Commit Graph

15453 Commits

Author SHA1 Message Date
R.B. Boyer a6d22efb49
acl: some acl authz refactors for nodes (#10909) 2021-08-25 13:43:11 -05:00
hc-github-team-consul-core 11b1dc1f97 auto-updated agent/uiserver/bindata_assetfs.go from commit a777b0a9b 2021-08-25 13:46:51 +00:00
Kenia a777b0a9ba
ui: Disabling policy form fields from users with 'read' permissions (#10902) 2021-08-25 09:42:05 -04:00
hc-github-team-consul-core 5e31421602 auto-updated agent/uiserver/bindata_assetfs.go from commit 8192dde48 2021-08-25 11:39:14 +00:00
John Cowen 8192dde485
ui: Unskip auth-method serializer test (#10878)
During #9617 we added a list view only for AuthMethods, but not a detail view. We did add the Adapter/Serializer that collected/reshaped data for a detail view.

The test for this serializer was skipped here, but I'm not sure why.

We then added #9845 which began to use this AuthMethod Serializer, but we didn't go back to finish up the skipped test here either.

This PR unskips this test and finishes off the test correctly.
2021-08-25 12:34:48 +01:00
R.B. Boyer 5b6d96d27d
grpc: ensure that streaming gRPC requests work over mesh gateway based wan federation (#10838)
Fixes #10796
2021-08-24 16:28:44 -05:00
trujillo-adam e197fff45c removed merge conflict chars 2021-08-24 12:05:01 -07:00
trujillo-adam f1327c6aad fixed merge conflicts 2021-08-24 11:46:27 -07:00
trujillo-adam 4c7eab88b9 Merge branch 'main' of github.com:hashicorp/consul into docs-tables-service-discovery-services 2021-08-24 11:26:32 -07:00
trujillo-adam 7f823e040f fixed more typos, applied additional tables, additional edits 2021-08-24 11:15:33 -07:00
trujillo-adam f69bb3a54f fixed typos, finished applying tables, minor editing 2021-08-24 09:57:48 -07:00
hc-github-team-consul-core 4993d877d9 auto-updated agent/uiserver/bindata_assetfs.go from commit 05a28c311 2021-08-24 16:04:24 +00:00
John Cowen 05a28c3111
ui: [BUGFIX] Properly encode non-URL safe characters in OIDC responses (#10901)
This commit fixes 2 problems with our OIDC flow in the UI, the first is straightforwards, the second is relatively more in depth:

1: A typo (1.10.1 only)

During #10503 we injected our settings service into the our oidc-provider service, there are some comments in the PR as to the whys and wherefores for this change (https://github.com/hashicorp/consul/pull/10503/files#diff-aa2ffda6d0a966ba631c079fa3a5f60a2a1bdc7eed5b3a98ee7b5b682f1cb4c3R28)

Fixing the typo so it was no longer looking for an unknown service (repository/settings > settings)
fixed this.

2: URL encoding (1.9.x, 1.10.x)

TL;DR: /oidc/authorize/provider/with/slashes/code/with/slashes/status/with/slashes should be /oidc/authorize/provider%2Fwith%2Fslashes/code%2Fwith%2Fslashes/status%2Fwith%2Fslashes

When we receive our authorization response back from the OIDC 3rd party, we POST the code and status data from that response back to consul via acallback as part of the OIDC flow. From what I remember back when this feature was originally added, the method is a POST request to avoid folks putting secret-like things into API requests/URLs/query params that are more likely to be visible to the human eye, and POSTing is expected behaviour.

Additionally, in the UI we identify all external resources using unique resource identifiers. Our OIDC flow uses these resources and their identifiers to perform the OIDC flow using a declarative state machine. If any information in these identifiers uses non-URL-safe characters then these characters require URL encoding and we added a helper a while back to specifically help us to do this once we started using this for things that required URL encoding.

