Commit graph

19991 commits

Author SHA1 Message Date
Michael Wilkerson 40dd8ce65b
Add sameness group field to prepared queries (#17089)
* added method for converting SamenessGroupConfigEntry
- added new method `ToQueryFailoverTargets` for converting a SamenessGroupConfigEntry's members to a list of QueryFailoverTargets
- renamed `ToFailoverTargets` ToServiceResolverFailoverTargets to distinguish it from `ToQueryFailoverTargets`

* Added SamenessGroup to PreparedQuery
- exposed Service.Partition to API when defining a prepared query
- added a method for determining if a QueryFailoverOptions is empty
- This will be useful for validation
- added unit tests

* added method for retrieving a SamenessGroup to state store

* added logic for using PQ with SamenessGroup
- added branching path for SamenessGroup handling in execute. It will be handled separate from the normal PQ case
- added a new interface so that the `GetSamenessGroupFailoverTargets` can be properly tested
- separated the execute logic into a `targetSelector` function so that it can be used for both failover and sameness group PQs
- split OSS only methods into new PQ OSS files
- added validation that `samenessGroup` is an enterprise only feature

* added documentation for PQ SamenessGroup
2023-04-24 13:21:28 -07:00
Dan Bond dc4d8b0cf6
CI: remove uneeded AWS creds from test-integrations (#17104)
* Update test-integrations.yml

* removing permission lies now that vault is not used in this job.

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-24 11:34:53 -07:00
Anita Akaeze b0674f7d6d
Merge pull request #5200 from hashicorp/NET-3758 (#17102)
* Merge pull request #5200 from hashicorp/NET-3758

NET-3758: connect: update supported envoy versions to 1.26.0

* lint
2023-04-24 18:23:24 +00:00
Derek Menteer 136adf52da
Fix virtual services being included in intention topology as downstreams. (#17099) 2023-04-24 12:03:26 -05:00
Semir Patel 2409c32e20
De-scope tenenacy requirements to OSS only for now. (#17087)
Partition and namespace must be "default"
Peername must be "local"
2023-04-24 08:14:51 -05:00
Paul Banks 062cd72607
Bump raft to 1.5.0 (#17081)
* Bump raft to 1.5.0

* Add CHANGELOG entry

* Add CHANGELOG entry with right extension (thanks VSCode)

* Add CHANGELOG entry with right extension (thanks VSCode)

* Go mod tidy
2023-04-21 20:13:55 +01:00
Kyle Havlovitz dee8609793
Include virtual services from discovery chain in intention topology (#16862) 2023-04-21 16:58:13 +00:00
Kyle Havlovitz 29daa2f054
Add manual virtual IP support to state store (#16815) 2023-04-21 09:19:02 -07:00
John Murret 3939237e28
ci: fix test splits that have less test packages than runner count from hanging (#17080)
* use proper TOTAL_RUNNER setting when generating runner matrix.  if matrix size is smaller than total_runners, use the smaller number

* try again

* try again 2

* try again 3

* try again 4

* try again 5

* try scenario where number is less

* reset

* get rid of cat "$GITHUB_OUTPUT"

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* removing push trigger that was added for debug

---------

Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-04-21 10:01:32 -06:00
John Murret 75aa8e39b9
ci: fix test splits that have less test packages than runner count from hanging (#17080)
* use proper TOTAL_RUNNER setting when generating runner matrix.  if matrix size is smaller than total_runners, use the smaller number

* try again

* try again 2

* try again 3

* try again 4

* try again 5

* try scenario where number is less

* reset

* get rid of cat "$GITHUB_OUTPUT"

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* removing push trigger that was added for debug

---------

Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-04-21 10:01:05 -06:00
Eric Haberkorn e61ba07fa1
Fix a bug with disco chain config entry fetching (#17078)
Before this change, we were not fetching service resolvers (and therefore
service defaults) configuration entries for services on members of sameness
groups.
2023-04-21 09:18:32 -04:00
R.B. Boyer e76795dc08
fix the linter (#17077) 2023-04-20 17:49:08 -04:00
Anita Akaeze af6e061d05
NET-3648: Add script to get consul and envoy version (#17060) 2023-04-20 13:11:11 -04:00
Semir Patel b12d638046
Enforce operator:write acl on WriteStatus endpoint (#17019) 2023-04-20 16:25:33 +00:00
Eric Haberkorn 87994e4c5f
Add sameness groups to service intentions. (#17064) 2023-04-20 12:16:04 -04:00
Eddie Rowe cb467ac229
fix broken links (#17032)
* fix broken links

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-04-20 16:12:11 +00:00
Ronald 05cac617ba
Fix generated proto files (#17063)
* [COMPLIANCE] Add Copyright and License Headers

* generate proto

---------

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-04-20 13:31:49 +00:00
hashicorp-copywrite[bot] 87aee8308b
[COMPLIANCE] Add Copyright and License Headers (#16854)
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-04-20 12:40:22 +00:00
John Murret 0216add52c
remove worklogs upload (#17056) 2023-04-19 16:29:36 -06:00
Paul Glass 972e81bd67
[NET-3091] Update service intentions to support jwt provider references (#17037)
* [NET-3090] Add new JWT provider config entry

