mirror of https://github.com/hashicorp/consul
Tree:
247033b046
1.14.0-beta1
1.6.2
18831-backport1.14.10
18831-backport1.15.6
18831-backport1.16.2
404-checker-update
Amier3-patch-1
CC-5545/upgrade-hds-packages
CC-6363/downgrade-node-for-ci
CC-6363/downgrade-node-for-v-1-point-15
CC-7146/Sidebar-item-for-linking-status
CC-7146/convert-consul-hcp-to-a-simpler-component-for-some-upcoming-changes
CC-7146/hcp-link-item-in-the-nav-bar
CSLC-103-egress-gtwy-cert-tgtwy
CSLC-91-egress-connect-proxy
CSLC-91-egress-connect-proxy-2
CTIA-8-verify-builds-v2
FFMMM-patch-1
GH-migration-add-oss-ent-builder-logic
HCPCP-1619-unix-socket-host
NET-10248-consul-cross-namespace-requests-to-a-terminating-gateway-fail-with-no-healthy-upstream
NET-10288-Bump-go-to-resolve-CVE-2024-24791
NET-10290-Bump-envoy-to-resolve-CVE-2024-39305
NET-10719-fix-apigw-jwt-cluster-generation
NET-1530-set-envoy-ext-rate-limit-plugin
NET-1594-backport
NET-1594-backport-1.14.x
NET-1594-backport-1.15.x
NET-1643-66794-consul-version-in-prometheus-format-metrics-is-0
NET-1723/append-rules
NET-1728/remove-docs-with-token-param
NET-1805-cleanup-test-container-lib-basic-topology-single-dc
NET-1805-upgrade-test-grpc
NET-2029-Normalize-status-for-new-config-entry-types
NET-2063-Implementation-API-GW-Use-XDS-primitives-instead-of-Ingress-GW-primitives
NET-2088-upgrade-test-ingress-gateway
NET-3059/acl-agent-api
NET-3914-gha-change-upgrade-test-small-runner
NET-3914-gha-change-upgrade-test-small-runner-no-splitting
NET-3914-gha-resolve-the-issue-of-running-multiple-docker-container
NET-3914-gha-run-compat-tests-single-runner
NET-3914-gha-upgrade-test-single-runner
NET-4277
NET-4277-tests
NET-438/add-ent-version-suffix
NET-4558-Address-comments-for-PR-https-github.com-hashicorp-consul-pull-15235
NET-4924_update_readme
NET-5017-status-condition-fixes
NET-5084/TrafficPermission-WorkloadIdentity-protos
NET-5090/implicit-destinations
NET-5147-plumbing
NET-5327-consistency-docs
NET-581-Configure-Vault-namespaces-for-Connect-CA-via-Helm-Stanza
NET-5889-absl
NET-6313/resource-list-poc
NET-6354
NET-6416-meshgateway-acls
NET-6453/skip-traffic-permission-test-on-M1
NET-6469/add-custom-watch
NET-6608
NET-6820-Mesh-GW-Customize-mesh-gateway-proxy-limits
NET-6821-Host-Header-Rewrite
NET-685-rate-limiting-to-registering-imported-services
NET-7014-consul-Look-up-mesh-gateway-controlling-workload-instead-of-assuming-its-identity
NET-7376-consul-consul-k8s-Set-status-on-APIGateway-with-required-info-from-kubesig
NET-800-add-internal-endpoint-to-return-all-exported-services-to-a-given-peer
NET-801-add-internal-endpoint-to-return-peer-stream-health-from-peerstream-tracker
NET-818-server-cert
NET-8983/raft-version-bump
RELENG-305
RELTOOL-20
SECVULN-6892-word-wrap
SECVULN-8533-lodash-template
SECVULN-8621_consul_api_validate_request_content_type
SuyashHashiCorp-patch-1
SuyashHashiCorp-patch-1-1
SuyashHashiCorp-patch-2
a10-thunder-adc
aahel
acl/wait-for-token-replication-to-use-token
acpana/clean-peer-2
acpana/no-19-metrics
acpana/nonuser-peering-reg-3
acpana/peering-imported-counter
add-bind-type-policy
add-docs-for-anno
add-downstream-service-meta
add-linter-net-rpc-2-test
add-linter-net-rpc-r2
add-missing-consul-env-file
add-new-golden-file-tests
add-partitions-to-e2e-gateway-tests
add-patches
add-peering-changes
add-peering-commontopo-tests-ci-fiddling
add-ui-checker
add_build_ui
adds-helm-docs-update-from-1-4-2-consul-k8s
agent/tls-types
anita-upgrade-fix
ap/exports-docs
ap/main-docs
api-gateway-all-controllers
api-gateway-sds-fixes
api-gateway-ui
api-gw-docs-broken-link
apivalidateclusters
architecture-log
ariadne/hack/backend
art
artifact-manifest/main/smoothly-fresh-quagga
ashwin-michael/crd-auto-generation
b-ui/manual-backport-d3-color
b/scada-retry-disconnect
backend-changes-doesnt-run-frontend-task-on-ci-test
backport-1.16-fix-snapshot-test
backport-squashing-fix-for-namespaces
backport/1.11.x/11107
backport/1.13.x/api-gw-docs
backport/16955-transfer-leader/safely-positive-bobcat
backport/CC-7146/convert-consul-hcp-to-a-simpler-component-for-some-upcoming-changes/barely-trusting-yeti
backport/CE-564-external-services-crd/carefully-generous-kodiak
backport/CE-572-file-system-certificate/slowly-pure-herring
backport/CE-577-release-notes/namely-fleet-lionfish
backport/CI-upload-upgrade-test-to-datadog/incredibly-helping-pig
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/merely-optimum-wahoo
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/partly-liberal-bluegill
backport/CTIA-5-gh-12578-endpoint-returns-500-instead-of-404/reliably-dear-hen
backport/NET-10288-Bump-go-to-resolve-CVE-2024-24791/wrongly-optimal-lamprey
backport/NET-1521/conversely-romantic-dodo
backport/NET-2292-upgrade-port-http/initially-innocent-dodo
backport/NET-3474/start-reporting-agent/slowly-inviting-whippet
backport/NET-3476/add-reporting-config/quickly-talented-wildcat
backport/NET-3860/moderately-awake-grouse
backport/NET-3860/namely-curious-iguana
backport/NET-3860/uniformly-funny-pug
backport/NET-3893/container-logs/intensely-nice-boar
backport/NET-3893/container-logs/obviously-primary-sawfly
backport/NET-3914-fix-container-test-slow-image-build/sharply-game-mastiff
backport/NET-4135/fairly-stable-lamb
backport/NET-4135/marginally-ultimate-sculpin
backport/NET-4519/annually-huge-filly
backport/NET-4519/deadly-precise-jawfish
backport/NET-4519/heavily-equal-spaniel
backport/NET-5611_fix_trigger_ci/simply-relevant-foal
backport/NET-5688-gwui-fixes/mentally-superb-prawn
backport/NET-5688-gwui-fixes/noticeably-easy-magpie
backport/NET-8717-Vulnerabilities-in-consul-enterprise-d3-color/accurately-normal-snipe
backport/RELPLAT-897-copywrite-bot-workarounds/likely-content-goshawk
backport/RELPLAT-980-license-file-updates/vertically-modern-dogfish
backport/SECVULN-8633-TOB-CONSUL24-17-Consul-configuration-allows-repeated-keys/publicly-deciding-hookworm
backport/Suppress-CVE-2024-8096/gradually-brave-ewe
backport/Suppress-CVE-2024-8096/quietly-brief-koala
backport/add-ent-and-ce-frontend-test-runs-to-pr/morally-sure-fowl
backport/add-ent-and-ce-frontend-test-runs-to-pr/painfully-outgoing-drum
backport/add-ent-and-ce-frontend-test-runs-to-pr/similarly-new-sloth
backport/add-query-for-namespace-lookup-when-creating-services
backport/add-release-config-key/gradually-wanted-trout
backport/add-release-config-key/lightly-sterling-mongrel
backport/add-release-config-key/mentally-equal-wallaby
backport/add-tests-for-gw-proxy-controller/loosely-primary-crane
backport/am-ak-patch-1/really-stirring-flounder
backport/api-gateway-install-redirrects/wholly-one-sunbird
backport/asheshvidyut/NET-3865/gratefully-apt-haddock
backport/ashwin/cluster-peering-helm-docs/curiously-legible-drum
backport/ashwin/envoy-readiness/cleanly-supreme-poodle
backport/ashwin/envoy-readiness/visually-warm-sunfish
backport/ashwin/generate-proto-deep-copy-json-marshal/naturally-exotic-anemone
backport/ashwin/peer-count-metric/greatly-many-chimp
backport/ashwin/recreate-token-docs/virtually-new-koi
backport/ashwin/use-prxoy-health-docs/uniformly-new-cattle
backport/backport/remove-CONSUL_HCP_LINK_ENABLED-flag/scarcely-precise-silkworm-manual
backport/brk.chore/remove-link-format-check/promptly-aware-garfish
backport/brk.fix/update-links-for-developer/reasonably-choice-vulture
backport/broken_links/evidently-improved-starfish
backport/broken_links/lately-faithful-falcon
backport/broken_links/regularly-living-monitor
backport/catalog-deregistration-fix/grossly-lenient-treefrog
backport/catalog-deregistration-fix/optionally-blessed-cockatoo
backport/cc-4361/hcp-metrics-bootstrap-config/manually-composed-snail
backport/cc-4519-collect-node-id/brightly-sharp-akita
backport/cc-4519-collect-node-id/suitably-funky-warthog
backport/cc-4716-link-existing-clusters/hopelessly-full-koi
backport/cc-4716-link-existing-clusters/slightly-on-wren
backport/cc-4929-cap-socket-path/horribly-sunny-airedale
backport/cc-4960/hcp-telemetry-periodic-refresh/namely-joint-tarpon
backport/cc-4960/hcp-telemetry-periodic-refresh/quietly-splendid-leech
backport/cc-4960/move-first-fetch-into-provider/informally-exciting-blowfish
backport/cc-4960/move-first-fetch-into-provider/rapidly-climbing-airedale
backport/cc-4960/move-first-fetch-into-provider/separately-nearby-seagull
backport/cc-7147-link-to-hcp-modal/kindly-verified-snipe
backport/chore-fix-module-name/fully-giving-hagfish
backport/ci-remove-duplicate-test/actually-sensible-swine
backport/compliance/license-changes/vigorously-holy-escargot
backport/consul-collector-reduce-flush-intervals/externally-natural-pangolin
backport/consul-collector-reduce-flush-intervals/likely-loved-hog
backport/consul-er-add-service-discovery-seo-doc/notably-social-koala
backport/consul-k8s-docs-typo/firstly-present-hawk
backport/consul-k8s-docs-typo/largely-liked-badger
backport/correct-redhat-tags/humbly-central-cricket
backport/correct-redhat-tags/promptly-intense-dodo
backport/correct-redhat-tags/sadly-deep-tiger
backport/cp_NET-3684/mentally-fit-squirrel
backport/cthain/net-5807/vault-ca-namespace-config/heavily-rested-donkey
backport/cthain/net-5807/vault-ca-namespace-config/miserably-factual-blowfish
backport/danielehc-fix-filter-links/cleanly-humble-mole
backport/danielehc-fix-filter-links/vaguely-welcome-jawfish
backport/dans/NET-1757/access-logs-docs/only-definite-polecat
backport/dans/NET-3917/default-0s-initial_fetch_timeout/fairly-fluent-drake
backport/dans/NET-6796/dns-v2-catalog-v2-ns-soa/mostly-real-ibex
backport/dans/fix-snapshot-save-test/partly-sweeping-mollusk
backport/dans/fix-snapshot-save-test/vaguely-solid-sheepdog
backport/dans/fix-snapshot-save-test/willingly-golden-leopard
backport/david-yu-admin-partitions/deeply-fair-quagga
backport/david-yu-admin-partitions/eminently-awaited-porpoise
backport/david-yu-admin-partitions/gradually-open-octopus
backport/david-yu-admin-partitions/jointly-ready-mole
backport/david-yu-admin-partitions/officially-charming-orca
backport/david-yu-admin-partitions/typically-fast-shark
backport/david-yu-agent-latency-requirements/severely-ready-raccoon
backport/david-yu-build-dockerfile/mutually-assuring-albacore
backport/david-yu-cleanup-1-18/distinctly-stirring-catfish
backport/david-yu-docs-cluster-peering/poorly-flying-leopard
backport/david-yu-enterprise-image/noticeably-brave-man
backport/david-yu-enterprise-image/wholly-welcome-platypus
backport/david-yu-gke-autopilot/internally-sharp-thrush
backport/david-yu-gke-autopilot/recently-driving-dingo
backport/david-yu-k8s-install-helm/normally-cool-fish
backport/david-yu-k8s-install-helm/notably-thorough-crow
backport/david-yu-k8s-install-helm/trivially-intimate-aardvark
backport/david-yu-log-level-error/lightly-polite-porpoise
backport/david-yu-log-level-error/quickly-helping-ghoul
backport/david-yu-patch-2/correctly-eternal-hamster
backport/david-yu-patch-2/nominally-viable-squirrel
backport/david-yu-patch-3/informally-factual-colt
backport/david-yu-ubi/curiously-cunning-meerkat
backport/david-yu-ubi/publicly-loving-bluejay
backport/david-yu-ubi/secretly-balanced-rodent
backport/derekm/NET-3007/fix-peer-stream-cleanup/friendly-caring-krill
