21271 Commits

Author SHA1 Message Date
Manu Nicolas
3dc27518d2
Documentation: update python SDKs list (#20935)
Update python SDKs

The original python-consul is unmaintained with no activity for 6 years.
The python-consul2 fork has had no activity for 3 years, whether it's commits or responding to PRs and issues.
2024-04-02 04:07:25 +00:00
John Murret
a6d9ad5225
remove self-referencing link on network segments page (#20937) 2024-04-01 08:59:32 -06:00
George Ma
44facc2ea3
chore: remove repetitive words (#20890)
Signed-off-by: availhang <mayangang@outlook.com>
2024-03-28 16:31:55 -07:00
John Murret
39112c7a98
GH-20889 - put conditionals are hcp initialization for consul server (#20926)
* put conditionals are hcp initialization for consul server

* put more things behind configuration flags

* add changelog

* TestServer_hcpManager

* fix TestAgent_scadaProvider
2024-03-28 14:47:11 -06:00
David Yu
2a2e773908
Update Dockerfile: Base image for dev bump (#20919)
Update Dockerfile
2024-03-27 18:40:11 -07:00
David Yu
4259b7b33c
Update Dockerfile: bump alpine (#20897)
* Update Dockerfile: bump alpine

* Create 20897

* Rename 20897 to 20897.txt
2024-03-27 14:43:14 -07:00
wangxinyi7
6212e7ecc1
update changelog for 1.18.1 (#20912)
* update changelog for 1.18.1

* update changelog
2024-03-27 13:10:05 -07:00
Michael Zalimeni
cc959dcdf4
security: triage false positive for go-jose/v3 (#20901)
Per https://osv.dev/vulnerability/GO-2024-2631 this vulnerability is not
present in the version currently used (go-jose/v3@3.0.3).
2024-03-26 21:27:50 +00:00
Melisa Griffin
d7f25631ce
Adds docs to upgrade-specific page to include the removal of the depr… (#20844)
* Adds docs to upgrade-specific page to include the removal of the deprecated API Gateway stanza for 1.19

* Apply suggestions from code review

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

* Remove legacy api-gateway from helm docs

* change .Values.apiGateway to .apiGateway

---------

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2024-03-26 11:49:55 -04:00
John Murret
20210a8d86
fix broken link on sameness groups page (#20894) 2024-03-25 17:22:20 -06:00
Dan Stough
6026ada0c9
[CE] feat(v2dns): enable v2 dns as default (#20715)
* feat(v2dns): enable v2 dns as default

* changelog
2024-03-25 16:09:01 -04:00
Iryna Shustava
d747b51dab
Handle ACL errors consistently when blocking query timeout is reached. (#20876)
Currently, when a client starts a blocking query and an ACL token expires within
that time, Consul will return ACL not found error with a 403 status code. However,
sometimes if an ACL token is invalidated at the same time as the query's deadline is reached,
Consul will instead return an empty response with a 200 status code.

This is because of the events being executed.
1. Client issues a blocking query request with timeout `t`.
2. ACL is deleted.
3. Server detects a change in ACLs and force closes the gRPC stream.
4. Client resubscribes with the same token and resets its state (view).
5. Client sees "ACL not found" error.

If ACL is deleted before step 4, the client is unaware that the stream was closed due to
an ACL error and will return an empty view (from the reset state) with the 200 status code.

To fix this problem, we introduce another state to the subsciption to indicate when a change
to ACLs has occured. If the server sees that there was an error due to ACL change, it will
re-authenticate the request and return an error if the token is no longer valid.

Fixes #20790
2024-03-22 14:59:54 -06:00
Chris S. Kim
12fd9db45d
Add docs for default_intention_policy (#20886) 2024-03-22 15:33:17 -04:00
Chris S. Kim
f3f2175edd
Update go-jose library (#20888) 2024-03-22 10:54:58 -04:00
Nathan Coleman
fea6926de3
Fix typo in example yaml for MeshService (#20879) 2024-03-19 13:04:53 -04:00
Jared Kirschner
e2b966c896
docs: clarify LTS language (#20875)
* docs: clarify LTS language
2024-03-18 23:06:39 +00:00
Derek Menteer
ac83ac1343
Fix streaming RPCs for agentless. (#20868)
* Fix streaming RPCs for agentless.

This PR fixes an issue where cross-dc RPCs were unable to utilize
the streaming backend due to having the node name set. The result
of this was the agent-cache being utilized, which would cause high
cpu utilization and memory consumption due to the fact that it
keeps queries alive for 72 hours before purging inactive entries.

This resource consumption is compounded by the fact that each pod
in consul-k8s gets a unique token. Since the agent-cache uses the
token as a component of the key, the same query is duplicated for
each pod that is deployed.

* Add changelog.
2024-03-15 14:44:51 -05:00
Derek Menteer
0ac8ae6c3b
Fix xDS deadlock due to syncLoop termination. (#20867)
* Fix xDS deadlock due to syncLoop termination.

This fixes an issue where agentless xDS streams can deadlock permanently until
a server is restarted. When this issue occurs, no new proxies are able to
successfully connect to the server.

