Commit Graph

21090 Commits

Author SHA1 Message Date
lornasong edf4610ed9
[Cloud][CC-6925] Updates to pushing server state (#19682)
* Upgrade hcp-sdk-go to latest version v0.73

Changes:
- go get github.com/hashicorp/hcp-sdk-go
- go mod tidy

* From upgrade: regenerate protobufs for upgrade from 1.30 to 1.31

Ran: `make proto`

Slack: https://hashicorp.slack.com/archives/C0253EQ5B40/p1701105418579429

* From upgrade: fix mock interface implementation

After upgrading, there is the following compile error:

cannot use &mockHCPCfg{} (value of type *mockHCPCfg) as "github.com/hashicorp/hcp-sdk-go/config".HCPConfig value in return statement: *mockHCPCfg does not implement "github.com/hashicorp/hcp-sdk-go/config".HCPConfig (missing method Logout)

Solution: update the mock to have the missing Logout method

* From upgrade: Lint: remove usage of deprecated req.ServerState.TLS

Due to upgrade, linting is erroring due to usage of a newly deprecated field

22:47:56 [consul]: make lint
--> Running golangci-lint (.)
agent/hcp/testing.go:157:24: SA1019: req.ServerState.TLS is deprecated: use server_tls.internal_rpc instead. (staticcheck)
                time.Until(time.Time(req.ServerState.TLS.CertExpiry)).Hours()/24,
                                     ^

* From upgrade: adjust oidc error message

From the upgrade, this test started failing:

=== FAIL: internal/go-sso/oidcauth TestOIDC_ClaimsFromAuthCode/failed_code_exchange (re-run 2) (0.01s)
    oidc_test.go:393: unexpected error: Provider login failed: Error exchanging oidc code: oauth2: "invalid_grant" "unexpected auth code"

Prior to the upgrade, the error returned was:
```
Provider login failed: Error exchanging oidc code: oauth2: cannot fetch token: 401 Unauthorized\nResponse: {\"error\":\"invalid_grant\",\"error_description\":\"unexpected auth code\"}\n
```

Now the error returned is as below and does not contain "cannot fetch token"
```
Provider login failed: Error exchanging oidc code: oauth2: "invalid_grant" "unexpected auth code"

```

* Update AgentPushServerState structs with new fields

HCP-side changes for the new fields are in:
https://github.com/hashicorp/cloud-global-network-manager-service/pull/1195/files

* Minor refactor for hcpServerStatus to abstract tlsInfo into struct

This will make it easier to set the same tls-info information to both
 - status.TLS (deprecated field)
 - status.ServerTLSMetadata (new field to use instead)

* Update hcpServerStatus to parse out information for new fields

Changes:
 - Improve error message and handling (encountered some issues and was confused)
 - Set new field TLSInfo.CertIssuer
 - Collect certificate authority metadata and set on TLSInfo.CertificateAuthorities
 - Set TLSInfo on both server.TLS and server.ServerTLSMetadata.InternalRPC

* Update serverStatusToHCP to convert new fields to GNM rpc

* Add changelog

* Feedback: connect.ParseCert, caCerts

* Feedback: refactor and unit test server status

* Feedback: test to use expected struct

* Feedback: certificate with intermediate

* Feedback: catch no leaf, remove expectedErr

* Feedback: update todos with jira ticket

* Feedback: mock tlsConfigurator
2023-12-04 10:25:18 -05:00
aahel 7936e55807
added node health resource (#19803) 2023-12-02 11:14:03 +05:30
Jeff Boruszak 65c06f67e6
docs: improvements to v2 catalog explanation (#19678)
* commit

* Addresses comments from review
2023-12-01 14:35:44 -08:00
Ashesh Vidyut 82f6a8d7f3
Net 6585 (#19797)
Add multi tenancy to sidecar proxy controller
2023-12-01 21:28:57 +05:30
aahel ac9261ac3e
made node parition scoped (#19794)
* made node parition scoped

* removed namespace from node testdata
2023-12-01 07:42:29 +00:00
Manoj Srinivasamurthy c9f85eb925
NET-6692: Ensure 'upload test results' step is always run (#19783) 2023-12-01 09:23:25 +05:30
emily neil 2eebdb22ba
Remove Duplicate UBI Tags (#19737)
- Amalgamate UBI with Dockerhub and Redhat tags into one step
- Avoids a production incident that errors on duplicate tags:
https://github.com/hashicorp/releng-support/issues/123
2023-11-30 14:49:40 -08:00
Semir Patel 2d1f308138
resource: add v2tenancy feature flag to deployer tests (#19774) 2023-11-30 11:41:30 -06:00
Matt Keeler 8f7f15e430
Pin lint-consul-retry to v1.3.0 (#19781)
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2023-11-29 22:44:22 +00:00
Jeff Apple 790cb30173
Docs: FIPS - add cluster peering info (#19768)
* Docs: FIPS - add cluster peering info

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/enterprise/fips.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-11-29 13:08:47 -08:00
John Maguire 69b1d2072b
[V2] Move resource field on gateway class config from repeated map to single map (#19773)
Move resource field on gateway class config from repeated map to single
map
2023-11-29 18:12:42 +00:00
Michael Zalimeni 54f13ebaa5
docs: Rename locality docs observe section to verification (#19769)
* docs: Rename locality docs observe section to verification

Follow-up to #19605 review.

