Commit graph

9152 commits

Author SHA1 Message Date
John Cowen 0acc5a5c4f
ui: Brings the new ACLs into line with the new repo folder structure (#4857)
This PR updates the folder structure and naming of the new ACLs, the same as #4694 .
2018-10-26 18:40:51 +01:00
John Cowen 54f293157b
ui: Some trivial test additions, support env var passing of port numbers (#4728)
1. Unskip some trivial tests that were being tested higher up
2. Istanbul ignore some code for coverage.
  1. Things that I didn't write and need to 100% follow
  2. The source code checking test that has Istanbul code injected into
  it
3. Add a few simple test cases
4. Support passing port numbers through to `ember serve` and `ember
test` for use cases that would benefit from being able to configure the
ports things are served over but still use `yarn run` thus reusing the
`yarn run` config in `package.json`
2018-10-26 17:50:43 +01:00
John Cowen a7228cf83d
ui: Move repo services to repository/ folder and standardize naming (#4694)
Repositories are a class of services to help with CRUD actions, most of
the functionality is reused across various Models. This creates a new
repository service that centralizes all this reused functionality.
Inheritance via ember `Service.extend` is used as opposed to
decorating via Mixins.

1. Move all repository services (and their tests) to a
services/repository folder
2. Standardize on a singular name format 'node vs nodes'
3. Create a new 'repository' service to centralize functionality. This
should be extended by 'repository' services
2018-10-26 17:36:15 +01:00
Rebecca Zanzig 478f1b749f
Merge pull request #4828 from hashicorp/docs/helm-16-getting-started
Update the `join` command format in the k8s Running Consul section
2018-10-25 15:47:14 -07:00
Rebecca Zanzig 3a961dc98b
Merge pull request #4854 from hashicorp/docs/k8s+helm
Add connectInject `image` info into helm docs
2018-10-25 15:07:36 -07:00
Hans Hasselberg 22481039ca
website: sync guides list with guides sidebar. (#4831) 2018-10-25 12:07:26 -07:00
Rebecca Zanzig 0ddfb602df Add connectInject image info into helm docs
This field was added back into the helm chart, but it was not added
back to the documentation. This adds it, then additionally fixes a
few typos in the same file.
2018-10-25 08:41:59 -07:00
Matt Keeler 2f42298565
New ACL API Tests (#4848)
* A few API mods and unit tests.

* Update the unit tests to verify query/write metadata and to fix the rules endpoint tests.

* Make sure the full information for the replication status is in the api packge
2018-10-25 11:09:46 -04:00
Yoann Fouquet 347a577815 website: mention node name for "agent/force-leave" HTTP endpoint (#4542)
* Adjust documentation for agent/force-leave endpoint

A node must be specified when calling agent/force-leave.
See:
 - https://github.com/hashicorp/consul/blob/master/agent/http_oss.go#L25
 - https://github.com/hashicorp/consul/blob/master/agent/agent_endpoint.go#L323
 - https://github.com/hashicorp/consul/blob/master/agent/agent.go#L1442

However, the documentation does not specify it.
Note that Consul returns "301 Moved Permanently v1/agent/force-leave/" when sending PUT request on "v1/agent/force-leave".

* Switch from node id to node name
2018-10-24 08:20:05 -07:00
Raja Nadar ca0d89399d docs: add return info for update and delete acl-token apis (#4584)
* Update Token API returns the ID of the token updated.
 * Delete Token API returns a raw text which is true for successful deletions
2018-10-24 11:11:51 -04:00
Evan Farrell d053a09981 terraform: fix formatting of consul.tf (#4580) 2018-10-24 08:02:38 -07:00
Raja Nadar a25f307957 website: update the response json fields for sessions (#4604)
Updated the response json with the true response from Consul 1.2.2
2018-10-24 07:33:25 -07:00
Matt Keeler 8fa3d61d25
Implement CLI token cloning & special ID handling (#4827)
* Implement CLI token cloning & special ID handling

* Update a couple CLI commands to take some alternative options.

* Document the CLI.

* Update the policy list and set-agent-token synopsis
2018-10-24 10:24:29 -04:00
Matt Keeler 0dd537e506
Fix the NonVoter Bootstrap test (#4786) 2018-10-24 10:23:50 -04:00
Martin Logan ca9a54bea5 website: Update deprecated script tag in example. (#4790)
Signed-off-by: Martin Logan <mlogan@fanatics.com>
2018-10-24 07:21:20 -07:00
Andreas Sommer c0b44c1af7 website: explain script exit code 1 in health check introduction guide (#4769) 2018-10-24 07:09:41 -07:00
Dhi Aurrahman 342e2696dc connect: Fix comment DYNAMIC_DNS to LOGICAL_DNS (#4799)
LOGICAL_DNS is one of the supported service discovery types [1].

