Commit Graph

1236 Commits

Author SHA1 Message Date
Mitchell Hashimoto 4301f7f1f5
agent: only set the proxy manager data dir if its set 2018-06-14 09:42:12 -07:00
Mitchell Hashimoto e3be9f7a02
agent/proxy: improve comments on snapshotting 2018-06-14 09:42:12 -07:00
Mitchell Hashimoto eb31827fac
agent/proxy: implement periodic snapshotting in the manager 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 64fc9e0218
agent/proxy: check if process is alive 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto a3a0bc7b13
agent/proxy: implement snapshotting for daemons 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 9675ed626d
agent/proxy: manager configures the daemon pid path to write pids 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 5e0f0ba178
agent/proxy: write pid file whenever the daemon process changes 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 09093a1a1a
agent/proxy: change LogDir to DataDir to reuse for other things 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto e2133fd391
agent/proxy: make the logs test a bit more robust by waiting for file 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto d019d33bc6
agent/proxy: don't create the directory in newProxy 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 49bc7181a4
agent/proxy: send logs to the correct location for daemon proxies 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 515c47be7d
agent: add additional tests for defaulting in AddProxy 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 52665f7d23
agent: clean up defaulting of proxy configuration
This cleans up and unifies how proxy settings defaults are applied.
2018-06-14 09:42:10 -07:00
Mitchell Hashimoto ed14e9edf8
agent: resolve some conflicts and fix tests 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 657c09133a
agent/local: clarify the non-risk of a full buffer 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 31b09c0674
agent/local: remove outdated comment 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto bae428326a
agent: use os.Executable 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 6a78ecea57
agent/proxy: local state event coalescing 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 16f529a13c
agent/proxy: implement force kill of unresponsive proxy process 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 4722e3ef76
agent: fix crash that could happen if proxy was nil on load 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 10fe87bd4a
agent/proxy: pull exit status extraction to constrained file 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 669268f85c
agent: start proxy manager 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 6884654c9d
agent/proxy: detect config change to stop/start proxies 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 8ce3deac5d
agent/proxy: test removing proxies and stopping them 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto a2167a7fd1
agent/proxy: manager and basic tests, not great coverage yet coming soon 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto fae8dc8951
agent/local: add Notify mechanism for proxy changes 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto f64a002f68
agent: start/stop proxies 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto 93cdd3f206
agent/proxy: clean up usage, can't be restarted 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto 536f31571b
agent: change connect command paths to be slices, not strings
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
2018-06-14 09:42:08 -07:00
Mitchell Hashimoto 76c6849ffe
agent/local: store proxy on local state, wip, not working yet 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto 659ab7ee2d
agent/proxy: exponential backoff on restarts 2018-06-14 09:42:07 -07:00
Mitchell Hashimoto c2f50f1688
agent/proxy: Daemon works, tests cover it too 2018-06-14 09:42:07 -07:00
Mitchell Hashimoto c47ad68f25
wip 2018-06-14 09:42:07 -07:00
Paul Banks 02ab461dae
TLS watching integrated into Service with some basic tests.
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
2018-06-14 09:42:07 -07:00
Paul Banks dcd277de8a
Wire up agent leaf endpoint to cache framework to support blocking. 2018-06-14 09:42:07 -07:00
Kyle Havlovitz b28e11fdd3
Fill out connect CA rpc endpoint tests 2018-06-14 09:42:06 -07:00
Kyle Havlovitz 0e184f3f5b
Fix config tests 2018-06-14 09:42:06 -07:00
Kyle Havlovitz 7c0976208d
Add tests for the built in CA's state store table 2018-06-14 09:42:06 -07:00
Kyle Havlovitz 19b9399f2f
Add more tests for built-in provider 2018-06-14 09:42:06 -07:00
Kyle Havlovitz a29f3c6b96
Fix some inconsistencies around the CA provider code 2018-06-14 09:42:06 -07:00
Paul Banks 153808db7c
Don't allow connect watches in agent/cli yet 2018-06-14 09:42:06 -07:00
Paul Banks 072b2a79ca
Support legacy watch.HandlerFunc type for backward compat reduces impact of change 2018-06-14 09:42:05 -07:00
Paul Banks 6f566f750e
Basic `watch` support for connect proxy config and certificate endpoints.
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
 - Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
 - Integration into `connect` is partially done here but still WIP
2018-06-14 09:42:05 -07:00
Kyle Havlovitz 2167713226
Add CA config to connect section of agent config 2018-06-14 09:42:05 -07:00
Kyle Havlovitz 02fef5f9a2
Move ConsulCAProviderConfig into structs package 2018-06-14 09:42:04 -07:00
Kyle Havlovitz 887cc98d7e
Simplify the CAProvider.Sign method 2018-06-14 09:42:04 -07:00
Kyle Havlovitz 44b30476cb
Simplify the CA provider interface by moving some logic out 2018-06-14 09:42:04 -07:00
Kyle Havlovitz aa10fb2f48
Clarify some comments and names around CA bootstrapping 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto 5abd43a567
agent: resolve flaky test by checking cache hits increase, rather than
exact
2018-06-14 09:42:04 -07:00
Mitchell Hashimoto 73838c9afa
agent: use helper/retry instead of timing related tests 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto dcb2671d10
agent/cache: address PR feedback, lots of typos 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 07d878a157
agent/cache: address feedback, clarify comments 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto ad3928b6bd
agent/cache: don't every block on NotifyCh 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 3f80a9f330
agent/cache: unit tests for ExpiryHeap, found a bug! 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 1c31e34e5b
agent/cache: send the total entries count on eviction to go-metrics 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto ec559d77bd
agent/cache: make edge case with prev/next idx == 0 handled better 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto b319d06276
agent/cache: rework how expiry data is stored to be more efficient 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 449bbd817d
agent/cache: initial TTL work 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto 3c6acbda5d
agent/cache: send the RefreshTimeout into the backend fetch 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto 257fc34e51
agent/cache: on error, return from Get immediately, don't block forever 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto e9d58ca219
agent/cache: lots of comment/doc updates 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto a1f8cb9570
agent: augment /v1/connect/authorize to cache intentions 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto 56774f24d0
agent/cache-types: support intention match queries 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto 109bb946e9
agent/cache: return the error as part of Get 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 6ecc2da7ff
agent/cache: integrate go-metrics so the cache is debuggable 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 3b6c46b7d7
agent/structs: DCSpecificRequest sets all the proper fields for
CacheInfo
2018-06-14 09:42:01 -07:00
Mitchell Hashimoto ccd7eeef1a
agent/cache-types/ca-leaf: proper result for timeout, race on setting CA 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 4509589427
agent/cache: support timeouts for cache reads and empty fetch results 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto b0f70f17db
agent/cache-types: rename to separate root and leaf cache types 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto e3b1c400e5
agent/cache-types: got basic CA leaf caching work, major problems still 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 9e44a319d3
agent: check cache hit count to verify CA root caching, background update 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto 8bb4fd95a6
agent: initialize the cache and cache the CA roots 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto 286217cbd8
agent/cache: partition by DC/ACL token 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto 72c82a9b29
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto ecc789ddb5
agent/cache: ConnectCA roots caching type 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto c69df79e0c
agent/cache: blank cache key means to always fetch 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto 8584e9262e
agent/cache: initial kind-of working cache 2018-06-14 09:42:00 -07:00
Kyle Havlovitz 43f13d5a0b
Add cross-signing mechanism to root rotation 2018-06-14 09:42:00 -07:00
Kyle Havlovitz bbfcb278e1
