consul

Commit Graph

Author	SHA1	Message	Date
Daniel Nephin	8c575445da	telemetry: add a metric for agent TLS cert expiry	3 years ago
Dhia Ayachi	cfa9cf6d84	fix state index for `CAOpSetRootsAndConfig` op (#10675 ) * fix state index for `CAOpSetRootsAndConfig` op * add changelog * Update changelog Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * remove the change log as it's not needed Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	3 years ago
hc-github-team-consul-core	2f6c95011b	auto-updated agent/uiserver/bindata_assetfs.go from commit `8ad1ab9c0`	3 years ago
Evan Culver	710bd90ef7	checks: Add Interval and Timeout to API response (#10717 )	3 years ago
Daniel Nephin	8cf1aa1bda	acl: Remove the remaining authz == nil checks These checks were a bit more involved. They were previously skipping some code paths when the authorizer was nil. After looking through these it seems correct to remove the authz == nil check, since it will never evaluate to true.	3 years ago
Daniel Nephin	dc50b36b0f	acl: remove acl == nil checks	3 years ago
Daniel Nephin	4f1a36629a	acl: remove authz == nil checks These case are already impossible conditions, because most of these functions already start with a check for ACLs being disabled. So the code path being removed could never be reached. The one other case (ConnectAuthorized) was already changed in a previous commit. This commit removes an impossible branch because authz == nil can never be true.	3 years ago
Daniel Nephin	f497d5ab30	acl: remove many instances of authz == nil	3 years ago
Daniel Nephin	b8ae00c23b	agent: remove unused agent methods These methods are no longer used. Remove the methods, and update the tests to use actual method used by production code. Also removes the 'authz == nil' check is no longer a possible code path now that we are returning a non-nil acl.Authorizer when ACLs are disabled.	3 years ago
Daniel Nephin	9dd6d26d05	acl: remove rule == nil checks	3 years ago
hc-github-team-consul-core	323039dd06	auto-updated agent/uiserver/bindata_assetfs.go from commit `2ee501be8`	3 years ago
Daniel Nephin	97fed47708	Merge pull request #10632 from hashicorp/pairing/acl-authorizer-when-acl-disabled acls: Update ACL authorizer to return meaningful permission when ACLs are disabled	3 years ago
Evan Culver	727b81a757	Fix intention endpoint test	3 years ago
Daniel Nephin	84fac3ce0e	acl: use acl.ManangeAll when ACLs are disabled Instead of returning nil and checking for nilness Removes a bunch of nil checks, and fixes one test failures.	3 years ago
Blake Covarrubias	11f1f3fe34	Add OSS changes for specifying audit log permission mode	3 years ago
Daniel Nephin	d2b58cd0d6	Merge pull request #10707 from hashicorp/dnephin/streaming-setup-default-timeout streaming: set default query timeout	3 years ago
Daniel Nephin	242b3a2dc5	streaming: set a default timeout The blocking query backend sets the default value on the server side. The streaming backend does not using blocking queries, so we must set the timeout on the client.	3 years ago
hc-github-team-consul-core	9c33505aef	auto-updated agent/uiserver/bindata_assetfs.go from commit `eb5512fb7`	3 years ago
Chris S. Kim	9c3af1a429	sync enterprise files with oss (#10705 )	3 years ago
Daniel Nephin	8cfbc8e7c9	http: don't log an error if the request is cancelled Now that we have at least one endpoint that uses context for cancellation we can encounter this scenario where the returned error is a context.Cancelled or context.DeadlineExceeded. If the request.Context().Err() is not nil, then we know the request itself was cancelled, so we can log a different message at Info level, instad of the error.	3 years ago
Daniel Nephin	a0b114968e	Merge pull request #10399 from hashicorp/dnephin/debug-stream-metrics debug: use the new metrics stream in debug command	3 years ago
Daniel Nephin	e58a074bde	http: add tests for AgentMetricsStream	3 years ago
Daniel Nephin	beea1c2218	http: emit indented JSON in the metrics stream endpoint To remove the need to decode and re-encode in the CLI	3 years ago
Daniel Nephin	c3149ec0fd	debug: use the new metrics stream in debug command	3 years ago
Freddy	ff9700b068	Reset root prune interval after TestLeader_CARootPruning completes #10645 Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	3 years ago
Chris S. Kim	91c90a672a	agent: update proxy upstreams to inherit namespace from service (#10688 )	3 years ago
Freddy	19f6e1ca31	Log the correlation ID when blocking queries fire (#10689 ) Knowing that blocking queries are firing does not provide much information on its own. If we know the correlation IDs we can piece together which parts of the snapshot have been populated. Some of these responses might be empty from the blocking query timing out. But if they're returning quickly I think we can reasonably assume they contain data.	3 years ago
R.B. Boyer	3343c7cb3a	state: refactor some node/coordinate state store functions to take an EnterpriseMeta (#10687 ) Note the field is not used yet.	3 years ago
R.B. Boyer	96b97d6554	replumbing a bunch of api and agent structs for partitions (#10681 )	3 years ago
R.B. Boyer	fc9b1a277d	sync changes to oss files made in enterprise (#10670 )	3 years ago
R.B. Boyer	188e8dc51f	agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669 )	3 years ago
Dhia Ayachi	c6859b3fb0	config raft apply silent error (#10657 ) * return an error when the index is not valid * check response as bool when applying `CAOpSetConfig` * remove check for bool response * fix error message and add check to test * fix comment * add changelog	3 years ago
Freddy	cf4821885d	Avoid panic on concurrent writes to cached service config map (#10647 ) If multiple instances of a service are co-located on the same node then their proxies will all share a cache entry for their resolved service configuration. This is because the cache key contains the name of the watched service but does not take into account the ID of the watching proxies. This means that there will be multiple agent service manager watches that can wake up on the same cache update. These watchers then concurrently modify the value in the cache when merging the resolved config into the local proxy definitions. To avoid this concurrent map write we will only delete the key from opaque config in the local proxy definition after the merge, rather than from the cached value before the merge.	3 years ago
