Commit Graph

12164 Commits (c34b0885832405a27e582d52c0e7bc4d4efb68dd)

Author SHA1 Message Date
Matt Keeler f2f32735ce
Rename (*Server).forward to (*Server).ForwardRPC
Also get rid of the preexisting shim in server.go that existed before to have this name just call the unexported one.
2020-07-08 11:05:44 -04:00
Matt Keeler d2e4869c7c
Refactor AutoConfig RPC to not have a direct dependency on the Server type
Instead it has an interface which can be mocked for better unit testing that is deterministic and not prone to flakiness.
2020-07-08 11:05:44 -04:00
JohnnyB 5e5dbedd47
Added undocumented CONSUL_NAMESPACE to website. (#8264) 2020-07-08 10:41:42 -04:00
Kenia 2f7fe06f5b
ui: Fix up styling for the Tags tab (#8263) 2020-07-08 09:47:04 -04:00
John Cowen f0333138fe
ui: Use empty-state for our small empty states (#8262) 2020-07-08 14:34:57 +01:00
Daniel Nephin c1b50f757c
Merge pull request #8252 from hashicorp/dnephin/docs-max-age-config
docs: Document that dns_config.cache_max_age=0 means "no max age"
2020-07-07 17:37:35 -04:00
Iryna Shustava 03366573d7
sdk: Use /v1/status/leader endpoint when starting a test server (#8192)
Switch from /v1/agent/self to /v1/status/leader when checking if the test server has come up successfully in the waitForAPI function.

Previously, the test server was relying (probably not intentionally) on the default value of the acl_enforce_version_8 in the TestConfig, which was false. So if you create a test server and enabled ACLs, they would not be enforced and the server would be able to come up pretty quickly because /v1/agent/self would return a 200 status pretty much as soon as the agent is running and most likely before leader election is finished.

Now that we have removed acl_enforce_version_8 property (equivalent to being true by default) if you've created a test server with ACLs enabled, it will need to wait for leader election and for ACLs to be initialized before it'll get a successful response from the /v1/agent/self.

Note: With this change, waitForAPI function no longer requires a 200 response status from the v1/status/leader endpoint. This is because in some tests, namely TestAPI_AgentLeave, we are only running clients, and this endpoint returns a 500 status.
2020-07-07 14:25:17 -07:00
Sabeen Syed 8a6ad77620 docs: Update Consul Enterprise Intro 2020-07-07 16:11:30 -05:00
Daniel Nephin 0cb9d0739f docs: dns_config.cache_max_age=0 2020-07-07 15:24:26 -04:00
John Cowen b5b9c8d953
ui: Remove jQuery from the production build (#8088)
* ui: Split up client/http and replace $.ajax

This splits the client/http service more in the following ways:

1. Connections are now split out into its own service
2. The transport is now split out into its own service that returns a
listener based http transport
3. Various string parsing/stringifying functions are now split out into
utils

* Remove jQuery from our production build

* Move the coverage serving to the server.js file

* Self review amends

* Add X-Requested-With header

* Move some files around, externalize some functions

* Move connection tracking to use native Set

* Ensure HTTP parsing doesn't encode headers

In the future this will change to deal with all HTTP parsing in one
place, hence the commented out METHOD_PARSING etc

* Start to fix up integration tests to use requestParams
2020-07-07 19:58:46 +01:00
John Cowen 22e4e0ac12
ui: Re-adds gray backgrounds to old style %pills (#8251) 2020-07-07 19:03:15 +01:00
Chris Piraino 490ee77535
Update CHANGELOG.md 2020-07-07 10:45:25 -05:00
Chris Piraino 735337b170
Append port number to ingress host domain (#8190)
A port can be sent in the Host header as defined in the HTTP RFC, so we
take any hosts that we want to match traffic to and also add another
host with the listener port added.

Also fix an issue with envoy integration tests not running the
case-ingress-gateway-tls test.
2020-07-07 10:43:04 -05:00
Jeff Escalante 74350bb5c3 learn -> tutorials in subnav 2020-07-06 18:44:30 -04:00
Seth Hoenig a93e44f20c
docs: fix link to connect authorize endpoint (#8248)
/docs/connect/intentions has a broken link presumably meant
to go to /api-docs/agent/connect#authorize

This PR fixes the link.
2020-07-06 16:16:09 -05:00
Blake Covarrubias 59b4a4d836 Update URLs for gateway docs
PRs #7610 and #7962 changed the locations/URLs for the gateway docs
which results in a HTTP 404 Not Found being returned when accessing
the previous URLs.

