Commit Graph

20473 Commits

Author SHA1 Message Date
Nathan Coleman f7870881e0
Reference hashicorp/consul instead of consul for Docker image (#17914)
* Reference hashicorp/consul instead of consul for Docker image

* Update Make targets that pull consul directly
2023-06-27 23:17:20 +00:00
John Murret 3368f14fab
Add workflow to verify linux release packages (#17904)
* adding docker files to verify linux packages.

* add verifr-release-linux.yml

* updating name

* pass inputs directly into jobs

* add other linux package platforms

* remove on push

* fix TARGETARCH on debian and ubuntu so it can check arm64 and amd64

* fixing amazon to use the continue line

* add ubuntu i386

* fix comment lines

* working

* remove commented out workflow jobs

* Apply suggestions from code review

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* update fedora and ubuntu to use latest tag

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-06-27 22:19:39 +00:00
Tu Nguyen b76c4d7bd5
Propose new changes to APIgw upgrade instructions (#17693)
* Propose new changes to APIgw upgrade instructions

* fix build error

* update callouts to render correctly

* Add hideClipboard to log messages

* Added clarification around consul k8s and crds
2023-06-27 19:35:58 +00:00
Tu Nguyen 1c819e6147
Create and update release notes for 1.16 and 1.2 (#17895)
* update release notes for 1.16 and 1.2

* update latest consul core release
2023-06-27 17:33:04 +00:00
Luke Kysow abeeea1621
Fix command from kg to kubectl get (#17903) 2023-06-27 17:26:05 +00:00
Joshua Timmons 55056be093
Add emit_tags_as_labels to envoy bootstrap config when using Consul Telemetry Collector (#17888) 2023-06-27 12:34:38 -04:00
mr-miles c8cfa605f8
Update docs (#17476)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-27 09:16:40 -07:00
Ronald 767ef2dd4c
Allow service identity tokens the ability to read jwt-providers (#17893)
* Allow service identity tokens the ability to read jwt-providers

* more tests

* service_prefix tests
2023-06-27 16:03:43 +00:00
Chris S. Kim 601490b9ab
Update wording on WAN fed and intermediate_pki_path (#17850) 2023-06-27 15:22:10 +00:00
Gerard Nguyen 6bc222244f
docs: update config enable_debug (#17866)
* update doc for config enable_debug

* Update website/content/docs/agent/config/config-files.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-27 02:19:07 +00:00
John Murret a96a9e794a
Changelog - add 1.13.9, 1.14.8, and 1.15.4 (#17889) 2023-06-26 18:40:18 -06:00
Nathan Coleman 08c5048160
api-gateway: add step to upgrade instructions for creating intentions (#17875) 2023-06-26 13:29:17 -04:00
sarahalsmiller e552e3d27b
api-gateway: add operation cannot be fulfilled error to common errors (#17874)
* add error message

* Update website/content/docs/api-gateway/usage/errors.mdx

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* fix formating issues

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-06-26 13:16:48 -04:00
Dan Bond 8e02a0e1ae
deps: aws-sdk-go v1.44.289 (#17876)
Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-06-26 10:07:26 -07:00
Alex Simenduev 33a2d90852
Fix a bug that wrongly trims domains when there is an overlap with DC name (#17160)
* Fix a bug that wrongly trims domains when there is an overlap with DC name

Before this change, when DC name and domain/alt-domain overlap, the domain name incorrectly trimmed from the query.

Example:

Given: datacenter = dc-test, alt-domain = test.consul.
Querying for "test-node.node.dc-test.consul" will faile, because the
code was trimming "test.consul" instead of just ".consul"

This change, fixes the issue by adding dot (.) before trimming

* trimDomain: ensure domain trimmed without modyfing original domains

* update changelog

---------

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2023-06-26 10:57:11 -04:00
Dan Upton ce24646d36
tooling: generate protoset file (#17364)
Extends the `proto` make target to generate a protoset file for use with
grpcurl etc.
2023-06-26 12:53:55 +00:00
Dan Upton b117eb0126
resource: enforce consistent naming of resource types (#17611)
For consistency, resource type names must follow these rules:

- `Group` must be snake case, and in most cases a single word.
- `GroupVersion` must be lowercase, start with a "v" and end with a number.
- `Kind` must be pascal case.

