ddd12e6c1b
backport of commit 36891f355e ( #15854 )
...
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2022-12-20 16:25:54 +00:00
0f52c25396
Backport of Add custom balancer to always remove subConns into release/1.14.x ( #15836 )
...
* backport of commit c37343dfcc27a0ffb6e8ee5841db5435f72880cee8be8e4d5544d5c20f165420eddfb0ec1b87a98e
2022-12-19 17:50:52 +00:00
7c934a4bf9
Backport of agent: Fix assignment of error when auto-reloading cert and key file changes. into release/1.14.x ( #15772 )
...
* backport of commit 7d0cf566ca024c8a84a6
2022-12-15 21:26:43 +00:00
8843452d43
Backport of Fix DialedDirectly configuration for Consul dataplane. into release/1.14.x ( #15779 )
...
* backport of commit 1824f4428ab9b929daaaea07eeb188
2022-12-13 15:31:26 +00:00
99c65982d4
backport of commit ee0ba0ef63 ( #15756 )
...
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2022-12-09 16:36:33 +00:00
fd82c3fc46
Backport of Flakiness test: case-cfg-splitter-peering-ingress-gateways into release/1.14.x ( #15725 )
...
* backport of commit 1ac56cc5ac6d78f4b20e07054a70e40c99f0df59
2022-12-08 01:30:10 +00:00
17d6705c5a
Backport of Fix local mesh gateway with peering discovery chains. into release/1.14.x ( #15715 )
...
* backport of commit 8aff79edfe3ed9331e48
2022-12-07 13:20:57 -06:00
afcffc2385
connect: use -dev-no-store-token for test vaults to reduce source of flakes ( #15691 ) ( #15694 )
...
It turns out that by default the dev mode vault server will attempt to interact with the
filesystem to store the provided root token. If multiple vault instances are running
they'll all awkwardly share the filesystem and if timing results in one server stopping
while another one is starting then the starting one will error with:
Error initializing Dev mode: rename /home/circleci/.vault-token.tmp /home/circleci/.vault-token: no such file or directory
This change uses `-dev-no-store-token` to bypass that source of flakes. Also the
stdout/stderr from the vault process is included if the test fails.
The introduction of more `t.Parallel` use in https://github.com/hashicorp/consul/pull/15669
increased the likelihood of this failure, but any of the tests with multiple vaults in use
(or running multiple package tests in parallel that all use vault) were eventually going
to flake on this.
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-12-06 13:28:49 -06:00
8d4bcfb06f
connect: ensure all vault connect CA tests use limited privilege tokens ( #15689 )
...
All of the current integration tests where Vault is the Connect CA now use non-root tokens for the test. This helps us detect privilege changes in the vault model so we can keep our guides up to date.
One larger change was that the RenewIntermediate function got refactored slightly so it could be used from a test, rather than the large duplicated function we were testing in a test which seemed error prone.
Co-authored-by: R.B. Boyer <4903+rboyer@users.noreply.github.com>
2022-12-06 12:30:45 -06:00
9e25552415
Backport of Detect Vault 1.11+ import in secondary datacenters and update default issuer into release/1.14.x ( #15683 )
...
* backport of commit 97fcd595d4fc847e4edf0207f1d54c38f182481751f8e56fe04c7c84292d5a2a1e5f13e3b26c40b50bf754af30
2022-12-05 21:56:47 +00:00
18dffc51dc
Backport of peering: better represent non-passing states during peer check flattening into release/1.14.x ( #15618 )
...
* backport of commit 4deb06690165c70e84ec4372a5221c
2022-11-30 18:14:26 +00:00
657616a744
Backport of Remove log line about server mgmt token init into release/1.14.x ( #15612 )
...
Co-authored-by: freddygv <freddy@hashicorp.com>
2022-11-29 16:21:42 -07:00
7c0eec4c1f
Add support for configuring Envoys route idle_timeout ( #14340 ) ( #15611 )
...
