Commit Graph

9886 Commits (34eff659dcc5503b6eb117733c9f7def63f01bad)

Author SHA1 Message Date
John Cowen 104e6bac71 UI: Move legacy ACLs to use the new searchables/changeable-sets (#4933) 2019-05-01 18:21:42 +00:00
John Cowen c532e53d9a UI: dom usage refactoring (#4924)
Move all the dom-things to use the dom service in tabular-collection, feedback-dialog, list-collection and node show. Move get-component-factory into utils/dom and use dom.root() in a few more places

This includes an additional `dom.components` method which gives you a
list of components matching the selector instead of just one.
2019-05-01 18:21:40 +00:00
John Cowen d46b059673 UI: CSS Refactor (#4919)
- Adds full set of svg icons as CSS/Sass variables to the source
- Starts picking out some frame-grays, whilst commenting in possibles
- Remove color prefixing

The prefixes `ui-` and `brand-` for colors hav been removed. This makes
colors slightly easier to type.
In order to differentiate between brand colors and 'normal' colors, normal
colors are named as 'true colors' i.e. blue, red, green etc etc
whereas the brand colors used a more premium sounding name such as
'steel' for vault gray, 'magenta' for consul, 'cobalt' for vagrant etc etc.
2019-05-01 18:21:38 +00:00
John Cowen 3879487ab8 ui: Prefer using `notOk(actual)` instead of `ok(!actual)` in tests (#4925)
And make sure its consistent throughout the app
2019-05-01 18:21:37 +00:00
John Cowen d6c1b9ed3f ui: Move ACL policy and token repos to use the RepositoryService (#4867) 2019-05-01 18:21:36 +00:00
John Cowen c9fae76b7d ui: Refactors the code-mirror linting/restrict legacy tokens to HCL (#4866) 2019-05-01 18:21:35 +00:00
John Cowen 65ef2969c7 ui: Async Search (#4859)
This does several things to make improving the search experience easier
moving forwards:

1. Separate searching off from filtering. 'Searching' can be thought of
as specifically 'text searching' whilst filtering is more of a
boolean/flag search.
2. Decouple the actual searching functionality to almost pure,
isolated / unit testable units and unit test. (I still import embers get
which, once I upgrade to 3.5, I shouldn't need)
3. Searching rules are now configurable from the outside, i.e. not
wrapped in Controllers or Components.
4. General searching itself now can use an asynchronous approach based on
events. This prepares for future possibilities of handing off the
searching to a web worker or elsewhere, which should aid in large scale
searching and prepares the way for other searching methods.
5. Adds the possibility of have multiple searches in one
template/route/page.

Additionally, this adds a WithSearching mixin to aid linking the
searching to ember in an ember-like way in a single place. Plus a
WithListeners mixin to aid with cleaning up of event listeners on
Controller/Component destruction.

Post-initial work I slightly changed the API of create listeners:

Returning the handler from a `remover` means you can re-add it again if you
want to, this avoids having to save a reference to the handler elsewhere
to do the same.

The `remove` method itself now returns an array of handlers, again you
might want to use these again or something, and its also more useful
then just returning an empty array.

The more I look at this the more I doubt that you'll ever use `remove`
to remove individual handlers, you may aswell just use the `remover`
returned from add. I've added some comments to reflect this, but they'll
likely be removed once I'm absolutely sure of this.

I also added some comments for WithSearching to explain possible further
work re: moving `searchParams` so it can be `hung` off the
controller object
2019-05-01 18:21:34 +00:00
Kyle Havlovitz 7b16fe3436 Config Entry docs (#5734)
* Add api docs for the config entry endpoints

* Add enable_central_service_config field to agent docs

* Add docs for config entry CLI operations

* Fix wording and links in config entry docs

* Add links to the central service config option

* Update the central service config setting description.
2019-05-01 11:21:11 -07:00
Matt Keeler 69f902608c
Update to use a consulent build tag instead of just ent (#5759) 2019-05-01 11:11:27 -04:00
Chip Vaughn 29cfb28fd5 Update to Consul Upgrading Doc 2019-05-01 09:49:05 -04:00
Matt Keeler 3145bf5230 Centralized Config CLI (#5731)
* Add HTTP endpoints for config entry management

* Finish implementing decoding in the HTTP Config entry apply endpoint

* Add CAS operation to the config entry apply endpoint

Also use this for the bootstrapping and move the config entry decoding function into the structs package.

* First pass at the API client for the config entries

* Fixup some of the ConfigEntry APIs

Return a singular response object instead of a list for the ConfigEntry.Get RPC. This gets plumbed through the HTTP API as well.

Dont return QueryMeta in the JSON response for the config entry listing HTTP API. Instead just return a list of config entries.

* Minor API client fixes

* Attempt at some ConfigEntry api client tests

These don’t currently work due to weak typing in JSON

* Get some of the api client tests passing

* Implement reflectwalk magic to correct JSON encoding a ProxyConfigEntry

Also added a test for the HTTP endpoint that exposes the problem. However, since the test doesn’t actually do the JSON encode/decode its still failing.

