Commit Graph

13004 Commits

Author SHA1 Message Date
R.B. Boyer 6ba776b4f3
agent: protect the ui metrics proxy endpoint behind ACLs (#9099)
This ensures the metrics proxy endpoint is ACL protected behind a
wildcard `service:read` and `node:read` set of rules. For Consul
Enterprise these will need to span all namespaces:

```
service_prefix "" { policy = "read" }
node_prefix ""    { policy = "read" }

namespace_prefix "" {
  service_prefix "" { policy = "read" }
  node_prefix ""    { policy = "read" }
}
```

This PR contains just the backend changes. The frontend changes to
actually pass the consul token header to the proxy through the JS plugin
will come in another PR.
2020-11-04 12:50:03 -06:00
hashicorp-ci a2315bc839 auto-updated agent/uiserver/bindata_assetfs.go from commit 0f6c0a5c1 2020-11-04 09:37:51 +00:00
John Cowen 0f6c0a5c13
ui: Metrics - Provide a fetch-like http client that automatically adds the current ACL token (#9094)
* Remove local httpGet and shim one in from options

* Add custom httpGet to pass through to provider

* Make a fetch wrapper that adds your token

* Pass the fetch like fetchWithToken wrapper through to the provider

* Fix up httpGet to encode query params again and use fetch-like
2020-11-04 09:33:37 +00:00
hashicorp-ci 1a5d4cfe43 auto-updated agent/uiserver/bindata_assetfs.go from commit d5d4155e1 2020-11-03 14:14:58 +00:00
John Cowen d5d4155e1a
ui: Storybook Install (#9049)
* ui: Install storybook into the main project

* Add a basic story for a notice

* Remove empty dependencies
2020-11-03 14:09:39 +00:00
R.B. Boyer 44bd8bd2ae
use the docker proxy for more envoy integration test containers (#9085) 2020-11-02 14:52:33 -06:00
R.B. Boyer 957293d884
wait_for_namespace should take two args (#9086) 2020-11-02 14:31:19 -06:00
hashicorp-ci 738ff1801f auto-updated agent/uiserver/bindata_assetfs.go from commit 56c2ff56e 2020-11-02 18:43:31 +00:00
Kenia 56c2ff56e4
ui: Update to not return metrics for ingress gateways (#9081) 2020-11-02 13:38:43 -05:00
Alvin Huang ae6185a554
use hashicorp docker mirror in envoy helper (#9080) 2020-11-02 11:37:03 -06:00
R.B. Boyer d7b37e3c6e
fix envoy integ test wait_for_namespace to actually work on CI (#9082) 2020-11-02 11:14:48 -06:00
hashicorp-ci c28f489a9a auto-updated agent/uiserver/bindata_assetfs.go from commit bf32a1799 2020-11-02 16:11:45 +00:00
John Cowen bf32a17994
ui: Remove string casting when passing index/checked for dropmenus (#9077)
* ui: Remove string casting when passing index/checked

* Check for e.target
2020-11-02 16:07:08 +00:00
hashicorp-ci 907c4ad789 auto-updated agent/uiserver/bindata_assetfs.go from commit 314eeda95 2020-11-02 14:40:27 +00:00
John Cowen 314eeda957
ui: Use eslint vs ember-cli-lint, sass vs dart-sass (#9078)
These two dependency changes means that @hashicorp/pds-ember can be
installed and used without any build/dependency issues
2020-11-02 14:35:10 +00:00
Alvin Huang ea88956c9c
use hashicorp docker mirror to prevent rate limit (#9070) 2020-10-30 17:59:13 -04:00
R.B. Boyer a66c4591d7
agent: introduce path allow list for requests going through the metrics proxy (#9059)
Added a new option `ui_config.metrics_proxy.path_allowlist`. This defaults to `["/api/v1/query", "/api/v1/query_range"]` when the metrics provider is set to `prometheus`.

