Commit Graph

20897 Commits

Author SHA1 Message Date
Eric Haberkorn f87ae3636c
Fix V2 Wildcard RBAC Regular Expressions (#18941)
fix wildcard rbac regular expressions
2023-09-21 13:53:49 -04:00
Curt Bushko bc142cd152
NET-4884 - Terminating gateway tests for namespaces & partitions (#18820)
* Add gateway test to CE
2023-09-21 10:25:27 -04:00
Derek Menteer d4ed3047f8
[NET-5589] Optimize leaf watch diff on xds controller. (#18921)
Optimize leaf watch diff on xds controller.
2023-09-21 08:11:20 -05:00
Ronald f463ebd569
Fix create dns token docs (#18927) 2023-09-21 08:33:24 -04:00
Anita Akaeze 1f941e48c1
Fix for loop in filter_changed_files_go_test script (#18931)
* iterate through array

* remove comment
2023-09-20 16:10:38 -07:00
John Murret 700d1bb37c
NET-5131 - support multiple ported upstreams tests (#18923)
* add multiple upstream ports to golden file test for destination builder

* NET-5131 - add unit tests for multiple ported upstreams

* fix merge conflicts
2023-09-20 16:14:08 -06:00
John Landa 9eaa8eb026
dns token (#17936)
* dns token

fix whitespace for docs and comments

fix test cases

fix test cases

remove tabs in help text

Add changelog

Peering dns test

Peering dns test

Partial implementation of Peered DNS test

Swap to new topology lib

expose dns port for integration tests on client

remove partial test implementation

remove extra port exposure

remove changelog from the ent pr

Add dns token to set-agent-token switch

Add enterprise golden file

Use builtin/dns template in tests

Update ent dns policy

Update ent dns template test

remove local gen certs

fix templated policy specs

* add changelog

* go mod tidy
2023-09-20 15:50:06 -06:00
Anita Akaeze 0236c48369
Update base ref property name (#18851)
* Update base ref property name

* Test skip ci (#18924)

test_push_merge

* cleanup test push code
2023-09-20 14:33:30 -07:00
Dhia Ayachi 341dc28ff9
Add namespace proto and registration (#18848)
* add namespace proto and registration

* fix proto generation

* add missing copywrite headers

* fix proto linter errors

* fix exports and Type export

* add mutate hook and more validation

* add more validation rules and tests

* Apply suggestions from code review

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>

* fix owner error and add test

* remove ACL for now

* add tests around space suffix prefix.

* only fait when ns and ap are default, add test for it

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
2023-09-20 15:20:20 -04:00
John Maguire 9e3794ee48
Fix changelog order (#18918)
* Fix changelog order

* fix ordering or entries
2023-09-20 13:42:17 -04:00
R.B. Boyer d574473fd1
mesh: make FailoverPolicy work in xdsv2 and ProxyStateTemplate (#18900)
Ensure that configuring a FailoverPolicy for a service that is reachable via a xRoute or a direct upstream causes an envoy aggregate cluster to be created for the original cluster name, but with separate clusters for each one of the possible destinations.
2023-09-20 11:59:01 -05:00
Ronald c8299522b5
[NET-5332] Add nomad server templated policy (#18888)
* [NET-5332] Add nomad server templated policy

* slksfd
2023-09-20 12:10:55 -04:00
John Maguire 6533e70141
Added changelog entries for 1.14.10, 1.15.6, 1.16.2 (#18917) 2023-09-20 11:37:46 -04:00
Nitya Dhanushkodi 3a2e62053a
v2: various fixes to make K8s tproxy multiport acceptance tests and manual explicit upstreams (single port) tests pass (#18874)
Adding coauthors who mobbed/paired at various points throughout last week.
Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
Co-authored-by: Iryna Shustava <iryna@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Michael Wilkerson <mwilkerson@hashicorp.com>
2023-09-20 00:02:01 +00:00
Nick Ethier 1a3081ab32
agent/config: prevent startup if resource-apis experiment and cloud are enabled (#18876) 2023-09-19 19:50:45 -04:00
Blake Covarrubias 5d349cf6f3
docs: Add complete auth method payloads (#18849)
This commit modifies the example payloads for various auth methods to
remove 'other fields' and instead use complete example payloads.
2023-09-19 23:34:54 +00:00
R.B. Boyer 07d916e84f
resource: ensure resource.AuthorizerContext properly strips the local… (#18908)
resource: ensure resource.AuthorizerContext properly strips the local peer name
2023-09-19 17:14:15 -05:00
Blake Covarrubias 019c62e1ba
xds: Use downstream protocol when connecting to local app (#18573)
Configure Envoy to use the same HTTP protocol version used by the
downstream caller when forwarding requests to a local application that
is configured with the protocol set to either `http2` or `grpc`.

