Commit Graph

13002 Commits

Author SHA1 Message Date
Chris Piraino 9d92c42c90
Append port number to ingress host domain (#8190)
A port can be sent in the Host header as defined in the HTTP RFC, so we
take any hosts that we want to match traffic to and also add another
host with the listener port added.

Also fix an issue with envoy integration tests not running the
case-ingress-gateway-tls test.
2020-07-07 10:43:04 -05:00
Jeff Escalante 3ef57a8ead learn -> tutorials in subnav 2020-07-06 18:44:30 -04:00
Seth Hoenig 4771f8df83
docs: fix link to connect authorize endpoint (#8248)
/docs/connect/intentions has a broken link presumably meant
to go to /api-docs/agent/connect#authorize

This PR fixes the link.
2020-07-06 16:16:09 -05:00
Blake Covarrubias a955632712 Update URLs for gateway docs
PRs #7610 and #7962 changed the locations/URLs for the gateway docs
which results in a HTTP 404 Not Found being returned when accessing
the previous URLs.

Update URLs for gateway docs to point to new URLs.

PR #8243 adds corresponding redirects on consul.io.
2020-07-06 11:34:22 -07:00
Kevin Pruett 959e9427df Append redirects 2020-07-06 09:39:37 -07:00
Kevin Pruett f7a56daecd
Merge pull request #8242 from hashicorp/pruett.ci-fixup
Update Algolia CI script
2020-07-06 11:22:54 -04:00
Kevin Pruett 4fa0efed59
Update Algolia CI script 2020-07-06 10:09:48 -04:00
Daniel Nephin 8b6036c077 Remove ACLsEnabled from delegate interface
In all cases (oss/ent, client/server) this method was returning a value from config. Since the
value is consistent, it doesn't need to be part of the delegate interface.
2020-07-03 17:00:20 -04:00
Daniel Nephin 24c6bcfbe8
Merge pull request #8215 from hashicorp/dnephin/support-not-modified-response-server
agent/consul: Add support for NotModified to two endpoints
2020-07-03 16:15:31 -04:00
Pierre Souchay f77182aa51
Upgrade go-connlimit to v0.3.0 / return http 429 on too many connections (#8221)
Fixes #7527

I want to highlight this and explain what I think the implications are and make sure we are aware:

* `HTTPConnStateFunc` closes the connection when it is beyond the limit. `Close` does not block.
* `HTTPConnStateFuncWithDefault429Handler(10 * time.Millisecond)` blocks until the following is done (worst case):
  1) `conn.SetDeadline(10*time.Millisecond)` so that
  2) `conn.Write(429error)` is guaranteed to timeout after 10ms, so that the http 429 can be written and 
  3) `conn.Close` can happen

The implication of this change is that accepting any new connection is worst case delayed by 10ms. But only after a client reached the limit already.
2020-07-03 09:25:07 +02:00
Daniel Nephin 8a8644edd5 agent/http: un-embed the HTTPServer
The embedded HTTPServer struct is not used by the large HTTPServer
struct. It is used by tests and the agent. This change is a small first
step in the process of removing that field.

The eventual goal is to reduce the scope of HTTPServer making it easier
to test, and split into separate packages.
2020-07-02 17:21:12 -04:00
Daniel Nephin dfa8856e5f agent/consul: Add support for NotModified to two endpoints
A query made with AllowNotModifiedResponse and a MinIndex, where the
result has the same Index as MinIndex, will return an empty response
with QueryMeta.NotModified set to true.