backport/derekm/NET-3881/health-call-loop-entfix/possibly-safe-swan
backport/derekm/NET-3881/health-call-loop/trivially-dashing-ox
backport/derekm/NET-4958/missing-endpoints/unlikely-positive-wildcat
backport/derekm/NET-7652/broadly-regular-firefly
backport/derekm/NET-7652/freely-peaceful-kit
backport/derekm/fix-cicd-docker-pull/steadily-evolved-kitten
backport/derekm/grpc-server-keepalive/gladly-popular-cod
backport/dev-image-publishing/willingly-literate-stag
backport/dev-portal/largely-exact-worm
backport/dev-portal/thoroughly-enabling-kid
backport/dhiaayachi/fix_panic_policy_delete/logically-amazed-crow
backport/dhiaayachi/fix_panic_policy_delete/publicly-pumped-tadpole
backport/dhiaayachi/raft-wal-0.4.1/sadly-super-monarch
backport/disable_envoy_check/closely-liberal-monkfish
backport/disable_envoy_check/mistakenly-mighty-glider
backport/dns-parititon-docs/certainly-real-vulture
backport/doc-v2-traffic-permission/jointly-top-ant
backport/docs-nomad-ent/cheaply-guiding-sloth
backport/docs-nomad-ent/only-touched-mutt
backport/docs-nomad-ent/scarcely-thorough-anteater
backport/docs/1-10-upgrade-compatibility-clarification/distinctly-relaxing-snail
backport/docs/1-10-upgrade-compatibility-clarification/gradually-united-polecat
backport/docs/1-17-release-notes/friendly-smiling-sailfish
backport/docs/1-19-release-notes-fix/factually-evolving-koala
backport/docs/CE-749-remove-references-from-consul/humbly-leading-emu
backport/docs/add-rate-limit-ops-diagram/widely-alive-mallard
backport/docs/add-redirects-1.8-conf-entries/factually-relieved-flounder
backport/docs/add-redirects-1.8-conf-entries/freely-grateful-camel
backport/docs/add-redirects-1.8-conf-entries/illegally-driving-fawn
backport/docs/add-redirects-1.8-conf-entries/pleasantly-cunning-pig
backport/docs/added-1.17-features-to-enterprise-overview
backport/docs/added-redirects-for-conf-entries
backport/docs/added-redirects-for-conf-entries-1.13.x
backport/docs/added-redirects-for-conf-entries-1.14.x
backport/docs/address-multicluster-singledc-docs/hopefully-set-mallard
backport/docs/admin-partitions-114-update/correctly-enough-shad
backport/docs/admin-partitions-link-k8s/trivially-excited-jaybird
backport/docs/admin-partitions-node-scope/forcibly-bursting-kid
backport/docs/amb.migrate-link-formats/adversely-helping-troll
backport/docs/amb.migrate-link-formats/jointly-renewed-dolphin
backport/docs/amb.migrate-link-formats/thoroughly-obliging-trout
backport/docs/amb.migrate-link-formats/truly-supreme-hagfish
backport/docs/amb.migrate-link-formats/usually-sweeping-panda
backport/docs/api-gw-k8s-add-upgrade-step-1.16/fully-suited-cattle
backport/docs/apigee-backports/deeply-active-jackal
backport/docs/auto-cert-1-13-2/constantly-above-turtle
backport/docs/blake/fix-spelling-errors-aug23/partially-equal-haddock
backport/docs/capigw-0.3/carefully-sharp-rattler
backport/docs/capigw-0.3/correctly-peaceful-muskrat
backport/docs/capigw-tech-spec-update/explicitly-renewing-badger
backport/docs/capigw-tech-spec-update/formerly-awaited-elf
backport/docs/capigw-typos-usage/socially-needed-dodo
backport/docs/ce-514-envoy-constraints/publicly-modern-sturgeon
backport/docs/change-backendRefs-api-group/largely-working-woodcock
backport/docs/clarify-connect-language-2/humbly-native-spaniel
backport/docs/clarify-license-behavior-on-restart/morally-ready-monkey
backport/docs/clarify-snapshot-restore-version-restriction/blindly-sure-buffalo
backport/docs/clarify-snapshot-restore-version-restriction/firstly-endless-eagle
backport/docs/clarify-vault-ca-provider-permissions-needed/optionally-hardy-emu
backport/docs/cluster-peering-parameter-fixes/yearly-flowing-arachnid
backport/docs/common-errors/amazingly-golden-pony
backport/docs/config-enable-debug/broadly-loving-tomcat
backport/docs/config-enable-debug/conversely-positive-goblin
backport/docs/config-enable-debug/endlessly-probable-manatee
backport/docs/config-enable-debug/willingly-master-sloth
backport/docs/consistency-mode-improvements/annually-united-iguana
backport/docs/consistency-mode-improvements/implicitly-smart-jaguar
backport/docs/consistency-mode-improvements/mildly-wanted-slug
backport/docs/consistency-mode-improvements/nationally-key-swan
backport/docs/consistency-mode-improvements/slowly-mint-bull
backport/docs/consistency-mode-improvements/willingly-sterling-bluegill
backport/docs/correct-1.10.x-upgrade-path/hardly-ultimate-leopard
backport/docs/crossref-maint-mode-from-health-checks/explicitly-renewed-owl
backport/docs/deemphasize-token-query-param/reasonably-amusing-impala
backport/docs/dyu-compat-matrix/positively-funky-dory
backport/docs/enterprise-feature-table/recently-upright-lemur
backport/docs/external-crd-fix/accurately-talented-cobra
backport/docs/fips-cluster-peering/repeatedly-evolved-stallion
backport/docs/fix-api-landing-page-typos/curiously-eminent-quail
backport/docs/fix-bad-links-service-defaults-ref/evenly-causal-buzzard
backport/docs/fix-bad-links-service-defaults-ref/hardly-related-llama
backport/docs/fix-bad-links-service-defaults-ref/supposedly-selected-arachnid
backport/docs/fix-broken-links-8-18/cleanly-wired-honeybee
backport/docs/fix-broken-links-8-18/conversely-gentle-swan
backport/docs/fix-consul-ecs-tf-path/cleanly-happy-newt
backport/docs/fix-k8s-crd-example-configs/naturally-capital-bobcat
backport/docs/fix-k8s-crd-example-configs/seriously-real-cricket
backport/docs/fix-node-lookup-by-removing-tag/moderately-brave-barnacle
backport/docs/flag-ent-features-1.17/marginally-stirred-crappie
backport/docs/fox-peering-metrics-labels-table/conversely-capital-yak
backport/docs/fox-peering-metrics-labels-table/quietly-ready-louse
backport/docs/initial-multiport-fixes/constantly-thorough-pheasant
backport/docs/invoke-services-from-lambda/severely-useful-katydid
backport/docs/invoke-services-from-lambda/vigorously-generous-treefrog
backport/docs/jwt-auth-fixes/poorly-suited-pelican
backport/docs/k8s-1-14-releasenotes/widely-organic-wahoo
backport/docs/k8s-acl-fix/repeatedly-solid-cricket
backport/docs/k8s-federation-requirements/constantly-vocal-cougar
backport/docs/k8s-federation-requirements/finally-lenient-cub
backport/docs/k8s-federation-requirements/friendly-prompt-jay
backport/docs/k8s-federation-requirements/rapidly-resolved-doberman
backport/docs/k8s-federation-requirements/surely-eminent-tomcat
backport/docs/k8s-tgw-tutorial-role-id-fix/duly-known-shad
backport/docs/k8s-tgw-tutorial-role-id-fix/seemingly-social-chow
backport/docs/k8s-tgw-tutorial-role-id-fix/severely-innocent-mosquito
backport/docs/lkysow/prepare-dataplane-upgrade/deeply-joint-herring
backport/docs/lkysow/verify-outgoing/luckily-viable-anchovy
backport/docs/lkysow/verify-outgoing/sincerely-expert-buck
backport/docs/lkysow/verify-outgoing/strictly-well-sheepdog
backport/docs/manage-traffic-link-fix/hardly-together-salmon
backport/docs/mgw-primary-upgrade/poorly-sincere-rattler
backport/docs/multi-port-v1-17-ga/hopelessly-premium-ostrich
backport/docs/multiport-hcp-update/seemingly-valid-jaybird
backport/docs/new-vault-connect-ca-permissions-needed/happily-knowing-sponge
backport/docs/new-vault-connect-ca-permissions-needed/miserably-fun-drum
backport/docs/note-about-connect-service-upstream-env-var/certainly-helped-horse
backport/docs/note-about-connect-service-upstream-env-var/lively-exciting-reptile
backport/docs/nrichu-hcp-doc-patch/jolly-poetic-rat
backport/docs/page-descs-for-CLI/early-ample-basilisk
backport/docs/page-descs-for-CLI/implicitly-precious-calf
backport/docs/patch-release/constantly-teaching-giraffe
backport/docs/peering-api-update/amazingly-chief-mosquito
backport/docs/redirect-acl-system-page/rapidly-awaited-bluegill
backport/docs/redirect-acl-system-page/similarly-smiling-kodiak
backport/docs/remove-comparisons-from-ref-docs/definitely-direct-hyena
backport/docs/remove-empty-codeblockconfig-elements/daily-viable-oryx
backport/docs/remove-empty-codeblockconfig-elements/severely-merry-newt
backport/docs/restore-missing-config-content/curiously-evolving-snail
backport/docs/restore-missing-config-content/eminently-definite-tick
backport/docs/scale-typo/early-set-drum
backport/docs/scale-typo/mostly-verified-werewolf
backport/docs/search-metadata-headers/supposedly-eternal-ox
backport/docs/single-dc-multi-k8s/weekly-humorous-cricket
backport/docs/tutorial-refresh-support/mostly-settled-alien
backport/docs/tutorial-refresh-support/yearly-integral-clam
backport/docs/update-acl-docs/locally-happy-wasp
backport/docs/update-acl-docs/publicly-up-pony
backport/docs/update-consul-k8s-nginx-ingress-controller-example/sadly-inviting-pika
backport/docs/uri-decode-resource-names-for-http-api/early-neat-pipefish
backport/docs/uri-decode-resource-names-for-http-api/fairly-busy-mouse
backport/docs/use_values_yaml_everywhere/broadly-pro-possum
backport/docs/use_values_yaml_everywhere/clearly-frank-bonefish
backport/docs/wal-fix/certainly-romantic-parrot
backport/docs/what-is-consul-devdot-update/mutually-pleasing-insect
backport/docs_discovery_typo/jointly-happy-crane
backport/docs_update_helm_docs_vault_synccatalog/fairly-saved-filly
backport/dstough/GH-12628-multiple-https-ingress-services/distinctly-charming-stork
backport/dstough/GH-12628-multiple-https-ingress-services/yearly-accepted-pipefish
backport/dstough/add-noop-jobs-for-branch-protect/formerly-moving-monkey
backport/dstough/add-noop-jobs-for-branch-protect/uniformly-ideal-stallion
backport/dstough/add-noop-jobs-for-branch-protect/wildly-tight-ladybird
backport/dstough/fix-metrics-false-positive/ghastly-up-mole
backport/dstough/fix-metrics-false-positive/implicitly-integral-leech
backport/dyu/dns-port/manually-light-ant
backport/dyu/dns-port/typically-creative-hermit
backport/dyu/gh-pr-workflow/definitely-relaxed-mollusk
backport/dyu/jobs-pr-feedback/mildly-immune-hyena
backport/dyu/jobs-pr-feedback/presumably-composed-wildcat
backport/dyu/multi-port/greatly-musical-lab
backport/dyu/network-segments/loudly-tops-tadpole
backport/dyu/network-segments/specially-prepared-mammoth
backport/dyu/readme/globally-concise-oarfish
backport/dyu/ubi/carefully-funky-bonefish
backport/dyu/ubi/completely-neat-cobra
backport/dyu/ubi/finally-growing-grub
backport/dyu/ubi/optionally-content-bug
backport/dyu/ubi/ultimately-singular-leech
backport/eculver/fix-pkg-name/firmly-holy-sole
backport/eculver/fix-pkg-name/mainly-modern-elk
backport/eculver/update-nomad-integ-tests/needlessly-saved-collie
backport/eculver/update-nomad-integ-tests/nicely-fresh-bullfrog
backport/ent-port-upgrade-tests-flatten/early-precious-treefrog
backport/envoy-bootstrap-log-fix/infinitely-communal-midge
backport/envoy-bootstrap-logging/enormously-outgoing-martin
backport/exported_services_cli_and_docs/rc1
backport/f/metrics-collector-rename/achooo
backport/f/metrics-collector-rename/highly-clean-elf
backport/feature/hcp-telemetry/personally-central-caribou
backport/file-system-certificate/formally-top-minnow
backport/fix-changelog-check/blindly-pumped-shrimp
backport/fix-changelog/nearly-grown-kangaroo
backport/fix-doc/physically-growing-doberman
backport/fix-ent-merge/enormously-close-sculpin
backport/fix-error-msg-fmt/normally-allowed-redbird
