Commit Graph

10862 Commits

Author SHA1 Message Date
Michael Hofer 4ab3af0ede
docs: add missing Autopilot -min-quorum documentation (#7192) 2020-02-03 10:59:53 +01:00
Blake Covarrubias e158922615 Fix org name in Helm chart's imageEnvoy description
Update the description for the Helm chart's connectInject.imageEnvoy
parameter to reflect the correct organization name for images published by
EnvoyProxy.io.
2020-02-03 01:46:58 -08:00
Davor Kapsa 3cb4def563
auto_encrypt: check previously ignored error (#6604) 2020-02-03 10:35:11 +01:00
Alexandru Matei 5a6e602b86
docs: add detailed documentation about Health Checking specific service using the gRPC method (#6574) 2020-02-03 10:19:06 +01:00
Lars Lehtonen 699d1b2acb
cli: check previously ignored errors when updating a policy (#6565) 2020-02-03 10:14:30 +01:00
Fouad Zaryouh ef6399928d
api: add replace-existing-checks param to the api package (#7136) 2020-02-03 10:11:40 +01:00
Anthony Scalisi 1565351a5c
docs: fix typos, IDs are UUIDs, /acl/token endpoints manage ACL tokens (#5736) 2020-02-03 09:41:54 +01:00
hashicorp-ci 1f62d5c9ce Release v1.7.0-beta4 2020-01-31 21:38:38 +00:00
hashicorp-ci 1fcf4bfc10 update bindata_assetfs.go 2020-01-31 21:38:38 +00:00
Sarah Christoff 92f64892ab
Revert "Update question.md" (#7183) 2020-01-31 13:45:05 -06:00
Matt Keeler d1fcf1e950
Add replace directive to prevent contacting istio.io during the… (#7194)
They keep having TLS handshake timeouts. Its pointed at github instead.
2020-01-31 13:57:54 -05:00
Matt Keeler 004be6450c
Update CHANGELOG.md 2020-01-31 11:56:34 -05:00
Matt Keeler 884cf1628b
Update CHANGELOG.md 2020-01-31 11:51:00 -05:00
Matt Keeler c14866204c
Update CHANGELOG.md 2020-01-31 11:24:48 -05:00
Hans Hasselberg 5531678e9e
Security fixes (#7182)
* Mitigate HTTP/RPC Services Allow Unbounded Resource Usage

Fixes #7159.

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2020-01-31 11:19:37 -05:00
Matt Keeler d5f9268222
ACL enforcement for the agent/health/services endpoints (#7191)
ACL enforcement for the agent/health/services endpoints
2020-01-31 11:16:24 -05:00
R.B. Boyer 18a1626d79 update changelog 2020-01-31 10:13:40 -06:00
R.B. Boyer cf29bd4dcf
cli: improve the file safety of 'consul tls' subcommands (#7186)
- also fixing the signature of file.WriteAtomicWithPerms
2020-01-31 10:12:36 -06:00
Matt Keeler d8c0be2c84
agent: add ACL enforcement to the v1/agent/health/service/* endpoints
This adds acl enforcement to the two endpoints that were missing it.

Note that in the case of getting a services health by its id, we still
must first lookup the service so we still "leak" information about a
service with that ID existing. There isn't really a way around it though
as ACLs are meant to check service names.
2020-01-31 09:57:38 -05:00
Matt Keeler 3a46e1d15f
Make PatchSliceOfMaps case insensitive
This fixes some case-sensitivity issues with using camel case in configuration files.
2020-01-31 09:56:02 -05:00
Kenia 1b74a68780
Update CHANGELOG.md 2020-01-31 09:09:02 -05:00
Kenia bf492d2678
Merge pull request #7177 from hashicorp/ui-staging
ui: UI Release Merge (ui-staging merge)
2020-01-30 16:08:35 -05:00
Hans Hasselberg 83aeabd748
Add 1.6.3 2020-01-30 21:01:08 +01:00
John Cowen a8504802db
ui: Split splitter names in the discovery-chain (#7180)
Previous to 1.7 splitter names didn't include the namespace name

i.e. 'service-name'

as of 1.7 they now include the namespace

i.e. 'service-name.namespace'

This commit take account of that
2020-01-30 19:08:45 +00:00
Sarah Christoff fbb9120894
[docs] Clarify retry-join (#7078) 2020-01-30 12:52:58 -06:00
Matt Keeler 6855a778c2
Updates to the Txn API for namespaces (#7172)
* Updates to the Txn API for namespaces

* Update agent/consul/txn_endpoint.go

Co-Authored-By: R.B. Boyer <rb@hashicorp.com>

Co-authored-by: R.B. Boyer <public@richardboyer.net>
2020-01-30 13:12:26 -05:00
John Cowen 3eec5edadf
ui: Discovery-Chain: Cope with some edge case configs (#7174)
* ui: Discovery-Chain: Cope with redirects that have failovers

We found a few stranger configurations for discovery-chain, one of which
was redirects that can then failover.

We altered the parsing here to include 2 passes, one to organize the
nodes into resolvers and children/subsets based on the nodes themselves, which
includes adding the failovers to resolvers and subsets.

We then do a second pass which can more reliably figure out whether a
target is a redirect or a failover (target failovers don't have a
corresponding node), this then adds the redirect children to the already
exising resolver (from the first pass) and then checks if the redirect
also has failovers and adds those if so.

