Abhishek Chanda
37377d8779
Change bind_port to an int
2018-06-30 14:18:13 +01:00
Matt Keeler
02719c52ff
Move starting enterprise functionality
2018-06-29 17:38:29 -04:00
Mitchell Hashimoto
f213c55723
agent/config: parse upstreams with multiple service definitions
2018-06-28 15:13:33 -05:00
Mitchell Hashimoto
b6969b336b
Merge pull request #4297 from hashicorp/b-intention-500-2
...
agent: 400 error on invalid UUID format, api handles errors properly
2018-06-28 05:27:19 +02:00
Matt Keeler
66af873639
Move default uuid test into the consul package
2018-06-27 09:21:58 -04:00
Matt Keeler
dbc407cec9
go fmt changes
2018-06-27 09:07:22 -04:00
Mitchell Hashimoto
03b683f702
agent: 400 error on invalid UUID format, api handles errors properly
2018-06-27 07:40:06 +02:00
Matt Keeler
95291ec5ed
Make sure to generate UUIDs when services are registered without one
...
This makes the behavior line up with the docs and expected behavior
2018-06-26 17:04:08 -04:00
mkeeler
f8355d608a
Release v1.2.0
2018-06-25 19:45:20 +00:00
mkeeler
1da3c42867
Merge remote-tracking branch 'connect/f-connect'
2018-06-25 19:42:51 +00:00
Kyle Havlovitz
d436463d75
revert go changes to hide rotation config
2018-06-25 12:26:18 -07:00
Kyle Havlovitz
837f23441d
connect/ca: hide the RotationPeriod config field since it isn't used yet
2018-06-25 12:26:18 -07:00
Mitchell Hashimoto
54ad6fc050
agent: convert the proxy bind_port to int if it is a float
2018-06-25 12:26:18 -07:00
Matt Keeler
b3ba709b3d
Remove x509 name constraints
...
These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.
2018-06-25 12:26:10 -07:00
Matt Keeler
8b27c3268a
Make sure we omit the Kind value in JSON if empty
2018-06-25 12:26:10 -07:00
Jack Pearkes
0c43a0f448
update UI to latest
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
859eaea5c4
connect/ca: pull the cluster ID from config during a rotation
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
a67bfa2c1b
connect/ca: use weak type decoding in the Vault config parsing
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
fcc5dc6110
connect/ca: leave blank root key/cert out of the default config (unnecessary)
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
f3089a6647
connect/ca: undo the interface changes and use sign-self-issued in Vault
2018-06-25 12:25:42 -07:00
Kyle Havlovitz
f79e3e3fa5
connect/ca: add leaf verify check to cross-signing tests
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
cea94d0bcf
connect/ca: update Consul provider to use new cross-sign CSR method
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
675555c4ff
connect/ca: update Vault provider to add cross-signing methods
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
a97c44c1ba
connect/ca: add URI SAN support to the Vault provider
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
7b0845ccde
connect/ca: fix vault provider URI SANs and test
2018-06-25 12:25:41 -07:00
Kyle Havlovitz
a98b85b25c
connect/ca: add the Vault CA provider
2018-06-25 12:25:41 -07:00
Paul Banks
6ecc0c8099
Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift
2018-06-25 12:25:41 -07:00
Paul Banks
b4fbeb0453
Note leadership issues in comments
2018-06-25 12:25:41 -07:00
Paul Banks
21fb98ad5a
Fix test broken by final telemetry PR change!
2018-06-25 12:25:40 -07:00
Paul Banks
824a9b4943
Actually return Intermediate certificates bundled with a leaf!
2018-06-25 12:25:40 -07:00
Matt Keeler
cbf31a467f
Output the service Kind in the /v1/internal/ui/services endpoint
2018-06-25 12:25:40 -07:00
Paul Banks
1d6e1ace11
register TCP check for managed proxies
2018-06-25 12:25:40 -07:00
Paul Banks
d1810ba338
Make proxy only listen after initial certs are fetched
2018-06-25 12:25:40 -07:00
Paul Banks
42e28fa4d1
Limit proxy telemetry config to only be visible with authenticated with a proxy token
2018-06-25 12:25:39 -07:00
Paul Banks
ba6e909ed7
Misc test fixes
2018-06-25 12:25:39 -07:00
Paul Banks
ca68136ac7
Refactor to use embedded struct.
2018-06-25 12:25:39 -07:00
Paul Banks
6deadef6bd
Revert telemetry config changes ready for cleaner approach
2018-06-25 12:25:39 -07:00
Paul Banks
fd3681f35b
Allow user override of proxy telemetry config
2018-06-25 12:25:38 -07:00
Paul Banks
ff162ffdde
Basic proxy telemetry working; not sure if it's too ugly; need to instrument things we care about
2018-06-25 12:25:38 -07:00
Paul Banks
ced9b2bee4
Expose telemetry config from RuntimeConfig to proxy config endpoint
2018-06-25 12:25:38 -07:00
Paul Banks
2df422e1e5
Disable TestAgent proxy execution properly
2018-06-25 12:25:38 -07:00
Paul Banks
81bd1b43a3
Fix hot loop in cache for RPC returning zero index.
2018-06-25 12:25:37 -07:00
Paul Banks
3d51c2aeac
Get agent cache tests passing without global hit count (which is racy).
...
Few other fixes in here just to get a clean run locally - they are all also fixed in other PRs but shouldn't conflict.
This should be robust to timing between goroutines now.
2018-06-25 12:25:37 -07:00
Mitchell Hashimoto
3efa77b912
Update UI for beta3
2018-06-25 12:25:16 -07:00
Mitchell Hashimoto
29af8fb5ab
agent/cache: always schedule the refresh
2018-06-25 12:25:14 -07:00
Mitchell Hashimoto
63047f9434
agent: clarify comment
2018-06-25 12:25:14 -07:00
Mitchell Hashimoto
1f3d2701f3
agent: add additional assertion to test
2018-06-25 12:25:13 -07:00
Paul Banks
8f26c9c3b9
More test tweaks
2018-06-25 12:25:13 -07:00
Paul Banks
d6b13463ed
Fix misc test failures (some from other PRs)
2018-06-25 12:25:13 -07:00
Paul Banks
1283373a64
Only set precedence on write path
2018-06-25 12:25:13 -07:00
Paul Banks
22b95283e9
Fix some tests failures caused by the sorting change and some cuased by previous UpdatePrecedence() change
2018-06-25 12:25:13 -07:00
Paul Banks
e2938138f6
Sort intention list by precedence
2018-06-25 12:25:13 -07:00
Mitchell Hashimoto
efa2bdb88b
agent: intention update/delete responess match ACL/KV behavior
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
93037b0607
agent/structs: JSON marshal the configuration for a managed proxy
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
8cb57b9316
agent: disallow deregistering a managed proxy directly
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
47c0e0dde6
agent: deregister service deregisters the proxy along with it
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
0d457a3e71
agent: RemoveProxy also removes the proxy service
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
8c349a2b24
Fix broken tests from PR merge related to proxy secure defaults
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
a3ef9c2308
agent/cache: always fetch with minimum index of 1 at least
2018-06-25 12:25:12 -07:00
Mitchell Hashimoto
164da57afb
agent/proxy: remove debug println
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
f551413714
agent: disallow API registration with managed proxy if not enabled
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
a8ec3064f5
agent/config: AllowManagedAPIRegistration
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
c30affa4b6
agent/proxy: AllowRoot to disable executing managed proxies when root
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
be83efe61e
agent/proxy: set the proper arguments so we only run the helper process
2018-06-25 12:25:11 -07:00
Mitchell Hashimoto
a7690301f9
agent/config: add AllowManagedRoot
2018-06-25 12:25:11 -07:00
Kyle Havlovitz
549dc22944
connect: fix two CA tests that were broken in a previous PR ( #60 )
2018-06-25 12:25:10 -07:00
Paul Banks
3433020fa6
Fix roots race with CA setup hammering bug and defensive nil check hit during obscure upgrade scenario
2018-06-25 12:25:10 -07:00
Kyle Havlovitz
1ce8361aa2
agent: format all CA config fields
2018-06-25 12:25:09 -07:00
Kyle Havlovitz
a242e5b130
agent: update accepted CA config fields and defaults
2018-06-25 12:25:09 -07:00
Mitchell Hashimoto
7846206753
agent/proxy: fix build on Windows
2018-06-25 12:24:18 -07:00
Paul Banks
6c77f7883e
Misc comment cleanups
2018-06-25 12:24:16 -07:00
Paul Banks
d0674cdd7a
Warn about killing proxies in dev mode
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
4ebddd6adb
agent/consul: set precedence value on struct itself
2018-06-25 12:24:16 -07:00
Mitchell Hashimoto
61c7e33a22
agent/config: move ports to `ports` structure, update docs
2018-06-25 12:24:15 -07:00
Paul Banks
d140612350
Fixs a few issues that stopped this working in real life but not caught by tests:
...
- Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed.
- Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart
- Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later
- Naming things
2018-06-25 12:24:14 -07:00
Paul Banks
3df45ac7f1
Don't kill proxies on agent shutdown; backport manager close fix
2018-06-25 12:24:13 -07:00
Paul Banks
877390cd28
Test for adopted process Stop race and fix
2018-06-25 12:24:13 -07:00
Mitchell Hashimoto
e016f37ae7
agent: accept connect param for execute
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
52c10d2208
agent/consul: support a Connect option on prepared query request
2018-06-25 12:24:12 -07:00
Mitchell Hashimoto
e8c899b1b8
agent/consul: prepared query supports "Connect" field
2018-06-25 12:24:11 -07:00
Mitchell Hashimoto
e3562e39cc
agent: intention create returns 500 for bad body
2018-06-25 12:24:10 -07:00
Mitchell Hashimoto
ad382d7351
agent: switch ConnectNative to an embedded struct
2018-06-25 12:24:10 -07:00
Paul Banks
1e5a2561b6
Make tests pass and clean proxy persistence. No detached child changes yet.
...
This is a good state for persistence stuff to re-start the detached child work that got mixed up last time.
2018-06-25 12:24:10 -07:00
Paul Banks
3bac52480e
Abandon daemonize for simpler solution (preserving history):
...
Reverts:
- bdb274852ae469c89092d6050697c0ff97178465
- 2c689179c4f61c11f0016214c0fc127a0b813bfe
- d62e25c4a7ab753914b6baccd66f88ffd10949a3
- c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
- 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
- 85c3f8df3eabc00f490cd392213c3b928a85aa44
2018-06-25 12:24:10 -07:00
Paul Banks
9ef748157a
WIP
2018-06-25 12:24:09 -07:00
Paul Banks
9cea27c66e
Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy
2018-06-25 12:24:09 -07:00
Mitchell Hashimoto
56f5924f3e
agent/proxy: Manager.Close also has to stop all proxy watchers
2018-06-25 12:24:09 -07:00
Paul Banks
18e64dafbc
Fix import tooling fail
2018-06-25 12:24:09 -07:00
Paul Banks
e1aca748c4
Make daemoinze an option on test binary without hacks. Misc fixes for racey or broken tests. Still failing on several though.
2018-06-25 12:24:09 -07:00
Paul Banks
c97db00903
Run daemon processes as a detached child.
...
This turns out to have a lot more subtelty than we accounted for. The test suite is especially prone to races now we can only poll the child and many extra levels of indirectoin are needed to correctly run daemon process without it becoming a Zombie.
I ran this test suite in a loop with parallel enabled to verify for races (-race doesn't find any as they are logical inter-process ones not actual data races). I made it through ~50 runs before hitting an error due to timing which is much better than before. I want to go back and see if we can do better though. Just getting this up.
2018-06-25 12:24:08 -07:00
Paul Banks
3a00574a13
Persist proxy state through agent restart
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
a3e0ac1ee3
agent/consul/state: support querying by Connect native
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
bb98686ec8
agent/cache: update comment from PR review to clarify
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
418ed161dc
agent: agent service registration supports Connect native services
2018-06-25 12:24:08 -07:00
Mitchell Hashimoto
8e02bbc897
agent/consul: support catalog registration with Connect native
2018-06-25 12:24:07 -07:00
Mitchell Hashimoto
55b3d5d6f4
agent/cache: update comments
2018-06-25 12:24:07 -07:00
Mitchell Hashimoto
ea0270e6aa
agent/cache: correct test name
2018-06-25 12:24:07 -07:00
Mitchell Hashimoto
b5201276bc
agent/cache: change behavior to return error rather than retry
...
