14657 Commits

Author SHA1 Message Date
Daniel Nephin
7470647b85
Merge pull request #10497 from hashicorp/dnephin/tls-cert-exploration-3
tlsutil: unexport and remove methods
2021-06-25 18:24:33 -04:00
R.B. Boyer
ed8a901be7
connect: include optional partition prefixes in SPIFFE identifiers (#10507)
NOTE: this does not include any intentions enforcement changes yet
2021-06-25 16:47:47 -05:00
Freddy
1c28aa732b
Update CONTRIBUTING.md 2021-06-25 14:43:53 -06:00
R.B. Boyer
a2876453a5
connect/ca: cease including the common name field in generated certs (#10424)
As part of this change, we ensure that the SAN extensions are marked as
critical when the subject is empty so that AWS PCA tolerates the loss of
common names well and continues to function as a Connect CA provider.

Parts of this currently hack around a bug in crypto/x509 and can be
removed after https://go-review.googlesource.com/c/go/+/329129 lands in
a Go release.

Note: the AWS PCA tests do not run automatically, but the following
passed locally for me:

    ENABLE_AWS_PCA_TESTS=1 go test ./agent/connect/ca -run TestAWS
2021-06-25 13:00:00 -05:00
hc-github-team-consul-core
f24ee5d842 auto-updated agent/uiserver/bindata_assetfs.go from commit ace794d21 2021-06-25 09:47:01 +00:00
John Cowen
ace794d214
ui: Enable specifying additional docfy config as json (#10464) 2021-06-25 10:41:41 +01:00
Dhia Ayachi
a64c9a3e62
return an empty record when asked for an addr dns with type other then A, AAAA and ANY (#10401)
* return an invalid record when asked for an addr dns with type other then A and AAAA

* add changelog

* fix ANY use case and add a test for it

* update changelog type

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* return empty response if the question record type do not match for addr

* set comment in the right place

* return A\AAAA record in extra section if record type is not A\AAAA for addr

* Fix failing test

* remove commented code

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* use require for test validation

* use variable to init struct

* fix failing test

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update .changelog/10401.txt

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* fix compilation error

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-06-24 20:44:44 -04:00
Daniel Nephin
dc67042eac Invert the logic of outgoingRPCTLSDisabled
To remove the double negatives, which should make it easier to read.
2021-06-24 19:25:02 -04:00
Daniel Nephin
39f282c425 tlsutil: inline verifyIncomingHTTPS
This function was only used in one place, and the indirection makes it slightly
harder to see what the one caller is doing. Since it's only accesing a couple fields
it seems like the logic can exist in the one caller.
2021-06-24 19:25:02 -04:00
Daniel Nephin
a25c817478 tlsutil: remove indirection and duplication
VerifyIncomingRPC and verifyIncomingRPC were duplicate functions, and
once one is removed, Config.verifyIncomingRPC is only called in one place.

Remove 2 of the 3 functions to make the behaviour easier to follow (less indirection).
2021-06-24 18:43:30 -04:00
Daniel Nephin
13e5448c17 tlsutil: remove unnecessary getter functions
These functions did nothing but hide the fields they were returning.
2021-06-24 18:43:29 -04:00
Daniel Nephin
66ba2e2463 tlsutil: unexport and remove indirection
Unexport outgoingALPNRPCConfig since it is only used internally
Remove the MutualTLSCapable->mutualTLSCapable indirection, we only need the exported method.
Inline enableAgentTLSForChecks to make it more clear what it does, since it only has a single caller and is wrapping a single field lookup.
2021-06-24 18:43:29 -04:00
Ludovic Ortega
c138c38392
[Fix] Add missing quote (#10484) 2021-06-24 13:59:39 -07:00
R.B. Boyer
d7fb3543fc
sdk: Stop making a special /tmp/consul-test directory for testutil.TempFile and testutil.TempDir (#10494) 2021-06-24 15:46:23 -05:00
lornasong
d43f3af2c6
docs/nia: fix catalog-services typos pt 2 (#10493) 2021-06-24 16:45:46 -04:00
R.B. Boyer
ca0a58ff71
connect/proxy: fixes logic bug preventing builtin/native proxy from starting upstream listeners (#10486)
Fixes #10480

Also fixed a data race in the `connect/proxy` package that was unearthed by the tests changed for this bugfix.
2021-06-24 15:02:34 -05:00
Kim Ngo
993f4715fd
docs/nia: fix typo (#10492) 2021-06-24 13:51:26 -05:00
Daniel Nephin
bbf52ddd04
Merge pull request #10490 from hashicorp/dnephin/fix-tls-for-health-check
tlsutil: fix ServerName used for health checks that use TLS
2021-06-24 14:27:16 -04:00
Daniel Nephin
bb37c4dfe8
Merge pull request #10476 from hashicorp/dnephin/ca-primary-uses-intermediate
ca: replace ca.PrimaryIntermediateProviders
2021-06-24 14:05:19 -04:00
Daniel Nephin
d09027caf6 tlsutils: more test cases for OutgoingTLSConfigForCheck 2021-06-24 13:49:58 -04:00
Daniel Nephin
486b97e2c9 tlsutil: fix default server name for health checks
Don't use the agent node name or agent server name when EnableAgentTLSForChecks=false.
2021-06-24 13:49:58 -04:00
Daniel Nephin
3a734c8303
Merge pull request #10488 from hashicorp/dnephin/ci-lib-testing
ci: test api/sdk against last 2 Go versions
2021-06-24 13:09:44 -04:00
Daniel Nephin
a920936c86 tlsutil: convert tests for OutgoingTLSConfigForCheck to a table
In preparation for adding more test cases.
2021-06-24 12:51:40 -04:00
Daniel Nephin
8054ea3ff1 ci: test api/sdk against last 2 Go versions
So that we catch any incompatibilities with the preivous Go version.
2021-06-24 12:24:12 -04:00
David Yu
e7557ab4a1
docs: Remove beta version references from Helm reference (#10477)
Removing references from the 1.10 beta that were included in Helm Configuration Reference
2021-06-24 09:08:33 -07:00
Daniel Nephin
0e86083351
Merge pull request #10473 from knusbaum/ioutil
{api,command/agent}: change io.Discard to ioutil.Discard
2021-06-24 11:59:46 -04:00
Kim Ngo
491bd51033
docs/nia: Update CTS compatible versions (#10487) 2021-06-24 10:16:03 -05:00
David Yu
2872fc6b26
docs: Removal of Consul vs ZooKeeper analysis (#10469)
* docs: Removal of Consul vs ZooKeeper

