Commit Graph

9487 Commits

Author SHA1 Message Date
danielehc 1e5c56f1aa Adding quorum note on leave command page (#5102)
Reusing the same phrasing as  https://github.com/hashicorp/consul/pull/5095/ to provide info on the effects of the `consul leave` command on Consul quorum
2019-01-25 14:20:48 -06:00
R.B. Boyer 607f0df628
ui: pin to using bundler v1 for now (#5274) 2019-01-25 14:07:50 -06:00
Geoffrey Grosenbach 4639466618 Corrects `defile` to `defined` (#5262) 2019-01-25 13:45:08 -06:00
Jack Pearkes d51471c9b0 fix broken link (#5273) 2019-01-25 11:40:31 -06:00
Matt Hoey c39ffad100 website: reference last command's last field instead of background PID (#5264) 2019-01-25 17:30:38 +01:00
R.B. Boyer e9a2eab316
speed up TestHTTPAPI_MethodNotAllowed_OSS from 11s -> 0.5s (#5268) 2019-01-25 10:01:21 -06:00
Hans Hasselberg 552e150536 correct name 2019-01-25 11:00:56 +01:00
Hans Hasselberg aebb50d47d simpler fix 2019-01-24 17:12:08 +01:00
Hans Hasselberg 5db185a7e4 do not export that type 2019-01-24 17:05:57 +01:00
Hans Hasselberg 7f44100101 fix marshalling 2019-01-24 17:03:26 +01:00
Hans Hasselberg d4790b2827 demo nomad problem 2019-01-24 16:45:54 +01:00
Paul Banks 89af3bc8f5
Update services.html.md 2019-01-24 12:41:43 +00:00
banks 3e299c0192 Putting source back into Dev Mode 2019-01-23 22:22:05 +00:00
banks 02dab68268 Merge branch 'master' of https://github.com/hashicorp/consul 2019-01-23 22:19:27 +00:00
Jack Pearkes 27e2269153
Update CHANGELOG.md 2019-01-23 14:17:09 -08:00
banks 1d83ebf65d Bump website version 2019-01-23 22:16:20 +00:00
Jack Pearkes 0fd2902ce3
Update CHANGELOG.md 2019-01-23 14:15:57 -08:00
banks 65d2c9b51d
Release v1.4.1 2019-01-23 20:53:20 +00:00
Matt Keeler 39d113e0d3
Update CHANGELOG.md 2019-01-23 15:49:59 -05:00
Matt Keeler 9715e1a08e
Basic TLS Command Tests (#5259)
* Add tls ca create tests

* Add a basic tls cert create test
2019-01-23 15:48:57 -05:00
Matt Keeler d5a3ba6cda
Disregard rules when set on a management token (#5261)
* Disregard rules when set on a management token

* Add unit test for legacy mgmt token with rules
2019-01-23 15:48:38 -05:00
Matt Keeler 1f2d1d4f75
Fix typo that prevented using the default ca domain for tls cert creation (#5258) 2019-01-23 13:14:28 -05:00
Matt Keeler ec712b7ecf
Update to Go 1.11.4 and UI build container (#5257)
* Update to Go 1.11.4

* Update to Go 1.11.4 for travis

* Update UI build to fix ember issues.
2019-01-23 12:56:39 -05:00
Matt Keeler c5812c376b
Update CHANGELOG.md 2019-01-23 10:13:40 -05:00
Saurabh Deoras 2eca399d4c fix for arm32 (#5130)
Signed-off-by: Saurabh Deoras <sdeoras@gmail.com>
2019-01-23 10:09:01 -05:00
Paul Banks 07ec7988a4
Update CHANGELOG.md 2019-01-23 14:33:38 +00:00
Diogenes S. Jesus f0e081bf88 Fix repeating wording in sentence (#5256)
Fix `to join to join` typo
2019-01-23 09:12:41 -05:00
John Cowen 3a0b0b2b65
Update CHANGELOG.md 2019-01-23 13:57:07 +00:00
John Cowen a35fe7c5ba
ui: Removes delete button form pages that show your current token (#5241)
Tokens can no longer delete themselves see:

https://github.com/hashicorp/consul/pull/5210

...so we remove the button to allow you to do that from the UI
2019-01-23 13:51:36 +00:00
John Cowen c8386ec0cc
UI: [BUGFIX] Decode/encode urls (#5206)
In 858b05fc31 (diff-46ef88aa04507fb9b039344277531584)
we removed encoding values in pathnames as we thought they were
eventually being encoded by `ember`. It looks like this isn't the case.

Turns out sometimes they are encoded sometimes they aren't. It's complicated.
If at all possible refer to the PR https://github.com/hashicorp/consul/pull/5206.

It's related to the difference between `dynamic` routes and `wildcard` routes.

Partly related to this is a decision on whether we urlencode the slashes within service names or not. Whilst historically we haven't done this, we feel its a good time to change this behaviour, so we'll also be changing services to use dynamic routes instead of wildcard routes. So service links will then look like /ui/dc-1/services/application%2Fservice rather than /ui/dc-1/services/application/service

Here, we define our routes in a declarative format (for the moment at least JSON) outside of Router.map, and loop through this within Router.map to set all our routes using the standard this.route method. We essentially configure our Router from the outside. As this configuration is now done declaratively outside of Router.map we can also make this data available to href-to and paramsFor, allowing us to detect wildcard routes and therefore apply urlencoding/decoding.

Where I mention 'conditionally' below, this is detection is what is used for the decision.

