mirror of https://github.com/hashicorp/consul
dependabot/go_modules/github.com/aliyun/alibaba-cloud-sdk-go-1.63.60
release/1.20.x
main
dependabot/go_modules/github.com/hashicorp/hcp-sdk-go-0.125.0
dependabot/npm_and_yarn/website/prettier-3.4.1
backport/patch-1/surely-united-jennet
backport/docs/change-backendRefs-api-group/largely-working-woodcock
dependabot/go_modules/k8s.io/apimachinery-0.31.3
dependabot/go_modules/github.com/olekukonko/tablewriter-0.0.5
dependabot/npm_and_yarn/ui/cross-spawn-6.0.6
dependabot/npm_and_yarn/website/husky-9.1.7
dependabot/github_actions/slackapi/slack-github-action-2.0.0
SuyashHashiCorp-patch-2
SuyashHashiCorp-patch-1-1
dependabot/go_modules/go.opentelemetry.io/otel/metric-1.32.0
dependabot/go_modules/golang.org/x/oauth2-0.24.0
dependabot/npm_and_yarn/website/next-15.0.3
dependabot/go_modules/github.com/hashicorp/raft-1.7.1
dependabot/go_modules/github.com/hashicorp/go-sockaddr-1.0.7
dependabot/go_modules/github.com/hashicorp/raft-boltdb/v2-2.3.0
dependabot/go_modules/gotest.tools/v3-3.5.1
backport/docs/CE-749-remove-references-from-consul/humbly-leading-emu
release/1.18.x
release/1.19.x
release/1.15.x
backup_grafana-dashboards
dependabot/npm_and_yarn/ui/elliptic-6.6.0
release/1.18.5
release/1.15.15
release/1.19.3
release/1.20.1
dependabot/github_actions/actions/setup-go-5.1.0
dhiaayachi/fix-trustbundle-peers
zalimeni/go-work
backport/zalimeni/feature/net-1151-l7-intentions-security-fixes--api-docs-1.19
dhiaayachi/raft-wal-backend-as-default
release/1.20.0
zalimeni/feature/net-1151-l7-intentions-security-fixes--archive
backport/Suppress-CVE-2024-8096/quietly-brief-koala
dependabot/github_actions/golangci/golangci-lint-action-6.1.1
dependabot/npm_and_yarn/ui/rollup-2.79.2
zalimeni/test-ci-skips
feature/envoy-support-tlsv13
release/1.20.0-rc1
backport/fix-changelog/nearly-grown-kangaroo
bump/go-and-envoy/rc1.20
dhiaayachi/raft-wal-backend-as-default-code
NET-8983/raft-version-bump
ci/update-security-scanner-token
backport/Suppress-CVE-2024-8096/gradually-brave-ewe
zalimeni/dhiaayachi/raft-wal-backend-as-default--suggestions
b-ui/manual-backport-d3-color
SECVULN-8533-lodash-template
upgrade-1.3-dataplane-to-1.6-dataplane
ui/codemirror-lint-removal
ui/de-lint
ui/remove-jsonlint-dep
SECVULN-6892-word-wrap
dependabot/npm_and_yarn/ui/express-4.20.0
dependabot/go_modules/test/integration/consul-container/github.com/docker/docker-25.0.6incompatible
jm/ent-deps
dependabot/go_modules/test-integ/github.com/docker/docker-25.0.6incompatible
release/1.17.x
may-alignment
dependabot/go_modules/test/integration/consul-container/github.com/opencontainers/runc-1.1.14
dependabot/npm_and_yarn/ui/webpack-5.94.0
release/1.17.7
release/1.18.4
release/1.19.2
jm/release-1.18.4
release/1.16.x
jm/retract
jm/1.9-sub
jm/1.5-sub
jm/1.19-updated-go-mods
using-art-hashi
apivalidateclusters
adds-helm-docs-update-from-1-4-2-consul-k8s
NET-10719-fix-apigw-jwt-cluster-generation
temp
backport/NET-8717-Vulnerabilities-in-consul-enterprise-d3-color/accurately-normal-snipe
artifact-manifest/main/smoothly-fresh-quagga
NET-10248-consul-cross-namespace-requests-to-a-terminating-gateway-fail-with-no-healthy-upstream
revert-21572-zalimeni/update-bpa
update-to-blessed-fork-of-mapstucture
dependabot/github_actions/docker/setup-qemu-action-3.2.0
optimized-seek-prefix-watch
fix-tests
dependabot/github_actions/browser-actions/setup-chrome-1.7.2
release/1.19.1
backport/update-envoy/merely-stunning-doberman
NET-10288-Bump-go-to-resolve-CVE-2024-24791
backport/zalimeni/net-5622-consolidate-envoy-version-mgmt/similarly-crisp-mako
jm/bpa
backport/NET-10288-Bump-go-to-resolve-CVE-2024-24791/wrongly-optimal-lamprey
NET-10290-Bump-envoy-to-resolve-CVE-2024-39305
iradix-improved
zs.test-mdx-fixes
zalimeni/net-5622-consolidate-envoy-version-mgmt-1.18
zalimeni/net-5622-consolidate-envoy-version-mgmt-test-1.19-nightly
zalimeni/fix-nightly-branch-sourcing-get-go-version
test/zalimeni/docs-skip-mdx
test/zalimeni/docs-skip-md
smre-317/redhat-projectid
backport/docs/1-19-release-notes-fix/factually-evolving-koala
backport/docs/external-crd-fix/accurately-talented-cobra
release/1.19.0
dan/1.19.0/changelog-update
zalimeni/net-5622-consolidate-envoy-version-mgmt-test-nightly-upgrade
zalimeni/net-5622-consolidate-envoy-version-mgmt-1.17
backport/CE-577-release-notes/namely-fleet-lionfish
dans/remove-multiport-docs
backport/CE-564-external-services-crd/carefully-generous-kodiak
zalimeni/update-submodules-post-1.5.0
backport/CE-572-file-system-certificate/slowly-pure-herring
security/ui-dependency-bump
HCPCP-1619-unix-socket-host
dhiaayachi/go-toolchain
rboyer/deployer-with-v2-tproxy-bookmark
dans/test-pr-labeler
net-6706
make-codegen
art
release/1.18.2
revert-version-updates
backport/jm/ui-main/openly-ace-mole
release/1.16.8
release/1.17.5
docs/waf-page-migration
backport/zalimeni/test-bpa-0.4.1/urgently-accepted-snipe
net-8416-add-gateway-api-request-redirect-filter
zalimeni/net-9229-remove-coredns-1.16
sarah/test-license-script
sarah/test-reproducible-build
backport/zalimeni/k8s-1.4.0-docs-feedback/willingly-strong-pony
backport/zalimeni/net-9224-bump-go-1.21.10/uniquely-bold-jackal
SuyashHashiCorp-patch-1
security/auto-go-bump
backport/security-coredns-fix/1.15.x
backport/security-coredns-fix/1.16.x
backport/security-coredns-fix/1.17.x
release/1.15.12
zalimeni/test-ent-license-exclusion
zalimeni/test-ent-license-exclusion-2
zalimeni/test-ent-license-exclusion--baseline-main
zalimeni/net-9141-exclude-ce-license-ent
backport/zalimeni/upgrade-vault-remove-go-jose.v2/usually-quality-locust
backport/zalimeni/upgrade-vault-remove-go-jose.v2/extremely-feasible-rat
backport/zalimeni/upgrade-vault-remove-go-jose.v2/privately-square-walrus
dans/remove-ws-from-jira-gha
docs/krastin/nomad-for-consul
docs/manual-backport-kv-page
docs/manual-backport-for-LTS
kv-1.10.8-withlogs
ds-nd/net-9016-kvdataloss
kv-1.14.8-withlogs
jm-net-5879
backport/docs/tutorial-refresh-support/mostly-settled-alien
backport/docs/tutorial-refresh-support/yearly-integral-clam
backport/file-system-certificate/formally-top-minnow
docs/consul-ia-experiment
zalimeni/verify-docker-engine-version
zalimeni/test/main-baseline-envoy-int-tests
NET-6821-Host-Header-Rewrite
docs/add-partition-query-api
hack-hcp-integration-split
backport/david-yu-build-dockerfile/mutually-assuring-albacore
backport/david-yu-patch-3/informally-factual-colt
release/1.18.1
docs/cluster-peering-improvements
backport/add-tests-for-gw-proxy-controller/loosely-primary-crane
NET-6820-Mesh-GW-Customize-mesh-gateway-proxy-limits
jm/NET-8431
dependabot/npm_and_yarn/ui/follow-redirects-1.15.6
docs/jkirschner-hashicorp-patch-1
release/1.14.x
revert-20682-CC-7479-add-alert-to-link-to-hcp-modal-to-refresh-page
backport/david-yu-gke-autopilot/internally-sharp-thrush
proxycfg-deadlock-2
proxycfg-deadlock
zalimeni/submodules-to-go-work
sqm
backport/david-yu-cleanup-1-18/distinctly-stirring-catfish
david-yu-patch-2
backport/release/1.18.0-followup
release/1.18.0
zalimeni/no-op-test-ci-1.14
backport/zalimeni/net-6741-add-make-target-dependency-update-modules/partly-welcome-unicorn
skpratt/resource-api-support
manual-backport-1.8.0-ingress-gateway
backport/zalimeni/net-7713-v2-docs-virtual-port-ref-k8s--1.18.0
rboyer/xds-refactor
service-endpoints-id-ports
nickcellino/link-status
david-yu-v2-update
computed-gateway-routes-spike
backport/david-yu-gke-autopilot/recently-driving-dingo
backport/zalimeni/net-6741-add-make-target-dependency-update-modules/entirely-genuine-koi
jm/cc
zalimeni/dns-recurse-only-if-enabled
rboyer/proxy-configuration-cache
update-link-to-documents-from-link-to-hcp-modal
net-8075/certs-for-api-gateways
net-7986/routes-for-api-gateways
rboyer/fix-v2-testing
net-7953/adjust-computed-gateway-protos
net-7984/clusters-for-api-gateways
listener-route-spike
release/1.15.10
ashwin-michael/crd-auto-generation
release/1.17.3
release/1.16.6
backport/fix-ent-merge/enormously-close-sculpin
backport/link-to-hcp-modal-error-when-acls-disabled/severely-cool-sparrow
nicoleta/bum-envoy-on-1.15.x
nicoleta/bump-envoy-on-1.18.x
docs/consul-ia-experiment-cts-adam
nicoleta/bump-envoy
dyu/envoy-bump
johnlanda/bench
dans/NET-7910/v2-dns-enable-peering
backport/docs/lkysow/verify-outgoing/luckily-viable-anchovy
backport/docs/lkysow/verify-outgoing/sincerely-expert-buck
backport/docs/lkysow/verify-outgoing/strictly-well-sheepdog
backport/backport/remove-CONSUL_HCP_LINK_ENABLED-flag/scarcely-precise-silkworm-manual
CC-7146/hcp-link-item-in-the-nav-bar
nd/net-7510-openapi-followup-matt-poc
backport/cc-7147-link-to-hcp-modal/kindly-verified-snipe
backport/remove-CONSUL_HCP_LINK_ENABLED-flag/scarcely-precise-silkworm
resource-v1-1.18
resource-v1
backport/jjti/fix-hcp-client-logs/infinitely-decent-ibex
backport/jjti/fix-hcp-client-logs/visually-secure-spaniel
backport/jjti/fix-hcp-client-logs/happily-charmed-jawfish
backport/jjti/fix-hcp-client-logs/presently-free-roughy
backport/jjti/fix-hcp-export-logger/intensely-growing-horse
backport/jjti/fix-hcp-client-logs/commonly-desired-antelope
release/1.18.0-rc1
backport/dans/NET-6796/dns-v2-catalog-v2-ns-soa/mostly-real-ibex
eliminate-gotest.tools/v3
backport/jjti/fix-hcp-client-logs/evenly-clean-slug
backport/exported_services_cli_and_docs/rc1
backport/jm/no-parallel-dns-tests/ultimately-accurate-sponge
backport/jm/no-parallel-dns-tests/tightly-liberal-emu
backport/jm/no-parallel-dns-tests/sharply-true-tetra
backport/tauhid621_exported_services_docs_and_cli/specially-blessed-longhorn
backport/derekm/NET-7652/broadly-regular-firefly
backport/derekm/NET-7652/freely-peaceful-kit
backport/jm/no-parallel-dns-tests/willingly-adjusted-mallard
fixes/helper-text-config-entry-delete
backport/jm/endpoint-result/yearly-better-sunfish
backport/update-exported-services-compat-triggers/immensely-humble-labrador
backport/tauhid621_exported_services_docs_and_cli/normally-positive-lionfish
backport/kisunji/fix-permissive-envoy-ext/unduly-set-ram
NET-7376-consul-consul-k8s-Set-status-on-APIGateway-with-required-info-from-kubesig
backport/kisunji/fix-permissive-envoy-ext/lately-ideal-calf
hcp/expose-grpc-scada
xw/NET-5725-client-refactor
xw/NET-5725-grpc-cli-clean-up
NET-6469/add-custom-watch
ui/copy-link-mock-endpoint-to-prefixed-api
ui/fix-mock-api-endpoint
jm/gh-20360
ui/fix-tests-whoopsie
backport/krastin/vault-for-consul/factually-enough-buck
backport/krastin/vault-for-consul/clearly-main-molly
CC-7146/convert-consul-hcp-to-a-simpler-component-for-some-upcoming-changes
docs/refactor-discover-services-docs
backport/derekm/fix-cicd-docker-pull/steadily-evolved-kitten
backport/CC-7146/convert-consul-hcp-to-a-simpler-component-for-some-upcoming-changes/barely-trusting-yeti
loshz/NET-7225-peeringv2-proto-check
CC-7146/Sidebar-item-for-linking-status
local-mesh-gateway-pst
zalimeni/net-5586-support-virtual-port-xroute-dest
ron-test
traffic-permissions-cache
backport/tauhid621/exported_services_api_grpc/literally-cuddly-gecko
backport/troubleshoot-ports
docs/proposed-docs-overview-pages
release/1.17.2
release/1.15.9
NET-5090/implicit-destinations
release/1.16.5
backport/NET-3860/moderately-awake-grouse
update-version-1.17
net-6230-namespace-tp
resource-type-scope-gen
zalimeni/net-6597-upgrade-go-jose-go-oidc
fix-transparent-proxy
backport/docs/k8s-acl-fix/repeatedly-solid-cricket
NET-7014-consul-Look-up-mesh-gateway-controlling-workload-instead-of-assuming-its-identity
