Commit graph

16752 commits

Author SHA1 Message Date
Daniele Vazzola 397b5ed957 Allows keyring operations on client agents 2022-02-24 17:24:57 +00:00
David Yu 2f9dc78af0
docs: set tproxy annotation to false for multi-port (#12431) 2022-02-23 18:24:15 -08:00
Nitya Dhanushkodi 1257cef7ed
add multiport docs for K8s (#12428)
* add multiport docs for K8s

* add formatting

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-02-23 16:11:52 -08:00
R.B. Boyer d860384731
server: partly fix config entry replication issue that prevents replication in some circumstances (#12307)
There are some cross-config-entry relationships that are enforced during
"graph validation" at persistence time that are required to be
maintained. This means that config entries may form a digraph at times.

Config entry replication procedes in a particular sorted order by kind
and name.

Occasionally there are some fixups to these digraphs that end up
replicating in the wrong order and replicating the leaves
(ingress-gateway) before the roots (service-defaults) leading to
replication halting due to a graph validation error related to things
like mismatched service protocol requirements.

This PR changes replication to give each computed change (upsert/delete)
a fair shot at being applied before deciding to terminate that round of
replication in error. In the case where we've simply tried to do the
operations in the wrong order at least ONE of the outstanding requests
will complete in the right order, leading the subsequent round to have
fewer operations to do, with a smaller likelihood of graph validation
errors.

This does not address all scenarios, but for scenarios where the edits
are being applied in the wrong order this should avoid replication
halting.

Fixes #9319

The scenario that is NOT ADDRESSED by this PR is as follows:

1. create: service-defaults: name=new-web, protocol=http
2. create: service-defaults: name=old-web, protocol=http
3. create: service-resolver: name=old-web, redirect-to=new-web
4. delete: service-resolver: name=old-web
5. update: service-defaults: name=old-web, protocol=grpc
6. update: service-defaults: name=new-web, protocol=grpc
7. create: service-resolver: name=old-web, redirect-to=new-web

If you shutdown dc2 just before (4) and turn it back on after (7)
replication is impossible as there is no single edit you can make to
make forward progress.
2022-02-23 17:27:48 -06:00
Chris S. Kim 4b528edbe6
Merge pull request #12430 from hashicorp/ci/main-assetfs-build
auto-updated agent/uiserver/bindata_assetfs.go from commit 73b6687c5
2022-02-23 18:19:30 -05:00
John Murret 141a43409d
Adding documentation to store Enterprise License in Vault (#12375)
* Adding documentation to store Enterprise License in Vault

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Referencing Storing the Enterprise License in Vault from the Consul Enterprise installation instructions.

* Added missing words about stroing in Vault

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* Clarifying that enterprise code block is just changes on top of your normal config.

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
2022-02-23 14:20:45 -07:00
John Murret 0c9663c57f
Updating consul on k8s to remove known limitations of serverAdditionalDNSSans and serverAdditionalIPSans (#12338) 2022-02-23 14:04:26 -07:00
R.B. Boyer ed1bc166e4
add changelog entry for enterprise only change (#12425) 2022-02-23 14:23:48 -06:00
lornasong 4bc423204a
nia/docs 0.5.0 (#12381)
* docs/nia: new configuration for services condition & source_input (#11646)

* docs/nia: new configuration for services condition

* docs/nia: new configuration for services source_input

* reword filter and cts_user_defined_meta

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update service block config to table format

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Remove deprecated driver.working_dir (#11831)

* Deprecate workspace_prefix for now workspaces.prefix (#11836)

* docs/nia: new config field names for services condition/source_input (#11896)

* docs/nia: new config field `names` for services condition/source_input

* Remove language about 'default condition' and services condition relation to services list

Context:
 - Added a new `names` field to condition/source_input "services"
 - `names` or `regexp` must be configured for condition/source_input "services"

This therefore:
 - Removed relationship between condition/source_input "services" and
 task.services list
 - Removed concept of "default condition" i.e. condition "services" must be
 configured with `names` or `regexp`, there is no meaningful unconfigured default

Change: remove language regarding "default condition" and relationship with services list

* docs/nia: Update paramters to table format

Changes from a bulleted list to a table. Also adds the possible response codes
and fixes the update example response to include the inspect object.

