Commit graph

6427 commits

Author SHA1 Message Date
Frank Schroeder 0c3534cbf7 agent: use http.StatusNotFound instead of 404 2017-08-23 22:36:23 +02:00
Frank Schroeder 970a7f97ec agent: use http.StatusForbidden instead of 403 2017-08-23 22:36:23 +02:00
Frank Schroeder 2e586be5aa agent: use http.StatusUnauthorized instead of 401 2017-08-23 22:36:23 +02:00
Frank Schroeder 923f8e2364 agent: use http.StatusBadRequest instead of 400 2017-08-23 22:36:23 +02:00
Frank Schroeder 0e246054ef doc: document cloud auto-joining for retry-join-wan 2017-08-23 21:23:34 +02:00
Frank Schroeder a32eab5923 agent: support go-discover retry-join for wan 2017-08-23 21:23:34 +02:00
Frank Schroeder 509e667f94 vendor: upgrade github.com/hashicorp/go-discover
Pull in improved debug logging for AWS
2017-08-23 21:23:34 +02:00
Frank Schroeder a99f9f8778
doc: fix operator keyring delete method 2017-08-23 17:20:10 +02:00
Frank Schröder 44e6b8122d acl: consolidate error handling (#3401)
The error handling of the ACL code relies on the presence of certain
magic error messages. Since the error values are sent via RPC between
older and newer consul agents we cannot just replace the magic values
with typed errors and switch to type checks since this would break
compatibility with older clients.

Therefore, this patch moves all magic ACL error messages into the acl
package and provides default error values and helper functions which
determine the type of error.
2017-08-23 16:52:48 +02:00
James Phillips 828dec4df6 Update CHANGELOG.md 2017-08-21 15:31:40 -07:00
James Phillips 586dc3c7f4 Update CHANGELOG.md 2017-08-21 15:31:24 -07:00
Frank Schroeder d9e2a51887 agent: drop unused code
This code from http://github.com/hashicorp/consul/pull/3353 is no longer
required.
2017-08-22 00:02:46 +02:00
Frank Schroeder 4bfcf7b613 dns: replace nameserver lookup with consistent rpc call
This patch replaces the code which determines the list of servers in the
current cluster with an RPC call to get the list of active consul
service instances which only run on servers.

This replaces the previous implementation which was more complex and
relied on serf messages which can provide a different view than the
consistent response from the raft log.

As a side effect it makes the implementation independent of the server
and the agent which means it works consistently across both. Different
behavior for server and agent was the root cause for the bug in
http://github.com/hashicorp/consul/issue/3047.

Fixes #3407
2017-08-22 00:02:46 +02:00
Frank Schroeder 8e1f9b9b68 dns: split node lookup from request handling 2017-08-22 00:02:46 +02:00
Frank Schroeder db8ad8922e dns: refactor label by unrolling loop 2017-08-22 00:02:46 +02:00
Frank Schroeder c35206db07 dns: move ttl closer to usage 2017-08-22 00:02:46 +02:00
Preetha Appan e1181e3dac Update CHANGELOG.md 2017-08-18 11:22:35 -05:00
preetapan b098b074e4 Merge pull request #3395 from Illirgway/patch-1
Fix bug with unused (replaced with "") CONSUL_HTTP_AUTH in some places

This fixes #3392
2017-08-18 11:18:24 -05:00
preetapan f20ddcba4e Merge pull request #3404 from zevin/master
Added configuration instructions for forwarding DNS queries from Unbound
2017-08-18 10:29:39 -05:00
Kevin Bidwell 8a53f556f9 Added configuration instructions for forwarding DNS queries from Unbound to consul. 2017-08-18 08:45:43 -06:00
Preetha Appan 040f8ae775 Update serf to pick up fixes for fsyncing snapshots and panic when coordinates are disabled 2017-08-17 16:35:06 -05:00
Frank Schroeder 10491407d5
doc: update check example for agent api call 2017-08-16 18:24:28 +02:00
Frank Schröder a895d3b832 doc: add method and header to agent API docs for HTTP checks (#3400) 2017-08-16 18:18:46 +02:00
Preetha Appan 9419cecb1d Update CHANGELOG.md 2017-08-16 09:39:10 -05:00
preetapan 327292d809 Merge pull request #3396 from hashicorp/memberlist_deadlock
Update memberlist for a deadlock fix
2017-08-15 18:08:40 -05:00
Preetha Appan 40d6e1fbc7 Update memberlist for a deadlock fix 2017-08-15 18:07:28 -05:00
Illirgway 46915108e7 Fix bug with unused (replaced with "") CONSUL_HTTP_AUTH in some places
example: https://github.com/hashicorp/consul/blob/master/watch/plan.go#L26

