Commit Graph

14706 Commits

Author SHA1 Message Date
Freddy 1c28aa732b
Update CONTRIBUTING.md 2021-06-25 14:43:53 -06:00
R.B. Boyer a2876453a5
connect/ca: cease including the common name field in generated certs (#10424)
As part of this change, we ensure that the SAN extensions are marked as
critical when the subject is empty so that AWS PCA tolerates the loss of
common names well and continues to function as a Connect CA provider.

Parts of this currently hack around a bug in crypto/x509 and can be
removed after https://go-review.googlesource.com/c/go/+/329129 lands in
a Go release.

Note: the AWS PCA tests do not run automatically, but the following
passed locally for me:

    ENABLE_AWS_PCA_TESTS=1 go test ./agent/connect/ca -run TestAWS
2021-06-25 13:00:00 -05:00
hc-github-team-consul-core f24ee5d842 auto-updated agent/uiserver/bindata_assetfs.go from commit ace794d21 2021-06-25 09:47:01 +00:00
John Cowen ace794d214
ui: Enable specifying additional docfy config as json (#10464) 2021-06-25 10:41:41 +01:00
Dhia Ayachi a64c9a3e62
return an empty record when asked for an addr dns with type other then A, AAAA and ANY (#10401)
* return an invalid record when asked for an addr dns with type other then A and AAAA

* add changelog

* fix ANY use case and add a test for it

* update changelog type

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* return empty response if the question record type do not match for addr

* set comment in the right place

* return A\AAAA record in extra section if record type is not A\AAAA for addr

* Fix failing test

* remove commented code

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* use require for test validation

* use variable to init struct

* fix failing test

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update .changelog/10401.txt

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* fix compilation error

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-06-24 20:44:44 -04:00
Daniel Nephin dc67042eac Invert the logic of outgoingRPCTLSDisabled
To remove the double negatives, which should make it easier to read.
2021-06-24 19:25:02 -04:00
Daniel Nephin 39f282c425 tlsutil: inline verifyIncomingHTTPS
This function was only used in one place, and the indirection makes it slightly
harder to see what the one caller is doing. Since it's only accesing a couple fields
it seems like the logic can exist in the one caller.
2021-06-24 19:25:02 -04:00
Daniel Nephin a25c817478 tlsutil: remove indirection and duplication
VerifyIncomingRPC and verifyIncomingRPC were duplicate functions, and
once one is removed, Config.verifyIncomingRPC is only called in one place.

Remove 2 of the 3 functions to make the behaviour easier to follow (less indirection).
2021-06-24 18:43:30 -04:00
Daniel Nephin 13e5448c17 tlsutil: remove unnecessary getter functions
These functions did nothing but hide the fields they were returning.
2021-06-24 18:43:29 -04:00
Daniel Nephin 66ba2e2463 tlsutil: unexport and remove indirection
Unexport outgoingALPNRPCConfig since it is only used internally
Remove the MutualTLSCapable->mutualTLSCapable indirection, we only need the exported method.
Inline enableAgentTLSForChecks to make it more clear what it does, since it only has a single caller and is wrapping a single field lookup.
2021-06-24 18:43:29 -04:00
Ludovic Ortega c138c38392
[Fix] Add missing quote (#10484) 2021-06-24 13:59:39 -07:00
R.B. Boyer d7fb3543fc
sdk: Stop making a special /tmp/consul-test directory for testutil.TempFile and testutil.TempDir (#10494) 2021-06-24 15:46:23 -05:00
lornasong d43f3af2c6
docs/nia: fix catalog-services typos pt 2 (#10493) 2021-06-24 16:45:46 -04:00
R.B. Boyer ca0a58ff71
connect/proxy: fixes logic bug preventing builtin/native proxy from starting upstream listeners (#10486)
Fixes #10480

Also fixed a data race in the `connect/proxy` package that was unearthed by the tests changed for this bugfix.
2021-06-24 15:02:34 -05:00
Kim Ngo 993f4715fd
docs/nia: fix typo (#10492) 2021-06-24 13:51:26 -05:00
Daniel Nephin bbf52ddd04
Merge pull request #10490 from hashicorp/dnephin/fix-tls-for-health-check
tlsutil: fix ServerName used for health checks that use TLS
2021-06-24 14:27:16 -04:00
Daniel Nephin bb37c4dfe8
Merge pull request #10476 from hashicorp/dnephin/ca-primary-uses-intermediate
ca: replace ca.PrimaryIntermediateProviders
2021-06-24 14:05:19 -04:00
Daniel Nephin d09027caf6 tlsutils: more test cases for OutgoingTLSConfigForCheck 2021-06-24 13:49:58 -04:00
Daniel Nephin 486b97e2c9 tlsutil: fix default server name for health checks
Don't use the agent node name or agent server name when EnableAgentTLSForChecks=false.
2021-06-24 13:49:58 -04:00
Daniel Nephin 3a734c8303
Merge pull request #10488 from hashicorp/dnephin/ci-lib-testing
ci: test api/sdk against last 2 Go versions
2021-06-24 13:09:44 -04:00
Daniel Nephin a920936c86 tlsutil: convert tests for OutgoingTLSConfigForCheck to a table
In preparation for adding more test cases.
2021-06-24 12:51:40 -04:00
Daniel Nephin 8054ea3ff1 ci: test api/sdk against last 2 Go versions
So that we catch any incompatibilities with the preivous Go version.
2021-06-24 12:24:12 -04:00
David Yu e7557ab4a1
docs: Remove beta version references from Helm reference (#10477)
Removing references from the 1.10 beta that were included in Helm Configuration Reference
2021-06-24 09:08:33 -07:00
Daniel Nephin 0e86083351
Merge pull request #10473 from knusbaum/ioutil
{api,command/agent}: change io.Discard to ioutil.Discard
2021-06-24 11:59:46 -04:00
Kim Ngo 491bd51033
docs/nia: Update CTS compatible versions (#10487) 2021-06-24 10:16:03 -05:00
David Yu 2872fc6b26
docs: Removal of Consul vs ZooKeeper analysis (#10469)
* docs: Removal of Consul vs ZooKeeper

