mirror of https://github.com/hashicorp/consul
31b95c747b
When the protocol is http-like, and an intention has a peered source then the normal RBAC mTLS SAN field check is replaces with a joint combo of: mTLS SAN field must be the service's local mesh gateway leaf cert AND the first XFCC header (from the MGW) must have a URI field that matches the original intention source Also: - Update the regex program limit to be much higher than the teeny defaults, since the RBAC regex constructions are more complicated now. - Fix a few stray panics in xds generation. |
||
---|---|---|
.. | ||
ca | ||
envoy | ||
expose | ||
proxy | ||
redirecttraffic | ||
connect.go | ||
connect_test.go |