Commit Graph

11054 Commits

Author SHA1 Message Date
Matt Keeler 240ce3e2d2
Update CHANGELOG.md 2020-01-31 11:51:00 -05:00
Matt Keeler f5511133b3
Update CHANGELOG.md 2020-01-31 11:24:48 -05:00
Hans Hasselberg 50281032e0
Security fixes (#7182)
* Mitigate HTTP/RPC Services Allow Unbounded Resource Usage

Fixes #7159.

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2020-01-31 11:19:37 -05:00
Matt Keeler 3e56f5c8b8
ACL enforcement for the agent/health/services endpoints (#7191)
ACL enforcement for the agent/health/services endpoints
2020-01-31 11:16:24 -05:00
R.B. Boyer cc9586f34d update changelog 2020-01-31 10:13:40 -06:00
R.B. Boyer 1d7e4f7de5
cli: improve the file safety of 'consul tls' subcommands (#7186)
- also fixing the signature of file.WriteAtomicWithPerms
2020-01-31 10:12:36 -06:00
Kenia c4f4f4e3c6
ui: Adds an acceptance test for hiding Blocking Queries (#7162)
* Adds an acceptance test for hiding Blocking Queries

* Creates a new scenario - If a user adds CONSUL_UI_DISABLE_REALTIME to localStorage, the Blocking Queries section is hidden.

* Updates page assertion to accept functions and booleans as properties

* ui: Fix "don't see" step to watch for the different pageObject error

ember-cli-page object seems to throw a an error with a different message
depending on how you call a function:

currentPage()[property]() // message = 'Element not found'

const prop = currentPage()[property];
prop() // message = 'Something about destructuring'

This changes the step/test/assertion to ensure we check for both types of errors

Co-authored-by: John Cowen <johncowen@users.noreply.github.com>
2020-01-31 10:12:22 -05:00
Matt Keeler 4bf1c2e4f7
agent: add ACL enforcement to the v1/agent/health/service/* endpoints
This adds acl enforcement to the two endpoints that were missing it.

Note that in the case of getting a services health by its id, we still
must first lookup the service so we still "leak" information about a
service with that ID existing. There isn't really a way around it though
as ACLs are meant to check service names.
2020-01-31 09:57:38 -05:00
Matt Keeler 94de5adb02
Make PatchSliceOfMaps case insensitive
This fixes some case-sensitivity issues with using camel case in configuration files.
2020-01-31 09:56:02 -05:00
John Cowen 0d44ebb588
ui: Actually remove CI parallelism (#7190) 2020-01-31 14:47:39 +00:00
John Cowen ca6f73abe2
ui: Move CI to use the Makefile for testing (+ tmporary removal of exam) (#7188)
* ui: Move CI to use the Makefile for testing (+ tmporary removal of exam)

* ui: make a specific test-ci target as we are using --path dist

--path dist looks for a previous build to test against, in CI this
exists as we run a build first, but locally potentially this dist folder
doesn't
2020-01-31 14:12:35 +00:00
John Cowen ce059a909b
ui: Fix sticky nspace menu (#7164)
* ui: Fix typo expanded > ariaExpanded

* ui: Add the things we need to test this

* ui: Add tests for testing the menu closes when clicked

* ui: Ensure the aria-menu closes on route change
2020-01-31 14:11:46 +00:00
Kenia 0fd7b4e969
Update CHANGELOG.md 2020-01-31 09:09:02 -05:00
Kenia 8de1a81aa8
Merge pull request #7177 from hashicorp/ui-staging
ui: UI Release Merge (ui-staging merge)
2020-01-30 16:08:35 -05:00
Hans Hasselberg da3433bfa0
Add 1.6.3 2020-01-30 21:01:08 +01:00
John Cowen 281654bc5a
ui: Split splitter names in the discovery-chain (#7180)
Previous to 1.7 splitter names didn't include the namespace name

i.e. 'service-name'

as of 1.7 they now include the namespace

i.e. 'service-name.namespace'

