Commit Graph

14962 Commits

Author SHA1 Message Date
R.B. Boyer 6c47efd532
connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots (#10330)
progress on #9572
2021-07-13 11:12:07 -05:00
R.B. Boyer 7bf9ea55cf
connect/ca: require new vault mount points when updating the key type/bits for the vault connect CA provider (#10331)
progress on #9572
2021-07-13 11:11:46 -05:00
Iryna Shustava 95305881ce
cli/sdk: Allow applying redirect-traffic rules in a provided Linux namespace (#10564) 2021-07-13 10:05:48 -06:00
Melissa Kam a8e74bcf65
Merge pull request #10606 from hashicorp/cts-tf-1.0
nia/docs: Terraform 1.0 compatability
2021-07-13 10:50:33 -05:00
Melissa Kam ea302c7d3e nia/docs: Terraform 1.0 compatability 2021-07-13 10:22:05 -05:00
Daniel Nephin dc15e5eb8c
Merge pull request #10579 from hashicorp/dnephin/improve-config-docs-tls
docs: Improve TLS user documentation
2021-07-12 19:09:15 -04:00
Daniel Nephin 0ccad1d6f7
Merge pull request #10479 from hashicorp/dnephin/ca-provider-explore-2
ca: move Server.SignIntermediate to CAManager
2021-07-12 19:03:43 -04:00
Noel Quiles 29d2a9f4c5
Bump hashi-stack-menu (#10599) 2021-07-12 15:27:32 -07:00
Curt Marker eb3e9271d3
Fixed a typo that broke the example static-server deployment (#10582)
The service account was typo'd and needs to be fixed
2021-07-12 13:28:36 -07:00
Daniel Nephin b89ec826c8
Merge pull request #10445 from hashicorp/dnephin/ca-provider-explore
ca: isolate more of the CA logic in CAManager
2021-07-12 15:26:23 -04:00
Daniel Nephin bf292cbae4 ca: use provider constructors to be more consistent
Adds a contructor for the one provider that did not have one.
2021-07-12 14:04:34 -04:00
Dhia Ayachi 5ed56fc786 check error when `raftApplyMsgpack` 2021-07-12 13:42:51 -04:00
Daniel Nephin 3091026e02 auto-config: move autoConfigBackend impl off of Server
Most of these methods are used exclusively for the AutoConfig RPC
endpoint. This PR uses a pattern that we've used in other places as an
incremental step to reducing the scope of Server.
2021-07-12 13:42:40 -04:00
Daniel Nephin 0512cb2813 ca: move SignCertificate to the file where it is used 2021-07-12 13:42:39 -04:00
Daniel Nephin dfebfe508e ca: move SignCertificate to CAManager
To reduce the scope of Server, and keep all the CA logic together
2021-07-12 13:42:39 -04:00
Daniel Nephin c69a3fa760 docs: move TLS example next to field reference 2021-07-12 13:08:02 -04:00
Daniel Nephin 7e681b1428
Update website/content/docs/agent/options.mdx
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
2021-07-12 13:03:32 -04:00
Daniel Nephin 570eac3167
Merge pull request #10590 from hashicorp/dnephin/tls-config-less-copy
config: remove duplicate tlsutil.Config fields from agent/consul.Config
2021-07-12 13:00:52 -04:00
hc-github-team-consul-core a9dcfc59bd auto-updated agent/uiserver/bindata_assetfs.go from commit a96e87aec 2021-07-12 13:33:26 +00:00
Dhia Ayachi 047537833d add missing state reset when stopping ca manager 2021-07-12 09:32:36 -04:00
Daniel Nephin 6228c4a53c ca: fix mockCAServerDelegate to work with the new interface
raftApply was removed so ApplyCARequest needs to handle all the possible operations

Also set the providerShim to use the mock provider.

