Commit Graph

299 Commits

Author SHA1 Message Date
Kyle Havlovitz 107d7f6c5a
Add rpc_listener option to segment config 2017-08-30 11:58:29 -07:00
James Phillips 6a6eadd8c7
Adds open source side of network segments (feature is Enterprise-only). 2017-08-30 11:58:29 -07:00
Illirgway 46915108e7 Fix bug with unused (replaced with "") CONSUL_HTTP_AUTH in some places
example: https://github.com/hashicorp/consul/blob/master/watch/plan.go#L26

	conf := consulapi.DefaultConfig()
	conf.Address = address
	conf.Datacenter = p.Datacenter
	conf.Token = p.Token                             # <-- replace Token from DefaultConfig/CONSUL_HTTP_AUTH with ""
	client, err := consulapi.NewClient(conf)

how to reproduce bug:
0. consul -> localhost:8500 with more than 0 service checks
1. deny all for anonymous token
2. create appropriate acl <token> for watch checks (agent:read + node:read,service:read)
3. bash:
CONSUL_HTTP_AUTH=<token> consul watch -http-addr=localhost:8500 -type=checks # --> return []
consul watch -http-addr=localhost:8500 -type=checks -token=<token> # -> return { .... right json result .... }
2017-08-16 01:51:18 +03:00
James Phillips a2bb506cea
Adds a guard to make sure that empty log lines don't close consul monitor.
Fixes #3253.
2017-08-08 16:05:29 -07:00
Kyle Havlovitz 879651a4ea
Update api structs for metrics endpoint 2017-08-08 12:33:59 -07:00
Kyle Havlovitz 975ded2714
Add support for labels/filters from go-metrics 2017-08-08 01:45:10 -07:00
James Phillips 803ed9a245 Adds secure introduction for the ACL replication token. (#3357)
Adds secure introduction for the ACL replication token, as well as a separate enable config for ACL replication.
2017-08-03 15:39:31 -07:00
James Phillips c31b56a03e Adds a new /v1/acl/bootstrap API (#3349) 2017-08-02 17:05:18 -07:00
James Phillips 6e794ea1b3 Adds support for agent-side ACL token management via API instead of config files. (#3324)
* Adds token store and removes all runtime use of config for ACL tokens.
* Adds a new API for changing agent tokens on the fly.
2017-07-26 11:03:43 -07:00
Kyle Havlovitz 1ffd2ec05b
Add UpgradeVersionTag to autopilot config 2017-07-18 13:35:41 -07:00
James Phillips 788dd255a1 Adds new config to make script checks opt-in, updates documentation. (#3284) 2017-07-17 11:20:35 -07:00
James Phillips f5188dfe8c Expands and rework context support in the API client. (#3273) 2017-07-14 17:30:08 -07:00
James Bardin 96ae8c1231 accept recv-only channels for cancellations (#3271)
Cancellation channels are often derived from a Context, which
returns a directional `<-chan struct{}` from Done(). In order to use
this with parts of of the consul API, one is required to create a new
channel and dispatch a separate goroutine to watch for context
cancellation and close the new channel.

Changing the signature for the methods that take cancellation channels
will allow easier integration with existing uses of Context. Since the
cancellation pattern only reads from these channels, there should be no
backwards incompatibility with existing codebases, and most of the
methods already accept only the correct type.
2017-07-14 16:31:44 -07:00
Frank Schroeder 88efbb0cc1 api: fix TestAPI_CatalogNodes test 2017-07-07 09:22:34 +02:00
Frank Schroeder 9a99069aad agent: fix failing test from localState decoupling
Would be nice to know what changed though.
2017-07-07 09:22:34 +02:00
Frank Schroeder 6a1ab1a2e0 api: refactor: unify naming of API tests 2017-07-07 09:22:34 +02:00
Frank Schroeder 97b7578ccd api: refactor: prefix all API tests with API_ 2017-07-07 09:22:34 +02:00
Preetha Appan 82bf05c888 Fix socket file handle leaks from old blocking queries upon consul reload. This fixes issue #3018 2017-06-26 15:52:03 -05:00
Frank Schröder e206ab5cb6 agent: support custom header and method for http checks (#3106)
This patch adds support for custom headers and
method for HTTP checks.

