Commit Graph

299 Commits

Author SHA1 Message Date
Kyle Havlovitz 2ada0439d4
Add rpc_listener option to segment config 2017-08-30 11:58:29 -07:00
James Phillips b1a15e0c3d
Adds open source side of network segments (feature is Enterprise-only). 2017-08-30 11:58:29 -07:00
Illirgway e0cc1ce679 Fix bug with unused (replaced with "") CONSUL_HTTP_AUTH in some places
example: https://github.com/hashicorp/consul/blob/master/watch/plan.go#L26

	conf := consulapi.DefaultConfig()
	conf.Address = address
	conf.Datacenter = p.Datacenter
	conf.Token = p.Token                             # <-- replace Token from DefaultConfig/CONSUL_HTTP_AUTH with ""
	client, err := consulapi.NewClient(conf)

how to reproduce bug:
0. consul -> localhost:8500 with more than 0 service checks
1. deny all for anonymous token
2. create appropriate acl <token> for watch checks (agent:read + node:read,service:read)
3. bash:
CONSUL_HTTP_AUTH=<token> consul watch -http-addr=localhost:8500 -type=checks # --> return []
consul watch -http-addr=localhost:8500 -type=checks -token=<token> # -> return { .... right json result .... }
2017-08-16 01:51:18 +03:00
James Phillips 6ccf724c0c
Adds a guard to make sure that empty log lines don't close consul monitor.
Fixes #3253.
2017-08-08 16:05:29 -07:00
Kyle Havlovitz 5b998cacb1
Update api structs for metrics endpoint 2017-08-08 12:33:59 -07:00
Kyle Havlovitz d5634fe2a8
Add support for labels/filters from go-metrics 2017-08-08 01:45:10 -07:00
James Phillips 4bee2e49f5 Adds secure introduction for the ACL replication token. (#3357)
Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 15:39:31 -07:00
James Phillips c0a5ad7903 Adds a new /v1/acl/bootstrap API (#3349) 2017-08-02 17:05:18 -07:00
James Phillips 496b0bcf07 Adds support for agent-side ACL token management via API instead of config files. (#3324)
* Adds token store and removes all runtime use of config for ACL tokens.
* Adds a new API for changing agent tokens on the fly.
2017-07-26 11:03:43 -07:00
Kyle Havlovitz 19eae3d14b
Add UpgradeVersionTag to autopilot config 2017-07-18 13:35:41 -07:00
James Phillips 1791d99a10 Adds new config to make script checks opt-in, updates documentation. (#3284) 2017-07-17 11:20:35 -07:00
James Phillips 8d0a048408 Expands and rework context support in the API client. (#3273) 2017-07-14 17:30:08 -07:00
James Bardin deb43fea6b accept recv-only channels for cancellations (#3271)
Cancellation channels are often derived from a Context, which
returns a directional `<-chan struct{}` from Done(). In order to use
this with parts of of the consul API, one is required to create a new
channel and dispatch a separate goroutine to watch for context
cancellation and close the new channel.

Changing the signature for the methods that take cancellation channels
will allow easier integration with existing uses of Context. Since the
cancellation pattern only reads from these channels, there should be no
backwards incompatibility with existing codebases, and most of the
methods already accept only the correct type.
2017-07-14 16:31:44 -07:00
Frank Schroeder 9c54f30c94 api: fix TestAPI_CatalogNodes test 2017-07-07 09:22:34 +02:00
Frank Schroeder 0e931a713c agent: fix failing test from localState decoupling
Would be nice to know what changed though.
2017-07-07 09:22:34 +02:00
Frank Schroeder 7bbfef7000 api: refactor: unify naming of API tests 2017-07-07 09:22:34 +02:00
Frank Schroeder 8edeabce9a api: refactor: prefix all API tests with API_ 2017-07-07 09:22:34 +02:00
Preetha Appan 9eaf56bfe3 Fix socket file handle leaks from old blocking queries upon consul reload. This fixes issue #3018 2017-06-26 15:52:03 -05:00
Frank Schröder 825f72f5ef agent: support custom header and method for http checks (#3106)
This patch adds support for custom headers and
method for HTTP checks.

Fixes #2474
Fixes #2657
Fixes #3106
2017-06-07 01:11:56 +02:00
James Phillips 3baa703d02 Merge pull request #3077 from jwasinger/issue-2850
Prevent Session.Destroy from leaving open TCP connections
2017-06-02 21:43:55 -07:00
Jared Wasinger d2ef61d079 Prevent Session.Destroy from leaving open TCP connections 2017-05-25 20:51:27 -07:00
Kyle Havlovitz 4e44db87e3
Don't overwrite Transport's TLS config if it's been set 2017-05-24 13:45:19 -07:00
Kyle Havlovitz 04f1ff78f8 Remove superfluous default HttpClient check in NewClient 2017-05-24 11:40:21 -07:00
Frank Schroeder 96c677fdba test: make test less flaky 2017-05-12 22:12:47 +02:00
Frank Schroeder 65b5c51ec7 test: add helper for ioutil.TempDir/TempFile
This creates a simplified helper for temporary directories and files.
All path names are prefixed with the name of the current test.
All files and directories are stored either in /tmp/consul-test
or /tmp if the former could not be created.

