Merge branch 'main' into spatel/NET-2692-resource-service-watchlist-e…

…ndpoint

.changelog/16577.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: update typography to styles from hds
+```

.changelog/16592.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+ca: Fixes a bug where updating Vault CA Provider config would cause TLS issues in the service mesh
+```

.changelog/16647.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+raft_logstore: Fixes a bug where restoring a snapshot when using the experimental WAL storage backend causes a panic.
+```

.changelog/16649.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+gateways: Adds validation to ensure the API Gateway has a listener defined when created
+```

.changelog/16660.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+ui: fix PUT token request with adding missed AccessorID property to requestBody
+```

.changelog/16661.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+gateways: Fixes a bug API gateways using HTTP listeners were taking upwards of 15 seconds to get configured over xDS.
+```

.changelog/16673.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+peering: Fixes a bug where the importing partition was not added to peered failover targets, which causes issues when the importing partition is a non-default partition.
+```

.changelog/16700.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+audit-logging: (Enterprise only) Fix a bug where `/agent/monitor` and `/agent/metrics` endpoints return a `Streaming not supported` error when audit logs are enabled. This also fixes the delay receiving logs when running `consul monitor` against an agent with audit logs enabled.
+```

.changelog/16729.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+peering: Fix issue resulting in prepared query failover to cluster peers never un-failing over.
+```

.changelog/16781.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+gateway: **(Enterprise only)** Fix bug where namespace/partition would fail to unmarshal for TCPServices.
+```

.changelog/_16677.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+gateway: **(Enterprise only)** Fix bug where routes defined in a different namespace than a gateway would fail to register. [[GH-16677](https://github.com/hashicorp/consul/pull/16677)].
+```

.changelog/_4696.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+peering: **(Consul Enterprise only)** Fix issue where connect-enabled services with peer upstreams incorrectly required `service:write` access in the `default` namespace to query data, which was too restrictive. Now having `service:write` to any namespace is sufficient to query the peering data.
+```

.changelog/_4832.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+peering: **(Consul Enterprise only)** Fix issue where resolvers, routers, and splitters referencing peer targets may not work correctly for non-default partitions and namespaces. Enterprise customers leveraging peering are encouraged to upgrade both servers and agents to avoid this problem.
+```

.circleci/bash_env.sh

@@ -1,4 +1,7 @@
 #!/bin/bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 
 export GIT_COMMIT=$(git rev-parse --short HEAD)
 export GIT_COMMIT_YEAR=$(git show -s --format=%cd --date=format:%Y HEAD)

.circleci/config.yml

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 ---
 version: 2.1
 
@@ -6,10 +9,6 @@ parameters:
     type: string
     default: ""
     description: "Commit to run load tests against"
-  trigger-load-test:
-    type: boolean
-    default: false
-    description: "Boolean whether to run the load test workflow"
 
 references:
   paths:
@@ -43,7 +42,7 @@ references:
     # When updating the Go version, remember to also update the versions in the
     # workflows section for go-test-lib jobs.
     go: &GOLANG_IMAGE docker.mirror.hashicorp.services/cimg/go:1.20.1
-    ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:14-browsers
+    ember: &EMBER_IMAGE docker.mirror.hashicorp.services/circleci/node:16-browsers
     ubuntu: &UBUNTU_CI_IMAGE ubuntu-2004:202201-02
   cache:
     yarn: &YARN_CACHE_KEY consul-ui-v9-{{ checksum "ui/yarn.lock" }}
@@ -1073,78 +1072,6 @@ jobs:
           path: *TEST_RESULTS_DIR
       - run: *notify-slack-failure
 
