Commit Graph

19777 Commits

Author SHA1 Message Date
Daniel Nephin 0ae7aacd0e ci: share common go-test steps 2022-02-03 17:50:03 -05:00
odidev cf05d8837a Add test jobs for arm64 in CircleCI 2022-02-03 17:50:03 -05:00
Daniel Nephin cc2d1bc2e7 add changelog 2022-02-03 17:39:36 -05:00
Daniel Nephin 6721c1246d ca: relax and move private key type/bit validation for vault
This commit makes two changes to the validation.

Previously we would call this validation in GenerateRoot, which happens
both on initialization (when a follower becomes leader), and when a
configuration is updated. We only want to do this validation during
config update so the logic was moved to the UpdateConfiguration
function.

Previously we would compare the config values against the actual cert.
This caused problems when the cert was created manually in Vault (not
created by Consul).  Now we compare the new config against the previous
config. Using a already created CA cert should never error now.

Adding the key bit and types to the config should only error when
the previous values were not the defaults.
2022-02-03 17:21:20 -05:00
Daniel Nephin 3b78f81f9a ca: small cleanup of TestConnectCAConfig_Vault_TriggerRotation_Fails
Before adding more test cases
2022-02-03 17:21:20 -05:00
Daniel Nephin f6d7a0f7b2 testing: fix test failures caused by new log level
These two tests require debug logging enabled, because they look for log lines.

Also switched to testify assertions because the previous errors were not clear.
2022-02-03 17:07:39 -05:00
Luke Kysow fcf804043c
docs: update for k8s support for igw and header manip (#12264)
Add docs now that k8s supports these new config entry fields
2022-02-03 14:03:21 -08:00
Michele Degges 9cdc33ec4d chmod +x on the sh file 2022-02-03 13:10:42 -08:00
mrspanishviking a2ec068f1a
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-03 14:06:41 -07:00
mrspanishviking 7ff76ea004
Apply suggestions from code review
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-03 14:00:06 -07:00
Jake Herschman eeffbfbf78
Merge pull request #11944 from hashicorp/cts-docs-clean-up 2022-02-03 14:08:33 -05:00
Daniel Nephin 1a9a656a7f sdk: add TestLogLevel for setting log level in tests
And default log level to WARN.
2022-02-03 13:42:28 -05:00
David Yu 6c540c04b0
docs: provide example for enabling mesh on a per namespace basis (#12255)
* docs: provide example for enabling mesh on a per namespace basis

* add headings

* Update install.mdx

* Update install.mdx

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update install.mdx

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>

* add changes from review

* Update install.mdx

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>
2022-02-03 10:40:06 -08:00
Jared Kirschner 0897e11cd6
Merge pull request #12230 from hashicorp/badge-improvements
README Badge Improvements
2022-02-03 13:36:05 -05:00
Jared Kirschner e84f4e25ba Improve README header
Improvements include:
- separate the project name from the badges
- use the project logo
- show more relevant badges
2022-02-03 10:15:38 -08:00
David Yu 5b9bf6ec63
docs: formatting and update to consul-k8s 0.40.0 (#12256)
* docs: formatting and update to consul-k8s 0.40.0

* Update index.mdx

* Update index.mdx

* test indentation

* Update index.mdx

* formatting

* Update index.mdx

* Update index.mdx

* Update index.mdx

* Update index.mdx

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/upgrade/index.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-02-03 08:12:47 -08:00
Jared Kirschner 442bb7f4c4
Merge pull request #10833 from jkirschner-hashicorp/improve-compile-from-source-docs
docs: improve compile from source docs
2022-02-03 11:05:46 -05:00
Jared Kirschner f2d9480653 Update Consul logo assets on docs site 2022-02-03 07:39:35 -08:00
Daniel Nephin 7080e26c83 Replace build script with 'go build' 2022-02-03 07:19:57 -08:00
John Cowen fcacec90a5
ui: Change approach to loading debug.css (#12242)
We need a way to load certain CSS based on the environment you are viewing, i.e. we have debug CSS that we use for our Eng Documentation and various other DX utilities that shouldn't be compiled into our production or test builds.

Previously we would compile two entirely different CSS files (app and debug) and the load one or the other depending on which environment you were in.

This approach just empties out the debug.css file in certain environments (prod/test) which means we can just import that file from app. When in staging/development this imports the contents of debug.css (quite a bit of CSS) whereas when building for production/test this debug.css is emptied out during the build process.

There is a slight little hack in order to have this work, we import _debug.scss which imports the debug.scss file. I couldn't for the life of me figure out how to have broccoli empty out a file during the build process, so instead we essentially copy over debug.scss during dev and create an empty file during prod to _debug.scss.

When using make build to build an artifact for production CSS remains at ~58kb (during dev its a lot bigger than this)
2022-02-03 08:40:03 +00:00
Blake Covarrubias 4dcb6e8904 docs: Fix discrepancy with sidecar min/max port range
Remove incorrect sidecar port range on docs for built-in proxy.

Updates the bind_port/port fields on the built-in proxy and sidecar
service registration pages to link to the `sidecar_min_port` and
`sidecar_max_port` configuration options for the defined port range.

