* Move status condition for invalid certifcate to reference the listener
that is using the certificate
* Fix where we set the condition status for listeners and certificate
refs, added tests
* Add changelog
* Add MaxEjectionPercent to config entry
* Add BaseEjectionTime to config entry
* Add MaxEjectionPercent and BaseEjectionTime to protobufs
* Add MaxEjectionPercent and BaseEjectionTime to api
* Fix integration test breakage
* Verify MaxEjectionPercent and BaseEjectionTime in integration test upstream confings
* Website docs for MaxEjectionPercent and BaseEjection time
* Add `make docs` to browse docs at http://localhost:3000
* Changelog entry
* so that is the difference between consul-docker and dev-docker
* blah
* update proto funcs
* update proto
---------
Co-authored-by: Maliz <maliheh.monshizadeh@hashicorp.com>
* TProxy integration test
* Fix GHA compatibility integration test command
Previously, when test splitting allocated multiple test directories to a
runner, the workflow ran `go tests "./test/dir1 ./test/dir2"` which
results in a directory not found error. This fixes that.
This is being added so that metrics sent to HCP can be augmented with the source node's ID.
Opting not to add this to stats_tag out of caution, since it would increase the cardinality of metrics emitted by Envoy for all users.
There is no functional impact to Envoy expected from this change.
* Fix straggler from renaming Register->RegisterTypes
* somehow a lint failure got through previously
* Fix lint-consul-retry errors
* adding in fix for success jobs getting skipped. (#17132)
* Temporarily disable inmem backend conformance test to get green pipeline
* Another test needs disabling
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* fix runner calculation to exclude the top level directory as part of the calculation
* fix the logic for generating the directories/functions
* De-scope tenenacy requirements to OSS only for now. (#17087)
Partition and namespace must be "default"
Peername must be "local"
* Fix virtual services being included in intention topology as downstreams. (#17099)
* Merge pull request #5200 from hashicorp/NET-3758 (#17102)
* Merge pull request #5200 from hashicorp/NET-3758
NET-3758: connect: update supported envoy versions to 1.26.0
* lint
* CI: remove uneeded AWS creds from test-integrations (#17104)
* Update test-integrations.yml
* removing permission lies now that vault is not used in this job.
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* update based on feedback
---------
Co-authored-by: Semir Patel <semir.patel@hashicorp.com>
Co-authored-by: Derek Menteer <105233703+hashi-derek@users.noreply.github.com>
Co-authored-by: Anita Akaeze <anita.akaeze@hashicorp.com>
Co-authored-by: Dan Bond <danbond@protonmail.com>
* normalize status conditions for gateways and routes
* Added tests for checking condition status and panic conditions for
validating combinations, added dummy code for fsm store
* get rid of unneeded gateway condition generator struct
* Remove unused file
* run go mod tidy
* Update tests, add conflicted gateway status
* put back removed status for test
* Fix linting violation, remove custom conflicted status
* Update fsm commands oss
* Fix incorrect combination of type/condition/status
* cleaning up from PR review
* Change "invalidCertificate" to be of accepted status
* Move status condition enums into api package
* Update gateways controller and generated code
* Update conditions in fsm oss tests
* run go mod tidy on consul-container module to fix linting
* Fix type for gateway endpoint test
* go mod tidy from changes to api
* go mod tidy on troubleshoot
* Fix route conflicted reason
* fix route conflict reason rename
* Fix text for gateway conflicted status
* Add valid certificate ref condition setting
* Revert change to resolved refs to be handled in future PR
* added method for converting SamenessGroupConfigEntry
- added new method `ToQueryFailoverTargets` for converting a SamenessGroupConfigEntry's members to a list of QueryFailoverTargets
- renamed `ToFailoverTargets` ToServiceResolverFailoverTargets to distinguish it from `ToQueryFailoverTargets`
* Added SamenessGroup to PreparedQuery
- exposed Service.Partition to API when defining a prepared query
- added a method for determining if a QueryFailoverOptions is empty
- This will be useful for validation
- added unit tests
* added method for retrieving a SamenessGroup to state store
* added logic for using PQ with SamenessGroup
- added branching path for SamenessGroup handling in execute. It will be handled separate from the normal PQ case
- added a new interface so that the `GetSamenessGroupFailoverTargets` can be properly tested
- separated the execute logic into a `targetSelector` function so that it can be used for both failover and sameness group PQs
- split OSS only methods into new PQ OSS files
- added validation that `samenessGroup` is an enterprise only feature
* added documentation for PQ SamenessGroup
* Update test-integrations.yml
* removing permission lies now that vault is not used in this job.
