Commit Graph

11697 Commits

Author SHA1 Message Date
R.B. Boyer 4563fe4064 update changelog 2020-06-01 11:46:19 -05:00
R.B. Boyer 833211c14c
acl: allow auth methods created in the primary datacenter to optionally create global tokens (#7899) 2020-06-01 11:44:47 -05:00
R.B. Boyer a78aa80d25 update changelog 2020-05-29 16:17:30 -05:00
R.B. Boyer ffb9c7d6f7
acl: remove the deprecated `acl_enforce_version_8` option (#7991)
Fixes #7292
2020-05-29 16:16:03 -05:00
Jono Sosulska c554ba9e10
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
* Replace whitelist/blacklist terminology with allowlist/denylist
2020-05-29 14:19:16 -04:00
Shantanu Gadgil b4f2874d89
add gobetween to the Consul tools (#7973)
add gobetween to the Consul tools
2020-05-29 11:17:22 -07:00
Chris Piraino 6c444ba24c
Remove underscores from gateway URL paths (#7962) 2020-05-28 14:19:17 -05:00
Luke Kysow db6f876b59
Merge pull request #7936 from hashicorp/helm-k8s-mgw
Helm docs for k8s mesh gateways and federation
2020-05-28 10:51:03 -07:00
Luke Kysow 6409c488ee
Helm docs for k8s mesh gateways and federation 2020-05-28 10:49:59 -07:00
Daniel Nephin 756e130a7f
Merge pull request #7947 from hashicorp/dnephin/add-linter-staticcheck-3
ci: Enable staticcheck and fix most errors
2020-05-28 12:25:46 -04:00
Daniel Nephin c88fae0aac ci: Add staticcheck and fix most errors
Three of the checks are temporarily disabled to limit the size of the
diff, and allow us to enable all the other checks in CI.

In a follow up we can fix the issues reported by the other checks one
at a time, and enable them.
2020-05-28 11:59:58 -04:00
Daniel Nephin 4f2bff174d
Merge pull request #7963 from hashicorp/dnephin/replace-lib-translate-keys
Replace lib.TranslateKeys with a mapstructure decode hook
2020-05-27 16:51:26 -04:00
Daniel Nephin 6a2d7d77c0 config: use the new HookTranslateKeys instead of lib.TranslateKeys
With the exception of CA provider config, which will be migrated at some
later time.
2020-05-27 16:24:47 -04:00
Daniel Nephin 8ced4300c8 Add alias struct tags for new decode hook 2020-05-27 16:24:47 -04:00
Daniel Nephin 1a039393f5 config: add HookTranslteKeys
This hook replaces lib.TranslateKeys and has a number of advantages:

1. Primarily, aliases for fields are defined on the field itself, making
   the aliases much easier to maintain, and more obvious to the reader.
2. TranslateKeys translation rules are not aware of structure. It could
   very easily incorrectly translate a key on one struct that was intended
   to be a translation rule for a completely different struct, leading
   to very hard to debug errors. The hook removes the need for the
   unexpected "translation rule is an empty string to indicate stop
   traversal" special case.
3. TranslateKeys attempts to duplicate a bunch of tree traversal logic
   that already exists in mapstructure. Using mapstructure for traversal
   removes the need to traverse the entire structure multiple times, and
   makes the behaviour more obvious to the reader.

This change is being made to enable a future change of replacing
PatchSliceOfMaps. TranslateKeys sits in between PatchSliceOfMaps and
mapstructure.Decode, so it must be converted to a hook first, before
PatchSliceOfMaps can be replaced by a decode hook.
2020-05-27 16:24:47 -04:00
R.B. Boyer 77f2e54618
create lib/stringslice package (#7934) 2020-05-27 11:47:32 -05:00
R.B. Boyer 12f6d327f8 update changelog 2020-05-27 11:33:16 -05:00
R.B. Boyer ddd0a13e27
agent: handle re-bootstrapping in a secondary datacenter when WAN federation via mesh gateways is configured (#7931)
The main fix here is to always union the `primary-gateways` list with
the list of mesh gateways in the primary returned from the replicated
federation states list. This will allow any replicated (incorrect) state
to be supplemented with user-configured (correct) state in the config
file. Eventually the game of random selection whack-a-mole will pick a
winning entry and re-replicate the latest federation states from the
primary. If the user-configured state is actually the incorrect one,
then the same eventual correct selection process will work in that case,
too.

