Commit Graph

77 Commits

Author SHA1 Message Date
sarahalsmiller 32ce33825d
[Security] Secvuln 8633 Consul configuration allowed repeated keys (#21908)
* upgrade hcl package and account for possiblity of duplicates existing already in the cache

* upgrade to new tag

* add defensive line to prevent potential forever loop

* o mod tidy and changelog

* Update acl/policy.go

* fix raft reversion

* go mod tidy

* fix test

* remove duplicate key in test

* remove duplicates from test cases

* clean up

* go mod tidy

* go mod tidy

* pull in new hcl tag
2024-11-14 09:57:08 -06:00
Dhia Ayachi 39104a3ce1
Update raft to 1.7.0 and add configuration for prevote (#21758)
* update raft to 1.7.0

* add config to disable raft prevote

* add changelog
2024-09-20 10:35:48 -04:00
sarahalsmiller 30b5ffa281
Hard update all 1.3 dataplane to 1.6 (#21728)
* hard update all 1.3 dataplane to 1.6

* update 1.5 image
2024-09-13 11:30:25 -05:00
sarahalsmiller 320b708b9f
Bump Envoy, remove support for unsupported versions (#21616)
* bump envoy

* changelog

* drop breaking change note

* update docs

* udpate port tests
2024-09-12 15:32:18 +00:00
John Murret ab794b59f8
update version, changelog, and submodules after 1.19.2, 1.18.4, 1.17.7 and 1.15.14 releases (#21676)
* update changelog

* Update CHANGELOG.md

* remove duplicate 1.19.1 section

* update version

* update go.mod with most recent modules
2024-08-28 09:39:12 -06:00
sarahalsmiller f3649e16a7
NET-10288-Bump-go-to-resolve-CVE-2024-24791 (#21507)
* bump go version

* changelog

* Update .changelog/21507.txt

* Update go.mod

Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>

* go mod tidy

---------

Co-authored-by: Deniz Onur Duzgun <59659739+dduzgun-security@users.noreply.github.com>
2024-07-03 12:47:20 -05:00
sarahalsmiller 6f31bfebbe
Update retryable-http-client to resolve CVE-2024-6104 (#21384)
* update retryable-http-client

* changelog
2024-07-02 10:12:13 -05:00
Michael Zalimeni 9e23fa7840
[NET-9445] chore: update submodule versions (#21263)
chore: update submodule versions

- Update submodule versions that were released
- Add missing replace directive to troubleshoot submodule
2024-06-05 13:31:43 -04:00
R.B. Boyer 50b26aa56a
deployer: remove catalog/mesh v2 support (#21194)
- Low level plumbing for resources is still retained for now.
- Retain "Workload" terminology over "Service".
- Revert "Destination" terminology back to "Upstream".
- Remove TPROXY support as it only worked for v2.
2024-05-21 14:52:19 -05:00
R.B. Boyer 502346029d
test: remove v2 integration tests (#21056)
This removes any references to v2 integration tests from:

- envoy integration tests (test/integration/connect)
- container tests (test/integration/consul-container)
- deployer tests (test-integ)
2024-05-07 10:24:50 -05:00
Michael Zalimeni 86b0818c1f
[NET-8601] security: upgrade vault/api to remove go-jose.v2 (#20910)
security: upgrade vault/api to remove go-jose.v2

This dependency has an open vulnerability (GO-2024-2631), and is no
longer needed by the latest `vault/api`. This is a follow-up to the
upgrade of `go-jose/v3` in this repository to make all our dependencies
consolidate on v3.

Also remove the recently added security scan triage block for
GO-2024-2631, which was added due to incorrect reports that
`go-jose/v3@3.0.3` was impacted; in reality, is was this indirect
client dependency (not impacted by CVE) that the scanner was flagging. A
bug report has been filed to address the incorrect reporting.
2024-05-04 00:18:51 +00:00
John Murret d261a987f1
update go-control-plane envoy dependency to 0.12.0 (#20973)
* update go-control-plane envoy dependency to 0.12.0

* add changelog

* go mod tidy

* fix linting issues

* add agent/grpc-internal to the list of SA1019 ignores
2024-04-10 01:23:04 +00:00
Deniz Onur Duzgun 3152ac3702
security: bump go, x/net and envoy versions (#20956)
* Bump go version