jm/v2-dns-v1-data-fetcher
mesh-gateway-broken-all-the-things
zalimeni/api-sdk-backwards-compat-go-version-detect
backport/jm/remove-tests-skipping/finally-romantic-anteater
backport/jm/remove-tests-skipping/typically-credible-bug
backport/jm/remove-tests-skipping/physically-enough-molly
release/1.13.x
release/1.12.x
backport/spatel/busl-2024/entirely-closing-dove
backport/spatel/busl-2024/correctly-picked-buffalo
backport/spatel/busl-2024/namely-saved-squid
backport/patch-1/arguably-special-marlin
zalimeni/use-consul-go-version-nomad-vault-int-suite
backport/zalimeni/use-go-version-file/marginally-modest-condor
backport/zalimeni/use-go-version-file/firmly-tops-chow
backport/zalimeni/use-go-version-file/sincerely-native-man
backport/krastin/vault-for-consul/noticeably-awaited-chamois
architecture-log
cc-7178-skip-flakey-test-in-navigation
ui/cc-7178-skip-flakey-test-in-navigation
backport/krastin/vault-for-consul/indirectly-mint-bison
zalimeni/check-go-max-procs
backport/jm/NET-7025/commonly-saved-glowworm
backport/jm/NET-7025/pleasantly-balanced-sole
jm/split-compatibility
backport/krastin/vault-for-consul/thankfully-big-condor
jm/NET-6941
backport/jm/NET-7025/implicitly-optimal-drum
backport/jm/NET-6944/clearly-winning-fly
backport/jm/NET-6944/subtly-adequate-gopher
backport/net-bind-service/evenly-sharp-hornet
mesh-gateway-all-the-things
backport/dyu/ubi/completely-neat-cobra
backport/dyu/ubi/optionally-content-bug
backport/dyu/ubi/ultimately-singular-leech
backport/dyu/ubi/carefully-funky-bonefish
zalimeni/tmp-show-least-request-prop-override-golden
backport/dyu/ubi/finally-growing-grub
backport/ui/CC-7062-get-back-metrics-test-with-updated-selector-upd/broadly-diverse-bear
ui/CC-7062-get-back-metrics-test-with-updated-selector-upd
tauhid621/exported_services_api
backport/add-ent-and-ce-frontend-test-runs-to-pr/painfully-outgoing-drum
backport/add-ent-and-ce-frontend-test-runs-to-pr/morally-sure-fowl
backport/add-ent-and-ce-frontend-test-runs-to-pr/similarly-new-sloth
backport/dyu/network-segments/loudly-tops-tadpole
zalimeni/enable-security-scans-release--test
backport/dyu/network-segments/specially-prepared-mammoth
backport/natemollica-nm-server-workload-telemetry-update/apparently-immune-oriole
backport/natemollica-nm-server-workload-telemetry-update/secondly-massive-kiwi
backport/natemollica-nm-server-workload-telemetry-update/hopelessly-modest-lark
kisunji/net-6230-namespace-trafperms
ui/CC-7062-get-back-metrics-test-with-updated-selector-for-draft
ui/CC-7062-get-back-metrics-test-with-updated-selector
docs/consul-ia-experiement-fdbk-1
release/1.17.1
release/1.16.4
release/1.15.8
backport/fix-role-linked-token-list/blindly-trusted-glowworm
fix/make-test-deployer
backport/docs/added-redirects-for-conf-entries-1.14.x
backport/docs/added-redirects-for-conf-entries-1.13.x
backport/docs/added-redirects-for-conf-entries
zalimeni/sanitize-slack-ci-failure-input--test
backport/releng/remove-duplicate-ubi/singularly-leading-finch
backport/docs/added-1.17-features-to-enterprise-overview
backport/releng/remove-duplicate-ubi/mainly-sterling-bulldog
backport/docs/flag-ent-features-1.17/marginally-stirred-crappie
backport/gateway-upstream-disambiguation-ce/strictly-pleasant-mule
backport/consul-collector-reduce-flush-intervals/externally-natural-pangolin
openapi
backport/NET-3860/namely-curious-iguana
backport/lorna/cc-6925/hcp-tls/monthly-correct-buck
extend-retry
backport/doc-v2-traffic-permission/jointly-top-ant
backport/jm/go-tests-notify-3/genuinely-pumped-glowworm
backport/jm/go-tests-notify-3/luckily-tough-platypus
backport/jm/go-tests-notify-3/allegedly-trusting-moose
lorna/cc-6925/1-15
nfi-poc-gotestdoc
zalimeni/skip-failure-notification-slack-on-cancel--test-skip-refactor
zalimeni/skip-failure-notification-slack-on-cancel--test-skip-latest
backport/lorna/cc-6925/hcp-tls/immensely-dear-grouper
backport/jm/go-tests-notify-3/nicely-electric-calf
dl-license
test-branch
derekm/NET-6565/release-1.15.3-wpac
config_replication_id
zalimeni/add-make-target-dependency-update-modules
backport/docs/fips-cluster-peering/repeatedly-evolved-stallion
backport/zalimeni/net-6725-fix-sidecarproxycontroller-flake/literally-on-raven
backport/zalimeni/net-6725-fix-sidecarproxycontroller-flake/primarily-logical-stingray
deepcopy-gatewaycontroller
dyu-license
backport/RELPLAT-980-license-file-updates/vertically-modern-dogfish
NET-6313/resource-list-poc
backport/kisunji/controller-test-fix/internally-artistic-buzzard
tauhid621/peer_exported_services_api
backport/ui/NET-438-add-ent-version-suffix/privately-inspired-escargot
backport/ui/NET-438-add-ent-version-suffix/actively-faithful-walleye
zalimeni/update-k8s-docs-1.17.x
kisunji/small
ui/temporary-remove-tests-which-fails-on-consul-enterprise
ui/temporary-remove-token-policy-test
backport/dhiaayachi/fix_panic_policy_delete/logically-amazed-crow
backport/dhiaayachi/fix_panic_policy_delete/publicly-pumped-tadpole
add-bind-type-policy
backport/consul-collector-reduce-flush-intervals/likely-loved-hog
ui/NET-438-add-ent-version-suffix
zalimeni/net-6600-remove-insecure-hash-use
backport/ci-remove-duplicate-test/actually-sensible-swine
NET-6416-meshgateway-acls
jm/go-tests-notify
spatel/gci-format-all-the-things
jm/go-tests-notify-2
NET-6453/skip-traffic-permission-test-on-M1
backport/docs/manage-traffic-link-fix/hardly-together-salmon
backport/sarahalsmiller-timeoutbehaviormutation/only-native-cow
backport/NET-5688-gwui-fixes/mentally-superb-prawn
backport/NET-5688-gwui-fixes/noticeably-easy-magpie
jm/split-tests
backport/integ-test-use-asserter/internally-cheerful-mullet
NET-6608
backport/jm/local-app-protocol-test/hardly-noble-aardvark
backport/nathancoleman-patch-1/ghastly-endless-lioness
backport/zalimeni/alemuro/3101-support-statefulset-pvc-retain--docs/logically-complete-krill
backport/ui/feature/make-global-read-only-policy-non-editable/instantly-hardy-chamois
backport/fix-home-link/wholly-regular-bengal
backport/rboyer/deployer-makefile/early-steady-sloth
ui/fix-home-link
jm/empty-endpoints
silent-ui-tests
backport/rboyer/fix-drift/singularly-glad-locust
release/1.17.0
nfi-cache-unit-test-results
jm/NET-6385-hack
jm/destination-tests-grpc
jm/resource-tests
controller-cache
build-darwin-ubuntu
jm/NET-5150
backport/docs/add-redirects-1.8-conf-entries/freely-grateful-camel
backport/docs/add-redirects-1.8-conf-entries/pleasantly-cunning-pig
backport/docs/add-redirects-1.8-conf-entries/illegally-driving-fawn
backport/docs/add-redirects-1.8-conf-entries/factually-relieved-flounder
backport/update-docs-for-splitting/primarily-smashing-halibut
robyer/deployer-l7-split-tests
NET-5889-absl
NET-6354
backport/docs/multi-port-v1-17-ga/hopelessly-premium-ostrich
release/1.16.3
release/1.15.7
release/1.14.11
net-5889/workloadhealth-tests
dans/that-time-dan-broke-consul
hack-cloudlink
backport/nathancoleman-patch-1/badly-pro-pug
net-6138/release/1.17.x
jm/agent-hack
jm/fix-jwt-auth-bug
jm/retry-on-connect-failure
debugging-jm/NET-6294-deepcopy
backport/docs/note-about-connect-service-upstream-env-var/lively-exciting-reptile
validate-decoded-helper
jm/NET-6294-NET-4944
backport/kisunji/ent-label-ratelimit/normally-casual-sparrow
debugging-jm/NET-6294
kisunji/ent-label-ratelimit
doc-clarify-version-format
jm/checking-changes-old
jm/move-code
ishustava/fix-agent-proxy-mgr-instantiation
backport/dhiaayachi/raft-wal-0.4.1/sadly-super-monarch
backport/jm/NET-6081/equally-complete-thrush
backport/net-4786/mesh-strict-dns/conversely-climbing-aphid
backport/jm/NET-5397/violently-choice-perch
backport/spatel/list-default-peername/endlessly-moral-krill
fix-controller-watch
backport/upgrade-to-node-18/rationally-fancy-flamingo
dhiaayachi/NET-5519-ns-bridge-2
backport/disable_envoy_check/mistakenly-mighty-glider
backport/disable_envoy_check/closely-liberal-monkfish
backport/kisunji/vault-ca-fixes/awfully-smooth-katydid
backport/kisunji/vault-ca-fixes/fully-electric-phoenix
NET-5327-consistency-docs
ui/NET-5414
backport/derekm/grpc-server-keepalive/gladly-popular-cod
backport/dyu/multi-port/greatly-musical-lab
backport/docs/multiport-hcp-update/seemingly-valid-jaybird
CC-6363/downgrade-node-for-v-1-point-15
CC-6363/downgrade-node-for-ci
backport/dyu/dns-port/typically-creative-hermit
mvincent/no-freelist-logging
backport/docs/initial-multiport-fixes/constantly-thorough-pheasant
CC-5545/upgrade-hds-packages
backport/RELPLAT-897-copywrite-bot-workarounds/likely-content-goshawk
ui/CC-6137
backport/nd/net-4931-l7/endlessly-intimate-reindeer
backport/ishustava/NET-5377-sidecar-proxy-ctrl-improvements/oddly-talented-sole
backport/ishustava/NET-3995-computed-proxy-config/slightly-cheerful-kangaroo
backport/ashwin/generate-proto-deep-copy-json-marshal/naturally-exotic-anemone
backport/dyu/dns-port/manually-light-ant
service-owner-ref
docs/release-1.17-reconcile-1
docs/1.17-docs-reconcile
backport/docs/1-17-release-notes/friendly-smiling-sailfish
docs/1-17-release-notes
add-new-golden-file-tests
backport/cthain/net-5807/vault-ca-namespace-config/miserably-factual-blowfish
jwt-multiple-virtual-hosts
backport/cthain/net-5807/vault-ca-namespace-config/heavily-rested-donkey
backport/dyu/gh-pr-workflow/definitely-relaxed-mollusk
backport/NET-4135/marginally-ultimate-sculpin
backport/NET-4135/fairly-stable-lamb
release/1.17.0-rc1
revert-19038-NET-5788-fix-ready-listeners-in-core
jm/NET-5822-test
ishustava/test-int-tests
hcp-link-config-skeleton
kisunji/1.14.x-docs-backport
backend-changes-doesnt-run-frontend-task-on-ci-test
changes-to-ui-folder-test
jm/NET-5590-xds-server
backport/docs/patch-release/constantly-teaching-giraffe
backport/fix-doc/physically-growing-doberman
v2-tproxy-container-tests
jm/NET-4931
resource-type-gen2
backport/jwt-warning-docs/completely-poetic-herring
backport/jwt-warning-docs/uniquely-organic-muskox
backport/test_skip_ci/widely-normal-platypus
backport/test_skip_ci/usually-glowing-fowl
backport/test_skip_ci/literally-cuddly-woodcock
test_ci_skip
v2-gateways-controller
stub-v2-gateways
backport/NET-5611_fix_trigger_ci/simply-relevant-foal
v2-gateways-api-proto
release/1.15.6
backport/docs/apigee-backports/deeply-active-jackal
release/1.16.2
backport/docs/note-about-connect-service-upstream-env-var/certainly-helped-horse
backport/docs/fix-k8s-crd-example-configs/naturally-capital-bobcat
release/1.14.10
docs/note-about-connect-service-upstream-env-var
backport/docs/fix-k8s-crd-example-configs/seriously-real-cricket
backport/NET-4519/annually-huge-filly
backport/NET-4519/deadly-precise-jawfish
backport/NET-4519/heavily-equal-spaniel
backport/docs/fix-broken-links-8-18/cleanly-wired-honeybee
18831-backport1.14.10
18831-backport1.16.2
18831-backport1.15.6
tagger-14
docs/rebackport-k8s-fed-req-failed-pick
update-api-version
backport/docs/k8s-federation-requirements/rapidly-resolved-doberman
revert-18796-docs/ext-authz-apigee
core-multiport-fixes
backport/catalog-deregistration-fix/grossly-lenient-treefrog
backport/catalog-deregistration-fix/optionally-blessed-cockatoo
derekm/xds-use-same-http-protocol-downstream-to-localapp
nfi-fix-go-test-check
backport/docs/ce-514-envoy-constraints/publicly-modern-sturgeon
jm/v2-examples
rebase-multiport-test-fixes
jm/explicit-based-l7
wire-up-traffic-permissions
backport/kisunji/fix-test/blatantly-prime-loon
backport/kisunji/fix-test/admittedly-valid-ray