* Add idleTimeout
Co-authored-by: James Oulman <oulman@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2022-11-29 17:58:00 -05:00
e7f8505e1d
Backport of Add peering `.service` and `.node` DNS lookups. into release/1.14.x ( #15599 )
2022-11-29 13:18:48 -06:00
3a03f2697e
Backport of Fix Vault managed intermediate PKI bug into release/1.14.x ( #15579 )
2022-11-29 09:33:13 -05:00
2811464d56
Backport of fix(peering): increase the gRPC limit to 8MB into release/1.14.x ( #15589 )
...
* backport of commit 84b287cc3c
2022-11-28 18:05:33 -05:00
ab9e13c4e0
Backport of Use backport-compatible assertion into release/1.14.x ( #15549 )
...
This pull request was automerged via backport-assistant
2022-11-24 11:44:52 -05:00
8dcbee57e6
backport of commit b3f544a23b ( #15545 )
...
This pull request was automerged via backport-assistant
2022-11-24 10:13:31 -05:00
84838e57f0
Detect Vault 1.11+ import, update default issuer ( #15253 ) ( #15437 )
...
Consul used to rely on implicit issuer selection when calling Vault endpoints to issue new CSRs. Vault 1.11+ changed that behavior, which caused Consul to check the wrong (previous) issuer when renewing its Intermediate CA. This patch allows Consul to explicitly set a default issuer when it detects that the response from Vault is 1.11+.
Signed-off-by: Alexander Scheel <alex.scheel@hashicorp.com>
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2022-11-18 10:24:27 -05:00
2de3b807d0
Backport of fix: clarifying error message when acquiring a lock in remote dc into release/1.14.x ( #15415 )
...
This pull request was automerged via backport-assistant
2022-11-16 15:28:16 -05:00
d9d0d925c3
Backport of auto-config: relax node name validation for JWT authorization into release/1.14.x ( #15372 )
...
This pull request was automerged via backport-assistant
2022-11-14 19:25:12 -05:00
6ca306f1a3
Backport of Ensure that NodeDump imported nodes are filtered into release/1.14.x ( #15359 )
...
This pull request was automerged via backport-assistant
2022-11-14 14:36:09 -05:00
54f7a79d69
Backport of Fixup authz for data imported from peers into release/1.14.x ( #15355 )
...
This pull request was automerged via backport-assistant
2022-11-14 13:36:51 -05:00
904aaf742d
Backport of connect: strip port from DNS SANs for ingress gateway leaf cert into release/1.14.x ( #15354 )
...
This pull request was automerged via backport-assistant
2022-11-14 13:27:50 -05:00
ceb102f352
Backport of Prevent serving TLS via ports.grpc into release/1.14.x ( #15342 )
...
This pull request was automerged via backport-assistant
2022-11-11 15:29:50 -05:00
8c2e5e26ed
Backport of [OSS] fix: wait and try longer to peer through mesh gw into release/1.14.x ( #15329 )
...
This pull request was automerged via backport-assistant
2022-11-10 13:54:47 -05:00
6645e02c6c
update config defaults, add docs ( #15302 ) ( #15323 )
...
* update config defaults, add docs
* update grpc tls port for non-default values
* add changelog
* Update website/content/docs/upgrading/upgrade-specific.mdx
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
* Update website/content/docs/agent/config/config-files.mdx
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
* update logic for setting grpc tls port value
* move default config to default.go, update changelog
* update docs
* Fix config tests.
* Fix linter error.
* Fix ConnectCA tests.
* Cleanup markdown on upgrade notes.
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
Co-authored-by: malizz <maliheh.monshizadeh@hashicorp.com>
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2022-11-10 11:21:31 -06:00
3a8f6dddad
Backport of Avoid blocking child type updates on parent ack into release/1.14.x ( #15321 )
...
This pull request was automerged via backport-assistant
2022-11-09 18:22:06 -05:00
1151610ee1
Backport of update ACLs for cluster peering into release/1.14.x ( #15318 )
...
This pull request was automerged via backport-assistant
2022-11-09 16:04:17 -05:00
5843befad2
Backport of Log Warnings When Peering With Mesh Gateway Mode None into release/1.14.x ( #15310 )
...
