github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
10,572 Commits
1,701 Branches
457 Tags
684 MiB
Commit Graph

1706 Commits (0687e2fe934e1313eb0bb0b4bc003b44fde2e762)

Author SHA1 Message Date
Mitchell Hashimoto 8c72bb0cdf
agent/local: address remaining test feedback 2018-07-19 14:20:50 -05:00
Matt Keeler 560c9c26f7 Use the agent logger instead of log module 2018-07-19 11:22:01 -04:00
Matt Keeler ca5851318d Update a couple erroneous tests. 2018-07-19 09:20:51 -04:00
Mitchell Hashimoto 9f128e40d6
agent/local: don't use time.After in test since notify is instant 2018-07-18 16:16:28 -05:00
Matt Keeler 3fe5f566f2 Persist proxies from config files 
Also change how loadProxies works. Now it will load all persisted proxies into a map, then when loading config file proxies will look up the previous proxy token in that map.
 2018-07-18 17:04:35 -04:00
Kyle Havlovitz d6ca015a42
connect/ca: add configurable leaf cert TTL 2018-07-16 13:33:37 -07:00
Matt Keeler c891e264ca Fix issue with choosing a client addr that is 0.0.0.0 or :: 2018-07-16 16:30:15 -04:00
Mitchell Hashimoto 9a90400821
agent/checks: prevent overflow of backoff 2018-07-12 10:21:49 -07:00
Mitchell Hashimoto d6ecd97d1d
agent: use the correct ACL token for alias checks 2018-07-12 10:17:53 -07:00
Mitchell Hashimoto f97bfd5be8
agent: address some basic feedback 2018-07-12 09:36:11 -07:00
Mitchell Hashimoto 19ced12668
agent: alias checks have no interval 2018-07-12 09:36:11 -07:00
Mitchell Hashimoto 5bc27feb0b
agent/structs: check is alias if node is empty 2018-07-12 09:36:11 -07:00
Mitchell Hashimoto 36e330941a
agent/checks: support node-only checks 2018-07-12 09:36:11 -07:00
Mitchell Hashimoto 1e9233eec1
agent/checks: set critical if RPC fails 2018-07-12 09:36:11 -07:00
Mitchell Hashimoto e9914ee71c
agent/checks: use local state for local services 2018-07-12 09:36:11 -07:00
Mitchell Hashimoto 7543d270e2
agent/local: support local alias checks 2018-07-12 09:36:10 -07:00
Mitchell Hashimoto 4a67beb734
agent: run alias checks 2018-07-12 09:36:10 -07:00
Mitchell Hashimoto 60c75b88da
agent/checks: reflect node failure as alias check failure 2018-07-12 09:36:10 -07:00
Mitchell Hashimoto f0658a0ede
agent/config: support configuring alias check 2018-07-12 09:36:10 -07:00
Mitchell Hashimoto 632e4a2c69
agent/checks: add Alias check type 2018-07-12 09:36:09 -07:00
mkeeler 39f93f011e
Release v1.2.1 2018-07-12 16:33:56 +00:00
Matt Keeler 63d5c069fc
Merge pull request #4379 from hashicorp/persist-intermediates 
connect: persist intermediate CAs on leader change
 2018-07-12 12:09:13 -04:00
Paul Banks 9015cd62ab
Merge pull request #4381 from hashicorp/proxy-check-default 
Proxy check default
 2018-07-12 17:08:35 +01:00
Matt Keeler 0e83059d1f
Revert "Allow changing Node names since Node now have IDs" 2018-07-12 11:19:21 -04:00
Matt Keeler 91150cca59 Fixup formatting 2018-07-12 10:14:26 -04:00
Matt Keeler 3807e04de9 Revert PR 4294 - Catalog Register: Generate UUID for services registered without one 
UUID auto-generation here causes trouble in a few cases. The biggest being older
nodes reregistering will fail when the UUIDs are different and the names match

This reverts commit 0f70034082.
This reverts commit d1a8f9cb3f.
This reverts commit cf69ec42a4.
 2018-07-12 10:06:50 -04:00
Matt Keeler 7572ca0f37
Merge pull request #4374 from hashicorp/feature/proxy-env-vars 
Setup managed proxy environment with API client env vars
 2018-07-12 09:13:54 -04:00
Paul Banks 8405b41f2b
Update proxy config docs and add test for ipv6 2018-07-12 13:07:48 +01:00
Paul Banks bb9a5c703b
Default managed proxy TCP check address sanely when proxy is bound to 0.0.0.0. 
This also provides a mechanism to configure custom address or disable the check entirely from managed proxy config.
 2018-07-12 12:57:10 +01:00
Matt Keeler 0f56ed2d01 Set api.Config’s InsecureSkipVerify to the value of !RuntimeConfig.VerifyOutgoing 2018-07-12 07:49:23 -04:00
Matt Keeler 22e4058893 Use type switch instead of .Network for more reliably detecting UnixAddrs 2018-07-12 07:30:17 -04:00
Matt Keeler 700a275ddf Look specifically for tcp instead of unix 
Add runtime -> api.Config tests
 2018-07-11 17:25:36 -04:00
Matt Keeler c8df4b824c Update proxy manager test - test passing ProxyEnv vars 2018-07-11 16:50:27 -04:00
Kyle Havlovitz f95c6807e7
connect: use reflect.DeepEqual instead for test 2018-07-11 13:10:58 -07:00
Matt Keeler 98ead2a8f8
Merge pull request #3983 from pierresouchay/node_renaming 
Allow changing Node names since Node now have IDs
 2018-07-11 16:03:02 -04:00
Kyle Havlovitz 4e5fb6bc19
connect: add provider state to snapshots 2018-07-11 11:34:49 -07:00
Kyle Havlovitz 462ace4867
connect: update leader initializeCA comment 2018-07-11 10:00:42 -07:00
Kyle Havlovitz 1d3f4b5099
connect: persist intermediate CAs on leader change 2018-07-11 09:44:30 -07:00
Matt Keeler c54b43bef3 PR Updates 
Proxy now doesn’t need to know anything about the api as we pass env vars to it instead of the api config.
 2018-07-11 09:44:54 -04:00
Matt Keeler 4d1ead10b3
Merge pull request #4371 from hashicorp/bugfix/gh-4358 
Remove https://prefix from TLSConfig.Address
 2018-07-11 08:50:10 -04:00
Pierre Souchay fecae3de21 When renaming a node, ensure the name is not taken by another node. 
Since DNS is case insensitive and DB as issues when similar names with different
cases are added, check for unicity based on case insensitivity.

Following another big incident we had in our cluster, we also validate
that adding/renaming a not does not conflicts with case insensitive
matches.

We had the following error once:

 - one node called: mymachine.MYDC.mydomain was shut off
 - another node (different ID) was added with name: mymachine.mydc.mydomain before
   72 hours

When restarting the consul server of domain, the consul server restarted failed
to start since it detected an issue in RAFT database because
mymachine.MYDC.mydomain and mymachine.mydc.mydomain had the same names.

Checking at registration time with case insensitivity should definitly fix
those issues and avoid Consul DB corruption.
 2018-07-11 14:42:54 +02:00
Matt Keeler bd76a34002
Merge pull request #4365 from pierresouchay/fix_test_warning 
Fixed compilation warning about wrong type
 2018-07-10 16:53:29 -04:00
Matt Keeler 3b6eef8ec6 Pass around an API Config object and convert to env vars for the managed proxy 2018-07-10 12:13:51 -04:00
Pierre Souchay 7d2e4b77ec Use %q, not %s as it used to 2018-07-10 16:52:08 +02:00
Matt Keeler 0fd7e97c2d Merge remote-tracking branch 'origin/master' into bugfix/prevent-multi-cname 2018-07-10 10:26:45 -04:00
Matt Keeler d19c7d8882
Merge pull request #4303 from pierresouchay/non_blocking_acl 
Only send one single ACL cache refresh across network when TTL is over
 2018-07-10 08:57:33 -04:00
Matt Keeler d066fb7b18
Merge pull request #4362 from hashicorp/bugfix/gh-4354 
Ensure TXT RRs always end up in the Additional section except for ANY or TXT queries
 2018-07-10 08:50:31 -04:00
Pierre Souchay b112bdd52d Fixed compilation warning about wrong type 
It fixes the following warnings:

  agent/config/builder.go:1201: Errorf format %q has arg s of wrong type *string
  agent/config/builder.go:1240: Errorf format %q has arg s of wrong type *string
 2018-07-09 23:43:56 +02:00
Paul Banks 41c3a4ac8e
Merge pull request #4038 from pierresouchay/ACL_additional_info 
Track calls blocked by ACLs using metrics
 2018-07-09 20:21:21 +01:00
MagnumOpus21 371f0c3d5f Tests/Proxy : Changed function name to match the system being tested. 2018-07-09 13:18:57 -04:00
MagnumOpus21 9d57b72e81 Resolved merge conflicts 2018-07-09 12:48:34 -04:00
MagnumOpus21 300330e24b Agent/Proxy: Formatting and test cases fix 2018-07-09 12:46:10 -04:00
Matt Keeler 962f6a1816 Remove https://prefix from TLSConfig.Address 2018-07-09 12:31:15 -04:00
Matt Keeler cbf8f14451 Ensure TXT RRs always end up in the Additional section except for ANY or TXT queries 
This also changes where the enforcement of the enable_additional_node_meta_txt configuration gets applied.

formatNodeRecord returns the main RRs and the meta/TXT RRs in separate slices. Its then up to the caller to add to the appropriate sections or not.
 2018-07-09 12:30:11 -04:00
MagnumOpus21 94e8ff55cf Proxy/Tests: Added test cases to check env variables 2018-07-09 12:28:29 -04:00
MagnumOpus21 6cecf2961d Agent/Proxy : Properly passes env variables to child 2018-07-09 12:28:29 -04:00
Pierre Souchay ff53648df2 Merge remote-tracking branch 'origin/master' into ACL_additional_info 2018-07-07 14:09:18 +02:00
Pierre Souchay 0e4e451a56 Fixed indentation in test 2018-07-07 14:03:34 +02:00
Kyle Havlovitz 401b206a2e
Store the time CARoot is rotated out instead of when to prune 2018-07-06 16:05:25 -07:00
MagnumOpus21 1cd1b55682 Agent/Proxy : Properly passes env variables to child 2018-07-05 22:04:29 -04:00
Matt Keeler e3783a75e7 Refactor to make this much less confusing 2018-07-03 11:04:19 -04:00
Matt Keeler 554035974e Add a bunch of comments about preventing multi-cname 
Hopefully this a bit clearer as to the reasoning
 2018-07-03 10:32:52 -04:00
Matt Keeler 22c2be5bf1 Fix some edge cases and add some tests. 2018-07-02 16:58:52 -04:00
Matt Keeler 9a8500412b Only allow 1 CNAME when querying for a service. 
This just makes sure that if multiple services are registered with unique service addresses that we don’t blast back multiple CNAMEs for the same service DNS name and keeps us within the DNS specs.
 2018-07-02 16:12:06 -04:00
Kyle Havlovitz 1492243e0a
connect/ca: add logic for pruning old stale RootCA entries 2018-07-02 10:35:05 -07:00
Matt Keeler 8a12d803fd
Merge pull request #4315 from hashicorp/bugfix/fix-server-enterprise 
Move starting enterprise functionality
 2018-07-02 12:28:10 -04:00
Pierre Souchay bd023f352e Updated swith case to use same branch for async-cache and extend-cache 2018-07-02 17:39:34 +02:00
Pierre Souchay 1e7665c0d5 Updated documentation and adding more test case for async-cache 2018-07-01 23:50:30 +02:00
Pierre Souchay abde81a3e7 Added async-cache with similar behaviour as extend-cache but asynchronously 2018-07-01 23:50:30 +02:00
Pierre Souchay 9406ca1c95 Only send one single ACL cache refresh across network when TTL is over 
It will allow the following:

 * when connectivity is limited (saturated linnks between DCs), only one
   single request to refresh an ACL will be sent to ACL master DC instead
   of statcking ACL refresh queries
 * when extend-cache is used for ACL, do not wait for result, but refresh
   the ACL asynchronously, so no delay is not impacting slave DC
 * When extend-cache is not used, keep the existing blocking mechanism,
   but only send a single refresh request.

