diff --git a/.github/workflows/backport-assistant.yml b/.github/workflows/backport-assistant.yml index d004f220bf8e8..24c0a66da59dd 100644 --- a/.github/workflows/backport-assistant.yml +++ b/.github/workflows/backport-assistant.yml @@ -19,7 +19,7 @@ jobs: backport: if: github.event.pull_request.merged runs-on: ubuntu-latest - container: hashicorpdev/backport-assistant:0.4.4 + container: hashicorpdev/backport-assistant:0.4.1 steps: - name: Run Backport Assistant for release branches run: | diff --git a/.github/workflows/nightly-test-1.19.x.yaml b/.github/workflows/nightly-test-1.14.x.yaml similarity index 96% rename from .github/workflows/nightly-test-1.19.x.yaml rename to .github/workflows/nightly-test-1.14.x.yaml index 2f5398596b2f5..8e85e175c27f4 100644 --- a/.github/workflows/nightly-test-1.19.x.yaml +++ b/.github/workflows/nightly-test-1.14.x.yaml @@ -1,7 +1,7 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 -name: Nightly Frontend Test 1.19.x +name: Nightly Frontend Test 1.14.x on: schedule: - cron: '0 4 * * *' @@ -9,8 +9,8 @@ on: env: EMBER_PARTITION_TOTAL: 4 # Has to be changed in tandem with the matrix.partition - BRANCH: "release/1.19.x" - BRANCH_NAME: "release-1.19.x" # Used for naming artifacts + BRANCH: "release/1.14.x" + BRANCH_NAME: "release-1.14.x" # Used for naming artifacts GOPRIVATE: github.com/hashicorp # Required for enterprise deps jobs: @@ -24,7 +24,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -56,7 +56,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -95,7 +95,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -128,7 +128,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -167,7 +167,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -198,7 +198,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock diff --git a/.github/workflows/nightly-test-1.15.x.yaml b/.github/workflows/nightly-test-1.15.x.yaml index f8dec0f82e340..c25e25ac57b1d 100644 --- a/.github/workflows/nightly-test-1.15.x.yaml +++ b/.github/workflows/nightly-test-1.15.x.yaml @@ -14,15 +14,8 @@ env: GOPRIVATE: github.com/hashicorp # Required for enterprise deps jobs: - check-ent: - runs-on: ubuntu-latest - if: ${{ endsWith(github.repository, '-enterprise') }} - steps: - - run: echo "Building Enterprise" - frontend-test-workspace-node: runs-on: ubuntu-latest - needs: [check-ent] steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: @@ -52,7 +45,6 @@ jobs: frontend-build-ce: runs-on: ubuntu-latest - needs: [check-ent] env: JOBS: 2 CONSUL_NSPACES_ENABLED: 0 @@ -125,7 +117,6 @@ jobs: frontend-build-ent: runs-on: ubuntu-latest - needs: [check-ent] env: JOBS: 2 CONSUL_NSPACES_ENABLED: 1 diff --git a/.github/workflows/nightly-test-1.18.x.yaml b/.github/workflows/nightly-test-1.16.x.yaml similarity index 93% rename from .github/workflows/nightly-test-1.18.x.yaml rename to .github/workflows/nightly-test-1.16.x.yaml index ca627b013932f..6dff72150fa6e 100644 --- a/.github/workflows/nightly-test-1.18.x.yaml +++ b/.github/workflows/nightly-test-1.16.x.yaml @@ -1,7 +1,7 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 -name: Nightly Frontend Test 1.18.x +name: Nightly Frontend Test 1.16.x on: schedule: - cron: '0 4 * * *' @@ -9,20 +9,13 @@ on: env: EMBER_PARTITION_TOTAL: 4 # Has to be changed in tandem with the matrix.partition - BRANCH: "release/1.18.x" - BRANCH_NAME: "release-1.18.x" # Used for naming artifacts + BRANCH: "release/1.16.x" + BRANCH_NAME: "release-1.16.x" # Used for naming artifacts GOPRIVATE: github.com/hashicorp # Required for enterprise deps jobs: - check-ent: - runs-on: ubuntu-latest - if: ${{ endsWith(github.repository, '-enterprise') }} - steps: - - run: echo "Building Enterprise" - frontend-test-workspace-node: runs-on: ubuntu-latest - needs: [check-ent] steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: @@ -31,7 +24,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -52,7 +45,6 @@ jobs: frontend-build-ce: runs-on: ubuntu-latest - needs: [check-ent] env: JOBS: 2 CONSUL_NSPACES_ENABLED: 0 @@ -64,7 +56,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -103,7 +95,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -125,7 +117,6 @@ jobs: frontend-build-ent: runs-on: ubuntu-latest - needs: [check-ent] env: JOBS: 2 CONSUL_NSPACES_ENABLED: 1 @@ -137,7 +128,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -176,7 +167,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock @@ -207,7 +198,7 @@ jobs: # Not necessary to use yarn, but enables caching - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2 with: - node-version: 18 + node-version: 14 cache: 'yarn' cache-dependency-path: ./ui/yarn.lock diff --git a/.github/workflows/nightly-test-1.17.x.yaml b/.github/workflows/nightly-test-1.17.x.yaml index 10eb3d9e01731..ad6e49684d9e0 100644 --- a/.github/workflows/nightly-test-1.17.x.yaml +++ b/.github/workflows/nightly-test-1.17.x.yaml @@ -14,15 +14,8 @@ env: GOPRIVATE: github.com/hashicorp # Required for enterprise deps jobs: - check-ent: - runs-on: ubuntu-latest - if: ${{ endsWith(github.repository, '-enterprise') }} - steps: - - run: echo "Building Enterprise" - frontend-test-workspace-node: runs-on: ubuntu-latest - needs: [check-ent] steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: @@ -52,7 +45,6 @@ jobs: frontend-build-ce: runs-on: ubuntu-latest - needs: [check-ent] env: JOBS: 2 CONSUL_NSPACES_ENABLED: 0 @@ -125,7 +117,6 @@ jobs: frontend-build-ent: runs-on: ubuntu-latest - needs: [check-ent] env: JOBS: 2 CONSUL_NSPACES_ENABLED: 1 diff --git a/.github/workflows/nightly-test-integ-peering_commontopo.yml b/.github/workflows/nightly-test-integ-peering_commontopo.yml index 5c7f5fa23babc..84b8a97c1cc63 100644 --- a/.github/workflows/nightly-test-integ-peering_commontopo.yml +++ b/.github/workflows/nightly-test-integ-peering_commontopo.yml @@ -6,7 +6,7 @@ name: Nightly test integrations - peering_common_topo on: schedule: # Run nightly at 12AM UTC/8PM EST/5PM PST - - cron: '0 0 * * *' + - cron: '* 0 * * *' workflow_dispatch: {} env: @@ -39,20 +39,12 @@ jobs: get-go-version: uses: ./.github/workflows/reusable-get-go-version.yml - with: - ref: ${{ inputs.branch }} - - get-envoy-versions: - uses: ./.github/workflows/reusable-get-envoy-versions.yml - with: - ref: ${{ inputs.branch }} tests: runs-on: ${{ fromJSON(needs.setup.outputs.compute-xl ) }} needs: - setup - get-go-version - - get-envoy-versions permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. contents: read @@ -70,7 +62,7 @@ jobs: name: '${{matrix.test-case}}' env: - ENVOY_VERSION: ${{ needs.get-envoy-versions.outputs.max-envoy-version }} + ENVOY_VERSION: "1.29.5" steps: - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. diff --git a/.github/workflows/nightly-test-integrations-1.15.x.yml b/.github/workflows/nightly-test-integrations-1.15.x.yml index 8ac92f282f344..c40c63a5ad288 100644 --- a/.github/workflows/nightly-test-integrations-1.15.x.yml +++ b/.github/workflows/nightly-test-integrations-1.15.x.yml @@ -6,7 +6,7 @@ name: Nightly test-integrations 1.15.x on: schedule: # Run nightly at 1AM UTC/9PM EST/6PM PST - - cron: '0 1 * * *' + - cron: '* 1 * * *' workflow_dispatch: {} env: @@ -23,15 +23,8 @@ env: BRANCH_NAME: "release-1.15.x" # Used for naming artifacts jobs: - check-ent: - runs-on: ubuntu-latest - if: ${{ endsWith(github.repository, '-enterprise') }} - steps: - - run: echo "Building Enterprise" - setup: runs-on: ubuntu-latest - needs: [check-ent] name: Setup outputs: compute-small: ${{ steps.runners.outputs.compute-small }} @@ -48,16 +41,7 @@ jobs: run: .github/scripts/get_runner_classes.sh get-go-version: - needs: [check-ent] uses: ./.github/workflows/reusable-get-go-version.yml - with: - ref: release/1.15.x - - get-envoy-versions: - needs: [check-ent] - uses: ./.github/workflows/reusable-get-envoy-versions.yml - with: - ref: release/1.15.x dev-build: needs: @@ -87,34 +71,36 @@ jobs: - name: Generate Envoy Job Matrix id: set-matrix env: - # TEST_SPLITS sets the number of test case splits to use in the matrix. This will be - # further multiplied in envoy-integration tests by the other dimensions in the matrix - # to determine the total number of runners used. - TEST_SPLITS: 4 + # this is further going to multiplied in envoy-integration tests by the + # other dimensions in the matrix. Currently TOTAL_RUNNERS would be + # 14 based on these values: + # envoy-version: ["1.22.11", "1.23.12", "1.24.12", "1.25.11", "1.26.8", "1.27.5", "1.28.3"] + # xds-target: ["server", "client"] + TOTAL_RUNNERS: 7 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' run: | + NUM_RUNNERS=$TOTAL_RUNNERS NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l) - if [ "$NUM_DIRS" -lt "$TEST_SPLITS" ]; then - echo "TEST_SPLITS is larger than the number of tests/packages to split." - TEST_SPLITS=$((NUM_DIRS-1)) + if [ "$NUM_DIRS" -lt "$NUM_RUNNERS" ]; then + echo "TOTAL_RUNNERS is larger than the number of tests/packages to split." + NUM_RUNNERS=$((NUM_DIRS-1)) fi - # fix issue where test splitting calculation generates 1 more split than TEST_SPLITS. - TEST_SPLITS=$((TEST_SPLITS-1)) + # fix issue where test splitting calculation generates 1 more split than TOTAL_RUNNERS. + NUM_RUNNERS=$((NUM_RUNNERS-1)) { echo -n "envoy-matrix=" find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \ | xargs -0 -n 1 basename \ - | jq --raw-input --argjson runnercount "$TEST_SPLITS" "$JQ_SLICER" \ + | jq --raw-input --argjson runnercount "$NUM_RUNNERS" "$JQ_SLICER" \ | jq --compact-output 'map(join("|"))' } >> "$GITHUB_OUTPUT" - + envoy-integration-test: runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} needs: - setup - get-go-version - - get-envoy-versions - generate-envoy-job-matrices - dev-build permissions: @@ -123,7 +109,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ${{ fromJSON(needs.get-envoy-versions.outputs.envoy-versions-json) }} + envoy-version: ["1.22.11", "1.23.12", "1.24.12", "1.25.11", "1.26.8", "1.27.6", "1.28.4"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: @@ -202,7 +188,7 @@ jobs: DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml - + upgrade-integration-test: runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} needs: @@ -218,17 +204,7 @@ jobs: consul-version: ["1.14", "1.15"] env: CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} - # ENVOY_VERSION should be the latest version supported by _all_ Consul versions in the - # matrix.consul-version, since we are testing upgrade from an older Consul version. - # In practice, this should be the highest Envoy version supported by the lowest non-LTS - # Consul version in the matrix (LTS versions receive additional Envoy version support). - # - # This value should be kept current in new nightly test workflows, and updated any time - # a new major Envoy release is added to the set supported by Consul versions in - # matrix.consul-version (i.e. whenever the highest common Envoy version across active - # Consul versions changes). The minor Envoy version does not necessarily need to be - # kept current for the purpose of these tests, but the major (1.N) version should be. - ENVOY_VERSION: "1.24.12" + ENVOY_VERSION: "1.24.6" steps: - name: Checkout code uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 @@ -329,7 +305,7 @@ jobs: - envoy-integration-test - upgrade-integration-test runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} - if: ${{ always() && endsWith(github.repository, '-enterprise') }} + if: ${{ always() }} steps: - name: evaluate upstream job results run: | diff --git a/.github/workflows/nightly-test-integrations-1.19.x.yml b/.github/workflows/nightly-test-integrations-1.16.x.yml similarity index 70% rename from .github/workflows/nightly-test-integrations-1.19.x.yml rename to .github/workflows/nightly-test-integrations-1.16.x.yml index 452d174e1ecac..9f7cee671343d 100644 --- a/.github/workflows/nightly-test-integrations-1.19.x.yml +++ b/.github/workflows/nightly-test-integrations-1.16.x.yml @@ -1,12 +1,12 @@ # Copyright (c) HashiCorp, Inc. # SPDX-License-Identifier: MPL-2.0 -name: Nightly test-integrations 1.19.x +name: Nightly test-integrations 1.16.x on: schedule: # Run nightly at 1AM UTC/9PM EST/6PM PST - - cron: '0 1 * * *' + - cron: '* 1 * * *' workflow_dispatch: {} env: @@ -19,8 +19,8 @@ env: # strip the hashicorp/ off the front of github.repository for consul CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }} GOPRIVATE: github.com/hashicorp # Required for enterprise deps - BRANCH: "release/1.19.x" - BRANCH_NAME: "release-1.19.x" # Used for naming artifacts + BRANCH: "release/1.16.x" + BRANCH_NAME: "release-1.16.x" # Used for naming artifacts jobs: setup: @@ -42,13 +42,6 @@ jobs: get-go-version: uses: ./.github/workflows/reusable-get-go-version.yml - with: - ref: release/1.19.x - - get-envoy-versions: - uses: ./.github/workflows/reusable-get-envoy-versions.yml - with: - ref: release/1.19.x dev-build: needs: @@ -59,7 +52,7 @@ jobs: runs-on: ${{ needs.setup.outputs.compute-large }} repository-name: ${{ github.repository }} uploaded-binary-name: 'consul-bin' - branch-name: "release/1.17.x" + branch-name: "release/1.16.x" go-version: ${{ needs.get-go-version.outputs.go-version }} secrets: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} @@ -78,34 +71,36 @@ jobs: - name: Generate Envoy Job Matrix id: set-matrix env: - # TEST_SPLITS sets the number of test case splits to use in the matrix. This will be - # further multiplied in envoy-integration tests by the other dimensions in the matrix - # to determine the total number of runners used. - TEST_SPLITS: 4 + # this is further going to multiplied in envoy-integration tests by the + # other dimensions in the matrix. Currently TOTAL_RUNNERS would be + # multiplied by 8 based on these values: + # envoy-version: ["1.23.12", "1.24.12", "1.25.11", "1.26.8"] + # xds-target: ["server", "client"] + TOTAL_RUNNERS: 8 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' run: | + NUM_RUNNERS=$TOTAL_RUNNERS NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l) - if [ "$NUM_DIRS" -lt "$TEST_SPLITS" ]; then - echo "TEST_SPLITS is larger than the number of tests/packages to split." - TEST_SPLITS=$((NUM_DIRS-1)) + if [ "$NUM_DIRS" -lt "$NUM_RUNNERS" ]; then + echo "TOTAL_RUNNERS is larger than the number of tests/packages to split." + NUM_RUNNERS=$((NUM_DIRS-1)) fi - # fix issue where test splitting calculation generates 1 more split than TEST_SPLITS. - TEST_SPLITS=$((TEST_SPLITS-1)) + # fix issue where test splitting calculation generates 1 more split than TOTAL_RUNNERS. + NUM_RUNNERS=$((NUM_RUNNERS-1)) { echo -n "envoy-matrix=" find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \ | xargs -0 -n 1 basename \ - | jq --raw-input --argjson runnercount "$TEST_SPLITS" "$JQ_SLICER" \ + | jq --raw-input --argjson runnercount "$NUM_RUNNERS" "$JQ_SLICER" \ | jq --compact-output 'map(join("|"))' } >> "$GITHUB_OUTPUT" - + envoy-integration-test: runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} needs: - setup - get-go-version - - get-envoy-versions - generate-envoy-job-matrices - dev-build permissions: @@ -114,7 +109,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ${{ fromJSON(needs.get-envoy-versions.outputs.envoy-versions-json) }} + envoy-version: ["1.23.12", "1.24.12", "1.25.11", "1.26.8"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: @@ -202,7 +197,6 @@ jobs: needs: - setup - get-go-version - - get-envoy-versions - dev-build permissions: id-token: write # NOTE: this permission is explicitly required for Vault auth. @@ -210,20 +204,10 @@ jobs: strategy: fail-fast: false matrix: - consul-version: ["1.15", "1.17", "1.18", "1.19"] + consul-version: ["1.14", "1.15", "1.16"] env: CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} - # ENVOY_VERSION should be the latest version supported by _all_ Consul versions in the - # matrix.consul-version, since we are testing upgrade from an older Consul version. - # In practice, this should be the highest Envoy version supported by the lowest non-LTS - # Consul version in the matrix (LTS versions receive additional Envoy version support). - # - # This value should be kept current in new nightly test workflows, and updated any time - # a new major Envoy release is added to the set supported by Consul versions in - # matrix.consul-version (i.e. whenever the highest common Envoy version across active - # Consul versions changes). The minor Envoy version does not necessarily need to be - # kept current for the purpose of these tests, but the major (1.N) version should be. - ENVOY_VERSION: 1.27.6 + ENVOY_VERSION: "1.24.6" steps: - name: Checkout code uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 @@ -334,96 +318,6 @@ jobs: DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml - upgrade-integration-test-deployer: - runs-on: ${{ fromJSON(needs.setup.outputs.compute-large ) }} - needs: - - setup - - get-go-version - - dev-build - permissions: - id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read - strategy: - fail-fast: false - matrix: - consul-version: ["1.15", "1.17", "1.18"] - env: - CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} - steps: - - name: Checkout code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - ref: ${{ env.BRANCH }} - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: ${{ needs.get-go-version.outputs.go-version }} - - run: go env - - name: Build image - run: make test-deployer-setup - - name: Upgrade Integration Tests - run: | - mkdir -p "${{ env.TEST_RESULTS_DIR }}" - export NOLOGBUFFER=1 - cd ./test-integ/upgrade - docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version - go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --raw-command \ - --format=standard-verbose \ - --debug \ - --packages="./..." \ - -- \ - go test \ - -tags "${{ env.GOTAGS }}" \ - -timeout=60m \ - -parallel=2 \ - -json \ - ./... \ - --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --target-version local \ - --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --latest-version "${{ env.CONSUL_LATEST_VERSION }}" - env: - # this is needed because of incompatibility between RYUK container and GHA - GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml - GOTESTSUM_FORMAT: standard-verbose - COMPOSE_INTERACTIVE_NO_CLI: 1 - # tput complains if this isn't set to something. - TERM: ansi - # NOTE: ENT specific step as we store secrets in Vault. - - name: Authenticate to Vault - if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} - id: vault-auth - run: vault-auth - - # NOTE: ENT specific step as we store secrets in Vault. - - name: Fetch Secrets - if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} - id: secrets - uses: hashicorp/vault-action@v3 - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - - - name: prepare datadog-ci - if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }} - run: | - curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" - chmod +x /usr/local/bin/datadog-ci - - - name: upload coverage - # do not run on forks - if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }} - env: - DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" - DD_ENV: ci - run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml test-integrations-success: needs: @@ -432,7 +326,6 @@ jobs: - generate-envoy-job-matrices - envoy-integration-test - upgrade-integration-test - - upgrade-integration-test-deployer runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} if: ${{ always() }} steps: diff --git a/.github/workflows/nightly-test-integrations-1.17.x.yml b/.github/workflows/nightly-test-integrations-1.17.x.yml index df952d8234fae..f0b810150eaf0 100644 --- a/.github/workflows/nightly-test-integrations-1.17.x.yml +++ b/.github/workflows/nightly-test-integrations-1.17.x.yml @@ -6,7 +6,7 @@ name: Nightly test-integrations 1.17.x on: schedule: # Run nightly at 1AM UTC/9PM EST/6PM PST - - cron: '0 1 * * *' + - cron: '* 1 * * *' workflow_dispatch: {} env: @@ -23,15 +23,8 @@ env: BRANCH_NAME: "release-1.17.x" # Used for naming artifacts jobs: - check-ent: - runs-on: ubuntu-latest - if: ${{ endsWith(github.repository, '-enterprise') }} - steps: - - run: echo "Building Enterprise" - setup: runs-on: ubuntu-latest - needs: [check-ent] name: Setup outputs: compute-small: ${{ steps.runners.outputs.compute-small }} @@ -48,16 +41,7 @@ jobs: run: .github/scripts/get_runner_classes.sh get-go-version: - needs: [check-ent] uses: ./.github/workflows/reusable-get-go-version.yml - with: - ref: release/1.17.x - - get-envoy-versions: - needs: [check-ent] - uses: ./.github/workflows/reusable-get-envoy-versions.yml - with: - ref: release/1.17.x dev-build: needs: @@ -87,34 +71,36 @@ jobs: - name: Generate Envoy Job Matrix id: set-matrix env: - # TEST_SPLITS sets the number of test case splits to use in the matrix. This will be - # further multiplied in envoy-integration tests by the other dimensions in the matrix - # to determine the total number of runners used. - TEST_SPLITS: 4 + # this is further going to multiplied in envoy-integration tests by the + # other dimensions in the matrix. Currently TOTAL_RUNNERS would be + # multiplied by 8 based on these values: + # envoy-version: ["1.24.12", "1.25.11", "1.26.8", "1.27.5"] + # xds-target: ["server", "client"] + TOTAL_RUNNERS: 4 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' run: | + NUM_RUNNERS=$TOTAL_RUNNERS NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l) - if [ "$NUM_DIRS" -lt "$TEST_SPLITS" ]; then - echo "TEST_SPLITS is larger than the number of tests/packages to split." - TEST_SPLITS=$((NUM_DIRS-1)) + if [ "$NUM_DIRS" -lt "$NUM_RUNNERS" ]; then + echo "TOTAL_RUNNERS is larger than the number of tests/packages to split." + NUM_RUNNERS=$((NUM_DIRS-1)) fi - # fix issue where test splitting calculation generates 1 more split than TEST_SPLITS. - TEST_SPLITS=$((TEST_SPLITS-1)) + # fix issue where test splitting calculation generates 1 more split than TOTAL_RUNNERS. + NUM_RUNNERS=$((NUM_RUNNERS-1)) { echo -n "envoy-matrix=" find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \ | xargs -0 -n 1 basename \ - | jq --raw-input --argjson runnercount "$TEST_SPLITS" "$JQ_SLICER" \ + | jq --raw-input --argjson runnercount "$NUM_RUNNERS" "$JQ_SLICER" \ | jq --compact-output 'map(join("|"))' } >> "$GITHUB_OUTPUT" - + envoy-integration-test: runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} needs: - setup - get-go-version - - get-envoy-versions - generate-envoy-job-matrices - dev-build permissions: @@ -123,7 +109,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ${{ fromJSON(needs.get-envoy-versions.outputs.envoy-versions-json) }} + envoy-version: ["1.24.12", "1.25.11", "1.26.8", "1.27.6"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: @@ -205,7 +191,7 @@ jobs: DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml - + upgrade-integration-test: runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} needs: @@ -221,17 +207,7 @@ jobs: consul-version: ["1.15", "1.16", "1.17"] env: CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} - # ENVOY_VERSION should be the latest version supported by _all_ Consul versions in the - # matrix.consul-version, since we are testing upgrade from an older Consul version. - # In practice, this should be the highest Envoy version supported by the lowest non-LTS - # Consul version in the matrix (LTS versions receive additional Envoy version support). - # - # This value should be kept current in new nightly test workflows, and updated any time - # a new major Envoy release is added to the set supported by Consul versions in - # matrix.consul-version (i.e. whenever the highest common Envoy version across active - # Consul versions changes). The minor Envoy version does not necessarily need to be - # kept current for the purpose of these tests, but the major (1.N) version should be. - ENVOY_VERSION: 1.27.6 + ENVOY_VERSION: "1.24.6" steps: - name: Checkout code uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 @@ -442,7 +418,7 @@ jobs: - upgrade-integration-test - upgrade-integration-test-deployer runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} - if: ${{ always() && endsWith(github.repository, '-enterprise') }} + if: ${{ always() }} steps: - name: evaluate upstream job results run: | diff --git a/.github/workflows/nightly-test-integrations-1.18.x.yml b/.github/workflows/nightly-test-integrations-1.18.x.yml deleted file mode 100644 index c432dc1c09c86..0000000000000 --- a/.github/workflows/nightly-test-integrations-1.18.x.yml +++ /dev/null @@ -1,463 +0,0 @@ -# Copyright (c) HashiCorp, Inc. -# SPDX-License-Identifier: MPL-2.0 - -name: Nightly test-integrations 1.18.x - -on: - schedule: - # Run nightly at 1AM UTC/9PM EST/6PM PST - - cron: '0 1 * * *' - workflow_dispatch: {} - -env: - TEST_RESULTS_DIR: /tmp/test-results - TEST_RESULTS_ARTIFACT_NAME: test-results - CONSUL_LICENSE: ${{ secrets.CONSUL_LICENSE }} - GOTAGS: ${{ endsWith(github.repository, '-enterprise') && 'consulent' || '' }} - GOTESTSUM_VERSION: "1.11.0" - CONSUL_BINARY_UPLOAD_NAME: consul-bin - # strip the hashicorp/ off the front of github.repository for consul - CONSUL_LATEST_IMAGE_NAME: ${{ endsWith(github.repository, '-enterprise') && github.repository || 'hashicorp/consul' }} - GOPRIVATE: github.com/hashicorp # Required for enterprise deps - BRANCH: "release/1.18.x" - BRANCH_NAME: "release-1.18.x" # Used for naming artifacts - -jobs: - check-ent: - runs-on: ubuntu-latest - if: ${{ endsWith(github.repository, '-enterprise') }} - steps: - - run: echo "Building Enterprise" - - setup: - runs-on: ubuntu-latest - needs: [check-ent] - name: Setup - outputs: - compute-small: ${{ steps.runners.outputs.compute-small }} - compute-medium: ${{ steps.runners.outputs.compute-medium }} - compute-large: ${{ steps.runners.outputs.compute-large }} - compute-xl: ${{ steps.runners.outputs.compute-xl }} - enterprise: ${{ steps.runners.outputs.enterprise }} - steps: - - name: Checkout code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - ref: ${{ env.BRANCH }} - - id: runners - run: .github/scripts/get_runner_classes.sh - - get-go-version: - needs: [check-ent] - uses: ./.github/workflows/reusable-get-go-version.yml - with: - ref: release/1.18.x - - get-envoy-versions: - uses: ./.github/workflows/reusable-get-envoy-versions.yml - with: - ref: release/1.18.x - - dev-build: - needs: - - setup - - get-go-version - uses: ./.github/workflows/reusable-dev-build.yml - with: - runs-on: ${{ needs.setup.outputs.compute-large }} - repository-name: ${{ github.repository }} - uploaded-binary-name: 'consul-bin' - branch-name: "release/1.17.x" - go-version: ${{ needs.get-go-version.outputs.go-version }} - secrets: - elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} - - generate-envoy-job-matrices: - needs: [setup] - runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} - name: Generate Envoy Job Matrices - outputs: - envoy-matrix: ${{ steps.set-matrix.outputs.envoy-matrix }} - steps: - - name: Checkout code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - ref: ${{ env.BRANCH }} - - name: Generate Envoy Job Matrix - id: set-matrix - env: - # TEST_SPLITS sets the number of test case splits to use in the matrix. This will be - # further multiplied in envoy-integration tests by the other dimensions in the matrix - # to determine the total number of runners used. - TEST_SPLITS: 4 - JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' - run: | - NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l) - - if [ "$NUM_DIRS" -lt "$TEST_SPLITS" ]; then - echo "TEST_SPLITS is larger than the number of tests/packages to split." - TEST_SPLITS=$((NUM_DIRS-1)) - fi - # fix issue where test splitting calculation generates 1 more split than TEST_SPLITS. - TEST_SPLITS=$((TEST_SPLITS-1)) - { - echo -n "envoy-matrix=" - find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \ - | xargs -0 -n 1 basename \ - | jq --raw-input --argjson runnercount "$TEST_SPLITS" "$JQ_SLICER" \ - | jq --compact-output 'map(join("|"))' - } >> "$GITHUB_OUTPUT" - - envoy-integration-test: - runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} - needs: - - setup - - get-go-version - - get-envoy-versions - - generate-envoy-job-matrices - - dev-build - permissions: - id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read - strategy: - fail-fast: false - matrix: - envoy-version: ${{ fromJSON(needs.get-envoy-versions.outputs.envoy-versions-json) }} - xds-target: ["server", "client"] - test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} - env: - ENVOY_VERSION: ${{ matrix.envoy-version }} - XDS_TARGET: ${{ matrix.xds-target }} - AWS_LAMBDA_REGION: us-west-2 - steps: - - name: Checkout code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - ref: ${{ env.BRANCH }} - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: ${{ needs.get-go-version.outputs.go-version }} - - - name: fetch binary - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 - with: - name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}' - path: ./bin - - name: restore mode+x - run: chmod +x ./bin/consul - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - - - name: Docker build - run: docker build -t consul:local -f ./build-support/docker/Consul-Dev.dockerfile ./bin - - - name: Envoy Integration Tests - env: - GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml - GOTESTSUM_FORMAT: standard-verbose - COMPOSE_INTERACTIVE_NO_CLI: 1 - LAMBDA_TESTS_ENABLED: "true" - # tput complains if this isn't set to something. - TERM: ansi - run: | - # shellcheck disable=SC2001 - echo "Running $(sed 's,|, ,g' <<< "${{ matrix.test-cases }}" |wc -w) subtests" - # shellcheck disable=SC2001 - sed 's,|,\n,g' <<< "${{ matrix.test-cases }}" - go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --debug \ - --rerun-fails \ - --rerun-fails-report=/tmp/gotestsum-rerun-fails \ - --jsonfile /tmp/jsonfile/go-test.log \ - --packages=./test/integration/connect/envoy \ - -- -timeout=30m -tags integration -run="TestEnvoy/(${{ matrix.test-cases }})" - - # NOTE: ENT specific step as we store secrets in Vault. - - name: Authenticate to Vault - if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} - id: vault-auth - run: vault-auth - - # NOTE: ENT specific step as we store secrets in Vault. - - name: Fetch Secrets - if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} - id: secrets - uses: hashicorp/vault-action@v3 - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - - - name: prepare datadog-ci - if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }} - run: | - curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" - chmod +x /usr/local/bin/datadog-ci - - - name: upload coverage - # do not run on forks - if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }} - env: - DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" - DD_ENV: ci - run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml - - upgrade-integration-test: - runs-on: ${{ fromJSON(needs.setup.outputs.compute-large) }} - needs: - - setup - - get-go-version - - dev-build - permissions: - id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read - strategy: - fail-fast: false - matrix: - consul-version: ["1.15", "1.16", "1.17", "1.18"] - env: - CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} - # ENVOY_VERSION should be the latest version supported by _all_ Consul versions in the - # matrix.consul-version, since we are testing upgrade from an older Consul version. - # In practice, this should be the highest Envoy version supported by the lowest non-LTS - # Consul version in the matrix (LTS versions receive additional Envoy version support). - # - # This value should be kept current in new nightly test workflows, and updated any time - # a new major Envoy release is added to the set supported by Consul versions in - # matrix.consul-version (i.e. whenever the highest common Envoy version across active - # Consul versions changes). The minor Envoy version does not necessarily need to be - # kept current for the purpose of these tests, but the major (1.N) version should be. - ENVOY_VERSION: 1.27.6 - steps: - - name: Checkout code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - ref: ${{ env.BRANCH }} - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: ${{ needs.get-go-version.outputs.go-version }} - - run: go env - - # Get go binary from workspace - - name: fetch binary - uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7 - with: - name: '${{ env.CONSUL_BINARY_UPLOAD_NAME }}' - path: . - - name: restore mode+x - run: chmod +x consul - - name: Build consul:local image - run: docker build -t ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local -f ./build-support/docker/Consul-Dev.dockerfile . - - name: Build consul-envoy:latest-version image - id: buildConsulEnvoyLatestImage - run: | - if ${{ endsWith(github.repository, '-enterprise') }} == 'true' - then - docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }}-ent --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets - else - docker build -t consul-envoy:latest-version --build-arg CONSUL_IMAGE=docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }}:${{ env.CONSUL_LATEST_VERSION }} --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets - fi - - name: Build consul-envoy:target-version image - id: buildConsulEnvoyTargetImage - continue-on-error: true - run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets - - name: Retry Build consul-envoy:target-version image - if: steps.buildConsulEnvoyTargetImage.outcome == 'failure' - run: docker build -t consul-envoy:target-version --build-arg CONSUL_IMAGE=${{ env.CONSUL_LATEST_IMAGE_NAME }}:local --build-arg ENVOY_VERSION=${{ env.ENVOY_VERSION }} -f ./test/integration/consul-container/assets/Dockerfile-consul-envoy ./test/integration/consul-container/assets - - name: Build sds image - run: docker build -t consul-sds-server ./test/integration/connect/envoy/test-sds-server/ - - name: Configure GH workaround for ipv6 loopback - if: ${{ !endsWith(github.repository, '-enterprise') }} - run: | - cat /etc/hosts && echo "-----------" - sudo sed -i 's/::1 *localhost ip6-localhost ip6-loopback/::1 ip6-localhost ip6-loopback/g' /etc/hosts - cat /etc/hosts - - name: Upgrade Integration Tests - run: | - mkdir -p "${{ env.TEST_RESULTS_DIR }}" - cd ./test/integration/consul-container/test/upgrade - docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version - go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --raw-command \ - --format=github-actions \ - --rerun-fails \ - --packages="./..." \ - -- \ - go test \ - -p=4 \ - -tags "${{ env.GOTAGS }}" \ - -timeout=30m \ - -json \ - ./... \ - --follow-log=false \ - --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --target-version local \ - --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --latest-version "${{ env.CONSUL_LATEST_VERSION }}" - ls -lrt - env: - # this is needed because of incompatibility between RYUK container and GHA - GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml - GOTESTSUM_FORMAT: standard-verbose - COMPOSE_INTERACTIVE_NO_CLI: 1 - # tput complains if this isn't set to something. - TERM: ansi - # NOTE: ENT specific step as we store secrets in Vault. - - name: Authenticate to Vault - if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} - id: vault-auth - run: vault-auth - - # NOTE: ENT specific step as we store secrets in Vault. - - name: Fetch Secrets - if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} - id: secrets - uses: hashicorp/vault-action@v3 - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - - - name: prepare datadog-ci - if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }} - run: | - curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" - chmod +x /usr/local/bin/datadog-ci - - - name: upload coverage - # do not run on forks - if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }} - env: - DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" - DD_ENV: ci - run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml - - upgrade-integration-test-deployer: - runs-on: ${{ fromJSON(needs.setup.outputs.compute-large ) }} - needs: - - setup - - get-go-version - - dev-build - permissions: - id-token: write # NOTE: this permission is explicitly required for Vault auth. - contents: read - strategy: - fail-fast: false - matrix: - consul-version: [ "1.15", "1.16", "1.17"] - env: - CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} - steps: - - name: Checkout code - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - with: - ref: ${{ env.BRANCH }} - # NOTE: This step is specifically needed for ENT. It allows us to access the required private HashiCorp repos. - - name: Setup Git - if: ${{ endsWith(github.repository, '-enterprise') }} - run: git config --global url."https://${{ secrets.ELEVATED_GITHUB_TOKEN }}:@github.com".insteadOf "https://github.com" - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: ${{ needs.get-go-version.outputs.go-version }} - - run: go env - - name: Build image - run: make test-deployer-setup - - name: Upgrade Integration Tests - run: | - mkdir -p "${{ env.TEST_RESULTS_DIR }}" - export NOLOGBUFFER=1 - cd ./test-integ/upgrade - docker run --rm ${{ env.CONSUL_LATEST_IMAGE_NAME }}:local consul version - go run gotest.tools/gotestsum@v${{env.GOTESTSUM_VERSION}} \ - --raw-command \ - --format=standard-verbose \ - --debug \ - --packages="./..." \ - -- \ - go test \ - -tags "${{ env.GOTAGS }}" \ - -timeout=60m \ - -parallel=2 \ - -json \ - ./... \ - --target-image ${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --target-version local \ - --latest-image docker.mirror.hashicorp.services/${{ env.CONSUL_LATEST_IMAGE_NAME }} \ - --latest-version "${{ env.CONSUL_LATEST_VERSION }}" - env: - # this is needed because of incompatibility between RYUK container and GHA - GOTESTSUM_JUNITFILE: ${{ env.TEST_RESULTS_DIR }}/results.xml - GOTESTSUM_FORMAT: standard-verbose - COMPOSE_INTERACTIVE_NO_CLI: 1 - # tput complains if this isn't set to something. - TERM: ansi - # NOTE: ENT specific step as we store secrets in Vault. - - name: Authenticate to Vault - if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} - id: vault-auth - run: vault-auth - - # NOTE: ENT specific step as we store secrets in Vault. - - name: Fetch Secrets - if: ${{ !cancelled() && endsWith(github.repository, '-enterprise') }} - id: secrets - uses: hashicorp/vault-action@v3 - with: - url: ${{ steps.vault-auth.outputs.addr }} - caCertificate: ${{ steps.vault-auth.outputs.ca_certificate }} - token: ${{ steps.vault-auth.outputs.token }} - secrets: | - kv/data/github/${{ github.repository }}/datadog apikey | DATADOG_API_KEY; - - - name: prepare datadog-ci - if: ${{ !cancelled() && !endsWith(github.repository, '-enterprise') }} - run: | - curl -L --fail "https://github.com/DataDog/datadog-ci/releases/latest/download/datadog-ci_linux-x64" --output "/usr/local/bin/datadog-ci" - chmod +x /usr/local/bin/datadog-ci - - - name: upload coverage - # do not run on forks - if: ${{ !cancelled() && github.event.pull_request.head.repo.full_name == github.repository }} - env: - DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" - DD_ENV: ci - run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml - - test-integrations-success: - needs: - - setup - - dev-build - - generate-envoy-job-matrices - - envoy-integration-test - - upgrade-integration-test - - upgrade-integration-test-deployer - runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} - if: ${{ always() && endsWith(github.repository, '-enterprise') }} - steps: - - name: evaluate upstream job results - run: | - # exit 1 if failure or cancelled result for any upstream job - if printf '${{ toJSON(needs) }}' | grep -E -i '\"result\": \"(failure|cancelled)\"'; then - printf "Tests failed or workflow cancelled:\n\n${{ toJSON(needs) }}" - exit 1 - fi - - name: Notify Slack - if: ${{ failure() }} - id: slack - uses: slackapi/slack-github-action@70cd7be8e40a46e8b0eced40b0de447bdb42f68e # v1.26.0 - with: - payload: | - { - "message": "One or more nightly integration tests have failed on branch ${{ env.BRANCH }} for Consul. ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.CONSUL_NIGHTLY_INTEG_TEST_SLACK_WEBHOOK }} diff --git a/.github/workflows/nightly-test-integrations.yml b/.github/workflows/nightly-test-integrations.yml index cfaa25303062a..bf914f88935d4 100644 --- a/.github/workflows/nightly-test-integrations.yml +++ b/.github/workflows/nightly-test-integrations.yml @@ -6,7 +6,7 @@ name: Nightly test-integrations on: schedule: # Run nightly at 12AM UTC/8PM EST/5PM PST - - cron: '0 0 * * *' + - cron: '* 0 * * *' workflow_dispatch: {} env: @@ -41,9 +41,6 @@ jobs: get-go-version: uses: ./.github/workflows/reusable-get-go-version.yml - get-envoy-versions: - uses: ./.github/workflows/reusable-get-envoy-versions.yml - dev-build: needs: - setup @@ -58,9 +55,7 @@ jobs: elevated-github-token: ${{ secrets.ELEVATED_GITHUB_TOKEN }} generate-envoy-job-matrices: - needs: - - setup - - get-envoy-versions + needs: [setup] runs-on: ${{ fromJSON(needs.setup.outputs.compute-small) }} name: Generate Envoy Job Matrices outputs: @@ -73,25 +68,28 @@ jobs: - name: Generate Envoy Job Matrix id: set-matrix env: - # TEST_SPLITS sets the number of test case splits to use in the matrix. This will be - # further multiplied in envoy-integration tests by the other dimensions in the matrix - # to determine the total number of runners used. - TEST_SPLITS: 4 + # this is further going to multiplied in envoy-integration tests by the + # other dimensions in the matrix. Currently TOTAL_RUNNERS would be + # multiplied by 8 based on these values: + # envoy-version: ["1.26.8", "1.27.5", "1.28.3", "1.29.4"] + # xds-target: ["server", "client"] + TOTAL_RUNNERS: 8 JQ_SLICER: '[ inputs ] | [_nwise(length / $runnercount | floor)]' run: | + NUM_RUNNERS=$TOTAL_RUNNERS NUM_DIRS=$(find ./test/integration/connect/envoy -mindepth 1 -maxdepth 1 -type d | wc -l) - if [ "$NUM_DIRS" -lt "$TEST_SPLITS" ]; then - echo "TEST_SPLITS is larger than the number of tests/packages to split." - TEST_SPLITS=$((NUM_DIRS-1)) + if [ "$NUM_DIRS" -lt "$NUM_RUNNERS" ]; then + echo "TOTAL_RUNNERS is larger than the number of tests/packages to split." + NUM_RUNNERS=$((NUM_DIRS-1)) fi - # fix issue where test splitting calculation generates 1 more split than TEST_SPLITS. - TEST_SPLITS=$((TEST_SPLITS-1)) + # fix issue where test splitting calculation generates 1 more split than TOTAL_RUNNERS. + NUM_RUNNERS=$((NUM_RUNNERS-1)) { echo -n "envoy-matrix=" find ./test/integration/connect/envoy -maxdepth 1 -type d -print0 \ | xargs -0 -n 1 basename \ - | jq --raw-input --argjson runnercount "$TEST_SPLITS" "$JQ_SLICER" \ + | jq --raw-input --argjson runnercount "$NUM_RUNNERS" "$JQ_SLICER" \ | jq --compact-output 'map(join("|"))' } >> "$GITHUB_OUTPUT" @@ -100,7 +98,6 @@ jobs: needs: - setup - get-go-version - - get-envoy-versions - generate-envoy-job-matrices - dev-build permissions: @@ -109,7 +106,7 @@ jobs: strategy: fail-fast: false matrix: - envoy-version: ${{ fromJSON(needs.get-envoy-versions.outputs.envoy-versions-json) }} + envoy-version: ["1.26.8", "1.27.6", "1.28.4", "1.29.5"] xds-target: ["server", "client"] test-cases: ${{ fromJSON(needs.generate-envoy-job-matrices.outputs.envoy-matrix) }} env: @@ -191,7 +188,7 @@ jobs: DATADOG_API_KEY: "${{ endsWith(github.repository, '-enterprise') && env.DATADOG_API_KEY || secrets.DATADOG_API_KEY }}" DD_ENV: ci run: datadog-ci junit upload --service "$GITHUB_REPOSITORY" $TEST_RESULTS_DIR/results.xml - + upgrade-integration-test: runs-on: ${{ fromJSON(needs.setup.outputs.compute-large ) }} needs: @@ -204,20 +201,13 @@ jobs: strategy: fail-fast: false matrix: - consul-version: ["1.17", "1.18", "1.19"] + consul-version: [ "1.17", "1.18"] env: CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} - # ENVOY_VERSION should be the latest version supported by _all_ Consul versions in the - # matrix.consul-version, since we are testing upgrade from an older Consul version. - # In practice, this should be the highest Envoy version supported by the lowest non-LTS - # Consul version in the matrix (LTS versions receive additional Envoy version support). - # - # This value should be kept current in new nightly test workflows, and updated any time - # a new major Envoy release is added to the set supported by Consul versions in - # matrix.consul-version (i.e. whenever the highest common Envoy version across active - # Consul versions changes). The minor Envoy version does not necessarily need to be - # kept current for the purpose of these tests, but the major (1.N) version should be. - ENVOY_VERSION: 1.27.6 + # ENVOY_VERSION should be the latest version upported by all + # consul versions in the matrix.consul-version, since we are testing upgrade from + # an older consul version, e.g., 1.27.5 is supported by both 1.16 and 1.17. + ENVOY_VERSION: "1.27.5" steps: - name: Checkout code uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 @@ -339,7 +329,7 @@ jobs: strategy: fail-fast: false matrix: - consul-version: [ "1.17", "1.18"] + consul-version: [ "1.16", "1.17"] env: CONSUL_LATEST_VERSION: ${{ matrix.consul-version }} steps: diff --git a/.github/workflows/test-integrations.yml b/.github/workflows/test-integrations.yml index 3d57c90994711..6cad2eb924d38 100644 --- a/.github/workflows/test-integrations.yml +++ b/.github/workflows/test-integrations.yml @@ -512,7 +512,7 @@ jobs: strategy: fail-fast: false env: - DEPLOYER_CONSUL_DATAPLANE_IMAGE: "docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.3-dev" + DEPLOYER_CONSUL_DATAPLANE_IMAGE: "docker.mirror.hashicorp.services/hashicorppreview/consul-dataplane:1.5-dev" steps: - name: Checkout code uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 diff --git a/.release/versions.hcl b/.release/versions.hcl index fdc0f2989d27b..abdd7f3342d42 100644 --- a/.release/versions.hcl +++ b/.release/versions.hcl @@ -6,13 +6,12 @@ schema = 1 active_versions { - version "1.19" { - ce_active = true - } version "1.18" { + ce_active = true lts = true } version "1.17" {} + version "1.16" {} version "1.15" { lts = true } diff --git a/CHANGELOG.md b/CHANGELOG.md index acc8bbe298f9f..bd5c2584c9b15 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,105 +1,3 @@ -## 1.19.1 (July 11, 2024) - -SECURITY: - -* Upgrade envoy module dependencies to version 1.27.7, 1.28.5 and 1.29.7 or higher to resolve [CVE-2024-39305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39305) [[GH-21524](https://github.com/hashicorp/consul/issues/21524)] -* Upgrade go version to 1.22.5 to address [CVE-2024-24791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791) [[GH-21507](https://github.com/hashicorp/consul/issues/21507)] -* Upgrade go-retryablehttp to address [CVE-2024-6104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6104) [[GH-21384](https://github.com/hashicorp/consul/issues/21384)] -* agent: removed reflected cross-site scripting vulnerability [[GH-21342](https://github.com/hashicorp/consul/issues/21342)] -* ui: Pin and namespace sub-module dependencies related to the Consul UI [[GH-21378](https://github.com/hashicorp/consul/issues/21378)] - -IMPROVEMENTS: - -* mesh: update supported envoy version 1.29.5 in addition to 1.28.4, 1.27.6. [[GH-21277](https://github.com/hashicorp/consul/issues/21277)] - -BUG FIXES: - -* core: Fix multiple incorrect type conversion for potential overflows [[GH-21251](https://github.com/hashicorp/consul/issues/21251)] -* core: Fix panic runtime error on AliasCheck [[GH-21339](https://github.com/hashicorp/consul/issues/21339)] -* dns: Fix a regression where DNS SRV questions were returning duplicate hostnames instead of encoded IPs. - This affected Nomad integrations with Consul. [[GH-21361](https://github.com/hashicorp/consul/issues/21361)] -* dns: Fix a regression where DNS tags using the standard lookup syntax, `tag.name.service.consul`, were being disregarded. [[GH-21361](https://github.com/hashicorp/consul/issues/21361)] -* dns: Fixes a spam log message "Failed to parse TTL for prepared query..." - that was always being logged on each prepared query evaluation. [[GH-21381](https://github.com/hashicorp/consul/issues/21381)] -* terminating-gateway: **(Enterprise Only)** Fixed issue where enterprise metadata applied to linked services was the terminating-gateways enterprise metadata and not the linked services enterprise metadata. [[GH-21382](https://github.com/hashicorp/consul/issues/21382)] -* txn: Fix a bug where mismatched Consul server versions could result in undetected data loss for when using newer Transaction verbs. [[GH-21519](https://github.com/hashicorp/consul/issues/21519)] - -## 1.18.3 Enterprise (July 11, 2024) - -**Enterprise LTS**: Consul Enterprise 1.18 is a Long-Term Support (LTS) release. - -SECURITY: - -* Upgrade envoy module dependencies to version 1.27.7, 1.28.5 and 1.29.7 or higher to resolve [CVE-2024-39305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39305) [[GH-21524](https://github.com/hashicorp/consul/issues/21524)] -* Upgrade go version to 1.22.5 to address [CVE-2024-24791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791) [[GH-21507](https://github.com/hashicorp/consul/issues/21507)] -* Upgrade go-retryablehttp to address [CVE-2024-6104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6104) [[GH-21384](https://github.com/hashicorp/consul/issues/21384)] -* agent: removed reflected cross-site scripting vulnerability [[GH-21342](https://github.com/hashicorp/consul/issues/21342)] -* ui: Pin and namespace sub-module dependencies related to the Consul UI [[GH-21378](https://github.com/hashicorp/consul/issues/21378)] - -IMPROVEMENTS: - -* mesh: update supported envoy version 1.29.4 -* mesh: update supported envoy version 1.29.5 in addition to 1.28.4, 1.27.6. [[GH-21277](https://github.com/hashicorp/consul/issues/21277)] -* upgrade go version to v1.22.3. [[GH-21113](https://github.com/hashicorp/consul/issues/21113)] -* upgrade go version to v1.22.4. [[GH-21265](https://github.com/hashicorp/consul/issues/21265)] - -BUG FIXES: - -* core: Fix multiple incorrect type conversion for potential overflows [[GH-21251](https://github.com/hashicorp/consul/issues/21251)] -* core: Fix panic runtime error on AliasCheck [[GH-21339](https://github.com/hashicorp/consul/issues/21339)] -* dns: Fixes a spam log message "Failed to parse TTL for prepared query..." - that was always being logged on each prepared query evaluation. [[GH-21381](https://github.com/hashicorp/consul/issues/21381)] -* terminating-gateway: **(Enterprise Only)** Fixed issue where enterprise metadata applied to linked services was the terminating-gateways enterprise metadata and not the linked services enterprise metadata. [[GH-21382](https://github.com/hashicorp/consul/issues/21382)] -* txn: Fix a bug where mismatched Consul server versions could result in undetected data loss for when using newer Transaction verbs. [[GH-21519](https://github.com/hashicorp/consul/issues/21519)] -* v2dns: Fix a regression where DNS SRV questions were returning duplicate hostnames instead of encoded IPs. - This affected Nomad integrations with Consul. [[GH-21361](https://github.com/hashicorp/consul/issues/21361)] -* v2dns: Fix a regression where DNS tags using the standard lookup syntax, `tag.name.service.consul`, were being disregarded. [[GH-21361](https://github.com/hashicorp/consul/issues/21361)] - -## 1.17.6 Enterprise (July 11, 2024) - -SECURITY: - -* Upgrade envoy module dependencies to version 1.27.7, 1.28.5 and 1.29.7 or higher to resolve [CVE-2024-39305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39305) [[GH-21524](https://github.com/hashicorp/consul/issues/21524)] -* Upgrade go version to 1.22.5 to address [CVE-2024-24791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791) [[GH-21507](https://github.com/hashicorp/consul/issues/21507)] -* Upgrade go-retryablehttp to address [CVE-2024-6104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6104) [[GH-21384](https://github.com/hashicorp/consul/issues/21384)] -* agent: removed reflected cross-site scripting vulnerability [[GH-21342](https://github.com/hashicorp/consul/issues/21342)] -* ui: Pin and namespace sub-module dependencies related to the Consul UI [[GH-21378](https://github.com/hashicorp/consul/issues/21378)] - -IMPROVEMENTS: - -* upgrade go version to v1.22.3. [[GH-21113](https://github.com/hashicorp/consul/issues/21113)] -* upgrade go version to v1.22.4. [[GH-21265](https://github.com/hashicorp/consul/issues/21265)] - -BUG FIXES: - -* core: Fix panic runtime error on AliasCheck [[GH-21339](https://github.com/hashicorp/consul/issues/21339)] -* terminating-gateway: **(Enterprise Only)** Fixed issue where enterprise metadata applied to linked services was the terminating-gateways enterprise metadata and not the linked services enterprise metadata. [[GH-21382](https://github.com/hashicorp/consul/issues/21382)] -* txn: Fix a bug where mismatched Consul server versions could result in undetected data loss for when using newer Transaction verbs. [[GH-21519](https://github.com/hashicorp/consul/issues/21519)] - -## 1.15.13 Enterprise (July 11, 2024) - -**Enterprise LTS**: Consul Enterprise 1.15 is a Long-Term Support (LTS) release. - -SECURITY: - -* Upgrade envoy module dependencies to version 1.27.7, 1.28.5 and 1.29.7 or higher to resolve [CVE-2024-39305](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39305) [[GH-21524](https://github.com/hashicorp/consul/issues/21524)] -* Upgrade go version to 1.22.5 to address [CVE-2024-24791](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-24791) [[GH-21507](https://github.com/hashicorp/consul/issues/21507)] -* Upgrade go-retryablehttp to address [CVE-2024-6104](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6104) [[GH-21384](https://github.com/hashicorp/consul/issues/21384)] -* agent: removed reflected cross-site scripting vulnerability [[GH-21342](https://github.com/hashicorp/consul/issues/21342)] -* ui: Pin and namespace sub-module dependencies related to the Consul UI [[GH-21378](https://github.com/hashicorp/consul/issues/21378)] - -IMPROVEMENTS: - -* mesh: update supported envoy version 1.29.4 -* upgrade go version to v1.22.3. [[GH-21113](https://github.com/hashicorp/consul/issues/21113)] -* upgrade go version to v1.22.4. [[GH-21265](https://github.com/hashicorp/consul/issues/21265)] - -BUG FIXES: - -* core: Fix panic runtime error on AliasCheck [[GH-21339](https://github.com/hashicorp/consul/issues/21339)] -* terminating-gateway: **(Enterprise Only)** Fixed issue where enterprise metadata applied to linked services was the terminating-gateways enterprise metadata and not the linked services enterprise metadata. [[GH-21382](https://github.com/hashicorp/consul/issues/21382)] -* txn: Fix a bug where mismatched Consul server versions could result in undetected data loss for when using newer Transaction verbs. [[GH-21519](https://github.com/hashicorp/consul/issues/21519)] - ## 1.19.0 (June 12, 2024) BREAKING CHANGES: diff --git a/go.mod b/go.mod index a6ebcbaabd580..00457c54bc7b9 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/hashicorp/consul -go 1.22 +go 1.20 toolchain go1.22.5 diff --git a/go.sum b/go.sum index 86dbf3e57d072..886a25dcf58da 100644 --- a/go.sum +++ b/go.sum @@ -195,7 +195,6 @@ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dnaeon/go-vcr v0.0.0-20180814043457-aafff18a5cc2/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/dnaeon/go-vcr v1.0.1 h1:r8L/HqC0Hje5AXMu1ooW8oyQyOFv4GxqpL0nRP7SLLY= -github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E= github.com/docker/go-connections v0.4.0 h1:El9xVISelRB7BuFusrZozjnkIM5YnzCViNKohAFqRJQ= github.com/docker/go-connections v0.4.0/go.mod h1:Gbd7IOopHjR8Iph03tsViu4nIes5XhDvyHbTtUxmeec= github.com/docopt/docopt-go v0.0.0-20180111231733-ee0de3bc6815/go.mod h1:WwZ+bS3ebgob9U8Nd0kOddGdZWjyMGR8Wziv+TBNwSE= @@ -227,7 +226,6 @@ github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga github.com/frankban/quicktest v1.10.0/go.mod h1:ui7WezCLWMWxVWr1GETZY3smRy0G4KWq9vcPtJmFl7Y= github.com/frankban/quicktest v1.13.0/go.mod h1:qLE0fzW0VuyUAJgPU19zByoIr0HtCHN/r/VLSOOIySU= github.com/frankban/quicktest v1.14.3 h1:FJKSZTDHjyhriyC81FLQ0LY93eSai0ZyR/ZIkd3ZUKE= -github.com/frankban/quicktest v1.14.3/go.mod h1:mgiwOwqx65TmIk1wJ6Q7wvnVMocbUorkibMOrVTHZps= github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo= github.com/fsnotify/fsnotify v1.6.0 h1:n+5WquG0fcWoWp6xPWfHdbskMCQaFnG6PfBrh1Ky4HY= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= @@ -291,7 +289,6 @@ github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOW github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= github.com/golang/glog v1.1.0 h1:/d3pCKDPWNnvIWe0vVUpNP32qc8U3PDVxySP/y360qE= -github.com/golang/glog v1.1.0/go.mod h1:pfYeQZ3JWZoXTV5sFc986z3HTpwQs9At6P4ImfuP3NQ= github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -516,7 +513,6 @@ github.com/hashicorp/raft-autopilot v0.1.6/go.mod h1:Af4jZBwaNOI+tXfIqIdbcAnh/Uy github.com/hashicorp/raft-boltdb v0.0.0-20171010151810-6e5ba93211ea/go.mod h1:pNv7Wc3ycL6F5oOWn+tPGo2gWD4a5X+yp/ntwdKLjRk= github.com/hashicorp/raft-boltdb v0.0.0-20210409134258-03c10cc3d4ea/go.mod h1:qRd6nFJYYS6Iqnc/8HcUmko2/2Gw8qTFEmxDLii6W5I= github.com/hashicorp/raft-boltdb v0.0.0-20220329195025-15018e9b97e0 h1:CO8dBMLH6dvE1jTn/30ZZw3iuPsNfajshWoJTnVc5cc= -github.com/hashicorp/raft-boltdb v0.0.0-20220329195025-15018e9b97e0/go.mod h1:nTakvJ4XYq45UXtn0DbwR4aU9ZdjlnIenpbs6Cd+FM0= github.com/hashicorp/raft-boltdb/v2 v2.2.2 h1:rlkPtOllgIcKLxVT4nutqlTH2NRFn+tO1wwZk/4Dxqw= github.com/hashicorp/raft-boltdb/v2 v2.2.2/go.mod h1:N8YgaZgNJLpZC+h+by7vDu5rzsRgONThTEeUS3zWbfY= github.com/hashicorp/raft-wal v0.4.1 h1:aU8XZ6x8R9BAIB/83Z1dTDtXvDVmv9YVYeXxd/1QBSA= @@ -551,7 +547,6 @@ github.com/inconshreveable/mousetrap v1.0.0/go.mod h1:PxqpIevigyE2G7u3NXJIT2ANyt github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ= github.com/jackc/pgx v3.3.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I= github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da h1:FjHUJJ7oBW4G/9j1KzlHaXL09LyMVM9rupS39lncbXk= -github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4= github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI= github.com/jhump/gopoet v0.0.0-20190322174617-17282ff210b3/go.mod h1:me9yfT6IJSlOL3FCfrg+L6yzUEZ+5jW6WHt4Sk+UPUI= github.com/jhump/gopoet v0.1.0/go.mod h1:me9yfT6IJSlOL3FCfrg+L6yzUEZ+5jW6WHt4Sk+UPUI= @@ -589,13 +584,11 @@ github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfn github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4= -github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/lib/pq v1.1.1/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo= github.com/linode/linodego v0.10.0 h1:AMdb82HVgY8o3mjBXJcUv9B+fnJjfDMn2rNRGbX+jvM= github.com/linode/linodego v0.10.0/go.mod h1:cziNP7pbvE3mXIPneHj0oRY8L1WtGEIKlZ8LANE4eXA= @@ -690,9 +683,7 @@ github.com/olekukonko/tablewriter v0.0.0-20180130162743-b8a9be070da4/go.mod h1:v github.com/olekukonko/tablewriter v0.0.4 h1:vHD/YYe1Wolo78koG299f7V/VAS08c6IpCLn+Ejf/w8= github.com/olekukonko/tablewriter v0.0.4/go.mod h1:zq6QwlOf5SlnkVbMSr5EoBv3636FWnp+qbPhuoO21uA= github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= -github.com/onsi/ginkgo/v2 v2.4.0/go.mod h1:iHkDK1fKGcBoEHT5W7YBq4RFWaQulw+caOMkAt4OrFo= github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys= -github.com/onsi/gomega v1.23.0/go.mod h1:Z/NWtiqwBrwUt4/2loMmHL63EDLnYHmVbuBpDr2vQAg= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= @@ -760,7 +751,6 @@ github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6L github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.11.0 h1:cWPaGQEPrBb5/AsnsZesgZZ9yb1OQ+GOISoDNXVBh4M= -github.com/rogpeppe/go-internal v1.11.0/go.mod h1:ddIwULY96R17DhadqLgMfk9H9tvdUzkipdSkR5nkCZA= github.com/rs/zerolog v1.4.0/go.mod h1:YbFCdg8HfsridGWAh22vktObvhZbQsZXe4/zB0OKkWU= github.com/russross/blackfriday v1.5.2/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= @@ -777,7 +767,6 @@ github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg github.com/segmentio/fasthash v1.0.3 h1:EI9+KE1EwvMLBWwjpRDc+fEM+prwxDYbslddQGtrmhM= github.com/segmentio/fasthash v1.0.3/go.mod h1:waKX8l2N8yckOgmSsXJi7x1ZfdKZ4x7KRMzBtS3oedY= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/shirou/gopsutil/v3 v3.22.9 h1:yibtJhIVEMcdw+tCTbOPiF1VcsuDeTE4utJ8Dm4c5eA= github.com/shirou/gopsutil/v3 v3.22.9/go.mod h1:bBYl1kjgEJpWpxeHmLI+dVHWtyAwfcmSBLDsp2TNT8A= github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4= @@ -1384,7 +1373,6 @@ gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= diff --git a/test-integ/go.mod b/test-integ/go.mod index 072dda44acf07..4e06d2f16fadb 100644 --- a/test-integ/go.mod +++ b/test-integ/go.mod @@ -1,8 +1,6 @@ module github.com/hashicorp/consul/test-integ -go 1.22 - -toolchain go1.22.5 +go 1.20 require ( github.com/google/go-cmp v0.5.9 diff --git a/test-integ/go.sum b/test-integ/go.sum index a7b09dfb8318e..5428aef74da74 100644 --- a/test-integ/go.sum +++ b/test-integ/go.sum @@ -1,7 +1,6 @@ dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= fortio.org/assert v1.1.4 h1:Za1RaG+OjsTMpQS3J3UCvTF6wc4+IOHCz+jAOU37Y4o= -fortio.org/assert v1.1.4/go.mod h1:039mG+/iYDPO8Ibx8TrNuJCm2T2SuhwRI3uL9nHTTls= fortio.org/dflag v1.5.2 h1:F9XVRj4Qr2IbJP7BMj7XZc9wB0Q/RZ61Ool+4YPVad8= fortio.org/dflag v1.5.2/go.mod h1:ppb/A8u+KKg+qUUYZNYuvRnXuVb8IsdHb/XGzsmjkN8= fortio.org/fortio v1.54.0 h1:2jn8yTd6hcIEoKY4CjI0lI6XxTWVxsMYF2bMiWOmv+Y= @@ -13,14 +12,12 @@ fortio.org/sets v1.0.2/go.mod h1:xVjulHr0FhlmReSymI+AhDtQ4FgjiazQ3JmuNpYFMs8= fortio.org/version v1.0.2 h1:8NwxdX58aoeKx7T5xAPO0xlUu1Hpk42nRz5s6e6eKZ0= fortio.org/version v1.0.2/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3tL4fMGNddJ+vMq1mwgfaqoQ= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek= -github.com/Microsoft/hcsshim v0.10.0-rc.8/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -54,9 +51,7 @@ github.com/containerd/containerd v1.7.3/go.mod h1:32FOM4/O0RkNg7AjQj3hDzN9cUGtu+ github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E= github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= -github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= -github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -166,13 +161,10 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= -github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348 h1:MtvEpTB6LX3vkb4ax0b5D2DHbNAUsen0Gx5wZoq3lV4= -github.com/kylelemons/godebug v0.0.0-20170820004349-d65d576e9348/go.mod h1:B69LEHPfb2qLo0BaaOLcbitczOKLWTsrBG9LczfCD4k= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -233,7 +225,6 @@ github.com/opencontainers/runc v1.1.8/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ= github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= -github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -270,13 +261,11 @@ github.com/rboyer/blankspace v0.2.1/go.mod h1:GhnCkDlx1SYD6m4XCde73ncQ8pFTLSJvlC github.com/rboyer/safeio v0.2.3 h1:gUybicx1kp8nuM4vO0GA5xTBX58/OBd8MQuErBfDxP8= github.com/rboyer/safeio v0.2.3/go.mod h1:d7RMmt7utQBJZ4B7f0H/cU/EdZibQAU1Y8NWepK2dS8= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529/go.mod h1:DxrIzT+xaE7yg65j358z/aeFdxmN0P9QXhEzd20vsDc= github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ= -github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo= github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= @@ -284,7 +273,6 @@ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -347,7 +335,6 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -398,7 +385,6 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190424220101-1e8e1cfdf96b/go.mod h1:RgjU9mgBXZiqYHBnxXauZ1Gv1EHHAz9KjViQ78xBX0Q= golang.org/x/tools v0.0.0-20190907020128-2ca718005c18/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -424,7 +410,6 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -433,4 +418,3 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= -gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= diff --git a/test/integration/consul-container/go.mod b/test/integration/consul-container/go.mod index d1e077db52a48..e4671b8cd95a2 100644 --- a/test/integration/consul-container/go.mod +++ b/test/integration/consul-container/go.mod @@ -1,8 +1,6 @@ module github.com/hashicorp/consul/test/integration/consul-container -go 1.22 - -toolchain go1.22.5 +go 1.20 require ( fortio.org/fortio v1.54.0 diff --git a/test/integration/consul-container/go.sum b/test/integration/consul-container/go.sum index a418b57d6d9ac..28082f92c6a61 100644 --- a/test/integration/consul-container/go.sum +++ b/test/integration/consul-container/go.sum @@ -2,7 +2,6 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMT dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= fortio.org/assert v1.1.4 h1:Za1RaG+OjsTMpQS3J3UCvTF6wc4+IOHCz+jAOU37Y4o= -fortio.org/assert v1.1.4/go.mod h1:039mG+/iYDPO8Ibx8TrNuJCm2T2SuhwRI3uL9nHTTls= fortio.org/dflag v1.5.2 h1:F9XVRj4Qr2IbJP7BMj7XZc9wB0Q/RZ61Ool+4YPVad8= fortio.org/dflag v1.5.2/go.mod h1:ppb/A8u+KKg+qUUYZNYuvRnXuVb8IsdHb/XGzsmjkN8= fortio.org/fortio v1.54.0 h1:2jn8yTd6hcIEoKY4CjI0lI6XxTWVxsMYF2bMiWOmv+Y= @@ -14,7 +13,6 @@ fortio.org/sets v1.0.2/go.mod h1:xVjulHr0FhlmReSymI+AhDtQ4FgjiazQ3JmuNpYFMs8= fortio.org/version v1.0.2 h1:8NwxdX58aoeKx7T5xAPO0xlUu1Hpk42nRz5s6e6eKZ0= fortio.org/version v1.0.2/go.mod h1:2JQp9Ax+tm6QKiGuzR5nJY63kFeANcgrZ0osoQFDVm0= github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1 h1:EKPd1INOIyr5hWOWhvpmQpY6tKjeG0hT1s3AMC/9fic= -github.com/AdaLogics/go-fuzz-headers v0.0.0-20230106234847-43070de90fa1/go.mod h1:VzwV+t+dZ9j/H867F1M2ziD+yLHtB46oM35FxxMJ4d0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 h1:L/gRVlceqvL25UVaW/CKtUDjefjrs0SPonmDGUVOYP0= github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161/go.mod h1:xomTg63KZ2rFqZQzSB4Vz2SUXa1BpHTVz9L5PTmPC4E= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= @@ -22,7 +20,6 @@ github.com/DataDog/datadog-go v3.2.0+incompatible/go.mod h1:LButxg5PwREeZtORoXG3 github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= github.com/Microsoft/hcsshim v0.10.0-rc.8 h1:YSZVvlIIDD1UxQpJp0h+dnpLUw+TrY0cx8obKsp3bek= -github.com/Microsoft/hcsshim v0.10.0-rc.8/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0= @@ -56,9 +53,7 @@ github.com/containerd/containerd v1.7.3/go.mod h1:32FOM4/O0RkNg7AjQj3hDzN9cUGtu+ github.com/cpuguy83/dockercfg v0.3.1 h1:/FpZ+JaygUR/lZP2NlFI2DVfrOEMAIKP5wWEJdoYe9E= github.com/cpuguy83/dockercfg v0.3.1/go.mod h1:sugsbF4//dDlL/i+S+rtpIWp+5h0BHJHfjj5/jFyUJc= github.com/creack/pty v1.1.18 h1:n56/Zwd5o6whRC5PMGretI4IdRLlmBXYNjScPaBgsbY= -github.com/creack/pty v1.1.18/go.mod h1:MOBLtS5ELjhRRrroQr9kyvTxUAFNvYEK993ew/Vr4O4= github.com/cyphar/filepath-securejoin v0.2.3 h1:YX6ebbZCZP7VkM3scTTokDgBL2TY741X51MTk3ycuNI= -github.com/cyphar/filepath-securejoin v0.2.3/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= @@ -173,11 +168,9 @@ github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxv github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= -github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= -github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/magiconair/properties v1.8.7 h1:IeQXZAiQcpL9mgcAe1Nu6cX9LLw6ExEHKjN0VQdvPDY= github.com/magiconair/properties v1.8.7/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= @@ -236,7 +229,6 @@ github.com/opencontainers/runc v1.1.8/go.mod h1:CbUumNnWCuTGFukNXahoo/RFBZvDAgRh github.com/otiai10/copy v1.10.0 h1:znyI7l134wNg/wDktoVQPxPkgvhDfGCYUasey+h0rDQ= github.com/otiai10/copy v1.10.0/go.mod h1:rSaLseMUsZFFbsFGc7wCJnnkTAvdc5L6VWxPE4308Ww= github.com/otiai10/mint v1.5.1 h1:XaPLeE+9vGbuyEHem1JNk3bYc7KKqyI/na0/mLd/Kks= -github.com/otiai10/mint v1.5.1/go.mod h1:MJm72SBthJjz8qhefc4z1PYEieWmy8Bku7CjcAqyUSM= github.com/pascaldekloe/goe v0.0.0-20180627143212-57f6aae5913c/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= github.com/pascaldekloe/goe v0.1.0 h1:cBOtyMzM9HTpWjXfbbunk26uA6nG3a8n06Wieeh0MwY= github.com/pascaldekloe/goe v0.1.0/go.mod h1:lzWF7FIEvWOWxwDKqyGYQf6ZUaNfKdP144TG7ZOy1lc= @@ -270,7 +262,6 @@ github.com/prometheus/procfs v0.0.8/go.mod h1:7Qr8sr6344vo1JqZ6HhLceV9o3AJ1Ff+Gx github.com/prometheus/procfs v0.8.0 h1:ODq8ZFEaYeCaZOJlZZdJA2AbQR98dSHSM1KW/You5mo= github.com/prometheus/procfs v0.8.0/go.mod h1:z7EfXMXOkbkqb9IINtpCn86r/to3BnA0uaxHdg830/4= github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ= -github.com/rogpeppe/go-internal v1.10.0/go.mod h1:UQnix2H7Ngw/k4C5ijL5+65zddjncjaFoBhdsK/akog= github.com/ryanuber/columnize v0.0.0-20160712163229-9b3edd62028f/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/sean-/seed v0.0.0-20170313163322-e2103e2c3529 h1:nn5Wsu0esKSJiIVhscUtVbo7ada43DJhG55ua/hjS5I= @@ -282,7 +273,6 @@ github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVs github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= -github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -352,7 +342,6 @@ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.3.0 h1:ftCYgMx6zT/asHUrPw8BLLscYtGznsLAnjq5RH9P66E= -golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y= golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -404,7 +393,6 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= -golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -443,7 +431,6 @@ gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLks gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= -gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.4/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -452,6 +439,5 @@ gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gotest.tools/v3 v3.5.0 h1:Ljk6PdHdOhAb5aDMWXjDLMMhph+BpztA4v1QdqEW2eY= -gotest.tools/v3 v3.5.0/go.mod h1:isy3WKz7GK6uNw/sbHzfKBLvlvXwUyV06n6brMxxopU= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= diff --git a/version/VERSION b/version/VERSION index 734375f897d07..b118f0d8c3bf6 100644 --- a/version/VERSION +++ b/version/VERSION @@ -1 +1 @@ -1.20.0-dev +1.19.2-dev diff --git a/website/content/api-docs/acl/auth-methods.mdx b/website/content/api-docs/acl/auth-methods.mdx index 34f59cb866c51..805a9ee93c414 100644 --- a/website/content/api-docs/acl/auth-methods.mdx +++ b/website/content/api-docs/acl/auth-methods.mdx @@ -107,8 +107,6 @@ The corresponding CLI command is [`consul acl auth-method create`](/consul/comma prefixed-${serviceaccount.name} ``` -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -177,11 +175,9 @@ The corresponding CLI command is [`consul acl auth-method read`](/consul/command ### Query Parameters -- `ns` `(string: "")` - Specifies the namespace of the auth method you look up. +- `ns` `(string: "")` - Specifies the namespace of the auth method you lookup. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -295,11 +291,9 @@ The corresponding CLI command is [`consul acl auth-method update`](/consul/comma same values that are usable by the `Selector` syntax. For example: ```text - prefixed-${serviceaccount.name} + prefixed-${serviceaccount.name} ``` -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -375,8 +369,6 @@ The corresponding CLI command is [`consul acl auth-method delete`](/consul/comma - `ns` `(string: "")` - Specifies the namespace of the auth method you delete. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -416,9 +408,8 @@ The corresponding CLI command is [`consul acl auth-method list`](/consul/command The namespace may be specified as '\*' to return results for all namespaces. You can also [specify the namespace through other methods](#methods-to-specify-namespace). - The namespace may be specified as '\*' and then results are returned for all namespaces. - -@include 'http-api-query-parms-partition.mdx' +The namespace may be specified as '\*' and then + results will be returned for all namespaces. ## Sample Request diff --git a/website/content/api-docs/acl/binding-rules.mdx b/website/content/api-docs/acl/binding-rules.mdx index 34edeadc4a953..9894ce21c7bf8 100644 --- a/website/content/api-docs/acl/binding-rules.mdx +++ b/website/content/api-docs/acl/binding-rules.mdx @@ -172,8 +172,6 @@ The corresponding CLI command is [`consul acl binding-rule create`](/consul/comm This field takes precedence over the `ns` query parameter, one of several [other methods to specify the namespace](#methods-to-specify-namespace). -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -240,8 +238,6 @@ The corresponding CLI command is [`consul acl binding-rule read`](/consul/comman - `ns` `(string: "")` - Specifies the namespace of the binding rule you lookup. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -427,8 +423,6 @@ The corresponding CLI command is [`consul acl binding-rule update`](/consul/comm This field takes precedence over the `ns` query parameter, one of several [other methods to specify the namespace](#methods-to-specify-namespace). -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -495,8 +489,6 @@ The corresponding CLI command is [`consul acl binding-rule delete`](/consul/comm - `ns` `(string: "")` - Specifies the namespace of the binding rule you delete. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -530,7 +522,7 @@ The table below shows this endpoint's support for The corresponding CLI command is [`consul acl binding-rule list`](/consul/commands/acl/binding-rule/list). -### Query Parameters +## Query Parameters - `authmethod` `(string: "")` - Filters the binding rule list to those binding rules that are linked with the specific named auth method. @@ -539,9 +531,7 @@ The corresponding CLI command is [`consul acl binding-rule list`](/consul/comman The namespace may be specified as '\*' to return results for all namespaces. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - -### Sample Request +## Sample Request ```shell-session $ curl --request GET http://127.0.0.1:8500/v1/acl/binding-rules diff --git a/website/content/api-docs/acl/policies.mdx b/website/content/api-docs/acl/policies.mdx index 1d46fa1b5125b..c41583626b8cc 100644 --- a/website/content/api-docs/acl/policies.mdx +++ b/website/content/api-docs/acl/policies.mdx @@ -57,8 +57,6 @@ The corresponding CLI command is [`consul acl policy create`](/consul/commands/a This field takes precedence over the `ns` query parameter, one of several [other methods to specify the namespace](#methods-to-specify-namespace). -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -172,8 +170,6 @@ The corresponding CLI command is [`consul acl policy read -name=`](/cons - `ns` `(string: "")` - Specifies the namespace of the policy you lookup. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -246,8 +242,6 @@ The corresponding CLI command is [`consul acl policy update`](/consul/commands/a This field takes precedence over the `ns` query parameter, one of several [other methods to specify the namespace](#methods-to-specify-namespace). -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -313,8 +307,6 @@ The corresponding CLI command is [`consul acl policy delete`](/consul/commands/a - `ns` `(string: "")` - Specifies the namespace of the policy you delete. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -354,9 +346,7 @@ The corresponding CLI command is [`consul acl policy list`](/consul/commands/acl The namespace may be specified as '\*' to return results for all namespaces. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - -### Sample Request +## Sample Request ```shell-session $ curl --request GET http://127.0.0.1:8500/v1/acl/policies diff --git a/website/content/api-docs/acl/roles.mdx b/website/content/api-docs/acl/roles.mdx index e54e9a54b07bb..fbcb8d8b72b1c 100644 --- a/website/content/api-docs/acl/roles.mdx +++ b/website/content/api-docs/acl/roles.mdx @@ -95,8 +95,6 @@ The corresponding CLI command is [`consul acl role create`](/consul/commands/acl This field takes precedence over the `ns` query parameter, one of several [other methods to specify the namespace](#methods-to-specify-namespace). -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -225,8 +223,6 @@ The corresponding CLI command is [`consul acl role read`](/consul/commands/acl/r - `ns` `(string: "")` - Specifies the namespace of the role you lookup. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -310,8 +306,6 @@ The corresponding CLI command is [`consul acl role read -name=`](/consul - `ns` `(string: "")` - Specifies the namespace of the role you lookup. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -424,8 +418,6 @@ The corresponding CLI command is [`consul acl role update`](/consul/commands/acl This field takes precedence over the `ns` query parameter, one of several [other methods to specify the namespace](#methods-to-specify-namespace). -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -531,8 +523,6 @@ The corresponding CLI command is [`consul acl role delete`](/consul/commands/acl - `ns` `(string: "")` - Specifies the namespace of the role you delete. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -575,8 +565,6 @@ The corresponding CLI command is [`consul acl role list`](/consul/commands/acl/r The namespace may be specified as '\*' to return results for all namespaces. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ## Sample Request ```shell-session diff --git a/website/content/api-docs/acl/templated-policies.mdx b/website/content/api-docs/acl/templated-policies.mdx index de3a6b59aef82..5805449dd58fd 100644 --- a/website/content/api-docs/acl/templated-policies.mdx +++ b/website/content/api-docs/acl/templated-policies.mdx @@ -87,8 +87,6 @@ The corresponding CLI command is [`consul acl templated-policy preview`](/consul - `Name` `(string: )` - Specifies the value of the `name` variable in the templated policy variables. -@include 'http-api-body-options-partition.mdx' - ### Sample payload ```json diff --git a/website/content/api-docs/acl/tokens.mdx b/website/content/api-docs/acl/tokens.mdx index af629a3500cf2..a741ec3a708b7 100644 --- a/website/content/api-docs/acl/tokens.mdx +++ b/website/content/api-docs/acl/tokens.mdx @@ -118,8 +118,6 @@ The corresponding CLI command is [`consul acl token create`](/consul/commands/ac This field takes precedence over the `ns` query parameter, one of several [other methods to specify the namespace](#methods-to-specify-namespace). -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -219,8 +217,6 @@ The corresponding CLI command is [`consul acl token read`](/consul/commands/acl/ - `expanded` `(bool: false)` - If this field is set, the contents of all policies and roles affecting the token will also be returned. -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -501,8 +497,6 @@ The corresponding CLI command is [`consul acl token update`](/consul/commands/ac This field takes precedence over the `ns` query parameter, one of several [other methods to specify the namespace](#methods-to-specify-namespace). -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -597,8 +591,6 @@ The corresponding CLI command is [`consul acl token clone`](/consul/commands/acl This field takes precedence over the `ns` query parameter, one of several [other methods to specify the namespace](#methods-to-specify-namespace). -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -676,8 +668,6 @@ The corresponding CLI command is [`consul acl token delete`](/consul/commands/ac - `ns` `(string: "")` - Specifies the namespace of the token you delete. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -733,8 +723,6 @@ The corresponding CLI command is [`consul acl token list`](/consul/commands/acl/ The namespace may be specified as '\*' to return results for all namespaces. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session diff --git a/website/content/api-docs/agent/index.mdx b/website/content/api-docs/agent/index.mdx index 749ea80f291d0..d76cc1910775b 100644 --- a/website/content/api-docs/agent/index.mdx +++ b/website/content/api-docs/agent/index.mdx @@ -261,8 +261,6 @@ The corresponding CLI command is [`consul members`](/consul/commands/members). network segment). When querying a server, setting this to the special string `_all` will show members in all segments. -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session diff --git a/website/content/api-docs/agent/service.mdx b/website/content/api-docs/agent/service.mdx index 3018274182703..eee3dd471e3d1 100644 --- a/website/content/api-docs/agent/service.mdx +++ b/website/content/api-docs/agent/service.mdx @@ -684,8 +684,6 @@ The `/agent/service/register` endpoint supports camel case and _snake case_ for `false`. See [anti-entropy syncs](/consul/docs/architecture/anti-entropy) for additional information. -@include 'http-api-body-options-partition.mdx' - #### Connect Structure For the `Connect` field, the parameters are: @@ -771,8 +769,6 @@ The corresponding CLI command is [`consul services deregister`](/consul/commands - `ns` `(string: "")` - Specifies the namespace of the service you deregister. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session diff --git a/website/content/api-docs/catalog.mdx b/website/content/api-docs/catalog.mdx index 8c549b304376d..8af4a2f011d40 100644 --- a/website/content/api-docs/catalog.mdx +++ b/website/content/api-docs/catalog.mdx @@ -327,8 +327,6 @@ The corresponding CLI command is [`consul catalog nodes`](/consul/commands/catal - `filter` `(string: "")` - Specifies the expression used to filter the queries results prior to returning the data. -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -424,8 +422,6 @@ The corresponding CLI command is [`consul catalog services`](/consul/commands/ca - `filter` `(string: "")` - Specifies the expression used to filter the queries results prior to returning the data. -@include 'http-api-query-parms-partition.mdx' - ### Filtering The filter will be executed against each Service mapping within the catalog. diff --git a/website/content/api-docs/config.mdx b/website/content/api-docs/config.mdx index 49243da09456d..79407b325a1aa 100644 --- a/website/content/api-docs/config.mdx +++ b/website/content/api-docs/config.mdx @@ -71,8 +71,6 @@ The ACL required depends on the config entry being written: - `ns` `(string: "")` - Specifies the namespace of the config entry you apply. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Payload ```json @@ -152,8 +150,6 @@ The ACL required depends on the config entry kind being read: - `ns` `(string: "")` - Specifies the namespace of the config entry you lookup You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -232,8 +228,6 @@ The corresponding CLI command is [`consul config list`](/consul/commands/config/ - `ns` `(string: "")` - Specifies the namespace of the config entries you lookup. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -327,8 +321,6 @@ The corresponding CLI command is [`consul config delete`](/consul/commands/confi - `ns` `(string: "")` - Specifies the namespace of the config entry you delete. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session diff --git a/website/content/api-docs/connect/intentions.mdx b/website/content/api-docs/connect/intentions.mdx index 95a5cfca60a46..ebe835ac905f0 100644 --- a/website/content/api-docs/connect/intentions.mdx +++ b/website/content/api-docs/connect/intentions.mdx @@ -60,8 +60,6 @@ The corresponding CLI command is [`consul intention create -replace`](/consul/co as shown in the [source and destination naming conventions](/consul/commands/intention#source-and-destination-naming). You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### JSON Request Body Schema - `SourceType` `(string: "")` - The type for the `SourceName` value. @@ -153,8 +151,6 @@ The corresponding CLI command is [`consul intention create`](/consul/commands/in as shown in the [source and destination naming conventions](/consul/commands/intention#source-and-destination-naming). You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### JSON Request Body Schema - `SourceName` `(string: )` - The source of the intention. @@ -294,8 +290,6 @@ The corresponding CLI command is [`consul intention get`](/consul/commands/inten as shown in the [source and destination naming conventions](/consul/commands/intention#source-and-destination-naming). You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -410,8 +404,6 @@ The corresponding CLI command is [`consul intention list`](/consul/commands/inte The `*` wildcard may be used to list intentions from all namespaces. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -493,8 +485,6 @@ The corresponding CLI command is [`consul intention delete`](/consul/commands/in as shown in the [source and destination naming conventions](/consul/commands/intention#source-and-destination-naming). You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -638,8 +628,6 @@ The corresponding CLI command is [`consul intention match`](/consul/commands/int as shown in the [source and destination naming conventions](/consul/commands/intention#source-and-destination-naming). You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session diff --git a/website/content/api-docs/exported-services.mdx b/website/content/api-docs/exported-services.mdx index f7c89d4999a5d..aa6521f62fb65 100644 --- a/website/content/api-docs/exported-services.mdx +++ b/website/content/api-docs/exported-services.mdx @@ -36,7 +36,8 @@ The table below shows this endpoint's support for ### Query Parameters -@include 'http-api-query-parms-partition.mdx' +- `partition` `(string: "")` - Specifies the admin partition the services are exported from. When not specified, assumes the default value `default`. + ### Sample Request diff --git a/website/content/api-docs/kv.mdx b/website/content/api-docs/kv.mdx index 912a8b6944357..29aa32cbe6a33 100644 --- a/website/content/api-docs/kv.mdx +++ b/website/content/api-docs/kv.mdx @@ -79,8 +79,6 @@ The corresponding CLI command is [`consul kv get`](/consul/commands/kv/get). For recursive lookups, the namespace may be specified as '\*' to return results for all namespaces. -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -222,8 +220,6 @@ The corresponding CLI command is [`consul kv put`](/consul/commands/kv/put). - `ns` `(string: "")` - Specifies the namespace to query. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Payload The payload is arbitrary, and is loaded directly into Consul as supplied. @@ -293,8 +289,6 @@ The corresponding CLI command is [`consul kv delete`](/consul/commands/kv/delete - `ns` `(string: "")` - Specifies the namespace to query. You can also [specify the namespace through other methods](#methods-to-specify-namespace). -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session diff --git a/website/content/api-docs/namespaces.mdx b/website/content/api-docs/namespaces.mdx index 8c963d80a9f02..2dd41a7e9ba11 100644 --- a/website/content/api-docs/namespaces.mdx +++ b/website/content/api-docs/namespaces.mdx @@ -67,8 +67,6 @@ The corresponding CLI command is [`consul namespace create`](/consul/commands/na - `Meta` `(map: )` - Specifies arbitrary KV metadata to associate with the namespace. -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -171,10 +169,6 @@ The corresponding CLI command is [`consul namespace read`](/consul/commands/name - `name` `(string: )` - Specifies the namespace to read. -### Query Parameters - -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -278,8 +272,6 @@ The corresponding CLI command is [`consul namespace update`](/consul/commands/na - `Meta` `(map: )` - Specifies arbitrary KV metadata to associate with the namespace. -@include 'http-api-body-options-partition.mdx' - ### Sample Payload ```json @@ -356,15 +348,18 @@ $ curl --request PUT \ ## Delete a Namespace -This endpoint marks a Namespace for deletion. Once marked, Consul deletes all the associated Namespaced data in the background. Only after all associated data has been deleted, Consul deletes the Namespace. -Until then, you can perform further reads on the namespace, and a `DeletedAt` -field is populated with the timestamp of when the Namespace was marked for deletion. +This endpoint marks a Namespace for deletion. Once marked Consul will +deleted all the associated Namespaced data in the background. Only once +all associated data has been deleted will the Namespace actually disappear. +Until then, further reads can be performed on the namespace and a `DeletedAt` +field will now be populated with the timestamp of when the Namespace was +marked for deletion. | Method | Path | Produces | | -------- | ------------------ | -------- | | `DELETE` | `/namespace/:name` | N/A | -This endpoint returns no data. Success or failure is indicated by the status +This endpoint will return no data. Success or failure is indicated by the status code returned. The table below shows this endpoint's support for @@ -383,10 +378,6 @@ The corresponding CLI command is [`consul namespace delete`](/consul/commands/na - `name` `(string: )` - Specifies the namespace to delete. -### Query Parameters - -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session @@ -458,10 +449,6 @@ the request has been granted any access in the namespace (read, list or write). The corresponding CLI command is [`consul namespace list`](/consul/commands/namespace/list). -### Query Parameters - -@include 'http-api-query-parms-partition.mdx' - ### Sample Request ```shell-session diff --git a/website/content/api-docs/peering.mdx b/website/content/api-docs/peering.mdx index f0e4d77677107..7604cb6a19546 100644 --- a/website/content/api-docs/peering.mdx +++ b/website/content/api-docs/peering.mdx @@ -34,7 +34,8 @@ The table below shows this endpoint's support for and configuration entries such as `service-intentions`. This field must be a valid DNS hostname label. -@include 'http-api-body-options-partition.mdx' +- `Partition` `(string: "")` - The admin partition that the + peering token is generated from. Uses `default` when not specified. - `ServerExternalAddresses` `([]string: )` - The addresses for the cluster that generates the peering token. Addresses take the form `{host or IP}:port`. You can specify one or more load balancers or external IPs that route external traffic to this cluster's Consul servers. @@ -99,7 +100,9 @@ The table below shows this endpoint's support for and configuration entries such as `service-intentions`. This field must be a valid DNS hostname label. -@include 'http-api-body-options-partition.mdx' +- `Partition` `(string: "")` - The admin partition + that peers to the cluster that generated the peering token. Uses `default` + when not specified. - `PeeringToken` `(string: )` - The peering token fetched from the peer cluster. @@ -159,7 +162,8 @@ The table below shows this endpoint's support for ### Query Parameters -@include 'http-api-query-parms-partition.mdx' +- `partition` `(string: "")` - Specifies the partition of the peering + to read. If not specified will default to `default`. ### Sample Request @@ -231,7 +235,8 @@ The table below shows this endpoint's support for ### Query Parameters -@include 'http-api-query-parms-partition.mdx' +- `partition` `(string: "")` - Specifies the partition of the peerings + to delete. If not specified will default to `default`. ### Sample Request @@ -281,7 +286,8 @@ The table below shows this endpoint's support for ### Query Parameters -@include 'http-api-query-parms-partition.mdx' +- `partition` `(string: "")` - Specifies the partition of the peerings + to list. If not specified will default to `default`. ### Sample Request diff --git a/website/content/commands/acl/auth-method/create.mdx b/website/content/commands/acl/auth-method/create.mdx index 4f1015cfb61dc..7a7ef7ea70efe 100644 --- a/website/content/commands/acl/auth-method/create.mdx +++ b/website/content/commands/acl/auth-method/create.mdx @@ -67,7 +67,7 @@ Usage: `consul acl auth-method create [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/auth-method/delete.mdx b/website/content/commands/acl/auth-method/delete.mdx index acb095c5872b3..fc2e166d362cc 100644 --- a/website/content/commands/acl/auth-method/delete.mdx +++ b/website/content/commands/acl/auth-method/delete.mdx @@ -31,7 +31,7 @@ Usage: `consul acl auth-method delete [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/auth-method/list.mdx b/website/content/commands/acl/auth-method/list.mdx index 42d7285ca76d7..c7d2c0b9c2b47 100644 --- a/website/content/commands/acl/auth-method/list.mdx +++ b/website/content/commands/acl/auth-method/list.mdx @@ -34,7 +34,7 @@ Usage: `consul acl auth-method list` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/auth-method/read.mdx b/website/content/commands/acl/auth-method/read.mdx index 015852f9684cd..928863846de51 100644 --- a/website/content/commands/acl/auth-method/read.mdx +++ b/website/content/commands/acl/auth-method/read.mdx @@ -36,7 +36,7 @@ Usage: `consul acl auth-method read [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/auth-method/update.mdx b/website/content/commands/acl/auth-method/update.mdx index d328ea999c2b5..aef12ff351c9f 100644 --- a/website/content/commands/acl/auth-method/update.mdx +++ b/website/content/commands/acl/auth-method/update.mdx @@ -72,7 +72,7 @@ Usage: `consul acl auth-method update [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/binding-rule/create.mdx b/website/content/commands/acl/binding-rule/create.mdx index b32b2ce934e52..38b2ffb57debe 100644 --- a/website/content/commands/acl/binding-rule/create.mdx +++ b/website/content/commands/acl/binding-rule/create.mdx @@ -47,7 +47,7 @@ Usage: `consul acl binding-rule create [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/binding-rule/delete.mdx b/website/content/commands/acl/binding-rule/delete.mdx index 9164f62a7c0e7..c78e36031040c 100644 --- a/website/content/commands/acl/binding-rule/delete.mdx +++ b/website/content/commands/acl/binding-rule/delete.mdx @@ -32,7 +32,7 @@ Usage: `consul acl binding-rule delete [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/binding-rule/list.mdx b/website/content/commands/acl/binding-rule/list.mdx index cbb9c184c8219..9d01e9d2b1b7d 100644 --- a/website/content/commands/acl/binding-rule/list.mdx +++ b/website/content/commands/acl/binding-rule/list.mdx @@ -34,7 +34,7 @@ Usage: `consul acl binding-rule list` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/binding-rule/read.mdx b/website/content/commands/acl/binding-rule/read.mdx index 50f1e8112f886..86b8b4169c6cd 100644 --- a/website/content/commands/acl/binding-rule/read.mdx +++ b/website/content/commands/acl/binding-rule/read.mdx @@ -37,7 +37,7 @@ Usage: `consul acl binding-rule read [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/binding-rule/update.mdx b/website/content/commands/acl/binding-rule/update.mdx index 22ad67e0cfc97..e33b7e026da5c 100644 --- a/website/content/commands/acl/binding-rule/update.mdx +++ b/website/content/commands/acl/binding-rule/update.mdx @@ -54,7 +54,7 @@ Usage: `consul acl binding-rule update [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/policy/create.mdx b/website/content/commands/acl/policy/create.mdx index e178536515e0d..cbd4b8d8757de 100644 --- a/website/content/commands/acl/policy/create.mdx +++ b/website/content/commands/acl/policy/create.mdx @@ -49,7 +49,7 @@ Usage: `consul acl policy create [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/policy/delete.mdx b/website/content/commands/acl/policy/delete.mdx index 2b611f5a78dca..074dfea607d15 100644 --- a/website/content/commands/acl/policy/delete.mdx +++ b/website/content/commands/acl/policy/delete.mdx @@ -34,7 +34,7 @@ Usage: `consul acl policy delete [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/policy/list.mdx b/website/content/commands/acl/policy/list.mdx index ad3b114b9793b..7d56fd6f21373 100644 --- a/website/content/commands/acl/policy/list.mdx +++ b/website/content/commands/acl/policy/list.mdx @@ -34,7 +34,7 @@ Usage: `consul acl policy list` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/policy/read.mdx b/website/content/commands/acl/policy/read.mdx index 28e2f51a79d03..b84b5d3c34833 100644 --- a/website/content/commands/acl/policy/read.mdx +++ b/website/content/commands/acl/policy/read.mdx @@ -39,7 +39,7 @@ Usage: `consul acl policy read [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/policy/update.mdx b/website/content/commands/acl/policy/update.mdx index edc529a5da9fe..f64a1f79068e0 100644 --- a/website/content/commands/acl/policy/update.mdx +++ b/website/content/commands/acl/policy/update.mdx @@ -58,7 +58,7 @@ Usage: `consul acl policy update [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/role/create.mdx b/website/content/commands/acl/role/create.mdx index 82989a2697a13..44af92bd4e640 100644 --- a/website/content/commands/acl/role/create.mdx +++ b/website/content/commands/acl/role/create.mdx @@ -52,7 +52,7 @@ Usage: `consul acl role create [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/role/delete.mdx b/website/content/commands/acl/role/delete.mdx index 9a39e97ab843a..bb2a179d92e16 100644 --- a/website/content/commands/acl/role/delete.mdx +++ b/website/content/commands/acl/role/delete.mdx @@ -34,7 +34,7 @@ Usage: `consul acl role delete [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/role/list.mdx b/website/content/commands/acl/role/list.mdx index afd8c75a41a9c..ed3699ce3fa79 100644 --- a/website/content/commands/acl/role/list.mdx +++ b/website/content/commands/acl/role/list.mdx @@ -34,7 +34,7 @@ Usage: `consul acl role list` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/role/read.mdx b/website/content/commands/acl/role/read.mdx index aa5008f57d5c9..7de17d5dcb2c3 100644 --- a/website/content/commands/acl/role/read.mdx +++ b/website/content/commands/acl/role/read.mdx @@ -39,7 +39,7 @@ Usage: `consul acl role read [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/role/update.mdx b/website/content/commands/acl/role/update.mdx index 1308e445ba7f5..d6991a21e0fb9 100644 --- a/website/content/commands/acl/role/update.mdx +++ b/website/content/commands/acl/role/update.mdx @@ -63,7 +63,7 @@ Usage: `consul acl role update [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/templated-policy/preview.mdx b/website/content/commands/acl/templated-policy/preview.mdx index cfffa6db7e55a..7e0c38d165c9a 100644 --- a/website/content/commands/acl/templated-policy/preview.mdx +++ b/website/content/commands/acl/templated-policy/preview.mdx @@ -36,7 +36,7 @@ Usage: `consul acl templated-policy preview [options] [args]` ### Enterprise options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/token/clone.mdx b/website/content/commands/acl/token/clone.mdx index 937097fb284d5..7f2822d6c5792 100644 --- a/website/content/commands/acl/token/clone.mdx +++ b/website/content/commands/acl/token/clone.mdx @@ -38,7 +38,7 @@ Usage: `consul acl token clone [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/token/create.mdx b/website/content/commands/acl/token/create.mdx index 8cd5fb6b948b9..f0622ace7ec86 100644 --- a/website/content/commands/acl/token/create.mdx +++ b/website/content/commands/acl/token/create.mdx @@ -66,7 +66,7 @@ Usage: `consul acl token create [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/token/delete.mdx b/website/content/commands/acl/token/delete.mdx index 13a3ca26e6e31..5ba65957589be 100644 --- a/website/content/commands/acl/token/delete.mdx +++ b/website/content/commands/acl/token/delete.mdx @@ -32,7 +32,7 @@ Usage: `consul acl token delete [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/token/list.mdx b/website/content/commands/acl/token/list.mdx index fd3b6c2151143..531b4cc68ed8c 100644 --- a/website/content/commands/acl/token/list.mdx +++ b/website/content/commands/acl/token/list.mdx @@ -34,7 +34,7 @@ Usage: `consul acl token list` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/token/read.mdx b/website/content/commands/acl/token/read.mdx index dfcbea12d8e19..e339292d96639 100644 --- a/website/content/commands/acl/token/read.mdx +++ b/website/content/commands/acl/token/read.mdx @@ -43,7 +43,7 @@ Usage: `consul acl token read [options] [args]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/acl/token/update.mdx b/website/content/commands/acl/token/update.mdx index 1f89d828641c6..1a1703cb143b3 100644 --- a/website/content/commands/acl/token/update.mdx +++ b/website/content/commands/acl/token/update.mdx @@ -93,7 +93,7 @@ instead. #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/catalog/nodes.mdx b/website/content/commands/catalog/nodes.mdx index 6efa3ad0716c5..f612627be23d4 100644 --- a/website/content/commands/catalog/nodes.mdx +++ b/website/content/commands/catalog/nodes.mdx @@ -85,7 +85,7 @@ Usage: `consul catalog nodes [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' #### API Options diff --git a/website/content/commands/catalog/services.mdx b/website/content/commands/catalog/services.mdx index a57adcb4a927c..9d05ecbf47ac6 100644 --- a/website/content/commands/catalog/services.mdx +++ b/website/content/commands/catalog/services.mdx @@ -69,7 +69,7 @@ Usage: `consul catalog services [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/config/delete.mdx b/website/content/commands/config/delete.mdx index 085b0e34c4118..134d6885e6660 100644 --- a/website/content/commands/config/delete.mdx +++ b/website/content/commands/config/delete.mdx @@ -61,7 +61,7 @@ config entry. This is used in combination with the -cas flag. @include 'http_api_namespace_options.mdx' -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' #### API Options diff --git a/website/content/commands/config/list.mdx b/website/content/commands/config/list.mdx index 5f55a7bcff720..e453b11943192 100644 --- a/website/content/commands/config/list.mdx +++ b/website/content/commands/config/list.mdx @@ -48,7 +48,7 @@ Usage: `consul config list [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/config/read.mdx b/website/content/commands/config/read.mdx index c54a60dfec16b..7a49482c5b3fc 100644 --- a/website/content/commands/config/read.mdx +++ b/website/content/commands/config/read.mdx @@ -52,7 +52,7 @@ Usage: `consul config read [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/config/write.mdx b/website/content/commands/config/write.mdx index f466654c617fc..bb98d8e49888d 100644 --- a/website/content/commands/config/write.mdx +++ b/website/content/commands/config/write.mdx @@ -53,7 +53,7 @@ Usage: `consul config write [options] FILE` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/connect/envoy.mdx b/website/content/commands/connect/envoy.mdx index 913adb981dff8..744873df5656c 100644 --- a/website/content/commands/connect/envoy.mdx +++ b/website/content/commands/connect/envoy.mdx @@ -199,7 +199,7 @@ compatibility with Envoy and prevent potential issues. Default is `false`. #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/connect/redirect-traffic.mdx b/website/content/commands/connect/redirect-traffic.mdx index d59fe7928cf6c..af59baee56b79 100644 --- a/website/content/commands/connect/redirect-traffic.mdx +++ b/website/content/commands/connect/redirect-traffic.mdx @@ -60,7 +60,7 @@ Usage: `consul connect redirect-traffic [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/intention/check.mdx b/website/content/commands/intention/check.mdx index 23ae56ceae4e2..fadc8d224bd96 100644 --- a/website/content/commands/intention/check.mdx +++ b/website/content/commands/intention/check.mdx @@ -41,7 +41,7 @@ Usage: `consul intention check [options] SRC DST` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/intention/create.mdx b/website/content/commands/intention/create.mdx index bbaccc2be2f42..71c491b06ad8c 100644 --- a/website/content/commands/intention/create.mdx +++ b/website/content/commands/intention/create.mdx @@ -52,7 +52,7 @@ are not supported from commands, but may be from the corresponding HTTP endpoint #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/intention/delete.mdx b/website/content/commands/intention/delete.mdx index 2cfb97a966db0..ad2fca1c97e2f 100644 --- a/website/content/commands/intention/delete.mdx +++ b/website/content/commands/intention/delete.mdx @@ -37,7 +37,7 @@ Usage: #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/intention/get.mdx b/website/content/commands/intention/get.mdx index b3db133fd44e3..84b3a86065d0b 100644 --- a/website/content/commands/intention/get.mdx +++ b/website/content/commands/intention/get.mdx @@ -37,7 +37,7 @@ Usage: #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/intention/match.mdx b/website/content/commands/intention/match.mdx index 3d94939b38bf5..4c727b1fc21c8 100644 --- a/website/content/commands/intention/match.mdx +++ b/website/content/commands/intention/match.mdx @@ -40,7 +40,7 @@ Usage: `consul intention match [options] SRC_OR_DST` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/kv/delete.mdx b/website/content/commands/kv/delete.mdx index 17216b0ca78b3..90e2e54624bf4 100644 --- a/website/content/commands/kv/delete.mdx +++ b/website/content/commands/kv/delete.mdx @@ -40,7 +40,7 @@ Usage: `consul kv delete [options] KEY_OR_PREFIX` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/kv/export.mdx b/website/content/commands/kv/export.mdx index c05b2f80f8953..da063e9d826d3 100644 --- a/website/content/commands/kv/export.mdx +++ b/website/content/commands/kv/export.mdx @@ -28,7 +28,7 @@ Usage: `consul kv export [options] [PREFIX]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/kv/get.mdx b/website/content/commands/kv/get.mdx index 6534fe35486b6..0e83b2facb523 100644 --- a/website/content/commands/kv/get.mdx +++ b/website/content/commands/kv/get.mdx @@ -56,7 +56,7 @@ Usage: `consul kv get [options] [KEY_OR_PREFIX]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/kv/import.mdx b/website/content/commands/kv/import.mdx index a960b1b738ce2..574fdfbd87be3 100644 --- a/website/content/commands/kv/import.mdx +++ b/website/content/commands/kv/import.mdx @@ -31,7 +31,7 @@ Usage: `consul kv import [options] [DATA]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/kv/put.mdx b/website/content/commands/kv/put.mdx index dcde811fc01cb..efb045179fb8c 100644 --- a/website/content/commands/kv/put.mdx +++ b/website/content/commands/kv/put.mdx @@ -59,7 +59,7 @@ Usage: `consul kv put [options] KEY [DATA]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/members.mdx b/website/content/commands/members.mdx index 6299f21e4c82a..ff1df561a6f40 100644 --- a/website/content/commands/members.mdx +++ b/website/content/commands/members.mdx @@ -56,7 +56,7 @@ Usage: `consul members [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' #### API Options diff --git a/website/content/commands/namespace/create.mdx b/website/content/commands/namespace/create.mdx index 068666e5cafde..f5d611a542e45 100644 --- a/website/content/commands/namespace/create.mdx +++ b/website/content/commands/namespace/create.mdx @@ -61,7 +61,7 @@ from the CLI arguments. #### API Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_options_client.mdx' diff --git a/website/content/commands/namespace/delete.mdx b/website/content/commands/namespace/delete.mdx index adc235be60620..8742af6f4d613 100644 --- a/website/content/commands/namespace/delete.mdx +++ b/website/content/commands/namespace/delete.mdx @@ -30,7 +30,7 @@ Usage: `consul namespace delete ` #### API Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_options_client.mdx' diff --git a/website/content/commands/namespace/list.mdx b/website/content/commands/namespace/list.mdx index 1b043ed657d6e..5d15c1f1155c9 100644 --- a/website/content/commands/namespace/list.mdx +++ b/website/content/commands/namespace/list.mdx @@ -42,7 +42,7 @@ Usage: `consul namespace list` #### API Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_options_client.mdx' diff --git a/website/content/commands/namespace/read.mdx b/website/content/commands/namespace/read.mdx index 778f672ff5c82..4a4621ef06bcd 100644 --- a/website/content/commands/namespace/read.mdx +++ b/website/content/commands/namespace/read.mdx @@ -41,7 +41,7 @@ Usage: `consul namespace read ` #### API Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_options_client.mdx' diff --git a/website/content/commands/namespace/update.mdx b/website/content/commands/namespace/update.mdx index 4cce122356751..6349d307f638c 100644 --- a/website/content/commands/namespace/update.mdx +++ b/website/content/commands/namespace/update.mdx @@ -68,7 +68,7 @@ with the existing namespace definition. #### API Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_options_client.mdx' diff --git a/website/content/commands/namespace/write.mdx b/website/content/commands/namespace/write.mdx index f1a16ec006bd7..678c303a802fa 100644 --- a/website/content/commands/namespace/write.mdx +++ b/website/content/commands/namespace/write.mdx @@ -40,7 +40,7 @@ or HCL format. See [here](/consul/docs/enterprise/namespaces#namespace-definitio #### API Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_options_client.mdx' diff --git a/website/content/commands/peering/delete.mdx b/website/content/commands/peering/delete.mdx index 1bd474dc306fc..81ba3439dbbc1 100644 --- a/website/content/commands/peering/delete.mdx +++ b/website/content/commands/peering/delete.mdx @@ -34,7 +34,7 @@ Usage: `consul peering delete [options] -name ` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' #### API Options diff --git a/website/content/commands/peering/establish.mdx b/website/content/commands/peering/establish.mdx index 782fb9cda681d..a00dc332180d5 100644 --- a/website/content/commands/peering/establish.mdx +++ b/website/content/commands/peering/establish.mdx @@ -36,7 +36,7 @@ Usage: `consul peering establish [options] -name -peering-token ` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' #### API Options diff --git a/website/content/commands/peering/generate-token.mdx b/website/content/commands/peering/generate-token.mdx index 6ce3fb059cb5a..92d007125c69e 100644 --- a/website/content/commands/peering/generate-token.mdx +++ b/website/content/commands/peering/generate-token.mdx @@ -43,7 +43,7 @@ You can specify one or more load balancers or external IPs that route external t #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' #### API Options diff --git a/website/content/commands/peering/list.mdx b/website/content/commands/peering/list.mdx index 9838de3e7bc57..f0b1c8377735b 100644 --- a/website/content/commands/peering/list.mdx +++ b/website/content/commands/peering/list.mdx @@ -30,7 +30,7 @@ Usage: `consul peering list [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' #### API Options diff --git a/website/content/commands/peering/read.mdx b/website/content/commands/peering/read.mdx index 95a41b2701aa5..596c514520bbe 100644 --- a/website/content/commands/peering/read.mdx +++ b/website/content/commands/peering/read.mdx @@ -31,7 +31,7 @@ Usage: `consul peering read [options] -name ` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' #### API Options diff --git a/website/content/commands/services/deregister.mdx b/website/content/commands/services/deregister.mdx index 138de2e763eb3..edc493866e1c3 100644 --- a/website/content/commands/services/deregister.mdx +++ b/website/content/commands/services/deregister.mdx @@ -43,7 +43,7 @@ This flexibility makes it easy to pair the command with the #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/services/export.mdx b/website/content/commands/services/export.mdx index 370f95dd64373..281d5f23e7d7c 100644 --- a/website/content/commands/services/export.mdx +++ b/website/content/commands/services/export.mdx @@ -40,7 +40,7 @@ Usage: consul services export [options] -name -consumer-peers ` - A comma-separated list of admin partitions within the same datacenter to export the service to. This flag is optional when `-consumer-peers` is specified. -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/commands/services/exported-services.mdx b/website/content/commands/services/exported-services.mdx index 395ad2cb8b306..da1d3dd177032 100644 --- a/website/content/commands/services/exported-services.mdx +++ b/website/content/commands/services/exported-services.mdx @@ -32,7 +32,7 @@ Usage: `consul services exported-services [options]` #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' #### API Options diff --git a/website/content/commands/services/register.mdx b/website/content/commands/services/register.mdx index 01a09d19bfdb6..a1cbd8cf580e4 100644 --- a/website/content/commands/services/register.mdx +++ b/website/content/commands/services/register.mdx @@ -78,7 +78,7 @@ The following fields specify identical parameters in a standard service definiti #### Enterprise Options -@include 'cli-http-api-partition-options.mdx' +@include 'http_api_partition_options.mdx' @include 'http_api_namespace_options.mdx' diff --git a/website/content/docs/architecture/improving-consul-resilience.mdx b/website/content/docs/architecture/improving-consul-resilience.mdx index aea40f3558e9b..4ab40e9e81e4e 100644 --- a/website/content/docs/architecture/improving-consul-resilience.mdx +++ b/website/content/docs/architecture/improving-consul-resilience.mdx @@ -174,4 +174,4 @@ For more information on cluster peering, refer to: - [Cluster peering documentation](/consul/docs/connect/cluster-peering) for a more detailed explanation - [Cluster peering tutorial](/consul/tutorials/implement-multi-tenancy/cluster-peering) - to learn how to implement cluster peering + to learn how to implement cluster peering \ No newline at end of file diff --git a/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx b/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx index 87fd27dae8098..7aaded1fe2da8 100644 --- a/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx +++ b/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-k8s.mdx @@ -14,17 +14,16 @@ This topic describes how to use JSON web tokens (JWT) to verify requests to API You can configure API gateways to use JWTs to verify incoming requests so that you can stop unverified traffic at the gateway. You can configure JWT verification at different levels: -- Listener defaults: Define basic defaults in a GatewayPolicy resource to apply them to all routes attached to a listener. +- Listener defaults: Define basic defaults that apply to all routes attached to a listener. - HTTP route-specific settings: You can define JWT authentication settings for specific HTTP routes. Route-specific JWT settings override default listener configurations. -- Listener overrides: Define override settings in a GatewayPolicy resource that take precedence over default and route-specific configurations. Use override settings to set enforceable policies for listeners. +- Listener overrides: Define override settings that take precedence over default and route-specific configurations. This enables you to set enforceable policies for listeners. Complete the following steps to use JWTs to verify requests: -1. Define a JWTProvider that specifies the JWT provider and claims used to verify requests to the gateway. -1. Define a GatewayPolicy that specifies default and override settings for API gateway listeners and attach it to the gateway. -1. Define a RouteAuthFilter that specifies route-specific JWT verification settings. -1. Reference the RouteAuthFilter from the HTTPRoute. +1. Define a policy that specifies default and override settings for API gateway listeners and attach it to the gateway. +1. Define an HTTP route auth filter that specifies route-specific JWT verification settings. +1. Attach the auth filter to the HTTP route values file. 1. Apply the configurations. @@ -34,34 +33,9 @@ Complete the following steps to use JWTs to verify requests: - Consul on Kubernetes CLI or Helm chart v1.3.0+ - JWT details, such as claims and provider +## Define override and default settings -## Define a JWTProvider - -Create a `JWTProvider` CRD that defines the JWT provider to verify claims against. - -In the following example, the JWTProvider CRD contains a local JWKS. In production environments, use a production-grade JWKs endpoint instead. - - - -```yaml -apiVersion: consul.hashicorp.com/v1alpha1 -kind: JWTProvider -metadata: - name: local -spec: - issuer: local - jsonWebKeySet: - local: - jwks: "" -``` - - - -For more information about the fields you can configure in this CRD, refer to [`JWTProvider` configuration reference](/consul/docs/connect/config-entries/jwtprovider). - -## Define a GatewayPolicy - -Create a `GatewayPolicy` CRD that defines default and override settings for JWT verification. +Create a `GatewayPolicy` values file and configure the following fields to define default and override settings for JWT verification. Refer to [`GatewayPolicy` configuration reference](/consul/docs/connect/gateways/api-gateway/configuration/gatewaypolicy) for details. - `kind`: Must be set to `GatewayPolicy` - `metadata.name`: Specifies a name for the policy. @@ -72,155 +46,29 @@ Create a `GatewayPolicy` CRD that defines default and override settings for JWT - `spec.targetRef.override.jwt.providers`: Specifies a list of providers and claims used to verify requests to the gateway. The override settings take precedence over the default and route-specific JWT verification settings. - `spec.targetRef.default.jwt.providers`: Specifies a list of default providers and claims used to verify requests to the gateway. -The following examples configure a Gateway and the GatewayPolicy being attached to it so that every request coming through the listener must meet these conditions: - -- The request must be signed by the `local` provider -- The request must have a claim of `role` with a value of `user` unless the HTTPRoute attached to the listener overrides it - - - - - - -```yaml -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: Gateway -metadata: - name: api-gateway -spec: - gatewayClassName: consul - listeners: - - protocol: HTTP - port: 30002 - name: listener-one -``` - - - - - - - - - -```yaml -apiVersion: consul.hashicorp.com/v1alpha1 -kind: GatewayPolicy -metadata: - name: gw-policy -spec: - targetRef: - name: api-gateway - sectionName: listener-one - group: gateway.networking.k8s.io/v1beta1 - kind: Gateway - override: - jwt: - providers: - - name: "local" - default: - jwt: - providers: - - name: "local" - verifyClaims: - - path: - - role - value: user -``` - - - - - - -For more information about the fields you can configure, refer to [`GatewayPolicy` configuration reference](/consul/docs/connect/gateways/api-gateway/configuration/gatewaypolicy). - -## Define a RouteAuthFilter +## Define an HTTP route auth filter -Create an `RouteAuthFilter` CRD that defines overrides for the default JWT verification configured in the GatewayPolicy. +Create an `RouteAuthFilter` values file and configure the following fields. Refer to [`RouteAuthFilter` configuration reference](/consul/docs/connect/gateways/api-gateway/configuration/routeauthfilter) for details. - `kind`: Must be set to `RouteAuthFilter` - `metadata.name`: Specifies a name for the filter. - `metadata.namespace`: Specifies the Consul namespace the filter applies to. - `spec.jwt.providers`: Specifies a list of providers and claims used to verify requests to the gateway. The override settings take precedence over the default and route-specific JWT verification settings. -In the following example, the RouteAuthFilter overrides default settings set in the GatewayPolicy so that every request coming through the listener must meet these conditions: - -- The request must be signed by the `local` provider -- The request must have a `role` claim -- The value of the claim must be `admin` - - - -```yaml -apiVersion: consul.hashicorp.com/v1alpha1 -kind: RouteAuthFilter -metadata: - name: auth-filter -spec: - jwt: - providers: - - name: local - verifyClaims: - - path: - - role - value: admin -``` - - - -For more information about the fields you can configure, refer to [`RouteAuthFilter` configuration reference](/consul/docs/connect/gateways/api-gateway/configuration/routeauthfilter). - ## Attach the auth filter to your HTTP routes -In the `filters` field of your HTTPRoute configuration, define the filter behavior that results from JWT verification. +In the `filters` field of your HTTP route configuration, add the following fields. Refer to the [`extensionRef` configuration reference](/consul/docs/connect/gateways/api-gateway/configuration/routes#rules-filters-extensionref) for details: - `type: extensionRef`: Declare list of extension references. - `extensionRef.group`: Specifies the resource group. Unless you have created a custom group, this should be set to `gateway.networking.kubernetes.io`. - `extensionRef.kind`: Specifies the type of extension reference to attach to the route. Must be `RouteAuthFilter` - `extensionRef.name`: Specifies the name of the auth filter. -The following example configures an HTTPRoute so that every request to `api-gateway-fqdn:3002/admin` must meet these conditions: - -- The request be signed by the `local` provider. -- The request must have a `role` claim. -- The value of the claim must be `admin`. - -Every other request must be signed by the `local` provider and have a claim of `role` with a value of `user`, as defined in the GatewayPolicy. - - - -```yaml -apiVersion: gateway.networking.k8s.io/v1beta1 -kind: HTTPRoute -metadata: - name: http-route -spec: - parentRefs: - - name: api-gateway - rules: - - matches: - - path: - type: PathPrefix - value: /admin - filters: - - type: ExtensionRef - extensionRef: - group: consul.hashicorp.com - kind: RouteAuthFilter - name: auth-filter - backendRefs: - - kind: Service - name: admin - port: 8080 - - matches: - - path: - type: PathPrefix - value: / - backendRefs: - - kind: Service - name: user-service - port: 8081 +## Apply the configurations + +Run the `kubectl apply` command and specify the values files to apply the configurations. The following example applies the values files stored in the `jwt-routes` directory: + +```shell-session +$ kubectl apply -f jwt-routes ``` - diff --git a/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx b/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx index fda579669fac0..f58d92621ae61 100644 --- a/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx +++ b/website/content/docs/connect/gateways/api-gateway/secure-traffic/verify-jwts-vms.mdx @@ -20,7 +20,6 @@ You can configure API gateways to use JWTs to verify incoming requests so that y Complete the following steps to use JWTs to verify requests: -1. Define a JWTProvider that specifies the JWT provider and claims used to verify requests to the gateway. 1. Configure default and override settings for listeners in the API gateway configuration entry. 1. Define route-specific JWT verification settings as filters in the HTTP route configuration entries. 1. Write the configuration entries to Consul to begin verifying requests using JWTs. @@ -30,155 +29,17 @@ Complete the following steps to use JWTs to verify requests: - Consul 1.17 or later - JWT details, such as claims and provider -## Define a JWTProvider - -Create a JWTProvider config entry that defines the JWT provider to verify claims against. -In the following example, the JWTProvider CRD contains a local JWKS. In production environments, use a production-grade JWKs endpoint instead. - - - -```hcl -Kind = "jwt-provider" -Name = "local" - -Issuer = "local" - -JSONWebKeySet = { - Local = { - JWKS="" - } -} -``` - - - -For more information about the fields you can configure in this CRD, refer to [`JWTProvider` configuration reference](/consul/docs/connect/config-entries/jwtprovider). - ## Configure default and override settings -Define default and override settings for JWT verification in the [API gateway configuration entry](/consul/docs/connect/gateways/api-gateway/configuration/api-gateway). - -1. Add a `default.JWT` block to the listener that you want to apply JWT verification to. Consul applies these configurations to routes attached to the listener. Refer to the [`Listeners.default.JWT`](/consul/docs/connect/config-entries/api-gateway#listeners-default-jwt) configuration reference for details. -1. Add an `override.JWT` block to the listener that you want to apply JWT verification policies to. Consul applies these configurations to all routes attached to the listener, regardless of the `default` or route-specific settings. Refer to the [`Listeners.override.JWT`](/consul/docs/connect/config-entries/api-gateway#listeners-override-jwt) configuration reference for details. -1. Apply the settings in the API gateway configuration entry. You can use the [`/config` API endpoint](/consul/api-docs/config#apply-configuration) or the [`consul config write` command](/consul/commands/config/write). - -The following examples configure a Gateway so that every request coming through the listener must meet these conditions: -- The request must be signed by the `local` provider -- The request must have a claim of `role` with a value of `user` unless the HTTPRoute attached to the listener overrides it - - - -```hcl -Kind = "api-gateway" -Name = "api-gateway" -Listeners = [ - { - Name = "listener-one" - Port = 9001 - Protocol = "http" - Override = { - JWT = { - Providers = [ - { - Name = "local" - } - ] - } - } - default = { - JWT = { - Providers = [ - { - Name = "local" - VerifyClaims = [ - { - Path = ["role"] - Value = "pet" - } - ] - } - ] - } - } - } -] -``` - - +Define default and override settings for JWT verification in the [API gateway configuration entry](/consul/docs/connect/gateways/api-gateway/configuration/api-gateway). + +1. Add a `default.JWT` block to the listener that you want to apply JWT verification to. Consul applies these configurations to routes attached to the listener. Refer to the [`Listeners.default.JWT`](/consul/docs/connect/config-entries/api-gateway#listeners-default-jwt) configuration reference for details. +1. Add an `override.JWT` block to the listener that you want to apply JWT verification policies to. Consul applies these configurations to all routes attached to the listener, regardless of the `default` or route-specific settings. Refer to the [`Listeners.override.JWT`](/consul/docs/connect/config-entries/api-gateway#listeners-override-jwt) configuration reference for details. +1. Apply the settings in the API gateway configuration entry. You can use the [`/config` API endpoint](/consul/api-docs/config#apply-configuration) or the [`consul config write` command](/consul/commands/config/write). ## Configure verification for specific HTTP routes -Define filters to enable route-specific JWT verification settings in the [HTTP route configuration entry](/consul/docs/connect/config-entries/http-route). +Define filters to enable route-specific JWT verification settings in the [HTTP route configuration entry](/consul/docs/connect/config-entries/http-route). 