Skip to content

v1.12.0-beta1

Pre-release
Pre-release
Compare
Choose a tag to compare
@hc-github-team-es-release-engineering hc-github-team-es-release-engineering released this 05 Apr 02:25
v1.12.0-beta1
27cc4d8

1.12.0-beta1 (April 4, 2022)

BREAKING CHANGES:

  • sdk: several changes to the testutil configuration structs (removed ACLMasterToken, renamed Master to InitialManagement, and AgentMaster to AgentRecovery) [GH-11827]
  • telemetry: the disable_compat_1.9 option now defaults to true. 1.9 style consul.http... metrics can still be enabled by setting disable_compat_1.9 = false. However, we will remove these metrics in 1.13. [GH-12675]

FEATURES:

  • acl: Add token information to PermissionDeniedErrors [GH-12567]
  • acl: Added an AWS IAM auth method that allows authenticating to Consul using AWS IAM identities [GH-12583]
  • cli: The token read command now supports the -expanded flag to display detailed role and policy information for the token. [GH-12670]
  • config: automatically reload config when a file changes using the auto-reload-config CLI flag or auto_reload_config config option. [GH-12329]
  • server: Ensure that service-defaults Meta is returned with the response to the ConfigEntry.ResolveServiceConfig RPC. [GH-12529]
  • server: discovery chains now include a response field named "Default" to indicate if they were not constructed from any service-resolver, service-splitter, or service-router config entries [GH-12511]
  • server: ensure that service-defaults meta is incorporated into the discovery chain response [GH-12511]
  • tls: it is now possible to configure TLS differently for each of Consul's listeners (i.e. HTTPS, gRPC and the internal multiplexed RPC listener) using the tls stanza [GH-12504]
  • ui: Support connect-native services in the Topology view. [GH-12098]
  • xds: Add the ability to invoke AWS Lambdas through terminating gateways. [GH-12681]
  • xds: adding control of the mesh-wide min/max TLS versions and cipher suites from the mesh config entry [GH-12601]

IMPROVEMENTS:

  • Refactor ACL denied error code and start improving error details [GH-12308]
  • acl: Provide fuller detail in the error messsage when an ACL denies access. [GH-12470]
  • agent: Allow client agents to perform keyring operations [GH-12442]
  • agent: add additional validation to TLS config [GH-12522]
  • agent: add support for specifying TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 cipher suites [GH-12522]
  • agent: bump default min version for connections to TLS 1.2 [GH-12522]
  • ci: include 'enhancement' entry type in IMPROVEMENTS section of changelog. [GH-12376]
  • ui: Exclude Service Instance Health from Health Check reporting on the Node listing page. The health icons on each individual row now only reflect Node health. [GH-12248]
  • ui: Improve usability of Topology warning/information panels [GH-12305]
  • ui: Slightly improve usability of main navigation [GH-12334]
  • ui: Use @hashicorp/flight icons for all our icons. [GH-12209]
  • Removed impediments to using a namespace prefixed IntermediatePKIPath
    in a CA definition. [GH-12655]
  • api: Improve error message if service or health check not found by stating that the entity must be referred to by ID, not name [GH-10894]
  • ci: Enable security scanning for CRT [GH-11956]
  • connect: reduce raft apply on CA configuration when no change is performed [GH-12298]
  • grpc, xds: improved reliability of grpc and xds servers by adding recovery-middleware to return and log error in case of panic. [GH-10895]
  • http: if a GET request has a non-empty body, log a warning that suggests a possible problem (parameters were meant for the query string, but accidentally placed in the body) [GH-11821]
  • metrics: The consul.raft.boltdb.writeCapacity metric was added and indicates a theoretical number of writes/second that can be performed to Consul. [GH-12646]
  • sdk: Add support for Partition and RetryJoin to the TestServerConfig struct. [GH-12126]
  • ui: In the datacenter selector order Datacenters by Primary, Local then alpanumerically [GH-12478]
  • ui: Move icons away from depending on a CSS preprocessor [GH-12461]
  • version: Improved performance of the version.GetHumanVersion function by 50% on memory allocation. [GH-11507]

DEPRECATIONS:

  • acl: The consul.acl.ResolveTokenToIdentity metric is no longer reported. The values that were previous reported as part of this metric will now be part of the consul.acl.ResolveToken metric. [GH-12166]
  • agent: deprecate older syntax for specifying TLS min version values [GH-12522]
  • agent: remove support for specifying insecure TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher suites [GH-12522]
  • config: setting cert_file, key_file, ca_file, ca_path, tls_min_version, tls_cipher_suites, verify_incoming, verify_incoming_rpc, verify_incoming_https, verify_outgoing and verify_server_hostname at the top-level is now deprecated, use the tls stanza instead [GH-12504]

BUG FIXES:

  • acl: (Enterprise Only) fixes a bug preventing ACL policies configured with datacenter restrictions from being created if the cluster had been upgraded to Consul 1.11+ from an earlier version.
  • connect/ca: cancel old Vault renewal on CA configuration. Provide a 1 - 6 second backoff on repeated token renewal requests to prevent overwhelming Vault. [GH-12607]
  • dns: allow max of 63 character DNS labels instead of 64 per RFC 1123 [GH-12535]
  • raft: upgrade to v1.3.6 which fixes a bug where a read replica node could attempt bootstrapping raft and prevent other nodes from bootstrapping at all [GH-12496]
  • server: fix spurious blocking query suppression for discovery chains [GH-12512]
  • ui: Added Tags tab to gateways(just like exists for non-gateway services) [GH-12400]
  • ui: Fixes a visual bug where our loading icon can look cut off [GH-12479]
Assets 2