0c94095dfd
acl: fix bug in 'consul members' filtering with partitions ( #11263 )
2021-10-13 09:18:16 -05:00
a350a383d3
add service resolver subset filter validation
2021-10-13 02:56:04 +05:30
257d00c908
Merge pull request #11222 from hashicorp/clly/service-mesh-metrics
...
Start tracking connect service mesh usage metrics
2021-10-11 14:35:03 -05:00
786d2896ff
Replace fmt.Sprintf with function
2021-10-11 12:43:38 -05:00
a0bba9171d
fix consul_autopilot_healthy metric emission ( #11231 )
...
https://github.com/hashicorp/consul/issues/10730
2021-10-08 10:31:50 -07:00
a5cf4a9b57
Rename ConfigUsageEnterprise to EnterpriseConfigEntryUsage
2021-10-08 10:53:34 -05:00
8c519d5458
Rename and prefix ConfigEntry in Usage table
...
Rename ConfigUsage functions to ConfigEntry
prefix ConfigEntry kinds with the ConfigEntry table name to prevent
potential conflicts
2021-10-07 16:19:55 -05:00
533e7dbe85
Add connect specific prefix to Usage table
...
Ensure that connect Kind's are separate from ConfigEntry Kind's to
prevent miscounting
2021-10-07 16:16:23 -05:00
b4e3367e63
docs: add notice that legacy ACLs have been removed.
...
Add changelog
Also remove a metric that is no longer emitted that was missed in a
previous step.
2021-10-05 18:30:22 -04:00
18b3ac33e8
acl: remove unused translate rules endpoint
...
The CLI command does not use this endpoint, so we can remove it. It was missed in an
earlier pass.
2021-10-05 18:26:05 -04:00
024715eb11
Add changelog, website and metric docs
...
Add changelog to document what changed.
Add entry to telemetry section of the website to document what changed
Add docs to the usagemetric endpoint to help document the metrics in code
2021-10-05 13:34:24 -05:00
8eb5915f7d
Fixing SOA record to use alt domain when alt domain in use ( #10431 )
2021-10-05 10:47:27 -04:00
ab587f5221
Merge pull request #11182 from hashicorp/dnephin/acl-legacy-remove-upgrade
...
acl: remove upgrade from legacy, start in non-legacy mode
2021-10-04 17:25:39 -04:00
e808620463
Merge pull request #11118 from hashicorp/eculver/remove-envoy-1.15
...
Remove support for Envoy 1.15
2021-10-04 23:14:24 +02:00
c7747212c3
Merge pull request #11115 from hashicorp/eculver/envoy-1.19.1
...
Add support for Envoy 1.19.1
2021-10-04 23:13:26 +02:00
c7f74deb17
acl: remove updateEnterpriseSerfTags
...
The only remaining caller is a test helper, and the tests don't use the enterprise gossip
pools.
2021-10-04 17:01:51 -04:00
9b1d2685bf
Merge pull request #11126 from hashicorp/dnephin/acl-legacy-remove-resolve-and-get-policy
...
acl: remove ACL.GetPolicy RPC endpoint and ACLResolver.resolveTokenLegacy
2021-10-04 16:29:51 -04:00
c2583a1b7f
Add metrics to count the number of service-mesh config entries
2021-10-04 14:50:17 -05:00
536838b004
Add metrics to count connect native service mesh instances
...
This will add the counts of the service mesh instances tagged by
whether or not it is connect native
2021-10-04 14:37:05 -05:00
46bf882620
Add metrics to count service mesh Kind instance counts
...
This will add the counts of service mesh instances tagged by the
different ServiceKind's.
2021-10-04 14:36:59 -05:00
a1e3fa818c
acl: fix test failures caused by remocving legacy ACLs
...
This commit two test failures:
1. Remove check for "in legacy ACL mode", the actual upgrade will be removed in a following commit.
2. Remove the early WaitForLeader in dc2, because with it the test was
failing with ACL not found.
2021-10-01 18:03:10 -04:00
db397d62c5
Add 1.15 versions to too old list
2021-10-01 11:28:26 -07:00
1c9b58a8af
agent: Reject partitions in legacy intention endpoints ( #11181 )
2021-10-01 13:18:57 -04:00
53a35181e5
Support partitions in parseIntentionStringComponent ( #11202 )
2021-10-01 12:36:12 -04:00
a5b09493ab
fix token list by auth method ( #11196 )
...
