Commit Graph

14547 Commits (3e8caa4c17bbc2b9a837c4c48fad48f7151082f3)

Author SHA1 Message Date
Blake Covarrubias 3e8caa4c17 docs: Update code blocks across website
* Use CodeTabs for examples in multiple formats.
* Ensure correct language on code fences.
* Use CodeBlockConfig for examples with filenames, or which need
highlighted content.
2021-08-11 20:21:27 +00:00
Kenia c41b6189e8 ui: Split up the socket mode from the socket path (#10581) 2021-08-11 17:01:52 +00:00
Blake Covarrubias 005e193e55 docs: Add JSON examples to all config entries
This commit adds example JSON configs for several config entry
resources were missing examples in this language.

The examples have been updated to use the new CodeTabs resource
instead of the Tab component.
2021-08-10 22:35:12 +00:00
Blake Covarrubias b01fa1f924 cli: Fix broken KV import on Windows (#10820)
Consul 1.10 (PR #9792) introduced the ability to specify a prefix when
importing KV's. This however introduced a regression on Windows
systems which breaks `kv import`. The key name is joined with
specified`-prefix` using `filepath.Join()` which uses a forward slash
(/) to delimit values on Unix-based systems, and a backslash (\) to
delimit values on Windows – the latter of which is incompatible with
Consul KV paths.

This commit replaces filepath.Join() with path.Join() which uses a
forward slash as the delimiter, providing consistent key join behavior
across supported operating systems.

Fixes #10583
2021-08-10 21:42:52 +00:00
Blake Covarrubias b62f9a4e39 cli: Use admin bind address in self_admin cluster (#10757)
Configure the self_admin cluster to use the admin bind address
provided when starting Envoy.

Fixes #10747
2021-08-10 00:11:57 +00:00
trujillo-adam 5540de03f3 Merge pull request #10812 from hashicorp/docs-envoy-proxy-breaks-when-enabling-tls
docs: adding env var info
2021-08-09 22:59:22 +00:00
Blake Covarrubias a078fd2b8c cli: Test API access using /status/leader in consul watch (#10795)
Replace call to /agent/self with /status/leader to verify agent
reachability before initializing a watch. This endpoint is not guarded
by ACLs, and as such can be queried by any API client regardless of
their permissions.

Fixes #9353
2021-08-09 16:01:46 +00:00
Mike Morris 1125d60ea5
changelog: add KNOWN ISSUES note for streaming with mesh gateways (#10799)
* changelog: suggest use_streaming_backend=false
2021-08-05 18:04:56 -04:00
Daniel Nephin 7720275679
Merge pull request #10798 from hashicorp/dnephin/backport-txn-authz-fix
[1.10.x] acl: fix txn_endpoint to properly authorize service registrations
2021-08-05 17:53:34 -04:00
Daniel Nephin f3718c70c1 Add changelog 2021-08-05 15:45:51 -04:00
Daniel Nephin 1186e38ac6 acl: remove special handling of services in txn_endpoint
Previously we were passing an Authorizer that would always allow the
operation, then later checking the authorization using vetServiceTxnOp.

On the surface this seemed strange, but I think it was actually masking
a bug as well. Over time `servicePreApply` was changed to add additional
authorization for `service.Proxy.DestinationServiceName`, but because
we were passing a nil Authorizer, that authorization was not handled on
the txn_endpoint.

`TxnServiceOp.FillAuthzContext` has some special handling in enterprise,
so we need to make sure to continue to use that from the Txn endpoint.

This commit removes the `vetServiceTxnOp` function, and passes in the
`FillAuthzContext` function so that `servicePreApply` can be used by
both the catalog and txn endpoints. This should be much less error prone
and prevent bugs like this in the future.
2021-08-05 15:41:56 -04:00
Dhia Ayachi fe1a2f5d9b defer setting the state before returning to avoid stuck in `INITIALIZING` state (#10630)
* defer setting the state before returning to avoid being stuck in `INITIALIZING` state

* add changelog

* move comment with the right if statement

* ca: report state transition error from setSTate

* update comment to reflect state transition

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-08-05 18:54:40 +00:00
trujillo-adam e3f751b87b Merge pull request #10763 from hashicorp/docs-proxy-integration-improvements
general language and readability improvements to proxy integration docs
2021-08-04 21:37:35 +00:00
Dhia Ayachi 2f5ce9950a fix state index for `CAOpSetRootsAndConfig` op (#10675)
* fix state index for `CAOpSetRootsAndConfig` op

