Commit Graph

10863 Commits

Author SHA1 Message Date
Hans Hasselberg 8fd814d64c
memberlist: vendor v0.1.6 to pull in new state: stateLeft (#7184) 2020-02-03 11:02:13 +01:00
Michael Hofer ee3b157eda
docs: add missing Autopilot -min-quorum documentation (#7192) 2020-02-03 10:59:53 +01:00
Blake Covarrubias fc496e780e Fix org name in Helm chart's imageEnvoy description
Update the description for the Helm chart's connectInject.imageEnvoy
parameter to reflect the correct organization name for images published by
EnvoyProxy.io.
2020-02-03 01:46:58 -08:00
Davor Kapsa c280dd8549
auto_encrypt: check previously ignored error (#6604) 2020-02-03 10:35:11 +01:00
Alexandru Matei e6e6759b94
docs: add detailed documentation about Health Checking specific service using the gRPC method (#6574) 2020-02-03 10:19:06 +01:00
Lars Lehtonen da9086cd03
cli: check previously ignored errors when updating a policy (#6565) 2020-02-03 10:14:30 +01:00
Fouad Zaryouh b33cf06cf7
api: add replace-existing-checks param to the api package (#7136) 2020-02-03 10:11:40 +01:00
Anthony Scalisi 3616c94935
docs: fix typos, IDs are UUIDs, /acl/token endpoints manage ACL tokens (#5736) 2020-02-03 09:41:54 +01:00
hashicorp-ci bb207b722e Release v1.7.0-beta4 2020-01-31 21:38:38 +00:00
hashicorp-ci 5378fd9bf8 update bindata_assetfs.go 2020-01-31 21:38:38 +00:00
Sarah Christoff fdd52e5191
Revert "Update question.md" (#7183) 2020-01-31 13:45:05 -06:00
Matt Keeler 53a76519d5
Add replace directive to prevent contacting istio.io during the… (#7194)
They keep having TLS handshake timeouts. Its pointed at github instead.
2020-01-31 13:57:54 -05:00
Matt Keeler 79de4bb5c6
Update CHANGELOG.md 2020-01-31 11:56:34 -05:00
Matt Keeler 240ce3e2d2
Update CHANGELOG.md 2020-01-31 11:51:00 -05:00
Matt Keeler f5511133b3
Update CHANGELOG.md 2020-01-31 11:24:48 -05:00
Hans Hasselberg 50281032e0
Security fixes (#7182)
* Mitigate HTTP/RPC Services Allow Unbounded Resource Usage

Fixes #7159.

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2020-01-31 11:19:37 -05:00
Matt Keeler 3e56f5c8b8
ACL enforcement for the agent/health/services endpoints (#7191)
ACL enforcement for the agent/health/services endpoints
2020-01-31 11:16:24 -05:00
R.B. Boyer cc9586f34d update changelog 2020-01-31 10:13:40 -06:00
R.B. Boyer 1d7e4f7de5
cli: improve the file safety of 'consul tls' subcommands (#7186)
- also fixing the signature of file.WriteAtomicWithPerms
2020-01-31 10:12:36 -06:00
Matt Keeler 4bf1c2e4f7
agent: add ACL enforcement to the v1/agent/health/service/* endpoints
This adds acl enforcement to the two endpoints that were missing it.

Note that in the case of getting a services health by its id, we still
must first lookup the service so we still "leak" information about a
service with that ID existing. There isn't really a way around it though
as ACLs are meant to check service names.
2020-01-31 09:57:38 -05:00
Matt Keeler 94de5adb02
Make PatchSliceOfMaps case insensitive
This fixes some case-sensitivity issues with using camel case in configuration files.
2020-01-31 09:56:02 -05:00
Kenia 0fd7b4e969
Update CHANGELOG.md 2020-01-31 09:09:02 -05:00
Kenia 8de1a81aa8
Merge pull request #7177 from hashicorp/ui-staging
ui: UI Release Merge (ui-staging merge)
2020-01-30 16:08:35 -05:00
Hans Hasselberg da3433bfa0
Add 1.6.3 2020-01-30 21:01:08 +01:00
John Cowen 281654bc5a
ui: Split splitter names in the discovery-chain (#7180)
Previous to 1.7 splitter names didn't include the namespace name

i.e. 'service-name'

as of 1.7 they now include the namespace

i.e. 'service-name.namespace'

This commit take account of that
2020-01-30 19:08:45 +00:00
Sarah Christoff 67344befc8
[docs] Clarify retry-join (#7078) 2020-01-30 12:52:58 -06:00
Matt Keeler 26bb1584c1
Updates to the Txn API for namespaces (#7172)
* Updates to the Txn API for namespaces

* Update agent/consul/txn_endpoint.go

Co-Authored-By: R.B. Boyer <rb@hashicorp.com>

Co-authored-by: R.B. Boyer <public@richardboyer.net>
2020-01-30 13:12:26 -05:00
John Cowen 85ea64211f
ui: Discovery-Chain: Cope with some edge case configs (#7174)
* ui: Discovery-Chain: Cope with redirects that have failovers

We found a few stranger configurations for discovery-chain, one of which
was redirects that can then failover.

We altered the parsing here to include 2 passes, one to organize the
nodes into resolvers and children/subsets based on the nodes themselves, which
includes adding the failovers to resolvers and subsets.

We then do a second pass which can more reliably figure out whether a
target is a redirect or a failover (target failovers don't have a
corresponding node), this then adds the redirect children to the already
exising resolver (from the first pass) and then checks if the redirect
also has failovers and adds those if so.

