Commit Graph

16719 Commits

Author SHA1 Message Date
Daniel Nephin 0abaf29c10 ca: add test cases for rotating external trusted CA 2022-02-17 18:21:30 -05:00
Daniel Nephin aacc40012f ca: add a test for secondary with external CA 2022-02-17 18:21:30 -05:00
Daniel Nephin 471b2098bb ca: examine the full chain in newCARoot
make TestNewCARoot much more strict
compare the full result instead of only a few fields.
add a test case with 2 and 3 certificates in the pem
2022-02-17 18:21:30 -05:00
Daniel Nephin fc6c0ec139 ca: small docs improvements 2022-02-17 18:21:30 -05:00
Daniel Nephin af651eaaad ca: cleanup validateSetIntermediate 2022-02-17 18:21:30 -05:00
Daniel Nephin ef03f7be73 ca: only return the leaf cert from Sign in vault provider
The interface is documented as 'Sign will only return the leaf', and the other providers
only return the leaf. It seems like this was added during the initial implementation, so
is likely just something we missed. It doesn't break anything , but it does cause confusing cert chains
in the API response which could break something in the future.
2022-02-17 18:21:30 -05:00
Daniel Nephin 2d5254a73b
Merge pull request #12110 from hashicorp/dnephin/blocking-queries-not-found
rpc: make blocking queries for non-existent items more efficient
2022-02-17 18:09:39 -05:00
Ashwin Venkatesh 39be071264
Parse datacenter from request (#12370)
* Parse datacenter from request
- Parse the value of the datacenter from the create/delete requests for AuthMethods and BindingRules so that they can be created in and deleted from the datacenters specified in the request.
2022-02-17 16:41:27 -05:00
mrspanishviking b62a4187c9
Merge pull request #12382 from hashicorp/consul-int-prog-changes
docs: uploaded two images and added new text to Consul Int. Program page
2022-02-17 14:15:55 -07:00
Adam Rowan fb3396297e
Update website/content/docs/integrate/partnerships.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-17 13:42:21 -07:00
Adam Rowan 3babc08567
Update website/content/docs/integrate/partnerships.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-17 13:42:06 -07:00
Adam Rowan 8c8ff3feb0
docs: uploaded two images and added new text to Consul Int. Program page 2022-02-17 11:26:43 -07:00
John Cowen bdb89af605
ui: Start using mermaid state diagrams in our docs (#12350) 2022-02-17 14:57:14 +00:00
Florian Apolloner 895da50986
Support for connect native services in topology view. (#12098) 2022-02-16 16:51:54 -05:00
Evan Culver 3984d82e90
Fix build script (#12367) 2022-02-16 11:52:44 -08:00
Chris S. Kim 18096fd2fb
Move IndexEntryName helpers to common files (#12365) 2022-02-16 12:56:38 -05:00
Thomas Eckert 375524df84
Separate Annotations/Labels and Add `service-ignore` to Docs (#12323)
* Separate Annotations and Labels and add service-ignore label

* changes to structure and call out for pod

* add description and TOC

* Update annotations-and-labels.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-02-16 09:53:13 -08:00
Daniel Nephin e6852c2dc2
Merge pull request #12359 from hashicorp/dnephin/fix-debug-size
debug: limit the size of the trace
2022-02-15 18:33:46 -05:00
Daniel Nephin 06657e5be0 rpc: add errNotFound to all Get queries
Any query that returns a list of items is not part of this commit.
2022-02-15 18:24:34 -05:00
Daniel Nephin bdafa24c50 Make blockingQuery efficient with 'not found' results.
By using the query results as state.

Blocking queries are efficient when the query matches some results,
because the ModifyIndex of those results, returned as queryMeta.Mindex,
will never change unless the items themselves change.

Blocking queries for non-existent items are not efficient because the
queryMeta.Index can (and often does) change when other entities are
written.

This commit reduces the churn of these queries by using a different
comparison for "has changed". Instead of using the modified index, we
use the existence of the results. If the previous result was "not found"
and the new result is still "not found", we know we can ignore the
modified index and continue to block.

