Commit graph

19488 commits

Author SHA1 Message Date
Mahmood Ali a766f15f14
Merge pull request #8729 from hashicorp/b-assorted-fixes-20200824
Assorted small fixes
2020-08-25 12:30:53 -04:00
Mahmood Ali 50ce793ad6
Merge pull request #8741 from hashicorp/fix-security-model-broken-links
Fix Broken Learn Guide Links in Security Model
2020-08-25 12:27:59 -04:00
Roger Berlind 9460875c72
Merge pull request #8739 from hashicorp/remove-preemption-from-enterprise
remove preemption, add cross-namespace queries
2020-08-25 12:02:16 -04:00
Buck Doyle 29de8f4f76
Add component accessibility auditing and fixes (#8679)
This continues #8455 by adding accessibility audits to component integration
tests and fixing associated errors. It adds audits to existing tests rather than
adding separate ones to facilitate auditing the various permutations a
component’s rendering can go through.

It also adds linting to ensure audits happen in component tests. This
necessitated consolidating test files that were scattered.
2020-08-25 10:56:02 -05:00
Kent 'picat' Gruber c8a2165a33 Fix broken guide links + small authn/authz wording adjustments 2020-08-25 11:46:34 -04:00
Mahmood Ali c6a7734ee7 fixup! handle when hcl parser panics 2020-08-25 11:28:55 -04:00
Drew Bailey 196fab4c38
Merge pull request #8738 from hashicorp/ent-changelog
changelog entry for enterprise bug
2020-08-25 11:16:41 -04:00
Drew Bailey 91e84a0460
changelog entry for enterprise bug 2020-08-25 11:16:11 -04:00
Roger Berlind ed719392cf
remove preemption, add cross-namespace queries
remove preemption from summary of governance and policy module since it is now OSS.
add cross-namespace queries to that same sentence.
2020-08-25 11:13:40 -04:00
Tim Gross f9b6c8153c
csi: fix panic in serializing nil allocs in volume API (#8735)
- fix panic in serializing nil allocs in volume API
- prevent potential panic in serializing plugin allocs
2020-08-25 10:13:05 -04:00
Mahmood Ali 18632955f2 clarify PathEscapesAllocDir specification
Clarify how to handle prefix value and path traversal within the alloc
dir but outside the prefix directory.
2020-08-24 20:44:26 -04:00
Mahmood Ali 9794760933 validate parameterized job request meta
Fixes a bug where `keys` metadata wasn't populated, as we iterated over
the empty newly-created `keys` map rather than the request Meta field.
2020-08-24 20:39:01 -04:00
Mahmood Ali 1200c8185f handle when hcl parser panics
Apparently `\` followed by a digit number can cause hcl parser to panic!
Will fix in hcl library, but using a hammer to squash any similar issue
here.
2020-08-24 20:35:58 -04:00
Mahmood Ali 10954bf717 close file when done reading 2020-08-24 20:22:42 -04:00
Mahmood Ali 0be632debf don't lock if ref is nil
Ensure that d.mu is only dereferenced if d is not-nil, to avoid a null
dereference panic.
2020-08-24 20:19:40 -04:00
Jamie Finnigan 95bae2e6ca
Merge pull request #8728 from hashicorp/gh_sec_pol
remove local SECURITY.md in favor of org-wide policy
2020-08-24 16:03:51 -07:00
Jamie Finnigan a70dbe9a6a remove local SECURITY.md in favor of org-wide policy 2020-08-24 15:41:28 -07:00
Michael Lange 3f2a846d5e
Merge pull request #8714 from hashicorp/f-ui/always-show-scale-event-accordion
UI: Always show the scaling events accordion
2020-08-24 11:07:31 -07:00
Michael Lange 114909c5e8 Always show the scaling events accordion 2020-08-24 10:34:34 -07:00
Seth Hoenig 26e77623e5 consul/connect: fixup tests to use new consul sdk 2020-08-24 12:02:41 -05:00
Seth Hoenig 4bfe830074 consul/connect: update consul to match current 2020-08-24 10:48:27 -05:00
Seth Hoenig 7272a8bdb9
Merge pull request #8715 from greut/consul-v1.7.7
Consul v1.7.7
2020-08-24 10:43:46 -05:00
Seth Hoenig a09d1746bf
Merge branch 'master' into consul-v1.7.7 2020-08-24 10:43:00 -05:00
Seth Hoenig 37b827be0a
Merge pull request #8717 from greut/cors-v1.7.0
vendor: rs/cors v1.7.0
2020-08-24 10:23:53 -05:00
Seth Hoenig 80afe97719
Merge pull request #8721 from code0x9/b-kernel-builtin-module
client/fingerprint: lookup kernel builtin bridge modules
2020-08-24 10:01:34 -05:00
Tim Gross d26f30bba8
docs: add contributor docs for issue labels (#8723) 2020-08-24 10:19:57 -04:00
Seth Hoenig c4fa644315 consul/connect: remove envoy dns option from gateway proxy config 2020-08-24 09:11:55 -05:00
Seth Hoenig d6b0f43f3f consul/connect: update consul version used in circleci 2020-08-24 08:21:27 -05:00
Yoan Blanc 327d17e0dc
fixup! vendor: consul/api, consul/sdk v1.6.0
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-24 08:59:03 +02:00
Mark Lee cd23fd7ca2 refactor lookup code 2020-08-24 12:24:16 +09:00
Mark Lee cd7aabca72 lookup kernel builtin modules too 2020-08-24 11:09:13 +09:00
Mahmood Ali ff01f521a1
Merge pull request #8656 from JanMa/update-nspawn-docs
Update docs for nspawn driver
2020-08-23 21:24:56 -04:00
Mahmood Ali 8aa39f1a91
Merge pull request #8704 from hashicorp/docs-gh-6305
docs: fix job run -detach example
2020-08-23 20:52:34 -04:00
Yoan Blanc 7b873b7746
vendor: rs/cors v1.7.0
The Olivier Poitrey Go CORS handler through 1.3.0 actively converts
a wildcard CORS policy into reflecting an arbitrary Origin header
value, which is incompatible with the CORS security design, and
could lead to CORS misconfiguration security problems.