backport/fix-flaky-integ-test-ingress/commonly-strong-cow
backport/fix-flaky-integ-test-ingress/noticeably-unified-dane
backport/fix-flaky-integ-test-ingress/preferably-feasible-rattler
backport/fix-gRPC-limit-peering/especially-premium-asp
backport/fix-home-link/wholly-regular-bengal
backport/fix-integ-flakiness/accurately-cunning-cardinal
backport/fix-integ-flakiness/precisely-simple-quagga
backport/fix-issuer-growing-list-maybe-from-vault/barely-still-aardvark
backport/fix-issuer-growing-list-maybe-from-vault/blindly-adequate-bluebird
backport/fix-issuer-growing-list-maybe-from-vault/uniquely-master-falcon
backport/fix-merge-config-entry/badly-eternal-bonefish
backport/fix-merge-config-entry/carefully-open-stingray
backport/fix-role-linked-token-list/blindly-trusted-glowworm
backport/fix-submat-view-bug/physically-stirring-zebra
backport/fix-unremoved-service-mesh-gateway/primarily-growing-wren
backport/fix_altdomain_dcname_overlap/loudly-definite-dingo
backport/fix_altdomain_dcname_overlap/mistakenly-ready-hog
backport/fix_altdomain_dcname_overlap/thoroughly-daring-mule
backport/fix_docs_conflict_leftovers/highly-sweet-whale
backport/gateway-upstream-disambiguation-ce/strictly-pleasant-mule
backport/gh-13169-show-leader-metrics/fairly-worthy-redbird
backport/gh-13169-show-leader-metrics/formally-pleasing-pigeon
backport/gh-13169-show-leader-metrics/inherently-wealthy-lab
backport/gh-13169-show-leader-metrics/legally-winning-joey
backport/gh-14341-txn-struct/randomly-noted-piglet
backport/gh-17320-update-metrics-doc/probably-promoted-lynx
backport/gh-18152-members-filter-dc/firstly-ideal-maggot
backport/gha-concurrency/finally-exciting-filly
backport/gha-concurrency/honestly-live-sailfish
backport/gha-concurrency/largely-gentle-crab
backport/gha-concurrency/mildly-great-unicorn
backport/hans/add_new_field_to_bootstrap_config_and_push_state/primarily-sweeping-tapir
backport/hans/add_new_field_to_bootstrap_config_and_push_state/sadly-eminent-man
backport/import-filter
backport/import-filter-v2
backport/improve_ci_run_time/miserably-glowing-boa
backport/integ-test-upgrade-test/truly-becoming-mule
backport/integ-test-use-asserter/internally-cheerful-mullet
backport/ishustava/1.14-agentless-docs-updates/internally-star-beetle
backport/ishustava/NET-3995-computed-proxy-config/slightly-cheerful-kangaroo
backport/ishustava/NET-5377-sidecar-proxy-ctrl-improvements/oddly-talented-sole
backport/issue-17886-expose-certs/definitely-wise-sturgeon
backport/jer/cc6039-policy-desc/adversely-sought-ladybird
backport/jer/cc6039-policy-desc/multiply-native-bird
backport/jer/ccm-read-only/lightly-worthy-sawfish
backport/jer/ccm-read-only/unlikely-glad-snapper
backport/jer/cloud-docs/briefly-adequate-filly
backport/jer/cloud-docs/gratefully-stunning-frog
backport/jjti/fix-hcp-client-logs/commonly-desired-antelope
backport/jjti/fix-hcp-client-logs/evenly-clean-slug
backport/jjti/fix-hcp-client-logs/happily-charmed-jawfish
backport/jjti/fix-hcp-client-logs/infinitely-decent-ibex
backport/jjti/fix-hcp-client-logs/presently-free-roughy
backport/jjti/fix-hcp-client-logs/visually-secure-spaniel
backport/jjti/fix-hcp-export-logger/intensely-growing-horse
backport/jjtimmons/reduce-export-freq/hardly-generous-martin
backport/jjtimmons/reduce-export-freq/safely-frank-mudfish
backport/jkirschner-hashicorp-patch-1/reasonably-devoted-pheasant
backport/jkirschner-hashicorp-patch-3/seriously-living-squirrel
backport/jm/0.44.0/wholly-saving-flea
backport/jm/3372/freely-intimate-gannet
backport/jm/3372/freely-singular-dingo
backport/jm/NET-3692/strangely-solid-owl
backport/jm/NET-5397/violently-choice-perch
backport/jm/NET-6081/equally-complete-thrush
backport/jm/NET-6944/clearly-winning-fly
backport/jm/NET-6944/subtly-adequate-gopher
backport/jm/NET-7025/commonly-saved-glowworm
backport/jm/NET-7025/implicitly-optimal-drum
backport/jm/NET-7025/pleasantly-balanced-sole
backport/jm/ba/sadly-tolerant-wombat
backport/jm/ba/usually-promoted-tapir
backport/jm/deep-copy-lint-enums/gladly-fine-pegasus
backport/jm/endpoint-result/yearly-better-sunfish
backport/jm/go-tests-notify-3/allegedly-trusting-moose
backport/jm/go-tests-notify-3/genuinely-pumped-glowworm
backport/jm/go-tests-notify-3/luckily-tough-platypus
backport/jm/go-tests-notify-3/nicely-electric-calf
backport/jm/local-app-protocol-test/hardly-noble-aardvark
backport/jm/macos-arm64/actively-improved-dinosaur
backport/jm/no-parallel-dns-tests/sharply-true-tetra
backport/jm/no-parallel-dns-tests/tightly-liberal-emu
backport/jm/no-parallel-dns-tests/ultimately-accurate-sponge
backport/jm/no-parallel-dns-tests/willingly-adjusted-mallard
backport/jm/remove-compat-test-splitting/honestly-outgoing-calf
backport/jm/remove-compat-test-splitting/rationally-wondrous-krill
backport/jm/remove-tests-skipping/finally-romantic-anteater
backport/jm/remove-tests-skipping/physically-enough-molly
backport/jm/remove-tests-skipping/typically-credible-bug
backport/jm/rmv-test-integrations/probably-topical-shrimp
backport/jm/test-integrations/clearly-curious-liger
backport/jm/ui-main/openly-ace-mole
backport/jm/vault-docs-redesign/indirectly-logical-monitor
backport/jm96441n/normalize-status-conditions/implicitly-mighty-racer
backport/jwt-warning-docs/completely-poetic-herring
backport/jwt-warning-docs/uniquely-organic-muskox
backport/kisunji/NET-4766-vault-ca-bug-fix/inherently-harmless-louse
backport/kisunji/NET-4766-vault-ca-bug-fix/really-leading-tick
backport/kisunji/NET-4766-vault-ca-bug-fix/secondly-first-mullet
backport/kisunji/cleanup-resources/secondly-devoted-longhorn
backport/kisunji/cleanup-resources/solely-moved-dodo
backport/kisunji/controller-test-fix/internally-artistic-buzzard
backport/kisunji/ent-label-ratelimit/normally-casual-sparrow
backport/kisunji/fix-flakes/firstly-desired-dove
backport/kisunji/fix-flakes/formally-giving-goldfish
backport/kisunji/fix-flakes/honestly-bright-dove
backport/kisunji/fix-permissive-envoy-ext/lately-ideal-calf
backport/kisunji/fix-permissive-envoy-ext/unduly-set-ram
backport/kisunji/fix-test/admittedly-valid-ray
backport/kisunji/fix-test/blatantly-prime-loon
backport/kisunji/fix-test/entirely-major-chigger
backport/kisunji/nomad-docs/hugely-concise-crawdad
backport/kisunji/nomad-docs/weekly-hip-starling
backport/kisunji/peering-tproxy-docs/truly-dominant-sawfly
backport/kisunji/update-hcp-scada-provider/socially-wise-silkworm
backport/kisunji/vault-ca-clean-unused-issuers/curiously-neat-tarpon
backport/kisunji/vault-ca-clean-unused-issuers/hugely-eminent-monster
backport/kisunji/vault-ca-clean-unused-issuers/rapidly-smart-sunbird
backport/kisunji/vault-ca-fixes/awfully-smooth-katydid
backport/kisunji/vault-ca-fixes/fully-electric-phoenix
backport/krastin/docs/improve-license/mostly-polite-turtle
backport/krastin/vault-for-consul/clearly-main-molly
backport/krastin/vault-for-consul/factually-enough-buck
backport/krastin/vault-for-consul/indirectly-mint-bison
backport/krastin/vault-for-consul/noticeably-awaited-chamois
backport/krastin/vault-for-consul/thankfully-big-condor
backport/krastin/website/telemetry-labels/duly-firm-toucan
backport/licensing-exp-v2-docs/optionally-allowed-whippet
backport/link-to-hcp-modal-error-when-acls-disabled/severely-cool-sparrow
backport/lorna/cc-6925/hcp-tls/immensely-dear-grouper
backport/lorna/cc-6925/hcp-tls/monthly-correct-buck
backport/loshz-patch-1/friendly-touched-killdeer
backport/loshz/NET-3029-fix/constantly-romantic-fox
backport/loshz/NET-3029-fix/radically-relaxing-robin
backport/ma/vault-namespace-intermediate-provider-v2/positively-unified-aardvark
backport/ma/x-forwarded-client-cert-docs-fix/extremely-definite-shark
backport/ma/x-forwarded-client-cert-docs-fix/repeatedly-fluent-filly
backport/main/strangely-tops-wombat
backport/malizz-validate-name-on-dlt-proxy-defaults/seriously-eager-werewolf
backport/mixed-service-topology/accurately-nearby-falcon
backport/mixed-service-topology/physically-large-griffon
backport/more-xds-races-and-panics/visually-tidy-crow
backport/natemollica-nm-server-workload-telemetry-update/apparently-immune-oriole
backport/natemollica-nm-server-workload-telemetry-update/hopelessly-modest-lark
backport/natemollica-nm-server-workload-telemetry-update/secondly-massive-kiwi
backport/nathancoleman-patch-1/badly-pro-pug
backport/nathancoleman-patch-1/distinctly-growing-parakeet
backport/nathancoleman-patch-1/ghastly-endless-lioness
backport/nathancoleman-patch-1/instantly-premium-sturgeon
backport/nathancoleman-patch-1/lightly-intimate-labrador
backport/nd/net-4931-l7/endlessly-intimate-reindeer
backport/net-4786/mesh-strict-dns/conversely-climbing-aphid
backport/net-bind-service/evenly-sharp-hornet
backport/nfi-net5476-nightly-peering-integ/horribly-enough-piranha
backport/nia/beta-docs-0.6.0/actively-tidy-mantis
backport/nia/beta-docs-0.6.0/evenly-humble-ray
backport/nia/docs-0.7.0/rarely-dear-finch
backport/nicoleta-k8s-annotations/shortly-rested-duckling
backport/nightly-slack-notification/daily-rich-wren
backport/nightly-slack-notification/legally-smart-terrier
backport/operator-usage-docs/definitely-curious-gecko
backport/partition-cli-acl-info-and-api-crossref/hopefully-able-urchin
backport/patch-1/actually-sharing-chigger
backport/patch-1/arguably-special-marlin
backport/patch-1/briefly-merry-mantis
backport/patch-1/correctly-cheerful-anchovy
backport/patch-1/easily-cheerful-dingo
backport/patch-1/forcibly-shining-javelin
backport/patch-1/formally-happy-dane
backport/patch-1/humbly-helpful-poodle
backport/patch-1/legally-massive-flounder
backport/patch-1/likely-next-halibut
backport/patch-1/loudly-up-hippo
backport/patch-1/noticeably-desired-seal
backport/patch-1/primarily-infinite-asp
backport/patch-1/properly-polished-condor
backport/patch-1/severely-ruling-mouse
backport/patch-1/socially-better-stork
backport/patch-1/tightly-endless-javelin
backport/patch-1/verbally-glad-killdeer
backport/peering/re-establish-terminated/immensely-active-beetle
backport/peering/term-delete/thoroughly-tough-snipe
backport/proxy-register-port-race-2/deeply-warm-man
backport/proxy-register-port-race-2/hugely-whole-hippo
backport/raft-1.5.0-pipeline-fix/extremely-eager-chamois
backport/raft-fix-nonvoter/evenly-pro-cod
backport/rboyer/deployer-makefile/early-steady-sloth
backport/rboyer/fix-drift/singularly-glad-locust
backport/rboyer/fix-manual-vip-writes/jointly-sweet-dingo
backport/release/1.18.0-followup
backport/releng/remove-duplicate-ubi/mainly-sterling-bulldog
backport/releng/remove-duplicate-ubi/singularly-leading-finch
backport/remove-CONSUL_HCP_LINK_ENABLED-flag/scarcely-precise-silkworm
backport/remove-unused-are-hosts-set-check/loudly-sweet-dingo
backport/revert-17166-jm/remove-compat-test-splitting/reliably-lenient-roughy
backport/ronald/fix-docs-typo/uniformly-teaching-martin
backport/sarahalsmiller-timeoutbehaviormutation/only-native-cow
backport/security-coredns-fix/1.15.x
backport/security-coredns-fix/1.16.x
backport/security-coredns-fix/1.17.x
backport/set-product-version/enormously-glad-titmouse
backport/set-product-version/infinitely-awaited-halibut
backport/set-product-version/instantly-direct-kitten
