Commit graph

154 commits

Author SHA1 Message Date
Derek Menteer 19f9de2224
Backport of Add grpc keepalive configuration into release/1.16.x (#19339) (#19346)
Add grpc keepalive configuration. (#19339)

Prior to the introduction of this configuration, grpc keepalive messages were
sent after 2 hours of inactivity on the stream. This posed issues in various
scenarios where the server-side xds connection balancing was unaware that envoy
instances were uncleanly killed / force-closed, since the connections would
only be cleaned up after ~5 minutes of TCP timeouts occurred. Setting this
config to a 30 second interval with a 20 second timeout ensures that at most,
it should take up to 50 seconds for a dead xds connection to be closed.
2023-10-24 08:52:05 -05:00
hc-github-team-consul-core 50f9a0f018
Backport of peerstream: fix flaky test related to autopilot integration into release/1.16.x (#18988)
backport of commit 312bb9637228f377f864c6274aa75b44187c0840

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2023-09-22 18:41:59 +00:00
hc-github-team-consul-core 7b03d95d6f
backport of commit f2e26c36eced387f8b5396e5969f37c8d4b6493c (#17870)
Co-authored-by: Daniel Upton <daniel@floppy.co>
2023-06-26 12:40:50 +00:00
R.B. Boyer cf31d61b07
fix some testing.T retry.R mixups (#17600)
Fix some linter warnings before updating the lint-consul-retry code in hashicorp/lint-consul-retry#4
2023-06-07 13:53:27 -05:00
skpratt eaed8c55c1
update tests for fips (#17592) 2023-06-07 10:57:56 -05:00
skpratt 1fc4bea448
add FIPS to dataplane features (#17522) 2023-05-31 10:53:37 -05:00
Derek Menteer f94f54a224
Fix namespaced peer service updates / deletes. (#17456)
* Fix namespaced peer service updates / deletes.

This change fixes a function so that namespaced services are
correctly queried when handling updates / deletes. Prior to this
change, some peered services would not correctly be un-exported.

* Add changelog.
2023-05-24 16:32:45 -05:00
Dan Stough e502be8c6e
[OSS] gRPC Blocking Queries (#17426)
* feat: initial grpc blocking queries

* changelog and docs update
2023-05-23 17:29:10 -04:00
R.B. Boyer e1110ea82d
prototest: fix early return condition in AssertElementsMatch (#17416) 2023-05-22 13:49:50 -05:00
Matt Keeler cd3dc460c5
Allow resource updates to omit an owner refs UID (#17423)
This change enables workflows where you are reapplying a resource that should have an owner ref to publish modifications to the resources data without performing a read to figure out the current owner resource incarnations UID.

Basically we want workflows similar to `kubectl apply` or `consul config write` to be able to work seamlessly even for owned resources.

In these cases the users intention is to have the resource owned by the “current” incarnation of the owner resource.
2023-05-22 10:44:49 -04:00
R.B. Boyer ce6bf1d82e
fix two typos (#17389) 2023-05-17 08:50:26 -07:00
Semir Patel 3e0d71cf22
Support update resource with change in GroupVersion (#17330) 2023-05-15 09:42:01 -05:00
Dan Upton 7abd829d0b
resource: handle ErrWatchClosed in WatchList endpoint (#17289) 2023-05-15 12:35:10 +01:00
Eric Haberkorn d645fa5ea1
sidecar-proxy refactor (#17328) 2023-05-12 16:49:42 -04:00
Dan Upton f72d75d6b2
resource: add missing validation to the List and WatchList endpoints (#17213) 2023-05-10 10:38:48 +01:00
Semir Patel f8b900d555
Reaper controller for cascading deletes of owner resources (#17256) 2023-05-09 13:57:40 -05:00
Dan Upton 270df96301
resource: add helpers for more efficiently comparing IDs etc (#17224) 2023-05-09 19:02:24 +01:00
Derek Menteer 73b65228f5
Fix issue with peer stream node cleanup. (#17235)
Fix issue with peer stream node cleanup.

