Commit Graph

20405 Commits

Author SHA1 Message Date
hc-github-team-consul-core c524e23540
Backport of Change docs to say 168h instead of 7d for server_rejoin_age_max into release/1.16.x (#18156)
## Backport

This PR is auto-generated from #18154 to be assessed for backporting due
to the inclusion of the label backport/1.16.



The below text is copied from the body of the original PR.

---

### Description

Addresses
https://github.com/hashicorp/consul/pull/17171#issuecomment-1636930705
 
### Testing & Reproduction steps

<!--

* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions
to replicate
* Call out any important/ relevant unit tests, e2e tests or integration
tests you have added or are adding

-->

### Links

<!--

Include any links here that might be helpful for people reviewing your
PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc).
If there are none, feel free to delete this section.

Please be mindful not to leak any customer or confidential information.
HashiCorp employees may want to use our internal URL shortener to
obfuscate links.

-->

### PR Checklist

* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern


---

<details>
<summary> Overview of commits </summary>

  - f5a6411ce7cbda9dddc506b731210d4ebda6bdb1 

</details>

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-17 17:12:38 +00:00
hc-github-team-consul-core db4b2cb577
Backport of Use JWT-auth filter in metadata mode & Delegate validation to RBAC filter into release/1.16.x (#18153)
## Backport

This PR is auto-generated from #18062 to be assessed for backporting due
to the inclusion of the label backport/1.16.



The below text is copied from the body of the original PR.

---

### Description

<!-- Please describe why you're making this change, in plain English.
-->

- Currently the jwt-auth filter doesn't take into account the service
identity when validating jwt-auth, it only takes into account the path
and jwt provider during validation. This causes issues when multiple
source intentions restrict access to an endpoint with different JWT
providers.
- To fix these issues, rather than use the JWT auth filter for
validation, we use it in metadata mode and allow it to forward the
successful validated JWT token payload to the RBAC filter which will
make the decisions.

This PR ensures requests with and without JWT tokens successfully go
through the jwt-authn filter. The filter however only forwards the data
for successful/valid tokens. On the RBAC filter level, we check the
payload for claims and token issuer + existing rbac rules.

### Testing & Reproduction steps

<!--

* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions
to replicate
* Call out any important/ relevant unit tests, e2e tests or integration
tests you have added or are adding

-->

- This test covers a multi level jwt requirements (requirements at top
level and permissions level). It also assumes you have envoy running,
you have a redis and a sidecar proxy service registered, and have a way
to generate jwks with jwt. I mostly use:
https://www.scottbrady91.com/tools/jwt for this.

- first write your proxy defaults
```
Kind = "proxy-defaults"
name = "global"
config {
  protocol = "http"
}
```
- Create two providers 
```
Kind = "jwt-provider"
Name = "auth0"
Issuer = "https://ronald.local"

JSONWebKeySet = {
    Local = {
     JWKS = "eyJrZXlzIjog....."
    }
}
```

```
Kind = "jwt-provider"
Name = "okta"
Issuer = "https://ronald.local"

JSONWebKeySet = {
   Local = {
     JWKS = "eyJrZXlzIjogW3...."
    }
}
```

