Commit Graph

21240 Commits

Author SHA1 Message Date
Melissa Kam 3b9bb8d6f9
[CC-7044] Start HCP manager as part of link creation (#20312)
* Check for ACL write permissions on write

Link eventually will be creating a token, so require acl:write.

* Convert Run to Start, only allow to start once

* Always initialize HCP components at startup

* Support for updating config and client

* Pass HCP manager to controller

* Start HCP manager in link resource

Start as part of link creation rather than always starting. Update
the HCP manager with values from the link before starting as well.

* Fix metrics sink leaked goroutine

* Remove the hardcoded disabled hostname prefix

The HCP metrics sink will always be enabled, so the length of sinks will
always be greater than zero. This also means that we will also always
default to prefixing metrics with the hostname, which is what our
documentation states is the expected behavior anyway.

* Add changelog

* Check and set running status in one method

* Check for primary datacenter, add back test

* Clarify merge reasoning, fix timing issue in test

* Add comment about controller placement

* Expand on breaking change, fix typo in changelog
2024-01-29 16:31:44 -06:00
Chris Hut 64a46105ea
Fixing UI tests (#20386)
Fixing tests as we're not calling env.var, we're using a property on the env service
2024-01-29 13:58:15 -08:00
Curt Bushko 48d1b059d2
add support for more envoy versions for LTS (#20358)
add support for more envoy versions for LTS
2024-01-29 16:46:51 -05:00
Tyler Wendlandt b9f3e5e247
NET-5398: V2 unavailable UI message (#20359)
* Update ui server to include V2 Catalog flag

* Fix typo

* Add route and redirects for the unavailable warning

* Add qualtrics link

* Remove unneccessary check and redirect
2024-01-29 14:28:41 -07:00
Matt Keeler d350115e7f
Fix filename with two periods (#20389) 2024-01-29 15:38:40 -05:00
Matt Keeler 34a32d4ce5
Remove V2 PeerName field from pbresource.Tenancy (#19865)
The peer name will eventually show up elsewhere in the resource. For now though this rips it out of where we don’t want it to be.
2024-01-29 15:08:31 -05:00
Nitya Dhanushkodi 92aab7ea31
[NET-5586][rebased] v2: Support virtual port references in config (#20371)
[OG Author: michael.zalimeni@hashicorp.com, rebase needed a separate PR]

* v2: support virtual port in Service port references

In addition to Service target port references, allow users to specify a
port by stringified virtual port value. This is useful in environments
such as Kubernetes where typical configuration is written in terms of
Service virtual ports rather than workload (pod) target port names.

Retaining the option of referencing target ports by name supports VMs,
Nomad, and other use cases where virtual ports are not used by default.

To support both uses cases at once, we will strictly interpret port
references based on whether the value is numeric. See updated
`ServicePort` docs for more details.

* v2: update service ref docs for virtual port support

Update proto and generated .go files with docs reflecting virtual port
reference support.

* v2: add virtual port references to L7 topo test

Add coverage for mixed virtual and target port references to existing
test.

* update failover policy controller tests to work with computed failover policy and assert error conditions against FailoverPolicy and ComputedFailoverPolicy resources

* accumulate services; don't overwrite them in enterprise

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2024-01-29 10:43:41 -08:00
Chris S. Kim a2d50af1bd
Fix panic on error (#20377) 2024-01-29 17:44:13 +00:00
Dan Stough 0ca7313b07
feat(v2dns): add PTR query support (#20362) 2024-01-29 11:40:10 -05:00
Derek Menteer ba5cac434a
Use mirrored image for CICD tests. (#20378) 2024-01-29 10:22:34 -06:00
Krastin Krastev fa8e8837ac
docs: Fix typos in docs (#20211)
* Update sameness.mdx

* Update service-resolver.mdx
2024-01-28 10:00:33 +00:00
Chris Hut 75af5b15d9
Cc 7146/convert consul hcp to a simpler component for some upcoming changes (#20344)
* Convert consul-hcp to a simpler component

