mirror of https://github.com/hashicorp/consul
Merge branch 'main' into main
cui fliter
GitHub
commit
58eef1a54c
|
|
@ -0,0 +1,6 @@
|
|||
```release-note:security
|
||||
Upgrade to support aws/aws-sdk-go `v1.55.5 or higher`. This resolves CVEs
|
||||
[CVE-2020-8911](https://nvd.nist.gov/vuln/detail/cve-2020-8911) and
|
||||
[CVE-2020-8912](https://nvd.nist.gov/vuln/detail/cve-2020-8912).
|
||||
```
|
||||
|
||||
|
|
@ -146,11 +146,15 @@ jobs:
|
|||
path: ./bin
|
||||
- name: restore mode+x
|
||||
run: chmod +x ./bin/consul
|
||||
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0
|
||||
|
||||
- name: Docker build
|
||||
run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
|
||||
|
||||
- name: Envoy Integration Tests
|
||||
id: envoy-integration-tests
|
||||
env:
|
||||
GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
|
||||
GOTESTSUM_FORMAT: standard-verbose
|
||||
|
|
@ -171,6 +175,23 @@ jobs:
|
|||
--packages=./test/integration/connect/envoy \
|
||||
-- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
|
||||
|
||||
# See https://github.com/orgs/community/discussions/8945#discussioncomment-9897011
|
||||
# and overall topic discussion for why this is necessary.
|
||||
- name: Generate artifact ID
|
||||
id: generate-artifact-id
|
||||
if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }}
|
||||
run: |
|
||||
ARTIFACT_ID=$(uuidgen)
|
||||
echo "Artifact ID: $ARTIFACT_ID (search this in job summary for download link)"
|
||||
echo "artifact_id=$ARTIFACT_ID" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Upload failure logs
|
||||
if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }}
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: envoy-${{ matrix.envoy-version }}-logs-${{ env.artifact_id }}
|
||||
path: test/integration/connect/envoy/workdir/logs/
|
||||
|
||||
# NOTE: ENT specific step as we store secrets in Vault.
|
||||
- name: Authenticate to Vault
|
||||
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
||||
|
|
|
|||
|
|
@ -154,6 +154,7 @@ jobs:
|
|||
run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
|
||||
|
||||
- name: Envoy Integration Tests
|
||||
id: envoy-integration-tests
|
||||
env:
|
||||
GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
|
||||
GOTESTSUM_FORMAT: standard-verbose
|
||||
|
|
@ -174,6 +175,23 @@ jobs:
|
|||
--packages=./test/integration/connect/envoy \
|
||||
-- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
|
||||
|
||||
# See https://github.com/orgs/community/discussions/8945#discussioncomment-9897011
|
||||
# and overall topic discussion for why this is necessary.
|
||||
- name: Generate artifact ID
|
||||
id: generate-artifact-id
|
||||
if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }}
|
||||
run: |
|
||||
ARTIFACT_ID=$(uuidgen)
|
||||
echo "Artifact ID: $ARTIFACT_ID (search this in job summary for download link)"
|
||||
echo "artifact_id=$ARTIFACT_ID" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Upload failure logs
|
||||
if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }}
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: envoy-${{ matrix.envoy-version }}-logs-${{ env.artifact_id }}
|
||||
path: test/integration/connect/envoy/workdir/logs/
|
||||
|
||||
# NOTE: ENT specific step as we store secrets in Vault.
|
||||
- name: Authenticate to Vault
|
||||
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
||||
|
|
|
|||
|
|
@ -68,7 +68,7 @@ jobs:
|
|||
runs-on: ${{ needs.setup.outputs.compute-large }}
|
||||
repository-name: ${{ github.repository }}
|
||||
uploaded-binary-name: 'consul-bin'
|
||||
branch-name: "release/1.17.x"
|
||||
branch-name: "release/1.18.x"
|
||||
go-version: ${{ needs.get-go-version.outputs.go-version }}
|
||||
secrets:
|
||||
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
||||
|
|
@ -154,6 +154,7 @@ jobs:
|
|||
run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
|
||||
|
||||
- name: Envoy Integration Tests
|
||||
id: envoy-integration-tests
|
||||
env:
|
||||
GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
|
||||
GOTESTSUM_FORMAT: standard-verbose
|
||||
|
|
@ -174,6 +175,23 @@ jobs:
|
|||
--packages=./test/integration/connect/envoy \
|
||||
-- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
|
||||
|
||||
# See https://github.com/orgs/community/discussions/8945#discussioncomment-9897011
|
||||
# and overall topic discussion for why this is necessary.
|
||||
- name: Generate artifact ID
|
||||
id: generate-artifact-id
|
||||
if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }}
|
||||
run: |
|
||||
ARTIFACT_ID=$(uuidgen)
|
||||
echo "Artifact ID: $ARTIFACT_ID (search this in job summary for download link)"
|
||||
echo "artifact_id=$ARTIFACT_ID" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Upload failure logs
|
||||
if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }}
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: envoy-${{ matrix.envoy-version }}-logs-${{ env.artifact_id }}
|
||||
path: test/integration/connect/envoy/workdir/logs/
|
||||
|
||||
# NOTE: ENT specific step as we store secrets in Vault.
|
||||
- name: Authenticate to Vault
|
||||
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ jobs:
|
|||
runs-on: ${{ needs.setup.outputs.compute-large }}
|
||||
repository-name: ${{ github.repository }}
|
||||
uploaded-binary-name: 'consul-bin'
|
||||
branch-name: "release/1.17.x"
|
||||
branch-name: "release/1.19.x"
|
||||
go-version: ${{ needs.get-go-version.outputs.go-version }}
|
||||
secrets:
|
||||
elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
|
||||
|
|
@ -145,6 +145,7 @@ jobs:
|
|||
run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
|
||||
|
||||
- name: Envoy Integration Tests
|
||||
id: envoy-integration-tests
|
||||
env:
|
||||
GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
|
||||
GOTESTSUM_FORMAT: standard-verbose
|
||||
|
|
@ -165,6 +166,23 @@ jobs:
|
|||
--packages=./test/integration/connect/envoy \
|
||||
-- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
|
||||
|
||||
# See https://github.com/orgs/community/discussions/8945#discussioncomment-9897011
|
||||
# and overall topic discussion for why this is necessary.
|
||||
- name: Generate artifact ID
|
||||
id: generate-artifact-id
|
||||
if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }}
|
||||
run: |
|
||||
ARTIFACT_ID=$(uuidgen)
|
||||
echo "Artifact ID: $ARTIFACT_ID (search this in job summary for download link)"
|
||||
echo "artifact_id=$ARTIFACT_ID" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Upload failure logs
|
||||
if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }}
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: envoy-${{ matrix.envoy-version }}-logs-${{ env.artifact_id }}
|
||||
path: test/integration/connect/envoy/workdir/logs/
|
||||
|
||||
# NOTE: ENT specific step as we store secrets in Vault.
|
||||
- name: Authenticate to Vault
|
||||
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
||||
|
|
|
|||
|
|
@ -13,6 +13,11 @@ on:
|
|||
- 'backport/docs/**'
|
||||
- 'backport/ui/**'
|
||||
- 'backport/mktg-**'
|
||||
push:
|
||||
branches:
|
||||
# Push events on the main branch
|
||||
- main
|
||||
- release/**
|
||||
|
||||
env:
|
||||
TEST_RESULTS_DIR: /tmp/test-results
|
||||
|
|
@ -335,6 +340,7 @@ jobs:
|
|||
run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin
|
||||
|
||||
- name: Envoy Integration Tests
|
||||
id: envoy-integration-tests
|
||||
env:
|
||||
GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml
|
||||
GOTESTSUM_FORMAT: standard-verbose
|
||||
|
|
@ -355,6 +361,23 @@ jobs:
|
|||
--packages=./test/integration/connect/envoy \
|
||||
-- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})"