hc-github-team-consul-core	139717d3f8	auto-updated agent/uiserver/bindata_assetfs.go from commit `1eb7a83ee`	3 years ago
Blake Covarrubias	a0cd3dd88e	Add DNS recursor strategy option (#10611 ) This change adds a new `dns_config.recursor_strategy` option which controls how Consul queries DNS resolvers listed in the `recursors` config option. The supported options are `sequential` (default), and `random`. Closes #8807 Co-authored-by: Blake Covarrubias <blake@covarrubi.as> Co-authored-by: Priyanka Sengupta <psengupta@flatiron.com>	3 years ago
Daniel Nephin	499250cbf1	Merge pull request #10396 from hashicorp/dnephin/fix-more-data-races Fix some data races	3 years ago
Daniel Nephin	1c8ac9cd4b	Merge pull request #10009 from hashicorp/dnephin/trim-dns-response-with-edns dns: properly trim response when EDNS is used	3 years ago
Daniel Nephin	a77575e93e	acl: use SetHash consistently in testPolicyForID A previous commit used SetHash on two of the cases to fix a data race. This commit applies that change to all cases. Using SetHash in this test helper should ensure that the test helper behaves closer to production.	3 years ago
Daniel Nephin	4bf58d8e6a	dns: improve naming of error to match DNS terminology Co-authored-by: Blake Covarrubias <blake@covarrubi.as>	3 years ago
Dhia Ayachi	f0cd1441a9	fix truncate when NS is set Also: fix test to catch the issue	3 years ago
Evan Culver	0527dcff57	acls: Show `AuthMethodNamespace` when reading/listing ACL token meta (#10598 )	3 years ago
Daniel Nephin	bb675139c1	Merge pull request #10567 from hashicorp/dnephin/config-unexport-build config: unexport the remaining builder methods	3 years ago
Freddy	12b7e07d5c	Merge pull request #10621 from hashicorp/vuln/validate-sans	3 years ago
Daniel Nephin	bb7fb21004	Fix godoc comment Co-authored-by: Freddy <freddygv@users.noreply.github.com>	3 years ago
R.B. Boyer	20feb42d3a	xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619 )	3 years ago
hc-github-team-consul-core	58807668bd	auto-updated agent/uiserver/bindata_assetfs.go from commit `0762da3a6`	3 years ago
Giulio Micheloni	814ef6b103	acl: fix error type into a string type for serialization issue acl_endpoint_test.go:507: Error Trace: acl_endpoint_test.go:507 retry.go:148 retry.go:149 retry.go:103 acl_endpoint_test.go:504 Error: Received unexpected error: codec.decoder: decodeValue: Cannot decode non-nil codec value into nil error (1 methods) Test: TestACLEndpoint_ReplicationStatus	3 years ago
freddygv	b4c5c58c9b	Add TODOs about partition handling	3 years ago
freddygv	5a82656510	Update golden files	3 years ago
freddygv	47da00d3c7	Validate SANs for passthrough clusters and failovers	3 years ago
freddygv	5454147c09	Update golden files to account for SAN validation	3 years ago
freddygv	a6d3fe90b1	Validate Subject Alternative Name for upstreams These changes ensure that the identity of services dialed is cryptographically verified. For all upstreams we validate against SPIFFE IDs in the format used by Consul's service mesh: spiffe://<trust-domain>/ns/<namespace>/dc/<datacenter>/svc/<service>	3 years ago
Daniel Nephin	fa47c04065	Fix a data race in TestACLResolver_Client By setting the hash when we create the policy. ``` WARNING: DATA RACE Read at 0x00c0028b4b10 by goroutine 1182: github.com/hashicorp/consul/agent/structs.(ACLPolicy).SetHash() /home/daniel/pers/code/consul/agent/structs/acl.go:701 +0x40d github.com/hashicorp/consul/agent/structs.ACLPolicies.resolveWithCache() /home/daniel/pers/code/consul/agent/structs/acl.go:779 +0xfe github.com/hashicorp/consul/agent/structs.ACLPolicies.Compile() /home/daniel/pers/code/consul/agent/structs/acl.go:809 +0xf1 github.com/hashicorp/consul/agent/consul.(ACLResolver).ResolveTokenToIdentityAndAuthorizer() /home/daniel/pers/code/consul/agent/consul/acl.go:1226 +0x6ef github.com/hashicorp/consul/agent/consul.resolveTokenAsync() /home/daniel/pers/code/consul/agent/consul/acl_test.go:66 +0x5c Previous write at 0x00c0028b4b10 by goroutine 1509: github.com/hashicorp/consul/agent/structs.(ACLPolicy).SetHash() /home/daniel/pers/code/consul/agent/structs/acl.go:730 +0x3a8 github.com/hashicorp/consul/agent/structs.ACLPolicies.resolveWithCache() /home/daniel/pers/code/consul/agent/structs/acl.go:779 +0xfe github.com/hashicorp/consul/agent/structs.ACLPolicies.Compile() /home/daniel/pers/code/consul/agent/structs/acl.go:809 +0xf1 github.com/hashicorp/consul/agent/consul.(ACLResolver).ResolveTokenToIdentityAndAuthorizer() /home/daniel/pers/code/consul/agent/consul/acl.go:1226 +0x6ef github.com/hashicorp/consul/agent/consul.resolveTokenAsync() /home/daniel/pers/code/consul/agent/consul/acl_test.go:66 +0x5c Goroutine 1182 (running) created at: github.com/hashicorp/consul/agent/consul.TestACLResolver_Client.func4() /home/daniel/pers/code/consul/agent/consul/acl_test.go:1669 +0x459 testing.tRunner() /usr/lib/go/src/testing/testing.go:1193 +0x202 Goroutine 1509 (running) created at: github.com/hashicorp/consul/agent/consul.TestACLResolver_Client.func4() /home/daniel/pers/code/consul/agent/consul/acl_test.go:1668 +0x415 testing.tRunner() /usr/lib/go/src/testing/testing.go:1193 +0x202 ```	3 years ago
Daniel Nephin	a0ca381037	agent: remove deprecated call in a test	3 years ago
Daniel Nephin	678014de1d	agent: fix a data race in a test The test was modifying a pointer to a struct that had been passed to another goroutine. Instead create a new struct to modify. ``` WARNING: DATA RACE Write at 0x00c01407c3c0 by goroutine 832: github.com/hashicorp/consul/agent.TestServiceManager_PersistService_API() /home/daniel/pers/code/consul/agent/service_manager_test.go:446 +0x1d86 testing.tRunner() /usr/lib/go/src/testing/testing.go:1193 +0x202 Previous read at 0x00c01407c3c0 by goroutine 938: reflect.typedmemmove() /usr/lib/go/src/runtime/mbarrier.go:177 +0x0 reflect.Value.Set() /usr/lib/go/src/reflect/value.go:1569 +0x13b github.com/mitchellh/copystructure.