Commit graph

13952 commits

Author SHA1 Message Date
Daniel Nephin d2591312f8 state: add tests for config-entry indexers 2021-03-17 14:41:46 -04:00
Daniel Nephin 1b8f8b135e state: convert config-entries kind index to new pattern 2021-03-17 14:40:57 -04:00
Daniel Nephin bfcf463c3a state: remove config-entries namespace index
Use a prefix of the ID index instead.
2021-03-17 14:40:57 -04:00
Daniel Nephin dcbb1ba5dd state: remove unnecessary method receiver 2021-03-17 14:40:57 -04:00
Daniel Nephin b43977423f state: convert config-entries table to new indexer pattern
Using functional indexes to isolate enterprise differentiation and
remove reflection.
2021-03-17 14:40:57 -04:00
Daniel Nephin 98c32599e4
Merge pull request #9881 from hashicorp/dnephin/state-index-service-check-nodes
state: convert services.node and checks.node indexes
2021-03-17 14:12:02 -04:00
Daniel Nephin b771baa1f5
Merge pull request #9863 from hashicorp/dnephin/config-entry-kind-name
state: move ConfigEntryKindName
2021-03-17 14:09:39 -04:00
hashicorp-ci 110da59c6c auto-updated agent/uiserver/bindata_assetfs.go from commit 9e715842d 2021-03-17 16:03:18 +00:00
John Cowen d47ccb859f
ui: Improves UI engineering docs (#9875)
Also fixes some typos in with-overlay
2021-03-17 15:58:17 +00:00
hashicorp-ci fab276cb7d auto-updated agent/uiserver/bindata_assetfs.go from commit f9e8b26af 2021-03-17 14:45:58 +00:00
Kenia eab741eab8
ui: Create auth-method show page with General Info Tab (#9845)
* Update list items to be linkable to auth-methods show

* Add general, namespace, and binding sub-routes

* Remove namespace and binding tabs to be done separately

* Update auth-method byId endpoint

* Style the show auth-method kubernetes type

* Finish Kubernetes auth-method type styling

* OIDC and JWT auth-method styling

* Create consul-auth-method-view component

* Add navigation test for auth-methods

* Create Certificate component
2021-03-17 10:40:56 -04:00
hashicorp-ci d38917b12b auto-updated agent/uiserver/bindata_assetfs.go from commit aca797658 2021-03-17 11:27:44 +00:00
John Cowen 5ff1897070
ui: Adds warning icon to side menu when ACLs are disabled (#9864)
* ui: Adds warning icon to side menu when ACLs are are disabled
2021-03-17 11:23:00 +00:00
hashicorp-ci 7123aaad92 auto-updated agent/uiserver/bindata_assetfs.go from commit 41471719e 2021-03-17 10:50:59 +00:00
John Cowen 62a9dffcae
ui: CSP Improvements (#9847)
* Configure ember-auto-import so we can use a stricter CSP

* Create a fake filesystem using JSON to avoid inline scripts in index

We used to have inline scripts in index.html in order to support embers
filepath fingerprinting and our configurable rootURL.

Instead of using inline scripts we use application/json plus a JSON blob
to create a fake filesystem JSON blob/hash/map to hold all of the
rootURL'ed fingerprinted file paths which we can then retrive later in
non-inline scripts.

We move our inlined polyfills script into the init.js external script,
and we move the CodeMirror syntax highlighting configuration inline
script into the main app itself - into the already existing CodeMirror
initializer (this has been moved so we can lookup a service located
document using ember's DI container)

