Commit Graph

4952 Commits (b345f184c2296141b5e1e92bb93b6bff7dff06d0)

Author SHA1 Message Date
hc-github-team-consul-core 7dccf73d21
backport of commit ccf91c7b7f (#17384)
Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-05-16 10:17:02 +00:00
malizz 6a2c87739e
fix test on 1.15.x branch (#17374) 2023-05-15 12:15:21 -07:00
Eric Haberkorn ef072a84b8
sidecar-proxy refactor (#17336) 2023-05-15 10:50:29 -04:00
Dan Bond 71651953ef
agent: prevent very old servers re-joining a cluster with stale data (#17357)
Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-05-15 13:14:13 +00:00
hc-github-team-consul-core 64c29e59fb
Backport of grpc: fix data race in balancer registration into release/1.15.x (#17351)
Registering gRPC balancers is thread-unsafe because they are stored in a
global map variable that is accessed without holding a lock. Therefore,
it's expected that balancers are registered _once_ at the beginning of
your program (e.g. in a package `init` function) and certainly not after
you've started dialing connections, etc.

> NOTE: this function must only be called during initialization time
> (i.e. in an init() function), and is not thread-safe.

While this is fine for us in production, it's challenging for tests that
spin up multiple agents in-memory. We currently register a balancer per-
agent which holds agent-specific state that cannot safely be shared.

This commit introduces our own registry that _is_ thread-safe, and
implements the Builder interface such that we can call gRPC's `Register`
method once, on start-up. It uses the same pattern as our resolver
registry where we use the dial target's host (aka "authority"), which is
unique per-agent, to determine which builder to use.
2023-05-15 12:34:17 +01:00
Hans Hasselberg 85fbc59e29
manual backport of #17296 to release/1.15.x (#17343)
* update hcp-sdk-go

* add version, datacenter and acl info

* fewer changes

* go mod tidy and lint

* less code

* remove duplicated dep

* fmt

* trigger ci
2023-05-13 23:18:46 +02:00
Hans Hasselberg 42eec33b0e
Update HCP bootstrapping to support existing clusters 1.15.x version (#17305)
* Persist HCP management token from server config

We want to move away from injecting an initial management token into
Consul clusters linked to HCP. The reasoning is that by using a separate
class of token we can have more flexibility in terms of allowing HCP's
token to co-exist with the user's management token.

Down the line we can also more easily adjust the permissions attached to
HCP's token to limit it's scope.

With these changes, the cloud management token is like the initial
management token in that iit has the same global management policy and
if it is created it effectively bootstraps the ACL system.

* Update SDK and mock HCP server

The HCP management token will now be sent in a special field rather than
as Consul's "initial management" token configuration.

This commit also updates the mock HCP server to more accurately reflect
the behavior of the CCM backend.

* Refactor HCP bootstrapping logic and add tests

We want to allow users to link Consul clusters that already exist to
HCP. Existing clusters need care when bootstrapped by HCP, since we do
not want to do things like change ACL/TLS settings for a running
cluster.

Additional changes:

* Deconstruct MaybeBootstrap so that it can be tested. The HCP Go SDK
  requires HTTPS to fetch a token from the Auth URL, even if the backend
  server is mocked. By pulling the hcp.Client creation out we can modify
  its TLS configuration in tests while keeping the secure behavior in
  production code.

* Add light validation for data received/loaded.

* Sanitize initial_management token from received config, since HCP will
  only ever use the CloudConfig.MangementToken.

* Add changelog entry

---------

Co-authored-by: freddygv <freddy@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-05-12 23:01:18 +02:00
R.B. Boyer 48a620cd68
[1.15.x] grpc: ensure grpc resolver correctly uses lan/wan addresses on servers (#17285)
The grpc resolver implementation is fed from changes to the
router.Router. Within the router there is a map of various areas storing
the addressing information for servers in those areas. All map entries
are of the WAN variety except a single special entry for the LAN.

Addressing information in the LAN "area" are local addresses intended
for use when making a client-to-server or server-to-server request.

The client agent correctly updates this LAN area when receiving lan serf
events, so by extension the grpc resolver works fine in that scenario.

