Commit Graph

12725 Commits

Author SHA1 Message Date
R.B. Boyer 69af49441a
agent: allow the /v1/connect/intentions/match endpoint to use the agent cache (#8875)
This is the recommended proxy integration API for listing intentions
which should not require an active connection to the servers to resolve
after the initial cache filling.
2020-10-08 14:51:53 -05:00
hashicorp-ci 143bfb7462 auto-updated agent/uiserver/bindata_assetfs.go from commit 13dfde75a 2020-10-08 19:36:48 +00:00
John Cowen 4083af3ced
ui: Workaround FF and/or ember problem, trying to set a value="" (#8884) 2020-10-08 20:32:27 +01:00
John Cowen 6ab78805cb
ui: Fix up positioning of subpage loader animation (#8879) 2020-10-08 20:32:16 +01:00
Mike Morris 4ae98cde2b
chore: update raft to v1.2.0 (#8822) 2020-10-08 15:07:10 -04:00
Matt Keeler 141eb60f06
Add per-agent reconnect timeouts (#8781)
This allows for client agent to be run in a more stateless manner where they may be abruptly terminated and not expected to come back. If advertising a per-agent reconnect timeout using the advertise_reconnect_timeout configuration when that agent leaves, other agents will wait only that amount of time for the agent to come back before reaping it.

This has the advantageous side effect of causing servers to deregister the node/services/checks for that agent sooner than if the global reconnect_timeout was used.
2020-10-08 15:02:19 -04:00
Paul Banks 8dd0fb836c
Add UI metrics proxy (#8744)
* Fix merge conflicts

* Add /v1/internal/ui/metrics-proxy API endpoint that proxies to a configured metrics provider backend.
2020-10-08 18:04:06 +01:00
Paul Banks aa3f9e9b4f
Add support for serving additional metrics provider JS in the UI (#8743) 2020-10-08 18:03:13 +01:00
Mike Morris d7c476f812 chore(ci): remove docs-cherrypick autolabel
This label should never be auto-applied to prevent accidentally publishing docs intended for a major release early.
2020-10-08 12:50:03 -04:00
Paul Banks d9818ed1e0
Add /v1/internal/ui/metrics-proxy API endpoint that proxies to a configured metrics provider backend. 2020-10-08 17:32:29 +01:00
Paul Banks 42d5e75dc5
Fix merge conflicts 2020-10-08 17:31:36 +01:00
hashicorp-ci fdfa9c610c auto-updated agent/uiserver/bindata_assetfs.go from commit b373456c7 2020-10-08 15:56:05 +00:00
Kenia a49e749edf
ui: Add deny SVG lines with icons (#8846)
* Refactor and color SVG Lines based on intention permissions

* Create Icon component with L7 and Deny icon styling

* Reposition icons on the lines when the lines are redrawn

* Create service/intention-permissions helper

* Use service/intention-permissions helper to return allow or deny lines

* Upgrade consul-api-double to v5.3.5

* Update HasPermission attribute
2020-10-08 11:52:09 -04:00
Freddy de4af766f3
Support ingress gateways in mesh viz endpoint (#8864)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2020-10-08 09:47:09 -06:00
hashicorp-ci 75847b0f11 auto-updated agent/uiserver/bindata_assetfs.go from commit ef7b1f8a4 2020-10-08 15:41:40 +00:00
Kenia 712a2d33dc
ui: Add namespaces to downstream cards (#8873)
* Add nspace to downstream cards

* Remove portion of conditional
2020-10-08 11:38:03 -04:00
hashicorp-ci 448febe0be auto-updated agent/uiserver/bindata_assetfs.go from commit d849f025c 2020-10-08 15:08:16 +00:00
John Cowen b20f77748d
ui: L7 intentions improvements (#8851)
* Disable source as well as destination on editing

* Various visual/textual amends

* Make errors only appear once you've interacted with a field

* Move tests that involve selecting menus to a create form

* Revert fieldsets and checkboxes
2020-10-08 16:02:31 +01:00
John Cowen 09fbe303b2
ui: Use a custom request for nspace deletion (#8878)
* Turn repo.remove into a custom action to bypass ember-data deletion