* Set a strict-ish CSP policy during development
2021-03-17 10:46:21 +00:00
freddygv a3184e6cd7 Refactor makePublicListener
By accepting a name the function can be used for other inbound listeners,
like the one for TransparentProxy.
2021-03-16 19:22:26 -06:00
Daniel Nephin c140ae899b
Merge pull request #9886 from hashicorp/sdk/to_testing_TB
[SDK] change all cases of *testing.T to testing.TB
2021-03-16 20:28:35 -04:00
Daniel Nephin 3d6644a245
Merge pull request #9475 from cbroglie/tls-server-name
Add support for configuring TLS ServerName for health checks
2021-03-16 20:24:44 -04:00
Daniel Nephin 96276fc7b8 Add changelog for 9475 2021-03-16 18:22:25 -04:00
Christopher Broglie 94b02c3954 Add support for configuring TLS ServerName for health checks
Some TLS servers require SNI, but the Golang HTTP client doesn't
include it in the ClientHello when connecting to an IP address. This
change adds a new TLSServerName field to health check definitions to
optionally set it. This fixes #9473.
2021-03-16 18:16:44 -04:00
John Eikenberry fe938b9849 [SDK] change all cases of *testing.T to testing.TB
Using the interface opens up the use of all methods to benchmarks as
well as tests.
2021-03-16 15:05:39 -07:00
Daniel Nephin 23df31f7c0
Merge pull request #8698 from pierreca/fix-iserreof
Use errors.Is() in IsErrEOF()
2021-03-16 17:56:15 -04:00
freddygv cba952a6a5 Add cache-type for Internal.IntentionUpstreams 2021-03-16 11:06:47 -06:00
Daniel Nephin 0b3930272d state: convert services.node and checks.node indexes
Using NodeIdentity to share the indexes with both.
2021-03-16 13:00:31 -04:00
freddygv b79039c21c Prefix match type vars to match use 2021-03-16 09:49:24 -06:00
freddygv fed983fe9a Pass txn into service list queries 2021-03-16 09:33:08 -06:00
freddygv 26ba0c0fc8 Pass txn into intention match queries 2021-03-16 08:03:52 -06:00
freddygv d7f3bcc8bb Replace CertURI.Authorize() calls.
AuthorizeIntentionTarget is a generalized version of the old function,
and can be evaluated against sources or destinations.
2021-03-15 18:06:04 -06:00
freddygv eb6c0cbea0 Fixup typo, comments, and regression 2021-03-15 17:50:47 -06:00
freddygv 9bfb0969f9 Fixup upstream test 2021-03-15 17:20:30 -06:00
freddygv 940b7a98d1 Finish cleanup from ServiceConfigRequest changes 2021-03-15 16:38:01 -06:00
freddygv a67c92b961 Update service manager to pass MeshGateway with config req 2021-03-15 16:08:03 -06:00
freddygv 871e1d3e31 PR comments 2021-03-15 16:02:03 -06:00
Luke Kysow bfcd311159
docs: rename SourceAddress to SourceIP (#9878)
SourceAddress was probably renamed to SourceIP but the docs weren't
updated.
2021-03-15 14:39:33 -07:00
freddygv 04fbc104cd Pass MeshGateway config in service config request
ResolveServiceConfig is called by service manager before the proxy
registration is in the catalog. Therefore we should pass proxy
registration flags in the request rather than trying to fetch
them from the state store (where they may not exist yet).
2021-03-15 14:32:13 -06:00
freddygv d90240d367 Restore old Envoy prefix on escape hatches
This is done because after removing ID and NodeName from
ServiceConfigRequest we will no longer know whether a request coming in
is for a Consul client earlier than v1.10.
2021-03-15 14:12:57 -06:00
freddygv 13cce3419a Only lowercase the protocol when normalizing 2021-03-15 14:12:15 -06:00
freddygv f584c2d7c5 Add omitempty across the board for UpstreamConfig 2021-03-15 13:23:18 -06:00
Freddy b8613a4d06
Merge pull request #9107 from hashicorp/docs-prepared-query-namespace
Add namespaces to prepared query API docs
2021-03-15 13:08:52 -06:00
freddygv 3b2169b36d Add RPC endpoint for intention upstreams 2021-03-15 08:50:35 -06:00
freddygv e4e14639b2 Add state store function for intention upstreams 2021-03-15 08:50:35 -06:00
freddygv 4976c000b7 Refactor IntentionDecision
This enables it to be called for many upstreams or downstreams of a
service while only querying intentions once.

Additionally, decisions are now optionally denied due to L7 permissions
being present. This enables the function to be used to filter for
potential upstreams/downstreams of a service.
2021-03-15 08:50:35 -06:00
Christoph Puhl 54f771af6d Add namespaces to prepared query API docs
Add missing section on creating prepared query for namespaced services
2021-03-15 10:04:53 +01:00
Daniel Nephin 579015dde1
Merge pull request #9152 from hashicorp/dnephin/streaming-enable-connect
use streaming backend for connect service health
2021-03-12 13:05:16 -05:00
Daniel Nephin 2a53b8293a proxycfg: use rpcclient/health.Client instead of passing around cache name
This should allow us to swap out the implementation with something other
than `agent/cache` without making further code changes.
2021-03-12 11:46:04 -05:00
Daniel Nephin c33570be34 catalog_events: set the right key for connect snapshots 2021-03-12 11:35:43 -05:00
Daniel Nephin 410b1261c2 proxycfg: Use streaming in connect state 2021-03-12 11:35:42 -05:00
Daniel Nephin e2215d9f0f rpcclient: use streaming for connect health 2021-03-12 11:35:42 -05:00
Matt Keeler 8d09d610dd
AutopilotServerHealth now handles the 429 status code (#8599)
AutopilotServerHealthy now handles the 429 status code

Previously we would error out and not parse the response. Now either a 200 or 429 status code are considered expected statuses and will result in the method returning the reply allowing API consumers to not only see if the system is healthy or not but which server is unhealthy.
2021-03-12 09:40:49 -05:00
freddygv 3d85c29445 Update content hash due to new field 2021-03-11 19:59:19 -07:00