Kent 'picat' Gruber
447dd528f6
Merge pull request #10023 from hashicorp/fix-raw-kv-xss
...
Add content type headers to raw KV responses
2021-04-15 09:48:14 -04:00
R.B. Boyer
cbf1e5d3e9
Merge pull request #10026 from hashicorp/1.8.x-fix-wan-ipv6-key
...
[1.8.x] Fix advertise_addr_wan_ipv6 configuration key
2021-04-14 16:53:04 -05:00
Daniel Nephin
685c09ef78
Merge pull request #10029 from hashicorp/dnephin/backport-auth-methods-fix-1.8.x
...
[1.8.x] backport snapshot of ACL Auth Methods bug fix
2021-04-14 17:49:20 -04:00
Daniel Nephin
1cc59bd0cf
Merge pull request #9851 from panascais-forks/fix-wan-ipv6-key
...
Fix advertise_addr_wan_ipv6 configuration key
2021-04-14 16:29:28 -05:00
Daniel Nephin
168e8da213
Merge pull request #10025 from hashicorp/dnephin/fix-snapshot-auth-methods
...
snapshot: fix saving of auth methods
2021-04-14 17:25:13 -04:00
Daniel Nephin
477cbb5678
Merge pull request #10014 from hashicorp/dnephin/changelog
...
Add changelog for enterprise change
2021-04-14 18:10:18 +00:00
Matt Keeler
46de6ba9ca
Backport 10013: Move static token resolution into the ACLResolver ( #10013 ) ( #10017 )
...
# Conflicts:
# agent/acl.go
# agent/acl_test.go
# agent/agent.go
# agent/ui_endpoint.go
2021-04-14 13:04:32 -04:00
R.B. Boyer
89e4e3d534
[1.8.x] command: when generating envoy bootstrap configs to stdout do not mix informational logs into the json ( #9985 )
...
Backport of #9980 to `1.8.x`
Conflicts:
- just the generated golden command/ files
- envoy.go and envoy_test.go
2021-04-07 15:00:33 -05:00
Hans Hasselberg
0d0f14f901
introduce certopts ( #9606 )
...
* introduce cert opts
* it should be using the same signer
* lint and omit serial
2021-03-22 09:17:23 +00:00
Daniel Nephin
3ade77cd2e
Merge pull request #8698 from pierreca/fix-iserreof
...
Use errors.Is() in IsErrEOF()
2021-03-16 21:57:09 +00:00
Daniel Nephin
a0d47afb93
Merge pull request #9853 from hashicorp/dnephin/fix-ci-nomad-integ
...
ci: update config for nomad main branch rename
2021-03-09 20:29:26 +00:00
hashicorp-ci
f0b9dc7175
Putting source back into Dev Mode
2021-03-05 16:59:15 +00:00
hashicorp-ci
ceef4d6ada
Release v1.8.9
2021-03-04 19:22:48 +00:00
hashicorp-ci
1f92b6cb84
update bindata_assetfs.go
2021-03-04 19:22:47 +00:00
Mike Morris
bad702cc73
changelog: add unreleased entries for v1.8.9, remove v1.8.9-beta1 section
2021-03-04 14:12:46 -05:00
John Cowen
24981a6c68
ui: Remove any trailing fullstop/period DNS characters from Gateways UI API ( #9752 )
...
Previous to this commit, the API response would include Gateway
Addresses in the form `domain.name.:8080`, which due to the addition of
the port is probably not the expected response.
This commit rightTrims any `.` characters from the end of the domain
before formatting the address to include the port resulting in
`domain.name:8080`
2021-02-25 09:36:43 +00:00
R.B. Boyer
76795ae6d6
test: omit envoy golden test files that differ from the latest version ( #9824 )
...
backport of #9807 to 1.8.x
2021-02-24 15:49:32 -06:00
R.B. Boyer
46edc401ad
connect: if the token given to the vault provider returns no data avoid a panic ( #9806 )
...
Improves #9800
2021-02-22 20:09:25 +00:00
R.B. Boyer
58f068f53a
[1.8.x] test: remove warnings and ensure the expose checks envoy test actually runs ( #9804 )
2021-02-22 14:02:08 -06:00
R.B. Boyer
40987a2b69
xds: only try to create an ipv6 expose checks listener if ipv6 is supported by the kernel ( #9794 )
...
1.8.x backport of #9765
Conflicts:
- agent/xds/listeners_test.go
- test/integration/connect/envoy/helpers.bash
- agent/xds/testdata (different envoy versions)
2021-02-22 10:45:40 -06:00
hashicorp-ci
88fe6f6bd7
Putting source back into Dev Mode
2021-02-11 19:44:58 +00:00
hashicorp-ci
2f27ba6d38
Release v1.8.9-beta1
2021-02-11 19:00:48 +00:00
hashicorp-ci
b18269d20a
update bindata_assetfs.go
2021-02-11 19:00:47 +00:00
Matt Keeler
80bb529f98
Update CHANGELOG.md for the 1.8.9-beta1 release ( #9757 )
2021-02-11 13:29:09 -05:00
R.B. Boyer
22640c9e87
[1.8.x] connect: update supported envoy point releases to 1.14.6, 1.13.7, 1.12.7, 1.11.2 ( #9739 )
...
selective backport of #9737
2021-02-10 13:11:51 -06:00
R.B. Boyer
415be133fa
connect: connect CA Roots in the primary datacenter should use a SigningKeyID derived from their local intermediate ( #9428 ) ( #9734 )
...
