Joshua Montgomery
8eb5915f7d
Fixing SOA record to use alt domain when alt domain in use ( #10431 )
2021-10-05 10:47:27 -04:00
Daniel Nephin
ab587f5221
Merge pull request #11182 from hashicorp/dnephin/acl-legacy-remove-upgrade
...
acl: remove upgrade from legacy, start in non-legacy mode
2021-10-04 17:25:39 -04:00
Evan Culver
e808620463
Merge pull request #11118 from hashicorp/eculver/remove-envoy-1.15
...
Remove support for Envoy 1.15
2021-10-04 23:14:24 +02:00
Evan Culver
c7747212c3
Merge pull request #11115 from hashicorp/eculver/envoy-1.19.1
...
Add support for Envoy 1.19.1
2021-10-04 23:13:26 +02:00
Daniel Nephin
c7f74deb17
acl: remove updateEnterpriseSerfTags
...
The only remaining caller is a test helper, and the tests don't use the enterprise gossip
pools.
2021-10-04 17:01:51 -04:00
Daniel Nephin
9b1d2685bf
Merge pull request #11126 from hashicorp/dnephin/acl-legacy-remove-resolve-and-get-policy
...
acl: remove ACL.GetPolicy RPC endpoint and ACLResolver.resolveTokenLegacy
2021-10-04 16:29:51 -04:00
Connor Kelly
c2583a1b7f
Add metrics to count the number of service-mesh config entries
2021-10-04 14:50:17 -05:00
Connor Kelly
536838b004
Add metrics to count connect native service mesh instances
...
This will add the counts of the service mesh instances tagged by
whether or not it is connect native
2021-10-04 14:37:05 -05:00
Connor Kelly
46bf882620
Add metrics to count service mesh Kind instance counts
...
This will add the counts of service mesh instances tagged by the
different ServiceKind's.
2021-10-04 14:36:59 -05:00
Daniel Nephin
a1e3fa818c
acl: fix test failures caused by remocving legacy ACLs
...
This commit two test failures:
1. Remove check for "in legacy ACL mode", the actual upgrade will be removed in a following commit.
2. Remove the early WaitForLeader in dc2, because with it the test was
failing with ACL not found.
2021-10-01 18:03:10 -04:00
Evan Culver
db397d62c5
Add 1.15 versions to too old list
2021-10-01 11:28:26 -07:00
Chris S. Kim
1c9b58a8af
agent: Reject partitions in legacy intention endpoints ( #11181 )
2021-10-01 13:18:57 -04:00
Chris S. Kim
53a35181e5
Support partitions in parseIntentionStringComponent ( #11202 )
2021-10-01 12:36:12 -04:00
Dhia Ayachi
a5b09493ab
fix token list by auth method ( #11196 )
...
* add tests to OIDC authmethod and fix entMeta when retrieving auth-methods
* fix oss compilation error
2021-10-01 12:00:43 -04:00
Evan Culver
e41830af8a
Merge branch 'eculver/envoy-1.19.1' into eculver/remove-envoy-1.15
2021-09-30 11:32:28 -07:00
Evan Culver
fdbb742ffd
regenerate more envoy golden files
2021-09-30 10:57:47 -07:00
Daniel Nephin
4faf805716
acl: call stop for the upgrade goroutine when done
...
TestAgentLeaks_Server was reporting a goroutine leak without this. Not sure if it would actually
be a leak in production or if this is due to the test setup, but seems easy enough to call it
this way until we remove legacyACLTokenUpgrade.
2021-09-29 17:36:43 -04:00
Daniel Nephin
02da08ce77
acl: only run startACLUpgrade once
...
Since legacy ACL tokens can no longer be created we only need to run this upgrade a single
time when leadership is estalbished.
2021-09-29 16:22:01 -04:00
Daniel Nephin
3ac910606c
acl: remove reading of serf acl tags
...
We no long need to read the acl serf tag, because servers are always either ACL enabled or
ACL disabled.
