Commit graph

15819 commits

Author SHA1 Message Date
freddygv 3bb5a76526 Add changelog entry 2021-10-27 09:06:34 -06:00
freddygv 4f0432be5e Update xds pkg to account for GatewayKey 2021-10-27 09:03:56 -06:00
freddygv f3f15640a9 Update mesh gateway proxy watches for partitions
This commit updates mesh gateway watches for cross-partitions
communication.

* Mesh gateways are keyed by partition and datacenter.

* Mesh gateways will now watch gateways in partitions that export
services to their partition.

* Mesh gateways in non-default partitions will not have cross-datacenter
watches. They are not involved in traditional WAN federation.
2021-10-27 09:03:56 -06:00
freddygv 12e57ad0f7 Add changelog entry 2021-10-27 09:02:10 -06:00
99 5f6b1a902c Final fixes 2021-10-26 23:21:04 -07:00
freddygv af662c8c1c Avoid mixing named and unnamed params 2021-10-26 23:42:25 -06:00
freddygv 1de62bb0a2 Avoid passing nil config pointer 2021-10-26 23:42:25 -06:00
freddygv 4a2e40aa3c Avoid panic on nil partitionAuthorizer config
partitionAuthorizer.config can be nil if it wasn't provided on calls to
newPartitionAuthorizer outside of the ACLResolver. This usage happens
often in tests.

This commit: adds a nil check when the config is going to be used,
updates non-test usage of NewPolicyAuthorizerWithDefaults to pass a
non-nil config, and dettaches setEnterpriseConf from the ACLResolver.
2021-10-26 23:42:25 -06:00
freddygv 015d85cd74 Update NodeRead for partition-exports
When issuing cross-partition service discovery requests, ACL filtering
often checks for NodeRead privileges. This is because the common return
type is a CheckServiceNode, which contains node data.
2021-10-26 23:42:11 -06:00
Kyle Havlovitz afb0976eac acl: pass PartitionInfo through ent ACLConfig 2021-10-26 23:41:52 -06:00
Kyle Havlovitz 56d1858c4a acl: Expand ServiceRead logic to look at service-exports for cross-partition 2021-10-26 23:41:32 -06:00
freddygv 4737ad118d Swap in structs.EqualPartitions for cmp 2021-10-26 23:36:01 -06:00
freddygv 1bade08f91 Replace Split with SplitN 2021-10-26 23:36:01 -06:00
freddygv 3966677aaf Finish removing useInDatacenter 2021-10-26 23:36:01 -06:00
freddygv 69476221c1 Update XDS for sidecars dialing through gateways 2021-10-26 23:35:48 -06:00
freddygv ea311d2e47 Configure sidecars to watch gateways in partitions
Previously the datacenter of the gateway was the key identifier, now it
is the datacenter and partition.

When dialing services in other partitions or datacenters we now watch
the appropriate partition.
2021-10-26 23:35:37 -06:00
freddygv feaebde1f1 Remove useInDatacenter from disco chain requests
useInDatacenter was used to determine whether the mesh gateway mode of
the upstream should be returned in the discovery chain target. This
commit makes it so that the mesh gateway mode is returned every time,
and it is up to the caller to decide whether mesh gateways should be
watched or used.
2021-10-26 23:35:21 -06:00
Konstantine fd41e6cdca added changelog 2021-10-27 02:33:36 +03:00
Konstantine bd443875f5 fixed configurations options order in dns.mdx 2021-10-27 02:33:36 +03:00
R.B. Boyer e27e58c6cc
agent: refactor the agent delegate interface to be partition friendly (#11429) 2021-10-26 15:08:55 -05:00
Chris S. Kim dac34427c5
docs: Document datacenter limitations for admin partitions (#11425) 2021-10-26 15:35:39 -04:00
Chris S. Kim 27f8a85664
agent: Ensure partition is considered in agent endpoints (#11427) 2021-10-26 15:20:57 -04:00
Brandon Romano 3c6331e9be
Switch to og-image & Fix build error with acl-legacy (#11423)
* Update share card image & switch to og-image

* Remove path from api-docs-nav-data. Working

* Add redirect back in

Co-authored-by: Pamela Bortnick <pbortnick@gmail.com>
2021-10-26 14:29:18 -04:00
John Cowen 4dd7e34c96
ui: Ensure dc selector correctly shows the currently selected dc (#11380)
* ui: Ensure dc selector correctly shows the currently selected dc

* ui: Restrict access to non-default partitions in non-primaries (#11420)

