Commit Graph

14697 Commits

Author SHA1 Message Date
hashicorp-ci fab276cb7d auto-updated agent/uiserver/bindata_assetfs.go from commit f9e8b26af 2021-03-17 14:45:58 +00:00
Kenia eab741eab8
ui: Create auth-method show page with General Info Tab (#9845)
* Update list items to be linkable to auth-methods show

* Add general, namespace, and binding sub-routes

* Remove namespace and binding tabs to be done separately

* Update auth-method byId endpoint

* Style the show auth-method kubernetes type

* Finish Kubernetes auth-method type styling

* OIDC and JWT auth-method styling

* Create consul-auth-method-view component

* Add navigation test for auth-methods

* Create Certificate component
2021-03-17 10:40:56 -04:00
hashicorp-ci d38917b12b auto-updated agent/uiserver/bindata_assetfs.go from commit aca797658 2021-03-17 11:27:44 +00:00
John Cowen 5ff1897070
ui: Adds warning icon to side menu when ACLs are disabled (#9864)
* ui: Adds warning icon to side menu when ACLs are are disabled
2021-03-17 11:23:00 +00:00
hashicorp-ci 7123aaad92 auto-updated agent/uiserver/bindata_assetfs.go from commit 41471719e 2021-03-17 10:50:59 +00:00
John Cowen 62a9dffcae
ui: CSP Improvements (#9847)
* Configure ember-auto-import so we can use a stricter CSP

* Create a fake filesystem using JSON to avoid inline scripts in index

We used to have inline scripts in index.html in order to support embers
filepath fingerprinting and our configurable rootURL.

Instead of using inline scripts we use application/json plus a JSON blob
to create a fake filesystem JSON blob/hash/map to hold all of the
rootURL'ed fingerprinted file paths which we can then retrive later in
non-inline scripts.

We move our inlined polyfills script into the init.js external script,
and we move the CodeMirror syntax highlighting configuration inline
script into the main app itself - into the already existing CodeMirror
initializer (this has been moved so we can lookup a service located
document using ember's DI container)

* Set a strict-ish CSP policy during development
2021-03-17 10:46:21 +00:00
freddygv a3184e6cd7 Refactor makePublicListener
By accepting a name the function can be used for other inbound listeners,
like the one for TransparentProxy.
2021-03-16 19:22:26 -06:00
Daniel Nephin c140ae899b
Merge pull request #9886 from hashicorp/sdk/to_testing_TB
[SDK] change all cases of *testing.T to testing.TB
2021-03-16 20:28:35 -04:00
Daniel Nephin 3d6644a245
Merge pull request #9475 from cbroglie/tls-server-name
Add support for configuring TLS ServerName for health checks
2021-03-16 20:24:44 -04:00
Daniel Nephin 96276fc7b8 Add changelog for 9475 2021-03-16 18:22:25 -04:00
Christopher Broglie 94b02c3954 Add support for configuring TLS ServerName for health checks
Some TLS servers require SNI, but the Golang HTTP client doesn't
include it in the ClientHello when connecting to an IP address. This
change adds a new TLSServerName field to health check definitions to
optionally set it. This fixes #9473.
2021-03-16 18:16:44 -04:00
John Eikenberry fe938b9849 [SDK] change all cases of *testing.T to testing.TB
Using the interface opens up the use of all methods to benchmarks as
well as tests.
2021-03-16 15:05:39 -07:00
Daniel Nephin 23df31f7c0
Merge pull request #8698 from pierreca/fix-iserreof
Use errors.Is() in IsErrEOF()
2021-03-16 17:56:15 -04:00
freddygv cba952a6a5 Add cache-type for Internal.IntentionUpstreams 2021-03-16 11:06:47 -06:00
Daniel Nephin 0b3930272d state: convert services.node and checks.node indexes
Using NodeIdentity to share the indexes with both.
2021-03-16 13:00:31 -04:00
freddygv b79039c21c Prefix match type vars to match use 2021-03-16 09:49:24 -06:00
freddygv fed983fe9a Pass txn into service list queries 2021-03-16 09:33:08 -06:00
freddygv 26ba0c0fc8 Pass txn into intention match queries 2021-03-16 08:03:52 -06:00
freddygv d7f3bcc8bb Replace CertURI.Authorize() calls.
AuthorizeIntentionTarget is a generalized version of the old function,
and can be evaluated against sources or destinations.
2021-03-15 18:06:04 -06:00
freddygv eb6c0cbea0 Fixup typo, comments, and regression 2021-03-15 17:50:47 -06:00
freddygv 9bfb0969f9 Fixup upstream test 2021-03-15 17:20:30 -06:00
freddygv 940b7a98d1 Finish cleanup from ServiceConfigRequest changes 2021-03-15 16:38:01 -06:00
freddygv a67c92b961 Update service manager to pass MeshGateway with config req 2021-03-15 16:08:03 -06:00
freddygv 871e1d3e31 PR comments 2021-03-15 16:02:03 -06:00
Daniel Nephin 0b5dfee00a state: use runCase pattern for large test
The TestServiceHealthEventsFromChanges function was over 1400 lines.
Attempting to debug test failures in test functions this large is
difficult. It requires scrolling to the line which defines the testcase
because the failure message only includes the line number of the
assertion, not the line number of the test case.

