Commit graph

11017 commits

Author SHA1 Message Date
Michel Vocks c7366e78d4 api: add option to set TLS options in-memory for API client (#7093)
This PR adds the option to set in-memory certificates to the API client instead of requiring the certificate to be stored on disk in a file.

This allows us to define API client TLS options per Consul secret backend in Vault.
Related issue hashicorp/vault#4800
2020-01-28 11:54:49 +01:00
John Cowen 0c12a0fef1
ui: Remove the Policy/Service Identity selector from nspaces (#7124)
When editing Nspaces, although you can assign policies to a nspace using
PolicyDefaults you cannot assign a Service Identity to a policy like you
can when adding a policy to a token.

This commit adds an extra attribute to our policy-form/policy-selector
component so you can disable this setting. At a later date we may change
this to have a conficgurable `<Slot />` instead.

Simple acceptance tests is included here
2020-01-28 09:39:09 +00:00
Blake Covarrubias 091e1ea330 docs: Fix success/passing health check definition
This commit changes the health check example shown for the
success/failures_before_passing option to correctly show that the value
of `checks` is an array of objects, not an object.

Added text clarifying these check parameters are available in Consul
1.7.0 and later.

Expanded the health check to provide a more complete configuration
example.

Resolves #7114.
2020-01-27 12:15:25 -08:00
Kit Patella 49e9bbbdf9
Add accessorID of token when ops are denied by ACL system (#7117)
* agent: add and edit doc comments

* agent: add ACL token accessorID to debugging traces

* agent: polish acl debugging

* agent: minor fix + string fmt over value interp

* agent: undo export & fix logging field names

* agent: remove note and migrate up to code review

* Update agent/consul/acl.go

Co-Authored-By: Matt Keeler <mkeeler@users.noreply.github.com>

* agent: incorporate review feedback

* Update agent/acl.go

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: R.B. Boyer <public@richardboyer.net>
2020-01-27 11:54:32 -08:00
Matt Keeler 01d647f16a
Unflake the TestAPI_AgentConnectCALeaf test (#7142)
* Unflake the TestAPI_AgentConnectCALeaf test

* Modify the WaitForActiveCARoot to actually verify that at least one root exists
Also verify that the active root id field is set
2020-01-27 14:34:04 -05:00
Anthony Scalisi 4b92c2deee fix spelling errors (#7135) 2020-01-27 07:00:33 -06:00
Hans Hasselberg d74f605f5c
hashibot: disable most of hashibot (#7139) 2020-01-27 13:57:00 +01:00
Hans Hasselberg 3ed5c8546d Revert "disable most of hashibot"
This reverts commit 977bafcd25dea9b493fc5df596c2f89e72e2a7b8.
2020-01-27 09:39:58 +01:00
Hans Hasselberg ace5e24b70 disable most of hashibot 2020-01-27 09:39:15 +01:00
Sarah Christoff a2dc42809b
Slow down Hashibot (#7134) 2020-01-24 20:22:10 -06:00
Jack Pearkes ed0edf5105
Update CHANGELOG.md 2020-01-24 16:27:26 -08:00
hashicorp-ci 2485efa570
Release v1.7.0-beta3 2020-01-24 17:08:22 +00:00
hashicorp-ci 2a0f0d5057
update bindata_assetfs.go 2020-01-24 17:08:21 +00:00
John Cowen ef0840997d
Merge pull request #7127 from hashicorp/bugfix/ui-correct-env-switch
ui: Change environment switch statement to correct env vars
2020-01-24 16:59:25 +00:00
John Cowen 950745dfbe ui: Change environment switch statement to correct env vars 2020-01-24 16:56:21 +00:00
Matt Keeler cdacfcaa6d
Pass the git commits year through as an env var to the ui build (#7126) 2020-01-24 10:40:14 -05:00
John Cowen 1c4937d507
Update CHANGELOG.md 2020-01-24 15:37:51 +00:00
Matt Keeler 485a0a65ea
Updates to Config Entries and Connect for Namespaces (#7116) 2020-01-24 10:04:58 -05:00
John Cowen 4aec220481
Merge pull request #7125 from hashicorp/ui-staging
ui: UI Release Merge (ui-staging merge)
2020-01-24 14:55:19 +00:00
Matt Keeler 9a0a86a487
Update CHANGELOG.md 2020-01-24 09:29:10 -05:00
Matt Keeler 90b9f87160
Add the v1/catalog/node-services/:node endpoint (#7115)
The backing RPC already existed but the endpoint will be useful for other service syncing processes such as consul-k8s as this endpoint can return all services registered with a node regardless of namespacing.
2020-01-24 09:27:25 -05:00
John Cowen fde7ca365a
ui: Acceptance test improvements to prepare for more NS tests (#6980)
* ui: Acceptance test improvements to prepare for more NS tests

