Commit graph

14735 commits

Author SHA1 Message Date
Daniel Nephin c2e85f25d4 ca: move SignCertificate to CAManager
To reduce the scope of Server, and keep all the CA logic together
2021-07-12 13:42:39 -04:00
Dhia Ayachi a0320169fe add missing state reset when stopping ca manager 2021-07-12 09:32:36 -04:00
Daniel Nephin 68d5f7769a ca: fix mockCAServerDelegate to work with the new interface
raftApply was removed so ApplyCARequest needs to handle all the possible operations

Also set the providerShim to use the mock provider.

other changes are small test improvements that were necessary to debug the failures.
2021-07-12 09:32:36 -04:00
Daniel Nephin 6d4b0ce194 ca: remove unused method
and small refactor to getCAProvider so that GoLand is less confused about what it is doing.
Previously it was reporting that the for condition was always true, which was not the case.
2021-07-12 09:32:35 -04:00
Daniel Nephin 4330122d9a ca: remove raftApply from delegate interface
After moving ca.ConsulProviderStateDelegate into the interface we now
have the ApplyCARequest method which does the same thing. Use this more
specific method instead of raftApply.
2021-07-12 09:32:35 -04:00
Daniel Nephin fae0a8f851 ca: move generateCASignRequest to the delegate
This method on Server was only used by the caDelegateWithState, so move it there
until we can move it entirely into CAManager.
2021-07-12 09:32:35 -04:00
Daniel Nephin d4bb9fd97a ca: move provider creation into CAManager
This further decouples the CAManager from Server. It reduces the interface between them and
removes the need for the SetLogger method on providers.
2021-07-12 09:32:33 -04:00
Daniel Nephin fc629d9eaa ca-manager: move provider shutdown into CAManager
Reducing the coupling between Server and CAManager
2021-07-12 09:27:28 -04:00
Evan Culver db250e2114
tests: skip cases that depend on test server when -short flag set (#10576) 2021-07-09 16:42:30 -07:00
mrspanishviking ae48b8314b
Merge pull request #10586 from hashicorp/docs-consult-license
docs: changing license faq title to align with Nomad and Vault faq pages
2021-07-09 16:27:57 -07:00
Karl Cardenas f20590bb14 docs: changing license faq title to align with Nomad and Vault faq pages 2021-07-09 10:20:51 -07:00
Evan Culver 5ff191ad99
Add support for returning ACL secret IDs for accessors with acl:write (#10546) 2021-07-08 15:13:08 -07:00
Daniel Nephin dcb90fb832
Merge pull request #10570 from hashicorp/copy-of-master
Changes that were accidentally merged into the old master branch
2021-07-08 16:28:56 -04:00
David Yu f6273fe5ba
docs: Update docs to reflect limitation in TProxy when using single Consul DC deployment with multiple k8s clusters (#10549)
* docs: Update to reflect single Consul DC deployment with multiple k8s clusters
2021-07-08 10:44:29 -07:00
R.B. Boyer 0e6a482b76
config: add agent config flag for enterprise clients to indicate they wish to join a particular partition (#10572) 2021-07-08 10:03:38 -05:00
Daniel Nephin cf26ed5783
Merge pull request #10281 from hashicorp/docs-pairing
New structure for contributing docs
2021-07-07 14:42:36 -04:00
Daniel Nephin 90a8106de2 contrib: add docs about the diagrams 2021-07-07 13:42:13 -04:00
Daniel Nephin 98d0190cc6 Fix typo in overview diagram 2021-07-07 13:38:10 -04:00
Daniel Nephin 912b069375 contrib: add first draft of RPC docs 2021-07-07 13:38:10 -04:00
Dhia Ayachi e5dbf5e55b
Add ca certificate metrics (#10504)
* add intermediate ca metric routine

* add Gauge config for intermediate cert

* Stop metrics routine when stopping leader

* add changelog entry

* updage changelog

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* use variables instead of a map

* go imports sort

* Add metrics for primary and secondary ca

* start metrics routine in the right DC

* add telemetry documentation

* update docs

* extract expiry fetching in a func

* merge metrics for primary and secondary into signing ca metric

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-07-07 09:41:01 -04:00
hc-github-team-consul-core 83c543cd6b auto-updated agent/uiserver/bindata_assetfs.go from commit 6fbeea5de 2021-07-07 10:51:32 +00:00
John Cowen d93d9d4e39
ui: Don't default to the default namespace, use the token default namespace instead (#10503)
The default namespace, and the tokens default namespace (or its origin namespace) is slightly more complicated than other things we deal with in the UI, there's plenty of info/docs on this that I've added in this PR.

