Paul Banks
3484d77b18
Fix enterprise discovery chain tests; Fix multi-level split merging
2021-09-10 21:11:00 +01:00
Paul Banks
e0ad412f1d
Remove unnecessary check
2021-09-10 21:09:24 +01:00
Paul Banks
bc1c86df96
Integration tests for all new header manip features
2021-09-10 21:09:24 +01:00
Paul Banks
1dd1683ed9
Header manip for split legs plumbing
2021-09-10 21:09:24 +01:00
Paul Banks
fc2ed4cdf4
Ingress gateway header manip plumbing
2021-09-10 21:09:24 +01:00
Paul Banks
2db02cdba2
Add HTTP header manip for router and splitter entries
2021-09-10 21:09:24 +01:00
Paul Banks
7ac9b46f08
Header manip and validation added for ingress-gateway entries
2021-09-10 21:09:24 +01:00
Chris S. Kim
3fb797382b
Sync enterprise changes to oss ( #10994 )
...
This commit updates OSS with files for enterprise-specific admin partitions feature work
2021-09-08 11:59:30 -04:00
Kyle Havlovitz
a7b5a5d1b4
Merge pull request #10984 from hashicorp/mesh-resource
...
acl: adding a new mesh resource
2021-09-07 15:06:20 -07:00
Dhia Ayachi
96d7842118
partition dicovery chains ( #10983 )
...
* partition dicovery chains
* fix default partition for OSS
2021-09-07 16:29:32 -04:00
R.B. Boyer
4206f585f0
acl: adding a new mesh resource
2021-09-03 09:12:03 -04:00
Dhia Ayachi
eb19271fd7
add partition to SNI when partition is non default ( #10917 )
2021-09-01 10:35:39 -04:00
Chris S. Kim
efbdf7e117
api: expose upstream routing configurations in topology view ( #10811 )
...
Some users are defining routing configurations that do not have associated services. This commit surfaces these configs in the topology visualization. Also fixes a minor internal bug with non-transparent proxy upstream/downstream references.
2021-08-25 15:20:32 -04:00
R.B. Boyer
6b5a58de50
acl: some acl authz refactors for nodes ( #10909 )
2021-08-25 13:43:11 -05:00
freddygv
1f192eb7d9
Fixup proxy config test fixtures
...
- The TestNodeService helper created services with the fixed name "web",
and now that name is overridable.
- The discovery chain snapshot didn't have prepared query endpoints so
the endpoints tests were missing data for prepared queries
2021-08-20 17:38:57 -06:00
Dhia Ayachi
f766b6dff7
oss portion of ent #1069 ( #10883 )
2021-08-20 12:57:45 -04:00
R.B. Boyer
61f1c01b83
agent: ensure that most agent behavior correctly respects partition configuration ( #10880 )
2021-08-19 15:09:42 -05:00
R.B. Boyer
e50e13d2ab
state: partition nodes and coordinates in the state store ( #10859 )
...
Additionally:
- partitioned the catalog indexes appropriately for partitioning
- removed a stray reference to a non-existent index named "node.checks"
2021-08-17 13:29:39 -05:00
Daniel Nephin
608b291565
acl: use authz consistently as the variable name for an acl.Authorizer
...
Follow up to https://github.com/hashicorp/consul/pull/10737#discussion_r682147950
Renames all variables for acl.Authorizer to use `authz`. Previously some
places used `rule` which I believe was an old name carried over from the
legacy ACL system.
A couple places also used authorizer.
This commit also removes another couple of authorizer nil checks that
are no longer necessary.
2021-08-17 12:14:10 -04:00
Kyle Havlovitz
98969c018a
oss: Rename default partition
2021-08-12 14:31:37 -07:00
Daniel Nephin
87fb26fd65
Merge pull request #10612 from bigmikes/acl-replication-fix
...
acl: acl replication routine to report the last error message
2021-08-06 18:29:51 -04:00
Daniel Nephin
f6d5a85561
acl: move check for Intention.DestinationName into Authorizer
...
Follow up to https://github.com/hashicorp/consul/pull/10737#discussion_r680134445
Move the check for the Intention.DestinationName into the Authorizer to remove the
need to check what kind of Authorizer is being used.
It sounds like this check is only for legacy ACLs, so is probably just a safeguard
.
