12454 Commits

Author SHA1 Message Date
Matt Keeler
e8b39dd255
Overhaul the auto-config translation
This fixes some issues around spurious warnings about using enterprise configuration in OSS.
2020-06-26 15:25:21 -04:00
Freddy
10d6e9c458
Split up unused key validation for oss/ent (#8189)
Split up unused key validation in config entry decode for oss/ent.

This is needed so that we can return an informative error in OSS if namespaces are provided.
2020-06-25 13:58:29 -06:00
Daniel Nephin
a891ee8428
Merge pull request #8176 from hashicorp/dnephin/add-linter-unparam-1
lint: add unparam linter and fix some of the issues
2020-06-25 15:34:48 -04:00
Freddy
70cf674d72
Merge pull request #8186 from hashicorp/docs-cleanup 2020-06-25 11:44:24 -06:00
Freddy
e10058bc3f
Update website/pages/docs/acl/auth-methods/jwt.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2020-06-25 11:43:42 -06:00
Kenia
5dd923ee8b
ui: Support ingress gateways upstreams with multiple addresses (#8185)
* Upgrade consul-api-double to version 3.1.2

* Display multiple addresses for ingress gateway upstreams
2020-06-25 09:50:39 -04:00
Matt Keeler
7041f69892
Merge pull request #8184 from hashicorp/bugfix/goroutine-leaks 2020-06-25 09:22:19 -04:00
freddygv
166da8f710 Remove remaining beta tags 2020-06-24 16:12:24 -06:00
freddygv
3f01e08ae0 Remove stray instruction 2020-06-24 16:12:08 -06:00
freddygv
98c5eb8868 Add docs for upstream destination's namespace 2020-06-24 16:11:44 -06:00
Chris Piraino
df48db0abd
Merge pull request #7932 from hashicorp/ingress/internal-ui-endpoint-multiple-ports
Update gateway-services-nodes API endpoint to allow multiple addresses
2020-06-24 17:11:01 -05:00
freddygv
394b1f2e7f Add tabs to config entry examples 2020-06-24 16:10:46 -06:00
Chris Piraino
f213d3592a remove obsolete comments about test parallelization 2020-06-24 16:36:13 -05:00
Chris Piraino
b3db907bdf Update gateway-services-nodes API endpoint to allow multiple addresses
Previously, we were only returning a single ListenerPort for a single
service. However, we actually allow a single service to be serviced over
multiple ports, as well as allow users to define what hostnames they
expect their services to be contacted over. When no hosts are defined,
we return the default ingress domain for any configured DNS domain.

To show this in the UI, we modify the gateway-services-nodes API to
return a GatewayConfig.Addresses field, which is a list of addresses
over which the specific service can be contacted.
2020-06-24 16:35:23 -05:00
Matt Keeler
e9835610f3
Add a test for go routine leaks
This is in its own separate package so that it will be a separate test binary that runs thus isolating the go runtime from other tests and allowing accurate go routine leak checking.

This test would ideally use goleak.VerifyTestMain but that will fail 100% of the time due to some architectural things (blocking queries and net/rpc uncancellability).

This test is not comprehensive. We should enable/exercise more features and more cluster configurations. However its a start.
2020-06-24 17:09:50 -04:00
Matt Keeler
29d0cfdd7d
Fix go routine leak in auto encrypt ca roots tracking 2020-06-24 17:09:50 -04:00
Matt Keeler
25a4f3c83b
Allow cancelling blocking queries in response to shutting down. 2020-06-24 17:09:50 -04:00
Rebecca Zanzig
864e7f6ae0 Rearrange k8s connect docs to make space for gateways 2020-06-24 13:35:14 -07:00
John Cowen
9e77922daa
ui: Ensure the tooltip panel chevron isn't hidden by overflow (#8183) 2020-06-24 18:07:19 +01:00
Daniel Nephin
0279bf6fe5 Update TestAgent_GetCoordinate
The old test case was a very specific regresion test for a case that is no longer possible.
Replaced with a new test that checks the default coordinate is returned.
2020-06-24 13:00:15 -04:00
Daniel Nephin
f65e21e6dc Remove unused return values 2020-06-24 13:00:15 -04:00
Daniel Nephin
010a609912 Fix a bunch of unparam lint issues 2020-06-24 13:00:14 -04:00
Matt Keeler
15e7b3940c
Ensure that retryLoopBackoff can be cancelled
We needed to pass a cancellable context into the limiter.Wait instead of context.Background. So I made the func take a context instead of a chan as most places were just passing through a Done chan from a context anyways.

Fix go routine leak in the gateway locator
2020-06-24 12:41:08 -04:00
Matt Keeler
1093212176
Add test to ensure the StopChannelContext works properly 2020-06-24 12:34:57 -04:00
Matt Keeler
e2cfa93f02
Don’t leak metrics go routines in tests (#8182) 2020-06-24 10:15:25 -04:00
Kenia
0db4cb305f
ui: Refactor composite rows to use description lists and add Tooltips (#8175)
* Update Consul Service List composite rows with Tooltips and description lists

* Update Consul Service Instance List composite rows with Tooltips and description lists

* Removed line height in reduced pill to match the description lists in the composite rows
2020-06-24 09:54:16 -04:00
gitforbit
808f632346
agent-http: cleanup: return nil instead of err (#8043)
Since err is already checked, it should return `nil`
2020-06-24 14:29:21 +02:00
Mike Morris
49fc7eb4bb
Update dev.mdx (#8090)
Remove ref to "virtual service" to avoid confusion with L7 routing virtual services, replace with "debug service".
2020-06-24 14:26:01 +02:00
Valery V. Vorotyntsev
3098bc8593
Fix quorum formula in consensus.mdx (#8166)
[Add & Remove Servers](https://learn.hashicorp.com/consul/day-2-operations/servers)
guide uses `(N/2)+1` quorum formula.  So does the
[Raft implementation](5927dcda05/raft.go (L909)).