This will fix https://github.com/hashicorp/consul/issues/3524
 2018-07-01 23:50:30 +02:00
Abhishek Chanda 36306c0076 Change bind_port to an int 2018-06-30 14:18:13 +01:00
Matt Keeler 22b7b688a3
Move starting enterprise functionality 2018-06-29 17:38:29 -04:00
Mitchell Hashimoto 6ef28dece0
agent/config: parse upstreams with multiple service definitions 2018-06-28 15:13:33 -05:00
Mitchell Hashimoto e155d58b19
Merge pull request #4297 from hashicorp/b-intention-500-2 
agent: 400 error on invalid UUID format, api handles errors properly
 2018-06-28 05:27:19 +02:00
Matt Keeler 0f70034082 Move default uuid test into the consul package 2018-06-27 09:21:58 -04:00
Matt Keeler d1a8f9cb3f go fmt changes 2018-06-27 09:07:22 -04:00
Mitchell Hashimoto 1c3e9af316
agent: 400 error on invalid UUID format, api handles errors properly 2018-06-27 07:40:06 +02:00
Matt Keeler cf69ec42a4 Make sure to generate UUIDs when services are registered without one 
This makes the behavior line up with the docs and expected behavior
 2018-06-26 17:04:08 -04:00
mkeeler 28141971f9
Release v1.2.0 2018-06-25 19:45:20 +00:00
mkeeler 6813a99081 Merge remote-tracking branch 'connect/f-connect' 2018-06-25 19:42:51 +00:00
Kyle Havlovitz 162daca4d7 revert go changes to hide rotation config 2018-06-25 12:26:18 -07:00
Kyle Havlovitz c20bbf8760 connect/ca: hide the RotationPeriod config field since it isn't used yet 2018-06-25 12:26:18 -07:00
Mitchell Hashimoto a76f652fd2 agent: convert the proxy bind_port to int if it is a float 2018-06-25 12:26:18 -07:00
Matt Keeler 677d6dac80 Remove x509 name constraints 
These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing.
 2018-06-25 12:26:10 -07:00
Matt Keeler 163fe11101 Make sure we omit the Kind value in JSON if empty 2018-06-25 12:26:10 -07:00
Jack Pearkes 105c4763dc update UI to latest 2018-06-25 12:25:42 -07:00
Kyle Havlovitz 3baa67cdef connect/ca: pull the cluster ID from config during a rotation 2018-06-25 12:25:42 -07:00
Kyle Havlovitz 8c2c9705d9 connect/ca: use weak type decoding in the Vault config parsing 2018-06-25 12:25:42 -07:00
Kyle Havlovitz b4ef7bb64d connect/ca: leave blank root key/cert out of the default config (unnecessary) 2018-06-25 12:25:42 -07:00
Kyle Havlovitz 050da22473 connect/ca: undo the interface changes and use sign-self-issued in Vault 2018-06-25 12:25:42 -07:00
Kyle Havlovitz 914d9e5e20 connect/ca: add leaf verify check to cross-signing tests 2018-06-25 12:25:41 -07:00
Kyle Havlovitz bc997688e3 connect/ca: update Consul provider to use new cross-sign CSR method 2018-06-25 12:25:41 -07:00
Kyle Havlovitz 8a70ea64a6 connect/ca: update Vault provider to add cross-signing methods 2018-06-25 12:25:41 -07:00
Kyle Havlovitz 6a2fc00997 connect/ca: add URI SAN support to the Vault provider 2018-06-25 12:25:41 -07:00
Kyle Havlovitz 226a59215d connect/ca: fix vault provider URI SANs and test 2018-06-25 12:25:41 -07:00
Kyle Havlovitz 1a8ac686b2 connect/ca: add the Vault CA provider 2018-06-25 12:25:41 -07:00
Paul Banks 51fc48e8a6 Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift 2018-06-25 12:25:41 -07:00
Paul Banks e33bfe249e Note leadership issues in comments 2018-06-25 12:25:41 -07:00
Paul Banks b5f24a21cb Fix test broken by final telemetry PR change! 2018-06-25 12:25:40 -07:00
Paul Banks e514570dfa Actually return Intermediate certificates bundled with a leaf! 2018-06-25 12:25:40 -07:00
Matt Keeler e22b9c8e15 Output the service Kind in the /v1/internal/ui/services endpoint 2018-06-25 12:25:40 -07:00
Paul Banks 17789d4fe3 register TCP check for managed proxies 2018-06-25 12:25:40 -07:00
Paul Banks 280f14d64c Make proxy only listen after initial certs are fetched 2018-06-25 12:25:40 -07:00
Paul Banks 420ae3df69 Limit proxy telemetry config to only be visible with authenticated with a proxy token 2018-06-25 12:25:39 -07:00
Paul Banks 597e55e8e2 Misc test fixes 2018-06-25 12:25:39 -07:00
Paul Banks c6ef6a61c9 Refactor to use embedded struct. 2018-06-25 12:25:39 -07:00
Paul Banks 9f559da913 Revert telemetry config changes ready for cleaner approach 2018-06-25 12:25:39 -07:00
Paul Banks 38405bd4a9 Allow user override of proxy telemetry config 2018-06-25 12:25:38 -07:00
Paul Banks 7649d630c6 Basic proxy telemetry working; not sure if it's too ugly; need to instrument things we care about 2018-06-25 12:25:38 -07:00
Paul Banks d83f2e8e21 Expose telemetry config from RuntimeConfig to proxy config endpoint 2018-06-25 12:25:38 -07:00
Paul Banks 8aeb7bd206 Disable TestAgent proxy execution properly 2018-06-25 12:25:38 -07:00
Paul Banks 2e223ea2b7 Fix hot loop in cache for RPC returning zero index. 2018-06-25 12:25:37 -07:00
Paul Banks 43b48bc06b Get agent cache tests passing without global hit count (which is racy). 
Few other fixes in here just to get a clean run locally - they are all also fixed in other PRs but shouldn't conflict.

This should be robust to timing between goroutines now.
 2018-06-25 12:25:37 -07:00
Mitchell Hashimoto 155bb67c52 Update UI for beta3 2018-06-25 12:25:16 -07:00
Mitchell Hashimoto 6b1e0a3003 agent/cache: always schedule the refresh 2018-06-25 12:25:14 -07:00
Mitchell Hashimoto 7cbbac43a3 agent: clarify comment 2018-06-25 12:25:14 -07:00
Mitchell Hashimoto a08faf5a11 agent: add additional assertion to test 2018-06-25 12:25:13 -07:00
Paul Banks 2c21ead80e More test tweaks 2018-06-25 12:25:13 -07:00
Paul Banks 05a8097c5d Fix misc test failures (some from other PRs) 2018-06-25 12:25:13 -07:00
Paul Banks 382ce8f98a Only set precedence on write path 2018-06-25 12:25:13 -07:00
Paul Banks 4a54f8f7e3 Fix some tests failures caused by the sorting change and some cuased by previous UpdatePrecedence() change 2018-06-25 12:25:13 -07:00
Paul Banks bf7a62e0e0 Sort intention list by precedence 2018-06-25 12:25:13 -07:00
Mitchell Hashimoto 181fbcc9b9 agent: intention update/delete responess match ACL/KV behavior 2018-06-25 12:25:12 -07:00
Mitchell Hashimoto 3c17144fb5 agent/structs: JSON marshal the configuration for a managed proxy 2018-06-25 12:25:12 -07:00
Mitchell Hashimoto e9e6514c9b agent: disallow deregistering a managed proxy directly 2018-06-25 12:25:12 -07:00
Mitchell Hashimoto 66a573e496 agent: deregister service deregisters the proxy along with it 2018-06-25 12:25:12 -07:00
Mitchell Hashimoto a82726f0b8 agent: RemoveProxy also removes the proxy service 2018-06-25 12:25:12 -07:00
Mitchell Hashimoto e2653bec02 Fix broken tests from PR merge related to proxy secure defaults 2018-06-25 12:25:12 -07:00
Mitchell Hashimoto cf9b377c78 agent/cache: always fetch with minimum index of 1 at least 2018-06-25 12:25:12 -07:00
Mitchell Hashimoto 6a438c25d0 agent/proxy: remove debug println 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto 0d6dcbd2f1 agent: disallow API registration with managed proxy if not enabled 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto f7fc026e18 agent/config: AllowManagedAPIRegistration 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto ed98d65c2b agent/proxy: AllowRoot to disable executing managed proxies when root 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto 5ae32837f7 agent/proxy: set the proper arguments so we only run the helper process 2018-06-25 12:25:11 -07:00
Mitchell Hashimoto 4897ca6545 agent/config: add AllowManagedRoot 2018-06-25 12:25:11 -07:00
Kyle Havlovitz 82a4b3c13f connect: fix two CA tests that were broken in a previous PR (#60) 2018-06-25 12:25:10 -07:00
Paul Banks 41a29a469e Fix roots race with CA setup hammering bug and defensive nil check hit during obscure upgrade scenario 2018-06-25 12:25:10 -07:00
Kyle Havlovitz aafa3ca64a agent: format all CA config fields 2018-06-25 12:25:09 -07:00
Kyle Havlovitz edbeeeb23c agent: update accepted CA config fields and defaults 2018-06-25 12:25:09 -07:00
Mitchell Hashimoto 316bdbe010 agent/proxy: fix build on Windows 2018-06-25 12:24:18 -07:00
Paul Banks 0824d1df5f Misc comment cleanups 2018-06-25 12:24:16 -07:00
Paul Banks e57aa52ca6 Warn about killing proxies in dev mode 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto 028aa78e83 agent/consul: set precedence value on struct itself 2018-06-25 12:24:16 -07:00
Mitchell Hashimoto 927b45bf91 agent/config: move ports to `ports` structure, update docs 2018-06-25 12:24:15 -07:00
Paul Banks d1c67d90bc Fixs a few issues that stopped this working in real life but not caught by tests: 
- Dev mode assumed no persistence of services although proxy state is persisted which caused proxies to be killed on startup as their services were no longer registered. Fixed.
 - Didn't snapshot the ProxyID which meant that proxies were adopted OK from snapshot but failed to restart if they died since there was no proxyID in the ENV on restart
 - Dev mode with no persistence just kills all proxies on shutdown since it can't recover them later
 - Naming things
 2018-06-25 12:24:14 -07:00
Paul Banks 85d6502ab3 Don't kill proxies on agent shutdown; backport manager close fix 2018-06-25 12:24:13 -07:00
Paul Banks b2ff583392 Test for adopted process Stop race and fix 2018-06-25 12:24:13 -07:00
Mitchell Hashimoto 62d4aaa33e agent: accept connect param for execute 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto daf46c9cfa agent/consul: support a Connect option on prepared query request 2018-06-25 12:24:12 -07:00
Mitchell Hashimoto 440b1b2d97 agent/consul: prepared query supports "Connect" field 2018-06-25 12:24:11 -07:00
Mitchell Hashimoto 8bcadddda7 agent: intention create returns 500 for bad body 2018-06-25 12:24:10 -07:00
Mitchell Hashimoto 1830c6b308 agent: switch ConnectNative to an embedded struct 2018-06-25 12:24:10 -07:00
Paul Banks df2cb30b01 Make tests pass and clean proxy persistence. No detached child changes yet. 
This is a good state for persistence stuff to re-start the detached child work that got mixed up last time.
 2018-06-25 12:24:10 -07:00
Paul Banks cdc7cfaa36 Abandon daemonize for simpler solution (preserving history): 
Reverts:
  - bdb274852ae469c89092d6050697c0ff97178465
  - 2c689179c4f61c11f0016214c0fc127a0b813bfe
  - d62e25c4a7ab753914b6baccd66f88ffd10949a3
  - c727ffbcc98e3e0bf41e1a7bdd40169bd2d22191
  - 31b4d18933fd0acbe157e28d03ad59c2abf9a1fb
  - 85c3f8df3eabc00f490cd392213c3b928a85aa44
 2018-06-25 12:24:10 -07:00
Paul Banks a2fe604191 WIP 2018-06-25 12:24:09 -07:00
Paul Banks 8cf4b3a6eb Sanity check that we are never trying to self-exec a test binary. Add daemonize bypass for TestAgent so that we don't have to jump through ridiculous self-execution hooks for every package that might possibly invoke a managed proxy 2018-06-25 12:24:09 -07:00
Mitchell Hashimoto 827b671d4a agent/proxy: Manager.Close also has to stop all proxy watchers 2018-06-25 12:24:09 -07:00
Paul Banks ef9c40643e Fix import tooling fail 2018-06-25 12:24:09 -07:00
Paul Banks ba0fb58a72 Make daemoinze an option on test binary without hacks. Misc fixes for racey or broken tests. Still failing on several though. 2018-06-25 12:24:09 -07:00
Paul Banks 2b377dc624 Run daemon processes as a detached child. 
This turns out to have a lot more subtelty than we accounted for. The test suite is especially prone to races now we can only poll the child and many extra levels of indirectoin are needed to correctly run daemon process without it becoming a Zombie.