* docs/nia: Delete task API and CLI

* docs/nia: Update wording for run values

Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>

* docs/nia: require condition "catalog-services" block's regexp to be configured (#11915)

Changes:
 - Update Catalog Services Condition configuration docs to new table format
 - Rewrite `regexp` field docs to be required, no longer optional
 - Remove details about `regexp` field's original default behavior when the
 field was optional

* docs/nia: Update status API docs to table format

* Cleaner wording for response descriptions

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* docs/nia - 'source_includes_var' changes (#11939)

* docs/nia - condition "services" new field source_includes_var

 - Add new configuration details for condition "services" block's
 `source_includes_var` field.
 - Note: this field's description is worded differently from condition type's
 `source_includes_var` since a services variable is always required (unlike
 other vars) for CTS modules.
 - Also worded in a way to anticipate renaming to `use_as_module_input`

* docs/nia - change 'source_includes_var' default value from false to true

 - Update configs
 - Table-ify Consul-KV condition (reuse wording from Consul-KV source input)

* docs/nia - reword task execution page for source_includes_var changes

 - Note: switched to using "module input" language over "source input" language.
 Separate PR will make a mass change across docs
 - Slim down general task condition section to have fewer details on module input
 - Updated services, catalog-services, and consul-kv condition sections for
 source_includes_var
 - Add config page links for details

* Improve CTS acronym usage
- Use Consul-Terraform-Sync at the first instance with CTS in brackets - Consul-Terraform-Sync (CTS) and then CTS for all following instances on a per-page basis.
- some exceptions: left usage of the term `Consul-Terraform-Sync` in config examples and where it made sense for hyperlinking

* Improve CTS acronym usage (part 2) (#11991)

Per page:
- At first instance in text, use "Consul-Terraform-Sync (CTS)"
- Subsequent instances in text, use "CTS"

* Update schedule condition config to table format

* Update config tables with type column

* docs/nia: Update required fields values

Standardizing Required/Optional over boolean values.

* docs/nia: Standardize order of columns

Updated Required to come before Type, which is how the configurations are formatted. Also
changed the empty strings to "none" for default values.

* Deprecate port CLI option for CTS and updated example usage

* docs/nia cts multiple source input configuration updates (#12158)

* docs/nia cts multiple source input configuration updates

CTS expanded its usage of `source_input` block configurations and added
some restrictions. This change accounts for the following changes:

- `source_input` block can be configured for a task. No longer restricting to
scheduled task
- Multiple `source_input` blocks can be configured for a task. No longer
restricting to one
- Task cannot have multiple configurations defining the same variable type

Future work: We're planning to do some renaming from "source" to "module" for
v0.5. These changes are made in the code and not yet in the docs. These will be
taken care of across our docs in a separate PR. Perpetuating "source" in this
PR to reduce confusion.

* Apply suggestions from code review

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* code review feedback

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Add "Consul object" glossary entry

Changes:
 - Add "Consul object" to CTS glossary
 - Format glossary terms so that they can be linked
 - Add link to "Consul object" glossary entry

* Reorganize source_input limitations section

Co-authored-by: findkim <6362111+findkim@users.noreply.github.com>

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: findkim <6362111+findkim@users.noreply.github.com>

* docs/nia: overview of config streamlining deprecations (#12193)

* docs/nia: overview of config streamlining deprecations

* Update config snippets to use CodeTabs

* Apply code review feedback suggestions

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Clarify source table language

* Add use_as_module_input callout

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* docs/nia: deprecate "services" field and "service" block (#12234)

* Deprecate `services` field

Did a search on "`services`", "`task.services`", "services list", and "services
field"

Changes:
 - In config docs, mark `services` field as deprecated and `condition` block
 as required.
 - For necessary references to `services` field, mark with "(deprecated)" e.g.
 when listing all options for source input
 - Remove unnecessary references to `services` field from docs e.g. any docs
 encouraging use of `services`
 - Replace `services` field with `condition` / `module_input` "services" in
 config snippets and explanations

* Deprecate `service` block

Did a search for "service block", "`service`", and "service {"

Changes:
 - In config docs, mark `service` block as deprecated
 - For necessary references to `service` block, mark with "(deprecated)"
 - Remove unnecessary references to `service` block from docs

* Fix service block typos in config snippet

service block is singular and not plural

* docs/nia: deprecate "source includes var" and "source input" (#12244)