- add a service intention
```
Kind = "service-intentions"
Name = "redis"

JWT = {
  Providers = [
    {
      Name = "okta"
    },
  ]
}

Sources = [
  {
    Name = "*"
    Permissions = [{
      Action = "allow"
      HTTP = {
        PathPrefix = "/workspace"
      }
      JWT = {
        Providers = [
          {
            Name = "okta"
            VerifyClaims = [
              {
                  Path = ["aud"]
                  Value = "my_client_app"
              },
              {
                Path = ["sub"]
                Value = "5be86359073c434bad2da3932222dabe"
              }
            ]
          },
        ]
      }

    },
    {
      Action = "allow"
      HTTP = {
        PathPrefix = "/"
      }
      JWT = {
        Providers = [
          {
            Name = "auth0"
          },
        ]
      }

    }]
  }
]
```
- generate 3 jwt tokens: 1 from auth0 jwks, 1 from okta jwks with
different claims than `/workspace` expects and 1 with correct claims
- connect to your envoy (change service and address as needed) to view
logs and potential errors. You can add: `-- --log-level debug` to see
what data is being forwarded
```
consul connect envoy -sidecar-for redis1 -grpc-addr 127.0.0.1:8502
```
- Make the following requests: 
```
curl -s -H "Authorization: Bearer $Auth0_TOKEN" --insecure --cert leaf.cert --key leaf.key --cacert connect-ca.pem https://localhost:20000/workspace -v

RBAC filter denied

curl -s -H "Authorization: Bearer $Okta_TOKEN_with_wrong_claims" --insecure --cert leaf.cert --key leaf.key --cacert connect-ca.pem https://localhost:20000/workspace -v

RBAC filter denied

curl -s -H "Authorization: Bearer $Okta_TOKEN_with_correct_claims" --insecure --cert leaf.cert --key leaf.key --cacert connect-ca.pem https://localhost:20000/workspace -v

Successful request
```


### TODO

* [x] Update test coverage
* [ ] update integration tests (follow-up PR)
* [x] appropriate backport labels added


---

<details>
<summary> Overview of commits </summary>

  - 70536f5a38507d7468f62d00dd93a6968a3d9cf3 

</details>

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-07-17 15:50:21 +00:00
hc-github-team-consul-core 2a31583727
Backport of Add ingress gateway deprecation notices to docs into release/1.16.x (#18131)
## Backport

This PR is auto-generated from #18102 to be assessed for backporting due
to the inclusion of the label backport/1.16.



The below text is copied from the body of the original PR.

---

### Description

This adds notices, that ingress gateway is deprecated, to several places
in the product docs where ingress gateway is the topic.

### Testing & Reproduction steps

Tested with a local copy of the website.

### Links

Deprecation of ingress gateway was announced in the Release Notes for
Consul 1.16 and Consul-K8s 1.2. See:

[https://developer.hashicorp.com/consul/docs/release-notes/consul/v1_16_x#what-s-deprecated](https://developer.hashicorp.com/consul/docs/release-notes/consul/v1_16_x#what-s-deprecated
)

[https://developer.hashicorp.com/consul/docs/release-notes/consul-k8s/v1_2_x#what-s-deprecated](https://developer.hashicorp.com/consul/docs/release-notes/consul-k8s/v1_2_x#what-s-deprecated)

### PR Checklist

* [N/A] updated test coverage
* [X] external facing docs updated
* [X] appropriate backport labels added
* [X] not a security concern


---

<details>
<summary> Overview of commits </summary>

- 8aa89b446cc5259e2bbbb0377f39bb614d5d508d -
8500ad0f7da36098bdc1ddb0abec12915f90d6f1 -
4a7777930a814ec0737968b2157ecbf4635d743c

</details>

---------

Co-authored-by: Jeff-Apple <79924108+Jeff-Apple@users.noreply.github.com>
2023-07-14 17:29:39 +00:00
hc-github-team-consul-core ceb0bb6724
Backport of Docs: fix unmatched bracket for health checks page into release/1.16.x (#18137)
## Backport

This PR is auto-generated from #18134 to be assessed for backporting due
to the inclusion of the label backport/1.16.



The below text is copied from the body of the original PR.

---

### Description

- Fix unmatched bracket in the
[doc](https://developer.hashicorp.com/consul/docs/services/usage/checks#ttl-check-configuration)
(see the following screenshot of the page)

<img width="618" alt="Screenshot 2023-07-13 at 9 01 19 PM"
src="https://github.com/hashicorp/consul/assets/463631/20707735-906f-4b06-999d-44e6329a9fec">


### Testing & Reproduction steps

<!--

* In the case of bugs, describe how to replicate
* If any manual tests were done, document the steps and the conditions
to replicate
* Call out any important/ relevant unit tests, e2e tests or integration
tests you have added or are adding

-->

### Links



<!--

Include any links here that might be helpful for people reviewing your
PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc).
If there are none, feel free to delete this section.

