Commit graph

11954 commits

Author SHA1 Message Date
Matt Keeler a1275c6e7d
Use the DNS and IP SANs from the auto config stanza when set 2020-06-26 16:01:30 -04:00
Matt Keeler 1fcb9ef03f
Overhaul the auto-config translation
This fixes some issues around spurious warnings about using enterprise configuration in OSS.
2020-06-26 15:25:21 -04:00
Freddy 6ef032fefe
Split up unused key validation for oss/ent (#8189)
Split up unused key validation in config entry decode for oss/ent.

This is needed so that we can return an informative error in OSS if namespaces are provided.
2020-06-25 13:58:29 -06:00
Daniel Nephin 7d5f1ba6bd
Merge pull request #8176 from hashicorp/dnephin/add-linter-unparam-1
lint: add unparam linter and fix some of the issues
2020-06-25 15:34:48 -04:00
Freddy 78751f4b97
Merge pull request #8186 from hashicorp/docs-cleanup 2020-06-25 11:44:24 -06:00
Freddy 36a9bb4133
Update website/pages/docs/acl/auth-methods/jwt.mdx
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2020-06-25 11:43:42 -06:00
Kenia e67af2b292
ui: Support ingress gateways upstreams with multiple addresses (#8185)
* Upgrade consul-api-double to version 3.1.2

* Display multiple addresses for ingress gateway upstreams
2020-06-25 09:50:39 -04:00
Matt Keeler a448e3e636
Merge pull request #8184 from hashicorp/bugfix/goroutine-leaks 2020-06-25 09:22:19 -04:00
freddygv 5b5210e2b7 Remove remaining beta tags 2020-06-24 16:12:24 -06:00
freddygv 2adf1df079 Remove stray instruction 2020-06-24 16:12:08 -06:00
freddygv 5f34f9954c Add docs for upstream destination's namespace 2020-06-24 16:11:44 -06:00
Chris Piraino 8db22c166a
Merge pull request #7932 from hashicorp/ingress/internal-ui-endpoint-multiple-ports
Update gateway-services-nodes API endpoint to allow multiple addresses
2020-06-24 17:11:01 -05:00
freddygv 1ac7e9a07d Add tabs to config entry examples 2020-06-24 16:10:46 -06:00
Chris Piraino 58eb3710fc remove obsolete comments about test parallelization 2020-06-24 16:36:13 -05:00
Chris Piraino abe2ca94c5 Update gateway-services-nodes API endpoint to allow multiple addresses
Previously, we were only returning a single ListenerPort for a single
service. However, we actually allow a single service to be serviced over
multiple ports, as well as allow users to define what hostnames they
expect their services to be contacted over. When no hosts are defined,
we return the default ingress domain for any configured DNS domain.

To show this in the UI, we modify the gateway-services-nodes API to
return a GatewayConfig.Addresses field, which is a list of addresses
over which the specific service can be contacted.
2020-06-24 16:35:23 -05:00
Matt Keeler 2ab8af4093
Add a test for go routine leaks
This is in its own separate package so that it will be a separate test binary that runs thus isolating the go runtime from other tests and allowing accurate go routine leak checking.

This test would ideally use goleak.VerifyTestMain but that will fail 100% of the time due to some architectural things (blocking queries and net/rpc uncancellability).

This test is not comprehensive. We should enable/exercise more features and more cluster configurations. However its a start.
2020-06-24 17:09:50 -04:00
Matt Keeler d471977f62
Fix go routine leak in auto encrypt ca roots tracking 2020-06-24 17:09:50 -04:00
Matt Keeler 90e741c6d2
Allow cancelling blocking queries in response to shutting down. 2020-06-24 17:09:50 -04:00
John Cowen f133abe4f1
ui: Ensure the tooltip panel chevron isn't hidden by overflow (#8183) 2020-06-24 18:07:19 +01:00
Daniel Nephin 0285956fac Update TestAgent_GetCoordinate
The old test case was a very specific regresion test for a case that is no longer possible.
Replaced with a new test that checks the default coordinate is returned.
2020-06-24 13:00:15 -04:00
Daniel Nephin 56ecfce5fa Remove unused return values 2020-06-24 13:00:15 -04:00
Daniel Nephin 07c1081d39 Fix a bunch of unparam lint issues 2020-06-24 13:00:14 -04:00
Matt Keeler 341aedbce9
Ensure that retryLoopBackoff can be cancelled
We needed to pass a cancellable context into the limiter.Wait instead of context.Background. So I made the func take a context instead of a chan as most places were just passing through a Done chan from a context anyways.

