Commit Graph

21048 Commits

Author SHA1 Message Date
sarahalsmiller 7d92a5dfd6
Add min/max kubetags to meshgatewaylistener (#20149)
* add kubetags

* generate proto
2024-01-10 19:12:29 +00:00
Nathan Coleman cff5f0ce3b
Fix broken link (#20147) 2024-01-10 13:43:46 -05:00
Semir Patel 25b37d75b0
license: MPL'ify proto-public (#20143) 2024-01-10 11:05:12 -06:00
Dan Stough d52e80b619
[OSS] feat: add experiments flag for v2 dns and skeleton interfaces (#20115)
feat: add experiments flag for v2 dns and skeleton interfaces
2024-01-10 11:19:20 -05:00
Manoj Srinivasamurthy fa6eb61f70
NET-6813: adding resolver default subset test in agentless upgrade test (#20046) 2024-01-10 21:25:50 +05:30
loshz 7724bb88d5
[NET-6593] agent: check for minimum RSA key size (#20112)
* agent: check for minimum RSA key size

* add changelog

* agent: add test for RSA generated key sizes

* use constants in generating priv key func

* update key size error message
2024-01-10 12:15:36 +00:00
Nathan Coleman 670b140d87
[NET-7106] Add kubebuilder validation annotations to ExportedServicesConsumer proto (#20126)
* Add kubebuilder annotations for validation of ExportedServicesConsumer

* Generate proto
2024-01-09 17:27:54 -05:00
Derek Menteer 131ef2a133
Fix broken tests. (#20134) 2024-01-09 14:57:27 -06:00
sarahalsmiller 96790a814c
NET-6822 Add kubebuilder tag to struct (#20120)
add kubebuilder tag
2024-01-09 20:13:32 +00:00
Derek Menteer 6854e1e90d
Fix broken tests. (#20130)
This fixes some tests that were broken, but not caught, due to the CICD
pipeline only running a subset of the overall tests on PRs.
2024-01-09 13:45:29 -06:00
Pascal Hofmann 800279098a
Update gateway.mdx (#20113)
Co-authored-by: David Yu <dyu@hashicorp.com>
2024-01-09 19:02:31 +00:00
Nick Cellino 0deebaf637
Add Link resource type and controller skeleton (#19788)
* Add HCCLink resource type

* Register HCCLink resource type with basic validation

* Add validation for required fields

* Add test for default ACLs

* Add no-op controller for HCCLink

* Add resource-apis semantic validation check in hcclink controller

* Add copyright headers

* Rename HCCLink to Link

* Add hcp_cluster_url to link proto

* Update 'disabled' reason with more detail

* Update link status name to consul.io/hcp/link

* Change link version from v1 to v2

* Use feature flag/experiment to enable v2 resources with HCP
2024-01-09 13:57:59 -05:00
Tyler Wendlandt dbcba7aec7
fix: stop re-clicking dc dropdown in dc-switch test (#20127)
* fix: stop re-clicking dc dropdown in dc-switch test

* fix: keep nspaces dropdown open in manage nspaces test
2024-01-09 11:39:38 -07:00
Ashesh Vidyut 69f775da9a
Fixes issue - 20109 (#20111)
* Fixes #20109

* add @hasA11yRefocus false

* add changelog

* Update ui/packages/consul-ui/app/components/hashicorp-consul/index.hbs

Co-authored-by: Tauhid Anjum <tauhidanjum@gmail.com>

---------

Co-authored-by: Tauhid Anjum <tauhidanjum@gmail.com>
2024-01-09 09:47:48 -07:00
John Maguire c6c2d8bf82
[NET-6426] Modify Reconcile Loop for Mesh Gateway Resources to Correctly Write Proxy State Template (#20085) 2024-01-08 23:26:00 -05:00
Michael Zalimeni 3b111277ad
ci: Single source of truth for Go version in CI and Dockerfile (#20058)
ci: Set Go version consistently via .go-version

Ensure Go version is determined consistently for CI and Docker builds
rather than spread across several different files.

The intent is to eventually replace this with use of the `toolchain`
directive in Go 1.21.
2024-01-08 17:18:41 -05:00
Nathan Coleman 8233303876
Adjust type + field names for ComputedExportedServices (#20030)
Adjust type + field names for ComputedExportedServices

The existing type and field names in `ComputedExportedServices` are confusing to work with.

For example, the mechanics of looping through services and their consumers wind up being:
```go
// The field name here doesn't reflect what is actually at each index of the list
for _, service := range exportedServices.Consumers {
    for _, consumer := range service.Consumers {
        // The prefix matching the type here causes stutter when reading and
        // isn't consistent with naming conventions for tenancy in pbresource
        tenancy := consumer.ConsumerTenancy
    }
}
```
2024-01-08 21:56:45 +00:00
John Murret 21e2bb2a67
Make DNS test run across a matrix of dns and catalog versions. (#20114)
* Make DNS test run across a matrix of dns and catalog versions.

