Commit Graph

17072 Commits (1d817f683a4922756db44b991428cd5f582ea6ae)

Author SHA1 Message Date
mrspanishviking 3f4cf0e64a
Merge pull request #11997 from hashicorp/20sr20-patch-1
Adding texts in verify_leader metric
2022-01-10 15:59:20 -07:00
Sujata Roy c1db7de581
Update website/content/docs/agent/telemetry.mdx
Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-10 14:57:14 -08:00
mrspanishviking e7009f52af
Merge pull request #12007 from hashicorp/Amier3-patch-1-1
docs: clarify hcl/cli differences
2022-01-10 15:45:46 -07:00
Matt Keeler 7b5d52257e
Document Consul enterprise 1.10.0-1.10.4 forwards incompatibility with 1.11 (#11978)
Also fixed a broken link in the 1.10.x upgrade instructions.

Co-authored-by: mrspanishviking <kcardenas@hashicorp.com>
2022-01-10 17:18:40 -05:00
Amier Chery 47fc7e5ad9
Create options.mdx
Adding a small little note to the top of the 'command line options' section of this page following community feedback in #10628
2022-01-10 17:15:33 -05:00
Daniel Nephin 3b74497040 docs: move the ACL 'Authorization' section
This section was actually about authentication (not authorization).

We already have sections in our api and cli docs. This commit removes the section and replaces
it with a short paragraph in the Tokens section which links to the existing docs.
2022-01-10 17:10:39 -05:00
Matt Siegel 33933f8a33 Added ACL requirements for CLI commands 2022-01-10 16:44:56 -05:00
Jasmine W e94525c216 added screenshot of k8s service 2022-01-10 15:57:15 -05:00
Sujata Roy 1064333eb6
Adding texts in verify_leader metric
- Added description providing example case when the metric can go high
2022-01-10 12:01:27 -08:00
Jake Herschman 75f1c4007c updated based on feedback & testing searchability 2022-01-10 14:38:27 -05:00
Jasmine W 0d61d70e3b Adding UI screenshots to L7 overview 2022-01-10 14:34:00 -05:00
Chip Vaughn f3587417d0 Updating HTTP API endpoints with CLI equivalent links 2022-01-10 14:21:32 -05:00
Preetha 295ab0b3a5
Added HCL examples to service discovery page (#11989)
Improved HCL examples in the service discovery docs page
2022-01-10 13:12:42 -06:00
Daniel Nephin bebdfa22fa docs: improve ACL system introduction 2022-01-10 14:05:46 -05:00
Chris S. Kim 65f97e6305
Add LastErrorMessage to /acl/replication docs (#11990) 2022-01-10 13:42:57 -05:00
Karl Cardenas 205d687d07
added additonal example for failover within DC and unique namespace 2022-01-10 11:41:43 -07:00
mrspanishviking b844d68c4b
Apply suggestions from code review
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
2022-01-10 11:22:53 -07:00
mrspanishviking 506a423495
Merge pull request #11977 from hashicorp/boxofrad/kv-docs-examples
docs: kv doc improvements
2022-01-10 11:22:09 -07:00
Karl Cardenas 687f9340f7
removed empty {} 2022-01-10 10:51:00 -07:00
Karl Cardenas e992522c4c
added another example for DC and namespace failover 2022-01-10 10:45:54 -07:00
Matt Siegel bfb88306f6 Added Corresponding HTTP API Endpoints for every CLI command 2022-01-10 12:40:11 -05:00
Jake Herschman 26e5aa772f
Update website/content/docs/nia/compatibility.mdx
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2022-01-10 12:13:21 -05:00
Krastin Krastev d893c9261e adding JSON examples to /docs/connect/observability/ui-visualization 2022-01-10 17:47:51 +01:00
trujillo-adam 0ac96c7d23
Merge pull request #11930 from hashicorp/docs/admin-partition-updates-1.11.0-misc
added line about wildcard intentions not supported for admin partitions
2022-01-10 07:53:58 -08:00
Daniel Upton 0e5c1c349c Incorporate feedback from @jkirschner-hashicorp and @karl-cardenas-coding 2022-01-10 15:53:41 +00:00
Daniel Upton 8529a23e59 docs: clarify transaction usage and limitations in kv api docs 2022-01-10 13:59:43 +00:00
Daniel Upton 021537c837 docs: call out `kv export` and the transaction API 2022-01-10 13:51:35 +00:00
Daniel Upton 2dc05b4017 docs: improve kv get examples
- Split examples into sections with headers
- Hide the clipboard on examples as the copied text isn't useful
- Format inline flags as code using backticks
2022-01-10 13:40:24 +00:00
Daniel Upton ce55cb70b8 docs: call out `kv import` and the transaction API 2022-01-10 12:30:28 +00:00
Daniel Upton 8630f03130 docs: improve read/scanability of kv put examples
- Split examples into sections with headers
- Hide the clipboard on examples as the copied text isn't useful
- Add an example of supplying data in a heredoc
- Move the flags section to the bottom to clearly separate it from CAS
  which also mentions "flags" of a different kind
- Slight re-wording for clarity
2022-01-10 12:15:59 +00:00
Daniel Upton c9c34d0e76 docs: fix placement of warning in kv put example 2022-01-10 11:40:25 +00:00
Evan Culver 69ccad8b44
Add missing changelog entries (#11973)
Added missing entries from:
* 1.8.18
* 1.8.19
* 1.9.12
* 1.9.13
* 1.10.5
* 1.10.6
* 1.11.1
2022-01-07 20:23:46 -08:00
trujillo-adam d4f9a30927 applied feedback 2022-01-07 15:43:51 -08:00
trujillo-adam 994ef3dfb3
Update website/content/docs/connect/config-entries/mesh.mdx
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2022-01-07 14:20:43 -08:00
John Cowen d9a315e2a5
ui: Remove KV pre-flight auth check (#11968)
* ui: Don't even ask whether we are authorized for a KV...

