2
0
mirror of https://github.com/status-im/consul.git synced 2025-01-13 15:26:48 +00:00

429 Commits

Author SHA1 Message Date
malizz
247211de6a
add integration tests for troubleshoot ()
* draft

* expose internal admin port and add proxy test

* update tests

* move comment

* add failure case, fix lint issues

* cleanup

* handle error

* revert changes to service interface

* address review comments

* fix merge conflict

* merge the tests so cluster is created once

* fix other test
2023-02-14 14:22:09 -08:00
cskh
5b7f36c2ce
integ test: fix retry upstream test () 2023-02-13 15:16:56 -05:00
Andrew Stucki
9bb0ecfc18
[API Gateway] Add integration test for HTTP routes ()
* [API Gateway] Add integration test for conflicted TCP listeners

* [API Gateway] Update simple test to leverage intentions and multiple listeners

* Fix broken unit test

* [API Gateway] Add integration test for HTTP routes
2023-02-13 14:18:05 -05:00
cskh
ab5dac3414
upgrade test: peering with http router config entry ()
* upgrade test: peering with http router config entry
2023-02-13 14:09:12 -05:00
Andrew Stucki
8ff2974dbe
[API Gateway] Update simple test to leverage intentions and multiple listeners ()
* [API Gateway] Add integration test for conflicted TCP listeners

* [API Gateway] Update simple test to leverage intentions and multiple listeners

* Fix broken unit test

* PR suggestions
2023-02-10 21:13:44 +00:00
Andrew Stucki
318ba215ab
[API Gateway] Add integration test for conflicted TCP listeners () 2023-02-10 11:34:01 -06:00
Derek Menteer
4f2ce60654
Fix peering acceptors in secondary datacenters. ()
Prior to this commit, secondary datacenters could not be initialized
as peering acceptors if ACLs were enabled. This is due to the fact that
internal server-to-server API calls would fail because the management
token was not generated. This PR makes it so that both primary and
secondary datacenters generate their own management token whenever
a leader is elected in their respective clusters.
2023-02-10 09:47:17 -06:00
Andrew Stucki
3b9c569561
Simple API Gateway e2e test for tcp routes ()
* Simple API Gateway e2e test for tcp routes

* Drop DNSSans since we don't front the Gateway with a leaf cert
2023-02-09 16:20:12 -05:00
Andrew Stucki
f4210d47dd
Add basic smoke test to make sure an APIGateway runs () 2023-02-09 11:32:10 -05:00
Anita Akaeze
d72ad5fb95
Merge pull request from hashicorp/NET-2252-add-assert-fortioname ()
NET-2252: integration tests: add assert.FortioName
2023-02-09 09:45:31 -05:00
cskh
e91bc9c058
feat: envoy extension - http local rate limit ()
- http local rate limit
- Apply rate limit only to local_app
- unit test and integ test
2023-02-07 21:56:15 -05:00
cskh
b4151780d6
Upgrade test: verify the agent token is working after upgrade ()
1. Upgraded agent can inherit the persisted token and join the cluster
2. Agent token prior to upgrade is still valid after upgrade
3. Enable ACL in the agent configuration
2023-02-07 14:13:19 -05:00
wangxinyi7
906ebb97f6
change log level () 2023-02-06 12:58:13 -08:00
Anita Akaeze
f58d5bb221
NET-2087: Restart proxy sidecar during cluster upgrade () 2023-02-06 13:09:44 -05:00
Anita Akaeze
fcf18222c5
add assertions () 2023-02-03 10:20:22 -05:00
Dan Upton
e40b731a52
rate: add prometheus definitions, docs, and clearer names () 2023-02-03 12:01:57 +00:00
Anita Akaeze
08a19e532d
NO_JIRA: Add function to get container status before making api call () 2023-02-01 10:48:54 -05:00
cskh
f6da81c9d0
improvement: prevent filter being added twice from any enovy extension ()
* improvement: prevent filter being added twice from any enovy extension

* break if error != nil

* update test
2023-01-31 16:49:45 +00:00
cskh
9da61c1cec
Upgrade test: retain sidecar containers during upgrade. () 2023-01-30 09:49:52 -05:00
cskh
ffb81782de
Upgrade test: peering control plane traffic through mesh gateway () 2023-01-27 11:25:48 -05:00
cskh
5fa9ab28dc
integ test: remove hardcoded upstream local bind port and max number of envoy sidecar () 2023-01-27 15:19:10 +00:00
cskh
ebdb8e5fb2
flaky test: use retry long to wait for config entry upgrade ()
* flaky test: use retry long to wait for config entry upgrade