Although Consul does have a KV, we are not positioning Consul as a first class KV store versus other alternatives such as etcd or Zookeeper. Will remove this since this has not been updated with further analysis since this content was created.

* Removing from Zookeeper analysis Navbar
* Removing Zookeeper analysis from redirects
2021-06-24 07:23:57 -07:00
Mike Wickett
401fc0783c
update content param for improved attribution (#10468) 2021-06-24 10:02:26 -04:00
R.B. Boyer
e3835ac6a1
structs: prohibit config entries from referencing more than one partition at a time (#10478)
affected kinds: service-defaults, ingress-gateway, terminating-gateway, service-intentions
2021-06-23 16:44:10 -05:00
R.B. Boyer
8344b7fe2e
structs: prevent service-defaults upstream configs from using wildcard names or namespaces (#10475) 2021-06-23 15:48:54 -05:00
Peter M
8db2865e86
Updating alert for 1.10 announcement (#10474) 2021-06-23 12:48:45 -07:00
Daniel Nephin
f52d76f096 ca: replace ca.PrimaryIntermediateProviders
With an optional interface that providers can use to indicate if they
use an intermediate cert in the primary DC.

This removes the need to look up the provider config when renewing the
intermediate.
2021-06-23 15:47:30 -04:00
Zachary Shilton
8c9134a84c
website: bump use-cases to latest (#10472)
* website: bump use-cases to latest

* chore: bump use-cases to stable release
2021-06-23 15:19:59 -04:00
R.B. Boyer
ac50db9087
structs: add some missing config entry validation and clean up tests (#10465)
Affects kinds: service-defaults, ingress-gateway, terminating-gateway
2021-06-23 14:11:23 -05:00
Daniel Nephin
77a3432f76
Merge pull request #10440 from hashicorp/dnephin/contib-docs-dns
contrib: add some docs for the DNS interface
2021-06-23 14:55:27 -04:00
trujillo-adam
45d12ac629
Merge pull request #10467 from hashicorp/docs-upgrading-to-1-10-0-fixes
Docs upgrading to 1 10 0 fixes
2021-06-23 11:04:01 -07:00
Kyle Nusbaum
07cec75be2 command/agent: change io.Discard to ioutil.Discard 2021-06-23 11:45:40 -05:00
Kyle Nusbaum
e72a703041 api: change io.Discard to ioutil.Discard 2021-06-23 11:45:20 -05:00
Daniel Nephin
e000c0a039 contrib: Update DNS table description 2021-06-23 12:30:00 -04:00
trujillo-adam
2d9d9dbe7a docs: fixed instance of incorrect grammar usage 2021-06-23 08:50:30 -07:00
Dhia Ayachi
111cbe0ffa merge dns table with current dns page 2021-06-23 09:34:34 -04:00
Dhia Ayachi
0057b8df49 add matrix for dns type vs kind 2021-06-23 09:29:04 -04:00
hc-github-team-consul-core
1822b80ef3 auto-updated agent/uiserver/bindata_assetfs.go from commit c78f7ecb2 2021-06-23 08:24:11 +00:00
John Cowen
c78f7ecb27
ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
David Yu
7962dd82f1
docs - Adding Mesh as CRD in Consul K8s (#10459)
* docs - Adding Mesh as CRD in Consul K8s
* Removing extra left brace in ServiceDefaults
2021-06-22 19:18:13 -07:00
Luke Kysow
1dcdd2516c
Update config entry docs for CRDs (#10407)
* Update mesh, proxy-defaults and service-defaults docs to properly
document Kubernetes YAML.

Co-authored-by: David Yu <dyu@hashicorp.com>
2021-06-22 16:56:53 -07:00
Ashwin Venkatesh
17dc691c61
update docs (#10405)
Consul 1.10 GA for Consul K8s
2021-06-22 16:41:53 -07:00
Nitya Dhanushkodi
b72ad40286
docs: upgrading to tproxy (/docs/upgrades/upgrade-specific) (#10416)
* docs: update tproxy docs
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2021-06-22 16:41:08 -07:00
Iryna Shustava
1fea51fbb5
docs: update docs/k8s/connect to for tproxy GA. (#10408)
* Assume tproxy is enabled by default and connect to upstreams
  with kube DNS.
* Update docs for missing annotations.
2021-06-22 16:34:20 -07:00