consul

Commit Graph

Author	SHA1	Message	Date
DanStough	817449041d	chore(test): Update bats version	3 years ago
Mark Anderson	2fcac5224e	Merge pull request #12878 from hashicorp/ma/x-forwarded-client-cert Support x-forwarded-client-cert	3 years ago
Dan Upton	a668c36930	acl: gRPC login and logout endpoints (#12935 ) Introduces two new public gRPC endpoints (`Login` and `Logout`) and includes refactoring of the equivalent net/rpc endpoints to enable the majority of logic to be reused (i.e. by extracting the `Binder` and `TokenWriter` types). This contains the OSS portions of the following enterprise commits: - 75fcdbfcfa6af21d7128cb2544829ead0b1df603 - bce14b714151af74a7f0110843d640204082630a - cc508b70fbf58eda144d9af3d71bd0f483985893	3 years ago
Mark Anderson	6430af1c0e	Update mesh config tests Signed-off-by: Mark Anderson <manderson@hashicorp.com>	3 years ago
R.B. Boyer	1a491886fa	structs: ensure exported-services PeerName field can be addressed as peer_name (#12862 )	3 years ago
Evan Culver	000d0621b4	connect: Add Envoy 1.22 to integration tests, remove Envoy 1.18 (#12805 ) Co-authored-by: R.B. Boyer <rb@hashicorp.com>	3 years ago
Kyle Havlovitz	3e88f579fc	Fix namespace default field names in expanded token output	3 years ago
Mark Anderson	98a2e282be	Fixup acl.EnterpriseMeta Signed-off-by: Mark Anderson <manderson@hashicorp.com>	3 years ago
R.B. Boyer	d06183ba7f	syncing changes back from enterprise (#12701 )	3 years ago
Kyle Havlovitz	059bd0a92e	Merge pull request #12670 from hashicorp/token-read-expanded oss: Add expanded token read flag and endpoint option	3 years ago
Dhia Ayachi	16b19dd82d	auto-reload configuration when config files change (#12329 ) * add config watcher to the config package * add logging to watcher * add test and refactor to add WatcherEvent. * add all API calls and fix a bug with recreated files * add tests for watcher * remove the unnecessary use of context * Add debug log and a test for file rename * use inode to detect if the file is recreated/replaced and only listen to create events. * tidy ups (#1535) * tidy ups * Add tests for inode reconcile * fix linux vs windows syscall * fix linux vs windows syscall * fix windows compile error * increase timeout * use ctime ID * remove remove/creation test as it's a use case that fail in linux * fix linux/windows to use Ino/CreationTime * fix the watcher to only overwrite current file id * fix linter error * fix remove/create test * set reconcile loop to 200 Milliseconds * fix watcher to not trigger event on remove, add more tests * on a remove event try to add the file back to the watcher and trigger the handler if success * fix race condition * fix flaky test * fix race conditions * set level to info * fix when file is removed and get an event for it after * fix to trigger handler when we get a remove but re-add fail * fix error message * add tests for directory watch and fixes * detect if a file is a symlink and return an error on Add * rename Watcher to FileWatcher and remove symlink deref * add fsnotify@v1.5.1 * fix go mod * do not reset timer on errors, rename OS specific files * rename New func * events trigger on write and rename * add missing test * fix flaking tests * fix flaky test * check reconcile when removed * delete invalid file * fix test to create files with different mod time. * back date file instead of sleeping * add watching file in agent command. * fix watcher call to use new API * add configuration and stop watcher when server stop * add certs as watched files * move FileWatcher to the agent start instead of the command code * stop watcher before replacing it * save watched files in agent * add add and remove interfaces to the file watcher * fix remove to not return an error * use `Add` and `Remove` to update certs files * fix tests * close events channel on the file watcher even when the context is done * extract `NotAutoReloadableRuntimeConfig` is a separate struct * fix linter errors * add Ca configs and outgoing verify to the not auto reloadable config * add some logs and fix to use background context * add tests to auto-config reload * remove stale test * add tests to changes to config files * add check to see if old cert files still trigger updates * rename `NotAutoReloadableRuntimeConfig` to `StaticRuntimeConfig` * fix to re add both key and cert file. Add test to cover this case. * review suggestion Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * add check to static runtime config changes * fix test * add changelog file * fix review comments * Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * update flag description Co-authored-by: FFMMM <FFMMM@users.noreply.github.com> * fix compilation error * add static runtime config support * fix test * fix review comments * fix log test * Update .changelog/12329.txt Co-authored-by: Dan Upton <daniel@floppy.co> * transfer tests to runtime_test.go * fix filewatcher Replace to not deadlock. * avoid having lingering locks Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * split ReloadConfig func * fix warning message Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> * convert `FileWatcher` into an interface * fix compilation errors * fix tests * extract func for adding and removing files Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com> Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com> Co-authored-by: FFMMM <FFMMM@users.noreply.github.com> Co-authored-by: Daniel Upton <daniel@floppy.co>	3 years ago
Kyle Havlovitz	b21b4346b4	Add expanded token read flag and endpoint option	3 years ago
Paul Glass	706c844423	Add IAM Auth Method (#12583 ) This adds an aws-iam auth method type which supports authenticating to Consul using AWS IAM identities. Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>	3 years ago
R.B. Boyer	e79ce8ab03	xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry (#12601 ) - `tls.incoming`: applies to the inbound mTLS targeting the public listener on `connect-proxy` and `terminating-gateway` envoy instances - `tls.outgoing`: applies to the outbound mTLS dialing upstreams from `connect-proxy` and `ingress-gateway` envoy instances Fixes #11966	3 years ago
Dan Upton	b36d4e16b6	Support per-listener TLS configuration ⚙️ (#12504 ) Introduces the capability to configure TLS differently for Consul's listeners/ports (i.e. HTTPS, gRPC, and the internal multiplexed RPC port) which is useful in scenarios where you may want the HTTPS or gRPC interfaces to present a certificate signed by a well-known/public CA, rather than the certificate used for internal communication which must have a SAN in the form `server.<dc>.consul`.	3 years ago
