backport of commit ae1dfb8

.changelog/16495.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+mesh: Add ServiceResolver RequestTimeout for route timeouts to make request timeouts configurable
+```

.changelog/16497.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+proxycfg: ensure that an irrecoverable error in proxycfg closes the xds session and triggers a replacement proxycfg watcher
+```

.changelog/16498.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+proxycfg: fix a bug where terminating gateways were not cleaning up deleted service resolvers for their referenced services
+```

.changelog/16499.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+mesh: Fix resolution of service resolvers with subsets for external upstreams
+```

.changelog/16508.txt

@@ -0,0 +1,3 @@
+```release-note:improvement
+ui: support filtering API gateways in the ui and displaying their documentation links
+```

.changelog/16512.txt

@@ -0,0 +1,3 @@
+```release-note:bug
+gateways: fix HTTPRoute bug where service weights could be less than or equal to 0 and result in a downstream envoy protocol error
+```

.github/CONTRIBUTING.md

@@ -162,7 +162,8 @@ When you're ready to submit a pull request:
    | --- | --- |
    | `pr/no-changelog` | This PR does not have an intended changelog entry |
    | `pr/no-metrics-test` | This PR does not require any testing for metrics |
-   | `backport/1.12.x` | Backport the changes in this PR to the targeted release branch. Consult the [Consul Release Notes](https://www.consul.io/docs/release-notes) page to view active releases. Website documentation merged to the latest release branch is deployed immediately |
+   | `backport/stable-website` | This PR contains documentation changes that are ready to be deployed immediately. Changes will also automatically get backported to the latest release branch |
+   | `backport/1.12.x` | Backport the changes in this PR to the targeted release branch. Consult the [Consul Release Notes](https://www.consul.io/docs/release-notes) page to view active releases. |
    Other labels may automatically be added by the Github Action CI.
 7. After you submit, the Consul maintainers team needs time to carefully review your
    contribution and ensure it is production-ready, considering factors such as: security,

.github/ISSUE_TEMPLATE/bug_report.md

@@ -4,41 +4,27 @@ about: You're experiencing an issue with Consul that is different than the docum
 
 ---
 
-<!-- When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.
--->
+When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.
 
 #### Overview of the Issue
 
-<!-- Please provide a paragraph or two about the issue you're experiencing. -->
-
----
+A paragraph or two about the issue you're experiencing.
 
 #### Reproduction Steps
 
-<!-- Please provide steps to reproduce the bug, without any details it would be hard to troubleshoot: 
-
 Steps to reproduce this issue, eg:
 
 1. Create a cluster with n client nodes n and n server nodes
 1. Run `curl ...`
 1. View error
 
--->
-
 ### Consul info for both Client and Server
 
-
-<!---  Please provide both `consul info` and agent HCL config for both client and servers to help us better diagnose the issue. Take careful steps to remove any sensitive information from config files that include secrets such as Gossip keys. --->
-
 <details>
   <summary>Client info</summary>
 
 ```
-Output from client 'consul info' command here
-```
-
-```
-Client agent HCL config
+output from client 'consul info' command here
 ```
 
 </details>
@@ -47,19 +33,15 @@ Client agent HCL config
   <summary>Server info</summary>
 
 ```
-Output from server 'consul info' command here
-```
-
-```
-Server agent HCL config
+output from server 'consul info' command here
 ```
 
 </details>
 
 ### Operating system and Environment details
 
-<!--  OS, Architecture, and any other information you can provide about the environment. -->
+OS, Architecture, and any other information you can provide about the environment.
 
 ### Log Fragments
 
-<!-- Include appropriate Client or Server log fragments. If the log is longer than a few dozen lines, please include the URL to the [gist](https://gist.github.com/) of the log instead of posting it in the issue. Use `-log-level=TRACE` on the client and server to capture the maximum log detail. -->
+Include appropriate Client or Server log fragments. If the log is longer than a few dozen lines, please include the URL to the [gist](https://gist.github.com/) of the log instead of posting it in the issue. Use `-log-level=TRACE` on the client and server to capture the maximum log detail.

.github/ISSUE_TEMPLATE/feature_request.md

@@ -4,12 +4,12 @@ about: If you have something you think Consul could improve or add support for.
 
 ---
 
-<!--- Please search the existing issues for relevant feature requests, and use the reaction feature (https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to add upvotes to pre-existing requests. --->
+Please search the existing issues for relevant feature requests, and use the reaction feature (https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to add upvotes to pre-existing requests.
 
 #### Feature Description
 
-<!--- Please provide a written overview of the feature and why this feature solves challenges that you are facing today. --->
+A written overview of the feature.
 
 #### Use Case(s)
 
-<!--- Please describe the use case for this feature (i.e. Service Mesh, Service Discovery, KV, API Gateway) and also deployment environments you are looking to see this addressed in (K8s, VMs, Nomad, ECS, Lambda). -->
+Any relevant use-cases that you see.