Fixes #2474
Fixes #2657
Fixes #3106
2017-06-07 01:11:56 +02:00
James Phillips 6239c4aa50 Merge pull request #3077 from jwasinger/issue-2850
Prevent Session.Destroy from leaving open TCP connections
2017-06-02 21:43:55 -07:00
Jared Wasinger 7d006ba4ed Prevent Session.Destroy from leaving open TCP connections 2017-05-25 20:51:27 -07:00
Kyle Havlovitz 6092d2c2cc
Don't overwrite Transport's TLS config if it's been set 2017-05-24 13:45:19 -07:00
Kyle Havlovitz 32068f7025 Remove superfluous default HttpClient check in NewClient 2017-05-24 11:40:21 -07:00
Frank Schroeder 995c8d7086 test: make test less flaky 2017-05-12 22:12:47 +02:00
Frank Schroeder eedf0f3ac5 test: add helper for ioutil.TempDir/TempFile
This creates a simplified helper for temporary directories and files.
All path names are prefixed with the name of the current test.
All files and directories are stored either in /tmp/consul-test
or /tmp if the former could not be created.

Using the system temp dir breaks some tests on macOS where the unix
socket path becomes too long.
2017-05-12 22:12:47 +02:00
Frank Schroeder 15590a8446 test: include test name in temp file/dir
This helps identifying hanging tests by looking
at the process list.
2017-05-12 22:12:47 +02:00
James Phillips bccf493262
Fixes vet errors. 2017-05-09 06:48:52 -07:00
James Phillips 7007c89870
retry: Removes the description parameter. 2017-05-05 17:07:03 +02:00
Frank Schroeder 9435cadeee
test: Refactor WaitForResult tests with retry
Refactor tests that use testutil.WaitForResult to use retry.

Since this requires refactoring the test functions in general this patch
also shows the use of the github.com/pascaldekloe/goe/verify library
which provides a good mechanism for comparing nested data structures.
Instead of just converting the tests from testutil.WaitForResult to
retry the tests that performing a nested comparison of data structures
are converted to the verify library at the same time.
2017-05-05 17:07:02 +02:00
Kyle Havlovitz b5ed2ba536 Add separate option for verifying incoming HTTPS traffic (#2974)
* Add separate option for verifying incoming HTTPS traffic
2017-04-28 16:15:55 -07:00
Frank Schroeder 2bf668b658 api: Add ServiceTags to Health state endpoint (#153)
This patch adds the ServiceTags to the /v1/health/state/<state>
endpoint.

Fixes #153
2017-04-28 15:00:08 -07:00
James Phillips dfef029641 Merge pull request #2947 from bogdanov1609/added_ACLReplication
API: Add ACLReplication
2017-04-25 16:50:52 -07:00
James Phillips 742362fad1 Tweaks ACL replication struct name. 2017-04-25 16:32:09 -07:00
James Phillips a59f503c13 Tweaks ACL replication status struct name. 2017-04-25 16:31:20 -07:00
Frank Schroeder 9de4555c0c golint: Untangle if blocks with return in else 2017-04-25 09:26:13 -07:00
Ivan Bogdanov 822cf7ec20 API: Add ACLReplication 2017-04-25 00:39:50 +03:00
Frank Schröder 5f0a967507 Issue #2905: Add check-not-exists to TXN endpoint
This patch adds support for asserting that a given
key does not exist in the KV store.