Add the root rotation mechanism to the CA config endpoint 2018-06-14 09:41:59 -07:00
Kyle Havlovitz a585a0ba10
Have the built in CA store its state in raft 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 80eddb0bfb
Fix the testing endpoint's root set op 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 9fefac745e
Update the CA config endpoint to enable GETs 2018-06-14 09:41:59 -07:00
Kyle Havlovitz fc9ef9741b
Hook the CA RPC endpoint into the provider interface 2018-06-14 09:41:59 -07:00
Kyle Havlovitz a40db26ffe
Add CA bootstrapping on establishing leadership 2018-06-14 09:41:59 -07:00
Kyle Havlovitz e26819ed9c
Add the bootstrap config for the CA 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 4d0713d5bb
Add the CA provider interface and built-in provider 2018-06-14 09:41:58 -07:00
Kyle Havlovitz ebdda17a30
Add CA config set to fsm operations 2018-06-14 09:41:58 -07:00
Kyle Havlovitz f7ff16669f
Add the Connect CA config to the state store 2018-06-14 09:41:58 -07:00
Paul Banks a90f69faa4
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list. 2018-06-14 09:41:58 -07:00
Paul Banks 9d11cd9bf4
Fix various test failures and vet warnings.
Intention de-duplication in previously merged PR actualy failed some tests that were not caught be me or CI. I ran the test files for state changes but they happened not to trigger this case so I made sure they did first and then fixed. That fixed some upstream intention endpoint tests that I'd not run as part of testing the previous fix.
2018-06-14 09:41:58 -07:00
Paul Banks 8a4410b549
Refactor localBlockingQuery to use memdb.WatchSet. Much simpler and correct as a bonus! 2018-06-14 09:41:58 -07:00
Paul Banks aed5e5b03e
Super ugly hack to get TeamCity build to work for this PR without adding a vendor that is being added elsewhere and will conflict... 2018-06-14 09:41:58 -07:00
Paul Banks cbd8606651
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test. 2018-06-14 09:41:57 -07:00
Paul Banks 44afb5c699
Agent Connect Proxy config endpoint with hash-based blocking 2018-06-14 09:41:57 -07:00
Paul Banks c2266b134a
HTTP agent registration allows proxy to be defined. 2018-06-14 09:41:57 -07:00
Paul Banks 78e48fd547
Added connect proxy config and local agent state setup on boot. 2018-06-14 09:41:57 -07:00
Paul Banks 280382c25f
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works.
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
2018-06-14 09:41:57 -07:00
Paul Banks adc5589329
Allow duplicate source or destination, but enforce uniqueness across all four. 2018-06-14 09:41:57 -07:00
Paul Banks 51b1bc028d
Rework connect/proxy and command/connect/proxy. End to end demo working again 2018-06-14 09:41:57 -07:00
Paul Banks 2d6a2ce1e3
connect.Service based implementation after review feedback. 2018-06-14 09:41:56 -07:00
Mitchell Hashimoto 62b746c380
agent: rename authorize param ClientID to ClientCertURI 2018-06-14 09:41:56 -07:00
Mitchell Hashimoto 94e7a0a3c1
agent: add TODO for verification 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto f983978fb8
acl: IntentionDefault => IntentionDefaultAllow 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto b3584b6355
agent: ACL checks for authorize, default behavior 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto 3e0e0a94a7
agent/structs: String format for Intention, used for logging 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto 3f80808379
agent: bolster commenting for clearer understandability 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto c6269cda37
agent: default deny on connect authorize endpoint 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 5364a8cd90
agent: /v1/agent/connect/authorize is functional, with tests 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 7af99667b6
agent/connect: Authorize for CertURI 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 68fa4a83b1
agent: get rid of method checks since they're done in the http layer 2018-06-14 09:41:54 -07:00
Paul Banks 894ee3c5b0
Add Connect agent, catalog and health endpoints to api Client 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 1985655dff
agent/consul/state: ensure exactly one active CA exists when setting 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 9d93c52098
agent/connect: support any values in the URL 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 8934f00d03
agent/connect: support SpiffeIDSigning 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto da1bc48372
agent/connect: rename SpiffeID to CertURI 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto b0315811b9
agent/connect: use proper keyusage fields for CA and leaf 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto 434d8750ae
agent/connect: address PR feedback for the CA.go file 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto e0562f1c21
agent: implement an always-200 authorize endpoint 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto 2026cf3753
agent/consul: encode issued cert serial number as hex encoded 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto deb55c436d
agent/structs: hide some fields from JSON 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 746f80639a
agent: /v1/connect/ca/configuration PUT for setting configuration 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 2dfca5dbc2
agent/consul/fsm,state: snapshot/restore for CA roots 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 17d6b437d2
agent/consul/fsm,state: tests for CA root related changes 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto a8510f8224
agent/consul: set more fields on the issued cert 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 58b6f476e8
agent: /v1/connect/ca/leaf/:service_id 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 748a0bb824
agent: CA root HTTP endpoints 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 80a058a573
agent/consul: CAS operations for setting the CA root 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 712888258b
agent/consul: tests for CA endpoints 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 1928c07d0c
agent/consul: key the public key of the CSR, verify in test 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 9a8653f45e
agent/consul: test for ConnectCA.Sign 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto a360c5cca4
agent/consul: basic sign endpoint not tested yet 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 6550ff9492
agent/connect: package for agent-related Connect, parse SPIFFE IDs 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto f433f61fdf
agent/structs: json omit QueryMeta 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto 9ad2a12441
agent: /v1/connect/ca/roots 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto 24830f4cfa
agent/consul: RPC endpoints to list roots 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto cfb62677c0
agent/consul/state: CARoot structs and initial state store 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 7e8d606717
agent: address PR feedback 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 767d2eaef6
agent: commenting some tests 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto f9a55aa7e0
agent: clarified a number of comments per PR feedback 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 62cbb892e3
agent/consul: Health.ServiceNodes ACL check for Connect 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 641c982480
agent/consul: Catalog endpoint ACL requirements for Connect proxies 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 4cc4de1ff6
agent: remove ConnectProxyServiceName 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 566c98b2fc
agent/consul: require name for proxies 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 4207bb42c0
agent: validate service entry on register 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto b5fd3017bb
agent/structs: tests for PartialClone and IsSame for proxy fields 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto c43ccd024a
agent/local: anti-entropy for connect proxy services 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto daaa6e2403
agent: clean up connect/non-connect duplication by using shared methods 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 3d82d261bd
agent: /v1/health/connect/:service 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 119ffe3ed9
agent/consul: implement Health.ServiceNodes for Connect, DNS works 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto a5fe6204d5
agent: working DNS for Connect queries, I think, but have to
implement Health endpoints to be sure
2018-06-14 09:41:47 -07:00
Mitchell Hashimoto fa4f0d353b
agent: /v1/catalog/connect/:service 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto 253256352c
agent/consul: Catalog.ServiceNodes supports Connect filtering 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto 06957f6d7f
agent/consul/state: ConnectServiceNodes 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto 200100d3f4
agent/consul: enforce ACL on ProxyDestination 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto 8a72826483
agent/consul: proxy registration and tests 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 6cd9e0e37c
agent: /v1/agent/services test with connect proxies (works w/ no change) 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 8777ff139c
