Commit Graph

11755 Commits

Author SHA1 Message Date
R.B. Boyer 5404155d36 acl: allow auth methods created in the primary datacenter to optionally create global tokens (#7899) 2020-06-01 16:45:22 +00:00
R.B. Boyer c4b875cae4 acl: remove the deprecated `acl_enforce_version_8` option (#7991)
Fixes #7292
2020-06-01 10:40:22 -05:00
Jono Sosulska cedcbf3299 Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
* Replace whitelist/blacklist terminology with allowlist/denylist
2020-06-01 10:40:14 -05:00
Daniel Nephin 1664067943 ci: Add staticcheck and fix most errors
Three of the checks are temporarily disabled to limit the size of the
diff, and allow us to enable all the other checks in CI.

In a follow up we can fix the issues reported by the other checks one
at a time, and enable them.
2020-06-01 10:40:04 -05:00
Daniel Nephin 1aeede5eb7 config: use the new HookTranslateKeys instead of lib.TranslateKeys
With the exception of CA provider config, which will be migrated at some
later time.
2020-06-01 10:39:58 -05:00
Daniel Nephin b11a615f0c Add alias struct tags for new decode hook 2020-06-01 10:39:51 -05:00
Daniel Nephin 225059294e config: add HookTranslteKeys
This hook replaces lib.TranslateKeys and has a number of advantages:

1. Primarily, aliases for fields are defined on the field itself, making
   the aliases much easier to maintain, and more obvious to the reader.
2. TranslateKeys translation rules are not aware of structure. It could
   very easily incorrectly translate a key on one struct that was intended
   to be a translation rule for a completely different struct, leading
   to very hard to debug errors. The hook removes the need for the
   unexpected "translation rule is an empty string to indicate stop
   traversal" special case.
3. TranslateKeys attempts to duplicate a bunch of tree traversal logic
   that already exists in mapstructure. Using mapstructure for traversal
   removes the need to traverse the entire structure multiple times, and
   makes the behaviour more obvious to the reader.

This change is being made to enable a future change of replacing
PatchSliceOfMaps. TranslateKeys sits in between PatchSliceOfMaps and
mapstructure.Decode, so it must be converted to a hook first, before
PatchSliceOfMaps can be replaced by a decode hook.
2020-06-01 10:38:27 -05:00
Raphaël Rondeau b29c954480 connect: fix endpoints clusterName when using cluster escape hatch (#7319)
```changelog
* fix(connect): fix endpoints clusterName when using cluster escape hatch
```
2020-06-01 10:35:31 -05:00
Pierre Souchay 0d86e802be Stop all watches before shuting down anything dring shutdown. (#7526)
This will prevent watches from being triggered.

```changelog
* fix(agent):  stop all watches before shuting down
```
2020-06-01 10:35:14 -05:00
Pierre Souchay 66612e5dc6 tests: added unit test to ensure watches are not re-triggered on consul reload (#7449)
This ensures no regression about https://github.com/hashicorp/consul/issues/7318
And ensure that https://github.com/hashicorp/consul/issues/7446 cannot happen anymore
2020-06-01 10:33:31 -05:00
Pierre Souchay 876ee89d4a Allow to restrict servers that can join a given Serf Consul cluster. (#7628)
Based on work done in https://github.com/hashicorp/memberlist/pull/196
this allows to restrict the IP ranges that can join a given Serf cluster
and be a member of the cluster.

Restrictions on IPs can be done separatly using 2 new differents flags
and config options to restrict IPs for LAN and WAN Serf.
2020-06-01 10:31:32 -05:00
R.B. Boyer c2b903b597 create lib/stringslice package (#7934) 2020-05-27 16:48:01 +00:00
R.B. Boyer b527e77850 agent: handle re-bootstrapping in a secondary datacenter when WAN federation via mesh gateways is configured (#7931)
The main fix here is to always union the `primary-gateways` list with
the list of mesh gateways in the primary returned from the replicated
federation states list. This will allow any replicated (incorrect) state
to be supplemented with user-configured (correct) state in the config
file. Eventually the game of random selection whack-a-mole will pick a
winning entry and re-replicate the latest federation states from the
primary. If the user-configured state is actually the incorrect one,
then the same eventual correct selection process will work in that case,
too.

The secondary fix is actually to finish making wanfed-via-mgws actually
work as originally designed. Once a secondary datacenter has replicated
federation states for the primary AND managed to stand up its own local
mesh gateways then all of the RPCs from a secondary to the primary
SHOULD go through two sets of mesh gateways to arrive in the consul
servers in the primary (one hop for the secondary datacenter's mesh
gateway, and one hop through the primary datacenter's mesh gateway).
This was neglected in the initial implementation. While everything
works, ideally we should treat communications that go around the mesh
gateways as just provided for bootstrapping purposes.

Now we heuristically use the success/failure history of the federation
state replicator goroutine loop to determine if our current mesh gateway
route is working as intended. If it is, we try using the local gateways,
and if those don't work we fall back on trying the primary via the union
of the replicated state and the go-discover configuration flags.

