3357a14339
server: ensure that central service config flattening properly resets the state each time ( #10245 )
...
The prior solution to call reply.Reset() aged poorly since newer fields
were added to the reply, but not added to Reset() leading serial
blocking query loops on the server to blend replies.
This could manifest as a service-defaults protocol change from
default=>http not reverting back to default after the config entry
reponsible was deleted.
Backport of #10239 to 1.9.x
2021-05-14 13:20:49 -05:00
89180eb281
agent: ensure we hash the non-deprecated upstream fields on ServiceConfigRequest ( #10240 ) ( #10244 )
...
Backport of #10240 to 1.9.x
2021-05-14 10:49:18 -05:00
a179607457
[1.9.x] connect: update supported envoy versions to 1.16.4, 1.15.5, 1.14.6, and 1.13.7 ( #10232 )
...
manual backport of #10231 to 1.9.x
2021-05-12 14:26:56 -05:00
1aa15c7c61
agent/local: only fallback to agent token for deletes
...
Fallback to the default user token for synching registrations.
2021-05-10 16:04:05 -04:00
3dc91798c6
agent/local: do not persist the agent tokens
...
Only default to the user token and agent token for the sync. Change the
exported methods to only return the stored tokens associated with a
specific check or service.
2021-05-10 16:03:30 -04:00
cd55f89f84
Merge pull request #10189 from hashicorp/dnephin/http-api-health-query-meta
...
http: set consistency header properly for health endpoint
2021-05-06 18:05:50 +00:00
6675af4b0a
Give descriptive error if auth method not found ( #10163 )
...
* Give descriptive error if auth method not found
Previously during a `consul login -method=blah`, if the auth method was not found, the
error returned would be "ACL not found". This is potentially confusing
because there may be many different ACLs involved in a login: the ACL of
the Consul client, perhaps the binding rule or the auth method.
Now the error will be "auth method blah not found", which is much easier
to debug.
2021-05-03 20:39:55 +00:00
ee30a54c7f
[1.9.x] connect: update supported envoy versions to 1.16.3, 1.15.4, 1.14.7, 1.13.7 ( #10105 )
2021-04-29 15:49:16 -05:00
aa2099d12a
Add prometheus guage definitions for replication metrics. ( #10109 )
2021-04-23 21:06:21 +00:00
7093e48f97
[Backport/1.9.x] Backport #10073 ( #10104 )
...
* Merge pull request #10094 from hashicorp/update-fingerprint
updating fingerprint
* Add replication metrics (#10073 )
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-04-23 16:17:09 -04:00
f65b9ac4cf
Merge pull request #9672 from hashicorp/ca-force-skip-xc
...
connect/ca: Allow ForceWithoutCrossSigning for all providers
2021-04-20 15:30:37 -05:00
7398f36168
update bindata_assetfs.go
2021-04-15 18:15:02 +00:00
dc937c9532
Merge pull request #10023 from hashicorp/fix-raw-kv-xss
...
Add content type headers to raw KV responses
2021-04-15 13:44:02 +00:00
04d3575f11
Merge pull request #10025 from hashicorp/dnephin/fix-snapshot-auth-methods
...
snapshot: fix saving of auth methods
2021-04-14 21:19:24 +00:00
72aee1d8c4
Move static token resolution into the ACLResolver ( #10013 )
2021-04-14 16:40:12 +00:00
7b88faca15
Merge pull request #9042 from lawliet89/tg-rewrite
2021-04-08 12:59:22 -06:00
bb985743e9
cache: Fix bug where connection errors can cause early cache expiry ( #9979 )
...
Fixes a cache bug where TTL is not updated while a value isn't changing or cache entry is returning fetch errors.
2021-04-08 10:11:46 +00:00
5587296464
Merge pull request #9977 from hashicorp/grpc-tuning
...
streaming: Grpc tuning
2021-04-08 10:10:22 +00:00
78c1528c48
cache: fix bug where TTLs were ignored leading to leaked memory in client agents ( #9978 )
...
* Fix bug in cache where TTLs are effectively ignored
This mostly affects streaming since streaming will immediately return from Fetch calls when the state is Closed on eviction which causes the race condition every time.
However this also affects all other cache types if the fetch call happens to return between the eviction and then next time around the Get loop by any client.
There is a separate bug that allows cache items to be evicted even when there are active clients which is the trigger here.
* Add changelog entry
* Update .changelog/9978.txt
2021-04-08 10:09:29 +00:00
8df30a4ded
[1.9.x] api: ensure v1/health/ingress/:service endpoint works properly when streaming is enabled ( #9968 )
...
Backport of #9967 to 1.9.x
2021-04-05 13:23:15 -05:00
5e3825d9a7
Merge pull request #9923 from hashicorp/dnephin/fix-ui-config
...
http: fix a bug that would cause runtimeConfig to be cached
2021-03-25 16:29:01 +00:00
c2f56435bb
introduce certopts ( #9606 )
...
* introduce cert opts
* it should be using the same signer
* lint and omit serial
2021-03-22 09:17:19 +00:00
7e663ef039
Merge pull request #9851 from panascais-forks/fix-wan-ipv6-key
...
Fix advertise_addr_wan_ipv6 configuration key
2021-03-10 16:59:23 +00:00
30b4dd1bcf
Merge pull request #9683 from hashicorp/dnephin/fix-zombie-service-dereg
...
local: use agent token to deregister services
2021-03-05 21:47:24 +00:00
b6e0d5827d
update bindata_assetfs.go
2021-03-04 19:24:42 +00:00
a10ddedb1d
Remove duplicate import
2021-03-02 14:34:19 -05:00
dd0b307c8f
Merge pull request #9188 from hashicorp/dnephin/more-streaming-tests
...