This commit encompasses a few problems that are closely related due to their
proximity in the code.

1. The peerstream utilizes node IDs in several locations to determine which
nodes / services / checks should be cleaned up or created. While VM deployments
with agents will likely always have a node ID, agentless uses synthetic nodes
and does not populate the field. This means that for consul-k8s deployments, all
services were likely bundled together into the same synthetic node in some code
paths (but not all), resulting in strange behavior. The Node.Node field should
be used instead as a unique identifier, as it should always be populated.

2. The peerstream cleanup process for unused nodes uses an incorrect query for
node deregistration. This query is NOT namespace aware and results in the node
(and corresponding services) being deregistered prematurely whenever it has zero
default-namespace services and 1+ non-default-namespace services registered on
it. This issue is tricky to find due to the incorrect logic mentioned in #1,
combined with the fact that the affected services must be co-located on the same
node as the currently deregistering service for this to be encountered.

3. The stream tracker did not understand differences between services in
different namespaces and could therefore report incorrect numbers. It was
updated to utilize the full service name to avoid conflicts and return proper
results.
2023-05-08 13:13:25 -05:00
Semir Patel 9615837c60
resource: List resources by owner (#17190) 2023-05-08 12:26:19 -05:00
Semir Patel 2601f0488c
Sync .golangci.yml from ENT (#17180) 2023-04-28 17:14:37 +00:00
Semir Patel 896c39d98c
Create tombstone on resource Delete (#17108) 2023-04-28 10:49:08 -05:00
Dan Upton 6d024775a0
resource: owner references must include a uid (#17169) 2023-04-28 11:22:42 +01:00
Dan Upton 91f3abf27b
testing: RunResourceService helper (#17068) 2023-04-26 11:57:10 +01:00
Semir Patel cf50def90b
Fix or disable pipeline breaking changes that made it into main in last day or so (#17130)
* Fix straggler from renaming Register->RegisterTypes

* somehow a lint failure got through previously

* Fix lint-consul-retry errors

* adding in fix for success jobs getting skipped. (#17132)

* Temporarily disable inmem backend conformance test to get green pipeline

* Another test needs disabling

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-25 15:17:48 -05:00
Dan Upton f7c4f04060
Controller Supervision (#17016) 2023-04-25 12:52:35 +01:00
Semir Patel 2409c32e20
De-scope tenenacy requirements to OSS only for now. (#17087)
Partition and namespace must be "default"
Peername must be "local"
2023-04-24 08:14:51 -05:00
Semir Patel b12d638046
Enforce operator:write acl on WriteStatus endpoint (#17019) 2023-04-20 16:25:33 +00:00
hashicorp-copywrite[bot] 87aee8308b
[COMPLIANCE] Add Copyright and License Headers (#16854)
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-04-20 12:40:22 +00:00
Dan Upton 3466c85cc4
server: wire up in-process Resource Service (#16978) 2023-04-18 10:03:23 +01:00
Semir Patel 0674f30fc1
Tenancy wildcard validaton for Write, Read, and Delete endpoints (#17004) 2023-04-17 16:33:20 -05:00
Semir Patel fc3d024d4d
Enforce Owner rules in Write endpoint (#16983) 2023-04-14 08:19:46 -05:00
Semir Patel 1f860b99d2
Fix delete when uid not provided (#16996) 2023-04-14 08:18:24 -05:00
Semir Patel f9311318e1
Add mutate hook to Write endpoint (#16958) 2023-04-12 16:50:07 -05:00
Semir Patel 53a0755f03
Enforce ACLs on resource Write and Delete endpoints (#16956) 2023-04-12 16:22:44 -05:00
Dan Upton d46543631c
resource: WriteStatus endpoint (#16886) 2023-04-11 19:23:14 +01:00
Semir Patel 8d0d600ea3
Resource validation hook for Write endpoint (#16950) 2023-04-11 06:55:32 -05:00
Semir Patel ca19954c08
Check acls on resource Read, List, and WatchList (#16842) 2023-04-11 06:10:14 -05:00
Semir Patel 2b0a5b52c2
Resource Delete endpoint (#16756) 2023-04-06 08:58:54 -05:00
Dan Upton 4e8ab7a390
Resource Write endpoint (#16786) 2023-04-06 10:40:04 +01:00
Dan Upton 52ce151221
Raft storage backend (#16619) 2023-04-04 17:30:06 +01:00
Dan Upton 37207b4e4c
storage: fix resource leak in Watch (#16817) 2023-03-31 13:24:19 +01:00
Ronald 71fb0a723e
Copyright headers for missing files/folders (#16708)
* copyright headers for agent folder
2023-03-28 18:48:58 -04:00
Ronald dd0e8eec14
copyright headers for agent folder (#16704)
* copyright headers for agent folder

