open-consul/agent/consul
Matt Keeler a7c4b7af7c
Fix CA Replication when ACLs are enabled (#6201)
Secondary CA initialization steps are:

• Wait until the primary will be capable of signing intermediate certs. We use serf metadata to check the versions of servers in the primary which avoids needing a token like the previous implementation that used RPCs. We require at least one alive server in the primary and the all alive servers meet the version requirement.
• Initialize the secondary CA by getting the primary to sign an intermediate

When a primary dc is configured, if no existing CA is initialized and for whatever reason we cannot initialize a secondary CA the secondary DC will remain without a CA. As soon as it can it will initialize the secondary CA by pulling the primaries roots and getting the primary to sign an intermediate.

This also fixes a segfault that can happen during leadership revocation. There was a spot in the secondaryCARootsWatch that was getting the CA Provider and executing methods on it without nil checking. Under normal circumstances it wont be nil but during leadership revocation it gets nil'ed out. Therefore there is a period of time between closing the stop chan and when the go routine is actually stopped where it could read a nil provider and cause a segfault.
2019-07-26 15:57:57 -04:00
..
authmethod acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
autopilot Remove failed nodes from serfWAN (#6028) 2019-06-28 12:40:07 -05:00
discoverychain add test for discovery chain agent cache-type (#6130) 2019-07-15 10:09:52 -05:00
fsm Make the chunking test multidimensional (#6212) 2019-07-25 11:40:09 +01:00
prepared_query
state resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
acl.go acl: allow service deregistration with node write permission (#5217) 2019-06-27 14:24:34 +02:00
acl_authmethod.go acl: a role binding rule for a role that does not exist should be ignored (#5778) 2019-05-03 14:22:44 -05:00
acl_authmethod_test.go acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
acl_client.go acl: adding Roles to Tokens (#5514) 2019-04-26 14:49:12 -05:00
acl_endpoint.go Fixed nil check for token (#6179) 2019-07-19 07:48:11 -04:00
acl_endpoint_legacy.go acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
acl_endpoint_test.go fix flaky test TestACLEndpoint_SecureIntroEndpoints_OnlyCreateLocalData (#6116) 2019-07-12 14:14:42 -07:00
acl_replication.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
acl_replication_legacy.go acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
acl_replication_legacy_test.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
acl_replication_test.go Merge branch 'master' into release/1-6 2019-07-12 14:51:25 -07:00
acl_replication_types.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
acl_server.go acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
acl_test.go acl: allow service deregistration with node write permission (#5217) 2019-06-27 14:24:34 +02:00
acl_token_exp.go acl: tokens can be created with an optional expiration time (#5353) 2019-04-26 14:47:51 -05:00
acl_token_exp_test.go acl: adding support for kubernetes auth provider login (#5600) 2019-04-26 14:49:25 -05:00
auto_encrypt.go auto-encrypt: Fix port resolution and fallback to default port (#6205) 2019-07-24 16:49:37 -07:00
auto_encrypt_endpoint.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
auto_encrypt_endpoint_test.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
auto_encrypt_test.go auto-encrypt: Fix port resolution and fallback to default port (#6205) 2019-07-24 16:49:37 -07:00
autopilot.go Remove failed nodes from serfWAN (#6028) 2019-06-28 12:40:07 -05:00
autopilot_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
autopilot_test.go Add fmt and vet (#5671) 2019-04-25 12:26:33 -04:00
catalog_endpoint.go New Cache Types (#5995) 2019-06-24 14:11:34 -04:00
catalog_endpoint_test.go Merge Consul OSS branch 'master' at commit 95dbb7f2f1b9fc3528a16335201e2324f1b388bd 2019-07-17 02:00:21 +00:00
client.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
client_serf.go Call RemoveServer for reap events (#5317) 2019-03-04 09:19:35 -05:00
client_test.go Add fmt and vet (#5671) 2019-04-25 12:26:33 -04:00
config.go tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597) 2019-06-27 22:22:07 +02:00
config_endpoint.go activate most discovery chain features in xDS for envoy (#6024) 2019-07-01 22:10:51 -05:00
config_endpoint_test.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
config_replication.go Implement config entry replication (#5706) 2019-04-26 13:38:39 -04:00
config_replication_test.go Add integration test for central config; fix central config WIP (#5752) 2019-05-01 16:39:31 -07:00