CVE-2018-20744

Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-23 10:36:38 +02:00
Yoan Blanc 63b27d42a2
vendor: consul/api, consul/sdk v1.6.0
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-23 09:43:37 +02:00
Yoan Blanc 5e629775ac
vendor: consul v1.7.7
Signed-off-by: Yoan Blanc <yoan@dosimple.ch>
2020-08-23 09:41:27 +02:00
Seth Hoenig 5b072029f2 consul/connect: add initial support for ingress gateways
This PR adds initial support for running Consul Connect Ingress Gateways (CIGs) in Nomad. These gateways are declared as part of a task group level service definition within the connect stanza.

```hcl
service {
  connect {
    gateway {
      proxy {
        // envoy proxy configuration
      }
      ingress {
        // ingress-gateway configuration entry
      }
    }
  }
}
```

A gateway can be run in `bridge` or `host` networking mode, with the caveat that host networking necessitates manually specifying the Envoy admin listener (which cannot be disabled) via the service port value.

Currently Envoy is the only supported gateway implementation in Consul, and Nomad only supports running Envoy as a gateway using the docker driver.

Aims to address #8294 and tangentially #8647
2020-08-21 16:21:54 -05:00
Tim Gross 693a8a2613
e2e: fix platform path for installing for Linux from s3 (#8708) 2020-08-21 09:20:09 -04:00
Tim Gross b23150057a
E2E: move Nomad installation to script on remote hosts (#8706)
This changeset moves the installation of Nomad binaries out of the
provisioning framework and into scripts that are installed on the remote host
during AMI builds.

This provides a few advantages:

* The provisioning framework can be reduced in scope (with the goal of moving
  most of it into the Terraform stack entirely).
* The scripts can be arbitrarily complex if we don't have to stuff them into
  ssh commands, so it's easier to make them idempotent. In this changeset, the
  scripts check the version of the existing binary and don't re-download when
  using the `--nomad_sha` or `--nomad_version` flags.
* The scripts can be OS/distro specific, which helps in building new test
  targets.
2020-08-20 16:10:00 -04:00
Buck Doyle 4394c5b9ff
Add common serialiser abstractions (#8634)
This extracts some common API-idiosyncracy-handling patterns from model serialisers into properties that are processed by the application serialiser:

* arrayNullOverrides converts a null property value to an empty array
* mapToArray converts a map to an array of maps, using the original map keys as Name properties on the array maps
* separateNanos splits nanosecond-containing timestamps into millisecond timestamps and separate nanosecond properties
2020-08-20 12:14:49 -05:00
Michael Schurter 86a31d0df6
Merge pull request #8701 from hashicorp/doc-e2e
docs: clarify e2e tests
2020-08-20 08:53:58 -07:00
Jasmine Dahilig a7b8adfe01 task lifecycle: e2e fix more alloc stop races 2020-08-20 08:49:58 -07:00
Mahmood Ali 8515885227 docs: fix job run -detach example 2020-08-20 11:42:36 -04:00
Jasmine Dahilig 681eb407db task lifecycle: make e2e service job test block until poststart task has started 2020-08-20 08:11:16 -07:00
Nick Ethier 3cd5f46613
Update UI to use new allocated ports fields (#8631)
* nomad: canonicalize alloc shared resources to populate ports

* ui: network ports

* ui: remove unused task network references and update tests with new shared ports model

* ui: lint

* ui: revert auto formatting

* ui: remove unused page objects

* structs: remove unrelated test from bad conflict resolution

* ui: formatting
2020-08-20 11:07:13 -04:00
Tim Gross 0fd4a05b2f
E2E AMI cleanup (#8697)
* move CNI install/podman config to build-time
* move DNS config to userdata
* consolidate apt updates for performance
2020-08-20 10:09:31 -04:00
Mahmood Ali 29d49f0a09
Merge pull request #8700 from shishir-a412ed/f-ui-podman-driver
Podman driver: Add support for signal task.
2020-08-20 07:11:45 -04:00
Mahmood Ali 80b10a3181
Merge pull request #8693 from zhsj/update-runc
Update runc to v1.0.0-rc92
2020-08-20 07:11:27 -04:00
Michael Schurter 72bd8f477c docs: clarify e2e tests
Just a smattering of attempted improvements as I read through this
again. Some of my goals:

- Tried to add more high level info to the intro to set the context
- Clarify the difference between *test* dev and *agent* dev workflows
- Add -timeout to provisioning step because cable Internet is lol
2020-08-19 20:32:31 -07:00
Michael Schurter 4d2bb7e660
Merge pull request #8688 from hashicorp/test-deflake-consul-e2e
test: deflake consul e2e tests
2020-08-19 20:11:25 -07:00