Bump github.com/hashicorp/consul/api from 1.11.0 to 1.20.0

[dependabot]

Bumps github.com/hashicorp/consul/api from 1.11.0 to 1.20.0.

Release notes

Sourced from github.com/hashicorp/consul/api's releases.

v1.15.1

1.15.1 (March 7, 2023)

IMPROVEMENTS:

• cli: added -append-policy-id, -append-policy-name, -append-role-name, and -append-role-id flags to the consul token update command. These flags allow updates to a token's policies/roles without having to override them completely. [GH-16288]
• cli: added -append-service-identity and -append-node-identity flags to the consul token update command. These flags allow updates to a token's node identities/service identities without having to override them. [GH-16506]
• connect: Bump Envoy 1.22.5 to 1.22.7, 1.23.2 to 1.23.4, 1.24.0 to 1.24.2, add 1.25.1, remove 1.21.5 [GH-16274]
• mesh: Add ServiceResolver RequestTimeout for route timeouts to make request timeouts configurable [GH-16495]
• ui: support filtering API gateways in the ui and displaying their documentation links [GH-16508]

DEPRECATIONS:

• cli: Deprecate the -merge-node-identites and -merge-service-identities flags from the consul token update command in favor of: -append-node-identity and -append-service-identity. [GH-16506]
• cli: Deprecate the -merge-policies and -merge-roles flags from the consul token update command in favor of: -append-policy-id, -append-policy-name, -append-role-name, and -append-role-id. [GH-16288]

BUG FIXES:

• cli: Fixes an issue with consul connect envoy where a log to STDOUT could malform JSON when used with -bootstrap. [GH-16530]
• cli: Fixes an issue with consul connect envoy where grpc-disabled agents were not error-handled correctly. [GH-16530]
• cli: ensure acl token read -self works [GH-16445]
• cli: fix panic read non-existent acl policy [GH-16485]
• gateways: fix HTTPRoute bug where service weights could be less than or equal to 0 and result in a downstream envoy protocol error [GH-16512]
• gateways: fix HTTPRoute bug where services with a weight not divisible by 10000 are never registered properly [GH-16531]
• mesh: Fix resolution of service resolvers with subsets for external upstreams [GH-16499]
• proxycfg: ensure that an irrecoverable error in proxycfg closes the xds session and triggers a replacement proxycfg watcher [GH-16497]
• proxycfg: fix a bug where terminating gateways were not cleaning up deleted service resolvers for their referenced services [GH-16498]
• ui: Fix issue with lists and filters not rendering properly [GH-16444]

v1.15.0

1.15.0 (February 23, 2023)

ANNOUNCEMENTS:

• Upcoming in Consul 1.16 we will stop publishing official Dockerhub images and publish only our Verified Publisher images. Users of Docker images should pull from hashicorp/consul instead of consul.

BREAKING CHANGES:

• acl errors: Delete and get requests now return descriptive errors when the specified resource cannot be found. Other ACL request errors provide more information about when a resource is missing. Add error for when the ACL system has not been bootstrapped.
  • Delete Token/Policy/AuthMethod/Role/BindingRule endpoints now return 404 when the resource cannot be found.
    • New error formats: "Requested * does not exist: ACL not found", "* not found in namespace $NAMESPACE: ACL not found"
  • Read Token/Policy/Role endpoints now return 404 when the resource cannot be found.
    • New error format: "Cannot find * to delete"
  • Logout now returns a 401 error when the supplied token cannot be found
    • New error format: "Supplied token does not exist"
  • Token Self endpoint now returns 404 when the token cannot be found.
    • New error format: "Supplied token does not exist" [GH-16105]
• acl: remove all acl migration functionality and references to the legacy acl system. [GH-15947]

... (truncated)

Changelog

Sourced from github.com/hashicorp/consul/api's changelog.

