Commit Graph

1953 Commits

Author SHA1 Message Date
R.B. Boyer 91e78e00c7
fix typos reported by golangci-lint:misspell (#5434) 2019-03-06 11:13:28 -06:00
R.B. Boyer 28b87063e3 fix a few leap-year related clock math inaccuracies and failing tests 2019-03-01 13:51:49 -06:00
Matt Keeler 0c76a4389f
ACL Token Persistence and Reloading (#5328)
This PR adds two features which will be useful for operators when ACLs are in use.

1. Tokens set in configuration files are now reloadable.
2. If `acl.enable_token_persistence` is set to `true` in the configuration, tokens set via the `v1/agent/token` endpoint are now persisted to disk and loaded when the agent starts (or during configuration reload)

Note that token persistence is opt-in so our users who do not want tokens on the local disk will see no change.

Some other secondary changes:

* Refactored a bunch of places where the replication token is retrieved from the token store. This token isn't just for replicating ACLs and now it is named accordingly.
* Allowed better paths in the `v1/agent/token/` API. Instead of paths like: `v1/agent/token/acl_replication_token` the path can now be just `v1/agent/token/replication`. The old paths remain to be valid. 
* Added a couple new API functions to set tokens via the new paths. Deprecated the old ones and pointed to the new names. The names are also generally better and don't imply that what you are setting is for ACLs but rather are setting ACL tokens. There is a minor semantic difference there especially for the replication token as again, its no longer used only for ACL token/policy replication. The new functions will detect 404s and fallback to using the older token paths when talking to pre-1.4.3 agents.
* Docs updated to reflect the API additions and to show using the new endpoints.
* Updated the ACL CLI set-agent-tokens command to use the non-deprecated APIs.
2019-02-27 14:28:31 -05:00
Alvin Huang 255e6c6087 add serf check to TestLockCommand 2019-02-22 17:34:45 -05:00
Matt Keeler a34f8c751e
Pass a testing.T into NewTestAgent and TestAgent.Start (#5342)
This way we can avoid unnecessary panics which cause other tests not to run.

This doesn't remove all the possibilities for panics causing other tests not to run, it just fixes the TestAgent
2019-02-14 10:59:14 -05:00
R.B. Boyer 57be6ca215 correct some typos 2019-02-13 13:02:12 -06:00
R.B. Boyer eccc33c50a
cli: fix typo in help text for 'consul acl role read' (#5311) 2019-02-04 15:16:15 -06:00
R.B. Boyer df546ad924
incorrect examples for 'consul acl policy' commands (#5303) 2019-02-01 09:16:36 -06:00
Matt Keeler ad16cc2682
Basic TLS Command Tests (#5259)
* Add tls ca create tests

* Add a basic tls cert create test
2019-01-23 15:48:57 -05:00
Matt Keeler f0b0abee32
Fix typo that prevented using the default ca domain for tls cert creation (#5258) 2019-01-23 13:14:28 -05:00
Hans Hasselberg 8356f6246f
agent: display messages from serf in cli (#5236)
* display messages from serf in cli
2019-01-22 21:08:50 +01:00
Grégoire Seux 6a57c7fec5 Implement /v1/agent/health/service/<service name> endpoint (#3551)
This endpoint aggregates all checks related to <service id> on the agent
and return an appropriate http code + the string describing the worst
check.

This allows to cleanly expose service status to other component, hiding
complexity of multiple checks.
This is especially useful to use consul to feed a load balancer which
would delegate health checking to consul agent.

Exposing this endpoint on the agent is necessary to avoid a hit on
consul servers and avoid decreasing resiliency (this endpoint will work
even if there is no consul leader in the cluster).
2019-01-07 09:39:23 -05:00
Boris Popovschi 8831b043ab Fixed gziping function for debug archive (#5184) 2019-01-03 10:39:58 -05:00
Hans Hasselberg 1a520d65b4
Builtin tls helper (#5078)
* command: add tls subcommand
* website: update docs and guide
2018-12-19 09:22:49 +01:00
Jack Pearkes 5faa61a906 Doc changes for 1.4 Final (#4870)
* website: add multi-dc enterprise landing page

* website: switch all 1.4.0 alerts/RC warnings

* website: connect product wording

Co-Authored-By: pearkes <jackpearkes@gmail.com>

* website: remove RC notification

* commmand/acl: fix usage docs for ACL tokens

* agent: remove comment, OperatorRead

* website: improve multi-dc docs

Still not happy with this but tried to make it slightly more informative.

* website: put back acl guide warning for 1.4.0

* website: simplify multi-dc page and respond to feedback

* Fix Multi-DC typos on connect index page.

* Improve Multi-DC overview.

A full guide is a WIP and will be added post-release.

* Fixes typo avaiable > available
2018-11-13 13:43:53 +00:00
Paul Banks 952ee6f546
Allow ACL legacy migration via CLI (#4882)
* Adds a flag to `consul acl token update` that allows legacy ACLs to be upgraded via the CLI.

Also fixes a bug where descriptions are deleted if not specified.