This can be improved slightly in the future by possibly initializing the
gateway choice to local on startup if we already have replicated state.
This PR does not address that improvement.

Fixes #7339
2020-05-27 16:32:22 +00:00
R.B. Boyer 1765fa854e connect: ensure proxy-defaults protocol is used for upstreams (#7938) 2020-05-21 21:09:51 +00:00
hashicorp-ci a0f27e6597 Putting source back into Dev Mode 2020-05-21 20:27:47 +00:00
hashicorp-ci a774d9b12f
Release v1.8.0-beta2 2020-05-21 19:33:59 +00:00
hashicorp-ci 7dd0a87286
update bindata_assetfs.go 2020-05-21 19:33:58 +00:00
Chris Piraino 9ed093ac34
Update CHANGELOG.md 2020-05-21 12:17:50 -05:00
Daniel Nephin 7925a0074c Merge pull request #7933 from hashicorp/dnephin/state-txn-missing-errors
state: fix unhandled error
2020-05-21 17:03:33 +00:00
Aleksandr Zagaevskiy 6aecf89418 Preserve ModifyIndex for unchanged entry in KVS TXN (#7832) 2020-05-21 17:03:16 +00:00
Seth Hoenig 352ed2c13b grpc: use default resolver scheme for grpc dialing (#7617)
Currently checks of type gRPC will emit log messages such as,

    2020/02/12 13:48:22 [INFO] parsed scheme: ""
    2020/02/12 13:48:22 [INFO] scheme "" not registered, fallback to default scheme

Without adding full support for using custom gRPC schemes (maybe that's
right long-term path) we can just supply the default scheme as provided
by the grpc library.

Fixes https://github.com/hashicorp/consul/issues/7274
and https://github.com/hashicorp/nomad/issues/7415
2020-05-21 17:01:47 +00:00
Daniel Nephin c02d4e1390 Merge pull request #7894 from hashicorp/dnephin/add-linter-staticcheck-1
Fix some bugs/issues found by staticcheck
2020-05-21 17:01:15 +00:00
Daniel Nephin 573050a5a9 Make envoy integration tests a `go test` suite (#7842)
* test/integration: only run against 1 envoy version

These tests are slow enough that it seems unlikely that anyone is
running multiple versions locally. If someone wants to, a for loop
outside of run_test.sh should do the right thing.

Remove unused vars.

* Remove logic to iterate over test cases, run a single case

* Add a golang runner for integration tests

* Use build tags for envoy integration tests

And add junit-xml report
2020-05-21 15:54:04 +00:00
John Cowen 230447f80b
Update CHANGELOG.md 2020-05-21 16:17:41 +01:00
John Cowen 6e22eb3b65
Update CHANGELOG.md 2020-05-21 16:16:37 +01:00
Chris Piraino 151093b85f
Update CHANGELOG.md 2020-05-21 09:33:33 -05:00
Kyle Havlovitz 0bcbed16ca Standardize support for Tagged and BindAddresses in Ingress Gateways (#7924)
* Standardize support for Tagged and BindAddresses in Ingress Gateways

This updates the TaggedAddresses and BindAddresses behavior for Ingress
to match Mesh/Terminating gateways. The `consul connect envoy` command
now also allows passing an address without a port for tagged/bind
addresses.

* Update command/connect/envoy/envoy.go

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* PR comments

* Check to see if address is an actual IP address

* Update agent/xds/listeners.go

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* fix whitespace

Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-05-21 14:08:43 +00:00
John Cowen fa21399231 UI Release Merge (1.8-beta-2: ui-staging merge) (#7919)
* ui: Styling fixes (#7885)

* Move cellHeight to ListCollection js file

* Fix composite row border-top-color onHover state

* Add empty health check icon to CompositeRow styling

* ui: Slightly refactor %composite-rows and reuse ConsulServiceList component (#7886)

* ui: Move individual component types into a single %composite-list plus

1. Removes all out separate CSS components (that match HTML components)
to favour not having those separate for the moemnt at least
2. Reuses <ConsulServiceList /> component for Terminating Gateways >
Linked Services

* ui: Tweak breadcrumb spacing for '/' separator

* Fix up the tests i.e. services per tab so we can call them all services

* ui: Misc discovery chain fixes (#7892)

1. Look for a default splitter before looking for a default resolver in
order to route to.
2. Delay adding svg listeners until afterRender (fixes split tooltip)
3. Make router id's consistent for highlighting default routers in when
clicking the graph

* ui: If an error occurs on the server, surface it in the notification (#7893)

* ui: Delete old unused CSS (#7909)

This commit deletes CSS that we no longer use and we definitely will not
ever use.

