Commit Graph

276 Commits

Author SHA1 Message Date
Dhia Ayachi db23df862c debug: remove the CLI check for debug_enabled (#10273)
* debug: remove the CLI check for debug_enabled

The API allows collecting profiles even debug_enabled=false as long as
ACLs are enabled. Remove this check from the CLI so that users do not
need to set debug_enabled=true for no reason.

Also:
- fix the API client to return errors on non-200 status codes for debug
  endpoints
- improve the failure messages when pprof data can not be collected

Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com>

* remove parallel test runs

parallel runs create a race condition that fail the debug tests

* Add changelog

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-05-31 18:46:42 +00:00
Matt Keeler 847e42399b Bump raft-autopilot version to the latest. (#10306) 2021-05-27 16:59:59 +00:00
Kenia 8a34582273 ui: Create and use collapsible notices component (#10270)
* Create and use collapsible notices

* Refactor collapsible-notices

* Split up the topology acceptance tests

* Add acceptance tests for tproxy notices

* Add component file

* Adds additional TProxy notices tests

* Adds conditional to only show collapsable if more than 2 notices are present

* Adds changelog

* Refactorting the conditonal for collapsing the notices

* Renaming undefinedIntention to be notDefinedIntention

* Refactor tests
2021-05-27 08:01:01 -04:00
Mike Morris ea9a267f01 changelog: add entry for network areas WAN config fix 2021-05-26 21:49:57 +00:00
Freddy f1ab78757e Ensure passthrough clusters can be created (#10301) 2021-05-26 21:05:55 +00:00
Freddy a2dcb9621d Avoid adding original_dst filter when not needed (#10302) 2021-05-26 21:05:24 +00:00
John Cowen 206e414908 ui: Unix Domain Socket support (#10287)
This commit adds UI support for Unix Domain Sockets for upstream and downstreams (see #9981 and #10252)
2021-05-26 16:53:03 +00:00
John Cowen dd280ee2b2 ui: Support Route optional parameters/segments (#10212)
Moves our URLs with 'optional namespace segment' into a separately abstracted 'optional URL segment' feature
2021-05-26 16:46:46 +00:00
Rémi Lapeyre 4677321753 Always set the Content-Type header when a body is present (#10204)
* Always set the Content-Type header when a body is present

Closes https://github.com/hashicorp/consul/issues/10011

* Add Changelog entry

* Add more Content-Type exceptions

* Fix tests
2021-05-25 16:15:57 +01:00
Matt Keeler f054099e84 Move some things around to allow for license updating via config reload
The bulk of this commit is moving the LeaderRoutineManager from the agent/consul package into its own package: lib/gort. It also got a renaming and its Start method now requires a context. Requiring that context required updating a whole bunch of other places in the code.
2021-05-25 13:58:35 +00:00
Matt Keeler c87ed75400 hcs-1936: Prepare for adding license auto-retrieval to auto-config in enterprise 2021-05-24 17:21:08 +00:00
Daniel Nephin 4a6b53fa22 Merge pull request #10272 from hashicorp/dnephin/backport-namespace-license-fix
Backport some ent changes for serf tags
2021-05-21 16:35:30 +00:00
Matt Keeler b6dc2e9d79 Deprecate API driven licensing.
The two methods in the API client to Put or Reset a license will now always return an error.
2021-05-21 15:11:58 +00:00
Matt Keeler d80ae8baa8 Add OSS bits for supporting specifying the enterprise license via config 2021-05-20 20:12:05 +00:00
John Cowen f69c4a2501 ui: Miscellaneous Lock Session fixes (#10225) 2021-05-19 10:08:18 +00:00
Daniel Nephin accc5db292 Merge pull request #8812 from jjshanks/GH-8728
GH-8728 add raft default values
2021-05-18 19:33:09 +00:00
R.B. Boyer 4025a6349a xds: emit a labeled gauge of connected xDS streams by version (#10243)
Fixes #10099
2021-05-14 19:00:15 +00:00
R.B. Boyer e83dc4375d server: ensure that central service config flattening properly resets the state each time (#10239)
The prior solution to call reply.Reset() aged poorly since newer fields
were added to the reply, but not added to Reset() leading serial
blocking query loops on the server to blend replies.

