Commit Graph

14680 Commits

Author SHA1 Message Date
Giulio Micheloni d4a3fe33e8 String type instead of error type and changelog. 2021-08-06 22:35:27 +01:00
Giulio Micheloni 814ef6b103 acl: fix error type into a string type for serialization issue
acl_endpoint_test.go:507:
        	Error Trace:	acl_endpoint_test.go:507
        	            				retry.go:148
        	            				retry.go:149
        	            				retry.go:103
        	            				acl_endpoint_test.go:504
        	Error:      	Received unexpected error:
        	            	codec.decoder: decodeValue: Cannot decode non-nil codec value into nil error (1 methods)
        	Test:       	TestACLEndpoint_ReplicationStatus
2021-07-15 11:31:44 +02:00
Giulio Micheloni 529fe737ef acl: acl replication routine to report the last error message 2021-07-14 11:50:23 +02:00
Jan Berktold e91996f130
Add rs-consul client to community-provided SDKs list (#10529)
* Add rs-consul

* Update website/content/api-docs/libraries-and-sdks.mdx

Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2021-06-30 10:43:41 -04:00
Blake Covarrubias 8a832635b8
docs: Add Consul 1.10 release notes (#10489)
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2021-06-29 16:08:57 -07:00
Iryna Shustava 1c0beefc73
docs: add docs for running a single Consul dc in multiple k8s clusters (#10508) 2021-06-29 14:23:36 -06:00
jkirschner-hashicorp 89f01647fb
Merge pull request #10519 from jkirschner-hashicorp/fix-doc-service-splitter-example
docs: fix service splitter example weight sum
2021-06-29 15:51:18 -04:00
Ashwin Venkatesh 48069d18dd
Add docs for gossip encryption key rotation (#10522)
* Add docs for gossip encryption key rotation with feedback from David, Kyle and Luke.
2021-06-29 14:45:19 -04:00
Daniel Nephin 391a0eae46
Merge pull request #10437 from christopherlai/patch-1
Link to Reverse Proxy from Load Balancer
2021-06-29 14:37:41 -04:00
Blake Covarrubias 8a9dad08b5
docs: Add audit logging examples (#10382)
* docs: Add audit logging examples

Resolves #8375, resolves #9055
2021-06-29 10:58:15 -07:00
Blake Covarrubias ef6e618753
docs: Clarify serf_lan/retry_join behavior with network segments (#10386)
* docs: Add info on using cloud auto-join with Network Segments

Resolves hashicorp/go-discover#57

* Add note about joining network segments

Specifically call out that agents can be configured to join a network
segment by either specifying the Serf LAN port in the join address,
changing the agent's default Serf LAN port by configuring
`ports.serf_lan`, or specifying the port in the `-serf-lan-port`
command line flag.

Resolves #9972
2021-06-29 10:57:33 -07:00
David Yu 0c63a7b4d4
docs: Remove Helm 2 mention in Consul K8s install and uninstall (#10517)
* docs: Remove Helm 2 mention in Consul K8s install and uninstall
Helm 2 is no longer supported via Consul K8s. Helm 3 is now the supported version for Consul K8s.
2021-06-29 09:18:08 -07:00
Mike Ajala d87263b5eb
Update self-hosted-kubernetes.mdx (#10518)
Corrected typo, from you _mean_ need to you _may_ need.
2021-06-29 09:17:07 -07:00
Jared Kirschner 8dae08e30e Fix service splitter example weight sum
Weight sum must be equal to 100.
2021-06-29 07:01:55 -04:00
Daniel Nephin 1041ba71de
Merge pull request #10514 from hashicorp/dnephin/actually-enable-streaming
streaming: fix not being able to enable streaming
2021-06-28 18:52:03 -04:00
Daniel Nephin bc4d349ccf streaming: support X-Cache-Hit header
If a value was already available in the local view the request is considered a cache hit.
If the materialized had to wait for a value, it is considered a cache miss.
2021-06-28 17:29:23 -04:00
Daniel Nephin c78391797d streaming: fix enable of streaming in the client
And add checks to all the tests that explicitly use streaming.
2021-06-28 17:23:14 -04:00
Daniel Nephin 8b365f8271 Remove a racy and failing test
This test is super racy (it's not just a single line).

This test also starts failing once streaming is enabled, because the
cache rate limit no longer applies to the requests in the test. The
queries use streaming instead of the cache.