This PR restricts access via the UI to only the default partition when in a non-primary datacenter i.e. you can only have multiple (non-default) partitions in the primary datacenter.
2021-10-26 19:26:04 +01:00
John Cowen d764bac6af
ui: Add initial "How 2 Test UI" docs (#11296)
Attempt to document out what a beginner to the project needs to know here in order to get started quickly

Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2021-10-26 19:18:03 +01:00
Kim Ngo 80efc993ba
Update CTS compatibility matrix to include TFC and flexible (#11424) 2021-10-26 13:12:44 -05:00
John Cowen 42391301a9
ui: Ensure we provide an id for filtering policy-tokens (#11311) 2021-10-26 19:00:32 +01:00
Konstantine d897a3e16e describe how alt-domain works in docs 2021-10-26 12:38:13 -04:00
Konstantine 2f9ee8e558 remove spaces 2021-10-26 12:38:13 -04:00
Konstantine be14f6da90 fix altDomain responses for services where address is IP, added tests 2021-10-26 12:38:13 -04:00
Konstantine eec9d66e22 fix encodeIPAsFqdn to return alt-domain when requested, added test case 2021-10-26 12:38:12 -04:00
Konstantine 9d6797a463 fixed altDomain response for NS type queries, and added test 2021-10-26 12:38:12 -04:00
Konstantine 0735e12412 edited TestDNS_AltDomains_Service to test responses for altDomains, and added TXT additional section check 2021-10-26 12:38:12 -04:00
Konstantine 8972e093d9 fixed alt-domain answer for SRV records, and TXT records in additional section 2021-10-26 12:38:12 -04:00
Chris S. Kim 3f736467e6
ui: Pass primary dc through to uiserver (#11317)
Co-authored-by: John Cowen <johncowen@users.noreply.github.com>
2021-10-26 10:30:17 -04:00
Scott Macfarlane f85c1a9422 Create linux packaging structure
Copied from hashicorp/linux-packaging
24e7e2675b

Signed-off-by: Scott Macfarlane <smacfarlane@hashicorp.com>
2021-10-25 23:22:46 -07:00
99 584ea01320 Add crt release workflow 2021-10-25 23:01:18 -07:00
99 c76e3eacd2 Add Dockerfile 2021-10-25 22:57:54 -07:00
Scott Macfarlane 44589ce50e Create initial ci.hcl for CRT Releases
Signed-off-by: Scott Macfarlane <smacfarlane@hashicorp.com>
2021-10-25 22:57:16 -07:00
freddygv 83d4d0e108 Remove outdated partition label from test 2021-10-25 18:47:02 -06:00
freddygv c3e381b4c1 Rename service-exports to partition-exports
Existing config entries prefixed by service- are specific to individual
services. Since this config entry applies to partitions it is being
renamed.

Additionally, the Partition label was changed to Name because using
Partition at the top-level and in the enterprise meta was leading to the
enterprise meta partition being dropped by msgpack.
2021-10-25 17:58:48 -06:00
Daniel Nephin f24bad2a52
Merge pull request #11232 from hashicorp/dnephin/acl-legacy-remove-docs
acl: add docs and changelog for the removal of the legacy ACL system
2021-10-25 18:38:00 -04:00
David Yu e184ccc8e0
docs: Move consul-k8s architecture docs to Overview (#11414)
* docs: Move consul-k8s architecture docs to Overview
2021-10-25 15:33:41 -07:00
Daniel Nephin 376342aa3f
Merge pull request #11184 from hashicorp/dnephin/acl-legacy-remove-state-store
acl: remove legacy type constants, and remove state store support for setting legacy ACLs
2021-10-25 17:46:59 -04:00
Daniel Nephin 6256633120
Merge pull request #11183 from hashicorp/dnephin/acl-legacy-remove-struct
acl: remove the remaining parts of structs/acl_legacy.go
2021-10-25 17:44:39 -04:00
Daniel Nephin f7cdd210fe Update agent/consul/acl_client.go
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-10-25 17:25:14 -04:00
Daniel Nephin 732b841dd7 state: remove support for updating legacy ACL tokens 2021-10-25 17:25:14 -04:00
Daniel Nephin 76b007dacd acl: remove init check for legacy anon token
This token should always already be migrated from a previous version.
2021-10-25 17:25:14 -04:00
Daniel Nephin 8ae6ee4e36 acl: remove legacy parameter to ACLDatacenter
It is no longer used now that legacy ACLs have been removed.
2021-10-25 17:25:14 -04:00
Daniel Nephin d778113773 acl: remove ACLTokenTypeManagement 2021-10-25 17:25:14 -04:00