11907 Commits

Author SHA1 Message Date
Matt Keeler
4a5b352c18
Require enabling TLS to enable Auto Config (#8159)
On the servers they must have a certificate.

On the clients they just have to set verify_outgoing to true to attempt TLS connections for RPCs.

Eventually we may relax these restrictions but right now all of the settings we push down (acl tokens, acl related settings, certificates, gossip key) are sensitive and shouldn’t be transmitted over an unencrypted connection. Our guides and docs should recoommend verify_server_hostname on the clients as well.

Another reason to do this is weird things happen when making an insecure RPC when TLS is not enabled. Basically it tries TLS anyways. We should probably fix that to make it clearer what is going on.
2020-06-19 16:38:14 -04:00
Freddy
0719e3e5da
Update CHANGELOG.md 2020-06-19 13:36:37 -06:00
Freddy
b3dde7c033
Update CHANGELOG.md 2020-06-19 13:35:22 -06:00
Freddy
5baa7b1b04
Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
Matt Keeler
d6e05482ab
Allow cancelling startup when performing auto-config (#8157)
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2020-06-19 15:16:00 -04:00
Preetha
c2593957bd
Merge pull request #8156 from hashicorp/docs-update-version
update version to 1.8.0
2020-06-18 20:05:53 -05:00
Preetha
8bf0432fae
remove prerelease tag 2020-06-18 20:02:21 -05:00
Preetha
3ca775a75e
update alert banner 2020-06-18 19:36:42 -05:00
Preetha
e8da210b4b
update version to 1.8.0 2020-06-18 19:32:11 -05:00
Freddy
28f22c8a90
Finalize gateway documentation for 1.8.0 GA (#8121)
Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
2020-06-18 15:27:06 -06:00
Chris Piraino
9459ef87eb
Remove ingress line items from UNRELEASED header
These all got squashed into the Ingress Gateway feature item in 1.8.0.
2020-06-18 15:54:36 -05:00
Chris Piraino
7b75c82714
Update master CHANGELOG to release 1.8.0 (#8152) 2020-06-18 15:28:18 -05:00
Luke Kysow
d3cc5ec1fe
Merge pull request #8150 from hashicorp/18-wan-fed-docs
Remove consul:beta now that 1.8 is out.
2020-06-18 12:54:31 -07:00
Daniel Nephin
4f17350928
Merge pull request #8147 from hashicorp/dnephin/remove-private-ip-2
Remove some dead code from agent/consul/util.go
2020-06-18 15:51:09 -04:00
Matt Keeler
b0fcf86140 Change auto config authorizer to allow for future extension
The envisioned changes would allow extra settings to enable dynamically defined auth methods to be used instead of  or in addition to the statically defined one in the configuration.
2020-06-18 15:22:24 -04:00
Luke Kysow
fcbed6da44
Remove consul:beta now that 1.8 is out. 2020-06-18 11:50:25 -07:00
Rebecca Zanzig
ea8fbdc68f
Merge pull request #8126 from hashicorp/k8s/gateway-docs
Add helm chart options for ingress and terminating gateways
2020-06-18 11:30:59 -07:00
Jono Sosulska
c8bee5a934
Fixing multiple document updates (#8135)
* Fixes #7663-ACL Token Reloadable#7432-Cipher Suites,#7385-KV Delete DC, raft list-peers docs

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-06-18 14:10:45 -04:00
Rebecca Zanzig
5c7e62169d Add helm chart options for ingress and terminating gateways 2020-06-18 11:04:19 -07:00
Dexter Lowe
6e208a2120
#8059 Improve Clarity on TTL docs (#8141) 2020-06-18 13:53:43 -04:00
Daniel Nephin
b0ba546a1f Remove bytesToUint64 from agent/consul 2020-06-18 12:45:43 -04:00
Daniel Nephin
a00f007c5e Remove unused private IP code from agent/consul 2020-06-18 12:40:38 -04:00
Chris Piraino
af11169c26
Bump golang to 1.14.4 to avoid known runtime issue (#8146)
An issue where the golang runtime would hang and loop forever
2020-06-18 11:38:33 -05:00
Matt Keeler
abce1f0eee
Merge pull request #8086 from hashicorp/feature/auto-config/client-config-inject 2020-06-18 10:44:32 -04:00
John Cowen
6bde8b6378
ui: Remove with-listeners mixin (#8142)
This mixin was a very thin mixin over the top of our listeners utility,
and we have been gradually preferring using the utility straight rather
than using the mixin. This commit removes the last places where we still
used the mixin, and also potentially the last few places where we
continued to use the old API for our listeners utility.
2020-06-18 14:54:31 +01:00
Kenia
191f0966a0
ui: Refactor Upstreams and Exposed Paths icons (#8139)
* Update Ports to have copy-button to the left

* Update exposed paths use a description list
2020-06-18 09:23:42 -04:00
Matt Keeler
3dbbd2d37d
Implement Client Agent Auto Config
There are a couple of things in here.

First, just like auto encrypt, any Cluster.AutoConfig RPC will implicitly use the less secure RPC mechanism.

