16119 Commits

Author SHA1 Message Date
Daniel Nephin
968aeff1bb ca: prune some unnecessary lookups in the tests 2021-12-08 18:42:52 -05:00
Daniel Nephin
305655a8b1 ca: remove duplicate WaitFor function 2021-12-08 18:42:52 -05:00
Daniel Nephin
1dec6bb815 ca: fix flakes in RenewIntermediate tests
I suspect one problem was that we set structs.IntermediateCertRenewInterval to 1ms, which meant
that in some cases the intermediate could renew before we stored the original value.

Another problem was that the 'wait for intermediate' loop was calling the provider.ActiveIntermediate,
but the comparison needs to use the RPC endpoint to accurately represent a user request. So
changing the 'wait for' to use the state store ensures we don't race.

Also moves the patching into a separate function.

Removes the addition of ca.CertificateTimeDriftBuffer as part of calculating halfTime. This was added
in a previous commit to attempt to fix the flake, but it did not appear to fix the problem. Adding the
time here was making the tests fail when using the shared patch
function. It's not clear to me why, but there's no reason we should be
including this time in the halfTime calculation.
2021-12-08 18:42:52 -05:00
Daniel Nephin
2e4e8bd791 ca: improve RenewIntermediate tests
Use the new verifyLearfCert to show the cert verifies with intermediates
from both sources. This required using the RPC interface so that the
leaf pem was constructed correctly.

Add IndexedCARoots.Active since that is a common operation we see in a
few places.
2021-12-08 18:42:52 -05:00
Daniel Nephin
a4ba1f348d ca: add a test for Vault in secondary DC 2021-12-08 18:42:51 -05:00
Daniel Nephin
a5d9b1d322 ca: Add CARoots.Active method
Which will be used in the next commit.
2021-12-08 18:41:51 -05:00
R.B. Boyer
5f5720837b
acl: ensure that the agent recovery token is properly partitioned (#11782) 2021-12-08 17:11:55 -06:00
Daniel Nephin
f72e285fe8
Merge pull request #11721 from hashicorp/dnephin/ca-export-fsm-operation
ca: use the real FSM operation in tests
2021-12-08 17:49:00 -05:00
Daniel Nephin
214dcf8d0d ca: use the real FSM operation in tests
Previously we had a couple copies that reproduced the FSM operation.
These copies introduce risk that the test does not accurately match
production.

This PR removes the test versions of the FSM operation, and exports the
real production FSM operation so that it can be used in tests.

The consul provider tests did need to change because of this. Previously
we would return a hardcoded value of 2, but in production this value is
always incremented.
2021-12-08 17:29:44 -05:00
R.B. Boyer
592ac8f96a
test: test server should auto cleanup (#11779) 2021-12-08 13:26:06 -06:00
Evan Culver
7a365fa0da
rpc: Unset partition before forwarding to remote datacenter (#11758) 2021-12-08 11:02:14 -08:00
trujillo-adam
93bf817b8a
Merge branch 'main' into docs/admin-partitions-rc-updates 2021-12-08 10:29:57 -08:00
trujillo-adam
fc72ae64e9 Updates for admin partitions to include changes for RC 2021-12-08 09:37:01 -08:00
Freddy
a031de21c0
Add v1.11.0-rc changelog entry (#11776) 2021-12-08 09:34:31 -07:00
Giovanni Torres
38c1f3b9ea docs: add missing verb
This change adds a missing verb at the end of the sentence.
2021-12-07 16:08:17 -08:00
Daniel Nephin
d9dd6944f5
Merge pull request #10895 from bigmikes/serve-panic-recovery
grpc, xds: recovery middleware to return and log error in case of panic
2021-12-07 18:34:40 -05:00
Daniel Nephin
dccd3f5806 Merge remote-tracking branch 'origin/main' into serve-panic-recovery 2021-12-07 16:30:41 -05:00
Melissa Kam
a6a02b5525
Merge pull request #11769 from hashicorp/cts-typo-fix
docs/nia: Fix typo in CTS CLI options
2021-12-07 14:40:08 -06:00
Noel Quiles
b768f9f97c
website: Upgrade <HashiStackMenu /> to latest (#11760) 2021-12-07 15:32:06 -05:00
Jared Kirschner
8de6e01c2b
Merge pull request #11770 from hashicorp/move-dns-alt-domain-section
improve location of DNS alt domain docs section
2021-12-07 15:18:44 -05:00
Matthieu MOREL
35f824ebeb
dependabot : add standard and hashicorp labels (#11676) 2021-12-07 15:12:32 -05:00
Jared Kirschner
d3018e6846
improve location of DNS alt domain docs section 2021-12-07 15:10:14 -05:00
Dan Upton
7efab269c0
Rename Master and AgentMaster fields in config protobuf (#11764) 2021-12-07 19:59:38 +00:00
Melissa Kam
b6310400ab docs/nia: Fix typo in CTS CLI options 2021-12-07 13:55:49 -06:00
Chris S. Kim
f8f8580ab2
Godocs updates for catalog endpoints (#11716) 2021-12-07 10:18:28 -05:00
Mathew Estafanous
0a9621ec7a
Transition all endpoint tests in agent_endpoint_test.go to go through ServeHTTP (#11499) 2021-12-07 09:44:03 -05:00
Dan Upton
205ce9a69d
Remove references to "master" ACL tokens in tests (#11751) 2021-12-07 12:48:50 +00:00
Dan Upton
7fe81171d9
Rename ACLMasterToken => ACLInitialManagementToken (#11746) 2021-12-07 12:39:28 +00:00
Dan Upton
3a91815169
agent/token: rename agent_master to agent_recovery (internally) (#11744) 2021-12-07 12:12:47 +00:00
Freddy
46a530434e
Merge pull request #11757 from hashicorp/ap/discovery-chain 2021-12-06 15:22:51 -07:00
R.B. Boyer
9315a9812f return the max 2021-12-06 15:36:52 -06:00
R.B. Boyer
f1a11be06e
sync back 1.11.0-beta3 changelogs (#11759) 2021-12-06 14:59:35 -06:00
R.B. Boyer
aa9a22a8fe fix test failures 2021-12-06 14:45:44 -06:00
freddygv
b629b8f656 Add changelog entry 2021-12-06 12:35:11 -07:00
freddygv
9b44861ce4 Update api module and decoding tests 2021-12-06 12:32:29 -07:00
freddygv
60fe5f75bb Remove support for failover to partition
Failing over to a partition is more siimilar to failing over to another
datacenter than it is to failing over to a namespace. In a future
release we should update how localities for failover are specified. We
should be able to accept a list of localities which can include both
partition and datacenter.
2021-12-06 12:32:24 -07:00
freddygv
5c1f7aa372 Allow cross-partition references in disco chain
* Add partition fields to targets like service route destinations
* Update validation to prevent cross-DC + cross-partition references
* Handle partitions when reading config entries for disco chain
* Encode partition in compiled targets
2021-12-06 12:32:19 -07:00
R.B. Boyer
b1605639fc
light refactors to support making partitions and serf-based wan federation are mutually exclusive (#11755) 2021-12-06 13:18:02 -06:00
John Cowen
05fabbe898
ui: Improve error messaging for when we can't make a slug (#11697)
Ember Data requires the usage of unique ID to identify its records in the frontend, and we use a centralized function to do that for all records. There are occasions where it can't make an ID, usually this is a bug our side, but there are occasions where Consul might not be giving us the data needed to make an ID, for example if a Service comes down to us with a blank Name. Whilst this isn't a problem to be fixed in the UI, I thought we could make an improvement here by giving a little more info as to why the UI cannot make a unique ID.