Effectively, the trigger for this deadlock stems from the following return
statement:
https://github.com/hashicorp/consul/blob/v1.18.0/agent/proxycfg-sources/catalog/config_source.go#L199-L202

When this happens, the entire `syncLoop()` terminates and stops consuming from
the following channel:
https://github.com/hashicorp/consul/blob/v1.18.0/agent/proxycfg-sources/catalog/config_source.go#L182-L192

Which results in the `ConfigSource.cleanup()` function never receiving a
response and holding a mutex indefinitely:
https://github.com/hashicorp/consul/blob/v1.18.0/agent/proxycfg-sources/catalog/config_source.go#L241-L247

Because this mutex is shared, it effectively deadlocks the server's ability to
process new xDS streams.

----

The fix to this issue involves removing the `chan chan struct{}` used like an
RPC-over-channels pattern and replacing it with two distinct channels:

+ `stopSyncLoopCh` - indicates that the `syncLoop()` should terminate soon.  +
`syncLoopDoneCh` - indicates that the `syncLoop()` has terminated.

Splitting these two concepts out and deferring a `close(syncLoopDoneCh)` in the
`syncLoop()` function ensures that the deadlock above should no longer occur.

We also now evict xDS connections of all proxies for the corresponding
`syncLoop()` whenever it encounters an irrecoverable error. This is done by
hoisting the new `syncLoopDoneCh` upwards so that it's visible to the xDS delta
processing. Prior to this fix, the behavior was to simply orphan them so they
would never receive catalog-registration or service-defaults updates.

* Add changelog.
2024-03-15 13:57:11 -05:00
Derek Menteer
eabff257d7
Various bug-fixes and improvements (#20866)
* Shuffle the list of servers returned by `pbserverdiscovery.WatchServers`.

This randomizes the list of servers to help reduce the chance of clients
all connecting to the same server simultaneously. Consul-dataplane is one
such client that does not randomize its own list of servers.

* Fix potential goroutine leak in xDS recv loop.

This commit ensures that the goroutine which receives xDS messages from
proxies will not block forever if the stream's context is cancelled but
the `processDelta()` function never consumes the message (due to being
terminated).

* Add changelog.
2024-03-15 13:10:48 -05:00
Austin Workman
94c0d783b8
K8s v1 Multiport documentation indentation updates (#20858)
Fixing indentation in service account token secrets and addingn clarity about how they are used.

Co-authored-by: David Yu <dyu@hashicorp.com>
2024-03-14 22:11:47 +00:00
David Yu
2d053c3ac6
docs: Update release notes for 1.17.x for legacy api gateway removal (#20857)
* Update v1_17_x.mdx

* Update v1_3_x.mdx

* Update website/content/docs/release-notes/consul-k8s/v1_3_x.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-03-14 14:51:15 -07:00
Matt Keeler
8fcafb139c
Add consul snapshot decode command (#20824)
Add snapshot decoding command
2024-03-14 12:59:06 -04:00
Deniz Onur Duzgun
e9029ccd7a
[NET-8368] security: bump Go version to 1.21.8 (#20812)
* [NET-8368] Bump Go version
2024-03-14 09:46:15 -04:00
Chris Hut
bfbc0ee4fd
Revert link existing but better 🪦 (#20830)
* Revert "feat: add alert to link to hcp modal to ask a user refresh a page; up… (#20682)"

This reverts commit dd833d9a3649402e23ced070121e0d0c131f610e.

* Revert "chor: change cluster name param to have datacenter.name as default value (#20644)"

This reverts commit 8425cd0f9017f640cce711dc32e0fa0d136899d8.

* Revert "chor: adds informative error message when acls disabled and read-only… (#20600)"

This reverts commit 9d712ccfc7a67193423f1a102ac2b9d3c6dc3733.

* Revert "Cc 7147 link to hcp modal (#20474)"

This reverts commit 8c05e57ac1fdc27ea74040e2dfc35192ac6d067b.

* Revert "Add nav bar item to show HCP link status and encourage folks to link (#20370)"

This reverts commit 22e6ce0df10091bc66ee7fbf8e5d1c0f158ab5a9.

* Revert "Cc 7145 hcp link status api (#20330)"

This reverts commit 049ca102c41fbf646b07e34f5f69f652de9fbc6c.

* Revert "💜 Cc 7187/purple banner for linking existing clusters (#20275)"

This reverts commit 5119667cd16c527af111c339594a08354b7a5cb0.
2024-03-13 13:59:00 -07:00
Nathan Coleman
cff9161bb5
Add API gateway to index of configuration entries (#20849) 2024-03-13 16:57:12 -04:00
Semir Patel
217e5e1d78
snapshot agent: docs to deprecate top-level snapshot destinations (#20848) 2024-03-13 15:37:27 -05:00
Semir Patel
223714bdea
docs: document support for multiple snapshot destinations (#20829) 2024-03-12 16:37:01 -05:00
Nathan Coleman
eccb144bbf
Fix typo in ingress-gateway docs (#20835) 2024-03-12 21:08:33 +00:00
sarahalsmiller
262f435800
NET-6821 Disable Terminating Gateway Auto Host Header Rewrite (#20802)
* disable terminating gateway auto host rewrite