backport/kisunji/fix-test/entirely-major-chigger
backport/kisunji/cleanup-resources/solely-moved-dodo
backport/kisunji/cleanup-resources/secondly-devoted-longhorn
backport/am-ak-patch-1/really-stirring-flounder
ishustava/NET-5580-bump-all-resource-versions
backport/16955-transfer-leader/safely-positive-bobcat
retry-timeout-e2e-test-NET-5208
stepbui1-patch-1
backport/kisunji/vault-ca-clean-unused-issuers/curiously-neat-tarpon
backport/kisunji/vault-ca-clean-unused-issuers/rapidly-smart-sunbird
backport/kisunji/vault-ca-clean-unused-issuers/hugely-eminent-monster
ishustava/multi-port-test-fixes
ishustava/v2-traffic-perms-ir-suggestions
update-node-version-to-14
backport/ui/feature/make-global-read-only-policy-non-editable/infinitely-related-hornet
backport/ui/feature/make-global-read-only-policy-non-editable/frequently-crack-mouse
fix-integ-machines
increase-maching-size
nfi-fix-test-integ-go-mod
v2-backend-ref-note
backport/spatel/emit-consul-version-periodically/kindly-close-wasp
oss-rename-trigger
jm/multi-port-integ
NET-5017-status-condition-fixes
NET-1643-66794-consul-version-in-prometheus-format-metrics-is-0
rboyer/golden-proto-json
NET-5084/TrafficPermission-WorkloadIdentity-protos
natemollica-nm-patch-2
jm/net-4941-leaf
natemollica-nm-patch-1
backport/jer/cc6039-policy-desc/adversely-sought-ladybird
backport/jer/cc6039-policy-desc/multiply-native-bird
backport/spatel/emit-consul-version-periodically/mentally-choice-bug
backport/NET-1521/conversely-romantic-dodo
v2-docstring-updates
vault-nomad-version-bump
backport/nfi-net5476-nightly-peering-integ/horribly-enough-piranha
backport-1.16-fix-snapshot-test
backport/dans/fix-snapshot-save-test/willingly-golden-leopard
backport/dans/fix-snapshot-save-test/vaguely-solid-sheepdog
backport/dans/fix-snapshot-save-test/partly-sweeping-mollusk
NET-1594-backport-1.15.x
NET-1594-backport-1.14.x
NET-1594-backport
fix-fips-build-amd
ui/copy-edits-for-built-in-policy-alert
ui/rm-intention-test-with-latency
spatel/fix-typo
johnlanda/trafficpermissionscontroller
backport/derekm/NET-4958/missing-endpoints/unlikely-positive-wildcat
NET-5147-plumbing
dhiaayachi/NET-4926-v1-ns-delete
backport/cc-4960/move-first-fetch-into-provider/informally-exciting-blowfish
backport/cc-4960/move-first-fetch-into-provider/rapidly-climbing-airedale
poc-cli-grpc
skpratt/workload-identity
jm/NET-4944-1
NET-581-Configure-Vault-namespaces-for-Connect-CA-via-Helm-Stanza
backport/cc-4960/move-first-fetch-into-provider/separately-nearby-seagull
backport/docs/fix-broken-links-8-18/conversely-gentle-swan
promtheus_consul_version
jjtimmons/backport-otel-freq-2
jjtimmons/backport-48c8a83
spatel/scope-required-in-registration
jm/delete-website
backport/jjtimmons/reduce-export-freq/hardly-generous-martin
backport/jjtimmons/reduce-export-freq/safely-frank-mudfish
backport/nightly-slack-notification/daily-rich-wren
backport/nightly-slack-notification/legally-smart-terrier
jm/NET-4944
backport/gha-concurrency/honestly-live-sailfish
backport/gha-concurrency/largely-gentle-crab
backport/gha-concurrency/mildly-great-unicorn
backport/gha-concurrency/finally-exciting-filly
backport/spatel/oss_to_ce/mentally-well-moccasin
backport/spatel/oss_to_ce/highly-moral-spider
NET-438/add-ent-version-suffix
ui/NET-438/add-ent-version-suffix
backport/fix_altdomain_dcname_overlap/loudly-definite-dingo
backport/docs/k8s-tgw-tutorial-role-id-fix/duly-known-shad
pglass/dump-aws-bearer-token
backport/docs/blake/fix-spelling-errors-aug23/partially-equal-haddock
backport/ui/bug/fix#18406/promptly-choice-goose
backport/ui/bug/fix#18406/roughly-credible-llama
backport/fix_altdomain_dcname_overlap/mistakenly-ready-hog
backport/fix_altdomain_dcname_overlap/thoroughly-daring-mule
backport/spatel/oss_to_ce/obviously-proud-fish
backport/docs/k8s-tgw-tutorial-role-id-fix/seemingly-social-chow
backport/zalimeni/net-5163-prioritize-by-locality-test/pleasantly-central-chow
backport/zalimeni/net-5163-prioritize-by-locality-test/primarily-harmless-marmoset
backport/zalimeni/net-5163-prioritize-by-locality-test/ultimately-related-drum
backport/zalimeni/net-5163-prioritize-by-locality-test/verbally-suited-aphid
backport/docs/k8s-tgw-tutorial-role-id-fix/severely-innocent-mosquito
gh-13491
gh-18096-fix-missing-ttl-value
ishustava/xds-server-v2
ishustava/sidecar-proxy-controller-tproxy
update-linux-package-license
sar-for-unit-tests
backport/compliance/license-changes/vigorously-holy-escargot
disable-flaky
backport/zalimeni/net-5217-derive-proxy-locality-from-parent-service-oss/absolutely-pumped-adder
docs-backport-fix-er
fix-flaky
rboyer/wrappedtypes
retry-flaky
release/1.14.9
release/1.15.5
backport/upgrade-testcontainer-version/pleasantly-moved-penguin
zalimeni/net-5189-fix-any-slice-handling-repeated-fields
backport/docs/add-rate-limit-ops-diagram/widely-alive-mallard
compliance/add-headers
zalimeni/try-go-workspace-submodules
release/1.16.1
backport/docs/k8s-federation-requirements/finally-lenient-cub
backport/docs/k8s-federation-requirements/friendly-prompt-jay
backport/integ-test-upgrade-test/truly-becoming-mule
backport/patch-1/tightly-endless-javelin
nfi-go-test-cache
nfi-split-lint-from-go-tests
backport/zalimeni/net-5146-bump-go-net_http-cve/externally-innocent-maggot
backport/ronald/fix-docs-typo/uniformly-teaching-martin
backport/NET-3860/uniformly-funny-pug
backport/cc-4960/hcp-telemetry-periodic-refresh/namely-joint-tarpon
backport/cc-4960/hcp-telemetry-periodic-refresh/quietly-splendid-leech
backport/mixed-service-topology/physically-large-griffon
backport/mixed-service-topology/accurately-nearby-falcon
ishustava/mesh-controller-upstream-proxy
jjtimmons/hcp-telemetry-periodic-refresh-start-up
backport/zalimeni/net-4904-bump-envoy-versions-docs/normally-endless-wren
backport/dyu/readme/globally-concise-oarfish
backport/docs/k8s-federation-requirements/surely-eminent-tomcat
poc-httpfilter
jer/ccm-read-only-squashed
wan-fed-v2
backport/docs/k8s-federation-requirements/constantly-vocal-cougar
jm/branch-filters
backport/gh-18152-members-filter-dc/firstly-ideal-maggot
backport/jer/ccm-read-only/lightly-worthy-sawfish
backport/jer/ccm-read-only/unlikely-glad-snapper
jm/fix-sw-qa
zalimeni/api-1.23.0-release
nvanthao/b-delete-config
backport/zalimeni/fix-submodule-versions-latest/thankfully-funny-colt
NET-4924_update_readme
release/1.11.x
markcv-upstreamConfig-update
backport/kisunji/NET-4766-vault-ca-bug-fix/inherently-harmless-louse
backport/kisunji/NET-4766-vault-ca-bug-fix/secondly-first-mullet
poc-alpn-glow
commontopo-better
nd/spike-proxy-state-controller
backport/kisunji/NET-4766-vault-ca-bug-fix/really-leading-tick
jm/go-testcontainers
go-action-cache
backport/docs/lkysow/prepare-dataplane-upgrade/deeply-joint-herring
backport/patch-1/briefly-merry-mantis
ishustava/authz-types
nvanthao/b-snapshot-recovery
hackathon/consul-common-errors
gotest-remote-cache
gotest-remote-cache-2
ui/ariadne/ui-changes
backport/dyu/jobs-pr-feedback/presumably-composed-wildcat
dyu/1.15-docs
ariadne/hack/backend
preetha/NET-1322
backport/dyu/jobs-pr-feedback/mildly-immune-hyena
ui/ariadne-core-ui
config-issue-616
docs/cts-zscaler-partner-guide
boxofrad/extract-type-registration
backport/patch-1/likely-next-halibut
oss-merge-pr-branch
backport/issue-17886-expose-certs/definitely-wise-sturgeon
add-peering-commontopo-tests-ci-fiddling
testingconsul-clean-up
backport/docs/config-enable-debug/conversely-positive-goblin
backport/docs/config-enable-debug/endlessly-probable-manatee
backport/docs/config-enable-debug/broadly-loving-tomcat
backport/docs/config-enable-debug/willingly-master-sloth
jm/NET-4739
update-upgrade-test-image
jm/verify-linux-fix
spatel/NET-3409-automate-goimports-on-commit-using-precommit
spatel/throwaway-gci-results-2
spatel/throwaway
spatel/throwaway-reviser-results
spatel/throwaway-gci-results
backup-windows-integration-27th-june
release/1.14.8
release/1.15.4
release/1.16.0
release/1.13.9
jm/preflight
NET-4277
windows-integration-test-envoy
code-organization
boxofrad/resource-service-client
debug-1.16-api
backport/gh-17320-update-metrics-doc/probably-promoted-lynx
backport/fix-error-msg-fmt/normally-allowed-redbird
f-reloadable-configuration-enable-debug-backup
ishustava/spike-controller-leaf-cert-watch
NET-4277-tests
backport/asheshvidyut/NET-3865/gratefully-apt-haddock
NET-4558-Address-comments-for-PR-https-github.com-hashicorp-consul-pull-15235
aahel
fix-leaf-panic
jm/acc-tests
revert-17760-backport/docs/lkysow-upgrade/scarcely-master-adder
backport/docs/jwt-auth-fixes/poorly-suited-pelican
rboyer/spike-agent-cache-watch--fork
ishustava/spike-agent-cache-watch
ishustava/spike-proxy-cfg-src-v2
docs/fix-release-notes-links
backport/docs/api-gw-k8s-add-upgrade-step-1.16/fully-suited-cattle
jm/NET-4237
boxofrad/spike-version-translation
backport/brk.chore/remove-link-format-check/promptly-aware-garfish
release/1.16.0-rc1
ui/feature/use-cut-list-item-for-services
dans/NET-3917/initial-fetch-timeout-permafix
boxofrad/spike-server-resource
release/1.15.3
backport/zalimeni/net-3900-fix-tproxy-extension-panic/slowly-blessed-moray
backport/NET-3893/container-logs/intensely-nice-boar
backport/NET-3893/container-logs/obviously-primary-sawfly
jm/ip-rate-limit-api
backport/CI-upload-upgrade-test-to-datadog/incredibly-helping-pig
jjtimmons/increase-buckets
boxofrad/spike-resource-http
backport/feature/hcp-telemetry/personally-central-caribou
zalimeni/net-3447-reintroduce-new-extension-resources
test/jjtimmons/hcp-telemetry
backport/docs/common-errors/amazingly-golden-pony
migrate-tests-to-use-slack-actions
remove-to-ingress
spatel/better-testlist-main
backport/f/metrics-collector-rename/achooo
release/1.14.7
release/1.13.8
backport/f/metrics-collector-rename/highly-clean-elf
docs/fix-broken-links-1
backport/fix-submat-view-bug/physically-stirring-zebra
backport/dans/NET-3917/default-0s-initial_fetch_timeout/fairly-fluent-drake
backport/jer/cloud-docs/briefly-adequate-filly
NET-3914-gha-upgrade-test-single-runner
NET-3914-gha-run-compat-tests-single-runner
backport/jer/cloud-docs/gratefully-stunning-frog
kisunji/subloggers
jm/test-splitting
NET-3914-gha-change-upgrade-test-small-runner-no-splitting
backport/NET-3914-fix-container-test-slow-image-build/sharply-game-mastiff
NET-3914-gha-change-upgrade-test-small-runner
backport/hans/add_new_field_to_bootstrap_config_and_push_state/primarily-sweeping-tapir
backport/hans/add_new_field_to_bootstrap_config_and_push_state/sadly-eminent-man
NET-3914-gha-resolve-the-issue-of-running-multiple-docker-container
jm/rmv-compat
jm/remove-compat-test-splitting
malizz/update-proto-imports-in-1.14.x
backport/ent-port-upgrade-tests-flatten/early-precious-treefrog
backport/kisunji/fix-flakes/formally-giving-goldfish
backport/derekm/NET-3881/health-call-loop-entfix/possibly-safe-swan
NET-2063-Implementation-API-GW-Use-XDS-primitives-instead-of-Ingress-GW-primitives
backport/derekm/NET-3881/health-call-loop/trivially-dashing-ox
backport/revert-17166-jm/remove-compat-test-splitting/reliably-lenient-roughy
backport/cc-4929-cap-socket-path/horribly-sunny-airedale
eikenb/vault-integration-testing
docs/er-404-inline-checker
backport/jm/remove-compat-test-splitting/rationally-wondrous-krill
backport/jm/remove-compat-test-splitting/honestly-outgoing-calf
backport/derekm/NET-3007/fix-peer-stream-cleanup/friendly-caring-krill
backport/jm/NET-3692/strangely-solid-owl