We conditionally add url encoding to the `{{href-to}}` helper/addon. The
reasoning here is, if we are asking for a 'href/url' then whatever we
receive back should always be urlencoded. We've done this by reusing as much
code from the original `ember-href-to` addon as possible, after this
change every call to the `{{href-to}}` helper will be urlencoded.

As all links using `{{href-to}}` are now properly urlencoded. We also
need to decode them in the correct place 'on the other end', so..

We also override the default `Route.paramsFor` method to conditionally decode all
params before passing them to the `Route.model` hook.

Lastly (the revert), as we almost consistently use url params to
construct API calls, we make sure we re-encode any slugs that have been
passed in by the user/developer. The original API for the `createURL`
function was to allow you to pass values that didn't need encoding,
values that **did** need encoding, followed by query params (which again
require url encoding)

All in all this should make the entire ember app url encode/decode safe.
2019-01-23 13:46:59 +00:00
Matt Keeler 8f0d622a54
Revendor serf to pull in keyring list truncation changes. (#5251) 2019-01-22 16:07:04 -05:00
Hans Hasselberg 0da4502740
website: update nokogiri (#5252) 2019-01-22 21:49:16 +01:00
Hans Hasselberg 88058879dc
Update CHANGELOG.md 2019-01-22 21:17:39 +01:00
Hans Hasselberg 174099593a
agent: display messages from serf in cli (#5236)
* display messages from serf in cli
2019-01-22 21:08:50 +01:00
Kyle Havlovitz 2abc48c1eb
Update CHANGELOG.md 2019-01-22 11:35:45 -08:00
Kyle Havlovitz 8851505892
Merge pull request #5250 from hashicorp/forward-intention-rpcs
connect: Forward intention RPCs if this isn't the primary
2019-01-22 11:32:55 -08:00
Kyle Havlovitz 88c044759f
connect: Forward intention RPCs if this isn't the primary 2019-01-22 11:29:21 -08:00
Kyle Havlovitz 6b28434f8a
Merge pull request #5249 from hashicorp/ca-fixes-oss
Minor CA fixes
2019-01-22 11:25:09 -08:00
Kyle Havlovitz 46ef7dc1fb
Update CHANGELOG.md 2019-01-22 11:20:50 -08:00
Kyle Havlovitz 5bdf130767
Merge pull request #4869 from hashicorp/txn-checks
Add node/service/check operations to transaction api
2019-01-22 11:16:09 -08:00
Kyle Havlovitz a28ba4687d
connect/ca: return a better error message if the CA isn't fully initialized when signing 2019-01-22 11:15:09 -08:00
Matt Keeler 922baf811c
Update CHANGELOG.md 2019-01-22 13:18:14 -05:00
Matt Keeler 579a8b32ed
Fix several ACL token/policy resolution issues. (#5246)
* Fix 2 remote ACL policy resolution issues

1 - Use the right method to fire async not found errors when the ACL.PolicyResolve RPC returns that error. This was previously accidentally firing a token result instead of a policy result which would have effectively done nothing (unless there happened to be a token with a secret id == the policy id being resolved.

2. When concurrent policy resolution is being done we single flight the requests. The bug before was that for the policy resolution that was going to piggy back on anothers RPC results it wasn’t waiting long enough for the results to come back due to looping with the wrong variable.

* Fix a handful of other edge case ACL scenarios

The main issue was that token specific issues (not able to access a particular policy or the token being deleted after initial fetching) were poisoning the policy cache.

A second issue was that for concurrent token resolutions, the first resolution to get started would go fetch all the policies. If before the policies were retrieved a second resolution request came in, the new request would register watchers for those policies but then never block waiting for them to complete. This resulted in using the default policy when it shouldn't have.
2019-01-22 13:14:43 -05:00
Paul Banks ef9f27cbc8
connect: tame thundering herd of CSRs on CA rotation (#5228)
* Support rate limiting and concurrency limiting CSR requests on servers; handle CA rotations gracefully with jitter and backoff-on-rate-limit in client

* Add CSR rate limiting docs

* Fix config naming and add tests for new CA configs
2019-01-22 17:19:36 +00:00
R.B. Boyer d3eb781384 Check ACLs more often for xDS endpoints.
For established xDS gRPC streams recheck ACLs for each DiscoveryRequest
or DiscoveryResponse. If more than 5 minutes has elapsed since the last
ACL check, recheck even without an incoming DiscoveryRequest or
DiscoveryResponse. ACL failures will terminate the stream.
2019-01-22 11:12:40 -06:00
kaitlincarter-hc 3e45da1414
Add acl.enable_key_list_policy to agent config docs. (#5227)
* Adding key list parameter to agent config docs.

* Fixed typo in master token section

* Updated based on comments from Paul and Matt.
2019-01-22 10:20:05 -06:00
Kyle Havlovitz ddc4a8d848
oss: add the enterprise server stub for intention replication check 2019-01-18 17:32:10 -08:00
R.B. Boyer 2dea3e2bd7 Fix some test typos. 2019-01-18 16:12:43 -06:00
Matt Keeler 884b2e00af
Update CHANGELOG.md 2019-01-18 12:45:51 -05:00
Matt Keeler 7e6b3e6a0c
Implement prepared query upstreams watching for envoy (#5224)
Fixes #4969 

This implements non-blocking request polling at the cache layer which is currently only used for prepared queries. Additionally this enables the proxycfg manager to poll prepared queries for use in envoy proxy upstreams.
2019-01-18 12:44:04 -05:00