Commit graph

20057 commits

Author SHA1 Message Date
cskh 97c4424743
docs: add envoy to the proxycfg diagram (#16834)
* docs: add envoy to the proxycfg diagram
2023-04-04 09:42:42 -04:00
Dao Thanh Tung 013822dcac
Fix broken doc in consul-k8s upgrade (#16852)
Signed-off-by: dttung2905 <ttdao.2015@accountancy.smu.edu.sg>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-04-03 21:21:51 +00:00
John Eikenberry 3250e742ab
CA mesh CA expiration to it's own section
This is part of an effort to raise awareness that you need to monitor
your mesh CA if coming from an external source as you'll need to manage
the rotation.
2023-04-03 20:02:08 +00:00
Freddy 04e6e79b09
Allow dialer to re-establish terminated peering (#16776)
Currently, if an acceptor peer deletes a peering the dialer's peering
will eventually get to a "terminated" state. If the two clusters need to
be re-peered the acceptor will re-generate the token but the dialer will
encounter this error on the call to establish:

"failed to get addresses to dial peer: failed to refresh peer server
addresses, will continue to use initial addresses: there is no active
peering for "<<<ID>>>""

This is because in `exchangeSecret().GetDialAddresses()` we will get an
error if fetching addresses for an inactive peering. The peering shows
up as inactive at this point because of the existing terminated state.

Rather than checking whether a peering is active we can instead check
whether it was deleted. This way users do not need to delete terminated
peerings in the dialing cluster before re-establishing them.
2023-04-03 12:07:45 -06:00
Hariram Sankaran bef1aafbf9
Fix typo on cli-flags.mdx (#16843)
Change "segements" to segments
2023-04-03 10:28:18 -07:00
Michael Zalimeni 87eef7a4d0
Update changelog with patch releases (#16856)
* Update changelog with patch releases

* Backport missed 1.0.4 patch release to changelog
2023-04-03 13:05:36 -04:00
Chris S. Kim 8671448b73
Connect CA Primary Provider refactor (#16749)
* Rename Intermediate cert references to LeafSigningCert

Within the Consul CA subsystem, the term "Intermediate"
is confusing because the meaning changes depending on
provider and datacenter (primary vs secondary). For
example, when using the Consul CA the "ActiveIntermediate"
may return the root certificate in a primary datacenter.

At a high level, we are interested in knowing which
CA is responsible for signing leaf certs, regardless of
its position in a certificate chain. This rename makes
the intent clearer.

* Move provider state check earlier

* Remove calls to GenerateLeafSigningCert

GenerateLeafSigningCert (formerly known
as GenerateIntermediate) is vestigial in
non-Vault providers, as it simply returns
the root certificate in primary
datacenters.

By folding Vault's intermediate cert logic
into `GenerateRoot` we can encapsulate
the intermediate cert handling within
`newCARoot`.

* Move GenerateLeafSigningCert out of PrimaryProvidder

Now that the Vault Provider calls
GenerateLeafSigningCert within
GenerateRoot, we can remove the method
from all other providers that never
used it in a meaningful way.

* Add test for IntermediatePEM

* Rename GenerateRoot to GenerateCAChain

"Root" was being overloaded in the Consul CA
context, as different providers and configs
resulted in a single root certificate or
a chain originating from an external trusted
CA. Since the Vault provider also generates
intermediates, it seems more accurate to
call this a CAChain.
2023-04-03 11:40:33 -04:00
malizz f8d6cce902
add region field (#16825)
* add region field

* fix syntax error in test file

* go fmt

* go fmt

* remove test
2023-03-31 12:05:47 -07:00
Dan Bond 0d16aa934b
[NET-3029] Migrate dev-* jobs to GHA (#16792)
* ci: add build-artifacts workflow

Signed-off-by: Dan Bond <danbond@protonmail.com>

* makefile for gha dev-docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* use docker actions instead of make