The cache behavior should not be to mask errors and retry. Instead, it
should aim to return errors as quickly as possible. We do that here.
2018-06-25 12:24:07 -07:00
Mitchell Hashimoto
778e318a52
agent/cache: perform backoffs on error retries on blocking queries
2018-06-25 12:24:06 -07:00
Matt Keeler
95f0e8815d
Merge pull request #4234 from hashicorp/feature/default-new-ui
...
Switch over to defaulting to the new UI
2018-06-20 09:10:08 -04:00
Matt Keeler
6ccc4f39db
Merge pull request #4216 from hashicorp/rpc-limiting
...
Make RPC limits reloadable
2018-06-20 09:05:28 -04:00
Matt Keeler
426211fad6
Merge pull request #4215 from hashicorp/feature/config-node-meta-dns-txt
...
Add configuration entry to control including TXT records for node meta in DNS responses
2018-06-20 08:53:04 -04:00
Matt Keeler
bfe2fcbdf1
Update the runtime tests
2018-06-19 13:59:26 -04:00
Matt Keeler
b9d1e7042a
Make filtering out TXT RRs only apply when they would end up in Additional section
...
ANY queries are no longer affected.
2018-06-19 10:08:16 -04:00
Matt Keeler
9cb81dc47e
Switch over to defaulting to the new UI
2018-06-15 09:20:13 -04:00
Kyle Havlovitz
54bc937fed
Re-use uint8ToString
2018-06-14 09:42:23 -07:00
Kyle Havlovitz
4d46bba2c4
Support giving the duration as a string in CA config
2018-06-14 09:42:22 -07:00
Mitchell Hashimoto
771842255a
address comment feedback
2018-06-14 09:42:22 -07:00
Mitchell Hashimoto
9249662c6c
agent: leaf endpoint accepts name, not service ID
...
This change is important so that requests can made representing a
service that may not be registered with the same local agent.
2018-06-14 09:42:20 -07:00
Mitchell Hashimoto
787ce3b269
agent: address feedback
2018-06-14 09:42:20 -07:00
Mitchell Hashimoto
b5b29cd6af
agent: rename test to check
2018-06-14 09:42:18 -07:00
Mitchell Hashimoto
b961bab08c
agent: implement HTTP endpoint
2018-06-14 09:42:18 -07:00
Mitchell Hashimoto
a48ff54318
agent/consul: forward request if necessary
2018-06-14 09:42:17 -07:00
Mitchell Hashimoto
b02502be73
agent: comments to point to differing logic
2018-06-14 09:42:17 -07:00
Mitchell Hashimoto
526cfc34bd
agent/consul: implement Intention.Test endpoint
2018-06-14 09:42:17 -07:00
Paul Banks
bd5e569dc7
Make invalid clusterID be fatal
2018-06-14 09:42:17 -07:00
Paul Banks
919fd3e148
Fix logical conflicts with CA refactor
2018-06-14 09:42:17 -07:00
Paul Banks
73f2a49ef1
Fix broken api test for service Meta (logical conflict rom OSS). Add test that would make this much easier to catch in future.
2018-06-14 09:42:17 -07:00
Paul Banks
bd5eb8b749
Add default CA config back - I didn't add it and causes nil panics
2018-06-14 09:42:17 -07:00
Paul Banks
dbcf286d4c
Ooops remove the CA stuff from actual server defaults and make it test server only
2018-06-14 09:42:16 -07:00
Paul Banks
834ed1d25f
Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes.
2018-06-14 09:42:16 -07:00
Paul Banks
bdd30b191b
Comment cleanup
2018-06-14 09:42:16 -07:00
Paul Banks
5abf47472d
Verify trust domain on /authorize calls
2018-06-14 09:42:16 -07:00
Paul Banks
30d90b3be4
Generate CSR using real trust-domain
2018-06-14 09:42:16 -07:00
Paul Banks
5a1408f186
Add CSR signing verification of service ACL, trust domain and datacenter.
2018-06-14 09:42:16 -07:00
Paul Banks
c808833a78
Return TrustDomain from CARoots RPC
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
d1265bc38b
Rename some of the CA structs/files
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
1660f9ebab
Add more metadata to structs.CARoot
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
baf4db1c72
Use provider state table for a global serial index
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
5998623c44
Add test for ca config http endpoint
2018-06-14 09:42:15 -07:00
Kyle Havlovitz
c90b353eea
Move connect CA provider to separate package
2018-06-14 09:42:15 -07:00
Mitchell Hashimoto
4bb745a2d4
agent/cache: change uint8 to uint
2018-06-14 09:42:15 -07:00
Mitchell Hashimoto
6cf2e1ef1a
agent/cache: string through attempt rather than storing on the entry
2018-06-14 09:42:15 -07:00
Mitchell Hashimoto
c42510e1ec
agent/cache: implement refresh backoff
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
54a1662da8
agent/consul: change provider wait from goto to a loop
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
749f81373f
agent/consul: check nil on getCAProvider result
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
c57405b323
agent/consul: retry reading provider a few times
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
b4f990bc6c
agent: verify local proxy tokens for CA leaf + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
8f7b5f93cd
agent: verify proxy token for ProxyConfig endpoint + tests
2018-06-14 09:42:14 -07:00
Mitchell Hashimoto
3a7aaa63bc
agent/proxy: pass proxy ID as an env var
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
f69c8b85ef
agent/config: add managed proxy upstreams config to skip
...
agent/config will turn [{}] into {} (single element maps into a single
map) to work around HCL issues. These are resolved in HCL2 which I'm
sure Consul will switch to eventually.
This breaks the connect proxy configuration in service definition FILES
since we call this patch function. For now, let's just special-case skip
this. In the future we maybe Consul will adopt HCL2 and fix it, or we
can do something else if we want. This works and is tested.
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
662f38c625
agent/structs: validate service definitions, port required for proxy
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
498c63a6f1
agent/config: default connect enabled in dev mode
...
This enables `consul agent -dev` to begin using Connect features with
the built-in CA. I think this is expected behavior since you can imagine
that new users would want to try.
There is no real downside since we're just using the built-in CA.
2018-06-14 09:42:13 -07:00
Paul Banks
954d286d73
Make CSR work with jank domain
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
257d31e319
agent/proxy: delete pid file on Stop
2018-06-14 09:42:13 -07:00
Mitchell Hashimoto
1dfb4762f5
agent: increase timer for blocking cache endpoints
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
a89238a9d3
agent/proxy: address PR feedback
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
7bb13246a8
agent: clarify why we Kill still
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
147b066c67
agent: restore proxy snapshot but still Kill proxies
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
1d24df3827
agent/proxy: check if process is alive in addition to Wait
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
4301f7f1f5
agent: only set the proxy manager data dir if its set
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
e3be9f7a02
agent/proxy: improve comments on snapshotting
2018-06-14 09:42:12 -07:00
Mitchell Hashimoto
eb31827fac
agent/proxy: implement periodic snapshotting in the manager
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
64fc9e0218
agent/proxy: check if process is alive
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
a3a0bc7b13
agent/proxy: implement snapshotting for daemons
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
9675ed626d
agent/proxy: manager configures the daemon pid path to write pids
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
5e0f0ba178
agent/proxy: write pid file whenever the daemon process changes
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
09093a1a1a
agent/proxy: change LogDir to DataDir to reuse for other things
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
e2133fd391
agent/proxy: make the logs test a bit more robust by waiting for file
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
d019d33bc6
agent/proxy: don't create the directory in newProxy
2018-06-14 09:42:11 -07:00
Mitchell Hashimoto
49bc7181a4
agent/proxy: send logs to the correct location for daemon proxies
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
515c47be7d
agent: add additional tests for defaulting in AddProxy
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
52665f7d23
agent: clean up defaulting of proxy configuration
...
This cleans up and unifies how proxy settings defaults are applied.
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
ed14e9edf8
agent: resolve some conflicts and fix tests
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
657c09133a
agent/local: clarify the non-risk of a full buffer
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
31b09c0674
agent/local: remove outdated comment
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto
bae428326a
agent: use os.Executable
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
6a78ecea57
agent/proxy: local state event coalescing
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
16f529a13c
agent/proxy: implement force kill of unresponsive proxy process
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
4722e3ef76
agent: fix crash that could happen if proxy was nil on load
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
10fe87bd4a
agent/proxy: pull exit status extraction to constrained file
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
669268f85c
agent: start proxy manager
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
6884654c9d
agent/proxy: detect config change to stop/start proxies
2018-06-14 09:42:09 -07:00
Mitchell Hashimoto
8ce3deac5d
agent/proxy: test removing proxies and stopping them
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
a2167a7fd1
agent/proxy: manager and basic tests, not great coverage yet coming soon
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
fae8dc8951
agent/local: add Notify mechanism for proxy changes
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
f64a002f68
agent: start/stop proxies
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
93cdd3f206
agent/proxy: clean up usage, can't be restarted
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
536f31571b
agent: change connect command paths to be slices, not strings
...
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
76c6849ffe
agent/local: store proxy on local state, wip, not working yet
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto
659ab7ee2d
agent/proxy: exponential backoff on restarts
2018-06-14 09:42:07 -07:00
Mitchell Hashimoto
c2f50f1688
agent/proxy: Daemon works, tests cover it too
2018-06-14 09:42:07 -07:00
Mitchell Hashimoto
c47ad68f25
wip
2018-06-14 09:42:07 -07:00
Paul Banks
02ab461dae
TLS watching integrated into Service with some basic tests.
...
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
Paul Banks
dcd277de8a
Wire up agent leaf endpoint to cache framework to support blocking.
2018-06-14 09:42:07 -07:00
Kyle Havlovitz
b28e11fdd3
Fill out connect CA rpc endpoint tests
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
0e184f3f5b
Fix config tests
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
7c0976208d
Add tests for the built in CA's state store table
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
19b9399f2f
Add more tests for built-in provider
2018-06-14 09:42:06 -07:00
Kyle Havlovitz
a29f3c6b96
Fix some inconsistencies around the CA provider code
2018-06-14 09:42:06 -07:00
Paul Banks
153808db7c
Don't allow connect watches in agent/cli yet
2018-06-14 09:42:06 -07:00
Paul Banks
072b2a79ca
Support legacy watch.HandlerFunc type for backward compat reduces impact of change
2018-06-14 09:42:05 -07:00
Paul Banks
6f566f750e
Basic `watch` support for connect proxy config and certificate endpoints.
...
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
- Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
- Integration into `connect` is partially done here but still WIP
2018-06-14 09:42:05 -07:00
Kyle Havlovitz
2167713226
Add CA config to connect section of agent config
2018-06-14 09:42:05 -07:00
Kyle Havlovitz
02fef5f9a2
Move ConsulCAProviderConfig into structs package
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
887cc98d7e
Simplify the CAProvider.Sign method
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
44b30476cb
Simplify the CA provider interface by moving some logic out
2018-06-14 09:42:04 -07:00
Kyle Havlovitz
aa10fb2f48
Clarify some comments and names around CA bootstrapping
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
5abd43a567
agent: resolve flaky test by checking cache hits increase, rather than
...
exact
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
73838c9afa
agent: use helper/retry instead of timing related tests
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto
dcb2671d10
agent/cache: address PR feedback, lots of typos
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
07d878a157
agent/cache: address feedback, clarify comments
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
ad3928b6bd
agent/cache: don't every block on NotifyCh
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
3f80a9f330
agent/cache: unit tests for ExpiryHeap, found a bug!