2021-08-04 18:06:44 -04:00
Daniel Nephin
2e9aa91256
Merge pull request #10737 from hashicorp/dnephin/remove-authorizer-nil-checks
...
acl: remove authz == nil checks
2021-08-04 17:39:34 -04:00
Evan Culver
57aabe3455
checks: Add Interval and Timeout to API response ( #10717 )
2021-08-03 15:26:49 -07:00
Daniel Nephin
b6d9d0d9f7
acl: remove many instances of authz == nil
2021-07-30 13:58:35 -04:00
Evan Culver
241b6429c3
Fix intention endpoint test
2021-07-30 12:58:45 -04:00
Chris S. Kim
33d7d48767
sync enterprise files with oss ( #10705 )
2021-07-27 17:09:59 -04:00
Chris S. Kim
6341183a84
agent: update proxy upstreams to inherit namespace from service ( #10688 )
2021-07-26 17:12:29 -04:00
R.B. Boyer
b2facb35a9
replumbing a bunch of api and agent structs for partitions ( #10681 )
2021-07-22 14:33:22 -05:00
R.B. Boyer
254557a1f6
sync changes to oss files made in enterprise ( #10670 )
2021-07-22 13:58:08 -05:00
R.B. Boyer
62ac98b564
agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning ( #10669 )
2021-07-22 13:20:45 -05:00
Evan Culver
521c423075
acls: Show AuthMethodNamespace
when reading/listing ACL token meta ( #10598 )
2021-07-15 10:38:52 -07:00
Giulio Micheloni
3a1afd8f57
acl: fix error type into a string type for serialization issue
...
acl_endpoint_test.go:507:
Error Trace: acl_endpoint_test.go:507
retry.go:148
retry.go:149
retry.go:103
acl_endpoint_test.go:504
Error: Received unexpected error:
codec.decoder: decodeValue: Cannot decode non-nil codec value into nil error (1 methods)
Test: TestACLEndpoint_ReplicationStatus
2021-07-15 11:31:44 +02:00
Giulio Micheloni
96fe1f4078
acl: acl replication routine to report the last error message
2021-07-14 11:50:23 +02:00
Evan Culver
5ff191ad99
Add support for returning ACL secret IDs for accessors with acl:write ( #10546 )
2021-07-08 15:13:08 -07:00
Daniel Nephin
14527dd005
Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period
...
ca: remove unused RotationPeriod field
2021-07-06 18:49:33 -04:00
jkirschner-hashicorp
31bbab8ae7
Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable
...
Replace use of 'sane' where appropriate
2021-07-06 11:46:04 -04:00
Daniel Nephin
b4a10443d1
ca: remove unused RotationPeriod field
...
This field was never used. Since it is persisted as part of a map[string]interface{} it
is pretty easy to remove it.
2021-07-05 19:15:44 -04:00
Jared Kirschner
4c3b1b8b7b
Replace use of 'sane' where appropriate
...
HashiCorp voice, style, and language guidelines recommend avoiding ableist
language unless its reference to ability is accurate in a particular use.
2021-07-02 12:18:46 -04:00
Daniel Nephin
d0e32cc3ba
http: add an X-Consul-Query-Backend header to responses
...
So that it is easier to detect and test when streaming is being used.
2021-06-28 16:44:58 -04:00
R.B. Boyer
30ccd5c2d9
connect: include optional partition prefixes in SPIFFE identifiers ( #10507 )
...
NOTE: this does not include any intentions enforcement changes yet
2021-06-25 16:47:47 -05:00
R.B. Boyer
9778bee35a
structs: prohibit config entries from referencing more than one partition at a time ( #10478 )
...
affected kinds: service-defaults, ingress-gateway, terminating-gateway, service-intentions
2021-06-23 16:44:10 -05:00
R.B. Boyer
952df8b491
structs: prevent service-defaults upstream configs from using wildcard names or namespaces ( #10475 )
2021-06-23 15:48:54 -05:00
R.B. Boyer
b412ca0f89
structs: add some missing config entry validation and clean up tests ( #10465 )
...
Affects kinds: service-defaults, ingress-gateway, terminating-gateway
2021-06-23 14:11:23 -05:00
Freddy
0e417e006e
Omit empty tproxy config in JSON responses ( #10402 )
2021-06-15 13:53:35 -06:00
Freddy
f399fd2add
Rename CatalogDestinationsOnly ( #10397 )
...
CatalogDestinationsOnly is a passthrough that would enable dialing
addresses outside of Consul's catalog. However, when this flag is set to
true only _connect_ endpoints for services can be dialed.
This flag is being renamed to signal that non-Connect endpoints can't be
dialed by transparent proxies when the value is set to true.
2021-06-14 14:15:09 -06:00
Freddy
f19b1f0058
Relax validation for expose.paths config ( #10394 )
...
Previously we would return an error if duplicate paths were specified.
This could lead to problems in cases where a user has the same path,
say /healthz, on two different ports.
This validation was added to signal a potential misconfiguration.
Instead we will only check for duplicate listener ports, since that is
what would lead to ambiguity issues when generating xDS config.
In the future we could look into using a single listener and creating
distinct filter chains for each path/port.
2021-06-14 14:04:11 -06:00
Freddy
61ae2995b7
Add flag for transparent proxies to dial individual instances ( #10329 )
2021-06-09 14:34:17 -06:00
Daniel Nephin
dcf80907a9
structs: fix cache keys
...
So that requests are cached properly, and the cache does not return the wrong data for a
request.
2021-05-31 17:22:16 -04:00
Daniel Nephin
857799cd56
structs: add two cache completeness tests types that implement cache.Request
2021-05-31 16:54:41 -04:00