b56bd690aa
Fixup enterprise tests from tproxy changes
2021-03-17 23:05:00 -06:00
1c46470a29
Add methods to check intention has wildcard src or dst
2021-03-17 22:15:48 -06:00
291d7562d1
Cancel watch on all errors
2021-03-17 21:44:14 -06:00
de7f2a1a74
Split up normalizing from defaulting values for upstream cfg
2021-03-17 21:37:55 -06:00
c4ff0e6eca
Uncomment listener tests
2021-03-17 21:37:12 -06:00
6c43195e2a
Merge master and fix upstream config protocol defaulting
2021-03-17 21:13:40 -06:00
0c8b618ca0
Temporarily silence spurious wakeup. Addressing false positive in beta.
2021-03-17 17:25:29 -06:00
60690cf5c9
Merge remote-tracking branch 'origin/master' into intention-topology-endpoint
2021-03-17 17:14:38 -06:00
63dcb7fa76
Add TransparentProxy option to proxy definitions
2021-03-17 17:01:45 -06:00
fb252e87a4
Add per-upstream configuration to service-defaults
2021-03-17 16:59:51 -06:00
15a145b9f6
Add changelog and cleanup todo for beta
2021-03-17 16:45:13 -06:00
ca2a62d807
Rename hasChains for clarity
2021-03-17 16:42:29 -06:00
3c7e5c3308
PR comments
2021-03-17 16:18:56 -06:00
4c58711594
Upstreams loop is only for prepared queries and they are not CentrallyConfigured
2021-03-17 15:32:52 -06:00
9256d09255
Handle prepared queries in Upstreams loop and escape hatches in disco chain loop
2021-03-17 15:17:43 -06:00
5b59780431
Update xds for transparent proxy
2021-03-17 13:40:49 -06:00
3c97e5a777
Update proxycfg for transparent proxy
2021-03-17 13:40:39 -06:00
d19a5830dd
Do not include consul as upstream or downstream
2021-03-17 13:40:04 -06:00
d2591312f8
state: add tests for config-entry indexers
2021-03-17 14:41:46 -04:00
1b8f8b135e
state: convert config-entries kind index to new pattern
2021-03-17 14:40:57 -04:00
bfcf463c3a
state: remove config-entries namespace index
...
Use a prefix of the ID index instead.
2021-03-17 14:40:57 -04:00
dcbb1ba5dd
state: remove unnecessary method receiver
2021-03-17 14:40:57 -04:00
b43977423f
state: convert config-entries table to new indexer pattern
...
Using functional indexes to isolate enterprise differentiation and
remove reflection.
2021-03-17 14:40:57 -04:00
98c32599e4
Merge pull request #9881 from hashicorp/dnephin/state-index-service-check-nodes
...
state: convert services.node and checks.node indexes
2021-03-17 14:12:02 -04:00
b771baa1f5
Merge pull request #9863 from hashicorp/dnephin/config-entry-kind-name
...
state: move ConfigEntryKindName
2021-03-17 14:09:39 -04:00
110da59c6c
auto-updated agent/uiserver/bindata_assetfs.go from commit 9e715842d
2021-03-17 16:03:18 +00:00
fab276cb7d
auto-updated agent/uiserver/bindata_assetfs.go from commit f9e8b26af
2021-03-17 14:45:58 +00:00
d38917b12b
auto-updated agent/uiserver/bindata_assetfs.go from commit aca797658
2021-03-17 11:27:44 +00:00
7123aaad92
auto-updated agent/uiserver/bindata_assetfs.go from commit 41471719e
2021-03-17 10:50:59 +00:00
a3184e6cd7
Refactor makePublicListener
...
By accepting a name the function can be used for other inbound listeners,
like the one for TransparentProxy.
2021-03-16 19:22:26 -06:00
94b02c3954
Add support for configuring TLS ServerName for health checks
...
