Backport of Golden File Tests for TermGW w/ Cluster Peering into release/1.16.x (#19192)

backport of commit 1fffd233b3eba4e1d85be58808e73f1daa412e4f Co-authored-by: Thomas Eckert <teckert@hashicorp.com>
2023-10-30 11:04:47 -04:00 · 2023-10-30 11:04:47 -04:00 · f0c23587e0
parent 57265a06f0
commit f0c23587e0
2 changed files with 30 additions and 5 deletions
--- a/agent/xds/listeners_test.go
+++ b/agent/xds/listeners_test.go
@ -995,12 +995,12 @@ func TestListenersFromSnapshot(t *testing.T) {
 							Bundles: []*pbpeering.PeeringTrustBundle{
 								{
 									TrustDomain: "foo.bar.gov",
-									PeerName:    "dc1",
+									PeerName:    "dc2",
 									Partition:   "default",
 									RootPEMs: []string{
 										roots.Roots[0].RootCert,
 									},
-									ExportedPartition: "dc1",
+									ExportedPartition: "default",
 									CreateIndex:       0,
 									ModifyIndex:       0,
 								},
@ -1011,8 +1011,11 @@ func TestListenersFromSnapshot(t *testing.T) {
 						CorrelationID: "service-intentions:web",
 						Result: structs.SimplifiedIntentions{
 							{
-								SourceName:      "*",
+								SourceName:           "source",
-								DestinationName: "web",
+								SourcePeer:           "dc2",
 								DestinationName:      "web",
 								DestinationPartition: "default",
 								Action:               structs.IntentionActionAllow,
 							},
 						},
 					},
--- a/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden
+++ b/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden
@ -171,7 +171,29 @@
              "name": "envoy.filters.network.rbac",
              "typedConfig": {
                "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {},
+                "rules": {
                  "policies": {
                    "consul-intentions-layer4": {
                      "permissions": [
                        {
                          "any": true
                        }
                      ],
                      "principals": [
                        {
                          "authenticated": {
                            "principalName": {
                              "safeRegex": {
                                "googleRe2": {},
                                "regex": "^spiffe://foo.bar.gov/ns/default/dc/[^/]+/svc/source$"
                              }
                            }
                          }
                        }
                      ]
                    }
                  }
                },
                "statPrefix": "connect_authz"
              }
            },