(walker).Primitive() /home/daniel/go/pkg/mod/github.com/mitchellh/copystructure@v1.0.0/copystructure.go:289 +0x190 github.com/mitchellh/reflectwalk.walkPrimitive() /home/daniel/go/pkg/mod/github.com/mitchellh/reflectwalk@v1.0.1/reflectwalk.go:252 +0x31b github.com/mitchellh/reflectwalk.walk() /home/daniel/go/pkg/mod/github.com/mitchellh/reflectwalk@v1.0.1/reflectwalk.go:179 +0x24d github.com/mitchellh/reflectwalk.walkStruct() /home/daniel/go/pkg/mod/github.com/mitchellh/reflectwalk@v1.0.1/reflectwalk.go:386 +0x4ec github.com/mitchellh/reflectwalk.walk() /home/daniel/go/pkg/mod/github.com/mitchellh/reflectwalk@v1.0.1/reflectwalk.go:188 +0x656 github.com/mitchellh/reflectwalk.walkStruct() /home/daniel/go/pkg/mod/github.com/mitchellh/reflectwalk@v1.0.1/reflectwalk.go:386 +0x4ec github.com/mitchellh/reflectwalk.walk() /home/daniel/go/pkg/mod/github.com/mitchellh/reflectwalk@v1.0.1/reflectwalk.go:188 +0x656 github.com/mitchellh/reflectwalk.Walk() /home/daniel/go/pkg/mod/github.com/mitchellh/reflectwalk@v1.0.1/reflectwalk.go:92 +0x164 github.com/mitchellh/copystructure.Config.Copy() /home/daniel/go/pkg/mod/github.com/mitchellh/copystructure@v1.0.0/copystructure.go:69 +0xe7 github.com/mitchellh/copystructure.Copy() /home/daniel/go/pkg/mod/github.com/mitchellh/copystructure@v1.0.0/copystructure.go:13 +0x84 github.com/hashicorp/consul/agent.mergeServiceConfig() /home/daniel/pers/code/consul/agent/service_manager.go:362 +0x56 github.com/hashicorp/consul/agent.(serviceConfigWatch).handleUpdate() /home/daniel/pers/code/consul/agent/service_manager.go:279 +0x250 github.com/hashicorp/consul/agent.(serviceConfigWatch).runWatch() /home/daniel/pers/code/consul/agent/service_manager.go:246 +0x2d4 Goroutine 832 (running) created at: testing.(T).Run() /usr/lib/go/src/testing/testing.go:1238 +0x5d7 testing.runTests.func1() /usr/lib/go/src/testing/testing.go:1511 +0xa6 testing.tRunner() /usr/lib/go/src/testing/testing.go:1193 +0x202 testing.runTests() /usr/lib/go/src/testing/testing.go:1509 +0x612 testing.(M).Run() /usr/lib/go/src/testing/testing.go:1417 +0x3b3 main.main() _testmain.go:1181 +0x236 Goroutine 938 (running) created at: github.com/hashicorp/consul/agent.(serviceConfigWatch).start() /home/daniel/pers/code/consul/agent/service_manager.go:223 +0x4e4 github.com/hashicorp/consul/agent.(ServiceManager).AddService() /home/daniel/pers/code/consul/agent/service_manager.go:98 +0x344 github.com/hashicorp/consul/agent.(Agent).addServiceLocked() /home/daniel/pers/code/consul/agent/agent.go:1942 +0x2e4 github.com/hashicorp/consul/agent.(*Agent).AddService() /home/daniel/pers/code/consul/agent/agent.go:1929 +0x337 github.com/hashicorp/consul/agent.TestServiceManager_PersistService_API() /home/daniel/pers/code/consul/agent/service_manager_test.go:400 +0x17c4 testing.tRunner() /usr/lib/go/src/testing/testing.go:1193 +0x202 ```	3 years ago
Daniel Nephin	0acfc2c65b	agent: fix a data race in DNS tests The dnsConfig pulled from the atomic.Value is a pointer, so modifying it in place creates a data race. Use the exported ReloadConfig interface instead.	3 years ago
Daniel Nephin	970f5d78ec	agent: fix two data race in agent tests The LogOutput io.Writer used by TestAgent must allow concurrent reads and writes, and a bytes.Buffer does not allow this. The bytes.Buffer must be wrapped with a lock to make this safe.	3 years ago
Daniel Nephin	baa2b8628e	consul: fix data race in leader CA tests Some global variables are patched to shorter values in these tests. But the goroutines that read them can outlive the test because nothing waited for them to exit. This commit adds a Wait() method to the routine manager, so that tests can wait for the goroutines to exit. This prevents the data race because the 'reset to original value' can happen after all other goroutines have stopped.	3 years ago
Daniel Nephin	204bf2b345	dns: correct rcode for qtype not supported A previous commit started using QueryRefuced, but that is not correct. QueryRefuced refers to the OpCode, not the query type. Instead use errNoAnswer because we have no records for that query type.	3 years ago
Dhia Ayachi	ad2065f2aa	Check response len do not exceed max Buffer size	3 years ago
Dhia Ayachi	f8f2756967	add missing test for truncate	3 years ago
Daniel Nephin	d116bda958	dns: remove network parameter from two funcs Now that trimDNSResponse is handled by the caller we don't need to pass this value around. We can remove it from both the serviceLookup struct, and two functions.	3 years ago
Daniel Nephin	42f7963252	dns: trim response immediately before the write Previously the response was being trimmed before adding the EDNS values, which could cause it to exceed the max size.	3 years ago
Daniel Nephin	436a02af31	dns: handle errors from dispatch	3 years ago
Daniel Nephin	9267b09c32	dns: error response from dispatch So that dispatch can communicate status back to the caller.	3 years ago
Daniel Nephin	68d6f1315f	dns: refactor dispatch to use an explicit return in each case In preparation for changing the return value, so that SOA, eDNS trimming and 'not found' errors can be handled in a single place.	3 years ago
Daniel Nephin	b96c8195a5	dns: small refactor to setEDNS to return early Using a guard clause instead of a long nested if. The diff is best viewed with whitespace turned off.	3 years ago
Daniel Nephin	4beff900d1	dns: remove unused method It was added in `5934f803bf` but it was never used.	3 years ago
Daniel Nephin	f31aa12cf1	dns: remove unnecessary function wrapping The dispatch function was called from a single place and did nothing but add a default value. Removing it makes code easier to trace by removing an unnecessary hop.	3 years ago
Kyle Havlovitz	77a2f38677	http: add partition query param parsing	3 years ago
hc-github-team-consul-core	1169df0878	auto-updated agent/uiserver/bindata_assetfs.go from commit `3e80e637b`	3 years ago
Giulio Micheloni	529fe737ef	acl: acl replication routine to report the last error message	3 years ago
Daniel Nephin	74fb650b6b	Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc config: rename `ports.grpc` to `ports.xds`	3 years ago
Daniel Nephin	b5cd2050b4	fix backwards compat for envoy command The compatv2 integration tests were failing because they use an older CLI version with a newer HTTP API. This commit restores the GRPCPort field to the DebugConfig output to allow older CIs to continue to fetch the port.	3 years ago
Daniel Nephin	233d03dbbd	Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>	3 years ago
Daniel Nephin	4ad80ccee3	command/envoy: stop using the DebugConfig from Self endpoint The DebugConfig in the self endpoint can change at any time. It's not a stable API. With the previous change to rename GRPCPort to XDSPort this command would have broken. This commit adds the XDSPort to a stable part of the XDS api, and changes the envoy command to read this new field. It includes support for the old API as well, in case a newer CLI is used with an older API, and adds a test for both cases.	3 years ago
