Melissa Kam
f7297a712d
docs/nia: Fix typo in TLS configs for CTS
2021-11-01 14:03:19 -05:00
Daniel Nephin
c706bf135c
Merge pull request #11340 from hashicorp/dnephin/ca-manager-provider
...
ca: split the Provider interface into Primary/Secondary
2021-11-01 14:11:15 -04:00
Daniel Nephin
eaaceedf31
Merge pull request #11338 from hashicorp/dnephin/ca-manager-isolate-secondary
...
ca: clearly identify methods that are primary-only or secondary-only
2021-11-01 14:10:31 -04:00
99
411e59c440
Merge pull request #11417 from hashicorp/crt-migration-1.11.0-betax
...
Crt migration 1.11.0 betax
2021-11-01 11:02:55 -07:00
Melissa Kam
89c89657d5
Merge pull request #11463 from hashicorp/docs-cts-tls
...
docs/nia: Update TLS-related configurations for CTS
2021-11-01 12:39:39 -05:00
Daniel Upton
a620b6be2e
Support Check-And-Set deletion of config entries ( #11419 )
...
Implements #11372
2021-11-01 16:42:01 +00:00
trujillo-adam
2bcd5c42b9
Merge pull request #11441 from hashicorp/docs/admin-partitions-feedback-acl-policies
...
admin partitions feedback related to ACLs; additional improvements to ACL rule docs
2021-11-01 09:09:38 -07:00
trujillo-adam
5050867956
Update website/content/docs/security/acl/acl-rules.mdx
...
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-11-01 09:07:08 -07:00
Melissa Kam
afac305b54
docs/nia: Update TLS-related configurations for CTS
...
- Clarify file types and uses of the configurations
- Update some wording to match between Consul and TFE TLS configs
2021-11-01 10:44:14 -05:00
Dhia Ayachi
4d763ef9e6
regenerate expired certs ( #11462 )
...
* regenerate expired certs
* add documentation to generate tests certificates
2021-11-01 11:40:16 -04:00
trujillo-adam
c68b3491c7
Apply suggestions from code review
...
fixed typos
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-11-01 08:08:04 -07:00
Jared Kirschner
6dfcbeceec
Merge pull request #11348 from kbabuadze/fix-answers-alt-domain
...
Fix answers for alt domain
2021-10-29 17:09:20 -04:00
David Yu
571cff9dc9
docs: add -verbose flag for install command ( #11447 )
2021-10-29 12:08:23 -07:00
99
324fa75d25
PR fixes
2021-10-28 22:22:38 -07:00
R.B. Boyer
2353d59413
cli: update consul members output to display partitions and sort the results usefully ( #11446 )
2021-10-28 17:27:31 -05:00
R.B. Boyer
d40d098321
agent: for various /v1/agent endpoints parse the partition parameter on the request ( #11444 )
...
Also update the corresponding CLI commands to send the parameter
appropriately.
NOTE: Behavioral changes are not happening in this PR.
2021-10-28 16:44:38 -05:00
R.B. Boyer
017e9d5ae4
agent: add a clone function for duplicating the serf lan configuration ( #11443 )
2021-10-28 16:11:26 -05:00
Mark Anderson
a749a41d07
Fix back compat issues with UDS config ( #11318 )
...
SocketPath needs to be omitted when empty to avoid confusing older versions of Consul
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2021-10-28 13:31:10 -07:00
David Yu
c3a1895f2e
docs: revised Helm install to create namespace and install on dedicated namespace ( #11440 )
...
* docs: revised Helm install to create namespace and install on dedicated Consul namespace
* Update website/content/docs/k8s/installation/install.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
* Update install.mdx
* changing to Helm 3.2+ as a pre-req to make it easier to follow
* might as well bump to latest version
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2021-10-28 12:27:00 -07:00
Daniel Nephin
a8d6392ab5
Add tests for cert expiry metrics
2021-10-28 14:38:57 -04:00
trujillo-adam
e70cff6ee8
applying admin partitions feedback related to ACLs; additional immprovments to ACL rule docs
2021-10-28 11:23:15 -07:00
99
daf4208341
Update .github/workflows/build.yml
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-10-28 11:07:55 -07:00
Daniel Nephin
503dee2d80
Merge pull request #10671 from hashicorp/dnephin/fix-subscribe-test-flake
...
subscribe: improve TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages
2021-10-28 12:57:09 -04:00
Daniel Nephin
b02b324c9d
Merge pull request #11255 from hashicorp/dnephin/fix-auth-verify-incoming
...
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
2021-10-28 12:56:58 -04:00
sidzi
ec65c6b3c5
Refactor requireHttpCodes for segregated error handling ( #11287 )
2021-10-28 12:24:23 -04:00
Kim Ngo
0ac20e556a
CTS document manual apply ( #11426 )
...
* CTS document manual apply
* Add Consul-Terraform-Sync parentheses to CTS acronym
* Add tf link for run notifications
2021-10-28 10:19:18 -05:00
Evan Culver
b3c92f22b1
connect: Remove support for Envoy 1.16 ( #11354 )
2021-10-27 18:51:35 -07:00
Evan Culver
98acbfa79c
connect: Add support for Envoy 1.20 ( #11277 )
2021-10-27 18:38:10 -07:00
Freddy
d6b2a22fd0
Merge pull request #11436 from hashicorp/api/exports-marshal
...