Using the system temp dir breaks some tests on macOS where the unix
socket path becomes too long.
2017-05-12 22:12:47 +02:00
Frank Schroeder 3522a41bad test: include test name in temp file/dir
This helps identifying hanging tests by looking
at the process list.
2017-05-12 22:12:47 +02:00
James Phillips c1d196152f
Fixes vet errors. 2017-05-09 06:48:52 -07:00
James Phillips ddfa57765c
retry: Removes the description parameter. 2017-05-05 17:07:03 +02:00
Frank Schroeder 21a82a0a16
test: Refactor WaitForResult tests with retry
Refactor tests that use testutil.WaitForResult to use retry.

Since this requires refactoring the test functions in general this patch
also shows the use of the github.com/pascaldekloe/goe/verify library
which provides a good mechanism for comparing nested data structures.
Instead of just converting the tests from testutil.WaitForResult to
retry the tests that performing a nested comparison of data structures
are converted to the verify library at the same time.
2017-05-05 17:07:02 +02:00
Kyle Havlovitz cd56a5ebdd Add separate option for verifying incoming HTTPS traffic (#2974)
* Add separate option for verifying incoming HTTPS traffic
2017-04-28 16:15:55 -07:00
Frank Schroeder 9685bdcd0b api: Add ServiceTags to Health state endpoint (#153)
This patch adds the ServiceTags to the /v1/health/state/<state>
endpoint.

Fixes #153
2017-04-28 15:00:08 -07:00
James Phillips 05b1cabba9 Merge pull request #2947 from bogdanov1609/added_ACLReplication
API: Add ACLReplication
2017-04-25 16:50:52 -07:00
James Phillips 36725cef11 Tweaks ACL replication struct name. 2017-04-25 16:32:09 -07:00
James Phillips 138abeb5f7 Tweaks ACL replication status struct name. 2017-04-25 16:31:20 -07:00
Frank Schroeder 3e00e36f41 golint: Untangle if blocks with return in else 2017-04-25 09:26:13 -07:00
Ivan Bogdanov 1ebd6402fd API: Add ACLReplication 2017-04-25 00:39:50 +03:00
Frank Schröder 6dd2804d09 Issue #2905: Add check-not-exists to TXN endpoint
This patch adds support for asserting that a given
key does not exist in the KV store.

Fixes #2905
2017-04-20 17:50:52 -07:00
Kyle Havlovitz c6d0b4cf90 Make the API client's httpClient more pluggable (#2926) 2017-04-18 16:39:23 -07:00
Frank Schröder c40621ae10 Add datacenter to catalog node API (#2917)
This patch stores the datacenter of a node in memdb
and exposes it via the API in all places where a Node
structure is returned.

