Commit Graph

15666 Commits

Author SHA1 Message Date
Alessandro De Blasis 2f970555d9 config: warn the user if client_addr is empty
if the provided value is empty string then the client services
(DNS, HTTP, HTTPS, GRPC) are not listening and the user is not notified
in any way about what's happening.
Also, since a not provided client_addr defaults to 127.0.0.1, we make sure
we are not getting unwanted warnings

Signed-off-by: Alessandro De Blasis <alex@deblasis.net>
2021-11-01 22:47:20 +00:00
Freddy 3f30afd26b
Merge pull request #11450 from hashicorp/ap/best-addr
Ensure calls to BestAddress consider partition
2021-11-01 15:44:41 -06:00
freddygv 60066e5154 Exclude default partition from GatewayKey string
This will behave the way we handle SNI and SPIFFE IDs, where the default
partition is excluded.

Excluding the default ensures that don't attempt to compare default.dc2
to dc2 in OSS.
2021-11-01 14:45:52 -06:00
freddygv e3666b0bc4 Update GatewayKeys deduplication
Federation states data is only keyed on datacenter, so it cannot be
directly compared against keys for gateway groups.
2021-11-01 13:58:53 -06:00
freddygv 90ce897456 Store GatewayKey in proxycfg snapshot for re-use 2021-11-01 13:58:53 -06:00
freddygv bbe46e9522 Update locality check in xds 2021-11-01 13:58:53 -06:00
freddygv 4d4ccedb3a Update locality check in proxycfg 2021-11-01 13:58:53 -06:00
Peter M 697e97f57f
adding K8s page to subnav (#11467)
* adding K8s page to subnav

per request from HLT, updating use case tab to lead to K8s page instead of service mesh.

* Update subnav.js
2021-11-01 12:41:55 -07:00
Melissa Kam 867077c48b
Merge pull request #11466 from hashicorp/cts-tls-typo
docs/nia: Fix typo in TLS configs for CTS
2021-11-01 14:23:15 -05:00
Melissa Kam c8240101dc docs/nia: Fix typo in TLS configs for CTS 2021-11-01 14:03:19 -05:00
Daniel Nephin 7337cfd6dc
Merge pull request #11340 from hashicorp/dnephin/ca-manager-provider
ca: split the Provider interface into Primary/Secondary
2021-11-01 14:11:15 -04:00
Daniel Nephin eee598e91c
Merge pull request #11338 from hashicorp/dnephin/ca-manager-isolate-secondary
ca: clearly identify methods that are primary-only or secondary-only
2021-11-01 14:10:31 -04:00
99 8d914003e8
Merge pull request #11417 from hashicorp/crt-migration-1.11.0-betax
Crt migration 1.11.0 betax
2021-11-01 11:02:55 -07:00
Melissa Kam e7cf8226a1
Merge pull request #11463 from hashicorp/docs-cts-tls
docs/nia: Update TLS-related configurations for CTS
2021-11-01 12:39:39 -05:00
Daniel Upton d47b7311b8
Support Check-And-Set deletion of config entries (#11419)
Implements #11372
2021-11-01 16:42:01 +00:00
trujillo-adam 8ca5be47c8
Merge pull request #11441 from hashicorp/docs/admin-partitions-feedback-acl-policies
admin partitions feedback related to ACLs; additional improvements to ACL rule docs
2021-11-01 09:09:38 -07:00
trujillo-adam 78e59170fa
Update website/content/docs/security/acl/acl-rules.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-11-01 09:07:08 -07:00
Melissa Kam 0b744289b7 docs/nia: Update TLS-related configurations for CTS
- Clarify file types and uses of the configurations
- Update some wording to match between Consul and TFE TLS configs
2021-11-01 10:44:14 -05:00
Dhia Ayachi 2801785710
regenerate expired certs (#11462)
* regenerate expired certs

* add documentation to generate tests certificates
2021-11-01 11:40:16 -04:00
Jared Kirschner 0854e1d684
Merge pull request #11348 from kbabuadze/fix-answers-alt-domain
Fix answers for alt domain
2021-10-29 17:09:20 -04:00
David Yu 1dcb949306
docs: add -verbose flag for install command (#11447) 2021-10-29 12:08:23 -07:00
99 0402cc16bf PR fixes 2021-10-28 22:22:38 -07:00
R.B. Boyer 61361c2e5d
cli: update consul members output to display partitions and sort the results usefully (#11446) 2021-10-28 17:27:31 -05:00
R.B. Boyer c8cafb7654
agent: for various /v1/agent endpoints parse the partition parameter on the request (#11444)
Also update the corresponding CLI commands to send the parameter
appropriately.

