Commit Graph

16209 Commits

Author SHA1 Message Date
Daniel Nephin abac8baa5d ca: remove one call to provider.ActiveRoot
ActiveRoot should not be called from the secondary DC, because there
should not be a requirement to run the same Vault instance in a
secondary DC. SignIntermediate is called in a secondary DC, so it should
not call ActiveRoot

We would also like to change the interface of ActiveRoot so that we can
support using an intermediate cert as the primary CA in Consul. In
preparation for making that change I am reducing the number of calls to
ActiveRoot, so that there are fewer code paths to modify when the
interface changes.

This change required a change to the mockCAServerDelegate we use in
tests. It was returning the RootCert for SignIntermediate, but that is
not an accurate fake of production. In production this would also be a
separate cert.
2022-01-06 16:55:50 -05:00
Daniel Nephin eaa084fd41 ca: remove redundant append of an intermediate cert
Immediately above this line we are already appending the full list of
intermediates. The `provider.ActiveIntermediate` MUST be in this list of
intermediates because it must be available to all the other non-leader
Servers.  If it was not in this list of intermediates then any proxy
that received data from a non-leader would have the wrong certs.

This is being removed now because we are planning on changing the
`Provider.ActiveIntermediate` interface, and removing these extra calls ahead of
time helps make that change easier.
2022-01-06 16:55:50 -05:00
Daniel Nephin 11f4cdaa49 ca: only generate a single private key for the whole test case
Using tracing and cpu profiling I found that the majority of the time in
these test cases is spent generating a private key. We really don't need
separate private keys, so we can generate only one and use it for all
cases.

With this change the test runs much faster.
2022-01-06 16:55:50 -05:00
Daniel Nephin b3ffe7ac72 ca: cleanup a test
Fix the name to match the function it is testing

Remove unused code

Fix the signature, instead of returning (error, string) which should be (string, error)
accept a testing.T to emit errors.

Handle the error from encode.
2022-01-06 16:55:49 -05:00
Daniel Nephin 1fd6b16399 ca: use the new leaf signing lookup func in leader metrics 2022-01-06 16:55:49 -05:00
Blake Covarrubias fdb5e22e25 docs: Redirect mesh-gateway page to new location
The mesh gateway docs at /docs/connect/gateways/mesh-gateway were
moved in #11859 to a new location in order to accommodate the addition
of separate instructions for using gateways with admin partitions.

This commit redirects the old mesh gateway page to its new location at
/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.
2022-01-06 13:35:11 -08:00
Chris S. Kim 08af4f7ffc
Fix Windows logging to files (#11960) 2022-01-06 16:07:09 -05:00
Blake Covarrubias 4bd92921f4
api: Return 404 when deregistering a non-existent check (#11950)
Update the `/agent/check/deregister/` API endpoint to return a 404
HTTP response code when an attempt is made to de-register a check ID
that does not exist on the agent.

This brings the behavior of /agent/check/deregister/ in line with the
behavior of /agent/service/deregister/ which was changed in #10632 to
similarly return a 404 when de-registering non-existent services.

Fixes #5821
2022-01-06 12:38:37 -08:00
Dhia Ayachi 1eac39ae9c
clone the service under lock to avoid a data race (#11940)
* clone the service under lock to avoid a data race

* add change log

* create a struct and copy the pointer to mutate it to avoid a data race

* fix failing test

* revert added space

* add comments, to clarify the data race.
2022-01-06 14:33:06 -05:00
Dhia Ayachi d0274d38a9
upgrade raft to v1.3.3 (#11958)
* upgrade raft to v1.3.3

* add change log

* reword the changelog

Co-authored-by: FFMMM <FFMMM@users.noreply.github.com>

Co-authored-by: FFMMM <FFMMM@users.noreply.github.com>
2022-01-06 14:09:13 -05:00
trujillo-adam 1b0b4f7c26
Merge pull request #11945 from hashicorp/docs/exported-services-language-issues
tweaks to the language used in the requirements section
2022-01-06 07:26:39 -08:00
mrspanishviking f49545eb5e
Merge pull request #11952 from hashicorp/david-yu-vault-gossip-indent
docs: Fix indentation for gossipEncryption when using Vault secrets backend
2022-01-06 07:14:29 -07:00
David Yu 1b65760782
docs: Fix indentation for gossipEncryption when using Vault secrets backend 2022-01-05 21:35:28 -08:00
Daniel Nephin 065f6f89fb
Merge pull request #11918 from hashicorp/dnephin/tob-followup
Fix a few small bugs
2022-01-05 18:50:48 -05:00
Daniel Nephin 9c8e7981d9 changelog 2022-01-05 17:51:03 -05:00
Daniel Nephin abfc1e4840 snapshot: return the error from replyFn
The only function passed to SnapshotRPC today always returns a nil error, so there's no
way to exercise this bug in practice. This change is being made for correctness so that
it doesn't become a problem in the future, if we ever pass a different function to
SnapshotRPC.
2022-01-05 17:51:03 -05:00
Daniel Nephin ff7f3a9737 cli: use file mode 0600 when saving a snapshot
So that other users on the machine can not access the snapshot data.
2022-01-05 17:51:03 -05:00
Daniel Nephin 0166b0839c config: correctly capture all errors.
Some calls to multierror.Append were not using the existing b.err, which meant we
were losing all previous errors.
2022-01-05 17:51:03 -05:00
Chris S. Kim 4cd2542a3e
Fix test for ENT (#11946) 2022-01-05 15:18:08 -05:00
trujillo-adam 2ff5f50e8c tweaks to the language used in the requirements section 2022-01-05 12:01:10 -08:00
Chris S. Kim e4bcaac08c
Fix test for ENT (#11941) 2022-01-05 12:24:44 -05:00
Dhia Ayachi e653f81919
reset `coalesceTimer` to nil as soon as the event is consumed (#11924)
* reset `coalesceTimer` to nil as soon as the event is consumed

* add change log

* refactor to add relevant test.

