backport of commit 5bb00eb

hashicorp · May 29, 2023 · 225d01c · 225d01c
1 parent f44d888
commit 225d01c
Show file tree

Hide file tree

Showing 861 changed files with 31,451 additions and 72,450 deletions.
diff --git a/.changelog/1808.txt b/.changelog/1808.txt
diff --git a/.changelog/1920.txt b/.changelog/1920.txt
diff --git a/.changelog/1953.txt b/.changelog/1953.txt
diff --git a/.changelog/1976.txt b/.changelog/1976.txt
diff --git a/.changelog/2013.txt b/.changelog/2013.txt
diff --git a/.changelog/2029.txt b/.changelog/2029.txt
diff --git a/.changelog/2030.txt b/.changelog/2030.txt
diff --git a/.changelog/2068.txt b/.changelog/2068.txt
diff --git a/.changelog/2078.txt b/.changelog/2078.txt
diff --git a/.changelog/2083.txt b/.changelog/2083.txt
diff --git a/.changelog/2093.txt b/.changelog/2093.txt
diff --git a/.changelog/2098.txt b/.changelog/2098.txt
diff --git a/.changelog/2100.txt b/.changelog/2100.txt
diff --git a/.changelog/2102.txt → .changelog/2110.txt b/.changelog/2102.txt → .changelog/2110.txt
@@ -1,5 +1,5 @@
 ```release-note:security
-Upgrade to use Go 1.20.4.
+Upgrade to use Go 1.19.9.
 This resolves vulnerabilities [CVE-2023-24537](https://github.com/advisories/GHSA-9f7g-gqwh-jpf5)(`go/scanner`),
 [CVE-2023-24538](https://github.com/advisories/GHSA-v4m2-x4rp-hv22)(`html/template`),
 [CVE-2023-24534](https://github.com/advisories/GHSA-8v5j-pwr7-w5f8)(`net/textproto`) and
@@ -9,4 +9,4 @@ Also, `golang.org/x/net` has been updated to v0.7.0 to resolve CVEs [CVE-2022-41
 ), [CVE-2022-27664](https://github.com/advisories/GHSA-69cg-p879-7622) and [CVE-2022-41723
 ](https://github.com/advisories/GHSA-vvpx-j8f3-3w6h
 .)
-```
+```
diff --git a/.changelog/2124.txt b/.changelog/2124.txt
diff --git a/.changelog/2134.txt b/.changelog/2134.txt
diff --git a/.changelog/2152.txt b/.changelog/2152.txt
diff --git a/.changelog/2170.txt b/.changelog/2170.txt
diff --git a/.changelog/2176.txt b/.changelog/2176.txt
diff --git a/.changelog/2204.txt b/.changelog/2204.txt
@@ -0,0 +1,3 @@
+```release-note:security
+Bump Dockerfile base image for RedHat UBI `consul-k8s-control-plane` image to `ubi-minimal:9.2`. 
+```
diff --git a/.copywrite.hcl b/.copywrite.hcl
diff --git a/.github/ISSUE_TEMPLATE/config.yml b/.github/ISSUE_TEMPLATE/config.yml
@@ -1,11 +1,5 @@
-# Copyright (c) HashiCorp, Inc.
-# SPDX-License-Identifier: MPL-2.0
-
 blank_issues_enabled: false
 contact_links:
-  - name: Consul Community Support
-    url: https://discuss.hashicorp.com/c/consul/29
-    about: If you have a question or are looking for advice on Consul K8s, please post on our Discuss forum! The community loves to chime in to help. Happy Coding!
   - name: Consul on Kubernetes Learn Tutorials
     url: https://learn.hashicorp.com/collections/consul/kubernetes
     about: Please check out our Learn Tutorials. These hands on tutorials deal with many of the tasks common to using Consul on Kubernetes.
diff --git a/.github/workflows/backport-checker.yml b/.github/workflows/backport-checker.yml
@@ -1,5 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-
 # This workflow checks that there is either a 'pr/no-backport' label applied to a PR
 # or there is a backport/<pr number>.txt file associated with a PR for a backport label
 

diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml
@@ -1,10 +1,8 @@
-# Copyright (c) HashiCorp, Inc.
