Commit Graph

15473 Commits

Author SHA1 Message Date
Daniel Nephin d54db5917f config: move ACL master token and replication to DeprecatedConfig 2021-09-23 15:14:59 -04:00
CJ 6d20f74c90
docs: Fix grammatical errors in glossary (#10751) 2021-09-23 08:36:52 -07:00
Paul Banks f8412cf5fa
Merge pull request #10903 from hashicorp/feature/ingress-sds
Add Support to for providing TLS certificates for Ingress listeners from an SDS source
2021-09-23 16:19:05 +01:00
Dhia Ayachi ebe333b947
Refactor table index (#11131)
* convert tableIndex to use the new pattern

* make `indexFromString` available for oss as well

* refactor `indexUpdateMaxTxn`
2021-09-23 11:06:23 -04:00
Paul Banks d57931124f Final readability tweaks from review 2021-09-23 10:17:12 +01:00
Paul Banks 8c8cde524e Add Envoy integration test for split-route SDS case 2021-09-23 10:17:03 +01:00
Paul Banks 626232e4cd Minor improvements to SDS server from review 2021-09-23 10:13:41 +01:00
Paul Banks 66c625a64d Fix subtle loop bug and add test 2021-09-23 10:13:41 +01:00
Paul Banks 7198d0bd80 Refactor SDS validation to make it more contained and readable 2021-09-23 10:13:19 +01:00
Paul Banks fe4f69613c Refactor Ingress-specific lister code to separate file 2021-09-23 10:13:19 +01:00
Paul Banks f4f0793a10 Minor PR typo and cleanup fixes 2021-09-23 10:13:19 +01:00
Paul Banks 4cc1ccf892 Revert abandonned changes to proxycfg for Ent test consistency 2021-09-23 10:13:19 +01:00
Paul Banks d812a0edc7 Fix merge conflict in xds tests 2021-09-23 10:12:37 +01:00
Paul Banks 3b2a4fc458 Allow skipping v2 compat tests for SDS as it's only the SDS server integration that doesn't support v2 2021-09-23 10:12:37 +01:00
Paul Banks cd6491ea71 Fix integration tests in CI - serve SDS certs from the Docker image not a mounted path 2021-09-23 10:12:37 +01:00
Paul Banks c2174260bc Fix integration test for older Envoy versions 2021-09-23 10:12:37 +01:00
Paul Banks a24efd20fc Fix some more Enterprise Normalization issues affecting tests 2021-09-23 10:12:37 +01:00
Paul Banks aa3240483f Add changelog; Add API package support for new fields. 2021-09-23 10:12:37 +01:00
Paul Banks 15969327c0 Remove unused argument to fix lint error 2021-09-23 10:09:11 +01:00
Paul Banks 9422e4ebc7 Handle namespaces in route names correctly; add tests for enterprise 2021-09-23 10:09:11 +01:00
Paul Banks 1f62bca08b Add basic integration test for Envoy ingress with SDS 2021-09-23 10:08:02 +01:00
Paul Banks 9d576a08dc Update xDS routes to support ingress services with different TLS config 2021-09-23 10:08:02 +01:00
Paul Banks 8a4254a894 Update xDS Listeners with SDS support 2021-09-23 10:08:02 +01:00
Paul Banks 8548e15f1b Update proxycfg to hold more ingress config state 2021-09-23 10:08:02 +01:00
Paul Banks 0e410a1b1f Add ingress-gateway config for SDS 2021-09-23 10:08:02 +01:00
Daniel Nephin 3e6dc2a843 acl: remove ACL.Apply
As part of removing the legacy ACL system.
2021-09-22 18:28:08 -04:00
Daniel Nephin 2ce64e2837 acl: made acl rules in tests slightly more specific
When converting these tests from the legacy ACL system to the new RPC endpoints I
initially changed most things to use _prefix rules, because that was equivalent to
the old legacy rules.

This commit modifies a few of those rules to be a bit more specific by replacing the _prefix
rule with a non-prefix one where possible.
2021-09-22 18:24:56 -04:00
Mark Anderson c87d57bfeb
partitions/authmethod-index work from enterprise (#11056)
* partitions/authmethod-index work from enterprise

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-09-22 13:19:20 -07:00
Chris S. Kim d222f170a7
connect: Allow upstream listener escape hatch for prepared queries (#11109) 2021-09-22 15:27:10 -04:00
Evan Culver 88a899d06a
connect: remove support for Envoy 1.15 2021-09-22 11:48:50 -07:00
R.B. Boyer ba13416b57
grpc: strip local ACL tokens from RPCs during forwarding if crossing datacenters (#11099)
Fixes #11086
2021-09-22 13:14:26 -05:00
Evan Culver b877ad6e72
add changelog entry 2021-09-22 10:57:36 -07:00
Evan Culver 34f64ed208
update docs to indicate support for envoy 1.19.1 in Consul 1.11.x 2021-09-22 10:57:22 -07:00
John Cowen b0b88286b8
ui: Add initial i18n docs page (#10888) 2021-09-22 18:51:39 +01:00
John Cowen 5857b2214f
ui: Add partition parameter when clearing child-selector forms in ACLs (#11106) 2021-09-22 18:36:09 +01:00
John Cowen f08e27a5f0
ui: Add an isDestroyed check for the MenuPanel component (#11104)
This solves an occasionally flakey tests I see every so often
2021-09-22 18:33:31 +01:00
John Cowen 51149cdae2
ui: Remove legacy ACLs (#11096) 2021-09-22 18:32:51 +01:00
John Cowen 5da06645b0
ui: Gracefully recover from non-existent DC errors (#11077)
* ui: Gracefully recover from non-existent DC errors

This PR fixes what happens in the UI if you try to navigate to a non-existing DC.

