Commit graph

20363 commits

Author SHA1 Message Date
hc-github-team-consul-core e1ef25d91a
Backport of [NET-4792] Add integrations tests for jwt-auth into release/1.16.x (#18173)
backport of commit e588acf2ee4752334f640be389ae3843aac501de

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-07-18 19:14:05 +00:00
hc-github-team-consul-core 761fdacda6
Backport of chore: bump upgrade integrations tests to 1.15, 116 [NET-4743] into release/1.16.x (#18148)
Co-authored-by: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>
2023-07-18 10:04:11 -07:00
Dhia Ayachi 6c6ce14d5d
Fix a bug that wrongly trims domains when there is an overlap with DC 1.16.x (#18164)
Fix a bug that wrongly trims domains when there is an overlap with DC name (#17160)

* Fix a bug that wrongly trims domains when there is an overlap with DC name

Before this change, when DC name and domain/alt-domain overlap, the domain name incorrectly trimmed from the query.

Example:

Given: datacenter = dc-test, alt-domain = test.consul.
Querying for "test-node.node.dc-test.consul" will faile, because the
code was trimming "test.consul" instead of just ".consul"

This change, fixes the issue by adding dot (.) before trimming

* trimDomain: ensure domain trimmed without modyfing original domains

* update changelog

---------

Co-authored-by: Alex Simenduev <shamil.si@gmail.com>
2023-07-18 10:03:41 -04:00
hc-github-team-consul-core 6b5c266a20
Backport of Fix bug with Vault CA provider into release/1.16.x (#18161)
* backport of commit 57bb6f3d729e4d76d1043efa2fa6a46137398d32

* backport of commit b2dad880653285a975795e89b0d77a6ea2fa60f1

* backport of commit 753d3c0d3f4797b6cf2d3490df996dffa8e885de

---------

Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2023-07-17 18:46:33 +00:00
hc-github-team-consul-core bb0c534363
Backport of Re-order expected/actual for assertContainerState in consul container tests into release/1.16.x (#18158)
backport of commit d5bed27d980058151d884980ad70071c8f235f37

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-07-17 18:29:36 +00:00
hc-github-team-consul-core 788225832e
Backport of add a conditional around setting LANFilter.AllSegments to make sure it is valid into release/1.16.x (#18146)
* no-op commit due to failed cherry-picking

* add a conditional around setting LANFilter.AllSegments to make sure it is valid (#18139)

This is to correct a code problem because this assumes all segments, but
when you get to Enterprise, you can be in partition that is not the
default partition, in which case specifying all segments does not
validate and fails. This is to correct the setting of this filter with
`AllSegments` to `true` to only occur when in the the `default`
partition.

<!--

* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions
to replicate
* Call out any important/ relevant unit tests, e2e tests or integration
tests you have added or are adding

-->

<!--

Include any links here that might be helpful for people reviewing your
PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc).
If there are none, feel free to delete this section.

Please be mindful not to leak any customer or confidential information.
HashiCorp employees may want to use our internal URL shortener to
obfuscate links.

-->

* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-07-17 11:59:44 -06:00
hc-github-team-consul-core 6a5244bf9c
Backport of [NET-4897] net/http host header is now verified and request.host that contains socked now error into release/1.16.x (#18145)
* no-op commit due to failed cherry-picking

* [NET-4897] net/http host header is now verified and request.host that contains socked now error (#18129)

### Description

This is related to https://github.com/hashicorp/consul/pull/18124 where
we pinned the go versions in CI to 1.20.5 and 1.19.10.

go 1.20.6 and 1.19.11 now validate request host headers for validity,
including the hostname cannot be prefixed with slashes.

For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname. Prior versions go Go would
clean the host header, and strip slashes in the process, but go1.20.6
and go1.19.11 no longer do, and reject the host header. Around the
community we are seeing that others are intercepting the req.host and if
it starts with a slash or ends with .sock, they changing the host to
localhost or another dummy value.

[client: define a "dummy" hostname to use for local connections by
thaJeztah · Pull Request #45942 ·
moby/moby](https://github.com/moby/moby/pull/45942)

### Testing & Reproduction steps

Check CI tests.