Please be mindful not to leak any customer or confidential information.
HashiCorp employees may want to use our internal URL shortener to
obfuscate links.

-->

### PR Checklist

* [ ] updated test coverage
* [ ] external facing docs updated
* [ ] appropriate backport labels added
* [ ] not a security concern


---

<details>
<summary> Overview of commits </summary>

  - d40243b3a37b58737bd5cbb104913ce0c2c87f3c 

</details>

Co-authored-by: cskh <hui.kang@hashicorp.com>
2023-07-14 14:02:16 +00:00
hc-github-team-consul-core 792812e196
Backport of Add docs for jwt cluster configuration into release/1.16.x (#18135)
## Backport

This PR is auto-generated from #18004 to be assessed for backporting due
to the inclusion of the label backport/1.16.



The below text is copied from the body of the original PR.

---

### Description

<!-- Please describe why you're making this change, in plain English.
-->

- Add jwt-provider docs for jwks cluster configuration. The
configuration was added here:
https://github.com/hashicorp/consul/pull/17978


---

<details>
<summary> Overview of commits </summary>

  - 1ab3c3be1e85f4b70a0eafbc875a28311f030e49 

</details>

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-07-14 11:26:38 +00:00
hc-github-team-consul-core dd4bd08431
Backport of [NET-4895] ci - api tests and consul container tests error because of dependency bugs with go 1.20.6. Pin go to 1.20.5. into release/1.16.x (#18128)
## Backport

This PR is auto-generated from #18124 to be assessed for backporting due
to the inclusion of the label backport/1.16.


🚨
>**Warning** automatic cherry-pick of commits failed. If the first
commit failed,
you will see a blank no-op commit below. If at least one commit
succeeded, you
will see the cherry-picked commits up to, _not including_, the commit
where
the merge conflict occurred.

The person who merged in the original PR is:
@jmurret
This person should manually cherry-pick the original PR into a new
backport PR,
and close this one when the manual backport PR is merged in.

> merge conflict error: POST
https://api.github.com/repos/hashicorp/consul/merges: 409 Merge conflict
[]



The below text is copied from the body of the original PR.

---

### Description
The following jobs started failing when go 1.20.6 was released:
- `go-test-api-1-19`
- `go-test-api-1-20`
- `compatibility-integration-tests`
- `upgrade-integration-tests`

`compatibility-integration-tests` and `compatibility-integration-tests`
to this testcontainers issue:
https://github.com/testcontainers/testcontainers-go/issues/1359. This
issue calls for testcontainers to release a new version when one of
their dependencies is fixed. When that is done, we will unpin the go
versions in `compatibility-integration-tests` and
`compatibility-integration-tests`.

### Testing & Reproduction steps

See these jobs broken in CI and then see them work with this PR.


---

<details>
<summary> Overview of commits </summary>

- 747195f7aaf291305681bb7d8ae070761a2aef55 -
516492420bf43427f1cf89adce4d4e222bbb5aaa -
f4d6ca19f8e543048e167b9c47528eeb0bdb656f -
a47407115e086bb5eff6b34a08839989534b505f -
8c03b36e00719b65a87d277012dea2ac08b67442 -
c50b17c46ec64dfea20f61d242e1998c804eb8f7 -
7b55f66218e3a17a0c609a1d85d45f6d1a1e6961 -
93ce5fcc61fe0292f4e0cba98c7101fbe5142139

