Commit Graph

6779 Commits

Author SHA1 Message Date
Frank Schroeder bc5dc32c1d agent: use http.StatusInternalServerError instead of 500 2017-08-23 22:36:23 +02:00
Frank Schroeder fa121be33f agent: use http.StatusMethodNotAllowed instead of 405 2017-08-23 22:36:23 +02:00
Frank Schroeder ad5c1d9e72 agent: use http.StatusNotFound instead of 404 2017-08-23 22:36:23 +02:00
Frank Schroeder 1a557ee9e9 agent: use http.StatusForbidden instead of 403 2017-08-23 22:36:23 +02:00
Frank Schroeder 7e2bc1b411 agent: use http.StatusUnauthorized instead of 401 2017-08-23 22:36:23 +02:00
Frank Schroeder 5d1546b052 agent: use http.StatusBadRequest instead of 400 2017-08-23 22:36:23 +02:00
Frank Schroeder 01eae2e9cf doc: document cloud auto-joining for retry-join-wan 2017-08-23 21:23:34 +02:00
Frank Schroeder 14ab5c7641 agent: support go-discover retry-join for wan 2017-08-23 21:23:34 +02:00
Frank Schroeder ad82659eed vendor: upgrade github.com/hashicorp/go-discover
Pull in improved debug logging for AWS
2017-08-23 21:23:34 +02:00
Frank Schroeder 0516deff0c
doc: fix operator keyring delete method 2017-08-23 17:20:10 +02:00
Frank Schröder a3934c263c acl: consolidate error handling (#3401)
The error handling of the ACL code relies on the presence of certain
magic error messages. Since the error values are sent via RPC between
older and newer consul agents we cannot just replace the magic values
with typed errors and switch to type checks since this would break
compatibility with older clients.

Therefore, this patch moves all magic ACL error messages into the acl
package and provides default error values and helper functions which
determine the type of error.
2017-08-23 16:52:48 +02:00
James Phillips 91dfa3d31d Update CHANGELOG.md 2017-08-21 15:31:40 -07:00
James Phillips c060635b82 Update CHANGELOG.md 2017-08-21 15:31:24 -07:00
Frank Schroeder 16c58da27d agent: drop unused code
This code from http://github.com/hashicorp/consul/pull/3353 is no longer
required.
2017-08-22 00:02:46 +02:00
Frank Schroeder bf96857b17 dns: replace nameserver lookup with consistent rpc call
This patch replaces the code which determines the list of servers in the
current cluster with an RPC call to get the list of active consul
service instances which only run on servers.

This replaces the previous implementation which was more complex and
relied on serf messages which can provide a different view than the
consistent response from the raft log.

As a side effect it makes the implementation independent of the server
and the agent which means it works consistently across both. Different
behavior for server and agent was the root cause for the bug in
http://github.com/hashicorp/consul/issue/3047.

Fixes #3407
2017-08-22 00:02:46 +02:00
Frank Schroeder 4052c6d2d2 dns: split node lookup from request handling 2017-08-22 00:02:46 +02:00
Frank Schroeder d4e3d4344a dns: refactor label by unrolling loop 2017-08-22 00:02:46 +02:00
Frank Schroeder 70be1ab635 dns: move ttl closer to usage 2017-08-22 00:02:46 +02:00
Preetha Appan 642fcd4611 Update CHANGELOG.md 2017-08-18 11:22:35 -05:00
preetapan 15e0647176 Merge pull request #3395 from Illirgway/patch-1
Fix bug with unused (replaced with "") CONSUL_HTTP_AUTH in some places

This fixes #3392
2017-08-18 11:18:24 -05:00
preetapan 2ffca8cac9 Merge pull request #3404 from zevin/master
Added configuration instructions for forwarding DNS queries from Unbound
2017-08-18 10:29:39 -05:00
Kevin Bidwell 9cae329c27 Added configuration instructions for forwarding DNS queries from Unbound to consul. 2017-08-18 08:45:43 -06:00
Preetha Appan c9d5e17410 Update serf to pick up fixes for fsyncing snapshots and panic when coordinates are disabled 2017-08-17 16:35:06 -05:00
Frank Schroeder ee2cc7aaca
doc: update check example for agent api call 2017-08-16 18:24:28 +02:00
Frank Schröder e0924704d5 doc: add method and header to agent API docs for HTTP checks (#3400) 2017-08-16 18:18:46 +02:00
Preetha Appan b51645739f Update CHANGELOG.md 2017-08-16 09:39:10 -05:00
preetapan 3327abdbf4 Merge pull request #3396 from hashicorp/memberlist_deadlock
Update memberlist for a deadlock fix
2017-08-15 18:08:40 -05:00
Preetha Appan 0e73777ce2 Update memberlist for a deadlock fix 2017-08-15 18:07:28 -05:00
Illirgway e0cc1ce679 Fix bug with unused (replaced with "") CONSUL_HTTP_AUTH in some places
example: https://github.com/hashicorp/consul/blob/master/watch/plan.go#L26

