Commit Graph

1269 Commits

Author SHA1 Message Date
Daniel Nephin 2b5b54bd37 Merge pull request #10075 from hashicorp/dnephin/handle-raft-apply-errors
rpc: some cleanup of canRetry and ForwardRPC
2021-05-06 21:00:35 +00:00
Daniel Nephin 862d9b9d43 Merge pull request #10047 from hashicorp/dnephin/config-entry-validate
state: reduce arguments to validateProposedConfigEntryInServiceGraph
2021-05-06 18:11:52 +00:00
Daniel Nephin c1d1be2a4b Merge pull request #10155 from hashicorp/dnephin/config-entry-remove-fields
config-entry: remove Kind and Name field from Mesh config entry
2021-05-04 21:28:26 +00:00
Daniel Nephin a583415bed Merge pull request #10161 from hashicorp/dnephin/update-deps
Update a couple dependencies
2021-05-04 18:32:22 +00:00
Paul Banks fa1b308c7b Make Raft trailing logs and snapshot timing reloadable (#10129)
* WIP reloadable raft config

* Pre-define new raft gauges

* Update go-metrics to change gauge reset behaviour

* Update raft to pull in new metric and reloadable config

* Add snapshot persistance timing and installSnapshot to our 'protected' list as they can be infrequent but are important

* Update telemetry docs

* Update config and telemetry docs

* Add note to oldestLogAge on when it is visible

* Add changelog entry

* Update website/content/docs/agent/options.mdx

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
2021-05-04 14:40:40 +00:00
Luke Kysow c816e29ef7 Give descriptive error if auth method not found (#10163)
* Give descriptive error if auth method not found

Previously during a `consul login -method=blah`, if the auth method was not found, the
error returned would be "ACL not found". This is potentially confusing
because there may be many different ACLs involved in a login: the ACL of
the Consul client, perhaps the binding rule or the auth method.

Now the error will be "auth method blah not found", which is much easier
to debug.
2021-05-03 20:39:51 +00:00
Freddy c652580b5b Rename "cluster" config entry to "mesh" (#10127)
This config entry is being renamed primarily because in k8s the name
cluster could be confusing given that the config entry applies across
federated datacenters.

Additionally, this config entry will only apply to Consul as a service
mesh, so the more generic "cluster" name is not needed.
2021-04-28 22:14:03 +00:00
Daniel Nephin 798953f57d Merge pull request #10112 from hashicorp/dnephin/remove-streaming-from-cache
streaming: replace agent/cache with submatview.Store
2021-04-28 21:58:32 +00:00
Matt Keeler 4a38e20e6f Add prometheus guage definitions for replication metrics. (#10109) 2021-04-23 21:06:17 +00:00
Matt Keeler d0495902c4
[Backport/1.10.x]: Backport #10073 (#10102)
* Merge pull request #10094 from hashicorp/update-fingerprint

updating fingerprint

* Add replication metrics (#10073)

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-04-23 16:16:37 -04:00
Daniel Nephin b26938e61e Merge pull request #9991 from hashicorp/dnephin/handle-raft-apply-errors
Handle FSM.Apply errors in raftApply
2021-04-20 18:01:14 +00:00
Freddy 3be304be16
Merge pull request #10016 from hashicorp/topology-update 2021-04-15 14:11:23 -06:00
R.B. Boyer 4db8b78854
connect: update centralized upstreams representation in service-defaults (#10015) 2021-04-15 14:21:44 -05:00
Daniel Nephin 88f83b41aa snapshot: fix saving of auth methods
Previously only a single auth method would be saved to the snapshot. This commit fixes the typo
and adds to the test, to show that all auth methods are now saved.
2021-04-14 16:51:21 -04:00
freddygv f7094f91c7 Avoid returning a nil slice 2021-04-14 10:52:05 -06:00
Matt Keeler bbf5993534
Move static token resolution into the ACLResolver (#10013) 2021-04-14 12:39:35 -04:00
freddygv 8e74eaa684 Update viz endpoint to include topology from intentions 2021-04-14 10:20:15 -06:00
freddygv 932fbddd27 Augment intention decision summary with DefaultAllow mode 2021-04-12 19:32:09 -06:00
freddygv 7bd51ff536 Replace TransparentProxy bool with ProxyMode
This PR replaces the original boolean used to configure transparent
proxy mode. It was replaced with a string mode that can be set to:

- "": Empty string is the default for when the setting should be
defaulted from other configuration like config entries.
- "direct": Direct mode is how applications originally opted into the
mesh. Proxy listeners need to be dialed directly.
- "transparent": Transparent mode enables configuring Envoy as a
transparent proxy. Traffic must be captured and redirected to the
inbound and outbound listeners.

