Commit Graph

24 Commits

Author SHA1 Message Date
Kyle Havlovitz a8cc967a02 Merge pull request #8784 from hashicorp/renew-intermediate-primary
connect: Enable renewing the intermediate cert in the primary DC
2020-10-09 12:26:49 -07:00
Hans Hasselberg b1ef15166e note template with ent support (#8910) 2020-10-09 19:07:16 +00:00
Kyle Havlovitz df160fee3e
Merge pull request #8862 from hashicorp/backport/1.8.x-vault-token-renew
backport(1.8.x): vault token renew
2020-10-09 08:10:45 -07:00
Matt Keeler 6cae442ef4 Add capability for the v1/connect/ca/roots endpoint to return a PEM encoded certificate chain (#8774)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-10-09 14:43:59 +00:00
Kyle Havlovitz b8038d1814 Update vault CA for latest api client 2020-10-07 16:40:27 -04:00
Hans Hasselberg 010abda64c use service datacenter for dns name (#8704)
* Use args.Datacenter instead of configured datacenter
2020-09-25 10:41:02 -05:00
R.B. Boyer e05c30de1f agent: when enable_central_service_config is enabled ensure agent reload doesn't revert check state to critical (#8747)
Likely introduced when #7345 landed.
2020-09-24 21:24:51 +00:00
Daniel Nephin 3ee2aa1325 Merge pull request #8685 from pierresouchay/do_not_flood_logs_with_Non-server_in_server-only_area
[BUGFIX] Avoid GetDatacenter* methods to flood Consul servers logs
2020-09-15 21:58:29 +00:00
Kyle Havlovitz 2ed68b9f45 Merge pull request #8646 from hashicorp/common-intermediate-ttl
Move IntermediateCertTTL to common CA config
2020-09-15 19:04:27 +00:00
Hans Hasselberg 1444588869 add entry for 8588 (#8650) 2020-09-10 16:54:01 +00:00
Tim Arenz 208b89d378 Add support for -ca-path option in the connect envoy command (#8606)
* Add support for -ca-path option in the connect envoy command
* Adding changelog entry
2020-09-08 14:10:21 +00:00
Seth Hoenig 9f735e6ff3 api: create fresh http client for unix sockets (#8602)
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
2020-09-06 16:28:56 +00:00
R.B. Boyer 770fc0985a connect: all config entries pick up a meta field (#8596)
Fixes #8595
2020-09-02 19:22:37 +00:00
R.B. Boyer b8cfef599c agent: ensure that we normalize bootstrapped config entries (#8547) 2020-09-02 19:21:58 +00:00
R.B. Boyer c2a28ba268 connect: fix bug in preventing some namespaced config entry modifications (#8601)
Whenever an upsert/deletion of a config entry happens, within the open
state store transaction we speculatively test compile all discovery
chains that may be affected by the pending modification to verify that
the write would not create an erroneous scenario (such as splitting
traffic to a subset that did not exist).

If a single discovery chain evaluation references two config entries
with the same kind and name in different namespaces then sometimes the
upsert/deletion would be falsely rejected. It does not appear as though
this bug would've let invalid writes through to the state store so the
correction does not require a cleanup phase.
2020-09-02 15:47:53 +00:00
Daniel Nephin 37a24b6071 Merge pull request #8577 from hashicorp/dnephin/changelog-for-8537
Add missing changelog for PR 8537
2020-08-31 15:57:37 +00:00
Daniel Nephin 83031dfffe Merge pull request #8586 from pierresouchay/changelog_for_8552
Added changelog for #8552
2020-08-28 21:36:19 +00:00
Jack 295358044b Add http2 and grpc support to ingress gateways (#8458) 2020-08-27 15:41:39 -06:00
R.B. Boyer f5e62f1d1b
agent: expose the list of supported envoy versions on /v1/agent/self (#8566)
also backport of a portion of c599a2f5f4 from #8424
2020-08-27 11:33:33 -05:00
Matt Keeler 2891acb8b8 Add helpers to the API client to help with getting information from `AgentMember` tags (#8575)
Lots of constants were added for various tags that would concern users and are not already parsed out.

Additionally two methods on the AgentMember type were added to ask a member what its ACL Mode is and whether its a server or not.
2020-08-27 15:01:18 +00:00
Hans Hasselberg bc5e2ddfc3 add primary keys to list keyring (#8522)
During gossip encryption key rotation it would be nice to be able to see if all nodes are using the same key. This PR adds another field to the json response from `GET v1/operator/keyring` which lists the primary keys in use per dc. That way an operator can tell when a key was successfully setup as primary key.

Based on https://github.com/hashicorp/serf/pull/611 to add primary key to list keyring output:

```json
[
  {
    "WAN": true,
    "Datacenter": "dc2",
    "Segment": "",
    "Keys": {
      "0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 6,
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 6
    },
    "PrimaryKeys": {
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 6
    },
    "NumNodes": 6
  },
  {
    "WAN": false,
    "Datacenter": "dc2",
    "Segment": "",
    "Keys": {
      "0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 8,
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
    },
    "PrimaryKeys": {
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
    },
    "NumNodes": 8
  },
  {
    "WAN": false,
    "Datacenter": "dc1",
    "Segment": "",
    "Keys": {
      "0OuM4oC3Os18OblWiBbZUaHA7Hk+tNs/6nhNYtaNduM=": 3,
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
    },
    "PrimaryKeys": {
      "SINm887hKTzmMWeBNKTJReaTLX3mBEJKriDyt88Ad+g=": 8
    },
    "NumNodes": 8
  }
]
```

I intentionally did not change the CLI output because I didn't find a good way of displaying this information. There are a couple of options that we could implement later:
* add a flag to show the primary keys
* add a flag to show json output

Fixes #3393.
2020-08-18 07:51:22 +00:00
R.B. Boyer 7983023acf
[backport/1.8.x] connect: use stronger validation that ingress gateways have compatible protocols defined for their upstreams (#8494)
Backport of #8470 to 1.8.x
2020-08-13 15:26:23 -05:00
Hans Hasselberg 7f08519888 Link issue in note template (#8502)
Issue and PR numbers do not overlap, they are based of the same counter.
A PR can be also linked to via issues, if it is a PR, Github will
redirect to it.
This change has the benefit that one can link to both - issues and PRs.
2020-08-13 08:24:10 +00:00
Hans Hasselberg 56fb793fc1 Introducing changelog-gen (#8387)
* add templates for changelog-gen
* add entry files for currently unreleased PRs on master
2020-08-07 11:53:35 +02:00