mirror of https://github.com/hashicorp/consul
SECVULN-8621_consul_api_validate_request_content_type
backport/rboyer/fix-manual-vip-writes/jointly-sweet-dingo
release/1.20.x
main
dependabot/go_modules/github.com/hashicorp/hcp-sdk-go-0.124.0
dependabot/go_modules/github.com/aliyun/alibaba-cloud-sdk-go-1.63.54
backport/docs/change-backendRefs-api-group/largely-working-woodcock
dependabot/go_modules/k8s.io/apimachinery-0.31.3
dependabot/go_modules/github.com/olekukonko/tablewriter-0.0.5
dependabot/npm_and_yarn/ui/cross-spawn-6.0.6
dependabot/npm_and_yarn/website/husky-9.1.7
dependabot/github_actions/slackapi/slack-github-action-2.0.0
SuyashHashiCorp-patch-2
SuyashHashiCorp-patch-1-1
dependabot/go_modules/go.opentelemetry.io/otel/metric-1.32.0
dependabot/go_modules/golang.org/x/oauth2-0.24.0
backport/SECVULN-8633-TOB-CONSUL24-17-Consul-configuration-allows-repeated-keys/publicly-deciding-hookworm
dependabot/npm_and_yarn/website/next-15.0.3
dependabot/go_modules/github.com/hashicorp/raft-1.7.1
dependabot/go_modules/github.com/hashicorp/go-sockaddr-1.0.7
dependabot/go_modules/github.com/hashicorp/raft-boltdb/v2-2.3.0
dependabot/go_modules/gotest.tools/v3-3.5.1
backport/docs/CE-749-remove-references-from-consul/humbly-leading-emu
release/1.18.x
release/1.19.x
release/1.15.x
backup_grafana-dashboards
dependabot/npm_and_yarn/ui/elliptic-6.6.0
release/1.18.5
release/1.15.15
release/1.19.3
release/1.20.1
dependabot/github_actions/actions/setup-go-5.1.0
dhiaayachi/fix-trustbundle-peers
zalimeni/go-work
backport/zalimeni/feature/net-1151-l7-intentions-security-fixes--api-docs-1.19
dhiaayachi/raft-wal-backend-as-default
release/1.20.0
zalimeni/feature/net-1151-l7-intentions-security-fixes--archive
backport/Suppress-CVE-2024-8096/quietly-brief-koala
dependabot/github_actions/golangci/golangci-lint-action-6.1.1
dependabot/npm_and_yarn/ui/rollup-2.79.2
zalimeni/test-ci-skips
feature/envoy-support-tlsv13
release/1.20.0-rc1
backport/fix-changelog/nearly-grown-kangaroo
bump/go-and-envoy/rc1.20
dhiaayachi/raft-wal-backend-as-default-code
NET-8983/raft-version-bump
ci/update-security-scanner-token
backport/Suppress-CVE-2024-8096/gradually-brave-ewe
zalimeni/dhiaayachi/raft-wal-backend-as-default--suggestions
b-ui/manual-backport-d3-color
SECVULN-8533-lodash-template
upgrade-1.3-dataplane-to-1.6-dataplane
ui/codemirror-lint-removal
ui/de-lint
ui/remove-jsonlint-dep
SECVULN-6892-word-wrap
dependabot/npm_and_yarn/ui/express-4.20.0
dependabot/go_modules/test/integration/consul-container/github.com/docker/docker-25.0.6incompatible
jm/ent-deps
dependabot/go_modules/test-integ/github.com/docker/docker-25.0.6incompatible
release/1.17.x
may-alignment
dependabot/go_modules/test/integration/consul-container/github.com/opencontainers/runc-1.1.14
dependabot/npm_and_yarn/ui/webpack-5.94.0
release/1.17.7
release/1.18.4
release/1.19.2
jm/release-1.18.4
release/1.16.x
jm/retract
jm/1.9-sub
jm/1.5-sub
jm/1.19-updated-go-mods
using-art-hashi
apivalidateclusters
adds-helm-docs-update-from-1-4-2-consul-k8s
NET-10719-fix-apigw-jwt-cluster-generation
temp
backport/NET-8717-Vulnerabilities-in-consul-enterprise-d3-color/accurately-normal-snipe
artifact-manifest/main/smoothly-fresh-quagga
NET-10248-consul-cross-namespace-requests-to-a-terminating-gateway-fail-with-no-healthy-upstream
revert-21572-zalimeni/update-bpa
update-to-blessed-fork-of-mapstucture
dependabot/github_actions/docker/setup-qemu-action-3.2.0
optimized-seek-prefix-watch
fix-tests
dependabot/npm_and_yarn/website/prettier-3.3.3
dependabot/github_actions/browser-actions/setup-chrome-1.7.2
release/1.19.1
backport/update-envoy/merely-stunning-doberman
NET-10288-Bump-go-to-resolve-CVE-2024-24791
backport/zalimeni/net-5622-consolidate-envoy-version-mgmt/similarly-crisp-mako
jm/bpa
backport/NET-10288-Bump-go-to-resolve-CVE-2024-24791/wrongly-optimal-lamprey
NET-10290-Bump-envoy-to-resolve-CVE-2024-39305
iradix-improved
zs.test-mdx-fixes
zalimeni/net-5622-consolidate-envoy-version-mgmt-1.18
zalimeni/net-5622-consolidate-envoy-version-mgmt-test-1.19-nightly
zalimeni/fix-nightly-branch-sourcing-get-go-version
test/zalimeni/docs-skip-mdx
test/zalimeni/docs-skip-md
smre-317/redhat-projectid
backport/docs/1-19-release-notes-fix/factually-evolving-koala
backport/docs/external-crd-fix/accurately-talented-cobra
release/1.19.0
dan/1.19.0/changelog-update
zalimeni/net-5622-consolidate-envoy-version-mgmt-test-nightly-upgrade
zalimeni/net-5622-consolidate-envoy-version-mgmt-1.17
backport/CE-577-release-notes/namely-fleet-lionfish
dans/remove-multiport-docs
backport/CE-564-external-services-crd/carefully-generous-kodiak
zalimeni/update-submodules-post-1.5.0
backport/CE-572-file-system-certificate/slowly-pure-herring
security/ui-dependency-bump
HCPCP-1619-unix-socket-host
dhiaayachi/go-toolchain
rboyer/deployer-with-v2-tproxy-bookmark
dans/test-pr-labeler
net-6706
make-codegen
art
release/1.18.2
revert-version-updates
backport/jm/ui-main/openly-ace-mole
release/1.16.8
release/1.17.5
docs/waf-page-migration
backport/zalimeni/test-bpa-0.4.1/urgently-accepted-snipe
net-8416-add-gateway-api-request-redirect-filter
zalimeni/net-9229-remove-coredns-1.16
sarah/test-license-script
sarah/test-reproducible-build
backport/zalimeni/k8s-1.4.0-docs-feedback/willingly-strong-pony
backport/zalimeni/net-9224-bump-go-1.21.10/uniquely-bold-jackal
SuyashHashiCorp-patch-1
security/auto-go-bump
backport/security-coredns-fix/1.15.x
backport/security-coredns-fix/1.16.x
backport/security-coredns-fix/1.17.x
release/1.15.12
zalimeni/test-ent-license-exclusion
zalimeni/test-ent-license-exclusion-2
zalimeni/test-ent-license-exclusion--baseline-main
zalimeni/net-9141-exclude-ce-license-ent
backport/zalimeni/upgrade-vault-remove-go-jose.v2/usually-quality-locust
backport/zalimeni/upgrade-vault-remove-go-jose.v2/extremely-feasible-rat
backport/zalimeni/upgrade-vault-remove-go-jose.v2/privately-square-walrus
dans/remove-ws-from-jira-gha
docs/krastin/nomad-for-consul
docs/manual-backport-kv-page
docs/manual-backport-for-LTS
kv-1.10.8-withlogs
ds-nd/net-9016-kvdataloss
kv-1.14.8-withlogs
jm-net-5879
backport/docs/tutorial-refresh-support/mostly-settled-alien
backport/docs/tutorial-refresh-support/yearly-integral-clam
backport/file-system-certificate/formally-top-minnow
docs/consul-ia-experiment
zalimeni/verify-docker-engine-version
zalimeni/test/main-baseline-envoy-int-tests
NET-6821-Host-Header-Rewrite
docs/add-partition-query-api
hack-hcp-integration-split
backport/david-yu-build-dockerfile/mutually-assuring-albacore
backport/david-yu-patch-3/informally-factual-colt
release/1.18.1
docs/cluster-peering-improvements
backport/add-tests-for-gw-proxy-controller/loosely-primary-crane
NET-6820-Mesh-GW-Customize-mesh-gateway-proxy-limits
jm/NET-8431
dependabot/npm_and_yarn/ui/follow-redirects-1.15.6
docs/jkirschner-hashicorp-patch-1
release/1.14.x
revert-20682-CC-7479-add-alert-to-link-to-hcp-modal-to-refresh-page
backport/david-yu-gke-autopilot/internally-sharp-thrush
proxycfg-deadlock-2
proxycfg-deadlock
zalimeni/submodules-to-go-work
sqm
backport/david-yu-cleanup-1-18/distinctly-stirring-catfish
david-yu-patch-2
backport/release/1.18.0-followup
release/1.18.0
zalimeni/no-op-test-ci-1.14
backport/zalimeni/net-6741-add-make-target-dependency-update-modules/partly-welcome-unicorn
skpratt/resource-api-support
manual-backport-1.8.0-ingress-gateway
backport/zalimeni/net-7713-v2-docs-virtual-port-ref-k8s--1.18.0
rboyer/xds-refactor
service-endpoints-id-ports
nickcellino/link-status
david-yu-v2-update
computed-gateway-routes-spike
backport/david-yu-gke-autopilot/recently-driving-dingo
backport/zalimeni/net-6741-add-make-target-dependency-update-modules/entirely-genuine-koi
jm/cc
zalimeni/dns-recurse-only-if-enabled
rboyer/proxy-configuration-cache
update-link-to-documents-from-link-to-hcp-modal
net-8075/certs-for-api-gateways
net-7986/routes-for-api-gateways
rboyer/fix-v2-testing
net-7953/adjust-computed-gateway-protos
net-7984/clusters-for-api-gateways
listener-route-spike
release/1.15.10
ashwin-michael/crd-auto-generation
release/1.17.3
release/1.16.6
backport/fix-ent-merge/enormously-close-sculpin
backport/link-to-hcp-modal-error-when-acls-disabled/severely-cool-sparrow
nicoleta/bum-envoy-on-1.15.x
nicoleta/bump-envoy-on-1.18.x
docs/consul-ia-experiment-cts-adam
nicoleta/bump-envoy
dyu/envoy-bump
johnlanda/bench
dans/NET-7910/v2-dns-enable-peering
backport/docs/lkysow/verify-outgoing/luckily-viable-anchovy
backport/docs/lkysow/verify-outgoing/sincerely-expert-buck
backport/docs/lkysow/verify-outgoing/strictly-well-sheepdog
backport/backport/remove-CONSUL_HCP_LINK_ENABLED-flag/scarcely-precise-silkworm-manual
CC-7146/hcp-link-item-in-the-nav-bar
nd/net-7510-openapi-followup-matt-poc
backport/cc-7147-link-to-hcp-modal/kindly-verified-snipe
backport/remove-CONSUL_HCP_LINK_ENABLED-flag/scarcely-precise-silkworm
resource-v1-1.18
resource-v1
backport/jjti/fix-hcp-client-logs/infinitely-decent-ibex
backport/jjti/fix-hcp-client-logs/visually-secure-spaniel
backport/jjti/fix-hcp-client-logs/happily-charmed-jawfish
backport/jjti/fix-hcp-client-logs/presently-free-roughy
backport/jjti/fix-hcp-export-logger/intensely-growing-horse
backport/jjti/fix-hcp-client-logs/commonly-desired-antelope
release/1.18.0-rc1
backport/dans/NET-6796/dns-v2-catalog-v2-ns-soa/mostly-real-ibex
eliminate-gotest.tools/v3
backport/jjti/fix-hcp-client-logs/evenly-clean-slug
backport/exported_services_cli_and_docs/rc1
backport/jm/no-parallel-dns-tests/ultimately-accurate-sponge
backport/jm/no-parallel-dns-tests/tightly-liberal-emu
backport/jm/no-parallel-dns-tests/sharply-true-tetra
backport/tauhid621_exported_services_docs_and_cli/specially-blessed-longhorn
backport/derekm/NET-7652/broadly-regular-firefly
backport/derekm/NET-7652/freely-peaceful-kit
backport/jm/no-parallel-dns-tests/willingly-adjusted-mallard
fixes/helper-text-config-entry-delete
backport/jm/endpoint-result/yearly-better-sunfish
backport/update-exported-services-compat-triggers/immensely-humble-labrador
backport/tauhid621_exported_services_docs_and_cli/normally-positive-lionfish
backport/kisunji/fix-permissive-envoy-ext/unduly-set-ram
NET-7376-consul-consul-k8s-Set-status-on-APIGateway-with-required-info-from-kubesig
backport/kisunji/fix-permissive-envoy-ext/lately-ideal-calf
hcp/expose-grpc-scada
xw/NET-5725-client-refactor
xw/NET-5725-grpc-cli-clean-up
NET-6469/add-custom-watch
ui/copy-link-mock-endpoint-to-prefixed-api
ui/fix-mock-api-endpoint
jm/gh-20360
ui/fix-tests-whoopsie
backport/krastin/vault-for-consul/factually-enough-buck
backport/krastin/vault-for-consul/clearly-main-molly