We continue to write the tag so that during an upgarde older servers will see the tag.
2021-09-29 15:45:11 -04:00
Daniel Nephin
3d7c07e1e4
acl: fix test failure
...
For some reason removing legacy ACL upgrade requires using an ACL token now
for this WaitForLeader.
2021-09-29 15:21:30 -04:00
Daniel Nephin
5c721832dc
acl: remove legacy ACL upgrades from Server
...
As part of removing the legacy ACL system
2021-09-29 15:19:23 -04:00
Daniel Nephin
94be1835b2
acl: fix test failures caused by remocving legacy ACLs
...
This commit two test failures:
1. Remove check for "in legacy ACL mode", the actual upgrade will be removed in a following commit.
2. Use the root token in WaitForLeader, because without it the test was
failing with ACL not found.
2021-09-29 15:15:50 -04:00
Daniel Nephin
8e9773e20b
acl: remove ACL.GetPolicy endpoint and resolve legacy acls
...
And all code that was no longer used once those two were removed.
2021-09-29 14:33:19 -04:00
Daniel Nephin
d12dd48c61
acl: remove ACL upgrading from Clients
...
As part of removing the legacy ACL system ACL upgrading and the flag for
legacy ACLs is removed from Clients.
This commit also removes the 'acls' serf tag from client nodes. The tag is only ever read
from server nodes.
This commit also introduces a constant for the acl serf tag, to make it easier to track where
it is used.
2021-09-29 14:02:38 -04:00
Daniel Nephin
19040586ce
Merge pull request #11136 from hashicorp/dnephin/acl-resolver-fix-default-authz
...
acl: fix default Authorizer for down_policy extend-cache/async-cache
2021-09-29 13:45:12 -04:00
Daniel Nephin
a53fdd68c8
Merge pull request #11110 from hashicorp/dnephin/acl-legacy-remove-initialize
...
acl: remove initializeLegacyACL and the rest of the legacy FSM commands
2021-09-29 13:44:30 -04:00
Daniel Nephin
8f754aba14
Merge pull request #10999 from hashicorp/dnephin/revert-config-xds-port
...
Revert config xds_port
2021-09-29 13:39:15 -04:00
Daniel Nephin
cc310224aa
command/envoy: stop using the DebugConfig from Self endpoint
...
The DebugConfig in the self endpoint can change at any time. It's not a stable API.
This commit adds the XDSPort to a stable part of the XDS api, and changes the envoy command to read
this new field.
It includes support for the old API as well, in case a newer CLI is used with an older API, and
adds a test for both cases.
2021-09-29 13:21:28 -04:00
Daniel Nephin
6e1ebd3df7
acl: remove the last of the legacy FSM
...
Replace it with an implementation that returns an error, and rename some symbols
to use a Deprecated suffix to make it clear.
Also remove the ACLRequest struct, which is no longer referenced.
2021-09-29 12:42:23 -04:00
Daniel Nephin
ed928511ca
acl: remove bootstrap-init FSM operation
2021-09-29 12:42:23 -04:00
Daniel Nephin
dab5d1bdc8
acl: remove initializeLegacyACL from leader init
2021-09-29 12:42:23 -04:00
Daniel Nephin
05f0cc3993
acl: remove ACLDelete FSM command, and state store function
...
These are no longer used now that ACL.Apply has been removed.
2021-09-29 12:42:23 -04:00
Daniel Nephin
966e50e00e
acl: remove legacy field to ACLBoostrap
2021-09-29 12:42:23 -04:00
Daniel Nephin
1502547e38
Revert "Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc"
...
This reverts commit 74fb650b6b
, reversing
changes made to 58bd817336
.
