Commit graph

13676 commits

Author SHA1 Message Date
R.B. Boyer 91d9544803
connect: connect CA Roots in the primary datacenter should use a SigningKeyID derived from their local intermediate (#9428)
This fixes an issue where leaf certificates issued in primary
datacenters using Vault as a Connect CA would be reissued very
frequently (every ~20 seconds) because the logic meant to detect root
rotation was errantly triggering.

The hash of the rootCA was being compared against a hash of the
intermediateCA and always failing. This doesn't apply to the Consul
built-in CA provider because there is no intermediate in use in the
primary DC.

This is reminiscent of #6513
2021-02-08 13:18:51 -06:00
Derek Strickland 8b91cae80f
Crosslink new microservices collection. (#9704) 2021-02-08 13:27:20 -05:00
R.B. Boyer 77424e179a
xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists (#9651)
Also fix a similar issue in Terminating Gateways that was masked by an overzealous test.
2021-02-08 10:19:57 -06:00
Daniel Nephin df0f93f850
Merge pull request #9722 from hashicorp/dnephin/fix-master-build
Fix main build failing
2021-02-05 18:13:13 -05:00
Shantanu Gadgil 3ed3380101
changleog: presense -> presence (#9713)
presense -> presence
2021-02-05 17:37:55 -05:00
R.B. Boyer 05d767b8d6
xds: deduplicate mesh gateway listeners in a stable way (#9650)
In a situation where the mesh gateway is configured to bind to multiple
network interfaces, we use a feature called 'tagged addresses'.
Sometimes an address is duplicated across multiple tags such as 'lan'
and 'lan_ipv4'.

There is code to deduplicate these things when creating envoy listeners,
but that code doesn't ensure that the same tag wins every time. If the
winning tag flaps between xDS discovery requests it will cause the
listener to be drained and replaced.
2021-02-05 16:28:07 -06:00
Daniel Nephin c312e0fd35 Fix main build failing
An old PR (#7623) was merged after #9585. The old code was incompatible with the new
changes, but none of the lines caused a git conflict so the merge was allowed.

The incompatible changes caused the tests to fail. This fixes the old code to
work with the new changes.
2021-02-05 17:25:57 -05:00
Daniel Nephin 23cfbc8f8d
Merge pull request #9719 from hashicorp/oss/state-store-4
state: remove registerSchema
2021-02-05 14:02:38 -05:00
Daniel Nephin dc70f583d4
Merge pull request #9718 from hashicorp/oss/dnephin/ent-meta-in-state-store-3
state: convert all table name constants to the new prefix pattern
2021-02-05 14:02:07 -05:00
Daniel Nephin eb5d71fd19
Merge pull request #9665 from hashicorp/dnephin/state-store-indexes-2
state: move config-entries table definition to config_entries_schema.go
2021-02-05 14:01:08 -05:00
Alvin Huang e056a9147e
ci: escape backticks in github comment for website/ change check (#9711) 2021-02-05 13:48:31 -05:00
Daniel Nephin 9beadc578b
Merge pull request #9664 from hashicorp/dnephin/state-store-indexes
state: move ACL schema and index definitions to acl_schema.go
2021-02-05 13:38:31 -05:00
Daniel Nephin b747b27afd state: remove the need for registerSchema
registerSchema creates some indirection which is not necessary in this
case. newDBSchema can call each of the tables.

Enterprise tables can be added from the existing withEnterpriseSchema
shim.
2021-02-05 12:19:56 -05:00
Daniel Nephin 33621706ac state: rename table name constants to use pattern
the 'table' prefix is shorter, and also reads better in queries.
2021-02-05 12:12:19 -05:00
Daniel Nephin 8569295116 state: rename connect constants 2021-02-05 12:12:19 -05:00
Daniel Nephin afdbf2a8ef state: rename table name constants to new pattern
Using Apps Hungarian Notation for these constants makes the memdb queries more readable.
2021-02-05 12:12:18 -05:00
Daniel Nephin 573f8eb2b4
Merge pull request #9701 from hashicorp/dnephin/ent-meta-remove-extra-arg
state: Remove extra entMeta arg to EnsureConfigEntry
2021-02-05 11:43:35 -05:00
Kyle Havlovitz b299e30db6
Merge pull request #7623 from FriedCircuits/patch-1
Add support for RSA private key to TLS utils.
2021-02-04 11:37:51 -08:00
David Yu 7247d9c0cb
docs: fix another broken link to upgrading k8s servers from token rotation page (#9707)
fix another broken link to upgrading k8s servers from token rotation page
2021-02-04 09:44:04 -08:00
David Yu 5c749d32f8
docs: Small change to fix broken link to k8s upgrade from k8s tls certs page (#9705)
Broken link to k8s server upgrade from tls certs page
2021-02-04 09:13:32 -08:00
Daniel Nephin f929a7117e state: Remove unnecessary entMeta arg to EnsureConfigEntry 2021-02-03 18:10:38 -05:00
Alvin Huang a0842ce955
ci: add nightly load testing on master (#9693) 2021-02-03 15:59:37 -05:00
Alvin Huang c030c632a2
ci: fix pr file checker (#9694)
* filter github pr file checker on the right labels object