* Remove debug
2018-11-05 14:32:09 +00:00
R.B. Boyer 917488abc2 command/debug: make better use of atomic operations to write out the debug snapshots to disk 2018-11-02 13:13:49 -05:00
R.B. Boyer a5d57f5326
fix comment typos (#4890) 2018-11-02 12:00:39 -05:00
Paul Banks d24a65eb8c
Doc and whitespace fixes for translate-rules command (#4877) 2018-10-31 17:28:04 +00:00
Martin Halder 62dae2fd9f website: fix minor typo in documentation (#4864) 2018-10-29 01:33:42 -07:00
Matt Keeler 8fa3d61d25
Implement CLI token cloning & special ID handling (#4827)
* Implement CLI token cloning & special ID handling

* Update a couple CLI commands to take some alternative options.

* Document the CLI.

* Update the policy list and set-agent-token synopsis
2018-10-24 10:24:29 -04:00
Dhi Aurrahman 342e2696dc connect: Fix comment DYNAMIC_DNS to LOGICAL_DNS (#4799)
LOGICAL_DNS is one of the supported service discovery types [1].

[1] https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/service_discovery#arch-overview-service-discovery-types
2018-10-24 07:02:01 -07:00
Matt Keeler 99e0a124cb
New ACLs (#4791)
This PR is almost a complete rewrite of the ACL system within Consul. It brings the features more in line with other HashiCorp products. Obviously there is quite a bit left to do here but most of it is related docs, testing and finishing the last few commands in the CLI. I will update the PR description and check off the todos as I finish them over the next few days/week.
Description

At a high level this PR is mainly to split ACL tokens from Policies and to split the concepts of Authorization from Identities. A lot of this PR is mostly just to support CRUD operations on ACLTokens and ACLPolicies. These in and of themselves are not particularly interesting. The bigger conceptual changes are in how tokens get resolved, how backwards compatibility is handled and the separation of policy from identity which could lead the way to allowing for alternative identity providers.

On the surface and with a new cluster the ACL system will look very similar to that of Nomads. Both have tokens and policies. Both have local tokens. The ACL management APIs for both are very similar. I even ripped off Nomad's ACL bootstrap resetting procedure. There are a few key differences though.

    Nomad requires token and policy replication where Consul only requires policy replication with token replication being opt-in. In Consul local tokens only work with token replication being enabled though.
    All policies in Nomad are globally applicable. In Consul all policies are stored and replicated globally but can be scoped to a subset of the datacenters. This allows for more granular access management.
    Unlike Nomad, Consul has legacy baggage in the form of the original ACL system. The ramifications of this are:
        A server running the new system must still support other clients using the legacy system.
        A client running the new system must be able to use the legacy RPCs when the servers in its datacenter are running the legacy system.
        The primary ACL DC's servers running in legacy mode needs to be a gate that keeps everything else in the entire multi-DC cluster running in legacy mode.

So not only does this PR implement the new ACL system but has a legacy mode built in for when the cluster isn't ready for new ACLs. Also detecting that new ACLs can be used is automatic and requires no configuration on the part of administrators. This process is detailed more in the "Transitioning from Legacy to New ACL Mode" section below.
2018-10-19 12:04:07 -04:00
Jack Pearkes 197d62c6ca New command: consul debug (#4754)
* agent/debug: add package for debugging, host info

* api: add v1/agent/host endpoint

* agent: add v1/agent/host endpoint

* command/debug: implementation of static capture

* command/debug: tests and only configured targets

* agent/debug: add basic test for host metrics

* command/debug: add methods for dynamic data capture

* api: add debug/pprof endpoints

* command/debug: add pprof

* command/debug: timing, wg, logs to disk

* vendor: add gopsutil/disk

* command/debug: add a usage section

* website: add docs for consul debug

* agent/host: require operator:read

* api/host: improve docs and no retry timing

* command/debug: fail on extra arguments

* command/debug: fixup file permissions to 0644

* command/debug: remove server flags

* command/debug: improve clarity of usage section

* api/debug: add Trace for profiling, fix profile

* command/debug: capture profile and trace at the same time

* command/debug: add index document

* command/debug: use "clusters" in place of members

* command/debug: remove address in output

* command/debug: improve comment on metrics sleep

* command/debug: clarify usage

* agent: always register pprof handlers and protect

This will allow us to avoid a restart of a target agent
for profiling by always registering the pprof handlers.

Given this is a potentially sensitive path, it is protected
with an operator:read ACL and enable debug being
set to true on the target agent. enable_debug still requires
a restart.

If ACLs are disabled, enable_debug is sufficient.

* command/debug: use trace.out instead of .prof

More in line with golang docs.

* agent: fix comment wording

* agent: wrap table driven tests in t.run()
2018-10-19 08:41:03 -07:00
Aestek 260a9880ae [Security] Add finer control over script checks (#4715)
* Add -enable-local-script-checks options

These options allow for a finer control over when script checks are enabled by
giving the option to only allow them when they are declared from the local
file system.

* Add documentation for the new option

* Nitpick doc wording
2018-10-11 13:22:11 +01:00
Paul Banks 0523efa2fe merge feedback: fix typos; actually use deliverLatest added previously but not plumbed in 2018-10-10 16:55:34 +01:00
Paul Banks bcf2cc2de3 cli: envoy command default gRPC port (#4768)
* Default gRPC port; Start on some basic tests for argument and ENV handling; Make Exec test less platform-dependent.