The server agent only initially populates a single entry in the LAN area
(for itself) on startup, and then never mutates that area map again.
For normal RPCs a different structure is used for LAN routing.

Additionally when selecting a server to contact in the local datacenter
it will randomly select addresses from either the LAN or WAN addressed
entries in the map.

Unfortunately this means that the grpc resolver stack as it exists on
server agents is either broken or only accidentally functions by having
servers dial each other over the WAN-accessible address. If the operator
disables the serf wan port completely likely this incidental functioning
would break.

This PR enforces that local requests for servers (both for stale reads
or leader forwarded requests) exclusively use the LAN "area" information
and also fixes it so that servers keep that area up to date in the
router.

A test for the grpc resolver logic was added, as well as a higher level
full-stack test to ensure the externally perceived bug does not return.
2023-05-11 11:11:05 -05:00
hc-github-team-consul-core 9b5f872ee7
backport of commit ec7a800577 (#17282)
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-05-10 08:13:37 -05:00
malizz 734d7a27f4
backport PR 15979 to 1.15.x (#17208)
* backport PR 15979 to 1.15.x

* fix test file

* fix proto generated file

* update unit tests

* fix merge conflict

* fix test
2023-05-09 17:25:50 -07:00
hc-github-team-consul-core 1aa4b3b9ba
Backport of snapshot: some improvments to the snapshot process into release/1.15.x (#17277)
* backport of commit 99c3322dc1

* backport of commit 757f22b518

* backport of commit 7eda9c7f22

* backport of commit 8124fb33ae

* backport of commit 164cada247

---------

Co-authored-by: cskh <hui.kang@hashicorp.com>
2023-05-09 21:18:38 +00:00
hc-github-team-consul-core 5feb71e20c
Backport of Hash namespace+proxy ID when creating socket path into release/1.15.x (#17271)
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
2023-05-09 14:24:45 -06:00
hc-github-team-consul-core e835cf81c0
Backport of Fix multiple issues related to proxycfg health queries. into release/1.15.x (#17268)
* backport of commit 464f79a5d3

* backport of commit ff4ba957b6

* backport of commit ab3e904470

---------

Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-05-09 19:33:17 +00:00
hc-github-team-consul-core 3a1ea224f3
Backport of Fix issue with peer stream node cleanup. into release/1.15.x (#17247)
* backport of commit 61a281a4d8

* backport of commit 28a83da088

* backport of commit 4feb116d11

---------

Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-05-08 15:32:35 -05:00
hc-github-team-consul-core 4fd91e87ce
backport of commit 4bb7d00c22 (#17210)
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-05-02 20:46:53 +00:00
hc-github-team-consul-core 0045304ff5
backport of commit b7866911a7 (#17189)
Co-authored-by: Eric <eric@haberkorn.co>
2023-04-30 16:45:33 +00:00
hc-github-team-consul-core 3b069103b2
backport of commit 503134b3c7 (#17196)
Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com>
2023-04-29 00:33:06 +00:00
R.B. Boyer ac4298aeba
[1.15.x] peering: ensure that merged central configs of peered upstreams for partitioned downstreams work (#17181)
Backport of #17179 into release/1.15.x
2023-04-28 16:04:51 -05:00
hc-github-team-consul-core fc4d18dead
feat: set up reporting agent (#16991) (#17031)
Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com>
2023-04-21 11:16:53 -04:00
John Murret ee82e1d01e
ci: remove test-integrations CircleCI workflow (#16928) (#17049)
* remove all CircleCI files

* remove references to CircleCI

* remove more references to CircleCI

* pin golangci-lint to v1.51.1 instead of v1.51
2023-04-19 11:28:59 -06:00
hc-github-team-consul-core ac96ab8ba1
backport of commit 12d5cc0c37 (#17029)
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2023-04-18 17:59:59 +00:00
Poonam Jadhav fc1ba0f203
feat: add reporting config with reload (#16977) 2023-04-13 11:42:08 -04:00
hc-github-team-consul-core 722a8e4b6e
Backport of APIGW: Routes with duplicate parents should be invalid into release/1.15.x (#16962)
* backport of commit 7a3d2d8669

