Commit Graph

15534 Commits

Author SHA1 Message Date
freddygv a83300bad8 Add changelog entry 2021-08-20 17:40:33 -06:00
freddygv af52d21884 Update prepared query cluster SAN validation
Previously SAN validation for prepared queries was broken because we
validated against the name, namespace, and datacenter for prepared
queries.

However, prepared queries can target:

- Services with a name that isn't their own
- Services in multiple datacenters

This means that the SpiffeID to validate needs to be based on the
prepared query endpoints, and not the prepared query's upstream
definition.

This commit updates prepared query clusters to account for that.
2021-08-20 17:40:33 -06:00
freddygv 85878685b7 Fixup proxy config test fixtures
- The TestNodeService helper created services with the fixed name "web",
and now that name is overridable.

- The discovery chain snapshot didn't have prepared query endpoints so
the endpoints tests were missing data for prepared queries
2021-08-20 17:38:57 -06:00
trujillo-adam cc42b49e4f testing markdown table format for ref docs 2021-08-20 13:41:03 -07:00
Daniel Nephin a1fbd2d007 docs: move the remaining content from INTERNALS.md
Into the appropriate section of the docs.
2021-08-20 16:39:35 -04:00
Daniel Nephin bb69b699b3 docs: add important top level directories to the README 2021-08-20 16:22:55 -04:00
R.B. Boyer fb27c1b24f
agent: add partition labels to catalog API metrics where appropriate (#10890) 2021-08-20 15:09:39 -05:00
R.B. Boyer d66a43f5f2
fixing various bits of enterprise meta plumbing to be more correct (#10889) 2021-08-20 14:34:23 -05:00
Dhia Ayachi 1950ebbe1f
oss portion of ent #1069 (#10883) 2021-08-20 12:57:45 -04:00
Zachary Shilton c42ea82883
Upgrade global styles (#10692)
* website: upgrade global-styles packages

* website: move community page to CSS modules

* website: replace g-container with g-grid-container

* website: hide alert-banner on mobile

* website: backfill missing global type styles

* website: fix code font-size in download custom content

* website: bump to latest patched dependencies
2021-08-20 12:20:01 -04:00
R.B. Boyer ac41e30614
state: partition the nodes.uuid and nodes.meta indexes as well (#10882) 2021-08-19 16:17:59 -05:00
R.B. Boyer 097e1645e3
agent: ensure that most agent behavior correctly respects partition configuration (#10880) 2021-08-19 15:09:42 -05:00
Blake Covarrubias e62b1d05d8
docs: Add common CA config options to provider doc pages (#10842)
Add the list of common Connect CA configuration options to the
provider-specific CA docs.

Previously these options were only documented under the agent
configuration options. This change makes it so that all supported CA
provider configuration options are available from a single location.

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-08-19 11:18:55 -07:00
Mike Wickett 39b3c3e2bd
chore: update alert banner (#10816) 2021-08-18 16:39:16 -04:00
Daniel Nephin a2c4069de2
Merge pull request #10806 from hashicorp/dnephin/debug-filenames-2
debug: use human readable dates for filenames and improve the tests
2021-08-18 15:16:34 -04:00
Daniel Nephin 271352dbb7
Merge pull request #10849 from hashicorp/dnephin/contrib-doc-xds-auth
xds: document how authorization works
2021-08-18 13:25:16 -04:00
Daniel Nephin a98b5bc31c
Merge pull request #10804 from hashicorp/dnephin/debug-filenames
debug: rename cluster.json -> members.json  and fix handling of Interrupt Signal
2021-08-18 13:18:29 -04:00
Daniel Nephin 797ee061e4 debug: use human readable dates for filenames
The unix timestamps that were used make the debug data a little bit more
difficult to consume. By using human readable dates we can easily see
when the profile data was collected.

This commit also improves the test coverage. Two test cases are removed
and the assertions from those cases are moved to TestDebugCommand.

Now TestDebugCommand is able to validate the contents of all files. This
change reduces the test runtime of the command/debug package by almost
50%. It also makes much more strict assertions about the contents by
using gotest.tools/v3/fs.
2021-08-18 13:06:57 -04:00
Daniel Nephin 049c4e9623 add changelog 2021-08-18 12:54:11 -04:00
Daniel Nephin 2f8d0e12cf debug: small cleanup
Use the new WriteJsonFile function to write index.json
Remove .String() from time.local() since that is done by %s
Remove an unused field.
2021-08-18 12:30:59 -04:00
Daniel Nephin 26ef0df458 docs: update CLI reference docs for debug
the cluster target was renamed to members.
2021-08-18 12:29:34 -04:00
Daniel Nephin 4359e38114 debug: restore cancel on SigInt
Some previous changes broke interrupting the debug on SigInterupt. This change restores
the original behaviour by passing a context to requests.

Since a new API client function was required to pass the context, I had
it also return an io.ReadCloser, so that output can be streamed to files
instead of fully buffering in process memory.
2021-08-18 12:29:34 -04:00
Daniel Nephin 31bcd80528 debug: improve a couple of the test cases
Use gotest.tools/v3/fs to make better assertions about the files

