* backport of commit d65cacc7a6
* backport of commit 60ab1568ca
---------
Co-authored-by: dduzgun-security <deniz.duzgun@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
* backport of commit 6f0e24cda7
* partial backport of commit 77f44fa878
Update go-mod-tidy Make target to use flexible modules list.
This will update the list to include envoyextensions and troubleshoot.
* backport of commit 94a0aa2ea7
* backport of commit f0e1badd6f
* backport of commit 183dd2fb12
---------
Co-authored-by: Sarah Alsmiller <sarah.alsmiller@hashicorp.com>
Fix issue with persisting proxy-defaults
This resolves an issue introduced in hashicorp/consul#19829
where the proxy-defaults configuration entry with an HTTP protocol
cannot be updated after it has been persisted once and a router
exists. This occurs because the protocol field is not properly
pre-computed before being passed into validation functions.
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
Disable Envoy version check.
The current version of this script does not work well with the LTS release having a much
longer list of supported Envoy versions than the other branches. Later on, we should
tweak this to have the expected behavior, but for now, it is being disabled so that the
CICD pipeline can complete successfully and publish images.
Fix CICD docker image rate limits.
The docker image used in CICD was referencing `registry.k8s.io/pause:3.3`,
which appears to no longer function correctly. This commit swaps over to a
Hashicorp mirrored image that shouldn't have rate limits or disappearing
images.
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
This add a fix to properly verify the gateway mode before creating a watch specific to mesh gateways. This watch have a high performance cost and when mesh gateways are not used is not used.
This also adds an optimization to only return the nodes when watching the Internal.ServiceDump RPC to avoid unnecessary disco chain compilation. As watches in proxy config only need the nodes.
* backport of commit b0ce20b5e2
* backport of commit 3d4bde00cf
* backport of commit b2c77246b9
* backport of commit e7ab4d418d
* backport of commit d00d9c5da4
* backport of commit b2db3d5eb4
* backport of commit 50fb45ac74
* backport of commit 7b41a61c17
* backport of commit 2fa0e0a629
* backport of commit 88849c9030
* backport of commit 4ac54f10bc
* backport of commit 2a9dfc37f2
* Fix tests for backport.
---------
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
check error in TestDNSCycleRecursorCheckAllFail before asserting response to stop panic in CI. (#20231)
Co-authored-by: John Murret <john.murret@hashicorp.com>
* chore: improve CI backports by backporting new workflows
Even though these files aren't used, adding them prevents backport
failures for common changes that are backported n-2 versions.
* chore: improve CI backports by backporting new workflows (1.16)
Even though these files aren't used, adding them prevents backport
failures for common changes that are backported n-2 versions.
[1.15.x] agent: remove data race in agent config (#20200)
To fix an issue displaying the current reloaded config in the
v1/agent/self endpoint #18681 caused the agent's internal
config struct member to be deepcopied and replaced on reload.
This is not safe because the field is not protected by a lock, nor
should it be due to how it is accessed by the rest of the system.
This PR does the same deepcopy, but into a new field solely for
the point of capturing the current reloaded values for display
purposes. If there has been no reload then the original config is used.
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
* backport of commit fead597130
* Various test fixes.
* Fix race condition in reconcilePeering.
This resolves an issue where a peering object in the state store was
incorrectly mutated by a function, resulting in the test being flagged as
failing when the -race flag was used.
---------
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
* Revert "Backport into 1.15 of NET-6944 - Replace usage of deprecated Envoy field envoy.extensions.filters.http.lua.v3.Lua.inline_code (#20052)"
This reverts commit d99c27b355.
* Revert "Backport of NET-4774 - replace usage of deprecated Envoy field match_subject_alt_names into release/1.15.x (#20055)"
This reverts commit dbc87ca992.
* Revert "Backport of NET-6942 - Replace usage of deprecated Envoy field envoy.config.cluster.v3.Cluster.http_protocol_options. into release/1.15.x (#20031)"
This reverts commit 3b70b66ecf.
* Revert "Backport of NET-6317 - update usage of deprecated fields: http2_protocol_options and access_log_path into release/1.15.x (#19951)"
This reverts commit 1268d067c8.
wangxinyi7