Commit Graph

16828 Commits

Author SHA1 Message Date
claire labry 9d47cc8df1
Merge pull request #11956 from hashicorp/enable-security-scan
Enable Security Scan for CRT
2022-02-04 13:13:24 -05:00
Daniel Nephin f81d076129
Merge pull request #12267 from hashicorp/dnephin/ca-relax-key-bit-validation
ca: change the PrivateKey type/bits validation
2022-02-04 12:44:08 -05:00
David Yu 173a238eba
docs: mention Consul API gateway in Ingress Controllers page (#12268)
* docs: mention Consul API gateway

* Remove Ambassador integration

* Update ingress-controllers.mdx

* Update website/content/docs/k8s/connect/ingress-controllers.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-04 09:23:55 -08:00
mrspanishviking 7549de7918
Merge pull request #11962 from hashicorp/what_service_mesh
docs: SEO improvements
2022-02-04 09:03:17 -07:00
Karl Cardenas fa3ac98bf7
updated all sub-headers to sentence case 2022-02-04 09:00:59 -07:00
Karl Cardenas 3665e95f99
Merge branch 'main' of github.com:hashicorp/consul into what_service_mesh 2022-02-04 09:00:14 -07:00
Claire Labry f9058664fe
Merge branch 'enable-security-scan' of github.com:hashicorp/consul into enable-security-scan 2022-02-04 10:23:38 -05:00
Claire Labry b607e103d4
updating the binary and container blocks in security-scan file 2022-02-04 10:22:37 -05:00
Karl Cardenas d69bf195ba
updated several sections based on feedback 2022-02-04 08:01:20 -07:00
Karl Cardenas 7876e3c980
adding more content per feedback 2022-02-03 18:07:05 -07:00
Daniel Nephin 7b466a024b Make test more readable
And fix typo
2022-02-03 18:44:09 -05:00
Daniel Nephin 0861ebb3dc ci: skip building the binary
The tests that require a Consul binary should be skipped by -short, so skip building
the binary in go-test-arm64 to save after 3 minutes.
2022-02-03 18:24:20 -05:00
Daniel Nephin 6616c04e89 ci: try to run only -short on PR branches 2022-02-03 17:58:59 -05:00
Daniel Nephin 0ae7aacd0e ci: share common go-test steps 2022-02-03 17:50:03 -05:00
odidev cf05d8837a Add test jobs for arm64 in CircleCI 2022-02-03 17:50:03 -05:00
Daniel Nephin cc2d1bc2e7 add changelog 2022-02-03 17:39:36 -05:00
Daniel Nephin 6721c1246d ca: relax and move private key type/bit validation for vault
This commit makes two changes to the validation.

Previously we would call this validation in GenerateRoot, which happens
both on initialization (when a follower becomes leader), and when a
configuration is updated. We only want to do this validation during
config update so the logic was moved to the UpdateConfiguration
function.

Previously we would compare the config values against the actual cert.
This caused problems when the cert was created manually in Vault (not
created by Consul).  Now we compare the new config against the previous
config. Using a already created CA cert should never error now.

Adding the key bit and types to the config should only error when
the previous values were not the defaults.
2022-02-03 17:21:20 -05:00
Daniel Nephin 3b78f81f9a ca: small cleanup of TestConnectCAConfig_Vault_TriggerRotation_Fails
Before adding more test cases
2022-02-03 17:21:20 -05:00
Daniel Nephin f6d7a0f7b2 testing: fix test failures caused by new log level
These two tests require debug logging enabled, because they look for log lines.

Also switched to testify assertions because the previous errors were not clear.
2022-02-03 17:07:39 -05:00
Luke Kysow fcf804043c
docs: update for k8s support for igw and header manip (#12264)
Add docs now that k8s supports these new config entry fields
2022-02-03 14:03:21 -08:00
Michele Degges 9cdc33ec4d chmod +x on the sh file 2022-02-03 13:10:42 -08:00
mrspanishviking a2ec068f1a
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-03 14:06:41 -07:00
mrspanishviking 7ff76ea004
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-03 14:00:06 -07:00
Jake Herschman eeffbfbf78
Merge pull request #11944 from hashicorp/cts-docs-clean-up 2022-02-03 14:08:33 -05:00
Daniel Nephin 1a9a656a7f sdk: add TestLogLevel for setting log level in tests
And default log level to WARN.
2022-02-03 13:42:28 -05:00
David Yu 6c540c04b0
docs: provide example for enabling mesh on a per namespace basis (#12255)
* docs: provide example for enabling mesh on a per namespace basis

* add headings

* Update install.mdx

* Update install.mdx

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update install.mdx

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* add changes from review

* Update install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-02-03 10:40:06 -08:00
Jared Kirschner 0897e11cd6
Merge pull request #12230 from hashicorp/badge-improvements
README Badge Improvements
2022-02-03 13:36:05 -05:00
Jared Kirschner e84f4e25ba Improve README header
Improvements include:
- separate the project name from the badges
- use the project logo
- show more relevant badges
2022-02-03 10:15:38 -08:00
David Yu 5b9bf6ec63
docs: formatting and update to consul-k8s 0.40.0 (#12256)
* docs: formatting and update to consul-k8s 0.40.0