Fixes #12253
2022-02-02 20:12:00 -08:00
Michele Degges 1808c0b49e Use docker mirror 2022-02-02 17:41:56 -08:00
Evan Culver 1908e98c66
Merge branch 'enable-security-scan' of github.com:hashicorp/consul into enable-security-scan 2022-02-02 17:32:17 -08:00
Evan Culver 0784d44a3c
Add changelog entry 2022-02-02 17:31:08 -08:00
Michele Degges 344ade448e Merge branch 'fix-broken-dockerfile' of github.com:hashicorp/consul into fix-broken-dockerfile 2022-02-02 15:39:14 -08:00
Daniel Nephin 5ab00d85e0
Merge pull request #11783 from hashicorp/dnephin/ca-vault-root-as-intermediate
ca: add a test that uses an intermediate CA as the primary CA
2022-02-02 16:05:59 -05:00
Jared Kirschner 14f1d14760
Merge pull request #11391 from hashicorp/add-changelog-creation-to-contributor-docs
Add changelog creation to contributor docs
2022-02-02 14:50:02 -05:00
Jared Kirschner 7dda1df00f Add changelog creation to contributor docs 2022-02-02 10:58:27 -08:00
Daniel Nephin 44f9229b96 ca: add a test that uses an intermediate CA as the primary CA
This test found a bug in the secondary. We were appending the root cert
to the PEM, but that cert was already appended. This was failing
validation in Vault here:
https://github.com/hashicorp/vault/blob/sdk/v0.3.0/sdk/helper/certutil/types.go#L329

Previously this worked because self signed certs have the same
SubjectKeyID and AuthorityKeyID. So having the same self-signed cert
repeated doesn't fail that check.

However with an intermediate that is not self-signed, those values are
different, and so we fail the check. A test I added in a previous commit
should show that this continues to work with self-signed root certs as
well.
2022-02-02 13:41:35 -05:00
claire labry 1e35685ea3
Merge branch 'main' into enable-security-scan 2022-02-02 13:36:48 -05:00
Daniel Nephin 9d7bcdd6ee
Merge pull request #12250 from hashicorp/dnephin/acl-resolver-safer-identity
acl: un-embed ACLIdentity
2022-02-02 13:10:35 -05:00
Daniel Nephin d00a9abca2 acl: un-embed ACLIdentity
This is safer than embedding two interface because there are a number of
places where we check the concrete type. If we check the concrete type
on the top-level interface it will fail. So instead expose the
ACLIdentity from a method.
2022-02-02 12:07:31 -05:00
John Cowen 404523f7ea
ui: Alias all our Structure Icons to Flight Icons (#12209) 2022-02-02 13:24:47 +00:00
mrspanishviking 4b1e6f2aa4
Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-02-01 15:22:32 -07:00
mrspanishviking 18728ac593
Apply suggestions from code review
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-02-01 15:18:47 -07:00
mrspanishviking 57cc86e30a
Merge pull request #12243 from gitrgoliveira/patch-1
Update redirect-traffic.mdx
2022-02-01 15:09:02 -07:00
mrspanishviking 83a2c9cc4c
Update website/content/commands/connect/redirect-traffic.mdx
Co-authored-by: Blake Covarrubias <blake.covarrubias@gmail.com>
2022-02-01 15:08:23 -07:00
JG da1072da80
packaging: fix issues in pre/postremove scripts (#12147)
Fixes several issues with the pre/postremove scripts for both rpm and
deb packages. Specifically:

For postremove:
- the postremove script now functions correctly (i.e. restarts consul
  after a package upgrade) on rpm-based systems (where $1 is numeric
  rather than `purge` or `upgrade`)
- `systemctl daemon-reload` is called on package removal (rather than
  only on upgrade)
- calls `systemctl try-restart` instead of `systemctl restart`, which
  will only (re)start consul if it was already running when the upgrade
  happened.

For preremove:
- if the package is being completely uninstalled (rather than upgraded),
  stop consul before removing the package
2022-02-01 12:07:18 -08:00
John Cowen 01437e81ea
ui: attach-shadow modifier (#12207)
* ui: attach-shadow modifier
* ui: adopt-styles helper (#12208)
2022-02-01 19:48:57 +00:00
Jake Herschman 81480833f4 Updated copy based on feedback 2022-02-01 13:59:26 -05:00
Daniel Nephin da3076fc89 docs: update install from source
GOPATH is not longer necessary as of Go1.11.

No additional tools are required, just Go.
2022-02-01 09:32:48 -08:00
Jared Kirschner 40e6a4ead2 docs: link from makefile to compile instructions
Some practitioners look to the makefile directly rather than to the consul
website for information on how to compile from source. Link to the website
instructions directly from the makefile so the practitioner can accomplish
their task successfully without a careful read of the makefile.
2022-02-01 09:32:48 -08:00
Jared Kirschner a1b024762b docs: show how to cross-compile from source 2022-02-01 09:32:47 -08:00
Ricardo Oliveira d2275abb1b
Update website/content/commands/connect/redirect-traffic.mdx
Co-authored-by: mrspanishviking <cardenas88karl@gmail.com>
2022-02-01 17:20:20 +00:00
Ricardo Oliveira cf32d8f61e
Update redirect-traffic.mdx 2022-02-01 17:10:49 +00:00
John Cowen 23d45f5ef5
ui: style-map helper (#12203) 2022-02-01 16:39:02 +00:00
John Cowen bcd841a2ed
ui: on-outside modifier (#12206) 2022-02-01 14:25:24 +00:00
David Yu aa9fe538b1
docs: slight formatting update and provide example with service mesh enabled (#12227)
* docs: slight formatting update and provide example with service mesh install

* add status

* Update website/content/docs/k8s/installation/install.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update install.mdx

* Update install.mdx

* Update install.mdx

* Update install.mdx

* Update install.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-31 17:26:44 -08:00
Daniel Nephin 18ff00f985
Merge pull request #12167 from hashicorp/dnephin/acl-resolve-token-3
acl: rename ResolveTokenToIdentityAndAuthorizer to ResolveToken
2022-01-31 19:21:06 -05:00
Daniel Nephin ff64c13c3e
Merge pull request #12166 from hashicorp/dnephin/acl-resolve-token-2
acl: remove ResolveTokenToIdentity
2022-01-31 19:19:21 -05:00