Pipeline Updates

.circleci/config.yml

@@ -6,7 +6,7 @@ orbs:
 executors:
   go:
     docker:
-      - image: docker.mirror.hashicorp.services/cimg/go:1.19.2
+      - image: docker.mirror.hashicorp.services/cimg/go:1.20.1
     environment:
       TEST_RESULTS: /tmp/test-results # path to where test results are saved
 
@@ -35,9 +35,9 @@ commands:
       - run:
           name: Install go, gotestsum, kind, kubectl, and helm
           command: |
-            wget https://golang.org/dl/go1.19.2.linux-amd64.tar.gz
-            sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.19.2.linux-amd64.tar.gz
-            rm go1.19.2.linux-amd64.tar.gz
+            wget https://golang.org/dl/go1.20.1.linux-amd64.tar.gz
+            sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.20.1.linux-amd64.tar.gz
+            rm go1.20.1.linux-amd64.tar.gz
             echo 'export PATH=$PATH:/usr/local/go/bin' >> $BASH_ENV
 
             wget https://github.com/gotestyourself/gotestsum/releases/download/v1.8.2/gotestsum_1.8.2_linux_amd64.tar.gz
@@ -169,7 +169,7 @@ commands:
                   echo $pkgs
                   for pkg in $pkgs
                   do
-                    if ! gotestsum --no-summary=all --jsonfile=jsonfile-${pkg////-} -- $pkg -p 1 -timeout 2h -failfast \
+                    if ! gotestsum --format=testname --no-summary=all --jsonfile=jsonfile-${pkg////-} -- $pkg -p 1 -timeout 2h -failfast \
                           << parameters.additional-flags >> \
                           -enable-multi-cluster \
                           ${ENABLE_ENTERPRISE:+-enable-enterprise} \
@@ -181,7 +181,7 @@ commands:
                       break
                     fi
                   done
-                  gotestsum --raw-command --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- cat jsonfile*
+                  gotestsum --format=testname --raw-command --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- cat jsonfile*
                   exit $exit_code
 
       - unless:
@@ -200,7 +200,7 @@ commands:
 
                   pkgs=$(go list ./... | circleci tests split --split-by=timings --timings-type=classname)
                   echo "Running $pkgs"
-                  gotestsum --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- $pkgs -p 1 -timeout 2h -failfast \
+                  gotestsum --format testname --junitfile "$TEST_RESULTS/gotestsum-report.xml" -- $pkgs -p 1 -timeout 2h -failfast \
                       << parameters.additional-flags >> \
                       ${ENABLE_ENTERPRISE:+-enable-enterprise} \
                       -enable-multi-cluster \
@@ -281,7 +281,7 @@ jobs:
                  unzip consul_"${CONSUL_VERSION}"_linux_amd64.zip -d /home/circleci/bin &&
                  rm consul_"${CONSUL_VERSION}"_linux_amd64.zip
             PACKAGE_NAMES=$(go list ./...)
-            gotestsum --junitfile $TEST_RESULTS/gotestsum-report.xml -- -p 4 $PACKAGE_NAMES
+            gotestsum --format testname --junitfile $TEST_RESULTS/gotestsum-report.xml -- -p 4 $PACKAGE_NAMES
 
       - store_test_results:
           path: /tmp/test-results
@@ -312,7 +312,7 @@ jobs:
                  unzip consul_"${CONSUL_ENT_VERSION}"_linux_amd64.zip -d /home/circleci/bin &&
                  rm consul_"${CONSUL_ENT_VERSION}"_linux_amd64.zip
             PACKAGE_NAMES=$(go list ./...)
-            gotestsum --junitfile $TEST_RESULTS/gotestsum-report.xml -- -tags=enterprise -p 4 $PACKAGE_NAMES
+            gotestsum --format testname --junitfile $TEST_RESULTS/gotestsum-report.xml -- -tags=enterprise -p 4 $PACKAGE_NAMES
 
       - store_test_results:
           path: /tmp/test-results
@@ -401,7 +401,7 @@ jobs:
           name: Run tests
           working_directory: *cli-path
           command: |
-            gotestsum --junitfile $TEST_RESULTS/gotestsum-report.xml ./... -- -p 4
+            gotestsum --format testname --junitfile $TEST_RESULTS/gotestsum-report.xml ./... -- -p 4
 
       - store_test_results:
           path: /tmp/test-results
@@ -500,7 +500,7 @@ jobs:
           name: Run tests
           working_directory: *acceptance-framework-path
           command: |
-            gotestsum --junitfile $TEST_RESULTS/gotestsum-report.xml ./... -- -p 4
+            gotestsum --format testname --junitfile $TEST_RESULTS/gotestsum-report.xml ./... -- -p 4
 
