16049 Commits

Author SHA1 Message Date
Jared Kirschner
f81dd817ff
Merge pull request #11818 from hashicorp/improve-url-not-found-response
http: improve 404 Not Found response message
2021-12-13 16:08:50 -05:00
R.B. Boyer
4aabbe529c
proxycfg: use external addresses in tproxy when crossing partition boundaries (#11823) 2021-12-13 14:34:49 -06:00
Jared Kirschner
2de79abc00 http: improve 404 Not Found response message
When a URL path is not found, return a non-empty message with the 404 status
code to help the user understand what went wrong. If the URL path was not
prefixed with '/v1/', suggest that may be the cause of the problem (which is a
common mistake).
2021-12-13 11:03:25 -08:00
Freddy
85fe875d07
Use anonymousToken when querying by secret ID (#11813)
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Dan Upton <daniel@floppy.co>

This query has been incorrectly querying by accessor ID since New ACLs
were added. However, the legacy token compat allowed this to continue to
work, since it made a fallback query for the anonymousToken ID.

PR #11184 removed this legacy token query, which means that the query by
accessor ID is now the only check for the anonymous token's existence.

This PR updates the GetBySecret call to use the secret ID of the token.
2021-12-13 10:56:09 -07:00
R.B. Boyer
631c649291
various partition related todos (#11822) 2021-12-13 11:43:33 -06:00
John Cowen
11ab84f840
ui: Add version information back into the footer (#11803) 2021-12-13 15:54:58 +00:00
John Cowen
2ba0e86d6d
ui: Disable setting wildcard partitions for intentions (#11804) 2021-12-13 15:42:10 +00:00
John Cowen
79b25901d7
ui: Change the URL prefix of partitions from - to _ (#11801) 2021-12-13 15:39:56 +00:00
John Cowen
79679da840
ui: Fix a problem showing the default part in a non-primary (#11800)
When switching to a non-primary datacenter we should only show the word 'default' in place of the partition menu, this fixes up a bug preventing that from happening due to erroneous if/let nesting
2021-12-13 15:08:24 +00:00
John Cowen
b5c0b35ef7
ui: Prefer shorter partition word in certain places vs Admin Partition (#11772) 2021-12-13 15:04:35 +00:00
John Cowen
be23aab001
ui: Ensure we show a special readonly page for intentions (#11767) 2021-12-13 15:02:36 +00:00
John Cowen
e4d33187b9
ui: reuse BucketList for intention view pages (#11765) 2021-12-13 15:00:51 +00:00
Kyle Havlovitz
b50ef696c6
Merge pull request #11812 from hashicorp/metrics-ui-acls
oss: use wildcard partition in metrics proxy ui endpoint
2021-12-10 16:24:47 -08:00
Kyle Havlovitz
9dcaf0539c
Merge pull request #11798 from hashicorp/vip-goroutine-check
leader: move the virtual IP version check into a goroutine
2021-12-10 15:59:35 -08:00
Kyle Havlovitz
018693b6ee acl: use wildcard partition in metrics proxy ui endpoint 2021-12-10 15:58:17 -08:00
Kyle Havlovitz
5fee1ff93e
Merge pull request #11809 from hashicorp/vip-counter-fix
state: fix freed VIP table id index
2021-12-10 15:06:27 -08:00
Kyle Havlovitz
80a4489844 state: fix freed VIP table id index 2021-12-10 14:41:45 -08:00
Kyle Havlovitz
ecbd3eb2a6 Exit before starting the vip check routine if possible 2021-12-10 14:30:50 -08:00
Chris S. Kim
8bdbe7c0fb
Update CI and release go versions to 1.17.5 (#11799) 2021-12-10 14:04:56 -05:00
Evan Culver
a0c754d44f
connect: update SNI label extraction to support new taxonomy for partitions (#11786) 2021-12-10 10:26:22 -08:00
John Cowen
4400d7c071
ui: Change partitions to expect [] from the API (#11791) 2021-12-10 14:41:08 +00:00
Freddy
0913644141
Update stray ref to old admin-partition cmd (#11797) 2021-12-09 19:10:01 -07:00
Kyle Havlovitz
04ef1c3fa0 leader: move the virtual IP version check into a goroutine 2021-12-09 17:00:33 -08:00
FFMMM
74eb257b1c
[sync ent] increase segment max limit to 4*64, make configurable (#1424) (#11795)
* commit b6eb27563e747a78b7647d2b5da405e46364cc46
Author: FFMMM <FFMMM@users.noreply.github.com>
Date:   Thu Dec 9 13:53:44 2021 -0800

    increase segment max limit to 4*64, make configurable (#1424)

    Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* fix: rename ent changelog file

