Commit Graph

16395 Commits

Author SHA1 Message Date
Matt Siegel dcdaefcf79 Added ACL requirements for CLI commands 2022-01-10 16:44:56 -05:00
Jasmine W b8fe5038d1 added screenshot of k8s service 2022-01-10 15:57:15 -05:00
Sujata Roy 59e50ac42e
Adding texts in verify_leader metric
- Added description providing example case when the metric can go high
2022-01-10 12:01:27 -08:00
Jasmine W 2e60b0949f Adding UI screenshots to L7 overview 2022-01-10 14:34:00 -05:00
Chip Vaughn 309f1eab4b Updating HTTP API endpoints with CLI equivalent links 2022-01-10 14:21:32 -05:00
Preetha f9328bfdae
Added HCL examples to service discovery page (#11989)
Improved HCL examples in the service discovery docs page
2022-01-10 13:12:42 -06:00
Chris S. Kim 14e1898544
Add LastErrorMessage to /acl/replication docs (#11990) 2022-01-10 13:42:57 -05:00
Karl Cardenas 52a667ca85
added additonal example for failover within DC and unique namespace 2022-01-10 11:41:43 -07:00
mrspanishviking 095ad35891
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-01-10 11:22:53 -07:00
mrspanishviking cc8f9ddea5
Merge pull request #11977 from hashicorp/boxofrad/kv-docs-examples
docs: kv doc improvements
2022-01-10 11:22:09 -07:00
Karl Cardenas 77b6e1824c
removed empty {} 2022-01-10 10:51:00 -07:00
Karl Cardenas 967093f425
added another example for DC and namespace failover 2022-01-10 10:45:54 -07:00
Matt Siegel 9ec94fd268 Added Corresponding HTTP API Endpoints for every CLI command 2022-01-10 12:40:11 -05:00
trujillo-adam 43d013ddcf
Merge pull request #11930 from hashicorp/docs/admin-partition-updates-1.11.0-misc
added line about wildcard intentions not supported for admin partitions
2022-01-10 07:53:58 -08:00
Daniel Upton dd8d8fb6fd Incorporate feedback from @jkirschner-hashicorp and @karl-cardenas-coding 2022-01-10 15:53:41 +00:00
Daniel Upton e69ad56141 docs: clarify transaction usage and limitations in kv api docs 2022-01-10 13:59:43 +00:00
Daniel Upton d9f057aa69 docs: call out `kv export` and the transaction API 2022-01-10 13:51:35 +00:00
Daniel Upton e33402f292 docs: improve kv get examples
- Split examples into sections with headers
- Hide the clipboard on examples as the copied text isn't useful
- Format inline flags as code using backticks
2022-01-10 13:40:24 +00:00
Daniel Upton 77b49965ee docs: call out `kv import` and the transaction API 2022-01-10 12:30:28 +00:00
Daniel Upton c2f81b492b docs: improve read/scanability of kv put examples
- Split examples into sections with headers
- Hide the clipboard on examples as the copied text isn't useful
- Add an example of supplying data in a heredoc
- Move the flags section to the bottom to clearly separate it from CAS
  which also mentions "flags" of a different kind
- Slight re-wording for clarity
2022-01-10 12:15:59 +00:00
Daniel Upton 1800a4d240 docs: fix placement of warning in kv put example 2022-01-10 11:40:25 +00:00
Evan Culver e3f5dc0987
Add missing changelog entries (#11973)
Added missing entries from:
* 1.8.18
* 1.8.19
* 1.9.12
* 1.9.13
* 1.10.5
* 1.10.6
* 1.11.1
2022-01-07 20:23:46 -08:00
trujillo-adam 15220e8d39 applied feedback 2022-01-07 15:43:51 -08:00
trujillo-adam c617a4a970
Update website/content/docs/connect/config-entries/mesh.mdx
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-07 14:20:43 -08:00
John Cowen dfc0f0e40c
ui: Remove KV pre-flight auth check (#11968)
* ui: Don't even ask whether we are authorized for a KV...

