freddygv
8857195437
Fixup wildcard ent assertion
2021-04-12 17:04:33 -06:00
Freddy
18decbba9d
Merge pull request #9999 from hashicorp/update-enabling-tproxy
2021-04-12 16:37:04 -06:00
freddygv
b8ed82b808
Fixup bexpr filtering
2021-04-12 10:17:52 -06:00
freddygv
d7c43049fa
Remove zero-value validation of upstream cfg structs
...
The zero value of these flags was already being excluded in the xDS
generation of circuit breaker/outlier detection config.
See: makeThresholdsIfNeeded and ToOutlierDetection.
2021-04-12 10:08:57 -06:00
freddygv
7bd51ff536
Replace TransparentProxy bool with ProxyMode
...
This PR replaces the original boolean used to configure transparent
proxy mode. It was replaced with a string mode that can be set to:
- "": Empty string is the default for when the setting should be
defaulted from other configuration like config entries.
- "direct": Direct mode is how applications originally opted into the
mesh. Proxy listeners need to be dialed directly.
- "transparent": Transparent mode enables configuring Envoy as a
transparent proxy. Traffic must be captured and redirected to the
inbound and outbound listeners.
This PR also adds a struct for transparent proxy specific configuration.
Initially this is not stored as a pointer. Will revisit that decision
before GA.
2021-04-12 09:35:14 -06:00
freddygv
9e194b4b3c
Avoid failing test due to undiscoverable node name
2021-04-12 09:26:55 -06:00
hashicorp-ci
2995d0e437
auto-updated agent/uiserver/bindata_assetfs.go from commit 84064f972
2021-04-12 13:08:41 +00:00
freddygv
98ba582797
Fixup mesh gateway docs
2021-04-11 15:48:04 -06:00
tarat44
1ca5fa9769
fix formatting
2021-04-11 15:12:33 -04:00
tarat44
a2e6ca1226
add WaitGroup to h2ping
2021-04-11 15:11:00 -04:00
tarat44
5307c5c3a1
close h2ping client connections
2021-04-10 00:53:53 -04:00
Tara Tufano
9deb52e868
add http2 ping health checks ( #8431 )
...
* add http2 ping checks
* fix test issue
* add h2ping check to config resources
* add new test and docs for h2ping
* fix grammatical inconsistency in H2PING documentation
* resolve rebase conflicts, add test for h2ping tls verification failure
* api documentation for h2ping
* update test config data with H2PING
* add H2PING to protocol buffers and update changelog
* fix typo in changelog entry
2021-04-09 15:12:10 -04:00
Iryna Shustava
5755c97bc7
cli: Add new `consul connect redirect-traffic` command for applying traffic redirection rules when Transparent Proxy is enabled. ( #9910 )
...
* Add new consul connect redirect-traffic command for applying traffic redirection rules when Transparent Proxy is enabled.
* Add new iptables package for applying traffic redirection rules with iptables.
2021-04-09 11:48:10 -07:00
Freddy
a02245b75a
Merge pull request #9976 from hashicorp/centralized-upstream-fixups
2021-04-08 12:26:56 -06:00
Freddy
e385e5992f
Merge pull request #9042 from lawliet89/tg-rewrite
2021-04-08 11:49:23 -06:00
freddygv
c6d64a8078
Stable sort cidr ranges to match on
2021-04-08 11:27:57 -06:00
freddygv
b21224a4c8
PR comments
2021-04-08 11:16:03 -06:00
Daniel Nephin
34f1facebb
Merge pull request #9950 from hashicorp/dnephin/state-use-txn-everywhere
...
state: use Txn interface everywhere
2021-04-08 12:02:03 -04:00
Daniel Nephin
c40e1a2ac6
Merge pull request #9880 from hashicorp/dnephin/catalog-events-test-pattern
...
state: use runCase pattern for large test
2021-04-08 11:54:41 -04:00
Paul Banks
1406671290
cache: Fix bug where connection errors can cause early cache expiry ( #9979 )
...
Fixes a cache bug where TTL is not updated while a value isn't changing or cache entry is returning fetch errors.
2021-04-08 11:11:15 +01:00
Paul Banks
ee04d452be
cache: fix bug where TTLs were ignored leading to leaked memory in client agents ( #9978 )
...
* Fix bug in cache where TTLs are effectively ignored
This mostly affects streaming since streaming will immediately return from Fetch calls when the state is Closed on eviction which causes the race condition every time.
However this also affects all other cache types if the fetch call happens to return between the eviction and then next time around the Get loop by any client.
