Commit graph

14960 commits

Author SHA1 Message Date
Daniel Nephin 86244967c5 docs: correct some misleading telemetry docs
The query metrics are actually reported for all read queries, not only
ones that use a MinIndex to block for updates.

Also clarify the raft.apply metric is only on the leader.
2021-06-28 12:20:53 -04:00
Kendall Strautman 1cab0b41bb
chore: upgrade react-head and deps (#10499) 2021-06-28 08:39:14 -07:00
Daniel Nephin 6b5d3b78ef
Merge pull request #10497 from hashicorp/dnephin/tls-cert-exploration-3
tlsutil: unexport and remove methods
2021-06-25 18:24:33 -04:00
R.B. Boyer 30ccd5c2d9
connect: include optional partition prefixes in SPIFFE identifiers (#10507)
NOTE: this does not include any intentions enforcement changes yet
2021-06-25 16:47:47 -05:00
Freddy 6adc615512
Update CONTRIBUTING.md 2021-06-25 14:43:53 -06:00
R.B. Boyer c3d5a2a5ab
connect/ca: cease including the common name field in generated certs (#10424)
As part of this change, we ensure that the SAN extensions are marked as
critical when the subject is empty so that AWS PCA tolerates the loss of
common names well and continues to function as a Connect CA provider.

Parts of this currently hack around a bug in crypto/x509 and can be
removed after https://go-review.googlesource.com/c/go/+/329129 lands in
a Go release.

Note: the AWS PCA tests do not run automatically, but the following
passed locally for me:

    ENABLE_AWS_PCA_TESTS=1 go test ./agent/connect/ca -run TestAWS
2021-06-25 13:00:00 -05:00
hc-github-team-consul-core f0f5d9bfc4 auto-updated agent/uiserver/bindata_assetfs.go from commit ace794d21 2021-06-25 09:47:01 +00:00
John Cowen a210cce332
ui: Enable specifying additional docfy config as json (#10464) 2021-06-25 10:41:41 +01:00
Dhia Ayachi 8b967b3bb6
return an empty record when asked for an addr dns with type other then A, AAAA and ANY (#10401)
* return an invalid record when asked for an addr dns with type other then A and AAAA

* add changelog

* fix ANY use case and add a test for it

* update changelog type

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* return empty response if the question record type do not match for addr

* set comment in the right place

* return A\AAAA record in extra section if record type is not A\AAAA for addr

* Fix failing test

* remove commented code

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* use require for test validation

* use variable to init struct

* fix failing test

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update .changelog/10401.txt

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* Update agent/dns.go

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* fix compilation error

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-06-24 20:44:44 -04:00
Daniel Nephin 4cc444e15f Invert the logic of outgoingRPCTLSDisabled
To remove the double negatives, which should make it easier to read.
2021-06-24 19:25:02 -04:00
Daniel Nephin 77dde1df38 tlsutil: inline verifyIncomingHTTPS
This function was only used in one place, and the indirection makes it slightly
harder to see what the one caller is doing. Since it's only accesing a couple fields
it seems like the logic can exist in the one caller.
2021-06-24 19:25:02 -04:00
Daniel Nephin 7342c7e977 tlsutil: remove indirection and duplication
VerifyIncomingRPC and verifyIncomingRPC were duplicate functions, and
once one is removed, Config.verifyIncomingRPC is only called in one place.

Remove 2 of the 3 functions to make the behaviour easier to follow (less indirection).
2021-06-24 18:43:30 -04:00
Daniel Nephin 9f9ffd990d tlsutil: remove unnecessary getter functions
These functions did nothing but hide the fields they were returning.
2021-06-24 18:43:29 -04:00
Daniel Nephin b30ec82d2d tlsutil: unexport and remove indirection
Unexport outgoingALPNRPCConfig since it is only used internally
Remove the MutualTLSCapable->mutualTLSCapable indirection, we only need the exported method.
Inline enableAgentTLSForChecks to make it more clear what it does, since it only has a single caller and is wrapping a single field lookup.
2021-06-24 18:43:29 -04:00
Ludovic Ortega a1e7556af6
[Fix] Add missing quote (#10484) 2021-06-24 13:59:39 -07:00
R.B. Boyer f408c4d387
sdk: Stop making a special /tmp/consul-test directory for testutil.TempFile and testutil.TempDir (#10494) 2021-06-24 15:46:23 -05:00
lornasong c232a544a4
docs/nia: fix catalog-services typos pt 2 (#10493) 2021-06-24 16:45:46 -04:00
R.B. Boyer e20abcc14f
connect/proxy: fixes logic bug preventing builtin/native proxy from starting upstream listeners (#10486)
Fixes #10480

