Commit Graph

16947 Commits

Author SHA1 Message Date
trujillo-adam 4331a29f95
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-03-01 09:25:21 -08:00
trujillo-adam 7e98a0dc7b fixing merge conflicts 2022-03-01 09:08:20 -08:00
R.B. Boyer 6666832077
test: parallelize more of TestLeader_ReapOrLeftMember_IgnoreSelf (#12468)
before:

    $ go test ./agent/consul -run TestLeader_ReapOrLeftMember_IgnoreSelf
    ok  	github.com/hashicorp/consul/agent/consul	21.147s

after:

    $ go test ./agent/consul -run TestLeader_ReapOrLeftMember_IgnoreSelf
    ok  	github.com/hashicorp/consul/agent/consul	5.402s
2022-03-01 10:30:06 -06:00
Jorge Marey f429c1a5d9 Fix vault test with suggested changes 2022-03-01 10:20:00 +01:00
Jorge Marey 1a0baf4024 Add test case to verify #12298 2022-03-01 09:25:52 +01:00
Jorge Marey 91ca455562 Add changelog file 2022-03-01 09:25:52 +01:00
Jorge Marey 4375dd2409 Avoid raft change when no config is provided on CAmanager
- This avoids a change to the raft store when no roots or config
are provided to persistNewRootAndConfig
2022-03-01 09:25:52 +01:00
Evan Culver 2197a75c51
Add changelog entries from latest releases (#12473) 2022-02-28 17:49:37 -08:00
Evan Culver d041559fce
Update latest version on website to 1.11.4 (#12469) 2022-02-28 16:53:28 -08:00
Jared Kirschner 9c74f14061
Merge pull request #12455 from hashicorp/docs/enterprise-license-faq-improvements
Enterprise license FAQ improvements
2022-02-28 17:30:07 -05:00
Daniel Nephin d669226784 ca: fix a test
This test does not use Vault, so does not need ca.SkipIfVaultNotPresent
2022-02-28 16:26:18 -05:00
Daniel Nephin 1f00ede559 ca: require that tests that use Vault are named correctly
Previously we were using two different criteria to decide where to run a
test.  The main `go-test` job would skip Vault tests based on the
presence of the `vault` binary, but the `test-connect-ca-providers` job
would run tests based on the name.

This led to a scenario where a test may never run in CI.

To fix this problem I added a name check to the function we use to skip
the test. This should ensure that any test that requires vault is named
correctly to be run as part of the `test-connect-ca-providers` job.

At the same time I relaxed the regex we use. I verified this runs the
same tests using `go test --list Vault`.  I made this change because a
bunch of tests in `agent/connect/ca` used `Vault` in the name, without
the underscores. Instead of changing a bunch of test names, this seemed
easier.

With this approach, the worst case is that we run a few extra tests in
the `test-connect-ca-providers` job, which doesn't seem like a problem.
2022-02-28 16:13:53 -05:00
Jared Kirschner 728b04427c docs: clarify trial license FAQ
Also use consistent language throughout to refer to the non-production license
(just "trial" license, not both "trial" and "evaluation").
2022-02-28 13:06:26 -08:00
Kyle Schochenmaier 4e24143b89
update helm docs for release 0.41.1 (#12465)
* update helm docs for release 0.41.1

* apply escape on <ip>:<port>

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-02-28 13:03:50 -08:00
R.B. Boyer 7b0548dd8d
server: suppress spurious blocking query returns where multiple config entries are involved (#12362)
Starting from and extending the mechanism introduced in #12110 we can specially handle the 3 main special Consul RPC endpoints that react to many config entries in a single blocking query in Connect:

- `DiscoveryChain.Get`
- `ConfigEntry.ResolveServiceConfig`
- `Intentions.Match`

All of these will internally watch for many config entries, and at least one of those will likely be not found in any given query. Because these are blends of multiple reads the exact solution from #12110 isn't perfectly aligned, but we can tweak the approach slightly and regain the utility of that mechanism.

### No Config Entries Found

In this case, despite looking for many config entries none may be found at all. Unlike #12110 in this scenario we do not return an empty reply to the caller, but instead synthesize a struct from default values to return. This can be handled nearly identically to #12110 with the first 1-2 replies being non-empty payloads followed by the standard spurious wakeup suppression mechanism from #12110.

