Commit Graph

11807 Commits

Author SHA1 Message Date
Jono Sosulska 7a13c96a2a
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
* Replace whitelist/blacklist terminology with allowlist/denylist
2020-05-29 14:19:16 -04:00
Shantanu Gadgil 08cb4e5c6b
add gobetween to the Consul tools (#7973)
add gobetween to the Consul tools
2020-05-29 11:17:22 -07:00
Hans Hasselberg 1ed91cbdf6 pool: remove timeout parameter
Timeout was never used in a meaningful way by callers, which is why it
is now entirely internal to the pool.
2020-05-29 08:21:28 +02:00
Hans Hasselberg 5cda505495 pool: remove useTLS and ForceTLS
In the past TLS usage was enforced with these variables, but these days
this decision is made by TLSConfigurator and there is no reason to keep
using the variables.
2020-05-29 08:21:24 +02:00
Hans Hasselberg 9ef44ec3da pool: remove version
The version field has been used to decide which multiplexing to use. It
was introduced in 2457293dceec95ecd12ef4f01442e13710ea131a. But this is
6y ago and there is no need for this differentiation anymore.
2020-05-28 23:06:01 +02:00
Chris Piraino 967ecf59b0
Remove underscores from gateway URL paths (#7962) 2020-05-28 14:19:17 -05:00
Alvin Huang 8dcba62e86 update CHANGELOG after rebasing release/1.8.x after 1.8.0-beta2 2020-05-28 14:42:52 -04:00
hashicorp-ci 6af122d259 Putting source back into Dev Mode 2020-05-28 14:39:39 -04:00
hashicorp-ci 827448fa7f Release v1.8.0-beta2 2020-05-28 14:39:38 -04:00
hashicorp-ci 6b8bedd004 update bindata_assetfs.go 2020-05-28 14:39:37 -04:00
Chris Piraino 1b7aa5a035 Update CHANGELOG.md 2020-05-28 14:39:37 -04:00
John Cowen e446daf6ae Update CHANGELOG.md 2020-05-28 14:39:34 -04:00
John Cowen ab5c38a6b5 Update CHANGELOG.md 2020-05-28 14:39:34 -04:00
Chris Piraino d54956b436 Update CHANGELOG.md 2020-05-28 14:39:33 -04:00
hashicorp-ci 06c02fe9c2 Putting source back into Dev Mode 2020-05-28 14:39:30 -04:00
hashicorp-ci a69cd5ff4b Release v1.8.0-beta1 2020-05-28 14:39:29 -04:00
hashicorp-ci 634a0e630a update bindata_assetfs.go 2020-05-28 14:39:28 -04:00
Luke Kysow 1edf879169
Merge pull request #7936 from hashicorp/helm-k8s-mgw
Helm docs for k8s mesh gateways and federation
2020-05-28 10:51:03 -07:00
Luke Kysow 80031e7921
Helm docs for k8s mesh gateways and federation 2020-05-28 10:49:59 -07:00
Daniel Nephin 23bbded0c3
Merge pull request #7947 from hashicorp/dnephin/add-linter-staticcheck-3
ci: Enable staticcheck and fix most errors
2020-05-28 12:25:46 -04:00
Daniel Nephin ea6c2b2adc ci: Add staticcheck and fix most errors
Three of the checks are temporarily disabled to limit the size of the
diff, and allow us to enable all the other checks in CI.