* ui: Check to see if we have a user configured default route or not

...if we don't add one so the visualization looks complete
2020-01-30 16:09:05 +00:00
Sarah Christoff 74c277f5e1
Update question.md (#6778) 2020-01-30 08:09:37 -06:00
Matt Keeler cf27dff62f
Add some better waits to prevent CA is nil test flakes (#7171) 2020-01-29 22:23:11 -05:00
Iryna Shustava 7b549b0b5e
docs: clarify that clients and servers need to talk over LAN if outside k8s (#7156) 2020-01-29 19:09:38 -08:00
Matt Keeler 1c1ce32ac9
Update CHANGELOG.md 2020-01-29 20:17:24 -05:00
Matt Keeler 0be862fe46
Small refactoring to move meta parsing into the switch statement (#7170) 2020-01-29 19:12:48 -05:00
Matt Keeler bfc03ec587
Fix a couple bugs regarding intentions with namespaces (#7169) 2020-01-29 17:30:38 -05:00
Matt Keeler 61d8778210
Sync some feature flag support from enterprise (#7167) 2020-01-29 13:21:38 -05:00
R.B. Boyer d78b5008ce
various tweaks on top of the hclog work (#7165) 2020-01-29 11:16:08 -06:00
John Cowen ac60338269
ui: Add live updates/blocking queries to the Intention listing page (#7161)
* ui: Enable blocking queries/live updates for intentions

* ui: Add acceptance tests for intention blocking queries

* ui: Add copy to explain that intentions are also now 'real time'
2020-01-29 16:22:31 +00:00
Iryna Shustava 22872b03a6
docs: Clarify the use of kustomize or ship with the Helm chart (#7154) 2020-01-28 22:18:12 -08:00
Chris Piraino 401221de58
Allow users to configure either unstructured or JSON logging (#7130)
* hclog Allow users to choose between unstructured and JSON logging
2020-01-28 17:50:41 -06:00
Matt Keeler 848938ad48
Output proper HTTP status codes for Txn requests that are too large (#7157) 2020-01-28 16:22:40 -05:00
Iryna Shustava 14369f03ce docs: update ACL perms for the /connect/ca/roots endpoint (#7155) 2020-01-28 20:01:25 +01:00
John Cowen e568cded17
ui: Add node based configuration / environment testing (#7140)
In an ember environment `config/environment.js` exports a JSON object
whereas the file itself exports a function that receives a string of the
environment name that would like returning.

This is so ember can automatically provide you with an already
configured object containing configuration values dependent on which
environment you passed to `ember-cli` using `serve`, `build` or `test`.

In order to bypass this so we can easily test what is returned for
different environments, we've installed a lightweight functional test
harness that is simple to use `substack/tape`, that can be run easily
outside of ember.

We've then written as simple test case using this to enable us to
test/assert that different environments return the correct configuration
values.

Additionally we've added some yarn scripts/make targets (yarn run
test-node / make test-node) to make this easy to run. We're yet to
integrate this into CI.
2020-01-28 17:33:20 +00:00
Alvin Huang 33bfc02fda
use 4 parallelism for go-test and print package names (#7152) 2020-01-28 12:21:55 -05:00
John Cowen d47f1ca2a9
ui: Fix wrapping service ids in the Node Detail > Services tab (#7149) 2020-01-28 14:43:32 +00:00
John Cowen c6e72c3e46
ui: Fix positioning of active icon in the selected menu item (#7148) 2020-01-28 14:42:20 +00:00
Kenia ff315c95fd
ui: Implements the ember-page-title addon to the UI (#7118)
* Installs ember-page-title 5.x

* Adds a page title to all template files that need one

* Adds an assertion step to test the page titles
2020-01-28 09:25:52 -05:00
Michel Vocks 6681be918a api: add option to set TLS options in-memory for API client (#7093)
This PR adds the option to set in-memory certificates to the API client instead of requiring the certificate to be stored on disk in a file.

This allows us to define API client TLS options per Consul secret backend in Vault.
Related issue hashicorp/vault#4800
2020-01-28 11:54:49 +01:00
John Cowen 1ff8678df7
ui: Remove the Policy/Service Identity selector from nspaces (#7124)
When editing Nspaces, although you can assign policies to a nspace using
PolicyDefaults you cannot assign a Service Identity to a policy like you
can when adding a policy to a token.

This commit adds an extra attribute to our policy-form/policy-selector
component so you can disable this setting. At a later date we may change
this to have a conficgurable `<Slot />` instead.

Simple acceptance tests is included here
2020-01-28 09:39:09 +00:00
Blake Covarrubias 08909661c2 docs: Fix success/passing health check definition
This commit changes the health check example shown for the
success/failures_before_passing option to correctly show that the value
of `checks` is an array of objects, not an object.

Added text clarifying these check parameters are available in Consul
1.7.0 and later.

Expanded the health check to provide a more complete configuration
example.

Resolves #7114.
2020-01-27 12:15:25 -08:00
Kit Patella 0d336edb65
Add accessorID of token when ops are denied by ACL system (#7117)
* agent: add and edit doc comments

* agent: add ACL token accessorID to debugging traces

* agent: polish acl debugging

* agent: minor fix + string fmt over value interp

* agent: undo export & fix logging field names

* agent: remove note and migrate up to code review

* Update agent/consul/acl.go

Co-Authored-By: Matt Keeler <mkeeler@users.noreply.github.com>

* agent: incorporate review feedback

* Update agent/acl.go

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: R.B. Boyer <public@richardboyer.net>
2020-01-27 11:54:32 -08:00
Matt Keeler b57c2b78fd
Unflake the TestAPI_AgentConnectCALeaf test (#7142)
* Unflake the TestAPI_AgentConnectCALeaf test

* Modify the WaitForActiveCARoot to actually verify that at least one root exists
Also verify that the active root id field is set
2020-01-27 14:34:04 -05:00