These were chosen because they map to our protobuf type naming
conventions.
2023-06-26 13:25:14 +01:00
Dan Upton 48445dfa55
resource: add `AuthorizerContext` helper method (#17393) 2023-06-26 13:23:05 +01:00
Iryna Shustava d5d3a3ddb9
docs: update upgrade to consul-dataplane docs on k8s (#17852) 2023-06-23 16:26:57 -06:00
Nathan Coleman 5244ede957
docs: add note about path prefix matching behavior for HTTPRoute config (#17860)
* Add note about path prefix matching behavior for HTTPRoute config

* Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-06-23 18:07:53 -04:00
Derek Menteer 94eb36b775
Add docs for sameness groups with resolvers. (#17851) 2023-06-23 13:57:21 -05:00
V. K 2e2cbc16e1
Update service-mesh.mdx (#17845)
Deleted two commas which looks quite like some leftovers.
2023-06-23 11:33:21 -07:00
Nathan Coleman 1f636715d0
Trigger OSS => ENT merge for all release branches (#17853)
Previously, this only triggered for release/*.*.x branches; however, our release process involves cutting a release/1.16.0 branch, for example, at time of code freeze these days. Any PRs to that branch after code freeze today do not make their way to consul-enterprise. This will make behavior for a .0 branch consistent with current behavior for a .x branch.
2023-06-23 14:14:55 -04:00
cskh f16c5d87ab
watch: support -filter for consul watch: checks, services, nodes, service (#17780)
* watch: support -filter for watch checks

* Add filter for watch nodes, services, and service
- unit test added
- Add changelog
- update doc
2023-06-23 12:00:46 -04:00
wangxinyi7 b782f2e39a
counter part of ent pr (#17618) 2023-06-22 10:50:46 -07:00
Matt Keeler 1864874726
CI Updates (#17834)
* Ensure that git access to private repos uses the ELEVATED_GITHUB_TOKEN

* Bump the runner size for the protobuf generation check

This has failed previously when the runner process that communicates with GitHub gets starved causing the job to fail.
2023-06-22 10:56:45 -04:00
Chris Thain 366bd6f89f
ext-authz Envoy extension: support `localhost` as a valid target URI. (#17821) 2023-06-21 13:42:42 -07:00
Chris S. Kim a4653de8da
CA provider doc updates and Vault provider minor update (#17831)
Update CA provider docs

Clarify that providers can differ between
primary and secondary datacenters

Provide a comparison chart for consul vs
vault CA providers

Loosen Vault CA provider validation for RootPKIPath

Update Vault CA provider documentation
2023-06-21 19:34:42 +00:00
George Bolo 82441a27fa
fixes #17732 - AccessorID in request body should be optional when updating ACL token (#17739)
* AccessorID in request body should be optional when updating ACL token

* add a test case

* fix test case

* add changelog entry for PR #17739
2023-06-21 13:31:40 -05:00
Michael Zalimeni d0797c4a0d
Fixup consul-container/test/debugging.md (#17815)
Add missing `-t` flag and fix minor typo.
2023-06-21 17:52:00 +00:00
Eric Haberkorn a3ba559149
Make locality aware routing xDS changes (#17826) 2023-06-21 12:39:53 -04:00
Michael Zalimeni 500dcb1f21
Set GOPRIVATE for all hashicorp repos in CI (#17817)
Consistently set GOPRIVATE to include all hashicorp repos, s.t. private
modules are successfully pulled in enterprise CI.
2023-06-21 11:26:27 -04:00
trujillo-adam f17b7f32fc
Change URLs for redirects from RC to default latest (#17822) 2023-06-20 13:17:46 -07:00
Ronald ee95bc7266
Add jwt-authn metrics to jwt-provider docs (#17816)
* [NET-3095] add jwt-authn metrics docs
2023-06-20 19:46:16 +00:00
Steven Zamborsky 2a94ffa571
Fix formatting for webhook-certs Consul tutorial (#17810)
* Fix formatting for webhook-certs Consul tutorial
* Make a small grammar change to also pick up whitespace changes necessary for formatting

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-06-20 11:33:10 -07:00
Michael Zalimeni e4c9793ee2
Clarify limitations of Prop Override extension (#17801)
Explicitly document the limitations of the extension, particularly what
kind of fields it is capable of modifying.
2023-06-20 11:26:28 -04:00
John Murret 6d39328771
Add documentation for remote debugging of integration tests. (#17800)
* Add documentation for remote debugging of integration tests.

* add link from main docs page.

