luxolus/open-consul
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity
open-consul/agent
History
R.B. Boyer ee5eb5a960
state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727) 
For L4/tcp exported services the mesh gateways will not be terminating
TLS. A caller in one peer will be directly establishing TLS connections
to the ultimate exported service in the other peer.

The caller will be doing SAN validation using the replicated SpiffeID
values shipped from the exporting side. There are a class of discovery
chain edits that could be done on the exporting side that would cause
the introduction of a new SpiffeID value. In between the time of the
config entry update on the exporting side and the importing side getting
updated peer stream data requests to the exported service would fail due
to SAN validation errors.

This is unacceptable so instead prohibit the exporting peer from making
changes that would break peering in this way.
2022-07-12 11:17:33 -05:00
..
ae sdk: add TestLogLevel for setting log level in tests 2022-02-03 13:42:28 -05:00
auto-config peering: initial sync (#12842) 2022-04-21 17:34:40 -05:00
cache test: update mockery use to put mocks into test files (#13656) 2022-07-05 16:57:15 -05:00
cache-types test: update mockery use to put mocks into test files (#13656) 2022-07-05 16:57:15 -05:00
checks UDP check for service stanza #12221 (#12722) 2022-06-06 15:13:19 -04:00
config no 1.9 style metrics (#13532) 2022-06-29 09:46:37 -07:00
configentry Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
connect xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460) 2022-06-15 14:36:18 -05:00
consul state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727) 2022-07-12 11:17:33 -05:00
debug bulk rewrite using this script 2022-01-20 10:46:23 -06:00
dns test: fix incorrect use of t instead of r in retry test (#13146) 2022-05-19 14:00:07 -05:00
exec re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
grpc state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727) 2022-07-12 11:17:33 -05:00
local Move ACLResolveResult into acl/resolver package (#13467) 2022-06-17 10:24:43 +01:00
metadata server: broadcast the public grpc port using lan serf and update the consul service in the catalog with the same data (#13687) 2022-07-07 13:55:41 -05:00
mock
pool Add timeout to Client RPC calls (#11500) 2022-04-21 16:21:35 -04:00
proxycfg state: prohibit exported discovery chains to have cross-datacenter or cross-partition references (#13726) 2022-07-12 11:03:41 -05:00
proxycfg-glue proxycfg: server-local intention upstreams data source 2022-07-04 10:48:36 +01:00
proxycfg-sources Fix a flaky test (#13282) 2022-05-27 13:25:08 -04:00
router sdk: add TestLogLevel for setting log level in tests 2022-02-03 13:42:28 -05:00
routine-leak-checker Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
rpc peering: move peer replication to the external gRPC port (#13698) 2022-07-08 12:01:13 -05:00
rpcclient/health proxycfg: server-local config entry data sources 2022-07-04 10:48:36 +01:00
structs proxycfg: server-local intention upstreams data source 2022-07-04 10:48:36 +01:00
submatview proxycfg: server-local config entry data sources 2022-07-04 10:48:36 +01:00
systemd
token agent/token: rename agent_master to agent_recovery (internally) (#11744) 2021-12-07 12:12:47 +00:00
uiserver Reimplement fs.FileInfo interface (#13315) 2022-06-01 11:09:51 -04:00
xds state: prohibit exported discovery chains to have cross-datacenter or cross-partition references (#13726) 2022-07-12 11:03:41 -05:00
acl.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
acl_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
acl_endpoint_legacy.go
acl_endpoint_legacy_test.go
acl_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
acl_oss.go agent: support X-Consul-Results-Filtered-By-ACLs header in agent-local endpoints (#11610) 2021-12-03 20:36:28 +00:00
acl_test.go Move ACLResolveResult into acl/resolver package (#13467) 2022-06-17 10:24:43 +01:00
agent.go server: broadcast the public grpc port using lan serf and update the consul service in the catalog with the same data (#13687) 2022-07-07 13:55:41 -05:00
agent_endpoint.go xds: mesh gateways now have their own leaf certificate when involved in a peering (#13460) 2022-06-15 14:36:18 -05:00
agent_endpoint_oss.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
agent_endpoint_oss_test.go Add oss test 2022-05-09 10:07:19 -07:00
agent_endpoint_test.go Move ACLResolveResult into acl/resolver package (#13467) 2022-06-17 10:24:43 +01:00
agent_oss.go proxycfg: replace direct agent cache usage with interfaces (#13320) 2022-06-01 16:18:06 +01:00
agent_test.go Update go version to 1.18.1 2022-04-18 11:41:10 -04:00
apiserver.go
apiserver_test.go
catalog_endpoint.go [OSS] Support merge-central-config option in node services list API (#13450) 2022-06-15 08:30:31 -07:00
catalog_endpoint_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
catalog_endpoint_test.go [OSS] Support merge-central-config option in node services list API (#13450) 2022-06-15 08:30:31 -07:00
check.go Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
