Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Trusted Cluster Toggle #1199

Closed
russjones opened this issue Aug 11, 2017 · 0 comments
Closed

Trusted Cluster Toggle #1199

russjones opened this issue Aug 11, 2017 · 0 comments
Assignees
@russjones
Milestone
2.3

Comments

@russjones
Copy link
Contributor

russjones commented Aug 11, 2017
edited
Loading

Problem

At the moment, when you disable a Trusted Cluster, you remove services.CertAuthority and services.ReverseTunnel from the backend. When you re-establish trust, you do the token exchange, and re-add services.CertAuthority and services.ReverseTunnel to the backend.

This is problematic because it requires you to store a long lived token on two clusters.

Proposed Solution

To disable a Trusted Cluster, introduce a new methods to the Trust and Presence interfaces called DeactivateCertAuthority and DeactivateReverseTunnel. These methods will first copy services.CertAuthority and services.ReverseTunnel like so.

Source Location Destination
/authorities/*/{cluster name} /authorities/deactivated/*/{cluster name}
/reverseTunnels/{cluster name} /reverseTunnels/deactivated/{cluster name}

Then call DeleteCertAuthority and DeleteReverse tunnel.

To enable a Trusted Cluster, introduce a new method to the Trust and Presence interfaces called ActivateCertAuthority and ActivateReverseTunnel. These methods will first check if a services.TrustedCluster meta-resource exists. If it does, it will reverse the steps used to deactivate a cluster.
@russjones russjones added this to the 2.3 milestone Aug 11, 2017
@russjones russjones self-assigned this Aug 11, 2017
@russjones russjones mentioned this issue Aug 12, 2017
Merged
@russjones russjones mentioned this issue Aug 21, 2017
Closed
30 tasks
hatched added a commit that referenced this issue Feb 1, 2023
@hatched
[v10] Add BannerList and Banner components to display cluster alerts …
bf50065 
…on load (#1169) (#1199)

* Add BannerList and Banner components to display cluster alerts on load (#1169)

* Add BannerList and Banner components.

* Update e

* bump e
rosstimothy added a commit that referenced this issue May 21, 2024
@rosstimothy
Close expired gRPC connections if disconnect_expired_cert is set
ea42f7b 
Updates the transport credentials used by gRPC servers that require
mTLS to enforce that connections are terminated when the client
certificate expires if `disconnect_expired_cert == true`. To prevent
session resumption from leaving open sessions established through
the Proxy gRPC server the redial mechanism was updated to inspect
for certificate expired errors and abort any future reconnection
attempts.

Partially addresses #1199.
rosstimothy added a commit that referenced this issue May 21, 2024
@rosstimothy
Close expired gRPC connections if disconnect_expired_cert is set
3cb9090 
Updates the transport credentials used by gRPC servers that require
mTLS to enforce that connections are terminated when the client
certificate expires if `disconnect_expired_cert == true`. To prevent
session resumption from leaving open sessions established through
the Proxy gRPC server the redial mechanism was updated to inspect
for certificate expired errors and abort any future reconnection
attempts.

Partially addresses #1199.
rosstimothy added a commit that referenced this issue May 21, 2024
@rosstimothy
Close expired gRPC connections if disconnect_expired_cert is set
dc3cbf5 
Updates the transport credentials used by gRPC servers that require
mTLS to enforce that connections are terminated when the client
certificate expires if `disconnect_expired_cert == true`. To prevent
session resumption from leaving open sessions established through
the Proxy gRPC server the redial mechanism was updated to inspect
for certificate expired errors and abort any future reconnection
attempts.

Partially addresses #1199.
rosstimothy added a commit that referenced this issue May 21, 2024
@rosstimothy
Close expired gRPC connections if disconnect_expired_cert is set
4d31539 
Updates the transport credentials used by gRPC servers that require
mTLS to enforce that connections are terminated when the client
certificate expires if `disconnect_expired_cert == true`. To prevent
session resumption from leaving open sessions established through
the Proxy gRPC server the redial mechanism was updated to inspect
for certificate expired errors and abort any future reconnection
attempts.

Partially addresses #1199.
github-merge-queue bot pushed a commit that referenced this issue May 21, 2024
@rosstimothy
Close expired gRPC connections if disconnect_expired_cert is set (#41826
08eaba0 
)

Updates the transport credentials used by gRPC servers that require
mTLS to enforce that connections are terminated when the client
certificate expires if `disconnect_expired_cert == true`. To prevent
session resumption from leaving open sessions established through
the Proxy gRPC server the redial mechanism was updated to inspect
for certificate expired errors and abort any future reconnection
attempts.

Partially addresses #1199.
github-merge-queue bot pushed a commit that referenced this issue May 21, 2024
@rosstimothy
Close expired gRPC connections if disconnect_expired_cert is set (#41829
7fecdb8 
)

Updates the transport credentials used by gRPC servers that require
mTLS to enforce that connections are terminated when the client
certificate expires if `disconnect_expired_cert == true`. To prevent
session resumption from leaving open sessions established through
the Proxy gRPC server the redial mechanism was updated to inspect
for certificate expired errors and abort any future reconnection
attempts.

Partially addresses #1199.
github-merge-queue bot pushed a commit that referenced this issue May 21, 2024
@rosstimothy
Close expired gRPC connections if disconnect_expired_cert is set (#41828
f50f47d 
)

Updates the transport credentials used by gRPC servers that require
mTLS to enforce that connections are terminated when the client
certificate expires if `disconnect_expired_cert == true`. To prevent
session resumption from leaving open sessions established through
the Proxy gRPC server the redial mechanism was updated to inspect
for certificate expired errors and abort any future reconnection
attempts.

Partially addresses #1199.
github-merge-queue bot pushed a commit that referenced this issue May 21, 2024
@rosstimothy
Close expired gRPC connections if disconnect_expired_cert is set (#41827
e9c1506 
)

Updates the transport credentials used by gRPC servers that require
mTLS to enforce that connections are terminated when the client
certificate expires if `disconnect_expired_cert == true`. To prevent
session resumption from leaving open sessions established through
the Proxy gRPC server the redial mechanism was updated to inspect
for certificate expired errors and abort any future reconnection
attempts.

Partially addresses #1199.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@russjones russjones

Labels
None yet
Projects
None yet
Milestone
2.3
Development

No branches or pull requests
1 participant
@russjones