Commit Graph

11098 Commits

Author SHA1 Message Date
John Cowen 5b7a48e273
ui: oss don't ever POST/PUT Namespaces when writing data (#7238)
* ui: Ensure we use nonEmptySet everywhere where we add Namespace

We missed a coupld of places where we use the noEmptySet function, which
will only perform the set if the specified property is non-empty.

Currently we aren't certain there is a place in OSS where a Namespace
can make its way down via the API and endup being PUT/POSTed back out
again when saved. If this did ever happen we would assume it would be
the default namespace, but we add an extra check here to ensure we never
PUT/POST the Namespace property if Namespaces are disabled.

* ui: Add step/assertion for assert if a property is NOT set in the body

* ui: Improve updated/create acc testing for policy/token/roles:

Including making sure a Namespace property is never sent through if you
are running without namespace support
2020-02-07 15:50:50 +00:00
Matt Keeler f610d1d791
Fix a bug with ACL enforcement of reads on namespaced config entries. (#7239) 2020-02-07 08:30:40 -05:00
John Cowen 4be0f6c061
ui: Run 2 separate test runs oss and ent (#7214)
* ui: Make API integration tests aware of CONSUL_NSPACES_ENABLED

* ui: Allow passing CONSUL_NSPACES_ENABLED in via the cli in ember

* ui: Add more makefile targets/package scripts to switch NSPACEs on/off

* ui: Ensure all acceptance tests continue to pass with NSPACEs on/off

This required a little tweaking of the dictionary, at some point
page-navigation and some of these little tweaks will no longer be
required

* ui: Try running CI frontend tests in two parellel runs oss/ent

* ui: Use correct make target, use different names for the reports
2020-02-07 11:02:53 +00:00
Kit Patella aa9db3f903
agent/consul server: fix LeaderTest_ChangeNodeID (#7236)
* fix LeaderTest_ChangeNodeID to use StatusLeft and add waitForAnyLANLeave

* unextract the waitFor... fn, simplify, and provide a more descriptive error
2020-02-06 16:37:53 -08:00
Kenia cabc189b50
Merge pull request #7235 from hashicorp/ui-staging
ui: UI Release Merge (ui-staging merge)
2020-02-06 15:34:02 -05:00
John Cowen 5a52c361e5
ui: Fix for differences between uncompiled and compiled CSS (#7233)
We noticed that this relative positioning is not even applied when the CSS is
compiled/compressed. When looking via Web Inspector this style/selector
doesn't even appear even though it is in the CSS source.

This !important reduces the amount of selectors for this style rule,
which fixes the error, so potentially this isn't a specificity thing.
2020-02-06 20:13:13 +00:00
Blake Covarrubias 1c072277ac docs: Indent secretName and secretKey under aclSyncToken
These are sub-parameters under aclSyncToken. Fix indentation so that
they are properly displayed under that top-level key.
2020-02-06 10:40:33 -08:00
Matt Keeler 2524a028ea
OSS Changes for various config entry namespacing bugs (#7226) 2020-02-06 10:52:25 -05:00
Hans Hasselberg 107e8523a8
agent: ensure node info sync and full sync. (#7189)
This fixes #7020.

There are two problems this PR solves:
  * if the node info changes it is highly likely to get service and check registration permission errors unless those service tokens have node:write. Hopefully services you register don’t have this permission.
  * the timer for a full sync gets reset for every partial sync which means that many partial syncs are preventing a full sync from happening

Instead of syncing node info last, after services and checks, and possibly saving one RPC because it is included in every service sync, I am syncing node info first. It is only ever going to be a single RPC that we are only doing when node info has changed. This way we are guaranteed to sync node info even when something goes wrong with services or checks which is more likely because there are more syncs happening for them.
2020-02-06 15:30:58 +01:00
Fredrik Hoem Grelland 0a9aadbb48
docs: namespaces has erroneous HCL example (#7228) 2020-02-06 06:33:07 -06:00
John Cowen 1fdf60234c
ui: Discovery chain improvements (#7222)
* ui: remove the default word when describing routes