* Allow hot-restarts

* Remove debug
2018-10-10 16:55:34 +01:00
R.B. Boyer 4427417140 cli: avoid passing envoy bootstrap configuration as arguments (#4747)
Play a trick with CLOEXEC to pass the envoy bootstrap configuration as
an open file descriptor to the exec'd envoy process. The file only
briefly touches disk before being unlinked.

We convince envoy to read from this open file descriptor by using the
/dev/fd/$FDNUMBER mechanism to read the open file descriptor as a file.

Because the filename no longer has an extension envoy's sniffing logic
falls back on JSON instead of YAML, so the bootstrap configuration must
be generated as JSON instead.
2018-10-10 16:55:34 +01:00
Paul Banks 7a8023a57f Fix up tests broken by master merge; add proxy tests to services command (and fix it!); actually run the proxycfg.Manager 2018-10-10 16:55:34 +01:00
Paul Banks 1e4c5a1811 Connect Envoy Command (#4735)
* Plumb xDS server and proxyxfg into the agent startup

* Add `consul connect envoy` command to allow running Envoy as a connect sidecar.

* Add test for help tabs; typos and style fixups from review
2018-10-10 16:55:34 +01:00
Paul Banks cba42d6790 XDS Server Config (#4730)
* Config for the coming XDS server

* Default gRPC to 8502 for -dev mode; Re-merge the command Info output that shows gRPC.
2018-10-10 16:55:34 +01:00
Paul Banks 979e1c9c94 Add -sidecar-for and new /agent/service/:service_id endpoint (#4691)
- A new endpoint `/v1/agent/service/:service_id` which is a generic way to look up the service for a single instance. The primary value here is that it:
   - **supports hash-based blocking** and so;
   - **replaces `/agent/connect/proxy/:proxy_id`** as the mechanism the built-in proxy uses to read its config.
   - It's not proxy specific and so works for any service.
   - It has a temporary shim to call through to the existing endpoint to preserve current managed proxy config defaulting behaviour until that is removed entirely (tested).
 - The built-in proxy now uses the new endpoint exclusively for it's config
 - The built-in proxy now has a `-sidecar-for` flag that allows the service ID of the _target_ service to be specified, on the condition that there is exactly one "sidecar" proxy (that is one that has `Proxy.DestinationServiceID` set) for the service registered.
 - Several fixes for edge cases for SidecarService
 - A fix for `Alias` checks - when running locally they didn't update their state until some external thing updated the target. If the target service has no checks registered as below, then the alias never made it past critical.
2018-10-10 16:55:34 +01:00
Paul Banks 92fe8c8e89 Add Proxy Upstreams to Service Definition (#4639)
* Refactor Service Definition ProxyDestination.

This includes:
 - Refactoring all internal structs used
 - Updated tests for both deprecated and new input for:
   - Agent Services endpoint response
   - Agent Service endpoint response
   - Agent Register endpoint
     - Unmanaged deprecated field
     - Unmanaged new fields
     - Managed deprecated upstreams
     - Managed new
   - Catalog Register
     - Unmanaged deprecated field
     - Unmanaged new fields
     - Managed deprecated upstreams
     - Managed new
   - Catalog Services endpoint response
   - Catalog Node endpoint response
   - Catalog Service endpoint response
 - Updated API tests for all of the above too (both deprecated and new forms of register)

TODO:
 - config package changes for on-disk service definitions
 - proxy config endpoint
 - built-in proxy support for new fields

* Agent proxy config endpoint updated with upstreams

* Config file changes for upstreams.

* Add upstream opaque config and update all tests to ensure it works everywhere.

* Built in proxy working with new Upstreams config

* Command fixes and deprecations

* Fix key translation, upstream type defaults and a spate of other subtele bugs found with ned to end test scripts...

TODO: tests still failing on one case that needs a fix. I think it's key translation for upstreams nested in Managed proxy struct.

* Fix translated keys in API registration.
≈

* Fixes from docs
 - omit some empty undocumented fields in API
 - Bring back ServiceProxyDestination in Catalog responses to not break backwards compat - this was removed assuming it was only used internally.

* Documentation updates for Upstreams in service definition

* Fixes for tests broken by many refactors.

* Enable travis on f-connect branch in this branch too.

* Add consistent Deprecation comments to ProxyDestination uses

* Update version number on deprecation notices, and correct upstream datacenter field with explanation in docs
2018-10-10 16:55:34 +01:00
Paul Banks bed72f6078 Rename proxy package (re-run of #4550) (#4638)
* Rename agent/proxy package to reflect that it is limited to managed proxy processes

Rationale: we have several other components of the agent that relate to Connect proxies for example the ProxyConfigManager component needed for Envoy work. Those things are pretty separate from the focus of this package so far which is only concerned with managing external proxy processes so it's nota good fit to put code for that in here, yet there is a naming clash if we have other packages related to proxy functionality that are not in the `agent/proxy` package.

Happy to bikeshed the name. I started by calling it `managedproxy` but `managedproxy.Manager` is especially unpleasant. `proxyprocess` seems good in that it's more specific about purpose but less clearly connected with the concept of "managed proxies". The names in use are cleaner though e.g. `proxyprocess.Manager`.

