Commit Graph

9269 Commits

Author SHA1 Message Date
R.B. Boyer 712a235a87
changelog: acl v2 tweaks (#4957)
[ci skip]
2018-11-14 15:14:48 -06:00
Paul Banks 24b60ba77a
Acl upgrade guide (#4880)
* Very WIP upgrade docs. Actual Upgrade notes doneish; token migration guide WIP.

* Token migration guide

* Complete ACL migration guide

* Upgrade guide cleanup

* Updated upgrade and migration guides

* Typo fix

Co-Authored-By: banks <banks@banksco.de>

* Update website/source/docs/guides/acl-migrate-tokens.html.md

Co-Authored-By: banks <banks@banksco.de>

* Update website/source/docs/guides/acl-migrate-tokens.html.md

Co-Authored-By: banks <banks@banksco.de>

* Update upgrade-specific.html.md

* Update website/source/docs/guides/acl-migrate-tokens.html.md

* Update website/source/docs/guides/acl-migrate-tokens.html.md

* Note Multi-DC changes in upgrade guide.

* Update website/source/docs/upgrade-specific.html.md
2018-11-14 15:40:02 +00:00
Kyle Havlovitz 63aa189b1f
Update changelog and website for 1.3.1 release 2018-11-13 15:01:53 -08:00
Kyle Havlovitz 76f102a1e0
Merge pull request #4952 from hashicorp/test-version
tests: Bump test server version to 1.4.0
2018-11-13 13:37:10 -08:00
R.B. Boyer 934fae659f
acl: add stub hooks to support some plumbing in enterprise (#4951) 2018-11-13 15:35:54 -06:00
Kyle Havlovitz 269354c61d
oss: bump test server version to 1.4.0 2018-11-13 13:13:26 -08:00
Paul Banks b3e9281181
Update CHANGELOG.md 2018-11-13 14:52:43 +00:00
Paul Banks 127df2952c
Update CHANGELOG.md 2018-11-13 14:46:42 +00:00
Aestek 4942e66440 Fix catalog tag filter backward compat (#4944)
Fix catalog service node filtering (ex /v1/catalog/service/srv?tag=tag1)
between agent version <=v1.2.3 and server >=v1.3.0.
New server version did not account for the old field when filtering
hence request made from old agent were not tag-filtered.
2018-11-13 14:44:36 +00:00
Jack Pearkes a90c29e60d Doc changes for 1.4 Final (#4870)
* website: add multi-dc enterprise landing page

* website: switch all 1.4.0 alerts/RC warnings

* website: connect product wording

Co-Authored-By: pearkes <jackpearkes@gmail.com>

* website: remove RC notification

* commmand/acl: fix usage docs for ACL tokens

* agent: remove comment, OperatorRead

* website: improve multi-dc docs

Still not happy with this but tried to make it slightly more informative.

* website: put back acl guide warning for 1.4.0

* website: simplify multi-dc page and respond to feedback

* Fix Multi-DC typos on connect index page.

* Improve Multi-DC overview.

A full guide is a WIP and will be added post-release.

* Fixes typo avaiable > available
2018-11-13 13:43:53 +00:00
Rebecca Zanzig 2e00641576
Merge pull request #4948 from hashicorp/docs/helm-auto-join
Update the helm chart `join` instructions
2018-11-12 12:58:43 -08:00
Rebecca Zanzig 8ca4e56db1 Update the helm chart `join` instructions
This fixes some previous incorrect information about the join feature
in the Helm chart. Based on the fix for consul-helm issue 59.
2018-11-12 12:22:18 -08:00
Paul Banks 54c2ff6aca
connect: remove additional trust-domain validation (#4934)
* connct: Remove additional trust-domain validation

