From f0c23587e050f8347ceba316385667bb2a328ee8 Mon Sep 17 00:00:00 2001
From: hc-github-team-consul-core <github-team-consul-core@hashicorp.com>
Date: Mon, 30 Oct 2023 11:04:47 -0400
Subject: [PATCH] Backport of Golden File Tests for TermGW w/ Cluster Peering
 into release/1.16.x (#19192)

backport of commit 1fffd233b3eba4e1d85be58808e73f1daa412e4f

Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
---
 agent/xds/listeners_test.go                   | 11 +++++----
 ...teway-with-peer-trust-bundle.latest.golden | 24 ++++++++++++++++++-
 2 files changed, 30 insertions(+), 5 deletions(-)

diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go
index 079bf0db4..6ccb722f1 100644
--- a/agent/xds/listeners_test.go
+++ b/agent/xds/listeners_test.go
@@ -995,12 +995,12 @@ func TestListenersFromSnapshot(t *testing.T) {
 							Bundles: []*pbpeering.PeeringTrustBundle{
 								{
 									TrustDomain: "foo.bar.gov",
-									PeerName:    "dc1",
+									PeerName:    "dc2",
 									Partition:   "default",
 									RootPEMs: []string{
 										roots.Roots[0].RootCert,
 									},
-									ExportedPartition: "dc1",
+									ExportedPartition: "default",
 									CreateIndex:       0,
 									ModifyIndex:       0,
 								},
@@ -1011,8 +1011,11 @@ func TestListenersFromSnapshot(t *testing.T) {
 						CorrelationID: "service-intentions:web",
 						Result: structs.SimplifiedIntentions{
 							{
-								SourceName:      "*",
-								DestinationName: "web",
+								SourceName:           "source",
+								SourcePeer:           "dc2",
+								DestinationName:      "web",
+								DestinationPartition: "default",
+								Action:               structs.IntentionActionAllow,
 							},
 						},
 					},
diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden
index 45ad9d29a..d4b5f8488 100644
--- a/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden
+++ b/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden
@@ -171,7 +171,29 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {},
+                "rules": {
+                  "policies": {
+                    "consul-intentions-layer4": {
+                      "permissions": [
+                        {
+                          "any": true
+                        }
+                      ],
+                      "principals": [
+                        {
+                          "authenticated": {
+                            "principalName": {
+                              "safeRegex": {
+                                "googleRe2": {},
+                                "regex": "^spiffe://foo.bar.gov/ns/default/dc/[^/]+/svc/source$"
+                              }
+                            }
+                          }
+                        }
+                      ]
+                    }
+                  }
+                },
                 "statPrefix": "connect_authz"
               }
             },