Commit Graph

20319 Commits

Author SHA1 Message Date
R.B. Boyer 48effe5f8a
chore: make go-mod-tidy (#18388) 2023-08-07 14:02:34 -05:00
Ashesh Vidyut 417ae9fc39
Fix #17730 - Dev mode has new line (#18367)
* adding new line only in case of pretty in url not in dev mode

* change log added
2023-08-05 08:15:24 +05:30
Andrea Scarpino 38c356c39b
[docs] Fix ServiceDefaults example in distributed tracing (#17212)
Fix ServiceDefaults example in distributed tracing.
2023-08-04 23:07:06 +00:00
R.B. Boyer 1ebd001a07
bimapper: fix a bug and add some more test coverage (#18387) 2023-08-04 16:45:10 -05:00
wangxinyi7 1f28ac2664
expose grpc as http endpoint (#18221)
expose resource grpc endpoints as http endpoints
2023-08-04 11:27:48 -07:00
Tu Nguyen 0a48a24a2f
Add redirects for mesh-gateway docs (#18377) 2023-08-04 16:36:21 +00:00
R.B. Boyer 89aac4b098
add some initial CODEOWNERS (#18346) 2023-08-03 16:22:18 -05:00
Jeremy Jacobson 8e5e16de60
Fix policy lookup to allow for slashes (#18347)
* Fix policy lookup to allow for slashes

* Fix suggestions

* Fix other test

* Revert some lines
2023-08-03 13:21:43 -07:00
Dan Stough 284e3bdb54
[OSS] test: xds coverage for routes (#18369)
test: xds coverage for routes
2023-08-03 15:03:02 -04:00
R.B. Boyer 9c227e2c36
mesh: adding the protobuf types and resources backing mesh config v2 (#18351) 2023-08-03 13:42:04 -05:00
Michael Zalimeni 905e371607
[NET-5146] security: Update Go version to 1.20.7 and `x/net` to 0.13.0 (#18358)
* Update Go version to 1.20.7

This resolves [CVE-2023-29409]
(https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`).

* Bump golang.org/x/net to 0.13.0

Addresses [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978)
for security scans (non-impacting).
2023-08-02 13:10:29 -04:00
Iryna Shustava a33001f4d4
Register ProxyStateTemplate Resource (#18316)
Also, change the ProxyState.id to identity. This is because we already have the id of this proxy
  from the resource, and this id should be name-aligned with the workload it represents. It should
  also have the owner ref set to the workload ID if we need that. And so the id field seems unnecessary.
  We do, however, need a reference to workload identity so that we can authorize the proxy when it initially
  connects to the xDS server.
2023-08-02 08:15:13 -06:00
Ashesh Vidyut 67fc93e26d
NET-4240 - Snapshots are failing on Windows (#18302)
* fix go mod

* fix go sum

* added change log

* ran make go mod tidy
2023-08-02 08:14:35 +05:30
Ashvitha 828567c62e
[HCP Telemetry] Periodic Refresh for Dynamic Telemetry Configuration (#18168)
* OTElExporter now uses an EndpointProvider to discover the endpoint

* OTELSink uses a ConfigProvider to obtain filters and labels configuration

* improve tests for otel_sink

* Regex logic is moved into client for a method on the TelemetryConfig object

* Create a telemetry_config_provider and update deps to use it

* Fix conversion

* fix import newline

* Add logger to hcp client and move telemetry_config out of the client.go file

* Add a telemetry_config.go to refactor client.go

* Update deps

* update hcp deps test

* Modify telemetry_config_providers

* Check for nil filters

* PR review updates

* Fix comments and move around pieces

* Fix comments

* Remove context from client struct

* Moved ctx out of sink struct and fixed filters, added a test

* Remove named imports, use errors.New if not fformatting

* Remove HCP dependencies in telemetry package

* Add success metric and move lock only to grab the t.cfgHahs

* Update hash

* fix nits

* Create an equals method and add tests

* Improve telemetry_config_provider.go tests

* Add race test

* Add missing godoc

* Remove mock for MetricsClient

* Avoid goroutine test panics

* trying to kick CI lint issues by upgrading mod

* imprve test code and add hasher for testing

* Use structure logging for filters, fix error constants, and default to allow all regex

* removed hashin and modify logic to simplify

* Improve race test and fix PR feedback by removing hash equals and avoid testing the timer.Ticker logic, and instead unit test

