status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
12,059 Commits 445 Branches 179 Tags 481 MiB
Commit Graph

12059 Commits

Author SHA1 Message Date
Mike Morris ceb4a9874e
ci(1.8.x): update to Go 1.14.13 (#9374) 2021-01-04 12:56:21 -05:00
hashicorp-ci 78d344c95e Putting source back into Dev Mode 2020-12-10 23:23:31 +00:00
hashicorp-ci cbe8f01e9a
Release v1.8.7 2020-12-10 21:46:52 +00:00
hashicorp-ci bf98530f78
update bindata_assetfs.go 2020-12-10 21:46:51 +00:00
Mike Morris 86be641c3d changelog: add unreleased v1.8.7 entries, remove v1.8.7-beta1 section 2020-12-10 15:57:06 -05:00
R.B. Boyer 0ecd16a382
acl: global tokens created by auth methods now correctly replicate to secondary datacenters (#9363) 
Previously the tokens would fail to insert into the secondary's state
store because the AuthMethod field of the ACLToken did not point to a
known auth method from the primary.

Backport of #9351 to 1.8.x
 2020-12-10 08:35:48 -06:00
Matt Keeler 8f79c50dff Add changelog for fixing the namespace replication bug from #9271 (#9347) 2020-12-08 17:05:27 +00:00
Mike Morris 6800906334 changelog: update 1.8.0 goroutine leak to note increasing memory usage (#9328) 2020-12-04 17:48:22 +00:00
hashicorp-ci c7189780ea Putting source back into Dev Mode 2020-12-03 20:17:03 +00:00
hashicorp-ci de692123db
Release v1.8.7-beta1 2020-12-03 19:11:42 +00:00
hashicorp-ci 0b1d1323d7
update bindata_assetfs.go 2020-12-03 19:11:42 +00:00
Mike Morris aa7f8baecc changelog: add entries for unreleased 1.8.7-beta1 2020-12-03 14:03:41 -05:00
Mike Morris 893b34cf70 changelog: add entry for fixing active CA root unset (#9323) 2020-12-03 18:45:48 +00:00
Mike Morris d691d6774f changelog: add entries for secondary datacenter CA fixes (#9322) 2020-12-03 18:34:11 +00:00
Alvin Huang 52dfa58230 [skip ci] ci: fix trigger-oss-merge yaml spacing (#8916) 2020-12-02 17:57:37 -05:00
Alvin Huang 561636d503 add per commit oss->ent merge on master and release branches (#8740) 2020-12-02 17:54:08 -05:00
Kyle Havlovitz e51bd34952 Merge pull request #9318 from hashicorp/ca-update-followup 
connect: Fix issue with updating config in secondary
 2020-12-02 20:18:32 +00:00
Kyle Havlovitz 31199ca426
Merge pull request #9299 from hashicorp/1.8.x-update-secondary-ca 
Backport #9009 to 1.8.x
 2020-12-02 11:35:09 -08:00
Kyle Havlovitz 6e62166f6d Merge pull request #9009 from hashicorp/update-secondary-ca 
connect: Fix an issue with updating CA config in a secondary datacenter
 2020-11-30 16:13:12 -08:00
Freddy 5d7158023e
Merge release/1.8.6 back into release/1.8.x 2020-11-19 15:59:04 -07:00
freddygv 545e7379ee Merge branch 'release/1.8.x' into release/1.8.6 2020-11-19 15:45:37 -07:00
hashicorp-ci 4428e3d31e Putting source back into Dev Mode 2020-11-19 22:18:18 +00:00
hashicorp-ci 2fa535b58c
Release v1.8.6 2020-11-19 20:56:51 +00:00
hashicorp-ci 8967edad2a
update bindata_assetfs.go 2020-11-19 20:56:50 +00:00
freddygv 5a961ef68f Update changelog 2020-11-19 13:34:36 -07:00
Freddy 8ed789766b Require operator:write to get Connect CA config (#9240) 
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
 2020-11-19 13:21:51 -07:00
Freddy cfd72af36c Require operator:write to get Connect CA config (#9240) 
A vulnerability was identified in Consul and Consul Enterprise (“Consul”) such that operators with `operator:read` ACL permissions are able to read the Consul Connect CA configuration when explicitly configured with the `/v1/connect/ca/configuration` endpoint, including the private key. This allows the user to effectively privilege escalate by enabling the ability to mint certificates for any Consul Connect services. This would potentially allow them to masquerade (receive/send traffic) as any service in the mesh.

