Commit graph

9584 commits

Author SHA1 Message Date
Jack Pearkes 38370278f3 fix broken link (#5273) 2019-01-25 11:40:31 -06:00
Matt Hoey 56bd1d676d website: reference last command's last field instead of background PID (#5264) 2019-01-25 17:30:38 +01:00
R.B. Boyer 7a8aa2d4a0
speed up TestHTTPAPI_MethodNotAllowed_OSS from 11s -> 0.5s (#5268) 2019-01-25 10:01:21 -06:00
Hans Hasselberg cbe53e68f0 correct name 2019-01-25 11:00:56 +01:00
Hans Hasselberg fa2d8f4568 simpler fix 2019-01-24 17:12:08 +01:00
Hans Hasselberg 944268c6a4 do not export that type 2019-01-24 17:05:57 +01:00
Hans Hasselberg d613f0ed61 fix marshalling 2019-01-24 17:03:26 +01:00
Hans Hasselberg fc2f2b6bd7 demo nomad problem 2019-01-24 16:45:54 +01:00
Paul Banks 28b94ccd3e
Update services.html.md 2019-01-24 12:41:43 +00:00
banks 77f08a81e7 Putting source back into Dev Mode 2019-01-23 22:22:05 +00:00
banks 7731e9e683 Merge branch 'master' of https://github.com/hashicorp/consul 2019-01-23 22:19:27 +00:00
Jack Pearkes 29fdec9fc9
Update CHANGELOG.md 2019-01-23 14:17:09 -08:00
banks 33478ff0f5 Bump website version 2019-01-23 22:16:20 +00:00
Jack Pearkes ab96cc8651
Update CHANGELOG.md 2019-01-23 14:15:57 -08:00
banks b316c12953
Release v1.4.1 2019-01-23 20:53:20 +00:00
Matt Keeler ce275ddc27
Update CHANGELOG.md 2019-01-23 15:49:59 -05:00
Matt Keeler ad16cc2682
Basic TLS Command Tests (#5259)
* Add tls ca create tests

* Add a basic tls cert create test
2019-01-23 15:48:57 -05:00
Matt Keeler 736a974494
Disregard rules when set on a management token (#5261)
* Disregard rules when set on a management token

* Add unit test for legacy mgmt token with rules
2019-01-23 15:48:38 -05:00
Matt Keeler f0b0abee32
Fix typo that prevented using the default ca domain for tls cert creation (#5258) 2019-01-23 13:14:28 -05:00
Matt Keeler 39f0687326
Update to Go 1.11.4 and UI build container (#5257)
* Update to Go 1.11.4

* Update to Go 1.11.4 for travis

* Update UI build to fix ember issues.
2019-01-23 12:56:39 -05:00
Matt Keeler a6e01034ac
Update CHANGELOG.md 2019-01-23 10:13:40 -05:00
Saurabh Deoras 4a8908942e fix for arm32 (#5130)
Signed-off-by: Saurabh Deoras <sdeoras@gmail.com>
2019-01-23 10:09:01 -05:00
Paul Banks bcbe554d39
Update CHANGELOG.md 2019-01-23 14:33:38 +00:00
Diogenes S. Jesus 90f2788fa2 Fix repeating wording in sentence (#5256)
Fix `to join to join` typo
2019-01-23 09:12:41 -05:00
John Cowen 59c71c2c26
Update CHANGELOG.md 2019-01-23 13:57:07 +00:00
John Cowen 7d76fea123
ui: Removes delete button form pages that show your current token (#5241)
Tokens can no longer delete themselves see:

https://github.com/hashicorp/consul/pull/5210

...so we remove the button to allow you to do that from the UI
2019-01-23 13:51:36 +00:00
John Cowen 6ec6530e03
UI: [BUGFIX] Decode/encode urls (#5206)
In 858b05fc31 (diff-46ef88aa04507fb9b039344277531584)
we removed encoding values in pathnames as we thought they were
eventually being encoded by `ember`. It looks like this isn't the case.

Turns out sometimes they are encoded sometimes they aren't. It's complicated.
If at all possible refer to the PR https://github.com/hashicorp/consul/pull/5206.

It's related to the difference between `dynamic` routes and `wildcard` routes.

Partly related to this is a decision on whether we urlencode the slashes within service names or not. Whilst historically we haven't done this, we feel its a good time to change this behaviour, so we'll also be changing services to use dynamic routes instead of wildcard routes. So service links will then look like /ui/dc-1/services/application%2Fservice rather than /ui/dc-1/services/application/service

Here, we define our routes in a declarative format (for the moment at least JSON) outside of Router.map, and loop through this within Router.map to set all our routes using the standard this.route method. We essentially configure our Router from the outside. As this configuration is now done declaratively outside of Router.map we can also make this data available to href-to and paramsFor, allowing us to detect wildcard routes and therefore apply urlencoding/decoding.

Where I mention 'conditionally' below, this is detection is what is used for the decision.

We conditionally add url encoding to the `{{href-to}}` helper/addon. The
reasoning here is, if we are asking for a 'href/url' then whatever we
receive back should always be urlencoded. We've done this by reusing as much
code from the original `ember-href-to` addon as possible, after this
change every call to the `{{href-to}}` helper will be urlencoded.

As all links using `{{href-to}}` are now properly urlencoded. We also
need to decode them in the correct place 'on the other end', so..

We also override the default `Route.paramsFor` method to conditionally decode all
params before passing them to the `Route.model` hook.

