cf02e3bc22
Merge pull request #3369 from hashicorp/metrics-enhancements
...
Add support for labels/filters from go-metrics
2017-08-08 13:55:30 -07:00
c1c883f441
Add doc links for metrics endpoint
2017-08-08 13:05:38 -07:00
0428e9fe9e
Update docs for metrics endpoint
2017-08-08 12:33:30 -07:00
9fa237ddb6
dns: minor cleanups
2017-08-08 13:55:58 +02:00
d5634fe2a8
Add support for labels/filters from go-metrics
2017-08-08 01:45:10 -07:00
72ae8c8f33
Go back to using <nodename>.node.dc.consul as the name of the ns record being returned.
2017-08-07 16:02:33 -05:00
8a9653bdf8
dns: keep NS names in consul domain
2017-08-07 11:11:55 +02:00
f17bf78bb1
dns: postmaster -> hostmaster
2017-08-07 11:11:55 +02:00
60608b455d
dns: we do not support zone transfers
2017-08-07 11:11:55 +02:00
76b2538915
dns: drop CNAME for primary name server
2017-08-07 11:11:55 +02:00
7f34dc08a5
Added test case with IPV6 bind address for NS records, rewrote tests to use verify library and other code review feedback
2017-08-07 11:11:55 +02:00
76319f751d
Added back glue records in NS response, expanded unit test. Also reused same function used in node lookup for adding A/AAAA records in the extra section of the NS response
2017-08-07 11:11:55 +02:00
f01f17bda3
Don't add A records for NS requests, because the record being returned already resolves correctly. Also fixed all the unit tests, and ignored hostnames that don't meet valid dns hostname criteria
2017-08-07 11:11:55 +02:00
7ea11c2f45
dns: provide correct SOA and NS responses
...
This patch changes the behavior of the DNS server as follows:
* The SOA response contains the SOA record in the Answer section instead
of the Authority section. It also contains NS records in the Authority
and the corresponding A glue records in the Extra section.
In addition, CNAMEs are added to the Extra section to make the
MNAME of the SOA record resolvable.
AAAA glue records are not yet supported.
* The NS response returns up to three random servers from the
consul cluster in the Answer section and the glue A
records in the Extra section.
AAAA glue records are not yet supported.
2017-08-07 11:11:55 +02:00
824fc4ee20
Unify regex used to identify invalid dns characters
2017-08-07 11:11:55 +02:00
37f75a393e
Use sanitized version of node name of server in NS record, and start with "server" rather than "ns"
2017-08-07 11:11:55 +02:00
794d1afe44
Removed a copy pasted irrelevant comment, and other code review feedback
2017-08-07 11:11:54 +02:00
f9db387097
Add NS records and A records for each server. Constructs ns host names using the advertise address of the server.
2017-08-07 11:11:54 +02:00
4bee2e49f5
Adds secure introduction for the ACL replication token. ( #3357 )
...
Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 15:39:31 -07:00
9ffeba18ee
agent: fix code for updated go-discover signature
...
Closes #3351
2017-08-03 21:32:11 +02:00
c0a5ad7903
Adds a new /v1/acl/bootstrap API ( #3349 )
2017-08-02 17:05:18 -07:00
6852dec3f2
agent: Fix script quoting on windows ( #1875 )
...
This patch fixes the quoting for executing scripts on windows
and splits the platform dependent code.
Fixes #1875
2017-08-02 17:01:21 +02:00
2fac427cd4
agent: use github.com/hashicorp/go-discover
...
Replace the provider specific node discovery code
with go-discover to support AWS, Azure and GCE.
Fixes #3282
2017-08-01 11:41:43 +02:00
4076c0d741
Return nil instead of empty list when returning a PermissionDenied error, updated unit test
2017-07-31 17:23:20 -05:00
6336014a86
Return 403 rather than a 404 when acls cause all results to be filtered out. This fixes #2637
2017-07-31 13:50:29 -05:00
0f494d8b86
Merge pull request #3332 from hashicorp/issue_3322
...
