luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity

Update prepared query cluster SAN validation 

Previously SAN validation for prepared queries was broken because we
validated against the name, namespace, and datacenter for prepared
queries.

However, prepared queries can target:

- Services with a name that isn't their own
- Services in multiple datacenters

This means that the SpiffeID to validate needs to be based on the
prepared query endpoints, and not the prepared query's upstream
definition.

This commit updates prepared query clusters to account for that.
This commit is contained in:
freddygv 2021-08-18 18:06:41 -06:00
parent 1f192eb7d9
commit b1050e4229
85 changed files with 326 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
agent/proxycfg/testing.go
View File

@ -144,6 +144,46 @@ func TestUpstreamNodes(t testing.T, service string) structs.CheckServiceNodes {
} }
} }
func TestPreparedQueryNodes(t testing.T, service string) structs.CheckServiceNodes {
// The service instances targeted by the prepared query are given the slightly different name
// "geo-cache-target" to ensure we don't use the prepared query's name for SAN validation.
// The name of prepared queries won't always match the name of the service they target.
nodes := structs.CheckServiceNodes{
structs.CheckServiceNode{
Node: &structs.Node{
ID: "test1",
Node: "test1",
Address: "10.10.1.1",
Datacenter: "dc1",
},
Service: &structs.NodeService{
Kind: structs.ServiceKindConnectProxy,
Service: service + "-sidecar-proxy",
Port: 8080,
Proxy: structs.ConnectProxyConfig{
DestinationServiceName: service + "-target",
},
},
},
structs.CheckServiceNode{
Node: &structs.Node{
ID: "test2",
Node: "test2",
Address: "10.20.1.2",
Datacenter: "dc2",
},
Service: &structs.NodeService{
Kind: structs.ServiceKindTypical,
Service: service + "-target",
Port: 8080,
Connect: structs.ServiceConnect{Native: true},
},
},
}
return nodes
}
func TestUpstreamNodesInStatus(t testing.T, status string) structs.CheckServiceNodes { func TestUpstreamNodesInStatus(t testing.T, status string) structs.CheckServiceNodes {
return structs.CheckServiceNodes{ return structs.CheckServiceNodes{
structs.CheckServiceNode{ structs.CheckServiceNode{
@ -666,7 +706,7 @@ func TestConfigSnapshot(t testing.T) *ConfigSnapshot {
}, },
}, },
PreparedQueryEndpoints: map[string]structs.CheckServiceNodes{ PreparedQueryEndpoints: map[string]structs.CheckServiceNodes{
"prepared_query:geo-cache": TestUpstreamNodes(t, "geo-cache"), "prepared_query:geo-cache": TestPreparedQueryNodes(t, "geo-cache"),
}, },
Intentions: nil, // no intentions defined Intentions: nil, // no intentions defined
IntentionsSet: true, IntentionsSet: true,
@ -781,11 +821,7 @@ func testConfigSnapshotDiscoveryChain(t testing.T, variation string, additionalE
t, variation, leaf, additionalEntries..., t, variation, leaf, additionalEntries...,
), ),
PreparedQueryEndpoints: map[string]structs.CheckServiceNodes{ PreparedQueryEndpoints: map[string]structs.CheckServiceNodes{
"prepared_query:geo-cache": TestPreparedQueryNodes(t, "geo-cache"),
// The service instances targeted by the prepared query are given the slightly different name
// "geo-cache-target" to ensure we don't use the prepared query's name for SAN validation.
// The name of prepared queries won't always match the name of the service they target.
"prepared_query:geo-cache": TestUpstreamNodes(t, "geo-cache-target"),
}, },
Intentions: nil, // no intentions defined Intentions: nil, // no intentions defined
IntentionsSet: true, IntentionsSet: true,

