* backport of commit de63f65b1c4f605c4529f38763cd1e15ad94e082
* backport of commit f6c0fff6cea9afd69e323a9454a54eb7299eef05
---------
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
* no-op commit due to failed cherry-picking
* [NET-4897] net/http host header is now verified and request.host that contains socked now error (#18129)
### Description
This is related to https://github.com/hashicorp/consul/pull/18124 where
we pinned the go versions in CI to 1.20.5 and 1.19.10.
go 1.20.6 and 1.19.11 now validate request host headers for validity,
including the hostname cannot be prefixed with slashes.
For local communications (npipe://, unix://), the hostname is not used,
but we need valid and meaningful hostname. Prior versions go Go would
clean the host header, and strip slashes in the process, but go1.20.6
and go1.19.11 no longer do, and reject the host header. Around the
community we are seeing that others are intercepting the req.host and if
it starts with a slash or ends with .sock, they changing the host to
localhost or another dummy value.
[client: define a "dummy" hostname to use for local connections by
thaJeztah · Pull Request #45942 ·
moby/moby](https://github.com/moby/moby/pull/45942)
### Testing & Reproduction steps
Check CI tests.
### Links
* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern
---------
Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
## Backport
This PR is auto-generated from #18124 to be assessed for backporting due
to the inclusion of the label backport/1.16.
🚨
>**Warning** automatic cherry-pick of commits failed. If the first
commit failed,
you will see a blank no-op commit below. If at least one commit
succeeded, you
will see the cherry-picked commits up to, _not including_, the commit
where
the merge conflict occurred.
The person who merged in the original PR is:
@jmurret
This person should manually cherry-pick the original PR into a new
backport PR,
and close this one when the manual backport PR is merged in.
> merge conflict error: POST
https://api.github.com/repos/hashicorp/consul/merges: 409 Merge conflict
[]
The below text is copied from the body of the original PR.
---
### Description
The following jobs started failing when go 1.20.6 was released:
- `go-test-api-1-19`
- `go-test-api-1-20`
- `compatibility-integration-tests`
- `upgrade-integration-tests`
`compatibility-integration-tests` and `compatibility-integration-tests`
to this testcontainers issue:
https://github.com/testcontainers/testcontainers-go/issues/1359. This
issue calls for testcontainers to release a new version when one of
their dependencies is fixed. When that is done, we will unpin the go
versions in `compatibility-integration-tests` and
`compatibility-integration-tests`.
### Testing & Reproduction steps
See these jobs broken in CI and then see them work with this PR.
---
<details>
<summary> Overview of commits </summary>
- 747195f7aaf291305681bb7d8ae070761a2aef55 -
516492420bf43427f1cf89adce4d4e222bbb5aaa -
f4d6ca19f8e543048e167b9c47528eeb0bdb656f -
a47407115e086bb5eff6b34a08839989534b505f -
8c03b36e00719b65a87d277012dea2ac08b67442 -
c50b17c46ec64dfea20f61d242e1998c804eb8f7 -
7b55f66218e3a17a0c609a1d85d45f6d1a1e6961 -
93ce5fcc61fe0292f4e0cba98c7101fbe5142139
</details>
---------
Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
* WIP
* ci:upload test results to datadog
* fix use of envvar in expression
* getting correct permission in reusable-unit.yml
* getting correct permission in reusable-unit.yml
* fixing DATADOG_API_KEY envvar expresssion
* pass datadog-api-key
* removing type from datadog-api-key
* remove test splitting from compatibility-integration-tests
* enable on push
* remove ipv6 loopback fix
* re-add ipv6 loopback fix
* remove test splitting from upgrade-integration-tests
* remove test splitting from upgrade-integration-tests
* put test splitting back in for upgrade tests
* upgrade-integration tests-o
ne runner no retries
* update go version to 1.20.3
* add changelog
* rename changelog file to remove underscore
* update to use 1.20.4
* update change log entry to reflect 1.20.4
* upgrade test: use docker.mirror.hashicorp.services to avoid docker login
* upgrade tests: remove docker login
Signed-off-by: Dan Bond <danbond@protonmail.com>
---------
Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
* TProxy integration test
* Fix GHA compatibility integration test command
Previously, when test splitting allocated multiple test directories to a
runner, the workflow ran `go tests "./test/dir1 ./test/dir2"` which
results in a directory not found error. This fixes that.
* Fix straggler from renaming Register->RegisterTypes
* somehow a lint failure got through previously
* Fix lint-consul-retry errors
* adding in fix for success jobs getting skipped. (#17132)
* Temporarily disable inmem backend conformance test to get green pipeline
* Another test needs disabling
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* fix runner calculation to exclude the top level directory as part of the calculation
* fix the logic for generating the directories/functions
* De-scope tenenacy requirements to OSS only for now. (#17087)
Partition and namespace must be "default"
Peername must be "local"
* Fix virtual services being included in intention topology as downstreams. (#17099)
* Merge pull request #5200 from hashicorp/NET-3758 (#17102)
* Merge pull request #5200 from hashicorp/NET-3758
NET-3758: connect: update supported envoy versions to 1.26.0
* lint
* CI: remove uneeded AWS creds from test-integrations (#17104)
* Update test-integrations.yml
* removing permission lies now that vault is not used in this job.
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* update based on feedback
---------
Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
* Update test-integrations.yml
* removing permission lies now that vault is not used in this job.
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* use proper TOTAL_RUNNER setting when generating runner matrix. if matrix size is smaller than total_runners, use the smaller number
* try again
* try again 2
* try again 3
* try again 4
* try again 5
* try scenario where number is less
* reset
* get rid of cat "$GITHUB_OUTPUT"
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* removing push trigger that was added for debug
---------
Co-authored-by: Dan Bond <danbond@protonmail.com>
* add test-integrations workflow
* add test-integrations success job
* update vault integration testing versions (#16949)
* change parallelism to 4 forgotestsum. use env.CONSUL_VERSION so we can see the version.
* use env for repeated values
* match test to circleci
* fix envvar
* fix envvar 2
* fix envvar 3
* fix envvar 4
* fix envvar 5
* make upgrade and compatibility tests match circleci
* run go env to check environment
* debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* revert debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* going back to command that worked 5 days ago for compatibility tests
* Update Envoy versions to reflect changes in #16889
* cd to test dir
* try running ubuntu latest
* update PR with latest changes that work in enterprise
* yaml still sucks
* test GH fix (localhost resolution)
* change for testing
* test splitting and ipv6 lookup for compatibility and upgrade tests
* fix indention
* consul as image name
* remove the on push
* add gotestsum back in
* removing the use of the gotestsum download action
* yaml sucks today just like yesterday
* fixing nomad tests
* worked out the kinks on enterprise
---------
Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Eikenberry <jae@zhar.net>
Co-authored-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
* Add go-tests-success job and make go-test-enterprise conditional
* fixing lint-32bit reference
* fixing reference to -go-test-troubleshoot
* add all jobs that fan out.
* fixing success job to need set up
* add echo to success job
* adding success jobs to build-artifacts, build-distros, and frontend.
* changing the name of the job in verify ci to be consistent with other workflows
* enable go-tests, build-distros, and verify-ci to run on merge to main and release branches because they currently do not with just the pull_request trigger