There is a separate bug that allows cache items to be evicted even when there are active clients which is the trigger here.
* Add changelog entry
* Update .changelog/9978.txt
2021-04-08 11:08:56 +01:00
Paul Banks
8e00e327b0
Merge pull request #9977 from hashicorp/grpc-tuning
...
streaming: Grpc tuning
2021-04-08 11:05:38 +01:00
freddygv
ab752c1c86
Avoid sending zero-value upstream defaults from api
2021-04-07 15:03:42 -06:00
freddygv
a6388c7e2f
Revert "Avoid accumulating synthetic upstreams"
...
This reverts commit 86672df4fa
.
2021-04-07 14:30:30 -06:00
freddygv
02f6768cd2
Remove kube-dns resolution since clusterip will be a tagged addr
2021-04-07 14:15:21 -06:00
hashicorp-ci
dedf2861be
auto-updated agent/uiserver/bindata_assetfs.go from commit a0d12ff16
2021-04-07 16:48:59 +00:00
freddygv
86672df4fa
Avoid accumulating synthetic upstreams
...
Synthetic upstreams from service-defaults config are stored locally in
the Upstreams list. Since these come from service-defaults they should
be cleaned up locally when no longer present in the service config
response.
2021-04-07 09:32:48 -06:00
freddygv
49a4a78fd5
Ensure mesh gateway mode override is set for upstreams for intentions
2021-04-07 09:32:48 -06:00
freddygv
5140c3e51f
Finish resolving upstream defaults in proxycfg
2021-04-07 09:32:48 -06:00
freddygv
986bcccbea
Pass down upstream defaults to client proxies
...
This is needed in case the client proxy is in TransparentProxy mode.
Typically they won't have explicit configuration for every upstream, so
this ensures the settings can be applied to all of them when generating
xDS config.
2021-04-07 09:32:47 -06:00
freddygv
77ead5cca9
Prevent wildcard destinations for proxies and upstreams
2021-04-07 09:32:47 -06:00
freddygv
24ee8a0488
Prevent requests without UpstreamIDs from being flagged as legacy.
...
New clients in transparent proxy mode can send requests for service
config resolution without any upstream args because they do not have
explicitly defined upstreams.
Old clients on the other hand will never send requests without the
Upstreams args unless they don't have upstreams, in which case we do not
send back upstream config.
2021-04-07 09:32:47 -06:00
freddygv
2b49cc39ed
Fixup doc phrasing
2021-04-07 09:32:47 -06:00
freddygv
458eb41be1
Prevent synthetic upstreams without addresses from failing duplicate ip/port validation
2021-04-07 09:32:47 -06:00
Paul Banks
5529cb7347
Tune streaming backoff on errors to retry a bit faster when TCP connections drop
2021-04-07 14:13:30 +01:00
Paul Banks
44718456b5
Set gRPC keepalives to mirror Yamux keepalive behaviour
2021-04-07 14:09:22 +01:00
R.B. Boyer
d4c401b350
missed build tag on this file ( #9974 )
2021-04-06 13:24:11 -05:00
R.B. Boyer
499fee73b3
connect: add toggle to globally disable wildcard outbound network access when transparent proxy is enabled ( #9973 )
...
This adds a new config entry kind "cluster" with a single special name "cluster" where this can be controlled.
2021-04-06 13:19:59 -05:00
Daniel Nephin
f0ba6f858a
Merge pull request #9958 from hashicorp/dnephin/state-improve-indexer-tests
...
state: support additional test cases in indexer tests
2021-04-06 11:55:24 -04:00
Yong Wen Chua
409768d6e5
Merge branch 'master' of github.com:hashicorp/consul into tg-rewrite
2021-04-06 17:05:26 +08:00
R.B. Boyer
e494313e7b
api: ensure v1/health/ingress/:service endpoint works properly when streaming is enabled ( #9967 )
...
The streaming cache type for service health has no way to handle v1/health/ingress/:service queries as there is no equivalent topic that would return the appropriate data.
Ensure that attempts to use this endpoint will use the old cache-type for now so that they return appropriate data when streaming is enabled.
2021-04-05 13:23:00 -05:00
Daniel Nephin
6e69829edb
state: support additional test cases in indexer tests
...
And add a few additional cases.
2021-03-31 14:39:33 -04:00
Kyle Havlovitz
a2869b280b
Backport enterprise changes to prevent merge conflicts
...
