Commit Graph

15009 Commits

Author SHA1 Message Date
Daniel Nephin 00bd81ab66 add changelog 2021-08-18 12:54:11 -04:00
Daniel Nephin fc4bfabf67 docs: update CLI reference docs for debug
the cluster target was renamed to members.
2021-08-18 12:29:34 -04:00
Daniel Nephin 064c43ee69 debug: restore cancel on SigInt
Some previous changes broke interrupting the debug on SigInterupt. This change restores
the original behaviour by passing a context to requests.

Since a new API client function was required to pass the context, I had
it also return an io.ReadCloser, so that output can be streamed to files
instead of fully buffering in process memory.
2021-08-18 12:29:34 -04:00
Daniel Nephin d2f5b4d335 debug: improve a couple of the test cases
Use gotest.tools/v3/fs to make better assertions about the files

Remove the TestAgent from TestDebugCommand_Prepare_ValidateTiming, since we can test that validation
without making any API calls.
2021-08-18 12:29:34 -04:00
Daniel Nephin bf30404412 debug: rename cluster target to members
The API is called members. Using the same name as the API should help describe the contents
of the file.
2021-08-18 12:29:34 -04:00
Daniel Nephin e1eab6509c debug: remove unused 2021-08-18 12:29:33 -04:00
Daniel Nephin 6b777033c5
Merge pull request #10869 from roopakv/roopak/xsys
Update x/sys to support go 1.17
2021-08-18 11:01:42 -04:00
R.B. Boyer e565409c6a
state: partition the usage metrics subsystem (#10867) 2021-08-18 09:27:15 -05:00
Roopak Venkatakrishnan d4dacd0e2e Update x/sys to support go 1.17 2021-08-18 03:00:22 +00:00
R.B. Boyer 1cef3c99c2
state: adjust streaming event generation to account for partitioned nodes (#10860)
Also re-enabled some tests that had to be disabled in the prior PR.
2021-08-17 16:49:26 -05:00
R.B. Boyer e50e13d2ab
state: partition nodes and coordinates in the state store (#10859)
Additionally:

- partitioned the catalog indexes appropriately for partitioning
- removed a stray reference to a non-existent index named "node.checks"
2021-08-17 13:29:39 -05:00
Daniel Nephin 9c99249427
Merge pull request #10814 from hashicorp/dnephin/acl-resolver-4
acl: remove ACLDisabledTTL
2021-08-17 14:19:00 -04:00
Daniel Nephin fb11d0f6c8
Merge pull request #10808 from hashicorp/dnephin/acl-resolver-3
acl: isolate the config used by ACLResolver
2021-08-17 14:18:46 -04:00
Daniel Nephin 9e0dc650f3 proto: mark the DisabledTTL field as deprecated
Using both the name and the field option.
2021-08-17 13:34:18 -04:00
Daniel Nephin 5a82859ee1 acl: small improvements to ACLResolver disable due to RPC error
Remove the error return, so that not handling is not reported as an
error by errcheck. It was returning the error passed as an arg
unmodified so there is no reason to return the same value that was
passed in.

Remove the term upstreams to remove any confusion with the term used in
service mesh.

Remove the AutoDisable field, and replace it with the TTL value, using 0
to indicate the setting is turned off.

Replace "not Before" with "After".

Add some test coverage to show the behaviour is still correct.
2021-08-17 13:34:18 -04:00
Daniel Nephin 09ae0ab94a acl: make ACLDisabledTTL a constant
This field was never user-configurable. We always overwrote the value with 120s from
NonUserSource. However, we also never copied the value from RuntimeConfig to consul.Config,
So the value in NonUserSource was always ignored, and we used the default value of 30s
set by consul.DefaultConfig.

All of this code is an unnecessary distraction because a user can not actually configure
this value.

This commit removes the fields and uses a constant value instad. Someone attempting to set
acl.disabled_ttl in their config will now get an error about an unknown field, but previously
the value was completely ignored, so the new behaviour seems more correct.

We have to keep this field in the AutoConfig response for backwards compatibility, but the value
will be ignored by the client, so it doesn't really matter what value we set.
2021-08-17 13:34:18 -04:00
Daniel Nephin a8bc964241 Fix test failures
Tests only specified one of the fields, but in production we copy the
value from a single place, so we can do the same in tests.

The AutoConfig test broke because of the problem noticed in a previous
commit. The DisabledTTL is not wired up properly so it reports 0s here.
Changed the test to use an explicit value.
2021-08-17 13:32:52 -04:00
Daniel Nephin 0d69b49f41 config: remove ACLResolver settings from RuntimeConfig 2021-08-17 13:32:52 -04:00
Daniel Nephin 75baa22e64 acl: remove ACLResolver config fields from consul.Config 2021-08-17 13:32:52 -04:00
Daniel Nephin 454f62eacc acl: replace ACLResolver.Config with its own struct
This is step toward decoupling ACLResolver from the agent/consul
package.
2021-08-17 13:32:52 -04:00
Daniel Nephin 845f23b49e
Merge pull request #10661 from hashicorp/dnephin/remove-legacy-acls-1
http: disable legacy ACL API endpoints
2021-08-17 13:32:22 -04:00
Daniel Nephin 5e5ad62679 acl: remove ACLRulesTranslateLegacyToken API endpoint 2021-08-17 13:10:02 -04:00
Daniel Nephin be0358df02 acl: remove legacy bootstrap
Return an explicit error from the RPC, and remove the flag from the HTTP API.
2021-08-17 13:10:00 -04:00
Daniel Nephin d77ea40203 cli: remove a test case for updating a legacy token
Legacy tokens are no longer accepted, so we don't need to test their upgrade path.
2021-08-17 13:09:30 -04:00
Daniel Nephin baa27e2b4c api: remove client library tests for old API endpoints
These methods are being kept around in the api module for now to allow the api module
to work with older versions of the HTTP API, but we are no longer able to test them.

