github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
21,479 Commits
1,704 Branches
464 Tags
720 MiB
Commit Graph

21479 Commits (77daebd3f8547cb1504171fad66d06bd185ca7d5)

Author SHA1 Message Date
Nathan Coleman 77daebd3f8
Update compatibility matrix to include 1.20.x (#21843) 
* Update compatibility matrix to include 1.20.x

* Update compatibility.mdx
 2024-10-17 16:35:44 -04:00
Michael Zalimeni 0ce6730cbe
docs: clarify Envoy and dataplane LTS support policy (#21337) 
Update matrices and clarify statements as to when Consul expands
support to new major versions of Envoy and Consul dataplane in light of
Consul LTS or Envoy EOL status.
 2024-10-17 13:31:22 -04:00
sarahalsmiller 28b37812b8
Suppress CVE-2024-9143 (#21848) 
Update security-scan.hcl
 2024-10-17 16:24:19 +00:00
Michael Zalimeni d9206fc7e2
[NET-1151 NET-11228] security: Add request normalization and header match options to prevent L7 intentions bypass (#21816) 
mesh: add options for HTTP incoming request normalization

Expose global mesh configuration to enforce inbound HTTP request
normalization on mesh traffic via Envoy xDS config.

mesh: enable inbound URL path normalization by default

mesh: add support for L7 header match contains and ignore_case

Enable partial string and case-insensitive matching in L7 intentions
header match rules.

ui: support L7 header match contains and ignore_case

Co-authored-by: Phil Renaud <phil@riotindustries.com>

test: add request normalization integration bats tests

Add both "positive" and "negative" test suites, showing normalization in
action as well as expected results when it is not enabled, for the same
set of test cases.

Also add some alternative service container test helpers for verifying
raw HTTP request paths, which is difficult to do with Fortio.

docs: update security and reference docs for L7 intentions bypass prevention

- Update security docs with best practices for service intentions
  configuration
- Update configuration entry references for mesh and intentions to
  reflect new values and add guidance on usage
 2024-10-16 12:23:33 -04:00
Michael Zalimeni 3370f6b250
chore: remove unintentionally committed consul-k8s submodule (#21833) 
Also prevent future re-commits of this submodule path by adding to
.gitignore.
 2024-10-16 14:36:04 +00:00
Jeff Boruszak 7e61148f86
docs: Consul v1.20 release notes (#21826) 
* Page creation

* DNS views description

* Catalog sync and openshift

* Grafana + consul-k8s release notes

* nav update

* Fix known issues language
 2024-10-15 16:40:47 -07:00
Nathan Coleman 044e408391
Post-release updates for 1.20.0 (#21829) 
* Update active version list in .release/versions.hcl

* Remove nightly tests for 1.17.x

* Add nightly tests for 1.20.x

* Gate nightly tests for 1.19.x to Enterprise only

* Update CHANGELOG.md
 2024-10-15 15:55:02 +00:00
Jeff Boruszak 8f78d7cafd
docs: Consul DNS views on Kubernetes (#21802) 
* Backport of ci: update the security-scanner gha token into release/1.20.x (#21754)

backport of commit eb9dbc93f8

Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>

* Backport of Initialize 1.20 Release into release/1.20.x (#21753)

* backport of commit a33e903cdf

* backport of commit 37163dc1a8

* backport of commit 38f0907c7a

* backport of commit 6ab7ec254b

* backport of commit 7ac4178186

* backport of commit 5dfebb2cf3

* backport of commit 316d68cb84

---------

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>

* Backport of Stage rc release into release/1.20.x (#21772)

backport of commit d311f2b638

Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>

* Backport of Upgrade ubi image to 9.4 into release/1.20.x (#21773)

* backport of commit 888e302f6e

* backport of commit 17499dc4dc

* backport of commit d933d3727d

---------

Co-authored-by: Dhia Ayachi <dhia.ayachi@gmail.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>

* Backport of security: update alpine base image to 3.20 into release/1.20.x (#21774)

* backport of commit 4421ce1677

* Upgrade ubi image to 9.4 (#21750)

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>

* Backport of fix spacing of bash scripts into release/1.20.x (#21769)

* backport of commit 1e97297215

* backport of commit b7053f5361

* backport of commit a391f2fa3c

---------

Co-authored-by: jm96441n <john.maguire@hashicorp.com>

* Backport of [NET-11150] ci: fix conditional skip and add safeguard into release/1.20.x (#21783)

backport of commit c3db6c9001

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>

* initial commit

* Initial pages

* Edits to other pages + nav & redirects

* minor fixes

* Backport of security: update alpine base image to 3.20 into release/1.20.x (#21774)

* backport of commit 4421ce1677

* Upgrade ubi image to 9.4 (#21750)

