Commit Graph

19410 Commits (a2158c29bee640bbd3f04ca1b37d2a004a030bdb)

Author SHA1 Message Date
hc-github-team-consul-core a2158c29be
backport of commit b7866911a7 (#17188)
Co-authored-by: Eric <eric@haberkorn.co>
2023-04-28 20:48:15 +00:00
hc-github-team-consul-core 43a1a907d0
backport of commit aaf63f6373 (#17154)
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
2023-04-26 18:03:13 +00:00
John Murret 00d3bb45fb
ci:backport of success job being skipped (#17135) 2023-04-25 21:09:31 +00:00
hc-github-team-consul-core 08e0e11045
backport of commit 42ed5be04d (#17127)
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-04-25 09:54:04 -07:00
Dan Bond 1bfd83fdac
CI: remove uneeded AWS creds from test-integrations (#17113) 2023-04-25 15:49:43 +00:00
hc-github-team-consul-core 5f5590e1be
Update golang.org/x/net to v0.7.0 (#17026)
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-04-24 21:33:11 +00:00
hc-github-team-consul-core 7569134503
Backport of ci: fix runner calculation to exclude the top level directory as part of the calculation into release/1.14.x (#17110)
* backport of commit 07d9aeb851

* backport of commit 0c0a33928a

* ci: fix runner calculation to exclude the top level directory as part of the calculation (#17090)

* fix runner calculation to exclude the top level directory as part of the calculation

* fix the logic for generating the directories/functions

* De-scope tenenacy requirements to OSS only for now. (#17087)

Partition and namespace must be "default"
Peername must be "local"

* Fix virtual services being included in intention topology as downstreams. (#17099)

* Merge pull request #5200 from hashicorp/NET-3758 (#17102)

* Merge pull request #5200 from hashicorp/NET-3758

NET-3758: connect: update supported envoy versions to 1.26.0

* lint

* CI: remove uneeded AWS creds from test-integrations (#17104)

* Update test-integrations.yml

* removing permission lies now that vault is not used in this job.

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>

* update based on feedback

---------

Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>
Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-04-24 21:28:29 +00:00
hc-github-team-consul-core 3342eeb73c
Backport of ci: fix test splits that have less test packages than runner count from hanging into release/1.14.x (#17084)
* no-op commit due to failed cherry-picking

* manual backport

* fix

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-21 11:59:08 -06:00
hc-github-team-consul-core 6d02197557
backport of commit d799302432 (#17058)
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-19 22:47:30 +00:00
hc-github-team-consul-core 6c575bcaca
backport of commit 7df53afce7 (#17052)
Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>
2023-04-19 21:08:44 +00:00
John Murret 64f269b2c9
ci: remove test-integrations CircleCI workflow in 1.14 (#16928) (#17050)
* ci: remove test-integrations CircleCI workflow (#16928)

* remove all CircleCI files

* remove references to CircleCI

* remove more references to CircleCI

* pin golangci-lint to v1.51.1 instead of v1.51

* right-sizing TOTAL_runners
2023-04-19 13:49:45 -06:00
hc-github-team-consul-core f1ac45ec55
Backport of ci: add test-integrations into release/1.14.x (#17040)
* Add missing link (#16437)

* docs: remove extra whitespace in frontmatter (#16436)

* Delete Vagrantfile (#16442)

* upgrade test: consolidate resolver test cases (#16443)

* UI: Fix rendering issue in search and lists (#16444)

* Upgrade ember-cli-string-helpers

* add extra lock change

* Update docs for consul-k8s 1.1.0 (#16447)

* Update ingress-gateways.mdx (#16330)

* Update ingress-gateways.mdx

Added an example of running the HELM install for the ingress gateways using values.yaml

* Apply suggestions from code review

* Update ingress-gateways.mdx

Adds closing back ticks on example command. The suggesting UI strips them out.

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* grpc: fix data race in balancer registration (#16229)

Registering gRPC balancers is thread-unsafe because they are stored in a
global map variable that is accessed without holding a lock. Therefore,
it's expected that balancers are registered _once_ at the beginning of
your program (e.g. in a package `init` function) and certainly not after
you've started dialing connections, etc.

> NOTE: this function must only be called during initialization time
> (i.e. in an init() function), and is not thread-safe.

While this is fine for us in production, it's challenging for tests that
spin up multiple agents in-memory. We currently register a balancer per-
agent which holds agent-specific state that cannot safely be shared.

This commit introduces our own registry that _is_ thread-safe, and
implements the Builder interface such that we can call gRPC's `Register`
method once, on start-up. It uses the same pattern as our resolver
registry where we use the dial target's host (aka "authority"), which is
unique per-agent, to determine which builder to use.

* cli: ensure acl token read -self works (#16445)

Fixes a regression in #16044

The consul acl token read -self cli command should not require an -accessor-id because typically the persona invoking this would not already know the accessor id of their own token.

* docs: Add backwards compatibility for Consul 1.14.x and consul-dataplane in the Envoy compat matrix (#16462)

* Update envoy.mdx

* gateways: add e2e test for API Gateway HTTPRoute ParentRef change (#16408)

* test(gateways): add API Gateway HTTPRoute ParentRef change test

* test(gateways): add checkRouteError helper

* test(gateways): remove EOF check

in CI this seems to sometimes be 'connection reset by peer' instead

* Update test/integration/consul-container/test/gateways/http_route_test.go

* Gateway Test HTTPPathRewrite (#16418)

* add http url path rewrite

* add Mike's test back in

* update kind to use api.APIGateway

* cli: remove stray whitespace when loading the consul version from the VERSION file (#16467)

Fixes a regression from #15631 in the output of `consul version` from:

    Consul v1.16.0-dev
    +ent
    Revision 56b86acbe5+CHANGES

to

    Consul v1.16.0-dev+ent
    Revision 56b86acbe5+CHANGES

* Docs/services refactor docs day 122022 (#16103)

* converted main services page to services overview page

* set up services usage dirs

* added Define Services usage page

* converted health checks everything page to Define Health Checks usage page

* added Register Services and Nodes usage page

* converted Query with DNS to Discover Services and Nodes Overview page

* added Configure DNS Behavior usage page

* added Enable Static DNS Lookups usage page

* added the Enable Dynamic Queries DNS Queries usage page

* added the Configuration dir and overview page - may not need the overview, tho

* fixed the nav from previous commit

* added the Services Configuration Reference page

* added Health Checks Configuration Reference page

* updated service defaults configuraiton entry to new configuration ref format

* fixed some bad links found by checker

* more bad links found by checker

* another bad link found by checker

* converted main services page to services overview page

* set up services usage dirs

* added Define Services usage page

* converted health checks everything page to Define Health Checks usage page

* added Register Services and Nodes usage page

* converted Query with DNS to Discover Services and Nodes Overview page

* added Configure DNS Behavior usage page

* added Enable Static DNS Lookups usage page

* added the Enable Dynamic Queries DNS Queries usage page

* added the Configuration dir and overview page - may not need the overview, tho

* fixed the nav from previous commit

* added the Services Configuration Reference page

* added Health Checks Configuration Reference page

* updated service defaults configuraiton entry to new configuration ref format

* fixed some bad links found by checker

* more bad links found by checker

* another bad link found by checker

* fixed cross-links between new topics

* updated links to the new services pages

* fixed bad links in scale file

* tweaks to titles and phrasing

* fixed typo in checks.mdx

* started updating the conf ref to latest template

* update SD conf ref to match latest CT standard

* Apply suggestions from code review

Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>

* remove previous version of the checks page

* fixed cross-links

* Apply suggestions from code review

Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>

---------

Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>

* docs: clarify license expiration upgrade behavior (#16464)

* add provider ca auth-method support for azure

Does the required dance with the local HTTP endpoint to get the required
data for the jwt based auth setup in Azure. Keeps support for 'legacy'
mode where all login data is passed on via the auth methods parameters.
Refactored check for hardcoded /login fields.

* Changed titles for services pages to sentence style cap (#16477)

* Changed titles for services pages to sentence style cap

* missed a meta title

* docs: Consul 1.15.0 and Consul K8s 1.0 release notes (#16481)

* add new release notes
---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* fix (cli): return error msg if acl policy not found (#16485)

* fix: return error msg if acl policy not found

* changelog

* add test

* update services nav titles (#16484)

* Improve ux to help users avoid overwriting fields of ACL tokens, roles and policies (#16288)

* Deprecate merge-policies and add options add-policy-name/add-policy-id to improve CLI token update command

* deprecate merge-roles fields

* Fix potential flakey tests and update ux to remove 'completely' + typo fixes

* NET-2292: port ingress-gateway test case "http" from BATS addendum (#16490)

* docs: Update release notes with Envoy compat issue (#16494)

* Update v1_15_x.mdx

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* Suppress AlreadyRegisteredError to fix test retries (#16501)

* Suppress AlreadyRegisteredError to fix test retries

* Remove duplicate sink

* Speed up test by registering services concurrently (#16509)

* add provider ca support for jwt file base auth

Adds support for a jwt token in a file. Simply reads the file and sends
the read in jwt along to the vault login.