This PR also adds a struct for transparent proxy specific configuration.
Initially this is not stored as a pointer. Will revisit that decision
before GA.
2021-04-12 09:35:14 -06:00
Freddy a02245b75a
Merge pull request #9976 from hashicorp/centralized-upstream-fixups 2021-04-08 12:26:56 -06:00
Daniel Nephin 34f1facebb
Merge pull request #9950 from hashicorp/dnephin/state-use-txn-everywhere
state: use Txn interface everywhere
2021-04-08 12:02:03 -04:00
Daniel Nephin c40e1a2ac6
Merge pull request #9880 from hashicorp/dnephin/catalog-events-test-pattern
state: use runCase pattern for large test
2021-04-08 11:54:41 -04:00
freddygv 986bcccbea Pass down upstream defaults to client proxies
This is needed in case the client proxy is in TransparentProxy mode.
Typically they won't have explicit configuration for every upstream, so
this ensures the settings can be applied to all of them when generating
xDS config.
2021-04-07 09:32:47 -06:00
freddygv 24ee8a0488 Prevent requests without UpstreamIDs from being flagged as legacy.
New clients in transparent proxy mode can send requests for service
config resolution without any upstream args because they do not have
explicitly defined upstreams.

Old clients on the other hand will never send requests without the
Upstreams args unless they don't have upstreams, in which case we do not
send back upstream config.
2021-04-07 09:32:47 -06:00
R.B. Boyer 499fee73b3
connect: add toggle to globally disable wildcard outbound network access when transparent proxy is enabled (#9973)
This adds a new config entry kind "cluster" with a single special name "cluster" where this can be controlled.
2021-04-06 13:19:59 -05:00
Daniel Nephin 6e69829edb state: support additional test cases in indexer tests
And add a few additional cases.
2021-03-31 14:39:33 -04:00
Kyle Havlovitz a2869b280b Backport enterprise changes to prevent merge conflicts
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-31 14:05:26 -04:00
Daniel Nephin 1f64b3a7de state: use tableIndex constant 2021-03-29 18:52:20 -04:00
Daniel Nephin 9514698b10 state: use ReadTxn and WriteTxn interface
Instead of *txn, so that we can replace the txn implementation with others, and so
that the function is easily documented as a read or write function.
2021-03-29 18:52:16 -04:00
Daniel Nephin d0e5cd66f0 state: convert checks.service index to new pattern 2021-03-29 16:38:53 -04:00
Daniel Nephin 3092c627fe state: convert checks.status indexer
As part of this change the indexer will now be case insensitive by using
the lower case value. This should be safe because previously we always
had lower case strings.

This change was made out of convenience. All the other indexers use
lowercase, so we can re-use the indexFromQuery function by using
lowercase here as well.
2021-03-29 16:38:50 -04:00
Daniel Nephin 628eed3748 state: add tests for checks indexers 2021-03-29 16:38:47 -04:00
Daniel Nephin ce631d0bba state: use constants for table checks 2021-03-29 16:38:43 -04:00
Daniel Nephin cf2646e0d1 state: pass Query in from caller
To reduce the number of arguments
2021-03-29 15:42:30 -04:00
Daniel Nephin 9eea19da59 state: convert services.kind to functional indexer pattern 2021-03-29 15:42:30 -04:00
Daniel Nephin b6553af222 state: add tests for services.kind indexer 2021-03-29 15:42:27 -04:00
Daniel Nephin 0c61abcc31 state: convert services table service and connect indexer
To the new functional indexer pattern
2021-03-29 15:42:24 -04:00
Daniel Nephin 395ebce510 state: add tests for services table service and connect indexers 2021-03-29 15:42:22 -04:00
Daniel Nephin 2d2c3e1190 state: use constant for tableServices 2021-03-29 15:42:18 -04:00
Daniel Nephin 341265ec69 state: remove duplication of Query indexer 2021-03-29 14:35:11 -04:00
Daniel Nephin 08ee12ab34 state: remove duplication in acl tables schema 2021-03-29 14:21:27 -04:00
Daniel Nephin 72960388a3 state: reduce duplication in catalog table schema 2021-03-29 14:21:23 -04:00
Daniel Nephin 7de186f291 state: share more indexer functions for config_entries 2021-03-29 14:21:20 -04:00
Daniel Nephin 024dcbef03 state: remove old schema test
This test has been replaced by TestNewDBSchema_Indexers
2021-03-29 14:21:13 -04:00
Daniel Nephin 8591feb58a state: use addNamespaceIndex again 2021-03-29 14:21:02 -04:00
Daniel Nephin ac210cdc48
Merge pull request #9911 from hashicorp/dnephin/state-index-acl-roles
state: convert ACLRoles policies index to new functional indexer pattern
2021-03-24 18:28:19 -04:00
Daniel Nephin 8743e925d5 state: add tests for checks.ID indexer 2021-03-22 18:06:43 -04:00
Daniel Nephin 30281a5332 state: use tx.First instead of tx.FirstWatch
Where appropriate. After removing the helper function a bunch of  these calls can
be changed to tx.First.
2021-03-22 18:06:33 -04:00
Daniel Nephin 1cdcfb8260 state: convert checks.ID index to new pattern 2021-03-22 18:06:08 -04:00
Hans Hasselberg 53e9c134af
introduce certopts (#9606)
* introduce cert opts

* it should be using the same signer

* lint and omit serial
2021-03-22 10:16:41 +01:00