</details>

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: John Murret <john.murret@hashicorp.com>
Co-authored-by: Chris Thain <32781396+cthain@users.noreply.github.com>
2023-07-13 14:55:12 -06:00
hc-github-team-consul-core e32f25259c
backport of commit b9b58ec763ba9e5199354d44544f089a08e7aaba (#18110)
Co-authored-by: John Murret <john.murret@hashicorp.com>
2023-07-13 16:00:12 +00:00
hc-github-team-consul-core 26fc877969
backport of commit 5403b623154d48829015a53ca594f4dda625e1af (#18123)
Co-authored-by: nv-hashi <80716011+nv-hashi@users.noreply.github.com>
2023-07-12 19:44:07 -07:00
hc-github-team-consul-core ebab3dbe4e
ci: build s390x (#18118)
Co-authored-by: Dan Bond <danbond@protonmail.com>
2023-07-12 17:00:22 -07:00
hc-github-team-consul-core 61b9465035
Backport of Docs for dataplane upgrade on k8s into release/1.16.x (#18105)
* backport of commit 0d7bee8adcf2a80aa7045ad7efcef080241f3a1e

* backport of commit 408cbe8ae0e24dd0d4947a872ebe4cc05f05805e

* backport of commit a0854784dcdc2a26bff3c5f39a687d6db73bc64a

* backport of commit 71c4c6564f78008fb653b70c4c354368423415ae

* backport of commit 0c060fa2badfe3d465065b08bdde2951f81b05a3

---------

Co-authored-by: Luke Kysow <1034429+lkysow@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-12 17:11:46 +00:00
hc-github-team-consul-core 095e821209
Backport of ci: use gotestsum v1.10.1 [NET-4042] into release/1.16.x (#18094)
Co-authored-by: Nick Irvine <115657443+nfi-hashicorp@users.noreply.github.com>
2023-07-12 09:57:28 -07:00
hc-github-team-consul-core 021f4e472a
Backport of Passes configured role name to Vault for AWS auth in Connect CA into release/1.16.x (#18099)
* backport of commit 4034bb2b3eba81ea13bf6d3a62d27094d96ffc24

* backport of commit 9c4c3c50f07d4072bb981c16cf993118fd7f6f1d

* backport of commit 7282078993aa51915afa801bdabded0f78397cb5

---------

Co-authored-by: Tom Davies <thomas.23.davies@bt.com>
2023-07-12 15:43:36 +00:00
hc-github-team-consul-core 605bc24755
Backport of Docs: Update proxy lifecycle annotations and consul-dataplane flags into release/1.16.x (#18095)
* backport of commit 08cd1962522eec0f1747fddcb70841e1a3f88346

* backport of commit 9fd806a458b06a0e7f510edd120d1291c1c75a98

---------

Co-authored-by: Curt Bushko <cbushko@gmail.com>
2023-07-12 03:27:38 +00:00
hc-github-team-consul-core 158025537e
Backport of docs updates - cluster peering and virtual services into release/1.16.x (#18087)
* backport of commit 3ef758cefb78124d160bd69681fbb226b062e399

* backport of commit f7c54b6ce2ac3bb185a12aad5f649f4eed237cca

* backport of commit 6b2e88c154c2cab5bf6f013417d6b134171f16c0

* backport of commit 87dc79fddb162451ce9dd6d46615397dccb22dc9

* backport of commit 3d9805c133ab6dfde39cd41135a4c7f4048466b5

* backport of commit e76ec0a1937e7722edc554d96fa3e792bd1f56a0

* backport of commit 4b03ba27c1190e02af46e52261a2417534fdf3f4

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-11 23:11:53 +00:00
hc-github-team-consul-core 0cf2f4b797
Backport of Fix a couple typos in Agent Telemetry Metrics docs into release/1.16.x (#18084)
* backport of commit 58ef5fdd8f11e4e773977b48bdb6bb196a7c874d