* Don't show actions on a deleting nspace
2020-10-08 16:00:52 +01:00
Daniel Nephin 0b3f438703
Merge pull request #8841 from hashicorp/streaming/materialize-view-fix-service-unique-id
streaming: Use an ID that includes namespace to store services in the materialized view
2020-10-07 21:28:53 -04:00
Daniel Nephin a94fe054f0
Merge pull request #8809 from hashicorp/streaming/materialize-view
Add StreamingHealthServices cache-type
2020-10-07 21:26:38 -04:00
Daniel Nephin e0236b5a9f
Merge pull request #8818 from hashicorp/streaming/add-subscribe-service-batch-events
stream: handle batch events as a special case of Event
2020-10-07 21:25:32 -04:00
Daniel Nephin 783627aeef
Merge pull request #8768 from hashicorp/streaming/add-subscribe-service
subscribe: add subscribe service for streaming change events
2020-10-07 21:24:03 -04:00
Freddy 7d1f50d2e6
Return intention info in svc topology endpoint (#8853) 2020-10-07 18:35:34 -06:00
Daniel Nephin eb6f2a8d72 structs: add CheckServiceNode.CanRead
And use it from the subscribe endpoint.
2020-10-07 18:15:13 -04:00
Mike Morris 80aef1ca1d
test(vault): generate test coverage and upload to CodeCov (#8870) 2020-10-07 16:32:25 -04:00
R.B. Boyer eb23a7d5dd
add testrpc.WaitForServiceIntentions to help unflake tests that manipulate intentions (#8867) 2020-10-07 14:20:25 -05:00
R.B. Boyer 140c88a9f4
api: unflake some intention-related api tests (#8857) 2020-10-07 13:32:53 -05:00
Jono Sosulska b596538397
Turns PR labeler to only trigger on create (#8838) 2020-10-07 13:45:17 -04:00
Mike Morris 1d4f3166fb
chore(deps): update gopsutil to v2.20.9 (#8843)
* core(deps): bump golang.org/x/sys

To resolve /go/pkg/mod/github.com/shirou/gopsutil@v2.20.9+incompatible/host/host_bsd.go:20:13: undefined: unix.SysctlTimeval

* chore(deps): make update-vendor
2020-10-07 12:57:18 -04:00
R.B. Boyer 7d18407e6a
command: remove conditional envoy bootstrap generation for versions <=1.10.0 since those are not supported (#8855) 2020-10-07 10:53:23 -05:00
R.B. Boyer d257b49601 add missing changelog entry for #8839 2020-10-07 10:22:40 -05:00
hashicorp-ci 7af06157eb auto-updated agent/uiserver/bindata_assetfs.go from commit 0d0de4309 2020-10-07 14:13:29 +00:00
John Cowen 8b0ed0ff01
ui: Change query param name for service instance listing from nspace to ns (#8852) 2020-10-07 15:08:13 +01:00
hashicorp-ci 50efe14f3e auto-updated agent/uiserver/bindata_assetfs.go from commit a61b6c53d 2020-10-07 13:50:39 +00:00
John Cowen b33a01f8dd
ui: Move node listing copy button to the detail rather than the title (#8850) 2020-10-07 14:45:52 +01:00
hashicorp-ci a7a30d8f5d auto-updated agent/uiserver/bindata_assetfs.go from commit 222555c4c 2020-10-07 08:09:54 +00:00
John Cowen ccf0e257ea
ui: Fix up Service filtering by whether a Service is in the mesh or not in the mesh (#8836)
* Add MeshEnabled, InMesh properties and add Proxy back in

