93611819e2
xds: mesh gateways now have their own leaf certificate when involved in a peering ( #13460 )
...
This is only configured in xDS when a service with an L7 protocol is
exported.
They also load any relevant trust bundles for the peered services to
eventually use for L7 SPIFFE validation during mTLS termination.
2022-06-15 14:36:18 -05:00
07a33a1526
ca: accept only the cluster ID to SpiffeIDSigningForCluster
...
To make it more obivous where ClusterID is used, and remove the need to create a struct
when only one field is used.
2021-11-16 16:57:21 -05:00
30ccd5c2d9
connect: include optional partition prefixes in SPIFFE identifiers ( #10507 )
...
NOTE: this does not include any intentions enforcement changes yet
2021-06-25 16:47:47 -05:00
d7f3bcc8bb
Replace CertURI.Authorize() calls.
...
AuthorizeIntentionTarget is a generalized version of the old function,
and can be evaluated against sources or destinations.
2021-03-15 18:06:04 -06:00
7a13c96a2a
Replace whitelist/blacklist terminology with allowlist/denylist ( #7971 )
...
* Replace whitelist/blacklist terminology with allowlist/denylist
2020-05-29 14:19:16 -04:00
91e78e00c7
fix typos reported by golangci-lint:misspell ( #5434 )
2019-03-06 11:13:28 -06:00
138a39026b
connect/ca: add intermediate functions to Consul CA provider
2018-09-13 13:09:21 -07:00
30d90b3be4
Generate CSR using real trust-domain
2018-06-14 09:42:16 -07:00
5a1408f186
Add CSR signing verification of service ACL, trust domain and datacenter.
2018-06-14 09:42:16 -07:00
c808833a78
Return TrustDomain from CARoots RPC
2018-06-14 09:42:15 -07:00
7af99667b6
agent/connect: Authorize for CertURI
2018-06-14 09:41:54 -07:00
R.B. Boyer