Daniel Nephin	c48f26b0a6	config: update config settings and flags for ports.xds	3 years ago
Dhia Ayachi	58bd817336	check expiry date of the root/intermediate before using it to sign a leaf (#10500 ) * ca: move provider creation into CAManager This further decouples the CAManager from Server. It reduces the interface between them and removes the need for the SetLogger method on providers. * ca: move SignCertificate to CAManager To reduce the scope of Server, and keep all the CA logic together * ca: move SignCertificate to the file where it is used * auto-config: move autoConfigBackend impl off of Server Most of these methods are used exclusively for the AutoConfig RPC endpoint. This PR uses a pattern that we've used in other places as an incremental step to reducing the scope of Server. * fix linter issues * check error when `raftApplyMsgpack` * ca: move SignCertificate to CAManager To reduce the scope of Server, and keep all the CA logic together * check expiry date of the intermediate before using it to sign a leaf * fix typo in comment Co-authored-by: Kyle Havlovitz <kylehav@gmail.com> * Fix test name * do not check cert start date * wrap error to mention it is the intermediate expired * Fix failing test * update comment Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * use shim to avoid sleep in test * add root cert validation * remove duplicate code * Revert "fix linter issues" This reverts commit `6356302b54`. * fix import issue * gofmt leader_connect_ca * add changelog entry * update error message Co-authored-by: Freddy <freddygv@users.noreply.github.com> * fix error message in test Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> Co-authored-by: Kyle Havlovitz <kylehav@gmail.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com>	3 years ago
R.B. Boyer	6c47efd532	connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots (#10330 ) progress on #9572	3 years ago
R.B. Boyer	7bf9ea55cf	connect/ca: require new vault mount points when updating the key type/bits for the vault connect CA provider (#10331 ) progress on #9572	3 years ago
Daniel Nephin	0ccad1d6f7	Merge pull request #10479 from hashicorp/dnephin/ca-provider-explore-2 ca: move Server.SignIntermediate to CAManager	3 years ago
Daniel Nephin	b89ec826c8	Merge pull request #10445 from hashicorp/dnephin/ca-provider-explore ca: isolate more of the CA logic in CAManager	3 years ago
Daniel Nephin	bf292cbae4	ca: use provider constructors to be more consistent Adds a contructor for the one provider that did not have one.	3 years ago
Dhia Ayachi	5ed56fc786	check error when `raftApplyMsgpack`	3 years ago
Daniel Nephin	3091026e02	auto-config: move autoConfigBackend impl off of Server Most of these methods are used exclusively for the AutoConfig RPC endpoint. This PR uses a pattern that we've used in other places as an incremental step to reducing the scope of Server.	3 years ago
Daniel Nephin	0512cb2813	ca: move SignCertificate to the file where it is used	3 years ago
Daniel Nephin	dfebfe508e	ca: move SignCertificate to CAManager To reduce the scope of Server, and keep all the CA logic together	3 years ago
Daniel Nephin	570eac3167	Merge pull request #10590 from hashicorp/dnephin/tls-config-less-copy config: remove duplicate tlsutil.Config fields from agent/consul.Config	3 years ago
hc-github-team-consul-core	a9dcfc59bd	auto-updated agent/uiserver/bindata_assetfs.go from commit `a96e87aec`	3 years ago
Dhia Ayachi	047537833d	add missing state reset when stopping ca manager	3 years ago
Daniel Nephin	6228c4a53c	ca: fix mockCAServerDelegate to work with the new interface raftApply was removed so ApplyCARequest needs to handle all the possible operations Also set the providerShim to use the mock provider. other changes are small test improvements that were necessary to debug the failures.	3 years ago
Daniel Nephin	7dae65cd56	ca: remove unused method and small refactor to getCAProvider so that GoLand is less confused about what it is doing. Previously it was reporting that the for condition was always true, which was not the case.	3 years ago
Daniel Nephin	1960c717af	ca: remove raftApply from delegate interface After moving ca.ConsulProviderStateDelegate into the interface we now have the ApplyCARequest method which does the same thing. Use this more specific method instead of raftApply.	3 years ago
Daniel Nephin	1f4cdde9cc	ca: move generateCASignRequest to the delegate This method on Server was only used by the caDelegateWithState, so move it there until we can move it entirely into CAManager.	3 years ago
Daniel Nephin	fc14f5ab14	ca: move provider creation into CAManager This further decouples the CAManager from Server. It reduces the interface between them and removes the need for the SetLogger method on providers.	3 years ago
Daniel Nephin	b1877660d5	ca-manager: move provider shutdown into CAManager Reducing the coupling between Server and CAManager	3 years ago
Daniel Nephin	be8c675942	config: remove misleading UseTLS field This field was documented as enabling TLS for outgoing RPC, but that was not the case. All this field did was set the use_tls serf tag. Instead of setting this field in a place far from where it is used, move the logic to where the serf tag is set, so that the code is much more obvious.	3 years ago
Daniel Nephin	70770db345	config: remove duplicate TLSConfig fields from agent/consul.Config tlsutil.Config already presents an excellent structure for this configuration. Copying the runtime config fields to agent/consul.Config makes code harder to trace, and provides no advantage. Instead of copying the fields around, use the tlsutil.Config struct directly instead. This is one small step in removing the many layers of duplicate configuration.	3 years ago
Daniel Nephin	895bf9adec	config: update GRPCPort and addr in runtime config	3 years ago
Daniel Nephin	7d73fd7ae5	rename GRPC->XDS where appropriate	3 years ago
Evan Culver	13bd86527b	Add support for returning ACL secret IDs for accessors with acl:write (#10546 )	3 years ago
Daniel Nephin	ec6da0859d	Merge pull request #10570 from hashicorp/copy-of-master Changes that were accidentally merged into the old master branch	3 years ago
R.B. Boyer	c94b8c6a39	config: add agent config flag for enterprise clients to indicate they wish to join a particular partition (#10572 )	3 years ago