* add changelog

* Update changelog

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>

* remove the change log as it's not needed

Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-08-04 17:08:51 +00:00
Sabeen Syed 362f1c610b
Add Citrix TF module links to NIA docs (#10710) (#10764) 2021-08-04 11:45:37 -05:00
Kenia 5c8f1e6647 ui: Fix Health Checks in K/V form Lock Sessions Info section (#10767) 2021-08-04 16:42:49 +00:00
Daniel Nephin c840d9a075 Merge pull request #10601 from hashicorp/joshwolfer-patch-1
docs: link to config entries from enable_central_service_config
2021-08-03 20:36:11 +00:00
Blake Covarrubias 3db62f7984 docs: Fix service checks docs on session endpoint (#10759)
The ServiceChecks parameter was incorrectly documented in e515c9d44 to
state that it accepted a list of string values, when actually the API
requires an array of ServiceCheck objects.

This commit updates the docs for the parameter to correctly reflect
the fields required by the API.

Resolves #10752
2021-08-03 16:58:19 +00:00
Daniel Nephin d899caa358 Merge pull request #10729 from hashicorp/dnephin/fix-docs-cherrypick
ci: query for max number of possible labels
2021-08-03 15:48:14 +00:00
Matt Explosion c58b92c231 Updated link to repo for native Scala Consul client Helm 2021-08-03 05:02:24 +00:00
Blake Covarrubias 4b0b39cb69 docs: Note proxy-defaults can globally set service protocol (#10649)
Add a note to the docs for the service defaults config entry which
informs users that the service protocol can be configured for all
services using the proxy defaults config entry.

Resolves #8279

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-08-02 20:24:52 +00:00
Blake Covarrubias 0f5b90d184 docs: Document supported `consul connect` env vars (#10667)
Document the ability to specify `-sidecar-for` and `-proxy-id` flags
via environment variables.
2021-08-02 19:51:31 +00:00
Blake Covarrubias 5f5c4b46b6 website: Add redirect for /connect/ingress-gateways
Add redirect /docs/connect/ingress-gateways, which currently returns
404, to /docs/connect/gateways/ingress-gateway.

Fixes #10748
2021-08-02 18:59:28 +00:00
Blake Covarrubias 8b98dd613d docs: Add namespace parameter to additional HTTP endpoints (#10731)
Document the namespace parameter can be specified on HTTP Check,
Connect CA leaf, and Discovery Chain API endpoints.

Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2021-08-02 18:56:10 +00:00
Blake Covarrubias 33fd541733 docs: Add /v1/agent/host endpoint
Document /v1/agent/host endpoint which is used by `consul debug`.
Originally added in #4754.
2021-08-02 17:31:07 +00:00
Daniel Nephin 537dea0052 Merge pull request #10718 from hashicorp/dnephin/doc-agent-tls-ca
docs: give better guidance about how to configure the agent TLS CA
2021-07-29 17:57:32 +00:00
Daniel Nephin 789b6c1a30 Merge pull request #10707 from hashicorp/dnephin/streaming-setup-default-timeout
streaming: set default query timeout
2021-07-28 22:30:10 +00:00
Chris S. Kim 9a57ae9e9a
sync enterprise files with oss (#10705) (#10711)
(cherry picked from commit 9c3af1a429)
2021-07-28 15:41:15 -04:00
Kenia ae34d7b4cd ui: Fix dropdown option duplications (#10706) 2021-07-27 21:34:53 +00:00
Chris S. Kim 74fa06f243
agent: update proxy upstreams to inherit namespace from service (#10688) (#10698)
(cherry picked from commit 91c90a672a)
2021-07-27 15:23:25 -04:00
Freddy 9265d20859 Log the correlation ID when blocking queries fire (#10689)
Knowing that blocking queries are firing does not provide much
information on its own. If we know the correlation IDs we can
piece together which parts of the snapshot have been populated.

