* backport of commit afa1f42cc719b13074f2f286202d8f21b8000753
* backport of commit e0970025d4c2e2702af30e642b37dd5e32561756
* backport of commit 2f2aad545b1ebcae22bb481b57115a679eb539e5
* backport of commit 4a5c9c181f50343911cd30fbb0f0475e473a2c7b
---------
Co-authored-by: Ranjandas <thejranjan@gmail.com>
Co-authored-by: Chris S. Kim <kisunji92@gmail.com>
* backport of commit 93ccfe4c1195ba0ab2d12443f25d9cf29e9e4f0c
* Ensure RSA keys are at least 2048 bits in length (#17911)
* Ensure RSA keys are at least 2048 bits in length
* Add changelog
* update key length check for FIPS compliance
* Fix no new variables error and failing to return when error exists from
validating
* clean up code for better readability
* actually return value
---------
Co-authored-by: jm96441n <john.maguire@hashicorp.com>
* backport of commit 72308dd9f2a17db4c7c8ea7eabb55db3adadaa91
* backport of commit bf5d1ec2ec68fd7428027244a094baeee49d4396
* backport of commit 4ca2e4be490655948f7480cbc182c6cca7cec0a9
---------
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
* backport of commit 391db7e58b501b3ed7561fec352f2f3f5004a29f
* backport of commit f204d5b52ab80836128882a65d7d7c5e53b2fa3d
---------
Co-authored-by: Chris Thain <chris.m.thain@gmail.com>
* backport of commit d77048f1ea7136af9f627182bc79126f9472a060
* backport of commit 301de5980e7fcc8d68d16e6cdcbd5b2afea73711
* backport of commit 436bcda5ec58abbc5a65f6d244a1e1ec26beb46c
---------
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
* backport of commit 97c779b5a2308a05fde93247209fa6e9cd3fc310
* backport of commit dd56a6800bebc54dabd7883fddc22b25ca2bdb92
---------
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
* backport of commit ad6652a47b5c5f9e1b8aed673922b918f56dbfcc
* backport of commit 7a1e99b6b774257ef6e293c2d47375e3b2332b9a
---------
Co-authored-by: Matt Keeler <mjkeeler7@gmail.com>
* backport of commit 131d234bdab165d96601b8064c49ce17ee5f141a
* backport of commit 1adc48734d9347599c8a694d427c6b26e5a748a1
---------
Co-authored-by: Chris Thain <chris.m.thain@gmail.com>
* backport of commit fb2f3b61004d9ef2296b51306ddbf5b6d72679ed
* backport of commit 178abb8495ba4bb35c29a835965e3f244a385865
* backport of commit 77b399877413c6e65669659deb8962c2cc5b52f6
* backport of commit a245b326ac030f7ef3292e7bbdb58e0b2850a12f
---------
Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
* backport of commit 63e87434721824902d1bd8c7ef72456615020180
* backport of commit 896f11789b89062c745433a17dc37da5b56185fd
---------
Co-authored-by: Andrew Stucki <andrew.stucki@hashicorp.com>
* backport of commit d77784ba51fd6a5d598ea2b87cb6e36e0fed8e72
* backport of commit f5a557dd7a5995094b3af96f1c522d49acfe795b
* backport of commit 1d782d63c437ab16e30d5bd00a6b8c3cbad08845
---------
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
Ensure that the embedded api struct is properly parsed when
deserializing config containing a set ResourceFilter.Services field.
Also enhance existing integration test to guard against bugs and
exercise this field.
TLDR with many modules the versions included in each diverged quite a bit. Attempting to use Go Workspaces produces a bunch of errors.
This commit:
1. Fixes envoy-library-references.sh to work again
2. Ensures we are pulling in go-control-plane@v0.11.0 everywhere (previously it was at that version in some modules and others were much older)
3. Remove one usage of golang/protobuf that caused us to have a direct dependency on it.
4. Remove deprecated usage of the Endpoint field in the grpc resolver.Target struct. The current version of grpc (v1.55.0) has removed that field and recommended replacement with URL.Opaque and calls to the Endpoint() func when needing to consume the previous field.
4. `go work init <all the paths to go.mod files>` && `go work sync`. This syncrhonized versions of dependencies from the main workspace/root module to all submodules
5. Updated .gitignore to ignore the go.work and go.work.sum files. This seems to be standard practice at the moment.
6. Update doc comments in protoc-gen-consul-rate-limit to be go fmt compatible
7. Upgraded makefile infra to perform linting, testing and go mod tidy on all modules in a flexible manner.
8. Updated linter rules to prevent usage of golang/protobuf
9. Updated a leader peering test to account for an extra colon in a grpc error message.
When UpstreamEnvoyExtender was introduced, some code was left duplicated
between it and BasicEnvoyExtender. One path in that code panics when a
TProxy listener patch is attempted due to no upstream data in
RuntimeConfig matching the local service (which would only happen in
rare cases).
Instead, we can remove the special handling of upstream VIPs from
BasicEnvoyExtender entirely, greatly simplifying the listener filter
patch code and avoiding the panic. UpstreamEnvoyExtender, which needs
this code to function, is modified to ensure a panic does not occur.
This also fixes a second regression in which the Lua extension was not
applied to TProxy outbound listeners.
Sameness groups with default-for-failover enabled did not function properly with
tproxy whenever all instances of the service disappeared from the local cluster.
This occured, because there were no corresponding resolvers (due to the implicit
failover policy) which caused VIPs to be deallocated.
This ticket expands upon the VIP allocations so that both service-defaults and
service-intentions (without destination wildcards) will ensure that the virtual
IP exists.
This commit only contains the OSS PR (datacenter query param support).
A separate enterprise PR adds support for ap and namespace query params.
Resources in Consul can exists within scopes such as datacenters, cluster
peers, admin partitions, and namespaces. You can refer to those resources from
interfaces such as the CLI, HTTP API, DNS, and configuration files.
Some scope levels have consistent naming: cluster peers are always referred to
as "peer".
Other scope levels use a short-hand in DNS lookups...
- "ns" for namespace
- "ap" for admin partition
- "dc" for datacenter
...But use long-hand in CLI commands:
- "namespace" for namespace
- "partition" for admin partition
- and "datacenter"
However, HTTP API query parameters do not follow a consistent pattern,
supporting short-hand for some scopes but long-hand for others:
- "ns" for namespace
- "partition" for admin partition
- and "dc" for datacenter.
This inconsistency is confusing, especially for users who have been exposed to
providing scope names through another interface such as CLI or DNS queries.
This commit improves UX by consistently supporting both short-hand and
long-hand forms of the namespace, partition, and datacenter scopes in HTTP API
query parameters.
* add upstream service targeting to property override extension
* Also add baseline goldens for service specific property override extension.
* Refactor the extension framework to put more logic into the templates.
* fix up the golden tests
hc-github-team-consul-core