Commit graph

20024 commits

Author SHA1 Message Date
cskh 762a69cc42
Test: add noCleanup to TestServer stop (#16919) 2023-04-07 20:47:54 -04:00
Jared Kirschner 0eeb7f8b18
docs: improve upgrade path guidance (#16925) 2023-04-07 20:47:15 +00:00
John Eikenberry ff39dca2b4
highlight the agent.tls cert metric with CA ones
Include server agent certificate with list of cert metrics that need monitoring.
2023-04-07 20:41:14 +00:00
John Eikenberry 30d3a087dc
log warning about certificate expiring sooner and with more details
The old setting of 24 hours was not enough time to deal with an expiring certificates. This change ups it to 28 days OR 40% of the full cert duration, whichever is shorter. It also adds details to the log message to indicate which certificate it is logging about and a suggested action.
2023-04-07 20:38:07 +00:00
John Murret 7933543096
increase ENT runner size for xl to match OSS. have guild-distros use xl to match CircleCI (#16920) 2023-04-07 11:10:47 -06:00
John Murret dacc1dcbf9
ci: Add success jobs. make go-test-enterprise conditional. build-distros and go-tests trigger on push to main and release branches (#16905)
* Add go-tests-success job and make go-test-enterprise conditional

* fixing lint-32bit reference

* fixing reference to -go-test-troubleshoot

* add all jobs that fan out.

* fixing success job to need set up

* add echo to success job

* adding success jobs to build-artifacts, build-distros, and frontend.

* changing the name of the job in verify ci to be consistent with other workflows

* enable go-tests, build-distros, and verify-ci to run on merge to main and release branches because they currently do not with just the pull_request trigger
2023-04-06 16:29:32 -06:00
Eddie Rowe 7b1a90cdbe
Fix API GW broken link (#16885)
* Fix API GW broken link

* Update website/content/docs/api-gateway/upgrades.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-04-06 22:29:09 +00:00
Chris Thain f9126b6c3a
Wasm Envoy HTTP extension (#16877) 2023-04-06 14:12:07 -07:00
Semir Patel 2b0a5b52c2
Resource Delete endpoint (#16756) 2023-04-06 08:58:54 -05:00
Dan Upton 4e8ab7a390
Resource Write endpoint (#16786) 2023-04-06 10:40:04 +01:00
John Murret 4ee57c252a
temporarily disable macos-arm64 tests job in go-tests (#16898) 2023-04-05 17:10:31 -06:00
John Murret bfadfa52db
always test oss and conditionally test enterprise (#16827) 2023-04-05 16:49:48 -06:00
Dan Bond e61d49d87d
ci: fixes missing deps in frontend gha workflows (#16872)
Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-04-05 15:42:36 -07:00
Eddie Rowe a6bb103531
Omit false positives from 404 checker (#16881)
* Remove false positives from 404 checker

* fix remaining 404s
2023-04-05 17:58:29 +00:00
John Murret 008e1efddf
ad arm64 testing (#16876) 2023-04-05 09:58:00 -06:00
Dan Upton 52ce151221
Raft storage backend (#16619) 2023-04-04 17:30:06 +01:00
John Murret 33f6c3626b
ci: increase deep-copy and lint-enum jobs to use large runner as they hang in ENT (#16866)
* docs: add envoy to the proxycfg diagram (#16834)

* docs: add envoy to the proxycfg diagram

* increase dee-copy job to use large runner.  disable lint-enums on ENT

* set lint-enums to a large

* remove redunant installation of deep-copy

---------

Co-authored-by: cskh <hui.kang@hashicorp.com>
2023-04-04 09:15:45 -06:00
cskh 97c4424743
docs: add envoy to the proxycfg diagram (#16834)
* docs: add envoy to the proxycfg diagram
2023-04-04 09:42:42 -04:00
Dao Thanh Tung 013822dcac
Fix broken doc in consul-k8s upgrade (#16852)
Signed-off-by: dttung2905 <ttdao.2015@accountancy.smu.edu.sg>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-04-03 21:21:51 +00:00
John Eikenberry 3250e742ab
CA mesh CA expiration to it's own section
This is part of an effort to raise awareness that you need to monitor
your mesh CA if coming from an external source as you'll need to manage
the rotation.
2023-04-03 20:02:08 +00:00
Freddy 04e6e79b09
Allow dialer to re-establish terminated peering (#16776)
Currently, if an acceptor peer deletes a peering the dialer's peering
will eventually get to a "terminated" state. If the two clusters need to
be re-peered the acceptor will re-generate the token but the dialer will
encounter this error on the call to establish:

"failed to get addresses to dial peer: failed to refresh peer server
addresses, will continue to use initial addresses: there is no active
peering for "<<<ID>>>""

This is because in `exchangeSecret().GetDialAddresses()` we will get an
error if fetching addresses for an inactive peering. The peering shows
up as inactive at this point because of the existing terminated state.