 * /catalog/nodes
 * /catalog/node/:node
 * /catalog/service/:service
 * /health/service/:service
 * /query/:uuid/execute
2017-04-18 05:02:24 -07:00
Kyle Havlovitz ae6bf56ee1
Add tls client options to api/cli 2017-04-14 13:37:29 -07:00
Brian Shumate f499584c38
API: Add struct fields, fixes #2882
- Add CreateIndex and ModifyIndex to AgentService
- Add CreateIndex and ModifyIndex to Node
2017-04-13 11:36:19 -04:00
James Phillips 08f81ebddb
Moves operator sub-functions into their own files. 2017-03-30 12:35:50 -07:00
Kyle Havlovitz da9c825592
Add CLI/API endpoints for removing peer by ID 2017-03-30 10:13:32 -07:00
Seth Vargo 0170a28ec9
Use new APIs 2017-03-23 18:48:13 -04:00
Kyle Havlovitz 390f41d8d5
Add advanced autopilot features 2017-03-22 15:25:16 -07:00
James Phillips 3f3889022e
Tweaks the agent leave test to patch an occasional local failure. 2017-03-22 09:56:53 -07:00
James Phillips 7d011d7d77
Adds missing area API. 2017-03-21 23:11:15 -07:00
James Phillips e91377fa26
Cleans up based on review feedback. 2017-03-20 16:23:40 -07:00
James Phillips 3a0739cdfc
Tweaks the join response to be more useful. 2017-03-16 21:01:03 -07:00
James Phillips 79e192fd07
Adds public API for the network area endpoints. 2017-03-16 16:42:19 -07:00
James Phillips 472f1bd63e
Adds router into RPC paths with work in progress on coordinates. 2017-03-16 16:42:18 -07:00
Kyle Havlovitz 5353221666
Reorganized cluster health check loop and logic 2017-03-15 18:27:17 -07:00
Kyle Havlovitz 51b11cd344
Fix an issue with changing server IDs and add a few UX enhancements around autopilot features 2017-03-15 16:09:55 -07:00
Kyle Havlovitz 9b4497de09
Cleaned up and reorganized some autopilot-related code 2017-03-09 18:21:40 -08:00
Kyle Havlovitz 2eefe3ca5b
Add autopilot server health tracking
This adds two goroutines to perform autopilot tasks on the leader - one
to monitor the health of servers and another to periodically clean up
dead servers with a limit on removal count. Also adds a new http endpoint,
`/v1/operator/autopilot/health`, for querying this information through an
operator RPC endpoint.
2017-03-06 16:00:10 -08:00
Kyle Havlovitz 92c8b9c3a0
Rename DeadServerCleanup and make wording adjustments 2017-02-28 14:45:21 -08:00
Kyle Havlovitz c1f776c78b
Added operator autopilot subcommands 2017-02-24 15:54:49 -08:00
Kyle Havlovitz c2e7f45002
Add CAS capability to autopilot config endpoint 2017-02-24 13:08:49 -08:00
Kyle Havlovitz 1c24c5d8d6
Add docs and api client methods for autopilot config 2017-02-23 21:00:15 -08:00
Jeff Mitchell 44733caf5c Update unix dial functions to use DialContext with new go-cleanhttp 2017-02-10 21:11:21 -05:00
Kyle Havlovitz c9abafab92
Update docs and give better error for unknown client scheme 2017-02-10 19:55:54 -05:00
Kyle Havlovitz a7a6ee9f4c
Allow prefixing -http-addr with http/https schemes 2017-02-10 18:25:46 -05:00
Kyle Havlovitz bad037fb58
Cleanup and formatting adjustments 2017-02-09 20:49:17 -05:00
Kyle Havlovitz abdf1fbab3
Convert keyring command to use base.Command 2017-02-08 18:25:47 -05:00
James Phillips 585958746a
Lets the leave unit test proceed even after an EOF. 2017-01-26 22:22:18 -08:00
Kyle Havlovitz a55968f009
Merge branch 'master' into f-prepared-query-nodemeta 2017-01-23 20:17:48 -05:00
Kyle Havlovitz 3f3d7f9891
Add tests for node meta in prepared queries and update docs 2017-01-23 19:17:30 -05:00
James Phillips 6ca0173907
Adds catalog support for node IDs. 2017-01-18 14:26:42 -08:00
James Phillips bd605e330c
Adds basic support for node IDs. 2017-01-17 22:47:59 -08:00
Kyle Havlovitz 5acd69b4fc
Add node metadata filtering to remaining health/catalog endpoints 2017-01-13 20:08:43 -05:00
Kyle Havlovitz 023b6533e0
Fix formatting 2017-01-11 20:44:22 -05:00
Kyle Havlovitz 87c0283bb1
Update client api and docs for node metadata 2017-01-11 19:28:58 -05:00
James Phillips 0ed6b1bb18
Bans anonymous queries that aren't tied to a session.
This gets us coverage of PQ creation under the existing service
policy or the soon-to-be-added session policy.
2016-12-12 14:52:27 -08:00
James Phillips 0282dd908a Merge pull request #2531 from alicebob/txntypes
fix KVOp types
2016-12-01 07:41:10 -08:00
Kyle Havlovitz bd69c6d871 Add reload/leave http endpoints (#2516) 2016-11-30 13:29:42 -05:00
Seth Vargo f7958983e4
Return the correct type 2016-11-29 21:17:00 -05:00
Seth Vargo 7520ce2d49 Merge pull request #2544 from hashicorp/sethvargo/best_status
Add an API method for determining the best status
2016-11-29 19:07:52 -05:00
James Phillips d079e62d57 Merge pull request #2530 from coffeehc/master
adapt to server's checker field TLSSkipVerify type
2016-11-29 16:00:21 -08:00
Seth Vargo 190249424b
Do not log 2016-11-29 18:55:34 -05:00
Seth Vargo 4179aacf11
Add an API method for determining the best status
Given a list of HealthChecks, this determines the "best" status for the
collective group. This is useful for nodes and services, which may have
multiple checks associated with them.
2016-11-29 18:41:46 -05:00
Kyle Havlovitz 8079c49c0a Add QueryOptions to api package's monitor 2016-11-28 18:36:26 -05:00
Kyle Havlovitz 124f907063 Add monitor http endpoint 2016-11-28 18:36:26 -05:00
Harmen 92b2369f82 fix KVOp types 2016-11-24 20:43:41 +01:00
James Phillips a5baa091c8
Runs `go fmt`. 2016-11-22 17:49:48 -08:00
Kyle Havlovitz dcdadd012f Fix keyring doc method wording 2016-11-22 20:10:43 -05:00
Kyle Havlovitz 6bd65c668b Combine keyring endpoints into one 2016-11-22 20:10:43 -05:00
Kyle Havlovitz dd3368c19e Add keyring http endpoints 2016-11-22 20:10:43 -05:00
coffee a5e08845c2 adapt to server's checker field TLSSkipVerify type 2016-11-21 18:02:38 +08:00
James Phillips 6ce295e0de Merge pull request #2366 from aksentyev/master
api client: CatalogService added fields CreateIndex, ModifyIndex
2016-11-17 16:38:39 -08:00
James Phillips ad25acaf6a Moves index fields to the bottom of the structure. 2016-11-17 16:38:30 -08:00
James Phillips 9a81d402b7
Adds notes field to API.
Closes #2336.
2016-11-17 16:33:50 -08:00
James Phillips c744792fc4 Merge pull request #2238 from hasyimibhar/master
Remove duplicated environment variables
2016-11-17 16:18:02 -08:00
Kyle Havlovitz 8c3db1c5c6 Trim leading slash on key to avoid redirect (golang/go#4800) (#2476) 2016-11-04 21:55:10 -07:00
Kyle McCullough 73b281a27c Add setting to skip ssl certificate verification for HTTP checks (#1984)
* http check: add setting to skip ssl certificate verification