This test is no longer valid, and the functionality is already well
tested by TestCacheThrottle.  Instead of spending time rewriting this
test, let's remove it.

```
WARNING: DATA RACE
Read at 0x00c01de410fc by goroutine 735:
  github.com/hashicorp/consul/agent.TestCacheRateLimit.func1()
      /home/daniel/pers/code/consul/agent/agent_test.go:1024 +0x9af
  github.com/hashicorp/consul/testrpc.WaitForTestAgent()
      /home/daniel/pers/code/consul/testrpc/wait.go:99 +0x209
  github.com/hashicorp/consul/agent.TestCacheRateLimit.func1()
      /home/daniel/pers/code/consul/agent/agent_test.go:966 +0x1ad
  testing.tRunner()
      /usr/lib/go/src/testing/testing.go:1193 +0x202

Previous write at 0x00c01de410fc by goroutine 605:
  github.com/hashicorp/consul/agent.TestCacheRateLimit.func1.2()
      /home/daniel/pers/code/consul/agent/agent_test.go:998 +0xe9

Goroutine 735 (running) created at:
  testing.(*T).Run()
      /usr/lib/go/src/testing/testing.go:1238 +0x5d7
  github.com/hashicorp/consul/agent.TestCacheRateLimit()
      /home/daniel/pers/code/consul/agent/agent_test.go:961 +0x375
  testing.tRunner()
      /usr/lib/go/src/testing/testing.go:1193 +0x202

Goroutine 605 (finished) created at:
  github.com/hashicorp/consul/agent.TestCacheRateLimit.func1()
      /home/daniel/pers/code/consul/agent/agent_test.go:1022 +0x91e
  github.com/hashicorp/consul/testrpc.WaitForTestAgent()
      /home/daniel/pers/code/consul/testrpc/wait.go:99 +0x209
  github.com/hashicorp/consul/agent.TestCacheRateLimit.func1()
      /home/daniel/pers/code/consul/agent/agent_test.go:966 +0x1ad
  testing.tRunner()
      /usr/lib/go/src/testing/testing.go:1193 +0x202
```
2021-06-28 17:23:13 -04:00
Daniel Nephin 16b21b0864 http: add an X-Consul-Query-Backend header to responses
So that it is easier to detect and test when streaming is being used.
2021-06-28 16:44:58 -04:00
Daniel Nephin 2e1e80266a
Merge pull request #10506 from hashicorp/dnephin/docs-rpc-query-metrics
docs: correct some misleading telemetry docs
2021-06-28 12:33:57 -04:00
Daniel Nephin 7531a6681d docs: correct some misleading telemetry docs
The query metrics are actually reported for all read queries, not only
ones that use a MinIndex to block for updates.

Also clarify the raft.apply metric is only on the leader.
2021-06-28 12:20:53 -04:00
Kendall Strautman 794029b8ac
chore: upgrade react-head and deps (#10499) 2021-06-28 08:39:14 -07:00
Daniel Nephin 7470647b85
Merge pull request #10497 from hashicorp/dnephin/tls-cert-exploration-3
tlsutil: unexport and remove methods
2021-06-25 18:24:33 -04:00
R.B. Boyer ed8a901be7
connect: include optional partition prefixes in SPIFFE identifiers (#10507)
NOTE: this does not include any intentions enforcement changes yet
2021-06-25 16:47:47 -05:00
Freddy 1c28aa732b
Update CONTRIBUTING.md 2021-06-25 14:43:53 -06:00
R.B. Boyer a2876453a5
connect/ca: cease including the common name field in generated certs (#10424)
As part of this change, we ensure that the SAN extensions are marked as
critical when the subject is empty so that AWS PCA tolerates the loss of
common names well and continues to function as a Connect CA provider.

Parts of this currently hack around a bug in crypto/x509 and can be
removed after https://go-review.googlesource.com/c/go/+/329129 lands in
a Go release.

Note: the AWS PCA tests do not run automatically, but the following
passed locally for me:

    ENABLE_AWS_PCA_TESTS=1 go test ./agent/connect/ca -run TestAWS
2021-06-25 13:00:00 -05:00
hc-github-team-consul-core f24ee5d842 auto-updated agent/uiserver/bindata_assetfs.go from commit ace794d21 2021-06-25 09:47:01 +00:00
John Cowen ace794d214
ui: Enable specifying additional docfy config as json (#10464) 2021-06-25 10:41:41 +01:00
Dhia Ayachi a64c9a3e62
return an empty record when asked for an addr dns with type other then A, AAAA and ANY (#10401)
* return an invalid record when asked for an addr dns with type other then A and AAAA

* add changelog

* fix ANY use case and add a test for it

* update changelog type

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* return empty response if the question record type do not match for addr

* set comment in the right place

* return A\AAAA record in extra section if record type is not A\AAAA for addr

* Fix failing test

* remove commented code

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* use require for test validation

* use variable to init struct

* fix failing test

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update .changelog/10401.txt

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* fix compilation error

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-06-24 20:44:44 -04:00
Daniel Nephin dc67042eac Invert the logic of outgoingRPCTLSDisabled
To remove the double negatives, which should make it easier to read.
2021-06-24 19:25:02 -04:00
Daniel Nephin 39f282c425 tlsutil: inline verifyIncomingHTTPS
This function was only used in one place, and the indirection makes it slightly
harder to see what the one caller is doing. Since it's only accesing a couple fields
it seems like the logic can exist in the one caller.
2021-06-24 19:25:02 -04:00
Daniel Nephin a25c817478 tlsutil: remove indirection and duplication
VerifyIncomingRPC and verifyIncomingRPC were duplicate functions, and
once one is removed, Config.verifyIncomingRPC is only called in one place.