I ran this test suite in a loop with parallel enabled to verify for races (-race doesn't find any as they are logical inter-process ones not actual data races). I made it through ~50 runs before hitting an error due to timing which is much better than before. I want to go back and see if we can do better though. Just getting this up.
 2018-06-25 12:24:08 -07:00
Paul Banks e21723a891 Persist proxy state through agent restart 2018-06-25 12:24:08 -07:00
Mitchell Hashimoto eb3fcb39b3 agent/consul/state: support querying by Connect native 2018-06-25 12:24:08 -07:00
Mitchell Hashimoto 6b745964c4 agent/cache: update comment from PR review to clarify 2018-06-25 12:24:08 -07:00
Mitchell Hashimoto 424272361d agent: agent service registration supports Connect native services 2018-06-25 12:24:08 -07:00
Mitchell Hashimoto d6a823ad0d agent/consul: support catalog registration with Connect native 2018-06-25 12:24:07 -07:00
Mitchell Hashimoto d609ad216b agent/cache: update comments 2018-06-25 12:24:07 -07:00
Mitchell Hashimoto 839d3c323d agent/cache: correct test name 2018-06-25 12:24:07 -07:00
Mitchell Hashimoto 45e49f31de agent/cache: change behavior to return error rather than retry 
The cache behavior should not be to mask errors and retry. Instead, it
should aim to return errors as quickly as possible. We do that here.
 2018-06-25 12:24:07 -07:00
Mitchell Hashimoto 311d503fb0 agent/cache: perform backoffs on error retries on blocking queries 2018-06-25 12:24:06 -07:00
Matt Keeler 3afa4f9c7e
Merge pull request #4234 from hashicorp/feature/default-new-ui 
Switch over to defaulting to the new UI
 2018-06-20 09:10:08 -04:00
Matt Keeler af910bda39
Merge pull request #4216 from hashicorp/rpc-limiting 
Make RPC limits reloadable
 2018-06-20 09:05:28 -04:00
Matt Keeler 0d4e8676d1
Merge pull request #4215 from hashicorp/feature/config-node-meta-dns-txt 
Add configuration entry to control including TXT records for node meta in DNS responses
 2018-06-20 08:53:04 -04:00
Matt Keeler 7f7c703118 Update the runtime tests 2018-06-19 13:59:26 -04:00
Matt Keeler 8216816e3f Make filtering out TXT RRs only apply when they would end up in Additional section 
ANY queries are no longer affected.
 2018-06-19 10:08:16 -04:00
Matt Keeler 197e2f69d5 Switch over to defaulting to the new UI 2018-06-15 09:20:13 -04:00
Kyle Havlovitz ab4a9a94f4
Re-use uint8ToString 2018-06-14 09:42:23 -07:00
Kyle Havlovitz 5683d628c4
Support giving the duration as a string in CA config 2018-06-14 09:42:22 -07:00
Mitchell Hashimoto eb2a6952ba
address comment feedback 2018-06-14 09:42:22 -07:00
Mitchell Hashimoto cd39f09693
agent: leaf endpoint accepts name, not service ID 
This change is important so that requests can made representing a
service that may not be registered with the same local agent.
 2018-06-14 09:42:20 -07:00
Mitchell Hashimoto 1906fe1c0d
agent: address feedback 2018-06-14 09:42:20 -07:00
Mitchell Hashimoto 0accfc1628
agent: rename test to check 2018-06-14 09:42:18 -07:00
Mitchell Hashimoto d1c21a8629
agent: implement HTTP endpoint 2018-06-14 09:42:18 -07:00
Mitchell Hashimoto 2a29679e9d
agent/consul: forward request if necessary 2018-06-14 09:42:17 -07:00
Mitchell Hashimoto 54ac5adb08
agent: comments to point to differing logic 2018-06-14 09:42:17 -07:00
Mitchell Hashimoto d68462fca6
agent/consul: implement Intention.Test endpoint 2018-06-14 09:42:17 -07:00
Paul Banks a80559e439
Make invalid clusterID be fatal 2018-06-14 09:42:17 -07:00
Paul Banks 140f3f5a44
Fix logical conflicts with CA refactor 2018-06-14 09:42:17 -07:00
Paul Banks c58d47ba59
Fix broken api test for service Meta (logical conflict rom OSS). Add test that would make this much easier to catch in future. 2018-06-14 09:42:17 -07:00
Paul Banks f4b8e8c96d
Add default CA config back - I didn't add it and causes nil panics 2018-06-14 09:42:17 -07:00
Paul Banks 1228a5839a
Ooops remove the CA stuff from actual server defaults and make it test server only 2018-06-14 09:42:16 -07:00
Paul Banks 4aeab3897c
Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes. 2018-06-14 09:42:16 -07:00
Paul Banks bc07ff4983
Comment cleanup 2018-06-14 09:42:16 -07:00
Paul Banks 1722734313
Verify trust domain on /authorize calls 2018-06-14 09:42:16 -07:00
Paul Banks b4803eca59
Generate CSR using real trust-domain 2018-06-14 09:42:16 -07:00
Paul Banks 622a475eb1
Add CSR signing verification of service ACL, trust domain and datacenter. 2018-06-14 09:42:16 -07:00
Paul Banks c1f2025d96
Return TrustDomain from CARoots RPC 2018-06-14 09:42:15 -07:00
Kyle Havlovitz e00088e8ee
Rename some of the CA structs/files 2018-06-14 09:42:15 -07:00
Kyle Havlovitz 6e9f1f8acb
Add more metadata to structs.CARoot 2018-06-14 09:42:15 -07:00
Kyle Havlovitz 627aa80d5a
Use provider state table for a global serial index 2018-06-14 09:42:15 -07:00
Kyle Havlovitz 988510f53c
Add test for ca config http endpoint 2018-06-14 09:42:15 -07:00
Kyle Havlovitz de72834b8c
Move connect CA provider to separate package 2018-06-14 09:42:15 -07:00
Mitchell Hashimoto 4f3b5647e5
agent/cache: change uint8 to uint 2018-06-14 09:42:15 -07:00
Mitchell Hashimoto fc5508f8a3
agent/cache: string through attempt rather than storing on the entry 2018-06-14 09:42:15 -07:00
Mitchell Hashimoto cfcd733609
agent/cache: implement refresh backoff 2018-06-14 09:42:14 -07:00
Mitchell Hashimoto bc605a1576
agent/consul: change provider wait from goto to a loop 2018-06-14 09:42:14 -07:00
Mitchell Hashimoto c8b65217c3
agent/consul: check nil on getCAProvider result 2018-06-14 09:42:14 -07:00
Mitchell Hashimoto 9b3495dddb
agent/consul: retry reading provider a few times 2018-06-14 09:42:14 -07:00
Mitchell Hashimoto e54e69d11f
agent: verify local proxy tokens for CA leaf + tests 2018-06-14 09:42:14 -07:00
Mitchell Hashimoto a099c27b07
agent: verify proxy token for ProxyConfig endpoint + tests 2018-06-14 09:42:14 -07:00
Mitchell Hashimoto 6e386ba6be
agent/proxy: pass proxy ID as an env var 2018-06-14 09:42:13 -07:00
Mitchell Hashimoto 37dde6d64a
agent/config: add managed proxy upstreams config to skip 
agent/config will turn [{}] into {} (single element maps into a single
map) to work around HCL issues. These are resolved in HCL2 which I'm
sure Consul will switch to eventually.

This breaks the connect proxy configuration in service definition FILES
since we call this patch function. For now, let's just special-case skip
this. In the future we maybe Consul will adopt HCL2 and fix it, or we
can do something else if we want. This works and is tested.
 2018-06-14 09:42:13 -07:00
Mitchell Hashimoto 965a902474
agent/structs: validate service definitions, port required for proxy 2018-06-14 09:42:13 -07:00
Mitchell Hashimoto 9a62bce03b
agent/config: default connect enabled in dev mode 
This enables `consul agent -dev` to begin using Connect features with
the built-in CA. I think this is expected behavior since you can imagine
that new users would want to try.