* update http check documentation

* fix typo in documentation

* Add TLSSkipVerify to agent api
2016-11-03 13:17:30 -07:00
Mike Cowgill cbf2874464 Delete prepared query using WriteOptions (#2417) 2016-11-03 15:54:07 -04:00
Kyle Havlovitz dce6702268 More flaky unit test fixes (#2449)
* More flaky unit test fixes
* Raise some test timeouts that were too low
2016-10-31 09:59:20 -07:00
James Phillips c01a3871c9 Adds support for snapshots and restores. (#2396)
* Updates Raft library to get new snapshot/restore API.

* Basic backup and restore working, but need some cleanup.

* Breaks out a snapshot module and adds a SHA256 integrity check.

* Adds snapshot ACL and fills in some missing comments.

* Require a consistent read for snapshots.

* Make sure snapshot works if ACLs aren't enabled.

* Adds a bit of package documentation.

* Returns an empty response from restore to avoid EOF errors.

* Adds API client support for snapshots.

* Makes internal file names match on-disk file snapshots.

* Adds DC and token coverage for snapshot API test.

* Adds missing documentation.

* Adds a unit test for the snapshot client endpoint.

* Moves the connection pool out of the client for easier testing.

* Fixes an incidental issue in the prepared query unit test.

I realized I had two servers in bootstrap mode so this wasn't a good setup.

* Adds a half close to the TCP stream and fixes panic on error.

* Adds client and endpoint tests for snapshots.

* Moves the pool back into the snapshot RPC client.

* Adds a TLS test and fixes half-closes for TLS connections.

* Tweaks some comments.

* Adds a low-level snapshot test.

This is independent of Consul so we can pull this out into a library
later if we want to.

* Cleans up snapshot and archive and completes archive tests.

* Sends a clear error for snapshot operations in dev mode.

Snapshots require the Raft snapshots to be readable, which isn't supported
in dev mode. Send a clear error instead of a deep-down Raft one.

* Adds docs for the snapshot endpoint.

* Adds a stale mode and index feedback for snapshot saves.

This gives folks a way to extract data even if the cluster has no
leader.

* Changes the internal format of a snapshot from zip to tgz.

* Pulls in Raft fix to cancel inflight before a restore.

* Pulls in new Raft restore interface.

* Adds metadata to snapshot saves and a verify function.

* Adds basic save and restore snapshot CLI commands.

* Gets rid of tarball extensions and adds restore message.

* Fixes an incidental bad link in the KV docs.

* Adds documentation for the snapshot CLI commands.

* Scuttle any request body when a snapshot is saved.

* Fixes archive unit test error message check.

* Allows for nil output writers in snapshot RPC handlers.

* Renames hash list Decode to DecodeAndVerify.

* Closes the client connection for snapshot ops.

* Lowers timeout for restore ops.

* Updates Raft vendor to get new Restore signature and integrates with Consul.

* Bounces the leader's internal state when we do a restore.
2016-10-25 19:20:24 -07:00
Kyle Havlovitz f6c971f46c Fix race condition in TestClient_WatchList and TestClient_WatchGet 2016-10-25 17:48:11 -07:00
James Phillips 554c898338 Merge pull request #2382 from zaunerc/master
Add info about return values for function Get().
2016-10-20 09:40:58 -07:00
James Phillips 556ffc588b Adds comment about SessionOpts. 2016-10-05 17:53:27 -07:00