Commit Graph

19846 Commits

Author SHA1 Message Date
Nathan Coleman ad5a4201d5
Update list of Envoy versions (#16889)
* Update list of Envoy versions

* Update docs + CI + tests

* Add changelog entry

* Add newly-released Envoy versions 1.23.8 and 1.24.6

* Add newly-released Envoy version 1.22.11
2023-04-12 17:43:15 -04:00
Semir Patel 53a0755f03
Enforce ACLs on resource `Write` and `Delete` endpoints (#16956) 2023-04-12 16:22:44 -05:00
Dan Bond 1eec647fd3
circleci: remove frontend jobs (#16906)
* circleci: remove fronted jobs

Signed-off-by: Dan Bond <danbond@protonmail.com>

* remove frontend-cache

Signed-off-by: Dan Bond <danbond@protonmail.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-04-12 14:07:18 -07:00
Eric Haberkorn f89938e56b
add sameness to exported services structs in the api package (#16984) 2023-04-12 16:49:28 -04:00
Dhia Ayachi 825663b38a
Memdb Txn Commit race condition fix (#16871)
* Add a test to reproduce the race condition

* Fix race condition by publishing the event after the commit and adding a lock to prevent out of order events.

* split publish to generate the list of events before committing the transaction.

* add changelog

* remove extra func

* Apply suggestions from code review

Co-authored-by: Dan Upton <daniel@floppy.co>

* add comment to explain test

---------

Co-authored-by: Dan Upton <daniel@floppy.co>
2023-04-12 13:18:01 -04:00
Dan Bond 9a2221b07b
ci: split frontend ember jobs (#16973)
Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-04-12 04:48:09 +00:00
Nathan Coleman 8eaf4b17c1
Added backport labels to PR template checklist (#16966) 2023-04-11 19:18:11 +00:00
Poonam Jadhav c8d21de074
feat: add reporting config with reload (#16890) 2023-04-11 15:04:02 -04:00
John Murret c4d27e436e
ci: remove build-distros from CircleCI (#16941) 2023-04-11 18:52:35 +00:00
Luke Kysow f6603008d1
Remove global.name requirement for APs (#16964)
This is not a requirement when using APs because each AP has its own
auth method so it's okay if the names overlap.
2023-04-11 11:41:33 -07:00
Dan Upton d46543631c
resource: `WriteStatus` endpoint (#16886) 2023-04-11 19:23:14 +01:00
Derek Menteer f08fc57997
Update docs for service-defaults overrides. (#16960)
Update docs for service-defaults overrides.

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-04-11 11:40:55 -05:00
Thomas Eckert bf6584ac72
Fix the indentation of the copyAnnotations example (#16873) 2023-04-11 15:34:52 +00:00
Derek Menteer 2a13c9af1f
Remove deprecated service-defaults upstream behavior. (#16957)
Prior to this change, peer services would be targeted by service-default
overrides as long as the new `peer` field was not found in the config entry.
This commit removes that deprecated backwards-compatibility behavior. Now
it is necessary to specify the `peer` field in order for upstream overrides
to apply to a peer upstream.
2023-04-11 10:20:33 -05:00
Semir Patel 8d0d600ea3
Resource validation hook for `Write` endpoint (#16950) 2023-04-11 06:55:32 -05:00
Semir Patel ca19954c08
Check acls on resource `Read`, `List`, and `WatchList` (#16842) 2023-04-11 06:10:14 -05:00
John Murret 78b21d8840
ci: build-artifacts - fix platform missing in manifest error (#16940)
* ci: build-artifacts - fix platform missing in manifest error

* remove platform key
2023-04-10 16:42:42 -06:00
John Murret b67ec0cb61
ci: remove go-tests workflow from CircleCI (#16855)
* remove go-tests workflow from CircleCI

* add yaml anchor back
2023-04-10 14:47:32 -06:00
John Murret 2da115bc63
ci: remove verify-ci from circleci (#16860) 2023-04-10 12:35:07 -06:00
John Maguire 3d11e9b26a
APIGW: Routes with duplicate parents should be invalid (#16926)
* ensure route parents are unique when creating an http route