       - store_test_results:
           path: /tmp/test-results
@@ -523,7 +523,7 @@ jobs:
           name: Run tests
           working_directory: *helm-gen-path
           command: |
-            gotestsum --junitfile $TEST_RESULTS/gotestsum-report.xml ./... -- -p 4
+            gotestsum --format testname --junitfile $TEST_RESULTS/gotestsum-report.xml ./... -- -p 4
 
       - store_test_results:
           path: /tmp/test-results
@@ -1374,19 +1374,3 @@ workflows:
       - acceptance-tproxy:
           requires:
             - dev-upload-docker
-
-  nightly-kind-acceptance-tests-consul-compatability:
-    description: |
-      Acceptance tests which run nightly to verify the compatibility between
-      a consul-k8s binary and it's consul version pair. Tests will be conducted
-      for up to n-2 previous Consul-k8s releases.
-    triggers:
-      - schedule:
-          cron: "0 0 * * *" # Run at 12 am UTC (5 pm PST)
-          filters:
-            branches:
-              only:
-                - main
-    jobs:
-      - acceptance-kind-1-23-consul-compat-nightly-1-12
-      - acceptance-kind-1-23-consul-compat-nightly-1-13

.github/workflows/reusable-acceptance.yml

@@ -127,7 +127,7 @@ jobs:
           do
             fullpkg="github.com/hashicorp/consul-k8s/${{ inputs.directory }}/${pkg}"
             echo "Testing package: ${fullpkg}"
-            if ! gotestsum --jsonfile=jsonfile-${pkg////-} -- ${fullpkg} -p 1 -timeout 2h -failfast \
+            if ! gotestsum --format=testname --jsonfile=jsonfile-${pkg////-} -- ${fullpkg} -p 1 -timeout 2h -failfast \
               ${{ inputs.additional-flags }} \
               -enable-enterprise \
               -enable-multi-cluster \
@@ -139,7 +139,7 @@ jobs:
               break
             fi
           done
-          gotestsum --raw-command --junitfile "${{ env.TEST_RESULTS }}/gotestsum-report.xml" -- cat jsonfile*
+          gotestsum --format=testname --raw-command --junitfile "${{ env.TEST_RESULTS }}/gotestsum-report.xml" -- cat jsonfile*
           exit $exit_code
 
       - name: Upload tests

.github/workflows/reusable-unit.yml

@@ -53,5 +53,5 @@ jobs:
       - name: Run tests 
         working-directory: ${{inputs.directory}}
         run: |
-          gotestsum --junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml ./... -- -p 4
+          gotestsum --format=testname --junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml ./... -- -p 4
 

.github/workflows/test.yml

@@ -180,7 +180,7 @@ jobs:
         working-directory: control-plane
         run: |
             PACKAGE_NAMES=$(go list ./...)
-            gotestsum --junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml -- -p 4 $PACKAGE_NAMES
+            gotestsum --format=testname --junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml -- -p 4 $PACKAGE_NAMES
 
   test-enterprise-control-plane:
     if: github.repository_owner == 'hashicorp' # Do not run on forks as this requires secrets
@@ -228,7 +228,7 @@ jobs:
         working-directory: control-plane
         run: |
             PACKAGE_NAMES=$(go list ./...)
-            gotestsum --junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml -- -tags=enterprise -p 4 $PACKAGE_NAMES
+            gotestsum --format=testname --junitfile ${{env.TEST_RESULTS}}/gotestsum-report.xml -- -tags=enterprise -p 4 $PACKAGE_NAMES
 
   build-distros:
     needs: [get-go-version, get-product-version]

.go-version

@@ -1 +1 @@
-1.19.2
+1.20.1

CHANGELOG.md

@@ -24,17 +24,20 @@ IMPROVEMENTS:
   * Add the `balanceInboundConnections` field to the `ServiceDefaults` CRD. [[GH-1823]](https://github.com/hashicorp/consul-k8s/pull/1823)
   * Add the `upstreamConfig.overrides[].peer` field to the `ServiceDefaults` CRD. [[GH-1853]](https://github.com/hashicorp/consul-k8s/pull/1853)
 * Control-Plane
+  * Update minimum go version for project to 1.20 [[GH-1908](https://github.com/hashicorp/consul-k8s/pull/1908)]
   * Add support for the annotation `consul.hashicorp.com/use-proxy-health-check`. When this annotation is used by a service, it configures a readiness endpoint on Consul Dataplane and queries it instead of the proxy's inbound port which forwards requests to the application. [[GH-1824](https://github.com/hashicorp/consul-k8s/pull/1824)], [[GH-1841](https://github.com/hashicorp/consul-k8s/pull/1841)]
   * Add health check for synced services based on the status of the Kubernetes readiness probe on synced pod. [[GH-1821](https://github.com/hashicorp/consul-k8s/pull/1821)]
   * Remove extraneous `gnupg` dependency from `consul-k8s-control-plane` since it is no longer needed for validating binary artifacts prior to release. [[GH-1882](https://github.com/hashicorp/consul-k8s/pull/1882)]
   * Server ACL Init always appends both, the secrets from the serviceAccount's secretRefs and the one created by the Helm chart, to support Openshift secret handling. [[GH-1770](https://github.com/hashicorp/consul-k8s/pull/1770)]
 * CLI:
+  * Update minimum go version for project to 1.20 [[GH-1908](https://github.com/hashicorp/consul-k8s/pull/1908)]
   * Add `consul-k8s proxy log podname` command for displaying and modifying Envoy log levels for a given Pod. [GH-1844](https://github.com/hashicorp/consul-k8s/pull/1844), [GH-1849](https://github.com/hashicorp/consul-k8s/pull/1849), [GH-1864](https://github.com/hashicorp/consul-k8s/pull/1864)
 
