Commit Graph

53 Commits

Author SHA1 Message Date
Michael Zalimeni 86b0818c1f
[NET-8601] security: upgrade vault/api to remove go-jose.v2 (#20910)
security: upgrade vault/api to remove go-jose.v2

This dependency has an open vulnerability (GO-2024-2631), and is no
longer needed by the latest `vault/api`. This is a follow-up to the
upgrade of `go-jose/v3` in this repository to make all our dependencies
consolidate on v3.

Also remove the recently added security scan triage block for
GO-2024-2631, which was added due to incorrect reports that
`go-jose/v3@3.0.3` was impacted; in reality, is was this indirect
client dependency (not impacted by CVE) that the scanner was flagging. A
bug report has been filed to address the incorrect reporting.
2024-05-04 00:18:51 +00:00
Deniz Onur Duzgun 8209b3ff86
security: fine-tune release scanner and bump coredns (#21038)
* security: bump coredns

* add changelog

* Revert "security: bump coredns"

This reverts commit dcca09d83e89b6d5a4f03106e86d72a2b791001d.

* security: bump coredns

* fine-tune security scanner on release

* dismiss changelog
2024-05-03 15:09:40 -04:00
Michael Zalimeni cc959dcdf4
security: triage false positive for go-jose/v3 (#20901)
Per https://osv.dev/vulnerability/GO-2024-2631 this vulnerability is not
present in the version currently used (go-jose/v3@3.0.3).
2024-03-26 21:27:50 +00:00
Michael Zalimeni f942f2dc18
security: fix syntax for release scan config (#20279)
Correct syntax errors introduced in #20264.
2024-01-19 17:08:54 +00:00
Michael Zalimeni b03d770dc3
security: disable Vault secret scans due to false positives (#20264)
This was recently shown to have issues with false positives that blocked
a preview release build, so disabling for now.
2024-01-19 04:00:54 +00:00
Michael Zalimeni d0bc091a60
[NET-6969] security: Re-enable Go Module + secrets security scans for release branches (#19978)
* security: re-enable security scan release block

This was previously disabled due to an unresolved false-positive CVE.
Re-enabling both secrets and OSV + Go Modules scanning, which per our
current scan results should not be a blocker to future releases.

* security: run security scans on main and release branches
2023-12-21 15:11:05 +00:00
Semir Patel 53e28a4963
OSS -> CE (community edition) changes (#18517) 2023-08-22 09:46:03 -05:00
hashicorp-copywrite[bot] 5fb9df1640
[COMPLIANCE] License changes (#18443)
* Adding explicit MPL license for sub-package

This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.

* Adding explicit MPL license for sub-package

This directory and its subdirectories (packages) contain files licensed with the MPLv2 `LICENSE` file in this directory and are intentionally licensed separately from the BSL `LICENSE` file at the root of this repository.

* Updating the license from MPL to Business Source License

Going forward, this project will be licensed under the Business Source License v1.1. Please see our blog post for more details at <Blog URL>, FAQ at www.hashicorp.com/licensing-faq, and details of the license at www.hashicorp.com/bsl.

* add missing license headers

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

* Update copyright file headers to BUSL-1.1

---------

Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
2023-08-11 09:12:13 -04:00
Ashesh Vidyut 47d445d680
Envoy Integration Test Windows (#18007)
* [CONSUL-395] Update check_hostport and Usage (#40)

* [CONSUL-397] Copy envoy binary from Image (#41)

* [CONSUL-382] Support openssl in unique test dockerfile (#43)

* [CONSUL-405] Add bats to single container (#44)

* [CONSUL-414] Run Prometheus Test Cases and Validate Changes (#46)

* [CONSUL-410] Run Jaeger in Single container (#45)

* [CONSUL-412] Run test-sds-server in single container (#48)

* [CONSUL-408] Clean containers (#47)

* [CONSUL-384] Rebase and sync fork (#50)

* [CONSUL-415] Create Scenarios Troubleshooting Docs (#49)

* [CONSUL-417] Update Docs Single Container (#51)

* [CONSUL-428] Add Socat to single container (#54)

* [CONSUL-424] Replace pkill in kill_envoy function (#52)

* [CONSUL-434] Modify Docker run functions in Helper script (#53)

* [CONSUL-435] Replace docker run in set_ttl_check_state & wait_for_agent_service_register functions (#55)

* [CONSUL-438] Add netcat (nc) in the Single container Dockerfile (#56)

* [CONSUL-429] Replace Docker run with Docker exec (#57)

* [CONSUL-436] Curl timeout and run tests (#58)

* [CONSUL-443] Create dogstatsd Function (#59)

* [CONSUL-431] Update Docs Netcat (#60)

