hc-github-team-consul-core
e372bf3935
Backport of fix: persist peering CA updates to dialing clusters into release/1.14.x ( #15265 )
...
This pull request was automerged via backport-assistant
2022-11-04 12:53:44 -04:00
hc-github-team-consul-core
904a4c3836
Backport of Backport tests from ent. into release/1.14.x ( #15262 )
...
This pull request was automerged via backport-assistant
2022-11-04 11:19:44 -04:00
hc-github-team-consul-core
0093b81cda
Backport of Backport test from ENT: "Fix missing test fields" into release/1.14.x ( #15261 )
...
This pull request was automerged via backport-assistant
2022-11-04 10:29:37 -04:00
hc-github-team-consul-core
953e104c3e
Backport of Backport various fixes from ENT. into release/1.14.x ( #15257 )
...
This pull request was automerged via backport-assistant
2022-11-03 17:35:21 -04:00
hc-github-team-consul-core
aea08688bd
Backport of Added check for empty peeringsni in restrictPeeringEndpoints into release/1.14.x ( #15240 )
...
This pull request was automerged via backport-assistant
2022-11-02 18:21:09 -04:00
hc-github-team-consul-core
6ea60aa363
backport of commit cf9244fb73
( #15232 )
...
This pull request was automerged via backport-assistant
2022-11-02 08:57:19 -04:00
hc-github-team-consul-core
6def795f56
backport of commit b4a7cf11f8
( #15226 )
...
This pull request was automerged via backport-assistant
2022-11-01 15:03:44 -04:00
hc-github-team-consul-core
815397b46a
backport of commit 2e4ce70921
( #15210 )
...
This pull request was automerged via backport-assistant
2022-10-31 15:30:54 -04:00
hc-github-team-consul-core
1d8778173a
Backport of test: fix flaky TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages test into release/1.14.x ( #15207 )
...
This pull request was automerged via backport-assistant
2022-10-31 13:11:24 -04:00
hc-github-team-consul-core
2603ff0f02
Backport of connect: Add Envoy 1.24 to integration tests, remove Envoy 1.20 into release/1.14.x ( #15202 )
...
This pull request was automerged via backport-assistant
2022-10-31 11:51:08 -04:00
hc-github-team-consul-core
1d5ae30946
backport of commit c7aee51b3d
( #15201 )
...
This pull request was automerged via backport-assistant
2022-10-31 10:56:53 -04:00
hc-github-team-consul-core
7439701133
Backport of Fix peered service protocols using proxy-defaults. into release/1.14.x ( #15200 )
...
This pull request was automerged via backport-assistant
2022-10-31 09:45:26 -04:00
hc-github-team-consul-core
37f04934c8
backport of commit 584db775ca
( #15179 )
...
This pull request was automerged via backport-assistant
2022-10-28 10:51:32 -04:00
hc-github-team-consul-core
a71f0aa105
Backport of Allow consul debug on non-ACL consul servers into release/1.14.x ( #15167 )
...
This pull request was automerged via backport-assistant
2022-10-27 09:26:06 -04:00
hc-github-team-consul-core
8e7e929875
Backport of fix(peering): nil pointer in calling handleUpdateService into release/1.14.x ( #15162 )
...
This pull request was automerged via backport-assistant
2022-10-26 11:50:55 -04:00
hc-github-team-consul-core
d5533bd8e0
backport of commit bf691461a0
( #15152 )
...
This pull request was automerged via backport-assistant
2022-10-25 14:50:16 -04:00
hc-github-team-consul-core
35fb3cb433
Backport of Update go version to 1.19 into release/1.14.x ( #15139 )
...
This pull request was automerged via backport-assistant
2022-10-24 16:12:42 -04:00
hc-github-team-consul-core
0602b98a06
Backport of fix(peering): replicating wan address into release/1.14.x ( #15138 )
...
