Commit Graph

16993 Commits

Author SHA1 Message Date
Jorge Marey 8b1b264b6f Add test case to verify #12298 2022-03-01 09:25:52 +01:00
Jorge Marey 820235235c Add changelog file 2022-03-01 09:25:52 +01:00
Jorge Marey 2ca00df0d8 Avoid raft change when no config is provided on CAmanager
- This avoids a change to the raft store when no roots or config
are provided to persistNewRootAndConfig
2022-03-01 09:25:52 +01:00
Evan Culver c60e04e086
Add changelog entries from latest releases (#12473) 2022-02-28 17:49:37 -08:00
Evan Culver 3ca2d48bc8
Update latest version on website to 1.11.4 (#12469) 2022-02-28 16:53:28 -08:00
Jared Kirschner 4a413c870e
Merge pull request #12455 from hashicorp/docs/enterprise-license-faq-improvements
Enterprise license FAQ improvements
2022-02-28 17:30:07 -05:00
Daniel Nephin dd565aa5e4 ca: fix a test
This test does not use Vault, so does not need ca.SkipIfVaultNotPresent
2022-02-28 16:26:18 -05:00
Daniel Nephin bb7f2f15b3 ca: require that tests that use Vault are named correctly
Previously we were using two different criteria to decide where to run a
test.  The main `go-test` job would skip Vault tests based on the
presence of the `vault` binary, but the `test-connect-ca-providers` job
would run tests based on the name.

This led to a scenario where a test may never run in CI.

To fix this problem I added a name check to the function we use to skip
the test. This should ensure that any test that requires vault is named
correctly to be run as part of the `test-connect-ca-providers` job.

At the same time I relaxed the regex we use. I verified this runs the
same tests using `go test --list Vault`.  I made this change because a
bunch of tests in `agent/connect/ca` used `Vault` in the name, without
the underscores. Instead of changing a bunch of test names, this seemed
easier.

With this approach, the worst case is that we run a few extra tests in
the `test-connect-ca-providers` job, which doesn't seem like a problem.
2022-02-28 16:13:53 -05:00
Jared Kirschner 5a084083a3 docs: clarify trial license FAQ
Also use consistent language throughout to refer to the non-production license
(just "trial" license, not both "trial" and "evaluation").
2022-02-28 13:06:26 -08:00
Kyle Schochenmaier 03a4605218
update helm docs for release 0.41.1 (#12465)
* update helm docs for release 0.41.1

* apply escape on <ip>:<port>

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-02-28 13:03:50 -08:00
R.B. Boyer 3804677570
server: suppress spurious blocking query returns where multiple config entries are involved (#12362)
Starting from and extending the mechanism introduced in #12110 we can specially handle the 3 main special Consul RPC endpoints that react to many config entries in a single blocking query in Connect:

- `DiscoveryChain.Get`
- `ConfigEntry.ResolveServiceConfig`
- `Intentions.Match`

All of these will internally watch for many config entries, and at least one of those will likely be not found in any given query. Because these are blends of multiple reads the exact solution from #12110 isn't perfectly aligned, but we can tweak the approach slightly and regain the utility of that mechanism.

### No Config Entries Found

In this case, despite looking for many config entries none may be found at all. Unlike #12110 in this scenario we do not return an empty reply to the caller, but instead synthesize a struct from default values to return. This can be handled nearly identically to #12110 with the first 1-2 replies being non-empty payloads followed by the standard spurious wakeup suppression mechanism from #12110.

### No Change Since Last Wakeup

Once a blocking query loop on the server has completed and slept at least once, there is a further optimization we can make here to detect if any of the config entries that were present at specific versions for the prior execution of the loop are identical for the loop we just woke up for. In that scenario we can return a slightly different internal sentinel error and basically externally handle it similar to #12110.

This would mean that even if 20 discovery chain read RPC handling goroutines wakeup due to the creation of an unrelated config entry, the only ones that will terminate and reply with a blob of data are those that genuinely have new data to report.