* Ran make go-mod-tidy

* Use errtypes in the test

* Add changelog

* add safety check for exporter endpoint

* remove require.Contains by using error types, fix structure logging, and fix success metric typo in exporter

* Fixed race test to have changing config values

* Send success metric before modifying config

* Avoid the defer and move the success metric under
2023-08-01 17:20:18 -04:00
John Landa 2a8bf5df61
Wasm integration tests for local and remote wasm files (#17756)
* wasm integration tests for local and remote wasm files

refactoring and cleanup for wasm testing

remove wasm debug logging

PR feedback, wasm build lock

correct path pattern for wasm build files

Add new helper function to minimize changes to existing test code

Remove extra param

mod tidy

add custom service setup to test lib

add wait until static server sidecar can reach nginx sidecar

Doc comments

PR feedback

Update workflows to compile wasm for integration tests

Fix docker build path

Fix package name for linter

Update makefile, fix redeclared function

Update expected wasm filename

Debug test ls in workflow

remove pwd in favor of relative path

more debugging

Build wasm in compatability tests as well

Build wasm directly in ci rather than in container

Debug tinygo and llvm version

Change wasm file extension

Remove tinygo debugging

Remove extra comments

* Add compiled wasm and build instructions
2023-08-01 15:49:39 -05:00
R.B. Boyer 13ce787a3f
resource: adding various helpers for working with resources (#18342)
This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
2023-08-01 13:39:15 -05:00
Nitya Dhanushkodi e459399e39
[NET-5121] proxystate: move protos to subdirectory to avoid conflicts (#18335)
* also makes a few protos updates
2023-08-01 17:35:17 +00:00
Jeremy Jacobson 6424ef6a56
[CC-5719] Add support for builtin global-read-only policy (#18319)
* [CC-5719] Add support for builtin global-read-only policy

* Add changelog

* Add read-only to docs

* Fix some minor issues.

* Change from ReplaceAll to Sprintf

* Change IsValidPolicy name to return an error instead of bool

* Fix PolicyList test

* Fix other tests

* Apply suggestions from code review

Co-authored-by: Paul Glass <pglass@hashicorp.com>

* Fix state store test for policy list.

* Fix naming issues

* Update acl/validation.go

Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>

* Update agent/consul/acl_endpoint.go

---------

Co-authored-by: Paul Glass <pglass@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
2023-08-01 17:12:14 +00:00
Ronald bb6fc63823
fix typo in create a mesh token docs (#18337) 2023-08-01 10:18:08 -04:00
Blake Covarrubias 3894940824
docs: Simplify example jq commands by removing pipes (#18327)
Simplify jq command examples by removing pipes to other commands.
2023-07-31 21:01:39 +00:00
Michael Zalimeni b1b05f0bac
[NET-4703] Prevent partial application of Envoy extensions (#18068)
Prevent partial application of Envoy extensions

Ensure that non-required extensions do not change xDS resources before
exiting on failure by cloning proto messages prior to applying each
extension.

To support this change, also move `CanApply` checks up a layer and make
them prior to attempting extension application, s.t. we avoid
unnecessary copies where extensions can't be applied.

Last, ensure that we do not allow panics from `CanApply` or `Extend`
checks to escape the attempted extension application.
2023-07-31 15:24:33 -04:00
cui fliter 18a5edd232
docs: Fix some comments (#17118)
Signed-off-by: cui fliter <imcusg@gmail.com>
2023-07-31 10:56:09 -07:00
Ronald 356b29bf35
Stop JWT provider from being written in non default namespace (#18325) 2023-07-31 09:13:16 -04:00
Florian Apolloner 6ada2e05ff
Fix topology view when displaying mixed connect-native/normal services. (#13023)
* Fix topoloy intention with mixed connect-native/normal services.

If a service is registered twice, once with connect-native and once
without, the topology views would prune the existing intentions. This
change brings the code more in line with the transparent proxy behavior.

* Dedupe nodes in the ServiceTopology ui endpoint (like done with tags).

