Commit Graph

18631 Commits

Author SHA1 Message Date
freddygv 5bbc0cc615 Add ACL enforcement to peering endpoints 2022-07-25 09:34:29 -06:00
Kyle Havlovitz 75efc0649b Remove excess debug log from ingress upstream shutdown 2022-07-22 17:29:38 -07:00
alex b60ebc022e
peering: use ShouldDial to validate peer role (#13823)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 15:56:25 -07:00
Luke Kysow d21f793b74
peering: add config to enable/disable peering (#13867)
* peering: add config to enable/disable peering

Add config:

```
peering {
  enabled = true
}
```

Defaults to true. When disabled:
1. All peering RPC endpoints will return an error
2. Leader won't start its peering establishment goroutines
3. Leader won't start its peering deletion goroutines
2022-07-22 15:20:21 -07:00
Kyle Havlovitz 3cbcfd4b13
Merge pull request #13847 from hashicorp/gateway-goroutine-leak
Fix goroutine leaks in proxycfg when using ingress gateway
2022-07-22 14:43:22 -07:00
Freddy 922592d6bb
[OSS] Add new peering ACL rule (#13848)
This commit adds a new ACL rule named "peering" to authorize
actions taken against peering-related endpoints.

The "peering" rule has several key properties:
- It is scoped to a partition, and MUST be defined in the default
  namespace.

- Its access level must be "read', "write", or "deny".

- Granting an access level will apply to all peerings. This ACL rule
  cannot be used to selective grant access to some peerings but not
  others.

- If the peering rule is not specified, we fall back to the "operator"
  rule and then the default ACL rule.
2022-07-22 14:42:23 -06:00
NicoletaPopoviciu 12858f4f90
docs: Updates k8s annotation docs (#13809)
* Updates k8s annotation docs
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-07-22 13:26:31 -07:00
Sarah Alsmiller ed8b2fe19e add redirects 2022-07-22 14:20:27 -05:00
alex 7bd55578cc
peering: emit exported services count metric (#13811)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-22 12:05:08 -07:00
Matt Keeler a253d7e49b
Rename some protobuf package names to be fqdn like (#13861)
These are used in various bits of the wire format (for gRPC) and internally with Go’s registry so we want to namespace things properly.
2022-07-22 14:59:34 -04:00
Thomas Eckert 9cb569b44e Add options and examples to proxy read 2022-07-22 13:43:38 -04:00
Kyle Havlovitz 55b7eb6838 Add changelog note 2022-07-22 10:33:50 -07:00
A.J. Sanon 9f9ac78243
Add ECS audit logging docs (#13729) 2022-07-22 13:30:25 -04:00
Michael Klein b8131704ea
Improve peered service empty downstreams message (#13854) 2022-07-22 19:28:13 +02:00
Thomas Eckert a1ca68a632 Add descriptions to the subjects 2022-07-22 12:14:01 -04:00
sarahalsmiller 3ba839f288
Update website/content/docs/api-gateway/usage/basic-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-22 09:45:00 -05:00
Daniel Upton f018bd6e09 proxycfg-glue: server-local implementation of `ExportedPeeredServices`
This is the OSS portion of enterprise PR 2377.

Adds a server-local implementation of the proxycfg.ExportedPeeredServices
interface that sources data from a blocking query against the server's
state store.
2022-07-22 15:23:23 +01:00
Eric Haberkorn e044343105
Add Cluster Peering Failover Support to Prepared Queries (#13835)
Add peering failover support to prepared queries
2022-07-22 09:14:43 -04:00
Sarah Alsmiller ccd120725b fix tabs 2022-07-21 17:38:57 -05:00
Sarah Alsmiller e9c67f8cb7 fix tabs 2022-07-21 17:21:22 -05:00
Sarah Alsmiller c76be552bc fix tabs 2022-07-21 17:11:07 -05:00
Nitya Dhanushkodi cbafabde16
update generate token endpoint to take external addresses (#13844)
Update generate token endpoint (rpc, http, and api module)

