Commit Graph

19777 Commits

Author SHA1 Message Date
Nathan Coleman 00cc3940b8
Merge pull request #13333 from hashicorp/docs/capig-instances-config
docs: Consul API Gateway scaling config
2022-06-13 11:45:03 -04:00
Mark Anderson 6cb05666e6
Merge pull request #13357 from hashicorp/ma/add-build-date-oss
Add build date (oss)
2022-06-13 08:43:20 -07:00
Mark Anderson a7a21abe47 Fix infinite recursion in bash_env
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-10 20:24:15 -07:00
Chris S. Kim 4cb251497f
Update RBAC to handle imported services (#13404)
When converting from Consul intentions to xds RBAC rules, services imported from other peers must encode additional data like partition (from the remote cluster) and trust domain.

This PR updates the PeeringTrustBundle to hold the sending side's local partition as ExportedPartition. It also updates RBAC code to encode SpiffeIDs of imported services with the ExportedPartition and TrustDomain.
2022-06-10 17:15:22 -04:00
R.B. Boyer 4626b65124
xds: allow for peered upstreams to use tagged addresses that are hostnames (#13422)
Mesh gateways can use hostnames in their tagged addresses (#7999). This is useful
if you were to expose a mesh gateway using a cloud networking load balancer appliance
that gives you a DNS name but no reliable static IPs.

Envoy cannot accept hostnames via EDS and those must be configured using CDS.
There was already logic when configuring gateways in other locations in the code, but
given the illusions in play for peering the downstream of a peered service wasn't aware
that it should be doing that.

Also:
- ensuring that we always try to use wan-like addresses to cross peer boundaries.
2022-06-10 16:11:40 -05:00
Kyle Havlovitz f3d34ee4e6
Merge pull request #13421 from hashicorp/dns-node-query-partitions
OSS: Add dns node lookup support in partitions
2022-06-10 12:22:34 -07:00
Kyle Havlovitz b008741b8e Add changelog note 2022-06-10 12:05:05 -07:00
Kyle Havlovitz cfc90ea2d5 Add dns node lookup support in partitions 2022-06-10 11:23:51 -07:00
Mark Anderson dcf96d9563
Merge pull request #13316 from hashicorp/ma/vault-docs-report-backport
Update website/content/docs/connect/ca/vault.mdx
2022-06-10 09:59:15 -07:00
R.B. Boyer 33b497e7c9
peering: rename initiate to establish in the context of the APIs (#13419) 2022-06-10 11:10:46 -05:00
Mark Anderson 900bdb8427 Minor cleanup for build-date script
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:07:41 -07:00
Mark Anderson 8fc25aefcf Change default dates
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:07:41 -07:00
Mark Anderson 32a824c1b9 Add changelog
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Mark Anderson 41446f449a Fixup some more tests
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Mark Anderson ab1f0be711 Fix issue with consul version tests
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Mark Anderson cb1b08141f Set default for build date
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Mark Anderson 961e069556 Fix build-date to use UTC
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Mark Anderson 18d3cee29e Add build date to self endpoint
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Mark Anderson ac1f17326c Build date in config file
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Mark Anderson edc52cd6c9 Fixup agent startup
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Mark Anderson 84d669702c Cleanup and extend basic build date
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Mark Anderson 846298ddf7 Fixup build scripts
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
Mark Anderson de2c37c17b Add BuildDate to version structure
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-06-09 17:04:05 -07:00
DanStough 217c231888 chore(ci): fix false positive metrics check 2022-06-09 17:49:16 -04:00
John Cowen a0a17aab2d
ui: Disable licensing tab if the UI is running via HCP (#12771)
Co-authored-by: Evan Rowe <ev.rowe@gmail.com>
2022-06-09 18:15:52 +01:00
R.B. Boyer d81d8468db
peering: mesh gateways are required for cross-peer service mesh communication (#13410)
Require use of mesh gateways in order for service mesh data plane
traffic to flow between peers.