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-31 14:05:26 -04:00
Daniel Nephin
26440d9e1f
Merge pull request #9949 from hashicorp/dnephin/state-index-checks
...
state: convert remaining checks table indexers to functional pattern
2021-03-31 11:53:21 -04:00
Daniel Nephin
909348e546
Merge pull request #9948 from hashicorp/dnephin/state-index-service
...
state: convert remaining services table indexers to functions
2021-03-31 11:49:21 -04:00
Daniel Nephin
1e32dbca29
Merge pull request #9947 from hashicorp/dnephin/state-ent-index-3
...
state: move indexer functions out of oss files
2021-03-31 11:45:26 -04:00
hashicorp-ci
352061c72e
auto-updated agent/uiserver/bindata_assetfs.go from commit ee5c3e3aa
2021-03-31 15:00:21 +00:00
Daniel Nephin
1f64b3a7de
state: use tableIndex constant
2021-03-29 18:52:20 -04:00
Daniel Nephin
9514698b10
state: use ReadTxn and WriteTxn interface
...
Instead of *txn, so that we can replace the txn implementation with others, and so
that the function is easily documented as a read or write function.
2021-03-29 18:52:16 -04:00
Daniel Nephin
80827e8615
Merge pull request #9932 from hashicorp/dnephin/use-ent-meta-default
...
Set default enterprise meta in test case
2021-03-29 18:44:39 -04:00
Daniel Nephin
d0e5cd66f0
state: convert checks.service index to new pattern
2021-03-29 16:38:53 -04:00
Daniel Nephin
3092c627fe
state: convert checks.status indexer
...
As part of this change the indexer will now be case insensitive by using
the lower case value. This should be safe because previously we always
had lower case strings.
This change was made out of convenience. All the other indexers use
lowercase, so we can re-use the indexFromQuery function by using
lowercase here as well.
2021-03-29 16:38:50 -04:00
Daniel Nephin
628eed3748
state: add tests for checks indexers
2021-03-29 16:38:47 -04:00
Daniel Nephin
ce631d0bba
state: use constants for table checks
2021-03-29 16:38:43 -04:00
Daniel Nephin
cf2646e0d1
state: pass Query in from caller
...
To reduce the number of arguments
2021-03-29 15:42:30 -04:00
Daniel Nephin
9eea19da59
state: convert services.kind to functional indexer pattern
2021-03-29 15:42:30 -04:00
Daniel Nephin
b6553af222
state: add tests for services.kind indexer
2021-03-29 15:42:27 -04:00
Daniel Nephin
0c61abcc31
state: convert services table service and connect indexer
...
To the new functional indexer pattern
2021-03-29 15:42:24 -04:00
Daniel Nephin
395ebce510
state: add tests for services table service and connect indexers
2021-03-29 15:42:22 -04:00
Daniel Nephin
2d2c3e1190
state: use constant for tableServices
2021-03-29 15:42:18 -04:00
Daniel Nephin
341265ec69
state: remove duplication of Query indexer
2021-03-29 14:35:11 -04:00
Daniel Nephin
08ee12ab34
state: remove duplication in acl tables schema
2021-03-29 14:21:27 -04:00
Daniel Nephin
72960388a3
state: reduce duplication in catalog table schema
2021-03-29 14:21:23 -04:00
Daniel Nephin
7de186f291
state: share more indexer functions for config_entries
2021-03-29 14:21:20 -04:00
Daniel Nephin
024dcbef03
state: remove old schema test
...
This test has been replaced by TestNewDBSchema_Indexers
2021-03-29 14:21:13 -04:00
Daniel Nephin
8591feb58a
state: use addNamespaceIndex again
2021-03-29 14:21:02 -04:00
hashicorp-ci
02b7eb0949
auto-updated agent/uiserver/bindata_assetfs.go from commit 4d13e31ae
2021-03-26 15:51:59 +00:00
Daniel Nephin
d62ed94415
Set default enterprise meta in test case
2021-03-25 17:40:22 -04:00
Lars Lehtonen
4bad87c293
agent: use testAgent_RegisterService_TranslateKeys()
...
When this test was refactored it looks like there was a copy+paste error
and the test case was made to call the wrong function.
2021-03-25 16:55:13 -04:00
Lars Lehtonen
681bd8f57b
agent: remove unused makeTelemetryDefaults()
2021-03-25 16:02:42 -04:00
Daniel Nephin
8d25f9ab3d
Merge pull request #9923 from hashicorp/dnephin/fix-ui-config
...
http: fix a bug that would cause runtimeConfig to be cached
2021-03-25 12:26:09 -04:00
Daniel Nephin
ac210cdc48
Merge pull request #9911 from hashicorp/dnephin/state-index-acl-roles
...
state: convert ACLRoles policies index to new functional indexer pattern
2021-03-24 18:28:19 -04:00
Daniel Nephin
2e917e3f9c
Merge pull request #9916 from hashicorp/dnephin/state-index-checks-id
...
state: convert checks.ID index to the functional indexer pattern
2021-03-24 18:23:52 -04:00
Daniel Nephin
d50037cae2
http: add a test for transform changing value
2021-03-24 15:38:11 -04:00
Daniel Nephin
c98805f505
http: fix a bug that would cause runtimeConfig to be cached
...