agent: test /v1/catalog/node/:node to list connect proxies 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 761b561946
agent: /v1/catalog/service/:service works with proxies 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 58bff8dd05
agent/consul/state: convert proxy test to testify/assert 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 09568ce7b5
agent/consul/state: service registration with proxy works 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 23ee0888ec
agent/consul: convert intention ACLs to testify/assert 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 6a8bba7d48
agent/consul,structs: add tests for ACL filter and prefix for intentions 2018-06-14 09:41:45 -07:00
Mitchell Hashimoto 3e10a1ae7a
agent/consul: Intention.Match ACLs 2018-06-14 09:41:45 -07:00
Mitchell Hashimoto db44a98a2d
agent/consul: Intention.Get ACLs 2018-06-14 09:41:45 -07:00
Mitchell Hashimoto fd840da97a
agent/consul: Intention.Apply ACL on rename 2018-06-14 09:41:45 -07:00
Mitchell Hashimoto 14ca93e09c
agent/consul: tests for ACLs on Intention.Apply update/delete 2018-06-14 09:41:45 -07:00
Mitchell Hashimoto c54be9bc09
agent/consul: Basic ACL on Intention.Apply 2018-06-14 09:41:44 -07:00
Mitchell Hashimoto 1d0b4ceedb
agent: convert all intention tests to testify/assert 2018-06-14 09:41:44 -07:00
Mitchell Hashimoto f07340e94f
agent/consul/fsm,state: snapshot/restore for intentions 2018-06-14 09:41:44 -07:00
Mitchell Hashimoto 6f33b2d070
agent: use UTC time for intention times, move empty list check to
agent/consul
2018-06-14 09:41:43 -07:00
Mitchell Hashimoto 67b017c95c
agent/consul/fsm: switch tests to use structs.TestIntention 2018-06-14 09:41:43 -07:00
Mitchell Hashimoto 3a00564411
agent/consul/state: need to set Meta for intentions for tests 2018-06-14 09:41:43 -07:00
Mitchell Hashimoto 027dad8672
agent/consul/state: remove TODO 2018-06-14 09:41:43 -07:00
Mitchell Hashimoto 37f66e47ed
agent: use testing intention to get valid intentions 2018-06-14 09:41:43 -07:00
Mitchell Hashimoto 04bd4af99c
agent/consul: set default intention SourceType, validate it 2018-06-14 09:41:43 -07:00
Mitchell Hashimoto 8e2462e301
agent/structs: Intention validation 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto d34ee200de
agent/consul: support intention description, meta is non-nil 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto e81d1c88b7
agent/consul/fsm: add tests for intention requests 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto 2b047fb09b
agent,agent/consul: set default namespaces 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto e630d65d9d
agent/consul: set CreatedAt, UpdatedAt on intentions 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto 237da67da5
agent: GET /v1/connect/intentions/match 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto e9d208bcb6
agent/consul: RPC endpoint for Intention.Match 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto 987b7ce0a2
agent/consul/state: IntentionMatch for performing match resolution 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto 231f7328bd
agent/structs: IntentionPrecedenceSorter for sorting based on precedence 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto a91fadb971
agent: PUT /v1/connect/intentions/:id 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto cae7bca448
agent: DELETE /v1/connect/intentions/:id 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto bebe6870ff
agent/consul: test that Apply works to delete an intention 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto 95e1c92edf
agent/consul/state,fsm: support for deleting intentions 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto 32ad54369c
agent/consul: creating intention must not have ID set 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto f219c766cb
agent/consul: support updating intentions 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto 37572829ab
agent: GET /v1/connect/intentions/:id 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto c78b82f43b
agent: POST /v1/connect/intentions 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto 4003bca543
agent: GET /v1/connect/intentions endpoint 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto 2a8a2f8167
agent/consul: Intention.Get endpoint 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto 48b9a43f1d
agent/consul: Intention.Apply, FSM methods, very little validation 2018-06-14 09:41:39 -07:00
Mitchell Hashimoto b19a289596
agent/consul: start Intention RPC endpoints, starting with List 2018-06-14 09:41:39 -07:00
Mitchell Hashimoto 8b0ac7d9c5
agent/consul/state: list intentions 2018-06-14 09:41:39 -07:00
Mitchell Hashimoto c05bed86e1
agent/consul/state: initial work on intentions memdb table 2018-06-14 09:41:39 -07:00
Guido Iaquinti 3ed73961b3 Attach server.Name label to client.rpc.failed 2018-06-13 14:56:14 +01:00
Guido Iaquinti bda575074e Attach server.ID label to client.rpc.failed 2018-06-13 14:53:44 +01:00
Guido Iaquinti edd6a69541 Client: add metric for failed RPC calls to server 2018-06-13 12:35:45 +01:00
Matt Keeler f9d0323c0b Fixup a weird merge problem 2018-06-11 16:27:39 -04:00
Matt Keeler c41fa6c010 Add a Client ReloadConfig test 2018-06-11 16:23:51 -04:00
Matt Keeler c5d9c2362f Merge branch 'master' of github.com:hashicorp/consul into rpc-limiting
# Conflicts:
#	agent/agent.go
#	agent/consul/client.go
2018-06-11 16:11:36 -04:00
Matt Keeler c589991452 Apply the limits to the clients rpcLimiter 2018-06-11 15:51:17 -04:00
Matt Keeler 6604828009 Add configuration entry to control including TXT records for node meta in DNS responses
If set to false, the only way to retrieve TXT records for node meta is to specifically query for TXT records.
2018-06-11 11:49:04 -04:00
Pierre Souchay 6c7f01ae73 Removed labels from new ACL denied metrics 2018-06-08 11:56:46 +02:00
Pierre Souchay 2113071ae7 Removed consul prefix from metrics as requested by @kyhavlov 2018-06-08 11:51:50 +02:00
Matt Keeler e043621dd3
Merge pull request #4156 from hashicorp/enterprise-coexistence
Enterprise/Licensing Cleanup
2018-06-05 10:50:32 -04:00
Jack Pearkes c4112f2b9a
Merge pull request #4013 from sethvargo/sethvargo/user_agent
Add a helper for generating Consul's user-agent string
2018-06-01 09:13:38 -07:00
Matt Keeler 1c577b2012
Merge pull request #4131 from pierresouchay/enable_full_dns_compression
Enable full dns compression
2018-06-01 10:42:03 -04:00
Matt Keeler 4858aa6be4 Add RunWithConfig and put Run signature back to normal 2018-05-31 20:22:14 -04:00
Matt Keeler f300d7bc65 Update unit tests to reflect change to func signature 2018-05-31 17:20:16 -04:00
Matt Keeler 365e8d11ee Allow passing in a config to the watch plan to use when creating the API client
This allows watches from consul agent config (rather than consul watch command) to be able to utilize HTTPs
2018-05-31 17:07:36 -04:00
Pierre Souchay 544acdf04e Fixed comments for max DNS records returned as requested by @mkeeler 2018-05-31 18:15:52 +02:00
Seth Vargo 303b56e07b
Use new discover and useragent libs 2018-05-25 15:52:05 -04:00
Matt Keeler 14661a417b Allow for easy enterprise/oss coexistence
Uses struct/interface embedding with the embedded structs/interfaces being empty for oss. Also methods on the server/client types are defaulted to do nothing for OSS
2018-05-24 10:36:42 -04:00
Matt Keeler 170fa10c85 Add BadRequestError handling 2018-05-24 10:34:01 -04:00
Wim cbd4405c50 Add service reverse lookup tests 2018-05-21 22:59:21 +02:00
Wim cea77e8825 Do reverse service lookup only if address doesn't match node 2018-05-21 22:27:41 +02:00
Wim 88514d6a82 Add support for reverse lookup of services 2018-05-19 19:39:02 +02:00
Pierre Souchay 5c1c9cde34 Test fix, trying to pass Travis tests 2018-05-16 14:10:35 +02:00
Pierre Souchay 74cbe5ac85 Ensure to never send messages more than 64k 2018-05-16 12:47:35 +02:00
Pierre Souchay 5f529c9ea7 Fixed unit tests and updated limits 2018-05-16 12:11:49 +02:00
Pierre Souchay 7e8878df0b Re-Enable compression while computing Len(), so we can send more answers
This will fix https://github.com/hashicorp/consul/issues/4071
2018-05-16 11:00:51 +02:00
Matt Keeler 24e0104901 Update bindata_assetfs for 1.1 2018-05-11 14:56:05 -04:00
Paul Banks 6108205ff6
v1.1.0 UI Build 2018-05-11 17:05:20 +01:00
Paul Banks d35988521e
Go fmt cleanup 2018-05-11 17:05:19 +01:00
Preetha Appan 7400a78f8a
Change default raft threshold config values and add a section to upgrade notes 2018-05-11 10:45:41 -05:00
Preetha Appan 5d3b267787
More docs and removed SnapShotInterval from raft timing struct stanza 2018-05-11 10:43:24 -05:00
Preetha Appan e28c5fbb4e
Also make snapshot interval configurable 2018-05-11 10:43:24 -05:00
Preetha Appan 9d2dac9db8
fix spacing 2018-05-11 10:43:24 -05:00
Preetha Appan eb4bc79118
Make raft snapshot commit threshold configurable 2018-05-11 10:43:24 -05:00
Kyle Havlovitz 67167fd961
Merge pull request #4108 from hashicorp/vendor-go-discover
Update go-discover and add triton provider
2018-05-10 17:29:00 -07:00
Kyle Havlovitz c04ff88537
Move cloud auto-join docs to a separate page and add Triton 2018-05-10 17:15:41 -07:00
Jack Pearkes e611b1728a
Merge pull request #4097 from hashicorp/remove-deprecated
Remove deprecated check/service fields and metric names
2018-05-10 15:45:49 -07:00
John Cowen ca15998b51
UI V2 (#4086)
* Move settings to use the same service/route API as the rest of the app