* Move MapWalk magic into a binary marshaller instead of JSON.

* Add a MapWalk test

* Get rid of unused func

* Get rid of unused imports

* Fixup some tests now that the decoding from msgpack coerces things into json compat types

* Stub out most of the central config cli

Fully implement the config read command.

* Basic config delete command implementation

* Implement config write command

* Implement config list subcommand

Not entirely sure about the output here. Its basically the read output indented with a line specifying the kind/name of each type which is also duplicated in the indented output.

* Update command usage

* Update some help usage formatting

* Add the connect enable helper cli command

* Update list command output

* Rename the config entry API client methods.

* Use renamed apis

* Implement config write tests

Stub the others with the noTabs tests.

* Change list output format

Now just simply output 1 line per named config

* Add config read tests

* Add invalid args write test.

* Add config delete tests

* Add config list tests

* Add connect enable tests

* Update some CLI commands to use CAS ops

This also modifies the HTTP API for a write op to return a boolean indicating whether the value was written or not.

* Fix up the HTTP API CAS tests as I realized they weren’t testing what they should.

* Update config entry rpc tests to properly test CAS

* Fix up a few more tests

* Fix some tests that using ConfigEntries.Apply

* Update config_write_test.go

* Get rid of unused import
2019-04-30 16:27:16 -07:00
Matt Keeler fe38042e33
Update CHANGELOG.md 2019-04-30 19:05:50 -04:00
Matt Keeler f665695b6b
Ensure ServiceName is populated correctly for agent service checks
Also update some snapshot agent docs

* Enforce correct permissions when registering a check

Previously we had attempted to enforce service:write for a check associated with a service instead of node:write on the agent but due to how we decoded the health check from the request it would never do it properly. This commit fixes that.

* Update website/source/docs/commands/snapshot/agent.html.markdown.erb

Co-Authored-By: mkeeler <mkeeler@users.noreply.github.com>
2019-04-30 19:00:57 -04:00
Sarah Christoff 16d1e0f2f2 Update Helm Docs with consulPrefix 2019-04-30 17:30:24 -05:00
Matt Keeler d0f410cd84
Make a few config entry endpoints return 404s and allow for snake_case and lowercase key names. (#5748) 2019-04-30 18:19:19 -04:00
Freddy 44e3dd79ff
go fmt runtime_test.go 2019-04-30 13:28:02 -06:00
Paul Banks 90c83e64ec fix agent in connect docs 2019-04-30 12:59:37 -06:00
Freddy d19eb36085
Restrict config file extensions read 2019-04-30 12:43:32 -06:00
Alvin Huang b5d2de1727
fix redirects for acl-migrate-tokens (#5749) 2019-04-30 13:28:58 -04:00
Matt Keeler 4901166e65
Update CHANGELOG.md 2019-04-30 13:25:10 -04:00
R.B. Boyer 63508c6015
ui: fix 'make ui' again (#5751)
When the v1 ui was removed the ui build incorrectly copied everything
into a /dist/ subdirectory instead of directly into the top level.
2019-04-30 12:23:24 -05:00
kaitlincarter-hc 626392eb62
[docs] Fixing API broken links (#5732)
* starting broken link fixes

* Updating the other links for ACLs

* Updating the rest of the links

* fixing acl required links.

* update a bunch of other links

* updated a couple more broken links based on Alvins checker

* removed the extra s
2019-04-30 12:20:51 -05:00
Matt Keeler 583153b852
Update CHANGELOG.md 2019-04-30 11:46:52 -04:00
Matt Keeler 4daa1585b0
ACL Token ID Initialization (#5307) 2019-04-30 11:45:36 -04:00
R.B. Boyer b4727fbe18
cli: actually allow the 'connect envoy' and 'watch' subcommands to work with -token-file (#5733) 2019-04-30 09:59:00 -05:00
Paul Banks a12810664f
Modify ConfigEntry bootstrapping syntax more generic (#5744)
* Modify ConfigEntry bootstrapping syntax to be generic and compatible with other CLI config syntax. Refs #5743

* Fix gofmt issues.
2019-04-30 15:13:59 +01:00
Freddy 51391b647b
Update CHANGELOG.md 2019-04-29 17:27:26 -06:00
Kyle Havlovitz aba54cec55 Add HTTP endpoints for config entry management (#5718) 2019-04-29 18:08:09 -04:00
Matt Keeler f67e12eb6f
Enabling "service" watch handler to accept a slice of tags
Originally from PR #5347
2019-04-29 15:28:01 -04:00
Paul Banks 93f579dc8b
Update CHANGELOG.md 2019-04-29 17:43:15 +01:00
Paul Banks 421ecd32fc
Connect: allow configuring Envoy for L7 Observability (#5558)
* Add support for HTTP proxy listeners

* Add customizable bootstrap configuration options

* Debug logging for xDS AuthZ

* Add Envoy Integration test suite with basic test coverage

* Add envoy command tests to cover new cases

* Add tracing integration test

* Add gRPC support WIP

* Merged changes from master Docker. get CI integration to work with same Dockerfile now

* Make docker build optional for integration

* Enable integration tests again!