This is currently semi-hidden away in the javascript console, but we could potentially surface this in the UI itself as a larger task. I figured this smaller task could help folks in the meantime if they hit upon this as they might open up the javascript console themselves to see whats up and they'd at least get this extra clue.
2021-12-06 16:11:57 +00:00
John Cowen
c04701b387
ui: remove old head.hbs file we don't need (#11678) 2021-12-06 16:10:08 +00:00
John Cowen
77412fd2e0
ui: Stop tables overlapping with their headers when scrolling (#11670) 2021-12-06 16:09:15 +00:00
R.B. Boyer
e20e6348dd
areas: make the gRPC server tracker network area aware (#11748)
Fixes a bug whereby servers present in multiple network areas would be
properly segmented in the Router, but not in the gRPC mirror. This would
lead servers in the current datacenter leaving from a network area
(possibly during the network area's removal) from deleting their own
records that still exist in the standard WAN area.

The gRPC client stack uses the gRPC server tracker to execute all RPCs,
even those targeting members of the current datacenter (which is unlike
the net/rpc stack which has a bypass mechanism).

This would manifest as a gRPC method call never opening a socket because
it would block forever waiting for the current datacenter's pool of
servers to be non-empty.
2021-12-06 09:55:54 -06:00
Freddy
a725f06c83
Merge pull request #11739 from hashicorp/ap/exports-rename 2021-12-06 08:20:50 -07:00
John Cowen
85c39092c0
ui: Adds basic support for partition exports to Service listings (#11702)
Also:

* ui: Add cross partition linking and rollout BucketList (#11712)

* ui: Add exported service partition to the source filter menu (#11727)
2021-12-06 11:06:33 +00:00
John Cowen
171cb0a247
ui: Adds partition support to Service and Node Identity templates (#11696) 2021-12-06 10:33:44 +00:00
John Cowen
f27685cc40
ui: Adds basic support for the Routing tab viz with partitions (#11679) 2021-12-06 10:22:09 +00:00
John Cowen
b07ff88874
ui: Add documentation link for partitions (#11668) 2021-12-06 10:09:44 +00:00
freddygv
e91509383f Clean up additional refs to partition exports 2021-12-04 15:16:40 -07:00
Freddy
f24a206712
Merge pull request #11738 from hashicorp/ap/tproxy 2021-12-04 09:50:38 -07:00
Mike Morris
93f937f238
types: add types/tls.go for strongly-typed TLS versions and cipher suites (#11645)
types: add TLS constants

types: distinguish between human and Envoy serialization for TLSVersion constants

types: add DeprecatedAgentTLSVersions for backwards compatibility

types: add methods for printing TLSVersion as strings

types: add TLSVersionInvalid error value

types: add a basic test for TLSVersion comparison

types: add TLS cihper suite mapping using IANA constant names and values

types: adding ConsulAutoConfigTLSVersionStrings

changelog: add entry for TLSVersion and TLSCipherSuite types

types: initialize TLSVerison constants starting at zero

types: remove TLSVersionInvalid < 0 test

types: update note for ConsulAutoConfigTLSVersionStrings

types: programmatically invert TLSCipherSuites for HumanTLSCipherSuiteStrings lookup map

Co-authored-by: Dan Upton <daniel@floppy.co>

types: add test for TLSVersion zero-value

types: remove unused EnvoyTLSVersionStrings

types: implement MarshalJSON for TLSVersion

types: implement TLSVersionUnspecified as zero value

types: delegate TLS.MarshalJSON to json.Marshal, use ConsulConfigTLSVersionStrings as default String() values

Co-authored-by: Dan Upton <daniel@floppy.co>
2021-12-03 20:17:55 -05:00