* Deprecate `source_includes_var` field

Did a search for "source_includes_var" and an audit of "include"

Changes
 - In config docs, mark `source_includes_var` field as deprecated
 - In config docs, add new field for `use_as_module_input`
 - For necessary references to `source_includes_var`, mark with "(deprecated)"
 - Audit and update "include" language

* Deprecate `source_input` field and language

Did a search and replace for "source_input", "source-input", "source input"

Changes:
 - In config docs, mark `source_input` field as deprecated
 - In config docs, add new entry for `module_input`
 - For necessary references to `source_input`, mark with "(deprecated)"
 - Remove or replace "source*input" with "module*input"

Note: added an anchor link alias e.g. `# Module Input ((#source-input))` for
headers that were renamed from "Source Input" so that bookmarked links won't
break

* Update config streamlining release removal version to 0.8

* remove duplicate bullet

* docs/nia: deprecate `source` (#12245)

* Update "source" field in config snippets to "module"

* Deprecate task config `source` field

Did a search and replace for "source" and "src"

Changes:
 - In config docs, mark `source` field as deprecated
 - In config docs, add new entry for `module`
 - Remove or replace "source" with "module"

* Deprecate Status API Event `source` field

Changes:
 - Mark `source` field as deprecated
 - Add new entry for `module`

* docs/nia - Get Task API docs & Task Status API deprecations (#12303)

* docs/nia - Get Task API

Added a Task Object section intended to be shared with the Create Task API

* docs/nia - Deprecate non-status fields from Task Status API

Deprecate the fields that Get Task API replaces

* docs/nia - Align API docs on `:task_name` request resource

Followed a convention found in Nomad docs

* docs/nia - misc fixes

Context for some:
 - remove "" from license_path for consistency - do not specify the default
 value when empty string
 - remove "optional" language from task condition. we want to move towards it
 being required

* docs/nia - add new columns to API Task Object

* Added Create Task API documentation

* Added create task CLI documentation

* addressed code review comments

* fixed example

* docs/nia: Update task delete with async behavior

CTS delete task command is now asynchronous, so updating docs to reflect
this new behavior.

* update create task CLI with new changes from code

* update create task api and cli
- update curl command to include the json header
- update example task names to use 'task_a' to conform with other examples

* docs/nia: Fix hyphens in CTS CLI output

* docs/nia: Add auto-approve option in CLI

* docs/nia: Clarify infrastructure is not destroyed on task deletion

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>
Co-authored-by: Melissa Kam <mkam@hashicorp.com>
Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>
Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: Michael Wilkerson <mwilkerson@hashicorp.com>
Co-authored-by: AJ Jwair <aj.jwair@hashicorp.com>
2022-02-23 14:22:34 -05:00
Eric Haberkorn 091f7670c8
Merge pull request #12228 from hashicorp/ecs-resource-usage
Document Consul ECS Resource Usage
2022-02-23 13:53:10 -05:00
Blake Covarrubias 8bfb79524b docs: Add HCL examples to watch configs
* Adds HCL configuration examples to Consul watch configs.
* Updates example output for several watch types.
2022-02-22 16:25:54 -08:00
Daniel Nephin 3639f4b551
Merge pull request #11910 from hashicorp/dnephin/ca-provider-interface-for-ica-in-primary
ca: add support for an external trusted CA
2022-02-22 13:14:52 -05:00
R.B. Boyer 11fdc70b34
configentry: make a new package to hold shared config entry structs that aren't used for RPC or the FSM (#12384)
First two candidates are ConfigEntryKindName and DiscoveryChainConfigEntries.
2022-02-22 10:36:36 -06:00
Dhia Ayachi 378f688a6a
file watcher to be used for configuration auto-reload feature (#12301)
* add config watcher to the config package

* add logging to watcher

* add test and refactor to add WatcherEvent.

* add all API calls and fix a bug with recreated files

* add tests for watcher

* remove the unnecessary use of context

* Add debug log and a test for file rename

* use inode to detect if the file is recreated/replaced and only listen to create events.

