Commit Graph

8919 Commits (b8736e2b5c8ab7e387555242e7f9f5f67d1ad6a7)

Author SHA1 Message Date
Paul Banks 5635227fa6
Allow config-file based Service Definitions for unmanaged proxies and Connect-natice apps. (#4443) 2018-07-25 19:55:41 +01:00
Matt Keeler 2ed8b224fd
Update CHANGELOG.md 2018-07-25 14:50:06 -04:00
Geoffrey Grosenbach 94168ac4a2 Remove deprecated Ruby consul-client library (#4419)
The GitHub repo for this library says that it is no longer maintained
and should not be used. The Ruby Diplomat library provides similar
functionality instead (and is already listed here).
2018-07-25 11:47:54 -07:00
Matt Keeler fa7ceb08a0
Merge pull request #4438 from hashicorp/bugfix/keyring-acl
ACL Bug Fixes
2018-07-25 14:47:19 -04:00
Mitchell Hashimoto 9dad3b4517
Update CHANGELOG.md 2018-07-25 09:28:25 -07:00
Mitchell Hashimoto effb17098a
Merge pull request #4314 from hashicorp/b-ignore-check
command/connect/proxy: ignore check doesn't exist on -register
2018-07-25 11:26:40 -05:00
Paul Banks d5e934f9ff
Ooops that was meant to be to a branch no master... EMORECOFFEE
Revert "Add config option to disable HTTP printable char path check"

This reverts commit eebe45a47b.
2018-07-25 15:54:11 +01:00
Paul Banks eebe45a47b
Add config option to disable HTTP printable char path check 2018-07-25 15:52:37 +01:00
Matt Keeler fbb1a7a52b Rewrite all of acl_test.go
This is now using table driven testing. In addition to conversion of old tests I also implemented several new tests for the acl fixes in my previous commit.

In particular the issues I saw with ACLs for prepared queries, keyring and operator all have tests for those and comments indicating that they would have previously failed.
2018-07-24 20:29:34 -04:00
Matt Keeler 883c5dd001 Fix ACL enforcement
This creates one function that takes a rule and the required permissions and returns whether it should be allowed and whether to leave the decision to the parent acl.

Then this function is used everywhere. This makes acl enforcement consistent.

There were several places where a default allow policy with explicit deny rules wasnt being handled and several others where it wasn’t using the parent acl appropriately but would lump no policy in with a deny policy. All of that has been fixed.
2018-07-24 16:21:56 -04:00
Paul Banks 16200e4c75
Refactor test retry to only affect CI (#4436)
* Refactor test retry to only affect CI

* Move test install deps out of the retry loop

* Add internal targets to PHONY too
2018-07-24 15:12:48 +01:00
Paul Banks ce214f133b
Update CHANGELOG.md 2018-07-24 12:36:44 +01:00
Paul Banks e954450dec
Merge pull request #4353 from azam/add-serf-lan-wan-port-args
Make RPC, Serf LAN, Serf WAN port configurable from CLI
2018-07-24 12:33:10 +01:00
Peter Souter 0888b435ee Adds Monitoring with Telegraf guide (#4227)
* Installing Telegraf
* Configuring Telegraf 
* Configuring Consul to send metrics to Telegraf
* Important metrics and aggregates
2018-07-23 16:46:43 -07:00
Mitchell Hashimoto 0c31863fb0
Update CHANGELOG.md 2018-07-23 09:18:56 -07:00
Kyle Havlovitz ce10de036e
connect/ca: check LeafCertTTL when rotating expired roots 2018-07-20 16:04:04 -07:00
Paul Banks f8d61976cd
Merge pull request #4427 from hashicorp/connect-api-docs
Add /health/connect to docs and make consistent with /catalog/connect
2018-07-20 21:24:57 +01:00
Mitchell Hashimoto 7fa6bb022f
Merge pull request #4320 from hashicorp/f-alias-check
Add "Alias" Check Type
2018-07-20 13:01:33 -05:00
azam 342bcb1c24 Make Serf LAN & WAN port configurable from CLI
Make RPC port accessible to CLI

Add tests and documentation for server-port, serf-lan-port, serf-wan-port CLI arguments
2018-07-21 02:17:21 +09:00
Paul Banks 56ab8c9000
Add /health/connect to docs and make consistent with /catalog/connect 2018-07-20 16:50:28 +01:00
Matt Keeler 4c00fafe81
Update CHANGELOG.md 2018-07-20 09:00:06 -04:00
Matt Keeler 9b44d0838f
Merge pull request #4407 from hashicorp/proxy-persist
Persist proxies from config files
2018-07-20 08:58:38 -04:00
Jack Pearkes 28c58a9694
readme: add note about security related issues (#4401)
* readme: add note about security related issues

This is a reminder to encourage responsible disclosure (vs. publicly on GitHub) for security-related issues.

