Commit graph

16560 commits

Author SHA1 Message Date
Daniel Nephin 74dc9925cc Apply suggestions from code review
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-01-26 12:24:13 -05:00
Daniel Nephin 2c311161cc acl: extract a backend type for the ACLResolverBackend
This is a small step to isolate the functionality that is used for the
ACLResolver from the large Client and Server structs.
2022-01-26 12:24:10 -05:00
trujillo-adam 93a514595c added GWclass and GWClassConfig 2022-01-26 09:23:10 -08:00
Daniel Nephin e0084abe8e contrib: add CA manager states diagram 2022-01-26 12:14:29 -05:00
Dhia Ayachi 724248e339 fix typo and add a TODO section for the remaining stuff 2022-01-26 12:14:29 -05:00
Dhia Ayachi 8e93c6ae1e Add sequence diagram for leader boot sequence 2022-01-26 12:14:29 -05:00
Dhia Ayachi d826afffe6 fix types and add reference to mesh and auto_config docs 2022-01-26 12:14:29 -05:00
Daniel Nephin 974f1604bf contrib: add CA operations 2022-01-26 12:14:29 -05:00
Daniel Nephin dfedb5a97f contrib: add description of cert relationship diagram
And links to code
2022-01-26 12:14:29 -05:00
Dhia Ayachi 50618d95e2 add HL diagram on the ca generation sequence 2022-01-26 12:14:29 -05:00
Daniel Nephin e26c9f46ab contrib: add first draft of Connect CA developer docs
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2022-01-26 12:14:29 -05:00
Matt Keeler 4198c09c47
Update telemetry page with advice for monitoring boltdb performance (#12141)
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-01-26 11:51:19 -05:00
Blake Covarrubias ea0d3d8d05
docs: Add ingress TLS cipher and version documentation (#12163)
Document the new TLS cipher and version parameters that were added to
ingress gateways in #11576.

Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2022-01-26 08:12:12 -08:00
David Yu ad376d8478
docs: Service Sync clarify requirements when using Service Mesh (#12177)
* docs: Service Sync clarify requirements when using Service Mesh

* replace with relative link
2022-01-25 15:02:19 -08:00
modrake 80194bfe8e
Merge pull request #12178 from hashicorp/RDX-205-add-netcgo-for-darwin-builds
RDX-205 add netcgo tag for darwin builds
2022-01-25 14:10:02 -08:00
R.B. Boyer b999b3edfc
xds: fix for delta xDS reconnect bug in LDS/CDS (#12174)
When a wildcard xDS type (LDS/CDS/SRDS) reconnects from a delta xDS stream,
prior to envoy `1.19.0` it would populate the `ResourceNamesSubscribe` field
with the full list of currently subscribed items, instead of simply omitting it
to infer that it wanted everything (which is what wildcard mode means).

This upstream issue was filed in envoyproxy/envoy#16063 and fixed in
envoyproxy/envoy#16153 which went out in Envoy `1.19.0` and is fixed in later
versions (later refactored in envoyproxy/envoy#16855).

This PR conditionally forces LDS/CDS to be wildcard-only even when the
connected Envoy requests a non-wildcard subscription, but only does so on
versions prior to `1.19.0`, as we should not need to do this on later versions.

This fixes the failure case as described here: #11833 (comment)

Co-authored-by: Huan Wang <fredwanghuan@gmail.com>
2022-01-25 11:24:27 -06:00
Chris S. Kim ece75a03e3
Remove incorrect usage of url.PathEscape (#12184)
When r.toHTTP is called, http.Request is built with the path
already escaped. This removes all calls to url.PathEscape that
would have led to double-escaped URLs.
2022-01-25 12:15:06 -05:00
Morgan Drake 11ef7d99bd add netcgo tag for darwin builds 2022-01-24 14:34:57 -08:00
Michele Degges 3aee25270c
Make systemd EnvironmentFile optional #12176 2022-01-24 12:47:43 -08:00
Michele Degges 300ce7b8e7 Adding changelog entry 2022-01-24 12:32:22 -08:00
Michele Degges bc776aa258 Don't kill service if envfile isn't present 2022-01-24 12:13:14 -08:00
Michele Degges 5447e0ecb2 Merge branch 'main' of github.com:hashicorp/consul 2022-01-24 12:12:33 -08:00
David Yu 6a27360203
docs: Admin Partitions K8s requirement update (#12173)
* docs: Admin Partitions K8s requirement update

* Update admin-partitions.mdx

* Update website/content/docs/enterprise/admin-partitions.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* extra space

