11868 Commits

Author SHA1 Message Date
Hans Hasselberg
98eea08d3b
Tokens converted from legacy ACLs get their Hash computed (#8047)
* Fixes #5606: Tokens converted from legacy ACLs get their Hash computed

This allows new style token replication to work for legacy tokens as well when they change.

* tests: fix timestamp comparison

Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
2020-06-08 21:44:06 +02:00
Chris Piraino
1a853fc954
Always require Host header values for http services (#7990)
Previously, we did not require the 'service-name.*' host header value
when on a single http service was exposed. However, this allows a user
to get into a situation where, if they add another service to the
listener, suddenly the previous service's traffic might not be routed
correctly. Thus, we always require the Host header, even if there is
only 1 service.

Also, we add the make the default domain matching more restrictive by
matching "service-name.ingress.*" by default. This lines up better with
the namespace case and more accurately matches the Consul DNS value we
expect people to use in this case.
2020-06-08 13:16:24 -05:00
Blake Covarrubias
dd1e4ffd0d docs: Fix rendering of markdown on performance page
Fix issue with markdown not being rendered on /docs/install/performance.mdx.

Resolves #8049
2020-06-08 10:29:47 -07:00
Hans Hasselberg
c7e6c9ebec
http: use default minsize for gzip handler. (#7354)
Fixes #6306
2020-06-08 10:10:08 +02:00
Hans Hasselberg
72f92ae7ca
agent: add option to disable agent cache for HTTP endpoints (#8023)
This allows the operator to disable agent caching for the http endpoint.
It is on by default for backwards compatibility and if disabled will
ignore the url parameter `cached`.
2020-06-08 10:08:12 +02:00
Krastin
9262d7a79a website: fix a link in docs/agent/options
fixing the link to gopsutil in the -disable-host-node-id option text body
2020-06-07 03:36:55 -07:00
Jeff Escalante
9977c1df80 a few more naming adjustments 2020-06-06 15:45:29 -04:00
Jeff Escalante
f9051298c8 change page path, add redirect 2020-06-06 15:45:29 -04:00
Peter M
45f43476e8 Update Homepage Use Case Name and Link
resubmitting this PR to include a link change.
2020-06-06 15:45:29 -04:00
Peter M
8df640401b Updating NMA use case to reflect new name
Recently changed Network Middleware Automation use case to Network Infrastructure Automation, adding changes to the site to reflect this.
2020-06-06 15:00:03 -04:00
Kyle Havlovitz
acae044df4 Document the namespace format for expose CLI command 2020-06-05 15:47:03 -07:00
Kyle Havlovitz
ada9e2b3ab Add docs for expose command 2020-06-05 14:54:45 -07:00
Kyle Havlovitz
b874c8ef0c Add connect expose CLI command 2020-06-05 14:54:29 -07:00
Daniel Nephin
caa692deea ci: Enabled SA2002 staticcheck check
And handle errors in the main test goroutine
2020-06-05 17:50:11 -04:00
Hans Hasselberg
5281cb74db
Setup intermediate_pki_path on secondary when using vault (#8001)
Make sure to mount vault backend for intermediate_pki_path on secondary
dc.
2020-06-05 21:36:22 +02:00
Daniel Nephin
ce6cc094a1 intentions: fix a bug in Intention.SetHash
Found using staticcheck.

binary.Write does not accept int types without a size. The error from binary.Write was ignored, so we never saw this error. Casting the data to uint64 produces a correct hash.

Also deprecate the Default{Addr,Port} fields, and prevent them from being encoded. These fields will always be empty and are not used.
Removing these would break backwards compatibility, so they are left in place for now.

Co-authored-by: Hans Hasselberg <me@hans.io>
2020-06-05 14:51:43 -04:00
R.B. Boyer
fed7489a37
Use linkmode=external for the arm builds (#8029)
This gets around some issues regarding too large plt offsets when compiling with CGO

Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
2020-06-05 13:21:57 -05:00
John Cowen
439ae6b4bf
ui: Blocking with filtering intentions amends (#8027)
* ui: Now intentions use blocking queries invalidation isn't needed

