Commit Graph

19962 Commits

Author SHA1 Message Date
Michael Wilkerson 80b1dbcc7d
fixed aliases for sameness group (sameness_group) (#17161) 2023-04-26 14:53:23 -07:00
Mike Morris f93bb65913
docs: fixup note about node scope for admin partitions (#17147) 2023-04-26 13:46:22 -04:00
Paul Glass b431b04d0c
TProxy integration test (#17103)
* TProxy integration test
* Fix GHA compatibility integration test command

Previously, when test splitting allocated multiple test directories to a
runner, the workflow ran `go tests "./test/dir1 ./test/dir2"` which
results in a directory not found error. This fixes that.
2023-04-26 11:49:38 -05:00
Freddy c5c35ec924
[CC-4519] Include Consul NodeID in Envoy bootstrap metadata (#17139)
This is being added so that metrics sent to HCP can be augmented with the source node's ID.

Opting not to add this to stats_tag out of caution, since it would increase the cardinality of metrics emitted by Envoy for all users.

There is no functional impact to Envoy expected from this change.
2023-04-26 10:04:57 -06:00
Dan Upton 75669ed4c4
proto-public: document resource service (#17119) 2023-04-26 16:26:54 +01:00
Eric Haberkorn cd1837388a
fix backward compat issue caused by localities being set to `null` when they are unset (#17144) 2023-04-26 11:02:20 -04:00
R.B. Boyer c501da01eb
api: ensure empty locality field is not transmitted to Consul (#17137) 2023-04-26 10:01:17 -05:00
Eric Haberkorn a87115c598
add acl filter logs (#17143) 2023-04-26 10:57:35 -04:00
Eric Haberkorn c1e63cba7d
add sameness intentions in api package (#17096) 2023-04-26 10:00:18 -04:00
Dan Upton eeaa636164
Cleanup from unblocking the pipeline 🧹 (#17121) 2023-04-26 13:59:58 +01:00
Dan Upton faae7bb5f2
testing: `RunResourceService` helper (#17068) 2023-04-26 11:57:10 +01:00
Semir Patel e7bb8fdf15
Fix or disable pipeline breaking changes that made it into main in last day or so (#17130)
* Fix straggler from renaming Register->RegisterTypes

* somehow a lint failure got through previously

* Fix lint-consul-retry errors

* adding in fix for success jobs getting skipped. (#17132)

* Temporarily disable inmem backend conformance test to get green pipeline

* Another test needs disabling

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-25 15:17:48 -05:00
David Yu cc5cbcba7c
Update single-dc-multi-k8s.mdx (#17126) 2023-04-25 09:42:31 -07:00
Paul Banks 9e35c47bbd
De-flake snapshot test (#17120) 2023-04-25 15:25:26 +01:00
Dan Upton b9c485dcb8
Controller Supervision (#17016) 2023-04-25 12:52:35 +01:00
Dan Upton ba4a314772
storage: fix bug where WatchList would (rarely) return duplicate events (#17067) 2023-04-25 11:48:13 +01:00
JUN YANG e66b18d048
Fix broken link in changelog (#17093)
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-04-25 01:32:22 +00:00
Rosemary Wang 3f6069bd34
Clarify OpenTelemetry support for tracing (#17082) 2023-04-24 17:04:32 -07:00
malizz 2d3038874f
remove envoy endpoint flag from k8s docs (#17105) 2023-04-24 15:30:00 -07:00
John Murret f56b25472d
ci: fix runner calculation to exclude the top level directory as part of the calculation (#17090)
* fix runner calculation to exclude the top level directory as part of the calculation

* fix the logic for generating the directories/functions

* De-scope tenenacy requirements to OSS only for now. (#17087)

Partition and namespace must be "default"
Peername must be "local"

* Fix virtual services being included in intention topology as downstreams. (#17099)

* Merge pull request #5200 from hashicorp/NET-3758 (#17102)

* Merge pull request #5200 from hashicorp/NET-3758

NET-3758: connect: update supported envoy versions to 1.26.0

* lint

* CI: remove uneeded AWS creds from test-integrations (#17104)

* Update test-integrations.yml

* removing permission lies now that vault is not used in this job.

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>

* update based on feedback

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-04-24 14:25:57 -06:00
John Maguire e47f3216e5
APIGW Normalize Status Conditions (#16994)
* normalize status conditions for gateways and routes

* Added tests for checking condition status and panic conditions for
validating combinations, added dummy code for fsm store

* get rid of unneeded gateway condition generator struct

* Remove unused file

* run go mod tidy

* Update tests, add conflicted gateway status

* put back removed status for test

* Fix linting violation, remove custom conflicted status

* Update fsm commands oss

* Fix incorrect combination of type/condition/status

* cleaning up from PR review

* Change "invalidCertificate" to be of accepted status

* Move status condition enums into api package

* Update gateways controller and generated code

* Update conditions in fsm oss tests

* run go mod tidy on consul-container module to fix linting

* Fix type for gateway endpoint test

* go mod tidy from changes to api

* go mod tidy on troubleshoot

* Fix route conflicted reason

* fix route conflict reason rename

* Fix text for gateway conflicted status

* Add valid certificate ref condition setting

* Revert change to resolved refs to be handled in future PR
2023-04-24 16:22:55 -04:00
Michael Wilkerson 001d540afc
Add sameness group field to prepared queries (#17089)
* added method for converting SamenessGroupConfigEntry
- added new method `ToQueryFailoverTargets` for converting a SamenessGroupConfigEntry's members to a list of QueryFailoverTargets
- renamed `ToFailoverTargets` ToServiceResolverFailoverTargets to distinguish it from `ToQueryFailoverTargets`

