Commit Graph

16560 Commits

Author SHA1 Message Date
Daniel Nephin f9aef8018b Apply suggestions from code review
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-01-26 12:24:13 -05:00
Daniel Nephin 737c0097e0 acl: extract a backend type for the ACLResolverBackend
This is a small step to isolate the functionality that is used for the
ACLResolver from the large Client and Server structs.
2022-01-26 12:24:10 -05:00
trujillo-adam 4c4a9f3e65 added GWclass and GWClassConfig 2022-01-26 09:23:10 -08:00
Daniel Nephin 2e2156a8bb contrib: add CA manager states diagram 2022-01-26 12:14:29 -05:00
Dhia Ayachi 28d4b2316a fix typo and add a TODO section for the remaining stuff 2022-01-26 12:14:29 -05:00
Dhia Ayachi b843a98890 Add sequence diagram for leader boot sequence 2022-01-26 12:14:29 -05:00
Dhia Ayachi fa833ac0f8 fix types and add reference to mesh and auto_config docs 2022-01-26 12:14:29 -05:00
Daniel Nephin 9a7a06f9f8 contrib: add CA operations 2022-01-26 12:14:29 -05:00
Daniel Nephin c5c5d7777c contrib: add description of cert relationship diagram
And links to code
2022-01-26 12:14:29 -05:00
Dhia Ayachi 440db2985a add HL diagram on the ca generation sequence 2022-01-26 12:14:29 -05:00
Daniel Nephin 79f4d53079 contrib: add first draft of Connect CA developer docs
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2022-01-26 12:14:29 -05:00
Matt Keeler 19a67d8768
Update telemetry page with advice for monitoring boltdb performance (#12141)
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-01-26 11:51:19 -05:00
Blake Covarrubias a3ad4be429
docs: Add ingress TLS cipher and version documentation (#12163)
Document the new TLS cipher and version parameters that were added to
ingress gateways in #11576.

Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2022-01-26 08:12:12 -08:00
David Yu b199b60ded
docs: Service Sync clarify requirements when using Service Mesh (#12177)
* docs: Service Sync clarify requirements when using Service Mesh

* replace with relative link
2022-01-25 15:02:19 -08:00
modrake 64e9e8a574
Merge pull request #12178 from hashicorp/RDX-205-add-netcgo-for-darwin-builds
RDX-205 add netcgo tag for darwin builds
2022-01-25 14:10:02 -08:00
R.B. Boyer d2c0945f52
xds: fix for delta xDS reconnect bug in LDS/CDS (#12174)
When a wildcard xDS type (LDS/CDS/SRDS) reconnects from a delta xDS stream,
prior to envoy `1.19.0` it would populate the `ResourceNamesSubscribe` field
with the full list of currently subscribed items, instead of simply omitting it
to infer that it wanted everything (which is what wildcard mode means).

This upstream issue was filed in envoyproxy/envoy#16063 and fixed in
envoyproxy/envoy#16153 which went out in Envoy `1.19.0` and is fixed in later
versions (later refactored in envoyproxy/envoy#16855).

This PR conditionally forces LDS/CDS to be wildcard-only even when the
connected Envoy requests a non-wildcard subscription, but only does so on
versions prior to `1.19.0`, as we should not need to do this on later versions.

This fixes the failure case as described here: #11833 (comment)

Co-authored-by: Huan Wang <fredwanghuan@gmail.com>
2022-01-25 11:24:27 -06:00
Chris S. Kim f5d816dace
Remove incorrect usage of url.PathEscape (#12184)
When r.toHTTP is called, http.Request is built with the path
already escaped. This removes all calls to url.PathEscape that
would have led to double-escaped URLs.
2022-01-25 12:15:06 -05:00
Morgan Drake 6eea2f2d48 add netcgo tag for darwin builds 2022-01-24 14:34:57 -08:00
Michele Degges d2f36651ab
Make systemd EnvironmentFile optional #12176 2022-01-24 12:47:43 -08:00
Michele Degges 81a79a3595 Adding changelog entry 2022-01-24 12:32:22 -08:00
Michele Degges 282b662641 Don't kill service if envfile isn't present 2022-01-24 12:13:14 -08:00
Michele Degges 7d4d7ab785 Merge branch 'main' of github.com:hashicorp/consul 2022-01-24 12:12:33 -08:00
David Yu 6689425bec
docs: Admin Partitions K8s requirement update (#12173)
* docs: Admin Partitions K8s requirement update

* Update admin-partitions.mdx

* Update website/content/docs/enterprise/admin-partitions.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* extra space

