Commit Graph

3018 Commits

Author SHA1 Message Date
Dhia Ayachi 9e4d7a3d26
generate a single debug file for a long duration capture (#10279) (#10360)
* debug: remove the CLI check for debug_enabled

The API allows collecting profiles even debug_enabled=false as long as
ACLs are enabled. Remove this check from the CLI so that users do not
need to set debug_enabled=true for no reason.

Also:
- fix the API client to return errors on non-200 status codes for debug
  endpoints
- improve the failure messages when pprof data can not be collected

Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com>

* remove parallel test runs

parallel runs create a race condition that fail the debug tests

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* snapshot the timestamp at the beginning of the capture

- timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures
- capture append to the file if it already exist

* Revert "snapshot the timestamp at the beginning of the capture"

This reverts commit c2d03346

* Refactor captureDynamic to extract capture logic for each item in a different func

* extract wait group outside the go routine to avoid a race condition

* capture pprof in a separate go routine

* perform a single capture for pprof data for the whole duration

* add missing vendor dependency

* add a change log and fix documentation to reflect the change

* create function for timestamp dir creation and simplify error handling

* use error groups and ticker to simplify interval capture loop

* Logs, profile and traces are captured for the full duration. Metrics, Heap and Go routines are captured every interval

* refactor Logs capture routine and add log capture specific test

* improve error reporting when log test fail

* change test duration to 1s

* make time parsing in log line more robust

* refactor log time format in a const

* test on log line empty the earliest possible and return

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* rename function to captureShortLived

* more specific changelog

Co-authored-by: Paul Banks <banks@banksco.de>

* update documentation to reflect current implementation

* add test for behavior when invalid param is passed to the command

* fix argument line in test

* a more detailed description of the new behaviour

Co-authored-by: Paul Banks <banks@banksco.de>

* print success right after the capture is done

* remove an unnecessary error check

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* upgraded github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57 => v0.0.0-20210601050228-01bbb1931b22

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2021-06-07 15:51:57 -04:00
hc-github-team-consul-core 599b5a3bff
Release v1.8.12 2021-06-04 02:02:11 +00:00
hc-github-team-consul-core 083d71fa03
Release v1.8.11 2021-06-03 19:57:33 +00:00
Kyle Havlovitz 658e6a97bb Merge pull request #9672 from hashicorp/ca-force-skip-xc
connect/ca: Allow ForceWithoutCrossSigning for all providers
2021-04-20 15:41:32 -05:00
hashicorp-ci 46a6ae729e
Release v1.8.10 2021-04-15 18:15:40 +00:00
hashicorp-ci ceef4d6ada
Release v1.8.9 2021-03-04 19:22:48 +00:00
hashicorp-ci 1a7f21a061
Release v1.8.8 2021-01-22 18:50:03 +00:00
hashicorp-ci cbe8f01e9a
Release v1.8.7 2020-12-10 21:46:52 +00:00
freddygv 545e7379ee Merge branch 'release/1.8.x' into release/1.8.6 2020-11-19 15:45:37 -07:00
hashicorp-ci 2fa535b58c
Release v1.8.6 2020-11-19 20:56:51 +00:00
Freddy 8ed789766b Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 13:21:51 -07:00
Freddy cfd72af36c Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 17:15:23 +00:00
Mike Morris 7df79f0988
chore(backport): use HashiCorp Docker mirror (#9167)
* chore: backport Docker mirror for Envoy integration tests

* use hashicorp docker mirror in envoy helper (#9080)

* use hashicorp docker mirror to prevent rate limit (#9070)

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>
2020-11-11 18:31:40 -05:00
Kevin Pruett b3ec64c23f Merge pull request #9021 from hashicorp/pruett.alertbanner-exp
Expose `expirationDate` prop in <AlertBanner/>
2020-10-26 20:13:49 +00:00
Kim Ngo 6cbc41d5b5 NIA: add Terraform version compatibility (#9023) 2020-10-26 14:47:50 +00:00
hashicorp-ci 1e03567d33
Release v1.8.5 2020-10-23 20:32:14 +00:00
James Light e0bfd96dc4 Update managed-deprecated.mdx (#9016)
fix typo / spell checker replacing w/ wrong word
2020-10-23 14:55:46 +00:00
R.B. Boyer 3456b57dec
connect: update supported envoy point releases to 1.14.5, 1.13.6, 1.12.7, 1.11.2 for 1.8.x (#8999)
Selective backport of #8944 to 1.8.x
2020-10-22 13:26:51 -05:00
Kim Ngo 4e196b0a16 NIA: document daemon exiting on task errors (#8985) 2020-10-22 18:23:57 +00:00
Blake Covarrubias 315b68228a Add extraEnvironmentVars and client.affinity to Helm values (#8997)
Document client.extraEnvironmentVars, server.extraEnvironmentVars, and
client.affinity Helm chart values.

Remove deprecated connectInject.imageEnvoy and meshGateway.imageEnvoy
values.
2020-10-22 06:29:25 +00:00
Blake Covarrubias d2f0cf42c3 docs: Remove sentence about pluggable CAs
Consul's Connect CA documentation mentions future releases will
support a pluggable CA system. This sentence has existed in the docs
for over two years, however there are currently no plans to develop
this feature on the near-term roadmap.