Some TLS servers require SNI, but the Golang HTTP client doesn't
include it in the ClientHello when connecting to an IP address. This
change adds a new TLSServerName field to health check definitions to
optionally set it. This fixes #9473 .
2021-03-16 18:16:44 -04:00
cba952a6a5
Add cache-type for Internal.IntentionUpstreams
2021-03-16 11:06:47 -06:00
0b3930272d
state: convert services.node and checks.node indexes
...
Using NodeIdentity to share the indexes with both.
2021-03-16 13:00:31 -04:00
b79039c21c
Prefix match type vars to match use
2021-03-16 09:49:24 -06:00
fed983fe9a
Pass txn into service list queries
2021-03-16 09:33:08 -06:00
26ba0c0fc8
Pass txn into intention match queries
2021-03-16 08:03:52 -06:00
d7f3bcc8bb
Replace CertURI.Authorize() calls.
...
AuthorizeIntentionTarget is a generalized version of the old function,
and can be evaluated against sources or destinations.
2021-03-15 18:06:04 -06:00
eb6c0cbea0
Fixup typo, comments, and regression
2021-03-15 17:50:47 -06:00
9bfb0969f9
Fixup upstream test
2021-03-15 17:20:30 -06:00
940b7a98d1
Finish cleanup from ServiceConfigRequest changes
2021-03-15 16:38:01 -06:00
a67c92b961
Update service manager to pass MeshGateway with config req
2021-03-15 16:08:03 -06:00
871e1d3e31
PR comments
2021-03-15 16:02:03 -06:00
04fbc104cd
Pass MeshGateway config in service config request
...
ResolveServiceConfig is called by service manager before the proxy
registration is in the catalog. Therefore we should pass proxy
registration flags in the request rather than trying to fetch
them from the state store (where they may not exist yet).
2021-03-15 14:32:13 -06:00
d90240d367
Restore old Envoy prefix on escape hatches
...
This is done because after removing ID and NodeName from
ServiceConfigRequest we will no longer know whether a request coming in
is for a Consul client earlier than v1.10.
2021-03-15 14:12:57 -06:00
13cce3419a
Only lowercase the protocol when normalizing
2021-03-15 14:12:15 -06:00
f584c2d7c5
Add omitempty across the board for UpstreamConfig
2021-03-15 13:23:18 -06:00
3b2169b36d
Add RPC endpoint for intention upstreams
2021-03-15 08:50:35 -06:00
e4e14639b2
Add state store function for intention upstreams
2021-03-15 08:50:35 -06:00
4976c000b7
Refactor IntentionDecision
...
This enables it to be called for many upstreams or downstreams of a
service while only querying intentions once.
Additionally, decisions are now optionally denied due to L7 permissions
being present. This enables the function to be used to filter for
potential upstreams/downstreams of a service.
2021-03-15 08:50:35 -06:00
2a53b8293a
proxycfg: use rpcclient/health.Client instead of passing around cache name
...
This should allow us to swap out the implementation with something other
than `agent/cache` without making further code changes.
2021-03-12 11:46:04 -05:00
c33570be34
catalog_events: set the right key for connect snapshots
2021-03-12 11:35:43 -05:00
410b1261c2
proxycfg: Use streaming in connect state
2021-03-12 11:35:42 -05:00
e2215d9f0f
rpcclient: use streaming for connect health
2021-03-12 11:35:42 -05:00
3d85c29445
Update content hash due to new field
2021-03-11 19:59:19 -07:00
d27208ce7c
Fixup more tests
2021-03-11 16:26:55 -07:00
be78d3c39a
Fixup protobufs and tests
2021-03-11 14:58:59 -07:00
237b41ac8f
Merge pull request #9672 from hashicorp/ca-force-skip-xc
...
