Commit graph

11843 commits

Author SHA1 Message Date
Daniel Nephin 5f24171f13 ci: enable SA4006 staticcheck check
And fix the 'value not used' issues.

Many of these are not bugs, but a few are tests not checking errors, and
one appears to be a missed error in non-test code.
2020-06-16 13:10:11 -04:00
Matt Keeler ffc948383b
Update CHANGELOG.md 2020-06-16 12:59:50 -04:00
Matt Keeler 001d8383d6
Update CHANGELOG.md 2020-06-16 12:57:47 -04:00
Matt Keeler cdc4b20afa
ACL Node Identities (#7970)
A Node Identity is very similar to a service identity. Its main targeted use is to allow creating tokens for use by Consul agents that will grant the necessary permissions for all the typical agent operations (node registration, coordinate updates, anti-entropy).

Half of this commit is for golden file based tests of the acl token and role cli output. Another big updates was to refactor many of the tests in agent/consul/acl_endpoint_test.go to use the same style of tests and the same helpers. Besides being less boiler plate in the tests it also uses a common way of starting a test server with ACLs that should operate without any warnings regarding deprecated non-uuid master tokens etc.
2020-06-16 12:54:27 -04:00
David Yu 9b2c12bb0c
Small changes to Readme around Consul description (#8114)
Re-ordered features and revised Consul description.
2020-06-16 09:44:26 -07:00
Daniel Nephin dc84eed0f1
Merge pull request #7675 from hashicorp/dnephin/add-service
service_manager: small changes
2020-06-16 12:40:11 -04:00
Kenia 3946a48928
ui: Refactor detailed health checks to use more of the service/instance-checks helper (#8119) 2020-06-16 12:33:11 -04:00
Daniel Nephin bd866d694c agent/service_manager: remove 'updateCh' field from serviceConfigWatch
Passing the channel to the function which uses it significantly
reduces the scope of the variable, and makes its usage more explicit. It
also moves the initialization of the channel closer to where it is used.

Also includes a couple very small cleanups to remove a local var and
read the error from `ctx.Err()` directly instead of creating a channel
to check for an error.
2020-06-16 12:15:57 -04:00
Daniel Nephin 1c7fce73a8 agent/service_manager: remove 'defaults' field from serviceConfigWatch
This field was always read by the same function that populated the field,
so it does not need to be a field. Passing the value as an argument to
functions makes it more obvious where the value comes from, and also reduces
the scope of the variable significantly.
2020-06-16 12:15:52 -04:00
Daniel Nephin 93d7debbeb agent/service_manager: Pass ctx around
[The documentation for context](https://golang.org/pkg/context/)
recommends not storing context in a struct field:

> Do not store Contexts inside a struct type; instead, pass a Context
> explicitly to each function that needs it. The Context should be the
> first parameter, typically named ctx...

Sometimes there are good reasons to not follow this recommendation, but
in this case it seems easy enough to follow.

Also moved the ctx argument to be the first in one of the function calls
to follow the same recommendation.
2020-06-16 12:14:00 -04:00
Kenia 599551496f
ui: Add detailed Health Checks to Service Detail page (#8111) 2020-06-16 11:59:31 -04:00
John Cowen d2515ed409
ui: Move healthcheck ordering to use new comparators (#8096) 2020-06-16 14:13:29 +01:00
Hans Hasselberg 2162f8a4fa
Update CHANGELOG.md 2020-06-16 00:11:30 +02:00
David Yu de65e6300e
Switching service-route, service-resolver, service-splitter examples to CamelCase (#8107)
* Switching service-route example to CamelCase