* readme: link to security page
2018-07-19 12:43:36 -07:00
Mitchell Hashimoto b3854fdd28
agent/local: silly spacing on select statements 2018-07-19 14:21:30 -05:00
Mitchell Hashimoto 8c72bb0cdf
agent/local: address remaining test feedback 2018-07-19 14:20:50 -05:00
Matt Keeler 560c9c26f7 Use the agent logger instead of log module 2018-07-19 11:22:01 -04:00
Matt Keeler ca5851318d Update a couple erroneous tests. 2018-07-19 09:20:51 -04:00
Mitchell Hashimoto 9f128e40d6
agent/local: don't use time.After in test since notify is instant 2018-07-18 16:16:28 -05:00
Matt Keeler 3fe5f566f2 Persist proxies from config files
Also change how loadProxies works. Now it will load all persisted proxies into a map, then when loading config file proxies will look up the previous proxy token in that map.
2018-07-18 17:04:35 -04:00
John Cowen 0663bdbe90
Merge pull request #4410 from hashicorp/bugfix/gh-4175-service-ip
UI - Bugfix: Show Service IP not the Node IP
2018-07-18 18:39:39 +01:00
John Cowen d4b548ad14
Merge pull request #4383 from hashicorp/feature/ui-tag-text-search
UI - Tag Text Search
2018-07-18 18:38:46 +01:00
John Cowen e7a3235afc Use `some` for the tags search instead of munging and searching 2018-07-18 18:15:03 +01:00
John Cowen 09a885dadd ADd some extra tests to pick up on searching by two joined tags 2018-07-18 18:14:20 +01:00
John Cowen d510e1e6d3 Add basic searching by tags using the freetext search near-term 2018-07-18 18:14:19 +01:00
John Cowen 3c40abcbae Acceptance test for searching service by tag 2018-07-18 18:13:18 +01:00
John Cowen b924ff87df
Merge pull request #4349 from hashicorp/feature/remove-rm-api-double
UI - Stop trying to remove consul-api-double we don't need to anymore
2018-07-18 17:54:21 +01:00
John Cowen 1d31bef0a4 Show the Service.IP address instead of the Node.IP address in detail 2018-07-18 13:37:14 +01:00
John Cowen 24c9037cae Make the tests break by switching to a Service.IP 2018-07-18 13:35:57 +01:00
Matt Keeler b3160ba22d
Update CHANGELOG.md 2018-07-17 13:23:10 -04:00
Matt Keeler 6638a19c1a Put the tree back in dev mode 2018-07-17 13:21:56 -04:00
Matt Keeler 3859291148
Merge pull request #4403 from hashicorp/bugfix/choose-client-address
Fix issue with managed proxies and watches attempting to use a client addr that is 0.0.0.0 or ::
2018-07-17 13:19:53 -04:00
Paul Banks bbbebfc8d7
Merge pull request #4352 from hashicorp/doc-dev-flag-generates-certs
Note that `-dev` generates certs for Connect.
2018-07-17 11:36:02 +01:00
Geoffrey Grosenbach d44f35aa4e Clarify Connect-related implications for `-dev` flag 2018-07-16 14:53:46 -07:00
Kyle Havlovitz 6465b13b7d
website: update docs for leaf cert TTL option 2018-07-16 13:33:42 -07:00
Kyle Havlovitz d6ca015a42
connect/ca: add configurable leaf cert TTL 2018-07-16 13:33:37 -07:00
Matt Keeler c891e264ca Fix issue with choosing a client addr that is 0.0.0.0 or :: 2018-07-16 16:30:15 -04:00
Paul Banks 4ec8c489c0
Merge pull request #4392 from hashicorp/connect-sdk-http
Implement missing HTTP host to ConsulResolver func for Connect SDK.
2018-07-16 13:54:53 +01:00
Siva Prasad 19a691768e
Merge pull request #4393 from MagnumOpus21/master
Docs: Removed text about proxies on Windows not starting up.
2018-07-13 16:12:17 -07:00
Paul Banks fa29fee4b6
Typos 2018-07-13 23:09:34 +01:00
Paul Banks dcd157ec7c
Add notes about hostname gotchas to Connect HTTPClient docs 2018-07-13 23:08:26 +01:00