connect/ca: Allow ForceWithoutCrossSigning for all providers
2021-03-11 11:49:15 -08:00
3de0b32cc5
Update service manager to store centrally configured upstreams
2021-03-11 11:37:21 -07:00
7a3625f58b
Add TransparentProxy opt to proxy definition
2021-03-11 11:37:21 -07:00
ac70808792
Restore old escape hatch alias
2021-03-11 11:36:35 -07:00
c30157d2f2
Turn Limits and PassiveHealthChecks into pointers
2021-03-11 11:04:40 -07:00
5dbeeee673
auto-updated agent/uiserver/bindata_assetfs.go from commit fa6687b7f
2021-03-11 09:34:21 +00:00
b98abb6f09
Update server-side config resolution and client-side merging
2021-03-10 21:05:11 -07:00
68148a1dae
finish moving UpstreamConfig and related fields to structs pkg
2021-03-10 21:04:13 -07:00
4877183bc6
Merge pull request #9797 from hashicorp/dnephin/state-index-node-id
...
state: convert nodes.ID to the new pattern of functional indexers
2021-03-10 17:34:23 -05:00
51ad94360b
state: move ConfigEntryKindName
...
Previously this type was defined in structs, but unlike the other types in structs this type
is not used by RPC requests. By moving it to state we can better indicate that this is not
an API type, but part of the state implementation.
2021-03-10 12:27:22 -05:00
5c5ba9564d
Merge pull request #9796 from hashicorp/dnephin/state-cleanup-catalog-index-oss
...
state: remove duplicate tableCheck indexes
2021-03-10 12:20:09 -05:00
97d4e872d3
Merge pull request #9851 from panascais-forks/fix-wan-ipv6-key
...
Fix advertise_addr_wan_ipv6 configuration key
2021-03-10 11:56:07 -05:00
94820e67a8
structs: remove EnterpriseMeta.GetNamespace
...
I added this recently without realizing that the method already existed and was named
NamespaceOrEmpty. Replace all calls to GetNamespace with NamespaceOrEmpty or NamespaceOrDefault
as appropriate.
2021-03-09 15:17:26 -05:00
848314782e
Merge pull request #9671 from hashicorp/streaming/terminating-gateway-events
...
state: Add terminating gateway events for streaming
2021-03-09 14:20:21 -05:00
97bc073bd9
state: adjust compare for catalog events
...
Document that this comparison should roughly match MatchesKey
Only sort by overrideKey or service name, but not both
Add namespace to the sort.
The client side also builds a map of these based on the namespace/node/service key, so the only order
that really matters is the ordering of register/dereigster events.
2021-03-09 14:00:36 -05:00
0d3bb68255
state: handle terminating gateway events properly in snapshot
...
Refactored out a function that can be used for both the snapshot and stream of events to translate
an event into an appropriate connect event.
Previously terminating gateway events would have used the wrong key in the snapshot, which would have
caused them to be filtered out later on.
Also removed an unused function, and some commented out code.
2021-03-09 14:00:35 -05:00
de3fba8ef3
Add remaining terminating gateway tests for namespaces
...
Co-Authored-By: Daniel Nephin <dnephin@hashicorp.com>
2021-03-09 14:00:35 -05:00
38aeb88908
Start to setup enterprise tests for terminating gateway streaming events.
...
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:35 -05:00
d0b37f18f0
state: Add support for override of namespace
...
in MatchesKey
also tests for MatchesKey
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:35 -05:00
ba59727337
state: update calls to ensureConfigEntryTxn
...
The EnterpriseMeta paramter was removed after this code was written, but before it merged.
Also the table name constant has changed.
2021-03-09 14:00:35 -05:00
730cc575e6
state: add 2 more test cases for terminate gateway streaming events
...
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:34 -05:00
eadc8546a9
Added 6 new test cases for terminating gateway events
...
Co-Authored-By: Daniel Nephin <dnephin@hashicorp.com>
2021-03-09 14:00:34 -05:00
15b0d5f62b
state: Add two more tests for connect events with terminating gateways
...
And expand one test case to cover more.