There is no real downside since we're just using the built-in CA.
 2018-06-14 09:42:13 -07:00
Paul Banks d13be6b952
Make CSR work with jank domain 2018-06-14 09:42:13 -07:00
Mitchell Hashimoto de3f49a880
agent/proxy: delete pid file on Stop 2018-06-14 09:42:13 -07:00
Mitchell Hashimoto aaca1fbcf5
agent: increase timer for blocking cache endpoints 2018-06-14 09:42:12 -07:00
Mitchell Hashimoto b4ba31c61b
agent/proxy: address PR feedback 2018-06-14 09:42:12 -07:00
Mitchell Hashimoto f5e7993249
agent: clarify why we Kill still 2018-06-14 09:42:12 -07:00
Mitchell Hashimoto 2809203408
agent: restore proxy snapshot but still Kill proxies 2018-06-14 09:42:12 -07:00
Mitchell Hashimoto 718aabe35f
agent/proxy: check if process is alive in addition to Wait 2018-06-14 09:42:12 -07:00
Mitchell Hashimoto f5ccc65295
agent: only set the proxy manager data dir if its set 2018-06-14 09:42:12 -07:00
Mitchell Hashimoto 1a32435a4d
agent/proxy: improve comments on snapshotting 2018-06-14 09:42:12 -07:00
Mitchell Hashimoto e0bbe66427
agent/proxy: implement periodic snapshotting in the manager 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 13ff115436
agent/proxy: check if process is alive 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 0e8c0b7b48
agent/proxy: implement snapshotting for daemons 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto b7580f4fad
agent/proxy: manager configures the daemon pid path to write pids 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 1e7f253b53
agent/proxy: write pid file whenever the daemon process changes 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 09dcb0be98
agent/proxy: change LogDir to DataDir to reuse for other things 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 5e6bd8291c
agent/proxy: make the logs test a bit more robust by waiting for file 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto d00ff7cb58
agent/proxy: don't create the directory in newProxy 2018-06-14 09:42:11 -07:00
Mitchell Hashimoto 6cdacd1fd9
agent/proxy: send logs to the correct location for daemon proxies 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto ba00fa3548
agent: add additional tests for defaulting in AddProxy 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 171bf8d599
agent: clean up defaulting of proxy configuration 
This cleans up and unifies how proxy settings defaults are applied.
 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 3d3eee2f6e
agent: resolve some conflicts and fix tests 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto d9bd4ffebd
agent/local: clarify the non-risk of a full buffer 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 437689e83c
agent/local: remove outdated comment 2018-06-14 09:42:10 -07:00
Mitchell Hashimoto 6ae95d754c
agent: use os.Executable 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 39974df52a
agent/proxy: local state event coalescing 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto b0f377b519
agent/proxy: implement force kill of unresponsive proxy process 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 6539280f2a
agent: fix crash that could happen if proxy was nil on load 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 420edc4c1e
agent/proxy: pull exit status extraction to constrained file 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 1a2b28602c
agent: start proxy manager 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 7879e1d2ef
agent/proxy: detect config change to stop/start proxies 2018-06-14 09:42:09 -07:00
Mitchell Hashimoto 2d60684a8b
agent/proxy: test removing proxies and stopping them 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto fcd2ab2338
agent/proxy: manager and basic tests, not great coverage yet coming soon 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto 2bd39a84a6
agent/local: add Notify mechanism for proxy changes 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto 476ea7b04a
agent: start/stop proxies 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto fbfc6fce66
agent/proxy: clean up usage, can't be restarted 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto aaa2431350
agent: change connect command paths to be slices, not strings 
This matches other executable configuration and allows us to cleanly
separate executable from arguments without trying to emulate shell
parsing.
 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto 7355a614fe
agent/local: store proxy on local state, wip, not working yet 2018-06-14 09:42:08 -07:00
Mitchell Hashimoto ffd284de36
agent/proxy: exponential backoff on restarts 2018-06-14 09:42:07 -07:00
Mitchell Hashimoto aa08a4cb46
agent/proxy: Daemon works, tests cover it too 2018-06-14 09:42:07 -07:00
Mitchell Hashimoto e14fa850d8
wip 2018-06-14 09:42:07 -07:00
Paul Banks e0e12e165b
TLS watching integrated into Service with some basic tests. 
There are also a lot of small bug fixes found when testing lots of things end-to-end for the first time and some cleanup now it's integrated with real CA code.
 2018-06-14 09:42:07 -07:00
Paul Banks 90c574ebaa
Wire up agent leaf endpoint to cache framework to support blocking. 2018-06-14 09:42:07 -07:00
Kyle Havlovitz a4d18f0eaa
Fill out connect CA rpc endpoint tests 2018-06-14 09:42:06 -07:00
Kyle Havlovitz b081c34255
Fix config tests 2018-06-14 09:42:06 -07:00
Kyle Havlovitz cce7f1cca1
Add tests for the built in CA's state store table 2018-06-14 09:42:06 -07:00
Kyle Havlovitz 15fbc2fd97
Add more tests for built-in provider 2018-06-14 09:42:06 -07:00
Kyle Havlovitz edcfdb37af
Fix some inconsistencies around the CA provider code 2018-06-14 09:42:06 -07:00
Paul Banks 1b197d934a
Don't allow connect watches in agent/cli yet 2018-06-14 09:42:06 -07:00
Paul Banks e8c510332c
Support legacy watch.HandlerFunc type for backward compat reduces impact of change 2018-06-14 09:42:05 -07:00
Paul Banks cd88b2a351
Basic `watch` support for connect proxy config and certificate endpoints. 
- Includes some bug fixes for previous `api` work and `agent` that weren't tested
 - Needed somewhat pervasive changes to support hash based blocking - some TODOs left in our watch toolchain that will explicitly fail on hash-based watches.
 - Integration into `connect` is partially done here but still WIP
 2018-06-14 09:42:05 -07:00
Kyle Havlovitz daa8dd1779
Add CA config to connect section of agent config 2018-06-14 09:42:05 -07:00
Kyle Havlovitz 32d1eae28b
Move ConsulCAProviderConfig into structs package 2018-06-14 09:42:04 -07:00
Kyle Havlovitz 315b8bf594
Simplify the CAProvider.Sign method 2018-06-14 09:42:04 -07:00
Kyle Havlovitz c6e1b72ccb
Simplify the CA provider interface by moving some logic out 2018-06-14 09:42:04 -07:00
Kyle Havlovitz a325388939
Clarify some comments and names around CA bootstrapping 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto 8c1d5a2cdc
agent: resolve flaky test by checking cache hits increase, rather than 
exact
 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto 051f004683
agent: use helper/retry instead of timing related tests 2018-06-14 09:42:04 -07:00
Mitchell Hashimoto bd3b8e042a
agent/cache: address PR feedback, lots of typos 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 02b20a0353
agent/cache: address feedback, clarify comments 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto af1d70b026
agent/cache: don't every block on NotifyCh 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 724b829104
agent/cache: unit tests for ExpiryHeap, found a bug! 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 194b256861
agent/cache: send the total entries count on eviction to go-metrics 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto e0d964188c
agent/cache: make edge case with prev/next idx == 0 handled better 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 3b550d2b72
agent/cache: rework how expiry data is stored to be more efficient 2018-06-14 09:42:03 -07:00
Mitchell Hashimoto 595193a781
agent/cache: initial TTL work 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto 1df99514ca
agent/cache: send the RefreshTimeout into the backend fetch 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto db4c47df27
agent/cache: on error, return from Get immediately, don't block forever 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto cc2c98f961
agent/cache: lots of comment/doc updates 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto 6c01e402e0
agent: augment /v1/connect/authorize to cache intentions 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto 0f3f3d13ca
agent/cache-types: support intention match queries 2018-06-14 09:42:02 -07:00
Mitchell Hashimoto e1c1b8812a
agent/cache: return the error as part of Get 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 00e7ab3cd5
agent/cache: integrate go-metrics so the cache is debuggable 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 9f3dbf7b2a
agent/structs: DCSpecificRequest sets all the proper fields for 
CacheInfo
 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto be873d2558
agent/cache-types/ca-leaf: proper result for timeout, race on setting CA 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto fcb15e15ae
agent/cache: support timeouts for cache reads and empty fetch results 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto e81942df7a
agent/cache-types: rename to separate root and leaf cache types 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 8e7c517db1
agent/cache-types: got basic CA leaf caching work, major problems still 2018-06-14 09:42:01 -07:00
Mitchell Hashimoto 917a9e63d5
agent: check cache hit count to verify CA root caching, background update 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto 6902d721d6
agent: initialize the cache and cache the CA roots 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto c329b4cb34
agent/cache: partition by DC/ACL token 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto e3c1162881
agent/cache: Reorganize some files, RequestInfo struct, prepare for partitioning 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto b0db5657c4
agent/cache: ConnectCA roots caching type 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto 975be337a9
agent/cache: blank cache key means to always fetch 2018-06-14 09:42:00 -07:00
Mitchell Hashimoto 1cfb0f1922
agent/cache: initial kind-of working cache 2018-06-14 09:42:00 -07:00
Kyle Havlovitz 33418afd3c
Add cross-signing mechanism to root rotation 2018-06-14 09:42:00 -07:00
Kyle Havlovitz d83fbfc766
Add the root rotation mechanism to the CA config endpoint 2018-06-14 09:41:59 -07:00
Kyle Havlovitz f9d92d795e
Have the built in CA store its state in raft 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 30c1973e8b
Fix the testing endpoint's root set op 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 75f62e3117
Update the CA config endpoint to enable GETs 2018-06-14 09:41:59 -07:00
Kyle Havlovitz ab737ef0f8
Hook the CA RPC endpoint into the provider interface 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 1f6501895f
Add CA bootstrapping on establishing leadership 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 682f105c7c
Add the bootstrap config for the CA 2018-06-14 09:41:59 -07:00
Kyle Havlovitz 9fc33d2a62
Add the CA provider interface and built-in provider 2018-06-14 09:41:58 -07:00
Kyle Havlovitz 1787f88618
Add CA config set to fsm operations 2018-06-14 09:41:58 -07:00
Kyle Havlovitz 6b3416e480
Add the Connect CA config to the state store 2018-06-14 09:41:58 -07:00
Paul Banks 36dbd878c9
Adds `api` client code and tests for new Proxy Config endpoint, registering with proxy and seeing proxy config in /agent/services list. 2018-06-14 09:41:58 -07:00
Paul Banks 730da74369
Fix various test failures and vet warnings. 
Intention de-duplication in previously merged PR actualy failed some tests that were not caught be me or CI. I ran the test files for state changes but they happened not to trigger this case so I made sure they did first and then fixed. That fixed some upstream intention endpoint tests that I'd not run as part of testing the previous fix.
 2018-06-14 09:41:58 -07:00
Paul Banks 1e72ad66f5
Refactor localBlockingQuery to use memdb.WatchSet. Much simpler and correct as a bonus! 2018-06-14 09:41:58 -07:00
Paul Banks 8d09381b96
Super ugly hack to get TeamCity build to work for this PR without adding a vendor that is being added elsewhere and will conflict... 2018-06-14 09:41:58 -07:00
Paul Banks d73f079d0f
Add X-Consul-ContentHash header; implement removing all proxies; add load/unload test. 2018-06-14 09:41:57 -07:00
Paul Banks 2a69663448
Agent Connect Proxy config endpoint with hash-based blocking 2018-06-14 09:41:57 -07:00
Paul Banks 3e3f0e1f31
HTTP agent registration allows proxy to be defined. 2018-06-14 09:41:57 -07:00
Paul Banks e6071051cf
Added connect proxy config and local agent state setup on boot. 2018-06-14 09:41:57 -07:00
Paul Banks 88541bba17
Add tests all the way up through the endpoints to ensure duplicate src/destination is supported and so ultimately deny/allow nesting works. 
Also adds a sanity check test for `api.Agent().ConnectAuthorize()` and a fix for a trivial bug in it.
 2018-06-14 09:41:57 -07:00
Paul Banks ed9f07c361
Allow duplicate source or destination, but enforce uniqueness across all four. 2018-06-14 09:41:57 -07:00
Paul Banks 10db79c8ae
Rework connect/proxy and command/connect/proxy. End to end demo working again 2018-06-14 09:41:57 -07:00
Paul Banks 26e65f6bfd
connect.Service based implementation after review feedback. 2018-06-14 09:41:56 -07:00
Mitchell Hashimoto 95da20ffd7
agent: rename authorize param ClientID to ClientCertURI 2018-06-14 09:41:56 -07:00
Mitchell Hashimoto 6e57233913
agent: add TODO for verification 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto 5a47a53c70
acl: IntentionDefault => IntentionDefaultAllow 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto ac72a0c5fd
agent: ACL checks for authorize, default behavior 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto 6dc2db94ea
agent/structs: String format for Intention, used for logging 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto fb7bccc690
agent: bolster commenting for clearer understandability 2018-06-14 09:41:55 -07:00
Mitchell Hashimoto 9a987d6452
agent: default deny on connect authorize endpoint 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 86a8ce45b9
agent: /v1/agent/connect/authorize is functional, with tests 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 3ef0b93159
agent/connect: Authorize for CertURI 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 70d1d5bf06
agent: get rid of method checks since they're done in the http layer 2018-06-14 09:41:54 -07:00