The final fix here make sure that we URL encode code and status before using them with one of our unique resource identifiers, just like we do with the majority of other places where we use these identifiers.
2021-08-24 16:58:45 +01:00
Nitya Dhanushkodi 329ec62582
doc: remove sentence that tproxy works cross-DC with config entries. (#10885)
It can only work if there is a running service instance in the local DC,
so this is a bit misleading, since failover and redirects are typically
used when there is not an instance in the local DC.
2021-08-23 12:14:28 -07:00
trujillo-adam 44e9f8ed94
Update website/content/docs/discovery/services.mdx
Co-authored-by: Geoffrey Grosenbach <26+topfunky@users.noreply.github.com>
2021-08-23 11:09:43 -07:00
trujillo-adam 6a5fedbf84
Update website/content/docs/discovery/services.mdx
Co-authored-by: Geoffrey Grosenbach <26+topfunky@users.noreply.github.com>
2021-08-23 11:09:34 -07:00
Freddy 997547bd7f
Merge pull request #10873 from hashicorp/fix/10825-pq-san-validation 2021-08-20 18:11:17 -06:00
freddygv 01936ddb70 Avoid passing zero value into variadic 2021-08-20 17:40:33 -06:00
freddygv f52bd80f6d Update comment for test function 2021-08-20 17:40:33 -06:00
freddygv a83300bad8 Add changelog entry 2021-08-20 17:40:33 -06:00
freddygv af52d21884 Update prepared query cluster SAN validation
Previously SAN validation for prepared queries was broken because we
validated against the name, namespace, and datacenter for prepared
queries.

However, prepared queries can target:

- Services with a name that isn't their own
- Services in multiple datacenters

This means that the SpiffeID to validate needs to be based on the
prepared query endpoints, and not the prepared query's upstream
definition.

This commit updates prepared query clusters to account for that.
2021-08-20 17:40:33 -06:00
freddygv 85878685b7 Fixup proxy config test fixtures
- The TestNodeService helper created services with the fixed name "web",
and now that name is overridable.

- The discovery chain snapshot didn't have prepared query endpoints so
the endpoints tests were missing data for prepared queries
2021-08-20 17:38:57 -06:00
trujillo-adam cc42b49e4f testing markdown table format for ref docs 2021-08-20 13:41:03 -07:00
Daniel Nephin a1fbd2d007 docs: move the remaining content from INTERNALS.md
Into the appropriate section of the docs.
2021-08-20 16:39:35 -04:00
Daniel Nephin bb69b699b3 docs: add important top level directories to the README 2021-08-20 16:22:55 -04:00
R.B. Boyer fb27c1b24f
agent: add partition labels to catalog API metrics where appropriate (#10890) 2021-08-20 15:09:39 -05:00
R.B. Boyer d66a43f5f2
fixing various bits of enterprise meta plumbing to be more correct (#10889) 2021-08-20 14:34:23 -05:00
Dhia Ayachi 1950ebbe1f
oss portion of ent #1069 (#10883) 2021-08-20 12:57:45 -04:00
Zachary Shilton c42ea82883
Upgrade global styles (#10692)
* website: upgrade global-styles packages

* website: move community page to CSS modules

* website: replace g-container with g-grid-container

* website: hide alert-banner on mobile

* website: backfill missing global type styles

* website: fix code font-size in download custom content

* website: bump to latest patched dependencies
2021-08-20 12:20:01 -04:00
R.B. Boyer ac41e30614
state: partition the nodes.uuid and nodes.meta indexes as well (#10882) 2021-08-19 16:17:59 -05:00
R.B. Boyer 097e1645e3
agent: ensure that most agent behavior correctly respects partition configuration (#10880) 2021-08-19 15:09:42 -05:00
Blake Covarrubias e62b1d05d8
docs: Add common CA config options to provider doc pages (#10842)
Add the list of common Connect CA configuration options to the
provider-specific CA docs.