...just let the actual API tell us in the response, thin-client style.

* Add some similar commenting for previous PRs related to this problem
2022-01-07 19:26:54 +00:00
John Cowen 6c240fbf2d
ui: Ensure service instance data does not get re-written on blocking refresh (#11903)
* Add some less fake API data

* Rename the models class so as to not be confused with JS Proxies

* Rearrange routlets slightly and add some initial outletFor tests

* Move away from a MeshChecks computed property and just use a helper

* Just use ServiceChecks for healthiness filtering for the moment

* Make TProxy cookie configurable

* Amend exposed paths and upstreams so they know about meta AND proxy

* Slight bit of TaggedAddresses refactor while I was checking for `meta` etc

* Document CONSUL_TPROXY_ENABLE
2022-01-07 19:16:21 +00:00
John Cowen adb0fa38d2
ui: [BUGFIX] Fixes an issue when editing intentions from the service > intentions sub tab (#11937)
We recently changed the intentions form to take a full model of a dc rather than just the string identifier (so {Name: 'dc', Primary: true} vs just 'dc' in order to know whether the DC is the primary or not.

Unfortunately, we only did this on the global intentions page not the per service intentions page. This makes it impossible to save an intention from the per service intention page (whilst you can still save intentions from the global intention page as normal).

The fix here pretty much copy/pastes the approach taken in the global intention edit template over to the per service intention edit template.

Tests have been added for creation in the per service intention section, which again are pretty much just copied from the global one, unfortunately this didn't exist previously which would have helped prevent this.
2022-01-07 19:09:40 +00:00
John Cowen 6bdb2c2216
ui: Upgrade AuthDialog (#11913)
- Move AuthDialog to use a Glimmer Component plus native named blocks/slots.
- Unravel the Auth* contextual components, there wasn't a lot of point having them as contextual components and now the AuthDialog (non-view-specific state machine component) can be used entirely separately from the view-specific components (AuthForm and AuthProfile).
- Move all the ACL related components that are in the main app chrome/navigation (our HashicorpConsul component) in our consul-acls sub package/module (which will eventually be loaded on demand only when ACLs are enabled)
2022-01-07 19:08:25 +00:00
Karl Cardenas 467ac0f333
save 2022-01-07 11:28:38 -07:00
John Cowen 1f8960d74b
ui: Fix dark borders on certain visualizations (#11959) 2022-01-07 16:15:22 +00:00
Daniel Nephin d57dec5878 ca: remove unnecessary var, and slightly reduce cyclo complexity
`newIntermediate` is always equal to `needsNewIntermediate`, so we can
remove the extra variable and use the original directly.

