Commit Graph

9150 Commits

Author SHA1 Message Date
Kyle Havlovitz 8bff2fb245
Merge pull request #4699 from hashicorp/b-non-voter-bootstrap
Do not bootstrap with non voters
2018-09-20 11:13:21 -07:00
John Cowen 89620b93c2
ui: Turn off the code editor whilst making an edit during testing (#4668)
Having the code editor on removes the text area from the DOM, making it
more difficult to enter text in the text editor during testing. This
turns the code editor off whilst making edits during testing.

No changes to UI code
2018-09-20 10:36:30 +01:00
Alex Dadgar 43d0f96c42 do not bootstrap with non voters 2018-09-19 17:41:36 -07:00
Freddy 524192c919 Improve resilience of api pkg tests (#4676)
* Add function to wait for serfHealth in api tests

* Disable connect when creating semaphore test clients

* Wait for serfHealth when creating sessions in their tests

* Add helper functions to create lock/semaphore sessions without checks

* Log passing tests to prevent timeout in Travis due to lack of output
2018-09-18 17:47:01 +01:00
Kyle Havlovitz 1f93e02e66
Merge pull request #4672 from hashicorp/ca-refactor-2
connect/ca: add methods for generating and signing intermediate CSRs
2018-09-17 09:17:55 -07:00
Alvaro Miranda Aguilera 57cfd89c54 fix typo on connect/index (#4681)
wtihin -> within
2018-09-17 12:06:47 +01:00
Anubhav Mishra 7bc0564098 website: quick typo fix (#4683) 2018-09-17 12:06:11 +01:00
Kyle Havlovitz 57deb28ade connect/ca: tighten up the intermediate signing verification 2018-09-14 16:08:54 -07:00
Hans Hasselberg ee36591242
update ffi to dodge CVE-2018-1000201 (#4670) 2018-09-14 11:22:48 +02:00
Mitchell Hashimoto 79c6258276
website: correct chart casing 2018-09-13 14:45:40 -07:00
Kyle Havlovitz 2919519665 connect/ca: add intermediate functions to Vault ca provider 2018-09-13 13:38:32 -07:00
Kyle Havlovitz 52e8652ac5 connect/ca: add intermediate functions to Consul CA provider 2018-09-13 13:09:21 -07:00
Kyle Havlovitz d515d25856
Merge pull request #4644 from hashicorp/ca-refactor
connect/ca: rework initialization/root generation in providers
2018-09-13 13:08:34 -07:00
mkeeler ed67f97e01 Putting source back into Dev Mode 2018-09-13 16:35:46 +00:00
Paul Banks ca8abf359f
Update CHANGELOG.md 2018-09-13 17:29:39 +01:00
Paul Banks 6a814becc7
Update CHANGELOG.md 2018-09-13 17:29:24 +01:00
John Cowen b5ef6c567c
Update CHANGELOG.md 2018-09-13 17:21:39 +01:00
mkeeler 48d287ef69
Release v1.2.3 2018-09-13 15:22:25 +00:00
mkeeler 410ebb23a3 Bump the website version 2018-09-13 15:20:22 +00:00
Paul Banks 534c3617af
Update CHANGELOG.md 2018-09-13 15:44:34 +01:00
Paul Banks 74f2a80a42
Fix CA pruning when CA config uses string durations. (#4669)
* Fix CA pruning when CA config uses string durations.

The tl;dr here is:

 - Configuring LeafCertTTL with a string like "72h" is how we do it by default and should be supported
 - Most of our tests managed to escape this by defining them as time.Duration directly
 - Out actual default value is a string
 - Since this is stored in a map[string]interface{} config, when it is written to Raft it goes through a msgpack encode/decode cycle (even though it's written from server not over RPC).
 - msgpack decode leaves the string as a `[]uint8`
 - Some of our parsers required string and failed
 - So after 1 hour, a default configured server would throw an error about pruning old CAs
 - If a new CA was configured that set LeafCertTTL as a time.Duration, things might be OK after that, but if a new CA was just configured from config file, intialization would cause same issue but always fail still so would never prune the old CA.
 - Mostly this is just a janky error that got passed tests due to many levels of complicated encoding/decoding.

tl;dr of the tl;dr: Yay for type safety. Map[string]interface{} combined with msgpack always goes wrong but we somehow get bitten every time in a new way :D

We already fixed this once! The main CA config had the same problem so @kyhavlov already wrote the mapstructure DecodeHook that fixes it. It wasn't used in several places it needed to be and one of those is notw in `structs` which caused a dependency cycle so I've moved them.