* [CONSUL-439] Parse nc Command in function (#61)

* [CONSUL-463] Review curl Exec and get_ca_root Func (#63)

* [CONSUL-453] Docker hostname in Helper functions (#64)

* [CONSUL-461] Test wipe volumes without extra cont (#66)

* [CONSUL-454] Check ports in the Server and Agent containers (#65)

* [CONSUL-441] Update windows dockerfile with version (#62)

* [CONSUL-466] Review case-grpc Failing Test (#67)

* [CONSUL-494] Review case-cfg-resolver-svc-failover (#68)

* [CONSUL-496] Replace docker_wget & docker_curl (#69)

* [CONSUL-499] Cleanup Scripts - Remove nanoserver (#70)

* [CONSUL-500] Update Troubleshooting Docs (#72)

* [CONSUL-502] Pull & Tag Envoy Windows Image (#73)

* [CONSUL-504] Replace docker run in docker_consul (#76)

* [CONSUL-505] Change admin_bind

* [CONSUL-399] Update envoy to 1.23.1 (#78)

* [CONSUL-510] Support case-wanfed-gw on Windows (#79)

* [CONSUL-506] Update troubleshooting Documentation (#80)

* [CONSUL-512] Review debug_dump_volumes Function (#81)

* [CONSUL-514] Add zipkin to Docker Image (#82)

* [CONSUL-515] Update Documentation (#83)

* [CONSUL-529] Support case-consul-exec (#86)

* [CONSUL-530] Update Documentation (#87)

* [CONSUL-530] Update default consul version 1.13.3

* [CONSUL-539] Cleanup (#91)

* [CONSUL-546] Scripts Clean-up (#92)

* [CONSUL-491] Support admin_access_log_path value for Windows (#71)

* [CONSUL-519] Implement mkfifo Alternative (#84)

* [CONSUL-542] Create OS Specific Files for Envoy Package (#88)

* [CONSUL-543] Create exec_supported.go (#89)

* [CONSUL-544] Test and Build Changes (#90)

* Implement os.DevNull

* using mmap instead of disk files

* fix import in exec-unix

* fix nmap open too many arguemtn

* go fmt on file

* changelog file

* fix go mod

* Update .changelog/17694.txt

Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>

* different mmap library

* fix bootstrap json

* some fixes

* chocolatey version fix and image fix

* using different library

* fix Map funciton call

* fix mmap call

* fix tcp dump

* fix tcp dump

* windows tcp dump

* Fix docker run

* fix tests

* fix go mod

* fix version 16.0

* fix version

* fix version dev

* sleep to debug

* fix sleep

* fix permission issue

* fix permission issue

* fix permission issue

* fix command

* fix command

* fix funciton

* fix assert config entry status command not found

* fix command not found assert_cert_has_cn

* fix command not found assert_upstream_missing

* fix command not found assert_upstream_missing_once

* fix command not found get_upstream_endpoint

* fix command not found get_envoy_public_listener_once

* fix command not found

* fix test cases

* windows integration test workflow github

* made code similar to unix using npipe

* fix go.mod

* fix dialing of npipe

* dont wait

* check size of written json

* fix undefined n

* running

* fix dep

* fix syntax error

* fix workflow file

* windows runner

* fix runner

* fix from json

* fix runs on

* merge connect envoy

* fix cin path

* build

* fix file name

* fix file name

* fix dev build

* remove unwanted code

* fix upload

* fix bin name

* fix path

* checkout current branch

* fix path

* fix tests

* fix shell bash for windows sh files

* fix permission of run-test.sh

* removed docker dev

* added shell bash for tests

* fix tag

* fix win=true

* fix cd

* added dev

* fix variable undefined

* removed failing tests

* fix tcp dump image

* fix curl

* fix curl

* tcp dump path

* fix tcpdump path

* fix curl

* fix curl install

* stop removing intermediate containers

* fix tcpdump docker image

* revert -rm

* --rm=false

* makeing docker image before

* fix tcpdump

* removed case consul exec

* removed terminating gateway simple

* comment case wasm

* removed data dog

* comment out upload coverage

* uncomment case-consul-exec

* comment case consul exec

* if always

* logs

* using consul 1.17.0

* fix quotes

* revert quotes

* redirect to dev null

* Revert version

* revert consul connect

* fix version

* removed envoy connect

* not using function

* change log

* docker logs

* fix logs

* restructure bad authz

* rmeoved dev null

* output

* fix file descriptor

* fix cacert

* fix cacert

* fix ca cert

* cacert does not work in windows curl

* fix func

* removed docker logs

* added sleep

* fix tls

* commented case-consul-exec

* removed echo

* retry docker consul

* fix upload bin

* uncomment consul exec

* copying consul.exe to docker image

* copy fix

* fix paths

* fix path

* github workspace path

* latest version

* Revert "latest version"

This reverts commit 5a7d7b82d9e7553bcb01b02557ec8969f9deba1d.

