* Add HCCLink resource type
* Register HCCLink resource type with basic validation
* Add validation for required fields
* Add test for default ACLs
* Add no-op controller for HCCLink
* Add resource-apis semantic validation check in hcclink controller
* Add copyright headers
* Rename HCCLink to Link
* Add hcp_cluster_url to link proto
* Update 'disabled' reason with more detail
* Update link status name to consul.io/hcp/link
* Change link version from v1 to v2
* Use feature flag/experiment to enable v2 resources with HCP
ci: Set Go version consistently via .go-version
Ensure Go version is determined consistently for CI and Docker builds
rather than spread across several different files.
The intent is to eventually replace this with use of the `toolchain`
directive in Go 1.21.
Adjust type + field names for ComputedExportedServices
The existing type and field names in `ComputedExportedServices` are confusing to work with.
For example, the mechanics of looping through services and their consumers wind up being:
```go
// The field name here doesn't reflect what is actually at each index of the list
for _, service := range exportedServices.Consumers {
for _, consumer := range service.Consumers {
// The prefix matching the type here causes stutter when reading and
// isn't consistent with naming conventions for tenancy in pbresource
tenancy := consumer.ConsumerTenancy
}
}
```
* Update SCADA provider version
Also update mocks for SCADA provider.
* Create SCADA provider w/o HCP config, then update
Adds a placeholder config option to allow us to initialize a SCADA provider
without the HCP configuration. Also adds an update method to then add the
HCP configuration. We need this to be able to eventually always register a
SCADA listener at startup before the HCP config values are known.
* Pass cloud configuration to HCP manager
Save the entire cloud configuration and pass it to the HCP
manager.
* Update and start SCADA provider in HCP manager
Move config updating and starting to the HCP manager. The HCP manager
will eventually be responsible for all processes that contribute
to linking to HCP.
* NET-6945 - Replace usage of deprecated Envoy field envoy.config.core.v3.HeaderValueOption.append
* update proto for v2 and then update xds v2 logic
* add changelog
* Update 20078.txt to be consistent with existing changelog entries
* swap enum values tomatch envoy.
* NET-6946 - Replace usage of deprecated Envoy field envoy.config.route.v3.HeaderMatcher.safe_regex_match
* removing unrelated changes
* update golden files
* do not set engine type
We've noticed runners appearing to become resource-starved during heavy
CI traffic. While we should try to prevent this by limiting the
scanner's CPU consumption, increasing the runner size should help in the
interim.
* NET-6426 Create ProxyStateTemplate when reconciling MeshGateway resource
* Add TODO for switching fetch method based on gateway type
* Use gateway-kind in workload metadata instead of owner reference
* Create ProxyStateTemplate builder for gatewayproxy controller
* Update to use new controller interface
* Add copyright headers
* Set correct name for ProxyStateTemplate identity reference
* Generate empty ProxyStateTemplate by fetching MeshGateway
This cheats and looks up the MeshGateway directly. In the future, we will need a Workload => xGateway mapper
* Specify owner reference when writing ProxyStateTemplate
* Update dependency mapper to account for multiple controllers per resource type
* Regenerate v2 resource dependencies map
* Add helpful trace logs, tag TODOs with ticket identifiers
* NET-6899 Create name-aligned Service when reconciling MeshGateway resource
The Service has an owner reference added to it indicating that it belongs to a MeshGateway
* Specify port list when creating Service
* Use constants, add TODO w/ ticket reference
* Include gateway-kind in metadata of Service resource
* security: re-enable security scan release block
This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.
* security: run security scans on main and release branches
* NET-6663 Modify sidecarproxy controller to skip xGateway resources
* Check workload metadata after nil-check for workload
* Add test asserting that workloads with meta gateway-kind are ignored
* Use more common pattern for map access to increase readability
This commit fixes an issue where the partition was not properly set
on the peering query failover target created from sameness-groups.
Before this change, it was always empty, meaning that the data
would be queried with respect to the default partition always. This
resulted in a situation where a PQ that was attempting to use a
sameness-group for failover would select peers from the default
partition, rather than the partition of the sameness-group itself.