backport of commit 87038bb

hashicorp · Nov 14, 2022 · da0f328 · da0f328
1 parent 706866f
commit da0f328
Show file tree

Hide file tree

Showing 326 changed files with 5,275 additions and 3,482 deletions.
diff --git a/.changelog/14832.txt b/.changelog/14832.txt
diff --git a/.changelog/14833.txt b/.changelog/14833.txt
diff --git a/.changelog/14956.txt b/.changelog/14956.txt
diff --git a/.changelog/15001.txt b/.changelog/15001.txt
diff --git a/.changelog/15297.txt b/.changelog/15297.txt
diff --git a/.github/workflows/nightly-test-1.14.x.yaml b/.github/workflows/nightly-test-1.14.x.yaml
diff --git a/.golangci.yml b/.golangci.yml
@@ -83,7 +83,6 @@ linters-settings:
   forbidigo:
     # Forbid the following identifiers (list of regexp).
     forbid:
-      - '\bioutil\b(# Use io and os packages instead of ioutil)?'
       - '\brequire\.New\b(# Use package-level functions with explicit TestingT)?'
       - '\bassert\.New\b(# Use package-level functions with explicit TestingT)?'
     # Exclude godoc examples from forbidigo checks.

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -75,7 +75,7 @@ BUG FIXES:
 
 BREAKING CHANGES:
 
-* ca: If using Vault as the service mesh CA provider, the Vault policy used by Consul now requires the `update` capability on the intermediate PKI's tune mount configuration endpoint, such as `/sys/mounts/connect_inter/tune`. The breaking nature of this change is resolved in 1.13.3. Refer to [upgrade guidance](https://www.consul.io/docs/upgrading/upgrade-specific#modify-vault-policy-for-vault-ca-provider) for more information.
+* ca: If using Vault as the service mesh CA provider, the Vault policy used by Consul now requires the `update` capability on the intermediate PKI's tune mount configuration endpoint, such as `/sys/mounts/connect_inter/tune`. The breaking nature of this change will be resolved in an upcoming 1.13 patch release. Refer to [upgrade guidance](https://www.consul.io/docs/upgrading/upgrade-specific#modify-vault-policy-for-vault-ca-provider) for more information.
 
 SECURITY:
 
@@ -121,7 +121,7 @@ BUG FIXES:
 
 BREAKING CHANGES:
 
-* ca: If using Vault as the service mesh CA provider, the Vault policy used by Consul now requires the `update` capability on the intermediate PKI's tune mount configuration endpoint, such as `/sys/mounts/connect_inter/tune`. The breaking nature of this change is resolved in 1.12.6. Refer to [upgrade guidance](https://www.consul.io/docs/upgrading/upgrade-specific#modify-vault-policy-for-vault-ca-provider) for more information.
+* ca: If using Vault as the service mesh CA provider, the Vault policy used by Consul now requires the `update` capability on the intermediate PKI's tune mount configuration endpoint, such as `/sys/mounts/connect_inter/tune`. The breaking nature of this change will be resolved in an upcoming 1.12 patch release. Refer to [upgrade guidance](https://www.consul.io/docs/upgrading/upgrade-specific#modify-vault-policy-for-vault-ca-provider) for more information.
 
 SECURITY:
 
@@ -149,7 +149,7 @@ BUG FIXES:
 
 BREAKING CHANGES:
 
-* ca: If using Vault as the service mesh CA provider, the Vault policy used by Consul now requires the `update` capability on the intermediate PKI's tune mount configuration endpoint, such as `/sys/mounts/connect_inter/tune`. The breaking nature of this change is resolved in 1.11.11. Refer to [upgrade guidance](https://www.consul.io/docs/upgrading/upgrade-specific#modify-vault-policy-for-vault-ca-provider) for more information.
+* ca: If using Vault as the service mesh CA provider, the Vault policy used by Consul now requires the `update` capability on the intermediate PKI's tune mount configuration endpoint, such as `/sys/mounts/connect_inter/tune`. The breaking nature of this change will be resolved in an upcoming 1.11 patch release. Refer to [upgrade guidance](https://www.consul.io/docs/upgrading/upgrade-specific#modify-vault-policy-for-vault-ca-provider) for more information.
 
 SECURITY:
 

diff --git a/agent/acl_test.go b/agent/acl_test.go
@@ -51,14 +51,6 @@ func NewTestACLAgent(t *testing.T, name string, hcl string, resolveAuthz authzRe
 	dataDir := testutil.TempDir(t, "acl-agent")
 
 	logBuffer := testutil.NewLogBuffer(t)
-
-	logger := hclog.NewInterceptLogger(&hclog.LoggerOptions{
-		Name:       name,
-		Level:      testutil.TestLogLevel,
-		Output:     logBuffer,
-		TimeFormat: "04:05.000",
-	})
-
 	loader := func(source config.Source) (config.LoadResult, error) {
 		dataDir := fmt.Sprintf(`data_dir = "%s"`, dataDir)
 		opts := config.LoadOpts{
@@ -71,9 +63,15 @@ func NewTestACLAgent(t *testing.T, name string, hcl string, resolveAuthz authzRe
 		}
 		return result, err
 	}
-	bd, err := NewBaseDeps(loader, logBuffer, logger)
+	bd, err := NewBaseDeps(loader, logBuffer)
 	require.NoError(t, err)
 
+	bd.Logger = hclog.NewInterceptLogger(&hclog.LoggerOptions{
+		Name:       name,
+		Level:      testutil.TestLogLevel,
+		Output:     logBuffer,
+		TimeFormat: "04:05.000",
+	})
 	bd.MetricsConfig = &lib.MetricsConfig{
 		Handler: metrics.NewInmemSink(1*time.Second, time.Minute),
 	}