consul/agent
Derek Menteer 3e8ec8d18e
Fix SAN matching on terminating gateways (#20417)
Fixes issue: hashicorp/consul#20360

A regression was introduced in hashicorp/consul#19954 where the SAN validation
matching was reduced from 4 potential types down to just the URI.

Terminating gateways will need to match on many fields depending on user
configuration, since they make egress calls outside of the cluster. Having more
than one matcher behaves like an OR operation, where any match is sufficient to
pass the certificate validation. To maintain backwards compatibility with the
old untyped `match_subject_alt_names` Envoy behavior, we should match on all 4
enum types.

https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#enum-extensions-transport-sockets-tls-v3-subjectaltnamematcher-santype
2024-01-31 12:17:45 -06:00
..
ae server: when the v2 catalog experiment is enabled reject api and rpc requests that are for the v1 catalog (#19129) 2023-10-11 10:44:03 -05:00
auto-config [NET-6593] agent: check for minimum RSA key size (#20112) 2024-01-10 12:15:36 +00:00
blockingquery [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
cache xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756) 2023-09-12 12:56:43 -07:00
cache-types xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756) 2023-09-12 12:56:43 -07:00
cacheshim xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756) 2023-09-12 12:56:43 -07:00
checks Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
config [CC-7044] Start HCP manager as part of link creation (#20312) 2024-01-29 16:31:44 -06:00
configentry Hash based config entry replication (#19795) 2023-12-12 08:29:13 -05:00
connect [NET-6593] agent: check for minimum RSA key size (#20112) 2024-01-10 12:15:36 +00:00
consul [NET-6231] Handle Partition traffic permissions when reconciling traffic permissions (#20408) 2024-01-30 22:14:32 +00:00
debug [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
discovery NET-7165 - fix address and target setting (#20403) 2024-01-30 15:34:35 -07:00
dns NET-7165 - fix address and target setting (#20403) 2024-01-30 15:34:35 -07:00
envoyextensions NET-6946 / NET-6941 - Replace usage of deprecated Envoy fields envoy.config.route.v3.HeaderMatcher.safe_regex_match and envoy.type.matcher.v3.RegexMatcher.google_re2 (#20013) 2024-01-03 09:53:39 -07:00
exec Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
grpc-external Remove V2 PeerName field from pbresource.Tenancy (#19865) 2024-01-29 15:08:31 -05:00
grpc-internal In-Memory gRPC (#19942) 2024-01-12 11:54:07 -05:00
grpc-middleware resource: add MutateAndValidate endpoint (#20311) 2024-01-25 13:12:30 -06:00
hcp [CC-7049] Stop the HCP manager when link is deleted (#20351) 2024-01-30 09:40:36 -06:00
leafcert xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756) 2023-09-12 12:56:43 -07:00
local bug: prevent go routine leakage due to existing DeferCheck (#18558) 2023-08-23 10:33:07 -04:00
log-drop [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
metadata [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
metrics [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
mock [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
pool [NET-6459] Fix issue with wanfed lan ip conflicts. (#19503) 2023-11-06 08:47:12 -06:00
proxycfg Fix to not create a watch to `Internal.ServiceDump` when mesh gateway is not used (#20168) 2024-01-18 16:44:53 -06:00
proxycfg-glue Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
proxycfg-sources [NET-5916] Fix locality-aware routing config and tests (CE) (#19483) 2023-11-02 14:05:06 -05:00
router [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
routine-leak-checker [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
rpc Various race condition and test fixes. (#20212) 2024-01-16 08:57:43 -06:00
rpcclient OSS -> CE (community edition) changes (#18517) 2023-08-22 09:46:03 -05:00
structs Case sensitive route match (#19647) 2024-01-22 09:23:24 -06:00
submatview [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
systemd [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
token Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
uiserver NET-5398: Update UI server to include if v2 is enabled (#20353) 2024-01-26 14:38:51 -07:00
xds Fix SAN matching on terminating gateways (#20417) 2024-01-31 12:17:45 -06:00
xdsv2 Remove V2 PeerName field from pbresource.Tenancy (#19865) 2024-01-29 15:08:31 -05:00
acl.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
acl_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
acl_endpoint.go [NET-6249] Add templated policies description (#19735) 2023-11-27 10:34:22 -05:00
acl_endpoint_test.go Various race condition and test fixes. (#20212) 2024-01-16 08:57:43 -06:00
acl_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
agent.go NET-7165 - v2 - add service questions (#20390) 2024-01-29 22:33:45 +00:00
agent_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
agent_ce_test.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
agent_endpoint.go agent: remove data race in agent config (#20200) 2024-01-12 15:11:21 -06:00
agent_endpoint_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
agent_endpoint_ce_test.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
agent_endpoint_test.go Retry lint fixes (#19151) 2023-12-06 12:11:32 -05:00
agent_test.go [CC-7044] Start HCP manager as part of link creation (#20312) 2024-01-29 16:31:44 -06:00
apiserver.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
apiserver_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
catalog_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
catalog_endpoint_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
catalog_endpoint_test.go Retry lint fixes (#19151) 2023-12-06 12:11:32 -05:00
check.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
config_endpoint.go NET-5824 Exported services api (#20015) 2024-01-23 10:06:59 +05:30
config_endpoint_test.go NET-5824 Exported services api (#20015) 2024-01-23 10:06:59 +05:30
connect_ca_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
connect_ca_endpoint_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
