consul

Commit Graph

Author	SHA1	Message	Date
freddygv	d90e30f009	Update spiffe ID patterns used for RBAC	3 years ago
freddygv	5e54f253d7	Expand testing of simplifyNotSourceSlice for partitions	3 years ago
freddygv	19da23be28	Expand testing of removeSameSourceIntentions for partitions	3 years ago
freddygv	beab0cd962	Account for partition when matching src intentions	3 years ago
Daniel Nephin	1f9479603c	Add failures_before_warning to checks (#10969 ) Signed-off-by: Jakub Sokołowski <jakub@status.im> * agent: add failures_before_warning setting The new setting allows users to specify the number of check failures that have to happen before a service status us updated to be `warning`. This allows for more visibility for detected issues without creating alerts and pinging administrators. Unlike the previous behavior, which caused the service status to not update until it reached the configured `failures_before_critical` setting, now Consul updates the Web UI view with the `warning` state and the output of the service check when `failures_before_warning` is breached. The default value of `FailuresBeforeWarning` is the same as the value of `FailuresBeforeCritical`, which allows for retaining the previous default behavior of not triggering a warning. When `FailuresBeforeWarning` is set to a value higher than that of `FailuresBeforeCritical it has no effect as `FailuresBeforeCritical` takes precedence. Resolves: https://github.com/hashicorp/consul/issues/10680 Signed-off-by: Jakub Sokołowski <jakub@status.im> Co-authored-by: Jakub Sokołowski <jakub@status.im>	3 years ago
Dhia Ayachi	b4d5860197	convert expiration indexed in ACLToken table to use `indexerSingle` (#11018 ) * move intFromBool to be available for oss * add expiry indexes * remove dead code: `TokenExpirationIndex` * fix remove indexer `TokenExpirationIndex` * fix rebase issue	3 years ago
Dhia Ayachi	11f44dfcf8	add locality indexer partitioning (#11016 ) * convert `Roles` index to use `indexerSingle` * split authmethod write indexer to oss and ent * add index locality * add locality unit tests * move intFromBool to be available for oss * use Bool func * refactor `aclTokenList` to merge func	3 years ago
Dhia Ayachi	ba4ee6e67c	convert `indexAuthMethod` index to use `indexerSingle` (#11014 ) * convert `Roles` index to use `indexerSingle` * fix oss build * split authmethod write indexer to oss and ent * add auth method unit tests	3 years ago
Paul Banks	b38e84df63	Include namespace and partition in error messages when validating ingress header manip	3 years ago
Paul Banks	1079089f20	Refactor HTTPHeaderModifiers.MergeDefaults based on feedback	3 years ago
Paul Banks	9e4e204e96	Fix enterprise test failures caused by differences in normalizing EnterpriseMeta	3 years ago
Paul Banks	3004eadd08	Fix enterprise discovery chain tests; Fix multi-level split merging	3 years ago
Paul Banks	b5ae00d753	Remove unnecessary check	3 years ago
Paul Banks	f1c0876b4c	Fix discovery chain test fixtures	3 years ago
Paul Banks	1b9632531a	Integration tests for all new header manip features	3 years ago
Paul Banks	e22cc9c53a	Header manip for split legs plumbing	3 years ago
Paul Banks	83fc8723a3	Header manip for service-router plumbed through	3 years ago
Paul Banks	f439dfc04f	Ingress gateway header manip plumbing	3 years ago
Paul Banks	d776a2d236	Add HTTP header manip for router and splitter entries	3 years ago
Paul Banks	46e4041283	Header manip and validation added for ingress-gateway entries	3 years ago
Dhia Ayachi	6cac30aa22	convert `Roles` index to use `indexerMulti` (#11013 ) * convert `Roles` index to use `indexerMulti` * add role test in oss * fix oss to use the right index func * preallocate slice	3 years ago
Dhia Ayachi	f3f0654038	convert indexPolicies in ACLTokens table to the new index (#11011 )	3 years ago
Dhia Ayachi	584faec6e3	convert indexSecret to the new index (#11007 )	3 years ago
Dhia Ayachi	6e6cf1c043	convert indexAccessor to the new index (#11002 )	3 years ago
Hans Hasselberg	13238dbab6	tls: consider presented intermediates during server connection tls handshake. (#10964 ) * use intermediates when verifying * extract connection state * remove useless import * add changelog entry * golint * better error * wording * collect errors * use SAN.DNSName instead of CommonName * Add test for unknown intermediate * improve changelog entry	3 years ago