* tidy ups (#1535)

* tidy ups

* Add tests for inode reconcile

* fix linux vs windows syscall

* fix linux vs windows syscall

* fix windows compile error

* increase timeout

* use ctime ID

* remove remove/creation test as it's a use case that fail in linux

* fix linux/windows to use Ino/CreationTime

* fix the watcher to only overwrite current file id

* fix linter error

* fix remove/create test

* set reconcile loop to 200 Milliseconds

* fix watcher to not trigger event on remove, add more tests

* on a remove event try to add the file back to the watcher and trigger the handler if success

* fix race condition

* fix flaky test

* fix race conditions

* set level to info

* fix when file is removed and get an event for it after

* fix to trigger handler when we get a remove but re-add fail

* fix error message

* add tests for directory watch and fixes

* detect if a file is a symlink and return an error on Add

* rename Watcher to FileWatcher and remove symlink deref

* add fsnotify@v1.5.1

* fix go mod

* fix flaky test

* Apply suggestions from code review

Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>

* fix a possible stack overflow

* do not reset timer on errors, rename OS specific files

* start the watcher when creating it

* fix data race in tests

* rename New func

* do not call handler when a remove event happen

* events trigger on write and rename

* fix watcher tests

* make handler async

* remove recursive call

* do not produce events for sub directories

* trim "/" at the end of a directory when adding

* add missing test

* fix logging

* add todo

* fix failing test

* fix flaking tests

* fix flaky test

* add logs

* fix log text

* increase timeout

* reconcile when remove

* check reconcile when removed

* fix reconcile move test

* fix logging

* delete invalid file

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* fix review comments

* fix is watched to properly catch a remove

* change test timeout

* fix test and rename id

* fix test to create files with different mod time.

* fix deadlock when stopping watcher

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* fix a deadlock when calling stop while emitting event is blocked

* make sure to close the event channel after the event loop is done

* add go doc

* back date file instead of sleeping

* Apply suggestions from code review

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* check error

Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-02-21 11:36:52 -05:00
hc-github-team-consul-core ef5b6c8415 auto-updated agent/uiserver/bindata_assetfs.go from commit 73b6687c5 2022-02-21 12:27:52 +00:00
John Cowen 4ad8a0cfef
ui: Transition App Chrome to use new Disclosure Menus (#12334)
* Add %panel CSS component

* Deprecate old menu-panel component

* Various smallish tweaks to disclosure-menu

* Move all menus in the app chrome to use new DisclosureMenu

* Follow up CSS to move all app chrome menus to new components

* Don't prevent default any events from anchors

* Add a tick to click steps
2022-02-21 12:22:59 +00:00
Evan Culver 067223337d
checks: populate interval and timeout when registering services (#11138) 2022-02-18 12:05:33 -08:00
Kyle Havlovitz 9c03b5dc3d
Merge pull request #12385 from hashicorp/tproxy-http-upstream-fix
xds: respect chain protocol on default discovery chain
2022-02-18 10:08:59 -08:00
Daniel Nephin 32b0c1d594
Merge pull request #12389 from hashicorp/dnephin/rpc-blocking-queries-not-found-nil
rpc: set response to nil when not found
2022-02-18 13:04:16 -05:00
Daniel Nephin cb1a80184f rpc: set response to nil when not found
Otherwise when the query times out we might incorrectly send a value for
the reply, when we should send an empty reply.

Also document errNotFound and how to handle the result in that case.
2022-02-18 12:26:06 -05:00
John Cowen b626e33f92
ui: Fixup displaying a Nspace default policy when expanding the preview pane (#12316) 2022-02-18 17:22:05 +00:00
John Cowen 6e0eddd841
ui: Replace CollapsibleNotices with more a11y focussed Disclosure component (#12305)
* Delete collapsible notices component and related helper