This adds a whole new test thta explicitly tests the case that broke here. It also adds tests that would have failed in other places before (Consul and Vaul provider parsing functions). I'm not sure if they would ever be affected as it is now as we've not seen things broken with them but it seems better to explicitly test that and support it to not be bitten a third time!

* Typo fix

* Fix bad Uint8 usage
2018-09-13 15:43:00 +01:00
Mitchell Hashimoto 113f568509 website: document k8s go-discover (#4666)
This adds documentation for the `k8s` go-discover provider that will be part of 1.2.3.
2018-09-13 10:12:27 -04:00
Hans Hasselberg 220b17131f
Update CHANGELOG.md 2018-09-13 16:09:08 +02:00
Hans Hasselberg 8e235a72b4
Allow disabling the HTTP API again. (#4655)
If you provide an invalid HTTP configuration consul will still start again instead of failing. But if you do so the build-in proxy won't be able to start which you might need for connect.
2018-09-13 16:06:04 +02:00
John Cowen 805310e2df
Update CHANGELOG.md 2018-09-13 09:45:41 +01:00
John Cowen eb218ab93f
ui: Test bugfix. Specifically set deny for intention creation (#4663)
Make sure we speficially set and test for deny on testing intention
creation
2018-09-13 09:10:18 +01:00
John Cowen 5bb38f6ab5
ui: Tests Bugfix. Reflect extra json property `ExternalSources` in mocks (#4662)
The mocks where using randomly generated `ExternalSources` this change
makes sure they are fixed so we can reliably test the values. No change
to actual UI code
2018-09-13 09:09:59 +01:00
John Cowen 028875a732
UI: Set the CODE view as the default view for editing KV's (#4651)
Sets the code toggle on the KV edit/create page to be on by default, we figured most people probably prefer this view.

Also, previously we forced the KV toggle back to a default setting for every
time you visited a KV form page. We've now changed this so that the KV code
toggle button acts as a 'global' toggle. So whatever you set it as will
be the same for every KV for the lifetime of your 'ember session'

If we are to keep this, then consider saving this into localStorage
settings or similar, added some thoughts in comments re: this as it's very likely
to happen.
2018-09-13 09:09:30 +01:00
Rebecca Zanzig b8736e2b5c
Merge pull request #4665 from hashicorp/docs/gh-4616
Update required golang version in Readme
2018-09-12 15:19:58 -07:00
Rebecca Zanzig 183a847c7f Update required golang version in Readme
Fixes #4616.
2018-09-12 14:44:07 -07:00
Kyle Havlovitz 5c7fbc284d connect/ca: hash the consul provider ID and include isRoot 2018-09-12 13:44:15 -07:00
John Cowen f54fd21946
ui: [BUGFIX] Intentions were showing the wrong notification on creation (#4658)
The error notification was being shown on creation of an intention. This
was as a result of #4572 and/or #4572 and has not been included in a
release.

This includes a fix, plus tests to try to prevent any further regression.
2018-09-12 20:41:43 +01:00
John Cowen 0757a08684
ui: Adds a `default` view helper for providing a default value (#4650)
If the first value passed to the helper is an empty string or undefined
then return the second value
2018-09-12 20:38:57 +01:00
John Cowen 5ea748005c
UI: External Source markers (#4640)
1. Addition of external source icons for services marked as such.
2. New %with-tooltip css component (wip)
3. New 'no healthcheck' icon as external sources might not have
healthchecks, also minus icon on node cards in the service detail view
4. If a service doesn't have healthchecks, we use the [Services] tabs as the
default instead of the [Health Checks] tab in the Service detail page. 
5. `css-var` helper. The idea here is that it will eventually be
replaced with pure css custom properties instead of having to use JS. It
would be nice to be able to build the css variables into the JS at build
time (you'd probably still want to specify in config which variables you
wanted available in JS), but that's possible future work.