### Links
* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-07-17 11:44:56 -06:00
hc-github-team-consul-core ea93c7b29c
Backport of Displays Consul version of each nodes in UI nodes section into release/1.16.x (#18113)
## Backport

This PR is auto-generated from #17754 to be assessed for backporting due
to the inclusion of the label backport/1.16.


🚨
>**Warning** automatic cherry-pick of commits failed. If the first
commit failed,
you will see a blank no-op commit below. If at least one commit
succeeded, you
will see the cherry-picked commits up to, _not including_, the commit
where
the merge conflict occurred.

The person who merged in the original PR is:
@WenInCode
This person should manually cherry-pick the original PR into a new
backport PR,
and close this one when the manual backport PR is merged in.

> merge conflict error: unable to process merge commit:
"1c757b8a2c1160ad53421b7b8bd7f74b205c4b89", automatic backport requires
rebase workflow



The below text is copied from the body of the original PR.

---

fixes #17097 Consul version of each nodes in UI nodes section

@jkirschner-hashicorp @huikang @team @Maintainers

Updated consul version in the request to register consul.
Added this as Node MetaData.
Fetching this new metadata in UI

<img width="1512" alt="Screenshot 2023-06-15 at 4 21 33 PM"
src="https://github.com/hashicorp/consul/assets/3139634/94f7cf6b-701f-4230-b9f7-d8c4342d0737">

Also made this backward compatible and tested.

Backward compatible in this context means - If consul binary with above
PR changes is deployed to one of node, and if UI is run from this node,
then the version of not only current (upgraded) node is displayed in UI
, but also of older nodes given that they are consul servers only.
For older (non-server or client) nodes the version is not added in
NodeMeta Data and hence the version will not be displayed for them.
If a old node is consul server, the version will be displayed. As the
endpoint - "v1/internal/ui/nodes?dc=dc1" was already returning version
in service meta. This is made use of in current UI changes.

<img width="1480" alt="Screenshot 2023-06-16 at 6 58 32 PM"
src="https://github.com/hashicorp/consul/assets/3139634/257942f4-fbed-437d-a492-37849d2bec4c">




---

<details>
<summary> Overview of commits </summary>

- 931fdfc7ecdc26bb7cc20b698c5e14c1b65fcc6e -
b3e2ec1ccaca3832a088ffcac54257fa6653c6c1 -
8d0e9a54907039c09330c6cd7b9e761566af6856 -
04e5d88cca37821f6667be381c16aaa5958b5c92 -
28286a2e98f8cd66ef8593c2e2893b4db6080417 -
43e50ad38207952a9c4d04d45d08b6b8f71b31fe -
0cf1b7077cdf255596254d9dc1624a269c42b94d -
27f34ce1c2973591f75b1e38a81ccbe7cee6cee3 -
2ac76d62b8cbae76b1a903021aebb9b865e29d6e -
3d618df9ef1d10dd5056c8b1ed865839c553a0e0 -
1c757b8a2c1160ad53421b7b8bd7f74b205c4b89 -
23ce82b4cee8f74dd634dbe145313e9a56c0077d -
4dc1c9b4c5aafdb8883ef977dfa9b39da138b6cb -
85a12a92528bfa267a039a9bb258170be914abf7 -
25d30a3fa980d130a30d445d26d47ef2356cb553 -
7f1d6192dce3352e92307175848b89f91e728c24 -
5174cbff84b0795d4cb36eb8980d0d5336091ac9

</details>

---------

Co-authored-by: Vijay Srinivas <vijayraghav22@gmail.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
Co-authored-by: Jared Kirschner <85913323+jkirschner-hashicorp@users.noreply.github.com>
2023-07-17 17:27:50 +00:00
hc-github-team-consul-core c524e23540
Backport of Change docs to say 168h instead of 7d for server_rejoin_age_max into release/1.16.x (#18156)
## Backport

This PR is auto-generated from #18154 to be assessed for backporting due
to the inclusion of the label backport/1.16.



The below text is copied from the body of the original PR.

