status-im/consul
2
0
Fork 0
mirror of https://github.com/status-im/consul.git synced 2025-01-10 13:55:55 +00:00
Code Issues Projects Releases Wiki Activity
15,693 Commits 445 Branches 179 Tags 489 MiB
Commit Graph

3830 Commits

Author SHA1 Message Date
freddygv
df7b5af6f0 Avoid panic on nil partitionAuthorizer config 
partitionAuthorizer.config can be nil if it wasn't provided on calls to
newPartitionAuthorizer outside of the ACLResolver. This usage happens
often in tests.

This commit: adds a nil check when the config is going to be used,
updates non-test usage of NewPolicyAuthorizerWithDefaults to pass a
non-nil config, and dettaches setEnterpriseConf from the ACLResolver.
 2021-10-26 23:42:25 -06:00
freddygv
22bdf279d1 Update NodeRead for partition-exports 
When issuing cross-partition service discovery requests, ACL filtering
often checks for NodeRead privileges. This is because the common return
type is a CheckServiceNode, which contains node data.
 2021-10-26 23:42:11 -06:00
Kyle Havlovitz
65c9109396 acl: pass PartitionInfo through ent ACLConfig 2021-10-26 23:41:52 -06:00
Kyle Havlovitz
d03f849e49 acl: Expand ServiceRead logic to look at service-exports for cross-partition 2021-10-26 23:41:32 -06:00
freddygv
8006c6df73 Swap in structs.EqualPartitions for cmp 2021-10-26 23:36:01 -06:00
freddygv
37a16e9487 Replace Split with SplitN 2021-10-26 23:36:01 -06:00
freddygv
b9b6447977 Finish removing useInDatacenter 2021-10-26 23:36:01 -06:00
freddygv
e1691d1627 Update XDS for sidecars dialing through gateways 2021-10-26 23:35:48 -06:00
freddygv
62e0fc62c1 Configure sidecars to watch gateways in partitions 
Previously the datacenter of the gateway was the key identifier, now it
is the datacenter and partition.

When dialing services in other partitions or datacenters we now watch
the appropriate partition.
 2021-10-26 23:35:37 -06:00
freddygv
eacb73cb78 Remove useInDatacenter from disco chain requests 
useInDatacenter was used to determine whether the mesh gateway mode of
the upstream should be returned in the discovery chain target. This
commit makes it so that the mesh gateway mode is returned every time,
and it is up to the caller to decide whether mesh gateways should be
watched or used.
 2021-10-26 23:35:21 -06:00
R.B. Boyer
ef559dfdd4
agent: refactor the agent delegate interface to be partition friendly (#11429) 2021-10-26 15:08:55 -05:00
Chris S. Kim
fa293362be
agent: Ensure partition is considered in agent endpoints (#11427) 2021-10-26 15:20:57 -04:00
Konstantine
55599d0b41 remove spaces 2021-10-26 12:38:13 -04:00
Konstantine
ce85d2eada fix altDomain responses for services where address is IP, added tests 2021-10-26 12:38:13 -04:00
Konstantine
a7e8c51f80 fix encodeIPAsFqdn to return alt-domain when requested, added test case 2021-10-26 12:38:12 -04:00
Konstantine
ffb00f01b5 fixed altDomain response for NS type queries, and added test 2021-10-26 12:38:12 -04:00
Konstantine
a828c45a62 edited TestDNS_AltDomains_Service to test responses for altDomains, and added TXT additional section check 2021-10-26 12:38:12 -04:00
Konstantine
0864bfdb71 fixed alt-domain answer for SRV records, and TXT records in additional section 2021-10-26 12:38:12 -04:00
Chris S. Kim
76bbeb3baf
ui: Pass primary dc through to uiserver (#11317) 
Co-authored-by: John Cowen <johncowen@users.noreply.github.com>
 2021-10-26 10:30:17 -04:00
freddygv
8aefdc31da Remove outdated partition label from test 2021-10-25 18:47:02 -06:00
freddygv
5c24ed61a8 Rename service-exports to partition-exports 
Existing config entries prefixed by service- are specific to individual
services. Since this config entry applies to partitions it is being
renamed.