Paul Banks 9309422fd9
Add Connect agent, catalog and health endpoints to api Client 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 845f7cd8ad
agent/consul/state: ensure exactly one active CA exists when setting 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto ffe4cdfc15
agent/connect: support any values in the URL 2018-06-14 09:41:54 -07:00
Mitchell Hashimoto 75bf0e1638
agent/connect: support SpiffeIDSigning 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto 17ca8ad083
agent/connect: rename SpiffeID to CertURI 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto 0cbcb07d61
agent/connect: use proper keyusage fields for CA and leaf 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto 73442ada5a
agent/connect: address PR feedback for the CA.go file 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto d28ee70a56
agent: implement an always-200 authorize endpoint 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto a54d1af421
agent/consul: encode issued cert serial number as hex encoded 2018-06-14 09:41:53 -07:00
Mitchell Hashimoto 4210003c86
agent/structs: hide some fields from JSON 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 63d674d07d
agent: /v1/connect/ca/configuration PUT for setting configuration 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 1c3dbc83ff
agent/consul/fsm,state: snapshot/restore for CA roots 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 90f423fd02
agent/consul/fsm,state: tests for CA root related changes 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 1c72639d60
agent/consul: set more fields on the issued cert 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto c2588262b7
agent: /v1/connect/ca/leaf/:service_id 2018-06-14 09:41:52 -07:00
Mitchell Hashimoto 571d9aa785
agent: CA root HTTP endpoints 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto e40afd6a73
agent/consul: CAS operations for setting the CA root 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 578db06600
agent/consul: tests for CA endpoints 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 891cd22ad9
agent/consul: key the public key of the CSR, verify in test 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto d768d5e9a7
agent/consul: test for ConnectCA.Sign 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto f4ec28bfe3
agent/consul: basic sign endpoint not tested yet 2018-06-14 09:41:51 -07:00
Mitchell Hashimoto 548ce190d5
agent/connect: package for agent-related Connect, parse SPIFFE IDs 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto 6d294b6bb4
agent/structs: json omit QueryMeta 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto e7536e5485
agent: /v1/connect/ca/roots 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto 5a950190f3
agent/consul: RPC endpoints to list roots 2018-06-14 09:41:50 -07:00
Mitchell Hashimoto 130098b7b5
agent/consul/state: CARoot structs and initial state store 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 4d852e62a3
agent: address PR feedback 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 22a0eb6c67
agent: commenting some tests 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 6313bc5615
agent: clarified a number of comments per PR feedback 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 353953fcd2
agent/consul: Health.ServiceNodes ACL check for Connect 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto b6c0cb7115
agent/consul: Catalog endpoint ACL requirements for Connect proxies 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 3b07686648
agent: remove ConnectProxyServiceName 2018-06-14 09:41:49 -07:00
Mitchell Hashimoto 2feef5f7a3
agent/consul: require name for proxies 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 714026dfb7
agent: validate service entry on register 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 125fb96ff1
agent/structs: tests for PartialClone and IsSame for proxy fields 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 9781cb1ace
agent/local: anti-entropy for connect proxy services 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 44ec8d94d2
agent: clean up connect/non-connect duplication by using shared methods 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 368137b81b
agent: /v1/health/connect/:service 2018-06-14 09:41:48 -07:00
Mitchell Hashimoto 7d79f9c46f
agent/consul: implement Health.ServiceNodes for Connect, DNS works 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto 406366c45b
agent: working DNS for Connect queries, I think, but have to 
implement Health endpoints to be sure
 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto fd33b76ec2
agent: /v1/catalog/connect/:service 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto e01914a025
agent/consul: Catalog.ServiceNodes supports Connect filtering 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto 2062e37270
agent/consul/state: ConnectServiceNodes 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto 7ed26e2c64
agent/consul: enforce ACL on ProxyDestination 2018-06-14 09:41:47 -07:00
Mitchell Hashimoto 0c0c0a58e7
agent/consul: proxy registration and tests 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 68107e9767
agent: /v1/agent/services test with connect proxies (works w/ no change) 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 4d4a8443e8
agent: test /v1/catalog/node/:node to list connect proxies 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 6e257ea51c
agent: /v1/catalog/service/:service works with proxies 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 63e4a35827
agent/consul/state: convert proxy test to testify/assert 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 21c6fc623a
agent/consul/state: service registration with proxy works 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto a621afe72c
agent/consul: convert intention ACLs to testify/assert 2018-06-14 09:41:46 -07:00
Mitchell Hashimoto 9dc8aa0fb3
agent/consul,structs: add tests for ACL filter and prefix for intentions 2018-06-14 09:41:45 -07:00
Mitchell Hashimoto 5ac649af7f
agent/consul: Intention.Match ACLs 2018-06-14 09:41:45 -07:00
Mitchell Hashimoto 4d87601bf4
agent/consul: Intention.Get ACLs 2018-06-14 09:41:45 -07:00
Mitchell Hashimoto 9bbbb73734
agent/consul: Intention.Apply ACL on rename 2018-06-14 09:41:45 -07:00
Mitchell Hashimoto 01b644e213
agent/consul: tests for ACLs on Intention.Apply update/delete 2018-06-14 09:41:45 -07:00
Mitchell Hashimoto a67ff1c0dc
agent/consul: Basic ACL on Intention.Apply 2018-06-14 09:41:44 -07:00
Mitchell Hashimoto 0719ff6905
agent: convert all intention tests to testify/assert 2018-06-14 09:41:44 -07:00
Mitchell Hashimoto 454ef7d106
agent/consul/fsm,state: snapshot/restore for intentions 2018-06-14 09:41:44 -07:00
Mitchell Hashimoto 80d068aaa4
agent: use UTC time for intention times, move empty list check to 
agent/consul
 2018-06-14 09:41:43 -07:00
Mitchell Hashimoto 370b2599a1
agent/consul/fsm: switch tests to use structs.TestIntention 2018-06-14 09:41:43 -07:00
Mitchell Hashimoto 97e2a73145
agent/consul/state: need to set Meta for intentions for tests 2018-06-14 09:41:43 -07:00
Mitchell Hashimoto ad42f42a17
agent/consul/state: remove TODO 2018-06-14 09:41:43 -07:00
Mitchell Hashimoto 70858598e4
agent: use testing intention to get valid intentions 2018-06-14 09:41:43 -07:00
Mitchell Hashimoto ab4ea3efb4
agent/consul: set default intention SourceType, validate it 2018-06-14 09:41:43 -07:00
Mitchell Hashimoto d92993f75b
agent/structs: Intention validation 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto 82a50245e0
agent/consul: support intention description, meta is non-nil 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto c12690b837
agent/consul/fsm: add tests for intention requests 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto a9743f4f15
agent,agent/consul: set default namespaces 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto 10c370c0fb
agent/consul: set CreatedAt, UpdatedAt on intentions 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto d57a3ca2af
agent: GET /v1/connect/intentions/match 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto 93de03fe8b
agent/consul: RPC endpoint for Intention.Match 2018-06-14 09:41:42 -07:00
Mitchell Hashimoto f93edadbbe
agent/consul/state: IntentionMatch for performing match resolution 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto 377479c01a
agent/structs: IntentionPrecedenceSorter for sorting based on precedence 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto dca483b4a2
agent: PUT /v1/connect/intentions/:id 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto faeb583162
agent: DELETE /v1/connect/intentions/:id 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto fb02e53536
agent/consul: test that Apply works to delete an intention 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto 4417f37ede
agent/consul/state,fsm: support for deleting intentions 2018-06-14 09:41:41 -07:00
Mitchell Hashimoto 1b44c1befa
agent/consul: creating intention must not have ID set 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto 771b1737e3
agent/consul: support updating intentions 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto 0d96cdc0a5
agent: GET /v1/connect/intentions/:id 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto 274bfdd864
agent: POST /v1/connect/intentions 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto 5a1fb35d6e
agent: GET /v1/connect/intentions endpoint 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto e8c4156f07
agent/consul: Intention.Get endpoint 2018-06-14 09:41:40 -07:00
Mitchell Hashimoto 9e307e178e
agent/consul: Intention.Apply, FSM methods, very little validation 2018-06-14 09:41:39 -07:00
Mitchell Hashimoto 212a272989
agent/consul: start Intention RPC endpoints, starting with List 2018-06-14 09:41:39 -07:00
Mitchell Hashimoto 9639bfb1be
agent/consul/state: list intentions 2018-06-14 09:41:39 -07:00
Mitchell Hashimoto cc8a6f7f15
agent/consul/state: initial work on intentions memdb table 2018-06-14 09:41:39 -07:00
Guido Iaquinti f7fe6c2a87 Attach server.Name label to client.rpc.failed 2018-06-13 14:56:14 +01:00
Guido Iaquinti 3d230dee80 Attach server.ID label to client.rpc.failed 2018-06-13 14:53:44 +01:00
Guido Iaquinti e85e63c18c Client: add metric for failed RPC calls to server 2018-06-13 12:35:45 +01:00
Matt Keeler 40e6d9c720 Fixup a weird merge problem 2018-06-11 16:27:39 -04:00
Matt Keeler 0df7cd22aa Add a Client ReloadConfig test 2018-06-11 16:23:51 -04:00
Matt Keeler 08e26d10b8 Merge branch 'master' of github.com:hashicorp/consul into rpc-limiting 
# Conflicts:
#	agent/agent.go
#	agent/consul/client.go
 2018-06-11 16:11:36 -04:00
Matt Keeler 65746b2f8f Apply the limits to the clients rpcLimiter 2018-06-11 15:51:17 -04:00
Matt Keeler 6cc0422408 Add configuration entry to control including TXT records for node meta in DNS responses 
If set to false, the only way to retrieve TXT records for node meta is to specifically query for TXT records.
 2018-06-11 11:49:04 -04:00
Pierre Souchay c83124a94c Removed labels from new ACL denied metrics 2018-06-08 11:56:46 +02:00
Pierre Souchay 064f8ad170 Removed consul prefix from metrics as requested by @kyhavlov 2018-06-08 11:51:50 +02:00
Matt Keeler 88a8c5e968
Merge pull request #4156 from hashicorp/enterprise-coexistence 
Enterprise/Licensing Cleanup
 2018-06-05 10:50:32 -04:00
Jack Pearkes aa1c993806
Merge pull request #4013 from sethvargo/sethvargo/user_agent 
Add a helper for generating Consul's user-agent string
 2018-06-01 09:13:38 -07:00
Matt Keeler 27fe219918
Merge pull request #4131 from pierresouchay/enable_full_dns_compression 
Enable full dns compression
 2018-06-01 10:42:03 -04:00
Matt Keeler 1fbe828c35 Add RunWithConfig and put Run signature back to normal 2018-05-31 20:22:14 -04:00
Matt Keeler 53fbe2b111 Update unit tests to reflect change to func signature 2018-05-31 17:20:16 -04:00
Matt Keeler 8e0e239e42 Allow passing in a config to the watch plan to use when creating the API client 
This allows watches from consul agent config (rather than consul watch command) to be able to utilize HTTPs
 2018-05-31 17:07:36 -04:00
Pierre Souchay fa37f262eb Fixed comments for max DNS records returned as requested by @mkeeler 2018-05-31 18:15:52 +02:00
Seth Vargo accb85a6a9
Use new discover and useragent libs 2018-05-25 15:52:05 -04:00
Matt Keeler b6e9abe926 Allow for easy enterprise/oss coexistence 
Uses struct/interface embedding with the embedded structs/interfaces being empty for oss. Also methods on the server/client types are defaulted to do nothing for OSS
 2018-05-24 10:36:42 -04:00
Matt Keeler 0d197c32dc Add BadRequestError handling 2018-05-24 10:34:01 -04:00
Wim 16ce8d9ed2 Add service reverse lookup tests 2018-05-21 22:59:21 +02:00
Wim d10e6d0292 Do reverse service lookup only if address doesn't match node 2018-05-21 22:27:41 +02:00
Wim 5c04864b28 Add support for reverse lookup of services 2018-05-19 19:39:02 +02:00
Pierre Souchay bb92420873 Test fix, trying to pass Travis tests 2018-05-16 14:10:35 +02:00
Pierre Souchay 486417a0fc Ensure to never send messages more than 64k 2018-05-16 12:47:35 +02:00
Pierre Souchay cfa5986df7 Fixed unit tests and updated limits 2018-05-16 12:11:49 +02:00
Pierre Souchay 6e80b6b127 Re-Enable compression while computing Len(), so we can send more answers 
This will fix https://github.com/hashicorp/consul/issues/4071
 2018-05-16 11:00:51 +02:00
Matt Keeler cfd09c88c6 Update bindata_assetfs for 1.1 2018-05-11 14:56:05 -04:00
Paul Banks 863ac12811
v1.1.0 UI Build 2018-05-11 17:05:20 +01:00
Paul Banks ff37194fc0
Go fmt cleanup 2018-05-11 17:05:19 +01:00
Preetha Appan ca67094619
Change default raft threshold config values and add a section to upgrade notes 2018-05-11 10:45:41 -05:00
Preetha Appan 3ff5fd6ec5
More docs and removed SnapShotInterval from raft timing struct stanza 2018-05-11 10:43:24 -05:00
Preetha Appan d721da7b67
Also make snapshot interval configurable 2018-05-11 10:43:24 -05:00
Preetha Appan ad09865562
fix spacing 2018-05-11 10:43:24 -05:00
Preetha Appan 66f31cd25a
Make raft snapshot commit threshold configurable 2018-05-11 10:43:24 -05:00
Kyle Havlovitz 876d251b95
Merge pull request #4108 from hashicorp/vendor-go-discover 
Update go-discover and add triton provider
 2018-05-10 17:29:00 -07:00
Kyle Havlovitz 48560848fc
Move cloud auto-join docs to a separate page and add Triton 2018-05-10 17:15:41 -07:00
Jack Pearkes 291e8b83ae
Merge pull request #4097 from hashicorp/remove-deprecated 
Remove deprecated check/service fields and metric names
 2018-05-10 15:45:49 -07:00
John Cowen e5eeb0aa7c
UI V2 (#4086) 
* Move settings to use the same service/route API as the rest of the app

