Commit Graph

17087 Commits (0fcdddcd46f901f651d933544f387fbd2d0bd0dd)

Author SHA1 Message Date
R.B. Boyer 8aebca5794
build: enforce protoc binary is the expected version (#12641) 2022-03-29 12:02:43 -05:00
Eric Haberkorn e5ed4fe493
Merge pull request #12639 from hashicorp/gogo-away
Remove the Rest of Gogo
2022-03-29 10:14:44 -04:00
Eric 76c65e873c code review changes 2022-03-29 09:36:34 -04:00
Eric 5f050614e5 remove the rest of gogo 2022-03-28 17:34:41 -04:00
Eric Haberkorn 9bc15e2f1a
Merge pull request #12638 from hashicorp/remove-gogo-from-acls
Remove gogo from ACL Protobufs
2022-03-28 16:52:13 -04:00
Michele Degges 535edfa247
[RelAPI Onboarding] Add release API metadata file (#12591) 2022-03-28 13:45:53 -07:00
Eric 02d8a11ff0 remove gogo from acl protobufs 2022-03-28 16:20:56 -04:00
R.B. Boyer 4676960b93
proto-gen-rpc-glue: support QueryMeta and QueryOptions (#12637) 2022-03-28 13:12:51 -05:00
R.B. Boyer dc023cb0dd
proto-gen-rpc-glue: use a shallow copy of proto/pbcommon instead of a consul dependency (#12634) 2022-03-28 10:08:41 -05:00
Connor 922619dfc3
Fix leaked Vault LifetimeRenewers (#12607)
* Fix leaked Vault LifetimeRenewers

When the Vault CA Provider is reconfigured we do not stop the
LifetimeRenewers which can cause them to leak until the Consul processes
recycles. On Configure execute stopWatcher if it exists and is not nil
before starting a new renewal

* Add jitter before restarting the LifetimeWatcher

If we fail to login to Vault or our token is no longer valid we can
overwhelm a Vault instance with many requests very quickly by restarting
the LifetimeWatcher. Before restarting the LifetimeWatcher provide a
backoff time of 1 second or less.

* Use a retry.Waiter instead of RandomStagger

* changelog

* gofmt'd

* Swap out bool for atomic.Unit32 in test

* Provide some extra clarification in comment and changelog
2022-03-28 09:58:16 -05:00
Chris S. Kim fb3a4a5db5
Merge pull request #12632 from hashicorp/kisunji-patch-1
Add example of goimports -local to contributing docs
2022-03-28 10:57:16 -04:00
R.B. Boyer 9736e33897
proto-gen-rpc-glue: fix behavior of renamed fields (#12633) 2022-03-28 09:40:56 -05:00
Chris S. Kim 1de2632684 Add example of goimports -local 2022-03-28 10:20:50 -04:00
Luke Kysow 633e510f23
Fix logic for website checker (#12627)
Workflow should run when no docs/cherry-pick label && no pr/docs-label
2022-03-25 18:40:51 -07:00
mrspanishviking 7da80ddbb4
Merge pull request #12595 from hashicorp/k8s-cli-install
docs: add link to k8s cli install page
2022-03-25 14:09:39 -07:00
R.B. Boyer 3d725a1762
regenerate rpc glue stubs in protobuf files using comments (#12625) 2022-03-25 15:55:40 -05:00
Luke Kysow c8cdebd9cc
Update consul-enterprise.mdx (#12622) 2022-03-25 13:00:14 -07:00
Mark Anderson 667fac8db1
Fixups for error messages from ACL Errors (#12620)
Fixups for error messages from ACL Errors

Alter error messages to be more verbose and explanatory, something like:

Permission denied: token with AccessorID '8a2d52a0-6b41-7077-8374-09d4fafa2d30 ' lacks permission 'service:read' on "foobar" on "foobar" in partition "foo" in namespace "bar"