This pull request was automerged via backport-assistant
2022-11-09 11:49:24 -05:00
11aaa9bcb3
Backport of Fix mesh gateway configuration with proxy-defaults into release/1.14.x ( #15309 )
...
This pull request was automerged via backport-assistant
2022-11-09 11:15:01 -05:00
c896ae06bf
Backport of Bring back parameter ServerExternalAddresses in GenerateToken endpoint into release/1.14.x ( #15296 )
...
* backport of commit 4199a7c30a53be93fb901b0ce4e96c1b4ee792cb98f3d5aa511f3b30b768
2022-11-08 15:31:17 -06:00
0f05c4741e
Backport of fix(mesh-gateway): remove deregistered service from mesh gateway into release/1.14.x ( #15284 )
...
* backport of commit 8083bba320
2022-11-07 20:43:39 -05:00
8071715461
backport of commit 7436a3feb7 ( #15280 )
...
This pull request was automerged via backport-assistant
2022-11-07 13:18:09 -05:00
fb7b645b29
Update hcp-scada-provider to fix diamond dependency problem with go-msgpack ( #15185 ) ( #15277 )
2022-11-07 12:09:18 -05:00
dbd8fa042b
backport of commit 3496946787 ( #15275 )
...
This pull request was automerged via backport-assistant
2022-11-07 10:00:35 -05:00
e372bf3935
Backport of fix: persist peering CA updates to dialing clusters into release/1.14.x ( #15265 )
...
This pull request was automerged via backport-assistant
2022-11-04 12:53:44 -04:00
904a4c3836
Backport of Backport tests from ent. into release/1.14.x ( #15262 )
...
This pull request was automerged via backport-assistant
2022-11-04 11:19:44 -04:00
0093b81cda
Backport of Backport test from ENT: "Fix missing test fields" into release/1.14.x ( #15261 )
...
This pull request was automerged via backport-assistant
2022-11-04 10:29:37 -04:00
953e104c3e
Backport of Backport various fixes from ENT. into release/1.14.x ( #15257 )
...
This pull request was automerged via backport-assistant
2022-11-03 17:35:21 -04:00
aea08688bd
Backport of Added check for empty peeringsni in restrictPeeringEndpoints into release/1.14.x ( #15240 )
...
This pull request was automerged via backport-assistant
2022-11-02 18:21:09 -04:00
6ea60aa363
backport of commit cf9244fb73 ( #15232 )
...
This pull request was automerged via backport-assistant
2022-11-02 08:57:19 -04:00
6def795f56
backport of commit b4a7cf11f8 ( #15226 )
...
This pull request was automerged via backport-assistant
2022-11-01 15:03:44 -04:00
815397b46a
backport of commit 2e4ce70921 ( #15210 )
...
This pull request was automerged via backport-assistant
2022-10-31 15:30:54 -04:00
1d8778173a
Backport of test: fix flaky TestSubscribeBackend_IntegrationWithServer_DeliversAllMessages test into release/1.14.x ( #15207 )
...
This pull request was automerged via backport-assistant
2022-10-31 13:11:24 -04:00
2603ff0f02
Backport of connect: Add Envoy 1.24 to integration tests, remove Envoy 1.20 into release/1.14.x ( #15202 )
...
This pull request was automerged via backport-assistant
2022-10-31 11:51:08 -04:00
1d5ae30946
backport of commit c7aee51b3d ( #15201 )
...
This pull request was automerged via backport-assistant
2022-10-31 10:56:53 -04:00
7439701133
Backport of Fix peered service protocols using proxy-defaults. into release/1.14.x ( #15200 )
...
This pull request was automerged via backport-assistant
2022-10-31 09:45:26 -04:00
37f04934c8
backport of commit 584db775ca ( #15179 )
...
This pull request was automerged via backport-assistant
2022-10-28 10:51:32 -04:00
a71f0aa105
Backport of Allow consul debug on non-ACL consul servers into release/1.14.x ( #15167 )
...
This pull request was automerged via backport-assistant
2022-10-27 09:26:06 -04:00
hc-github-team-consul-core