### No Change Since Last Wakeup

Once a blocking query loop on the server has completed and slept at least once, there is a further optimization we can make here to detect if any of the config entries that were present at specific versions for the prior execution of the loop are identical for the loop we just woke up for. In that scenario we can return a slightly different internal sentinel error and basically externally handle it similar to #12110.

This would mean that even if 20 discovery chain read RPC handling goroutines wakeup due to the creation of an unrelated config entry, the only ones that will terminate and reply with a blob of data are those that genuinely have new data to report.

### Extra Endpoints

Since this pattern is pretty reusable, other key config-entry-adjacent endpoints used by `agent/proxycfg` also were updated:

- `ConfigEntry.List`
- `Internal.IntentionUpstreams` (tproxy)
2022-02-25 15:46:34 -06:00
Chris S. Kim 25f4a425d1
Merge pull request #12442 from danieleva/12422-keyring
Allows keyring operations on client agents
2022-02-25 16:28:56 -05:00
Chris S. Kim 9bec7cfc24
Merge pull request #12449 from hashicorp/eculver/envoy-upgrades
connect: Update supported Envoy versions to include 1.19.3 and 1.18.6
2022-02-25 14:25:45 -05:00
Jared Kirschner fb228cbeae docs: add FAQ for obtaining copy of license
For existing enterprise customers who need access to the license.
2022-02-25 09:52:07 -08:00
Jared Kirschner 9d64dab443 docs: add license renewal FAQ 2022-02-25 09:43:38 -08:00
Jared Kirschner e8cb3a8156 docs: clarify license expiration behavior
Also corrects the grace period between expiration and termination (10 years,
not 24 hours).
2022-02-25 09:31:51 -08:00
claire labry 6f1101e667
Merge pull request #12378 from hashicorp/add-post-publish-events
Adding post-publish events to ci.hcl.
2022-02-25 12:11:32 -05:00
Daniele Vazzola b32a0b2135 Adds changelog 2022-02-25 15:43:06 +00:00
chinmaym07 a5626a9c02 Added changelog
Signed-off-by: chinmaym07 <b418020@iiit-bh.ac.in>
2022-02-25 19:29:00 +05:30
John Cowen 121bd2e0ab
ui: PagedCollection component (#12404)
* ui: PagedCollection component

* ui: Use PagedCollection (#12436)

* ui: Integrate PagedCollection into DisclosureMenu

* Integrate PageCollection into DC, Nspace and Partition menus
2022-02-25 10:01:08 +00:00
John Cowen 79a07c7a3d
ui: Add new component blueprint (#12421)
This adds a new component blueprint for all our components. We've been
using README.mdx files for quite some time to document our components
for other engineers. This adds a default file to help new engineers get
started writing useful documentation. These README.mdx file are also
very useful for building out components in isolation from scratch and
and some point will be used to run automated component testing.
2022-02-25 09:47:20 +00:00
Evan Culver 3ce5a601e8
Add changelog entry 2022-02-24 17:05:55 -08:00
Evan Culver 522676ed8d
connect: Update supported Envoy versions to include 1.19.3 and 1.18.6 2022-02-24 16:59:33 -08:00
Evan Culver b95f010ac0
connect: Upgrade Envoy 1.20 to 1.20.2 (#12443) 2022-02-24 16:19:39 -08:00
R.B. Boyer ca112f8721
fix flaky test panic (#12446) 2022-02-24 17:35:46 -06:00
R.B. Boyer 957146401e
catalog: compare node names case insensitively in more places (#12444)
Many places in consul already treated node names case insensitively.
The state store indexes already do it, but there are a few places that
did a direct byte comparison which have now been corrected.

One place of particular consideration is ensureCheckIfNodeMatches
which is executed during snapshot restore (among other places). If a
node check used a slightly different casing than the casing of the node
during register then the snapshot restore here would deterministically
fail. This has been fixed.