* Consider a service connect-native as soon as one instance is.
2023-07-31 08:10:55 -04:00
Curt Bushko 449e050741
Update actions for TSCCR (#18317)
Update action versions before deadline
2023-07-28 12:49:23 -04:00
Michael Zalimeni cbfeb6c8af
[NET-4904] Update list of Envoy versions in docs (#18306)
Update list of Envoy versions in docs

Update supported Envoy versions across Consul release versions.
2023-07-27 15:47:02 +00:00
Michael Zalimeni cf4deeb7ea
Update list of Envoy versions (#18300)
Update supported envoy versions to 1.24.10, 1.25.9, 1.26.4, 1.27.0.
2023-07-26 21:48:29 +00:00
Paul Glass 09b251ff77
Update K8s changelog to address cloud auto-join change in 1.0.0 (#18293) 2023-07-26 15:25:27 -05:00
Nathan Coleman 5caa0ae3f5
api-gateway: subscribe to bound-api-gateway only after receiving api-gateway (#18291)
* api-gateway: subscribe to bound-api-gateway only after receiving api-gateway

This fixes a race condition due to our dependency on having the listener(s) from the api-gateway config entry in order to fully and properly process the resources on the bound-api-gateway config entry.

* Apply suggestions from code review

* Add changelog entry
2023-07-26 16:02:04 -04:00
Jeff Boruszak e29ceab2f9
docs: K8s secondary DC requirements (#18280)
* Requested edit

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-07-26 18:42:56 +00:00
Michael Zalimeni e37f702d92
Fix typo in Envoy extensions doc (#18284) 2023-07-26 17:02:41 +00:00
Jeff Boruszak d147c3e5cd
docs: Consul on Kubernetes specific upgrade info (#18230)
* Compatibility page - dataplanes mention

* Upgrading higher-level dataplane mention

* `exec=` string callout

* More visible for upgrade page

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-07-26 07:03:07 -07:00
Gautam 02cf17758d
docs: Update ext-authz documentation for kubernetes (#18281)
Update ext-authz documentation for kubernetes
2023-07-26 00:38:39 +00:00
Dan Bond 9b540e29bc
go-tests: disable s390x (#18273) 2023-07-25 10:58:12 -07:00
cskh 31d2813714
member cli: add -filter expression to flags (#18223)
* member cli: add -filter expression to flags

* changelog

* update doc

* Add test cases

* use quote
2023-07-25 13:54:52 -04:00
trujillo-adam 090e869a55
fix typos, style, and improper links (#18269) 2023-07-24 16:37:00 -07:00
John Murret 319a2239d3
NET-4897 - update comment to include the current issue url from the go team. (#18263) 2023-07-24 21:27:19 +00:00
Michael Zalimeni 9a82df27ba
[NET-3700] Backfill changelog entry for c2bbe67 and 7402d06 (#18259)
Backfill changelog entry for c2bbe67 and 7402d06

Add a changelog entry for the follow-up PR since it was specific to the
fix and references the original change.
2023-07-24 14:30:45 -04:00
cskh 4d3f9a1ee2
grafana: add the panel resource usage of connect injector (#18247) 2023-07-24 13:10:22 -04:00
Paul Glass b7cdd18575
NET-1825: More new ACL token creation docs (#18063)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-07-24 16:53:00 +00:00
John Maguire b162c51523
Fix some inconsistencies in jwt docs (#18234) 2023-07-24 16:36:26 +00:00
Semir Patel efb45fe851
resource: Add scope to resource type registration [NET-4976] (#18214)
Enables querying a resource type's registration to determine if a resource is cluster, partition, or partition and namespace scoped.
2023-07-24 11:34:30 -05:00
John Murret 639210e28d
Revert "NET-4996 - filter go-tests and test-integration workflows from running on docs only and ui only changes" (#18248)
Revert "NET-4996 - filter go-tests and test-integration workflows from running on docs only and ui only changes (#18236)"

This reverts commit a11dba710e.
2023-07-24 10:05:43 -06:00
Michael Zalimeni 8b46bac36d
Align build arch matrix with enterprise (#18235)
Ensure that OSS remains in sync w/ Enterprise by aligning the format of
arch matrix args for various build jobs.
2023-07-24 11:22:34 -04:00
John Murret a11dba710e
NET-4996 - filter go-tests and test-integration workflows from running on docs only and ui only changes (#18236) 2023-07-23 13:08:15 -06:00
Ashesh Vidyut 2b0d64ee27
Fix Github Workflow File (#18241)
* [CONSUL-382] Support openssl in unique test dockerfile (#43)

* [CONSUL-405] Add bats to single container (#44)

* [CONSUL-414] Run Prometheus Test Cases and Validate Changes (#46)

* [CONSUL-410] Run Jaeger in Single container (#45)

* [CONSUL-412] Run test-sds-server in single container (#48)

* [CONSUL-408] Clean containers (#47)

