Daniel Nephin
30fe14eed3
acl: fix default authorizer for down_policy
...
This was causing a nil panic because a nil authorizer is no longer valid after the cleanup done
in https://github.com/hashicorp/consul/pull/10632 .
2021-09-23 18:12:22 -04:00
Daniel Nephin
a6a7069ecf
Remove t.Parallel from TestACLResolver_DownPolicy
...
These tests run in under 10ms, t.Parallel does nothing but slow them down and
make failures harder to debug when one panics.
2021-09-23 18:12:22 -04:00
Dhia Ayachi
4505cb2920
Refactor table index acl phase 2 ( #11133 )
...
* extract common methods from oss and ent
* remove unreachable code
* add missing normalize for binding rules
* fix oss to use Query
2021-09-23 15:26:09 -04:00
Paul Banks
f8412cf5fa
Merge pull request #10903 from hashicorp/feature/ingress-sds
...
Add Support to for providing TLS certificates for Ingress listeners from an SDS source
2021-09-23 16:19:05 +01:00
Dhia Ayachi
ebe333b947
Refactor table index ( #11131 )
...
* convert tableIndex to use the new pattern
* make `indexFromString` available for oss as well
* refactor `indexUpdateMaxTxn`
2021-09-23 11:06:23 -04:00
Paul Banks
d57931124f
Final readability tweaks from review
2021-09-23 10:17:12 +01:00
Paul Banks
66c625a64d
Fix subtle loop bug and add test
2021-09-23 10:13:41 +01:00
Paul Banks
7198d0bd80
Refactor SDS validation to make it more contained and readable
2021-09-23 10:13:19 +01:00
Paul Banks
fe4f69613c
Refactor Ingress-specific lister code to separate file
2021-09-23 10:13:19 +01:00
Paul Banks
f4f0793a10
Minor PR typo and cleanup fixes
2021-09-23 10:13:19 +01:00
Paul Banks
4cc1ccf892
Revert abandonned changes to proxycfg for Ent test consistency
2021-09-23 10:13:19 +01:00
Paul Banks
d812a0edc7
Fix merge conflict in xds tests
2021-09-23 10:12:37 +01:00
Paul Banks
a24efd20fc
Fix some more Enterprise Normalization issues affecting tests
2021-09-23 10:12:37 +01:00
Paul Banks
15969327c0
Remove unused argument to fix lint error
2021-09-23 10:09:11 +01:00
Paul Banks
9422e4ebc7
Handle namespaces in route names correctly; add tests for enterprise
2021-09-23 10:09:11 +01:00
Paul Banks
9d576a08dc
Update xDS routes to support ingress services with different TLS config
2021-09-23 10:08:02 +01:00
Paul Banks
8a4254a894
Update xDS Listeners with SDS support
2021-09-23 10:08:02 +01:00
Paul Banks
8548e15f1b
Update proxycfg to hold more ingress config state
2021-09-23 10:08:02 +01:00
Paul Banks
0e410a1b1f
Add ingress-gateway config for SDS
2021-09-23 10:08:02 +01:00
Mark Anderson
c87d57bfeb
partitions/authmethod-index work from enterprise ( #11056 )
...
* partitions/authmethod-index work from enterprise
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-09-22 13:19:20 -07:00
Chris S. Kim
d222f170a7
connect: Allow upstream listener escape hatch for prepared queries ( #11109 )
2021-09-22 15:27:10 -04:00
R.B. Boyer
ba13416b57
grpc: strip local ACL tokens from RPCs during forwarding if crossing datacenters ( #11099 )
...
Fixes #11086
2021-09-22 13:14:26 -05:00
Connor
bc04a155fb
Merge pull request #11090 from hashicorp/clly/kv-usage-metrics
...