### Extra Endpoints

Since this pattern is pretty reusable, other key config-entry-adjacent endpoints used by `agent/proxycfg` also were updated:

- `ConfigEntry.List`
- `Internal.IntentionUpstreams` (tproxy)
2022-02-25 15:46:34 -06:00
Chris S. Kim aea00f10ae
Merge pull request #12442 from danieleva/12422-keyring
Allows keyring operations on client agents
2022-02-25 16:28:56 -05:00
Chris S. Kim ef929629cf
Merge pull request #12449 from hashicorp/eculver/envoy-upgrades
connect: Update supported Envoy versions to include 1.19.3 and 1.18.6
2022-02-25 14:25:45 -05:00
Jared Kirschner 7fc1bf6ec1 docs: add FAQ for obtaining copy of license
For existing enterprise customers who need access to the license.
2022-02-25 09:52:07 -08:00
Jared Kirschner d6dcd478a4 docs: add license renewal FAQ 2022-02-25 09:43:38 -08:00
Jared Kirschner d21bde2a9d docs: clarify license expiration behavior
Also corrects the grace period between expiration and termination (10 years,
not 24 hours).
2022-02-25 09:31:51 -08:00
claire labry b3438c5d60
Merge pull request #12378 from hashicorp/add-post-publish-events
Adding post-publish events to ci.hcl.
2022-02-25 12:11:32 -05:00
Daniele Vazzola 2cb1017e13 Adds changelog 2022-02-25 15:43:06 +00:00
chinmaym07 e8f010a235 Added changelog
Signed-off-by: chinmaym07 <b418020@iiit-bh.ac.in>
2022-02-25 19:29:00 +05:30
John Cowen 3055c8918f
ui: PagedCollection component (#12404)
* ui: PagedCollection component

* ui: Use PagedCollection (#12436)

* ui: Integrate PagedCollection into DisclosureMenu

* Integrate PageCollection into DC, Nspace and Partition menus
2022-02-25 10:01:08 +00:00
John Cowen 9eddc48429
ui: Add new component blueprint (#12421)
This adds a new component blueprint for all our components. We've been
using README.mdx files for quite some time to document our components
for other engineers. This adds a default file to help new engineers get
started writing useful documentation. These README.mdx file are also
very useful for building out components in isolation from scratch and
and some point will be used to run automated component testing.
2022-02-25 09:47:20 +00:00
Evan Culver 49a6109d96
Add changelog entry 2022-02-24 17:05:55 -08:00
Evan Culver 7889071385
connect: Update supported Envoy versions to include 1.19.3 and 1.18.6 2022-02-24 16:59:33 -08:00
Evan Culver 9f4d9f3f74
connect: Upgrade Envoy 1.20 to 1.20.2 (#12443) 2022-02-24 16:19:39 -08:00
R.B. Boyer 4b0f657b31
fix flaky test panic (#12446) 2022-02-24 17:35:46 -06:00
R.B. Boyer a97d20cf63
catalog: compare node names case insensitively in more places (#12444)
Many places in consul already treated node names case insensitively.
The state store indexes already do it, but there are a few places that
did a direct byte comparison which have now been corrected.

One place of particular consideration is ensureCheckIfNodeMatches
which is executed during snapshot restore (among other places). If a
node check used a slightly different casing than the casing of the node
during register then the snapshot restore here would deterministically
fail. This has been fixed.

Primary approach:

    git grep -i "node.*[!=]=.*node" -- ':!*_test.go' ':!docs'
    git grep -i '\[[^]]*member[^]]*\]
    git grep -i '\[[^]]*\(member\|name\|node\)[^]]*\]' -- ':!*_test.go' ':!website' ':!ui' ':!agent/proxycfg/testing.go:' ':!*.md'
2022-02-24 16:54:47 -06:00
Jeff-Apple 333789355c
Merge pull request #12416 from hashicorp/api-gateway-ga-docs
website: update API Gateway docs for v0.1.0 GA release
2022-02-24 12:36:34 -08:00
Michele Degges 544585370b
Remove setup-qemu step from Docker build job (#12387) 2022-02-24 12:35:47 -08:00
Jeff-Apple 7f2d35a15b
Update website/content/docs/api-gateway/index.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:27:17 -08:00
Jeff-Apple 605b0ebc73
Update website/content/docs/api-gateway/api-gateway-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:23:51 -08:00
Jeff-Apple bf13b0504f
Update website/content/docs/api-gateway/api-gateway-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:21:04 -08:00
Jeff-Apple 46a9ee9f47
Update website/content/docs/api-gateway/index.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:20:32 -08:00
Jeff-Apple 815599b06c
Update website/content/docs/api-gateway/api-gateway-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:16:47 -08:00
Jeff-Apple 0095046c69
Update website/content/docs/api-gateway/api-gateway-usage.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-02-24 12:14:06 -08:00
mrspanishviking 836a4a6d2e
Merge pull request #12441 from hashicorp/retry-docs
docs: added example for service-router retry
2022-02-24 11:39:21 -07:00
Jeff-Apple 6920f8ac7b Merge branch 'api-gateway-ga-docs' of https://github.com/hashicorp/consul into api-gateway-ga-docs 2022-02-24 10:00:43 -08:00
Jeff-Apple e8788c528d Updated helm chart version number and a minor edit 2022-02-24 09:56:55 -08:00
Karl Cardenas 568ba392b6
docs: added example for service-router retry 2022-02-24 10:52:41 -07:00
Nathan Coleman 74bffe4cf7
Update website/content/docs/api-gateway/tech-specs.mdx
Co-authored-by: Andrew Stucki <andrew.stucki@gmail.com>
2022-02-24 12:52:03 -05:00
Nathan Coleman bc4b3ce87d
Update website/content/docs/api-gateway/api-gateway-usage.mdx
Co-authored-by: Andrew Stucki <andrew.stucki@gmail.com>
2022-02-24 12:51:55 -05:00
Daniele Vazzola 397b5ed957 Allows keyring operations on client agents 2022-02-24 17:24:57 +00:00
Jeff-Apple 6e303294c4 Minor edits and additions to the API Gateway docs. 2022-02-24 07:25:58 -08:00
David Yu 2f9dc78af0
docs: set tproxy annotation to false for multi-port (#12431) 2022-02-23 18:24:15 -08:00
Nitya Dhanushkodi 1257cef7ed
add multiport docs for K8s (#12428)
* add multiport docs for K8s

* add formatting

Co-authored-by: David Yu <dyu@hashicorp.com>
2022-02-23 16:11:52 -08:00
R.B. Boyer d860384731
server: partly fix config entry replication issue that prevents replication in some circumstances (#12307)
There are some cross-config-entry relationships that are enforced during
"graph validation" at persistence time that are required to be
maintained. This means that config entries may form a digraph at times.

Config entry replication procedes in a particular sorted order by kind
and name.

Occasionally there are some fixups to these digraphs that end up
replicating in the wrong order and replicating the leaves
(ingress-gateway) before the roots (service-defaults) leading to
replication halting due to a graph validation error related to things
like mismatched service protocol requirements.

This PR changes replication to give each computed change (upsert/delete)
a fair shot at being applied before deciding to terminate that round of
replication in error. In the case where we've simply tried to do the
operations in the wrong order at least ONE of the outstanding requests
will complete in the right order, leading the subsequent round to have
fewer operations to do, with a smaller likelihood of graph validation
errors.

This does not address all scenarios, but for scenarios where the edits
are being applied in the wrong order this should avoid replication
halting.

Fixes #9319

The scenario that is NOT ADDRESSED by this PR is as follows:

1. create: service-defaults: name=new-web, protocol=http
2. create: service-defaults: name=old-web, protocol=http
3. create: service-resolver: name=old-web, redirect-to=new-web
4. delete: service-resolver: name=old-web
5. update: service-defaults: name=old-web, protocol=grpc
6. update: service-defaults: name=new-web, protocol=grpc
7. create: service-resolver: name=old-web, redirect-to=new-web

If you shutdown dc2 just before (4) and turn it back on after (7)
replication is impossible as there is no single edit you can make to
make forward progress.
2022-02-23 17:27:48 -06:00
Chris S. Kim 4b528edbe6
Merge pull request #12430 from hashicorp/ci/main-assetfs-build
auto-updated agent/uiserver/bindata_assetfs.go from commit 73b6687c5
2022-02-23 18:19:30 -05:00
John Murret 141a43409d
Adding documentation to store Enterprise License in Vault (#12375)
* Adding documentation to store Enterprise License in Vault

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Referencing Storing the Enterprise License in Vault from the Consul Enterprise installation instructions.

* Added missing words about stroing in Vault

* Update website/content/docs/k8s/installation/vault/enterprise-license.mdx

Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>

* Clarifying that enterprise code block is just changes on top of your normal config.

