Commit Graph

20078 Commits (b1d3ec0cdbd39ecdb84f9bbeb64693ad2197f0fd)

Author SHA1 Message Date
Semir Patel 53f49b2fa1
Enforce operator:write acl on `WriteStatus` endpoint (#17019) 2023-04-20 16:25:33 +00:00
Eric Haberkorn b1fae05983
Add sameness groups to service intentions. (#17064) 2023-04-20 12:16:04 -04:00
Eddie Rowe 863cd57117
fix broken links (#17032)
* fix broken links

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2023-04-20 16:12:11 +00:00
Ronald e07c09dbfb
Fix generated proto files (#17063)
* [COMPLIANCE] Add Copyright and License Headers

* generate proto

---------

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-04-20 13:31:49 +00:00
hashicorp-copywrite[bot] 9f81fc01e9
[COMPLIANCE] Add Copyright and License Headers (#16854)
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-04-20 12:40:22 +00:00
John Murret 577e5a9685
remove worklogs upload (#17056) 2023-04-19 16:29:36 -06:00
Paul Glass f4406e69b9
[NET-3091] Update service intentions to support jwt provider references (#17037)
* [NET-3090] Add new JWT provider config entry

* Add initial test cases

* update validations for jwt-provider config entry fields

* more validation

* start improving tests

* more tests

* Normalize

* Improve tests and move validate fns

* usage test update

* Add split between ent and oss for partitions

* fix lint issues

* Added retry backoff, fixed tests, removed unused defaults

* take into account default partitions

* use countTrue and add aliases

* omit audiences if empty

* fix failing tests

* add omit-entry

* Add JWT intentions

* generate proto

* fix deep copy issues

* remove extra field

* added some tests

* more tests

* add validation for creating existing jwt

* fix nil issue

* More tests, fix conflicts and improve memdb call

* fix namespace

* add aliases

* consolidate errors, skip duplicate memdb calls

* reworked iteration over config entries

* logic improvements from review

---------

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-04-19 18:16:39 -04:00
Paul Glass ac200cfec8
[NET-3090] Add new JWT provider config entry (#17036)
* [NET-3090] Add new JWT provider config entry

* Add initial test cases

* update validations for jwt-provider config entry fields

* more validation

* start improving tests

* more tests

* Normalize

* Improve tests and move validate fns

* usage test update

* Add split between ent and oss for partitions

* fix lint issues

* Added retry backoff, fixed tests, removed unused defaults

* take into account default partitions

* use countTrue and add aliases

* omit audiences if empty

* fix failing tests

* add omit-entry

* update copyright headers ids

---------

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-04-19 17:54:14 -04:00
Paul Glass 77ecff3209
Permissive mTLS (#17035)
This implements permissive mTLS , which allows toggling services into "permissive" mTLS mode.
Permissive mTLS mode allows incoming "non Consul-mTLS" traffic to be forward unmodified to the application.

* Update service-defaults and proxy-defaults config entries with a MutualTLSMode field
* Update the mesh config entry with an AllowEnablingPermissiveMutualTLS field and implement the necessary validation. AllowEnablingPermissiveMutualTLS must be true to allow changing to MutualTLSMode=permissive, but this does not require that all proxy-defaults and service-defaults are currently in strict mode.
* Update xDS listener config to add a "permissive filter chain" when MutualTLSMode=permissive for a particular service. The permissive filter chain matches incoming traffic by the destination port. If the destination port matches the service port from the catalog, then no mTLS is required and the traffic sent is forwarded unmodified to the application.
2023-04-19 14:45:00 -05:00
R.B. Boyer d07aac8d7e
Revert "cache: refactor agent cache fetching to prevent unnecessary f… (#16818) (#17046)
Revert "cache: refactor agent cache fetching to prevent unnecessary fetches on error (#14956)"

Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
2023-04-19 13:17:21 -05:00
Kyle Havlovitz bdc3dd14c2
Avoid decoding nil pointer in map walker (#17048) 2023-04-19 10:23:38 -07:00
John Murret 2cefa8d9bd
ci: remove test-integrations CircleCI workflow (#16928)
* remove all CircleCI files

* remove references to CircleCI

* remove more references to CircleCI

* pin golangci-lint to v1.51.1 instead of v1.51
2023-04-19 16:19:29 +00:00
John Murret d6f71834d0
ci: add test-integrations (#16915)
* add test-integrations workflow

* add test-integrations success job

* update vault integration testing versions (#16949)

* change parallelism to 4 forgotestsum.  use env.CONSUL_VERSION so we can see the version.