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>

* CE-679

* align with main

* Content updates

* minor edit

* Apply suggestions from code review

Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>

* CoreDNS config update

* small edits

* typo fix

---------

Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>
Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
Co-authored-by: Dhia Ayachi <dhia.ayachi@gmail.com>
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Co-authored-by: jm96441n <john.maguire@hashicorp.com>
Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
 2024-10-14 12:38:23 -07:00
Michael Zalimeni 1648c890dd
ci: ensure int test docker pull goes through proxy (#21819) 2024-10-14 19:02:29 +00:00
Nathan Coleman 4275e8fa82
Update ENVOY_VERSIONS (#21820) 
No new minor versions, just incrementing the patches for hygiene's sake
 2024-10-14 16:52:22 +00:00
Nathan Coleman eda961f4a2
Upgrade test improvements for 1.20.x (#21813) 
* Bump Envoy version used for 1.20.x upgrade tests

* Improve README + docstrings
 2024-10-11 21:12:48 +00:00
Yasmin Lorin Kaygalak 738acfee1a
Adds grafana dashboards (#21806) 2024-10-09 13:30:28 -04:00
Lens0021 / Leslie 09735ec72f
docs: Add missing `&&` in DNS forwading tutorial (#21804) 
Add missing `&&` to iptables command.

The original commands fail when being directly pasted into a shell.
 2024-10-07 14:52:46 -04:00
John Murret 029ac10acc
update serf links (#21797) 
* update serf links

* add .markdown file extension

* update serf links to use /blob/master/

* fix broken links

---------

Co-authored-by: github-team-consul-core <github-team-consul-core@hashicorp.com>
 2024-10-02 13:02:23 -06:00
John Maguire a689893991
Add partition field for catalog deregister docs (#21788) 
* Add partition field for catalog deregister docs

* Update website/content/api-docs/catalog.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
 2024-09-27 17:16:31 +00:00
sarahalsmiller 718bf7496f
Fix changelog for 1.20-rc1 (#21776) 
fix changelog
 2024-09-26 10:46:43 -05:00
Michael Zalimeni bfc25b1757
[NET-11150] ci: fix conditional skip and add safeguard (#21781) 
ci: fix conditional skip and add safeguard

Adopt a third-party action to avoid script bugs, and to fix a current
issue where the script fails to detect all changes when processing push
events on PR branches.

Adapted from hashicorp/consul-dataplane#637. See that PR for testing
details and background context.
 2024-09-25 13:08:24 -04:00
R.B. Boyer 1986c558a8
api: remove dependency on proto-public, protobuf, and grpc (#21780) 2024-09-23 15:14:39 -05:00
Dhia Ayachi 39104a3ce1
Update raft to 1.7.0 and add configuration for prevote (#21758) 
* update raft to 1.7.0

* add config to disable raft prevote

* add changelog
 2024-09-20 10:35:48 -04:00
Michael Zalimeni c16d6831e8
chore: Update VERSION for next major release (#21756) 
This should be set to the next major version now that `release/1.20.x` has been created.
 2024-09-19 15:55:45 -05:00
sarahalsmiller dc0fa032e8
Stage rc release (#21770) 
stage rc release
 2024-09-19 14:58:56 -05:00
John Maguire 2d19cd5810
fix spacing of bash scripts (#21760) 
* fix spacing of bash scripts

* shellcheck all the things

* cat filename rather than concatenating pr number
 2024-09-19 14:09:42 -04:00
danielehc 250b1dece5
CE-654 - TLS Encryption docs + CE-713 - Gossip Encryption key rotation (#21509) 
* New proposed structure

* Fix structure and add some content

* Fix structure and add some content

* Fix structure and add some content

* Add content

* Add content

* mtls steps

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* Encryption docs structure change

* spacing fixes

* Replace <CodeTabs>

* <CodeBlockConfig> alignment

* indent fixes

* spacing

* More Code tabs fixes

* Structure chenges

* Structure chenges

* Extra content and CE-713 migration

* Extra content

* Extra content

* Extra content

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

* Apply suggestions from code review

* Test CodeTabs

* Test CodeTabs

* Apply suggestions from code review

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
 2024-09-19 11:20:44 +02:00
Nick Wales ac9e694b98
Adds initial sg documentation for the health API (#21763) 
Adds initial sg documentation
 2024-09-18 12:36:27 -07:00
NicoletaPopoviciu 1a0b1e045b
Update test-integrations.yml to capture latest versions of Nomad and Vault (#21749) 
* Update test-integrations.yml

Update Vault/Nomad versions to ensure we're testing the latest versions .