-  # Run load tests against a commit
-  load-test:
-    docker:
-      - image: hashicorp/terraform:latest
-    environment:
-      AWS_DEFAULT_REGION: us-east-2
-      BUCKET: consul-ci-load-tests
-      BASH_ENV: /etc/profile
-    shell: /bin/sh -leo pipefail
-    steps:
-      - checkout
-      - run: apk add jq curl bash
-      - run:
-          name: export load-test credentials
-          command: |
-            echo "export AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID_LOAD_TEST" >> $BASH_ENV
-            echo "export AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY_LOAD_TEST" >> $BASH_ENV
-      - run:
-          name: export role arn
-          command: |
-            echo "export TF_VAR_role_arn=$ROLE_ARN_LOAD_TEST" >> $BASH_ENV
-      - run:
-          name: setup TF_VARs
-          command: |
-            # if pipeline.parameters.commit="" it was not triggered/set through the API
-            # so we use the latest commit from _this_ branch. This is the case for nightly tests.
-            if [ "<< pipeline.parameters.commit >>" = "" ]; then
-              LOCAL_COMMIT_SHA=$(git rev-parse HEAD)
-            else
-              LOCAL_COMMIT_SHA="<< pipeline.parameters.commit >>"
-            fi
-            echo "export LOCAL_COMMIT_SHA=${LOCAL_COMMIT_SHA}" >> $BASH_ENV
-            git checkout ${LOCAL_COMMIT_SHA}
-
-            short_ref=$(git rev-parse --short ${LOCAL_COMMIT_SHA})
-            echo "export TF_VAR_ami_owners=$LOAD_TEST_AMI_OWNERS" >> $BASH_ENV
-            echo "export TF_VAR_vpc_name=$short_ref" >> $BASH_ENV
-            echo "export TF_VAR_cluster_name=$short_ref" >> $BASH_ENV
-            echo "export TF_VAR_consul_download_url=https://${S3_ARTIFACT_BUCKET}.s3.${AWS_DEFAULT_REGION}.amazonaws.com/${S3_ARTIFACT_PATH}/${LOCAL_COMMIT_SHA}.zip" >> $BASH_ENV
-      - run:
-          name: wait for dev build from test-integrations workflow
-          command: |
-            echo "curl-ing https://${S3_ARTIFACT_BUCKET}.s3.${AWS_DEFAULT_REGION}.amazonaws.com/${S3_ARTIFACT_PATH}/${LOCAL_COMMIT_SHA}.zip"
-            until [ $SECONDS -ge 300 ] && exit 1; do
-              curl -o /dev/null --fail --silent "https://${S3_ARTIFACT_BUCKET}.s3.${AWS_DEFAULT_REGION}.amazonaws.com/${S3_ARTIFACT_PATH}/${LOCAL_COMMIT_SHA}.zip" && exit
-              echo -n "."
-              sleep 2
-            done
-      - run:
-          working_directory: .circleci/terraform/load-test
-          name: terraform init
-          command: |
-            short_ref=$(git rev-parse --short HEAD)
-            echo "Testing commit id: $short_ref"
-            terraform init \
-            -backend-config="bucket=${BUCKET}" \
-            -backend-config="key=${LOCAL_COMMIT_SHA}" \
-            -backend-config="region=${AWS_DEFAULT_REGION}" \
-            -backend-config="role_arn=${ROLE_ARN_LOAD_TEST}"
-      - run:
-          working_directory: .circleci/terraform/load-test
-          name: run terraform apply
-          command: |
-            terraform apply -auto-approve
-      - run:
-          working_directory: .circleci/terraform/load-test
-          when: always
-          name: terraform destroy
-          command: |
-            for i in $(seq 1 5); do terraform destroy -auto-approve && s=0 && break || s=$? && sleep 20; done; (exit $s)
-      - run: *notify-slack-failure
-
   # The noop job is a used as a very fast job in the verify-ci workflow because every workflow
   # requires at least one job. It does nothing.
   noop:
@@ -1161,7 +1088,6 @@ workflows:
     jobs: [noop]
 
   go-tests:
-    unless: << pipeline.parameters.trigger-load-test >>
     jobs:
       - check-go-mod: &filter-ignore-non-go-branches
           filters:
@@ -1224,7 +1150,6 @@ workflows:
       - go-test-32bit: *filter-ignore-non-go-branches
       - noop
   build-distros:
-    unless: << pipeline.parameters.trigger-load-test >>
     jobs:
       - check-go-mod: *filter-ignore-non-go-branches
       - build-386: &require-check-go-mod
@@ -1256,7 +1181,6 @@ workflows:
           context: consul-ci
       - noop
   test-integrations:
-    unless: << pipeline.parameters.trigger-load-test >>
     jobs:
       - dev-build: *filter-ignore-non-go-branches
       - dev-upload-s3: &dev-upload
@@ -1300,7 +1224,6 @@ workflows:
 
       - noop
   frontend:
-    unless: << pipeline.parameters.trigger-load-test >>
     jobs:
       - frontend-cache:
           filters:
@@ -1333,19 +1256,3 @@ workflows:
           requires:
             - ember-build-ent
       - noop
-
-  load-test:
-    when: << pipeline.parameters.trigger-load-test >>
-    jobs:
-      - load-test
-
-  nightly-jobs:
-    triggers:
-      - schedule:
-          cron: "0 4 * * *" # 4AM UTC <> 12AM EST <> 9PM PST should have no impact
-          filters:
-            branches:
-              only:
-                - main
-    jobs:
-      - load-test

.circleci/scripts/rerun-fails-report.sh

@@ -1,4 +1,7 @@
 #!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 #
 # Add a comment on the github PR if there were any rerun tests.
 #

