kenia
eb2b804211
Create TransparentProxy mode label for service instance page
2021-04-15 09:19:21 -04:00
kenia
ba3b84085f
Create Topology Metrics Source Type to be in each Card
2021-04-15 09:19:21 -04:00
kenia
db23ab7d16
Refactor Topology Metrics Card component
2021-04-15 09:19:21 -04:00
kenia
44df7a5cd4
Create warning banners for permissive default-allow and wildcard-intention
2021-04-15 09:19:21 -04:00
kenia
bcad886efd
Update service-topology mock data with new attributes: TransparentProxy, DefaultAllow, WildcardIntention, and Source
2021-04-15 09:19:21 -04:00
Kent 'picat' Gruber
7e9bcb06ca
Merge pull request #10030 from hashicorp/fix-ent-audit-log-bypass
...
Add synthetic enterprise entry for CVE-2021-28156
2021-04-14 20:08:51 -04:00
Kent 'picat' Gruber
78ce699787
Add component name to entry
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-04-14 19:41:04 -04:00
Kent 'picat' Gruber
2998db9cda
Merge pull request #10023 from hashicorp/fix-raw-kv-xss
...
Add content type headers to raw KV responses
2021-04-14 18:49:14 -04:00
Kent 'picat' Gruber
8f897ee341
Add synthetic enterprise entry for CVE-2021-28156
2021-04-14 18:45:49 -04:00
Daniel Nephin
e17c82306a
Merge pull request #10025 from hashicorp/dnephin/fix-snapshot-auth-methods
...
snapshot: fix saving of auth methods
2021-04-14 17:18:35 -04:00
Daniel Nephin
2a10f01bf5
snapshot: fix saving of auth methods
...
Previously only a single auth method would be saved to the snapshot. This commit fixes the typo
and adds to the test, to show that all auth methods are now saved.
2021-04-14 16:51:21 -04:00
Kent 'picat' Gruber
6aed60655f
Add security release-note changelog entry
2021-04-14 16:40:47 -04:00
Kent 'picat' Gruber
debbf4a604
Add better security warning to docs about the content-type change
2021-04-14 16:36:40 -04:00
Kent 'picat' Gruber
992bf13166
Update KV docs to note new raw response content-type header
2021-04-14 16:21:03 -04:00
Kent 'picat' Gruber
91aefe50ab
Add content type headers to raw KV responses
2021-04-14 16:20:22 -04:00
R.B. Boyer
1ae772ff99
mod: bump to github.com/hashicorp/mdns v1.0.4 ( #10018 )
2021-04-14 14:17:52 -05:00
Daniel Nephin
5d493daf82
Merge pull request #10014 from hashicorp/dnephin/changelog
...
Add changelog for enterprise change
2021-04-14 14:09:35 -04:00
freddygv
2ff8b9f2f5
Avoid returning a nil slice
2021-04-14 10:52:05 -06:00
Matt Keeler
aa0eb60f57
Move static token resolution into the ACLResolver ( #10013 )
2021-04-14 12:39:35 -04:00
R.B. Boyer
0470d9ec25
fix broken golden tests
2021-04-14 11:36:47 -05:00
Freddy
a85bfc0bd0
Merge pull request #10006 from hashicorp/api-ptrs
2021-04-14 10:21:08 -06:00
freddygv
7fd4c569ce
Update viz endpoint to include topology from intentions
2021-04-14 10:20:15 -06:00
Freddy
57b998e027
Merge pull request #9987 from hashicorp/remove-kube-dns-hack
2021-04-14 10:00:53 -06:00
Daniel Nephin
ba4f2f853e
Add changelog for enterprise change
2021-04-14 11:50:15 -04:00
Mike Wickett
7bbac0ca58
Merge pull request #10008 from hashicorp/mw.update-homepage-links
...
website: update why hashicorp links
2021-04-14 10:57:29 -04:00
ketzacoatl
001e7fb5a0
add consul-haskell to libraries-and-sdks documentation ( #9982 )
...
See also https://github.com/alphaHeavy/consul-haskell/issues/40 .
2021-04-13 21:06:19 -04:00
freddygv
e175b309fb
Fixup tests
2021-04-13 16:08:41 -06:00
Mike Wickett
03b496a1c0
website: update why hashicorp links
2021-04-13 15:55:15 -04:00
freddygv
50c7915156
Convert new tproxy structs in api module into ptrs
...
