Commit Graph

9978 Commits

Author SHA1 Message Date
Matt Keeler 19e70c46bf
Ensure that looking for services by addreses works with Tagged Addresses (#5984) 2019-06-21 13:16:17 -04:00
Alvin Huang 52af58c93f
skip checks on merge commit (#6000) 2019-06-20 16:27:45 -04:00
Matt Keeler 6cc1451895
Update some tests to fix ContentHash broken by the tagged service addresses (#5996) 2019-06-20 11:50:18 -04:00
Alvin Huang 3a6c0eaf55
add master merge to release branch (#5980)
* add master merge to release branch

* remove CircleCI token, use shallow API call, and use commit SHA for merge
2019-06-18 15:56:58 -04:00
Aestek b839f52195 kv: do not trigger watches when setting the same value (#5885)
If a KVSet is performed but does not update the entry, do not trigger
watches for this key.
This avoids releasing blocking queries for KV values that did not
actually changed.
2019-06-18 15:06:29 +02:00
Matt Keeler f3d9b999ee
Add tagged addresses for services (#5965)
This allows addresses to be tagged at the service level similar to what we allow for nodes already. The address translation that can be enabled with the `translate_wan_addrs` config was updated to take these new addresses into account as well.
2019-06-17 10:51:50 -04:00
Paul Banks acfcc7daf4
Add rate limiting to RPCs sent within a server instance too (#5927) 2019-06-13 04:26:27 -05:00
Luke Kysow 3517e47ad1
Merge pull request #5948 from hashicorp/lkysow-patch-1
Update kubernetes-reference.html.md
2019-06-13 10:07:15 +01:00
Nicholas Jackson b915a5e9f3 Update questions issue template directing q's to the forum (#5957)
* Update questions issue template directing q's to the forum

* Update contributing guide to add link to forum
2019-06-12 09:07:44 -05:00
Judith Malnick c5d83536e5
Add a redirect for the K8s reference arch guide (#5949) 2019-06-11 10:28:52 -07:00
Luke Kysow e7d4dc6470
Update kubernetes-reference.html.md 2019-06-11 15:58:46 +01:00
John Cowen 3c80d244b9
Update CHANGELOG.md 2019-06-11 10:22:00 +01:00
John Cowen a41c13ae83
ui: Ensure Service Instance pages account for nodes (#5933)
Include node name in the URL for service instances
Integrate the node name slug into tests for service instance pages
2019-06-11 10:18:50 +01:00
Matt Keeler dcc7f67b3e
Remove vendoring of github.com/hashicorp/consul (#5943) 2019-06-10 09:19:37 -04:00
Paul Banks ffcfdf29fc
Upgrade xDS (go-control-plane) API to support Envoy 1.10. (#5872)
* Upgrade xDS (go-control-plane) API to support Envoy 1.10.

This includes backwards compatibility shim to work around the ext_authz package rename in 1.10.

It also adds integration test support in CI for 1.10.0.

* Fix go vet complaints

* go mod vendor

* Update Envoy version info in docs

* Update website/source/docs/connect/proxies/envoy.md
2019-06-07 07:10:43 -05:00
Hans Hasselberg 4d9116d759
connect: provide -admin-access-log-path for envoy (#5858) 2019-06-07 11:26:43 +02:00
John Cowen cef378bc9b
ui: Upgrade js-yaml (#5926) 2019-06-06 22:21:25 +01:00
Chris Marchesi b7b1d77139 website: fix Sentinel time-of-day policy (#5930)
The policy in the time-of-day Sentinel example incorrectly references
the top-level time.hour constant. This is actually the same as the
time.Hour Go value, so in other words, 3600000000000 (the int64 value
representing the time in nanoseconds).

This is corrected by just using time.now.hour instead.
2019-06-06 14:31:54 -06:00
Nitish Alluri f3ae605bcb docs: update default grpc-addr value in connect envoy command (#5886)
* Update envoy.html.md.erb
2019-06-06 10:37:29 +02:00
John Cowen 685b89bdec
ui: Adds ability to search by policy, role or service ident names (#5811) 2019-06-05 09:25:32 +01:00
Jack Pearkes 2587a32688
website: add azure storage options for enterprise (#5920)
This documents the additional backup target for
the snapshot agent.

