Commit Graph

5622 Commits

Author SHA1 Message Date
Kyle Havlovitz f5c5d2f5c6
auto-config: relax node name validation for JWT authorization (#15370)
* auto-config: relax node name validation for JWT authorization

This changes the JWT authorization logic to allow all non-whitespace,
non-quote characters when validating node names. Consul had previously
allowed these characters in node names, until this validation was added
to fix a security vulnerability with whitespace/quotes being passed to
the `bexpr` library. This unintentionally broke node names with
characters like `.` which aren't related to this vulnerability.

* Update website/content/docs/agent/config/cli-flags.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-14 18:24:40 -06:00
Nick Wales a0c4ccd1b0
Fixes broken links (#15343)
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-11-14 14:18:57 -08:00
Dhia Ayachi 219a3c5bd3
Leadership transfer cmd (#14132)
* add leadership transfer command

* add RPC call test (flaky)

* add missing import

* add changelog

* add command registration

* Apply suggestions from code review

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

* add the possibility of providing an id to raft leadership transfer. Add few tests.

* delete old file from cherry pick

* rename changelog filename to PR #

* rename changelog and fix import

* fix failing test

* check for OperatorWrite

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

* rename from leader-transfer to transfer-leader

* remove version check and add test for operator read

* move struct to operator.go

* first pass

* add code for leader transfer in the grpc backend and tests

* wire the http endpoint to the new grpc endpoint

* remove the RPC endpoint

* remove non needed struct

* fix naming

* add mog glue to API

* fix comment

* remove dead code

* fix linter error

* change package name for proto file

* remove error wrapping

* fix failing test

* add command registration

* add grpc service mock tests

* fix receiver to be pointer

* use defined values

Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>

* reuse MockAclAuthorizer

* add documentation

* remove usage of external.TokenFromContext

* fix failing tests

* fix proto generation

* Apply suggestions from code review

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>

* Apply suggestions from code review

* add more context in doc for the reason

* Apply suggestions from docs code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* regenerate proto

* fix linter errors

Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2022-11-14 15:35:12 -05:00
Dan Stough 8a2d3c6cc6
Peering Mesh Gateway Updates for GA (#15344)
* docs(peering): remove beta references

Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
2022-11-14 15:03:17 -05:00
Dan Stough 62c0390707
docs(peering): remove beta references (#15340)
* docs(peering): remove beta references
2022-11-14 14:49:50 -05:00
Derek Menteer 0c07a36408
Prevent serving TLS via ports.grpc (#15339)
Prevent serving TLS via ports.grpc

We remove the ability to run the ports.grpc in TLS mode to avoid
confusion and to simplify configuration. This breaking change
ensures that any user currently using ports.grpc in an encrypted
mode will receive an error message indicating that ports.grpc_tls
must be explicitly used.

The suggested action for these users is to simply swap their ports.grpc
to ports.grpc_tls in the configuration file. If both ports are defined,
or if the user has not configured TLS for grpc, then the error message
will not be printed.
2022-11-11 14:29:22 -06:00
Derek Menteer d4261c30c5
Add peering incompatibility warning to upgrade docs. (#15319) 2022-11-10 09:32:31 -06:00
Luke Kysow 656df780ee
Add description for anon token policy (#15311) 2022-11-09 10:26:10 -08:00
malizz b823d79fcf
update config defaults, add docs (#15302)
* update config defaults, add docs

* update grpc tls port for non-default values

* add changelog

* Update website/content/docs/upgrading/upgrade-specific.mdx

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>

* Update website/content/docs/agent/config/config-files.mdx

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>

* update logic for setting grpc tls port value

* move default config to default.go, update changelog

* update docs

* Fix config tests.

* Fix linter error.

* Fix ConnectCA tests.

* Cleanup markdown on upgrade notes.

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2022-11-09 09:29:55 -08:00
Krastin Krastev 605ab84636
docs: fix links in ent-license faq (#15242) 2022-11-09 15:56:58 +01:00
Sudharshan K S f8c099e43c
Update dns-tools-compare.mdx (#15287)
Corrected the markdown to correctly display the link
2022-11-08 16:29:22 -05:00
Derek Menteer a8eb047ee6
Bring back parameter ServerExternalAddresses in GenerateToken endpoint (#15267)
Re-add ServerExternalAddresses parameter in GenerateToken endpoint

This reverts commit 5e156772f6a7fba5324eb6804ae4e93c091229a6
and adds extra functionality to support newer peering behaviors.
2022-11-08 14:55:18 -06:00
Jeff Boruszak 0b70e227e9
docs: Admin Partition clarification for cluster peering (#15281)
* Updates

* datcenter statement

* cluster peering page addition

* typo fix

* Update website/content/docs/enterprise/admin-partitions.mdx

* Update website/content/docs/enterprise/admin-partitions.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2022-11-08 14:40:03 -06:00
David Yu ebe23574e6
docs: cluster peering docs feedback (#15268)
* docs: cluster peering docs feedback

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2022-11-04 15:01:23 -07:00
Paul Glass 8cac6c36fe
docs: Update consul-dataplane docs for post-beta (#15177)
* Update Consul Dataplane CLI reference
* Add new page for Consul Dataplane telemetry
* Add `server_type` label to agent grpc metrics
* Callout Consul Dataplane in Envoy bootstrap configuration section
* Update consul-dataplane unsupported features