It also supports a legacy mode with the jwt string being passed
directly. In which case the path is made optional.

* docs(architecture): remove merge conflict leftovers (#16507)

* add provider ca auth support for kubernetes

Adds support for Kubernetes jwt/token file based auth. Only needs to
read the file and save the contents as the jwt/token.

* Merge pull request #4538 from hashicorp/NET-2396 (#16516)

NET-2396: refactor test to reduce duplication

* Merge pull request #4584 from hashicorp/refactor_cluster_config (#16517)

NET-2841: PART 1 - refactor NewPeeringCluster to support custom config

* Add ServiceResolver RequestTimeout for route timeouts to make TerminatingGateway upstream timeouts configurable (#16495)

* Leverage ServiceResolver ConnectTimeout for route timeouts to make TerminatingGateway upstream timeouts configurable

* Regenerate golden files

* Add RequestTimeout field

* Add changelog entry

* Fix issue where terminating gateway service resolvers weren't properly cleaned up (#16498)

* Fix issue where terminating gateway service resolvers weren't properly cleaned up

* Add integration test for cleaning up resolvers

* Add changelog entry

* Use state test and drop integration test

* Add support for failover policies (#16505)

* modified unsupported envoy version error (#16518)

- When an envoy version is out of a supported range, we now return the envoy version being used as `major.minor.x` to indicate that it is the minor version at most that is incompatible
- When an envoy version is in the list of unsupported envoy versions we return back the envoy version in the error message as `major.minor.patch` as now the exact version matters.

* Remove private prefix from proto-gen-rpc-glue e2e test (#16433)

* Fix resolution of service resolvers with subsets for external upstreams (#16499)

* Fix resolution of service resolvers with subsets for external upstreams

* Add tests

* Add changelog entry

* Update view filter logic

* fixed broken links associated with cluster peering updates (#16523)

* fixed broken links associated with cluster peering updates

* additional links to fix

* typos

* fixed redirect file

* add provider ca support for approle auth-method

Adds support for the approle auth-method. Only handles using the approle
role/secret to auth and it doesn't support the agent's extra management
configuration options (wrap and delete after read) as they are not
required as part of the auth (ie. they are vault agent things).

* update connect/ca's vault AuthMethod conf section (#16346)

Updated Params field to re-frame as supporting arguments specific to the
supported vault-agent auth-auth methods with links to each methods
"#configuration" section.
Included a call out limits on parameters supported.

* proxycfg: ensure that an irrecoverable error in proxycfg closes the xds session and triggers a replacement proxycfg watcher (#16497)

Receiving an "acl not found" error from an RPC in the agent cache and the
streaming/event components will cause any request loops to cease under the
assumption that they will never work again if the token was destroyed. This
prevents log spam (#14144, #9738).

Unfortunately due to things like:

- authz requests going to stale servers that may not have witnessed the token
  creation yet

- authz requests in a secondary datacenter happening before the tokens get
  replicated to that datacenter

- authz requests from a primary TO a secondary datacenter happening before the
  tokens get replicated to that datacenter

The caller will get an "acl not found" *before* the token exists, rather than
just after. The machinery added above in the linked PRs will kick in and
prevent the request loop from looping around again once the tokens actually
exist.

For `consul-dataplane` usages, where xDS is served by the Consul servers
rather than the clients ultimately this is not a problem because in that
scenario the `agent/proxycfg` machinery is on-demand and launched by a new xDS
stream needing data for a specific service in the catalog. If the watching
goroutines are terminated it ripples down and terminates the xDS stream, which
CDP will eventually re-establish and restart everything.

For Consul client usages, the `agent/proxycfg` machinery is ahead-of-time
launched at service registration time (called "local" in some of the proxycfg
machinery) so when the xDS stream comes in the data is already ready to go. If
the watching goroutines terminate it should terminate the xDS stream, but
there's no mechanism to re-spawn the watching goroutines. If the xDS stream
reconnects it will see no `ConfigSnapshot` and will not get one again until
the client agent is restarted, or the service is re-registered with something
changed in it.

This PR fixes a few things in the machinery:

- there was an inadvertent deadlock in fetching snapshot from the proxycfg
  machinery by xDS, such that when the watching goroutine terminated the
  snapshots would never be fetched. This caused some of the xDS machinery to
  get indefinitely paused and not finish the teardown properly.

- Every 30s we now attempt to re-insert all locally registered services into
  the proxycfg machinery.

- When services are re-inserted into the proxycfg machinery we special case
  "dead" ones such that we unilaterally replace them rather that doing that
  conditionally.

* NET-2903 Normalize weight for http routes (#16512)

* NET-2903 Normalize weight for http routes

* Update website/content/docs/connect/gateways/api-gateway/configuration/http-route.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Add some basic UI improvements for api-gateway services (#16508)

* Add some basic ui improvements for api-gateway services

* Add changelog entry

* Use ternary for null check

* Update gateway doc links

* rename changelog entry for new PR

* Fix test

* fixes empty link in DNS usage page (#16534)

* NET-2904 Fixes API Gateway Route Service Weight Division Error

* Improve ux around ACL token to help users avoid overwriting node/service identities (#16506)

* Deprecate merge-node-identities and merge-service-identities flags

* added tests for node identities changes

* added changelog file and docs

* Follow-up fixes to consul connect envoy command (#16530)

* Merge pull request #4573 from hashicorp/NET-2841 (#16544)

* Merge pull request #4573 from hashicorp/NET-2841

NET-2841: PART 2 refactor upgrade tests to include version 1.15

* update upgrade versions

* upgrade test: discovery chain across partition (#16543)

* Update the consul-k8s cli docs for the new `proxy log` subcommand (#16458)

* Update the consul-k8s cli docs for the new `proxy log` subcommand

* Updated consul-k8s docs from PR feedback

* Added proxy log command to release notes

* Delete test-link-rewrites.yml (#16546)

* feat: update notification to use hds toast component (#16519)

* Fix flakey tests related to ACL token updates (#16545)

* Fix flakey tests related to ACL token updates

* update all acl token update tests

* extra create_token function to its own thing

* support vault auth config for alicloud ca provider

Add support for using existing vault auto-auth configurations as the
provider configuration when using Vault's CA provider with AliCloud.

AliCloud requires 2 extra fields to enable it to use STS (it's preferred
auth setup). Our vault-plugin-auth-alicloud package contained a method
to help generate them as they require you to make an http call to
a faked endpoint proxy to get them (url and headers base64 encoded).

* Update docs to reflect functionality (#16549)

* Update docs to reflect functionality

* make consistent with other client runtimes

* upgrade test: use retry with ModifyIndex and remove ent test file (#16553)

* add agent locality and replicate it across peer streams (#16522)

* docs: Document config entry permissions (#16556)

* Broken link fixes (#16566)

* NET-2954: Improve integration tests CI execution time (#16565)

* NET-2954: Improve integration tests CI execution time

* fix ci

* remove comments and modify config file

* fix bug that can lead to peering service deletes impacting the state of local services (#16570)

* Update changelog with patch releases (#16576)

* Bump submodules from latest 1.15.1 patch release (#16578)

* Update changelog with Consul patch releases 1.13.7, 1.14.5, 1.15.1

* Bump submodules from latest patch release

* Forgot one

* website: adds content-check command and README update (#16579)

* added a backport-checker GitHub action (#16567)

* added a backport-checker GitHub action

* Update .github/workflows/backport-checker.yml

* auto-updated agent/uiserver/dist/ from commit 63204b518 (#16587)

Co-authored-by: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>

* GRPC stub for the ResourceService (#16528)

* UI: Fix htmlsafe errors throughout the app (#16574)

* Upgrade ember-intl

* Add changelog

* Add yarn lock

* Add namespace file with build tag for OSS gateway tests (#16590)

* Add namespace file with build tag for OSS tests

* Remove TODO comment

* JIRA pr check: Filter out OSS/ENT merges (#16593)

* jira pr check filter out dependabot and oss/ent merges

* allow setting locality on services and nodes (#16581)

* Add Peer Locality to Discovery Chains (#16588)

Add peer locality to discovery chains

* fixes for unsupported partitions field in CRD metadata block (#16604)

* fixes for unsupported partitions field in CRD metadata block

* Apply suggestions from code review

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>

---------

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>

* Create a weekly 404 checker for all Consul docs content (#16603)

* Consul WAN Fed with Vault Secrets Backend document updates (#16597)

* Consul WAN Fed with Vault Secrets Backend document updates

* Corrected dc1-consul.yaml and dc2-consul.yaml file highlights

* Update website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/vault/wan-federation.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Allow HCP metrics collection for Envoy proxies

Co-authored-by: Ashvitha Sridharan <ashvitha.sridharan@hashicorp.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>

Add a new envoy flag: "envoy_hcp_metrics_bind_socket_dir", a directory
where a unix socket will be created with the name
`<namespace>_<proxy_id>.sock` to forward Envoy metrics.

