luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/command
History
R.B. Boyer 7672532b05
xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 
When the protocol is http-like, and an intention has a peered source
then the normal RBAC mTLS SAN field check is replaces with a joint combo
of:

    mTLS SAN field must be the service's local mesh gateway leaf cert
      AND
    the first XFCC header (from the MGW) must have a URI field that matches the original intention source

Also:

- Update the regex program limit to be much higher than the teeny
  defaults, since the RBAC regex constructions are more complicated now.

- Fix a few stray panics in xds generation.
 		2022-06-29 10:29:54 -05:00
..
acl Fix namespace default field names in expanded token output 2022-04-13 16:46:39 -07:00
agent Fixup agent startup 2022-06-09 17:04:05 -07:00
catalog re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
cli
config update gateway-services table with endpoints (#13217) 2022-05-31 16:20:12 -04:00
connect xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 2022-06-29 10:29:54 -05:00
debug debug: update CLI docs 2022-02-15 18:16:12 -05:00
event
exec
flags bulk rewrite using this script 2022-01-20 10:46:23 -06:00
forceleave agent: add variation of force-leave that exclusively works on the WAN (#11722) 2021-12-02 17:15:10 -06:00
helpers
info
intention bulk rewrite using this script 2022-01-20 10:46:23 -06:00
join partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
keygen
keyring Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
kv
leave
lock re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
login Add IAM Auth Method (#12583) 2022-03-31 10:18:48 -05:00
logout acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
maint
members Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
monitor
operator
reload
rtt catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
services bulk rewrite using this script 2022-01-20 10:46:23 -06:00
snapshot Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
tls Merge pull request #11884 from assareh/patch-1 2022-01-04 15:17:32 -05:00
validate
version Fix issue with consul version tests 2022-06-09 17:04:05 -07:00
watch
registry.go Refactor some functions for better enterprise use (#13280) 2022-05-30 09:46:55 -04:00
registry_oss.go Add build tag for oss (#13279) 2022-05-27 11:39:58 -04:00