* increase wait for rbac policy
2023-01-26 11:01:17 -05:00
cskh
dbaab52786
Post upgrade test validation: envoy endpoint and register service () 2023-01-25 12:27:36 -05:00
Dan Stough
bb71d045e1
test: run integration tests in parallel () 2023-01-24 14:51:50 -05:00
R.B. Boyer
96389eb266
test: container tests wait for available networks () 2023-01-23 14:14:24 -06:00
Dan Stough
91d6a81c14
test(integration): add access logging test () 2023-01-20 17:02:44 -05:00
John Murret
794277371f
Integration test for server rate limiting ()
* rate limit test

* Have tests for the 3 modes

* added assertions for logs and metrics

* add comments to test sections

* add check for rate limit exceeded text in log assertion section.

* fix linting error

* updating test to use KV get and put.  move log assertion tolast.

* Adding logging for blocking messages in enforcing mode.  refactoring tests.

* modified test description

* formatting

* Apply suggestions from code review

Co-authored-by: Dan Upton <daniel@floppy.co>

* Update test/integration/consul-container/test/ratelimit/ratelimit_test.go

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>

* expand log checking so that it ensures both logs are they when they are supposed to be and not there when they are not expected to be.

* add retry on test

* Warn once when rate limit exceed regardless of enforcing vs permissive.

* Update test/integration/consul-container/test/ratelimit/ratelimit_test.go

Co-authored-by: Dan Upton <daniel@floppy.co>

Co-authored-by: Dan Upton <daniel@floppy.co>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2023-01-19 08:43:33 -07:00
Anita Akaeze
4e154144a6
NET-2038: Add envoy assertion function of listener verification () 2023-01-18 16:13:55 -05:00
Dan Stough
e8dde59bd0
chore(ci): fix compat ent compat tests for sidecars and gateways () 2023-01-17 17:16:55 -05:00
R.B. Boyer
d59efd390c
test: general cleanup and fixes for the container integration test suite ()
- remove dep on consul main module
- use 'consul tls' subcommands instead of tlsutil
- use direct json config construction instead of agent/config structs
- merge libcluster and libagent packages together
- more widely use BuildContext
- get the OSS/ENT runner stuff working properly
- reduce some flakiness
- fix some correctness related to http/https API
2023-01-11 15:34:27 -06:00
Dan Stough
6d2880e894
feat: add access logs to dataplane bootstrap rpc () 2023-01-11 13:40:09 -05:00
Matt Keeler
5afd4657ec
Protobuf Modernization ()
* Protobuf Modernization

Remove direct usage of golang/protobuf in favor of google.golang.org/protobuf

Marshallers (protobuf and json) needed some changes to account for different APIs.

Moved to using the google.golang.org/protobuf/types/known/* for the well known types including replacing some custom Struct manipulation with whats available in the structpb well known type package.

This also updates our devtools script to install protoc-gen-go from the right location so that files it generates conform to the correct interfaces.

* Fix go-mod-tidy make target to work on all modules
2023-01-11 09:39:10 -05:00
Eric Haberkorn
8d923c1789
Add the Lua Envoy extension () 2023-01-06 12:13:40 -05:00
cskh
1113314641
Refactoring the peering integ test to accommodate coming changes of o… ()
* Refactoring the peering integ test to accommodate coming changes of other upgrade scenarios.

- Add a utils package under test that contains methods to set up various test scenarios.
- Deduplication: have a single CreatingPeeringClusterAndSetup replace
  CreatingAcceptingClusterAndSetup and CreateDialingClusterAndSetup.
- Separate peering cluster creation and server registration.

* Apply suggestions from code review

Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
2023-01-04 15:28:15 -05:00
Dan Upton
d4c435856b
grpc: protoc plugin for generating gRPC rate limit specifications ()
Adds automation for generating the map of `gRPC Method Name → Rate Limit Type`
used by the middleware introduced in , and will ensure we don't forget
to add new endpoints.

