Commit graph

14921 commits

Author SHA1 Message Date
Daniel Nephin f6d5a85561 acl: move check for Intention.DestinationName into Authorizer
Follow up to https://github.com/hashicorp/consul/pull/10737#discussion_r680134445

Move the check for the Intention.DestinationName into the Authorizer to remove the
need to check what kind of Authorizer is being used.

It sounds like this check is only for legacy ACLs, so is probably just a safeguard
.
2021-08-04 18:06:44 -04:00
Daniel Nephin 3dc113ada6
Merge pull request #10738 from hashicorp/dnephin/remove-authorizer-nil-checks-2
acl: remove the last of the authz == nil checks
2021-08-04 17:41:40 -04:00
Daniel Nephin 2e9aa91256
Merge pull request #10737 from hashicorp/dnephin/remove-authorizer-nil-checks
acl: remove authz == nil checks
2021-08-04 17:39:34 -04:00
trujillo-adam caa7052455
Merge pull request #10763 from hashicorp/docs-proxy-integration-improvements
general language and readability improvements to proxy integration docs
2021-08-04 14:36:47 -07:00
Daniel Nephin de2a55f95a
Merge pull request #10727 from hashicorp/dependabot-configuration
Add initial Dependabot configuration
2021-08-04 17:09:17 -04:00
trujillo-adam 068ec1b607 Applying more feedback from @black and @karl-cardenas-coding 2021-08-04 14:02:42 -07:00
trujillo-adam c412c2811d Applying feedback from @blake 2021-08-04 11:29:21 -07:00
trujillo-adam df643bb921
Update website/content/docs/connect/proxies/integrate.mdx
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2021-08-04 10:44:06 -07:00
Dhia Ayachi 6ed6966a1f
fix state index for CAOpSetRootsAndConfig op (#10675)
* fix state index for `CAOpSetRootsAndConfig` op

* add changelog

* Update changelog

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* remove the change log as it's not needed

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-08-04 13:07:49 -04:00
hc-github-team-consul-core 4b2ada0dcc auto-updated agent/uiserver/bindata_assetfs.go from commit 8ad1ab9c0 2021-08-04 16:47:13 +00:00
Kenia 1927ada2e7
ui: Fix Health Checks in K/V form Lock Sessions Info section (#10767) 2021-08-04 12:41:41 -04:00
trujillo-adam 0a6ea4e91e general language and readability improvements to proxy integration docs 2021-08-03 15:56:56 -07:00
Evan Culver 57aabe3455
checks: Add Interval and Timeout to API response (#10717) 2021-08-03 15:26:49 -07:00
Daniel Nephin 1e640930b5
Merge pull request #10601 from hashicorp/joshwolfer-patch-1
docs: link to config entries from enable_central_service_config
2021-08-03 16:35:23 -04:00
joshwolfer d53db57558 Update options.mdx
add service config link to description of enable_central_service_config.
2021-08-03 15:36:51 -04:00
Blake Covarrubias 0a95b668d4
docs: Fix service checks docs on session endpoint (#10759)
The ServiceChecks parameter was incorrectly documented in e515c9d44 to
state that it accepted a list of string values, when actually the API
requires an array of ServiceCheck objects.

This commit updates the docs for the parameter to correctly reflect
the fields required by the API.

Resolves #10752
2021-08-03 09:57:31 -07:00
Matt Explosion d1ce78db38 Updated link to repo for native Scala Consul client Helm 2021-08-02 22:01:05 -07:00
Blake Covarrubias 9eb8622061
docs: Note proxy-defaults can globally set service protocol (#10649)
Add a note to the docs for the service defaults config entry which
informs users that the service protocol can be configured for all
services using the proxy defaults config entry.

Resolves #8279

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-08-02 13:23:58 -07:00
Blake Covarrubias 57e5b06c17
docs: Document supported consul connect env vars (#10667)
Document the ability to specify `-sidecar-for` and `-proxy-id` flags
via environment variables.
2021-08-02 12:50:51 -07:00
Blake Covarrubias 4a3e9d4e8b website: Add redirect for /connect/ingress-gateways
Add redirect /docs/connect/ingress-gateways, which currently returns
404, to /docs/connect/gateways/ingress-gateway.

Fixes #10748
2021-08-02 11:58:49 -07:00
Blake Covarrubias 5baa231eb0
docs: Add namespace parameter to additional HTTP endpoints (#10731)
Document the namespace parameter can be specified on HTTP Check,
Connect CA leaf, and Discovery Chain API endpoints.

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-08-02 11:55:23 -07:00
Blake Covarrubias 98d03e604d docs: Add /v1/agent/host endpoint
Document /v1/agent/host endpoint which is used by `consul debug`.
Originally added in #4754.
2021-08-02 10:29:39 -07:00
Mike Wickett 99f7020c33
chore: upgrade react-consent-manager (#10749) 2021-08-02 12:41:58 -04:00
Daniel Nephin 953c9bee4f acl: Remove the remaining authz == nil checks
These checks were a bit more involved. They were previously skipping some code paths
when the authorizer was nil. After looking through these it seems correct to remove the
authz == nil check, since it will never evaluate to true.
2021-07-30 14:55:35 -04:00
Daniel Nephin e4821a58ee acl: remove acl == nil checks 2021-07-30 14:28:19 -04:00
Daniel Nephin fbaeac9ecf acl: remove authz == nil checks
These case are already impossible conditions, because most of these functions already start
with a check for ACLs being disabled. So the code path being removed could never be reached.

