kenia
876d03a81b
Refactor TopologyMetrics Notices
2021-04-15 09:19:22 -04:00
kenia
041245c7dd
Create placeholder *(All Services) Card
2021-04-15 09:19:22 -04:00
kenia
934db376f4
Add translations for topology-mterics and transparent-proxy components
2021-04-15 09:19:22 -04:00
kenia
727b6e966b
Create icon and dashed line for intention not explictly defined
2021-04-15 09:19:21 -04:00
kenia
f5849fd500
Create not explicitly defined intentions banner
2021-04-15 09:19:21 -04:00
kenia
52e88bbf65
Create TransparentProxy mode label for service instance page
2021-04-15 09:19:21 -04:00
kenia
fc40212823
Create Topology Metrics Source Type to be in each Card
2021-04-15 09:19:21 -04:00
kenia
e9d01a3d4c
Refactor Topology Metrics Card component
2021-04-15 09:19:21 -04:00
kenia
cdf77e32f2
Create warning banners for permissive default-allow and wildcard-intention
2021-04-15 09:19:21 -04:00
kenia
57d3bf59ee
Update service-topology mock data with new attributes: TransparentProxy, DefaultAllow, WildcardIntention, and Source
2021-04-15 09:19:21 -04:00
Kent 'picat' Gruber
62fcf1ff17
Merge pull request #10030 from hashicorp/fix-ent-audit-log-bypass
...
Add synthetic enterprise entry for CVE-2021-28156
2021-04-14 20:08:51 -04:00
Kent 'picat' Gruber
6133696ee2
Add component name to entry
...
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
2021-04-14 19:41:04 -04:00
Kent 'picat' Gruber
9f7190a4fe
Merge pull request #10023 from hashicorp/fix-raw-kv-xss
...
Add content type headers to raw KV responses
2021-04-14 18:49:14 -04:00
Kent 'picat' Gruber
34683f04c5
Add synthetic enterprise entry for CVE-2021-28156
2021-04-14 18:45:49 -04:00
Daniel Nephin
a2726e8fea
Merge pull request #10025 from hashicorp/dnephin/fix-snapshot-auth-methods
...
snapshot: fix saving of auth methods
2021-04-14 17:18:35 -04:00
Daniel Nephin
88f83b41aa
snapshot: fix saving of auth methods
...
Previously only a single auth method would be saved to the snapshot. This commit fixes the typo
and adds to the test, to show that all auth methods are now saved.
2021-04-14 16:51:21 -04:00
Kent 'picat' Gruber
71ba835654
Add security release-note changelog entry
2021-04-14 16:40:47 -04:00
Kent 'picat' Gruber
493f820e9d
Add better security warning to docs about the content-type change
2021-04-14 16:36:40 -04:00
Kent 'picat' Gruber
d07f57ce67
Update KV docs to note new raw response content-type header
2021-04-14 16:21:03 -04:00
Kent 'picat' Gruber
cf1fce3d0c
Add content type headers to raw KV responses
2021-04-14 16:20:22 -04:00
R.B. Boyer
2c3d7da5dd
mod: bump to github.com/hashicorp/mdns v1.0.4 ( #10018 )
2021-04-14 14:17:52 -05:00
Daniel Nephin
ec34f3860a
Merge pull request #10014 from hashicorp/dnephin/changelog
...
Add changelog for enterprise change
2021-04-14 14:09:35 -04:00
freddygv
f7094f91c7
Avoid returning a nil slice
2021-04-14 10:52:05 -06:00
Matt Keeler
bbf5993534
Move static token resolution into the ACLResolver ( #10013 )
2021-04-14 12:39:35 -04:00
R.B. Boyer
06848ce67e
fix broken golden tests
2021-04-14 11:36:47 -05:00
Freddy
3ec4556114
Merge pull request #10006 from hashicorp/api-ptrs
2021-04-14 10:21:08 -06:00
freddygv
8e74eaa684
Update viz endpoint to include topology from intentions
2021-04-14 10:20:15 -06:00
Freddy
55a3697b83
Merge pull request #9987 from hashicorp/remove-kube-dns-hack
2021-04-14 10:00:53 -06:00
Daniel Nephin
f01621c861
Add changelog for enterprise change
2021-04-14 11:50:15 -04:00
Mike Wickett
d35bd9c00c
Merge pull request #10008 from hashicorp/mw.update-homepage-links
...
website: update why hashicorp links
2021-04-14 10:57:29 -04:00
ketzacoatl
c8a6fbd994
add consul-haskell to libraries-and-sdks documentation ( #9982 )
...
