Go to file
Connor b3af482e09
Support Vault Namespaces explicitly in CA config (#11477)
* Support Vault Namespaces explicitly in CA config

If there is a Namespace entry included in the Vault CA configuration,
set it as the Vault Namespace on the Vault client

Currently the only way to support Vault namespaces in the Consul CA
config is by doing one of the following:
1) Set the VAULT_NAMESPACE environment variable which will be picked up
by the Vault API client
2) Prefix all Vault paths with the namespace

Neither of these are super pleasant. The first requires direct access
and modification to the Consul runtime environment. It's possible and
expected, not super pleasant.

The second requires more indepth knowledge of Vault and how it uses
Namespaces and could be confusing for anyone without that context. It
also infers that it is not supported

* Add changelog

* Remove fmt.Fprint calls

* Make comment clearer

* Add next consul version to website docs

* Add new test for default configuration

* go mod tidy

* Add skip if vault not present

* Tweak changelog text
2021-11-05 11:42:28 -05:00
.changelog Support Vault Namespaces explicitly in CA config (#11477) 2021-11-05 11:42:28 -05:00
.circleci connect: Remove support for Envoy 1.16 (#11354) 2021-10-27 18:51:35 -07:00
.github Prevent running build workflows on all PRs (#11469) 2021-11-01 17:29:45 -06:00
.release Update release branch to 1.11.x 2021-10-27 14:14:02 -07:00
acl Rework acl exports interface 2021-10-27 12:50:39 -06:00
agent Support Vault Namespaces explicitly in CA config (#11477) 2021-11-05 11:42:28 -05:00
api add root_cert_ttl option for consul connect, vault ca providers (#11428) 2021-11-02 11:02:10 -07:00
bench
build-support build-support: remove test-flake machinery 2021-10-21 17:16:25 -04:00
command Support Check-And-Set deletion of config entries (#11419) 2021-11-01 16:42:01 +00:00
connect oss portion of ent #1069 (#10883) 2021-08-20 12:57:45 -04:00
contributing Move contributing to docs 2021-08-30 16:17:09 -04:00
demo
docs Move contributing to docs 2021-08-30 16:17:09 -04:00
grafana
internal sso/oidc: add support for acr_values request parameter (#11026) 2021-09-17 09:10:05 -07:00
ipaddr
lib lib/decode: fix hook to work with embedded squash struct 2021-09-22 13:22:16 -04:00
logging sync changes to oss files made in enterprise (#10670) 2021-07-22 13:58:08 -05:00
proto fix protos 2021-10-05 00:41:27 -04:00
sdk add root_cert_ttl option for consul connect, vault ca providers (#11428) 2021-11-02 11:02:10 -07:00
sentinel
service_os
snapshot
terraform
test regenerate expired certs (#11462) 2021-11-01 11:40:16 -04:00
testrpc Support Check-And-Set deletion of config entries (#11419) 2021-11-01 16:42:01 +00:00
tlsutil regenerate expired certs (#11462) 2021-11-01 11:40:16 -04:00
types
ui ui: Only show partition / partition selector if enabled (#11484) 2021-11-04 12:14:43 +00:00
version Putting source back into Dev Mode 2021-09-22 10:09:18 -05:00
website Support Vault Namespaces explicitly in CA config (#11477) 2021-11-05 11:42:28 -05:00
.dockerignore
.gitattributes
.gitignore
.golangci.yml xds: remove deprecated usages of xDS (#9602) 2021-02-22 15:00:15 -06:00
CHANGELOG.md Fixing SOA record to use alt domain when alt domain in use (#10431) 2021-10-05 10:47:27 -04:00
Dockerfile PR fixes 2021-10-28 22:22:38 -07:00
GNUmakefile build-support: remove test-flake machinery 2021-10-21 17:16:25 -04:00
INTERNALS.md Move contributing to docs 2021-08-30 16:17:09 -04:00
LICENSE
NOTICE.md
README.md docs: Call out the UI in README and include details for contributing to it (#11187) 2021-09-30 13:34:28 +01:00
Vagrantfile
codecov.yml
go.mod Support Vault Namespaces explicitly in CA config (#11477) 2021-11-05 11:42:28 -05:00
go.sum use *telemetry.MetricsPrefix as prometheus.PrometheusOpts.Name (#11290) 2021-10-21 13:33:01 -07:00
main.go cmd: introduce a shim to expose Stdout/Stderr writers 2021-06-02 16:51:34 -04:00
main_test.go
package-lock.json

README.md

Consul CircleCI Discuss

Consul is a distributed, highly available, and data center aware solution to connect and configure applications across dynamic, distributed infrastructure.

Consul provides several key features:

  • Multi-Datacenter - Consul is built to be datacenter aware, and can support any number of regions without complex configuration.

  • Service Mesh/Service Segmentation - Consul Connect enables secure service-to-service communication with automatic TLS encryption and identity-based authorization. Applications can use sidecar proxies in a service mesh configuration to establish TLS connections for inbound and outbound connections without being aware of Connect at all.

  • Service Discovery - Consul makes it simple for services to register themselves and to discover other services via a DNS or HTTP interface. External services such as SaaS providers can be registered as well.

  • Health Checking - Health Checking enables Consul to quickly alert operators about any issues in a cluster. The integration with service discovery prevents routing traffic to unhealthy hosts and enables service level circuit breakers.

  • Key/Value Storage - A flexible key/value store enables storing dynamic configuration, feature flagging, coordination, leader election and more. The simple HTTP API makes it easy to use anywhere.

Consul runs on Linux, macOS, FreeBSD, Solaris, and Windows and includes an optional browser based UI. A commercial version called Consul Enterprise is also available.

Please note: We take Consul's security and our users' trust very seriously. If you believe you have found a security issue in Consul, please responsibly disclose by contacting us at security@hashicorp.com.

Quick Start

A few quick start guides are available on the Consul website:

Documentation

Full, comprehensive documentation is available on the Consul website:

https://www.consul.io/docs

Contributing

Thank you for your interest in contributing! Please refer to CONTRIBUTING.md for guidance. For contributions specifically to the browser based UI, please refer to the UI's README.md for guidance.