* backport of commit 857427ae8ca887f3c8ce33bde971c1b26ac7c37e

---------

Co-authored-by: josh <josh.timmons@hashicorp.com>
2023-07-11 20:33:39 +00:00
hc-github-team-consul-core 60c14f0224
backport of commit 8ad61b4e29a8403ec49691b2f0a2c11187d56385 (#18077)
Co-authored-by: DanStough <dan.stough@hashicorp.com>
2023-07-11 15:44:44 +00:00
hc-github-team-consul-core ad7477c1a2
backport of commit 38301b5cccf5a0341393decc2af39aee40d3ec2c (#17899)
Co-authored-by: mr-miles <miles.waller@gmail.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-07-10 14:54:54 -07:00
Nathan Coleman cb3c5b901d
Update VERSION to reflect next patch release (#17913) 2023-07-10 21:31:39 +00:00
hc-github-team-consul-core 42a6d1e70f
Backport of [OSS] Fix initial_fetch_timeout to wait for all xDS resources into release/1.16.x (#18065)
* backport of commit 8a2f60ddae1a6ac561544e9cae80e9a037ad06d5

* backport of commit e17e53c93373fadedd61e904949e87c0c7d5ed26

* backport of commit d919d55c2eb4f206840f8d880edda8d5ad8c5fb4

---------

Co-authored-by: DanStough <dan.stough@hashicorp.com>
2023-07-10 21:27:56 +00:00
hc-github-team-consul-core ef9282d224
Backport of Fix removed service-to-service peering links into release/1.16.x (#18019)
* no-op commit due to failed cherry-picking

* Fix removed service-to-service peering links (#17221)

* docs: fix removed service-to-service peering links

* docs: extend peering-via-mesh-gateways intro (thanks @trujillo-adam)

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: Michael Hofer <karras@users.noreply.github.com>
Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-07-07 15:53:45 -07:00
Thomas Eckert ef09f400b5
Update Consul on Kubernetes Helm Docs (#18054)
* Render Consul K8s Helm Docs
---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-07 21:54:51 +00:00
hc-github-team-consul-core 97a57b476f
Backport of docs - add jobs use case for service mesh k8s into release/1.16.x (#18043)
* resolve conflicts
* fix backport
* address feedback

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-07 10:30:11 -07:00
hc-github-team-consul-core b8f2de3aa0
Backport of docs - add service sync annotations and k8s service weight annotation into release/1.16.x (#18036)
* backport of commit e1bf4284947af9edd36e9d6f4d2c32e2d1fe9b14