* Put some ideas down for unit testing on adapters

* Favour `Model` over `Entity`

* Move away from using `reopen` to using Mixins

* Amend messages, comment/document some usage

* Make sure the returns are consistent in normalizePayload, also

Add some todo's in to remind me to think consider this further at a
later date. For example, is normalizePayload to be a hook or an
overridable method

* Start stripping back the HTML to semantics

* Use a variable rather than chaining

* Remove unused helpers

* Start picking through the new designs, start with listing pages

* First draft HTML for every page

* Making progress on the CSS

* Keep plugging away at the catalog css

* Looking at scrolling

* Wire up filtering

* Sort out filter counting, more or less done a few outstanding

* Start knocking the forms into shape

* Add in codemirror

* Keep moving forwards with the form like layouts

* Start looking at ACL editing page, add footer in

* Pull the filters back in, look at an autoresizer for scroll views

* First draft toggles

* 2nd draft healthcheck icons

* Tweak node healthcheck icons

* Looking at healthcheck detail icons

* Tweak the filter-bar and add selections to the in content tabs

* Add ACL create, pill-like acl type highlight

* Tweaking the main nav some more

* Working on the filter-bar and freetext-filter

* Masonry layout

* Stick with `checks` instead of healthy/unhealthy

* Fix up the filter numbers/counts

* Use the thead for a measure

* First draft tomography back in

* First draft DC dropdown

* Add a temporary create buttong to kv's

* Move KV and ACL to use a create page

* Move tags

* Run through old tests

* Injectable server

* Start adding test attributes

* Add some page objects

* More test attributes and pages

* Acl filter objects

* Add a page.. page object

* Clickable items in lists

* Add rest/spread babel plugin, remove mirage for now

* Add fix for ember-collection

* Keep track of acl filters

* ember-cli-page-object

* ember-test-selectors

* ui: update version of ui compile deps

* Update static assets

* Centralize radiogroup helper

* Rejig KV's and begin to clean it up

* Work around lack of Tags for the moment..