This is an excellent example of where test tables stop working well, and
start being a problem. To mitigate this problem, the runCase pattern can
be used. When one of these tests fails, a failure message will print the
line number of both the test case and the assertion. This allows a
developer to quickly jump to both of the relevant lines, signficanting
reducing the time it takes to debug test failures.

For example, one such failure could look like this:

    catalog_events_test.go:1610: case: service reg, new node
    catalog_events_test.go:1605: assertion failed: values are not equal
2021-03-15 17:53:16 -04:00
Luke Kysow bfcd311159
docs: rename SourceAddress to SourceIP (#9878)
SourceAddress was probably renamed to SourceIP but the docs weren't
updated.
2021-03-15 14:39:33 -07:00
freddygv 04fbc104cd Pass MeshGateway config in service config request
ResolveServiceConfig is called by service manager before the proxy
registration is in the catalog. Therefore we should pass proxy
registration flags in the request rather than trying to fetch
them from the state store (where they may not exist yet).
2021-03-15 14:32:13 -06:00
freddygv d90240d367 Restore old Envoy prefix on escape hatches
This is done because after removing ID and NodeName from
ServiceConfigRequest we will no longer know whether a request coming in
is for a Consul client earlier than v1.10.
2021-03-15 14:12:57 -06:00
freddygv 13cce3419a Only lowercase the protocol when normalizing 2021-03-15 14:12:15 -06:00
freddygv f584c2d7c5 Add omitempty across the board for UpstreamConfig 2021-03-15 13:23:18 -06:00
Freddy b8613a4d06
Merge pull request #9107 from hashicorp/docs-prepared-query-namespace
Add namespaces to prepared query API docs
2021-03-15 13:08:52 -06:00
freddygv 3b2169b36d Add RPC endpoint for intention upstreams 2021-03-15 08:50:35 -06:00
freddygv e4e14639b2 Add state store function for intention upstreams 2021-03-15 08:50:35 -06:00
freddygv 4976c000b7 Refactor IntentionDecision
This enables it to be called for many upstreams or downstreams of a
service while only querying intentions once.

Additionally, decisions are now optionally denied due to L7 permissions
being present. This enables the function to be used to filter for
potential upstreams/downstreams of a service.
2021-03-15 08:50:35 -06:00
Christoph Puhl 54f771af6d Add namespaces to prepared query API docs
Add missing section on creating prepared query for namespaced services
2021-03-15 10:04:53 +01:00
Daniel Nephin 579015dde1
Merge pull request #9152 from hashicorp/dnephin/streaming-enable-connect
use streaming backend for connect service health
2021-03-12 13:05:16 -05:00
Daniel Nephin 2a53b8293a proxycfg: use rpcclient/health.Client instead of passing around cache name
This should allow us to swap out the implementation with something other
than `agent/cache` without making further code changes.
2021-03-12 11:46:04 -05:00
Daniel Nephin c33570be34 catalog_events: set the right key for connect snapshots 2021-03-12 11:35:43 -05:00
Daniel Nephin 410b1261c2 proxycfg: Use streaming in connect state 2021-03-12 11:35:42 -05:00
Daniel Nephin e2215d9f0f rpcclient: use streaming for connect health 2021-03-12 11:35:42 -05:00
Matt Keeler 8d09d610dd
AutopilotServerHealth now handles the 429 status code (#8599)
AutopilotServerHealthy now handles the 429 status code

Previously we would error out and not parse the response. Now either a 200 or 429 status code are considered expected statuses and will result in the method returning the reply allowing API consumers to not only see if the system is healthy or not but which server is unhealthy.
2021-03-12 09:40:49 -05:00
freddygv 3d85c29445 Update content hash due to new field 2021-03-11 19:59:19 -07:00
freddygv eeed9011b4 And another test fix 2021-03-11 18:39:53 -07:00
freddygv d27208ce7c Fixup more tests 2021-03-11 16:26:55 -07:00
Mike Wickett c2f910a246
Merge pull request #9874 from hashicorp/mw.patch-docs-issue
docs: fixup syntax issue
2021-03-11 17:45:22 -05:00
Mike Wickett e450ab5540 fix: syntax issue 2021-03-11 17:05:21 -05:00
freddygv be78d3c39a Fixup protobufs and tests 2021-03-11 14:58:59 -07:00
Preetha b3f1cafed3
Small changes to gossip related telemetry docs (#9846)
Update gossip related telemetry docs to include correct descriptions, and added missing metrics
2021-03-11 14:21:32 -06:00
Mike Wickett 92e35ed005
Merge pull request #9867 from hashicorp/mw.update-alert-banner
Update alert banner
2021-03-11 14:54:29 -05:00
Freddy 5e12fcff93
Merge pull request #9869 from DanielMabbett/patch-1
Fix typo in requirements.mdx
2021-03-11 12:49:57 -07:00