Commit Graph

15310 Commits

Author SHA1 Message Date
Jared Kirschner 98f53e913f Improve mesh gateway diagram
Diagram now shows all possible cross-DC communication models supported by mesh
gateways for both the control and data planes.
2021-09-28 09:56:05 -07:00
R.B. Boyer 56d0ba4743
changelog updates for 1.10.3, 1.9.10, and 1.8.16 (#11160) 2021-09-27 15:36:14 -05:00
Noel Quiles 47cef4ea4d
Update alert banner for HashiConf Global 2021 (#11154) 2021-09-27 14:25:25 -04:00
John Cowen 7a5f335b7c
ui: Adds Flight icons to our icon set (#11097)
* ui: Adds Flight icons to our icon set

This commit doesn't actually add anything to the UI, rather just makes
the flight icons available for use.
2021-09-27 18:26:42 +01:00
John Cowen 5e34d89f7f
ui: Hide create buttons for policies/roles/namespaces with readonly access (#10914)
This PR adds a check to policy, role and namespace list pages to make sure the user has can write those things before offering to create them via a button. (The create page/form would then be a read-only form)
2021-09-27 17:20:44 +01:00
John Cowen bce724baf1
ui: Don't show the CRD menu for read-only intentions (#11149)
* ui: Don't show the CRD menu for read-only intentions

The UI bug here manifests itself only when a user/token is configured to have read-only access to intentions. Instead of only letting folks click to see a read only page of the intention, we would show an additional message saying that the intention was read-only due to it being 'Managed by [a kubernetes] CRD'. Whilst the intention was still read only, this extra message was still confusing for users.

This PR fixes up the conditional logic and further moves the logic to use ember-can - looking at the history of the files in question, this bug snuck itself in partly due to it being 'permission-y type stuff' previous to using ember-can and when something being editable or not was nothing to do with ACLs. Then we moved to start using ember-can without completely realising what IsEditable previously meant. So overall the code here is a tiny bit clearer/cleaner by adding a proper can view CRD intention instead of overloading the idea of 'editability'.
2021-09-27 17:19:32 +01:00
John Cowen ce21c5109b
ui: Adds a set of basic unit tests for abilities (#11132) 2021-09-27 16:46:26 +01:00
John Cowen 581357c32a
ui: Remove info panel from the nspace menu when editing nspaces (#11130)
* ui: Remove info panel form the nspace menu when editing nspaces
2021-09-24 18:05:22 +01:00
John Cowen 01c9dc5728
ui: Add initial partition support to intentions (#11129)
* ui: Add initial partition support to intentions
2021-09-24 17:31:58 +01:00
Blake Covarrubias 94d3849472 docs: Decode K8s secrets with base64decode function
Use kubectl's base64decode template function (added in K8s 1.11) to
decode values in Secrets. Removes external call to `base64` utility on
the host system.
2021-09-24 08:59:34 -07:00
John Cowen eb00b45ef4
ui: Use last-child for selecting the desired nspace instead of nth-child (#11127) 2021-09-24 13:04:41 +01:00
John Cowen e59b8ffc17
ui: Remove refresh-route action for session invalidation (#11105)
* ui: Move action to the correct button for session invalidation

* Remove refresh-route completely, its not needed
2021-09-24 12:10:10 +01:00
trujillo-adam b22684540e
Merge pull request #11028 from hashicorp/docs-k8s-cli-alpha
adding k8s-cli alpha docs
2021-09-23 16:35:56 -07:00
trujillo-adam 52f82f2831 adding timeout flags, wait flag, and updated build procedure 2021-09-23 16:07:56 -07:00
Dhia Ayachi e664dbc352
Refactor table index acl phase 2 (#11133)
* extract common methods from oss and ent

* remove unreachable code

* add missing normalize for binding rules

* fix oss to use Query
2021-09-23 15:26:09 -04:00
CJ 978699943f
docs: Fix grammatical errors in glossary (#10751) 2021-09-23 08:36:52 -07:00
Paul Banks 1ecec84fd7
Merge pull request #10903 from hashicorp/feature/ingress-sds
Add Support to for providing TLS certificates for Ingress listeners from an SDS source
2021-09-23 16:19:05 +01:00
Dhia Ayachi 5904e4ac79
Refactor table index (#11131)
* convert tableIndex to use the new pattern