-
 ---
 name: Backport Assistant Runner
 
 on:
-  pull_request_target:
+  pull_request:
     types:
       - closed
       - labeled

diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -1,5 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-
 name: build
 on:
   workflow_dispatch:
@@ -21,7 +19,7 @@ jobs:
     outputs:
       go-version: ${{ steps.get-go-version.outputs.go-version }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@v2
       - name: Determine Go version
         id: get-go-version
         # We use .go-version as our source of truth for current Go
@@ -35,7 +33,7 @@ jobs:
     outputs:
       product-version: ${{ steps.get-product-version.outputs.product-version }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@v2
       - name: get product version
         id: get-product-version
         run: |
@@ -49,15 +47,15 @@ jobs:
       filepath: ${{ steps.generate-metadata-file.outputs.filepath }}
     steps:
       - name: "Checkout directory"
-        uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+        uses: actions/checkout@v2
       - name: Generate metadata file
         id: generate-metadata-file
         uses: hashicorp/actions-generate-metadata@v1
         with:
           version: ${{ needs.get-product-version.outputs.product-version }}
           product: ${{ env.PKG_NAME }}
           repositoryOwner: "hashicorp"
-      - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+      - uses: actions/upload-artifact@v2
         with:
           name: metadata.json
           path: ${{ steps.generate-metadata-file.outputs.filepath }}
@@ -109,10 +107,10 @@ jobs:
 
     name: Go ${{ matrix.go }} ${{ matrix.goos }} ${{ matrix.goarch }} ${{ matrix.component }} build    
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@v2
 
       - name: Setup go
-        uses: actions/setup-go@4d34df0c2316fe8122ab82dc22947d607c0c91f9 # v4.0.0
+        uses: actions/setup-go@v2
         with:
           go-version: ${{ matrix.go }}
 
@@ -134,7 +132,7 @@ jobs:
           zip -r -j out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip dist/
 
       - name: Upload built binaries 
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v2
         with:
           name: ${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
           path: ${{ matrix.component}}/out/${{ matrix.pkg_name }}_${{ needs.get-product-version.outputs.product-version }}_${{ matrix.goos }}_${{ matrix.goarch }}.zip
@@ -162,9 +160,9 @@ jobs:
 
       - name: Test rpm package
         if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}}
-        uses: addnab/docker-run-action@v3  # TSCCR: no entry for repository "addnab/docker-run-action"
+        uses: addnab/docker-run-action@v3
         with:
-          image: registry.access.redhat.com/ubi8/ubi:latest
+          image: registry.access.redhat.com/ubi9/ubi:latest
           options: -v ${{ github.workspace }}:/work
           run: |
             dnf install -qy openssl
@@ -179,15 +177,15 @@ jobs:
             echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}"
 
       - name: Upload rpm package
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v2
         if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}}
         with:
           name: ${{ env.RPM_PACKAGE }}
           path: out/${{ env.RPM_PACKAGE }}
 
       - name: Test debian package
         if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}}
-        uses: addnab/docker-run-action@v3  # TSCCR: no entry for repository "addnab/docker-run-action"
+        uses: addnab/docker-run-action@v3
         with:
           image: ubuntu:latest
           options: -v ${{ github.workspace }}:/work
@@ -204,7 +202,7 @@ jobs:
             echo "Test PASSED, expected: ${VERSION}, got: ${CONSUL_K8S_VERSION}"
 
       - name: Upload debian packages 
-        uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
+        uses: actions/upload-artifact@v2
         if: ${{ matrix.goos == 'linux' && matrix.component == 'cli' && matrix.goarch == 'amd64'}}
         with:
           name: ${{ env.DEB_PACKAGE }}
@@ -221,8 +219,8 @@ jobs:
       repo: ${{ github.event.repository.name }}
       version: ${{ needs.get-product-version.outputs.product-version }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - uses: actions/checkout@v2
+      - uses: actions/download-artifact@v3
         with:
           name: consul-cni_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip
           path: control-plane/dist/cni/linux/${{ matrix.arch }}
@@ -265,8 +263,8 @@ jobs:
       repo: ${{ github.event.repository.name }}
       version: ${{ needs.get-product-version.outputs.product-version }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - uses: actions/checkout@v2
+      - uses: actions/download-artifact@v3
         with:
           name: consul-cni_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip
           path: control-plane/dist/cni/linux/${{ matrix.arch }}
@@ -276,9 +274,9 @@ jobs:
         run: |
           cd "${ZIP_LOCATION}"
           unzip -j *.zip
-      - name: Copy LICENSE
+      - name: Copy LICENSE.md
         run:
-         cp LICENSE ./control-plane
+         cp LICENSE.md ./control-plane
       - uses: hashicorp/actions-docker-build@v1
         with:
           smoke_test: |
@@ -307,8 +305,8 @@ jobs:
       repo: ${{ github.event.repository.name }}
       version: ${{ needs.get-product-version.outputs.product-version }}
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
-      - uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
+      - uses: actions/checkout@v2
+      - uses: actions/download-artifact@v3
         with:
           name: consul-cni_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip
           path: control-plane/dist/cni/linux/${{ matrix.arch }}
@@ -318,9 +316,9 @@ jobs:
         run: |
           cd ${ZIP_LOCATION}
           unzip -j *.zip
-      - name: Copy LICENSE
+      - name: Copy LICENSE.md
         run:
-          cp LICENSE ./control-plane
+          cp LICENSE.md ./control-plane
       - uses: hashicorp/actions-docker-build@v1
         with:
           smoke_test: |

diff --git a/.github/workflows/changelog-checker.yml b/.github/workflows/changelog-checker.yml
@@ -1,5 +1,3 @@
-# Copyright (c) HashiCorp, Inc.