* node tests

* add version hcl config to service lookup tests
2024-01-08 13:14:26 -07:00
Melissa Kam 5dc8eabcce
[CC-7041] Update and start the SCADA provider in HCP manager (#19976)
* Update SCADA provider version

Also update mocks for SCADA provider.

* Create SCADA provider w/o HCP config, then update

Adds a placeholder config option to allow us to initialize a SCADA provider
without the HCP configuration. Also adds an update method to then add the
HCP configuration. We need this to be able to eventually always register a
SCADA listener at startup before the HCP config values are known.

* Pass cloud configuration to HCP manager

Save the entire cloud configuration and pass it to the HCP
manager.

* Update and start SCADA provider in HCP manager

Move config updating and starting to the HCP manager. The HCP manager
will eventually be responsible for all processes that contribute
to linking to HCP.
2024-01-08 09:49:29 -06:00
Ganesh S 0d57acc549
Add sameness group references in exported services controller (#20100) 2024-01-08 11:55:52 +05:30
John Murret c12245be3c
Break up DNS tests into 3 files to help with GH UI and IDE issues. (#20103) 2024-01-05 13:37:27 -07:00
cskh 15b40f36f3
Use safeio to write server metadata file (#20101)
* Use safeio to write server metadata file

* guard the conversion
2024-01-05 14:46:19 -05:00
Dan Stough d2f6a25c28
docs: remove unsupported critical flag from DNS weights (#19801) 2024-01-05 10:28:18 -05:00
Krastin Krastev be414757b1
docs/consul: rename the Vault secret engine for Consul integration (#20049)
* rename the KV secret engine

* update WAN federation guide

* update snapshot-agent doc

* update replication doc

* update partition doc

* update gossip doc

* update ent-license doc

* update bootstrap-token doc

* update index doc

* fix license kv path

* vault kv path explanation for /data/

* Update website/content/docs/k8s/deployment-configurations/vault/data-integration/index.mdx

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>

---------

Co-authored-by: Jeff Boruszak <104028618+boruszak@users.noreply.github.com>
2024-01-05 13:22:56 +02:00
sarahalsmiller a820e9af26
Add listeners to meshgateway spec (#20082)
add listeners to meshgateway
2024-01-04 18:42:32 +00:00
John Murret 7a410d7c5b
NET-6945 - Replace usage of deprecated Envoy field envoy.config.core.v3.HeaderValueOption.append (#20078)
* NET-6945 - Replace usage of deprecated Envoy field envoy.config.core.v3.HeaderValueOption.append

* update proto for v2 and then update xds v2 logic

* add changelog

* Update 20078.txt to be consistent with existing changelog entries

* swap enum values tomatch envoy.
2024-01-04 00:36:25 +00:00
John Murret 55d7e95a3e
Clean up and make the changelog entries consistent for the replacement of Envoy deprecated fields. (#20079)
Clean up and make the changelog entries consistent for the replacement of Envoy deprrecated fields.
2024-01-03 13:31:56 -07:00
Dan Stough 073959866d
feat(v2): add consul service and workloads to catalog (#20077) 2024-01-03 15:14:42 -05:00
cskh 8e2d4e3aaf
upgrade test(LTS): import remaining agent config from usage profile (#19999)
* upgrade test(LTS): import remaining agent config from usage profile
2024-01-03 12:52:49 -05:00
John Murret d925e4b812
NET-6946 / NET-6941 - Replace usage of deprecated Envoy fields envoy.config.route.v3.HeaderMatcher.safe_regex_match and envoy.type.matcher.v3.RegexMatcher.google_re2 (#20013)
* NET-6946 - Replace usage of deprecated Envoy field envoy.config.route.v3.HeaderMatcher.safe_regex_match

* removing unrelated changes

* update golden files

* do not set engine type
2024-01-03 09:53:39 -07:00
cskh 3b94efa8de
Fix upgrade test envoy version (#20075)
* ci: fix envoy version in upgrade test
2024-01-03 11:29:05 -05:00
Valeriia Ruban 44dfbe7dcb
fix: add test which has been removed for metrics to unblock CI (#20009) 2024-01-02 11:21:05 -08:00
Michael Zalimeni a1c0115a74
ci: increase runner size for security scans (#20068)
We've noticed runners appearing to become resource-starved during heavy
CI traffic. While we should try to prevent this by limiting the
scanner's CPU consumption, increasing the runner size should help in the
interim.
2024-01-02 17:53:35 +00:00
hc-github-team-es-release-engineering 0e73c32ac2
[DO NOT MERGE UNTIL EOY] update year in LICENSE and copywrite files (#19780)
update year in LICENSE and copywrite files