* Some little css tweaks and start to remove possibles

* Working on the dc page and incidentals

1. Sort the datacenter-picker list
2. Add a selected state to the datacenter-picker
3. Make dc an {Name: dc}
4. Add an env helper to get to 'env vars' from within templates

* Click outside stuff for the datacenter-picker, is-active on nav

* Make sure the dropdown CTA can be active

* Bump ember add pluralize helper

* Little try at sass based custom queries

* Rejig tablular collection so it deals with resizing, actions

1. WIP: start building actions dropdowns
2. Move tabular collection to deal with resizing to rule out differences

* First draft actions dropdowns

* Add ports, selectable IP's

* Flash messages, plus general cleanup/consistency

1. Add ember-cli-flash for flash messages
2. Move everything to get() instead of item.get
3. Spotted a few things that weren't consistent

* DOn't go lower than zero

* First draft vertical menu

* Missed a get, tweak dropmenu tick

* Big cleanup

1. this.get(), this.set() > get(), set()
2. assign > {...{}, ...{}}
3. Seperator > separator

* WIP: settings

* Moved things into a ui-v2 folder

* Decide on a way to do the settings page whilst maintaining the url + dc's

* Start some error pages

* Remove base64 polyfill

* Tie in settings, fix atob bug, tweak layout css

* Centralize confirmations into a component

* Allow switching between the old and new UI with the CONSUL_UI_BETA env var

Currently all the assets are packaged into a single AssetFS and a prefix is configured to switch between the two.

* Attempt at some updates to integrate the v2 ui build into the main infrastructure

* Add redirect to index.html for unknown paths

* Allow redictor to /index.html for new ui when using -ui-dir

* Take ACLs to the correct place on save

* First pass breadcrumbs

* Remove datacenter selector on the index page

* Tweak overall layout

* Make buttons 'resets'

* Tweak last DC stuff

* Validations plus kv keyname viewing tweaks

* Pull sessions back in

* Tweak the env vars to be more reusable

* Move isAnon to the view

* No items and disabled acl css

* ACL and KV details

1. Unauthorized page
2. Make sure the ACL is always selected when it needs it
3. Check record deletion with a changeset

* Few more acl tweaks/corrections

* Add no items view to node > services

* Tags for node > services

* Make sure we have tags

* Fix up the labels on the tomography graph

* Add node link (agent) to kv sessions

* Duplicate up `create` for KV 'root creation'

* Safety check for health checks

* Fix up the grids

* Truncate td a's, fix kv columns

* Watch for spaces in KV id's

* Move actions to their own mixins for now at least

* Link reset to settings incase I want to type it in

* Tweak error page

* Cleanup healthcheck icons in service listing

* Centralize errors and make getting back easier

* Nice numbers

* Compact buttons

* Some incidental css cleanups

* Use 'Key / Value' for root

* Tweak tomography layout

* Fix single healthcheck unhealthy resource

* Get loading screen ready

* Fix healthy healthcheck tick

* Everything in header starts white

* First draft loader

* Refactor the entire backend to use proper unique keys, plus..

1. Make unique keys form dc + slug (uid)
2. Fun with errors...

* Tweak header colors

* Add noopener noreferrer to external links

* Add supers to setupController

* Implement cloning, using ember-data...

* Move the more expensive down the switch order

* First draft empty record cleanup..

* Add the cusomt store test

* Temporarily use the htmlSafe prototype to remove the console warning

* Encode hashes in urls

* Go back to using title for errors for now

* Start removing unused bulma

* Lint

* WIP: Start looking at failing tests

* Remove single redirect test

* Finish off error message styling

* Add full ember-data cache invalidation to avoid stale data...

* Add uncolorable warning icons

* More info icon

* Rearrange single service, plus tag printing

* Logo

* No quotes

* Add a simple startup logo

* Tweak healthcheck statuses

* Fix border-color for healthchecks

* Tweak node tabs

* Catch 401 ACL errors and rethrow with the provided error message

* Remove old acl unauth and error routes

* Missed a super

* Make 'All' refer to number of checks, not services

* Remove ember-resizer, add autoprefixer

* Don't show tomography if its not worth it, viewify it more also

* Little model cleanup

* Chevrons

* Find a way to reliably set the class of html from the view

* Consistent html

* Make sure session id's are visible as long as possible

* Fix single service check count

* Add filters and searchs to the query string

* Don't remember the selected tab

* Change text

* Eror tweaking

* Use chevrons on all breadcrumbs even in kv's

* Clean up a file

* Tweak some messaging

* Makesure the footer overlays whats in the page

* Tweak KV errors

* Move json toggle over to the right

* feedback-dialog along with copy buttons

* Better confirmation dialogs

* Add git sha comment

* Same title as old UI

* Allow defaults

* Make sure value is a string

* WIP: Scrolling dropdowns/confirmations

* Add to kv's

* Remove set

* First pass trace

* Better table rows

* Pull over the hashi code editor styles

* Editor tweaks

* Responsive tabs

* Add number formatting to tomography

* Review whats left todo

* Lint

* Add a coordinate ember data triplet

* Bump in a v2.0.0

* Update old tests

* Get coverage working again

* Make sure query keys are also encoded

* Don't test console.error

* Unit test some more utils

* Tweak the size of the tabular collections

* Clean up gitignore

* Fix copy button rollovers

* Get healthcheck 'icon icons' onto the text baseline

* Tweak healthcheck padding and alignment

* Make sure commas kick in in rtt, probably never get to that

* Improve vertical menu

* Tweak dropdown active state to not have a bg

* Tweak paddings

* Search entire string not just 'startsWith'

* Button states

* Most buttons have 1px border

* More button tweaks

* You can only view kv folders

* CSS cleanup reduction

* Form input states and little cleanup

* More CSS reduction

* Sort checks by importance

* Fix click outside on datacenter picker

* Make sure table th's also auto calculate properly

* Make sure `json` isn't remembered in KV editing

* Fix recursive deletion in KV's

* Centralize size

* Catch updateRecord

* Don't double envode

* model > item consistency

* Action loading and ACL tweaks

* Add settings dependencies to acl tests

* Better loading

* utf-8 base64 encode/decode

* Don't hang off a prototype for htmlSafe

* Missing base64 files...