* [CONSUL-384] Rebase and sync fork (#50)

* [CONSUL-415] Create Scenarios Troubleshooting Docs (#49)

* [CONSUL-417] Update Docs Single Container (#51)

* [CONSUL-428] Add Socat to single container (#54)

* [CONSUL-424] Replace pkill in kill_envoy function (#52)

* [CONSUL-434] Modify Docker run functions in Helper script (#53)

* [CONSUL-435] Replace docker run in set_ttl_check_state & wait_for_agent_service_register functions (#55)

* [CONSUL-438] Add netcat (nc) in the Single container Dockerfile (#56)

* [CONSUL-429] Replace Docker run with Docker exec (#57)

* [CONSUL-436] Curl timeout and run tests (#58)

* [CONSUL-443] Create dogstatsd Function (#59)

* [CONSUL-431] Update Docs Netcat (#60)

* [CONSUL-439] Parse nc Command in function (#61)

* [CONSUL-463] Review curl Exec and get_ca_root Func (#63)

* [CONSUL-453] Docker hostname in Helper functions (#64)

* [CONSUL-461] Test wipe volumes without extra cont (#66)

* [CONSUL-454] Check ports in the Server and Agent containers (#65)

* [CONSUL-441] Update windows dockerfile with version (#62)

* [CONSUL-466] Review case-grpc Failing Test (#67)

* [CONSUL-494] Review case-cfg-resolver-svc-failover (#68)

* [CONSUL-496] Replace docker_wget & docker_curl (#69)

* [CONSUL-499] Cleanup Scripts - Remove nanoserver (#70)

* [CONSUL-500] Update Troubleshooting Docs (#72)

* [CONSUL-502] Pull & Tag Envoy Windows Image (#73)

* [CONSUL-504] Replace docker run in docker_consul (#76)

* [CONSUL-505] Change admin_bind

* [CONSUL-399] Update envoy to 1.23.1 (#78)

* [CONSUL-510] Support case-wanfed-gw on Windows (#79)

* [CONSUL-506] Update troubleshooting Documentation (#80)

* [CONSUL-512] Review debug_dump_volumes Function (#81)

* [CONSUL-514] Add zipkin to Docker Image (#82)

* [CONSUL-515] Update Documentation (#83)

* [CONSUL-529] Support case-consul-exec (#86)

* [CONSUL-530] Update Documentation (#87)

* [CONSUL-530] Update default consul version 1.13.3

* [CONSUL-539] Cleanup (#91)

* [CONSUL-546] Scripts Clean-up (#92)

* [CONSUL-491] Support admin_access_log_path value for Windows (#71)

* [CONSUL-519] Implement mkfifo Alternative (#84)

* [CONSUL-542] Create OS Specific Files for Envoy Package (#88)

* [CONSUL-543] Create exec_supported.go (#89)

* [CONSUL-544] Test and Build Changes (#90)

