hashicorp · blake · Jul 31, 2023 · Apr 25, 2023 · Jul 27, 2023
@@ -152,7 +152,7 @@ type PrimaryProvider interface {
 	SignIntermediate(*x509.CertificateRequest) (string, error)
 
 	// CrossSignCA must accept a CA certificate from another CA provider and cross
-	// sign it exactly as it is such that it forms a chain back the the
+	// sign it exactly as it is such that it forms a chain back the
 	// CAProvider's current root. Specifically, the Distinguished Name, Subject
 	// Alternative Name, SubjectKeyID and other relevant extensions must be kept.
 	// The resulting certificate must have a distinct Serial Number and the

@@ -148,7 +148,7 @@ func ParseSigner(pemValue string) (crypto.Signer, error) {
 }
 
 // ParseCSR parses a CSR from a PEM-encoded value. The certificate request
-// must be the the first block in the PEM value.
+// must be the first block in the PEM value.
 func ParseCSR(pemValue string) (*x509.CertificateRequest, error) {
 	// The _ result below is not an error but the remaining PEM bytes.
 	block, _ := pem.Decode([]byte(pemValue))

@@ -34,7 +34,7 @@ func (b autoConfigBackend) GetCARoots() (*structs.IndexedCARoots, error) {
 }
 
 // DatacenterJoinAddresses will return all the strings suitable for usage in
-// retry join operations to connect to the the LAN or LAN segment gossip pool.
+// retry join operations to connect to the LAN or LAN segment gossip pool.
 func (b autoConfigBackend) DatacenterJoinAddresses(partition, segment string) ([]string, error) {
 	members, err := b.Server.LANMembers(LANMemberFilter{
 		Segment:   segment,

@@ -2808,7 +2808,7 @@ func TestPreparedQuery_Wrapper(t *testing.T) {
 		t.Fatalf("bad: %v", ret)
 	}
 	// Since we have no idea when the joinWAN operation completes
-	// we keep on querying until the the join operation completes.
+	// we keep on querying until the join operation completes.
 	retry.Run(t, func(r *retry.R) {
 		r.Check(s1.forwardDC("Status.Ping", "dc2", &struct{}{}, &struct{}{}))
 	})

@@ -242,7 +242,7 @@ type Server struct {
 	// serf cluster that spans datacenters
 	eventChWAN chan serf.Event
 
-	// wanMembershipNotifyCh is used to receive notifications that the the
+	// wanMembershipNotifyCh is used to receive notifications that the
 	// serfWAN wan pool may have changed.
 	//
 	// If this is nil, notification is skipped.

@@ -3972,7 +3972,7 @@ func updateGatewayService(tx WriteTxn, idx uint64, mapping *structs.GatewayServi
 }
 
 // checkWildcardForGatewaysAndUpdate checks whether a service matches a
-// wildcard definition in gateway config entries and if so adds it the the
+// wildcard definition in gateway config entries and if so adds it the
 // gateway-services table.
 func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.ServiceName, ns *structs.NodeService, kind structs.GatewayServiceKind) error {
 	sn := structs.ServiceName{Name: structs.WildcardSpecifier, EnterpriseMeta: svc.EnterpriseMeta}
@@ -4020,7 +4020,7 @@ func checkGatewayWildcardsAndUpdate(tx WriteTxn, idx uint64, svc *structs.Servic
 }
 
 // checkGatewayAndUpdate checks whether a service matches a
-// wildcard definition in gateway config entries and if so adds it the the
+// wildcard definition in gateway config entries and if so adds it the
 // gateway-services table.
 func checkGatewayAndUpdate(tx WriteTxn, idx uint64, svc *structs.ServiceName, kind structs.GatewayServiceKind) error {
 	sn := structs.ServiceName{Name: svc.Name, EnterpriseMeta: svc.EnterpriseMeta}

@@ -645,7 +645,7 @@ func getPayloadCheckServiceNode(payload stream.Payload) *structs.CheckServiceNod
 }
 
 // newServiceHealthEventsForNode returns health events for all services on the
-// given node. This mirrors some of the the logic in the oddly-named
+// given node. This mirrors some of the logic in the oddly-named
 // parseCheckServiceNodes but is more efficient since we know they are all on
 // the same node.
 func newServiceHealthEventsForNode(tx ReadTxn, idx uint64, node string, entMeta *acl.EnterpriseMeta, peerName string) ([]stream.Event, error) {

@@ -45,7 +45,7 @@
 //	   ConfigSource - on a client agent this would be a local config source, on a
 //	   server it would be a catalog config source.
 //	4. On server, the catalog config source will check if service is registered locally.
-//	   4a. If the service *is* registered locally it hands off the the local config
+//	   4a. If the service *is* registered locally it hands off the local config
 //	      source, which calls Watch on the proxycfg manager (and serves the pre-
 //	      fetched data).
 //	5. Otherwise, it fetches the service from the state store.