	conf := consulapi.DefaultConfig()
	conf.Address = address
	conf.Datacenter = p.Datacenter
	conf.Token = p.Token                             # <-- replace Token from DefaultConfig/CONSUL_HTTP_AUTH with ""
	client, err := consulapi.NewClient(conf)

how to reproduce bug:
0. consul -> localhost:8500 with more than 0 service checks
1. deny all for anonymous token
2. create appropriate acl <token> for watch checks (agent:read + node:read,service:read)
3. bash:
CONSUL_HTTP_AUTH=<token> consul watch -http-addr=localhost:8500 -type=checks # --> return []
consul watch -http-addr=localhost:8500 -type=checks -token=<token> # -> return { .... right json result .... }
2017-08-16 01:51:18 +03:00
Frank Schröder fd4bf4070e doc: retry_join is a string array (#3388) 2017-08-10 09:58:26 +02:00
wuxin 792a535c87 fix command/kv_import.go help text (#3387) 2017-08-10 09:17:37 +02:00
James Phillips 48b1afeb26 Removes partial details in the retry_join config file section. (#3386) 2017-08-09 21:27:17 -07:00
Seth Vargo b6f4df4b03 Document the new auto-join in the config and CLI (#3381)
* Document the new auto-join in the config and CLI
* Mention and example DNS
2017-08-09 21:14:56 -07:00
James Phillips 843acdaa9b Adds a note about the 429 response code. 2017-08-09 20:10:44 -07:00
James Phillips b465b8d56e Merge pull request #3385 from hashicorp/issue-3376
Switches to using a read lock for the agent's RPC dispatcher.
2017-08-09 18:53:06 -07:00
James Phillips 738ac55d96
Switches to using a read lock for the agent's RPC dispatcher.
This prevents RPC calls from getting serialized in this spot.

Fixes #3376
2017-08-09 18:51:55 -07:00
James Phillips b967ff2fbb
Puts tree in 0.9.3 dev mode. 2017-08-09 18:33:57 -07:00
James Phillips 359f48137e
Bumps website version to 0.9.2. 2017-08-09 18:02:05 -07:00
James Phillips 4af073231b
Release v0.9.2 2017-08-09 17:46:41 -07:00
James Phillips 00986f8b43
Puts the tree in 0.9.2 release mode. 2017-08-09 17:36:35 -07:00
James Phillips a92a236be3 Update CHANGELOG.md 2017-08-09 16:19:36 -07:00
Frank Schröder 32d4eecc1a agent: honor deprecated flags for retry-join-{ec2,azure,gce} (#3384) 2017-08-09 16:18:30 -07:00
James Phillips 075013e700 Update CHANGELOG.md 2017-08-09 15:30:52 -07:00
James Phillips 4d56016cd5 Merge pull request #3383 from hashicorp/revert-3340-issue_2637
Revert "Return 403 rather than a 404 when acls cause all results to be filter…"
2017-08-09 15:07:10 -07:00
James Phillips 3518e27a76 Revert "Return 403 rather than a 404 when acls cause all results to be filter…" 2017-08-09 15:06:57 -07:00
James Phillips bdf12bf338 Merge pull request #3382 from hashicorp/revert-3380-fix_acls
Revert "Ensure that we return a permission denied only if the list of keys/en…"
2017-08-09 15:06:34 -07:00
James Phillips 91205b2cd6 Revert "Ensure that we return a permission denied only if the list of keys/en…" 2017-08-09 15:06:20 -07:00
preetapan 65c45e16c3 Merge pull request #3380 from hashicorp/fix_acls
Ensure that we return a permission denied only if the list of keys/en…
2017-08-09 15:51:10 -05:00
Preetha Appan 121326161e Added unit test case to kvs_endpointtest 2017-08-09 15:50:22 -05:00
Preetha Appan d06002dc62 Ensure that we return a permission denied only if the list of keys/entries prior to filtering by ACL is non empty 2017-08-09 15:32:18 -05:00
James Phillips 001f3dbd39 Merge pull request #3377 from hashicorp/refactor-pkgs
Refactor packages
2017-08-09 11:50:44 -07:00
Preetha Appan 00a5eb9071 Add note about configuring recursors to be able to resolve external services. 2017-08-09 11:13:30 -05:00