The secondary fix is actually to finish making wanfed-via-mgws actually
work as originally designed. Once a secondary datacenter has replicated
federation states for the primary AND managed to stand up its own local
mesh gateways then all of the RPCs from a secondary to the primary
SHOULD go through two sets of mesh gateways to arrive in the consul
servers in the primary (one hop for the secondary datacenter's mesh
gateway, and one hop through the primary datacenter's mesh gateway).
This was neglected in the initial implementation. While everything
works, ideally we should treat communications that go around the mesh
gateways as just provided for bootstrapping purposes.

Now we heuristically use the success/failure history of the federation
state replicator goroutine loop to determine if our current mesh gateway
route is working as intended. If it is, we try using the local gateways,
and if those don't work we fall back on trying the primary via the union
of the replicated state and the go-discover configuration flags.

This can be improved slightly in the future by possibly initializing the
gateway choice to local on startup if we already have replicated state.
This PR does not address that improvement.

Fixes #7339
2020-05-27 11:31:10 -05:00
Alvin Huang 37cafc3f52
bump beta callout to v1.8.0-beta2 (#7945) 2020-05-26 12:51:44 -04:00
Raphaël Rondeau 0d2f178b7b
connect: fix endpoints clusterName when using cluster escape hatch (#7319)
```changelog
* fix(connect): fix endpoints clusterName when using cluster escape hatch
```
2020-05-26 10:57:22 +02:00
Pierre Souchay d6649e42af
Stop all watches before shuting down anything dring shutdown. (#7526)
This will prevent watches from being triggered.

```changelog
* fix(agent):  stop all watches before shuting down
```
2020-05-26 10:01:49 +02:00
Luke Kysow 85b20d3713
Merge pull request #7944 from hashicorp/k8s-mgw-docs-update
Update for consul:1.8.0-beta2
2020-05-25 11:26:28 -07:00
Luke Kysow 56e2a98aea
Update for consul:1.8.0-beta2 2020-05-25 11:26:09 -07:00
R.B. Boyer 8bc858baee update changelog 2020-05-21 16:09:57 -05:00
R.B. Boyer 1b5023cb69
connect: ensure proxy-defaults protocol is used for upstreams (#7938) 2020-05-21 16:08:39 -05:00
Jeff Escalante 0a8a311bd7 env variable clarity 2020-05-21 14:50:45 -04:00
Jeff Escalante c2110669c1 mod stylelint to be more accurate 2020-05-21 14:50:45 -04:00
Jeff Escalante 7cbd8b9d36 upgrade to stylelint release 2020-05-21 14:50:45 -04:00
Jeff Escalante 789ba665d5 remove unused dependencies, adjust 404 link color 2020-05-21 14:50:45 -04:00
Jeff Escalante 326ec30d68 update dependencies 2020-05-21 14:50:45 -04:00
Kyle Havlovitz b14696e32a
Standardize support for Tagged and BindAddresses in Ingress Gateways (#7924)
* Standardize support for Tagged and BindAddresses in Ingress Gateways

This updates the TaggedAddresses and BindAddresses behavior for Ingress
to match Mesh/Terminating gateways. The `consul connect envoy` command
now also allows passing an address without a port for tagged/bind
addresses.

* Update command/connect/envoy/envoy.go

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* PR comments

* Check to see if address is an actual IP address

* Update agent/xds/listeners.go

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* fix whitespace

Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-05-21 09:08:12 -05:00
Peter M aedabfbf57 Updated resource heading to correct error 2020-05-20 15:26:56 -07:00
Daniel Nephin 03291943e1
Merge pull request #7933 from hashicorp/dnephin/state-txn-missing-errors
state: fix unhandled error
2020-05-20 17:00:20 -04:00
Daniel Nephin 04bf0f3490
Update agent/consul/state/catalog.go
Co-authored-by: Hans Hasselberg <me@hans.io>
2020-05-20 16:34:14 -04:00
Seth Hoenig 44ee818d46
grpc: use default resolver scheme for grpc dialing (#7617)
Currently checks of type gRPC will emit log messages such as,

    2020/02/12 13:48:22 [INFO] parsed scheme: ""
    2020/02/12 13:48:22 [INFO] scheme "" not registered, fallback to default scheme

Without adding full support for using custom gRPC schemes (maybe that's
right long-term path) we can just supply the default scheme as provided
by the grpc library.

