Commit Graph

21065 Commits

Author SHA1 Message Date
Michael Zalimeni cc14ccf34a
[NET-6617] security: Bump github.com/golang-jwt/jwt/v4 to 4.5.0 (#19705)
security: Bump github.com/golang-jwt/jwt/v4 to 4.5.0

This version is accepted by Prisma/Twistlock, resolving scan results for
issue PRISMA-2022-0270. Chosen over later versions to avoid a major
version with breaking changes that is otherwise unnecessary.

Note that in practice this is a false positive (see
https://github.com/golang-jwt/jwt/issues/258), but we should update the
version to aid customers relying on scanners that flag it.
2023-11-27 11:03:26 -05:00
Ronald eded2ff347
[NET-6249] Add templated policies description (#19735) 2023-11-27 10:34:22 -05:00
Ronald c1dbf00a85
NET-6251 API gateway templated policy (#19728) 2023-11-24 17:55:05 +00:00
Poonam Jadhav 78f918a103
feat: create a default namespace (#19681)
* feat: create a default namespace on leader

* refactor: add comment and move inittenancy to leader file

* refactor: rephrase comment
2023-11-22 14:32:57 -05:00
Chris S. Kim 8fe0bd1cbd
Add docs for identity acl rules (#19713) 2023-11-22 12:29:43 -05:00
Semir Patel 7cf48bcbe1
Fix failing test in command/resource/read (#19722) 2023-11-22 17:04:54 +00:00
Ganesh S ba2422596f
Add tenancy tests for routes controller (#19706) 2023-11-22 21:52:10 +05:30
Semir Patel 0fdc2ac5e9
v2tenancy: namespace deletion using finalizers (#19714) 2023-11-22 10:06:11 -06:00
Valeriia Ruban f69c68e777
chore: add suffix to consul version in sidenav (#19660) 2023-11-21 09:47:16 -08:00
cskh d3bf47fe08
cli: add a string method to gvk struct (#19696) 2023-11-21 11:29:00 -05:00
Michael Zalimeni 8a89465e96
[SECVULN-1533] chore: Clarify iptables Provider interface docs (#19704)
chore: Clarify iptables Provider interface docs

Add docs clarifying constraints on use and return values.
2023-11-21 09:01:48 -05:00
aahel a28f4b7f37
optimized fetching services in exported service controller (#19695)
* optimized fetching services in exported service controller

* added aliases for some complex types
2023-11-21 12:21:22 +05:30
Michael Zalimeni 58cc6eded4
[SECVULN-1532] chore: Remove TODO comments for OIDC/JWT auth (#19700)
chore: Remove TODO comments for OIDC/JWT auth

Remove old TODO comments and update remaining comments for clarity.
2023-11-20 21:34:48 +00:00
Ashvitha bfb3a43648
Default "stats_flush_interval" to 1 minute for Consul Telemetry Collector (#19663)
* Set default of 1m for StatsFlushInterval when the collector is setup

* Add documentation on the stats_flush_interval value

* Do not default in two conditions 1) preconfigured sinks exist 2) preconfigured flush interval exists

* Fix wording of docs

* Add changelog

* Fix docs
2023-11-20 16:18:30 -05:00
Dhia Ayachi d7323ca22c
do not auto merge backports (#19694)
do not auto merge backport as there is a bug in backport assistant that could merge the entire main into release branches.
2023-11-20 11:51:39 -05:00
Chris S. Kim 5d7b1170af
Switch to github-actions format for integration tests (#19693) 2023-11-20 11:39:51 -05:00
Chris S. Kim 2f9bc5b0c3
Switch to github-actions format (#19667) 2023-11-20 09:55:51 -05:00
Dhia Ayachi f027d61014
fix a panic in the CLI when deleting an acl policy with an unknown name (#19679)
* fix a panic in the CLI when deleting an acl policy with an unknown name

* add changelog
2023-11-20 09:47:44 -05:00
Ronald 415491ff2b
[NET-6640] Add docs for binding type policy (#19677) 2023-11-20 14:44:30 +00:00
Mike Nomitch 302f994410
[NET-6640] Adds "Policy" BindType to BindingRule (#19499)
feat: add bind type of policy

Co-authored-by: Ronald Ekambi <ronekambi@gmail.com>
2023-11-20 13:11:08 +00:00
Valeriia Ruban 0058045969
fix: remove 2 tests to unblock consul-enterprise merges (#19687) 2023-11-20 07:12:27 -05:00
Ganesh S b45a6a3809
Update ECS compat matrix (#19675) 2023-11-19 20:35:34 +05:30
Valeriia Ruban 4dcbacff53
fix: temporary remove token policy test (#19683) 2023-11-17 17:51:10 -08:00
Iryna Shustava d05f67cebd
Add engineering docs for controllers and v2 architecture (#19671)
* add controller docs

* add v2 service mesh docs
2023-11-17 17:55:09 -07:00
cskh ce66433311
integ-test: fix upgrade test for CE (#19673)
* integ-test: fix upgrade test for CE
2023-11-17 12:34:30 -05:00
Semir Patel 75c2def1ca
resource: preserve deferred deletion metadata on non-CAS writes (#19674) 2023-11-17 10:51:25 -06:00
Ganesh S c061168aca
Add tests for traffic permissions controller (#19672) 2023-11-17 17:59:28 +05:30
cskh ecfeb7aac5
Integ test: enable upgrade test deployer 1.17 (#19669)
* integ test: add deployer upgrade test to 1.17.x nightly integ test

