15845 Commits

Author SHA1 Message Date
freddygv
5e1f7b7c36 Prevent partition-exports entry from OSS usage
Validation was added on the config entry kind since that is called when
validating config entries to bootstrap via agent configuration and when
applying entries via the config RPC endpoint.
2021-11-29 11:24:16 -07:00
Daniel Nephin
52f0853ff9
Merge pull request #11339 from hashicorp/dnephin/ca-manager-isolate-secondary-2
ca: reduce use of state in the secondary
2021-11-26 14:41:45 -05:00
Daniel Nephin
91a0c25932 ca: remove state check in secondarySetPrimaryRoots
This function is only ever called from operations that have already acquired the state lock, so checking
the value of state can never fail.

This change is being made in preparation for splitting out a separate type for the secondary logic. The
state can't easily be shared, so really only the expored top-level functions should acquire the 'state lock'.
2021-11-26 14:14:47 -05:00
Daniel Nephin
f1944458e4 ca: remove actingSecondaryCA
This commit removes the actingSecondaryCA field, and removes the stateLock around it. This field
was acting as a proxy for providerRoot != nil, so replace it with that check instead.

The two methods which called secondarySetCAConfigured already set the state, so checking the
state again at this point will not catch runtime errors (only programming errors, which we can catch with tests).
In general, handling state transitions should be done on the "entrypoint" methods where execution starts, not
in every internal method.

This is being done to remove some unnecessary references to c.state, in preparations for extracting
types for primary/secondary.
2021-11-26 14:14:47 -05:00
Daniel Nephin
238a4f13c8
Merge pull request #11660 from hashicorp/dnephin/ca-reduce-consul-provider-state-iface
ca: reduce consul provider backend interface a bit
2021-11-26 14:01:24 -05:00
Daniel Nephin
a631378008
Merge pull request #11468 from hashicorp/dnephin/acl-docs-namespace-rules
docs: update docs about namespace default policy/role
2021-11-26 14:00:30 -05:00
Daniel Nephin
7bfe50a914 docs: update docs about namespace default policy/role
To include details about the permissions the ACL token must have to perform the request.
2021-11-26 13:47:45 -05:00
Daniel Nephin
b92084b8e8 ca: reduce consul provider backend interface a bit
This makes it easier to fake, which will allow me to use the ConsulProvider as
an 'external PKI' to test a customer setup where the actual root CA is not
the root we use for the Consul CA.

Replaces a call to the state store to fetch the clusterID with the
clusterID field already available on the built-in provider.
2021-11-25 11:46:06 -05:00
John Cowen
f7b8df281b
ui: Add Service.Namespace variable to dashboard URL templates (#11640)
We currently allow only Datacenter, Service.Name, this PR adds Service.Namespace.
2021-11-25 10:47:07 +00:00
John Cowen
3f131dcf34
ui: Notifications re-organization/re-style (#11577)
- Moves where they appear up to the <App /> component.
- Instead of a <Notification /> wrapping component to move whatever you use for a notification up to where they need to appear (via ember-cli-flash), we now use a {{notification}} modifier now we have modifiers.
- Global notifications/flashes are no longer special styles of their own. You just use the {{notification}} modifier to hoist whatever component/element you want up to the top of the page. This means we can re-use our existing <Notice /> component for all our global UI notifications (this is the user visible change here)
2021-11-24 18:14:07 +00:00
Dhia Ayachi
3820e09a47
Partition/kv indexid sessions (#11639)
* state: port KV and Tombstone tables to new pattern

* go fmt'ed

* handle wildcards for tombstones

* Fix graveyard ent vs oss

* fix oss compilation error

* add partition to tombstones and kv state store indexes

* refactor to use `indexWithEnterpriseIndexable`

* Apply suggestions from code review

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* partition `tableSessions` table

* fix sessions to use UUID and fix prefix index

* fix oss build

* clean up unused functions

* fix oss compilation

* add a partition indexer for sessions

* Fix oss to not have partition index

* fix oss tests

* remove unused operations_ent.go and operations_oss.go func

* convert `indexNodeCheck` of `session_checks` table

* partition `indexID` and `indexSession` of `tableSessionChecks`

* remove partition for Checks as it's always use the session partition

* partition sessions index id table

* fix rebase issues

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2021-11-24 11:34:36 -05:00
John Cowen
2b8273bc6e
ui: Support for SSO with Admin Partitions (#11604)
* Upgrade AuthForm and document current state a little better
* Hoist SSO out of the AuthForm
* Bare minimum admin partitioned SSO

also:

ui: Tabbed Login with Token or SSO interface (#11619)