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Riddhi Shah <riddhi@hashicorp.com>
2022-11-03 12:05:29 -05:00
Nathan Coleman 59b20e0748
Update required Helm chart version to match APIGW release notes (#15168) 2022-10-31 16:31:10 -04:00
Evan Culver 548cf6f7a4
connect: Add Envoy 1.24 to integration tests, remove Envoy 1.20 (#15093) 2022-10-31 10:50:45 -05:00
Nathan Coleman b370e2c3c2
Fix broken link in Consul API Gateway docs 2022-10-28 15:01:38 -04:00
Jared Kirschner 59ba53b615
Merge pull request #15141 from hashicorp/docs/upgrade-vault-ca-provider-policy-guidance
docs: update Vault CA provider policy guidance
2022-10-24 17:34:43 -04:00
Jared Kirschner ede2eb26ea docs: update Vault CA provider policy guidance 2022-10-24 14:16:51 -07:00
Jared Kirschner 4c53fdc05a
Merge pull request #15028 from hashicorp/docs/auto-cert-1-13-2
Update upgrade docs for 1.13.2.
2022-10-24 11:39:29 -04:00
Freddy 9bd0d77a10
Update website/content/docs/upgrading/upgrade-specific.mdx 2022-10-22 15:49:57 -06:00
Freddy a9fd0606e6
Update website/content/docs/upgrading/upgrade-specific.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-21 18:12:25 -06:00
Freddy b7890f10cf
Update website/content/docs/upgrading/upgrade-specific.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-21 18:12:13 -06:00
David Yu 7d3186d7c5
docs: update versions to include .x in release notes (#15104) 2022-10-21 16:20:24 -07:00
Freddy 03d0be5b40
Merge pull request #15032 from hashicorp/docs/mgw-primary-upgrade 2022-10-21 16:52:27 -06:00
Freddy d48385a589
Update website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-10-21 16:43:40 -06:00
freddygv f08e8fafa8 Clarify how addresses are propagated 2022-10-21 15:50:49 -06:00
freddygv 48a552349b Relax start version requirement 2022-10-21 15:27:39 -06:00
Freddy a706346817
Update website/content/docs/connect/gateways/mesh-gateway/wan-federation-via-mesh-gateways.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-10-21 15:17:00 -06:00
Freddy 0507d57e93
Update website/content/docs/upgrading/upgrade-specific.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-21 15:15:35 -06:00
Freddy 19ba9c6b60
Update website/content/docs/upgrading/upgrade-specific.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-21 15:15:29 -06:00
Freddy 6127421eab
Update website/content/docs/upgrading/upgrade-specific.mdx
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2022-10-21 15:15:22 -06:00
Jared Kirschner 846788fa73
Merge pull request #14813 from hashicorp/docs/1-10-upgrade-compatibility-clarification
docs: clarify 1.10 upgrade compatibility
2022-10-21 16:57:23 -04:00
Iryna Shustava 46fe21a204
cli/sdk: Allow redirection to a different consul dns port (#15050) 2022-10-21 13:15:32 -06:00
Jared Kirschner 0616c0bff8 docs: clarify 1.10 upgrade compatibility 2022-10-21 10:04:52 -07:00
Jared Kirschner dcfaae0bf4
Merge pull request #15045 from hashicorp/docs/fix-recently-broken-links
Docs/fix recently broken links
2022-10-21 10:02:35 -04:00
Jared Kirschner 1c93065a6c docs: use standard links in ent callout 2022-10-21 06:18:05 -07:00
trujillo-adam 20f220e53b fixed broken link/typo in service mesh reg page 2022-10-20 13:00:33 -07:00
trujillo-adam f9ca940748
Merge pull request #14166 from nickwales/main
Typo fix
2022-10-20 09:24:50 -07:00
Nitya Dhanushkodi 598670e376
Remove ability to specify external addresses in GenerateToken endpoint (#14930)
* Reverts "update generate token endpoint to take external addresses (#13844)"

This reverts commit f47319b7c6b6e7c7dd720a5af927ad2d33fa536d.
2022-10-19 09:31:36 -07:00
Tu Nguyen f97c266eca
Merge pull request #15036 from hashicorp/update-ent-license-link
Update enterprise license link
2022-10-18 23:22:01 -07:00
Jared Kirschner e8b9c0a513 docs: fix api docs anchor links 2022-10-18 12:53:53 -07:00
Jared Kirschner 6fb586d96f docs: fix ent feature matrix links 2022-10-18 12:32:56 -07:00
trujillo-adam 4dd572fdd9
Merge pull request #15033 from hashicorp/docs/fix-front-matter-typo
Docs/fix front matter typo
2022-10-18 12:31:28 -07:00
Chris S. Kim e4c20ec190
Refactor client RPC timeouts (#14965)
Fix an issue where rpc_hold_timeout was being used as the timeout for non-blocking queries. Users should be able to tune read timeouts without fiddling with rpc_hold_timeout. A new configuration `rpc_read_timeout` is created.

Refactor some implementation from the original PR 11500 to remove the misleading linkage between RPCInfo's timeout (used to retry in case of certain modes of failures) and the client RPC timeouts.
2022-10-18 15:05:09 -04:00
Tu Nguyen 9f1b9d010f Update enterprise license link 2022-10-18 10:52:50 -07:00
trujillo-adam e70215dd62 clarification that Consul K8s in these instructions refers to the the CLI tool 2022-10-18 09:14:26 -07:00
freddygv 73ff2e933f Fixup links 2022-10-18 10:12:45 -06:00
freddygv 56b153e57f Add docs about upgrading primary mesh gateways
Care must be taken when replacing mesh gateways in the primary
datacenter, because if the old addresses become unreachable before the
secondary datacenters receive the new addresses then the primary
datacenter overall will become unreachable.

This commit adds docs related to this class of upgrades.
2022-10-18 10:08:43 -06:00