* initial core-zero import implementation
* Update /config/import openapi description and use PUT instead of POST
* update import ui tests
* Add 413 as a possible response for /config/import
* Options/Settings type conversion tests and related bugfixes
* Fixes for proto type conversion and tests
* Update core-zero import client
* Update core-zero import client
* Update import api and environment detection
* update go.mod
* remove old testdata
* Remove usage of deleted setting after merge
* remove extra newline from --version output
Config options concerning the TLS connection from databroker to storage
backend are now unused. TLS options for this connection can instead be
set directly in the databroker storage connection string.
Remove the deprecated set_authorization_header option entirely. Add an
entry to the removedConfigFields map with a link to the relevant
Upgrading page section.
Add an "enforcement" option to the new downstream mTLS configuration
settings group.
When not set, or when set to "policy_default_deny", keep the current
behavior of adding an invalid_client_certificate rule to all policies.
When the enforcement mode is set to just "policy", remove the default
invalid_client_certificate rule that would be normally added.
When the enforcement mode is set to "reject_connection", configure the
Envoy listener with the require_client_certificate setting and remove
the ACCEPT_UNTRUSTED option.
Add a corresponding field to the Settings proto.
Move downstream mTLS settings to a nested config file object, under the
key 'downstream_mtls', and add a new DownstreamMTLSSettings struct for
these settings.
Deprecate the existing ClientCA and ClientCAFile fields in the Options
struct, but continue to honor them for now (log a warning if either is
populated).
Delete the ClientCRL and ClientCRLFile fields entirely (in current
releases these cannot be set without causing an Envoy error, so this
should not be a breaking change).
Update the Settings proto to mirror this nested structure.
The `autocert_ca` and `autocert_email` options have been added to be
able to configure CAs that support the ACME protocol as an alternative
to Let's Encrypt.
Fix ProtoBuf definition for additional autocert options
Fix PR comments and add ACME EAB configuration
Add configuration option for trusted CAs when talking ACME
Fix linter issues
copy edits
render updated reference to docs
Add test for autocert manager configuration
Add tests for autocert configuration options
Fix CI build issues
Don't set empty acme.EAB struct if configuration not set
Remove required email when setting custom CA
When using a non-default CA it's no longer required
to specify an email address. I required this before,
because it seemed to cause an issue in which no certificate
was issued. The root cause was something different,
rendering the hard email requirement pointless. It's
still beneficial to specify an email, though. I changed
the text in the docs to explain that.
Update generated docs
Fix failing tests by recreation of a new ACMEManager
The default ACMEManager object was reused in multiple tests,
resulting in unexpected states when tests run in parallel.
By using a new instance for every test, this is no longer
an issue.
* config: add enable_google_cloud_serverless_authentication to config protobuf
* use dependency injection for embedded envoy provider
* Revert "use dependency injection for embedded envoy provider"
This reverts commit 5c08990501.
* config: attach envoy version to Config to avoid metrics depending on envoy/files
* config: rename headers to set_response_headers
* Update config/options.go
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
Co-authored-by: bobby <1544881+desimone@users.noreply.github.com>
