12111 Commits

Author SHA1 Message Date
R.B. Boyer
4563fe4064 update changelog 2020-06-01 11:46:19 -05:00
R.B. Boyer
833211c14c
acl: allow auth methods created in the primary datacenter to optionally create global tokens (#7899) 2020-06-01 11:44:47 -05:00
R.B. Boyer
a78aa80d25 update changelog 2020-05-29 16:17:30 -05:00
R.B. Boyer
ffb9c7d6f7
acl: remove the deprecated acl_enforce_version_8 option (#7991)
Fixes #7292
2020-05-29 16:16:03 -05:00
Jono Sosulska
c554ba9e10
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
* Replace whitelist/blacklist terminology with allowlist/denylist
2020-05-29 14:19:16 -04:00
Shantanu Gadgil
b4f2874d89
add gobetween to the Consul tools (#7973)
add gobetween to the Consul tools
2020-05-29 11:17:22 -07:00
Hans Hasselberg
1fbc1d4777 pool: remove timeout parameter
Timeout was never used in a meaningful way by callers, which is why it
is now entirely internal to the pool.
2020-05-29 08:21:28 +02:00
Hans Hasselberg
ad03f863ff pool: remove useTLS and ForceTLS
In the past TLS usage was enforced with these variables, but these days
this decision is made by TLSConfigurator and there is no reason to keep
using the variables.
2020-05-29 08:21:24 +02:00
Hans Hasselberg
c45432014b pool: remove version
The version field has been used to decide which multiplexing to use. It
was introduced in 2457293dceec95ecd12ef4f01442e13710ea131a. But this is
6y ago and there is no need for this differentiation anymore.
2020-05-28 23:06:01 +02:00
Chris Piraino
6c444ba24c
Remove underscores from gateway URL paths (#7962) 2020-05-28 14:19:17 -05:00
Alvin Huang
4bf72bbdf0 update CHANGELOG after rebasing release/1.8.x after 1.8.0-beta2 2020-05-28 14:42:52 -04:00
hashicorp-ci
6f1c72c8c3 Putting source back into Dev Mode 2020-05-28 14:39:39 -04:00
hashicorp-ci
2d38fc7302 Release v1.8.0-beta2 2020-05-28 14:39:38 -04:00
hashicorp-ci
cd617dbfa9 update bindata_assetfs.go 2020-05-28 14:39:37 -04:00
Chris Piraino
23aa198d8f Update CHANGELOG.md 2020-05-28 14:39:37 -04:00
John Cowen
7916e22876 Update CHANGELOG.md 2020-05-28 14:39:34 -04:00
John Cowen
b5671f9896 Update CHANGELOG.md 2020-05-28 14:39:34 -04:00
Chris Piraino
69bf09cf3e Update CHANGELOG.md 2020-05-28 14:39:33 -04:00
hashicorp-ci
ad520d46db Putting source back into Dev Mode 2020-05-28 14:39:30 -04:00
hashicorp-ci
4cadd39c3e Release v1.8.0-beta1 2020-05-28 14:39:29 -04:00
hashicorp-ci
b3ca11fb0b update bindata_assetfs.go 2020-05-28 14:39:28 -04:00
Luke Kysow
db6f876b59
Merge pull request #7936 from hashicorp/helm-k8s-mgw
Helm docs for k8s mesh gateways and federation
2020-05-28 10:51:03 -07:00
Luke Kysow
6409c488ee
Helm docs for k8s mesh gateways and federation 2020-05-28 10:49:59 -07:00
Daniel Nephin
756e130a7f
Merge pull request #7947 from hashicorp/dnephin/add-linter-staticcheck-3
ci: Enable staticcheck and fix most errors
2020-05-28 12:25:46 -04:00
Daniel Nephin
c88fae0aac ci: Add staticcheck and fix most errors
Three of the checks are temporarily disabled to limit the size of the
diff, and allow us to enable all the other checks in CI.

In a follow up we can fix the issues reported by the other checks one
at a time, and enable them.
2020-05-28 11:59:58 -04:00
Daniel Nephin
4f2bff174d
Merge pull request #7963 from hashicorp/dnephin/replace-lib-translate-keys
Replace lib.TranslateKeys with a mapstructure decode hook
2020-05-27 16:51:26 -04:00
Daniel Nephin
6a2d7d77c0 config: use the new HookTranslateKeys instead of lib.TranslateKeys
With the exception of CA provider config, which will be migrated at some
later time.
2020-05-27 16:24:47 -04:00
Daniel Nephin
8ced4300c8 Add alias struct tags for new decode hook 2020-05-27 16:24:47 -04:00
Daniel Nephin
1a039393f5 config: add HookTranslteKeys
This hook replaces lib.TranslateKeys and has a number of advantages:

1. Primarily, aliases for fields are defined on the field itself, making
   the aliases much easier to maintain, and more obvious to the reader.
2. TranslateKeys translation rules are not aware of structure. It could
   very easily incorrectly translate a key on one struct that was intended
   to be a translation rule for a completely different struct, leading
   to very hard to debug errors. The hook removes the need for the
   unexpected "translation rule is an empty string to indicate stop
   traversal" special case.
3. TranslateKeys attempts to duplicate a bunch of tree traversal logic
   that already exists in mapstructure. Using mapstructure for traversal
   removes the need to traverse the entire structure multiple times, and
   makes the behaviour more obvious to the reader.