* Get atob/btoa polyfill right

* Shadowy rollovers

* Disabled button styling for primaries

* autofocuses only onload for now

* Fix footer centering

* Beginning of 'notices'

* Remove the isLocked disabling as we are letting you do what the API does

* Don't forget the documentation link for sessions

* Updates are more likely

* Use exported constant

* Dont export redirectFS and a few other PR updates

* Remove the old bootstrap config which was used for the old UI skin

* Use curlies for multiple properties
2018-05-10 19:52:53 +01:00
Paul Banks 79a3cee3d1
Make it work for WAN join too and add tests 2018-05-10 14:30:24 +01:00
Dominik Lekse 88dc90ecfc
Added support for sockaddr templates in start-join and retry-join configuration 2018-05-10 14:08:41 +01:00
Kyle Havlovitz c19b43bf86
Remove unused retry join structs from config 2018-05-08 16:25:34 -07:00
Kyle Havlovitz 60307ef328
Remove deprecated metric names 2018-05-08 16:23:15 -07:00
Kyle Havlovitz a480434517
Remove the script field from checks in favor of args 2018-05-08 15:31:53 -07:00
Paul Banks c55885efd8
Merge pull request #3970 from pierresouchay/node_health_should_change_service_index
[BUGFIX] When a node level check is removed, ensure all services of node are notified
2018-05-08 16:44:50 +01:00
Kyle Havlovitz 36c5e59465
Remove support for EnableTagOverride in config files 2018-05-07 16:19:13 -07:00
Kyle Havlovitz fb3cd87c91
Remove support for CheckID field in service check definitions 2018-05-07 16:15:08 -07:00
Dino Lukman 27d0b9ce27 Fix telemetry default prefix filter
If telemetry metrics contain a hostname starting with
'consul', the metrics will be filtered out the same way
as the deprecated metrics.
2018-05-02 16:56:29 +02:00
Jack Pearkes 5a14443b79
Merge pull request #4021 from fomentia/master
Close HTTP response in Agent test (HTTPAPI_MethodNotAllowed_OSS)
2018-04-27 09:28:01 -07:00
Paul Banks ea731031d5
Merge pull request #4047 from pierresouchay/added_missing_meta_in_service_definition
[BUGFIX] Added Service Meta support in configuration files
2018-04-25 13:08:53 +01:00
Pierre Souchay 7b752604d5 Improved unit test (example close to actual value) 2018-04-24 23:15:27 +02:00
Paul Banks 06e1a62653
Merge pull request #4016 from pierresouchay/support_for_prometheus
Support for prometheus for metrics endpoint
2018-04-24 16:14:43 +01:00
Pierre Souchay 24185ada0d Fixed Meta name for JSON + Added unit tests for HCL/JSON 2018-04-24 16:39:43 +02:00
Pierre Souchay 956b6213dc Removed Nanoseconds cast as requested by @banks 2018-04-24 16:30:10 +02:00
Pierre Souchay 9ddf7af82d Removed content negotiation of Prometheus as requested by @banks 2018-04-24 16:28:30 +02:00
Pierre Souchay ee47eb7d7d Added Missing Service Meta synchronization and field 2018-04-21 17:34:29 +02:00
Pierre Souchay cf3cd546c8 More Tests cases compression/no compression 2018-04-21 17:18:39 +02:00
Pierre Souchay a3b028d1d7 Removed unecessary copy of Extra and index 2018-04-20 22:51:04 +02:00
Pierre Souchay 5d0060a9c3 Use safer stringVal() 2018-04-18 23:18:16 +02:00
Pierre Souchay 6e71d8bb44 Added unit test on key length 2018-04-18 23:07:25 +02:00
Pierre Souchay ef7a35b203 Added unit tests for bad meta values 2018-04-18 22:57:33 +02:00
Pierre Souchay 5c4d8940ea [BUGFIX] Added Service Meta support in configuration files
Fixes https://github.com/hashicorp/consul/issues/4045

Was not added by mistake in https://github.com/hashicorp/consul/pull/3881
2018-04-18 22:18:58 +02:00
Pierre Souchay bebf03e26e Fixed import 2018-04-18 17:09:25 +02:00
Pierre Souchay 4739b05d12 Added labels to improve new metric 2018-04-18 16:51:22 +02:00
Pierre Souchay 1b55e3559b Allow renaming nodes when ID is unchanged 2018-04-18 15:39:38 +02:00
Pierre Souchay e1240556f9 Improved unit tests debug info when it fails 2018-04-18 14:18:17 +02:00
Pierre Souchay 7db49828bd Fixed sync of Extra in binarySearch 2018-04-18 14:17:44 +02:00
Pierre Souchay 6706ff9f0b Run new test in parallel 2018-04-17 10:36:12 +02:00
Pierre Souchay 12f81c60ac Track calls blocked by ACLs using metrics 2018-04-17 10:17:16 +02:00
Pierre Souchay 49aaf4155b More test cases + travis flacky 2018-04-17 09:42:08 +02:00
Pierre Souchay f2fc163b92 Added Unit tests + fixed boudary limit 2018-04-17 09:31:30 +02:00
Pierre Souchay 146152170f Added comment for function dnsBinaryTruncate 2018-04-17 01:10:52 +02:00
Pierre Souchay 9a819b5b29 Perform a binary search to find optimal size of DNS responses
Will fix https://github.com/hashicorp/consul/issues/4036

Instead of removing one by one the entries, find the optimal
size using binary search.

