9539 Commits

Author SHA1 Message Date
Kyle Havlovitz
1a4978fb94
Re-add ReadableDuration types to health check definition
This is to fix the backwards-incompatible change made in 1.4.1 by
changing these fields to time.Duration.
2019-01-25 14:47:35 -08:00
Jack Pearkes
a2fdfb917d
Update CHANGELOG.md 2019-01-25 13:31:28 -08:00
danielehc
1e5c56f1aa Adding quorum note on leave command page (#5102)
Reusing the same phrasing as  https://github.com/hashicorp/consul/pull/5095/ to provide info on the effects of the `consul leave` command on Consul quorum
2019-01-25 14:20:48 -06:00
R.B. Boyer
607f0df628
ui: pin to using bundler v1 for now (#5274) 2019-01-25 14:07:50 -06:00
Geoffrey Grosenbach
4639466618 Corrects defile to defined (#5262) 2019-01-25 13:45:08 -06:00
Jack Pearkes
d51471c9b0 fix broken link (#5273) 2019-01-25 11:40:31 -06:00
Matt Hoey
c39ffad100 website: reference last command's last field instead of background PID (#5264) 2019-01-25 17:30:38 +01:00
R.B. Boyer
e9a2eab316
speed up TestHTTPAPI_MethodNotAllowed_OSS from 11s -> 0.5s (#5268) 2019-01-25 10:01:21 -06:00
Hans Hasselberg
552e150536 correct name 2019-01-25 11:00:56 +01:00
Hans Hasselberg
aebb50d47d simpler fix 2019-01-24 17:12:08 +01:00
Hans Hasselberg
5db185a7e4 do not export that type 2019-01-24 17:05:57 +01:00
Hans Hasselberg
7f44100101 fix marshalling 2019-01-24 17:03:26 +01:00
Hans Hasselberg
d4790b2827 demo nomad problem 2019-01-24 16:45:54 +01:00
Paul Banks
89af3bc8f5
Update services.html.md 2019-01-24 12:41:43 +00:00
banks
3e299c0192 Putting source back into Dev Mode 2019-01-23 22:22:05 +00:00
banks
02dab68268 Merge branch 'master' of https://github.com/hashicorp/consul 2019-01-23 22:19:27 +00:00
Jack Pearkes
27e2269153
Update CHANGELOG.md 2019-01-23 14:17:09 -08:00
banks
1d83ebf65d Bump website version 2019-01-23 22:16:20 +00:00
Jack Pearkes
0fd2902ce3
Update CHANGELOG.md 2019-01-23 14:15:57 -08:00
banks
65d2c9b51d
Release v1.4.1 v1.4.1 2019-01-23 20:53:20 +00:00
Matt Keeler
39d113e0d3
Update CHANGELOG.md 2019-01-23 15:49:59 -05:00
Matt Keeler
9715e1a08e
Basic TLS Command Tests (#5259)
* Add tls ca create tests

* Add a basic tls cert create test
2019-01-23 15:48:57 -05:00
Matt Keeler
d5a3ba6cda
Disregard rules when set on a management token (#5261)
* Disregard rules when set on a management token

* Add unit test for legacy mgmt token with rules
2019-01-23 15:48:38 -05:00
Matt Keeler
1f2d1d4f75
Fix typo that prevented using the default ca domain for tls cert creation (#5258) 2019-01-23 13:14:28 -05:00
Matt Keeler
ec712b7ecf
Update to Go 1.11.4 and UI build container (#5257)
* Update to Go 1.11.4

* Update to Go 1.11.4 for travis

* Update UI build to fix ember issues.
2019-01-23 12:56:39 -05:00
Matt Keeler
c5812c376b
Update CHANGELOG.md 2019-01-23 10:13:40 -05:00
Saurabh Deoras
2eca399d4c fix for arm32 (#5130)
Signed-off-by: Saurabh Deoras <sdeoras@gmail.com>
2019-01-23 10:09:01 -05:00
Paul Banks
07ec7988a4
Update CHANGELOG.md 2019-01-23 14:33:38 +00:00
Diogenes S. Jesus
f0e081bf88 Fix repeating wording in sentence (#5256)
Fix `to join to join` typo
2019-01-23 09:12:41 -05:00
John Cowen
3a0b0b2b65
Update CHANGELOG.md 2019-01-23 13:57:07 +00:00
John Cowen
a35fe7c5ba
ui: Removes delete button form pages that show your current token (#5241)
Tokens can no longer delete themselves see:

https://github.com/hashicorp/consul/pull/5210

...so we remove the button to allow you to do that from the UI
2019-01-23 13:51:36 +00:00
John Cowen
c8386ec0cc
UI: [BUGFIX] Decode/encode urls (#5206)
In 858b05fc31 (diff-46ef88aa04507fb9b039344277531584)
we removed encoding values in pathnames as we thought they were
eventually being encoded by `ember`. It looks like this isn't the case.

Turns out sometimes they are encoded sometimes they aren't. It's complicated.
If at all possible refer to the PR https://github.com/hashicorp/consul/pull/5206.

It's related to the difference between `dynamic` routes and `wildcard` routes.