This rename was completed automatically using golang.org/x/tools/cmd/gomvpkg.

Depends on #4541

* Fix missed windows tagged files
2018-10-10 16:55:34 +01:00
Mitchell Hashimoto 95d5089bd8
command/services: just add additional output feedback on success 2018-10-02 12:48:46 -07:00
Mitchell Hashimoto 5fb6bf481e
command/services: add test to ensure that dev mode introduces no
services
2018-10-02 12:45:00 -07:00
Mitchell Hashimoto 1b7f836398
command: register new commands 2018-10-01 09:17:36 -07:00
Mitchell Hashimoto 74b297faef
command/services/register: flag-based registration 2018-10-01 09:16:14 -07:00
Mitchell Hashimoto 6459387cd8
command/services/deregister: tests for flag validation 2018-10-01 08:55:32 -07:00
Mitchell Hashimoto 0f82c9570b
command/services/deregister: -id flag for deletion 2018-10-01 08:53:30 -07:00
Mitchell Hashimoto c69d845edf
command/services/deregister: basics working from file 2018-10-01 08:39:27 -07:00
Mitchell Hashimoto 85f6ea4007
command/services: move the config helpers to parent package 2018-10-01 08:27:59 -07:00
Mitchell Hashimoto 664d4badd5
command/services/register: registration from files work 2018-10-01 08:05:57 -07:00
Mitchell Hashimoto a125cb02b1
command/services/register: config mapping tests 2018-09-30 19:17:45 -07:00
Mitchell Hashimoto 0997792cea
command/services 2018-09-27 23:52:17 -07:00
Benjamin Sago 9aa00d45b6 Exit with error code 1 when failing to list DCs (#4583)
Fixes #4582.
2018-09-12 09:55:02 -07:00
Pierre Souchay 5ecf9823d2 Fix more unstable tests in agent and command 2018-09-12 14:49:27 +01:00
Pierre Souchay 7a42c31330 Fix unstable tests in agent, api, and command/watch 2018-09-10 16:58:53 +01:00
Pierre Souchay 473e589d86 Implementation of Weights Data structures (#4468)
* Implementation of Weights Data structures

Adding this datastructure will allow us to resolve the
issues #1088 and #4198

This new structure defaults to values:
```
   { Passing: 1, Warning: 0 }
```

Which means, use weight of 0 for a Service in Warning State
while use Weight 1 for a Healthy Service.
Thus it remains compatible with previous Consul versions.

* Implemented weights for DNS SRV Records

* DNS properly support agents with weight support while server does not (backwards compatibility)

* Use Warning value of Weights of 1 by default

When using DNS interface with only_passing = false, all nodes
with non-Critical healthcheck used to have a weight value of 1.
While having weight.Warning = 0 as default value, this is probably
a bad idea as it breaks ascending compatibility.

Thus, we put a default value of 1 to be consistent with existing behaviour.

* Added documentation for new weight field in service description

* Better documentation about weights as suggested by @banks

* Return weight = 1 for unknown Check states as suggested by @banks

* Fixed typo (of -> or) in error message as requested by @mkeeler

* Fixed unstable unit test TestRetryJoin

* Fixed unstable tests

* Fixed wrong Fatalf format in `testrpc/wait.go`

* Added notes regarding DNS SRV lookup limitations regarding number of instances

* Documentation fixes and clarification regarding SRV records with weights as requested by @banks

* Rephrase docs
2018-09-07 15:30:47 +01:00
Pierre Souchay e974ebd62e Fixed flaky tests (#4626) 2018-09-04 12:31:51 +01:00
Siva Prasad 59dea9a31f
Adds a new command line flag -log-file for file based logging. (#4581)
* Added log-file flag to capture Consul logs in a user specified file

* Refactored code.

* Refactored code. Added flags to rotate logs based on bytes and duration

* Added the flags for log file and log rotation on the webpage

* Fixed TestSantize from failing due to the addition of 3 flags

* Introduced changes : mutex, data-dir log writes, rotation logic

* Added test for logfile and updated the default log destination for docs

* Log name now uses UnixNano

* TestLogFile is now uses t.Parallel()

* Removed unnecessary int64Val function

* Updated docs to reflect default log name for log-file

* No longer writes to data-dir and adds .log if the filename has no extension
2018-08-29 16:56:58 -04:00
Pierre Souchay 09ff5f7224 Fixed unit test TestCatalogListServicesCommand (#4592) 2018-08-27 13:53:46 -04:00
Pierre Souchay 73824ab65f Fixed unstable test TestRTTCommand_LAN in command/rtt (#4585) 2018-08-27 11:37:13 -04:00
Pierre Souchay 5f603d86ad Fix unstable test TestRegisterMonitor_heartbeat (#4568) 2018-08-24 13:33:58 -04:00
Shubheksha 1afcabb0a2 replace old fork of text package (#4501) 2018-08-14 12:23:18 -07:00
Freddy cbe61dfcec
Improve reliability of tests with TestAgent (#4525)
- Add WaitForTestAgent to tests flaky due to missing serfHealth registration

