open-consul/agent/consul
Kyle Havlovitz f5c5d2f5c6
auto-config: relax node name validation for JWT authorization (#15370)
* auto-config: relax node name validation for JWT authorization

This changes the JWT authorization logic to allow all non-whitespace,
non-quote characters when validating node names. Consul had previously
allowed these characters in node names, until this validation was added
to fix a security vulnerability with whitespace/quotes being passed to
the `bexpr` library. This unintentionally broke node names with
characters like `.` which aren't related to this vulnerability.

* Update website/content/docs/agent/config/cli-flags.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-14 18:24:40 -06:00
..
auth acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
authmethod removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
autopilotevents fix(peering): add missing grpc_tls_port for server address reconciliation (#14944) 2022-10-11 10:56:29 -04:00
discoverychain Update the structs and discovery chain for service resolver redirects to cluster peers. (#14366) 2022-08-29 09:51:32 -04:00
fsm fix: persist peering CA updates to dialing clusters (#15243) 2022-11-04 12:53:20 -04:00
prepared_query Rename `PeerName` to `Peer` on prepared queries and exported services (#14854) 2022-10-04 14:46:15 -04:00
servercert Share mgw addrs in peering stream if needed 2022-10-03 11:42:20 -06:00
state Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
stream proxycfg: server-local config entry data sources 2022-07-04 10:48:36 +01:00
testdata ca: examine the full chain in newCARoot 2022-02-17 18:21:30 -05:00
usagemetrics add non-double-prefixed metrics (#14193) 2022-09-09 12:13:43 -05:00
wanfed grpc: ensure that streaming gRPC requests work over mesh gateway based wan federation (#10838) 2021-08-24 16:28:44 -05:00
watch Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
xdscapacity Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
acl.go Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
acl_authmethod.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_authmethod_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
acl_client.go Generate ACL token for server management 2022-09-16 17:54:34 -06:00
acl_endpoint.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
acl_endpoint_legacy.go acl: remove most of the rest of structs/acl_legacy.go 2021-10-25 17:20:06 -04:00
acl_endpoint_oss.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_endpoint_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
acl_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
acl_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
acl_replication.go acl: remove legacy ACL replication 2021-09-03 12:42:06 -04:00
acl_replication_test.go proxycfg: server-local intention upstreams data source 2022-07-04 10:48:36 +01:00
acl_replication_types.go proxycfg: server-local intention upstreams data source 2022-07-04 10:48:36 +01:00
acl_server.go Add server certificate manager 2022-09-16 17:57:10 -06:00
acl_server_oss.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_test.go Add server certificate manager 2022-09-16 17:57:10 -06:00
acl_token_exp.go acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
acl_token_exp_test.go [OSS] Remove remaining references to master (#11827) 2022-01-20 12:47:50 +00:00
auto_config_backend.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
auto_config_backend_test.go [OSS] Remove remaining references to master (#11827) 2022-01-20 12:47:50 +00:00
auto_config_endpoint.go auto-config: relax node name validation for JWT authorization (#15370) 2022-11-14 18:24:40 -06:00
auto_config_endpoint_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
auto_encrypt_endpoint.go autoencrypt: helpful error for clients with wrong dc (#14832) 2022-10-25 10:13:41 -07:00
auto_encrypt_endpoint_test.go autoencrypt: helpful error for clients with wrong dc (#14832) 2022-10-25 10:13:41 -07:00
autopilot.go xDS Load Balancing (#14397) 2022-09-09 15:02:01 +01:00
autopilot_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
autopilot_test.go Add event generation for autopilot state updates (#12626) 2022-04-19 13:03:03 -04:00
catalog_endpoint.go Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
catalog_endpoint_test.go Refactor client RPC timeouts (#14965) 2022-10-18 15:05:09 -04:00
client.go Refactor client RPC timeouts (#14965) 2022-10-18 15:05:09 -04:00
client_serf.go add HCP integration component (#14723) 2022-09-26 14:58:15 -04:00
client_test.go Refactor client RPC timeouts (#14965) 2022-10-18 15:05:09 -04:00
cluster_test.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
config.go Refactor client RPC timeouts (#14965) 2022-10-18 15:05:09 -04:00
config_endpoint.go proxycfg-glue: server-local implementation of ResolvedServiceConfig 2022-09-06 23:27:25 +01:00