* Put some ideas down for unit testing on adapters

* Favour `Model` over `Entity`

* Move away from using `reopen` to using Mixins

* Amend messages, comment/document some usage

* Make sure the returns are consistent in normalizePayload, also

Add some todo's in to remind me to think consider this further at a
later date. For example, is normalizePayload to be a hook or an
overridable method

* Start stripping back the HTML to semantics

* Use a variable rather than chaining

* Remove unused helpers

* Start picking through the new designs, start with listing pages

* First draft HTML for every page

* Making progress on the CSS

* Keep plugging away at the catalog css

* Looking at scrolling

* Wire up filtering

* Sort out filter counting, more or less done a few outstanding

* Start knocking the forms into shape

* Add in codemirror

* Keep moving forwards with the form like layouts

* Start looking at ACL editing page, add footer in

* Pull the filters back in, look at an autoresizer for scroll views

* First draft toggles

* 2nd draft healthcheck icons

* Tweak node healthcheck icons

* Looking at healthcheck detail icons

* Tweak the filter-bar and add selections to the in content tabs

* Add ACL create, pill-like acl type highlight

* Tweaking the main nav some more

* Working on the filter-bar and freetext-filter

* Masonry layout

* Stick with `checks` instead of healthy/unhealthy

* Fix up the filter numbers/counts

* Use the thead for a measure

* First draft tomography back in

* First draft DC dropdown

* Add a temporary create buttong to kv's

* Move KV and ACL to use a create page

* Move tags

* Run through old tests

* Injectable server

* Start adding test attributes

* Add some page objects

* More test attributes and pages

* Acl filter objects

* Add a page.. page object

* Clickable items in lists

* Add rest/spread babel plugin, remove mirage for now

* Add fix for ember-collection

* Keep track of acl filters

* ember-cli-page-object

* ember-test-selectors

* ui: update version of ui compile deps

* Update static assets

* Centralize radiogroup helper

* Rejig KV's and begin to clean it up

* Work around lack of Tags for the moment..

* Some little css tweaks and start to remove possibles

* Working on the dc page and incidentals

1. Sort the datacenter-picker list
2. Add a selected state to the datacenter-picker
3. Make dc an {Name: dc}
4. Add an env helper to get to 'env vars' from within templates

* Click outside stuff for the datacenter-picker, is-active on nav

* Make sure the dropdown CTA can be active

* Bump ember add pluralize helper

* Little try at sass based custom queries

* Rejig tablular collection so it deals with resizing, actions

1. WIP: start building actions dropdowns
2. Move tabular collection to deal with resizing to rule out differences

* First draft actions dropdowns

* Add ports, selectable IP's

* Flash messages, plus general cleanup/consistency

1. Add ember-cli-flash for flash messages
2. Move everything to get() instead of item.get
3. Spotted a few things that weren't consistent

* DOn't go lower than zero

* First draft vertical menu

* Missed a get, tweak dropmenu tick

* Big cleanup

1. this.get(), this.set() > get(), set()
2. assign > {...{}, ...{}}
3. Seperator > separator

* WIP: settings

* Moved things into a ui-v2 folder

* Decide on a way to do the settings page whilst maintaining the url + dc's

* Start some error pages

* Remove base64 polyfill

* Tie in settings, fix atob bug, tweak layout css

* Centralize confirmations into a component

* Allow switching between the old and new UI with the CONSUL_UI_BETA env var

Currently all the assets are packaged into a single AssetFS and a prefix is configured to switch between the two.

* Attempt at some updates to integrate the v2 ui build into the main infrastructure

* Add redirect to index.html for unknown paths

* Allow redictor to /index.html for new ui when using -ui-dir

* Take ACLs to the correct place on save

* First pass breadcrumbs

* Remove datacenter selector on the index page

* Tweak overall layout

* Make buttons 'resets'

* Tweak last DC stuff

* Validations plus kv keyname viewing tweaks

* Pull sessions back in

* Tweak the env vars to be more reusable

* Move isAnon to the view

* No items and disabled acl css

* ACL and KV details

1. Unauthorized page
2. Make sure the ACL is always selected when it needs it
3. Check record deletion with a changeset

* Few more acl tweaks/corrections

* Add no items view to node > services

* Tags for node > services

* Make sure we have tags

* Fix up the labels on the tomography graph

* Add node link (agent) to kv sessions

* Duplicate up `create` for KV 'root creation'

* Safety check for health checks

* Fix up the grids

* Truncate td a's, fix kv columns

* Watch for spaces in KV id's

* Move actions to their own mixins for now at least

* Link reset to settings incase I want to type it in

* Tweak error page

* Cleanup healthcheck icons in service listing

* Centralize errors and make getting back easier

* Nice numbers

* Compact buttons

* Some incidental css cleanups

* Use 'Key / Value' for root

* Tweak tomography layout

* Fix single healthcheck unhealthy resource

* Get loading screen ready

* Fix healthy healthcheck tick

* Everything in header starts white

* First draft loader

* Refactor the entire backend to use proper unique keys, plus..

1. Make unique keys form dc + slug (uid)
2. Fun with errors...

* Tweak header colors

* Add noopener noreferrer to external links

* Add supers to setupController

* Implement cloning, using ember-data...

* Move the more expensive down the switch order

* First draft empty record cleanup..

* Add the cusomt store test

* Temporarily use the htmlSafe prototype to remove the console warning

* Encode hashes in urls

* Go back to using title for errors for now

* Start removing unused bulma

* Lint

* WIP: Start looking at failing tests

* Remove single redirect test

* Finish off error message styling

* Add full ember-data cache invalidation to avoid stale data...

* Add uncolorable warning icons

* More info icon

* Rearrange single service, plus tag printing

* Logo

* No quotes

* Add a simple startup logo

* Tweak healthcheck statuses

* Fix border-color for healthchecks

* Tweak node tabs

* Catch 401 ACL errors and rethrow with the provided error message

* Remove old acl unauth and error routes

* Missed a super

* Make 'All' refer to number of checks, not services

* Remove ember-resizer, add autoprefixer

* Don't show tomography if its not worth it, viewify it more also

* Little model cleanup

* Chevrons

* Find a way to reliably set the class of html from the view

* Consistent html

* Make sure session id's are visible as long as possible

* Fix single service check count

* Add filters and searchs to the query string

* Don't remember the selected tab

* Change text

* Eror tweaking

* Use chevrons on all breadcrumbs even in kv's

* Clean up a file

* Tweak some messaging

* Makesure the footer overlays whats in the page

* Tweak KV errors

* Move json toggle over to the right

* feedback-dialog along with copy buttons

* Better confirmation dialogs

* Add git sha comment

* Same title as old UI

* Allow defaults

* Make sure value is a string

* WIP: Scrolling dropdowns/confirmations

* Add to kv's

* Remove set

* First pass trace

* Better table rows

* Pull over the hashi code editor styles

* Editor tweaks

* Responsive tabs

* Add number formatting to tomography

* Review whats left todo

* Lint

* Add a coordinate ember data triplet

* Bump in a v2.0.0

* Update old tests

* Get coverage working again

* Make sure query keys are also encoded

* Don't test console.error

* Unit test some more utils

* Tweak the size of the tabular collections

* Clean up gitignore

* Fix copy button rollovers

* Get healthcheck 'icon icons' onto the text baseline

* Tweak healthcheck padding and alignment

* Make sure commas kick in in rtt, probably never get to that

* Improve vertical menu

* Tweak dropdown active state to not have a bg

* Tweak paddings

* Search entire string not just 'startsWith'

* Button states

* Most buttons have 1px border

* More button tweaks

* You can only view kv folders

* CSS cleanup reduction

* Form input states and little cleanup

* More CSS reduction

* Sort checks by importance

* Fix click outside on datacenter picker

* Make sure table th's also auto calculate properly

* Make sure `json` isn't remembered in KV editing

* Fix recursive deletion in KV's

* Centralize size

* Catch updateRecord

* Don't double envode

* model > item consistency

* Action loading and ACL tweaks

* Add settings dependencies to acl tests

* Better loading

* utf-8 base64 encode/decode

* Don't hang off a prototype for htmlSafe

* Missing base64 files...

* Get atob/btoa polyfill right

* Shadowy rollovers

* Disabled button styling for primaries

* autofocuses only onload for now

* Fix footer centering

* Beginning of 'notices'

* Remove the isLocked disabling as we are letting you do what the API does

* Don't forget the documentation link for sessions

* Updates are more likely

* Use exported constant

* Dont export redirectFS and a few other PR updates

* Remove the old bootstrap config which was used for the old UI skin

* Use curlies for multiple properties
 2018-05-10 19:52:53 +01:00
Paul Banks 92c6fe0b1e
Make it work for WAN join too and add tests 2018-05-10 14:30:24 +01:00
Dominik Lekse ba9991a145
Added support for sockaddr templates in start-join and retry-join configuration 2018-05-10 14:08:41 +01:00
Kyle Havlovitz 75953273e2
Remove unused retry join structs from config 2018-05-08 16:25:34 -07:00
Kyle Havlovitz ba3971d2c1
Remove deprecated metric names 2018-05-08 16:23:15 -07:00
Kyle Havlovitz b73323aa42
Remove the script field from checks in favor of args 2018-05-08 15:31:53 -07:00
Paul Banks b7fa3358d1
Merge pull request #3970 from pierresouchay/node_health_should_change_service_index 
[BUGFIX] When a node level check is removed, ensure all services of node are notified
 2018-05-08 16:44:50 +01:00
Kyle Havlovitz cc214d45b6
Remove support for EnableTagOverride in config files 2018-05-07 16:19:13 -07:00
Kyle Havlovitz 6461087c25
Remove support for CheckID field in service check definitions 2018-05-07 16:15:08 -07:00
Dino Lukman d538b5666c Fix telemetry default prefix filter 
If telemetry metrics contain a hostname starting with
'consul', the metrics will be filtered out the same way
as the deprecated metrics.
 2018-05-02 16:56:29 +02:00
Jack Pearkes 733c0df0a0
Merge pull request #4021 from fomentia/master 
Close HTTP response in Agent test (HTTPAPI_MethodNotAllowed_OSS)
 2018-04-27 09:28:01 -07:00
Paul Banks c8db140ff7
Merge pull request #4047 from pierresouchay/added_missing_meta_in_service_definition 
[BUGFIX] Added Service Meta support in configuration files
 2018-04-25 13:08:53 +01:00
Pierre Souchay 303997ff55 Improved unit test (example close to actual value) 2018-04-24 23:15:27 +02:00
Paul Banks 4de68fcb4b
Merge pull request #4016 from pierresouchay/support_for_prometheus 
Support for prometheus for metrics endpoint
 2018-04-24 16:14:43 +01:00
Pierre Souchay eccc223480 Fixed Meta name for JSON + Added unit tests for HCL/JSON 2018-04-24 16:39:43 +02:00
Pierre Souchay 26388503e0 Removed Nanoseconds cast as requested by @banks 2018-04-24 16:30:10 +02:00
Pierre Souchay 62a68a008d Removed content negotiation of Prometheus as requested by @banks 2018-04-24 16:28:30 +02:00
Pierre Souchay c152cb7bdf Added Missing Service Meta synchronization and field 2018-04-21 17:34:29 +02:00
Pierre Souchay c715408c87 More Tests cases compression/no compression 2018-04-21 17:18:39 +02:00
Pierre Souchay 076ecf9712 Removed unecessary copy of Extra and index 2018-04-20 22:51:04 +02:00
Pierre Souchay 06a181955d Use safer stringVal() 2018-04-18 23:18:16 +02:00
Pierre Souchay 9bb15730a6 Added unit test on key length 2018-04-18 23:07:25 +02:00
Pierre Souchay 2f5e67534d Added unit tests for bad meta values 2018-04-18 22:57:33 +02:00
Pierre Souchay d2ab3deacf [BUGFIX] Added Service Meta support in configuration files 
Fixes https://github.com/hashicorp/consul/issues/4045