- Fix bug in retries calling Fatalf with *testing.T

- Convert TestLockCommand_ChildExitCode to table driven test
2018-08-14 12:08:33 -04:00
Freddy e06cdb5278
Address flakiness in command/exec tests (#4517)
* Add fn to wait for TestAgent node and check registration

* Add waits for TestAgent and retries before timeouts in exec_test
2018-08-10 15:04:07 -04:00
Pierre Souchay fd927ea110 BUGFIX: Unit test relying on WaitForLeader() did not work due to wrong test (#4472)
- Improve resilience of testrpc.WaitForLeader()

- Add additionall retry to CI

- Increase "go test" timeout to 8m

- Add wait for cluster leader to several tests in the agent package

- Add retry to some tests in the api and command packages
2018-08-06 19:46:09 -04:00
Mitchell Hashimoto d0d40a4c34
Merge pull request #4314 from hashicorp/b-ignore-check
command/connect/proxy: ignore check doesn't exist on -register
2018-07-25 11:26:40 -05:00
Mitchell Hashimoto 9091f2b108
command/connect/proxy: ignore check doesn't exist on -register 2018-06-29 10:58:06 -07:00
Siva 2182e289a3 Merge branch 'master' of github.com:hashicorp/consul into WinService 2018-06-26 16:49:50 -04:00
Paul Banks ca68136ac7 Refactor to use embedded struct. 2018-06-25 12:25:39 -07:00
Paul Banks 23be6ad1c8 StartupTelemetry => InitTelemetry 2018-06-25 12:25:39 -07:00
Paul Banks 93f346431b WIP 2018-06-25 12:25:38 -07:00
Paul Banks 01594710c6 Fix unreachable code warning from go vet 2018-06-25 12:24:15 -07:00
Paul Banks d140612350 Fixs a few issues that stopped this working in real life but not caught by tests:
- Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed.
 - Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart
 - Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later
 - Naming things
2018-06-25 12:24:14 -07:00
Mitchell Hashimoto 692f1ef357 command/connect/proxy: can specify prepared query upstream types 2018-06-25 12:24:13 -07:00
Paul Banks 3bac52480e Abandon daemonize for simpler solution (preserving history):
Reverts:
  - bdb274852ae469c89092d6050697c0ff97178465
  - 2c689179c4f61c11f0016214c0fc127a0b813bfe
  - d62e25c4a7ab753914b6baccd66f88ffd10949a3
  - c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
  - 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
  - 85c3f8df3eabc00f490cd392213c3b928a85aa44
2018-06-25 12:24:10 -07:00
Paul Banks e1aca748c4 Make daemoinze an option on test binary without hacks. Misc fixes for racey or broken tests. Still failing on several though. 2018-06-25 12:24:09 -07:00
Paul Banks c97db00903 Run daemon processes as a detached child.
This turns out to have a lot more subtelty than we accounted for. The test suite is especially prone to races now we can only poll the child and many extra levels of indirectoin are needed to correctly run daemon process without it becoming a Zombie.