* Add initial test cases

* update validations for jwt-provider config entry fields

* more validation

* start improving tests

* more tests

* Normalize

* Improve tests and move validate fns

* usage test update

* Add split between ent and oss for partitions

* fix lint issues

* Added retry backoff, fixed tests, removed unused defaults

* take into account default partitions

* use countTrue and add aliases

* omit audiences if empty

* fix failing tests

* add omit-entry

* Add JWT intentions

* generate proto

* fix deep copy issues

* remove extra field

* added some tests

* more tests

* add validation for creating existing jwt

* fix nil issue

* More tests, fix conflicts and improve memdb call

* fix namespace

* add aliases

* consolidate errors, skip duplicate memdb calls

* reworked iteration over config entries

* logic improvements from review

---------

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-04-19 18:16:39 -04:00
Paul Glass 91ca3b012c
[NET-3090] Add new JWT provider config entry (#17036)
* [NET-3090] Add new JWT provider config entry

* Add initial test cases

* update validations for jwt-provider config entry fields

* more validation

* start improving tests

* more tests

* Normalize

* Improve tests and move validate fns

* usage test update

* Add split between ent and oss for partitions

* fix lint issues

* Added retry backoff, fixed tests, removed unused defaults

* take into account default partitions

* use countTrue and add aliases

* omit audiences if empty

* fix failing tests

* add omit-entry

* update copyright headers ids

---------

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-04-19 17:54:14 -04:00
Paul Glass d8d89d4b59
Permissive mTLS (#17035)
This implements permissive mTLS , which allows toggling services into "permissive" mTLS mode.
Permissive mTLS mode allows incoming "non Consul-mTLS" traffic to be forward unmodified to the application.

* Update service-defaults and proxy-defaults config entries with a MutualTLSMode field
* Update the mesh config entry with an AllowEnablingPermissiveMutualTLS field and implement the necessary validation. AllowEnablingPermissiveMutualTLS must be true to allow changing to MutualTLSMode=permissive, but this does not require that all proxy-defaults and service-defaults are currently in strict mode.
* Update xDS listener config to add a "permissive filter chain" when MutualTLSMode=permissive for a particular service. The permissive filter chain matches incoming traffic by the destination port. If the destination port matches the service port from the catalog, then no mTLS is required and the traffic sent is forwarded unmodified to the application.
2023-04-19 14:45:00 -05:00
R.B. Boyer 5e019393d3
Revert "cache: refactor agent cache fetching to prevent unnecessary f… (#16818) (#17046)
Revert "cache: refactor agent cache fetching to prevent unnecessary fetches on error (#14956)"

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
2023-04-19 13:17:21 -05:00
Kyle Havlovitz 26128548a5
Avoid decoding nil pointer in map walker (#17048) 2023-04-19 10:23:38 -07:00
John Murret d7c488762e
ci: remove test-integrations CircleCI workflow (#16928)
* remove all CircleCI files

* remove references to CircleCI

* remove more references to CircleCI

* pin golangci-lint to v1.51.1 instead of v1.51
2023-04-19 16:19:29 +00:00
John Murret 9a77ec0b6d
ci: add test-integrations (#16915)
* add test-integrations workflow

* add test-integrations success job

* update vault integration testing versions (#16949)

* change parallelism to 4 forgotestsum.  use env.CONSUL_VERSION so we can see the version.

* use env for repeated values

* match test to circleci

* fix envvar

* fix envvar 2

* fix envvar 3

* fix envvar 4

* fix envvar 5

* make upgrade and compatibility tests match circleci

* run go env to check environment

* debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* revert debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* going back to command that worked 5 days ago for compatibility tests

* Update Envoy versions to reflect changes in #16889

* cd to test dir

* try running ubuntu latest

* update PR with latest changes that work in enterprise

* yaml still sucks

* test GH fix (localhost resolution)

* change for testing

* test splitting and ipv6 lookup for compatibility and upgrade tests

* fix indention

* consul as image name

* remove the on push

* add gotestsum back in

* removing the use of the gotestsum download action

* yaml sucks today just like yesterday

* fixing nomad tests

* worked out the kinks on enterprise

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Eikenberry <jae@zhar.net>
Co-authored-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
2023-04-18 20:45:30 -06:00
Luke Kysow 9345ce89d4
Don't send updates twice (#16999) 2023-04-18 10:41:58 -07:00
Kevin Wang 63e9c08234
Bump the golang.org/x/net to 0.7.0 to address CVE-2022-41723 (#16754)
* Bump the golang.org/x/net to 0.7.0 to address CVE-2022-41723

https://nvd.nist.gov/vuln/detail/CVE-2022-41723

* Add changelog entry

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-04-18 17:31:08 +00:00
Andrei Komarov 5c35095490
api: enable query options on agent force-leave endpoint (#15987) 2023-04-18 11:31:48 -05:00
Poonam Jadhav 4f7d1b4700
feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
Dhia Ayachi 41064eb20b
add ability to start container tests in debug mode and attach a debugger (#16887)
* add ability to start container tests in debug mode and attach a debugger to consul while running it.