Chris S. Kim	9bbfa048a2	Sync enterprise changes to oss (#10994 ) This commit updates OSS with files for enterprise-specific admin partitions feature work	3 years ago
Kyle Havlovitz	a14950025a	Merge pull request #10984 from hashicorp/mesh-resource acl: adding a new mesh resource	3 years ago
Dhia Ayachi	bc0e4f2f46	partition dicovery chains (#10983 ) * partition dicovery chains * fix default partition for OSS	3 years ago
Daniel Nephin	f063402b29	acl: remove ACL.IsSame The only caller of this method was removed in a recent commit along with replication.	3 years ago
Daniel Nephin	d63cef1219	acl: remove legacy ACL replication	3 years ago
R.B. Boyer	ee372a854a	acl: adding a new mesh resource	3 years ago
Dhia Ayachi	ced8329d80	try to infer command partition from node partition (#10981 )	3 years ago
Dhia Ayachi	09197c989c	add partition to SNI when partition is non default (#10917 )	3 years ago
Freddy	8d83d27674	connect: update envoy supported versions to latest patch release (#10961) Relevant advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h	3 years ago
Evan Culver	79c7e73618	rpc: authorize raft requests (#10925 )	3 years ago
hc-github-team-consul-core	cd3333ad6a	auto-updated agent/uiserver/bindata_assetfs.go from commit `eeeb91bea`	3 years ago
Chris S. Kim	1a9b2f09dd	ent->oss test fix (#10926 )	3 years ago
hc-github-team-consul-core	2d66c4ea13	auto-updated agent/uiserver/bindata_assetfs.go from commit `a907e1d87`	3 years ago
hc-github-team-consul-core	a163051dbb	auto-updated agent/uiserver/bindata_assetfs.go from commit `a0b0ed2bc`	3 years ago
Chris S. Kim	45dcc8b553	api: expose upstream routing configurations in topology view (#10811 ) Some users are defining routing configurations that do not have associated services. This commit surfaces these configs in the topology visualization. Also fixes a minor internal bug with non-transparent proxy upstream/downstream references.	3 years ago
R.B. Boyer	a6d22efb49	acl: some acl authz refactors for nodes (#10909 )	3 years ago
hc-github-team-consul-core	11b1dc1f97	auto-updated agent/uiserver/bindata_assetfs.go from commit `a777b0a9b`	3 years ago
hc-github-team-consul-core	5e31421602	auto-updated agent/uiserver/bindata_assetfs.go from commit `8192dde48`	3 years ago
R.B. Boyer	5b6d96d27d	grpc: ensure that streaming gRPC requests work over mesh gateway based wan federation (#10838 ) Fixes #10796	3 years ago
hc-github-team-consul-core	4993d877d9	auto-updated agent/uiserver/bindata_assetfs.go from commit `05a28c311`	3 years ago
freddygv	01936ddb70	Avoid passing zero value into variadic	3 years ago
freddygv	f52bd80f6d	Update comment for test function	3 years ago
freddygv	af52d21884	Update prepared query cluster SAN validation Previously SAN validation for prepared queries was broken because we validated against the name, namespace, and datacenter for prepared queries. However, prepared queries can target: - Services with a name that isn't their own - Services in multiple datacenters This means that the SpiffeID to validate needs to be based on the prepared query endpoints, and not the prepared query's upstream definition. This commit updates prepared query clusters to account for that.	3 years ago
freddygv	85878685b7	Fixup proxy config test fixtures - The TestNodeService helper created services with the fixed name "web", and now that name is overridable. - The discovery chain snapshot didn't have prepared query endpoints so the endpoints tests were missing data for prepared queries	3 years ago
R.B. Boyer	fb27c1b24f	agent: add partition labels to catalog API metrics where appropriate (#10890 )	3 years ago
R.B. Boyer	d66a43f5f2	fixing various bits of enterprise meta plumbing to be more correct (#10889 )	3 years ago
Dhia Ayachi	1950ebbe1f	oss portion of ent #1069 (#10883 )	3 years ago
R.B. Boyer	ac41e30614	state: partition the nodes.uuid and nodes.meta indexes as well (#10882 )	3 years ago
R.B. Boyer	097e1645e3	agent: ensure that most agent behavior correctly respects partition configuration (#10880 )	3 years ago