-
 # This workflow checks that there is either a 'pr/no-changelog' label applied to a PR
 # or there is a .changelog/<pr number>.txt file associated with a PR for a changelog entry
 
@@ -21,7 +19,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@8e5e7e5ab8b370d6c329ec480221332ada57f0ab # v3.5.2
+      - uses: actions/checkout@v2
         with:
           ref: ${{ github.event.pull_request.head.sha }}
           fetch-depth: 0 # by default the checkout action doesn't checkout all branches

diff --git a/.github/workflows/jira-issues.yaml b/.github/workflows/jira-issues.yaml
@@ -15,7 +15,7 @@ jobs:
     name: Jira Community Issue sync
     steps:    
       - name: Login
-        uses: atlassian/gajira-login@45fd029b9f1d6d8926c6f04175aa80c0e42c9026 # v3.0.1
+        uses: atlassian/[email protected].0
         env:
           JIRA_BASE_URL: ${{ secrets.JIRA_BASE_URL }}
           JIRA_USER_EMAIL: ${{ secrets.JIRA_USER_EMAIL }}
@@ -38,7 +38,7 @@ jobs:
 
       - name: Create ticket if an issue is filed, or if PR not by a team member is opened
         if: github.event.action == 'opened'
-        uses: tomhjp/gh-action-jira-create@3ed1789cad3521292e591a7cfa703215ec1348bf # v0.2.1
+        uses: tomhjp/[email protected].0
         with:
           project: NET
           issuetype: "${{ steps.set-ticket-type.outputs.TYPE }}"
@@ -58,28 +58,28 @@ jobs:
       - name: Search
         if: github.event.action != 'opened'
         id: search
-        uses: tomhjp/gh-action-jira-search@04700b457f317c3e341ce90da5a3ff4ce058f2fa # v0.2.2
+        uses: tomhjp/[email protected].1
         with:
           # cf[10089] is Issue Link (use JIRA API to retrieve)
           jql: 'issuetype = "${{ steps.set-ticket-type.outputs.TYPE }}" and cf[10089] = "${{ github.event.issue.html_url || github.event.pull_request.html_url }}"'
 
       - name: Sync comment
         if: github.event.action == 'created' && steps.search.outputs.issue
-        uses: tomhjp/gh-action-jira-comment@6eb6b9ead70221916b6badd118c24535ed220bd9 # v0.2.0
+        uses: tomhjp/gh-action-jira-comment@v0.1.0
         with:
           issue: ${{ steps.search.outputs.issue }}
           comment: "${{ github.actor }} ${{ github.event.review.state || 'commented' }}:\n\n${{ github.event.comment.body || github.event.review.body }}\n\n${{ github.event.comment.html_url || github.event.review.html_url }}"
 
       - name: Close ticket
         if: ( github.event.action == 'closed' || github.event.action == 'deleted' ) && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1
+        uses: atlassian/gajira-transition@v2.0.1
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "Closed"
 
       - name: Reopen ticket
         if: github.event.action == 'reopened' && steps.search.outputs.issue
-        uses: atlassian/gajira-transition@38fc9cd61b03d6a53dd35fcccda172fe04b36de3 # v3.0.1
+        uses: atlassian/gajira-transition@v2.0.1
         with:
           issue: ${{ steps.search.outputs.issue }}
           transition: "To Do"