Although Consul does have a KV, we are not positioning Consul as a first class KV store versus other alternatives such as etcd or Zookeeper. Will remove this since this has not been updated with further analysis since this content was created.

* Removing from Zookeeper analysis Navbar
* Removing Zookeeper analysis from redirects
2021-06-24 07:23:57 -07:00
Mike Wickett 401fc0783c
update content param for improved attribution (#10468) 2021-06-24 10:02:26 -04:00
R.B. Boyer e3835ac6a1
structs: prohibit config entries from referencing more than one partition at a time (#10478)
affected kinds: service-defaults, ingress-gateway, terminating-gateway, service-intentions
2021-06-23 16:44:10 -05:00
R.B. Boyer 8344b7fe2e
structs: prevent service-defaults upstream configs from using wildcard names or namespaces (#10475) 2021-06-23 15:48:54 -05:00
Peter M 8db2865e86
Updating alert for 1.10 announcement (#10474) 2021-06-23 12:48:45 -07:00
Daniel Nephin f52d76f096 ca: replace ca.PrimaryIntermediateProviders
With an optional interface that providers can use to indicate if they
use an intermediate cert in the primary DC.

This removes the need to look up the provider config when renewing the
intermediate.
2021-06-23 15:47:30 -04:00
Zachary Shilton 8c9134a84c
website: bump use-cases to latest (#10472)
* website: bump use-cases to latest

* chore: bump use-cases to stable release
2021-06-23 15:19:59 -04:00
R.B. Boyer ac50db9087
structs: add some missing config entry validation and clean up tests (#10465)
Affects kinds: service-defaults, ingress-gateway, terminating-gateway
2021-06-23 14:11:23 -05:00
Daniel Nephin 77a3432f76
Merge pull request #10440 from hashicorp/dnephin/contib-docs-dns
contrib: add some docs for the DNS interface
2021-06-23 14:55:27 -04:00
trujillo-adam 45d12ac629
Merge pull request #10467 from hashicorp/docs-upgrading-to-1-10-0-fixes
Docs upgrading to 1 10 0 fixes
2021-06-23 11:04:01 -07:00
Kyle Nusbaum 07cec75be2 command/agent: change io.Discard to ioutil.Discard 2021-06-23 11:45:40 -05:00
Kyle Nusbaum e72a703041 api: change io.Discard to ioutil.Discard 2021-06-23 11:45:20 -05:00
Daniel Nephin e000c0a039 contrib: Update DNS table description 2021-06-23 12:30:00 -04:00
trujillo-adam 2d9d9dbe7a docs: fixed instance of incorrect grammar usage 2021-06-23 08:50:30 -07:00
Dhia Ayachi 111cbe0ffa merge dns table with current dns page 2021-06-23 09:34:34 -04:00
Dhia Ayachi 0057b8df49 add matrix for dns type vs kind 2021-06-23 09:29:04 -04:00
hc-github-team-consul-core 1822b80ef3 auto-updated agent/uiserver/bindata_assetfs.go from commit c78f7ecb2 2021-06-23 08:24:11 +00:00
John Cowen c78f7ecb27
ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
David Yu 7962dd82f1
docs - Adding Mesh as CRD in Consul K8s (#10459)
* docs - Adding Mesh as CRD in Consul K8s
* Removing extra left brace in ServiceDefaults
2021-06-22 19:18:13 -07:00
Luke Kysow 1dcdd2516c
Update config entry docs for CRDs (#10407)
* Update mesh, proxy-defaults and service-defaults docs to properly
document Kubernetes YAML.

Co-authored-by: David Yu <dyu@hashicorp.com>
2021-06-22 16:56:53 -07:00
Ashwin Venkatesh 17dc691c61
update docs (#10405)
Consul 1.10 GA for Consul K8s
2021-06-22 16:41:53 -07:00
Nitya Dhanushkodi b72ad40286
docs: upgrading to tproxy (/docs/upgrades/upgrade-specific) (#10416)
* docs: update tproxy docs
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2021-06-22 16:41:08 -07:00
Iryna Shustava 1fea51fbb5
docs: update docs/k8s/connect to for tproxy GA. (#10408)
* Assume tproxy is enabled by default and connect to upstreams
  with kube DNS.
* Update docs for missing annotations.
2021-06-22 16:34:20 -07:00
Nitya Dhanushkodi 7494b25c1e
docs: update tproxy docs (/docs/connect/transparent-proxy) (#10415)
* docs: update tproxy docs

* add examples

* links
2021-06-22 16:29:52 -07:00
David Yu 32179b9867
docs: Update Consul K8s Compat Matrix for Consul 1.10 (#10456) 2021-06-22 16:27:04 -07:00