* add changelog

* clean up unneeded additional snapshot fields

* add new field to docs

* squash

* fix test
2024-03-12 15:37:20 -05:00
David Yu
08bfca0193
docs: K8s docs cleanup (#20820)
* Update install.mdx
* Update install-k8s.mdx
2024-03-11 10:56:37 -07:00
David Yu
df4c288ba8
docs: Update GKE Autopliot docs (#20813)
Update install.mdx
2024-03-07 15:40:56 -08:00
Michael Zalimeni
d4761c0ccd
security: upgrade google.golang.org/protobuf to 1.33.0 (#20801)
Resolves CVE-2024-24786.
2024-03-06 23:04:42 +00:00
Michael Zalimeni
90117613e8
docs: update 1.4.0 Helm docs with Docs team feedback (#20798) 2024-03-06 09:09:28 -05:00
mallikabandaru
1522678da8
replicated the changes made in ent repo for consistency (#20781)
* replicated the changes made in ent repo for consistency

* incorporated review comments
2024-03-06 09:29:54 +00:00
Matt Keeler
abe14f11e6
Remove redundant usage metrics (#20674)
* Remove redundant usage metrics

* Add the changelog

* Update website/content/docs/upgrading/upgrade-specific.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-specific.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-specific.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-specific.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/upgrading/upgrade-specific.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-03-05 14:09:47 -05:00
aahel
4e7982a5b7
fix lambda registrator module doc link (#20796) 2024-03-05 22:53:50 +05:30
skpratt
0610aaaaf0
add raw delete api method (#20737)
* add raw delete

* allow 200 response for successful delete

* add comment
2024-03-05 08:52:55 -06:00
John Maguire
96b3e2276f
Update mog version to be compatible with go 1.22 (#20692) 2024-03-04 18:24:22 +00:00
David Yu
f461f49ea5
docs: Update OpenShift compat matrix (#20788)
Update compatibility.mdx
2024-03-01 22:09:41 +00:00
Nathan Coleman
c097b11fff
Fix typos in route retry filter docs for APIGW (#20761)
* Fix typose in route retry filter docs for APIGW

* Update website/content/docs/connect/gateways/api-gateway/configuration/routetimeoutfilter.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-03-01 21:07:50 +00:00
David Yu
c16da726d2
docs: clean up docs on release notes (#20777)
* Update v1_3_x.mdx

* Update v1_2_x.mdx
2024-03-01 19:52:49 +00:00
Matt Keeler
5c936fba33
Enable callers to control whether per-tenant usage metrics are included in calls to store.ServiceUsage (#20672)
* Enable callers to control whether per-tenant usage metrics are included in calls to store.ServiceUsage

* Add changelog
2024-03-01 13:44:55 -05:00
John Murret
a1c6181677
DNS v2 - split up router into multiple responsibilities & break up router tests into multiple files. (#20688)
* Update agent/dns.go

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* PR feedback

* split tests out into multiple files.

* Extract responsibilities from router into discoveryResultsFetcher, messageSerializer, responseGenerator.

* adding recordmaker tests

* add response generator test coverage.

* changing tests case name based on PR feedback

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2024-03-01 15:36:37 +00:00
John Murret
a15a957a36
NET-8056 - v2 DNS Testing Improvements (#20710)
* NET-8056 - v2 DNS Testing Improvements

* adding TestDNSServer_Lifecycle

* add license headers to new files.
2024-03-01 05:42:42 -07:00
John Landa
1857f73669
Johnlanda/fault injection docs (#20713)
* fault injection docs

* Add link to the fault injection docs from nav

* Fix formatting

* Update enterprise docs

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/enterprise/index.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/enterprise/index.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update website/content/docs/connect/manage-traffic/fault-injection.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Update docs-nav-data.json

add fault injection to nav

* Update docs-nav-data.json

* Update docs-nav-data.json

* Update docs-nav-data.json

* Update v1_18_x.mdx

* Update v1_4_x.mdx

* Update v1_4_x.mdx

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-02-29 17:40:19 -08:00
David Yu
984ccec934
docs: 1.18.x cleanup (#20759)
* Update compatibility.mdx
* Update configure.mdx
2024-03-01 01:01:02 +00:00
Jeff Boruszak
9979ab815b
docs: Fix version typo in consul-k8s v1.3.x release notes (#20767)
* version fix

* Bash fix
2024-02-29 16:30:37 -08:00
Michael Zalimeni
0668ace1a7
docs: update Helm docs for consul-k8s 1.4.0 (#20770) 2024-02-29 14:42:02 -08:00
Jeff Boruszak
20920ffb88
docs: consul-k8s v1.4.0 release notes (#20766)
* Release notes

* Update website/content/docs/release-notes/consul-k8s/v1_4_x.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2024-02-29 14:09:43 -08:00
Chris S. Kim
0571382c4a
Retract api@v1.28.0 (#20762) 2024-02-29 16:56:00 +00:00