NET-1825: More new ACL token creation docs (#18063)
Co-authored-by: Paul Glass <pglass@hashicorp.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
This PR explicitly enables WebSocket upgrades in Envoy's UpgradeConfig for all
proxy types. (API Gateway, Ingress, and Sidecar.)
Fixes#8283
Co-authored-by: Blake Covarrubias <blake@covarrubi.as>
Fix Backport Assistant PR commenting (#18200)
* Fix Backport Assistant failure PR commenting
For general comments on a PR, it looks like you have to use the `/issue`
endpoint rather than `/pulls`, which requires commit/other
review-specific target details.
This matches the endpoint used in `backport-reminder.yml`.
* Remove Backport Reminder workflow
This is noisy (even when adding multiple labels, individual comments per
label are generated), and likely no longer needed: we haven't had this
work in a long time due to an expired GH token, and we now have better
automation for backport PR assignment.
Manual backport of 1c7fcdf188.
Backport of [NET-4865] Bump golang.org/x/net to 0.12.0 into release/1.16.x (#18189)
Bump golang.org/x/net to 0.12.0
While not necessary to directly address CVE-2023-29406 (which should be
handled by using a patched version of Go when building), an
accompanying change to HTTP/2 error handling does impact agent code.
See https://go-review.googlesource.com/c/net/+/506995 for the HTTP/2
change.
Bump this dependency across our submodules as well for the sake of
potential indirect consumers of `x/net/http`.
Manual backport of 84cbf09185.
Fix a bug that wrongly trims domains when there is an overlap with DC name (#17160)
* Fix a bug that wrongly trims domains when there is an overlap with DC name
Before this change, when DC name and domain/alt-domain overlap, the domain name incorrectly trimmed from the query.
Example:
Given: datacenter = dc-test, alt-domain = test.consul.
Querying for "test-node.node.dc-test.consul" will faile, because the
code was trimming "test.consul" instead of just ".consul"
This change, fixes the issue by adding dot (.) before trimming
* trimDomain: ensure domain trimmed without modyfing original domains
* update changelog
---------
Co-authored-by: Alex Simenduev <shamil.si@gmail.com>
## Backport
This PR is auto-generated from #18154 to be assessed for backporting due
to the inclusion of the label backport/1.15.
The below text is copied from the body of the original PR.
---
### Description
Addresses
https://github.com/hashicorp/consul/pull/17171#issuecomment-1636930705
### Testing & Reproduction steps
<!--
* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions
to replicate
* Call out any important/ relevant unit tests, e2e tests or integration
tests you have added or are adding
-->
### Links
<!--
Include any links here that might be helpful for people reviewing your
PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc).
If there are none, feel free to delete this section.
Please be mindful not to leak any customer or confidential information.
HashiCorp employees may want to use our internal URL shortener to
obfuscate links.
-->
### PR Checklist
* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern
---
<details>
<summary> Overview of commits </summary>
- f5a6411ce7
</details>
Co-authored-by: David Yu <dyu@hashicorp.com>
## Backport
This PR is auto-generated from #18129 to be assessed for backporting due
to the inclusion of the label backport/1.15.
🚨
>**Warning** automatic cherry-pick of commits failed. If the first
commit failed,
you will see a blank no-op commit below. If at least one commit
succeeded, you
will see the cherry-picked commits up to, _not including_, the commit
where
the merge conflict occurred.
The person who merged in the original PR is:
@jmurret
This person should manually cherry-pick the original PR into a new
backport PR,
and close this one when the manual backport PR is merged in.
> merge conflict error: POST
https://api.github.com/repos/hashicorp/consul/merges: 409 Merge conflict
[]
The below text is copied from the body of the original PR.
---
### Description
This is related to https://github.com/hashicorp/consul/pull/18124 where
we pinned the go versions in CI to 1.20.5 and 1.19.10.
go 1.20.6 and 1.19.11 now validate request host headers for validity,
including the hostname cannot be prefixed with slashes.
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname. Prior versions go Go would
clean the host header, and strip slashes in the process, but go1.20.6
and go1.19.11 no longer do, and reject the host header. Around the
community we are seeing that others are intercepting the req.host and if
it starts with a slash or ends with .sock, they changing the host to
localhost or another dummy value.
[client: define a "dummy" hostname to use for local connections by
thaJeztah · Pull Request #45942 ·
moby/moby](https://github.com/moby/moby/pull/45942)
### Testing & Reproduction steps
Check CI tests.
### Links
* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern
---
<details>
<summary> Overview of commits </summary>
- 747195f7aa -
516492420b -
f4d6ca19f8 -
a47407115e -
8c03b36e00 -
c50b17c46e -
cc8eaf8213 -
ce10138d07 -
133c7ecbf5 -
b0bd440d8f -
8f223080c0 -
f8578b0749 -
4452224d6a -
19634a4b3b
</details>
---------
Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
## Backport
This PR is auto-generated from #18134 to be assessed for backporting due
to the inclusion of the label backport/1.15.