This commit take account of that
2020-01-30 19:08:45 +00:00
Sarah Christoff 67344befc8
[docs] Clarify retry-join (#7078) 2020-01-30 12:52:58 -06:00
Matt Keeler 26bb1584c1
Updates to the Txn API for namespaces (#7172)
* Updates to the Txn API for namespaces

* Update agent/consul/txn_endpoint.go

Co-Authored-By: R.B. Boyer <rb@hashicorp.com>

Co-authored-by: R.B. Boyer <public@richardboyer.net>
2020-01-30 13:12:26 -05:00
John Cowen 85ea64211f
ui: Discovery-Chain: Cope with some edge case configs (#7174)
* ui: Discovery-Chain: Cope with redirects that have failovers

We found a few stranger configurations for discovery-chain, one of which
was redirects that can then failover.

We altered the parsing here to include 2 passes, one to organize the
nodes into resolvers and children/subsets based on the nodes themselves, which
includes adding the failovers to resolvers and subsets.

We then do a second pass which can more reliably figure out whether a
target is a redirect or a failover (target failovers don't have a
corresponding node), this then adds the redirect children to the already
exising resolver (from the first pass) and then checks if the redirect
also has failovers and adds those if so.

* ui: Check to see if we have a user configured default route or not

...if we don't add one so the visualization looks complete
2020-01-30 16:09:05 +00:00
Sarah Christoff 02c0403ff4
Update question.md (#6778) 2020-01-30 08:09:37 -06:00
Matt Keeler 50092c28c0
Add some better waits to prevent CA is nil test flakes (#7171) 2020-01-29 22:23:11 -05:00
Iryna Shustava b8cac0d6e4
docs: clarify that clients and servers need to talk over LAN if outside k8s (#7156) 2020-01-29 19:09:38 -08:00
Matt Keeler 377f23b52b
Update CHANGELOG.md 2020-01-29 20:17:24 -05:00
Matt Keeler 78ad3428c4
Small refactoring to move meta parsing into the switch statement (#7170) 2020-01-29 19:12:48 -05:00
Matt Keeler 25568626f7
Fix a couple bugs regarding intentions with namespaces (#7169) 2020-01-29 17:30:38 -05:00
Matt Keeler 3f253080a2
Sync some feature flag support from enterprise (#7167) 2020-01-29 13:21:38 -05:00
R.B. Boyer 01ebdff2a9
various tweaks on top of the hclog work (#7165) 2020-01-29 11:16:08 -06:00
John Cowen c5f184f61d
ui: Add live updates/blocking queries to the Intention listing page (#7161)
* ui: Enable blocking queries/live updates for intentions

* ui: Add acceptance tests for intention blocking queries

* ui: Add copy to explain that intentions are also now 'real time'
2020-01-29 16:22:31 +00:00
Iryna Shustava 44b921a780
docs: Clarify the use of kustomize or ship with the Helm chart (#7154) 2020-01-28 22:18:12 -08:00
Chris Piraino 3dd0b59793
Allow users to configure either unstructured or JSON logging (#7130)
* hclog Allow users to choose between unstructured and JSON logging
2020-01-28 17:50:41 -06:00
Matt Keeler 3044b4bf89
Output proper HTTP status codes for Txn requests that are too large (#7157) 2020-01-28 16:22:40 -05:00
Iryna Shustava daff8f82dc docs: update ACL perms for the /connect/ca/roots endpoint (#7155) 2020-01-28 20:01:25 +01:00
John Cowen cc1ce7bd49
ui: Add node based configuration / environment testing (#7140)
In an ember environment `config/environment.js` exports a JSON object
whereas the file itself exports a function that receives a string of the
environment name that would like returning.

This is so ember can automatically provide you with an already
configured object containing configuration values dependent on which
environment you passed to `ember-cli` using `serve`, `build` or `test`.

In order to bypass this so we can easily test what is returned for
different environments, we've installed a lightweight functional test
harness that is simple to use `substack/tape`, that can be run easily
outside of ember.

We've then written as simple test case using this to enable us to
test/assert that different environments return the correct configuration
values.

