Commit Graph

14040 Commits

Author SHA1 Message Date
John Cowen aca7976580
ui: Adds warning icon to side menu when ACLs are disabled (#9864)
* ui: Adds warning icon to side menu when ACLs are are disabled
2021-03-17 11:23:00 +00:00
hashicorp-ci f4a96768d1 auto-updated agent/uiserver/bindata_assetfs.go from commit 41471719e 2021-03-17 10:50:59 +00:00
John Cowen 41471719e6
ui: CSP Improvements (#9847)
* Configure ember-auto-import so we can use a stricter CSP

* Create a fake filesystem using JSON to avoid inline scripts in index

We used to have inline scripts in index.html in order to support embers
filepath fingerprinting and our configurable rootURL.

Instead of using inline scripts we use application/json plus a JSON blob
to create a fake filesystem JSON blob/hash/map to hold all of the
rootURL'ed fingerprinted file paths which we can then retrive later in
non-inline scripts.

We move our inlined polyfills script into the init.js external script,
and we move the CodeMirror syntax highlighting configuration inline
script into the main app itself - into the already existing CodeMirror
initializer (this has been moved so we can lookup a service located
document using ember's DI container)

* Set a strict-ish CSP policy during development
2021-03-17 10:46:21 +00:00
freddygv 3f2489c31d Refactor makePublicListener
By accepting a name the function can be used for other inbound listeners,
like the one for TransparentProxy.
2021-03-16 19:22:26 -06:00
Daniel Nephin 0ea3b38477
Merge pull request #9886 from hashicorp/sdk/to_testing_TB
[SDK] change all cases of *testing.T to testing.TB
2021-03-16 20:28:35 -04:00
Daniel Nephin cacd7ccca2
Merge pull request #9475 from cbroglie/tls-server-name
Add support for configuring TLS ServerName for health checks
2021-03-16 20:24:44 -04:00
Daniel Nephin 99eda98222 Add changelog for 9475 2021-03-16 18:22:25 -04:00
Christopher Broglie f0307c73e5 Add support for configuring TLS ServerName for health checks
Some TLS servers require SNI, but the Golang HTTP client doesn't
include it in the ClientHello when connecting to an IP address. This
change adds a new TLSServerName field to health check definitions to
optionally set it. This fixes #9473.
2021-03-16 18:16:44 -04:00
John Eikenberry 1266bfd65b [SDK] change all cases of *testing.T to testing.TB
Using the interface opens up the use of all methods to benchmarks as
well as tests.
2021-03-16 15:05:39 -07:00
Daniel Nephin 931023fc70
Merge pull request #8698 from pierreca/fix-iserreof
Use errors.Is() in IsErrEOF()
2021-03-16 17:56:15 -04:00
freddygv 7892964a0c Add cache-type for Internal.IntentionUpstreams 2021-03-16 11:06:47 -06:00
Daniel Nephin 34eb6c01ff state: convert services.node and checks.node indexes
Using NodeIdentity to share the indexes with both.
2021-03-16 13:00:31 -04:00
freddygv 942334b208 Prefix match type vars to match use 2021-03-16 09:49:24 -06:00
freddygv 4cb9fdc27f Pass txn into service list queries 2021-03-16 09:33:08 -06:00
freddygv 86ff9065c1 Pass txn into intention match queries 2021-03-16 08:03:52 -06:00
freddygv 31e757de2a Replace CertURI.Authorize() calls.
AuthorizeIntentionTarget is a generalized version of the old function,
and can be evaluated against sources or destinations.
2021-03-15 18:06:04 -06:00
freddygv f5ed751c91 Fixup typo, comments, and regression 2021-03-15 17:50:47 -06:00
freddygv 4bdbcff9c0 Fixup upstream test 2021-03-15 17:20:30 -06:00
freddygv 3492f9e0d6 Finish cleanup from ServiceConfigRequest changes 2021-03-15 16:38:01 -06:00
freddygv 770c5552d6 Update service manager to pass MeshGateway with config req 2021-03-15 16:08:03 -06:00
freddygv 6090cfcf68 PR comments 2021-03-15 16:02:03 -06:00
Luke Kysow a1d5e1fb41
docs: rename SourceAddress to SourceIP (#9878)
SourceAddress was probably renamed to SourceIP but the docs weren't
updated.
2021-03-15 14:39:33 -07:00
freddygv 7df846aa24 Pass MeshGateway config in service config request
ResolveServiceConfig is called by service manager before the proxy
registration is in the catalog. Therefore we should pass proxy
registration flags in the request rather than trying to fetch
them from the state store (where they may not exist yet).
2021-03-15 14:32:13 -06:00
freddygv 8b46d8dcbb Restore old Envoy prefix on escape hatches
This is done because after removing ID and NodeName from
ServiceConfigRequest we will no longer know whether a request coming in
is for a Consul client earlier than v1.10.
2021-03-15 14:12:57 -06:00
freddygv 93c3c1780d Only lowercase the protocol when normalizing 2021-03-15 14:12:15 -06:00
freddygv 41b2ba1e58 Add omitempty across the board for UpstreamConfig 2021-03-15 13:23:18 -06:00
Freddy e655a974d3
Merge pull request #9107 from hashicorp/docs-prepared-query-namespace
Add namespaces to prepared query API docs
2021-03-15 13:08:52 -06:00
freddygv 08759e46ed Add RPC endpoint for intention upstreams 2021-03-15 08:50:35 -06:00
freddygv 08737fa606 Add state store function for intention upstreams 2021-03-15 08:50:35 -06:00
freddygv 3722ce2fff Refactor IntentionDecision
This enables it to be called for many upstreams or downstreams of a
service while only querying intentions once.

