Commit Graph

18966 Commits

Author SHA1 Message Date
Mike Morris 8020fb2098
agent: convert listener config to TLS types (#12522)
* tlsutil: initial implementation of types/TLSVersion

tlsutil: add test for parsing deprecated agent TLS version strings

tlsutil: return TLSVersionInvalid with error

tlsutil: start moving tlsutil cipher suite lookups over to types/tls

tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup

agent: attempt to use types in runtime config

agent: implement b.tlsVersion validation in config builder

agent: fix tlsVersion nil check in builder

tlsutil: update to renamed ParseTLSVersion and goTLSVersions

tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion

tlsutil: disable invalid config parsing tests

tlsutil: update tests

auto_config: lookup old config strings from base.TLSMinVersion

auto_config: update endpoint tests to use TLS types

agent: update runtime_test to use TLS types

agent: update TestRuntimeCinfig_Sanitize.golden

agent: update config runtime tests to expect TLS types

* website: update Consul agent tls_min_version values

* agent: fixup TLS parsing and compilation errors

* test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test

* tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites

* test: revert autoconfig tls min version fixtures to old format

* types: add TLSVersions public function

* agent: add warning for deprecated TLS version strings

* agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder

* tlsutil(BREAKING): change default TLS min version to TLS 1.2

* agent: move ParseCiphers logic from tlsutil into agent config builder

* tlsutil: remove unused CipherString function

* agent: fixup import for types package

* Revert "tlsutil: remove unused CipherString function"

This reverts commit 6ca7f6f58d268e617501b7db9500113c13bae70c.

* agent: fixup config builder and runtime tests

* tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig

* test: move TLS cipher suites parsing test from tlsutil into agent config builder tests

* agent: remove parseCiphers helper from auto_config_endpoint_test

* test: remove unused imports from tlsutil

* agent: remove resolved FIXME comment

* tlsutil: remove TODO and FIXME in cipher suite validation

* agent: prevent setting inherited cipher suite config when TLS 1.3 is specified

* changelog: add entry for converting agent config to TLS types

* agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now

* tlsutil: remove config tests for values checked at agent config builder boundary

* tlsutil: remove tls version check from loadProtocolConfig

* tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites

* website: update search link for supported Consul agent cipher suites

* website: apply review suggestions for tls_min_version description

* website: attempt to clean up markdown list formatting for tls_min_version

* website: moar linebreaks to fix tls_min_version formatting

* Revert "website: moar linebreaks to fix tls_min_version formatting"

This reverts commit 38585927422f73ebf838a7663e566ac245f2a75c.

* autoconfig: translate old values for TLSMinVersion

* agent: rename var for translated value of deprecated TLS version value

* Update agent/config/deprecated.go

Co-authored-by: Dan Upton <daniel@floppy.co>

* agent: fix lint issue

* agent: fixup deprecated config test assertions for updated warning

Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 15:32:25 -04:00
Kyle Havlovitz 0d5cbf6f30 Sort by partition/ns/servicename instead of the reverse 2022-03-24 12:16:05 -07:00
FFMMM 4d6229a3ab
remove Telemetry.MergeDefaults (#12606)
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2022-03-24 10:37:04 -07:00
Riddhi Shah e8538689d6
Merge pull request #12610 from hashicorp/agentless-rpc-acl-support
[oss] ACL pkg updates to support Agentless RPCs
2022-03-24 20:28:14 +05:30
Riddhi Shah 96e0d8fd0d ACL pkg updates to support Agentless RPCs
For many of the new RPCs that will be added in Consul servers for Agentless work,
the ACL token will need to be authorized for service:write on any service in any namespace in any partition.

The ACL package updates are to make ServiceWriteAny related helpers available on the different authorizers.
2022-03-24 17:01:06 +05:30
FFMMM 8f98bbda75
[metrics][rpc]: add basic prefix filter test for new rpc metric (#12598)
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2022-03-23 13:29:12 -07:00
Kyle Havlovitz 1b654c9807 Clean up ent meta id usage in overview summary 2022-03-23 12:47:12 -07:00
Eric Haberkorn 5bc2b42093
Merge pull request #12603 from hashicorp/remove-gogo-pbservice
Remove gogo from pbservice
2022-03-23 15:35:05 -04:00
Jared Kirschner a004eea0dd
Merge pull request #12602 from hashicorp/jkirschner-hashicorp-patch-1
docs: make gossip threat model more visible
2022-03-23 14:54:17 -04:00
Luke Kysow 6553bf4a2a
Lkysow/docs updates 2 (#12604)
* Document intermediate_cert_ttl
2022-03-23 10:22:08 -07:00
Eric 98b733e41a remove gogo from pbservice 2022-03-23 12:18:01 -04:00
Jared Kirschner 31baed248d
docs: make gossip threat model more visible 2022-03-23 11:46:56 -04:00
Eric Haberkorn 807a399b97
Merge pull request #12600 from hashicorp/remove-gogo-pbconnect
Remove gogo pbconnect, pbconfig and pbautoconf
2022-03-23 10:17:30 -04:00
Eric 467f771d74 remove gogo pbconnect, pbconfig and pbautoconf 2022-03-23 09:25:56 -04:00
John Cowen 13c6959b2b
ui: Tile CSS component (#12570)
* ui: Tile CSS component

* ui: Consul ServerCard component (#12576)
2022-03-23 10:34:26 +00:00
Kyle Havlovitz 5579f4e94c
Merge pull request #12597 from hashicorp/ma/fix-bad-test
Fixup dropped SecretID usage
2022-03-22 23:41:45 -07:00
Mark Anderson 28c925f6d0 Fixup dropped SecretID usage
Looks like something got munged at some point. Not sure how it slipped in, but my best guess is that because TestTxn_Apply_ACLDeny is marked flaky we didn't block merge because it failed.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-22 21:20:03 -07:00
Kyle Havlovitz 04f1d9bcc9 oss: Add overview UI internal endpoint 2022-03-22 17:05:09 -07:00
Karl Cardenas 626fe75167
docs: removed the word page 2022-03-22 15:51:04 -07:00
Karl Cardenas 1bf4571c8e
docs: add link to k8s cli install page 2022-03-22 15:40:53 -07:00
Jared Kirschner 0d07aa5c57
Merge pull request #12523 from Petenerd/patch-1
Update install.mdx
2022-03-22 16:43:06 -04:00
Dhia Ayachi 5cb24b9bf8
split `pbcommon` to `pbcommon` and `pbcommongogo` (#12587)
* mogify needed pbcommon structs

* mogify needed pbconnect structs

* fix compilation errors and make config_translate_test pass

* add missing file

* remove redundant oss func declaration

* fix EnterpriseMeta to copy the right data for enterprise

* rename pbcommon package to pbcommongogo

* regenerate proto and mog files

* add missing mog files

* add pbcommon package

* pbcommon no mog

* fix enterprise meta code generation

* fix enterprise meta code generation (pbcommongogo)

* fix mog generation for gogo

* use `protoc-go-inject-tag` to inject tags

* rename proto package

* pbcommon no mog

* use `protoc-go-inject-tag` to inject tags

* add non gogo proto to make file

* fix proto get
2022-03-22 16:30:00 -04:00
Krastin Krastev f6958894f5
docs: fix a trailing comma in JSON body
removing a comma after a last element in JSON body
2022-03-22 20:36:59 +01:00
Dan Upton 2fe06f663b
streaming: emit events when Connect CA Roots change (#12590)
OSS sync of enterprise changes at 614f786d
2022-03-22 19:13:59 +00:00
FFMMM 76d8798590
factor out recording func, add unit tests (#12585)
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2022-03-22 09:31:54 -07:00
Dan Upton fb441e323a
Restructure gRPC server setup (#12586)
OSS sync of enterprise changes at 0b44395e
2022-03-22 12:40:24 +00:00
FFMMM 08f2838b78
pre register new rpc metric, rename metric (#12582) 2022-03-21 17:26:32 -07:00
Michael Wilkerson a714b7cf3b
Merge pull request #12584 from hashicorp/fix-cts-http-addr-var
updated docs
2022-03-21 15:06:58 -07:00
Michael Wilkerson eb50b3766a updated docs 2022-03-21 13:01:39 -07:00
Jared Kirschner dcc6ad0cac
Merge pull request #12580 from hashicorp/docs/results-filtered-by-acl-awareness
docs: mention filtered by ACLs in affected APIs
2022-03-21 12:59:59 -04:00
Jared Kirschner fcec9a18ce docs: mention filtered by ACLs in affected APIs 2022-03-21 09:06:45 -07:00
Jared Kirschner e90c2a6994
Merge pull request #12489 from hashicorp/docs/results-filtered-by-acl-awareness-coordinate
docs: mention filtered by ACLs in coordinate API
2022-03-19 16:17:08 -04:00
Jared Kirschner 724838e600 docs: add filtered by ACLs header curl example 2022-03-18 15:47:08 -07:00
Jared Kirschner 37385058d8 docs: mention filtered by ACLs in coordinate API 2022-03-18 15:47:08 -07:00
David Yu 7cc720a2bc
docs: Correction on rotating gossip key order per DC (#12579)
* docs: Correction on rotating gossip key order per DC
2022-03-18 14:51:11 -07:00
David Yu b1dde225c4
docs: consul-k8s Change "Consul Connect Service Mesh" to "Consul Service Mesh" (#12577) 2022-03-18 12:31:29 -07:00
David Yu 6ab2507f18
docs: Consul K8s Overview update (#12575)
* docs: Consul K8s Overview update

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-03-18 12:01:41 -07:00
Mark Anderson 2b367626f0
Add source of authority annotations to the PermissionDeniedError output. (#12567)
This extends the acl.AllowAuthorizer with source of authority information.

The next step is to unify the AllowAuthorizer and ACLResolveResult structures; that will be done in a separate PR.

Part of #12481

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-18 10:32:25 -07:00
David Yu 6363cb16c3
docs: Consul Service Mesh overview - rename of title and K8s getting started (#12574)
* Consul Service Mesh overview - rename of title and K8s getting started

* reformat lines
2022-03-18 08:55:57 -07:00
Dan Upton 57f0f42733
Support per-listener TLS configuration ⚙️ (#12504)
Introduces the capability to configure TLS differently for Consul's
listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC
port) which is useful in scenarios where you may want the HTTPS or
gRPC interfaces to present a certificate signed by a well-known/public
CA, rather than the certificate used for internal communication which
must have a SAN in the form `server.<dc>.consul`.
2022-03-18 10:46:58 +00:00
Evan Culver 27711fe5c7
lib: add validation package + DNS label validation (#12535)
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-03-17 18:31:28 -07:00
FFMMM 3c08843847
[sync oss] add net/rpc interceptor implementation (#12573)
* sync ent changes from 866dcb0667

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>

* update oss go.mod

Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2022-03-17 16:02:26 -07:00
Paul Glass 6b3c506b4e
Merge pull request #12572 from hashicorp/pglass/fix-ecs-link
Fix broken link in ECS docs
2022-03-17 16:29:20 -05:00
Paul Glass 29ae8a4974
Fix broken link in ECS docs 2022-03-17 14:42:49 -05:00
Jared Kirschner 038fd90925
Merge pull request #11821 from hashicorp/error-if-get-request-has-body
http: error if GET request has non-empty body
2022-03-16 18:34:27 -04:00
Jared Kirschner 13712de2e7 http: WARN if GET request has non-empty body
Give the user a hint that they might be doing something wrong if their GET
request has a non-empty body, which can easily happen using curl's
--data-urlencode if specifying request type via "--request GET" rather than
"--get". See https://github.com/hashicorp/consul/issues/11471.
2022-03-16 14:19:50 -07:00
Eric Haberkorn fe0abde002
Merge pull request #12569 from hashicorp/remove-gogo-stdduration
Remove the stdduration gogo extension
2022-03-16 15:02:41 -04:00
Eric ae1cdc85b1 Remove the stdduration gogo extension 2022-03-16 12:12:29 -04:00
mrspanishviking 50c096364b
Merge pull request #12566 from jbohanon/jbohanon-documentation
Update ui-visualization.mdx
2022-03-16 07:17:30 -07:00
Jacob 578d82fd96
Update ui-visualization.mdx 2022-03-16 10:08:22 -04:00