Commit graph

16558 commits

Author SHA1 Message Date
Daniel Nephin 6721c1246d ca: relax and move private key type/bit validation for vault
This commit makes two changes to the validation.

Previously we would call this validation in GenerateRoot, which happens
both on initialization (when a follower becomes leader), and when a
configuration is updated. We only want to do this validation during
config update so the logic was moved to the UpdateConfiguration
function.

Previously we would compare the config values against the actual cert.
This caused problems when the cert was created manually in Vault (not
created by Consul).  Now we compare the new config against the previous
config. Using a already created CA cert should never error now.

Adding the key bit and types to the config should only error when
the previous values were not the defaults.
2022-02-03 17:21:20 -05:00
Daniel Nephin 3b78f81f9a ca: small cleanup of TestConnectCAConfig_Vault_TriggerRotation_Fails
Before adding more test cases
2022-02-03 17:21:20 -05:00
David Yu 5b9bf6ec63
docs: formatting and update to consul-k8s 0.40.0 (#12256)
* docs: formatting and update to consul-k8s 0.40.0

* Update index.mdx

* Update index.mdx

* test indentation

* Update index.mdx

* formatting

* Update index.mdx

* Update index.mdx

* Update index.mdx

* Update index.mdx

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-03 08:12:47 -08:00
Jared Kirschner 442bb7f4c4
Merge pull request #10833 from jkirschner-hashicorp/improve-compile-from-source-docs
docs: improve compile from source docs
2022-02-03 11:05:46 -05:00
Daniel Nephin 7080e26c83 Replace build script with 'go build' 2022-02-03 07:19:57 -08:00
John Cowen fcacec90a5
ui: Change approach to loading debug.css (#12242)
We need a way to load certain CSS based on the environment you are viewing, i.e. we have debug CSS that we use for our Eng Documentation and various other DX utilities that shouldn't be compiled into our production or test builds.

Previously we would compile two entirely different CSS files (app and debug) and the load one or the other depending on which environment you were in.

This approach just empties out the debug.css file in certain environments (prod/test) which means we can just import that file from app. When in staging/development this imports the contents of debug.css (quite a bit of CSS) whereas when building for production/test this debug.css is emptied out during the build process.

There is a slight little hack in order to have this work, we import _debug.scss which imports the debug.scss file. I couldn't for the life of me figure out how to have broccoli empty out a file during the build process, so instead we essentially copy over debug.scss during dev and create an empty file during prod to _debug.scss.

When using make build to build an artifact for production CSS remains at ~58kb (during dev its a lot bigger than this)
2022-02-03 08:40:03 +00:00
Blake Covarrubias 4dcb6e8904 docs: Fix discrepancy with sidecar min/max port range
Remove incorrect sidecar port range on docs for built-in proxy.

Updates the bind_port/port fields on the built-in proxy and sidecar
service registration pages to link to the `sidecar_min_port` and
`sidecar_max_port` configuration options for the defined port range.

Fixes #12253
2022-02-02 20:12:00 -08:00
Daniel Nephin 5ab00d85e0
Merge pull request #11783 from hashicorp/dnephin/ca-vault-root-as-intermediate
ca: add a test that uses an intermediate CA as the primary CA
2022-02-02 16:05:59 -05:00
Jared Kirschner 14f1d14760
Merge pull request #11391 from hashicorp/add-changelog-creation-to-contributor-docs
Add changelog creation to contributor docs
2022-02-02 14:50:02 -05:00
Jared Kirschner 7dda1df00f Add changelog creation to contributor docs 2022-02-02 10:58:27 -08:00
Daniel Nephin 44f9229b96 ca: add a test that uses an intermediate CA as the primary CA
This test found a bug in the secondary. We were appending the root cert
to the PEM, but that cert was already appended. This was failing
validation in Vault here:
https://github.com/hashicorp/vault/blob/sdk/v0.3.0/sdk/helper/certutil/types.go#L329

Previously this worked because self signed certs have the same
SubjectKeyID and AuthorityKeyID. So having the same self-signed cert
repeated doesn't fail that check.