CC-7146/convert-consul-hcp-to-a-simpler-component-for-some-upcoming-changes
docs/refactor-discover-services-docs
backport/derekm/fix-cicd-docker-pull/steadily-evolved-kitten
backport/CC-7146/convert-consul-hcp-to-a-simpler-component-for-some-upcoming-changes/barely-trusting-yeti
loshz/NET-7225-peeringv2-proto-check
CC-7146/Sidebar-item-for-linking-status
local-mesh-gateway-pst
zalimeni/net-5586-support-virtual-port-xroute-dest
ron-test
traffic-permissions-cache
backport/tauhid621/exported_services_api_grpc/literally-cuddly-gecko
backport/troubleshoot-ports
docs/proposed-docs-overview-pages
release/1.17.2
release/1.15.9
NET-5090/implicit-destinations
release/1.16.5
backport/NET-3860/moderately-awake-grouse
update-version-1.17
net-6230-namespace-tp
resource-type-scope-gen
zalimeni/net-6597-upgrade-go-jose-go-oidc
fix-transparent-proxy
backport/docs/k8s-acl-fix/repeatedly-solid-cricket
NET-7014-consul-Look-up-mesh-gateway-controlling-workload-instead-of-assuming-its-identity
jm/v2-dns-v1-data-fetcher
mesh-gateway-broken-all-the-things
zalimeni/api-sdk-backwards-compat-go-version-detect
backport/jm/remove-tests-skipping/finally-romantic-anteater
backport/jm/remove-tests-skipping/typically-credible-bug
backport/jm/remove-tests-skipping/physically-enough-molly
release/1.13.x
release/1.12.x
backport/spatel/busl-2024/entirely-closing-dove
backport/spatel/busl-2024/correctly-picked-buffalo
backport/spatel/busl-2024/namely-saved-squid
backport/patch-1/arguably-special-marlin
zalimeni/use-consul-go-version-nomad-vault-int-suite
backport/zalimeni/use-go-version-file/marginally-modest-condor
backport/zalimeni/use-go-version-file/firmly-tops-chow
backport/zalimeni/use-go-version-file/sincerely-native-man
backport/krastin/vault-for-consul/noticeably-awaited-chamois
architecture-log
cc-7178-skip-flakey-test-in-navigation
ui/cc-7178-skip-flakey-test-in-navigation
backport/krastin/vault-for-consul/indirectly-mint-bison
zalimeni/check-go-max-procs
backport/jm/NET-7025/commonly-saved-glowworm
backport/jm/NET-7025/pleasantly-balanced-sole
jm/split-compatibility
backport/krastin/vault-for-consul/thankfully-big-condor
jm/NET-6941
backport/jm/NET-7025/implicitly-optimal-drum
backport/jm/NET-6944/clearly-winning-fly
backport/jm/NET-6944/subtly-adequate-gopher
backport/net-bind-service/evenly-sharp-hornet
mesh-gateway-all-the-things
backport/dyu/ubi/completely-neat-cobra
backport/dyu/ubi/optionally-content-bug
backport/dyu/ubi/ultimately-singular-leech
backport/dyu/ubi/carefully-funky-bonefish
zalimeni/tmp-show-least-request-prop-override-golden
backport/dyu/ubi/finally-growing-grub
backport/ui/CC-7062-get-back-metrics-test-with-updated-selector-upd/broadly-diverse-bear
ui/CC-7062-get-back-metrics-test-with-updated-selector-upd
tauhid621/exported_services_api
backport/add-ent-and-ce-frontend-test-runs-to-pr/painfully-outgoing-drum
backport/add-ent-and-ce-frontend-test-runs-to-pr/morally-sure-fowl
backport/add-ent-and-ce-frontend-test-runs-to-pr/similarly-new-sloth
backport/dyu/network-segments/loudly-tops-tadpole
zalimeni/enable-security-scans-release--test
backport/dyu/network-segments/specially-prepared-mammoth
backport/natemollica-nm-server-workload-telemetry-update/apparently-immune-oriole
backport/natemollica-nm-server-workload-telemetry-update/secondly-massive-kiwi
backport/natemollica-nm-server-workload-telemetry-update/hopelessly-modest-lark
kisunji/net-6230-namespace-trafperms
ui/CC-7062-get-back-metrics-test-with-updated-selector-for-draft
ui/CC-7062-get-back-metrics-test-with-updated-selector
docs/consul-ia-experiement-fdbk-1
release/1.17.1
release/1.16.4
release/1.15.8
backport/fix-role-linked-token-list/blindly-trusted-glowworm
fix/make-test-deployer
backport/docs/added-redirects-for-conf-entries-1.14.x
backport/docs/added-redirects-for-conf-entries-1.13.x
backport/docs/added-redirects-for-conf-entries
zalimeni/sanitize-slack-ci-failure-input--test
backport/releng/remove-duplicate-ubi/singularly-leading-finch
backport/docs/added-1.17-features-to-enterprise-overview
backport/releng/remove-duplicate-ubi/mainly-sterling-bulldog
backport/docs/flag-ent-features-1.17/marginally-stirred-crappie
backport/gateway-upstream-disambiguation-ce/strictly-pleasant-mule
backport/consul-collector-reduce-flush-intervals/externally-natural-pangolin
openapi
backport/NET-3860/namely-curious-iguana
backport/lorna/cc-6925/hcp-tls/monthly-correct-buck
extend-retry
backport/doc-v2-traffic-permission/jointly-top-ant
backport/jm/go-tests-notify-3/genuinely-pumped-glowworm
backport/jm/go-tests-notify-3/luckily-tough-platypus
backport/jm/go-tests-notify-3/allegedly-trusting-moose
lorna/cc-6925/1-15
nfi-poc-gotestdoc
zalimeni/skip-failure-notification-slack-on-cancel--test-skip-refactor
zalimeni/skip-failure-notification-slack-on-cancel--test-skip-latest
backport/lorna/cc-6925/hcp-tls/immensely-dear-grouper
backport/jm/go-tests-notify-3/nicely-electric-calf
dl-license
test-branch
derekm/NET-6565/release-1.15.3-wpac
config_replication_id
zalimeni/add-make-target-dependency-update-modules
backport/docs/fips-cluster-peering/repeatedly-evolved-stallion
backport/zalimeni/net-6725-fix-sidecarproxycontroller-flake/literally-on-raven
backport/zalimeni/net-6725-fix-sidecarproxycontroller-flake/primarily-logical-stingray
deepcopy-gatewaycontroller
dyu-license
backport/RELPLAT-980-license-file-updates/vertically-modern-dogfish
NET-6313/resource-list-poc
backport/kisunji/controller-test-fix/internally-artistic-buzzard
tauhid621/peer_exported_services_api
backport/ui/NET-438-add-ent-version-suffix/privately-inspired-escargot
backport/ui/NET-438-add-ent-version-suffix/actively-faithful-walleye
zalimeni/update-k8s-docs-1.17.x
kisunji/small
ui/temporary-remove-tests-which-fails-on-consul-enterprise
ui/temporary-remove-token-policy-test
backport/dhiaayachi/fix_panic_policy_delete/logically-amazed-crow
backport/dhiaayachi/fix_panic_policy_delete/publicly-pumped-tadpole
add-bind-type-policy
backport/consul-collector-reduce-flush-intervals/likely-loved-hog
ui/NET-438-add-ent-version-suffix
zalimeni/net-6600-remove-insecure-hash-use
backport/ci-remove-duplicate-test/actually-sensible-swine
NET-6416-meshgateway-acls
jm/go-tests-notify
spatel/gci-format-all-the-things
jm/go-tests-notify-2
NET-6453/skip-traffic-permission-test-on-M1
backport/docs/manage-traffic-link-fix/hardly-together-salmon
backport/sarahalsmiller-timeoutbehaviormutation/only-native-cow
backport/NET-5688-gwui-fixes/mentally-superb-prawn
backport/NET-5688-gwui-fixes/noticeably-easy-magpie
jm/split-tests
backport/integ-test-use-asserter/internally-cheerful-mullet
NET-6608
backport/jm/local-app-protocol-test/hardly-noble-aardvark
backport/nathancoleman-patch-1/ghastly-endless-lioness
backport/zalimeni/alemuro/3101-support-statefulset-pvc-retain--docs/logically-complete-krill
backport/ui/feature/make-global-read-only-policy-non-editable/instantly-hardy-chamois
backport/fix-home-link/wholly-regular-bengal
backport/rboyer/deployer-makefile/early-steady-sloth
ui/fix-home-link
jm/empty-endpoints
silent-ui-tests
backport/rboyer/fix-drift/singularly-glad-locust
release/1.17.0
nfi-cache-unit-test-results
jm/NET-6385-hack
jm/destination-tests-grpc
jm/resource-tests
controller-cache
build-darwin-ubuntu
jm/NET-5150
backport/docs/add-redirects-1.8-conf-entries/freely-grateful-camel
backport/docs/add-redirects-1.8-conf-entries/pleasantly-cunning-pig
backport/docs/add-redirects-1.8-conf-entries/illegally-driving-fawn
backport/docs/add-redirects-1.8-conf-entries/factually-relieved-flounder
backport/update-docs-for-splitting/primarily-smashing-halibut
robyer/deployer-l7-split-tests
NET-5889-absl
NET-6354
backport/docs/multi-port-v1-17-ga/hopelessly-premium-ostrich
release/1.16.3
release/1.15.7
release/1.14.11
net-5889/workloadhealth-tests
dans/that-time-dan-broke-consul
hack-cloudlink
backport/nathancoleman-patch-1/badly-pro-pug
net-6138/release/1.17.x
jm/agent-hack
jm/fix-jwt-auth-bug
jm/retry-on-connect-failure
debugging-jm/NET-6294-deepcopy
backport/docs/note-about-connect-service-upstream-env-var/lively-exciting-reptile
validate-decoded-helper
jm/NET-6294-NET-4944
backport/kisunji/ent-label-ratelimit/normally-casual-sparrow
debugging-jm/NET-6294
kisunji/ent-label-ratelimit
doc-clarify-version-format
jm/checking-changes-old
jm/move-code
ishustava/fix-agent-proxy-mgr-instantiation
backport/dhiaayachi/raft-wal-0.4.1/sadly-super-monarch
backport/jm/NET-6081/equally-complete-thrush
backport/net-4786/mesh-strict-dns/conversely-climbing-aphid
backport/jm/NET-5397/violently-choice-perch
backport/spatel/list-default-peername/endlessly-moral-krill
fix-controller-watch
backport/upgrade-to-node-18/rationally-fancy-flamingo
dhiaayachi/NET-5519-ns-bridge-2
backport/disable_envoy_check/mistakenly-mighty-glider
backport/disable_envoy_check/closely-liberal-monkfish
backport/kisunji/vault-ca-fixes/awfully-smooth-katydid
backport/kisunji/vault-ca-fixes/fully-electric-phoenix
NET-5327-consistency-docs
ui/NET-5414
backport/derekm/grpc-server-keepalive/gladly-popular-cod
backport/dyu/multi-port/greatly-musical-lab
backport/docs/multiport-hcp-update/seemingly-valid-jaybird
CC-6363/downgrade-node-for-v-1-point-15
CC-6363/downgrade-node-for-ci
backport/dyu/dns-port/typically-creative-hermit
mvincent/no-freelist-logging
backport/docs/initial-multiport-fixes/constantly-thorough-pheasant
CC-5545/upgrade-hds-packages
backport/RELPLAT-897-copywrite-bot-workarounds/likely-content-goshawk
ui/CC-6137
backport/nd/net-4931-l7/endlessly-intimate-reindeer
backport/ishustava/NET-5377-sidecar-proxy-ctrl-improvements/oddly-talented-sole
backport/ishustava/NET-3995-computed-proxy-config/slightly-cheerful-kangaroo
backport/ashwin/generate-proto-deep-copy-json-marshal/naturally-exotic-anemone
backport/dyu/dns-port/manually-light-ant
service-owner-ref
docs/release-1.17-reconcile-1
docs/1.17-docs-reconcile
backport/docs/1-17-release-notes/friendly-smiling-sailfish
docs/1-17-release-notes
add-new-golden-file-tests
backport/cthain/net-5807/vault-ca-namespace-config/miserably-factual-blowfish
jwt-multiple-virtual-hosts
backport/cthain/net-5807/vault-ca-namespace-config/heavily-rested-donkey
backport/dyu/gh-pr-workflow/definitely-relaxed-mollusk
backport/NET-4135/marginally-ultimate-sculpin
backport/NET-4135/fairly-stable-lamb
release/1.17.0-rc1
revert-19038-NET-5788-fix-ready-listeners-in-core
jm/NET-5822-test
ishustava/test-int-tests
hcp-link-config-skeleton
kisunji/1.14.x-docs-backport
backend-changes-doesnt-run-frontend-task-on-ci-test
changes-to-ui-folder-test
jm/NET-5590-xds-server
