R.B. Boyer
c2d167d06e
agent: protect the ui metrics proxy endpoint behind ACLs ( #9099 )
...
This ensures the metrics proxy endpoint is ACL protected behind a
wildcard `service:read` and `node:read` set of rules. For Consul
Enterprise these will need to span all namespaces:
```
service_prefix "" { policy = "read" }
node_prefix "" { policy = "read" }
namespace_prefix "" {
service_prefix "" { policy = "read" }
node_prefix "" { policy = "read" }
}
```
This PR contains just the backend changes. The frontend changes to
actually pass the consul token header to the proxy through the JS plugin
will come in another PR.
2020-11-04 12:50:03 -06:00
Joel Watson
fd5b94443e
This ended up not being used.
2020-11-04 10:30:38 -06:00
Joel Watson
ed91bf8a62
Add snapshot inspect filter param
2020-11-04 10:11:20 -06:00
hashicorp-ci
6645dfcbb1
auto-updated agent/uiserver/bindata_assetfs.go from commit 0f6c0a5c1
2020-11-04 09:37:51 +00:00
John Cowen
2cb057ac91
ui: Metrics - Provide a fetch-like http client that automatically adds the current ACL token ( #9094 )
...
* Remove local httpGet and shim one in from options
* Add custom httpGet to pass through to provider
* Make a fetch wrapper that adds your token
* Pass the fetch like fetchWithToken wrapper through to the provider
* Fix up httpGet to encode query params again and use fetch-like
2020-11-04 09:33:37 +00:00
Joel Watson
bc1a55cd09
Initial stab at snapshot inspect key breakdown
2020-11-03 18:00:44 -06:00
hashicorp-ci
ebe0ffce30
auto-updated agent/uiserver/bindata_assetfs.go from commit d5d4155e1
2020-11-03 14:14:58 +00:00
John Cowen
17333e90ce
ui: Storybook Install ( #9049 )
...
* ui: Install storybook into the main project
* Add a basic story for a notice
* Remove empty dependencies
2020-11-03 14:09:39 +00:00
Sean Ellefson
7180f9e114
Correcting text on when default was changed in Consul
2020-11-02 15:10:34 -08:00
Kit Patella
7f362b2d09
add definitions for key metrics. This will not build until we have the definitions patch to go-metrics
2020-11-02 15:01:00 -08:00
R.B. Boyer
5c6d322872
use the docker proxy for more envoy integration test containers ( #9085 )
2020-11-02 14:52:33 -06:00
R.B. Boyer
b8a623d3d2
wait_for_namespace should take two args ( #9086 )
2020-11-02 14:31:19 -06:00
hashicorp-ci
0d8a30d8e3
auto-updated agent/uiserver/bindata_assetfs.go from commit 56c2ff56e
2020-11-02 18:43:31 +00:00
Kenia
10aa848005
ui: Update to not return metrics for ingress gateways ( #9081 )
2020-11-02 13:38:43 -05:00
Alvin Huang
102aefdb49
use hashicorp docker mirror in envoy helper ( #9080 )
2020-11-02 11:37:03 -06:00
R.B. Boyer
cf5e9872ce
fix envoy integ test wait_for_namespace to actually work on CI ( #9082 )
2020-11-02 11:14:48 -06:00
hashicorp-ci
0fa484ae8f
auto-updated agent/uiserver/bindata_assetfs.go from commit bf32a1799
2020-11-02 16:11:45 +00:00
John Cowen
bc4d1f9b65
ui: Remove string casting when passing index/checked for dropmenus ( #9077 )
...
* ui: Remove string casting when passing index/checked
* Check for e.target
2020-11-02 16:07:08 +00:00
hashicorp-ci
052303f0fa
auto-updated agent/uiserver/bindata_assetfs.go from commit 314eeda95
2020-11-02 14:40:27 +00:00
John Cowen
a4f6313aa5
ui: Use eslint vs ember-cli-lint, sass vs dart-sass ( #9078 )
...
These two dependency changes means that @hashicorp/pds-ember can be
installed and used without any build/dependency issues
2020-11-02 14:35:10 +00:00
Alvin Huang
d6652b0bc9
use hashicorp docker mirror to prevent rate limit ( #9070 )
2020-10-30 17:59:13 -04:00
R.B. Boyer
c8c87ec317
agent: introduce path allow list for requests going through the metrics proxy ( #9059 )
...
Added a new option `ui_config.metrics_proxy.path_allowlist`. This defaults to `["/api/v1/query", "/api/v1/query_range"]` when the metrics provider is set to `prometheus`.
Requests that do not use one of the allow-listed paths (via exact match) get a 403 Forbidden response instead.
2020-10-30 16:49:54 -05:00
Daniel Nephin
8a017c4f43
structs: add a namespace test for CheckServiceNode.CanRead
2020-10-30 15:07:04 -04:00
Daniel Nephin
78260952b0
cache-type: use namespace in tests
...
to verify that the namespace is passed through correctly to the server.
2020-10-30 15:07:04 -04:00
Daniel Nephin
f6b629852f
state: test EventPayloadCheckServiceNode.FilterByKey
...