...just let the actual API tell us in the response, thin-client style.

* Add some similar commenting for previous PRs related to this problem
2022-01-07 19:26:54 +00:00
John Cowen 514e24ba9f
ui: Ensure service instance data does not get re-written on blocking refresh (#11903)
* Add some less fake API data

* Rename the models class so as to not be confused with JS Proxies

* Rearrange routlets slightly and add some initial outletFor tests

* Move away from a MeshChecks computed property and just use a helper

* Just use ServiceChecks for healthiness filtering for the moment

* Make TProxy cookie configurable

* Amend exposed paths and upstreams so they know about meta AND proxy

* Slight bit of TaggedAddresses refactor while I was checking for `meta` etc

* Document CONSUL_TPROXY_ENABLE
2022-01-07 19:16:21 +00:00
John Cowen 3ab747109b
ui: [BUGFIX] Fixes an issue when editing intentions from the service > intentions sub tab (#11937)
We recently changed the intentions form to take a full model of a dc rather than just the string identifier (so {Name: 'dc', Primary: true} vs just 'dc' in order to know whether the DC is the primary or not.

Unfortunately, we only did this on the global intentions page not the per service intentions page. This makes it impossible to save an intention from the per service intention page (whilst you can still save intentions from the global intention page as normal).

The fix here pretty much copy/pastes the approach taken in the global intention edit template over to the per service intention edit template.

Tests have been added for creation in the per service intention section, which again are pretty much just copied from the global one, unfortunately this didn't exist previously which would have helped prevent this.
2022-01-07 19:09:40 +00:00
John Cowen 86e885fc5b
ui: Upgrade AuthDialog (#11913)
- Move AuthDialog to use a Glimmer Component plus native named blocks/slots.
- Unravel the Auth* contextual components, there wasn't a lot of point having them as contextual components and now the AuthDialog (non-view-specific state machine component) can be used entirely separately from the view-specific components (AuthForm and AuthProfile).
- Move all the ACL related components that are in the main app chrome/navigation (our HashicorpConsul component) in our consul-acls sub package/module (which will eventually be loaded on demand only when ACLs are enabled)
2022-01-07 19:08:25 +00:00
John Cowen a08f2927fd
ui: Fix dark borders on certain visualizations (#11959) 2022-01-07 16:15:22 +00:00
Daniel Nephin 1f670c22f5 ca: remove one call to provider.ActiveRoot
ActiveRoot should not be called from the secondary DC, because there
should not be a requirement to run the same Vault instance in a
secondary DC. SignIntermediate is called in a secondary DC, so it should
not call ActiveRoot

We would also like to change the interface of ActiveRoot so that we can
support using an intermediate cert as the primary CA in Consul. In
preparation for making that change I am reducing the number of calls to
ActiveRoot, so that there are fewer code paths to modify when the
interface changes.

This change required a change to the mockCAServerDelegate we use in
tests. It was returning the RootCert for SignIntermediate, but that is
not an accurate fake of production. In production this would also be a
separate cert.
2022-01-06 16:55:50 -05:00
Daniel Nephin 1f66120c20 ca: remove redundant append of an intermediate cert
Immediately above this line we are already appending the full list of
intermediates. The `provider.ActiveIntermediate` MUST be in this list of
intermediates because it must be available to all the other non-leader
Servers.  If it was not in this list of intermediates then any proxy
that received data from a non-leader would have the wrong certs.

This is being removed now because we are planning on changing the
`Provider.ActiveIntermediate` interface, and removing these extra calls ahead of
time helps make that change easier.
2022-01-06 16:55:50 -05:00
Daniel Nephin b66d259c1a ca: only generate a single private key for the whole test case
Using tracing and cpu profiling I found that the majority of the time in
these test cases is spent generating a private key. We really don't need
separate private keys, so we can generate only one and use it for all
cases.

