Commit Graph

21113 Commits

Author SHA1 Message Date
John Landa 65920dccf4
move deny action to enterprise only for traffic permissions (#20313)
Add missing import

Add explicit enum case for deny action

Remove extra comments

Add build tags to ent and ce tests

Add copyright headers for the ce files

Fix case statements for ce validator

Remove ce tests with Deny traffic permissions

Fix more integration tests

Split more ce and ent tests, add back ent deny tests for traffic permissions controller

temp rename before rebase

Readd ent deny tests for traffic permissions controller
2024-01-24 13:01:22 -07:00
John Maguire 4ce4dd1492
Add new changelog entries for 1.15.9, 1.16.5, 1.17.2 (#20337)
add new changelog entries for 1.15.9, 1.16.5, 1.17.2
2024-01-24 14:21:23 -05:00
John Maguire cfe4d59938
[NET-7265] Panic when passing an incorrect type to the data fetcher for gatewayproxy (#20238)
* panic when passing an incorrect type to the data fetcher

* Add assertions for sidecarproxy datafetcher as well

* rename assertion function

* Add in comments to ensure devs know about potential panics for using
invalid types

* fix method call
2024-01-24 14:16:56 -05:00
sarahalsmiller 1eca44aef9
NET-7153 Proto messages for API Gateway (#20250)
* API Gateway proto

* fix lint issue

* new line

* run make proto format

* regened with comment

* lint

* utilizie existing TLS struct

* Update proto-public/pbmesh/v2beta1/api_gateway.proto

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* generated file

* Update proto-public/pbmesh/v2beta1/api_gateway.proto

* regen with comment

* format the comment

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2024-01-24 12:10:20 -06:00
Melissa Kam 7900544249
[CC-7063] Fetch HCP agent bootstrap config in Link reconciler (#20306)
* Move config-dependent methods to separate package

In order to reuse the fetching and file creation part of the
bootstrap package, move the code that would cause cyclical
dependencies to a different package.

* Export needed bootstrap methods and variables

Also add back validating persisted config and update tests.

* Add support to check for just management token

Add a new method that fetches the bootstrap configuration only if
there isn't a valid management token file instead of checking for
all the hcp-config files.

* Pass data dir as a dependency to link controller

The link controller needs to check the data directory for
the hcp-config files.

* Fetch bootstrap config for token in controller

Load the management token when reconciling a link resource, which will
fetch the agent boostrap configuration if the token is not already
persisted locally. Skip this step if the cluster is in read-only mode.

* Validate resource ID format in link creation

* Handle unauthorized and forbidden errors

Check for 401 and 403s when making GNM requests, exit bootstrap fetch
loop and return specific failure statuses for link.

* Move test function to a testing file

* Log load and status write errors
2024-01-24 09:51:43 -06:00
aahel 3446eb3b1b
added computed failover controller (#20329)
* added computed failover controller

* removed some uncessary changes

* removed uncessary changes

* minor refactor

* minor refactor fmt

* added copyright
2024-01-24 11:50:27 +05:30
skpratt 0abf8f8426
Net 5092/internal l7 traffic permissions (#20276)
* wire up L7 Traffic Permissions

* testing

* update comment
2024-01-23 20:07:58 -06:00
skpratt 44bcda8523
Net 7074/decentralized exported services management (#20318)
* Add decentralized management of V1 exported-services config entries using V2 multicluster resources.

* cleanup

---------

Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
2024-01-23 19:44:10 -06:00
Krastin Krastev a392242d23
docs: Update k8s/connect/create-sameness-groups (#20317) 2024-01-23 16:09:45 -08:00
Chris Hut 5119667cd1
💜 Cc 7187/purple banner for linking existing clusters (#20275)
* Adding banner on services page

* Simplified version of setting/unsetting banner

* Translating the text based off of enterprise or not

* Add an integration test

* Adding an acceptance test

* Enable config dismissal as well

* Adding changelog

* Adding some copyrights to the other files

* Revert "Enable config dismissal as well"

This reverts commit e6784c4335bdff99d9183d28571aa6ab4b852cbd.

We'll be doing this in CC-7347
2024-01-23 14:29:53 -08:00
Melissa Kam e5d18753c9
Update SCADA provider version (#20319) 2024-01-23 12:45:58 -06:00
Tauhid Anjum b37fe80eee
Net 6774 Make Sameness Groups Work With Traffic Permissions CE (#20316)
* Make Sameness Groups Work With Traffic Permissions

* Fix controller dependency
2024-01-23 13:23:03 +05:30
Tauhid Anjum 5d294b26d3
NET-5824 Exported services api (#20015)
* Exported services api implemented

* Tests added, refactored code

* Adding server tests

* changelog added

* Proto gen added

* Adding codegen changes

* changing url, response object

* Fixing lint error by having namespace and partition directly

* Tests changes

* refactoring tests

* Simplified uniqueness logic for exported services, sorted the response in order of service name

* Fix lint errors, refactored code
2024-01-23 10:06:59 +05:30
cskh 528147e5ad
upgrade test: run validation func at every node during upgrade (#20293)
* upgrade test: run validation func at every node during upgrade

* add 3 servers in each cluster
2024-01-22 18:35:06 -05:00
Nathan Coleman 995ba32cc0
Use null route cluster for default router when no matches on v2 mesh gateway (#20270)
* Use black hole cluster for default router when no matches

* Update test assertions

* Use null route cluster instead of black hole cluster concept

* Update test assertions
2024-01-22 10:50:04 -08:00
Lord-Y 758ddf84e9
Case sensitive route match (#19647)
Add case insensitive param on service route match

This commit adds in a new feature that allows service routers to specify that
paths and path prefixes should ignore upper / lower casing when matching URLs.

