Commit Graph

9818 Commits

Author SHA1 Message Date
Alvin Huang bf1d799e3a
fix redirects for acl-migrate-tokens (#5749) 2019-04-30 13:28:58 -04:00
Matt Keeler 1e94c07948
Update CHANGELOG.md 2019-04-30 13:25:10 -04:00
R.B. Boyer 4b33f513ad
ui: fix 'make ui' again (#5751)
When the v1 ui was removed the ui build incorrectly copied everything
into a /dist/ subdirectory instead of directly into the top level.
2019-04-30 12:23:24 -05:00
kaitlincarter-hc 4a2ad7d36a
[docs] Fixing API broken links (#5732)
* starting broken link fixes

* Updating the other links for ACLs

* Updating the rest of the links

* fixing acl required links.

* update a bunch of other links

* updated a couple more broken links based on Alvins checker

* removed the extra s
2019-04-30 12:20:51 -05:00
Matt Keeler 62d2145d02
Update CHANGELOG.md 2019-04-30 11:46:52 -04:00
Matt Keeler 8beb5c6082
ACL Token ID Initialization (#5307) 2019-04-30 11:45:36 -04:00
R.B. Boyer 4ee5e71dcd
cli: actually allow the 'connect envoy' and 'watch' subcommands to work with -token-file (#5733) 2019-04-30 09:59:00 -05:00
Paul Banks 374c0f66b1
Modify ConfigEntry bootstrapping syntax more generic (#5744)
* Modify ConfigEntry bootstrapping syntax to be generic and compatible with other CLI config syntax. Refs #5743

* Fix gofmt issues.
2019-04-30 15:13:59 +01:00
Freddy a4359073e4
Update CHANGELOG.md 2019-04-29 17:27:26 -06:00
Kyle Havlovitz 64174f13d6 Add HTTP endpoints for config entry management (#5718) 2019-04-29 18:08:09 -04:00
Matt Keeler 32e821eda2
Enabling "service" watch handler to accept a slice of tags
Originally from PR #5347
2019-04-29 15:28:01 -04:00
Paul Banks 26ef7943ed
Update CHANGELOG.md 2019-04-29 17:43:15 +01:00
Paul Banks d6c0557e86
Connect: allow configuring Envoy for L7 Observability (#5558)
* Add support for HTTP proxy listeners

* Add customizable bootstrap configuration options

* Debug logging for xDS AuthZ

* Add Envoy Integration test suite with basic test coverage

* Add envoy command tests to cover new cases

* Add tracing integration test

* Add gRPC support WIP

* Merged changes from master Docker. get CI integration to work with same Dockerfile now

* Make docker build optional for integration

* Enable integration tests again!

* http2 and grpc integration tests and fixes

* Fix up command config tests

* Store all container logs as artifacts in circle on fail

* Add retries to outer part of stats measurements as we keep missing them in CI

* Only dump logs on failing cases

* Fix typos from code review

* Review tidying and make tests pass again

* Add debug logs to exec test.

* Fix legit test failure caused by upstream rename in envoy config

* Attempt to reduce cases of bad TLS handshake in CI integration tests

* bring up the right service

* Add prometheus integration test

* Add test for denied AuthZ both HTTP and TCP

* Try ANSI term for Circle
2019-04-29 17:27:57 +01:00
R.B. Boyer e0778eeee9 update changelog 2019-04-26 15:43:34 -05:00
R.B. Boyer b216c235d1 remove reference to deleted branch 2019-04-26 15:39:57 -05:00
Paul Banks 36ae4cb8e7
Update CHANGELOG.md 2019-04-26 21:39:06 +01:00
R.B. Boyer ea2740fd32
Merge pull request #5617 from hashicorp/f-acl-ux
Secure ACL Introduction for Kubernetes
2019-04-26 15:34:26 -05:00
Aestek 9813abcb09 Fix: fail messages after a node rename replace the new node definition (#5520)
When receiving a serf faild message for a node which is not in the
catalog, do not perform a register request to set is serf heath to
critical as it could overwrite the node information and services if it
was renamed.

Fixes : #5518
2019-04-26 21:33:41 +01:00
R.B. Boyer 5a505c5b3a acl: adding support for kubernetes auth provider login (#5600)
* auth providers
* binding rules
* auth provider for kubernetes
* login/logout
2019-04-26 14:49:25 -05:00
R.B. Boyer 9542fdc9bc acl: adding Roles to Tokens (#5514)
Roles are named and can express the same bundle of permissions that can
currently be assigned to a Token (lists of Policies and Service
Identities). The difference with a Role is that it not itself a bearer
token, but just another entity that can be tied to a Token.

This lets an operator potentially curate a set of smaller reusable
Policies and compose them together into reusable Roles, rather than
always exploding that same list of Policies on any Token that needs
similar permissions.