R.B. Boyer	957146401e	catalog: compare node names case insensitively in more places (#12444 ) Many places in consul already treated node names case insensitively. The state store indexes already do it, but there are a few places that did a direct byte comparison which have now been corrected. One place of particular consideration is ensureCheckIfNodeMatches which is executed during snapshot restore (among other places). If a node check used a slightly different casing than the casing of the node during register then the snapshot restore here would deterministically fail. This has been fixed. Primary approach: git grep -i "node.[!=]=.node" -- ':!_test.go' ':!docs' git grep -i '\[[^]]member[^]]\] git grep -i '\[[^]]$member\\|name\\|node$[^]]\]' -- ':!_test.go' ':!website' ':!ui' ':!agent/proxycfg/testing.go:' ':!*.md'	3 years ago
Daniel Nephin	53ae4b3e2c	debug: update CLI docs To clarify how trace is captured. Also remove the minimum seconds check, because that is already done in prepare()	3 years ago
Daniel Nephin	cc2c005fad	debug: limit the size of the trace We've noticed that a trace that is captured over the full duration is too large to open on most machines. A trace.out captured over just the interval period (30s by default) should be a more than enough time to capture trace data.	3 years ago
FFMMM	78264a8030	Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311 ) This commit syncs ENT changes to the OSS repo. Original commit details in ENT: ``` commit 569d25f7f4578981c3801e6e067295668210f748 Author: FFMMM <FFMMM@users.noreply.github.com> Date: Thu Feb 10 10:23:33 2022 -0800 Vendor fork net rpc (#1538) * replace net/rpc w consul-net-rpc/net/rpc Signed-off-by: FFMMM <FFMMM@users.noreply.github.com> * replace msgpackrpc and go-msgpack with fork from mono repo Signed-off-by: FFMMM <FFMMM@users.noreply.github.com> * gofmt all files touched Signed-off-by: FFMMM <FFMMM@users.noreply.github.com> ``` Signed-off-by: FFMMM <FFMMM@users.noreply.github.com>	3 years ago
R.B. Boyer	b60d89e7ef	bulk rewrite using this script set -euo pipefail unset CDPATH cd "$(dirname "$0")" for f in $(git grep '\brequire := require\.New(' \| cut -d':' -f1 \| sort -u); do echo "=== require: $f ===" sed -i '/require := require.New(t)/d' $f # require.XXX(blah) but not require.XXX(tblah) or require.XXX(rblah) sed -i 's/\brequire\.$[a-zA-Z0-9_]$($[^tr]$/require.\1(t,\2/g' $f # require.XXX(tblah) but not require.XXX(t, blah) sed -i 's/\brequire\.$[a-zA-Z0-9_]$($t[^,]$/require.\1(t,\2/g' $f # require.XXX(rblah) but not require.XXX(r, blah) sed -i 's/\brequire\.$[a-zA-Z0-9_]$($r[^,]$/require.\1(t,\2/g' $f gofmt -s -w $f done for f in $(git grep '\bassert := assert\.New(' \| cut -d':' -f1 \| sort -u); do echo "=== assert: $f ===" sed -i '/assert := assert.New(t)/d' $f # assert.XXX(blah) but not assert.XXX(tblah) or assert.XXX(rblah) sed -i 's/\bassert\.$[a-zA-Z0-9_]$($[^tr]$/assert.\1(t,\2/g' $f # assert.XXX(tblah) but not assert.XXX(t, blah) sed -i 's/\bassert\.$[a-zA-Z0-9_]$($t[^,]$/assert.\1(t,\2/g' $f # assert.XXX(rblah) but not assert.XXX(r, blah) sed -i 's/\bassert\.$[a-zA-Z0-9_]$($r[^,]$/assert.\1(t,\2/g' $f gofmt -s -w $f done	3 years ago
R.B. Boyer	31f6f55bbe	test: normalize require.New and assert.New syntax	3 years ago
Mike Morris	1b1a97e8f9	ingress: allow setting TLS min version and cipher suites in ingress gateway config entries (#11576 ) * xds: refactor ingress listener SDS configuration * xds: update resolveListenerSDS call args in listeners_test * ingress: add TLS min, max and cipher suites to GatewayTLSConfig * xds: implement envoyTLSVersions and envoyTLSCipherSuites * xds: merge TLS config * xds: configure TLS parameters with ingress TLS context from leaf * xds: nil check in resolveListenerTLSConfig validation * xds: nil check in makeTLSParameters* functions * changelog: add entry for TLS params on ingress config entries * xds: remove indirection for TLS params in TLSConfig structs * xds: return tlsContext, nil instead of ambiguous err Co-authored-by: Chris S. Kim <ckim@hashicorp.com> * xds: switch zero checks to types.TLSVersionUnspecified * ingress: add validation for ingress config entry TLS params * ingress: validate listener TLS config * xds: add basic ingress with TLS params tests * xds: add ingress listeners mixed TLS min version defaults precedence test * xds: add more explicit tests for ingress listeners inheriting gateway defaults * xds: add test for single TLS listener on gateway without TLS defaults * xds: regen golden files for TLSVersionInvalid zero value, add TLSVersionAuto listener test * types/tls: change TLSVersion to string * types/tls: update TLSCipherSuite to string type * types/tls: implement validation functions for TLSVersion and TLSCipherSuites, make some maps private * api: add TLS params to GatewayTLSConfig, add tests * api: add TLSMinVersion to ingress gateway config entry test JSON * xds: switch to Envoy TLS cipher suite encoding from types package * xds: fixup validation for TLSv1_3 min version with cipher suites * add some kitchen sink tests and add a missing struct tag * xds: check if mergedCfg.TLSVersion is in TLSVersionsWithConfigurableCipherSuites * xds: update connectTLSEnabled comment * xds: remove unsued resolveGatewayServiceTLSConfig function * xds: add makeCommonTLSContextFromLeafWithoutParams * types/tls: add LessThan comparator function for concrete values * types/tls: change tlsVersions validation map from string to TLSVersion keys * types/tls: remove unused envoyTLSCipherSuites * types/tls: enable chacha20 cipher suites for Consul agent * types/tls: remove insecure cipher suites from allowed config TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 are both explicitly listed as insecure and disabled in the Go source. Refs https://cs.opensource.google/go/go/+/refs/tags/go1.17.3:src/crypto/tls/cipher_suites.go;l=329-330 * types/tls: add ValidateConsulAgentCipherSuites function, make direct lookup map private * types/tls: return all unmatched cipher suites in validation errors * xds: check that Envoy API value matching TLS version is found when building TlsParameters * types/tls: check that value is found in map before appending to slice in MarshalEnvoyTLSCipherSuiteStrings * types/tls: cast to string rather than fmt.Printf in TLSCihperSuite.String() * xds: add TLSVersionUnspecified to list of configurable cipher suites * structs: update note about config entry warning * xds: remove TLS min version cipher suite unconfigurable test placeholder * types/tls: update tests to remove assumption about private map values Co-authored-by: R.B. Boyer <rb@hashicorp.com>	3 years ago
Daniel Nephin	ff7f3a9737	cli: use file mode 0600 when saving a snapshot So that other users on the machine can not access the snapshot data.	3 years ago
Blake Covarrubias	e898cf1d41	cli: Show node identities in acl token list output (#11926 ) Fix the pretty CLI output of `consul acl token list` so that it properly displays node identities that are associated with a token.	3 years ago
Daniel Nephin	da95a0e449	Merge pull request #11884 from assareh/patch-1 consul pls cert create usage example provided in CLI help shows outdated arguments	3 years ago