|
||||
|
||||
# See https://github.com/orgs/community/discussions/8945#discussioncomment-9897011
|
||||
# and overall topic discussion for why this is necessary.
|
||||
- name: Generate artifact ID
|
||||
id: generate-artifact-id
|
||||
if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }}
|
||||
run: |
|
||||
ARTIFACT_ID=$(uuidgen)
|
||||
echo "Artifact ID: $ARTIFACT_ID (search this in job summary for download link)"
|
||||
echo "artifact_id=$ARTIFACT_ID" >> "$GITHUB_ENV"
|
||||
|
||||
- name: Upload failure logs
|
||||
if: ${{ failure() && steps.envoy-integration-tests.conclusion == 'failure' }}
|
||||
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
|
||||
with:
|
||||
name: envoy-${{ matrix.envoy-version }}-logs-${{ env.artifact_id }}
|
||||
path: test/integration/connect/envoy/workdir/logs/
|
||||
|
||||
# NOTE: ENT specific step as we store secrets in Vault.
|
||||
- name: Authenticate to Vault
|
||||
if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }}
|
||||
|
|
|
|||
46
CHANGELOG.md
46
CHANGELOG.md
|
|
@ -1,3 +1,49 @@
|
|||
## 1.19.2 (August 26, 2024)
|
||||
|
||||
SECURITY:
|
||||
|
||||
* ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0 [[GH-21588](https://github.com/hashicorp/consul/issues/21588)]
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
* Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [[GH-21587](https://github.com/hashicorp/consul/issues/21587)]
|
||||
|
||||
BUG FIXES:
|
||||
|
||||
* api-gateway: **(Enterprise only)** ensure clusters are properly created for JWT providers with a remote URI for the JWKS endpoint [[GH-21604](https://github.com/hashicorp/consul/issues/21604)]
|
||||
|
||||
## 1.18.4 Enterprise (August 26, 2024)
|
||||
|
||||
Enterprise LTS: Consul Enterprise 1.18 is a Long-Term Support (LTS) release.
|
||||
|
||||
SECURITY:
|
||||
* ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
* Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [[GH-21587](https://github.com/hashicorp/consul/issues/21587)]
|
||||
|
||||
## 1.17.7 Enterprise (August 26, 2024)
|
||||
|
||||
SECURITY:
|
||||
* ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
* Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [[GH-21587](https://github.com/hashicorp/consul/issues/21587)]
|
||||
|
||||
## 1.15.14 Enterprise (August 26, 2024)
|
||||
|
||||
Enterprise LTS: Consul Enterprise 1.15 is a Long-Term Support (LTS) release.
|
||||
|
||||
SECURITY:
|
||||
|
||||
* ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0 [[GH-21588](https://github.com/hashicorp/consul/issues/21588)]
|
||||
|
||||
IMPROVEMENTS:
|
||||
|
||||
* Use Envoy's default for a route's validate_clusters option, which is false. This fixes a case where non-existent clusters could cause a route to no longer route to any of its backends, including existing ones. [[GH-21587](https://github.com/hashicorp/consul/issues/21587)]
|
||||
|
||||
## 1.19.1 (July 11, 2024)
|
||||
|
||||
SECURITY:
|
||||
|
|
|
|||
|
|
@ -22,12 +22,13 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/armon/go-metrics/prometheus"
|
||||
"golang.org/x/time/rate"
|
||||
|
||||
"github.com/hashicorp/go-bexpr"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
"github.com/hashicorp/go-multierror"
|
||||
"github.com/hashicorp/go-sockaddr/template"
|
||||
"github.com/hashicorp/memberlist"
|
||||
"golang.org/x/time/rate"
|
||||
|
||||
"github.com/hashicorp/consul/agent/cache"
|
||||
"github.com/hashicorp/consul/agent/checks"
|
||||
|
|