For SRV records, with 5k nodes, duration of DNS lookups is
divided by 4 or more.
2018-04-17 00:50:00 +02:00
Kyle Havlovitz 2ac0669362
Update static assets 2018-04-13 10:05:30 -07:00
Kyle Havlovitz be10300d06
Update make static-assets goal and run format 2018-04-13 09:57:25 -07:00
Matt Keeler ed94d356e0
Merge pull request #4023 from hashicorp/f-near-ip
Add near=_ip support for prepared queries
2018-04-12 12:10:48 -04:00
Matt Keeler d604642792 GH-3798: More PR Updates
Update docs a little
Update/add tests. Make sure all the various ways of determining the source IP work
Update X-Forwarded-For header parsing. This can be a comma separated list with the first element being the original IP so we now handle csv data there.
Got rid of error return from sourceAddrFromRequest
2018-04-12 10:40:46 -04:00
Matt Keeler aa9151738a GH-3798: A couple more PR updates
Test HTTP/DNS source IP without header/extra EDNS data.
Add WARN log for when prepared query with near=_ip is executed without specifying the source ip
2018-04-12 10:10:37 -04:00
Matt Keeler 3a0f7789ec GH-3798: A few more PR updates 2018-04-11 20:32:35 -04:00
Matt Keeler de3a9be3d0 GH-3798: Updates for PR
Allow DNS peer IP as the source IP.
Break early when the right node was found for executing the preapred query.
Update docs
2018-04-11 17:02:04 -04:00
Matt Keeler 300f7f388e GH-3798: Wrap DNS request validation in a retry 2018-04-11 16:00:15 -04:00
Jack Pearkes f9baf50b54
Merge pull request #4015 from hashicorp/ui-service-tags
api/ui: return tags on internal UI endpoints
2018-04-11 12:02:19 -07:00
Matt Keeler b7869e9771 GH-3798: Add DNS near=_ip test 2018-04-11 10:33:48 -04:00
Matt Keeler 0c44a0a7cc GH-3798: Add HTTP prepared query near=_ip test
Also fixed an issue where we need to have the X-Forwarded-For header processed before the RemoteAddr. This shouldn’t have any functional difference for prod code but for mocked request objects it allows them to work.
2018-04-10 15:35:54 -04:00
Matt Keeler 89cd24aeca GH-3798: Add near=_ip support for prepared queries 2018-04-10 14:50:50 -04:00
Isaac Williams 2926294865 Close HTTP response in Agent test (HTTPAPI_MethodNotAllowed_OSS) 2018-04-10 13:18:46 -04:00
Paul Banks 2ed0d2afcd
Allow ignoring checks by ID when defining a PreparedQuery. Fixes #3727. 2018-04-10 14:04:16 +01:00
Pierre Souchay e342ced97b Clearer documentation and comments for enabling Prometheus support 2018-04-09 13:16:45 +02:00
Pierre Souchay c164ee7dbd Enable compression / automatic Mime-Type detection for Prometheus endpoint 2018-04-09 13:16:03 +02:00
Jared Wasinger 9a1737a5f0 agent: reload limits upon restart 2018-04-08 14:28:29 -07:00
Jared Wasinger 361b10b5dd add unit tests: limits configuration should be reloadable 2018-04-08 03:57:01 -07:00
Matt Keeler 3df53b6459
Merge pull request #4006 from kjothen/patch-1
Update check.go
2018-04-06 12:57:52 -04:00
Pierre Souchay 2e495ec8a6 Now use prometheus_retention_time > 0 to enable prometheus support 2018-04-06 14:21:05 +02:00
Pierre Souchay 583744d8c5 Added support exposing metrics in Prometheus format 2018-04-06 09:18:06 +02:00
Jack Pearkes 812efc2667 api/ui: return tags on internal UI endpoints
This is to allow the UI to display tags in the services index pages
without needing to make additional queries.
2018-04-05 12:28:57 -07:00
Matt Keeler cbefc4261d
Merge pull request #3752 from yfouquet/issue_3687
Add support for compression in http api
2018-04-04 09:06:42 -04:00
Yoann 23a6ad9356 Add support for compression in http api
The need has been spotted in issue https://github.com/hashicorp/consul/issues/3687.
Using "NYTimes/gziphandler", the http api responses can now be compressed if required.
The Go API requires compressed response if possible and handle the compressed response.
We here change only the http api (not the UI for instance).
2018-04-03 22:33:13 +02:00
Preetha d4e6b0307e
Merge pull request #3998 from zte-opensource/wip-fix-shutdown
minor fix for endpoints shutdown
2018-04-03 12:22:54 -05:00
Kieran Othen 4575fd378a
Update check.go
Cosmetic fix to the agent's HTTP check function which always formats the result as "HTTP GET ...", ignoring any non-GET supplied HTTP method such as POST, PUT, etc.
2018-03-31 16:44:35 +01:00
Matt Keeler c0b1fb6ede
Merge pull request #3948 from pierresouchay/fix_tcp_dns_limit
[BUGFIX] do not break when TCP DNS answer exceeds 64k
2018-03-30 16:25:23 -04:00
Preetha 8fbe3dfceb
Adds discovery_max_stale (#4004)
Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
2018-03-30 10:14:44 -05:00
Preetha 48c499d1cb
Merge pull request #3994 from hashicorp/f-rename-servicemeta
Renames agent API layer for service metadata to "meta" for consistency
2018-03-29 14:07:57 -05:00
runsisi 2f09d10df5 minor fix for endpoints shutdown
Signed-off-by: runsisi <runsisi@zte.com.cn>
2018-03-29 21:45:46 +08:00
Matt Keeler b5cdbbd033
Merge pull request #3990 from hashicorp/b-gh-3854
Warn when node name isnt a valid DNS label
2018-03-29 09:04:47 -04:00
Preetha Appan d9d9944179
Renames agent API layer for service metadata to "meta" for consistency 2018-03-28 09:04:50 -05:00
Preetha 8dacb12c79
Merge pull request #3881 from pierresouchay/service_metadata
Feature Request: Support key-value attributes for services
2018-03-27 16:33:57 -05:00
Preetha f91db69d6e
Merge pull request #3984 from hashicorp/f-allow-federation-disable
Allows disabling WAN federation by setting serf WAN port to -1
2018-03-27 16:05:53 -05:00
Matt Keeler fd9297ad8f Formatting update 2018-03-27 16:31:27 -04:00
Pierre Souchay b9ae4e647f Added validation of ServiceMeta in Catalog
Fixed Error Message when ServiceMeta is not valid

Added Unit test for adding a Service with badly formatted ServiceMeta
2018-03-27 22:22:42 +02:00
Preetha Appan 17a011b9bd
fix typo and remove comment 2018-03-27 14:28:05 -05:00
Matt Keeler 2d8a68cce9 GH-3854: Warn when node name isnt a valid DNS label 2018-03-27 15:00:33 -04:00
Preetha Appan 6d16afc65c
Remove unnecessary nil checks 2018-03-27 10:59:42 -05:00
Preetha Appan c21c2da690
Fix test and remove unused method 2018-03-27 09:44:41 -05:00
Preetha Appan 512f9a50fc
Allows disabling WAN federation by setting serf WAN port to -1 2018-03-26 14:21:06 -05:00
Pierre Souchay eccb56ade0 Added support for renaming nodes when their IP does not change 2018-03-26 16:44:13 +02:00
Pierre Souchay 90d2f7bca1 Merge remote-tracking branch 'origin/master' into node_health_should_change_service_index 2018-03-22 13:07:11 +01:00
Pierre Souchay 9cc9dce848 More test cases 2018-03-22 12:41:06 +01:00
Pierre Souchay 7e8e4e014b Added new test regarding checks index 2018-03-22 12:20:25 +01:00
Pierre Souchay a8b66fb7aa Fixed minor typo in comments
Might fix unstable travis build
2018-03-22 10:30:10 +01:00
Guido Iaquinti 244fc72b05 Add package name to log output 2018-03-21 15:56:14 +00:00
Josh Soref 1dd8c378b9 Spelling (#3958)
* spelling: another