1. Add a `JWT` configuration to the `rules.filter` block. Route-specific configurations that overlap the [default settings ](/consul/docs/connect/config-entries/api-gateway#listeners-default-jwt) in the API gateway configuration entry take precedence. Configurations defined in the [listener override settings](/consul/docs/connect/config-entries/api-gateway#listeners-override-jwt) take the highest precedence. -1. Apply the settings in the API gateway configuration entry. You can use the [`/config` API endpoint](/consul/api-docs/config#apply-configuration) or the [`consul config write` command](/consul/commands/config/write). - -The following example configures an HTTPRoute so that every request to `api-gateway-fqdn:3002/admin` must meet these conditions: -- The request be signed by the `local` provider. -- The request must have a `role` claim. -- The value of the claim must be `admin`. - -Every other request must be signed by the `local` provider and have a claim of `role` with a value of `user`, as defined in the Gateway listener. - - - -```hcl -Kind = "http-route" -Name = "api-gateway-route" -Parents = [ - { - SectionName = "listener-one" - Name = "api-gateway" - Kind = "api-gateway" - }, -] -Rules = [ - { - Matches = [ - { - Path = { - Match = "prefix" - Value = "/admin" - } - } - ] - Filters = { - JWT = { - Providers = [ - { - Name = "local" - VerifyClaims = [ - { - Path = ["role"] - Value = "admin" - } - ] - } - ] - } - } - Services = [ - { - Name = "admin-service" - } - ] - }, - { - Matches = [ - { - Path = { - Match = "prefix" - Value = "/" - } - } - ] - Services = [ - { - Name = "user-service" - } - ] - }, -] -``` - - +1. Apply the settings in the API gateway configuration entry. You can use the [`/config` API endpoint](/consul/api-docs/config#apply-configuration) or the [`consul config write` command](/consul/commands/config/write). diff --git a/website/content/docs/release-notes/consul-k8s/v1_2_x.mdx b/website/content/docs/release-notes/consul-k8s/v1_2_x.mdx index 60c6597fd52ad..3f9ba28083006 100644 --- a/website/content/docs/release-notes/consul-k8s/v1_2_x.mdx +++ b/website/content/docs/release-notes/consul-k8s/v1_2_x.mdx @@ -75,14 +75,6 @@ We are pleased to announce the following Consul updates. For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs. -## Known Issues - -The following issues are known to exist in the v1.2.x releases. Refer to the changelog for more information. - -- v1.2.8 - Service-to-service networking is broken when deployed on OpenShift. OpenShift users are advised to avoid deploying this version of consul-k8s. - A fix is present in the v1.2.9 release [[GH-4038](https://github.com/hashicorp/consul-k8s/pull/4038)]. - - ## Changelogs The changelogs for this major release version and any maintenance versions are listed below. diff --git a/website/content/docs/release-notes/consul-k8s/v1_3_x.mdx b/website/content/docs/release-notes/consul-k8s/v1_3_x.mdx index 4ac0284255b02..30edc3e165ba1 100644 --- a/website/content/docs/release-notes/consul-k8s/v1_3_x.mdx +++ b/website/content/docs/release-notes/consul-k8s/v1_3_x.mdx @@ -45,8 +45,6 @@ For more detailed information, please refer to the [upgrade details page](/consu The following issues are known to exist in the v1.3.x releases. Refer to the changelog for more information. - When using the v2 API with transparent proxy, Kubernetes pods cannot use L7 liveness, readiness, or startup probes. -- v1.3.5 - Service-to-service networking is broken when deployed on OpenShift. OpenShift users are advised to avoid deploying this version of consul-k8s. - A fix is present in the v1.3.6 release [[GH-4037](https://github.com/hashicorp/consul-k8s/pull/4037)]. ## Changelogs diff --git a/website/content/docs/release-notes/consul-k8s/v1_4_x.mdx b/website/content/docs/release-notes/consul-k8s/v1_4_x.mdx index ec264b1359548..8d72391677576 100644 --- a/website/content/docs/release-notes/consul-k8s/v1_4_x.mdx +++ b/website/content/docs/release-notes/consul-k8s/v1_4_x.mdx @@ -41,13 +41,6 @@ Refer to [Supported Consul and Kubernetes versions](/consul/docs/v1.18.x/k8s/com For more detailed information, please refer to the [upgrade details page](/consul/docs/upgrading/upgrade-specific) and the changelogs. -## Known issues - -The following issues are known to exist in the v1.4.x releases: - -- v1.4.2 - Service-to-service networking is broken when deployed on OpenShift. OpenShift users are advised to avoid deploying this version of consul-k8s. - A fix is present in the v1.4.3 release [[GH-4034](https://github.com/hashicorp/consul-k8s/pull/4034)]. - ## Changelogs The changelogs for this major release version and any maintenance versions are listed below. diff --git a/website/content/docs/release-notes/consul/v1_19_x.mdx b/website/content/docs/release-notes/consul/v1_19_x.mdx index 1c753d00f30b1..f13ce1ca842ef 100644 --- a/website/content/docs/release-notes/consul/v1_19_x.mdx +++ b/website/content/docs/release-notes/consul/v1_19_x.mdx @@ -27,7 +27,7 @@ We are pleased to announce the following Consul updates. ## What's deprecated -- **Snapshot Agent (Enterprise):** Starting with this release, top level single snapshot destinations `local_storage`, `aws_storage`, `azure_blob_storage`, and `google_storage` in snapshot agent configuration files are deprecated. Use the [`backup_destinations`](/consul/commands/snapshot/agent#config-file) config object instead. +- **Snapshot Agent (Enterprise):** Starting with this release, top level single snapshot destinations `local_storage`, `aws_storage`, `azure_blob_storage`, and `google_storage` in snapshot agent configuration files are deprecated. Use the [`backup_destinations`](/consul/commands/snapshot/agent#config-file) config object instead. ## Upgrading diff --git a/website/content/docs/security/security-models/core.mdx b/website/content/docs/security/security-models/core.mdx index 1c57c6cc51cb8..1140cdab30e8e 100644 --- a/website/content/docs/security/security-models/core.mdx +++ b/website/content/docs/security/security-models/core.mdx @@ -5,7 +5,7 @@ description: >- The security model for Consul Core details requirements and recommendations for securing your deployment of Consul. Learn about potential threats and how to protect Consul from malicious actors. --- -# Consul security model overview +## Overview Consul enables automation of network configurations, service discovery, and secure network connectivity across any cloud or runtime. @@ -32,7 +32,7 @@ environment, but the general mechanisms for a secure Consul deployment revolve a - **Sentinel Policies** - Sentinel policies enable policy-as-code for granular control over the built-in key-value store. -## Personas +### Personas It helps to consider the following types of personas when managing the security requirements of a Consul deployment. The granularity may change depending on your team's requirements. @@ -60,14 +60,14 @@ The granularity may change depending on your team's requirements. be public facing on the internet such as a web server, typically through a load-balancer, or ingress gateway. This is someone who should not have any network access to the Consul agent APIs. -## Secure Configuration +### Secure Configuration Consul's security model is applicable only if all parts of the system are running with a secure configuration; **Consul is not secure-by-default.** Without the following mechanisms enabled in Consul's configuration, it may be possible to abuse access to a cluster. Like all security considerations, administrators must determine what is appropriate for their environment and adapt these configurations accordingly. -## Requirements +#### Requirements - **mTLS** - Mutual authentication of both the TLS server and client x509 certificates prevents internal abuse through unauthorized access to Consul agents within the cluster. @@ -212,7 +212,7 @@ environment and adapt these configurations accordingly. commands across the cluster. This is disabled by default since 0.8.0. We recommend leaving it disabled. If enabled, extreme care must be taken to ensure correct ACLs restrict access to execute arbitrary code on the cluster. -## Recommendations +#### Recommendations - **Rotate Credentials** - Using short-lived credentials and rotating them frequently is highly recommended for production environments to limit the blast radius from potentially compromised secrets, and enabling basic auditing. @@ -307,7 +307,7 @@ environment and adapt these configurations accordingly. } ``` -## Threat Model +### Threat Model The following are parts of the core Consul threat model: @@ -381,7 +381,7 @@ The following are not part of the threat model for client agents: endpoint. If any of this isn't performed correctly, the proxy or service may allow unauthenticated or unauthorized connections. -## Internal Threats +#### Internal Threats - **Operator** - A malicious internal Consul operator with a valid mTLS certificate and ACL token may still be a threat to your cluster in certain situations, especially in multi-team deployments. They may accidentally or intentionally @@ -409,7 +409,7 @@ The following are not part of the threat model for client agents: information. When ACLs and HTTPS are enabled, the gRPC endpoint serving up the xDS service requires (m)TLS and a valid ACL token. -## External Threats +#### External Threats - **Agents** - External access to the Consul agent's various network endpoints should be considered including the gossip, HTTP, RPC, and gRPC ports. Furthermore, access through other services like SSH or `exec` functionality in diff --git a/website/content/docs/security/security-models/index.mdx b/website/content/docs/security/security-models/index.mdx index eea5cd6ab29f8..bcb8f639af0ff 100644 --- a/website/content/docs/security/security-models/index.mdx +++ b/website/content/docs/security/security-models/index.mdx @@ -5,20 +5,20 @@ description: >- Security models are the set of requirements and recommendations for securely operating a Consul deployment. Learn about security models and how they differ between environments. --- -# Security models overview +## Overview Requirements and recommendations for operating a secure Consul deployment may vary drastically depending on your intended workloads, operating system, and environment. Consul is not secure by default, but can be configured to satisfy the security requirements for a wide-range of use cases from local developer environments without any configuration to container orchestrators in-production with ACL authorization, and mTLS authentication. -## Core +### Core The core Consul product provides several options for enabling encryption, authentication, and authorization controls for a cluster. You can read more about the various personas, recommendations, requirements, and threats [here](/consul/docs/security/security-models/core). -## NIA +### NIA [Network Infrastructure Automation](/consul/docs/nia) (NIA) enables dynamic updates to network infrastructure devices triggered by service changes. Both the core Consul product's configuration and the configuration for the `consul-terraform-sync` diff --git a/website/content/docs/security/security-models/nia.mdx b/website/content/docs/security/security-models/nia.mdx index 6770890654daa..0e6de4982b140 100644 --- a/website/content/docs/security/security-models/nia.mdx +++ b/website/content/docs/security/security-models/nia.mdx @@ -5,7 +5,7 @@ description: >- The NIA security model details requirements and recommendations for securing your Consul-Terraform-Sync (CTS) deployment. Learn about potential threats and how to protect CTS from malicious actors. --- -# Network Infrastructure Automation (NIA) overview +## Overview Network Infrastructure Automation (NIA) enables dynamic updates to network infrastructure devices triggered by service changes using the [Consul Terraform Sync](https://github.com/hashicorp/consul-terraform-sync) (`consul-terraform-sync`) daemon. This daemon uses Consul's catalog to monitor networking information about services along with [Terraform](https://www.terraform.io/)'s provider ecosystem to apply relevant changes to network infrastructure. @@ -13,7 +13,7 @@ The [Secure Consul-Terraform-Sync for Production](/consul/tutorials/network-infr tutorial contains a checklist of best practices to secure your Consul-Terraform-Sync installation for a production environment. -## Personas +### Personas When considering Consul NIA's security model, it helps to think of the following personas. @@ -32,7 +32,7 @@ When considering Consul NIA's security model, it helps to think of the following have no knowledge or access to the daemon's API endpoints, ACL tokens, certificates, or any other piece of the system. -## Secure Configuration +### Secure Configuration Consul NIA's security model is applicable only if all parts of the system are running with a secure configuration; `consul-terraform-sync` is not secure-by-default. Without the following mechanisms enabled in the @@ -40,7 +40,7 @@ daemon's configuration, it may be possible to abuse access to the daemon. Like a considerations, one must determine what concerns are appropriate for their environment, and adapt these security concerns accordingly. -## Requirements +#### Requirements - **Protect Configuration Files and Directories** - A dedicated NIA user and group with limited permissions should be created for production, along with directory, and file permissions appropriately @@ -68,7 +68,7 @@ security concerns accordingly. - **Read** permission for Consul Catalog for all of the selected services to be monitored, and their namespaces. - **Read + Write** permission to update health checks, when using NIA health monitoring. -## Recommendations +#### Recommendations - **Use Dedicated Host** - The NIA daemon will potentially have access to critical secrets for your environment's network infrastructure. Using a hardened, dedicated host, for supporting these sensitive operations is highly recommended. @@ -85,7 +85,7 @@ security concerns accordingly. are configured with the NIA daemon should be audited to ensure you're only using providers from sources that you trust. -## Threat Model +### Threat Model The following are the parts of the NIA threat model: @@ -131,7 +131,7 @@ a production deployment: - **Access to the Consul-Terraform-Sync Binary** - Direct access to the system binary used to start the NIA daemon can allow an attacker to extract sensitive information. -## Internal Threats +#### Internal Threats - **NIA Operator** - Someone with access to the NIA Host, and it's related binaries or configuration files may be a threat to your deployment, especially considering multi-team deployments. They may accidentally or intentionally use a @@ -150,7 +150,7 @@ a production deployment: means. Extra steps to configuring OS, cluster, service, user, directory, and file permissions are essential steps for implementing defense-in-depth within a production environment. -## External Threats +#### External Threats - **Terraform Providers and Modules** - Potentially malicious providers or modules, or any malicious dependencies part of the Terraform ecosystem could cause harm to the network, and may have access to secrets in order to make necessary diff --git a/website/content/docs/services/discovery/dns-forwarding/enable.mdx b/website/content/docs/services/discovery/dns-forwarding/enable.mdx deleted file mode 100644 index b165c2c8fa37f..0000000000000 --- a/website/content/docs/services/discovery/dns-forwarding/enable.mdx +++ /dev/null @@ -1,420 +0,0 @@ ---- -layout: docs -page_title: Enable DNS forwarding -description: -> - Learn how to configure different DNS servers to perform DNS forwarding to Consul servers. ---- - -# Enable DNS forwarding - -This page describes the process to enable DNS forwarding to Consul servers. - -You can apply these operations on every node where a Consul agent is running. - -## Requirements - -To enable DNS forwarding, your deployment must have the following: - -- A running Consul server instance -- One or more Consul client nodes with registered services in the Consul catalog -- The `iptables` command available, or one of the following local DNS servers: - - [systemd-resolved](#systemd-resolved) - - [BIND](#bind) - - [Dnsmasq](#dnsmasq) - - [Unbound](#unbound) - - [macOS system resolver](#macos) - -### Network address configuration - -The example configurations on this page assumes Consul's DNS server is listening on the loopback interface on the same node of the local DNS server. - -If Consul is not listening on the loopback IP, replace the references to `localhost` and `120.0.0.1` in the configuration and commands with the appropriate IP address for your environment. - -## systemd-resolved - -[`systemd-resolved`](https://www.freedesktop.org/software/systemd/man/latest/systemd-resolved.service.html) is a system service that provides network name resolution to local applications. It is the default local DNS server for many Linux distributions. - -To configure the `systemd-resolved` service so that it sends `.consul` domain queries to Consul, create a `consul.conf` file located in the `/etc/systemd/resolved.conf.d/` directory. - - - - -Add a `[Resolve]` section to your resolved configuration. - - - -```ini -[Resolve] -DNS=127.0.0.1 -DNSSEC=false -Domains=~consul -``` - - - -### Define port for Consul DNS server - -When using systemd 245 and older, you cannot specify port numbers in the `DNS` configuration field. systemd-resolved only uses port `53`, which is a privileged port. - -When you cannot specify ports for the system's configuration, there are two workarounds: - - [Configure Consul DNS service to listen on port `53`](/consul/docs/agent/config/config-files#dns_port) instead of `8600`. - - Map port `53` to `8600` using `iptables`. - -Binding to port `53` usually requires running Consul as a privileged user or running Linux with the `CAP_NET_BIND_SERVICE` capability. -When using the Consul Docker image, add the following to the environment to allow Consul to use the port: `CONSUL_ALLOW_PRIVILEGED_PORTS=yes`. - -To avoid running Consul as a privileged user, the following `iptables` commands are sufficient to map port `53` to `8600` and redirect DNS queries to Consul. - -```shell-session -# iptables --table nat --append OUTPUT --destination localhost --protocol udp --match udp --dport 53 --jump REDIRECT --to-ports 8600 \ - iptables --table nat --append OUTPUT --destination localhost --protocol tcp --match tcp --dport 53 --jump REDIRECT --to-ports 8600 -``` - - - - - -Systemd 246 and newer allow you to specify the DNS port directly in the `systemd-resolved` configuration file. -Previous versions of systemd required iptables rules to direct DNS traffic to Consul. - -Add a `[Resolve]` section to your resolved configuration. - - - -```ini -[Resolve] -DNS=127.0.0.1:8600 -DNSSEC=false -Domains=~consul -``` - - - - - - -PTR record queries are still sent to the other configured resolvers, in addition to Consul. - -After creating the resolved configuration, restart `systemd-resolved`. - -```shell-session -# systemctl restart systemd-resolved -``` - -The command produces no output. - -### Validate the systemd-resolved configuration - -Validate that `systemd-resolved` is active. - -```shell-session -# systemctl is-active systemd-resolved -active -``` - -Verify that `systemd-resolved` is configured to forward queries for the `consul` domain to Consul. - -```shell-session -# resolvectl domain -Global: ~consul -Link 2 (eth0): -``` - -Verify that `systemd-resolved` is able to resolve the Consul server address. - -```shell-session -# resolvectl query consul.service.consul -consul.service.consul: 127.0.0.1 - --- Information acquired via protocol DNS in 6.6ms. --- Data is authenticated: no -``` - -Confirm that `/etc/resolv.conf` points to the `stub-resolv.conf` file managed by `systemd-resolved`. - -```shell-session -$ ls -l /etc/resolv.conf -lrwxrwxrwx 1 root root 37 Jul 14 10:10 /etc/resolv.conf -> /run/systemd/resolve/stub-resolv.conf -``` - -Confirm that the IP address for `systemd-resolved`'s stub resolver is the configured `nameserver`. - - - -```shell-session -$ cat /etc/resolv.conf -## This file is managed by man:systemd-resolved(8). Do not edit. -## -## This is a dynamic resolv.conf file for connecting local clients to the -## internal DNS stub resolver of systemd-resolved. This file lists all -## configured search domains. -## -## Run "resolvectl status" to see details about the uplink DNS servers -## currently in use. -## -## Third party programs must not access this file directly, but only through the -## symlink at /etc/resolv.conf. To manage man:resolv.conf(5) in a different way, -## replace this symlink by a static file or a different symlink. -## -## See man:systemd-resolved.service(8) for details about the supported modes of -## operation for /etc/resolv.conf. - -nameserver 127.0.0.53 -options edns0 -``` - - - -Ensure that the operating system can resolve DNS queries to the `.consul` domain. - -```shell-session -$ host consul.service.consul -consul.service.consul has address 127.0.0.1 -``` - -### Using any local resolver with systemd - -By default, the local resolver stub in the `resolved.conf` file is configured to listen for UDP and TCP requests at `127.0.0.53:53`. However, you can set the `DNSStubListener` option to `false` so that your system