Commit Graph

13280 Commits

Author SHA1 Message Date
Kent 'picat' Gruber ef4c2f40d7 Fix spelling of recomendations
Thank you @rboyer!
2020-11-04 17:44:51 -05:00
Kent 'picat' Gruber 9f802dffc2 Revamp security model documentation 2020-11-04 17:05:44 -05:00
Kit Patella 233a552bbe remove definitions for consul.runtime... metrics - they're prepended with hostnames and won't init 2020-11-04 14:02:47 -08:00
Kit Patella fbe61ad16c upgrade go-metrics to latest 2020-11-04 14:02:13 -08:00
Joel Watson dd83f6bc68 Cleanup formatter 2020-11-04 14:36:42 -06:00
Joel Watson 0918d8dbc0 Get JSON formatting working 2020-11-04 14:04:17 -06:00
R.B. Boyer c2d167d06e
agent: protect the ui metrics proxy endpoint behind ACLs (#9099)
This ensures the metrics proxy endpoint is ACL protected behind a
wildcard `service:read` and `node:read` set of rules. For Consul
Enterprise these will need to span all namespaces:

```
service_prefix "" { policy = "read" }
node_prefix ""    { policy = "read" }

namespace_prefix "" {
  service_prefix "" { policy = "read" }
  node_prefix ""    { policy = "read" }
}
```

This PR contains just the backend changes. The frontend changes to
actually pass the consul token header to the proxy through the JS plugin
will come in another PR.
2020-11-04 12:50:03 -06:00
Joel Watson fd5b94443e This ended up not being used. 2020-11-04 10:30:38 -06:00
Joel Watson ed91bf8a62 Add snapshot inspect filter param 2020-11-04 10:11:20 -06:00
hashicorp-ci 6645dfcbb1 auto-updated agent/uiserver/bindata_assetfs.go from commit 0f6c0a5c1 2020-11-04 09:37:51 +00:00
John Cowen 2cb057ac91
ui: Metrics - Provide a fetch-like http client that automatically adds the current ACL token (#9094)
* Remove local httpGet and shim one in from options

* Add custom httpGet to pass through to provider

* Make a fetch wrapper that adds your token

* Pass the fetch like fetchWithToken wrapper through to the provider

* Fix up httpGet to encode query params again and use fetch-like
2020-11-04 09:33:37 +00:00
Joel Watson bc1a55cd09 Initial stab at snapshot inspect key breakdown 2020-11-03 18:00:44 -06:00
hashicorp-ci ebe0ffce30 auto-updated agent/uiserver/bindata_assetfs.go from commit d5d4155e1 2020-11-03 14:14:58 +00:00
John Cowen 17333e90ce
ui: Storybook Install (#9049)
* ui: Install storybook into the main project

* Add a basic story for a notice

* Remove empty dependencies
2020-11-03 14:09:39 +00:00
Sean Ellefson 7180f9e114 Correcting text on when default was changed in Consul 2020-11-02 15:10:34 -08:00
Kit Patella 7f362b2d09 add definitions for key metrics. This will not build until we have the definitions patch to go-metrics 2020-11-02 15:01:00 -08:00
R.B. Boyer 5c6d322872
use the docker proxy for more envoy integration test containers (#9085) 2020-11-02 14:52:33 -06:00
R.B. Boyer b8a623d3d2
wait_for_namespace should take two args (#9086) 2020-11-02 14:31:19 -06:00
hashicorp-ci 0d8a30d8e3 auto-updated agent/uiserver/bindata_assetfs.go from commit 56c2ff56e 2020-11-02 18:43:31 +00:00
Kenia 10aa848005
ui: Update to not return metrics for ingress gateways (#9081) 2020-11-02 13:38:43 -05:00
Alvin Huang 102aefdb49
use hashicorp docker mirror in envoy helper (#9080) 2020-11-02 11:37:03 -06:00
R.B. Boyer cf5e9872ce
fix envoy integ test wait_for_namespace to actually work on CI (#9082) 2020-11-02 11:14:48 -06:00
hashicorp-ci 0fa484ae8f auto-updated agent/uiserver/bindata_assetfs.go from commit bf32a1799 2020-11-02 16:11:45 +00:00
John Cowen bc4d1f9b65
ui: Remove string casting when passing index/checked for dropmenus (#9077)
* ui: Remove string casting when passing index/checked

* Check for e.target
2020-11-02 16:07:08 +00:00
hashicorp-ci 052303f0fa auto-updated agent/uiserver/bindata_assetfs.go from commit 314eeda95 2020-11-02 14:40:27 +00:00
John Cowen a4f6313aa5
ui: Use eslint vs ember-cli-lint, sass vs dart-sass (#9078)
These two dependency changes means that @hashicorp/pds-ember can be
installed and used without any build/dependency issues
2020-11-02 14:35:10 +00:00
Alvin Huang d6652b0bc9
use hashicorp docker mirror to prevent rate limit (#9070) 2020-10-30 17:59:13 -04:00
R.B. Boyer c8c87ec317
agent: introduce path allow list for requests going through the metrics proxy (#9059)
Added a new option `ui_config.metrics_proxy.path_allowlist`. This defaults to `["/api/v1/query", "/api/v1/query_range"]` when the metrics provider is set to `prometheus`.