---

### Description

Addresses
https://github.com/hashicorp/consul/pull/17171#issuecomment-1636930705
 
### Testing & Reproduction steps

<!--

* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions
to replicate
* Call out any important/ relevant unit tests, e2e tests or integration
tests you have added or are adding

-->

### Links

<!--

Include any links here that might be helpful for people reviewing your
PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc).
If there are none, feel free to delete this section.

Please be mindful not to leak any customer or confidential information.
HashiCorp employees may want to use our internal URL shortener to
obfuscate links.

-->

### PR Checklist

* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern


---

<details>
<summary> Overview of commits </summary>

  - f5a6411ce7cbda9dddc506b731210d4ebda6bdb1 

</details>

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-17 17:12:38 +00:00
hc-github-team-consul-core db4b2cb577
Backport of Use JWT-auth filter in metadata mode & Delegate validation to RBAC filter into release/1.16.x (#18153)
## Backport

This PR is auto-generated from #18062 to be assessed for backporting due
to the inclusion of the label backport/1.16.



The below text is copied from the body of the original PR.

---

### Description

<!-- Please describe why you're making this change, in plain English.
-->

- Currently the jwt-auth filter doesn't take into account the service
identity when validating jwt-auth, it only takes into account the path
and jwt provider during validation. This causes issues when multiple
source intentions restrict access to an endpoint with different JWT
providers.
- To fix these issues, rather than use the JWT auth filter for
validation, we use it in metadata mode and allow it to forward the
successful validated JWT token payload to the RBAC filter which will
make the decisions.

This PR ensures requests with and without JWT tokens successfully go
through the jwt-authn filter. The filter however only forwards the data
for successful/valid tokens. On the RBAC filter level, we check the
payload for claims and token issuer + existing rbac rules.

### Testing & Reproduction steps

<!--

* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions
to replicate
* Call out any important/ relevant unit tests, e2e tests or integration
tests you have added or are adding

-->

- This test covers a multi level jwt requirements (requirements at top
level and permissions level). It also assumes you have envoy running,
you have a redis and a sidecar proxy service registered, and have a way
to generate jwks with jwt. I mostly use:
https://www.scottbrady91.com/tools/jwt for this.

- first write your proxy defaults
```
Kind = "proxy-defaults"
name = "global"
config {
  protocol = "http"
}
```
- Create two providers 
```
Kind = "jwt-provider"
Name = "auth0"
Issuer = "https://ronald.local"

JSONWebKeySet = {
    Local = {
     JWKS = "eyJrZXlzIjog....."
    }
}
```

```
Kind = "jwt-provider"
Name = "okta"
Issuer = "https://ronald.local"

JSONWebKeySet = {
   Local = {
     JWKS = "eyJrZXlzIjogW3...."
    }
}
```

- add a service intention
```
Kind = "service-intentions"
Name = "redis"

JWT = {
  Providers = [
    {
      Name = "okta"
    },
  ]
}

Sources = [
  {
    Name = "*"
    Permissions = [{
      Action = "allow"
      HTTP = {
        PathPrefix = "/workspace"
      }
      JWT = {
        Providers = [
          {
            Name = "okta"
            VerifyClaims = [
              {
                  Path = ["aud"]
                  Value = "my_client_app"
              },
              {
                Path = ["sub"]
                Value = "5be86359073c434bad2da3932222dabe"
              }
            ]
          },
        ]
      }

    },
    {
      Action = "allow"
      HTTP = {
        PathPrefix = "/"
      }
      JWT = {
        Providers = [
          {
            Name = "auth0"
          },
        ]
      }

    }]
  }
]
```
- generate 3 jwt tokens: 1 from auth0 jwks, 1 from okta jwks with
different claims than `/workspace` expects and 1 with correct claims
- connect to your envoy (change service and address as needed) to view
logs and potential errors. You can add: `-- --log-level debug` to see
what data is being forwarded
```
consul connect envoy -sidecar-for redis1 -grpc-addr 127.0.0.1:8502
```
- Make the following requests: 
```
curl -s -H "Authorization: Bearer $Auth0_TOKEN" --insecure --cert leaf.cert --key leaf.key --cacert connect-ca.pem https://localhost:20000/workspace -v

RBAC filter denied

curl -s -H "Authorization: Bearer $Okta_TOKEN_with_wrong_claims" --insecure --cert leaf.cert --key leaf.key --cacert connect-ca.pem https://localhost:20000/workspace -v

RBAC filter denied

curl -s -H "Authorization: Bearer $Okta_TOKEN_with_correct_claims" --insecure --cert leaf.cert --key leaf.key --cacert connect-ca.pem https://localhost:20000/workspace -v

Successful request
```