If set, this will configure:
- In bootstrap configuration a local stats_sink and static cluster.
  These will forward metrics to a loopback listener sent over xDS.

- A dynamic listener listening at the socket path that the previously
  defined static cluster is sending metrics to.

- A dynamic cluster that will forward traffic received at this listener
  to the hcp-metrics-collector service.


Reasons for having a static cluster pointing at a dynamic listener:
- We want to secure the metrics stream using TLS, but the stats sink can
  only be defined in bootstrap config. With dynamic listeners/clusters
  we can use the proxy's leaf certificate issued by the Connect CA,
  which isn't available at bootstrap time.

- We want to intelligently route to the HCP collector. Configuring its
  addreess at bootstrap time limits our flexibility routing-wise. More
  on this below.

Reasons for defining the collector as an upstream in `proxycfg`:
- The HCP collector will be deployed as a mesh service.

- Certificate management is taken care of, as mentioned above.

- Service discovery and routing logic is automatically taken care of,
  meaning that no code changes are required in the xds package.

- Custom routing rules can be added for the collector using discovery
  chain config entries. Initially the collector is expected to be
  deployed to each admin partition, but in the future could be deployed
  centrally in the default partition. These config entries could even be
  managed by HCP itself.

* Add copywrite setup file (#16602)

* Add sameness-group configuration entry. (#16608)

This commit adds a sameness-group config entry to the API and structs packages. It includes some validation logic and a new memdb index that tracks the default sameness-group for each partition. Sameness groups will simplify the effort of managing failovers / intentions / exports for peers and partitions.

Note that this change purely to introduce the configuration entry and does not include the full functionality of sameness-groups.

* Preserve CARoots when updating Vault CA configuration (#16592)

If a CA config update did not cause a root change, the codepath would return early and skip some steps which preserve its intermediate certificates and signing key ID. This commit re-orders some code and prevents updates from generating new intermediate certificates.

* Add UI copyright headers files (#16614)

* Add copyright headers to UI files

* Ensure copywrite file ignores external libs

* Docs discovery typo (#16628)

* docs(discovery): typo

* docs(discovery): EOF and trim lines

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Fix issue with trust bundle read ACL check. (#16630)

This commit fixes an issue where trust bundles could not be read
by services in a non-default namespace, unless they had excessive
ACL permissions given to them.

Prior to this change, `service:write` was required in the default
namespace in order to read the trust bundle. Now, `service:write`
to a service in any namespace is sufficient.

* Basic resource type registry (#16622)

* Backport ENT-4704 (#16612)

* feat: update typography to consume hds styles (#16577)

* Add known issues to Raft WAL docs. (#16600)

* Add known issues to Raft WAL docs.

* Refactor update based on review feedback

* Tune 404 checker to exclude false-positives and use intended file path (#16636)

* Update e2e tests for namespaces (#16627)

* Refactored "NewGatewayService" to handle namespaces, fixed
TestHTTPRouteFlattening test

* Fixed existing http_route tests for namespacing

* Squash aclEnterpriseMeta for ResourceRefs and HTTPServices, accept
namespace for creating connect services and regular services

* Use require instead of assert after creating namespaces in
http_route_tests

* Refactor NewConnectService and NewGatewayService functions to use cfg
objects to reduce number of method args

* Rename field on SidecarConfig in tests from `SidecarServiceName` to
`Name` to avoid stutter

* net 2731 ip config entry OSS version (#16642)

* ip config entry

* name changing

* move to ent

* ent version

* renaming

* change format

* renaming

* refactor

* add default values

* fix confusing spiffe ids in golden tests (#16643)

* First cluster grpc service should be NodePort for the second cluster to connect (#16430)

* First cluster grpc service should be NodePort

This is based on the issue opened here https://github.com/hashicorp/consul-k8s/issues/1903

If you follow the documentation https://developer.hashicorp.com/consul/docs/k8s/deployment-configurations/single-dc-multi-k8s exactly as it is, the first cluster will only create the consul UI service on NodePort but not the rest of the services (including for grpc). By default, from the helm chart, they are created as headless services by setting clusterIP None. This will cause an issue for the second cluster to discover consul server on the first cluster over gRPC as it cannot simply cannot through gRPC default port 8502 and it ends up in an error as shown in the issue https://github.com/hashicorp/consul-k8s/issues/1903

As a solution, the grpc service should be exposed using NodePort (or LoadBalancer). I added those changes required in both cluster1-values.yaml and cluster2-values.yaml, and also a description for those changes for the normal users to understand. Kindly review and I hope this PR will be accepted.

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/k8s/deployment-configurations/single-dc-multi-k8s.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Add in query options for catalog service existing in a specific (#16652)

namespace when creating service for tests

* fix: add AccessorID property to PUT token request (#16660)

* add sameness group support to service resolver failover and redirects (#16664)

* Fix incorrect links on Envoy extensions documentation (#16666)

* [API Gateway] Fix invalid cluster causing gateway programming delay (#16661)

* Add test for http routes

* Add fix

* Fix tests

* Add changelog entry

* Refactor and fix flaky tests

* Bump tomhjp/gh-action-jira-search from 0.2.1 to 0.2.2 (#16667)

Bumps [tomhjp/gh-action-jira-search](https://github.com/tomhjp/gh-action-jira-search) from 0.2.1 to 0.2.2.
- [Release notes](https://github.com/tomhjp/gh-action-jira-search/releases)
- [Commits](https://github.com/tomhjp/gh-action-jira-search/compare/v0.2.1...v0.2.2)

---
updated-dependencies:
- dependency-name: tomhjp/gh-action-jira-search
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump atlassian/gajira-transition from 2.0.1 to 3.0.1 (#15921)

Bumps [atlassian/gajira-transition](https://github.com/atlassian/gajira-transition) from 2.0.1 to 3.0.1.
- [Release notes](https://github.com/atlassian/gajira-transition/releases)
- [Commits](https://github.com/atlassian/gajira-transition/compare/v2.0.1...v3.0.1)

---
updated-dependencies:
- dependency-name: atlassian/gajira-transition
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>

* Snapshot restore tests (#16647)

* add snapshot restore test

* add logstore as test parameter

* Use the correct image version

* make sure we read the logs from a followers to test the follower snapshot install path.

* update to raf-wal v0.3.0

* add changelog.

* updating changelog for bug description and removed integration test.