Partly related to this is a decision on whether we urlencode the slashes within service names or not. Whilst historically we haven't done this, we feel its a good time to change this behaviour, so we'll also be changing services to use dynamic routes instead of wildcard routes. So service links will then look like /ui/dc-1/services/application%2Fservice rather than /ui/dc-1/services/application/service

Here, we define our routes in a declarative format (for the moment at least JSON) outside of Router.map, and loop through this within Router.map to set all our routes using the standard this.route method. We essentially configure our Router from the outside. As this configuration is now done declaratively outside of Router.map we can also make this data available to href-to and paramsFor, allowing us to detect wildcard routes and therefore apply urlencoding/decoding.

Where I mention 'conditionally' below, this is detection is what is used for the decision.

We conditionally add url encoding to the `{{href-to}}` helper/addon. The
reasoning here is, if we are asking for a 'href/url' then whatever we
receive back should always be urlencoded. We've done this by reusing as much
code from the original `ember-href-to` addon as possible, after this
change every call to the `{{href-to}}` helper will be urlencoded.

As all links using `{{href-to}}` are now properly urlencoded. We also
need to decode them in the correct place 'on the other end', so..

We also override the default `Route.paramsFor` method to conditionally decode all
params before passing them to the `Route.model` hook.

Lastly (the revert), as we almost consistently use url params to
construct API calls, we make sure we re-encode any slugs that have been
passed in by the user/developer. The original API for the `createURL`
function was to allow you to pass values that didn't need encoding,
values that **did** need encoding, followed by query params (which again
require url encoding)

All in all this should make the entire ember app url encode/decode safe.
2019-01-23 13:46:59 +00:00
Matt Keeler
8f0d622a54
Revendor serf to pull in keyring list truncation changes. (#5251) 2019-01-22 16:07:04 -05:00
Hans Hasselberg
0da4502740
website: update nokogiri (#5252) 2019-01-22 21:49:16 +01:00
Hans Hasselberg
88058879dc
Update CHANGELOG.md 2019-01-22 21:17:39 +01:00
Hans Hasselberg
174099593a
agent: display messages from serf in cli (#5236)
* display messages from serf in cli
2019-01-22 21:08:50 +01:00
Kyle Havlovitz
2abc48c1eb
Update CHANGELOG.md 2019-01-22 11:35:45 -08:00
Kyle Havlovitz
8851505892
Merge pull request #5250 from hashicorp/forward-intention-rpcs
connect: Forward intention RPCs if this isn't the primary
2019-01-22 11:32:55 -08:00
Kyle Havlovitz
88c044759f
connect: Forward intention RPCs if this isn't the primary 2019-01-22 11:29:21 -08:00
Kyle Havlovitz
6b28434f8a
Merge pull request #5249 from hashicorp/ca-fixes-oss
Minor CA fixes
2019-01-22 11:25:09 -08:00
Kyle Havlovitz
46ef7dc1fb
Update CHANGELOG.md 2019-01-22 11:20:50 -08:00
Kyle Havlovitz
5bdf130767
Merge pull request #4869 from hashicorp/txn-checks
Add node/service/check operations to transaction api
2019-01-22 11:16:09 -08:00
Kyle Havlovitz
a28ba4687d
connect/ca: return a better error message if the CA isn't fully initialized when signing 2019-01-22 11:15:09 -08:00
Matt Keeler
922baf811c
Update CHANGELOG.md 2019-01-22 13:18:14 -05:00
Matt Keeler
579a8b32ed
Fix several ACL token/policy resolution issues. (#5246)
* Fix 2 remote ACL policy resolution issues

1 - Use the right method to fire async not found errors when the ACL.PolicyResolve RPC returns that error. This was previously accidentally firing a token result instead of a policy result which would have effectively done nothing (unless there happened to be a token with a secret id == the policy id being resolved.

2. When concurrent policy resolution is being done we single flight the requests. The bug before was that for the policy resolution that was going to piggy back on anothers RPC results it wasn’t waiting long enough for the results to come back due to looping with the wrong variable.

* Fix a handful of other edge case ACL scenarios

The main issue was that token specific issues (not able to access a particular policy or the token being deleted after initial fetching) were poisoning the policy cache.

A second issue was that for concurrent token resolutions, the first resolution to get started would go fetch all the policies. If before the policies were retrieved a second resolution request came in, the new request would register watchers for those policies but then never block waiting for them to complete. This resulted in using the default policy when it shouldn't have.
2019-01-22 13:14:43 -05:00
Paul Banks
ef9f27cbc8
connect: tame thundering herd of CSRs on CA rotation (#5228)
* Support rate limiting and concurrency limiting CSR requests on servers; handle CA rotations gracefully with jitter and backoff-on-rate-limit in client

* Add CSR rate limiting docs

* Fix config naming and add tests for new CA configs
2019-01-22 17:19:36 +00:00
R.B. Boyer
d3eb781384 Check ACLs more often for xDS endpoints.
For established xDS gRPC streams recheck ACLs for each DiscoveryRequest
or DiscoveryResponse. If more than 5 minutes has elapsed since the last
ACL check, recheck even without an incoming DiscoveryRequest or
DiscoveryResponse. ACL failures will terminate the stream.
2019-01-22 11:12:40 -06:00
kaitlincarter-hc
3e45da1414
Add acl.enable_key_list_policy to agent config docs. (#5227)
* Adding key list parameter to agent config docs.

* Fixed typo in master token section

* Updated based on comments from Paul and Matt.
2019-01-22 10:20:05 -06:00
Kyle Havlovitz
ddc4a8d848
oss: add the enterprise server stub for intention replication check 2019-01-18 17:32:10 -08:00
R.B. Boyer
2dea3e2bd7 Fix some test typos. 2019-01-18 16:12:43 -06:00