This could manifest as a service-defaults protocol change from
default=>http not reverting back to default after the config entry
reponsible was deleted.
2021-05-14 15:22:16 +00:00
R.B. Boyer 54f5b96a5b agent: ensure we hash the non-deprecated upstream fields on ServiceConfigRequest (#10240) 2021-05-14 15:16:27 +00:00
Freddy 0ff9a5de8a Add changelog entry for network area timeout updates (#10241) 2021-05-13 21:06:11 +00:00
John Cowen 1fe17b720a ui: Serf Health Check warning notice (#10194)
When the Consul serf health check is failing, this means that the health checks registered with the agent may no longer be correct. Therefore we show a notice to the user when we detect that the serf health check is failing both for the health check listing for nodes and for service instances.

There were a few little things we fixed up whilst we were here:

- We use our @replace decorator to replace an empty Type with serf in the model.
- We noticed that ServiceTags can be null, so we replace that with an empty array.
- We added docs for both our Notice component and the Consul::HealthCheck::List component. Notice now defaults to @type=info.
2021-05-13 10:37:46 +00:00
Iryna Shustava 47d8f050d2 Save exposed ports in agent's store and expose them via API (#10173)
* Save exposed HTTP or GRPC ports to the agent's store
* Add those the health checks API so we can retrieve them from the API
* Change redirect-traffic command to also exclude those ports from inbound traffic redirection when expose.checks is set to true.
2021-05-12 20:56:15 +00:00
R.B. Boyer 88a8656e13 connect: update supported envoy versions to 1.18.3, 1.17.3, 1.16.4, and 1.15.5 (#10231) 2021-05-12 19:06:43 +00:00
Kenia 062590180f ui: Add conditionals to Lock Session list items (#10121)
* Add conditionals to Lock Session list items

* Add changelog

* Show ID in details if there is a name to go in title

* Add copy-button if ID is in the title

* Update TTL conditional

* Update .changelog/10121.txt

Co-authored-by: John Cowen <johncowen@users.noreply.github.com>

Co-authored-by: John Cowen <johncowen@users.noreply.github.com>
2021-05-11 15:40:46 +00:00
Daniel Nephin ac0697ac48 Merge pull request #10188 from hashicorp/dnephin/dont-persist-agent-tokens
agent/local: do not persist the agent or user token
2021-05-10 19:58:59 +00:00
John Cowen b93df0e22d ui: Fix nspace spacing issue (#10157)
This fixes the spacing bug in nspaces only by only showing Description if the namespace has one, and removing the extra 2 pixel margin of dds for when dts aren't rendered/don't exist.
2021-05-10 10:20:09 +00:00
John Cowen 8522c83283 ui: Adds ability to show a 'partial' list in list-collections (#10174)
* ui: Add support for showing partial lists in ListCollection

* Add CSS for partial 'View more' button, and move all CSS to /components

* Enable partial view for intention permissions
2021-05-07 15:55:33 +00:00
John Cowen f61866fda6 ui: Loader amends/improvements (#10181)
* ui: Loader amends/improvements

1. Create a JS compatible template only 'glimmer' component so we can
use it with or without glimmer.
2. Add a set of `rose` colors.
3. Animate the brand loader to keep it centered when the side
navigation appears.
4. Tweak the color of Consul::Loader to use a 'rose' color.
5. Move everything loader related to the `app/components/` folder and
add docs.
2021-05-07 11:24:01 +00:00
John Cowen 16eb3263a3 ui: [BUGFIX] De-duplicate Tag rendering (#10186)
* Add some tests for duplicated and non-duplicated tags