backport/docs/patch-release/constantly-teaching-giraffe
backport/fix-doc/physically-growing-doberman
v2-tproxy-container-tests
jm/NET-4931
resource-type-gen2
backport/jwt-warning-docs/completely-poetic-herring
backport/jwt-warning-docs/uniquely-organic-muskox
backport/test_skip_ci/widely-normal-platypus
backport/test_skip_ci/usually-glowing-fowl
backport/test_skip_ci/literally-cuddly-woodcock
test_ci_skip
v2-gateways-controller
stub-v2-gateways
backport/NET-5611_fix_trigger_ci/simply-relevant-foal
v2-gateways-api-proto
release/1.15.6
backport/docs/apigee-backports/deeply-active-jackal
release/1.16.2
backport/docs/note-about-connect-service-upstream-env-var/certainly-helped-horse
backport/docs/fix-k8s-crd-example-configs/naturally-capital-bobcat
release/1.14.10
docs/note-about-connect-service-upstream-env-var
backport/docs/fix-k8s-crd-example-configs/seriously-real-cricket
backport/NET-4519/annually-huge-filly
backport/NET-4519/deadly-precise-jawfish
backport/NET-4519/heavily-equal-spaniel
backport/docs/fix-broken-links-8-18/cleanly-wired-honeybee
18831-backport1.14.10
18831-backport1.16.2
18831-backport1.15.6
tagger-14
docs/rebackport-k8s-fed-req-failed-pick
update-api-version
backport/docs/k8s-federation-requirements/rapidly-resolved-doberman
revert-18796-docs/ext-authz-apigee
core-multiport-fixes
backport/catalog-deregistration-fix/grossly-lenient-treefrog
backport/catalog-deregistration-fix/optionally-blessed-cockatoo
derekm/xds-use-same-http-protocol-downstream-to-localapp
nfi-fix-go-test-check
backport/docs/ce-514-envoy-constraints/publicly-modern-sturgeon
jm/v2-examples
rebase-multiport-test-fixes
jm/explicit-based-l7
wire-up-traffic-permissions
backport/kisunji/fix-test/blatantly-prime-loon
backport/kisunji/fix-test/admittedly-valid-ray
backport/kisunji/fix-test/entirely-major-chigger
backport/kisunji/cleanup-resources/solely-moved-dodo
backport/kisunji/cleanup-resources/secondly-devoted-longhorn
backport/am-ak-patch-1/really-stirring-flounder
ishustava/NET-5580-bump-all-resource-versions
backport/16955-transfer-leader/safely-positive-bobcat
retry-timeout-e2e-test-NET-5208
stepbui1-patch-1
backport/kisunji/vault-ca-clean-unused-issuers/curiously-neat-tarpon
backport/kisunji/vault-ca-clean-unused-issuers/rapidly-smart-sunbird
backport/kisunji/vault-ca-clean-unused-issuers/hugely-eminent-monster
ishustava/multi-port-test-fixes
ishustava/v2-traffic-perms-ir-suggestions
update-node-version-to-14
backport/ui/feature/make-global-read-only-policy-non-editable/infinitely-related-hornet
backport/ui/feature/make-global-read-only-policy-non-editable/frequently-crack-mouse
fix-integ-machines
increase-maching-size
nfi-fix-test-integ-go-mod
v2-backend-ref-note
backport/spatel/emit-consul-version-periodically/kindly-close-wasp
oss-rename-trigger
jm/multi-port-integ
NET-5017-status-condition-fixes
NET-1643-66794-consul-version-in-prometheus-format-metrics-is-0
rboyer/golden-proto-json
NET-5084/TrafficPermission-WorkloadIdentity-protos
natemollica-nm-patch-2
jm/net-4941-leaf
natemollica-nm-patch-1
backport/jer/cc6039-policy-desc/adversely-sought-ladybird
backport/jer/cc6039-policy-desc/multiply-native-bird
backport/spatel/emit-consul-version-periodically/mentally-choice-bug
backport/NET-1521/conversely-romantic-dodo
v2-docstring-updates
vault-nomad-version-bump
backport/nfi-net5476-nightly-peering-integ/horribly-enough-piranha
backport-1.16-fix-snapshot-test
backport/dans/fix-snapshot-save-test/willingly-golden-leopard
backport/dans/fix-snapshot-save-test/vaguely-solid-sheepdog
backport/dans/fix-snapshot-save-test/partly-sweeping-mollusk
NET-1594-backport-1.15.x
NET-1594-backport-1.14.x
NET-1594-backport
fix-fips-build-amd
ui/copy-edits-for-built-in-policy-alert
ui/rm-intention-test-with-latency
spatel/fix-typo
johnlanda/trafficpermissionscontroller
backport/derekm/NET-4958/missing-endpoints/unlikely-positive-wildcat
NET-5147-plumbing
dhiaayachi/NET-4926-v1-ns-delete
backport/cc-4960/move-first-fetch-into-provider/informally-exciting-blowfish
backport/cc-4960/move-first-fetch-into-provider/rapidly-climbing-airedale
poc-cli-grpc
skpratt/workload-identity
jm/NET-4944-1
NET-581-Configure-Vault-namespaces-for-Connect-CA-via-Helm-Stanza
backport/cc-4960/move-first-fetch-into-provider/separately-nearby-seagull
backport/docs/fix-broken-links-8-18/conversely-gentle-swan
promtheus_consul_version
jjtimmons/backport-otel-freq-2
jjtimmons/backport-48c8a83
spatel/scope-required-in-registration
jm/delete-website
backport/jjtimmons/reduce-export-freq/hardly-generous-martin
backport/jjtimmons/reduce-export-freq/safely-frank-mudfish
backport/nightly-slack-notification/daily-rich-wren
backport/nightly-slack-notification/legally-smart-terrier
jm/NET-4944
backport/gha-concurrency/honestly-live-sailfish
backport/gha-concurrency/largely-gentle-crab
backport/gha-concurrency/mildly-great-unicorn
backport/gha-concurrency/finally-exciting-filly
backport/spatel/oss_to_ce/mentally-well-moccasin
backport/spatel/oss_to_ce/highly-moral-spider
NET-438/add-ent-version-suffix
ui/NET-438/add-ent-version-suffix
backport/fix_altdomain_dcname_overlap/loudly-definite-dingo
backport/docs/k8s-tgw-tutorial-role-id-fix/duly-known-shad
pglass/dump-aws-bearer-token
backport/docs/blake/fix-spelling-errors-aug23/partially-equal-haddock
backport/ui/bug/fix#18406/promptly-choice-goose
backport/ui/bug/fix#18406/roughly-credible-llama
backport/fix_altdomain_dcname_overlap/mistakenly-ready-hog
backport/fix_altdomain_dcname_overlap/thoroughly-daring-mule
backport/spatel/oss_to_ce/obviously-proud-fish
backport/docs/k8s-tgw-tutorial-role-id-fix/seemingly-social-chow
backport/zalimeni/net-5163-prioritize-by-locality-test/pleasantly-central-chow
backport/zalimeni/net-5163-prioritize-by-locality-test/primarily-harmless-marmoset
backport/zalimeni/net-5163-prioritize-by-locality-test/ultimately-related-drum
backport/zalimeni/net-5163-prioritize-by-locality-test/verbally-suited-aphid
backport/docs/k8s-tgw-tutorial-role-id-fix/severely-innocent-mosquito
gh-13491
gh-18096-fix-missing-ttl-value
ishustava/xds-server-v2
ishustava/sidecar-proxy-controller-tproxy
update-linux-package-license
sar-for-unit-tests
backport/compliance/license-changes/vigorously-holy-escargot
disable-flaky
backport/zalimeni/net-5217-derive-proxy-locality-from-parent-service-oss/absolutely-pumped-adder
docs-backport-fix-er
fix-flaky
rboyer/wrappedtypes
retry-flaky
release/1.14.9
release/1.15.5
backport/upgrade-testcontainer-version/pleasantly-moved-penguin
zalimeni/net-5189-fix-any-slice-handling-repeated-fields
backport/docs/add-rate-limit-ops-diagram/widely-alive-mallard
compliance/add-headers
zalimeni/try-go-workspace-submodules
release/1.16.1
backport/docs/k8s-federation-requirements/finally-lenient-cub
backport/docs/k8s-federation-requirements/friendly-prompt-jay
backport/integ-test-upgrade-test/truly-becoming-mule
backport/patch-1/tightly-endless-javelin
nfi-go-test-cache
nfi-split-lint-from-go-tests
backport/zalimeni/net-5146-bump-go-net_http-cve/externally-innocent-maggot
backport/ronald/fix-docs-typo/uniformly-teaching-martin
backport/NET-3860/uniformly-funny-pug
backport/cc-4960/hcp-telemetry-periodic-refresh/namely-joint-tarpon
backport/cc-4960/hcp-telemetry-periodic-refresh/quietly-splendid-leech
backport/mixed-service-topology/physically-large-griffon
backport/mixed-service-topology/accurately-nearby-falcon
ishustava/mesh-controller-upstream-proxy
jjtimmons/hcp-telemetry-periodic-refresh-start-up
backport/zalimeni/net-4904-bump-envoy-versions-docs/normally-endless-wren
backport/dyu/readme/globally-concise-oarfish
backport/docs/k8s-federation-requirements/surely-eminent-tomcat
poc-httpfilter
jer/ccm-read-only-squashed
wan-fed-v2
backport/docs/k8s-federation-requirements/constantly-vocal-cougar
jm/branch-filters
backport/gh-18152-members-filter-dc/firstly-ideal-maggot
backport/jer/ccm-read-only/lightly-worthy-sawfish
backport/jer/ccm-read-only/unlikely-glad-snapper
jm/fix-sw-qa
zalimeni/api-1.23.0-release
nvanthao/b-delete-config
backport/zalimeni/fix-submodule-versions-latest/thankfully-funny-colt
NET-4924_update_readme
release/1.11.x
markcv-upstreamConfig-update
backport/kisunji/NET-4766-vault-ca-bug-fix/inherently-harmless-louse
backport/kisunji/NET-4766-vault-ca-bug-fix/secondly-first-mullet
poc-alpn-glow
commontopo-better
nd/spike-proxy-state-controller
backport/kisunji/NET-4766-vault-ca-bug-fix/really-leading-tick
jm/go-testcontainers
go-action-cache
backport/docs/lkysow/prepare-dataplane-upgrade/deeply-joint-herring
backport/patch-1/briefly-merry-mantis
ishustava/authz-types
nvanthao/b-snapshot-recovery
hackathon/consul-common-errors
gotest-remote-cache
gotest-remote-cache-2
ui/ariadne/ui-changes
backport/dyu/jobs-pr-feedback/presumably-composed-wildcat
dyu/1.15-docs
ariadne/hack/backend
preetha/NET-1322
backport/dyu/jobs-pr-feedback/mildly-immune-hyena
ui/ariadne-core-ui
config-issue-616
docs/cts-zscaler-partner-guide
boxofrad/extract-type-registration
backport/patch-1/likely-next-halibut
oss-merge-pr-branch
backport/issue-17886-expose-certs/definitely-wise-sturgeon
add-peering-commontopo-tests-ci-fiddling
testingconsul-clean-up
backport/docs/config-enable-debug/conversely-positive-goblin
backport/docs/config-enable-debug/endlessly-probable-manatee
backport/docs/config-enable-debug/broadly-loving-tomcat
backport/docs/config-enable-debug/willingly-master-sloth
jm/NET-4739
update-upgrade-test-image
jm/verify-linux-fix
spatel/NET-3409-automate-goimports-on-commit-using-precommit
spatel/throwaway-gci-results-2
spatel/throwaway
spatel/throwaway-reviser-results
spatel/throwaway-gci-results
backup-windows-integration-27th-june
release/1.14.8
release/1.15.4
release/1.16.0
release/1.13.9
jm/preflight
NET-4277
windows-integration-test-envoy
code-organization
boxofrad/resource-service-client
debug-1.16-api
backport/gh-17320-update-metrics-doc/probably-promoted-lynx
backport/fix-error-msg-fmt/normally-allowed-redbird
f-reloadable-configuration-enable-debug-backup
ishustava/spike-controller-leaf-cert-watch
NET-4277-tests
backport/asheshvidyut/NET-3865/gratefully-apt-haddock
NET-4558-Address-comments-for-PR-https-github.com-hashicorp-consul-pull-15235
aahel
fix-leaf-panic
jm/acc-tests
revert-17760-backport/docs/lkysow-upgrade/scarcely-master-adder
backport/docs/jwt-auth-fixes/poorly-suited-pelican
rboyer/spike-agent-cache-watch--fork
ishustava/spike-agent-cache-watch
ishustava/spike-proxy-cfg-src-v2
docs/fix-release-notes-links
backport/docs/api-gw-k8s-add-upgrade-step-1.16/fully-suited-cattle
jm/NET-4237
boxofrad/spike-version-translation