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: Kyle Schochenmaier <kschoche@gmail.com>
2022-02-23 14:20:45 -07:00
John Murret 0c9663c57f
Updating consul on k8s to remove known limitations of serverAdditionalDNSSans and serverAdditionalIPSans (#12338) 2022-02-23 14:04:26 -07:00
R.B. Boyer ed1bc166e4
add changelog entry for enterprise only change (#12425) 2022-02-23 14:23:48 -06:00
lornasong 4bc423204a
nia/docs 0.5.0 (#12381)
* docs/nia: new configuration for services condition & source_input (#11646)

* docs/nia: new configuration for services condition

* docs/nia: new configuration for services source_input

* reword filter and cts_user_defined_meta

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update service block config to table format

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Remove deprecated driver.working_dir (#11831)

* Deprecate workspace_prefix for now workspaces.prefix (#11836)

* docs/nia: new config field names for services condition/source_input (#11896)

* docs/nia: new config field `names` for services condition/source_input

* Remove language about 'default condition' and services condition relation to services list

Context:
 - Added a new `names` field to condition/source_input "services"
 - `names` or `regexp` must be configured for condition/source_input "services"

This therefore:
 - Removed relationship between condition/source_input "services" and
 task.services list
 - Removed concept of "default condition" i.e. condition "services" must be
 configured with `names` or `regexp`, there is no meaningful unconfigured default

Change: remove language regarding "default condition" and relationship with services list

* docs/nia: Update paramters to table format

Changes from a bulleted list to a table. Also adds the possible response codes
and fixes the update example response to include the inspect object.

* docs/nia: Delete task API and CLI

* docs/nia: Update wording for run values

Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>

* docs/nia: require condition "catalog-services" block's regexp to be configured (#11915)

Changes:
 - Update Catalog Services Condition configuration docs to new table format
 - Rewrite `regexp` field docs to be required, no longer optional
 - Remove details about `regexp` field's original default behavior when the
 field was optional

* docs/nia: Update status API docs to table format

* Cleaner wording for response descriptions

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* docs/nia - 'source_includes_var' changes (#11939)

* docs/nia - condition "services" new field source_includes_var

 - Add new configuration details for condition "services" block's
 `source_includes_var` field.
 - Note: this field's description is worded differently from condition type's
 `source_includes_var` since a services variable is always required (unlike
 other vars) for CTS modules.
 - Also worded in a way to anticipate renaming to `use_as_module_input`

* docs/nia - change 'source_includes_var' default value from false to true

 - Update configs
 - Table-ify Consul-KV condition (reuse wording from Consul-KV source input)

* docs/nia - reword task execution page for source_includes_var changes

 - Note: switched to using "module input" language over "source input" language.
 Separate PR will make a mass change across docs
 - Slim down general task condition section to have fewer details on module input
 - Updated services, catalog-services, and consul-kv condition sections for
 source_includes_var
 - Add config page links for details

* Improve CTS acronym usage
- Use Consul-Terraform-Sync at the first instance with CTS in brackets - Consul-Terraform-Sync (CTS) and then CTS for all following instances on a per-page basis.
- some exceptions: left usage of the term `Consul-Terraform-Sync` in config examples and where it made sense for hyperlinking

* Improve CTS acronym usage (part 2) (#11991)

Per page:
- At first instance in text, use "Consul-Terraform-Sync (CTS)"
- Subsequent instances in text, use "CTS"

* Update schedule condition config to table format

* Update config tables with type column

* docs/nia: Update required fields values

Standardizing Required/Optional over boolean values.

* docs/nia: Standardize order of columns

Updated Required to come before Type, which is how the configurations are formatted. Also
changed the empty strings to "none" for default values.

* Deprecate port CLI option for CTS and updated example usage

* docs/nia cts multiple source input configuration updates (#12158)

* docs/nia cts multiple source input configuration updates

CTS expanded its usage of `source_input` block configurations and added
some restrictions. This change accounts for the following changes:

- `source_input` block can be configured for a task. No longer restricting to
scheduled task
- Multiple `source_input` blocks can be configured for a task. No longer
restricting to one
- Task cannot have multiple configurations defining the same variable type

Future work: We're planning to do some renaming from "source" to "module" for
v0.5. These changes are made in the code and not yet in the docs. These will be
taken care of across our docs in a separate PR. Perpetuating "source" in this
PR to reduce confusion.

