Commit Graph

15582 Commits

Author SHA1 Message Date
Daniel Nephin 6e9dd995eb tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
See github.com/hashicorp/consul/issues/11207

When VerifyIncomingRPC is false the TLS conn will not have the required certificates.
2021-10-27 13:43:25 -04:00
Freddy d8ae915160
Merge pull request #11431 from hashicorp/ap/exports-proxycfg
[OSS] Update partitioned mesh gw handling for connect proxies
2021-10-27 11:27:43 -06:00
Freddy 8e23a6a0cc
Merge pull request #11416 from hashicorp/ap/exports-update
Rename service-exports to partition-exports
2021-10-27 11:27:31 -06:00
freddygv 12e57ad0f7 Add changelog entry 2021-10-27 09:02:10 -06:00
freddygv 4737ad118d Swap in structs.EqualPartitions for cmp 2021-10-26 23:36:01 -06:00
freddygv 1bade08f91 Replace Split with SplitN 2021-10-26 23:36:01 -06:00
freddygv 3966677aaf Finish removing useInDatacenter 2021-10-26 23:36:01 -06:00
freddygv 69476221c1 Update XDS for sidecars dialing through gateways 2021-10-26 23:35:48 -06:00
freddygv ea311d2e47 Configure sidecars to watch gateways in partitions
Previously the datacenter of the gateway was the key identifier, now it
is the datacenter and partition.

When dialing services in other partitions or datacenters we now watch
the appropriate partition.
2021-10-26 23:35:37 -06:00
freddygv feaebde1f1 Remove useInDatacenter from disco chain requests
useInDatacenter was used to determine whether the mesh gateway mode of
the upstream should be returned in the discovery chain target. This
commit makes it so that the mesh gateway mode is returned every time,
and it is up to the caller to decide whether mesh gateways should be
watched or used.
2021-10-26 23:35:21 -06:00
R.B. Boyer e27e58c6cc
agent: refactor the agent delegate interface to be partition friendly (#11429) 2021-10-26 15:08:55 -05:00
Chris S. Kim dac34427c5
docs: Document datacenter limitations for admin partitions (#11425) 2021-10-26 15:35:39 -04:00
Chris S. Kim 27f8a85664
agent: Ensure partition is considered in agent endpoints (#11427) 2021-10-26 15:20:57 -04:00
Brandon Romano 3c6331e9be
Switch to og-image & Fix build error with acl-legacy (#11423)
* Update share card image & switch to og-image

* Remove path from api-docs-nav-data. Working

* Add redirect back in

Co-authored-by: Pamela Bortnick <pbortnick@gmail.com>
2021-10-26 14:29:18 -04:00
John Cowen 4dd7e34c96
ui: Ensure dc selector correctly shows the currently selected dc (#11380)
* ui: Ensure dc selector correctly shows the currently selected dc

* ui: Restrict access to non-default partitions in non-primaries (#11420)

This PR restricts access via the UI to only the default partition when in a non-primary datacenter i.e. you can only have multiple (non-default) partitions in the primary datacenter.
2021-10-26 19:26:04 +01:00
John Cowen d764bac6af
ui: Add initial "How 2 Test UI" docs (#11296)
Attempt to document out what a beginner to the project needs to know here in order to get started quickly

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2021-10-26 19:18:03 +01:00
Kim Ngo 80efc993ba
Update CTS compatibility matrix to include TFC and flexible (#11424) 2021-10-26 13:12:44 -05:00
John Cowen 42391301a9
ui: Ensure we provide an id for filtering policy-tokens (#11311) 2021-10-26 19:00:32 +01:00
Chris S. Kim 3f736467e6
ui: Pass primary dc through to uiserver (#11317)
Co-authored-by: John Cowen <johncowen@users.noreply.github.com>
2021-10-26 10:30:17 -04:00
freddygv 83d4d0e108 Remove outdated partition label from test 2021-10-25 18:47:02 -06:00
freddygv c3e381b4c1 Rename service-exports to partition-exports
Existing config entries prefixed by service- are specific to individual
services. Since this config entry applies to partitions it is being
renamed.

Additionally, the Partition label was changed to Name because using
Partition at the top-level and in the enterprise meta was leading to the
enterprise meta partition being dropped by msgpack.
2021-10-25 17:58:48 -06:00
Daniel Nephin f24bad2a52
Merge pull request #11232 from hashicorp/dnephin/acl-legacy-remove-docs
acl: add docs and changelog for the removal of the legacy ACL system
2021-10-25 18:38:00 -04:00
David Yu e184ccc8e0
docs: Move consul-k8s architecture docs to Overview (#11414)
* docs: Move consul-k8s architecture docs to Overview
2021-10-25 15:33:41 -07:00
Daniel Nephin 376342aa3f
Merge pull request #11184 from hashicorp/dnephin/acl-legacy-remove-state-store
acl: remove legacy type constants, and remove state store support for setting legacy ACLs
2021-10-25 17:46:59 -04:00
Daniel Nephin 6256633120
Merge pull request #11183 from hashicorp/dnephin/acl-legacy-remove-struct
acl: remove the remaining parts of structs/acl_legacy.go
2021-10-25 17:44:39 -04:00
Daniel Nephin f7cdd210fe Update agent/consul/acl_client.go
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-10-25 17:25:14 -04:00
Daniel Nephin 732b841dd7 state: remove support for updating legacy ACL tokens 2021-10-25 17:25:14 -04:00
Daniel Nephin 76b007dacd acl: remove init check for legacy anon token
This token should always already be migrated from a previous version.
2021-10-25 17:25:14 -04:00
Daniel Nephin 8ae6ee4e36 acl: remove legacy parameter to ACLDatacenter
It is no longer used now that legacy ACLs have been removed.
2021-10-25 17:25:14 -04:00
Daniel Nephin d778113773 acl: remove ACLTokenTypeManagement 2021-10-25 17:25:14 -04:00
Daniel Nephin 2f0eba1980 acl: remove ACLTokenTypeClient,
along with the last test referencing it.
2021-10-25 17:25:14 -04:00
Daniel Nephin 88c6aeea34 acl: remove legacy arg to store.ACLTokenSet
And remove the tests for legacy=true
2021-10-25 17:25:14 -04:00
Daniel Nephin b31a7fc498 acl: remove EmbeddedPolicy
This method is no longer. It only existed for legacy tokens, which are no longer supported.
2021-10-25 17:25:14 -04:00
Daniel Nephin ceaa36f983 acl: remove tests for resolving legacy tokens
The code for this was already removed, which suggests this is not actually testing what it claims.

I'm guessing these are still resolving because the tokens are converted to non-legacy tokens?
2021-10-25 17:25:14 -04:00
Daniel Nephin a46e3bd2fc acl: stop replication on leadership lost
It seems like this was missing. Previously this was only called by init of ACLs during an upgrade.
Now that legacy ACLs are  removed, nothing was calling stop.

Also remove an unused method from client.
2021-10-25 17:24:12 -04:00
Daniel Nephin 15cd8c7ab8 Remove incorrect TODO 2021-10-25 17:20:06 -04:00
Daniel Nephin 589b238374 acl: move the legacy ACL struct to the one package where it is used
It is now only used for restoring snapshots. We can remove it in phase 2.
2021-10-25 17:20:06 -04:00
Daniel Nephin 0ba5d0afcd acl: remove most of the rest of structs/acl_legacy.go 2021-10-25 17:20:06 -04:00
Paul Banks ab5cdce760
Merge pull request #11163 from hashicorp/feature/ingress-tls-mixed
Add support for enabling connect-based ingress TLS per listener.
2021-10-25 21:36:01 +01:00
FFMMM 6433a57d3c
fix autopilot_failure_tolerance, add autopilot metrics test case (#11399)
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2021-10-25 10:55:59 -07:00
Pamela Bortnick 96afd767a1
fix social share image (#11235)
* Fix social share image

* Change name

* make absolute path
2021-10-25 13:09:28 -04:00
David Yu 5f3dad4db2
docs: minor Consul K8s changes (#11402)
* docs: minor Consul K8s changes
2021-10-25 10:00:10 -07:00
Pete Lopez f8c1561495 Use correct registry url
A small typo in the module source leads to an error when performing `terraform init`.
2021-10-22 17:12:23 -07:00
R.B. Boyer 63c50e58a0
test: pin the version of bats to one that works on CircleCI (#11401) 2021-10-22 17:06:25 -05:00
Uday 5709070692 Update segment.mdx 2021-10-22 13:49:30 -07:00
David Yu 4d1490d16f
docs: bump reference to consul-k8s cli to beta and reformat helm config example (#11398) 2021-10-22 09:14:35 -07:00
Daniel Nephin 3d60bf7950
Merge pull request #11395 from hashicorp/dnephin/remove-old-test-flake-workflow
build-support: remove test-flake machinery
2021-10-21 17:27:04 -04:00
Daniel Nephin 34c2d3737e build-support: remove test-flake machinery
This machinery was not used, and does not appear to be maintained. In practice we really
don't need anything to detect flaky tests. Our CI system identifies flaky tests at
https://app.circleci.com/insights/github/hashicorp/consul/workflows/go-tests/tests?branch=main

Mostly what we need is a way to reproduce flakes, which can be done directly with the Go
CLI, using the -race, -count, and (new in Go 1.17) -shuffle flags.
2021-10-21 17:16:25 -04:00
Daniel Nephin b8869d381d
Merge pull request #11364 from hashicorp/use-go1.17
ci: test against go1.17
2021-10-21 16:52:18 -04:00
Chris S. Kim 1eaa53798c
Update docs for tls_cipher_suites (#11070) 2021-10-21 16:41:51 -04:00