I ran this test suite in a loop with parallel enabled to verify for races (-race doesn't find any as they are logical inter-process ones not actual data races). I made it through ~50 runs before hitting an error due to timing which is much better than before. I want to go back and see if we can do better though. Just getting this up.
2018-06-25 12:24:08 -07:00
Siva e54fbbba51 Graceful exits added 2018-06-20 14:42:08 -04:00
Kyle Havlovitz 33d1d01374
Clarify CA commands' help text 2018-06-14 09:42:23 -07:00
Kyle Havlovitz 96f4ff961c
Add CA CLI commands for getting/setting config 2018-06-14 09:42:22 -07:00
Mitchell Hashimoto 118aa0f00a
command/connect/proxy: register monitor tests 2018-06-14 09:42:22 -07:00
Mitchell Hashimoto 771842255a
address comment feedback 2018-06-14 09:42:22 -07:00
Mitchell Hashimoto 021782c36b
command/connect/proxy: register monitor and -register flag 2018-06-14 09:42:22 -07:00
Mitchell Hashimoto 351a9585e4
command/connect/proxy: output information when starting similar to agent 2018-06-14 09:42:21 -07:00
Mitchell Hashimoto 82ba167757
command/connect/proxy: detailed help 2018-06-14 09:42:21 -07:00
Mitchell Hashimoto 01c3564158
command/connect/proxy: -service-addr required for -listen 2018-06-14 09:42:21 -07:00
Mitchell Hashimoto a750254b28
command/connect/proxy: can set public listener from flags 2018-06-14 09:42:21 -07:00
Mitchell Hashimoto b531919181
command/connect/proxy: tests for configuration 2018-06-14 09:42:21 -07:00
Mitchell Hashimoto 3e8ea58585
command/connect/proxy: accept -service and -upstream 2018-06-14 09:42:21 -07:00
Mitchell Hashimoto b28e2b8622
connect/proxy: don't require proxy ID 2018-06-14 09:42:20 -07:00
Mitchell Hashimoto 1476745bdc
command/intention: address comment feedback 2018-06-14 09:42:20 -07:00
Mitchell Hashimoto 0fe99f4f14
command/intention/create: -replace does an atomic change 2018-06-14 09:42:20 -07:00
Mitchell Hashimoto f03fa81e6a
command/intention/match 2018-06-14 09:42:19 -07:00
Mitchell Hashimoto afbe0c3e6c
command/intention/delete: tests 2018-06-14 09:42:19 -07:00
Mitchell Hashimoto 15ce2643e5
command/intention/check: check tests 2018-06-14 09:42:19 -07:00
Mitchell Hashimoto 8df851c1ea
command/intention/get: tests 2018-06-14 09:42:19 -07:00
Mitchell Hashimoto 50e179c3af
command/intention/match 2018-06-14 09:42:19 -07:00
Mitchell Hashimoto 5ed57b393c
command/intentions/check 2018-06-14 09:42:19 -07:00
Mitchell Hashimoto e055f40612
command/intention/create: -replace flag, jank, we should change to PUT 2018-06-14 09:42:19 -07:00
Mitchell Hashimoto 4caeaaaa21
command/intentions/delete 2018-06-14 09:42:19 -07:00
Mitchell Hashimoto aead9cd422
command/intention/get: the get command without tests 2018-06-14 09:42:18 -07:00
Mitchell Hashimoto 77d0360de1
command/intention/finder: package for finding based on src/dst 2018-06-14 09:42:18 -07:00
Mitchell Hashimoto a1a7eaa876
command/intention/create 2018-06-14 09:42:18 -07:00
Mitchell Hashimoto 4100c9567f
command/connect/proxy: set ACL token based on proxy token flag 2018-06-14 09:42:14 -07:00
Mitchell Hashimoto 9435d8088c
command/connect/proxy: set proxy ID from env var if set 2018-06-14 09:42:14 -07:00
Paul Banks 153808db7c
Don't allow connect watches in agent/cli yet 2018-06-14 09:42:06 -07:00
Paul Banks 072b2a79ca
Support legacy watch.HandlerFunc type for backward compat reduces impact of change 2018-06-14 09:42:05 -07:00
Paul Banks 6f566f750e
Basic `watch` support for connect proxy config and certificate endpoints.
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
 - Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
 - Integration into `connect` is partially done here but still WIP
2018-06-14 09:42:05 -07:00
Paul Banks 51b1bc028d
Rework connect/proxy and command/connect/proxy. End to end demo working again 2018-06-14 09:41:57 -07:00
Paul Banks 800deb693c
Original proxy and connect.Client implementation. Working end to end. 2018-06-14 09:41:56 -07:00
Paul Banks 2973dd6a68
Merge pull request #4194 from hashicorp/fix-kv-del-validation
Fix KV del command validation error
2018-06-05 16:58:14 +01:00
Matt Keeler e043621dd3
Merge pull request #4156 from hashicorp/enterprise-coexistence
Enterprise/Licensing Cleanup
2018-06-05 10:50:32 -04:00
Paul Banks 0b9ff5c2b9
Fix KV del command validation error
This has an explcit unit test already which somehow passes at least some of the time. I suspect it passes because under some conditions the actual KV delete fails and returns non-zero as well as printing the warning which is what is being checked for in the test.

For some reason despite working for quite some time like this, I now have a branch in which this test fails consistently. It may be a timing/env issue where another process running an agent causes the delete to be successful so the command returns a 0 by chance. Either way this is clearly wrong and fixing it stops the test being flaky in my branch.
2018-06-05 13:18:16 +01:00
Kyle Havlovitz 1e47c757c2
command/agent: don't re-parse the flags on reload 2018-05-31 16:59:51 -07:00
Matt Keeler 34c84aabb5 Move data source loading into a command helpers function 2018-05-24 10:34:08 -04:00
Paul Banks 06e1a62653
Merge pull request #4016 from pierresouchay/support_for_prometheus
Support for prometheus for metrics endpoint
2018-04-24 16:14:43 +01:00
Matt Keeler 3026ac4198
Merge pull request #4024 from jen20/signal-notify-once
Only call signal.Notify once during agent startup
2018-04-20 12:37:01 -04:00
Kyle Havlovitz be10300d06
Update make static-assets goal and run format 2018-04-13 09:57:25 -07:00
James Nugent e96b2b8d09 Only call signal.Notify once during agent startup
Calling twice appears to have no adverse effects, however serves to
confuse as to what the semantics of such code may be! This seems like it
was probably introduced while resolving conflicts during the merge of
the fix for #2404.
2018-04-10 20:44:50 -05:00
Pierre Souchay 2e495ec8a6 Now use prometheus_retention_time > 0 to enable prometheus support 2018-04-06 14:21:05 +02:00
Pierre Souchay 583744d8c5 Added support exposing metrics in Prometheus format 2018-04-06 09:18:06 +02:00
Matt Keeler 8a9240ff78 Address PR feedback 2018-04-02 09:23:01 -04:00
Matt Keeler 5ddca9633f Update unit-tests to use requirements instead of manual checks. 2018-03-30 10:55:21 -04:00
Matt Keeler 3cefdd63d7 Update case of member in comment 2018-03-29 15:06:48 -04:00
Matt Keeler 7753fa25f6 Formatting update 2018-03-29 14:35:49 -04:00
Matt Keeler 0bf8adfbe0 GH-3996: Add config-format flag to validate subcommand 2018-03-29 14:30:05 -04:00
Guido Iaquinti 244fc72b05 Add package name to log output 2018-03-21 15:56:14 +00:00
Josh Soref 1dd8c378b9 Spelling (#3958)
* spelling: another

