Commit Graph

90 Commits

Author SHA1 Message Date
Pete Wildsmith 1b8a1614ca reduce to one configuration option
There should be just one option, verify_https_client, which
controls incoming and outgoing validation for the HTTPS wrapper
2017-04-28 10:45:09 +01:00
Pete Wildsmith c948d2ee27 apply gofmt 2017-04-26 18:58:19 +01:00
Pete Wildsmith 56b122c501 Add verification options to TLS config struct 2017-04-25 23:29:43 +01:00
Alex Dadgar 7fae2d2cea Fix Consul Config Merging/Copying
This PR fixes config merging/copying code.

Fixes https://github.com/hashicorp/nomad/issues/2264
2017-02-02 11:12:07 -08:00
Alex Dadgar 9c75ec7f57 Add role to merge test 2017-02-01 16:37:08 -08:00
taylorchu fd34c03d47 TWEAK: remove else block in tls handling 2017-01-26 14:03:32 -08:00
taylorchu 4453a292a2 BUGFIX: fix consul verify_ssl merging 2017-01-25 16:19:39 -08:00
Alex Dadgar 606bb30863 Merge pull request #2226 from hashicorp/b-vault
Improve Vault integration and validation
2017-01-23 14:59:41 -08:00
Alex Dadgar fb86904902 Check capabilities, allow creation against role
Check the capabilities of the Vault token to ensure it is valid and also
allow targetting of a role that the token is not from.
2017-01-19 13:40:32 -08:00
Diptanu Choudhury e927de02d2 Moved functions to helper from structs 2017-01-18 15:55:14 -08:00
Diptanu Choudhury c253f5b17d Fixed merging consul config 2017-01-05 15:15:43 -08:00
Diptanu Choudhury 15f085a4d7 Merge pull request #1931 from hashicorp/rename-vault-config
Rename vault config
2016-11-06 10:14:25 -08:00
Diptanu Choudhury 40b9d3bb2d Fixed comment 2016-11-03 14:45:03 -07:00
Diptanu Choudhury 22681bd8ce Making AllowUnauthenticated true by default 2016-11-03 14:38:34 -07:00
Diptanu Choudhury b6f9df5415 Renaming TLS related vault config 2016-11-03 14:24:39 -07:00
Alex Dadgar ddf5fb82b5 Small cleanups 2016-10-27 10:51:11 -07:00
Diptanu Choudhury cf35aeac84 Moving the TLSConfig to structs 2016-10-25 15:57:38 -07:00
Alex Dadgar 751aa114bf Fix Vault parsing of booleans 2016-10-10 18:04:39 -07:00
Diptanu Choudhury f8cd51b6e9 Enabling vault if token is present 2016-08-18 12:03:50 -07:00
Alex Dadgar a8efce874f Token renewal and beginning of tests 2016-08-17 16:25:38 -07:00
Alex Dadgar 713e310670 Renew loop 2016-08-17 16:25:38 -07:00
Alex Dadgar 750a44b2c0 Create a Vault interface for the server 2016-08-17 16:25:38 -07:00
Alex Dadgar 6e2f0a2776 Server has Vault API client 2016-08-17 16:25:38 -07:00
Alex Dadgar 4135b4ece7 Address field name feedback 2016-08-17 16:23:29 -07:00
Alex Dadgar 7d899b6c60 Pass Vault config to client 2016-08-17 16:23:29 -07:00
Alex Dadgar eac2675faf Add enabled field 2016-08-17 16:23:29 -07:00
Alex Dadgar 1584cfe93e small fixes 2016-08-17 16:23:29 -07:00
Alex Dadgar 0ca4a9fa4f Change token/role names 2016-08-17 16:23:29 -07:00
Alex Dadgar adb3ce847f change config variable names to match vault 2016-08-17 16:23:29 -07:00
Alex Dadgar fab7893774 vendor + api 2016-08-17 16:23:29 -07:00
Alex Dadgar b32128aa23 Initial config block 2016-08-17 16:23:29 -07:00
Sean Chittenden 871a31a8ec
Teach config.ConsulConfig how to construct a consulapi TLS client.
Said differently, centralize the creation of consul's client config
in one place and use it everywhere.
2016-06-16 22:51:06 -07:00
Sean Chittenden d17af396ca
Create config.DefaultConsulConfig() 2016-06-16 20:41:05 -07:00
Alex Dadgar aea21affdb Document consul configuration 2016-06-14 15:21:57 -07:00
Sean Chittenden 6e22b680ce
Disambiguate `auto_join` from `auto_register`, rename reg to `auto_advertise`.
Provide an option that describes the value to the user vs the
operation performed by the software.  Momentarily introducing
`auto_join`
2016-06-14 12:11:38 -07:00
Sean Chittenden 197feae679
Sync services with Consul by comparing the AgentServiceReg w/ ConsulService
The source of truth is the local Nomad Agent.  Any services not local that
have a matching prefix are removed.  Changed services are re-registered
and missing services are re-added.
2016-06-10 15:54:39 -04:00
Sean Chittenden e727fd8c3c
Centralize the creation of a consul/api.Config struct.
While documented, the consul.timeout parameter wasn't ever set
except one-off in the Consul fingerprinter.
2016-06-10 15:50:11 -04:00
Sean Chittenden f695d6d70d
Reconcile consul's address configuration section.
There were conflicting directives previously, both consul.addr and
consul.address were required to achieve the desired behavior.  The
documentation said `consul.address` was the canonical name for the
parameter, so consolidate configuration parameters to `consul.address`.
2016-06-10 15:50:11 -04:00
Sean Chittenden 17116fc5a7
Rebalance Nomad client RPCs among different Nomad servers.
Implement client/rpc_proxy.RpcProxy.
2016-06-10 15:50:11 -04:00
Sean Chittenden b509da2d0c
Create a `nomad/structs/config` to break an import cycle.
Flattening and normalizing the various Consul config structures and
services has led to an import cycle.  Break this by creating a new package
that is intended to be terminal in the import DAG.
2016-06-10 15:48:36 -04:00