Since the endpoints are removed there is no way for them to change, so there does not
appear to be a need to keep running the tests.
2021-08-17 13:09:30 -04:00
Daniel Nephin d877673268 agent: update some tests that were using legacy ACL endpoints
The tests were updated to use the new ACL endpoints now that the legacy ones have been removed.
2021-08-17 13:09:30 -04:00
Daniel Nephin 10791b007d http: update legacy ACL endpoints to return an error
Also move a test for the ACLReplicationStatus endpoint into the correct file.
2021-08-17 13:09:29 -04:00
Daniel Nephin 4f54d9708c acl: add some notes about removing legacy ACL system 2021-08-17 13:08:29 -04:00
Daniel Nephin e4c6bee7e6
Merge pull request #10792 from hashicorp/dnephin/rename-authz-vars
acl: use authz consistently as the variable name for an acl.Authorizer
2021-08-17 13:07:17 -04:00
Daniel Nephin 7f71a672f3
Merge pull request #10807 from hashicorp/dnephin/remove-acl-datacenter
config: remove ACLDatacenter
2021-08-17 13:07:09 -04:00
Daniel Nephin 608b291565 acl: use authz consistently as the variable name for an acl.Authorizer
Follow up to https://github.com/hashicorp/consul/pull/10737#discussion_r682147950

Renames all variables for acl.Authorizer to use `authz`. Previously some
places used `rule` which I believe was an old name carried over from the
legacy ACL system.

A couple places also used authorizer.

This commit also removes another couple of authorizer nil checks that
are no longer necessary.
2021-08-17 12:14:10 -04:00
Olatunde Alex-Oni 9ea02121b7 Update documentation for enable_key_list_policy
The current suggests the option expects a string of either "enabled" or "disabled" but this results in an error `'acl.enable_key_list_policy' expected type 'bool', got unconvertible type 'string', value: 'enabled'`. Setting to a boolean value resolves this, also had a quick look at the code (d2b58cd0d6/agent/config/runtime.go (L109)) and it suggests this too
2021-08-16 13:10:54 -07:00
Mike Morris c5975b5dfb
ci: make changelog-checker only validate PR number against main base (#10844) 2021-08-16 15:40:51 -04:00
R.B. Boyer 4cad5b8a04
ci: upgrade to use Go 1.16.7 (#10856) 2021-08-16 12:21:16 -05:00
hc-github-team-consul-core e1da3da0e2 auto-updated agent/uiserver/bindata_assetfs.go from commit ae9c31338 2021-08-16 16:10:17 +00:00
Kenia f65b00c787
ui: Update intention permissions notice wording (#10836) 2021-08-16 12:04:26 -04:00
Kenia 98b3e7c412
ui: Create Routing Configurations route and page (#10835) 2021-08-16 12:04:04 -04:00
Blake Covarrubias 247397dcd2
Document possible risk w.r.t exposing the admin API in Envoy (#10817)
Add a section to the Connect Security page which highlights the risks
of exposing Envoy's administration interface outside of localhost.

Resolves #5692

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
2021-08-13 10:05:29 -07:00
Blake Covarrubias 24166d9631
Document tagged addresses (#10744)
Add section for tagged addresses on service definition documentation.

Resolves #6989

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-08-12 16:49:59 -07:00
Blake Covarrubias deeebd2795
docs: Clarify ingress gateway's -address flag (#10810)
Clarify the function of `-address` flag when instantiating an ingress
gateway.

Resolves #9849

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-08-12 14:56:07 -07:00
Kyle Havlovitz 470558708e
Merge pull request #10843 from hashicorp/partitions/rename-default
oss: Rename default partition
2021-08-12 14:45:53 -07:00
Kyle Havlovitz 98969c018a oss: Rename default partition 2021-08-12 14:31:37 -07:00
Daniel Nephin b85987ae5f
Merge pull request #10824 from hashicorp/dnephin/acl-token-bug
proxycfg: Use acl.tokens.default token as a default when there is no token in the registration
2021-08-12 17:00:35 -04:00
Daniel Nephin 7c865d03ac proxycfg: Lookup the agent token as a default
When no ACL token is provided with the service registration.
2021-08-12 15:51:34 -04:00
Daniel Nephin d189524e71 proxycfg: Add a test to show the bug
When a token is not provided at registration, the agent token is not being used.
2021-08-12 15:47:59 -04:00
Mike Morris 86d76cb099
deps: upgrade gogo-protobuf to v1.3.2 (#10813)
* deps: upgrade gogo-protobuf to v1.3.2

* go mod tidy using go 1.16

* proto: regen protobufs after upgrading gogo/protobuf

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-08-12 14:05:46 -04:00
Mark Anderson 03a3ec2b55
Fixup to support unix domain socket via command line (#10758)
Missed the need to add support for unix domain socket config via
api/command line. This is a variant of the problems described in
it is easy to drop one.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-08-12 10:05:22 -07:00
Daniel Nephin 281fd41159
Merge pull request #10832 from hashicorp/dnephin/contrib-check-register-flows
contrib: add list of check register flows
2021-08-12 12:22:30 -04:00
Daniel Nephin b1b9ca70b5 contrib: add list of check register flows 2021-08-12 12:08:36 -04:00
Chris Piraino b302a926c6
docs: remove note on ingress gateway hosts field needing a port number (#10827)
This was necessary in older versions of Consul, but was obsoleted by
making Consul add the port number itself when constructing the Envoy
configuration.
2021-08-11 16:36:57 -05:00