The below text is copied from the body of the original PR.
---
### Description
- Fix unmatched bracket in the
[doc](https://developer.hashicorp.com/consul/docs/services/usage/checks#ttl-check-configuration)
(see the following screenshot of the page)
<img width="618" alt="Screenshot 2023-07-13 at 9 01 19 PM"
src="https://github.com/hashicorp/consul/assets/463631/20707735-906f-4b06-999d-44e6329a9fec">
### Testing & Reproduction steps
<!--
* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions
to replicate
* Call out any important/ relevant unit tests, e2e tests or integration
tests you have added or are adding
-->
### Links
<!--
Include any links here that might be helpful for people reviewing your
PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc).
If there are none, feel free to delete this section.
Please be mindful not to leak any customer or confidential information.
HashiCorp employees may want to use our internal URL shortener to
obfuscate links.
-->
### PR Checklist
* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern
---
<details>
<summary> Overview of commits </summary>
- d40243b3a3
</details>
Co-authored-by: cskh <hui.kang@hashicorp.com>
## Backport
This PR is auto-generated from #18124 to be assessed for backporting due
to the inclusion of the label backport/1.15.
🚨
>**Warning** automatic cherry-pick of commits failed. If the first
commit failed,
you will see a blank no-op commit below. If at least one commit
succeeded, you
will see the cherry-picked commits up to, _not including_, the commit
where
the merge conflict occurred.
The person who merged in the original PR is:
@jmurret
This person should manually cherry-pick the original PR into a new
backport PR,
and close this one when the manual backport PR is merged in.
> merge conflict error: POST
https://api.github.com/repos/hashicorp/consul/merges: 409 Merge conflict
[]
The below text is copied from the body of the original PR.
---
### Description
The following jobs started failing when go 1.20.6 was released:
- `go-test-api-1-19`
- `go-test-api-1-20`
- `compatibility-integration-tests`
- `upgrade-integration-tests`
`compatibility-integration-tests` and `compatibility-integration-tests`
to this testcontainers issue:
https://github.com/testcontainers/testcontainers-go/issues/1359. This
issue calls for testcontainers to release a new version when one of
their dependencies is fixed. When that is done, we will unpin the go
versions in `compatibility-integration-tests` and
`compatibility-integration-tests`.
### Testing & Reproduction steps
See these jobs broken in CI and then see them work with this PR.
---
<details>
<summary> Overview of commits </summary>
- 747195f7aa -
516492420b -
f4d6ca19f8 -
a47407115e -
8c03b36e00 -
c50b17c46e -
7b55f66218 -
93ce5fcc61
</details>
---------
Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
* backport of commit 0d7bee8adc
* backport of commit 408cbe8ae0
* backport of commit a0854784dc
* backport of commit 71c4c6564f
* backport of commit 0c060fa2ba
---------
Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
* backport of commit 4034bb2b3e
* backport of commit 9c4c3c50f0
* backport of commit 7282078993
---------
Co-authored-by: Tom Davies <thomas.23.davies@bt.com>
* backport of commit afa1f42cc7
* backport of commit e0970025d4
* backport of commit 2f2aad545b
* backport of commit 4a5c9c181f
---------
Co-authored-by: Ranjandas <thejranjan@gmail.com>
Co-authored-by: Chris S. Kim <kisunji92@gmail.com>
* backport of commit d490377d50
* Reference hashicorp/consul instead of consul for Docker image (#17914)
* Reference hashicorp/consul instead of consul for Docker image
* Update Make targets that pull consul directly
---------
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
* APIGW Normalize Status Conditions (#16994)
* normalize status conditions for gateways and routes
* Added tests for checking condition status and panic conditions for
validating combinations, added dummy code for fsm store
* get rid of unneeded gateway condition generator struct
* Remove unused file
* run go mod tidy
* Update tests, add conflicted gateway status
* put back removed status for test
* Fix linting violation, remove custom conflicted status
* Update fsm commands oss
* Fix incorrect combination of type/condition/status
* cleaning up from PR review
* Change "invalidCertificate" to be of accepted status
* Move status condition enums into api package
* Update gateways controller and generated code
* Update conditions in fsm oss tests
* run go mod tidy on consul-container module to fix linting
* Fix type for gateway endpoint test
* go mod tidy from changes to api
* go mod tidy on troubleshoot
* Fix route conflicted reason
* fix route conflict reason rename
* Fix text for gateway conflicted status
* Add valid certificate ref condition setting
* Revert change to resolved refs to be handled in future PR
* Resolve sneaky merge conflicts
---------
Co-authored-by: John Maguire <john.maguire@hashicorp.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
hc-github-team-consul-core