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:34 -05:00
abab373b89
state: Include the override key in the sorting of events
...
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:34 -05:00
f31582624d
state: Add terminating gateway events on updating a config entry
...
Co-Authored-By: Daniel Nephin <dnephin@hashicorp.com>
2021-03-09 14:00:34 -05:00
f42a2ca8a3
state: add first terminating catalog catalog event
...
Health of a terminating gateway instance changes
- Generate an event for creating/destroying this instance of the terminating gateway,
duplicate it for each affected service
Co-Authored-By: Kyle Havlovitz <kylehav@gmail.com>
2021-03-09 14:00:33 -05:00
f71bba20e7
Fix advertise_addr_wan_ipv6 configuration key
2021-03-09 14:56:44 +01:00
da1663bed9
auto-updated agent/uiserver/bindata_assetfs.go from commit 33d038377
2021-03-09 09:35:32 +00:00
4bbd495b54
Create new types for service-defaults upstream cfg
2021-03-08 22:10:27 -07:00
f0e34dfadb
auto-updated agent/uiserver/bindata_assetfs.go from commit 308e5a480
2021-03-08 12:28:15 +00:00
1184ceff9e
state: convert nodes.ID to new functional pattern
...
In preparation for adding other identifiers to the index.
2021-03-05 12:30:40 -05:00
503041f216
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request ( #9658 )
...
- Also add support for envoy 1.17.0
2021-02-26 16:23:15 -06:00
4a44cfd676
Merge pull request #9188 from hashicorp/dnephin/more-streaming-tests
...
Add more streaming tests
2021-02-26 12:36:55 -05:00
d7ffd6c27d
Merge pull request #9759 from hashicorp/dnephin/streaming-default-rpc-enabled
...
streaming: default rpc.enable_streaming to true
2021-02-26 12:08:00 -05:00
4ef9578a07
Merge pull request #9703 from pierresouchay/streaming_tags_and_case_insensitive
...
Streaming filter tags + case insensitive lookups for Service Names
2021-02-26 12:06:26 -05:00
2cc3282d5d
catalog_events: set the right key for connect snapshots
...
Add a test for catalog_event snapshot on connect topic
2021-02-25 14:30:39 -05:00
85da1af04c
consul: Add integration tests of streaming.
...
Restored from streaming-rpc-final branch.
Co-authored-by: Paul Banks <banks@banksco.de>
2021-02-25 14:30:39 -05:00
e8beda4685
state: Add a test for ServiceHealthSnapshot
2021-02-25 14:08:10 -05:00
88bbde56da
agent: add a test for streaming in the service health endpoint
...
Co-authored-by: Paul Banks <banks@banksco.de>
2021-02-25 14:08:10 -05:00
af2431793b
streaming: default rpc.enable_streaming to true
...
So that all servers will start the grpc server used by streaming
2021-02-25 14:06:04 -05:00
4ebdbf57d7
auto-updated agent/uiserver/bindata_assetfs.go from commit 779f7f7b6
2021-02-25 09:41:02 +00:00
2d500d24b8
ui: Remove any trailing fullstop/period DNS characters from Gateways UI API ( #9752 )
...
Previous to this commit, the API response would include Gateway
Addresses in the form `domain.name.:8080`, which due to the addition of
the port is probably not the expected response.
This commit rightTrims any `.` characters from the end of the domain
before formatting the address to include the port resulting in
`domain.name:8080`
2021-02-25 09:34:47 +00:00
4336d522c1
test: omit envoy golden test files that differ from the latest version ( #9807 )
...
Since we currently do no version switching this removes 75% of the PR
noise.
To generate all *.golden files were removed and then I ran:
go test ./agent/xds -update
2021-02-24 14:04:31 -06:00
8ebffea6a6
auto-updated agent/uiserver/bindata_assetfs.go from commit f9b0e50ca
2021-02-24 09:08:42 +00:00
freddygv