This also refactors the acl replication code to be semi-generic to avoid
3x copypasta.
2019-04-26 14:49:12 -05:00
R.B. Boyer f43bc981e9 making ACLToken.ExpirationTime a *time.Time value instead of time.Time (#5663)
This is mainly to avoid having the API return "0001-01-01T00:00:00Z" as
a value for the ExpirationTime field when it is not set. Unfortunately
time.Time doesn't respect the json marshalling "omitempty" directive.
2019-04-26 14:48:16 -05:00
R.B. Boyer b3956e511c acl: ACL Tokens can now be assigned an optional set of service identities (#5390)
These act like a special cased version of a Policy Template for granting
a token the privileges necessary to register a service and its connect
proxy, and read upstreams from the catalog.
2019-04-26 14:48:04 -05:00
R.B. Boyer 76321aa952 acl: tokens can be created with an optional expiration time (#5353) 2019-04-26 14:47:51 -05:00
Matt Keeler 3ea9fe3bff
Implement bootstrapping proxy defaults from the config file (#5714) 2019-04-26 14:25:03 -04:00
Matt Keeler 3b5d38fb49
Implement config entry replication (#5706) 2019-04-26 13:38:39 -04:00
Matt Keeler 51f2b9d1d4
Update CHANGELOG.md 2019-04-26 12:36:52 -04:00
Matt Keeler 2831c8993d
Move the watch package into the api module (#5664)
* Move the watch package into the api module

It was already just a thin wrapper around the API anyways. The biggest change was to the testing. Instead of using a test agent directly from the agent package it now uses the binary on the PATH just like the other API tests.

The other big changes were to fix up the connect based watch tests so that we didn’t need to pull in the connect package (and therefore all of Consul)
2019-04-26 12:33:01 -04:00
Tyler Ryan db0f464c92 fixing inconsitencies in agent/connect API documentation (#5715) 2019-04-26 12:53:20 +01:00
R.B. Boyer 01c7e4b3df
docs: fix some minor acl related typos (#5711) 2019-04-25 12:24:28 -05:00
Alvin Huang 64860fad30
fix sidebar for install (#5611) 2019-04-25 12:30:35 -04:00
Alvin Huang 96c2c79908
Add fmt and vet (#5671)
* add go fmt and vet

* go fmt fixes
2019-04-25 12:26:33 -04:00
Alvin Huang fe1e688a2e
Add website analytics back (#5699)
* add website analytics to build

* add segment analytics env var check
2019-04-25 12:24:20 -04:00
Kyle Havlovitz 83952c8a3d
Merge pull request #5700 from hashicorp/service-reg-manager
Use centralized service config on agent service registrations
2019-04-25 06:39:50 -07:00
Kyle Havlovitz a113d8ca1f Test an index=0 value in cache.Notify 2019-04-25 02:11:07 -07:00
Freddy 1538a738f2
Update alias checks on local add and remove 2019-04-24 12:17:06 -06:00
Matt Keeler 484e0efaf2
Update CHANGELOG.md 2019-04-24 14:12:54 -04:00
Aestek 6762eeb03c Add support for DNS config hot-reload (#4875)
The DNS config parameters `recursors` and `dns_config.*` are now hot
reloaded on SIGHUP or `consul reload` and do not need an agent restart
to be modified.
Config is stored in an atomic.Value and loaded at the beginning of each
request. Reloading only affects requests that start _after_ the
reload. Ongoing requests are not affected. To match the current
behavior the recursor handler is loaded and unloaded as needed on config
reload.
2019-04-24 14:11:54 -04:00
Kyle Havlovitz c02716ac2c Fix a race in the ready logic 2019-04-24 06:48:11 -07:00
Kyle Havlovitz 1fc96c770b Make central service config opt-in and rework the initial registration 2019-04-24 06:11:08 -07:00
Kyle Havlovitz f89aa69b9d Fix a race in the service updates 2019-04-23 03:31:24 -07:00
Kyle Havlovitz 6faa8ba451 Fill out the service manager functionality and fix tests 2019-04-23 00:17:28 -07:00
Kyle Havlovitz 6aa022c1cd Add the service registration manager to the agent 2019-04-23 00:17:27 -07:00
Kyle Havlovitz d51fd740bf
Merge pull request #5615 from hashicorp/config-entry-rpc
Add RPC endpoints for config entry operations
2019-04-23 00:16:54 -07:00
Kyle Havlovitz e64d1b8016 Rename config entry ACL methods 2019-04-22 23:55:11 -07:00
Freddy fa94b09a99
Clarify -log-rotate-duration string format and default value 2019-04-19 14:07:18 -06:00
Alvin Huang d5abdd2832
Remove old redirects file (#5688)
* add directions on how to update the redirects file

* remove old redirects file
2019-04-18 16:47:09 -04:00
Matt Keeler 960e1fa79e
Add missing token field in the service definition in the docs (#5685)
Fixes #5684
2019-04-18 16:05:51 -04:00
Matt Keeler fc65c02c06
Update CHANGELOG.md 2019-04-18 15:12:04 -04:00
Matt Keeler 913c82ec9f
Update go-msgpack version (#5683)
Fixes #4673
Supercedes: #5677 

There was an error decoding `map[string]string` values due to Go strings being immutable. This was fixes in our go-msgpack fork.
2019-04-18 15:10:34 -04:00
Heechul Ryu e0f08b8a5d Update consul-containers.html.md (#5645)
To reflect the most recent version
2019-04-18 10:35:21 -05:00