Commit Graph

20335 Commits

Author SHA1 Message Date
John Maguire 6c8ca0f89d
NET-4984: Update APIGW Config Entries for JWT Auth (#18366)
* Added oss config entries for Policy and JWT on APIGW

* Updated structs for config entry

* Updated comments, ran deep-copy

* Move JWT configuration into OSS file

* Add in the config entry OSS file for jwts

* Added changelog

* fixing proto spacing

* Moved to using manually written deep copy method

* Use pointers for override/default fields in apigw config entries

* Run gen scripts for changed types
2023-08-10 19:49:51 +00:00
Michael Zalimeni 05604eeec1
[NET-5217] [OSS] Derive sidecar proxy locality from parent service (#18437)
* Add logging to locality policy application

In OSS, this is currently a no-op.

* Inherit locality when registering sidecars

When sidecar locality is not explicitly configured, inherit locality
from the proxied service.
2023-08-10 14:00:44 -04:00
Semir Patel bee12c6b1f
resource: Make resource write tenancy aware (#18423) 2023-08-10 09:53:38 -05:00
Gerard Nguyen 10f69d86d0
docs: fix incorrect proxy-defaults config in Lua Envoy extension (#18418)
fix incorrect proxy-defaults config
2023-08-10 10:33:19 +10:00
Eddie Rowe bb1a288b74
update ECS links (#18419) 2023-08-09 21:14:17 +00:00
Dan Stough 948ce8bc23
build: updates for 1.16.1 release (#18415)
* build: updates for 1.16.1 release

* build: fix missing replace directive for envoyextensions

* build: go mod tidy testing/deployer
2023-08-09 17:12:34 -04:00
wangxinyi7 facd5b0ec1
fix the error in ent repo (#18421)
fix the error in ent repo
2023-08-09 09:36:58 -07:00
R.B. Boyer 42efc11b4e
catalog: adding a controller to reconcile FailoverPolicy resources (#18399)
Add most of the semantic cross-resource validation for FailoverPolicy resources using a new controller.
2023-08-09 11:02:17 -05:00
sarahalsmiller e235c8be3c
NET-5115 Add retry + timeout filters for api-gateway (#18324)
* squash, implement retry/timeout in consul core

* update tests
2023-08-08 16:39:46 -05:00
R.B. Boyer bfc519f293
catalog: add FailoverPolicy mutation and validation hooks (#18390)
Add most of the validation and mutation hooks for the FailoverPolicy resource.
2023-08-08 14:42:43 -05:00
Matt Keeler 91d331bbaa
Add ServiceEndpoints Mutation hook tests (#18404)
* Add ServiceEndpoints Mutation hook tests

* Move endpoint owner validation into the validation hook

Also there were some minor changes to error validation to account for go-cmp not liking to peer through an errors.errorstring type that get created by errors.New
2023-08-08 15:22:14 -04:00
cskh 43d8898e08
bump testcontainers-go from 0.22.0 and remove pinned go version in in… (#18395)
* bump testcontainers-go from 0.22.0 and remove pinned go version in integ test

* go mod tidy

* Replace deprecated target.Authority with target.URL.Host
2023-08-08 18:08:14 +00:00
cskh 7902ae20a1
Upgrade test: remove outdated test and disable log due to verbosity (#18403)
* remove outdated test

* disable log since we have too many parallel tests
2023-08-08 13:16:32 -04:00
trujillo-adam 2096f23188
replaced ordered list of rate limit ops with flow diagram (#18398)
* replaced ordered list of rate limit ops with flow diagram

* made diagram font bigger

* updated colors for dark mode img

* fixed typo

* recentered dark mode image

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-08-08 16:49:01 +00:00
Ashesh Vidyut 96ce4daefa
Not using chmod - fixed integration test for Enterprise (#18401)
* Not using chmod

* checking icacls

* Removed push
2023-08-08 07:12:03 +00:00
Semir Patel 63cc037110
resource: Make resource read tenancy aware (#18397) 2023-08-07 16:37:03 -05:00
R.B. Boyer 48effe5f8a
chore: make go-mod-tidy (#18388) 2023-08-07 14:02:34 -05:00
Ashesh Vidyut 417ae9fc39
Fix #17730 - Dev mode has new line (#18367)
* adding new line only in case of pretty in url not in dev mode

* change log added
2023-08-05 08:15:24 +05:30
Andrea Scarpino 38c356c39b
[docs] Fix ServiceDefaults example in distributed tracing (#17212)
Fix ServiceDefaults example in distributed tracing.
2023-08-04 23:07:06 +00:00
R.B. Boyer 1ebd001a07
bimapper: fix a bug and add some more test coverage (#18387) 2023-08-04 16:45:10 -05:00
wangxinyi7 1f28ac2664
expose grpc as http endpoint (#18221)
expose resource grpc endpoints as http endpoints
2023-08-04 11:27:48 -07:00
Tu Nguyen 0a48a24a2f
Add redirects for mesh-gateway docs (#18377) 2023-08-04 16:36:21 +00:00
R.B. Boyer 89aac4b098
add some initial CODEOWNERS (#18346) 2023-08-03 16:22:18 -05:00
Jeremy Jacobson 8e5e16de60
Fix policy lookup to allow for slashes (#18347)
* Fix policy lookup to allow for slashes