Remove 2 of the 3 functions to make the behaviour easier to follow (less indirection).
2021-06-24 18:43:30 -04:00
Daniel Nephin 13e5448c17 tlsutil: remove unnecessary getter functions
These functions did nothing but hide the fields they were returning.
2021-06-24 18:43:29 -04:00
Daniel Nephin 66ba2e2463 tlsutil: unexport and remove indirection
Unexport outgoingALPNRPCConfig since it is only used internally
Remove the MutualTLSCapable->mutualTLSCapable indirection, we only need the exported method.
Inline enableAgentTLSForChecks to make it more clear what it does, since it only has a single caller and is wrapping a single field lookup.
2021-06-24 18:43:29 -04:00
Ludovic Ortega c138c38392
[Fix] Add missing quote (#10484) 2021-06-24 13:59:39 -07:00
R.B. Boyer d7fb3543fc
sdk: Stop making a special /tmp/consul-test directory for testutil.TempFile and testutil.TempDir (#10494) 2021-06-24 15:46:23 -05:00
lornasong d43f3af2c6
docs/nia: fix catalog-services typos pt 2 (#10493) 2021-06-24 16:45:46 -04:00
R.B. Boyer ca0a58ff71
connect/proxy: fixes logic bug preventing builtin/native proxy from starting upstream listeners (#10486)
Fixes #10480

Also fixed a data race in the `connect/proxy` package that was unearthed by the tests changed for this bugfix.
2021-06-24 15:02:34 -05:00
Kim Ngo 993f4715fd
docs/nia: fix typo (#10492) 2021-06-24 13:51:26 -05:00
Daniel Nephin bbf52ddd04
Merge pull request #10490 from hashicorp/dnephin/fix-tls-for-health-check
tlsutil: fix ServerName used for health checks that use TLS
2021-06-24 14:27:16 -04:00
Daniel Nephin bb37c4dfe8
Merge pull request #10476 from hashicorp/dnephin/ca-primary-uses-intermediate
ca: replace ca.PrimaryIntermediateProviders
2021-06-24 14:05:19 -04:00
Daniel Nephin d09027caf6 tlsutils: more test cases for OutgoingTLSConfigForCheck 2021-06-24 13:49:58 -04:00
Daniel Nephin 486b97e2c9 tlsutil: fix default server name for health checks
Don't use the agent node name or agent server name when EnableAgentTLSForChecks=false.
2021-06-24 13:49:58 -04:00
Daniel Nephin 3a734c8303
Merge pull request #10488 from hashicorp/dnephin/ci-lib-testing
ci: test api/sdk against last 2 Go versions
2021-06-24 13:09:44 -04:00
Daniel Nephin a920936c86 tlsutil: convert tests for OutgoingTLSConfigForCheck to a table
In preparation for adding more test cases.
2021-06-24 12:51:40 -04:00
Daniel Nephin 8054ea3ff1 ci: test api/sdk against last 2 Go versions
So that we catch any incompatibilities with the preivous Go version.
2021-06-24 12:24:12 -04:00
David Yu e7557ab4a1
docs: Remove beta version references from Helm reference (#10477)
Removing references from the 1.10 beta that were included in Helm Configuration Reference
2021-06-24 09:08:33 -07:00
Daniel Nephin 0e86083351
Merge pull request #10473 from knusbaum/ioutil
{api,command/agent}: change io.Discard to ioutil.Discard
2021-06-24 11:59:46 -04:00
Kim Ngo 491bd51033
docs/nia: Update CTS compatible versions (#10487) 2021-06-24 10:16:03 -05:00
David Yu 2872fc6b26
docs: Removal of Consul vs ZooKeeper analysis (#10469)
* docs: Removal of Consul vs ZooKeeper

Although Consul does have a KV, we are not positioning Consul as a first class KV store versus other alternatives such as etcd or Zookeeper. Will remove this since this has not been updated with further analysis since this content was created.

* Removing from Zookeeper analysis Navbar
* Removing Zookeeper analysis from redirects
2021-06-24 07:23:57 -07:00