Previously these options were only documented under the agent
configuration options. This change makes it so that all supported CA
provider configuration options are available from a single location.

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-08-19 11:18:55 -07:00
Mike Wickett 39b3c3e2bd
chore: update alert banner (#10816) 2021-08-18 16:39:16 -04:00
Daniel Nephin a2c4069de2
Merge pull request #10806 from hashicorp/dnephin/debug-filenames-2
debug: use human readable dates for filenames and improve the tests
2021-08-18 15:16:34 -04:00
Daniel Nephin 271352dbb7
Merge pull request #10849 from hashicorp/dnephin/contrib-doc-xds-auth
xds: document how authorization works
2021-08-18 13:25:16 -04:00
Daniel Nephin a98b5bc31c
Merge pull request #10804 from hashicorp/dnephin/debug-filenames
debug: rename cluster.json -> members.json  and fix handling of Interrupt Signal
2021-08-18 13:18:29 -04:00
Daniel Nephin 797ee061e4 debug: use human readable dates for filenames
The unix timestamps that were used make the debug data a little bit more
difficult to consume. By using human readable dates we can easily see
when the profile data was collected.

This commit also improves the test coverage. Two test cases are removed
and the assertions from those cases are moved to TestDebugCommand.

Now TestDebugCommand is able to validate the contents of all files. This
change reduces the test runtime of the command/debug package by almost
50%. It also makes much more strict assertions about the contents by
using gotest.tools/v3/fs.
2021-08-18 13:06:57 -04:00
Daniel Nephin 049c4e9623 add changelog 2021-08-18 12:54:11 -04:00
Daniel Nephin 2f8d0e12cf debug: small cleanup
Use the new WriteJsonFile function to write index.json
Remove .String() from time.local() since that is done by %s
Remove an unused field.
2021-08-18 12:30:59 -04:00
Daniel Nephin 26ef0df458 docs: update CLI reference docs for debug
the cluster target was renamed to members.
2021-08-18 12:29:34 -04:00
Daniel Nephin 4359e38114 debug: restore cancel on SigInt
Some previous changes broke interrupting the debug on SigInterupt. This change restores
the original behaviour by passing a context to requests.

Since a new API client function was required to pass the context, I had
it also return an io.ReadCloser, so that output can be streamed to files
instead of fully buffering in process memory.
2021-08-18 12:29:34 -04:00
Daniel Nephin 31bcd80528 debug: improve a couple of the test cases
Use gotest.tools/v3/fs to make better assertions about the files

Remove the TestAgent from TestDebugCommand_Prepare_ValidateTiming, since we can test that validation
without making any API calls.
2021-08-18 12:29:34 -04:00
Daniel Nephin bbf6a94c9a debug: rename cluster target to members
The API is called members. Using the same name as the API should help describe the contents
of the file.
2021-08-18 12:29:34 -04:00
Daniel Nephin 251026e374 debug: remove unused 2021-08-18 12:29:33 -04:00
Daniel Nephin ed9a1d3ff2
Merge pull request #10869 from roopakv/roopak/xsys
Update x/sys to support go 1.17
2021-08-18 11:01:42 -04:00
R.B. Boyer e44bce3c4f
state: partition the usage metrics subsystem (#10867) 2021-08-18 09:27:15 -05:00
Roopak Venkatakrishnan e43cf46267 Update x/sys to support go 1.17 2021-08-18 03:00:22 +00:00
sridhar cf66becabe
Update website/content/docs/k8s/connect/ingress-gateways.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-08-17 16:32:35 -07:00
Daniel Nephin 8252a2691c xds: document how authorization works 2021-08-17 19:26:34 -04:00
R.B. Boyer 613dd7d053
state: adjust streaming event generation to account for partitioned nodes (#10860)
Also re-enabled some tests that had to be disabled in the prior PR.
2021-08-17 16:49:26 -05:00