Requests that do not use one of the allow-listed paths (via exact match) get a 403 Forbidden response instead.
2020-10-30 16:49:54 -05:00
Daniel Nephin 8a017c4f43 structs: add a namespace test for CheckServiceNode.CanRead 2020-10-30 15:07:04 -04:00
Daniel Nephin 78260952b0 cache-type: use namespace in tests
to verify that the namespace is passed through correctly to the server.
2020-10-30 15:07:04 -04:00
Daniel Nephin f6b629852f state: test EventPayloadCheckServiceNode.FilterByKey
Also fix a bug in that function when only one of key or namespace were the empty string.
2020-10-30 14:35:57 -04:00
Daniel Nephin 60df44df4f stream: Add tests for filterByKey with namespace
And fix a bug where a request with a Namespace but no Key would not be properly filtered
2020-10-30 14:35:42 -04:00
Daniel Nephin 318dfbe6e4 stream: Move FilterByKey events to a table
In preparation for adding new tests.
2020-10-30 14:35:28 -04:00
Daniel Nephin e023626986 proto: convert enterprise meta 2020-10-30 14:34:36 -04:00
Daniel Nephin 2d0030da39 state: use enterprise meta for creating events 2020-10-30 14:34:04 -04:00
Daniel Nephin b57c7afcbb stream: include the namespace in the snap cache key
Otherwise the wrong snapshot could be returned when the same key is used in different namespaces
2020-10-30 14:34:04 -04:00
Daniel Nephin 8da30fcb9a subscribe: set the request namespace 2020-10-30 14:34:04 -04:00
hashicorp-ci e69d2c99cf auto-updated agent/uiserver/bindata_assetfs.go from commit cf2cfbaf2 2020-10-30 15:27:01 +00:00
R.B. Boyer e0459f4405
ui: make metrics work again (#9072)
Fixes regression from #9040
2020-10-30 10:21:57 -05:00
R.B. Boyer 67a0d0c426
state: ensure we unblock intentions queries upon the upgrade to config entries (#9062)
1. do a state store query to list intentions as the agent would do over in `agent/proxycfg` backing `agent/xds`
2. upgrade the database and do a fresh `service-intentions` config entry write
3. the blocking query inside of the agent cache in (1) doesn't notice (2)
2020-10-29 15:28:31 -05:00
Daniel Nephin 919a40cc57
Merge pull request #9068 from hashicorp/restore-test-signature
restore prior signature of test helper so enterprise compiles
2020-10-29 15:22:30 -04:00
R.B. Boyer 78014653b3 restore prior signature of test helper so enterprise compiles 2020-10-29 13:52:15 -05:00
hashicorp-ci e970f9699f auto-updated agent/uiserver/bindata_assetfs.go from commit 1d6961248 2020-10-29 18:33:41 +00:00
Mike Morris c4321797da
ui: Update node_modules deps path in GNUMakefile (#9066)
Updates `node_modules` path/makefile target to fix top-level `make ui` command.
2020-10-29 13:28:55 -05:00
Daniel Nephin bcb67d9861
Merge pull request #9025 from hashicorp/dnephin/streaming-options
streaming: Use a no-op event publisher if streaming is disabled
2020-10-29 13:36:51 -04:00
s-christoff ee3eb03f50
cli: Add JSON and Pretty Print formatting for `consul snapshot inspect` (#9006) 2020-10-29 11:31:14 -05:00
Kim Ngo 1b0efbfd27
docs: Add links in CTS docs for the community to get involved (#9060) 2020-10-29 10:07:20 -05:00
Daniel Nephin 61ce0964a4 stream: remove Event.Key
Makes Payload a type with FilterByKey so that Payloads can implement
filtering by key. With this approach we don't need to expose a Namespace
field on Event, and we don't need to invest micro formats or require a
bunch of code to be aware of exactly how the key field is encoded.
2020-10-28 16:48:04 -04:00
Daniel Nephin 8ef4c0fcc5 state: use go-cmp for comparison
The output of the previous assertions made it impossible to debug the tests without code changes.

With go-cmp comparing the entire slice we can see the full diffs making it easier to debug failures.
2020-10-28 16:33:00 -04:00
Daniel Nephin c106d94742 proto: remove Event.Key field
The field is never used, and the value is available from the payload.
2020-10-28 16:33:00 -04:00