Also remove the `activeRoot.ID != newActiveRoot.ID` case from an if,
because that case is already checked above, and `needsNewIntermediate` will
already be true in that case.

This condition now reads a lot better:

> Persist a new root if we did not have one before, or if generated a new intermediate.
2022-01-06 16:56:49 -05:00
Daniel Nephin 0de7efb316 ca: remove unused provider.ActiveRoot call
In the previous commit the single use of this storedRoot was removed.

In this commit the original objective is completed. The
Provider.ActiveRoot is being removed because

1. the secondary should get the active root from the Consul primary DC,
   not the provider, so that secondary DCs do not need to communicate
   with a provider instance in a different DC.
2. so that the Provider.ActiveRoot interface can be changed without
   impacting other code paths.
2022-01-06 16:56:48 -05:00
Daniel Nephin d0578c6dfc ca: extract the lookup of the active primary CA
This method had only one caller, which always looked for the active
root. This commit moves the lookup into the method to reduce the logic
in the one caller.

This is being done in preparation for a larger change. Keeping this
separate so it is easier to see.

The `storedRootID != primaryRoots.ActiveRootID` is being removed because
these can never be different.

The `storedRootID` comes from `provider.ActiveRoot`, the
`primaryRoots.ActiveRootID` comes from the store `CARoot` from the
primary. In both cases the source of the data is the primary DC.

Technically they could be different if someone modified the provider
outside of Consul, but that would break many things, so is not a
supported flow.

If these were out of sync because of ordering of events then the
secondary will soon receive an update to `primaryRoots` and everything
will be sorted out again.
2022-01-06 16:56:48 -05:00
Daniel Nephin 7121c78d34 ca: update godoc
To clarify what to expect from the data stored in this field, and the
behaviour of this function.
2022-01-06 16:56:48 -05:00
Daniel Nephin abac8baa5d ca: remove one call to provider.ActiveRoot
ActiveRoot should not be called from the secondary DC, because there
should not be a requirement to run the same Vault instance in a
secondary DC. SignIntermediate is called in a secondary DC, so it should
not call ActiveRoot

We would also like to change the interface of ActiveRoot so that we can
support using an intermediate cert as the primary CA in Consul. In
preparation for making that change I am reducing the number of calls to
ActiveRoot, so that there are fewer code paths to modify when the
interface changes.

This change required a change to the mockCAServerDelegate we use in
tests. It was returning the RootCert for SignIntermediate, but that is
not an accurate fake of production. In production this would also be a
separate cert.
2022-01-06 16:55:50 -05:00
Daniel Nephin eaa084fd41 ca: remove redundant append of an intermediate cert
Immediately above this line we are already appending the full list of
intermediates. The `provider.ActiveIntermediate` MUST be in this list of
intermediates because it must be available to all the other non-leader
Servers.  If it was not in this list of intermediates then any proxy
that received data from a non-leader would have the wrong certs.

This is being removed now because we are planning on changing the
`Provider.ActiveIntermediate` interface, and removing these extra calls ahead of
time helps make that change easier.
2022-01-06 16:55:50 -05:00
Daniel Nephin 11f4cdaa49 ca: only generate a single private key for the whole test case
Using tracing and cpu profiling I found that the majority of the time in
these test cases is spent generating a private key. We really don't need
separate private keys, so we can generate only one and use it for all
cases.

With this change the test runs much faster.
2022-01-06 16:55:50 -05:00
Daniel Nephin b3ffe7ac72 ca: cleanup a test
Fix the name to match the function it is testing

Remove unused code

Fix the signature, instead of returning (error, string) which should be (string, error)
accept a testing.T to emit errors.

Handle the error from encode.
2022-01-06 16:55:49 -05:00
Daniel Nephin 1fd6b16399 ca: use the new leaf signing lookup func in leader metrics 2022-01-06 16:55:49 -05:00
Blake Covarrubias fdb5e22e25 docs: Redirect mesh-gateway page to new location
The mesh gateway docs at /docs/connect/gateways/mesh-gateway were
moved in #11859 to a new location in order to accommodate the addition
of separate instructions for using gateways with admin partitions.

This commit redirects the old mesh gateway page to its new location at
/connect/gateways/mesh-gateway/service-to-service-traffic-datacenters.
2022-01-06 13:35:11 -08:00