* Add relative t action/helper to our Route component

* Replace single use CollapsibleNotices with multi-use Disclosure
2022-02-18 17:16:03 +00:00
Eric 8c8001afee Document Consul ECS resource usage
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Paul Glass <pglass@hashicorp.com>
2022-02-18 09:30:57 -05:00
mrspanishviking 999992eb3c
Merge pull request #11175 from kevinwojo/patch-azure-auto-join
Update docs: correct provider argument is tag_key
2022-02-18 04:13:47 -07:00
John Eikenberry a017daafc8 fix godoc comment for Namespaces client method
Namespaces method godoc has same sentence as Operator method.
Presumably a cut-n-paste error. Fix that.
2022-02-18 04:15:55 +00:00
Evan Culver 3c935e8bbf
Add missing enhancement entries to appropriate spot in CHANGELOG (#12380) 2022-02-17 19:22:03 -08:00
Evan Culver bdb120f79d
ci: combine 'enhancement' entry type with 'improvement' (#12376) 2022-02-17 19:21:47 -08:00
Daniel Nephin 79820738cc ca: test that original certs from secondary still verify
There's a chance this could flake if the secondary hasn't received the
update yet, but running this test many times doesn't show any flakes
yet.
2022-02-17 18:45:16 -05:00
Daniel Nephin ca4e60e09b Update TODOs to reference an issue with more details
And remove a no longer needed TODO
2022-02-17 18:21:30 -05:00
Daniel Nephin 58f3fec54a docs: add docs for using an external CA 2022-02-17 18:21:30 -05:00
Daniel Nephin 0abaf29c10 ca: add test cases for rotating external trusted CA 2022-02-17 18:21:30 -05:00
Daniel Nephin aacc40012f ca: add a test for secondary with external CA 2022-02-17 18:21:30 -05:00
Daniel Nephin 471b2098bb ca: examine the full chain in newCARoot
make TestNewCARoot much more strict
compare the full result instead of only a few fields.
add a test case with 2 and 3 certificates in the pem
2022-02-17 18:21:30 -05:00
Daniel Nephin fc6c0ec139 ca: small docs improvements 2022-02-17 18:21:30 -05:00
Daniel Nephin af651eaaad ca: cleanup validateSetIntermediate 2022-02-17 18:21:30 -05:00
Daniel Nephin ef03f7be73 ca: only return the leaf cert from Sign in vault provider
The interface is documented as 'Sign will only return the leaf', and the other providers
only return the leaf. It seems like this was added during the initial implementation, so
is likely just something we missed. It doesn't break anything , but it does cause confusing cert chains
in the API response which could break something in the future.
2022-02-17 18:21:30 -05:00
Daniel Nephin 2d5254a73b
Merge pull request #12110 from hashicorp/dnephin/blocking-queries-not-found
rpc: make blocking queries for non-existent items more efficient
2022-02-17 18:09:39 -05:00
Ashwin Venkatesh 39be071264
Parse datacenter from request (#12370)
* Parse datacenter from request
- Parse the value of the datacenter from the create/delete requests for AuthMethods and BindingRules so that they can be created in and deleted from the datacenters specified in the request.
2022-02-17 16:41:27 -05:00
mrspanishviking b62a4187c9
Merge pull request #12382 from hashicorp/consul-int-prog-changes
docs: uploaded two images and added new text to Consul Int. Program page
2022-02-17 14:15:55 -07:00
Adam Rowan fb3396297e
Update website/content/docs/integrate/partnerships.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-17 13:42:21 -07:00
Adam Rowan 3babc08567
Update website/content/docs/integrate/partnerships.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-17 13:42:06 -07:00
Kyle Havlovitz 6b9eb17df1 Add changelog note 2022-02-17 12:17:12 -08:00
Kyle Havlovitz 58172c260b xds: respect chain protocol on default discovery chain 2022-02-17 11:47:20 -08:00
Adam Rowan 8c8ff3feb0
docs: uploaded two images and added new text to Consul Int. Program page 2022-02-17 11:26:43 -07:00
John Cowen bdb89af605
ui: Start using mermaid state diagrams in our docs (#12350) 2022-02-17 14:57:14 +00:00
Florian Apolloner 895da50986
Support for connect native services in topology view. (#12098) 2022-02-16 16:51:54 -05:00
Evan Culver 3984d82e90
Fix build script (#12367) 2022-02-16 11:52:44 -08:00
Chris S. Kim 18096fd2fb
Move IndexEntryName helpers to common files (#12365) 2022-02-16 12:56:38 -05:00
Thomas Eckert 375524df84
Separate Annotations/Labels and Add service-ignore to Docs (#12323)
* Separate Annotations and Labels and add service-ignore label

* changes to structure and call out for pod

* add description and TOC

* Update annotations-and-labels.mdx

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-02-16 09:53:13 -08:00
Daniel Nephin e6852c2dc2
Merge pull request #12359 from hashicorp/dnephin/fix-debug-size
debug: limit the size of the trace
2022-02-15 18:33:46 -05:00