Update URLs for gateway docs to point to new URLs.

PR #8243 adds corresponding redirects on consul.io.
2020-07-06 11:34:22 -07:00
Kevin Pruett 2d1686c7a1 Append redirects 2020-07-06 09:39:37 -07:00
Kevin Pruett 52d05480c8
Merge pull request #8242 from hashicorp/pruett.ci-fixup
Update Algolia CI script
2020-07-06 11:22:54 -04:00
Kevin Pruett 2abe9b2f50
Update Algolia CI script 2020-07-06 10:09:48 -04:00
Daniel Nephin 5247ef4c70 Remove ACLsEnabled from delegate interface
In all cases (oss/ent, client/server) this method was returning a value from config. Since the
value is consistent, it doesn't need to be part of the delegate interface.
2020-07-03 17:00:20 -04:00
Daniel Nephin a7f69b615a
Merge pull request #8215 from hashicorp/dnephin/support-not-modified-response-server
agent/consul: Add support for NotModified to two endpoints
2020-07-03 16:15:31 -04:00
Pierre Souchay 20d1ea7d2d
Upgrade go-connlimit to v0.3.0 / return http 429 on too many connections (#8221)
Fixes #7527

I want to highlight this and explain what I think the implications are and make sure we are aware:

* `HTTPConnStateFunc` closes the connection when it is beyond the limit. `Close` does not block.
* `HTTPConnStateFuncWithDefault429Handler(10 * time.Millisecond)` blocks until the following is done (worst case):
  1) `conn.SetDeadline(10*time.Millisecond)` so that
  2) `conn.Write(429error)` is guaranteed to timeout after 10ms, so that the http 429 can be written and 
  3) `conn.Close` can happen

The implication of this change is that accepting any new connection is worst case delayed by 10ms. But only after a client reached the limit already.
2020-07-03 09:25:07 +02:00
Daniel Nephin a5e45defb1 agent/http: un-embed the HTTPServer
The embedded HTTPServer struct is not used by the large HTTPServer
struct. It is used by tests and the agent. This change is a small first
step in the process of removing that field.

The eventual goal is to reduce the scope of HTTPServer making it easier
to test, and split into separate packages.
2020-07-02 17:21:12 -04:00
Daniel Nephin 5d36f98710 agent/consul: Add support for NotModified to two endpoints
A query made with AllowNotModifiedResponse and a MinIndex, where the
result has the same Index as MinIndex, will return an empty response
with QueryMeta.NotModified set to true.

Co-authored-by: Pierre Souchay <pierresouchay@users.noreply.github.com>
2020-07-02 17:05:46 -04:00
Jono Sosulska 0cd4178a4c
Fix typos on commandline flags, updated config opts (#8227)
* Fix typos on commandline flags, updated config opts

- Added anchors to https://github.com/hashicorp/consul/pull/8223
- Fix Typos

Updated to include config file options as well as CLI.
2020-07-02 16:13:11 -04:00
Jeff Escalante 9f5624a1a6 remove unneeded mdx provider option 2020-07-02 14:22:29 -04:00
Jeff Escalante 7f5a1223f6 drop out unused font 2020-07-02 14:22:29 -04:00
Jeff Escalante bcca066d80 generate readme 2020-07-02 14:22:29 -04:00
Jeff Escalante b449d7ab5d update dependencies, fapply upgrades, fix breaking changes 2020-07-02 14:22:29 -04:00
Blake Covarrubias 08c92ba880
docs: Fix formatting issues on built-in proxy page (#8005)
Fix markdown formatting and display issues on built-in proxy page.
2020-07-02 12:39:50 -04:00
Rémi Lapeyre 421b9e8ef1
Fix typo in configuration documentation (#7997) 2020-07-02 12:39:23 -04:00
Matt Keeler db387eccd6
Update CHANGELOG.md 2020-07-02 09:57:23 -04:00
Matt Keeler f8e8f48125
Merge pull request #8211 from hashicorp/bugfix/auto-encrypt-various 2020-07-02 09:49:49 -04:00
Hans Hasselberg 1b69a24f36
Update CHANGELOG.md 2020-07-02 13:41:25 +02:00
kaitlincarter-hc b353b5f920
update landing page links to learn to specific guides (#8214) 2020-07-01 14:58:46 -05:00
Kenia 7a1284e11b
ui: Redesign - Node service instances tab (#8204)
* Upgrade consul-api-dobule to version 3.1.3

