Commit Graph

13087 Commits

Author SHA1 Message Date
John Cowen e88367fd06 ui: Include nspace in up/downstream link when nspaces are enabled (#9257) 2020-11-24 14:34:40 +00:00
Freddy ff5215d882 Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-23 06:27:20 -07:00
Kenia 0de23419d6
ui: Card component nspace refactor (#9228) (#9248)
* Refactoring conditional for showing nspaces

* Styling empty state for Stats component
2020-11-20 11:41:57 -05:00
R.B. Boyer 140c220131
[1.9.0] command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9230)
Manual backport of #9229 into 1.9.0 branch

Fixes #9215
2020-11-19 15:33:41 -06:00
John Cowen 727a1053be ui: Alter background color of filter bars (#9238) 2020-11-19 16:08:12 +00:00
John Cowen 84fd590930 ui: Surface 'detail' of API errors in the error page (#9237)
* ui: Surface 'detail' of API errors in the error page

* Make UI generated 404s look less bare
2020-11-19 16:07:41 +00:00
John Cowen 6b3d403c7b ui: ACL Tokens > Roles and Policy search and sort (#9236)
* ui: Ensure search is enabled for child items in the ACLs area

* Refactor comparators to reuse some utility functions

* Add search and sorting to the ACLs child selector

* Add tests for searching within child selectors

* Allow sorting by CreateIndex
2020-11-19 16:06:54 +00:00
John Cowen d830f76bfe ui: Sort lists with health by unhealthy/healthy by default (#9234)
* ui: Update lists with Health to sort by unhealthy/healthy by default

* Fix up tests for new sorting

* Make specific services page-navigation test
2020-11-19 16:06:14 +00:00
John Cowen ae049b7b96 ui: All metrics cards should default to the default nspace if not set (#9223)
* ui: All metrics cards should default to the default nspace if not set

* Use the up/downstream as the data/nspace for up/downstreams not the service
2020-11-19 16:05:15 +00:00
John Cowen efe29ed5e7 ui: Remove ghost healthcheck from the service instance healthcheck list (#9220)
* ui: Fixup service instance healthcheck list not to show ghost check

If the proxy is undefined, then an undefined vaule is appended to the
list of checks

* There are only 6 checks in the mocks so only expect 6
2020-11-19 16:03:04 +00:00
Daniel Nephin 02314a5047
Merge pull request #9225 from hashicorp/dnephin/1.9.0-fix-multiple-http-listeners
[1.9.0] agent: fix bug with multiple listeners
2020-11-18 16:52:12 -05:00
Daniel Nephin b2c5e2d059 Use freeport
To prevent other tests which already use freeport from flaking when port 0 steals their reserved port.
2020-11-18 16:07:00 -05:00
Daniel Nephin c6381b7e2b agent: fix bug with multiple listeners
Previously the listener was being passed to a closure in a loop without
capturing the loop variable. The result is only the last listener is
used, so the http/https servers only listen on one address.

This problem is fixed by capturing the variable by passing it into a
function.
2020-11-18 14:39:26 -05:00
Mike Morris 883ba66bed Merge branch 'release/1.9.0-rc1' of github.com:hashicorp/consul into release/1.9.0-rc1 2020-11-18 10:28:50 -05:00
hashicorp-ci b22f57fcf2 Putting source back into Dev Mode 2020-11-17 17:42:59 +00:00
Mike Morris f3108c4901 changelog: fixup changelog.tmpl formatting 2020-11-17 11:37:52 -05:00
hashicorp-ci 35d3e629ed
Release v1.9.0-rc1 2020-11-17 16:28:09 +00:00
hashicorp-ci 15ef28f57a
update bindata_assetfs.go 2020-11-17 16:28:08 +00:00
Mike Morris c34ef87cc1 changelog: add unreleased UI entries 2020-11-17 11:16:57 -05:00
Kenia 64bf6d9ca7 ui: Changelog changes (#9209) 2020-11-17 11:15:35 -05:00
Mike Morris 7bf22dac6e changelog: add unreleased v1.9.0-rc1 entries 2020-11-16 22:29:26 -05:00
Freddy ef7ee6840a Add DC and NS support for Envoy metrics (#9207)
This PR updates the tags that we generate for Envoy stats.

Several of these come with breaking changes, since we can't keep two stats prefixes for a filter.
2020-11-16 19:55:18 -07:00
Kit Patella 88b013be99 Merge pull request #9198 from hashicorp/mkcp/telemetry/add-all-metric-definitions
Add metric definitions for all metrics known at Consul start
2020-11-16 16:26:16 -08:00
Matt Keeler dd857bfa37
Prevent panic if autopilot health is requested prior to leader establishment finishing. (#9204) 2020-11-16 17:14:56 -05:00
Matt Keeler acb44bb3b5
Add changelog entry for namespace licensing fix (#9203) 2020-11-16 17:14:45 -05:00
John Cowen 9b5ffca2c8 ui: Replace NaN and undefined metrics values with `-` (#9200)
* ui: Add functionality to metrics mocks:

1. More randomness during blocking queries
2. NaN and undefined values that come from prometheus
3. General trivial amends to bring things closer to the style of the
project