Rather than checking whether a peering is active we can instead check
whether it was deleted. This way users do not need to delete terminated
peerings in the dialing cluster before re-establishing them.
2023-04-03 12:07:45 -06:00
Hariram Sankaran bef1aafbf9
Fix typo on cli-flags.mdx (#16843)
Change "segements" to segments
2023-04-03 10:28:18 -07:00
Michael Zalimeni 87eef7a4d0
Update changelog with patch releases (#16856)
* Update changelog with patch releases

* Backport missed 1.0.4 patch release to changelog
2023-04-03 13:05:36 -04:00
Chris S. Kim 8671448b73
Connect CA Primary Provider refactor (#16749)
* Rename Intermediate cert references to LeafSigningCert

Within the Consul CA subsystem, the term "Intermediate"
is confusing because the meaning changes depending on
provider and datacenter (primary vs secondary). For
example, when using the Consul CA the "ActiveIntermediate"
may return the root certificate in a primary datacenter.

At a high level, we are interested in knowing which
CA is responsible for signing leaf certs, regardless of
its position in a certificate chain. This rename makes
the intent clearer.

* Move provider state check earlier

* Remove calls to GenerateLeafSigningCert

GenerateLeafSigningCert (formerly known
as GenerateIntermediate) is vestigial in
non-Vault providers, as it simply returns
the root certificate in primary
datacenters.

By folding Vault's intermediate cert logic
into `GenerateRoot` we can encapsulate
the intermediate cert handling within
`newCARoot`.

* Move GenerateLeafSigningCert out of PrimaryProvidder

Now that the Vault Provider calls
GenerateLeafSigningCert within
GenerateRoot, we can remove the method
from all other providers that never
used it in a meaningful way.

* Add test for IntermediatePEM

* Rename GenerateRoot to GenerateCAChain

"Root" was being overloaded in the Consul CA
context, as different providers and configs
resulted in a single root certificate or
a chain originating from an external trusted
CA. Since the Vault provider also generates
intermediates, it seems more accurate to
call this a CAChain.
2023-04-03 11:40:33 -04:00
malizz f8d6cce902
add region field (#16825)
* add region field

* fix syntax error in test file

* go fmt

* go fmt

* remove test
2023-03-31 12:05:47 -07:00
Dan Bond 0d16aa934b
[NET-3029] Migrate dev-* jobs to GHA (#16792)
* ci: add build-artifacts workflow

Signed-off-by: Dan Bond <danbond@protonmail.com>

* makefile for gha dev-docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* use docker actions instead of make

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Add context

Signed-off-by: Dan Bond <danbond@protonmail.com>

* testing push

Signed-off-by: Dan Bond <danbond@protonmail.com>

* set short sha

Signed-off-by: Dan Bond <danbond@protonmail.com>

* upload to s3

Signed-off-by: Dan Bond <danbond@protonmail.com>

* rm s3 upload

Signed-off-by: Dan Bond <danbond@protonmail.com>

* use runner setup job

Signed-off-by: Dan Bond <danbond@protonmail.com>

* on push

Signed-off-by: Dan Bond <danbond@protonmail.com>

* testing

Signed-off-by: Dan Bond <danbond@protonmail.com>

* on pr

Signed-off-by: Dan Bond <danbond@protonmail.com>

* revert testing

Signed-off-by: Dan Bond <danbond@protonmail.com>

* OSS/ENT logic

Signed-off-by: Dan Bond <danbond@protonmail.com>

* add comments

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Update .github/workflows/build-artifacts.yml

Co-authored-by: John Murret <john.murret@hashicorp.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-03-31 19:02:40 +00:00
Eric Haberkorn beb9f17337
Add default resolvers to disco chains based on the default sameness group (#16837) 2023-03-31 14:35:56 -04:00
Derek Menteer ee59a81dc9
Add sameness-group to exported-services config entries (#16836)
This PR adds the sameness-group field to exported-service
config entries, which allows for services to be exported
to multiple destination partitions / peers easily.
2023-03-31 12:36:44 -05:00
Ronald 8973b2f09f
Remove UI brand-loader copyright headers as they do not render appropriately (#16835) 2023-03-31 11:29:19 -04:00
Dan Upton 37207b4e4c
storage: fix resource leak in Watch (#16817) 2023-03-31 13:24:19 +01:00
John Murret 1386ac3c63
updating command to reflect the additional package exclusions in CircleCI (#16829) 2023-03-30 21:39:34 -06:00
Jared Kirschner c547ff5c8d
docs: raise awareness of GH-16779 (#16823) 2023-03-30 17:23:19 -04:00
Nick Irvine d22d6d569f
port ENT upgrade tests flattening (#16824) 2023-03-30 13:07:16 -07:00
John Murret 60bf97bf80
ci: changes resulting from running on consul-enterprise (#16816)
* changes resulting from running on consul-enterprise

* removing comment line
2023-03-30 10:57:11 -06:00
Eric Haberkorn b97a3a17d8
add order by locality failover to Consul enterprise (#16791) 2023-03-30 10:08:38 -04:00
hashicorp-copywrite[bot] 899c5b11a5
[COMPLIANCE] Add Copyright and License Headers (#16807)
* [COMPLIANCE] Add Copyright and License Headers

