Commit graph

7832 commits

Author SHA1 Message Date
Preetha Appan 84bd6dc5d1
cleanup unit test code a bit 2018-03-16 09:36:57 -05:00
Preetha 164fb3f48c
Merge pull request #3885 from eddsteel/support-options-requests
Support OPTIONS requests
2018-03-16 09:20:16 -05:00
Devin Canterberry 8a5df6ecc3
🎨 Formatting changes only; convert leading space to tabs 2018-03-15 10:30:38 -07:00
Devin Canterberry bd11f567c4
📝 Prefer brevity at the cost of some ambiguity 2018-03-15 10:25:27 -07:00
Devin Canterberry 2001b9f35f
Match expectation of TLSCipherSuites to values of tls_cipher_suites 2018-03-15 10:19:46 -07:00
Devin Canterberry 881d20c606
🐛 Formatting changes only; add missing trailing commas 2018-03-15 10:19:46 -07:00
Devin Canterberry ece32fce53
🔒 Update supported TLS cipher suites
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go).

> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
>  * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4)
>  * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/)
2018-03-15 10:19:46 -07:00
Devin Canterberry 23dfc483a0
⤵️ Merge from master; no conflicts 2018-03-15 09:13:01 -07:00
Jack Pearkes da7f8ab59d website: clarify where ACL token is set in the UI 2018-03-14 16:50:04 -07:00
Jack Pearkes 9a911bba0c website: add section on securing the UI with ACLs
Figured it would be worth documenting due to #3931.
2018-03-14 16:46:04 -07:00
Paul Banks e9218d031e
Call out the service-watch upgrade notice 2018-03-14 11:03:21 +00:00
Jack Pearkes e04a003d7a
Merge pull request #3884 from rberlind/master
Updated Stale Reads section of DNS Caching Guide
2018-03-13 16:56:58 -07:00
Jack Pearkes 7390fdcad1
Merge pull request #3952 from slopeinsb/patch-1
Update index.html.md
2018-03-13 16:07:10 -07:00
Jack Pearkes defd90b3da
Update CHANGELOG.md 2018-03-13 15:32:37 -07:00
Devin Canterberry 089ceff264
📝 Clarify the list of supported TLS cipher suites
Previously, the documentation linked to Golang's source code, which
can drift from the list of cipher suites supported by Consul. Consul
has a hard-coded mapping of string values to Golang cipher suites, so
this is a more direct source of truth to help users understand which
string values are accepted in the `tls_cipher_suites` configuration
value.
2018-03-13 09:25:03 -07:00
Preetha 8b41890cee
Merge pull request #3946 from hashicorp/je.fixes
Small Adjustments
2018-03-13 11:15:50 -05:00
randall thomson 24588fc479
Update index.html.md
update cli commands for consul 1.x
2018-03-09 09:46:37 -08:00
Pierre Souchay d9b59d1b3e Fixed minor typo (+ travis tests is unstable) 2018-03-09 18:42:13 +01:00
Pierre Souchay 871b9907cb Optimize size for SRV records, should improve performance a bit
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
Preetha Appan 75549ec960
Update CHANGELOG.md 2018-03-09 07:37:57 -06:00
Preetha 401215230c
Merge pull request #3940 from pierresouchay/dns_max_size
Allow to control the number of A/AAAA Record returned by DNS
2018-03-09 07:35:32 -06:00
Preetha 80bc8e1ff6
Some tweaks to the documentation for a_record_limit 2018-03-08 11:23:07 -06:00
Pierre Souchay 8545b998ff Updated documentation as requested by @preetapan 2018-03-08 18:02:40 +01:00
Pierre Souchay b0b243bf1b Fixed wrong format of debug msg in unit test 2018-03-08 00:36:17 +01:00
Pierre Souchay c3713dbbf1 Performance optimization for services having more than 2k records 2018-03-08 00:26:41 +01:00
Pierre Souchay 1085d5a7b4 Avoid issue with compression of DNS messages causing overflow 2018-03-07 23:33:41 +01:00
Pierre Souchay 241c7e5f5f Cleaner Unit tests from suggestions from @preetapan 2018-03-07 18:24:41 +01:00
Pierre Souchay b672707552 64000 max limit to DNS messages since there is overhead
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
Pierre Souchay 06afb4d02c [BUGFIX] do not break when TCP DNS answer exceeds 64k
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).

Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
Jeff Escalante 41d6a3762c update to latest middleman-hashicorp
this includes minor text fixes for the universal nav
2018-03-06 16:37:58 -05:00
Jeff Escalante b4dce65d45 First instance of 'Consul' on homepage -> 'HashiCorp Consul' 2018-03-06 16:37:47 -05:00
Mitchell Hashimoto 734f50b7a7
Merge pull request #3944 from hashicorp/f-testify
agent/consul/fsm: begin using testify/assert
2018-03-06 09:55:31 -08:00
Mitchell Hashimoto fbac58280e
agent/consul/fsm: begin using testify/assert 2018-03-06 09:48:15 -08:00
Pierre Souchay 09970479b5 Allow to control the number of A/AAAA Record returned by DNS
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.

It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937

See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.

It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.

The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Edd Steel 413cb3d3b5
Re-use defined endpoints for tests 2018-03-03 11:19:18 -08:00
Sergei Ryabkov 4e0d229191
Highlighting the dead link
I am proposing to remove a dead link (https://atlas.hashicorp.com/help/consul/alternatives). If the page has moved and the new location is known, it would be of course better to update the link.
2018-03-02 18:22:19 -05:00
Paul Banks 5a9a794531
Merge pull request #3928 from hashicorp/service-token-docs
Notes on ACL token storage and permissions
2018-03-02 16:28:56 +00:00
Paul Banks d4bce06637
Update CHANGELOG.md 2018-03-02 16:27:48 +00:00
Paul Banks 628dcc9793
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index
Services Indexes modified per service instead of using a global Index
2018-03-02 16:24:43 +00:00
Paul Banks 34fe6f17e2
Notes on ACL token storage and permissions 2018-03-02 16:22:12 +00:00
Paul Banks 37e7e6e7a1
Notes on ACL token storage and permissions 2018-03-02 16:20:11 +00:00
Brian Shumate de25aa17ee Clarify encrypt key for WAN joined DCs 2018-03-02 10:41:09 -05:00
Pierre Souchay df285ec384 Better information and advices for upgrade to 1.0.7+ 2018-03-02 09:08:00 +01:00
Pierre Souchay 85b73f8163 Simplified error handling for maxIndexForService
* added unit tests to ensure service index is properly garbage collected
* added Upgrade from Version 1.0.6 to higher section in documentation
2018-03-01 14:09:36 +01:00
Paul Banks be4fa97fda
Update CHANGELOG.md 2018-02-28 13:26:08 +00:00
Jack Pearkes 7a65f9fbeb
Merge pull request #3922 from hashicorp/docs-fix-two-dc-links
website: override automatic linking of list items for softlayer dc
2018-02-27 12:09:34 -08:00
Jack Pearkes 39ed02cf0c website: override automatic linking of list items for softlayer dc
This avoids a conflict with #datacenter later on the page. We're mixing
histroic manually specified anchors with generated anchors (via
redcarpet / middleman-hashicorp) so we have to manually override the
automatic generation here.

I was tempted to rewrite the old manual anchors to use the automatic
generation, but there is no way to maintain backwards compatibility,
so will leave that for a time when it is appropriate for us to break
links (or redirect them, etc).

Fixes #3916
2018-02-27 10:53:12 -08:00
Preetha a61cdf139e
Merge pull request #3914 from alvin-huang/fix_vendor
remove old pkgs and put deps of missing packages in vendor.json
2018-02-24 10:01:12 -06:00
Alvin Huang 6bc9f6844f remove old pkgs and put deps of missing packages in vendor.json 2018-02-23 17:08:24 -05:00
Paul Banks f8147805d9
Merge pull request #3903 from hashicorp/build-fixes
[WIP] Attempt to find some low-hanging fruit for CI failures
2018-02-23 13:12:45 +00:00