This bug would result in the UI not having the correct settings in
Consul enterprise, which could produce many warnings in the logs.
This bug occured because the index page, which includes a map of configuration
was rendered when the HTTPHandler is first created. This PR changes the
UIServer to instead render the index page when the page is requested.
The rendering does not appear to be all that expensive, so rendering it
when requested should not cause much extra latency.
2021-03-24 14:48:18 -04:00
hashicorp-ci
0414a872ec
auto-updated agent/uiserver/bindata_assetfs.go from commit 232921b60
2021-03-23 13:26:56 +00:00
Daniel Nephin
8743e925d5
state: add tests for checks.ID indexer
2021-03-22 18:06:43 -04:00
Daniel Nephin
30281a5332
state: use tx.First instead of tx.FirstWatch
...
Where appropriate. After removing the helper function a bunch of these calls can
be changed to tx.First.
2021-03-22 18:06:33 -04:00
Daniel Nephin
1cdcfb8260
state: convert checks.ID index to new pattern
2021-03-22 18:06:08 -04:00
Hans Hasselberg
53e9c134af
introduce certopts ( #9606 )
...
* introduce cert opts
* it should be using the same signer
* lint and omit serial
2021-03-22 10:16:41 +01:00
Daniel Nephin
6324f37241
state: use uuid for acl-roles.policies index
...
Previously we were encoding the UUID as a string, but the index it references uses a UUID
so this index can also use an encoded UUID to save a bit of memory.
2021-03-19 19:45:37 -04:00
Daniel Nephin
43df402e51
state: convert acl-roles.policies index to new pattern
2021-03-19 19:45:37 -04:00
Daniel Nephin
00b6f0b41a
state: convert acl-roles.name index to the functional indexer pattern
2021-03-19 19:45:37 -04:00
Daniel Nephin
d7f5094702
state: add indexer tests for acl-roles table
2021-03-19 19:45:37 -04:00
Daniel Nephin
a058c31ead
state: use constants for acl-roles table and indexes
2021-03-19 19:45:37 -04:00
Daniel Nephin
eb6769ccc6
state: convert acl-policies table to new pattern
2021-03-19 15:24:00 -04:00
Daniel Nephin
340462dd72
state: use constants and add tests for acl-policies table
2021-03-19 15:19:57 -04:00
Daniel Nephin
0c14f3818d
state: add indexer test for services.ID index
2021-03-19 14:13:14 -04:00
Daniel Nephin
dbd3cef1ed
state: handle wildcard for services.ID index
...
When listing services, use the id_prefix directly if wildcards are allowed.
Error if a wildcard is used for a query that does not index the wildcard
2021-03-19 14:12:19 -04:00
Daniel Nephin
627c469f08
state: fix prefix index with the new pattern
...
Prefix queries are generally being used to match part of a partial
index. We can support these indexes by using a function that accept
different types for each subset of the index.
What I found interesting is that in the generic StringFieldIndexer the
implementation for PrefixFromArgs would remove the trailing null, but
at least in these 2 cases we actually want a null terminated string.
We simply want fewer components in the string.
2021-03-19 14:12:17 -04:00
Daniel Nephin
d90845f26d
state: move services.ID to new pattern
2021-03-19 14:11:59 -04:00
hashicorp-ci
f3f3513d83
auto-updated agent/uiserver/bindata_assetfs.go from commit a7a56ca39
2021-03-19 15:19:17 +00:00
Daniel Nephin
4d1d19ed46
state: add tests for gateway-service table indexers
2021-03-18 12:09:42 -04:00
Daniel Nephin
11b4de719c
state: use constants and remove wrapping
...
for GatewayServices table
2021-03-18 12:08:59 -04:00
Daniel Nephin
d879fe581d
state: Move UpstreamDownstream to state package
2021-03-18 12:08:59 -04:00
Daniel Nephin
65f5b99247
state: add tests for mesh-topology table indexers
2021-03-18 12:08:57 -04:00
Daniel Nephin
c749c6c927
state: use constants for mesh-topology table operations
2021-03-18 12:08:03 -04:00
hashicorp-ci
43f6544c21
auto-updated agent/uiserver/bindata_assetfs.go from commit 980299d51
2021-03-18 15:23:26 +00:00
hashicorp-ci
69f6fc9f99
auto-updated agent/uiserver/bindata_assetfs.go from commit 8dc590cf1
2021-03-18 14:41:20 +00:00
Freddy
1c13aa23f1
Merge pull request #9900 from hashicorp/ent-fixes
...