* add tests to OIDC authmethod and fix entMeta when retrieving auth-methods
* fix oss compilation error
2021-10-01 12:00:43 -04:00
e41830af8a
Merge branch 'eculver/envoy-1.19.1' into eculver/remove-envoy-1.15
2021-09-30 11:32:28 -07:00
fdbb742ffd
regenerate more envoy golden files
2021-09-30 10:57:47 -07:00
4faf805716
acl: call stop for the upgrade goroutine when done
...
TestAgentLeaks_Server was reporting a goroutine leak without this. Not sure if it would actually
be a leak in production or if this is due to the test setup, but seems easy enough to call it
this way until we remove legacyACLTokenUpgrade.
2021-09-29 17:36:43 -04:00
02da08ce77
acl: only run startACLUpgrade once
...
Since legacy ACL tokens can no longer be created we only need to run this upgrade a single
time when leadership is estalbished.
2021-09-29 16:22:01 -04:00
3ac910606c
acl: remove reading of serf acl tags
...
We no long need to read the acl serf tag, because servers are always either ACL enabled or
ACL disabled.
We continue to write the tag so that during an upgarde older servers will see the tag.
2021-09-29 15:45:11 -04:00
3d7c07e1e4
acl: fix test failure
...
For some reason removing legacy ACL upgrade requires using an ACL token now
for this WaitForLeader.
2021-09-29 15:21:30 -04:00
5c721832dc
acl: remove legacy ACL upgrades from Server
...
As part of removing the legacy ACL system
2021-09-29 15:19:23 -04:00
94be1835b2
acl: fix test failures caused by remocving legacy ACLs
...
This commit two test failures:
1. Remove check for "in legacy ACL mode", the actual upgrade will be removed in a following commit.
2. Use the root token in WaitForLeader, because without it the test was
failing with ACL not found.
2021-09-29 15:15:50 -04:00
8e9773e20b
acl: remove ACL.GetPolicy endpoint and resolve legacy acls
...
And all code that was no longer used once those two were removed.
2021-09-29 14:33:19 -04:00
d12dd48c61
acl: remove ACL upgrading from Clients
...
As part of removing the legacy ACL system ACL upgrading and the flag for
legacy ACLs is removed from Clients.
This commit also removes the 'acls' serf tag from client nodes. The tag is only ever read
from server nodes.
This commit also introduces a constant for the acl serf tag, to make it easier to track where
it is used.
2021-09-29 14:02:38 -04:00
19040586ce
Merge pull request #11136 from hashicorp/dnephin/acl-resolver-fix-default-authz
...
acl: fix default Authorizer for down_policy extend-cache/async-cache
2021-09-29 13:45:12 -04:00
a53fdd68c8
Merge pull request #11110 from hashicorp/dnephin/acl-legacy-remove-initialize
...
acl: remove initializeLegacyACL and the rest of the legacy FSM commands
2021-09-29 13:44:30 -04:00
8f754aba14
Merge pull request #10999 from hashicorp/dnephin/revert-config-xds-port
...
Revert config xds_port
2021-09-29 13:39:15 -04:00
cc310224aa
command/envoy: stop using the DebugConfig from Self endpoint
...
The DebugConfig in the self endpoint can change at any time. It's not a stable API.
This commit adds the XDSPort to a stable part of the XDS api, and changes the envoy command to read
this new field.
It includes support for the old API as well, in case a newer CLI is used with an older API, and
adds a test for both cases.
2021-09-29 13:21:28 -04:00
6e1ebd3df7
acl: remove the last of the legacy FSM
...
Replace it with an implementation that returns an error, and rename some symbols
to use a Deprecated suffix to make it clear.
Also remove the ACLRequest struct, which is no longer referenced.
2021-09-29 12:42:23 -04:00
ed928511ca
acl: remove bootstrap-init FSM operation
2021-09-29 12:42:23 -04:00
dab5d1bdc8
acl: remove initializeLegacyACL from leader init
2021-09-29 12:42:23 -04:00
05f0cc3993
acl: remove ACLDelete FSM command, and state store function
...
These are no longer used now that ACL.Apply has been removed.
2021-09-29 12:42:23 -04:00
966e50e00e
acl: remove legacy field to ACLBoostrap
2021-09-29 12:42:23 -04:00
1502547e38
Revert "Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc"
...