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
* Bump raft to 1.5.0
* Add CHANGELOG entry
* Add CHANGELOG entry with right extension (thanks VSCode)
* Add CHANGELOG entry with right extension (thanks VSCode)
* Go mod tidy
* use proper TOTAL_RUNNER setting when generating runner matrix. if matrix size is smaller than total_runners, use the smaller number
* try again
* try again 2
* try again 3
* try again 4
* try again 5
* try scenario where number is less
* reset
* get rid of cat "$GITHUB_OUTPUT"
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* removing push trigger that was added for debug
---------
Co-authored-by: Dan Bond <danbond@protonmail.com>
* use proper TOTAL_RUNNER setting when generating runner matrix. if matrix size is smaller than total_runners, use the smaller number
* try again
* try again 2
* try again 3
* try again 4
* try again 5
* try scenario where number is less
* reset
* get rid of cat "$GITHUB_OUTPUT"
* Apply suggestions from code review
Co-authored-by: Dan Bond <danbond@protonmail.com>
* removing push trigger that was added for debug
---------
Co-authored-by: Dan Bond <danbond@protonmail.com>
Before this change, we were not fetching service resolvers (and therefore
service defaults) configuration entries for services on members of sameness
groups.
This implements permissive mTLS , which allows toggling services into "permissive" mTLS mode.
Permissive mTLS mode allows incoming "non Consul-mTLS" traffic to be forward unmodified to the application.
* Update service-defaults and proxy-defaults config entries with a MutualTLSMode field
* Update the mesh config entry with an AllowEnablingPermissiveMutualTLS field and implement the necessary validation. AllowEnablingPermissiveMutualTLS must be true to allow changing to MutualTLSMode=permissive, but this does not require that all proxy-defaults and service-defaults are currently in strict mode.
* Update xDS listener config to add a "permissive filter chain" when MutualTLSMode=permissive for a particular service. The permissive filter chain matches incoming traffic by the destination port. If the destination port matches the service port from the catalog, then no mTLS is required and the traffic sent is forwarded unmodified to the application.
* add test-integrations workflow
* add test-integrations success job
* update vault integration testing versions (#16949)
* change parallelism to 4 forgotestsum. use env.CONSUL_VERSION so we can see the version.
* use env for repeated values
* match test to circleci
* fix envvar
* fix envvar 2
* fix envvar 3
* fix envvar 4
* fix envvar 5
* make upgrade and compatibility tests match circleci
* run go env to check environment
* debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* revert debug docker
Signed-off-by: Dan Bond <danbond@protonmail.com>
* going back to command that worked 5 days ago for compatibility tests
* Update Envoy versions to reflect changes in #16889
* cd to test dir
* try running ubuntu latest
* update PR with latest changes that work in enterprise
* yaml still sucks
* test GH fix (localhost resolution)
* change for testing
* test splitting and ipv6 lookup for compatibility and upgrade tests
* fix indention
* consul as image name
* remove the on push
* add gotestsum back in
* removing the use of the gotestsum download action
* yaml sucks today just like yesterday
* fixing nomad tests
* worked out the kinks on enterprise
---------
Signed-off-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: John Eikenberry <jae@zhar.net>
Co-authored-by: Dan Bond <danbond@protonmail.com>
Co-authored-by: Nathan Coleman <nathan.coleman@hashicorp.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>