backport/spatel/NET-1646-add-max-ejection-percent/rarely-working-guinea
backport/spatel/busl-2024/correctly-picked-buffalo
backport/spatel/busl-2024/entirely-closing-dove
backport/spatel/busl-2024/namely-saved-squid
backport/spatel/emit-consul-version-periodically/kindly-close-wasp
backport/spatel/emit-consul-version-periodically/mentally-choice-bug
backport/spatel/list-default-peername/endlessly-moral-krill
backport/spatel/oss_to_ce/highly-moral-spider
backport/spatel/oss_to_ce/mentally-well-moccasin
backport/spatel/oss_to_ce/obviously-proud-fish
backport/support-fossa-scanning/actually-nearby-bream
backport/support-fossa-scanning/allegedly-fleet-donkey
backport/support-fossa-scanning/externally-darling-dane
backport/support-fossa-scanning/separately-exact-marlin
backport/tauhid621/exported_services_api_grpc/literally-cuddly-gecko
backport/tauhid621_exported_services_docs_and_cli/normally-positive-lionfish
backport/tauhid621_exported_services_docs_and_cli/specially-blessed-longhorn
backport/test_skip_ci/literally-cuddly-woodcock
backport/test_skip_ci/usually-glowing-fowl
backport/test_skip_ci/widely-normal-platypus
backport/tgate-http2-upstream/merely-civil-mouse
backport/troubleshoot-ports
backport/ui/CC-7062-get-back-metrics-test-with-updated-selector-upd/broadly-diverse-bear
backport/ui/NET-438-add-ent-version-suffix/actively-faithful-walleye
backport/ui/NET-438-add-ent-version-suffix/privately-inspired-escargot
backport/ui/bug/fix#18406/promptly-choice-goose
backport/ui/bug/fix#18406/roughly-credible-llama
backport/ui/bugfix/icon-tweaks/wrongly-quick-sunbird
backport/ui/feature/hcp/absolutely-mighty-mastiff
backport/ui/feature/make-global-read-only-policy-non-editable/frequently-crack-mouse
backport/ui/feature/make-global-read-only-policy-non-editable/infinitely-related-hornet
backport/ui/feature/make-global-read-only-policy-non-editable/instantly-hardy-chamois
backport/update-apigw-version/annually-renewing-whippet
backport/update-apigw-version/commonly-noted-vervet
backport/update-docs-for-splitting/primarily-smashing-halibut
backport/update-e2e-tests-for-namespaces/wholly-daring-porpoise
backport/update-ent-license-link/exactly-bold-hyena
backport/update-envoy/merely-stunning-doberman
backport/update-exported-services-compat-triggers/immensely-humble-labrador
backport/update_docs_multicluster_k8s/admittedly-decent-grubworm
backport/update_docs_multicluster_k8s/hideously-epic-tiger
backport/upgrade-test-targetImage/enormously-endless-bluegill
backport/upgrade-test-targetImage/generally-guiding-horse
backport/upgrade-testcontainer-version/pleasantly-moved-penguin
backport/upgrade-to-node-18/rationally-fancy-flamingo
backport/upstream-oss-merge/briefly-guided-quagga
backport/vault-compatability-consul-pki-token/arguably-cool-silkworm
backport/vault-compatability-consul-pki-token/incredibly-discrete-lamprey
backport/vault-compatability-consul-pki-token/lightly-arriving-cattle
backport/vault-compatability-consul-pki-token/terribly-grand-tetra
backport/vault-compatability-consul-pki-token/usefully-ethical-kiwi
backport/zalimeni/alemuro/3101-support-statefulset-pvc-retain--docs/logically-complete-krill
backport/zalimeni/feature/net-1151-l7-intentions-security-fixes--api-docs-1.19
backport/zalimeni/fix-submodule-versions-latest/thankfully-funny-colt
backport/zalimeni/k8s-1.4.0-docs-feedback/willingly-strong-pony
backport/zalimeni/net-3900-fix-tproxy-extension-panic/slowly-blessed-moray
backport/zalimeni/net-4904-bump-envoy-versions-docs/normally-endless-wren
backport/zalimeni/net-5146-bump-go-net_http-cve/externally-innocent-maggot
backport/zalimeni/net-5163-prioritize-by-locality-test/pleasantly-central-chow
backport/zalimeni/net-5163-prioritize-by-locality-test/primarily-harmless-marmoset
backport/zalimeni/net-5163-prioritize-by-locality-test/ultimately-related-drum
backport/zalimeni/net-5163-prioritize-by-locality-test/verbally-suited-aphid
backport/zalimeni/net-5217-derive-proxy-locality-from-parent-service-oss/absolutely-pumped-adder
backport/zalimeni/net-5622-consolidate-envoy-version-mgmt/similarly-crisp-mako
backport/zalimeni/net-6725-fix-sidecarproxycontroller-flake/literally-on-raven
backport/zalimeni/net-6725-fix-sidecarproxycontroller-flake/primarily-logical-stingray
backport/zalimeni/net-6741-add-make-target-dependency-update-modules/entirely-genuine-koi
backport/zalimeni/net-6741-add-make-target-dependency-update-modules/partly-welcome-unicorn
backport/zalimeni/net-7713-v2-docs-virtual-port-ref-k8s--1.18.0
backport/zalimeni/net-9224-bump-go-1.21.10/uniquely-bold-jackal
backport/zalimeni/test-bpa-0.4.1/urgently-accepted-snipe
backport/zalimeni/upgrade-vault-remove-go-jose.v2/extremely-feasible-rat
backport/zalimeni/upgrade-vault-remove-go-jose.v2/privately-square-walrus
backport/zalimeni/upgrade-vault-remove-go-jose.v2/usually-quality-locust
backport/zalimeni/use-go-version-file/firmly-tops-chow
backport/zalimeni/use-go-version-file/marginally-modest-condor
backport/zalimeni/use-go-version-file/sincerely-native-man
backup-windows-integration-27th-june
backup_grafana-dashboards
banks-patch-1
blake/1.11-oidc-ui-nspace-fix
blake/fix-kv-import-folder-prefix-10906
blake/ingress-no-dnsname-port-gh-11092
blake/support-qname-minimization-6579
blake/v1.8.0-ingress-websocket-fix
bny-custom-04052021
boruszak/docs-stable-merge
boxofrad/autoreload-merge
boxofrad/backend-list-by-owner
boxofrad/better-vault-error-logging
boxofrad/controller-api-spike
boxofrad/extract-type-registration
boxofrad/fix-changelog-pr-links
boxofrad/rename-master-acl-tokens-internally
boxofrad/resource-service-client
boxofrad/spike-catalog-write-rate-limit
boxofrad/spike-resource-http
boxofrad/spike-server-resource
boxofrad/spike-version-translation
boxofrad/streaming-contention-close-in-goroutine
boxofrad/streaming-contention-experiment
boxofrad/streaming-contention-next-fast-path
boxofrad/streaming-contention-semaphore-wakeup
boxofrad/streaming-contention-simple-semaphore
boxofrad/upgrade-grpc
brk.check-link-follow-redirect
brk.feat/mdx-v2
bug-service-defaults-override-by-proxy-defaults
build-darwin-ubuntu
bump-api
bump/go-and-envoy/rc1.20
case-insensitive-node-names-acl-checks
catalog-service-list-filter
catalog_node_watch_fix
cc-4931/nick-refactor
cc-7178-skip-flakey-test-in-navigation
changes-to-ui-folder-test
checkpoint_telemetry_poc
cherry-pick-fix
cherry-pick-merge
ci/main-assetfs-build
ci/update-security-scanner-token
clarify-connect-language-in-cli-help-text
clarify-hcl-cli
clly/upgrade-vault-api
cluster-peering-partitions
code-organization
commontopo-better
community-12079
compliance/add-headers
computed-gateway-routes-spike
config-issue-616
config_replication_id
consistent-error-handling
consul-docs-ia-redesign
consul-docs-ia-redesign-v2
consul-vs-comp
container-test-speedup
controller-cache
copy-working-file
core-multiport-fixes
correct-acl-hash-replication
crt-consul-migration
crt-migration-build-flags
cts-deprecate-port-option
cts-ls-test-docs
cts-pan-ngfw
dan/1.19.0/changelog-update
dans/NET-1154/persist-ca-updates-in-peering
dans/NET-3917/initial-fetch-timeout-permafix
dans/NET-7910/v2-dns-enable-peering
dans/fic-https-basic-test
dans/fix-compat-test-access-logs
dans/make-peer-name-uniform
dans/remove-multiport-docs
dans/remove-ws-from-jira-gha
dans/skaffold-experiment
dans/test-pr-labeler
dans/that-time-dan-broke-consul
david-yu-admin-partitions
david-yu-bug-report
david-yu-bump-envoy
david-yu-cluster-peering-docs-1-12
david-yu-edit-pr
david-yu-patch-1
david-yu-patch-2
david-yu-release-note
david-yu-v2-update
debug-1.16-api
debug-sdk
debugging-jm/NET-6294
debugging-jm/NET-6294-deepcopy
deepcopy-gatewaycontroller
dep/raft-boltdb
dependabot/github_actions/actions/setup-go-5.1.0
dependabot/github_actions/browser-actions/setup-chrome-1.7.2
dependabot/github_actions/docker/setup-qemu-action-3.2.0
dependabot/github_actions/golangci/golangci-lint-action-6.1.1
dependabot/github_actions/slackapi/slack-github-action-2.0.0
dependabot/go_modules/github.com/aliyun/alibaba-cloud-sdk-go-1.63.54
dependabot/go_modules/github.com/aws/aws-sdk-go-1.44.128
dependabot/go_modules/github.com/hashicorp/go-sockaddr-1.0.7
dependabot/go_modules/github.com/hashicorp/hcp-sdk-go-0.124.0
dependabot/go_modules/github.com/hashicorp/raft-1.7.1
dependabot/go_modules/github.com/hashicorp/raft-boltdb/v2-2.3.0
dependabot/go_modules/github.com/olekukonko/tablewriter-0.0.5
dependabot/go_modules/go.opentelemetry.io/otel/metric-1.32.0
dependabot/go_modules/golang.org/x/oauth2-0.24.0
dependabot/go_modules/gotest.tools/v3-3.5.1
dependabot/go_modules/k8s.io/apimachinery-0.31.3
dependabot/go_modules/test-integ/github.com/docker/docker-25.0.6incompatible
dependabot/go_modules/test/integration/consul-container/github.com/docker/docker-25.0.6incompatible
dependabot/go_modules/test/integration/consul-container/github.com/opencontainers/runc-1.1.14
dependabot/npm_and_yarn/ui/cross-spawn-6.0.6
dependabot/npm_and_yarn/ui/elliptic-6.6.0
dependabot/npm_and_yarn/ui/express-4.20.0
dependabot/npm_and_yarn/ui/follow-redirects-1.15.6
dependabot/npm_and_yarn/ui/rollup-2.79.2
dependabot/npm_and_yarn/ui/webpack-5.94.0
dependabot/npm_and_yarn/website/husky-9.1.7
dependabot/npm_and_yarn/website/next-15.0.3
dependabot/npm_and_yarn/website/prettier-3.3.3
derekm/NET-6565/release-1.15.3-wpac
derekm/improve-vip-lookups
derekm/xds-use-same-http-protocol-downstream-to-localapp
dhia/ca-cas-config-refactor
dhiaayachi/NET-4926-v1-ns-delete
dhiaayachi/NET-5519-ns-bridge-2
dhiaayachi/fix-trustbundle-peers
dhiaayachi/go-toolchain
dhiaayachi/raft-wal-backend-as-default
dhiaayachi/raft-wal-backend-as-default-code
disable-flaky
disco-retain-details
dl-license
dnephin/acl-resolve-token-4
dnephin/acl-resolve-token-5
dnephin/acl-resolver-6
dnephin/acl-resolver-7
dnephin/agent-setup-user-event-handler
dnephin/ca-cluster-id
dnephin/ca-cluster-id-2
dnephin/ca-manager-move-to-new-package
dnephin/ca-manager-move-to-new-package-2
dnephin/ca-remove-unused-fields
dnephin/catalog-service-list-filter
dnephin/ci-handle-ent-differences
dnephin/cleanup-ae
dnephin/cleanup-ae-2
dnephin/cleanup-ae-3
dnephin/conn-pool-docs
dnephin/deprecate-verify-incoming
dnephin/docs-day-acl-move-config-ref
dnephin/docs-day-acl-move-rules-table
dnephin/docs-day-acl-overview
dnephin/docs-more-details-about-vault-provider
dnephin/enable-logging-color
dnephin/fix-serf-tag-data-race
dnephin/http-struct-interfaces
dnephin/move-dns-server-to-apiServers
dnephin/prefix-overlap-watches
dnephin/remove-lib-translate-keys-attempt-2
dnephin/rpc-metrics
dnephin/secure-defaults
dnephin/structs-proxy-defaults-remove-name-field
dns-srv-separate-tag-from-protocol
doc-clarify-version-format
doc-fix-missing-fed-methods
docs-backport-fix-er
docs-cluster-peering-technical-preview
docs-day
docs/1-17-release-notes
docs/1.17-docs-reconcile
docs/add-partition-query-api
docs/agent-config
docs/api-catalog-register-snake_case
docs/api-overview-devdot
docs/auto-cert
docs/clarify-connect-language
docs/clarify-crd-tutorial
docs/clarify-cross-partition-mgw-export-requirement
docs/clarify-network-area-mesh-gw-compatibility
docs/cli-breakout-positional-args
docs/cli-characteristics-and-crossref
docs/cluster-peering-beta
