Commit graph

15397 commits

Author SHA1 Message Date
Bisakh 85b2855cdf
acl: update GetPolicyByName method implementation (#11055) 2021-09-28 10:46:27 -04:00
Jared Kirschner 5d593e930b
Merge pull request #10702 from jkirschner-hashicorp/network-segments-docs-enhancements
Network segments docs enhancements
2021-09-28 10:24:05 -04:00
Paul Banks 05c8387891
Merge pull request #10725 from hashicorp/banks-patch-3
Call out the incompatibility of wildcards and L7 permissions
2021-09-28 13:51:41 +01:00
David Yu 208389f5ad
docs: consul-k8s cli install, add bin/ to source path (#11146)
Add `bin/` to path from which you move `consul-k8s` to `/usr/local/bin/consul-k8s`
2021-09-27 22:11:54 -07:00
R.B. Boyer 0069c586df
changelog updates for 1.10.3, 1.9.10, and 1.8.16 (#11160) 2021-09-27 15:36:14 -05:00
Noel Quiles 937801d52d
Update alert banner for HashiConf Global 2021 (#11154) 2021-09-27 14:25:25 -04:00
John Cowen 7639cc8797
ui: Adds Flight icons to our icon set (#11097)
* ui: Adds Flight icons to our icon set

This commit doesn't actually add anything to the UI, rather just makes
the flight icons available for use.
2021-09-27 18:26:42 +01:00
John Cowen ce731453ea
ui: Hide create buttons for policies/roles/namespaces with readonly access (#10914)
This PR adds a check to policy, role and namespace list pages to make sure the user has can write those things before offering to create them via a button. (The create page/form would then be a read-only form)
2021-09-27 17:20:44 +01:00
John Cowen d157c63fe4
ui: Don't show the CRD menu for read-only intentions (#11149)
* ui: Don't show the CRD menu for read-only intentions

The UI bug here manifests itself only when a user/token is configured to have read-only access to intentions. Instead of only letting folks click to see a read only page of the intention, we would show an additional message saying that the intention was read-only due to it being 'Managed by [a kubernetes] CRD'. Whilst the intention was still read only, this extra message was still confusing for users.

This PR fixes up the conditional logic and further moves the logic to use ember-can - looking at the history of the files in question, this bug snuck itself in partly due to it being 'permission-y type stuff' previous to using ember-can and when something being editable or not was nothing to do with ACLs. Then we moved to start using ember-can without completely realising what IsEditable previously meant. So overall the code here is a tiny bit clearer/cleaner by adding a proper can view CRD intention instead of overloading the idea of 'editability'.
2021-09-27 17:19:32 +01:00
John Cowen 2d3f08263c
ui: Adds a set of basic unit tests for abilities (#11132) 2021-09-27 16:46:26 +01:00
John Cowen a3f45ad70c
ui: Remove info panel from the nspace menu when editing nspaces (#11130)
* ui: Remove info panel form the nspace menu when editing nspaces
2021-09-24 18:05:22 +01:00
John Cowen b19e14e8a8
ui: Add initial partition support to intentions (#11129)
* ui: Add initial partition support to intentions
2021-09-24 17:31:58 +01:00
Blake Covarrubias 78a3b9f3e1 docs: Decode K8s secrets with base64decode function
Use kubectl's base64decode template function (added in K8s 1.11) to
decode values in Secrets. Removes external call to `base64` utility on
the host system.
2021-09-24 08:59:34 -07:00
John Cowen e287feb85f
ui: Use last-child for selecting the desired nspace instead of nth-child (#11127) 2021-09-24 13:04:41 +01:00
John Cowen 98f5cb45b2
ui: Remove refresh-route action for session invalidation (#11105)
* ui: Move action to the correct button for session invalidation

* Remove refresh-route completely, its not needed
2021-09-24 12:10:10 +01:00
trujillo-adam 75a14772e8
Merge pull request #11028 from hashicorp/docs-k8s-cli-alpha
adding k8s-cli alpha docs
2021-09-23 16:35:56 -07:00
trujillo-adam 7b7436515f adding timeout flags, wait flag, and updated build procedure 2021-09-23 16:07:56 -07:00
Daniel Nephin 52ecd0d107 docs: clarify acl down policy 2021-09-23 18:13:39 -04:00
Daniel Nephin 30fe14eed3 acl: fix default authorizer for down_policy
This was causing a nil panic because a nil authorizer is no longer valid after the cleanup done
in https://github.com/hashicorp/consul/pull/10632.
2021-09-23 18:12:22 -04:00
Daniel Nephin a6a7069ecf Remove t.Parallel from TestACLResolver_DownPolicy
These tests run in under 10ms, t.Parallel does nothing but slow them down and
make failures harder to debug when one panics.
2021-09-23 18:12:22 -04:00
Dhia Ayachi 4505cb2920
Refactor table index acl phase 2 (#11133)
* extract common methods from oss and ent