* ui: Namespace acceptance testing (#7005)

* Update api-double and consul-api-double for http.body

* Adds places where we missed passing the nspace through

* Hardcode nspace CRUD to use the default nspace for policies and roles

* Alter test helpers to allow us to control nspaces from the outside

* Amends to allow tests to account for namespace, move ns from queryParam

1. We decided to move how we pass the namespace value through to the
backend when performing write actions (create, update). Previoulsy we
were using the queryParam although using the post body is the preferred
method to send the Namespace details through to the backend.
2. Other various amends to take into account testing across multiple
namespaced scenarios

* Enable nspace testing by default

* Remove last few occurances of old style http assertions

We had informally 'deprecated' our old style of http assertions that
relied on the order of http calls (even though that order was not
important for the assertion). Following on from our namespace work we
removed the majority of the old occrances of these old style assertions.

This commit removes the remaining few, and also then cleans up the
assertions/http.js file to only include the ones we are using.

This reduces our available step count further and prevents any confusion
over the usage of the old types and the new types.

* ui: Namespace CRUD acceptance tests (#7016)

* Upgrade consul-api-double

* Add all the things required for testing:

1. edit and index page objects
2. enable CONSUL_NSPACE_COUNT cookie setting
3. enable mutating HTTP response bodies based on URL

* Add acceptance test for nspace edit/delete/list and searching
2020-01-24 12:26:28 +00:00
Blake Covarrubias 9d1bb9e8aa Redirect /docs/guides/outage.html to Learn
Resolves: #6953
2020-01-24 00:26:07 -08:00
Hans Hasselberg d534f7bdcb
bot: replace stalebot with hashibot (#7113) 2020-01-24 09:24:21 +01:00
Hans Hasselberg 40d28fcbae
Update CHANGELOG.md 2020-01-23 22:12:51 +01:00
Matt Keeler a46c8b6dc7
Update CHANGELOG.md 2020-01-23 15:01:01 -05:00
Chris Piraino db36928faa
Fix segfault when removing both a service and associated check (#7108)
* Fix segfault when removing both a service and associated check

updateSyncState creates entries in the services and checks maps for
remote services/checks that are not found locally, so that we can then
make sure to delete them in our reconciliation process. However, the
values added to the map are missing key fields that the rest of the code
expects to not be nil.

* Add comment stating Check field can be nil
2020-01-23 10:38:32 -06:00
R.B. Boyer b69e84b2cf update changelog 2020-01-23 10:00:26 -06:00
R.B. Boyer b8801f2136
agent: default the primary_datacenter to the datacenter if not configured (#7111)
Something similar already happens inside of the server
(agent/consul/server.go) but by doing it in the general config parsing
for the agent we can have agent-level code rely on the PrimaryDatacenter
field, too.
2020-01-23 09:59:31 -06:00
Freddy aa2925958a
Update CHANGELOG.md 2020-01-22 12:48:20 -07:00
Paul Lesiak d8e6c68ccc bug: Consul lock does not receive signals if lock not acquired (#5909) 2020-01-22 12:44:48 -07:00
Chris Piraino 61b92b92bd
Fix up formatting in sdk package (#7109) 2020-01-22 12:45:34 -06:00
Alexey Miasoedov b7b4bef33a fix Unix socket path in docs 2020-01-22 09:11:24 -08:00
David Yu 4e2cf7a562
Merge pull request #7102 from hashicorp/david-yu-patch-2
Adding links to Kubernetes install to README.md
2020-01-22 08:57:10 -08:00
David Yu 9d958c37f9
Merge pull request #7103 from hashicorp/david-yu-patch-3
Adding Service Mesh reference to README.md
2020-01-22 08:56:34 -08:00
David Yu 8b473c956f
Merge pull request #7104 from hashicorp/david-yu-patch-4
Small change to TLS connection wording
2020-01-22 08:51:34 -08:00
Song Yihan 88dc6121d8 tests: fix zombie consul process while invoking TestServer.Stop() method in sdk/testutil in Windows (#6032)
* Fix zombie consul process in Windows 