docs/cluster-peering-improvements
docs/cluster-peering-updates
docs/consul-ia-experiement-fdbk-1
docs/consul-ia-experiment
docs/consul-ia-experiment-cts-adam
docs/consul-k8s-upgrade
docs/consul-snapshot-agent-kms-policy-4369
docs/cts-zscaler-partner-guide
docs/er-404-inline-checker
docs/fix-broken-links
docs/fix-broken-links-1
docs/fix-broken-markdown-link
docs/fix-ent-dns-service-lookup-link
docs/fix-exported-services
docs/fix-release-notes-links
docs/intentions-refactor-docs-day-2022
docs/jeff-sandbox
docs/jkirschner-hashicorp-patch-1
docs/k8s-0-49-helm-docs
docs/k8s-deployment
docs/krastin/connect-serviceintentions-fixlinks
docs/krastin/nomad-for-consul
docs/manual-backport-for-LTS
docs/manual-backport-kv-page
docs/misc-fixes
docs/note-about-connect-service-upstream-env-var
docs/peer-in-dns-lookups
docs/proposed-docs-overview-pages
docs/rebackport-k8s-fed-req-failed-pick
docs/redirect-dns-docs
docs/refactor-discover-services-docs
docs/release-1.17-reconcile-1
docs/rework-service-splitter-ref-docs
docs/rework-service-splitter-ref-docs-no-objects
docs/sentence-case-titles
docs/tables-instead-of-lists
docs/update-config-entry-ref-component
docs/update-content-cluster-peering
docs/update-faq-header
docs/update-loglevel-trace
docs/update-storage-class-ref-arch
docs/update-wan-fed-mesh-gateway-guide
docs/vault-connect-ca-namespace-improvements
docs/vault-secrets-backend-limitations
docs/waf-page-migration
ds-nd/net-9016-kvdataloss
dstough/CSLC-130-restrict-terminating-gateway-access-to-tls
dstough/GH-11250-system-ca-for-tgateways
dstough/acl-for-destinations
dstough/gateway-linked-endpoint
dstough/test-endpoint-service-query
dyu-cluster-peering-fix-1-12
dyu-license
dyu-relnotes
dyu/1.15-docs
dyu/dockerfile
dyu/envoy-bump
eculver/1.12.x/latest-changelog
eculver/1.13.0-alpha1-changelog
eculver/auth-method-docs
eculver/enable-arm-verifications
eculver/envoy-1.21.1
eculver/missing-docs-changes
eculver/oss-ent/new-params
eculver/stable-website/latest-envoy-support
eculver/verifications
eculver/verify-release-artifacts
eikenb/cloudfoundry-vault-provider-auth
eikenb/matrix-integration-testing
eikenb/vault-integration-testing
eliminate-gotest.tools/v3
envoy-crash-help
envoy-ext-local-ratelimit-fix
errors/acl-agent-token-not-set
errors/acl-not-found-bootstrap-not-exist
evrowe-consul-ui-readme-update
experiment/raft-grpc
extend-retry
external-services
f-reloadable-configuration-enable-debug-backup
feature-negotiation-grpc-api
feature/acl-replication-status
feature/envoy-support-tlsv13
ffmmm/b-10871
ffmmm/default-prom-s
fix-agent-cache-leak-3
fix-broken-dockerfile-sam
fix-cherry-pick
fix-controller-watch
fix-deregister-url-service-id
fix-entpoint-get-500
fix-failing-linting-test
fix-fips-build-amd
fix-flaky
fix-flaky-peerstream-test
fix-integ-machines
fix-lambda-docs-spacing-bug
fix-lambda-l7-routing
fix-leaf-panic
fix-leaf-timeout
fix-peering-2-partitions
fix-protobuf-generation
fix-syslog
fix-tests
fix-transparent-proxy
fix/make-test-deployer
fix_k8s_helm_docs_june
fixes/helper-text-config-entry-delete
gateway-listener-binding-bugfix
gateways/typed-status-regen
gh-13491
gh-18096-fix-missing-ttl-value
gh-maxconnections-ingress-gateway
gha-basic-artifact-validation
go-action-cache
gotest-remote-cache
gotest-remote-cache-2
grpc-envoy-bootstrap-params-oss-test
grpc-tls-compat
gw-xds-handling-eventual-consistency
hack-cloudlink
hack-deploy
hack-hcp-integration-split
hackathon/consul-common-errors
hans/ccm-playground
hcp-LastContact
hcp-link-config-skeleton
hcp/expose-grpc-scada
health-prefer-connect
hk/jm/test-integrations-fix-compatibility-test
hk/jm/test-integrations-fix-upgrade-test
ignore-exported-prefix-on-cluster-metrics
im2nguyen-patch-1
improve-intention-error-messages
improve_ci_run_time
increase-maching-size
ingress-gw-tracing-config
iradix-improved
ishustava/NET-5580-bump-all-resource-versions
ishustava/auth-method-secondary-dc
ishustava/authz-types
ishustava/debug-mesh-gw-test
ishustava/dns-proxy-poc
ishustava/fix-agent-proxy-mgr-instantiation
ishustava/mesh-controller-upstream-proxy
ishustava/multi-port-test-fixes
ishustava/sidecar-proxy-controller-tproxy
ishustava/spike-agent-cache-watch
ishustava/spike-controller-leaf-cert-watch
ishustava/spike-proxy-cfg-src-v2
ishustava/test-int-tests
ishustava/v2-traffic-perms-ir-suggestions
ishustava/vault-k8s-docs
ishustava/xds-server-v2
japple-rel-notes-reorg
japple/cherry-pick-1.11.x-release-notes
jer/ccm-read-only-squashed
jer/merge-ccm-bootstrap-config
jjtimmons/backport-48c8a83
jjtimmons/backport-otel-freq-2
jjtimmons/hcp-telemetry-periodic-refresh-start-up
jjtimmons/increase-buckets
jkirschner-hashicorp-patch-2
jm-client-timeout
jm-net-5879
jm-plug
jm-plug-git
jm-plug-http
jm/0427
jm/1.19-updated-go-mods
jm/1.5-sub
jm/1.9-sub
jm/3372-2
jm/NET-3372
jm/NET-3394
jm/NET-4237
jm/NET-4739
jm/NET-4931
jm/NET-4944
jm/NET-4944-1
jm/NET-5150
jm/NET-5590-xds-server
jm/NET-5822-test
jm/NET-6294-NET-4944
jm/NET-6385-hack
jm/NET-6941
jm/NET-8431
jm/acc-tests
jm/agent-hack
jm/bpa
jm/branch-filters
jm/break-branch-protection
jm/cc
jm/checking-changes-old
jm/client-timeout
jm/client-timeout-2
jm/delete-website
jm/destination-tests-grpc
jm/empty-endpoints
jm/ent-deps
jm/ent-dev-migration
jm/explicit-based-l7
jm/fix-jwt-auth-bug
jm/fix-sw-qa
jm/gh-20360
jm/gh-call
jm/gha-recreation
jm/go-testcontainers
jm/go-tests-notify
jm/go-tests-notify-2
jm/gtsm
jm/hack
jm/hack-int
jm/hack-int2
jm/hcp-vault
jm/helm
jm/helm-updates
jm/ip-rate-limit-api
jm/mock-handler
jm/mock-handler-2
jm/move-code
jm/multi-port-integ
jm/multilimiter-memdb
jm/net-4941-leaf
jm/plug
jm/preflight
jm/release-1.18.4
jm/remove-compat-test-splitting
jm/resource-tests
jm/retract
jm/retry-on-connect-failure
jm/rmv-compat
jm/same-docker-compose
jm/snap-restore
jm/snapshot-restore-tests
jm/split-compatibility
jm/split-tests
jm/success
jm/test
jm/test-integrations-hui-test-integ
jm/test-split
jm/test-splitting
jm/ul
jm/v2-dns-v1-data-fetcher
jm/v2-examples
jm/vault-ent-license
jm/vault-gossip
jm/vault-wan-fed
jm/vault-wan-fed-2
jm/verify-linux-fix
jm96441n/manual-backport-dupe-parents
johnlanda/bench
johnlanda/trafficpermissionscontroller
jwt-multiple-virtual-hosts
k8s_healthcheck
kisunji-patch-1
kisunji/1.12.x-revert-pathescape
kisunji/1.13.x-docs-cherrypick
kisunji/1.14.x-docs-backport
kisunji/NET-1396-token-self-expanded
kisunji/NET-2590-default-intention-policy
kisunji/approval-button
kisunji/assetfs-merge-ci
kisunji/cache-fix-test
kisunji/catalog-service-list-filter
kisunji/ent-label-ratelimit
kisunji/fix-golden
kisunji/fix-stable-website
kisunji/fix-stable-website-2
kisunji/go1.17.4
kisunji/grpc-native-balancer
kisunji/kv-docs-fix
kisunji/lintest
kisunji/merge-stable-website
kisunji/merge-test
kisunji/more-ent-test-fixes
kisunji/net-6230-namespace-trafperms
kisunji/peering-bugfix-changelog
kisunji/pin-circleci-docker-version
kisunji/replace-registry-pattern
kisunji/rpc-shim
kisunji/serveraddrs-generate-token-req
kisunji/small
kisunji/small-testfix
kisunji/subloggers
kisunji/temp
kisunji/temp-rpc-deadline
kisunji/upgrade-warning
km.vercel-config
kv-1.10.8-withlogs
kv-1.14.8-withlogs
lambda-beta-docs
lambda-docs
leadership-transfer-cmd
listener-route-spike
lkysow/consul-plugin-exec
lkysow/serverless-via-metadata
lkysow/service-not-exist
lkysow/windows-tests
loadtest-test
local-mesh-gateway-pst
locality-aware-routing
lorna/cc-6925/1-15
loshz/NET-7225-peeringv2-proto-check
luoxuan00733-patch-1
m1-investigate
ma/backport-stable-website
ma/ipv6-robustness-fixes
ma/md5_fix_oss
ma/move-enterprise-meta-try2-oss
ma/resource-listing
ma/typo-fix
ma/vault-namespace-intermediate-provider
main
make-codegen
malizz/NET-1663/fix-bug
malizz/update-proto-imports-in-1.14.x
manual-backport-1.8.0-ingress-gateway
markcv-upstreamConfig-update
mathew.estafanous/dev
max-jitter
may-alignment
mesh-gateway-all-the-things
mesh-gateway-broken-all-the-things
mgw-wanfed-hard-network-partition
migrate-tests-to-use-slack-actions
mirror-to-ent
mktg-tf-b183f7b50da4e35426c936006092c7b3
more-lambda-docs-tweaks
mrktfix18
mvincent/no-freelist-logging
natemollica-nm-patch-1
natemollica-nm-patch-2
nd/bring-back-peering-ext-addr
nd/net-7510-openapi-followup-matt-poc
nd/spike-proxy-state-controller
nd/update-compat
net-5889/workloadhealth-tests
net-6138/release/1.17.x
net-6230-namespace-tp
net-6706
net-7953/adjust-computed-gateway-protos
net-7984/clusters-for-api-gateways
net-7986/routes-for-api-gateways
net-8075/certs-for-api-gateways
net-8416-add-gateway-api-request-redirect-filter
nfi-api-client-nop-write
nfi-cache-unit-test-results
nfi-fix-go-test-check
nfi-fix-test-integ-go-mod
nfi-gha-fiddling
nfi-go-test-cache
nfi-poc-gotestdoc
nfi-poc-unit-and-upgrade
nfi-poc-unit-and-upgrade-type
nfi-split-lint-from-go-tests
nia_resize_image
nickcellino/link-status
nicoleta/bum-envoy-on-1.15.x
nicoleta/bump-envoy
nicoleta/bump-envoy-on-1.18.x
no-change-cache
no-op-ron-lint
nvanthao/b-delete-config
nvanthao/b-snapshot-recovery
only_async_trigger_changes
openapi
optimized-seek-prefix-watch
origin/markcv/CSEP-157/duplicate-sidecar-port-validation
origin/markcv/update-envoy-version-doc
oss-merge-pr-branch
oss-merge-v2
oss-rename-trigger
partition/session-test-kvs-endpoint
pcmccarron-patch-1
peering-upstream-annotation
pglass/dump-aws-bearer-token
poc-alpn-glow
poc-cli-grpc
poc-httpfilter
preetha/NET-1322
promtheus_consul_version
propogate-request-time-downstream
proxycfg-deadlock
proxycfg-deadlock-2
proxycfg/init-local-gateways-map
raft-tls-include-intermediates
rboyer/add-linter-net-rpc
rboyer/deployer-with-v2-tproxy-bookmark
rboyer/fix-v2-testing
rboyer/golden-proto-json
rboyer/hack-neo
rboyer/proxy-configuration-cache
rboyer/spike-agent-cache-watch--fork
rboyer/wrappedtypes
rboyer/xds-refactor
reach
rebase-multiport-test-fixes
refactor-add-patches
release/1.10.0
release/1.10.0-alpha
release/1.10.0-beta1
release/1.10.0-beta2
release/1.10.0-beta3
release/1.10.0-beta4
release/1.10.0-rc
release/1.10.0-rc2
release/1.10.1
release/1.10.1-beta1
release/1.10.10
release/1.10.11
release/1.10.12
release/1.10.2
release/1.10.4
release/1.10.5
release/1.10.6
release/1.10.7
release/1.10.8
release/1.10.9
release/1.10.x
release/1.11.0
release/1.11.0-alpha
release/1.11.0-beta1
release/1.11.0-beta2
release/1.11.0-beta3
release/1.11.0-rc
release/1.11.1
release/1.11.10
release/1.11.11
release/1.11.2
release/1.11.3
release/1.11.4
release/1.11.5
release/1.11.6
release/1.11.7
release/1.11.8
release/1.11.9
release/1.11.x
release/1.12.0
release/1.12.0-beta1
release/1.12.1
release/1.12.2
release/1.12.3
release/1.12.4
release/1.12.5
release/1.12.6
release/1.12.7
release/1.12.8
release/1.12.9
release/1.12.x
release/1.13.0
release/1.13.0-alpha1
release/1.13.0-alpha2
release/1.13.0-techpreview1
release/1.13.1
release/1.13.2
release/1.13.3
release/1.13.4
release/1.13.5
release/1.13.6
release/1.13.7
release/1.13.8
release/1.13.9
release/1.13.x
release/1.14.0
release/1.14.0-beta1
release/1.14.1
release/1.14.10
release/1.14.11
release/1.14.2
release/1.14.3
release/1.14.4
release/1.14.5
release/1.14.6
release/1.14.7
release/1.14.8
release/1.14.9
release/1.14.x
release/1.15.0
release/1.15.1
release/1.15.10
release/1.15.12
release/1.15.15