* ui: Ensure reconciliation doesn't happen when filtering for intentions
2020-06-05 14:44:57 +01:00
R.B. Boyer
9cfa4a3fc9
tests: ensure that the ServiceExists helper function normalizes entmeta (#8025)
This fixes a unit test failure over in enterprise due to https://github.com/hashicorp/consul/pull/7384
2020-06-05 10:41:39 +02:00
R.B. Boyer
b88bd6660e
server: don't activate federation state replication or anti-entropy until all servers are running 1.8.0+ (#8014) 2020-06-04 16:05:27 -05:00
Hans Hasselberg
dfcf45c6cf
tests: use constructor instead init (#8024) 2020-06-04 22:59:06 +02:00
Alexander Mykolaichuk
9fa605f077
fixed links (#8020) 2020-06-04 16:18:37 -04:00
John Cowen
7dd7fc566d
Merge pull request #8022 from hashicorp/ui/bugfix/switch-help-icons
ui: Switch help menu icons to use the correct icons
2020-06-04 16:03:57 +01:00
John Cowen
8a586c04e6 ui: Switch help menu icons to use the correct icons 2020-06-04 14:31:15 +00:00
Pierre Souchay
9813ae512b
checks: when a service does not exists in an alias, consider it failing (#7384)
In current implementation of Consul, check alias cannot determine
if a service exists or not. Because a service without any check
is semantically considered as passing, so when no healthchecks
are found for an agent, the check was considered as passing.

But this make little sense as the current implementation does not
make any difference between:
 * a non-existing service (passing)
 * a service without any check (passing as well)

In order to make it work, we have to ensure that when a check did
not find any healthcheck, the service does indeed exists. If it
does not, lets consider the check as failing.
2020-06-04 14:50:52 +02:00
Hans Hasselberg
0f343332da
Merge pull request #7966 from hashicorp/pool_improvements
Agent connection pool cleanup
2020-06-04 08:56:26 +02:00
Freddy
891a0029b6
Update CHANGELOG.md 2020-06-03 18:47:43 -06:00
Freddy
9ed325ba8b
Enable gateways to resolve hostnames to IPv4 addresses (#7999)
The DNS resolution will be handled by Envoy and defaults to LOGICAL_DNS. This discovery type can be overridden on a per-gateway basis with the envoy_dns_discovery_type Gateway Option.

If a service contains an instance with a hostname as an address we set the Envoy cluster to use DNS as the discovery type rather than EDS. Since both mesh gateways and terminating gateways route to clusters using SNI, whenever there is a mix of hostnames and IP addresses associated with a service we use the hostname + CDS rather than the IPs + EDS.

Note that we detect hostnames by attempting to parse the service instance's address as an IP. If it is not a valid IP we assume it is a hostname.
2020-06-03 15:28:45 -06:00
Kevin Pruett
9b0d0de178
Merge pull request #8002 from pruett/pruett.quickfix-acl-docs
Add newline to fix rendering bug
2020-06-03 17:21:52 -04:00
Jono Sosulska
66ee9c3bb2
Updating Stopping Agent Section (#8016)
Fixes #6935 to clarify agent behavior.
2020-06-03 17:08:49 -04:00
Daniel Nephin
b5dc84757d
Merge pull request #8017 from hashicorp/dnephin/increase-lint-timeout
ci: Increase lint timeout
2020-06-03 17:04:17 -04:00
Daniel Nephin
5c2a1574aa Increase lint timeout
We occasionally see the lint job fail due to this timeout. Likely when the node running lint is under heavy load, because normally it runs much faster.

This commit increases the timeout substantially to work around that problem.
2020-06-03 16:50:35 -04:00
Kevin Pruett
bf0b5055f1
Add newline to fix rendering bug 2020-06-03 15:21:06 -04:00
R.B. Boyer
4d083103e2
fix some flaky snapshot tests (#8015) 2020-06-03 14:18:52 -05:00
John Cowen
bdb55d7825
Merge pull request #8013 from hashicorp/ui-staging
ui: UI Release Merge (1.8-beta-3: ui-staging merge)
2020-06-03 18:46:20 +01:00
Daniel Nephin
3362136c1e
Merge pull request #8008 from hashicorp/dnephin/fix-capture-logs-in-envoy-integration-test
ci: fix log capture for envoy integration tests
2020-06-03 13:08:45 -04:00
John Cowen
7949410208 ui: Add ability to sort service based on health (#7989)
* ui: Add ability to sort service based on health

* ui: Move custom sorting to sort/comparator Service/Helper (like search)

This moves custom sorting to use the same pattern as custom searching.