* Create ConsulInstaceChecks component with test

* Redesign: Service Instaces tab in for a Node

* Update Node tests to work with the ConsulServiceInstancesList

* Style fix to the copy button in the composite-row details

* Delete helper and move logic to ConsulInstanceChecks component

* Delete unused component consul-node-service-list
2020-07-01 10:27:29 -04:00
Matt Keeler 3f04c4a51b
Update CHANGELOG.md 2020-07-01 09:15:26 -04:00
Matt Keeler e0f9e4a2d9
Merge pull request #8218 from yurkeen/fix-dns-rcode 2020-07-01 09:12:59 -04:00
André d06d9ef29e
Update lock.mdx (#8217)
Remove duplicated `-timeout` value.
2020-07-01 14:59:07 +02:00
Hans Hasselberg 95c027a3ea
Update gopsutil (#8208)
https://github.com/shirou/gopsutil/pull/895 is merged and fixes our
problem. Time to update. Since there is no new version just yet,
updating to the sha.
2020-07-01 14:47:56 +02:00
John Cowen 07b49f8887
ui: Ensure routing tab is shown when connect enabled (#8209)
In https://github.com/hashicorp/consul/pull/8065 we attempted to reduce
the amount of times that the UI requests the discovery chain endpoint
when connect is disabled on a datacenter.

Currently we can only tell if connect is disabled on a datacenter by
detecting a 500 error from a connect related endpoint.

In the above PR we mistakenly returned from a catch instead of
rethrowing the error, which meant that when a none 500 error was caught
the discovery chain data would be removed. Whilst at first glance this
doens't seem like a big problem due to the endpoint erroring, but we
also receive a 0 error when we abort endpoints during blocking queries.
This means that in certain cases we can remove cached data for the
discovery chain and then delay reloading it via a blocking query.

This PR replaces the return with a throw, which means that everything is
dealt with correctly via the blocking query error detection/logic.
2020-07-01 10:21:15 +01:00
Yury Evtikhov 10361dd210 DNS: add IsErrQueryNotFound function for easier error evaluation 2020-07-01 03:41:44 +01:00
Yury Evtikhov 8d18422f19 DNS: fix agent returning SERVFAIL where NXDOMAIN should be returned 2020-07-01 01:51:21 +01:00
Yury Evtikhov 3b4ddaaab5 DNS: add test to verify NXDOMAIN is returned when a non-existent domain is queried over RPC 2020-07-01 01:51:16 +01:00
Matt Keeler 6e7acfa618
Add an AutoEncrypt “integration” test
Also fix a bug where Consul could segfault if TLS was enabled but no client certificate was provided. How no one has reported this as a problem I am not sure.
2020-06-30 15:23:29 -04:00
Matt Keeler 2ddcba00c6
Overwrite agent leaf cert trust domain on the servers 2020-06-30 09:59:08 -04:00
Matt Keeler 19040f1166
Store the Connect CA rate limiter on the server
This fixes a bug where auto_encrypt was operating without utilizing a common rate limiter.
2020-06-30 09:59:07 -04:00
Matt Keeler a5a9560bbd
Initialize the agent leaf cert cache result with a state to prevent unnecessary second certificate signing 2020-06-30 09:59:07 -04:00
Matt Keeler 39b567a55a
Fix auto_encrypt IP/DNS SANs
The initial auto encrypt CSR wasn’t containing the user supplied IP and DNS SANs. This fixes that. Also We were configuring a default :: IP SAN. This should be ::1 instead and was fixed.
2020-06-30 09:59:07 -04:00
Davor Kapsa b287ebc1fb
clean cli.Run error message (#8191) 2020-06-30 13:12:29 +02:00