Daniel Nephin	271352dbb7	Merge pull request #10849 from hashicorp/dnephin/contrib-doc-xds-auth xds: document how authorization works	3 years ago
R.B. Boyer	e44bce3c4f	state: partition the usage metrics subsystem (#10867 )	3 years ago
Daniel Nephin	8252a2691c	xds: document how authorization works	3 years ago
R.B. Boyer	613dd7d053	state: adjust streaming event generation to account for partitioned nodes (#10860 ) Also re-enabled some tests that had to be disabled in the prior PR.	3 years ago
R.B. Boyer	310e775a8a	state: partition nodes and coordinates in the state store (#10859 ) Additionally: - partitioned the catalog indexes appropriately for partitioning - removed a stray reference to a non-existent index named "node.checks"	3 years ago
Daniel Nephin	01bf115c2b	acl: small improvements to ACLResolver disable due to RPC error Remove the error return, so that not handling is not reported as an error by errcheck. It was returning the error passed as an arg unmodified so there is no reason to return the same value that was passed in. Remove the term upstreams to remove any confusion with the term used in service mesh. Remove the AutoDisable field, and replace it with the TTL value, using 0 to indicate the setting is turned off. Replace "not Before" with "After". Add some test coverage to show the behaviour is still correct.	3 years ago
Daniel Nephin	d5498770fa	acl: make ACLDisabledTTL a constant This field was never user-configurable. We always overwrote the value with 120s from NonUserSource. However, we also never copied the value from RuntimeConfig to consul.Config, So the value in NonUserSource was always ignored, and we used the default value of 30s set by consul.DefaultConfig. All of this code is an unnecessary distraction because a user can not actually configure this value. This commit removes the fields and uses a constant value instad. Someone attempting to set acl.disabled_ttl in their config will now get an error about an unknown field, but previously the value was completely ignored, so the new behaviour seems more correct. We have to keep this field in the AutoConfig response for backwards compatibility, but the value will be ignored by the client, so it doesn't really matter what value we set.	3 years ago
Daniel Nephin	abd2e160f9	Fix test failures Tests only specified one of the fields, but in production we copy the value from a single place, so we can do the same in tests. The AutoConfig test broke because of the problem noticed in a previous commit. The DisabledTTL is not wired up properly so it reports 0s here. Changed the test to use an explicit value.	3 years ago
Daniel Nephin	17841248dd	config: remove ACLResolver settings from RuntimeConfig	3 years ago
Daniel Nephin	31e034215f	acl: remove ACLResolver config fields from consul.Config	3 years ago
Daniel Nephin	d4701903f6	acl: replace ACLResolver.Config with its own struct This is step toward decoupling ACLResolver from the agent/consul package.	3 years ago
Daniel Nephin	c2b24adb5f	acl: remove ACLRulesTranslateLegacyToken API endpoint	3 years ago
Daniel Nephin	b7bced9bcf	acl: remove legacy bootstrap Return an explicit error from the RPC, and remove the flag from the HTTP API.	3 years ago
Daniel Nephin	858071d55a	agent: update some tests that were using legacy ACL endpoints The tests were updated to use the new ACL endpoints now that the legacy ones have been removed.	3 years ago
Daniel Nephin	7ecd2e5466	http: update legacy ACL endpoints to return an error Also move a test for the ACLReplicationStatus endpoint into the correct file.	3 years ago
Daniel Nephin	9671dd6b97	acl: add some notes about removing legacy ACL system	3 years ago
Daniel Nephin	887d11923b	Merge pull request #10792 from hashicorp/dnephin/rename-authz-vars acl: use authz consistently as the variable name for an acl.Authorizer	3 years ago
Daniel Nephin	c85c62dffb	Merge pull request #10807 from hashicorp/dnephin/remove-acl-datacenter config: remove ACLDatacenter	3 years ago