See also https://github.com/alphaHeavy/consul-haskell/issues/40 .
2021-04-13 21:06:19 -04:00
freddygv
e1808af729
Fixup tests
2021-04-13 16:08:41 -06:00
Mike Wickett
73380a0dcc
website: update why hashicorp links
2021-04-13 15:55:15 -04:00
freddygv
7cb3f32672
Convert new tproxy structs in api module into ptrs
...
This way we avoid serializing these when empty. Otherwise users of the
latest version of the api submodule cannot interact with older versions
of Consul, because a new api client would send keys that the older Consul
doesn't recognize yet.
2021-04-13 12:44:25 -06:00
Freddy
1f119aec7c
Merge pull request #10005 from hashicorp/tproxy-fixes
2021-04-13 11:45:40 -06:00
Daniel Nephin
bbb9a73d9b
tlsutil: fix a test for go1.16
...
Using a TestSigner was causing problems because go1.16 has this change:
> CreateCertificate now verifies the generated certificate's signature
> using the signer's public key. If the signature is invalid, an error is
> returned, instead of a malformed certificate.
See https://golang.org/doc/go1.16#crypto/x509
2021-04-13 13:31:20 -04:00
Daniel Nephin
3e20bd25bd
connect: fix test for go1.16
...
There is no way to compare x509.CertPools now that it has an unexpected
function field. This comparison is as close as we can get.
See https://github.com/golang/go/issues/26614 for a related issue.
2021-04-13 13:25:45 -04:00
Freddy
8fc60a6ca6
Merge pull request #10000 from hashicorp/remove-upstream-cfg-validation
...
Remove zero-value validation of upstream cfg structs
2021-04-13 11:00:02 -06:00
freddygv
4e509aa768
Remove todo that was todone
2021-04-13 10:19:59 -06:00
freddygv
75edc9bc7c
Avoid nil panic when cluster config doesn't exist
2021-04-13 10:17:11 -06:00
Daniel Nephin
66567f4bc0
ci: test against Go1.16.3
2021-04-13 12:06:13 -04:00
Freddy
66de74767c
Merge pull request #10003 from hashicorp/proxycfg-tproxy-ent-fixup
...
Fixup wildcard ent assertion
2021-04-13 09:56:05 -06:00
freddygv
932fbddd27
Augment intention decision summary with DefaultAllow mode
2021-04-12 19:32:09 -06:00
freddygv
8857195437
Fixup wildcard ent assertion
2021-04-12 17:04:33 -06:00
Freddy
18decbba9d
Merge pull request #9999 from hashicorp/update-enabling-tproxy
2021-04-12 16:37:04 -06:00
Kendall Strautman
03df6f70f2
fix(website): docs link text color ( #10001 )
2021-04-12 13:47:12 -04:00
freddygv
b8ed82b808
Fixup bexpr filtering
2021-04-12 10:17:52 -06:00
freddygv
d7c43049fa
Remove zero-value validation of upstream cfg structs
...
The zero value of these flags was already being excluded in the xDS
generation of circuit breaker/outlier detection config.
See: makeThresholdsIfNeeded and ToOutlierDetection.
2021-04-12 10:08:57 -06:00
freddygv
7bd51ff536
Replace TransparentProxy bool with ProxyMode
...
This PR replaces the original boolean used to configure transparent
proxy mode. It was replaced with a string mode that can be set to:
- "": Empty string is the default for when the setting should be
defaulted from other configuration like config entries.
- "direct": Direct mode is how applications originally opted into the
mesh. Proxy listeners need to be dialed directly.
- "transparent": Transparent mode enables configuring Envoy as a
transparent proxy. Traffic must be captured and redirected to the
inbound and outbound listeners.
This PR also adds a struct for transparent proxy specific configuration.
Initially this is not stored as a pointer. Will revisit that decision
before GA.
2021-04-12 09:35:14 -06:00
freddygv
9e194b4b3c
Avoid failing test due to undiscoverable node name
2021-04-12 09:26:55 -06:00