* Ensure tcp route parents are unique

* Added unit tests
2023-04-10 13:20:32 -04:00
John Murret 91fd8b7917
ci: add GOTAGS to build-distros (#16934) 2023-04-10 11:16:44 -06:00
Andrea Scarpino 61a456682a
docs: fix typo in LocalRequestTimeoutMs (#16917) 2023-04-10 09:56:49 -07:00
cskh 762a69cc42
Test: add noCleanup to TestServer stop (#16919) 2023-04-07 20:47:54 -04:00
Jared Kirschner 0eeb7f8b18
docs: improve upgrade path guidance (#16925) 2023-04-07 20:47:15 +00:00
John Eikenberry ff39dca2b4
highlight the agent.tls cert metric with CA ones
Include server agent certificate with list of cert metrics that need monitoring.
2023-04-07 20:41:14 +00:00
John Eikenberry 30d3a087dc
log warning about certificate expiring sooner and with more details
The old setting of 24 hours was not enough time to deal with an expiring certificates. This change ups it to 28 days OR 40% of the full cert duration, whichever is shorter. It also adds details to the log message to indicate which certificate it is logging about and a suggested action.
2023-04-07 20:38:07 +00:00
John Murret 7933543096
increase ENT runner size for xl to match OSS. have guild-distros use xl to match CircleCI (#16920) 2023-04-07 11:10:47 -06:00
John Murret dacc1dcbf9
ci: Add success jobs. make go-test-enterprise conditional. build-distros and go-tests trigger on push to main and release branches (#16905)
* Add go-tests-success job and make go-test-enterprise conditional

* fixing lint-32bit reference

* fixing reference to -go-test-troubleshoot

* add all jobs that fan out.

* fixing success job to need set up

* add echo to success job

* adding success jobs to build-artifacts, build-distros, and frontend.

* changing the name of the job in verify ci to be consistent with other workflows

* enable go-tests, build-distros, and verify-ci to run on merge to main and release branches because they currently do not with just the pull_request trigger
2023-04-06 16:29:32 -06:00
Eddie Rowe 7b1a90cdbe
Fix API GW broken link (#16885)
* Fix API GW broken link

* Update website/content/docs/api-gateway/upgrades.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-04-06 22:29:09 +00:00
Chris Thain f9126b6c3a
Wasm Envoy HTTP extension (#16877) 2023-04-06 14:12:07 -07:00
Semir Patel 2b0a5b52c2
Resource `Delete` endpoint (#16756) 2023-04-06 08:58:54 -05:00
Dan Upton 4e8ab7a390
Resource `Write` endpoint (#16786) 2023-04-06 10:40:04 +01:00
John Murret 4ee57c252a
temporarily disable macos-arm64 tests job in go-tests (#16898) 2023-04-05 17:10:31 -06:00
John Murret bfadfa52db
always test oss and conditionally test enterprise (#16827) 2023-04-05 16:49:48 -06:00
Dan Bond e61d49d87d
ci: fixes missing deps in frontend gha workflows (#16872)
Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-04-05 15:42:36 -07:00
Eddie Rowe a6bb103531
Omit false positives from 404 checker (#16881)
* Remove false positives from 404 checker

* fix remaining 404s
2023-04-05 17:58:29 +00:00
John Murret 008e1efddf
ad arm64 testing (#16876) 2023-04-05 09:58:00 -06:00
Dan Upton 52ce151221
Raft storage backend (#16619) 2023-04-04 17:30:06 +01:00
John Murret 33f6c3626b
ci: increase deep-copy and lint-enum jobs to use large runner as they hang in ENT (#16866)
* docs: add envoy to the proxycfg diagram (#16834)

* docs: add envoy to the proxycfg diagram

* increase dee-copy job to use large runner.  disable lint-enums on ENT

* set lint-enums to a large

* remove redunant installation of deep-copy

---------

Co-authored-by: cskh <hui.kang@hashicorp.com>
2023-04-04 09:15:45 -06:00
cskh 97c4424743
docs: add envoy to the proxycfg diagram (#16834)
* docs: add envoy to the proxycfg diagram
2023-04-04 09:42:42 -04:00
Dao Thanh Tung 013822dcac
Fix broken doc in consul-k8s upgrade (#16852)
Signed-off-by: dttung2905 <ttdao.2015@accountancy.smu.edu.sg>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-04-03 21:21:51 +00:00
John Eikenberry 3250e742ab
CA mesh CA expiration to it's own section
This is part of an effort to raise awareness that you need to monitor
your mesh CA if coming from an external source as you'll need to manage
the rotation.
2023-04-03 20:02:08 +00:00
Freddy 04e6e79b09
Allow dialer to re-establish terminated peering (#16776)
Currently, if an acceptor peer deletes a peering the dialer's peering
will eventually get to a "terminated" state. If the two clusters need to
be re-peered the acceptor will re-generate the token but the dialer will
encounter this error on the call to establish:

"failed to get addresses to dial peer: failed to refresh peer server
addresses, will continue to use initial addresses: there is no active
peering for "<<<ID>>>""

This is because in `exchangeSecret().GetDialAddresses()` we will get an
error if fetching addresses for an inactive peering. The peering shows
up as inactive at this point because of the existing terminated state.