Remove the TestAgent from TestDebugCommand_Prepare_ValidateTiming, since we can test that validation
without making any API calls.
2021-08-18 12:29:34 -04:00
Daniel Nephin bbf6a94c9a debug: rename cluster target to members
The API is called members. Using the same name as the API should help describe the contents
of the file.
2021-08-18 12:29:34 -04:00
Daniel Nephin 251026e374 debug: remove unused 2021-08-18 12:29:33 -04:00
Daniel Nephin ed9a1d3ff2
Merge pull request #10869 from roopakv/roopak/xsys
Update x/sys to support go 1.17
2021-08-18 11:01:42 -04:00
R.B. Boyer e44bce3c4f
state: partition the usage metrics subsystem (#10867) 2021-08-18 09:27:15 -05:00
Roopak Venkatakrishnan e43cf46267 Update x/sys to support go 1.17 2021-08-18 03:00:22 +00:00
sridhar cf66becabe
Update website/content/docs/k8s/connect/ingress-gateways.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-08-17 16:32:35 -07:00
Daniel Nephin 8252a2691c xds: document how authorization works 2021-08-17 19:26:34 -04:00
R.B. Boyer 613dd7d053
state: adjust streaming event generation to account for partitioned nodes (#10860)
Also re-enabled some tests that had to be disabled in the prior PR.
2021-08-17 16:49:26 -05:00
R.B. Boyer 310e775a8a
state: partition nodes and coordinates in the state store (#10859)
Additionally:

- partitioned the catalog indexes appropriately for partitioning
- removed a stray reference to a non-existent index named "node.checks"
2021-08-17 13:29:39 -05:00
Daniel Nephin 540f88d622
Merge pull request #10814 from hashicorp/dnephin/acl-resolver-4
acl: remove ACLDisabledTTL
2021-08-17 14:19:00 -04:00
Daniel Nephin 03b2be4df6
Merge pull request #10808 from hashicorp/dnephin/acl-resolver-3
acl: isolate the config used by ACLResolver
2021-08-17 14:18:46 -04:00
Daniel Nephin 00a592bb72 proto: mark the DisabledTTL field as deprecated
Using both the name and the field option.
2021-08-17 13:34:18 -04:00
Daniel Nephin 01bf115c2b acl: small improvements to ACLResolver disable due to RPC error
Remove the error return, so that not handling is not reported as an
error by errcheck. It was returning the error passed as an arg
unmodified so there is no reason to return the same value that was
passed in.

Remove the term upstreams to remove any confusion with the term used in
service mesh.

Remove the AutoDisable field, and replace it with the TTL value, using 0
to indicate the setting is turned off.

Replace "not Before" with "After".

Add some test coverage to show the behaviour is still correct.
2021-08-17 13:34:18 -04:00
Daniel Nephin d5498770fa acl: make ACLDisabledTTL a constant
This field was never user-configurable. We always overwrote the value with 120s from
NonUserSource. However, we also never copied the value from RuntimeConfig to consul.Config,
So the value in NonUserSource was always ignored, and we used the default value of 30s
set by consul.DefaultConfig.

All of this code is an unnecessary distraction because a user can not actually configure
this value.

This commit removes the fields and uses a constant value instad. Someone attempting to set
acl.disabled_ttl in their config will now get an error about an unknown field, but previously
the value was completely ignored, so the new behaviour seems more correct.

We have to keep this field in the AutoConfig response for backwards compatibility, but the value
will be ignored by the client, so it doesn't really matter what value we set.
2021-08-17 13:34:18 -04:00
Daniel Nephin abd2e160f9 Fix test failures
Tests only specified one of the fields, but in production we copy the
value from a single place, so we can do the same in tests.

The AutoConfig test broke because of the problem noticed in a previous
commit. The DisabledTTL is not wired up properly so it reports 0s here.
Changed the test to use an explicit value.
2021-08-17 13:32:52 -04:00
Daniel Nephin 17841248dd config: remove ACLResolver settings from RuntimeConfig 2021-08-17 13:32:52 -04:00
Daniel Nephin 31e034215f acl: remove ACLResolver config fields from consul.Config 2021-08-17 13:32:52 -04:00
Daniel Nephin d4701903f6 acl: replace ACLResolver.Config with its own struct
This is step toward decoupling ACLResolver from the agent/consul
package.
2021-08-17 13:32:52 -04:00
Daniel Nephin fdfc4e0698
Merge pull request #10661 from hashicorp/dnephin/remove-legacy-acls-1
http: disable legacy ACL API endpoints
2021-08-17 13:32:22 -04:00
Daniel Nephin c2b24adb5f acl: remove ACLRulesTranslateLegacyToken API endpoint 2021-08-17 13:10:02 -04:00
Daniel Nephin b7bced9bcf acl: remove legacy bootstrap
Return an explicit error from the RPC, and remove the flag from the HTTP API.
2021-08-17 13:10:00 -04:00
Daniel Nephin 70c2cdc8f1 cli: remove a test case for updating a legacy token
Legacy tokens are no longer accepted, so we don't need to test their upgrade path.
2021-08-17 13:09:30 -04:00
Daniel Nephin de3439b2cc api: remove client library tests for old API endpoints
These methods are being kept around in the api module for now to allow the api module
to work with older versions of the HTTP API, but we are no longer able to test them.

Since the endpoints are removed there is no way for them to change, so there does not
appear to be a need to keep running the tests.
2021-08-17 13:09:30 -04:00
Daniel Nephin 858071d55a agent: update some tests that were using legacy ACL endpoints
The tests were updated to use the new ACL endpoints now that the legacy ones have been removed.
2021-08-17 13:09:30 -04:00
Daniel Nephin 7ecd2e5466 http: update legacy ACL endpoints to return an error
Also move a test for the ACLReplicationStatus endpoint into the correct file.
2021-08-17 13:09:29 -04:00
Daniel Nephin 9671dd6b97 acl: add some notes about removing legacy ACL system 2021-08-17 13:08:29 -04:00
Daniel Nephin 887d11923b
Merge pull request #10792 from hashicorp/dnephin/rename-authz-vars
acl: use authz consistently as the variable name for an acl.Authorizer
2021-08-17 13:07:17 -04:00