* remove unreachable code

* add missing normalize for binding rules

* fix oss to use Query
2021-09-23 15:26:09 -04:00
Daniel Nephin cc46fcc53e config: Move ACLEnableKeyListPolicy to DeprecatedConfig 2021-09-23 15:15:00 -04:00
Daniel Nephin 107c24a68a config: move acl_ttl to DeprecatedConfig 2021-09-23 15:14:59 -04:00
Daniel Nephin 5eb2bebdf8 config: move acl_{default,down}_policy to DeprecatedConfig 2021-09-23 15:14:59 -04:00
Daniel Nephin 408eb0e08e config: Deprecate EnableACLReplication
replaced by ACL.TokenReplication
2021-09-23 15:14:59 -04:00
Daniel Nephin d54db5917f config: move ACL master token and replication to DeprecatedConfig 2021-09-23 15:14:59 -04:00
CJ 6d20f74c90
docs: Fix grammatical errors in glossary (#10751) 2021-09-23 08:36:52 -07:00
Paul Banks f8412cf5fa
Merge pull request #10903 from hashicorp/feature/ingress-sds
Add Support to for providing TLS certificates for Ingress listeners from an SDS source
2021-09-23 16:19:05 +01:00
Dhia Ayachi ebe333b947
Refactor table index (#11131)
* convert tableIndex to use the new pattern

* make `indexFromString` available for oss as well

* refactor `indexUpdateMaxTxn`
2021-09-23 11:06:23 -04:00
Paul Banks d57931124f Final readability tweaks from review 2021-09-23 10:17:12 +01:00
Paul Banks 8c8cde524e Add Envoy integration test for split-route SDS case 2021-09-23 10:17:03 +01:00
Paul Banks 626232e4cd Minor improvements to SDS server from review 2021-09-23 10:13:41 +01:00
Paul Banks 66c625a64d Fix subtle loop bug and add test 2021-09-23 10:13:41 +01:00
Paul Banks 7198d0bd80 Refactor SDS validation to make it more contained and readable 2021-09-23 10:13:19 +01:00
Paul Banks fe4f69613c Refactor Ingress-specific lister code to separate file 2021-09-23 10:13:19 +01:00
Paul Banks f4f0793a10 Minor PR typo and cleanup fixes 2021-09-23 10:13:19 +01:00
Paul Banks 4cc1ccf892 Revert abandonned changes to proxycfg for Ent test consistency 2021-09-23 10:13:19 +01:00
Paul Banks d812a0edc7 Fix merge conflict in xds tests 2021-09-23 10:12:37 +01:00
Paul Banks 3b2a4fc458 Allow skipping v2 compat tests for SDS as it's only the SDS server integration that doesn't support v2 2021-09-23 10:12:37 +01:00
Paul Banks cd6491ea71 Fix integration tests in CI - serve SDS certs from the Docker image not a mounted path 2021-09-23 10:12:37 +01:00
Paul Banks c2174260bc Fix integration test for older Envoy versions 2021-09-23 10:12:37 +01:00
Paul Banks a24efd20fc Fix some more Enterprise Normalization issues affecting tests 2021-09-23 10:12:37 +01:00
Paul Banks aa3240483f Add changelog; Add API package support for new fields. 2021-09-23 10:12:37 +01:00
Paul Banks 15969327c0 Remove unused argument to fix lint error 2021-09-23 10:09:11 +01:00
Paul Banks 9422e4ebc7 Handle namespaces in route names correctly; add tests for enterprise 2021-09-23 10:09:11 +01:00
Paul Banks 1f62bca08b Add basic integration test for Envoy ingress with SDS 2021-09-23 10:08:02 +01:00
Paul Banks 9d576a08dc Update xDS routes to support ingress services with different TLS config 2021-09-23 10:08:02 +01:00
Paul Banks 8a4254a894 Update xDS Listeners with SDS support 2021-09-23 10:08:02 +01:00
Paul Banks 8548e15f1b Update proxycfg to hold more ingress config state 2021-09-23 10:08:02 +01:00
Paul Banks 0e410a1b1f Add ingress-gateway config for SDS 2021-09-23 10:08:02 +01:00