In a follow up we can fix the issues reported by the other checks one
at a time, and enable them.
2020-05-28 11:59:58 -04:00
Daniel Nephin e359b10f77
Merge pull request #7963 from hashicorp/dnephin/replace-lib-translate-keys
Replace lib.TranslateKeys with a mapstructure decode hook
2020-05-27 16:51:26 -04:00
Daniel Nephin 8f939da431 config: use the new HookTranslateKeys instead of lib.TranslateKeys
With the exception of CA provider config, which will be migrated at some
later time.
2020-05-27 16:24:47 -04:00
Daniel Nephin 644eb3b33a Add alias struct tags for new decode hook 2020-05-27 16:24:47 -04:00
Daniel Nephin 8dc52a56ea config: add HookTranslteKeys
This hook replaces lib.TranslateKeys and has a number of advantages:

1. Primarily, aliases for fields are defined on the field itself, making
   the aliases much easier to maintain, and more obvious to the reader.
2. TranslateKeys translation rules are not aware of structure. It could
   very easily incorrectly translate a key on one struct that was intended
   to be a translation rule for a completely different struct, leading
   to very hard to debug errors. The hook removes the need for the
   unexpected "translation rule is an empty string to indicate stop
   traversal" special case.
3. TranslateKeys attempts to duplicate a bunch of tree traversal logic
   that already exists in mapstructure. Using mapstructure for traversal
   removes the need to traverse the entire structure multiple times, and
   makes the behaviour more obvious to the reader.

This change is being made to enable a future change of replacing
PatchSliceOfMaps. TranslateKeys sits in between PatchSliceOfMaps and
mapstructure.Decode, so it must be converted to a hook first, before
PatchSliceOfMaps can be replaced by a decode hook.
2020-05-27 16:24:47 -04:00
R.B. Boyer 54c7f825d6
create lib/stringslice package (#7934) 2020-05-27 11:47:32 -05:00
R.B. Boyer 2b2ee434ef update changelog 2020-05-27 11:33:16 -05:00
R.B. Boyer 813d69622e
agent: handle re-bootstrapping in a secondary datacenter when WAN federation via mesh gateways is configured (#7931)
The main fix here is to always union the `primary-gateways` list with
the list of mesh gateways in the primary returned from the replicated
federation states list. This will allow any replicated (incorrect) state
to be supplemented with user-configured (correct) state in the config
file. Eventually the game of random selection whack-a-mole will pick a
winning entry and re-replicate the latest federation states from the
primary. If the user-configured state is actually the incorrect one,
then the same eventual correct selection process will work in that case,
too.

The secondary fix is actually to finish making wanfed-via-mgws actually
work as originally designed. Once a secondary datacenter has replicated
federation states for the primary AND managed to stand up its own local
mesh gateways then all of the RPCs from a secondary to the primary
SHOULD go through two sets of mesh gateways to arrive in the consul
servers in the primary (one hop for the secondary datacenter's mesh
gateway, and one hop through the primary datacenter's mesh gateway).
This was neglected in the initial implementation. While everything
works, ideally we should treat communications that go around the mesh
gateways as just provided for bootstrapping purposes.

Now we heuristically use the success/failure history of the federation
state replicator goroutine loop to determine if our current mesh gateway
route is working as intended. If it is, we try using the local gateways,
and if those don't work we fall back on trying the primary via the union
of the replicated state and the go-discover configuration flags.

This can be improved slightly in the future by possibly initializing the
gateway choice to local on startup if we already have replicated state.
This PR does not address that improvement.

