Commit graph

10466 commits

Author SHA1 Message Date
Sarah Adams df036f06a7
fix 'consul connect envoy' to try to use previously-configured grpc port (#6245)
fix 'consul connect envoy' to try to use previously-configured grpc port on running agent before defaulting to 8502

Fixes #5011
2019-08-01 09:53:34 -07:00
Paul Banks a5c70d79d0 Revert "connect: support AWS PCA as a CA provider" (#6251)
This reverts commit 3497b7c00d49c4acbbf951d84f2bba93f3da7510.
2019-07-31 09:08:10 -04:00
Todd Radel d3b7fd83fe
connect: support AWS PCA as a CA provider (#6189)
Port AWS PCA provider from consul-ent
2019-07-30 22:57:51 -04:00
Todd Radel 1b14d6595e
connect: Support RSA keys in addition to ECDSA (#6055)
Support RSA keys in addition to ECDSA
2019-07-30 17:47:39 -04:00
Freddy c691b75b75
Update CHANGELOG.md 2019-07-30 11:03:16 -06:00
freddygv 00157a2c1f Update default gossip encryption key size to 32 bytes 2019-07-30 09:45:41 -06:00
Matt Keeler 4407ec5faf
Update CHANGELOG.md 2019-07-30 09:58:38 -04:00
Matt Keeler 4bdd27ef31
Fix envoy canBind (#6238)
* Fix envoy cli canBind function

The string form of an Addr was including the CIDR causing the str equals to not match.

* Remove debug prints
2019-07-30 09:56:56 -04:00
hashicorp-ci 20f477cf13 Merge Consul OSS branch 'master' at commit a1725e6b5299c6ce12e8273205f90fba31403686 2019-07-30 02:00:29 +00:00
Matt Keeler e9f6805adc Fix flaky tests (#6229) 2019-07-29 15:07:25 -04:00
Matt Keeler e0aa9fccbb
Update CHANGELOG.md 2019-07-29 11:19:39 -04:00
Matt Keeler 5058faf653
Update CHANGELOG.md 2019-07-29 11:17:58 -04:00
Matt Keeler 7e69646a77
Fix prepared query upstream endpoint generation (#6236)
Use the correct SNI value for prepared query upstreams
2019-07-29 11:15:55 -04:00
hashicorp-ci da93c2ce79
Release v1.6.0-beta3 2019-07-26 23:15:20 +00:00
hashicorp-ci 252900d3e5
update bindata_assetfs.go 2019-07-26 23:15:20 +00:00
Alvin Huang 7972514b82 Merge remote-tracking branch 'origin/master' into release/1-6 2019-07-26 16:22:53 -04:00
Matt Keeler f3d0bdd8f3
Update CHANGELOG.md 2019-07-26 15:59:20 -04:00
Matt Keeler a7c4b7af7c
Fix CA Replication when ACLs are enabled (#6201)
Secondary CA initialization steps are:

• Wait until the primary will be capable of signing intermediate certs. We use serf metadata to check the versions of servers in the primary which avoids needing a token like the previous implementation that used RPCs. We require at least one alive server in the primary and the all alive servers meet the version requirement.
• Initialize the secondary CA by getting the primary to sign an intermediate

When a primary dc is configured, if no existing CA is initialized and for whatever reason we cannot initialize a secondary CA the secondary DC will remain without a CA. As soon as it can it will initialize the secondary CA by pulling the primaries roots and getting the primary to sign an intermediate.

This also fixes a segfault that can happen during leadership revocation. There was a spot in the secondaryCARootsWatch that was getting the CA Provider and executing methods on it without nil checking. Under normal circumstances it wont be nil but during leadership revocation it gets nil'ed out. Therefore there is a period of time between closing the stop chan and when the go routine is actually stopped where it could read a nil provider and cause a segfault.
2019-07-26 15:57:57 -04:00
Matt Keeler 9dd72121e1
Set --max-obj-name-len 256 when execing Envoy (#6202)
* Pass -max-obj-name-len 256 to envoy

* Update test expectations.

* Add a note about requireing the max-obj-name-len option to be set
2019-07-26 15:43:15 -04:00
Todd Radel c253a23630
Merge pull request #6210 from hashicorp/docs/fix-ambassador-link
Fix links to ambassador website
2019-07-26 14:29:03 -04:00
R.B. Boyer 200d470f7b
Merge pull request #6223 from hashicorp/master-merge-b3541c4f3
Master merge b3541c4f3
2019-07-26 11:44:01 -05:00
R.B. Boyer 1b95d2e5e3 Merge Consul OSS branch master at commit b3541c4f34d43ab92fe52256420759f17ea0ed73 2019-07-26 10:34:24 -05:00
Jack Pearkes ed9365cfd4 Putting source back into Dev Mode 2019-07-25 17:58:56 -07:00
hashicorp-ci 601703497f
Release v1.5.3 2019-07-25 23:41:17 +00:00
hashicorp-ci 86ff9e9dc9
update bindata_assetfs.go 2019-07-25 23:41:16 +00:00
Jack Pearkes 4670f16f85
Update CHANGELOG.md 2019-07-25 14:20:11 -07:00
Mike Morris 2c78c476a0
docs: add TCP half-close broken pipe to common errors (#6203) 2019-07-25 16:01:33 -04:00
Jack Pearkes 3b98867a2c
config: correct limit to limits in config example (#6219)
This isn't yet documented on the website, but wanted to update this to add the missing s.
2019-07-25 12:38:57 -07:00
Matt Keeler 86eff21835
Update CHANGELOG.md 2019-07-25 14:27:22 -04:00
Matt Keeler c4a34602b6
Allow forwarding of some status RPCs (#6198)
* Allow forwarding of some status RPCs

