Commit Graph

13481 Commits

Author SHA1 Message Date
Daniel Nephin 39b2a30c56 Merge pull request #9259 from hashicorp/dnephin/doc-streaming-experimental
docs: mark streaming as experimental
2020-11-23 21:14:08 +00:00
Daniel Nephin 035b6a1cdb Merge pull request #9012 from hashicorp/dnephin/log-fix-rotation
logging: prune logs on startup
2020-11-23 19:57:47 +00:00
Freddy ff5215d882 Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-23 06:27:20 -07:00
Sabeen Syed b82317d506 Update NIA architecture image (#9180) 2020-11-23 07:49:22 +00:00
Sabeen Syed 97b26f19c7 Update NIA architecture image (#9180) 2020-11-23 07:49:17 +00:00
Kit Patella fe6ef7e414 Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
Telemetry/fix missing and stale docs
2020-11-20 20:55:51 +00:00
Kit Patella 6e607d7cd3 Merge pull request #9245 from hashicorp/telemetry/fix-missing-and-stale-docs
Telemetry/fix missing and stale docs
2020-11-20 20:55:45 +00:00
Kenia 0de23419d6
ui: Card component nspace refactor (#9228) (#9248)
* Refactoring conditional for showing nspaces

* Styling empty state for Stats component
2020-11-20 11:41:57 -05:00
Freddy 3ffd1fdc8b Merge pull request #9246 from hashicorp/changelog-186 2020-11-20 00:41:05 +00:00
Freddy 25c17d7afe Merge pull request #9246 from hashicorp/changelog-186 2020-11-20 00:41:01 +00:00
Freddy 4e44341d36 Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 16:50:17 -07:00
R.B. Boyer 140c220131
[1.9.0] command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9230)
Manual backport of #9229 into 1.9.0 branch

Fixes #9215
2020-11-19 15:33:41 -06:00
R.B. Boyer 32f6d17e5d command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9229)
Fixes #9215
2020-11-19 21:28:09 +00:00
Kenia 36307f1b0c ui: Card component nspace refactor (#9228)
* Refactoring conditional for showing nspaces

* Styling empty state for Stats component
2020-11-19 18:42:19 +00:00
Freddy 5137e4501d Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 17:15:17 +00:00
John Cowen 1557ee9b1b ui: Alter background color of filter bars (#9238) 2020-11-19 16:08:29 +00:00
John Cowen 727a1053be ui: Alter background color of filter bars (#9238) 2020-11-19 16:08:12 +00:00
John Cowen 1ea9592707 ui: Surface 'detail' of API errors in the error page (#9237)
* ui: Surface 'detail' of API errors in the error page

* Make UI generated 404s look less bare
2020-11-19 16:08:03 +00:00
John Cowen 84fd590930 ui: Surface 'detail' of API errors in the error page (#9237)
* ui: Surface 'detail' of API errors in the error page

* Make UI generated 404s look less bare
2020-11-19 16:07:41 +00:00
John Cowen 023618e018 ui: ACL Tokens > Roles and Policy search and sort (#9236)
* ui: Ensure search is enabled for child items in the ACLs area

* Refactor comparators to reuse some utility functions

* Add search and sorting to the ACLs child selector

* Add tests for searching within child selectors

* Allow sorting by CreateIndex
2020-11-19 16:07:13 +00:00
John Cowen 6b3d403c7b ui: ACL Tokens > Roles and Policy search and sort (#9236)
* ui: Ensure search is enabled for child items in the ACLs area

* Refactor comparators to reuse some utility functions

* Add search and sorting to the ACLs child selector

* Add tests for searching within child selectors

* Allow sorting by CreateIndex
2020-11-19 16:06:54 +00:00
John Cowen f362f166b0 ui: Sort lists with health by unhealthy/healthy by default (#9234)
* ui: Update lists with Health to sort by unhealthy/healthy by default

* Fix up tests for new sorting

* Make specific services page-navigation test
2020-11-19 16:06:20 +00:00
John Cowen d830f76bfe ui: Sort lists with health by unhealthy/healthy by default (#9234)
* ui: Update lists with Health to sort by unhealthy/healthy by default

* Fix up tests for new sorting

* Make specific services page-navigation test
2020-11-19 16:06:14 +00:00
John Cowen ae049b7b96 ui: All metrics cards should default to the default nspace if not set (#9223)
* ui: All metrics cards should default to the default nspace if not set

* Use the up/downstream as the data/nspace for up/downstreams not the service
2020-11-19 16:05:15 +00:00
John Cowen 24782b4444 ui: All metrics cards should default to the default nspace if not set (#9223)
* ui: All metrics cards should default to the default nspace if not set

