c706bf135c
Merge pull request #11340 from hashicorp/dnephin/ca-manager-provider
...
ca: split the Provider interface into Primary/Secondary
2021-11-01 14:11:15 -04:00
eaaceedf31
Merge pull request #11338 from hashicorp/dnephin/ca-manager-isolate-secondary
...
ca: clearly identify methods that are primary-only or secondary-only
2021-11-01 14:10:31 -04:00
411e59c440
Merge pull request #11417 from hashicorp/crt-migration-1.11.0-betax
...
Crt migration 1.11.0 betax
2021-11-01 11:02:55 -07:00
89c89657d5
Merge pull request #11463 from hashicorp/docs-cts-tls
...
docs/nia: Update TLS-related configurations for CTS
2021-11-01 12:39:39 -05:00
a620b6be2e
Support Check-And-Set deletion of config entries ( #11419 )
...
Implements #11372
2021-11-01 16:42:01 +00:00
2bcd5c42b9
Merge pull request #11441 from hashicorp/docs/admin-partitions-feedback-acl-policies
...
admin partitions feedback related to ACLs; additional improvements to ACL rule docs
2021-11-01 09:09:38 -07:00
5050867956
Update website/content/docs/security/acl/acl-rules.mdx
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-11-01 09:07:08 -07:00
afac305b54
docs/nia: Update TLS-related configurations for CTS
...
- Clarify file types and uses of the configurations
- Update some wording to match between Consul and TFE TLS configs
2021-11-01 10:44:14 -05:00
4d763ef9e6
regenerate expired certs ( #11462 )
...
* regenerate expired certs
* add documentation to generate tests certificates
2021-11-01 11:40:16 -04:00
6dfcbeceec
Merge pull request #11348 from kbabuadze/fix-answers-alt-domain
...
Fix answers for alt domain
2021-10-29 17:09:20 -04:00
571cff9dc9
docs: add -verbose flag for install command ( #11447 )
2021-10-29 12:08:23 -07:00
324fa75d25
PR fixes
2021-10-28 22:22:38 -07:00
2353d59413
cli: update consul members output to display partitions and sort the results usefully ( #11446 )
2021-10-28 17:27:31 -05:00
d40d098321
agent: for various /v1/agent endpoints parse the partition parameter on the request ( #11444 )
...
Also update the corresponding CLI commands to send the parameter
appropriately.
NOTE: Behavioral changes are not happening in this PR.
2021-10-28 16:44:38 -05:00
017e9d5ae4
agent: add a clone function for duplicating the serf lan configuration ( #11443 )
2021-10-28 16:11:26 -05:00
a749a41d07
Fix back compat issues with UDS config ( #11318 )
...
SocketPath needs to be omitted when empty to avoid confusing older versions of Consul
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-10-28 13:31:10 -07:00
c3a1895f2e
docs: revised Helm install to create namespace and install on dedicated namespace ( #11440 )
...
* docs: revised Helm install to create namespace and install on dedicated Consul namespace
* Update website/content/docs/k8s/installation/install.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
* Update install.mdx
* changing to Helm 3.2+ as a pre-req to make it easier to follow
* might as well bump to latest version
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-28 12:27:00 -07:00
e70cff6ee8
applying admin partitions feedback related to ACLs; additional immprovments to ACL rule docs
2021-10-28 11:23:15 -07:00
daf4208341
Update .github/workflows/build.yml
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-10-28 11:07:55 -07:00
503dee2d80
Merge pull request #10671 from hashicorp/dnephin/fix-subscribe-test-flake
...
subscribe: improve TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages
2021-10-28 12:57:09 -04:00
b02b324c9d
Merge pull request #11255 from hashicorp/dnephin/fix-auth-verify-incoming
...
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
2021-10-28 12:56:58 -04:00
ec65c6b3c5
Refactor requireHttpCodes for segregated error handling ( #11287 )
2021-10-28 12:24:23 -04:00
0ac20e556a
CTS document manual apply ( #11426 )
...
