Commit Graph

15218 Commits

Author SHA1 Message Date
Freddy a357f96d26
Sync partitions support in api module (#10938) 2021-08-26 18:40:34 -06:00
Evan Culver 93f94ac24f
rpc: authorize raft requests (#10925) 2021-08-26 15:04:32 -07:00
hc-github-team-consul-core a758581ab6 auto-updated agent/uiserver/bindata_assetfs.go from commit eeeb91bea 2021-08-26 18:13:08 +00:00
Kenia 92c43f9ea3
ui: Hide all metrics for ingress gateway services (#10858) 2021-08-26 14:08:31 -04:00
Chris S. Kim 86de20c975
ent->oss test fix (#10926) 2021-08-26 14:06:49 -04:00
hc-github-team-consul-core 5c67517647 auto-updated agent/uiserver/bindata_assetfs.go from commit a907e1d87 2021-08-26 18:02:18 +00:00
Kenia 2d25de2291
ui: Add support in Topology view for Routing Configurations (#10872) 2021-08-26 13:58:06 -04:00
Pamela Bortnick ecad7352ed
Update social share image (#10920)
* Update social share image

* Update image for social share
2021-08-26 12:32:57 -04:00
hc-github-team-consul-core d9022ce788 auto-updated agent/uiserver/bindata_assetfs.go from commit a0b0ed2bc 2021-08-26 16:06:09 +00:00
John Cowen 7bda1874cc
ui: [BUGFIX] Add missing `@` to fix missing non-subset Failovers (#10913)
This commit fixes a problem where parent Failovers where not showing (subset children were fine).

Seems to have been introduced with a move/glimmer upgrade here #9154 so I'm adding a 1.9.x backport.
2021-08-26 17:01:26 +01:00
Freddy b5095b138f
Merge pull request #10911 from hashicorp/areas/update 2021-08-26 09:30:51 -06:00
Karl Cardenas 8eab6b65b7
docs: added information about a conflict when using auto_config and auto_encrypt 2021-08-25 21:25:18 -07:00
freddygv b11728466e Add changelog entry 2021-08-25 19:46:21 -06:00
freddygv 8772e2fbce Update yamux 2021-08-25 19:46:12 -06:00
sridhar bb9188bb45
Merge pull request #10673 from hashicorp/srikrishmurthy-patch-1
Updated a note in the ingress-gateway YAML that the ingress gateway name must match with what's configured in the helm chart
2021-08-25 17:35:00 -07:00
Chris S. Kim efbdf7e117
api: expose upstream routing configurations in topology view (#10811)
Some users are defining routing configurations that do not have associated services. This commit surfaces these configs in the topology visualization. Also fixes a minor internal bug with non-transparent proxy upstream/downstream references.
2021-08-25 15:20:32 -04:00
R.B. Boyer 6b5a58de50
acl: some acl authz refactors for nodes (#10909) 2021-08-25 13:43:11 -05:00
hc-github-team-consul-core c95ec5007d auto-updated agent/uiserver/bindata_assetfs.go from commit a777b0a9b 2021-08-25 13:46:51 +00:00
Kenia 82f52283c5
ui: Disabling policy form fields from users with 'read' permissions (#10902) 2021-08-25 09:42:05 -04:00
hc-github-team-consul-core 9b2dd8b155 auto-updated agent/uiserver/bindata_assetfs.go from commit 8192dde48 2021-08-25 11:39:14 +00:00
John Cowen 2c68cb2498
ui: Unskip auth-method serializer test (#10878)
During #9617 we added a list view only for AuthMethods, but not a detail view. We did add the Adapter/Serializer that collected/reshaped data for a detail view.

The test for this serializer was skipped here, but I'm not sure why.

We then added #9845 which began to use this AuthMethod Serializer, but we didn't go back to finish up the skipped test here either.

This PR unskips this test and finishes off the test correctly.
2021-08-25 12:34:48 +01:00
R.B. Boyer a84f5fa25d
grpc: ensure that streaming gRPC requests work over mesh gateway based wan federation (#10838)
Fixes #10796
2021-08-24 16:28:44 -05:00
trujillo-adam 7b4a7bcc38 removed merge conflict chars 2021-08-24 12:05:01 -07:00
trujillo-adam fd868af255 fixed merge conflicts 2021-08-24 11:46:27 -07:00
trujillo-adam 8e24c923fc Merge branch 'main' of github.com:hashicorp/consul into docs-tables-service-discovery-services 2021-08-24 11:26:32 -07:00
trujillo-adam 832a5e4067 fixed more typos, applied additional tables, additional edits 2021-08-24 11:15:33 -07:00
trujillo-adam 4f85b1082b fixed typos, finished applying tables, minor editing 2021-08-24 09:57:48 -07:00
hc-github-team-consul-core 6b574abc89 auto-updated agent/uiserver/bindata_assetfs.go from commit 05a28c311 2021-08-24 16:04:24 +00:00
John Cowen 0f49982cee
ui: [BUGFIX] Properly encode non-URL safe characters in OIDC responses (#10901)
This commit fixes 2 problems with our OIDC flow in the UI, the first is straightforwards, the second is relatively more in depth:

1: A typo (1.10.1 only)

During #10503 we injected our settings service into the our oidc-provider service, there are some comments in the PR as to the whys and wherefores for this change (https://github.com/hashicorp/consul/pull/10503/files#diff-aa2ffda6d0a966ba631c079fa3a5f60a2a1bdc7eed5b3a98ee7b5b682f1cb4c3R28)

Fixing the typo so it was no longer looking for an unknown service (repository/settings > settings)
fixed this.