* fix headers for generated files

* ignore dist folder

---------

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-03-29 16:57:51 +00:00
Nick Irvine c1ea13c243
port ENT ingress gateway upgrade tests [NET-2294] [NET-2296] (#16804) 2023-03-29 09:51:21 -07:00
Jeff Boruszak dee481062d
docs: Updates to support HCP Consul cluster peering release (#16774)
* New HCP Consul documentation section + links

* Establish cluster peering usage cross-link

* unrelated fix to backport to v1.15

* nav correction + fixes

* Tech specs fixes

* specifications for headers

* Tech specs fixes + alignments

* sprawl edits

* Tip -> note
2023-03-29 09:27:41 -07:00
Poonam Jadhav cad78f5839
fix: export ReadWriteRatesConfig struct as it needs to referenced from consul-k8s (#16766) 2023-03-29 09:54:59 -04:00
Ronald 71fb0a723e
Copyright headers for missing files/folders (#16708)
* copyright headers for agent folder
2023-03-28 18:48:58 -04:00
John Murret b5794c803f
Github Actions Migration - move go-tests workflows to GHA (#16761)
* go-tests workflow

* add test splitting to go-tests

* fix re-reun fails report path

* fix re-reun fails report path another place

* fixing tests for32bit and race

* use script file to generate runners

* fixing run path

* add checkout

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* passing runs-on

* setting up runs-on as a parameter to check-go-mod

* making on pull_request

* Update .github/scripts/rerun_fails_report.sh

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* make runs-on required

* removing go-version param that is not used.

* removing go-version param that is not used.

* Modify build-distros to use medium runners (#16773)

* go-tests workflow

* add test splitting to go-tests

* fix re-reun fails report path

* fix re-reun fails report path another place

* fixing tests for32bit and race

* use script file to generate runners

* fixing run path

* add checkout

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* passing runs-on

* setting up runs-on as a parameter to check-go-mod

* trying mediums

* adding in script

* fixing runs-on to be parameter

* fixing merge conflict

* changing to on push

* removing whitespace

* go-tests workflow

* add test splitting to go-tests

* fix re-reun fails report path

* fix re-reun fails report path another place

* fixing tests for32bit and race

* use script file to generate runners

* fixing run path

* add checkout

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* passing runs-on

* setting up runs-on as a parameter to check-go-mod

* changing back to on pull_request

---------

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Github Actions Migration - move verify-ci workflows to GHA (#16777)

* add verify-ci workflow

* adding comment and changing to on pull request.

* changing to pull_requests

* changing to pull_request

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* [NET-3029] Migrate frontend to GHA (#16731)

* changing set up to a small

* using consuls own custom runner pool.

---------

Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-03-28 15:29:27 -06:00
Ronald 24f91d9077
Add copyright headers for acl, api and bench folders (#16706)
* copyright headers for agent folder

* Ignore test data files

* fix proto files and remove headers in agent/uiserver folder

* ignore deep-copy files

* copyright headers for agent folder

* fix merge conflicts

* copyright headers for agent folder

* Ignore test data files

* fix proto files

* ignore agent/uiserver folder for now

* copyright headers for agent folder

* Add copyright headers for acl, api and bench folders
2023-03-28 16:12:41 -04:00
Ronald 7a5c8dc1eb
Copyright headers for command folder (#16705)
* copyright headers for agent folder

* Ignore test data files

* fix proto files and remove headers in agent/uiserver folder

* ignore deep-copy files

* copyright headers for agent folder

* Copyright headers for command folder

* fix merge conflicts
2023-03-28 15:12:30 -04:00
Ronald dd0e8eec14
copyright headers for agent folder (#16704)
* copyright headers for agent folder

* Ignore test data files

* fix proto files and remove headers in agent/uiserver folder

* ignore deep-copy files
2023-03-28 14:39:22 -04:00
John Maguire 09512ae32d
Update normalization of route refs (#16789)
* Use merge of enterprise meta's rather than new custom method

* Add merge logic for tcp routes

* Add changelog

* Normalize certificate refs on gateways

* Fix infinite call loop

* Explicitly call enterprise meta
2023-03-28 11:23:49 -04:00
Valeriia Ruban 648f16b4fc
add scripts for testing locally consul-ui-toolkit (#16794) 2023-03-27 17:00:59 -07:00
Michael Wilkerson baa1fd3cd6
changes to support new PQ enterprise fields (#16793) 2023-03-27 15:40:49 -07:00
Semir Patel bd4a01f38f
Resource service List(..) endpoint (#16753) 2023-03-27 16:25:27 -05:00
Dhia Ayachi 6da620159e
add ip rate limiter controller OSS parts (#16790) 2023-03-27 17:00:25 -04:00
Kyle Havlovitz 045f39ddd9
Allocate virtual ip for resolver/router/splitter config entries (#16760) 2023-03-27 13:04:24 -07:00