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2024-01-02 08:41:12 -08:00
Kumar Kavish 9c8e9cebaa
[NET-6765] Audit the routes controller and add missing tenancy tests (#20016)
- moved resources to different tenancies.
2023-12-28 16:00:18 +05:30
John Murret 2f335113f8
NET-6943 - Replace usage of deprecated Envoy field envoy.config.router.v3.WeightedCluster.total_weight. (#20011) 2023-12-22 19:49:44 +00:00
John Murret 90cd56c5c3
NET-4774 - replace usage of deprecated Envoy field match_subject_alt_names (#19954) 2023-12-22 18:34:44 +00:00
John Murret 21ea5c92fd
NET-6944 - Replace usage of deprecated Envoy field envoy.extensions.filters.http.lua.v3.Lua.inline_code (#20012) 2023-12-22 17:20:41 +00:00
John Murret b9ad0dfa41
NET-7025 - ci: test-integrations failures in compatibility tests. panics occuring in selectionTracker.TrackIDForSelection (#20040)
* ci: test-integrations failures in compatibility tests. panics occuring in selectionTracker.TrackIDForSelection

* Update selection_tracker.go
2023-12-22 16:32:40 +00:00
John Murret 62a07b4204
update makefile, compatibility tests, and nightlies to use latest envoy. (#20048) 2023-12-22 15:56:48 +00:00
John Murret 0f3cc3d631
fix formatting issue in envoy bootstrapping. (#20036) 2023-12-21 15:18:11 -07:00
Nathan Coleman ab60fec15a
[NET-6426] Add gateway proxy controller that generates empty proxy state template (#19901)
* NET-6426 Create ProxyStateTemplate when reconciling MeshGateway resource

* Add TODO for switching fetch method based on gateway type

* Use gateway-kind in workload metadata instead of owner reference

* Create ProxyStateTemplate builder for gatewayproxy controller

* Update to use new controller interface

* Add copyright headers

* Set correct name for ProxyStateTemplate identity reference

* Generate empty ProxyStateTemplate by fetching MeshGateway

This cheats and looks up the MeshGateway directly. In the future, we will need a Workload => xGateway mapper

* Specify owner reference when writing ProxyStateTemplate

* Update dependency mapper to account for multiple controllers per resource type

* Regenerate v2 resource dependencies map

* Add helpful trace logs, tag TODOs with ticket identifiers
2023-12-21 16:37:47 -05:00
John Murret a19df32fa5
NET-6942 - Replace usage of deprecated Envoy field envoy.config.cluster.v3.Cluster.http_protocol_options. (#20010)
* NET-6942 - Replace usage of deprecated Envoy field envoy.config.cluster.v3.Cluster.http_protocol_options.

* add changelog
2023-12-21 15:41:05 -05:00
Michael Zalimeni fe10339caa
[NET-7009] security: update x/crypto to 0.17.0 (#20023)
security: update x/crypto to 0.17.0

This addresses CVE-2023-48795 (x/crypto/ssh).
2023-12-21 20:11:19 +00:00
David Yu e7c7bc74c4
Dockerfile: bump up to `ubi-minimal:9.3` (#20014)
* Update Dockerfile
2023-12-21 11:55:20 -08:00
Nathan Coleman 874e68f1eb
[NET-6899] Create name-aligned Service when reconciling MeshGateway resource (#19900)
* NET-6899 Create name-aligned Service when reconciling MeshGateway resource

The Service has an owner reference added to it indicating that it belongs to a MeshGateway

* Specify port list when creating Service

* Use constants, add TODO w/ ticket reference

* Include gateway-kind in metadata of Service resource
2023-12-21 13:26:25 -05:00
Michael Zalimeni d0bc091a60
[NET-6969] security: Re-enable Go Module + secrets security scans for release branches (#19978)
* security: re-enable security scan release block

This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.

* security: run security scans on main and release branches
2023-12-21 15:11:05 +00:00
Valeriia Ruban a87ab8b093
feat: updated github checks with frontend-test-ce end frontend-test-e… (#19995) 2023-12-20 12:47:24 -08:00
Nitya Dhanushkodi 9975b8bd73
[NET-5455] Allow disabling request and idle timeouts with negative values in service router and service resolver (#19992)
* add coverage for testing these timeouts
2023-12-19 15:36:07 -08:00
wangxinyi7 013bcefe5c
grpc client in tls mode (#19680)
* client in tls mode
2023-12-19 10:04:55 -08:00