Daniel Nephin	1eb3178468	Merge pull request #11781 from marco-m/private-key-0600-permission cli: consul tls: create private keys with mode 0600	3 years ago
Andy Assareh	fab47eb70f	usage example given uses outdated arguments the usage example shows incorrect arguments for ca cert and key. the correct arguments are now -ca and -key	3 years ago
freddygv	6bbf109bdd	Update golden files	3 years ago
freddygv	68424b318a	Get partition label from upstream metrics	3 years ago
Evan Culver	a0c754d44f	connect: update SNI label extraction to support new taxonomy for partitions (#11786 )	3 years ago
Chris S. Kim	71bad67a4d	Add partitions to prettyformatters (#11789 )	3 years ago
Marco Molteni	8a4b92c176	cli: consul tls: create private keys with mode 0600 This applies to consul tls ca create consul tls cert create -client consul tls cert create -server Closes: #11741	3 years ago
Dan Upton	205ce9a69d	Remove references to "master" ACL tokens in tests (#11751 )	3 years ago
freddygv	9b44861ce4	Update api module and decoding tests	3 years ago
freddygv	ed6076db26	Rename partition-exports to exported-services Using a name less tied to partitions gives us more flexibility to use this config entry in OSS for exports between datacenters/meshes.	3 years ago
R.B. Boyer	c46f9f9f31	agent: add variation of force-leave that exclusively works on the WAN (#11722 ) Fixes #6548	3 years ago
Daniel Nephin	81afb208ac	Merge pull request #11677 from hashicorp/dnephin/freeport-interface sdk: use t.Cleanup in freeport and remove unnecessary calls	3 years ago
Dan Upton	bf56a2c495	Rename `agent_master` ACL token in the API and CLI (#11669 )	3 years ago
Daniel Nephin	e8312d6b5a	testing: remove unnecessary calls to freeport Previously we believe it was necessary for all code that required ports to use freeport to prevent conflicts. https://github.com/dnephin/freeport-test shows that it is actually save to use port 0 (`127.0.0.1:0`) as long as it is passed directly to `net.Listen`, and the listener holds the port for as long as it is needed. This works because freeport explicitly avoids the ephemeral port range, and port 0 always uses that range. As you can see from the test output of https://github.com/dnephin/freeport-test, the two systems never use overlapping ports. This commit converts all uses of freeport that were being passed directly to a net.Listen to use port 0 instead. This allows us to remove a bit of wrapping we had around httptest, in a couple places.	3 years ago
Daniel Nephin	5a61893642	testing: use httptest with freeport	3 years ago
Daniel Nephin	56f9238d15	go-sso: remove returnFunc now that freeport handles return	3 years ago
R.B. Boyer	1e02460bd1	re-run gofmt on 1.17 (#11579 ) This should let freshly recompiled golangci-lint binaries using Go 1.17 pass 'make lint'	3 years ago
R.B. Boyer	eb21649f82	partitions: various refactors to support partitioning the serf LAN pool (#11568 )	3 years ago
freddygv	5bc4aa49bd	Fix test	3 years ago
freddygv	4c9c1b52ce	Support partitions in connect expose cmd	3 years ago
freddygv	a6d985040f	Fixup shared oss/ent tests	3 years ago
Nitya Dhanushkodi	139c4eb844	command/redirect_traffic: Redirect DNS requests to Consul if -consul-dns-ip is passed in (#11480 ) * command/redirect_traffic: add rules to redirect DNS to Consul. Currently uses a hack to get the consul dns service ip, and this hack only works when the service is deployed in the same namespace as consul. * command/redirect_traffic: redirect DNS to Consul when -consul-dns-ip is passed in * Add unit tests to Consul DNS IP table redirect rules Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com> Co-authored-by: Iryna Shustava <ishustava@users.noreply.github.com>	3 years ago
Dhia Ayachi	98735a6d12	KV refactoring, part 2 (#11512 ) * add partition to the kv get pretty print * fix failing test * add test for kvs RPC endpoint	3 years ago
Daniel Upton	d47b7311b8	Support Check-And-Set deletion of config entries (#11419 ) Implements #11372	3 years ago
R.B. Boyer	61361c2e5d	cli: update consul members output to display partitions and sort the results usefully (#11446 )	3 years ago
R.B. Boyer	c8cafb7654	agent: for various /v1/agent endpoints parse the partition parameter on the request (#11444 ) Also update the corresponding CLI commands to send the parameter appropriately. NOTE: Behavioral changes are not happening in this PR.	3 years ago
Freddy	b1b6f682e1	Merge pull request #11416 from hashicorp/ap/exports-update Rename service-exports to partition-exports	3 years ago
R.B. Boyer	ef559dfdd4	agent: refactor the agent delegate interface to be partition friendly (#11429 )	3 years ago
freddygv	5c24ed61a8	Rename service-exports to partition-exports Existing config entries prefixed by service- are specific to individual services. Since this config entry applies to partitions it is being renamed. Additionally, the Partition label was changed to Name because using Partition at the top-level and in the enterprise meta was leading to the enterprise meta partition being dropped by msgpack.	3 years ago
Kyle Havlovitz	04cd2c983e	Add new service-exports config entry	3 years ago
Oleg Butuzov	f9c290890f	refactor: replace (bytes.Buffer).WriteString with (bytes.Buffer).Write This PR change one method of bytes.Buffer struct package with a similar one, as result - code produce less allocations on heap.	3 years ago
Evan Culver	be667e280f	connect: Remove envoy_version from bootstrap template (#11215 )	3 years ago
Evan Culver	c7747212c3	Merge pull request #11115 from hashicorp/eculver/envoy-1.19.1 Add support for Envoy 1.19.1	3 years ago
Daniel Nephin	cc310224aa	command/envoy: stop using the DebugConfig from Self endpoint The DebugConfig in the self endpoint can change at any time. It's not a stable API. This commit adds the XDSPort to a stable part of the XDS api, and changes the envoy command to read this new field. It includes support for the old API as well, in case a newer CLI is used with an older API, and adds a test for both cases.	3 years ago
Daniel Nephin	1502547e38	Revert "Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc" This reverts commit `74fb650b6b`, reversing changes made to `58bd817336`.	3 years ago
Evan Culver	9b73e7319d	Merge branch 'main' into eculver/envoy-1.19.1	3 years ago
Bisakh	981ef464d6	acl: update GetPolicyByName method implementation (#11055 )	3 years ago
Evan Culver	1709309cc7	regenerate more envoy golden files	3 years ago
freddygv	e0a7900f52	Fixup api config and Envoy test	3 years ago
freddygv	cecf5b18f8	Bring back entmeta args defaulting	3 years ago
freddygv	7ecbac9228	Ensure Envoy can subscribe to non-default partition	3 years ago
Freddy	8d83d27674	connect: update envoy supported versions to latest patch release (#10961) Relevant advisory: https://github.com/envoyproxy/envoy/security/advisories/GHSA-6g4j-5vrw-2m8h	3 years ago
Dhia Ayachi	fe8b3dfccf	add partition flag to catalog commands (#10949 ) * add partition flag to catalog commands * add missing files	3 years ago