* Comment typos

* Update connect_ca.go
2018-11-12 20:20:12 +00:00
Kyle Havlovitz 4a73a59d70
Merge pull request #4917 from hashicorp/replication-token-cleanup
Use acl replication_token for connect
2018-11-12 09:12:54 -08:00
Kyle Havlovitz 925e9ae262
Merge pull request #4940 from hashicorp/ent-test-diff
Update non-voting server test to fix enterprise diff
2018-11-09 20:26:45 -08:00
Rebecca Zanzig e50c2ccf5b
Merge pull request #4941 from hashicorp/docs/helm-maxUnavilable
Update docs for Helm chart `maxUnavailable` value
2018-11-09 17:13:15 -08:00
Rebecca Zanzig b6cb8ea6ef Update docs for Helm chart `maxUnavailable` value
Due to a Helm templating limitation, setting this value to `0` requires
an extra flag when installing. This adds information about that.
2018-11-09 16:58:54 -08:00
Kyle Havlovitz 972177071d update non-voting server test to fix enterprise diff 2018-11-09 12:50:24 -08:00
Rebecca Zanzig 72e5c4c621
Merge pull request #4928 from hashicorp/docs/server-affinity
Add documentation of server affinity Helm chart variable
2018-11-09 12:37:33 -08:00
Kyle Havlovitz 643bd13aed oss: do a proper check-and-set on the CA roots/config fsm operation 2018-11-09 12:36:23 -08:00
R.B. Boyer e30cc73b1d
Update agent tests to wait a bit longer for the /v1/agent/self endpoint (#4937) 2018-11-09 10:35:47 -06:00
R.B. Boyer b153f9be39
docs: use hcl heredoc syntax for multi line strings in sentinel examples (#4930) 2018-11-08 16:28:40 -06:00
Rebecca Zanzig db6c5d1b20 Add doc info for added server affinity value
Supports newly added functionality to the Helm chart.
2018-11-08 12:07:30 -08:00
Rebecca Zanzig 140a1edcea Reorder Helm chart server values
This matches the ordering in the Helm chart, to make it easier for
users to find information.
2018-11-08 12:06:00 -08:00
R.B. Boyer 2a8951fcc0
docs: remove curly quotes from shell block (#4921) 2018-11-07 10:42:13 -08:00
Kyle Havlovitz 9c09d66028
Merge pull request #4912 from hashicorp/acl-doc-fixes
docs: fix some examples in the new ACL guide
2018-11-07 09:23:36 -08:00
Kyle Havlovitz 6354996804
docs: remove leftover typo from replication_token info 2018-11-07 09:22:23 -08:00
R.B. Boyer 2afc2a3c3b
acl: fixes ACL replication for legacy tokens without AccessorIDs (#4885) 2018-11-07 07:59:44 -08:00
John Cowen c6db97b666
UI: Removes success notification on faking a success response for `self` (#4906)
In order to continue supporting the legacy ACL system, we replace
the 500 error from a non-existent `self` endpoint with a response of a
`null` `AccessorID` - which makes sense (a null AccessorID means old
API)

We then redirect the user to the old ACL pages which then gives a 403
if their token was wrong which then redirects them back to the login page.

Due to the multiple redirects and not wanting to test the validity of the token
before redirecting (thus calling the same API endpoint twice), it is not
straightforwards to turn the 'faked' response from the `self` endpoint
into an error (flash messages are 'lost' through multiple redirects).

In order to make this a slightly better experience, you can now return a
`false` during execution of an action requiring success/failure
feedback, this essentially skips the notification, so if the action is
'successful' but you don't want to show the notification, you can. This
resolves showing a successful notification when the `self` endpoint
response is faked. The last part of the puzzle is to make sure that the
global 403 catching error in the application Route also produces an
erroneous notification.

Please note this can only happen with a ui client using the new ACL
system when communicating with a cluster using the old ACL system, and
only when you enter the wrong token.

Lastly, further acceptance tests have been added around this

This commit also adds functionality to avoid any possible double 
notification messages, to avoid UI overlapping
2018-11-07 15:57:41 +00:00
Kyle Havlovitz e8dd89359a
agent: fix formatting 2018-11-07 02:16:03 -08:00
Kyle Havlovitz 62691ebc82
config: remote connect replication_token 2018-11-07 02:15:37 -08:00
Kyle Havlovitz f22f6f9924
Merge pull request #4911 from mtpettyp/kv_doc_updates
Update consul CLI docs for kv export and import
2018-11-06 18:49:28 -08:00
Kyle Havlovitz aec362d06c docs: fix some examples in the new ACL guide 2018-11-06 18:47:44 -08:00
Mike Pettypiece 77165c1588 Update consul CLI docs for kv export and import
This will make the kv docs consistent with get/delete/put
2018-11-06 20:19:09 -05:00
Rebecca Zanzig 2c8675565d
Merge pull request #4900 from hashicorp/docs/helm-extension
Document options for additional helm chart configuration
2018-11-06 15:39:40 -08:00
Hans Hasselberg 775026460e
Update CHANGELOG.md 2018-11-06 22:35:51 +01:00
Philipp Gillé 2de7fefedd Remove wrong space character (#4910)
There should be no space before a comma
2018-11-06 22:34:36 +01:00
John Cowen 7ddafc45d9
ui: Make empty Rules ('') take priority over a `Legacy: true` (#4899)
Even if an old style token has a Legacy of true, yet it has an empty set
of Rules, treat the token as a new style token, as its essentially the
same
2018-11-06 18:08:10 +00:00
Rebecca Zanzig 971f3fb433
Merge pull request #4891 from hashicorp/docs/k8s-storage
Clarify storage usage for consul + k8s
2018-11-05 12:45:22 -08:00
Rebecca Zanzig 638a5ff7a1 Document options for additional helm chart configuration
There is a fine line between making the helm chart easy and simple to
use and supporting lots of configurability. This documents options for
users who would like to extend the Helm chart beyond what is readily
available in the `values.yaml` file.
2018-11-05 12:20:14 -08:00
Rebecca Zanzig ea6e5c8945 Clarify storage usage for consul + k8s
This adds two Helm chart values into the documentation with details
that have come up in several issues.