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-24 09:04:02 -08:00
Michele Degges 0e37b28323
Add missing consul.env file for linux packaging (#12159) 2022-01-24 10:43:20 -05:00
mrspanishviking f3514d802b
Merge pull request #11980 from krastin/krastin/docsday-ui-viz
adding JSON examples to /docs/connect/observability/ui-visualization
2022-01-24 08:42:46 -07:00
Krastin Krastev 8abf4088c1 fixing K8s notes placement in /docs/connect/observability/ui-visualization 2022-01-24 16:35:18 +01:00
Dao Thanh Tung 6765c0d965
Add api changes to agent endpoint for part 2 (#12150) 2022-01-24 10:23:08 -05:00
Krastin Krastev 65d750a84d migrating <Tabs> to <CodeTabs> in /docs/connect/observability/ui-visualization 2022-01-24 16:10:03 +01:00
Daniel Nephin e134e43da6 acl: remove calls to ResolveIdentityFromToken
We already have an ACLResolveResult, so we can get the accessor ID from
it.
2022-01-22 15:05:42 -05:00
Daniel Nephin edca8d61a3 acl: remove ResolveTokenToIdentity
By exposing the AccessorID from the primary ResolveToken method we can
remove this duplication.
2022-01-22 14:47:59 -05:00
Daniel Nephin a5e8af79c3 acl: return a resposne from ResolveToken that includes the ACLIdentity
So that we can duplicate duplicate methods.
2022-01-22 14:33:09 -05:00
Daniel Nephin 8c9c48e219 acl: remove duplicate methods
Now that ACLResolver is embedded we don't need ResolveTokenToIdentity on
Client and Server.

Moving ResolveTokenAndDefaultMeta to ACLResolver removes the duplicate
implementation.
2022-01-22 14:12:08 -05:00
Daniel Nephin 241663a046 acl: embed ACLResolver in Client and Server
In preparation for removing duplicate resolve token methods.
2022-01-22 14:07:26 -05:00
David Yu 9dc6abaa70
docs: 1.11.0 release notes (#12138)
* Work in Progress

* edit nav to show 1.11

* slight updates to release note content

* acl changes

* add details on bbolt

* first draft

* add more admin partition details

* revert package-lock.json

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* add sds change, and 1.10 change for tproxy

* Small changes

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* adding Consul Service mesh term

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-21 15:46:02 -08:00
Peter M 8c2399a862
Updated intro text
Jeff and I re-worded/expanded the text a bit here for the introduction section.
2022-01-21 16:14:45 -07:00
Michele Degges a4fe5362ed Add missing consul.env file for linux packaging 2022-01-21 13:43:21 -08:00
Chris S. Kim 06fbee2801
Push bindata_assetfs.go to a non-protected branch (#12151) 2022-01-21 16:10:54 -05:00
Chris S. Kim bee18f4a1d
Generate bindata_assetfs.go (#12146) 2022-01-21 16:06:44 -05:00
R.B. Boyer 38e0106701
update main to reflect it is v1.12.0-dev (#12157) 2022-01-21 15:03:11 -06:00
David Yu c69b05ca55
docs: Vault Secrets Backend K8s, remove code tabs (#12156)
* Update connect-ca.mdx

* Update gossip.mdx

* Update index.mdx

* Update server-tls.mdx
2022-01-21 11:28:38 -08:00
David Yu 662fb1b919
docs: Formatting Consul K8s Vault docs (#12148)
* Update index.mdx

* Update gossip.mdx

* Update install-cli.mdx

* Update gossip.mdx

* Update website/content/docs/k8s/installation/vault/gossip.mdx

Co-authored-by: Bryce Kalow <bkalow@hashicorp.com>

* fix MDX formatting

* local changes

* adding formatting changes

* Update website/content/docs/k8s/installation/vault/connect-ca.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* adding shell-session to service mesh certs

Co-authored-by: Bryce Kalow <bkalow@hashicorp.com>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-21 11:01:48 -08:00
John Cowen e6a084807b
ui: Enable theming (#12134)
plus Themeable icons (#12135)
2022-01-21 12:19:03 +00:00
John Cowen 61d7acd51f
ui: Tweak some code related meta information (#12117)
* ui: Correct some meta info

* Encoder doesn't take an argument whereas decoder does

* Math.trunc looks like the closest to parseInt but using the correct type

*  use a dynamic string when setting things on window
2022-01-21 11:42:48 +00:00
Evan Culver 89ed18dc42
Provide an 'escape-hatch' for website-checker workflow (#11882) 2022-01-20 18:34:01 -08:00
Ashwin Venkatesh 7568f3a102
Add support for 'Partition' and 'RetryJoin' (#12126)
- Adding a 'Partition' and 'RetryJoin' command allows test cases where
  one would like to spin up a Consul Agent in a non-default partition to
test use-cases that are common when enabling Admin Partition on
Kubernetes.
2022-01-20 16:49:36 -05:00
R.B. Boyer b9e9f1106b
docs: update config entry docs for proxy-defaults to follow new template (#12011) 2022-01-20 15:35:27 -06:00
Chris S. Kim 6cecd35e6e
ci: Add explanation in forbidigo (#12140) 2022-01-20 13:07:10 -05:00
R.B. Boyer baa45a6987
lint: forbid require.New and assert.New (#12139)
See #12137
2022-01-20 11:36:29 -06:00
R.B. Boyer 412ee92c27
Merge pull request #12137 from hashicorp/testify-no-structs
test: stop using require.New and assert.New from testify
2022-01-20 11:02:39 -06:00
Blake Covarrubias cdd56970a3
Merge pull request #12024 from hashicorp/docs/update-links-to-avoid-redirects
docs: Avoid redirects by pointing links to new URLs
2022-01-20 08:59:51 -08:00