Add KVUsage to consul state usage metrics
2021-09-22 11:26:56 -05:00
Connor Kelly
bfe6b64ca7
Strip out go 1.17 bits
2021-09-22 11:04:48 -05:00
Matt Keeler
7c1ef8f515
Add a mock Agent delegate to ease/improve some types of testing
2021-09-22 10:23:01 -04:00
hc-github-team-consul-core
320b20c708
auto-updated agent/uiserver/bindata_assetfs.go from commit 9c0233cf5
2021-09-22 13:05:38 +00:00
hc-github-team-consul-core
949416c071
auto-updated agent/uiserver/bindata_assetfs.go from commit cfbd1bb84
2021-09-22 09:26:14 +00:00
Daniel Nephin
5493ff06cc
Merge pull request #10985 from hashicorp/dnephin/acl-legacy-remove-replication
...
acl: remove legacy ACL replication
2021-09-21 17:56:54 -04:00
Connor
64852cd3e5
Apply suggestions from code review
...
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
2021-09-21 10:52:46 -05:00
R.B. Boyer
2773bd94d7
xds: fix representation of incremental xDS subscriptions ( #10987 )
...
Fixes #10563
The `resourceVersion` map was doing two jobs prior to this PR. The first job was
to track what version of every resource we know envoy currently has. The
second was to track subscriptions to those resources (by way of the empty
string for a version). This mostly works out fine, but occasionally leads to
consul removing a resource and accidentally (effectively) unsubscribing at the
same time.
The fix separates these two jobs. When all of the resources for a subscription
are removed we continue to track the subscription until envoy explicitly
unsubscribes
2021-09-21 09:58:56 -05:00
Connor Kelly
973b7b5c78
Fix test
2021-09-20 13:44:43 -05:00
Connor Kelly
698fc291a9
Add KVUsage to consul state usage metrics
...
This change will add the number of entries in the consul KV store to the
already existing usage metrics.
2021-09-20 12:41:54 -05:00
R.B. Boyer
55b36dd056
xds: ensure the active streams counters are 64 bit aligned on 32 bit systems ( #11085 )
2021-09-20 11:07:11 -05:00
Freddy
f1b2ef30d1
Merge pull request #11071 from hashicorp/partitions/ixn-decisions
2021-09-16 15:18:23 -06:00
freddygv
661f520841
Fixup proxycfg tproxy case
2021-09-16 15:05:28 -06:00
freddygv
12eec88dff
Remove ent checks from oss test
2021-09-16 14:53:28 -06:00
R.B. Boyer
7fa8f19077
acl: ensure the global management policy grants all necessary partition privileges ( #11072 )
2021-09-16 15:53:10 -05:00
freddygv
cf56be7d8d
Ensure partition is defaulted in authz
2021-09-16 14:39:01 -06:00
freddygv
b5a8935bb8
Default the partition in ixn check
2021-09-16 14:39:01 -06:00
freddygv
caafc1905e
Fixup test
2021-09-16 14:39:01 -06:00
freddygv
8a9bf3748c
Account for partitions in ixn match/decision
2021-09-16 14:39:01 -06:00
Jeff Widman
a8f396c55f
Bump go-discover
to fix broken dep tree ( #10898 )
2021-09-16 15:31:22 -04:00
hc-github-team-consul-core
5a6f9e38b1
auto-updated agent/uiserver/bindata_assetfs.go from commit 1d9d3349c
2021-09-16 17:31:08 +00:00
R.B. Boyer
4e7b6888e3
acl: fix intention:*:write checks ( #11061 )
...
This is a partial revert of #10793
2021-09-16 11:08:45 -05:00
Freddy
88627700d0
Merge pull request #11051 from hashicorp/partitions/fixes
2021-09-16 09:29:00 -06:00
Freddy
494764ee2d
acl: small resolver changes to account for partitions ( #11052 )
...
Also refactoring the enterprise side of a test to make it easier to reason about.
2021-09-16 09:17:02 -05:00
freddygv
7927a97c2f
Fixup manager tests
2021-09-15 17:24:05 -06:00
freddygv
dc549eca30
Default partition in match endpoint
2021-09-15 17:23:52 -06:00
freddygv
0cdcbbb4c9
Pass partition to intention match query
2021-09-15 17:23:52 -06:00
freddygv
a57c52ca32
Ensure partition is used for SAN validation
2021-09-15 17:23:48 -06:00