* setting up test container builder to only set logStore for 1.15 and higher

---------

Co-authored-by: Paul Banks <pbanks@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>

* add sameness groups to discovery chains (#16671)

* feat: add category annotation to RPC and gRPC methods (#16646)

* Update GH actions to create Jira issue automatically (#16656)

* Adds check to verify that the API Gateway is being created with at least one listener

* Fix route subscription when using namespaces (#16677)

* Fix route subscription when using namespaces

* Update changelog

* Fix changelog entry to reference that the bug was enterprise only

* peering: peering partition failover fixes (#16673)

add local source partition for peered upstreams

* fix jira sync actions, remove custom fields (#16686)

* Docs/update jira sync pr issue (#16688)

* fix jira sync actions, remove custom fields

* remove more additional fields, debug

* Docs: Jira sync Update issuetype to bug (#16689)

* update issuetype to bug

* fix conditional for pr edu

* build(deps): bump tomhjp/gh-action-jira-create from 0.2.0 to 0.2.1 (#16685)

Bumps [tomhjp/gh-action-jira-create](https://github.com/tomhjp/gh-action-jira-create) from 0.2.0 to 0.2.1.
- [Release notes](https://github.com/tomhjp/gh-action-jira-create/releases)
- [Commits](https://github.com/tomhjp/gh-action-jira-create/compare/v0.2.0...v0.2.1)

---
updated-dependencies:
- dependency-name: tomhjp/gh-action-jira-create
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>

* build(deps): bump tomhjp/gh-action-jira-comment from 0.1.0 to 0.2.0 (#16684)

Bumps [tomhjp/gh-action-jira-comment](https://github.com/tomhjp/gh-action-jira-comment) from 0.1.0 to 0.2.0.
- [Release notes](https://github.com/tomhjp/gh-action-jira-comment/releases)
- [Commits](https://github.com/tomhjp/gh-action-jira-comment/compare/v0.1.0...v0.2.0)

---
updated-dependencies:
- dependency-name: tomhjp/gh-action-jira-comment
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>

* NET-2397: Add readme.md to upgrade test subdirectory (#16610)

* NET-2397: Add readme.md to upgrade test subdirectory

* remove test code

* fix link and update  steps of adding new test cases (#16654)

* fix link and update  steps of adding new test cases

* Apply suggestions from code review

Co-authored-by: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>

---------

Co-authored-by: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>

---------

Co-authored-by: cskh <hui.kang@hashicorp.com>
Co-authored-by: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>

* chore: replace hardcoded node name with a constant (#16692)

* Fix broken links from api docs (#16695)

* Update WAL Known issues (#16676)

* UI:  update Ember to 3.28.6 (#16616)


---------

Co-authored-by: wenincode <tyler.wendlandt@hashicorp.com>

* Regen helm docs (#16701)

* Remove unused are hosts set check (#16691)

* Remove unused are hosts set check

* Remove all traces of unused 'AreHostsSet' parameter

* Remove unused Hosts attribute

* Remove commented out use of snap.APIGateway.Hosts

* [NET-3029] Migrate build-distros to GHA (#16669)

* migrate build distros to GHA

Signed-off-by: Dan Bond <danbond@protonmail.com>

* build-arm

Signed-off-by: Dan Bond <danbond@protonmail.com>

* don't use matrix

Signed-off-by: Dan Bond <danbond@protonmail.com>

* check-go-mod

Signed-off-by: Dan Bond <danbond@protonmail.com>

* add notify slack script

Signed-off-by: Dan Bond <danbond@protonmail.com>

* notify slack if failure

Signed-off-by: Dan Bond <danbond@protonmail.com>

* rm notify slack script

Signed-off-by: Dan Bond <danbond@protonmail.com>

* fix check-go-mod job

Signed-off-by: Dan Bond <danbond@protonmail.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Update envoy extension docs, service-defaults, add multi-config example for lua (#16710)

* fix build workflow (#16719)

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Helm docs without developer.hashicorp.com prefix (#16711)

This was causing linter errors

* add extra resiliency to snapshot restore test (#16712)

* fix: gracefully fail on invalid port number (#16721)

* Copyright headers for config files git + circleci (#16703)

* Copyright headers for config files git + circleci

* Release folder copyright headers

* fix bug where pqs that failover to a cluster peer dont un-fail over (#16729)

* add enterprise xds tests (#16738)

* delete config when nil (#16690)

* delete config when nil

* fix mock interface implementation

* fix handler test to use the right assertion

* extract DeleteConfig as a separate API.

* fix mock limiter implementation to satisfy the new interface

* fix failing tests

* add test comments

* Changelog for audit logging fix. (#16700)

* Changelog for audit logging fix.

* Use GH issues type for edu board (#16750)

* fix: remove unused tenancy category from rate limit spec (#16740)

* Remove version bump from CRT workflow (#16728)

This bumps the version to reflect the next patch release; however, we use a specific branch for each patch release and so never wind up cutting a release directly from the `release/1.15.x` (for example) where this is intended to work.

* tests instantiating clients w/o shutting down (#16755)

noticed via their port still in use messages.

* RELENG-471: Remove obsolete load-test workflow (#16737)

* Remove obsolete load-test workflow

* remove load-tests from circleci config.

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>

* add failover policy to ProxyConfigEntry in api (#16759)

* add failover policy to ProxyConfigEntry in api

* update docs

* Fix broken links in Consul docs (#16640)

* Fix broken links in Consul docs

* more broken link fixes

* more 404 fixes

* 404 fixes

* broken link fix

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* Change partition for peers in discovery chain targets (#16769)

This commit swaps the partition field to the local partition for
discovery chains targeting peers. Prior to this change, peer upstreams
would always use a value of default regardless of which partition they
exist in. This caused several issues in xds / proxycfg because of id
mismatches.

Some prior fixes were made to deal with one-off id mismatches that this
PR also cleans up, since they are no longer needed.

* Docs/intentions refactor docs day 2022 (#16758)

* converted intentions conf entry to ref CT format

* set up intentions nav

* add page for intentions usage

* final intentions usage page

* final intentions overview page

* fixed old relative links

* updated diagram for overview

* updated links to intentions content

* fixed typo in updated links

* rename intentions overview page file to index

* rollback link updates to intentions overview

* fixed nav

* Updated custom HTML in API and CLI pages to MD

* applied suggestions from review to index page

* moved conf examples from usage to conf ref

* missed custom HTML section

* applied additional feedback

* Apply suggestions from code review

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* updated headings in usage page

* renamed files and udpated nav

* updated links to new file names

* added redirects and final tweaks

* typo

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* Add storage backend interface and in-memory implementation (#16538)

Introduces `storage.Backend`, which will serve as the interface between the
Resource Service and the underlying storage system (Raft today, but in the
future, who knows!).

The primary design goal of this interface is to keep its surface area small,
and push as much functionality as possible into the layers above, so that new
implementations can be added with little effort, and easily proven to be
correct. To that end, we also provide a suite of "conformance" tests that can
be run against a backend implementation to check it behaves correctly.

In this commit, we introduce an initial in-memory storage backend, which is
suitable for tests and when running Consul in development mode. This backend is
a thin wrapper around the `Store` type, which implements a resource database
using go-memdb and our internal pub/sub system. `Store` will also be used to
handle reads in our Raft backend, and in the future, used as a local cache for
external storage systems.

* Fix bug in changelog checker where bash variable is not quoted (#16681)

* Read(...) endpoint for the resource service (#16655)

* Fix Edu Jira automation (#16778)

* Fix struct tags for TCPService enterprise meta (#16781)

* Fix struct tags for TCPService enterprise meta

* Add changelog

* Expand route flattening test for multiple namespaces (#16745)

* Exand route flattening test for multiple namespaces

* Add helper for checking http route config entry exists without checking for bound
status

* Fix port and hostname check for http route flattening test

* WatchList(..) endpoint for the resource service (#16726)

* Allocate virtual ip for resolver/router/splitter config entries (#16760)

* add ip rate limiter controller OSS parts (#16790)

* Resource service List(..) endpoint (#16753)

* changes to support new PQ enterprise fields (#16793)

* add scripts for testing locally consul-ui-toolkit (#16794)

* Update normalization of route refs (#16789)

* Use merge of enterprise meta's rather than new custom method

* Add merge logic for tcp routes

* Add changelog

* Normalize certificate refs on gateways

* Fix infinite call loop

* Explicitly call enterprise meta

* copyright headers for agent folder (#16704)

* copyright headers for agent folder

* Ignore test data files

* fix proto files and remove headers in agent/uiserver folder

* ignore deep-copy files

* Copyright headers for command folder (#16705)

* copyright headers for agent folder

* Ignore test data files

* fix proto files and remove headers in agent/uiserver folder

* ignore deep-copy files

* copyright headers for agent folder

* Copyright headers for command folder

* fix merge conflicts

* Add copyright headers for acl, api and bench folders (#16706)

* copyright headers for agent folder

* Ignore test data files

* fix proto files and remove headers in agent/uiserver folder

* ignore deep-copy files

* copyright headers for agent folder

* fix merge conflicts

* copyright headers for agent folder

* Ignore test data files

* fix proto files

* ignore agent/uiserver folder for now

* copyright headers for agent folder

* Add copyright headers for acl, api and bench folders

* Github Actions Migration - move go-tests workflows to GHA (#16761)

* go-tests workflow

* add test splitting to go-tests

* fix re-reun fails report path

* fix re-reun fails report path another place

* fixing tests for32bit and race

* use script file to generate runners

* fixing run path

* add checkout

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* passing runs-on

* setting up runs-on as a parameter to check-go-mod

* making on pull_request

* Update .github/scripts/rerun_fails_report.sh

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* make runs-on required

* removing go-version param that is not used.