This allows upstream applications that support both HTTP/1.1 and
HTTP/2 on a single port to receive requests using either protocol. This
is beneficial when the application primarily communicates using HTTP/2,
but also needs to support HTTP/1.1, such as to respond to Kubernetes
HTTP readiness/liveness probes.

Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-09-19 14:32:28 -07:00
Tu Nguyen db9ac4dc55
Add note about service upstream env var dot broken (#18895)
* add note about service upstream env var dot broken

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-09-19 12:06:01 -07:00
Chris Thain a071899684
Add otel-access-logging Envoy extension integration test (#18898) 2023-09-19 19:04:47 +00:00
Blake Covarrubias a62c75f43c
docs: Remove YAML service registration examples (#18877)
Remove YAML service registration examples and replace them with JSON.
This is because YAML is not a supported configuration format for the
Consul's agent configuration, nor is it supported by the HTTP API.

This commit replaces the YAML examples with JSON and adds additional
JSON examples where they were missing.
2023-09-19 18:41:16 +00:00
Ronald 70e738ce20
Add operator audit endpoint changes (#18899) 2023-09-19 13:05:06 -04:00
Jeff Boruszak 203a36821e
docs: Apigee extension backport (#18847)
* commit

* link text edits
2023-09-19 09:23:52 -07:00
Blake Covarrubias a2e50a63ad
docs: Fix Kubernetes CRD example configs (#18878)
Fixes configuration examples for several Consul Kubernetes CRDs. The
CRDs were missing required fields such as `apiVersion`, `metadata`,
and `spec`.

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-09-19 15:50:03 +00:00
Blake Covarrubias 5843efe16a
Fix code block examples on dns-static-lookups.mdx (#18880)
HCL and JSON configuration examples were being displayed in the same
code block. This commit separates the configurations to properly
display them as independent configuration examples.
2023-09-19 08:39:57 -07:00
Blake Covarrubias f3bf3295f6
docs: Fix HCL, JSON, and YAML syntax errors (#18879)
This commit fixes syntax errors in HCL, JSON, and YAML example
configurations. In some cases, it replaces the code example with the
proper format for the code block.

Also fixes HCL formatting and misc opportunistic updates to codeblock.

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-09-19 08:39:26 -07:00
Eric Haberkorn 170417ac97
Honor Default Traffic Permissions in V2 (#18886)
wire up v2 default traffic permissions
2023-09-19 10:42:32 -04:00
cskh 9b497f8c78
CI: lint test-integ (#18875)
* CI: lint test-integ

* fix lint error
2023-09-19 10:05:51 -04:00
Ashesh Vidyut 6fd33ba30d
NET-4519 Collecting journald logs in "consul debug" bundle (#18797)
* debug since

* fix docs

* chagelog added

* fix go mod

* debug test fix

* fix test

* tabs test fix

* Update .changelog/18797.txt

Co-authored-by: Ganesh S <ganesh.seetharaman@hashicorp.com>

---------

Co-authored-by: Ganesh S <ganesh.seetharaman@hashicorp.com>
2023-09-19 08:46:50 +05:30
Iryna Shustava 212793a4ee
mesh: only build tproxy outbound listener once per destination (#18836)
Previously, when using implicit upstreams, we'd build outbound listener per destination instead of one for all destinations. This will result in port conflicts when trying to send this config to envoy.

This PR also makes sure that leaf and root references are always added (before we would only add it if there are inbound non-mesh ports).