@@ -1296,7 +1296,7 @@ type ACLTokenListResponse struct {
 }
 
 // ACLTokenBatchGetRequest is used for reading multiple tokens, this is
-// different from the the token list request in that only tokens with the
+// different from the token list request in that only tokens with the
 // the requested ids are returned
 type ACLTokenBatchGetRequest struct {
 	AccessorIDs []string // List of accessor ids to fetch

@@ -341,7 +341,7 @@ type PreparedQueryExecuteRemoteRequest struct {
 	Connect bool
 
 	// QueryOptions (unfortunately named here) controls the consistency
-	// settings for the the service lookups.
+	// settings for the service lookups.
 	QueryOptions
 }
 

@@ -117,7 +117,7 @@ func (s *Server) processDelta(stream ADSDeltaStream, reqCh <-chan *envoy_discove
 		// type => name => proto
 		resourceMap = xdscommon.EmptyIndexedResources()
 
-		// currentVersions is the the xDS versioning represented by Resources.
+		// currentVersions is the xDS versioning represented by Resources.
 		//
 		// type => name => version (as consul knows right now)
 		currentVersions = make(map[string]map[string]string)

@@ -8,7 +8,7 @@ package envoy
 type BootstrapTplArgs struct {
 	GRPC
 
-	// ProxyCluster is the cluster name for the the Envoy `node` specification and
+	// ProxyCluster is the cluster name for the Envoy `node` specification and
 	// is typically the same as the ProxyID.
 	ProxyCluster string
 

@@ -425,7 +425,7 @@ func (cfg *dynamicTLSConfig) Ready() bool {
 	return cfg.VerifyLeafWithRoots() == nil
 }
 
-// ReadyWait returns a chan that is closed when the the Service becomes ready
+// ReadyWait returns a chan that is closed when the Service becomes ready
 // for use for the first time. Note that if the Service is ready when it is
 // called it returns a nil chan. Ready means that it has root and leaf
 // certificates configured but not that the combination is valid nor that

@@ -17,7 +17,7 @@ type EnvoyExtender interface {
 
 	// Extend updates indexed xDS structures to include patches for
 	// built-in extensions. It is responsible for applying extensions to
-	// the the appropriate xDS resources. If any portion of this function fails,
+	// the appropriate xDS resources. If any portion of this function fails,
 	// it will attempt continue and return an error. The caller can then determine
 	// if it is better to use a partially applied extension or error out.
 	Extend(*xdscommon.IndexedResources, *RuntimeConfig) (*xdscommon.IndexedResources, error)

@@ -229,7 +229,7 @@ message Peering {
   // PeerServerName is the name of the remote server as it relates to TLS.
   string PeerServerName = 9;
 
-  // PeerServerAddresses contains all the the connection addresses for the remote peer.
+  // PeerServerAddresses contains all the connection addresses for the remote peer.
   repeated string PeerServerAddresses = 10;
 
   // StreamStatus contains information computed on read based on the state of the stream.

@@ -149,7 +149,7 @@ func Setup(cfg Config) error {
 		// Redirect remaining outbound traffic to Envoy.
 		cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-A", ProxyOutputChain, "-j", ProxyOutputRedirectChain)
 
-		// We are using "insert" (-I) instead of "append" (-A) so the the provided rules take precedence over default ones.
+		// We are using "insert" (-I) instead of "append" (-A) so the provided rules take precedence over default ones.
 		for _, outboundPort := range cfg.ExcludeOutboundPorts {
 			cfg.IptablesProvider.AddRule("iptables", "-t", "nat", "-I", ProxyOutputChain, "-p", "tcp", "--dport", outboundPort, "-j", "RETURN")
 		}

@@ -40,7 +40,7 @@ load helpers
     must_match_in_stats_proxy_response localhost:1239 \
     'stats' '^http.envoy_metrics.downstream_rq_active'
 
-  # Response should include the the local cluster request.
+  # Response should include the local cluster request.
   retry_default \
     must_match_in_stats_proxy_response localhost:1239 \
     'stats' 'cluster.local_agent.upstream_rq_active'

@@ -444,7 +444,7 @@ replication enabled.
   login. This must be of type [`oidc`](/consul/docs/security/acl/auth-methods/oidc).
 
 - `State` `(string: <required>)` - Opaque state ID that is part of the
-  Authorization URL and will be included in the the redirect following
+  Authorization URL and will be included in the redirect following
   successful authentication on the provider.
 