.github/ISSUE_TEMPLATE/ui_issues.md

@@ -4,42 +4,41 @@ about: You have usage feedback for the browser based UI
 
 ---
 
-<!--- When filing a bug, please include the following headings if possible. Any example text in this template can be deleted. --->
+When filing a bug, please include the following headings if possible. Any example text in this template can be deleted.
 
 ### Overview of the Issue
 
-<!--- Please provide a paragraph or two about the issue you're experiencing / suggestion for
-improvement. --->
+A paragraph or two about the issue you're experiencing / suggestion for
+improvement.
 
 ### Reproduction Steps
 
-<!--- Steps to reproduce this issue/view the area for improvement, eg:
+Steps to reproduce this issue/view the area for improvement, eg:
 
 1. Visit the UI page at `/ui/services`
 1. Click .... then click...etc.
 1. View error/area.
 
---->
-
 ### Describe the solution you'd like
 
-<!--- If this is an improvement rather than a bug, a clear and concise description
+If this is an improvement rather than a bug, a clear and concise description
 of what you want to happen. How have you seen this problem solved in other
-UIs? --->
+UIs?
 
 ### Consul Version
 
-<!--- This can be found either in the footer of the UI (Consul versions pre 1.10) or
-at the top of the help menu that is in the top right side of the UI. --->
+This can be found either in the footer of the UI (Consul versions pre 1.10) or
+at the top of the help menu that is in the top right side of the UI.
 
 ### Browser and Operating system details
 
-<!--- Browser, Browser Version, OS, and any other information you can provide about the environment that may be relevant. --->
+Browser, Browser Version, OS, and any other information you can provide about the environment that may be relevant.
 
 ### Screengrabs / Web Inspector logs
 
-<!--- If you think it's worthwhile, include appropriate screengrabs showing the
+If you think it's worthwhile, include appropriate screengrabs showing the
 error/area for improvement. Try to include the URL bar of the browser so we
 can see the current URL where the error manifests. Please be careful to
 obfuscate any sensitive information either in the URL or in the browser page
-itself. --->
+itself.
+

.github/pull_request_template.md

@@ -1,27 +1,16 @@
 ### Description
-
-<!-- Please describe why you're making this change, in plain English. -->
+Describe why you're making this change, in plain English.
 
 ### Testing & Reproduction steps
-
-<!--
-
 * In the case of bugs, describe how to replicate
 * If any manual tests were done, document the steps and the conditions to replicate
 * Call out any important/ relevant unit tests, e2e tests or integration tests you have added or are adding
 
--->
-
 ### Links
-
-<!--
-
 Include any links here that might be helpful for people reviewing your PR (Tickets, GH issues, API docs, external benchmarks, tools docs, etc). If there are none, feel free to delete this section.
 
 Please be mindful not to leak any customer or confidential information. HashiCorp employees may want to use our internal URL shortener to obfuscate links.
 
--->
-
 ### PR Checklist
 
 * [ ] updated test coverage

.github/workflows/backport-assistant.yml

@@ -18,6 +18,33 @@ jobs:
     runs-on: ubuntu-latest
     container: hashicorpdev/backport-assistant:0.3.0
     steps:
+      - name: Run Backport Assistant for stable-website
+        run: |
+          backport-assistant backport -merge-method=squash -gh-automerge
+        env:
+          BACKPORT_LABEL_REGEXP: "type/docs-(?P<target>cherrypick)"
+          BACKPORT_TARGET_TEMPLATE: "stable-website"
+          BACKPORT_MERGE_COMMIT: true
+          GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
+      - name: Backport changes to latest release branch
+        run: |
+          # Use standard token here 
+          resp=$(curl -f -s -H 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' "https://api.github.com/repos/$GITHUB_REPOSITORY/labels?per_page=100")
+          ret="$?"
+          if [[ "$ret" -ne 0 ]]; then
+              echo "The GitHub API returned $ret"
+              exit $ret
+          fi
+          # get the latest backport label excluding any website labels, ex: `backport/0.3.x` and not `backport/website`
+          latest_backport_label=$(echo "$resp" | jq -r '.[] | select(.name | (startswith("backport/") and (contains("website") | not))) | .name' | sort -rV | head -n1)
+          echo "Latest backport label: $latest_backport_label"
+          # set BACKPORT_TARGET_TEMPLATE for backport-assistant
+          # trims backport/ from the beginning with parameter substitution
+          export BACKPORT_TARGET_TEMPLATE="release/${latest_backport_label#backport/}.x"
+          backport-assistant backport -merge-method=squash -gh-automerge
+        env:
+          BACKPORT_LABEL_REGEXP: "type/docs-(?P<target>cherrypick)"
+          GITHUB_TOKEN: ${{ secrets.ELEVATED_GITHUB_TOKEN }}
       - name: Run Backport Assistant for release branches
         run: |
           backport-assistant backport -merge-method=squash -gh-automerge