Some of these responses might be empty from the blocking
query timing out. But if they're returning quickly I think we
can reasonably assume they contain data.
2021-07-23 22:38:03 +00:00
Dhia Ayachi 3dde24d8c9 config raft apply silent error (#10657)
* return an error when the index is not valid

* check response as bool when applying `CAOpSetConfig`

* remove check for bool response

* fix error message and add check to test

* fix comment

* add changelog
2021-07-22 14:33:12 +00:00
Blake Covarrubias b5b5c21654 Merge pull request #10462 from hashicorp/docs/add-ns-agent-services-9710
docs: Add namespace parameters to /agent/service* endpoints
2021-07-21 18:17:40 +00:00
Blake Covarrubias c792f3738a docs: Update responses for /v1/session/ endpoints post 1.7
Update output for /v1/session/ endpoints to match output post Consul
1.7.0.

Documents new `NodeChecks` and `ServiceChecks` parameters which were
added in that release.

Resolves #7341, resolves #10095
2021-07-21 15:28:33 +00:00
Freddy c9349e353b Avoid panic on concurrent writes to cached service config map (#10647)
If multiple instances of a service are co-located on the same node then
their proxies will all share a cache entry for their resolved service
configuration. This is because the cache key contains the name of the
watched service but does not take into account the ID of the watching
proxies.

This means that there will be multiple agent service manager watches
that can wake up on the same cache update. These watchers then
concurrently modify the value in the cache when merging the resolved
config into the local proxy definitions.

To avoid this concurrent map write we will only delete the key from
opaque config in the local proxy definition after the merge, rather
than from the cached value before the merge.
2021-07-20 16:10:37 +00:00
Blake Covarrubias 2e044acd90 website: Fix circular redirect with TLS on existing cluster
Fix an issue where /docs/k8s/operations/tls-on-existing-cluster would
never load when navigating directly to the URL because of a circular
redirect.
2021-07-20 15:43:27 +00:00
Blake Covarrubias c469c701fe docs: Add intentions to ACL System docs (#10323)
Adds mention of `intentions` rules to ACL System and ACL Rules pages.

Resolves #9790
2021-07-19 22:32:24 +00:00
Blake Covarrubias c8393cb25f docs: Fix spelling errors across website 2021-07-19 21:30:41 +00:00
Daniel Nephin 91962e7495 Merge pull request #10009 from hashicorp/dnephin/trim-dns-response-with-edns
dns: properly trim response when EDNS is used
2021-07-16 22:10:03 +00:00
hc-github-team-consul-core c800094210 Putting source back into Dev Mode 2021-07-15 19:33:15 +00:00
hc-github-team-consul-core db839f18ba
Release v1.10.1 2021-07-15 18:49:34 +00:00
hc-github-team-consul-core 40ac83c9d3
update bindata_assetfs.go 2021-07-15 18:49:33 +00:00
Dhia Ayachi fc38e8fba9 add changelogs for 1.10.1 2021-07-15 13:30:29 -04:00
Freddy e3e31375c8
Merge pull request #10622 from hashicorp/vuln/validate-sans-1.10 2021-07-15 10:05:06 -06:00
freddygv 803df59268 Fixup prepared query ns defaulting 2021-07-15 09:37:37 -06:00
freddygv 066e950b7d Add changelog entry 2021-07-15 09:31:43 -06:00
Daniel Nephin d808d7897a Merge pull request #10617 from hashicorp/dnephin/config-add-missing-docs
docs: add config options that were missing
2021-07-15 15:24:28 +00:00
R.B. Boyer 104ee65e17 xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 15:09:48 +00:00
John Cowen e92b9e8e82 ui: [BUGFIX] Ensure we use the ns query param name when requesting permissions (#10608)
Previously when namespaces were enabled, we weren't requesting permission for the actively selected namespace, and instead always checking the permissions for the default namespace.

This commit ensures we request permissions for the actively selected namespace.
2021-07-15 11:19:55 +00:00
John Cowen 15f6b10e4a ui: [BUGFIX] Ensure in-folder KVs are created in the correct folder (#10569)
When clicking to create a KV within folder name, would would be viewing a form that was a form for creating a KV in the root, which when the user clicked to save, saved the KV in the root.

For the moment at least I've removed the code that strips double slashes, and whilst this isn't ideal, it looks like we've picked up one of those bugs that turns into a 'feature', and completely reworking KV to not rely on the double slashes is not really an option right now.
2021-07-15 09:38:23 +00:00