Fixup enterprise tests from tproxy changes
2021-03-18 08:33:30 -06:00
Freddy
0bab999fe4
Merge pull request #9899 from hashicorp/wildcard-ixn-oss
...
Add methods to check intention has wildcard src or dst
2021-03-18 08:33:07 -06:00
freddygv
098b9af901
Fixup enterprise tests from tproxy changes
2021-03-17 23:05:00 -06:00
freddygv
9713e3ba38
Add methods to check intention has wildcard src or dst
2021-03-17 22:15:48 -06:00
freddygv
eb1e0a1751
Cancel watch on all errors
2021-03-17 21:44:14 -06:00
freddygv
52bf00de8b
Split up normalizing from defaulting values for upstream cfg
2021-03-17 21:37:55 -06:00
freddygv
ad6c726453
Uncomment listener tests
2021-03-17 21:37:12 -06:00
freddygv
f4f45af6d0
Merge master and fix upstream config protocol defaulting
2021-03-17 21:13:40 -06:00
freddygv
9bff39ba07
Temporarily silence spurious wakeup. Addressing false positive in beta.
2021-03-17 17:25:29 -06:00
freddygv
0defd17106
Merge remote-tracking branch 'origin/master' into intention-topology-endpoint
2021-03-17 17:14:38 -06:00
Freddy
8207b832df
Add TransparentProxy option to proxy definitions
2021-03-17 17:01:45 -06:00
Freddy
c664938bae
Add per-upstream configuration to service-defaults
2021-03-17 16:59:51 -06:00
freddygv
7938dd82eb
Add changelog and cleanup todo for beta
2021-03-17 16:45:13 -06:00
freddygv
9f0696528b
Rename hasChains for clarity
2021-03-17 16:42:29 -06:00
freddygv
0da8702f34
PR comments
2021-03-17 16:18:56 -06:00
freddygv
bf96d536d9
Upstreams loop is only for prepared queries and they are not CentrallyConfigured
2021-03-17 15:32:52 -06:00
freddygv
8a062e1546
Handle prepared queries in Upstreams loop and escape hatches in disco chain loop
2021-03-17 15:17:43 -06:00
freddygv
ce964f8ea5
Update xds for transparent proxy
2021-03-17 13:40:49 -06:00
freddygv
a54d6a9010
Update proxycfg for transparent proxy
2021-03-17 13:40:39 -06:00
freddygv
37f684664d
Do not include consul as upstream or downstream
2021-03-17 13:40:04 -06:00
Daniel Nephin
69ce10602f
state: add tests for config-entry indexers
2021-03-17 14:41:46 -04:00
Daniel Nephin
a414649543
state: convert config-entries kind index to new pattern
2021-03-17 14:40:57 -04:00
Daniel Nephin
aadf187094
state: remove config-entries namespace index
...
Use a prefix of the ID index instead.
2021-03-17 14:40:57 -04:00
Daniel Nephin
d70bbf671a
state: remove unnecessary method receiver
2021-03-17 14:40:57 -04:00
Daniel Nephin
650ac62098
state: convert config-entries table to new indexer pattern
...
Using functional indexes to isolate enterprise differentiation and
remove reflection.
2021-03-17 14:40:57 -04:00
Daniel Nephin
9f03e23e44
Merge pull request #9881 from hashicorp/dnephin/state-index-service-check-nodes
...
state: convert services.node and checks.node indexes
2021-03-17 14:12:02 -04:00
Daniel Nephin
bd6332ae25
Merge pull request #9863 from hashicorp/dnephin/config-entry-kind-name
...
state: move ConfigEntryKindName
2021-03-17 14:09:39 -04:00
hashicorp-ci
583743424f
auto-updated agent/uiserver/bindata_assetfs.go from commit 9e715842d
2021-03-17 16:03:18 +00:00
hashicorp-ci
bac1afbb89
auto-updated agent/uiserver/bindata_assetfs.go from commit f9e8b26af
2021-03-17 14:45:58 +00:00
hashicorp-ci
6872c33881
auto-updated agent/uiserver/bindata_assetfs.go from commit aca797658
2021-03-17 11:27:44 +00:00
hashicorp-ci
f4a96768d1
auto-updated agent/uiserver/bindata_assetfs.go from commit 41471719e
2021-03-17 10:50:59 +00:00
freddygv
3f2489c31d
Refactor makePublicListener
...
