Commit Graph

10608 Commits (be8fd29052b48410b72955c78356bcd4e48c89c4)

Author SHA1 Message Date
R.B. Boyer c6722fc43d
Merge pull request #5617 from hashicorp/f-acl-ux
Secure ACL Introduction for Kubernetes
2019-04-26 15:34:26 -05:00
Aestek 21a776e202 Fix: fail messages after a node rename replace the new node definition (#5520)
When receiving a serf faild message for a node which is not in the
catalog, do not perform a register request to set is serf heath to
critical as it could overwrite the node information and services if it
was renamed.

Fixes : #5518
2019-04-26 21:33:41 +01:00
R.B. Boyer e47d7eeddb acl: adding support for kubernetes auth provider login (#5600)
* auth providers
* binding rules
* auth provider for kubernetes
* login/logout
2019-04-26 14:49:25 -05:00
R.B. Boyer cc1aa3f973 acl: adding Roles to Tokens (#5514)
Roles are named and can express the same bundle of permissions that can
currently be assigned to a Token (lists of Policies and Service
Identities). The difference with a Role is that it not itself a bearer
token, but just another entity that can be tied to a Token.

This lets an operator potentially curate a set of smaller reusable
Policies and compose them together into reusable Roles, rather than
always exploding that same list of Policies on any Token that needs
similar permissions.

This also refactors the acl replication code to be semi-generic to avoid
3x copypasta.
2019-04-26 14:49:12 -05:00
R.B. Boyer 7928305279 making ACLToken.ExpirationTime a *time.Time value instead of time.Time (#5663)
This is mainly to avoid having the API return "0001-01-01T00:00:00Z" as
a value for the ExpirationTime field when it is not set. Unfortunately
time.Time doesn't respect the json marshalling "omitempty" directive.
2019-04-26 14:48:16 -05:00
R.B. Boyer db43fc3a20 acl: ACL Tokens can now be assigned an optional set of service identities (#5390)
These act like a special cased version of a Policy Template for granting
a token the privileges necessary to register a service and its connect
proxy, and read upstreams from the catalog.
2019-04-26 14:48:04 -05:00
R.B. Boyer 2144bd7fbd acl: tokens can be created with an optional expiration time (#5353) 2019-04-26 14:47:51 -05:00
Matt Keeler 15e80e4e76
Implement bootstrapping proxy defaults from the config file (#5714) 2019-04-26 14:25:03 -04:00
Matt Keeler 5befe0f5d5
Implement config entry replication (#5706) 2019-04-26 13:38:39 -04:00
Matt Keeler 6c885d383a
Update CHANGELOG.md 2019-04-26 12:36:52 -04:00
Matt Keeler 222afeae4c
Move the watch package into the api module (#5664)
* Move the watch package into the api module

It was already just a thin wrapper around the API anyways. The biggest change was to the testing. Instead of using a test agent directly from the agent package it now uses the binary on the PATH just like the other API tests.

The other big changes were to fix up the connect based watch tests so that we didn’t need to pull in the connect package (and therefore all of Consul)
2019-04-26 12:33:01 -04:00
Tyler Ryan cf14e0c2ac fixing inconsitencies in agent/connect API documentation (#5715) 2019-04-26 12:53:20 +01:00
R.B. Boyer cf8b76b2e5
docs: fix some minor acl related typos (#5711) 2019-04-25 12:24:28 -05:00
Alvin Huang abdd8a294c
fix sidebar for install (#5611) 2019-04-25 12:30:35 -04:00
Alvin Huang 8ceca2ace3
Add fmt and vet (#5671)
* add go fmt and vet

* go fmt fixes
2019-04-25 12:26:33 -04:00
Alvin Huang 05946afa0c
Add website analytics back (#5699)
* add website analytics to build

* add segment analytics env var check
2019-04-25 12:24:20 -04:00
Kyle Havlovitz d8f8400fe1
Merge pull request #5700 from hashicorp/service-reg-manager
Use centralized service config on agent service registrations
2019-04-25 06:39:50 -07:00
Kyle Havlovitz 43bfc20dc8 Test an index=0 value in cache.Notify 2019-04-25 02:11:07 -07:00
Freddy f2213f60e0
Update alias checks on local add and remove 2019-04-24 12:17:06 -06:00
Matt Keeler 1a7406885b
Update CHANGELOG.md 2019-04-24 14:12:54 -04:00
Aestek f669bb7b0f Add support for DNS config hot-reload (#4875)
The DNS config parameters `recursors` and `dns_config.*` are now hot
reloaded on SIGHUP or `consul reload` and do not need an agent restart
to be modified.
Config is stored in an atomic.Value and loaded at the beginning of each
request. Reloading only affects requests that start _after_ the
reload. Ongoing requests are not affected. To match the current
behavior the recursor handler is loaded and unloaded as needed on config
reload.
2019-04-24 14:11:54 -04:00
Kyle Havlovitz cba47aa0ca Fix a race in the ready logic 2019-04-24 06:48:11 -07:00
Kyle Havlovitz c269369760 Make central service config opt-in and rework the initial registration 2019-04-24 06:11:08 -07:00
Kyle Havlovitz b58572afbd Fix a race in the service updates 2019-04-23 03:31:24 -07:00
Kyle Havlovitz 88e1d8ce03 Fill out the service manager functionality and fix tests 2019-04-23 00:17:28 -07:00
Kyle Havlovitz 7c25869e67 Add the service registration manager to the agent 2019-04-23 00:17:27 -07:00
Kyle Havlovitz b186c3020c
Merge pull request #5615 from hashicorp/config-entry-rpc
Add RPC endpoints for config entry operations
2019-04-23 00:16:54 -07:00
Kyle Havlovitz fed7595d45 Rename config entry ACL methods 2019-04-22 23:55:11 -07:00
Freddy 3fe3b3e6dc
Clarify -log-rotate-duration string format and default value 2019-04-19 14:07:18 -06:00
Alvin Huang ad36886f90
Remove old redirects file (#5688)
* add directions on how to update the redirects file