This fixes #3322
2017-07-28 17:54:30 -05:00
2d84cd2330
Tweaked parsing error message to quote properly
2017-07-28 17:52:35 -05:00
10b660d77a
Adds missing autopilot snapshot test and avoids snapshotting nil. ( #3333 )
2017-07-28 15:48:42 -07:00
5aeab1463b
Validate unix sockets and ip addresses as needed, more test cases
2017-07-28 17:18:10 -05:00
4cec55e8db
Modify ResolveTmplAddrs to parse advertise IPs, added test cases that fail to parse correctly
2017-07-28 15:01:32 -05:00
13c118ea51
Removed extra newlines
2017-07-28 10:51:11 -05:00
840749db7e
Fix comments, and remove redundant TestConfig init from a couple of unit tests
2017-07-28 10:40:43 -05:00
b19b062194
add tests for go-sockaddr template parsing
2017-07-28 15:40:22 +02:00
ac9602e798
agent: unix sockets are not ip addrs
2017-07-28 14:53:21 +02:00
2fcdb35cbb
config: refactor tmpl resolution fn
2017-07-28 12:20:49 +02:00
aa98aeb4b1
Moved handling advertise address to readConfig and out of the agent's constructor, plus unit test fixes
2017-07-27 22:06:31 -05:00
25acd1534a
Move go-socketaddr template parsing into config package to make it happen before creating a new agent. Also removed redundant parsetemplate calls from agent.go.
2017-07-27 16:17:35 -05:00
6250cd70f5
Adds option to prepared queries to remove empty tags. ( #3330 )
2017-07-26 22:46:43 -07:00
496b0bcf07
Adds support for agent-side ACL token management via API instead of config files. ( #3324 )
...
* Adds token store and removes all runtime use of config for ACL tokens.
* Adds a new API for changing agent tokens on the fly.
2017-07-26 11:03:43 -07:00
b94617b281
Add extra test case for deleting entire tree with empty prefix
2017-07-26 09:42:07 -05:00
4498814843
Don't insert tombstone for empty prefix delete. Other minor unit test fixes
2017-07-25 21:54:11 -05:00
fee418d378
Removed redundant comments and unit test
2017-07-25 20:39:33 -05:00
b772c477c2
Removed redundant call to reap tombstone from unit test
2017-07-25 19:39:05 -05:00
ae443e21d6
Improved unit test per code review
2017-07-25 19:17:40 -05:00
36acf8d6a4
Use new DeletePrefixMethod for implementing KVSDeleteTree operation. This makes deletes on sub trees larger than one million nodes about 100 times faster. Added unit tests.
2017-07-25 17:21:18 -05:00
c413a9161e
Removes an unnecessary close.
2017-07-24 21:41:18 -07:00
f8b633c69e
Removed redundant logging
2017-07-24 21:07:48 -05:00
c26fd66edd
Clean up temporary files on write errors, and ignore any temporary service files on load with a warning. This fixes #3207
2017-07-24 12:42:51 -05:00
1774fdc237
Tweaks the error when scripts are disabled.
...
This will hopefully help people self-serve if they upgrade without accounting
for this.
2017-07-19 22:15:04 -07:00
d74390ef86
Fix UpgradeVersionTag field not being passed correctly ( #3304 )
2017-07-19 17:39:48 -07:00
1f35aa6ff2
Made unit test for AddCheck error check the actual error string
2017-07-19 11:00:56 -05:00
c32e4ebe26
Unit test for failure case of AddCheck
2017-07-19 10:28:52 -05:00
0047b7d3f0
fix spelling in filenames
...
Fixes #3301
2017-07-19 13:16:38 +02:00
83577e0daa
agent: make docker client work on windows
2017-07-19 12:03:59 +02:00
b97ab92d87
build: add missing build tags
2017-07-19 05:17:01 +02:00
fb43953894
Merge pull request #3296 from hashicorp/ensure_registration_race
...
Fix race condition between removing a service and adding a check for …
2017-07-18 18:36:47 -05:00
e50f0e6722
Clean up any watch monitors associated with a failed AddCheck
2017-07-18 16:54:20 -05:00
6a257f242e
Removed unit test, added clarifying comment and returned a friendlier error message similar to the one in agent's AddService method
...
Fixes #3297
2017-07-18 16:15:47 -05:00
9f048afe29
Fix race condition between removing a service and adding a check for the same service, which was causing orphaned checks
2017-07-18 16:15:47 -05:00
19eae3d14b
Add UpgradeVersionTag to autopilot config
2017-07-18 13:35:41 -07:00
0d9b53730f
agent: stop docker checks on shutdown
2017-07-18 20:59:24 +02:00
60540c2417
agent: stop and remove docker checks
...