Co-authored-by: Pierre Souchay <pierresouchay@users.noreply.github.com>
2020-07-02 17:05:46 -04:00
Jono Sosulska 41ba3fca9c
Fix typos on commandline flags, updated config opts (#8227)
* Fix typos on commandline flags, updated config opts

- Added anchors to https://github.com/hashicorp/consul/pull/8223
- Fix Typos

Updated to include config file options as well as CLI.
2020-07-02 16:13:11 -04:00
Jeff Escalante eecfb2717a remove unneeded mdx provider option 2020-07-02 14:22:29 -04:00
Jeff Escalante 08a76913f8 drop out unused font 2020-07-02 14:22:29 -04:00
Jeff Escalante fc303e318e generate readme 2020-07-02 14:22:29 -04:00
Jeff Escalante 06dc0a38ca update dependencies, fapply upgrades, fix breaking changes 2020-07-02 14:22:29 -04:00
Blake Covarrubias ec35a78ffc
docs: Fix formatting issues on built-in proxy page (#8005)
Fix markdown formatting and display issues on built-in proxy page.
2020-07-02 12:39:50 -04:00
Rémi Lapeyre 1134e2aafc
Fix typo in configuration documentation (#7997) 2020-07-02 12:39:23 -04:00
Matt Keeler 2dc8211a88
Update CHANGELOG.md 2020-07-02 09:57:23 -04:00
Matt Keeler 87764e5bfb
Merge pull request #8211 from hashicorp/bugfix/auto-encrypt-various 2020-07-02 09:49:49 -04:00
Hans Hasselberg 52f64b8e6f
Update CHANGELOG.md 2020-07-02 13:41:25 +02:00
kaitlincarter-hc 5de6302051
update landing page links to learn to specific guides (#8214) 2020-07-01 14:58:46 -05:00
Kenia b0ecfc4109
ui: Redesign - Node service instances tab (#8204)
* Upgrade consul-api-dobule to version 3.1.3

* Create ConsulInstaceChecks component with test

* Redesign: Service Instaces tab in for a Node

* Update Node tests to work with the ConsulServiceInstancesList

* Style fix to the copy button in the composite-row details

* Delete helper and move logic to ConsulInstanceChecks component

* Delete unused component consul-node-service-list
2020-07-01 10:27:29 -04:00
Matt Keeler a4fe092e7a
Update CHANGELOG.md 2020-07-01 09:15:26 -04:00
Matt Keeler 6b5cad3494
Merge pull request #8218 from yurkeen/fix-dns-rcode 2020-07-01 09:12:59 -04:00
André ea11156c45
Update lock.mdx (#8217)
Remove duplicated `-timeout` value.
2020-07-01 14:59:07 +02:00
Hans Hasselberg 9a38e4f766
Update gopsutil (#8208)
https://github.com/shirou/gopsutil/pull/895 is merged and fixes our
problem. Time to update. Since there is no new version just yet,
updating to the sha.
2020-07-01 14:47:56 +02:00
John Cowen 91a8c13aa0
ui: Ensure routing tab is shown when connect enabled (#8209)
In https://github.com/hashicorp/consul/pull/8065 we attempted to reduce
the amount of times that the UI requests the discovery chain endpoint
when connect is disabled on a datacenter.

Currently we can only tell if connect is disabled on a datacenter by
detecting a 500 error from a connect related endpoint.

In the above PR we mistakenly returned from a catch instead of
rethrowing the error, which meant that when a none 500 error was caught
the discovery chain data would be removed. Whilst at first glance this
doens't seem like a big problem due to the endpoint erroring, but we
also receive a 0 error when we abort endpoints during blocking queries.
This means that in certain cases we can remove cached data for the
discovery chain and then delay reloading it via a blocking query.