Engineers must annotate their RPCs in the proto file like so:

```
rpc Foo(FooRequest) returns (FooResponse) {
  option (consul.internal.ratelimit.spec) = {
    operation_type: READ,
  };
}
```

When they run `make proto` a protoc plugin `protoc-gen-consul-rate-limit` will
be installed that writes rate-limit specs as a JSON array to a file called
`.ratelimit.tmp` (one per protobuf package/directory).

After running Buf, `make proto` will execute a post-process script that will
ingest all of the `.ratelimit.tmp` files and generate a Go file containing the
mappings in the `agent/grpc-middleware` package. In the enterprise repository,
it will write an additional file with the enterprise-only endpoints.

If an engineer forgets to add the annotation to a new RPC, the plugin will
return an error like so:

```
RPC Foo is missing rate-limit specification, fix it with:

	import "proto-public/annotations/ratelimit/ratelimit.proto";

	service Bar {
	  rpc Foo(...) returns (...) {
	    option (hashicorp.consul.internal.ratelimit.spec) = {
	      operation_type: OPERATION_READ | OPERATION_WRITE | OPERATION_EXEMPT,
	    };
	  }
	}
```

In the future, this annotation can be extended to support rate-limit
category (e.g. KV vs Catalog) and to determine the retry policy.
2023-01-04 16:07:02 +00:00
Nitya Dhanushkodi
d382ca0aec
extensions: refactor serverless plugin to use extensions from config entry fields ()
docs: update config entry docs and the Lambda manual registration docs

Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Eric <eric@haberkorn.co>
2022-12-19 12:19:37 -08:00
cskh
692a6edd7d
Upgrade test: test peering upgrade from an old version of consul ()
* upgrade test: test peering upgrade from an old version of consul

NET-1809
2022-12-15 16:31:12 -05:00
Semir Patel
bafa5c7156
Pass remote addr of incoming HTTP requests through to RPC(..) calls () 2022-12-14 09:24:22 -06:00
cskh
04bf24c8c1
feat(ingress-gateway): support outlier detection of upstream service for ingress gateway ()
* feat(ingress-gateway): support outlier detection of upstream service for ingress gateway

* changelog

Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>
2022-12-13 11:51:37 -05:00
Dan Stough
98ef5f28dd
[OSS] security: update x/net module ()
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2022-12-08 16:45:44 -05:00
Eric Haberkorn
4268c1c25c
Remove the connect.enable_serverless_plugin agent configuration option () 2022-12-08 14:46:42 -05:00
cskh
3df68751f5
Flakiness test: case-cfg-splitter-peering-ingress-gateways ()
* integ-test: fix flaky test - case-cfg-splitter-peering-ingress-gateways

* add retry peering to all peering cases

Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
2022-12-07 20:19:34 -05:00
cskh
36f05bc8fb
integ-test: test consul upgrade from the snapshot of a running cluster ()
* integ-test: test consul upgrade from the snapshot of a running cluster

* use Target version as default


Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
2022-12-01 10:39:09 -05:00
Dan Stough
227fd14287
chore: updates from 1.14.2 release ()
* chore: updates from 1.14.2 release
2022-11-30 22:15:58 -05:00
Derek Menteer
8079686bf0
Add 1.14.1 release updates. ()
Add post-release changes for 1.14.1 updates.
2022-11-21 13:35:30 -06:00
cskh
359a908bea
integ-test: remove unnecessary step since connection is already via mgw () 2022-11-15 15:26:40 -05:00
Derek Menteer
dc27e35f82
Consul 1.14 post-release updates ()
* Update changelog with 1.14 notes.

* gomod version bumps for 1.14 release.
2022-11-15 14:22:43 -06:00
Derek Menteer
ef61bdf3c2
Remove unnecessary default test config. () 2022-11-14 14:07:42 -06:00
Kyle Schochenmaier
bf0f61a878
removes ioutil usage everywhere which was deprecated in go1.16 ()
* update go version to 1.18 for api and sdk, go mod tidy
* removes ioutil usage everywhere which was deprecated in go1.16 in favour of io and os packages. Also introduces a lint rule which forbids use of ioutil going forward.
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-11-10 10:26:01 -06:00
Freddy
7f5f7e9cf9
Avoid blocking child type updates on parent ack () 2022-11-07 18:10:42 -07:00