consul/agent/xds/testdata/clusters
R.B. Boyer 31b95c747b
xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629)
When the protocol is http-like, and an intention has a peered source
then the normal RBAC mTLS SAN field check is replaces with a joint combo
of:

    mTLS SAN field must be the service's local mesh gateway leaf cert
      AND
    the first XFCC header (from the MGW) must have a URI field that matches the original intention source

Also:

- Update the regex program limit to be much higher than the teeny
  defaults, since the RBAC regex constructions are more complicated now.

- Fix a few stray panics in xds generation.
2022-06-29 10:29:54 -05:00
..
connect-proxy-exported-to-peers.latest.golden xds: begin refactor to always pass test snapshots through all xDS types (#13461) 2022-06-15 14:58:28 -05:00
connect-proxy-lb-in-resolver.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain-and-failover.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain-and-overrides.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain-external-sni.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-peered-upstreams.latest.golden xds: allow for peered upstreams to use tagged addresses that are hostnames (#13422) 2022-06-10 16:11:40 -05:00
connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tls-outgoing-cipher-suites.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tls-outgoing-max-version.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tls-outgoing-min-version-auto.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-tls-outgoing-min-version.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-limits-max-connections-only.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-limits-set-to-zero.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-limits.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-local-app.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-max-inbound-connections.latest.golden Add connection limit setting to service defaults 2022-05-24 10:13:38 -07:00
custom-timeouts.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-upstream-default-chain.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
custom-upstream.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
defaults.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
downstream-service-with-unix-sockets.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
expose-paths-grpc-new-cluster-http1.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
expose-paths-local-app-paths.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
expose-paths-new-cluster-http2.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-gateway-no-services.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-gateway-with-tls-outgoing-max-version.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-gateway-with-tls-outgoing-min-version.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-lb-in-resolver.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-multiple-listeners-duplicate-service.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-splitter-with-resolver-redirect.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-chain-and-failover.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-chain-external-sni.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-chain.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-failover-through-local-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-hash-lb-ignored.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-ignore-extra-resolvers.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-no-services.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-non-hash-lb-injected.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-service-subsets.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-service-timeouts.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-using-federation-states.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-with-exported-peered-services-http-with-router.latest.golden xds: mesh gateways now correctly load up peer-exported discovery chains using L7 protocols (#13624) 2022-06-28 14:52:25 -05:00
mesh-gateway-with-exported-peered-services-http.latest.golden xds: mesh gateways now correctly load up peer-exported discovery chains using L7 protocols (#13624) 2022-06-28 14:52:25 -05:00
mesh-gateway-with-exported-peered-services.latest.golden xds: mesh gateways now correctly load up peer-exported discovery chains using L7 protocols (#13624) 2022-06-28 14:52:25 -05:00
mesh-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
splitter-with-resolver-redirect.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-hostname-service-subsets.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-ignore-extra-resolvers.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-lb-config.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-no-services.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-service-subsets.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-sni.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
transparent-proxy-catalog-destinations-only.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
transparent-proxy-dial-instances-directly.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
transparent-proxy-terminating-gateway-destinations-only.latest.golden feat: tgtwy xDS generation for destinations 2022-06-16 16:17:49 -04:00
transparent-proxy.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00