backport/brk.chore/remove-link-format-check/promptly-aware-garfish
release/1.16.0-rc1
ui/feature/use-cut-list-item-for-services
dans/NET-3917/initial-fetch-timeout-permafix
boxofrad/spike-server-resource
release/1.15.3
backport/zalimeni/net-3900-fix-tproxy-extension-panic/slowly-blessed-moray
backport/NET-3893/container-logs/intensely-nice-boar
backport/NET-3893/container-logs/obviously-primary-sawfly
jm/ip-rate-limit-api
backport/CI-upload-upgrade-test-to-datadog/incredibly-helping-pig
jjtimmons/increase-buckets
boxofrad/spike-resource-http
backport/feature/hcp-telemetry/personally-central-caribou
zalimeni/net-3447-reintroduce-new-extension-resources
test/jjtimmons/hcp-telemetry
backport/docs/common-errors/amazingly-golden-pony
migrate-tests-to-use-slack-actions
remove-to-ingress
spatel/better-testlist-main
backport/f/metrics-collector-rename/achooo
release/1.14.7
release/1.13.8
backport/f/metrics-collector-rename/highly-clean-elf
docs/fix-broken-links-1
backport/fix-submat-view-bug/physically-stirring-zebra
backport/dans/NET-3917/default-0s-initial_fetch_timeout/fairly-fluent-drake
backport/jer/cloud-docs/briefly-adequate-filly
NET-3914-gha-upgrade-test-single-runner
NET-3914-gha-run-compat-tests-single-runner
backport/jer/cloud-docs/gratefully-stunning-frog
kisunji/subloggers
jm/test-splitting
NET-3914-gha-change-upgrade-test-small-runner-no-splitting
backport/NET-3914-fix-container-test-slow-image-build/sharply-game-mastiff
NET-3914-gha-change-upgrade-test-small-runner
backport/hans/add_new_field_to_bootstrap_config_and_push_state/primarily-sweeping-tapir
backport/hans/add_new_field_to_bootstrap_config_and_push_state/sadly-eminent-man
NET-3914-gha-resolve-the-issue-of-running-multiple-docker-container
jm/rmv-compat
jm/remove-compat-test-splitting
malizz/update-proto-imports-in-1.14.x
backport/ent-port-upgrade-tests-flatten/early-precious-treefrog
backport/kisunji/fix-flakes/formally-giving-goldfish
backport/derekm/NET-3881/health-call-loop-entfix/possibly-safe-swan
NET-2063-Implementation-API-GW-Use-XDS-primitives-instead-of-Ingress-GW-primitives
backport/derekm/NET-3881/health-call-loop/trivially-dashing-ox
backport/revert-17166-jm/remove-compat-test-splitting/reliably-lenient-roughy
backport/cc-4929-cap-socket-path/horribly-sunny-airedale
eikenb/vault-integration-testing
docs/er-404-inline-checker
backport/jm/remove-compat-test-splitting/rationally-wondrous-krill
backport/jm/remove-compat-test-splitting/honestly-outgoing-calf
backport/derekm/NET-3007/fix-peer-stream-cleanup/friendly-caring-krill
backport/jm/NET-3692/strangely-solid-owl
backport/upgrade-test-targetImage/enormously-endless-bluegill
backport/upgrade-test-targetImage/generally-guiding-horse
docs/clarify-cross-partition-mgw-export-requirement
clarify-connect-language-in-cli-help-text
backport/docs/clarify-connect-language-2/humbly-native-spaniel
backport/cc-4716-link-existing-clusters/hopelessly-full-koi
boxofrad/backend-list-by-owner
spatel/sandbox
docs/redirect-dns-docs
upgrade-test-remove-docker-login
cc-4931/nick-refactor
backport/cc-4716-link-existing-clusters/slightly-on-wren
jm/0427
jm/same-docker-compose
jm/gh-call
backport/spatel/NET-1646-add-max-ejection-percent/rarely-working-guinea
im2nguyen-patch-1
backport/docs/admin-partitions-node-scope/forcibly-bursting-kid
backport/cc-4519-collect-node-id/brightly-sharp-akita
backport/cc-4519-collect-node-id/suitably-funky-warthog
backport/docs/address-multicluster-singledc-docs/hopefully-set-mallard
kisunji/NET-2590-default-intention-policy
eikenb/matrix-integration-testing
derekm/improve-vip-lookups
jm/gha-recreation
backport/jm96441n/normalize-status-conditions/implicitly-mighty-racer
backport/loshz-patch-1/friendly-touched-killdeer
backport/raft-1.5.0-pipeline-fix/extremely-eager-chamois
backport/cp_NET-3684/mentally-fit-squirrel
docs/api-catalog-register-snake_case
no-op-ron-lint
kisunji/lintest
backport/jm/rmv-test-integrations/probably-topical-shrimp
nfi-api-client-nop-write
jm/gtsm
backport/jm/test-integrations/clearly-curious-liger
updategolangx
jm/hack-int2
backport/NET-3474/start-reporting-agent/slowly-inviting-whippet
jm/ul
test-gh-fix
sarah-test-docker-cpus
nfi-poc-unit-and-upgrade-type
nfi-poc-unit-and-upgrade
stub-api-gateway-xds
xds-native-primitives-poc
jm/hack-int
test-no-concurrency-full
test-no-concurrency
nfi-gha-fiddling
anita-upgrade-fix
NET-2029-Normalize-status-for-new-config-entry-types
hk/jm/test-integrations-fix-upgrade-test
backport/NET-3476/add-reporting-config/quickly-talented-wildcat
hk/jm/test-integrations-fix-compatibility-test
jm/test-integrations-hui-test-integ
boxofrad/controller-api-spike
jm96441n/manual-backport-dupe-parents
backport/jm/ba/sadly-tolerant-wombat
backport/jm/ba/usually-promoted-tapir
jm/success
jm/break-branch-protection
docs/vault-secrets-backend-limitations
404-checker-update
backport/jm/macos-arm64/actively-improved-dinosaur
backport/jm/deep-copy-lint-enums/gladly-fine-pegasus
backport/peering/re-establish-terminated/immensely-active-beetle
ci/main-assetfs-build
release/1.15.2
release/1.14.6
backport/jm/3372/freely-singular-dingo
backport/jm/3372/freely-intimate-gannet
acl/wait-for-token-replication-to-use-token
jer/merge-ccm-bootstrap-config
jm/3372-2
docs/intentions-refactor-docs-day-2022
spatel/pre-commit
jm/NET-3372
jm/test-split
GH-migration-add-oss-ent-builder-logic
backport/nathancoleman-patch-1/distinctly-growing-parakeet
docs/update-config-entry-ref-component
jm/NET-3394
backport/loshz/NET-3029-fix/radically-relaxing-robin
backport/loshz/NET-3029-fix/constantly-romantic-fox
backport/docs/wal-fix/certainly-romantic-parrot
docs/fix-broken-links
backport/remove-unused-are-hosts-set-check/loudly-sweet-dingo
jm/snap-restore
docs/update-content-cluster-peering
origin/markcv/update-envoy-version-doc
jm/ent-dev-migration
backport/add-query-for-namespace-lookup-when-creating-services
backport-squashing-fix-for-namespaces
NET-3059/acl-agent-api
backport/update-e2e-tests-for-namespaces/wholly-daring-porpoise
jm/snapshot-restore-tests
backport/docs_discovery_typo/jointly-happy-crane
ui/feature/ember-update-3.28.6
backport/cc-4361/hcp-metrics-bootstrap-config/manually-composed-snail
banks-patch-1
add-partitions-to-e2e-gateway-tests
backport/improve_ci_run_time/miserably-glowing-boa
backport/fix-changelog-check/blindly-pumped-shrimp
hans/ccm-playground
improve_ci_run_time
release/1.15.1
release/1.13.7
release/1.14.5
backport/fix_docs_conflict_leftovers/highly-sweet-whale
backport/NET-2292-upgrade-port-http/initially-innocent-dodo
api-gateway-ui
docs/sentence-case-titles
backport/dans/NET-1757/access-logs-docs/only-definite-polecat
backport/more-xds-races-and-panics/visually-tidy-crow
ui/chore/upgrade-ember-3-28
release/1.15.0
backport/brk.fix/update-links-for-developer/reasonably-choice-vulture
backport/patch-1/actually-sharing-chigger
backport/patch-1/easily-cheerful-dingo
backport/patch-1/socially-better-stork
backport/patch-1/verbally-glad-killdeer
wal-docs
spatel/NET-1847-repro
backport/kisunji/fix-flakes/honestly-bright-dove
backport/kisunji/fix-flakes/firstly-desired-dove
locality-aware-routing
stable-website
backport/operator-usage-docs/definitely-curious-gecko
envoy-ext-local-ratelimit-fix
temp-branch
dyu/dockerfile
troubleshoot/changelog
x/wal
eikenb/cloudfoundry-vault-provider-auth
NET-1723/append-rules
api-gateway-sds-fixes
releng-329
proxycfg/init-local-gateways-map
gateways/typed-status-regen
backport/patch-1/severely-ruling-mouse
backport/patch-1/legally-massive-flounder
gateway-listener-binding-bugfix
backport/envoy-bootstrap-log-fix/infinitely-communal-midge
errors/acl-agent-token-not-set
checkpoint_telemetry_poc
bug-service-defaults-override-by-proxy-defaults
jm-plug
jm-plug-git
api-gateway-all-controllers
routes-controller
jm-plug-http
docs/jeff-sandbox
backport/envoy-bootstrap-logging/enormously-outgoing-martin
jm/plug
NET-2088-upgrade-test-ingress-gateway
spatel/post-release-fixups
backport/licensing-exp-v2-docs/optionally-allowed-whippet
backport/docs/scale-typo/mostly-verified-werewolf
backport/docs/scale-typo/early-set-drum
backport/docs/page-descs-for-CLI/implicitly-precious-calf
backport/docs/page-descs-for-CLI/early-ample-basilisk
backport/danielehc-fix-filter-links/cleanly-humble-mole
backport/danielehc-fix-filter-links/vaguely-welcome-jawfish
release/1.12.9
release/1.13.6
release/1.14.4
test-prepare
backport/docs/nrichu-hcp-doc-patch/jolly-poetic-rat
errors/acl-not-found-bootstrap-not-exist
backport/docs/amb.migrate-link-formats/adversely-helping-troll
backport/docs/amb.migrate-link-formats/jointly-renewed-dolphin
backport/docs/amb.migrate-link-formats/thoroughly-obliging-trout
backport/docs/amb.migrate-link-formats/truly-supreme-hagfish
backport/docs/amb.migrate-link-formats/usually-sweeping-panda
luoxuan00733-patch-1
backport/ashwin/use-prxoy-health-docs/uniformly-new-cattle
b/scada-retry-disconnect
container-test-speedup
docs/rework-service-splitter-ref-docs
docs/rework-service-splitter-ref-docs-no-objects
docs/consul-k8s-upgrade
backport/ashwin/envoy-readiness/cleanly-supreme-poodle
backport/ashwin/envoy-readiness/visually-warm-sunfish
dans/fic-https-basic-test
backport/patch-1/noticeably-desired-seal
NET-1728/remove-docs-with-token-param
backport/docs/fix-bad-links-service-defaults-ref/evenly-causal-buzzard
backport/docs/fix-bad-links-service-defaults-ref/supposedly-selected-arachnid
backport/docs/fix-bad-links-service-defaults-ref/hardly-related-llama
skpratt/acl-error-debug
experiment/raft-grpc
NET-1805-upgrade-test-grpc
RELENG-305
docs/krastin/connect-serviceintentions-fixlinks
skpratt/acl-controller-test
fix-failing-linting-test
hcp-LastContact
remove-legacy-acl-vestiges
docs/peer-in-dns-lookups
NET-1805-cleanup-test-container-lib-basic-topology-single-dc
NET-1530-set-envoy-ext-rate-limit-plugin
backport/docs/update-consul-k8s-nginx-ingress-controller-example/sadly-inviting-pika
fix-protobuf-generation
backport/set-product-version/enormously-glad-titmouse
backport/set-product-version/instantly-direct-kitten
backport/set-product-version/infinitely-awaited-halibut
remove-legacy-acl-endpoints-cli
jm/hack
backport/update-apigw-version/commonly-noted-vervet
backport/update-apigw-version/annually-renewing-whippet
backport/docs/peering-api-update/amazingly-chief-mosquito
backport/patch-1/formally-happy-dane
sp/better-make-help
docs/k8s-0-49-helm-docs
vault-compatability-consul-pki-token
backport/vault-compatability-consul-pki-token/terribly-grand-tetra
backport/vault-compatability-consul-pki-token/usefully-ethical-kiwi
backport/vault-compatability-consul-pki-token/incredibly-discrete-lamprey