* Apply suggestions from code review

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* code review feedback

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Add "Consul object" glossary entry

Changes:
 - Add "Consul object" to CTS glossary
 - Format glossary terms so that they can be linked
 - Add link to "Consul object" glossary entry

* Reorganize source_input limitations section

Co-authored-by: findkim <6362111+findkim@users.noreply.github.com>

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: findkim <6362111+findkim@users.noreply.github.com>

* docs/nia: overview of config streamlining deprecations (#12193)

* docs/nia: overview of config streamlining deprecations

* Update config snippets to use CodeTabs

* Apply code review feedback suggestions

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Apply suggestions from code review

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* Clarify source table language

* Add use_as_module_input callout

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>

* docs/nia: deprecate "services" field and "service" block (#12234)

* Deprecate `services` field

Did a search on "`services`", "`task.services`", "services list", and "services
field"

Changes:
 - In config docs, mark `services` field as deprecated and `condition` block
 as required.
 - For necessary references to `services` field, mark with "(deprecated)" e.g.
 when listing all options for source input
 - Remove unnecessary references to `services` field from docs e.g. any docs
 encouraging use of `services`
 - Replace `services` field with `condition` / `module_input` "services" in
 config snippets and explanations

* Deprecate `service` block

Did a search for "service block", "`service`", and "service {"

Changes:
 - In config docs, mark `service` block as deprecated
 - For necessary references to `service` block, mark with "(deprecated)"
 - Remove unnecessary references to `service` block from docs

* Fix service block typos in config snippet

service block is singular and not plural

* docs/nia: deprecate "source includes var" and "source input" (#12244)

* Deprecate `source_includes_var` field

Did a search for "source_includes_var" and an audit of "include"

Changes
 - In config docs, mark `source_includes_var` field as deprecated
 - In config docs, add new field for `use_as_module_input`
 - For necessary references to `source_includes_var`, mark with "(deprecated)"
 - Audit and update "include" language

* Deprecate `source_input` field and language

Did a search and replace for "source_input", "source-input", "source input"

Changes:
 - In config docs, mark `source_input` field as deprecated
 - In config docs, add new entry for `module_input`
 - For necessary references to `source_input`, mark with "(deprecated)"
 - Remove or replace "source*input" with "module*input"

Note: added an anchor link alias e.g. `# Module Input ((#source-input))` for
headers that were renamed from "Source Input" so that bookmarked links won't
break

* Update config streamlining release removal version to 0.8

* remove duplicate bullet

* docs/nia: deprecate `source` (#12245)

* Update "source" field in config snippets to "module"

* Deprecate task config `source` field

Did a search and replace for "source" and "src"

Changes:
 - In config docs, mark `source` field as deprecated
 - In config docs, add new entry for `module`
 - Remove or replace "source" with "module"

* Deprecate Status API Event `source` field

Changes:
 - Mark `source` field as deprecated
 - Add new entry for `module`

* docs/nia - Get Task API docs & Task Status API deprecations (#12303)

* docs/nia - Get Task API

Added a Task Object section intended to be shared with the Create Task API

* docs/nia - Deprecate non-status fields from Task Status API

Deprecate the fields that Get Task API replaces

* docs/nia - Align API docs on `:task_name` request resource

Followed a convention found in Nomad docs

* docs/nia - misc fixes

Context for some:
 - remove "" from license_path for consistency - do not specify the default
 value when empty string
 - remove "optional" language from task condition. we want to move towards it
 being required

* docs/nia - add new columns to API Task Object

* Added Create Task API documentation

* Added create task CLI documentation

* addressed code review comments

* fixed example

* docs/nia: Update task delete with async behavior

CTS delete task command is now asynchronous, so updating docs to reflect
this new behavior.

* update create task CLI with new changes from code

* update create task api and cli
- update curl command to include the json header
- update example task names to use 'task_a' to conform with other examples

* docs/nia: Fix hyphens in CTS CLI output

* docs/nia: Add auto-approve option in CLI

* docs/nia: Clarify infrastructure is not destroyed on task deletion

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Kim Ngo <6362111+findkim@users.noreply.github.com>
Co-authored-by: Melissa Kam <mkam@hashicorp.com>
Co-authored-by: Melissa Kam <3768460+mkam@users.noreply.github.com>
Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
Co-authored-by: Michael Wilkerson <mwilkerson@hashicorp.com>
Co-authored-by: AJ Jwair <aj.jwair@hashicorp.com>
2022-02-23 14:22:34 -05:00