Dhia Ayachi
4992218676
convert expiration indexed in ACLToken table to use `indexerSingle` ( #11018 )
...
* move intFromBool to be available for oss
* add expiry indexes
* remove dead code: `TokenExpirationIndex`
* fix remove indexer `TokenExpirationIndex`
* fix rebase issue
2021-09-13 14:37:16 -04:00
Dhia Ayachi
1f23bdf388
add locality indexer partitioning ( #11016 )
...
* convert `Roles` index to use `indexerSingle`
* split authmethod write indexer to oss and ent
* add index locality
* add locality unit tests
* move intFromBool to be available for oss
* use Bool func
* refactor `aclTokenList` to merge func
2021-09-13 11:53:00 -04:00
Dhia Ayachi
3638825db8
convert `indexAuthMethod` index to use `indexerSingle` ( #11014 )
...
* convert `Roles` index to use `indexerSingle`
* fix oss build
* split authmethod write indexer to oss and ent
* add auth method unit tests
2021-09-10 16:56:56 -04:00
Paul Banks
ecbe8f0656
Include namespace and partition in error messages when validating ingress header manip
2021-09-10 21:11:00 +01:00
Paul Banks
e6642c6dae
Refactor HTTPHeaderModifiers.MergeDefaults based on feedback
2021-09-10 21:11:00 +01:00
Paul Banks
a1acb7ec3b
Fix enterprise test failures caused by differences in normalizing EnterpriseMeta
2021-09-10 21:11:00 +01:00
Paul Banks
3484d77b18
Fix enterprise discovery chain tests; Fix multi-level split merging
2021-09-10 21:11:00 +01:00
Paul Banks
e0ad412f1d
Remove unnecessary check
2021-09-10 21:09:24 +01:00
Paul Banks
5c6d27555b
Fix discovery chain test fixtures
2021-09-10 21:09:24 +01:00
Paul Banks
bc1c86df96
Integration tests for all new header manip features
2021-09-10 21:09:24 +01:00
Paul Banks
1dd1683ed9
Header manip for split legs plumbing
2021-09-10 21:09:24 +01:00
Paul Banks
f70f7b2389
Header manip for service-router plumbed through
2021-09-10 21:09:24 +01:00
Paul Banks
fc2ed4cdf4
Ingress gateway header manip plumbing
2021-09-10 21:09:24 +01:00
Paul Banks
2db02cdba2
Add HTTP header manip for router and splitter entries
2021-09-10 21:09:24 +01:00
Paul Banks
7ac9b46f08
Header manip and validation added for ingress-gateway entries
2021-09-10 21:09:24 +01:00
Dhia Ayachi
82b30f8020
convert `Roles` index to use `indexerMulti` ( #11013 )
...
* convert `Roles` index to use `indexerMulti`
* add role test in oss
* fix oss to use the right index func
* preallocate slice
2021-09-10 16:04:33 -04:00
Dhia Ayachi
569e18d002
convert indexPolicies in ACLTokens table to the new index ( #11011 )
2021-09-10 14:57:37 -04:00
Dhia Ayachi
0d0edeec27
convert indexSecret to the new index ( #11007 )
2021-09-10 09:10:11 -04:00
Dhia Ayachi
f0cbe25ca6
convert indexAccessor to the new index ( #11002 )
2021-09-09 16:28:04 -04:00
Hans Hasselberg
24c6ce0be0
tls: consider presented intermediates during server connection tls handshake. ( #10964 )
...
* use intermediates when verifying
* extract connection state
* remove useless import
* add changelog entry
* golint
* better error
* wording
* collect errors
* use SAN.DNSName instead of CommonName
* Add test for unknown intermediate
* improve changelog entry
2021-09-09 21:48:54 +02:00
Chris S. Kim
3fb797382b
Sync enterprise changes to oss ( #10994 )
...
This commit updates OSS with files for enterprise-specific admin partitions feature work
2021-09-08 11:59:30 -04:00
Kyle Havlovitz
a7b5a5d1b4
Merge pull request #10984 from hashicorp/mesh-resource
...
acl: adding a new mesh resource
2021-09-07 15:06:20 -07:00
Dhia Ayachi
96d7842118
partition dicovery chains ( #10983 )
...
* partition dicovery chains
* fix default partition for OSS
2021-09-07 16:29:32 -04:00
R.B. Boyer
4206f585f0
acl: adding a new mesh resource
2021-09-03 09:12:03 -04:00
Dhia Ayachi
72391dc99c
try to infer command partition from node partition ( #10981 )
2021-09-03 08:37:23 -04:00
Dhia Ayachi
eb19271fd7
add partition to SNI when partition is non default ( #10917 )
2021-09-01 10:35:39 -04:00
Freddy
11672defaf
connect: update envoy supported versions to latest patch release
...