* ui: Avoid mutating the chain and look for the default edges more safely

* ui: Use not null check instead of a truthy check for showing disco-chain

* ui: Upgrade consul-api-double for better disco-chain mocks/fixtures
2020-02-06 12:06:47 +00:00
R.B. Boyer 62d0f76fc0
cli: fix typo in -namespace help text (#7225) 2020-02-05 14:43:25 -06:00
R.B. Boyer a67001aa22
agent: differentiate wan vs lan loggers in memberlist and serf (#7205)
This should be a helpful change until memberlist and serf can be
properly switched to native hclog.
2020-02-05 09:52:43 -06:00
Matt Keeler 119168203b
Fix disco chain graph validation for namespaces (#7217)
Previously this happened to be validating only the chains in the default namespace. Now it will validate all chains in all namespaces when the global proxy-defaults is changed.
2020-02-05 10:06:27 -05:00
Matt Keeler 3621f7090b
Minor Non-Functional Updates (#7215)
* Cleanup the discovery chain compilation route handling

Nothing functionally should be different here. The real difference is that when creating new targets or handling route destinations we use the router config entries name and namespace instead of that of the top level request. Today they SHOULD always be the same but that may not always be the case. This hopefully also makes it easier to understand how the router entries are handled.

* Refactor a small bit of the service manager tests in oss

We used to use the stringHash function to compute part of the filename where things would get persisted to. This has been changed in the core code to calling the StringHash method on the ServiceID type. It just so happens that the new method will output the same value for anything in the default namespace (by design actually). However, logically this filename computation in the test should do the same thing as the core code itself so I updated it here.

Also of note is that newer enterprise-only tests for the service manager cannot use the old stringHash function at all because it will produce incorrect results for non-default namespaces.
2020-02-05 10:06:11 -05:00
John Cowen 1d26be2415
ui: Ensure KV flags are passed through to Consul on update (#7216)
* ui: always pass KV flags through on update

* ui: Integration test to prove the flags queryParams gets passed through

* ui: Add Flags to the KV updating acceptance tests
2020-02-05 09:37:45 +00:00
Freddy 67e02a0752
Add managed service provider token (#7218)
Stubs for enterprise-only ACL token to be used by managed service providers.
2020-02-04 13:58:56 -07:00
Kenia 1eec7d561d
ui: Add ability to search nodes listing page with IP Address (#7204)
* Update search field placeholder to display `Search`

* Add an acceptance test to search node listings with node name and IP Address

* Update and add unit tests for filter/search node listing with IP Address
2020-02-04 10:45:25 -05:00
Hans Hasselberg a9f9ed83cb
agent: increase watchLimit to 8192. (#7200)
The previous value was too conservative and users with many instances
were having problems because of it. This change increases the limit to
8192 which reportedly fixed most of the issues with that.

Related: #4984, #4986, #5050.
2020-02-04 13:11:30 +01:00
Luke Kysow 6aed66e3af
Helm ref docs for consul-k8s namespaces support 2020-02-03 17:17:48 -07:00
Paul Banks 79531cd190
Update CHANGELOG.md 2020-02-03 17:24:44 +00:00
Paul Banks f7f0e906eb
Update CHANGELOG.md 2020-02-03 17:21:27 +00:00
Hans Hasselberg b528667328
build: update to golang 1.12.16 (#7153) 2020-02-03 18:20:03 +01:00
Paschalis Tsilias 1b81cccbf9
Expose Envoy's /stats for statsd agents (#7173)
* Expose Envoy /stats for statsd agents; Add testcases

* Remove merge conflict leftover

* Add support for prefix instead of path; Fix docstring to mirror these changes

* Add new config field to docs; Add testcases to check that /stats/prometheus is exposed as well

* Parametrize matchType (prefix or path) and value

* Update website/source/docs/connect/proxies/envoy.md

Co-Authored-By: Paul Banks <banks@banksco.de>

Co-authored-by: Paul Banks <banks@banksco.de>
2020-02-03 17:19:34 +00:00
R.B. Boyer 91ffba64e6
add 'make go-mod-tidy' to serially run tidy on all submodules in the correct order (#7179)
- also make go-mod-tidy a dependency of update-vendor
2020-02-03 10:12:26 -06:00
Anudeep Reddy 2ce45ae171
[docs] Enabling connect requires server restarts (#6904) 2020-02-03 09:58:12 -06:00
Kenia ea5d2ef8b6
ui: Hides the Routing tab for a service proxy (#7195)
* Adds conditional in route to not make discovery-chain request if service kind is equal to `connect-proxy` or `mesh-gateway`