backport/vault-compatability-consul-pki-token/arguably-cool-silkworm
backport/vault-compatability-consul-pki-token/lightly-arriving-cattle
dans/fix-compat-test-access-logs
release/1.14.3
release/1.13.5
release/1.12.8
ingress-gw-tracing-config
a10-thunder-adc
cts-pan-ngfw
jm/mock-handler
malizz/NET-1663/fix-bug
jm/mock-handler-2
windows-preview
fix-flaky-peerstream-test
backport/docs/enterprise-feature-table/recently-upright-lemur
backport/docs/admin-partitions-link-k8s/trivially-excited-jaybird
update-go-1.18.9-rboyer
update-golang-x-libs
dans/make-peer-name-uniform
backport/docs/clarify-vault-ca-provider-permissions-needed/optionally-hardy-emu
mktg-tf-b183f7b50da4e35426c936006092c7b3
server-rate-limit/multilimiter-lock
eculver/verifications
release/1.14.2
release/1.13.4
release/1.12.7
kisunji/NET-1396-token-self-expanded
backport/ishustava/1.14-agentless-docs-updates/internally-star-beetle
server-rate-limit/mock-handler-2
backport/fix-gRPC-limit-peering/especially-premium-asp
NET-685-rate-limiting-to-registering-imported-services
test-go-build-cache
release/1.14.1
backport/docs/cluster-peering-parameter-fixes/yearly-flowing-arachnid
add-downstream-service-meta
backport/docs/k8s-1-14-releasenotes/widely-organic-wahoo
jm/multilimiter-memdb
docs/update-loglevel-trace
backport/docs/admin-partitions-114-update/correctly-enough-shad
backport/docs/dyu-compat-matrix/positively-funky-dory
backport/patch-1/correctly-cheerful-anchovy
docs/fix-broken-markdown-link
backport/david-yu-ubi/curiously-cunning-meerkat
backport/david-yu-ubi/publicly-loving-bluejay
backport/david-yu-ubi/secretly-balanced-rodent
nd/update-compat
release/1.14.0
backport/broken_links/evidently-improved-starfish
backport/broken_links/lately-faithful-falcon
backport/broken_links/regularly-living-monitor
backport/import-filter-v2
backport/import-filter
eculver/enable-arm-verifications
dans/skaffold-experiment
boxofrad/better-vault-error-logging
xds/cds-ack
backport/fix-unremoved-service-mesh-gateway/primarily-growing-wren
backport/kisunji/update-hcp-scada-provider/socially-wise-silkworm
backport/proxy-register-port-race-2/deeply-warm-man
backport/proxy-register-port-race-2/hugely-whole-hippo
cluster-peering-partitions
consul-vs-comp
backport/fix-issuer-growing-list-maybe-from-vault/barely-still-aardvark
backport/fix-issuer-growing-list-maybe-from-vault/blindly-adequate-bluebird
backport/fix-issuer-growing-list-maybe-from-vault/uniquely-master-falcon
origin/markcv/CSEP-157/duplicate-sidecar-port-validation
backport/fix-integ-flakiness/accurately-cunning-cardinal
backport/fix-integ-flakiness/precisely-simple-quagga
dependabot/go_modules/github.com/aws/aws-sdk-go-1.44.128
dans/NET-1154/persist-ca-updates-in-peering
nd/bring-back-peering-ext-addr
backport/nathancoleman-patch-1/instantly-premium-sturgeon
skpratt/test-coverage-report-ci
backport/raft-fix-nonvoter/evenly-pro-cod
skpratt/temp-debug
backport/docs/auto-cert-1-13-2/constantly-above-turtle
backport/docs/mgw-primary-upgrade/poorly-sincere-rattler
backport/docs/1-10-upgrade-compatibility-clarification/distinctly-relaxing-snail
backport/docs/1-10-upgrade-compatibility-clarification/gradually-united-polecat
docs/fix-ent-dns-service-lookup-link
backport/main/strangely-tops-wombat
release/1.13.3
release/1.12.6
release/1.11.11
backport/chore-fix-module-name/fully-giving-hagfish
backport/update-ent-license-link/exactly-bold-hyena
docs/auto-cert
kisunji/fix-golden
lkysow/service-not-exist
fix-agent-cache-leak-3
docs/misc-fixes
eculver/stable-website/latest-envoy-support
remove-deprecated-peering-fields
backport/docs/new-vault-connect-ca-permissions-needed/miserably-fun-drum
backport/docs/new-vault-connect-ca-permissions-needed/happily-knowing-sponge
backport/nathancoleman-patch-1/lightly-intimate-labrador
backport/docs/invoke-services-from-lambda/vigorously-generous-treefrog
backport/docs/invoke-services-from-lambda/severely-useful-katydid
backport/fix-flaky-integ-test-ingress/preferably-feasible-rattler
backport/fix-flaky-integ-test-ingress/noticeably-unified-dane
backport/fix-flaky-integ-test-ingress/commonly-strong-cow
release/1.14.0-beta1
backport/docs/clarify-license-behavior-on-restart/morally-ready-monkey
backport/malizz-validate-name-on-dlt-proxy-defaults/seriously-eager-werewolf
ui/chore/upgrade-327
backport/docs_update_helm_docs_vault_synccatalog/fairly-saved-filly
backport/docs/capigw-typos-usage/socially-needed-dodo
backport/krastin/website/telemetry-labels/duly-firm-toucan
gh-maxconnections-ingress-gateway
release/1.13.2
backport/patch-1/primarily-infinite-asp
release/1.11.10
release/1.11.9
release/1.12.5
backport/docs/fix-api-landing-page-typos/curiously-eminent-quail
backport/docs/fox-peering-metrics-labels-table/quietly-ready-louse
backport/docs/fox-peering-metrics-labels-table/conversely-capital-yak
backport/docs/fix-node-lookup-by-removing-tag/moderately-brave-barnacle
fix-peering-2-partitions
docs/update-faq-header
backport/docs/search-metadata-headers/supposedly-eternal-ox
grpc-tls-compat
backport/docs/what-is-consul-devdot-update/mutually-pleasing-insect
propogate-request-time-downstream
backport/dev-portal/largely-exact-worm
docs/api-overview-devdot
mathew.estafanous/dev
docs/update-storage-class-ref-arch
backport/docs/use_values_yaml_everywhere/clearly-frank-bonefish
backport/docs/use_values_yaml_everywhere/broadly-pro-possum
NET-801-add-internal-endpoint-to-return-peer-stream-health-from-peerstream-tracker
use_values_yaml_instead_of_config_yaml
backport/docs/capigw-tech-spec-update/explicitly-renewing-badger
backport/docs/capigw-tech-spec-update/formerly-awaited-elf
api-gw-docs-broken-link
NET-818-server-cert
ui/feature/has-peerings-class
backport/krastin/docs/improve-license/mostly-polite-turtle
NET-800-add-internal-endpoint-to-return-all-exported-services-to-a-given-peer
ui/bugfix/notfound-t
dns-srv-separate-tag-from-protocol
backport/gh-14341-txn-struct/randomly-noted-piglet
add-linter-net-rpc-r2
ui/scratch/ci-stuff
lkysow/windows-tests
backport/peering/term-delete/thoroughly-tough-snipe
replace-learn-links
remove-references-to-consul-connect
backport/docs/crossref-maint-mode-from-health-checks/explicitly-renewed-owl
release/1.10.x
consul-docs-ia-redesign-v2
eculver/oss-ent/new-params
backport/fix-merge-config-entry/badly-eternal-bonefish
backport/fix-merge-config-entry/carefully-open-stingray
backport/ashwin/cluster-peering-helm-docs/curiously-legible-drum
max-jitter
backport/dev-portal/thoroughly-enabling-kid
backport/eculver/update-nomad-integ-tests/nicely-fresh-bullfrog
backport/eculver/update-nomad-integ-tests/needlessly-saved-collie
kisunji/kv-docs-fix
backport/api-gateway-install-redirrects/wholly-one-sunbird
RELTOOL-20
kisunji-patch-1
release/1.13.1
kisunji/peering-bugfix-changelog
ignore-exported-prefix-on-cluster-metrics
boruszak/docs-stable-merge
release/1.12.4
release/1.11.8
backport/ashwin/recreate-token-docs/virtually-new-koi
catalog-service-list-filter
leadership-transfer-cmd
ui/node-engine
backport/kisunji/nomad-docs/weekly-hip-starling
backport/kisunji/nomad-docs/hugely-concise-crawdad
release/1.13.0
backport/consul-er-add-service-discovery-seo-doc/notably-social-koala
backport/kisunji/peering-tproxy-docs/truly-dominant-sawfly
kisunji/1.13.x-docs-cherrypick
docs/cluster-peering-beta
consul-docs-ia-redesign
backport/1.13.x/api-gw-docs
sa-restructure-documentation
fix-deregister-url-service-id
shutdown-test-agents
terminating-gateway-service
backport/nia/docs-0.7.0/rarely-dear-finch
terminating-gateway-service-base
backport/jkirschner-hashicorp-patch-1/reasonably-devoted-pheasant
ishustava/dns-proxy-poc
backport/ashwin/peer-count-metric/greatly-many-chimp
acpana/nonuser-peering-reg-3
backport/docs/remove-comparisons-from-ref-docs/definitely-direct-hyena
docs/cli-characteristics-and-crossref
test-linter
docs/clarify-network-area-mesh-gw-compatibility
backport/partition-cli-acl-info-and-api-crossref/hopefully-able-urchin
backport/david-yu-agent-latency-requirements/severely-ready-raccoon
backport/nicoleta-k8s-annotations/shortly-rested-duckling
backport/docs/deemphasize-token-query-param/reasonably-amusing-impala
backport/jkirschner-hashicorp-patch-3/seriously-living-squirrel
ui/scratch/empty-w-route
ui/scratch/empty
backport/docs/single-dc-multi-k8s/weekly-humorous-cricket
acpana/clean-peer-2
dstough/CSLC-130-restrict-terminating-gateway-access-to-tls
backport/jm/vault-docs-redesign/indirectly-logical-monitor
backport/support-fossa-scanning/externally-darling-dane
backport/support-fossa-scanning/actually-nearby-bream
backport/support-fossa-scanning/allegedly-fleet-donkey
backport/support-fossa-scanning/separately-exact-marlin
doc-fix-missing-fed-methods
release/1.12.3
release/1.10.12
release/1.11.7
backport/tgate-http2-upstream/merely-civil-mouse
backport/dns-parititon-docs/certainly-real-vulture
docs/cluster-peering-updates
backport/docs/fix-consul-ecs-tf-path/cleanly-happy-newt
docs-cluster-peering-technical-preview
backport/docs/correct-1.10.x-upgrade-path/hardly-ultimate-leopard
acpana/peering-imported-counter
more-lambda-docs-tweaks
acpana/no-19-metrics
backport/eculver/fix-pkg-name/firmly-holy-sole
backport/eculver/fix-pkg-name/mainly-modern-elk
CSLC-91-egress-connect-proxy-2
CSLC-91-egress-connect-proxy
eculver/missing-docs-changes
backport/david-yu-patch-2/nominally-viable-squirrel
backport/david-yu-patch-2/correctly-eternal-hamster
catalog_node_watch_fix
backport/david-yu-docs-cluster-peering/poorly-flying-leopard
david-yu-cluster-peering-docs-1-12
dyu-cluster-peering-fix-1-12
kisunji/temp
backport/docs/capigw-0.3/carefully-sharp-rattler
backport/docs/capigw-0.3/correctly-peaceful-muskrat
peering-upstream-annotation
release/1.13.0-alpha2
backport/david-yu-log-level-error/lightly-polite-porpoise
backport/david-yu-log-level-error/quickly-helping-ghoul
eculver/1.13.0-alpha1-changelog
backport/correct-redhat-tags/humbly-central-cricket
backport/correct-redhat-tags/promptly-intense-dodo
backport/correct-redhat-tags/sadly-deep-tiger
kisunji/serveraddrs-generate-token-req
release/1.13.0-alpha1
release/1.13.0-techpreview1
dstough/acl-for-destinations
fix-lambda-docs-spacing-bug
lambda-beta-docs
backport/dstough/fix-metrics-false-positive/ghastly-up-mole
backport/dstough/fix-metrics-false-positive/implicitly-integral-leech
backport/ui/feature/hcp/absolutely-mighty-mastiff
jkirschner-hashicorp-patch-2
backport/ma/vault-namespace-intermediate-provider-v2/positively-unified-aardvark
eculver/1.12.x/latest-changelog
ui/feature/fault-tolerance-link
release/1.12.2
CSLC-103-egress-gtwy-cert-tgtwy