Note that there is no test since the correct way to solve (and test)
this is to replace the different maps with a single one or to hide
that functionality behind a separate data structure. This will be
addressed in #3294 .
Fixes #3265
2017-07-18 20:59:24 +02:00
2123700056
agent: replace docker check
...
This patch replaces the Docker client which is used
for health checks with a simplified version tailored
for that purpose.
See #3254
See #3257
Fixes #3270
2017-07-18 20:24:38 +02:00
fff0f9698f
Prevents disabling gossip keyring file from disabling gossip encryption. ( #3278 )
2017-07-17 12:48:45 -07:00
1791d99a10
Adds new config to make script checks opt-in, updates documentation. ( #3284 )
2017-07-17 11:20:35 -07:00
780e68a753
Changes remote exec KV read to call GetTokenForAgent(). ( #3283 )
...
* Changes remote exec KV read to call GetTokenForAgent(), which can use
the acl_agent_token instead of the acl_token.
Fixes #3160 .
* Fixes remote exec unit test with ACLs.
* Adds unhappy ACL path to unit tests for remote exec.
2017-07-16 21:12:16 -07:00
1004d0ec0e
Adds node read privileges to the acl_agent_master_token. ( #3277 )
...
Fixes #3113 .
2017-07-16 20:08:26 -07:00
c001722848
azure: tag map can return nil ( #3280 )
...
Fixes #3193
2017-07-16 14:29:43 -07:00
218ac4cb1e
Obfuscates ACL tokens appearing in /v1/acl/<verb>/<token> APIs. ( #3276 )
...
* Obfuscates ACL tokens appearing in /v1/acl APIs.
* Makes test positively identify the desired strings.
* Adds an example and explanation of the regular expression.
2017-07-15 00:07:08 -07:00
872cf9ff95
Changes ACL clone response to 403 if not authorized, or if token doesn't exist. ( #3275 )
...
Fixes #1113
2017-07-14 20:43:30 -07:00
78c3a86405
Add TLS setting to router areas
2017-07-14 17:38:08 -07:00
0881e46111
Cleans up version 8 ACLs in the agent and the docs. ( #3248 )
...
* Moves magic check and service constants into shared structs package.
* Removes the "consul" service from local state.
Since this service is added by the leader, it doesn't really make sense to
also keep it in local state (which requires special ACLs to configure), and
requires a bunch of special cases in the local state logic. This requires
fewer special cases and makes ACL bootstrapping cleaner.
* Makes coordinate update ACL log message a warning, similar to other AE warnings.
* Adds much more detailed examples for bootstrapping ACLs.
This can hopefully replace https://gist.github.com/slackpad/d89ce0e1cc0802c3c4f2d84932fa3234 .
2017-07-13 22:33:47 -07:00
764dabfcf7
agent: fix go vet issue
2017-07-11 07:13:46 -07:00
66edec5dfd
Adds the ability to blacklist specific HTTP endpoints. ( #3252 )
2017-07-10 13:51:25 -07:00
7200b8cda8
UI cleanup follow up from #3245 . ( #3251 )
...
* Removes unnecessary set for model component which will be null.
* Returns a 404 for a missing node, not a 200 with an empty response.
* Updates built-in web assets.
2017-07-10 09:40:00 -07:00
aa11956d63
Changes the default ACL token type to "client" in web UI. ( #3246 )
...
* Changes the default ACL token type to "client".
* Updates built-in web assets.
2017-07-08 17:28:04 -07:00
86b1e64a33
Cleans up web UI and fixes ACL token "stuckness" issue. ( #3245 )
...
* Removes GitHub reference.
* Doesn't display ACL token on the unauthorized page.
* Removes useless fetch for nodes and cleans up comments.
* Provides a path to reset the ACL token when it's invalid.
This included making the settings page global so it's reachable, and adding
some more information about an error on the error page.
* Updates built-in web assets.