Fixes #2905
2017-04-20 17:50:52 -07:00
Kyle Havlovitz bd9b0b34b2 Make the API client's httpClient more pluggable (#2926) 2017-04-18 16:39:23 -07:00
Frank Schröder 892fa89399 Add datacenter to catalog node API (#2917)
This patch stores the datacenter of a node in memdb
and exposes it via the API in all places where a Node
structure is returned.

 * /catalog/nodes
 * /catalog/node/:node
 * /catalog/service/:service
 * /health/service/:service
 * /query/:uuid/execute
2017-04-18 05:02:24 -07:00
Kyle Havlovitz cdd8b5b880
Add tls client options to api/cli 2017-04-14 13:37:29 -07:00
Brian Shumate 9d87883c85
API: Add struct fields, fixes #2882
- Add CreateIndex and ModifyIndex to AgentService
- Add CreateIndex and ModifyIndex to Node
2017-04-13 11:36:19 -04:00
James Phillips 76fdd5f392
Moves operator sub-functions into their own files. 2017-03-30 12:35:50 -07:00
Kyle Havlovitz a2058d23ef
Add CLI/API endpoints for removing peer by ID 2017-03-30 10:13:32 -07:00
Seth Vargo 2efa3bdff8
Use new APIs 2017-03-23 18:48:13 -04:00
Kyle Havlovitz 37ea20cb44
Add advanced autopilot features 2017-03-22 15:25:16 -07:00
James Phillips 77fa58bd23
Tweaks the agent leave test to patch an occasional local failure. 2017-03-22 09:56:53 -07:00
James Phillips ab1b643630
Adds missing area API. 2017-03-21 23:11:15 -07:00
James Phillips d68bd9cca0
Cleans up based on review feedback. 2017-03-20 16:23:40 -07:00
James Phillips 74dddf6695
Tweaks the join response to be more useful. 2017-03-16 21:01:03 -07:00
James Phillips 2d659a2c4d
Adds public API for the network area endpoints. 2017-03-16 16:42:19 -07:00
James Phillips 82b6fbd844
Adds router into RPC paths with work in progress on coordinates. 2017-03-16 16:42:18 -07:00
Kyle Havlovitz bc0494e396
Reorganized cluster health check loop and logic 2017-03-15 18:27:17 -07:00
Kyle Havlovitz c40279e012
Fix an issue with changing server IDs and add a few UX enhancements around autopilot features 2017-03-15 16:09:55 -07:00
Kyle Havlovitz 8130f9b1c1
Cleaned up and reorganized some autopilot-related code 2017-03-09 18:21:40 -08:00
Kyle Havlovitz 8bcab6c6d7
Add autopilot server health tracking
This adds two goroutines to perform autopilot tasks on the leader - one
to monitor the health of servers and another to periodically clean up
dead servers with a limit on removal count. Also adds a new http endpoint,
`/v1/operator/autopilot/health`, for querying this information through an
operator RPC endpoint.
2017-03-06 16:00:10 -08:00
Kyle Havlovitz 23c492a74e
Rename DeadServerCleanup and make wording adjustments 2017-02-28 14:45:21 -08:00
Kyle Havlovitz 6168911200
Added operator autopilot subcommands 2017-02-24 15:54:49 -08:00
Kyle Havlovitz c9ddee1a79
Add CAS capability to autopilot config endpoint 2017-02-24 13:08:49 -08:00
Kyle Havlovitz 7d514a7ef6
Add docs and api client methods for autopilot config 2017-02-23 21:00:15 -08:00
Jeff Mitchell 726590367f Update unix dial functions to use DialContext with new go-cleanhttp 2017-02-10 21:11:21 -05:00
Kyle Havlovitz 35d99a81ac
Update docs and give better error for unknown client scheme 2017-02-10 19:55:54 -05:00
Kyle Havlovitz 91e960832f
Allow prefixing -http-addr with http/https schemes 2017-02-10 18:25:46 -05:00
Kyle Havlovitz a64c5e69a3
Cleanup and formatting adjustments 2017-02-09 20:49:17 -05:00
Kyle Havlovitz d3b24d2d12
Convert keyring command to use base.Command 2017-02-08 18:25:47 -05:00