Also fixed a data race in the `connect/proxy` package that was unearthed by the tests changed for this bugfix.
2021-06-24 15:02:34 -05:00
Kim Ngo 811aa82f15
docs/nia: fix typo (#10492) 2021-06-24 13:51:26 -05:00
Daniel Nephin a620a7eced
Merge pull request #10490 from hashicorp/dnephin/fix-tls-for-health-check
tlsutil: fix ServerName used for health checks that use TLS
2021-06-24 14:27:16 -04:00
Daniel Nephin cefbb5bf3f
Merge pull request #10476 from hashicorp/dnephin/ca-primary-uses-intermediate
ca: replace ca.PrimaryIntermediateProviders
2021-06-24 14:05:19 -04:00
Daniel Nephin 63b43f9964 tlsutils: more test cases for OutgoingTLSConfigForCheck 2021-06-24 13:49:58 -04:00
Daniel Nephin 6de514fbd1 tlsutil: fix default server name for health checks
Don't use the agent node name or agent server name when EnableAgentTLSForChecks=false.
2021-06-24 13:49:58 -04:00
Daniel Nephin e41291a72f
Merge pull request #10488 from hashicorp/dnephin/ci-lib-testing
ci: test api/sdk against last 2 Go versions
2021-06-24 13:09:44 -04:00
Daniel Nephin 2bfdd8ceed tlsutil: convert tests for OutgoingTLSConfigForCheck to a table
In preparation for adding more test cases.
2021-06-24 12:51:40 -04:00
Daniel Nephin 6d57855b38 ci: test api/sdk against last 2 Go versions
So that we catch any incompatibilities with the preivous Go version.
2021-06-24 12:24:12 -04:00
David Yu e0a6946506
docs: Remove beta version references from Helm reference (#10477)
Removing references from the 1.10 beta that were included in Helm Configuration Reference
2021-06-24 09:08:33 -07:00
Daniel Nephin 6dca50ac41
Merge pull request #10473 from knusbaum/ioutil
{api,command/agent}: change io.Discard to ioutil.Discard
2021-06-24 11:59:46 -04:00
Kim Ngo 682dd6cad1
docs/nia: Update CTS compatible versions (#10487) 2021-06-24 10:16:03 -05:00
David Yu 3c1fda212a
docs: Removal of Consul vs ZooKeeper analysis (#10469)
* docs: Removal of Consul vs ZooKeeper

Although Consul does have a KV, we are not positioning Consul as a first class KV store versus other alternatives such as etcd or Zookeeper. Will remove this since this has not been updated with further analysis since this content was created.

* Removing from Zookeeper analysis Navbar
* Removing Zookeeper analysis from redirects
2021-06-24 07:23:57 -07:00
Mike Wickett 722e8398ce
update content param for improved attribution (#10468) 2021-06-24 10:02:26 -04:00
R.B. Boyer 9778bee35a
structs: prohibit config entries from referencing more than one partition at a time (#10478)
affected kinds: service-defaults, ingress-gateway, terminating-gateway, service-intentions
2021-06-23 16:44:10 -05:00
R.B. Boyer 952df8b491
structs: prevent service-defaults upstream configs from using wildcard names or namespaces (#10475) 2021-06-23 15:48:54 -05:00
Peter M dd2bf56b1d
Updating alert for 1.10 announcement (#10474) 2021-06-23 12:48:45 -07:00
Daniel Nephin 72b30174fa ca: replace ca.PrimaryIntermediateProviders
With an optional interface that providers can use to indicate if they
use an intermediate cert in the primary DC.

This removes the need to look up the provider config when renewing the
intermediate.
2021-06-23 15:47:30 -04:00
Zachary Shilton 5563c8cd68
website: bump use-cases to latest (#10472)
* website: bump use-cases to latest

* chore: bump use-cases to stable release
2021-06-23 15:19:59 -04:00
R.B. Boyer b412ca0f89
structs: add some missing config entry validation and clean up tests (#10465)
Affects kinds: service-defaults, ingress-gateway, terminating-gateway
2021-06-23 14:11:23 -05:00
Daniel Nephin f659b4f370
Merge pull request #10440 from hashicorp/dnephin/contib-docs-dns
contrib: add some docs for the DNS interface
2021-06-23 14:55:27 -04:00
trujillo-adam 94255cf0c6
Merge pull request #10467 from hashicorp/docs-upgrading-to-1-10-0-fixes
Docs upgrading to 1 10 0 fixes
2021-06-23 11:04:01 -07:00
Kyle Nusbaum 4ad13c37db command/agent: change io.Discard to ioutil.Discard 2021-06-23 11:45:40 -05:00
Kyle Nusbaum 89ec847f7b api: change io.Discard to ioutil.Discard 2021-06-23 11:45:20 -05:00
Daniel Nephin d25403bb6f contrib: Update DNS table description 2021-06-23 12:30:00 -04:00
trujillo-adam 07c97ddb75 docs: fixed instance of incorrect grammar usage 2021-06-23 08:50:30 -07:00
Dhia Ayachi f87821cb63 merge dns table with current dns page 2021-06-23 09:34:34 -04:00
Dhia Ayachi ab7f959aef add matrix for dns type vs kind 2021-06-23 09:29:04 -04:00
hc-github-team-consul-core a6a8e421d2 auto-updated agent/uiserver/bindata_assetfs.go from commit c78f7ecb2 2021-06-23 08:24:11 +00:00
John Cowen 26be113b5d
ui: Colocate remaining CSS components to the app/components folder (#10328) 2021-06-23 09:19:35 +01:00
David Yu 2b4942b7f5
docs - Adding Mesh as CRD in Consul K8s (#10459)
* docs - Adding Mesh as CRD in Consul K8s
* Removing extra left brace in ServiceDefaults
2021-06-22 19:18:13 -07:00
Luke Kysow 3ad64aeb7d
Update config entry docs for CRDs (#10407)
* Update mesh, proxy-defaults and service-defaults docs to properly
document Kubernetes YAML.

Co-authored-by: David Yu <dyu@hashicorp.com>
2021-06-22 16:56:53 -07:00
Ashwin Venkatesh 33921549ae
update docs (#10405)
Consul 1.10 GA for Consul K8s
2021-06-22 16:41:53 -07:00