This reverts commit 74fb650b6b58bd817336
2021-09-29 12:28:41 -04:00
0330966315
Merge pull request #11101 from hashicorp/dnephin/acl-legacy-remove-rpc-2
...
acl: remove legacy ACL.Apply RPC
2021-09-29 12:23:55 -04:00
ea4a8343cd
Merge pull request #11177 from hashicorp/dnephin/remove-entmeta-methods
...
structs: remove EnterpriseMeta helper methods
2021-09-29 12:08:07 -04:00
4c579a49ed
Merge pull request #10986 from hashicorp/dnephin/acl-legacy-remove-rpc
...
acl: remove legacy ACL RPC - part 1
2021-09-29 12:04:09 -04:00
eb632c53a2
structs: rename the last helper method.
...
This one gets used a bunch, but we can rename it to make the behaviour more obvious.
2021-09-29 11:48:38 -04:00
8d8c1f9d5e
structs: remove another helper
...
We already have a helper funtion.
2021-09-29 11:48:03 -04:00
6d72517682
structs: remove two methods that were only used once each.
...
These methods only called a single function. Wrappers like this end up making code harder to read
because it adds extra ways of doing things.
We already have many helper functions for constructing these types, we don't need additional methods.
2021-09-29 11:47:03 -04:00
8d1378cc1d
Merge pull request #10988 from hashicorp/dnephin/acl-legacy-remove-config
...
acl: isolate deprecated config and warn when they are used
2021-09-29 11:40:14 -04:00
6b33e3bfd7
Merge pull request #9456 from hashicorp/dnephin/config-deprecation
...
config: Use DeprecatedConfig struct for deprecated config fields
2021-09-29 11:37:40 -04:00
60170dfbe7
Merge remote-tracking branch 'origin/eculver/remove-envoy-1.15' into eculver/remove-envoy-1.15
2021-09-28 16:06:36 -07:00
4f1a8d4ea6
Fix typo
...
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-09-29 01:05:45 +02:00
03e44da9f7
Merge branch 'eculver/envoy-1.19.1' into eculver/remove-envoy-1.15
2021-09-28 15:59:43 -07:00
9b73e7319d
Merge branch 'main' into eculver/envoy-1.19.1
2021-09-28 15:58:20 -07:00
5c37819d09
Cleanup unnecessary normalizing method ( #11169 )
2021-09-28 15:31:12 -04:00
bf2a3f6e79
Merge pull request #11084 from krastin/krastin-autopilot-loggingtypo
...
Fix a tiny typo in logging in autopilot.go
2021-09-28 15:11:11 -04:00
585d9363ed
Merge branch 'main' into eculver/envoy-1.19.1
2021-09-28 11:54:33 -07:00
e3248c20c9
agent: Clean up unused built-in proxy config ( #11165 )
2021-09-28 11:29:10 -04:00
cd4e70b34c
acl: fix default authorizer for down_policy
...
This was causing a nil panic because a nil authorizer is no longer valid after the cleanup done
in https://github.com/hashicorp/consul/pull/10632 .
2021-09-23 18:12:22 -04:00
6bb7aef15c
Remove t.Parallel from TestACLResolver_DownPolicy
...
These tests run in under 10ms, t.Parallel does nothing but slow them down and
make failures harder to debug when one panics.
2021-09-23 18:12:22 -04:00
e664dbc352
Refactor table index acl phase 2 ( #11133 )
...
* extract common methods from oss and ent
* remove unreachable code
* add missing normalize for binding rules
* fix oss to use Query
2021-09-23 15:26:09 -04:00
e8ac5fd90b
config: Move ACLEnableKeyListPolicy to DeprecatedConfig
2021-09-23 15:15:00 -04:00
5c40b717ed
config: move acl_ttl to DeprecatedConfig
2021-09-23 15:14:59 -04:00
977f6d8888
config: move acl_{default,down}_policy to DeprecatedConfig
2021-09-23 15:14:59 -04:00
5eafcea4d4
config: Deprecate EnableACLReplication
...
replaced by ACL.TokenReplication
2021-09-23 15:14:59 -04:00
5dc16180ad
config: move ACL master token and replication to DeprecatedConfig
2021-09-23 15:14:59 -04:00
1ecec84fd7
Merge pull request #10903 from hashicorp/feature/ingress-sds
...
Add Support to for providing TLS certificates for Ingress listeners from an SDS source
2021-09-23 16:19:05 +01:00
5904e4ac79
Refactor table index ( #11131 )
...
