Commit Graph

15118 Commits

Author SHA1 Message Date
Dhia Ayachi 6390e91be5
Add ca certificate metrics (#10504)
* add intermediate ca metric routine

* add Gauge config for intermediate cert

* Stop metrics routine when stopping leader

* add changelog entry

* updage changelog

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* use variables instead of a map

* go imports sort

* Add metrics for primary and secondary ca

* start metrics routine in the right DC

* add telemetry documentation

* update docs

* extract expiry fetching in a func

* merge metrics for primary and secondary into signing ca metric

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-07-07 09:41:01 -04:00
hc-github-team-consul-core 97831bf3dc auto-updated agent/uiserver/bindata_assetfs.go from commit 6fbeea5de 2021-07-07 10:51:32 +00:00
John Cowen 6fbeea5def
ui: Don't default to the default namespace, use the token default namespace instead (#10503)
The default namespace, and the tokens default namespace (or its origin namespace) is slightly more complicated than other things we deal with in the UI, there's plenty of info/docs on this that I've added in this PR.

Previously:

When a namespace was not specified in the URL, we used to default to the default namespace. When you logged in using a token we automatically forward you the namespace URL that your token originates from, so you are then using the namespace for your token by default. You can of course then edit the URL to remove the namespace portion, or perhaps revisit the UI at the root path with you token already set. In these latter cases we would show you information from the default namespace. So if you had no namespace segment/portion in the URL, we would assume default, perform actions against the default namespace and highlight the default namespace in the namespace selector menu. If you wanted to perform actions in your tokens origin namespace you would have to manually select it from the namespace selector menu.

This PR:

Now, when you have no namespace segment/portion in the URL, we use the token's origin namespace instead (and if you don't have a token, we then use the default namespace like it was previously)

Notes/thoughts:

I originally thought we were showing an incorrectly selected namespace in the namespace selector, but it also matched up with what we were doing with the API, so it was in fact correct. The issue was more that we weren't selecting the origin namespace of the token for the user when a namespace segment was omitted from the URL. Seeing as we automatically forward you to the tokens origin namespace when you log in, and we were correctly showing the namespace we were acting on when you had no namespace segment in the URL (in the previous case default), I'm not entirely sure how much of an issue this actually was.

This characteristic of namespace+token+namespace is a little weird and its easy to miss a subtlety or two so I tried to add some documentation in here for future me/someone else (including some in depth code comment around one of the API endpoints where this is very subtle and very hard to miss). I'm not the greatest at words, so would be great to get some edits there if it doesn't seem clear to folks.

The fact that we used to save your previous datacenter and namespace into local storage for reasons also meant the interaction here was slightly more complicated than it needed to be, so whilst we were here we rejigged things slightly to satisfy said reasons still but not use local storage (we try and grab the info from higher up). A lot of the related code here is from before we had our Routlets which I think could probably make all of this a lot less complicated, but I didn't want to do a wholesale replacement in this PR, we can save that for a separate PR on its own at some point.
2021-07-07 11:46:41 +01:00
Jared Kirschner e517e744af
Merge pull request #10559 from jkirschner-hashicorp/fix-autopilot-config-post-default-values
Fix defaults for autopilot config update
2021-07-06 19:19:52 -04:00
hc-github-team-consul-core 00f4d94139 auto-updated agent/uiserver/bindata_assetfs.go from commit 2c4f22a9f 2021-07-06 22:54:28 +00:00
Daniel Nephin 2c4f22a9f0
Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period
ca: remove unused RotationPeriod field
2021-07-06 18:49:33 -04:00
Daniel Nephin d1c9d9bc68 config: unexport the remaining builder methods
And remove BuildAndValidate. This commit completes some earlier work to reduce the config
interface a single Load function.

The last remaining test was converted to use Load instad of BuildAndValidate.
2021-07-06 18:42:09 -04:00
Jared Kirschner 1353ee4b21 Add changelog for PR 10559 2021-07-06 18:39:40 -04:00
Jared Kirschner 14059c2653 Fix defaults for autopilot config update
Previously, for a POST request to the /v1/operator/autopilot/configuration
endpoint, any fields not included in the payload were set to a zero-initialized
value rather than the documented default value.

Now, if an optional field is not included in the payload, it will be set to its
documented default value:
- CleanupDeadServers:      true
- LastContactThreshold:    "200ms"
- MaxTrailingLogs:         250
- MinQuorum:               0
- ServerStabilizationTime: "10s"
- RedundancyZoneTag:       ""
- DisableUpgradeMigration: false
- UpgradeVersionTag:       ""
2021-07-06 18:39:40 -04:00
Daniel Nephin 179ee0811c Add changelog 2021-07-06 17:57:36 -04:00
Luke Kysow 75b21259a1
Add headings to Helm docs (#10562) 2021-07-06 11:23:10 -07:00
hc-github-team-consul-core c47bcc0d4c auto-updated agent/uiserver/bindata_assetfs.go from commit 74070c095 2021-07-06 16:06:51 +00:00
John Cowen 74070c0955
ui: Add intl debug helpers (#10513)
This commit adds a couple of debug utilities to help us to continue slowly adding i18n support:

- We've added a CONSUL_INTL_DEBUG env/cookie variable to turn off variable interpolation within the t helper so you can see which variables are being interpolated.
- We've added a CONSUL_INTL_LOCALE env/cookie which currently supports two 'pseudo-locales' - la-fk (fake latin) and - (just dashes) either of which will make it easier to see what has not been localized until we can add prettier rules to prevent adding any copy into templates at all. I would guess if we ever translated the app we would use this for looking at things whilst developing also - but as yet I've not adding anything for that here seeing as we don't translate anything.
Both variables are dev-time only and all code for this is removed from the production build.
2021-07-06 17:01:08 +01:00
John Cowen b0d69efcc1
ui: Allow disabling of sourcemaps via env var (#10491) 2021-07-06 16:57:53 +01:00
John Cowen e541a43b37
ui: Fixup definition-table + copy-button margin (#10512) 2021-07-06 16:57:20 +01:00
John Cowen a6996b6ea5
ui: CopyButton amends (#10511)
* ui: Add with-copyable modifier

* Use with-copyable modifier for our own CopyButton

* Move copy-button styling and remove most of `copy-btn`
2021-07-06 16:56:36 +01:00
hc-github-team-consul-core 98cc5aaa35 auto-updated agent/uiserver/bindata_assetfs.go from commit 5f73de6fb 2021-07-06 15:50:57 +00:00
jkirschner-hashicorp 5f73de6fbc
Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable
Replace use of 'sane' where appropriate
2021-07-06 11:46:04 -04:00
Daniel Nephin 3a045cca8d ca: remove unused RotationPeriod field
This field was never used. Since it is persisted as part of a map[string]interface{} it
is pretty easy to remove it.
2021-07-05 19:15:44 -04:00
Daniel Nephin f156bceaf7 contrib: add first draft of ACL docs 2021-07-05 18:25:06 -04:00
Daniel Nephin 7c3e50333d contrib: Add cluster persistence docs
And remove sections from the INTERNALS.md page as they are replaced.
2021-07-05 18:25:06 -04:00
Daniel Nephin d0af0bfc1d contrib: Add CLI docs 2021-07-05 18:25:05 -04:00
Daniel Nephin a202a10e09 contrib: move FAQ into a separate file. 2021-07-05 18:25:05 -04:00
Daniel Nephin b15e5d4719 contributing: start an outline for more docs
Add diagrams for rpc routing and acl entity relationship
contributing: create directory structure for new docs
WIP diagram for catalog entities
Add overview diagram

Co-Authored-By: Kelly Devlin <kdevlin@hashicorp.com>
2021-07-05 18:25:00 -04:00
Daniel Nephin 6117ba3b2e Remove a few unused things from build-support 2021-07-05 13:56:26 -04:00
Jared Kirschner bd536151e1 Replace use of 'sane' where appropriate
HashiCorp voice, style, and language guidelines recommend avoiding ableist
language unless its reference to ability is accurate in a particular use.
2021-07-02 12:18:46 -04:00
David Yu 619eb5875d
docs: Formatting for Ingress Controllers example repos (#10542)
* docs: Formatting for Ingress Controllers example repos
* Update ingress-controllers.mdx
2021-07-01 10:48:40 -07:00
Mike Morris baf38d8477
changelog: add 1.10.0, 1.9.7 and 1.8.13 (#10537) 2021-07-01 13:25:47 -04:00
Kyle Schochenmaier 307f49dd31
docs: Ingress controllers configurations (#10495)
Add high level documentation on how to enable ingress controllers in consul on k8s.

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2021-07-01 11:24:27 -05:00
Dhia Ayachi 9b45107c1e
Format certificates properly (rfc7468) with a trailing new line (#10411)
* trim carriage return from certificates when inserting rootCA in the inMemDB

* format rootCA properly when returning the CA on the connect CA endpoint

* Fix linter warnings

* Fix providers to trim certs before returning it

* trim newlines on write when possible

* add changelog

* make sure all provider return a trailing newline after the root and intermediate certs

* Fix endpoint to return trailing new line

* Fix failing test with vault provider

* make test more robust

* make sure all provider return a trailing newline after the leaf certs

* Check for suffix before removing newline and use function

* Add comment to consul provider

* Update change log

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* fix typo

* simplify code callflow

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* extract requireNewLine as shared func

* remove dependency to testify in testing file

* remove extra newline in vault provider

* Add cert newline fix to envoy xds

* remove new line from mock provider

* Remove adding a new line from provider and fix it when the cert is read

* Add a comment to explain the fix

* Add missing for leaf certs

* fix missing new line

* fix missing new line in leaf certs

* remove extra new line in test

* updage changelog

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* fix in vault provider and when reading cache (RPC call)