This way we avoid serializing these when empty. Otherwise users of the
latest version of the api submodule cannot interact with older versions
of Consul, because a new api client would send keys that the older Consul
doesn't recognize yet.
2021-04-13 12:44:25 -06:00
Freddy
79257c1489
Merge pull request #10005 from hashicorp/tproxy-fixes
2021-04-13 11:45:40 -06:00
Daniel Nephin
6ee17c15ff
tlsutil: fix a test for go1.16
...
Using a TestSigner was causing problems because go1.16 has this change:
> CreateCertificate now verifies the generated certificate's signature
> using the signer's public key. If the signature is invalid, an error is
> returned, instead of a malformed certificate.
See https://golang.org/doc/go1.16#crypto/x509
2021-04-13 13:31:20 -04:00
Daniel Nephin
7f65880829
connect: fix test for go1.16
...
There is no way to compare x509.CertPools now that it has an unexpected
function field. This comparison is as close as we can get.
See https://github.com/golang/go/issues/26614 for a related issue.
2021-04-13 13:25:45 -04:00
Freddy
754be9f6a4
Merge pull request #10000 from hashicorp/remove-upstream-cfg-validation
...
Remove zero-value validation of upstream cfg structs
2021-04-13 11:00:02 -06:00
freddygv
911d7dcaa8
Remove todo that was todone
2021-04-13 10:19:59 -06:00
freddygv
84a5f91a08
Avoid nil panic when cluster config doesn't exist
2021-04-13 10:17:11 -06:00
Daniel Nephin
6df4d60675
ci: test against Go1.16.3
2021-04-13 12:06:13 -04:00
Freddy
86bd47c7a0
Merge pull request #10003 from hashicorp/proxycfg-tproxy-ent-fixup
...
Fixup wildcard ent assertion
2021-04-13 09:56:05 -06:00
freddygv
83501d5415
Augment intention decision summary with DefaultAllow mode
2021-04-12 19:32:09 -06:00
freddygv
36e9326dab
Fixup wildcard ent assertion
2021-04-12 17:04:33 -06:00
Freddy
2a3229992e
Merge pull request #9999 from hashicorp/update-enabling-tproxy
2021-04-12 16:37:04 -06:00
Kendall Strautman
784e55a38d
fix(website): docs link text color ( #10001 )
2021-04-12 13:47:12 -04:00
freddygv
b83841ab29
Fixup bexpr filtering
2021-04-12 10:17:52 -06:00
freddygv
e6d44ae03b
Remove zero-value validation of upstream cfg structs
...
The zero value of these flags was already being excluded in the xDS
generation of circuit breaker/outlier detection config.
See: makeThresholdsIfNeeded and ToOutlierDetection.
2021-04-12 10:08:57 -06:00
freddygv
eeccba945d
Replace TransparentProxy bool with ProxyMode
...
This PR replaces the original boolean used to configure transparent
proxy mode. It was replaced with a string mode that can be set to:
- "": Empty string is the default for when the setting should be
defaulted from other configuration like config entries.
- "direct": Direct mode is how applications originally opted into the
mesh. Proxy listeners need to be dialed directly.
- "transparent": Transparent mode enables configuring Envoy as a
transparent proxy. Traffic must be captured and redirected to the
inbound and outbound listeners.
This PR also adds a struct for transparent proxy specific configuration.
Initially this is not stored as a pointer. Will revisit that decision
before GA.
2021-04-12 09:35:14 -06:00
freddygv
fb4d07243d
Avoid failing test due to undiscoverable node name
2021-04-12 09:26:55 -06:00
hashicorp-ci
abc9daf1ea
auto-updated agent/uiserver/bindata_assetfs.go from commit 84064f972
2021-04-12 13:08:41 +00:00
Kenia
eb8024375a
ui: Return empty string protocol for upstream/downstream metrics request ( #9989 )
2021-04-12 09:03:57 -04:00
freddygv
9c219a5b58
Fixup mesh gateway docs
2021-04-11 15:48:04 -06:00
tarat44
9a2e630f86
fix formatting
2021-04-11 15:12:33 -04:00
tarat44
f2ba70d559
add WaitGroup to h2ping
2021-04-11 15:11:00 -04:00