Windows doesn't support Interrupt signal, thus while stop it on Windows platform
it would fail and left zombie consul process
2020-01-22 17:34:35 +01:00
Kit Ewbank 013dfe109f docs: add Helm chart 'dns.clusterIP' value. (#5845) 2020-01-22 17:32:08 +01:00
Hans Hasselberg 5379cf7c67
raft: increase raft notify buffer. (#6863)
* Increase raft notify buffer.

Fixes https://github.com/hashicorp/consul/issues/6852.

Increasing the buffer helps recovering from leader flapping. It lowers
the chances of the flapping leader to get into a deadlock situation like
described in #6852.
2020-01-22 16:15:59 +01:00
Kenia fb578d769c
ui: Checks env CONSUL_UI_DISABLE_REALTIME to show/hide blocking queries toggle (#7099)
Adds a conditional that checks env CONSUL_UI_DISABLE_REALTIME to show/hide the Blocking Queries toggle in the Settings page.
2020-01-22 09:19:01 -05:00
John Cowen 72ff1f0607
ui: New Confirmation Dialogs (#7007)
* ui: Change action-group to use new popup-menu component in intentions

* ui: Slight amends to aria-menu to prevent scrolling

* ui: Begin to use aria-menu/popover-menu for other elements

* Use a simpler, hackier method to fix up zIndexing

* ui: Implement new confirmation dialogs in other list views (#7080)

This includes another amend to the popover-menu in order to allow
mutiple confirmations/subpanels in the same popover menu.

The functionality added here to allow this is likely to change in the
future.
2020-01-22 12:08:29 +00:00
Hans Hasselberg e00effa325
agent: setup grpc server with auto_encrypt certs and add -https-port (#7086)
* setup grpc server with TLS config used across consul.
* add -https-port flag
2020-01-22 11:32:17 +01:00
Hans Hasselberg f3a01e6a4a
connect: use correct subject key id for leaf certificates. (#7091) 2020-01-22 11:28:28 +01:00
Iryna Shustava 2163f79170
Add docs about rolling out TLS on k8s (#7096)
* Add docs about gradually rolling out TLS on k8s

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2020-01-21 19:29:55 -08:00
David Yu 54c46ec678
Small change to wording
Removing automatic connection wording for applications for the time being. From @blake 
> They can automatically establish TLS connections without being aware that TLS is happening. They are aware that they’re routed through the Connect proxy, the app has to configure itself to use the local upstream port.
2020-01-21 16:27:43 -08:00
David Yu 8291cc8133
Small change 2020-01-21 16:22:22 -08:00
David Yu 5c8e7eb7ea
Adding change to mention a few guides
Previously mentioned just one one guide in the header
2020-01-21 15:46:04 -08:00
David Yu 62a84697a1
Adding Service Mesh reference
Adding Service Mesh reference for Consul
2020-01-21 15:07:54 -08:00
David Yu 060a932a1b
Adding links to Kubernetes install
Adding links to Kubernetes deployment guide and minikube install for visibility
2020-01-21 14:55:21 -08:00
R.B. Boyer ce7ab8abc1
make TestCatalogNodes_Blocking less flaky (#7074)
- Explicitly wait to start the test until the initial AE sync of the node.

- Run the blocking query in the main goroutine to cut down on possible
poor goroutine scheduling issues being to blame for delays.

- If the blocking query is woken up with no index change, rerun the
query. This may happen if the CI server is loaded and time dilation is
happening.
2020-01-21 14:58:50 -06:00