2021-09-29 12:28:41 -04:00
Daniel Nephin
0330966315
Merge pull request #11101 from hashicorp/dnephin/acl-legacy-remove-rpc-2
...
acl: remove legacy ACL.Apply RPC
2021-09-29 12:23:55 -04:00
Daniel Nephin
ea4a8343cd
Merge pull request #11177 from hashicorp/dnephin/remove-entmeta-methods
...
structs: remove EnterpriseMeta helper methods
2021-09-29 12:08:07 -04:00
Daniel Nephin
4c579a49ed
Merge pull request #10986 from hashicorp/dnephin/acl-legacy-remove-rpc
...
acl: remove legacy ACL RPC - part 1
2021-09-29 12:04:09 -04:00
Daniel Nephin
eb632c53a2
structs: rename the last helper method.
...
This one gets used a bunch, but we can rename it to make the behaviour more obvious.
2021-09-29 11:48:38 -04:00
Daniel Nephin
8d8c1f9d5e
structs: remove another helper
...
We already have a helper funtion.
2021-09-29 11:48:03 -04:00
Daniel Nephin
6d72517682
structs: remove two methods that were only used once each.
...
These methods only called a single function. Wrappers like this end up making code harder to read
because it adds extra ways of doing things.
We already have many helper functions for constructing these types, we don't need additional methods.
2021-09-29 11:47:03 -04:00
Daniel Nephin
8d1378cc1d
Merge pull request #10988 from hashicorp/dnephin/acl-legacy-remove-config
...
acl: isolate deprecated config and warn when they are used
2021-09-29 11:40:14 -04:00
Daniel Nephin
6b33e3bfd7
Merge pull request #9456 from hashicorp/dnephin/config-deprecation
...
config: Use DeprecatedConfig struct for deprecated config fields
2021-09-29 11:37:40 -04:00
Evan Culver
60170dfbe7
Merge remote-tracking branch 'origin/eculver/remove-envoy-1.15' into eculver/remove-envoy-1.15
2021-09-28 16:06:36 -07:00
Evan Culver
4f1a8d4ea6
Fix typo
...
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-09-29 01:05:45 +02:00
Evan Culver
03e44da9f7
Merge branch 'eculver/envoy-1.19.1' into eculver/remove-envoy-1.15
2021-09-28 15:59:43 -07:00
Evan Culver
9b73e7319d
Merge branch 'main' into eculver/envoy-1.19.1
2021-09-28 15:58:20 -07:00
Chris S. Kim
5c37819d09
Cleanup unnecessary normalizing method ( #11169 )
2021-09-28 15:31:12 -04:00
Daniel Nephin
bf2a3f6e79
Merge pull request #11084 from krastin/krastin-autopilot-loggingtypo
...
Fix a tiny typo in logging in autopilot.go
2021-09-28 15:11:11 -04:00
Evan Culver
585d9363ed
Merge branch 'main' into eculver/envoy-1.19.1
2021-09-28 11:54:33 -07:00
Chris S. Kim
e3248c20c9
agent: Clean up unused built-in proxy config ( #11165 )
2021-09-28 11:29:10 -04:00
Daniel Nephin
cd4e70b34c
acl: fix default authorizer for down_policy
...
This was causing a nil panic because a nil authorizer is no longer valid after the cleanup done
in https://github.com/hashicorp/consul/pull/10632 .
2021-09-23 18:12:22 -04:00
Daniel Nephin
6bb7aef15c
Remove t.Parallel from TestACLResolver_DownPolicy
...
These tests run in under 10ms, t.Parallel does nothing but slow them down and
make failures harder to debug when one panics.
2021-09-23 18:12:22 -04:00
Dhia Ayachi
e664dbc352
Refactor table index acl phase 2 ( #11133 )
...