If ServerExternalAddresses are set, it will override any addresses gotten from the "consul" service, and be used in the token instead, and dialed by the dialer. This allows for setting up a load balancer for example, in front of the consul servers.
2022-07-21 14:56:11 -07:00
Sarah Alsmiller 0107e80bed fix tabs 2022-07-21 16:54:03 -05:00
Thomas Eckert a339080641 Add proxy list docs 2022-07-21 17:47:39 -04:00
Sarah Alsmiller 878c9091d8 erge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation 2022-07-21 15:13:00 -05:00
Sarah Alsmiller c2fdd172ae add consul k8s install instructions 2022-07-21 15:12:49 -05:00
sarahalsmiller 41c6fcbfd5
Update website/content/docs/api-gateway/configuration/gatewayclassconfig.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:59:14 -05:00
Sarah Alsmiller 111877a86d Merge branch 'sa-restructure-documentation' of github.com:hashicorp/consul into sa-restructure-documentation 2022-07-21 14:54:04 -05:00
Sarah Alsmiller 1b32cba878 merge back in mike's environment doc in install 2022-07-21 14:53:55 -05:00
sarahalsmiller ccee2fd834
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:55 -05:00
sarahalsmiller 6e92dbb6cf
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:47 -05:00
sarahalsmiller e860f368fd
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:34 -05:00
sarahalsmiller 711bc7724b
Update website/content/docs/api-gateway/configuration/gateway.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-21 14:39:25 -05:00
alex 275eea2599
Merge pull request #13845 from hashicorp/acpana/peering-rename-oss
[SYNC] Rename peering internal to ~
2022-07-21 11:20:38 -07:00
acpana b847f656a8
Rename peering internal to ~
sync ENT to 5679392c81

Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-21 10:51:05 -07:00
Luke Kysow ba7f3fbebc
peering: Add heartbeating to peering streams (#13806)
* Add heartbeating to peering streams
2022-07-21 10:03:27 -07:00
Chris Thain 00f9dc2a70
Add Consul Lambda integration tests (#13770) 2022-07-21 09:54:56 -07:00
John Cowen 2875cbe856
ui: Change initiate > establish for peering the modal tab (#13839) 2022-07-21 17:39:15 +01:00
John Cowen 83d2204c7c
ui: Allow searching for peerings by ID (#13837) 2022-07-21 17:38:57 +01:00
John Cowen a7b8f7738b
ui: Remove peering detail page (#13836)
* ui: Remove links to the peering detail page

* 404 everything
2022-07-21 17:38:10 +01:00
Michael Klein fdddf7af48
ui: peered services only show instance- and tags-tabs (#13840)
* Only show instances- and tags-tab peered services

* Adapt show-with-slashes test to peering changes

Tests always have the peering feature turned on and the default service
we load from the mock-api will be peered. This is why the topology
view of the service.show page will not be accessible in the updated
test it will show the instances instead. This change does not change
what the test is actually testing so just putting changing to the now
different url is fine.
2022-07-21 16:09:54 +01:00
Michael Klein 7863a00e2c
ui: Surface peer info in nodes.show view (#13832) 2022-07-21 15:35:54 +01:00
Michael Klein 1475ec0349
ui: Update peerings empty state copy (#13834) 2022-07-21 14:59:38 +01:00
Daniel Upton e3bff8fb39 proxycfg-glue: server-local implementation of `PeeredUpstreams`
This is the OSS portion of enterprise PR 2352.

It adds a server-local implementation of the proxycfg.PeeredUpstreams interface
based on a blocking query against the server's state store.

It also fixes an omission in the Virtual IP freeing logic where we were never
updating the max index (and therefore blocking queries against
VirtualIPsForAllImportedServices would not return on service deletion).
2022-07-21 13:51:59 +01:00
Krastin Krastev 1baf4d13d6
Merge pull request #12592 from krastin/krastin/docs/sidecarservice-typo
docs: clean-up sidecar service expanded definition
2022-07-21 10:21:48 +02:00
Krastin Krastev 7f2eea5be3 Merge branch 'main' into krastin/docs/sidecarservice-typo 2022-07-21 10:51:39 +03:00
Jared Kirschner 706e0def2e
Merge pull request #13682 from hashicorp/docs/deemphasize-token-query-param
docs: suggest using token header, not query param
2022-07-20 19:22:53 -04:00
Luke Kysow 4cec3bd9db
Add send mutex to protect against concurrent sends (#13805) 2022-07-20 15:48:18 -07:00
Jared Kirschner 7a58a4df96 docs: suggest using token header, not query param 2022-07-20 15:16:27 -07:00
Jared Kirschner 53ab2bd9d2
Merge pull request #13405 from hashicorp/jkirschner-hashicorp-patch-3
docs: correct Vault CA multiple namespace support
2022-07-20 17:52:32 -04:00