* Added SamenessGroup to PreparedQuery
- exposed Service.Partition to API when defining a prepared query
- added a method for determining if a QueryFailoverOptions is empty
- This will be useful for validation
- added unit tests

* added method for retrieving a SamenessGroup to state store

* added logic for using PQ with SamenessGroup
- added branching path for SamenessGroup handling in execute. It will be handled separate from the normal PQ case
- added a new interface so that the `GetSamenessGroupFailoverTargets` can be properly tested
- separated the execute logic into a `targetSelector` function so that it can be used for both failover and sameness group PQs
- split OSS only methods into new PQ OSS files
- added validation that `samenessGroup` is an enterprise only feature

* added documentation for PQ SamenessGroup
2023-04-24 13:21:28 -07:00
Dan Bond 9ce50aefbb
CI: remove uneeded AWS creds from test-integrations (#17104)
* Update test-integrations.yml

* removing permission lies now that vault is not used in this job.

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-24 11:34:53 -07:00
Anita Akaeze d4cacc7232
Merge pull request #5200 from hashicorp/NET-3758 (#17102)
* Merge pull request #5200 from hashicorp/NET-3758

NET-3758: connect: update supported envoy versions to 1.26.0

* lint
2023-04-24 18:23:24 +00:00
Derek Menteer a33b224a55
Fix virtual services being included in intention topology as downstreams. (#17099) 2023-04-24 12:03:26 -05:00
Semir Patel 46816071df
De-scope tenenacy requirements to OSS only for now. (#17087)
Partition and namespace must be "default"
Peername must be "local"
2023-04-24 08:14:51 -05:00
Paul Banks a011d8c944
Bump raft to 1.5.0 (#17081)
* Bump raft to 1.5.0

* Add CHANGELOG entry

* Add CHANGELOG entry with right extension (thanks VSCode)

* Add CHANGELOG entry with right extension (thanks VSCode)

* Go mod tidy
2023-04-21 20:13:55 +01:00
Kyle Havlovitz 6d01d07cf8
Include virtual services from discovery chain in intention topology (#16862) 2023-04-21 16:58:13 +00:00
Kyle Havlovitz d5277af70d
Add manual virtual IP support to state store (#16815) 2023-04-21 09:19:02 -07:00
John Murret b19359ce2b
ci: fix test splits that have less test packages than runner count from hanging (#17080)
* use proper TOTAL_RUNNER setting when generating runner matrix.  if matrix size is smaller than total_runners, use the smaller number

* try again

* try again 2

* try again 3

* try again 4

* try again 5

* try scenario where number is less

* reset

* get rid of cat "$GITHUB_OUTPUT"

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* removing push trigger that was added for debug

---------

Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-04-21 10:01:32 -06:00
John Murret 9a893956cc
ci: fix test splits that have less test packages than runner count from hanging (#17080)
* use proper TOTAL_RUNNER setting when generating runner matrix.  if matrix size is smaller than total_runners, use the smaller number

* try again

* try again 2

* try again 3

* try again 4

* try again 5

* try scenario where number is less

* reset

* get rid of cat "$GITHUB_OUTPUT"

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* removing push trigger that was added for debug

---------

Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-04-21 10:01:05 -06:00
Eric Haberkorn 53cdda8d17
Fix a bug with disco chain config entry fetching (#17078)
Before this change, we were not fetching service resolvers (and therefore
service defaults) configuration entries for services on members of sameness
groups.
2023-04-21 09:18:32 -04:00
R.B. Boyer 9db223f54b
fix the linter (#17077) 2023-04-20 17:49:08 -04:00
Anita Akaeze fece53c48e
NET-3648: Add script to get consul and envoy version (#17060) 2023-04-20 13:11:11 -04:00
Semir Patel 53f49b2fa1
Enforce operator:write acl on `WriteStatus` endpoint (#17019) 2023-04-20 16:25:33 +00:00
Eric Haberkorn b1fae05983
Add sameness groups to service intentions. (#17064) 2023-04-20 12:16:04 -04:00
Eddie Rowe 863cd57117
fix broken links (#17032)
* fix broken links

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-04-20 16:12:11 +00:00
Ronald e07c09dbfb
Fix generated proto files (#17063)
* [COMPLIANCE] Add Copyright and License Headers

* generate proto

---------

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-04-20 13:31:49 +00:00
hashicorp-copywrite[bot] 9f81fc01e9
[COMPLIANCE] Add Copyright and License Headers (#16854)
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-04-20 12:40:22 +00:00
John Murret 577e5a9685
remove worklogs upload (#17056) 2023-04-19 16:29:36 -06:00
Paul Glass f4406e69b9
[NET-3091] Update service intentions to support jwt provider references (#17037)
* [NET-3090] Add new JWT provider config entry