James Phillips aef0a68201
Lets the leave unit test proceed even after an EOF. 2017-01-26 22:22:18 -08:00
Kyle Havlovitz cc271aa436
Merge branch 'master' into f-prepared-query-nodemeta 2017-01-23 20:17:48 -05:00
Kyle Havlovitz 3cd054e81f
Add tests for node meta in prepared queries and update docs 2017-01-23 19:17:30 -05:00
James Phillips 55cd1d975c
Adds catalog support for node IDs. 2017-01-18 14:26:42 -08:00
James Phillips 96bff003b7
Adds basic support for node IDs. 2017-01-17 22:47:59 -08:00
Kyle Havlovitz e37f25dc02
Add node metadata filtering to remaining health/catalog endpoints 2017-01-13 20:08:43 -05:00
Kyle Havlovitz 2d03978139
Fix formatting 2017-01-11 20:44:22 -05:00
Kyle Havlovitz 15f008b3e3
Update client api and docs for node metadata 2017-01-11 19:28:58 -05:00
James Phillips 99a5ae2737
Bans anonymous queries that aren't tied to a session.
This gets us coverage of PQ creation under the existing service
policy or the soon-to-be-added session policy.
2016-12-12 14:52:27 -08:00
James Phillips 08c648f976 Merge pull request #2531 from alicebob/txntypes
fix KVOp types
2016-12-01 07:41:10 -08:00
Kyle Havlovitz dd05afb32e Add reload/leave http endpoints (#2516) 2016-11-30 13:29:42 -05:00
Seth Vargo 9f652c2690
Return the correct type 2016-11-29 21:17:00 -05:00
Seth Vargo 90f80056dd Merge pull request #2544 from hashicorp/sethvargo/best_status
Add an API method for determining the best status
2016-11-29 19:07:52 -05:00
James Phillips d97eb758c6 Merge pull request #2530 from coffeehc/master
adapt to server's checker field TLSSkipVerify type
2016-11-29 16:00:21 -08:00
Seth Vargo 2542c92b59
Do not log 2016-11-29 18:55:34 -05:00
Seth Vargo 1c55429a38
Add an API method for determining the best status
Given a list of HealthChecks, this determines the "best" status for the
collective group. This is useful for nodes and services, which may have
multiple checks associated with them.
2016-11-29 18:41:46 -05:00
Kyle Havlovitz 475408633a Add QueryOptions to api package's monitor 2016-11-28 18:36:26 -05:00
Kyle Havlovitz d91854f3b0 Add monitor http endpoint 2016-11-28 18:36:26 -05:00
Harmen f31f5f5962 fix KVOp types 2016-11-24 20:43:41 +01:00
James Phillips 7dc41b1c1f
Runs `go fmt`. 2016-11-22 17:49:48 -08:00
Kyle Havlovitz 66dea6951a Fix keyring doc method wording 2016-11-22 20:10:43 -05:00
Kyle Havlovitz 79f339b5dc Combine keyring endpoints into one 2016-11-22 20:10:43 -05:00
Kyle Havlovitz 2d37a07476 Add keyring http endpoints 2016-11-22 20:10:43 -05:00
coffee 1187daa15b adapt to server's checker field TLSSkipVerify type 2016-11-21 18:02:38 +08:00
James Phillips 5a643c6e3f Merge pull request #2366 from aksentyev/master
api client: CatalogService added fields CreateIndex, ModifyIndex
2016-11-17 16:38:39 -08:00
James Phillips b17907f06a Moves index fields to the bottom of the structure. 2016-11-17 16:38:30 -08:00
James Phillips fde94fb537
Adds notes field to API.
Closes #2336.
2016-11-17 16:33:50 -08:00
James Phillips b672fea37b Merge pull request #2238 from hasyimibhar/master
Remove duplicated environment variables
2016-11-17 16:18:02 -08:00
Kyle Havlovitz 07eeef6f1f Trim leading slash on key to avoid redirect (golang/go#4800) (#2476) 2016-11-04 21:55:10 -07:00
Kyle McCullough 697ea0f8eb Add setting to skip ssl certificate verification for HTTP checks (#1984)
* http check: add setting to skip ssl certificate verification