* commented consul exec

* added ssl revoke best effort

* revert best effort

* removed unused files

* rename var name and change dir

* windows runner

* permission

* needs setup fix

* swtich to github runner

* fix file path

* fix path

* fix path

* fix path

* fix path

* fix path

* fix build paths

* fix tag

* nightly runs

* added matrix in github workflow, renamed files

* fix job

* fix matrix

* removed brackes

* from json

* without using job matrix

* fix quotes

* revert job matrix

* fix workflow

* fix comment

* added comment

* nightly runs

* removed datadog ci as it is already measured in linux one

* running test

* Revert "running test"

This reverts commit 7013d15a23732179d18ec5d17336e16b26fab5d4.

* pr comment fixes

* running test now

* running subset of test

* running subset of test

* job matrix

* shell bash

* removed bash shell

* linux machine for job matrix

* fix output

* added cat to debug

* using ubuntu latest

* fix job matrix

* fix win true

* fix go test

* revert job matrix

---------

Co-authored-by: Jose Ignacio Lorenzo <74208929+joselo85@users.noreply.github.com>
Co-authored-by: Franco Bruno Lavayen <cocolavayen@gmail.com>
Co-authored-by: Ivan K Berlot <ivanberlot@gmail.com>
Co-authored-by: Ezequiel Fernández Ponce <20102608+ezfepo@users.noreply.github.com>
Co-authored-by: joselo85 <joseignaciolorenzo85@gmail.com>
Co-authored-by: Ezequiel Fernández Ponce <ezequiel.fernandez@southworks.com>
Co-authored-by: Dhia Ayachi <dhia@hashicorp.com>
2023-07-21 20:26:00 +05:30
Dave Rawks a55d368a0e
Resolves issue-16844 - systemd notify by default (#16845)
* updates `consul.service` systemd service unit to use `Type=notify` to
  resolve issue #16844
* add changelog update to match
2023-06-02 10:04:48 -07:00
Nathan Coleman d61f3dafac
Remove version bump from CRT workflow (#16728)
This bumps the version to reflect the next patch release; however, we use a specific branch for each patch release and so never wind up cutting a release directly from the `release/1.15.x` (for example) where this is intended to work.
2023-03-23 11:21:27 -05:00
Ronald e818fdead0
Copyright headers for config files git + circleci (#16703)
* Copyright headers for config files git + circleci

* Release folder copyright headers
2023-03-22 09:17:19 -04:00
claire labry ab0d43e7f4
add back staging bits (#16411) 2023-02-23 19:39:40 -06:00
claire labry 590ae5fa5c
Onboard consul to use new version/VERSION file and reproducible actions (#15631)
* Onboard consul to use new .release/VERSION file and reproducible actions-go-build

* Onboard consul to use new .release/VERSION file and reproducible actions

* Onboard consul to use new .release/VERSION file and reproducible actions

* fix to consul

* Onboard consul to use new .release/VERSION file and reproducible actions

* Onboard consul to use new .release/VERSION file and reproducible actions

* Onboard consul to use new .release/VERSION file and reproducible actions

* test out ent changes

* just or testing

* Added setup go for build ui

* try removing VERSION file out of .release dir

* add checkout action for build ui and update checkout version

* try no -dev marker

* try removing extra ldflags

* test version

* add back in setup-go step?