* Fix suggestions

* Fix other test

* Revert some lines
2023-08-03 13:21:43 -07:00
Dan Stough 284e3bdb54
[OSS] test: xds coverage for routes (#18369)
test: xds coverage for routes
2023-08-03 15:03:02 -04:00
R.B. Boyer 9c227e2c36
mesh: adding the protobuf types and resources backing mesh config v2 (#18351) 2023-08-03 13:42:04 -05:00
Michael Zalimeni 905e371607
[NET-5146] security: Update Go version to 1.20.7 and `x/net` to 0.13.0 (#18358)
* Update Go version to 1.20.7

This resolves [CVE-2023-29409]
(https://nvd.nist.gov/vuln/detail/CVE-2023-29409)(`crypto/tls`).

* Bump golang.org/x/net to 0.13.0

Addresses [CVE-2023-3978](https://nvd.nist.gov/vuln/detail/CVE-2023-3978)
for security scans (non-impacting).
2023-08-02 13:10:29 -04:00
Iryna Shustava a33001f4d4
Register ProxyStateTemplate Resource (#18316)
Also, change the ProxyState.id to identity. This is because we already have the id of this proxy
  from the resource, and this id should be name-aligned with the workload it represents. It should
  also have the owner ref set to the workload ID if we need that. And so the id field seems unnecessary.
  We do, however, need a reference to workload identity so that we can authorize the proxy when it initially
  connects to the xDS server.
2023-08-02 08:15:13 -06:00
Ashesh Vidyut 67fc93e26d
NET-4240 - Snapshots are failing on Windows (#18302)
* fix go mod

* fix go sum

* added change log

* ran make go mod tidy
2023-08-02 08:14:35 +05:30
Ashvitha 828567c62e
[HCP Telemetry] Periodic Refresh for Dynamic Telemetry Configuration (#18168)
* OTElExporter now uses an EndpointProvider to discover the endpoint

* OTELSink uses a ConfigProvider to obtain filters and labels configuration

* improve tests for otel_sink

* Regex logic is moved into client for a method on the TelemetryConfig object

* Create a telemetry_config_provider and update deps to use it

* Fix conversion

* fix import newline

* Add logger to hcp client and move telemetry_config out of the client.go file

* Add a telemetry_config.go to refactor client.go

* Update deps

* update hcp deps test

* Modify telemetry_config_providers

* Check for nil filters

* PR review updates

* Fix comments and move around pieces

* Fix comments

* Remove context from client struct

* Moved ctx out of sink struct and fixed filters, added a test

* Remove named imports, use errors.New if not fformatting

* Remove HCP dependencies in telemetry package

* Add success metric and move lock only to grab the t.cfgHahs

* Update hash

* fix nits

* Create an equals method and add tests

* Improve telemetry_config_provider.go tests

* Add race test

* Add missing godoc

* Remove mock for MetricsClient

* Avoid goroutine test panics

* trying to kick CI lint issues by upgrading mod

* imprve test code and add hasher for testing

* Use structure logging for filters, fix error constants, and default to allow all regex

* removed hashin and modify logic to simplify

* Improve race test and fix PR feedback by removing hash equals and avoid testing the timer.Ticker logic, and instead unit test

* Ran make go-mod-tidy

* Use errtypes in the test

* Add changelog

* add safety check for exporter endpoint

* remove require.Contains by using error types, fix structure logging, and fix success metric typo in exporter

* Fixed race test to have changing config values

* Send success metric before modifying config

* Avoid the defer and move the success metric under
2023-08-01 17:20:18 -04:00
John Landa 2a8bf5df61
Wasm integration tests for local and remote wasm files (#17756)
* wasm integration tests for local and remote wasm files

refactoring and cleanup for wasm testing

remove wasm debug logging

PR feedback, wasm build lock

correct path pattern for wasm build files

Add new helper function to minimize changes to existing test code

Remove extra param

mod tidy

add custom service setup to test lib

add wait until static server sidecar can reach nginx sidecar

Doc comments

PR feedback

Update workflows to compile wasm for integration tests

Fix docker build path

Fix package name for linter

Update makefile, fix redeclared function

Update expected wasm filename

Debug test ls in workflow

remove pwd in favor of relative path

more debugging

Build wasm in compatability tests as well

Build wasm directly in ci rather than in container

Debug tinygo and llvm version

Change wasm file extension

Remove tinygo debugging

Remove extra comments

* Add compiled wasm and build instructions
2023-08-01 15:49:39 -05:00
R.B. Boyer 13ce787a3f
resource: adding various helpers for working with resources (#18342)
This is a bit of a grab bag of helpers that I found useful for working with them when authoring substantial Controllers. Subsequent PRs will make use of them.
2023-08-01 13:39:15 -05:00
Nitya Dhanushkodi e459399e39
[NET-5121] proxystate: move protos to subdirectory to avoid conflicts (#18335)
* also makes a few protos updates
2023-08-01 17:35:17 +00:00
Jeremy Jacobson 6424ef6a56
[CC-5719] Add support for builtin global-read-only policy (#18319)
* [CC-5719] Add support for builtin global-read-only policy

* Add changelog

* Add read-only to docs

* Fix some minor issues.

