Commit Graph

6369 Commits

Author SHA1 Message Date
Frank Schröder a3934c263c acl: consolidate error handling (#3401)
The error handling of the ACL code relies on the presence of certain
magic error messages. Since the error values are sent via RPC between
older and newer consul agents we cannot just replace the magic values
with typed errors and switch to type checks since this would break
compatibility with older clients.

Therefore, this patch moves all magic ACL error messages into the acl
package and provides default error values and helper functions which
determine the type of error.
2017-08-23 16:52:48 +02:00
James Phillips 91dfa3d31d Update CHANGELOG.md 2017-08-21 15:31:40 -07:00
James Phillips c060635b82 Update CHANGELOG.md 2017-08-21 15:31:24 -07:00
Frank Schroeder 16c58da27d agent: drop unused code
This code from http://github.com/hashicorp/consul/pull/3353 is no longer
required.
2017-08-22 00:02:46 +02:00
Frank Schroeder bf96857b17 dns: replace nameserver lookup with consistent rpc call
This patch replaces the code which determines the list of servers in the
current cluster with an RPC call to get the list of active consul
service instances which only run on servers.

This replaces the previous implementation which was more complex and
relied on serf messages which can provide a different view than the
consistent response from the raft log.

As a side effect it makes the implementation independent of the server
and the agent which means it works consistently across both. Different
behavior for server and agent was the root cause for the bug in
http://github.com/hashicorp/consul/issue/3047.

Fixes #3407
2017-08-22 00:02:46 +02:00
Frank Schroeder 4052c6d2d2 dns: split node lookup from request handling 2017-08-22 00:02:46 +02:00
Frank Schroeder d4e3d4344a dns: refactor label by unrolling loop 2017-08-22 00:02:46 +02:00
Frank Schroeder 70be1ab635 dns: move ttl closer to usage 2017-08-22 00:02:46 +02:00
Preetha Appan 642fcd4611 Update CHANGELOG.md 2017-08-18 11:22:35 -05:00
preetapan 15e0647176 Merge pull request #3395 from Illirgway/patch-1
Fix bug with unused (replaced with "") CONSUL_HTTP_AUTH in some places

This fixes #3392
2017-08-18 11:18:24 -05:00
preetapan 2ffca8cac9 Merge pull request #3404 from zevin/master
Added configuration instructions for forwarding DNS queries from Unbound
2017-08-18 10:29:39 -05:00
Kevin Bidwell 9cae329c27 Added configuration instructions for forwarding DNS queries from Unbound to consul. 2017-08-18 08:45:43 -06:00
Preetha Appan c9d5e17410 Update serf to pick up fixes for fsyncing snapshots and panic when coordinates are disabled 2017-08-17 16:35:06 -05:00
Frank Schroeder ee2cc7aaca
doc: update check example for agent api call 2017-08-16 18:24:28 +02:00
Frank Schröder e0924704d5 doc: add method and header to agent API docs for HTTP checks (#3400) 2017-08-16 18:18:46 +02:00
Preetha Appan b51645739f Update CHANGELOG.md 2017-08-16 09:39:10 -05:00
preetapan 3327abdbf4 Merge pull request #3396 from hashicorp/memberlist_deadlock
Update memberlist for a deadlock fix
2017-08-15 18:08:40 -05:00
Preetha Appan 0e73777ce2 Update memberlist for a deadlock fix 2017-08-15 18:07:28 -05:00
Illirgway e0cc1ce679 Fix bug with unused (replaced with "") CONSUL_HTTP_AUTH in some places
example: https://github.com/hashicorp/consul/blob/master/watch/plan.go#L26

	conf := consulapi.DefaultConfig()
	conf.Address = address
	conf.Datacenter = p.Datacenter
	conf.Token = p.Token                             # <-- replace Token from DefaultConfig/CONSUL_HTTP_AUTH with ""
	client, err := consulapi.NewClient(conf)

