Commit Graph

16940 Commits

Author SHA1 Message Date
Daniel Nephin 6021105dfc ca: test that original certs from secondary still verify
There's a chance this could flake if the secondary hasn't received the
update yet, but running this test many times doesn't show any flakes
yet.
2022-02-17 18:45:16 -05:00
Daniel Nephin 6b679aa9d4 Update TODOs to reference an issue with more details
And remove a no longer needed TODO
2022-02-17 18:21:30 -05:00
Daniel Nephin 12f12d577a docs: add docs for using an external CA 2022-02-17 18:21:30 -05:00
Daniel Nephin 1853a32df6 ca: add test cases for rotating external trusted CA 2022-02-17 18:21:30 -05:00
Daniel Nephin 5e8ea2a039 ca: add a test for secondary with external CA 2022-02-17 18:21:30 -05:00
Daniel Nephin 42ec34d101 ca: examine the full chain in newCARoot
make TestNewCARoot much more strict
compare the full result instead of only a few fields.
add a test case with 2 and 3 certificates in the pem
2022-02-17 18:21:30 -05:00
Daniel Nephin 71f3ae04e2 ca: small docs improvements 2022-02-17 18:21:30 -05:00
Daniel Nephin 86994812ed ca: cleanup validateSetIntermediate 2022-02-17 18:21:30 -05:00
Daniel Nephin c1c1580bf8 ca: only return the leaf cert from Sign in vault provider
The interface is documented as 'Sign will only return the leaf', and the other providers
only return the leaf. It seems like this was added during the initial implementation, so
is likely just something we missed. It doesn't break anything , but it does cause confusing cert chains
in the API response which could break something in the future.
2022-02-17 18:21:30 -05:00
Daniel Nephin 85ecbaf109
Merge pull request #12110 from hashicorp/dnephin/blocking-queries-not-found
rpc: make blocking queries for non-existent items more efficient
2022-02-17 18:09:39 -05:00
Ashwin Venkatesh 6e6cd928a2
Parse datacenter from request (#12370)
* Parse datacenter from request
- Parse the value of the datacenter from the create/delete requests for AuthMethods and BindingRules so that they can be created in and deleted from the datacenters specified in the request.
2022-02-17 16:41:27 -05:00
mrspanishviking 3defe2e3ae
Merge pull request #12382 from hashicorp/consul-int-prog-changes
docs: uploaded two images and added new text to Consul Int. Program page
2022-02-17 14:15:55 -07:00
Adam Rowan 588f2c596b
Update website/content/docs/integrate/partnerships.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-17 13:42:21 -07:00
Adam Rowan aa7c03a776
Update website/content/docs/integrate/partnerships.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-17 13:42:06 -07:00
Kyle Havlovitz 1edc69f50b Add changelog note 2022-02-17 12:17:12 -08:00
Kyle Havlovitz 3fe358b831 xds: respect chain protocol on default discovery chain 2022-02-17 11:47:20 -08:00
Adam Rowan dc2e3fe777
docs: uploaded two images and added new text to Consul Int. Program page 2022-02-17 11:26:43 -07:00
Sarah cd601bc04d
Adding post-publish events to ci.hcl. 2022-02-17 16:54:36 +00:00
John Cowen 9b22300c59
ui: Start using mermaid state diagrams in our docs (#12350) 2022-02-17 14:57:14 +00:00
Florian Apolloner f01f00fc84
Support for connect native services in topology view. (#12098) 2022-02-16 16:51:54 -05:00
trujillo-adam abfa349395 added 'Tech Specs' section under API Gateway 2022-02-16 11:54:43 -08:00
Evan Culver c17aa3720f
Fix build script (#12367) 2022-02-16 11:52:44 -08:00
Chris S. Kim 154b781bc8
Move IndexEntryName helpers to common files (#12365) 2022-02-16 12:56:38 -05:00
Thomas Eckert 6051c68620
Separate Annotations/Labels and Add `service-ignore` to Docs (#12323)
* Separate Annotations and Labels and add service-ignore label

* changes to structure and call out for pod

* add description and TOC

* Update annotations-and-labels.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-02-16 09:53:13 -08:00
Daniel Nephin 8110ecc93b
Merge pull request #12359 from hashicorp/dnephin/fix-debug-size
debug: limit the size of the trace
2022-02-15 18:33:46 -05:00
Daniel Nephin 8a6e75ac81 rpc: add errNotFound to all Get queries
Any query that returns a list of items is not part of this commit.
2022-02-15 18:24:34 -05:00
Daniel Nephin 4b33bdf396 Make blockingQuery efficient with 'not found' results.
By using the query results as state.

Blocking queries are efficient when the query matches some results,
because the ModifyIndex of those results, returned as queryMeta.Mindex,
will never change unless the items themselves change.

Blocking queries for non-existent items are not efficient because the
queryMeta.Index can (and often does) change when other entities are
written.

This commit reduces the churn of these queries by using a different
comparison for "has changed". Instead of using the modified index, we
use the existence of the results. If the previous result was "not found"
and the new result is still "not found", we know we can ignore the
modified index and continue to block.

This is done by setting the minQueryIndex to the returned
queryMeta.Index, which prevents the query from returning before a state
change is observed.
2022-02-15 18:24:33 -05:00
Daniel Nephin 897b953f66 Add a test for blocking query on non-existent entry
This test shows how blocking queries are not efficient when the query
returns no results.  The test fails with 100+ calls instead of the
expected 2.

This test is still a bit flaky because it depends on the timing of the
writes. It can sometimes return 3 calls.