* spelling: autopilot

* spelling: beginning

* spelling: circonus

* spelling: default

* spelling: definition

* spelling: distance

* spelling: encountered

* spelling: enterprise

* spelling: expands

* spelling: exits

* spelling: formatting

* spelling: health

* spelling: hierarchy

* spelling: imposed

* spelling: independence

* spelling: inspect

* spelling: last

* spelling: latest

* spelling: client

* spelling: message

* spelling: minimum

* spelling: notify

* spelling: nonexistent

* spelling: operator

* spelling: payload

* spelling: preceded

* spelling: prepared

* spelling: programmatically

* spelling: required

* spelling: reconcile

* spelling: responses

* spelling: request

* spelling: response

* spelling: results

* spelling: retrieve

* spelling: service

* spelling: significantly

* spelling: specifies

* spelling: supported

* spelling: synchronization

* spelling: synchronous

* spelling: themselves

* spelling: unexpected

* spelling: validations

* spelling: value
2018-03-19 16:56:00 +00:00
Paul Banks 69ebbf3e79
Fixes #3891: agent monitor no longer unresponsive before logs stream.
The root cause is actually that the agent's streaming HTTP API didn't flush until the first log line was found which commonly was pretty soon since the default level is INFO. In cases where there were no logs immediately due to level for instance, the client gets stuck in the HTTP code waiting on a response packet from the server before we enter the loop that checks the shutdown channel from the signal handler.

This fix flushes the initial status immediately on the streaming endpoint which lets the client code get into it's expected state where it's listening for shutdown or log lines.
2018-02-19 21:53:10 +00:00
Kyle Havlovitz 7f3a1c1175
Pull http config flag merge into public method 2018-02-05 15:00:04 -08:00
Veselkov Konstantin 05666113a4 remove golint warnings 2018-01-28 22:40:13 +04:00
Chad Whitacre 923e2c8535 Fix typo 2018-01-05 15:24:44 -05:00
Kyle Havlovitz 6b58df5898
Merge pull request #3737 from hashicorp/autopilot-refactor
Move autopilot to a standalone package
2017-12-15 14:09:40 -08:00
James Phillips 6cfb74d5bd
Adds -base64 support to kv get command.
Fixes #3736
2017-12-14 17:28:04 -08:00
Kyle Havlovitz 8546a1d3c6
Move autopilot to a standalone package 2017-12-11 16:45:33 -08:00
James Phillips 8fb08c7ede
Adds a registry mechanism for CLI commands. 2017-11-29 18:36:52 -08:00
Kyle Havlovitz fb464a8c0d
Fix a panic in snapshot inspect command 2017-10-30 14:51:08 -07:00
Frank Schroeder 1dab004335
Decouple the code that executes checks from the agent 2017-10-25 11:18:07 +02:00
Frank Schroeder a57e5acbf2
agent: fix TestRetryJoin 2017-10-24 20:35:37 +02:00
Frank Schroeder f398fe83b7
agent: fix TestRetryJoinFail 2017-10-24 20:35:37 +02:00
Frank Schroeder 8defdddf31
agent: fix TestRetryJoinWanFail 2017-10-24 20:35:36 +02:00
Frank Schroeder c624c72d5c
config: return error on extra command line arguments (#3397)
The `consul agent` command was ignoring extra command line arguments
which can lead to confusion when the user has for example forgotten to
add a dash in front of an argument or is not using an `=` when setting
boolean flags to `true`. `-bootstrap true` is not the same as
`-bootstrap=true`, for example.

Since all command line flags are known and we don't expect unparsed
arguments we can return an error. However, this may make it slightly
more difficult in the future if we ever wanted to have these kinds of
arguments.

Fixes #3397
2017-10-23 08:07:48 +02:00
James Phillips 60af465b4e
Updates documentation for consul validate.
This makes it clear that you need to pass the full configuration,
and that the command won't work with config fragments.