* Update docs

* add comments about not using the regular forward
2019-07-25 14:26:22 -04:00
Alvin Huang 27dba08e4f
check vendor folder (#6006)
* check vendor in circleci

* make vendor checking step more descriptive

* reorganize check-vendor and gofmt jobs
2019-07-25 11:17:07 -04:00
Alvin Huang 6f04420cf8
remove sdk and api packages (#6214) 2019-07-25 10:00:20 -04:00
Alvin Huang 3bfac76bbf
add dev docker image upload (#5879)
* add dev docker image upload

* remove the go cache since that isn't needed

* add comment and image labels

* get password from stdin
2019-07-25 09:19:09 -04:00
Jeff Mitchell e266b038cc Make the chunking test multidimensional (#6212)
This ensures that it's not just a single operation we restores
successfully, but many. It's the same foundation, just with multiple
going on at once.
2019-07-25 11:40:09 +01:00
Freddy 7dbbe7e55a
auto-encrypt: Fix port resolution and fallback to default port (#6205)
Auto-encrypt meant to fallback to the default port when it wasn't provided, but it hadn't been because of an issue with the error handling. We were checking against an incomplete error value:
"missing port in address" vs "address $HOST: missing port in address"

Additionally, all RPCs to AutoEncrypt.Sign were using a.config.ServerPort, so those were updated to use ports resolved by resolveAddrs, if they are available.
2019-07-24 16:49:37 -07:00
Matt Keeler 33f51db661
Update CHANGELOG.md 2019-07-24 17:08:08 -04:00
Jeff Mitchell e0068431f5 Chunking support (#6172)
* Initial chunk support

This uses the go-raft-middleware library to allow for chunked commits to the KV
2019-07-24 17:06:39 -04:00
Matt Keeler 155cdf022f
Envoy Mesh Gateway integration tests (#6187)
* Allow setting the mesh gateway mode for an upstream in config files

* Add envoy integration test for mesh gateways

This necessitated many supporting changes in most of the other test cases.

Add remote mode mesh gateways integration test
2019-07-24 17:01:42 -04:00
Todd Radel 7575bce5c9 Fix links to ambassador website 2019-07-24 13:23:49 -04:00
Freddy 1b97d65873
Make new config when retrying testServer creation (#6204) 2019-07-24 08:41:00 -06:00
R.B. Boyer aaa112f8de update changelog 2019-07-23 20:57:53 -05:00
R.B. Boyer bd4a2d7be2
connect: allow L7 routers to match on http methods (#6164)
Fixes #6158
2019-07-23 20:56:39 -05:00
R.B. Boyer 67f3da61af
connect: change router syntax for matching query parameters to resemble the syntax for matching paths and headers for consistency. (#6163)
This is a breaking change, but only in the context of the beta series.
2019-07-23 20:55:26 -05:00
R.B. Boyer e864b9fcf1 update changelog 2019-07-23 20:51:58 -05:00
R.B. Boyer fc90beb925
connect: validate and test more of the L7 config entries (#6156) 2019-07-23 20:50:23 -05:00
R.B. Boyer 05889ccc47 update changelog 2019-07-23 20:21:30 -05:00
R.B. Boyer 2bfad66efa
connect: rework how the service resolver subset OnlyPassing flag works (#6173)
The main change is that we no longer filter service instances by health,
preferring instead to render all results down into EDS endpoints in
envoy and merely label the endpoints as HEALTHY or UNHEALTHY.

When OnlyPassing is set to true we will force consul checks in a
'warning' state to render as UNHEALTHY in envoy.

Fixes #6171
2019-07-23 20:20:24 -05:00
R.B. Boyer e060748d3f
tests: adding new envoy integration tests for L7 service-resolvers (#6129)
Additionally:

- wait for bootstrap config entries to be applied

- run the verify container in the host's PID namespace so we can kill
envoys without mounting the docker socket

* assert that we actually send HEALTHY and UNHEALTHY endpoints down in EDS during failover
2019-07-23 20:08:36 -05:00
Alvin Huang 5b6fa58453 resolve circleci config conflicts 2019-07-23 20:18:36 -04:00
Freddy c19f46639b
Restore NotifyListen to avoid panic in newServer retry (#6200) 2019-07-23 14:33:00 -06:00