31
agent/xds/clusters.go
View File

@ -535,17 +535,34 @@ func (s *ResourceGenerator) makeUpstreamClusterForPreparedQuery(upstream structs
} }
} }
spiffeID := connect.SpiffeIDService{ endpoints := cfgSnap.ConnectProxy.PreparedQueryEndpoints[upstream.Identifier()]
Host: cfgSnap.Roots.TrustDomain, var (
Partition: upstream.DestinationPartition, spiffeIDs = make([]connect.SpiffeIDService, 0)
Namespace: upstream.DestinationNamespace, seen = make(map[string]struct{})
Datacenter: dc, )
Service: upstream.DestinationName, for _, e := range endpoints {
id := fmt.Sprintf("%s/%s", e.Node.Datacenter, e.Service.CompoundServiceName())
if _, ok := seen[id]; ok {
continue
}
seen[id] = struct{}{}
name := e.Service.Proxy.DestinationServiceName
if e.Service.Connect.Native {
name = e.Service.Service
}
spiffeIDs = append(spiffeIDs, connect.SpiffeIDService{
Host: cfgSnap.Roots.TrustDomain,
Namespace: e.Service.NamespaceOrDefault(),
Partition: e.Service.PartitionOrDefault(),
Datacenter: e.Node.Datacenter,
Service: name,
})
} }
// Enable TLS upstream with the configured client certificate. // Enable TLS upstream with the configured client certificate.
commonTLSContext := makeCommonTLSContextFromLeaf(cfgSnap, cfgSnap.Leaf()) commonTLSContext := makeCommonTLSContextFromLeaf(cfgSnap, cfgSnap.Leaf())
err = injectSANMatcher(commonTLSContext, spiffeID) err = injectSANMatcher(commonTLSContext, spiffeIDs...)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to inject SAN matcher rules for cluster %q: %v", sni, err) return nil, fmt.Errorf("failed to inject SAN matcher rules for cluster %q: %v", sni, err)
} }

5
agent/xds/testdata/clusters/connect-proxy-lb-in-resolver.envoy-1-18-x.golden vendored
View File

@ -107,7 +107,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-lb-in-resolver.v2compat.envoy-1-16-x.golden vendored
View File

@ -107,7 +107,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover.envoy-1-18-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover.v2compat.envoy-1-16-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.envoy-1-18-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.v2compat.envoy-1-16-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-chain-external-sni.envoy-1-18-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-chain-external-sni.v2compat.envoy-1-16-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-chain.envoy-1-18-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-chain.v2compat.envoy-1-16-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-18-x.golden vendored
View File

@ -108,7 +108,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.v2compat.envoy-1-16-x.golden vendored
View File

@ -108,7 +108,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.envoy-1-18-x.golden vendored
View File

@ -108,7 +108,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.v2compat.envoy-1-16-x.golden vendored
View File

@ -108,7 +108,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-18-x.golden vendored
View File

@ -108,7 +108,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.v2compat.envoy-1-16-x.golden vendored
View File

@ -108,7 +108,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-18-x.golden vendored
View File

@ -108,7 +108,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.v2compat.envoy-1-16-x.golden vendored
View File

@ -108,7 +108,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-18-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.v2compat.envoy-1-16-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway.envoy-1-18-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway.v2compat.envoy-1-16-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-18-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.v2compat.envoy-1-16-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway.envoy-1-18-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway.v2compat.envoy-1-16-x.golden vendored
View File

@ -105,7 +105,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-limits-max-connections-only.envoy-1-18-x.golden vendored
View File

@ -110,7 +110,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-limits-max-connections-only.v2compat.envoy-1-16-x.golden vendored
View File

@ -110,7 +110,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-limits-set-to-zero.envoy-1-18-x.golden vendored
View File

@ -114,7 +114,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-limits-set-to-zero.v2compat.envoy-1-16-x.golden vendored
View File

@ -114,7 +114,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-limits.envoy-1-18-x.golden vendored
View File

@ -114,7 +114,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-limits.v2compat.envoy-1-16-x.golden vendored
View File

@ -114,7 +114,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-local-app.envoy-1-18-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-local-app.v2compat.envoy-1-16-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-timeouts.envoy-1-18-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-timeouts.v2compat.envoy-1-16-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-upstream-default-chain.envoy-1-18-x.golden vendored
View File