R.B. Boyer	097e1645e3	agent: ensure that most agent behavior correctly respects partition configuration (#10880 )	3 years ago
Daniel Nephin	797ee061e4	debug: use human readable dates for filenames The unix timestamps that were used make the debug data a little bit more difficult to consume. By using human readable dates we can easily see when the profile data was collected. This commit also improves the test coverage. Two test cases are removed and the assertions from those cases are moved to TestDebugCommand. Now TestDebugCommand is able to validate the contents of all files. This change reduces the test runtime of the command/debug package by almost 50%. It also makes much more strict assertions about the contents by using gotest.tools/v3/fs.	3 years ago
Daniel Nephin	2f8d0e12cf	debug: small cleanup Use the new WriteJsonFile function to write index.json Remove .String() from time.local() since that is done by %s Remove an unused field.	3 years ago
Daniel Nephin	4359e38114	debug: restore cancel on SigInt Some previous changes broke interrupting the debug on SigInterupt. This change restores the original behaviour by passing a context to requests. Since a new API client function was required to pass the context, I had it also return an io.ReadCloser, so that output can be streamed to files instead of fully buffering in process memory.	3 years ago
Daniel Nephin	31bcd80528	debug: improve a couple of the test cases Use gotest.tools/v3/fs to make better assertions about the files Remove the TestAgent from TestDebugCommand_Prepare_ValidateTiming, since we can test that validation without making any API calls.	3 years ago
Daniel Nephin	bbf6a94c9a	debug: rename cluster target to members The API is called members. Using the same name as the API should help describe the contents of the file.	3 years ago
Daniel Nephin	251026e374	debug: remove unused	3 years ago
Daniel Nephin	70c2cdc8f1	cli: remove a test case for updating a legacy token Legacy tokens are no longer accepted, so we don't need to test their upgrade path.	3 years ago
Mark Anderson	d3cebbd32c	Fixup to support unix domain socket via command line (#10758 ) Missed the need to add support for unix domain socket config via api/command line. This is a variant of the problems described in it is easy to drop one. Signed-off-by: Mark Anderson <manderson@hashicorp.com>	3 years ago
Blake Covarrubias	1ee8655bfc	cli: Fix broken KV import on Windows (#10820 ) Consul 1.10 (PR #9792) introduced the ability to specify a prefix when importing KV's. This however introduced a regression on Windows systems which breaks `kv import`. The key name is joined with specified`-prefix` using `filepath.Join()` which uses a forward slash (/) to delimit values on Unix-based systems, and a backslash (\) to delimit values on Windows – the latter of which is incompatible with Consul KV paths. This commit replaces filepath.Join() with path.Join() which uses a forward slash as the delimiter, providing consistent key join behavior across supported operating systems. Fixes #10583	3 years ago
Blake Covarrubias	e41d6ee60f	cli: Use admin bind address in self_admin cluster (#10757 ) Configure the self_admin cluster to use the admin bind address provided when starting Envoy. Fixes #10747	3 years ago
Blake Covarrubias	6a68bfc5e1	cli: Test API access using /status/leader in consul watch (#10795 ) Replace call to /agent/self with /status/leader to verify agent reachability before initializing a watch. This endpoint is not guarded by ACLs, and as such can be queried by any API client regardless of their permissions. Fixes #9353	3 years ago
Daniel Nephin	9dd6d26d05	acl: remove rule == nil checks	3 years ago
Evan Culver	24db06f503	Fix maint test	3 years ago
Daniel Nephin	beea1c2218	http: emit indented JSON in the metrics stream endpoint To remove the need to decode and re-encode in the CLI	3 years ago
Daniel Nephin	c3149ec0fd	debug: use the new metrics stream in debug command	3 years ago
Dhia Ayachi	de124d0aa1	add http flag for admin partition (#10683 )	3 years ago
R.B. Boyer	b0657973f2	add partition cli flag to all cli commands that have namespace flag (#10668 )	3 years ago
Blake Covarrubias	6c462d399b	cli: Document pass-through option for `consul connect envoy` (#10666 ) Update help text of `consul connect envoy` command to mention the ability to provide pass-through options.	3 years ago
Evan Culver	0527dcff57	acls: Show `AuthMethodNamespace` when reading/listing ACL token meta (#10598 )	3 years ago
Daniel Nephin	74fb650b6b	Merge pull request #10588 from hashicorp/dnephin/config-fix-ports-grpc config: rename `ports.grpc` to `ports.xds`	3 years ago
Daniel Nephin	233d03dbbd	Apply suggestions from code review Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>	3 years ago
Daniel Nephin	4ad80ccee3	command/envoy: stop using the DebugConfig from Self endpoint The DebugConfig in the self endpoint can change at any time. It's not a stable API. With the previous change to rename GRPCPort to XDSPort this command would have broken. This commit adds the XDSPort to a stable part of the XDS api, and changes the envoy command to read this new field. It includes support for the old API as well, in case a newer CLI is used with an older API, and adds a test for both cases.	3 years ago
Iryna Shustava	95305881ce	cli/sdk: Allow applying redirect-traffic rules in a provided Linux namespace (#10564 )	3 years ago
Daniel Nephin	895bf9adec	config: update GRPCPort and addr in runtime config	3 years ago
Evan Culver	13bd86527b	Add support for returning ACL secret IDs for accessors with acl:write (#10546 )	3 years ago
R.B. Boyer	c94b8c6a39	config: add agent config flag for enterprise clients to indicate they wish to join a particular partition (#10572 )	3 years ago
Daniel Nephin	2c4f22a9f0	Merge pull request #10552 from hashicorp/dnephin/ca-remove-rotation-period ca: remove unused RotationPeriod field	3 years ago
jkirschner-hashicorp	5f73de6fbc	Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable Replace use of 'sane' where appropriate	3 years ago
Daniel Nephin	3a045cca8d	ca: remove unused RotationPeriod field This field was never used. Since it is persisted as part of a map[string]interface{} it is pretty easy to remove it.	3 years ago
Jared Kirschner	bd536151e1	Replace use of 'sane' where appropriate HashiCorp voice, style, and language guidelines recommend avoiding ableist language unless its reference to ability is accurate in a particular use.	3 years ago
Daniel Nephin	690dc41c55	Merge pull request #10515 from hashicorp/dnephin/fix-arm32-atomic-aligment Fix panic on 32-bit platforms	3 years ago
Daniel Nephin	4d741531b4	Update references to the main branch The main branch is being renamed from master->main. This commit should update all references to the main branch to the new name. Co-Authored-By: Mike Morris <mikemorris@users.noreply.github.com>	3 years ago