Was not added by mistake in https://github.com/hashicorp/consul/pull/3881
 2018-04-18 22:18:58 +02:00
Pierre Souchay 65d3a2b26e Fixed import 2018-04-18 17:09:25 +02:00
Pierre Souchay f13aa5ba9b Added labels to improve new metric 2018-04-18 16:51:22 +02:00
Pierre Souchay 89ab642928 Allow renaming nodes when ID is unchanged 2018-04-18 15:39:38 +02:00
Pierre Souchay 36827418b7 Improved unit tests debug info when it fails 2018-04-18 14:18:17 +02:00
Pierre Souchay 728c5308df Fixed sync of Extra in binarySearch 2018-04-18 14:17:44 +02:00
Pierre Souchay 9243daeb0e Run new test in parallel 2018-04-17 10:36:12 +02:00
Pierre Souchay d9a23bb2fa Track calls blocked by ACLs using metrics 2018-04-17 10:17:16 +02:00
Pierre Souchay 5b4905e11d More test cases + travis flacky 2018-04-17 09:42:08 +02:00
Pierre Souchay fadfb95e07 Added Unit tests + fixed boudary limit 2018-04-17 09:31:30 +02:00
Pierre Souchay c838376dfa Added comment for function dnsBinaryTruncate 2018-04-17 01:10:52 +02:00
Pierre Souchay 94c0bf978a Perform a binary search to find optimal size of DNS responses 
Will fix https://github.com/hashicorp/consul/issues/4036

Instead of removing one by one the entries, find the optimal
size using binary search.

For SRV records, with 5k nodes, duration of DNS lookups is
divided by 4 or more.
 2018-04-17 00:50:00 +02:00
Kyle Havlovitz 2a636275ad
Update static assets 2018-04-13 10:05:30 -07:00
Kyle Havlovitz af4be34a2a
Update make static-assets goal and run format 2018-04-13 09:57:25 -07:00
Matt Keeler d926679278
Merge pull request #4023 from hashicorp/f-near-ip 
Add near=_ip support for prepared queries
 2018-04-12 12:10:48 -04:00
Matt Keeler 0619efc254 GH-3798: More PR Updates 
Update docs a little
Update/add tests. Make sure all the various ways of determining the source IP work
Update X-Forwarded-For header parsing. This can be a comma separated list with the first element being the original IP so we now handle csv data there.
Got rid of error return from sourceAddrFromRequest
 2018-04-12 10:40:46 -04:00
Matt Keeler 136efeb3be GH-3798: A couple more PR updates 
Test HTTP/DNS source IP without header/extra EDNS data.
Add WARN log for when prepared query with near=_ip is executed without specifying the source ip
 2018-04-12 10:10:37 -04:00
Matt Keeler cec8d5145b GH-3798: A few more PR updates 2018-04-11 20:32:35 -04:00
Matt Keeler d065d3a6db GH-3798: Updates for PR 
Allow DNS peer IP as the source IP.
Break early when the right node was found for executing the preapred query.
Update docs
 2018-04-11 17:02:04 -04:00
Matt Keeler 283a7942c4 GH-3798: Wrap DNS request validation in a retry 2018-04-11 16:00:15 -04:00
Jack Pearkes 265359959b
Merge pull request #4015 from hashicorp/ui-service-tags 
api/ui: return tags on internal UI endpoints
 2018-04-11 12:02:19 -07:00
Matt Keeler 5794fa8837 GH-3798: Add DNS near=_ip test 2018-04-11 10:33:48 -04:00
Matt Keeler de403d6515 GH-3798: Add HTTP prepared query near=_ip test 
Also fixed an issue where we need to have the X-Forwarded-For header processed before the RemoteAddr. This shouldn’t have any functional difference for prod code but for mocked request objects it allows them to work.
 2018-04-10 15:35:54 -04:00
Matt Keeler 45a537def9 GH-3798: Add near=_ip support for prepared queries 2018-04-10 14:50:50 -04:00
Isaac Williams 01f5db46e8 Close HTTP response in Agent test (HTTPAPI_MethodNotAllowed_OSS) 2018-04-10 13:18:46 -04:00
Paul Banks 0d8993e338
Allow ignoring checks by ID when defining a PreparedQuery. Fixes #3727. 2018-04-10 14:04:16 +01:00
Pierre Souchay a680c8e91b Clearer documentation and comments for enabling Prometheus support 2018-04-09 13:16:45 +02:00
Pierre Souchay 27362320e8 Enable compression / automatic Mime-Type detection for Prometheus endpoint 2018-04-09 13:16:03 +02:00
Jared Wasinger 672a2a3577 agent: reload limits upon restart 2018-04-08 14:28:29 -07:00
Jared Wasinger 255492bb2d add unit tests: limits configuration should be reloadable 2018-04-08 03:57:01 -07:00
Matt Keeler 39c17084b6
Merge pull request #4006 from kjothen/patch-1 
Update check.go
 2018-04-06 12:57:52 -04:00
Pierre Souchay 93a01b0949 Now use prometheus_retention_time > 0 to enable prometheus support 2018-04-06 14:21:05 +02:00
Pierre Souchay fd98fb1449 Added support exposing metrics in Prometheus format 2018-04-06 09:18:06 +02:00
Jack Pearkes eb447f51e6 api/ui: return tags on internal UI endpoints 
This is to allow the UI to display tags in the services index pages
without needing to make additional queries.
 2018-04-05 12:28:57 -07:00
Matt Keeler 0d1d03c793
Merge pull request #3752 from yfouquet/issue_3687 
Add support for compression in http api
 2018-04-04 09:06:42 -04:00
Yoann 0f6e05d4c1 Add support for compression in http api 
The need has been spotted in issue https://github.com/hashicorp/consul/issues/3687.
Using "NYTimes/gziphandler", the http api responses can now be compressed if required.
The Go API requires compressed response if possible and handle the compressed response.
We here change only the http api (not the UI for instance).
 2018-04-03 22:33:13 +02:00
Preetha 2c931c92d4
Merge pull request #3998 from zte-opensource/wip-fix-shutdown 
minor fix for endpoints shutdown
 2018-04-03 12:22:54 -05:00
Kieran Othen e4b7465193
Update check.go 
Cosmetic fix to the agent's HTTP check function which always formats the result as "HTTP GET ...", ignoring any non-GET supplied HTTP method such as POST, PUT, etc.
 2018-03-31 16:44:35 +01:00
Matt Keeler 27899f9f46
Merge pull request #3948 from pierresouchay/fix_tcp_dns_limit 
[BUGFIX] do not break when TCP DNS answer exceeds 64k
 2018-03-30 16:25:23 -04:00
Preetha a67d27c756
Adds discovery_max_stale (#4004) 
Adds a new option to allow service discovery endpoints to return stale results if configured at the agent level.
 2018-03-30 10:14:44 -05:00
Preetha 1609b2c6b7
Merge pull request #3994 from hashicorp/f-rename-servicemeta 
Renames agent API layer for service metadata to "meta" for consistency
 2018-03-29 14:07:57 -05:00
runsisi b082c8d3ab minor fix for endpoints shutdown 
Signed-off-by: runsisi <runsisi@zte.com.cn>
 2018-03-29 21:45:46 +08:00
Matt Keeler ea6767d8bc
Merge pull request #3990 from hashicorp/b-gh-3854 
Warn when node name isnt a valid DNS label
 2018-03-29 09:04:47 -04:00
Preetha Appan c7581d68c6
Renames agent API layer for service metadata to "meta" for consistency 2018-03-28 09:04:50 -05:00
Preetha daa61c5803
Merge pull request #3881 from pierresouchay/service_metadata 
Feature Request: Support key-value attributes for services
 2018-03-27 16:33:57 -05:00
Preetha 3c96d64eaa
Merge pull request #3984 from hashicorp/f-allow-federation-disable 
Allows disabling WAN federation by setting serf WAN port to -1
 2018-03-27 16:05:53 -05:00
Matt Keeler ebc6f414ac Formatting update 2018-03-27 16:31:27 -04:00
Pierre Souchay 980189a33f Added validation of ServiceMeta in Catalog 
Fixed Error Message when ServiceMeta is not valid

Added Unit test for adding a Service with badly formatted ServiceMeta
 2018-03-27 22:22:42 +02:00
Preetha Appan 226cb2e95c
fix typo and remove comment 2018-03-27 14:28:05 -05:00
Matt Keeler 3facce6bfa GH-3854: Warn when node name isnt a valid DNS label 2018-03-27 15:00:33 -04:00
Preetha Appan 010a459365
Remove unnecessary nil checks 2018-03-27 10:59:42 -05:00
Preetha Appan 6c0bb5a810
Fix test and remove unused method 2018-03-27 09:44:41 -05:00
Preetha Appan d77ab91123
Allows disabling WAN federation by setting serf WAN port to -1 2018-03-26 14:21:06 -05:00
Pierre Souchay a9868ae956 Added support for renaming nodes when their IP does not change 2018-03-26 16:44:13 +02:00
Pierre Souchay 18baff80ae Merge remote-tracking branch 'origin/master' into node_health_should_change_service_index 2018-03-22 13:07:11 +01:00
Pierre Souchay 5fb1b18073 More test cases 2018-03-22 12:41:06 +01:00
Pierre Souchay 39a7b5c20d Added new test regarding checks index 2018-03-22 12:20:25 +01:00
Pierre Souchay dd9efb755a Fixed minor typo in comments 
Might fix unstable travis build
 2018-03-22 10:30:10 +01:00
Guido Iaquinti 8cd11d5888 Add package name to log output 2018-03-21 15:56:14 +00:00
Josh Soref 94835a2715 Spelling (#3958) 
* spelling: another

* spelling: autopilot

* spelling: beginning

* spelling: circonus

* spelling: default

* spelling: definition

* spelling: distance

* spelling: encountered

* spelling: enterprise

* spelling: expands

* spelling: exits

* spelling: formatting

* spelling: health

* spelling: hierarchy

* spelling: imposed

* spelling: independence

* spelling: inspect

* spelling: last

* spelling: latest

* spelling: client

* spelling: message

* spelling: minimum

* spelling: notify

* spelling: nonexistent

* spelling: operator

* spelling: payload

* spelling: preceded

* spelling: prepared

* spelling: programmatically

* spelling: required

* spelling: reconcile

* spelling: responses

* spelling: request

* spelling: response

* spelling: results

* spelling: retrieve

* spelling: service

* spelling: significantly

* spelling: specifies

* spelling: supported

* spelling: synchronization

* spelling: synchronous

* spelling: themselves

* spelling: unexpected

* spelling: validations

* spelling: value
 2018-03-19 16:56:00 +00:00
Paul Banks a8f7681c70
Merge pull request #3962 from canterberry/upgrade/tls-cipher-suites 
🔒 Update supported TLS cipher suites
 2018-03-19 16:44:33 +00:00
Pierre Souchay b6914617d9 Fixed typo in comments 2018-03-19 17:12:08 +01:00
Pierre Souchay 5e974843f1 Refactoring to have clearer code without weird bool 2018-03-19 16:12:54 +01:00
Pierre Souchay a44b9e84b1 [BUGFIX] When a node level check is removed, ensure all services of node are notified 
Bugfix for https://github.com/hashicorp/consul/pull/3899

When a node level check is removed (example: maintenance),
some watchers on services might have to recompute their state.

