Freddy
e18f3c1f6d
Update error texts ( #11022 )
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-09-14 11:08:06 -06:00
Daniel Nephin
1f9479603c
Add failures_before_warning to checks ( #10969 )
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
* agent: add failures_before_warning setting
The new setting allows users to specify the number of check failures
that have to happen before a service status us updated to be `warning`.
This allows for more visibility for detected issues without creating
alerts and pinging administrators. Unlike the previous behavior, which
caused the service status to not update until it reached the configured
`failures_before_critical` setting, now Consul updates the Web UI view
with the `warning` state and the output of the service check when
`failures_before_warning` is breached.
The default value of `FailuresBeforeWarning` is the same as the value of
`FailuresBeforeCritical`, which allows for retaining the previous default
behavior of not triggering a warning.
When `FailuresBeforeWarning` is set to a value higher than that of
`FailuresBeforeCritical it has no effect as `FailuresBeforeCritical`
takes precedence.
Resolves: https://github.com/hashicorp/consul/issues/10680
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Co-authored-by: Jakub Sokołowski <jakub@status.im>
2021-09-14 12:47:52 -04:00
Paul Banks
b38e84df63
Include namespace and partition in error messages when validating ingress header manip
2021-09-10 21:11:00 +01:00
Paul Banks
1079089f20
Refactor HTTPHeaderModifiers.MergeDefaults based on feedback
2021-09-10 21:11:00 +01:00
Paul Banks
9e4e204e96
Fix enterprise test failures caused by differences in normalizing EnterpriseMeta
2021-09-10 21:11:00 +01:00
Paul Banks
3004eadd08
Fix enterprise discovery chain tests; Fix multi-level split merging
2021-09-10 21:11:00 +01:00
Paul Banks
b5ae00d753
Remove unnecessary check
2021-09-10 21:09:24 +01:00
Paul Banks
1b9632531a
Integration tests for all new header manip features
2021-09-10 21:09:24 +01:00
Paul Banks
e22cc9c53a
Header manip for split legs plumbing
2021-09-10 21:09:24 +01:00
Paul Banks
f439dfc04f
Ingress gateway header manip plumbing
2021-09-10 21:09:24 +01:00
Paul Banks
d776a2d236
Add HTTP header manip for router and splitter entries
2021-09-10 21:09:24 +01:00
Paul Banks
46e4041283
Header manip and validation added for ingress-gateway entries
2021-09-10 21:09:24 +01:00
Chris S. Kim
9bbfa048a2
Sync enterprise changes to oss ( #10994 )
...
This commit updates OSS with files for enterprise-specific admin partitions feature work
2021-09-08 11:59:30 -04:00
Kyle Havlovitz
a14950025a
Merge pull request #10984 from hashicorp/mesh-resource
...
acl: adding a new mesh resource
2021-09-07 15:06:20 -07:00
Dhia Ayachi
bc0e4f2f46
partition dicovery chains ( #10983 )
...
* partition dicovery chains
* fix default partition for OSS
2021-09-07 16:29:32 -04:00
R.B. Boyer
ee372a854a
acl: adding a new mesh resource
2021-09-03 09:12:03 -04:00
Dhia Ayachi
09197c989c
add partition to SNI when partition is non default ( #10917 )
2021-09-01 10:35:39 -04:00
Chris S. Kim
45dcc8b553
api: expose upstream routing configurations in topology view ( #10811 )
...
Some users are defining routing configurations that do not have associated services. This commit surfaces these configs in the topology visualization. Also fixes a minor internal bug with non-transparent proxy upstream/downstream references.
2021-08-25 15:20:32 -04:00
R.B. Boyer
a6d22efb49
acl: some acl authz refactors for nodes ( #10909 )
2021-08-25 13:43:11 -05:00
freddygv
85878685b7
Fixup proxy config test fixtures
...
- The TestNodeService helper created services with the fixed name "web",
and now that name is overridable.
- The discovery chain snapshot didn't have prepared query endpoints so
the endpoints tests were missing data for prepared queries
2021-08-20 17:38:57 -06:00
Dhia Ayachi
1950ebbe1f
oss portion of ent #1069 ( #10883 )
2021-08-20 12:57:45 -04:00
R.B. Boyer
097e1645e3
agent: ensure that most agent behavior correctly respects partition configuration ( #10880 )
2021-08-19 15:09:42 -05:00
R.B. Boyer
310e775a8a
state: partition nodes and coordinates in the state store ( #10859 )
...
Additionally:
- partitioned the catalog indexes appropriately for partitioning
- removed a stray reference to a non-existent index named "node.checks"
2021-08-17 13:29:39 -05:00
Daniel Nephin
e637cd71f3
acl: use authz consistently as the variable name for an acl.Authorizer
...
Follow up to https://github.com/hashicorp/consul/pull/10737#discussion_r682147950
Renames all variables for acl.Authorizer to use `authz`. Previously some
places used `rule` which I believe was an old name carried over from the
legacy ACL system.
A couple places also used authorizer.
This commit also removes another couple of authorizer nil checks that
are no longer necessary.