Fix go routine leak in the gateway locator
2020-06-24 12:41:08 -04:00
Matt Keeler e395efdbdc
Add test to ensure the StopChannelContext works properly 2020-06-24 12:34:57 -04:00
Matt Keeler 934f92f83b
Don’t leak metrics go routines in tests (#8182) 2020-06-24 10:15:25 -04:00
Kenia 6a581de3cb
ui: Refactor composite rows to use description lists and add Tooltips (#8175)
* Update Consul Service List composite rows with Tooltips and description lists

* Update Consul Service Instance List composite rows with Tooltips and description lists

* Removed line height in reduced pill to match the description lists in the composite rows
2020-06-24 09:54:16 -04:00
gitforbit aebb8e09a7
agent-http: cleanup: return nil instead of err (#8043)
Since err is already checked, it should return `nil`
2020-06-24 14:29:21 +02:00
Mike Morris 8a496af085
Update dev.mdx (#8090)
Remove ref to "virtual service" to avoid confusion with L7 routing virtual services, replace with "debug service".
2020-06-24 14:26:01 +02:00
Valery V. Vorotyntsev 0e50884525
Fix quorum formula in consensus.mdx (#8166)
[Add & Remove Servers](https://learn.hashicorp.com/consul/day-2-operations/servers)
guide uses `(N/2)+1` quorum formula.  So does the
[Raft implementation](5927dcda05/raft.go (L909)).

Consensus Protocol document uses `(n+1)/2` formula.
This formula is not only different, it conflicts with the
[Deployment Table](https://www.consul.io/docs/internals/consensus.html#deployment_table)
in the same document; e.g., (6+1)/2 = 3, not 4.

Replace `(n+1)/2` with `(N/2)+1` in Consensus Protocol document.
2020-06-24 14:23:36 +02:00
Alvin Huang 6cf07d1b2b
remove set -e for cherry-pick script since we collect errors (#8177) 2020-06-23 18:37:20 -04:00
R.B. Boyer ba83b52b32
connect: upgrade github.com/envoyproxy/go-control-plane to v0.9.5 (#8165) 2020-06-23 15:19:56 -05:00
Chris Piraino c1f485c516
docs: Specify port in host for example (#8167)
This example shows a TLS enabled ingress config on a non-https port.
Currently, that means we require the port to be specified in one of the
host entries to route traffic.
2020-06-23 14:41:51 -05:00
John Cowen aa938190c4
ui: Make sure right trim doesn't try to overtrim (#8171) 2020-06-23 18:34:21 +01:00
Freddy 90758e8100
Merge pull request #8169 from hashicorp/config-entry-ns 2020-06-23 11:15:23 -06:00
John Cowen 8eb1133cac
ui: Add namespaced versions of templated policies (#8173) 2020-06-23 17:58:43 +01:00
freddygv 224f486aef Update namespaces subject-verb agreement 2020-06-23 10:57:30 -06:00
Kenia 6bc1b2be44
ui: Update helper to return Proxy and Service Health if the Service has a Proxy (#8168) 2020-06-23 10:28:29 -04:00
John Cowen ed8d148502
ui: Redesigns for the token/policy/roles listings pages (#8144) 2020-06-23 10:12:04 +01:00
John Cowen c5d0216939
ui: Support for Node Identities (#8137)
* Add all the new data required for NodeIdentities

* Add potential NodeIdentity to the token list component

* Amend the policy-form/selector to allow node identity creation

* Fix up CSS for radio buttons and select label

* Add node-identity policy template component

* Fix up and add acceptance tests for NodeIndentities

* Make sure policy previews take node identities into account

* Only show certain policy markup if those we have those policies

* Potentially temporarily hide dt's that don't have icons yet
2020-06-23 09:59:43 +01:00
freddygv c631e7496a Remove break 2020-06-22 19:59:04 -06:00
freddygv e81b6d25ad Let users know namespaces are ent only in config entry decode 2020-06-22 19:59:04 -06:00
Freddy 146afbe9a2
Merge http2 integration test case into grpc case (#8164)
http2 is covered by grpc since grpc uses http2
2020-06-22 13:09:04 -06:00
s-christoff dd19cfe729
Add AgentMemberStatus const (#8110)
* Add AgentMemberStatus const
2020-06-22 12:18:45 -05:00
Matt Keeler 49cdc631d6
Update CHANGELOG.md 2020-06-22 09:03:02 -04:00
Pierre Souchay 667b36cdba
Returns DNS Error NSDOMAIN when DC does not exists (#8103)
This will allow to increase cache value when DC is not valid (aka
return SOA to avoid too many consecutive requests) and will
distinguish DC being temporarily not available from DC not existing.

Implements https://github.com/hashicorp/consul/issues/8102
2020-06-22 09:01:48 -04:00
Brandon Romano 84100ac893
Merge pull request #8162 from hashicorp/nav-update
Update Nav
2020-06-22 04:15:18 -07:00
Brandon Romano 8c1ccf96e9 Update Nav 2020-06-21 19:35:34 -07:00
Matt Keeler 7b49fc1529
Require enabling TLS to enable Auto Config (#8159)
On the servers they must have a certificate.

On the clients they just have to set verify_outgoing to true to attempt TLS connections for RPCs.

Eventually we may relax these restrictions but right now all of the settings we push down (acl tokens, acl related settings, certificates, gossip key) are sensitive and shouldn’t be transmitted over an unencrypted connection. Our guides and docs should recoommend verify_server_hostname on the clients as well.

Another reason to do this is weird things happen when making an insecure RPC when TLS is not enabled. Basically it tries TLS anyways. We should probably fix that to make it clearer what is going on.
2020-06-19 16:38:14 -04:00
Freddy c908f4f1d3
Update CHANGELOG.md 2020-06-19 13:36:37 -06:00
Freddy 3089b0e57a
Update CHANGELOG.md 2020-06-19 13:35:22 -06:00