can use any DNS configuration, as long as it loads earlier than `resolved`. - - - -```plaintext -DNSStubListener=false -``` - - - -## Dnsmasq - -Use [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/doc.html) if you have a small network and need a lightweight DNS solution. - - - -If your distribution uses systemd, disable `systemd-resolved` before you follow these steps. - - - -Configure the `dnsmasq.conf` file or a series of files in the `/etc/dnsmasq.d` directory. Add server settings to your configuration file so that requests for the `consul` domain are forwarded to Consul DNS. - - - -```plaintext -# Enable forward lookup of the 'consul' domain: -server=/consul/127.0.0.1#8600 - -# Uncomment and modify as appropriate to enable reverse DNS lookups for -# common netblocks found in RFC 1918, 5735, and 6598: -#rev-server=0.0.0.0/8,127.0.0.1#8600 -#rev-server=10.0.0.0/8,127.0.0.1#8600 -#rev-server=100.64.0.0/10,127.0.0.1#8600 -#rev-server=127.0.0.1/8,127.0.0.1#8600 -#rev-server=169.254.0.0/16,127.0.0.1#8600 -#rev-server=172.16.0.0/12,127.0.0.1#8600 -#rev-server=192.168.0.0/16,127.0.0.1#8600 -#rev-server=224.0.0.0/4,127.0.0.1#8600 -#rev-server=240.0.0.0/4,127.0.0.1#8600 -# Accept DNS queries only from hosts whose address is on a local subnet. -#local-service -# Don't poll /etc/resolv.conf for changes. -#no-poll -# Don't read /etc/resolv.conf. Get upstream servers only from the command -# line or the dnsmasq configuration file (see the "server" directive below). -#no-resolv -# Specify IP address(es) of other DNS servers for queries not handled -# directly by consul. There is normally one 'server' entry set for every -# 'nameserver' parameter found in '/etc/resolv.conf'. See dnsmasq(8)'s -# 'server' configuration option for details. -#server=1.2.3.4 -#server=208.67.222.222 -#server=8.8.8.8 -# Set the size of dnsmasq's cache. The default is 150 names. Setting the -# cache size to zero disables caching. -#cache-size=65536 -``` - - - -Restart the `dnsmasq` service after creating the configuration. - -Refer to [`dnsmasq(8)`](http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html) for additional configuration settings such as specifying IP addresses for queries not handled directly by Consul. - - -## BIND - -[BIND](https://www.isc.org/bind/) is a robust DNS system. Its most prominent component, `named`, performs both of the main DNS server roles, acts as an authoritative name server for DNS zones, and is a recursive resolver in the network. - - - -If your distribution uses systemd, disable `systemd-resolved` before you follow these steps. - - - -To configure the BIND service to send `.consul` domain queries to Consul: - -1. Create a `named` configuration file with `DNSSEC` disabled. -1. Create a zone configuration file to manage the `.consul` domain. - -### Named configuration file - -Edit the `/etc/named.conf` to configure your BIND instance. Remember to disable `DNSSEC` so that Consul and BIND can communicate. Add an `include` section to include the zone file that you create in the next step. - -The following example shows a BIND configuration with `DNSSEC` disabled. - - - -```plaintext -options { - listen-on port 53 { 127.0.0.1; }; - listen-on-v6 port 53 { ::1; }; - directory "/var/named"; - dump-file "/var/named/data/cache_dump.db"; - statistics-file "/var/named/data/named_stats.txt"; - memstatistics-file "/var/named/data/named_mem_stats.txt"; - allow-query { localhost; }; - recursion yes; - - dnssec-enable no; - dnssec-validation no; - - /* Path to ISC DLV key */ - bindkeys-file "/etc/named.iscdlv.key"; - - managed-keys-directory "/var/named/dynamic"; -}; - -include "/etc/named/consul.conf"; -``` - - - -### Zone configuration file - -Set up a zone for your Consul-managed records in `consul.conf`. - - - -```dns-zone-file -zone "consul" IN { - type forward; - forward only; - forwarders { 127.0.0.1 port 8600; }; -}; -``` - - - -## Unbound - -Use [Unbound](https://www.unbound.net/) when you need a fast and lean DNS resolver for Linux and macOS. - - - -If your distribution uses systemd, disable `systemd-resolved` before you follow these steps. - - - - -The following example demonstrates a configuration for the `consul.conf` file in the `/etc/unbound/unbound.conf.d` directory. - -Add `server` and `stub-zone` settings to your Unbound configuration file. - - - -```plaintext -#Allow insecure queries to local resolvers -server: - do-not-query-localhost: no - domain-insecure: "consul" - -#Add consul as a stub-zone -stub-zone: - name: "consul" - stub-addr: 127.0.0.1@8600 -``` - - - -You may have to add the following line to the bottom of your `/etc/unbound/unbound.conf` file for the new configuration to be included. - - - -```plaintext -include: "/etc/unbound/unbound.conf.d/*.conf" -``` - - - -## iptables - -[iptables](https://www.netfilter.org/projects/iptables/index.html) is a generic firewalling software that allows you to define traffic rules for your system. - -If you do not have a local DNS server on the Consul agent node, use `iptables` to forward DNS requests on port `53` to the Consul agent running on the same machine without using a secondary service. - -This configuration realizes full DNS forwarding, which means that all DNS queries for the host are forwarded to Consul, not just the ones for the `.consul` top level domain. Consul's default configuration resolves only the `.consul` top level domain, so you must set the [`recursors`](/consul/docs/agent/config/config-files#recursors) flag if you want your node to be able to resolve other domains when using `iptables` configuration. - -If you use DNS relay hosts in your network, do not place them on the same host as Consul. The redirects may intercept the traffic. - -### Configure Consul recursors - -Add recursors to your Consul configuration. - - - -```hcl -# DNS recursors -recursors = [ "1.1.1.1" ] -``` - - - -Recursors should not include the `localhost` address because the `iptables` redirects would intercept the requests. - -You can replace the `1.1.1.1` address in the example with another DNS server address. This is suitable for situations where an external DNS -service is already running in your infrastructure and is used as the recursor. - -### Create iptables rules - -After you configure Consul to use a valid recursor, add rules to `iptables` to redirect traffic from port `53` to port `8600`. - -```shell-session -# iptables -t nat -A PREROUTING -p udp -m udp --dport 53 -j REDIRECT --to-ports 8600 \ - iptables -t nat -A PREROUTING -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 8600 \ - iptables -t nat -A OUTPUT -d localhost -p udp -m udp --dport 53 -j REDIRECT --to-ports 8600 \ - iptables -t nat -A OUTPUT -d localhost -p tcp -m tcp --dport 53 -j REDIRECT --to-ports 8600 -``` - -## macOS - -On macOS systems, use the macOS system resolver to point all `.consul` requests to Consul. -The `man 5 resolver` command describes this feature in more detail. - -The following instructions require `sudo` or root access. - -To configure the macOS system resolver to forward DNS queries to Consul, add a resolver entry in the `/etc/resolver/` directory that points at the Consul agent. - -If you do not have this folder, create it. - -```shell-session -# mkdir -p /etc/resolver -``` - -Create a new file `/etc/resolver/consul` with `nameserver` and `port` entries. - - - -```plaintext -nameserver 127.0.0.1 -port 8600 -``` - - - -The configuration informs the macOS resolver daemon to forward all `.consul` TLD requests to `127.0.0.1` on port `8600`. - -## Next steps - -This instructions on this page helped you configure your node to forward DNS requests to Consul. - -To learn more on how to query Consul DNS once forwarding is enabled, refer to [DNS forwarding workflow](/consul/docs/services/discovery/dns-forwarding#workflow). - -For more information on other DNS features and configurations available in Consul, refer to [DNS usage overview](/consul/docs/services/discovery/dns-overview). \ No newline at end of file diff --git a/website/content/docs/services/discovery/dns-forwarding/index.mdx b/website/content/docs/services/discovery/dns-forwarding/index.mdx deleted file mode 100644 index 1ee28417397f1..0000000000000 --- a/website/content/docs/services/discovery/dns-forwarding/index.mdx +++ /dev/null @@ -1,186 +0,0 @@ ---- -layout: docs -page_title: DNS forwarding -description: -> - Learn how to configure your local DNS servers to perform DNS forwarding to Consul servers. ---- - -# DNS forwarding - -This topic describes the process to configure different DNS servers to enable DNS forwarding to Consul servers. - -You can apply these operations on every node where a Consul agent is running. - -## Introduction - -You deployed a Consul datacenter and want to use Consul DNS interface for name resolution. - -When configured with default values, Consul exposes the DNS interface on port `8600`. By default, DNS is served from port `53`. On most operating systems, this requires elevated privileges. It is also common, for most operating systems, to have a local DNS server already running on port `53`. - -Instead of running Consul with an administrative or root account, you can forward appropriate queries to Consul, running on an unprivileged port, from another DNS server or using port redirect. - -There are two configurations for a node's DNS forwarding behavior: - - **Conditional DNS forwarding**: the local DNS servers are configured to forward to Consul only queries relative to the `.consul` zone. All other queries are still served via the default DNS server in the node. - - **Full DNS forwarding**: Consul serves all DNS queries and forwards to a remote DNS server the ones outside `.consul` domain. - -### Conditional DNS forwarding - -We recommend the conditional DNS forwarding approach. This configuration lowers the Consul agent's resource consumption by limiting the number of DNS requests it handles. - -![Consul DNS conditional forwarding - Only .consul requests are routed to Consul](/img/consul-dns-conditional-forwarding.png#light-theme-only) -![Consul DNS conditional forwarding - Only .consul requests are routed to Consul](/img/consul-dns-conditional-forwarding-dark.png#dark-theme-only) - -In this configuration, Consul only serves queries relative to the `.consul` domain. There is no unnecessary load on Consul servers to serve queries from different domains. - -This behavior is not enabled by default. - -### Full DNS forwarding - -This approach can be useful in scenarios where the Consul agent's node is allocated limited resources and you want to avoid the overhead of running a local DNS server. In this configuration, Consul serves all DNS queries for all domains and forwards the ones outside the `.consul` domain to one or more configured forwarder servers. - -![Consul DNS forwarding - All requests are routed to Consul](/img/consul-dns-forwarding.png#light-theme-only) -![Consul DNS forwarding - All requests are routed to Consul](/img/consul-dns-forwarding-dark.png#dark-theme-only) - -This behavior is not enabled by default. Consul standard configuration only resolves DNS records inside the `.consul` zone. To enable DNS forwarding, you need to set the [recursors](/consul/docs/agent/config/config-files#recursors) option in your Consul configuration. - -In this scenario, if a Consul DNS reply includes a `CNAME` record pointing outside the `.consul` top level domain, then the DNS reply only includes `CNAME` records by default. - -When `recursors` is set and the upstream resolver is functioning correctly, Consul tries to resolve CNAMEs and include any records (for example, A, AAAA, PTR) for them in its DNS reply. In these scenarios, Consul is used for full DNS forwarding and is able to serve queries for all domains. - -## Workflow - -To use DNS forwarding in Consul deployments, complete the following steps: - -1. Configure the local DNS service to enable DNS forwarding to Consul. Follow the instructions for one of the following services: - - - [systemd-resolved](/consul/docs/services/discovery/dns-forwarding/enable#systemd-resolved) - - [BIND](/consul/docs/services/discovery/dns-forwarding/enable#bind) - - [Dnsmasq](/consul/docs/services/discovery/dns-forwarding/enable#dnsmasq) - - [Unbound](/consul/docs/services/discovery/dns-forwarding/enable#unbound) - - [iptables](/consul/docs/services/discovery/dns-forwarding/enable#iptables) - - [macOS system resolver](/consul/docs/services/discovery/dns-forwarding/enable#macOS) - -1. Query the Consul DNS to confirm that DNS forwarding functions correctly. - - ```shell-session - $ dig consul.service.consul A - - ; <<>> DiG 9.16.48-Debian <<>> consul.service.consul A - ;; global options: +cmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51736 - ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 - - ;; OPT PSEUDOSECTION: - ; EDNS: version: 0, flags:; udp: 65494 - ;; QUESTION SECTION: - ;consul.service.consul. IN A - - ;; ANSWER SECTION: - consul.service.consul. 0 IN A 10.0.4.140 - consul.service.consul. 0 IN A 10.0.4.121 - consul.service.consul. 0 IN A 10.0.4.9 - - ;; Query time: 4 msec - ;; SERVER: 127.0.0.53#53(127.0.0.53) - ;; WHEN: Wed Jun 26 20:47:05 UTC 2024 - ;; MSG SIZE rcvd: 98 - - ``` - -1. Optionally, verify reverse DNS. - - ```shell-session - $ dig 140.4.0.10.in-addr.arpa. PTR - - ; <<>> DiG 9.16.48-Debian <<>> 140.4.0.10.in-addr.arpa. PTR - ;; global options: +cmd - ;; Got answer: - ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35085 - ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 - - ;; OPT PSEUDOSECTION: - ; EDNS: version: 0, flags:; udp: 65494 - ;; QUESTION SECTION: - ;140.4.0.10.in-addr.arpa. IN PTR - - ;; ANSWER SECTION: - 140.4.0.10.in-addr.arpa. 0 IN PTR consul-server-0.node.dc1.consul. - - ;; Query time: 0 msec - ;; SERVER: 127.0.0.53#53(127.0.0.53) - ;; WHEN: Wed Jun 26 20:47:57 UTC 2024 - ;; MSG SIZE rcvd: 97 - - ``` - - You can use the `short` option for `dig` to only get the node name instead of the full output. - - ```shell-session - $ dig +short -x 10.0.4.140 - consul-server-0.node.dc1.consul. - ``` - -## Troubleshooting - -If your DNS server does not respond but you do get an answer from Consul, turn on your DNS server's query log to check for errors. - -### systemd-resolved - -Enable query logging for `systemd-resolved`: - -```shell-session -# resolvectl log-level debug -``` - -Check query log: - -```shell-session -# journalctl -r -u systemd-resolved -``` - -Disable query logging: - -```shell-session -# resolvectl log-level info -``` - -DNS forwarding may fail if you use the default `systemd-resolved` configuration and attempt to bind to `0.0.0.0`. The default configuration uses a DNS stub that listens for UDP and TCP requests at `127.0.0.53`. As a result, attempting to bind to `127.0.0.53` conflicts with the running stub. You can disable the stub as described in the [Using any local resolver with systemd](/consul/docs/services/discovery/dns-forwarding/enable#using-any-local-resolver-with-systemd) section to troubleshoot this problem. - -### Dnsmasq - -To enable query log refer to [Dnsmasq documentation](https://thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html). - -In particular, look for the `log-queries` and `log-facility` configuration option. - -When query log is enabled, it is possible to force Dnsmasq to emit a full cache dump using the `SIGUSR1` signal. - -### BIND - -Enable query log: - -```shell-session -$ rndc querylog -``` - -Check logs: - -```shell-session -$ tail -f /var/log/messages -``` - -The log may show errors like this: - - - -```plaintext -error (no valid RRSIG) resolving -error (no valid DS) resolving -``` - - - -This error indicates that `DNSSEC` is not disabled properly. - -If you receive errors about network connections, verify that there are no firewall -or routing problems between the servers running BIND and Consul. diff --git a/website/content/docs/services/discovery/dns-overview.mdx b/website/content/docs/services/discovery/dns-overview.mdx index dd2b22bcf113c..34e92e5fe8a22 100644 --- a/website/content/docs/services/discovery/dns-overview.mdx +++ b/website/content/docs/services/discovery/dns-overview.mdx @@ -30,12 +30,6 @@ If you are using Consul for service mesh on VMs, you can use upstreams or DNS. W If you are using Consul on Kubernetes, refer to [the upstreams annotation documentation](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) for additional information. -## DNS forwarding - -You can configure your local DNS servers to use Consul. - -Refer to [DNS Forwarding](/consul/docs/services/discovery/dns-forwarding) for additional information. - ## Static queries Node lookups and service lookups are the fundamental types of static queries. Depending on your use case, you may need to use different query methods and syntaxes to query the DNS for services and nodes. diff --git a/website/content/partials/cli-http-api-partition-options.mdx b/website/content/partials/cli-http-api-partition-options.mdx deleted file mode 100644 index eb96310a37b91..0000000000000 --- a/website/content/partials/cli-http-api-partition-options.mdx +++ /dev/null @@ -1 +0,0 @@ -- `-partition=` - Specifies the admin partition to query. If not provided, the partition is inferred from the request's ACL token, or defaults to the `default` partition. diff --git a/website/content/partials/http-api-body-options-partition.mdx b/website/content/partials/http-api-body-options-partition.mdx deleted file mode 100644 index cf2acd813caf1..0000000000000 --- a/website/content/partials/http-api-body-options-partition.mdx +++ /dev/null @@ -1,2 +0,0 @@ - -- `Partition` `(string: "")` - The admin partition to use. If not provided, the partition is inferred from the request's ACL token, or defaults to the `default` partition. \ No newline at end of file diff --git a/website/content/partials/http-api-query-parms-partition.mdx b/website/content/partials/http-api-query-parms-partition.mdx deleted file mode 100644 index 8d954d86c53ce..0000000000000 --- a/website/content/partials/http-api-query-parms-partition.mdx +++ /dev/null @@ -1 +0,0 @@ -- `partition` `(string: "")` - The admin partition to use. If not provided, the partition is inferred from the request's ACL token, or defaults to the `default` partition. \ No newline at end of file diff --git a/website/content/partials/http_api_partition_options.mdx b/website/content/partials/http_api_partition_options.mdx new file mode 100644 index 0000000000000..a290c38201e5c --- /dev/null +++ b/website/content/partials/http_api_partition_options.mdx @@ -0,0 +1 @@ +- `-partition=` - Specifies the partition to query. If not provided, the partition will be inferred from the request's ACL token, or will default to the `default` partition. Partitions are a Consul Enterprise feature added in v1.11.0. diff --git a/website/data/docs-nav-data.json b/website/data/docs-nav-data.json index c883f29a5becb..38126b547e4c7 100644 --- a/website/data/docs-nav-data.json +++ b/website/data/docs-nav-data.json @@ -389,19 +389,6 @@ "title": "Configure DNS behavior", "path": "services/discovery/dns-configuration" }, - { - "title": "DNS forwarding", - "routes": [ - { - "title": "Overview", - "path": "services/discovery/dns-forwarding" - }, - { - "title": "Enable DNS forwarding", - "path": "services/discovery/dns-forwarding/enable" - } - ] - }, { "title": "Perform static DNS lookups", "path": "services/discovery/dns-static-lookups" diff --git a/website/public/img/architecture/cluster-peering-diagram.png b/website/public/img/architecture/cluster-peering-diagram.png deleted file mode 100644 index 66a81dfc21bdd..0000000000000 Binary files a/website/public/img/architecture/cluster-peering-diagram.png and /dev/null differ diff --git a/website/public/img/architecture/consul-singleDC-redundancyzones.png b/website/public/img/architecture/consul-singleDC-redundancyzones.png deleted file mode 100644 index e57955280f004..0000000000000 Binary files a/website/public/img/architecture/consul-singleDC-redundancyzones.png and /dev/null differ diff --git a/website/public/img/consul-dns-conditional-forwarding-dark.png b/website/public/img/consul-dns-conditional-forwarding-dark.png deleted file mode 100644 index b54ed817eb6c4..0000000000000 Binary files a/website/public/img/consul-dns-conditional-forwarding-dark.png and /dev/null differ diff --git a/website/public/img/consul-dns-conditional-forwarding.png b/website/public/img/consul-dns-conditional-forwarding.png deleted file mode 100644 index 82ea08a11b2a5..0000000000000 Binary files a/website/public/img/consul-dns-conditional-forwarding.png and /dev/null differ diff --git a/website/public/img/consul-dns-forwarding-dark.png b/website/public/img/consul-dns-forwarding-dark.png deleted file mode 100644 index 9ff518397b817..0000000000000 Binary files a/website/public/img/consul-dns-forwarding-dark.png and /dev/null differ diff --git a/website/public/img/consul-dns-forwarding.png b/website/public/img/consul-dns-forwarding.png deleted file mode 100644 index bffce6e333a97..0000000000000 Binary files a/website/public/img/consul-dns-forwarding.png and /dev/null differ