* Ensure tags get de-duped and add docs

* Update docs to include info on the recursive-ness
2021-05-07 11:08:14 +00:00
Daniel Nephin dd6257e17c Merge pull request #10189 from hashicorp/dnephin/http-api-health-query-meta
http: set consistency header properly for health endpoint
2021-05-06 18:10:12 +00:00
Mark Anderson 42ff449d4f Merge pull request #9981 from hashicorp/ma/uds_upstreams
Unix Domain Socket support for upstreams and downstreams
2021-05-05 16:17:32 -04:00
Hector Simpson a1cb79b1f8 Update brand assets (#10081)
* Update header logo and inline icon

* Update full logos + layout on loading screen

* Update favicon assets and strategy
- Switches to serve an ico file alongside an SVG file
- Introduces an apple-touch-icon

* Removes unused favicon/meta assets

* Changelog item for ui

* Create component for logo

* Simplify logo component, set brand color

* Fix docs loading state CSS issue
2021-05-05 16:17:32 -04:00
Kenia f35af2bb59 ui: Add TProxy Mode notice banner to service instance Upstreams tab (#10136) 2021-05-05 16:17:32 -04:00
Kenia bc0f175bbe ui: Update not-defined intention popover and banner (#10133) 2021-05-05 16:17:32 -04:00
Kenia 3439ec2d0b ui: Update conditional for topology empty state (#10124) 2021-05-05 16:17:32 -04:00
Kenia c41ef2d7cf ui: Fix empty SVG height to prevent service mesh from breaking when there are no upstreams (#10122) 2021-05-05 16:17:32 -04:00
Kenia 1d6ebf04e6 Fix up changelog for 10002 (#10130) 2021-05-05 16:17:32 -04:00
Daniel Nephin a583415bed Merge pull request #10161 from hashicorp/dnephin/update-deps
Update a couple dependencies
2021-05-04 18:32:22 +00:00
John Cowen a666a08510 ui: Remove extra nspace value from service upstreams (#10152)
* ui: Remove extra nspace value from service upstreams
2021-05-04 16:45:27 +00:00
John Cowen 9ebc9561d9 ui: Fix text search for upstream instances (#10151)
* ui: Fix text search for upstream instances

* Clean up predicates for other model types

* Add some docs around DataCollection and searching

* Enable UI Engineering Docs for our preview sites

* Use debug CSS in dev and staging
2021-05-04 16:28:18 +00:00
John Cowen 2d6f0d1854 ui: Adds CRD popover 'informed action' for intentions managed by CRDs (#10100)
* ui: Adds CRD popover 'informed action' for intentions add via CRDs
2021-05-04 16:24:30 +00:00
Paul Banks fa1b308c7b Make Raft trailing logs and snapshot timing reloadable (#10129)
* WIP reloadable raft config

* Pre-define new raft gauges

* Update go-metrics to change gauge reset behaviour

* Update raft to pull in new metric and reloadable config

* Add snapshot persistance timing and installSnapshot to our 'protected' list as they can be infrequent but are important

* Update telemetry docs

* Update config and telemetry docs

* Add note to oldestLogAge on when it is visible

* Add changelog entry

* Update website/content/docs/agent/options.mdx

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
2021-05-04 14:40:40 +00:00
Freddy 4a4a1ebff8 Only consider virtual IPs for transparent proxies (#10162)
Initially we were loading every potential upstream address into Envoy
and then routing traffic to the logical upstream service. The downside
of this behavior is that traffic meant to go to a specific instance
would be load balanced across ALL instances.

Traffic to specific instance IPs should be forwarded to the original
destination and if it's a destination in the mesh then we should ensure
the appropriate certificates are used.

This PR makes transparent proxying a Kubernetes-only feature for now
since support for other environments requires generating virtual IPs,
and Consul does not do that at the moment.
2021-05-03 15:06:36 -06:00
Luke Kysow c816e29ef7 Give descriptive error if auth method not found (#10163)
* Give descriptive error if auth method not found

Previously during a `consul login -method=blah`, if the auth method was not found, the
error returned would be "ACL not found". This is potentially confusing
because there may be many different ACLs involved in a login: the ACL of
the Consul client, perhaps the binding rule or the auth method.

