Commit Graph

12678 Commits

Author SHA1 Message Date
Daniel Nephin ac6c8e5b26
Merge pull request #8106 from hashicorp/dnephin/hook-translate-keys-make-a-copy
decode: do not modify the source data in HookTranslateKeys
2020-06-15 14:48:33 -04:00
Daniel Nephin 2eac5b8023
Merge pull request #8074 from hashicorp/dnephin/remove-references-to-PatchSliceOfMaps
Update comments that reference PatchSliceOfMaps
2020-06-15 14:33:10 -04:00
Daniel Nephin d11674dbb7 decode: do not modify the source data in HookTranslateKeys
This was causing a 'fatal error: concurrent map iteration and map write' with gateways
2020-06-15 14:22:41 -04:00
Daniel Nephin ba6152e07b
Merge pull request #8101 from hashicorp/dnephin/decode-hook-slice-interfaces
decode: recursively unslice opaque config
2020-06-15 13:33:55 -04:00
Daniel Nephin 66b72039d4 decode: Only recursively unslice when the target is an interface{} 2020-06-15 12:56:51 -04:00
Chris Piraino b310de1b6f
Update CHANGELOG.md 2020-06-15 11:01:12 -05:00
Matt Keeler d467c04193
Update CHANGELOG.md 2020-06-15 11:03:07 -04:00
Matt Keeler 8837907de4
Make the Agent Cache more Context aware (#8092)
Blocking queries issues will still be uncancellable (that cannot be helped until we get rid of net/rpc). However this makes it so that if calling getWithIndex (like during a cache Notify go routine) we can cancell the outer routine. Previously it would keep issuing more blocking queries until the result state actually changed.
2020-06-15 11:01:25 -04:00
Daniel Nephin a46ce3d841 decode: recursively unslice opaque config
Also handle []interface{} in HookWeakDecodeFromSlice

Without this change only the top level []map[string]interface{} will be
unpacked as a single item. With this change any nested config will be
unpacked.
2020-06-12 22:00:33 -04:00
Freddy 965c80e2eb
Merge pull request #8099 from hashicorp/gateway-services-endpoint 2020-06-12 15:14:54 -06:00
freddygv d97cff0966 Update telemetry for gateway-services endpoint 2020-06-12 14:44:36 -06:00
freddygv cd927eed5e Remove unused method and fixup docs ref 2020-06-12 13:47:43 -06:00
freddygv 0f97b7d63d Fixup stray sid references 2020-06-12 13:47:43 -06:00
freddygv b2c66359ab Add docs 2020-06-12 13:47:43 -06:00
freddygv 19e3954603 Move compound service names to use ServiceName type 2020-06-12 13:47:43 -06:00
freddygv e7b52d35d4 Create HTTP endpoint 2020-06-12 13:46:47 -06:00
freddygv 15c74d6943 Move GatewayServices out of Internal 2020-06-12 13:46:47 -06:00
Freddy 166a8b2a58
Only pass one hostname via EDS and prefer healthy ones (#8084)
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

Currently when passing hostname clusters to Envoy, we set each service instance registered with Consul as an LbEndpoint for the cluster.

However, Envoy can only handle one per cluster:
[2020-06-04 18:32:34.094][1][warning][config] [source/common/config/grpc_subscription_impl.cc:87] gRPC config for type.googleapis.com/envoy.api.v2.Cluster rejected: Error adding/updating cluster(s) dc2.internal.ddd90499-9b47-91c5-4616-c0cbf0fc358a.consul: LOGICAL_DNS clusters must have a single locality_lb_endpoint and a single lb_endpoint, server.dc2.consul: LOGICAL_DNS clusters must have a single locality_lb_endpoint and a single lb_endpoint

Envoy is currently handling this gracefully by only picking one of the endpoints. However, we should avoid passing multiple to avoid these warning logs.

