14623 Commits

Author SHA1 Message Date
kenia
e9d01a3d4c Refactor Topology Metrics Card component 2021-04-15 09:19:21 -04:00
kenia
cdf77e32f2 Create warning banners for permissive default-allow and wildcard-intention 2021-04-15 09:19:21 -04:00
kenia
57d3bf59ee Update service-topology mock data with new attributes: TransparentProxy, DefaultAllow, WildcardIntention, and Source 2021-04-15 09:19:21 -04:00
Kent 'picat' Gruber
62fcf1ff17
Merge pull request #10030 from hashicorp/fix-ent-audit-log-bypass
Add synthetic enterprise entry for CVE-2021-28156
2021-04-14 20:08:51 -04:00
Kent 'picat' Gruber
6133696ee2
Add component name to entry
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-04-14 19:41:04 -04:00
Kent 'picat' Gruber
9f7190a4fe
Merge pull request #10023 from hashicorp/fix-raw-kv-xss
Add content type headers to raw KV responses
2021-04-14 18:49:14 -04:00
Kent 'picat' Gruber
34683f04c5 Add synthetic enterprise entry for CVE-2021-28156 2021-04-14 18:45:49 -04:00
Daniel Nephin
a2726e8fea
Merge pull request #10025 from hashicorp/dnephin/fix-snapshot-auth-methods
snapshot: fix saving of auth methods
2021-04-14 17:18:35 -04:00
Daniel Nephin
88f83b41aa snapshot: fix saving of auth methods
Previously only a single auth method would be saved to the snapshot. This commit fixes the typo
and adds to the test, to show that all auth methods are now saved.
2021-04-14 16:51:21 -04:00
Kent 'picat' Gruber
71ba835654 Add security release-note changelog entry 2021-04-14 16:40:47 -04:00
Kent 'picat' Gruber
493f820e9d Add better security warning to docs about the content-type change 2021-04-14 16:36:40 -04:00
Kent 'picat' Gruber
d07f57ce67 Update KV docs to note new raw response content-type header 2021-04-14 16:21:03 -04:00
Kent 'picat' Gruber
cf1fce3d0c Add content type headers to raw KV responses 2021-04-14 16:20:22 -04:00
R.B. Boyer
2c3d7da5dd
mod: bump to github.com/hashicorp/mdns v1.0.4 (#10018) 2021-04-14 14:17:52 -05:00
Daniel Nephin
ec34f3860a
Merge pull request #10014 from hashicorp/dnephin/changelog
Add changelog for enterprise change
2021-04-14 14:09:35 -04:00
freddygv
f7094f91c7 Avoid returning a nil slice 2021-04-14 10:52:05 -06:00
Matt Keeler
bbf5993534
Move static token resolution into the ACLResolver (#10013) 2021-04-14 12:39:35 -04:00
R.B. Boyer
06848ce67e fix broken golden tests 2021-04-14 11:36:47 -05:00
Freddy
3ec4556114
Merge pull request #10006 from hashicorp/api-ptrs 2021-04-14 10:21:08 -06:00
freddygv
8e74eaa684 Update viz endpoint to include topology from intentions 2021-04-14 10:20:15 -06:00
Freddy
55a3697b83
Merge pull request #9987 from hashicorp/remove-kube-dns-hack 2021-04-14 10:00:53 -06:00
Daniel Nephin
f01621c861 Add changelog for enterprise change 2021-04-14 11:50:15 -04:00
Mike Wickett
d35bd9c00c
Merge pull request #10008 from hashicorp/mw.update-homepage-links
website: update why hashicorp links
2021-04-14 10:57:29 -04:00
ketzacoatl
c8a6fbd994
add consul-haskell to libraries-and-sdks documentation (#9982)
See also https://github.com/alphaHeavy/consul-haskell/issues/40.
2021-04-13 21:06:19 -04:00
freddygv
e1808af729 Fixup tests 2021-04-13 16:08:41 -06:00
Mike Wickett
73380a0dcc website: update why hashicorp links 2021-04-13 15:55:15 -04:00
freddygv
7cb3f32672 Convert new tproxy structs in api module into ptrs
This way we avoid serializing these when empty. Otherwise users of the
latest version of the api submodule cannot interact with older versions
of Consul, because a new api client would send keys that the older Consul
doesn't recognize yet.
2021-04-13 12:44:25 -06:00
Freddy
1f119aec7c
Merge pull request #10005 from hashicorp/tproxy-fixes 2021-04-13 11:45:40 -06:00
Daniel Nephin
bbb9a73d9b tlsutil: fix a test for go1.16
Using a TestSigner was causing problems because go1.16 has this change:

> CreateCertificate now verifies the generated certificate's signature
> using the signer's public key. If the signature is invalid, an error is
> returned, instead of a malformed certificate.