1.8.x backport of #9428
2021-02-09 16:55:22 -06:00
Matt Keeler
5b543790d2
Backport to release/1.8.x: #9738 - Stop background refresh of cached data for requests that result in ACL not found errors ( #9742 )
2021-02-09 11:32:38 -05:00
Freddy
c18a218bbb
Avoid potential proxycfg/xDS deadlock using non-blocking send
2021-02-08 23:18:38 +00:00
R.B. Boyer
556b8bd1c2
server: use the presense of stored federation state data as a sign that we already activated the federation state feature flag ( #9519 )
...
This way we only have to wait for the serf barrier to pass once before
we can make use of federation state APIs Without this patch every
restart needs to re-compute the change.
2021-02-08 19:30:58 +00:00
R.B. Boyer
eed2302b43
xds: prevent LDS flaps in mesh gateways due to unstable datacenter lists ( #9651 )
...
Also fix a similar issue in Terminating Gateways that was masked by an overzealous test.
2021-02-08 16:20:37 +00:00
R.B. Boyer
bb5c2e802b
xds: deduplicate mesh gateway listeners in a stable way ( #9650 )
...
In a situation where the mesh gateway is configured to bind to multiple
network interfaces, we use a feature called 'tagged addresses'.
Sometimes an address is duplicated across multiple tags such as 'lan'
and 'lan_ipv4'.
There is code to deduplicate these things when creating envoy listeners,
but that code doesn't ensure that the same tag wins every time. If the
winning tag flaps between xDS discovery requests it will cause the
listener to be drained and replaced.
2021-02-05 22:28:57 +00:00
Hans Hasselberg
e6584182f2
Add flags to support CA generation for Connect ( #9585 )
2021-01-27 07:55:31 +00:00
Matt Keeler
bb8386316d
Add changelog entry for change to the temporary client license duration ( #9642 )
2021-01-26 21:15:53 +00:00
R.B. Boyer
685c38a1b1
server: initialize mgw-wanfed to use local gateways more on startup ( #9528 )
...
Fixes #9342
2021-01-25 23:31:28 +00:00
R.B. Boyer
17e16f708f
chore: [1.8.x] regenerate envoy golden files ( #9635 )
...
Backport of #9634
2021-01-25 15:34:50 -06:00
hashicorp-ci
dd110e8c74
Merge branch 'release/1.8.8' into remote-x
2021-01-22 20:17:04 +00:00
hashicorp-ci
6bb9524dd8
Putting source back into Dev Mode
2021-01-22 20:16:59 +00:00
hashicorp-ci
1a7f21a061
Release v1.8.8
2021-01-22 18:50:03 +00:00
hashicorp-ci
e2f9307430
update bindata_assetfs.go
2021-01-22 18:50:02 +00:00
Mike Morris
a2da08bd6b
changelog: add unreleased entries for v1.8.8
2021-01-22 11:44:54 -05:00
Alvin Huang
6976289413
ci: fix logic for check-vendor ( #9619 )
2021-01-22 11:39:09 -05:00
Alvin Huang
acb9b4ccaa
ci: fix logic for check-vendor ( #9619 )
2021-01-22 16:37:23 +00:00
R.B. Boyer
f135c3b64e
server: when wan federating via mesh gateways only do heuristic primary DC bypass on the leader ( #9366 )
...
Fixes #9341
2021-01-22 16:07:11 +00:00
Alvin Huang
4d470f9822
ci: change check-vendor to verify git status has no changes ( #9615 )
2021-01-21 23:30:07 +00:00
Matt Keeler
7cddf128e9
Backport #9570 to release/1.8.x: Ensure that CA initialization does not block leader election. ( #9571 )
...
Backport of PR: 9570
After fixing that bug I uncovered a couple more:
Fix an issue where we might try to cross sign a cert when we never had a valid root.
Fix a potential issue where reconfiguring the CA could cause either the Vault or AWS PCA CA providers to delete resources that are still required by the new incarnation of the CA.
Ensure that CA initialization does not block leader election.
After fixing that bug I uncovered a couple more:
Fix an issue where we might try to cross sign a cert when we never had a valid root.
Fix a potential issue where reconfiguring the CA could cause either the Vault or AWS PCA CA providers to delete resources that are still required by the new incarnation of the CA.
2021-01-21 09:04:30 -05:00
Matt Keeler
87f7bb475c
Fix flaky test by marking mock expectations as optional ( #9596 )
...
These expectations are optional because in a slow CI environment the deadline to cancell the context might occur before the go routine reaches issuing the RPC. Either way we are successfully ensuring context cancellation is working.
2021-01-20 15:59:13 +00:00
Alvin Huang
7bb043a42d
rename envoy job names for circleci config linter
2021-01-19 13:19:26 -05:00
Alvin Huang
383dd32bdf
modify aws assume role circleci command
2021-01-19 13:17:14 -05:00
Daniel Nephin
d399690ae4
Merge pull request #9520 from hashicorp/dnephin/1.8.x-fix-integration-test-fail
...
[1.8.x] Pin alpine/socat image to a version
2021-01-07 11:59:37 -05:00
Daniel Nephin
eeb3b85122
Pin alpine/socat image to a version.
...
To fix failing integration tests. The latest version (`1.7.4.0-r0`)
appears to not be catting all the bytes, so the expected metrics are
missing in the output.
2021-01-06 18:44:02 -05:00