backport/upgrade-test-targetImage/enormously-endless-bluegill
backport/upgrade-test-targetImage/generally-guiding-horse
docs/clarify-cross-partition-mgw-export-requirement
clarify-connect-language-in-cli-help-text
backport/docs/clarify-connect-language-2/humbly-native-spaniel
backport/cc-4716-link-existing-clusters/hopelessly-full-koi
boxofrad/backend-list-by-owner
spatel/sandbox
docs/redirect-dns-docs
upgrade-test-remove-docker-login
cc-4931/nick-refactor
backport/cc-4716-link-existing-clusters/slightly-on-wren
jm/0427
jm/same-docker-compose
jm/gh-call
backport/spatel/NET-1646-add-max-ejection-percent/rarely-working-guinea
im2nguyen-patch-1
backport/docs/admin-partitions-node-scope/forcibly-bursting-kid
backport/cc-4519-collect-node-id/brightly-sharp-akita
backport/cc-4519-collect-node-id/suitably-funky-warthog
backport/docs/address-multicluster-singledc-docs/hopefully-set-mallard
kisunji/NET-2590-default-intention-policy
eikenb/matrix-integration-testing
derekm/improve-vip-lookups
jm/gha-recreation
backport/jm96441n/normalize-status-conditions/implicitly-mighty-racer
backport/loshz-patch-1/friendly-touched-killdeer
backport/raft-1.5.0-pipeline-fix/extremely-eager-chamois
backport/cp_NET-3684/mentally-fit-squirrel
docs/api-catalog-register-snake_case
no-op-ron-lint
kisunji/lintest
backport/jm/rmv-test-integrations/probably-topical-shrimp
nfi-api-client-nop-write
jm/gtsm
backport/jm/test-integrations/clearly-curious-liger
updategolangx
jm/hack-int2
backport/NET-3474/start-reporting-agent/slowly-inviting-whippet
jm/ul
test-gh-fix
sarah-test-docker-cpus
nfi-poc-unit-and-upgrade-type
nfi-poc-unit-and-upgrade
stub-api-gateway-xds
xds-native-primitives-poc
jm/hack-int
test-no-concurrency-full
test-no-concurrency
nfi-gha-fiddling
anita-upgrade-fix
NET-2029-Normalize-status-for-new-config-entry-types
hk/jm/test-integrations-fix-upgrade-test
backport/NET-3476/add-reporting-config/quickly-talented-wildcat
hk/jm/test-integrations-fix-compatibility-test
jm/test-integrations-hui-test-integ
boxofrad/controller-api-spike
jm96441n/manual-backport-dupe-parents
backport/jm/ba/sadly-tolerant-wombat
backport/jm/ba/usually-promoted-tapir
jm/success
jm/break-branch-protection
docs/vault-secrets-backend-limitations
404-checker-update
backport/jm/macos-arm64/actively-improved-dinosaur
backport/jm/deep-copy-lint-enums/gladly-fine-pegasus
backport/peering/re-establish-terminated/immensely-active-beetle
ci/main-assetfs-build
release/1.15.2
release/1.14.6
backport/jm/3372/freely-singular-dingo
backport/jm/3372/freely-intimate-gannet
acl/wait-for-token-replication-to-use-token
jer/merge-ccm-bootstrap-config
jm/3372-2
docs/intentions-refactor-docs-day-2022
spatel/pre-commit
jm/NET-3372
jm/test-split
GH-migration-add-oss-ent-builder-logic
backport/nathancoleman-patch-1/distinctly-growing-parakeet
docs/update-config-entry-ref-component
jm/NET-3394
backport/loshz/NET-3029-fix/radically-relaxing-robin
backport/loshz/NET-3029-fix/constantly-romantic-fox
backport/docs/wal-fix/certainly-romantic-parrot
docs/fix-broken-links
backport/remove-unused-are-hosts-set-check/loudly-sweet-dingo
jm/snap-restore
docs/update-content-cluster-peering
origin/markcv/update-envoy-version-doc
jm/ent-dev-migration
backport/add-query-for-namespace-lookup-when-creating-services
backport-squashing-fix-for-namespaces
NET-3059/acl-agent-api
backport/update-e2e-tests-for-namespaces/wholly-daring-porpoise
jm/snapshot-restore-tests
backport/docs_discovery_typo/jointly-happy-crane
ui/feature/ember-update-3.28.6
backport/cc-4361/hcp-metrics-bootstrap-config/manually-composed-snail
banks-patch-1
add-partitions-to-e2e-gateway-tests
backport/improve_ci_run_time/miserably-glowing-boa
backport/fix-changelog-check/blindly-pumped-shrimp
hans/ccm-playground
improve_ci_run_time
release/1.15.1
release/1.13.7
release/1.14.5
backport/fix_docs_conflict_leftovers/highly-sweet-whale
backport/NET-2292-upgrade-port-http/initially-innocent-dodo
api-gateway-ui
docs/sentence-case-titles
backport/dans/NET-1757/access-logs-docs/only-definite-polecat
backport/more-xds-races-and-panics/visually-tidy-crow
ui/chore/upgrade-ember-3-28
release/1.15.0
backport/brk.fix/update-links-for-developer/reasonably-choice-vulture
backport/patch-1/actually-sharing-chigger
backport/patch-1/easily-cheerful-dingo
backport/patch-1/socially-better-stork
backport/patch-1/verbally-glad-killdeer
wal-docs
spatel/NET-1847-repro
backport/kisunji/fix-flakes/honestly-bright-dove
backport/kisunji/fix-flakes/firstly-desired-dove
locality-aware-routing
stable-website
backport/operator-usage-docs/definitely-curious-gecko
envoy-ext-local-ratelimit-fix
temp-branch
dyu/dockerfile
troubleshoot/changelog
x/wal
eikenb/cloudfoundry-vault-provider-auth
NET-1723/append-rules
api-gateway-sds-fixes
releng-329
proxycfg/init-local-gateways-map
gateways/typed-status-regen
backport/patch-1/severely-ruling-mouse
backport/patch-1/legally-massive-flounder
gateway-listener-binding-bugfix
backport/envoy-bootstrap-log-fix/infinitely-communal-midge
errors/acl-agent-token-not-set
checkpoint_telemetry_poc
bug-service-defaults-override-by-proxy-defaults
jm-plug
jm-plug-git
api-gateway-all-controllers
routes-controller
jm-plug-http
docs/jeff-sandbox
backport/envoy-bootstrap-logging/enormously-outgoing-martin
jm/plug
NET-2088-upgrade-test-ingress-gateway
spatel/post-release-fixups
backport/licensing-exp-v2-docs/optionally-allowed-whippet
backport/docs/scale-typo/mostly-verified-werewolf
backport/docs/scale-typo/early-set-drum
backport/docs/page-descs-for-CLI/implicitly-precious-calf
backport/docs/page-descs-for-CLI/early-ample-basilisk
backport/danielehc-fix-filter-links/cleanly-humble-mole
backport/danielehc-fix-filter-links/vaguely-welcome-jawfish
release/1.12.9
release/1.13.6
release/1.14.4
test-prepare
backport/docs/nrichu-hcp-doc-patch/jolly-poetic-rat
errors/acl-not-found-bootstrap-not-exist
backport/docs/amb.migrate-link-formats/adversely-helping-troll
backport/docs/amb.migrate-link-formats/jointly-renewed-dolphin
backport/docs/amb.migrate-link-formats/thoroughly-obliging-trout
backport/docs/amb.migrate-link-formats/truly-supreme-hagfish
backport/docs/amb.migrate-link-formats/usually-sweeping-panda
luoxuan00733-patch-1
backport/ashwin/use-prxoy-health-docs/uniformly-new-cattle
b/scada-retry-disconnect
container-test-speedup
docs/rework-service-splitter-ref-docs
docs/rework-service-splitter-ref-docs-no-objects
docs/consul-k8s-upgrade
backport/ashwin/envoy-readiness/cleanly-supreme-poodle
backport/ashwin/envoy-readiness/visually-warm-sunfish
dans/fic-https-basic-test
backport/patch-1/noticeably-desired-seal
NET-1728/remove-docs-with-token-param
backport/docs/fix-bad-links-service-defaults-ref/evenly-causal-buzzard
backport/docs/fix-bad-links-service-defaults-ref/supposedly-selected-arachnid
backport/docs/fix-bad-links-service-defaults-ref/hardly-related-llama
skpratt/acl-error-debug
experiment/raft-grpc
NET-1805-upgrade-test-grpc
RELENG-305
docs/krastin/connect-serviceintentions-fixlinks
skpratt/acl-controller-test
fix-failing-linting-test
hcp-LastContact
remove-legacy-acl-vestiges
docs/peer-in-dns-lookups
NET-1805-cleanup-test-container-lib-basic-topology-single-dc
NET-1530-set-envoy-ext-rate-limit-plugin
backport/docs/update-consul-k8s-nginx-ingress-controller-example/sadly-inviting-pika
fix-protobuf-generation
backport/set-product-version/enormously-glad-titmouse
backport/set-product-version/instantly-direct-kitten
backport/set-product-version/infinitely-awaited-halibut
remove-legacy-acl-endpoints-cli
jm/hack
backport/update-apigw-version/commonly-noted-vervet
backport/update-apigw-version/annually-renewing-whippet
backport/docs/peering-api-update/amazingly-chief-mosquito
backport/patch-1/formally-happy-dane
sp/better-make-help
docs/k8s-0-49-helm-docs
vault-compatability-consul-pki-token
backport/vault-compatability-consul-pki-token/terribly-grand-tetra
backport/vault-compatability-consul-pki-token/usefully-ethical-kiwi
backport/vault-compatability-consul-pki-token/incredibly-discrete-lamprey
backport/vault-compatability-consul-pki-token/arguably-cool-silkworm
backport/vault-compatability-consul-pki-token/lightly-arriving-cattle
dans/fix-compat-test-access-logs
release/1.14.3
release/1.13.5
release/1.12.8
ingress-gw-tracing-config
a10-thunder-adc
cts-pan-ngfw
jm/mock-handler
malizz/NET-1663/fix-bug
jm/mock-handler-2
windows-preview
fix-flaky-peerstream-test
backport/docs/enterprise-feature-table/recently-upright-lemur
backport/docs/admin-partitions-link-k8s/trivially-excited-jaybird
update-go-1.18.9-rboyer
update-golang-x-libs
dans/make-peer-name-uniform
backport/docs/clarify-vault-ca-provider-permissions-needed/optionally-hardy-emu
mktg-tf-b183f7b50da4e35426c936006092c7b3
server-rate-limit/multilimiter-lock
eculver/verifications
release/1.14.2
release/1.13.4
release/1.12.7
kisunji/NET-1396-token-self-expanded
backport/ishustava/1.14-agentless-docs-updates/internally-star-beetle
server-rate-limit/mock-handler-2
backport/fix-gRPC-limit-peering/especially-premium-asp
NET-685-rate-limiting-to-registering-imported-services
test-go-build-cache
release/1.14.1
backport/docs/cluster-peering-parameter-fixes/yearly-flowing-arachnid
add-downstream-service-meta
backport/docs/k8s-1-14-releasenotes/widely-organic-wahoo
jm/multilimiter-memdb
docs/update-loglevel-trace
backport/docs/admin-partitions-114-update/correctly-enough-shad
backport/docs/dyu-compat-matrix/positively-funky-dory
backport/patch-1/correctly-cheerful-anchovy
docs/fix-broken-markdown-link
backport/david-yu-ubi/curiously-cunning-meerkat
backport/david-yu-ubi/publicly-loving-bluejay
backport/david-yu-ubi/secretly-balanced-rodent
nd/update-compat
release/1.14.0
backport/broken_links/evidently-improved-starfish
backport/broken_links/lately-faithful-falcon
backport/broken_links/regularly-living-monitor
backport/import-filter-v2
backport/import-filter
eculver/enable-arm-verifications
dans/skaffold-experiment
boxofrad/better-vault-error-logging
xds/cds-ack
backport/fix-unremoved-service-mesh-gateway/primarily-growing-wren
backport/kisunji/update-hcp-scada-provider/socially-wise-silkworm
backport/proxy-register-port-race-2/deeply-warm-man
backport/proxy-register-port-race-2/hugely-whole-hippo
cluster-peering-partitions
consul-vs-comp
backport/fix-issuer-growing-list-maybe-from-vault/barely-still-aardvark
backport/fix-issuer-growing-list-maybe-from-vault/blindly-adequate-bluebird
backport/fix-issuer-growing-list-maybe-from-vault/uniquely-master-falcon
origin/markcv/CSEP-157/duplicate-sidecar-port-validation
backport/fix-integ-flakiness/accurately-cunning-cardinal
backport/fix-integ-flakiness/precisely-simple-quagga
dependabot/go_modules/github.com/aws/aws-sdk-go-1.44.128
dans/NET-1154/persist-ca-updates-in-peering
nd/bring-back-peering-ext-addr
backport/nathancoleman-patch-1/instantly-premium-sturgeon
skpratt/test-coverage-report-ci
backport/raft-fix-nonvoter/evenly-pro-cod
skpratt/temp-debug
backport/docs/auto-cert-1-13-2/constantly-above-turtle
backport/docs/mgw-primary-upgrade/poorly-sincere-rattler
backport/docs/1-10-upgrade-compatibility-clarification/distinctly-relaxing-snail
backport/docs/1-10-upgrade-compatibility-clarification/gradually-united-polecat
docs/fix-ent-dns-service-lookup-link
backport/main/strangely-tops-wombat
release/1.13.3
release/1.12.6
release/1.11.11
backport/chore-fix-module-name/fully-giving-hagfish