Additionally we've added some yarn scripts/make targets (yarn run
test-node / make test-node) to make this easy to run. We're yet to
integrate this into CI.
2020-01-28 17:33:20 +00:00
Alvin Huang 98a83dbf89
use 4 parallelism for go-test and print package names (#7152) 2020-01-28 12:21:55 -05:00
John Cowen 1f2b5a0091
ui: Fix wrapping service ids in the Node Detail > Services tab (#7149) 2020-01-28 14:43:32 +00:00
John Cowen 03f8bbb8a5
ui: Fix positioning of active icon in the selected menu item (#7148) 2020-01-28 14:42:20 +00:00
Kenia f6a7164d10
ui: Implements the ember-page-title addon to the UI (#7118)
* Installs ember-page-title 5.x

* Adds a page title to all template files that need one

* Adds an assertion step to test the page titles
2020-01-28 09:25:52 -05:00
Michel Vocks c7366e78d4 api: add option to set TLS options in-memory for API client (#7093)
This PR adds the option to set in-memory certificates to the API client instead of requiring the certificate to be stored on disk in a file.

This allows us to define API client TLS options per Consul secret backend in Vault.
Related issue hashicorp/vault#4800
2020-01-28 11:54:49 +01:00
John Cowen 0c12a0fef1
ui: Remove the Policy/Service Identity selector from nspaces (#7124)
When editing Nspaces, although you can assign policies to a nspace using
PolicyDefaults you cannot assign a Service Identity to a policy like you
can when adding a policy to a token.

This commit adds an extra attribute to our policy-form/policy-selector
component so you can disable this setting. At a later date we may change
this to have a conficgurable `<Slot />` instead.

Simple acceptance tests is included here
2020-01-28 09:39:09 +00:00
Blake Covarrubias 091e1ea330 docs: Fix success/passing health check definition
This commit changes the health check example shown for the
success/failures_before_passing option to correctly show that the value
of `checks` is an array of objects, not an object.

Added text clarifying these check parameters are available in Consul
1.7.0 and later.

Expanded the health check to provide a more complete configuration
example.

Resolves #7114.
2020-01-27 12:15:25 -08:00
Kit Patella 49e9bbbdf9
Add accessorID of token when ops are denied by ACL system (#7117)
* agent: add and edit doc comments

* agent: add ACL token accessorID to debugging traces

* agent: polish acl debugging

* agent: minor fix + string fmt over value interp

* agent: undo export & fix logging field names

* agent: remove note and migrate up to code review

* Update agent/consul/acl.go

Co-Authored-By: Matt Keeler <mkeeler@users.noreply.github.com>

* agent: incorporate review feedback

* Update agent/acl.go

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: R.B. Boyer <public@richardboyer.net>
2020-01-27 11:54:32 -08:00
Matt Keeler 01d647f16a
Unflake the TestAPI_AgentConnectCALeaf test (#7142)
* Unflake the TestAPI_AgentConnectCALeaf test

* Modify the WaitForActiveCARoot to actually verify that at least one root exists
Also verify that the active root id field is set
2020-01-27 14:34:04 -05:00
Anthony Scalisi 4b92c2deee fix spelling errors (#7135) 2020-01-27 07:00:33 -06:00
Hans Hasselberg d74f605f5c
hashibot: disable most of hashibot (#7139) 2020-01-27 13:57:00 +01:00
Hans Hasselberg 3ed5c8546d Revert "disable most of hashibot"
This reverts commit 977bafcd25dea9b493fc5df596c2f89e72e2a7b8.
2020-01-27 09:39:58 +01:00
Hans Hasselberg ace5e24b70 disable most of hashibot 2020-01-27 09:39:15 +01:00
Sarah Christoff a2dc42809b
Slow down Hashibot (#7134) 2020-01-24 20:22:10 -06:00
Jack Pearkes ed0edf5105
Update CHANGELOG.md 2020-01-24 16:27:26 -08:00
hashicorp-ci 2485efa570
Release v1.7.0-beta3 2020-01-24 17:08:22 +00:00
hashicorp-ci 2a0f0d5057
update bindata_assetfs.go 2020-01-24 17:08:21 +00:00