config_endpoint_test.go Fix mesh gateway configuration with proxy-defaults (#15186) 2022-11-09 10:14:29 -06:00
config_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
config_replication.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
config_replication_test.go server: partly fix config entry replication issue that prevents replication in some circumstances (#12307) 2022-02-23 17:27:48 -06:00
config_test.go Upgrade serf to v0.10.1 and memberlist to v0.5.0 to get memberlist size metrics and broadcast queue depth metric (#14873) 2022-10-04 17:51:37 -06:00
connect_ca_endpoint.go ConnectCA.Sign gRPC Endpoint (#12787) 2022-04-14 14:26:14 +01:00
connect_ca_endpoint_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
coordinate_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
coordinate_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
discovery_chain_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
discovery_chain_endpoint_test.go Cluster peering failover disco chain changes (#14296) 2022-08-23 09:13:43 -04:00
enterprise_client_oss.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
enterprise_config_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
enterprise_server_oss.go Add leader routine to clean up peerings 2022-06-14 15:36:50 -06:00
enterprise_server_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
federation_state_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
federation_state_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
federation_state_replication.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
federation_state_replication_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
filter.go Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
filter_test.go acl: remove id and revision from Policy constructors 2021-11-05 15:45:08 -04:00
flood.go agent: refactor to use a single addrFn 2020-05-05 21:08:10 +02:00
gateway_locator.go rpc: improve docs for blockingQuery 2022-02-15 14:20:14 -05:00
gateway_locator_test.go rpc: improve docs for blockingQuery 2022-02-15 14:20:14 -05:00
grpc_integration_test.go Support Stale Queries for Trust Bundle Lookups (#14724) 2022-09-28 09:56:59 -07:00
health_endpoint.go Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
health_endpoint_test.go block PeerName register requests (#13887) 2022-07-29 14:36:22 -07:00
helper_test.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
intention_endpoint.go add non-double-prefixed metrics (#14193) 2022-09-09 12:13:43 -05:00
intention_endpoint_test.go peering: block Intention.Apply ops (#13451) 2022-06-16 12:07:28 -07:00
internal_endpoint.go Fixup authz for data imported from peers (#15347) 2022-11-14 11:36:27 -07:00
internal_endpoint_test.go Rename `PeerName` to `Peer` on prepared queries and exported services (#14854) 2022-10-04 14:46:15 -04:00
issue_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
kvs_endpoint.go Add kv txn get-not-exists operation. 2022-09-06 10:28:59 -05:00
kvs_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
leader.go Add server certificate manager 2022-09-16 17:57:10 -06:00
leader_connect.go Add virtual IP generation for term gateway backed services 2022-01-12 12:08:49 -08:00
leader_connect_ca.go Merge pull request #14598 from hashicorp/root-removal-fix 2022-09-15 14:36:01 -07:00
leader_connect_ca_test.go Add CSR check for number of URIs. (#14579) 2022-09-13 14:21:47 -05:00
leader_connect_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
leader_federation_state_ae.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
leader_federation_state_ae_test.go Rename `ACLMasterToken` => `ACLInitialManagementToken` (#11746) 2021-12-07 12:39:28 +00:00
leader_intentions.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
leader_intentions_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
leader_intentions_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
leader_intentions_test.go configentry: make a new package to hold shared config entry structs that aren't used for RPC or the FSM (#12384) 2022-02-22 10:36:36 -06:00
leader_metrics.go ca: use the new leaf signing lookup func in leader metrics 2022-01-06 16:55:49 -05:00
leader_oss_test.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
leader_peering.go Decrease retry time for failed peering connections. 2022-10-31 14:30:27 -05:00
leader_peering_test.go [OSS] fix: wait and try longer to peer through mesh gw (#15328) 2022-11-10 13:54:00 -05:00
leader_test.go add HCP integration component (#14723) 2022-09-26 14:58:15 -04:00
logging.go
logging_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
merge.go catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
merge_oss.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
merge_oss_test.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