This PR replaces the return with a throw, which means that everything is
dealt with correctly via the blocking query error detection/logic.
2020-07-01 10:21:15 +01:00
Yury Evtikhov dbf3c05fa5 DNS: add IsErrQueryNotFound function for easier error evaluation 2020-07-01 03:41:44 +01:00
Yury Evtikhov c594dfa1e6 DNS: fix agent returning SERVFAIL where NXDOMAIN should be returned 2020-07-01 01:51:21 +01:00
Yury Evtikhov 4e5ce6d4a7 DNS: add test to verify NXDOMAIN is returned when a non-existent domain is queried over RPC 2020-07-01 01:51:16 +01:00
Matt Keeler fa6a2b38d9
Add an AutoEncrypt “integration” test
Also fix a bug where Consul could segfault if TLS was enabled but no client certificate was provided. How no one has reported this as a problem I am not sure.
2020-06-30 15:23:29 -04:00
Matt Keeler a97f9ff386
Overwrite agent leaf cert trust domain on the servers 2020-06-30 09:59:08 -04:00
Matt Keeler 5600069d69
Store the Connect CA rate limiter on the server
This fixes a bug where auto_encrypt was operating without utilizing a common rate limiter.
2020-06-30 09:59:07 -04:00
Matt Keeler e9e88e4527
Initialize the agent leaf cert cache result with a state to prevent unnecessary second certificate signing 2020-06-30 09:59:07 -04:00
Matt Keeler fa42d9b34f
Fix auto_encrypt IP/DNS SANs
The initial auto encrypt CSR wasn’t containing the user supplied IP and DNS SANs. This fixes that. Also We were configuring a default :: IP SAN. This should be ::1 instead and was fixed.
2020-06-30 09:59:07 -04:00
Davor Kapsa 4cd30f06b7
clean cli.Run error message (#8191) 2020-06-30 13:12:29 +02:00
Fatih Sarhan eafb9ffd3c docs: Fix typo on openstack cloud-auto-join 2020-06-29 13:56:01 -07:00
Chris Piraino 8171293db8
cli: Output message on success when writing/deleting entries (#7806)
This provides a user with a better experience, knowing that the command
worked appropriately. The output of the write/delete CLI commands are
not going to be used in a bash script, in fact previously a success
provided no ouput, so we do not have to worry about spurious text being
injected into bash pipelines.
2020-06-29 15:47:40 -05:00
Kevin Pruett 93979aaec1
Merge pull request #8202 from hashicorp/pruett.algolia-index-ci
Add Algolia indexing to CI
2020-06-29 15:04:50 -04:00
Kevin Pruett 333e0d3e5d
Add Algolia indexing to CI 2020-06-29 12:14:43 -04:00
John Cowen 3dfb0d3b4d
ui: Don't hide TTL check output (#8187)
We'd assumed that TTL check outputs shouldn't be shown as it seemed like
they never had outputs, but they can be submitted with notes, which are
then converted into the output.

This unhides the output for TTLs and treats them exactly the same as
other healthchecks.
2020-06-29 15:29:20 +01:00
Seth Hoenig c2a1322894
api/agent: enable setting SuccessBeforePassing and FailuresBeforeCritical in API (#7949)
Fixes #7764

Until now these two fields could only be set through on-disk agent configuration.
This change adds the fields to the agent API struct definition so that they can
be set using the agent HTTP API.
2020-06-29 14:52:35 +02:00
Matt Keeler 3d9ca75e34
Merge pull request #8193 from hashicorp/feature/auto-config/suppress-config-warnings 2020-06-27 10:06:52 -04:00
R.B. Boyer c268725e65 update changelog 2020-06-26 17:00:17 -05:00
R.B. Boyer 72a515f5ec
connect: various changes to make namespaces for intentions work more like for other subsystems (#8194)
Highlights:

- add new endpoint to query for intentions by exact match

- using this endpoint from the CLI instead of the dump+filter approach

- enforcing that OSS can only read/write intentions with a SourceNS or
  DestinationNS field of "default".

- preexisting OSS intentions with now-invalid namespace fields will
  delete those intentions on initial election or for wildcard namespaces
  an attempt will be made to downgrade them to "default" unless one
  exists.

- also allow the '-namespace' CLI arg on all of the intention subcommands

- update lots of docs
2020-06-26 16:59:15 -05:00
Matt Keeler a1275c6e7d
Use the DNS and IP SANs from the auto config stanza when set 2020-06-26 16:01:30 -04:00
Matt Keeler 1fcb9ef03f
Overhaul the auto-config translation
This fixes some issues around spurious warnings about using enterprise configuration in OSS.
2020-06-26 15:25:21 -04:00
Freddy 6ef032fefe
Split up unused key validation for oss/ent (#8189)
Split up unused key validation in config entry decode for oss/ent.

This is needed so that we can return an informative error in OSS if namespaces are provided.
2020-06-25 13:58:29 -06:00