Daniel Nephin	f34d3543b1	testing: fix a test for 32-bit The hcl decoding apparently uses strconv.ParseInt, which fails to parse a 64bit int. Since hcl v1 is basically EOl, it seems unlikely we'll fix this in hcl. Since this test is only about loading values from config files, the extra large number doesn't seem important. Trim a few zeros from the numbers so that they parse properly on 32bit platforms. Also skip a slow test when -short is used.	3 years ago
Kyle Nusbaum	07cec75be2	command/agent: change io.Discard to ioutil.Discard	3 years ago
Freddy	ffb13f35f1	Rename CatalogDestinationsOnly (#10397 ) CatalogDestinationsOnly is a passthrough that would enable dialing addresses outside of Consul's catalog. However, when this flag is set to true only _connect_ endpoints for services can be dialed. This flag is being renamed to signal that non-Connect endpoints can't be dialed by transparent proxies when the value is set to true.	3 years ago
Freddy	429f9d8bb8	Add flag for transparent proxies to dial individual instances (#10329 )	4 years ago
Dhia Ayachi	005ad9e46d	generate a single debug file for a long duration capture (#10279 ) * debug: remove the CLI check for debug_enabled The API allows collecting profiles even debug_enabled=false as long as ACLs are enabled. Remove this check from the CLI so that users do not need to set debug_enabled=true for no reason. Also: - fix the API client to return errors on non-200 status codes for debug endpoints - improve the failure messages when pprof data can not be collected Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com> * remove parallel test runs parallel runs create a race condition that fail the debug tests * snapshot the timestamp at the beginning of the capture - timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures - capture append to the file if it already exist * Revert "snapshot the timestamp at the beginning of the capture" This reverts commit `c2d03346` * Refactor captureDynamic to extract capture logic for each item in a different func * snapshot the timestamp at the beginning of the capture - timestamp used to create the capture sub folder is snapshot only at the beginning of the capture and reused for subsequent captures - capture append to the file if it already exist * Revert "snapshot the timestamp at the beginning of the capture" This reverts commit `c2d03346` * Refactor captureDynamic to extract capture logic for each item in a different func * extract wait group outside the go routine to avoid a race condition * capture pprof in a separate go routine * perform a single capture for pprof data for the whole duration * add missing vendor dependency * add a change log and fix documentation to reflect the change * create function for timestamp dir creation and simplify error handling * use error groups and ticker to simplify interval capture loop * Logs, profile and traces are captured for the full duration. Metrics, Heap and Go routines are captured every interval * refactor Logs capture routine and add log capture specific test * improve error reporting when log test fail * change test duration to 1s * make time parsing in log line more robust * refactor log time format in a const * test on log line empty the earliest possible and return Co-authored-by: Freddy <freddygv@users.noreply.github.com> * rename function to captureShortLived * more specific changelog Co-authored-by: Paul Banks <banks@banksco.de> * update documentation to reflect current implementation * add test for behavior when invalid param is passed to the command * fix argument line in test * a more detailed description of the new behaviour Co-authored-by: Paul Banks <banks@banksco.de> * print success right after the capture is done * remove an unnecessary error check Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * upgraded github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57 => v0.0.0-20210601050228-01bbb1931b22 Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> Co-authored-by: Freddy <freddygv@users.noreply.github.com> Co-authored-by: Paul Banks <banks@banksco.de>	4 years ago
Dhia Ayachi	dda3e68791	fix monitor to only start the monitor in json format when requested (#10358 ) * fix monitor to only start the monitor in json format when requested * add release notes * add test to validate json format when requested	4 years ago
Daniel Nephin	cec8bc88a9	cmd: remove unnecessary GatedUi The intent of this struct was to prevent non-json output to stdout. With the previous cleanup, this can now be done by simply changing the stdout stream to io.Discard. This is just one example of why passing around io.Writers for the streams is better than the UI interface.	4 years ago
Daniel Nephin	2261a469e3	cmd: move agent running message to logs Previously this line was mixed up with logging, which made the output quite ugly. Use the logger to output this message, instead of printing directly to stdout. This has the advantage that the message will be visible when json logs are enabled.	4 years ago
Daniel Nephin	b4b85bd83a	agent: fix agent logging Remove the leading whitespace on every log line. This was causing problems for a customer because their logging system was interpretting the logs as a single multi-line log.	4 years ago
Daniel Nephin	2fc988d51d	cmd: introduce a shim to expose Stdout/Stderr writers This will allow commands to do the right thing, and write to the proper output stream.	4 years ago
Daniel Nephin	e573641995	cmd: remove unnecessary args to agent.New The version args are static and passed in from the caller. Instead read the static values in New. The shutdownCh was never closed, so did nothing. Remove it as a field and an arg.	4 years ago
Daniel Nephin	eb4f8b17e9	Merge pull request #10324 from hashicorp/dnephin/fix-envoy-bootstrap-exec envoy: fix deadlock when input is larger than named pipe buffer size	4 years ago
Dhia Ayachi	15dddc9edb	make tests use a dummy node_name to avoid environment related failures (#10262 ) * fix tests to use a dummy nodeName and not fail when hostname is not a valid nodeName * remove conditional testing * add test when node name is invalid	4 years ago
Daniel Nephin	2054402a53	envoy: improve comments	4 years ago
Daniel Nephin	c9bc5f92b7	envoy: fix bootstrap deadlock caused by a full named pipe Normally the named pipe would buffer up to 64k, but in some cases when a soft limit is reached, they will start only buffering up to 4k. In either case, we should not deadlock. This commit changes the pipe-bootstrap command to first buffer all of stdin into the process, before trying to write it to the named pipe. This allows the process memory to act as the buffer, instead of the named pipe. Also changed the order of operations in `makeBootstrapPipe`. The new test added in this PR showed that simply buffering in the process memory was not enough to fix the issue. We also need to ensure that the `pipe-bootstrap` process is started before we try to write to its stdin. Otherwise the write will still block. Also set stdout/stderr on the subprocess, so that any errors are visible to the user.	4 years ago