Add more streaming tests
2021-02-26 17:37:29 +00:00
ef3f6d5e3f
ui: Remove any trailing fullstop/period DNS characters from Gateways UI API ( #9752 )
...
Previous to this commit, the API response would include Gateway
Addresses in the form `domain.name.:8080`, which due to the addition of
the port is probably not the expected response.
This commit rightTrims any `.` characters from the end of the domain
before formatting the address to include the port resulting in
`domain.name:8080`
2021-02-25 09:36:37 +00:00
649aa884f2
test: omit envoy golden test files that differ from the latest version ( #9823 )
...
backport of #9807 to 1.9.x
2021-02-24 16:04:10 -06:00
cbd3b98682
connect: if the token given to the vault provider returns no data avoid a panic ( #9806 )
...
Improves #9800
2021-02-22 20:09:21 +00:00
4c2a861dda
Merge pull request #9763 from hashicorp/dnephin/cache-warn-on-error-in-notify
...
cache: log a warning when Cache.Notify handles an error
2021-02-19 23:31:08 +00:00
0fa96a2fa8
xds: only try to create an ipv6 expose checks listener if ipv6 is supported by the kernel ( #9765 )
...
Fixes #9311
This only fails if the kernel has ipv6 hard-disabled. It is not sufficient to merely not provide an ipv6 address for a network interface.
2021-02-19 20:39:21 +00:00
5a8fc428bd
Merge pull request #9772 from hashicorp/streamin-fix-bad-cached-snapshot
...
streaming: fix snapshot cache bug
2021-02-16 20:28:33 +00:00
8db1a08fc9
Merge pull request #9758 from hashicorp/dnephin/fix-streaming-bugs
...
http: error if near is used with streaming
2021-02-12 15:38:33 +00:00
db8cc8624b
Log replication warnings when no error suppression is defined ( #9320 )
...
* Log replication warnings when no error suppression is defined
* Add changelog file
2021-02-10 23:32:04 +00:00
dd277b8ca8
connect: update supported envoy point releases to 1.16.2, 1.15.3, 1.14.6, 1.13.7 ( #9737 ) ( #9753 )
2021-02-10 13:28:12 -06:00
137374adb7
Merge pull request #9745 from hashicorp/dnephin/fix-streaming-bugs
...
streaming: fix a couple bugs
2021-02-09 23:31:23 +00:00
1b01d6f9f8
connect: connect CA Roots in the primary datacenter should use a SigningKeyID derived from their local intermediate ( #9428 ) ( #9733 )
...
1.9.x backport of #9428
2021-02-09 16:55:11 -06:00
975c196f7c
Stop background refresh of cached data for requests that result in ACL not found errors ( #9738 )
2021-02-09 15:16:35 +00:00
760c28a2df
Avoid potential proxycfg/xDS deadlock using non-blocking send
2021-02-08 23:18:32 +00:00
17effdeb28
xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists ( #9651 )
...
Also fix a similar issue in Terminating Gateways that was masked by an overzealous test.
2021-02-08 16:20:32 +00:00
cab795ecc3
xds: deduplicate mesh gateway listeners in a stable way ( #9650 )
...
In a situation where the mesh gateway is configured to bind to multiple
network interfaces, we use a feature called 'tagged addresses'.
Sometimes an address is duplicated across multiple tags such as 'lan'
and 'lan_ipv4'.
There is code to deduplicate these things when creating envoy listeners,
but that code doesn't ensure that the same tag wins every time. If the
winning tag flaps between xDS discovery requests it will cause the
listener to be drained and replaced.
2021-02-05 22:28:52 +00:00
30538fd8ff
update bindata_assetfs.go
2021-02-01 15:16:04 +00:00
fa9b61ba15
server: use the presense of stored federation state data as a sign that we already activated the federation state feature flag ( #9519 )
...
This way we only have to wait for the serf barrier to pass once before
we can make use of federation state APIs Without this patch every
restart needs to re-compute the change.
2021-01-28 16:35:19 +00:00
86afa3024a
Merge pull request #9252 from hashicorp/dnephin/config-unmethod
...
config: remove Builder receiver from funcs that dont use it
2021-01-27 22:32:25 +00:00
ab1e689c4a
Upgrade raft-autopilot and wait for autopilot it to stop when revoking leadership ( #9644 )
...
Fixes: 9626
2021-01-27 16:15:37 +00:00
a625d8f11b
Add flags to support CA generation for Connect ( #9585 )
2021-01-27 07:55:24 +00:00
f25a21960e
server: initialize mgw-wanfed to use local gateways more on startup ( #9528 )
...
Fixes #9342
2021-01-25 23:31:21 +00:00
30c3af893a
server: add OSS stubs supporting validation of source namespaces in service-intentions config entries ( #9527 )
2021-01-25 17:28:19 +00:00
5fe99cc2bd
server: when wan federating via mesh gateways only do heuristic primary DC bypass on the leader ( #9366 )
...
Fixes #9341
2021-01-22 16:07:06 +00:00
R.B. Boyer
Daniel Nephin
Luke Kysow
Matt Keeler
Kyle Havlovitz
hashicorp-ci
Kent 'picat' Gruber
Freddy
Paul Banks
Hans Hasselberg
John Cowen
R.B. Boyer
Chris Piraino