* extract common methods from oss and ent
* remove unreachable code
* add missing normalize for binding rules
* fix oss to use Query
2021-09-23 15:26:09 -04:00
Daniel Nephin
e8ac5fd90b
config: Move ACLEnableKeyListPolicy to DeprecatedConfig
2021-09-23 15:15:00 -04:00
Daniel Nephin
5c40b717ed
config: move acl_ttl to DeprecatedConfig
2021-09-23 15:14:59 -04:00
Daniel Nephin
977f6d8888
config: move acl_{default,down}_policy to DeprecatedConfig
2021-09-23 15:14:59 -04:00
Daniel Nephin
5eafcea4d4
config: Deprecate EnableACLReplication
...
replaced by ACL.TokenReplication
2021-09-23 15:14:59 -04:00
Daniel Nephin
5dc16180ad
config: move ACL master token and replication to DeprecatedConfig
2021-09-23 15:14:59 -04:00
Paul Banks
1ecec84fd7
Merge pull request #10903 from hashicorp/feature/ingress-sds
...
Add Support to for providing TLS certificates for Ingress listeners from an SDS source
2021-09-23 16:19:05 +01:00
Dhia Ayachi
5904e4ac79
Refactor table index ( #11131 )
...
* convert tableIndex to use the new pattern
* make `indexFromString` available for oss as well
* refactor `indexUpdateMaxTxn`
2021-09-23 11:06:23 -04:00
Paul Banks
7b4cbe3143
Final readability tweaks from review
2021-09-23 10:17:12 +01:00
Paul Banks
70bc89b7f4
Fix subtle loop bug and add test
2021-09-23 10:13:41 +01:00
Paul Banks
07f81991df
Refactor SDS validation to make it more contained and readable
2021-09-23 10:13:19 +01:00
Paul Banks
5cfd030d03
Refactor Ingress-specific lister code to separate file
2021-09-23 10:13:19 +01:00
Paul Banks
136928a90f
Minor PR typo and cleanup fixes
2021-09-23 10:13:19 +01:00
Paul Banks
20d0bf81f7
Revert abandonned changes to proxycfg for Ent test consistency
2021-09-23 10:13:19 +01:00
Paul Banks
a9119e36a5
Fix merge conflict in xds tests
2021-09-23 10:12:37 +01:00
Paul Banks
2281d883b9
Fix some more Enterprise Normalization issues affecting tests
2021-09-23 10:12:37 +01:00
Paul Banks
9fa60c7472
Remove unused argument to fix lint error
2021-09-23 10:09:11 +01:00
Paul Banks
659321d008
Handle namespaces in route names correctly; add tests for enterprise
2021-09-23 10:09:11 +01:00
Paul Banks
2a3d3d3c23
Update xDS routes to support ingress services with different TLS config
2021-09-23 10:08:02 +01:00
Paul Banks
16b3b1c737
Update xDS Listeners with SDS support
2021-09-23 10:08:02 +01:00
Paul Banks
ccbda0c285
Update proxycfg to hold more ingress config state
2021-09-23 10:08:02 +01:00
Paul Banks
4e39f03d5b
Add ingress-gateway config for SDS
2021-09-23 10:08:02 +01:00
Daniel Nephin
c84867feda
acl: remove ACL.Apply
...
As part of removing the legacy ACL system.
2021-09-22 18:28:08 -04:00
Daniel Nephin
ae05419aea
acl: made acl rules in tests slightly more specific
...
When converting these tests from the legacy ACL system to the new RPC endpoints I
initially changed most things to use _prefix rules, because that was equivalent to
the old legacy rules.
This commit modifies a few of those rules to be a bit more specific by replacing the _prefix
rule with a non-prefix one where possible.
2021-09-22 18:24:56 -04:00
Mark Anderson
d88d9e71c2
partitions/authmethod-index work from enterprise ( #11056 )
...
* partitions/authmethod-index work from enterprise
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-09-22 13:19:20 -07:00
Chris S. Kim
f972048ebc
connect: Allow upstream listener escape hatch for prepared queries ( #11109 )
2021-09-22 15:27:10 -04:00
Evan Culver
7e20a5e4f9
connect: remove support for Envoy 1.15
2021-09-22 11:48:50 -07:00
R.B. Boyer
706fc8bcd0
grpc: strip local ACL tokens from RPCs during forwarding if crossing datacenters ( #11099 )
...
