Backport of Golden File Tests for TermGW w/ Cluster Peering into release/1.16.x (#19192)

backport of commit 1fffd233b3eba4e1d85be58808e73f1daa412e4f

Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
This commit is contained in:
hc-github-team-consul-core 2023-10-30 11:04:47 -04:00 committed by GitHub
parent 57265a06f0
commit f0c23587e0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 5 deletions

View File

@ -995,12 +995,12 @@ func TestListenersFromSnapshot(t *testing.T) {
Bundles: []*pbpeering.PeeringTrustBundle{ Bundles: []*pbpeering.PeeringTrustBundle{
{ {
TrustDomain: "foo.bar.gov", TrustDomain: "foo.bar.gov",
PeerName: "dc1", PeerName: "dc2",
Partition: "default", Partition: "default",
RootPEMs: []string{ RootPEMs: []string{
roots.Roots[0].RootCert, roots.Roots[0].RootCert,
}, },
ExportedPartition: "dc1", ExportedPartition: "default",
CreateIndex: 0, CreateIndex: 0,
ModifyIndex: 0, ModifyIndex: 0,
}, },
@ -1011,8 +1011,11 @@ func TestListenersFromSnapshot(t *testing.T) {
CorrelationID: "service-intentions:web", CorrelationID: "service-intentions:web",
Result: structs.SimplifiedIntentions{ Result: structs.SimplifiedIntentions{
{ {
SourceName: "*", SourceName: "source",
SourcePeer: "dc2",
DestinationName: "web", DestinationName: "web",
DestinationPartition: "default",
Action: structs.IntentionActionAllow,
}, },
}, },
}, },

View File

@ -171,7 +171,29 @@
"name": "envoy.filters.network.rbac", "name": "envoy.filters.network.rbac",
"typedConfig": { "typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {}, "rules": {
"policies": {
"consul-intentions-layer4": {
"permissions": [
{
"any": true
}
],
"principals": [
{
"authenticated": {
"principalName": {
"safeRegex": {
"googleRe2": {},
"regex": "^spiffe://foo.bar.gov/ns/default/dc/[^/]+/svc/source$"
}
}
}
}
]
}
}
},
"statPrefix": "connect_authz" "statPrefix": "connect_authz"
} }
}, },