* fix linter

* Apply suggestions from code review

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* remove non needed check

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-05 12:17:47 -05:00
Mathew Estafanous 0fdd1318e9
Ensure consistency with error-handling across all handlers. (#11599) 2022-01-05 12:11:03 -05:00
John Cowen 6d0a73c0eb
ui: Add selective no-console eslint rule (#11938) 2022-01-05 16:56:26 +00:00
John Cowen 31dee2340f
ui: Only allow partition creation with a single datacenter setup (#11817) 2022-01-05 14:52:06 +00:00
John Cowen 64767b53e7
ui: Configure routes in route config rather than classes (#11900) 2022-01-05 09:34:28 +00:00
Jared Kirschner 99ee07d2d1
Merge pull request #10894 from jkirschner-hashicorp/clarify-debug-msg-if-name-used-when-id-needed
Clarify service and health check not found error messages
2022-01-04 16:14:49 -05:00
Blake Covarrubias e898cf1d41
cli: Show node identities in acl token list output (#11926)
Fix the pretty CLI output of `consul acl token list` so that it
properly displays node identities that are associated with a token.
2022-01-04 12:44:43 -08:00
CJ 0a83964a5a
Update glossary.mdx (#10766)
Corrected spelling errors
2022-01-04 15:41:07 -05:00
Noel Quiles 1ff6da7cdd
website: Update copy (#11853) 2022-01-04 15:29:46 -05:00
Daniel Nephin da95a0e449
Merge pull request #11884 from assareh/patch-1
consul pls cert create usage example provided in CLI help shows outdated arguments
2022-01-04 15:17:32 -05:00
Jared Kirschner b393c90ce7 Clarify service and check error messages (use ID)
Error messages related to service and check operations previously included
the following substrings:
- service %q
- check %q

From this error message, it isn't clear that the expected field is the ID for
the entity, not the name. For example, if the user has a service named test,
the error message would read 'Unknown service "test"'. This is misleading -
a service with that *name* does exist, but not with that *ID*.

The substrings above have been modified to make it clear that ID is needed,
not name:
- service with ID %q
- check with ID %q
2022-01-04 11:42:37 -08:00
Jared Kirschner a36ddc31c7
Merge pull request #11335 from littlestar642/url-encoded-args
URL-encode/decode resource names for HTTP API
2022-01-04 14:00:14 -05:00
Chris S. Kim 30550f2c63
testing: Revert assertion for virtual IP flag (#11932) 2022-01-04 11:24:56 -05:00
James Tran d1ac40e967
ui: Add XML syntax highlighting to key/value editor (#11785)
* ui: Add XML syntax highlighting to key/value editor

* ui: Make explicit options that are specific to XML for clarity
2022-01-04 16:24:09 +00:00
John Cowen f8b336b9a0
ui: Fix URL params decoding (#11931)
* ui: Move wildcard param decoding to routlet service
2022-01-04 16:08:06 +00:00
John Cowen 72e5d7e1d4
ui: Ensure disconnect error doesn't appear w/auth change on some pages (#11905) 2022-01-04 14:55:32 +00:00
David Yu 6bef2b2eb4
docs: Clarification of Vault Consul K8s requirements for Auth Method (#11929)
* docs: Clarification of Vault Consul K8s requirements

* link back to requirements

* Update gossip.mdx

* Update index.mdx

* add details for K8s auth method requirement

* Update gossip.mdx

* Update server-tls.mdx

* Update connect-ca.mdx

* Update gossip.mdx

* Update server-tls.mdx

* Update website/content/docs/k8s/installation/vault/gossip.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/server-tls.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update index.mdx

* Update index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-03 14:17:55 -08:00
mrspanishviking 092436f927
Merge pull request #11928 from hashicorp/consul-docs-issue
Consul docs issue
2022-01-03 11:13:18 -07:00
Karl Cardenas 6a6f8c29dc
removing markdown file for consul docs day issue 2022-01-03 11:06:09 -07:00
Karl Cardenas 122ba27121
style update 2022-01-03 10:54:31 -07:00
Karl Cardenas 709331a7d7
updating Consul docs day issue template 2022-01-03 10:49:56 -07:00
mrspanishviking 1af462203e
Merge pull request #11775 from hashicorp/docs-day-issue
chore: created an issue template for Consul docs day
2022-01-03 10:17:47 -07:00
Jared Kirschner e0ddb9e4c5
Merge pull request #11820 from hashicorp/improve-ui-disabled-api-response
http: improve UI not enabled response message
2022-01-03 12:00:01 -05:00
mrspanishviking ad6b3dccd6
Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-01-03 09:46:32 -07:00
littlestar642 634c72d22f add path escape and unescape to path params 2022-01-03 08:18:32 -08:00
mrspanishviking f94763f3f6
Merge pull request #11920 from artemkozlenkov/patch-1
Update install.mdx; add port-forward missing namespace flag
2021-12-28 12:18:20 -07:00
Artem Kozlenkov 06e547a5b6
add the missing `-n consul` namespace to `k pf ..` 2021-12-27 17:54:35 +01:00
Artem Kozlenkov e45ae6d17e
Update install.mdx
add port-forwad missing namespace flag
2021-12-27 17:50:49 +01:00
Jeff Escalante 32a2cf4646
add enterprise downloads page (#10550)
* add enterprise downloads page

* remove beta block

* clean up prop repetition, add hcp callout

* move around external props pattern

* add legal notice to ent page
2021-12-24 14:53:07 -05:00