Commit Graph

13217 Commits

Author SHA1 Message Date
Freddy e4e306210a
Require operator:write to get Connect CA config (#9240)
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
2020-11-19 10:14:48 -07:00
hashicorp-ci 293ba9e0b5 auto-updated agent/uiserver/bindata_assetfs.go from commit 687ce1f9c 2020-11-19 16:13:04 +00:00
John Cowen 0ba658b74d
ui: Alter background color of filter bars (#9238) 2020-11-19 16:07:58 +00:00
John Cowen b15049aabf
ui: Surface 'detail' of API errors in the error page (#9237)
* ui: Surface 'detail' of API errors in the error page

* Make UI generated 404s look less bare
2020-11-19 16:07:23 +00:00
John Cowen 6413f71bb5
ui: ACL Tokens > Roles and Policy search and sort (#9236)
* ui: Ensure search is enabled for child items in the ACLs area

* Refactor comparators to reuse some utility functions

* Add search and sorting to the ACLs child selector

* Add tests for searching within child selectors

* Allow sorting by CreateIndex
2020-11-19 16:06:39 +00:00
John Cowen 2f0ce62228
ui: Sort lists with health by unhealthy/healthy by default (#9234)
* ui: Update lists with Health to sort by unhealthy/healthy by default

* Fix up tests for new sorting

* Make specific services page-navigation test
2020-11-19 16:05:46 +00:00
John Cowen 1332c312b3
ui: All metrics cards should default to the default nspace if not set (#9223)
* ui: All metrics cards should default to the default nspace if not set

* Use the up/downstream as the data/nspace for up/downstreams not the service
2020-11-19 16:03:26 +00:00
John Cowen 4eb64e0dea
ui: Remove ghost healthcheck from the service instance healthcheck list (#9220)
* ui: Fixup service instance healthcheck list not to show ghost check

If the proxy is undefined, then an undefined vaule is appended to the
list of checks

* There are only 6 checks in the mocks so only expect 6
2020-11-19 15:59:27 +00:00
Kit Patella c5af73c4f1
Merge pull request #9091 from scellef/correct-upgrade-guide
Correcting text on when default was changed in Consul
2020-11-18 16:54:48 -08:00
Nitya Dhanushkodi 866628b6e8
Add docs for envoyExtraArgs (#9206) 2020-11-18 15:40:39 -08:00
Daniel Nephin 35c5f83ea3
Merge pull request #9224 from hashicorp/dnephin/fix-multiple-http-listeners
agent: fix bug with multiple listeners
2020-11-18 16:52:29 -05:00
Daniel Nephin 8647483605 Use freeport
To prevent other tests which already use freeport from flaking when port 0 steals their reserved port.
2020-11-18 16:07:34 -05:00
hashicorp-ci 75a1727b31 auto-updated agent/uiserver/bindata_assetfs.go from commit 591a96d5b 2020-11-18 19:07:25 +00:00
Kenia 1b4c8a5515
ui: Fix empty state conditional for Series Graph (#9221) 2020-11-18 14:02:13 -05:00
Kenia a36c09a95a
ui: Fix mutated nspace argument (#9222) 2020-11-18 14:01:35 -05:00
hashicorp-ci fc07c63974 auto-updated agent/uiserver/bindata_assetfs.go from commit 1edef424a 2020-11-18 19:00:19 +00:00
John Cowen bc5bc038d1
ui: Refactor tomography graph component to glimmer and remove deprecation (#9219)
* ui: Refactor tomograph graph component to glimmer and remove deprecation

* Avoid ember-data deprecation error
2020-11-18 18:55:59 +00:00
John Cowen 3b093f7b7c
ui: Remove ember-computed-style to avoid deprecation error (#9218) 2020-11-18 18:55:30 +00:00
Daniel Nephin fed2a61dfc agent: fix bug with multiple listeners
Previously the listener was being passed to a closure in a loop without
capturing the loop variable. The result is only the last listener is
used, so the http/https servers only listen on one address.

