Commit graph

17842 commits

Author SHA1 Message Date
Jared Kirschner dd81f6a76f docs: adjust HTTP API/CLI characteristics tables 2022-07-25 15:31:39 -07:00
Jared Kirschner dd12584981 docs: restructure partition API characteristics
The existing characteristics were restructured into a list.
The corresponding CLI command characteristic was added.
2022-07-25 15:31:38 -07:00
Jared Kirschner 44de9aaf4b docs: remove partition subcommand usage headings 2022-07-25 15:31:38 -07:00
Jared Kirschner 13c91ddbdc docs: add partition command characteristics
Characteristics include:
- Required ACL permissions
- Corresponding HTTP API endpoint
- (Lack of) support for blocking queries and agent caching
2022-07-25 15:31:38 -07:00
Jared Kirschner d9d29ad0ed docs: add partial for api/cli characteristics links 2022-07-25 15:31:38 -07:00
Jared Kirschner 53ab2bd9d2
Merge pull request #13405 from hashicorp/jkirschner-hashicorp-patch-3
docs: correct Vault CA multiple namespace support
2022-07-20 17:52:32 -04:00
Luke Kysow 28dd74a9d1
Add heartbeat proto to peer stream (#13804) 2022-07-20 11:31:02 -07:00
Michael Klein 59b044f96d
ui: no partition and peer in bucket-list at the same time (#13812)
* don't show partition / peer at the same time in bucket-list

* use bucket-list in intentions table

* add bucket-list tests

* Simplify bucket list - match old behavior

Refactor the bucket-list component to be easier to grok and match
how the old template based approach worked. I.e. do not surface
partition or namespace when it matches the passed nspace or partition
property.

* Update docs for bucket-list

* fix linting
2022-07-20 16:07:52 +01:00
John Cowen 9176d3ed33
ui: Add Peer Form (#13794) 2022-07-20 12:58:47 +01:00
John Cowen a9d3de8b3e
ui: Peer token use form (#13792) 2022-07-20 12:38:39 +01:00
Evan Culver 285b4cef2b
connect: Add support for Envoy 1.23, remove 1.19 (#13807) 2022-07-19 14:51:04 -07:00
Paul Glass a9f17c0f99
Extract AWS auth implementation out of Consul (#13760) 2022-07-19 16:26:44 -05:00
Chris S. Kim dcc230f699
Make envoy resources for inferred peered upstreams (#13758)
Peered upstreams has a separate loop in xds from discovery chain upstreams. This PR adds similar but slightly modified code to add filters for peered upstream listeners, clusters, and endpoints in the case of transparent proxy.
2022-07-19 14:56:28 -04:00
alex 64b3705a31
peering: refactor reconcile, cleanup (#13795)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-19 11:43:29 -07:00
Ranjandas 6b653fb827
Update Single DC Multi K8S doc (#13278)
* Updated note with details of various K8S CNI options

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-19 09:45:41 -07:00
Luke Kysow a0640aa696
makefile: give better error for tool installed by wrong package (#13797)
I had protoc-gen-go installed through `google.golang.org/protobuf` instead of
`github.com/golang/protobuf` and `make proto` was failing silently.
This change will ensure you get an error:

```
protoc-gen-go is already installed by module "google.golang.org/protobuf" but
should be installed by module "github.com/golang/protobuf".
Delete it and re-run to re-install.
```
2022-07-19 09:16:24 -07:00
Michael Klein 7bfe4dd020
ui: chore - fix CI test-suite (#13799)
* fix linting issue

* Update datacenter selector page-object to not include separator.