* removing go-version param that is not used.

* Modify build-distros to use medium runners (#16773)

* go-tests workflow

* add test splitting to go-tests

* fix re-reun fails report path

* fix re-reun fails report path another place

* fixing tests for32bit and race

* use script file to generate runners

* fixing run path

* add checkout

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* passing runs-on

* setting up runs-on as a parameter to check-go-mod

* trying mediums

* adding in script

* fixing runs-on to be parameter

* fixing merge conflict

* changing to on push

* removing whitespace

* go-tests workflow

* add test splitting to go-tests

* fix re-reun fails report path

* fix re-reun fails report path another place

* fixing tests for32bit and race

* use script file to generate runners

* fixing run path

* add checkout

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* passing runs-on

* setting up runs-on as a parameter to check-go-mod

* changing back to on pull_request

---------

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Github Actions Migration - move verify-ci workflows to GHA (#16777)

* add verify-ci workflow

* adding comment and changing to on pull request.

* changing to pull_requests

* changing to pull_request

* Apply suggestions from code review

Co-authored-by: Dan Bond <danbond@protonmail.com>

* [NET-3029] Migrate frontend to GHA (#16731)

* changing set up to a small

* using consuls own custom runner pool.

---------

Co-authored-by: Dan Bond <danbond@protonmail.com>

* Copyright headers for missing files/folders (#16708)

* copyright headers for agent folder

* fix: export ReadWriteRatesConfig struct as it needs to referenced from consul-k8s (#16766)

* docs: Updates to support HCP Consul cluster peering release (#16774)

* New HCP Consul documentation section + links

* Establish cluster peering usage cross-link

* unrelated fix to backport to v1.15

* nav correction + fixes

* Tech specs fixes

* specifications for headers

* Tech specs fixes + alignments

* sprawl edits

* Tip -> note

* port ENT ingress gateway upgrade tests [NET-2294] [NET-2296] (#16804)

* [COMPLIANCE] Add Copyright and License Headers (#16807)

* [COMPLIANCE] Add Copyright and License Headers

* fix headers for generated files

* ignore dist folder

---------

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>

* add order by locality failover to Consul enterprise (#16791)

* ci: changes resulting from running on consul-enterprise (#16816)

* changes resulting from running on consul-enterprise

* removing comment line

* port ENT upgrade tests flattening (#16824)

* docs: raise awareness of GH-16779 (#16823)

* updating command to reflect the additional package exclusions in CircleCI (#16829)

* storage: fix resource leak in Watch (#16817)

* Remove UI brand-loader copyright headers as they do not render appropriately (#16835)

* Add sameness-group to exported-services config entries (#16836)

This PR adds the sameness-group field to exported-service
config entries, which allows for services to be exported
to multiple destination partitions / peers easily.

* Add default resolvers to disco chains based on the default sameness group (#16837)

* [NET-3029] Migrate dev-* jobs to GHA (#16792)

* ci: add build-artifacts workflow

Signed-off-by: Dan Bond <danbond@protonmail.com>

* makefile for gha dev-docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* use docker actions instead of make

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Add context

Signed-off-by: Dan Bond <danbond@protonmail.com>

* testing push

Signed-off-by: Dan Bond <danbond@protonmail.com>

* set short sha

Signed-off-by: Dan Bond <danbond@protonmail.com>

* upload to s3

Signed-off-by: Dan Bond <danbond@protonmail.com>

* rm s3 upload

Signed-off-by: Dan Bond <danbond@protonmail.com>

* use runner setup job

Signed-off-by: Dan Bond <danbond@protonmail.com>

* on push

Signed-off-by: Dan Bond <danbond@protonmail.com>

* testing

Signed-off-by: Dan Bond <danbond@protonmail.com>

* on pr

Signed-off-by: Dan Bond <danbond@protonmail.com>

* revert testing

Signed-off-by: Dan Bond <danbond@protonmail.com>

* OSS/ENT logic

Signed-off-by: Dan Bond <danbond@protonmail.com>

* add comments

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Update .github/workflows/build-artifacts.yml

Co-authored-by: John Murret <john.murret@hashicorp.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>

* add region field (#16825)

* add region field

* fix syntax error in test file

* go fmt

* go fmt

* remove test

* Connect CA Primary Provider refactor (#16749)

* Rename Intermediate cert references to LeafSigningCert

Within the Consul CA subsystem, the term "Intermediate"
is confusing because the meaning changes depending on
provider and datacenter (primary vs secondary). For
example, when using the Consul CA the "ActiveIntermediate"
may return the root certificate in a primary datacenter.

At a high level, we are interested in knowing which
CA is responsible for signing leaf certs, regardless of
its position in a certificate chain. This rename makes
the intent clearer.

* Move provider state check earlier

* Remove calls to GenerateLeafSigningCert

GenerateLeafSigningCert (formerly known
as GenerateIntermediate) is vestigial in
non-Vault providers, as it simply returns
the root certificate in primary
datacenters.

By folding Vault's intermediate cert logic
into `GenerateRoot` we can encapsulate
the intermediate cert handling within
`newCARoot`.

* Move GenerateLeafSigningCert out of PrimaryProvidder

Now that the Vault Provider calls
GenerateLeafSigningCert within
GenerateRoot, we can remove the method
from all other providers that never
used it in a meaningful way.

* Add test for IntermediatePEM

* Rename GenerateRoot to GenerateCAChain

"Root" was being overloaded in the Consul CA
context, as different providers and configs
resulted in a single root certificate or
a chain originating from an external trusted
CA. Since the Vault provider also generates
intermediates, it seems more accurate to
call this a CAChain.

* Update changelog with patch releases (#16856)

* Update changelog with patch releases

* Backport missed 1.0.4 patch release to changelog

* Fix typo on cli-flags.mdx (#16843)

Change "segements" to segments

* Allow dialer to re-establish terminated peering (#16776)

Currently, if an acceptor peer deletes a peering the dialer's peering
will eventually get to a "terminated" state. If the two clusters need to
be re-peered the acceptor will re-generate the token but the dialer will
encounter this error on the call to establish:

"failed to get addresses to dial peer: failed to refresh peer server
addresses, will continue to use initial addresses: there is no active
peering for "<<<ID>>>""

This is because in `exchangeSecret().GetDialAddresses()` we will get an
error if fetching addresses for an inactive peering. The peering shows
up as inactive at this point because of the existing terminated state.

Rather than checking whether a peering is active we can instead check
whether it was deleted. This way users do not need to delete terminated
peerings in the dialing cluster before re-establishing them.

* CA mesh CA expiration to it's own section

This is part of an effort to raise awareness that you need to monitor
your mesh CA if coming from an external source as you'll need to manage
the rotation.

* Fix broken doc in consul-k8s upgrade (#16852)

Signed-off-by: dttung2905 <ttdao.2015@accountancy.smu.edu.sg>
Co-authored-by: David Yu <dyu@hashicorp.com>

* docs: add envoy to the proxycfg diagram (#16834)

* docs: add envoy to the proxycfg diagram

* ci: increase deep-copy and lint-enum jobs to use large runner as they hang in ENT (#16866)

* docs: add envoy to the proxycfg diagram (#16834)

* docs: add envoy to the proxycfg diagram

* increase dee-copy job to use large runner.  disable lint-enums on ENT

* set lint-enums to a large

* remove redunant installation of deep-copy

---------

Co-authored-by: cskh <hui.kang@hashicorp.com>

* Raft storage backend (#16619)

* ad arm64 testing (#16876)

* Omit false positives from 404 checker (#16881)

* Remove false positives from 404 checker

* fix remaining 404s

* ci: fixes missing deps in frontend gha workflows (#16872)

Signed-off-by: Dan Bond <danbond@protonmail.com>

* always test oss and conditionally test enterprise (#16827)

* temporarily disable macos-arm64 tests job in go-tests (#16898)

* Resource `Write` endpoint (#16786)

* Resource `Delete` endpoint (#16756)

* Wasm Envoy HTTP extension (#16877)

* Fix API GW broken link (#16885)

* Fix API GW broken link

* Update website/content/docs/api-gateway/upgrades.mdx

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

---------

Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>

* ci: Add success jobs. make go-test-enterprise conditional. build-distros and go-tests trigger on push to main and release branches (#16905)

* Add go-tests-success job and make go-test-enterprise conditional

* fixing lint-32bit reference

* fixing reference to -go-test-troubleshoot

* add all jobs that fan out.

