Commit Graph

27 Commits (31539a28be069f646a982642ca9a87c63115443a)

Author SHA1 Message Date
skpratt 57bad0df85
add traffic permissions excludes and tests (#20453)
10 months ago
skpratt 0abf8f8426
Net 5092/internal l7 traffic permissions (#20276)
10 months ago
Nitya Dhanushkodi 95d9b2c7e4
[NET-4931] xdsv2, sidecarproxycontroller, l4 trafficpermissions: support L7 (#19185)
1 year ago
Eric Haberkorn f2b7b4591a
Fix Traffic Permissions Default Deny (#19028)
1 year ago
Eric Haberkorn 7ce6ebaeb3
Handle Traffic Permissions With Empty Sources Properly (#19024)
1 year ago
Iryna Shustava d88888ee8b
catalog,mesh,auth: Bump versions to v2beta1 (#18930)
1 year ago
Eric Haberkorn 21fdbbabbc
Wire up traffic permissions (#18812)
1 year ago
Eric Haberkorn 12be06f8e5
Add V2 TCP traffic permissions (#18771)
1 year ago
hashicorp-copywrite[bot] 5fb9df1640
[COMPLIANCE] License changes (#18443)
1 year ago
Ronald bcc6a9d752
Use JWT-auth filter in metadata mode & Delegate validation to RBAC filter (#18062)
1 year ago
Ronald 55e283dda9
[NET-3092] JWT Verify claims handling (#17452)
2 years ago
Eric Haberkorn b1fae05983
Add sameness groups to service intentions. (#17064)
2 years ago
Ronald 94ec4eb2f4
copyright headers for agent folder (#16704)
2 years ago
Matt Keeler 085c0addc0
Protobuf Refactoring for Multi-Module Cleanliness (#16302)
2 years ago
Eric Haberkorn 8d923c1789
Add the Lua Envoy extension (#15906)
2 years ago
R.B. Boyer 31b95c747b
xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629)
2 years ago
Chris S. Kim fb5eb20563
Pass trust domain to RBAC to validate and fix use of wrong peer trust bundles (#13508)
2 years ago
Chris S. Kim a02e9abcc1
Update RBAC to handle imported services (#13404)
3 years ago
Evan Culver 61be9371f5
connect: Remove support for Envoy 1.16 (#11354)
3 years ago
freddygv 5e54f253d7 Expand testing of simplifyNotSourceSlice for partitions
3 years ago
R.B. Boyer 20feb42d3a
xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619)
3 years ago
R.B. Boyer 398b766532
xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658)
4 years ago
R.B. Boyer be89557fb4
test: omit envoy golden test files that differ from the latest version (#9807)
4 years ago
R.B. Boyer 3b6ffc447b
xds: remove deprecated usages of xDS (#9602)
4 years ago
R.B. Boyer 1b413b0444
connect: support defining intentions using layer 7 criteria (#8839)
4 years ago
R.B. Boyer a2a8e9c783
connect: intentions are now managed as a new config entry kind "service-intentions" (#8834)
4 years ago
R.B. Boyer 74d5df7c7a
xds: use envoy's rbac filter to handle intentions entirely within envoy (#8569)
4 years ago