- I upgraded our super old, almost the first ember component I wrote, to use glimmer/almost template only. This should use slots/contextual components somehow, but thats a bigger upgrade so I didn't go that far.
- I've been wanting to upgrade the shape of our StateChart component for a very long while now, here its very apparent that it would be much better to do this sooner rather than later. I left it as is for now, but there will be a PR coming soon with a slight reshaping of this component.
- Added a did-upsert modifier which is a mix of did-insert/did-update
- Documentation added/amended for all the new things.
2021-11-24 14:53:12 +00:00
Dhia Ayachi
bb83624950
Partition session checks store (#11638)
* state: port KV and Tombstone tables to new pattern

* go fmt'ed

* handle wildcards for tombstones

* Fix graveyard ent vs oss

* fix oss compilation error

* add partition to tombstones and kv state store indexes

* refactor to use `indexWithEnterpriseIndexable`

* Apply suggestions from code review

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* add `singleValueID` implementation assertions

* partition `tableSessions` table

* fix sessions to use UUID and fix prefix index

* fix oss build

* clean up unused functions

* fix oss compilation

* add a partition indexer for sessions

* Fix oss to not have partition index

* fix oss tests

* remove unused operations_ent.go and operations_oss.go func

* remove unused const

* convert `IndexID` of `session_checks` table

* convert `indexSession` of `session_checks` table

* convert `indexNodeCheck` of `session_checks` table

* partition `indexID` and `indexSession` of `tableSessionChecks`

* fix oss linter

* fix review comments

* remove partition for Checks as it's always use the session partition

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2021-11-24 09:10:38 -05:00
Chris S. Kim
2350e7e56a
cleanup: Clarify deprecated legacy intention endpoints (#11635) 2021-11-23 19:32:18 -05:00
Chris S. Kim
9d02bc08c9
docs: fix name for partition resource labels (#11634) 2021-11-23 15:51:55 -05:00
John Cowen
b84ee47ff0
ui: Fix brand coloring for inline-code plus docs (#11578)
* ui: Fix brand coloring for inline-code plus docs

Also use --tones instead of --black/--white (#11601)

Co-authored-by: Evan Rowe <ev.rowe@gmail.com>
2021-11-23 18:32:11 +00:00
lornasong
3666401ae3
nia/docs 0.4.2 (#11611)
* nia/docs: Add TLS options for the CTS API

* docs: Add workspace tags (#11564)

* nia/docs: Change CLI options to table format

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>

* nia/docs: Update TLS CLI defaults

Also clarifies some behavior for the CLI options.