* fixing success job to need set up

* add echo to success job

* adding success jobs to build-artifacts, build-distros, and frontend.

* changing the name of the job in verify ci to be consistent with other workflows

* enable go-tests, build-distros, and verify-ci to run on merge to main and release branches because they currently do not with just the pull_request trigger

* increase ENT runner size for xl to match OSS.  have guild-distros use xl to match CircleCI (#16920)

* log warning about certificate expiring sooner and with more details

The old setting of 24 hours was not enough time to deal with an expiring certificates. This change ups it to 28 days OR 40% of the full cert duration, whichever is shorter. It also adds details to the log message to indicate which certificate it is logging about and a suggested action.

* highlight the agent.tls cert metric with CA ones

Include server agent certificate with list of cert metrics that need monitoring.

* docs: improve upgrade path guidance (#16925)

* Test: add noCleanup to TestServer stop (#16919)

* docs: fix typo in LocalRequestTimeoutMs (#16917)

* ci: add GOTAGS to build-distros (#16934)

* APIGW: Routes with duplicate parents should be invalid (#16926)

* ensure route parents are unique when creating an http route

* Ensure tcp route parents are unique

* Added unit tests

* ci: remove verify-ci from circleci (#16860)

* ci: remove go-tests workflow from CircleCI (#16855)

* remove go-tests workflow from CircleCI

* add yaml anchor back

* ci: build-artifacts - fix platform missing in manifest error (#16940)

* ci: build-artifacts - fix platform missing in manifest error

* remove platform key

* Check acls on resource `Read`, `List`, and `WatchList` (#16842)

* Resource validation hook for `Write` endpoint (#16950)

* Remove deprecated service-defaults upstream behavior. (#16957)

Prior to this change, peer services would be targeted by service-default
overrides as long as the new `peer` field was not found in the config entry.
This commit removes that deprecated backwards-compatibility behavior. Now
it is necessary to specify the `peer` field in order for upstream overrides
to apply to a peer upstream.

* Fix the indentation of the copyAnnotations example (#16873)

* Update docs for service-defaults overrides. (#16960)

Update docs for service-defaults overrides.

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* resource: `WriteStatus` endpoint (#16886)

* Remove global.name requirement for APs (#16964)

This is not a requirement when using APs because each AP has its own
auth method so it's okay if the names overlap.

* ci: remove build-distros from CircleCI (#16941)

* feat: add reporting config with reload (#16890)

* Added backport labels to PR template checklist (#16966)

* ci: split frontend ember jobs (#16973)

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Memdb Txn Commit race condition fix (#16871)

* Add a test to reproduce the race condition

* Fix race condition by publishing the event after the commit and adding a lock to prevent out of order events.

* split publish to generate the list of events before committing the transaction.

* add changelog

* remove extra func

* Apply suggestions from code review

Co-authored-by: Dan Upton <daniel@floppy.co>

* add comment to explain test

---------

Co-authored-by: Dan Upton <daniel@floppy.co>

* add sameness to exported services structs in the api package (#16984)

* circleci: remove frontend jobs (#16906)

* circleci: remove fronted jobs

Signed-off-by: Dan Bond <danbond@protonmail.com>

* remove frontend-cache

Signed-off-by: Dan Bond <danbond@protonmail.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Enforce ACLs on resource `Write` and `Delete` endpoints (#16956)

* Update list of Envoy versions (#16889)

* Update list of Envoy versions

* Update docs + CI + tests

* Add changelog entry

* Add newly-released Envoy versions 1.23.8 and 1.24.6

* Add newly-released Envoy version 1.22.11

* Add mutate hook to `Write` endpoint (#16958)

* upgrade test: config nodeName, nodeid, and inherited persistent data for consul container (#16931)

* move enterprise test cases out of open source (#16985)

* Fix delete when uid not provided (#16996)

* Enforce Owner rules in `Write` endpoint (#16983)

* add IP rate limiting config update (#16997)

* add IP rate limiting config update

* fix review comments

* * added Sameness Group to proto files (#16998)

- added Sameness Group to config entries
- added Sameness Group to subscriptions

* generated proto files

* added Sameness Group events to the state store
- added test cases

* Refactored health RPC Client
- moved code that is common to rpcclient under rpcclient common.go. This will help set us up to support future RPC clients

* Refactored proxycfg glue views
- Moved views to rpcclient config entry. This will allow us to reuse this code for a config entry client

* added config entry RPC Client
- Copied most of the testing code from rpcclient/health

* hooked up new rpcclient in agent

* fixed documentation and comments for clarity

* added missing error message content to troubleshooting (#17005)

* Add PrioritizeByLocality to config entries. (#17007)

This commit adds the PrioritizeByLocality field to both proxy-config
and service-resolver config entries for locality-aware routing. The
field is currently intended for enterprise only, and will be used to
enable prioritization of service-mesh connections to services based
on geographical region / zone.

* fixed bad link (#17009)

* added an intro statement for the SI conf entry confiration model (#17017)

* added an intro statement for the SI conf entry confiration model

* caught a few more typos

* Tenancy wildcard validaton for `Write`, `Read`, and `Delete` endpoints (#17004)

* docs: update docs related to GH-16779 (#17020)

* server: wire up in-process Resource Service (#16978)

* add ability to start container tests in debug mode and attach a debugger (#16887)

* add ability to start container tests in debug mode and attach a debugger to consul while running it.

* add a debug message with the debug port

* use pod to get the right port

* fix image used in basic test

* add more data to identify which container to debug.

* fix comment

Co-authored-by: Evan Culver <eculver@users.noreply.github.com>

* rename debugUri to debugURI

---------

Co-authored-by: Evan Culver <eculver@users.noreply.github.com>

* feat: set up reporting agent (#16991)

* api: enable query options on agent force-leave endpoint (#15987)

* Bump the golang.org/x/net to 0.7.0 to address CVE-2022-41723 (#16754)

* Bump the golang.org/x/net to 0.7.0 to address CVE-2022-41723

https://nvd.nist.gov/vuln/detail/CVE-2022-41723

* Add changelog entry

---------

Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>

* Don't send updates twice (#16999)

* add test-integrations workflow

* add test-integrations success job

* update vault integration testing versions (#16949)

* change parallelism to 4 forgotestsum.  use env.CONSUL_VERSION so we can see the version.

* use env for repeated values

* match test to circleci

* fix envvar

* fix envvar 2

* fix envvar 3

* fix envvar 4

* fix envvar 5

* make upgrade and compatibility tests match circleci

* backport of commit 107b85cb01

* backport of commit f0ce0f9250

* ci: add test-integrations (#16915)

* add test-integrations workflow

* add test-integrations success job

* update vault integration testing versions (#16949)

* change parallelism to 4 forgotestsum.  use env.CONSUL_VERSION so we can see the version.

* use env for repeated values

* match test to circleci

* fix envvar

* fix envvar 2

* fix envvar 3

* fix envvar 4

* fix envvar 5

* make upgrade and compatibility tests match circleci

* run go env to check environment

* debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* revert debug docker

Signed-off-by: Dan Bond <danbond@protonmail.com>

* going back to command that worked 5 days ago for compatibility tests

* Update Envoy versions to reflect changes in #16889

* cd to test dir

* try running ubuntu latest

* update PR with latest changes that work in enterprise

* yaml still sucks

* test GH fix (localhost resolution)