This pull request was automerged via backport-assistant
2022-10-24 15:45:27 -04:00
hc-github-team-consul-core
c72c89b581
Backport of proxycfg: watch service-defaults config entries into release/1.14.x ( #15134 )
...
This pull request was automerged via backport-assistant
2022-10-24 14:51:05 -04:00
hc-github-team-consul-core
a1e0082f09
backport of commit 2a2634178b
( #15133 )
...
This pull request was automerged via backport-assistant
2022-10-24 14:21:11 -04:00
hc-github-team-consul-core
39f665a1ef
backport of commit 62688107af
( #15129 )
...
This pull request was automerged via backport-assistant
2022-10-24 14:10:23 -04:00
hc-github-team-consul-core
14569eaa43
backport of commit 2ac78eae03
( #15124 )
...
This pull request was automerged via backport-assistant
2022-10-24 12:48:24 -04:00
hc-github-team-consul-core
6530f515bb
Backport of Committing for - 15055 into release/1.14.x ( #15121 )
...
This pull request was automerged via backport-assistant
2022-10-24 11:41:43 -04:00
freddygv
d65e60de86
Return forbidden on permission denied
...
This commit updates the establish endpoint to bubble up a 403 status
code to callers when the establishment secret from the token is invalid.
This is a signal that a new peering token must be generated.
2022-10-20 17:11:49 -06:00
Chris S. Kim
a7ea26192b
Update expected encoding in test
...
go-memdb was updated in v1.3.3 to make integers in indexes sortable, which changed how integers were encoded.
2022-10-20 14:32:42 -04:00
freddygv
6d9be5fb15
Use plain TaggedAddressWAN
2022-10-19 16:32:44 -06:00
freddygv
8d211cc9cc
Add unit test
2022-10-19 16:26:15 -06:00
cskh
058ee4fb84
fix: wan address isn't used by peering token
2022-10-19 16:33:25 -04:00
Nitya Dhanushkodi
5e156772f6
Remove ability to specify external addresses in GenerateToken endpoint ( #14930 )
...
* Reverts "update generate token endpoint to take external addresses (#13844 )"
This reverts commit f47319b7c6
.
2022-10-19 09:31:36 -07:00
Kyle Havlovitz
5c3427608b
Merge pull request #15035 from hashicorp/vault-ttl-update-warn
...
Warn instead of returning error when missing intermediate mount tune permissions
2022-10-18 15:41:52 -07:00
cskh
d562d363fc
peering: skip registering duplicate node and check from the peer ( #14994 )
...
* peering: skip register duplicate node and check from the peer
* Prebuilt the nodes map and checks map to avoid repeated for loop
* use key type to struct: node id, service id, and check id
2022-10-18 16:19:24 -04:00
Chris S. Kim
29a297d3e9
Refactor client RPC timeouts ( #14965 )
...
Fix an issue where rpc_hold_timeout was being used as the timeout for non-blocking queries. Users should be able to tune read timeouts without fiddling with rpc_hold_timeout. A new configuration `rpc_read_timeout` is created.
Refactor some implementation from the original PR 11500 to remove the misleading linkage between RPCInfo's timeout (used to retry in case of certain modes of failures) and the client RPC timeouts.
2022-10-18 15:05:09 -04:00
Kyle Havlovitz
d122108992
Warn instead of returning an error when intermediate mount tune permission is missing
2022-10-18 12:01:25 -07:00
R.B. Boyer
0cca4c088d
test: possibly fix flake in TestIntentionGetExact ( #15021 )
...
Restructure test setup to be similar to TestAgent_ServerCertificate
and see if that's enough to avoid flaking after join.
2022-10-18 10:51:20 -05:00
R.B. Boyer
fe2d41ddad
cache: prevent goroutine leak in agent cache ( #14908 )
...