Co-Authored-By: Freddy <freddygv@users.noreply.github.com>
2019-06-04 20:40:22 -05:00
John Cowen 174fcb557f
UI: Test readonly ServiceIdentity rules (#5865) 2019-06-04 17:55:10 +01:00
kaitlincarter-hc 8fe230fbac
[docs] Enterprise Landing Page (#5804)
* Updating enterprise landing page to be more clear about the licensing process.

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Jack Pearkes <jackpearkes@gmail.com>

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Update website/source/docs/enterprise/index.html.md

Co-Authored-By: Judith Malnick <judith@hashicorp.com>

* Updating based on Matt's feedback
2019-06-04 11:01:46 -05:00
John Cowen 9013e53ebc
ui: Ensures nested policy forms are reset properly (#5838)
1. All {{ivy-codemirror}} components need 'refreshing' when they become
visible via our own `didAppear` method on the `{{code-editor}}`
component

(also see:)
- https://github.com/hashicorp/consul/pull/4190#discussion_r193270223
- 73db111db8 (r225264296)

2. On initial investigation, it looks like the component we are using
for the code editor doesn't distinguish between setting its `value`
programatically and a `keyup` event, i.e. an interaction from the user.
We currently pretend that whenever its `value` changes, it is a `keyup`
event. This means that when we reset the `value` to `""`
programmatically for form resetting purposes, a 'pretend keyup' event
would also be fired, which would in turn kick off the validation, which
would fail and show an error message for empty values in other fields of
the form - something that is perfectly valid if you haven't typed
anything yet. We solved this by checking for `isPristine` on fields that
are allowed to be empty before you have typed anything.
2019-06-04 15:57:35 +01:00
John Cowen 8306b2f251
ui: Replaces destroyRecord with unloadRecord for KV 404's (#5837)
Just because Consul gives us a 404 this doesn't guarantee the KV doesn't
exist, it doesn't even mean we don't have access to it. Furthermore we
should never destroyRecord's without user interaction (therefore only via the
repo.delete method).

This switches destroyRecord to unloadRecord which performs the
additional legwork to keep ember-data in sync with the actual truth.

unloadRecord unloads the record from ember-data rather than sending an API
delete request, which would have been the intent here.
2019-06-04 15:56:20 +01:00
John Cowen 75e221d256
ui: ACL Policies. Catch all server errors (#5836)
Always show any server errors under Rules, not just invalid HCL
2019-06-04 15:53:10 +01:00
Matt Keeler 5f7494137a
Update CHANGELOG.md 2019-06-04 10:03:50 -04:00
Pierre Souchay 4a4c63bda0 Ensure Consul is IPv6 compliant (#5468) 2019-06-04 10:02:38 -04:00
Matt Keeler 2ba6c3ac00
Update links to envoy docs on xDS protocol (#5871) 2019-06-03 11:03:05 -05:00
Matt Keeler 57e1136b7e
Fix acl.enable_key_list to be acl.enable_key_list_policy in docs (#5907) 2019-06-03 09:31:02 -05:00
John Cowen 9ca416a7f5
ui: Upgrade fstream (#5912)
Bumps [fstream](https://github.com/npm/fstream) from 1.0.11 to 1.0.12.
- [Release notes](https://github.com/npm/fstream/releases)
- [Commits](npm/fstream@v1.0.11...v1.0.12)
2019-06-03 11:08:40 +01:00
R.B. Boyer 58c0c101af update changelog 2019-05-24 13:38:00 -05:00
R.B. Boyer 40336fd353
agent: fix several data races and bugs related to node-local alias checks (#5876)
The observed bug was that a full restart of a consul datacenter (servers
and clients) in conjunction with a restart of a connect-flavored
application with bring-your-own-service-registration logic would very
frequently cause the envoy sidecar service check to never reflect the
aliased service.

Over the course of investigation several bugs and unfortunate
interactions were corrected:

(1)

local.CheckState objects were only shallow copied, but the key piece of
data that gets read and updated is one of the things not copied (the
underlying Check with a Status field). When the stock code was run with
the race detector enabled this highly-relevant-to-the-test-scenario field
was found to be racy.

Changes:

 a) update the existing Clone method to include the Check field
 b) copy-on-write when those fields need to change rather than
    incrementally updating them in place.

This made the observed behavior occur slightly less often.

