Phil Renaud
0cc0fa7188
[ui] Simple url sanitization for get-env and document.cookie ( #21711 )
...
Simple url sanitization for get-env and document.cookie
2024-09-12 12:27:22 -04:00
John Maguire
a3ac555a5e
[NET-10952] fix cluster dns lookup family to gracefully handle ipv6 ( #21703 )
...
* update jwks cluster creation to gracefully handle ipv6
* update unit tests for dns lookup family
* Add changelog
2024-09-12 15:37:36 +00:00
sarahalsmiller
320b708b9f
Bump Envoy, remove support for unsupported versions ( #21616 )
...
* bump envoy
* changelog
* drop breaking change note
* update docs
* udpate port tests
2024-09-12 15:32:18 +00:00
Deniz Onur Duzgun
1a62917ad1
security: triage vendor alerts ( #21716 )
...
* security: triage vendor alerts
* add wildcard to vendor
2024-09-12 15:08:20 +00:00
Phil Renaud
35ffb312b0
[ui] Pin a newer version of Braces ( #21710 )
...
Pin a newer version of Braces
2024-09-11 16:24:58 -04:00
sarahalsmiller
07fae7bb0b
[Security] Fix XSS Vulnerability where content-type header wasn't explicitly set ( #21704 )
...
* explicitly add content-type anywhere possible and add middleware to set and warn
* added tests, fixed typo
* clean up unused constants
* changelog
* fix call order in middleware
2024-09-11 14:23:21 -05:00
sarahalsmiller
876a0a7778
Update security-scan.hcl ( #21707 )
2024-09-11 19:21:45 +00:00
Anita Akaeze
7653ffb0a5
security: Upgrade Go to 1.22.7 ( #21705 )
...
* security: Upgrade Go to 1.22.7
* add changelog
2024-09-10 15:07:05 -07:00
John Murret
8d2178d83d
exclude release branches for 1.15 thru 1.18 ( #21682 )
2024-09-09 11:19:26 -06:00
Brian Mathiyakom
e4d4435099
Fix the server/client typo in the Agent docs ( #21675 )
2024-09-06 10:01:24 -07:00
R.B. Boyer
3e6f1c1fe1
remove v2 tenancy, catalog, and mesh ( #21592 )
...
* remove v2 tenancy, catalog, and mesh
- Inline the v2tenancy experiment to false
- Inline the resource-apis experiment to false
- Inline the hcp-v2-resource-apis experiment to false
- Remove ACL policy templates and rule language changes related to
workload identities (a v2-only concept) (e.g. identity and
identity_prefix)
- Update the gRPC endpoint used by consul-dataplane to no longer respond
specially for v2
- Remove stray v2 references scattered throughout the DNS v1.5 newer
implementation.
* changelog
* go mod tidy on consul containers
* lint fixes from ENT
---------
Co-authored-by: John Murret <john.murret@hashicorp.com>
2024-09-05 08:50:46 -06:00
Michael Zalimeni
188af1ccb0
test: fix Envoy int tests and add container logs ( #21674 )
...
Correctly set the the version of Consul built by the `dev-build` job,
which is then copied into the Consul dev image used in integration
tests.
This was causing failures starting sidecar proxies via `consul connect
envoy` due to a mismatch between the (incorrect) Consul binary's
supported Envoy versions and the (correct) Envoy version under test.
Also add debug log uploads to each int test so we can more easily
diagnose this sort of failure in the future, as it was entirely hidden
in test output.
2024-08-30 16:25:27 -04:00
Deniz Onur Duzgun
64683180f3
security(deps): bump aws-sdk-go to v1.55.5 ( #21684 )
...
* security(deps): bump aws-sdk-go to v1.55.5
* add changelog
* edit changelog
2024-08-29 17:04:51 +00:00
Aimee Ukasick
c1d0fc938a
Docs CE-709: Remove circular links ( #21685 )
...
Docs CE-70: Remove circular links
Remove links to tutorials that no longer exist and redirect back
to the ACL overview page.