### TODO

* [x] Update test coverage
* [ ] update integration tests (follow-up PR)
* [x] appropriate backport labels added


---

<details>
<summary> Overview of commits </summary>

  - 70536f5a38507d7468f62d00dd93a6968a3d9cf3 

</details>

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-07-17 15:50:21 +00:00
hc-github-team-consul-core 2a31583727
Backport of Add ingress gateway deprecation notices to docs into release/1.16.x (#18131)
## Backport

This PR is auto-generated from #18102 to be assessed for backporting due
to the inclusion of the label backport/1.16.



The below text is copied from the body of the original PR.

---

### Description

This adds notices, that ingress gateway is deprecated, to several places
in the product docs where ingress gateway is the topic.

### Testing & Reproduction steps

Tested with a local copy of the website.

### Links

Deprecation of ingress gateway was announced in the Release Notes for
Consul 1.16 and Consul-K8s 1.2. See:

[https://developer.hashicorp.com/consul/docs/release-notes/consul/v1_16_x#what-s-deprecated](https://developer.hashicorp.com/consul/docs/release-notes/consul/v1_16_x#what-s-deprecated
)

[https://developer.hashicorp.com/consul/docs/release-notes/consul-k8s/v1_2_x#what-s-deprecated](https://developer.hashicorp.com/consul/docs/release-notes/consul-k8s/v1_2_x#what-s-deprecated)

### PR Checklist

* [N/A] updated test coverage
* [X] external facing docs updated
* [X] appropriate backport labels added
* [X] not a security concern


---

<details>
<summary> Overview of commits </summary>

- 8aa89b446cc5259e2bbbb0377f39bb614d5d508d -
8500ad0f7da36098bdc1ddb0abec12915f90d6f1 -
4a7777930a814ec0737968b2157ecbf4635d743c

</details>

---------

Co-authored-by: Jeff-Apple <79924108+Jeff-Apple@users.noreply.github.com>
2023-07-14 17:29:39 +00:00
hc-github-team-consul-core ceb0bb6724
Backport of Docs: fix unmatched bracket for health checks page into release/1.16.x (#18137)
## Backport

This PR is auto-generated from #18134 to be assessed for backporting due
to the inclusion of the label backport/1.16.



The below text is copied from the body of the original PR.

---

### Description

- Fix unmatched bracket in the
[doc](https://developer.hashicorp.com/consul/docs/services/usage/checks#ttl-check-configuration)
(see the following screenshot of the page)

<img width="618" alt="Screenshot 2023-07-13 at 9 01 19 PM"
src="https://github.com/hashicorp/consul/assets/463631/20707735-906f-4b06-999d-44e6329a9fec">


### Testing & Reproduction steps

<!--

* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions
to replicate
* Call out any important/ relevant unit tests, e2e tests or integration
tests you have added or are adding

-->

### Links



<!--

Include any links here that might be helpful for people reviewing your
PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc).
If there are none, feel free to delete this section.

Please be mindful not to leak any customer or confidential information.
HashiCorp employees may want to use our internal URL shortener to
obfuscate links.

-->

### PR Checklist

* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern


---

<details>
<summary> Overview of commits </summary>

  - d40243b3a37b58737bd5cbb104913ce0c2c87f3c 

</details>

Co-authored-by: cskh <hui.kang@hashicorp.com>
2023-07-14 14:02:16 +00:00
hc-github-team-consul-core 792812e196
Backport of Add docs for jwt cluster configuration into release/1.16.x (#18135)
## Backport

This PR is auto-generated from #18004 to be assessed for backporting due
to the inclusion of the label backport/1.16.