.circleci/terraform/load-test/main.tf

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 terraform {
   backend "s3" {
   }

.circleci/terraform/load-test/variables.tf

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 variable "vpc_name" {
   description = "Name of the VPC"
 }

.copywrite.hcl

@@ -0,0 +1,16 @@
+schema_version = 1
+
+project {
+  license        = "MPL-2.0"
+  copyright_year = 2013
+
+  # (OPTIONAL) A list of globs that should not have copyright/license headers.
+  # Supports doublestar glob patterns for more flexibility in defining which
+  # files or folders should be ignored
+  header_ignore = [
+    # Forked and modified UI libs
+    "ui/packages/consul-ui/app/utils/dom/event-target/**",
+    "ui/packages/consul-ui/lib/rehype-prism/**",
+    "ui/packages/consul-ui/lib/block-slots/**",
+  ]
+}

.github/ISSUE_TEMPLATE/config.yml

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 blank_issues_enabled: false
 contact_links:
   - name: Consul Community Support

.github/dependabot.yml

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 version: 2
 updates:
 - package-ecosystem: gomod

.github/pr-labeler.yml

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 pr/dependencies:
     - vendor/**/*
     - go.*

.github/scripts/changelog_checker.sh

@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -euo pipefail
+
+# check if there is a diff in the .changelog directory
+# for PRs against the main branch, the changelog file name should match the PR number
+if [ "$GITHUB_BASE_REF" = "$GITHUB_DEFAULT_BRANCH" ]; then
+    enforce_matching_pull_request_number="matching this PR number "
+    changelog_file_path=".changelog/(_)?$PR_NUMBER.txt"
+else
+    changelog_file_path=".changelog/[_0-9]*.txt"
+fi
+
+changelog_files=$(git --no-pager diff --name-only HEAD "$(git merge-base HEAD "origin/main")" | egrep "${changelog_file_path}")
+
+# If we do not find a file in .changelog/, we fail the check
+if [ -z "$changelog_files" ]; then
+    # Fail status check when no .changelog entry was found on the PR
+    echo "Did not find a .changelog entry ${enforce_matching_pull_request_number}and the 'pr/no-changelog' label was not applied. Reference - https://github.com/hashicorp/consul/pull/8387"
+    exit 1
+else
+    echo "Found .changelog entry in PR!"
+fi

.github/scripts/metrics_checker.sh

@@ -1,4 +1,7 @@
 #!/usr/bin/env bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 set -uo pipefail
 
 ### This script checks if any metric behavior has been modified.

.github/scripts/verify_artifact.sh

@@ -1,4 +1,7 @@
 #!/bin/bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 
 set -euo pipefail
 

.github/scripts/verify_bin.sh

@@ -1,4 +1,7 @@
 #!/bin/bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 
 set -euo pipefail
 

.github/scripts/verify_deb.sh

@@ -1,4 +1,7 @@
 #!/bin/bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 
 set -euo pipefail
 

.github/scripts/verify_docker.sh

@@ -1,4 +1,7 @@
 #!/bin/bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 
 set -euo pipefail
 

.github/scripts/verify_rpm.sh

@@ -1,4 +1,7 @@
 #!/bin/bash
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 
 set -euo pipefail
 

.github/workflows/backport-assistant.yml

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # This action creates downstream PRs for PRs with backport labels defined.
 # See docs here: https://github.com/hashicorp/backport-assistant
 

.github/workflows/backport-checker.yml

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # This workflow checks that there is either a 'pr/no-backport' label applied to a PR
 # or there is a backport/* label indicating a backport has been set
 

.github/workflows/backport-reminder.yml

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 # This workflow sends a reminder comment to PRs that have labels starting with
 # `backport/` to check that the backport has run successfully.
 

.github/workflows/bot-auto-approve.yaml

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 name: Bot Auto Approve
 
 on: pull_request_target

.github/workflows/broken-link-check.yml

@@ -1,3 +1,6 @@
+# Copyright (c) HashiCorp, Inc.
+# SPDX-License-Identifier: MPL-2.0
+
 name: Broken Link Check
 
 on:
@@ -15,7 +18,7 @@ jobs:
         id: lychee
         uses: lycheeverse/lychee-action@v1.6.1
         with:
-          args: ./docs --base https://developer.hashicorp.com/ --exclude-all-private --exclude .png --exclude .svg --max-concurrency=24 --no-progress --verbose
+          args: ./website/content/docs/ --base https://developer.hashicorp.com/ --exclude-all-private --exclude '\.(svg|gif|jpg|png)' --exclude 'manage\.auth0\.com' --max-concurrency=24 --no-progress --verbose
           # Fail GitHub action when broken links are found?
           fail: false
         env: