Commit Graph

11627 Commits

Author SHA1 Message Date
Kyle Havlovitz e4268c8b7f Support multiple listeners referencing the same service in gateway definitions 2020-05-06 15:06:13 -05:00
Kyle Havlovitz b21cd112e5 Allow ingress gateways to route traffic based on Host header
This commit adds the necessary changes to allow an ingress gateway to
route traffic from a single defined port to multiple different upstream
services in the Consul mesh.

To do this, we now require all HTTP requests coming into the ingress
gateway to specify a Host header that matches "<service-name>.*" in
order to correctly route traffic to the correct service.

- Differentiate multiple listener's route names by port
- Adds a case in xds for allowing default discovery chains to create a
  route configuration when on an ingress gateway. This allows default
  services to easily use host header routing
- ingress-gateways have a single route config for each listener
  that utilizes domain matching to route to different services.
2020-05-06 15:06:13 -05:00
R.B. Boyer 1187d7288e
acl: oss plumbing to support auth method namespace rules in enterprise (#7794)
This includes website docs updates.
2020-05-06 13:48:04 -05:00
Preetha b730590c82
Merge pull request #7792 from hashicorp/changelog-fixup
Remove duplicated entries in CHANGELOG.md
2020-05-06 13:31:03 -05:00
Preetha 859496157d
Remove duplicated entries in CHANGELOG.md
Remove some duplicated entries in the unreleased section of the changelog that were released in  1.7.3
2020-05-06 08:56:41 -05:00
Hans Hasselberg 1817748157
Update CHANGELOG.md 2020-05-06 01:38:59 +02:00
Luke Kysow 3b9e53e290
Merge pull request #7724 from hashicorp/helm-repo
Update k8s instructions for new helm repo
2020-05-05 16:17:53 -07:00
R.B. Boyer b6cc92020d
test: make the kube auth method test helper use freeport (#7788) 2020-05-05 16:55:21 -05:00
Hans Hasselberg 5d2b10e862
segments: oss changes for enterprise network area changes (#7786)
OSS code changes for network segments
2020-05-05 21:41:19 +02:00
Hans Hasselberg e3e2b82a00 network_segments: stop advertising segment tags 2020-05-05 21:32:05 +02:00
Hans Hasselberg 854aac510f agent: refactor to use a single addrFn 2020-05-05 21:08:10 +02:00
Hans Hasselberg 0f2e189012 agent: rename local/global to src/dst 2020-05-05 21:07:34 +02:00
Chris Piraino 3cb54b0c1a
Update CHANGELOG.md 2020-05-05 10:56:50 -05:00
Chris Piraino 837bd6f558
Construct a default destination if one does not exist for service-router (#7783) 2020-05-05 10:49:50 -05:00
Matt Keeler 930af9168d
Update CHANGELOG.md 2020-05-05 09:56:56 -04:00
Matt Keeler 53d44a67d2
Update CHANGELOG.md 2020-05-05 09:53:46 -04:00
Mike Morris f39bd26a7c
vendor: revert golang.org/x/sys bump to avoid FreeBSD regression (#7780) 2020-05-05 09:26:17 +02:00
Iryna Shustava a61329c747
docs: add Helm docs for external servers and bootstrapToken (#7725) 2020-05-04 18:09:59 -07:00
R.B. Boyer 3f521de377 update changelog 2020-05-04 17:03:59 -05:00
R.B. Boyer c9c557477b
acl: add MaxTokenTTL field to auth methods (#7779)
When set to a non zero value it will limit the ExpirationTime of all
tokens created via the auth method.
2020-05-04 17:02:57 -05:00
s-christoff 75cb0715b1
Update CHANGELOG.md 2020-05-04 16:24:40 -05:00
s-christoff 2535cb85eb
cli: Add -config flag to "acl authmethod update/create" (#7776) 2020-05-04 16:21:28 -05:00
R.B. Boyer c74575d446 update changelog 2020-05-04 15:21:08 -05:00
R.B. Boyer 265d2ea9e1
acl: add DisplayName field to auth methods (#7769)
Also add a few missing acl fields in the api.
2020-05-04 15:18:25 -05:00
Hans Hasselberg f80ba59c26
vendor: fix case issue (#7777) 2020-05-04 21:39:01 +02:00
Hans Hasselberg 1be90e0fa1
agent: don't let left nodes hold onto their node-id (#7747) 2020-05-04 18:39:08 +02:00
Matt Keeler 669d22933e
Merge pull request #7714 from hashicorp/oss-sync/msp-agent-token 2020-05-04 11:33:50 -04:00
Matt Keeler 31c5bcc53e
Update go-discover dependency (#7731) 2020-05-04 10:59:48 -04:00
Matt Keeler 64baf36b60
Update enterprise configurations to be in OSS
This will emit warnings about the configs not doing anything but still allow them to be parsed.

This also added the warnings for enterprise fields that we already had in OSS but didn’t change their enforcement behavior. For example, attempting to use a network segment will cause a hard error in OSS.
2020-05-04 10:21:05 -04:00
R.B. Boyer 3ac5a841ec
acl: refactor the authmethod.Validator interface (#7760)
This is a collection of refactors that make upcoming PRs easier to digest.

The main change is the introduction of the authmethod.Identity struct.
In the one and only current auth method (type=kubernetes) all of the
trusted identity attributes are both selectable and projectable, so they
were just passed around as a map[string]string.

When namespaces were added, this was slightly changed so that the
enterprise metadata can also come back from the login operation, so
login now returned two fields.

Now with some upcoming auth methods it won't be true that all identity
attributes will be both selectable and projectable, so rather than
update the login function to return 3 pieces of data it seemed worth it
to wrap those fields up and give them a proper name.
2020-05-01 17:35:28 -05:00
R.B. Boyer 1697971a8f update changelog 2020-05-01 15:56:25 -05:00
R.B. Boyer 4cd1d62e40
acl: change authmethod.Validator to take a logger (#7758) 2020-05-01 15:55:26 -05:00
R.B. Boyer 4a630135b8
test: move some test helpers over from enterprise (#7754) 2020-05-01 14:52:15 -05:00
R.B. Boyer 5848f0fd7b
docs: add docs for snapshot agent local_scratch_path option (#7730)
Also fix some website upgrade bugs.
2020-05-01 14:51:57 -05:00
Jono Sosulska edfaee9cb5
Adding redirect to discuss, moving question to old (#7732) 2020-05-01 13:02:15 -04:00
R.B. Boyer 9faf8c42d1
sdk: extracting testutil.RequireErrorContains from various places it was duplicated (#7753) 2020-05-01 11:56:34 -05:00
Hans Hasselberg 6626cb69d6
rpc: oss changes for network area connection pooling (#7735) 2020-04-30 22:12:17 +02:00
Jeff Escalante c00f246129
fix multiline note (#7744) 2020-04-30 14:07:16 -04:00
Luke Kysow 7115c41277
Update k8s instructions for new helm repo
Also remove index page for operations since it just linked to the other
pages in the list.
2020-04-30 10:04:55 -07:00
John Cowen c62b974222
ui: Fix using 'ui-like' KVs when using an empty default nspace (#7734)
When using namespaces, the 'default' namespace is a little special in
that we wanted the option for all our URLs to stay the same when using
namespaces if you are using the default namespace, with the option of
also being able to explicitly specify `~default` as a namespace.

In other words both `ui/services/service-name` and
`ui/~default/services/service-name` show the same thing.

This means that if you switch between OSS and Enterprise, all of your
URLs stay the same, but you can still specifically link to the default
namespace itself.

Our routing configuration is duplicated in order to achieve this:

```
- :dc
  - :service
  - :kv
    - :edit
- :nspace
  - :dc
    - :service
    - :kv
      - :edit
```

Secondly, ember routing resolves/matches routes in the order that you specify
them, unless, its seems, when using wildcard routes, like we do in the
KV area.

When not using the wildcard routes the above routing configuration
resolves/matches a `/dc-1/kv/service` to the `dc.kv.edit` route correctly
(dc:dc-1, kv:services), that route having been configured in a higher
priority than the nspace routes.

However when configured with wildcards (required in the KV area), note
the asterisk below:

```
- :dc
    :service
  - :kv
    - *edit
- :nspace
  - :dc
    - :service
    - :kv
      - *edit
```

Given something like `/dc-1/kv/services` the router instead matches the
`nspace.dc.service` (nspace:dc-1, dc:kv, service:services) route first even
though the `dc.kv.edit` route should still match first.
Changing the `dc.kv.edit` route back to use a non-wildcard route
(:edit instead of *edit), returns the router to match the routes in the
correct order.

In order to work around this, we catch any incorrectly matched routes
(those being directed to the nspace Route but not having a `~`
character in the nspace parameter), and then recalculate the correct
route name and parameters. Lastly we use this recalculated route to
direct the user/app to the correct route.

This route recalcation requires walking up the route to gather up all of
the required route parameters, and although this feels like something
that could already exist in ember, it doesn't seem to. We had already
done a lot of this work a while ago when implementing our `href-mut`
helper. This commit therefore repurposes that work slighlty and externalizes
it outside of the helper itself into a more usable util so we can import
it where we need it. Tests have been added before refactoring it down
to make the code easier to follow.
2020-04-30 09:28:20 +01:00
Freddy c34ee5d339
Watch fallback channel for gateways that do not exist (#7715)
Also ensure that WatchSets in tests are reset between calls to watchFired. 
Any time a watch fires, subsequent calls to watchFired on the same WatchSet
will also return true even if there were no changes.
2020-04-29 16:52:27 -06:00
Matt Keeler f1e51bc80c
Update CHANGELOG.md 2020-04-29 11:07:02 -04:00
Iryna Shustava d4a5c0b2ba
docs: add Helm docs for external servers and bootstrapToken (#7725)
Also, backfill some Helm docs that got lost in the new website merge
2020-04-28 14:38:02 -07:00
Alvin Huang a84ab2333f
disable stable-website auto cherry-pick until replatform is merged into stable-website (#7726) 2020-04-28 17:01:51 -04:00
Jeff Escalante a325ce70c8
Merge pull request #7610 from hashicorp/je.new-website
New Documentation Website
2020-04-28 13:41:52 -04:00
Alvin Huang fad0d74182 use environment variables in website-docker-image for website docker image push 2020-04-28 13:38:38 -04:00
Jeff Escalante 76268de08c
dependencies 2020-04-28 12:53:30 -04:00
Luke Kysow 6aeb465dd4
Fix broken markdown link 2020-04-28 12:53:29 -04:00
Jeff Escalante cd91a8e7dc
update dependencies 2020-04-28 12:53:29 -04:00
Jeff Escalante 851e6dd62d
remove guides from sidebar 2020-04-28 12:53:29 -04:00