Previously:

When a namespace was not specified in the URL, we used to default to the default namespace. When you logged in using a token we automatically forward you the namespace URL that your token originates from, so you are then using the namespace for your token by default. You can of course then edit the URL to remove the namespace portion, or perhaps revisit the UI at the root path with you token already set. In these latter cases we would show you information from the default namespace. So if you had no namespace segment/portion in the URL, we would assume default, perform actions against the default namespace and highlight the default namespace in the namespace selector menu. If you wanted to perform actions in your tokens origin namespace you would have to manually select it from the namespace selector menu.

This PR:

Now, when you have no namespace segment/portion in the URL, we use the token's origin namespace instead (and if you don't have a token, we then use the default namespace like it was previously)

Notes/thoughts:

I originally thought we were showing an incorrectly selected namespace in the namespace selector, but it also matched up with what we were doing with the API, so it was in fact correct. The issue was more that we weren't selecting the origin namespace of the token for the user when a namespace segment was omitted from the URL. Seeing as we automatically forward you to the tokens origin namespace when you log in, and we were correctly showing the namespace we were acting on when you had no namespace segment in the URL (in the previous case default), I'm not entirely sure how much of an issue this actually was.

This characteristic of namespace+token+namespace is a little weird and its easy to miss a subtlety or two so I tried to add some documentation in here for future me/someone else (including some in depth code comment around one of the API endpoints where this is very subtle and very hard to miss). I'm not the greatest at words, so would be great to get some edits there if it doesn't seem clear to folks.

The fact that we used to save your previous datacenter and namespace into local storage for reasons also meant the interaction here was slightly more complicated than it needed to be, so whilst we were here we rejigged things slightly to satisfy said reasons still but not use local storage (we try and grab the info from higher up). A lot of the related code here is from before we had our Routlets which I think could probably make all of this a lot less complicated, but I didn't want to do a wholesale replacement in this PR, we can save that for a separate PR on its own at some point.
2021-07-07 11:46:41 +01:00
Jared Kirschner 37f25aed1d
Merge pull request #10559 from jkirschner-hashicorp/fix-autopilot-config-post-default-values
Fix defaults for autopilot config update
2021-07-06 19:19:52 -04:00
hc-github-team-consul-core 93607fa2ee auto-updated agent/uiserver/bindata_assetfs.go from commit 2c4f22a9f 2021-07-06 22:54:28 +00:00
Daniel Nephin 14527dd005
Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period
ca: remove unused RotationPeriod field
2021-07-06 18:49:33 -04:00
Jared Kirschner 7a6d13f29b Add changelog for PR 10559 2021-07-06 18:39:40 -04:00
Jared Kirschner 1449806c3d Fix defaults for autopilot config update
Previously, for a POST request to the /v1/operator/autopilot/configuration
endpoint, any fields not included in the payload were set to a zero-initialized
value rather than the documented default value.

Now, if an optional field is not included in the payload, it will be set to its
documented default value:
- CleanupDeadServers:      true
- LastContactThreshold:    "200ms"
- MaxTrailingLogs:         250
- MinQuorum:               0
- ServerStabilizationTime: "10s"
- RedundancyZoneTag:       ""
- DisableUpgradeMigration: false
- UpgradeVersionTag:       ""
2021-07-06 18:39:40 -04:00
Daniel Nephin 916a9779f1 Add changelog 2021-07-06 17:57:36 -04:00
Luke Kysow 0c8944f6f7
Add headings to Helm docs (#10562) 2021-07-06 11:23:10 -07:00
hc-github-team-consul-core 164db92b15 auto-updated agent/uiserver/bindata_assetfs.go from commit 74070c095 2021-07-06 16:06:51 +00:00
John Cowen 935dc696b4
ui: Add intl debug helpers (#10513)
This commit adds a couple of debug utilities to help us to continue slowly adding i18n support:

- We've added a CONSUL_INTL_DEBUG env/cookie variable to turn off variable interpolation within the t helper so you can see which variables are being interpolated.
- We've added a CONSUL_INTL_LOCALE env/cookie which currently supports two 'pseudo-locales' - la-fk (fake latin) and - (just dashes) either of which will make it easier to see what has not been localized until we can add prettier rules to prevent adding any copy into templates at all. I would guess if we ever translated the app we would use this for looking at things whilst developing also - but as yet I've not adding anything for that here seeing as we don't translate anything.
Both variables are dev-time only and all code for this is removed from the production build.
2021-07-06 17:01:08 +01:00
John Cowen 21bec26146
ui: Allow disabling of sourcemaps via env var (#10491) 2021-07-06 16:57:53 +01:00
John Cowen c3b76c7836
ui: Fixup definition-table + copy-button margin (#10512) 2021-07-06 16:57:20 +01:00
John Cowen 61842beb3b
ui: CopyButton amends (#10511)
* ui: Add with-copyable modifier