* only check PR files when the PR is opened
2021-02-03 10:19:37 -05:00
Alvin Huang d2939d1c9a
ci:check that type/docs-cherrypick is attached to website PR changes (#9690) 2021-02-02 17:04:05 -05:00
Kim Ngo 44a5f9057b
docs/nia: recommend sensitive variables for module authoring (#9692) 2021-02-02 14:57:46 -06:00
Alvin Huang ff60cdac89
ci: fix changelog check checkout (#9688)
* ci: fix changelog check checkout

* use fetch-depth 0 to get all commits to find a merge-base
2021-02-02 14:51:20 -05:00
Kim Ngo cf5d9c5d55
docs/nia: Update verbiage around securely configuring providers (#9684)
This reorganizes and flags where and when sensitive information may
be written in plain-text
2021-02-02 13:24:25 -06:00
Brandon Romano c3817696a9
Merge pull request #9677 from hashicorp/km.hcp
website: 2/2 Updates for HCP
2021-02-02 08:39:52 -08:00
Kyle MacDonald 288f8202d2 website: add utm params for all cloud.hashi links 2021-02-02 09:09:16 -05:00
hashicorp-ci 7e7b56e13e auto-updated agent/uiserver/bindata_assetfs.go from commit e0ff7080a 2021-02-02 10:08:48 +00:00
John Cowen 8b58d81d64
ui: Adds unique-id helper (#9676) 2021-02-02 10:03:46 +00:00
Kyle MacDonald b4c9e50e42 Website updates for HCP (2/2)
website: prep hcp ctas

Add in updated HCP section

Fix broken link

website: remove superflous heading

website: add new try cloud cta to nav

website: adjust homepage hero CTAs

Update HCP description to match latest

Clean up Hero CTAs

Updates banner
2021-02-01 19:09:38 -08:00
Alvin Huang e29c9d2f52
ci: add script to check for .changelog file in PRs (#9641)
* ci: add .changelog file check for PRs

* Update .github/workflows/changelog-check.yml

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* add better disclaimer in changelog check script description

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-02-01 18:51:52 -05:00
Matt Keeler 74c3b69632
Release 1.9.3 (#9680) 2021-02-01 13:34:44 -05:00
hashicorp-ci d979b67d63 auto-updated agent/uiserver/bindata_assetfs.go from commit 0b7d676dc 2021-02-01 17:55:03 +00:00
John Cowen 75167fac83
ui: Add 'Scenario' debug function for easy saving debug scenarios (#9675) 2021-02-01 17:50:11 +00:00
hashicorp-ci 083fa1693b auto-updated agent/uiserver/bindata_assetfs.go from commit 3aef5cde2 2021-02-01 17:35:20 +00:00
John Cowen 30d8ee056e
ui: Adds the dump router dumping function only in dev mode (#9666) 2021-02-01 17:29:43 +00:00
Alvin Huang ebfe7ce675
ci: fail cherrypick if git push fails (#9673) 2021-01-29 19:42:14 -05:00
Mike Morris b176611c87
website: add release notes for 1.9 (#9189)
* website: initial draft of release notes framework

* website: fixup ref to 1-9-0.mdx

* Update website/pages/docs/release-notes/1-9-0.mdx

* Update website/pages/docs/release-notes/1-9-0.mdx

* website: add draft of 1.9.0 release notes

* website: move release-notes directory from /pages to /content

* Update 1-9-0.mdx

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/release-notes/1-9-0.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-01-29 18:00:32 -05:00
Ashwin Venkatesh f7092a068f
Add docs for TLS Server Certificate rotation for K8S (#9636)
* Add docs for TLS Server Certificate rotation for K8s
2021-01-29 17:13:28 -05:00
Luke Kysow 320fcf4510
Add operations section to k8s notes (#9625)
* Add operations section to k8s notes

* Unify faq/troubleshooting
2021-01-29 11:15:40 -08:00
John Cowen c7f8c9141a
chore: changelog for 9660 (#9668) 2021-01-29 16:08:39 +00:00
hashicorp-ci d156596776 auto-updated agent/uiserver/bindata_assetfs.go from commit 3477b1de7 2021-01-29 16:03:41 +00:00
John Cowen 4a7e789cac
ui: Keep track of previous node checks and avoid adding them twice (#9661)
* Keep track of previous node checks and avoid adding them twice
2021-01-29 15:57:47 +00:00
John Cowen 793be59589
ui: Check for a non-existent items argument/attribute within DataCollection (#9662) 2021-01-29 15:53:28 +00:00
John Cowen 55ea532f88
ui: [BUGFIX] Fix missing or duplicate service instance health checks (#9660)
* Use NodeName not Node for cross checking proxies/instances

* Also copy over the meta data to keep the correct cursor/index

* When we sync checks to the ProxyInstance replace rather than accumulate
2021-01-29 15:51:23 +00:00
Daniel Nephin 09425b22a1 state: rename config-entries table const to match new pattern 2021-01-28 20:34:34 -05:00
Daniel Nephin 7d17e20270 state: move config-entries table to new pattern 2021-01-28 20:34:15 -05:00
Daniel Nephin 825b8ade39 state: use indexID
this change was already made to enterprise, so backporting it.
2021-01-28 20:30:08 -05:00