* Change from ReplaceAll to Sprintf

* Change IsValidPolicy name to return an error instead of bool

* Fix PolicyList test

* Fix other tests

* Apply suggestions from code review

Co-authored-by: Paul Glass <pglass@hashicorp.com>

* Fix state store test for policy list.

* Fix naming issues

* Update acl/validation.go

Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>

* Update agent/consul/acl_endpoint.go

---------

Co-authored-by: Paul Glass <pglass@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
2023-08-01 17:12:14 +00:00
Ronald bb6fc63823
fix typo in create a mesh token docs (#18337) 2023-08-01 10:18:08 -04:00
Blake Covarrubias 3894940824
docs: Simplify example jq commands by removing pipes (#18327)
Simplify jq command examples by removing pipes to other commands.
2023-07-31 21:01:39 +00:00
Michael Zalimeni b1b05f0bac
[NET-4703] Prevent partial application of Envoy extensions (#18068)
Prevent partial application of Envoy extensions

Ensure that non-required extensions do not change xDS resources before
exiting on failure by cloning proto messages prior to applying each
extension.

To support this change, also move `CanApply` checks up a layer and make
them prior to attempting extension application, s.t. we avoid
unnecessary copies where extensions can't be applied.

Last, ensure that we do not allow panics from `CanApply` or `Extend`
checks to escape the attempted extension application.
2023-07-31 15:24:33 -04:00
cui fliter 18a5edd232
docs: Fix some comments (#17118)
Signed-off-by: cui fliter <imcusg@gmail.com>
2023-07-31 10:56:09 -07:00
Ronald 356b29bf35
Stop JWT provider from being written in non default namespace (#18325) 2023-07-31 09:13:16 -04:00
Florian Apolloner 6ada2e05ff
Fix topology view when displaying mixed connect-native/normal services. (#13023)
* Fix topoloy intention with mixed connect-native/normal services.

If a service is registered twice, once with connect-native and once
without, the topology views would prune the existing intentions. This
change brings the code more in line with the transparent proxy behavior.

* Dedupe nodes in the ServiceTopology ui endpoint (like done with tags).

* Consider a service connect-native as soon as one instance is.
2023-07-31 08:10:55 -04:00
Curt Bushko 449e050741
Update actions for TSCCR (#18317)
Update action versions before deadline
2023-07-28 12:49:23 -04:00
Michael Zalimeni cbfeb6c8af
[NET-4904] Update list of Envoy versions in docs (#18306)
Update list of Envoy versions in docs

Update supported Envoy versions across Consul release versions.
2023-07-27 15:47:02 +00:00
Michael Zalimeni cf4deeb7ea
Update list of Envoy versions (#18300)
Update supported envoy versions to 1.24.10, 1.25.9, 1.26.4, 1.27.0.
2023-07-26 21:48:29 +00:00
Paul Glass 09b251ff77
Update K8s changelog to address cloud auto-join change in 1.0.0 (#18293) 2023-07-26 15:25:27 -05:00
Nathan Coleman 5caa0ae3f5
api-gateway: subscribe to bound-api-gateway only after receiving api-gateway (#18291)
* api-gateway: subscribe to bound-api-gateway only after receiving api-gateway

This fixes a race condition due to our dependency on having the listener(s) from the api-gateway config entry in order to fully and properly process the resources on the bound-api-gateway config entry.

* Apply suggestions from code review

* Add changelog entry
2023-07-26 16:02:04 -04:00
Jeff Boruszak e29ceab2f9
docs: K8s secondary DC requirements (#18280)
* Requested edit

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-07-26 18:42:56 +00:00
Michael Zalimeni e37f702d92
Fix typo in Envoy extensions doc (#18284) 2023-07-26 17:02:41 +00:00
Jeff Boruszak d147c3e5cd
docs: Consul on Kubernetes specific upgrade info (#18230)
* Compatibility page - dataplanes mention

* Upgrading higher-level dataplane mention

* `exec=` string callout

* More visible for upgrade page

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-07-26 07:03:07 -07:00
Gautam 02cf17758d
docs: Update ext-authz documentation for kubernetes (#18281)
Update ext-authz documentation for kubernetes
2023-07-26 00:38:39 +00:00
Dan Bond 9b540e29bc
go-tests: disable s390x (#18273) 2023-07-25 10:58:12 -07:00