* backport of commit ddf214e638327cdf4b76d325d3c4194d6e26cee3

* backport of commit e41bd9c4e372c2b83d673d6f5c4afcfb44bdf14f

* backport of commit b9cfc86e145d0b90474a1e13f5f02ce7599d9f0f

* backport of commit 0ddf013d6c4e7d44c0c6dfff8fe0c56e5c4b6ca5

* backport of commit 1b0b513b05c1b14c9eb69f0e74f72fc7a0bba118

* backport of commit 29442ad641b0de0df9753cdd207b9f15bc76e6e5

* backport of commit 5e7ddf5c7ef764e7df8fa4f6cd03431e89e8b441

* backport of commit f2b6fa7b4362ecde79b3b8a9752da6d2774d44d8

* backport of commit 83b84a985a131c0ce2b10351f6dd5ca68cef5bf2

* backport of commit 56d81738cc8143ddec27cc5134af23da4bfc2dd8

* backport of commit 0ab44f06c7249adc8a0ba43c369c66ae1f18e8c8

* backport of commit 69c99fbccb711d32194eefd04419b854cacf8750

* backport of commit b79e1245c1bf765c97462f322c09965314317b0a

* backport of commit fb1441976be9c78a2d658b094e178a0c0f75eb5e

* backport of commit 3b7b2a04242e17fc88296fc248ba491e697697c4

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-07-06 20:00:56 +00:00
hc-github-team-consul-core bc18afc199
backport of commit 8d547a80b85752e74da8c37947a7cc7319710dc9 (#18034)
Co-authored-by: trujillo-adam <ajosetru@gmail.com>
2023-07-06 17:52:31 +00:00
hc-github-team-consul-core 23562dd7b5
backport of commit 7f8d860bee16e12d9b0c6ef5521f27467338deba (#18031)
Co-authored-by: trujillo-adam <ajosetru@gmail.com>
2023-07-06 16:53:39 +00:00
hc-github-team-consul-core 9d8ba91bc6
Add first integration test for jwt auth with intention (#18005) (#18029)
Co-authored-by: Ronald <roncodingenthusiast@users.noreply.github.com>
2023-07-06 07:54:30 -04:00
hc-github-team-consul-core c8f887baeb
backport of commit 4b1ed38b417e438be061aff1b36bf93ac39458bc (#18026)
Co-authored-by: J.C. Jones <jc@letsencrypt.org>
2023-07-05 15:24:03 -07:00
hc-github-team-consul-core 083d57d742
Backport of docs: Sameness "beta" warning into release/1.16.x (#18021)
* backport of commit 73d41e410cdd9622493b1cdca2c236289a2d7973

* backport of commit 8cc5520bafed4d421aee7cad38f67f0ae78a5675

---------

Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
2023-07-05 15:04:31 -07:00
hc-github-team-consul-core 8cf72272d1
Backport of updated typo in tab heading into release/1.16.x (#18023)
* backport of commit 3b636ed4a1b44a039af7b3a8877092af7e4c6e5a

* backport of commit 7837039441193448a1d2f67ca1b3d6ce182d889f

---------

Co-authored-by: trujillo-adam <ajosetru@gmail.com>
2023-07-05 14:20:50 -07:00
hc-github-team-consul-core a83bd1c1dc
Backport of [OSS] Improve Gateway Test Coverage of Catalog Health into release/1.16.x (#18014)
* backport of commit 954bd6ab1f1a2a00f549b10ad435cdead8d2cae2

* backport of commit 85c32d8f2e7e2c3a2855fe7a8fc4d10e3865b81f

* backport of commit 7ea3d622d75b4a69b8fc51d181b79c6b170ea47a

* backport of commit 127ae69c6dc967d575929e920813e7fe0d3fdef1

* backport of commit e04099b6cdd5dc20a36a19897816069669b2ef92

---------

Co-authored-by: DanStough <dan.stough@hashicorp.com>
2023-07-05 15:36:32 -04:00
hc-github-team-consul-core 10d4009614
backport of commit 6f5d36b559c7936460ef31cbc8aa92a146294893 (#18016)
Co-authored-by: Ranjandas <thejranjan@gmail.com>
2023-07-05 18:04:14 +00:00
hc-github-team-consul-core 4045bcfef7
Backport of feat: include nodes count in operator usage endpoint and cli command into release/1.16.x (#18012)
* backport of commit 54cdccd019ce32227f679b3fdca499283fdbdf5e

* backport of commit e543f716937fabed12ae2872d242a99416846d86

---------

Co-authored-by: Poonam Jadhav <poonam.jadhav@hashicorp.com>
2023-07-05 15:37:51 +00:00
hc-github-team-consul-core 3dcc3cb95a
backport of commit fe5c145cddd89da804d0de7d19bdc5d0d276df3b (#18010)
Co-authored-by: Derek Menteer <derek.menteer@hashicorp.com>
2023-07-05 14:50:59 +00:00
hc-github-team-consul-core 810870d1c8
Backport of Integration test for ext-authz Envoy extension into release/1.16.x (#18003)
* backport of commit 6699b173136276c3b9d6bc7ed126d8f5dbd7c0a1