Daniel Nephin	e1b1ab7ef6	envoy: start timeout func after validation This removes the need to check arg length in the timeout function.	4 years ago
Dhia Ayachi	4c7f5f31c7	debug: remove the CLI check for debug_enabled (#10273 ) * debug: remove the CLI check for debug_enabled The API allows collecting profiles even debug_enabled=false as long as ACLs are enabled. Remove this check from the CLI so that users do not need to set debug_enabled=true for no reason. Also: - fix the API client to return errors on non-200 status codes for debug endpoints - improve the failure messages when pprof data can not be collected Co-Authored-By: Dhia Ayachi <dhia@hashicorp.com> * remove parallel test runs parallel runs create a race condition that fail the debug tests * Add changelog Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>	4 years ago
Daniel Nephin	5a7059f45c	redirecttraffic: fix a flaky test https://app.circleci.com/pipelines/github/hashicorp/consul-enterprise/6408/workflows/e90b1140-daa2-458f-8197-d1821e3693e3/jobs/94694/tests#failed-test-0 The ExcludeInboundPorts can be in a different order sometimes, although I'm not sure how. Also removes t.Parallel. We should only need to use t.Parallel in large packages with many slow tests. In this case there is only a single slow test so we don't get any benefit. Also add struct field names to the testcases list, so that it is easier to see what each value is doing, and to make it easier to add new fields in the future.	4 years ago
Iryna Shustava	d7d44f6ae7	Save exposed ports in agent's store and expose them via API (#10173 ) * Save exposed HTTP or GRPC ports to the agent's store * Add those the health checks API so we can retrieve them from the API * Change redirect-traffic command to also exclude those ports from inbound traffic redirection when expose.checks is set to true.	4 years ago
R.B. Boyer	3b50a55533	connect: update supported envoy versions to 1.18.3, 1.17.3, 1.16.4, and 1.15.5 (#10231 )	4 years ago
Daniel Nephin	347f3d2128	Merge pull request #10155 from hashicorp/dnephin/config-entry-remove-fields config-entry: remove Kind and Name field from Mesh config entry	4 years ago
Mark Anderson	06f0f79218	Continue working through proxy and agent Rework/listeners, rename makeListener Refactor, tests pass Signed-off-by: Mark Anderson <manderson@hashicorp.com>	4 years ago
Luke Kysow	8d6cbe7281	Give descriptive error if auth method not found (#10163 ) * Give descriptive error if auth method not found Previously during a `consul login -method=blah`, if the auth method was not found, the error returned would be "ACL not found". This is potentially confusing because there may be many different ACLs involved in a login: the ACL of the Consul client, perhaps the binding rule or the auth method. Now the error will be "auth method blah not found", which is much easier to debug.	4 years ago
Daniel Nephin	a07a58a873	config-entry: use custom MarshalJSON for mesh type So that the Kind field is added to the JSON object.	4 years ago
Daniel Nephin	62efaaab21	config-entry: remove Kind and Name field from Mesh config entry No config entry needs a Kind field. It is only used to determine the Go type to target. As we introduce new config entries (like this one) we can remove the kind field and have the GetKind method return the single supported value. In this case (similar to proxy-defaults) the Name field is also unnecessary. We always use the same value. So we can omit the name field entirely.	4 years ago
R.B. Boyer	abc1dc0fe9	connect: update supported envoy versions to 1.18.2, 1.17.2, 1.16.3, and 1.15.4 (#10101 ) The only thing that needed fixing up pertained to this section of the 1.18.x release notes: > grpc_stats: the default value for stats_for_all_methods is switched from true to false, in order to avoid possible memory exhaustion due to an untrusted downstream sending a large number of unique method names. The previous default value was deprecated in version 1.14.0. This only changes the behavior when the value is not set. The previous behavior can be used by setting the value to true. This behavior change by be overridden by setting runtime feature envoy.deprecated_features.grpc_stats_filter_enable_stats_for_all_methods_by_default. For now to maintain status-quo I'm explicitly setting `stats_for_all_methods=true` in all versions to avoid relying upon the default. Additionally the naming of the emitted metrics for these gRPC requests changed slightly so the integration test assertions for `case-grpc` needed adjusting.	4 years ago
R.B. Boyer	71d45a3460	Support Incremental xDS mode (#9855 ) This adds support for the Incremental xDS protocol when using xDS v3. This is best reviewed commit-by-commit and will not be squashed when merged. Union of all commit messages follows to give an overarching summary: xds: exclusively support incremental xDS when using xDS v3 Attempts to use SoTW via v3 will fail, much like attempts to use incremental via v2 will fail. Work around a strange older envoy behavior involving empty CDS responses over incremental xDS. xds: various cleanups and refactors that don't strictly concern the addition of incremental xDS support Dissolve the connectionInfo struct in favor of per-connection ResourceGenerators instead. Do a better job of ensuring the xds code uses a well configured logger that accurately describes the connected client. xds: pull out checkStreamACLs method in advance of a later commit xds: rewrite SoTW xDS protocol tests to use protobufs rather than hand-rolled json strings In the test we very lightly reuse some of the more boring protobuf construction helper code that is also technically under test. The important thing of the protocol tests is testing the protocol. The actual inputs and outputs are largely already handled by the xds golden output tests now so these protocol tests don't have to do double-duty. This also updates the SoTW protocol test to exclusively use xDS v2 which is the only variant of SoTW that will be supported in Consul 1.10. xds: default xds.Server.AuthCheckFrequency at use-time instead of construction-time	4 years ago
Iryna Shustava	8dffb89131	Implement traffic redirection exclusion based on proxy config and user-provided values (#10134 ) * Use proxy outbound port from TransparentProxyConfig if provided * If -proxy-id is provided to the redirect-traffic command, exclude any listener ports from inbound traffic redirection. This includes envoy_prometheus_bind_addr, envoy_stats_bind_addr, and the ListenerPort from the Expose configuration. * Allow users to provide additional inbound and outbound ports, outbound CIDRs and additional user IDs to be excluded from traffic redirection. This affects both the traffic-redirect command and the iptables SDK package.	4 years ago