Also fix a bug in that function when only one of key or namespace were the empty string.
2020-10-30 14:35:57 -04:00
Daniel Nephin
60df44df4f
stream: Add tests for filterByKey with namespace
...
And fix a bug where a request with a Namespace but no Key would not be properly filtered
2020-10-30 14:35:42 -04:00
Daniel Nephin
318dfbe6e4
stream: Move FilterByKey events to a table
...
In preparation for adding new tests.
2020-10-30 14:35:28 -04:00
Daniel Nephin
e023626986
proto: convert enterprise meta
2020-10-30 14:34:36 -04:00
Daniel Nephin
2d0030da39
state: use enterprise meta for creating events
2020-10-30 14:34:04 -04:00
Daniel Nephin
b57c7afcbb
stream: include the namespace in the snap cache key
...
Otherwise the wrong snapshot could be returned when the same key is used in different namespaces
2020-10-30 14:34:04 -04:00
Daniel Nephin
8da30fcb9a
subscribe: set the request namespace
2020-10-30 14:34:04 -04:00
hashicorp-ci
e69d2c99cf
auto-updated agent/uiserver/bindata_assetfs.go from commit cf2cfbaf2
2020-10-30 15:27:01 +00:00
R.B. Boyer
e0459f4405
ui: make metrics work again ( #9072 )
...
Fixes regression from #9040
2020-10-30 10:21:57 -05:00
R.B. Boyer
67a0d0c426
state: ensure we unblock intentions queries upon the upgrade to config entries ( #9062 )
...
1. do a state store query to list intentions as the agent would do over in `agent/proxycfg` backing `agent/xds`
2. upgrade the database and do a fresh `service-intentions` config entry write
3. the blocking query inside of the agent cache in (1) doesn't notice (2)
2020-10-29 15:28:31 -05:00
Daniel Nephin
919a40cc57
Merge pull request #9068 from hashicorp/restore-test-signature
...
restore prior signature of test helper so enterprise compiles
2020-10-29 15:22:30 -04:00
R.B. Boyer
78014653b3
restore prior signature of test helper so enterprise compiles
2020-10-29 13:52:15 -05:00
hashicorp-ci
e970f9699f
auto-updated agent/uiserver/bindata_assetfs.go from commit 1d6961248
2020-10-29 18:33:41 +00:00
Mike Morris
c4321797da
ui: Update node_modules deps path in GNUMakefile ( #9066 )
...
Updates `node_modules` path/makefile target to fix top-level `make ui` command.
2020-10-29 13:28:55 -05:00
Michael Montgomery
1c0a46849a
Resolves #6074 . Adds new option to configure HTTP Server's MaxHeaderBytes with option `-http-max-header-bytes`
...
Adds tests for behavior
2020-10-29 12:38:19 -05:00
Daniel Nephin
bcb67d9861
Merge pull request #9025 from hashicorp/dnephin/streaming-options
...
streaming: Use a no-op event publisher if streaming is disabled
2020-10-29 13:36:51 -04:00
s-christoff
ee3eb03f50
cli: Add JSON and Pretty Print formatting for `consul snapshot inspect` ( #9006 )
2020-10-29 11:31:14 -05:00
Kim Ngo
1b0efbfd27
docs: Add links in CTS docs for the community to get involved ( #9060 )
2020-10-29 10:07:20 -05:00
Daniel Nephin
61ce0964a4
stream: remove Event.Key
...
Makes Payload a type with FilterByKey so that Payloads can implement
filtering by key. With this approach we don't need to expose a Namespace
field on Event, and we don't need to invest micro formats or require a
bunch of code to be aware of exactly how the key field is encoded.
2020-10-28 16:48:04 -04:00
Daniel Nephin
8ef4c0fcc5
state: use go-cmp for comparison
...
The output of the previous assertions made it impossible to debug the tests without code changes.
With go-cmp comparing the entire slice we can see the full diffs making it easier to debug failures.
2020-10-28 16:33:00 -04:00
Daniel Nephin
c106d94742
proto: remove Event.Key field
...
The field is never used, and the value is available from the payload.
2020-10-28 16:33:00 -04:00
Daniel Nephin
ab43236f86
proto: remove Event.Namespace field
...
All events are part of a single Topic, so we don't need this field.
2020-10-28 16:33:00 -04:00
Daniel Nephin
dbdc21c499
proto: Add SubscribeRequest.Namespace
...
For subscribing to service events in a namespace
2020-10-28 16:32:59 -04:00
Daniel Nephin
44da869ed4
stream: Use a no-op event publisher if streaming is disabled
2020-10-28 13:54:19 -04:00
Daniel Nephin
dc17896fed
Merge pull request #9058 from hashicorp/dnephin/fix-broken-github-workflow
...
Remove the workflow file
2020-10-28 13:11:36 -04:00
Daniel Nephin
fe8d85f40b
Remove the workflow file
...
The comment out file causes github to send us error emails on every commit
2020-10-28 13:09:29 -04:00