* change for testing

* test splitting and ipv6 lookup for compatibility and upgrade tests

* fix indention

* consul as image name

* remove the on push

* add gotestsum back in

* removing the use of the gotestsum download action

* yaml sucks today just like yesterday

* fixing nomad tests

* worked out the kinks on enterprise

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Eikenberry <jae@zhar.net>
Co-authored-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Dan Bond <danbond@protonmail.com>
Signed-off-by: dttung2905 <ttdao.2015@accountancy.smu.edu.sg>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: Bryce Kalow <bkalow@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: cskh <hui.kang@hashicorp.com>
Co-authored-by: Tyler Wendlandt <tyler.wendlandt@hashicorp.com>
Co-authored-by: Curt Bushko <cbushko@gmail.com>
Co-authored-by: amitchahalgits <109494649+amitchahalgits@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Dan Upton <daniel@floppy.co>
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
Co-authored-by: Mike Morris <mikemorris@users.noreply.github.com>
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>
Co-authored-by: skpratt <sarah.pratt@hashicorp.com>
Co-authored-by: John Eikenberry <jae@zhar.net>
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
Co-authored-by: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
Co-authored-by: Michael Hofer <karras@users.noreply.github.com>
Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com>
Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
Co-authored-by: Eric Haberkorn <erichaberkorn@gmail.com>
Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>
Co-authored-by: Matt Keeler <mkeeler@users.noreply.github.com>
Co-authored-by: Melisa Griffin <missylbytes@users.noreply.github.com>
Co-authored-by: John Maguire <john.maguire@hashicorp.com>
Co-authored-by: Ashlee M Boyer <43934258+ashleemboyer@users.noreply.github.com>
Co-authored-by: Valeriia Ruban <valeriia.ruban@hashicorp.com>
Co-authored-by: Paul Glass <pglass@hashicorp.com>
Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Co-authored-by: natemollica-dev <57850649+natemollica-nm@users.noreply.github.com>
Co-authored-by: Ashvitha <ashvitha297@gmail.com>
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Bastien Dronneau <bdronneau@users.noreply.github.com>
Co-authored-by: Freddy <freddygv@users.noreply.github.com>
Co-authored-by: Paul Banks <pbanks@hashicorp.com>
Co-authored-by: wangxinyi7 <121973291+wangxinyi7@users.noreply.github.com>
Co-authored-by: Vipin John Wilson <37441623+vjwilson1987@users.noreply.github.com>
Co-authored-by: Rosemary Wang <915624+joatmon08@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com>
Co-authored-by: Nitya Dhanushkodi <nitya@hashicorp.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: brian shore <bshore@hashicorp.com>
Co-authored-by: malizz <maliheh.monshizadeh@hashicorp.com>
Co-authored-by: Kyle Havlovitz <kylehav@gmail.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Co-authored-by: Hariram Sankaran <56744845+ramramhariram@users.noreply.github.com>
Co-authored-by: Dao Thanh Tung <ttdao.2015@accountancy.smu.edu.sg>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
Co-authored-by: Andrea Scarpino <andrea@scarpino.dev>
Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
Co-authored-by: Evan Culver <eculver@users.noreply.github.com>
Co-authored-by: Andrei Komarov <15227837+andreikom@users.noreply.github.com>
Co-authored-by: Kevin Wang <61252360+kevinwangcn@users.noreply.github.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
2023-04-19 03:15:42 +00:00
Eric Haberkorn a4d98f3e81
proxycfg: ensure that an irrecoverable error in proxycfg closes the xds session and triggers a replacement proxycfg watcher (#16497) (#17030)
Receiving an "acl not found" error from an RPC in the agent cache and the
streaming/event components will cause any request loops to cease under the
assumption that they will never work again if the token was destroyed. This
prevents log spam (#14144, #9738).

Unfortunately due to things like:

- authz requests going to stale servers that may not have witnessed the token
  creation yet

- authz requests in a secondary datacenter happening before the tokens get
  replicated to that datacenter

- authz requests from a primary TO a secondary datacenter happening before the
  tokens get replicated to that datacenter

The caller will get an "acl not found" *before* the token exists, rather than
just after. The machinery added above in the linked PRs will kick in and
prevent the request loop from looping around again once the tokens actually
exist.

For `consul-dataplane` usages, where xDS is served by the Consul servers
rather than the clients ultimately this is not a problem because in that
scenario the `agent/proxycfg` machinery is on-demand and launched by a new xDS
stream needing data for a specific service in the catalog. If the watching
goroutines are terminated it ripples down and terminates the xDS stream, which
CDP will eventually re-establish and restart everything.

For Consul client usages, the `agent/proxycfg` machinery is ahead-of-time
launched at service registration time (called "local" in some of the proxycfg
machinery) so when the xDS stream comes in the data is already ready to go. If
the watching goroutines terminate it should terminate the xDS stream, but
there's no mechanism to re-spawn the watching goroutines. If the xDS stream
reconnects it will see no `ConfigSnapshot` and will not get one again until
the client agent is restarted, or the service is re-registered with something
changed in it.

This PR fixes a few things in the machinery:

- there was an inadvertent deadlock in fetching snapshot from the proxycfg
  machinery by xDS, such that when the watching goroutine terminated the
  snapshots would never be fetched. This caused some of the xDS machinery to
  get indefinitely paused and not finish the teardown properly.

- Every 30s we now attempt to re-insert all locally registered services into
  the proxycfg machinery.

- When services are re-inserted into the proxycfg machinery we special case
  "dead" ones such that we unilaterally replace them rather that doing that
  conditionally.
2023-04-18 16:38:22 -04:00
hc-github-team-consul-core 7eb104544e
backport of commit 12d5cc0c37 (#17028)
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2023-04-18 17:51:16 +00:00
hc-github-team-consul-core 8b28a7e01e
feat: add reporting config with reload (#16971)
Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com>
2023-04-13 11:03:00 -04:00
hc-github-team-consul-core 68efb90828
Backport of circleci: remove frontend jobs into release/1.14.x (#16987)
* circleci: remove frontend

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Update config.yml

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-04-12 15:40:53 -07:00
Nathan Coleman 78af6e0180
Update list of Envoy versions (#16888)
* Update list of Envoy versions

* Update docs + CI + tests

* Add changelog entry

* Add newly-released Envoy 1.23.8 and 1.24.6

* Add newly-released Envoy version 1.22.11
2023-04-12 17:43:05 -04:00
hc-github-team-consul-core 4b1c391a71
Backport of ci: split frontend ember jobs into release/1.14.x (#16975)
* backport of commit 331baedf6f

* backport of commit 648d178e5e

---------

Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-04-12 14:44:03 +00:00
hc-github-team-consul-core 3aa749e024
Backport of ci: remove build-distros from CircleCI into release/1.14.x (#16968)
* no-op commit due to failed cherry-picking

* ci: remove build-distros from CircleCI (#16941)

* fixing circleci config

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-11 14:46:34 -06:00
hc-github-team-consul-core bcff39b0e4
no-op commit due to failed cherry-picking (#16947)
Co-authored-by: temp <temp@hashicorp.com>
2023-04-10 15:02:29 -06:00
hc-github-team-consul-core 82d7108d89
backport of commit 6b03c7b93f (#16935)
Co-authored-by: Andrea Scarpino <andrea@scarpino.dev>
2023-04-10 19:58:11 +00:00
hc-github-team-consul-core c6657d354a
backport of commit e9a99b170a (#16943)
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-10 18:48:05 +00:00
hc-github-team-consul-core 464c8e968c
backport of commit 4d52e5a21b (#16938)
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-10 17:30:57 +00:00
hc-github-team-consul-core 714802b28a
backport of commit 9862a83324 (#16929)
Co-authored-by: cskh <hui.kang@hashicorp.com>
2023-04-08 01:06:14 +00:00
hc-github-team-consul-core 7df3fbed3d
Backport of ci: increase ENT runner size for xl to match OSS. have build-distros use xl to match CircleCI into release/1.14.x (#16923)
* no-op commit due to failed cherry-picking

* increase ENT runner size for xl to match OSS.  have guild-distros use xl to match CircleCI (#16920)

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-07 12:45:26 -06:00
hc-github-team-consul-core cd12db3afe
Backport of ci: Add success jobs. make go-test-enterprise conditional. build-distros and go-tests trigger on push to main and release branches into release/1.14.x (#16910)
* ci: Add success jobs. make go-test-enterprise conditional. build-distros and go-tests trigger on push to main and release branches (#16905)

* Add go-tests-success job and make go-test-enterprise conditional

* fixing lint-32bit reference

* fixing reference to -go-test-troubleshoot

* add all jobs that fan out.

* fixing success job to need set up

* add echo to success job

* adding success jobs to build-artifacts, build-distros, and frontend.

* changing the name of the job in verify ci to be consistent with other workflows

* enable go-tests, build-distros, and verify-ci to run on merge to main and release branches because they currently do not with just the pull_request trigger

* Update go-tests.yml

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-06 17:30:37 -06:00
hc-github-team-consul-core dd893a5606
always test oss and conditionally test enterprise (#16827) (#16896)
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-05 17:33:34 -06:00
hc-github-team-consul-core 306bd07459
backport of commit c8cc6a6343 (#16901)
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-04-05 23:21:54 +00:00
hc-github-team-consul-core 26bbd367b0
backport of commit dd0216a614 (#16893)
Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-04-05 23:01:52 +00:00
John Murret 9f2474a434
backport of add arm64 testing (#16882)
automated backport failed to create.  need to merge this manual version.
2023-04-05 11:49:46 -06:00
John Murret 26073d077f
backport of increasing runner size for check-generated-deep-copy and lint-enums (#16869) 2023-04-04 12:00:08 -06:00
Freddy 604cad09a5
[1.14.x] Allow dialer to re-establish terminated peering
Currently, if an acceptor peer deletes a peering the dialer's peering
will eventually get to a "terminated" state. If the two clusters need to
be re-peered the acceptor will re-generate the token but the dialer will
encounter this error on the call to establish:

"failed to get addresses to dial peer: failed to refresh peer server
addresses, will continue to use initial addresses: there is no active
peering for "<<<ID>>>""

This is because in `exchangeSecret().GetDialAddresses()` we will get an
error if fetching addresses for an inactive peering. The peering shows
up as inactive at this point because of the existing terminated state.

