luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/connect
History
Connor f8fc317731
Fix leaked Vault LifetimeRenewers (#12607) 
* Fix leaked Vault LifetimeRenewers

When the Vault CA Provider is reconfigured we do not stop the
LifetimeRenewers which can cause them to leak until the Consul processes
recycles. On Configure execute stopWatcher if it exists and is not nil
before starting a new renewal

* Add jitter before restarting the LifetimeWatcher

If we fail to login to Vault or our token is no longer valid we can
overwhelm a Vault instance with many requests very quickly by restarting
the LifetimeWatcher. Before restarting the LifetimeWatcher provide a
backoff time of 1 second or less.

* Use a retry.Waiter instead of RandomStagger

* changelog

* gofmt'd

* Swap out bool for atomic.Unit32 in test

* Provide some extra clarification in comment and changelog
 		2022-03-28 09:58:16 -05:00
..
ca Fix leaked Vault LifetimeRenewers (#12607) 2022-03-28 09:58:16 -05:00
authz.go Ensure partition is defaulted in authz 2021-09-16 14:39:01 -06:00
authz_test.go Remove ent checks from oss test 2021-09-16 14:53:28 -06:00
common_names.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
csr.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
generate.go ca: examine the full chain in newCARoot 2022-02-17 18:21:30 -05:00
generate_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
parsing.go ca: examine the full chain in newCARoot 2022-02-17 18:21:30 -05:00
sni.go Leave todo about default name 2021-10-27 11:15:25 -06:00
sni_test.go Account for partition in SNI for gateways 2021-10-27 11:15:25 -06:00
testing_ca.go split `pbcommon` to `pbcommon` and `pbcommongogo` (#12587) 2022-03-22 16:30:00 -04:00
testing_ca_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
testing_spiffe.go connect: Add logic for updating secondary DC intermediate on config set 2020-11-13 14:33:44 -08:00
uri.go auto-config: ensure the feature works properly with partitions (#11699) 2021-12-01 13:32:34 -06:00
uri_agent.go connect: include optional partition prefixes in SPIFFE identifiers (#10507) 2021-06-25 16:47:47 -05:00
uri_agent_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
uri_agent_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
uri_service.go connect: include optional partition prefixes in SPIFFE identifiers (#10507) 2021-06-25 16:47:47 -05:00
uri_service_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
uri_service_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
uri_signing.go ca: accept only the cluster ID to SpiffeIDSigningForCluster 2021-11-16 16:57:21 -05:00
uri_signing_test.go ca: accept only the cluster ID to SpiffeIDSigningForCluster 2021-11-16 16:57:21 -05:00
uri_test.go auto-config: ensure the feature works properly with partitions (#11699) 2021-12-01 13:32:34 -06:00
x509_patch.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00
x509_patch_test.go connect/ca: cease including the common name field in generated certs (#10424) 2021-06-25 13:00:00 -05:00