Freddy	078c40425f	Rename "cluster" config entry to "mesh" (#10127 ) This config entry is being renamed primarily because in k8s the name cluster could be confusing given that the config entry applies across federated datacenters. Additionally, this config entry will only apply to Consul as a service mesh, so the more generic "cluster" name is not needed.	4 years ago
Paul Banks	c501468d78	Fix panic bug in snapshot inspect (#10091 ) * Fix panic bug in snapshot inspect * Add changelog entry * Update .changelog/10091.txt * Undo bad GitHub UI merge * Undo bad GitHub UI merge	4 years ago
Paul Banks	d717d2cdc4	CLI: Allow snapshot inspect to work on internal raft snapshots directly. (#10089 ) * CLI: Add support for reading internal raft snapshots to snapshot inspect * Add snapshot inspect test for raw state files * Add changelog entry * Update .changelog/10089.txt	4 years ago
R.B. Boyer	4db8b78854	connect: update centralized upstreams representation in service-defaults (#10015 )	4 years ago
freddygv	e1808af729	Fixup tests	4 years ago
freddygv	7cb3f32672	Convert new tproxy structs in api module into ptrs This way we avoid serializing these when empty. Otherwise users of the latest version of the api submodule cannot interact with older versions of Consul, because a new api client would send keys that the older Consul doesn't recognize yet.	4 years ago
freddygv	7bd51ff536	Replace TransparentProxy bool with ProxyMode This PR replaces the original boolean used to configure transparent proxy mode. It was replaced with a string mode that can be set to: - "": Empty string is the default for when the setting should be defaulted from other configuration like config entries. - "direct": Direct mode is how applications originally opted into the mesh. Proxy listeners need to be dialed directly. - "transparent": Transparent mode enables configuring Envoy as a transparent proxy. Traffic must be captured and redirected to the inbound and outbound listeners. This PR also adds a struct for transparent proxy specific configuration. Initially this is not stored as a pointer. Will revisit that decision before GA.	4 years ago
Iryna Shustava	5755c97bc7	cli: Add new `consul connect redirect-traffic` command for applying traffic redirection rules when Transparent Proxy is enabled. (#9910 ) * Add new consul connect redirect-traffic command for applying traffic redirection rules when Transparent Proxy is enabled. * Add new iptables package for applying traffic redirection rules with iptables.	4 years ago
Freddy	a02245b75a	Merge pull request #9976 from hashicorp/centralized-upstream-fixups	4 years ago
freddygv	ab752c1c86	Avoid sending zero-value upstream defaults from api	4 years ago
R.B. Boyer	5bcfe930c6	command: when generating envoy bootstrap configs to stdout do not mix informational logs into the json (#9980 ) Fixes #9921	4 years ago
R.B. Boyer	499fee73b3	connect: add toggle to globally disable wildcard outbound network access when transparent proxy is enabled (#9973 ) This adds a new config entry kind "cluster" with a single special name "cluster" where this can be controlled.	4 years ago
Hans Hasselberg	53e9c134af	introduce certopts (#9606 ) * introduce cert opts * it should be using the same signer * lint and omit serial	4 years ago
woz5999	39f448589d	support env var expansion in envoy statsd urls Fixes #8561	4 years ago
Freddy	8207b832df	Add TransparentProxy option to proxy definitions	4 years ago
Freddy	c664938bae	Add per-upstream configuration to service-defaults	4 years ago
freddygv	8b46d8dcbb	Restore old Envoy prefix on escape hatches This is done because after removing ID and NodeName from ServiceConfigRequest we will no longer know whether a request coming in is for a Consul client earlier than v1.10.	4 years ago
Kyle Havlovitz	1e87c7183a	Merge pull request #9672 from hashicorp/ca-force-skip-xc connect/ca: Allow ForceWithoutCrossSigning for all providers	4 years ago
freddygv	6fd30d0384	Add TransparentProxy opt to proxy definition	4 years ago
freddygv	e3dc2a49df	Turn Limits and PassiveHealthChecks into pointers	4 years ago
Kyle Havlovitz	d62565f368	Merge pull request #9792 from dzeban/kv-import-prefix command/kv: Add prefix option to kv import command	4 years ago
freddygv	87cde19b4c	Create new types for service-defaults upstream cfg	4 years ago
Nitya Dhanushkodi	15e8b13891	Add flags to consul connect envoy for metrics merging. (#9768 ) Allows setting -prometheus-backend-port to configure the cluster envoy_prometheus_bind_addr points to. Allows setting -prometheus-scrape-path to configure which path envoy_prometheus_bind_addr exposes metrics on. -prometheus-backend-port is used by the consul-k8s metrics merging feature, to configure envoy_prometheus_bind_addr to point to the merged metrics endpoint that combines Envoy and service metrics so that one set of annotations on a Pod can scrape metrics from the service and it's Envoy sidecar. -prometheus-scrape-path is used to allow configurability of the path where prometheus metrics are exposed on envoy_prometheus_bind_addr.	4 years ago
R.B. Boyer	398b766532	xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658 ) - Also add support for envoy 1.17.0	4 years ago
R.B. Boyer	3b6ffc447b	xds: remove deprecated usages of xDS (#9602 ) Note that this does NOT upgrade to xDS v3. That will come in a future PR. Additionally: - Ignored staticcheck warnings about how github.com/golang/protobuf is deprecated. - Shuffled some agent/xds imports in advance of a later xDS v3 upgrade. - Remove support for envoy 1.13.x but don't add in 1.17.x yet. We have to wait until the xDS v3 support is added in a follow-up PR. Fixes #8425	4 years ago
Alex Dzyoba	098fd1797b	command/kv: Add prefix option to kv import command Currently when data is imported via `consul kv import` it overwrites keys under the root key. Since `consul kv export` can retrieve data for the given prefix, i.e. part of the KV tree, importing it under root may be not what users want. To mirror prefix behavior from export this PR adds prefix feature to the import command that adds prefix to all keys that are imported.	4 years ago
R.B. Boyer	6eeccc93ce	connect: update supported envoy point releases to 1.16.2, 1.15.3, 1.14.6, 1.13.7 (#9737 )	4 years ago
Kyle Havlovitz	7dac583863	connect/ca: Allow ForceWithoutCrossSigning for all providers This allows setting ForceWithoutCrossSigning when reconfiguring the CA for any provider, in order to forcibly move to a new root in cases where the old provider isn't reachable or able to cross-sign for whatever reason.	4 years ago