* Update test to test latest available CE versions
 2024-09-17 13:20:14 -04:00
Dhia Ayachi fe820d561a
Upgrade ubi image to 9.4 (#21750) 
* upgrade go to 1.23.1, upgrade ubi image to 9.4

* add changelog

* revert go version upgrade
 2024-09-17 11:48:02 -04:00
Michael Zalimeni 29c2cbcbe2
ci: fix versions.hcl parsing by removing extraneous comma (#21752) 
Commas are not expected after HCL blocks. This is causing parsing in BPA
to fail and may interfere w/ other release-related workflows.
 2024-09-17 15:27:35 +00:00
Deniz Onur Duzgun 176ea31ed9
ci: update the security-scanner gha token (#21748) 2024-09-17 10:49:01 -04:00
sarahalsmiller e0785bc4f9
Initialize 1.20 Release (#21746) 
* init release branch

* init 1.20 nightly tests

* drop 1.17 nightly tests for new release cycle

* drop 1.17 from test matrix

* Update nightly-test-integrations-1.20.x.yml
 2024-09-16 22:06:56 +00:00
Michael Zalimeni 5e20e13c8e
ci: fix CI skip script hole (#21741) 
In some environments, the script will not fail despite SKIP_CHECK_BRANCH
being unset, leading to the script explicitly skipping CI when it should
fail fast.

Prevent this by explicitly checking for the env var.
 2024-09-16 16:35:49 -04:00
sarahalsmiller 17d43c6316
Fix supression (#21744) 
fix supression
 2024-09-16 18:43:51 +00:00
sarahalsmiller 5a84cd1abf
Update security-scan.hcl (#21739) 2024-09-16 17:42:36 +00:00
Deniz Onur Duzgun ac41822332
ci: fix security-scanner conditional skip (#21740) 2024-09-16 13:23:04 -04:00
sarahalsmiller 667eac2ac5
Suppress CVE-2024-8096 (#21737) 2024-09-16 16:08:29 +00:00
Phil Renaud d315ff1df8
[ui] Pin ansi-html to 0.0.8 (#21735) 
Pin ansi-html to 0.0.8
 2024-09-16 11:22:00 -04:00
Phil Renaud f924a017b2
[ui] Codemirror resolution pinned in package.json (#21715) 
Codemirror pinned
 2024-09-13 20:32:02 +00:00
Phil Renaud 4efac491e7
[ui] Prettify ember-cli-build (#21731) 
* Missed prettification at a pre-merge step earlier

* Missed lint-removal
 2024-09-13 15:30:46 -04:00
Michael Zalimeni c40eecf8f9
security: update alpine base image to 3.20 (#21729) 
* security: update alpine base image to 3.20

* security: update scan config to remove old triage exceptions
 2024-09-13 19:02:11 +00:00
Phil Renaud de281cbfb7
[ui] codemirror lint removal (#21726) 
* ui: remove json linting dependency

* Remove modes from codemirror change hooks

* Modes and line numbers re-added, linting still removed, old underscore removed

* Changelog added

---------

Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>
 2024-09-13 13:59:40 -04:00
sarahalsmiller 30b5ffa281
Hard update all 1.3 dataplane to 1.6 (#21728) 
* hard update all 1.3 dataplane to 1.6

* update 1.5 image
 2024-09-13 11:30:25 -05:00
Phil Renaud 9bab2ed939
[ui] Markdown-it pinned (#21717) 
Markdown-it pinned
 2024-09-12 18:15:12 -04:00
John Maguire 8c197db664
add script to generate changelog for a PR (#21719) 
* add script to generate changelog for a PR

* handle enterprise changelogs

* add command to generate changelog

* remove script to handle changelog release
 2024-09-12 16:55:35 +00:00
Phil Renaud 0cc0fa7188
[ui] Simple url sanitization for get-env and document.cookie (#21711) 
Simple url sanitization for get-env and document.cookie
 2024-09-12 12:27:22 -04:00
John Maguire a3ac555a5e
[NET-10952] fix cluster dns lookup family to gracefully handle ipv6 (#21703) 
* update jwks cluster creation to gracefully handle ipv6

* update unit tests for dns lookup family

* Add changelog
 2024-09-12 15:37:36 +00:00
sarahalsmiller 320b708b9f
Bump Envoy, remove support for unsupported versions (#21616) 
* bump envoy

* changelog

* drop breaking change note

* update docs

* udpate port tests
 2024-09-12 15:32:18 +00:00
Deniz Onur Duzgun 1a62917ad1
security: triage vendor alerts (#21716) 
* security: triage vendor alerts

* add wildcard to vendor
 2024-09-12 15:08:20 +00:00
Phil Renaud 35ffb312b0
[ui] Pin a newer version of Braces (#21710) 
Pin a newer version of Braces
 2024-09-11 16:24:58 -04:00
sarahalsmiller 07fae7bb0b
[Security] Fix XSS Vulnerability where content-type header wasn't explicitly set (#21704) 
* explicitly add content-type anywhere possible and add middleware to set and warn

* added tests, fixed typo

* clean up unused constants

* changelog

* fix call order in middleware
 2024-09-11 14:23:21 -05:00
sarahalsmiller 876a0a7778
Update security-scan.hcl (#21707) 2024-09-11 19:21:45 +00:00
Anita Akaeze 7653ffb0a5
security: Upgrade Go to 1.22.7 (#21705) 
* security: Upgrade Go to 1.22.7

* add changelog
 2024-09-10 15:07:05 -07:00