The below text is copied from the body of the original PR.

---

### Description

<!-- Please describe why you're making this change, in plain English.
-->

- Add jwt-provider docs for jwks cluster configuration. The
configuration was added here:
https://github.com/hashicorp/consul/pull/17978


---

<details>
<summary> Overview of commits </summary>

  - 1ab3c3be1e85f4b70a0eafbc875a28311f030e49 

</details>

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-07-14 11:26:38 +00:00
hc-github-team-consul-core dd4bd08431
Backport of [NET-4895] ci - api tests and consul container tests error because of dependency bugs with go 1.20.6. Pin go to 1.20.5. into release/1.16.x (#18128)
## Backport

This PR is auto-generated from #18124 to be assessed for backporting due
to the inclusion of the label backport/1.16.


🚨
>**Warning** automatic cherry-pick of commits failed. If the first
commit failed,
you will see a blank no-op commit below. If at least one commit
succeeded, you
will see the cherry-picked commits up to, _not including_, the commit
where
the merge conflict occurred.

The person who merged in the original PR is:
@jmurret
This person should manually cherry-pick the original PR into a new
backport PR,
and close this one when the manual backport PR is merged in.

> merge conflict error: POST
https://api.github.com/repos/hashicorp/consul/merges: 409 Merge conflict
[]



The below text is copied from the body of the original PR.

---

### Description
The following jobs started failing when go 1.20.6 was released:
- `go-test-api-1-19`
- `go-test-api-1-20`
- `compatibility-integration-tests`
- `upgrade-integration-tests`

`compatibility-integration-tests` and `compatibility-integration-tests`
to this testcontainers issue:
https://github.com/testcontainers/testcontainers-go/issues/1359. This
issue calls for testcontainers to release a new version when one of
their dependencies is fixed. When that is done, we will unpin the go
versions in `compatibility-integration-tests` and
`compatibility-integration-tests`.

### Testing & Reproduction steps

See these jobs broken in CI and then see them work with this PR.


---

<details>
<summary> Overview of commits </summary>

- 747195f7aaf291305681bb7d8ae070761a2aef55 -
516492420bf43427f1cf89adce4d4e222bbb5aaa -
f4d6ca19f8e543048e167b9c47528eeb0bdb656f -
a47407115e086bb5eff6b34a08839989534b505f -
8c03b36e00719b65a87d277012dea2ac08b67442 -
c50b17c46ec64dfea20f61d242e1998c804eb8f7 -
7b55f66218e3a17a0c609a1d85d45f6d1a1e6961 -
93ce5fcc61fe0292f4e0cba98c7101fbe5142139

</details>

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
2023-07-13 14:55:12 -06:00
hc-github-team-consul-core e32f25259c
backport of commit b9b58ec763ba9e5199354d44544f089a08e7aaba (#18110)
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-07-13 16:00:12 +00:00
hc-github-team-consul-core 26fc877969
backport of commit 5403b623154d48829015a53ca594f4dda625e1af (#18123)
Co-authored-by: nv-hashi <80716011+nv-hashi@users.noreply.github.com>
2023-07-12 19:44:07 -07:00
hc-github-team-consul-core ebab3dbe4e
ci: build s390x (#18118)
Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-07-12 17:00:22 -07:00
hc-github-team-consul-core 61b9465035
Backport of Docs for dataplane upgrade on k8s into release/1.16.x (#18105)
* backport of commit 0d7bee8adcf2a80aa7045ad7efcef080241f3a1e

* backport of commit 408cbe8ae0e24dd0d4947a872ebe4cc05f05805e

* backport of commit a0854784dcdc2a26bff3c5f39a687d6db73bc64a

* backport of commit 71c4c6564f78008fb653b70c4c354368423415ae

* backport of commit 0c060fa2badfe3d465065b08bdde2951f81b05a3

---------

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-12 17:11:46 +00:00
hc-github-team-consul-core 095e821209
Backport of ci: use gotestsum v1.10.1 [NET-4042] into release/1.16.x (#18094)
Co-authored-by: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>
2023-07-12 09:57:28 -07:00
hc-github-team-consul-core 021f4e472a
Backport of Passes configured role name to Vault for AWS auth in Connect CA into release/1.16.x (#18099)
* backport of commit 4034bb2b3eba81ea13bf6d3a62d27094d96ffc24