* changes related to PR feedback
2023-06-20 15:14:15 +00:00
Paul Glass d2363eb711
Test permissive mTLS filter chain not configured with tproxy disabled (#17747) 2023-06-20 09:49:50 -05:00
Michael Zalimeni 18b1555a6d
Improve Prop Override docs examples (#17799)
- Provide more realistics examples for setting properties not already
  supported natively by Consul
- Remove superfluous commas from HCL, correct target service name, and
  fix service defaults vs. proxy defaults in examples
- Align existing integration test to updated docs
2023-06-20 10:00:01 -04:00
Ashesh Vidyut 00c85757f7
Fix Docs for Trails Leader By (#17763)
* init

* fix tests

* added -detailed in docs

* added change log

* fix doc

* checking for entry in map

* fix tests

* removed detailed flag

* removed detailed flag

* revert unwanted changes

* removed unwanted changes

* updated change log

* pr review comment changes

* pr comment changes single API instead of two

* fix change log

* fix tests

* fix tests

* fix test operator raft endpoint test

* Update .changelog/17582.txt

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* nits

* updated docs

* explanation added

* fix doc

* fix docs

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
2023-06-17 07:42:35 +05:30
Matt Keeler 37636eab71
Catalog V2 Container Based Integration Test (#17674)
* Implement the Catalog V2 controller integration container tests

This now allows the container tests to import things from the root module. However for now we want to be very restrictive about which packages we allow importing.

* Add an upgrade test for the new catalog

Currently this should be dormant and not executed. However its put in place to detect breaking changes in the future and show an example of how to do an upgrade test with integration tests structured like catalog v2.

* Make testutil.Retry capable of performing cleanup operations

These cleanup operations are executed after each retry attempt.

* Move TestContext to taking an interface instead of a concrete testing.T

This allows this to be used on a retry.R or generally anything that meets the interface.

* Move to using TestContext instead of background contexts

Also this forces all test methods to implement the Cleanup method now instead of that being an optional interface.


Co-authored-by: Daniel Upton <daniel@floppy.co>
2023-06-16 16:29:50 -04:00
chappie 5352ccf8ed
HCP Add node id/name to config (#17750) 2023-06-16 18:44:13 +00:00
Matt Keeler 653a886689
Implement a Catalog Controllers Lifecycle Integration Test (#17435)
* Implement a Catalog Controllers Lifecycle Integration Test

* Prevent triggering the race detector.

This allows defining some variables for protobuf constants and using those in comparisons. Without that, something internal in the fmt package ended up looking at the protobuf message size cache and triggering the race detector.
2023-06-16 12:58:53 -04:00
Ronald 5f95f5f6d8
Stop referenced jwt providers from being deleted (#17755)
* Stop referenced jwt providers from being deleted
2023-06-16 10:31:53 -04:00
Michael Zalimeni 265c003033
Add Patch index to Prop Override validation errors (#17777)
When a patch is found invalid, include its index for easier debugging
when multiple patches are provided.
2023-06-16 09:37:47 -04:00
Mark Campbell-Vincent 730c599adc
Update license get explanation (#17782)
This PR is to clarify what happens if the license get command is run on a follower if the leader hasn't been updated with a newer license.
2023-06-15 21:25:07 +00:00
Jeff Boruszak 414a61da28
Fixes (#17765) 2023-06-15 11:24:40 -07:00
Michael Zalimeni f9aa7aebb3
Property Override validation improvements (#17759)
* Reject inbound Prop Override patch with Services

Services filtering is only supported for outbound TrafficDirection patches.

* Improve Prop Override unexpected type validation

- Guard against additional invalid parent and target types
- Add specific error handling for Any fields (unsupported)
2023-06-15 13:51:47 -04:00
Derek Menteer 04edace1de
Fix issue with streaming service health watches. (#17775)
Fix issue with streaming service health watches.

This commit fixes an issue where the health streams were unaware of service
export changes. Whenever an exported-services config entry is modified, it is
effectively an ACL change.

The bug would be triggered by the following situation:

- no services are exported
- an upstream watch to service X is spawned
- the streaming backend filters out data for service X (due to lack of exports)
- service X is finally exported

In the situation above, the streaming backend does not trigger a refresh of its
data.  This means that any events that were supposed to have been received prior
to the export are NOT backfilled, and the watches never see service X spawning.

We currently have decided to not trigger a stream refresh in this situation due
to the potential for a thundering herd effect (touching exports would cause a
re-fetch of all watches for that partition, potentially).  Therefore, a local
blocking-query approach was added by this commit for agentless.

It's also worth noting that the streaming subscription is currently bypassed
most of the time with agentful, because proxycfg has a `req.Source.Node != ""`
which prevents the `streamingEnabled` check from passing.  This means that while
agents should technically have this same issue, they don't experience it with
mesh health watches.

Note that this is a temporary fix that solves the issue for proxycfg, but not
service-discovery use cases.
2023-06-15 12:46:58 -05:00
John Murret ad0a277e09
docs - remove use of consul leave during upgrade instructions (#17758) 2023-06-15 11:06:23 -06:00