* convert tableIndex to use the new pattern
* make `indexFromString` available for oss as well
* refactor `indexUpdateMaxTxn`
2021-09-23 11:06:23 -04:00
7b4cbe3143
Final readability tweaks from review
2021-09-23 10:17:12 +01:00
70bc89b7f4
Fix subtle loop bug and add test
2021-09-23 10:13:41 +01:00
07f81991df
Refactor SDS validation to make it more contained and readable
2021-09-23 10:13:19 +01:00
5cfd030d03
Refactor Ingress-specific lister code to separate file
2021-09-23 10:13:19 +01:00
136928a90f
Minor PR typo and cleanup fixes
2021-09-23 10:13:19 +01:00
20d0bf81f7
Revert abandonned changes to proxycfg for Ent test consistency
2021-09-23 10:13:19 +01:00
a9119e36a5
Fix merge conflict in xds tests
2021-09-23 10:12:37 +01:00
2281d883b9
Fix some more Enterprise Normalization issues affecting tests
2021-09-23 10:12:37 +01:00
9fa60c7472
Remove unused argument to fix lint error
2021-09-23 10:09:11 +01:00
659321d008
Handle namespaces in route names correctly; add tests for enterprise
2021-09-23 10:09:11 +01:00
2a3d3d3c23
Update xDS routes to support ingress services with different TLS config
2021-09-23 10:08:02 +01:00
16b3b1c737
Update xDS Listeners with SDS support
2021-09-23 10:08:02 +01:00
ccbda0c285
Update proxycfg to hold more ingress config state
2021-09-23 10:08:02 +01:00
4e39f03d5b
Add ingress-gateway config for SDS
2021-09-23 10:08:02 +01:00
c84867feda
acl: remove ACL.Apply
...
As part of removing the legacy ACL system.
2021-09-22 18:28:08 -04:00
ae05419aea
acl: made acl rules in tests slightly more specific
...
When converting these tests from the legacy ACL system to the new RPC endpoints I
initially changed most things to use _prefix rules, because that was equivalent to
the old legacy rules.
This commit modifies a few of those rules to be a bit more specific by replacing the _prefix
rule with a non-prefix one where possible.
2021-09-22 18:24:56 -04:00
d88d9e71c2
partitions/authmethod-index work from enterprise ( #11056 )
...
* partitions/authmethod-index work from enterprise
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-09-22 13:19:20 -07:00
f972048ebc
connect: Allow upstream listener escape hatch for prepared queries ( #11109 )
2021-09-22 15:27:10 -04:00
7e20a5e4f9
connect: remove support for Envoy 1.15
2021-09-22 11:48:50 -07:00
706fc8bcd0
grpc: strip local ACL tokens from RPCs during forwarding if crossing datacenters ( #11099 )
...
Fixes #11086
2021-09-22 13:14:26 -05:00
54256fb751
config: Move two more fields to DeprecatedConfig
...
And add a test for deprecated config fields.
2021-09-22 13:23:03 -04:00
8ed14296ea
config: Introduce DeprecatedConfig
...
This struct allows us to move all the deprecated config options off of
the main config struct, and keeps all the deprecation logic in a single
place, instead of spread across 3+ places.
2021-09-22 13:22:16 -04:00
2d23f92b35
add 1.19.x versions to test config
2021-09-22 09:30:45 -07:00
1e3ba26223
Merge pull request #11090 from hashicorp/clly/kv-usage-metrics
...
Add KVUsage to consul state usage metrics
2021-09-22 11:26:56 -05:00
ba706501e1
Strip out go 1.17 bits
2021-09-22 11:04:48 -05:00
a6a359cc80
Add a mock Agent delegate to ease/improve some types of testing
2021-09-22 10:23:01 -04:00
47b99d0b78
auto-updated agent/uiserver/bindata_assetfs.go from commit 9c0233cf5
2021-09-22 13:05:38 +00:00
7efb015ca9
auto-updated agent/uiserver/bindata_assetfs.go from commit cfbd1bb84
2021-09-22 09:26:14 +00:00
72f2199ea1
acl: remove remaining tests that use ACL.Apply
...
In preparation for removing ACL.Apply.
Tests for ACL.Apply, ACL.GetPolicy, and ACL upgrades were removed
because all 3 of those will be removed shortly.
The forth test appears to be for the ACLResolver cache, so the test was moved to the correct
test file, and the name was updated to make it obvious what is being tested.
2021-09-21 19:35:26 -04:00
R.B. Boyer
Bisakh Mondal
Connor
FFMMM
Daniel Nephin
Joshua Montgomery
Evan Culver
Evan Culver
Chris S. Kim
Dhia Ayachi
Paul Banks
Paul Banks
Mark Anderson
Matt Keeler
hc-github-team-consul-core