Dhia Ayachi	6390e91be5	Add ca certificate metrics (#10504 ) * add intermediate ca metric routine * add Gauge config for intermediate cert * Stop metrics routine when stopping leader * add changelog entry * updage changelog Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * use variables instead of a map * go imports sort * Add metrics for primary and secondary ca * start metrics routine in the right DC * add telemetry documentation * update docs * extract expiry fetching in a func * merge metrics for primary and secondary into signing ca metric Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	3 years ago
hc-github-team-consul-core	97831bf3dc	auto-updated agent/uiserver/bindata_assetfs.go from commit `6fbeea5de`	3 years ago
Jared Kirschner	e517e744af	Merge pull request #10559 from jkirschner-hashicorp/fix-autopilot-config-post-default-values Fix defaults for autopilot config update	3 years ago
hc-github-team-consul-core	00f4d94139	auto-updated agent/uiserver/bindata_assetfs.go from commit `2c4f22a9f`	3 years ago
Daniel Nephin	2c4f22a9f0	Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period ca: remove unused RotationPeriod field	3 years ago
Daniel Nephin	d1c9d9bc68	config: unexport the remaining builder methods And remove BuildAndValidate. This commit completes some earlier work to reduce the config interface a single Load function. The last remaining test was converted to use Load instad of BuildAndValidate.	3 years ago
Jared Kirschner	14059c2653	Fix defaults for autopilot config update Previously, for a POST request to the /v1/operator/autopilot/configuration endpoint, any fields not included in the payload were set to a zero-initialized value rather than the documented default value. Now, if an optional field is not included in the payload, it will be set to its documented default value: - CleanupDeadServers: true - LastContactThreshold: "200ms" - MaxTrailingLogs: 250 - MinQuorum: 0 - ServerStabilizationTime: "10s" - RedundancyZoneTag: "" - DisableUpgradeMigration: false - UpgradeVersionTag: ""	3 years ago
hc-github-team-consul-core	c47bcc0d4c	auto-updated agent/uiserver/bindata_assetfs.go from commit `74070c095`	3 years ago
hc-github-team-consul-core	98cc5aaa35	auto-updated agent/uiserver/bindata_assetfs.go from commit `5f73de6fb`	3 years ago
jkirschner-hashicorp	5f73de6fbc	Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable Replace use of 'sane' where appropriate	3 years ago
Daniel Nephin	3a045cca8d	ca: remove unused RotationPeriod field This field was never used. Since it is persisted as part of a map[string]interface{} it is pretty easy to remove it.	3 years ago
Jared Kirschner	bd536151e1	Replace use of 'sane' where appropriate HashiCorp voice, style, and language guidelines recommend avoiding ableist language unless its reference to ability is accurate in a particular use.	3 years ago
Dhia Ayachi	9b45107c1e	Format certificates properly (rfc7468) with a trailing new line (#10411 ) * trim carriage return from certificates when inserting rootCA in the inMemDB * format rootCA properly when returning the CA on the connect CA endpoint * Fix linter warnings * Fix providers to trim certs before returning it * trim newlines on write when possible * add changelog * make sure all provider return a trailing newline after the root and intermediate certs * Fix endpoint to return trailing new line * Fix failing test with vault provider * make test more robust * make sure all provider return a trailing newline after the leaf certs * Check for suffix before removing newline and use function * Add comment to consul provider * Update change log Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * fix typo * simplify code callflow Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * extract requireNewLine as shared func * remove dependency to testify in testing file * remove extra newline in vault provider * Add cert newline fix to envoy xds * remove new line from mock provider * Remove adding a new line from provider and fix it when the cert is read * Add a comment to explain the fix * Add missing for leaf certs * fix missing new line * fix missing new line in leaf certs * remove extra new line in test * updage changelog Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * fix in vault provider and when reading cache (RPC call) * fix AWS provider * fix failing test in the provider * remove comments and empty lines * add check for empty cert in test * fix linter warnings * add new line for leaf and private key * use string concat instead of Sprintf * fix new lines for leaf signing * preallocate slice and remove append * Add new line to `SignIntermediate` and `CrossSignCA` Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	3 years ago
Daniel Nephin	690dc41c55	Merge pull request #10515 from hashicorp/dnephin/fix-arm32-atomic-aligment Fix panic on 32-bit platforms	3 years ago
Daniel Nephin	f34d3543b1	testing: fix a test for 32-bit The hcl decoding apparently uses strconv.ParseInt, which fails to parse a 64bit int. Since hcl v1 is basically EOl, it seems unlikely we'll fix this in hcl. Since this test is only about loading values from config files, the extra large number doesn't seem important. Trim a few zeros from the numbers so that they parse properly on 32bit platforms. Also skip a slow test when -short is used.	3 years ago
Daniel Nephin	dce59d9277	fix 64-bit aligment for 32-bit platforms sync/atomic must be used with 64-bit aligned fields, and that alignment is difficult to ensure unless the field is the first one in the struct. https://golang.org/pkg/sync/atomic/#pkg-note-BUG.	3 years ago
Daniel Nephin	bc4d349ccf	streaming: support X-Cache-Hit header If a value was already available in the local view the request is considered a cache hit. If the materialized had to wait for a value, it is considered a cache miss.	3 years ago
Daniel Nephin	c78391797d	streaming: fix enable of streaming in the client And add checks to all the tests that explicitly use streaming.	3 years ago