Rather than checking whether a peering is active we can instead check
whether it was deleted. This way users do not need to delete terminated
peerings in the dialing cluster before re-establishing them.
2023-04-03 12:07:45 -06:00
Hariram Sankaran bef1aafbf9
Fix typo on cli-flags.mdx (#16843)
Change "segements" to segments
2023-04-03 10:28:18 -07:00
Michael Zalimeni 87eef7a4d0
Update changelog with patch releases (#16856)
* Update changelog with patch releases

* Backport missed 1.0.4 patch release to changelog
2023-04-03 13:05:36 -04:00
Chris S. Kim 8671448b73
Connect CA Primary Provider refactor (#16749)
* Rename Intermediate cert references to LeafSigningCert

Within the Consul CA subsystem, the term "Intermediate"
is confusing because the meaning changes depending on
provider and datacenter (primary vs secondary). For
example, when using the Consul CA the "ActiveIntermediate"
may return the root certificate in a primary datacenter.

At a high level, we are interested in knowing which
CA is responsible for signing leaf certs, regardless of
its position in a certificate chain. This rename makes
the intent clearer.

* Move provider state check earlier

* Remove calls to GenerateLeafSigningCert

GenerateLeafSigningCert (formerly known
as GenerateIntermediate) is vestigial in
non-Vault providers, as it simply returns
the root certificate in primary
datacenters.

By folding Vault's intermediate cert logic
into `GenerateRoot` we can encapsulate
the intermediate cert handling within
`newCARoot`.

* Move GenerateLeafSigningCert out of PrimaryProvidder

Now that the Vault Provider calls
GenerateLeafSigningCert within
GenerateRoot, we can remove the method
from all other providers that never
used it in a meaningful way.

* Add test for IntermediatePEM

* Rename GenerateRoot to GenerateCAChain

"Root" was being overloaded in the Consul CA
context, as different providers and configs
resulted in a single root certificate or
a chain originating from an external trusted
CA. Since the Vault provider also generates
intermediates, it seems more accurate to
call this a CAChain.
2023-04-03 11:40:33 -04:00
malizz f8d6cce902
add region field (#16825)
* add region field

* fix syntax error in test file

* go fmt

* go fmt

* remove test
2023-03-31 12:05:47 -07:00
Dan Bond 0d16aa934b
[NET-3029] Migrate dev-* jobs to GHA (#16792)
* ci: add build-artifacts workflow

Signed-off-by: Dan Bond <danbond@protonmail.com>

* makefile for gha dev-docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* use docker actions instead of make

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Add context

Signed-off-by: Dan Bond <danbond@protonmail.com>

* testing push

Signed-off-by: Dan Bond <danbond@protonmail.com>

* set short sha

Signed-off-by: Dan Bond <danbond@protonmail.com>

* upload to s3

Signed-off-by: Dan Bond <danbond@protonmail.com>

* rm s3 upload

Signed-off-by: Dan Bond <danbond@protonmail.com>

* use runner setup job

Signed-off-by: Dan Bond <danbond@protonmail.com>

* on push

Signed-off-by: Dan Bond <danbond@protonmail.com>

* testing

Signed-off-by: Dan Bond <danbond@protonmail.com>

* on pr

Signed-off-by: Dan Bond <danbond@protonmail.com>

* revert testing

Signed-off-by: Dan Bond <danbond@protonmail.com>

* OSS/ENT logic

Signed-off-by: Dan Bond <danbond@protonmail.com>

* add comments

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Update .github/workflows/build-artifacts.yml

Co-authored-by: John Murret <john.murret@hashicorp.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-03-31 19:02:40 +00:00
Eric Haberkorn beb9f17337
Add default resolvers to disco chains based on the default sameness group (#16837) 2023-03-31 14:35:56 -04:00
Derek Menteer ee59a81dc9
Add sameness-group to exported-services config entries (#16836)
This PR adds the sameness-group field to exported-service
config entries, which allows for services to be exported
to multiple destination partitions / peers easily.
2023-03-31 12:36:44 -05:00