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
1c31e34e5b
agent/cache: send the total entries count on eviction to go-metrics
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
ec559d77bd
agent/cache: make edge case with prev/next idx == 0 handled better
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
b319d06276
agent/cache: rework how expiry data is stored to be more efficient
2018-06-14 09:42:03 -07:00
Mitchell Hashimoto
449bbd817d
agent/cache: initial TTL work
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
3c6acbda5d
agent/cache: send the RefreshTimeout into the backend fetch
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
257fc34e51
agent/cache: on error, return from Get immediately, don't block forever
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
e9d58ca219
agent/cache: lots of comment/doc updates
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
a1f8cb9570
agent: augment /v1/connect/authorize to cache intentions
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
56774f24d0
agent/cache-types: support intention match queries
2018-06-14 09:42:02 -07:00
Mitchell Hashimoto
109bb946e9
agent/cache: return the error as part of Get
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
6ecc2da7ff
agent/cache: integrate go-metrics so the cache is debuggable
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
3b6c46b7d7
agent/structs: DCSpecificRequest sets all the proper fields for
...
CacheInfo
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
ccd7eeef1a
agent/cache-types/ca-leaf: proper result for timeout, race on setting CA
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
4509589427
agent/cache: support timeouts for cache reads and empty fetch results
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
b0f70f17db
agent/cache-types: rename to separate root and leaf cache types
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
e3b1c400e5
agent/cache-types: got basic CA leaf caching work, major problems still
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto
9e44a319d3
agent: check cache hit count to verify CA root caching, background update
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
8bb4fd95a6
agent: initialize the cache and cache the CA roots
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
286217cbd8
agent/cache: partition by DC/ACL token
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
72c82a9b29
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
ecc789ddb5
agent/cache: ConnectCA roots caching type
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
c69df79e0c
agent/cache: blank cache key means to always fetch
2018-06-14 09:42:00 -07:00
Mitchell Hashimoto
8584e9262e
agent/cache: initial kind-of working cache
2018-06-14 09:42:00 -07:00
Kyle Havlovitz
43f13d5a0b
Add cross-signing mechanism to root rotation
2018-06-14 09:42:00 -07:00
Kyle Havlovitz
bbfcb278e1
Add the root rotation mechanism to the CA config endpoint
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
a585a0ba10
Have the built in CA store its state in raft
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
80eddb0bfb
Fix the testing endpoint's root set op
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
9fefac745e
Update the CA config endpoint to enable GETs
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
fc9ef9741b
Hook the CA RPC endpoint into the provider interface
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
a40db26ffe
Add CA bootstrapping on establishing leadership
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
e26819ed9c
Add the bootstrap config for the CA
2018-06-14 09:41:59 -07:00
Kyle Havlovitz
4d0713d5bb
Add the CA provider interface and built-in provider
2018-06-14 09:41:58 -07:00
Kyle Havlovitz
ebdda17a30
Add CA config set to fsm operations
2018-06-14 09:41:58 -07:00
Kyle Havlovitz
f7ff16669f
Add the Connect CA config to the state store
2018-06-14 09:41:58 -07:00
Paul Banks
a90f69faa4
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list.
2018-06-14 09:41:58 -07:00
Paul Banks
9d11cd9bf4
Fix various test failures and vet warnings.
...
Intention de-duplication in previously merged PR actualy failed some tests that were not caught be me or CI. I ran the test files for state changes but they happened not to trigger this case so I made sure they did first and then fixed. That fixed some upstream intention endpoint tests that I'd not run as part of testing the previous fix.
2018-06-14 09:41:58 -07:00
Paul Banks
8a4410b549
Refactor localBlockingQuery to use memdb.WatchSet. Much simpler and correct as a bonus!
2018-06-14 09:41:58 -07:00
Paul Banks
aed5e5b03e
Super ugly hack to get TeamCity build to work for this PR without adding a vendor that is being added elsewhere and will conflict...
2018-06-14 09:41:58 -07:00
Paul Banks
cbd8606651
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test.
2018-06-14 09:41:57 -07:00
Paul Banks
44afb5c699
Agent Connect Proxy config endpoint with hash-based blocking
2018-06-14 09:41:57 -07:00
Paul Banks
c2266b134a
HTTP agent registration allows proxy to be defined.
2018-06-14 09:41:57 -07:00
Paul Banks
78e48fd547
Added connect proxy config and local agent state setup on boot.
2018-06-14 09:41:57 -07:00
Paul Banks
280382c25f
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works.
...
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
2018-06-14 09:41:57 -07:00
Paul Banks
adc5589329
Allow duplicate source or destination, but enforce uniqueness across all four.
2018-06-14 09:41:57 -07:00
Paul Banks
51b1bc028d
Rework connect/proxy and command/connect/proxy. End to end demo working again
2018-06-14 09:41:57 -07:00
Paul Banks
2d6a2ce1e3
connect.Service based implementation after review feedback.
2018-06-14 09:41:56 -07:00
Mitchell Hashimoto
62b746c380
agent: rename authorize param ClientID to ClientCertURI
2018-06-14 09:41:56 -07:00
Mitchell Hashimoto
94e7a0a3c1
agent: add TODO for verification
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
f983978fb8
acl: IntentionDefault => IntentionDefaultAllow
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
b3584b6355
agent: ACL checks for authorize, default behavior
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
3e0e0a94a7
agent/structs: String format for Intention, used for logging
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
3f80808379
agent: bolster commenting for clearer understandability
2018-06-14 09:41:55 -07:00
Mitchell Hashimoto
c6269cda37
agent: default deny on connect authorize endpoint
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
5364a8cd90
agent: /v1/agent/connect/authorize is functional, with tests
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
7af99667b6
agent/connect: Authorize for CertURI
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
68fa4a83b1
agent: get rid of method checks since they're done in the http layer
2018-06-14 09:41:54 -07:00
Paul Banks
894ee3c5b0
Add Connect agent, catalog and health endpoints to api Client
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
1985655dff
agent/consul/state: ensure exactly one active CA exists when setting
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
9d93c52098
agent/connect: support any values in the URL
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
8934f00d03
agent/connect: support SpiffeIDSigning
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
da1bc48372
agent/connect: rename SpiffeID to CertURI
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
b0315811b9
agent/connect: use proper keyusage fields for CA and leaf
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
434d8750ae
agent/connect: address PR feedback for the CA.go file
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
e0562f1c21
agent: implement an always-200 authorize endpoint
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
2026cf3753
agent/consul: encode issued cert serial number as hex encoded
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
deb55c436d
agent/structs: hide some fields from JSON
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
746f80639a
agent: /v1/connect/ca/configuration PUT for setting configuration
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
2dfca5dbc2
agent/consul/fsm,state: snapshot/restore for CA roots
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
17d6b437d2
agent/consul/fsm,state: tests for CA root related changes
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
a8510f8224
agent/consul: set more fields on the issued cert
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
58b6f476e8
agent: /v1/connect/ca/leaf/:service_id
2018-06-14 09:41:52 -07:00
Mitchell Hashimoto
748a0bb824
agent: CA root HTTP endpoints
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
80a058a573
agent/consul: CAS operations for setting the CA root
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
712888258b
agent/consul: tests for CA endpoints
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
1928c07d0c
agent/consul: key the public key of the CSR, verify in test
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
9a8653f45e
agent/consul: test for ConnectCA.Sign
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
a360c5cca4
agent/consul: basic sign endpoint not tested yet
2018-06-14 09:41:51 -07:00
Mitchell Hashimoto
6550ff9492
agent/connect: package for agent-related Connect, parse SPIFFE IDs
2018-06-14 09:41:50 -07:00
Mitchell Hashimoto
f433f61fdf
agent/structs: json omit QueryMeta
2018-06-14 09:41:50 -07:00
Mitchell Hashimoto
9ad2a12441
agent: /v1/connect/ca/roots
2018-06-14 09:41:50 -07:00
Mitchell Hashimoto
24830f4cfa
agent/consul: RPC endpoints to list roots
2018-06-14 09:41:50 -07:00
Mitchell Hashimoto
cfb62677c0
agent/consul/state: CARoot structs and initial state store
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
7e8d606717
agent: address PR feedback
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
767d2eaef6
agent: commenting some tests
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
f9a55aa7e0
agent: clarified a number of comments per PR feedback
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
62cbb892e3
agent/consul: Health.ServiceNodes ACL check for Connect
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
641c982480
agent/consul: Catalog endpoint ACL requirements for Connect proxies
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
4cc4de1ff6
agent: remove ConnectProxyServiceName
2018-06-14 09:41:49 -07:00
Mitchell Hashimoto
566c98b2fc
agent/consul: require name for proxies
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
4207bb42c0
agent: validate service entry on register
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
b5fd3017bb
agent/structs: tests for PartialClone and IsSame for proxy fields
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
c43ccd024a
agent/local: anti-entropy for connect proxy services
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
daaa6e2403
agent: clean up connect/non-connect duplication by using shared methods
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
3d82d261bd
agent: /v1/health/connect/:service
2018-06-14 09:41:48 -07:00
Mitchell Hashimoto
119ffe3ed9
agent/consul: implement Health.ServiceNodes for Connect, DNS works
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
a5fe6204d5
agent: working DNS for Connect queries, I think, but have to
...
implement Health endpoints to be sure
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
fa4f0d353b
agent: /v1/catalog/connect/:service
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
253256352c
agent/consul: Catalog.ServiceNodes supports Connect filtering
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
06957f6d7f
agent/consul/state: ConnectServiceNodes
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
200100d3f4
agent/consul: enforce ACL on ProxyDestination
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto
8a72826483
agent/consul: proxy registration and tests
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
6cd9e0e37c
agent: /v1/agent/services test with connect proxies (works w/ no change)
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
8777ff139c
agent: test /v1/catalog/node/:node to list connect proxies
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
761b561946
agent: /v1/catalog/service/:service works with proxies
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
58bff8dd05
agent/consul/state: convert proxy test to testify/assert
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
09568ce7b5
agent/consul/state: service registration with proxy works
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
23ee0888ec
agent/consul: convert intention ACLs to testify/assert
2018-06-14 09:41:46 -07:00
Mitchell Hashimoto
6a8bba7d48
agent/consul,structs: add tests for ACL filter and prefix for intentions
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
3e10a1ae7a
agent/consul: Intention.Match ACLs
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
db44a98a2d
agent/consul: Intention.Get ACLs
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
fd840da97a
agent/consul: Intention.Apply ACL on rename
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
14ca93e09c
agent/consul: tests for ACLs on Intention.Apply update/delete
2018-06-14 09:41:45 -07:00
Mitchell Hashimoto
c54be9bc09
agent/consul: Basic ACL on Intention.Apply
2018-06-14 09:41:44 -07:00
Mitchell Hashimoto
1d0b4ceedb
agent: convert all intention tests to testify/assert
2018-06-14 09:41:44 -07:00
Mitchell Hashimoto
f07340e94f
agent/consul/fsm,state: snapshot/restore for intentions
2018-06-14 09:41:44 -07:00
Mitchell Hashimoto
6f33b2d070
agent: use UTC time for intention times, move empty list check to
...