Co-authored-by: Melissa Kam <mkam@hashicorp.com>
Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>
Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>
2021-11-22 17:02:19 -05:00
Matt Siegel
fa7216ab67
Merge pull request #11625 from hashicorp/version.js-1.10.4
website: bump latest binary version to 1.10.4
2021-11-22 12:38:38 -05:00
99
85312203f2
Merge pull request #11567 from hashicorp/branches_fix
ci: update triggers for main branch
2021-11-22 09:29:42 -08:00
99
4c0f40d8fb ci: update triggers for main branch 2021-11-22 09:25:32 -08:00
Matt Siegel
281a010097
website: bump latest binary version to 1.10.4 2021-11-22 12:09:12 -05:00
99
4b3c3c34b3
Merge pull request #11605 from hashicorp/fix_dockerfile
add dumb-init package to Dockerfile
2021-11-22 08:30:12 -08:00
Chris S. Kim
db5ee0e4d2
Merge from ent (#11506) 2021-11-19 11:50:44 -05:00
mrspanishviking
5c33003eb2
Merge pull request #11608 from hashicorp/proxy-codeblocks
docs: updated proxy page to use new codeblock
2021-11-18 17:26:21 -08:00
Karl Cardenas
d4cbe68913
docs: updated proxy page to use new codeblock 2021-11-18 18:17:38 -07:00
R.B. Boyer
dd4a59db8e
agent: purge service/check registration files for incorrect partitions on reload (#11607) 2021-11-18 14:44:20 -06:00
Iryna Shustava
0ee456649f
connect: Support auth methods for the vault connect CA provider (#11573)
* Support vault auth methods for the Vault connect CA provider
* Rotate the token (re-authenticate to vault using auth method) when the token can no longer be renewed
2021-11-18 13:15:28 -07:00
99
bf3ccf5847 add dumb-init package to Dockerfile 2021-11-18 08:36:59 -08:00
John Cowen
392dedc3e2
ui: Upgrades token sourcing related components to Glimmer+docs (#11592) 2021-11-18 15:52:39 +00:00
John Cowen
b4a7278e72
ui: Add eng docs for our render-template helper (#11359)
Adds Engineer documentation for our recently improved render-template helper, plus some ideas for further work/improvement here should anyone ever want to pick that up.
2021-11-18 10:21:36 +00:00
99
7ad6ab3425
Merge pull request #11600 from hashicorp/fix_entrypoint_main
Make entrypoint script always executable
2021-11-17 17:09:43 -08:00
99
b462e59ffc Make entrypoint script always executable 2021-11-17 17:08:18 -08:00
ultrafear
854d6e6d59 Fixing spelling under Matching and Prefix Values 2021-11-17 10:33:08 -08:00
Luke Kysow
3c68766286
Add docs for Consul Ent on ECS (#11537) 2021-11-17 09:59:32 -08:00
John Cowen
b7bd938411
ui: Store the default partition when logging in (#11591)
Make sure we store the default Partition for a users token.
2021-11-17 17:52:31 +00:00
John Cowen
35ccc2bc29
ui: Adding partitions + icons to upstreams/upstream instances (#11556)
Adds a partition badge/label/visual to upstreams and upstream instances.
2021-11-17 17:46:50 +00:00
Daniel Nephin
87c703484f
Merge pull request #11589 from hashicorp/dnephin/ca-cleanup-cluster-id-1
ca: small cleanup of SpiffeIDSigningForCluster args
2021-11-17 12:43:04 -05:00
Eric Haberkorn
1bf778f9c7
Merge pull request #11583 from hashicorp/consul-ecs-ga-docs
Consul ECS GA Docs
2021-11-17 12:42:47 -05:00
Paul Glass
a3cc7ad2bd
Merge pull request #11584 from hashicorp/pglass/ecs-ga
docs: ECS GA doc update
2021-11-17 11:23:25 -06:00
Paul Glass
de8c830a93 docs: Fix some typos in ECS overview 2021-11-17 11:20:23 -06:00
John Cowen
2ef9ea00b1
ui: When certain menus are selected reset either nspace/partition (#11479)
For our dc, nspace and partition 'bucket' menus, sometimes when selecting one 'bucket' we need to reset a different 'bucket' back to the one that your token has by default (or the default if not). For example when switching to a different partition whilst you are in a non-default namespace of another partition, we need to switch you to the token default namespace of the partition you are switching to.
2021-11-17 15:59:26 +00:00
danielehc
eddd648095
Connect.enabled config option (#11533) 2021-11-17 12:06:11 +01:00
Dan Upton
b51dc2f758
changelog: entry for snapshot agent license_path bug (#11561) 2021-11-16 23:07:14 +00:00
Daniel Nephin
b4080bc0dc ca: use the cluster ID passed to the primary
instead of fetching it from the state store.
2021-11-16 16:57:22 -05:00
Daniel Nephin
b9ab9bae12 ca: accept only the cluster ID to SpiffeIDSigningForCluster
To make it more obivous where ClusterID is used, and remove the need to create a struct
when only one field is used.
2021-11-16 16:57:21 -05:00
R.B. Boyer
2d37085faf
update changelog (#11575) 2021-11-16 15:21:20 -06:00
Mike Morris
25826e3ee4
deps: update gopsutil to fix Windows ARM and macOS non-Apple LLVM builds (#11586)
Bumps transitive dep go-ole to v1.2.6 with fixes
2021-11-16 15:40:11 -05:00
R.B. Boyer
75bbe893e8
add 1.11.x beta1/beta2 changelog entries (#11587) 2021-11-16 14:31:04 -06:00
Will Jordan
68efecafed
Update node info sync comment (#11465) 2021-11-16 11:16:11 -08:00
R.B. Boyer
e6956893fb
api: ensure new partition fields are omit empty for back compat (#11585) 2021-11-16 12:28:34 -06:00