mirror of https://github.com/hashicorp/consul
31b95c747b
When the protocol is http-like, and an intention has a peered source then the normal RBAC mTLS SAN field check is replaces with a joint combo of: mTLS SAN field must be the service's local mesh gateway leaf cert AND the first XFCC header (from the MGW) must have a URI field that matches the original intention source Also: - Update the regex program limit to be much higher than the teeny defaults, since the RBAC regex constructions are more complicated now. - Fix a few stray panics in xds generation. |
||
---|---|---|
.. | ||
acl | ||
agent | ||
catalog | ||
cli | ||
config | ||
connect | ||
debug | ||
event | ||
exec | ||
flags | ||
forceleave | ||
helpers | ||
info | ||
intention | ||
join | ||
keygen | ||
keyring | ||
kv | ||
leave | ||
lock | ||
login | ||
logout | ||
maint | ||
members | ||
monitor | ||
operator | ||
reload | ||
rtt | ||
services | ||
snapshot | ||
tls | ||
validate | ||
version | ||
watch | ||
registry.go | ||
registry_oss.go |