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-24 09:04:02 -08:00
Michele Degges 97427f80b7
Add missing consul.env file for linux packaging (#12159) 2022-01-24 10:43:20 -05:00
mrspanishviking 14f6ee5aae
Merge pull request #11980 from krastin/krastin/docsday-ui-viz
adding JSON examples to /docs/connect/observability/ui-visualization
2022-01-24 08:42:46 -07:00
Krastin Krastev 1e550a4c3f fixing K8s notes placement in /docs/connect/observability/ui-visualization 2022-01-24 16:35:18 +01:00
Dao Thanh Tung 2a653efba9
Add api changes to agent endpoint for part 2 (#12150) 2022-01-24 10:23:08 -05:00
Krastin Krastev fcddb890c5 migrating <Tabs> to <CodeTabs> in /docs/connect/observability/ui-visualization 2022-01-24 16:10:03 +01:00
Daniel Nephin c1da07e2ea acl: remove calls to ResolveIdentityFromToken
We already have an ACLResolveResult, so we can get the accessor ID from
it.
2022-01-22 15:05:42 -05:00
Daniel Nephin ed1cc5f255 acl: remove ResolveTokenToIdentity
By exposing the AccessorID from the primary ResolveToken method we can
remove this duplication.
2022-01-22 14:47:59 -05:00
Daniel Nephin 26f0ebd96f acl: return a resposne from ResolveToken that includes the ACLIdentity
So that we can duplicate duplicate methods.
2022-01-22 14:33:09 -05:00
Daniel Nephin 314614f073 acl: remove duplicate methods
Now that ACLResolver is embedded we don't need ResolveTokenToIdentity on
Client and Server.

Moving ResolveTokenAndDefaultMeta to ACLResolver removes the duplicate
implementation.
2022-01-22 14:12:08 -05:00
Daniel Nephin 62c09b2d0a acl: embed ACLResolver in Client and Server
In preparation for removing duplicate resolve token methods.
2022-01-22 14:07:26 -05:00
David Yu d7418df51d
docs: 1.11.0 release notes (#12138)
* Work in Progress

* edit nav to show 1.11

* slight updates to release note content

* acl changes

* add details on bbolt

* first draft

* add more admin partition details

* revert package-lock.json

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* add sds change, and 1.10 change for tproxy

* Small changes

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/release-notes/1-11-0.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* adding Consul Service mesh term

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-21 15:46:02 -08:00
Peter M a2b839a838
Updated intro text
Jeff and I re-worded/expanded the text a bit here for the introduction section.
2022-01-21 16:14:45 -07:00
Michele Degges b7541e7698 Add missing consul.env file for linux packaging 2022-01-21 13:43:21 -08:00
Chris S. Kim d209de4230
Push bindata_assetfs.go to a non-protected branch (#12151) 2022-01-21 16:10:54 -05:00
Chris S. Kim 9ef448dedd
Generate bindata_assetfs.go (#12146) 2022-01-21 16:06:44 -05:00
R.B. Boyer 6472dcc1c0
update main to reflect it is v1.12.0-dev (#12157) 2022-01-21 15:03:11 -06:00
David Yu 0013727d80
docs: Vault Secrets Backend K8s, remove code tabs (#12156)
* Update connect-ca.mdx

* Update gossip.mdx

* Update index.mdx

* Update server-tls.mdx
2022-01-21 11:28:38 -08:00
David Yu adf030a634
docs: Formatting Consul K8s Vault docs (#12148)
* Update index.mdx

* Update gossip.mdx

* Update install-cli.mdx

* Update gossip.mdx

* Update website/content/docs/k8s/installation/vault/gossip.mdx

Co-authored-by: Bryce Kalow <bkalow@hashicorp.com>

* fix MDX formatting

* local changes

* adding formatting changes

* Update website/content/docs/k8s/installation/vault/connect-ca.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* adding shell-session to service mesh certs

Co-authored-by: Bryce Kalow <bkalow@hashicorp.com>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-21 11:01:48 -08:00
John Cowen 8990d383e8
ui: Enable theming (#12134)
plus Themeable icons (#12135)
2022-01-21 12:19:03 +00:00
John Cowen 0446074ad7
ui: Tweak some code related meta information (#12117)
* ui: Correct some meta info

* Encoder doesn't take an argument whereas decoder does

* Math.trunc looks like the closest to parseInt but using the correct type

*  use a dynamic string when setting things on window
2022-01-21 11:42:48 +00:00
Evan Culver 28f49dc7bd
Provide an 'escape-hatch' for website-checker workflow (#11882) 2022-01-20 18:34:01 -08:00
Ashwin Venkatesh fb04a28140
Add support for 'Partition' and 'RetryJoin' (#12126)
- Adding a 'Partition' and 'RetryJoin' command allows test cases where
  one would like to spin up a Consul Agent in a non-default partition to
test use-cases that are common when enabling Admin Partition on
Kubernetes.
2022-01-20 16:49:36 -05:00
R.B. Boyer acef0e816e
docs: update config entry docs for proxy-defaults to follow new template (#12011) 2022-01-20 15:35:27 -06:00
Chris S. Kim 26c15ebe46
ci: Add explanation in forbidigo (#12140) 2022-01-20 13:07:10 -05:00
R.B. Boyer eae3df60d5
lint: forbid require.New and assert.New (#12139)
See #12137
2022-01-20 11:36:29 -06:00
R.B. Boyer a5296cb50d
Merge pull request #12137 from hashicorp/testify-no-structs
test: stop using require.New and assert.New from testify
2022-01-20 11:02:39 -06:00
Blake Covarrubias 9625e783f0
Merge pull request #12024 from hashicorp/docs/update-links-to-avoid-redirects
docs: Avoid redirects by pointing links to new URLs
2022-01-20 08:59:51 -08:00