2017-07-08 17:16:05 -07:00
1781fd311f
address review comments
2017-07-07 09:22:34 +02:00
e4b40acc7e
agent: remove unused code
2017-07-07 09:22:34 +02:00
8c792ad57d
agent: make TestClient_RPC_ConsulServerPing more robust
2017-07-07 09:22:34 +02:00
4a4b91a2db
agent: fix data races with registerEndpoint
...
Only register a different endpoint after it has been
fully created.
2017-07-07 09:22:34 +02:00
19b937ba80
agent: make Reap test timing less aggressive
2017-07-07 09:22:34 +02:00
a855d31f84
Adds a comment about flood joining.
2017-07-07 09:22:34 +02:00
5b5217528a
Simplifies Serf dynamic port selection code.
...
This isn't racy, it's just a little dirty. The listen will happen and a port
will be selected and injected into the config once the Serf instance is
created, so we don't need the retry loop here.
2017-07-07 09:22:34 +02:00
d8db4bc086
test: Changes WAN/LAN join confirmer to use port number vs. address.
...
This fixes TestServer_JoinSeparateLanAndWanAddresses which sets bogus
advertise addresses as part of the test. Port numbers uniquely identify
members since everything is running on localhost.
2017-07-07 09:22:34 +02:00
d92f70f313
test: make joinLAN/WAN reliable
...
only return if the members can see each other
2017-07-07 09:22:34 +02:00
112bc19cd5
rpc: make TestServer_JoinSeparateLanAndWanAddresses more robust
2017-07-07 09:22:34 +02:00
ffd45f5da5
rpc: make TestClient_SnapshotRPC_TLS more robust
2017-07-07 09:22:34 +02:00
c218fdbc77
agent: make timing sensitive tests more robust
...
* make timing less aggressive
* mark timing tests as non-parallel
2017-07-07 09:22:34 +02:00
b12b914017
agent: fix TestCheckHTTP_TLSSkipVerify_true_pass
...
Make check timing less aggressive and give the test some time
to execute.
2017-07-07 09:22:34 +02:00
7381a05d8d
agent: do not modify agent config after NewAgent
2017-07-07 09:22:34 +02:00
cec9dcfee8
agent: fix pending data races between localState and agent
...
This patch creates a local config structure for the local state
which is independent from the agent but populated from its
configuration. This avoids data races between the agent configuration
which can change during tests and concurrent go routines using the
configuraiton at the same time.
2017-07-07 09:22:34 +02:00
00f6ba298e
dns: fix data race in TestDNS_ServiceLookup_FilterACL
...
The agent config cannot be modified after start.
2017-07-07 09:22:34 +02:00
bcd2301b81
agent: fix data race in TestAgentAntiEntropy_EnableTagOverride
2017-07-07 09:22:34 +02:00
7f7c0ad65e
agent: clone partial consul config
...
The agent configuration for the consul server is a partial configuration
which needs to be cloned to avoid data races.
This is a stop-gap measure before moving the configuration into
a separate package.
2017-07-07 09:22:34 +02:00
727b6444ad
dns: fix data races in DNS compression tests
...
Make the DisableCompression value configurable at runtime
to allow tests to change it without restarting/recreating
the server.
2017-07-07 09:22:34 +02:00
0763788b82
agent: fix data race between consul server and local state
2017-07-07 09:22:34 +02:00
119f6a1ed7
rpc: monkey patch fix for data races for localState
...
The tests that use the localState of the agent access the internal
variables and call methods which are not guarded by locks creating
data races in tests. While the use of internal variables is somewhat
easy to spot the fact that not all methods are thread-safe is a
surprise.
A proper fix requires the localState struct to be moved into its own
package so that tests in the agent can only access the external
interface.
However, the localState is currently dependent on the agent.Config
which would create a circular dependency. Therefore, the Config
struct needs to be moved first for this to happen.
This patch literally monkey patches the use of the lock around the
cases which have data races and marks them with a
// todo(fs): data race comment.
2017-07-07 09:22:34 +02:00
2159d499e3
rpc: try shutting down leader first to avoid hang in TestLeader_LeftServer
2017-07-07 09:22:34 +02:00
f12fac278e
rpc: fix logging and try quicker timing of TestServer_JoinSeparateLanAndWanAddresses
2017-07-07 09:22:34 +02:00
Kyle Havlovitz
Frank Schroeder
Preetha Appan
James Phillips
Miguel Prokop