(2)

If anything about how the runLocal method for node-local alias check
logic was ever flawed, there was no fallback option. Those checks are
purely edge-triggered and failure to properly notice a single edge
transition would leave the alias check incorrect until the next flap of
the aliased check.

The change was to introduce a fallback timer to act as a control loop to
double check the alias check matches the aliased check every minute
(borrowing the duration from the non-local alias check logic body).

This made the observed behavior eventually go away when it did occur.

(3)

Originally I thought there were two main actions involved in the data race:

A. The act of adding the original check (from disk recovery) and its
   first health evaluation.

B. The act of the HTTP API requests coming in and resetting the local
   state when re-registering the same services and checks.

It took awhile for me to realize that there's a third action at work:

C. The goroutines associated with the original check and the later
   checks.

The actual sequence of actions that was causing the bad behavior was
that the API actions result in the original check to be removed and
re-added _without waiting for the original goroutine to terminate_. This
means for brief windows of time during check definition edits there are
two goroutines that can be sending updates for the alias check status.

In extremely unlikely scenarios the original goroutine sees the aliased
check start up in `critical` before being removed but does not get the
notification about the nearly immediate update of that check to
`passing`.

This is interlaced wit the new goroutine coming up, initializing its
base case to `passing` from the current state and then listening for new
notifications of edge triggers.

If the original goroutine "finishes" its update, it then commits one
more write into the local state of `critical` and exits leaving the
alias check no longer reflecting the underlying check.

The correction here is to enforce that the old goroutines must terminate
before spawning the new one for alias checks.
2019-05-24 13:36:56 -05:00
Freddy 6b31482333
Increase reliability of TestResetSessionTimerLocked_Renew 2019-05-24 13:54:51 -04:00
Hans Hasselberg 27f05b16a0
Update CHANGELOG.md 2019-05-24 16:51:44 +02:00
Pierre Souchay e892981418 agent: Improve startup message to avoid confusing users when no error occurs (#5896)
* Improve startup message to avoid confusing users when no error occurs

Several times, some users not very familiar with Consul get confused
by error message at startup:

  `[INFO] agent: (LAN) joined: 1 Err: <nil>`

Having `Err: <nil>` seems weird to many users, I propose to have the
following instead:

* Success: `[INFO] agent: (LAN) joined: 1`
* Error:   `[WARN] agent: (LAN) couldn't join: %d Err: ERROR`
2019-05-24 16:50:18 +02:00
Freddy 17e74985b0
Run TestServer_Expect on its own (#5890) 2019-05-23 19:52:33 -04:00
Freddy 6c19cacd42
Flaky test: ACLReplication_Tokens (#5891)
* Exclude non-go workflows while testing

* Wait for s2 global-management policy

* Revert "Exclude non-go workflows while testing"

This reverts commit 47a83cbe9f.
2019-05-23 19:52:02 -04:00
Freddy d4ea163b0b
Add retries to StatsFetcherTest (#5892) 2019-05-23 19:51:31 -04:00
Jack Pearkes 7e3cd36709 Putting source back into Dev Mode 2019-05-23 12:03:07 -07:00
Jack Pearkes 40cec98468
Release v1.5.1 2019-05-22 20:19:12 +00:00
Jack Pearkes ff899d689d Update CHANGELOG.md 2019-05-22 20:16:54 +00:00
Jack Pearkes 5a637318d8 Update CHANGELOG to include 1.4.5 release 2019-05-22 20:15:32 +00:00
Jack Pearkes 36ebca1fd0 Fix to prevent allowing recursive KV deletions when we shouldn’t 2019-05-22 20:13:30 +00:00
Kyle Havlovitz 5457bca10c
Update CHANGELOG.md 2019-05-22 09:54:10 -07:00
freddygv 5d7c257698 Revert "Exclude non-go workflows while testing"
This reverts commit 47a83cbe9f.
2019-05-21 19:17:39 -06:00
freddygv 40b809bce3 Wait for s2 global-management policy 2019-05-21 17:58:37 -06:00
freddygv 47a83cbe9f Exclude non-go workflows while testing 2019-05-21 17:13:13 -06:00
Freddy e9259ca97a
Change log line used for verification 2019-05-21 17:07:06 -06:00
Freddy d1c315fad9
Stop running TestLeader_ChangeServerID in parallel 2019-05-21 15:28:08 -06:00