Daniel Nephin	1dcafa51a4	config: make config.TestLoad_FullConfig use config.Load This commit makes a number of changes that should make TestLoad_FullConfig easier to work with, and make the test more like real world scenarios. * use separate files in testdata/ dir to store the config source. Separate files are much easier to edit because editors can syntax highlight json/hcl, and it makes strings easier to find. Previously trying to find strings would match strings used in other tests. * use the exported config.Load interface instead of internal NewBuilder and BuildAndValidate. * remove the tail config overrides, which are only necessary with nonZero works.	4 years ago
Daniel Nephin	32d36d0dd4	config: replace calls to config.NewBuilder with config.Load This is another incremental change to reduce config loading to a single small interface. All calls to NewBuilder can be replaced with Load.	4 years ago
Daniel Nephin	97a577502d	config: improve the interface of Load This commit reduces the interface to Load() a bit, in preparation for unexporting NewBuilder and having everything call Load. The three arguments are reduced to a single argument by moving the other two into the options struct. The three return values are reduced to two by moving the RuntimeConfig and Warnings into a LoadResult struct.	4 years ago
Hans Hasselberg	444cdeb8fb	Add flags to support CA generation for Connect (#9585 )	4 years ago
Daniel Nephin	3d39359bcb	agent: move deprecated AddServiceFromSource to a test file The method is only used in tests, and only exists for legacy calls. There was one other package which used this method in tests. Export the AddServiceRequest and a couple of its fields so the new function can be used in those tests.	4 years ago
Daniel Nephin	6757231b82	agent: rename AddService->AddServiceFromSource In preparation for extracting a single AddService func that accepts a request struct.	4 years ago
R.B. Boyer	b5f9a293c9	chore: regenerate envoy golden files (#9634 )	4 years ago
Matt Keeler	9215fc4e9d	Fix flaky CLI Intention Listing Test	4 years ago
Michael Hofer	3c3b67288d	cli: Add consul intention list command (based on PR #6825 ) (#9468 ) This PR is based on the previous work by @snuggie12 in PR #6825. It adds the command consul intention list to list all available intentions. The list functionality for intentions seems a bit overdue as it's just very handy. The web UI cannot list intentions outside of the default namespace, and using the API is sometimes not the friendliest option. ;) I cherry picked snuggie12's commits who did most of the heavy lifting (thanks again @snuggie12 for your great work!). The changes in the original commit mostly still worked on the current HEAD. On top of that I added support for namespaces and fixed the docs as they are managed differently today. Also the requested changes related to the "Connect" references in the original PRs have been addressed. Fixes #5652 Co-authored-by: Matt Hoey <mhoey05@jcu.edu>	4 years ago
Daniel Nephin	b9e60c0775	testing: skip slow tests with -short Add a skip condition to all tests slower than 100ms. This change was made using `gotestsum tool slowest` with data from the last 3 CI runs of master. See https://github.com/gotestyourself/gotestsum#finding-and-skipping-slow-tests With this change: ``` $ time go test -count=1 -short ./agent ok github.com/hashicorp/consul/agent 0.743s real 0m4.791s $ time go test -count=1 -short ./agent/consul ok github.com/hashicorp/consul/agent/consul 4.229s real 0m8.769s ```	4 years ago
R.B. Boyer	7c7a3e5165	command: when generating envoy bootstrap configs use the datacenter returned from the agent services endpoint (#9229 ) Fixes #9215	4 years ago
Freddy	fe728855ed	Add DC and NS support for Envoy metrics (#9207 ) This PR updates the tags that we generate for Envoy stats. Several of these come with breaking changes, since we can't keep two stats prefixes for a filter.	4 years ago
Mike Morris	7af643ac37	ci: update to Go 1.15.4 and alpine:3.12 (#9036 ) * ci: stop building darwin/386 binaries Go 1.15 drops support for 32-bit binaries on Darwin https://golang.org/doc/go1.15#darwin * tls: ConnectionState::NegotiatedProtocolIsMutual is deprecated in Go 1.15, this value is always true * correct error messages that changed slightly * Completely regenerate some TLS test data Co-authored-by: R.B. Boyer <rb@hashicorp.com>	4 years ago
Matt Keeler	7ef9b04f90	Add a CLI command for retrieving the autopilot configuration. (#9142 )	4 years ago
Joel Watson	81fb937e4f	Merge pull request #9098 from hashicorp/watsonian/kv-size-breakdown Add detailed key size breakdown to snapshot inspect	4 years ago
Joel Watson	182333b645	Fix some minor wording issues	4 years ago
Joel Watson	94689b6ecd	Back out implicit -kvdetails functionality	4 years ago
Joel Watson	0d48559416	Length check is required here If one isn't included, then the nil check in the formatter never fails due to an empty slice being passed in, which causes the kv output to always get printed.	4 years ago
Joel Watson	48a358df1b	Remove trailing tabs from output	4 years ago
Joel Watson	491f2f0a57	Add more func comments	4 years ago
Joel Watson	99ec1febcc	Move kvDetails default logic	4 years ago
Joel Watson	ea804e57b4	Check for nil rather than length	4 years ago
Joel Watson	7aebd179de	Update tests for new flag names	4 years ago
Joel Watson	40a8681816	Allow omission of -kvdetails if another -kv* flag is set	4 years ago
Joel Watson	1ef259b093	Rename params to better reflect their purpose	4 years ago
Joel Watson	5ad0db73c8	Make docs for params clearer	4 years ago
Joel Watson	fbe8503258	Break KV portion of enchance into separate func	4 years ago
Joel Watson	5dd703a62a	Move KV stat gen to separate func	4 years ago
Matt Keeler	c048e86bb2	Switch to using the external autopilot module	4 years ago
Mike Morris	6396042ba7	connect: switch the default gateway port from 443 to 8443 (#9116 ) * test: update ingress gateway golden file to port 8443 * test: update Envoy flags_test to port 8443 Co-authored-by: R.B. Boyer <rb@hashicorp.com>	4 years ago
R.B. Boyer	8baf158ea8	Revert "Add namespace support for metrics (OSS) (#9117 )" (#9124 ) This reverts commit `06b3b017d3`.	4 years ago
Freddy	06b3b017d3	Add namespace support for metrics (OSS) (#9117 )	4 years ago
Joel Watson	aabb537aed	Pull sorting into separate function	4 years ago
Joel Watson	3ee20d500a	Refactor to reduce how many vars are being passed around	4 years ago
Joel Watson	1a50aa023a	Fallback to alphabetic sorting if size is equal	4 years ago
Joel Watson	be2a212d75	Add tests for new snapshot inspect flags	4 years ago
Joel Watson	5f5b49955c	Update snapshot inspect formatter test	4 years ago
Joel Watson	eafc593d0f	Make key breakdown total size accurate	4 years ago
Joel Watson	4bf70dd857	Cleanup formatter	4 years ago
Joel Watson	208d6ebd95	Get JSON formatting working	4 years ago
Joel Watson	e7a88d4a30	This ended up not being used.	4 years ago
Joel Watson	262fb3a0c3	Add snapshot inspect filter param	4 years ago
Joel Watson	10f325dc81	Initial stab at snapshot inspect key breakdown	4 years ago

... 2 3 4 5 6 ...

2363 Commits (b67a9f1b124c5067d3afd4a1141a843595b37087)