Daniel Nephin	8b365f8271	Remove a racy and failing test This test is super racy (it's not just a single line). This test also starts failing once streaming is enabled, because the cache rate limit no longer applies to the requests in the test. The queries use streaming instead of the cache. This test is no longer valid, and the functionality is already well tested by TestCacheThrottle. Instead of spending time rewriting this test, let's remove it. ``` WARNING: DATA RACE Read at 0x00c01de410fc by goroutine 735: github.com/hashicorp/consul/agent.TestCacheRateLimit.func1() /home/daniel/pers/code/consul/agent/agent_test.go:1024 +0x9af github.com/hashicorp/consul/testrpc.WaitForTestAgent() /home/daniel/pers/code/consul/testrpc/wait.go:99 +0x209 github.com/hashicorp/consul/agent.TestCacheRateLimit.func1() /home/daniel/pers/code/consul/agent/agent_test.go:966 +0x1ad testing.tRunner() /usr/lib/go/src/testing/testing.go:1193 +0x202 Previous write at 0x00c01de410fc by goroutine 605: github.com/hashicorp/consul/agent.TestCacheRateLimit.func1.2() /home/daniel/pers/code/consul/agent/agent_test.go:998 +0xe9 Goroutine 735 (running) created at: testing.(*T).Run() /usr/lib/go/src/testing/testing.go:1238 +0x5d7 github.com/hashicorp/consul/agent.TestCacheRateLimit() /home/daniel/pers/code/consul/agent/agent_test.go:961 +0x375 testing.tRunner() /usr/lib/go/src/testing/testing.go:1193 +0x202 Goroutine 605 (finished) created at: github.com/hashicorp/consul/agent.TestCacheRateLimit.func1() /home/daniel/pers/code/consul/agent/agent_test.go:1022 +0x91e github.com/hashicorp/consul/testrpc.WaitForTestAgent() /home/daniel/pers/code/consul/testrpc/wait.go:99 +0x209 github.com/hashicorp/consul/agent.TestCacheRateLimit.func1() /home/daniel/pers/code/consul/agent/agent_test.go:966 +0x1ad testing.tRunner() /usr/lib/go/src/testing/testing.go:1193 +0x202 ```	3 years ago
Daniel Nephin	16b21b0864	http: add an X-Consul-Query-Backend header to responses So that it is easier to detect and test when streaming is being used.	3 years ago
Daniel Nephin	2e1e80266a	Merge pull request #10506 from hashicorp/dnephin/docs-rpc-query-metrics docs: correct some misleading telemetry docs	3 years ago
Daniel Nephin	7531a6681d	docs: correct some misleading telemetry docs The query metrics are actually reported for all read queries, not only ones that use a MinIndex to block for updates. Also clarify the raft.apply metric is only on the leader.	3 years ago
R.B. Boyer	ed8a901be7	connect: include optional partition prefixes in SPIFFE identifiers (#10507 ) NOTE: this does not include any intentions enforcement changes yet	3 years ago
R.B. Boyer	a2876453a5	connect/ca: cease including the common name field in generated certs (#10424 ) As part of this change, we ensure that the SAN extensions are marked as critical when the subject is empty so that AWS PCA tolerates the loss of common names well and continues to function as a Connect CA provider. Parts of this currently hack around a bug in crypto/x509 and can be removed after https://go-review.googlesource.com/c/go/+/329129 lands in a Go release. Note: the AWS PCA tests do not run automatically, but the following passed locally for me: ENABLE_AWS_PCA_TESTS=1 go test ./agent/connect/ca -run TestAWS	3 years ago
hc-github-team-consul-core	f24ee5d842	auto-updated agent/uiserver/bindata_assetfs.go from commit `ace794d21`	3 years ago
Dhia Ayachi	a64c9a3e62	return an empty record when asked for an addr dns with type other then A, AAAA and ANY (#10401 ) * return an invalid record when asked for an addr dns with type other then A and AAAA * add changelog * fix ANY use case and add a test for it * update changelog type Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * return empty response if the question record type do not match for addr * set comment in the right place * return A\AAAA record in extra section if record type is not A\AAAA for addr * Fix failing test * remove commented code Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * use require for test validation * use variable to init struct * fix failing test * Update agent/dns.go Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * Update .changelog/10401.txt Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * Update agent/dns.go Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * Update agent/dns.go Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * Update agent/dns.go Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * fix compilation error Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	3 years ago
Daniel Nephin	bb37c4dfe8	Merge pull request #10476 from hashicorp/dnephin/ca-primary-uses-intermediate ca: replace ca.PrimaryIntermediateProviders	3 years ago
R.B. Boyer	e3835ac6a1	structs: prohibit config entries from referencing more than one partition at a time (#10478 ) affected kinds: service-defaults, ingress-gateway, terminating-gateway, service-intentions	3 years ago
R.B. Boyer	8344b7fe2e	structs: prevent service-defaults upstream configs from using wildcard names or namespaces (#10475 )	3 years ago
Daniel Nephin	f52d76f096	ca: replace ca.PrimaryIntermediateProviders With an optional interface that providers can use to indicate if they use an intermediate cert in the primary DC. This removes the need to look up the provider config when renewing the intermediate.	3 years ago
R.B. Boyer	ac50db9087	structs: add some missing config entry validation and clean up tests (#10465 ) Affects kinds: service-defaults, ingress-gateway, terminating-gateway	3 years ago
hc-github-team-consul-core	1822b80ef3	auto-updated agent/uiserver/bindata_assetfs.go from commit `c78f7ecb2`	3 years ago
Daniel Nephin	17e210ed16	Merge pull request #10444 from hashicorp/dnephin/tls-cert-exploration-2 tlsutil: reduce interface provided to auto-config	3 years ago
Daniel Nephin	2aad3f80fb	tlsutil: reduce interface provided to auto-config Replace two methods with a single one that returns the cert. This moves more of the logic into the single caller (auto-config). tlsutil.Configurator is widely used. By keeping it smaller and focused only on storing and returning TLS config, we make the code easier to follow. These two methods were more related to auto-config than to tlsutil, so reducing the interface moves the logic closer to the feature that requires it.	3 years ago
hc-github-team-consul-core	f7455a3017	auto-updated agent/uiserver/bindata_assetfs.go from commit `043f631b7`	3 years ago
hc-github-team-consul-core	58bf4adc02	auto-updated agent/uiserver/bindata_assetfs.go from commit `4bddd5210`	3 years ago
Daniel Nephin	10051cf6d3	proxycfg: remove unused method This method was accidentally re-introduced in an earlier rebase. It was removed in `ed1082510d` as part of the tproxy work.	3 years ago
Daniel Nephin	6bc5255028	proxycfg: move each handler into a seprate file There is no interaction between these handlers, so splitting them into separate files makes it easier to discover the full implementation of each kindHandler.	3 years ago