* backport of commit 9c4c3c50f07d4072bb981c16cf993118fd7f6f1d

* backport of commit 7282078993aa51915afa801bdabded0f78397cb5

---------

Co-authored-by: Tom Davies <thomas.23.davies@bt.com>
2023-07-12 15:43:36 +00:00
hc-github-team-consul-core 605bc24755
Backport of Docs: Update proxy lifecycle annotations and consul-dataplane flags into release/1.16.x (#18095)
* backport of commit 08cd1962522eec0f1747fddcb70841e1a3f88346

* backport of commit 9fd806a458b06a0e7f510edd120d1291c1c75a98

---------

Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-07-12 03:27:38 +00:00
hc-github-team-consul-core 158025537e
Backport of docs updates - cluster peering and virtual services into release/1.16.x (#18087)
* backport of commit 3ef758cefb78124d160bd69681fbb226b062e399

* backport of commit f7c54b6ce2ac3bb185a12aad5f649f4eed237cca

* backport of commit 6b2e88c154c2cab5bf6f013417d6b134171f16c0

* backport of commit 87dc79fddb162451ce9dd6d46615397dccb22dc9

* backport of commit 3d9805c133ab6dfde39cd41135a4c7f4048466b5

* backport of commit e76ec0a1937e7722edc554d96fa3e792bd1f56a0

* backport of commit 4b03ba27c1190e02af46e52261a2417534fdf3f4

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-11 23:11:53 +00:00
hc-github-team-consul-core 0cf2f4b797
Backport of Fix a couple typos in Agent Telemetry Metrics docs into release/1.16.x (#18084)
* backport of commit 58ef5fdd8f11e4e773977b48bdb6bb196a7c874d

* backport of commit 857427ae8ca887f3c8ce33bde971c1b26ac7c37e

---------

Co-authored-by: josh <josh.timmons@hashicorp.com>
2023-07-11 20:33:39 +00:00
hc-github-team-consul-core 60c14f0224
backport of commit 8ad61b4e29a8403ec49691b2f0a2c11187d56385 (#18077)
Co-authored-by: DanStough <dan.stough@hashicorp.com>
2023-07-11 15:44:44 +00:00
hc-github-team-consul-core ad7477c1a2
backport of commit 38301b5cccf5a0341393decc2af39aee40d3ec2c (#17899)
Co-authored-by: mr-miles <miles.waller@gmail.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-07-10 14:54:54 -07:00
Nathan Coleman cb3c5b901d
Update VERSION to reflect next patch release (#17913) 2023-07-10 21:31:39 +00:00
hc-github-team-consul-core 42a6d1e70f
Backport of [OSS] Fix initial_fetch_timeout to wait for all xDS resources into release/1.16.x (#18065)
* backport of commit 8a2f60ddae1a6ac561544e9cae80e9a037ad06d5

* backport of commit e17e53c93373fadedd61e904949e87c0c7d5ed26

* backport of commit d919d55c2eb4f206840f8d880edda8d5ad8c5fb4

---------

Co-authored-by: DanStough <dan.stough@hashicorp.com>
2023-07-10 21:27:56 +00:00
hc-github-team-consul-core ef9282d224
Backport of Fix removed service-to-service peering links into release/1.16.x (#18019)
* no-op commit due to failed cherry-picking

* Fix removed service-to-service peering links (#17221)

* docs: fix removed service-to-service peering links

* docs: extend peering-via-mesh-gateways intro (thanks @trujillo-adam)

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: Michael Hofer <karras@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-07-07 15:53:45 -07:00
Thomas Eckert ef09f400b5
Update Consul on Kubernetes Helm Docs (#18054)
* Render Consul K8s Helm Docs
---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-07 21:54:51 +00:00
hc-github-team-consul-core 97a57b476f
Backport of docs - add jobs use case for service mesh k8s into release/1.16.x (#18043)
* resolve conflicts
* fix backport
* address feedback