Fixes #11086
2021-09-22 13:14:26 -05:00
Daniel Nephin
54256fb751
config: Move two more fields to DeprecatedConfig
...
And add a test for deprecated config fields.
2021-09-22 13:23:03 -04:00
Daniel Nephin
8ed14296ea
config: Introduce DeprecatedConfig
...
This struct allows us to move all the deprecated config options off of
the main config struct, and keeps all the deprecation logic in a single
place, instead of spread across 3+ places.
2021-09-22 13:22:16 -04:00
Evan Culver
2d23f92b35
add 1.19.x versions to test config
2021-09-22 09:30:45 -07:00
Connor
1e3ba26223
Merge pull request #11090 from hashicorp/clly/kv-usage-metrics
...
Add KVUsage to consul state usage metrics
2021-09-22 11:26:56 -05:00
Connor Kelly
ba706501e1
Strip out go 1.17 bits
2021-09-22 11:04:48 -05:00
Matt Keeler
a6a359cc80
Add a mock Agent delegate to ease/improve some types of testing
2021-09-22 10:23:01 -04:00
hc-github-team-consul-core
47b99d0b78
auto-updated agent/uiserver/bindata_assetfs.go from commit 9c0233cf5
2021-09-22 13:05:38 +00:00
hc-github-team-consul-core
7efb015ca9
auto-updated agent/uiserver/bindata_assetfs.go from commit cfbd1bb84
2021-09-22 09:26:14 +00:00
Daniel Nephin
72f2199ea1
acl: remove remaining tests that use ACL.Apply
...
In preparation for removing ACL.Apply.
Tests for ACL.Apply, ACL.GetPolicy, and ACL upgrades were removed
because all 3 of those will be removed shortly.
The forth test appears to be for the ACLResolver cache, so the test was moved to the correct
test file, and the name was updated to make it obvious what is being tested.
2021-09-21 19:35:26 -04:00
Evan Culver
2798383dbc
regenerate envoy golden files
2021-09-21 16:21:00 -07:00
Evan Culver
7605dff46e
add envoy 1.19.1
2021-09-21 15:39:36 -07:00
Daniel Nephin
eb991c18c2
fsm: restore the legacy commands
...
and emit a helpful error message.
2021-09-21 18:35:12 -04:00
Daniel Nephin
fa4b33ab8f
Convert tests to the new ACL system
...
In preparation for removing ACL.Apply
2021-09-21 18:35:12 -04:00
Daniel Nephin
5779af1f62
config: use the new ACL system in tests
...
In preparation for removing ACL.Apply
2021-09-21 17:57:29 -04:00
Daniel Nephin
d64409f66f
catalog: use the new ACL system in tests
...
In preparation for removing ACL.Apply
2021-09-21 17:57:29 -04:00
Daniel Nephin
3b9578d7eb
Update 4 non-acl tests that used the legacy ACL.Apply
...
These tests don't really care about the endpoint, they just need some way to create an ACL token.
2021-09-21 17:57:29 -04:00
Daniel Nephin
746f67b3a1
acl: remove two commented out tests for legacy ACL replication
...
They were commented out in 2018.
2021-09-21 17:57:29 -04:00
Daniel Nephin
abd9cd0e15
acl: replace legacy Get and List RPCs with an error impl
...
These endpoints are being removed as part of the legacy ACL system.
2021-09-21 17:57:29 -04:00
Daniel Nephin
e7c63004a8
acl: remove a couple legacy ACL operation constants
...
structs.ACLForceSet was deprecated 4 years ago, it should be safe to remove now.
ACLBootstrapNow was removed in a recent commit. While it is technically possible that a cluster with mixed version
could still attempt a legacy boostrap, we documented that the legacy system was deprecated in 1.4, so no
clusters that are being upgraded should be attempting a legacy boostrap.
2021-09-21 17:57:29 -04:00
Daniel Nephin
868bfc7a0a
acl: Remove unused ACLPolicyIDType
2021-09-21 17:57:29 -04:00