Consensus Protocol document uses `(n+1)/2` formula.
This formula is not only different, it conflicts with the
[Deployment Table](https://www.consul.io/docs/internals/consensus.html#deployment_table)
in the same document; e.g., (6+1)/2 = 3, not 4.

Replace `(n+1)/2` with `(N/2)+1` in Consensus Protocol document.
2020-06-24 14:23:36 +02:00
Alvin Huang
2a95289f56
remove set -e for cherry-pick script since we collect errors (#8177) 2020-06-23 18:37:20 -04:00
R.B. Boyer
c63c994b04
connect: upgrade github.com/envoyproxy/go-control-plane to v0.9.5 (#8165) 2020-06-23 15:19:56 -05:00
Chris Piraino
2904cdac36
docs: Specify port in host for example (#8167)
This example shows a TLS enabled ingress config on a non-https port.
Currently, that means we require the port to be specified in one of the
host entries to route traffic.
2020-06-23 14:41:51 -05:00
John Cowen
20a6e1c638
ui: Make sure right trim doesn't try to overtrim (#8171) 2020-06-23 18:34:21 +01:00
Freddy
5f9c5ef73a
Merge pull request #8169 from hashicorp/config-entry-ns 2020-06-23 11:15:23 -06:00
John Cowen
6885c883b3
ui: Add namespaced versions of templated policies (#8173) 2020-06-23 17:58:43 +01:00
freddygv
c791fbc79c Update namespaces subject-verb agreement 2020-06-23 10:57:30 -06:00
Kenia
3dbd7f7c77
ui: Update helper to return Proxy and Service Health if the Service has a Proxy (#8168) 2020-06-23 10:28:29 -04:00
John Cowen
7a8b5e7eb7
ui: Redesigns for the token/policy/roles listings pages (#8144) 2020-06-23 10:12:04 +01:00
John Cowen
4c58f9402e
ui: Support for Node Identities (#8137)
* Add all the new data required for NodeIdentities

* Add potential NodeIdentity to the token list component

* Amend the policy-form/selector to allow node identity creation

* Fix up CSS for radio buttons and select label

* Add node-identity policy template component

* Fix up and add acceptance tests for NodeIndentities

* Make sure policy previews take node identities into account

* Only show certain policy markup if those we have those policies

* Potentially temporarily hide dt's that don't have icons yet
2020-06-23 09:59:43 +01:00
freddygv
044d027ff8 Remove break 2020-06-22 19:59:04 -06:00
freddygv
70810b0602 Let users know namespaces are ent only in config entry decode 2020-06-22 19:59:04 -06:00
Freddy
cc1407e867
Merge http2 integration test case into grpc case (#8164)
http2 is covered by grpc since grpc uses http2
2020-06-22 13:09:04 -06:00
s-christoff
818d00fda3
Add AgentMemberStatus const (#8110)
* Add AgentMemberStatus const
2020-06-22 12:18:45 -05:00
Matt Keeler
6dd0abdc9f
Update CHANGELOG.md 2020-06-22 09:03:02 -04:00
Pierre Souchay
35d852fd9a
Returns DNS Error NSDOMAIN when DC does not exists (#8103)
This will allow to increase cache value when DC is not valid (aka
return SOA to avoid too many consecutive requests) and will
distinguish DC being temporarily not available from DC not existing.

Implements https://github.com/hashicorp/consul/issues/8102
2020-06-22 09:01:48 -04:00
Brandon Romano
22239b8f6d
Merge pull request #8162 from hashicorp/nav-update
Update Nav
2020-06-22 04:15:18 -07:00
Brandon Romano
2509e8d222 Update Nav 2020-06-21 19:35:34 -07:00
Matt Keeler
4a5b352c18
Require enabling TLS to enable Auto Config (#8159)
On the servers they must have a certificate.

On the clients they just have to set verify_outgoing to true to attempt TLS connections for RPCs.

Eventually we may relax these restrictions but right now all of the settings we push down (acl tokens, acl related settings, certificates, gossip key) are sensitive and shouldn’t be transmitted over an unencrypted connection. Our guides and docs should recoommend verify_server_hostname on the clients as well.

Another reason to do this is weird things happen when making an insecure RPC when TLS is not enabled. Basically it tries TLS anyways. We should probably fix that to make it clearer what is going on.
2020-06-19 16:38:14 -04:00
Freddy
0719e3e5da
Update CHANGELOG.md 2020-06-19 13:36:37 -06:00
Freddy
b3dde7c033
Update CHANGELOG.md 2020-06-19 13:35:22 -06:00