2024-08-29 11:57:32 -05:00
Jorge Marey
d12f9cf4d1
Set replication metric to 0 when losing leadership ( #20665 )
...
* Set replication metric to 0 when losing leadership
* Fix replication metrics on replication.go also
---------
Co-authored-by: sarahalsmiller <100602640+sarahalsmiller@users.noreply.github.com>
2024-08-29 16:51:44 +00:00
John Murret
ab794b59f8
update version, changelog, and submodules after 1.19.2, 1.18.4, 1.17.7 and 1.15.14 releases ( #21676 )
...
* update changelog
* Update CHANGELOG.md
* remove duplicate 1.19.1 section
* update version
* update go.mod with most recent modules
2024-08-28 09:39:12 -06:00
John Murret
f187b92e3a
run integration tests on push in main and release/* ( #21666 )
...
* run integration tests on push in main and release/*
* Update .github/workflows/test-integrations.yml
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
---------
Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2024-08-26 20:12:54 +00:00
John Murret
9c02eff1cd
add module retractions ( #21665 )
2024-08-26 17:49:51 +00:00
Michael Zalimeni
2a99624859
test: update pause Docker image in Envoy int tests ( #21659 )
...
k8s.gcr.io has been migrated to registry.k8s.io for several years now,
and the old registry is being shut down, causing image pull failures.
Update to target the new registry when pulling the pause image used in
Envoy integration tests.
2024-08-26 16:39:35 +00:00
Poonam Jadhav
cc2c8fb92b
NET-5912/service-defaults protocol validation ( #21593 )
...
* fix: add validation for protocol field on service-defaults config entry
* test: update test cases with correct protocol
2024-08-26 11:10:57 -04:00
Michael Zalimeni
5710cbd7ba
ci: fix workflow graph for 1.18 Envoy int tests ( #21642 )
...
This branch is no longer active on CE, so its jobs should all be skipped
via check-ent. One job was missed so it fails nightly right now.
2024-08-22 17:32:01 +00:00
John Murret
53c225b198
add build support script to print out the submodule versions required in other submodules ( #21635 )
...
* add build support script to print out the submodule versions required in other submodules
* update help and usage. exclude current submodule in output.
2024-08-22 15:59:33 +00:00
John Maguire
0e47b380b2
[NET-10774] Fix Group Reference in GatewayPolcy Docs ( #21625 )
...
fix group reference for gateway policy
2024-08-20 12:33:07 -04:00
John Maguire
9d06fc3380
remove consul-k8s submodule ( #21622 )
2024-08-20 15:18:13 +00:00
Nitya Dhanushkodi
ed738a6f98
fix: use Envoy's default for validate_clusters to fix breaking routes when some backend clusters don't exist ( #21587 )
2024-08-19 22:39:28 -07:00
John Maguire
b88ddb8f9f
update goldenfile checker for running in ent repo ( #21617 )
2024-08-19 18:14:13 +00:00
John Maguire
bc4c479a31
[NET-10737] Add CI Checks for Generated Testdata ( #21613 )
...
* Add checks to CI to ensure that generated golden files for xds tests are up to date
* fix file permissions
* debugging
* more debugging
* more debugging
* more debugging
* more debugging
* I can't type
* this might be correct
* removing debug prints
2024-08-19 11:49:05 -04:00
John Murret
f76da16000
Fix TestDNS_ServiceLookup_ARecordLimits so that it only creates test agents the minimal amount of time ( #21608 )
...
* get rid of unused column
* get rid of duplicate section now that deletion of unused column makes the section duplicate..
* explicit set protocol rathern than infer it in checkDNSService
* explicit have attribute for whether to set EDNS0 in the test cases rathern than infer it in checkDNSService
* now modify so that test agents are only created for each unique configuration which is based on the a_record_limit.
* Fix TestDNS_ServiceLookup_AnswerLimits so that it only creates test agents the minimal amount of time. (#21609 )
Fix TestDNS_ServiceLookup_AnswerLimits so that it only creates test agents the minimal amount of time
2024-08-15 18:09:09 +00:00
danielehc
e2bb1b76cc
CE-657 - Move Application leader election tutorial to docs ( #21366 )
...