This is done by setting the minQueryIndex to the returned
queryMeta.Index, which prevents the query from returning before a state
change is observed.
2022-02-15 18:24:33 -05:00
Daniel Nephin 6e73df7dc2 Add a test for blocking query on non-existent entry
This test shows how blocking queries are not efficient when the query
returns no results.  The test fails with 100+ calls instead of the
expected 2.

This test is still a bit flaky because it depends on the timing of the
writes. It can sometimes return 3 calls.

A future commit should fix this and make blocking queries even more
optimal for not-found results.
2022-02-15 18:23:17 -05:00
Daniel Nephin c6993bda15 debug: update CLI docs
To clarify how trace is captured.

Also remove the minimum seconds check, because that is already done in prepare()
2022-02-15 18:16:12 -05:00
Daniel Nephin 7d190ceb8f
Merge pull request #12343 from hashicorp/dnephin/blocking-query-docs
rpc: improve docs for blockingQuery
2022-02-15 14:50:32 -05:00
Daniel Nephin a4e1c59cd8 rpc: improve docs for blockingQuery
Follow the Go convention of accepting a small interface that documents
the methods used by the function.

Clarify the rules for implementing a query function passed to
blockingQuery.
2022-02-15 14:20:14 -05:00
Daniel Nephin 5bd73fc218 debug: limit the size of the trace
We've noticed that a trace that is captured over the full duration is
too large to open on most machines. A trace.out captured over just the
interval period (30s by default) should be a more than enough time to
capture trace data.
2022-02-15 14:15:34 -05:00
Evan Culver 7c735abe22
ci: fix stalebot config (#12346) 2022-02-15 11:13:32 -08:00
Jeff-Apple bf1e2d79f8
Merge pull request #12352 from hashicorp/Jeff-Apple-patch-1
Fix broken link on Downloads page on wedsite
2022-02-15 08:28:04 -08:00
Jeff-Apple 9216b79666
Fix broken link on Downloads page on wedsite
The link to the Kubernetes Quickstart guide had a typo (space character) in the URL.
2022-02-15 07:45:47 -08:00
Chris S. Kim 2a973028ae
ci: Fix merge conflicts cleanly (#12249) 2022-02-14 23:12:36 -05:00
R.B. Boyer b216d52b66
server: conditionally avoid writing a config entry to raft if it was already the same (#12321)
This will both save on unnecessary raft operations as well as
unnecessarily incrementing the raft modify index of config entries
subject to no-op updates.
2022-02-14 14:39:12 -06:00
R.B. Boyer ef8cc33949
raft: update to v1.3.5 (#12325)
This includes closing some leadership transfer gaps and adding snapshot
restore progress logging.
2022-02-14 13:48:52 -06:00
Evan Culver ff53f38af3
Add release notes from 1.11.3, 1.10.8 and 1.9.15 (#12333)
> Did we want to update the individual branches as well ?

Yes, I have PRs for those: #12335, #12336, and #12337.
2022-02-14 11:24:14 -08:00
Matt Siegel 497a2e0250
Merge pull request #12332 from hashicorp/consul-1_11_3-version-update
Update version.js for Consul 1.11.3
2022-02-14 13:00:11 -05:00
Matt Siegel 1d08cb045e
Update version.js 2022-02-14 12:54:30 -05:00
FFMMM 1f8fb17be7
Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311)
This commit syncs ENT changes to the OSS repo.

Original commit details in ENT:

```
commit 569d25f7f4578981c3801e6e067295668210f748
Author: FFMMM <FFMMM@users.noreply.github.com>
Date:   Thu Feb 10 10:23:33 2022 -0800

    Vendor fork net rpc (#1538)

    * replace net/rpc w consul-net-rpc/net/rpc

    Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

    * replace msgpackrpc and go-msgpack with fork from mono repo

    Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

    * gofmt all files touched

    Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
```

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2022-02-14 09:45:45 -08:00
R.B. Boyer d54a3e6aa1
missed this test adjustment (#12331) 2022-02-14 11:39:00 -06:00
R.B. Boyer 0b80f70a39
local: fixes a data race in anti-entropy sync (#12324)
The race detector noticed this initially in `TestAgentConfigWatcherSidecarProxy` but it is not restricted to just tests.