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Add context

Signed-off-by: Dan Bond <danbond@protonmail.com>

* testing push

Signed-off-by: Dan Bond <danbond@protonmail.com>

* set short sha

Signed-off-by: Dan Bond <danbond@protonmail.com>

* upload to s3

Signed-off-by: Dan Bond <danbond@protonmail.com>

* rm s3 upload

Signed-off-by: Dan Bond <danbond@protonmail.com>

* use runner setup job

Signed-off-by: Dan Bond <danbond@protonmail.com>

* on push

Signed-off-by: Dan Bond <danbond@protonmail.com>

* testing

Signed-off-by: Dan Bond <danbond@protonmail.com>

* on pr

Signed-off-by: Dan Bond <danbond@protonmail.com>

* revert testing

Signed-off-by: Dan Bond <danbond@protonmail.com>

* OSS/ENT logic

Signed-off-by: Dan Bond <danbond@protonmail.com>

* add comments

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Update .github/workflows/build-artifacts.yml

Co-authored-by: John Murret <john.murret@hashicorp.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-03-31 19:02:40 +00:00
Eric Haberkorn beb9f17337
Add default resolvers to disco chains based on the default sameness group (#16837) 2023-03-31 14:35:56 -04:00
Derek Menteer ee59a81dc9
Add sameness-group to exported-services config entries (#16836)
This PR adds the sameness-group field to exported-service
config entries, which allows for services to be exported
to multiple destination partitions / peers easily.
2023-03-31 12:36:44 -05:00
Ronald 8973b2f09f
Remove UI brand-loader copyright headers as they do not render appropriately (#16835) 2023-03-31 11:29:19 -04:00
Dan Upton 37207b4e4c
storage: fix resource leak in Watch (#16817) 2023-03-31 13:24:19 +01:00
John Murret 1386ac3c63
updating command to reflect the additional package exclusions in CircleCI (#16829) 2023-03-30 21:39:34 -06:00
Jared Kirschner c547ff5c8d
docs: raise awareness of GH-16779 (#16823) 2023-03-30 17:23:19 -04:00
Nick Irvine d22d6d569f
port ENT upgrade tests flattening (#16824) 2023-03-30 13:07:16 -07:00
John Murret 60bf97bf80
ci: changes resulting from running on consul-enterprise (#16816)
* changes resulting from running on consul-enterprise

* removing comment line
2023-03-30 10:57:11 -06:00
Eric Haberkorn b97a3a17d8
add order by locality failover to Consul enterprise (#16791) 2023-03-30 10:08:38 -04:00
hashicorp-copywrite[bot] 899c5b11a5
[COMPLIANCE] Add Copyright and License Headers (#16807)
* [COMPLIANCE] Add Copyright and License Headers

* fix headers for generated files

* ignore dist folder

---------

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-03-29 16:57:51 +00:00
Nick Irvine c1ea13c243
port ENT ingress gateway upgrade tests [NET-2294] [NET-2296] (#16804) 2023-03-29 09:51:21 -07:00
Jeff Boruszak dee481062d
docs: Updates to support HCP Consul cluster peering release (#16774)
* New HCP Consul documentation section + links

* Establish cluster peering usage cross-link

* unrelated fix to backport to v1.15

* nav correction + fixes

* Tech specs fixes

* specifications for headers

* Tech specs fixes + alignments

* sprawl edits

* Tip -> note
2023-03-29 09:27:41 -07:00
Poonam Jadhav cad78f5839
fix: export ReadWriteRatesConfig struct as it needs to referenced from consul-k8s (#16766) 2023-03-29 09:54:59 -04:00
Ronald 71fb0a723e
Copyright headers for missing files/folders (#16708)
* copyright headers for agent folder
2023-03-28 18:48:58 -04:00
John Murret b5794c803f
Github Actions Migration - move go-tests workflows to GHA (#16761)
* go-tests workflow

* add test splitting to go-tests

* fix re-reun fails report path

* fix re-reun fails report path another place

* fixing tests for32bit and race

* use script file to generate runners

* fixing run path

* add checkout

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* passing runs-on

* setting up runs-on as a parameter to check-go-mod

* making on pull_request

* Update .github/scripts/rerun_fails_report.sh

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* make runs-on required

* removing go-version param that is not used.