However with an intermediate that is not self-signed, those values are
different, and so we fail the check. A test I added in a previous commit
should show that this continues to work with self-signed root certs as
well.
2022-02-02 13:41:35 -05:00
Daniel Nephin 9d7bcdd6ee
Merge pull request #12250 from hashicorp/dnephin/acl-resolver-safer-identity
acl: un-embed ACLIdentity
2022-02-02 13:10:35 -05:00
Daniel Nephin d00a9abca2 acl: un-embed ACLIdentity
This is safer than embedding two interface because there are a number of
places where we check the concrete type. If we check the concrete type
on the top-level interface it will fail. So instead expose the
ACLIdentity from a method.
2022-02-02 12:07:31 -05:00
John Cowen 404523f7ea
ui: Alias all our Structure Icons to Flight Icons (#12209) 2022-02-02 13:24:47 +00:00
mrspanishviking 57cc86e30a
Merge pull request #12243 from gitrgoliveira/patch-1
Update redirect-traffic.mdx
2022-02-01 15:09:02 -07:00
mrspanishviking 83a2c9cc4c
Update website/content/commands/connect/redirect-traffic.mdx
Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
2022-02-01 15:08:23 -07:00
JG da1072da80
packaging: fix issues in pre/postremove scripts (#12147)
Fixes several issues with the pre/postremove scripts for both rpm and
deb packages. Specifically:

For postremove:
- the postremove script now functions correctly (i.e. restarts consul
  after a package upgrade) on rpm-based systems (where $1 is numeric
  rather than `purge` or `upgrade`)
- `systemctl daemon-reload` is called on package removal (rather than
  only on upgrade)
- calls `systemctl try-restart` instead of `systemctl restart`, which
  will only (re)start consul if it was already running when the upgrade
  happened.

For preremove:
- if the package is being completely uninstalled (rather than upgraded),
  stop consul before removing the package
2022-02-01 12:07:18 -08:00
John Cowen 01437e81ea
ui: attach-shadow modifier (#12207)
* ui: attach-shadow modifier
* ui: adopt-styles helper (#12208)
2022-02-01 19:48:57 +00:00
Daniel Nephin da3076fc89 docs: update install from source
GOPATH is not longer necessary as of Go1.11.

No additional tools are required, just Go.
2022-02-01 09:32:48 -08:00
Jared Kirschner 40e6a4ead2 docs: link from makefile to compile instructions
Some practitioners look to the makefile directly rather than to the consul
website for information on how to compile from source. Link to the website
instructions directly from the makefile so the practitioner can accomplish
their task successfully without a careful read of the makefile.
2022-02-01 09:32:48 -08:00
Jared Kirschner a1b024762b docs: show how to cross-compile from source 2022-02-01 09:32:47 -08:00
Ricardo Oliveira d2275abb1b
Update website/content/commands/connect/redirect-traffic.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-02-01 17:20:20 +00:00
Ricardo Oliveira cf32d8f61e
Update redirect-traffic.mdx 2022-02-01 17:10:49 +00:00
John Cowen 23d45f5ef5
ui: style-map helper (#12203) 2022-02-01 16:39:02 +00:00
John Cowen bcd841a2ed
ui: on-outside modifier (#12206) 2022-02-01 14:25:24 +00:00
David Yu aa9fe538b1
docs: slight formatting update and provide example with service mesh enabled (#12227)
* docs: slight formatting update and provide example with service mesh install

