Skip to content

Commit

Permalink
Merge branch 'release/1.19.x' into backport/NET-7787-update-jwt-docs/…
Browse files Browse the repository at this point in the history
…needlessly-absolute-swine
  • Loading branch information
jm96441n authored Aug 15, 2024
2 parents e324777 + b1a65de commit 76c127e
Show file tree
Hide file tree
Showing 68 changed files with 6,156 additions and 19,234 deletions.
3 changes: 3 additions & 0 deletions .changelog/21588.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:security
ui: Upgrade modules with d3-color as a dependency to address denial of service issue in d3-color < 3.1.0
```
3 changes: 3 additions & 0 deletions .changelog/21604.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:bug
api-gateway: **(Enterprise only)** ensure clusters are properly created for JWT providers with a remote URI for the JWKS endpoint
```
2 changes: 1 addition & 1 deletion .github/workflows/backport-assistant.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ jobs:
env:
BACKPORT_LABEL_REGEXP: "backport/(?P<target>\\d+\\.\\d+)"
BACKPORT_TARGET_TEMPLATE: "release/{{.target}}.x"
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN_WORKFLOW }}
ENABLE_VERSION_MANIFESTS: true
backport-ent:
if: github.event.pull_request.merged && contains(join(github.event.pull_request.labels.*.name), 'backport/ent')
Expand Down
1 change: 1 addition & 0 deletions .release/security-scan.hcl
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@ container {
"CVE-2023-46218", # [email protected]
"CVE-2023-46219", # [email protected]
"CVE-2023-5678", # [email protected]
"CVE-2024-7264", # [email protected]
]
paths = [
"internal/tools/proto-gen-rpc-glue/e2e/consul/*",
Expand Down
110 changes: 4 additions & 106 deletions agent/agent.go
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,6 @@ import (
"github.com/hashicorp/consul/agent/consul"
rpcRate "github.com/hashicorp/consul/agent/consul/rate"
"github.com/hashicorp/consul/agent/consul/servercert"
"github.com/hashicorp/consul/agent/discovery"
"github.com/hashicorp/consul/agent/dns"
external "github.com/hashicorp/consul/agent/grpc-external"
grpcDNS "github.com/hashicorp/consul/agent/grpc-external/services/dns"
middleware "github.com/hashicorp/consul/agent/grpc-middleware"
Expand Down Expand Up @@ -222,7 +220,7 @@ type notifier interface {
Notify(string) error
}

// dnsServer abstracts the V1 and V2 implementations of the DNS server.
// dnsServer abstracts the implementations of the DNS server.
type dnsServer interface {
GetAddr() string
ListenAndServe(string, string, func()) error
Expand Down Expand Up @@ -354,10 +352,6 @@ type Agent struct {
// dnsServer provides the DNS API
dnsServers []dnsServer

// catalogDataFetcher is used as an interface to the catalog for service discovery
// (aka DNS). Only applicable to the V2 DNS server (agent/dns).
catalogDataFetcher discovery.CatalogDataFetcher

// apiServers listening for connections. If any of these server goroutines
// fail, the agent will be shutdown.
apiServers *apiServers
Expand Down Expand Up @@ -879,14 +873,8 @@ func (a *Agent) Start(ctx context.Context) error {
}

// start DNS servers
if a.baseDeps.UseV1DNS() {
if err := a.listenAndServeV1DNS(); err != nil {
return err
}
} else {
if err := a.listenAndServeV2DNS(); err != nil {
return err
}
if err := a.listenAndServeDNS(); err != nil {
return err
}

// Configure the http connection limiter.
Expand Down Expand Up @@ -1065,7 +1053,7 @@ func (a *Agent) listenAndServeGRPC(proxyTracker *proxytracker.ProxyTracker, serv
return nil
}

func (a *Agent) listenAndServeV1DNS() error {
func (a *Agent) listenAndServeDNS() error {
notif := make(chan net.Addr, len(a.config.DNSAddrs))
errCh := make(chan error, len(a.config.DNSAddrs))
for _, addr := range a.config.DNSAddrs {
Expand Down Expand Up @@ -1117,92 +1105,6 @@ func (a *Agent) listenAndServeV1DNS() error {
return merr.ErrorOrNil()
}

func (a *Agent) listenAndServeV2DNS() error {

// Check the catalog version and decide which implementation of the data fetcher to implement
if a.baseDeps.UseV2Resources() {
a.catalogDataFetcher = discovery.NewV2DataFetcher(a.config, a.delegate.ResourceServiceClient(), a.logger.Named("catalog-data-fetcher"))
} else {
a.catalogDataFetcher = discovery.NewV1DataFetcher(a.config,
a.AgentEnterpriseMeta(),
a.cache.Get,
a.RPC,
a.rpcClientHealth.ServiceNodes,
a.rpcClientConfigEntry.GetSamenessGroup,
a.TranslateServicePort,
a.logger.Named("catalog-data-fetcher"))
}