agent/consul
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
67b017c95c
agent/consul/fsm: switch tests to use structs.TestIntention
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
3a00564411
agent/consul/state: need to set Meta for intentions for tests
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
027dad8672
agent/consul/state: remove TODO
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
37f66e47ed
agent: use testing intention to get valid intentions
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
04bd4af99c
agent/consul: set default intention SourceType, validate it
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto
8e2462e301
agent/structs: Intention validation
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
d34ee200de
agent/consul: support intention description, meta is non-nil
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
e81d1c88b7
agent/consul/fsm: add tests for intention requests
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
2b047fb09b
agent,agent/consul: set default namespaces
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
e630d65d9d
agent/consul: set CreatedAt, UpdatedAt on intentions
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
237da67da5
agent: GET /v1/connect/intentions/match
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
e9d208bcb6
agent/consul: RPC endpoint for Intention.Match
2018-06-14 09:41:42 -07:00
Mitchell Hashimoto
987b7ce0a2
agent/consul/state: IntentionMatch for performing match resolution
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
231f7328bd
agent/structs: IntentionPrecedenceSorter for sorting based on precedence
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
a91fadb971
agent: PUT /v1/connect/intentions/:id
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
cae7bca448
agent: DELETE /v1/connect/intentions/:id
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
bebe6870ff
agent/consul: test that Apply works to delete an intention
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
95e1c92edf
agent/consul/state,fsm: support for deleting intentions
2018-06-14 09:41:41 -07:00
Mitchell Hashimoto
32ad54369c
agent/consul: creating intention must not have ID set
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
f219c766cb
agent/consul: support updating intentions
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
37572829ab
agent: GET /v1/connect/intentions/:id
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
c78b82f43b
agent: POST /v1/connect/intentions
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
4003bca543
agent: GET /v1/connect/intentions endpoint
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
2a8a2f8167
agent/consul: Intention.Get endpoint
2018-06-14 09:41:40 -07:00
Mitchell Hashimoto
48b9a43f1d
agent/consul: Intention.Apply, FSM methods, very little validation
2018-06-14 09:41:39 -07:00
Mitchell Hashimoto
b19a289596
agent/consul: start Intention RPC endpoints, starting with List
2018-06-14 09:41:39 -07:00
Mitchell Hashimoto
8b0ac7d9c5
agent/consul/state: list intentions
2018-06-14 09:41:39 -07:00
Mitchell Hashimoto
c05bed86e1
agent/consul/state: initial work on intentions memdb table
2018-06-14 09:41:39 -07:00
Guido Iaquinti
3ed73961b3
Attach server.Name label to client.rpc.failed
2018-06-13 14:56:14 +01:00
Guido Iaquinti
bda575074e
Attach server.ID label to client.rpc.failed
2018-06-13 14:53:44 +01:00
Guido Iaquinti
edd6a69541
Client: add metric for failed RPC calls to server
2018-06-13 12:35:45 +01:00
Matt Keeler
f9d0323c0b
Fixup a weird merge problem
2018-06-11 16:27:39 -04:00
Matt Keeler
c41fa6c010
Add a Client ReloadConfig test
2018-06-11 16:23:51 -04:00
Matt Keeler
c5d9c2362f
Merge branch 'master' of github.com:hashicorp/consul into rpc-limiting
...
# Conflicts:
# agent/agent.go
# agent/consul/client.go
2018-06-11 16:11:36 -04:00
Matt Keeler
c589991452
Apply the limits to the clients rpcLimiter
2018-06-11 15:51:17 -04:00
Matt Keeler
6604828009
Add configuration entry to control including TXT records for node meta in DNS responses
...
If set to false, the only way to retrieve TXT records for node meta is to specifically query for TXT records.
2018-06-11 11:49:04 -04:00
Pierre Souchay
6c7f01ae73
Removed labels from new ACL denied metrics
2018-06-08 11:56:46 +02:00
Pierre Souchay
2113071ae7
Removed consul prefix from metrics as requested by @kyhavlov
2018-06-08 11:51:50 +02:00
Matt Keeler
e043621dd3
Merge pull request #4156 from hashicorp/enterprise-coexistence
...
Enterprise/Licensing Cleanup
2018-06-05 10:50:32 -04:00
Jack Pearkes
c4112f2b9a
Merge pull request #4013 from sethvargo/sethvargo/user_agent
...
Add a helper for generating Consul's user-agent string
2018-06-01 09:13:38 -07:00
Matt Keeler
1c577b2012
Merge pull request #4131 from pierresouchay/enable_full_dns_compression
...
Enable full dns compression
2018-06-01 10:42:03 -04:00
Matt Keeler
4858aa6be4
Add RunWithConfig and put Run signature back to normal
2018-05-31 20:22:14 -04:00
Matt Keeler
f300d7bc65
Update unit tests to reflect change to func signature
2018-05-31 17:20:16 -04:00
Matt Keeler
365e8d11ee
Allow passing in a config to the watch plan to use when creating the API client
...
This allows watches from consul agent config (rather than consul watch command) to be able to utilize HTTPs
2018-05-31 17:07:36 -04:00
Pierre Souchay
544acdf04e
Fixed comments for max DNS records returned as requested by @mkeeler
2018-05-31 18:15:52 +02:00
Seth Vargo
303b56e07b
Use new discover and useragent libs
2018-05-25 15:52:05 -04:00
Matt Keeler
14661a417b
Allow for easy enterprise/oss coexistence
...
Uses struct/interface embedding with the embedded structs/interfaces being empty for oss. Also methods on the server/client types are defaulted to do nothing for OSS
2018-05-24 10:36:42 -04:00
Matt Keeler
170fa10c85
Add BadRequestError handling
2018-05-24 10:34:01 -04:00
Wim
cbd4405c50
Add service reverse lookup tests
2018-05-21 22:59:21 +02:00
Wim
cea77e8825
Do reverse service lookup only if address doesn't match node
2018-05-21 22:27:41 +02:00
Wim
88514d6a82
Add support for reverse lookup of services
2018-05-19 19:39:02 +02:00
Pierre Souchay
5c1c9cde34
Test fix, trying to pass Travis tests
2018-05-16 14:10:35 +02:00
Pierre Souchay
74cbe5ac85
Ensure to never send messages more than 64k
2018-05-16 12:47:35 +02:00
Pierre Souchay
5f529c9ea7
Fixed unit tests and updated limits
2018-05-16 12:11:49 +02:00
Pierre Souchay
7e8878df0b
Re-Enable compression while computing Len(), so we can send more answers
...
This will fix https://github.com/hashicorp/consul/issues/4071
2018-05-16 11:00:51 +02:00
Matt Keeler
24e0104901
Update bindata_assetfs for 1.1
2018-05-11 14:56:05 -04:00
Paul Banks
6108205ff6
v1.1.0 UI Build
2018-05-11 17:05:20 +01:00
Paul Banks
d35988521e
Go fmt cleanup
2018-05-11 17:05:19 +01:00
Preetha Appan
7400a78f8a
Change default raft threshold config values and add a section to upgrade notes
2018-05-11 10:45:41 -05:00
Preetha Appan
5d3b267787
More docs and removed SnapShotInterval from raft timing struct stanza
2018-05-11 10:43:24 -05:00
Preetha Appan
e28c5fbb4e
Also make snapshot interval configurable
2018-05-11 10:43:24 -05:00
Preetha Appan
9d2dac9db8
fix spacing
2018-05-11 10:43:24 -05:00
Preetha Appan
eb4bc79118
Make raft snapshot commit threshold configurable
2018-05-11 10:43:24 -05:00
Kyle Havlovitz
67167fd961
Merge pull request #4108 from hashicorp/vendor-go-discover
...
Update go-discover and add triton provider
2018-05-10 17:29:00 -07:00
Kyle Havlovitz
c04ff88537
Move cloud auto-join docs to a separate page and add Triton
2018-05-10 17:15:41 -07:00
Jack Pearkes
e611b1728a
Merge pull request #4097 from hashicorp/remove-deprecated
...
Remove deprecated check/service fields and metric names
2018-05-10 15:45:49 -07:00
John Cowen
ca15998b51
UI V2 ( #4086 )
...
* Move settings to use the same service/route API as the rest of the app
* Put some ideas down for unit testing on adapters
* Favour `Model` over `Entity`
* Move away from using `reopen` to using Mixins
* Amend messages, comment/document some usage
* Make sure the returns are consistent in normalizePayload, also
Add some todo's in to remind me to think consider this further at a
later date. For example, is normalizePayload to be a hook or an
overridable method
* Start stripping back the HTML to semantics
* Use a variable rather than chaining
* Remove unused helpers
* Start picking through the new designs, start with listing pages
* First draft HTML for every page
* Making progress on the CSS
* Keep plugging away at the catalog css
* Looking at scrolling
* Wire up filtering
* Sort out filter counting, more or less done a few outstanding
* Start knocking the forms into shape
* Add in codemirror
* Keep moving forwards with the form like layouts
* Start looking at ACL editing page, add footer in
* Pull the filters back in, look at an autoresizer for scroll views
* First draft toggles
* 2nd draft healthcheck icons
* Tweak node healthcheck icons
* Looking at healthcheck detail icons
* Tweak the filter-bar and add selections to the in content tabs
* Add ACL create, pill-like acl type highlight
* Tweaking the main nav some more
* Working on the filter-bar and freetext-filter
* Masonry layout
* Stick with `checks` instead of healthy/unhealthy
* Fix up the filter numbers/counts
* Use the thead for a measure
* First draft tomography back in
* First draft DC dropdown
* Add a temporary create buttong to kv's
* Move KV and ACL to use a create page
* Move tags
* Run through old tests
* Injectable server
* Start adding test attributes
* Add some page objects
* More test attributes and pages
* Acl filter objects
* Add a page.. page object
* Clickable items in lists
* Add rest/spread babel plugin, remove mirage for now
* Add fix for ember-collection
* Keep track of acl filters
* ember-cli-page-object
* ember-test-selectors
* ui: update version of ui compile deps
* Update static assets
* Centralize radiogroup helper
* Rejig KV's and begin to clean it up
* Work around lack of Tags for the moment..
* Some little css tweaks and start to remove possibles
* Working on the dc page and incidentals
1. Sort the datacenter-picker list
2. Add a selected state to the datacenter-picker
3. Make dc an {Name: dc}
4. Add an env helper to get to 'env vars' from within templates
* Click outside stuff for the datacenter-picker, is-active on nav
* Make sure the dropdown CTA can be active
* Bump ember add pluralize helper
* Little try at sass based custom queries
* Rejig tablular collection so it deals with resizing, actions
1. WIP: start building actions dropdowns
2. Move tabular collection to deal with resizing to rule out differences
* First draft actions dropdowns
* Add ports, selectable IP's
* Flash messages, plus general cleanup/consistency
1. Add ember-cli-flash for flash messages
2. Move everything to get() instead of item.get
3. Spotted a few things that weren't consistent
* DOn't go lower than zero
* First draft vertical menu
* Missed a get, tweak dropmenu tick
* Big cleanup
1. this.get(), this.set() > get(), set()
2. assign > {...{}, ...{}}
3. Seperator > separator
* WIP: settings
* Moved things into a ui-v2 folder
* Decide on a way to do the settings page whilst maintaining the url + dc's
* Start some error pages
* Remove base64 polyfill
* Tie in settings, fix atob bug, tweak layout css
* Centralize confirmations into a component
* Allow switching between the old and new UI with the CONSUL_UI_BETA env var
Currently all the assets are packaged into a single AssetFS and a prefix is configured to switch between the two.
* Attempt at some updates to integrate the v2 ui build into the main infrastructure
* Add redirect to index.html for unknown paths
* Allow redictor to /index.html for new ui when using -ui-dir
* Take ACLs to the correct place on save
* First pass breadcrumbs
* Remove datacenter selector on the index page
* Tweak overall layout
* Make buttons 'resets'
* Tweak last DC stuff
* Validations plus kv keyname viewing tweaks
* Pull sessions back in
* Tweak the env vars to be more reusable
* Move isAnon to the view
* No items and disabled acl css
* ACL and KV details
1. Unauthorized page
2. Make sure the ACL is always selected when it needs it
3. Check record deletion with a changeset
* Few more acl tweaks/corrections
* Add no items view to node > services
* Tags for node > services
* Make sure we have tags
* Fix up the labels on the tomography graph
* Add node link (agent) to kv sessions
* Duplicate up `create` for KV 'root creation'
* Safety check for health checks
* Fix up the grids
* Truncate td a's, fix kv columns
* Watch for spaces in KV id's
* Move actions to their own mixins for now at least
* Link reset to settings incase I want to type it in
* Tweak error page
* Cleanup healthcheck icons in service listing
* Centralize errors and make getting back easier
* Nice numbers
* Compact buttons
* Some incidental css cleanups
* Use 'Key / Value' for root
* Tweak tomography layout
* Fix single healthcheck unhealthy resource
* Get loading screen ready
* Fix healthy healthcheck tick
* Everything in header starts white
* First draft loader
* Refactor the entire backend to use proper unique keys, plus..
1. Make unique keys form dc + slug (uid)
2. Fun with errors...
* Tweak header colors
* Add noopener noreferrer to external links
* Add supers to setupController
* Implement cloning, using ember-data...
* Move the more expensive down the switch order
* First draft empty record cleanup..
