status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
12,059 Commits 445 Branches 179 Tags 481 MiB
Commit Graph

135 Commits

Author SHA1 Message Date
Freddy cfd72af36c Require operator:write to get Connect CA config (#9240) 
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
 2020-11-19 17:15:23 +00:00
Kevin Pruett b3ec64c23f Merge pull request #9021 from hashicorp/pruett.alertbanner-exp 
Expose `expirationDate` prop in <AlertBanner/>
 2020-10-26 20:13:49 +00:00
Kim Ngo 6cbc41d5b5 NIA: add Terraform version compatibility (#9023) 2020-10-26 14:47:50 +00:00
James Light e0bfd96dc4 Update managed-deprecated.mdx (#9016) 
fix typo / spell checker replacing w/ wrong word
 2020-10-23 14:55:46 +00:00
R.B. Boyer 3456b57dec
connect: update supported envoy point releases to 1.14.5, 1.13.6, 1.12.7, 1.11.2 for 1.8.x (#8999) 
Selective backport of #8944 to 1.8.x
 2020-10-22 13:26:51 -05:00
Kim Ngo 4e196b0a16 NIA: document daemon exiting on task errors (#8985) 2020-10-22 18:23:57 +00:00
Blake Covarrubias 315b68228a Add extraEnvironmentVars and client.affinity to Helm values (#8997) 
Document client.extraEnvironmentVars, server.extraEnvironmentVars, and
client.affinity Helm chart values.

Remove deprecated connectInject.imageEnvoy and meshGateway.imageEnvoy
values.
 2020-10-22 06:29:25 +00:00
Blake Covarrubias d2f0cf42c3 docs: Remove sentence about pluggable CAs 
Consul's Connect CA documentation mentions future releases will
support a pluggable CA system. This sentence has existed in the docs
for over two years, however there are currently no plans to develop
this feature on the near-term roadmap.

This commit removes this sentence to avoid giving the impression that
this feature will be available in an upcoming release.
 2020-10-20 18:52:49 +00:00
Sabeen Syed aa8ab4161b Update links (#8949) 2020-10-19 19:38:49 +00:00
Sabeen Syed 303e1142da Add A10 and Checkpoint TF modules (#8950) 2020-10-15 21:12:17 +00:00
Kit Patella 9c1bbb4b50 Merge pull request #8960 from hashicorp/mkcp/docs/truncate-old-jepsen-log 
truncate jepsen.mdx log for length
 2020-10-14 20:59:27 +00:00
Sabeen Syed 0335eb1fa0 Remove email address (#8931) 2020-10-13 18:17:30 +00:00
Kim Ngo b7060f89b8 Add docs on what activates task execution (#8936) 2020-10-13 16:48:09 +00:00
lornasong 62ae98286a Merge pull request #8935 from hashicorp/nia-docs-tfmod 
Update Requirements doc: Terraform module links
 2020-10-13 15:55:43 +00:00
Iryna Shustava 313e2f70b6 Update compatibility matrix (#8928) 2020-10-13 01:04:36 +00:00
Iryna Shustava 76c9b2bb8d docs: add Helm docs for openshift; also add other missing Helm docs (#8833) 2020-10-12 23:35:53 +00:00
Sabeen Syed e8ae1ea703 Update a link and reword some sentences (#8925) 
Update PANOS link
Update sentences
 2020-10-12 22:40:43 +00:00
Ricardo Oliveira fe864e8f45 Update service-defaults.mdx (#8780) 2020-10-09 20:45:33 +00:00
Blake Covarrubias 16937d7f5d doc: Update acl-method command example (#8845) 
* Update acl-method command example

* add tailing backtick
 2020-10-09 19:26:54 +00:00
Sabeen Syed ceba2c6422 Docs: Nia/docs tech preview (#8908) 
* Add outline and basic content for Tech Preview docs
* Add Tech Preview tag
* Add auto-labler for Consul Terrform Sync
* Add Consul Terraform Sync config docs (#8837)
* CLI Docs for Consul Terraform Sync
* Task Docs for Consul Terraform Sync
* Add docs for NIA Terraform driver (#8871)
* Update Installation Docs for Consul Terraform Sync
* Initial high level architecture overview (#8872)
* Docs: compatible Terraform modules for Consul-Terraform-Sync (#8887)
* Update Requirements Docs for Consul Terraform Sync
* Remove empty partner module sections
 2020-10-09 15:18:47 -04:00
Kim Ngo 3e14b35211 Minor updates to NIA partner docs (#8912) 
* Renames Terraform module registry to its new name Terraform Registry
 2020-10-09 19:17:20 +00:00
Sabeen Syed 4ff537b250 Docs: Nia/docs partner integration (#8907) 
* Add NIA Integration Program page
* Update name to Consul-Terraform-Sync and add Tech Preview tags
* Update diagram to include sequence numbers
* Remove Tech Preview tags and Update Images
* Add TF module naming convention, update image and links
* Add a note, update PANW link, and working updates
* Update URLs to local path
 2020-10-09 18:23:05 +00:00
Jimmy Merritello be6a0effaf [Website] Add HashiStackMenu to website (#8854) 
* Add new HashiStackMenu