Now the error will be "auth method blah not found", which is much easier
to debug.
2021-05-03 20:39:51 +00:00
Daniel Nephin ac2aeb8f44 Merge pull request #10149 from hashicorp/dnephin/config-use-streaming-backend-defualt-true
config: default UseStreamingBackend to true
2021-04-30 20:30:28 +00:00
R.B. Boyer 145a83e436 connect: update supported envoy versions to 1.18.2, 1.17.2, 1.16.3, and 1.15.4 (#10101)
The only thing that needed fixing up pertained to this section of the 1.18.x release notes:

> grpc_stats: the default value for stats_for_all_methods is switched from true to false, in order to avoid possible memory exhaustion due to an untrusted downstream sending a large number of unique method names. The previous default value was deprecated in version 1.14.0. This only changes the behavior when the value is not set. The previous behavior can be used by setting the value to true. This behavior change by be overridden by setting runtime feature envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default.

For now to maintain status-quo I'm explicitly setting `stats_for_all_methods=true` in all versions to avoid relying upon the default.

Additionally the naming of the emitted metrics for these gRPC requests changed slightly so the integration test assertions for `case-grpc` needed adjusting.
2021-04-29 20:22:41 +00:00
R.B. Boyer df5e55fc50 xds: ensure that all envoyproxy/go-control-plane protobuf symbols are linked into the final binary (#10131)
This ensures that if someone does include some extension Consul does not currently make use of, that extension is actually usable. Without linking these envoy protobufs into the main binary it can't round trip the escape hatches to send them down to envoy.

Whenenver the go-control-plane library is upgraded next we just have to re-run 'make envoy-library'.
2021-04-29 19:58:58 +00:00
R.B. Boyer 6a39b47448 Support Incremental xDS mode (#9855)
This adds support for the Incremental xDS protocol when using xDS v3. This is best reviewed commit-by-commit and will not be squashed when merged.

Union of all commit messages follows to give an overarching summary:

xds: exclusively support incremental xDS when using xDS v3

Attempts to use SoTW via v3 will fail, much like attempts to use incremental via v2 will fail.
Work around a strange older envoy behavior involving empty CDS responses over incremental xDS.
xds: various cleanups and refactors that don't strictly concern the addition of incremental xDS support

Dissolve the connectionInfo struct in favor of per-connection ResourceGenerators instead.
Do a better job of ensuring the xds code uses a well configured logger that accurately describes the connected client.
xds: pull out checkStreamACLs method in advance of a later commit

xds: rewrite SoTW xDS protocol tests to use protobufs rather than hand-rolled json strings

In the test we very lightly reuse some of the more boring protobuf construction helper code that is also technically under test. The important thing of the protocol tests is testing the protocol. The actual inputs and outputs are largely already handled by the xds golden output tests now so these protocol tests don't have to do double-duty.

This also updates the SoTW protocol test to exclusively use xDS v2 which is the only variant of SoTW that will be supported in Consul 1.10.

xds: default xds.Server.AuthCheckFrequency at use-time instead of construction-time
2021-04-29 18:54:53 +00:00
Tara Tufano 368abd55f1 make h2ping changelog entry conform with changelog template (#10111)
LGTM!
2021-04-29 18:50:22 +00:00
Iryna Shustava f383452e87 Implement traffic redirection exclusion based on proxy config and user-provided values (#10134)
* Use proxy outbound port from TransparentProxyConfig if provided
* If -proxy-id is provided to the redirect-traffic command, exclude any listener ports
  from inbound traffic redirection. This includes envoy_prometheus_bind_addr,
  envoy_stats_bind_addr, and the ListenerPort from the Expose configuration.
* Allow users to provide additional inbound and outbound ports, outbound CIDRs
  and additional user IDs to be excluded from traffic redirection.
  This affects both the traffic-redirect command and the iptables SDK package.
2021-04-29 16:24:15 +00:00