Kyle Havlovitz
4cfcba37ed
Merge pull request #11032 from hashicorp/partitions/acl-rule-oss
...
oss: Add partition rule ACL type
2021-09-14 15:41:59 -07:00
Kyle Havlovitz
1265c7753d
acl: rename merge context update() -> fill()
2021-09-14 15:20:56 -07:00
trujillo-adam
cf58cd1e54
adding k8s-cli alpha docs
2021-09-14 12:25:24 -07:00
Freddy
8804577de1
Merge pull request #11024 from hashicorp/partitions/rbac
2021-09-14 11:18:19 -06:00
Freddy
27f40ccf51
Update error texts ( #11022 )
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-09-14 11:08:06 -06:00
freddygv
f209408918
Update spiffe ID patterns used for RBAC
2021-09-14 11:00:03 -06:00
freddygv
0e30151eaa
Expand testing of simplifyNotSourceSlice for partitions
2021-09-14 10:55:15 -06:00
freddygv
a65da57a3d
Expand testing of removeSameSourceIntentions for partitions
2021-09-14 10:55:09 -06:00
freddygv
e9d78a20c7
Account for partition when matching src intentions
2021-09-14 10:55:02 -06:00
Daniel Nephin
44d91ea56f
Add failures_before_warning to checks ( #10969 )
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
* agent: add failures_before_warning setting
The new setting allows users to specify the number of check failures
that have to happen before a service status us updated to be `warning`.
This allows for more visibility for detected issues without creating
alerts and pinging administrators. Unlike the previous behavior, which
caused the service status to not update until it reached the configured
`failures_before_critical` setting, now Consul updates the Web UI view
with the `warning` state and the output of the service check when
`failures_before_warning` is breached.
The default value of `FailuresBeforeWarning` is the same as the value of
`FailuresBeforeCritical`, which allows for retaining the previous default
behavior of not triggering a warning.
When `FailuresBeforeWarning` is set to a value higher than that of
`FailuresBeforeCritical it has no effect as `FailuresBeforeCritical`
takes precedence.
Resolves: https://github.com/hashicorp/consul/issues/10680
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Co-authored-by: Jakub Sokołowski <jakub@status.im>
2021-09-14 12:47:52 -04:00
Chris S. Kim
0a0319b209
Sync partition fields from enterprise ( #11021 )
2021-09-13 17:53:52 -04:00
Dhia Ayachi
ba27e9bc67
acl-tokens table partitioning ( #11020 )
...
* convert `Policies` index to use `indexerMulti`
* remove non used indexer
* fix oss policy Get
* add oss tests
* remove reference to partition in oss test
* convert `Roles` index to use `indexerMulti`
* add role test in oss
* fix oss to use the right index func
* convert `Roles` index to use `indexerSingle`
* split authmethod write indexer to oss and ent
* add auth method unit tests
* add index locality
* move intFromBool to be available for oss
* add expiry indexes
* add api tests
* fix rebase
* use Bool func
* preallocate slice
* rename variable
2021-09-13 16:53:09 -04:00
Dhia Ayachi
4992218676
convert expiration indexed in ACLToken table to use `indexerSingle` ( #11018 )
...
* move intFromBool to be available for oss
* add expiry indexes
* remove dead code: `TokenExpirationIndex`
* fix remove indexer `TokenExpirationIndex`
* fix rebase issue
2021-09-13 14:37:16 -04:00
Dhia Ayachi
1f23bdf388
add locality indexer partitioning ( #11016 )
...
* convert `Roles` index to use `indexerSingle`
* split authmethod write indexer to oss and ent
* add index locality
* add locality unit tests
* move intFromBool to be available for oss
* use Bool func
* refactor `aclTokenList` to merge func
2021-09-13 11:53:00 -04:00
Jared Kirschner
def2d9d96d
Merge pull request #10837 from jkirschner-hashicorp/improve-docs-dns-with-acl
...
Improve documentation around using DNS with ACLs Enabled
2021-09-13 11:09:09 -04:00
Kyle MacDonald
13e0bb2906
website: fixup incorrect markdown syntax ( #11015 )
2021-09-13 10:36:34 -04:00
Jared Kirschner
4b28cfb54a
docs: add ACL component relationships visual
2021-09-10 15:33:23 -07:00
Jared Kirschner
e0b65303d4
docs: discuss use of ACLs on DNS page
2021-09-10 15:33:23 -07:00
Dhia Ayachi
3638825db8
convert `indexAuthMethod` index to use `indexerSingle` ( #11014 )
...
* convert `Roles` index to use `indexerSingle`
* fix oss build
* split authmethod write indexer to oss and ent
* add auth method unit tests
2021-09-10 16:56:56 -04:00
Paul Banks
e96136f9a7
Merge pull request #10613 from hashicorp/feature/mesh-header-manip
...
Feature: allow manipulation of HTTP headers in ingress and mesh routing
2021-09-10 21:40:26 +01:00
Paul Banks
b9dd859c6d
Apply suggestions from code review
...