@ -774,6 +775,7 @@ func (b *builder) build() (rt RuntimeConfig, err error) {
|
|||
if err != nil {
|
||||
return RuntimeConfig{}, fmt.Errorf("config_entries.bootstrap[%d]: %s", i, err)
|
||||
}
|
||||
// Ensure Normalize is called before Validate for accurate validation
|
||||
if err := entry.Normalize(); err != nil {
|
||||
return RuntimeConfig{}, fmt.Errorf("config_entries.bootstrap[%d]: %s", i, err)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -612,7 +612,7 @@ func TestConfig_Apply_CAS(t *testing.T) {
|
|||
{
|
||||
"Kind": "service-defaults",
|
||||
"Name": "foo",
|
||||
"Protocol": "udp"
|
||||
"Protocol": "http"
|
||||
}
|
||||
`))
|
||||
req, _ = http.NewRequest("PUT", "/v1/config?cas=0", body)
|
||||
|
|
@ -628,7 +628,7 @@ func TestConfig_Apply_CAS(t *testing.T) {
|
|||
{
|
||||
"Kind": "service-defaults",
|
||||
"Name": "foo",
|
||||
"Protocol": "udp"
|
||||
"Protocol": "http"
|
||||
}
|
||||
`))
|
||||
req, _ = http.NewRequest("PUT", fmt.Sprintf("/v1/config?cas=%d", entry.GetRaftIndex().ModifyIndex), body)
|
||||
|
|
|
|||
|
|
@ -10,10 +10,11 @@ import (
|
|||
|
||||
metrics "github.com/armon/go-metrics"
|
||||
"github.com/armon/go-metrics/prometheus"
|
||||
hashstructure_v2 "github.com/mitchellh/hashstructure/v2"
|
||||
|
||||
"github.com/hashicorp/go-bexpr"
|
||||
"github.com/hashicorp/go-hclog"
|
||||
memdb "github.com/hashicorp/go-memdb"
|
||||
hashstructure_v2 "github.com/mitchellh/hashstructure/v2"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/configentry"
|
||||
|
|
@ -85,6 +86,7 @@ func (c *ConfigEntry) Apply(args *structs.ConfigEntryRequest, reply *bool) error
|
|||
}
|
||||
|
||||
// Normalize and validate the incoming config entry as if it came from a user.
|
||||
// Ensure Normalize is called before Validate for accurate validation
|
||||
if err := args.Entry.Normalize(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,11 +6,11 @@ package consul
|
|||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"github.com/oklog/ulid/v2"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"os"
|
||||
"testing"
|
||||
|
||||
"github.com/oklog/ulid/v2"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/hashicorp/consul/agent/structs"
|
||||
|
|
@ -129,7 +129,7 @@ func TestReplication_ConfigEntries(t *testing.T) {
|
|||
Entry: &structs.ServiceConfigEntry{
|
||||
Kind: structs.ServiceDefaults,
|
||||
Name: fmt.Sprintf("svc-%d", i),
|
||||
Protocol: "udp",
|
||||
Protocol: "tcp",
|
||||
},
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -771,6 +771,12 @@ func (s *Server) runACLReplicator(
|
|||
|
||||
index, exit, err := replicateFunc(ctx, logger, lastRemoteIndex)
|
||||
if exit {
|
||||
metrics.SetGauge([]string{"leader", "replication", metricName, "status"},
|
||||
0,
|
||||
)
|
||||
metrics.SetGauge([]string{"leader", "replication", metricName, "index"},
|
||||
0,
|
||||
)
|
||||
return nil
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -153,6 +153,12 @@ func (r *Replicator) Run(ctx context.Context) error {
|
|||
// Perform a single round of replication
|
||||
index, exit, err := r.delegate.Replicate(ctx, atomic.LoadUint64(&r.lastRemoteIndex), r.logger)
|
||||
if exit {
|
||||
metrics.SetGauge([]string{"leader", "replication", r.delegate.MetricName(), "status"},
|
||||
0,
|
||||
)
|
||||
metrics.SetGauge([]string{"leader", "replication", r.delegate.MetricName(), "index"},
|
||||
0,
|
||||
)
|
||||
return nil
|
||||
}
|
||||
if err != nil {
|
||||
|
|
|
|||
|
|