* Switch service-resovler examples to CamelCase

* Changing service-splitter examples to CamelCase
2020-06-15 14:14:36 -07:00
Spencer Owen 9b7483c6df
docs: Fix ingress dns entry (#8072) 2020-06-15 15:15:33 -05:00
Daniel Nephin a117824ad5
Merge pull request #8106 from hashicorp/dnephin/hook-translate-keys-make-a-copy
decode: do not modify the source data in HookTranslateKeys
2020-06-15 14:48:33 -04:00
Daniel Nephin 13f564bdd4
Merge pull request #8074 from hashicorp/dnephin/remove-references-to-PatchSliceOfMaps
Update comments that reference PatchSliceOfMaps
2020-06-15 14:33:10 -04:00
Daniel Nephin 0fb5e53d14 decode: do not modify the source data in HookTranslateKeys
This was causing a 'fatal error: concurrent map iteration and map write' with gateways
2020-06-15 14:22:41 -04:00
Daniel Nephin 97808ce1d4
Merge pull request #8101 from hashicorp/dnephin/decode-hook-slice-interfaces
decode: recursively unslice opaque config
2020-06-15 13:33:55 -04:00
Daniel Nephin dad8f29d4e decode: Only recursively unslice when the target is an interface{} 2020-06-15 12:56:51 -04:00
Chris Piraino 0987b5e8b8
Update CHANGELOG.md 2020-06-15 11:01:12 -05:00
Matt Keeler 390be25b45
Update CHANGELOG.md 2020-06-15 11:03:07 -04:00
Matt Keeler 976f922abf
Make the Agent Cache more Context aware (#8092)
Blocking queries issues will still be uncancellable (that cannot be helped until we get rid of net/rpc). However this makes it so that if calling getWithIndex (like during a cache Notify go routine) we can cancell the outer routine. Previously it would keep issuing more blocking queries until the result state actually changed.
2020-06-15 11:01:25 -04:00
Daniel Nephin f613c919d2 decode: recursively unslice opaque config
Also handle []interface{} in HookWeakDecodeFromSlice

Without this change only the top level []map[string]interface{} will be
unpacked as a single item. With this change any nested config will be
unpacked.
2020-06-12 22:00:33 -04:00
Freddy 272b7aade4
Merge pull request #8099 from hashicorp/gateway-services-endpoint 2020-06-12 15:14:54 -06:00
freddygv f4179b400d Update telemetry for gateway-services endpoint 2020-06-12 14:44:36 -06:00
freddygv 51f8f76b3b Remove unused method and fixup docs ref 2020-06-12 13:47:43 -06:00
freddygv cc4ff3ae02 Fixup stray sid references 2020-06-12 13:47:43 -06:00
freddygv 26583e12ba Add docs 2020-06-12 13:47:43 -06:00
freddygv 1e7e716742 Move compound service names to use ServiceName type 2020-06-12 13:47:43 -06:00
freddygv 1cab73e609 Create HTTP endpoint 2020-06-12 13:46:47 -06:00
freddygv 806b1fb608 Move GatewayServices out of Internal 2020-06-12 13:46:47 -06:00
Freddy 66e2def461
Only pass one hostname via EDS and prefer healthy ones (#8084)
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

Currently when passing hostname clusters to Envoy, we set each service instance registered with Consul as an LbEndpoint for the cluster.

However, Envoy can only handle one per cluster:
[2020-06-04 18:32:34.094][1][warning][config] [source/common/config/grpc_subscription_impl.cc:87] gRPC config for type.googleapis.com/envoy.api.v2.Cluster rejected: Error adding/updating cluster(s) dc2.internal.ddd90499-9b47-91c5-4616-c0cbf0fc358a.consul: LOGICAL_DNS clusters must have a single locality_lb_endpoint and a single lb_endpoint, server.dc2.consul: LOGICAL_DNS clusters must have a single locality_lb_endpoint and a single lb_endpoint

Envoy is currently handling this gracefully by only picking one of the endpoints. However, we should avoid passing multiple to avoid these warning logs.

This PR:

* Ensures we only pass one endpoint, which is tied to one service instance.
* We prefer sending an endpoint which is marked as Healthy by Consul.
* If no endpoints are healthy we emit a warning and skip the cluster.
* If multiple unique hostnames are spread across service instances we emit a warning and let the user know which will be resolved.
2020-06-12 13:46:17 -06:00
John Cowen 79029404df
ui: Colocate pageobject components with their components (#8098) 2020-06-12 16:50:09 +01:00
Kenia 2afc032b24
ui: Add health check icon to Ingress Upstreams and add Tooltips in additional areas (#8091)
* Add Health Checks and update Tooltips in Ingress Upstreams