connect_ca_endpoint.go Fix secondary dc connect CA roots watch issue 2019-07-01 16:28:30 -04:00
connect_ca_endpoint_test.go Add fmt and vet (#5671) 2019-04-25 12:26:33 -04:00
consul_ca_delegate.go Move connect CA provider to separate package 2018-06-14 09:42:15 -07:00
coordinate_endpoint.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
coordinate_endpoint_test.go Add fmt and vet (#5671) 2019-04-25 12:26:33 -04:00
enterprise_client_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
enterprise_server_oss.go Fix CA Replication when ACLs are enabled (#6201) 2019-07-26 15:57:57 -04:00
filter.go txn: add ACL enforcement/validation to new txn ops 2018-12-12 10:04:10 -08:00
filter_test.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
flood.go
health_endpoint.go Implement data filtering of some endpoints (#5579) 2019-04-16 12:00:15 -04:00
health_endpoint_test.go Implement data filtering of some endpoints (#5579) 2019-04-16 12:00:15 -04:00
helper_test.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
intention_endpoint.go Include a content hash of the intention for use during replication 2019-07-01 16:28:30 -04:00
intention_endpoint_test.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
internal_endpoint.go Implement Kind based ServiceDump and caching of the ServiceDump RPC 2019-07-01 16:28:30 -04:00
internal_endpoint_test.go Implement Mesh Gateways 2019-07-01 16:28:30 -04:00
issue_test.go
kvs_endpoint.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
kvs_endpoint_test.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
leader.go Fix CA Replication when ACLs are enabled (#6201) 2019-07-26 15:57:57 -04:00
leader_connect.go Fix CA Replication when ACLs are enabled (#6201) 2019-07-26 15:57:57 -04:00
leader_connect_test.go Fix CA Replication when ACLs are enabled (#6201) 2019-07-26 15:57:57 -04:00
leader_test.go Fix CA Replication when ACLs are enabled (#6201) 2019-07-26 15:57:57 -04:00
merge.go
merge_test.go
operator_autopilot_endpoint.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
operator_autopilot_endpoint_test.go Add fmt and vet (#5671) 2019-04-25 12:26:33 -04:00
operator_endpoint.go
operator_raft_endpoint.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
operator_raft_endpoint_test.go Move internal/ to sdk/ (#5568) 2019-03-27 08:54:56 -04:00
prepared_query_endpoint.go Improve Connect with Prepared Queries (#5291) 2019-02-04 09:36:51 -05:00
prepared_query_endpoint_test.go Add fmt and vet (#5671) 2019-04-25 12:26:33 -04:00
raft_rpc.go
replication.go Move ctx and cancel func setup into the Replicator.Start (#6115) 2019-07-12 10:10:48 -04:00
replication_test.go Move ctx and cancel func setup into the Replicator.Start (#6115) 2019-07-12 10:10:48 -04:00
rpc.go Chunking support (#6172) 2019-07-24 17:06:39 -04:00
rpc_test.go Add fmt and vet (#5671) 2019-04-25 12:26:33 -04:00
rtt.go
rtt_test.go Fix more unstable tests in agent and command 2018-09-12 14:49:27 +01:00
segment_oss.go Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
serf_test.go
server.go Fix CA Replication when ACLs are enabled (#6201) 2019-07-26 15:57:57 -04:00
server_lookup.go Simplified code in various places (#6176) 2019-07-20 09:37:19 -04:00
server_lookup_test.go
server_oss.go Add RPC endpoints for config entry operations 2019-04-06 23:38:08 -07:00
server_serf.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
server_test.go Make new config when retrying testServer creation (#6204) 2019-07-24 08:41:00 -06:00
session_endpoint.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
session_endpoint_test.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
session_timers.go
session_timers_test.go
session_ttl.go agent: transfer leadership when establishLeadership fails (#5247) 2019-06-19 14:50:48 +02:00
session_ttl_test.go agent: transfer leadership when establishLeadership fails (#5247) 2019-06-19 14:50:48 +02:00
snapshot_endpoint.go New ACLs (#4791) 2018-10-19 12:04:07 -04:00
snapshot_endpoint_test.go Flaky test overhaul (#6100) 2019-07-12 09:52:26 -06:00
stats_fetcher.go Clean up StatsFetcher work when context is exceeded (#6086) 2019-07-12 08:23:28 -06:00
stats_fetcher_test.go Flaky test overhaul (#6100) 2019-07-12 09:52:26 -06:00
status_endpoint.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
status_endpoint_test.go Allow forwarding of some status RPCs (#6198) 2019-07-25 14:26:22 -04:00
txn_endpoint.go fix typos reported by golangci-lint:misspell (#5434) 2019-03-06 11:13:28 -06:00
txn_endpoint_test.go txn: add tests for RPC endpoint 2018-12-12 10:04:10 -08:00
util.go Fix CA Replication when ACLs are enabled (#6201) 2019-07-26 15:57:57 -04:00
util_test.go Fix CA Replication when ACLs are enabled (#6201) 2019-07-26 15:57:57 -04:00