Also, black-hole traffic when there are no inbound ports other than mesh
2023-09-18 18:26:13 -06:00
Chris S. Kim 91e6c3a82f
Remove flaky test assertions (#18870) 2023-09-18 15:56:23 -07:00
Semir Patel 62796a1454
resource: mutate and validate before acls on write (#18868) 2023-09-18 17:04:29 -05:00
R.B. Boyer dabbc9627b
mesh: normalize/default/validate tenancy components of mesh internal References (#18827)
HTTPRoute, GRPCRoute, TCPRoute, and Upstreams resources contain inner
Reference fields. We want to ensure that components of those reference Tenancy
fields left unspecified are defaulted using the tenancy of the enclosing resource.

As the underlying helper being used to do the normalization calls the function
modified in #18822, it also means that the PeerName field will be set to "local" for
now automatically to avoid "local" != "" issues downstream.
2023-09-18 17:02:13 -05:00
R.B. Boyer 696aa1bbd2
mesh: update xds controller to synthesize empty endpoints when no endpoints ref is found (#18835) 2023-09-18 16:19:54 -05:00
Ronald 49cb84297f
Move ACL templated policies to hcl files (#18853) 2023-09-18 17:10:35 -04:00
Andrew Stucki 087539fc7b
Fix gateway services cleanup where proxy deregistration happens after service deregistration (#18831)
* Fix gateway services cleanup where proxy deregistration happens after service deregistration

* Add test

* Add changelog

* Fix comment
2023-09-18 16:19:17 -04:00
R.B. Boyer b4d5178e5c
catalog: normalize/default/validate tenancy components of FailoverPolicy internal References (#18825)
FailoverPolicy resources contain inner Reference fields. We want to ensure 
that components of those reference Tenancy fields left unspecified are defaulted 
using the tenancy of the enclosing FailoverPolicy resource.

As the underlying helper being used to do the normalization calls the function 
modified in #18822, it also means that the PeerName field will be set to "local" for 
now automatically to avoid "local" != "" issues downstream.
2023-09-18 14:59:08 -05:00
Gautam 132c1eaa87
Adding Apigee for ext_authz, minor fix in the default ext_authz docs (#18796)
* adding apigee for ext_authz, minor fix

* adding the Apigee docs to nav

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>

* addressing feedback

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
2023-09-18 11:23:11 -07:00
cskh 4357362973
grafana: display connected consul-dataplanes (#18842) 2023-09-18 13:23:02 -04:00
Blake Covarrubias 17901acd4f
docs: Fix typo in description for server_addresses (#18838)
Change 'If not port' to 'If no port'.

Resolves #18553
2023-09-18 17:14:41 +00:00
Dhia Ayachi 4435e4a420
add v2 tenancy bridge Flag and v2 Tenancy Bridge initial implementation (#18830)
* add v2 tenancy bridge and a feature flag for v2 tenancy

* move tenancy bridge v2 under resource package
2023-09-18 12:25:05 -04:00
Poonam Jadhav bf4e0b1aa9
fix: provide meaningful error messages and add test (#18772)
* fix: provide meaningful error messages and add test

* fix: return error instead of warning when extra args are provided
2023-09-18 09:09:31 -04:00
Ashesh Vidyut 0018b7e5a8
Fixes for integration tests windows for ENT (#18839)
* fixes for integration tests

* fix runner size for enterprise

* fix spacing

* fix spacing

* removed branch test run
2023-09-18 10:45:22 +05:30
Ashesh Vidyut 5d99fb7bdf
Audit log consul 1.17x changes (#18669)
* audit log consul 1.17x changes

* added some details

* verbose
2023-09-16 10:14:27 +05:30
Chris S. Kim 461549e304
Adjust metrics test (#18837) 2023-09-15 23:15:42 +00:00
Iryna Shustava a89938e0c1
catalog: Default protocol to tcp in catalog.Service if unspecified (#18832) 2023-09-15 15:11:56 -06:00
R.B. Boyer 5cde50dee7
mesh: prevent writing a ComputedRoutes with no ported configs (#18833) 2023-09-15 15:13:01 -05:00
Chris S. Kim edf56ee970
Fix nondeterministic test (#18828) 2023-09-15 15:23:49 -04:00
skpratt 1fda2965e8
Allow empty data writes for resources (#18819)
* allow nil data writes for resources

* update demo to test valid type with no data
2023-09-15 14:00:23 -05:00
James Hartig b2e21c103f
consul operator raft transfer-leader should send the id (#17107)
Fixes #16955

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2023-09-15 14:38:59 -04:00