open-consul

History

R.B. Boyer ee5eb5a960 state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727 ) For L4/tcp exported services the mesh gateways will not be terminating TLS. A caller in one peer will be directly establishing TLS connections to the ultimate exported service in the other peer. The caller will be doing SAN validation using the replicated SpiffeID values shipped from the exporting side. There are a class of discovery chain edits that could be done on the exporting side that would cause the introduction of a new SpiffeID value. In between the time of the config entry update on the exporting side and the importing side getting updated peer stream data requests to the exported service would fail due to SAN validation errors. This is unacceptable so instead prohibit the exporting peer from making changes that would break peering in this way.		2022-07-12 11:17:33 -05:00
..
acl.go
acl_events.go
acl_events_test.go
acl_oss.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
acl_oss_test.go
acl_schema.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
acl_test.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
autopilot.go
autopilot_test.go
catalog.go	Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642 )	2022-06-29 16:34:58 -04:00
catalog_events.go	proxycfg: server-local config entry data sources	2022-07-04 10:48:36 +01:00
catalog_events_oss.go	peering: initial sync (#12842 )	2022-04-21 17:34:40 -05:00
catalog_events_oss_test.go	peering: initial sync (#12842 )	2022-04-21 17:34:40 -05:00
catalog_events_test.go	update gateway-services table with endpoints (#13217 )	2022-05-31 16:20:12 -04:00
catalog_oss.go	Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642 )	2022-06-29 16:34:58 -04:00
catalog_oss_test.go	Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642 )	2022-06-29 16:34:58 -04:00
catalog_schema.go	Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642 )	2022-06-29 16:34:58 -04:00
catalog_test.go	Add new index for PeeredServiceName and ServiceVirtualIP (#13582 )	2022-06-24 14:38:39 -04:00
config_entry.go	state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727 )	2022-07-12 11:17:33 -05:00
config_entry_events.go	proxycfg: server-local intentions data source	2022-07-04 10:48:36 +01:00
config_entry_events_test.go	proxycfg: server-local intentions data source	2022-07-04 10:48:36 +01:00
config_entry_intention.go	peering, state: account for peer intentions (#13443 )	2022-06-16 10:27:31 -07:00
config_entry_intention_oss.go
config_entry_oss.go	peering: add store.PeeringsForService implementation (#12957 )	2022-05-06 12:35:31 -07:00
config_entry_oss_test.go	Update assumptions around exported-service config	2022-06-01 17:03:51 -06:00
config_entry_schema.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
config_entry_test.go	state: prohibit changing an exported tcp discovery chain in a way that would break SAN validation (#13727 )	2022-07-12 11:17:33 -05:00
connect_ca.go
connect_ca_events.go	peering: initial sync (#12842 )	2022-04-21 17:34:40 -05:00
connect_ca_events_test.go
connect_ca_test.go
coordinate.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
coordinate_oss.go
coordinate_oss_test.go
coordinate_test.go	add general runstep test helper instead of copying it all over the place (#13013 )	2022-05-10 15:25:51 -05:00
delay_oss.go
delay_test.go
events.go	proxycfg: server-local intentions data source	2022-07-04 10:48:36 +01:00
federation_state.go
graveyard.go
graveyard_oss.go
graveyard_test.go
index_connect_test.go
indexer.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
intention.go	Egress gtw/intention rpc endpoint (#13354 )	2022-06-07 15:55:02 -04:00
intention_oss.go
intention_test.go	peering, state: account for peer intentions (#13443 )	2022-06-16 10:27:31 -07:00
kvs.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
kvs_oss.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
kvs_oss_test.go
kvs_test.go
memdb.go	proxycfg: server-local intentions data source	2022-07-04 10:48:36 +01:00
operations_oss.go
peering.go	state: prohibit exported discovery chains to have cross-datacenter or cross-partition references (#13726 )	2022-07-12 11:03:41 -05:00
peering_oss.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
peering_oss_test.go	Update peering state and RPC for deferred deletion	2022-06-13 12:10:32 -06:00
peering_test.go	Revise possible states for a peering. (#13661 )	2022-07-04 10:47:58 -04:00
prepared_query.go
prepared_query_index.go
prepared_query_index_test.go
prepared_query_test.go
query.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
query_oss.go	Add internal endpoint to fetch peered upstream candidates from VirtualIP table (#13642 )	2022-06-29 16:34:58 -04:00
schema.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
schema_oss.go	peering: initial sync (#12842 )	2022-04-21 17:34:40 -05:00
schema_oss_test.go
schema_test.go	Update peering state and RPC for deferred deletion	2022-06-13 12:10:32 -06:00
session.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
session_oss.go	Make memdb indexers generic (#13558 )	2022-06-23 11:07:19 -04:00
session_test.go	peering: initial sync (#12842 )	2022-04-21 17:34:40 -05:00
state_store.go	Add per-node max indexes (#12399 )	2022-06-23 11:13:25 -04:00
state_store_oss_test.go
state_store_test.go
store_integration_test.go	proxycfg: server-local config entry data sources	2022-07-04 10:48:36 +01:00
system_metadata.go
system_metadata_test.go
tombstone_gc.go
tombstone_gc_test.go
txn.go	Enable servers to configure arbitrary proxies from the catalog (#13244 )	2022-05-27 12:38:52 +01:00
txn_test.go	peering: initial sync (#12842 )	2022-04-21 17:34:40 -05:00
usage.go
usage_oss.go
usage_test.go	peering: initial sync (#12842 )	2022-04-21 17:34:40 -05:00