* resolve failed cherrypick

* remove extraneous changes to agent.go

---------

Co-authored-by: Chris Thain <chris.m.thain@gmail.com>
2023-07-04 12:45:08 -07:00
Ronald f9f2a5037f
Expose JWKS cluster config through JWTProviderConfigEntry (#17978) (#18002)
* Expose JWKS cluster config through JWTProviderConfigEntry

* fix typos, rename trustedCa to trustedCA
2023-07-04 09:53:12 -04:00
hc-github-team-consul-core 1b88ffef33
Backport of Add changelog entry for 1.16.0 into release/1.16.x (#17989)
* no-op commit due to failed cherry-picking

* Add changelog entry for 1.16.0

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
2023-06-30 17:01:41 -04:00
hc-github-team-consul-core 7d71724913
Backport of docs: samenessGroup YAML examples into release/1.16.x (#17988)
* backport of commit c7348b32941b080ce7f5590fc080b51bc7924548

* backport of commit e4c346f0feca6f500ea3a6f71a486e3b530fc13c

---------

Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
2023-06-30 20:39:30 +00:00
hc-github-team-consul-core 1109d20262
Backport of watch: support -filter for consul watch: checks, services, nodes, service into release/1.16.x (#17965)
* backport to 1.16.x

---------

Co-authored-by: cskh <hui.kang@hashicorp.com>
2023-06-30 12:59:28 -07:00
hc-github-team-consul-core 48e7fb1bfe
Backport of update doc into release/1.16.x (#17976)
* backport of commit 91c82db42b95f66f7edc75a668a3ebd44338e74f

* backport of commit 4be71ab9413232c1ccd537c66011bb529af65d34

---------

Co-authored-by: Xinyi Wang <xinyi.wang@hashicorp.com>
2023-06-30 15:28:58 +00:00
hc-github-team-consul-core 08547ba585
backport of commit c0afba3a0c2ae093fee756a9019d49db25367d69 (#17975)
Co-authored-by: Chris S. Kim <ckim@hashicorp.com>
2023-06-30 14:20:50 +00:00
hc-github-team-consul-core 5e3ad77fc0
Backport of feature - [NET - 4005] - [Supportability] Reloadable Configuration - enable_debug into release/1.16.x (#17969)
* backport of commit 10f500e895d92cc3691ade7b74a33db755d22039

* backport of commit e08c30910167fa2c6dd5a639b92338d2389457e4

* backport of commit 58638deeb3ac16b6556bba6a2b24034d7f886cce

* merge conf resolve

---------

Co-authored-by: Ashesh Vidyut <ashesh.vidyut@hashicorp.com>
Co-authored-by: Ashesh Vidyut <134911583+absolutelightning@users.noreply.github.com>
2023-06-30 18:40:20 +05:30
hc-github-team-consul-core 8b41480c63
Backport of Fix formatting codeblocks on APIgw docs into release/1.16.x (#17972)
* backport of commit 1c8b71521297965bf04034caed10d29586084447

* backport of commit 0d690d9eb6d6f29bb2771f59c1a3c707360d92a5

---------

Co-authored-by: Tu Nguyen <im2nguyen@gmail.com>
2023-06-30 06:30:10 +00:00
hc-github-team-consul-core 5be3ee444e
Backport of Propose new changes to APIgw upgrade instructions into release/1.16.x (#17909)
* no-op commit due to failed cherry-picking

* address merge conflict

---------

Co-authored-by: temp <temp@hashicorp.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-06-29 21:44:24 -07:00
hc-github-team-consul-core aa6b431226
backport of commit ff6b620db7d6a28b70aee9456c86bf5d40481432 (#17924)
Co-authored-by: natemollica-dev <57850649+natemollica-nm@users.noreply.github.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
2023-06-30 03:08:21 +00:00
hc-github-team-consul-core 398a0e44d4
backport of commit f3adf49725e5492c3c8ac381aa6b218eee9c9978 (#17963)
Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-06-29 20:49:01 +00:00
hc-github-team-consul-core 1356d76666
Backport of Fix streaming backend link into release/1.16.x (#17961)
* backport of commit 4f7d21da6cc2b314f82e92958dc215f25a023cb9