[1] https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/service_discovery#arch-overview-service-discovery-types
2018-10-24 07:02:01 -07:00
Matt Keeler dc8403834d
Single quote a directory (#4846)
Allows building the dev docker container to work when you have spaces in your cwd.
2018-10-24 09:48:19 -04:00
Matt Keeler c95927a9a8
Fix some uuids and make it clear that the SecretID is used for agent tokens (#4845) 2018-10-24 09:47:55 -04:00
Rebecca Zanzig e3d9d570ed Update the join command format in the k8s Running Consul section
Based on info from consul-helm issue 16, the formatting of the helm
chart value for joining an external cluster needs to be specified
as a yaml array. This updates the documentation to reflect this.
2018-10-22 14:08:13 -07:00
Jack Pearkes d88c2eff11 website: add link to rc announce 2018-10-19 13:37:47 -07:00
Matt Keeler b816bee165 ACL documentation (#4824)
* Updating the ACL guide.

* Update the docs correctly

* Finish updating the ACL docs - for now.
2018-10-19 13:26:31 -07:00
banks 1724b30c9e
Release v1.4.0-rc1 2018-10-19 18:57:23 +00:00
Matt Keeler 08509f9526
Dont expect the freebsd/arm build 2018-10-19 14:50:51 -04:00
Matt Keeler 1f9fd5c071
Merge pull request #4823 from hashicorp/build-gopsutil
Fix build on uncommon platforms
2018-10-19 14:40:17 -04:00
Jack Pearkes 5951f842d3 vendor: upgrade to latest version of gopsutil 2018-10-19 11:33:23 -07:00
Jack Pearkes 61b91e7ba2 build: exclude freebsd/arm 2018-10-19 11:32:35 -07:00
Kyle Havlovitz 6f40708aca fsm: add Intention operations to transactions for internal use 2018-10-19 10:02:28 -07:00
Jack Pearkes 405db688f8
Update CHANGELOG.md 2018-10-19 09:57:06 -07:00
Jack Pearkes c2d8bea82a Update CHANGELOG.md 2018-10-19 09:54:59 -07:00
John Cowen 2dabff0e17
Update CHANGELOG.md 2018-10-19 17:50:04 +01:00
Matt Keeler 1d13e4ee57
Merge pull request #4822 from hashicorp/mis
A few misc fixes found by go vet
2018-10-19 12:42:56 -04:00
John Cowen 42919e91bb
ui: Adds multi syntax linting to the code editor (#4814) 2018-10-19 17:36:38 +01:00
Matt Keeler ec780595cb
Update CHANGELOG.md 2018-10-19 12:36:16 -04:00
Matt Keeler df507a4a55 A few misc fixes found by go vet 2018-10-19 12:28:36 -04:00
Matt Keeler 4c6afd2496
Merge pull request #4821 from hashicorp/release/1.4-staging
1.4 Release
2018-10-19 12:08:36 -04:00
Matt Keeler 99e0a124cb
New ACLs (#4791)
This PR is almost a complete rewrite of the ACL system within Consul. It brings the features more in line with other HashiCorp products. Obviously there is quite a bit left to do here but most of it is related docs, testing and finishing the last few commands in the CLI. I will update the PR description and check off the todos as I finish them over the next few days/week.
Description

At a high level this PR is mainly to split ACL tokens from Policies and to split the concepts of Authorization from Identities. A lot of this PR is mostly just to support CRUD operations on ACLTokens and ACLPolicies. These in and of themselves are not particularly interesting. The bigger conceptual changes are in how tokens get resolved, how backwards compatibility is handled and the separation of policy from identity which could lead the way to allowing for alternative identity providers.

On the surface and with a new cluster the ACL system will look very similar to that of Nomads. Both have tokens and policies. Both have local tokens. The ACL management APIs for both are very similar. I even ripped off Nomad's ACL bootstrap resetting procedure. There are a few key differences though.

    Nomad requires token and policy replication where Consul only requires policy replication with token replication being opt-in. In Consul local tokens only work with token replication being enabled though.
    All policies in Nomad are globally applicable. In Consul all policies are stored and replicated globally but can be scoped to a subset of the datacenters. This allows for more granular access management.
    Unlike Nomad, Consul has legacy baggage in the form of the original ACL system. The ramifications of this are:
        A server running the new system must still support other clients using the legacy system.
        A client running the new system must be able to use the legacy RPCs when the servers in its datacenter are running the legacy system.
        The primary ACL DC's servers running in legacy mode needs to be a gate that keeps everything else in the entire multi-DC cluster running in legacy mode.