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
2024-01-22 09:23:24 -06:00
Nick Cellino 34b343a980
Unconditionally add Access-Control-Expose-Headers HTTP header (#20220)
* Unconditionally add Access-Control-Expose-Headers HTTP header

* Return nil instead of err
2024-01-22 10:18:35 -05:00
Dan Stough 97ae244d8a
feat(v2dns): add grpc DNS support (#20296) 2024-01-22 10:10:03 -05:00
Semir Patel 6d9e8fdd05
resource: retry non-CAS deletes automatically (#20292) 2024-01-22 06:45:01 -08:00
wangxinyi7 6188db4d20
grpc CLI client read command (#20178)
* apply commmand works
2024-01-19 19:11:41 -08:00
Melissa Kam a9dd6f5c02
Add a separate test for initializer retries (#20298)
Separate test for initializer retries
2024-01-19 16:59:44 -06:00
R.B. Boyer 2e08a7e1c7
v2: prevent use of the v2 experiments in secondary datacenters for now (#20299)
Ultimately we will have to rectify wan federation with v2 catalog adjacent
experiments, but for now blanket prevent usage of the resource-apis,
v2dns, and v2tenancy experiments in secondary datacenters.
2024-01-19 16:31:49 -06:00
Nick Cellino 37a5fddffa
Create HCP management token in HCP manager (#19830)
* Create HCP management token in HCP manager

* Change InitializeManagementToken to ManagementTokenUpserter

* Implement and use management token upsert function

* Fix race condition in test

* Add idea for improvement as comment

* Return early in upsertManagementToken if token exists
2024-01-19 13:58:49 -05:00
Melissa Kam 98c9702ba3
[CC-7031] Add initialization support to resource controllers (#20138)
* Add Initializer to the controller

The Initializer adds support for running any required initialization
steps when the controller is first started.

* Implement HCP Link initializer

The link initializer will create a Link resource if the
cloud configuration has been set.

* Simplify retry logic and testing

* Remove internal retry, replace with logging logic
2024-01-19 11:47:48 -06:00
Matt Keeler 0a261682cd
Migrate the node health controller to use the cache (#20248)
Some edge case error testing had to be removed because it was no longer possible to force errors when going through the cache layer as opposed to the resource service itself.
2024-01-19 12:22:45 -05:00
Michael Zalimeni f942f2dc18
security: fix syntax for release scan config (#20279)
Correct syntax errors introduced in #20264.
2024-01-19 17:08:54 +00:00
Matt Keeler cee9df574d
Deflake the catalog v2beta1 integration tests (#20278) 2024-01-19 10:49:47 -05:00
Nick Cellino fe678e9da1
Sync cluster attributes from GNM to Link resource (#20158)
* Add 'GetCluster' function to HCP client

* Sync cluster data inside Link controller

* Add access mode to HCP Link

* Sync AccessLevel property

* Fix imports and remove outdated comments

* Switch accessMode to access level

* Add comment around HCPClientFn

* Fix spacing in link.proto

* Add helper for writing status. Fix reconciliation loop
2024-01-19 10:02:55 -05:00
Matt Keeler f9c04881f9
Failover policy cache (#20244)
* Migrate the Failover controller to use the controller cache
* Remove the Catalog FailoverMapper and its usage in the mesh routes controller.
2024-01-19 09:35:34 -05:00
Michael Zalimeni b03d770dc3
security: disable Vault secret scans due to false positives (#20264)
This was recently shown to have issues with false positives that blocked
a preview release build, so disabling for now.
2024-01-19 04:00:54 +00:00
Nathan Coleman c40b59823a
[NET-6431] Remove explicit endpoints function from PST builder (#20262)
This isn't needed since we just populate RequiredEndpoints, which is already done for the base case
2024-01-18 19:13:37 -05:00
Dan Stough 0edfa74d15
feat(v2dns): recursor support (#20249)
* feat(v2dns): recursor support

* test: fix leaking test agent in dns svc test
2024-01-18 18:30:04 -05:00
Luke Kysow 0cb64ccfc8
docs: update k8s upgrade instructions (#20263)
* docs: update k8s upgrade instructions

With https://github.com/hashicorp/consul-k8s/pull/3000 merged, users can
upgrade their k8s installs using a regular helm upgrade since the
upgrade is now stable.