This problem is fixed by capturing the variable by passing it into a
function.
2020-11-18 13:03:29 -05:00
hashicorp-ci 393d83dfa3 auto-updated agent/uiserver/bindata_assetfs.go from commit 664f1d9aa 2020-11-18 11:17:06 +00:00
John Cowen 077520c247
ui: Change title helper to page-title (#9211) 2020-11-18 11:11:30 +00:00
John Cowen 916d525ce8
ui: Add triple curlies and reformat style attribute (#9210) 2020-11-18 11:11:02 +00:00
Daniel Nephin d9af48afce
Merge pull request #9160 from hashicorp/dnephin/go-test-race-in-to-out-list
ci: change go-test-race package list to exclude list
2020-11-17 13:13:38 -05:00
Daniel Nephin 0f9b80dfa6 acl: remove t.Parallel
These tests run faster without it, and it was causing races in
enterprise tests.
2020-11-17 12:37:02 -05:00
Matt Keeler 4bca029be9
Refactor to call non-voting servers read replicas (#9191)
Co-authored-by: Kit Patella <kit@jepsen.io>
2020-11-17 10:53:57 -05:00
Kenia aa4b4c6cfa
ui: Changelog changes (#9209) 2020-11-17 10:35:56 -05:00
Matt Keeler a7d945e7b9
[docs] Change links to the DNS information to the right place (#8675)
The redirects were working in many situations but some (INTERNALS.md) was not. This just flips everything over to using the real link.
2020-11-17 10:03:00 -05:00
Kit Patella 4dfcdbab26
Merge pull request #9198 from hashicorp/mkcp/telemetry/add-all-metric-definitions
Add metric definitions for all metrics known at Consul start
2020-11-16 15:54:50 -08:00
Kit Patella 615a145e54 changelog component should mention agent not just server 2020-11-16 15:54:24 -08:00
Kit Patella 7c3013a60f add note about deleting TelemetryConfig.MergeDefaults in the future 2020-11-16 15:53:52 -08:00
hashicorp-ci 95fa102195 auto-updated agent/uiserver/bindata_assetfs.go from commit fe728855e 2020-11-16 23:41:31 +00:00
Freddy 2763833d32
Add DC and NS support for Envoy metrics (#9207)
This PR updates the tags that we generate for Envoy stats.

Several of these come with breaking changes, since we can't keep two stats prefixes for a filter.
2020-11-16 16:37:19 -07:00
Kit Patella caba383427 add changelog entry 2020-11-16 15:32:18 -08:00
Kit Patella 36aaf86647 Merge branch 'mkcp/telemetry/add-all-metric-definitions' of ssh://github.com/hashicorp/consul into mkcp/telemetry/add-all-metric-definitions 2020-11-16 15:26:12 -08:00
Kit Patella 4c30ebbb73 fix some tests that were broken from the TelemetryConfig change 2020-11-16 15:22:36 -08:00
Kit Patella 7ec3ad5b73
linting: sort and group import 2020-11-16 14:17:24 -08:00
Kit Patella 1f0b26c9d3 update runtime_test to handle PrometheusOpts expiry field change 2020-11-16 14:16:12 -08:00
Matt Keeler 197a37a860
Prevent panic if autopilot health is requested prior to leader establishment finishing. (#9204) 2020-11-16 17:08:17 -05:00
Kit Patella 64c82130b9 prometheussink has the same number of params again 2020-11-16 14:01:40 -08:00
Kit Patella 6290be054a use the MetricsPrefix to set the service name and provide as slice literal to avoid bugs from append modifying its first arg 2020-11-16 14:01:12 -08:00
Matt Keeler c01e0756d8
Add changelog entry for namespace licensing fix (#9203) 2020-11-16 15:45:55 -05:00
Kit Patella 464d13d80b push prometheus sink definiitons into prometheus.PrometheusOpts 2020-11-16 12:44:47 -08:00
Daniel Nephin de88ceed1c
Merge pull request #9114 from hashicorp/dnephin/filtering-in-stream
stream: improve naming of Payload methods
2020-11-16 14:20:07 -05:00
Kit Patella 0b18f5612e trim help strings to save a few bytes 2020-11-16 11:02:11 -08:00
Kit Patella 374748dafc merge master 2020-11-16 10:46:53 -08:00
hashicorp-ci 42641671b3 auto-updated agent/uiserver/bindata_assetfs.go from commit 959974e96 2020-11-16 15:27:40 +00:00
John Cowen 4515d6141b
ui: Replace NaN and undefined metrics values with `-` (#9200)
* ui: Add functionality to metrics mocks:

1. More randomness during blocking queries
2. NaN and undefined values that come from prometheus
3. General trivial amends to bring things closer to the style of the
project

* Provider should always provide data as a string or undefined

* Use a placeholder `-` if the metrics endpoint responds with undefined data
2020-11-16 15:22:24 +00:00
Kit Patella af719981f3 finish adding static server metrics 2020-11-13 16:26:08 -08:00
Luke Kysow 292058c569
Docs for upgrading to CRDs (#9176)
* Add Upgrading to CRDs docs
2020-11-13 15:19:21 -08:00
Kit Patella 506b5055d5
Merge pull request #9195 from hashicorp/mkcp/changelog/add-1dot9-metrics-flag-note
add note about future metric fixes and deprecations under disable_com…
2020-11-13 14:45:27 -08:00