Commit Graph

16676 Commits

Author SHA1 Message Date
Daniel Nephin 74ee46e6f5
Merge pull request #12267 from hashicorp/dnephin/ca-relax-key-bit-validation
ca: change the PrivateKey type/bits validation
2022-02-04 12:44:08 -05:00
David Yu bad0a6bfe3
docs: mention Consul API gateway in Ingress Controllers page (#12268)
* docs: mention Consul API gateway

* Remove Ambassador integration

* Update ingress-controllers.mdx

* Update website/content/docs/k8s/connect/ingress-controllers.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-04 09:23:55 -08:00
mrspanishviking b09272f361
Merge pull request #11962 from hashicorp/what_service_mesh
docs: SEO improvements
2022-02-04 09:03:17 -07:00
Karl Cardenas a820445fbc
updated all sub-headers to sentence case 2022-02-04 09:00:59 -07:00
Karl Cardenas 39c00767ad
Merge branch 'main' of github.com:hashicorp/consul into what_service_mesh 2022-02-04 09:00:14 -07:00
Claire Labry 63e80e53fb
Merge branch 'enable-security-scan' of github.com:hashicorp/consul into enable-security-scan 2022-02-04 10:23:38 -05:00
Claire Labry b62c3b4fbc
updating the binary and container blocks in security-scan file 2022-02-04 10:22:37 -05:00
Karl Cardenas be999934c7
updated several sections based on feedback 2022-02-04 08:01:20 -07:00
Karl Cardenas b0ac7a2b1d
adding more content per feedback 2022-02-03 18:07:05 -07:00
Daniel Nephin 51b0f82d0e Make test more readable
And fix typo
2022-02-03 18:44:09 -05:00
Daniel Nephin 6ea0e5d4e9 ci: skip building the binary
The tests that require a Consul binary should be skipped by -short, so skip building
the binary in go-test-arm64 to save after 3 minutes.
2022-02-03 18:24:20 -05:00
Daniel Nephin 01ed9e3c60 ci: try to run only -short on PR branches 2022-02-03 17:58:59 -05:00
Daniel Nephin f00a93c795 ci: share common go-test steps 2022-02-03 17:50:03 -05:00
odidev 08d1eb585d Add test jobs for arm64 in CircleCI 2022-02-03 17:50:03 -05:00
Daniel Nephin 81a977ce1d add changelog 2022-02-03 17:39:36 -05:00
Daniel Nephin 608597c7b6 ca: relax and move private key type/bit validation for vault
This commit makes two changes to the validation.

Previously we would call this validation in GenerateRoot, which happens
both on initialization (when a follower becomes leader), and when a
configuration is updated. We only want to do this validation during
config update so the logic was moved to the UpdateConfiguration
function.

Previously we would compare the config values against the actual cert.
This caused problems when the cert was created manually in Vault (not
created by Consul).  Now we compare the new config against the previous
config. Using a already created CA cert should never error now.

Adding the key bit and types to the config should only error when
the previous values were not the defaults.
2022-02-03 17:21:20 -05:00
Daniel Nephin d707173253 ca: small cleanup of TestConnectCAConfig_Vault_TriggerRotation_Fails
Before adding more test cases
2022-02-03 17:21:20 -05:00
Daniel Nephin 3f590bb8a1 testing: fix test failures caused by new log level
These two tests require debug logging enabled, because they look for log lines.

Also switched to testify assertions because the previous errors were not clear.
2022-02-03 17:07:39 -05:00
Luke Kysow ecc5dae06f
docs: update for k8s support for igw and header manip (#12264)
Add docs now that k8s supports these new config entry fields
2022-02-03 14:03:21 -08:00
Michele Degges 0827c94222 chmod +x on the sh file 2022-02-03 13:10:42 -08:00
mrspanishviking 8aecfa877a
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-03 14:06:41 -07:00
mrspanishviking 4500622004
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-03 14:00:06 -07:00
Jake Herschman 246d5e947d
Merge pull request #11944 from hashicorp/cts-docs-clean-up 2022-02-03 14:08:33 -05:00
Daniel Nephin b058845110 sdk: add TestLogLevel for setting log level in tests
And default log level to WARN.
2022-02-03 13:42:28 -05:00
David Yu 81461565d7
docs: provide example for enabling mesh on a per namespace basis (#12255)
* docs: provide example for enabling mesh on a per namespace basis

* add headings

* Update install.mdx

* Update install.mdx

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update install.mdx

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* add changes from review

* Update install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-02-03 10:40:06 -08:00
Jared Kirschner 4c3cfba4df
Merge pull request #12230 from hashicorp/badge-improvements
README Badge Improvements
2022-02-03 13:36:05 -05:00
Jared Kirschner d205183576 Improve README header
Improvements include:
- separate the project name from the badges
- use the project logo
- show more relevant badges
2022-02-03 10:15:38 -08:00
David Yu f020cedab2
docs: formatting and update to consul-k8s 0.40.0 (#12256)
* docs: formatting and update to consul-k8s 0.40.0

* Update index.mdx

* Update index.mdx

* test indentation

* Update index.mdx

* formatting

* Update index.mdx

* Update index.mdx

* Update index.mdx

* Update index.mdx

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-03 08:12:47 -08:00
Jared Kirschner 1ff27b0b16
Merge pull request #10833 from jkirschner-hashicorp/improve-compile-from-source-docs
docs: improve compile from source docs
2022-02-03 11:05:46 -05:00
Jared Kirschner 918a1057c7 Update Consul logo assets on docs site 2022-02-03 07:39:35 -08:00
Daniel Nephin f504a02776 Replace build script with 'go build' 2022-02-03 07:19:57 -08:00
John Cowen 39f15306d9
ui: Change approach to loading debug.css (#12242)
We need a way to load certain CSS based on the environment you are viewing, i.e. we have debug CSS that we use for our Eng Documentation and various other DX utilities that shouldn't be compiled into our production or test builds.