We also dedup all of our imports here as it turns out SASS doesn't
dedupe imports. Strangely this increases out CSS weight by ~1kb instead
of reducing but we'd rather keep things deduped as that was the
intention

* ui: Redesign - Exposed Paths (#7912)

* Add new exposed paths icons to codebase

* Redesign Exposed Paths and create copy-button hover on Composite Row

* Refactor FeedbackDialog and CopyButton

* Change this.element to use `{{ref }}` now we don't have an element

We changed this to a tagless component with an eye to moving this to a
glimmer component, without spotting that this would also remove the
`this.element` property.

This adds an equivalent using the ref modifier.

Co-authored-by: John Cowen <jcowen@hashicorp.com>

* ui: Remove box-shadow and pointer cursor from metada list hover effect (#7914)

Co-authored-by: Kenia <19161242+kaxcode@users.noreply.github.com>
2020-05-19 16:18:31 +00:00
John Cowen b55d5a0ef9 ui: Only save the setting that you've changed (#7918)
Originally we assumed all settings would be editable in the settings
page, but over time we've added thigns to localStorage that aren't user
settable settings. This means we shouldn't save all you localStorage
settings everything time only a single setting has been saved.

This change only changes the setting you've changed via the settings
page, meaning it will never update non-user-settable settings.
2020-05-19 15:21:48 +00:00
John Cowen 6627709a03 ui: Ensure datacenter is sent to the API when loading in a policy panel (#7910)
* ui: Policies don't have datacenter properties, use the URL dc instead.

* ui: Ensure policy saving proxy object is destroyed
2020-05-19 13:52:20 +00:00
John Cowen c96b31e562 ui: Ensure value is always passed to CONSUL_SSO_ENABLED (#7913)
ACLsEnabled is always set to either true or false. .SSOEnabled is only set if you are running enterprise (the same as .NamespacesEnabled). Therefore .SSOEnabled and .NamespacesEnabled require conditionals to check their existence.

In order to avoid future confusion we moved all go-template variables to use the conditional form, and added a comment to that effect.

Tests have been added to reflect this, but they only test that the template outputs what we expect, true e2e testing here would be advantageous.
2020-05-18 19:23:01 +00:00
Chris Piraino 6969d08361 Merge pull request #7898 from hashicorp/bug/update-gateways-on-config-entry-delete
Remove error from GatewayServices RPC when a service is not a gateway
2020-05-18 18:03:35 +00:00
John Cowen 4c9efd54e0 ui: Misc amends for Safari and Firefox (#7907)
1. Ensure dropdown menus function correctly in Safari
2. Ensure default grey color for buttons is not used
3. Ensure IntersectionObservers are cleaned up properly in Safari
2020-05-18 17:34:30 +00:00
John Cowen 5631d6f07f ui: Quote service names when filtering for intentions (#7888)
* ui: Quote service names for intention filtering

* ui: return null if we ever get an error with anything else
2020-05-18 17:29:43 +00:00
hashicorp-ci 9c9ff2194e Putting source back into Dev Mode 2020-05-14 15:52:12 +00:00
hashicorp-ci 439d148fb2
Release v1.8.0-beta1 2020-05-14 14:33:09 +00:00
hashicorp-ci b1c9c5c571
update bindata_assetfs.go 2020-05-14 14:33:09 +00:00
Preetha 54b589a913
fix typo in changelog 2020-05-14 08:11:56 -05:00
Hans Hasselberg 1a01c060ae
Update CHANGELOG.md 2020-05-14 10:44:45 +02:00
Pierre Souchay cf55e81c06
tests: fix unstable test `TestAgentAntiEntropy_Checks`. (#7594)
Example of failure: https://circleci.com/gh/hashicorp/consul/153932#tests/containers/2
2020-05-14 09:54:49 +02:00
Preetha 6144ef3965
removed duplicated line about JWT auth method 2020-05-13 19:59:13 -05:00
Mike Morris 9cbbff5318
docs: add audit logging docs to agent configuration (#7880) 2020-05-13 20:59:00 -04:00
Preetha 5b13bcafae
Merge pull request #7881 from hashicorp/b-wanfed-update
temporarily remove link that 404s
2020-05-13 19:23:14 -05:00
Preetha 33888bccad
temporarily remove link that 404s
will be readded later when page is available
2020-05-13 19:11:13 -05:00
Preetha bb9ffd1820
Merge pull request #7879 from hashicorp/b-changelog-1.8
Update changelog
2020-05-13 18:34:05 -05:00
Preetha Appan 63ad87aa52 Add blurb on audit logging 2020-05-13 18:10:32 -05:00
Preetha 803b4b5dd4
Update changelog
Moved a couple of key features to the top with longer descriptions
2020-05-13 18:05:50 -05:00
Kit Patella 0616487b56
Merge pull request #7878 from hashicorp/oss-sync/auditing-http
http: migrate from instrumentation in s.wrap() to an s.enterpriseHand…
2020-05-13 16:05:31 -07:00
Kit Patella ad1d4d4d07 http: migrate from instrumentation in s.wrap() to an s.enterpriseHandler() 2020-05-13 15:47:05 -07:00
Freddy 56dccd2b95
Add beta tags to gateway docs (#7876) 2020-05-13 15:47:20 -06:00