Commit graph

17031 commits

Author SHA1 Message Date
Eric Haberkorn b4276e971e
Merge pull request #12529 from hashicorp/add-meta-to-service-config-response
Add `Meta` to `ServiceConfigResponse`
2022-03-07 16:35:21 -05:00
Eric Haberkorn 45312886fe Code review changes 2022-03-07 14:39:33 -05:00
Evan Rowe bf706666ad
Merge pull request #12400 from chinmaym07/ui/feature/add-tags-tab-to-gateways
ui: [Bugfix] Added Tags tab to gateways(just like exists for non-gateway services)
2022-03-07 10:07:58 -08:00
R.B. Boyer cc4733e60d
proxycfg: change how various proxycfg test helpers for making ConfigSnapshot copies works to be more correct and less error prone (#12531)
Prior to this PR for the envoy xDS golden tests in the agent/xds package we
were hand-creating a proxycfg.ConfigSnapshot structure in the proper format for
input to the xDS generator. Over time this intermediate structure has gotten
trickier to build correctly for the various tests.

This PR proposes to switch to using the existing mechanism for turning a
structs.NodeService and a sequence of cache.UpdateEvent copies into a
proxycfg.ConfigSnapshot, as that is less error prone to construct and aligns
more with how the data arrives.

NOTE: almost all of this is in test-related code. I tried super hard to craft
correct event inputs to get the golden files to be the same, or similar enough
after construction to feel ok that i recreated the spirit of the original test
cases.
2022-03-07 11:47:14 -06:00
Eric 3d46f9ef7c Add Meta to ServiceConfigResponse 2022-03-07 10:05:18 -05:00
John Cowen 19fe3e14d1
ui: List Primary and Local DCs first in the Datacenter selector (#12478) 2022-03-07 10:54:12 +00:00
John Cowen b525389286
ui: Fix loading icon size (adds a viewbox) (#12479) 2022-03-07 10:13:56 +00:00
John Cowen a563c121fc
ui: CustomElement component (#12451)
Builds on attach-shadow, adopt-styles and ShadowTemplate, this commit adds ShadowHost and finally CustomElement.

CustomElement is a renderless component to help with the creation of native HTML Custom Elements along with runtime type checking and self-documentation for attributes, slots, cssprops and cssparts. As you will probably see there is a little more work to come here. But in the same breath, everything would be fine to go in as is.
2022-03-07 09:51:47 +00:00
mrspanishviking d598a0a92d
Merge pull request #12521 from hashicorp/admin-limit
docs: adding text for maximum number of admin partitions
2022-03-04 10:53:23 -07:00
Petenerd 7c229742d3
Update install.mdx
missing a quote escape
2022-03-04 12:24:23 -05:00
R.B. Boyer b63a0f3909
reduce flakiness/raciness of errNotFound and errNotChanged blocking query tests (#12518)
Improves tests from #12362

These tests try to setup the following concurrent scenario:

1. (goroutine 1) execute read RPC with index=0
2. (goroutine 1) get response from (1) @ index=10
3. (goroutine 1) execute read RPC with index=10 and block
4. (goroutine 2) WHILE (3) is blocking, start slamming the system with stray writes that will cause the WatchSet to wakeup
5. (goroutine 2) after doing all writes, shut down the reader above
6. (goroutine 1) stops reading, double checks that it only ever woke up once (from 1)
2022-03-04 11:20:01 -06:00
Karl Cardenas 8473e6aa93
docs: replaced ceiling with the word max 2022-03-04 09:26:13 -07:00
Karl Cardenas acf2e43169
docs: updated the text based on feedback from PM 2022-03-04 09:21:59 -07:00
Karl Cardenas 136caf74ba
docs: adding text for maximum number of admin partitions 2022-03-04 09:08:33 -07:00
Blake Covarrubias 866c8cde4b
docs: Update Kubernetes YAML examples in UI visualization (#12419)
* Update Kubernetes related YAML config examples to document supported
syntax in the latest version of the Helm chart.
* Fix syntax in JSON example configs.

Resolves #12403

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-03-03 21:31:57 -08:00
R.B. Boyer 07b92a2855
server: fix spurious blocking query suppression for discovery chains (#12512)
Minor fix for behavior in #12362

IsDefault sometimes returns true even if there was a proxy-defaults or service-defaults config entry that was consulted. This PR fixes that.
2022-03-03 16:54:41 -06:00
Blake Covarrubias d14ddb7a23 docs: Clarify configuration options apply to agent
Recently there have been a handful of GitHub issues and Discuss posts
where users have expected the `consul` CLI to make use of config
options defined in the agent configuration files, and are confused
when it does not honor those config options.