* add a debug message with the debug port

* use pod to get the right port

* fix image used in basic test

* add more data to identify which container to debug.

* fix comment

Co-authored-by: Evan Culver <eculver@users.noreply.github.com>

* rename debugUri to debugURI

---------

Co-authored-by: Evan Culver <eculver@users.noreply.github.com>
2023-04-18 09:49:53 -04:00
Dan Upton 3466c85cc4
server: wire up in-process Resource Service (#16978) 2023-04-18 10:03:23 +01:00
Jared Kirschner dcd1143086
docs: update docs related to GH-16779 (#17020) 2023-04-17 23:41:31 +00:00
Semir Patel 0674f30fc1
Tenancy wildcard validaton for Write, Read, and Delete endpoints (#17004) 2023-04-17 16:33:20 -05:00
trujillo-adam 905cc1bbd5
added an intro statement for the SI conf entry confiration model (#17017)
* added an intro statement for the SI conf entry confiration model

* caught a few more typos
2023-04-17 11:29:32 -07:00
trujillo-adam c4752bace3
fixed bad link (#17009) 2023-04-14 13:51:56 -07:00
Derek Menteer 7ce928a42e
Add PrioritizeByLocality to config entries. (#17007)
This commit adds the PrioritizeByLocality field to both proxy-config
and service-resolver config entries for locality-aware routing. The
field is currently intended for enterprise only, and will be used to
enable prioritization of service-mesh connections to services based
on geographical region / zone.
2023-04-14 15:42:54 -05:00
trujillo-adam 7db438d114
added missing error message content to troubleshooting (#17005) 2023-04-14 13:04:12 -07:00
Michael Wilkerson 4edb1b553d
* added Sameness Group to proto files (#16998)
- added Sameness Group to config entries
- added Sameness Group to subscriptions

* generated proto files

* added Sameness Group events to the state store
- added test cases

* Refactored health RPC Client
- moved code that is common to rpcclient under rpcclient common.go. This will help set us up to support future RPC clients

* Refactored proxycfg glue views
- Moved views to rpcclient config entry. This will allow us to reuse this code for a config entry client

* added config entry RPC Client
- Copied most of the testing code from rpcclient/health

* hooked up new rpcclient in agent

* fixed documentation and comments for clarity
2023-04-14 09:24:46 -07:00
Dhia Ayachi b628355cc4
add IP rate limiting config update (#16997)
* add IP rate limiting config update

* fix review comments
2023-04-14 09:26:38 -04:00
Semir Patel fc3d024d4d
Enforce Owner rules in Write endpoint (#16983) 2023-04-14 08:19:46 -05:00
Semir Patel 1f860b99d2
Fix delete when uid not provided (#16996) 2023-04-14 08:18:24 -05:00
Eric Haberkorn ece9b58e97
move enterprise test cases out of open source (#16985) 2023-04-13 09:07:06 -04:00
cskh ebf0910d54
upgrade test: config nodeName, nodeid, and inherited persistent data for consul container (#16931) 2023-04-12 18:00:56 -04:00
Semir Patel f9311318e1
Add mutate hook to Write endpoint (#16958) 2023-04-12 16:50:07 -05:00
Nathan Coleman ad5a4201d5
Update list of Envoy versions (#16889)
* Update list of Envoy versions

* Update docs + CI + tests

* Add changelog entry

* Add newly-released Envoy versions 1.23.8 and 1.24.6

* Add newly-released Envoy version 1.22.11
2023-04-12 17:43:15 -04:00
Semir Patel 53a0755f03
Enforce ACLs on resource Write and Delete endpoints (#16956) 2023-04-12 16:22:44 -05:00
Dan Bond 1eec647fd3
circleci: remove frontend jobs (#16906)
* circleci: remove fronted jobs

Signed-off-by: Dan Bond <danbond@protonmail.com>

* remove frontend-cache

Signed-off-by: Dan Bond <danbond@protonmail.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-04-12 14:07:18 -07:00
Eric Haberkorn f89938e56b
add sameness to exported services structs in the api package (#16984) 2023-04-12 16:49:28 -04:00
Dhia Ayachi 825663b38a
Memdb Txn Commit race condition fix (#16871)
* Add a test to reproduce the race condition

* Fix race condition by publishing the event after the commit and adding a lock to prevent out of order events.

* split publish to generate the list of events before committing the transaction.

* add changelog

* remove extra func

* Apply suggestions from code review

Co-authored-by: Dan Upton <daniel@floppy.co>

* add comment to explain test

---------

Co-authored-by: Dan Upton <daniel@floppy.co>
2023-04-12 13:18:01 -04:00