Commit Graph

32 Commits

Author SHA1 Message Date
Michael Zalimeni 57265a06f0
Backport of [NET-6138] security: Bump google.golang.org/grpc to 1.56.3 (CVE-2023-44487) to release/1.16.x (#19420)
Bump google.golang.org/grpc to 1.56.3

This resolves [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487).

Co-authored-by: Chris Thain <chris.m.thain@gmail.com>
2023-10-30 08:58:11 -04:00
hc-github-team-consul-core adefe8d16a
Backport of [NET-5944] security: Update Go version to 1.20.10 and `x/net` to 0.17.0 into release/1.16.x (#19234)
* backport of commit d7d9de95642a625307fecc8cff29bda1c22fa983

* backport of commit 0794b1ce74d37623d50f5e52cb289a48e8558d18

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2023-10-17 00:12:24 +00:00
Poonam Jadhav b485fa2104
fix: go sum revert (#18389) 2023-08-04 18:10:54 -04:00
Poonam Jadhav a9097992c2 release: envoyextensions version bump to v0.4.1 and api version bump to v1.24.0 in troubleshoot module 2023-08-04 17:37:34 -04:00
hc-github-team-consul-core d1a52f31a2
Backport of [NET-5146] security: Update Go version to 1.20.7 and `x/net` to 0.13.0 into release/1.16.x (#18363)
backport of commit 905e371607112dc00c55cae53c907b989a651f61

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2023-08-02 18:36:08 +00:00
hc-github-team-consul-core 74a4aac071
Backport of Update submodules to latest following 1.16.0 into release/1.16.x (#18198)
Update submodules to latest following 1.16.0

Align all our internal use of submodules on the latest versions.

Manual backport of 235d9c5ca5bccdad2e853f0ac052e25efdef1ca5.
2023-07-20 01:35:24 +00:00
hc-github-team-consul-core 7aef7ebc42
Backport of [NET-4865] Bump golang.org/x/net to 0.12.0 into release/1.16.x (#18189)
Bump golang.org/x/net to 0.12.0

While not necessary to directly address CVE-2023-29406 (which should be
handled by using a patched version of Go when building), an
accompanying change to HTTP/2 error handling does impact agent code.

See https://go-review.googlesource.com/c/net/+/506995 for the HTTP/2
change.

Bump this dependency across our submodules as well for the sake of
potential indirect consumers of `x/net/http`.

Manual backport of 84cbf09185ebfc59f9fcf486d1c4983ef129bf95.
2023-07-19 12:22:18 -04:00
Michael Zalimeni e25176bd70 Update troubleshoot submodule dependencies
Bump api, envoyextensions versions to latest.
2023-06-08 16:48:05 -04:00
Matt Keeler e909289454
Various bits of cleanup detected when using Go Workspaces (#17462)
TLDR with many modules the versions included in each diverged quite a bit. Attempting to use Go Workspaces produces a bunch of errors.

This commit:

1. Fixes envoy-library-references.sh to work again
2. Ensures we are pulling in go-control-plane@v0.11.0 everywhere (previously it was at that version in some modules and others were much older)
3. Remove one usage of golang/protobuf that caused us to have a direct dependency on it.
4. Remove deprecated usage of the Endpoint field in the grpc resolver.Target struct. The current version of grpc (v1.55.0) has removed that field and recommended replacement with URL.Opaque and calls to the Endpoint() func when needing to consume the previous field.
4. `go work init <all the paths to go.mod files>` && `go work sync`. This syncrhonized versions of dependencies from the main workspace/root module to all submodules
5. Updated .gitignore to ignore the go.work and go.work.sum files. This seems to be standard practice at the moment.
6. Update doc comments in protoc-gen-consul-rate-limit to be go fmt compatible
7. Upgraded makefile infra to perform linting, testing and go mod tidy on all modules in a flexible manner.
8. Updated linter rules to prevent usage of golang/protobuf
9. Updated a leader peering test to account for an extra colon in a grpc error message.
2023-06-05 16:08:39 -04:00
Eric Haberkorn bbf0b70b52
Add Upstream Service Targeting to Property Override Extension (#17517)
* add upstream service targeting to property override extension

* Also add baseline goldens for service specific property override extension.
* Refactor the extension framework to put more logic into the templates.

* fix up the golden tests
2023-05-30 14:53:42 -04:00
Chris Thain c1ed6e307f
ENT->OSS merge for Consolidate `ListEnvoyExtender` into `BasicEnvoyExtender` (#17491) 2023-05-26 11:10:31 -07:00
Michael Zalimeni 4cae008559
Disable remote proxy patching except AWS Lambda (#17415)
To avoid unintended tampering with remote downstreams via service
config, refactor BasicEnvoyExtender and RuntimeConfig to disallow
typical Envoy extensions from being applied to non-local proxies.

Continue to allow this behavior for AWS Lambda and the read-only
Validate builtin extensions.