Daniel Nephin	e637cd71f3	acl: use authz consistently as the variable name for an acl.Authorizer Follow up to https://github.com/hashicorp/consul/pull/10737#discussion_r682147950 Renames all variables for acl.Authorizer to use `authz`. Previously some places used `rule` which I believe was an old name carried over from the legacy ACL system. A couple places also used authorizer. This commit also removes another couple of authorizer nil checks that are no longer necessary.	3 years ago
hc-github-team-consul-core	ed85684d96	auto-updated agent/uiserver/bindata_assetfs.go from commit `ae9c31338`	3 years ago
Kyle Havlovitz	fa5df0349d	Merge pull request #10843 from hashicorp/partitions/rename-default oss: Rename default partition	3 years ago
Kyle Havlovitz	073b6c8411	oss: Rename default partition	3 years ago
Daniel Nephin	0575498d0d	proxycfg: Lookup the agent token as a default When no ACL token is provided with the service registration.	3 years ago
Daniel Nephin	b313f495b8	proxycfg: Add a test to show the bug When a token is not provided at registration, the agent token is not being used.	3 years ago
Mike Morris	3bae53a989	deps: upgrade gogo-protobuf to v1.3.2 (#10813 ) * deps: upgrade gogo-protobuf to v1.3.2 * go mod tidy using go 1.16 * proto: regen protobufs after upgrading gogo/protobuf Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	3 years ago
Mark Anderson	d3cebbd32c	Fixup to support unix domain socket via command line (#10758 ) Missed the need to add support for unix domain socket config via api/command line. This is a variant of the problems described in it is easy to drop one. Signed-off-by: Mark Anderson <manderson@hashicorp.com>	3 years ago
hc-github-team-consul-core	199e850d16	auto-updated agent/uiserver/bindata_assetfs.go from commit `ab6a67520`	3 years ago
Daniel Nephin	67fc97522f	server: remove defaulting of PrimaryDatacenter The constructor for Server is not at all the appropriate place to be setting default values for a config struct that was passed in. In production this value is always set from agent/config. In tests we should set the default in a test helper.	3 years ago
Daniel Nephin	d3325b0253	Merge pull request #10612 from bigmikes/acl-replication-fix acl: acl replication routine to report the last error message	3 years ago
Daniel Nephin	7160f7a614	acl: remove ACLDatacenter This field has been unnecessary for a while now. It was always set to the same value as PrimaryDatacenter. So we can remove the duplicate field and use PrimaryDatacenter directly. This change was made by GoLand refactor, which did most of the work for me.	3 years ago
Giulio Micheloni	d4a3fe33e8	String type instead of error type and changelog.	3 years ago
Daniel Nephin	b837ba35a0	acl: remove Server.ResolveTokenIdentityAndDefaultMeta This method suffered from similar naming to a couple other methods on Server, and had not great re-use (2 callers). By copying a few of the lines into one of the callers we can move the implementation into the second caller. Once moved, we can see that ResolveTokenAndDefaultMeta is identical in both Client and Server, and likely should be further refactored, possibly into ACLResolver. This change is being made to make ACL resolution easier to trace.	3 years ago
Daniel Nephin	6cf6e7c5fe	acl: remove Server.ResolveTokenToIdentityAndAuthorizer This method was an alias for ACLResolver.ResolveTokenToIdentityAndAuthorizer. By removing the method that does nothing the code becomes easier to trace.	3 years ago
Daniel Nephin	cc4f155801	acl: recouple acl filtering from ACLResolver ACL filtering only needs an authorizer and a logger. We can decouple filtering from the ACLResolver by passing in the necessary logger. This change is being made in preparation for moving the ACLResolver into an acl package	3 years ago
Daniel Nephin	111f3620a8	acl: remove unused error return filterACLWithAuthorizer could never return an error. This change moves us a little bit closer to being able to enable errcheck and catch problems caused by unhandled error return values.	3 years ago
Daniel Nephin	c0100543d0	acl: rename acl.Authorizer vars to authz For consistency	3 years ago
Daniel Nephin	4f5477ccfa	acl: move vet functions These functions are moved to the one place they are called to improve code locality. They are being moved out of agent/consul/acl.go in preparation for moving ACLResolver to an acl package.	3 years ago