* Ignore test data files

* fix proto files and remove headers in agent/uiserver folder

* ignore deep-copy files
2023-03-28 14:39:22 -04:00
Semir Patel bd4a01f38f
Resource service List(..) endpoint (#16753) 2023-03-27 16:25:27 -05:00
Semir Patel 0b441e07cc
WatchList(..) endpoint for the resource service (#16726) 2023-03-27 14:37:54 -05:00
Semir Patel 9f607d4970
Read(...) endpoint for the resource service (#16655) 2023-03-27 10:35:39 -05:00
Semir Patel a4780c60b8
GRPC stub for the ResourceService (#16528) 2023-03-09 13:40:23 -06:00
Chris S. Kim 652b74dd37
Fix various flaky tests (#16396) 2023-02-23 14:52:18 -05:00
Derek Menteer 1c4640f0df
Fix issue with peer services incorrectly appearing as connect-enabled. (#16339)
Prior to this commit, all peer services were transmitted as connect-enabled
as long as a one or more mesh-gateways were healthy. With this change, there
is now a difference between typical services and connect services transmitted
via peering.

A service will be reported as "connect-enabled" as long as any of these
conditions are met:

1. a connect-proxy sidecar is registered for the service name.
2. a connect-native instance of the service is registered.
3. a service resolver / splitter / router is registered for the service name.
4. a terminating gateway has registered the service.
2023-02-21 13:59:36 -06:00
Matt Keeler f3c80c4eef
Protobuf Refactoring for Multi-Module Cleanliness (#16302)
Protobuf Refactoring for Multi-Module Cleanliness

This commit includes the following:

Moves all packages that were within proto/ to proto/private
Rewrites imports to account for the packages being moved
Adds in buf.work.yaml to enable buf workspaces
Names the proto-public buf module so that we can override the Go package imports within proto/buf.yaml
Bumps the buf version dependency to 1.14.0 (I was trying out the version to see if it would get around an issue - it didn't but it also doesn't break things and it seemed best to keep up with the toolchain changes)

Why:

In the future we will need to consume other protobuf dependencies such as the Google HTTP annotations for openapi generation or grpc-gateway usage.
There were some recent changes to have our own ratelimiting annotations.
The two combined were not working when I was trying to use them together (attempting to rebase another branch)
Buf workspaces should be the solution to the problem
Buf workspaces means that each module will have generated Go code that embeds proto file names relative to the proto dir and not the top level repo root.
This resulted in proto file name conflicts in the Go global protobuf type registry.
The solution to that was to add in a private/ directory into the path within the proto/ directory.
That then required rewriting all the imports.

Is this safe?

AFAICT yes
The gRPC wire protocol doesn't seem to care about the proto file names (although the Go grpc code does tack on the proto file name as Metadata in the ServiceDesc)
Other than imports, there were no changes to any generated code as a result of this.
2023-02-17 16:14:46 -05:00