* Remove old Controller based comparator
2020-06-03 16:46:57 +00:00
Kenia
d295d976ce ui: Customize link for an Upstream in a different namespace as the ingress gateway (#8006)
* Add configuration default value for findGatewayBySlug

* Customize link for an Upstream in a different nspace as the ingress gateway
2020-06-03 16:46:56 +00:00
John Cowen
b0f38fe899 ui: Add an Address copy button to the service instance page (#7977)
* ui: Add an Address copy button to the service instance page

* ui: Fallback to Node Address if no Service Address is configured
2020-06-03 16:46:54 +00:00
John Cowen
002797af82 ui: Remove WithSearching mixin, use helpers instead (#7961)
* ui: Remove WithSearching mixin, use composable helpers instead
2020-06-03 16:46:53 +00:00
Kenia
d459bfd81c ui: Add blocking queries to gateways (#7967)
* Remove gateway endpoint adapter, model, and serializer and tests

* Update service tests to handle gateway-services-nodes

* Upgrade consul-api-double to 2.15.2

* Add a fairly temporary shouldReconcile method

Co-authored-by: John Cowen <jcowen@hashicorp.com>
2020-06-03 16:46:52 +00:00
John Cowen
12b1bc28b4 ui: SSO Icon cleanup (#7959)
1. Removes all icons not supported by the backend
2. Adds other icons supported by the backend
3. If there is no icon available don't add CSS positioning for one
2020-06-03 16:46:51 +00:00
John Cowen
94dd1849b4 ui: New Empty States (#7940)
* ui: CSS and component changes to the <EmptyState /> component

* ui: Reset the auth-form component back to its initial state

Moving forwards we are going to have the auth-form on the page all the
time, even when logged in (for relogging in purposes). This means the
auth-form will not always be removed from the DOM when you log in.

This sets the form back to its idle state before calling onsubmit

* ui: Make a public api for modal-dialog with a single close method

* ui : Move cache reset somewhere that makes more sense, + single refresh

1. Centralize cache resetting elsewhere, for now the store makes most
sense, although I would prefer the Repository class, so using the store
is temporary
2. We only need to refresh on login once, unless we have a differing
nspace

* ui: Ensure visibilitychange events are cleaned up

* ui: Only cache DataSource data if we have any, + only clear the cache

* ui: Add the modal login dialog to both unauth and auth views

This means we can 'relogin' when already logged in

* ui: Add new empty states

* ui: CSS Tweaks

* Remove marketing grays
2020-06-03 16:46:50 +00:00
Kenia
c4b2fcbd38 ui: Create Tags & Meta tab (#7954) 2020-06-03 16:46:48 +00:00
Kenia
8077a41f42 ui: Make only existing services in Upstreams linkabled with hover effect (#7943)
* Create service/exist helper to be used in ListCollection list items

* Make only existing services in Upstreams linkabled with hover effect
2020-06-03 16:46:47 +00:00
John Cowen
7e1e6e44c3 ui: remove some components/javascript we are no longer using (#7941) 2020-06-03 16:46:46 +00:00
Kenia
91b22f21ba ui: Implement EmberTooltips to Upstreams (#7930)
* Add ember-tooltips addon

* Create Tooltip component with styling and test

* Implement Tooltip into Upstreams
2020-06-03 16:46:44 +00:00
John Cowen
5d77ba076a ui: Blink/Webkit input[type=password] workaround (#7929)
It seems that blink/webkit browsers at least will leak memory when using
input[type=password] inputs. This only affects us during testing as we
'refresh' the ember app ~1000 times without actually refreshing
the browser. This means references to these HTML input elements mount
up now that every single page/test has an input[password] on it.

Following this change our memory usage during testing seems to have
reduced by as much as 75%.

During normal usage the single password element is only added to the
page once per login/logout.
2020-06-03 16:46:43 +00:00
John Cowen
e7ce5a6e7b ui: Slightly refactor %composite-rows and reuse ConsulServiceList component (#7886)
* ui: Move individual component types into a single %composite-list plus

1. Removes all out separate CSS components (that match HTML components)
to favour not having those separate for the moemnt at least
2. Reuses <ConsulServiceList /> component for Terminating Gateways >
Linked Services

* ui: Tweak breadcrumb spacing for '/' separator

* Fix up the tests i.e. services per tab so we can call them all services
2020-06-03 16:46:42 +00:00
Matt Keeler
53ee863924
Update CHANGELOG.md 2020-06-03 11:41:14 -04:00