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-07 10:30:11 -07:00
hc-github-team-consul-core b8f2de3aa0
Backport of docs - add service sync annotations and k8s service weight annotation into release/1.16.x (#18036)
* backport of commit e1bf4284947af9edd36e9d6f4d2c32e2d1fe9b14

* backport of commit ddf214e638327cdf4b76d325d3c4194d6e26cee3

* backport of commit e41bd9c4e372c2b83d673d6f5c4afcfb44bdf14f

* backport of commit b9cfc86e145d0b90474a1e13f5f02ce7599d9f0f

* backport of commit 0ddf013d6c4e7d44c0c6dfff8fe0c56e5c4b6ca5

* backport of commit 1b0b513b05c1b14c9eb69f0e74f72fc7a0bba118

* backport of commit 29442ad641b0de0df9753cdd207b9f15bc76e6e5

* backport of commit 5e7ddf5c7ef764e7df8fa4f6cd03431e89e8b441

* backport of commit f2b6fa7b4362ecde79b3b8a9752da6d2774d44d8

* backport of commit 83b84a985a131c0ce2b10351f6dd5ca68cef5bf2

* backport of commit 56d81738cc8143ddec27cc5134af23da4bfc2dd8

* backport of commit 0ab44f06c7249adc8a0ba43c369c66ae1f18e8c8

* backport of commit 69c99fbccb711d32194eefd04419b854cacf8750

* backport of commit b79e1245c1bf765c97462f322c09965314317b0a

* backport of commit fb1441976be9c78a2d658b094e178a0c0f75eb5e

* backport of commit 3b7b2a04242e17fc88296fc248ba491e697697c4

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-06 20:00:56 +00:00
hc-github-team-consul-core bc18afc199
backport of commit 8d547a80b85752e74da8c37947a7cc7319710dc9 (#18034)
Co-authored-by: trujillo-adam <ajosetru@gmail.com>
2023-07-06 17:52:31 +00:00
hc-github-team-consul-core 23562dd7b5
backport of commit 7f8d860bee16e12d9b0c6ef5521f27467338deba (#18031)
Co-authored-by: trujillo-adam <ajosetru@gmail.com>
2023-07-06 16:53:39 +00:00
hc-github-team-consul-core 9d8ba91bc6
Add first integration test for jwt auth with intention (#18005) (#18029)
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-07-06 07:54:30 -04:00
hc-github-team-consul-core c8f887baeb
backport of commit 4b1ed38b417e438be061aff1b36bf93ac39458bc (#18026)
Co-authored-by: J.C. Jones <jc@letsencrypt.org>
2023-07-05 15:24:03 -07:00
hc-github-team-consul-core 083d57d742
Backport of docs: Sameness "beta" warning into release/1.16.x (#18021)
* backport of commit 73d41e410cdd9622493b1cdca2c236289a2d7973

* backport of commit 8cc5520bafed4d421aee7cad38f67f0ae78a5675

---------

Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
2023-07-05 15:04:31 -07:00
hc-github-team-consul-core 8cf72272d1
Backport of updated typo in tab heading into release/1.16.x (#18023)
* backport of commit 3b636ed4a1b44a039af7b3a8877092af7e4c6e5a

* backport of commit 7837039441193448a1d2f67ca1b3d6ce182d889f

---------

Co-authored-by: trujillo-adam <ajosetru@gmail.com>
2023-07-05 14:20:50 -07:00
hc-github-team-consul-core a83bd1c1dc
Backport of [OSS] Improve Gateway Test Coverage of Catalog Health into release/1.16.x (#18014)
* backport of commit 954bd6ab1f1a2a00f549b10ad435cdead8d2cae2