* change non-valid li to div for singe dc name
2022-07-19 14:06:11 +01:00
Jared Kirschner 2acc4faca1
Merge pull request #13787 from hashicorp/fix-acl-read-token-self-expanded-panic
Fix panic on acl token read with -self and -expanded
2022-07-18 20:34:50 -04:00
Luke Kysow eba682fc08
peerstream: set keepalive enforcement to 15s (#13796)
The client is set to send keepalive pings every 30s. The server
keepalive enforcement must be set to a number less than that,
otherwise it will disconnect clients for sending pings too often.
MinTime governs the minimum amount of time between pings.
2022-07-18 16:12:03 -07:00
Jared Kirschner 47c3a92711 Fix panic on acl token read with -self and -expanded 2022-07-18 15:52:05 -07:00
alex 84b458149f
fix leader annotation (#13786)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-18 10:34:59 -07:00
alex 4ff097c4cf
peering: track exported services (#13784)
Signed-off-by: acpana <8968914+acpana@users.noreply.github.com>
2022-07-18 10:20:04 -07:00
John Cowen 987b6255fb
ui: Add peer token generation form (#13755)
* ui: Add peer token generation form
2022-07-18 17:39:52 +01:00
John Cowen 539abdf60f
ui: Adds Peer initiation form (#13754) 2022-07-18 17:39:22 +01:00
John Cowen c474a369f6
ui: Add a modal.opened property for inspecting whether the modal is open (#13723)
* ui: Add a modal.opened property for inspecting whether the modal is open

* merge isOpen setting into the exiting event handler

* Revert to multiple listeners, plus comment to explain

* Wrap close in an afterRender
2022-07-18 15:30:37 +01:00
Michael Klein b3488abc11
ui: wan federation message dc-dropdown (#13753)
* Only display dc dropdown when more than one dc is available

* Add wan federation message to dc dropdown

* Add test for conditionally displaying dc dropdown

* Move single datacenter indicator into datacenter selector

* Add `DATACENTERS` seperator dc dropdown

* "fix" unnecessary margin-top in dc dropdown
2022-07-18 13:22:17 +01:00
R.B. Boyer bec4df0679
peerstream: require a resource subscription to receive updates of that type (#13767)
This mimics xDS's discovery protocol where you must request a resource
explicitly for the exporting side to send those events to you.

As part of this I aligned the overall ResourceURL with the TypeURL that
gets embedded into the encoded protobuf Any construct. The
CheckServiceNodes is now wrapped in a better named "ExportedService"
struct now.
2022-07-15 15:03:40 -05:00
R.B. Boyer 7da65c02a6
peerstream: fix test assertions (#13780) 2022-07-15 14:43:24 -05:00
Luke Kysow 3968f21339
Add docs for peerStreamServer vs peeringServer. (#13781) 2022-07-15 12:23:05 -07:00
Luke Kysow a8721c33c5
peerstream: dialer should reconnect when stream closes (#13745)
* peerstream: dialer should reconnect when stream closes

If the stream is closed unexpectedly (i.e. when we haven't received
a terminated message), the dialer should attempt to re-establish the
stream.

Previously, the `HandleStream` would return `nil` when the stream
was closed. The caller then assumed the stream was terminated on purpose
and so didn't reconnect when instead it was stopped unexpectedly and
the dialer should have attempted to reconnect.
2022-07-15 11:58:33 -07:00
R.B. Boyer 743cecc559
test: fix flaky test TestAPI_CatalogNodes (#13779) 2022-07-15 13:24:22 -05:00
R.B. Boyer 61ebb38092
server: ensure peer replication can successfully use TLS over external gRPC (#13733)
Ensure that the peer stream replication rpc can successfully be used with TLS activated.

Also:

- If key material is configured for the gRPC port but HTTPS is not
  enabled now TLS will still be activated for the gRPC port.

- peerstream replication stream opened by the establishing-side will now
  ignore grpc.WithBlock so that TLS errors will bubble up instead of
  being awkwardly delayed or suppressed
2022-07-15 13:15:50 -05:00
alex 70ad4804b6
peering: track imported services (#13718) 2022-07-15 10:20:43 -07:00
Evan Culver d9643ca499
Latest submodule versions (#13750) 2022-07-15 09:58:21 -07:00
alex 5eaab0efcb
peering: add warning about AllowStaleRead (#13768) 2022-07-15 09:56:33 -07:00
John Murret 28bf578b2d
Made changes based on Adams suggestions (#13490)
* Made changes based on Adams suggestions

* updating list layout in systems integration guide.  updating wan federation docs.

* fixing env vars on systems integration page

* fixing h3 to h2 on enterprise license page

* Changed `The following steps will be performed` to `Complete the following steps`

* Replaced `These steps will be repeated for each datacenter` with `Repeat the following steps for each datacenter in the cluster`

* Emphasizing that kv2 secrets only need to be stored once.