@ -12,12 +12,11 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/miekg/dns"
|
||||
|
||||
"github.com/hashicorp/go-multierror"
|
||||
"github.com/mitchellh/hashstructure"
|
||||
"github.com/mitchellh/mapstructure"
|
||||
|
||||
"github.com/hashicorp/consul-net-rpc/go-msgpack/codec"
|
||||
"github.com/hashicorp/go-multierror"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/cache"
|
||||
|
|
@ -269,6 +268,12 @@ func (e *ServiceConfigEntry) Validate() error {
|
|||
validationErr = multierror.Append(validationErr, fmt.Errorf("invalid value for balance_inbound_connections: %v", e.BalanceInboundConnections))
|
||||
}
|
||||
|
||||
switch e.Protocol {
|
||||
case "", "http", "http2", "grpc", "tcp":
|
||||
default:
|
||||
validationErr = multierror.Append(validationErr, fmt.Errorf("invalid value for protocol: %v", e.Protocol))
|
||||
}
|
||||
|
||||
// External endpoints are invalid with an existing service's upstream configuration
|
||||
if e.UpstreamConfig != nil && e.Destination != nil {
|
||||
validationErr = multierror.Append(validationErr, errors.New("UpstreamConfig and Destination are mutually exclusive for service defaults"))
|
||||
|
|
|
|||
|
|
@ -10,12 +10,12 @@ import (
|
|||
"time"
|
||||
|
||||
"github.com/google/go-cmp/cmp"
|
||||
"github.com/hashicorp/hcl"
|
||||
"github.com/mitchellh/copystructure"
|
||||
"github.com/stretchr/testify/assert"
|
||||
"github.com/stretchr/testify/require"
|
||||
|
||||
"github.com/hashicorp/consul-net-rpc/go-msgpack/codec"
|
||||
"github.com/hashicorp/hcl"
|
||||
|
||||
"github.com/hashicorp/consul/acl"
|
||||
"github.com/hashicorp/consul/agent/cache"
|
||||
|
|
@ -3225,6 +3225,14 @@ func TestServiceConfigEntry(t *testing.T) {
|
|||
},
|
||||
validateErr: `Invalid MutualTLSMode "invalid-mtls-mode". Must be one of "", "strict", or "permissive".`,
|
||||
},
|
||||
"validate: invalid Protocol in service-defaults": {
|
||||
entry: &ServiceConfigEntry{
|
||||
Kind: ServiceDefaults,
|
||||
Name: "web",
|
||||
Protocol: "blah",
|
||||
},
|
||||
validateErr: `invalid value for protocol: blah`,
|
||||
},
|
||||
}
|
||||
testConfigEntryNormalizeAndValidate(t, cases)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -104,7 +104,7 @@ func TestAPI_ConfigEntries(t *testing.T) {
|
|||
service := &ServiceConfigEntry{
|
||||
Kind: ServiceDefaults,
|
||||
Name: "foo",
|
||||
Protocol: "udp",
|
||||
Protocol: "http",
|
||||
MutualTLSMode: MutualTLSModeStrict,
|
||||
Meta: map[string]string{
|
||||
"foo": "bar",
|
||||
|
|
@ -124,7 +124,7 @@ func TestAPI_ConfigEntries(t *testing.T) {
|
|||
service2 := &ServiceConfigEntry{
|
||||
Kind: ServiceDefaults,
|
||||
Name: "bar",
|
||||
Protocol: "tcp",
|
||||
Protocol: "http",
|
||||
Destination: dest,
|
||||
}
|
||||
|
||||
|
|
@ -176,7 +176,7 @@ func TestAPI_ConfigEntries(t *testing.T) {
|
|||
require.True(t, written)
|
||||
|
||||
// update no cas
|
||||
service.Protocol = "http"
|
||||
service.Protocol = "tcp"
|
||||
|
||||
_, wm, err = config_entries.Set(service, nil)
|
||||
require.NoError(t, err)
|
||||
|
|
|
|||
|
|
@ -7,11 +7,15 @@ replace (
|
|||
github.com/hashicorp/consul/sdk => ../sdk
|
||||
)
|
||||
|
||||
retract v1.28.0 // tag was mutated
|
||||
retract (
|
||||
v1.28.0 // tag was mutated
|
||||
v1.27.1 // tag was mutated
|
||||
v1.21.2 // tag was mutated
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/google/go-cmp v0.5.9
|
||||
github.com/hashicorp/consul/proto-public v0.6.1
|
||||
github.com/hashicorp/consul/proto-public v0.6.2
|
||||
github.com/hashicorp/consul/sdk v0.16.1