fix_k8s_helm_docs_june
dstough/test-endpoint-service-query
backport/gh-13169-show-leader-metrics/fairly-worthy-redbird
backport/gh-13169-show-leader-metrics/formally-pleasing-pigeon
backport/gh-13169-show-leader-metrics/inherently-wealthy-lab
backport/gh-13169-show-leader-metrics/legally-winning-joey
backport/update_docs_multicluster_k8s/admittedly-decent-grubworm
backport/update_docs_multicluster_k8s/hideously-epic-tiger
kisunji/1.12.x-revert-pathescape
backport/dstough/add-noop-jobs-for-branch-protect/wildly-tight-ladybird
backport/dstough/add-noop-jobs-for-branch-protect/formerly-moving-monkey
backport/dstough/add-noop-jobs-for-branch-protect/uniformly-ideal-stallion
oss-merge-v2
backport/dstough/GH-12628-multiple-https-ingress-services/distinctly-charming-stork
backport/dstough/GH-12628-multiple-https-ingress-services/yearly-accepted-pipefish
lambda-docs
release/1.12.1
release/1.11.6
release/1.10.11
ui/scratch/side-app-example
fix-entpoint-get-500
fix-cherry-pick
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/reliably-dear-hen
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/partly-liberal-bluegill
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/merely-optimum-wahoo
CTIA-8-verify-builds-v2
backport/ui/bugfix/icon-tweaks/wrongly-quick-sunbird
backport/jm/0.44.0/wholly-saving-flea
backport/upstream-oss-merge/briefly-guided-quagga
dstough/GH-11250-system-ca-for-tgateways
backport/dev-image-publishing/willingly-literate-stag
kisunji/grpc-native-balancer
kisunji/merge-stable-website
backport/docs-nomad-ent/scarcely-thorough-anteater
backport/docs-nomad-ent/only-touched-mutt
backport/docs-nomad-ent/cheaply-guiding-sloth
release/1.9.x
david-yu-admin-partitions
kisunji/catalog-service-list-filter
ua-test/conflict-1
release/1.12.0
backport/nia/beta-docs-0.6.0/actively-tidy-mantis
backport/nia/beta-docs-0.6.0/evenly-humble-ray
backport/consul-k8s-docs-typo/firstly-present-hawk
backport/consul-k8s-docs-typo/largely-liked-badger
david-yu-edit-pr
backport/david-yu-enterprise-image/noticeably-brave-man
backport/david-yu-enterprise-image/wholly-welcome-platypus
vanphan24-patch-1
backport/docs/remove-empty-codeblockconfig-elements/severely-merry-newt
backport/docs/remove-empty-codeblockconfig-elements/daily-viable-oryx
backport/david-yu-admin-partitions/gradually-open-octopus
backport/david-yu-admin-partitions/deeply-fair-quagga
backport/david-yu-admin-partitions/eminently-awaited-porpoise
backport/david-yu-admin-partitions/typically-fast-shark
backport/david-yu-admin-partitions/jointly-ready-mole
docs-day
backport/docs/update-acl-docs/locally-happy-wasp
backport/docs/update-acl-docs/publicly-up-pony
docs/cli-breakout-positional-args
backport/docs/uri-decode-resource-names-for-http-api/early-neat-pipefish
backport/docs/uri-decode-resource-names-for-http-api/fairly-busy-mouse
backport/docs/consistency-mode-improvements/annually-united-iguana
backport/docs/consistency-mode-improvements/willingly-sterling-bluegill
backport/docs/consistency-mode-improvements/slowly-mint-bull
backport/docs/consistency-mode-improvements/implicitly-smart-jaguar
backport/docs/consistency-mode-improvements/mildly-wanted-slug
backport/docs/consistency-mode-improvements/nationally-key-swan
backport/david-yu-admin-partitions/officially-charming-orca
backport/david-yu-k8s-install-helm/trivially-intimate-aardvark
backport/david-yu-k8s-install-helm/normally-cool-fish
backport/david-yu-k8s-install-helm/notably-thorough-crow
backport/docs/redirect-acl-system-page/rapidly-awaited-bluegill
backport/docs/redirect-acl-system-page/similarly-smiling-kodiak
backport/docs/clarify-snapshot-restore-version-restriction/blindly-sure-buffalo
backport/docs/clarify-snapshot-restore-version-restriction/firstly-endless-eagle
dstough/gateway-linked-endpoint
backport/patch-1/humbly-helpful-poodle
backport/patch-1/loudly-up-hippo
backport/ma/x-forwarded-client-cert-docs-fix/extremely-definite-shark
backport/ma/x-forwarded-client-cert-docs-fix/repeatedly-fluent-filly
kisunji/replace-registry-pattern
retry-join-timeout
backport/docs/restore-missing-config-content/curiously-evolving-snail
backport/add-release-config-key/gradually-wanted-trout
backport/add-release-config-key/lightly-sterling-mongrel
backport/add-release-config-key/mentally-equal-wallaby
ui/bugfix/spelling
ma/vault-namespace-intermediate-provider
FFMMM-patch-1
backport/docs/restore-missing-config-content/eminently-definite-tick
lkysow/consul-plugin-exec
add-peering-changes
debug-sdk
japple/cherry-pick-1.11.x-release-notes
japple-rel-notes-reorg
kisunji/approval-button
jm-client-timeout
add-linter-net-rpc-2-test
ma/backport-stable-website
kisunji/merge-test
kisunji/temp-rpc-deadline
udp-check
jm/client-timeout-2
jm/client-timeout
dyu-relnotes
eculver/verify-release-artifacts
rboyer/add-linter-net-rpc
grpc-envoy-bootstrap-params-oss-test
consistent-error-handling
fix-syslog
eculver/envoy-1.21.1
release/1.9.17
release/1.10.10
release/1.11.5
jm/hcp-vault
docs/vault-connect-ca-namespace-improvements
jm/vault-wan-fed
community-12079
jm/test
jm/vault-wan-fed-2
jm/vault-gossip
fix-lambda-l7-routing
kisunji/pin-circleci-docker-version
eculver/auth-method-docs
docs/clarify-crd-tutorial
ma/move-enterprise-meta-try2-oss
release/1.12.0-beta1
jm/helm
clly/upgrade-vault-api
jm/helm-updates
release/1.8.x
evrowe-consul-ui-readme-update
backport/patch-1/forcibly-shining-javelin
backport/patch-1/properly-polished-condor
feature-negotiation-grpc-api
boxofrad/autoreload-merge
kisunji/cache-fix-test
docs/agent-config
bump-api
remove-gogo-getters
dnephin/docs-more-details-about-vault-provider
ffmmm/default-prom-s
test-no-disk
kisunji/rpc-shim
serverless-via-metadata
ui/feature/fix-auth-method-views
dnephin/remove-lib-translate-keys-attempt-2
dnephin/acl-resolver-6
dnephin/rpc-metrics
docs/clarify-connect-language
david-yu-bump-envoy
zs.test-placeholder-page-removal
release/1.9.16
release/1.10.9
release/1.11.4
case-insensitive-node-names-acl-checks
kisunji/fix-stable-website
gw-xds-handling-eventual-consistency
pcmccarron-patch-1
jm/vault-ent-license
ui/chore/ci/1.11.x
dnephin/docs-day-acl-overview
david-yu-release-note
dnephin/http-struct-interfaces
ishustava/auth-method-secondary-dc
sm/add-goarm-to-main
tgw/resolver-query-fix-1-9
tgw/resolver-query-fix-1-10
tgw/resolver-query-fix
david-yu-bug-report
dnephin/prefix-overlap-watches
release/1.11.3
release/1.9.15
release/1.10.8
boxofrad/upgrade-grpc
boxofrad/spike-catalog-write-rate-limit
dnephin/acl-resolve-token-5
lkysow/serverless-via-metadata
ui/bugfix/2-instance-1-proxy
gha-basic-artifact-validation
add-docs-for-anno
cts-ls-test-docs
external-services
ma/resource-listing
dnephin/ca-remove-unused-fields
dnephin/acl-resolve-token-4
dep/raft-boltdb
blake/support-qname-minimization-6579
copy-working-file
sarah-test
add-missing-consul-env-file
kisunji/assetfs-merge-ci
blake/ingress-no-dnsname-port-gh-11092
david-yu-patch-1
brk.check-link-follow-redirect
cts-deprecate-port-option
boxofrad/streaming-contention-simple-semaphore
urldecode-url-query-params-part-1
update_gen_meta-2
update_gen_meta-1
update_gen_meta
kisunji/small-testfix
fix-broken-dockerfile-sam
boxofrad/streaming-contention-experiment
boxofrad/streaming-contention-close-in-goroutine
boxofrad/streaming-contention-next-fast-path
boxofrad/streaming-contention-semaphore-wakeup
release/1.11.2
release/1.10.7
release/1.9.14
dnephin/docs-day-acl-move-rules-table
docs/tables-instead-of-lists
Amier3-patch-1
clarify-hcl-cli
docs/fix-exported-services
kisunji/upgrade-warning
dnephin/docs-day-acl-move-config-ref
blake/1.11-oidc-ui-nspace-fix
add-patches
ma/ipv6-robustness-fixes
refactor-add-patches
kisunji/more-ent-test-fixes
ui/chore/remove-tooltip-component
ui/bugfix/fixup-routlets
blake/fix-kv-import-folder-prefix-10906
release/1.10.6
release/1.9.13
release/1.8.19
release/1.11.1
ui/bugfix/403-partitions-endpoint
release/1.11.0
release/1.9.12
release/1.8.18
release/1.10.5
boxofrad/fix-changelog-pr-links
improve-intention-error-messages
ap/main-docs
ap/exports-docs
terminating-gateway-overrides
kisunji/go1.17.4
release/1.11.0-rc
partition/session-test-kvs-endpoint
ishustava/vault-k8s-docs
boxofrad/rename-master-acl-tokens-internally
loadtest-test
brk.feat/mdx-v2
revert-11692-cherry-pick-fix
cherry-pick-fix
cherry-pick-merge
dnephin/ca-cluster-id
dnephin/ca-cluster-id-2
dnephin/catalog-service-list-filter
agent/tls-types
ishustava/debug-mesh-gw-test
ffmmm/b-10871
release/1.11.0-beta3
release/1.9.11
release/1.8.17
release/1.10.4
ma/typo-fix
ma/md5_fix_oss
release/1.11.0-beta2
ui/scratch/storybook-overlord
dnephin/deprecate-verify-incoming
crt-consul-migration
dnephin/acl-resolver-7
ui/scratch/light-sshhhhh
revert-11376-leadership-transfer-onleave
ui/backport/1.8.x/11328
crt-migration-build-flags
add_build_ui
dnephin/ca-manager-move-to-new-package-2
dnephin/ca-manager-move-to-new-package
kisunji/fix-stable-website-2
release/1.11.0-beta1
tagged-addrs
dnephin/conn-pool-docs
backport/1.11.x/11107
release/1.11.0-alpha
raft-tls-include-intermediates
release/1.10.2
release/1.9.9
release/1.8.15
docs/update-wan-fed-mesh-gateway-guide
docs/consul-snapshot-agent-kms-policy-4369
dhia/ca-cas-config-refactor
dnephin/secure-defaults
release/1.10.1
release/1.9.8
release/1.8.14
mirror-to-ent
release/1.10.1-beta1
website/1.10.0
release/1.10.0
release/1.8.13
release/1.9.7
release/1.10.0-rc2
release/1.10.0-rc
dnephin/agent-setup-user-event-handler
dnephin/cleanup-ae
dnephin/fix-serf-tag-data-race
release/1.10.0-beta4
release/1.9.6
release/1.8.12
release/1.8.11
release/1.7.x
release/1.10.0-beta3
release/1.8.11-beta2
dnephin/move-dns-server-to-apiServers
release/1.8.11-beta1
envoy-crash-help
release/1.6.x
release/1.10.0-beta2
reach
dnephin/ci-handle-ent-differences
dnephin/structs-proxy-defaults-remove-name-field
release/1.10.0-beta1
release/1.9.5
release/1.7.14
release/1.8.10
bny-custom-04052021
health-prefer-connect
release/1.10.0-alpha
release/1.9.4
release/1.8.9
release/1.7.13
release/1.8.9-beta1
release/1.9.3
mgw-wanfed-hard-network-partition
release/1.7.12
release/1.8.8
release/1.9.2
km.vercel-config
release/1.9.1
release/1.8.7
release/1.7.11
m1-investigate
wasm-filters
rboyer/hack-neo
release/1.8.7-beta1
dnephin/cleanup-ae-3
dnephin/cleanup-ae-2
release/1.9.0
release/1.6.10
release/1.8.6
release/1.7.10
release/1.9.0-rc1
release/1.9.0-beta3
release/1.9.0-beta2
correct-acl-hash-replication
test/load-test-lambda
release/1.7.9
release/1.8.5
nia_resize_image
dnephin/enable-logging-color
ui/feature/ui-config-dashboard-urls
only_async_trigger_changes
ui/chore/standardize-statechart-yield