* removing go-version param that is not used.

* Modify build-distros to use medium runners (#16773)

* go-tests workflow

* add test splitting to go-tests

* fix re-reun fails report path

* fix re-reun fails report path another place

* fixing tests for32bit and race

* use script file to generate runners

* fixing run path

* add checkout

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* passing runs-on

* setting up runs-on as a parameter to check-go-mod

* trying mediums

* adding in script

* fixing runs-on to be parameter

* fixing merge conflict

* changing to on push

* removing whitespace

* go-tests workflow

* add test splitting to go-tests

* fix re-reun fails report path

* fix re-reun fails report path another place

* fixing tests for32bit and race

* use script file to generate runners

* fixing run path

* add checkout

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* passing runs-on

* setting up runs-on as a parameter to check-go-mod

* changing back to on pull_request

---------

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Github Actions Migration - move verify-ci workflows to GHA (#16777)

* add verify-ci workflow

* adding comment and changing to on pull request.

* changing to pull_requests

* changing to pull_request

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* [NET-3029] Migrate frontend to GHA (#16731)

* changing set up to a small

* using consuls own custom runner pool.

---------

Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-03-28 15:29:27 -06:00
Ronald 24f91d9077
Add copyright headers for acl, api and bench folders (#16706)
* copyright headers for agent folder

* Ignore test data files

* fix proto files and remove headers in agent/uiserver folder

* ignore deep-copy files

* copyright headers for agent folder

* fix merge conflicts

* copyright headers for agent folder

* Ignore test data files

* fix proto files

* ignore agent/uiserver folder for now

* copyright headers for agent folder

* Add copyright headers for acl, api and bench folders
2023-03-28 16:12:41 -04:00
Ronald 7a5c8dc1eb
Copyright headers for command folder (#16705)
* copyright headers for agent folder

* Ignore test data files

* fix proto files and remove headers in agent/uiserver folder

* ignore deep-copy files

* copyright headers for agent folder

* Copyright headers for command folder

* fix merge conflicts
2023-03-28 15:12:30 -04:00
Ronald dd0e8eec14
copyright headers for agent folder (#16704)
* copyright headers for agent folder

* Ignore test data files

* fix proto files and remove headers in agent/uiserver folder

* ignore deep-copy files
2023-03-28 14:39:22 -04:00
John Maguire 09512ae32d
Update normalization of route refs (#16789)
* Use merge of enterprise meta's rather than new custom method

* Add merge logic for tcp routes

* Add changelog

* Normalize certificate refs on gateways

* Fix infinite call loop

* Explicitly call enterprise meta
2023-03-28 11:23:49 -04:00
Valeriia Ruban 648f16b4fc
add scripts for testing locally consul-ui-toolkit (#16794) 2023-03-27 17:00:59 -07:00
Michael Wilkerson baa1fd3cd6
changes to support new PQ enterprise fields (#16793) 2023-03-27 15:40:49 -07:00
Semir Patel bd4a01f38f
Resource service List(..) endpoint (#16753) 2023-03-27 16:25:27 -05:00
Dhia Ayachi 6da620159e
add ip rate limiter controller OSS parts (#16790) 2023-03-27 17:00:25 -04:00
Kyle Havlovitz 045f39ddd9
Allocate virtual ip for resolver/router/splitter config entries (#16760) 2023-03-27 13:04:24 -07:00
Semir Patel 0b441e07cc
WatchList(..) endpoint for the resource service (#16726) 2023-03-27 14:37:54 -05:00
John Maguire 72750ec311
Expand route flattening test for multiple namespaces (#16745)
* Exand route flattening test for multiple namespaces

* Add helper for checking http route config entry exists without checking for bound
status

* Fix port and hostname check for http route flattening test
2023-03-27 19:17:12 +00:00
John Maguire 74dfee9359
Fix struct tags for TCPService enterprise meta (#16781)
* Fix struct tags for TCPService enterprise meta