* First commit
* Fix navigation
* Add some commands
* Structure draft
* Complete usage doc structure
* Fix link
* Apply suggestions from code review
Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Apply suggestions from code review
* Replace tutorial path
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---------
Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
2024-08-15 09:07:30 +02:00
John Maguire
58fad92cd3
fix where jwt clusters are generated ( #21606 )
2024-08-14 20:03:00 +00:00
John Maguire
1fa428552b
[NET-10719] Fix cluster generation for jwt clusters for external jwt providers ( #21604 )
...
* Fix cluster generation for jwt clusters for external jwt providers
* add changelog
2024-08-14 15:41:02 -04:00
John Maguire
8555404662
[NET-10733] fix generation of xds resources ( #21603 )
...
fix generation of xds resources
2024-08-14 15:00:00 -04:00
Michael Zalimeni
a570858a35
docs: Update compatibility.mdx for OpenShift ( #21600 )
...
Remove note that OpenShift 4.16 is not yet available, now that it's been released.
It will be added to the matrix in a future update once we've tested compatibility across eligible `consul-k8s` versions.
2024-08-14 12:59:13 -04:00
John Murret
dcad90639f
NET-10685 - Remove dns v2 code ( #21598 )
...
* NET-10685 - Remove dns v2 code
* adding missing erro
* add missing license info.
2024-08-13 16:53:48 -06:00
danielehc
89618f9e37
CE-655 - Moving DNS forwading tutorial to docs ( #21348 )
...
* First commit
* Add page to navigation
* test new doc page
* Update website/content/docs/services/discovery/dns-forwarding.mdx
* Update website/content/docs/services/discovery/dns-forwarding.mdx
* fix push build atttempt
* Draft
* Draft
* empty line
* Draft
* empty lines
* Draft
* First draft
* Create documentation for Argo Rollouts Plugin. (#20680 )
* Create documentation for Argo Rollouts Plugin.
* Create documentation for Argo Rollouts Plugin.
* Apply suggestions from code review
Co-authored-by: David Yu <dyu@hashicorp.com>
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update docs based on feedback
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/k8s/deployment-configurations/argo-rollouts-configuration.mdx
* Update website/content/docs/k8s/deployment-configurations/argo-rollouts-configuration.mdx
---------
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>
* Split content and add images
* Fix navigation
* Add links and context
* Restructure changes
* Fix enable documentation
* Fix enable documentation
* Fix index documentation
* Add troubleshooting and fix codeblocks
* Add troubleshooting and fix codeblocks
* Typos and last checks
* Apply suggestions from code review
Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/services/discovery/dns-forwarding/enable.mdx
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Add dark mode images
* Add dark mode images
* Apply suggestions from code review
---------
Co-authored-by: boruszak <jeffrey.boruszak@hashicorp.com>
Co-authored-by: Ashwin Venkatesh <ashwin@hashicorp.com>
Co-authored-by: David Yu <dyu@hashicorp.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
Co-authored-by: Michael Wilkerson <62034708+wilkermichael@users.noreply.github.com>
Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
2024-08-13 14:52:12 +02:00
sarahalsmiller
929d602dbb
ui: Upgrade d3 packages to update color dependency ( #21588 )
...
* upgrade d3 packages to update color dependency
* yarn package bump
* deps moved into devdeps
---------
Co-authored-by: Phil Renaud <phil@riotindustries.com>
2024-08-12 09:52:16 -04:00
sarahalsmiller
779d3c3eda
Suppress CVE-2024-7264 ( #21590 )
...
supress curl error
2024-08-07 20:55:48 +00:00
John Murret
c526659b7f
NET-10610 - stop logging no data as errors in DNS lookups ( #21578 )
2024-08-01 11:23:19 -06:00
Michael Zalimeni
588730c49f
ci: use workflow-scoped GH PAT for backports ( #21570 )
...