This change is being made to enable a future change of replacing
PatchSliceOfMaps. TranslateKeys sits in between PatchSliceOfMaps and
mapstructure.Decode, so it must be converted to a hook first, before
PatchSliceOfMaps can be replaced by a decode hook.
2020-05-27 16:24:47 -04:00
R.B. Boyer
77f2e54618
create lib/stringslice package (#7934) 2020-05-27 11:47:32 -05:00
R.B. Boyer
12f6d327f8 update changelog 2020-05-27 11:33:16 -05:00
R.B. Boyer
ddd0a13e27
agent: handle re-bootstrapping in a secondary datacenter when WAN federation via mesh gateways is configured (#7931)
The main fix here is to always union the `primary-gateways` list with
the list of mesh gateways in the primary returned from the replicated
federation states list. This will allow any replicated (incorrect) state
to be supplemented with user-configured (correct) state in the config
file. Eventually the game of random selection whack-a-mole will pick a
winning entry and re-replicate the latest federation states from the
primary. If the user-configured state is actually the incorrect one,
then the same eventual correct selection process will work in that case,
too.

The secondary fix is actually to finish making wanfed-via-mgws actually
work as originally designed. Once a secondary datacenter has replicated
federation states for the primary AND managed to stand up its own local
mesh gateways then all of the RPCs from a secondary to the primary
SHOULD go through two sets of mesh gateways to arrive in the consul
servers in the primary (one hop for the secondary datacenter's mesh
gateway, and one hop through the primary datacenter's mesh gateway).
This was neglected in the initial implementation. While everything
works, ideally we should treat communications that go around the mesh
gateways as just provided for bootstrapping purposes.

Now we heuristically use the success/failure history of the federation
state replicator goroutine loop to determine if our current mesh gateway
route is working as intended. If it is, we try using the local gateways,
and if those don't work we fall back on trying the primary via the union
of the replicated state and the go-discover configuration flags.

This can be improved slightly in the future by possibly initializing the
gateway choice to local on startup if we already have replicated state.
This PR does not address that improvement.

Fixes #7339
2020-05-27 11:31:10 -05:00
Alvin Huang
37cafc3f52
bump beta callout to v1.8.0-beta2 (#7945) 2020-05-26 12:51:44 -04:00
Raphaël Rondeau
0d2f178b7b
connect: fix endpoints clusterName when using cluster escape hatch (#7319)
```changelog
* fix(connect): fix endpoints clusterName when using cluster escape hatch
```
2020-05-26 10:57:22 +02:00
Pierre Souchay
d6649e42af
Stop all watches before shuting down anything dring shutdown. (#7526)
This will prevent watches from being triggered.

```changelog
* fix(agent):  stop all watches before shuting down
```
2020-05-26 10:01:49 +02:00
Luke Kysow
85b20d3713
Merge pull request #7944 from hashicorp/k8s-mgw-docs-update
Update for consul:1.8.0-beta2
2020-05-25 11:26:28 -07:00
Luke Kysow
56e2a98aea
Update for consul:1.8.0-beta2 2020-05-25 11:26:09 -07:00
R.B. Boyer
8bc858baee update changelog 2020-05-21 16:09:57 -05:00
R.B. Boyer
1b5023cb69
connect: ensure proxy-defaults protocol is used for upstreams (#7938) 2020-05-21 16:08:39 -05:00
Jeff Escalante
0a8a311bd7 env variable clarity 2020-05-21 14:50:45 -04:00
Jeff Escalante
c2110669c1 mod stylelint to be more accurate 2020-05-21 14:50:45 -04:00
Jeff Escalante
7cbd8b9d36 upgrade to stylelint release 2020-05-21 14:50:45 -04:00
Jeff Escalante
789ba665d5 remove unused dependencies, adjust 404 link color 2020-05-21 14:50:45 -04:00
Jeff Escalante
326ec30d68 update dependencies 2020-05-21 14:50:45 -04:00
Kyle Havlovitz
b14696e32a
Standardize support for Tagged and BindAddresses in Ingress Gateways (#7924)
* Standardize support for Tagged and BindAddresses in Ingress Gateways

This updates the TaggedAddresses and BindAddresses behavior for Ingress
to match Mesh/Terminating gateways. The `consul connect envoy` command
now also allows passing an address without a port for tagged/bind
addresses.

* Update command/connect/envoy/envoy.go

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* PR comments

* Check to see if address is an actual IP address

* Update agent/xds/listeners.go

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* fix whitespace

Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-05-21 09:08:12 -05:00
Peter M
aedabfbf57 Updated resource heading to correct error 2020-05-20 15:26:56 -07:00
Daniel Nephin
03291943e1
Merge pull request #7933 from hashicorp/dnephin/state-txn-missing-errors
state: fix unhandled error
2020-05-20 17:00:20 -04:00
Daniel Nephin
04bf0f3490
Update agent/consul/state/catalog.go
Co-authored-by: Hans Hasselberg <me@hans.io>
2020-05-20 16:34:14 -04:00
Seth Hoenig
44ee818d46
grpc: use default resolver scheme for grpc dialing (#7617)
Currently checks of type gRPC will emit log messages such as,

    2020/02/12 13:48:22 [INFO] parsed scheme: ""
    2020/02/12 13:48:22 [INFO] scheme "" not registered, fallback to default scheme

Without adding full support for using custom gRPC schemes (maybe that's
right long-term path) we can just supply the default scheme as provided
by the grpc library.

Fixes https://github.com/hashicorp/consul/issues/7274
and https://github.com/hashicorp/nomad/issues/7415
2020-05-20 22:26:26 +02:00
Daniel Nephin
3f607d9ef0 state: use an error to indicate compare failed
Errors are values. We can use the error value to identify the 'comparison failed' case which makes the function easier to use and should make it harder to miss handle the error case
2020-05-20 12:43:33 -04:00