* update existing test to use envStub helper

* Add missing copyright - weird no one yelled about this

* remove consul-hcp from load

* remove this test that doesn't run anymore
2024-01-26 16:39:50 -08:00
David Yu 1c1df4530c
GHA: Update broken-link-check.yml to check once a month (#20368)
Update broken-link-check.yml
2024-01-26 16:11:27 -08:00
Nathan Coleman 27aecdb8cc
[NET-5075] Implement mesh gateway mode for explicit destinations (#20361) 2024-01-26 17:17:18 -05:00
Tyler Wendlandt 7e08d8988c
NET-5398: Update UI server to include if v2 is enabled (#20353)
* Update ui server to include V2 Catalog flag

* Fix typo
2024-01-26 14:38:51 -07:00
Derek Menteer e586a4490d
Fix CICD docker image rate limits. (#20304)
The docker image used in CICD was referencing `registry.k8s.io/pause:3.3`,
which appears to no longer function correctly. This commit swaps over to a
Hashicorp mirrored image that shouldn't have rate limits or disappearing
images.
2024-01-26 14:38:02 -06:00
Nitya Dhanushkodi 0ec7bddb9a
[Net-5594][Net-7466] v2: Only route to endpoints that implement the port being routed to, and make xdscontroller and xdsv2 golden tests use tenancy (#20356)
* If a workload does not implement a port, it should not be included in the list of endpoints for the Envoy cluster for that port.

* Adds tenancy tests for xds controller and xdsv2 resource generation, and adds all those files.

* The original change in this PR was for filtering the list of endpoints by the port being routed to (bullet 1). Since I made changes to sidecarproxycontroller golden files, I realized some of the golden files were unused because of the tenancy changes, so when I deleted those, that broke xds controller tests which weren't correctly using tenancy. So when I fixed that, then the xdsv2 tests broke, so I added tenancy support there too. So now, from sidecarproxy controller -> xds controller -> xdsv2 we now have tenancy support and all the golden files are lined up.
2024-01-26 10:07:21 -08:00
Valeriia Ruban 049ca102c4
Cc 7145 hcp link status api (#20330)
* feat: add api call to hcp/link endpoint

* updated

* updated

* update approach to get the linking status

* updated application template

* feat: add api call to hcp/link endpoint

* updated

* updated

* update approach to get the linking status

* updated application template

* update purple banner links

* Hook up the linked check to the purple banner

* fixed lint issue

* Updated tests for new link status API calls as args instead of from service

---------

Co-authored-by: Chris Hut <tophernuts@gmail.com>
2024-01-26 09:57:18 -08:00
sarahalsmiller 37ebaa6920
Net 7155- Consul API Gateway Controller Stub Work (#20324)
* API Gateway proto

* fix lint issue

* new line

* run make proto format

* checkpoint

* stub

* Update internal/mesh/internal/controllers/apigateways/controller.go
2024-01-25 23:16:20 +00:00
Luke Kysow 840f11a0c5
Change logging of registered v2 resource endpoints to add /api prefix (#20352)
* Change logging of registered v2 resource endpoints to add /api prefix

Previous:

    agent.http: Registered resource endpoint: endpoint=/demo/v1/executive

New:

    agent.http: Registered resource endpoint: endpoint=/api/demo/v1/executive

This reduces confusion when attempting to call the APIs after looking at
the logs.
2024-01-25 14:18:54 -08:00
Blake Covarrubias 91a783a980
docs: Fix example service registration for built-in proxy (#20336)
Fix the sample service registration for the built-in proxy by adding
the missing `sidecar_service` block.
2024-01-25 11:38:58 -08:00
Semir Patel efdf80413c
resource: add MutateAndValidate endpoint (#20311) 2024-01-25 13:12:30 -06:00
Nick Cellino ec0df00fc1
Add finalizer to link resource (#20321)
* Add finalizer to link resource

* Update internal/hcp/internal/controllers/link/controller.go

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* Address PR style feedback

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
2024-01-25 12:27:36 -05:00
Nick Cellino 4801c9cbdc
Add Link API docs (#20308)
* Add Link API docs

* Update website/content/api-docs/hcp-link.mdx

Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>

* Update website/content/api-docs/hcp-link.mdx

Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>

* Update website/content/api-docs/hcp-link.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* Update website/content/api-docs/hcp-link.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* Update website/content/api-docs/hcp-link.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* Add summary sentence and move api vs config section up

* Add hcp link endpoint to API Overview page

* Update website/content/api-docs/index.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* Update note about v1 API endpoint prefix

* Add a period at end of v1 prefix note.

