Commit Graph

12170 Commits

Author SHA1 Message Date
Matt Keeler 6e7acfa618
Add an AutoEncrypt “integration” test
Also fix a bug where Consul could segfault if TLS was enabled but no client certificate was provided. How no one has reported this as a problem I am not sure.
2020-06-30 15:23:29 -04:00
Matt Keeler 2ddcba00c6
Overwrite agent leaf cert trust domain on the servers 2020-06-30 09:59:08 -04:00
Matt Keeler 19040f1166
Store the Connect CA rate limiter on the server
This fixes a bug where auto_encrypt was operating without utilizing a common rate limiter.
2020-06-30 09:59:07 -04:00
Matt Keeler a5a9560bbd
Initialize the agent leaf cert cache result with a state to prevent unnecessary second certificate signing 2020-06-30 09:59:07 -04:00
Matt Keeler 39b567a55a
Fix auto_encrypt IP/DNS SANs
The initial auto encrypt CSR wasn’t containing the user supplied IP and DNS SANs. This fixes that. Also We were configuring a default :: IP SAN. This should be ::1 instead and was fixed.
2020-06-30 09:59:07 -04:00
Davor Kapsa b287ebc1fb
clean cli.Run error message (#8191) 2020-06-30 13:12:29 +02:00
Fatih Sarhan f6eaf74de2 docs: Fix typo on openstack cloud-auto-join 2020-06-29 13:56:01 -07:00
Chris Piraino ea683ebb6c
cli: Output message on success when writing/deleting entries (#7806)
This provides a user with a better experience, knowing that the command
worked appropriately. The output of the write/delete CLI commands are
not going to be used in a bash script, in fact previously a success
provided no ouput, so we do not have to worry about spurious text being
injected into bash pipelines.
2020-06-29 15:47:40 -05:00
Kevin Pruett 8335a15b34
Merge pull request #8202 from hashicorp/pruett.algolia-index-ci
Add Algolia indexing to CI
2020-06-29 15:04:50 -04:00
Kevin Pruett 41254a1b74
Add Algolia indexing to CI 2020-06-29 12:14:43 -04:00
John Cowen 73e8face3c
ui: Don't hide TTL check output (#8187)
We'd assumed that TTL check outputs shouldn't be shown as it seemed like
they never had outputs, but they can be submitted with notes, which are
then converted into the output.

This unhides the output for TTLs and treats them exactly the same as
other healthchecks.
2020-06-29 15:29:20 +01:00
Seth Hoenig 95f46eb3ed
api/agent: enable setting SuccessBeforePassing and FailuresBeforeCritical in API (#7949)
Fixes #7764

Until now these two fields could only be set through on-disk agent configuration.
This change adds the fields to the agent API struct definition so that they can
be set using the agent HTTP API.
2020-06-29 14:52:35 +02:00
Matt Keeler 85fd8c552f
Merge pull request #8193 from hashicorp/feature/auto-config/suppress-config-warnings 2020-06-27 10:06:52 -04:00
R.B. Boyer 75de960011 update changelog 2020-06-26 17:00:17 -05:00
R.B. Boyer 462f0f37ed
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194)
Highlights:

- add new endpoint to query for intentions by exact match

- using this endpoint from the CLI instead of the dump+filter approach

- enforcing that OSS can only read/write intentions with a SourceNS or
  DestinationNS field of "default".

- preexisting OSS intentions with now-invalid namespace fields will
  delete those intentions on initial election or for wildcard namespaces
  an attempt will be made to downgrade them to "default" unless one
  exists.

- also allow the '-namespace' CLI arg on all of the intention subcommands

- update lots of docs
2020-06-26 16:59:15 -05:00
Matt Keeler be576c9737
Use the DNS and IP SANs from the auto config stanza when set 2020-06-26 16:01:30 -04:00
Matt Keeler e8b39dd255
Overhaul the auto-config translation
This fixes some issues around spurious warnings about using enterprise configuration in OSS.
2020-06-26 15:25:21 -04:00
Freddy 10d6e9c458
Split up unused key validation for oss/ent (#8189)
Split up unused key validation in config entry decode for oss/ent.

This is needed so that we can return an informative error in OSS if namespaces are provided.
2020-06-25 13:58:29 -06:00
Daniel Nephin a891ee8428
Merge pull request #8176 from hashicorp/dnephin/add-linter-unparam-1
lint: add unparam linter and fix some of the issues
2020-06-25 15:34:48 -04:00
Freddy 70cf674d72
Merge pull request #8186 from hashicorp/docs-cleanup 2020-06-25 11:44:24 -06:00
Freddy e10058bc3f
Update website/pages/docs/acl/auth-methods/jwt.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2020-06-25 11:43:42 -06:00
Kenia 5dd923ee8b
ui: Support ingress gateways upstreams with multiple addresses (#8185)
* Upgrade consul-api-double to version 3.1.2

* Display multiple addresses for ingress gateway upstreams
2020-06-25 09:50:39 -04:00
Matt Keeler 7041f69892
Merge pull request #8184 from hashicorp/bugfix/goroutine-leaks 2020-06-25 09:22:19 -04:00
freddygv 166da8f710 Remove remaining beta tags 2020-06-24 16:12:24 -06:00
freddygv 3f01e08ae0 Remove stray instruction 2020-06-24 16:12:08 -06:00
freddygv 98c5eb8868 Add docs for upstream destination's namespace 2020-06-24 16:11:44 -06:00
Chris Piraino df48db0abd
Merge pull request #7932 from hashicorp/ingress/internal-ui-endpoint-multiple-ports
Update gateway-services-nodes API endpoint to allow multiple addresses
2020-06-24 17:11:01 -05:00
freddygv 394b1f2e7f Add tabs to config entry examples 2020-06-24 16:10:46 -06:00
Chris Piraino f213d3592a remove obsolete comments about test parallelization 2020-06-24 16:36:13 -05:00
Chris Piraino b3db907bdf Update gateway-services-nodes API endpoint to allow multiple addresses
Previously, we were only returning a single ListenerPort for a single
service. However, we actually allow a single service to be serviced over
multiple ports, as well as allow users to define what hostnames they
expect their services to be contacted over. When no hosts are defined,
we return the default ingress domain for any configured DNS domain.