2021-08-17 12:14:10 -04:00
Kyle Havlovitz
073b6c8411
oss: Rename default partition
2021-08-12 14:31:37 -07:00
Daniel Nephin
d3325b0253
Merge pull request #10612 from bigmikes/acl-replication-fix
...
acl: acl replication routine to report the last error message
2021-08-06 18:29:51 -04:00
Daniel Nephin
5b2e5882b4
acl: move check for Intention.DestinationName into Authorizer
...
Follow up to https://github.com/hashicorp/consul/pull/10737#discussion_r680134445
Move the check for the Intention.DestinationName into the Authorizer to remove the
need to check what kind of Authorizer is being used.
It sounds like this check is only for legacy ACLs, so is probably just a safeguard
.
2021-08-04 18:06:44 -04:00
Daniel Nephin
9cdd823ffc
Merge pull request #10737 from hashicorp/dnephin/remove-authorizer-nil-checks
...
acl: remove authz == nil checks
2021-08-04 17:39:34 -04:00
Evan Culver
710bd90ef7
checks: Add Interval and Timeout to API response ( #10717 )
2021-08-03 15:26:49 -07:00
Daniel Nephin
f497d5ab30
acl: remove many instances of authz == nil
2021-07-30 13:58:35 -04:00
Evan Culver
727b81a757
Fix intention endpoint test
2021-07-30 12:58:45 -04:00
Chris S. Kim
9c3af1a429
sync enterprise files with oss ( #10705 )
2021-07-27 17:09:59 -04:00
Chris S. Kim
91c90a672a
agent: update proxy upstreams to inherit namespace from service ( #10688 )
2021-07-26 17:12:29 -04:00
R.B. Boyer
96b97d6554
replumbing a bunch of api and agent structs for partitions ( #10681 )
2021-07-22 14:33:22 -05:00
R.B. Boyer
fc9b1a277d
sync changes to oss files made in enterprise ( #10670 )
2021-07-22 13:58:08 -05:00
R.B. Boyer
188e8dc51f
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning ( #10669 )
2021-07-22 13:20:45 -05:00
Evan Culver
0527dcff57
acls: Show `AuthMethodNamespace` when reading/listing ACL token meta ( #10598 )
2021-07-15 10:38:52 -07:00
Giulio Micheloni
814ef6b103
acl: fix error type into a string type for serialization issue
...
acl_endpoint_test.go:507:
Error Trace: acl_endpoint_test.go:507
retry.go:148
retry.go:149
retry.go:103
acl_endpoint_test.go:504
Error: Received unexpected error:
codec.decoder: decodeValue: Cannot decode non-nil codec value into nil error (1 methods)
Test: TestACLEndpoint_ReplicationStatus
2021-07-15 11:31:44 +02:00
Giulio Micheloni
529fe737ef
acl: acl replication routine to report the last error message
2021-07-14 11:50:23 +02:00
Evan Culver
13bd86527b
Add support for returning ACL secret IDs for accessors with acl:write ( #10546 )
2021-07-08 15:13:08 -07:00
Daniel Nephin
2c4f22a9f0
Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period
...
ca: remove unused RotationPeriod field
2021-07-06 18:49:33 -04:00
jkirschner-hashicorp
5f73de6fbc
Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable
...
Replace use of 'sane' where appropriate
2021-07-06 11:46:04 -04:00
Daniel Nephin
3a045cca8d
ca: remove unused RotationPeriod field
...
This field was never used. Since it is persisted as part of a map[string]interface{} it
is pretty easy to remove it.
2021-07-05 19:15:44 -04:00
Jared Kirschner
bd536151e1
Replace use of 'sane' where appropriate
...
HashiCorp voice, style, and language guidelines recommend avoiding ableist
language unless its reference to ability is accurate in a particular use.
2021-07-02 12:18:46 -04:00
Daniel Nephin
16b21b0864
http: add an X-Consul-Query-Backend header to responses
...
So that it is easier to detect and test when streaming is being used.
2021-06-28 16:44:58 -04:00
R.B. Boyer
ed8a901be7
connect: include optional partition prefixes in SPIFFE identifiers ( #10507 )
...
NOTE: this does not include any intentions enforcement changes yet
2021-06-25 16:47:47 -05:00
R.B. Boyer
e3835ac6a1
structs: prohibit config entries from referencing more than one partition at a time ( #10478 )
...
affected kinds: service-defaults, ingress-gateway, terminating-gateway, service-intentions
2021-06-23 16:44:10 -05:00
R.B. Boyer
8344b7fe2e
structs: prevent service-defaults upstream configs from using wildcard names or namespaces ( #10475 )
2021-06-23 15:48:54 -05:00
R.B. Boyer
ac50db9087
structs: add some missing config entry validation and clean up tests ( #10465 )
...
Affects kinds: service-defaults, ingress-gateway, terminating-gateway
2021-06-23 14:11:23 -05:00
Freddy
3ee66b2e9a
Omit empty tproxy config in JSON responses ( #10402 )
2021-06-15 13:53:35 -06:00