.github/workflows/nightly-test-1.15.x.yaml → .github/workflows/nightly-test-1.11.x.yaml

@@ -1,13 +1,13 @@
-name: Nightly Test 1.15.x
+name: Nightly Test 1.11.x
 on:
   schedule:
     - cron: '0 4 * * *'
   workflow_dispatch: {}
 
 env:
   EMBER_PARTITION_TOTAL: 4      # Has to be changed in tandem with the matrix.partition
-  BRANCH: "release/1.15.x"
-  BRANCH_NAME: "release-1.15.x" # Used for naming artifacts
+  BRANCH: "release/1.11.x"
+  BRANCH_NAME: "release-1.11.x" # Used for naming artifacts
 
 jobs:
   frontend-test-workspace-node:

.github/workflows/website-checker.yml

@@ -0,0 +1,51 @@
+# The outline of this workflow is something that the GitHub Security team warns against
+# here: https://securitylab.github.com/research/github-actions-preventing-pwn-requests. But
+# due to this workflow only running a git diff check and not building or publishing anything,
+# there is no harm in checking out the PR HEAD code.
+#
+# All the code checked out in this workflow should be considered untrusted. This workflow must
+# never call any makefiles or scripts. It must never be changed to run any code from the checkout.
+
+# This workflow posts a message to a PR to remind maintainers that there are website/ changes
+# in the PR and if they need to be cherry-picked to the stable-website branch, the
+# 'type/docs-cherrypick' label needs to be applied.
+
+name: Website Checker
+
+on:
+  pull_request_target:
+    types: [opened]
+    # Runs on PRs to main and all release branches
+    branches:
+      - main
+      - release/*
+
+jobs:
+  # checks that a 'type/docs-cherrypick' label is attached to PRs with website/ changes
+  website-check:
+    # If there's already a `type/docs-cherrypick` label or an explicit `pr/no-docs` label, we ignore this check 
+    if: >-
+      !contains(github.event.pull_request.labels.*.name, 'type/docs-cherrypick') &&
+      !contains(github.event.pull_request.labels.*.name, 'pr/no-docs')
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          ref: ${{ github.event.pull_request.head.sha }}
+          fetch-depth: 0 # by default the checkout action doesn't checkout all branches
+      - name: Check for website/ dir change in diff
+        run: |
+          # check if there is a diff in the website/ directory
+          website_files=$(git --no-pager diff --name-only HEAD "$(git merge-base HEAD "origin/${{ github.event.pull_request.base.ref }}")" -- website/)
+
+          # If we find changed files in the website/ directory, we post a comment to the PR
+          if [ -n "$website_files" ]; then
+            # post PR comment to GitHub to check if a 'type/docs-cherrypick' label needs to be applied to the PR
+            echo "website-check: Did not find a 'type/docs-cherrypick' label, posting a reminder in the PR"
+            github_message="🤔 This PR has changes in the \`website/\` directory but does not have a \`type/docs-cherrypick\` label. If the changes are for the next version, this can be ignored. If they are updates to current docs, attach the label to auto cherrypick to the \`stable-website\` branch after merging."
+            curl -s -H "Authorization: token ${{ secrets.PR_COMMENT_TOKEN }}" \
+                -X POST \
+                -d "{ \"body\": \"${github_message}\"}" \
+                "https://api.github.com/repos/${GITHUB_REPOSITORY}/issues/${{ github.event.pull_request.number }}/comments"
+          fi

GNUmakefile

@@ -9,8 +9,7 @@ SHELL = bash
 ###
 GOLANGCI_LINT_VERSION='v1.51.1'
 MOCKERY_VERSION='v2.20.0'
-BUF_VERSION='v1.14.0'
-
+BUF_VERSION='v1.4.0'
 PROTOC_GEN_GO_GRPC_VERSION="v1.2.0"
 MOG_VERSION='v0.4.0'
 PROTOC_GO_INJECT_TAG_VERSION='v1.3.0'
@@ -496,11 +495,12 @@ proto-format: proto-tools
 
 .PHONY: proto-lint
 proto-lint: proto-tools
-	@buf lint 
+	@buf lint --config proto/buf.yaml --path proto
+	@buf lint --config proto-public/buf.yaml --path proto-public
 	@for fn in $$(find proto -name '*.proto'); do \
-		if [[ "$$fn" = "proto/private/pbsubscribe/subscribe.proto" ]]; then \
+		if [[ "$$fn" = "proto/pbsubscribe/subscribe.proto" ]]; then \
 			continue ; \
-		elif [[ "$$fn" = "proto/private/pbpartition/partition.proto" ]]; then \
+		elif [[ "$$fn" = "proto/pbpartition/partition.proto" ]]; then \
 			continue ; \
 		fi ; \
 		pkg=$$(grep "^package " "$$fn" | sed 's/^package \(.*\);/\1/'); \