* Add initial test cases

* update validations for jwt-provider config entry fields

* more validation

* start improving tests

* more tests

* Normalize

* Improve tests and move validate fns

* usage test update

* Add split between ent and oss for partitions

* fix lint issues

* Added retry backoff, fixed tests, removed unused defaults

* take into account default partitions

* use countTrue and add aliases

* omit audiences if empty

* fix failing tests

* add omit-entry

* Add JWT intentions

* generate proto

* fix deep copy issues

* remove extra field

* added some tests

* more tests

* add validation for creating existing jwt

* fix nil issue

* More tests, fix conflicts and improve memdb call

* fix namespace

* add aliases

* consolidate errors, skip duplicate memdb calls

* reworked iteration over config entries

* logic improvements from review

---------

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-04-19 18:16:39 -04:00
Paul Glass ac200cfec8
[NET-3090] Add new JWT provider config entry (#17036)
* [NET-3090] Add new JWT provider config entry

* Add initial test cases

* update validations for jwt-provider config entry fields

* more validation

* start improving tests

* more tests

* Normalize

* Improve tests and move validate fns

* usage test update

* Add split between ent and oss for partitions

* fix lint issues

* Added retry backoff, fixed tests, removed unused defaults

* take into account default partitions

* use countTrue and add aliases

* omit audiences if empty

* fix failing tests

* add omit-entry

* update copyright headers ids

---------

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-04-19 17:54:14 -04:00
Paul Glass 77ecff3209
Permissive mTLS (#17035)
This implements permissive mTLS , which allows toggling services into "permissive" mTLS mode.
Permissive mTLS mode allows incoming "non Consul-mTLS" traffic to be forward unmodified to the application.

* Update service-defaults and proxy-defaults config entries with a MutualTLSMode field
* Update the mesh config entry with an AllowEnablingPermissiveMutualTLS field and implement the necessary validation. AllowEnablingPermissiveMutualTLS must be true to allow changing to MutualTLSMode=permissive, but this does not require that all proxy-defaults and service-defaults are currently in strict mode.
* Update xDS listener config to add a "permissive filter chain" when MutualTLSMode=permissive for a particular service. The permissive filter chain matches incoming traffic by the destination port. If the destination port matches the service port from the catalog, then no mTLS is required and the traffic sent is forwarded unmodified to the application.
2023-04-19 14:45:00 -05:00
R.B. Boyer d07aac8d7e
Revert "cache: refactor agent cache fetching to prevent unnecessary f… (#16818) (#17046)
Revert "cache: refactor agent cache fetching to prevent unnecessary fetches on error (#14956)"

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
2023-04-19 13:17:21 -05:00
Kyle Havlovitz bdc3dd14c2
Avoid decoding nil pointer in map walker (#17048) 2023-04-19 10:23:38 -07:00
John Murret 2cefa8d9bd
ci: remove test-integrations CircleCI workflow (#16928)
* remove all CircleCI files

* remove references to CircleCI

* remove more references to CircleCI

* pin golangci-lint to v1.51.1 instead of v1.51
2023-04-19 16:19:29 +00:00
John Murret d6f71834d0
ci: add test-integrations (#16915)
* add test-integrations workflow

* add test-integrations success job

* update vault integration testing versions (#16949)

* change parallelism to 4 forgotestsum.  use env.CONSUL_VERSION so we can see the version.

* use env for repeated values

* match test to circleci

* fix envvar

* fix envvar 2

* fix envvar 3

* fix envvar 4

* fix envvar 5

* make upgrade and compatibility tests match circleci

* run go env to check environment

* debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* revert debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* going back to command that worked 5 days ago for compatibility tests

* Update Envoy versions to reflect changes in #16889

* cd to test dir

* try running ubuntu latest

* update PR with latest changes that work in enterprise

* yaml still sucks

* test GH fix (localhost resolution)

* change for testing

* test splitting and ipv6 lookup for compatibility and upgrade tests

* fix indention

* consul as image name

* remove the on push

* add gotestsum back in

* removing the use of the gotestsum download action

* yaml sucks today just like yesterday

* fixing nomad tests

* worked out the kinks on enterprise

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Eikenberry <jae@zhar.net>
Co-authored-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
2023-04-18 20:45:30 -06:00
Luke Kysow 46212cc570
Don't send updates twice (#16999) 2023-04-18 10:41:58 -07:00
Kevin Wang 268f93e6f4
Bump the golang.org/x/net to 0.7.0 to address CVE-2022-41723 (#16754)
* Bump the golang.org/x/net to 0.7.0 to address CVE-2022-41723

https://nvd.nist.gov/vuln/detail/CVE-2022-41723

* Add changelog entry

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-04-18 17:31:08 +00:00
Andrei Komarov eb9f671eaf
api: enable query options on agent force-leave endpoint (#15987) 2023-04-18 11:31:48 -05:00