backport/update-ent-license-link/exactly-bold-hyena
docs/auto-cert
kisunji/fix-golden
lkysow/service-not-exist
fix-agent-cache-leak-3
docs/misc-fixes
eculver/stable-website/latest-envoy-support
remove-deprecated-peering-fields
backport/docs/new-vault-connect-ca-permissions-needed/miserably-fun-drum
backport/docs/new-vault-connect-ca-permissions-needed/happily-knowing-sponge
backport/nathancoleman-patch-1/lightly-intimate-labrador
backport/docs/invoke-services-from-lambda/vigorously-generous-treefrog
backport/docs/invoke-services-from-lambda/severely-useful-katydid
backport/fix-flaky-integ-test-ingress/preferably-feasible-rattler
backport/fix-flaky-integ-test-ingress/noticeably-unified-dane
backport/fix-flaky-integ-test-ingress/commonly-strong-cow
release/1.14.0-beta1
backport/docs/clarify-license-behavior-on-restart/morally-ready-monkey
backport/malizz-validate-name-on-dlt-proxy-defaults/seriously-eager-werewolf
ui/chore/upgrade-327
backport/docs_update_helm_docs_vault_synccatalog/fairly-saved-filly
backport/docs/capigw-typos-usage/socially-needed-dodo
backport/krastin/website/telemetry-labels/duly-firm-toucan
gh-maxconnections-ingress-gateway
release/1.13.2
backport/patch-1/primarily-infinite-asp
release/1.11.10
release/1.11.9
release/1.12.5
backport/docs/fix-api-landing-page-typos/curiously-eminent-quail
backport/docs/fox-peering-metrics-labels-table/quietly-ready-louse
backport/docs/fox-peering-metrics-labels-table/conversely-capital-yak
backport/docs/fix-node-lookup-by-removing-tag/moderately-brave-barnacle
fix-peering-2-partitions
docs/update-faq-header
backport/docs/search-metadata-headers/supposedly-eternal-ox
grpc-tls-compat
backport/docs/what-is-consul-devdot-update/mutually-pleasing-insect
propogate-request-time-downstream
backport/dev-portal/largely-exact-worm
docs/api-overview-devdot
mathew.estafanous/dev
docs/update-storage-class-ref-arch
backport/docs/use_values_yaml_everywhere/clearly-frank-bonefish
backport/docs/use_values_yaml_everywhere/broadly-pro-possum
NET-801-add-internal-endpoint-to-return-peer-stream-health-from-peerstream-tracker
use_values_yaml_instead_of_config_yaml
backport/docs/capigw-tech-spec-update/explicitly-renewing-badger
backport/docs/capigw-tech-spec-update/formerly-awaited-elf
api-gw-docs-broken-link
NET-818-server-cert
ui/feature/has-peerings-class
backport/krastin/docs/improve-license/mostly-polite-turtle
NET-800-add-internal-endpoint-to-return-all-exported-services-to-a-given-peer
ui/bugfix/notfound-t
dns-srv-separate-tag-from-protocol
backport/gh-14341-txn-struct/randomly-noted-piglet
add-linter-net-rpc-r2
ui/scratch/ci-stuff
lkysow/windows-tests
backport/peering/term-delete/thoroughly-tough-snipe
replace-learn-links
remove-references-to-consul-connect
backport/docs/crossref-maint-mode-from-health-checks/explicitly-renewed-owl
release/1.10.x
consul-docs-ia-redesign-v2
eculver/oss-ent/new-params
backport/fix-merge-config-entry/badly-eternal-bonefish
backport/fix-merge-config-entry/carefully-open-stingray
backport/ashwin/cluster-peering-helm-docs/curiously-legible-drum
max-jitter
backport/dev-portal/thoroughly-enabling-kid
backport/eculver/update-nomad-integ-tests/nicely-fresh-bullfrog
backport/eculver/update-nomad-integ-tests/needlessly-saved-collie
kisunji/kv-docs-fix
backport/api-gateway-install-redirrects/wholly-one-sunbird
RELTOOL-20
kisunji-patch-1
release/1.13.1
kisunji/peering-bugfix-changelog
ignore-exported-prefix-on-cluster-metrics
boruszak/docs-stable-merge
release/1.12.4
release/1.11.8
backport/ashwin/recreate-token-docs/virtually-new-koi
catalog-service-list-filter
leadership-transfer-cmd
ui/node-engine
backport/kisunji/nomad-docs/weekly-hip-starling
backport/kisunji/nomad-docs/hugely-concise-crawdad
release/1.13.0
backport/consul-er-add-service-discovery-seo-doc/notably-social-koala
backport/kisunji/peering-tproxy-docs/truly-dominant-sawfly
kisunji/1.13.x-docs-cherrypick
docs/cluster-peering-beta
consul-docs-ia-redesign
backport/1.13.x/api-gw-docs
sa-restructure-documentation
fix-deregister-url-service-id
shutdown-test-agents
terminating-gateway-service
backport/nia/docs-0.7.0/rarely-dear-finch
terminating-gateway-service-base
backport/jkirschner-hashicorp-patch-1/reasonably-devoted-pheasant
ishustava/dns-proxy-poc
backport/ashwin/peer-count-metric/greatly-many-chimp
acpana/nonuser-peering-reg-3
backport/docs/remove-comparisons-from-ref-docs/definitely-direct-hyena
docs/cli-characteristics-and-crossref
test-linter
docs/clarify-network-area-mesh-gw-compatibility
backport/partition-cli-acl-info-and-api-crossref/hopefully-able-urchin
backport/david-yu-agent-latency-requirements/severely-ready-raccoon
backport/nicoleta-k8s-annotations/shortly-rested-duckling
backport/docs/deemphasize-token-query-param/reasonably-amusing-impala
backport/jkirschner-hashicorp-patch-3/seriously-living-squirrel
ui/scratch/empty-w-route
ui/scratch/empty
backport/docs/single-dc-multi-k8s/weekly-humorous-cricket
acpana/clean-peer-2
dstough/CSLC-130-restrict-terminating-gateway-access-to-tls
backport/jm/vault-docs-redesign/indirectly-logical-monitor
backport/support-fossa-scanning/externally-darling-dane
backport/support-fossa-scanning/actually-nearby-bream
backport/support-fossa-scanning/allegedly-fleet-donkey
backport/support-fossa-scanning/separately-exact-marlin
doc-fix-missing-fed-methods
release/1.12.3
release/1.10.12
release/1.11.7
backport/tgate-http2-upstream/merely-civil-mouse
backport/dns-parititon-docs/certainly-real-vulture
docs/cluster-peering-updates
backport/docs/fix-consul-ecs-tf-path/cleanly-happy-newt
docs-cluster-peering-technical-preview
backport/docs/correct-1.10.x-upgrade-path/hardly-ultimate-leopard
acpana/peering-imported-counter
more-lambda-docs-tweaks
acpana/no-19-metrics
backport/eculver/fix-pkg-name/firmly-holy-sole
backport/eculver/fix-pkg-name/mainly-modern-elk
CSLC-91-egress-connect-proxy-2
CSLC-91-egress-connect-proxy
eculver/missing-docs-changes
backport/david-yu-patch-2/nominally-viable-squirrel
backport/david-yu-patch-2/correctly-eternal-hamster
catalog_node_watch_fix
backport/david-yu-docs-cluster-peering/poorly-flying-leopard
david-yu-cluster-peering-docs-1-12
dyu-cluster-peering-fix-1-12
kisunji/temp
backport/docs/capigw-0.3/carefully-sharp-rattler
backport/docs/capigw-0.3/correctly-peaceful-muskrat
peering-upstream-annotation
release/1.13.0-alpha2
backport/david-yu-log-level-error/lightly-polite-porpoise
backport/david-yu-log-level-error/quickly-helping-ghoul
eculver/1.13.0-alpha1-changelog
backport/correct-redhat-tags/humbly-central-cricket
backport/correct-redhat-tags/promptly-intense-dodo
backport/correct-redhat-tags/sadly-deep-tiger
kisunji/serveraddrs-generate-token-req
release/1.13.0-alpha1
release/1.13.0-techpreview1
dstough/acl-for-destinations
fix-lambda-docs-spacing-bug
lambda-beta-docs
backport/dstough/fix-metrics-false-positive/ghastly-up-mole
backport/dstough/fix-metrics-false-positive/implicitly-integral-leech
backport/ui/feature/hcp/absolutely-mighty-mastiff
jkirschner-hashicorp-patch-2
backport/ma/vault-namespace-intermediate-provider-v2/positively-unified-aardvark
eculver/1.12.x/latest-changelog
ui/feature/fault-tolerance-link
release/1.12.2
CSLC-103-egress-gtwy-cert-tgtwy
fix_k8s_helm_docs_june
dstough/test-endpoint-service-query
backport/gh-13169-show-leader-metrics/fairly-worthy-redbird
backport/gh-13169-show-leader-metrics/formally-pleasing-pigeon
backport/gh-13169-show-leader-metrics/inherently-wealthy-lab
backport/gh-13169-show-leader-metrics/legally-winning-joey
backport/update_docs_multicluster_k8s/admittedly-decent-grubworm
backport/update_docs_multicluster_k8s/hideously-epic-tiger
kisunji/1.12.x-revert-pathescape
backport/dstough/add-noop-jobs-for-branch-protect/wildly-tight-ladybird
backport/dstough/add-noop-jobs-for-branch-protect/formerly-moving-monkey
backport/dstough/add-noop-jobs-for-branch-protect/uniformly-ideal-stallion
oss-merge-v2
backport/dstough/GH-12628-multiple-https-ingress-services/distinctly-charming-stork
backport/dstough/GH-12628-multiple-https-ingress-services/yearly-accepted-pipefish
lambda-docs
release/1.12.1
release/1.11.6
release/1.10.11
ui/scratch/side-app-example
fix-entpoint-get-500
fix-cherry-pick
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/reliably-dear-hen
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/partly-liberal-bluegill
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/merely-optimum-wahoo
CTIA-8-verify-builds-v2
backport/ui/bugfix/icon-tweaks/wrongly-quick-sunbird
backport/jm/0.44.0/wholly-saving-flea
backport/upstream-oss-merge/briefly-guided-quagga
dstough/GH-11250-system-ca-for-tgateways
backport/dev-image-publishing/willingly-literate-stag
kisunji/grpc-native-balancer
kisunji/merge-stable-website
backport/docs-nomad-ent/scarcely-thorough-anteater
backport/docs-nomad-ent/only-touched-mutt
backport/docs-nomad-ent/cheaply-guiding-sloth
release/1.9.x
david-yu-admin-partitions
kisunji/catalog-service-list-filter
ua-test/conflict-1
release/1.12.0
backport/nia/beta-docs-0.6.0/actively-tidy-mantis
backport/nia/beta-docs-0.6.0/evenly-humble-ray
backport/consul-k8s-docs-typo/firstly-present-hawk
backport/consul-k8s-docs-typo/largely-liked-badger
david-yu-edit-pr
backport/david-yu-enterprise-image/noticeably-brave-man
backport/david-yu-enterprise-image/wholly-welcome-platypus
vanphan24-patch-1
backport/docs/remove-empty-codeblockconfig-elements/severely-merry-newt
backport/docs/remove-empty-codeblockconfig-elements/daily-viable-oryx
backport/david-yu-admin-partitions/gradually-open-octopus
backport/david-yu-admin-partitions/deeply-fair-quagga
backport/david-yu-admin-partitions/eminently-awaited-porpoise
backport/david-yu-admin-partitions/typically-fast-shark
backport/david-yu-admin-partitions/jointly-ready-mole
docs-day
backport/docs/update-acl-docs/locally-happy-wasp
backport/docs/update-acl-docs/publicly-up-pony
docs/cli-breakout-positional-args
backport/docs/uri-decode-resource-names-for-http-api/early-neat-pipefish
backport/docs/uri-decode-resource-names-for-http-api/fairly-busy-mouse
backport/docs/consistency-mode-improvements/annually-united-iguana
backport/docs/consistency-mode-improvements/willingly-sterling-bluegill
backport/docs/consistency-mode-improvements/slowly-mint-bull
backport/docs/consistency-mode-improvements/implicitly-smart-jaguar
backport/docs/consistency-mode-improvements/mildly-wanted-slug
backport/docs/consistency-mode-improvements/nationally-key-swan
backport/david-yu-admin-partitions/officially-charming-orca
backport/david-yu-k8s-install-helm/trivially-intimate-aardvark
backport/david-yu-k8s-install-helm/normally-cool-fish
backport/david-yu-k8s-install-helm/notably-thorough-crow
backport/docs/redirect-acl-system-page/rapidly-awaited-bluegill
backport/docs/redirect-acl-system-page/similarly-smiling-kodiak
backport/docs/clarify-snapshot-restore-version-restriction/blindly-sure-buffalo
backport/docs/clarify-snapshot-restore-version-restriction/firstly-endless-eagle
dstough/gateway-linked-endpoint
backport/patch-1/humbly-helpful-poodle
backport/patch-1/loudly-up-hippo
backport/ma/x-forwarded-client-cert-docs-fix/extremely-definite-shark
backport/ma/x-forwarded-client-cert-docs-fix/repeatedly-fluent-filly
kisunji/replace-registry-pattern
retry-join-timeout
backport/docs/restore-missing-config-content/curiously-evolving-snail