* make `indexFromString` available for oss as well

* refactor `indexUpdateMaxTxn`
2021-09-23 11:06:23 -04:00
Paul Banks 7b4cbe3143 Final readability tweaks from review 2021-09-23 10:17:12 +01:00
Paul Banks e0efb420f7 Add Envoy integration test for split-route SDS case 2021-09-23 10:17:03 +01:00
Paul Banks ab27214a10 Minor improvements to SDS server from review 2021-09-23 10:13:41 +01:00
Paul Banks 70bc89b7f4 Fix subtle loop bug and add test 2021-09-23 10:13:41 +01:00
Paul Banks 07f81991df Refactor SDS validation to make it more contained and readable 2021-09-23 10:13:19 +01:00
Paul Banks 5cfd030d03 Refactor Ingress-specific lister code to separate file 2021-09-23 10:13:19 +01:00
Paul Banks 136928a90f Minor PR typo and cleanup fixes 2021-09-23 10:13:19 +01:00
Paul Banks 20d0bf81f7 Revert abandonned changes to proxycfg for Ent test consistency 2021-09-23 10:13:19 +01:00
Paul Banks a9119e36a5 Fix merge conflict in xds tests 2021-09-23 10:12:37 +01:00
Paul Banks 2b755d7b3f Allow skipping v2 compat tests for SDS as it's only the SDS server integration that doesn't support v2 2021-09-23 10:12:37 +01:00
Paul Banks e01c3585a5 Fix integration tests in CI - serve SDS certs from the Docker image not a mounted path 2021-09-23 10:12:37 +01:00
Paul Banks 843079f33a Fix integration test for older Envoy versions 2021-09-23 10:12:37 +01:00
Paul Banks 2281d883b9 Fix some more Enterprise Normalization issues affecting tests 2021-09-23 10:12:37 +01:00
Paul Banks b5345ea878 Add changelog; Add API package support for new fields. 2021-09-23 10:12:37 +01:00
Paul Banks 9fa60c7472 Remove unused argument to fix lint error 2021-09-23 10:09:11 +01:00
Paul Banks 659321d008 Handle namespaces in route names correctly; add tests for enterprise 2021-09-23 10:09:11 +01:00
Paul Banks cd8ad007fe Add basic integration test for Envoy ingress with SDS 2021-09-23 10:08:02 +01:00
Paul Banks 2a3d3d3c23 Update xDS routes to support ingress services with different TLS config 2021-09-23 10:08:02 +01:00
Paul Banks 16b3b1c737 Update xDS Listeners with SDS support 2021-09-23 10:08:02 +01:00
Paul Banks ccbda0c285 Update proxycfg to hold more ingress config state 2021-09-23 10:08:02 +01:00
Paul Banks 4e39f03d5b Add ingress-gateway config for SDS 2021-09-23 10:08:02 +01:00
Mark Anderson d88d9e71c2
partitions/authmethod-index work from enterprise (#11056)
* partitions/authmethod-index work from enterprise

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-09-22 13:19:20 -07:00
Chris S. Kim f972048ebc
connect: Allow upstream listener escape hatch for prepared queries (#11109) 2021-09-22 15:27:10 -04:00
R.B. Boyer 706fc8bcd0
grpc: strip local ACL tokens from RPCs during forwarding if crossing datacenters (#11099)
Fixes #11086
2021-09-22 13:14:26 -05:00
John Cowen 6bc8af364f
ui: Add initial i18n docs page (#10888) 2021-09-22 18:51:39 +01:00
John Cowen 61e69a9fe5
ui: Add partition parameter when clearing child-selector forms in ACLs (#11106) 2021-09-22 18:36:09 +01:00
John Cowen ececa7da45
ui: Add an isDestroyed check for the MenuPanel component (#11104)
This solves an occasionally flakey tests I see every so often
2021-09-22 18:33:31 +01:00
John Cowen e088d8674c
ui: Remove legacy ACLs (#11096) 2021-09-22 18:32:51 +01:00
John Cowen 6e396e4456
ui: Gracefully recover from non-existent DC errors (#11077)
* ui: Gracefully recover from non-existent DC errors

This PR fixes what happens in the UI if you try to navigate to a non-existing DC.

When we received a 500 error from an API response due to a non-existent DC, previously we would show a 404 error, which is what we were trying to convey. But in the spirit of the UI being a 'thin client', its probably best to just show the 500 error from the API response, which may help folks to debug any issues better.

* Automatically set the CONSUL_DATACENTER_LOCAL env var for testing
2021-09-22 18:26:36 +01:00
John Cowen cf638ee551
ui: Always show main navigation Key/Value link (#10916)
* ui: Ignore response from API for KV permissions

Currently there is no way for us to use our HTTP authorization API
endpoint to tell us whether a user has access to any KVs (including the
case where a user may not have access to the root KV store, but do have
access to a sub item)

This is a little weird still as in the above case the user would click
on this link and still get a 403 for the root, and then have to manually
type in the URL for the KV they do have access to.

Despite this we think this change makes sense as at least something about KV is
visible in the main navigation.

Once we have the ability to know if any KVs are accessible, we can add
this guard back in.

We'd initially just removed the logic around the button, but then
noticed there may be further related KV issues due to the nested nature
of KVs so we finally decided on simply ignoring the responses from the
HTTP API, essentially reverting the KV area back to being a thin client.
This means when things are revisited in the backend we can undo this
easily change in one place.

* Move acceptance tests to use ACLs perms instead of KV ones
2021-09-22 18:23:59 +01:00
Connor 1e3ba26223
Merge pull request #11090 from hashicorp/clly/kv-usage-metrics
Add KVUsage to consul state usage metrics
2021-09-22 11:26:56 -05:00
Ashwin Venkatesh fd7f670f12
Update docs (#11111) 2021-09-22 12:26:08 -04:00