* Add link to HCP Consul Central

---------

Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2024-01-25 10:13:46 -05:00
wangxinyi7 7bb2c7cf13
Xw/net 5724 grpc client delete (#20309)
* delete commmand works
2024-01-24 15:17:54 -08:00
Dan Stough 6828780131
feat(v2dns): add partial support for SOA records (#20320) 2024-01-24 15:32:42 -05:00
wangxinyi7 1f29ee604a
grpc CLI client list command (#20260)
list command works
2024-01-24 12:24:45 -08:00
John Landa 65920dccf4
move deny action to enterprise only for traffic permissions (#20313)
Add missing import

Add explicit enum case for deny action

Remove extra comments

Add build tags to ent and ce tests

Add copyright headers for the ce files

Fix case statements for ce validator

Remove ce tests with Deny traffic permissions

Fix more integration tests

Split more ce and ent tests, add back ent deny tests for traffic permissions controller

temp rename before rebase

Readd ent deny tests for traffic permissions controller
2024-01-24 13:01:22 -07:00
John Maguire 4ce4dd1492
Add new changelog entries for 1.15.9, 1.16.5, 1.17.2 (#20337)
add new changelog entries for 1.15.9, 1.16.5, 1.17.2
2024-01-24 14:21:23 -05:00
John Maguire cfe4d59938
[NET-7265] Panic when passing an incorrect type to the data fetcher for gatewayproxy (#20238)
* panic when passing an incorrect type to the data fetcher

* Add assertions for sidecarproxy datafetcher as well

* rename assertion function

* Add in comments to ensure devs know about potential panics for using
invalid types

* fix method call
2024-01-24 14:16:56 -05:00
sarahalsmiller 1eca44aef9
NET-7153 Proto messages for API Gateway (#20250)
* API Gateway proto

* fix lint issue

* new line

* run make proto format

* regened with comment

* lint

* utilizie existing TLS struct

* Update proto-public/pbmesh/v2beta1/api_gateway.proto

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* generated file

* Update proto-public/pbmesh/v2beta1/api_gateway.proto

* regen with comment

* format the comment

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2024-01-24 12:10:20 -06:00
Melissa Kam 7900544249
[CC-7063] Fetch HCP agent bootstrap config in Link reconciler (#20306)
* Move config-dependent methods to separate package

In order to reuse the fetching and file creation part of the
bootstrap package, move the code that would cause cyclical
dependencies to a different package.

* Export needed bootstrap methods and variables

Also add back validating persisted config and update tests.

* Add support to check for just management token

Add a new method that fetches the bootstrap configuration only if
there isn't a valid management token file instead of checking for
all the hcp-config files.

* Pass data dir as a dependency to link controller

The link controller needs to check the data directory for
the hcp-config files.

* Fetch bootstrap config for token in controller

Load the management token when reconciling a link resource, which will
fetch the agent boostrap configuration if the token is not already
persisted locally. Skip this step if the cluster is in read-only mode.

* Validate resource ID format in link creation

* Handle unauthorized and forbidden errors

Check for 401 and 403s when making GNM requests, exit bootstrap fetch
loop and return specific failure statuses for link.

* Move test function to a testing file

* Log load and status write errors
2024-01-24 09:51:43 -06:00
aahel 3446eb3b1b
added computed failover controller (#20329)
* added computed failover controller

* removed some uncessary changes

* removed uncessary changes

* minor refactor

* minor refactor fmt

* added copyright
2024-01-24 11:50:27 +05:30
skpratt 0abf8f8426
Net 5092/internal l7 traffic permissions (#20276)
* wire up L7 Traffic Permissions

* testing

* update comment
2024-01-23 20:07:58 -06:00
skpratt 44bcda8523
Net 7074/decentralized exported services management (#20318)
* Add decentralized management of V1 exported-services config entries using V2 multicluster resources.