* ui: Check to see if we have a user configured default route or not

...if we don't add one so the visualization looks complete
2020-01-30 16:09:05 +00:00
Sarah Christoff 02c0403ff4
Update question.md (#6778) 2020-01-30 08:09:37 -06:00
Matt Keeler 50092c28c0
Add some better waits to prevent CA is nil test flakes (#7171) 2020-01-29 22:23:11 -05:00
Iryna Shustava b8cac0d6e4
docs: clarify that clients and servers need to talk over LAN if outside k8s (#7156) 2020-01-29 19:09:38 -08:00
Matt Keeler 377f23b52b
Update CHANGELOG.md 2020-01-29 20:17:24 -05:00
Matt Keeler 78ad3428c4
Small refactoring to move meta parsing into the switch statement (#7170) 2020-01-29 19:12:48 -05:00
Matt Keeler 25568626f7
Fix a couple bugs regarding intentions with namespaces (#7169) 2020-01-29 17:30:38 -05:00
Matt Keeler 3f253080a2
Sync some feature flag support from enterprise (#7167) 2020-01-29 13:21:38 -05:00
R.B. Boyer 01ebdff2a9
various tweaks on top of the hclog work (#7165) 2020-01-29 11:16:08 -06:00
John Cowen c5f184f61d
ui: Add live updates/blocking queries to the Intention listing page (#7161)
* ui: Enable blocking queries/live updates for intentions

* ui: Add acceptance tests for intention blocking queries

* ui: Add copy to explain that intentions are also now 'real time'
2020-01-29 16:22:31 +00:00
Iryna Shustava 44b921a780
docs: Clarify the use of kustomize or ship with the Helm chart (#7154) 2020-01-28 22:18:12 -08:00
Chris Piraino 3dd0b59793
Allow users to configure either unstructured or JSON logging (#7130)
* hclog Allow users to choose between unstructured and JSON logging
2020-01-28 17:50:41 -06:00
Matt Keeler 3044b4bf89
Output proper HTTP status codes for Txn requests that are too large (#7157) 2020-01-28 16:22:40 -05:00
Iryna Shustava daff8f82dc docs: update ACL perms for the /connect/ca/roots endpoint (#7155) 2020-01-28 20:01:25 +01:00
John Cowen cc1ce7bd49
ui: Add node based configuration / environment testing (#7140)
In an ember environment `config/environment.js` exports a JSON object
whereas the file itself exports a function that receives a string of the
environment name that would like returning.

This is so ember can automatically provide you with an already
configured object containing configuration values dependent on which
environment you passed to `ember-cli` using `serve`, `build` or `test`.

In order to bypass this so we can easily test what is returned for
different environments, we've installed a lightweight functional test
harness that is simple to use `substack/tape`, that can be run easily
outside of ember.

We've then written as simple test case using this to enable us to
test/assert that different environments return the correct configuration
values.

Additionally we've added some yarn scripts/make targets (yarn run
test-node / make test-node) to make this easy to run. We're yet to
integrate this into CI.
2020-01-28 17:33:20 +00:00
Alvin Huang 98a83dbf89
use 4 parallelism for go-test and print package names (#7152) 2020-01-28 12:21:55 -05:00
John Cowen 1f2b5a0091
ui: Fix wrapping service ids in the Node Detail > Services tab (#7149) 2020-01-28 14:43:32 +00:00
John Cowen 03f8bbb8a5
ui: Fix positioning of active icon in the selected menu item (#7148) 2020-01-28 14:42:20 +00:00
Kenia f6a7164d10
ui: Implements the ember-page-title addon to the UI (#7118)
* Installs ember-page-title 5.x

* Adds a page title to all template files that need one

* Adds an assertion step to test the page titles
2020-01-28 09:25:52 -05:00
Michel Vocks c7366e78d4 api: add option to set TLS options in-memory for API client (#7093)
This PR adds the option to set in-memory certificates to the API client instead of requiring the certificate to be stored on disk in a file.

This allows us to define API client TLS options per Consul secret backend in Vault.
Related issue hashicorp/vault#4800
2020-01-28 11:54:49 +01:00
John Cowen 0c12a0fef1
ui: Remove the Policy/Service Identity selector from nspaces (#7124)
When editing Nspaces, although you can assign policies to a nspace using
PolicyDefaults you cannot assign a Service Identity to a policy like you
can when adding a policy to a token.

This commit adds an extra attribute to our policy-form/policy-selector
component so you can disable this setting. At a later date we may change
this to have a conficgurable `<Slot />` instead.

Simple acceptance tests is included here
2020-01-28 09:39:09 +00:00
Blake Covarrubias 091e1ea330 docs: Fix success/passing health check definition
This commit changes the health check example shown for the
success/failures_before_passing option to correctly show that the value
of `checks` is an array of objects, not an object.

Added text clarifying these check parameters are available in Consul
1.7.0 and later.

Expanded the health check to provide a more complete configuration
example.

Resolves #7114.
2020-01-27 12:15:25 -08:00
Kit Patella 49e9bbbdf9
Add accessorID of token when ops are denied by ACL system (#7117)
* agent: add and edit doc comments

* agent: add ACL token accessorID to debugging traces

* agent: polish acl debugging

* agent: minor fix + string fmt over value interp

* agent: undo export & fix logging field names

* agent: remove note and migrate up to code review

* Update agent/consul/acl.go

Co-Authored-By: Matt Keeler <mkeeler@users.noreply.github.com>

* agent: incorporate review feedback

* Update agent/acl.go

Co-Authored-By: R.B. Boyer <public@richardboyer.net>

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: R.B. Boyer <public@richardboyer.net>
2020-01-27 11:54:32 -08:00