* http2 and grpc integration tests and fixes

* Fix up command config tests

* Store all container logs as artifacts in circle on fail

* Add retries to outer part of stats measurements as we keep missing them in CI

* Only dump logs on failing cases

* Fix typos from code review

* Review tidying and make tests pass again

* Add debug logs to exec test.

* Fix legit test failure caused by upstream rename in envoy config

* Attempt to reduce cases of bad TLS handshake in CI integration tests

* bring up the right service

* Add prometheus integration test

* Add test for denied AuthZ both HTTP and TCP

* Try ANSI term for Circle
2019-04-29 17:27:57 +01:00
R.B. Boyer 2febedd17c update changelog 2019-04-26 15:43:34 -05:00
R.B. Boyer 975c4b87d6 remove reference to deleted branch 2019-04-26 15:39:57 -05:00
Paul Banks 50da2383c0
Update CHANGELOG.md 2019-04-26 21:39:06 +01:00
R.B. Boyer c6722fc43d
Merge pull request #5617 from hashicorp/f-acl-ux
Secure ACL Introduction for Kubernetes
2019-04-26 15:34:26 -05:00
Aestek 21a776e202 Fix: fail messages after a node rename replace the new node definition (#5520)
When receiving a serf faild message for a node which is not in the
catalog, do not perform a register request to set is serf heath to
critical as it could overwrite the node information and services if it
was renamed.

Fixes : #5518
2019-04-26 21:33:41 +01:00
R.B. Boyer e47d7eeddb acl: adding support for kubernetes auth provider login (#5600)
* auth providers
* binding rules
* auth provider for kubernetes
* login/logout
2019-04-26 14:49:25 -05:00
R.B. Boyer cc1aa3f973 acl: adding Roles to Tokens (#5514)
Roles are named and can express the same bundle of permissions that can
currently be assigned to a Token (lists of Policies and Service
Identities). The difference with a Role is that it not itself a bearer
token, but just another entity that can be tied to a Token.

This lets an operator potentially curate a set of smaller reusable
Policies and compose them together into reusable Roles, rather than
always exploding that same list of Policies on any Token that needs
similar permissions.

This also refactors the acl replication code to be semi-generic to avoid
3x copypasta.
2019-04-26 14:49:12 -05:00
R.B. Boyer 7928305279 making ACLToken.ExpirationTime a *time.Time value instead of time.Time (#5663)
This is mainly to avoid having the API return "0001-01-01T00:00:00Z" as
a value for the ExpirationTime field when it is not set. Unfortunately
time.Time doesn't respect the json marshalling "omitempty" directive.
2019-04-26 14:48:16 -05:00
R.B. Boyer db43fc3a20 acl: ACL Tokens can now be assigned an optional set of service identities (#5390)
These act like a special cased version of a Policy Template for granting
a token the privileges necessary to register a service and its connect
proxy, and read upstreams from the catalog.
2019-04-26 14:48:04 -05:00
R.B. Boyer 2144bd7fbd acl: tokens can be created with an optional expiration time (#5353) 2019-04-26 14:47:51 -05:00
Matt Keeler 15e80e4e76
Implement bootstrapping proxy defaults from the config file (#5714) 2019-04-26 14:25:03 -04:00
Matt Keeler 5befe0f5d5
Implement config entry replication (#5706) 2019-04-26 13:38:39 -04:00
Matt Keeler 6c885d383a
Update CHANGELOG.md 2019-04-26 12:36:52 -04:00
Matt Keeler 222afeae4c
Move the watch package into the api module (#5664)
* Move the watch package into the api module

It was already just a thin wrapper around the API anyways. The biggest change was to the testing. Instead of using a test agent directly from the agent package it now uses the binary on the PATH just like the other API tests.

The other big changes were to fix up the connect based watch tests so that we didn’t need to pull in the connect package (and therefore all of Consul)
2019-04-26 12:33:01 -04:00
Tyler Ryan cf14e0c2ac fixing inconsitencies in agent/connect API documentation (#5715) 2019-04-26 12:53:20 +01:00
R.B. Boyer cf8b76b2e5
docs: fix some minor acl related typos (#5711) 2019-04-25 12:24:28 -05:00
Alvin Huang abdd8a294c
fix sidebar for install (#5611) 2019-04-25 12:30:35 -04:00
Alvin Huang 8ceca2ace3
Add fmt and vet (#5671)
* add go fmt and vet

* go fmt fixes
2019-04-25 12:26:33 -04:00
Alvin Huang 05946afa0c
Add website analytics back (#5699)
* add website analytics to build

* add segment analytics env var check
2019-04-25 12:24:20 -04:00