release/1.15.2
release/1.15.3
release/1.15.4
release/1.15.5
release/1.15.6
release/1.15.7
release/1.15.8
release/1.15.9
release/1.15.x
release/1.16.0
release/1.16.0-rc1
release/1.16.1
release/1.16.2
release/1.16.3
release/1.16.4
release/1.16.5
release/1.16.6
release/1.16.8
release/1.16.x
release/1.17.0
release/1.17.0-rc1
release/1.17.1
release/1.17.2
release/1.17.3
release/1.17.5
release/1.17.7
release/1.17.x
release/1.18.0
release/1.18.0-rc1
release/1.18.1
release/1.18.2
release/1.18.4
release/1.18.5
release/1.18.x
release/1.19.0
release/1.19.1
release/1.19.2
release/1.19.3
release/1.19.x
release/1.20.0
release/1.20.0-rc1
release/1.20.1
release/1.20.x
release/1.6.10
release/1.6.7
release/1.6.9
release/1.6.x
release/1.7.10
release/1.7.11
release/1.7.12
release/1.7.13
release/1.7.14
release/1.7.5
release/1.7.6
release/1.7.8
release/1.7.9
release/1.7.x
release/1.8.0
release/1.8.1
release/1.8.10
release/1.8.11
release/1.8.11-beta1
release/1.8.11-beta2
release/1.8.12
release/1.8.13
release/1.8.14
release/1.8.15
release/1.8.17
release/1.8.18
release/1.8.19
release/1.8.2
release/1.8.4
release/1.8.5
release/1.8.6
release/1.8.7
release/1.8.7-beta1
release/1.8.8
release/1.8.9
release/1.8.9-beta1
release/1.8.x
release/1.9.0
release/1.9.0-beta2
release/1.9.0-beta3
release/1.9.0-rc1
release/1.9.1
release/1.9.11
release/1.9.12
release/1.9.13
release/1.9.14
release/1.9.15
release/1.9.16
release/1.9.17
release/1.9.2
release/1.9.3
release/1.9.4
release/1.9.5
release/1.9.6
release/1.9.7
release/1.9.8
release/1.9.9
release/1.9.x
releng-329
remove-deprecated-peering-fields
remove-gogo-getters
remove-legacy-acl-endpoints-cli
remove-legacy-acl-vestiges
remove-references-to-consul-connect
remove-to-ingress
replace-learn-links
resource-type-gen2
resource-type-scope-gen
resource-v1
resource-v1-1.18
retry-flaky
retry-join-timeout
retry-timeout-e2e-test-NET-5208
revert-11376-leadership-transfer-onleave
revert-11692-cherry-pick-fix
revert-17760-backport/docs/lkysow-upgrade/scarcely-master-adder
revert-18796-docs/ext-authz-apigee
revert-19038-NET-5788-fix-ready-listeners-in-core
revert-20682-CC-7479-add-alert-to-link-to-hcp-modal-to-refresh-page
revert-21572-zalimeni/update-bpa
revert-version-updates
robyer/deployer-l7-split-tests
ron-test
routes-controller
sa-restructure-documentation
sar-for-unit-tests
sarah-test
sarah-test-docker-cpus
sarah/test-license-script
sarah/test-reproducible-build
scratch/data-source-metrics
security/auto-go-bump
security/ui-dependency-bump
server-rate-limit/mock-handler-2
server-rate-limit/multilimiter-lock
serverless-via-metadata
service-endpoints-id-ports
service-owner-ref
service-tags-upgrade-fix
shutdown-test-agents
silent-ui-tests
skpratt/acl-controller-test
skpratt/acl-error-debug
skpratt/resource-api-support
skpratt/temp-debug
skpratt/test-coverage-report-ci
skpratt/workload-identity
sm/add-goarm-to-main
smre-317/redhat-projectid
sp/better-make-help
spatel/NET-1847-repro
spatel/NET-3409-automate-goimports-on-commit-using-precommit
spatel/better-testlist-main
spatel/fix-typo
spatel/gci-format-all-the-things
spatel/post-release-fixups
spatel/pre-commit
spatel/sandbox
spatel/scope-required-in-registration
spatel/throwaway
spatel/throwaway-gci-results
spatel/throwaway-gci-results-2
spatel/throwaway-reviser-results
sqm
stable-website
stepbui1-patch-1
streaming-rpc
stub-api-gateway-xds
stub-v2-gateways
tagged-addrs
tagger-14
tauhid621/exported_services_api
tauhid621/peer_exported_services_api
temp
temp-branch
terminating-gateway-overrides
terminating-gateway-service
terminating-gateway-service-base
test-branch
test-gh-fix
test-go-build-cache
test-linter
test-no-concurrency
test-no-concurrency-full
test-no-disk
test-prepare
test/jjtimmons/hcp-telemetry
test/load-test-lambda
test/zalimeni/docs-skip-md
test/zalimeni/docs-skip-mdx
test_ci_skip
testingconsul-clean-up
tgw/resolver-query-fix
tgw/resolver-query-fix-1-10
tgw/resolver-query-fix-1-9
traffic-permissions-cache
troubleshoot/changelog
ua-test/conflict-1
udp-check
ui/CC-6137
ui/CC-7062-get-back-metrics-test-with-updated-selector
ui/CC-7062-get-back-metrics-test-with-updated-selector-for-draft
ui/CC-7062-get-back-metrics-test-with-updated-selector-upd
ui/NET-438-add-ent-version-suffix
ui/NET-438/add-ent-version-suffix
ui/NET-5414
ui/ariadne-core-ui
ui/ariadne/ui-changes
ui/backport/1.8.x/11328
ui/bugfix/2-instance-1-proxy
ui/bugfix/403-partitions-endpoint
ui/bugfix/fixup-routlets
ui/bugfix/notfound-t
ui/bugfix/spelling
ui/cc-7178-skip-flakey-test-in-navigation
ui/chore/ci/1.11.x
ui/chore/remove-tooltip-component
ui/chore/standardize-statechart-yield
ui/chore/upgrade-327
ui/chore/upgrade-ember-3-28
ui/codemirror-lint-removal
ui/copy-edits-for-built-in-policy-alert
ui/copy-link-mock-endpoint-to-prefixed-api
ui/de-lint
ui/feature/ember-update-3.28.6
ui/feature/fault-tolerance-link
ui/feature/fix-auth-method-views
ui/feature/has-peerings-class
ui/feature/ui-config-dashboard-urls
ui/feature/use-cut-list-item-for-services
ui/fix-home-link
ui/fix-mock-api-endpoint
ui/fix-tests-whoopsie
ui/node-engine
ui/remove-jsonlint-dep
ui/rm-intention-test-with-latency
ui/scratch/ci-stuff
ui/scratch/empty
ui/scratch/empty-w-route
ui/scratch/light-sshhhhh
ui/scratch/side-app-example
ui/scratch/storybook-overlord
ui/temporary-remove-tests-which-fails-on-consul-enterprise
ui/temporary-remove-token-policy-test
update-api-version
update-go-1.18.9-rboyer
update-golang-x-libs
update-link-to-documents-from-link-to-hcp-modal
update-linux-package-license
update-node-version-to-14
update-to-blessed-fork-of-mapstucture
update-upgrade-test-image
update-version-1.17
update_gen_meta
update_gen_meta-1
update_gen_meta-2
updategolangx
upgrade-1.3-dataplane-to-1.6-dataplane
upgrade-test-remove-docker-login
urldecode-url-query-params-part-1
use_values_yaml_instead_of_config_yaml
using-art-hashi
v2-backend-ref-note
v2-docstring-updates
v2-gateways-api-proto
v2-gateways-controller
v2-tproxy-container-tests
validate-decoded-helper
vanphan24-patch-1
vault-compatability-consul-pki-token
vault-nomad-version-bump
wal-docs
wan-fed-v2
wasm-filters
website/1.10.0
windows-integration-test-envoy
windows-preview
wire-up-traffic-permissions
x/bench-catalog
x/singleflight
x/streaming-v2
x/wal
xds-native-primitives-poc
xds/cds-ack
xw/NET-5725-client-refactor
xw/NET-5725-grpc-cli-clean-up
zalimeni/add-make-target-dependency-update-modules
zalimeni/api-1.23.0-release
zalimeni/api-sdk-backwards-compat-go-version-detect
zalimeni/check-go-max-procs
zalimeni/dhiaayachi/raft-wal-backend-as-default--suggestions
zalimeni/dns-recurse-only-if-enabled
zalimeni/enable-security-scans-release--test
zalimeni/feature/net-1151-l7-intentions-security-fixes--archive
zalimeni/fix-nightly-branch-sourcing-get-go-version
zalimeni/go-work
zalimeni/net-3447-reintroduce-new-extension-resources
zalimeni/net-5189-fix-any-slice-handling-repeated-fields
zalimeni/net-5586-support-virtual-port-xroute-dest
zalimeni/net-5622-consolidate-envoy-version-mgmt-1.17
zalimeni/net-5622-consolidate-envoy-version-mgmt-1.18
zalimeni/net-5622-consolidate-envoy-version-mgmt-test-1.19-nightly
zalimeni/net-5622-consolidate-envoy-version-mgmt-test-nightly-upgrade
zalimeni/net-6597-upgrade-go-jose-go-oidc
zalimeni/net-6600-remove-insecure-hash-use
zalimeni/net-9141-exclude-ce-license-ent
zalimeni/net-9229-remove-coredns-1.16
zalimeni/no-op-test-ci-1.14
zalimeni/sanitize-slack-ci-failure-input--test
zalimeni/skip-failure-notification-slack-on-cancel--test-skip-latest
zalimeni/skip-failure-notification-slack-on-cancel--test-skip-refactor
zalimeni/submodules-to-go-work
zalimeni/test-ci-skips
zalimeni/test-ent-license-exclusion
zalimeni/test-ent-license-exclusion--baseline-main
zalimeni/test-ent-license-exclusion-2
zalimeni/test/main-baseline-envoy-int-tests
zalimeni/tmp-show-least-request-prop-override-golden
zalimeni/try-go-workspace-submodules
zalimeni/update-k8s-docs-1.17.x
zalimeni/update-submodules-post-1.5.0
zalimeni/use-consul-go-version-nomad-vault-int-suite
zalimeni/verify-docker-engine-version
zs.test-mdx-fixes
zs.test-placeholder-page-removal
api/v1.0.0
api/v1.0.1
api/v1.1.0
api/v1.10.0
api/v1.10.1
api/v1.11.0
api/v1.12.0
api/v1.13.0
api/v1.13.1
api/v1.14.0
api/v1.15.0
api/v1.15.1
api/v1.15.2
api/v1.15.3
api/v1.16.0
api/v1.17.0
api/v1.18.0
api/v1.18.1
api/v1.18.2
api/v1.19.0
api/v1.19.1
api/v1.19.2
api/v1.2.0
api/v1.20.0
api/v1.21.0
api/v1.21.1
api/v1.21.2
api/v1.21.3
api/v1.21.4
api/v1.22.0
api/v1.22.0-rc1
api/v1.23.0
api/v1.24.0
api/v1.25.0
api/v1.25.1
api/v1.26.0-rc1
api/v1.26.1
api/v1.26.1-rc1
api/v1.27.0
api/v1.27.1
api/v1.27.2
api/v1.28.0
api/v1.28.0-rc1
api/v1.28.1
api/v1.28.2
api/v1.28.3
api/v1.28.4
api/v1.28.5
api/v1.29.0
api/v1.29.1
api/v1.29.2
api/v1.29.3
api/v1.29.4
api/v1.29.5
api/v1.29.5-rc1
api/v1.29.6
api/v1.3.0
api/v1.30.0
api/v1.4.0
api/v1.5.0
api/v1.6.0
api/v1.7.0
api/v1.8.0
api/v1.8.1
api/v1.9.0
api/v1.9.1
ent-changelog-1.15.11
ent-changelog-1.15.12
ent-changelog-1.15.13
ent-changelog-1.15.14
ent-changelog-1.15.15
ent-changelog-1.16.7
ent-changelog-1.16.8
ent-changelog-1.17.4
ent-changelog-1.17.5
ent-changelog-1.17.6
ent-changelog-1.17.7
ent-changelog-1.18.3
ent-changelog-1.18.4
ent-changelog-1.18.5
ent-changelog-1.19.3
envoyextensions/v0.1.0
envoyextensions/v0.1.1
envoyextensions/v0.1.2
envoyextensions/v0.2.0
envoyextensions/v0.2.1
envoyextensions/v0.2.2
envoyextensions/v0.2.3
envoyextensions/v0.2.4
envoyextensions/v0.3.0
envoyextensions/v0.3.0-rc1
envoyextensions/v0.4.0
envoyextensions/v0.4.1
envoyextensions/v0.5.0-rc1
envoyextensions/v0.5.1
envoyextensions/v0.5.1-rc1
envoyextensions/v0.5.2
envoyextensions/v0.5.3
envoyextensions/v0.5.4
envoyextensions/v0.6.0
envoyextensions/v0.6.0-rc1
envoyextensions/v0.6.1
envoyextensions/v0.6.2
envoyextensions/v0.7.0
envoyextensions/v0.7.1
envoyextensions/v0.7.2
envoyextensions/v0.7.3
envoyextensions/v0.7.4
envoyextensions/v0.7.4-rc1
envoyextensions/v0.7.5
envoyextensions/v0.7.6
internal/v0.1.0
list
proto-public/v0.1.0
proto-public/v0.1.1
proto-public/v0.2.0
proto-public/v0.2.1
proto-public/v0.3.0
proto-public/v0.4.0
proto-public/v0.4.0-rc1
proto-public/v0.4.1
proto-public/v0.5.0-rc1
proto-public/v0.5.1
proto-public/v0.5.1-rc1
proto-public/v0.5.2
proto-public/v0.5.3
proto-public/v0.5.4-rc1
proto-public/v0.6.0
proto-public/v0.6.0-rc1
proto-public/v0.6.1
proto-public/v0.6.2
proto-public/v0.6.3
sdk/v0.1.0
sdk/v0.1.1
sdk/v0.10.0
sdk/v0.11.0
sdk/v0.12.0
sdk/v0.13.0
sdk/v0.13.1
sdk/v0.14.0
sdk/v0.14.0-rc1
sdk/v0.14.1
sdk/v0.14.2-rc1
sdk/v0.14.3-rc1
sdk/v0.15.0
sdk/v0.15.1
sdk/v0.16.0
sdk/v0.16.0-rc1
sdk/v0.16.1
sdk/v0.2.0
sdk/v0.3.0
sdk/v0.4.0
sdk/v0.5.0
sdk/v0.6.0
sdk/v0.7.0
sdk/v0.8.0
sdk/v0.9.0
stable-website-pre-1.12.0-force-push
troubleshoot/v0.1.0
troubleshoot/v0.1.1
troubleshoot/v0.1.2
troubleshoot/v0.2.0
troubleshoot/v0.2.1
troubleshoot/v0.2.2
troubleshoot/v0.3.0
troubleshoot/v0.3.0-rc1
troubleshoot/v0.3.1
troubleshoot/v0.4.0-rc1
troubleshoot/v0.4.1
troubleshoot/v0.4.1-rc1
troubleshoot/v0.5.0
troubleshoot/v0.5.1
troubleshoot/v0.5.2
troubleshoot/v0.5.3
troubleshoot/v0.5.4
troubleshoot/v0.6.0
troubleshoot/v0.6.0-rc1
troubleshoot/v0.6.1
troubleshoot/v0.6.2
troubleshoot/v0.6.3
troubleshoot/v0.6.5
troubleshoot/v0.7.0
troubleshoot/v0.7.1