other changes are small test improvements that were necessary to debug the failures.
2021-07-12 09:32:36 -04:00
Daniel Nephin 7dae65cd56 ca: remove unused method
and small refactor to getCAProvider so that GoLand is less confused about what it is doing.
Previously it was reporting that the for condition was always true, which was not the case.
2021-07-12 09:32:35 -04:00
Daniel Nephin 1960c717af ca: remove raftApply from delegate interface
After moving ca.ConsulProviderStateDelegate into the interface we now
have the ApplyCARequest method which does the same thing. Use this more
specific method instead of raftApply.
2021-07-12 09:32:35 -04:00
Daniel Nephin 1f4cdde9cc ca: move generateCASignRequest to the delegate
This method on Server was only used by the caDelegateWithState, so move it there
until we can move it entirely into CAManager.
2021-07-12 09:32:35 -04:00
Daniel Nephin fc14f5ab14 ca: move provider creation into CAManager
This further decouples the CAManager from Server. It reduces the interface between them and
removes the need for the SetLogger method on providers.
2021-07-12 09:32:33 -04:00
Kenia a96e87aece
ui: Add socket icon for UDS (#10573) 2021-07-12 09:28:01 -04:00
Daniel Nephin b1877660d5 ca-manager: move provider shutdown into CAManager
Reducing the coupling between Server and CAManager
2021-07-12 09:27:28 -04:00
Evan Culver 8fce7083c1
tests: skip cases that depend on test server when -short flag set (#10576) 2021-07-09 16:42:30 -07:00
mrspanishviking 103a762fa9
Merge pull request #10586 from hashicorp/docs-consult-license
docs: changing license faq title to align with Nomad and Vault faq pages
2021-07-09 16:27:57 -07:00
Daniel Nephin be8c675942 config: remove misleading UseTLS field
This field was documented as enabling TLS for outgoing RPC, but that was not the case.
All this field did was set the use_tls serf tag.

Instead of setting this field in a place far from where it is used, move the logic to where
the serf tag is set, so that the code is much more obvious.
2021-07-09 19:01:45 -04:00
Daniel Nephin 70770db345 config: remove duplicate TLSConfig fields from agent/consul.Config
tlsutil.Config already presents an excellent structure for this
configuration. Copying the runtime config fields to agent/consul.Config
makes code harder to trace, and provides no advantage.

Instead of copying the fields around, use the tlsutil.Config struct
directly instead.

This is one small step in removing the many layers of duplicate
configuration.
2021-07-09 18:49:42 -04:00
Karl Cardenas d4eb089d4a docs: changing license faq title to align with Nomad and Vault faq pages 2021-07-09 10:20:51 -07:00
Daniel Nephin 895bf9adec config: update GRPCPort and addr in runtime config 2021-07-09 12:31:53 -04:00
Daniel Nephin 7d73fd7ae5 rename GRPC->XDS where appropriate 2021-07-09 12:17:45 -04:00
Evan Culver 13bd86527b
Add support for returning ACL secret IDs for accessors with acl:write (#10546) 2021-07-08 15:13:08 -07:00
Daniel Nephin d906ddb218 docs: group all agent tls settings together.
To make it easier to see all of the related settings in one place.

Also add some context about how these settings are applied.
2021-07-08 18:05:37 -04:00
Daniel Nephin 54fffe5266 docs: fix example of TLS config
To actually enable TLS
2021-07-08 17:51:12 -04:00
Daniel Nephin ec6da0859d
Merge pull request #10570 from hashicorp/copy-of-master
Changes that were accidentally merged into the old master branch
2021-07-08 16:28:56 -04:00
David Yu fc411b2313
docs: Update docs to reflect limitation in TProxy when using single Consul DC deployment with multiple k8s clusters (#10549)
* docs: Update to reflect single Consul DC deployment with multiple k8s clusters
2021-07-08 10:44:29 -07:00
R.B. Boyer c94b8c6a39
config: add agent config flag for enterprise clients to indicate they wish to join a particular partition (#10572) 2021-07-08 10:03:38 -05:00
Daniel Nephin 7f083f70ca
Merge pull request #10281 from hashicorp/docs-pairing
New structure for contributing docs
2021-07-07 14:42:36 -04:00
Daniel Nephin 27c85d8df2 contrib: add docs about the diagrams 2021-07-07 13:42:13 -04:00
Daniel Nephin c96991b35d Fix typo in overview diagram 2021-07-07 13:38:10 -04:00
Daniel Nephin da67bdcc31 contrib: add first draft of RPC docs 2021-07-07 13:38:10 -04:00
Dhia Ayachi 6390e91be5
Add ca certificate metrics (#10504)
* add intermediate ca metric routine