1.15.0 (February 23, 2023)

BREAKING CHANGES:

• acl errors: Delete and get requests now return descriptive errors when the specified resource cannot be found. Other ACL request errors provide more information about when a resource is missing. Add error for when the ACL system has not been bootstrapped.
  • Delete Token/Policy/AuthMethod/Role/BindingRule endpoints now return 404 when the resource cannot be found.
    • New error formats: "Requested * does not exist: ACL not found", "* not found in namespace $NAMESPACE: ACL not found"
  • Read Token/Policy/Role endpoints now return 404 when the resource cannot be found.
    • New error format: "Cannot find * to delete"
  • Logout now returns a 401 error when the supplied token cannot be found
    • New error format: "Supplied token does not exist"
  • Token Self endpoint now returns 404 when the token cannot be found.
    • New error format: "Supplied token does not exist" [GH-16105]
• acl: remove all acl migration functionality and references to the legacy acl system. [GH-15947]
• acl: remove all functionality and references for legacy acl policies. [GH-15922]
• config: Deprecate -join, -join-wan, start_join, and start_join_wan. These options are now aliases of -retry-join, -retry-join-wan, retry_join, and retry_join_wan, respectively. [GH-15598]
• connect: Add peer field to service-defaults upstream overrides. The addition of this field makes it possible to apply upstream overrides only to peer services. Prior to this change, overrides would be applied based on matching the namespace and name fields only, which means users could not have different configuration for local versus peer services. With this change, peer upstreams are only affected if the peer field matches the destination peer name. [GH-15956]
• connect: Consul will now error and exit when using the consul connect envoy command if the Envoy version is incompatible. To ignore this check use flag --ignore-envoy-compatibility [GH-15818]
• extensions: Refactor Lambda integration to get configured with the Envoy extensions field on service-defaults configuration entries. [GH-15817]
• ingress-gateway: upstream cluster will have empty outlier_detection if passive health check is unspecified [GH-15614]
• xds: Remove the connect.enable_serverless_plugin agent configuration option. Now Lambda integration is enabled by default. [GH-15710]

SECURITY:

• Upgrade to use Go 1.20.1. This resolves vulnerabilities CVE-2022-41724 in crypto/tls and CVE-2022-41723 in net/http. [GH-16263]

FEATURES:

• API Gateway (Beta) This version adds support for API gateway on VMs. API gateway provides a highly-configurable ingress for requests coming into a Consul network. For more information, refer to the API gateway documentation. [GH-16369]
• acl: Add new acl.tokens.config_file_registration config field which specifies the token used to register services and checks that are defined in config files. [GH-15828]
• acl: anonymous token is logged as 'anonymous token' instead of its accessor ID [GH-15884]
• cli: adds new CLI commands consul troubleshoot upstreams and consul troubleshoot proxy to troubleshoot Consul's service mesh configuration and network issues. [GH-16284]
• command: Adds the operator usage instances subcommand for displaying total services, connect service instances and billable service instances in the local datacenter or globally. [GH-16205]
• config-entry(ingress-gateway): support outlier detection (passive health check) for upstream cluster [GH-15614]
• connect: adds support for Envoy access logging. Access logging can be enabled using the proxy-defaults config entry. [GH-15864]
• xds: Add a built-in Envoy extension that inserts Lua HTTP filters. [GH-15906]
• xds: Insert originator service identity into Envoy's dynamic metadata under the consul namespace. [GH-15906]

IMPROVEMENTS:

• connect: for early awareness of Envoy incompatibilities, when using the consul connect envoy command the Envoy version will now be checked for compatibility. If incompatible Consul will error and exit. [GH-15818]
• grpc: client agents will switch server on error, and automatically retry on RESOURCE_EXHAUSTED responses [GH-15892]
• raft: add an operator api endpoint and a command to initiate raft leadership transfer. [GH-14132]
• acl: Added option to allow for an operator-generated bootstrap token to be passed to the acl bootstrap command. [GH-14437]
• agent: Give better error when client specifies wrong datacenter when auto-encrypt is enabled. [GH-14832]
• api: updated the go module directive to 1.18. [GH-15297]

... (truncated)

Commits

• 4697059 Bump consul/sdk to v0.13.1
• caf85ac Backport of Update docs to reflect functionality into release/1.15.x (#16555)
• dd740f0 Backport of Fix flakey tests related to ACL token updates into release/1.15.x...
• e66f26b Backport of Update the consul-k8s cli docs for the new proxy log subcommand...
• 494fba2 Backport of Follow-up fixes to consul connect envoy command into release/1.15...
• 583466b Backport of Improve ux around ACL token to help users avoid overwriting node/...
• 88496d7 NET-2904 Fixes API Gateway Route Service Weight Division Error (#16540)
• a95d028 backport of commit 5dca39b8137daf740f18b6d86f1d48081c317815 (#16536)
• e69ed7a Backport of Add some basic UI improvements for api-gateway services into rele...
• 2f8de3c Backport of NET-2903 Normalize weight for http routes into release/1.15.x (#1...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)