Closes #3591
2017-10-19 18:59:05 -07:00
Frank Schroeder 3a5ac6f7cc
commands: add shorter helper vars to keep fmt sane 2017-10-18 02:39:10 +02:00
Frank Schroeder 4f6abf1e72
commands: cleanup init 2017-10-18 02:39:10 +02:00
Frank Schroeder 8f58a603ea commands: get HTTP API flags for usage automatically 2017-10-18 00:08:45 +02:00
Frank Schroeder cb8faa3559 commands: drop http server flags from reload command 2017-10-18 00:08:45 +02:00
Frank Schroeder a00f8721fb commands: drop http server flags from leave command 2017-10-18 00:08:45 +02:00
Frank Schroeder c877b3001b commands: drop http server flags from keyring command 2017-10-18 00:08:45 +02:00
Frank Schroeder 6032fe1407 commands: drop http server flags from force-leave command 2017-10-18 00:08:45 +02:00
Frank Schroeder c10885f828 commands: run all tests in parallel (again) 2017-10-18 00:08:45 +02:00
Frank Schroeder efab66e616 commands: cleanup help and synopsis.
* move Help and Synopsis to bottom
* make help and synopsis constants
* make sure help output is formatted
2017-10-18 00:08:45 +02:00
Frank Schroeder a3a805d7b8 commands: do not run cmd tests in parallel
Package level parallelization is sufficient.
2017-10-18 00:08:45 +02:00
Frank Schroeder a1a1a6971d commands: add missing noTabs test 2017-10-18 00:08:45 +02:00
Frank Schroeder a6d912adb4 commands: cleanup test names 2017-10-18 00:08:45 +02:00
Frank Schroeder 0e059248e7 commands: cleanup catalog list services tests 2017-10-18 00:08:45 +02:00
Frank Schroeder 915034da78 commands: cleanup catalog list nodes tests 2017-10-18 00:08:45 +02:00
Frank Schroeder 7d7281ab54 commands: simplify import names 2017-10-18 00:08:45 +02:00
Frank Schroeder 5a34eb1e52 commands: move operator subcommands to subdirs 2017-10-18 00:08:45 +02:00
Frank Schroeder f09f6f2ec2 commands: move kv subcommands to subdirs 2017-10-18 00:08:45 +02:00
Frank Schroeder 0a9478b1f1 commands: move catalog subcommands to subdirs 2017-10-18 00:08:45 +02:00
Frank Schroeder abd7c73627 commands: move snapshot subcommands to subdirs 2017-10-18 00:08:45 +02:00
Frank Schroeder 0fb4ea3a30 commands: simplify commands.go 2017-10-18 00:08:45 +02:00
Frank Schroeder 639bf6d8ec commands: drop base command and utils 2017-10-18 00:08:45 +02:00
Frank Schroeder a0b017d976 commands: move agent command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 127bd3d295 commands: move watch command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 3f7cfca203 add token and addr to http flags 2017-10-18 00:08:45 +02:00
Frank Schroeder 6998d82be5 commands: move snapshot save command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 3a16c93eab commands: move snapshot restore command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 758199813b commands: move version command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 776cffa33d commands: move snapshot inspect command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 8724aece07 commands: move snapshot command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 602e896fb9 commands: move rtt command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 1ba816b0ae commands: move reload command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder eb0640efd0 commands: move operator autopilot set command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 3dd4841b36 commands: move operator autopilot get command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 393bf50e71 commands: move operator autopilot command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder c024fcaaa5 commands: move operator list remove-peer command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 6850c8723f commands: move operator raft list-peers command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 78aa062990 commands: move operator raft command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder fe84af448b commands: move operator command to separate pkg 2017-10-18 00:08:45 +02:00
Preetha Appan 684362b1d0 Move monitor command to its own package 2017-10-18 00:08:45 +02:00
Preetha Appan 28490d6dcb Fix import order 2017-10-18 00:08:45 +02:00
Preetha Appan 4fa3987bdc Move members command to its own package 2017-10-18 00:08:45 +02:00
Preetha Appan 8d2e6f10c7 Move maint command to its own package 2017-10-18 00:08:45 +02:00
Preetha Appan 4b06c971d2 Move lock command to its own package 2017-10-18 00:08:45 +02:00
Preetha Appan e1935590b1 Fix leave and validate commands to build help string in constructor 2017-10-18 00:08:45 +02:00
Preetha Appan 3c4363389e Fix KV CLI subcommands to build help string in constructor 2017-10-18 00:08:45 +02:00
Preetha Appan 75ec8a29a3 Fix Keyring and keygen commands to build help string in constructor 2017-10-18 00:08:45 +02:00
Preetha Appan b8dd539037 Fix join command to build help string in constructor 2017-10-18 00:08:45 +02:00
Preetha Appan 0e1ee70a5e Fix up info and forceleave to build help string in constructor 2017-10-18 00:08:45 +02:00
Preetha Appan 95053297a9 s/initFlags/init/g 2017-10-18 00:08:45 +02:00
Preetha Appan 0cb1c92977 Fix exec and event commands to build help string in constructor 2017-10-18 00:08:45 +02:00
Preetha Appan 3bd4b738c0 Fix up catalog list services to build help string in constructor 2017-10-18 00:08:45 +02:00
Preetha Appan 8761232b2a Fix up list datacenters to build help string in constructor 2017-10-18 00:08:45 +02:00
Preetha Appan 5473dbc5a4 Fix tests by calling initFlags for each test case to reset state. 2017-10-18 00:08:45 +02:00
Preetha Appan 75ecc6a86e Better name for usage string and moving constant definition down 2017-10-18 00:08:45 +02:00
Preetha Appan 7898780106 Construct the help string in constructor using helper function. 2017-10-18 00:08:45 +02:00
Frank Schroeder 9825b6709a commands: move catalog list services to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 33a4e997b4 commands: move catalog list nodes command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder cfd110395b commands: move catalog list datacenters command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder bcf53b98d1 commands: move catalog command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 5d75449419 commands: move leave command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder ffb747a744 commands: move force-leave command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder 41f13de7f5 commands: move keyring command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder b1dac89b95 commands: move kv put command to separate pkg 2017-10-18 00:08:45 +02:00
Frank Schroeder e50c8d8f73 commands: move kv get command to separate pkg 2017-10-18 00:08:45 +02:00