(#10961 )
Relevant advisory:
https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h
2021-08-31 10:39:18 -06:00
Evan Culver
93f94ac24f
rpc: authorize raft requests ( #10925 )
2021-08-26 15:04:32 -07:00
hc-github-team-consul-core
a758581ab6
auto-updated agent/uiserver/bindata_assetfs.go from commit eeeb91bea
2021-08-26 18:13:08 +00:00
Chris S. Kim
86de20c975
ent->oss test fix ( #10926 )
2021-08-26 14:06:49 -04:00
hc-github-team-consul-core
5c67517647
auto-updated agent/uiserver/bindata_assetfs.go from commit a907e1d87
2021-08-26 18:02:18 +00:00
hc-github-team-consul-core
d9022ce788
auto-updated agent/uiserver/bindata_assetfs.go from commit a0b0ed2bc
2021-08-26 16:06:09 +00:00
Chris S. Kim
efbdf7e117
api: expose upstream routing configurations in topology view ( #10811 )
...
Some users are defining routing configurations that do not have associated services. This commit surfaces these configs in the topology visualization. Also fixes a minor internal bug with non-transparent proxy upstream/downstream references.
2021-08-25 15:20:32 -04:00
R.B. Boyer
6b5a58de50
acl: some acl authz refactors for nodes ( #10909 )
2021-08-25 13:43:11 -05:00
hc-github-team-consul-core
c95ec5007d
auto-updated agent/uiserver/bindata_assetfs.go from commit a777b0a9b
2021-08-25 13:46:51 +00:00
hc-github-team-consul-core
9b2dd8b155
auto-updated agent/uiserver/bindata_assetfs.go from commit 8192dde48
2021-08-25 11:39:14 +00:00
R.B. Boyer
a84f5fa25d
grpc: ensure that streaming gRPC requests work over mesh gateway based wan federation ( #10838 )
...
Fixes #10796
2021-08-24 16:28:44 -05:00
hc-github-team-consul-core
6b574abc89
auto-updated agent/uiserver/bindata_assetfs.go from commit 05a28c311
2021-08-24 16:04:24 +00:00
freddygv
79e181be73
Avoid passing zero value into variadic
2021-08-20 17:40:33 -06:00
freddygv
ed79e38a36
Update comment for test function
2021-08-20 17:40:33 -06:00
freddygv
b1050e4229
Update prepared query cluster SAN validation
...
Previously SAN validation for prepared queries was broken because we
validated against the name, namespace, and datacenter for prepared
queries.
However, prepared queries can target:
- Services with a name that isn't their own
- Services in multiple datacenters
This means that the SpiffeID to validate needs to be based on the
prepared query endpoints, and not the prepared query's upstream
definition.
This commit updates prepared query clusters to account for that.
2021-08-20 17:40:33 -06:00
freddygv
1f192eb7d9
Fixup proxy config test fixtures
...
- The TestNodeService helper created services with the fixed name "web",
and now that name is overridable.
- The discovery chain snapshot didn't have prepared query endpoints so
the endpoints tests were missing data for prepared queries
2021-08-20 17:38:57 -06:00
R.B. Boyer
60591d55f7
agent: add partition labels to catalog API metrics where appropriate ( #10890 )
2021-08-20 15:09:39 -05:00
R.B. Boyer
b6be94e7fa
fixing various bits of enterprise meta plumbing to be more correct ( #10889 )
2021-08-20 14:34:23 -05:00
Dhia Ayachi
f766b6dff7
oss portion of ent #1069 ( #10883 )
2021-08-20 12:57:45 -04:00
R.B. Boyer
d730298f59
state: partition the nodes.uuid and nodes.meta indexes as well ( #10882 )
2021-08-19 16:17:59 -05:00
R.B. Boyer
61f1c01b83
agent: ensure that most agent behavior correctly respects partition configuration ( #10880 )
2021-08-19 15:09:42 -05:00
Daniel Nephin
4a0ae4048d
Merge pull request #10849 from hashicorp/dnephin/contrib-doc-xds-auth
...
xds: document how authorization works
2021-08-18 13:25:16 -04:00
R.B. Boyer
e565409c6a
state: partition the usage metrics subsystem ( #10867 )
2021-08-18 09:27:15 -05:00
Daniel Nephin
9df2464c7c
xds: document how authorization works
2021-08-17 19:26:34 -04:00