Fixes https://github.com/hashicorp/consul/issues/7274
and https://github.com/hashicorp/nomad/issues/7415
2020-05-20 22:26:26 +02:00
Daniel Nephin 3f607d9ef0 state: use an error to indicate compare failed
Errors are values. We can use the error value to identify the 'comparison failed' case which makes the function easier to use and should make it harder to miss handle the error case
2020-05-20 12:43:33 -04:00
Freddy 3dd8b66aa2
Update ingress/terminating gateway ACL docs (#7891) 2020-05-20 09:27:25 -06:00
Paul Mundt 82c391b75d
docs: Add Dart client to list of Libraries and SDKs (#7884) 2020-05-20 12:42:12 +02:00
Patrice Krakow 746bf9b7e2
docs: change "is" to "can be" in connect docs (#7902)
The doc says: "When the Connect injector is installed, the Connect sidecar is automatically added to all pods." But, it depends on the configuration, so I think it's better to say: "When the Connect injector is installed, the Connect sidecar can automatically added to all pods."
2020-05-20 12:40:24 +02:00
Pierre Souchay 5c7af90154
tests: added unit test to ensure watches are not re-triggered on consul reload (#7449)
This ensures no regression about https://github.com/hashicorp/consul/issues/7318
And ensure that https://github.com/hashicorp/consul/issues/7446 cannot happen anymore
2020-05-20 12:38:29 +02:00
Pierre Souchay e9d176db2a
Allow to restrict servers that can join a given Serf Consul cluster. (#7628)
Based on work done in https://github.com/hashicorp/memberlist/pull/196
this allows to restrict the IP ranges that can join a given Serf cluster
and be a member of the cluster.

Restrictions on IPs can be done separatly using 2 new differents flags
and config options to restrict IPs for LAN and WAN Serf.
2020-05-20 11:31:19 +02:00
Daniel Nephin 913549a0b3
Merge pull request #7894 from hashicorp/dnephin/add-linter-staticcheck-1
Fix some bugs/issues found by staticcheck
2020-05-19 18:44:06 -04:00
Daniel Nephin 1bbea2751f consul/state: refactor tnxService to avoid missed cases
Handling errors at the end of a log switch/case block is somewhat
brittle. This block included a couple cases where errors were ignored,
but it was not obvious the way it was written.

This change moves all error handling into each case block. There is
still potentially one case where err is ignored, which will be handled
in a follow up.
2020-05-19 16:50:14 -04:00
Daniel Nephin 9f27d61bee Remove unused var
The usage was removed in 8e22d80e35,
however it seems there may be a bug here because the cluster name
is not updated when the target changes.
2020-05-19 16:50:14 -04:00
Daniel Nephin 4f738b462b Handle error from template.Execute
Refactored the function to make the problem more obvious, by using a
guard.
2020-05-19 16:50:14 -04:00
Daniel Nephin c662f0f0de Fix a number of problems found by staticcheck
Some of these problems are minor (unused vars), but others are real bugs (ignored errors).

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
2020-05-19 16:50:14 -04:00
Daniel Nephin 5c99109dd9 Remove unused var
The usage of this var was removed in b92f895c23.

Found by using staticcheck
2020-05-19 16:50:14 -04:00
R.B. Boyer 89a6492033
docs: remove todos (#7922)
Fixes #7921
2020-05-19 15:19:06 -05:00
Daniel Nephin e02ee13657
Make envoy integration tests a `go test` suite (#7842)
* test/integration: only run against 1 envoy version

These tests are slow enough that it seems unlikely that anyone is
running multiple versions locally. If someone wants to, a for loop
outside of run_test.sh should do the right thing.

Remove unused vars.

* Remove logic to iterate over test cases, run a single case

* Add a golang runner for integration tests

* Use build tags for envoy integration tests

And add junit-xml report
2020-05-19 14:00:00 -04:00
Mike Morris 1b152f9f21
ci: limit parallelism for Ember builds (#7917)
If not artificially limited by setting JOBS env var,
broccoli-babel-transpiler will attempt to parallelize across the number
of CPUs on the host VM rather than the Docker container, resulting in CI
jobs being killed due to running out of memory.
2020-05-19 13:00:35 -04:00