Bump github.com/hashicorp/consul/api from 1.7.0 to 1.8.1

[dependabot-preview]

Bumps github.com/hashicorp/consul/api from 1.7.0 to 1.8.1.

Release notes

Sourced from github.com/hashicorp/consul/api's releases.

v1.8.1

1.8.1 (July 30, 2020)

FEATURES:

• acl: Added ACL Node Identities for easier creation of Consul Agent tokens. [GH-7970]
• agent: Added Consul client agent automatic configuration utilizing JWTs for authorizing the request to generate ACL tokens, TLS certificates and retrieval of the gossip encryption key. [GH-8003], [GH-8035], [GH-8086], [GH-8148], [GH-8157], [GH-8159], [GH-8193], [GH-8253], [GH-8301], [GH-8360], [GH-8362], [GH-8363], [GH-8364], [GH-8409]

IMPROVEMENTS:

• acl: allow auth methods created in the primary datacenter to optionally create global tokens [GH-7899]
• agent: Allow to restrict servers that can join a given Serf Consul cluster. [GH-7628]
• agent: new configuration options allow ratelimiting of the agent-cache: cache.entry_fetch_rate and cache.entry_fetch_max_burst. [GH-8226]
• cli: Output message on success when writing/deleting config entries. [GH-7806]
• connect: Append port number to expected ingress hosts [GH-8190]
• dns: Improve RCODE of response when query targets a non-existent datacenter. [GH-8102],[GH-8218]
• version: The version CLI subcommand was altered to always show the git revision the binary was built from on the second line of output. Additionally the command gained a -format flag with the option now of outputting the version information in JSON form. NOTE This change has the potential to break any parsing done by users of the version commands output. In many cases nothing will need to be done but it is possible depending on how the output is parsed. [GH-8268]

BUGFIXES:

• agent: Fixed a bug where Consul could crash when verify_outgoing was set to true but no client certificate was used. [GH-8211]
• agent: Fixed an issue with lock contention during RPCs when under load while using the Prometheus metrics sink. [GH-8372]
• auto_encrypt: Fixed an issue where auto encrypt certificate signing wasn't using the connect signing rate limiter. [GH-8211]
• auto_encrypt: Fixed several issues around retrieving the first TLS certificate where it would have the wrong CN and SANs. This was being masked by a second bug (also fixed) causing that certificate to immediately be discarded with a second certificate request being made afterwards. [GH-8211]
• auto_encrypt: Fixed an issue that caused auto encrypt certificates to not be updated properly if the agents token was changed and the old token was deleted. [GH-8311]
• connect: fix crash that would result if a mesh or terminating gateway's upstream has a hostname as an address and no healthy service instances available [GH-8158]
• connect: Fixed issue where specifying a prometheus bind address would cause ingress gateways to fail to start up [GH-8371](hashicorp/consul#8371)
• gossip: Avoid issue where two unique leave events for the same node could lead to infinite rebroadcast storms [GH-8343]
• snapshot: (Consul Enterprise only) Fixed a regression when using Azure blob storage.
• xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions [GH-8265]

v1.8.0

1.8.0 (June 18, 2020)

BREAKING CHANGES:

• acl: Remove deprecated acl_enforce_version_8 option [GH-7991]

FEATURES:

• Terminating Gateway: Envoy can now be run as a gateway to enable services in a Consul service mesh to connect to external services through their local proxy. Terminating gateways unlock several of the benefits of a service mesh in the cases where a sidecar proxy cannot be deployed alongside services such as legacy applications or managed cloud databases.

• Ingress Gateway: Envoy can now be run as a gateway to ingress traffic into the Consul service mesh, enabling a more incremental transition for applications.

• WAN Federation over Mesh Gateways: Allows Consul datacenters to federate by forwarding WAN gossip and RPC traffic through Mesh Gateways rather than requiring the servers to be exposed to the WAN directly.

• JSON Web Token (JWT) Auth Method: Allows exchanging a signed JWT from a trusted external identity provider for a Consul ACL token.

• Single Sign-On (SSO) [Enterprise]: Lets an operator configure Consul to use an external OpenID Connect (OIDC) provider to automatically handle the lifecycle of creating, distributing and managing ACL tokens for performing CLI operations or accessing the UI.

• Audit Logging [Enterprise]: Adds instrumentation to record a trail of events (both attempted and authorized) by users of Consul’s HTTP API for purposes of regulatory compliance.

• acl: add DisplayName field to auth methods [GH-7769]

• acl: add MaxTokenTTL field to auth methods [GH-7779]

• agent/xds: add support for configuring passive health checks [GH-7713]

• cli: Add -config flag to "acl authmethod update/create" [GH-7776]

Changelog

Sourced from github.com/hashicorp/consul/api's changelog.