* add status

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update install.mdx

* Update install.mdx

* Update install.mdx

* Update install.mdx

* Update install.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-31 17:26:44 -08:00
Daniel Nephin 18ff00f985
Merge pull request #12167 from hashicorp/dnephin/acl-resolve-token-3
acl: rename ResolveTokenToIdentityAndAuthorizer to ResolveToken
2022-01-31 19:21:06 -05:00
Daniel Nephin ff64c13c3e
Merge pull request #12166 from hashicorp/dnephin/acl-resolve-token-2
acl: remove ResolveTokenToIdentity
2022-01-31 19:19:21 -05:00
Jared Kirschner 27437f03f6
Merge pull request #12232 from hashicorp/pcmccarron-press-kit
updating press kit link
2022-01-31 19:01:43 -05:00
Daniel Nephin aa4dbe2a17 acl: rename ResolveTokenToIdentityAndAuthorizer to ResolveToken
This change allows us to remove one of the last remaining duplicate
resolve token methods (Server.ResolveToken).

With this change we are down to only 2, where the second one also
handles setting the default EnterpriseMeta from the token.
2022-01-31 18:04:19 -05:00
Daniel Nephin 57eac90cae acl: remove unused methods on fakes, and add changelog
Also document the metric that was removed in a previous commit.
2022-01-31 17:53:53 -05:00
Peter M 9978a7cac8
updating to brand 2022-01-31 13:22:29 -07:00
Peter M 3d11274c36
Update website/components/footer/index.jsx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-01-31 13:21:19 -07:00
Peter M 1c27d08122
updating press kit link
pointing to the brand page instead of a zip file.
2022-01-31 11:44:17 -07:00
Daniel Nephin 1fb2d49826
Merge pull request #12165 from hashicorp/dnephin/acl-resolve-token
acl: remove some of the duplicate resolve token methods
2022-01-31 13:27:49 -05:00
David Yu d667e8576f
docs: Small changes to API Gateway docs (#12226)
* docs: Small changes to API Gateway docs

* Update api-gateway.mdx

* Update website/content/docs/api-gateway.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-31 09:00:20 -08:00
Mathew Estafanous 1113a7533c
Change error-handling across handlers. (#12225) 2022-01-31 11:17:35 -05:00
Thomas Eckert 8f33317819
Update Helm docs to reflect 0.40.0 release (#12224) 2022-01-28 21:57:04 -08:00
Luke Kysow 95a20d584f
Document new escape tag ability for k8s (#12175) 2022-01-28 21:44:42 -08:00
Fulvio eff69b484b
URL-encode/decode resource names for HTTP API part 4 (#12190) 2022-01-28 15:01:47 -05:00
Noel Quiles f7a1865b90
website: Add Demandbase tag to consent manager (#12197)
* chore: Add Demandbase tag to consent manager

* fix: Add services to manager options
2022-01-28 14:43:45 -05:00
mrspanishviking 933cd5addb
Merge pull request #12217 from hashicorp/odd_language
fixing a confusing sentence in network segments page
2022-01-28 07:29:12 -07:00
Dan Upton ebdda4848f
streaming: split event buffer by key (#12080) 2022-01-28 12:27:00 +00:00
Dan Upton a3c4b85cec
docs: add transparent proxy visual aid (#12211)
Co-authored-by: Paul Banks <banks@banksco.de>
2022-01-28 10:57:37 +00:00
Karl Cardenas ae1ddb19b2
fixing a confusing sentence in network segments page 2022-01-27 19:52:42 -07:00
trujillo-adam 93cff86480
Merge pull request #11951 from hashicorp/docs/api-gateway-beta
API gateway docs going live for beta
2022-01-27 13:38:08 -08:00
trujillo-adam 0b016e50fd added min supported kubectl 2022-01-27 13:31:03 -08:00
Iryna Shustava 0c8b82b29d
docs: Add annotations for consul-sidecar resource overrides (#12142) 2022-01-27 14:25:06 -07:00
trujillo-adam 8f9224369b more feedback about helm chart from Jeff 2022-01-27 13:02:21 -08:00
trujillo-adam f2404748d7 added link to tutorial 2022-01-27 12:21:19 -08:00