// Generate a Query Processor with the appropriate data fetcher
processor := discovery.NewQueryProcessor(a.catalogDataFetcher)

notif := make(chan net.Addr, len(a.config.DNSAddrs))
errCh := make(chan error, len(a.config.DNSAddrs))

// create server
cfg := dns.Config{
AgentConfig: a.config,
EntMeta: *a.AgentEnterpriseMeta(),
Logger: a.logger,
Processor: processor,
TokenFunc: a.getTokenFunc(),
TranslateAddressFunc: a.TranslateAddress,
TranslateServiceAddressFunc: a.TranslateServiceAddress,
}

for _, addr := range a.config.DNSAddrs {
s, err := dns.NewServer(cfg)
if err != nil {
return err
}
a.dnsServers = append(a.dnsServers, s)

// start server
a.wgServers.Add(1)
go func(addr net.Addr) {
defer a.wgServers.Done()
err := s.ListenAndServe(addr.Network(), addr.String(), func() { notif <- addr })
if err != nil && !strings.Contains(err.Error(), "accept") {
errCh <- err
}
}(addr)
}

s, err := dns.NewServer(cfg)
if err != nil {
return fmt.Errorf("failed to create grpc dns server: %w", err)
}

// Create a v2 compatible grpc dns server
grpcDNS.NewServerV2(grpcDNS.ConfigV2{
Logger: a.logger.Named("grpc-api.dns"),
DNSRouter: s.Router,
TokenFunc: a.getTokenFunc(),
}).Register(a.externalGRPCServer)

a.dnsServers = append(a.dnsServers, s)

// wait for servers to be up
timeout := time.After(time.Second)
var merr *multierror.Error
for range a.config.DNSAddrs {
select {
case addr := <-notif:
a.logger.Info("Started DNS server",
"address", addr.String(),
"network", addr.Network(),
)

case err := <-errCh:
merr = multierror.Append(merr, err)
case <-timeout:
merr = multierror.Append(merr, fmt.Errorf("agent: timeout starting DNS servers"))
return merr.ErrorOrNil()
}
}
return merr.ErrorOrNil()
}

// startListeners will return a net.Listener for every address unless an
// error is encountered, in which case it will close all previously opened
// listeners and return the error.
Expand Down Expand Up @@ -4414,10 +4316,6 @@ func (a *Agent) reloadConfigInternal(newCfg *config.RuntimeConfig) error {
return fmt.Errorf("Failed reloading dns config : %v", err)
}
}
// This field is only populated for the V2 DNS server
if a.catalogDataFetcher != nil {
a.catalogDataFetcher.LoadConfig(newCfg)
}

err := a.reloadEnterprise(newCfg)
if err != nil {
Expand Down
6 changes: 0 additions & 6 deletions agent/config/builder_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -618,9 +618,6 @@ func TestBuilder_CheckExperimentsInSecondaryDatacenters(t *testing.T) {
"primary server v2catalog": {
hcl: primary + `experiments = ["resource-apis"]`,
},
"primary server v1dns": {
hcl: primary + `experiments = ["v1dns"]`,
},
"primary server v2tenancy": {
hcl: primary + `experiments = ["v2tenancy"]`,
},
Expand All @@ -631,9 +628,6 @@ func TestBuilder_CheckExperimentsInSecondaryDatacenters(t *testing.T) {
hcl: secondary + `experiments = ["resource-apis"]`,
expectErr: true,
},
"secondary server v1dns": {
hcl: secondary + `experiments = ["v1dns"]`,
},
"secondary server v2tenancy": {
hcl: secondary + `experiments = ["v2tenancy"]`,
expectErr: true,
Expand Down
9 changes: 0 additions & 9 deletions agent/consul/options.go
Original file line number Diff line number Diff line change
Expand Up @@ -50,15 +50,6 @@ type Deps struct {
EnterpriseDeps
}

// UseV1DNS returns true if "v1dns" is present in the Experiments
// array of the agent config. It is ignored if the v2 resource APIs are enabled.
func (d Deps) UseV1DNS() bool {
if stringslice.Contains(d.Experiments, V1DNSExperimentName) && !d.UseV2Resources() {
return true
}
return false
}

// UseV2Resources returns true if "resource-apis" is present in the Experiments
// array of the agent config.
func (d Deps) UseV2Resources() bool {
Expand Down
1 change: 0 additions & 1 deletion agent/consul/server.go
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,6 @@ const (

LeaderTransferMinVersion = "1.6.0"
CatalogResourceExperimentName = "resource-apis"
V1DNSExperimentName = "v1dns"
V2TenancyExperimentName = "v2tenancy"
HCPAllowV2ResourceAPIs = "hcp-v2-resource-apis"
)
Expand Down
Loading

0 comments on commit 76c127e

Please sign in to comment.