By accepting a name the function can be used for other inbound listeners,
like the one for TransparentProxy.
2021-03-16 19:22:26 -06:00
Christopher Broglie
f0307c73e5
Add support for configuring TLS ServerName for health checks
...
Some TLS servers require SNI, but the Golang HTTP client doesn't
include it in the ClientHello when connecting to an IP address. This
change adds a new TLSServerName field to health check definitions to
optionally set it. This fixes #9473 .
2021-03-16 18:16:44 -04:00
freddygv
7892964a0c
Add cache-type for Internal.IntentionUpstreams
2021-03-16 11:06:47 -06:00
Daniel Nephin
34eb6c01ff
state: convert services.node and checks.node indexes
...
Using NodeIdentity to share the indexes with both.
2021-03-16 13:00:31 -04:00
freddygv
942334b208
Prefix match type vars to match use
2021-03-16 09:49:24 -06:00
freddygv
4cb9fdc27f
Pass txn into service list queries
2021-03-16 09:33:08 -06:00
freddygv
86ff9065c1
Pass txn into intention match queries
2021-03-16 08:03:52 -06:00
freddygv
31e757de2a
Replace CertURI.Authorize() calls.
...
AuthorizeIntentionTarget is a generalized version of the old function,
and can be evaluated against sources or destinations.
2021-03-15 18:06:04 -06:00
freddygv
f5ed751c91
Fixup typo, comments, and regression
2021-03-15 17:50:47 -06:00
freddygv
4bdbcff9c0
Fixup upstream test
2021-03-15 17:20:30 -06:00
freddygv
3492f9e0d6
Finish cleanup from ServiceConfigRequest changes
2021-03-15 16:38:01 -06:00
freddygv
770c5552d6
Update service manager to pass MeshGateway with config req
2021-03-15 16:08:03 -06:00
freddygv
6090cfcf68
PR comments
2021-03-15 16:02:03 -06:00
Daniel Nephin
4d456922a9
state: use runCase pattern for large test
...
The TestServiceHealthEventsFromChanges function was over 1400 lines.
Attempting to debug test failures in test functions this large is
difficult. It requires scrolling to the line which defines the testcase
because the failure message only includes the line number of the
assertion, not the line number of the test case.
This is an excellent example of where test tables stop working well, and
start being a problem. To mitigate this problem, the runCase pattern can
be used. When one of these tests fails, a failure message will print the
line number of both the test case and the assertion. This allows a
developer to quickly jump to both of the relevant lines, signficanting
reducing the time it takes to debug test failures.
For example, one such failure could look like this:
catalog_events_test.go:1610: case: service reg, new node
catalog_events_test.go:1605: assertion failed: values are not equal
2021-03-15 17:53:16 -04:00
freddygv
7df846aa24
Pass MeshGateway config in service config request
...
ResolveServiceConfig is called by service manager before the proxy
registration is in the catalog. Therefore we should pass proxy
registration flags in the request rather than trying to fetch
them from the state store (where they may not exist yet).
2021-03-15 14:32:13 -06:00
freddygv
8b46d8dcbb
Restore old Envoy prefix on escape hatches
...
This is done because after removing ID and NodeName from
ServiceConfigRequest we will no longer know whether a request coming in
is for a Consul client earlier than v1.10.
2021-03-15 14:12:57 -06:00
freddygv
93c3c1780d
Only lowercase the protocol when normalizing
2021-03-15 14:12:15 -06:00
freddygv
41b2ba1e58
Add omitempty across the board for UpstreamConfig
2021-03-15 13:23:18 -06:00
freddygv
08759e46ed
Add RPC endpoint for intention upstreams
2021-03-15 08:50:35 -06:00
freddygv
08737fa606
Add state store function for intention upstreams
2021-03-15 08:50:35 -06:00
freddygv
3722ce2fff
Refactor IntentionDecision
...
This enables it to be called for many upstreams or downstreams of a
service while only querying intentions once.
Additionally, decisions are now optionally denied due to L7 permissions
being present. This enables the function to be used to filter for
potential upstreams/downstreams of a service.
2021-03-15 08:50:35 -06:00
Daniel Nephin
f40b76af2d
proxycfg: use rpcclient/health.Client instead of passing around cache name
...
This should allow us to swap out the implementation with something other
than `agent/cache` without making further code changes.
