Freddy
e4e306210a
Require operator:write to get Connect CA config ( #9240 )
...
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.
--
This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 10:14:48 -07:00
hashicorp-ci
293ba9e0b5
auto-updated agent/uiserver/bindata_assetfs.go from commit 687ce1f9c
2020-11-19 16:13:04 +00:00
John Cowen
0ba658b74d
ui: Alter background color of filter bars ( #9238 )
2020-11-19 16:07:58 +00:00
John Cowen
b15049aabf
ui: Surface 'detail' of API errors in the error page ( #9237 )
...
* ui: Surface 'detail' of API errors in the error page
* Make UI generated 404s look less bare
2020-11-19 16:07:23 +00:00
John Cowen
6413f71bb5
ui: ACL Tokens > Roles and Policy search and sort ( #9236 )
...
* ui: Ensure search is enabled for child items in the ACLs area
* Refactor comparators to reuse some utility functions
* Add search and sorting to the ACLs child selector
* Add tests for searching within child selectors
* Allow sorting by CreateIndex
2020-11-19 16:06:39 +00:00
John Cowen
2f0ce62228
ui: Sort lists with health by unhealthy/healthy by default ( #9234 )
...
* ui: Update lists with Health to sort by unhealthy/healthy by default
* Fix up tests for new sorting
* Make specific services page-navigation test
2020-11-19 16:05:46 +00:00
John Cowen
1332c312b3
ui: All metrics cards should default to the default nspace if not set ( #9223 )
...
* ui: All metrics cards should default to the default nspace if not set
* Use the up/downstream as the data/nspace for up/downstreams not the service
2020-11-19 16:03:26 +00:00
John Cowen
4eb64e0dea
ui: Remove ghost healthcheck from the service instance healthcheck list ( #9220 )
...
* ui: Fixup service instance healthcheck list not to show ghost check
If the proxy is undefined, then an undefined vaule is appended to the
list of checks
* There are only 6 checks in the mocks so only expect 6
2020-11-19 15:59:27 +00:00
Kit Patella
c5af73c4f1
Merge pull request #9091 from scellef/correct-upgrade-guide
...
Correcting text on when default was changed in Consul
2020-11-18 16:54:48 -08:00
Nitya Dhanushkodi
866628b6e8
Add docs for envoyExtraArgs ( #9206 )
2020-11-18 15:40:39 -08:00
Daniel Nephin
35c5f83ea3
Merge pull request #9224 from hashicorp/dnephin/fix-multiple-http-listeners
...
agent: fix bug with multiple listeners
2020-11-18 16:52:29 -05:00
Daniel Nephin
8647483605
Use freeport
...
To prevent other tests which already use freeport from flaking when port 0 steals their reserved port.
2020-11-18 16:07:34 -05:00
hashicorp-ci
75a1727b31
auto-updated agent/uiserver/bindata_assetfs.go from commit 591a96d5b
2020-11-18 19:07:25 +00:00
Kenia
1b4c8a5515
ui: Fix empty state conditional for Series Graph ( #9221 )
2020-11-18 14:02:13 -05:00
Kenia
a36c09a95a
ui: Fix mutated nspace argument ( #9222 )
2020-11-18 14:01:35 -05:00
hashicorp-ci
fc07c63974
auto-updated agent/uiserver/bindata_assetfs.go from commit 1edef424a
2020-11-18 19:00:19 +00:00
John Cowen
bc5bc038d1
ui: Refactor tomography graph component to glimmer and remove deprecation ( #9219 )
...
* ui: Refactor tomograph graph component to glimmer and remove deprecation
* Avoid ember-data deprecation error
2020-11-18 18:55:59 +00:00
John Cowen
3b093f7b7c
ui: Remove ember-computed-style to avoid deprecation error ( #9218 )
2020-11-18 18:55:30 +00:00
Daniel Nephin
fed2a61dfc
agent: fix bug with multiple listeners
...
Previously the listener was being passed to a closure in a loop without
capturing the loop variable. The result is only the last listener is
used, so the http/https servers only listen on one address.
This problem is fixed by capturing the variable by passing it into a
function.
