luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/consul
History
Paul Glass d8d89d4b59
Permissive mTLS (#17035) 
This implements permissive mTLS , which allows toggling services into "permissive" mTLS mode.
Permissive mTLS mode allows incoming "non Consul-mTLS" traffic to be forward unmodified to the application.

* Update service-defaults and proxy-defaults config entries with a MutualTLSMode field
* Update the mesh config entry with an AllowEnablingPermissiveMutualTLS field and implement the necessary validation. AllowEnablingPermissiveMutualTLS must be true to allow changing to MutualTLSMode=permissive, but this does not require that all proxy-defaults and service-defaults are currently in strict mode.
* Update xDS listener config to add a "permissive filter chain" when MutualTLSMode=permissive for a particular service. The permissive filter chain matches incoming traffic by the destination port. If the destination port matches the service port from the catalog, then no mTLS is required and the traffic sent is forwarded unmodified to the application.
 		2023-04-19 14:45:00 -05:00
..
auth copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
authmethod copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
autopilotevents copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
controller Raft storage backend (#16619) 2023-04-04 17:30:06 +01:00
discoverychain Add PrioritizeByLocality to config entries. (#17007) 2023-04-14 15:42:54 -05:00
fsm * added Sameness Group to proto files (#16998) 2023-04-14 09:24:46 -07:00
gateways Raft storage backend (#16619) 2023-04-04 17:30:06 +01:00
multilimiter copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
prepared_query copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
rate add IP rate limiting config update (#16997) 2023-04-14 09:26:38 -04:00
reporting feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
servercert copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
state Permissive mTLS (#17035) 2023-04-19 14:45:00 -05:00
stream copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
testdata ca: examine the full chain in newCARoot 2022-02-17 18:21:30 -05:00
usagemetrics copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
wanfed copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
watch copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
xdscapacity copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_authmethod.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_authmethod_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_client.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_endpoint_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_oss_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_replication.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_replication_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_replication_types.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_server.go feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
acl_server_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_token_exp.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
acl_token_exp_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
auto_config_backend.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
auto_config_backend_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
auto_config_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
auto_config_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
auto_encrypt_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
auto_encrypt_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
autopilot.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
autopilot_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
autopilot_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
catalog_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
catalog_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
client.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
client_serf.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
client_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
cluster_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
config.go feat: add reporting config with reload (#16890) 2023-04-11 15:04:02 -04:00
config_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
config_endpoint_test.go Remove deprecated service-defaults upstream behavior. (#16957) 2023-04-11 10:20:33 -05:00
config_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
config_replication.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
config_replication_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
config_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
connect_ca_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
connect_ca_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
context.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
context_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
coordinate_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
coordinate_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
discovery_chain_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
discovery_chain_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
enterprise_client_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
enterprise_config_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
enterprise_server_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
enterprise_server_oss_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
federation_state_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
federation_state_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
federation_state_replication.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
federation_state_replication_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
filter.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
filter_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
flood.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
fsm_data_store.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
gateway_locator.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
gateway_locator_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
grpc_integration_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
health_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
health_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
helper_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
intention_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
intention_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
internal_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
internal_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
issue_test.go Raft storage backend (#16619) 2023-04-04 17:30:06 +01:00
kvs_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
kvs_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
leader.go feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
leader_connect.go feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
leader_connect_ca.go Connect CA Primary Provider refactor (#16749) 2023-04-03 11:40:33 -04:00
leader_connect_ca_test.go Connect CA Primary Provider refactor (#16749) 2023-04-03 11:40:33 -04:00
leader_connect_test.go Connect CA Primary Provider refactor (#16749) 2023-04-03 11:40:33 -04:00
leader_federation_state_ae.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
leader_federation_state_ae_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
leader_intentions.go feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
leader_intentions_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
leader_intentions_oss_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
leader_intentions_test.go feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
leader_log_verification.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
leader_metrics.go log warning about certificate expiring sooner and with more details 2023-04-07 20:38:07 +00:00
leader_metrics_test.go log warning about certificate expiring sooner and with more details 2023-04-07 20:38:07 +00:00
leader_oss_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
leader_peering.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
leader_peering_test.go Allow dialer to re-establish terminated peering (#16776) 2023-04-03 12:07:45 -06:00
leader_test.go feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
logging.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
logging_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
merge.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
merge_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
merge_oss_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
merge_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
operator_autopilot_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
operator_autopilot_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
operator_backend.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
operator_backend_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
operator_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
operator_raft_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
operator_raft_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
operator_usage_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
options.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
options_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
peering_backend.go Allow dialer to re-establish terminated peering (#16776) 2023-04-03 12:07:45 -06:00
peering_backend_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
peering_backend_oss_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
peering_backend_test.go Allow dialer to re-establish terminated peering (#16776) 2023-04-03 12:07:45 -06:00
prepared_query_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
prepared_query_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
raft_handle.go Raft storage backend (#16619) 2023-04-04 17:30:06 +01:00
raft_rpc.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
replication.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
replication_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
rpc.go Raft storage backend (#16619) 2023-04-04 17:30:06 +01:00
rpc_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
rtt.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
rtt_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
segment_oss.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
serf_filter.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
serf_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
server.go feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
server_connect.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
server_log_verification.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
server_lookup.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
server_lookup_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
server_oss.go feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
server_oss_test.go feat: add reporting config with reload (#16890) 2023-04-11 15:04:02 -04:00
server_overview.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
server_overview_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
server_register.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
server_serf.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
server_test.go add IP rate limiting config update (#16997) 2023-04-14 09:26:38 -04:00
session_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
session_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
session_timers.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
session_timers_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
session_ttl.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
session_ttl_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
snapshot_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
snapshot_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
stats_fetcher.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
stats_fetcher_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
status_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
status_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
subscribe_backend.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
subscribe_backend_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
system_metadata.go feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
system_metadata_test.go feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
txn_endpoint.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
txn_endpoint_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
util.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00
util_test.go copyright headers for agent folder (#16704) 2023-03-28 14:39:22 -04:00