* Implement os.DevNull

* using mmap instead of disk files

* fix import in exec-unix

* fix nmap open too many arguemtn

* go fmt on file

* changelog file

* fix go mod

* Update .changelog/17694.txt

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>

* different mmap library

* fix bootstrap json

* some fixes

* chocolatey version fix and image fix

* using different library

* fix Map funciton call

* fix mmap call

* fix tcp dump

* fix tcp dump

* windows tcp dump

* Fix docker run

* fix tests

* fix go mod

* fix version 16.0

* fix version

* fix version dev

* sleep to debug

* fix sleep

* fix permission issue

* fix permission issue

* fix permission issue

* fix command

* fix command

* fix funciton

* fix assert config entry status command not found

* fix command not found assert_cert_has_cn

* fix command not found assert_upstream_missing

* fix command not found assert_upstream_missing_once

* fix command not found get_upstream_endpoint

* fix command not found get_envoy_public_listener_once

* fix command not found

* fix test cases

* windows integration test workflow github

* made code similar to unix using npipe

* fix go.mod

* fix dialing of npipe

* dont wait

* check size of written json

* fix undefined n

* running

* fix dep

* fix syntax error

* fix workflow file

* windows runner

* fix runner

* fix from json

* fix runs on

* merge connect envoy

* fix cin path

* build

* fix file name

* fix file name

* fix dev build

* remove unwanted code

* fix upload

* fix bin name

* fix path

* checkout current branch

* fix path

* fix tests

* fix shell bash for windows sh files

* fix permission of run-test.sh

* removed docker dev

* added shell bash for tests

* fix tag

* fix win=true

* fix cd

* added dev

* fix variable undefined

* removed failing tests

* fix tcp dump image

* fix curl

* fix curl

* tcp dump path

* fix tcpdump path

* fix curl

* fix curl install

* stop removing intermediate containers

* fix tcpdump docker image

* revert -rm

* --rm=false

* makeing docker image before

* fix tcpdump

* removed case consul exec

* removed terminating gateway simple

* comment case wasm

* removed data dog

* comment out upload coverage

* uncomment case-consul-exec

* comment case consul exec

* if always

* logs

* using consul 1.17.0

* fix quotes

* revert quotes

* redirect to dev null

* Revert version

* revert consul connect

* fix version

* removed envoy connect

* not using function

* change log

* docker logs

* fix logs

* restructure bad authz

* rmeoved dev null

* output

* fix file descriptor

* fix cacert

* fix cacert

* fix ca cert

* cacert does not work in windows curl

* fix func

* removed docker logs

* added sleep

* fix tls

* commented case-consul-exec

* removed echo

* retry docker consul

* fix upload bin

* uncomment consul exec

* copying consul.exe to docker image

* copy fix

* fix paths

* fix path

* github workspace path

* latest version

* Revert "latest version"

This reverts commit 5a7d7b82d9e7553bcb01b02557ec8969f9deba1d.

* commented consul exec

* added ssl revoke best effort

* revert best effort

* removed unused files

* rename var name and change dir

* windows runner

* permission

* needs setup fix

* swtich to github runner

* fix file path

* fix path

* fix path

* fix path

* fix path

* fix path

* fix build paths

* fix tag

* nightly runs

* added matrix in github workflow, renamed files

* fix job

* fix matrix

* removed brackes

* from json

* without using job matrix

* fix quotes

* revert job matrix

* fix workflow

* fix comment

* added comment

* nightly runs

* removed datadog ci as it is already measured in linux one

* running test

* Revert "running test"

This reverts commit 7013d15a23732179d18ec5d17336e16b26fab5d4.

* pr comment fixes

* running test now

* running subset of test

* running subset of test

* job matrix

* shell bash

* removed bash shell

* linux machine for job matrix

* fix output

* added cat to debug

* using ubuntu latest

* fix job matrix

* fix win true

* fix go test

* revert job matrix

* Fix tests

---------

Co-authored-by: Ivan K Berlot <ivanberlot@gmail.com>
Co-authored-by: Jose Ignacio Lorenzo <74208929+joselo85@users.noreply.github.com>
Co-authored-by: Franco Bruno Lavayen <cocolavayen@gmail.com>
Co-authored-by: Ezequiel Fernández Ponce <20102608+ezfepo@users.noreply.github.com>
Co-authored-by: joselo85 <joseignaciolorenzo85@gmail.com>
Co-authored-by: Ezequiel Fernández Ponce <ezequiel.fernandez@southworks.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2023-07-22 04:18:42 +00:00
Judith Malnick 7ce539e5f6
Clarify license reporting timing and GDPR compliance (#18237)
Add Alicia's edits to clarify log timing and other details
2023-07-21 16:08:37 -07:00
Dan Stough 8e3a1ddeb6
[OSS] Improve xDS Code Coverage - Endpoints and Misc (#18222)
test: improve xDS endpoints code coverage
2023-07-21 17:48:25 -04:00
Michael Zalimeni c138f24cfd
[NET-4122] Doc guidance for federation with externalServers (#18207)
Doc guidance for federation with externalServers

Add guidance for proper configuration when joining to a secondary
cluster using WAN fed with external servers also enabled.

Also clarify federation requirements and fix formatting for an
unrelated value.

Update both the Helm chart reference (synced from `consul-k8s`, see
hashicorp/consul-k8s#2583) and the docs on using `externalServers`.
2023-07-21 15:31:41 -04:00
Jeremy Jacobson 6671d7ebd7
[CC-5718] Remove HCP token requirement during bootstrap (#18140)
* [CC-5718] Remove HCP token requirement during bootstrap

* Re-add error for loading HCP management token

* Remove old comment

* Add changelog entry

* Remove extra validation line

* Apply suggestions from code review

Co-authored-by: lornasong <lornasong@users.noreply.github.com>

---------

Co-authored-by: lornasong <lornasong@users.noreply.github.com>
2023-07-21 10:33:22 -07:00