d47b7311b8
Support Check-And-Set deletion of config entries ( #11419 )
...
Implements #11372
2021-11-01 16:42:01 +00:00
8ca5be47c8
Merge pull request #11441 from hashicorp/docs/admin-partitions-feedback-acl-policies
...
admin partitions feedback related to ACLs; additional improvements to ACL rule docs
2021-11-01 09:09:38 -07:00
78e59170fa
Update website/content/docs/security/acl/acl-rules.mdx
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-11-01 09:07:08 -07:00
2801785710
regenerate expired certs ( #11462 )
...
* regenerate expired certs
* add documentation to generate tests certificates
2021-11-01 11:40:16 -04:00
0854e1d684
Merge pull request #11348 from kbabuadze/fix-answers-alt-domain
...
Fix answers for alt domain
2021-10-29 17:09:20 -04:00
1dcb949306
docs: add -verbose flag for install command ( #11447 )
2021-10-29 12:08:23 -07:00
61361c2e5d
cli: update consul members output to display partitions and sort the results usefully ( #11446 )
2021-10-28 17:27:31 -05:00
c8cafb7654
agent: for various /v1/agent endpoints parse the partition parameter on the request ( #11444 )
...
Also update the corresponding CLI commands to send the parameter
appropriately.
NOTE: Behavioral changes are not happening in this PR.
2021-10-28 16:44:38 -05:00
af9ffc214d
agent: add a clone function for duplicating the serf lan configuration ( #11443 )
2021-10-28 16:11:26 -05:00
977be77493
Fix back compat issues with UDS config ( #11318 )
...
SocketPath needs to be omitted when empty to avoid confusing older versions of Consul
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-10-28 13:31:10 -07:00
823026e319
docs: revised Helm install to create namespace and install on dedicated namespace ( #11440 )
...
* docs: revised Helm install to create namespace and install on dedicated Consul namespace
* Update website/content/docs/k8s/installation/install.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
* Update install.mdx
* changing to Helm 3.2+ as a pre-req to make it easier to follow
* might as well bump to latest version
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-28 12:27:00 -07:00
bb18625219
applying admin partitions feedback related to ACLs; additional immprovments to ACL rule docs
2021-10-28 11:23:15 -07:00
210d37e4ab
Merge pull request #10671 from hashicorp/dnephin/fix-subscribe-test-flake
...
subscribe: improve TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages
2021-10-28 12:57:09 -04:00
96a31df5c8
Merge pull request #11255 from hashicorp/dnephin/fix-auth-verify-incoming
...
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
2021-10-28 12:56:58 -04:00
29f192a130
Refactor requireHttpCodes for segregated error handling ( #11287 )
2021-10-28 12:24:23 -04:00
0c0460b53f
CTS document manual apply ( #11426 )
...
* CTS document manual apply
* Add Consul-Terraform-Sync parentheses to CTS acronym
* Add tf link for run notifications
2021-10-28 10:19:18 -05:00
61be9371f5
connect: Remove support for Envoy 1.16 ( #11354 )
2021-10-27 18:51:35 -07:00
bec08f4ec3
connect: Add support for Envoy 1.20 ( #11277 )
2021-10-27 18:38:10 -07:00
ab425e3ca1
Merge pull request #11436 from hashicorp/api/exports-marshal
...
[OSS] Ensure partition-exports kind gets marshaled
2021-10-27 15:27:25 -06:00
4c45cafce2
Update filename to match entry kind - mesh
2021-10-27 15:01:26 -06:00
ac96ce6552
Ensure partition-exports kind gets marshalled
...
The api module has decoding functions that rely on 'kind' being present
of payloads. This is so that we can decode into the appropriate api type
for the config entry.
This commit ensures that a static kind is marshalled in responses from
Consul's api endpoints so that the api module can decode them.
2021-10-27 15:01:26 -06:00
a3c781682d
subscribe: attempt to fix a flaky test
...
TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages has been
flaking a few times. This commit cleans up the test a bit, and improves
the failure output.
I don't believe this actually fixes the flake, but I'm not able to
reproduce it reliably.
The failure appears to be that the event with Port=0 is being sent in
both the snapshot and as the first event after the EndOfSnapshot event.
Hopefully the improved logging will show us if these are really
duplicate events, or actually different events with different indexes.
2021-10-27 15:09:09 -04:00
fbcf9f3f6c
Merge pull request #11435 from hashicorp/ent-authorizer-refactor
...