-
 BUG FIXES:
 * Control Plane
    * Don't incorrectly diff intention config entries when upgrading from Consul pre-1.12 to 1.12+ [[GH-1804](https://github.com/hashicorp/consul-k8s/pull/1804)]
+* Security:
+  * Upgrade to use Go 1.20.1 This resolves vulnerabilities [CVE-2022-41724](https://go.dev/issue/58001) in `crypto/tls` and [CVE-2022-41723](https://go.dev/issue/57855) in `net/http`. [[GH-1908](https://github.com/hashicorp/consul-k8s/pull/1908)]
 
 ## 1.0.3 (January 30, 2023)
 

acceptance/go.mod

@@ -1,6 +1,6 @@
 module github.com/hashicorp/consul-k8s/acceptance
 
-go 1.19
+go 1.20
 
 require (
 	github.com/gruntwork-io/terratest v0.31.2

charts/go.mod

@@ -1,3 +1,3 @@
 module github.com/hashicorp/consul-k8s/charts
 
-go 1.19
+go 1.20

cli/go.mod

@@ -1,6 +1,6 @@
 module github.com/hashicorp/consul-k8s/cli
 
-go 1.19
+go 1.20
 
 require (
 	github.com/bgentry/speakeasy v0.1.0

control-plane/cni/go.mod

@@ -50,4 +50,4 @@ require (
 
 replace github.com/hashicorp/consul/sdk => github.com/hashicorp/consul/sdk v0.4.1-0.20221021205723-cc843c4be892
 
-go 1.19
+go 1.20

control-plane/go.mod

@@ -136,4 +136,4 @@ require (
 
 replace github.com/hashicorp/consul/sdk => github.com/hashicorp/consul/sdk v0.4.1-0.20221021205723-cc843c4be892
 
-go 1.19
+go 1.20

control-plane/go.sum

@@ -346,10 +346,6 @@ github.com/hashicorp/consul-k8s/control-plane/cni v0.0.0-20220831174802-b8af6526
 github.com/hashicorp/consul-server-connection-manager v0.1.0 h1:XCweGvMHzra88rYv2zxwwuUOjBUdcQmNKVrnQmt/muo=
 github.com/hashicorp/consul-server-connection-manager v0.1.0/go.mod h1:XVVlO+Yk7aiRpspiHZkrrFVn9BJIiOPnQIzqytPxGaU=
 github.com/hashicorp/consul/api v1.1.0/go.mod h1:VmuI/Lkw1nC05EYQWNKwWGbkg+FbDBtguAZLlVdkD9Q=
-github.com/hashicorp/consul/api v1.10.1-0.20230106171340-8d923c178919 h1:8aVegJMSv7PIAAa1zqQQ0CT4TKv+Nf7I4rhE6+uDa1U=
-github.com/hashicorp/consul/api v1.10.1-0.20230106171340-8d923c178919/go.mod h1:c1u8FzGHcavbEtRW/p1YditvfMgn4QsKNgz2rnCDF7c=
-github.com/hashicorp/consul/api v1.10.1-0.20230126204442-a43eadd1225b h1:dNIQYhru10Hg+E1oEL8f9CX6MC+8CW5JuQ4jk3g70LA=
-github.com/hashicorp/consul/api v1.10.1-0.20230126204442-a43eadd1225b/go.mod h1:c1u8FzGHcavbEtRW/p1YditvfMgn4QsKNgz2rnCDF7c=
 github.com/hashicorp/consul/api v1.10.1-0.20230203155153-2f149d60ccbf h1:vvsHghmX3LyNUaDe7onYKHyDiny+ystdHKIEujbNj4Q=
 github.com/hashicorp/consul/api v1.10.1-0.20230203155153-2f149d60ccbf/go.mod h1:c1u8FzGHcavbEtRW/p1YditvfMgn4QsKNgz2rnCDF7c=
 github.com/hashicorp/consul/proto-public v0.1.0 h1:O0LSmCqydZi363hsqc6n2v5sMz3usQMXZF6ziK3SzXU=

control-plane/subcommand/common/common_test.go

@@ -8,7 +8,6 @@ import (
 	"net/url"
 	"os"
 	"testing"
-	"time"
 