* Use the up/downstream as the data/nspace for up/downstreams not the service
2020-11-19 16:04:31 +00:00
John Cowen efe29ed5e7 ui: Remove ghost healthcheck from the service instance healthcheck list (#9220)
* ui: Fixup service instance healthcheck list not to show ghost check

If the proxy is undefined, then an undefined vaule is appended to the
list of checks

* There are only 6 checks in the mocks so only expect 6
2020-11-19 16:03:04 +00:00
John Cowen 8a5670d7d5 ui: Remove ghost healthcheck from the service instance healthcheck list (#9220)
* ui: Fixup service instance healthcheck list not to show ghost check

If the proxy is undefined, then an undefined vaule is appended to the
list of checks

* There are only 6 checks in the mocks so only expect 6
2020-11-19 16:02:18 +00:00
Kit Patella b2a6b9d5c7 Merge pull request #9091 from scellef/correct-upgrade-guide
Correcting text on when default was changed in Consul
2020-11-19 00:55:56 +00:00
Kit Patella f3380b1c43 Merge pull request #9091 from scellef/correct-upgrade-guide
Correcting text on when default was changed in Consul
2020-11-19 00:55:51 +00:00
Mike Morris c2c8528073 website: update download callout for v1.9.0-rc1 2020-11-18 18:38:06 -05:00
Mike Morris 54fcfec78c Merge branch 'stable-website' into website/1.9.0-rc1 2020-11-18 18:35:01 -05:00
Daniel Nephin 6e5f062593 Merge pull request #9224 from hashicorp/dnephin/fix-multiple-http-listeners
agent: fix bug with multiple listeners
2020-11-18 21:53:27 +00:00
Daniel Nephin 02314a5047
Merge pull request #9225 from hashicorp/dnephin/1.9.0-fix-multiple-http-listeners
[1.9.0] agent: fix bug with multiple listeners
2020-11-18 16:52:12 -05:00
Daniel Nephin b2c5e2d059 Use freeport
To prevent other tests which already use freeport from flaking when port 0 steals their reserved port.
2020-11-18 16:07:00 -05:00
Daniel Nephin c6381b7e2b agent: fix bug with multiple listeners
Previously the listener was being passed to a closure in a loop without
capturing the loop variable. The result is only the last listener is
used, so the http/https servers only listen on one address.

This problem is fixed by capturing the variable by passing it into a
function.
2020-11-18 14:39:26 -05:00
Kenia cafbfec376 ui: Fix empty state conditional for Series Graph (#9221) 2020-11-18 19:02:44 +00:00
John Cowen a8024825fc ui: Remove ember-computed-style to avoid deprecation error (#9218) 2020-11-18 18:57:57 +00:00
John Cowen ff907311c2 ui: Refactor tomography graph component to glimmer and remove deprecation (#9219)
* ui: Refactor tomograph graph component to glimmer and remove deprecation

* Avoid ember-data deprecation error
2020-11-18 18:56:30 +00:00
Mike Morris 883ba66bed Merge branch 'release/1.9.0-rc1' of github.com:hashicorp/consul into release/1.9.0-rc1 2020-11-18 10:28:50 -05:00
John Cowen 3a25d048c6 ui: Change title helper to page-title (#9211) 2020-11-18 11:16:48 +00:00
John Cowen 63e96d70ff ui: Add triple curlies and reformat style attribute (#9210) 2020-11-18 11:11:58 +00:00
Daniel Nephin 6a42641eb2 Merge pull request #9160 from hashicorp/dnephin/go-test-race-in-to-out-list
ci: change go-test-race package list to exclude list
2020-11-17 18:14:09 +00:00
hashicorp-ci 2dfe2401ec Merge branch 'release/1.9.0-rc1' into remote-x 2020-11-17 17:43:03 +00:00
hashicorp-ci b22f57fcf2 Putting source back into Dev Mode 2020-11-17 17:42:59 +00:00
Mike Morris f3108c4901 changelog: fixup changelog.tmpl formatting 2020-11-17 11:37:52 -05:00
hashicorp-ci 35d3e629ed
Release v1.9.0-rc1 2020-11-17 16:28:09 +00:00
hashicorp-ci 15ef28f57a
update bindata_assetfs.go 2020-11-17 16:28:08 +00:00
Mike Morris c34ef87cc1 changelog: add unreleased UI entries 2020-11-17 11:16:57 -05:00
Kenia 64bf6d9ca7 ui: Changelog changes (#9209) 2020-11-17 11:15:35 -05:00
Matt Keeler dfaaa0b73a Refactor to call non-voting servers read replicas (#9191)
Co-authored-by: Kit Patella <kit@jepsen.io>
2020-11-17 15:54:38 +00:00