This also adds plumbing for envoy integration tests involving peers, and
one starter peering test.
2022-06-09 11:05:18 -05:00
Alessandro De Blasis a0708045b4 lint: conversion 2022-06-09 16:17:20 +01:00
Alessandro De Blasis 72ed2c176b tests: removed redundant probe test 2022-06-09 15:49:45 +01:00
Alessandro De Blasis b53bb6f70e tests: added syscall mocking and tests for Check_OSService 2022-06-09 15:48:34 +01:00
Jared Kirschner 40402339e8
docs: correct Vault CA multiple namespace support 2022-06-08 17:50:56 -04:00
Derek Menteer 74da476b45 Change CTS docs to use the `start` subcommand. 2022-06-08 15:54:18 -05:00
kisunji 1eff652620 Add missing index for read 2022-06-08 13:53:31 -04:00
kisunji 86bf8b8fb6 Add IntentionMatch tests for source peers 2022-06-08 13:53:31 -04:00
kisunji 7d9f413949 Update ServiceIntentionSourceIndex to handle peer 2022-06-08 13:53:31 -04:00
Chris S. Kim 3e71754e7a
Add SourcePeer fields to relevant Intentions types (#13390) 2022-06-08 13:24:10 -04:00
R.B. Boyer c1f20d17ee
peering: allow protobuf requests to populate the default partition or namespace (#13398) 2022-06-08 11:55:18 -05:00
Michael Klein f58fca2048
ui: upgrade ember composable helper (#13394)
Upgrade ember-composable-helpers to version 5.x. This version contains the pick-helper which makes composition in the template layer easier with Octane.

{{!-- this is usually hard to do with Octane --}}
<input {{on "input" (pick "target.value" this.updateText)}} .../>
Version 5.x also fixes a regression with sort-by that according to @johncowen was the reason why the version was pinned to 4.0.0 at the moment.

Version 5 of ember-composable-helpers removes the contains-helper in favor of includes which I changed all occurences for.
2022-06-08 16:07:51 +01:00
Dhia Ayachi 80556c9ffc
Fix intentions wildcard dest (#13397)
* when enterprise meta are wildcard assume it's a service intention

* fix partition and namespace

* move kind outside the loops

* get the kind check outside the loop and add a comment

Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
2022-06-08 10:38:55 -04:00
Daniel Kimsey 744265f028 Update go-grpc/grpc to resolve conection memory leak
Reported in #12288

The initial test reported was ported and accurately reproduced the issue.
However, since it is a test of an upstream library's internal behavior it won't
be codified in our test suite. Refer to the ticket/PR for details on how to
demonstrate the behavior.
2022-06-08 11:29:29 +01:00
R.B. Boyer bf647bc9d2
peering: avoid a race between peering establishment and termination (#13389) 2022-06-07 16:29:09 -05:00
Mike Morris 24ca62ef1c
Update website/content/docs/api-gateway/consul-api-gateway-install.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-06-07 16:24:35 -04:00
Mike Morris 00cdae18d5
Update website/content/docs/api-gateway/consul-api-gateway-install.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-06-07 16:17:45 -04:00
Dhia Ayachi 3deaf767f2
Egress gtw/intention rpc endpoint (#13354)
* update gateway-services table with endpoints

* fix failing test

* remove unneeded config in test

* rename "endpoint" to "destination"

* more endpoint renaming to destination in tests

* update isDestination based on service-defaults config entry creation

* use a 3 state kind to be able to set the kind to unknown (when neither a service or a destination exist)

* set unknown state to empty to avoid modifying alot of tests

* fix logic to set the kind correctly on CRUD

* fix failing tests

* add missing tests and fix service delete

* fix failing test

* Apply suggestions from code review

Co-authored-by: Dan Stough <dan.stough@hashicorp.com>

* fix a bug with kind and add relevant test

* fix compile error

* fix failing tests

* add kind to clone

* fix failing tests

* fix failing tests in catalog endpoint

* fix service dump test

* Apply suggestions from code review

Co-authored-by: Dan Stough <dan.stough@hashicorp.com>

* remove duplicate tests

* first draft of destinations intention in connect proxy

* remove ServiceDestinationList

* fix failing tests

* fix agent/consul failing tests

* change to filter intentions in the state store instead of adding a field.