Additionally, it notes that persistent volumes and their claims need
to be removed manually because of current kubernetes and helm design.
2018-11-05 10:50:41 -08:00
Paul Banks 37d88cad29
Allow ACL legacy migration via CLI (#4882)
* Adds a flag to `consul acl token update` that allows legacy ACLs to be upgraded via the CLI.

Also fixes a bug where descriptions are deleted if not specified.

* Remove debug
2018-11-05 14:32:09 +00:00
R.B. Boyer 57dd160f40 command/debug: make better use of atomic operations to write out the debug snapshots to disk 2018-11-02 13:13:49 -05:00
R.B. Boyer 9211d2701d
fix comment typos (#4890) 2018-11-02 12:00:39 -05:00
John Cowen f65f001675
UI: Catch 500 error on token endpoint and revert to legacy tokens (#4874)
In some circumstances a consul 1.4 client could be running in an
un-upgraded 1.3 or lower cluster. Currently this gives a 500 error on
the new ACL token endpoint. Here we catch this specific 500 error/message
and set the users AccessorID to null. Elsewhere in the frontend we use
this fact (AccessorID being null) to decide whether to present the
legacy or the new ACL UI to the user.

Also:
- Re-adds in most of the old style ACL acceptance tests, now that we are keeping the old style UI
- Restricts code editors to HCL only mode for all `Rules` editing (legacy/'half legacy'/new style)
- Adds a [Stop using] button to the old style ACL rows so its possible to logout.
- Updates copy and documentation links for the upgrade notices
2018-11-02 14:44:36 +00:00
Geoffrey Grosenbach 3981c5d48c Adds redirects and updates links for learn.hashicorp (#4878)
* Adds redirects for Getting Started pages

* Uses correct links to resources at learn.hashicorp

* Reconfigures "Learn more" links to point to learn.hashicorp

* Links to learn.hashicorp on segmentation page

* Adds redirect for sample config file

* Fixes links to Getting Started guide on learn.hashicorp

* Remove getting started guide which is now on learn.hashicorp

* Corrects link to `consul/io` which should go to `consul.io`

* Revert "Remove getting started guide which is now on learn.hashicorp"

This reverts commit 2cebacf402f83fb936718b41ac9a27415f4e9f21 so a placeholder
message can be written here while we are transitioning content to
learn.hashicorp

* Adding a new page for getting started to direct users to learn.

* Added a note at the being of each doc to notify users about the temporary repo change.

* Revert "Added a note at the being of each doc to notify users about the temporary repo change."

This reverts commit 9a2a8781f9705028e4f53f758ef235e74b2b7198.

From conversation at https://github.com/hashicorp/consul/pull/4878

* Removes redirect from sample web.json demo file

* Removed typo
2018-11-01 14:44:49 -07:00
Kyle Havlovitz f26f88071e
Update CHANGELOG.md 2018-10-31 15:53:02 -07:00
Kyle Havlovitz 8337e3d8c0
Merge pull request #4872 from hashicorp/node-snapshot-fix
Node ID/datacenter snapshot fix
2018-10-31 15:51:07 -07:00
Matt Keeler db2cf01406 Adds documentation for the new ACL APIs (#4851)
* Update the ACL API docs

* Add a CreateTime to the anon token

Also require acl:read permissions at least to perform rule translation. Don’t want someone DoSing the system with an open endpoint that actually does a bit of work.

* Fix one place where I was referring to id instead of AccessorID

* Add godocs for the API package additions.

* Minor updates: removed some extra commas and updated the acl intro paragraph

* minor tweaks

* Updated the language to be clearer

* Updated the language to be clearer for policy page

* I was also confused by that! Your updates are much clearer.

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Sounds much better.

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Updated sidebar layout and deprecated warning
2018-10-31 15:11:51 -07:00
Rebecca Zanzig c576b0ce12
Merge pull request #4873 from hashicorp/docs/helm-default-sync
Update Helm docs to include the `default` flag for catalog sync
2018-10-31 14:50:36 -07:00