16070 Commits

Author SHA1 Message Date
Mike Morris
93f937f238
types: add types/tls.go for strongly-typed TLS versions and cipher suites (#11645)
types: add TLS constants

types: distinguish between human and Envoy serialization for TLSVersion constants

types: add DeprecatedAgentTLSVersions for backwards compatibility

types: add methods for printing TLSVersion as strings

types: add TLSVersionInvalid error value

types: add a basic test for TLSVersion comparison

types: add TLS cihper suite mapping using IANA constant names and values

types: adding ConsulAutoConfigTLSVersionStrings

changelog: add entry for TLSVersion and TLSCipherSuite types

types: initialize TLSVerison constants starting at zero

types: remove TLSVersionInvalid < 0 test

types: update note for ConsulAutoConfigTLSVersionStrings

types: programmatically invert TLSCipherSuites for HumanTLSCipherSuiteStrings lookup map

Co-authored-by: Dan Upton <daniel@floppy.co>

types: add test for TLSVersion zero-value

types: remove unused EnvoyTLSVersionStrings

types: implement MarshalJSON for TLSVersion

types: implement TLSVersionUnspecified as zero value

types: delegate TLS.MarshalJSON to json.Marshal, use ConsulConfigTLSVersionStrings as default String() values

Co-authored-by: Dan Upton <daniel@floppy.co>
2021-12-03 20:17:55 -05:00
Freddy
ddb151aa7e
Merge pull request #11737 from hashicorp/ap/ap-rename 2021-12-03 18:02:10 -07:00
freddygv
cacfa79fc2 Add changelog entry 2021-12-03 17:50:40 -07:00
freddygv
09cdeae13c Move exported-services docs based on new name 2021-12-03 17:47:32 -07:00
freddygv
ed6076db26 Rename partition-exports to exported-services
Using a name less tied to partitions gives us more flexibility to use
this config entry in OSS for exports between datacenters/meshes.
2021-12-03 17:47:31 -07:00
Freddy
ff1e71efec
Merge pull request #11682 from hashicorp/ap/renames 2021-12-03 17:35:38 -07:00
freddygv
9f3144b333 Add changelog entry 2021-12-03 17:31:42 -07:00
freddygv
f5b25401b3 Update intention topology to use new table 2021-12-03 17:28:31 -07:00
freddygv
55970c6ccd Avoid updating default decision from wildcard ixn
Given that we do not allow wildcard partitions in intentions, no one ixn
can override the DefaultAllow setting. Only the default ACL policy
applies across all partitions.
2021-12-03 17:28:12 -07:00
freddygv
497aab669f Add a new table to query service names by kind
This table purposefully does not index by partition/namespace. It's a
global view into all service names.

This table is intended to replace the current serviceListTxn watch in
intentionTopologyTxn. For cross-partition transparent proxying we need
to be able to calculate upstreams from intentions in any partition. This
means that the existing serviceListTxn function is insufficient since
it's scoped to a partition.

Moving away from that function is also beneficial because it watches the
main "services" table, so watchers will wake up when any instance is
registered or deregistered.
2021-12-03 17:28:12 -07:00
freddygv
e7a7042c69 Update listener generation to account for consul VIP 2021-12-03 17:27:56 -07:00
freddygv
c148b73744 Add changelog entry 2021-12-03 17:12:43 -07:00
freddygv
3e5400c4c5 Clarify feature name in partition docstring 2021-12-03 17:05:17 -07:00
freddygv
7811edd055 Rename internal AdminPartition references
This commit finishes replacing references to "AdminPartition" with
"Partition". This now matches other uses in the codebase such as the CLI
command, HTTP API, and the query parameter.
2021-12-03 17:05:05 -07:00
freddygv
129d54d060 Fix integ test 2021-12-03 17:02:57 -07:00
Freddy
f032d6ef05
Merge pull request #11680 from hashicorp/ap/partition-exports-oss 2021-12-03 16:57:50 -07:00
freddygv
4b196fdb41 Add changelog entry 2021-12-03 16:55:19 -07:00
Dan Upton
3b9dfca88d
internal: support ResultsFilteredByACLs flag/header (#11643) 2021-12-03 23:04:24 +00:00
Dan Upton
c8204330ed
query: support ResultsFilteredByACLs in query list endpoint (#11620) 2021-12-03 23:04:09 +00:00
Dhia Ayachi
ce326b6074
port oss changes (#11736) 2021-12-03 17:23:55 -05:00
Freddy
e246defb6c
Merge pull request #11720 from hashicorp/bbolt 2021-12-03 14:44:36 -07:00
Dan Upton
047aa2ffb0
fedstate: support ResultsFilteredByACLs in ListMeshGateways endpoint (#11644) 2021-12-03 20:56:55 +00:00
Dan Upton
361d9c2862
catalog: support ResultsFilteredByACLs flag/header (#11594) 2021-12-03 20:56:14 +00:00
Dan Upton
4c0956c03a
coordinate: support ResultsFilteredByACLs flag/header (#11617) 2021-12-03 20:51:02 +00:00
Jared Kirschner
eb90c7f3ad
Merge pull request #11458 from kbabuadze/docs-altDomain-section
added Alternative Domain section to dns page in docs
2021-12-03 15:48:55 -05:00
Dan Upton
bf1e2ca551
sessions: support ResultsFilteredByACLs flag/header (#11606) 2021-12-03 20:43:43 +00:00
Dan Upton
d92f0d84c6
txn: support ResultsFilteredByACLs flag in Read endpoint (#11632) 2021-12-03 20:41:03 +00:00
Dan Upton
547aa219ea
agent: support X-Consul-Results-Filtered-By-ACLs header in agent-local endpoints (#11610) 2021-12-03 20:36:28 +00:00
Dhia Ayachi
86159c6ed8
sessions partitioning tests (#11734)
* state: port KV and Tombstone tables to new pattern