--

This PR increases the permissions required to read the Connect CA's private key when it was configured via the `/connect/ca/configuration` endpoint. They are now `operator:write`.
 2020-11-19 17:15:23 +00:00
Matt Keeler 14cb672790 Add changelog entry for namespace licensing fix (#9203) 2020-11-16 20:46:34 +00:00
Mike Morris 6138ed20f0
ci(backport-1.8): publish static assets (#9166) 
* ci:add check for bindata_assetfs changes (#8712)

Co-authored-by: John Cowen <jcowen@hashicorp.com>
Co-authored-by: hashicorp-ci <hashicorp-ci@users.noreply.github.com>

* Merge pull request #8776 from hashicorp/ci/fix-auto-bindata

commit a new bindata file if there are changes

* add git config for static assets (#8777)

* add commit sha to static-asset auto commit

* ci: fix bindata autoupdate (#8801)

* update bindata on ui-v2/ changes

* ci: publish bindata_assetfs.go for all release/.x branches (#9158)

Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>
Co-authored-by: John Cowen <jcowen@hashicorp.com>
Co-authored-by: hashicorp-ci <hashicorp-ci@users.noreply.github.com>
Co-authored-by: Daniel Nephin <dnephin@hashicorp.com>
 2020-11-16 14:40:51 -05:00
Mike Morris 7df79f0988
chore(backport): use HashiCorp Docker mirror (#9167) 
* chore: backport Docker mirror for Envoy integration tests

* use hashicorp docker mirror in envoy helper (#9080)

* use hashicorp docker mirror to prevent rate limit (#9070)

Co-authored-by: R.B. Boyer <rb@hashicorp.com>
Co-authored-by: Alvin Huang <17609145+alvin-huang@users.noreply.github.com>
 2020-11-11 18:31:40 -05:00
Matt Keeler 0c2eea2918
Backport #9156 to 1.8.x (#9164) 
The Catalog, Config Entry, KV and Session resources potentially re-validate the input as its coming in. We need to prevent snapshot restoration failures due to missing namespaces or namespaces that are being deleted in enterprise.
 2020-11-11 15:12:10 -05:00
Daniel Nephin 95ed6ec143 Merge pull request #8976 from joel0/wrap-eof 
Wrap rpc error object
 2020-11-11 16:51:48 +00:00
Daniel Nephin 52f8ada38e Merge pull request #9149 from joel0/wrap-errors 
Use error wrapping to preserve error type info
 2020-11-10 23:27:48 +00:00
Mike Morris 76417b2460 chore: update to Go 1.14.11 2020-11-09 16:22:01 -05:00
R.B. Boyer a9269c2c07 wait_for_namespace should take two args (#9086) 2020-11-02 21:58:25 +00:00
R.B. Boyer 8acca3b261 fix envoy integ test wait_for_namespace to actually work on CI (#9082) 2020-11-02 21:57:14 +00:00
Mike Morris c45fc85b94 changelog: add note for licensing bug fix to 1.8.5 2020-11-02 12:09:23 -05:00
Matt Keeler b1aee0a1ed Create _619.txt 2020-11-02 12:05:30 -05:00
R.B. Boyer cfa5908c8d add namespace waiting function to envoy integration tests (#9051) 2020-10-28 18:24:07 +00:00
Kyle Havlovitz b72e11aa9c Merge pull request #9053 from hashicorp/vault-token-lookupself 
connect: Use the lookup-self endpoint for Vault token
 2020-10-27 21:34:37 +00:00
Kevin Pruett b3ec64c23f Merge pull request #9021 from hashicorp/pruett.alertbanner-exp 
Expose `expirationDate` prop in <AlertBanner/>
 2020-10-26 20:13:49 +00:00
Kim Ngo 6cbc41d5b5 NIA: add Terraform version compatibility (#9023) 2020-10-26 14:47:50 +00:00
Mike Morris aca865adc3
Merge pull request #9027 from hashicorp/release/1.8.5 
Merge back release/1.8.5
 2020-10-23 18:35:26 -04:00
Mike Morris 3848804bc8 changelog: fixup formatting for 8774.txt 2020-10-23 17:19:41 -04:00
hashicorp-ci 18e8949c6f Putting source back into Dev Mode 2020-10-23 21:08:15 +00:00
hashicorp-ci 1e03567d33
Release v1.8.5 2020-10-23 20:32:14 +00:00
hashicorp-ci 90324f1bac
update bindata_assetfs.go 2020-10-23 20:32:13 +00:00
Mike Morris 8e371c9fd6 changelog: add unreleased entries for 1.8.5 2020-10-23 16:15:09 -04:00
Mike Morris 3bf05fd6e3 changelog: fixup CVE link for 9024.txt 2020-10-23 16:13:36 -04:00
Mike Morris acfd9fbfea changelog: fixup note.tmpl syntax 2020-10-23 16:10:58 -04:00