config_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
config_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_auth.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_ca_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
connect_ca_endpoint_test.go Update go version to 1.18.1 2022-04-18 11:41:10 -04:00
coordinate_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
coordinate_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
delegate_mock_test.go Move ACLResolveResult into acl/resolver package (#13467) 2022-06-17 10:24:43 +01:00
denylist.go
denylist_test.go
discovery_chain_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
discovery_chain_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
dns.go Parse peer name for virtual IP DNS queries (#13602) 2022-07-06 10:30:04 -06:00
dns_oss.go Parse peer name for virtual IP DNS queries (#13602) 2022-07-06 10:30:04 -06:00
dns_test.go Parse peer name for virtual IP DNS queries (#13602) 2022-07-06 10:30:04 -06:00
enterprise_delegate_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
event_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
event_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
federation_state_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
health_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
health_endpoint_test.go [OSS] Fix merge central config tests (#13309) 2022-05-31 12:04:19 -07:00
http.go no 1.9 style metrics (#13532) 2022-06-29 09:46:37 -07:00
http_decode_test.go
http_oss.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
http_oss_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
http_register.go peering: rename initiate to establish in the context of the APIs (#13419) 2022-06-10 11:10:46 -05:00
http_test.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
intentions_endpoint.go oss: peering, http: get peer service intentions (#2098) 2022-06-22 16:25:09 -07:00
intentions_endpoint_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
intentions_endpoint_test.go oss: peering, http: get peer service intentions (#2098) 2022-06-22 16:25:09 -07:00
keyring.go Allows keyring operations on client agents 2022-02-24 17:24:57 +00:00
keyring_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
kvs_endpoint.go Fix KVSGet method to handle QueryOptions properly (#13344) 2022-06-02 12:26:18 -04:00
kvs_endpoint_test.go
metrics.go agent: move agent tls metric monitor to a more appropriate place 2021-10-27 16:26:09 -04:00
metrics_test.go no 1.9 style metrics (#13532) 2022-06-29 09:46:37 -07:00
nodeid.go
nodeid_test.go
notify.go
notify_test.go
operator_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
operator_endpoint_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
operator_endpoint_test.go
peering_endpoint.go peering: rename initiate to establish in the context of the APIs (#13419) 2022-06-10 11:10:46 -05:00
peering_endpoint_oss_test.go [sync oss] api: add peering api module (#12911) 2022-05-02 11:49:05 -07:00
peering_endpoint_test.go peering: move peer replication to the external gRPC port (#13698) 2022-07-08 12:01:13 -05:00
prepared_query_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
prepared_query_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
reload.go
remote_exec.go
remote_exec_test.go Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
retry_join.go
retry_join_test.go
service_checks_test.go
service_manager.go Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
service_manager_test.go Add support for merge-central-config query param (#13001) 2022-05-25 13:20:17 -07:00
session_endpoint.go Revert getPathSuffixUnescaped (#13256) 2022-06-01 13:17:14 -04:00
session_endpoint_test.go
setup.go proxycfg: server-local config entry data sources 2022-07-04 10:48:36 +01:00
setup_oss.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
sidecar_service.go
sidecar_service_test.go bulk rewrite using this script 2022-01-20 10:46:23 -06:00
signal_unix.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
signal_windows.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
snapshot_endpoint.go
snapshot_endpoint_test.go
status_endpoint.go
status_endpoint_test.go
streaming_test.go regenerate expired certs (#11462) 2021-11-01 11:40:16 -04:00
testagent.go Retry on bad dogstatsd connection (#13091) 2022-05-19 16:03:46 -04:00
testagent_test.go
translate_addr.go
txn_endpoint.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
txn_endpoint_test.go Unify various status errors into one HTTP error type. (#12594) 2022-04-29 13:42:49 -04:00
ui_endpoint.go peering, internal: support UIServices, UINodes, UINodeInfo (#13577) 2022-06-24 15:17:35 -07:00
ui_endpoint_oss_test.go re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
ui_endpoint_test.go Revise possible states for a peering. (#13661) 2022-07-04 10:47:58 -04:00
user_event.go Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
user_event_test.go
util.go Remove some usage of md5 from the system (#11491) 2021-11-04 13:07:54 -07:00
util_test.go Remove some usage of md5 from the system (#11491) 2021-11-04 13:07:54 -07:00
watch_handler.go
watch_handler_test.go