2: URL encoding (1.9.x, 1.10.x)

TL;DR: /oidc/authorize/provider/with/slashes/code/with/slashes/status/with/slashes should be /oidc/authorize/provider%2Fwith%2Fslashes/code%2Fwith%2Fslashes/status%2Fwith%2Fslashes

When we receive our authorization response back from the OIDC 3rd party, we POST the code and status data from that response back to consul via acallback as part of the OIDC flow. From what I remember back when this feature was originally added, the method is a POST request to avoid folks putting secret-like things into API requests/URLs/query params that are more likely to be visible to the human eye, and POSTing is expected behaviour.

Additionally, in the UI we identify all external resources using unique resource identifiers. Our OIDC flow uses these resources and their identifiers to perform the OIDC flow using a declarative state machine. If any information in these identifiers uses non-URL-safe characters then these characters require URL encoding and we added a helper a while back to specifically help us to do this once we started using this for things that required URL encoding.

The final fix here make sure that we URL encode code and status before using them with one of our unique resource identifiers, just like we do with the majority of other places where we use these identifiers.
2021-08-24 16:58:45 +01:00
Nitya Dhanushkodi 59eab91d69
doc: remove sentence that tproxy works cross-DC with config entries. (#10885)
It can only work if there is a running service instance in the local DC,
so this is a bit misleading, since failover and redirects are typically
used when there is not an instance in the local DC.
2021-08-23 12:14:28 -07:00
trujillo-adam 7fce25fdbf
Update website/content/docs/discovery/services.mdx
Co-authored-by: Geoffrey Grosenbach <26+topfunky@users.noreply.github.com>
2021-08-23 11:09:43 -07:00
trujillo-adam 1bb21ab24e
Update website/content/docs/discovery/services.mdx
Co-authored-by: Geoffrey Grosenbach <26+topfunky@users.noreply.github.com>
2021-08-23 11:09:34 -07:00
Freddy b22312f923
Merge pull request #10873 from hashicorp/fix/10825-pq-san-validation 2021-08-20 18:11:17 -06:00
freddygv 79e181be73 Avoid passing zero value into variadic 2021-08-20 17:40:33 -06:00
freddygv ed79e38a36 Update comment for test function 2021-08-20 17:40:33 -06:00
freddygv 9c497bd93c Add changelog entry 2021-08-20 17:40:33 -06:00
freddygv b1050e4229 Update prepared query cluster SAN validation
Previously SAN validation for prepared queries was broken because we
validated against the name, namespace, and datacenter for prepared
queries.

However, prepared queries can target:

- Services with a name that isn't their own
- Services in multiple datacenters

This means that the SpiffeID to validate needs to be based on the
prepared query endpoints, and not the prepared query's upstream
definition.

This commit updates prepared query clusters to account for that.
2021-08-20 17:40:33 -06:00
freddygv 1f192eb7d9 Fixup proxy config test fixtures
- The TestNodeService helper created services with the fixed name "web",
and now that name is overridable.

- The discovery chain snapshot didn't have prepared query endpoints so
the endpoints tests were missing data for prepared queries
2021-08-20 17:38:57 -06:00
trujillo-adam 584ee9f10e testing markdown table format for ref docs 2021-08-20 13:41:03 -07:00
Daniel Nephin 7a2ff886a8 docs: move the remaining content from INTERNALS.md
Into the appropriate section of the docs.
2021-08-20 16:39:35 -04:00
Daniel Nephin 1b048b46b6 docs: add important top level directories to the README 2021-08-20 16:22:55 -04:00
R.B. Boyer 60591d55f7
agent: add partition labels to catalog API metrics where appropriate (#10890) 2021-08-20 15:09:39 -05:00
R.B. Boyer b6be94e7fa
fixing various bits of enterprise meta plumbing to be more correct (#10889) 2021-08-20 14:34:23 -05:00
Dhia Ayachi f766b6dff7
oss portion of ent #1069 (#10883) 2021-08-20 12:57:45 -04:00
Zachary Shilton 3d1f483a23
Upgrade global styles (#10692)
* website: upgrade global-styles packages

* website: move community page to CSS modules

* website: replace g-container with g-grid-container

* website: hide alert-banner on mobile

* website: backfill missing global type styles

* website: fix code font-size in download custom content

* website: bump to latest patched dependencies
2021-08-20 12:20:01 -04:00
R.B. Boyer d730298f59
state: partition the nodes.uuid and nodes.meta indexes as well (#10882) 2021-08-19 16:17:59 -05:00
R.B. Boyer 61f1c01b83
agent: ensure that most agent behavior correctly respects partition configuration (#10880) 2021-08-19 15:09:42 -05:00
Blake Covarrubias ef11e8bc92
docs: Add common CA config options to provider doc pages (#10842)
Add the list of common Connect CA configuration options to the
provider-specific CA docs.

Previously these options were only documented under the agent
configuration options. This change makes it so that all supported CA
provider configuration options are available from a single location.

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-08-19 11:18:55 -07:00
Mike Wickett 7af610ac8c
chore: update alert banner (#10816) 2021-08-18 16:39:16 -04:00
Daniel Nephin 17c9bac789
Merge pull request #10806 from hashicorp/dnephin/debug-filenames-2
debug: use human readable dates for filenames and improve the tests
2021-08-18 15:16:34 -04:00