* Move the sentence indicating where the vault path maps to the helm chart out of the -> Note callout

* remaining suggestions

* Removing store the secret in Vault from server-tls page

* Making the Bootstrapping the Server PKI Engine sections the same on server-tls and webhook-cert pages

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Updating VAULT_ADDR on systems-integration to get it out of the shell.

* Updating intro paragraph of Overview on systems-integration.mdx to what Adamsuggested.

* Putting the GKE, AKS, AKS info into tabs on the systems integration page.

* Apply suggestions from code review

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-07-15 10:35:42 -06:00
Matt Keeler 7ae0c69729
Use Node Name for peering healthSnapshot instead of ID (#13773)
A Node ID is not a required field with Consul’s data model. Therefore we cannot reliably expect all uses to have it. However the node name is required and must be unique so its equally as good of a key for the internal healthSnapshot node tracking.
2022-07-15 10:51:38 -04:00
Matt Keeler 17565a4fca
Enable partition support for peering establishment (#13772)
Prior to this the dialing side of the peering would only ever work within the default partition. This commit allows properly parsing the partition field out of the API struct request body, query param and header.
2022-07-15 10:07:07 -04:00
Michele Degges 0ffcbf020e
[CI-only] Support fossa scanning (#13694) 2022-07-14 13:02:13 -07:00
Dan Stough 084f9d7084 feat: connect proxy xDS for destinations
Signed-off-by: Dhia Ayachi <dhia@hashicorp.com>
2022-07-14 15:27:02 -04:00
Michael Klein 8b9a126386
ui: remove with-peers query param (#13756)
* Don't request nodes/services `with-peers` anymore

This will be automatic - no need for the query-param anymore.

* Return peering data based on feature flag mock-api services/nodes

* Update tests to reflect removed with-peers query-param

* setup cookie for turning peer feature flag on in mock-api in testing

* Add missing `S` for renamed PEERING feature-flag cookie
2022-07-14 19:32:53 +01:00
Daniel Upton ac4ac1b062 Changelog entry 2022-07-14 18:22:12 +01:00
Daniel Upton 7f69e27926 proxycfg-glue: server-local implementation of FederationStateListMeshGateways
This is the OSS portion of enterprise PR 2265.

This PR provides a server-local implementation of the
proxycfg.FederationStateListMeshGateways interface based on blocking queries.
2022-07-14 18:22:12 +01:00
Daniel Upton a5a6102a3b proxycfg-glue: server-local implementation of GatewayServices
This is the OSS portion of enterprise PR 2259.

This PR provides a server-local implementation of the proxycfg.GatewayServices
interface based on blocking queries.
2022-07-14 18:22:12 +01:00
Daniel Upton a280c9a10b proxycfg-glue: server-local implementation of TrustBundle and TrustBundleList
This is the OSS portion of enterprise PR 2250.

This PR provides server-local implementations of the proxycfg.TrustBundle and
proxycfg.TrustBundleList interfaces, based on local blocking queries.
2022-07-14 18:22:12 +01:00
Daniel Upton 70f29942f4 proxycfg-glue: server-local implementation of the Health interface
This is the OSS portion of enterprise PR 2249.

This PR introduces an implementation of the proxycfg.Health interface based on a
local materialized view of the health events.

It reuses the view and request machinery from agent/rpcclient/health, which made
it super straightforward.
2022-07-14 18:22:12 +01:00
Daniel Upton 688dfe3138 proxycfg-glue: server-local implementation of ServiceList
This is the OSS portion of enterprise PR 2242.

This PR introduces a server-local implementation of the proxycfg.ServiceList
interface, backed by streaming events and a local materializer.
2022-07-14 18:22:12 +01:00
Daniel Upton 599f5e2207 proxycfg-glue: server-local compiled discovery chain data source
This is the OSS portion of enterprise PR 2236.

Adds a local blocking query-based implementation of the proxycfg.CompiledDiscoveryChain interface.
2022-07-14 18:22:12 +01:00
Jared Kirschner 664033e68e
Merge pull request #13655 from hashicorp/docs/add-envoy-to-standard-upgrade-instructions
docs: add Envoy upgrade step to std upgrade docs
2022-07-14 13:11:12 -04:00
Jared Kirschner 9c0f2478b9 docs: add Envoy upgrade step to std upgrade docs 2022-07-14 06:56:11 -07:00