troubleshoot/v0.7.2
troubleshoot/v0.7.2-rc1
troubleshoot/v0.7.3
v0.1.0
v0.2.0
v0.2.1
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.5.0
v0.5.0rc1
v0.5.1
v0.5.2
v0.6.0
v0.6.0-rc1
v0.6.0-rc2
v0.6.1
v0.6.2
v0.6.3
v0.6.4
v0.6.4-rc1
v0.6.4-rc2
v0.6.4-rc3
v0.7.0
v0.7.0-rc1
v0.7.0-rc2
v0.7.1
v0.7.2
v0.7.2-rc1
v0.7.3
v0.7.4
v0.7.5
v0.8.0
v0.8.0-rc1
v0.8.1
v0.8.2
v0.8.3
v0.8.4
v0.8.5
v0.9.0
v0.9.0-rc1
v0.9.1
v0.9.2
v0.9.3
v0.9.3-rc1
v0.9.3-rc2
v0.9.4
v1.0.0
v1.0.0-beta1
v1.0.0-beta2
v1.0.1
v1.0.1-rc1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.0.6
v1.0.7
v1.0.8
v1.1.0
v1.1.1
v1.10.0
v1.10.0-alpha
v1.10.0-beta1
v1.10.0-beta2
v1.10.0-beta3
v1.10.0-beta4
v1.10.0-rc
v1.10.0-rc2
v1.10.1
v1.10.1-beta1
v1.10.10
v1.10.11
v1.10.12
v1.10.2
v1.10.3
v1.10.4
v1.10.5
v1.10.6
v1.10.7
v1.10.8
v1.10.9
v1.11.0
v1.11.0-alpha
v1.11.0-beta1
v1.11.0-beta2
v1.11.0-beta3
v1.11.0-rc
v1.11.1
v1.11.10
v1.11.11
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.11.6
v1.11.7
v1.11.8
v1.11.9
v1.12.0
v1.12.0-beta1
v1.12.1
v1.12.2
v1.12.3
v1.12.4
v1.12.5
v1.12.6
v1.12.7
v1.12.8
v1.12.9
v1.13.0
v1.13.0-alpha1
v1.13.0-alpha2
v1.13.1
v1.13.2
v1.13.3
v1.13.4
v1.13.5
v1.13.6
v1.13.7
v1.13.8
v1.13.9
v1.14.0
v1.14.0-beta1
v1.14.1
v1.14.10
v1.14.11
v1.14.2
v1.14.3
v1.14.4
v1.14.5
v1.14.6
v1.14.7
v1.14.8
v1.14.9
v1.15.0
v1.15.1
v1.15.10
v1.15.11
v1.15.2
v1.15.3
v1.15.4
v1.15.5
v1.15.6
v1.15.7
v1.15.8
v1.15.9
v1.16.0
v1.16.0-rc1
v1.16.1
v1.16.2
v1.16.3
v1.16.4
v1.16.5
v1.16.6
v1.16.7
v1.17.0
v1.17.0-rc1
v1.17.1
v1.17.2
v1.17.3
v1.17.4
v1.18.0
v1.18.0-rc1
v1.18.1
v1.18.2
v1.19.0
v1.19.1
v1.19.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.20.0
v1.20.0-rc1
v1.20.1
v1.3.0
v1.3.1
v1.4.0
v1.4.0-rc1
v1.4.1
v1.4.2
v1.4.3
v1.4.4
v1.4.5
v1.5.0
v1.5.1
v1.5.2
v1.5.3
v1.6.0
v1.6.0-beta1
v1.6.0-beta2
v1.6.0-beta3
v1.6.0-rc1
v1.6.1
v1.6.10
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.0-beta1
v1.7.0-beta2
v1.7.0-beta3
v1.7.0-beta4
v1.7.1
v1.7.10
v1.7.11
v1.7.12
v1.7.13
v1.7.14
v1.7.2
v1.7.3
v1.7.4
v1.7.5
v1.7.6
v1.7.7
v1.7.8
v1.7.9
v1.8.0
v1.8.0-beta1
v1.8.0-beta2
v1.8.0-rc1
v1.8.1
v1.8.10
v1.8.11
v1.8.11-beta1
v1.8.11-beta2
v1.8.12
v1.8.13
v1.8.14
v1.8.15
v1.8.16
v1.8.17
v1.8.18
v1.8.19
v1.8.2
v1.8.3
v1.8.4
v1.8.5
v1.8.6
v1.8.7
v1.8.7-beta1
v1.8.8
v1.8.9
v1.8.9-beta1
v1.9.0
v1.9.0-beta1
v1.9.0-beta2
v1.9.0-beta3
v1.9.0-rc1
v1.9.1
v1.9.10
v1.9.11
v1.9.12
v1.9.13
v1.9.14
v1.9.15
v1.9.16
v1.9.17
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v1.9.7
v1.9.8
v1.9.9
${ noResults }
73 Commits (247033b046363b24b74c841e7fd9485fe84251b2)
Author | SHA1 | Message | Date |
---|---|---|---|
Daniel Nephin | a10283a313 |
acl: remove t.Parallel
These tests run faster without it, and it was causing races in enterprise tests. |
4 years ago |
R.B. Boyer |
6ba776b4f3
|
agent: protect the ui metrics proxy endpoint behind ACLs (#9099)
This ensures the metrics proxy endpoint is ACL protected behind a wildcard `service:read` and `node:read` set of rules. For Consul Enterprise these will need to span all namespaces: ``` service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } namespace_prefix "" { service_prefix "" { policy = "read" } node_prefix "" { policy = "read" } } ``` This PR contains just the backend changes. The frontend changes to actually pass the consul token header to the proxy through the JS plugin will come in another PR. |
4 years ago |
Warren |
40f080576e
|
Small typo in docstring (#8280)
|
4 years ago |
Matt Keeler |
1dba94311a
|
Add helper for generating better permission denied errors
|
5 years ago |
Daniel Nephin | 068b43df90 |
Enable gofmt simplify
Code changes done automatically with 'gofmt -s -w' |
5 years ago |
Jono Sosulska |
c554ba9e10
|
Replace whitelist/blacklist terminology with allowlist/denylist (#7971)
* Replace whitelist/blacklist terminology with allowlist/denylist |
5 years ago |
Freddy |
cb77fc6d01
|
Add managed service provider token (#7218)
Stubs for enterprise-only ACL token to be used by managed service providers. |
5 years ago |
Matt Keeler |
8bd34e126f
|
Intentions ACL enforcement updates (#7028)
* Renamed structs.IntentionWildcard to structs.WildcardSpecifier * Refactor ACL Config Get rid of remnants of enterprise only renaming. Add a WildcardName field for specifying what string should be used to indicate a wildcard. * Add wildcard support in the ACL package For read operations they can call anyAllowed to determine if any read access to the given resource would be granted. For write operations they can call allAllowed to ensure that write access is granted to everything. * Make v1/agent/connect/authorize namespace aware * Update intention ACL enforcement This also changes how intention:read is granted. Before the Intention.List RPC would allow viewing an intention if the token had intention:read on the destination. However Intention.Match allowed viewing if access was allowed for either the source or dest side. Now Intention.List and Intention.Get fall in line with Intention.Matches previous behavior. Due to this being done a few different places ACL enforcement for a singular intention is now done with the CanRead and CanWrite methods on the intention itself. * Refactor Intention.Apply to make things easier to follow. |
5 years ago |
Matt Keeler |
80d13d500b
|
Miscellaneous acl package cleanup
• Renamed EnterpriseACLConfig to just Config • Removed chained_authorizer_oss.go as it was empty • Renamed acl.go to errors.go to more closely describe its contents |
5 years ago |
Matt Keeler |
0b346616e9
|
Rename EnterpriseAuthorizerContext -> AuthorizerContext
|
5 years ago |
Matt Keeler |
8f0ab0129e
|
Miscellaneous Fixes (#6896)
Ensure we close the Sentinel Evaluator so as not to leak go routines Fix a bunch of test logging so that various warnings when starting a test agent go to the ltest logger and not straight to stdout. Various canned ent meta types always return a valid pointer (no more nils). This allows us to blindly deref + assign in various places. Update ACL index tracking to ensure oss -> ent upgrades will work as expected. Update ent meta parsing to include function to disallow wildcarding. |
5 years ago |
Matt Keeler |
deb91f3d3c
|
[Feature] API: Add a internal endpoint to query for ACL authori… (#6888)
* Implement endpoint to query whether the given token is authorized for a set of operations * Updates to allow for remote ACL authorization via RPC This is only used when making an authorization request to a different datacenter. |
5 years ago |
Matt Keeler |
79f78632e1
|
Update the ACL Resolver to allow for Consul Enterprise specific hooks. (#6687)
|
5 years ago |
Matt Keeler |
e4ea9b0a96
|
Updates to allow for Namespacing ACL resources in Consul Enterp… (#6675)
Main Changes: • method signature updates everywhere to account for passing around enterprise meta. • populate the EnterpriseAuthorizerContext for all ACL related authorizations. • ACL resource listings now operate like the catalog or kv listings in that the returned entries are filtered down to what the token is allowed to see. With Namespaces its no longer all or nothing. • Modified the acl.Policy parsing to abstract away basic decoding so that enterprise can do it slightly differently. Also updated method signatures so that when parsing a policy it can take extra ent metadata to use during rules validation and policy creation. Secondary Changes: • Moved protobuf encoding functions out of the agentpb package to eliminate circular dependencies. • Added custom JSON unmarshalers for a few ACL resource types (to support snake case and to get rid of mapstructure) • AuthMethod validator cache is now an interface as these will be cached per-namespace for Consul Enterprise. • Added checks for policy/role link existence at the RPC API so we don’t push the request through raft to have it fail internally. • Forward ACL token delete request to the primary datacenter when the secondary DC doesn’t have the token. • Added a bunch of ACL test helpers for inserting ACL resource test data. |
5 years ago |
Matt Keeler |
973341a592
|
ACL Authorizer overhaul (#6620)
* ACL Authorizer overhaul To account for upcoming features every Authorization function can now take an extra *acl.EnterpriseAuthorizerContext. These are unused in OSS and will always be nil. Additionally the acl package has received some thorough refactoring to enable all of the extra Consul Enterprise specific authorizations including moving sentinel enforcement into the stubbed structs. The Authorizer funcs now return an acl.EnforcementDecision instead of a boolean. This improves the overall interface as it makes multiple Authorizers easily chainable as they now indicate whether they had an authoritative decision or should use some other defaults. A ChainedAuthorizer was added to handle this Authorizer enforcement chain and will never itself return a non-authoritative decision. * Include stub for extra enterprise rules in the global management policy * Allow for an upgrade of the global-management policy |
5 years ago |
Jack Pearkes | 36ebca1fd0 |
Fix to prevent allowing recursive KV deletions when we shouldn’t
|
6 years ago |
Matt Keeler |
f88d1ccc36
|
Handle rules translation when coming from the JSON compat HCL (#5662)
We were not handling some object keys when they were strings instead of identifiers. Now both are handled. Fixes #5493 |
6 years ago |
Matt Keeler |
18b29c45c4
|
New ACLs (#4791)
This PR is almost a complete rewrite of the ACL system within Consul. It brings the features more in line with other HashiCorp products. Obviously there is quite a bit left to do here but most of it is related docs, testing and finishing the last few commands in the CLI. I will update the PR description and check off the todos as I finish them over the next few days/week. Description At a high level this PR is mainly to split ACL tokens from Policies and to split the concepts of Authorization from Identities. A lot of this PR is mostly just to support CRUD operations on ACLTokens and ACLPolicies. These in and of themselves are not particularly interesting. The bigger conceptual changes are in how tokens get resolved, how backwards compatibility is handled and the separation of policy from identity which could lead the way to allowing for alternative identity providers. On the surface and with a new cluster the ACL system will look very similar to that of Nomads. Both have tokens and policies. Both have local tokens. The ACL management APIs for both are very similar. I even ripped off Nomad's ACL bootstrap resetting procedure. There are a few key differences though. Nomad requires token and policy replication where Consul only requires policy replication with token replication being opt-in. In Consul local tokens only work with token replication being enabled though. All policies in Nomad are globally applicable. In Consul all policies are stored and replicated globally but can be scoped to a subset of the datacenters. This allows for more granular access management. Unlike Nomad, Consul has legacy baggage in the form of the original ACL system. The ramifications of this are: A server running the new system must still support other clients using the legacy system. A client running the new system must be able to use the legacy RPCs when the servers in its datacenter are running the legacy system. The primary ACL DC's servers running in legacy mode needs to be a gate that keeps everything else in the entire multi-DC cluster running in legacy mode. So not only does this PR implement the new ACL system but has a legacy mode built in for when the cluster isn't ready for new ACLs. Also detecting that new ACLs can be used is automatic and requires no configuration on the part of administrators. This process is detailed more in the "Transitioning from Legacy to New ACL Mode" section below. |