1.8.1 (July 30, 2020)

FEATURES:

• acl: Added ACL Node Identities for easier creation of Consul Agent tokens. [GH-7970]
• agent: Added Consul client agent automatic configuration utilizing JWTs for authorizing the request to generate ACL tokens, TLS certificates and retrieval of the gossip encryption key. [GH-8003], [GH-8035], [GH-8086], [GH-8148], [GH-8157], [GH-8159], [GH-8193], [GH-8253], [GH-8301], [GH-8360], [GH-8362], [GH-8363], [GH-8364], [GH-8409]

IMPROVEMENTS:

• acl: allow auth methods created in the primary datacenter to optionally create global tokens [GH-7899]
• agent: Allow to restrict servers that can join a given Serf Consul cluster. [GH-7628]
• agent: new configuration options allow ratelimiting of the agent-cache: cache.entry_fetch_rate and cache.entry_fetch_max_burst. [GH-8226]
• api: Added methods to allow passing query options to leader and peers endpoints to mirror HTTP API [GH-8395]
• auto_config: when configuring auto_config, connect is turned on automatically [GH-8433]
• connect: various changes to make namespaces for intentions work more like for other subsystems [GH-8194]
• connect: Append port number to expected ingress hosts [GH-8190]
• connect: add support for envoy 1.15.0 and drop support for 1.11.x [GH-8424]
• connect: support Envoy v1.14.4, v1.13.4, v1.12.6 [GH-8216]
• dns: Improve RCODE of response when query targets a non-existent datacenter. [GH-8102],[GH-8218]
• version: The version CLI subcommand was altered to always show the git revision the binary was built from on the second line of output. Additionally the command gained a -format flag with the option now of outputting the version information in JSON form. NOTE This change has the potential to break any parsing done by users of the version commands output. In many cases nothing will need to be done but it is possible depending on how the output is parsed. [GH-8268]

BUGFIXES:

• agent: Fixed a bug where Consul could crash when verify_outgoing was set to true but no client certificate was used. [GH-8211]
• agent: Fixed an issue with lock contention during RPCs when under load while using the Prometheus metrics sink. [GH-8372]
• auto_encrypt: Fixed an issue where auto encrypt certificate signing wasn't using the connect signing rate limiter. [GH-8211]
• auto_encrypt: Fixed several issues around retrieving the first TLS certificate where it would have the wrong CN and SANs. This was being masked by a second bug (also fixed) causing that certificate to immediately be discarded with a second certificate request being made afterwards. [GH-8211]
• auto_encrypt: Fixed an issue that caused auto encrypt certificates to not be updated properly if the agents token was changed and the old token was deleted. [GH-8311]
• autopilot: (Consul Enterprise only) Fixed an issue where using autopilot with redundancy zones wouldn't demote extra voters in a zone to match the "one voter per zone" desired state when rebalancing.
• connect: fix crash that would result if a mesh or terminating gateway's upstream has a hostname as an address and no healthy service instances available. [GH-8158]
• connect: Fixed issue where specifying a prometheus bind address would cause ingress gateways to fail to start up [GH-8371](hashicorp/consul#8371)
• gossip: Avoid issue where two unique leave events for the same node could lead to infinite rebroadcast storms [GH-8343]
• router: Mark its own cluster as healthy when rebalancing. [GH-8406]
• snapshot: (Consul Enterprise only) Fixed a regression when using Azure blob storage.
• xds: version sniff envoy and switch regular expressions from 'regex' to 'safe_regex' on newer envoy versions [GH-8222]

1.8.0 (June 18, 2020)

BREAKING CHANGES:

• acl: Remove deprecated acl_enforce_version_8 option [GH-7991]

FEATURES:

• Terminating Gateway: Envoy can now be run as a gateway to enable services in a Consul service mesh to connect to external services through their local proxy. Terminating gateways unlock several of the benefits of a service mesh in the cases where a sidecar proxy cannot be deployed alongside services such as legacy applications or managed cloud databases.
• Ingress Gateway: Envoy can now be run as a gateway to ingress traffic into the Consul service mesh, enabling a more incremental transition for applications.
• WAN Federation over Mesh Gateways: Allows Consul datacenters to federate by forwarding WAN gossip and RPC traffic through Mesh Gateways rather than requiring the servers to be exposed to the WAN directly.
• JSON Web Token (JWT) Auth Method: Allows exchanging a signed JWT from a trusted external identity provider for a Consul ACL token.
• Single Sign-On (SSO) [Enterprise]: Lets an operator configure Consul to use an external OpenID Connect (OIDC) provider to automatically handle the lifecycle of creating, distributing and managing ACL tokens for performing CLI operations or accessing the UI.
• Audit Logging [Enterprise]: Adds instrumentation to record a trail of events (both attempted and authorized) by users of Consul’s HTTP API for purposes of regulatory compliance.

Commits

• 12f574c Release v1.8.1
• d510c62 update bindata_assetfs.go
• 622495f Update CHANGELOG.md
• b5e858d Avoid panics during shutdown routine
• 5658fae Update CHANGELOG.md
• e9b07c5 Add some auto-config docs (#8410)
• d6c35dd Update CHANGELOG.md
• c9b6615 Ensure certificates retrieved through the cache get persisted with auto-confi...
• 4f98af0 Allow setting verify_incoming* when using auto_encrypt or auto_config (#8394)
• ab71058 Mention agent-caching ratelimiting.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes a minor update to a production dependency.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)

[codeclimate]

Code Climate has analyzed commit ff86e3f and detected 0 issues on this pull request.

View more on Code Climate.