	conf := consulapi.DefaultConfig()
	conf.Address = address
	conf.Datacenter = p.Datacenter
	conf.Token = p.Token                             # <-- replace Token from DefaultConfig/CONSUL_HTTP_AUTH with ""
	client, err := consulapi.NewClient(conf)

how to reproduce bug:
0. consul -> localhost:8500 with more than 0 service checks
1. deny all for anonymous token
2. create appropriate acl <token> for watch checks (agent:read + node:read,service:read)
3. bash:
CONSUL_HTTP_AUTH=<token> consul watch -http-addr=localhost:8500 -type=checks # --> return []
consul watch -http-addr=localhost:8500 -type=checks -token=<token> # -> return { .... right json result .... }
2017-08-16 01:51:18 +03:00
Frank Schröder 546ffc25fc doc: retry_join is a string array (#3388) 2017-08-10 09:58:26 +02:00
wuxin d6729243eb fix command/kv_import.go help text (#3387) 2017-08-10 09:17:37 +02:00
James Phillips 72c4b9ef5f Removes partial details in the retry_join config file section. (#3386) 2017-08-09 21:27:17 -07:00
Seth Vargo 1258c1fe94 Document the new auto-join in the config and CLI (#3381)
* Document the new auto-join in the config and CLI
* Mention and example DNS
2017-08-09 21:14:56 -07:00
James Phillips d3c8855c86 Adds a note about the 429 response code. 2017-08-09 20:10:44 -07:00
James Phillips 191ff2cbf0 Merge pull request #3385 from hashicorp/issue-3376
Switches to using a read lock for the agent's RPC dispatcher.
2017-08-09 18:53:06 -07:00
James Phillips f51d56c80c
Switches to using a read lock for the agent's RPC dispatcher.
This prevents RPC calls from getting serialized in this spot.

Fixes #3376
2017-08-09 18:51:55 -07:00
James Phillips 6194dcf36f
Puts tree in 0.9.3 dev mode. 2017-08-09 18:33:57 -07:00
James Phillips 28c2b0c224
Bumps website version to 0.9.2. 2017-08-09 18:02:05 -07:00
James Phillips 75ca2cace0
Release v0.9.2 2017-08-09 17:46:41 -07:00
James Phillips c7c35331ed
Puts the tree in 0.9.2 release mode. 2017-08-09 17:36:35 -07:00
James Phillips 0e82e08168 Update CHANGELOG.md 2017-08-09 16:19:36 -07:00
Frank Schröder 4b642fed2f agent: honor deprecated flags for retry-join-{ec2,azure,gce} (#3384) 2017-08-09 16:18:30 -07:00
James Phillips d07946949d Update CHANGELOG.md 2017-08-09 15:30:52 -07:00
James Phillips e9bd05b603 Merge pull request #3383 from hashicorp/revert-3340-issue_2637
Revert "Return 403 rather than a 404 when acls cause all results to be filter…"
2017-08-09 15:07:10 -07:00
James Phillips e8a83bb463 Revert "Return 403 rather than a 404 when acls cause all results to be filter…" 2017-08-09 15:06:57 -07:00
James Phillips 6dc829d75f Merge pull request #3382 from hashicorp/revert-3380-fix_acls
Revert "Ensure that we return a permission denied only if the list of keys/en…"
2017-08-09 15:06:34 -07:00
James Phillips 02a87df044 Revert "Ensure that we return a permission denied only if the list of keys/en…" 2017-08-09 15:06:20 -07:00
preetapan 03b363e931 Merge pull request #3380 from hashicorp/fix_acls
Ensure that we return a permission denied only if the list of keys/en…
2017-08-09 15:51:10 -05:00
Preetha Appan 42fb49c00b Added unit test case to kvs_endpointtest 2017-08-09 15:50:22 -05:00
Preetha Appan 3276891142 Ensure that we return a permission denied only if the list of keys/entries prior to filtering by ACL is non empty 2017-08-09 15:32:18 -05:00