To show this in the UI, we modify the gateway-services-nodes API to
return a GatewayConfig.Addresses field, which is a list of addresses
over which the specific service can be contacted.
2020-06-24 16:35:23 -05:00
Matt Keeler e9835610f3
Add a test for go routine leaks
This is in its own separate package so that it will be a separate test binary that runs thus isolating the go runtime from other tests and allowing accurate go routine leak checking.

This test would ideally use goleak.VerifyTestMain but that will fail 100% of the time due to some architectural things (blocking queries and net/rpc uncancellability).

This test is not comprehensive. We should enable/exercise more features and more cluster configurations. However its a start.
2020-06-24 17:09:50 -04:00
Matt Keeler 29d0cfdd7d
Fix go routine leak in auto encrypt ca roots tracking 2020-06-24 17:09:50 -04:00
Matt Keeler 25a4f3c83b
Allow cancelling blocking queries in response to shutting down. 2020-06-24 17:09:50 -04:00
Rebecca Zanzig 864e7f6ae0 Rearrange k8s connect docs to make space for gateways 2020-06-24 13:35:14 -07:00
John Cowen 9e77922daa
ui: Ensure the tooltip panel chevron isn't hidden by overflow (#8183) 2020-06-24 18:07:19 +01:00
Daniel Nephin 0279bf6fe5 Update TestAgent_GetCoordinate
The old test case was a very specific regresion test for a case that is no longer possible.
Replaced with a new test that checks the default coordinate is returned.
2020-06-24 13:00:15 -04:00
Daniel Nephin f65e21e6dc Remove unused return values 2020-06-24 13:00:15 -04:00
Daniel Nephin 010a609912 Fix a bunch of unparam lint issues 2020-06-24 13:00:14 -04:00
Matt Keeler 15e7b3940c
Ensure that retryLoopBackoff can be cancelled
We needed to pass a cancellable context into the limiter.Wait instead of context.Background. So I made the func take a context instead of a chan as most places were just passing through a Done chan from a context anyways.

Fix go routine leak in the gateway locator
2020-06-24 12:41:08 -04:00
Matt Keeler 1093212176
Add test to ensure the StopChannelContext works properly 2020-06-24 12:34:57 -04:00
Matt Keeler e2cfa93f02
Don’t leak metrics go routines in tests (#8182) 2020-06-24 10:15:25 -04:00
Kenia 0db4cb305f
ui: Refactor composite rows to use description lists and add Tooltips (#8175)
* Update Consul Service List composite rows with Tooltips and description lists

* Update Consul Service Instance List composite rows with Tooltips and description lists

* Removed line height in reduced pill to match the description lists in the composite rows
2020-06-24 09:54:16 -04:00
gitforbit 808f632346
agent-http: cleanup: return nil instead of err (#8043)
Since err is already checked, it should return `nil`
2020-06-24 14:29:21 +02:00
Mike Morris 49fc7eb4bb
Update dev.mdx (#8090)
Remove ref to "virtual service" to avoid confusion with L7 routing virtual services, replace with "debug service".
2020-06-24 14:26:01 +02:00
Valery V. Vorotyntsev 3098bc8593
Fix quorum formula in consensus.mdx (#8166)
[Add & Remove Servers](https://learn.hashicorp.com/consul/day-2-operations/servers)
guide uses `(N/2)+1` quorum formula.  So does the
[Raft implementation](5927dcda05/raft.go (L909)).

Consensus Protocol document uses `(n+1)/2` formula.
This formula is not only different, it conflicts with the
[Deployment Table](https://www.consul.io/docs/internals/consensus.html#deployment_table)
in the same document; e.g., (6+1)/2 = 3, not 4.

Replace `(n+1)/2` with `(N/2)+1` in Consensus Protocol document.
2020-06-24 14:23:36 +02:00
Alvin Huang 2a95289f56
remove set -e for cherry-pick script since we collect errors (#8177) 2020-06-23 18:37:20 -04:00
R.B. Boyer c63c994b04
connect: upgrade github.com/envoyproxy/go-control-plane to v0.9.5 (#8165) 2020-06-23 15:19:56 -05:00
Chris Piraino 2904cdac36
docs: Specify port in host for example (#8167)
This example shows a TLS enabled ingress config on a non-https port.
Currently, that means we require the port to be specified in one of the
host entries to route traffic.
2020-06-23 14:41:51 -05:00
John Cowen 20a6e1c638
ui: Make sure right trim doesn't try to overtrim (#8171) 2020-06-23 18:34:21 +01:00
Freddy 5f9c5ef73a
Merge pull request #8169 from hashicorp/config-entry-ns 2020-06-23 11:15:23 -06:00