* cleanup

---------

Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
2024-01-23 19:44:10 -06:00
Krastin Krastev a392242d23
docs: Update k8s/connect/create-sameness-groups (#20317) 2024-01-23 16:09:45 -08:00
Chris Hut 5119667cd1
💜 Cc 7187/purple banner for linking existing clusters (#20275)
* Adding banner on services page

* Simplified version of setting/unsetting banner

* Translating the text based off of enterprise or not

* Add an integration test

* Adding an acceptance test

* Enable config dismissal as well

* Adding changelog

* Adding some copyrights to the other files

* Revert "Enable config dismissal as well"

This reverts commit e6784c4335bdff99d9183d28571aa6ab4b852cbd.

We'll be doing this in CC-7347
2024-01-23 14:29:53 -08:00
Melissa Kam e5d18753c9
Update SCADA provider version (#20319) 2024-01-23 12:45:58 -06:00
Tauhid Anjum b37fe80eee
Net 6774 Make Sameness Groups Work With Traffic Permissions CE (#20316)
* Make Sameness Groups Work With Traffic Permissions

* Fix controller dependency
2024-01-23 13:23:03 +05:30
Tauhid Anjum 5d294b26d3
NET-5824 Exported services api (#20015)
* Exported services api implemented

* Tests added, refactored code

* Adding server tests

* changelog added

* Proto gen added

* Adding codegen changes

* changing url, response object

* Fixing lint error by having namespace and partition directly

* Tests changes

* refactoring tests

* Simplified uniqueness logic for exported services, sorted the response in order of service name

* Fix lint errors, refactored code
2024-01-23 10:06:59 +05:30
cskh 528147e5ad
upgrade test: run validation func at every node during upgrade (#20293)
* upgrade test: run validation func at every node during upgrade

* add 3 servers in each cluster
2024-01-22 18:35:06 -05:00
Nathan Coleman 995ba32cc0
Use null route cluster for default router when no matches on v2 mesh gateway (#20270)
* Use black hole cluster for default router when no matches

* Update test assertions

* Use null route cluster instead of black hole cluster concept

* Update test assertions
2024-01-22 10:50:04 -08:00
Lord-Y 758ddf84e9
Case sensitive route match (#19647)
Add case insensitive param on service route match

This commit adds in a new feature that allows service routers to specify that
paths and path prefixes should ignore upper / lower casing when matching URLs.

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
2024-01-22 09:23:24 -06:00
Nick Cellino 34b343a980
Unconditionally add Access-Control-Expose-Headers HTTP header (#20220)
* Unconditionally add Access-Control-Expose-Headers HTTP header

* Return nil instead of err
2024-01-22 10:18:35 -05:00
Dan Stough 97ae244d8a
feat(v2dns): add grpc DNS support (#20296) 2024-01-22 10:10:03 -05:00
Semir Patel 6d9e8fdd05
resource: retry non-CAS deletes automatically (#20292) 2024-01-22 06:45:01 -08:00
wangxinyi7 6188db4d20
grpc CLI client read command (#20178)
* apply commmand works
2024-01-19 19:11:41 -08:00
Melissa Kam a9dd6f5c02
Add a separate test for initializer retries (#20298)
Separate test for initializer retries
2024-01-19 16:59:44 -06:00
R.B. Boyer 2e08a7e1c7
v2: prevent use of the v2 experiments in secondary datacenters for now (#20299)
Ultimately we will have to rectify wan federation with v2 catalog adjacent
experiments, but for now blanket prevent usage of the resource-apis,
v2dns, and v2tenancy experiments in secondary datacenters.
2024-01-19 16:31:49 -06:00
Nick Cellino 37a5fddffa
Create HCP management token in HCP manager (#19830)
* Create HCP management token in HCP manager

* Change InitializeManagementToken to ManagementTokenUpserter

* Implement and use management token upsert function

* Fix race condition in test

* Add idea for improvement as comment

* Return early in upsertManagementToken if token exists
2024-01-19 13:58:49 -05:00