* Add the cusomt store test
* Temporarily use the htmlSafe prototype to remove the console warning
* Encode hashes in urls
* Go back to using title for errors for now
* Start removing unused bulma
* Lint
* WIP: Start looking at failing tests
* Remove single redirect test
* Finish off error message styling
* Add full ember-data cache invalidation to avoid stale data...
* Add uncolorable warning icons
* More info icon
* Rearrange single service, plus tag printing
* Logo
* No quotes
* Add a simple startup logo
* Tweak healthcheck statuses
* Fix border-color for healthchecks
* Tweak node tabs
* Catch 401 ACL errors and rethrow with the provided error message
* Remove old acl unauth and error routes
* Missed a super
* Make 'All' refer to number of checks, not services
* Remove ember-resizer, add autoprefixer
* Don't show tomography if its not worth it, viewify it more also
* Little model cleanup
* Chevrons
* Find a way to reliably set the class of html from the view
* Consistent html
* Make sure session id's are visible as long as possible
* Fix single service check count
* Add filters and searchs to the query string
* Don't remember the selected tab
* Change text
* Eror tweaking
* Use chevrons on all breadcrumbs even in kv's
* Clean up a file
* Tweak some messaging
* Makesure the footer overlays whats in the page
* Tweak KV errors
* Move json toggle over to the right
* feedback-dialog along with copy buttons
* Better confirmation dialogs
* Add git sha comment
* Same title as old UI
* Allow defaults
* Make sure value is a string
* WIP: Scrolling dropdowns/confirmations
* Add to kv's
* Remove set
* First pass trace
* Better table rows
* Pull over the hashi code editor styles
* Editor tweaks
* Responsive tabs
* Add number formatting to tomography
* Review whats left todo
* Lint
* Add a coordinate ember data triplet
* Bump in a v2.0.0
* Update old tests
* Get coverage working again
* Make sure query keys are also encoded
* Don't test console.error
* Unit test some more utils
* Tweak the size of the tabular collections
* Clean up gitignore
* Fix copy button rollovers
* Get healthcheck 'icon icons' onto the text baseline
* Tweak healthcheck padding and alignment
* Make sure commas kick in in rtt, probably never get to that
* Improve vertical menu
* Tweak dropdown active state to not have a bg
* Tweak paddings
* Search entire string not just 'startsWith'
* Button states
* Most buttons have 1px border
* More button tweaks
* You can only view kv folders
* CSS cleanup reduction
* Form input states and little cleanup
* More CSS reduction
* Sort checks by importance
* Fix click outside on datacenter picker
* Make sure table th's also auto calculate properly
* Make sure `json` isn't remembered in KV editing
* Fix recursive deletion in KV's
* Centralize size
* Catch updateRecord
* Don't double envode
* model > item consistency
* Action loading and ACL tweaks
* Add settings dependencies to acl tests
* Better loading
* utf-8 base64 encode/decode
* Don't hang off a prototype for htmlSafe
* Missing base64 files...
* Get atob/btoa polyfill right
* Shadowy rollovers
* Disabled button styling for primaries
* autofocuses only onload for now
* Fix footer centering
* Beginning of 'notices'
* Remove the isLocked disabling as we are letting you do what the API does
* Don't forget the documentation link for sessions
* Updates are more likely
* Use exported constant
* Dont export redirectFS and a few other PR updates
* Remove the old bootstrap config which was used for the old UI skin
* Use curlies for multiple properties
2018-05-10 19:52:53 +01:00
Paul Banks
79a3cee3d1
Make it work for WAN join too and add tests
2018-05-10 14:30:24 +01:00
Dominik Lekse
88dc90ecfc
Added support for sockaddr templates in start-join and retry-join configuration
2018-05-10 14:08:41 +01:00
Kyle Havlovitz
c19b43bf86
Remove unused retry join structs from config
2018-05-08 16:25:34 -07:00
Kyle Havlovitz
60307ef328
Remove deprecated metric names
2018-05-08 16:23:15 -07:00
Kyle Havlovitz
a480434517
Remove the script field from checks in favor of args
2018-05-08 15:31:53 -07:00
Paul Banks
c55885efd8
Merge pull request #3970 from pierresouchay/node_health_should_change_service_index
...
[BUGFIX] When a node level check is removed, ensure all services of node are notified
2018-05-08 16:44:50 +01:00
Kyle Havlovitz
36c5e59465
Remove support for EnableTagOverride in config files
2018-05-07 16:19:13 -07:00
Kyle Havlovitz
fb3cd87c91
Remove support for CheckID field in service check definitions
2018-05-07 16:15:08 -07:00
Dino Lukman
27d0b9ce27
Fix telemetry default prefix filter
...
If telemetry metrics contain a hostname starting with
'consul', the metrics will be filtered out the same way
as the deprecated metrics.
2018-05-02 16:56:29 +02:00
Jack Pearkes
5a14443b79
Merge pull request #4021 from fomentia/master
...
Close HTTP response in Agent test (HTTPAPI_MethodNotAllowed_OSS)
2018-04-27 09:28:01 -07:00
Paul Banks
ea731031d5
Merge pull request #4047 from pierresouchay/added_missing_meta_in_service_definition
...
[BUGFIX] Added Service Meta support in configuration files
2018-04-25 13:08:53 +01:00
Pierre Souchay
7b752604d5
Improved unit test (example close to actual value)
2018-04-24 23:15:27 +02:00
Paul Banks
06e1a62653
Merge pull request #4016 from pierresouchay/support_for_prometheus
...
Support for prometheus for metrics endpoint
2018-04-24 16:14:43 +01:00
Pierre Souchay
24185ada0d
Fixed Meta name for JSON + Added unit tests for HCL/JSON
2018-04-24 16:39:43 +02:00
Pierre Souchay
956b6213dc
Removed Nanoseconds cast as requested by @banks
2018-04-24 16:30:10 +02:00
Pierre Souchay
9ddf7af82d
Removed content negotiation of Prometheus as requested by @banks
2018-04-24 16:28:30 +02:00
Pierre Souchay
ee47eb7d7d
Added Missing Service Meta synchronization and field
2018-04-21 17:34:29 +02:00
Pierre Souchay
cf3cd546c8
More Tests cases compression/no compression
2018-04-21 17:18:39 +02:00
Pierre Souchay
a3b028d1d7
Removed unecessary copy of Extra and index
2018-04-20 22:51:04 +02:00
Pierre Souchay
5d0060a9c3
Use safer stringVal()
2018-04-18 23:18:16 +02:00
Pierre Souchay
6e71d8bb44
Added unit test on key length
2018-04-18 23:07:25 +02:00
Pierre Souchay
ef7a35b203
Added unit tests for bad meta values
2018-04-18 22:57:33 +02:00
Pierre Souchay
5c4d8940ea
[BUGFIX] Added Service Meta support in configuration files
...
Fixes https://github.com/hashicorp/consul/issues/4045
Was not added by mistake in https://github.com/hashicorp/consul/pull/3881
2018-04-18 22:18:58 +02:00
Pierre Souchay
bebf03e26e
Fixed import
2018-04-18 17:09:25 +02:00
Pierre Souchay
4739b05d12
Added labels to improve new metric
2018-04-18 16:51:22 +02:00
Pierre Souchay
1b55e3559b
Allow renaming nodes when ID is unchanged
2018-04-18 15:39:38 +02:00
Pierre Souchay
e1240556f9
Improved unit tests debug info when it fails
2018-04-18 14:18:17 +02:00
Pierre Souchay
7db49828bd
Fixed sync of Extra in binarySearch
2018-04-18 14:17:44 +02:00
Pierre Souchay
6706ff9f0b
Run new test in parallel
2018-04-17 10:36:12 +02:00
Pierre Souchay
12f81c60ac
Track calls blocked by ACLs using metrics
2018-04-17 10:17:16 +02:00
Pierre Souchay
49aaf4155b
More test cases + travis flacky
2018-04-17 09:42:08 +02:00
Pierre Souchay
f2fc163b92
Added Unit tests + fixed boudary limit
2018-04-17 09:31:30 +02:00
Pierre Souchay
146152170f
Added comment for function dnsBinaryTruncate
2018-04-17 01:10:52 +02:00
Pierre Souchay
9a819b5b29
Perform a binary search to find optimal size of DNS responses
...
Will fix https://github.com/hashicorp/consul/issues/4036
Instead of removing one by one the entries, find the optimal
size using binary search.
For SRV records, with 5k nodes, duration of DNS lookups is
divided by 4 or more.
2018-04-17 00:50:00 +02:00
Kyle Havlovitz
2ac0669362
Update static assets
2018-04-13 10:05:30 -07:00
Kyle Havlovitz
be10300d06
Update make static-assets goal and run format
2018-04-13 09:57:25 -07:00
Matt Keeler
ed94d356e0
Merge pull request #4023 from hashicorp/f-near-ip
...
Add near=_ip support for prepared queries
2018-04-12 12:10:48 -04:00
Matt Keeler
d604642792
GH-3798: More PR Updates
...
Update docs a little
Update/add tests. Make sure all the various ways of determining the source IP work
Update X-Forwarded-For header parsing. This can be a comma separated list with the first element being the original IP so we now handle csv data there.
Got rid of error return from sourceAddrFromRequest
2018-04-12 10:40:46 -04:00
Matt Keeler
aa9151738a
GH-3798: A couple more PR updates
...
Test HTTP/DNS source IP without header/extra EDNS data.
Add WARN log for when prepared query with near=_ip is executed without specifying the source ip
2018-04-12 10:10:37 -04:00
Matt Keeler
3a0f7789ec
GH-3798: A few more PR updates
2018-04-11 20:32:35 -04:00
Matt Keeler
de3a9be3d0
GH-3798: Updates for PR
...
Allow DNS peer IP as the source IP.
Break early when the right node was found for executing the preapred query.
Update docs
2018-04-11 17:02:04 -04:00
Matt Keeler
300f7f388e
GH-3798: Wrap DNS request validation in a retry
2018-04-11 16:00:15 -04:00
Jack Pearkes
f9baf50b54
Merge pull request #4015 from hashicorp/ui-service-tags
...
api/ui: return tags on internal UI endpoints
2018-04-11 12:02:19 -07:00
Matt Keeler
b7869e9771
GH-3798: Add DNS near=_ip test
2018-04-11 10:33:48 -04:00
Matt Keeler
0c44a0a7cc
GH-3798: Add HTTP prepared query near=_ip test
...
Also fixed an issue where we need to have the X-Forwarded-For header processed before the RemoteAddr. This shouldn’t have any functional difference for prod code but for mocked request objects it allows them to work.
2018-04-10 15:35:54 -04:00
Matt Keeler
89cd24aeca
GH-3798: Add near=_ip support for prepared queries
2018-04-10 14:50:50 -04:00
Isaac Williams
2926294865
Close HTTP response in Agent test (HTTPAPI_MethodNotAllowed_OSS)
2018-04-10 13:18:46 -04:00
Paul Banks
2ed0d2afcd
Allow ignoring checks by ID when defining a PreparedQuery. Fixes #3727 .
2018-04-10 14:04:16 +01:00
Pierre Souchay
e342ced97b
Clearer documentation and comments for enabling Prometheus support
2018-04-09 13:16:45 +02:00
Pierre Souchay
c164ee7dbd
Enable compression / automatic Mime-Type detection for Prometheus endpoint
2018-04-09 13:16:03 +02:00
Jared Wasinger
9a1737a5f0
agent: reload limits upon restart
2018-04-08 14:28:29 -07:00
Jared Wasinger
361b10b5dd
add unit tests: limits configuration should be reloadable
2018-04-08 03:57:01 -07:00
Matt Keeler
3df53b6459
Merge pull request #4006 from kjothen/patch-1
...
Update check.go
2018-04-06 12:57:52 -04:00
Pierre Souchay
2e495ec8a6
Now use prometheus_retention_time > 0 to enable prometheus support
2018-04-06 14:21:05 +02:00
Pierre Souchay
583744d8c5
Added support exposing metrics in Prometheus format
2018-04-06 09:18:06 +02:00
Jack Pearkes
812efc2667
api/ui: return tags on internal UI endpoints
...