* Use with-copyable modifier for our own CopyButton

* Move copy-button styling and remove most of `copy-btn`
2021-07-06 16:56:36 +01:00
hc-github-team-consul-core ff2360d430 auto-updated agent/uiserver/bindata_assetfs.go from commit 5f73de6fb 2021-07-06 15:50:57 +00:00
jkirschner-hashicorp 31bbab8ae7
Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable
Replace use of 'sane' where appropriate
2021-07-06 11:46:04 -04:00
Daniel Nephin b4a10443d1 ca: remove unused RotationPeriod field
This field was never used. Since it is persisted as part of a map[string]interface{} it
is pretty easy to remove it.
2021-07-05 19:15:44 -04:00
Daniel Nephin f13b8c17a1 contrib: add first draft of ACL docs 2021-07-05 18:25:06 -04:00
Daniel Nephin 2b8c80f03e contrib: Add cluster persistence docs
And remove sections from the INTERNALS.md page as they are replaced.
2021-07-05 18:25:06 -04:00
Daniel Nephin faa06040e4 contrib: Add CLI docs 2021-07-05 18:25:05 -04:00
Daniel Nephin 39dd14d581 contrib: move FAQ into a separate file. 2021-07-05 18:25:05 -04:00
Daniel Nephin d313219e85 contributing: start an outline for more docs
Add diagrams for rpc routing and acl entity relationship
contributing: create directory structure for new docs
WIP diagram for catalog entities
Add overview diagram

Co-Authored-By: Kelly Devlin <kdevlin@hashicorp.com>
2021-07-05 18:25:00 -04:00
Jared Kirschner 4c3b1b8b7b Replace use of 'sane' where appropriate
HashiCorp voice, style, and language guidelines recommend avoiding ableist
language unless its reference to ability is accurate in a particular use.
2021-07-02 12:18:46 -04:00
David Yu b43bd28be0
docs: Formatting for Ingress Controllers example repos (#10542)
* docs: Formatting for Ingress Controllers example repos
* Update ingress-controllers.mdx
2021-07-01 10:48:40 -07:00
Mike Morris 6b10b06b92
changelog: add 1.10.0, 1.9.7 and 1.8.13 (#10537) 2021-07-01 13:25:47 -04:00
Kyle Schochenmaier e128e38d9e
docs: Ingress controllers configurations (#10495)
Add high level documentation on how to enable ingress controllers in consul on k8s.

Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2021-07-01 11:24:27 -05:00
Dhia Ayachi b57cf27e8f
Format certificates properly (rfc7468) with a trailing new line (#10411)
* trim carriage return from certificates when inserting rootCA in the inMemDB

* format rootCA properly when returning the CA on the connect CA endpoint

* Fix linter warnings

* Fix providers to trim certs before returning it

* trim newlines on write when possible

* add changelog

* make sure all provider return a trailing newline after the root and intermediate certs

* Fix endpoint to return trailing new line

* Fix failing test with vault provider

* make test more robust

* make sure all provider return a trailing newline after the leaf certs

* Check for suffix before removing newline and use function

* Add comment to consul provider

* Update change log

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* fix typo

* simplify code callflow

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>

* extract requireNewLine as shared func

* remove dependency to testify in testing file

* remove extra newline in vault provider

* Add cert newline fix to envoy xds

* remove new line from mock provider

* Remove adding a new line from provider and fix it when the cert is read

* Add a comment to explain the fix

* Add missing for leaf certs

* fix missing new line

* fix missing new line in leaf certs

* remove extra new line in test

* updage changelog

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* fix in vault provider and when reading cache (RPC call)

* fix AWS provider

* fix failing test in the provider

* remove comments and empty lines

* add check for empty cert in test

* fix linter warnings

* add new line for leaf and private key

* use string concat instead of Sprintf

* fix new lines for leaf signing

* preallocate slice and remove append

* Add new line to `SignIntermediate` and `CrossSignCA`

Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-06-30 20:48:29 -04:00
Kenia 1ec131924a
Add changelog to backported bug fix for Topology Metrics (#10538) 2021-06-30 16:51:29 -04:00
Daniel Nephin 72ea979c39
Merge pull request #10515 from hashicorp/dnephin/fix-arm32-atomic-aligment
Fix panic on 32-bit platforms
2021-06-30 16:40:20 -04:00
David Yu e4cf9fcc9c
docs: remove alpha from 1.10.0 reference for observability on k8s metrics merging (#10528)
The docs note an alpha pre-release version on K8s observability. Updating to only reference the GA 1.10.0 version of Consul for observability on k8s and metrics merging.
2021-06-30 12:18:19 -07:00