* checkout 1.17.x branch
2023-11-16 16:31:18 -05:00
Ronald ea0caa3e0f
[NET-6103] Enable query tokens by service name using templated policy (#19666) 2023-11-16 14:32:06 -05:00
Thomas Eckert d9432f9032
Add stub for MeshConfiguration proto (#19642)
* Add mesh_configuration.proto

* Run make proto

* Add cluster scope to MeshConfiguration

* Run make proto
2023-11-16 13:03:14 -05:00
sarahalsmiller 0c675433e0
Added Gatewayclassconfig resource type to proto package (#19664)
resource type + regen
2023-11-16 17:18:44 +00:00
cskh 04a3a3e8d0
Integ test (test/deployer): upgrade test with service mesh (#19658)
* Integ test (test/deployer): upgrade test with service mesh

* license
2023-11-15 19:32:37 -05:00
John Murret 2591318c82
Skip tests with p95 greater than 30 seconds outside of main and release branches. (#19628)
Skip tests with p95 greater than 30 seconds.
2023-11-15 13:43:33 -07:00
sarahalsmiller 5e5701e032
Timeout Docs Update (#19601)
* Update routetimeoutfilter.mdx

* Update website/content/docs/connect/gateways/api-gateway/configuration/routetimeoutfilter.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/connect/gateways/api-gateway/configuration/routetimeoutfilter.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

* Update website/content/docs/connect/gateways/api-gateway/configuration/routetimeoutfilter.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
2023-11-15 11:49:22 -06:00
sarahalsmiller 29042b2938
NET-6550 generate stubs for GatewayClassConfig (#19602)
* NET-6550 generate stubs

* gatewayclassconfig

* fix minor spacing issue

* fix minor spacing issue

* convert to snake case

* add ports

* snakecase
2023-11-15 17:07:01 +00:00
Semir Patel 1eed205286
resource: freeze resources after marked for deletion (4 of 5) (#19603) 2023-11-15 10:58:27 -06:00
Semir Patel 4f929f8ff5
unhack: add pre-commit guidelines (#19617) 2023-11-15 10:57:40 -06:00
R.B. Boyer da8700f216
test: fix some multiport deployer bugs and remove a container test already handled by deployer tests (#19614) 2023-11-15 10:26:26 -06:00
Ganesh S 4020c002d6
Add tenancy tests for proxy cfg controller (#19649) 2023-11-15 21:36:08 +05:30
Ganesh S 2e28aecff8
Added tenancy tests for endpoints controller (#19650) 2023-11-15 21:32:26 +05:30
Melisa Griffin 7628fed0a5
Updates GatewayClass protobuf to set optional fields to optional (#19648) 2023-11-15 15:44:53 +00:00
cskh 4ab7adaf54
upgrade test: remove duplicate test case (#19643) 2023-11-15 10:18:25 -05:00
Ashesh Vidyut d68a23aa85
NET 6539 - Add tenancy tests for folder - internal/mesh/internal/controllers/sidecarproxy (#19646)
* Add tenancy tests for folder - internal/mesh/internal/controllers/sidecarproxy

* removed rej files

* added missed out file
2023-11-15 13:49:40 +05:30
Ashesh Vidyut 443461318a
NET 6525 (#19645)
Removed resourcetest func
2023-11-15 06:32:15 +00:00
Ashesh Vidyut fbc2a58733
NET 6442 - Add tenancy to explicit destinations controller (#19644)
Add tenancy to explicit destinations controller
2023-11-15 06:11:56 +00:00
John Murret bc26fbcf2c
notify on go-tests failure on main and release branches. (#19640)
notify on failures in go-tests on main and release branches.
2023-11-15 00:42:28 +00:00
Melisa Griffin 9ca62aaf33
Adds proto for the GatewayClass based on the GAMMA Kubernetes Sig (#19615) 2023-11-14 16:18:20 -05:00
Semir Patel c7307cae6f
unhack: remove consulprem build tag (#19633) 2023-11-14 14:02:18 -06:00
Ganesh S dc42429f1d
Fix ACL permissions for ECS controller (#19636) 2023-11-14 23:55:51 +05:30
am-ak c835c90c0b
[Docs] Update admin-partitions.mdx (#18430)
* [Docs] Update admin-partitions.mdx

Adding a note on DNS queries requiring the presence of a Consul Client in the Admin partition

The consul-dns endpoints are the consul clients and servers as seen In the Helm chart consul/templates/dns-service.yaml
  selector:
    app: {{ template "consul.name" . }}
    release: "{{ .Release.Name }}"
    hasDNS: "true"

all components have the first two labels for app and release but only consul clients and servers have the last one hasDNS so it will only match clients AND servers
grep hasDNS ./* 2> /dev/null
./client-daemonset.yaml:      hasDNS: "true"
./dns-service.yaml:    hasDNS: "true"
./server-statefulset.yaml:        hasDNS: "true"

* Update website/content/docs/enterprise/admin-partitions.mdx

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>

---------

Co-authored-by: trujillo-adam <47586768+trujillo-adam@users.noreply.github.com>
Co-authored-by: Tu Nguyen <im2nguyen@users.noreply.github.com>
2023-11-14 17:11:11 +00:00