github
/
consul
mirror of https://github.com/hashicorp/consul
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/agent/xds/testdata
History
R.B. Boyer 31b95c747b
xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 
When the protocol is http-like, and an intention has a peered source
then the normal RBAC mTLS SAN field check is replaces with a joint combo
of:

    mTLS SAN field must be the service's local mesh gateway leaf cert
      AND
    the first XFCC header (from the MGW) must have a URI field that matches the original intention source

Also:

- Update the regex program limit to be much higher than the teeny
  defaults, since the RBAC regex constructions are more complicated now.

- Fix a few stray panics in xds generation.
 		2022-06-29 10:29:54 -05:00
..
clusters xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 2022-06-29 10:29:54 -05:00
endpoints xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 2022-06-29 10:29:54 -05:00
listeners xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 2022-06-29 10:29:54 -05:00
rbac xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 2022-06-29 10:29:54 -05:00
routes xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 2022-06-29 10:29:54 -05:00
serverless_plugin Support making requests to lambda from connect proxies. 2022-05-05 17:42:30 -04:00
alt-test-leaf-cert.golden Use golden files for gateway certs and fix listener test flakiness 2020-04-27 11:08:41 -06:00
alt-test-leaf-key.golden Use golden files for gateway certs and fix listener test flakiness 2020-04-27 11:08:41 -06:00
alt-test-root-cert.golden Use golden files for gateway certs and fix listener test flakiness 2020-04-27 11:08:41 -06:00
cache-test-leaf-cert.golden Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
cache-test-leaf-key.golden Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
db-test-leaf-cert.golden Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
db-test-leaf-key.golden Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
test-leaf-cert.golden Connect: allow configuring Envoy for L7 Observability (#5558) 2019-04-29 17:27:57 +01:00
test-leaf-key.golden Connect: allow configuring Envoy for L7 Observability (#5558) 2019-04-29 17:27:57 +01:00
test-root-cert.golden Connect: allow configuring Envoy for L7 Observability (#5558) 2019-04-29 17:27:57 +01:00