See https://golang.org/doc/go1.16#crypto/x509
2021-04-13 13:31:20 -04:00
Daniel Nephin
3e20bd25bd connect: fix test for go1.16
There is no way to compare x509.CertPools now that it has an unexpected
function field. This comparison is as close as we can get.

See https://github.com/golang/go/issues/26614 for a related issue.
2021-04-13 13:25:45 -04:00
Freddy
8fc60a6ca6
Merge pull request #10000 from hashicorp/remove-upstream-cfg-validation
Remove zero-value validation of upstream cfg structs
2021-04-13 11:00:02 -06:00
freddygv
4e509aa768 Remove todo that was todone 2021-04-13 10:19:59 -06:00
freddygv
75edc9bc7c Avoid nil panic when cluster config doesn't exist 2021-04-13 10:17:11 -06:00
Daniel Nephin
66567f4bc0 ci: test against Go1.16.3 2021-04-13 12:06:13 -04:00
Freddy
66de74767c
Merge pull request #10003 from hashicorp/proxycfg-tproxy-ent-fixup
Fixup wildcard ent assertion
2021-04-13 09:56:05 -06:00
freddygv
932fbddd27 Augment intention decision summary with DefaultAllow mode 2021-04-12 19:32:09 -06:00
freddygv
8857195437 Fixup wildcard ent assertion 2021-04-12 17:04:33 -06:00
Freddy
18decbba9d
Merge pull request #9999 from hashicorp/update-enabling-tproxy 2021-04-12 16:37:04 -06:00
Kendall Strautman
03df6f70f2
fix(website): docs link text color (#10001) 2021-04-12 13:47:12 -04:00
freddygv
b8ed82b808 Fixup bexpr filtering 2021-04-12 10:17:52 -06:00
freddygv
d7c43049fa Remove zero-value validation of upstream cfg structs
The zero value of these flags was already being excluded in the xDS
generation of circuit breaker/outlier detection config.

See: makeThresholdsIfNeeded and ToOutlierDetection.
2021-04-12 10:08:57 -06:00
freddygv
7bd51ff536 Replace TransparentProxy bool with ProxyMode
This PR replaces the original boolean used to configure transparent
proxy mode. It was replaced with a string mode that can be set to:

- "": Empty string is the default for when the setting should be
defaulted from other configuration like config entries.
- "direct": Direct mode is how applications originally opted into the
mesh. Proxy listeners need to be dialed directly.
- "transparent": Transparent mode enables configuring Envoy as a
transparent proxy. Traffic must be captured and redirected to the
inbound and outbound listeners.

This PR also adds a struct for transparent proxy specific configuration.
Initially this is not stored as a pointer. Will revisit that decision
before GA.
2021-04-12 09:35:14 -06:00
freddygv
9e194b4b3c Avoid failing test due to undiscoverable node name 2021-04-12 09:26:55 -06:00
hashicorp-ci
2995d0e437 auto-updated agent/uiserver/bindata_assetfs.go from commit 84064f972 2021-04-12 13:08:41 +00:00
Kenia
84064f972e
ui: Return empty string protocol for upstream/downstream metrics request (#9989) 2021-04-12 09:03:57 -04:00
freddygv
98ba582797 Fixup mesh gateway docs 2021-04-11 15:48:04 -06:00
tarat44
1ca5fa9769 fix formatting 2021-04-11 15:12:33 -04:00
tarat44
a2e6ca1226 add WaitGroup to h2ping 2021-04-11 15:11:00 -04:00
tarat44
5307c5c3a1 close h2ping client connections 2021-04-10 00:53:53 -04:00
Tara Tufano
9deb52e868
add http2 ping health checks (#8431)
* add http2 ping checks

* fix test issue

* add h2ping check to config resources

* add new test and docs for h2ping

* fix grammatical inconsistency in H2PING documentation

* resolve rebase conflicts, add test for h2ping tls verification failure

* api documentation for h2ping

* update test config data with H2PING

* add H2PING to protocol buffers and update changelog

* fix typo in changelog entry
2021-04-09 15:12:10 -04:00