merge_test.go catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
operator_autopilot_endpoint.go Enable running autopilot state updates on all servers (#12617) 2022-04-07 10:48:48 -04:00
operator_autopilot_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
operator_backend.go Leadership transfer cmd (#14132) 2022-11-14 15:35:12 -05:00
operator_backend_test.go Leadership transfer cmd (#14132) 2022-11-14 15:35:12 -05:00
operator_endpoint.go
operator_raft_endpoint.go Leadership transfer cmd (#14132) 2022-11-14 15:35:12 -05:00
operator_raft_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
options.go add HCP integration component (#14723) 2022-09-26 14:58:15 -04:00
options_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
peering_backend.go [OSS] fix: wait and try longer to peer through mesh gw (#15328) 2022-11-10 13:54:00 -05:00
peering_backend_oss.go peering: move peer replication to the external gRPC port (#13698) 2022-07-08 12:01:13 -05:00
peering_backend_oss_test.go Update hcp-scada-provider to fix diamond dependency problem with go-msgpack (#15185) 2022-11-07 11:34:30 -05:00
peering_backend_test.go [OSS] fix: wait and try longer to peer through mesh gw (#15328) 2022-11-10 13:54:00 -05:00
prepared_query_endpoint.go Rename `PeerName` to `Peer` on prepared queries and exported services (#14854) 2022-10-04 14:46:15 -04:00
prepared_query_endpoint_test.go update ACLs for cluster peering (#15317) 2022-11-09 13:02:58 -08:00
raft_rpc.go rpc: authorize raft requests (#10925) 2021-08-26 15:04:32 -07:00
replication.go Apply suggestions from code review 2022-01-26 12:24:13 -05:00
replication_test.go Move some things around to allow for license updating via config reload 2021-05-25 09:57:50 -04:00
rpc.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
rpc_test.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
rtt.go agent: ensure that most agent behavior correctly respects partition configuration (#10880) 2021-08-19 15:09:42 -05:00
rtt_test.go Regenerate files according to 1.19.2 formatter 2022-10-24 16:12:08 -04:00
segment_oss.go partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
serf_filter.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
serf_test.go
server.go Leadership transfer cmd (#14132) 2022-11-14 15:35:12 -05:00
server_connect.go Configure upstream TLS context with peer root certs (#13321) 2022-06-01 15:53:52 -06:00
server_lookup.go
server_lookup_test.go ci: enable SA4006 staticcheck check 2020-06-16 13:10:11 -04:00
server_oss.go feat(telemetry): add labels to serf and memberlist metrics (#14161) 2022-08-11 22:09:56 -04:00
server_overview.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
server_overview_test.go oss: Add overview UI internal endpoint 2022-03-22 17:05:09 -07:00
server_register.go Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
server_serf.go add HCP integration component (#14723) 2022-09-26 14:58:15 -04:00
server_test.go Update hcp-scada-provider to fix diamond dependency problem with go-msgpack (#15185) 2022-11-07 11:34:30 -05:00
session_endpoint.go Bulk acl message fixup oss (#12470) 2022-03-10 18:48:27 -08:00
session_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
session_timers.go
session_timers_test.go testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
session_ttl.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
session_ttl_test.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
snapshot_endpoint.go removes ioutil usage everywhere which was deprecated in go1.16 (#15297) 2022-11-10 10:26:01 -06:00
snapshot_endpoint_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
stats_fetcher.go introduce EmptyReadRequest for status_endpoint (#12653) 2022-03-29 18:05:45 -07:00
stats_fetcher_test.go Maybe fix another data race in a test 2020-12-22 18:53:54 -05:00
status_endpoint.go introduce EmptyReadRequest for status_endpoint (#12653) 2022-03-29 18:05:45 -07:00
status_endpoint_test.go Support per-listener TLS configuration ⚙️ (#12504) 2022-03-18 10:46:58 +00:00
subscribe_backend.go grpc: rename public/private directories to external/internal (#13721) 2022-07-13 16:33:48 +01:00
subscribe_backend_test.go test: fix flaky TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages test (#15195) 2022-10-31 12:10:43 -05:00
system_metadata.go [sync oss] add net/rpc interceptor implementation (#12573) 2022-03-17 16:02:26 -07:00
system_metadata_test.go testing: Revert assertion for virtual IP flag (#11932) 2022-01-04 11:24:56 -05:00
txn_endpoint.go Move ACLResolveResult into acl/resolver package (#13467) 2022-06-17 10:24:43 +01:00
txn_endpoint_test.go Enable servers to configure arbitrary proxies from the catalog (#13244) 2022-05-27 12:38:52 +01:00
util.go catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
util_test.go acl: remove legacy ACL upgrades from Server 2021-09-29 15:19:23 -04:00