Previously we would compile two entirely different CSS files (app and debug) and the load one or the other depending on which environment you were in.

This approach just empties out the debug.css file in certain environments (prod/test) which means we can just import that file from app. When in staging/development this imports the contents of debug.css (quite a bit of CSS) whereas when building for production/test this debug.css is emptied out during the build process.

There is a slight little hack in order to have this work, we import _debug.scss which imports the debug.scss file. I couldn't for the life of me figure out how to have broccoli empty out a file during the build process, so instead we essentially copy over debug.scss during dev and create an empty file during prod to _debug.scss.

When using make build to build an artifact for production CSS remains at ~58kb (during dev its a lot bigger than this)
2022-02-03 08:40:03 +00:00
Blake Covarrubias a6f51d8c1b docs: Fix discrepancy with sidecar min/max port range
Remove incorrect sidecar port range on docs for built-in proxy.

Updates the bind_port/port fields on the built-in proxy and sidecar
service registration pages to link to the `sidecar_min_port` and
`sidecar_max_port` configuration options for the defined port range.

Fixes #12253
2022-02-02 20:12:00 -08:00
Michele Degges 5942e474cf Use docker mirror 2022-02-02 17:41:56 -08:00
Evan Culver f98f37ba55
Merge branch 'enable-security-scan' of github.com:hashicorp/consul into enable-security-scan 2022-02-02 17:32:17 -08:00
Evan Culver d12e0ceddf
Add changelog entry 2022-02-02 17:31:08 -08:00
Michele Degges 29ebe13141 Merge branch 'fix-broken-dockerfile' of github.com:hashicorp/consul into fix-broken-dockerfile 2022-02-02 15:39:14 -08:00
Daniel Nephin df2a7e2ae5
Merge pull request #11783 from hashicorp/dnephin/ca-vault-root-as-intermediate
ca: add a test that uses an intermediate CA as the primary CA
2022-02-02 16:05:59 -05:00
Jared Kirschner b357ec9e20
Merge pull request #11391 from hashicorp/add-changelog-creation-to-contributor-docs
Add changelog creation to contributor docs
2022-02-02 14:50:02 -05:00
Jared Kirschner 45acc91c26 Add changelog creation to contributor docs 2022-02-02 10:58:27 -08:00
Daniel Nephin 7839b2d7e0 ca: add a test that uses an intermediate CA as the primary CA
This test found a bug in the secondary. We were appending the root cert
to the PEM, but that cert was already appended. This was failing
validation in Vault here:
https://github.com/hashicorp/vault/blob/sdk/v0.3.0/sdk/helper/certutil/types.go#L329

Previously this worked because self signed certs have the same
SubjectKeyID and AuthorityKeyID. So having the same self-signed cert
repeated doesn't fail that check.

However with an intermediate that is not self-signed, those values are
different, and so we fail the check. A test I added in a previous commit
should show that this continues to work with self-signed root certs as
well.
2022-02-02 13:41:35 -05:00
claire labry 985ac9f185
Merge branch 'main' into enable-security-scan 2022-02-02 13:36:48 -05:00
Daniel Nephin 2ef26f48b8
Merge pull request #12250 from hashicorp/dnephin/acl-resolver-safer-identity
acl: un-embed ACLIdentity
2022-02-02 13:10:35 -05:00
Daniel Nephin ac732ce82b acl: un-embed ACLIdentity
This is safer than embedding two interface because there are a number of
places where we check the concrete type. If we check the concrete type
on the top-level interface it will fail. So instead expose the
ACLIdentity from a method.
2022-02-02 12:07:31 -05:00
John Cowen 0f94ce3964
ui: Alias all our Structure Icons to Flight Icons (#12209) 2022-02-02 13:24:47 +00:00
mrspanishviking a8c6543e72
Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-02-01 15:22:32 -07:00
mrspanishviking 6be5970217
Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-02-01 15:18:47 -07:00
mrspanishviking 7c31acca72
Merge pull request #12243 from gitrgoliveira/patch-1
Update redirect-traffic.mdx
2022-02-01 15:09:02 -07:00
mrspanishviking ed586ade37
Update website/content/commands/connect/redirect-traffic.mdx
Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
2022-02-01 15:08:23 -07:00
JG d433a9d085
packaging: fix issues in pre/postremove scripts (#12147)
Fixes several issues with the pre/postremove scripts for both rpm and
deb packages. Specifically:

For postremove:
- the postremove script now functions correctly (i.e. restarts consul
  after a package upgrade) on rpm-based systems (where $1 is numeric
  rather than `purge` or `upgrade`)
- `systemctl daemon-reload` is called on package removal (rather than
  only on upgrade)
- calls `systemctl try-restart` instead of `systemctl restart`, which
  will only (re)start consul if it was already running when the upgrade
  happened.

For preremove:
- if the package is being completely uninstalled (rather than upgraded),
  stop consul before removing the package
2022-02-01 12:07:18 -08:00