This commit removes this sentence to avoid giving the impression that
this feature will be available in an upcoming release.
2020-10-20 18:52:49 +00:00
Jasmine W 5c1d25df84 Merge pull request #8959 from hashicorp/docs-update-api-cli
Update docs-navigation.js
2020-10-20 15:46:23 +00:00
Sabeen Syed aa8ab4161b Update links (#8949) 2020-10-19 19:38:49 +00:00
Sabeen Syed 303e1142da Add A10 and Checkpoint TF modules (#8950) 2020-10-15 21:12:17 +00:00
Kit Patella 9c1bbb4b50 Merge pull request #8960 from hashicorp/mkcp/docs/truncate-old-jepsen-log
truncate jepsen.mdx log for length
2020-10-14 20:59:27 +00:00
Sabeen Syed 0335eb1fa0 Remove email address (#8931) 2020-10-13 18:17:30 +00:00
Kim Ngo b7060f89b8 Add docs on what activates task execution (#8936) 2020-10-13 16:48:09 +00:00
lornasong 62ae98286a Merge pull request #8935 from hashicorp/nia-docs-tfmod
Update Requirements doc: Terraform module links
2020-10-13 15:55:43 +00:00
Iryna Shustava 313e2f70b6 Update compatibility matrix (#8928) 2020-10-13 01:04:36 +00:00
Iryna Shustava 76c9b2bb8d docs: add Helm docs for openshift; also add other missing Helm docs (#8833) 2020-10-12 23:35:53 +00:00
Sabeen Syed e8ae1ea703 Update a link and reword some sentences (#8925)
Update PANOS link
Update sentences
2020-10-12 22:40:43 +00:00
Ricardo Oliveira fe864e8f45 Update service-defaults.mdx (#8780) 2020-10-09 20:45:33 +00:00
Blake Covarrubias 16937d7f5d doc: Update acl-method command example (#8845)
* Update acl-method command example

* add tailing backtick
2020-10-09 19:26:54 +00:00
Sabeen Syed ceba2c6422 Docs: Nia/docs tech preview (#8908)
* Add outline and basic content for Tech Preview docs
* Add Tech Preview tag
* Add auto-labler for Consul Terrform Sync
* Add Consul Terraform Sync config docs (#8837)
* CLI Docs for Consul Terraform Sync
* Task Docs for Consul Terraform Sync
* Add docs for NIA Terraform driver (#8871)
* Update Installation Docs for Consul Terraform Sync
* Initial high level architecture overview (#8872)
* Docs: compatible Terraform modules for Consul-Terraform-Sync (#8887)
* Update Requirements Docs for Consul Terraform Sync
* Remove empty partner module sections
2020-10-09 15:18:47 -04:00
Kim Ngo 3e14b35211 Minor updates to NIA partner docs (#8912)
* Renames Terraform module registry to its new name Terraform Registry
2020-10-09 19:17:20 +00:00
Sabeen Syed 4ff537b250 Docs: Nia/docs partner integration (#8907)
* Add NIA Integration Program page
* Update name to Consul-Terraform-Sync and add Tech Preview tags
* Update diagram to include sequence numbers
* Remove Tech Preview tags and Update Images
* Add TF module naming convention, update image and links
* Add a note, update PANW link, and working updates
* Update URLs to local path
2020-10-09 18:23:05 +00:00
Jimmy Merritello be6a0effaf [Website] Add HashiStackMenu to website (#8854)
* Add new HashiStackMenu

* Add transpile option

* Bump version

* Bump HSM version and rm meganav styles
2020-10-09 15:49:04 +00:00
Matt Keeler 6cae442ef4 Add capability for the v1/connect/ca/roots endpoint to return a PEM encoded certificate chain (#8774)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-10-09 14:43:59 +00:00
R.B. Boyer c0fa5722ed website: re-add forgotten updates (#8890) 2020-10-09 02:27:57 +00:00
Iryna Shustava 11106987cc docs: Add missing helm docs and make link anchors consistent (#8808) 2020-10-05 17:03:15 +00:00
Luke Kysow f214ca77d8 Update k8s upgrade docs (#8789)
* Update k8s upgrade docs
2020-10-01 21:36:44 +00:00
Chris Piraino f102604956 docs: Remove usage metrics that are not in 1.8.x 2020-09-28 16:05:42 -05:00
Jeff Escalante b5e276bfc7 fix jepsen circular redirect (#8757) 2020-09-25 20:43:38 +00:00
Michael Ethridge e27b41453f Adding Vault ACL examples for Connect CA (#8536) 2020-09-25 11:23:24 -07:00
Daniel Nephin 30eddc4222 Merge pull request #8751 from karras/fix_docs_typo_services
Fix typo in Service Discovery/Services documentation
2020-09-25 15:34:04 +00:00
Petrik van der Velde b841307041 Improve the Azure cloud auto join documentation (#8530)
* Update the Azure cloud auto join documentation with more explicit information on how to configure the infrastructure.
* Add a note regarding the length of time taken for Azure to sync the MSI permissions.
* Update references from tag_name to tag_key in the Azure examples
Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
2020-09-25 02:42:14 +00:00
Mike Morris 8b9345fc96 docs: highlight Vault service mesh CA integration (#8730) 2020-09-24 19:39:41 +00:00
Hans Hasselberg 100630e2bf add -list-primary to `consul keyring` command (#8692)
* add -list-primary

* add docs

* use builder

* fix multiple actions
2020-09-24 18:04:57 +00:00
Nicole Forrester e22b295b5f Add Using in Production Question (#8718)
* website: add using in prod question

* adjust padding
2020-09-23 17:14:01 -04:00
danielehc 9c1d256ba8 Add alias-node option info (#8706) 2020-09-23 16:11:56 +00:00