 - `Code` `(string: <required>)` - Provider-generated authorization code that

@@ -55,7 +55,7 @@ The table below shows this endpoint's support for
 - `NodeMeta` `(map<string|string>: nil)` - Specifies arbitrary KV metadata
   pairs for filtering purposes.
 
-- `Service` `(Service: nil)` - Contains an object the specifies the service to register. The the `Service.Service` field is required. If `Service.ID` is not provided, the default is the `Service.Service`.
+- `Service` `(Service: nil)` - Contains an object the specifies the service to register. The `Service.Service` field is required. If `Service.ID` is not provided, the default is the `Service.Service`.
   You can only specify one service with a given `ID` per node. We recommend using
   valid DNS labels for service definition names. Refer to the Internet Engineering Task Force's [RFC 1123](https://datatracker.ietf.org/doc/html/rfc1123#page-72) for additional information. Service names that conform to standard usage ensures compatibility with external DNSs. Refer to [Services Configuration Reference](/consul/docs/services/configuration/services-configuration-reference#name) for additional information.
   The following fields are optional: 

@@ -51,7 +51,7 @@ $ curl http://127.0.0.1:8500/v1/status/leader
 
 ## List Raft Peers
 
-This endpoint retrieves the Raft peers for the datacenter in which the the agent
+This endpoint retrieves the Raft peers for the datacenter in which the agent
 is running. This list of peers is strongly consistent and can be useful in
 determining when a given server has successfully joined the cluster.
 

@@ -342,7 +342,7 @@ immediately unlinks it so it can't be read by any other process that doesn't
 already have the file descriptor. It then writes the bootstrap JSON, and unsets
 the CLOEXEC bit on the file handle so that it remains available to the Envoy
 process after exec. Finally it `exec`s Envoy with `--config-file /dev/fd/X`
-where `X` is the the file descriptor number of the temp file.
+where `X` is the file descriptor number of the temp file.
 
 This ensures that Envoy can read the file without any other normal user process
 being able to (assuming they don't have privileged access to /proc). Once the

@@ -86,7 +86,7 @@ information when `debug` is running. By default, it captures all information.
 
 This command can be run from any host with the Consul binary, but requires
 network access to the target agent in order to retrieve data. Once retrieved,
-the data is written to the the specified path (defaulting to the current
+the data is written to the specified path (defaulting to the current
 directory) on the host where the command runs.
 
 By default the command will capture all available data from the default

@@ -339,7 +339,7 @@ no `aws-s3-static-snapshot-name` configured.
 | `ListBucket`         | `arn:aws:s3:::<bucket name>`       | Required only when snapshot rotation is enabled |
 | `ListBucketVersions` | `arn:aws:s3:::<bucket name>`       | Required only when snapshot rotation is enabled |
 
-Within the table `<key>` refers to the the key used to store the snapshot. When `aws-s3-static-snapshot-name` is configured the `<key>` is simply the value of that configuration. Otherwise the `<key>` will be the `<aws-s3-key-prefix configuration>/consul-*.snap`.
+Within the table `<key>` refers to the key used to store the snapshot. When `aws-s3-static-snapshot-name` is configured the `<key>` is simply the value of that configuration. Otherwise the `<key>` will be the `<aws-s3-key-prefix configuration>/consul-*.snap`.
 
 The following example IAM policy document assumes that the `aws-s3-bucket` is `consul-data` with defaults for `aws-s3-key-prefix`, `aws-s3-static-snapshot-name` and `retain`:
 

@@ -273,7 +273,7 @@ information.
 
 - `-config-dir` ((#\_config_dir)) - A directory of configuration files to
   load. Consul will load all files in this directory with the suffix ".json" or ".hcl".
-  The load order is alphabetical, and the the same merge routine is used as with
+  The load order is alphabetical, and the same merge routine is used as with
   the [`config-file`](#_config_file) option above. This option can be specified multiple
   times to load multiple directories. Sub-directories of the config directory are
   not loaded. For more information on the format of the configuration files, see

@@ -948,7 +948,7 @@ Refer to the [formatting specification](https://golang.org/pkg/time/#ParseDurati
       `service:write` permissions for service "B", the agent will successfully register service "A"
       and fail to register service "B". Failed registration requests are eventually retried as part
       of [anti-entropy enforcement](/consul/docs/architecture/anti-entropy). If a registration request is
-      failing due to missing permissions, the the token for this agent can be updated with
+      failing due to missing permissions, the token for this agent can be updated with
       additional policy rules or the `config_file_service_registration` token can be replaced using
       the [Set Agent Token](/consul/commands/acl/set-agent-token) CLI command.