Fixes #7339
2020-05-27 11:31:10 -05:00
Alvin Huang f830637448
bump beta callout to v1.8.0-beta2 (#7945) 2020-05-26 12:51:44 -04:00
Raphaël Rondeau b799471e29
connect: fix endpoints clusterName when using cluster escape hatch (#7319)
```changelog
* fix(connect): fix endpoints clusterName when using cluster escape hatch
```
2020-05-26 10:57:22 +02:00
Pierre Souchay fa43d427cb
Stop all watches before shuting down anything dring shutdown. (#7526)
This will prevent watches from being triggered.

```changelog
* fix(agent):  stop all watches before shuting down
```
2020-05-26 10:01:49 +02:00
Luke Kysow 064bd2e9ca
Merge pull request #7944 from hashicorp/k8s-mgw-docs-update
Update for consul:1.8.0-beta2
2020-05-25 11:26:28 -07:00
Luke Kysow 11933ee640
Update for consul:1.8.0-beta2 2020-05-25 11:26:09 -07:00
R.B. Boyer aa3fdddd16 update changelog 2020-05-21 16:09:57 -05:00
R.B. Boyer 7e42819a71
connect: ensure proxy-defaults protocol is used for upstreams (#7938) 2020-05-21 16:08:39 -05:00
Jeff Escalante 10b79907a0 env variable clarity 2020-05-21 14:50:45 -04:00
Jeff Escalante c093b4903f mod stylelint to be more accurate 2020-05-21 14:50:45 -04:00
Jeff Escalante 7a43926fa4 upgrade to stylelint release 2020-05-21 14:50:45 -04:00
Jeff Escalante 483ca3acf7 remove unused dependencies, adjust 404 link color 2020-05-21 14:50:45 -04:00
Jeff Escalante 306e8c84b6 update dependencies 2020-05-21 14:50:45 -04:00
Kyle Havlovitz 5aefdea1a8
Standardize support for Tagged and BindAddresses in Ingress Gateways (#7924)
* Standardize support for Tagged and BindAddresses in Ingress Gateways

This updates the TaggedAddresses and BindAddresses behavior for Ingress
to match Mesh/Terminating gateways. The `consul connect envoy` command
now also allows passing an address without a port for tagged/bind
addresses.

* Update command/connect/envoy/envoy.go

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* PR comments

* Check to see if address is an actual IP address

* Update agent/xds/listeners.go

Co-authored-by: Freddy <freddygv@users.noreply.github.com>

* fix whitespace

Co-authored-by: Chris Piraino <cpiraino@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2020-05-21 09:08:12 -05:00
Peter M 2232f5cba8 Updated resource heading to correct error 2020-05-20 15:26:56 -07:00
Daniel Nephin 6604e72c6d
Merge pull request #7933 from hashicorp/dnephin/state-txn-missing-errors
state: fix unhandled error
2020-05-20 17:00:20 -04:00
Daniel Nephin f9a89db86e
Update agent/consul/state/catalog.go
Co-authored-by: Hans Hasselberg <me@hans.io>
2020-05-20 16:34:14 -04:00
Seth Hoenig 7ea75263ea
grpc: use default resolver scheme for grpc dialing (#7617)
Currently checks of type gRPC will emit log messages such as,

    2020/02/12 13:48:22 [INFO] parsed scheme: ""
    2020/02/12 13:48:22 [INFO] scheme "" not registered, fallback to default scheme

Without adding full support for using custom gRPC schemes (maybe that's
right long-term path) we can just supply the default scheme as provided
by the grpc library.

Fixes https://github.com/hashicorp/consul/issues/7274
and https://github.com/hashicorp/nomad/issues/7415
2020-05-20 22:26:26 +02:00
Daniel Nephin e1e1c13b35 state: use an error to indicate compare failed
Errors are values. We can use the error value to identify the 'comparison failed' case which makes the function easier to use and should make it harder to miss handle the error case
2020-05-20 12:43:33 -04:00
Freddy 36c2ae0900
Update ingress/terminating gateway ACL docs (#7891) 2020-05-20 09:27:25 -06:00
Paul Mundt 9b15050b44
docs: Add Dart client to list of Libraries and SDKs (#7884) 2020-05-20 12:42:12 +02:00
Patrice Krakow 49bd1a4ba3
docs: change "is" to "can be" in connect docs (#7902)
The doc says: "When the Connect injector is installed, the Connect sidecar is automatically added to all pods." But, it depends on the configuration, so I think it's better to say: "When the Connect injector is installed, the Connect sidecar can automatically added to all pods."
2020-05-20 12:40:24 +02:00
Pierre Souchay eda40d8824
tests: added unit test to ensure watches are not re-triggered on consul reload (#7449)
This ensures no regression about https://github.com/hashicorp/consul/issues/7318
And ensure that https://github.com/hashicorp/consul/issues/7446 cannot happen anymore
2020-05-20 12:38:29 +02:00