Commit Graph

14217 Commits

Author SHA1 Message Date
Kent 'picat' Gruber 7e9bcb06ca
Merge pull request #10030 from hashicorp/fix-ent-audit-log-bypass
Add synthetic enterprise entry for CVE-2021-28156
2021-04-14 20:08:51 -04:00
Kent 'picat' Gruber 78ce699787
Add component name to entry
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-04-14 19:41:04 -04:00
Kent 'picat' Gruber 2998db9cda
Merge pull request #10023 from hashicorp/fix-raw-kv-xss
Add content type headers to raw KV responses
2021-04-14 18:49:14 -04:00
Kent 'picat' Gruber 8f897ee341 Add synthetic enterprise entry for CVE-2021-28156 2021-04-14 18:45:49 -04:00
Daniel Nephin e17c82306a
Merge pull request #10025 from hashicorp/dnephin/fix-snapshot-auth-methods
snapshot: fix saving of auth methods
2021-04-14 17:18:35 -04:00
Daniel Nephin 2a10f01bf5 snapshot: fix saving of auth methods
Previously only a single auth method would be saved to the snapshot. This commit fixes the typo
and adds to the test, to show that all auth methods are now saved.
2021-04-14 16:51:21 -04:00
Kent 'picat' Gruber 6aed60655f Add security release-note changelog entry 2021-04-14 16:40:47 -04:00
Kent 'picat' Gruber debbf4a604 Add better security warning to docs about the content-type change 2021-04-14 16:36:40 -04:00
Kent 'picat' Gruber 992bf13166 Update KV docs to note new raw response content-type header 2021-04-14 16:21:03 -04:00
Kent 'picat' Gruber 91aefe50ab Add content type headers to raw KV responses 2021-04-14 16:20:22 -04:00
R.B. Boyer 1ae772ff99
mod: bump to github.com/hashicorp/mdns v1.0.4 (#10018) 2021-04-14 14:17:52 -05:00
Daniel Nephin 5d493daf82
Merge pull request #10014 from hashicorp/dnephin/changelog
Add changelog for enterprise change
2021-04-14 14:09:35 -04:00
freddygv 2ff8b9f2f5 Avoid returning a nil slice 2021-04-14 10:52:05 -06:00
Matt Keeler aa0eb60f57
Move static token resolution into the ACLResolver (#10013) 2021-04-14 12:39:35 -04:00
R.B. Boyer 0470d9ec25 fix broken golden tests 2021-04-14 11:36:47 -05:00
Freddy a85bfc0bd0
Merge pull request #10006 from hashicorp/api-ptrs 2021-04-14 10:21:08 -06:00
freddygv 7fd4c569ce Update viz endpoint to include topology from intentions 2021-04-14 10:20:15 -06:00
Freddy 57b998e027
Merge pull request #9987 from hashicorp/remove-kube-dns-hack 2021-04-14 10:00:53 -06:00
Daniel Nephin ba4f2f853e Add changelog for enterprise change 2021-04-14 11:50:15 -04:00
Mike Wickett 7bbac0ca58
Merge pull request #10008 from hashicorp/mw.update-homepage-links
website: update why hashicorp links
2021-04-14 10:57:29 -04:00
ketzacoatl 001e7fb5a0
add consul-haskell to libraries-and-sdks documentation (#9982)
See also https://github.com/alphaHeavy/consul-haskell/issues/40.
2021-04-13 21:06:19 -04:00
freddygv e175b309fb Fixup tests 2021-04-13 16:08:41 -06:00
Mike Wickett 03b496a1c0 website: update why hashicorp links 2021-04-13 15:55:15 -04:00
freddygv 50c7915156 Convert new tproxy structs in api module into ptrs
This way we avoid serializing these when empty. Otherwise users of the
latest version of the api submodule cannot interact with older versions
of Consul, because a new api client would send keys that the older Consul
doesn't recognize yet.
2021-04-13 12:44:25 -06:00
Freddy 79257c1489
Merge pull request #10005 from hashicorp/tproxy-fixes 2021-04-13 11:45:40 -06:00
Daniel Nephin 6ee17c15ff tlsutil: fix a test for go1.16
Using a TestSigner was causing problems because go1.16 has this change:

> CreateCertificate now verifies the generated certificate's signature
> using the signer's public key. If the signature is invalid, an error is
> returned, instead of a malformed certificate.

See https://golang.org/doc/go1.16#crypto/x509
2021-04-13 13:31:20 -04:00
Daniel Nephin 7f65880829 connect: fix test for go1.16
There is no way to compare x509.CertPools now that it has an unexpected
function field. This comparison is as close as we can get.

See https://github.com/golang/go/issues/26614 for a related issue.
2021-04-13 13:25:45 -04:00
Freddy 754be9f6a4
Merge pull request #10000 from hashicorp/remove-upstream-cfg-validation
Remove zero-value validation of upstream cfg structs
2021-04-13 11:00:02 -06:00
freddygv 911d7dcaa8 Remove todo that was todone 2021-04-13 10:19:59 -06:00
freddygv 84a5f91a08 Avoid nil panic when cluster config doesn't exist 2021-04-13 10:17:11 -06:00
Daniel Nephin 6df4d60675 ci: test against Go1.16.3 2021-04-13 12:06:13 -04:00
Freddy 86bd47c7a0
Merge pull request #10003 from hashicorp/proxycfg-tproxy-ent-fixup
Fixup wildcard ent assertion
2021-04-13 09:56:05 -06:00
freddygv 83501d5415 Augment intention decision summary with DefaultAllow mode 2021-04-12 19:32:09 -06:00
freddygv 36e9326dab Fixup wildcard ent assertion 2021-04-12 17:04:33 -06:00
Freddy 2a3229992e
Merge pull request #9999 from hashicorp/update-enabling-tproxy 2021-04-12 16:37:04 -06:00
Kendall Strautman 784e55a38d
fix(website): docs link text color (#10001) 2021-04-12 13:47:12 -04:00
freddygv b83841ab29 Fixup bexpr filtering 2021-04-12 10:17:52 -06:00
freddygv e6d44ae03b Remove zero-value validation of upstream cfg structs
The zero value of these flags was already being excluded in the xDS
generation of circuit breaker/outlier detection config.

See: makeThresholdsIfNeeded and ToOutlierDetection.
2021-04-12 10:08:57 -06:00
freddygv eeccba945d Replace TransparentProxy bool with ProxyMode
This PR replaces the original boolean used to configure transparent
proxy mode. It was replaced with a string mode that can be set to:

- "": Empty string is the default for when the setting should be
defaulted from other configuration like config entries.
- "direct": Direct mode is how applications originally opted into the
mesh. Proxy listeners need to be dialed directly.
- "transparent": Transparent mode enables configuring Envoy as a
transparent proxy. Traffic must be captured and redirected to the
inbound and outbound listeners.

This PR also adds a struct for transparent proxy specific configuration.
Initially this is not stored as a pointer. Will revisit that decision
before GA.
2021-04-12 09:35:14 -06:00
freddygv fb4d07243d Avoid failing test due to undiscoverable node name 2021-04-12 09:26:55 -06:00
hashicorp-ci abc9daf1ea auto-updated agent/uiserver/bindata_assetfs.go from commit 84064f972 2021-04-12 13:08:41 +00:00
Kenia eb8024375a
ui: Return empty string protocol for upstream/downstream metrics request (#9989) 2021-04-12 09:03:57 -04:00
freddygv 9c219a5b58 Fixup mesh gateway docs 2021-04-11 15:48:04 -06:00
Tara Tufano b8e7a90f77
add http2 ping health checks (#8431)
* add http2 ping checks

* fix test issue

* add h2ping check to config resources

* add new test and docs for h2ping

* fix grammatical inconsistency in H2PING documentation

* resolve rebase conflicts, add test for h2ping tls verification failure

* api documentation for h2ping

* update test config data with H2PING

* add H2PING to protocol buffers and update changelog

* fix typo in changelog entry
2021-04-09 15:12:10 -04:00
Iryna Shustava ff2e70f4ce
cli: Add new `consul connect redirect-traffic` command for applying traffic redirection rules when Transparent Proxy is enabled. (#9910)
* Add new consul connect redirect-traffic command for applying traffic redirection rules when Transparent Proxy is enabled.
* Add new iptables package for applying traffic redirection rules with iptables.
2021-04-09 11:48:10 -07:00
Freddy 920ba3db39
Merge pull request #9976 from hashicorp/centralized-upstream-fixups 2021-04-08 12:26:56 -06:00
freddygv 4ddf754b6d Fixup test 2021-04-08 11:53:07 -06:00
Freddy 38819dac1f
Merge pull request #9042 from lawliet89/tg-rewrite 2021-04-08 11:49:23 -06:00
freddygv b97d3422a7 Stable sort cidr ranges to match on 2021-04-08 11:27:57 -06:00
freddygv 0d0205e0dc PR comments 2021-04-08 11:16:03 -06:00