This change clarifies that command-line and configuration file options
documented on the /agent/options page only apply to the Consul agent,
instead of the Consul CLI.
2022-03-03 11:30:20 -08:00
David Yu 30aff819f7
docs: Envoy 'compatibility' typo (#12513) 2022-03-03 10:50:56 -08:00
David Yu b1035b6f4a
docs: bump Envoy for 1.10.x (#12472)
* docs: bump Envoy for 1.10.x

* update security notes and remove previous versions older than n-2

Envoy 1.9.0 and older have last vulnerability.

* Update envoy.mdx

* Update envoy.mdx

* Update envoy.mdx

* Update envoy.mdx

* formatting

* Update website/content/docs/connect/proxies/envoy.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/connect/proxies/envoy.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-03-03 10:34:30 -08:00
mrspanishviking a11f2049ad
Merge pull request #12508 from Petenerd/patch-1
Update install.mdx
2022-03-03 09:48:05 -07:00
Petenerd 53fbea735b
Update install.mdx
missing comma
2022-03-03 11:37:18 -05:00
David Yu bf5933dc9f
docs: consul-k8s service mesh overview - move verification section (#12500) 2022-03-03 08:11:28 -08:00
Daniel Nephin 8f4b6af68a
Merge pull request #12298 from jorgemarey/b-persistnewrootandconfig
Avoid raft change when no config is provided on persistNewRootAndConfig
2022-03-03 11:03:50 -05:00
John Cowen cb7dbd0f87
ui: Add docs for <Action /> component (#12502) 2022-03-03 12:59:25 +00:00
Luke Kysow 2a925b7ef1
Update exported-services.mdx (#12499) 2022-03-02 15:57:58 -08:00
Daniel Nephin 2082bdc286 ca: make sure the test fails without the fix
Also change the path used for the secondary so that both primary and secondary do not overwrite each other.
2022-03-02 18:22:49 -05:00
R.B. Boyer 679cea7171
raft: upgrade to v1.3.6 (#12496)
Add additional protections on the Consul side to prevent NonVoters from bootstrapping raft.

This should un-flake TestServer_Expect_NonVoters
2022-03-02 17:00:02 -06:00
R.B. Boyer 5036b5e414
update changelog (#12495) 2022-03-02 16:44:13 -06:00
R.B. Boyer 7b569127f6
build: ensure 'make linux' puts the binary in the expected location (#12494)
Fixes regression from #10833

Fixes dev-docker and test-docker targets
2022-03-02 14:18:26 -06:00
Eddie Rowe 06e2cb4821
Merge pull request #12483 from hashicorp/consul-er-deprecate-proxy-tutorial
Remove deprecated built-in proxy tutorial reference
2022-03-02 10:58:18 -06:00
trujillo-adam 883ea2f0ce added some ACL example use cases to policy section 2022-03-01 16:48:35 -08:00
Eddie Rowe 56c2f00676 Remove deprecated built-in proxy tutorial reference 2022-03-01 14:35:28 -06:00
trujillo-adam d27895f068 renamed acl-overview to index, fixed formatting, reworded node/service ID intros 2022-03-01 10:03:22 -08:00
Daniel Nephin 849d86e7f5
Merge pull request #12467 from hashicorp/dnephin/ci-vault-test-safer
ca: require that tests that use Vault are named correctly
2022-03-01 12:54:02 -05:00
trujillo-adam 5578217d5c
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-03-01 09:25:21 -08:00
trujillo-adam b588620385 fixing merge conflicts 2022-03-01 09:08:20 -08:00
R.B. Boyer 033e0ed13f
test: parallelize more of TestLeader_ReapOrLeftMember_IgnoreSelf (#12468)
before:

    $ go test ./agent/consul -run TestLeader_ReapOrLeftMember_IgnoreSelf
    ok  	github.com/hashicorp/consul/agent/consul	21.147s

after:

    $ go test ./agent/consul -run TestLeader_ReapOrLeftMember_IgnoreSelf
    ok  	github.com/hashicorp/consul/agent/consul	5.402s
2022-03-01 10:30:06 -06:00
Jorge Marey aba9e724a8 Fix vault test with suggested changes 2022-03-01 10:20:00 +01:00
Jorge Marey 8b1b264b6f Add test case to verify #12298 2022-03-01 09:25:52 +01:00
Jorge Marey 820235235c Add changelog file 2022-03-01 09:25:52 +01:00
Jorge Marey 2ca00df0d8 Avoid raft change when no config is provided on CAmanager
- This avoids a change to the raft store when no roots or config
are provided to persistNewRootAndConfig
2022-03-01 09:25:52 +01:00
Evan Culver c60e04e086
Add changelog entries from latest releases (#12473) 2022-02-28 17:49:37 -08:00
Evan Culver 3ca2d48bc8
Update latest version on website to 1.11.4 (#12469) 2022-02-28 16:53:28 -08:00
Jared Kirschner 4a413c870e
Merge pull request #12455 from hashicorp/docs/enterprise-license-faq-improvements
Enterprise license FAQ improvements
2022-02-28 17:30:07 -05:00
Daniel Nephin dd565aa5e4 ca: fix a test
This test does not use Vault, so does not need ca.SkipIfVaultNotPresent
2022-02-28 16:26:18 -05:00
Daniel Nephin bb7f2f15b3 ca: require that tests that use Vault are named correctly
Previously we were using two different criteria to decide where to run a
test.  The main `go-test` job would skip Vault tests based on the
presence of the `vault` binary, but the `test-connect-ca-providers` job
would run tests based on the name.

This led to a scenario where a test may never run in CI.

To fix this problem I added a name check to the function we use to skip
the test. This should ensure that any test that requires vault is named
correctly to be run as part of the `test-connect-ca-providers` job.

At the same time I relaxed the regex we use. I verified this runs the
same tests using `go test --list Vault`.  I made this change because a
bunch of tests in `agent/connect/ca` used `Vault` in the name, without
the underscores. Instead of changing a bunch of test names, this seemed
easier.

With this approach, the worst case is that we run a few extra tests in
the `test-connect-ca-providers` job, which doesn't seem like a problem.
2022-02-28 16:13:53 -05:00
Jared Kirschner 5a084083a3 docs: clarify trial license FAQ
Also use consistent language throughout to refer to the non-production license
(just "trial" license, not both "trial" and "evaluation").
2022-02-28 13:06:26 -08:00
Kyle Schochenmaier 03a4605218
update helm docs for release 0.41.1 (#12465)
* update helm docs for release 0.41.1

* apply escape on <ip>:<port>

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-02-28 13:03:50 -08:00
R.B. Boyer 3804677570
server: suppress spurious blocking query returns where multiple config entries are involved (#12362)
Starting from and extending the mechanism introduced in #12110 we can specially handle the 3 main special Consul RPC endpoints that react to many config entries in a single blocking query in Connect:

- `DiscoveryChain.Get`
- `ConfigEntry.ResolveServiceConfig`
- `Intentions.Match`

All of these will internally watch for many config entries, and at least one of those will likely be not found in any given query. Because these are blends of multiple reads the exact solution from #12110 isn't perfectly aligned, but we can tweak the approach slightly and regain the utility of that mechanism.

### No Config Entries Found

In this case, despite looking for many config entries none may be found at all. Unlike #12110 in this scenario we do not return an empty reply to the caller, but instead synthesize a struct from default values to return. This can be handled nearly identically to #12110 with the first 1-2 replies being non-empty payloads followed by the standard spurious wakeup suppression mechanism from #12110.

### No Change Since Last Wakeup

Once a blocking query loop on the server has completed and slept at least once, there is a further optimization we can make here to detect if any of the config entries that were present at specific versions for the prior execution of the loop are identical for the loop we just woke up for. In that scenario we can return a slightly different internal sentinel error and basically externally handle it similar to #12110.

This would mean that even if 20 discovery chain read RPC handling goroutines wakeup due to the creation of an unrelated config entry, the only ones that will terminate and reply with a blob of data are those that genuinely have new data to report.

### Extra Endpoints

Since this pattern is pretty reusable, other key config-entry-adjacent endpoints used by `agent/proxycfg` also were updated:

- `ConfigEntry.List`
- `Internal.IntentionUpstreams` (tproxy)
2022-02-25 15:46:34 -06:00
Chris S. Kim aea00f10ae
Merge pull request #12442 from danieleva/12422-keyring
Allows keyring operations on client agents
2022-02-25 16:28:56 -05:00