If those nodes are performing blocking queries, they have to be notified.
While their state was updated when node-level state did change or was added
this was not the case when the check was removed. This fixes it.
 2018-03-19 14:14:03 +01:00
Preetha Appan 2eed7766a8
cleanup unit test code a bit 2018-03-16 09:36:57 -05:00
Preetha c87699abf2
Merge pull request #3885 from eddsteel/support-options-requests 
Support OPTIONS requests
 2018-03-16 09:20:16 -05:00
Devin Canterberry 2187ab1e1c
🎨 Formatting changes only; convert leading space to tabs 2018-03-15 10:30:38 -07:00
Devin Canterberry 7236c95e11
Match expectation of TLSCipherSuites to values of tls_cipher_suites 2018-03-15 10:19:46 -07:00
Devin Canterberry a61abcd931
🐛 Formatting changes only; add missing trailing commas 2018-03-15 10:19:46 -07:00
Devin Canterberry c901307a47
🔒 Update supported TLS cipher suites 
The list of cipher suites included in this commit are consistent with
the values and precedence in the [Golang TLS documentation](https://golang.org/src/crypto/tls/cipher_suites.go).

> **Note:** Cipher suites with RC4 are still included within the list
> of accepted values for compatibility, but **these cipher suites are
> not safe to use** and should be deprecated with warnings and
> subsequently removed. Support for RC4 ciphers has already been
> removed or disabled by default in many prominent browsers and tools,
> including Golang.
>
> **References:**
>
>  * [RC4 on Wikipedia](https://en.wikipedia.org/wiki/RC4)
>  * [Mozilla Security Blog](https://blog.mozilla.org/security/2015/09/11/deprecating-the-rc4-cipher/)
 2018-03-15 10:19:46 -07:00
Pierre Souchay aebfcb6767 Fixed minor typo (+ travis tests is unstable) 2018-03-09 18:42:13 +01:00
Pierre Souchay 93fa1f6f49 Optimize size for SRV records, should improve performance a bit 
Stricter Unit tests that checks if truncation was OK.
 2018-03-09 18:25:29 +01:00
Preetha 210cfe5ef9
Merge pull request #3940 from pierresouchay/dns_max_size 
Allow to control the number of A/AAAA Record returned by DNS
 2018-03-09 07:35:32 -06:00
Pierre Souchay d0e45f22df Fixed wrong format of debug msg in unit test 2018-03-08 00:36:17 +01:00
Pierre Souchay ce3f47a75d Performance optimization for services having more than 2k records 2018-03-08 00:26:41 +01:00
Pierre Souchay 7d59249d96 Avoid issue with compression of DNS messages causing overflow 2018-03-07 23:33:41 +01:00
Pierre Souchay 419bf29041 Cleaner Unit tests from suggestions from @preetapan 2018-03-07 18:24:41 +01:00
Pierre Souchay b77fd5ce9d 64000 max limit to DNS messages since there is overhead 
Added debug log to give information about truncation.
 2018-03-07 16:14:41 +01:00
Pierre Souchay be39fb20cc [BUGFIX] do not break when TCP DNS answer exceeds 64k 
It will avoid having discovery broken when having large number
of instances of a service (works with SRV and A* records).

Fixes https://github.com/hashicorp/consul/issues/3850
 2018-03-07 10:08:06 +01:00
Mitchell Hashimoto 8217564c48
agent/consul/fsm: begin using testify/assert 2018-03-06 09:48:15 -08:00
Pierre Souchay 0b7f620dc6 Allow to control the number of A/AAAA Record returned by DNS 
This allows to have randomized resource records (i.e. each
answer contains only one IP, but the IP changes every request) for
A, AAAA records.

It will fix https://github.com/hashicorp/consul/issues/3355 and
https://github.com/hashicorp/consul/issues/3937

See https://github.com/hashicorp/consul/issues/3937#issuecomment-370610509
for details.

It basically add a new option called `a_record_limit` and will not
return more than a_record_limit when performing A, AAAA or ANY DNS
requests.

The existing `udp_answer_limit` option is still working but should
be considered as deprecated since it works only with DNS clients
not supporting EDNS.
 2018-03-06 02:07:42 +01:00
Edd Steel 41b1d45cc7
Re-use defined endpoints for tests 2018-03-03 11:19:18 -08:00
Paul Banks 9a47449c6d
Merge pull request #3899 from pierresouchay/fix_blocking_queries_index 
Services Indexes modified per service instead of using a global Index
 2018-03-02 16:24:43 +00:00
Pierre Souchay 360dc1dd8d Simplified error handling for maxIndexForService 
* added unit tests to ensure service index is properly garbage collected
* added Upgrade from Version 1.0.6 to higher section in documentation
 2018-03-01 14:09:36 +01:00
Paul Banks dbaabb1dbc
Fix test running in non-bash shells 2018-02-22 14:06:06 +00:00
Paul Banks 6da6e086ef
Merge pull request #3900 from hashicorp/fix-monitor-sigint-3891 
Fixes #3891: agent monitor no longer unresponsive before logs stream.
 2018-02-21 21:28:33 +00:00
Preetha Appan 80791d5b21
Remove extra newline 2018-02-21 13:21:47 -06:00
Preetha Appan 907b97b7f2
Unit test that calls revokeLeadership twice to make sure its idempotent 2018-02-21 12:48:53 -06:00
Preetha Appan f59abcc394
Make sure revokeLeadership is called if establishLeadership errors 2018-02-21 12:33:22 -06:00
Alex Dadgar 18bf9647d5 Test autopilots start/stop idempotency 2018-02-21 10:19:30 -08:00
Alex Dadgar 33c5afdb31 Improve autopilot shutdown to be idempotent 2018-02-20 15:51:59 -08:00
Pierre Souchay a8d3745104 Fixed comments for function maxIndexForService 2018-02-20 23:57:28 +01:00
Pierre Souchay 09351ba9a6 [Revert] Only update services if tags are different 
This patch did give some better results, but break watches on
the services of a node.

It is possible to apply the same optimization for nodes than
to services (one index per instance), but it would complicate
further the patch.

Let's do it in another PR.
 2018-02-20 23:34:42 +01:00
Pierre Souchay 60454b570a Only update services if tags are different 2018-02-20 23:08:04 +01:00
Pierre Souchay a05d38737c Enable Raft index optimization per service name on health endpoint 
Had to fix unit test in order to check properly indexes.
 2018-02-20 01:35:50 +01:00
Paul Banks de58eb1820
Fixes #3891: agent monitor no longer unresponsive before logs stream. 
The root cause is actually that the agent's streaming HTTP API didn't flush until the first log line was found which commonly was pretty soon since the default level is INFO. In cases where there were no logs immediately due to level for instance, the client gets stuck in the HTTP code waiting on a response packet from the server before we enter the loop that checks the shutdown channel from the signal handler.

This fix flushes the initial status immediately on the streaming endpoint which lets the client code get into it's expected state where it's listening for shutdown or log lines.
 2018-02-19 21:53:10 +00:00
Pierre Souchay 4f10fae3c3 Get only first service to test whether we have to cleanup index of a service 2018-02-19 22:44:49 +01:00
Pierre Souchay bac8fb046f Fixed comment about raftIndex + use test.Helper() 2018-02-19 19:30:25 +01:00
Pierre Souchay 73127ef407 Services Indexes modified per service instead of using a global Index 
This patch improves the watches for services on large cluster:
each service has now its own index, such watches on a specific service
are not modified by changes in the global catalog.

It should improve a lot the performance of tools such as consul-template
or libraries performing watches on very large clusters with many
services/watches.
 2018-02-19 18:29:22 +01:00
Edd Steel d0f0d67b4a
Clarify comments 2018-02-17 17:46:11 -08:00
Edd Steel f770f360e9 Test every endpoint for OPTIONS/MethodNotFound 2018-02-17 17:34:13 -08:00
Edd Steel c5f0bb3711 Allow endpoints to handle OPTIONS/MethodNotFound themselves 2018-02-17 17:34:03 -08:00
Edd Steel f5af8b0f03
Initialise `allowedMethods` in init() 2018-02-17 17:31:24 -08:00
Kyle Havlovitz 139b98a427
Fix the coordinate update endpoint not passing the ACL token 2018-02-15 11:58:02 -08:00
Edd Steel 77f19f7505
Support OPTIONS requests 
- register endpoints with supported methods
- support OPTIONS requests, indicating supported methods
- extract method validation (error 405) from individual endpoints
- on 405 where multiple methods are allowed, create a single Allow
  header with comma-separated values, not multiple Allow headers.
 2018-02-12 10:15:31 -08:00
Andrei Burd b608091014 adding human readability for dns requests debug log (#3751) 2018-02-11 09:02:28 -06:00
Pierre Souchay b259b1609c Merge remote-tracking branch 'origin/master' into service_metadata 2018-02-11 13:20:49 +01:00
Pierre Souchay 9a57dfd68a Fixed TestSanitize unit test 2018-02-11 12:11:11 +01:00
James Phillips 3724e49ddf
Fixes a panic on TCP-based DNS lookups. 
This came in via the monkey patch in #3861.

Fixes #3877
 2018-02-08 17:57:41 -08:00
Pierre Souchay 66fdf445e8 Added unit tests for structs and fixed PartialClone() 2018-02-09 01:37:45 +01:00
James Phillips c2a59f1e6c
Addresses additional state mutations. 
Did a sweep of 84d6ac2d51
and checked them all.
 2018-02-07 07:02:10 -08:00
James Phillips 1c6de1d623
Fixes all the racy output-side updates to tags. 2018-02-06 20:35:55 -08:00
James Phillips 11f6961e47
Adds a more robust unit test for index churn. 2018-02-06 20:35:38 -08:00
Pierre Souchay 80dde5465b Added support for Service Metadata 2018-02-07 01:54:42 +01:00
James Phillips d9a6e2a901
Makes server manager shift away from failed servers from Serf events. 
Because this code was doing pointer equality checks, it would work for
the case of a failed attempted RPC because the objects are from the
manager itself:

https://github.com/hashicorp/consul/blob/v1.0.3/agent/consul/rpc.go#L283-L302

But the pointer check would always fail for events coming in from the
Serf path because the server object is newly-created:

https://github.com/hashicorp/consul/blob/v1.0.3/agent/router/serf_adapter.go#L14-L40

This means that we didn't proactively shift RPC traffic away from a
failed server, we'd have to wait for an RPC to fail, which exposes
the error to the calling client.

By switching over to a name check vs. a pointer check we get the correct
behavior. We added a DEBUG log as well to help observe this behavior during
integrated testing.

Related to #3863 since the fix here needed the same logic duplicated, owing
to the complicated atomic stuff.

/cc @dadgar for a heads up in case this also affects Nomad.
 2018-02-05 17:56:00 -08:00
James Phillips fc155dac19
Adds a before/after test for #3845. 2018-02-05 16:18:29 -08:00
James Phillips 533f65b7a6
Merge pull request #3845 from 42wim/tagfix 
Fix service tags not added to health check. Part two
 2018-02-05 16:18:00 -08:00
Kyle Havlovitz f6ecaa4a1c
Add enterprise default config section 2018-02-05 13:33:59 -08:00
James Phillips e748c63fff
Merge pull request #3855 from hashicorp/pr-3782-slackpad 
Adds support for gRPC health checks.
 2018-02-02 17:57:27 -08:00
James Phillips 5f31c8d8d3
Changes "TLS" to "GRPCUseTLS" since it only applies to GRPC checks. 2018-02-02 17:29:34 -08:00
Wim ce771f1fb3 Fix service tags not added to health check. Part two 2018-01-29 20:32:44 +01:00