* Adds conditional in template to not show Routing tab if `chain` returns as null

* Creates a new acceptance test to test the Routing tab not being displayed for a service proxy

* Adds `tabs` to the services/show page object
2020-02-03 10:09:15 -05:00
Matt Keeler 111cb51fc8
Testing updates to support namespaced testing of the agent/xds… (#7185)
* Various testing updates to support namespaced testing of the agent/xds package

* agent/proxycfg package updates to support better namespace testing
2020-02-03 09:26:47 -05:00
Mohammad Gufran 473ecf57dc
docs: add Flightpath to the list of community tools (#7176) 2020-02-03 13:16:21 +01:00
Stuart Williams d12429ef2b
docs: rate limiting applies to Consul agents in server mode (#6932) 2020-02-03 13:10:47 +01:00
Chris Arcand 705723015d
docs: update available Sentinel imports (#6920) 2020-02-03 11:44:25 +01:00
Hans Hasselberg 8fd814d64c
memberlist: vendor v0.1.6 to pull in new state: stateLeft (#7184) 2020-02-03 11:02:13 +01:00
Michael Hofer ee3b157eda
docs: add missing Autopilot -min-quorum documentation (#7192) 2020-02-03 10:59:53 +01:00
Blake Covarrubias fc496e780e Fix org name in Helm chart's imageEnvoy description
Update the description for the Helm chart's connectInject.imageEnvoy
parameter to reflect the correct organization name for images published by
EnvoyProxy.io.
2020-02-03 01:46:58 -08:00
Davor Kapsa c280dd8549
auto_encrypt: check previously ignored error (#6604) 2020-02-03 10:35:11 +01:00
Alexandru Matei e6e6759b94
docs: add detailed documentation about Health Checking specific service using the gRPC method (#6574) 2020-02-03 10:19:06 +01:00
Lars Lehtonen da9086cd03
cli: check previously ignored errors when updating a policy (#6565) 2020-02-03 10:14:30 +01:00
Fouad Zaryouh b33cf06cf7
api: add replace-existing-checks param to the api package (#7136) 2020-02-03 10:11:40 +01:00
Anthony Scalisi 3616c94935
docs: fix typos, IDs are UUIDs, /acl/token endpoints manage ACL tokens (#5736) 2020-02-03 09:41:54 +01:00
hashicorp-ci bb207b722e Release v1.7.0-beta4 2020-01-31 21:38:38 +00:00
hashicorp-ci 5378fd9bf8 update bindata_assetfs.go 2020-01-31 21:38:38 +00:00
Sarah Christoff fdd52e5191
Revert "Update question.md" (#7183) 2020-01-31 13:45:05 -06:00
Matt Keeler 53a76519d5
Add replace directive to prevent contacting istio.io during the… (#7194)
They keep having TLS handshake timeouts. Its pointed at github instead.
2020-01-31 13:57:54 -05:00
Matt Keeler 79de4bb5c6
Update CHANGELOG.md 2020-01-31 11:56:34 -05:00
Matt Keeler 240ce3e2d2
Update CHANGELOG.md 2020-01-31 11:51:00 -05:00
Matt Keeler f5511133b3
Update CHANGELOG.md 2020-01-31 11:24:48 -05:00
Hans Hasselberg 50281032e0
Security fixes (#7182)
* Mitigate HTTP/RPC Services Allow Unbounded Resource Usage

Fixes #7159.

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Paul Banks <banks@banksco.de>
2020-01-31 11:19:37 -05:00
Matt Keeler 3e56f5c8b8
ACL enforcement for the agent/health/services endpoints (#7191)
ACL enforcement for the agent/health/services endpoints
2020-01-31 11:16:24 -05:00
R.B. Boyer cc9586f34d update changelog 2020-01-31 10:13:40 -06:00
R.B. Boyer 1d7e4f7de5
cli: improve the file safety of 'consul tls' subcommands (#7186)
- also fixing the signature of file.WriteAtomicWithPerms
2020-01-31 10:12:36 -06:00