* Provider should always provide data as a string or undefined

* Use a placeholder `-` if the metrics endpoint responds with undefined data
2020-11-16 15:24:32 +00:00
Luke Kysow 35191ac381 Docs for upgrading to CRDs (#9176)
* Add Upgrading to CRDs docs
2020-11-13 23:20:11 +00:00
Kit Patella 07c0179bf8 Merge pull request #9195 from hashicorp/mkcp/changelog/add-1dot9-metrics-flag-note
add note about future metric fixes and deprecations under disable_com…
2020-11-13 22:46:14 +00:00
R.B. Boyer 2747b5145a server: intentions CRUD requires connect to be enabled (#9194)
Fixes #9123
2020-11-13 22:19:47 +00:00
Matt Keeler a316947a81 Remove this constant as it is soon to be changing and we want to prevent backwards compat issues (#9193) 2020-11-13 22:10:24 +00:00
R.B. Boyer de5e631e72 ci: update to go 1.15.5 (#9187) 2020-11-13 21:36:01 +00:00
R.B. Boyer fee0c44ab2 server: remove config entry CAS in legacy intention API bridge code (#9151)
Change so line-item intention edits via the API are handled via the state store instead of via CAS operations.

Fixes #9143
2020-11-13 20:42:57 +00:00
R.B. Boyer a955705e5e server: skip deleted and deleting namespaces when migrating intentions to config entries (#9186) 2020-11-13 19:57:12 +00:00
Mike Morris 0ba0391bdd ci: update to Go 1.15.4 and alpine:3.12 (#9036)
* ci: stop building darwin/386 binaries

Go 1.15 drops support for 32-bit binaries on Darwin https://golang.org/doc/go1.15#darwin

* tls: ConnectionState::NegotiatedProtocolIsMutual is deprecated in Go 1.15, this value is always true

* correct error messages that changed slightly

* Completely regenerate some TLS test data

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-11-13 18:03:37 +00:00
John Cowen 8067b229e7 ui: Search/sort improvements (#9183) 2020-11-13 15:56:20 +00:00
Kenia a2e0246805 ui: Pass down nspace and dc from Service model down to prometheus request (#9175)
* Pass down nspace and dc from Service model down to prometheus request

* Reviewing notes fix-ups

* Fix on dc/nspace to send from upstream/downstream card
2020-11-13 15:39:36 +00:00
R.B. Boyer d69640a6e9 server: break up Intention.Apply monolithic method (#9007)
The Intention.Apply RPC is quite large, so this PR attempts to break it down into smaller functions and dissolves the pre-config-entry approach to the breakdown as it only confused things.
2020-11-13 15:16:34 +00:00
Kenia 34b31dab50 ui: Update to not return metrics for ingress gateways (#9081) 2020-11-13 10:16:01 -05:00
Kenia f340762cca ui: Fix up typo for the UI config template url (#9109) 2020-11-13 13:01:58 +00:00
John Cowen 4743ab045e ui: Upstream Instance Search and Sort (#9172)
* ui: Add predicate, comparator and necessary files for the search/sort

* Implement search and sort for upstream instance list

* ui: Tweak CSS so its all part of the component

* Remove the old proxy test attribute
2020-11-13 10:27:19 +00:00
Kenia 676a520ce3 ui: Topology Intentions Popovers (#9137)
* Refactor grid styling for Topology page

* Crate TopologyMetrics Button component and move styling

* Create intention ID

* fixup button styling

* Return a link to the create intention page

* Rename Button to Popover component

* Fixup serializer test

* ui: Inline Topology Intention Actions  (#9153)

* Add arrow and dot to/from metrics back in

* Add addional space to have metrics wrap and show in smaller screens

* Move logic for finding positioning

* Use color variables

Co-authored-by: John Cowen <johncowen@users.noreply.github.com>
2020-11-13 10:24:34 +00:00
Kenia bc77d91587 ui: Delete Proxy Info tab (#9141)
* Remove Proxy Info and create Upstreams and Exposed Paths tabs

* Update routes formatting

* Update typo for Expose.Checks

* Remove, update, and add tests

* Make consul-upstream-instance-list into a glimmer component

* Create styling for upstream-instance-list component
2020-11-13 10:02:18 +00:00
Iryna Shustava 135e51c95f docs: add link to the OpenShift platform guide to k8s docs (#9177) 2020-11-12 23:07:10 +00:00
Kyle Schochenmaier 4142a8b86a Docs: for consul-k8s health checks (#8819)
* docs for consul-k8s health checks

Co-authored-by: Derek Strickland <1111455+DerekStrickland@users.noreply.github.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-11-12 22:57:09 +00:00
Nitya Dhanushkodi 246bb7123e Merge pull request #9179 from hashicorp/ndhanushkodi-patch-1
Update Helm compatibility matrix
2020-11-12 22:55:06 +00:00
Daniel Nephin 83338d7f9a Merge pull request #9162 from hashicorp/dnephin/fix-grpc-metrics
grpc: fix metrics
2020-11-12 22:04:18 +00:00
R.B. Boyer f815014432 agent: return the default ACL policy to callers as a header (#9101)
Header is: X-Consul-Default-ACL-Policy=<allow|deny>

This is of particular utility when fetching matching intentions, as the
fallthrough for a request that doesn't match any intentions is to
enforce using the default acl policy.
2020-11-12 16:39:16 +00:00
Matt Keeler cbf788b649 Add changelog entry for autopilot state CLI (#9161) 2020-11-11 19:55:45 +00:00
Mike Morris a8158739c7 ci: publish bindata_assetfs.go for all release/.x branches (#9158) 2020-11-11 18:40:34 +00:00
Mike Morris 89d0a1003d ci: remove nonexistant autopilot directory from go-test-race (#9159) 2020-11-11 18:39:29 +00:00