* spelling: autopilot

* spelling: beginning

* spelling: circonus

* spelling: default

* spelling: definition

* spelling: distance

* spelling: encountered

* spelling: enterprise

* spelling: expands

* spelling: exits

* spelling: formatting

* spelling: health

* spelling: hierarchy

* spelling: imposed

* spelling: independence

* spelling: inspect

* spelling: last

* spelling: latest

* spelling: client

* spelling: message

* spelling: minimum

* spelling: notify

* spelling: nonexistent

* spelling: operator

* spelling: payload

* spelling: preceded

* spelling: prepared

* spelling: programmatically

* spelling: required

* spelling: reconcile

* spelling: responses

* spelling: request

* spelling: response

* spelling: results

* spelling: retrieve

* spelling: service

* spelling: significantly

* spelling: specifies

* spelling: supported

* spelling: synchronization

* spelling: synchronous

* spelling: themselves

* spelling: unexpected

* spelling: validations

* spelling: value
2018-03-19 16:56:00 +00:00
Paul Banks e2673c76d6
Merge pull request #3962 from canterberry/upgrade/tls-cipher-suites
🔒 Update supported TLS cipher suites
2018-03-19 16:44:33 +00:00
Pierre Souchay 3eb287f57d Fixed typo in comments 2018-03-19 17:12:08 +01:00
Pierre Souchay eb2a4eaea3 Refactoring to have clearer code without weird bool 2018-03-19 16:12:54 +01:00
Pierre Souchay a5f6ac0df4 [BUGFIX] When a node level check is removed, ensure all services of node are notified
Bugfix for https://github.com/hashicorp/consul/pull/3899

When a node level check is removed (example: maintenance),
some watchers on services might have to recompute their state.

If those nodes are performing blocking queries, they have to be notified.
While their state was updated when node-level state did change or was added
this was not the case when the check was removed. This fixes it.
2018-03-19 14:14:03 +01:00
Preetha Appan 84bd6dc5d1
cleanup unit test code a bit 2018-03-16 09:36:57 -05:00
Preetha 164fb3f48c
Merge pull request #3885 from eddsteel/support-options-requests
Support OPTIONS requests
2018-03-16 09:20:16 -05:00
Devin Canterberry 8a5df6ecc3
🎨 Formatting changes only; convert leading space to tabs 2018-03-15 10:30:38 -07:00
Devin Canterberry 2001b9f35f
Match expectation of TLSCipherSuites to values of tls_cipher_suites 2018-03-15 10:19:46 -07:00
Devin Canterberry 881d20c606
🐛 Formatting changes only; add missing trailing commas 2018-03-15 10:19:46 -07:00
Devin Canterberry ece32fce53
🔒 Update supported TLS cipher suites
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go).

> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
>  * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4)
>  * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/)
2018-03-15 10:19:46 -07:00
Pierre Souchay d9b59d1b3e Fixed minor typo (+ travis tests is unstable) 2018-03-09 18:42:13 +01:00
Pierre Souchay 871b9907cb Optimize size for SRV records, should improve performance a bit
Stricter Unit tests that checks if truncation was OK.
2018-03-09 18:25:29 +01:00
Preetha 401215230c
Merge pull request #3940 from pierresouchay/dns_max_size
Allow to control the number of A/AAAA Record returned by DNS
2018-03-09 07:35:32 -06:00
Pierre Souchay b0b243bf1b Fixed wrong format of debug msg in unit test 2018-03-08 00:36:17 +01:00
Pierre Souchay c3713dbbf1 Performance optimization for services having more than 2k records 2018-03-08 00:26:41 +01:00
Pierre Souchay 1085d5a7b4 Avoid issue with compression of DNS messages causing overflow 2018-03-07 23:33:41 +01:00
Pierre Souchay 241c7e5f5f Cleaner Unit tests from suggestions from @preetapan 2018-03-07 18:24:41 +01:00
Pierre Souchay b672707552 64000 max limit to DNS messages since there is overhead
Added debug log to give information about truncation.
2018-03-07 16:14:41 +01:00
Pierre Souchay 06afb4d02c [BUGFIX] do not break when TCP DNS answer exceeds 64k
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).

Fixes https://github.com/hashicorp/consul/issues/3850
2018-03-07 10:08:06 +01:00
Mitchell Hashimoto fbac58280e
agent/consul/fsm: begin using testify/assert 2018-03-06 09:48:15 -08:00
Pierre Souchay 09970479b5 Allow to control the number of A/AAAA Record returned by DNS
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.

It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937

See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.

It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.

The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
2018-03-06 02:07:42 +01:00
Edd Steel 413cb3d3b5
Re-use defined endpoints for tests 2018-03-03 11:19:18 -08:00
Paul Banks 628dcc9793
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index
Services Indexes modified per service instead of using a global Index
2018-03-02 16:24:43 +00:00
Pierre Souchay 85b73f8163 Simplified error handling for maxIndexForService
* added unit tests to ensure service index is properly garbage collected
* added Upgrade from Version 1.0.6 to higher section in documentation
2018-03-01 14:09:36 +01:00
Paul Banks f7ecbce39a
Fix test running in non-bash shells 2018-02-22 14:06:06 +00:00
Paul Banks 0ee77a5e02
Merge pull request #3900 from hashicorp/fix-monitor-sigint-3891
Fixes #3891: agent monitor no longer unresponsive before logs stream.
2018-02-21 21:28:33 +00:00
Preetha Appan 77d35f1829
Remove extra newline 2018-02-21 13:21:47 -06:00
Preetha Appan 573500dc51
Unit test that calls revokeLeadership twice to make sure its idempotent 2018-02-21 12:48:53 -06:00
Preetha Appan bd270b02ba
Make sure revokeLeadership is called if establishLeadership errors 2018-02-21 12:33:22 -06:00
Alex Dadgar 535842004c Test autopilots start/stop idempotency 2018-02-21 10:19:30 -08:00
Alex Dadgar 4d99696f02 Improve autopilot shutdown to be idempotent 2018-02-20 15:51:59 -08:00