Daniel Nephin
a33c50ef0d
Merge pull request #9073 from hashicorp/dnephin/backport-streaming-namespaces
...
streaming: backport namespace changes
2020-11-05 14:19:10 -05:00
Daniel Nephin
c82f6ef2d8
Merge pull request #9061 from hashicorp/dnephin/event-fields
...
stream: support filtering by namespace
2020-11-05 14:18:35 -05:00
hashicorp-ci
977297390c
auto-updated agent/uiserver/bindata_assetfs.go from commit 6ff094976
2020-11-05 19:12:03 +00:00
hashicorp-ci
9d15348565
auto-updated agent/uiserver/bindata_assetfs.go from commit 1ef18c4b6
2020-11-05 16:10:14 +00:00
R.B. Boyer
6ba776b4f3
agent: protect the ui metrics proxy endpoint behind ACLs ( #9099 )
...
This ensures the metrics proxy endpoint is ACL protected behind a
wildcard `service:read` and `node:read` set of rules. For Consul
Enterprise these will need to span all namespaces:
```
service_prefix "" { policy = "read" }
node_prefix "" { policy = "read" }
namespace_prefix "" {
service_prefix "" { policy = "read" }
node_prefix "" { policy = "read" }
}
```
This PR contains just the backend changes. The frontend changes to
actually pass the consul token header to the proxy through the JS plugin
will come in another PR.
2020-11-04 12:50:03 -06:00
hashicorp-ci
a2315bc839
auto-updated agent/uiserver/bindata_assetfs.go from commit 0f6c0a5c1
2020-11-04 09:37:51 +00:00
hashicorp-ci
1a5d4cfe43
auto-updated agent/uiserver/bindata_assetfs.go from commit d5d4155e1
2020-11-03 14:14:58 +00:00
hashicorp-ci
738ff1801f
auto-updated agent/uiserver/bindata_assetfs.go from commit 56c2ff56e
2020-11-02 18:43:31 +00:00
hashicorp-ci
c28f489a9a
auto-updated agent/uiserver/bindata_assetfs.go from commit bf32a1799
2020-11-02 16:11:45 +00:00
hashicorp-ci
907c4ad789
auto-updated agent/uiserver/bindata_assetfs.go from commit 314eeda95
2020-11-02 14:40:27 +00:00
R.B. Boyer
a66c4591d7
agent: introduce path allow list for requests going through the metrics proxy ( #9059 )
...
Added a new option `ui_config.metrics_proxy.path_allowlist`. This defaults to `["/api/v1/query", "/api/v1/query_range"]` when the metrics provider is set to `prometheus`.
Requests that do not use one of the allow-listed paths (via exact match) get a 403 Forbidden response instead.
2020-10-30 16:49:54 -05:00
Daniel Nephin
b532e092dc
structs: add a namespace test for CheckServiceNode.CanRead
2020-10-30 15:07:04 -04:00
Daniel Nephin
9b2fae9bac
cache-type: use namespace in tests
...
to verify that the namespace is passed through correctly to the server.
2020-10-30 15:07:04 -04:00
Daniel Nephin
b95b14e168
state: test EventPayloadCheckServiceNode.FilterByKey
...
Also fix a bug in that function when only one of key or namespace were the empty string.
2020-10-30 14:35:57 -04:00
Daniel Nephin
56d6079da3
stream: Add tests for filterByKey with namespace
...
And fix a bug where a request with a Namespace but no Key would not be properly filtered
2020-10-30 14:35:42 -04:00
Daniel Nephin
2c00045161
stream: Move FilterByKey events to a table
...
In preparation for adding new tests.
2020-10-30 14:35:28 -04:00
Daniel Nephin
43c5803a25
state: use enterprise meta for creating events
2020-10-30 14:34:04 -04:00
Daniel Nephin
0ad2406d7c
stream: include the namespace in the snap cache key
...
Otherwise the wrong snapshot could be returned when the same key is used in different namespaces
2020-10-30 14:34:04 -04:00
Daniel Nephin
c42fe5ae43
subscribe: set the request namespace
2020-10-30 14:34:04 -04:00
hashicorp-ci
b3bf1229ac
auto-updated agent/uiserver/bindata_assetfs.go from commit cf2cfbaf2
2020-10-30 15:27:01 +00:00
R.B. Boyer
fa4b0854fb
state: ensure we unblock intentions queries upon the upgrade to config entries ( #9062 )
...
1. do a state store query to list intentions as the agent would do over in `agent/proxycfg` backing `agent/xds`
2. upgrade the database and do a fresh `service-intentions` config entry write
3. the blocking query inside of the agent cache in (1) doesn't notice (2)
2020-10-29 15:28:31 -05:00
R.B. Boyer
b24b4169e1
restore prior signature of test helper so enterprise compiles
2020-10-29 13:52:15 -05:00
hashicorp-ci
01dbf43fb1
auto-updated agent/uiserver/bindata_assetfs.go from commit 1d6961248
2020-10-29 18:33:41 +00:00
Daniel Nephin
a5dd2001cf
stream: remove Event.Key
...
Makes Payload a type with FilterByKey so that Payloads can implement
filtering by key. With this approach we don't need to expose a Namespace
field on Event, and we don't need to invest micro formats or require a
bunch of code to be aware of exactly how the key field is encoded.
2020-10-28 16:48:04 -04:00
Daniel Nephin
1c094da40d
state: use go-cmp for comparison
...