This PR:

* Ensures we only pass one endpoint, which is tied to one service instance.
* We prefer sending an endpoint which is marked as Healthy by Consul.
* If no endpoints are healthy we emit a warning and skip the cluster.
* If multiple unique hostnames are spread across service instances we emit a warning and let the user know which will be resolved.
2020-06-12 13:46:17 -06:00
John Cowen 54d69bbb8f
ui: Colocate pageobject components with their components (#8098) 2020-06-12 16:50:09 +01:00
Kenia 0d88c4ef67
ui: Add health check icon to Ingress Upstreams and add Tooltips in additional areas (#8091)
* Add Health Checks and update Tooltips in Ingress Upstreams

* Update Tooltip in Proxy Info tab Upstreams

* Add Tooltips to Proxy Info tab Exposed Paths

* Add Health Checks with Tooltips to Service List page
2020-06-12 09:35:52 -04:00
John Cowen 8c6b6b4f17
ui: Ensure encoder.js polyfill is available (#8094) 2020-06-12 14:28:36 +01:00
John Cowen cdc249ec1a
ui: Exclude any component/pageobject.js files from being included (#7978)
This excludes any /components/**/pageobject.js files from our production
builds which means we can co-locate all of our component page objects
(and selectors) along with the components themselves.
2020-06-12 13:06:59 +01:00
John Cowen 5817b8c4a8
ui: Upgrade consul-api-double to use intention response w/o old fields (#8089) 2020-06-12 09:51:07 +01:00
Chris Piraino 6fa48c9512
Allow users to set hosts to the wildcard specifier when TLS is disabled (#8083)
This allows easier demoing/testing of ingress gateways, while still
preserving the validation we have for DNSSANs
2020-06-11 10:03:06 -05:00
Hans Hasselberg b4b1a497e9
Adding 1.7.4 and 1.6.6 2020-06-11 00:01:49 +02:00
Hans Hasselberg e62a43c6cf
Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
Chris Piraino 91ab89dd48
Move ingress param to a new endpoint (#8081)
In discussion with team, it was pointed out that query parameters tend
to be filter mechanism, and that semantically the "/v1/health/connect"
endpoint should return "all healthy connect-enabled endpoints (e.g.
could be side car proxies or native instances) for this service so I can
connect with mTLS".

That does not fit an ingress gateway, so we remove the query parameter
and add a new endpoint "/v1/health/ingress" that semantically means
"all the healthy ingress gateway instances that I can connect to
to access this connect-enabled service without mTLS"
2020-06-10 13:07:15 -05:00
John Cowen 4bde23b9e9
Merge pull request #8080 from hashicorp/ui-staging
ui: UI Release Merge (1.8-beta-3: ui-staging merge)
2020-06-10 17:40:22 +01:00
John Cowen 2838f7a2e9
ui: Reduce discovery-chain log errors (#8065)
* ui: Reduce discovery-chain log spam

Currently the only way that the UI can know whether connect is enabled
or not is whether we get 500 errors from certain endpoints.

One of these endpoints we already use, so aswell as recovering from a
500 error, we also remember that connect is disabled for the rest of the
page 'session' (so until the page is refreshed), and make no further
http requests to the endpoint for that specific datacenter.

This means that log spam is reduced to only 1 log per page refresh/dc
instead of 1 log per service navigation.

Longer term we'll need some way to dynamically discover whether connect
is enabled per datacenter without relying on something that will add
error logs to consul.
2020-06-10 16:07:06 +01:00
Mike Wickett 8fab683389
Merge pull request #8076 from hashicorp/nq.basic-hero-tertiary-link-support
[Website] Support tertiary-styled third links
2020-06-10 10:47:40 -04:00
John Cowen db1ed14acf
ui: remove sort-control component (#8077)
This was never actually used
2020-06-10 14:27:21 +01:00
Noel Quiles 1dfbd384da Support tertiary-styled third links
Get the tertiary links to wrap below buttons