* go fmt'ed

* handle wildcards for tombstones

* Fix graveyard ent vs oss

* fix oss compilation error

* add partition to tombstones and kv state store indexes

* refactor to use `indexWithEnterpriseIndexable`

* Apply suggestions from code review

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* add `singleValueID` implementation assertions

* partition `tableSessions` table

* fix sessions to use UUID and fix prefix index

* fix oss build

* clean up unused functions

* fix oss compilation

* add a partition indexer for sessions

* Fix oss to not have partition index

* fix oss tests

* remove unused operations_ent.go and operations_oss.go func

* remove unused const

* convert `IndexID` of `session_checks` table

* convert `indexSession` of `session_checks` table

* convert `indexNodeCheck` of `session_checks` table

* partition `indexID` and `indexSession` of `tableSessionChecks`

* fix oss linter

* fix review comments

* remove partition for Checks as it's always use the session partition

* fix tests

* fix tests

* do not namespace nodeChecks index

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2021-12-03 15:36:07 -05:00
Dan Upton
c314be2ff9
intention: support ResultsFilteredByACLs flag/header (#11612) 2021-12-03 20:35:54 +00:00
FFMMM
0c4633a231
update connect ca leaf endpoint docs (#11723)
* update connect ca leaf endpoint docs

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* pr feedback

* Update website/content/api-docs/agent/connect.mdx

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2021-12-03 10:44:36 -08:00
Mark Anderson
a89ffba2d4
Cross port of ent #1383 (#11726)
Cross port of ent #1383 "Reject non-default datacenter when making partitioned ACLs"

On the OSS side this is a minor refactor to add some more checks that are only applicable to enterprise code.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-12-03 10:20:25 -08:00
Dan Upton
599a4d6619
config: support ResultsFilteredByACLs in list/list all endpoints (#11621) 2021-12-03 17:39:47 +00:00
Dan Upton
c4c68915c9
event: support X-Consul-Results-Filtered-By-ACLs header in list (#11616) 2021-12-03 17:38:59 +00:00
Dan Upton
474ef7cc1f
kv: support ResultsFilteredByACLs in list/list keys (#11593) 2021-12-03 17:31:48 +00:00
Dan Upton
cf1bd585f6
health: support ResultsFilteredByACLs flag/header (#11602) 2021-12-03 17:31:32 +00:00
Dan Upton
267ef064c0
docs: X-Consul-Results-Filtered-By-ACLs header (#11629) 2021-12-03 17:31:09 +00:00
Dan Upton
1e47e3c82b
Groundwork for exposing when queries are filtered by ACLs (#11569) 2021-12-03 17:11:26 +00:00
Zachary Shilton
3ed8cbe9b4
website: bump deps to fix print styles (#11392)
* website: bump deps to fix print styles

* website: remove unnecessary print styles

* fix: hide hashicorp header

* fix: hashi-stack-menu print selector
2021-12-03 10:07:57 -05:00
Kyle Havlovitz
1aa7ba4d52
Merge pull request #11725 from hashicorp/dns-virtual-ips
dns: add endpoint for querying service virtual IPs
2021-12-02 17:17:00 -08:00
Kyle Havlovitz
0546bbe08a dns: add endpoint for querying service virtual IPs 2021-12-02 16:40:28 -08:00
Kyle Havlovitz
6f34a4f777
Merge pull request #11724 from hashicorp/service-virtual-ips
oss: add virtual IP generation for connect services
2021-12-02 16:16:57 -08:00
Kyle Havlovitz
bd3c9ff244 Add changelog note 2021-12-02 15:54:40 -08:00
Kyle Havlovitz
4f2cfee4b0 consul: add virtual IP generation for connect services 2021-12-02 15:42:47 -08:00
R.B. Boyer
c46f9f9f31
agent: add variation of force-leave that exclusively works on the WAN (#11722)
Fixes #6548
2021-12-02 17:15:10 -06:00
Konstantine
34df6ced93 added hcl 2021-12-03 00:54:39 +02:00
Matt Keeler
09fd8f727e Add the changelog entry for bbolt modifications 2021-12-02 16:59:13 -05:00
Matt Keeler
c7a94843ee Emit raft-boltdb metrics 2021-12-02 16:56:15 -05:00
Daniel Nephin
e47cecc653 config: add NoFreelistSync option
# Conflicts:
#	agent/config/testdata/TestRuntimeConfig_Sanitize-enterprise.golden
#	agent/consul/server.go
2021-12-02 16:56:15 -05:00
Matt Keeler
42a5635bc3 Use raft-boltdb/v2 2021-12-02 16:56:15 -05:00