Lastly (the revert), as we almost consistently use url params to
construct API calls, we make sure we re-encode any slugs that have been
passed in by the user/developer. The original API for the `createURL`
function was to allow you to pass values that didn't need encoding,
values that **did** need encoding, followed by query params (which again
require url encoding)

All in all this should make the entire ember app url encode/decode safe.
2019-01-23 13:46:59 +00:00
Matt Keeler a2fb5eafdd
Revendor serf to pull in keyring list truncation changes. (#5251) 2019-01-22 16:07:04 -05:00
Hans Hasselberg 90c18a9997
website: update nokogiri (#5252) 2019-01-22 21:49:16 +01:00
Hans Hasselberg 38bda081c0
Update CHANGELOG.md 2019-01-22 21:17:39 +01:00
Hans Hasselberg 8356f6246f
agent: display messages from serf in cli (#5236)
* display messages from serf in cli
2019-01-22 21:08:50 +01:00
Kyle Havlovitz d8e9922eba
Update CHANGELOG.md 2019-01-22 11:35:45 -08:00
Kyle Havlovitz e0baa68681
Merge pull request #5250 from hashicorp/forward-intention-rpcs
connect: Forward intention RPCs if this isn't the primary
2019-01-22 11:32:55 -08:00
Kyle Havlovitz b30b541007
connect: Forward intention RPCs if this isn't the primary 2019-01-22 11:29:21 -08:00
Kyle Havlovitz a731173661
Merge pull request #5249 from hashicorp/ca-fixes-oss
Minor CA fixes
2019-01-22 11:25:09 -08:00
Kyle Havlovitz 8afba06300
Update CHANGELOG.md 2019-01-22 11:20:50 -08:00
Kyle Havlovitz b0f07d9b5e
Merge pull request #4869 from hashicorp/txn-checks
Add node/service/check operations to transaction api
2019-01-22 11:16:09 -08:00
Kyle Havlovitz 5a5436380b
connect/ca: return a better error message if the CA isn't fully initialized when signing 2019-01-22 11:15:09 -08:00
Matt Keeler 30ff65118b
Update CHANGELOG.md 2019-01-22 13:18:14 -05:00
Matt Keeler cc2cd75f5c
Fix several ACL token/policy resolution issues. (#5246)
* Fix 2 remote ACL policy resolution issues

1 - Use the right method to fire async not found errors when the ACL.PolicyResolve RPC returns that error. This was previously accidentally firing a token result instead of a policy result which would have effectively done nothing (unless there happened to be a token with a secret id == the policy id being resolved.

2. When concurrent policy resolution is being done we single flight the requests. The bug before was that for the policy resolution that was going to piggy back on anothers RPC results it wasn’t waiting long enough for the results to come back due to looping with the wrong variable.

* Fix a handful of other edge case ACL scenarios

The main issue was that token specific issues (not able to access a particular policy or the token being deleted after initial fetching) were poisoning the policy cache.

A second issue was that for concurrent token resolutions, the first resolution to get started would go fetch all the policies. If before the policies were retrieved a second resolution request came in, the new request would register watchers for those policies but then never block waiting for them to complete. This resulted in using the default policy when it shouldn't have.
2019-01-22 13:14:43 -05:00
Paul Banks 1c4dfbcd2e
connect: tame thundering herd of CSRs on CA rotation (#5228)
* Support rate limiting and concurrency limiting CSR requests on servers; handle CA rotations gracefully with jitter and backoff-on-rate-limit in client

* Add CSR rate limiting docs

* Fix config naming and add tests for new CA configs
2019-01-22 17:19:36 +00:00
R.B. Boyer 6d76b137ba Check ACLs more often for xDS endpoints.
For established xDS gRPC streams recheck ACLs for each DiscoveryRequest
or DiscoveryResponse. If more than 5 minutes has elapsed since the last
ACL check, recheck even without an incoming DiscoveryRequest or
DiscoveryResponse. ACL failures will terminate the stream.
2019-01-22 11:12:40 -06:00
kaitlincarter-hc fd1c1a656b
Add acl.enable_key_list_policy to agent config docs. (#5227)
* Adding key list parameter to agent config docs.

* Fixed typo in master token section

* Updated based on comments from Paul and Matt.
2019-01-22 10:20:05 -06:00
Kyle Havlovitz 4f53fe897a
oss: add the enterprise server stub for intention replication check 2019-01-18 17:32:10 -08:00
R.B. Boyer b771c32361 Fix some test typos. 2019-01-18 16:12:43 -06:00
Matt Keeler da71aa9043
Update CHANGELOG.md 2019-01-18 12:45:51 -05:00
Matt Keeler 8e54856c46
Implement prepared query upstreams watching for envoy (#5224)
Fixes #4969 

This implements non-blocking request polling at the cache layer which is currently only used for prepared queries. Additionally this enables the proxycfg manager to poll prepared queries for use in envoy proxy upstreams.
2019-01-18 12:44:04 -05:00
Erik R. Rygg 3e75415d71
Merge pull request #5215 from hashicorp/deployment_guide_updates
Include information about multi-dc Connect
2019-01-17 19:39:41 -07:00
John Cowen 5eb5065f70
UI: Text change and clarity Node Health > Health Checks (#5115)
Text change Node Health > Health Checks
Also adds an info icon and tooltip to Health Checks column header
2019-01-17 09:20:00 +00:00
Jihoon Chung 788bf610ae ui: Fix typo in acl-migration guide link (#5135) 2019-01-17 09:03:23 +00:00