Lastly there is probably a tiny bit more testing edits here than usual,
I noticed that there was an area where the dynamic mocking wasn't
happening, it was just using the mocks from consul-api-double, the mocks
I was 'dynamically' setting happened to be the same as the ones in
consul-api-double. I've fixed this here also but it wasn't effecting
anything until actually made certain values dynamic.
2018-09-12 20:23:39 +01:00
John Cowen 981882d5ff
UI: Bugfix. Remove split view code editor (#4615)
When adding an auto resizing (heightwise) code editor, the
ivy-codemirror plugin seems to do this using more nested divs. This div
had a horizontal scroller but couldn't be seen on some platforms (with
hidden scrollbars). This commit makes the code editor slightly more
usable and more visually correct by removing the scroll bar in this div
to stop producing the 'split view look', yet keeping the horizontal
scroller at the bottom of the code editor for when you enter code that
is wider than the area. A max-width has also been added here to prevent
the text area from growing off the side of the page.

Another improvement to the code editor here is the addition of a nicer
color for hightlighting text selection so its at least visible.

Lastly, there was a way you could get the bottom horizontal scrollbar to overlay
the code in the editor. This makes sure there is always some space at
the bottom of the editor to make sure the code won't be obscured
2018-09-12 20:18:12 +01:00
John Cowen e5f300dd21
UI: Bugfix. Move to a different TextEncoder/Decoder (#4613)
1. The previously used TextEncoder/Decoder (used as a polyfill for
browsers that don't have a native version) didn't expose an encoder via
CommonJS. Use a different polyfill that exposes both a decoder and an
encoder.
2. The feature detection itself was flawed. This does a less error prone
detection that ensures native encoding/decoding where available and polyfilled
encoding/decoding where not available.
2018-09-12 20:15:58 +01:00
Jack Pearkes f916962afe
Update CHANGELOG.md 2018-09-12 09:57:03 -07:00
Benjamin Sago 20645c8459 Exit with error code 1 when failing to list DCs (#4583)
Fixes #4582.
2018-09-12 09:55:02 -07:00
Mitchell Hashimoto 5943c79ed4
Initial Helm Chart/K8S Docs (#4653)
* website: initial Kubernetes section with Helm information

* website: extraConfig for clients

* website: add more helm fields

* website: document extraVolumes

* website: document Consul DNS

* website: fix typos and show example of downward API
2018-09-12 08:44:30 -07:00
Pierre Souchay 1a906ef34e Fix more unstable tests in agent and command 2018-09-12 14:49:27 +01:00
Kyle Havlovitz c112a72880
connect/ca: some cleanup and reorganizing of the new methods 2018-09-11 16:43:04 -07:00
Paul Banks ea5acd3dd3
Update CHANGELOG.md 2018-09-11 17:35:59 +01:00
Pierre Souchay 2fe728c7bd Ensure that Proxies ARE always cleaned up, event with DeregisterCriticalServiceAfter (#4649)
This fixes https://github.com/hashicorp/consul/issues/4648
2018-09-11 17:34:09 +01:00
Freddy b66763eb33
Update snapshot agent docs to include s3-endpoint (#4652) 2018-09-11 16:32:31 +01:00
Matt Keeler b3ca084e82
Update CHANGELOG.md 2018-09-11 10:48:12 -04:00
Matt Keeler 3005011efd
Update CHANGELOG.md 2018-09-11 10:42:55 -04:00
Paul Banks 97b9cdbfe8
Update CHANGELOG.md 2018-09-11 15:34:24 +01:00
Matt Keeler 60f5fb1419
Update CHANGELOG.md 2018-09-11 09:40:17 -04:00
Matt Keeler d3ee66eed4
Add ECS option to EDNS responses where appropriate (#4647)
This implements parts of RFC 7871 where Consul is acting as an authoritative name server (or forwarding resolver when recursors are configured)

If ECS opt is present in the request we will mirror it back and return a response with a scope of 0 (global) or with the same prefix length as the request (indicating its valid specifically for that subnet).

We only mirror the prefix-length (non-global) for prepared queries as those could potentially use nearness checks that could be affected by the subnet. In the future we could get more sophisticated with determining the scope bits and allow for better caching of prepared queries that don’t rely on nearness checks.

The other thing this does not do is implement the part of the ECS RFC related to originating ECS headers when acting as a intermediate DNS server (forwarding resolver). That would take a quite a bit more effort and in general provide very little value. Consul will currently forward the ECS headers between recursors and the clients transparently, we just don't originate them for non-ECS clients to get potentially more accurate "location aware" results.
2018-09-11 09:37:46 -04:00
Mitchell Hashimoto e3cabb3a26
Merge pull request #4646 from hashicorp/b-fix-build
Detect correct GOOS/ARCH for copying binary with build_consul_local
2018-09-10 13:42:20 -07:00