Daniel Nephin	c4eadb6b96	acl: move vetRegisterWithACL and vetDeregisterWithACL These functions are used in only one place. Move the functions next to their one caller to improve code locality. This change is being made in preparation for moving the ACLResolver into an acl package. The moved functions were previously in the same file as the ACLResolver. By moving them out of that file we may be able to move the entire file with fewer modifications.	3 years ago
Daniel Nephin	1deba421c7	Merge pull request #10770 from hashicorp/dnephin/log-cert-expiration telemetry: add log message when certs are about to expire	3 years ago
Daniel Nephin	0c42b38c92	Merge pull request #10793 from hashicorp/dnephin/acl-intentions acl: small cleanup of a couple Authorization flows	3 years ago
Dhia Ayachi	b495036823	defer setting the state before returning to avoid stuck in `INITIALIZING` state (#10630 ) * defer setting the state before returning to avoid being stuck in `INITIALIZING` state * add changelog * move comment with the right if statement * ca: report state transition error from setSTate * update comment to reflect state transition Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	3 years ago
Daniel Nephin	e94016872a	Merge pull request #10768 from hashicorp/dnephin/agent-tls-cert-expiration-metric telemetry: add Agent TLS Certificate expiration metric	3 years ago
Daniel Nephin	c718de730b	acl: remove special handling of services in txn_endpoint Follow up to: https://github.com/hashicorp/consul/pull/10738#discussion_r680190210 Previously we were passing an Authorizer that would always allow the operation, then later checking the authorization using vetServiceTxnOp. On the surface this seemed strange, but I think it was actually masking a bug as well. Over time `servicePreApply` was changed to add additional authorization for `service.Proxy.DestinationServiceName`, but because we were passing a nil Authorizer, that authorization was not handled on the txn_endpoint. `TxnServiceOp.FillAuthzContext` has some special handling in enterprise, so we need to make sure to continue to use that from the Txn endpoint. This commit removes the `vetServiceTxnOp` function, and passes in the `FillAuthzContext` function so that `servicePreApply` can be used by both the catalog and txn endpoints. This should be much less error prone and prevent bugs like this in the future.	3 years ago
hc-github-team-consul-core	af9acf4943	auto-updated agent/uiserver/bindata_assetfs.go from commit `bcd53e73a`	3 years ago
Daniel Nephin	5b2e5882b4	acl: move check for Intention.DestinationName into Authorizer Follow up to https://github.com/hashicorp/consul/pull/10737#discussion_r680134445 Move the check for the Intention.DestinationName into the Authorizer to remove the need to check what kind of Authorizer is being used. It sounds like this check is only for legacy ACLs, so is probably just a safeguard .	3 years ago
Daniel Nephin	bbce192b4d	Merge pull request #10738 from hashicorp/dnephin/remove-authorizer-nil-checks-2 acl: remove the last of the authz == nil checks	3 years ago
Daniel Nephin	9cdd823ffc	Merge pull request #10737 from hashicorp/dnephin/remove-authorizer-nil-checks acl: remove authz == nil checks	3 years ago
Daniel Nephin	0e58e1ac4b	telemetry: add log message when certs are about to expire	3 years ago
Daniel Nephin	9420506fae	telemetry: fix a couple bugs in cert expiry metrics 1. do not emit the metric if Query fails 2. properly check for PrimaryUsersIntermediate, the logic was inverted Also improve the logging by including the metric name in the log message	3 years ago
Daniel Nephin	8c575445da	telemetry: add a metric for agent TLS cert expiry	3 years ago
Dhia Ayachi	cfa9cf6d84	fix state index for `CAOpSetRootsAndConfig` op (#10675 ) * fix state index for `CAOpSetRootsAndConfig` op * add changelog * Update changelog Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * remove the change log as it's not needed Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	3 years ago
hc-github-team-consul-core	2f6c95011b	auto-updated agent/uiserver/bindata_assetfs.go from commit `8ad1ab9c0`	3 years ago