* remove old redirects file
2019-04-18 16:47:09 -04:00
Matt Keeler 032d299072
Add missing token field in the service definition in the docs (#5685)
Fixes #5684
2019-04-18 16:05:51 -04:00
Matt Keeler c96faa613d
Update CHANGELOG.md 2019-04-18 15:12:04 -04:00
Matt Keeler e55afa9252
Update go-msgpack version (#5683)
Fixes #4673
Supercedes: #5677 

There was an error decoding `map[string]string` values due to Go strings being immutable. This was fixes in our go-msgpack fork.
2019-04-18 15:10:34 -04:00
Heechul Ryu 66f0e4a2c7 Update consul-containers.html.md (#5645)
To reflect the most recent version
2019-04-18 10:35:21 -05:00
joelcollin 9ca16fcad5 Fixed minor typos. (#5681) 2019-04-18 10:24:19 -05:00
kaitlincarter-hc 66a49e60ea
[docs] Leader Election Guide Updates (#5654)
* Updating the Leader Election guide.

* Update website/source/docs/guides/leader-election.html.md

* updating key name

* Update website/source/docs/guides/leader-election.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>

* Update website/source/docs/guides/leader-election.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-04-17 16:16:15 -05:00
kaitlincarter-hc 5c3d3dd894
Updating network connectivity section based on feedback from Pavani. (#5612) 2019-04-17 16:12:30 -05:00
R.B. Boyer 6269d1f130
tests: actually have TestSessionTTLRenew sleep during execution (#5669)
Due to an unintended order of operations issue with integer division
TestSessionTTLRenew was sleeping for 0s every time.

Also add explicit failures for when the various session renewal returns
nil unexpectedly.
2019-04-17 15:52:23 -05:00
kaitlincarter-hc 59c0174de5
[docs] Geo Failover (#5641)
* Updated the headers, code snippets, and some language.

* Update website/source/docs/guides/geo-failover.html.md

* Changed banking-app to payments

* Update website/source/docs/guides/geo-failover.html.md

Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com>
2019-04-17 13:27:57 -05:00
kaitlincarter-hc 7dcc727b4d
[docs] Server Performance (#5627)
* Moving server performance guide to docs.

* fixing broken links

* updating broken link

* fixing broken links
2019-04-17 13:17:12 -05:00
Paul Banks b427648887
Update CHANGELOG.md 2019-04-17 18:06:22 +01:00
Matt Keeler e81f6aeed0
Update Consul-Dev.dockerfile (#5678)
This was putting the new binary on the wrong path so this wasn't updating the docker image in any effectual way.
2019-04-17 12:21:24 -04:00
Judith Malnick d909766403 Remove redundant word. 2019-04-16 16:03:03 -06:00
kaitlincarter-hc 8b7e2a3e32
[docs] Windows Guide (#5626)
* Updating the windows guide for the migration.

* adding config dir option
2019-04-16 16:14:10 -05:00
Hans Hasselberg 8c182826dc
Update CHANGELOG.md 2019-04-16 20:38:20 +02:00
Matt Keeler 23755fcf46
Fix some broken links (#5670) 2019-04-16 12:40:03 -04:00
Freddy eebc788959
Filter non-passing nodes without modifying cache 2019-04-16 10:29:34 -06:00
Matt Keeler a320a23110
Update CHANGELOG.md 2019-04-16 12:02:03 -04:00
Matt Keeler afa1cc98d1
Implement data filtering of some endpoints (#5579)
Fixes: #4222 

# Data Filtering

This PR will implement filtering for the following endpoints:

## Supported HTTP Endpoints

- `/agent/checks`
- `/agent/services`
- `/catalog/nodes`
- `/catalog/service/:service`
- `/catalog/connect/:service`
- `/catalog/node/:node`
- `/health/node/:node`
- `/health/checks/:service`
- `/health/service/:service`
- `/health/connect/:service`
- `/health/state/:state`
- `/internal/ui/nodes`
- `/internal/ui/services`

More can be added going forward and any endpoint which is used to list some data is a good candidate.

## Usage

When using the HTTP API a `filter` query parameter can be used to pass a filter expression to Consul. Filter Expressions take the general form of:

```
<selector> == <value>
<selector> != <value>
<value> in <selector>
<value> not in <selector>
<selector> contains <value>
<selector> not contains <value>
<selector> is empty
<selector> is not empty
not <other expression>
<expression 1> and <expression 2>
<expression 1> or <expression 2>
```

Normal boolean logic and precedence is supported. All of the actual filtering and evaluation logic is coming from the [go-bexpr](https://github.com/hashicorp/go-bexpr) library

## Other changes

Adding the `Internal.ServiceDump` RPC endpoint. This will allow the UI to filter services better.
2019-04-16 12:00:15 -04:00
Alvin Huang ffc5c33550
interpolate properly (#5665) 2019-04-15 15:29:19 -04:00