* add Gauge config for intermediate cert

* Stop metrics routine when stopping leader

* add changelog entry

* updage changelog

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* use variables instead of a map

* go imports sort

* Add metrics for primary and secondary ca

* start metrics routine in the right DC

* add telemetry documentation

* update docs

* extract expiry fetching in a func

* merge metrics for primary and secondary into signing ca metric

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-07-07 09:41:01 -04:00
hc-github-team-consul-core 97831bf3dc auto-updated agent/uiserver/bindata_assetfs.go from commit 6fbeea5de 2021-07-07 10:51:32 +00:00
John Cowen 6fbeea5def
ui: Don't default to the default namespace, use the token default namespace instead (#10503)
The default namespace, and the tokens default namespace (or its origin namespace) is slightly more complicated than other things we deal with in the UI, there's plenty of info/docs on this that I've added in this PR.

Previously:

When a namespace was not specified in the URL, we used to default to the default namespace. When you logged in using a token we automatically forward you the namespace URL that your token originates from, so you are then using the namespace for your token by default. You can of course then edit the URL to remove the namespace portion, or perhaps revisit the UI at the root path with you token already set. In these latter cases we would show you information from the default namespace. So if you had no namespace segment/portion in the URL, we would assume default, perform actions against the default namespace and highlight the default namespace in the namespace selector menu. If you wanted to perform actions in your tokens origin namespace you would have to manually select it from the namespace selector menu.

This PR:

Now, when you have no namespace segment/portion in the URL, we use the token's origin namespace instead (and if you don't have a token, we then use the default namespace like it was previously)

Notes/thoughts:

I originally thought we were showing an incorrectly selected namespace in the namespace selector, but it also matched up with what we were doing with the API, so it was in fact correct. The issue was more that we weren't selecting the origin namespace of the token for the user when a namespace segment was omitted from the URL. Seeing as we automatically forward you to the tokens origin namespace when you log in, and we were correctly showing the namespace we were acting on when you had no namespace segment in the URL (in the previous case default), I'm not entirely sure how much of an issue this actually was.

This characteristic of namespace+token+namespace is a little weird and its easy to miss a subtlety or two so I tried to add some documentation in here for future me/someone else (including some in depth code comment around one of the API endpoints where this is very subtle and very hard to miss). I'm not the greatest at words, so would be great to get some edits there if it doesn't seem clear to folks.

The fact that we used to save your previous datacenter and namespace into local storage for reasons also meant the interaction here was slightly more complicated than it needed to be, so whilst we were here we rejigged things slightly to satisfy said reasons still but not use local storage (we try and grab the info from higher up). A lot of the related code here is from before we had our Routlets which I think could probably make all of this a lot less complicated, but I didn't want to do a wholesale replacement in this PR, we can save that for a separate PR on its own at some point.
2021-07-07 11:46:41 +01:00
Jared Kirschner e517e744af
Merge pull request #10559 from jkirschner-hashicorp/fix-autopilot-config-post-default-values
Fix defaults for autopilot config update
2021-07-06 19:19:52 -04:00
hc-github-team-consul-core 00f4d94139 auto-updated agent/uiserver/bindata_assetfs.go from commit 2c4f22a9f 2021-07-06 22:54:28 +00:00
Daniel Nephin 2c4f22a9f0
Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period
ca: remove unused RotationPeriod field
2021-07-06 18:49:33 -04:00