Evan Culver	710bd90ef7	checks: Add Interval and Timeout to API response (#10717 )	3 years ago
Daniel Nephin	8cf1aa1bda	acl: Remove the remaining authz == nil checks These checks were a bit more involved. They were previously skipping some code paths when the authorizer was nil. After looking through these it seems correct to remove the authz == nil check, since it will never evaluate to true.	3 years ago
Daniel Nephin	dc50b36b0f	acl: remove acl == nil checks	3 years ago
Daniel Nephin	4f1a36629a	acl: remove authz == nil checks These case are already impossible conditions, because most of these functions already start with a check for ACLs being disabled. So the code path being removed could never be reached. The one other case (ConnectAuthorized) was already changed in a previous commit. This commit removes an impossible branch because authz == nil can never be true.	3 years ago
Daniel Nephin	f497d5ab30	acl: remove many instances of authz == nil	3 years ago
Daniel Nephin	b8ae00c23b	agent: remove unused agent methods These methods are no longer used. Remove the methods, and update the tests to use actual method used by production code. Also removes the 'authz == nil' check is no longer a possible code path now that we are returning a non-nil acl.Authorizer when ACLs are disabled.	3 years ago
Daniel Nephin	9dd6d26d05	acl: remove rule == nil checks	3 years ago
hc-github-team-consul-core	323039dd06	auto-updated agent/uiserver/bindata_assetfs.go from commit `2ee501be8`	3 years ago
Daniel Nephin	97fed47708	Merge pull request #10632 from hashicorp/pairing/acl-authorizer-when-acl-disabled acls: Update ACL authorizer to return meaningful permission when ACLs are disabled	3 years ago
Evan Culver	727b81a757	Fix intention endpoint test	3 years ago
Daniel Nephin	84fac3ce0e	acl: use acl.ManangeAll when ACLs are disabled Instead of returning nil and checking for nilness Removes a bunch of nil checks, and fixes one test failures.	3 years ago
Blake Covarrubias	11f1f3fe34	Add OSS changes for specifying audit log permission mode	3 years ago
Daniel Nephin	d2b58cd0d6	Merge pull request #10707 from hashicorp/dnephin/streaming-setup-default-timeout streaming: set default query timeout	3 years ago
Daniel Nephin	242b3a2dc5	streaming: set a default timeout The blocking query backend sets the default value on the server side. The streaming backend does not using blocking queries, so we must set the timeout on the client.	3 years ago
hc-github-team-consul-core	9c33505aef	auto-updated agent/uiserver/bindata_assetfs.go from commit `eb5512fb7`	3 years ago
Chris S. Kim	9c3af1a429	sync enterprise files with oss (#10705 )	3 years ago
Daniel Nephin	8cfbc8e7c9	http: don't log an error if the request is cancelled Now that we have at least one endpoint that uses context for cancellation we can encounter this scenario where the returned error is a context.Cancelled or context.DeadlineExceeded. If the request.Context().Err() is not nil, then we know the request itself was cancelled, so we can log a different message at Info level, instad of the error.	3 years ago
Daniel Nephin	a0b114968e	Merge pull request #10399 from hashicorp/dnephin/debug-stream-metrics debug: use the new metrics stream in debug command	3 years ago
Daniel Nephin	e58a074bde	http: add tests for AgentMetricsStream	3 years ago
Daniel Nephin	beea1c2218	http: emit indented JSON in the metrics stream endpoint To remove the need to decode and re-encode in the CLI	3 years ago
Daniel Nephin	c3149ec0fd	debug: use the new metrics stream in debug command	3 years ago
Freddy	ff9700b068	Reset root prune interval after TestLeader_CARootPruning completes #10645 Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	3 years ago
Chris S. Kim	91c90a672a	agent: update proxy upstreams to inherit namespace from service (#10688 )	3 years ago
Freddy	19f6e1ca31	Log the correlation ID when blocking queries fire (#10689 ) Knowing that blocking queries are firing does not provide much information on its own. If we know the correlation IDs we can piece together which parts of the snapshot have been populated. Some of these responses might be empty from the blocking query timing out. But if they're returning quickly I think we can reasonably assume they contain data.	3 years ago