2020-11-18 13:03:29 -05:00
hashicorp-ci
393d83dfa3
auto-updated agent/uiserver/bindata_assetfs.go from commit 664f1d9aa
2020-11-18 11:17:06 +00:00
John Cowen
077520c247
ui: Change title helper to page-title ( #9211 )
2020-11-18 11:11:30 +00:00
John Cowen
916d525ce8
ui: Add triple curlies and reformat style attribute ( #9210 )
2020-11-18 11:11:02 +00:00
Kyle Havlovitz
c8d4a40a87
connect: update some function comments in CA manager
2020-11-17 16:00:19 -08:00
Daniel Nephin
b9306d8827
acl: remove a test-only method
2020-11-17 18:16:34 -05:00
Daniel Nephin
9e7c8dd19d
Remove two unused delegate methods
2020-11-17 18:16:26 -05:00
Kit Patella
5e4b112961
add the latest export-for-public revision of the consul-server-monitoring grafana dash
2020-11-17 15:03:50 -08:00
Daniel Nephin
d9af48afce
Merge pull request #9160 from hashicorp/dnephin/go-test-race-in-to-out-list
...
ci: change go-test-race package list to exclude list
2020-11-17 13:13:38 -05:00
Daniel Nephin
0f9b80dfa6
acl: remove t.Parallel
...
These tests run faster without it, and it was causing races in
enterprise tests.
2020-11-17 12:37:02 -05:00
Matt Keeler
4bca029be9
Refactor to call non-voting servers read replicas ( #9191 )
...
Co-authored-by: Kit Patella <kit@jepsen.io>
2020-11-17 10:53:57 -05:00
Kenia
aa4b4c6cfa
ui: Changelog changes ( #9209 )
2020-11-17 10:35:56 -05:00
Matt Keeler
a7d945e7b9
[docs] Change links to the DNS information to the right place ( #8675 )
...
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 10:03:00 -05:00
Kit Patella
4dfcdbab26
Merge pull request #9198 from hashicorp/mkcp/telemetry/add-all-metric-definitions
...
Add metric definitions for all metrics known at Consul start
2020-11-16 15:54:50 -08:00
Kit Patella
615a145e54
changelog component should mention agent not just server
2020-11-16 15:54:24 -08:00
Kit Patella
7c3013a60f
add note about deleting TelemetryConfig.MergeDefaults in the future
2020-11-16 15:53:52 -08:00
hashicorp-ci
95fa102195
auto-updated agent/uiserver/bindata_assetfs.go from commit fe728855e
2020-11-16 23:41:31 +00:00
Freddy
2763833d32
Add DC and NS support for Envoy metrics ( #9207 )
...
This PR updates the tags that we generate for Envoy stats.
Several of these come with breaking changes, since we can't keep two stats prefixes for a filter.
2020-11-16 16:37:19 -07:00
Kit Patella
caba383427
add changelog entry
2020-11-16 15:32:18 -08:00
Kit Patella
36aaf86647
Merge branch 'mkcp/telemetry/add-all-metric-definitions' of ssh://github.com/hashicorp/consul into mkcp/telemetry/add-all-metric-definitions
2020-11-16 15:26:12 -08:00
Kit Patella
4c30ebbb73
fix some tests that were broken from the TelemetryConfig change
2020-11-16 15:22:36 -08:00
Kit Patella
7ec3ad5b73
linting: sort and group import
2020-11-16 14:17:24 -08:00
Kit Patella
1f0b26c9d3
update runtime_test to handle PrometheusOpts expiry field change
2020-11-16 14:16:12 -08:00
Matt Keeler
197a37a860
Prevent panic if autopilot health is requested prior to leader establishment finishing. ( #9204 )
2020-11-16 17:08:17 -05:00
Kit Patella
64c82130b9
prometheussink has the same number of params again
2020-11-16 14:01:40 -08:00
Kit Patella
6290be054a
use the MetricsPrefix to set the service name and provide as slice literal to avoid bugs from append modifying its first arg
2020-11-16 14:01:12 -08:00
Matt Keeler
c01e0756d8
Add changelog entry for namespace licensing fix ( #9203 )
2020-11-16 15:45:55 -05:00
Kit Patella
464d13d80b
push prometheus sink definiitons into prometheus.PrometheusOpts
2020-11-16 12:44:47 -08:00
Daniel Nephin
de88ceed1c
Merge pull request #9114 from hashicorp/dnephin/filtering-in-stream
...
stream: improve naming of Payload methods
2020-11-16 14:20:07 -05:00
Kit Patella
0b18f5612e
trim help strings to save a few bytes
2020-11-16 11:02:11 -08:00
Kit Patella
374748dafc
merge master
2020-11-16 10:46:53 -08:00
hashicorp-ci
42641671b3
auto-updated agent/uiserver/bindata_assetfs.go from commit 959974e96
2020-11-16 15:27:40 +00:00