backport/add-release-config-key/gradually-wanted-trout
backport/add-release-config-key/lightly-sterling-mongrel
backport/add-release-config-key/mentally-equal-wallaby
ui/bugfix/spelling
ma/vault-namespace-intermediate-provider
FFMMM-patch-1
backport/docs/restore-missing-config-content/eminently-definite-tick
lkysow/consul-plugin-exec
add-peering-changes
debug-sdk
japple/cherry-pick-1.11.x-release-notes
japple-rel-notes-reorg
kisunji/approval-button
jm-client-timeout
add-linter-net-rpc-2-test
ma/backport-stable-website
kisunji/merge-test
kisunji/temp-rpc-deadline
udp-check
jm/client-timeout-2
jm/client-timeout
dyu-relnotes
eculver/verify-release-artifacts
rboyer/add-linter-net-rpc
grpc-envoy-bootstrap-params-oss-test
consistent-error-handling
fix-syslog
eculver/envoy-1.21.1
release/1.9.17
release/1.10.10
release/1.11.5
jm/hcp-vault
docs/vault-connect-ca-namespace-improvements
jm/vault-wan-fed
community-12079
jm/test
jm/vault-wan-fed-2
jm/vault-gossip
fix-lambda-l7-routing
kisunji/pin-circleci-docker-version
eculver/auth-method-docs
docs/clarify-crd-tutorial
ma/move-enterprise-meta-try2-oss
release/1.12.0-beta1
jm/helm
clly/upgrade-vault-api
jm/helm-updates
release/1.8.x
evrowe-consul-ui-readme-update
backport/patch-1/forcibly-shining-javelin
backport/patch-1/properly-polished-condor
feature-negotiation-grpc-api
boxofrad/autoreload-merge
kisunji/cache-fix-test
docs/agent-config
bump-api
remove-gogo-getters
dnephin/docs-more-details-about-vault-provider
ffmmm/default-prom-s
test-no-disk
kisunji/rpc-shim
serverless-via-metadata
ui/feature/fix-auth-method-views
dnephin/remove-lib-translate-keys-attempt-2
dnephin/acl-resolver-6
dnephin/rpc-metrics
docs/clarify-connect-language
david-yu-bump-envoy
zs.test-placeholder-page-removal
release/1.9.16
release/1.10.9
release/1.11.4
case-insensitive-node-names-acl-checks
kisunji/fix-stable-website
gw-xds-handling-eventual-consistency
pcmccarron-patch-1
jm/vault-ent-license
ui/chore/ci/1.11.x
dnephin/docs-day-acl-overview
david-yu-release-note
dnephin/http-struct-interfaces
ishustava/auth-method-secondary-dc
sm/add-goarm-to-main
tgw/resolver-query-fix-1-9
tgw/resolver-query-fix-1-10
tgw/resolver-query-fix
david-yu-bug-report
dnephin/prefix-overlap-watches
release/1.11.3
release/1.9.15
release/1.10.8
boxofrad/upgrade-grpc
boxofrad/spike-catalog-write-rate-limit
dnephin/acl-resolve-token-5
lkysow/serverless-via-metadata
ui/bugfix/2-instance-1-proxy
gha-basic-artifact-validation
add-docs-for-anno
cts-ls-test-docs
external-services
ma/resource-listing
dnephin/ca-remove-unused-fields
dnephin/acl-resolve-token-4
dep/raft-boltdb
blake/support-qname-minimization-6579
copy-working-file
sarah-test
add-missing-consul-env-file
kisunji/assetfs-merge-ci
blake/ingress-no-dnsname-port-gh-11092
david-yu-patch-1
brk.check-link-follow-redirect
cts-deprecate-port-option
boxofrad/streaming-contention-simple-semaphore
urldecode-url-query-params-part-1
update_gen_meta-2
update_gen_meta-1
update_gen_meta
kisunji/small-testfix
fix-broken-dockerfile-sam
boxofrad/streaming-contention-experiment
boxofrad/streaming-contention-close-in-goroutine
boxofrad/streaming-contention-next-fast-path
boxofrad/streaming-contention-semaphore-wakeup
release/1.11.2
release/1.10.7
release/1.9.14
dnephin/docs-day-acl-move-rules-table
docs/tables-instead-of-lists
Amier3-patch-1
clarify-hcl-cli
docs/fix-exported-services
kisunji/upgrade-warning
dnephin/docs-day-acl-move-config-ref
blake/1.11-oidc-ui-nspace-fix
add-patches
ma/ipv6-robustness-fixes
refactor-add-patches
kisunji/more-ent-test-fixes
ui/chore/remove-tooltip-component
ui/bugfix/fixup-routlets
blake/fix-kv-import-folder-prefix-10906
release/1.10.6
release/1.9.13
release/1.8.19
release/1.11.1
ui/bugfix/403-partitions-endpoint
release/1.11.0
release/1.9.12
release/1.8.18
release/1.10.5
boxofrad/fix-changelog-pr-links
improve-intention-error-messages
ap/main-docs
ap/exports-docs
terminating-gateway-overrides
kisunji/go1.17.4
release/1.11.0-rc
partition/session-test-kvs-endpoint
ishustava/vault-k8s-docs
boxofrad/rename-master-acl-tokens-internally
loadtest-test
brk.feat/mdx-v2
revert-11692-cherry-pick-fix
cherry-pick-fix
cherry-pick-merge
dnephin/ca-cluster-id
dnephin/ca-cluster-id-2
dnephin/catalog-service-list-filter
agent/tls-types
ishustava/debug-mesh-gw-test
ffmmm/b-10871
release/1.11.0-beta3
release/1.9.11
release/1.8.17
release/1.10.4
ma/typo-fix
ma/md5_fix_oss
release/1.11.0-beta2
ui/scratch/storybook-overlord
dnephin/deprecate-verify-incoming
crt-consul-migration
dnephin/acl-resolver-7
ui/scratch/light-sshhhhh
revert-11376-leadership-transfer-onleave
ui/backport/1.8.x/11328
crt-migration-build-flags
add_build_ui
dnephin/ca-manager-move-to-new-package-2
dnephin/ca-manager-move-to-new-package
kisunji/fix-stable-website-2
release/1.11.0-beta1
tagged-addrs
dnephin/conn-pool-docs
backport/1.11.x/11107
release/1.11.0-alpha
raft-tls-include-intermediates
release/1.10.2
release/1.9.9
release/1.8.15
docs/update-wan-fed-mesh-gateway-guide
docs/consul-snapshot-agent-kms-policy-4369
dhia/ca-cas-config-refactor
dnephin/secure-defaults
release/1.10.1
release/1.9.8
release/1.8.14
mirror-to-ent
release/1.10.1-beta1
website/1.10.0
release/1.10.0
release/1.8.13
release/1.9.7
release/1.10.0-rc2
release/1.10.0-rc
dnephin/agent-setup-user-event-handler
dnephin/cleanup-ae
dnephin/fix-serf-tag-data-race
release/1.10.0-beta4
release/1.9.6
release/1.8.12
release/1.8.11
release/1.7.x
release/1.10.0-beta3
release/1.8.11-beta2
dnephin/move-dns-server-to-apiServers
release/1.8.11-beta1
envoy-crash-help
release/1.6.x
release/1.10.0-beta2
reach
dnephin/ci-handle-ent-differences
dnephin/structs-proxy-defaults-remove-name-field
release/1.10.0-beta1
release/1.9.5
release/1.7.14
release/1.8.10
bny-custom-04052021
health-prefer-connect
release/1.10.0-alpha
release/1.9.4
release/1.8.9
release/1.7.13
release/1.8.9-beta1
release/1.9.3
mgw-wanfed-hard-network-partition
release/1.7.12
release/1.8.8
release/1.9.2
km.vercel-config
release/1.9.1
release/1.8.7
release/1.7.11
m1-investigate
wasm-filters
rboyer/hack-neo
release/1.8.7-beta1
dnephin/cleanup-ae-3
dnephin/cleanup-ae-2
release/1.9.0
release/1.6.10
release/1.8.6
release/1.7.10
release/1.9.0-rc1
release/1.9.0-beta3
release/1.9.0-beta2
correct-acl-hash-replication
test/load-test-lambda
release/1.7.9
release/1.8.5
nia_resize_image
dnephin/enable-logging-color
ui/feature/ui-config-dashboard-urls
only_async_trigger_changes
ui/chore/standardize-statechart-yield
scratch/data-source-metrics
no-change-cache
add-ui-checker
release/1.8.4
release/1.7.8
release/1.6.9
release/1.8.2
release/1.7.6
feature/acl-replication-status
k8s_healthcheck
release/1.8.1
release/1.7.5
release/1.6.7
blake/v1.8.0-ingress-websocket-fix
release/1.8.0
1.14.0-beta1
1.6.2
streaming-rpc
disco-retain-details
hack-deploy
docs/k8s-deployment
x/streaming-v2
x/bench-catalog
x/singleflight
service-tags-upgrade-fix
fix-leaf-timeout
mrktfix18
v1.11.0-beta2
v1.11.0-beta1
v1.10.3
v1.9.10
v1.8.16
v1.11.0-alpha
v1.10.2
v1.8.15
v1.9.9
v1.9.8
v1.8.14
v1.10.1
v1.10.1-beta1
v1.10.0
v1.9.7
v1.8.13
v1.10.0-rc2
v1.10.0-rc
v1.10.0-beta4
v1.9.6
v1.8.12
v1.8.11
v1.10.0-beta3
v1.8.11-beta2
v1.8.11-beta1
v1.10.0-beta2
v1.10.0-beta1
v1.7.14
v1.8.10
v1.9.5
v1.10.0-alpha
v1.9.4
v1.8.9
v1.7.13
v1.8.9-beta1
v1.9.3
v1.7.12
v1.8.8
v1.9.2
v1.9.1
v1.8.7
v1.7.11
v1.8.7-beta1
v1.9.0
v1.6.10
v1.7.10
v1.8.6
v1.9.0-rc1
v1.9.0-beta3
v1.9.0-beta2
v1.7.9
v1.8.5
v1.9.0-beta1
v1.8.4
v1.6.9
v1.7.8
v1.7.7
v1.8.3
v1.6.8
v1.7.6
v1.8.2
v1.8.1
v1.6.7
v1.7.5
v1.8.0
v1.8.0-rc1
v1.7.4
v1.6.6
v1.8.0-beta2
v1.8.0-beta1
v1.7.3
v1.6.5
v1.7.2
v1.6.4
v1.7.1
v1.7.0
api/v1.4.0
sdk/v0.4.0
v1.7.0-beta4
v1.6.3
v1.7.0-beta3
v1.7.0-beta2
v1.7.0-beta1
v1.6.2
v1.6.1
v1.6.0
v1.6.0-rc1
v1.6.0-beta3
v1.5.3
v1.6.0-beta2
v1.6.0-beta1
v1.5.2
v1.5.1
v1.4.5
v1.5.0
api/v1.0.1
sdk/v0.1.0
api/v1.0.0
internal/v0.1.0
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.2.4
v1.4.0
v1.3.1
v1.4.0-rc1
v1.3.0
v1.2.3
v1.2.2
v1.2.1
v1.2.0
v1.1.0
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
v1.0.1-rc1
v1.0.0
v1.0.0-beta2
v1.0.0-beta1
v0.9.3
v0.9.3-rc2
v0.9.3-rc1
v0.9.2
v0.9.1
v0.9.0
v0.9.0-rc1
v0.8.5
v0.8.4
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.8.0-rc1
v0.7.5
v0.7.4
v0.7.3
v0.7.2
v0.7.2-rc1
v0.7.1
v0.7.0
v0.7.0-rc2
v0.7.0-rc1
v0.6.4
v0.6.4-rc3
v0.6.4-rc2
v0.6.4-rc1
v0.6.3
v0.6.2
v0.6.1
v0.6.0
v0.6.0-rc2
v0.6.0-rc1
api/v1.1.0
api/v1.10.0
api/v1.10.1
api/v1.11.0
api/v1.12.0
api/v1.13.0
api/v1.13.1
api/v1.14.0
api/v1.15.0
api/v1.15.1
api/v1.15.2
api/v1.15.3
api/v1.16.0
api/v1.17.0
api/v1.18.0
api/v1.18.1
api/v1.18.2
api/v1.19.0
api/v1.19.1
api/v1.19.2
api/v1.2.0
api/v1.20.0
api/v1.21.0
api/v1.21.1
api/v1.21.2
api/v1.21.3
api/v1.21.4
api/v1.22.0
api/v1.22.0-rc1
api/v1.23.0
api/v1.24.0
api/v1.25.0
api/v1.25.1
api/v1.26.0-rc1
api/v1.26.1
api/v1.26.1-rc1
api/v1.27.0
api/v1.27.1
api/v1.27.2
api/v1.28.0
api/v1.28.0-rc1
api/v1.28.1
api/v1.28.2
api/v1.28.3
api/v1.28.4
api/v1.28.5
api/v1.29.0
api/v1.29.1
api/v1.29.2
api/v1.29.3
api/v1.29.4
api/v1.29.5
api/v1.29.5-rc1
api/v1.29.6
api/v1.3.0
api/v1.30.0
api/v1.5.0
api/v1.6.0
api/v1.7.0
api/v1.8.0
api/v1.8.1
api/v1.9.0
api/v1.9.1
ent-changelog-1.15.11
ent-changelog-1.15.12
ent-changelog-1.15.13
ent-changelog-1.15.14
ent-changelog-1.15.15
ent-changelog-1.16.7
ent-changelog-1.16.8
ent-changelog-1.17.4
ent-changelog-1.17.5
ent-changelog-1.17.6
ent-changelog-1.17.7
ent-changelog-1.18.3
ent-changelog-1.18.4
ent-changelog-1.18.5
ent-changelog-1.19.3
envoyextensions/v0.1.0
envoyextensions/v0.1.1
envoyextensions/v0.1.2
envoyextensions/v0.2.0
envoyextensions/v0.2.1
envoyextensions/v0.2.2
envoyextensions/v0.2.3
envoyextensions/v0.2.4
envoyextensions/v0.3.0
envoyextensions/v0.3.0-rc1
envoyextensions/v0.4.0
envoyextensions/v0.4.1
envoyextensions/v0.5.0-rc1
envoyextensions/v0.5.1
envoyextensions/v0.5.1-rc1
envoyextensions/v0.5.2
envoyextensions/v0.5.3
envoyextensions/v0.5.4
envoyextensions/v0.6.0
envoyextensions/v0.6.0-rc1
envoyextensions/v0.6.1
envoyextensions/v0.6.2
envoyextensions/v0.7.0
envoyextensions/v0.7.1
envoyextensions/v0.7.2
envoyextensions/v0.7.3
envoyextensions/v0.7.4
envoyextensions/v0.7.4-rc1
envoyextensions/v0.7.5
envoyextensions/v0.7.6
list
proto-public/v0.1.0
proto-public/v0.1.1
proto-public/v0.2.0
proto-public/v0.2.1
proto-public/v0.3.0
proto-public/v0.4.0
proto-public/v0.4.0-rc1
proto-public/v0.4.1
proto-public/v0.5.0-rc1
proto-public/v0.5.1
proto-public/v0.5.1-rc1
proto-public/v0.5.2
proto-public/v0.5.3
proto-public/v0.5.4-rc1
proto-public/v0.6.0
proto-public/v0.6.0-rc1
proto-public/v0.6.1
proto-public/v0.6.2
proto-public/v0.6.3
sdk/v0.1.1
sdk/v0.10.0
sdk/v0.11.0
sdk/v0.12.0
sdk/v0.13.0
sdk/v0.13.1
sdk/v0.14.0
sdk/v0.14.0-rc1
sdk/v0.14.1
sdk/v0.14.2-rc1
sdk/v0.14.3-rc1
sdk/v0.15.0
sdk/v0.15.1
sdk/v0.16.0
sdk/v0.16.0-rc1
sdk/v0.16.1
sdk/v0.2.0
sdk/v0.3.0
sdk/v0.5.0
sdk/v0.6.0
sdk/v0.7.0
sdk/v0.8.0
sdk/v0.9.0
stable-website-pre-1.12.0-force-push
troubleshoot/v0.1.0
troubleshoot/v0.1.1
troubleshoot/v0.1.2
troubleshoot/v0.2.0
troubleshoot/v0.2.1
troubleshoot/v0.2.2
troubleshoot/v0.3.0
troubleshoot/v0.3.0-rc1
troubleshoot/v0.3.1
troubleshoot/v0.4.0-rc1
troubleshoot/v0.4.1
troubleshoot/v0.4.1-rc1
troubleshoot/v0.5.0
troubleshoot/v0.5.1
troubleshoot/v0.5.2
troubleshoot/v0.5.3
troubleshoot/v0.5.4
troubleshoot/v0.6.0
troubleshoot/v0.6.0-rc1
troubleshoot/v0.6.1
troubleshoot/v0.6.2
troubleshoot/v0.6.3
troubleshoot/v0.6.5
troubleshoot/v0.7.0
troubleshoot/v0.7.1