* Bump x/net

* Bump envoy version

* Add changelog

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
2024-04-08 19:18:40 +00:00
Chris S. Kim f3f2175edd
Update go-jose library (#20888) 2024-03-22 10:54:58 -04:00
Michael Zalimeni d4761c0ccd
security: upgrade google.golang.org/protobuf to 1.33.0 (#20801)
Resolves CVE-2024-24786.
2024-03-06 23:04:42 +00:00
mallikabandaru 1522678da8
replicated the changes made in ent repo for consistency (#20781)
* replicated the changes made in ent repo for consistency

* incorporated review comments
2024-03-06 09:29:54 +00:00
Nathan Coleman 2456fe5148
[NET-7657] Remove proto definitions for GatewayClass + GatewayClassConfig (#20523) 2024-02-07 16:53:39 -05:00
skpratt 57bad0df85
add traffic permissions excludes and tests (#20453)
* add traffic permissions tests

* review fixes

* Update internal/mesh/internal/controllers/sidecarproxy/builder/local_app.go

Co-authored-by: John Landa <jonathanlanda@gmail.com>

---------

Co-authored-by: John Landa <jonathanlanda@gmail.com>
2024-02-07 20:21:44 +00:00
Matt Keeler 34a32d4ce5
Remove V2 PeerName field from pbresource.Tenancy (#19865)
The peer name will eventually show up elsewhere in the resource. For now though this rips it out of where we don’t want it to be.
2024-01-29 15:08:31 -05:00
Nitya Dhanushkodi 92aab7ea31
[NET-5586][rebased] v2: Support virtual port references in config (#20371)
[OG Author: michael.zalimeni@hashicorp.com, rebase needed a separate PR]

* v2: support virtual port in Service port references

In addition to Service target port references, allow users to specify a
port by stringified virtual port value. This is useful in environments
such as Kubernetes where typical configuration is written in terms of
Service virtual ports rather than workload (pod) target port names.

Retaining the option of referencing target ports by name supports VMs,
Nomad, and other use cases where virtual ports are not used by default.

To support both uses cases at once, we will strictly interpret port
references based on whether the value is numeric. See updated
`ServicePort` docs for more details.

* v2: update service ref docs for virtual port support

Update proto and generated .go files with docs reflecting virtual port
reference support.

* v2: add virtual port references to L7 topo test

Add coverage for mixed virtual and target port references to existing
test.

* update failover policy controller tests to work with computed failover policy and assert error conditions against FailoverPolicy and ComputedFailoverPolicy resources

* accumulate services; don't overwrite them in enterprise

---------

Co-authored-by: Michael Zalimeni <michael.zalimeni@hashicorp.com>
Co-authored-by: R.B. Boyer <rb@hashicorp.com>
2024-01-29 10:43:41 -08:00
cskh 528147e5ad
upgrade test: run validation func at every node during upgrade (#20293)
* upgrade test: run validation func at every node during upgrade

* add 3 servers in each cluster
2024-01-22 18:35:06 -05:00
Nick Cellino fe678e9da1
Sync cluster attributes from GNM to Link resource (#20158)
* Add 'GetCluster' function to HCP client

* Sync cluster data inside Link controller

* Add access mode to HCP Link

* Sync AccessLevel property

* Fix imports and remove outdated comments

* Switch accessMode to access level

* Add comment around HCPClientFn

* Fix spacing in link.proto

* Add helper for writing status. Fix reconciliation loop
2024-01-19 10:02:55 -05:00
cskh 539659508a
upgrade test: call validation func during upgrade (#20258) 2024-01-18 17:04:06 -05:00
cskh 748458a07b
upgrade test (LTS): utility functions to support ent users (#20186)
* upgrade test (LTS): utility functions to support ent users

* go mod tidy

* add comment
2024-01-12 18:35:44 -05:00
cskh cba3b25196
integ test: import missing changes from ent (#20187) 2024-01-12 13:27:36 -05:00
Manoj Srinivasamurthy fa6eb61f70
NET-6813: adding resolver default subset test in agentless upgrade test (#20046) 2024-01-10 21:25:50 +05:30
Michael Zalimeni fe10339caa
[NET-7009] security: update x/crypto to 0.17.0 (#20023)
security: update x/crypto to 0.17.0

This addresses CVE-2023-48795 (x/crypto/ssh).
2023-12-21 20:11:19 +00:00
Ashesh Vidyut 3443db7885
NET 6762 (#19931)
NET-6762
2023-12-14 06:37:01 +05:30
Ashesh Vidyut c5cce63777
NET 6761 (#19837)
NET-6761 explicit destinations tests updated
2023-12-12 10:38:00 +05:30
cskh 0ca070b301
upgrade test(LTS): add segments to version 1.10 (#19861) 2023-12-08 12:22:16 -05:00
Poonam Jadhav 06b3038643
Net-6730/namespace intg test (#19798)
test: add intg test for namespace lifecycle
2023-12-07 13:12:45 -05:00
cskh 04d4412afd
NET-6643: upgrade test from 1.10 to 1.15 (lts) of a single cluster (#19847)
* NET-6643: upgrade test from 1.10 to 1.15 (lts) of a single cluster