6 years ago |
Matt Keeler | fbb1a7a52b |
Rewrite all of acl_test.go
This is now using table driven testing. In addition to conversion of old tests I also implemented several new tests for the acl fixes in my previous commit. In particular the issues I saw with ACLs for prepared queries, keyring and operator all have tests for those and comments indicating that they would have previously failed. |
6 years ago |
Matt Keeler | 883c5dd001 |
Fix ACL enforcement
This creates one function that takes a rule and the required permissions and returns whether it should be allowed and whether to leave the decision to the parent acl. Then this function is used everywhere. This makes acl enforcement consistent. There were several places where a default allow policy with explicit deny rules wasnt being handled and several others where it wasn’t using the parent acl appropriately but would lump no policy in with a deny policy. All of that has been fixed. |
6 years ago |
Mitchell Hashimoto |
5a47a53c70
|
acl: IntentionDefault => IntentionDefaultAllow
|
7 years ago |
Mitchell Hashimoto |
ac72a0c5fd
|
agent: ACL checks for authorize, default behavior
|
7 years ago |
Mitchell Hashimoto |
a621afe72c
|
agent/consul: convert intention ACLs to testify/assert
|
7 years ago |
Mitchell Hashimoto |
193f93107a
|
acl: implement IntentionRead/Write methods on ACL interface
|
7 years ago |
Mitchell Hashimoto |
437cc76af5
|
acl: parsing intentions in service block
|
7 years ago |
Josh Soref | 94835a2715 |
Spelling (#3958)
* spelling: another * spelling: autopilot * spelling: beginning * spelling: circonus * spelling: default * spelling: definition * spelling: distance * spelling: encountered * spelling: enterprise * spelling: expands * spelling: exits * spelling: formatting * spelling: health * spelling: hierarchy * spelling: imposed * spelling: independence * spelling: inspect * spelling: last * spelling: latest * spelling: client * spelling: message * spelling: minimum * spelling: notify * spelling: nonexistent * spelling: operator * spelling: payload * spelling: preceded * spelling: prepared * spelling: programmatically * spelling: required * spelling: reconcile * spelling: responses * spelling: request * spelling: response * spelling: results * spelling: retrieve * spelling: service * spelling: significantly * spelling: specifies * spelling: supported * spelling: synchronization * spelling: synchronous * spelling: themselves * spelling: unexpected * spelling: validations * spelling: value |
7 years ago |
James Phillips |
575d70aaa7
|
Cleans up some drift between the OSS and Enterprise trees.
|
7 years ago |
Preetha Appan | 26accb3b8a |
Only allow 'list' policies within 'key' policy definitions. Consolidated two similar tests into one and fixed alignment.
|
7 years ago |
Preetha Appan | 51a04ec87d |
Introduces new 'list' permission that applies to KV store recursive reads, and enforced only when opted in.
|
7 years ago |
Preetha Appan | d7e27e67c1 |
Introduce Code Policy validation via sentinel, with a noop implementation
|
7 years ago |
Frank Schröder | a3934c263c |
acl: consolidate error handling (#3401)
The error handling of the ACL code relies on the presence of certain magic error messages. Since the error values are sent via RPC between older and newer consul agents we cannot just replace the magic values with typed errors and switch to type checks since this would break compatibility with older clients. Therefore, this patch moves all magic ACL error messages into the acl package and provides default error values and helper functions which determine the type of error. |
7 years ago |
游远 | ffcd2b1fc8 |
fix UnitTest in acl
|
7 years ago |
James Phillips |
022baeea13
|
Adds support to the ACL package for agent policies.
|
8 years ago |
James Phillips |
60d4322c49
|
Adds support to ACL package for session policies.
|
8 years ago |
James Phillips |
7fa4ab3fd1
|
Adds support to ACL package for node policies.
|
8 years ago |
James Phillips |
9b4f316b21
|
Sorts all the ACl policy handlers for easier navigation (no functional changes).
|
8 years ago |
James Phillips | c01a3871c9 |
Adds support for snapshots and restores. (#2396)
* Updates Raft library to get new snapshot/restore API. * Basic backup and restore working, but need some cleanup. * Breaks out a snapshot module and adds a SHA256 integrity check. * Adds snapshot ACL and fills in some missing comments. * Require a consistent read for snapshots. * Make sure snapshot works if ACLs aren't enabled. * Adds a bit of package documentation. * Returns an empty response from restore to avoid EOF errors. * Adds API client support for snapshots. * Makes internal file names match on-disk file snapshots. * Adds DC and token coverage for snapshot API test. * Adds missing documentation. * Adds a unit test for the snapshot client endpoint. * Moves the connection pool out of the client for easier testing. * Fixes an incidental issue in the prepared query unit test. I realized I had two servers in bootstrap mode so this wasn't a good setup. * Adds a half close to the TCP stream and fixes panic on error. * Adds client and endpoint tests for snapshots. * Moves the pool back into the snapshot RPC client. * Adds a TLS test and fixes half-closes for TLS connections. * Tweaks some comments. * Adds a low-level snapshot test. This is independent of Consul so we can pull this out into a library later if we want to. * Cleans up snapshot and archive and completes archive tests. * Sends a clear error for snapshot operations in dev mode. Snapshots require the Raft snapshots to be readable, which isn't supported in dev mode. Send a clear error instead of a deep-down Raft one. * Adds docs for the snapshot endpoint. * Adds a stale mode and index feedback for snapshot saves. This gives folks a way to extract data even if the cluster has no leader. * Changes the internal format of a snapshot from zip to tgz. * Pulls in Raft fix to cancel inflight before a restore. * Pulls in new Raft restore interface. * Adds metadata to snapshot saves and a verify function. * Adds basic save and restore snapshot CLI commands. * Gets rid of tarball extensions and adds restore message. * Fixes an incidental bad link in the KV docs. * Adds documentation for the snapshot CLI commands. * Scuttle any request body when a snapshot is saved. * Fixes archive unit test error message check. * Allows for nil output writers in snapshot RPC handlers. * Renames hash list Decode to DecodeAndVerify. * Closes the client connection for snapshot ops. * Lowers timeout for restore ops. * Updates Raft vendor to get new Restore signature and integrates with Consul. * Bounces the leader's internal state when we do a restore. |
8 years ago |
James Phillips |
e5850d8a26
|
Adds new consul operator endpoint, CLI, and ACL and some basic Raft commands.
|
8 years ago |
James Phillips |
ae1cd5b47d
|
Switches all ACL caches to 2Q.
|
8 years ago |
James Phillips |
e831727923
|
Activates fallback to replicated ACLs.
|
8 years ago |
James Phillips | 483898abe5 |
Renames "prepared_query" ACL policy to "query".
|
9 years ago |
James Phillips | 899dcfe053 |
Completes switch of prepared_query ACLs to govern query names.
|
9 years ago |
James Phillips | 67de77482e |
Creates new "prepared-query" ACL type and new token capture behavior.
Prior to this change, prepared queries had the following behavior for ACLs, which will need to change to support templates: 1. A management token, or a token with read access to the service being queried needed to be provided in order to create a prepared query. 2. The token used to create the prepared query was stored with the query in the state store and used to execute the query. 3. A management token, or the token used to create the query needed to be supplied to perform and CRUD operations on an existing prepared query. This was pretty subtle and complicated behavior, and won't work for templates since the service name is computed at execution time. To solve this, we introduce a new "prepared-query" ACL type, where the prefix applies to the query name for static prepared query types and to the prefix for template prepared query types. With this change, the new behavior is: 1. A management token, or a token with "prepared-query" write access to the query name or (soon) the given template prefix is required to do any CRUD operations on a prepared query, or to list prepared queries (the list is filtered by this ACL). 2. You will no longer need a management token to list prepared queries, but you will only be able to see prepared queries that you have access to (you get an empty list instead of permission denied). 3. When listing or getting a query, because it was easy to capture management tokens given the past behavior, this will always blank out the "Token" field (replacing the contents as <hidden>) for all tokens unless a management token is supplied. Going forward, we should discourage people from binding tokens for execution unless strictly necessary. 4. No token will be captured by default when a prepared query is created. If the user wishes to supply an execution token then can pass it in via the "Token" field in the prepared query definition. Otherwise, this field will default to empty. 5. At execution time, we will use the captured token if it exists with the prepared query definition, otherwise we will use the token that's passed in with the request, just like we do for other RPCs (or you can use the agent's configured token for DNS). 6. Prepared queries with no name (accessible only by ID) will not require ACLs to create or modify (execution time will depend on the service ACL configuration). Our argument here is that these are designed to be ephemeral and the IDs are as good as an ACL. Management tokens will be able to list all of these. These changes enable templates, but also enable delegation of authority to manage the prepared query namespace. |
9 years ago |
James Phillips | ce0881a99a |
Adds a new management ACL for prepared queries.
|
9 years ago |
Dale Wijnand | 5a28ebcaa3 |
Fix a bunch of typos.
|
9 years ago |
Ryan Uber | 58c26497a9 |
acl: adding negative tests for bad policy
|
10 years ago |
Ryan Uber | 02b49058a2 |
acl: more keyring tests
|
10 years ago |
Ryan Uber | 7e50a457d9 |
acl: allow omitting keyring policy, add tests
|
10 years ago |
Ryan Uber | 47a33e3f1a |
acl: keyring policy uses a flat string
|
10 years ago |
Ryan Uber | 1b8051a783 |
acl: initial pass at keyring ACLs
|
10 years ago |