gateway tests (#7664) 2020-04-20 09:02:35 -05:00
connect_auth.go Make the Agent Cache more Context aware (#8092) 2020-06-15 11:01:25 -04:00
connect_ca_endpoint.go
connect_ca_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
coordinate_endpoint.go
coordinate_endpoint_test.go Fix a number of problems found by staticcheck 2020-05-19 16:50:14 -04:00
denylist.go Replace whitelist/blacklist terminology with allowlist/denylist (#7971) 2020-05-29 14:19:16 -04:00
denylist_test.go Replace whitelist/blacklist terminology with allowlist/denylist (#7971) 2020-05-29 14:19:16 -04:00
discovery_chain_endpoint.go Make the Agent Cache more Context aware (#8092) 2020-06-15 11:01:25 -04:00
discovery_chain_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
dns.go Make the Agent Cache more Context aware (#8092) 2020-06-15 11:01:25 -04:00
dns_oss.go
dns_test.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
enterprise_delegate_oss.go
event_endpoint.go
event_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
federation_state_endpoint.go
health_endpoint.go Make the Agent Cache more Context aware (#8092) 2020-06-15 11:01:25 -04:00
health_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
http.go http: use default minsize for gzip handler. (#7354) 2020-06-08 10:10:08 +02:00
http_decode_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
http_oss.go http: migrate from instrumentation in s.wrap() to an s.enterpriseHandler() 2020-05-13 15:47:05 -07:00
http_oss_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
http_register.go Create HTTP endpoint 2020-06-12 13:46:47 -06:00
http_test.go Implement Client Agent Auto Config 2020-06-17 16:49:46 -04:00
intentions_endpoint.go
intentions_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
keyring.go
keyring_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
kvs_endpoint.go
kvs_endpoint_test.go Fix a number of problems found by staticcheck 2020-05-19 16:50:14 -04:00
notify.go
notify_test.go
operator_endpoint.go
operator_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
prepared_query_endpoint.go Make the Agent Cache more Context aware (#8092) 2020-06-15 11:01:25 -04:00
prepared_query_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
remote_exec.go
remote_exec_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
retry_join.go
retry_join_test.go
service_checks_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
service_manager.go agent/service_manager: remove 'updateCh' field from serviceConfigWatch 2020-06-16 12:15:57 -04:00
service_manager_test.go Rename NewTestAgentWithFields to StartTestAgent 2020-03-31 17:14:55 -04:00
session_endpoint.go
session_endpoint_test.go ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
sidecar_service.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
sidecar_service_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
signal_unix.go
signal_windows.go
snapshot_endpoint.go Remove SnapshotRPC passthrough 2020-04-13 12:32:57 -04:00
snapshot_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
status_endpoint.go
status_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
testagent.go Allow cancelling startup when performing auto-config (#8157) 2020-06-19 15:16:00 -04:00
testagent_test.go
translate_addr.go
txn_endpoint.go
txn_endpoint_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
ui_endpoint.go Move compound service names to use ServiceName type 2020-06-12 13:47:43 -06:00
ui_endpoint_test.go Enable gofmt simplify 2020-06-16 13:21:11 -04:00
user_event.go
user_event_test.go Remove name from NewTestAgent 2020-03-31 16:13:44 -04:00
util.go
util_test.go ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
watch_handler.go
watch_handler_test.go