@ -44,7 +44,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-upstream-default-chain.v2compat.envoy-1-16-x.golden vendored
View File

@ -44,7 +44,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-upstream.envoy-1-18-x.golden vendored
View File

@ -44,7 +44,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/custom-upstream.v2compat.envoy-1-16-x.golden vendored
View File

@ -44,7 +44,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/defaults.envoy-1-18-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/defaults.v2compat.envoy-1-16-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/downstream-service-with-unix-sockets.envoy-1-18-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/downstream-service-with-unix-sockets.v2compat.envoy-1-16-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/splitter-with-resolver-redirect.envoy-1-18-x.golden vendored
View File

@ -44,7 +44,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/splitter-with-resolver-redirect.v2compat.envoy-1-16-x.golden vendored
View File

@ -44,7 +44,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/transparent-proxy-catalog-destinations-only.envoy-1-18-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/transparent-proxy-catalog-destinations-only.v2compat.envoy-1-16-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.envoy-1-18-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.v2compat.envoy-1-16-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/transparent-proxy.envoy-1-18-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

5
agent/xds/testdata/clusters/transparent-proxy.v2compat.envoy-1-16-x.golden vendored
View File

@ -102,7 +102,10 @@
}, },
"matchSubjectAltNames": [ "matchSubjectAltNames": [
{ {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache" "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
} }
] ]
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-chain-and-failover.envoy-1-18-x.golden vendored
View File

@ -89,7 +89,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-chain-and-failover.v2compat.envoy-1-16-x.golden vendored
View File

@ -89,7 +89,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-chain-and-overrides.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-chain-and-overrides.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-chain-external-sni.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-chain-external-sni.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-chain.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-chain.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-default-chain-and-custom-cluster.envoy-1-18-x.golden vendored
View File

@ -23,7 +23,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-default-chain-and-custom-cluster.v2compat.envoy-1-16-x.golden vendored
View File

@ -23,7 +23,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-local-gateway.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/connect-proxy-with-tcp-chain-failover-through-remote-gateway.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/defaults.envoy-1-18-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/defaults.v2compat.envoy-1-16-x.golden vendored
View File

@ -57,7 +57,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/splitter-with-resolver-redirect.envoy-1-18-x.golden vendored
View File

@ -23,7 +23,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

2
agent/xds/testdata/endpoints/splitter-with-resolver-redirect.v2compat.envoy-1-16-x.golden vendored
View File

@ -23,7 +23,7 @@
"endpoint": { "endpoint": {
"address": { "address": {
"socketAddress": { "socketAddress": {
"address": "10.10.1.2", "address": "10.20.1.2",
"portValue": 8080 "portValue": 8080
} }
} }