Additionally, decisions are now optionally denied due to L7 permissions
being present. This enables the function to be used to filter for
potential upstreams/downstreams of a service.
2021-03-15 08:50:35 -06:00
Christoph Puhl a11ed1570a Add namespaces to prepared query API docs
Add missing section on creating prepared query for namespaced services
2021-03-15 10:04:53 +01:00
Daniel Nephin 8f2171d26c
Merge pull request #9152 from hashicorp/dnephin/streaming-enable-connect
use streaming backend for connect service health
2021-03-12 13:05:16 -05:00
Daniel Nephin f40b76af2d proxycfg: use rpcclient/health.Client instead of passing around cache name
This should allow us to swap out the implementation with something other
than `agent/cache` without making further code changes.
2021-03-12 11:46:04 -05:00
Daniel Nephin 566741a143 catalog_events: set the right key for connect snapshots 2021-03-12 11:35:43 -05:00
Daniel Nephin 906834ce8e proxycfg: Use streaming in connect state 2021-03-12 11:35:42 -05:00
Daniel Nephin 1a764553c0 rpcclient: use streaming for connect health 2021-03-12 11:35:42 -05:00
Matt Keeler 30903db442
AutopilotServerHealth now handles the 429 status code (#8599)
AutopilotServerHealthy now handles the 429 status code

Previously we would error out and not parse the response. Now either a 200 or 429 status code are considered expected statuses and will result in the method returning the reply allowing API consumers to not only see if the system is healthy or not but which server is unhealthy.
2021-03-12 09:40:49 -05:00
freddygv d80e4b27b1 Update content hash due to new field 2021-03-11 19:59:19 -07:00
freddygv 23ffa3d3f3 And another test fix 2021-03-11 18:39:53 -07:00
freddygv 682f357185 Fixup more tests 2021-03-11 16:26:55 -07:00
Mike Wickett 3c4bd5cac2
Merge pull request #9874 from hashicorp/mw.patch-docs-issue
docs: fixup syntax issue
2021-03-11 17:45:22 -05:00
Mike Wickett 8f72c17248 fix: syntax issue 2021-03-11 17:05:21 -05:00
freddygv 756ab4c546 Fixup protobufs and tests 2021-03-11 14:58:59 -07:00
Preetha ccde7e5f8b
Small changes to gossip related telemetry docs (#9846)
Update gossip related telemetry docs to include correct descriptions, and added missing metrics
2021-03-11 14:21:32 -06:00
Mike Wickett a6fb12a8db
Merge pull request #9867 from hashicorp/mw.update-alert-banner
Update alert banner
2021-03-11 14:54:29 -05:00
Freddy d38fa1cbcf
Merge pull request #9869 from DanielMabbett/patch-1
Fix typo in requirements.mdx
2021-03-11 12:49:57 -07:00
Kyle Havlovitz 1e87c7183a
Merge pull request #9672 from hashicorp/ca-force-skip-xc
connect/ca: Allow ForceWithoutCrossSigning for all providers
2021-03-11 11:49:15 -08:00
Kyle Havlovitz bd560040c2 Add a changelog note 2021-03-11 11:47:35 -08:00
Freddy 555961e036
Merge pull request #9770 from hashicorp/docs/fix-terminating-gateway-config-entry
Docs: Update terminating-gateway-config-entry
2021-03-11 12:42:20 -07:00
freddygv df1f3995f8 Update service manager to store centrally configured upstreams 2021-03-11 11:37:21 -07:00