This is to allow the UI to display tags in the services index pages
without needing to make additional queries.
2018-04-05 12:28:57 -07:00
Matt Keeler
cbefc4261d
Merge pull request #3752 from yfouquet/issue_3687
...
Add support for compression in http api
2018-04-04 09:06:42 -04:00
Yoann
23a6ad9356
Add support for compression in http api
...
The need has been spotted in issue https://github.com/hashicorp/consul/issues/3687 .
Using "NYTimes/gziphandler", the http api responses can now be compressed if required.
The Go API requires compressed response if possible and handle the compressed response.
We here change only the http api (not the UI for instance).
2018-04-03 22:33:13 +02:00
Preetha
d4e6b0307e
Merge pull request #3998 from zte-opensource/wip-fix-shutdown
...
minor fix for endpoints shutdown
2018-04-03 12:22:54 -05:00
Kieran Othen
4575fd378a
Update check.go
...
Cosmetic fix to the agent's HTTP check function which always formats the result as "HTTP GET ...", ignoring any non-GET supplied HTTP method such as POST, PUT, etc.
2018-03-31 16:44:35 +01:00
Matt Keeler
c0b1fb6ede
Merge pull request #3948 from pierresouchay/fix_tcp_dns_limit
...
[BUGFIX] do not break when TCP DNS answer exceeds 64k
2018-03-30 16:25:23 -04:00
Preetha
8fbe3dfceb
Adds discovery_max_stale ( #4004 )
...
Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 10:14:44 -05:00
Preetha
48c499d1cb
Merge pull request #3994 from hashicorp/f-rename-servicemeta
...
Renames agent API layer for service metadata to "meta" for consistency
2018-03-29 14:07:57 -05:00
runsisi
2f09d10df5
minor fix for endpoints shutdown
...
Signed-off-by: runsisi <runsisi@zte.com.cn>
2018-03-29 21:45:46 +08:00
Matt Keeler
b5cdbbd033
Merge pull request #3990 from hashicorp/b-gh-3854
...
Warn when node name isnt a valid DNS label
2018-03-29 09:04:47 -04:00
Preetha Appan
d9d9944179
Renames agent API layer for service metadata to "meta" for consistency
2018-03-28 09:04:50 -05:00
Preetha
8dacb12c79
Merge pull request #3881 from pierresouchay/service_metadata
...
Feature Request: Support key-value attributes for services
2018-03-27 16:33:57 -05:00
Preetha
f91db69d6e
Merge pull request #3984 from hashicorp/f-allow-federation-disable
...
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-27 16:05:53 -05:00
Matt Keeler
fd9297ad8f
Formatting update
2018-03-27 16:31:27 -04:00
Pierre Souchay
b9ae4e647f
Added validation of ServiceMeta in Catalog
...
Fixed Error Message when ServiceMeta is not valid
Added Unit test for adding a Service with badly formatted ServiceMeta
2018-03-27 22:22:42 +02:00
Preetha Appan
17a011b9bd
fix typo and remove comment
2018-03-27 14:28:05 -05:00
Matt Keeler
2d8a68cce9
GH-3854: Warn when node name isnt a valid DNS label
2018-03-27 15:00:33 -04:00
Preetha Appan
6d16afc65c
Remove unnecessary nil checks
2018-03-27 10:59:42 -05:00
Preetha Appan
c21c2da690
Fix test and remove unused method
2018-03-27 09:44:41 -05:00
Preetha Appan
512f9a50fc
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-26 14:21:06 -05:00
Pierre Souchay
eccb56ade0
Added support for renaming nodes when their IP does not change
2018-03-26 16:44:13 +02:00
Pierre Souchay
90d2f7bca1
Merge remote-tracking branch 'origin/master' into node_health_should_change_service_index
2018-03-22 13:07:11 +01:00
Pierre Souchay
9cc9dce848
More test cases
2018-03-22 12:41:06 +01:00
Pierre Souchay
7e8e4e014b
Added new test regarding checks index
2018-03-22 12:20:25 +01:00
Pierre Souchay
a8b66fb7aa
Fixed minor typo in comments
...
Might fix unstable travis build
2018-03-22 10:30:10 +01:00
Guido Iaquinti
244fc72b05
Add package name to log output
2018-03-21 15:56:14 +00:00
Josh Soref
1dd8c378b9
Spelling ( #3958 )
...
* spelling: another
* spelling: autopilot
* spelling: beginning
* spelling: circonus
* spelling: default
* spelling: definition
* spelling: distance
* spelling: encountered
* spelling: enterprise
* spelling: expands
* spelling: exits
* spelling: formatting
* spelling: health
* spelling: hierarchy
* spelling: imposed
* spelling: independence
* spelling: inspect
* spelling: last
* spelling: latest
* spelling: client
* spelling: message
* spelling: minimum
* spelling: notify
* spelling: nonexistent
* spelling: operator
* spelling: payload
* spelling: preceded
* spelling: prepared
* spelling: programmatically
* spelling: required
* spelling: reconcile
* spelling: responses
* spelling: request
* spelling: response
* spelling: results
* spelling: retrieve
* spelling: service
* spelling: significantly
* spelling: specifies
* spelling: supported
* spelling: synchronization
* spelling: synchronous
* spelling: themselves
* spelling: unexpected
* spelling: validations
* spelling: value
2018-03-19 16:56:00 +00:00
Paul Banks
e2673c76d6
Merge pull request #3962 from canterberry/upgrade/tls-cipher-suites
...
🔒 Update supported TLS cipher suites
2018-03-19 16:44:33 +00:00
Pierre Souchay
3eb287f57d
Fixed typo in comments
2018-03-19 17:12:08 +01:00
Pierre Souchay
eb2a4eaea3
Refactoring to have clearer code without weird bool
2018-03-19 16:12:54 +01:00
Pierre Souchay
a5f6ac0df4
[BUGFIX] When a node level check is removed, ensure all services of node are notified
...
Bugfix for https://github.com/hashicorp/consul/pull/3899
When a node level check is removed (example: maintenance),
some watchers on services might have to recompute their state.
If those nodes are performing blocking queries, they have to be notified.
While their state was updated when node-level state did change or was added
this was not the case when the check was removed. This fixes it.
2018-03-19 14:14:03 +01:00
Preetha Appan
84bd6dc5d1
cleanup unit test code a bit
2018-03-16 09:36:57 -05:00
Preetha
164fb3f48c
Merge pull request #3885 from eddsteel/support-options-requests
...
Support OPTIONS requests
2018-03-16 09:20:16 -05:00
Devin Canterberry
8a5df6ecc3
🎨 Formatting changes only; convert leading space to tabs
2018-03-15 10:30:38 -07:00
Devin Canterberry
2001b9f35f
✅ Match expectation of TLSCipherSuites to values of tls_cipher_suites
2018-03-15 10:19:46 -07:00
Devin Canterberry
881d20c606
🐛 Formatting changes only; add missing trailing commas
2018-03-15 10:19:46 -07:00
Devin Canterberry
ece32fce53
🔒 Update supported TLS cipher suites
...
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go ).
> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
> * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4 )
> * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/ )
2018-03-15 10:19:46 -07:00
Pierre Souchay
d9b59d1b3e
Fixed minor typo (+ travis tests is unstable)
2018-03-09 18:42:13 +01:00
Pierre Souchay
871b9907cb
Optimize size for SRV records, should improve performance a bit
...
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
Preetha
401215230c
Merge pull request #3940 from pierresouchay/dns_max_size
...
Allow to control the number of A/AAAA Record returned by DNS
2018-03-09 07:35:32 -06:00
Pierre Souchay
b0b243bf1b
Fixed wrong format of debug msg in unit test
2018-03-08 00:36:17 +01:00
Pierre Souchay
c3713dbbf1
Performance optimization for services having more than 2k records
2018-03-08 00:26:41 +01:00
Pierre Souchay
1085d5a7b4
Avoid issue with compression of DNS messages causing overflow
2018-03-07 23:33:41 +01:00
Pierre Souchay
241c7e5f5f
Cleaner Unit tests from suggestions from @preetapan
2018-03-07 18:24:41 +01:00
Pierre Souchay
b672707552
64000 max limit to DNS messages since there is overhead
...
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
Pierre Souchay
06afb4d02c
[BUGFIX] do not break when TCP DNS answer exceeds 64k
...
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).
Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
Mitchell Hashimoto
fbac58280e
agent/consul/fsm: begin using testify/assert
2018-03-06 09:48:15 -08:00
Pierre Souchay
09970479b5
Allow to control the number of A/AAAA Record returned by DNS
...
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.
It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937
See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.
It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.
The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Edd Steel
413cb3d3b5
Re-use defined endpoints for tests
2018-03-03 11:19:18 -08:00
Paul Banks
628dcc9793
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index
...
Services Indexes modified per service instead of using a global Index
2018-03-02 16:24:43 +00:00
Pierre Souchay
85b73f8163
Simplified error handling for maxIndexForService
...
* added unit tests to ensure service index is properly garbage collected
* added Upgrade from Version 1.0.6 to higher section in documentation
2018-03-01 14:09:36 +01:00
Paul Banks
f7ecbce39a
Fix test running in non-bash shells
2018-02-22 14:06:06 +00:00
Paul Banks
0ee77a5e02
Merge pull request #3900 from hashicorp/fix-monitor-sigint-3891
...
Fixes #3891 : agent monitor no longer unresponsive before logs stream.
2018-02-21 21:28:33 +00:00
Preetha Appan
77d35f1829
Remove extra newline
2018-02-21 13:21:47 -06:00
Preetha Appan
573500dc51
Unit test that calls revokeLeadership twice to make sure its idempotent
2018-02-21 12:48:53 -06:00
Preetha Appan
bd270b02ba
Make sure revokeLeadership is called if establishLeadership errors
2018-02-21 12:33:22 -06:00
Alex Dadgar
535842004c
Test autopilots start/stop idempotency
2018-02-21 10:19:30 -08:00
Alex Dadgar
4d99696f02
Improve autopilot shutdown to be idempotent
2018-02-20 15:51:59 -08:00
Pierre Souchay
e6d85cb36a
Fixed comments for function maxIndexForService
2018-02-20 23:57:28 +01:00
Pierre Souchay
b26ea3c230
[Revert] Only update services if tags are different
...
This patch did give some better results, but break watches on
the services of a node.
It is possible to apply the same optimization for nodes than
to services (one index per instance), but it would complicate
further the patch.
Let's do it in another PR.
2018-02-20 23:34:42 +01:00
Pierre Souchay
903e866835
Only update services if tags are different
2018-02-20 23:08:04 +01:00
Pierre Souchay
56d5c0bf22
Enable Raft index optimization per service name on health endpoint
...
Had to fix unit test in order to check properly indexes.
2018-02-20 01:35:50 +01:00
Paul Banks
69ebbf3e79
Fixes #3891 : agent monitor no longer unresponsive before logs stream.
...
The root cause is actually that the agent's streaming HTTP API didn't flush until the first log line was found which commonly was pretty soon since the default level is INFO. In cases where there were no logs immediately due to level for instance, the client gets stuck in the HTTP code waiting on a response packet from the server before we enter the loop that checks the shutdown channel from the signal handler.
This fix flushes the initial status immediately on the streaming endpoint which lets the client code get into it's expected state where it's listening for shutdown or log lines.
2018-02-19 21:53:10 +00:00
Pierre Souchay
ec1b278595
Get only first service to test whether we have to cleanup index of a service
2018-02-19 22:44:49 +01:00
Pierre Souchay
523feb0be4
Fixed comment about raftIndex + use test.Helper()
2018-02-19 19:30:25 +01:00
Pierre Souchay
4c188c1d08
Services Indexes modified per service instead of using a global Index
...
This patch improves the watches for services on large cluster:
each service has now its own index, such watches on a specific service
are not modified by changes in the global catalog.
It should improve a lot the performance of tools such as consul-template
or libraries performing watches on very large clusters with many
services/watches.