36
agent/xds/xds_protocol_helpers_test.go
View File

@ -43,7 +43,7 @@ func newTestSnapshot(
) *proxycfg.ConfigSnapshot { ) *proxycfg.ConfigSnapshot {
snap := proxycfg.TestConfigSnapshotDiscoveryChainDefaultWithEntries(t, additionalEntries...) snap := proxycfg.TestConfigSnapshotDiscoveryChainDefaultWithEntries(t, additionalEntries...)
snap.ConnectProxy.PreparedQueryEndpoints = map[string]structs.CheckServiceNodes{ snap.ConnectProxy.PreparedQueryEndpoints = map[string]structs.CheckServiceNodes{
"prepared_query:geo-cache": proxycfg.TestUpstreamNodes(t, "geo-cache"), "prepared_query:geo-cache": proxycfg.TestPreparedQueryNodes(t, "geo-cache"),
} }
if prevSnap != nil { if prevSnap != nil {
snap.Roots = prevSnap.Roots snap.Roots = prevSnap.Roots
@ -250,9 +250,9 @@ func xdsNewUpstreamTransportSocket(
t *testing.T, t *testing.T,
snap *proxycfg.ConfigSnapshot, snap *proxycfg.ConfigSnapshot,
sni string, sni string,
uri connect.SpiffeIDService, uri ...connect.SpiffeIDService,
) *envoy_core_v3.TransportSocket { ) *envoy_core_v3.TransportSocket {
return xdsNewTransportSocket(t, snap, false, false, sni, uri) return xdsNewTransportSocket(t, snap, false, false, sni, uri...)
} }
func xdsNewTransportSocket( func xdsNewTransportSocket(
@ -261,7 +261,7 @@ func xdsNewTransportSocket(
downstream bool, downstream bool,
requireClientCert bool, requireClientCert bool,
sni string, sni string,
uri connect.SpiffeIDService, uri ...connect.SpiffeIDService,
) *envoy_core_v3.TransportSocket { ) *envoy_core_v3.TransportSocket {
// Assume just one root for now, can get fancier later if needed. // Assume just one root for now, can get fancier later if needed.
caPEM := snap.Roots.Roots[0].RootCert caPEM := snap.Roots.Roots[0].RootCert
@ -278,8 +278,8 @@ func xdsNewTransportSocket(
}, },
}, },
} }
if uri.Service != "" { if uri[0].Service != "" {
require.NoError(t, injectSANMatcher(commonTLSContext, uri)) require.NoError(t, injectSANMatcher(commonTLSContext, uri...))
} }
var tlsContext proto.Message var tlsContext proto.Message
@ -371,12 +371,20 @@ func makeTestCluster(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName st
Service: "db", Service: "db",
} }
geocacheSNI = "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul" geocacheSNI = "geo-cache.default.dc1.query.11111111-2222-3333-4444-555555555555.consul"
geocacheURI = connect.SpiffeIDService{ geocacheURIs = []connect.SpiffeIDService{
Host: "11111111-2222-3333-4444-555555555555.consul", {
Namespace: "default", Host: "11111111-2222-3333-4444-555555555555.consul",
Datacenter: "dc1", Namespace: "default",
Service: "geo-cache", Datacenter: "dc1",
Service: "geo-cache-target",
},
{
Host: "11111111-2222-3333-4444-555555555555.consul",
Namespace: "default",
Datacenter: "dc2",
Service: "geo-cache-target",
},
} }
) )
@ -483,7 +491,7 @@ func makeTestCluster(t *testing.T, snap *proxycfg.ConfigSnapshot, fixtureName st
CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{}, CircuitBreakers: &envoy_cluster_v3.CircuitBreakers{},
OutlierDetection: &envoy_cluster_v3.OutlierDetection{}, OutlierDetection: &envoy_cluster_v3.OutlierDetection{},
ConnectTimeout: ptypes.DurationProto(5 * time.Second), ConnectTimeout: ptypes.DurationProto(5 * time.Second),
TransportSocket: xdsNewUpstreamTransportSocket(t, snap, geocacheSNI, geocacheURI), TransportSocket: xdsNewUpstreamTransportSocket(t, snap, geocacheSNI, geocacheURIs...),
} }
default: default:
t.Fatalf("unexpected fixture name: %s", fixtureName) t.Fatalf("unexpected fixture name: %s", fixtureName)
@ -535,7 +543,7 @@ func makeTestEndpoints(t *testing.T, _ *proxycfg.ConfigSnapshot, fixtureName str
{ {
LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{ LbEndpoints: []*envoy_endpoint_v3.LbEndpoint{
xdsNewEndpointWithHealth("10.10.1.1", 8080, envoy_core_v3.HealthStatus_HEALTHY, 1), xdsNewEndpointWithHealth("10.10.1.1", 8080, envoy_core_v3.HealthStatus_HEALTHY, 1),
xdsNewEndpointWithHealth("10.10.1.2", 8080, envoy_core_v3.HealthStatus_HEALTHY, 1), xdsNewEndpointWithHealth("10.20.1.2", 8080, envoy_core_v3.HealthStatus_HEALTHY, 1),
}, },
}, },
}, },