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-25 12:34:59 -07:00
Eric Haberkorn fb7462c8dd
Merge pull request #12616 from hashicorp/more-gogo-removal
Assorted changes required to remove gogo
2022-03-25 11:48:43 -04:00
Eric 5cab213e81 assorted changes required to remove gogo 2022-03-25 09:55:36 -04:00
FFMMM c39854de78
fix bad oss sync, use gauges not counters (#12611) 2022-03-24 14:41:30 -07:00
Kyle Havlovitz 3b736d6a0c
Merge pull request #12596 from hashicorp/overview-endpoint
oss: Add overview UI internal endpoint
2022-03-24 14:27:54 -07:00
Mike Morris f8a2ae2606
agent: convert listener config to TLS types (#12522)
* tlsutil: initial implementation of types/TLSVersion

tlsutil: add test for parsing deprecated agent TLS version strings

tlsutil: return TLSVersionInvalid with error

tlsutil: start moving tlsutil cipher suite lookups over to types/tls

tlsutil: rename tlsLookup to ParseTLSVersion, add cipherSuiteLookup

agent: attempt to use types in runtime config

agent: implement b.tlsVersion validation in config builder

agent: fix tlsVersion nil check in builder

tlsutil: update to renamed ParseTLSVersion and goTLSVersions

tlsutil: fixup TestConfigurator_CommonTLSConfigTLSMinVersion

tlsutil: disable invalid config parsing tests

tlsutil: update tests

auto_config: lookup old config strings from base.TLSMinVersion

auto_config: update endpoint tests to use TLS types

agent: update runtime_test to use TLS types

agent: update TestRuntimeCinfig_Sanitize.golden

agent: update config runtime tests to expect TLS types

* website: update Consul agent tls_min_version values

* agent: fixup TLS parsing and compilation errors

* test: fixup lint issues in agent/config_runtime_test and tlsutil/config_test

* tlsutil: add CHACHA20_POLY1305 cipher suites to goTLSCipherSuites

* test: revert autoconfig tls min version fixtures to old format

* types: add TLSVersions public function

* agent: add warning for deprecated TLS version strings

* agent: move agent config specific logic from tlsutil.ParseTLSVersion into agent config builder

* tlsutil(BREAKING): change default TLS min version to TLS 1.2

* agent: move ParseCiphers logic from tlsutil into agent config builder

* tlsutil: remove unused CipherString function

* agent: fixup import for types package

* Revert "tlsutil: remove unused CipherString function"

This reverts commit 6ca7f6f58d.

* agent: fixup config builder and runtime tests

* tlsutil: fixup one remaining ListenerConfig -> ProtocolConfig

* test: move TLS cipher suites parsing test from tlsutil into agent config builder tests

* agent: remove parseCiphers helper from auto_config_endpoint_test

* test: remove unused imports from tlsutil

* agent: remove resolved FIXME comment

* tlsutil: remove TODO and FIXME in cipher suite validation

* agent: prevent setting inherited cipher suite config when TLS 1.3 is specified

* changelog: add entry for converting agent config to TLS types

* agent: remove FIXME in runtime test, this is covered in builder tests with invalid tls9 value now

* tlsutil: remove config tests for values checked at agent config builder boundary

* tlsutil: remove tls version check from loadProtocolConfig

* tlsutil: remove tests and TODOs for logic checked in TestBuilder_tlsVersion and TestBuilder_tlsCipherSuites

* website: update search link for supported Consul agent cipher suites

* website: apply review suggestions for tls_min_version description

* website: attempt to clean up markdown list formatting for tls_min_version

* website: moar linebreaks to fix tls_min_version formatting

* Revert "website: moar linebreaks to fix tls_min_version formatting"

This reverts commit 3858592742.

* autoconfig: translate old values for TLSMinVersion

* agent: rename var for translated value of deprecated TLS version value

* Update agent/config/deprecated.go

Co-authored-by: Dan Upton <daniel@floppy.co>

* agent: fix lint issue

* agent: fixup deprecated config test assertions for updated warning

Co-authored-by: Dan Upton <daniel@floppy.co>
2022-03-24 15:32:25 -04:00
Kyle Havlovitz a559de63dd Sort by partition/ns/servicename instead of the reverse 2022-03-24 12:16:05 -07:00
FFMMM ceee04f4c6
remove Telemetry.MergeDefaults (#12606)
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2022-03-24 10:37:04 -07:00
Riddhi Shah 63327f306a
Merge pull request #12610 from hashicorp/agentless-rpc-acl-support
[oss] ACL pkg updates to support Agentless RPCs
2022-03-24 20:28:14 +05:30
Riddhi Shah 95362cc5ea ACL pkg updates to support Agentless RPCs
For many of the new RPCs that will be added in Consul servers for Agentless work,
the ACL token will need to be authorized for service:write on any service in any namespace in any partition.