|
||||
github.com/hashicorp/go-cleanhttp v0.5.2
|
||||
github.com/hashicorp/go-hclog v1.5.0
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ func TestConfigWrite(t *testing.T) {
|
|||
_, err := f.WriteString(`
|
||||
Kind = "service-defaults"
|
||||
Name = "web"
|
||||
Protocol = "udp"
|
||||
Protocol = "tcp"
|
||||
`)
|
||||
|
||||
require.NoError(t, err)
|
||||
|
|
@ -65,7 +65,7 @@ func TestConfigWrite(t *testing.T) {
|
|||
require.True(t, ok)
|
||||
require.Equal(t, api.ServiceDefaults, svc.Kind)
|
||||
require.Equal(t, "web", svc.Name)
|
||||
require.Equal(t, "udp", svc.Protocol)
|
||||
require.Equal(t, "tcp", svc.Protocol)
|
||||
})
|
||||
|
||||
t.Run("Stdin", func(t *testing.T) {
|
||||
|
|
@ -170,6 +170,27 @@ kind = "proxy-defaults"
|
|||
`Config entry written: proxy-defaults/global`)
|
||||
require.Equal(t, 0, code)
|
||||
})
|
||||
|
||||
// Test that protocol field is first normalized and then validated
|
||||
// before writing the config entry
|
||||
t.Run("service defaults config entry mixed case in protocol field", func(t *testing.T) {
|
||||
stdin := new(bytes.Buffer)
|
||||
stdin.WriteString(`
|
||||
Kind = "service-defaults"
|
||||
Name = "web"
|
||||
Protocol = "TcP"
|
||||
`)
|
||||
|
||||
ui := cli.NewMockUi()
|
||||
c := New(ui)
|
||||
c.testStdin = stdin
|
||||
|
||||
code := c.Run([]string{"-http-addr=" + a.HTTPAddr(), "-"})
|
||||
require.Empty(t, ui.ErrorWriter.String())
|
||||
require.Contains(t, ui.OutputWriter.String(),
|
||||
`Config entry written: service-defaults/web`)
|
||||
require.Equal(t, 0, code)
|
||||
})
|
||||
}
|
||||
|
||||
func TestConfigWrite_Warning(t *testing.T) {
|
||||
|
|
|
|||
|
|
@ -8,10 +8,12 @@ replace (
|
|||
github.com/hashicorp/consul/sdk => ../sdk
|
||||
)
|
||||
|
||||
retract v0.7.2 // tag was mutated
|
||||
|
||||
require (
|
||||
github.com/envoyproxy/go-control-plane v0.12.0
|
||||
github.com/google/go-cmp v0.5.9
|
||||
github.com/hashicorp/consul/api v1.29.1
|
||||
github.com/hashicorp/consul/api v1.29.4
|
||||
github.com/hashicorp/consul/sdk v0.16.1
|
||||
github.com/hashicorp/go-hclog v1.5.0
|
||||
github.com/hashicorp/go-multierror v1.1.1
|
||||
|
|
|
|||
10
go.mod
10
go.mod
|
|
@ -23,7 +23,7 @@ require (
|
|||
github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e
|
||||
github.com/armon/go-metrics v0.4.1
|
||||
github.com/armon/go-radix v1.0.0
|
||||
github.com/aws/aws-sdk-go v1.44.289
|
||||
github.com/aws/aws-sdk-go v1.55.5
|
||||
github.com/coreos/go-oidc/v3 v3.9.0
|
||||
github.com/deckarep/golang-set/v2 v2.3.1
|
||||
github.com/docker/go-connections v0.4.0
|
||||
|
|
@ -43,11 +43,11 @@ require (
|
|||
github.com/hashi-derek/grpc-proxy v0.0.0-20231207191910-191266484d75
|
||||
github.com/hashicorp/consul-awsauth v0.0.0-20220713182709-05ac1c5c2706
|
||||
github.com/hashicorp/consul-net-rpc v0.0.0-20221205195236-156cfab66a69
|
||||
github.com/hashicorp/consul/api v1.29.1
|
||||
github.com/hashicorp/consul/envoyextensions v0.7.0
|
||||
github.com/hashicorp/consul/proto-public v0.6.1
|
||||
github.com/hashicorp/consul/api v1.29.4
|
||||
github.com/hashicorp/consul/envoyextensions v0.7.3
|
||||
github.com/hashicorp/consul/proto-public v0.6.2
|
||||
github.com/hashicorp/consul/sdk v0.16.1
|
||||
github.com/hashicorp/consul/troubleshoot v0.6.1
|
||||
github.com/hashicorp/consul/troubleshoot v0.7.1
|
||||
github.com/hashicorp/go-bexpr v0.1.2
|
||||
github.com/hashicorp/go-checkpoint v0.5.0
|
||||
github.com/hashicorp/go-cleanhttp v0.5.2
|
||||