This is necessary to allow backporting changes to GHA workflows, and
mirrors the token use in the CE->Ent merge workflow.
2024-07-30 16:34:40 -04:00
Michael Zalimeni
01ae0d3d38
ci: Update backport-assistant to 0.4.4 ( #21572 )
...
Update backport-assistant to 0.4.4
2024-07-30 16:20:41 -04:00
Krastin Krastev
bbc5229362
docs: Clarify cluster peering vs WAN federation comparison ( #21568 )
...
cluster peering: remove shared KV store bulletpoint
2024-07-30 16:24:25 +03:00
John Maguire
e601d7e0e9
[NET-7787] Update JWT docs for APIGateway ( #20800 )
...
* Update k8s docs
* Update jwt docs with examples
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update docs to follow style guide, use CodeBlockConfig, remove section
to apply the configuration for k8s docs
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Update website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---------
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-07-24 17:56:44 +00:00
Krastin Krastev
5a74bb6d5a
docs/WAF: failure zones refresh ( #21545 )
...
* failure zones initial commit
* Apply suggestions from code review
Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
* Update improving-consul-resilience.mdx
Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
* typo
* adding diagrams
* fixing inline bulletpoint image
* adding light and dark diagrams
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* fix links in article
* fix inline alert render
---------
Co-authored-by: Aimee Ukasick <aimee.ukasick@hashicorp.com>
Co-authored-by: danielehc <40759828+danielehc@users.noreply.github.com>
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-07-22 16:43:36 +03:00
Aimee Ukasick
654528ca60
DOCS: CE-556 Add partition parameter to API endpoint docs ( #21374 )
...
* CD-556 rename partition partial that's only used in CLI
Update CLI pages for partial rename
API: Add partial for partition as body option
API: Add partial for partition as query parameter
Update API peering and members pages
* acl/auth-methods.mdx
Update partition partials to be generic
* binding-rules.mdx, policies.mdx
* roles.mdx, templated-policies.mdx
* tokens.mdx, catalog.mdx, config.mdx, intentions.mdx
* service.mdx, exported-services.mdx, kv.mdx, namespaces.mdx
* Apply suggestions from code review
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
* Add partial to acl/auth-methods.mdx
Fix headings indent in a few files.
* Update website/content/api-docs/acl/auth-methods.mdx
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
---------
Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-07-18 12:02:45 -05:00
Nathan Coleman
a9d92d020d
Add changelog entries for 1.15.13, 1.17.6, 1.18.3 and 1.19.1 ( #21539 )
2024-07-11 10:15:22 -05:00
John Maguire
c0faddbe1f
[NET-10246] use correct enterprise meta for service name for LinkedService ( #21382 )
...
* use correct enterprise meta for service name for LinkedService
* add changelog
2024-07-10 10:55:53 -04:00
Nathan Coleman
bc6e889eef
Use vault.centos.org instead of mirror.centos.org ( #21530 )
...
The latter is no longer resolvable since CentOS 7 is EOL
2024-07-09 14:58:22 -04:00
Nathan Coleman
ab3d5c74ab
Use debian:12 instead of centos:7 for artifact verification ( #21527 )
...
CentOS 7 has entered End of Life as of June 30, 2024. Debian 12 is available from Docker and offers linux/386 architecture support
2024-07-09 16:21:51 +00:00
Nathan Coleman
8d2370da76
[NET-10290] Update ENVOY_VERSIONS ( #21524 )
...
* [NET-10290] Update ENVOY_VERSIONS
* Add changelog entry
* Link to CVE for more info in changelog entry
Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
---------
Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
2024-07-08 18:59:51 -04:00
Phil Renaud
dce6241869
[ui] File-specified deps for consul-ui ( #21378 )
...
* Namespaced and file-specified deps
* Pinning to a specific version of tailwind and setting config for js packages to come from npmjs
* Pin glob instead of reverting tailwind or any other (grand)parent dependency
* ember-cli-build fixed path resolution for now-namespaced submodules
* Dropping the namespace prefix and relying on relative pathing
2024-07-08 16:36:29 -04:00