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-11-29 17:16:51 +00:00
Michael Zalimeni d1f2fa1841
[NET-6725] test: Address occasional flakes in sidecarproxy/controller_test.go (#19760)
test: Address occasional flakes in sidecarproxy/controller_test.go

We've observed an occasional flake in this test where some state check
fails. Adding in some wait wrappers to these state checks will hopefully
address the issue, assuming it is a simple flake.
2023-11-29 16:56:14 +00:00
John Maguire a0240e3794
[NET-5688] APIGateway UI Topology Fixes (#19657)
* Update catalog and ui endpoints to show APIGateway in gateway service
topology view

* Added initial implementation for service view

* updated ui

* Fix topology view for gateways

* Adding tests for gw controller

* remove unused args

* Undo formatting changes

* Fix call sites for upstream/downstream gw changes

* Add config entry tests

* Fix function calls again

* Move from ServiceKey to ServiceName, cleanup from PR review

* Add additional check for length of services in bound apigateway for
IsSame comparison

* fix formatting for proto

* gofmt

* Add DeepCopy for retrieved BoundAPIGateway

* gofmt

* gofmt

* Rename function to be more consistent
2023-11-28 21:27:14 +00:00
sarahalsmiller fd1d97c334
Add Kubebuilder tags to Gatewayclassconfig proto messages (#19725)
* add build tags/import k8s specific proto packages

* fix generated import paths

* fix gomod linting issue

* mod tidy every go mod file

* revert protobuff version, take care of in different pr

* cleaned up new lines

* added newline to end of file
2023-11-28 14:46:11 -06:00
hc-github-team-es-release-engineering 39136f46fe
license file updates (#19750) 2023-11-28 11:59:45 -08:00
Michael Zalimeni 66306a8ac2
[NET-5916] docs: Add locality examples and troubleshooting (#19605)
docs: Add locality examples and troubleshooting

Add further examples and tips for locality-aware routing configuration,
observability, and troubleshooting.
2023-11-28 19:15:24 +00:00
wangxinyi7 9dc24448ae
grpc client default in plaintext mode (#19412)
* grpc client default in plaintext mode

* renaming and fix linter

* update the description and remove the context

* trim tests
2023-11-28 10:58:57 -08:00
Thomas Eckert 419677cc9e
[NET-6420] Add MeshConfiguration Controller stub (#19745)
* Add meshconfiguration/controller

* Add MeshConfiguration Registration function

* Fix the TODOs on the RegisterMeshGateway function

* Call RegisterMeshConfiguration

* Add comment to MeshConfigurationRegistration

* Add a test for Reconcile and some comments
2023-11-28 18:56:07 +00:00
Chris S. Kim 5107764115
Move test setup out of subtest (#19753) 2023-11-28 18:39:37 +00:00
aahel 991dfff8a5
added ent to ce downgrade doc (#19590)
* added ent to ce downgrade doc

* minor fix

* formatting fixes

* fixed doc path

* reformat doc

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

* added reason for panic in doc

* fixed linking page

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* reformatted nav data

* updated the downgrade steps

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/data/docs-nav-data.json

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* fixed review comments

* fixed typo

* minor fix

* minor fix

* some rewording in downgrade details

* fixed minor fmt issues

* minor fmt

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* changed ```shell to to ```shell-session

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* fixed some fmt issues

* fmt doc

* minor text fix

* fmt doc

* fix fmt

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* Update website/content/docs/enterprise/ent-to-ce-downgrades.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

* added prompt to all shell commands

* fix fmt

* fixed indentation

* Reformatted for consistency with our writing styles

* Apply suggestions from code review

Few more tweaks

---------

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: trujillo-adam <ajosetru@gmail.com>
2023-11-28 16:12:01 +00:00
Michael Zalimeni 2732376449
ci: Run `go mod tidy` check on submodules (#19744)
Today, we do not enforce a clean `go mod tidy` on submodules. This
allows for drift and can eventually lead to `golangci-lint` failures,
along with the obvious disadvantage of not having an up-to-date
`go.mod`.

Enforce clean `go mod tidy` on all `go.mod` by using our make target
rather than the direct root-level command.
2023-11-27 16:28:35 -05:00
Nick Irvine af27121fcc
add nightly integ tests for peering_commontopo [NET-6628] (#19724) 2023-11-27 21:01:33 +00:00
Semir Patel 5930748cb0
resource: ListByOwner returns empty list on non-existent tenancy (#19742) 2023-11-27 14:56:08 -06:00
Melisa Griffin 3f0a75228f
Adds GatewayClassName field to MeshGateway Proto (#19738) 2023-11-27 14:49:54 -05:00
Michael Zalimeni cc14ccf34a
[NET-6617] security: Bump github.com/golang-jwt/jwt/v4 to 4.5.0 (#19705)
security: Bump github.com/golang-jwt/jwt/v4 to 4.5.0

This version is accepted by Prisma/Twistlock, resolving scan results for
issue PRISMA-2022-0270. Chosen over later versions to avoid a major
version with breaking changes that is otherwise unnecessary.