R.B. Boyer	3343c7cb3a	state: refactor some node/coordinate state store functions to take an EnterpriseMeta (#10687 ) Note the field is not used yet.	3 years ago
R.B. Boyer	96b97d6554	replumbing a bunch of api and agent structs for partitions (#10681 )	3 years ago
R.B. Boyer	fc9b1a277d	sync changes to oss files made in enterprise (#10670 )	3 years ago
R.B. Boyer	188e8dc51f	agent/structs: add a bunch more EnterpriseMeta helper functions to help with partitioning (#10669 )	3 years ago
Dhia Ayachi	c6859b3fb0	config raft apply silent error (#10657 ) * return an error when the index is not valid * check response as bool when applying `CAOpSetConfig` * remove check for bool response * fix error message and add check to test * fix comment * add changelog	3 years ago
Freddy	cf4821885d	Avoid panic on concurrent writes to cached service config map (#10647 ) If multiple instances of a service are co-located on the same node then their proxies will all share a cache entry for their resolved service configuration. This is because the cache key contains the name of the watched service but does not take into account the ID of the watching proxies. This means that there will be multiple agent service manager watches that can wake up on the same cache update. These watchers then concurrently modify the value in the cache when merging the resolved config into the local proxy definitions. To avoid this concurrent map write we will only delete the key from opaque config in the local proxy definition after the merge, rather than from the cached value before the merge.	3 years ago
hc-github-team-consul-core	139717d3f8	auto-updated agent/uiserver/bindata_assetfs.go from commit `1eb7a83ee`	3 years ago
Blake Covarrubias	a0cd3dd88e	Add DNS recursor strategy option (#10611 ) This change adds a new `dns_config.recursor_strategy` option which controls how Consul queries DNS resolvers listed in the `recursors` config option. The supported options are `sequential` (default), and `random`. Closes #8807 Co-authored-by: Blake Covarrubias <blake@covarrubi.as> Co-authored-by: Priyanka Sengupta <psengupta@flatiron.com>	3 years ago
Daniel Nephin	499250cbf1	Merge pull request #10396 from hashicorp/dnephin/fix-more-data-races Fix some data races	3 years ago
Daniel Nephin	1c8ac9cd4b	Merge pull request #10009 from hashicorp/dnephin/trim-dns-response-with-edns dns: properly trim response when EDNS is used	3 years ago
Daniel Nephin	a77575e93e	acl: use SetHash consistently in testPolicyForID A previous commit used SetHash on two of the cases to fix a data race. This commit applies that change to all cases. Using SetHash in this test helper should ensure that the test helper behaves closer to production.	3 years ago
Daniel Nephin	4bf58d8e6a	dns: improve naming of error to match DNS terminology Co-authored-by: Blake Covarrubias <blake@covarrubi.as>	3 years ago
Dhia Ayachi	f0cd1441a9	fix truncate when NS is set Also: fix test to catch the issue	3 years ago
Evan Culver	0527dcff57	acls: Show `AuthMethodNamespace` when reading/listing ACL token meta (#10598 )	3 years ago
Daniel Nephin	bb675139c1	Merge pull request #10567 from hashicorp/dnephin/config-unexport-build config: unexport the remaining builder methods	3 years ago
Freddy	12b7e07d5c	Merge pull request #10621 from hashicorp/vuln/validate-sans	3 years ago
Daniel Nephin	bb7fb21004	Fix godoc comment Co-authored-by: Freddy <freddygv@users.noreply.github.com>	3 years ago
R.B. Boyer	20feb42d3a	xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619 )	3 years ago
hc-github-team-consul-core	58807668bd	auto-updated agent/uiserver/bindata_assetfs.go from commit `0762da3a6`	3 years ago
Giulio Micheloni	814ef6b103	acl: fix error type into a string type for serialization issue acl_endpoint_test.go:507: Error Trace: acl_endpoint_test.go:507 retry.go:148 retry.go:149 retry.go:103 acl_endpoint_test.go:504 Error: Received unexpected error: codec.decoder: decodeValue: Cannot decode non-nil codec value into nil error (1 methods) Test: TestACLEndpoint_ReplicationStatus	3 years ago

1 2 3 4 5 ...

3676 Commits (8e9773e20b0ee92cc2a5d34f9b5b52546a4c7b58)