* use env for repeated values

* match test to circleci

* fix envvar

* fix envvar 2

* fix envvar 3

* fix envvar 4

* fix envvar 5

* make upgrade and compatibility tests match circleci

* run go env to check environment

* debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* revert debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* going back to command that worked 5 days ago for compatibility tests

* Update Envoy versions to reflect changes in #16889

* cd to test dir

* try running ubuntu latest

* update PR with latest changes that work in enterprise

* yaml still sucks

* test GH fix (localhost resolution)

* change for testing

* test splitting and ipv6 lookup for compatibility and upgrade tests

* fix indention

* consul as image name

* remove the on push

* add gotestsum back in

* removing the use of the gotestsum download action

* yaml sucks today just like yesterday

* fixing nomad tests

* worked out the kinks on enterprise

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Eikenberry <jae@zhar.net>
Co-authored-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
2023-04-18 20:45:30 -06:00
Luke Kysow 46212cc570
Don't send updates twice (#16999) 2023-04-18 10:41:58 -07:00
Kevin Wang 268f93e6f4
Bump the golang.org/x/net to 0.7.0 to address CVE-2022-41723 (#16754)
* Bump the golang.org/x/net to 0.7.0 to address CVE-2022-41723

https://nvd.nist.gov/vuln/detail/CVE-2022-41723

* Add changelog entry

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-04-18 17:31:08 +00:00
Andrei Komarov eb9f671eaf
api: enable query options on agent force-leave endpoint (#15987) 2023-04-18 11:31:48 -05:00
Poonam Jadhav 5d7a7ff041
feat: set up reporting agent (#16991) 2023-04-18 11:03:05 -04:00
Dhia Ayachi 711179db96
add ability to start container tests in debug mode and attach a debugger (#16887)
* add ability to start container tests in debug mode and attach a debugger to consul while running it.

* add a debug message with the debug port

* use pod to get the right port

* fix image used in basic test

* add more data to identify which container to debug.

* fix comment

Co-authored-by: Evan Culver <eculver@users.noreply.github.com>

* rename debugUri to debugURI

---------

Co-authored-by: Evan Culver <eculver@users.noreply.github.com>
2023-04-18 09:49:53 -04:00
Dan Upton a37a441991
server: wire up in-process Resource Service (#16978) 2023-04-18 10:03:23 +01:00
Jared Kirschner 0c846fa19b
docs: update docs related to GH-16779 (#17020) 2023-04-17 23:41:31 +00:00
Semir Patel 2f7d591702
Tenancy wildcard validaton for `Write`, `Read`, and `Delete` endpoints (#17004) 2023-04-17 16:33:20 -05:00
trujillo-adam f5725b414e
added an intro statement for the SI conf entry confiration model (#17017)
* added an intro statement for the SI conf entry confiration model

* caught a few more typos
2023-04-17 11:29:32 -07:00
trujillo-adam b7b3e6eb6e
fixed bad link (#17009) 2023-04-14 13:51:56 -07:00
Derek Menteer 87324c9ec8
Add PrioritizeByLocality to config entries. (#17007)
This commit adds the PrioritizeByLocality field to both proxy-config
and service-resolver config entries for locality-aware routing. The
field is currently intended for enterprise only, and will be used to
enable prioritization of service-mesh connections to services based
on geographical region / zone.
2023-04-14 15:42:54 -05:00
trujillo-adam 04b881a854
added missing error message content to troubleshooting (#17005) 2023-04-14 13:04:12 -07:00
Michael Wilkerson 0dd4ea2033
* added Sameness Group to proto files (#16998)
- added Sameness Group to config entries
- added Sameness Group to subscriptions

* generated proto files

* added Sameness Group events to the state store
- added test cases

* Refactored health RPC Client
- moved code that is common to rpcclient under rpcclient common.go. This will help set us up to support future RPC clients

* Refactored proxycfg glue views
- Moved views to rpcclient config entry. This will allow us to reuse this code for a config entry client

* added config entry RPC Client
- Copied most of the testing code from rpcclient/health

* hooked up new rpcclient in agent

* fixed documentation and comments for clarity
2023-04-14 09:24:46 -07:00
Dhia Ayachi 79d4040b6c
add IP rate limiting config update (#16997)
* add IP rate limiting config update