Note that in practice this is a false positive (see
https://github.com/golang-jwt/jwt/issues/258), but we should update the
version to aid customers relying on scanners that flag it.
2023-11-27 11:03:26 -05:00
Ronald eded2ff347
[NET-6249] Add templated policies description (#19735) 2023-11-27 10:34:22 -05:00
Ronald c1dbf00a85
NET-6251 API gateway templated policy (#19728) 2023-11-24 17:55:05 +00:00
Poonam Jadhav 78f918a103
feat: create a default namespace (#19681)
* feat: create a default namespace on leader

* refactor: add comment and move inittenancy to leader file

* refactor: rephrase comment
2023-11-22 14:32:57 -05:00
Chris S. Kim 8fe0bd1cbd
Add docs for identity acl rules (#19713) 2023-11-22 12:29:43 -05:00
Semir Patel 7cf48bcbe1
Fix failing test in command/resource/read (#19722) 2023-11-22 17:04:54 +00:00
Ganesh S ba2422596f
Add tenancy tests for routes controller (#19706) 2023-11-22 21:52:10 +05:30
Semir Patel 0fdc2ac5e9
v2tenancy: namespace deletion using finalizers (#19714) 2023-11-22 10:06:11 -06:00
Valeriia Ruban f69c68e777
chore: add suffix to consul version in sidenav (#19660) 2023-11-21 09:47:16 -08:00
cskh d3bf47fe08
cli: add a string method to gvk struct (#19696) 2023-11-21 11:29:00 -05:00
Michael Zalimeni 8a89465e96
[SECVULN-1533] chore: Clarify iptables Provider interface docs (#19704)
chore: Clarify iptables Provider interface docs

Add docs clarifying constraints on use and return values.
2023-11-21 09:01:48 -05:00
aahel a28f4b7f37
optimized fetching services in exported service controller (#19695)
* optimized fetching services in exported service controller

* added aliases for some complex types
2023-11-21 12:21:22 +05:30
Michael Zalimeni 58cc6eded4
[SECVULN-1532] chore: Remove TODO comments for OIDC/JWT auth (#19700)
chore: Remove TODO comments for OIDC/JWT auth

Remove old TODO comments and update remaining comments for clarity.
2023-11-20 21:34:48 +00:00
Ashvitha bfb3a43648
Default "stats_flush_interval" to 1 minute for Consul Telemetry Collector (#19663)
* Set default of 1m for StatsFlushInterval when the collector is setup

* Add documentation on the stats_flush_interval value

* Do not default in two conditions 1) preconfigured sinks exist 2) preconfigured flush interval exists

* Fix wording of docs

* Add changelog

* Fix docs
2023-11-20 16:18:30 -05:00
Dhia Ayachi d7323ca22c
do not auto merge backports (#19694)
do not auto merge backport as there is a bug in backport assistant that could merge the entire main into release branches.
2023-11-20 11:51:39 -05:00
Chris S. Kim 5d7b1170af
Switch to github-actions format for integration tests (#19693) 2023-11-20 11:39:51 -05:00
Chris S. Kim 2f9bc5b0c3
Switch to github-actions format (#19667) 2023-11-20 09:55:51 -05:00
Dhia Ayachi f027d61014
fix a panic in the CLI when deleting an acl policy with an unknown name (#19679)
* fix a panic in the CLI when deleting an acl policy with an unknown name

* add changelog
2023-11-20 09:47:44 -05:00
Ronald 415491ff2b
[NET-6640] Add docs for binding type policy (#19677) 2023-11-20 14:44:30 +00:00
Mike Nomitch 302f994410
[NET-6640] Adds "Policy" BindType to BindingRule (#19499)
feat: add bind type of policy

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-11-20 13:11:08 +00:00
Valeriia Ruban 0058045969
fix: remove 2 tests to unblock consul-enterprise merges (#19687) 2023-11-20 07:12:27 -05:00
Ganesh S b45a6a3809
Update ECS compat matrix (#19675) 2023-11-19 20:35:34 +05:30
Valeriia Ruban 4dcbacff53
fix: temporary remove token policy test (#19683) 2023-11-17 17:51:10 -08:00
Iryna Shustava d05f67cebd
Add engineering docs for controllers and v2 architecture (#19671)
* add controller docs

* add v2 service mesh docs
2023-11-17 17:55:09 -07:00
cskh ce66433311
integ-test: fix upgrade test for CE (#19673)
* integ-test: fix upgrade test for CE
2023-11-17 12:34:30 -05:00