* Upgrade xDS (go-control-plane) API to support Envoy 1.10.
This includes backwards compatibility shim to work around the ext_authz package rename in 1.10.
It also adds integration test support in CI for 1.10.0.
* Fix go vet complaints
* go mod vendor
* Update Envoy version info in docs
* Update website/source/docs/connect/proxies/envoy.md
The policy in the time-of-day Sentinel example incorrectly references
the top-level time.hour constant. This is actually the same as the
time.Hour Go value, so in other words, 3600000000000 (the int64 value
representing the time in nanoseconds).
This is corrected by just using time.now.hour instead.
Reference: https://github.com/hashicorp/consul/issues/4090
Examples covering a variety of potential use cases. Verified via `sockaddr eval` and `console agent -bind` on a test machine:
```console
# Baseline
$ sockaddr eval 'GetAllInterfaces'
[127.0.0.1/8 {1 65536 lo up|loopback} ::1 {1 65536 lo up|loopback} 10.0.0.10/8 {2 1500 eth0 b8:27:eb:7b:36:95 up|broadcast|multicast} fe80::12dc:5e4d:8ff8:2d96/64 {2 1500 eth0 b8:27:eb:7b:36:95 up|broadcast|multicast} 192.168.1.10/24 {3 1500 wlan0 b8:27:eb:2e:63:c0 up|broadcast|multicast} fe80::b6dc:5758:c306:b15b/64 {3 1500 wlan0 b8:27:eb:2e:63:c0 up|broadcast|multicast}]
# Using address within a specific CIDR
$ sockaddr eval 'GetPrivateInterfaces | include "network" "10.0.0.0/8" | attr "address"'
10.0.0.10
# Using a static network interface name
$ sockaddr eval 'GetInterfaceIP "eth0"'
10.0.0.10
# Using regular expression matching for network interface name that is forwardable and up
$ sockaddr eval 'GetAllInterfaces | include "name" "^eth" | include "flags" "forwardable|up" | attr "address"'
10.0.0.10
```
https://github.com/hashicorp/consul/issues/2121https://www.freedesktop.org/software/systemd/man/systemd.service.html
When set to notify, systemd will not attempt to start any dependent
services until after consul sends the notify signal. This is useful
in cases where there services that rely on the local consul agent
to be up and functional before they can start. The default is simple,
which will immediately mark the service as up and functioning even
if consul has not yet joined the cluster and has started listening
for connnections.
* Updating docs landing page since all the guides have moved
* fixing line wrap
* Giving the docs landing page content with CTAs
* Updated the language for the config and learn boxes
* fixing spacing
* WIP
* Document all the new Envoy L7 configs
* Apply suggestions from code review
Co-Authored-By: banks <banks@banksco.de>
* Rewrite dynamic config and add in TODO links
* Add some config entry docs
* Update website/source/docs/agent/config_entries.html.md
Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>
* Update website/source/docs/agent/config_entries.html.md
Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>
* Get rid of double negative
* Some incremental updates
* Update the config list docs to not point to service-default related things.
* A few more doc updates to get rid of some service-defaults specific linking info in the cli docs
* In progress update
* Update website/source/docs/agent/config_entries.html.md
Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>
* Reword bootstrap section
* Update example proxy-defaults config
* Finish up the examples section for managing config entries with the CLI
* Update website/source/docs/agent/config_entries.html.md
Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>
* Use $ for shell command start
* Make it very clear that the normal way to manage things is via the API/CLI
* Update website/source/docs/agent/options.html.md
Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>
* New guide listing common error messages and what to do about them
* Pasted in updates from StackPad edit
* Update website/source/docs/guides/common-errors.md
Co-Authored-By: tradel <todd@radel.us>
* Update website/source/docs/guides/common-errors.md
Co-Authored-By: tradel <todd@radel.us>
* Update website/source/docs/guides/common-errors.md
Co-Authored-By: tradel <todd@radel.us>
* add subheadings in config file errors, move doc out of guides
* modify guide index to point to learn
* adding to the redirects is a wip, updated the side navigation.
* add tracks to list
* Fixing redirects
* Update website/source/docs/guides/index.html.md
Co-Authored-By: judithpatudith <judith@hashicorp.com>
* Update website/source/docs/guides/index.html.md
Co-Authored-By: judithpatudith <judith@hashicorp.com>
* Update website/source/docs/guides/index.html.md
Co-Authored-By: judithpatudith <judith@hashicorp.com>
* Update website/source/docs/guides/index.html.md
Co-Authored-By: judithpatudith <judith@hashicorp.com>
* finish out track listings
* finishing redirects.
* change advanced language to production, add relationship of guides and docs
* Update website/source/redirects.txt
Co-Authored-By: judithpatudith <judith@hashicorp.com>
* Add api docs for the config entry endpoints
* Add enable_central_service_config field to agent docs
* Add docs for config entry CLI operations
* Fix wording and links in config entry docs
* Add links to the central service config option
* Update the central service config setting description.
Also update some snapshot agent docs
* Enforce correct permissions when registering a check
Previously we had attempted to enforce service:write for a check associated with a service instead of node:write on the agent but due to how we decoded the health check from the request it would never do it properly. This commit fixes that.
* Update website/source/docs/commands/snapshot/agent.html.markdown.erb
Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>
* starting broken link fixes
* Updating the other links for ACLs
* Updating the rest of the links
* fixing acl required links.
* update a bunch of other links
* updated a couple more broken links based on Alvins checker
* removed the extra s
Fixes: #4222
# Data Filtering
This PR will implement filtering for the following endpoints:
## Supported HTTP Endpoints
- `/agent/checks`
- `/agent/services`
- `/catalog/nodes`
- `/catalog/service/:service`
- `/catalog/connect/:service`
- `/catalog/node/:node`
- `/health/node/:node`
- `/health/checks/:service`
- `/health/service/:service`
- `/health/connect/:service`
- `/health/state/:state`
- `/internal/ui/nodes`
- `/internal/ui/services`
More can be added going forward and any endpoint which is used to list some data is a good candidate.
## Usage
When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of:
```
<selector> == <value>
<selector> != <value>
<value> in <selector>
<value> not in <selector>
<selector> contains <value>
<selector> not contains <value>
<selector> is empty
<selector> is not empty
not <other expression>
<expression 1> and <expression 2>
<expression 1> or <expression 2>
```
Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library
## Other changes
Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
* [docs] security warning about Helm chart
Correct security warning about helm chart to caution about default Consul install.
* clarify that k8s or consul should be secure