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2021-09-10 21:29:43 +01:00
Paul Banks
64957f2d22
Document how to make namespace wildcard intentions. ( #10724 )
...
* Update intentions.mdx
* Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-09-10 21:25:09 +01:00
Paul Banks
ecbe8f0656
Include namespace and partition in error messages when validating ingress header manip
2021-09-10 21:11:00 +01:00
Paul Banks
e6642c6dae
Refactor HTTPHeaderModifiers.MergeDefaults based on feedback
2021-09-10 21:11:00 +01:00
Paul Banks
a1acb7ec3b
Fix enterprise test failures caused by differences in normalizing EnterpriseMeta
2021-09-10 21:11:00 +01:00
Paul Banks
3484d77b18
Fix enterprise discovery chain tests; Fix multi-level split merging
2021-09-10 21:11:00 +01:00
Paul Banks
46400a033f
Add Envoy integration test to show Header manip can interpolate Envoy variables
2021-09-10 21:09:24 +01:00
Paul Banks
89947bef1f
Add Changelog entry and api package support for HTTP Header manip
2021-09-10 21:09:24 +01:00
Paul Banks
e0ad412f1d
Remove unnecessary check
2021-09-10 21:09:24 +01:00
Paul Banks
27e520971f
Remove stray file
2021-09-10 21:09:24 +01:00
Paul Banks
5c6d27555b
Fix discovery chain test fixtures
2021-09-10 21:09:24 +01:00
Paul Banks
bc1c86df96
Integration tests for all new header manip features
2021-09-10 21:09:24 +01:00
Paul Banks
1dd1683ed9
Header manip for split legs plumbing
2021-09-10 21:09:24 +01:00
Paul Banks
f70f7b2389
Header manip for service-router plumbed through
2021-09-10 21:09:24 +01:00
Paul Banks
fc2ed4cdf4
Ingress gateway header manip plumbing
2021-09-10 21:09:24 +01:00
Paul Banks
2db02cdba2
Add HTTP header manip for router and splitter entries
2021-09-10 21:09:24 +01:00
Paul Banks
7ac9b46f08
Header manip and validation added for ingress-gateway entries
2021-09-10 21:09:24 +01:00
Dhia Ayachi
82b30f8020
convert `Roles` index to use `indexerMulti` ( #11013 )
...
* convert `Roles` index to use `indexerMulti`
* add role test in oss
* fix oss to use the right index func
* preallocate slice
2021-09-10 16:04:33 -04:00
Dhia Ayachi
569e18d002
convert indexPolicies in ACLTokens table to the new index ( #11011 )
2021-09-10 14:57:37 -04:00
Dhia Ayachi
0d0edeec27
convert indexSecret to the new index ( #11007 )
2021-09-10 09:10:11 -04:00
Dhia Ayachi
f0cbe25ca6
convert indexAccessor to the new index ( #11002 )
2021-09-09 16:28:04 -04:00
Hans Hasselberg
24c6ce0be0
tls: consider presented intermediates during server connection tls handshake. ( #10964 )
...
* use intermediates when verifying
* extract connection state
* remove useless import
* add changelog entry
* golint
* better error
* wording
* collect errors
* use SAN.DNSName instead of CommonName
* Add test for unknown intermediate
* improve changelog entry
2021-09-09 21:48:54 +02:00
Jared Kirschner
2798b3e02f
Merge pull request #10834 from jkirschner-hashicorp/improve-docs-configure-ui-https
...
docs: give tutorials links for securing UI access
2021-09-09 11:08:11 -04:00
Peter M
deeda282bd
Merge pull request #10995 from hashicorp/pcmccarron-patch-1
...
adding NIA to sidebar nav
2021-09-08 10:56:26 -06:00
Peter M
649a03edd5
fixing link error
...
path was pointing to the wrong page on new sidebar addition.
2021-09-08 10:20:58 -06:00
Chris S. Kim
3fb797382b
Sync enterprise changes to oss ( #10994 )
...
This commit updates OSS with files for enterprise-specific admin partitions feature work
2021-09-08 11:59:30 -04:00
Sergey Matyukevich
19a744191f
Allow configuring graceful stop in testutil ( #10566 )
...
* Allow configuring graceful stop in testutil
Signed-off-by: Sergey Matyukevich <s.matyukevich@gmail.com>
* add a changelog
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2021-09-08 11:12:54 -04:00
Jared Kirschner
b2b00606fb
docs: give tutorials links for securing UI access
2021-09-07 22:13:09 -07:00
Kyle Havlovitz
a7b5a5d1b4
Merge pull request #10984 from hashicorp/mesh-resource
...
acl: adding a new mesh resource
2021-09-07 15:06:20 -07:00
Dhia Ayachi
96d7842118
partition dicovery chains ( #10983 )
...
* partition dicovery chains
* fix default partition for OSS
2021-09-07 16:29:32 -04:00