* Change query param to in-mesh/not-in-mesh

* Use new computed properties
2020-10-07 09:04:55 +01:00
R.B. Boyer 35c4efd220
connect: support defining intentions using layer 7 criteria (#8839)
Extend Consul’s intentions model to allow for request-based access control enforcement for HTTP-like protocols in addition to the existing connection-based enforcement for unspecified protocols (e.g. tcp).
2020-10-06 17:09:13 -05:00
Pierre Souchay a12056f57c Added changelog for merged PR #8221 2020-10-06 17:15:33 -04:00
Daniel Nephin dbfa6530f1 streaming: store services with a unique ID that includes namespace 2020-10-06 16:54:56 -04:00
Daniel Nephin 9ace9a5d2e proto: add Namespace to EnterpriseMeta
By adding Namespace to the OSS EnterpriseMeta we reduce the differences between OSS and Enterprise
which simplifies the code quite a bit.
2020-10-06 16:42:09 -04:00
Mike Morris 5d273bd910 Update CHANGELOG.md 2020-10-06 16:27:38 -04:00
Alvin Huang b2a66b7426
add ui test-node (#8820) 2020-10-06 15:58:12 -04:00
R.B. Boyer d6dce2332a
connect: intentions are now managed as a new config entry kind "service-intentions" (#8834)
- Upgrade the ConfigEntry.ListAll RPC to be kind-aware so that older
copies of consul will not see new config entries it doesn't understand
replicate down.

- Add shim conversion code so that the old API/CLI method of interacting
with intentions will continue to work so long as none of these are
edited via config entry endpoints. Almost all of the read-only APIs will
continue to function indefinitely.

- Add new APIs that operate on individual intentions without IDs so that
the UI doesn't need to implement CAS operations.

- Add a new serf feature flag indicating support for
intentions-as-config-entries.

- The old line-item intentions way of interacting with the state store
will transparently flip between the legacy memdb table and the config
entry representations so that readers will never see a hiccup during
migration where the results are incomplete. It uses a piece of system
metadata to control the flip.

- The primary datacenter will begin migrating intentions into config
entries on startup once all servers in the datacenter are on a version
of Consul with the intentions-as-config-entries feature flag. When it is
complete the old state store representations will be cleared. We also
record a piece of system metadata indicating this has occurred. We use
this metadata to skip ALL of this code the next time the leader starts
up.

- The secondary datacenters continue to run the old intentions
replicator until all servers in the secondary DC and primary DC support
intentions-as-config-entries (via serf flag). Once this condition it met
the old intentions replicator ceases.

- The secondary datacenters replicate the new config entries as they are
migrated in the primary. When they detect that the primary has zeroed
it's old state store table it waits until all config entries up to that
point are replicated and then zeroes its own copy of the old state store
table. We also record a piece of system metadata indicating this has
occurred. We use this metadata to skip ALL of this code the next time
the leader starts up.
2020-10-06 13:24:05 -05:00
Daniel Nephin 83401194ab streaming: improve godoc for cache-type
And fix a bug where any error that implemented the temporary interface was considered
a temporary error, even when the method would return false.
2020-10-06 13:52:02 -04:00
Daniel Nephin bda19cb71e submatview: remove notifyUpdateLocked from reset
This call appears to only be necessary because reset() was called from
NewMaterializer.

This commit has the constructor set a default value for updateCh, and
removes both the call to reset() from New(), and the call to
notifyUpdateLocked() from reset().

This should ensure that we do not notify the Fetch() call before we have new
values to report.
2020-10-06 13:22:02 -04:00
Daniel Nephin e5813bd9d6 submatview: remove method receiver from handlers 2020-10-06 13:22:02 -04:00
Daniel Nephin f857aef4a8 submatview: add a test for handling of NewSnapshotToFollow
Also add some godoc
Rename some vars and functions
Fix a data race in the new cache test for entry closing.
2020-10-06 13:22:02 -04:00
Daniel Nephin 58cf09247b submatview: refactor Materializer
Refactor of Materializer.Run
Use handlers to manage state in Materializer
Rename Materializer receiver
rename m.l to m.lock, and flip some conditionals to remove the negative.
Improve godoc, rename Deps, move resetErr, and pass err into notifyUpdate
Update for NewSnapshotToFollow events
Refactor to move context cancel out of Materializer
2020-10-06 13:22:02 -04:00