* backport of commit ec3bcfe2bf

* backport of commit ec34e3f5e8

---------

Co-authored-by: jm96441n <john.maguire@hashicorp.com>
2023-04-11 16:28:25 +00:00
hc-github-team-consul-core 1469efe819
Backport of Allow dialer to re-establish terminated peering into release/1.15.x (#16859)
* backport of commit ea94152497

* backport of commit da7507f119

---------

Co-authored-by: freddygv <freddy@hashicorp.com>
2023-04-03 18:28:40 +00:00
Derek Menteer 5560dcdbae
Revert "cache: refactor agent cache fetching to prevent unnecessary f… (#16818)
Revert "cache: refactor agent cache fetching to prevent unnecessary fetches on error (#14956)"
2023-03-30 11:16:33 -05:00
hc-github-team-consul-core 7d44a4c2f1
Backport of Update normalization of route refs into release/1.15.x (#16799)
* backport of commit 7f5e9ba4cd

* backport of commit 67b85371e0

* backport of commit b47040d1ed

* backport of commit 079ed984c0

* Fix infinite call loop

* Explicitly call enterprise meta

---------

Co-authored-by: jm96441n <john.maguire@hashicorp.com>
2023-03-28 16:58:25 +00:00
hc-github-team-consul-core 1553036635
Backport of Fix struct tags for TCPService enterprise meta into release/1.15.x (#16787)
* backport of commit de17e5a23d

* backport of commit 85480c053d

---------

Co-authored-by: jm96441n <john.maguire@hashicorp.com>
2023-03-27 18:54:00 +00:00
Derek Menteer dfb7f7138d
Change partition for peers in discovery chain targets (#16770)
This commit swaps the partition field to the local partition for
discovery chains targeting peers. Prior to this change, peer upstreams
would always use a value of default regardless of which partition they
exist in. This caused several issues in xds / proxycfg because of id
mismatches.

Some prior fixes were made to deal with one-off id mismatches that this
PR also cleans up, since they are no longer needed.
2023-03-24 15:40:46 -05:00
hc-github-team-consul-core 9d636aa816
Backport of Refactor xDS tests into release/1.15.x (#16741)
* backport of commit ed4a98f300

* add merge function

---------

Co-authored-by: Eric <eric@haberkorn.co>
2023-03-22 20:51:58 +00:00
hc-github-team-consul-core 83d26bc21f
backport of commit 746a0a1d73 (#16735)
Co-authored-by: Eric <eric@haberkorn.co>
2023-03-22 13:50:49 +00:00
hc-github-team-consul-core 1007444ac1
Backport of Fix route subscription when using namespaces into release/1.15.x (#16680)
* backport of commit 312492bdf7

* backport of commit 099340902c

* backport of commit 2fcae963d9

---------

Co-authored-by: jm96441n <john.maguire@hashicorp.com>
2023-03-20 19:09:54 +00:00
hc-github-team-consul-core 7f7d282a34
Backport of Add validation for apigw creation with no routes into release/1.15.x (#16679) 2023-03-20 14:14:05 -04:00
Nitya Dhanushkodi 459b42dc5c
[release/1.15.x] peering: peering partition failover fixes (#16675)
add local source partition for peered upstreams
2023-03-20 10:01:04 -07:00
John Maguire 70b8c6b4df
Backport/squashing fix for enterprise meta (#16651)
* Backport squash structures for config entries

* Add changelog

* Rename changelog file for current PR

* change changelog file name

* Add enterprise only tag to changelog

* Fix changelog
2023-03-20 16:57:13 +00:00
hc-github-team-consul-core eb63d46abb
Backport of [API Gateway] Fix invalid cluster causing gateway programming delay into release/1.15.x (#16668)
* backport of commit 9ea73b3b8d

* backport of commit d3cffdeb4d

* backport of commit 0848aac017

* backport of commit 90b5e39d2d

* Refactor and fix flaky tests

* Fix bad merge

* add file that was never backported

* Fix bad merge again

* fix duplicate method

* remove extra import

* backport a slew of testing library code

* backport changes coinciding with library update

* backport changes coinciding with library update

---------

Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-03-17 15:02:28 -04:00
hc-github-team-consul-core 89ce3ba123
backport of commit 78bb205fc3 (#16635)
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-03-15 13:08:14 +00:00
hc-github-team-consul-core 04d882f983
Backport of Preserve CARoots when updating Vault CA configuration into release/1.15.x (#16626)
* backport of commit 537734d2ec