|
|
|
|||
8
go.sum
8
go.sum
|
|
@ -121,8 +121,8 @@ github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgI
|
|||
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so=
|
||||
github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw=
|
||||
github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0=
|
||||
github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0=
|
||||
github.com/aws/aws-sdk-go v1.44.289/go.mod h1:aVsgQcEevwlmQ7qHE9I3h+dtQgpqhFB+i8Phjh7fkwI=
|
||||
github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU=
|
||||
github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU=
|
||||
github.com/benbjohnson/immutable v0.4.0 h1:CTqXbEerYso8YzVPxmWxh2gnoRQbbB9X1quUC8+vGZA=
|
||||
github.com/benbjohnson/immutable v0.4.0/go.mod h1:iAr8OjJGLnLmVUr9MZ/rz4PWUy6Ouc2JLYuMArmvAJM=
|
||||
github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
|
||||
|
|
@ -1013,7 +1013,6 @@ golang.org/x/net v0.0.0-20210503060351-7fd8e65b6420/go.mod h1:9nx3DQGgdP8bBQD5qx
|
|||
golang.org/x/net v0.0.0-20210726213435-c6fcb2dbf985/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y=
|
||||
golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c=
|
||||
golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco=
|
||||
golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
|
||||
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
|
||||
golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w=
|
||||
|
|
@ -1125,7 +1124,6 @@ golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBc
|
|||
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
|
|
@ -1134,7 +1132,6 @@ golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y=
|
|||
golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
|
||||
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
|
||||
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
|
||||
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
|
||||
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
|
||||
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
|
||||
|
|
@ -1150,7 +1147,6 @@ golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
|||
golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
|
||||
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
|
||||
golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
|
||||
golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
|
||||
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
|
||||
golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ toolchain go1.22.5
|
|||
|
||||
require (
|
||||
github.com/google/go-cmp v0.5.9
|
||||
github.com/hashicorp/consul/api v1.29.1
|
||||
github.com/hashicorp/consul/proto-public v0.6.1
|
||||
github.com/hashicorp/consul/api v1.29.4
|
||||
github.com/hashicorp/consul/proto-public v0.6.2
|
||||
github.com/hashicorp/consul/sdk v0.16.1
|
||||
github.com/hashicorp/consul/test/integration/consul-container v0.0.0-20230628201853-bdf4fad7c5a5
|
||||
github.com/hashicorp/consul/testing/deployer v0.0.0-20230811171106-4a0afb5d1373
|
||||
|
|
|
|||
|
|
@ -553,8 +553,7 @@ function suite_setup {
|
|||
docker run --sysctl net.ipv6.conf.all.disable_ipv6=1 -d --name envoy_workdir_1 \
|
||||
$WORKDIR_SNIPPET \
|
||||
--net=none \
|
||||
k8s.gcr.io/pause &>/dev/null
|
||||
# TODO(rb): switch back to "${HASHICORP_DOCKER_PROXY}/google/pause" once that is cached
|
||||
registry.k8s.io/pause &>/dev/null
|
||||
|
||||
# pre-build the verify container
|
||||
echo "Rebuilding 'bats-verify' image..."
