luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/consul/state
History
R.B. Boyer ee5eb5a960
state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727) 
For L4/tcp exported services the mesh gateways will not be terminating
TLS. A caller in one peer will be directly establishing TLS connections
to the ultimate exported service in the other peer.

The caller will be doing SAN validation using the replicated SpiffeID
values shipped from the exporting side. There are a class of discovery
chain edits that could be done on the exporting side that would cause
the introduction of a new SpiffeID value. In between the time of the
config entry update on the exporting side and the importing side getting
updated peer stream data requests to the exported service would fail due
to SAN validation errors.

This is unacceptable so instead prohibit the exporting peer from making
changes that would break peering in this way.
 		2022-07-12 11:17:33 -05:00
..
acl.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
acl_events.go convert indexSecret to the new index (#11007) 2021-09-10 09:10:11 -04:00
acl_events_test.go
acl_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
acl_oss_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
acl_schema.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
acl_test.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
autopilot.go state: use ReadTxn and WriteTxn interface 2021-03-29 18:52:16 -04:00
autopilot_test.go
catalog.go Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642) 2022-06-29 16:34:58 -04:00
catalog_events.go proxycfg: server-local config entry data sources 2022-07-04 10:48:36 +01:00
catalog_events_oss.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
catalog_events_oss_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
catalog_events_test.go update gateway-services table with endpoints (#13217) 2022-05-31 16:20:12 -04:00
catalog_oss.go Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642) 2022-06-29 16:34:58 -04:00
catalog_oss_test.go Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642) 2022-06-29 16:34:58 -04:00
catalog_schema.go Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642) 2022-06-29 16:34:58 -04:00
catalog_test.go Add new index for PeeredServiceName and ServiceVirtualIP (#13582) 2022-06-24 14:38:39 -04:00
config_entry.go state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727) 2022-07-12 11:17:33 -05:00
config_entry_events.go proxycfg: server-local intentions data source 2022-07-04 10:48:36 +01:00
config_entry_events_test.go proxycfg: server-local intentions data source 2022-07-04 10:48:36 +01:00
config_entry_intention.go peering, state: account for peer intentions (#13443) 2022-06-16 10:27:31 -07:00
config_entry_intention_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
config_entry_oss.go peering: add store.PeeringsForService implementation (#12957) 2022-05-06 12:35:31 -07:00
config_entry_oss_test.go Update assumptions around exported-service config 2022-06-01 17:03:51 -06:00
config_entry_schema.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
config_entry_test.go state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727) 2022-07-12 11:17:33 -05:00
connect_ca.go streaming: emit events when Connect CA Roots change (#12590) 2022-03-22 19:13:59 +00:00
connect_ca_events.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
connect_ca_events_test.go Move to using a shared EventPublisher (#12673) 2022-04-12 09:47:42 -04:00
connect_ca_test.go Bump go-control-plane 2022-03-30 13:11:27 -04:00
coordinate.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
coordinate_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
coordinate_oss_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
coordinate_test.go add general runstep test helper instead of copying it all over the place (#13013) 2022-05-10 15:25:51 -05:00
delay_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
delay_test.go
events.go proxycfg: server-local intentions data source 2022-07-04 10:48:36 +01:00
federation_state.go state: use tableIndex constant 2021-03-29 18:52:20 -04:00
graveyard.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
graveyard_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
graveyard_test.go KV state store refactoring and partitioning (#11510) 2021-11-08 09:35:56 -05:00
index_connect_test.go state: convert services table service and connect indexer 2021-03-29 15:42:24 -04:00
indexer.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
intention.go Egress gtw/intention rpc endpoint (#13354) 2022-06-07 15:55:02 -04:00
intention_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
intention_test.go peering, state: account for peer intentions (#13443) 2022-06-16 10:27:31 -07:00
kvs.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
kvs_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
kvs_oss_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
kvs_test.go KV state store refactoring and partitioning (#11510) 2021-11-08 09:35:56 -05:00
memdb.go proxycfg: server-local intentions data source 2022-07-04 10:48:36 +01:00
operations_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
peering.go state: prohibit exported discovery chains to have cross-datacenter or cross-partition references (#13726) 2022-07-12 11:03:41 -05:00
peering_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
peering_oss_test.go Update peering state and RPC for deferred deletion 2022-06-13 12:10:32 -06:00
peering_test.go Revise possible states for a peering. (#13661) 2022-07-04 10:47:58 -04:00
prepared_query.go refactor session state store tables to use the new index pattern (#11525) 2021-11-08 16:20:50 -05:00
prepared_query_index.go
prepared_query_index_test.go
prepared_query_test.go [OSS] Remove remaining references to master (#11827) 2022-01-20 12:47:50 +00:00
query.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
query_oss.go Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642) 2022-06-29 16:34:58 -04:00
schema.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
schema_oss.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
schema_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
schema_test.go Update peering state and RPC for deferred deletion 2022-06-13 12:10:32 -06:00
session.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
session_oss.go Make memdb indexers generic (#13558) 2022-06-23 11:07:19 -04:00
session_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
state_store.go Add per-node max indexes (#12399) 2022-06-23 11:13:25 -04:00
state_store_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
state_store_test.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
store_integration_test.go proxycfg: server-local config entry data sources 2022-07-04 10:48:36 +01:00
system_metadata.go use const instead of literals for `tableIndex` (#11039) 2021-09-15 10:24:04 -04:00
system_metadata_test.go
tombstone_gc.go
tombstone_gc_test.go
txn.go Enable servers to configure arbitrary proxies from the catalog (#13244) 2022-05-27 12:38:52 +01:00
txn_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
usage.go Replace fmt.Sprintf with function 2021-10-11 12:43:38 -05:00
usage_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
usage_test.go peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00