The two main changes here were:

- ensure that before we mutate the internal `agent/local` representation of a Service (for tags or VIPs) we clone those fields
- ensure that there's no function argument joint ownership between the caller of a function and the local state when calling `AddService`, `AddCheck`, and related using `copystructure` for now.
2022-02-14 10:41:33 -06:00
Dao Thanh Tung 0519a9240e
URL-encode/decode resource names for HTTP API part 5 (#12297) 2022-02-14 10:47:06 -05:00
Mark Anderson fa95afdcf6 Refactor to make ACL errors more structured. (#12308)
* First phase of refactoring PermissionDeniedError

Add extended type PermissionDeniedByACLError that captures information
about the accessor, particular permission type and the object and name
of the thing being checked.

It may be worth folding the test and error return into a single helper
function, that can happen at a later date.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-02-11 12:53:23 -08:00
Daniel Nephin 913848c893
Merge pull request #12322 from hashicorp/dnephin/update-check-docs
Add 7th check registration flow to developer docs
2022-02-11 15:22:24 -05:00
Daniel Nephin 0fad917f13
Add 7th check registration flow to docs
Credit to Freddy for finding this a while ago.
2022-02-11 15:11:22 -05:00
R.B. Boyer d2a5a06006
ensure make dev target puts the newly constructed binary onto the PATH (#12318)
This restores the prior behavior of make dev and ensures that tests
using the sdk package (like the api package) will correctly locate the
consul binary under test.

Also ensure the constructed consul binary is present on the path for sdk-based tests.
2022-02-11 10:45:37 -06:00
John Cowen 961f144b1c
ui: Disclosure Component amends plus DisclosureMenu Component (#12304)
* ui: Disclosure amends plus DisclosureMenu

Co-authored-by: Jamie White <jamie@jgwhite.co.uk>
2022-02-11 14:11:16 +00:00
John Cowen ab3b765a88
ui: Make sure saving intentions from topology includes the partition (#12317) 2022-02-11 13:58:01 +00:00
John Cowen 72a10582d0
ui: Stop ember-data overwriting SyncTimes (#12315) 2022-02-11 13:54:46 +00:00
John Cowen c6342969c5
ui: Exclude Service Health from Node listing page (#12248)
This commit excludes the health of any service instances from the Node Listing page. This means that if you are viewing the Node listing page you will only see failing nodes if there are any Node Checks failing, Service Instance Health checks are no longer taken into account.

Co-authored-by: Jamie White <jamie@jgwhite.co.uk>
2022-02-11 09:52:27 +00:00
Freddy f45bec7779
Merge pull request #12223 from hashicorp/proxycfg/passthrough-cleanup 2022-02-10 17:35:51 -07:00
freddygv 88832f692a Add changelog entry 2022-02-10 17:21:34 -07:00
freddygv 8eaca35df1 Account for upstream targets in another DC.
Transparent proxies typically cannot dial upstreams in remote
datacenters. However, if their upstream configures a redirect to a
remote DC then the upstream targets will be in another datacenter.

In that sort of case we should use the WAN address for the passthrough.
2022-02-10 17:01:57 -07:00
freddygv 7fba7456ec Fix race of upstreams with same passthrough ip
Due to timing, a transparent proxy could have two upstreams to dial
directly with the same address.

For example:
- The orders service can dial upstreams shipping and payment directly.
- An instance of shipping at address 10.0.0.1 is deregistered.
- Payments is scaled up and scheduled to have address 10.0.0.1.
- The orders service receives the event for the new payments instance
before seeing the deregistration for the shipping instance. At this
point two upstreams have the same passthrough address and Envoy will
reject the listener configuration.

To disambiguate this commit considers the Raft index when storing
passthrough addresses. In the example above, 10.0.0.1 would only be
associated with the newer payments service instance.
2022-02-10 17:01:57 -07:00