hc-github-team-consul-core	62340a56b9	auto-updated agent/uiserver/bindata_assetfs.go from commit `5f17062b0`	3 years ago
hc-github-team-consul-core	211525a4c4	auto-updated agent/uiserver/bindata_assetfs.go from commit `9eab71514`	3 years ago
hc-github-team-consul-core	143c73268e	auto-updated agent/uiserver/bindata_assetfs.go from commit `ac424187f`	3 years ago
Daniel Nephin	d81f527be8	Merge pull request #9924 from hashicorp/dnephin/cert-expiration-metric connect: emit a metric for the seconds until root CA expiry	3 years ago
Daniel Nephin	19d3eeff3c	Merge pull request #9489 from hashicorp/dnephin/proxycfg-state-2 proxycfg: split state into a handler for each kind	3 years ago
Daniel Nephin	345e979b4c	Merge pull request #10425 from hashicorp/dnephin/tls-cert-exploration tlsutil: fix a possible panic, and make the package safer	3 years ago
Daniel Nephin	0a14a3e17c	inline assignment	3 years ago
Nitya Dhanushkodi	52043830b4	proxycfg: reference to entry in map should not panic	3 years ago
Daniel Nephin	e738fa3b80	Replace type conversion with embedded structs	3 years ago
Daniel Nephin	32c15d9a88	proxycfg: split state into kind-specific types This commit extracts all the kind-specific logic into handler types, and keeps the generic parts on the state struct. This change should make it easier to add new kinds, and see the implementation of each kind more clearly.	4 years ago
Daniel Nephin	cd05df7157	proxycfg: unmethod hostnameEndpoints the method receiver can be replaced by the first argument. This will allow us to extract more from the state struct in the future.	4 years ago
Daniel Nephin	97c6ee00d7	Remove duplicate import because two PRs crossed paths.	4 years ago
Daniel Nephin	0547d0c046	Merge pull request #9466 from hashicorp/dnephin/proxycfg-state proxycfg: prepare state for split by kind	4 years ago
R.B. Boyer	5b495ae8e0	xds: fix flaky protocol tests (#10410 )	4 years ago
Freddy	ae886136f1	Merge pull request #10404 from hashicorp/ingress-stats	4 years ago
R.B. Boyer	80c39f1083	xds: adding more delta protocol tests (#10398 ) Fixes #10125	4 years ago
freddygv	924a5ba642	Regen golden files	4 years ago
Freddy	0a38c8fe10	Update agent/xds/listeners.go Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>	4 years ago
Freddy	3ee66b2e9a	Omit empty tproxy config in JSON responses (#10402 )	4 years ago
Nitya Dhanushkodi	b8b44419a0	proxycfg: Ensure that endpoints for explicit upstreams in other datacenters are watched in transparent mode (#10391 ) Co-authored-by: Freddy Vallenilla <freddy@hashicorp.com>	4 years ago
freddygv	f3e4705923	Remove unused param	4 years ago
Dhia Ayachi	c8ba2d40fd	improve monitor performance (#10368 ) * remove flush for each write to http response in the agent monitor endpoint * fix race condition when we stop and start monitor multiple times, the doneCh is closed and never recover. * start log reading goroutine before adding the sink to avoid filling the log channel before getting a chance of reading from it * flush every 500ms to optimize log writing in the http server side. * add changelog file * add issue url to changelog * fix changelog url * Update changelog Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * use ticker to flush and avoid race condition when flushing in a different goroutine * stop the ticker when done Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * Revert "fix race condition when we stop and start monitor multiple times, the doneCh is closed and never recover." This reverts commit `1eeddf7a` * wait for log consumer loop to start before registering the sink Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	4 years ago
freddygv	0aec6761dc	Update ingress gateway stats labeling In the absence of stats_tags to handle this pattern, when we pass "ingress_upstream.$port" as the stat_prefix, Envoy splits up that prefix and makes the port a part of the metric name. For example: - stat_prefix: ingress_upstream.8080 This leads to metric names like envoy_http_8080_no_route. Changing the stat_prefix to ingress_upstream_80880 yields the expected metric names such as envoy_http_no_route. Note that we don't encode the destination's name/ns/dc in this stat_prefix because for HTTP services ingress gateways use a single filter chain. Only cluster metrics are available on a per-upstream basis.	4 years ago
freddygv	6f8c6043b6	Update terminating gateway stats labeling This change makes it so that the stat prefix for terminating gateways matches that of connect proxies. By using the structure of "upstream.svc.ns.dc" we can extract labels for the destination service, namespace, and datacenter.	4 years ago
R.B. Boyer	848ad8535b	xds: ensure that dependent xDS resources are reconfigured during primary type warming (#10381 ) Updates to a cluster will clear the associated endpoints, and updates to a listener will clear the associated routes. Update the incremental xDS logic to account for this implicit cleanup so that we can finish warming the clusters and listeners. Fixes #10379	4 years ago
Daniel Nephin	aec7e798b0	Update metric name and handle the case where there is no active root CA.	4 years ago
Daniel Nephin	1c980e4700	connect: emit a metric for the number of seconds until root CA expiration	4 years ago
Freddy	ffb13f35f1	Rename CatalogDestinationsOnly (#10397 ) CatalogDestinationsOnly is a passthrough that would enable dialing addresses outside of Consul's catalog. However, when this flag is set to true only _connect_ endpoints for services can be dialed. This flag is being renamed to signal that non-Connect endpoints can't be dialed by transparent proxies when the value is set to true.	4 years ago
Freddy	33bd9b5be8	Relax validation for expose.paths config (#10394 ) Previously we would return an error if duplicate paths were specified. This could lead to problems in cases where a user has the same path, say /healthz, on two different ports. This validation was added to signal a potential misconfiguration. Instead we will only check for duplicate listener ports, since that is what would lead to ambiguity issues when generating xDS config. In the future we could look into using a single listener and creating distinct filter chains for each path/port.	4 years ago
Daniel Nephin	016c5611d1	proxycfg: extract two types from state struct These two new struct types will allow us to make polymorphic handler for each kind, instad of having all the logic for each proxy kind on the state struct.	4 years ago