coordinate_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
coordinate_endpoint_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
delegate_mock_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
denylist.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
denylist_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
discovery_chain_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
discovery_chain_endpoint_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
dns.go feat(v2dns): add PTR query support (#20362) 2024-01-29 11:40:10 -05:00
dns_ce.go DNS v2 - add virtual ip questions (#20245) 2024-01-17 23:46:18 +00:00
dns_ce_test.go DNS v2 - add virtual ip questions (#20245) 2024-01-17 23:46:18 +00:00
dns_node_lookup_test.go feat(v2dns): addr. query support (#20224) 2024-01-16 22:36:02 -05:00
dns_service_lookup_test.go NET-7165 - v2 - add service questions (#20390) 2024-01-29 22:33:45 +00:00
dns_test.go feat(v2dns): add PTR query support (#20362) 2024-01-29 11:40:10 -05:00
enterprise_delegate_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
event_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
event_endpoint_test.go Retry lint fixes (#19151) 2023-12-06 12:11:32 -05:00
federation_state_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
health_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
health_endpoint_test.go Retry lint fixes (#19151) 2023-12-06 12:11:32 -05:00
http.go Change logging of registered v2 resource endpoints to add /api prefix (#20352) 2024-01-25 14:18:54 -08:00
http_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
http_ce_test.go OSS -> CE (community edition) changes (#18517) 2023-08-22 09:46:03 -05:00
http_decode_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
http_register.go NET-5824 Exported services api (#20015) 2024-01-23 10:06:59 +05:30
http_test.go Retry lint fixes (#19151) 2023-12-06 12:11:32 -05:00
intentions_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
intentions_endpoint_ce_test.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
intentions_endpoint_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
keyring.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
keyring_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
kvs_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
kvs_endpoint_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
metrics.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
metrics_test.go Various race condition and test fixes. (#20212) 2024-01-16 08:57:43 -06:00
nodeid.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
nodeid_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
notify.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
notify_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
operator_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
operator_endpoint_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
operator_endpoint_ce_test.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
operator_endpoint_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
peering_endpoint.go OSS -> CE (community edition) changes (#18517) 2023-08-22 09:46:03 -05:00
peering_endpoint_ce_test.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
peering_endpoint_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
prepared_query_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
prepared_query_endpoint_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
proxycfg_test.go catalog,mesh,auth: Move resource types to the proto-public module (#18935) 2023-09-22 15:50:56 -06:00
reload.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
remote_exec.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
remote_exec_test.go Retry lint fixes (#19151) 2023-12-06 12:11:32 -05:00
retry_join.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
retry_join_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
service_checks_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
service_manager.go Ensure that upstream configuration is properly normalized. (#19076) 2023-10-06 13:59:47 -05:00
service_manager_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
session_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
session_endpoint_test.go Retry lint fixes (#19151) 2023-12-06 12:11:32 -05:00
setup.go [CC-7044] Start HCP manager as part of link creation (#20312) 2024-01-29 16:31:44 -06:00
setup_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
sidecar_service.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
sidecar_service_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
signal_unix.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
signal_windows.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
snapshot_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
snapshot_endpoint_test.go Fix more test flakes (#19533) 2023-11-07 10:15:50 -06:00
status_endpoint.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
status_endpoint_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
streaming_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
testagent.go Various race condition and test fixes. (#20212) 2024-01-16 08:57:43 -06:00
testagent_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
translate_addr.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
txn_endpoint.go Add TCP+TLS Healthchecks (#18381) 2023-09-05 13:34:44 -07:00
txn_endpoint_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
ui_endpoint.go [NET-5688] APIGateway UI Topology Fixes (#19657) 2023-11-28 21:27:14 +00:00
ui_endpoint_ce_test.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
ui_endpoint_test.go server: when the v2 catalog experiment is enabled reject api and rpc requests that are for the v1 catalog (#19129) 2023-10-11 10:44:03 -05:00
user_event.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
user_event_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
util.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
util_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
watch_handler.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
watch_handler_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00