* Add transpile option

* Bump version

* Bump HSM version and rm meganav styles
 2020-10-09 15:49:04 +00:00
Matt Keeler 6cae442ef4 Add capability for the v1/connect/ca/roots endpoint to return a PEM encoded certificate chain (#8774) 
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
 2020-10-09 14:43:59 +00:00
R.B. Boyer c0fa5722ed website: re-add forgotten updates (#8890) 2020-10-09 02:27:57 +00:00
Iryna Shustava 11106987cc docs: Add missing helm docs and make link anchors consistent (#8808) 2020-10-05 17:03:15 +00:00
Luke Kysow f214ca77d8 Update k8s upgrade docs (#8789) 
* Update k8s upgrade docs
 2020-10-01 21:36:44 +00:00
Chris Piraino f102604956 docs: Remove usage metrics that are not in 1.8.x 2020-09-28 16:05:42 -05:00
Michael Ethridge e27b41453f Adding Vault ACL examples for Connect CA (#8536) 2020-09-25 11:23:24 -07:00
Daniel Nephin 30eddc4222 Merge pull request #8751 from karras/fix_docs_typo_services 
Fix typo in Service Discovery/Services documentation
 2020-09-25 15:34:04 +00:00
Petrik van der Velde b841307041 Improve the Azure cloud auto join documentation (#8530) 
* Update the Azure cloud auto join documentation with more explicit information on how to configure the infrastructure.
* Add a note regarding the length of time taken for Azure to sync the MSI permissions.
* Update references from tag_name to tag_key in the Azure examples
Co-authored-by: Jono Sosulska <42216911+jsosulska@users.noreply.github.com>
 2020-09-25 02:42:14 +00:00
Hans Hasselberg 100630e2bf add -list-primary to `consul keyring` command (#8692) 
* add -list-primary

* add docs

* use builder

* fix multiple actions
 2020-09-24 18:04:57 +00:00
Nicole Forrester e22b295b5f Add Using in Production Question (#8718) 
* website: add using in prod question

* adjust padding
 2020-09-23 17:14:01 -04:00
danielehc 9c1d256ba8 Add alias-node option info (#8706) 2020-09-23 16:11:56 +00:00
Prabodh 4784468283 Update index.mdx (#8727) 
Fixed a gramatical mistake.
 2020-09-23 10:14:10 -04:00
Daniel Kimsey 25e7652449 Clarify consul maint enable/disable scope (#8615) 
Try to make it more clear to an operator that toggling off a node-level
maintenance is independent of toggling service level maintenance.
 2020-09-21 16:33:07 +00:00
Lowe Schmidt c77a87e84c docs: Fix typo in tutorial URL (#8716) 2020-09-21 14:09:06 +00:00
Blake Covarrubias 35b21159b2 docs: Add go-sockaddr examples for bind_addr (#8677) 
Add examples of using a go-sockaddr template with `bind_addr` within
HCL or JSON configuration.

Resolves #8633
 2020-09-18 15:16:17 +00:00
Blake Covarrubias e99e5ce434 docs: Add missing options for consul connect envoy (#8670) 
Document missing CLI options for the `consul connect envoy` command.

Resolves #8041
 2020-09-18 15:13:44 +00:00
Preetha 6ccec70bfb Merge pull request #8638 from eckdanny/docs/clarify-kv-keys-url-safe 
docs: clarify KV url-safe key names
 2020-09-17 20:52:07 +00:00
Sabeen Syed 6117c7ff73 Merge pull request #8668 from hashicorp/BeenzSyed-consulesm 
Add Consul ESM to Consul Tools page
 2020-09-17 19:37:00 +00:00
Blake Covarrubias fb664c18dd Add path-based routing example to Ingress docs (#8672) 
Add configuration example for HTTP path-based routing with virtual
services to Ingress gateway configuration entry documentation.

Resolves #8018
 2020-09-15 22:39:54 +00:00
Hans Hasselberg f88600320d Update API docs for GET /operator/keyring (#8691) 
The response includes a new field: PrimaryKeys that lists the installed
primary keys.
 2020-09-15 19:39:15 +00:00
Jeff Escalante 999024cee6 Merge pull request #8689 from hashicorp/je.fix-redirects 
Broken link fixes
 2020-09-15 17:09:04 +00:00
Blake Covarrubias ed39172b37 docs: Add -node-identity option to token and role command (#8671) 
Document `-node-identity` option which was added in #7970 for
`acl token <create|update>` and `acl role <create|update>` commands.
 2020-09-15 02:03:56 +00:00
Derek Strickland 0e486502cb Fixed broken link to Helm Chart install page. (#8662) 2020-09-14 23:25:45 +00:00
kaitlincarter-hc ed7ff57514 Website Links to Learn (#8641) 
* update links

* Update website/pages/home/index.jsx
 2020-09-14 23:17:32 +00:00
Derek Strickland 55a3f46694 Fixed broken install links (#8674) 2020-09-14 17:38:33 +00:00
David Yu 403982169e Create compatability.mdx for Consul Kubernetes docs (#8655) 
Create Compatibility Matrix page for Consul and Consul on Kubernetes underneath Upgrade section in the Kubernetes docs.
 2020-09-14 17:25:05 +00:00
Mike Morris 91ee7990cc
website: 1.8.x catchup (#8648) 
* website: purge existing directory

* website: bulk update from master with changes specific to the upcoming 1.9 release excluded

* test: revert envoy_version to 1.14.2 for existing-ca-path golden file
 2020-09-10 13:32:06 -04:00