Rather than checking whether a peering is active we can instead check
whether it was deleted. This way users do not need to delete terminated
peerings in the dialing cluster before re-establishing them.
2023-04-03 17:40:49 -06:00
Poonam Jadhav 1af132288e
feat: backport service instances table to 1.14.x (#16819) 2023-03-31 13:21:06 -04:00
hc-github-team-consul-core ecc6a7786d
Backport of Fix broken links in Consul docs into release/1.14.x (#16767)
* backport of commit fba9e901d6

* backport of commit fbdeaf2ebe

* cherry pick and fix merge conflict

* remove 1.15 related content

---------

Co-authored-by: Eddie Rowe <74205376+eddie-rowe@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-03-31 08:04:28 -07:00
hc-github-team-consul-core 6ad723c03c
backport of commit a362862cf6 (#16831)
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-03-31 03:57:48 +00:00
hc-github-team-consul-core f0ba563196
Backport of ci: changes resulting from running on consul-enterprise into release/1.14.x (#16821)
* no-op commit due to failed cherry-picking

* ci: changes resulting from running on consul-enterprise (#16816)

* changes resulting from running on consul-enterprise

* removing comment line

* removing test for envoyextensions, troubleshoot, and linting of container-deps

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-03-30 12:15:33 -06:00
hc-github-team-consul-core 98d11dbcd5
backport of commit e734b0c1df (#16813)
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2023-03-29 23:06:08 +00:00
hc-github-team-consul-core 8b9ef1dc81
Backport of docs: Updates to support HCP Consul cluster peering release into release/1.14.x (#16808)
* backport of commit a04e4762a2

* backport of commit 05702b5b59

* backport of commit 04b8b3615d

* backport of commit f9c4ffd1a4

---------

Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
2023-03-29 10:18:27 -07:00
hc-github-team-consul-core 22ee0e50ef
Backport of Github Actions Migration - move go-tests workflows to GHA into release/1.14.x (#16802)
* backport of commit df9d97f994

* backport of commit 8913844f1d

* backport of commit e8d708b693

* backport of commit b42be82b32

* backport of commit 2e7fc805c9

* backport of commit 6e65358f2a

* backport of commit 924060ef91

* backport of commit b4f5218a29

* backport of commit 4a3c1a2b52

* backport of commit e6f0d8e361

* backport of commit 9eed445d50

* backport of commit 848170652d

* backport of commit 5aab675663

* backport of commit 07d8ede1ff

* backport of commit 5b1b1acb82

* backport of commit 2ca46f812d

* backport of commit c9f85388b1

* backport of commit c450fa7d43

* backport of commit 9302ebc9cf

* backport of commit 0f55035288

* backport of commit 76694ab441

* backport of commit e7a7d983a5

* backport of commit fea35f5203

* backport of commit d64af3f727

* backport of commit 840d80a178

* remove envoyextensions tests

* removing lint-container-test-d

* removing troubleshoot test

* removing troubleshoot test

* remove linting of container test

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-03-28 22:32:28 +00:00
John Maguire 2c4f8f1344
Fix bug in changelog checker where bash variable is not quoted (#16681) (#16784) 2023-03-27 13:01:39 -04:00
Derek Menteer 35376c1ad0
Backport: Change partition for peers in discovery chain targets (#16772)
This commit swaps the partition field to the local partition for
discovery chains targeting peers. Prior to this change, peer upstreams
would always use a value of default regardless of which partition they
exist in. This caused several issues in xds / proxycfg because of id
mismatches.

Some prior fixes were made to deal with one-off id mismatches that this
PR also cleans up, since they are no longer needed.
2023-03-24 15:40:34 -05:00
hc-github-team-consul-core 26dd7ad6a3
Backport of RELENG-471: Remove obsolete load-test workflow into release/1.14.x (#16764)
* no-op commit due to failed cherry-picking

* RELENG-471: Remove obsolete load-test workflow (#16737)

* Remove obsolete load-test workflow

* remove load-tests from circleci config.

---------

Co-authored-by: John Murret <john.murret@hashicorp.com>

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: brian shore <bshore@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-03-24 12:23:27 -06:00
hc-github-team-consul-core b1505dce9a
Backport of Changelog for audit logging fix. into release/1.14.x (#16743)
* backport of commit e72e2bb2f7

* backport of commit f4cdcb208e

* backport of commit e720a4a8c1

---------

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
2023-03-22 20:17:44 +00:00
hc-github-team-consul-core e23e2fcafb
Backport of [NET-3029] Migrate build-distros to GHA into release/1.14.x (#16717)
* [NET-3029] Migrate build-distros to GHA (#16669)

* migrate build distros to GHA

Signed-off-by: Dan Bond <danbond@protonmail.com>

* build-arm

Signed-off-by: Dan Bond <danbond@protonmail.com>

* don't use matrix

Signed-off-by: Dan Bond <danbond@protonmail.com>

* check-go-mod

Signed-off-by: Dan Bond <danbond@protonmail.com>

* add notify slack script

Signed-off-by: Dan Bond <danbond@protonmail.com>

* notify slack if failure

Signed-off-by: Dan Bond <danbond@protonmail.com>

* rm notify slack script

Signed-off-by: Dan Bond <danbond@protonmail.com>

* fix check-go-mod job

Signed-off-by: Dan Bond <danbond@protonmail.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Manually fix build.yml bug

Signed-off-by: Dan Bond <danbond@protonmail.com>

* [NET-3029] Migrate build-distros to GHA (#16669)

* migrate build distros to GHA

Signed-off-by: Dan Bond <danbond@protonmail.com>

* build-arm

Signed-off-by: Dan Bond <danbond@protonmail.com>

* don't use matrix

Signed-off-by: Dan Bond <danbond@protonmail.com>

* check-go-mod

Signed-off-by: Dan Bond <danbond@protonmail.com>

* add notify slack script

Signed-off-by: Dan Bond <danbond@protonmail.com>

* notify slack if failure

Signed-off-by: Dan Bond <danbond@protonmail.com>

* rm notify slack script

Signed-off-by: Dan Bond <danbond@protonmail.com>

* fix check-go-mod job

Signed-off-by: Dan Bond <danbond@protonmail.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>

* Manually fix build.yml bug

Signed-off-by: Dan Bond <danbond@protonmail.com>

* remove whitespace

Signed-off-by: Dan Bond <danbond@protonmail.com>

---------

Signed-off-by: Dan Bond <danbond@protonmail.com>
2023-03-22 11:37:48 -07:00
hc-github-team-consul-core 9021e0c2c1
backport of commit 746a0a1d73 (#16734)
Co-authored-by: Eric <eric@haberkorn.co>
2023-03-22 13:35:37 +00:00
hc-github-team-consul-core f76c9fd247
Backport of fix: add AccessorID property to PUT token request into release/1.14.x (#16730)
* backport of commit d2c5a64857

* backport of commit 8e5e39c25a

* fixing linter issue

* fixing node-test failure

---------

Co-authored-by: valeriia-ruban <valeriia.ruban@hashicorp.com>
2023-03-21 23:00:39 +00:00
hc-github-team-consul-core 0ddeae9748
backport of commit e3b6545a6e (#16698) 2023-03-20 15:53:47 -07:00
Nitya Dhanushkodi d6d4f94d0a
[release/1.14.x] peering: peering partition failover fixes (#16693)
add local source partition for peered upstreams
2023-03-20 12:57:07 -07:00
hc-github-team-consul-core 2f6eba2931
Backport of Docs discovery typo into release/1.14.x (#16632)
* backport of commit d663303e4b

* backport of commit f6d5cd0481

---------

Co-authored-by: bdronneau <basti1.dr@gmail.com>
2023-03-14 12:01:06 -07:00
hc-github-team-consul-core 0e861765e1
backport of commit 78bb205fc3 (#16634)
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-03-14 17:37:24 +00:00