Commit Graph

15582 Commits

Author SHA1 Message Date
Connor Kelly 024715eb11
Add changelog, website and metric docs
Add changelog to document what changed.
Add entry to telemetry section of the website to document what changed
Add docs to the usagemetric endpoint to help document the metrics in code
2021-10-05 13:34:24 -05:00
Bryce Kalow 2ddcd79419
website: upgrades dependencies (#11178) 2021-10-05 13:32:41 -05:00
Daniel Nephin 2a67c898f3 api-docs: remove duplicate acl-legacy page
Redirect the url to the copy that is part of the left nav.
2021-10-05 14:01:31 -04:00
Melissa Kam c6cce84418 docs/nia: Clarify that all TFC tiers are supported 2021-10-05 10:09:47 -05:00
Joshua Montgomery 8eb5915f7d
Fixing SOA record to use alt domain when alt domain in use (#10431) 2021-10-05 10:47:27 -04:00
Melissa Kam c4b636f693
Merge pull request #11209 from hashicorp/cts-beta-removal
nia/docs: Remove references to v0.4.0-beta
2021-10-05 09:20:55 -05:00
trujillo-adam 937fd10041
Merge pull request #11214 from hashicorp/docs-k8s-cli-add-version-command
added version flag to consul-k8s cli docs
2021-10-04 18:51:23 -07:00
trujillo-adam 3cebcd053d fixed command in install section 2021-10-04 18:45:57 -07:00
trujillo-adam 853512f479 added version flag to consul-k8s cli docs 2021-10-04 16:05:32 -07:00
Daniel Nephin ab587f5221
Merge pull request #11182 from hashicorp/dnephin/acl-legacy-remove-upgrade
acl: remove upgrade from legacy, start in non-legacy mode
2021-10-04 17:25:39 -04:00
Evan Culver e808620463
Merge pull request #11118 from hashicorp/eculver/remove-envoy-1.15
Remove support for Envoy 1.15
2021-10-04 23:14:24 +02:00
Evan Culver c7747212c3
Merge pull request #11115 from hashicorp/eculver/envoy-1.19.1
Add support for Envoy 1.19.1
2021-10-04 23:13:26 +02:00
Daniel Nephin c7f74deb17 acl: remove updateEnterpriseSerfTags
The only remaining caller is a test helper, and the tests don't use the enterprise gossip
pools.
2021-10-04 17:01:51 -04:00
Daniel Nephin 9b1d2685bf
Merge pull request #11126 from hashicorp/dnephin/acl-legacy-remove-resolve-and-get-policy
acl: remove ACL.GetPolicy RPC endpoint and ACLResolver.resolveTokenLegacy
2021-10-04 16:29:51 -04:00
Daniel Nephin 2ba9b43ff7
Merge pull request #11210 from hashicorp/dnephin/fix-raft-authz-error
rpc: include error for AuthorizeServerConn failures
2021-10-04 16:18:57 -04:00
Connor Kelly c2583a1b7f
Add metrics to count the number of service-mesh config entries 2021-10-04 14:50:17 -05:00
Connor Kelly 536838b004
Add metrics to count connect native service mesh instances
This will add the counts of the service mesh instances tagged by
whether or not it is connect native
2021-10-04 14:37:05 -05:00
Connor Kelly 46bf882620
Add metrics to count service mesh Kind instance counts
This will add the counts of service mesh instances tagged by the
different ServiceKind's.
2021-10-04 14:36:59 -05:00
Daniel Nephin 3f873d2257 rpc: include error for AuthorizeServerConn failures
The errs were not being captured because the value of append was not being assigned.
2021-10-04 13:22:30 -04:00
Melissa Kam 162fe5b502 nia/docs: Remove references to v0.4.0-beta 2021-10-04 12:07:46 -05:00
Melissa Kam e707c480bb
Merge pull request #11135 from hashicorp/cts-service-tag
nia/docs: Remove deprecated tag option from service config
2021-10-04 11:55:48 -05:00
Melissa Kam be11385944 nia/docs: Remove deprecated tag option from service config 2021-10-04 11:51:21 -05:00
Kim Ngo d83fcd580c
CTS: add TLS config for TFE connection (#11166)
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-04 10:24:41 -05:00
Joshua Gilman d37ace2728
Adds consulrs Rust client library to SDK list 2021-10-01 19:29:31 -07:00
Daniel Nephin a1e3fa818c acl: fix test failures caused by remocving legacy ACLs
This commit two test failures:

1. Remove check for "in legacy ACL mode", the actual upgrade will be removed in a following commit.
2. Remove the early WaitForLeader in dc2, because with it the test was
   failing with ACL not found.
2021-10-01 18:03:10 -04:00
Evan Culver db397d62c5
Add 1.15 versions to too old list 2021-10-01 11:28:26 -07:00
Evan Culver 93ef3fb935
Merge branch 'eculver/envoy-1.19.1' into eculver/remove-envoy-1.15 2021-10-01 11:26:52 -07:00
Evan Culver df4bc6a924
Update default version in command docs 2021-10-01 11:13:34 -07:00
Chris S. Kim 1c9b58a8af
agent: Reject partitions in legacy intention endpoints (#11181) 2021-10-01 13:18:57 -04:00
Chris S. Kim 53a35181e5
Support partitions in parseIntentionStringComponent (#11202) 2021-10-01 12:36:12 -04:00
Dhia Ayachi a5b09493ab
fix token list by auth method (#11196)
* add tests to OIDC authmethod and fix entMeta when retrieving auth-methods

* fix oss compilation error
2021-10-01 12:00:43 -04:00
John Cowen 8b002d086a
ui: Address some Admin Partition FIXMEs (#11057)
This commit addresses some left over admin partition FIXMEs

1. Adds Partition correctly to Service Instances
2. Converts non-important 'we can do this later' FIXMEs to TODOs
3. Removes some FIXMEs that I've double checked and addressed.

Most of the remaining FIXMEs I'm waiting on responses to questions from
the consul core folks for. I'll address those in a separate PR.
2021-10-01 11:07:58 +01:00
trujillo-adam 887a23deb1
Merge pull request #11185 from hashicorp/docs-improve-agent-overview
providing additional information about the Consul agent
2021-09-30 15:57:20 -07:00
trujillo-adam f5108e4683 applied feedback, moved the Lifecycle info to the front 2021-09-30 11:41:37 -07:00
Evan Culver e41830af8a
Merge branch 'eculver/envoy-1.19.1' into eculver/remove-envoy-1.15 2021-09-30 11:32:28 -07:00
Evan Culver fdbb742ffd
regenerate more envoy golden files 2021-09-30 10:57:47 -07:00
Kenia 5e7ef183ea
ui: Use of header default ACL policy (#11192)
* Use of header default ACL policy

* Update test for dc serializer
2021-09-30 13:01:48 -04:00
John Cowen 35a92e856b
ui: Make it hard to not URLEncode DataSource srcs/URIs (#11117)
Our DataSource came in very iteratively, when we first started using it we specifically tried not to use it for things that would require portions of the @src="" attribute to be URL encoded (so things like service names couldn't be used, but dc etc would be fine). We then gradually added an easy way to url encode the @src="" attributes with a uri helper and began to use the DataSource component more and more. This meant that some DataSource usage continued to be used without our uri helper.

Recently we hit #10901 which was a direct result of us not encoding @src values/URIs (I didn't realise this was one of the places that required URL encoding) and not going back over things to finish things off once we had implemented our uri helper, resulting in ~half of the codebase using it and ~half of it not.

Now that almost all of the UI uses our DataSource component, this PR makes it even harder to not use the uri helper, by wrapping the string that it requires in a private URI class/object, that is then expected/asserted within the DataSource component/service. This means that as a result of this PR you cannot pass a plain string to the DataSource component without seeing an error in your JS console, which in turn means you have to use the uri helper, and it's very very hard to not URL encode any dynamic/user provided values, which otherwise could lead to bugs/errors similar to the one mentioned above.