|
||||
|
|
|
|||
|
|
@ -12,9 +12,9 @@ require (
|
|||
github.com/evanphx/json-patch v4.12.0+incompatible
|
||||
github.com/go-jose/go-jose/v3 v3.0.3
|
||||
github.com/hashicorp/consul v1.16.1
|
||||
github.com/hashicorp/consul/api v1.29.1
|
||||
github.com/hashicorp/consul/envoyextensions v0.7.0
|
||||
github.com/hashicorp/consul/proto-public v0.6.1
|
||||
github.com/hashicorp/consul/api v1.29.4
|
||||
github.com/hashicorp/consul/envoyextensions v0.7.3
|
||||
github.com/hashicorp/consul/proto-public v0.6.2
|
||||
github.com/hashicorp/consul/sdk v0.16.1
|
||||
github.com/hashicorp/consul/testing/deployer v0.0.0-20230811171106-4a0afb5d1373
|
||||
github.com/hashicorp/go-cleanhttp v0.5.2
|
||||
|
|
|
|||
|
|
@ -6,8 +6,8 @@ require (
|
|||
github.com/avast/retry-go v3.0.0+incompatible
|
||||
github.com/google/go-cmp v0.5.9
|
||||
github.com/hashicorp/consul-server-connection-manager v0.1.4
|
||||
github.com/hashicorp/consul/api v1.26.1
|
||||
github.com/hashicorp/consul/proto-public v0.6.1
|
||||
github.com/hashicorp/consul/api v1.29.4
|
||||
github.com/hashicorp/consul/proto-public v0.6.2
|
||||
github.com/hashicorp/consul/sdk v0.16.1
|
||||
github.com/hashicorp/go-cleanhttp v0.5.2
|
||||
github.com/hashicorp/go-hclog v1.5.0
|
||||
|
|
|
|||
|
|
@ -14,11 +14,17 @@ exclude (
|
|||
github.com/hashicorp/go-msgpack v1.1.6 // contains retractions but same as v1.1.5
|
||||
)
|
||||
|
||||
retract (
|
||||
v0.6.4 // tag was mutated
|
||||
v0.6.2 // tag has incorrect line of deps
|
||||
v0.6.1 // tag has incorrect line of deps
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/envoyproxy/go-control-plane v0.12.0
|
||||
github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfbe53e
|
||||
github.com/hashicorp/consul/api v1.29.1
|
||||
github.com/hashicorp/consul/envoyextensions v0.7.0
|
||||
github.com/hashicorp/consul/api v1.29.4
|
||||
github.com/hashicorp/consul/envoyextensions v0.7.3
|
||||
github.com/hashicorp/consul/sdk v0.16.1
|
||||
github.com/stretchr/testify v1.8.4
|
||||
google.golang.org/protobuf v1.33.0
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
1.20.0-dev
|
||||
1.19.3-dev
|
||||
|
|
|
|||
|
|
@ -9,15 +9,6 @@ description: >-
|
|||
|
||||
This topic describes core concepts associated with the optional access control list (ACL) system shipped with Consul. ACLs authenticate requests and authorize access to resources. They also control access to the Consul UI, API, and CLI, as well as secure service-to-service and agent-to-agent communication.
|
||||
|
||||
Refer to the following tutorials for step-by-step instructions on how to get started using ACLs:
|
||||
|
||||
- [Bootstrap and Explore ACLs]
|
||||
- [Secure Consul with ACLs]
|
||||
- [Troubleshoot the ACL System](/consul/tutorials/security/access-control-troubleshoot)
|
||||
|
||||
[bootstrap and explore acls]: /consul/tutorials/security/access-control-setup-production?utm_source=docs
|
||||
[secure consul with acls]: /consul/tutorials/security/access-control-setup-production
|
||||
|
||||
Refer to the [ACL API reference](/consul/api-docs/acl) and [ACL CLI reference](/consul/commands/acl) for additional usage information.
|
||||
|
||||
## Workflow overview
|
||||
|
|
|
|||
Loading…
Reference in New Issue