* backport of commit d1ba0e877c5713112dd77a2b1f8b16e34ea6c456

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-06-29 19:39:19 +00:00
hc-github-team-consul-core 4ac0984925
backport of commit 807c08009129b98c75a01e7d6b2110840a43f824 (#17956)
Co-authored-by: jm96441n <john.maguire@hashicorp.com>
2023-06-29 18:28:31 +00:00
hc-github-team-consul-core 2c25a7ecad
Backport of Fixes Secondary ConnectCA update into release/1.16.x (#17954)
* backport of commit afa1f42cc719b13074f2f286202d8f21b8000753

* backport of commit e0970025d4c2e2702af30e642b37dd5e32561756

* backport of commit 2f2aad545b1ebcae22bb481b57115a679eb539e5

* backport of commit 4a5c9c181f50343911cd30fbb0f0475e473a2c7b

---------

Co-authored-by: Ranjandas <thejranjan@gmail.com>
Co-authored-by: Chris S. Kim <kisunji92@gmail.com>
2023-06-29 14:43:21 +00:00
hc-github-team-consul-core 4cad4922a0
Backport of docs: Deprecations for connect-native SDK and specific connect native APIs into release/1.16.x (#17941)
* backport of commit a8658bf7c88722c0b88481637c213ce838eb3c7c

* backport of commit 966673b5fe20854f815211fe97cfff30056a002d

* backport of commit 7cea575b3a5c28f014fb35c42f46079ccbeaeef0

* backport of commit 17e57a3abe52c19d323c4159b1521788298e8216

* backport of commit 86a7dc34657c4434cb89077fff95217744e596e5

* backport of commit 7f541fffaabb377de97e13b20e8052b9573643df

* backport of commit 4e46d282ff8f24418321e32924c466762dd3f459

* backport of commit 72d7b61634ffc539f4c5a70de6c648a51a74c9f4

* backport of commit 2b6169f7cb3bd374ce0a378fc174268790dd1d4b

* backport of commit b94a833ec952979e9fc7d6518ce30897b3477323

* backport of commit 74e0ec2a05ead2da243086dedab606ff16185afe

* backport of commit be0167b4920f2406f53f326780fff2f7633734d7

* backport of commit a92a3088b4d5431fc6668c1859cd46301e44af8e

* backport of commit 4b02d312d718ac9ea265d8d39463a7625e659c51

* backport of commit f131207d42ce1684a49e18c4096def2fa6d68a82

* backport of commit 3f0be37f49b0b006e5d9ecdba8e9a4af8c933230

* backport of commit 29ed7aaf6f7e080e41e896111b9f25b95af880a7

* backport of commit 8ae546707beaf3a52c28f2e5d8a9d85b965ee93c

* backport of commit 8ed74fcf442dd8cf5e9abb8317d106564c47cfd1

* backport of commit 36537bafb6962d2f966da754a19cbc6a23ef2535

* backport of commit ef7599d7789a216e688a4663538b2e9d06f82c07

---------

Co-authored-by: David Yu <dyu@hashicorp.com>
2023-06-28 19:58:47 +00:00
hc-github-team-consul-core 54ace0e072
Backport of Ensure RSA keys are at least 2048 bits in length into release/1.16.x (#17935)
* backport of commit 93ccfe4c1195ba0ab2d12443f25d9cf29e9e4f0c

* Ensure RSA keys are at least 2048 bits in length (#17911)

* Ensure RSA keys are at least 2048 bits in length

* Add changelog

* update key length check for FIPS compliance

* Fix no new variables error and failing to return when error exists from
validating

* clean up code for better readability

* actually return value

---------

Co-authored-by: jm96441n <john.maguire@hashicorp.com>
2023-06-28 17:36:38 +00:00