scratch/data-source-metrics
no-change-cache
add-ui-checker
release/1.8.4
release/1.7.8
release/1.6.9
release/1.8.2
release/1.7.6
feature/acl-replication-status
k8s_healthcheck
release/1.8.1
release/1.7.5
release/1.6.7
blake/v1.8.0-ingress-websocket-fix
release/1.8.0
1.14.0-beta1
1.6.2
streaming-rpc
disco-retain-details
hack-deploy
docs/k8s-deployment
x/streaming-v2
x/bench-catalog
x/singleflight
service-tags-upgrade-fix
fix-leaf-timeout
mrktfix18
v1.11.0-beta2
v1.11.0-beta1
v1.10.3
v1.9.10
v1.8.16
v1.11.0-alpha
v1.10.2
v1.8.15
v1.9.9
v1.9.8
v1.8.14
v1.10.1
v1.10.1-beta1
v1.10.0
v1.9.7
v1.8.13
v1.10.0-rc2
v1.10.0-rc
v1.10.0-beta4
v1.9.6
v1.8.12
v1.8.11
v1.10.0-beta3
v1.8.11-beta2
v1.8.11-beta1
v1.10.0-beta2
v1.10.0-beta1
v1.7.14
v1.8.10
v1.9.5
v1.10.0-alpha
v1.9.4
v1.8.9
v1.7.13
v1.8.9-beta1
v1.9.3
v1.7.12
v1.8.8
v1.9.2
v1.9.1
v1.8.7
v1.7.11
v1.8.7-beta1
v1.9.0
v1.6.10
v1.7.10
v1.8.6
v1.9.0-rc1
v1.9.0-beta3
v1.9.0-beta2
v1.7.9
v1.8.5
v1.9.0-beta1
v1.8.4
v1.6.9
v1.7.8
v1.7.7
v1.8.3
v1.6.8
v1.7.6
v1.8.2
v1.8.1
v1.6.7
v1.7.5
v1.8.0
v1.8.0-rc1
v1.7.4
v1.6.6
v1.8.0-beta2
v1.8.0-beta1
v1.7.3
v1.6.5
v1.7.2
v1.6.4
v1.7.1
v1.7.0
api/v1.4.0
sdk/v0.4.0
v1.7.0-beta4
v1.6.3
v1.7.0-beta3
v1.7.0-beta2
v1.7.0-beta1
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc1
v1.6.0-beta3
v1.5.3
v1.6.0-beta2
v1.6.0-beta1
v1.5.2
v1.5.1
v1.4.5
v1.5.0
api/v1.0.1
sdk/v0.1.0
api/v1.0.0
internal/v0.1.0
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.2.4
v1.4.0
v1.3.1
v1.4.0-rc1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.1-rc1
v1.0.0
v1.0.0-beta2
v1.0.0-beta1
v0.9.3
v0.9.3-rc2
v0.9.3-rc1
v0.9.2
v0.9.1
v0.9.0
v0.9.0-rc1
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.8.0-rc1
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.2-rc1
v0.7.1
v0.7.0
v0.7.0-rc2
v0.7.0-rc1
v0.6.4
v0.6.4-rc3
v0.6.4-rc2
v0.6.4-rc1
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.6.0-rc2
v0.6.0-rc1
api/v1.1.0
api/v1.10.0
api/v1.10.1
api/v1.11.0
api/v1.12.0
api/v1.13.0
api/v1.13.1
api/v1.14.0
api/v1.15.0
api/v1.15.1
api/v1.15.2
api/v1.15.3
api/v1.16.0
api/v1.17.0
api/v1.18.0
api/v1.18.1
api/v1.18.2
api/v1.19.0
api/v1.19.1
api/v1.19.2
api/v1.2.0
api/v1.20.0
api/v1.21.0
api/v1.21.1
api/v1.21.2
api/v1.21.3
api/v1.21.4
api/v1.22.0
api/v1.22.0-rc1
api/v1.23.0
api/v1.24.0
api/v1.25.0
api/v1.25.1
api/v1.26.0-rc1
api/v1.26.1
api/v1.26.1-rc1
api/v1.27.0
api/v1.27.1
api/v1.27.2
api/v1.28.0
api/v1.28.0-rc1
api/v1.28.1
api/v1.28.2
api/v1.28.3
api/v1.28.4
api/v1.28.5
api/v1.29.0
api/v1.29.1
api/v1.29.2
api/v1.29.3
api/v1.29.4
api/v1.29.5
api/v1.29.5-rc1
api/v1.29.6
api/v1.3.0
api/v1.30.0
api/v1.5.0
api/v1.6.0
api/v1.7.0
api/v1.8.0
api/v1.8.1
api/v1.9.0
api/v1.9.1
ent-changelog-1.15.11
ent-changelog-1.15.12
ent-changelog-1.15.13
ent-changelog-1.15.14
ent-changelog-1.15.15
ent-changelog-1.16.7
ent-changelog-1.16.8
ent-changelog-1.17.4
ent-changelog-1.17.5
ent-changelog-1.17.6
ent-changelog-1.17.7
ent-changelog-1.18.3
ent-changelog-1.18.4
ent-changelog-1.18.5
ent-changelog-1.19.3
envoyextensions/v0.1.0
envoyextensions/v0.1.1
envoyextensions/v0.1.2
envoyextensions/v0.2.0
envoyextensions/v0.2.1
envoyextensions/v0.2.2
envoyextensions/v0.2.3
envoyextensions/v0.2.4
envoyextensions/v0.3.0
envoyextensions/v0.3.0-rc1
envoyextensions/v0.4.0
envoyextensions/v0.4.1
envoyextensions/v0.5.0-rc1
envoyextensions/v0.5.1
envoyextensions/v0.5.1-rc1
envoyextensions/v0.5.2
envoyextensions/v0.5.3
envoyextensions/v0.5.4
envoyextensions/v0.6.0
envoyextensions/v0.6.0-rc1
envoyextensions/v0.6.1
envoyextensions/v0.6.2
envoyextensions/v0.7.0
envoyextensions/v0.7.1
envoyextensions/v0.7.2
envoyextensions/v0.7.3
envoyextensions/v0.7.4
envoyextensions/v0.7.4-rc1
envoyextensions/v0.7.5
envoyextensions/v0.7.6
list
proto-public/v0.1.0
proto-public/v0.1.1
proto-public/v0.2.0
proto-public/v0.2.1
proto-public/v0.3.0
proto-public/v0.4.0
proto-public/v0.4.0-rc1
proto-public/v0.4.1
proto-public/v0.5.0-rc1
proto-public/v0.5.1
proto-public/v0.5.1-rc1
proto-public/v0.5.2
proto-public/v0.5.3
proto-public/v0.5.4-rc1
proto-public/v0.6.0
proto-public/v0.6.0-rc1
proto-public/v0.6.1
proto-public/v0.6.2
proto-public/v0.6.3
sdk/v0.1.1
sdk/v0.10.0
sdk/v0.11.0
sdk/v0.12.0
sdk/v0.13.0
sdk/v0.13.1
sdk/v0.14.0
sdk/v0.14.0-rc1
sdk/v0.14.1
sdk/v0.14.2-rc1
sdk/v0.14.3-rc1
sdk/v0.15.0
sdk/v0.15.1
sdk/v0.16.0
sdk/v0.16.0-rc1
sdk/v0.16.1
sdk/v0.2.0
sdk/v0.3.0
sdk/v0.5.0
sdk/v0.6.0
sdk/v0.7.0
sdk/v0.8.0
sdk/v0.9.0
stable-website-pre-1.12.0-force-push
troubleshoot/v0.1.0
troubleshoot/v0.1.1
troubleshoot/v0.1.2
troubleshoot/v0.2.0
troubleshoot/v0.2.1
troubleshoot/v0.2.2
troubleshoot/v0.3.0
troubleshoot/v0.3.0-rc1
troubleshoot/v0.3.1
troubleshoot/v0.4.0-rc1
troubleshoot/v0.4.1
troubleshoot/v0.4.1-rc1
troubleshoot/v0.5.0
troubleshoot/v0.5.1
troubleshoot/v0.5.2
troubleshoot/v0.5.3
troubleshoot/v0.5.4
troubleshoot/v0.6.0
troubleshoot/v0.6.0-rc1
troubleshoot/v0.6.1
troubleshoot/v0.6.2
troubleshoot/v0.6.3
troubleshoot/v0.6.5
troubleshoot/v0.7.0
troubleshoot/v0.7.1
troubleshoot/v0.7.2
troubleshoot/v0.7.2-rc1
troubleshoot/v0.7.3
v0.1.0
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.5.0
v0.5.0rc1
v0.5.1
v0.5.2
v0.9.4
v1.0.8
v1.1.1
v1.10.10
v1.10.11
v1.10.12
v1.10.4
v1.10.5
v1.10.6
v1.10.7
v1.10.8
v1.10.9
v1.11.0
v1.11.0-beta3
v1.11.0-rc
v1.11.1
v1.11.10
v1.11.11
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.11.8
v1.11.9
v1.12.0
v1.12.0-beta1
v1.12.1
v1.12.2
v1.12.3
v1.12.4
v1.12.5
v1.12.6
v1.12.7
v1.12.8
v1.12.9
v1.13.0
v1.13.0-alpha1
v1.13.0-alpha2
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.13.6
v1.13.7
v1.13.8
v1.13.9
v1.14.0
v1.14.0-beta1
v1.14.1
v1.14.10
v1.14.11
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.14.7
v1.14.8
v1.14.9
v1.15.0
v1.15.1
v1.15.10
v1.15.11
v1.15.2
v1.15.3
v1.15.4
v1.15.5
v1.15.6
v1.15.7
v1.15.8
v1.15.9
v1.16.0
v1.16.0-rc1
v1.16.1
v1.16.2
v1.16.3
v1.16.4
v1.16.5
v1.16.6
v1.16.7
v1.17.0
v1.17.0-rc1
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.18.0
v1.18.0-rc1
v1.18.1
v1.18.2
v1.19.0
v1.19.1
v1.19.2
v1.20.0
v1.20.0-rc1
v1.20.1
v1.8.17
v1.8.18
v1.8.19
v1.9.11
v1.9.12
v1.9.13
v1.9.14
v1.9.15
v1.9.16
v1.9.17
${ noResults }
66 Commits (zs.test-mdx-fixes)
| Author | SHA1 | Message | Date |
|---|---|---|---|
hashicorp-copywrite[bot]
|
5fb9df1640
|
[COMPLIANCE] License changes (#18443)
* Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Adding explicit MPL license for sub-package This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository. * Updating the license from MPL to Business Source License Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl. * add missing license headers * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 * Update copyright file headers to BUSL-1.1 --------- Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com> |
1 year ago |
|
Chris S. Kim
|
747a4c73c1
|
Fix bug with Vault CA provider (#18112)
Updating RootPKIPath but not IntermediatePKIPath would not update leaf signing certs with the new root. Unsure if this happens in practice but manual testing showed it is a bug that would break mesh and agent connections once the old root is pruned. |
1 year ago |
|
Chris S. Kim
|
a5397b1f23
|
Connect CA Primary Provider refactor (#16749)
* Rename Intermediate cert references to LeafSigningCert Within the Consul CA subsystem, the term "Intermediate" is confusing because the meaning changes depending on provider and datacenter (primary vs secondary). For example, when using the Consul CA the "ActiveIntermediate" may return the root certificate in a primary datacenter. At a high level, we are interested in knowing which CA is responsible for signing leaf certs, regardless of its position in a certificate chain. This rename makes the intent clearer. * Move provider state check earlier * Remove calls to GenerateLeafSigningCert GenerateLeafSigningCert (formerly known as GenerateIntermediate) is vestigial in non-Vault providers, as it simply returns the root certificate in primary datacenters. By folding Vault's intermediate cert logic into `GenerateRoot` we can encapsulate the intermediate cert handling within `newCARoot`. * Move GenerateLeafSigningCert out of PrimaryProvidder Now that the Vault Provider calls GenerateLeafSigningCert within GenerateRoot, we can remove the method from all other providers that never used it in a meaningful way. * Add test for IntermediatePEM * Rename GenerateRoot to GenerateCAChain "Root" was being overloaded in the Consul CA context, as different providers and configs resulted in a single root certificate or a chain originating from an external trusted CA. Since the Vault provider also generates intermediates, it seems more accurate to call this a CAChain. |
2 years ago |
|
Ronald
|
94ec4eb2f4
|
copyright headers for agent folder (#16704)
* copyright headers for agent folder * Ignore test data files * fix proto files and remove headers in agent/uiserver folder * ignore deep-copy files |
2 years ago |
|
R.B. Boyer
|
4940a728ab
|
Detect Vault 1.11+ import in secondary datacenters and update default issuer (#15661)
The fix outlined and merged in #15253 fixed the issue as it occurs in the primary DC. There is a similar issue that arises when vault is used as the Connect CA in a secondary datacenter that is fixed by this PR. Additionally: this PR adds support to run the existing suite of vault related integration tests against the last 4 versions of vault (1.9, 1.10, 1.11, 1.12) |
2 years ago |
|
Daniel Nephin
|
86994812ed |
ca: cleanup validateSetIntermediate
|
3 years ago |
|
Daniel Nephin
|
9b7468f99e |
ca/provider: remove ActiveRoot from Provider
|
3 years ago |
|
Daniel Nephin
|
f05bad4a1d |
ca: update GenerateRoot godoc
|
3 years ago |
|
Daniel Nephin
|
b92084b8e8 |
ca: reduce consul provider backend interface a bit
This makes it easier to fake, which will allow me to use the ConsulProvider as an 'external PKI' to test a customer setup where the actual root CA is not the root we use for the Consul CA. Replaces a call to the state store to fetch the clusterID with the clusterID field already available on the built-in provider. |
3 years ago |
|
Daniel Nephin
|
b4080bc0dc |
ca: use the cluster ID passed to the primary
instead of fetching it from the state store. |
3 years ago |
|
Daniel Nephin
|
b9ab9bae12 |
ca: accept only the cluster ID to SpiffeIDSigningForCluster
To make it more obivous where ClusterID is used, and remove the need to create a struct when only one field is used. |
3 years ago |
|
FFMMM
|
4ddf973a31
|
add root_cert_ttl option for consul connect, vault ca providers (#11428)