When we received a 500 error from an API response due to a non-existent DC, previously we would show a 404 error, which is what we were trying to convey. But in the spirit of the UI being a 'thin client', its probably best to just show the 500 error from the API response, which may help folks to debug any issues better.

* Automatically set the CONSUL_DATACENTER_LOCAL env var for testing
2021-09-22 18:26:36 +01:00
John Cowen f8afe3e9db
ui: Always show main navigation Key/Value link (#10916)
* ui: Ignore response from API for KV permissions

Currently there is no way for us to use our HTTP authorization API
endpoint to tell us whether a user has access to any KVs (including the
case where a user may not have access to the root KV store, but do have
access to a sub item)

This is a little weird still as in the above case the user would click
on this link and still get a 403 for the root, and then have to manually
type in the URL for the KV they do have access to.

Despite this we think this change makes sense as at least something about KV is
visible in the main navigation.

Once we have the ability to know if any KVs are accessible, we can add
this guard back in.

We'd initially just removed the logic around the button, but then
noticed there may be further related KV issues due to the nested nature
of KVs so we finally decided on simply ignoring the responses from the
HTTP API, essentially reverting the KV area back to being a thin client.
This means when things are revisited in the backend we can undo this
easily change in one place.

* Move acceptance tests to use ACLs perms instead of KV ones
2021-09-22 18:23:59 +01:00
Daniel Nephin 66453d2de9 config: Move two more fields to DeprecatedConfig
And add a test for deprecated config fields.
2021-09-22 13:23:03 -04:00
Daniel Nephin 23f070e0a1 config: Introduce DeprecatedConfig
This struct allows us to move all the deprecated config options off of
the main config struct, and keeps all the deprecation logic in a single
place, instead of spread across 3+ places.
2021-09-22 13:22:16 -04:00
Daniel Nephin 7ffd1560aa lib/decode: fix hook to work with embedded squash struct
The decode hook is not call for the embedded squashed struct, so we need to recurse when we
find squash tags.

See https://github.com/mitchellh/mapstructure/issues/226
2021-09-22 13:22:16 -04:00
Evan Culver 4d222cfcd0
add 1.19.x versions to test config 2021-09-22 09:30:45 -07:00
Evan Culver 080e8d2c90
regenerate more envoy golden files 2021-09-22 09:30:23 -07:00
Connor bc04a155fb
Merge pull request #11090 from hashicorp/clly/kv-usage-metrics
Add KVUsage to consul state usage metrics
2021-09-22 11:26:56 -05:00
Ashwin Venkatesh d92a2478e6
Update docs (#11111) 2021-09-22 12:26:08 -04:00
Connor Kelly bfe6b64ca7
Strip out go 1.17 bits 2021-09-22 11:04:48 -05:00
R.B. Boyer c23500f156
Merge pull request #11108 from hashicorp/sync-1.11.0-alpha-tag
Sync 1.11.0 alpha tag
2021-09-22 10:57:12 -05:00
hc-github-team-consul-core 0ca9b96757 Putting source back into Dev Mode 2021-09-22 10:09:18 -05:00
R.B. Boyer b227d2514b Version 1.11.0-alpha
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEs2y6kaLAcwxDX8KAsLRBCXaFtnYFAmFDyoMACgkQsLRBCXaF
 tna8nQ//bVAd6nKI0Xgotmf2Loce0yobD6PH8IyzllO24jPSGwHFXQsx0d8a5QkV
 H1wx6KrXysXKCojrICX3/88T4KNypYpIXIBZoTBQ0rEXaTMoqACcT4y58/UcjFg2
 bN8T/wjvD8BV2e0xcZb2C6SgXx8m64UtZKePN1fobKBEpSCszJz8EeWPtPzXdWps
 f9axbgV81qy9DTyO7MvbOvco/QaEgzjK+o/57bcLBXZmfWpI1DIARkgIY8XB7pC3
 Gq59OegjqjiCliJcnLfIpvemLZg/7BhnLOO5ccvctdgoxFUnzsWk+mKTL0tPyy+d
 ZNa1kVgIQKWUoSRje7rHUSu+270PifLegp3zrHLrwKpa2UQGldck13hSMTyBqz1n
 5TywpdMJoXZSj5tml2lvaskUh91zvO9v6sX4zJJkES/Kt2KXdHBAGkmzPuiXl5YW
 1eScGz5990CwULinV+Cb32HYEojSSD4FWs9KC5NpJmI2kIOiybgiUKIG5uKdz0wh
 971BDjCNTC+x+pivtyEy0HAWOUlqROYRpCc40e7Xx0LmJvQ0nqCK2rCWC+0Bi1jK
 QCeesSK7vm6Hnw3/OnlIu7fu71+KZs1qGJBtBcqCoxTsgONd5+woWL5ziUZd7Bh2
 JloGlOrUFk2Ci2XeD0EO5lboLwsaMVDHXXx1beee5u7b2nORKDA=
 =tXEa
 -----END PGP SIGNATURE-----

Merge tag 'v1.11.0-alpha' into main

Version 1.11.0-alpha
2021-09-22 10:05:57 -05:00