* fix AWS provider

* fix failing test in the provider

* remove comments and empty lines

* add check for empty cert in test

* fix linter warnings

* add new line for leaf and private key

* use string concat instead of Sprintf

* fix new lines for leaf signing

* preallocate slice and remove append

* Add new line to `SignIntermediate` and `CrossSignCA`

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-06-30 20:48:29 -04:00
Kenia 2df7d13354
Add changelog to backported bug fix for Topology Metrics (#10538) 2021-06-30 16:51:29 -04:00
Daniel Nephin 690dc41c55
Merge pull request #10515 from hashicorp/dnephin/fix-arm32-atomic-aligment
Fix panic on 32-bit platforms
2021-06-30 16:40:20 -04:00
David Yu c3f0e395f0
docs: remove alpha from 1.10.0 reference for observability on k8s metrics merging (#10528)
The docs note an alpha pre-release version on K8s observability. Updating to only reference the GA 1.10.0 version of Consul for observability on k8s and metrics merging.
2021-06-30 12:18:19 -07:00
Daniel Nephin fa5d627014
Merge pull request #10527 from hashicorp/rename-main-branch
Update references to the main branch
2021-06-30 13:07:09 -04:00
R.B. Boyer 21e855d860
build: ensure make go-build-image target builds tools in isolation (#10534) 2021-06-30 11:36:02 -05:00
Luke Kysow 68c4c232a1
docs: Document setting dashboard_url on k8s (#10510)
It's tricky because the `{{` needs to be escaped with Helm.
2021-06-30 09:16:38 -07:00
Jan Berktold e91996f130
Add rs-consul client to community-provided SDKs list (#10529)
* Add rs-consul

* Update website/content/api-docs/libraries-and-sdks.mdx

Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2021-06-30 10:43:41 -04:00
Blake Covarrubias 8a832635b8
docs: Add Consul 1.10 release notes (#10489)
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2021-06-29 16:08:57 -07:00
Daniel Nephin d3bc19c47d Rename main branch in CHANGELOG and website docs 2021-06-29 18:55:35 -04:00
Daniel Nephin 4d741531b4 Update references to the main branch
The main branch is being renamed from master->main. This commit should
update all references to the main branch to the new name.

Co-Authored-By: Mike Morris <mikemorris@users.noreply.github.com>
2021-06-29 17:17:38 -04:00
Iryna Shustava 1c0beefc73
docs: add docs for running a single Consul dc in multiple k8s clusters (#10508) 2021-06-29 14:23:36 -06:00
Daniel Nephin 3b04326025 ci: add go-test-32bit and lint-32bit to catch atomic misalignment panics 2021-06-29 16:10:21 -04:00
Daniel Nephin f34d3543b1 testing: fix a test for 32-bit
The hcl decoding apparently uses strconv.ParseInt, which fails to parse a 64bit int.
Since hcl v1 is basically EOl, it seems unlikely we'll fix this in hcl.

Since this test is only about loading values from config files, the extra large number
doesn't seem important. Trim a few zeros from the numbers so that they parse
properly on 32bit platforms.

Also skip a slow test when -short is used.
2021-06-29 16:10:21 -04:00
Daniel Nephin dce59d9277 fix 64-bit aligment for 32-bit platforms
sync/atomic must be used with 64-bit aligned fields, and that alignment is difficult to
ensure unless the field is the first one in the struct.

https://golang.org/pkg/sync/atomic/#pkg-note-BUG.
2021-06-29 16:10:21 -04:00
jkirschner-hashicorp 89f01647fb
Merge pull request #10519 from jkirschner-hashicorp/fix-doc-service-splitter-example
docs: fix service splitter example weight sum
2021-06-29 15:51:18 -04:00
Ashwin Venkatesh 48069d18dd
Add docs for gossip encryption key rotation (#10522)
* Add docs for gossip encryption key rotation with feedback from David, Kyle and Luke.
2021-06-29 14:45:19 -04:00
Daniel Nephin 391a0eae46
Merge pull request #10437 from christopherlai/patch-1
Link to Reverse Proxy from Load Balancer
2021-06-29 14:37:41 -04:00
Blake Covarrubias 8a9dad08b5
docs: Add audit logging examples (#10382)
* docs: Add audit logging examples

Resolves #8375, resolves #9055
2021-06-29 10:58:15 -07:00
Blake Covarrubias ef6e618753
docs: Clarify serf_lan/retry_join behavior with network segments (#10386)
* docs: Add info on using cloud auto-join with Network Segments

Resolves hashicorp/go-discover#57

* Add note about joining network segments

Specifically call out that agents can be configured to join a network
segment by either specifying the Serf LAN port in the join address,
changing the agent's default Serf LAN port by configuring
`ports.serf_lan`, or specifying the port in the `-serf-lan-port`
command line flag.

Resolves #9972
2021-06-29 10:57:33 -07:00
David Yu 0c63a7b4d4
docs: Remove Helm 2 mention in Consul K8s install and uninstall (#10517)
* docs: Remove Helm 2 mention in Consul K8s install and uninstall
Helm 2 is no longer supported via Consul K8s. Helm 3 is now the supported version for Consul K8s.
2021-06-29 09:18:08 -07:00