The one other case (ConnectAuthorized) was already changed in a previous commit. This commit
removes an impossible branch because authz == nil can never be true.
2021-07-30 13:58:35 -04:00
Daniel Nephin b6d9d0d9f7 acl: remove many instances of authz == nil 2021-07-30 13:58:35 -04:00
Daniel Nephin bbc05ae869 agent: remove unused agent methods
These methods are no longer used. Remove the methods, and update the
tests to use actual method used by production code.

Also removes the 'authz == nil' check is no longer a possible code path
now that we are returning a non-nil acl.Authorizer when ACLs are disabled.
2021-07-30 13:58:35 -04:00
Daniel Nephin 2503f27a36 acl: remove rule == nil checks 2021-07-30 13:58:35 -04:00
hc-github-team-consul-core 701d4ffef0 auto-updated agent/uiserver/bindata_assetfs.go from commit 2ee501be8 2021-07-30 17:58:27 +00:00
Kenia ec27dfe706
ui: Add copy button for Secret ID in Tokens list page (#10735) 2021-07-30 13:52:37 -04:00
Daniel Nephin 475fec5670
Merge pull request #10632 from hashicorp/pairing/acl-authorizer-when-acl-disabled
acls: Update ACL authorizer to return meaningful permission when ACLs are disabled
2021-07-30 13:22:55 -04:00
Blake Covarrubias 766b64eac2
api: Support QueryOptions on additional agent endpoints (#10691)
Add support for setting QueryOptions on the following agent API endpoints:

- /agent/health/service/name/:name
- /agent/health/service/id/:id
- /agent/service/maintenance/:id

This follows the same pattern used in #9903 to support query options
for other agent API endpoints.

Resolves #9710
2021-07-30 10:07:13 -07:00
Evan Culver da96c645b2 Fix api/agent test 2021-07-30 12:58:46 -04:00
Evan Culver 53465764df Fix maint test 2021-07-30 12:58:46 -04:00
Evan Culver b628f6235d Fix api/agent test 2021-07-30 12:58:46 -04:00
Evan Culver 241b6429c3 Fix intention endpoint test 2021-07-30 12:58:45 -04:00
Daniel Nephin 9b41e7287f acl: use acl.ManangeAll when ACLs are disabled
Instead of returning nil and checking for nilness

Removes a bunch of nil checks, and fixes one test failures.
2021-07-30 12:58:24 -04:00
Blake Covarrubias 58bc20cc88 Add changelog 2021-07-30 09:58:11 -07:00
Blake Covarrubias f97e843c61 Add OSS changes for specifying audit log permission mode 2021-07-30 09:58:11 -07:00
Kent 'picat' Gruber 05fb8dd192 Add github-actions 2021-07-29 17:51:32 -04:00
Kent 'picat' Gruber 2a1fb53f68 Add default open-pull-requests-limit for all updates
Using the default value just to start with.
2021-07-29 17:47:33 -04:00
Kent 'picat' Gruber 688233f78c Add the /sdk module 2021-07-29 17:35:48 -04:00
Daniel Nephin ba24a39f0c
Merge pull request #10729 from hashicorp/dnephin/fix-docs-cherrypick
ci: query for max number of possible labels
2021-07-29 13:59:31 -04:00
Daniel Nephin 8805b86890 ci: query for max number of possible labels
To fix a failure in our docs-cherrypick automation. This started to fail today, I suspect because
github silently changed the order the labels were being returned, and by default it only
returns 30 labels.

We currently have 68 labels, so using per_page=100 (the maximum allowed) we should be able to fix
this failure.
2021-07-29 13:51:05 -04:00
Daniel Nephin 7ea9fcf148
Merge pull request #10718 from hashicorp/dnephin/doc-agent-tls-ca
docs: give better guidance about how to configure the agent TLS CA
2021-07-29 13:01:03 -04:00
Daniel Nephin efad0234f4
Update website/content/docs/agent/options.mdx
Co-authored-by: Kent 'picat' Gruber <kent@hashicorp.com>
2021-07-29 12:38:30 -04:00
Kent 'picat' Gruber 4510237d99 Add initial Dependabot configuration 2021-07-29 11:48:46 -04:00
Daniel Nephin f2f5aba1bf
Merge pull request #10707 from hashicorp/dnephin/streaming-setup-default-timeout
streaming: set default query timeout
2021-07-28 18:29:28 -04:00
Daniel Nephin 7cf86dc2ab docs: give better guidance about how to configure the agent TLS CA 2021-07-28 18:22:35 -04:00