Requests that do not use one of the allow-listed paths (via exact match) get a 403 Forbidden response instead.
2020-10-30 16:49:54 -05:00
hashicorp-ci b3bf1229ac auto-updated agent/uiserver/bindata_assetfs.go from commit cf2cfbaf2 2020-10-30 15:27:01 +00:00
R.B. Boyer cf2cfbaf2e
ui: make metrics work again (#9072)
Fixes regression from #9040
2020-10-30 10:21:57 -05:00
R.B. Boyer fa4b0854fb
state: ensure we unblock intentions queries upon the upgrade to config entries (#9062)
1. do a state store query to list intentions as the agent would do over in `agent/proxycfg` backing `agent/xds`
2. upgrade the database and do a fresh `service-intentions` config entry write
3. the blocking query inside of the agent cache in (1) doesn't notice (2)
2020-10-29 15:28:31 -05:00
Daniel Nephin e14a9a725e
Merge pull request #9068 from hashicorp/restore-test-signature
restore prior signature of test helper so enterprise compiles
2020-10-29 15:22:30 -04:00
R.B. Boyer b24b4169e1 restore prior signature of test helper so enterprise compiles 2020-10-29 13:52:15 -05:00
hashicorp-ci 01dbf43fb1 auto-updated agent/uiserver/bindata_assetfs.go from commit 1d6961248 2020-10-29 18:33:41 +00:00
Mike Morris 1d6961248c
ui: Update node_modules deps path in GNUMakefile (#9066)
Updates `node_modules` path/makefile target to fix top-level `make ui` command.
2020-10-29 13:28:55 -05:00
Daniel Nephin afad68c033
Merge pull request #9025 from hashicorp/dnephin/streaming-options
streaming: Use a no-op event publisher if streaming is disabled
2020-10-29 13:36:51 -04:00
s-christoff 79ce24e9fc
cli: Add JSON and Pretty Print formatting for `consul snapshot inspect` (#9006) 2020-10-29 11:31:14 -05:00
Kim Ngo a670f7a098
docs: Add links in CTS docs for the community to get involved (#9060) 2020-10-29 10:07:20 -05:00
Daniel Nephin 3dfb7c224b stream: Use a no-op event publisher if streaming is disabled 2020-10-28 13:54:19 -04:00
Daniel Nephin bc07901527
Merge pull request #9058 from hashicorp/dnephin/fix-broken-github-workflow
Remove the workflow file
2020-10-28 13:11:36 -04:00
Daniel Nephin 06888839d6 Remove the workflow file
The comment out file causes github to send us error emails on every commit
2020-10-28 13:09:29 -04:00
Daniel Nephin 23eee604c9 store: use a ReadDB for snapshots
to remove the cyclic dependency between the snapshot handlers and the state.Store
2020-10-28 13:07:42 -04:00
R.B. Boyer b724e096c2
add namespace waiting function to envoy integration tests (#9051) 2020-10-28 11:58:40 -05:00
Daniel Nephin 7b9ee25956
Merge pull request #9026 from hashicorp/dnephin/streaming-without-cache-query-param
streaming: rename config and remove requirement for cache=1
2020-10-28 12:33:25 -04:00
Daniel Nephin 477d665309
Merge pull request #8618 from hashicorp/dnephin/remove-txn-readtxn
state: Use ReadTxn everywhere
2020-10-28 12:32:47 -04:00
R.B. Boyer 8e70c3fc25
missed adding the test delay to the l7-intentions envoy integration test (#9052) 2020-10-28 08:43:11 -05:00
Jono Sosulska 97eac7e4c8
Turn off issue labeler for now (#9054) 2020-10-27 17:34:16 -04:00
Kyle Havlovitz 9f893307de
Merge pull request #9053 from hashicorp/vault-token-lookupself
connect: Use the lookup-self endpoint for Vault token
2020-10-27 14:34:03 -07:00
Daniel Nephin 1a5af13fce
Merge pull request #8974 from hashicorp/dnephin/grpc-counter-metrics
agent/grpc: add counter metrics
2020-10-27 17:10:05 -04:00
Daniel Nephin 62c9124011 docs: Add the new metrics to telemetry.mdx 2020-10-27 16:49:50 -04:00
Daniel Nephin f0ac093fef agent/grpc: add connection count metrics
Gauge metrics are great for understanding the current state, but can somtimes hide problems
if there are many disconnect/reconnects.

This commit adds counter metrics for connections and streams to make it easier to see the
count of newly created connections and streams.
2020-10-27 16:49:49 -04:00
Daniel Nephin 5319ba02b0 agent/grpc: rename metrics
These new names should make it easier to add counter metics with similar prefixes
2020-10-27 16:49:49 -04:00
Daniel Nephin c82d6aa4ff
Merge pull request #8961 from hashicorp/dnephin/grpc-resolve-node-id
agent/grpc: fix some test flakes and handle duplicate server IDs in the pool
2020-10-27 16:47:37 -04:00
Daniel Nephin 74ac34e358
Merge pull request #8998 from hashicorp/dnephin/lib-ttlcache
lib/ttlcache: extract a new package from agent/cache
2020-10-27 16:43:10 -04:00
Daniel Nephin 0f81915495
Merge pull request #8987 from hashicorp/dnephin/stream-filter
streaming: apply filter to a single item
2020-10-27 16:39:43 -04:00
Daniel Nephin 8bcd5040c7 agent/grpc: Add an integration test for ClientPool with TLS
Also deregister the resolver.Builder in tests.
2020-10-27 16:34:18 -04:00
Daniel Nephin e9479175a4 tlsutil: remove unused UseTLS field 2020-10-27 16:34:17 -04:00
Daniel Nephin 8a785a351c agent/grpc: pass metrics to constructor
Instead of referencing a package var. This does not fix the flaky test, but it seems more correct.
2020-10-27 16:34:17 -04:00
Daniel Nephin d19657404f agent/grpc: fix a flaky test by performing more retries
Instead of using retry.Run, which appears to have problems in some cases where it does not
emit an error message, use a for loop.

Increase the number of attempts and remove any sleep, since this operation is not that expensive to do
in a tight loop
2020-10-27 16:34:17 -04:00
Daniel Nephin df405ac978 agent/grpc: remove misleading warnings from test output
Handle shutdown properly in tests so that the tests don't warn about using a closed connection.
2020-10-27 16:34:16 -04:00
Daniel Nephin e101aa8a74 agent/grpc: fix a flake in TestHandler_EmitsStats 2020-10-27 16:34:16 -04:00