* Update index.mdx

* Update index.mdx

* test indentation

* Update index.mdx

* formatting

* Update index.mdx

* Update index.mdx

* Update index.mdx

* Update index.mdx

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-03 08:12:47 -08:00
Jared Kirschner 442bb7f4c4
Merge pull request #10833 from jkirschner-hashicorp/improve-compile-from-source-docs
docs: improve compile from source docs
2022-02-03 11:05:46 -05:00
Jared Kirschner f2d9480653 Update Consul logo assets on docs site 2022-02-03 07:39:35 -08:00
Daniel Nephin 7080e26c83 Replace build script with 'go build' 2022-02-03 07:19:57 -08:00
John Cowen fcacec90a5
ui: Change approach to loading debug.css (#12242)
We need a way to load certain CSS based on the environment you are viewing, i.e. we have debug CSS that we use for our Eng Documentation and various other DX utilities that shouldn't be compiled into our production or test builds.

Previously we would compile two entirely different CSS files (app and debug) and the load one or the other depending on which environment you were in.

This approach just empties out the debug.css file in certain environments (prod/test) which means we can just import that file from app. When in staging/development this imports the contents of debug.css (quite a bit of CSS) whereas when building for production/test this debug.css is emptied out during the build process.

There is a slight little hack in order to have this work, we import _debug.scss which imports the debug.scss file. I couldn't for the life of me figure out how to have broccoli empty out a file during the build process, so instead we essentially copy over debug.scss during dev and create an empty file during prod to _debug.scss.

When using make build to build an artifact for production CSS remains at ~58kb (during dev its a lot bigger than this)
2022-02-03 08:40:03 +00:00
Blake Covarrubias 4dcb6e8904 docs: Fix discrepancy with sidecar min/max port range
Remove incorrect sidecar port range on docs for built-in proxy.

Updates the bind_port/port fields on the built-in proxy and sidecar
service registration pages to link to the `sidecar_min_port` and
`sidecar_max_port` configuration options for the defined port range.

Fixes #12253
2022-02-02 20:12:00 -08:00
Michele Degges 1808c0b49e Use docker mirror 2022-02-02 17:41:56 -08:00
Evan Culver 1908e98c66
Merge branch 'enable-security-scan' of github.com:hashicorp/consul into enable-security-scan 2022-02-02 17:32:17 -08:00
Evan Culver 0784d44a3c
Add changelog entry 2022-02-02 17:31:08 -08:00
Michele Degges 344ade448e Merge branch 'fix-broken-dockerfile' of github.com:hashicorp/consul into fix-broken-dockerfile 2022-02-02 15:39:14 -08:00
Daniel Nephin 5ab00d85e0
Merge pull request #11783 from hashicorp/dnephin/ca-vault-root-as-intermediate
ca: add a test that uses an intermediate CA as the primary CA
2022-02-02 16:05:59 -05:00
Jared Kirschner 14f1d14760
Merge pull request #11391 from hashicorp/add-changelog-creation-to-contributor-docs
Add changelog creation to contributor docs
2022-02-02 14:50:02 -05:00
Jared Kirschner 7dda1df00f Add changelog creation to contributor docs 2022-02-02 10:58:27 -08:00
Daniel Nephin 44f9229b96 ca: add a test that uses an intermediate CA as the primary CA
This test found a bug in the secondary. We were appending the root cert
to the PEM, but that cert was already appended. This was failing
validation in Vault here:
https://github.com/hashicorp/vault/blob/sdk/v0.3.0/sdk/helper/certutil/types.go#L329

Previously this worked because self signed certs have the same
SubjectKeyID and AuthorityKeyID. So having the same self-signed cert
repeated doesn't fail that check.

However with an intermediate that is not self-signed, those values are
different, and so we fail the check. A test I added in a previous commit
should show that this continues to work with self-signed root certs as
well.
2022-02-02 13:41:35 -05:00
claire labry 1e35685ea3
Merge branch 'main' into enable-security-scan 2022-02-02 13:36:48 -05:00
Daniel Nephin 9d7bcdd6ee
Merge pull request #12250 from hashicorp/dnephin/acl-resolver-safer-identity
acl: un-embed ACLIdentity
2022-02-02 13:10:35 -05:00
Daniel Nephin d00a9abca2 acl: un-embed ACLIdentity
This is safer than embedding two interface because there are a number of
places where we check the concrete type. If we check the concrete type
on the top-level interface it will fail. So instead expose the
ACLIdentity from a method.
2022-02-02 12:07:31 -05:00
John Cowen 404523f7ea
ui: Alias all our Structure Icons to Flight Icons (#12209) 2022-02-02 13:24:47 +00:00
mrspanishviking 4b1e6f2aa4
Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-02-01 15:22:32 -07:00
mrspanishviking 18728ac593
Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-02-01 15:18:47 -07:00
mrspanishviking 57cc86e30a
Merge pull request #12243 from gitrgoliveira/patch-1
Update redirect-traffic.mdx
2022-02-01 15:09:02 -07:00
mrspanishviking 83a2c9cc4c
Update website/content/commands/connect/redirect-traffic.mdx
Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
2022-02-01 15:08:23 -07:00