* backport of commit 85c32d8f2e7e2c3a2855fe7a8fc4d10e3865b81f

* backport of commit 7ea3d622d75b4a69b8fc51d181b79c6b170ea47a

* backport of commit 127ae69c6dc967d575929e920813e7fe0d3fdef1

* backport of commit e04099b6cdd5dc20a36a19897816069669b2ef92

---------

Co-authored-by: DanStough <dan.stough@hashicorp.com>
2023-07-05 15:36:32 -04:00
hc-github-team-consul-core 10d4009614
backport of commit 6f5d36b559c7936460ef31cbc8aa92a146294893 (#18016)
Co-authored-by: Ranjandas <thejranjan@gmail.com>
2023-07-05 18:04:14 +00:00
hc-github-team-consul-core 4045bcfef7
Backport of feat: include nodes count in operator usage endpoint and cli command into release/1.16.x (#18012)
* backport of commit 54cdccd019ce32227f679b3fdca499283fdbdf5e

* backport of commit e543f716937fabed12ae2872d242a99416846d86

---------

Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com>
2023-07-05 15:37:51 +00:00
hc-github-team-consul-core 3dcc3cb95a
backport of commit fe5c145cddd89da804d0de7d19bdc5d0d276df3b (#18010)
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-07-05 14:50:59 +00:00
hc-github-team-consul-core 810870d1c8
Backport of Integration test for ext-authz Envoy extension into release/1.16.x (#18003)
* backport of commit 6699b173136276c3b9d6bc7ed126d8f5dbd7c0a1

* resolve failed cherrypick

* remove extraneous changes to agent.go

---------

Co-authored-by: Chris Thain <chris.m.thain@gmail.com>
2023-07-04 12:45:08 -07:00
Ronald f9f2a5037f
Expose JWKS cluster config through JWTProviderConfigEntry (#17978) (#18002)
* Expose JWKS cluster config through JWTProviderConfigEntry

* fix typos, rename trustedCa to trustedCA
2023-07-04 09:53:12 -04:00
hc-github-team-consul-core 1b88ffef33
Backport of Add changelog entry for 1.16.0 into release/1.16.x (#17989)
* no-op commit due to failed cherry-picking

* Add changelog entry for 1.16.0

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-06-30 17:01:41 -04:00
hc-github-team-consul-core 7d71724913
Backport of docs: samenessGroup YAML examples into release/1.16.x (#17988)
* backport of commit c7348b32941b080ce7f5590fc080b51bc7924548

* backport of commit e4c346f0feca6f500ea3a6f71a486e3b530fc13c

---------

Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
2023-06-30 20:39:30 +00:00
hc-github-team-consul-core 1109d20262
Backport of watch: support -filter for consul watch: checks, services, nodes, service into release/1.16.x (#17965)
* backport to 1.16.x

---------

Co-authored-by: cskh <hui.kang@hashicorp.com>
2023-06-30 12:59:28 -07:00
hc-github-team-consul-core 48e7fb1bfe
Backport of update doc into release/1.16.x (#17976)
* backport of commit 91c82db42b95f66f7edc75a668a3ebd44338e74f

* backport of commit 4be71ab9413232c1ccd537c66011bb529af65d34

---------

Co-authored-by: Xinyi Wang <xinyi.wang@hashicorp.com>
2023-06-30 15:28:58 +00:00
hc-github-team-consul-core 08547ba585
backport of commit c0afba3a0c2ae093fee756a9019d49db25367d69 (#17975)
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2023-06-30 14:20:50 +00:00
hc-github-team-consul-core 5e3ad77fc0
Backport of feature - [NET - 4005] - [Supportability] Reloadable Configuration - enable_debug into release/1.16.x (#17969)
* backport of commit 10f500e895d92cc3691ade7b74a33db755d22039

* backport of commit e08c30910167fa2c6dd5a639b92338d2389457e4

* backport of commit 58638deeb3ac16b6556bba6a2b24034d7f886cce

* merge conf resolve

---------

Co-authored-by: Ashesh Vidyut <ashesh.vidyut@hashicorp.com>
Co-authored-by: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
2023-06-30 18:40:20 +05:30
hc-github-team-consul-core 8b41480c63
Backport of Fix formatting codeblocks on APIgw docs into release/1.16.x (#17972)
* backport of commit 1c8b71521297965bf04034caed10d29586084447

* backport of commit 0d690d9eb6d6f29bb2771f59c1a3c707360d92a5

---------

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-06-30 06:30:10 +00:00