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2021-12-09 15:36:11 -08:00
R.B. Boyer
7b915456fd
update changelog for ent feature (#11794) 2021-12-09 16:44:14 -06:00
Matt Keeler
bcce800f55
Various Boltdb/Raft Documentation Updates (#11793)
* Documenting the new raft_boltdb configuration options
* Add documentation around new boltdb metrics.
* Correct documentation for the consul.raft.fsm.apply metric
2021-12-09 16:18:59 -05:00
haxandmat
d013ded88d
Improved performance of the version.GetHumanVersion function by 50% on memory allocation. (#11507)
Co-authored-by: Evan Culver <eculver@hashicorp.com>
2021-12-09 13:14:06 -08:00
Chris S. Kim
71bad67a4d
Add partitions to prettyformatters (#11789) 2021-12-09 15:58:45 -05:00
Daniel Nephin
f9647ece05
Merge pull request #11780 from hashicorp/dnephin/ca-test-vault-in-secondary
ca: improve test coverage for RenewIntermediate
2021-12-09 12:29:43 -05:00
Brandon Romano
f299488fa9
Update alert banner (#11790) 2021-12-09 12:09:47 -05:00
R.B. Boyer
bb75e63eb4
agent: ensure service maintenance checks for matching partitions ahead of other errors (#11788)
This matches behavior in most other agent api endpoints.
2021-12-09 10:05:02 -06:00
John Cowen
c410d295be
ui: Amends to Routing visualization for partitions (#11747)
* Update disco fixtures now we have partitions

* Add virtual-admin-6 fixture with partition 'redirects' and failovers

* Properly cope with extra partition segment for splitters and resolvers

* Make 'redirects' and failovers look/act consistently

* Fixup some unit tests
2021-12-09 10:47:58 +00:00
John Cowen
c434fefda2
ui: Fixup notifications for tokens using and topology intention saving (#11763) 2021-12-09 09:45:24 +00:00
John Cowen
340a0e03f5
ui: Make 'dangerous' buttons have white text even in dark theme (#11756) 2021-12-09 09:37:28 +00:00
Ashwin Venkatesh
b71fff9f1c
update docs (#11784) 2021-12-08 21:21:46 -05:00
Daniel Nephin
4116a143e0 fix misleading errors on vault shutdown 2021-12-08 18:42:52 -05:00
Daniel Nephin
968aeff1bb ca: prune some unnecessary lookups in the tests 2021-12-08 18:42:52 -05:00
Daniel Nephin
305655a8b1 ca: remove duplicate WaitFor function 2021-12-08 18:42:52 -05:00
Daniel Nephin
1dec6bb815 ca: fix flakes in RenewIntermediate tests
I suspect one problem was that we set structs.IntermediateCertRenewInterval to 1ms, which meant
that in some cases the intermediate could renew before we stored the original value.

Another problem was that the 'wait for intermediate' loop was calling the provider.ActiveIntermediate,
but the comparison needs to use the RPC endpoint to accurately represent a user request. So
changing the 'wait for' to use the state store ensures we don't race.

Also moves the patching into a separate function.

Removes the addition of ca.CertificateTimeDriftBuffer as part of calculating halfTime. This was added
in a previous commit to attempt to fix the flake, but it did not appear to fix the problem. Adding the
time here was making the tests fail when using the shared patch
function. It's not clear to me why, but there's no reason we should be
including this time in the halfTime calculation.
2021-12-08 18:42:52 -05:00
Daniel Nephin
2e4e8bd791 ca: improve RenewIntermediate tests
Use the new verifyLearfCert to show the cert verifies with intermediates
from both sources. This required using the RPC interface so that the
leaf pem was constructed correctly.

Add IndexedCARoots.Active since that is a common operation we see in a
few places.
2021-12-08 18:42:52 -05:00
Daniel Nephin
a4ba1f348d ca: add a test for Vault in secondary DC 2021-12-08 18:42:51 -05:00
Daniel Nephin
a5d9b1d322 ca: Add CARoots.Active method
Which will be used in the next commit.
2021-12-08 18:41:51 -05:00
R.B. Boyer
5f5720837b
acl: ensure that the agent recovery token is properly partitioned (#11782) 2021-12-08 17:11:55 -06:00
Daniel Nephin
f72e285fe8
Merge pull request #11721 from hashicorp/dnephin/ca-export-fsm-operation
ca: use the real FSM operation in tests
2021-12-08 17:49:00 -05:00
Daniel Nephin
214dcf8d0d ca: use the real FSM operation in tests
Previously we had a couple copies that reproduced the FSM operation.
These copies introduce risk that the test does not accurately match
production.

This PR removes the test versions of the FSM operation, and exports the
real production FSM operation so that it can be used in tests.

The consul provider tests did need to change because of this. Previously
we would return a hardcoded value of 2, but in production this value is
always incremented.
2021-12-08 17:29:44 -05:00
R.B. Boyer
592ac8f96a
test: test server should auto cleanup (#11779) 2021-12-08 13:26:06 -06:00
Evan Culver
7a365fa0da
rpc: Unset partition before forwarding to remote datacenter (#11758) 2021-12-08 11:02:14 -08:00
Freddy
a031de21c0
Add v1.11.0-rc changelog entry (#11776) 2021-12-08 09:34:31 -07:00
Giovanni Torres
38c1f3b9ea docs: add missing verb
This change adds a missing verb at the end of the sentence.
2021-12-07 16:08:17 -08:00
Daniel Nephin
d9dd6944f5
Merge pull request #10895 from bigmikes/serve-panic-recovery
grpc, xds: recovery middleware to return and log error in case of panic
2021-12-07 18:34:40 -05:00