* license header
2023-12-06 19:45:37 +00:00
Matt Keeler efe279f802
Retry lint fixes (#19151)
* Add a make target to run lint-consul-retry on all the modules
* Cleanup sdk/testutil/retry
* Fix a bunch of retry.Run* usage to not use the outer testing.T
* Fix some more recent retry lint issues and pin to v1.4.0 of lint-consul-retry
* Fix codegen copywrite lint issues
* Don’t perform cleanup after each retry attempt by default.
* Use the common testutil.TestingTB interface in test-integ/tenancy
* Fix retry tests
* Update otel access logging extension test to perform requests within the retry block
2023-12-06 12:11:32 -05:00
aahel 334de1460c
update l7expplicit dest test to test cross tenancy (#19834) 2023-12-06 06:42:19 +00:00
Semir Patel 2d1f308138
resource: add v2tenancy feature flag to deployer tests (#19774) 2023-11-30 11:41:30 -06:00
sarahalsmiller fd1d97c334
Add Kubebuilder tags to Gatewayclassconfig proto messages (#19725)
* add build tags/import k8s specific proto packages

* fix generated import paths

* fix gomod linting issue

* mod tidy every go mod file

* revert protobuff version, take care of in different pr

* cleaned up new lines

* added newline to end of file
2023-11-28 14:46:11 -06:00
cskh ce66433311
integ-test: fix upgrade test for CE (#19673)
* integ-test: fix upgrade test for CE
2023-11-17 12:34:30 -05:00
cskh 04a3a3e8d0
Integ test (test/deployer): upgrade test with service mesh (#19658)
* Integ test (test/deployer): upgrade test with service mesh

* license
2023-11-15 19:32:37 -05:00
R.B. Boyer da8700f216
test: fix some multiport deployer bugs and remove a container test already handled by deployer tests (#19614) 2023-11-15 10:26:26 -06:00
R.B. Boyer b2979f6edf
testing/deployer: rename various terms to better align with v2 and avoid confusion (#19600)
Conceptually renaming the following topology terms to avoid confusion with v2 and to better align with it:

- ServiceID -> ID
- Service -> Workload
- Upstream -> Destination
2023-11-10 13:22:06 -06:00
cskh 5ba42b4e65
Integ test - use asserter (#19597)
* integ-test: use topoutil.asserter to replace customized code
2023-11-09 18:26:16 -05:00
R.B. Boyer 2296bd5c9a
docs: spike of info about how to use deployer topology tests (#19576)
Initial developer facing docs on how to write deployer (topology) integration tests.
2023-11-08 17:26:58 -06:00
R.B. Boyer a7f3069a94
test: add a v2 container integration test of xRoute splits (#19570)
This adds a deployer-based integration test verifying that a 90/10 traffic
split works for: HTTPRoute, GRPCRoute, and TCPRoute.
2023-11-08 17:20:00 -06:00
cskh 8d6545ec43
test/deployer: add the method of deregistering services (#19525) 2023-11-07 17:29:13 -05:00
R.B. Boyer d203c0abe3
test: update deployer default images (#19554) 2023-11-07 13:15:40 -06:00
R.B. Boyer 4d7754ad25
test: update makefile to include ways to trigger deployer integration tests (#19553) 2023-11-07 12:41:14 -06:00
R.B. Boyer a66cb58e71
test: fix some of the peering topology tests to safely run without tenancy in CE (#19540) 2023-11-07 10:11:42 -06:00
R.B. Boyer 65592d91a8
chore: apply enterprise changes that were missed to some testing files (#19504)
This should align between CE ef35525 and ENT 7f95226dbe40151c8f17dd4464784b60cf358dc1 in:

- testing/integration/consul-container
- test-integ
- testing/deployer
2023-11-03 11:43:43 -05:00
Dan Stough fd128f4947
build: dependency updates for 1.17.0 (#19453) 2023-11-03 12:29:59 -04:00
Semir Patel ef35525cf1
resource: finalizer aware delete endpoint (2 of 5) (#19493)
resource: make delete endpoint finalizer aware
2023-11-03 10:10:58 -04:00