Additionally, the Partition label was changed to Name because using
Partition at the top-level and in the enterprise meta was leading to the
enterprise meta partition being dropped by msgpack.
 2021-10-25 17:58:48 -06:00
Daniel Nephin
4ae2c8de9d
Merge pull request #11232 from hashicorp/dnephin/acl-legacy-remove-docs 
acl: add docs and changelog for the removal of the legacy ACL system
 2021-10-25 18:38:00 -04:00
Daniel Nephin
5d41b4d2f4 Update agent/consul/acl_client.go 
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
 2021-10-25 17:25:14 -04:00
Daniel Nephin
65d48e5042 state: remove support for updating legacy ACL tokens 2021-10-25 17:25:14 -04:00
Daniel Nephin
0784a31e85 acl: remove init check for legacy anon token 
This token should always already be migrated from a previous version.
 2021-10-25 17:25:14 -04:00
Daniel Nephin
daba3c2309 acl: remove legacy parameter to ACLDatacenter 
It is no longer used now that legacy ACLs have been removed.
 2021-10-25 17:25:14 -04:00
Daniel Nephin
3390f85ab4 acl: remove ACLTokenTypeManagement 2021-10-25 17:25:14 -04:00
Daniel Nephin
32b4ad42ac acl: remove ACLTokenTypeClient, 
along with the last test referencing it.
 2021-10-25 17:25:14 -04:00
Daniel Nephin
aea4cc5a6d acl: remove legacy arg to store.ACLTokenSet 
And remove the tests for legacy=true
 2021-10-25 17:25:14 -04:00
Daniel Nephin
c77e5747b1 acl: remove EmbeddedPolicy 
This method is no longer. It only existed for legacy tokens, which are no longer supported.
 2021-10-25 17:25:14 -04:00
Daniel Nephin
121431bf17 acl: remove tests for resolving legacy tokens 
The code for this was already removed, which suggests this is not actually testing what it claims.

I'm guessing these are still resolving because the tokens are converted to non-legacy tokens?
 2021-10-25 17:25:14 -04:00
Daniel Nephin
0d0761927a acl: stop replication on leadership lost 
It seems like this was missing. Previously this was only called by init of ACLs during an upgrade.
Now that legacy ACLs are  removed, nothing was calling stop.

Also remove an unused method from client.
 2021-10-25 17:24:12 -04:00
Daniel Nephin
98823e573f Remove incorrect TODO 2021-10-25 17:20:06 -04:00
Daniel Nephin
1344137ce2 acl: move the legacy ACL struct to the one package where it is used 
It is now only used for restoring snapshots. We can remove it in phase 2.
 2021-10-25 17:20:06 -04:00
Daniel Nephin
531f2f8a3f acl: remove most of the rest of structs/acl_legacy.go 2021-10-25 17:20:06 -04:00
Paul Banks
954b283fec
Merge pull request #11163 from hashicorp/feature/ingress-tls-mixed 
Add support for enabling connect-based ingress TLS per listener.
 2021-10-25 21:36:01 +01:00
FFMMM
fea6f08bf9
fix autopilot_failure_tolerance, add autopilot metrics test case (#11399) 
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
 2021-10-25 10:55:59 -07:00
FFMMM
0954d261ae
use *telemetry.MetricsPrefix as prometheus.PrometheusOpts.Name (#11290) 
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
 2021-10-21 13:33:01 -07:00
Dhia Ayachi
58f5686c08
fix leadership transfer on leave suggestions (#11387) 
* add suggestions

* set isLeader to false when leadership transfer succeed
 2021-10-21 14:02:26 -04:00
Dhia Ayachi
f424faffdd
try to perform a leadership transfer when leaving (#11376) 
* try to perform a leadership transfer when leaving

* add a changelog
 2021-10-21 12:44:31 -04:00
Kyle Havlovitz
04cd2c983e Add new service-exports config entry 2021-10-20 12:24:18 -07:00
Jared Kirschner
14af8cb7a9
Merge pull request #11293 from bisakhmondal/service_filter 
expression validation of service-resolver subset filter
 2021-10-20 08:57:37 -04:00
Paul Banks
c891f30c24 Rebase and rebuild golden files for Envoy version bump 2021-10-19 21:37:58 +01:00
Paul Banks
6faf85bccd Refactor resolveListenerSDSConfig to pass in whole config 2021-10-19 20:58:29 +01:00
Paul Banks
78a00f2e1c Add support for enabling connect-based ingress TLS per listener. 2021-10-19 20:58:28 +01:00
R.B. Boyer
cc2abb79ba
acl: small OSS refactors to help ensure that auth methods with namespace rules work with partitions (#11323) 2021-10-14 15:38:05 -05:00
freddygv
e22f0cc033 Use stored entmeta to fill authzContext 2021-10-14 08:57:40 -06:00
freddygv
53ea1f634a Ensure partition is handled by auto-encrypt 2021-10-14 08:32:45 -06:00
FFMMM
62980ffaa2
fix: only add prom autopilot gauges to servers (#11241) 
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
 2021-10-13 09:25:30 -07:00
Chris S. Kim
c6906b4d37
Update Intentions.List with partitions (#11299) 2021-10-13 10:47:12 -04:00