Commit Graph

14306 Commits

Author SHA1 Message Date
Daniel Nephin ec34f3860a
Merge pull request #10014 from hashicorp/dnephin/changelog
Add changelog for enterprise change
2021-04-14 14:09:35 -04:00
freddygv f7094f91c7 Avoid returning a nil slice 2021-04-14 10:52:05 -06:00
Matt Keeler bbf5993534
Move static token resolution into the ACLResolver (#10013) 2021-04-14 12:39:35 -04:00
R.B. Boyer 06848ce67e fix broken golden tests 2021-04-14 11:36:47 -05:00
Freddy 3ec4556114
Merge pull request #10006 from hashicorp/api-ptrs 2021-04-14 10:21:08 -06:00
freddygv 8e74eaa684 Update viz endpoint to include topology from intentions 2021-04-14 10:20:15 -06:00
Freddy 55a3697b83
Merge pull request #9987 from hashicorp/remove-kube-dns-hack 2021-04-14 10:00:53 -06:00
Daniel Nephin f01621c861 Add changelog for enterprise change 2021-04-14 11:50:15 -04:00
Mike Wickett d35bd9c00c
Merge pull request #10008 from hashicorp/mw.update-homepage-links
website: update why hashicorp links
2021-04-14 10:57:29 -04:00
ketzacoatl c8a6fbd994
add consul-haskell to libraries-and-sdks documentation (#9982)
See also https://github.com/alphaHeavy/consul-haskell/issues/40.
2021-04-13 21:06:19 -04:00
freddygv e1808af729 Fixup tests 2021-04-13 16:08:41 -06:00
Mike Wickett 73380a0dcc website: update why hashicorp links 2021-04-13 15:55:15 -04:00
freddygv 7cb3f32672 Convert new tproxy structs in api module into ptrs
This way we avoid serializing these when empty. Otherwise users of the
latest version of the api submodule cannot interact with older versions
of Consul, because a new api client would send keys that the older Consul
doesn't recognize yet.
2021-04-13 12:44:25 -06:00
Freddy 1f119aec7c
Merge pull request #10005 from hashicorp/tproxy-fixes 2021-04-13 11:45:40 -06:00
Daniel Nephin bbb9a73d9b tlsutil: fix a test for go1.16
Using a TestSigner was causing problems because go1.16 has this change:

> CreateCertificate now verifies the generated certificate's signature
> using the signer's public key. If the signature is invalid, an error is
> returned, instead of a malformed certificate.

See https://golang.org/doc/go1.16#crypto/x509
2021-04-13 13:31:20 -04:00
Daniel Nephin 3e20bd25bd connect: fix test for go1.16
There is no way to compare x509.CertPools now that it has an unexpected
function field. This comparison is as close as we can get.

See https://github.com/golang/go/issues/26614 for a related issue.
2021-04-13 13:25:45 -04:00
Freddy 8fc60a6ca6
Merge pull request #10000 from hashicorp/remove-upstream-cfg-validation
Remove zero-value validation of upstream cfg structs
2021-04-13 11:00:02 -06:00
freddygv 4e509aa768 Remove todo that was todone 2021-04-13 10:19:59 -06:00
freddygv 75edc9bc7c Avoid nil panic when cluster config doesn't exist 2021-04-13 10:17:11 -06:00
Daniel Nephin 66567f4bc0 ci: test against Go1.16.3 2021-04-13 12:06:13 -04:00
Freddy 66de74767c
Merge pull request #10003 from hashicorp/proxycfg-tproxy-ent-fixup
Fixup wildcard ent assertion
2021-04-13 09:56:05 -06:00
freddygv 932fbddd27 Augment intention decision summary with DefaultAllow mode 2021-04-12 19:32:09 -06:00
freddygv 8857195437 Fixup wildcard ent assertion 2021-04-12 17:04:33 -06:00
Freddy 18decbba9d
Merge pull request #9999 from hashicorp/update-enabling-tproxy 2021-04-12 16:37:04 -06:00
Kendall Strautman 03df6f70f2
fix(website): docs link text color (#10001) 2021-04-12 13:47:12 -04:00
freddygv b8ed82b808 Fixup bexpr filtering 2021-04-12 10:17:52 -06:00
freddygv d7c43049fa Remove zero-value validation of upstream cfg structs
The zero value of these flags was already being excluded in the xDS
generation of circuit breaker/outlier detection config.

See: makeThresholdsIfNeeded and ToOutlierDetection.
2021-04-12 10:08:57 -06:00
freddygv 7bd51ff536 Replace TransparentProxy bool with ProxyMode
This PR replaces the original boolean used to configure transparent
proxy mode. It was replaced with a string mode that can be set to:

- "": Empty string is the default for when the setting should be
defaulted from other configuration like config entries.
- "direct": Direct mode is how applications originally opted into the
mesh. Proxy listeners need to be dialed directly.
- "transparent": Transparent mode enables configuring Envoy as a
transparent proxy. Traffic must be captured and redirected to the
inbound and outbound listeners.