The ACL package updates are to make ServiceWriteAny related helpers available on the different authorizers.
2022-03-24 17:01:06 +05:30
FFMMM 26717b470a
[metrics][rpc]: add basic prefix filter test for new rpc metric (#12598)
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2022-03-23 13:29:12 -07:00
Kyle Havlovitz 0d9c99b227 Clean up ent meta id usage in overview summary 2022-03-23 12:47:12 -07:00
Eric Haberkorn d5c8284d18
Merge pull request #12603 from hashicorp/remove-gogo-pbservice
Remove gogo from pbservice
2022-03-23 15:35:05 -04:00
Jared Kirschner 9db69653e4
Merge pull request #12602 from hashicorp/jkirschner-hashicorp-patch-1
docs: make gossip threat model more visible
2022-03-23 14:54:17 -04:00
Luke Kysow f1745c25c5
Lkysow/docs updates 2 (#12604)
* Document intermediate_cert_ttl
2022-03-23 10:22:08 -07:00
Eric 776f5843d0 remove gogo from pbservice 2022-03-23 12:18:01 -04:00
Jared Kirschner 74b181018b
docs: make gossip threat model more visible 2022-03-23 11:46:56 -04:00
Eric Haberkorn e730fdcccc
Merge pull request #12600 from hashicorp/remove-gogo-pbconnect
Remove gogo pbconnect, pbconfig and pbautoconf
2022-03-23 10:17:30 -04:00
Eric 14530c7caa remove gogo pbconnect, pbconfig and pbautoconf 2022-03-23 09:25:56 -04:00
John Cowen 78a6b517f9
ui: Tile CSS component (#12570)
* ui: Tile CSS component

* ui: Consul ServerCard component (#12576)
2022-03-23 10:34:26 +00:00
Kyle Havlovitz be7ffe3a21
Merge pull request #12597 from hashicorp/ma/fix-bad-test
Fixup dropped SecretID usage
2022-03-22 23:41:45 -07:00
Mark Anderson 5590da2732 Fixup dropped SecretID usage
Looks like something got munged at some point. Not sure how it slipped in, but my best guess is that because TestTxn_Apply_ACLDeny is marked flaky we didn't block merge because it failed.

Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-03-22 21:20:03 -07:00
Kyle Havlovitz e530fbfb33 oss: Add overview UI internal endpoint 2022-03-22 17:05:09 -07:00
Karl Cardenas d6778f4e63
docs: removed the word page 2022-03-22 15:51:04 -07:00
Karl Cardenas b17b6a462a
docs: add link to k8s cli install page 2022-03-22 15:40:53 -07:00
Jared Kirschner 4f1bfeaf33
Merge pull request #12523 from Petenerd/patch-1
Update install.mdx
2022-03-22 16:43:06 -04:00
Dhia Ayachi 72a997242b
split `pbcommon` to `pbcommon` and `pbcommongogo` (#12587)
* mogify needed pbcommon structs

* mogify needed pbconnect structs

* fix compilation errors and make config_translate_test pass

* add missing file

* remove redundant oss func declaration

* fix EnterpriseMeta to copy the right data for enterprise

* rename pbcommon package to pbcommongogo

* regenerate proto and mog files

* add missing mog files

* add pbcommon package

* pbcommon no mog

* fix enterprise meta code generation

* fix enterprise meta code generation (pbcommongogo)

* fix mog generation for gogo

* use `protoc-go-inject-tag` to inject tags

* rename proto package

* pbcommon no mog

* use `protoc-go-inject-tag` to inject tags

* add non gogo proto to make file

* fix proto get
2022-03-22 16:30:00 -04:00
Dan Upton f8e2e3c710
streaming: emit events when Connect CA Roots change (#12590)
OSS sync of enterprise changes at 614f786d
2022-03-22 19:13:59 +00:00
FFMMM a7e5ee005a
factor out recording func, add unit tests (#12585)
Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>
2022-03-22 09:31:54 -07:00
Dan Upton 7298967070
Restructure gRPC server setup (#12586)
OSS sync of enterprise changes at 0b44395e
2022-03-22 12:40:24 +00:00
FFMMM e5ebc47a94
pre register new rpc metric, rename metric (#12582) 2022-03-21 17:26:32 -07:00
Michael Wilkerson 69c10dfcba
Merge pull request #12584 from hashicorp/fix-cts-http-addr-var
updated docs
2022-03-21 15:06:58 -07:00
Michael Wilkerson 8178c38d9b updated docs 2022-03-21 13:01:39 -07:00