* add root_cert_ttl option for consul connect, vault ca providers Signed-off-by: FFMMM <FFMMM@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Chris S. Kim <ckim@hashicorp.com> * add changelog, pr feedback Signed-off-by: FFMMM <FFMMM@users.noreply.github.com> * Update .changelog/11428.txt, more docs Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> * Update website/content/docs/agent/options.mdx Co-authored-by: Kyle Havlovitz <kylehav@gmail.com> Co-authored-by: Chris S. Kim <ckim@hashicorp.com> Co-authored-by: Daniel Nephin <dnephin@hashicorp.com> Co-authored-by: Kyle Havlovitz <kylehav@gmail.com> |
3 years ago |
|
R.B. Boyer
|
6c47efd532
|
connect/ca: ensure edits to the key type/bits for the connect builtin CA will regenerate the roots (#10330)
progress on #9572 |
3 years ago |
|
Daniel Nephin
|
bf292cbae4 |
ca: use provider constructors to be more consistent
Adds a contructor for the one provider that did not have one. |
3 years ago |
|
Daniel Nephin
|
6228c4a53c |
ca: fix mockCAServerDelegate to work with the new interface
raftApply was removed so ApplyCARequest needs to handle all the possible operations Also set the providerShim to use the mock provider. other changes are small test improvements that were necessary to debug the failures. |
3 years ago |
|
Daniel Nephin
|
fc14f5ab14 |
ca: move provider creation into CAManager
This further decouples the CAManager from Server. It reduces the interface between them and removes the need for the SetLogger method on providers. |
3 years ago |
|
R.B. Boyer
|
a2876453a5
|
connect/ca: cease including the common name field in generated certs (#10424)
As part of this change, we ensure that the SAN extensions are marked as critical when the subject is empty so that AWS PCA tolerates the loss of common names well and continues to function as a Connect CA provider. Parts of this currently hack around a bug in crypto/x509 and can be removed after https://go-review.googlesource.com/c/go/+/329129 lands in a Go release. Note: the AWS PCA tests do not run automatically, but the following passed locally for me: ENABLE_AWS_PCA_TESTS=1 go test ./agent/connect/ca -run TestAWS |
3 years ago |
|
Matt Keeler
|
d9d4c492ab
|
Ensure that CA initialization does not block leader election.
After fixing that bug I uncovered a couple more: Fix an issue where we might try to cross sign a cert when we never had a valid root. Fix a potential issue where reconfiguring the CA could cause either the Vault or AWS PCA CA providers to delete resources that are still required by the new incarnation of the CA. |
4 years ago |
|
Kyle Havlovitz
|
e13f4af06b |
connect: Check for expired root cert when cross-signing
|
4 years ago |
|
Hans Hasselberg
|
d4877f03e7
|
fix TestLeader_SecondaryCA_IntermediateRenew (#8702)
* fix lessThanHalfTime * get lock for CAProvider() * make a var to relate both vars * rename to getCAProviderWithLock * move CertificateTimeDriftBuffer to agent/connect/ca |
4 years ago |
|
Daniel Nephin
|
f65e21e6dc |
Remove unused return values
|
4 years ago |
|
Chris Piraino
|
401221de58
|
Allow users to configure either unstructured or JSON logging (#7130)
* hclog Allow users to choose between unstructured and JSON logging |
5 years ago |
|
Hans Hasselberg
|
82c556d1be
|
connect: use correct subject key id for leaf certificates. (#7091)
|
5 years ago |
|
Hans Hasselberg
|
804eb17094
|
connect: check if intermediate cert needs to be renewed. (#6835)
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates. This PR adds a check that renews the cert if it is half way through its validity period. In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests. |
5 years ago |
|
Hans Hasselberg
|
87f32c8ba6
|
auto_encrypt: set dns and ip san for k8s and provide configuration (#6944)
* Add CreateCSRWithSAN * Use CreateCSRWithSAN in auto_encrypt and cache * Copy DNSNames and IPAddresses to cert * Verify auto_encrypt.sign returns cert with SAN * provide configuration options for auto_encrypt dnssan and ipsan * rename CreateCSRWithSAN to CreateCSR |
5 years ago |
|
R.B. Boyer
|
10f04a8c4a |
connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011)
|
5 years ago |
|
Paul Banks
|
cd1b613352
|
connect: Add AWS PCA provider (#6795)
* Update AWS SDK to use PCA features. * Add AWS PCA provider * Add plumbing for config, config validation tests, add test for inheriting existing CA resources created by user * Unparallel the tests so we don't exhaust PCA limits * Merge updates * More aggressive polling; rate limit pass through on sign; Timeout on Sign and CA create * Add AWS PCA docs * Fix Vault doc typo too * Doc typo * Apply suggestions from code review Co-Authored-By: R.B. Boyer <rb@hashicorp.com> Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Doc fixes; tests for erroring if State is modified via API * More review cleanup * Uncomment tests! * Minor suggested clean ups |
5 years ago |
|
Paul Banks
|
d7329097b2
|
Change CA Configure struct to pass Datacenter through (#6775)
* Change CA Configure struct to pass Datacenter through * Remove connect/ca/plugin as we don't have immediate plans to use it. We still intend to one day but there are likely to be several changes to the CA provider interface before we do so it's better to rebuild from history when we do that work properly. * Rename PrimaryDC; fix endpoint in secondary DCs |
5 years ago |
|
Paul Banks
|
b621910618
|
Support Connect CAs that can't cross sign (#6726)
* Support Connect CAs that can't cross sign * revert spurios mod changes from make tools * Add log warning when forcing CA rotation * Fixup SupportsCrossSigning to report errors and work with Plugin interface (fixes tests) * Fix failing snake_case test * Remove misleading comment * Revert "Remove misleading comment" This reverts commit bc4db9cabed8ad5d0e39b30e1fe79196d248349c. * Remove misleading comment * Regen proto files messed up by rebase |
5 years ago |
|
Paul Banks
|
45d57ca601
|
connect: Allow CA Providers to store small amount of state (#6751)
* pass logger through to provider * test for proper operation of NeedsLogger * remove public testServer function * Ooops actually set the logger in all the places we need it - CA config set wasn't and causing segfault * Fix all the other places in tests where we set the logger * Allow CA Providers to persist some state * Update CA provider plugin interface * Fix plugin stubs to match provider changes * Update agent/connect/ca/provider.go Co-Authored-By: R.B. Boyer <rb@hashicorp.com> * Cleanup review comments |
5 years ago |
|
Todd Radel
|
29b5253154 |
connect: Implement NeedsLogger interface for CA providers (#6556)
* add NeedsLogger to Provider interface * implements NeedsLogger in default provider * pass logger through to provider * test for proper operation of NeedsLogger * remove public testServer function * Switch test to actually assert on logging output rather than reflection. --amend * Ooops actually set the logger in all the places we need it - CA config set wasn't and causing segfault * Fix all the other places in tests where we set the logger * Add TODO comment |
5 years ago |
|
Todd Radel
|
54f92e2924 |
Make all Connect Cert Common Names valid FQDNs (#6423)
|
5 years ago |
|
Paul Banks
|
87699eca2f
|
Fix support for RSA CA keys in Connect. (#6638)
* Allow RSA CA certs for consul and vault providers to correctly sign EC leaf certs. * Ensure key type ad bits are populated from CA cert and clean up tests * Add integration test and fix error when initializing secondary CA with RSA key. * Add more tests, fix review feedback * Update docs with key type config and output * Apply suggestions from code review Co-Authored-By: R.B. Boyer <rb@hashicorp.com> |
5 years ago |
|
R.B. Boyer
|
af01d397a5
|
connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs (#6492)
The fields in the certs are meant to hold the original binary representation of this data, not some ascii-encoded version. The only time we should be colon-hex-encoding fields is for display purposes or marshaling through non-TLS mediums (like RPC). |
5 years ago |
|
R.B. Boyer
|
796de297c8
|
connect: intermediate CA certs generated with the vault provider lack URI SANs (#6491)
This only affects vault versions >=1.1.1 because the prior code accidentally relied upon a bug that was fixed in https://github.com/hashicorp/vault/pull/6505 The existing tests should have caught this, but they were using a vendored copy of vault version 0.10.3. This fixes the tests by running an actual copy of vault instead of an in-process copy. This has the added benefit of changing the dependency on vault to just vault/api. Also update VaultProvider to use similar SetIntermediate validation code as the ConsulProvider implementation. |
5 years ago |
|
Alvin Huang
|
c516fabfac
|
revert commits on master (#6413)
|
5 years ago |
|
tradel
|
9b1ac4e7ef |
add subject names to issued certs
|
5 years ago |
|
R.B. Boyer
|
561b2fe606
|
connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340)
|
5 years ago |
|
Paul Banks
|
e87cef2bb8 |
Revert "connect: support AWS PCA as a CA provider" (#6251)
This reverts commit
|
5 years ago |
|
Todd Radel
|
3497b7c00d
|
connect: support AWS PCA as a CA provider (#6189)
Port AWS PCA provider from consul-ent |
5 years ago |
|
Todd Radel
|
2552f4a11a
|
connect: Support RSA keys in addition to ECDSA (#6055)
Support RSA keys in addition to ECDSA |
5 years ago |
|
Hans Hasselberg
|
33a7df3330
|
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597)
|
5 years ago |
|
R.B. Boyer
|
f4a3b9d518
|
fix typos reported by golangci-lint:misspell (#5434)
|
6 years ago |
|
R.B. Boyer
|
c7067645dd |
fix a few leap-year related clock math inaccuracies and failing tests
|
6 years ago |
|
Kyle Havlovitz
|
29e4c17b07
|
connect/ca: fix a potential panic in the Consul provider
|
6 years ago |
|
Kyle Havlovitz
|
a28ba4687d
|
connect/ca: return a better error message if the CA isn't fully initialized when signing
|
6 years ago |
|
Kyle Havlovitz
|
e8dd89359a
|
agent: fix formatting
|
6 years ago |
|
Aestek
|
25f04fbd21 |
[Security] Add finer control over script checks (#4715)
* Add -enable-local-script-checks options These options allow for a finer control over when script checks are enabled by giving the option to only allow them when they are declared from the local file system. * Add documentation for the new option * Nitpick doc wording |
6 years ago |
|
Kyle Havlovitz
|
57deb28ade |
connect/ca: tighten up the intermediate signing verification
|
6 years ago |
|
Kyle Havlovitz
|
2919519665 |
connect/ca: add intermediate functions to Vault ca provider
|
6 years ago |