This PR also adds a struct for transparent proxy specific configuration.
Initially this is not stored as a pointer. Will revisit that decision
before GA.
2021-04-12 09:35:14 -06:00
freddygv 9e194b4b3c Avoid failing test due to undiscoverable node name 2021-04-12 09:26:55 -06:00
hashicorp-ci 2995d0e437 auto-updated agent/uiserver/bindata_assetfs.go from commit 84064f972 2021-04-12 13:08:41 +00:00
Kenia 84064f972e
ui: Return empty string protocol for upstream/downstream metrics request (#9989) 2021-04-12 09:03:57 -04:00
freddygv 98ba582797 Fixup mesh gateway docs 2021-04-11 15:48:04 -06:00
Tara Tufano 9deb52e868
add http2 ping health checks (#8431)
* add http2 ping checks

* fix test issue

* add h2ping check to config resources

* add new test and docs for h2ping

* fix grammatical inconsistency in H2PING documentation

* resolve rebase conflicts, add test for h2ping tls verification failure

* api documentation for h2ping

* update test config data with H2PING

* add H2PING to protocol buffers and update changelog

* fix typo in changelog entry
2021-04-09 15:12:10 -04:00
Iryna Shustava 5755c97bc7
cli: Add new `consul connect redirect-traffic` command for applying traffic redirection rules when Transparent Proxy is enabled. (#9910)
* Add new consul connect redirect-traffic command for applying traffic redirection rules when Transparent Proxy is enabled.
* Add new iptables package for applying traffic redirection rules with iptables.
2021-04-09 11:48:10 -07:00
Freddy a02245b75a
Merge pull request #9976 from hashicorp/centralized-upstream-fixups 2021-04-08 12:26:56 -06:00
freddygv d6db67ef86 Fixup test 2021-04-08 11:53:07 -06:00
Freddy e385e5992f
Merge pull request #9042 from lawliet89/tg-rewrite 2021-04-08 11:49:23 -06:00
freddygv c6d64a8078 Stable sort cidr ranges to match on 2021-04-08 11:27:57 -06:00
freddygv b21224a4c8 PR comments 2021-04-08 11:16:03 -06:00
Daniel Nephin 5d21d4d77f
Merge pull request #9925 from hashicorp/dnephin/update-memberlist
Update memberlist to v0.2.3
2021-04-08 12:17:29 -04:00
Daniel Nephin 27bbee2abd
Merge pull request #9988 from hashicorp/dnephin/lib-retry-fix-max-wait
lib/retry: allow jitter to exceed max wait
2021-04-08 12:16:52 -04:00
Daniel Nephin 34f1facebb
Merge pull request #9950 from hashicorp/dnephin/state-use-txn-everywhere
state: use Txn interface everywhere
2021-04-08 12:02:03 -04:00
Daniel Nephin c40e1a2ac6
Merge pull request #9880 from hashicorp/dnephin/catalog-events-test-pattern
state: use runCase pattern for large test
2021-04-08 11:54:41 -04:00
Paul Banks 1406671290
cache: Fix bug where connection errors can cause early cache expiry (#9979)
Fixes a cache bug where TTL is not updated while a value isn't changing or cache entry is returning fetch errors.
2021-04-08 11:11:15 +01:00
Paul Banks ee04d452be
cache: fix bug where TTLs were ignored leading to leaked memory in client agents (#9978)
* Fix bug in cache where TTLs are effectively ignored

This mostly affects streaming since streaming will immediately return from Fetch calls when the state is Closed on eviction which causes the race condition every time.

However this also affects all other cache types if the fetch call happens to return between the eviction and then next time around the Get loop by any client.

There is a separate bug that allows cache items to be evicted even when there are active clients which is the trigger here.

* Add changelog entry

* Update .changelog/9978.txt
2021-04-08 11:08:56 +01:00
Paul Banks 8e00e327b0
Merge pull request #9977 from hashicorp/grpc-tuning
streaming: Grpc tuning
2021-04-08 11:05:38 +01:00
Daniel Nephin f9cf2ec9ab lib/retry: allow jitter to exceed max wait.
I changed this in https://github.com/hashicorp/consul/pull/8802#pullrequestreview-500779357 because
exceeding the MaxWait seemed wrong, but as other have pointed out, that behaviour is probably correct.

When multiple waiters hit the max value, we don't want them to converge, so restore the behaviour of
allowing jitter to exceed max, and document it.
2021-04-07 18:33:11 -04:00
freddygv ab752c1c86 Avoid sending zero-value upstream defaults from api 2021-04-07 15:03:42 -06:00
freddygv a6388c7e2f Revert "Avoid accumulating synthetic upstreams"
This reverts commit 86672df4fa.
2021-04-07 14:30:30 -06:00
freddygv 02f6768cd2 Remove kube-dns resolution since clusterip will be a tagged addr 2021-04-07 14:15:21 -06:00