* Update Tooltip in Proxy Info tab Upstreams

* Add Tooltips to Proxy Info tab Exposed Paths

* Add Health Checks with Tooltips to Service List page
2020-06-12 09:35:52 -04:00
John Cowen c92e8ebc7c
ui: Ensure encoder.js polyfill is available (#8094) 2020-06-12 14:28:36 +01:00
John Cowen e22aee73a8
ui: Exclude any component/pageobject.js files from being included (#7978)
This excludes any /components/**/pageobject.js files from our production
builds which means we can co-locate all of our component page objects
(and selectors) along with the components themselves.
2020-06-12 13:06:59 +01:00
John Cowen 256695ac3e
ui: Upgrade consul-api-double to use intention response w/o old fields (#8089) 2020-06-12 09:51:07 +01:00
Chris Piraino cd93e0cd99
Allow users to set hosts to the wildcard specifier when TLS is disabled (#8083)
This allows easier demoing/testing of ingress gateways, while still
preserving the validation we have for DNSSANs
2020-06-11 10:03:06 -05:00
Hans Hasselberg f908fd0731
Adding 1.7.4 and 1.6.6 2020-06-11 00:01:49 +02:00
Hans Hasselberg 26494286c7
Support envoy 1.14.2, 1.13.2, 1.12.4 (#8057) 2020-06-10 23:20:17 +02:00
Chris Piraino cba863af84
Move ingress param to a new endpoint (#8081)
In discussion with team, it was pointed out that query parameters tend
to be filter mechanism, and that semantically the "/v1/health/connect"
endpoint should return "all healthy connect-enabled endpoints (e.g.
could be side car proxies or native instances) for this service so I can
connect with mTLS".

That does not fit an ingress gateway, so we remove the query parameter
and add a new endpoint "/v1/health/ingress" that semantically means
"all the healthy ingress gateway instances that I can connect to
to access this connect-enabled service without mTLS"
2020-06-10 13:07:15 -05:00
John Cowen 64ba8177e0
Merge pull request #8080 from hashicorp/ui-staging
ui: UI Release Merge (1.8-beta-3: ui-staging merge)
2020-06-10 17:40:22 +01:00
John Cowen 2dec484724
ui: Reduce discovery-chain log errors (#8065)
* ui: Reduce discovery-chain log spam

Currently the only way that the UI can know whether connect is enabled
or not is whether we get 500 errors from certain endpoints.

One of these endpoints we already use, so aswell as recovering from a
500 error, we also remember that connect is disabled for the rest of the
page 'session' (so until the page is refreshed), and make no further
http requests to the endpoint for that specific datacenter.

This means that log spam is reduced to only 1 log per page refresh/dc
instead of 1 log per service navigation.

Longer term we'll need some way to dynamically discover whether connect
is enabled per datacenter without relying on something that will add
error logs to consul.
2020-06-10 16:07:06 +01:00
Mike Wickett 61848c6187
Merge pull request #8076 from hashicorp/nq.basic-hero-tertiary-link-support
[Website] Support tertiary-styled third links
2020-06-10 10:47:40 -04:00
John Cowen 7c0db7f8b4
ui: remove sort-control component (#8077)
This was never actually used
2020-06-10 14:27:21 +01:00
Noel Quiles f696738875 Support tertiary-styled third links
Get the tertiary links to wrap below buttons

Adjust color/spacing of tertiary via override

Remove overrides, implement custom link

Extract arrow icon to file

Increase top margin for third link

Apply Brandon's fixes

Co-authored-by: Brandon Romano <BrandonRRomano@gmail.com>
2020-06-09 22:43:05 -07:00
Kyle Havlovitz ea720c0724
Merge pull request #8075 from hashicorp/expose-cli-testfix
Fix a CLI test failure with namespaces in enterprise
2020-06-09 15:25:45 -07:00
Kyle Havlovitz 11486ac2a1 Fix a CLI test failure with namespaces in enterprise 2020-06-09 15:13:23 -07:00
Daniel Nephin 0c23eaf943
Merge pull request #8071 from hashicorp/dnephin/update-vendor-2
Update google.golang.org/api and stretchr/testify
2020-06-09 17:56:03 -04:00