The error that you see when you don't use the uri helper is currently a 'soft' dev time only error, but like our other functionality that produces a soft error when you mistakenly pass an undefined value to a uri, at some point soon we will make these hard failing "do not do this" errors.

Both of these 'soft error' DX features have been used this to great effect to implement our Admin Partition feature and these kind of things will minimize the amount of these types of bugs moving forwards in a preventative rather than curative manner. Hopefully these are the some of the kinds of things that get added to our codebase that prevent a multitude of problems and therefore are often never noticed/appreciated.

Additionally here we moved the remaining non-uri using DataSources to use uri (that were now super easy to find), and also fixed up a place where I noticed (due to the soft errors) where we were sometimes passing undefined values to a uri call.

The work here also led me to find another couple of non-important 'bugs' that I've PRed already separately, one of which is yet to be merged (#11105), hence the currently failing tests here. I'll rebase that once that PR is in and the tests here should then pass 🤞

Lastly, I didn't go the whole hog here to make DataSink also be this strict with its uri usage, there is a tiny bit more work on DataSink as a result of recently work, so I may (or may not) make DataSink equally as strict as part of that work in a separate PR.
2021-09-30 15:54:46 +01:00
John Cowen a20bc5dbf1
docs: Call out the UI in README and include details for contributing to it (#11187) 2021-09-30 13:34:28 +01:00
trujillo-adam 0567e2d549 providing additional information about the Consul agent 2021-09-29 16:51:03 -07:00
Daniel Nephin 4faf805716 acl: call stop for the upgrade goroutine when done
TestAgentLeaks_Server was reporting a goroutine leak without this. Not sure if it would actually
be a leak in production or if this is due to the test setup, but seems easy enough to call it
this way until we remove legacyACLTokenUpgrade.
2021-09-29 17:36:43 -04:00
Daniel Nephin 02da08ce77 acl: only run startACLUpgrade once
Since legacy ACL tokens can no longer be created we only need to run this upgrade a single
time when leadership is estalbished.
2021-09-29 16:22:01 -04:00
FFMMM 8bb6d8571c
wrap few doRequest calls for error handling (#11158) 2021-09-29 13:12:15 -07:00
Daniel Nephin 3ac910606c acl: remove reading of serf acl tags
We no long need to read the acl serf tag, because servers are always either ACL enabled or
ACL disabled.

We continue to write the tag so that during an upgarde older servers will see the tag.
2021-09-29 15:45:11 -04:00
Daniel Nephin 3d7c07e1e4 acl: fix test failure
For some reason removing legacy ACL upgrade requires using an ACL token now
for this WaitForLeader.
2021-09-29 15:21:30 -04:00
Daniel Nephin 5c721832dc acl: remove legacy ACL upgrades from Server
As part of removing the legacy ACL system
2021-09-29 15:19:23 -04:00
Daniel Nephin 94be1835b2 acl: fix test failures caused by remocving legacy ACLs
This commit two test failures:

1. Remove check for "in legacy ACL mode", the actual upgrade will be removed in a following commit.
2. Use the root token in WaitForLeader, because without it the test was
   failing with ACL not found.
2021-09-29 15:15:50 -04:00
Daniel Nephin 8e9773e20b acl: remove ACL.GetPolicy endpoint and resolve legacy acls
And all code that was no longer used once those two were removed.
2021-09-29 14:33:19 -04:00
Daniel Nephin d12dd48c61 acl: remove ACL upgrading from Clients
As part of removing the legacy ACL system ACL upgrading and the flag for
legacy ACLs is removed from Clients.

This commit also removes the 'acls' serf tag from client nodes. The tag is only ever read
from server nodes.

This commit also introduces a constant for the acl serf tag, to make it easier to track where
it is used.
2021-09-29 14:02:38 -04:00
Daniel Nephin 19040586ce
Merge pull request #11136 from hashicorp/dnephin/acl-resolver-fix-default-authz
acl: fix default Authorizer for down_policy extend-cache/async-cache
2021-09-29 13:45:12 -04:00