The output of the previous assertions made it impossible to debug the tests without code changes.
With go-cmp comparing the entire slice we can see the full diffs making it easier to debug failures.
2020-10-28 16:33:00 -04:00
Daniel Nephin
68342a0cb5
proto: remove Event.Key field
...
The field is never used, and the value is available from the payload.
2020-10-28 16:33:00 -04:00
Daniel Nephin
9a1e845be8
proto: remove Event.Namespace field
...
All events are part of a single Topic, so we don't need this field.
2020-10-28 16:33:00 -04:00
Daniel Nephin
3dfb7c224b
stream: Use a no-op event publisher if streaming is disabled
2020-10-28 13:54:19 -04:00
Daniel Nephin
23eee604c9
store: use a ReadDB for snapshots
...
to remove the cyclic dependency between the snapshot handlers and the state.Store
2020-10-28 13:07:42 -04:00
Daniel Nephin
7b9ee25956
Merge pull request #9026 from hashicorp/dnephin/streaming-without-cache-query-param
...
streaming: rename config and remove requirement for cache=1
2020-10-28 12:33:25 -04:00
Daniel Nephin
477d665309
Merge pull request #8618 from hashicorp/dnephin/remove-txn-readtxn
...
state: Use ReadTxn everywhere
2020-10-28 12:32:47 -04:00
Kyle Havlovitz
9f893307de
Merge pull request #9053 from hashicorp/vault-token-lookupself
...
connect: Use the lookup-self endpoint for Vault token
2020-10-27 14:34:03 -07:00
Daniel Nephin
f0ac093fef
agent/grpc: add connection count metrics
...
Gauge metrics are great for understanding the current state, but can somtimes hide problems
if there are many disconnect/reconnects.
This commit adds counter metrics for connections and streams to make it easier to see the
count of newly created connections and streams.
2020-10-27 16:49:49 -04:00
Daniel Nephin
5319ba02b0
agent/grpc: rename metrics
...
These new names should make it easier to add counter metics with similar prefixes
2020-10-27 16:49:49 -04:00
Daniel Nephin
c82d6aa4ff
Merge pull request #8961 from hashicorp/dnephin/grpc-resolve-node-id
...
agent/grpc: fix some test flakes and handle duplicate server IDs in the pool
2020-10-27 16:47:37 -04:00
Daniel Nephin
74ac34e358
Merge pull request #8998 from hashicorp/dnephin/lib-ttlcache
...
lib/ttlcache: extract a new package from agent/cache
2020-10-27 16:43:10 -04:00
Daniel Nephin
0f81915495
Merge pull request #8987 from hashicorp/dnephin/stream-filter
...
streaming: apply filter to a single item
2020-10-27 16:39:43 -04:00
Daniel Nephin
8bcd5040c7
agent/grpc: Add an integration test for ClientPool with TLS
...
Also deregister the resolver.Builder in tests.
2020-10-27 16:34:18 -04:00
Daniel Nephin
8a785a351c
agent/grpc: pass metrics to constructor
...
Instead of referencing a package var. This does not fix the flaky test, but it seems more correct.
2020-10-27 16:34:17 -04:00
Daniel Nephin
d19657404f
agent/grpc: fix a flaky test by performing more retries
...
Instead of using retry.Run, which appears to have problems in some cases where it does not
emit an error message, use a for loop.
Increase the number of attempts and remove any sleep, since this operation is not that expensive to do
in a tight loop
2020-10-27 16:34:17 -04:00
Daniel Nephin
df405ac978
agent/grpc: remove misleading warnings from test output
...
Handle shutdown properly in tests so that the tests don't warn about using a closed connection.
2020-10-27 16:34:16 -04:00
Daniel Nephin
e101aa8a74
agent/grpc: fix a flake in TestHandler_EmitsStats
2020-10-27 16:34:16 -04:00
Daniel Nephin
19da9c3a9b
agent/grpc: use a separate channel for closing the Accept
...
Closing l.conns can lead to a race and a 'panic: send on closed chan' when a
connection is in the middle of being handled when the server is shutting down.
Found using '-race -count=800'
2020-10-27 16:34:15 -04:00
Daniel Nephin
d8299670cc
agent/grpc/resolver: namespace the server ID with the DC name
...
So that if two datacenters end up with overlapping serverIDs we don't send requests to the wrong server
2020-10-27 16:34:15 -04:00
Kyle Havlovitz
f700a5707b
connect: Use the lookup-self endpoint for Vault token
2020-10-27 13:03:45 -07:00
hashicorp-ci
bea3d0fd96
auto-updated agent/uiserver/bindata_assetfs.go from commit f4208b5fb
2020-10-27 14:56:48 +00:00
hashicorp-ci
7a1538f747
auto-updated agent/uiserver/bindata_assetfs.go from commit 30da884d5
2020-10-27 14:31:16 +00:00
hashicorp-ci
b6113eba09
auto-updated agent/uiserver/bindata_assetfs.go from commit ed6a2c150
2020-10-27 14:09:17 +00:00
hashicorp-ci
6c39fcecf3
auto-updated agent/uiserver/bindata_assetfs.go from commit 827e53694
2020-10-27 13:36:44 +00:00
hashicorp-ci
5460744a95
auto-updated agent/uiserver/bindata_assetfs.go from commit 52d7283cd
2020-10-26 19:56:11 +00:00