* CTS document manual apply
* Add Consul-Terraform-Sync parentheses to CTS acronym
* Add tf link for run notifications
2021-10-28 10:19:18 -05:00
b3c92f22b1
connect: Remove support for Envoy 1.16 ( #11354 )
2021-10-27 18:51:35 -07:00
98acbfa79c
connect: Add support for Envoy 1.20 ( #11277 )
2021-10-27 18:38:10 -07:00
d6b2a22fd0
Merge pull request #11436 from hashicorp/api/exports-marshal
...
[OSS] Ensure partition-exports kind gets marshaled
2021-10-27 15:27:25 -06:00
6195b55dac
Update release branch to 1.11.x
2021-10-27 14:14:02 -07:00
35c5ff5011
Update filename to match entry kind - mesh
2021-10-27 15:01:26 -06:00
3dd21023bc
Ensure partition-exports kind gets marshalled
...
The api module has decoding functions that rely on 'kind' being present
of payloads. This is so that we can decode into the appropriate api type
for the config entry.
This commit ensures that a static kind is marshalled in responses from
Consul's api endpoints so that the api module can decode them.
2021-10-27 15:01:26 -06:00
24951f0c7e
subscribe: attempt to fix a flaky test
...
TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages has been
flaking a few times. This commit cleans up the test a bit, and improves
the failure output.
I don't believe this actually fixes the flake, but I'm not able to
reproduce it reliably.
The failure appears to be that the event with Port=0 is being sent in
both the snapshot and as the first event after the EndOfSnapshot event.
Hopefully the improved logging will show us if these are really
duplicate events, or actually different events with different indexes.
2021-10-27 15:09:09 -04:00
ae76144f55
Merge pull request #11435 from hashicorp/ent-authorizer-refactor
...
[OSS] Export ACLs refactor
2021-10-27 13:04:40 -06:00
520bda999b
Merge pull request #11432 from hashicorp/ap/exports-mgw
...
[OSS] Update mesh gateways to handle partitions
2021-10-27 12:54:53 -06:00
592965d61e
Rework acl exports interface
2021-10-27 12:50:39 -06:00
b290dbba89
Prefer concrete policyAuthorizer type
...
There will only ever be policyAuthorizers embedded in
namespaceAuthorizers, this commit swaps out the interface in favor of
the concrete type.
2021-10-27 12:50:19 -06:00
9bbeea0432
Merge pull request #11433 from hashicorp/exported-service-acls
...
[OSS] acl: Expand ServiceRead and NodeRead to account for partition exports
2021-10-27 12:48:08 -06:00
05f91bd2b8
Update comments
2021-10-27 12:36:44 -06:00
6e9dd995eb
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
...
See github.com/hashicorp/consul/issues/11207
When VerifyIncomingRPC is false the TLS conn will not have the required certificates.
2021-10-27 13:43:25 -04:00
d8ae915160
Merge pull request #11431 from hashicorp/ap/exports-proxycfg
...
[OSS] Update partitioned mesh gw handling for connect proxies
2021-10-27 11:27:43 -06:00
8e23a6a0cc
Merge pull request #11416 from hashicorp/ap/exports-update
...
Rename service-exports to partition-exports
2021-10-27 11:27:31 -06:00
40271beb38
Fixup partitions assertion
2021-10-27 11:15:25 -06:00
67412ac5e7
Fixup imports
2021-10-27 11:15:25 -06:00
4de3537391
Split up locality check from hostname check
2021-10-27 11:15:25 -06:00
9769b31641
Move the exportingpartitions constant to enterprise
2021-10-27 11:15:25 -06:00
0391a65772
Replace default partition check
2021-10-27 11:15:25 -06:00
ee45ac9dc5
PR comments
2021-10-27 11:15:25 -06:00
f99946553a
Leave todo about default name
2021-10-27 11:15:25 -06:00
9d375ad6d2
Add oss impl of registerEntCache
2021-10-27 11:15:25 -06:00
183849416b
Register the ExportingPartitions cache type
2021-10-27 11:15:25 -06:00
8b5a9369eb
Account for partitions in xds gen for mesh gw
...
This commit avoids skipping gateways in remote partitions of the local
DC when generating listeners/clusters/endpoints.
2021-10-27 11:15:25 -06:00
d1d513b1b3
Account for partition in SNI for gateways
2021-10-27 11:15:25 -06:00
Daniel Nephin