NOTE: Behavioral changes are not happening in this PR.
2021-10-28 16:44:38 -05:00
R.B. Boyer af9ffc214d
agent: add a clone function for duplicating the serf lan configuration (#11443) 2021-10-28 16:11:26 -05:00
Mark Anderson 977be77493
Fix back compat issues with UDS config (#11318)
SocketPath needs to be omitted when empty to avoid confusing older versions of Consul

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-10-28 13:31:10 -07:00
David Yu 823026e319
docs: revised Helm install to create namespace and install on dedicated namespace (#11440)
* docs: revised Helm install to create namespace and install on dedicated Consul namespace

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update install.mdx

* changing to Helm 3.2+ as a pre-req to make it easier to follow
* might as well bump to latest version

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-28 12:27:00 -07:00
trujillo-adam bb18625219 applying admin partitions feedback related to ACLs; additional immprovments to ACL rule docs 2021-10-28 11:23:15 -07:00
99 26f53e82b5
Update .github/workflows/build.yml
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-10-28 11:07:55 -07:00
Daniel Nephin 210d37e4ab
Merge pull request #10671 from hashicorp/dnephin/fix-subscribe-test-flake
subscribe: improve TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages
2021-10-28 12:57:09 -04:00
Daniel Nephin 96a31df5c8
Merge pull request #11255 from hashicorp/dnephin/fix-auth-verify-incoming
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
2021-10-28 12:56:58 -04:00
sidzi 29f192a130
Refactor requireHttpCodes for segregated error handling (#11287) 2021-10-28 12:24:23 -04:00
Kim Ngo 0c0460b53f
CTS document manual apply (#11426)
* CTS document manual apply
* Add Consul-Terraform-Sync parentheses to CTS acronym
* Add tf link for run notifications
2021-10-28 10:19:18 -05:00
Evan Culver 61be9371f5
connect: Remove support for Envoy 1.16 (#11354) 2021-10-27 18:51:35 -07:00
Evan Culver bec08f4ec3
connect: Add support for Envoy 1.20 (#11277) 2021-10-27 18:38:10 -07:00
Freddy ab425e3ca1
Merge pull request #11436 from hashicorp/api/exports-marshal
[OSS] Ensure partition-exports kind gets marshaled
2021-10-27 15:27:25 -06:00
99 1732861848 Update release branch to 1.11.x 2021-10-27 14:14:02 -07:00
freddygv 4c45cafce2 Update filename to match entry kind - mesh 2021-10-27 15:01:26 -06:00
freddygv ac96ce6552 Ensure partition-exports kind gets marshalled
The api module has decoding functions that rely on 'kind' being present
of payloads. This is so that we can decode into the appropriate api type
for the config entry.

This commit ensures that a static kind is marshalled in responses from
Consul's api endpoints so that the api module can decode them.
2021-10-27 15:01:26 -06:00
Daniel Nephin a3c781682d subscribe: attempt to fix a flaky test
TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages has been
flaking a few times. This commit cleans up the test a bit, and improves
the failure output.

I don't believe this actually fixes the flake, but I'm not able to
reproduce it reliably.

The failure appears to be that the event with Port=0 is being sent in
both the snapshot and as the first event after the EndOfSnapshot event.

Hopefully the improved logging will show us if these are really
duplicate events, or actually different events with different indexes.
2021-10-27 15:09:09 -04:00
Freddy fbcf9f3f6c
Merge pull request #11435 from hashicorp/ent-authorizer-refactor
[OSS] Export ACLs refactor
2021-10-27 13:04:40 -06:00
Freddy 303532825f
Merge pull request #11432 from hashicorp/ap/exports-mgw
[OSS] Update mesh gateways to handle partitions
2021-10-27 12:54:53 -06:00
freddygv 43360eb216 Rework acl exports interface 2021-10-27 12:50:39 -06:00
freddygv 0a4ff4bb91 Prefer concrete policyAuthorizer type
There will only ever be policyAuthorizers embedded in
namespaceAuthorizers, this commit swaps out the interface in favor of
the concrete type.
2021-10-27 12:50:19 -06:00
Freddy ec7e94d129
Merge pull request #11433 from hashicorp/exported-service-acls
[OSS] acl: Expand ServiceRead and NodeRead to account for partition exports
2021-10-27 12:48:08 -06:00
freddygv e93c144d2f Update comments 2021-10-27 12:36:44 -06:00
Daniel Nephin 4afc24268d tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
See github.com/hashicorp/consul/issues/11207

When VerifyIncomingRPC is false the TLS conn will not have the required certificates.
2021-10-27 13:43:25 -04:00
Freddy a8762be529
Merge pull request #11431 from hashicorp/ap/exports-proxycfg
[OSS] Update partitioned mesh gw handling for connect proxies
2021-10-27 11:27:43 -06:00
Freddy b1b6f682e1
Merge pull request #11416 from hashicorp/ap/exports-update
Rename service-exports to partition-exports
2021-10-27 11:27:31 -06:00
freddygv 3a2061544d Fixup partitions assertion 2021-10-27 11:15:25 -06:00