 	"github.com/hashicorp/consul-k8s/control-plane/helper/go-discover/mocks"
 	"github.com/hashicorp/consul/api"
@@ -163,36 +162,33 @@ func TestConsulLogin_TokenNotReplicated(t *testing.T) {
 
 func TestConsulLogin_EmptyBearerTokenFile(t *testing.T) {
 	t.Parallel()
-	require := require.New(t)
 
 	bearerTokenFile := WriteTempFile(t, "")
 	params := LoginParams{
 		BearerTokenFile: bearerTokenFile,
 	}
 	_, err := ConsulLogin(nil, params, hclog.NewNullLogger())
-	require.EqualError(err, fmt.Sprintf("no bearer token found in %q", bearerTokenFile))
+	require.EqualError(t, err, fmt.Sprintf("no bearer token found in %q", bearerTokenFile))
 }
 
 func TestConsulLogin_BearerTokenFileDoesNotExist(t *testing.T) {
 	t.Parallel()
-	require := require.New(t)
 	randFileName := fmt.Sprintf("/foo/%d/%d", rand.Int(), rand.Int())
 	params := LoginParams{
 		BearerTokenFile: randFileName,
 	}
 	_, err := ConsulLogin(nil, params, hclog.NewNullLogger())
-	require.Error(err)
-	require.Contains(err.Error(), "unable to read bearer token file")
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "unable to read bearer token file")
 }
 
 func TestConsulLogin_TokenFileUnwritable(t *testing.T) {
 	t.Parallel()
-	require := require.New(t)
 	bearerTokenFile := WriteTempFile(t, "foo")
 	client := startMockServer(t)
 	// This is a common.Logger.
 	log, err := Logger("INFO", false)
-	require.NoError(err)
+	require.NoError(t, err)
 	randFileName := fmt.Sprintf("/foo/%d/%d", rand.Int(), rand.Int())
 	params := LoginParams{
 		AuthMethod:      testAuthMethod,
@@ -201,13 +197,12 @@ func TestConsulLogin_TokenFileUnwritable(t *testing.T) {
 		NumRetries:      2,
 	}
 	_, err = ConsulLogin(client, params, log)
-	require.Error(err)
-	require.Contains(err.Error(), "error writing token to file sink")
+	require.Error(t, err)
+	require.Contains(t, err.Error(), "error writing token to file sink")
 }
 
 func TestWriteFileWithPerms_InvalidOutputFile(t *testing.T) {
 	t.Parallel()
-	rand.Seed(time.Now().UnixNano())
 	randFileName := fmt.Sprintf("/tmp/tmp/tmp/%d", rand.Int())
 	t.Cleanup(func() {
 		os.RemoveAll(randFileName)
@@ -218,7 +213,6 @@ func TestWriteFileWithPerms_InvalidOutputFile(t *testing.T) {
 
 func TestWriteFileWithPerms_OutputFileExists(t *testing.T) {
 	t.Parallel()
-	rand.Seed(time.Now().UnixNano())
 	randFileName := fmt.Sprintf("/tmp/%d", rand.Int())
 	err := os.WriteFile(randFileName, []byte("foo"), os.FileMode(0444))
 	require.NoError(t, err)
@@ -236,7 +230,6 @@ func TestWriteFileWithPerms_OutputFileExists(t *testing.T) {
 func TestWriteFileWithPerms(t *testing.T) {
 	t.Parallel()
 	payload := "foo-foo-foo-foo"
-	rand.Seed(time.Now().UnixNano())
 	randFileName := fmt.Sprintf("/tmp/%d", rand.Int())
 	t.Cleanup(func() {
 		os.RemoveAll(randFileName)

hack/aws-acceptance-test-cleanup/go.mod

@@ -1,6 +1,6 @@
 module github.com/hashicorp/consul-helm/hack/aws-acceptance-test-cleanup
 
-go 1.19
+go 1.20
 
 require (
 	github.com/aws/aws-sdk-go v1.38.63

hack/copy-crds-to-chart/go.mod

@@ -1,3 +1,3 @@
 module github.com/hashicorp/consul-k8s/hack/copy-crds-to-chart
 
-go 1.19
+go 1.20

hack/helm-reference-gen/go.mod

@@ -1,6 +1,6 @@
 module github.com/hashicorp/consul-k8s/hack/helm-reference-gen
 
-go 1.19
+go 1.20
 
 require (
 	github.com/stretchr/testify v1.6.1