93611819e2
xds: mesh gateways now have their own leaf certificate when involved in a peering ( #13460 )
...
This is only configured in xDS when a service with an L7 protocol is
exported.
They also load any relevant trust bundles for the peered services to
eventually use for L7 SPIFFE validation during mTLS termination.
2022-06-15 14:36:18 -05:00
07a33a1526
ca: accept only the cluster ID to SpiffeIDSigningForCluster
...
To make it more obivous where ClusterID is used, and remove the need to create a struct
when only one field is used.
2021-11-16 16:57:21 -05:00
30ccd5c2d9
connect: include optional partition prefixes in SPIFFE identifiers ( #10507 )
...
NOTE: this does not include any intentions enforcement changes yet
2021-06-25 16:47:47 -05:00
d7f3bcc8bb
Replace CertURI.Authorize() calls.
...
AuthorizeIntentionTarget is a generalized version of the old function,
and can be evaluated against sources or destinations.
2021-03-15 18:06:04 -06:00
834ed1d25f
Fixed many tests after rebase. Some still failing and seem unrelated to any connect changes.
2018-06-14 09:42:16 -07:00
5a1408f186
Add CSR signing verification of service ACL, trust domain and datacenter.
2018-06-14 09:42:16 -07:00
c808833a78
Return TrustDomain from CARoots RPC
2018-06-14 09:42:15 -07:00
7af99667b6
agent/connect: Authorize for CertURI
2018-06-14 09:41:54 -07:00
R.B. Boyer