Daniel Nephin
d54db5917f
config: move ACL master token and replication to DeprecatedConfig
2021-09-23 15:14:59 -04:00
CJ
6d20f74c90
docs: Fix grammatical errors in glossary ( #10751 )
2021-09-23 08:36:52 -07:00
Paul Banks
f8412cf5fa
Merge pull request #10903 from hashicorp/feature/ingress-sds
...
Add Support to for providing TLS certificates for Ingress listeners from an SDS source
2021-09-23 16:19:05 +01:00
Dhia Ayachi
ebe333b947
Refactor table index ( #11131 )
...
* convert tableIndex to use the new pattern
* make `indexFromString` available for oss as well
* refactor `indexUpdateMaxTxn`
2021-09-23 11:06:23 -04:00
Paul Banks
d57931124f
Final readability tweaks from review
2021-09-23 10:17:12 +01:00
Paul Banks
8c8cde524e
Add Envoy integration test for split-route SDS case
2021-09-23 10:17:03 +01:00
Paul Banks
626232e4cd
Minor improvements to SDS server from review
2021-09-23 10:13:41 +01:00
Paul Banks
66c625a64d
Fix subtle loop bug and add test
2021-09-23 10:13:41 +01:00
Paul Banks
7198d0bd80
Refactor SDS validation to make it more contained and readable
2021-09-23 10:13:19 +01:00
Paul Banks
fe4f69613c
Refactor Ingress-specific lister code to separate file
2021-09-23 10:13:19 +01:00
Paul Banks
f4f0793a10
Minor PR typo and cleanup fixes
2021-09-23 10:13:19 +01:00
Paul Banks
4cc1ccf892
Revert abandonned changes to proxycfg for Ent test consistency
2021-09-23 10:13:19 +01:00
Paul Banks
d812a0edc7
Fix merge conflict in xds tests
2021-09-23 10:12:37 +01:00
Paul Banks
3b2a4fc458
Allow skipping v2 compat tests for SDS as it's only the SDS server integration that doesn't support v2
2021-09-23 10:12:37 +01:00
Paul Banks
cd6491ea71
Fix integration tests in CI - serve SDS certs from the Docker image not a mounted path
2021-09-23 10:12:37 +01:00
Paul Banks
c2174260bc
Fix integration test for older Envoy versions
2021-09-23 10:12:37 +01:00
Paul Banks
a24efd20fc
Fix some more Enterprise Normalization issues affecting tests
2021-09-23 10:12:37 +01:00
Paul Banks
aa3240483f
Add changelog; Add API package support for new fields.
2021-09-23 10:12:37 +01:00
Paul Banks
15969327c0
Remove unused argument to fix lint error
2021-09-23 10:09:11 +01:00
Paul Banks
9422e4ebc7
Handle namespaces in route names correctly; add tests for enterprise
2021-09-23 10:09:11 +01:00
Paul Banks
1f62bca08b
Add basic integration test for Envoy ingress with SDS
2021-09-23 10:08:02 +01:00
Paul Banks
9d576a08dc
Update xDS routes to support ingress services with different TLS config
2021-09-23 10:08:02 +01:00
Paul Banks
8a4254a894
Update xDS Listeners with SDS support
2021-09-23 10:08:02 +01:00
Paul Banks
8548e15f1b
Update proxycfg to hold more ingress config state
2021-09-23 10:08:02 +01:00
Paul Banks
0e410a1b1f
Add ingress-gateway config for SDS
2021-09-23 10:08:02 +01:00
Daniel Nephin
3e6dc2a843
acl: remove ACL.Apply
...
As part of removing the legacy ACL system.
2021-09-22 18:28:08 -04:00
Daniel Nephin
2ce64e2837
acl: made acl rules in tests slightly more specific
...
When converting these tests from the legacy ACL system to the new RPC endpoints I
initially changed most things to use _prefix rules, because that was equivalent to
the old legacy rules.
This commit modifies a few of those rules to be a bit more specific by replacing the _prefix
rule with a non-prefix one where possible.
2021-09-22 18:24:56 -04:00
Mark Anderson
c87d57bfeb
partitions/authmethod-index work from enterprise ( #11056 )
...
* partitions/authmethod-index work from enterprise
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-09-22 13:19:20 -07:00
Chris S. Kim
d222f170a7
connect: Allow upstream listener escape hatch for prepared queries ( #11109 )
2021-09-22 15:27:10 -04:00
Evan Culver
88a899d06a
connect: remove support for Envoy 1.15
2021-09-22 11:48:50 -07:00
R.B. Boyer
ba13416b57
grpc: strip local ACL tokens from RPCs during forwarding if crossing datacenters ( #11099 )
...
Fixes #11086
2021-09-22 13:14:26 -05:00
Evan Culver
b877ad6e72
add changelog entry
2021-09-22 10:57:36 -07:00
Evan Culver
34f64ed208
update docs to indicate support for envoy 1.19.1 in Consul 1.11.x
2021-09-22 10:57:22 -07:00
John Cowen
b0b88286b8
ui: Add initial i18n docs page ( #10888 )
2021-09-22 18:51:39 +01:00
John Cowen
5857b2214f
ui: Add partition parameter when clearing child-selector forms in ACLs ( #11106 )
2021-09-22 18:36:09 +01:00
John Cowen
f08e27a5f0
ui: Add an isDestroyed check for the MenuPanel component ( #11104 )
...