This drastically modifies how the Consul Agent starts up and moves most of the responsibilities (other than signal handling) from the cli command and into the Agent.
2020-06-17 16:49:46 -04:00
Matt Keeler
8b7d669a27
Allow the Agent its its child Client/Server to share a connection pool
This is needed so that we can make an AutoConfig RPC at the Agent level prior to creating the Client/Server.
2020-06-17 16:19:33 -04:00
Matt Keeler
51c3a605ad
Merge pull request #8035 from hashicorp/feature/auto-config/server-rpc 2020-06-17 16:07:25 -04:00
Chris Piraino
79a862d019
Remove ACLEnforceVersion8 from tests (#8138)
The field had been deprecated for a while and was recently removed,
however a PR which added these tests prior to removal was merged.
2020-06-17 14:58:01 -05:00
Chris Piraino
bb103f22dd
Updates docs with ingress Host header clarifications (#8062)
* Updates docs with ingress Host header changes

Clarify that a Host header is required for L7 protocols, and specify
that the default is to use the Consul DNS ingress subdomain

* Add sentence about using '*' by itself for testing

* Add optional step for using L7 routing config

* Note that port numbers may need to be added in the Hosts field
2020-06-17 14:43:58 -05:00
Daniel Nephin
692a4a8fc8
Merge pull request #7762 from hashicorp/dnephin/warn-on-unknown-service-file
config: warn if a config file is being skipped because of its file extension
2020-06-17 15:14:40 -04:00
Daniel Nephin
be29d6bf75 config: warn when a config file is skipped
All commands which read config (agent, services, and validate) will now
print warnings when one of the config files is skipped because it did
not match an expected format.

Also ensures that config validate prints all warnings.
2020-06-17 13:08:54 -04:00
Kevin Pruett
61446a7ad7
Merge pull request #8136 from hashicorp/pruett.update-nextjs-scripts-dep
Update @hashicorp/nextjs-scripts dep
2020-06-17 12:16:45 -04:00
Daniel Nephin
5afcf5c1bc
Merge pull request #8034 from hashicorp/dnephin/add-linter-staticcheck-4
ci: enable SA4006 staticcheck check and add ineffassign
2020-06-17 12:16:02 -04:00
Kevin Pruett
d2aed50ba1
Update @hashicorp/nextjs-scripts dep 2020-06-17 12:01:56 -04:00
Matt Keeler
9b01f9423c
Implement the insecure version of the Cluster.AutoConfig RPC endpoint
Right now this is only hooked into the insecure RPC server and requires JWT authorization. If no JWT authorizer is setup in the configuration then we inject a disabled “authorizer” to always report that JWT authorization is disabled.
2020-06-17 11:25:29 -04:00
wisp
b29da31f94
Fixed a typo (#8132)
Fixed a little typo 🐰
2020-06-17 10:21:33 -04:00
John Cowen
2344ed1505
ui: Switch out WithResizingMixin for on-window helper (#8130)
* ui: Add ember-on-helper

* Switch out WithResizingMixin for {{on-window}} helper
2020-06-17 14:26:50 +01:00
John Cowen
49ec61e523
ui: Remove WithEventSource mixin, use a component instead (#7953)
The WithEventSource mixin was responsible for catching EventSource
errors and cleaning up events sources then the user left a Controller.

As we are trying to avoid mixin usage, we moved this all to an
`EventSource` component, which can clean up when the component is
removed from the page, and also fires an onerror event.

Moving to a component firing an onerror event means we can also remove
all of our custom computed property work that we were using previously
to catch errors (thrown when a service etc. is removed)
2020-06-17 14:19:50 +01:00
John Cowen
f4f7920e08
ui: Change code-editor tested to use querySelectorAll (#8087) (#8131) 2020-06-17 14:17:00 +01:00
John Cowen
61433fabb4
ui: Don't show duplicate services in the intentions form dropdown (#8133)
* Add uniq-by helper
* Pass unique services through to intentions form
* Add acceptance test
2020-06-17 14:11:40 +01:00
Pierre Souchay
d31691dc87
gossip: Ensure that metadata of Consul Service is updated (#7903)
While upgrading servers to a new version, I saw that metadata of
existing servers are not upgraded, so the version and raft meta
is not up to date in catalog.

The only way to do it was to:
 * update Consul server
 * make it leave the cluster, then metadata is accurate

That's because the optimization to avoid updating catalog does
not take into account metadata, so no update on catalog is performed.
2020-06-17 12:16:13 +02:00
John Cowen
7522bd5dab
ui: Token listing redesign (#8117) 2020-06-17 10:25:54 +01:00
Daniel Nephin
d345cd8d30 ci: Add ineffsign linter
And fix an additional ineffective assignment that was not caught by staticcheck
2020-06-16 17:32:50 -04:00
Daniel Nephin
a9851e1812
Merge pull request #8070 from hashicorp/dnephin/add-gofmt-simplify
ci: Enable gofmt simplify
2020-06-16 17:18:38 -04:00
Matt Keeler
1dba94311a
Add helper for generating better permission denied errors 2020-06-16 15:06:18 -04:00
Matt Keeler
9f7b22a5eb
Agent Auto Configuration: Configuration Syntax Updates (#8003) 2020-06-16 15:03:22 -04:00
Daniel Nephin
02d30b4e44
Merge pull request #8007 from hashicorp/streaming/add-hooks-to-memdb-txn
streaming: track changes to state
2020-06-16 14:32:36 -04:00
David Yu
fb1f043cdc
Formatting spaces between keys in Config entries (#8116)
* Formatting spaces between keys in Config entries

* Service Router spacing

* Missing Camel Case proxy-defaults

* Remove extra spaces service-splitter

* Remove extra spsaces service-resolver

* More spaces a la hclfmt

* Nice!

* Oh joy!

* More spaces on proxy-defaults

* Update website/pages/docs/agent/config-entries/proxy-defaults.mdx

Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
2020-06-16 11:28:21 -07:00