2021-03-12 11:46:04 -05:00
Daniel Nephin
566741a143
catalog_events: set the right key for connect snapshots
2021-03-12 11:35:43 -05:00
Daniel Nephin
906834ce8e
proxycfg: Use streaming in connect state
2021-03-12 11:35:42 -05:00
Daniel Nephin
1a764553c0
rpcclient: use streaming for connect health
2021-03-12 11:35:42 -05:00
freddygv
d80e4b27b1
Update content hash due to new field
2021-03-11 19:59:19 -07:00
freddygv
682f357185
Fixup more tests
2021-03-11 16:26:55 -07:00
freddygv
756ab4c546
Fixup protobufs and tests
2021-03-11 14:58:59 -07:00
Kyle Havlovitz
1e87c7183a
Merge pull request #9672 from hashicorp/ca-force-skip-xc
...
connect/ca: Allow ForceWithoutCrossSigning for all providers
2021-03-11 11:49:15 -08:00
freddygv
df1f3995f8
Update service manager to store centrally configured upstreams
2021-03-11 11:37:21 -07:00
freddygv
6fd30d0384
Add TransparentProxy opt to proxy definition
2021-03-11 11:37:21 -07:00
freddygv
306ef7d252
Restore old escape hatch alias
2021-03-11 11:36:35 -07:00
freddygv
e3dc2a49df
Turn Limits and PassiveHealthChecks into pointers
2021-03-11 11:04:40 -07:00
hashicorp-ci
f3556f6bba
auto-updated agent/uiserver/bindata_assetfs.go from commit fa6687b7f
2021-03-11 09:34:21 +00:00
freddygv
acec711a6a
Update server-side config resolution and client-side merging
2021-03-10 21:05:11 -07:00
freddygv
1710ec87d2
finish moving UpstreamConfig and related fields to structs pkg
2021-03-10 21:04:13 -07:00
Daniel Nephin
9d924a81a9
Merge pull request #9797 from hashicorp/dnephin/state-index-node-id
...
state: convert nodes.ID to the new pattern of functional indexers
2021-03-10 17:34:23 -05:00
Daniel Nephin
b06b3dd8f8
state: move ConfigEntryKindName
...
Previously this type was defined in structs, but unlike the other types in structs this type
is not used by RPC requests. By moving it to state we can better indicate that this is not
an API type, but part of the state implementation.
2021-03-10 12:27:22 -05:00
Daniel Nephin
948d1a317d
Merge pull request #9796 from hashicorp/dnephin/state-cleanup-catalog-index-oss
...
state: remove duplicate tableCheck indexes
2021-03-10 12:20:09 -05:00
Daniel Nephin
3a3007298f
Merge pull request #9851 from panascais-forks/fix-wan-ipv6-key
...
Fix advertise_addr_wan_ipv6 configuration key
2021-03-10 11:56:07 -05:00
Daniel Nephin
71b0f0a7a6
structs: remove EnterpriseMeta.GetNamespace
...
I added this recently without realizing that the method already existed and was named
NamespaceOrEmpty. Replace all calls to GetNamespace with NamespaceOrEmpty or NamespaceOrDefault
as appropriate.
2021-03-09 15:17:26 -05:00
Daniel Nephin
2b612a8e92
Merge pull request #9671 from hashicorp/streaming/terminating-gateway-events
...
state: Add terminating gateway events for streaming
2021-03-09 14:20:21 -05:00
Daniel Nephin
23421e190c
state: adjust compare for catalog events
...
Document that this comparison should roughly match MatchesKey
Only sort by overrideKey or service name, but not both
Add namespace to the sort.
The client side also builds a map of these based on the namespace/node/service key, so the only order
that really matters is the ordering of register/dereigster events.
2021-03-09 14:00:36 -05:00
Daniel Nephin
68ec20f66a
state: handle terminating gateway events properly in snapshot
...
Refactored out a function that can be used for both the snapshot and stream of events to translate
an event into an appropriate connect event.
Previously terminating gateway events would have used the wrong key in the snapshot, which would have
caused them to be filtered out later on.
Also removed an unused function, and some commented out code.
2021-03-09 14:00:35 -05:00
Kyle Havlovitz
db572aca59
Add remaining terminating gateway tests for namespaces
...
Co-Authored-By: Daniel Nephin <dnephin@hashicorp.com>
2021-03-09 14:00:35 -05:00
Daniel Nephin
701285e470
Start to setup enterprise tests for terminating gateway streaming events.
...