This solves an occasionally flakey tests I see every so often
2021-09-22 18:33:31 +01:00
John Cowen
51149cdae2
ui: Remove legacy ACLs ( #11096 )
2021-09-22 18:32:51 +01:00
John Cowen
5da06645b0
ui: Gracefully recover from non-existent DC errors ( #11077 )
...
* ui: Gracefully recover from non-existent DC errors
This PR fixes what happens in the UI if you try to navigate to a non-existing DC.
When we received a 500 error from an API response due to a non-existent DC, previously we would show a 404 error, which is what we were trying to convey. But in the spirit of the UI being a 'thin client', its probably best to just show the 500 error from the API response, which may help folks to debug any issues better.
* Automatically set the CONSUL_DATACENTER_LOCAL env var for testing
2021-09-22 18:26:36 +01:00
John Cowen
f8afe3e9db
ui: Always show main navigation Key/Value link ( #10916 )
...
* ui: Ignore response from API for KV permissions
Currently there is no way for us to use our HTTP authorization API
endpoint to tell us whether a user has access to any KVs (including the
case where a user may not have access to the root KV store, but do have
access to a sub item)
This is a little weird still as in the above case the user would click
on this link and still get a 403 for the root, and then have to manually
type in the URL for the KV they do have access to.
Despite this we think this change makes sense as at least something about KV is
visible in the main navigation.
Once we have the ability to know if any KVs are accessible, we can add
this guard back in.
We'd initially just removed the logic around the button, but then
noticed there may be further related KV issues due to the nested nature
of KVs so we finally decided on simply ignoring the responses from the
HTTP API, essentially reverting the KV area back to being a thin client.
This means when things are revisited in the backend we can undo this
easily change in one place.
* Move acceptance tests to use ACLs perms instead of KV ones
2021-09-22 18:23:59 +01:00
Daniel Nephin
66453d2de9
config: Move two more fields to DeprecatedConfig
...
And add a test for deprecated config fields.
2021-09-22 13:23:03 -04:00
Daniel Nephin
23f070e0a1
config: Introduce DeprecatedConfig
...
This struct allows us to move all the deprecated config options off of
the main config struct, and keeps all the deprecation logic in a single
place, instead of spread across 3+ places.
2021-09-22 13:22:16 -04:00
Daniel Nephin
7ffd1560aa
lib/decode: fix hook to work with embedded squash struct
...
The decode hook is not call for the embedded squashed struct, so we need to recurse when we
find squash tags.
See https://github.com/mitchellh/mapstructure/issues/226
2021-09-22 13:22:16 -04:00
Evan Culver
4d222cfcd0
add 1.19.x versions to test config
2021-09-22 09:30:45 -07:00
Evan Culver
080e8d2c90
regenerate more envoy golden files
2021-09-22 09:30:23 -07:00
Connor
bc04a155fb
Merge pull request #11090 from hashicorp/clly/kv-usage-metrics
...
Add KVUsage to consul state usage metrics
2021-09-22 11:26:56 -05:00
Ashwin Venkatesh
d92a2478e6
Update docs ( #11111 )
2021-09-22 12:26:08 -04:00
Connor Kelly
bfe6b64ca7
Strip out go 1.17 bits
2021-09-22 11:04:48 -05:00
R.B. Boyer
c23500f156
Merge pull request #11108 from hashicorp/sync-1.11.0-alpha-tag
...
Sync 1.11.0 alpha tag
2021-09-22 10:57:12 -05:00
hc-github-team-consul-core
0ca9b96757
Putting source back into Dev Mode
2021-09-22 10:09:18 -05:00
R.B. Boyer
b227d2514b
Version 1.11.0-alpha
...
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEs2y6kaLAcwxDX8KAsLRBCXaFtnYFAmFDyoMACgkQsLRBCXaF
tna8nQ//bVAd6nKI0Xgotmf2Loce0yobD6PH8IyzllO24jPSGwHFXQsx0d8a5QkV
H1wx6KrXysXKCojrICX3/88T4KNypYpIXIBZoTBQ0rEXaTMoqACcT4y58/UcjFg2
bN8T/wjvD8BV2e0xcZb2C6SgXx8m64UtZKePN1fobKBEpSCszJz8EeWPtPzXdWps
f9axbgV81qy9DTyO7MvbOvco/QaEgzjK+o/57bcLBXZmfWpI1DIARkgIY8XB7pC3
Gq59OegjqjiCliJcnLfIpvemLZg/7BhnLOO5ccvctdgoxFUnzsWk+mKTL0tPyy+d
ZNa1kVgIQKWUoSRje7rHUSu+270PifLegp3zrHLrwKpa2UQGldck13hSMTyBqz1n
5TywpdMJoXZSj5tml2lvaskUh91zvO9v6sX4zJJkES/Kt2KXdHBAGkmzPuiXl5YW
1eScGz5990CwULinV+Cb32HYEojSSD4FWs9KC5NpJmI2kIOiybgiUKIG5uKdz0wh
971BDjCNTC+x+pivtyEy0HAWOUlqROYRpCc40e7Xx0LmJvQ0nqCK2rCWC+0Bi1jK
QCeesSK7vm6Hnw3/OnlIu7fu71+KZs1qGJBtBcqCoxTsgONd5+woWL5ziUZd7Bh2
JloGlOrUFk2Ci2XeD0EO5lboLwsaMVDHXXx1beee5u7b2nORKDA=
=tXEa
-----END PGP SIGNATURE-----
Merge tag 'v1.11.0-alpha' into main
Version 1.11.0-alpha
2021-09-22 10:05:57 -05:00