Daniel Nephin	9c40aa729f	proxycfg: pass context around where it is needed context.Context should never be stored on a struct (as it says in the godoc) because it is easy to to end up with the wrong context when it is stored. Also see https://blog.golang.org/context-and-structs This change is also in preparation for splitting state into kind-specific handlers so that the implementation of each kind is grouped together.	4 years ago
Daniel Nephin	3726cb52c7	http: add PrimaryDatacenter to the /v1/agent/self response This field is available in DebugConfig, but that field is not stable and could change at any time. The consul-k8s needs to be able to detect the primary DC for tests, so adding this field to the stable part of the API response.	4 years ago
Freddy	429f9d8bb8	Add flag for transparent proxies to dial individual instances (#10329 )	4 years ago
Daniel Nephin	3d5ff8b5db	submatview: add test cases for store.Get with timeout and no index Also set a more unique name for the serviceRequest.Type to prevent potential name conflicts in the future.	4 years ago
Daniel Nephin	cf5cdf07a0	Merge pull request #10364 from hashicorp/dnephin/streaming-e2e-test submatview: and Store integration test with stream backend	4 years ago
Freddy	7577f0e991	Revert "Avoid adding original_dst filter when not needed" (#10365 )	4 years ago
Daniel Nephin	c5f0cf9456	submatview: and Store integration test with stream backend	4 years ago
Daniel Nephin	eb0c0d7740	stream: remove bufferItem.NextLink Both NextLink and NextNoBlock had the same logic, with slightly different return values. By adding a bool return value (similar to map lookups) we can remove the duplicate method.	4 years ago
Daniel Nephin	5ef8a045f3	stream: fix a bug with creating a snapshot The head of the topic buffer was being ignored when creating a snapshot. This commit fixes the bug by ensuring that the head of the topic buffer is included in the snapshot before handing it off to the subscription.	4 years ago
Daniel Nephin	59d201e148	submatview: fix a bug with Store.Get When info.Timeout is 0, it should have no timeout. Previously it was using a 0 duration timeout which caused it to return without waiting. This bug was masked by using a timeout in the tests. Removing the timeout caused the tests to fail.	4 years ago
Paul Ewing	42a51b1a2c	usagemetrics: add cluster members to metrics API (#10340 ) This PR adds cluster members to the metrics API. The number of members per segment are reported as well as the total number of members. Tested by running a multi-node cluster locally and ensuring the numbers were correct. Also added unit test coverage to add the new expected gauges to existing test cases.	4 years ago
Daniel Nephin	29e93f6338	grpc: fix a data race by using a static resolver We have seen test flakes caused by 'concurrent map read and map write', and the race detector reports the problem as well (prevent us from running some tests with -race). The root of the problem is the grpc expects resolvers to be registered at init time before any requests are made, but we were using a separate resolver for each test. This commit introduces a resolver registry. The registry is registered as the single resolver for the consul scheme. Each test uses the Authority section of the target (instead of the scheme) to identify the resolver that should be used for the test. The scheme is used for lookup, which is why it can no longer be used as the unique key. This allows us to use a lock around the map of resolvers, preventing the data race.	4 years ago
Daniel Nephin	c94eaa4957	submatview: improve a couple comments	4 years ago
Dhia Ayachi	15dddc9edb	make tests use a dummy node_name to avoid environment related failures (#10262 ) * fix tests to use a dummy nodeName and not fail when hostname is not a valid nodeName * remove conditional testing * add test when node name is invalid	4 years ago
Daniel Nephin	ba15f92a8a	structs: fix cache keys So that requests are cached properly, and the cache does not return the wrong data for a request.	4 years ago
Daniel Nephin	920ae31598	structs: add two cache completeness tests types that implement cache.Request	4 years ago
Daniel Nephin	46dfdb611f	structs: improve the interface of assertCacheInfoKeyIsComplete	4 years ago
Daniel Nephin	7c2957e24d	structs: Add more cache key tests	4 years ago
Dhia Ayachi	f785c5b332	RPC Timeout/Retries account for blocking requests (#8978 )	4 years ago
hc-github-team-consul-core	8ab1013ed9	auto-updated agent/uiserver/bindata_assetfs.go from commit `18190fb07`	4 years ago
Dhia Ayachi	4c7f5f31c7	debug: remove the CLI check for debug_enabled (#10273 ) * debug: remove the CLI check for debug_enabled The API allows collecting profiles even debug_enabled=false as long as ACLs are enabled. Remove this check from the CLI so that users do not need to set debug_enabled=true for no reason. Also: - fix the API client to return errors on non-200 status codes for debug endpoints - improve the failure messages when pprof data can not be collected Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com> * remove parallel test runs parallel runs create a race condition that fail the debug tests * Add changelog Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	4 years ago
hc-github-team-consul-core	c68a931e0b	auto-updated agent/uiserver/bindata_assetfs.go from commit `ddee7afbb`	4 years ago
Freddy	353280660f	Ensure passthrough clusters can be created (#10301 )	4 years ago
Freddy	19334e8abf	Avoid adding original_dst filter when not needed (#10302 )	4 years ago
Matt Keeler	da31e0449e	Move some things around to allow for license updating via config reload The bulk of this commit is moving the LeaderRoutineManager from the agent/consul package into its own package: lib/gort. It also got a renaming and its Start method now requires a context. Requiring that context required updating a whole bunch of other places in the code.	4 years ago
Dhia Ayachi	f2eed912b2	upgrade golangci-lint to v1.40.1 (#10276 ) Also: fix linter issue detected with newer version	4 years ago
Matt Keeler	caafc02449	hcs-1936: Prepare for adding license auto-retrieval to auto-config in enterprise	4 years ago
Matt Keeler	234d0a3c2a	Preparation for changing where license management is done.	4 years ago
hc-github-team-consul-core	57e6c8a9e5	auto-updated agent/uiserver/bindata_assetfs.go from commit `600f85753`	4 years ago

... 2 3 4 5 6 ...

3623 Commits (20d0bf81f731ea35302905562cd673720a030b72)