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:35 -05:00
Daniel Nephin
ae368768e5
state: Add support for override of namespace
...
in MatchesKey
also tests for MatchesKey
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:35 -05:00
Daniel Nephin
4756ff059d
state: update calls to ensureConfigEntryTxn
...
The EnterpriseMeta paramter was removed after this code was written, but before it merged.
Also the table name constant has changed.
2021-03-09 14:00:35 -05:00
Daniel Nephin
30a575dd33
state: add 2 more test cases for terminate gateway streaming events
...
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:34 -05:00
Kyle Havlovitz
a21be5efa8
Added 6 new test cases for terminating gateway events
...
Co-Authored-By: Daniel Nephin <dnephin@hashicorp.com>
2021-03-09 14:00:34 -05:00
Daniel Nephin
06b1c32e25
state: Add two more tests for connect events with terminating gateways
...
And expand one test case to cover more.
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:34 -05:00
Daniel Nephin
eb58a39738
state: Include the override key in the sorting of events
...
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:34 -05:00
Kyle Havlovitz
c2481ca10f
state: Add terminating gateway events on updating a config entry
...
Co-Authored-By: Daniel Nephin <dnephin@hashicorp.com>
2021-03-09 14:00:34 -05:00
Daniel Nephin
28de159c14
state: add first terminating catalog catalog event
...
Health of a terminating gateway instance changes
- Generate an event for creating/destroying this instance of the terminating gateway,
duplicate it for each affected service
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:33 -05:00
Silas Rech
ab9c484137
Fix advertise_addr_wan_ipv6 configuration key
2021-03-09 14:56:44 +01:00
hashicorp-ci
0e9250df80
auto-updated agent/uiserver/bindata_assetfs.go from commit 33d038377
2021-03-09 09:35:32 +00:00
freddygv
87cde19b4c
Create new types for service-defaults upstream cfg
2021-03-08 22:10:27 -07:00
hashicorp-ci
35daee45bc
auto-updated agent/uiserver/bindata_assetfs.go from commit 308e5a480
2021-03-08 12:28:15 +00:00
Daniel Nephin
a4e68e32d6
state: convert nodes.ID to new functional pattern
...
In preparation for adding other identifiers to the index.
2021-03-05 12:30:40 -05:00
R.B. Boyer
398b766532
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request ( #9658 )
...
- Also add support for envoy 1.17.0
2021-02-26 16:23:15 -06:00
Daniel Nephin
6b95e8dfe2
Merge pull request #9188 from hashicorp/dnephin/more-streaming-tests
...
Add more streaming tests
2021-02-26 12:36:55 -05:00
Daniel Nephin
566efad2e7
Merge pull request #9759 from hashicorp/dnephin/streaming-default-rpc-enabled
...
streaming: default rpc.enable_streaming to true
2021-02-26 12:08:00 -05:00
Daniel Nephin
5c8a6311b6
Merge pull request #9703 from pierresouchay/streaming_tags_and_case_insensitive
...
Streaming filter tags + case insensitive lookups for Service Names
2021-02-26 12:06:26 -05:00
Daniel Nephin
55add28725
catalog_events: set the right key for connect snapshots
...
Add a test for catalog_event snapshot on connect topic
2021-02-25 14:30:39 -05:00
Daniel Nephin
432dd2d204
consul: Add integration tests of streaming.
...
Restored from streaming-rpc-final branch.
Co-authored-by: Paul Banks <banks@banksco.de>
2021-02-25 14:30:39 -05:00
Daniel Nephin
b7f8e3bad2
state: Add a test for ServiceHealthSnapshot
2021-02-25 14:08:10 -05:00
Daniel Nephin
1d2d15b1e1
agent: add a test for streaming in the service health endpoint
...
Co-authored-by: Paul Banks <banks@banksco.de>
2021-02-25 14:08:10 -05:00
Daniel Nephin
3aec942b17
streaming: default rpc.enable_streaming to true
...
So that all servers will start the grpc server used by streaming
2021-02-25 14:06:04 -05:00
hashicorp-ci
b76dfa1441
auto-updated agent/uiserver/bindata_assetfs.go from commit 779f7f7b6
2021-02-25 09:41:02 +00:00
John Cowen
5892e75452
ui: Remove any trailing fullstop/period DNS characters from Gateways UI API ( #9752 )
...
Previous to this commit, the API response would include Gateway
Addresses in the form `domain.name.:8080`, which due to the addition of
the port is probably not the expected response.
This commit rightTrims any `.` characters from the end of the domain
before formatting the address to include the port resulting in
`domain.name:8080`
2021-02-25 09:34:47 +00:00