There is a bug in the error handling code for the Agent cache subsystem discovered:
1. NotifyCallback calls notifyBlockingQuery which calls getWithIndex in
a loop (which backs off on-error up to 1 minute)
2. getWithIndex calls fetch if there’s no valid entry in the cache
3. fetch starts a goroutine which calls Fetch on the cache-type, waits
for a while (again with backoff up to 1 minute for errors) and then
calls fetch to trigger a refresh
The end result being that every 1 minute notifyBlockingQuery spawns an
ancestry of goroutines that essentially lives forever.
This PR ensures that the goroutine started by `fetch` cancels any prior
goroutine spawned by the same line for the same key.
In isolated testing where a cache type was tweaked to indefinitely
error, this patch prevented goroutine counts from skyrocketing.
2022-10-17 14:38:10 -05:00
R.B. Boyer
02a858efa0
ca: fix a masked bug in leaf cert generation that would not be notified of root cert rotation after the first one ( #15005 )
...
In practice this was masked by #14956 and was only uncovered fixing the
other bug.
go test ./agent -run TestAgentConnectCALeafCert_goodNotLocal
would fail when only #14956 was fixed.
2022-10-17 13:24:27 -05:00
Chris S. Kim
3d2dffff16
Merge pull request #13388 from deblasis/feature/health-checks_windows_service
...
Feature: Health checks windows service
2022-10-17 09:26:19 -04:00
Dan Upton
f8b4b41205
proxycfg: fix goroutine leak when service is re-registered ( #14988 )
...
Fixes a bug where we'd leak a goroutine in state.run when the given
context was canceled while there was a pending update.
2022-10-17 11:31:10 +01:00
Kyle Havlovitz
aaf892a383
Extend tcp keepalive settings to work for terminating gateways as well
2022-10-14 17:05:46 -07:00
Kyle Havlovitz
2c569f6b9c
Update docs and add tcp_keepalive_probes setting
2022-10-14 17:05:46 -07:00
Kyle Havlovitz
2242d1ec4a
Add TCP keepalive settings to proxy config for mesh gateways
2022-10-14 17:05:46 -07:00
Derek Menteer
2a33d0ff96
Fix issue with incorrect method signature on test.
2022-10-14 11:04:57 -05:00
Freddy
24d0c8801a
Merge pull request #14981 from hashicorp/peering/dial-through-gateways
2022-10-14 09:44:56 -06:00
Dan Upton
328e3ff563
proxycfg: rate-limit delivery of config snapshots ( #14960 )
...
Adds a user-configurable rate limiter to proxycfg snapshot delivery,
with a default limit of 250 updates per second.
This addresses a problem observed in our load testing of Consul
Dataplane where updating a "global" resource such as a wildcard
intention or the proxy-defaults config entry could starve the Raft or
Memberlist goroutines of CPU time, causing general cluster instability.
2022-10-14 15:52:00 +01:00
Derek Menteer
29ebcf5ff0
Add tests for peering state snapshots / restores.
2022-10-14 09:48:04 -05:00
Derek Menteer
e3ff9912d0
Add test for ExportedServicesForAllPeersByName
2022-10-14 09:48:04 -05:00
Dan Upton
e6b55d1d81
perf: remove expensive reflection from xDS hot path ( #14934 )
...
Replaces the reflection-based implementation of proxycfg's
ConfigSnapshot.Clone with code generated by deep-copy.
While load testing server-based xDS (for consul-dataplane) we discovered
this method is extremely expensive. The ConfigSnapshot struct, directly
or indirectly, contains a copy of many of the structs in the agent/structs
package, which creates a large graph for copystructure.Copy to traverse
at runtime, on every proxy reconfiguration.
2022-10-14 10:26:42 +01:00
freddygv
c77123a2aa
Use split var in tests
2022-10-13 17:12:47 -06:00
freddygv
bf51021c07
Use split wildcard partition name
...
This way OSS avoids passing a non-empty label, which will be rejected in
OSS consul.
2022-10-13 16:55:28 -06:00
Freddy
ee4cdc4985
Merge pull request #14935 from hashicorp/fix/alias-leak
2022-10-13 16:31:15 -06:00