A future commit should fix this and make blocking queries even more
optimal for not-found results.
2022-02-15 18:23:17 -05:00
Daniel Nephin 53ae4b3e2c debug: update CLI docs
To clarify how trace is captured.

Also remove the minimum seconds check, because that is already done in prepare()
2022-02-15 18:16:12 -05:00
Daniel Nephin 09d61e643f
Merge pull request #12343 from hashicorp/dnephin/blocking-query-docs
rpc: improve docs for blockingQuery
2022-02-15 14:50:32 -05:00
Daniel Nephin 3301f94004 rpc: improve docs for blockingQuery
Follow the Go convention of accepting a small interface that documents
the methods used by the function.

Clarify the rules for implementing a query function passed to
blockingQuery.
2022-02-15 14:20:14 -05:00
Daniel Nephin cc2c005fad debug: limit the size of the trace
We've noticed that a trace that is captured over the full duration is
too large to open on most machines. A trace.out captured over just the
interval period (30s by default) should be a more than enough time to
capture trace data.
2022-02-15 14:15:34 -05:00
Evan Culver fc71215734
ci: fix stalebot config (#12346) 2022-02-15 11:13:32 -08:00
Jeff-Apple 23a9db7adc
Merge pull request #12352 from hashicorp/Jeff-Apple-patch-1
Fix broken link on Downloads page on wedsite
2022-02-15 08:28:04 -08:00
Jeff-Apple f42a90f980
Fix broken link on Downloads page on wedsite
The link to the Kubernetes Quickstart guide had a typo (space character) in the URL.
2022-02-15 07:45:47 -08:00
Chris S. Kim e7d1ac0ce8
ci: Fix merge conflicts cleanly (#12249) 2022-02-14 23:12:36 -05:00
R.B. Boyer 115946da99
server: conditionally avoid writing a config entry to raft if it was already the same (#12321)
This will both save on unnecessary raft operations as well as
unnecessarily incrementing the raft modify index of config entries
subject to no-op updates.
2022-02-14 14:39:12 -06:00
R.B. Boyer 80dfcb1bcd
raft: update to v1.3.5 (#12325)
This includes closing some leadership transfer gaps and adding snapshot
restore progress logging.
2022-02-14 13:48:52 -06:00
Evan Culver 9e156a21cf
Add release notes from 1.11.3, 1.10.8 and 1.9.15 (#12333)
> Did we want to update the individual branches as well ?

Yes, I have PRs for those: #12335, #12336, and #12337.
2022-02-14 11:24:14 -08:00
Matt Siegel 3a2bc2f533
Merge pull request #12332 from hashicorp/consul-1_11_3-version-update
Update version.js for Consul 1.11.3
2022-02-14 13:00:11 -05:00
Matt Siegel 64a0ea5d02
Update version.js 2022-02-14 12:54:30 -05:00
FFMMM 78264a8030
Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311)
This commit syncs ENT changes to the OSS repo.

Original commit details in ENT:

```
commit 569d25f7f4578981c3801e6e067295668210f748
Author: FFMMM <FFMMM@users.noreply.github.com>
Date:   Thu Feb 10 10:23:33 2022 -0800

    Vendor fork net rpc (#1538)

    * replace net/rpc w consul-net-rpc/net/rpc

    Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

    * replace msgpackrpc and go-msgpack with fork from mono repo

    Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

    * gofmt all files touched

    Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
```

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2022-02-14 09:45:45 -08:00
R.B. Boyer 52009ae86a
missed this test adjustment (#12331) 2022-02-14 11:39:00 -06:00
R.B. Boyer fa4577d1a9
local: fixes a data race in anti-entropy sync (#12324)
The race detector noticed this initially in `TestAgentConfigWatcherSidecarProxy` but it is not restricted to just tests.

The two main changes here were:

- ensure that before we mutate the internal `agent/local` representation of a Service (for tags or VIPs) we clone those fields
- ensure that there's no function argument joint ownership between the caller of a function and the local state when calling `AddService`, `AddCheck`, and related using `copystructure` for now.
2022-02-14 10:41:33 -06:00
Dao Thanh Tung add15e12f7
URL-encode/decode resource names for HTTP API part 5 (#12297) 2022-02-14 10:47:06 -05:00
Mark Anderson 1a16f7ee70 Refactor to make ACL errors more structured. (#12308)
* First phase of refactoring PermissionDeniedError

Add extended type PermissionDeniedByACLError that captures information
about the accessor, particular permission type and the object and name
of the thing being checked.

It may be worth folding the test and error return into a single helper
function, that can happen at a later date.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-02-11 12:53:23 -08:00
Daniel Nephin 09035da9fb
Merge pull request #12322 from hashicorp/dnephin/update-check-docs
Add 7th check registration flow to developer docs
2022-02-11 15:22:24 -05:00
Daniel Nephin 1db8ff1d03
Add 7th check registration flow to docs
Credit to Freddy for finding this a while ago.
2022-02-11 15:11:22 -05:00
R.B. Boyer 49431c7532
ensure make dev target puts the newly constructed binary onto the PATH (#12318)
This restores the prior behavior of make dev and ensures that tests
using the sdk package (like the api package) will correctly locate the
consul binary under test.

Also ensure the constructed consul binary is present on the path for sdk-based tests.
2022-02-11 10:45:37 -06:00
John Cowen 0e730328bd
ui: Disclosure Component amends plus DisclosureMenu Component (#12304)
* ui: Disclosure amends plus DisclosureMenu

Co-authored-by: Jamie White <jamie@jgwhite.co.uk>
2022-02-11 14:11:16 +00:00