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2024-01-18 23:18:50 +00:00
Matt Keeler 59cb12c798
Migrate the Endpoints controller to use the controller cache (#20241)
* Add cache resource decoding helpers

* Implement a common package for workload selection facilities. This includes:

   * Controller cache Index
   * ACL hooks
   * Dependency Mapper to go from workload to list of resources which select it
   * Dependency Mapper to go from a resource which selects workloads to all the workloads it selects.

* Update the endpoints controller to use the cache instead of custom mappers.

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2024-01-18 17:52:52 -05:00
Dhia Ayachi d641998641
Fix to not create a watch to `Internal.ServiceDump` when mesh gateway is not used (#20168)
This add a fix to properly verify the gateway mode before creating a watch specific to mesh gateways. This watch have a high performance cost and when mesh gateways are not used is not used.

This also adds an optimization to only return the nodes when watching the Internal.ServiceDump RPC to avoid unnecessary disco chain compilation. As watches in proxy config only need the nodes.
2024-01-18 16:44:53 -06:00
cskh 539659508a
upgrade test: call validation func during upgrade (#20258) 2024-01-18 17:04:06 -05:00
Matt Keeler 9897be76ad
Update workload health controller to use the controller cache (#20240) 2024-01-18 16:30:11 -05:00
John Maguire 7888d00e49
[NET6429] Add listeners for mesh-gateway v2 (#20253)
Add listeners for mesh-gateway v2
2024-01-18 17:52:06 +00:00
Dan Stough 15ab80c832
feat(v2dns): move DNSPolicy to workload/endpoints (#20246) 2024-01-18 11:37:42 -05:00
John Murret 938d2315e0
DNS v2 - add virtual ip questions (#20245) 2024-01-17 23:46:18 +00:00
Nathan Coleman d2e991ddfc
Remove unnecessary fetching of gateway (#20172)
The fetched gateway isn't currently used anywhere
2024-01-17 14:13:13 -05:00
Ganesh S 4d20e54273
Add additional rules to iptables SDK (#20232)
* Add additional rules to iptables SDK

* Add comments
2024-01-17 21:59:21 +05:30
John Murret bc4da5f5d6
check error in TestDNSCycleRecursorCheckAllFail before asserting response to stop panic in CI. (#20231) 2024-01-17 07:25:35 -07:00
Dan Stough cb384ac068
feat(v2dns): addr. query support (#20224) 2024-01-16 22:36:02 -05:00
Anita Akaeze 6a85543175
NET-7178: add workload selector to MeshGateway protobuf definition (#20159)
NET-7178: Add workload selector to MeshGateway proto
2024-01-16 21:48:18 +00:00
Derek Menteer 1d396ba9f1
Add docs for k8s liveness / startup probes. (#20213)
* Add docs for k8s liveness / startup probes.

* Update website/content/docs/k8s/helm.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-01-16 15:09:16 -06:00
Michael Zalimeni a317064764
ci: Use Consul Go version for Vault int tests (#20219)
Unlike the Nomad tests (where Nomad is compiled from source and provides
the tests), Vault is installed as a binary, and local Consul tests are
run.

Fixes incorrect version change introduced in #20058.
2024-01-16 19:24:06 +00:00
wangxinyi7 74b737d4a3
Xw/net 6307 grpc client apply (#20107)
* add acl token

* apply commmand works

* add info to error message

* add tests to apply method

* add more description to flag

* code refactor

* update the error message

* fix the failing test
2024-01-16 10:39:55 -08:00
Melissa Kam c112a6632d
[CC-7042] Update and enable the HCP metrics sink in the HCP manager (#20072)
* Option to set HCP client at runtime

Allows us to initially set a nil HCP client for the
telemetry provider and update it later.

* Set telemetry provider HCP client in HCP manager

Set the telemetry provider as a dependency and pass it to
the manager. Update the telemetry provider's HCP client
when the HCP manager starts.

* Add a provider interface for the metrics client

This provider will allow us to configure and reconfigure the
retryable HTTP client and the headers for the metrics client.

* Move HTTP retryable client to separate file

Copied directly from the metrics client.

* Abstract HCP specific values in HTTP client

Remove HCP specific references and instead initiate with
a generic TLS configuration and authentication source.

* Set up HTTP client and headers in the provider

Move setup from the metrics client to the HCP telemetry
provider.

* Update the telemetry provider in the HCP manager

Initialize the provider without the HCP configs and then update
it in the HCP manager to enable it.

* Improve test assertion, fix method comment

* Move client provider to metrics client

* Stop the manager on setup error

* Add separate lock for http configuration

* Start telemetry provider in HCP manager

* Update HCP client and config as part of Run

* Remove option to set config at initialization

* Simplify and clean up setting HCP configs

* Add test for telemetry provider Run method

* Fix race condition

* Use clone of HTTP headers

* Only allow initial update and run once
2024-01-16 10:46:12 -06:00
Manoj Srinivasamurthy 6bcc5c148c
NET-6862: adding disk-io and disk usage metrics to k8s grafana dashboard (#20169) 2024-01-16 22:14:17 +05:30