* Add changelog
2023-03-27 16:17:04 +00:00
Tu Nguyen 5cf24b4698
Fix Edu Jira automation (#16778) 2023-03-27 17:40:08 +02:00
Semir Patel 9f607d4970
Read(...) endpoint for the resource service (#16655) 2023-03-27 10:35:39 -05:00
John Maguire 6ee6cf27b9
Fix bug in changelog checker where bash variable is not quoted (#16681) 2023-03-27 15:04:14 +00:00
Dan Upton 71f67d7979
Add storage backend interface and in-memory implementation (#16538)
Introduces `storage.Backend`, which will serve as the interface between the
Resource Service and the underlying storage system (Raft today, but in the
future, who knows!).

The primary design goal of this interface is to keep its surface area small,
and push as much functionality as possible into the layers above, so that new
implementations can be added with little effort, and easily proven to be
correct. To that end, we also provide a suite of "conformance" tests that can
be run against a backend implementation to check it behaves correctly.

In this commit, we introduce an initial in-memory storage backend, which is
suitable for tests and when running Consul in development mode. This backend is
a thin wrapper around the `Store` type, which implements a resource database
using go-memdb and our internal pub/sub system. `Store` will also be used to
handle reads in our Raft backend, and in the future, used as a local cache for
external storage systems.
2023-03-27 10:30:53 +01:00
trujillo-adam ed502252c7
Docs/intentions refactor docs day 2022 (#16758)
* converted intentions conf entry to ref CT format

* set up intentions nav

* add page for intentions usage

* final intentions usage page

* final intentions overview page

* fixed old relative links

* updated diagram for overview

* updated links to intentions content

* fixed typo in updated links

* rename intentions overview page file to index

* rollback link updates to intentions overview

* fixed nav

* Updated custom HTML in API and CLI pages to MD

* applied suggestions from review to index page

* moved conf examples from usage to conf ref

* missed custom HTML section

* applied additional feedback

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* updated headings in usage page

* renamed files and udpated nav

* updated links to new file names

* added redirects and final tweaks

* typo

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-03-24 15:16:06 -07:00
Derek Menteer 5be6469506
Change partition for peers in discovery chain targets (#16769)
This commit swaps the partition field to the local partition for
discovery chains targeting peers. Prior to this change, peer upstreams
would always use a value of default regardless of which partition they
exist in. This caused several issues in xds / proxycfg because of id
mismatches.

Some prior fixes were made to deal with one-off id mismatches that this
PR also cleans up, since they are no longer needed.
2023-03-24 15:40:19 -05:00
Eddie Rowe 77ff9265a6
Fix broken links in Consul docs (#16640)
* Fix broken links in Consul docs

* more broken link fixes

* more 404 fixes

* 404 fixes

* broken link fix

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-03-24 19:35:34 +00:00
malizz 83968aed9e
add failover policy to ProxyConfigEntry in api (#16759)
* add failover policy to ProxyConfigEntry in api

* update docs
2023-03-24 12:03:00 -07:00
brian shore dff21eeda4
RELENG-471: Remove obsolete load-test workflow (#16737)
* Remove obsolete load-test workflow

* remove load-tests from circleci config.

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-03-24 11:27:10 -06:00
John Eikenberry 56b93388bc
tests instantiating clients w/o shutting down (#16755)
noticed via their port still in use messages.
2023-03-24 16:54:11 +00:00
Nathan Coleman ee3adde5b7
Remove version bump from CRT workflow (#16728)
This bumps the version to reflect the next patch release; however, we use a specific branch for each patch release and so never wind up cutting a release directly from the `release/1.15.x` (for example) where this is intended to work.
2023-03-23 11:21:27 -05:00
Poonam Jadhav 82a81dc486
fix: remove unused tenancy category from rate limit spec (#16740) 2023-03-23 12:14:59 -04:00
Tu Nguyen 6dfe4edf41
Use GH issues type for edu board (#16750) 2023-03-23 09:00:38 -07:00
Luke Kysow ea91629a83
Changelog for audit logging fix. (#16700)
* Changelog for audit logging fix.
2023-03-22 13:06:53 -07:00