88627700d0
Merge pull request #11051 from hashicorp/partitions/fixes
2021-09-16 09:29:00 -06:00
494764ee2d
acl: small resolver changes to account for partitions ( #11052 )
...
Also refactoring the enterprise side of a test to make it easier to reason about.
2021-09-16 09:17:02 -05:00
7927a97c2f
Fixup manager tests
2021-09-15 17:24:05 -06:00
dc549eca30
Default partition in match endpoint
2021-09-15 17:23:52 -06:00
0cdcbbb4c9
Pass partition to intention match query
2021-09-15 17:23:52 -06:00
a57c52ca32
Ensure partition is used for SAN validation
2021-09-15 17:23:48 -06:00
08b222cfc3
ACL Binding Rules table partitioning ( #11044 )
...
* ACL Binding Rules table partitioning
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-09-15 13:26:08 -07:00
23e3f865b0
auto-updated agent/uiserver/bindata_assetfs.go from commit fc14a412f
2021-09-15 18:55:29 +00:00
abe0195257
auto-updated agent/uiserver/bindata_assetfs.go from commit b16a6fa03
2021-09-15 17:14:42 +00:00
25ea1a9276
use const instead of literals for `tableIndex` ( #11039 )
2021-09-15 10:24:04 -04:00
ffe3806aaf
Refactor `indexAuthMethod` in `tableACLBindingRules` ( #11029 )
...
* Port consul-enterprise #1123 to OSS
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
* Fixup missing query field
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
* change to re-trigger ci system
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-09-15 09:34:19 -04:00
8804577de1
Merge pull request #11024 from hashicorp/partitions/rbac
2021-09-14 11:18:19 -06:00
27f40ccf51
Update error texts ( #11022 )
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-09-14 11:08:06 -06:00
f209408918
Update spiffe ID patterns used for RBAC
2021-09-14 11:00:03 -06:00
0e30151eaa
Expand testing of simplifyNotSourceSlice for partitions
2021-09-14 10:55:15 -06:00
a65da57a3d
Expand testing of removeSameSourceIntentions for partitions
2021-09-14 10:55:09 -06:00
e9d78a20c7
Account for partition when matching src intentions
2021-09-14 10:55:02 -06:00
44d91ea56f
Add failures_before_warning to checks ( #10969 )
...
Signed-off-by: Jakub Sokołowski <jakub@status.im>
* agent: add failures_before_warning setting
The new setting allows users to specify the number of check failures
that have to happen before a service status us updated to be `warning`.
This allows for more visibility for detected issues without creating
alerts and pinging administrators. Unlike the previous behavior, which
caused the service status to not update until it reached the configured
`failures_before_critical` setting, now Consul updates the Web UI view
with the `warning` state and the output of the service check when
`failures_before_warning` is breached.
The default value of `FailuresBeforeWarning` is the same as the value of
`FailuresBeforeCritical`, which allows for retaining the previous default
behavior of not triggering a warning.
When `FailuresBeforeWarning` is set to a value higher than that of
`FailuresBeforeCritical it has no effect as `FailuresBeforeCritical`
takes precedence.
Resolves: https://github.com/hashicorp/consul/issues/10680
Signed-off-by: Jakub Sokołowski <jakub@status.im>
Co-authored-by: Jakub Sokołowski <jakub@status.im>
2021-09-14 12:47:52 -04:00
4992218676
convert expiration indexed in ACLToken table to use `indexerSingle` ( #11018 )
...
* move intFromBool to be available for oss
* add expiry indexes
* remove dead code: `TokenExpirationIndex`
* fix remove indexer `TokenExpirationIndex`
* fix rebase issue
2021-09-13 14:37:16 -04:00
1f23bdf388
add locality indexer partitioning ( #11016 )
...
* convert `Roles` index to use `indexerSingle`
* split authmethod write indexer to oss and ent
* add index locality
* add locality unit tests
* move intFromBool to be available for oss
* use Bool func
* refactor `aclTokenList` to merge func
2021-09-13 11:53:00 -04:00
3638825db8
convert `indexAuthMethod` index to use `indexerSingle` ( #11014 )
...