how to reproduce bug:
0. consul -> localhost:8500 with more than 0 service checks
1. deny all for anonymous token
2. create appropriate acl <token> for watch checks (agent:read + node:read,service:read)
3. bash:
CONSUL_HTTP_AUTH=<token> consul watch -http-addr=localhost:8500 -type=checks # --> return []
consul watch -http-addr=localhost:8500 -type=checks -token=<token> # -> return { .... right json result .... }
2017-08-16 01:51:18 +03:00
Frank Schröder 546ffc25fc doc: retry_join is a string array (#3388) 2017-08-10 09:58:26 +02:00
wuxin d6729243eb fix command/kv_import.go help text (#3387) 2017-08-10 09:17:37 +02:00
James Phillips 72c4b9ef5f Removes partial details in the retry_join config file section. (#3386) 2017-08-09 21:27:17 -07:00
Seth Vargo 1258c1fe94 Document the new auto-join in the config and CLI (#3381)
* Document the new auto-join in the config and CLI
* Mention and example DNS
2017-08-09 21:14:56 -07:00
James Phillips d3c8855c86 Adds a note about the 429 response code. 2017-08-09 20:10:44 -07:00
James Phillips 191ff2cbf0 Merge pull request #3385 from hashicorp/issue-3376
Switches to using a read lock for the agent's RPC dispatcher.
2017-08-09 18:53:06 -07:00
James Phillips f51d56c80c
Switches to using a read lock for the agent's RPC dispatcher.
This prevents RPC calls from getting serialized in this spot.

Fixes #3376
2017-08-09 18:51:55 -07:00
James Phillips 6194dcf36f
Puts tree in 0.9.3 dev mode. 2017-08-09 18:33:57 -07:00
James Phillips 28c2b0c224
Bumps website version to 0.9.2. 2017-08-09 18:02:05 -07:00
James Phillips 75ca2cace0
Release v0.9.2 2017-08-09 17:46:41 -07:00
James Phillips c7c35331ed
Puts the tree in 0.9.2 release mode. 2017-08-09 17:36:35 -07:00
James Phillips 0e82e08168 Update CHANGELOG.md 2017-08-09 16:19:36 -07:00
Frank Schröder 4b642fed2f agent: honor deprecated flags for retry-join-{ec2,azure,gce} (#3384) 2017-08-09 16:18:30 -07:00
James Phillips d07946949d Update CHANGELOG.md 2017-08-09 15:30:52 -07:00
James Phillips e9bd05b603 Merge pull request #3383 from hashicorp/revert-3340-issue_2637
Revert "Return 403 rather than a 404 when acls cause all results to be filter…"
2017-08-09 15:07:10 -07:00
James Phillips e8a83bb463 Revert "Return 403 rather than a 404 when acls cause all results to be filter…" 2017-08-09 15:06:57 -07:00
James Phillips 6dc829d75f Merge pull request #3382 from hashicorp/revert-3380-fix_acls
Revert "Ensure that we return a permission denied only if the list of keys/en…"
2017-08-09 15:06:34 -07:00
James Phillips 02a87df044 Revert "Ensure that we return a permission denied only if the list of keys/en…" 2017-08-09 15:06:20 -07:00
preetapan 03b363e931 Merge pull request #3380 from hashicorp/fix_acls
Ensure that we return a permission denied only if the list of keys/en…
2017-08-09 15:51:10 -05:00
Preetha Appan 42fb49c00b Added unit test case to kvs_endpointtest 2017-08-09 15:50:22 -05:00
Preetha Appan 3276891142 Ensure that we return a permission denied only if the list of keys/entries prior to filtering by ACL is non empty 2017-08-09 15:32:18 -05:00
James Phillips d42c743c84 Merge pull request #3377 from hashicorp/refactor-pkgs
Refactor packages
2017-08-09 11:50:44 -07:00
Preetha Appan dc23d55524 Add note about configuring recursors to be able to resolve external services. 2017-08-09 11:13:30 -05:00
Frank Schroeder 7cff50a4df
agent: move agent/consul/agent to agent/metadata 2017-08-09 14:36:52 +02:00
Frank Schroeder c395599cea
agent: move agent/consul/servers to agent/router 2017-08-09 14:36:37 +02:00
Frank Schroeder 1acff3533e
agent: move agent/consul/structs to agent/structs 2017-08-09 14:32:12 +02:00
James Phillips 81194972a0 Merge pull request #3375 from sin5th/sin5th
fix UnitTest in acl
2017-08-08 23:26:18 -07:00
James Phillips d441381430
Puts tree into 0.9.2 dev mode. 2017-08-08 23:22:19 -07:00
游远 ffcd2b1fc8 fix UnitTest in acl 2017-08-09 14:21:21 +08:00
James Phillips e1231bce4d Bumps download version to 0.9.1. 2017-08-08 22:47:24 -07:00
James Phillips 44704c67a3
Release v0.9.1 2017-08-08 22:29:24 -07:00