* fix review comments
2023-04-14 09:26:38 -04:00
Semir Patel 79b30476e0
Enforce Owner rules in `Write` endpoint (#16983) 2023-04-14 08:19:46 -05:00
Semir Patel 8611ec56f3
Fix delete when uid not provided (#16996) 2023-04-14 08:18:24 -05:00
Eric Haberkorn 44b39240a8
move enterprise test cases out of open source (#16985) 2023-04-13 09:07:06 -04:00
cskh 75bda84873
upgrade test: config nodeName, nodeid, and inherited persistent data for consul container (#16931) 2023-04-12 18:00:56 -04:00
Semir Patel b8c9e133be
Add mutate hook to `Write` endpoint (#16958) 2023-04-12 16:50:07 -05:00
Nathan Coleman 5410139575
Update list of Envoy versions (#16889)
* Update list of Envoy versions

* Update docs + CI + tests

* Add changelog entry

* Add newly-released Envoy versions 1.23.8 and 1.24.6

* Add newly-released Envoy version 1.22.11
2023-04-12 17:43:15 -04:00
Semir Patel 3b83c7ee9a
Enforce ACLs on resource `Write` and `Delete` endpoints (#16956) 2023-04-12 16:22:44 -05:00
Dan Bond 5ea2ad856a
circleci: remove frontend jobs (#16906)
* circleci: remove fronted jobs

Signed-off-by: Dan Bond <danbond@protonmail.com>

* remove frontend-cache

Signed-off-by: Dan Bond <danbond@protonmail.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-04-12 14:07:18 -07:00
Eric Haberkorn 6bab6696cc
add sameness to exported services structs in the api package (#16984) 2023-04-12 16:49:28 -04:00
Dhia Ayachi b85a149eaf
Memdb Txn Commit race condition fix (#16871)
* Add a test to reproduce the race condition

* Fix race condition by publishing the event after the commit and adding a lock to prevent out of order events.

* split publish to generate the list of events before committing the transaction.

* add changelog

* remove extra func

* Apply suggestions from code review

Co-authored-by: Dan Upton <daniel@floppy.co>

* add comment to explain test

---------

Co-authored-by: Dan Upton <daniel@floppy.co>
2023-04-12 13:18:01 -04:00
Dan Bond 1384b34b33
ci: split frontend ember jobs (#16973)
Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-04-12 04:48:09 +00:00
Nathan Coleman fdcbf67df9
Added backport labels to PR template checklist (#16966) 2023-04-11 19:18:11 +00:00
Poonam Jadhav 8255cc97f5
feat: add reporting config with reload (#16890) 2023-04-11 15:04:02 -04:00
John Murret 37569837a2
ci: remove build-distros from CircleCI (#16941) 2023-04-11 18:52:35 +00:00
Luke Kysow d3d7847ca1
Remove global.name requirement for APs (#16964)
This is not a requirement when using APs because each AP has its own
auth method so it's okay if the names overlap.
2023-04-11 11:41:33 -07:00
Dan Upton d595e6ade9
resource: `WriteStatus` endpoint (#16886) 2023-04-11 19:23:14 +01:00
Derek Menteer 2ef812f68b
Update docs for service-defaults overrides. (#16960)
Update docs for service-defaults overrides.

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-04-11 11:40:55 -05:00
Thomas Eckert 380d74ca95
Fix the indentation of the copyAnnotations example (#16873) 2023-04-11 15:34:52 +00:00
Derek Menteer 1bcaeabfc3
Remove deprecated service-defaults upstream behavior. (#16957)
Prior to this change, peer services would be targeted by service-default
overrides as long as the new `peer` field was not found in the config entry.
This commit removes that deprecated backwards-compatibility behavior. Now
it is necessary to specify the `peer` field in order for upstream overrides
to apply to a peer upstream.
2023-04-11 10:20:33 -05:00
Semir Patel 317240fca7
Resource validation hook for `Write` endpoint (#16950) 2023-04-11 06:55:32 -05:00
Semir Patel 686f49346c
Check acls on resource `Read`, `List`, and `WatchList` (#16842) 2023-04-11 06:10:14 -05:00
John Murret 2f524ae472
ci: build-artifacts - fix platform missing in manifest error (#16940)
* ci: build-artifacts - fix platform missing in manifest error

* remove platform key
2023-04-10 16:42:42 -06:00
John Murret be4a436a42
ci: remove go-tests workflow from CircleCI (#16855)
* remove go-tests workflow from CircleCI

* add yaml anchor back
2023-04-10 14:47:32 -06:00