[OSS] Ensure partition-exports kind gets marshaled
2021-10-27 15:27:25 -06:00
99
6195b55dac
Update release branch to 1.11.x
2021-10-27 14:14:02 -07:00
freddygv
35c5ff5011
Update filename to match entry kind - mesh
2021-10-27 15:01:26 -06:00
freddygv
3dd21023bc
Ensure partition-exports kind gets marshalled
...
The api module has decoding functions that rely on 'kind' being present
of payloads. This is so that we can decode into the appropriate api type
for the config entry.
This commit ensures that a static kind is marshalled in responses from
Consul's api endpoints so that the api module can decode them.
2021-10-27 15:01:26 -06:00
Daniel Nephin
0a19d7fd76
agent: move agent tls metric monitor to a more appropriate place
...
And add a test for it
2021-10-27 16:26:09 -04:00
Daniel Nephin
1b2144c982
telemetry: set cert expiry metrics to NaN on start
...
So that followers do not report 0, which would make alerting difficult.
2021-10-27 15:19:25 -04:00
Daniel Nephin
a7fcf14c5c
telemetry: fix cert expiry metrics by removing labels
...
These labels should be set by whatever process scrapes Consul (for
prometheus), or by the agent that receives them (for datadog/statsd).
We need to remove them here because the labels are part of the "metric
key", so we'd have to pre-declare the metrics with the labels. We could
do that, but that is extra work for labels that should be added from
elsewhere.
Also renames the closure to be more descriptive.
2021-10-27 15:19:25 -04:00
Daniel Nephin
4300daa2e6
telemetry: only emit leader cert expiry metrics on the servers
2021-10-27 15:19:25 -04:00
Daniel Nephin
9de725c17d
telemetry: prevent stale values from cert monitors
...
Prometheus scrapes metrics from each process, so when leadership transfers to a different node
the previous leader would still be reporting the old cached value.
By setting NaN, I believe we should zero-out the value, so that prometheus should only consider the
value from the new leader.
2021-10-27 15:19:25 -04:00
Daniel Nephin
616cc9b6f8
telemetry: improve cert expiry metrics
...
Emit the metric immediately so that after restarting an agent, the new expiry time will be
emitted. This is particularly important when this metric is being monitored, because we want
the alert to resovle itself immediately.
Also fixed a bug that was exposed in one of these metrics. The CARoot can be nil, so we have
to handle that case.
2021-10-27 15:19:25 -04:00
Daniel Nephin
24951f0c7e
subscribe: attempt to fix a flaky test
...
TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages has been
flaking a few times. This commit cleans up the test a bit, and improves
the failure output.
I don't believe this actually fixes the flake, but I'm not able to
reproduce it reliably.
The failure appears to be that the event with Port=0 is being sent in
both the snapshot and as the first event after the EndOfSnapshot event.
Hopefully the improved logging will show us if these are really
duplicate events, or actually different events with different indexes.
2021-10-27 15:09:09 -04:00
Freddy
ae76144f55
Merge pull request #11435 from hashicorp/ent-authorizer-refactor
...
[OSS] Export ACLs refactor
2021-10-27 13:04:40 -06:00
Freddy
520bda999b
Merge pull request #11432 from hashicorp/ap/exports-mgw
...
[OSS] Update mesh gateways to handle partitions
2021-10-27 12:54:53 -06:00
freddygv
592965d61e
Rework acl exports interface
2021-10-27 12:50:39 -06:00
freddygv
b290dbba89
Prefer concrete policyAuthorizer type
...
There will only ever be policyAuthorizers embedded in
namespaceAuthorizers, this commit swaps out the interface in favor of
the concrete type.
2021-10-27 12:50:19 -06:00
Freddy
9bbeea0432
Merge pull request #11433 from hashicorp/exported-service-acls
...
[OSS] acl: Expand ServiceRead and NodeRead to account for partition exports
2021-10-27 12:48:08 -06:00
freddygv
05f91bd2b8
Update comments
2021-10-27 12:36:44 -06:00
Daniel Nephin
6e9dd995eb
tlsutil: only AuthorizerServerConn when VerifyIncomingRPC is true
...
See github.com/hashicorp/consul/issues/11207
When VerifyIncomingRPC is false the TLS conn will not have the required certificates.
2021-10-27 13:43:25 -04:00
Freddy
d8ae915160
Merge pull request #11431 from hashicorp/ap/exports-proxycfg
...
[OSS] Update partitioned mesh gw handling for connect proxies
2021-10-27 11:27:43 -06:00
Freddy
8e23a6a0cc
Merge pull request #11416 from hashicorp/ap/exports-update
...
Rename service-exports to partition-exports
2021-10-27 11:27:31 -06:00
freddygv
40271beb38
Fixup partitions assertion
2021-10-27 11:15:25 -06:00
freddygv
67412ac5e7
Fixup imports
2021-10-27 11:15:25 -06:00