With this change the test runs much faster.
2022-01-06 16:55:50 -05:00
Daniel Nephin 92a054cfa6 ca: cleanup a test
Fix the name to match the function it is testing

Remove unused code

Fix the signature, instead of returning (error, string) which should be (string, error)
accept a testing.T to emit errors.

Handle the error from encode.
2022-01-06 16:55:49 -05:00
Daniel Nephin 9ec7e07db4 ca: use the new leaf signing lookup func in leader metrics 2022-01-06 16:55:49 -05:00
Blake Covarrubias 048d9b69ba docs: Redirect mesh-gateway page to new location
The mesh gateway docs at /docs/connect/gateways/mesh-gateway were
moved in #11859 to a new location in order to accommodate the addition
of separate instructions for using gateways with admin partitions.

This commit redirects the old mesh gateway page to its new location at
/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.
2022-01-06 13:35:11 -08:00
Chris S. Kim c9735476a7
Fix Windows logging to files (#11960) 2022-01-06 16:07:09 -05:00
Blake Covarrubias b13fb553ac
api: Return 404 when deregistering a non-existent check (#11950)
Update the `/agent/check/deregister/` API endpoint to return a 404
HTTP response code when an attempt is made to de-register a check ID
that does not exist on the agent.

This brings the behavior of /agent/check/deregister/ in line with the
behavior of /agent/service/deregister/ which was changed in #10632 to
similarly return a 404 when de-registering non-existent services.

Fixes #5821
2022-01-06 12:38:37 -08:00
Dhia Ayachi 7e0b8354a5
clone the service under lock to avoid a data race (#11940)
* clone the service under lock to avoid a data race

* add change log

* create a struct and copy the pointer to mutate it to avoid a data race

* fix failing test

* revert added space

* add comments, to clarify the data race.
2022-01-06 14:33:06 -05:00
Dhia Ayachi 09688bdc38
upgrade raft to v1.3.3 (#11958)
* upgrade raft to v1.3.3

* add change log

* reword the changelog

Co-authored-by: FFMMM <FFMMM@users.noreply.github.com>

Co-authored-by: FFMMM <FFMMM@users.noreply.github.com>
2022-01-06 14:09:13 -05:00
trujillo-adam 1769d2594d
Merge pull request #11945 from hashicorp/docs/exported-services-language-issues
tweaks to the language used in the requirements section
2022-01-06 07:26:39 -08:00
mrspanishviking dcda97cdcc
Merge pull request #11952 from hashicorp/david-yu-vault-gossip-indent
docs: Fix indentation for gossipEncryption when using Vault secrets backend
2022-01-06 07:14:29 -07:00
David Yu f1841e36c9
docs: Fix indentation for gossipEncryption when using Vault secrets backend 2022-01-05 21:35:28 -08:00
Daniel Nephin d05264041e
Merge pull request #11918 from hashicorp/dnephin/tob-followup
Fix a few small bugs
2022-01-05 18:50:48 -05:00
Daniel Nephin f91fcb31d2 changelog 2022-01-05 17:51:03 -05:00
Daniel Nephin 4983c27703 snapshot: return the error from replyFn
The only function passed to SnapshotRPC today always returns a nil error, so there's no
way to exercise this bug in practice. This change is being made for correctness so that
it doesn't become a problem in the future, if we ever pass a different function to
SnapshotRPC.
2022-01-05 17:51:03 -05:00
Daniel Nephin fd084c15c3 cli: use file mode 0600 when saving a snapshot
So that other users on the machine can not access the snapshot data.
2022-01-05 17:51:03 -05:00
Daniel Nephin affe97e22d config: correctly capture all errors.
Some calls to multierror.Append were not using the existing b.err, which meant we
were losing all previous errors.
2022-01-05 17:51:03 -05:00
Chris S. Kim f7f5aca058
Fix test for ENT (#11946) 2022-01-05 15:18:08 -05:00
trujillo-adam ea2ae4b637 tweaks to the language used in the requirements section 2022-01-05 12:01:10 -08:00
Chris S. Kim 407b0b8963
Fix test for ENT (#11941) 2022-01-05 12:24:44 -05:00