Primary approach:

    git grep -i "node.*[!=]=.*node" -- ':!*_test.go' ':!docs'
    git grep -i '\[[^]]*member[^]]*\]
    git grep -i '\[[^]]*\(member\|name\|node\)[^]]*\]' -- ':!*_test.go' ':!website' ':!ui' ':!agent/proxycfg/testing.go:' ':!*.md'
2022-02-24 16:54:47 -06:00
Jeff-Apple 263357f7d5
Merge pull request #12416 from hashicorp/api-gateway-ga-docs
website: update API Gateway docs for v0.1.0 GA release
2022-02-24 12:36:34 -08:00
Michele Degges 45f2abfbba
Remove setup-qemu step from Docker build job (#12387) 2022-02-24 12:35:47 -08:00
Jeff-Apple eea07af17a
Update website/content/docs/api-gateway/index.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:27:17 -08:00
Jeff-Apple 31e6ec62f0
Update website/content/docs/api-gateway/api-gateway-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:23:51 -08:00
Jeff-Apple 6f80f9c4a7
Update website/content/docs/api-gateway/api-gateway-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:21:04 -08:00
Jeff-Apple 7e515eef97
Update website/content/docs/api-gateway/index.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:20:32 -08:00
Jeff-Apple f56981baf5
Update website/content/docs/api-gateway/api-gateway-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:16:47 -08:00
Jeff-Apple ba36bdc2e5
Update website/content/docs/api-gateway/api-gateway-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:14:06 -08:00
mrspanishviking 1f6651fac5
Merge pull request #12441 from hashicorp/retry-docs
docs: added example for service-router retry
2022-02-24 11:39:21 -07:00
Jeff-Apple 1dce8b663d Merge branch 'api-gateway-ga-docs' of https://github.com/hashicorp/consul into api-gateway-ga-docs 2022-02-24 10:00:43 -08:00
Jeff-Apple 5bc1e75e8f Updated helm chart version number and a minor edit 2022-02-24 09:56:55 -08:00
Karl Cardenas 48c60946f9
docs: added example for service-router retry 2022-02-24 10:52:41 -07:00
Nathan Coleman dc873138df
Update website/content/docs/api-gateway/tech-specs.mdx
Co-authored-by: Andrew Stucki <andrew.stucki@gmail.com>
2022-02-24 12:52:03 -05:00
Nathan Coleman 871625e321
Update website/content/docs/api-gateway/api-gateway-usage.mdx
Co-authored-by: Andrew Stucki <andrew.stucki@gmail.com>
2022-02-24 12:51:55 -05:00
Daniele Vazzola e76ca318dc Allows keyring operations on client agents 2022-02-24 17:24:57 +00:00
Jeff-Apple cc00e5e403 Minor edits and additions to the API Gateway docs. 2022-02-24 07:25:58 -08:00
David Yu 705f193f3f
docs: set tproxy annotation to false for multi-port (#12431) 2022-02-23 18:24:15 -08:00
Nitya Dhanushkodi 00c7f4f834
add multiport docs for K8s (#12428)
* add multiport docs for K8s

* add formatting

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-02-23 16:11:52 -08:00
R.B. Boyer 64271289ec
server: partly fix config entry replication issue that prevents replication in some circumstances (#12307)
There are some cross-config-entry relationships that are enforced during
"graph validation" at persistence time that are required to be
maintained. This means that config entries may form a digraph at times.

Config entry replication procedes in a particular sorted order by kind
and name.

Occasionally there are some fixups to these digraphs that end up
replicating in the wrong order and replicating the leaves
(ingress-gateway) before the roots (service-defaults) leading to
replication halting due to a graph validation error related to things
like mismatched service protocol requirements.

This PR changes replication to give each computed change (upsert/delete)
a fair shot at being applied before deciding to terminate that round of
replication in error. In the case where we've simply tried to do the
operations in the wrong order at least ONE of the outstanding requests
will complete in the right order, leading the subsequent round to have
fewer operations to do, with a smaller likelihood of graph validation
errors.

This does not address all scenarios, but for scenarios where the edits
are being applied in the wrong order this should avoid replication
halting.

Fixes #9319

The scenario that is NOT ADDRESSED by this PR is as follows:

1. create: service-defaults: name=new-web, protocol=http
2. create: service-defaults: name=old-web, protocol=http
3. create: service-resolver: name=old-web, redirect-to=new-web
4. delete: service-resolver: name=old-web
5. update: service-defaults: name=old-web, protocol=grpc
6. update: service-defaults: name=new-web, protocol=grpc
7. create: service-resolver: name=old-web, redirect-to=new-web

If you shutdown dc2 just before (4) and turn it back on after (7)
replication is impossible as there is no single edit you can make to
make forward progress.
2022-02-23 17:27:48 -06:00
Chris S. Kim ea47f066d7
Merge pull request #12430 from hashicorp/ci/main-assetfs-build
auto-updated agent/uiserver/bindata_assetfs.go from commit 73b6687c5
2022-02-23 18:19:30 -05:00