* fix failing tests

* fix comment

* fix comments

* store service kind destination and add relevant tests

* changes based on review

* filter on destinations when querying source match

* change state store API to get an IntentionTarget parameter

* add intentions tests

* add destination upstream endpoint

* fix failing test

* fix failing test and a bug with wildcard intentions

* fix failing test

* Apply suggestions from code review

Co-authored-by: alex <8968914+acpana@users.noreply.github.com>

* add missing test and clarify doc

* fix style

* gofmt intention.go

* fix merge introduced issue

Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
Co-authored-by: alex <8968914+acpana@users.noreply.github.com>
Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
2022-06-07 15:55:02 -04:00
Dhia Ayachi 7602b6ebf2
Egress gtw/connect destination intentions (#13341)
* update gateway-services table with endpoints

* fix failing test

* remove unneeded config in test

* rename "endpoint" to "destination"

* more endpoint renaming to destination in tests

* update isDestination based on service-defaults config entry creation

* use a 3 state kind to be able to set the kind to unknown (when neither a service or a destination exist)

* set unknown state to empty to avoid modifying alot of tests

* fix logic to set the kind correctly on CRUD

* fix failing tests

* add missing tests and fix service delete

* fix failing test

* Apply suggestions from code review

Co-authored-by: Dan Stough <dan.stough@hashicorp.com>

* fix a bug with kind and add relevant test

* fix compile error

* fix failing tests

* add kind to clone

* fix failing tests

* fix failing tests in catalog endpoint

* fix service dump test

* Apply suggestions from code review

Co-authored-by: Dan Stough <dan.stough@hashicorp.com>

* remove duplicate tests

* first draft of destinations intention in connect proxy

* remove ServiceDestinationList

* fix failing tests

* fix agent/consul failing tests

* change to filter intentions in the state store instead of adding a field.

* fix failing tests

* fix comment

* fix comments

* store service kind destination and add relevant tests

* changes based on review

* filter on destinations when querying source match

* Apply suggestions from code review

Co-authored-by: alex <8968914+acpana@users.noreply.github.com>

* fix style

* Apply suggestions from code review

Co-authored-by: Dan Stough <dan.stough@hashicorp.com>

* rename destinationType to targetType.

Co-authored-by: Dan Stough <dan.stough@hashicorp.com>
Co-authored-by: alex <8968914+acpana@users.noreply.github.com>
Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
2022-06-07 15:03:59 -04:00
Alessandro De Blasis 4592351260 chore: changelog 2022-06-07 18:48:39 +01:00
Alessandro De Blasis e38abe68af feat: windows service health checks 2022-06-07 18:27:14 +01:00
Alessandro De Blasis 716324df7d docs: added os_service 2022-06-07 18:25:24 +01:00
Evan Culver dcb511e78a
ci: Add package verifications to build workflow (#13294)
Co-authored-by: cskh <hui.kang@hashicorp.com>
2022-06-06 14:42:11 -07:00
R.B. Boyer 28ec70953b
test: retry the compat tests as often as other tests (#13369)
The upgrade compatibility tests need frequent retrying to pass because they are slightly flaky. To alleviate manual work borrow similar gotestsum logic from the main go tests CI job to rerun them automatically here.
2022-06-06 16:06:55 -05:00
R.B. Boyer db48b4f5a2
test: break dep on main consul module (#13373)
The main consul module is not a great library and complicates some oss/ent module issues.

This undoes #13371
2022-06-06 16:06:39 -05:00