* backport of commit 523d313671

* backport of commit 8a113841d4

* backport of commit 368f8a51e9

---------

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2023-03-13 21:54:40 +00:00
Freddy 02f8ed4ca2
Backport of Allow HCP metrics collection for Envoy proxies into release/1.15.x (#16611)
Co-authored-by: Ashvitha Sridharan <ashvitha.sridharan@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Ashvitha <ashvitha297@gmail.com>
2023-03-10 21:50:30 +00:00
hc-github-team-consul-core fb95d89e4d
backport of commit e5172b9b35 (#16573)
Co-authored-by: Eric <eric@haberkorn.co>
2023-03-08 17:01:11 +00:00
hc-github-team-consul-core 88496d7f8a
NET-2904 Fixes API Gateway Route Service Weight Division Error (#16540)
Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com>
2023-03-06 10:11:27 -05:00
hc-github-team-consul-core 2f8de3c3d1
Backport of NET-2903 Normalize weight for http routes into release/1.15.x (#16532)
* backport of commit 10ef73a5a6

* backport of commit 99f5b726d2

* NET-2903 Normalize weight for http routes (#16512)

* NET-2903 Normalize weight for http routes

* Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: Melisa Griffin <melisa.griffin@hashicorp.com>
Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-03-03 17:08:57 -05:00
hc-github-team-consul-core 388fef8484
Backport of proxycfg: ensure that an irrecoverable error in proxycfg closes the xds session and triggers a replacement proxycfg watcher into release/1.15.x (#16529)
* backport of commit 88e56eac02

* backport of commit 4fc870086d

* backport of commit 0d57b2a70c

* backport of commit c627e5ac39

* backport of commit 48f93514de

* backport of commit 3b9fbcd800

* backport of commit a323375c30

* backport of commit 70b54d501f

---------

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2023-03-03 21:00:25 +00:00
hc-github-team-consul-core 0f139f2439
Backport of Fix resolution of service resolvers with subsets for external upstreams into release/1.15.x (#16525)
* backport of commit 892d389d9b

* backport of commit 8a2468d6b5

* backport of commit f56894fdc1

* backport of commit ced73fc2ce

---------

Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-03-03 19:44:50 +00:00
hc-github-team-consul-core 9c409797e6
Backport of Fix issue where terminating gateway service resolvers weren't properly cleaned up into release/1.15.x (#16521)
* backport of commit e14b4301fa

* backport of commit 525501337d

* backport of commit b1b2abc14a

* backport of commit ecaeff26aa

---------

Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-03-03 16:45:47 +00:00
hc-github-team-consul-core f51d12c952
Backport of Add ServiceResolver RequestTimeout for route timeouts to make TerminatingGateway upstream timeouts configurable into release/1.15.x (#16520)
* backport of commit 29768f27aa

* backport of commit 1f26c2a6b4

* Add RequestTimeout field

* Add changelog entry

---------

Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-03-03 11:13:25 -05:00
hc-github-team-consul-core c3fb1654aa
backport of commit 20cd7f1f48 (#16510)
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2023-03-02 21:17:22 +00:00
hc-github-team-consul-core 5755a75d8d
Backport of Fix various flaky tests into release/1.15.x (#16406)
* backport of commit 169a4aedee

* backport of commit d7429dda9b

* backport of commit 7ee6f72dce

---------

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2023-02-23 20:45:34 +00:00
hc-github-team-consul-core 983a1b8ddb
backport of commit 1180908144 (#16389)
Co-authored-by: Paul Banks <pbanks@hashicorp.com>
2023-02-23 16:15:21 +00:00
hc-github-team-consul-core 7cd0eff857
fix failed cherry pick (#16303)
Co-authored-by: Maliz <maliheh.monshizadeh@hashicorp.com>
2023-02-22 13:25:30 -08:00
hc-github-team-consul-core 61aeb81919
backport of commit 181bee38c0 (#16378)
Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
2023-02-22 20:24:20 +00:00