2018-02-19 18:29:22 +01:00
Edd Steel
35c2083422
Clarify comments
2018-02-17 17:46:11 -08:00
Edd Steel
61be181f6f
Test every endpoint for OPTIONS/MethodNotFound
2018-02-17 17:34:13 -08:00
Edd Steel
6c33163959
Allow endpoints to handle OPTIONS/MethodNotFound themselves
2018-02-17 17:34:03 -08:00
Edd Steel
4dc9d2ebd7
Initialise `allowedMethods` in init()
2018-02-17 17:31:24 -08:00
Kyle Havlovitz
ea452c6032
Fix the coordinate update endpoint not passing the ACL token
2018-02-15 11:58:02 -08:00
Edd Steel
40eefc9f7d
Support OPTIONS requests
...
- register endpoints with supported methods
- support OPTIONS requests, indicating supported methods
- extract method validation (error 405) from individual endpoints
- on 405 where multiple methods are allowed, create a single Allow
header with comma-separated values, not multiple Allow headers.
2018-02-12 10:15:31 -08:00
Andrei Burd
dbb010c865
adding human readability for dns requests debug log ( #3751 )
2018-02-11 09:02:28 -06:00
Pierre Souchay
824b72cf90
Merge remote-tracking branch 'origin/master' into service_metadata
2018-02-11 13:20:49 +01:00
Pierre Souchay
e99bf584c9
Fixed TestSanitize unit test
2018-02-11 12:11:11 +01:00
James Phillips
37cf6583db
Fixes a panic on TCP-based DNS lookups.
...
This came in via the monkey patch in #3861 .
Fixes #3877
2018-02-08 17:57:41 -08:00
Pierre Souchay
f2df4005fe
Added unit tests for structs and fixed PartialClone()
2018-02-09 01:37:45 +01:00
James Phillips
4f3b4d0e55
Addresses additional state mutations.
...
Did a sweep of 84d6ac2d51
and checked them all.
2018-02-07 07:02:10 -08:00
James Phillips
ca461f8890
Fixes all the racy output-side updates to tags.
2018-02-06 20:35:55 -08:00
James Phillips
e7dd7b2d13
Adds a more robust unit test for index churn.
2018-02-06 20:35:38 -08:00
Pierre Souchay
3acc5b58d4
Added support for Service Metadata
2018-02-07 01:54:42 +01:00
James Phillips
41e3fcf205
Makes server manager shift away from failed servers from Serf events.
...
Because this code was doing pointer equality checks, it would work for
the case of a failed attempted RPC because the objects are from the
manager itself:
https://github.com/hashicorp/consul/blob/v1.0.3/agent/consul/rpc.go#L283-L302
But the pointer check would always fail for events coming in from the
Serf path because the server object is newly-created:
https://github.com/hashicorp/consul/blob/v1.0.3/agent/router/serf_adapter.go#L14-L40
This means that we didn't proactively shift RPC traffic away from a
failed server, we'd have to wait for an RPC to fail, which exposes
the error to the calling client.
By switching over to a name check vs. a pointer check we get the correct
behavior. We added a DEBUG log as well to help observe this behavior during
integrated testing.
Related to #3863 since the fix here needed the same logic duplicated, owing
to the complicated atomic stuff.
/cc @dadgar for a heads up in case this also affects Nomad.
2018-02-05 17:56:00 -08:00
James Phillips
c718459e49
Adds a before/after test for #3845 .
2018-02-05 16:18:29 -08:00
James Phillips
5b245c0201
Merge pull request #3845 from 42wim/tagfix
...
Fix service tags not added to health check. Part two
2018-02-05 16:18:00 -08:00
Kyle Havlovitz
46745eb89b
Add enterprise default config section
2018-02-05 13:33:59 -08:00
James Phillips
0aa05cc5f0
Merge pull request #3855 from hashicorp/pr-3782-slackpad
...
Adds support for gRPC health checks.
2018-02-02 17:57:27 -08:00
James Phillips
1a08e8c0f1
Changes "TLS" to "GRPCUseTLS" since it only applies to GRPC checks.
2018-02-02 17:29:34 -08:00
Wim
5cc76cce09
Fix service tags not added to health check. Part two
2018-01-29 20:32:44 +01:00
Veselkov Konstantin
c2395d9bd0
fix refactoring
2018-01-28 22:53:30 +04:00
Veselkov Konstantin
c4ad54e057
fix refactoring
2018-01-28 22:48:21 +04:00
Veselkov Konstantin
05666113a4
remove golint warnings
2018-01-28 22:40:13 +04:00
James Phillips
443250c76c
Improves user lookup error message.
...
Closes #3188
Closes #3184
2018-01-26 07:56:44 -08:00
Kyle Havlovitz
32dbb51c3b
Remove nonvoter from metadata.Server
2018-01-25 17:08:03 -08:00
James Phillips
38f5b2e7ce
Gets rid of named return parameters.
...
This wasn't wrong before but we don't generally use this style in
Consul.
2018-01-25 14:29:50 -08:00
James Phillips
1acaaecbdd
Moves non-stdlib includes into their own section.
2018-01-25 14:26:15 -08:00
Kyle Havlovitz
0e76d62846
Reset clusterHealth when autopilot starts
2018-01-23 12:52:28 -08:00
Kyle Havlovitz
6d1dbe6cc4
Move autopilot health loop into leader operations
2018-01-23 11:17:41 -08:00
James Phillips
a4c3a3433c
Updates web assets to latest.
2018-01-22 14:46:07 -08:00
Kyle Havlovitz
c4528a6110
Merge pull request #3821 from hashicorp/persist-file-handling
...
Add graceful handling of malformed persisted service/check files.
2018-01-22 12:31:33 -08:00
Kyle Havlovitz
bb068b4c93
Merge pull request #3820 from hashicorp/serfwan-port-fix
...
Enforce a valid port for the Serf WAN since it can't be disabled.
2018-01-19 15:40:56 -08:00
James Phillips
77ab587ae1
Moves the coordinate fetch after the ACL check.
2018-01-19 15:25:22 -08:00
Kyle Havlovitz
b651253cb2
Don't remove the files, just log an error
2018-01-19 14:25:51 -08:00
Kyle Havlovitz
f191eb2df3
Enforce a valid port for the Serf WAN since it can't be disabled.
...
Fixes #3817
2018-01-19 14:22:23 -08:00
Kyle Havlovitz
17ec4a9394
Add graceful handling of malformed persisted service/check files.
...
Previously a change was made to make the file writing atomic,
but that wasn't enough to cover something like an OS crash so we
needed something here to handle the situation more gracefully.
Fixes #1221 .
2018-01-19 14:07:36 -08:00
James Hartig
81d0ffc959
Resolve symlinks in config directory
...
Docker/Openshift/Kubernetes mount the config file as a symbolic link and
IsDir returns true if the file is a symlink. Before calling IsDir, the
symlink should be resolved to determine if it points at a file or
directory.
Fixes #3753
2018-01-12 15:43:38 -05:00
James Phillips
ca43623734
Adds the NodeID field back to the /v1/agent/self Config block.
...
Fixes #3778
2018-01-10 15:17:54 -08:00
James Phillips
ff2aae98f4
Adds more info about how to fix the private IP error.
...
Closes #3790
2018-01-10 09:53:41 -08:00
James Phillips
e282e9285c
Fixes crash where body was optional for PQ endpoint (it is not).
...
Fixes #3791
2018-01-10 09:33:49 -08:00
Dmytro Kostiuchenko
a45f6ad740
Add gRPC health-check #3073
2018-01-04 16:42:30 -05:00
Diptanu Choudhury
f597d66392
Using labels
2017-12-21 20:30:29 -08:00
Diptanu Choudhury
ac50568a1a
Added telemetry around Catalog APIs
2017-12-21 16:35:12 -08:00
James Phillips
1cd94dec8a
Updates the checked in web assets.
2017-12-20 19:51:04 -08:00
James Phillips
bfce81d721
Updates the built-in web assets.
2017-12-20 17:48:51 -08:00
James Phillips
8fd94a2e7c
Wraps HTTP mux to ban all non-printable characters from paths.
2017-12-20 15:47:53 -08:00
James Phillips
6f09cf48db
Updates the built-in web UI assets.
2017-12-20 13:43:52 -08:00
James Phillips
62e97a6602
Fixes a `go fmt` cleanup.
2017-12-20 13:43:38 -08:00
Kyle Havlovitz
74b0c58831
Fix vet error
2017-12-18 18:04:42 -08:00
Kyle Havlovitz
dfc165a47b
Move autopilot initializing to oss file
2017-12-18 18:02:44 -08:00
Kyle Havlovitz
044c38aa7b
Move autopilot setup to a separate file
2017-12-18 16:55:51 -08:00
Kyle Havlovitz
9e1ba6fb4e
Make some final tweaks to autopilot package
2017-12-18 12:26:47 -08:00
Kyle Havlovitz
6b58df5898
Merge pull request #3737 from hashicorp/autopilot-refactor
...
Move autopilot to a standalone package
2017-12-15 14:09:40 -08:00
James Phillips
262cbbd9ca
Merge pull request #3728 from weiwei04/fix_globalRPC_goroutine_leak
...
fix globalRPC goroutine leak
2017-12-14 17:54:19 -08:00
James Phillips
518ab954bc
Merge pull request #3642 from yfouquet/master
...
[Fix] Service tags not added to health checks
2017-12-14 13:59:39 -08:00
James Phillips
47cd775b3d
Works around mapstructure behavior to enable sessions with no checks.
...
Fixes #3732
2017-12-14 09:07:56 -08:00
Kyle Havlovitz
798aca92c5
Expose IsPotentialVoter for advanced autopilot logic
2017-12-13 17:53:51 -08:00
James Phillips
68c94a5047
Changes maps to merge vs. overwrite when processing configs.
...
Fixes #3716
2017-12-13 16:06:01 -08:00
Kyle Havlovitz
a4ac148077
Merge branch 'master' into autopilot-refactor
2017-12-13 11:54:32 -08:00
Kyle Havlovitz
6c985132de
A few last autopilot adjustments
2017-12-13 11:19:17 -08:00
Kyle Havlovitz
77d92bf15c
More autopilot reorganizing
2017-12-13 10:57:37 -08:00
James Phillips
984de6e2e0
Adds TODOs referencing #3744 .
2017-12-13 10:52:06 -08:00
James Phillips
63011dd393
Copies the autopilot settings from the runtime config.
...
Fixes #3730
2017-12-13 10:32:05 -08:00
Kyle Havlovitz
f347c8a531
More refactoring to make autopilot consul-agnostic
2017-12-12 17:46:28 -08:00
Yoann Fouquet
f4f7db0059
[Fix] Service tags not added to health checks
...
Since commit 9685bdcd0ba4b4b3adb04f9c1dd67d637ca7894e, service tags are added to the health checks.
Otherwise, when adding a service, tags are not added to its check.
In updateSyncState, we compare the checks of the local agent with the checks of the catalog.
It appears that the service tags are different (missing in one case), and so the check is synchronized.
That increase the ModifyIndex periodically when nothing changes.
Fixed it by adding serviceTags to the check.
Note that the issue appeared in version 0.8.2.
Looks related to #3259 .
2017-12-12 13:39:37 +01:00
Kyle Havlovitz
8546a1d3c6
Move autopilot to a standalone package
2017-12-11 16:45:33 -08:00
James Phillips
32b64575d1
Moves Serf helper into lib to fix import cycle in consul-enterprise.
2017-12-07 16:57:58 -08:00
James Phillips
c16cce80bb
Turns of intent queue warnings and enables dynamic queue sizing.
2017-12-07 16:27:06 -08:00
Wei Wei
04531ff0fb
fix globalRPC goroutine leak
...
Signed-off-by: Wei Wei <weiwei.inf@gmail.com>
2017-12-05 11:53:30 +08:00
James Phillips
c4bc89a187
Creates a registration mechanism for snapshot and restore.
2017-11-29 18:36:53 -08:00
James Phillips
8571555703
Begins split out of snapshots from the main FSM class.
2017-11-29 18:36:53 -08:00
James Phillips
4eaee8e0ba
Creates a registration mechanism for FSM commands.
2017-11-29 18:36:53 -08:00
James Phillips
3e7ea1931c
Moves the FSM into its own package.