* convert `Roles` index to use `indexerSingle`
* fix oss build
* split authmethod write indexer to oss and ent
* add auth method unit tests
2021-09-10 16:56:56 -04:00
ecbe8f0656
Include namespace and partition in error messages when validating ingress header manip
2021-09-10 21:11:00 +01:00
e6642c6dae
Refactor HTTPHeaderModifiers.MergeDefaults based on feedback
2021-09-10 21:11:00 +01:00
a1acb7ec3b
Fix enterprise test failures caused by differences in normalizing EnterpriseMeta
2021-09-10 21:11:00 +01:00
3484d77b18
Fix enterprise discovery chain tests; Fix multi-level split merging
2021-09-10 21:11:00 +01:00
e0ad412f1d
Remove unnecessary check
2021-09-10 21:09:24 +01:00
5c6d27555b
Fix discovery chain test fixtures
2021-09-10 21:09:24 +01:00
bc1c86df96
Integration tests for all new header manip features
2021-09-10 21:09:24 +01:00
1dd1683ed9
Header manip for split legs plumbing
2021-09-10 21:09:24 +01:00
f70f7b2389
Header manip for service-router plumbed through
2021-09-10 21:09:24 +01:00
fc2ed4cdf4
Ingress gateway header manip plumbing
2021-09-10 21:09:24 +01:00
2db02cdba2
Add HTTP header manip for router and splitter entries
2021-09-10 21:09:24 +01:00
7ac9b46f08
Header manip and validation added for ingress-gateway entries
2021-09-10 21:09:24 +01:00
82b30f8020
convert `Roles` index to use `indexerMulti` ( #11013 )
...
* convert `Roles` index to use `indexerMulti`
* add role test in oss
* fix oss to use the right index func
* preallocate slice
2021-09-10 16:04:33 -04:00
569e18d002
convert indexPolicies in ACLTokens table to the new index ( #11011 )
2021-09-10 14:57:37 -04:00
0d0edeec27
convert indexSecret to the new index ( #11007 )
2021-09-10 09:10:11 -04:00
f0cbe25ca6
convert indexAccessor to the new index ( #11002 )
2021-09-09 16:28:04 -04:00
24c6ce0be0
tls: consider presented intermediates during server connection tls handshake. ( #10964 )
...
* use intermediates when verifying
* extract connection state
* remove useless import
* add changelog entry
* golint
* better error
* wording
* collect errors
* use SAN.DNSName instead of CommonName
* Add test for unknown intermediate
* improve changelog entry
2021-09-09 21:48:54 +02:00
3fb797382b
Sync enterprise changes to oss ( #10994 )
...
This commit updates OSS with files for enterprise-specific admin partitions feature work
2021-09-08 11:59:30 -04:00
a7b5a5d1b4
Merge pull request #10984 from hashicorp/mesh-resource
...
acl: adding a new mesh resource
2021-09-07 15:06:20 -07:00
96d7842118
partition dicovery chains ( #10983 )
...
* partition dicovery chains
* fix default partition for OSS
2021-09-07 16:29:32 -04:00
4206f585f0
acl: adding a new mesh resource
2021-09-03 09:12:03 -04:00
72391dc99c
try to infer command partition from node partition ( #10981 )
2021-09-03 08:37:23 -04:00
eb19271fd7
add partition to SNI when partition is non default ( #10917 )
2021-09-01 10:35:39 -04:00
11672defaf
connect: update envoy supported versions to latest patch release
...
(#10961 )
Relevant advisory:
https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h
2021-08-31 10:39:18 -06:00
93f94ac24f
rpc: authorize raft requests ( #10925 )
2021-08-26 15:04:32 -07:00
a758581ab6
auto-updated agent/uiserver/bindata_assetfs.go from commit eeeb91bea
2021-08-26 18:13:08 +00:00
86de20c975
ent->oss test fix ( #10926 )
2021-08-26 14:06:49 -04:00
5c67517647
auto-updated agent/uiserver/bindata_assetfs.go from commit a907e1d87
2021-08-26 18:02:18 +00:00
d9022ce788
auto-updated agent/uiserver/bindata_assetfs.go from commit a0b0ed2bc
2021-08-26 16:06:09 +00:00
Freddy