Change8

ent-changelog-1.12.0

Breaking Changes
📦 consul-connectView on GitHub →
2 breaking13 features1 deprecations🔧 5 symbols

Summary

This release introduces significant features like AWS IAM Auth method support, per-listener TLS configuration, and auto-reloading of configuration files. It also includes several breaking changes in testutil structs and telemetry defaults.

⚠️ Breaking Changes

  • sdk: The testutil configuration structs were modified: `ACLMasterToken` was removed, and `Master` was renamed to `InitialManagement`, and `AgentMaster` was renamed to `AgentRecovery`.
  • telemetry: The `disable_compat_1.9` option now defaults to true. Consumers relying on 1.9 style `consul.http...` metrics must explicitly set `disable_compat_1.9 = false`. These metrics will be removed in 1.13.

Migration Steps

  1. If you use testutil configuration structs, update them to remove `ACLMasterToken` and rename `Master` to `InitialManagement` and `AgentMaster` to `AgentRecovery`.
  2. If you rely on 1.9 style `consul.http...` metrics, set `disable_compat_1.9 = false` in your configuration or CLI flags to keep them enabled temporarily; be aware they will be removed in 1.13.
  3. If using AWS IAM auth method configuration, note that the `STSRegion` field was removed from the auth method config.

✨ New Features

  • acl: Added token information to PermissionDeniedErrors.
  • acl: Added an AWS IAM auth method for authenticating using AWS IAM identities.
  • ca: Root certificates can now be consumed from a gRPC streaming endpoint: `WatchRoots`.
  • cli: The `token read` command now supports the `-expanded` flag to display detailed role and policy information for the token.
  • config: Configuration files can now be automatically reloaded when they change using the `auto-reload-config` CLI flag or `auto_reload_config` config option.
  • server: Service-defaults `Meta` is now returned with the response to the `ConfigEntry.ResolveServiceConfig` RPC.
  • server: Discovery chains now include a response field named "Default" to indicate if they were not constructed from any service-resolver, service-splitter, or service-router config entries.
  • server: Service-defaults meta is now incorporated into the discovery chain response.
  • tls: It is now possible to configure TLS differently for each of Consul's listeners (HTTPS, gRPC, internal multiplexed RPC) using the `tls` stanza.
  • ui: Added support for AWS IAM Auth Methods.
  • ui: Support connect-native services in the Topology view.
  • xds: Added the ability to invoke AWS Lambdas through terminating gateways.
  • xds: Added control of mesh-wide min/max TLS versions and cipher suites from the mesh config entry.

🔧 Affected Symbols

sdk testutil configuration structsconsul.http... metricsPermissionDeniedErrorsConfigEntry.ResolveServiceConfig RPCSTSRegion

⚡ Deprecations

  • acl: The deprecated `ACLMasterToken` field in ACL configuration is removed.