So not only does this PR implement the new ACL system but has a legacy mode built in for when the cluster isn't ready for new ACLs. Also detecting that new ACLs can be used is automatic and requires no configuration on the part of administrators. This process is detailed more in the "Transitioning from Legacy to New ACL Mode" section below.
2018-10-19 12:04:07 -04:00
Jack Pearkes a10297c15b
website: minor notes about 1.4.0 (#4820) 2018-10-19 08:52:56 -07:00
Rebecca Zanzig f18a74e705 Update docs to include multiple tag support (#4797)
* Update docs to include multiple tag support

* Sort tags before using them in metrics

This addresses the potential proliferation of metrics if a query of
"?tag=foo&tag=bar" is treated differently than "?tag=bar&tag=foo".
Now, tags are always sorted before being recorded, making these two
emit the same metric.

* Add caveat about multiple tags returned by the metrics endpoint
2018-10-19 16:52:17 +01:00
John Cowen 52a62f2b8d UI: New ACLs (#4789)
UI to accompany the new ACLs APIs
2018-10-19 08:45:05 -07:00
Hans Hasselberg bd37633df8 Update CHANGELOG.md 2018-10-19 08:45:02 -07:00
Hans Hasselberg d9a530f9ae Update CHANGELOG.md 2018-10-19 08:44:18 -07:00
Hans Hasselberg 36bcea9f33 website: update sprockets and ffi to dodge CVEs (#4781)
* Update sprockets to dodge CVE-2018-3760 and CVE-2014-7819
* update ffi to dodge CVE-2018-1000201
2018-10-19 08:41:04 -07:00
Pierre Souchay a72f92cac6 dns: implements prefix lookups for DNS TTL (#4605)
This will fix https://github.com/hashicorp/consul/issues/4509 and allow forinstance lb-* to match services lb-001 or lb-service-007.
2018-10-19 08:41:04 -07:00
Aestek 2e1015b3ba website: add service weights documentation in API doc (#4776)
Adds weights documentation to the following API routes :
* Agent: List Services
* Agent Register Service
* Health: List Nodes for Service
2018-10-19 08:41:03 -07:00
Jack Pearkes e0e33aee26 website: note Envoy support in Nomad guide (#4787) 2018-10-19 08:41:03 -07:00
Jack Pearkes 197d62c6ca New command: consul debug (#4754)
* agent/debug: add package for debugging, host info

* api: add v1/agent/host endpoint

* agent: add v1/agent/host endpoint

* command/debug: implementation of static capture

* command/debug: tests and only configured targets

* agent/debug: add basic test for host metrics

* command/debug: add methods for dynamic data capture

* api: add debug/pprof endpoints

* command/debug: add pprof

* command/debug: timing, wg, logs to disk

* vendor: add gopsutil/disk

* command/debug: add a usage section

* website: add docs for consul debug

* agent/host: require operator:read

* api/host: improve docs and no retry timing

* command/debug: fail on extra arguments

* command/debug: fixup file permissions to 0644

* command/debug: remove server flags

* command/debug: improve clarity of usage section

* api/debug: add Trace for profiling, fix profile

* command/debug: capture profile and trace at the same time

* command/debug: add index document

* command/debug: use "clusters" in place of members

* command/debug: remove address in output

* command/debug: improve comment on metrics sleep

* command/debug: clarify usage

* agent: always register pprof handlers and protect

This will allow us to avoid a restart of a target agent
for profiling by always registering the pprof handlers.

Given this is a potentially sensitive path, it is protected
with an operator:read ACL and enable debug being
set to true on the target agent. enable_debug still requires
a restart.

If ACLs are disabled, enable_debug is sufficient.

* command/debug: use trace.out instead of .prof

More in line with golang docs.

* agent: fix comment wording

* agent: wrap table driven tests in t.run()
2018-10-19 08:41:03 -07:00
Kyle Havlovitz 96a35f8abc re-add Connect multi-dc config changes
This reverts commit 8bcfbaffb6588b024cd1a3cf0952e6bfa7d9e900.
2018-10-19 08:41:03 -07:00
John Cowen 3ec70b62a3
ui: Fix freetext searching within the nodes page (#4819)
Essentially this was missing a call to `super`. The error unfortuantely
didn't arise in the tests as it only errors when the node list has 4
items are more (the 4 columns), and the acceptence tests by change were
only filling the page with 3 nodes for test purposes.

I've bumped the amount of nodes up to 4 in the tests, which then causes
the tests to fail, made the fix by adding the `super` call, and the
tests now pass.

I also tested the UI/text searching on a 10,000 node system, and
everything now works as expected.
2018-10-19 14:31:22 +01:00
Rebecca Zanzig eb81b49c34
Merge pull request #4812 from hashicorp/docs/helm-16
Add additional formatting detail to the Helm `join` command docs
2018-10-18 13:43:13 -07:00