[OSS] Export ACLs refactor
2021-10-27 13:04:40 -06:00
303532825f
Merge pull request #11432 from hashicorp/ap/exports-mgw
...
[OSS] Update mesh gateways to handle partitions
2021-10-27 12:54:53 -06:00
43360eb216
Rework acl exports interface
2021-10-27 12:50:39 -06:00
0a4ff4bb91
Prefer concrete policyAuthorizer type
...
There will only ever be policyAuthorizers embedded in
namespaceAuthorizers, this commit swaps out the interface in favor of
the concrete type.
2021-10-27 12:50:19 -06:00
ec7e94d129
Merge pull request #11433 from hashicorp/exported-service-acls
...
[OSS] acl: Expand ServiceRead and NodeRead to account for partition exports
2021-10-27 12:48:08 -06:00
e93c144d2f
Update comments
2021-10-27 12:36:44 -06:00
4afc24268d
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
...
See github.com/hashicorp/consul/issues/11207
When VerifyIncomingRPC is false the TLS conn will not have the required certificates.
2021-10-27 13:43:25 -04:00
a8762be529
Merge pull request #11431 from hashicorp/ap/exports-proxycfg
...
[OSS] Update partitioned mesh gw handling for connect proxies
2021-10-27 11:27:43 -06:00
b1b6f682e1
Merge pull request #11416 from hashicorp/ap/exports-update
...
Rename service-exports to partition-exports
2021-10-27 11:27:31 -06:00
3a2061544d
Fixup partitions assertion
2021-10-27 11:15:25 -06:00
9480670b72
Fixup imports
2021-10-27 11:15:25 -06:00
c72bbb6e8d
Split up locality check from hostname check
2021-10-27 11:15:25 -06:00
d28b9052b2
Move the exportingpartitions constant to enterprise
2021-10-27 11:15:25 -06:00
448701dbd8
Replace default partition check
2021-10-27 11:15:25 -06:00
12923f5ebc
PR comments
2021-10-27 11:15:25 -06:00
327e6bff25
Leave todo about default name
2021-10-27 11:15:25 -06:00
5bf2497f71
Add oss impl of registerEntCache
2021-10-27 11:15:25 -06:00
954d21c6ba
Register the ExportingPartitions cache type
2021-10-27 11:15:25 -06:00
a33b6923e0
Account for partitions in xds gen for mesh gw
...
This commit avoids skipping gateways in remote partitions of the local
DC when generating listeners/clusters/endpoints.
2021-10-27 11:15:25 -06:00
935112a47a
Account for partition in SNI for gateways
2021-10-27 11:15:25 -06:00
686b883600
Add changelog entry
2021-10-27 09:06:34 -06:00
110fae820a
Update xds pkg to account for GatewayKey
2021-10-27 09:03:56 -06:00
7e65678c52
Update mesh gateway proxy watches for partitions
...
This commit updates mesh gateway watches for cross-partitions
communication.
* Mesh gateways are keyed by partition and datacenter.
* Mesh gateways will now watch gateways in partitions that export
services to their partition.
* Mesh gateways in non-default partitions will not have cross-datacenter
watches. They are not involved in traditional WAN federation.
2021-10-27 09:03:56 -06:00
38456bedcb
Add changelog entry
2021-10-27 09:02:10 -06:00
aa931682ea
Avoid mixing named and unnamed params
2021-10-26 23:42:25 -06:00
bf350224a0
Avoid passing nil config pointer
2021-10-26 23:42:25 -06:00
df7b5af6f0
Avoid panic on nil partitionAuthorizer config
...
partitionAuthorizer.config can be nil if it wasn't provided on calls to
newPartitionAuthorizer outside of the ACLResolver. This usage happens
often in tests.
This commit: adds a nil check when the config is going to be used,
updates non-test usage of NewPolicyAuthorizerWithDefaults to pass a
non-nil config, and dettaches setEnterpriseConf from the ACLResolver.
2021-10-26 23:42:25 -06:00
22bdf279d1
Update NodeRead for partition-exports
...
When issuing cross-partition service discovery requests, ACL filtering
often checks for NodeRead privileges. This is because the common return
type is a CheckServiceNode, which contains node data.
2021-10-26 23:42:11 -06:00
Daniel Upton
trujillo-adam
Dhia Ayachi
Jared Kirschner
David Yu
R.B. Boyer
Mark Anderson
trujillo-adam
Daniel Nephin
sidzi
Kim Ngo
Evan Culver
Freddy
freddygv