Adjust color/spacing of tertiary via override

Remove overrides, implement custom link

Extract arrow icon to file

Increase top margin for third link

Apply Brandon's fixes

Co-authored-by: Brandon Romano <BrandonRRomano@gmail.com>
2020-06-09 22:43:05 -07:00
Kyle Havlovitz 8342542f7a
Merge pull request #8075 from hashicorp/expose-cli-testfix
Fix a CLI test failure with namespaces in enterprise
2020-06-09 15:25:45 -07:00
Kyle Havlovitz 6fd3b25313 Fix a CLI test failure with namespaces in enterprise 2020-06-09 15:13:23 -07:00
Daniel Nephin 9132944e9a
Merge pull request #8071 from hashicorp/dnephin/update-vendor-2
Update google.golang.org/api and stretchr/testify
2020-06-09 17:56:03 -04:00
Daniel Nephin 8ec029ae6a Update comments that reference PatchSliceOfMaps
To reference decode.HookWeakDecodeFromSlice instead.

Also removes a step from the adding config fields checklist which is
no longer necessary.
2020-06-09 17:43:05 -04:00
Chris Piraino 496e683360
Merge pull request #8064 from hashicorp/ingress/health-query-param
Add API query parameter ?ingress to allow users to find ingress gateways associated to a service
2020-06-09 16:08:28 -05:00
Daniel Nephin 98d271bee9 Update google.golang.org/api and stretchr/testify
To match the versions used in enterprise, should slightly reduce the
chances of getting a merge conflict when using `go.mod`.
2020-06-09 16:03:05 -04:00
Chris Piraino c1d329c5dd Remove TODO note about ingress API, it is done! 2020-06-09 14:58:30 -05:00
Chris Piraino 5e0cd7ede5 Remove unnecessary defer from api.health_test.go
We do not need to deregister services because every test gets its own
instance of the client agent and the tmp directories are all deleted at
the end.
2020-06-09 14:45:57 -05:00
Chris Piraino ca41f80493 Set connect or ingress boolean after checking for query param 2020-06-09 14:45:21 -05:00
Daniel Nephin 08f1ed16b4
Merge pull request #7900 from hashicorp/dnephin/add-linter-staticcheck-2
intentions: fix a bug in Intention.SetHash
2020-06-09 15:40:20 -04:00
Daniel Nephin 62a1125c7b
Merge pull request #8037 from hashicorp/dnephin/add-linter-staticcheck-5
ci: Enabled SA2002 staticcheck check
2020-06-09 15:31:24 -04:00
Daniel Nephin 27ba56f3cd
Merge pull request #8067 from hashicorp/dnephin/update-vendor-1
Update protobuf and golang.org/x/... vendor
2020-06-09 15:25:13 -04:00
Hans Hasselberg 242994a016
acl: do not resolve local tokens from remote dcs (#8068) 2020-06-09 21:13:09 +02:00
Kyle Havlovitz 0c8966220f
Merge pull request #8040 from hashicorp/ingress/expose-cli
Ingress expose CLI command
2020-06-09 12:11:23 -07:00
Daniel Nephin db74f09b6b Update protobuf and golang.org/x/... vendor
Partially extracted from #7547

Updates protobuf to the most recent in the 1.3.x series, and updates
golang.org/x/sys to a7d97aace0b0 because of https://github.com/shirou/gopsutil/issues/853
prevents updating to a more recent version.

This breaking change in x/sys also prevents us from getting a newer
version of x/net. In the future, if gopsutil is not patched,  we may want to run a fork version of
gopsutil so that we can update both x/net and x/sys.
2020-06-09 14:46:41 -04:00
Kyle Havlovitz e3a725c4e0 Always allow updating the exposed service and differentiate by namespace 2020-06-09 11:09:53 -07:00
Chris Piraino 4837069fe0 api: update api module with health.Ingress() method 2020-06-09 12:11:47 -05:00
Chris Piraino 3c037d9b96 Add ?ingress query parameter on /v1/health/connect
Refactor boolean query parameter logic from ?passing value to re-use
with ingress
2020-06-09 11:44:31 -05:00