* Update utils.js

read from static VERSION file

* remove actions-setup go

* add 1.15.0-dev

* Using prepare workflow for pre-stable channel workflow

* Test prepare workflow

* Remove set-product-version branch from release pipeline

* Use METADATA in environment

* Correct env vars

* Remove current branch from build trigger list

Co-authored-by: emilymianeil <emilymianeil@gmail.com>
Co-authored-by: Sarah <sthompson@hashicorp.com>
Co-authored-by: hc-github-team-nomad-core <github-team-nomad-core@hashicorp.com>
Co-authored-by: emily neil <63985869+emilymianeil@users.noreply.github.com>
2023-01-05 12:16:47 -08:00
Mariano Asselborn 2bb2846790
Enable ironbank integration (#14931) 2022-10-11 10:27:06 -04:00
claire labry 7b2691ec34
Merge pull request #13790 from hashicorp/post-publish-website
introduces the post publish website event
2022-08-08 10:55:11 -05:00
Evan Culver ca5d2e1c00
ci: Use pattern for CRT release branch config (#13955) 2022-08-01 12:56:55 -07:00
Claire Labry dab4911d04
introduces the post publish website event 2022-07-18 11:29:10 -04:00
Michele Degges c4e45bc6c8
[CI-only] Support fossa scanning (#13694) 2022-07-14 13:02:13 -07:00
Michele Degges 977c6e58de
Turn off sec-scanner check (#13614) 2022-06-27 15:52:51 -07:00
Michele Degges 407cd332ff
[CI-only] Support UBI images (#13232)
Co-authored-by: David Yu <dyu@hashicorp.com>
2022-05-26 09:49:47 -07:00
Michele Degges b4ea16dd83
[CI-only] Build and publish dev dockerhub images (#13084) 2022-05-17 12:23:03 -07:00
Claire Labry 561221a343
Add config key to the promote-staging event 2022-05-03 11:58:14 -04:00
Claire Labry c0d5fa1bdc
add notarize darwin arm64 workflow 2022-04-25 16:48:34 -04:00
Natalie Smith 0a310188f8 docs: fix yet more references to agent/options 2022-04-11 17:38:49 -07:00
Mark Anderson 26b554cd04 Update branch list
Signed-off-by: Mark Anderson <manderson@hashicorp.com>
2022-04-06 09:26:41 -07:00
Michele Degges 535edfa247
[RelAPI Onboarding] Add release API metadata file (#12591) 2022-03-28 13:45:53 -07:00
mrspanishviking 7180c99960
Revert "[Docs] Agent configuration hierarchy " 2022-03-15 16:13:58 -07:00
trujillo-adam 4151dc097a fixing merge conflicts part 3 2022-03-15 15:25:03 -07:00
trujillo-adam 76d55ac2b4 merging new hierarchy for agent configuration 2022-03-14 15:44:41 -07:00
Sarah cd601bc04d
Adding post-publish events to ci.hcl. 2022-02-17 16:54:36 +00:00
Michele Degges 862ca16301
Update security scanner (#12281) 2022-02-07 12:53:46 -08:00
Michele Degges d032fb52a2
Merge branch 'main' into fix-broken-dockerfile 2022-02-04 12:30:20 -08:00
Claire Labry 12fc63d11c
clean up from testing 2022-02-04 14:59:30 -05:00
Claire Labry 092a27e84d
turning go modules to false due to jwt issue 2022-02-04 14:22:25 -05:00
Claire Labry 20e4f73649
reverting changes for the container + binary blocks 2022-02-04 14:05:28 -05:00
Claire Labry 63e80e53fb
Merge branch 'enable-security-scan' of github.com:hashicorp/consul into enable-security-scan 2022-02-04 10:23:38 -05:00
Claire Labry b62c3b4fbc
updating the binary and container blocks in security-scan file 2022-02-04 10:22:37 -05:00
Michele Degges 0827c94222 chmod +x on the sh file 2022-02-03 13:10:42 -08:00
claire labry 985ac9f185
Merge branch 'main' into enable-security-scan 2022-02-02 13:36:48 -05:00
JG d433a9d085
packaging: fix issues in pre/postremove scripts (#12147)
Fixes several issues with the pre/postremove scripts for both rpm and
deb packages. Specifically:

For postremove:
- the postremove script now functions correctly (i.e. restarts consul
  after a package upgrade) on rpm-based systems (where $1 is numeric
  rather than `purge` or `upgrade`)
- `systemctl daemon-reload` is called on package removal (rather than
  only on upgrade)
- calls `systemctl try-restart` instead of `systemctl restart`, which
  will only (re)start consul if it was already running when the upgrade
  happened.

For preremove:
- if the package is being completely uninstalled (rather than upgraded),
  stop consul before removing the package
2022-02-01 12:07:18 -08:00
Michele Degges 282b662641 Don't kill service if envfile isn't present 2022-01-24 12:13:14 -08:00
Michele Degges a4fe5362ed Add missing consul.env file for linux packaging 2022-01-21 13:43:21 -08:00
Claire Labry d66f4da7f0
clean up after testing 2022-01-06 09:43:35 -05:00
Claire Labry 1e9b621b00
testing out turining go modules false 2021-12-17 10:20:52 -05:00
Claire Labry 61eca6513b
enabling security scan for CRT 2021-12-16 11:49:22 -05:00
99 8fb999b2e0
Update .release/ci.hcl
Co-authored-by: Scott Macfarlane <36851+smacfarlane@users.noreply.github.com>
2021-11-09 01:46:34 -08:00
99 6b6557cb2b
Add rpm signing workflow 2021-11-03 10:11:32 -07:00
99 1732861848 Update release branch to 1.11.x 2021-10-27 14:14:02 -07:00
99 34d62a9c85 Final fixes 2021-10-26 23:21:04 -07:00