* update http check documentation

* fix typo in documentation

* Add TLSSkipVerify to agent api
2016-11-03 13:17:30 -07:00
Mike Cowgill ace3b46432 Delete prepared query using WriteOptions (#2417) 2016-11-03 15:54:07 -04:00
Kyle Havlovitz d5ee327fea More flaky unit test fixes (#2449)
* More flaky unit test fixes
* Raise some test timeouts that were too low
2016-10-31 09:59:20 -07:00
James Phillips bc29610124 Adds support for snapshots and restores. (#2396)
* Updates Raft library to get new snapshot/restore API.

* Basic backup and restore working, but need some cleanup.

* Breaks out a snapshot module and adds a SHA256 integrity check.

* Adds snapshot ACL and fills in some missing comments.

* Require a consistent read for snapshots.

* Make sure snapshot works if ACLs aren't enabled.

* Adds a bit of package documentation.

* Returns an empty response from restore to avoid EOF errors.

* Adds API client support for snapshots.

* Makes internal file names match on-disk file snapshots.

* Adds DC and token coverage for snapshot API test.

* Adds missing documentation.

* Adds a unit test for the snapshot client endpoint.

* Moves the connection pool out of the client for easier testing.

* Fixes an incidental issue in the prepared query unit test.

I realized I had two servers in bootstrap mode so this wasn't a good setup.

* Adds a half close to the TCP stream and fixes panic on error.

* Adds client and endpoint tests for snapshots.

* Moves the pool back into the snapshot RPC client.

* Adds a TLS test and fixes half-closes for TLS connections.

* Tweaks some comments.

* Adds a low-level snapshot test.

This is independent of Consul so we can pull this out into a library
later if we want to.

* Cleans up snapshot and archive and completes archive tests.

* Sends a clear error for snapshot operations in dev mode.

Snapshots require the Raft snapshots to be readable, which isn't supported
in dev mode. Send a clear error instead of a deep-down Raft one.

* Adds docs for the snapshot endpoint.

* Adds a stale mode and index feedback for snapshot saves.

This gives folks a way to extract data even if the cluster has no
leader.

* Changes the internal format of a snapshot from zip to tgz.

* Pulls in Raft fix to cancel inflight before a restore.

* Pulls in new Raft restore interface.

* Adds metadata to snapshot saves and a verify function.

* Adds basic save and restore snapshot CLI commands.

* Gets rid of tarball extensions and adds restore message.

* Fixes an incidental bad link in the KV docs.

* Adds documentation for the snapshot CLI commands.

* Scuttle any request body when a snapshot is saved.

* Fixes archive unit test error message check.

* Allows for nil output writers in snapshot RPC handlers.

* Renames hash list Decode to DecodeAndVerify.

* Closes the client connection for snapshot ops.

* Lowers timeout for restore ops.

* Updates Raft vendor to get new Restore signature and integrates with Consul.

* Bounces the leader's internal state when we do a restore.
2016-10-25 19:20:24 -07:00
Kyle Havlovitz 114ee0755a Fix race condition in TestClient_WatchList and TestClient_WatchGet 2016-10-25 17:48:11 -07:00
James Phillips 14c90e9aa6 Merge pull request #2382 from zaunerc/master
Add info about return values for function Get().
2016-10-20 09:40:58 -07:00
James Phillips 0f35f08b6a Adds comment about SessionOpts. 2016-10-05 17:53:27 -07:00