...
This will help make it clearer what happens when we add some registration
plumbing for the different operations and snapshots.
2017-11-29 18:36:53 -08:00
James Phillips
7f3783f4be
Resolves an FSM snapshot TODO.
...
This adds checks for sink write calls before we continue the refactor, which
will resolve the other TODO comment we deleted as part of this change.
2017-11-29 18:36:53 -08:00
James Phillips
5a24d37ac0
Creates a registration mechanism for schemas.
...
This also splits out the registration into the table-specific source
files.
2017-11-29 18:36:52 -08:00
James Phillips
36bb30e67a
Creates a registration mechanism for RPC endpoints.
2017-11-29 18:36:52 -08:00
James Phillips
8f802411c4
Creates HTTP endpoint registry.
2017-11-29 18:36:52 -08:00
James Phillips
8da7f0ff7e
Moves coordinate disabled logic down into endpoints.
...
Similar rationale to the previous change for ACLs.
2017-11-29 18:36:52 -08:00
James Phillips
cf30d409c9
Moves ACL disabled response logic down into endpoints.
...
This lets us make the registration of endpoints less fancy, on the
road to adding a registration mechanism.
2017-11-29 18:36:52 -08:00
James Phillips
6234f0bd46
Renames "segments" to "segment" to be consistent with other files.
2017-11-29 18:36:52 -08:00
James Phillips
ba56669ea8
Renames stubs to be more consistent.
2017-11-29 18:36:52 -08:00
James Phillips
56552095c9
Sheds monotonic time info so tombstone GC bins work properly.
2017-11-29 10:34:24 -08:00
James Phillips
8656b7a3e9
Gives back the lock before writing to the expire channel.
...
The lock isn't needed after we clean up the expire bin, and as seen
in #3700 we can get into a deadlock waiting to place the expire index
into the channel while holding this lock.
Fixes #3700
2017-11-19 16:24:16 -08:00
James Phillips
ae85cc4070
Skips files with unknown extensions when not forcing a format.
...
Fixes #3685
2017-11-10 18:06:07 -08:00
James Phillips
d5bf4e9c6e
Adds a snapshot agent stub to the config structure.
...
Fixes #3678
2017-11-10 13:50:45 -08:00
James Phillips
50cdff36e5
Cleans up check logging.
...
There were places where we still didn't have the script vs. args sorted
correctly so changed all the logging to be just based on check IDs and
also made everything uniform.
Also removed some annoying debug logging, and moved some of the large output
logging to TRACE level.
Closes #3602
2017-11-10 12:48:44 -08:00
James Phillips
8210523b1b
Moves the LAN event handler after the router is created.
...
Fixes #3680
2017-11-10 12:26:48 -08:00
James Phillips
bfbbfb62ca
Revert "Adds a small sleep to make sure we are in the next GC bucket."
2017-11-08 22:18:37 -08:00
James Phillips
d6328a5bf8
Adds a sleep to make sure we are in the next GC bucket, ups time.
...
Fixes #3670
2017-11-08 22:02:40 -08:00
James Phillips
91824375be
Skips the tombstone GC test in Travis for now.
...
Related to #3670
2017-11-08 20:14:20 -08:00
James Phillips
c060df20de
Adds missing os import.
2017-11-08 20:02:22 -08:00
James Phillips
b94ba8aeb4
Removes bogus getPort() in favor of freeport.
2017-11-08 19:55:50 -08:00
James Phillips
04a7907a7e
Skips IPv6 test in Travis.
2017-11-08 18:28:45 -08:00
James Phillips
c52824bab7
Adds a longer retry period for the AE deferred output test.
...
There's some justification in the comments about this and a TODO to
improve this later.
Fixes #3668
2017-11-08 18:10:13 -08:00
James Phillips
444a345a3a
Tightens timing up and reorders GC test to be less flaky.
2017-11-08 15:09:29 -08:00
James Phillips
e00624425b
Doubles the GC timing.
2017-11-08 15:01:11 -08:00
James Phillips
8eb91777d9
Opens up test timing a little more.
2017-11-08 14:01:19 -08:00
James Phillips
d45c2a01f1
Shifts off a gran boundary to help make test less flaky.
2017-11-08 13:57:17 -08:00
James Phillips
757e353334
Opens up the tombstone GC test timing.
2017-11-08 13:43:39 -08:00
James Phillips
532cafe0af
Adds enable_agent_tls_for_checks configuration option which allows ( #3661 )
...
HTTP health checks for services requiring 2-way TLS to be checked
using the agent's credentials.
2017-11-07 18:22:09 -08:00
James Phillips
9de2d8921f
Saves the cycled server list after a failed ping when rebalancing. ( #3662 )
...
Fixes #3463
2017-11-07 18:13:23 -08:00
James Phillips
d938493671
Double-books the HTTP metrics w/ and w/o the "consul" prefix.
...
Fixes #3654
2017-11-07 16:32:45 -08:00
James Phillips
8709f65afd
Adds HTTP/2 support to Consul's HTTPS server. ( #3657 )
...
* Refactors the HTTP listen path to create servers in the same spot.
* Adds HTTP/2 support to Consul's HTTPS server.
* Vendors Go HTTP/2 library and associated deps.
2017-11-07 15:06:59 -08:00
James Phillips
021373d72e
Makes the metrics ACL test call the right endpoint.
...
This also required setting up a proper in-mem sink so we don't get
metrics-related errors.
Fixes #3655
2017-11-06 21:50:04 -08:00
Preetha Appan
ae9e204b3a
Sets tty in docker client back to true, as a potential fix for docker exec weirdness
2017-11-05 09:44:55 -06:00
Kyle Havlovitz
068ca11eb8
Move check definition to a sub-struct
2017-11-01 14:54:46 -07:00
Kyle Havlovitz
bc3ba5f873
Merge branch 'master' into esm-changes
2017-11-01 11:37:48 -07:00
Kyle Havlovitz
83524f44c4
Merge pull request #3622 from hashicorp/coordinate-node-endpoint
...
agent: add /v1/coordianate/node/:node endpoint
2017-11-01 11:35:50 -07:00
Kyle Havlovitz
3542d7fcb6
Remove redundant lines from coordinate test
2017-11-01 11:25:33 -07:00
Kyle Havlovitz
9909b661ac
Fill out the tests around coordinate/node functionality
2017-10-31 15:36:44 -07:00
Frank Schröder
3cb1cd3723
config: add -config-format option ( #3626 )
...
* config: refactor ReadPath(s) methods without side-effects
Return the sources instead of modifying the state.
* config: clean data dir before every test
* config: add tests for config-file and config-dir
* config: add -config-format option
Starting with Consul 1.0 all config files must have a '.json' or '.hcl'
extension to make it unambigous how the data should be parsed. Some
automation tools generate temporary files by appending a random string
to the generated file which obfuscates the extension and prevents the
file type detection.
This patch adds a -config-format option which can be used to override
the auto-detection behavior by forcing all config files or all files
within a config directory independent of their extension to be
interpreted as of this format.
Fixes #3620
2017-10-31 17:30:01 -05:00
Frank Schröder
56561523cf
vendor: update go-discover ( #3634 )
...
* vendor: update go-discover
Pull in providers:
* Aliyun (Alibaba Cloud)
* Digital Ocean
* OpenStack (os)
* Scaleway
* doc: use ... instead of xxx
* doc: strip trailing whitespace
* doc: add docs for aliyun, digitalocean, os and scaleway
* agent: fix test
2017-10-31 17:03:54 -05:00
Kyle Havlovitz
fd4d9f1c16
Factor out registerNodes function
2017-10-31 13:34:49 -07:00
James Phillips
c6e0366c02
Relaxes Autopilot promotion logic. ( #3623 )
...
* Relaxes Autopilot promotion logic.
When we defaulted the Raft protocol version to 3 in #3477 we made
the numPeers() routine more strict to only count voters (this is
more conservative and more correct). This had the side effect of
breaking rolling updates because it's at odds with the Autopilot
non-voter promotion logic.
That logic used to wait to only promote to maintain an odd quorum
of servers. During a rolling update (add one new server, wait, and
then kill an old server) the dead server cleanup would still count
the old server as a peer, which is conservative and the right thing
to do, and no longer count the non-voter. This would wait to promote,
so you could get into a stalemate. It is safer to promote early than
remove early, so by promoting as soon as possible we have chosen
that as the solution here.
Fixes #3611
* Gets rid of unnecessary extra not-a-voter check.
2017-10-31 15:16:56 -05:00
Frank Schroeder
82a52d3b50
docker: fix failing test
2017-10-31 09:26:34 +01:00
Frank Schroeder
ed1b1b54cd
docker: render errors with %v since they can be nil
2017-10-31 09:19:20 +01:00
Kyle Havlovitz
2c7f7799bb
Add tests around coordinate update endpoint
2017-10-26 20:12:54 -07:00
Kyle Havlovitz
496dd7ab5b
Merge branch 'coordinate-node-endpoint' of github.com:hashicorp/consul into esm-changes
2017-10-26 19:20:24 -07:00
Kyle Havlovitz
f80e70271d
Added Coordinate.Node rpc endpoint and client api method
2017-10-26 19:16:40 -07:00
Frank Schroeder
87206133be
agent: add /v1/coordianate/node/:node endpoint
...
This patch adds a /v1/coordinate/node/:node endpoint to get the network
coordinates for a single node in the network.
Since Consul Enterprise supports network segments it is still possible
to receive mutiple entries for a single node - one per segment.
2017-10-26 14:24:42 +02:00
Frank Schroeder
712447026f
docker: add comment about "connection reset by peer" error
2017-10-26 12:14:19 +02:00
Frank Schroeder
7d05e55734
docker: stop previous check on replace
2017-10-26 12:03:07 +02:00
Frank Schroeder
bf98779d84
docker: close idle connections on stop
2017-10-26 12:02:39 +02:00
Frank Schroeder
0a9d2a367e
docker: do not alloc a tty since this is not interactive
2017-10-26 11:56:54 +02:00
Frank Schroeder
b1a5a6b64d
docker: make sure to log the error when we fall through
2017-10-26 11:56:36 +02:00
Frank Schroeder
b907c4611d
docker: ignore "connection reset by peer"
...
The Docker agent closes the connection during read after we have
read the body. This causes a "connection reset by peer" even though
the command was successful.
We ignore that error here since we got the correct status code
and a response body.
2017-10-26 11:56:08 +02:00
Kyle Havlovitz
16908be034
Add deregister critical service field and refactor duration parsing
2017-10-25 19:17:41 -07:00
Kyle Havlovitz
ab3dac2379
Added coordinate update http endpoint
2017-10-25 19:37:30 +02:00
Kyle Havlovitz
7d82ece118
Added remaining HTTP health check fields to structs
2017-10-25 19:37:30 +02:00
Kyle Havlovitz
84a07ea113
Expose SkipNodeUpdate field and some health check info in the http api
2017-10-25 19:37:30 +02:00
Frank Schroeder
2719194b6d
fix go vet issue
2017-10-25 19:30:35 +02:00
Frank Schroeder
1eb3d0e0d4
replace custom unique id with a UUID
2017-10-25 19:30:35 +02:00
Frank Schroeder
1dab004335
Decouple the code that executes checks from the agent
2017-10-25 11:18:07 +02:00
Frank Schroeder
1d2ae14719
local state: fix go vet issue
2017-10-23 10:56:05 +02:00
Frank Schroeder
a818414bb6
local state: remove stale comment
2017-10-23 10:56:05 +02:00
Frank Schroeder
329fdc40a8
local state: make test more robust
2017-10-23 10:56:05 +02:00
Frank Schroeder
f5a3d73b27
local state: clone check to avoid side effect
2017-10-23 10:56:05 +02:00
Frank Schroeder
b36613e7ff
local state: use synchronized access to internal maps
2017-10-23 10:56:05 +02:00
Frank Schroeder
e5318061d1
ae: do not trigger on Resume while holding the lock
2017-10-23 10:56:05 +02:00
Frank Schroeder
7d5dfa9c53
ae: add remaining test cases
2017-10-23 10:56:05 +02:00