Addresses CVE-2023-2816.
2023-05-23 11:55:06 +00:00
John Maguire c5b7164b16
APIGW Normalize Status Conditions (#16994)
* normalize status conditions for gateways and routes

* Added tests for checking condition status and panic conditions for
validating combinations, added dummy code for fsm store

* get rid of unneeded gateway condition generator struct

* Remove unused file

* run go mod tidy

* Update tests, add conflicted gateway status

* put back removed status for test

* Fix linting violation, remove custom conflicted status

* Update fsm commands oss

* Fix incorrect combination of type/condition/status

* cleaning up from PR review

* Change "invalidCertificate" to be of accepted status

* Move status condition enums into api package

* Update gateways controller and generated code

* Update conditions in fsm oss tests

* run go mod tidy on consul-container module to fix linting

* Fix type for gateway endpoint test

* go mod tidy from changes to api

* go mod tidy on troubleshoot

* Fix route conflicted reason

* fix route conflict reason rename

* Fix text for gateway conflicted status

* Add valid certificate ref condition setting

* Revert change to resolved refs to be handled in future PR
2023-04-24 16:22:55 -04:00
Ronald 71fb0a723e
Copyright headers for missing files/folders (#16708)
* copyright headers for agent folder
2023-03-28 18:48:58 -04:00
Semir Patel ef2070442d
Bump submodules from latest 1.15.1 patch release (#16578)
* Update changelog with Consul patch releases 1.13.7, 1.14.5, 1.15.1

* Bump submodules from latest patch release

* Forgot one
2023-03-08 14:37:50 -06:00
Dan Stough 133271ea69
fix: revert go mod compat for sdk,api to 1.19 (#16323) 2023-02-18 14:58:39 -05:00
Dan Stough 29497be7e8
[OSS] security: update go to 1.20.1 (#16263)
* security: update go to 1.20.1
2023-02-17 15:04:12 -05:00
Nitya Dhanushkodi 9d255fe057
troubleshoot: fixes and updated messages (#16294) 2023-02-17 07:43:05 -08:00
malizz f01b653163
get clusters from route if listener uses RDS (#16243) 2023-02-13 12:50:32 -08:00
Nitya Dhanushkodi 62ca1b0513
update the api in envoyextensions and troubleshoot modules (#16226) 2023-02-09 15:39:03 -08:00
malizz eabc5ce390
troubleshoot basic envoy stats for an upstream (#16215)
* troubleshoot basic envoy stats for an upstream

* remove envoyID arg
2023-02-09 12:06:31 -08:00
malizz 834ef73e8a
update troubleshoot CLI, update flags and upstreams output (#16211)
* update troubleshoot CLI, update flags and upstreams output

* update troubleshoot upstreams output
2023-02-08 16:05:22 -08:00
Nitya Dhanushkodi 58aed4dc04
troubleshoot: handle tproxy dialed directly case (#16210) 2023-02-08 14:49:38 -08:00
Nitya Dhanushkodi bc7badae9f
troubleshoot: output messages for the troubleshoot proxy command (#16208) 2023-02-08 13:03:15 -08:00
malizz 1e9d9e2493
get upstream IPs (#16197)
* get upstream IPs

* separate test data

* fix lint issue

* fix lint issue
2023-02-07 14:57:31 -08:00
malizz 1777e9ec8f
add cert tests (#16192) 2023-02-07 09:58:00 -08:00
malizz 86b3ed6319
exclude inbound/outbound listeners from upstreams output (#16184) 2023-02-06 18:48:55 -08:00
Nitya Dhanushkodi 77f6b20db0
refactor: remove troubleshoot module dependency on consul top level module (#16162)
Ensure nothing in the troubleshoot go module depends on consul's top level module. This is so we can import troubleshoot into consul-k8s and not import all of consul.

* turns troubleshoot into a go module [authored by @curtbushko]
* gets the envoy protos into the troubleshoot module [authored by @curtbushko]
* adds a new go module `envoyextensions` which has xdscommon and extensioncommon folders that both the xds package and the troubleshoot package can import
* adds testing and linting for the new go modules
* moves the unit tests in `troubleshoot/validateupstream` that depend on proxycfg/xds into the xds package, with a comment describing why those tests cannot be in the troubleshoot package
* fixes all the imports everywhere as a result of these changes 

Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-02-06 09:14:35 -08:00
Nitya Dhanushkodi 6151bcfa75
refactor: move service to service validation to troubleshoot package (#16132)
This is to reduce the dependency on xds from within the troubleshoot package.
2023-02-02 22:18:10 -08:00
malizz ffd311c2b7
validate certs and get stats (#16139) 2023-02-02 14:24:18 -08:00
malizz 1477cf5a82
update troubleshoot CLI (#16129) 2023-02-01 15:11:05 -08:00
malizz 84e7018087
add troubleshoot cli (#16070)
* add troubleshoot cli

* fix lint issue

* fix merge conflict

* fix lint issue
2023-02-01 11:37:30 -08:00