troubleshoot/v0.7.2
troubleshoot/v0.7.2-rc1
troubleshoot/v0.7.3
v0.1.0
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.5.0
v0.5.0rc1
v0.5.1
v0.5.2
v0.9.4
v1.0.8
v1.1.1
v1.10.10
v1.10.11
v1.10.12
v1.10.4
v1.10.5
v1.10.6
v1.10.7
v1.10.8
v1.10.9
v1.11.0
v1.11.0-beta3
v1.11.0-rc
v1.11.1
v1.11.10
v1.11.11
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.11.8
v1.11.9
v1.12.0
v1.12.0-beta1
v1.12.1
v1.12.2
v1.12.3
v1.12.4
v1.12.5
v1.12.6
v1.12.7
v1.12.8
v1.12.9
v1.13.0
v1.13.0-alpha1
v1.13.0-alpha2
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.13.6
v1.13.7
v1.13.8
v1.13.9
v1.14.0
v1.14.0-beta1
v1.14.1
v1.14.10
v1.14.11
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.14.7
v1.14.8
v1.14.9
v1.15.0
v1.15.1
v1.15.10
v1.15.11
v1.15.2
v1.15.3
v1.15.4
v1.15.5
v1.15.6
v1.15.7
v1.15.8
v1.15.9
v1.16.0
v1.16.0-rc1
v1.16.1
v1.16.2
v1.16.3
v1.16.4
v1.16.5
v1.16.6
v1.16.7
v1.17.0
v1.17.0-rc1
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.18.0
v1.18.0-rc1
v1.18.1
v1.18.2
v1.19.0
v1.19.1
v1.19.2
v1.20.0
v1.20.0-rc1
v1.20.1
v1.8.17
v1.8.18
v1.8.19
v1.9.11
v1.9.12
v1.9.13
v1.9.14
v1.9.15
v1.9.16
v1.9.17
${ noResults }
172 Commits (029ac10acc45eaa1f33c4c9ea38bd852ab8930fc)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Daniel Nephin
|
f4a35dfd84 |
ci: Do not skip tests because of missing binaries on CI
If the CI environment is not correct for running tests the tests should fail, so that we don't accidentally stop running some tests because of a change to our CI environment. Also removed a duplicate delcaration from init. I believe one was overriding the other as they are both in the same package. |
5 years ago |
|
Hans Hasselberg
|
6739fe6e83
|
connect: add validations around intermediate cert ttl (#7213)
|
5 years ago |
|
R.B. Boyer
|
8c596953b0
|
agent: ensure that we always use the same settings for msgpack (#7245)
We set RawToString=true so that []uint8 => string when decoding an interface{}.
We set the MapType so that map[interface{}]interface{} decodes to map[string]interface{}.
Add tests to ensure that this doesn't break existing usages.
Fixes #7223
|
5 years ago |
|
Chris Piraino
|
401221de58
|
Allow users to configure either unstructured or JSON logging (#7130)
* hclog Allow users to choose between unstructured and JSON logging |
5 years ago |
|
Matt Keeler
|
c09693e545
|
Updates to Config Entries and Connect for Namespaces (#7116)
|
5 years ago |
|
Hans Hasselberg
|
82c556d1be
|
connect: use correct subject key id for leaf certificates. (#7091)
|
5 years ago |
|
R.B. Boyer
|
e2eb9f0585
|
test: ensure we don't ask vault to sign a leaf that outlives its CA when acting as a secondary (#7100)
|
5 years ago |
|
Hans Hasselberg
|
804eb17094
|
connect: check if intermediate cert needs to be renewed. (#6835)
Currently when using the built-in CA provider for Connect, root certificates are valid for 10 years, however secondary DCs get intermediates that are valid for only 1 year. There is no mechanism currently short of rotating the root in the primary that will cause the secondary DCs to renew their intermediates. This PR adds a check that renews the cert if it is half way through its validity period. In order to be able to test these changes, a new configuration option was added: IntermediateCertTTL which is set extremely low in the tests. |
5 years ago |
|
Hans Hasselberg
|
87f32c8ba6
|
auto_encrypt: set dns and ip san for k8s and provide configuration (#6944)
* Add CreateCSRWithSAN * Use CreateCSRWithSAN in auto_encrypt and cache * Copy DNSNames and IPAddresses to cert * Verify auto_encrypt.sign returns cert with SAN * provide configuration options for auto_encrypt dnssan and ipsan * rename CreateCSRWithSAN to CreateCSR |
5 years ago |
|
R.B. Boyer
|
10f04a8c4a |
connect: derive connect certificate serial numbers from a memdb index instead of the provider table max index (#7011)
|
5 years ago |
|
Paul Banks
|
cd1b613352
|
connect: Add AWS PCA provider (#6795)
* Update AWS SDK to use PCA features. * Add AWS PCA provider * Add plumbing for config, config validation tests, add test for inheriting existing CA resources created by user * Unparallel the tests so we don't exhaust PCA limits * Merge updates * More aggressive polling; rate limit pass through on sign; Timeout on Sign and CA create * Add AWS PCA docs * Fix Vault doc typo too * Doc typo * Apply suggestions from code review Co-Authored-By: R.B. Boyer <rb@hashicorp.com> Co-Authored-By: kaitlincarter-hc <43049322+kaitlincarter-hc@users.noreply.github.com> * Doc fixes; tests for erroring if State is modified via API * More review cleanup * Uncomment tests! * Minor suggested clean ups |
5 years ago |
|
Paul Banks
|
d7329097b2
|
Change CA Configure struct to pass Datacenter through (#6775)
* Change CA Configure struct to pass Datacenter through * Remove connect/ca/plugin as we don't have immediate plans to use it. We still intend to one day but there are likely to be several changes to the CA provider interface before we do so it's better to rebuild from history when we do that work properly. * Rename PrimaryDC; fix endpoint in secondary DCs |
5 years ago |
|
Paul Banks
|
b621910618
|
Support Connect CAs that can't cross sign (#6726)
* Support Connect CAs that can't cross sign * revert spurios mod changes from make tools * Add log warning when forcing CA rotation * Fixup SupportsCrossSigning to report errors and work with Plugin interface (fixes tests) * Fix failing snake_case test * Remove misleading comment * Revert "Remove misleading comment" This reverts commit bc4db9cabed8ad5d0e39b30e1fe79196d248349c. * Remove misleading comment * Regen proto files messed up by rebase |
5 years ago |
|
Paul Banks
|
45d57ca601
|
connect: Allow CA Providers to store small amount of state (#6751)
* pass logger through to provider * test for proper operation of NeedsLogger * remove public testServer function * Ooops actually set the logger in all the places we need it - CA config set wasn't and causing segfault * Fix all the other places in tests where we set the logger * Allow CA Providers to persist some state * Update CA provider plugin interface * Fix plugin stubs to match provider changes * Update agent/connect/ca/provider.go Co-Authored-By: R.B. Boyer <rb@hashicorp.com> * Cleanup review comments |
5 years ago |
|
Todd Radel
|
29b5253154 |
connect: Implement NeedsLogger interface for CA providers (#6556)
* add NeedsLogger to Provider interface * implements NeedsLogger in default provider * pass logger through to provider * test for proper operation of NeedsLogger * remove public testServer function * Switch test to actually assert on logging output rather than reflection. --amend * Ooops actually set the logger in all the places we need it - CA config set wasn't and causing segfault * Fix all the other places in tests where we set the logger * Add TODO comment |
5 years ago |
|
Todd Radel
|
54f92e2924 |
Make all Connect Cert Common Names valid FQDNs (#6423)
|
5 years ago |
|
Paul Banks
|
87699eca2f
|
Fix support for RSA CA keys in Connect. (#6638)
* Allow RSA CA certs for consul and vault providers to correctly sign EC leaf certs. * Ensure key type ad bits are populated from CA cert and clean up tests * Add integration test and fix error when initializing secondary CA with RSA key. * Add more tests, fix review feedback * Update docs with key type config and output * Apply suggestions from code review Co-Authored-By: R.B. Boyer <rb@hashicorp.com> |
5 years ago |
|
Matt Keeler
|
28221f66f2
|
Use encoding/json instead of jsonpb even for protobuf types (#6572)
This only works so long as we use simplistic protobuf types. Constructs such as oneof or Any types that require type annotations for decoding properly will fail hard but that is by design. If/when we want to use any of that we will probably need to consider a v2 API. |
5 years ago |
|
Matt Keeler
|
abed91d069
|
Generate JSON and Binary Marshalers for Protobuf Types (#6564)
* Add JSON and Binary Marshaler Generators for Protobuf Types * Generate files with the correct version of gogo/protobuf I have pinned the version in the makefile so when you run make tools you get the right version. This pulls the version out of go.mod so it should remain up to date. The version at the time of this commit we are using is v1.2.1 * Fixup some shell output * Update how we determine the version of gogo This just greps the go.mod file instead of expecting the go mod cache to already be present * Fixup vendoring and remove no longer needed json encoder functions |
5 years ago |
|
R.B. Boyer
|
af01d397a5
|
connect: don't colon-hex-encode the AuthorityKeyId and SubjectKeyId fields in connect certs (#6492)
The fields in the certs are meant to hold the original binary representation of this data, not some ascii-encoded version. The only time we should be colon-hex-encoding fields is for display purposes or marshaling through non-TLS mediums (like RPC). |
5 years ago |
|
R.B. Boyer
|
796de297c8
|
connect: intermediate CA certs generated with the vault provider lack URI SANs (#6491)
This only affects vault versions >=1.1.1 because the prior code accidentally relied upon a bug that was fixed in https://github.com/hashicorp/vault/pull/6505 The existing tests should have caught this, but they were using a vendored copy of vault version 0.10.3. This fixes the tests by running an actual copy of vault instead of an in-process copy. This has the added benefit of changing the dependency on vault to just vault/api. Also update VaultProvider to use similar SetIntermediate validation code as the ConsulProvider implementation. |
5 years ago |
|
Matt Keeler
|
51dcd126b7
|
Add support for implementing new requests with protobufs instea… (#6502)
* Add build system support for protobuf generation This is done generically so that we don’t have to keep updating the makefile to add another proto generation. Note: anything not in the vendor directory and with a .proto extension will be run through protoc if the corresponding namespace.pb.go file is not up to date. If you want to rebuild just a single proto file you can do so with: make proto-rebuild PROTOFILES=<list of proto files to rebuild> Providing the PROTOFILES var will override the default behavior of finding all the .proto files. * Start adding types to the agent/proto package These will be needed for some other work and are by no means comprehensive. * Add ability to resolve/fixup the agentpb.ACLLinks structure in the state store. * Use protobuf marshalling of raft requests instead of msgpack for protoc generated types. This does not change any encoding of existing types. * Removed structs package automatically encoding with protobuf marshalling Instead the caller of raftApply that wants to opt-in to protobuf encoding will have to call `raftApplyProtobuf` * Run update-vendor to fixup modules.txt Nothing changed as far as dependencies go but the ordering of modules in that file depends on the time they are first seen and its not alphabetical. * Rename some things and implement the structs.RPCInfo interface bits agentpb.QueryOptions and agentpb.WriteRequest implement 3 of the 4 RPCInfo funcs and the new TargetDatacenter message type implements the fourth. * Use the right encoding function. * Renamed agent/proto package to agent/agentpb to prevent package name conflicts * Update modules.txt to fix ordering * Change blockingQuery to take in interfaces for the query options and meta * Add %T to error output. * Add/Update some comments |
5 years ago |
|
Alvin Huang
|
c516fabfac
|
revert commits on master (#6413)
|
5 years ago |
|
tradel
|
9b1ac4e7ef |
add subject names to issued certs
|
5 years ago |
|
tradel
|
82ae7caf3e |
Added DC and domain args to Configure method
|
5 years ago |
|
R.B. Boyer
|
561b2fe606
|
connect: generate the full SNI names for discovery targets in the compiler rather than in the xds package (#6340)
|
5 years ago |
|
Paul Banks
|
e87cef2bb8 |
Revert "connect: support AWS PCA as a CA provider" (#6251)
This reverts commit
|
5 years ago |
|
Todd Radel
|
3497b7c00d
|
connect: support AWS PCA as a CA provider (#6189)
Port AWS PCA provider from consul-ent |
5 years ago |
|
Todd Radel
|
2552f4a11a
|
connect: Support RSA keys in addition to ECDSA (#6055)
Support RSA keys in addition to ECDSA |
5 years ago |
|
Christian Muehlhaeuser
|
7753b97cc7 |
Simplified code in various places (#6176)
All these changes should have no side-effects or change behavior: - Use bytes.Buffer's String() instead of a conversion - Use time.Since and time.Until where fitting - Drop unnecessary returns and assignment |
5 years ago |
|
Hans Hasselberg
|
33a7df3330
|
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients (#5597)
|
6 years ago |
|
R.B. Boyer
|
f4a3b9d518
|
fix typos reported by golangci-lint:misspell (#5434)
|
6 years ago |
|
R.B. Boyer
|
409c901f8e |
test: fix concurrent map access when setting up test vault
|
6 years ago |
|
R.B. Boyer
|
c7067645dd |
fix a few leap-year related clock math inaccuracies and failing tests
|
6 years ago |
|
Kyle Havlovitz
|
29e4c17b07
|
connect/ca: fix a potential panic in the Consul provider
|
6 years ago |
|
Kyle Havlovitz
|
a28ba4687d
|
connect/ca: return a better error message if the CA isn't fully initialized when signing
|
6 years ago |
|
Hans Hasselberg
|
067027230b
|
connect: add tls config for vault connect ca provider (#5125)
* add tlsconfig for vault connect ca provider. * add options to the docs * add tests for new configuration |
6 years ago |
|
Mitchell Hashimoto
|
f76022fa63 |
CA Provider Plugins (#4751)
This adds the `agent/connect/ca/plugin` library for consuming/serving Connect CA providers as [go-plugin](https://github.com/hashicorp/go-plugin) plugins. This **does not** wire this up in any way to Consul itself, so this will not enable using these plugins yet. ## Why? We want to enable CA providers to be pluggable without modifying Consul so that any CA or PKI system can potentially back the Connect certificates. This CA system may also be used in the future for easier bootstrapping and internal cluster security. ### go-plugin The benefit of `go-plugin` is that for the plugin consumer, the fact that the interface implementation is communicating over multi-process RPC is invisible. Internals of Consul will continue to just use `ca.Provider` interface implementations as if they're local. For plugin _authors_, they simply have to implement the interface. The network/transport/process management issues are handled by go-plugin itself. The CA provider plugins support both `net/rpc` and gRPC transports. This enables easy authoring in any language. go-plugin handles the actual protocol handshake and connection. This is just a feature of go-plugin. `go-plugin` is already in production use for years by Packer, Terraform, Nomad, Vault, and Sentinel. We've shown stability for both desktop and server-side software. It is very mature. ## Implementation Details ### `map[string]interface{}` The `Configure` method passes a `map[string]interface{}`. This map contains only Go primitives and containers of primitives (no funcs, chans, etc.). For `net/rpc` we encode as-is using Gob. For gRPC we marshal to JSON and transmit as a `bytes` type. This is the same approach we take with Vault and other software. Note that this is just the transport protocol, the end software views it fully decoded. ### `x509.Certificate` and `CertificateRequest` We transmit the raw ASN.1 bytes and decode on the other side. Unit tests are verifying we get the same cert/csrs across the wire. ### Testing `go-plugin` exposes test helpers that enable testing the full plugin RPC over real loopback network connections. We test all endpoints for success and error for both `net/rpc` and gRPC. ### Vendoring This PR doesn't introduce vendoring for two reasons: 1. @banks's `f-envoy` branch introduces a lot of these and I didn't want conflict. 2. The library isn't actually used yet so it doesn't introduce compile-time errors (it does introduce test errors). ## Next Steps With this in place, we need to figure out the proper way to actually hook these up to Consul, load them, etc. This discussion can happen elsewhere, since regardless of approach this plugin library implementation is the exact same. |
6 years ago |
|
Kyle Havlovitz
|
e8dd89359a
|
agent: fix formatting
|
6 years ago |
|
Aestek
|
25f04fbd21 |
[Security] Add finer control over script checks (#4715)
* Add -enable-local-script-checks options These options allow for a finer control over when script checks are enabled by giving the option to only allow them when they are declared from the local file system. * Add documentation for the new option * Nitpick doc wording |
6 years ago |
|
Kyle Havlovitz
|
57deb28ade |
connect/ca: tighten up the intermediate signing verification
|
6 years ago |
|
Kyle Havlovitz
|
2919519665 |
connect/ca: add intermediate functions to Vault ca provider
|
6 years ago |
|
Kyle Havlovitz
|
52e8652ac5 |
connect/ca: add intermediate functions to Consul CA provider
|
6 years ago |
|
Kyle Havlovitz
|
d515d25856
|
Merge pull request #4644 from hashicorp/ca-refactor
connect/ca: rework initialization/root generation in providers |
6 years ago |
|
Paul Banks
|
74f2a80a42
|
Fix CA pruning when CA config uses string durations. (#4669)
* Fix CA pruning when CA config uses string durations.
The tl;dr here is:
- Configuring LeafCertTTL with a string like "72h" is how we do it by default and should be supported
- Most of our tests managed to escape this by defining them as time.Duration directly
- Out actual default value is a string
- Since this is stored in a map[string]interface{} config, when it is written to Raft it goes through a msgpack encode/decode cycle (even though it's written from server not over RPC).
- msgpack decode leaves the string as a `[]uint8`
- Some of our parsers required string and failed
- So after 1 hour, a default configured server would throw an error about pruning old CAs
- If a new CA was configured that set LeafCertTTL as a time.Duration, things might be OK after that, but if a new CA was just configured from config file, intialization would cause same issue but always fail still so would never prune the old CA.
- Mostly this is just a janky error that got passed tests due to many levels of complicated encoding/decoding.
tl;dr of the tl;dr: Yay for type safety. Map[string]interface{} combined with msgpack always goes wrong but we somehow get bitten every time in a new way :D
We already fixed this once! The main CA config had the same problem so @kyhavlov already wrote the mapstructure DecodeHook that fixes it. It wasn't used in several places it needed to be and one of those is notw in `structs` which caused a dependency cycle so I've moved them.
This adds a whole new test thta explicitly tests the case that broke here. It also adds tests that would have failed in other places before (Consul and Vaul provider parsing functions). I'm not sure if they would ever be affected as it is now as we've not seen things broken with them but it seems better to explicitly test that and support it to not be bitten a third time!
* Typo fix
* Fix bad Uint8 usage
|
6 years ago |
|
Kyle Havlovitz
|
5c7fbc284d |
connect/ca: hash the consul provider ID and include isRoot
|
6 years ago |
|
Kyle Havlovitz
|
c112a72880
|
connect/ca: some cleanup and reorganizing of the new methods
|
6 years ago |
|
Kyle Havlovitz
|
546bdf8663
|
connect/ca: add Configure/GenerateRoot to provider interface
|
6 years ago |
|
Siva Prasad
|
288d350a73
|
Revert "CA initialization while boostrapping and TestLeader_ChangeServerID fix." (#4497)
* Revert "BUGFIX: Unit test relying on WaitForLeader() did not work due to wrong test (#4472)" This reverts commit |
6 years ago |
|
Siva Prasad
|
589b589b53
|
CA initialization while boostrapping and TestLeader_ChangeServerID fix. (#4493)
* connect: fix an issue with Consul CA bootstrapping being interrupted * streamline change server id test |
6 years ago |
|
Kyle Havlovitz
|
f67a4d59c0
|
connect/ca: simplify passing of leaf cert TTL
|
6 years ago |
|
Kyle Havlovitz
|
ce10de036e
|
connect/ca: check LeafCertTTL when rotating expired roots
|
6 years ago |
|
Kyle Havlovitz
|
d6ca015a42
|
connect/ca: add configurable leaf cert TTL
|
6 years ago |
|
Matt Keeler
|
677d6dac80 |
Remove x509 name constraints
These were only added as SPIFFE intends to use the in the future but currently does not mandate their usage due to patch support in common TLS implementations and some ambiguity over how to use them with URI SAN certificates. We included them because until now everything seem fine with it, however we've found the latest version of `openssl` (1.1.0h) fails to validate our certificats if its enabled. LibreSSL as installed on OS X by default doesn’t have these issues. For now it's most compatible not to have them and later we can find ways to add constraints with wider compatibility testing. |
7 years ago |
|
Kyle Havlovitz
|
8c2c9705d9 |
connect/ca: use weak type decoding in the Vault config parsing
|
7 years ago |
|
Kyle Havlovitz
|
050da22473 |
connect/ca: undo the interface changes and use sign-self-issued in Vault
|
7 years ago |
|
Kyle Havlovitz
|
914d9e5e20 |
connect/ca: add leaf verify check to cross-signing tests
|
7 years ago |
|
Kyle Havlovitz
|
bc997688e3 |
connect/ca: update Consul provider to use new cross-sign CSR method
|
7 years ago |
|
Kyle Havlovitz
|
8a70ea64a6 |
connect/ca: update Vault provider to add cross-signing methods
|
7 years ago |
|
Kyle Havlovitz
|
6a2fc00997 |
connect/ca: add URI SAN support to the Vault provider
|
7 years ago |
|
Kyle Havlovitz
|
226a59215d |
connect/ca: fix vault provider URI SANs and test
|
7 years ago |
|
Kyle Havlovitz
|
1a8ac686b2 |
connect/ca: add the Vault CA provider
|
7 years ago |
|
Paul Banks
|
51fc48e8a6 |
Sign certificates valid from 1 minute earlier to avoid failures caused by clock drift
|
7 years ago |
|
Paul Banks
|
e514570dfa |
Actually return Intermediate certificates bundled with a leaf!
|
7 years ago |
|
Kyle Havlovitz
|
ab4a9a94f4
|
Re-use uint8ToString
|
7 years ago |
|
Kyle Havlovitz
|
5683d628c4
|
Support giving the duration as a string in CA config
|
7 years ago |
|
Paul Banks
|
b4803eca59
|
Generate CSR using real trust-domain
|
7 years ago |
|
Paul Banks
|
c1f2025d96
|
Return TrustDomain from CARoots RPC
|
7 years ago |
|
Kyle Havlovitz
|
e00088e8ee
|
Rename some of the CA structs/files
|
7 years ago |
|
Kyle Havlovitz
|
627aa80d5a
|
Use provider state table for a global serial index
|
7 years ago |
|
Kyle Havlovitz
|
988510f53c
|
Add test for ca config http endpoint
|
7 years ago |
|
Kyle Havlovitz
|
de72834b8c
|
Move connect CA provider to separate package
|
7 years ago |