open-consul/agent/xds/testdata
Paul Glass d8d89d4b59
Permissive mTLS (#17035)
This implements permissive mTLS , which allows toggling services into "permissive" mTLS mode.
Permissive mTLS mode allows incoming "non Consul-mTLS" traffic to be forward unmodified to the application.

* Update service-defaults and proxy-defaults config entries with a MutualTLSMode field
* Update the mesh config entry with an AllowEnablingPermissiveMutualTLS field and implement the necessary validation. AllowEnablingPermissiveMutualTLS must be true to allow changing to MutualTLSMode=permissive, but this does not require that all proxy-defaults and service-defaults are currently in strict mode.
* Update xDS listener config to add a "permissive filter chain" when MutualTLSMode=permissive for a particular service. The permissive filter chain matches incoming traffic by the destination port. If the destination port matches the service port from the catalog, then no mTLS is required and the traffic sent is forwarded unmodified to the application.
2023-04-19 14:45:00 -05:00
..
builtin_extension Wasm Envoy HTTP extension (#16877) 2023-04-06 14:12:07 -07:00
clusters Change partition for peers in discovery chain targets (#16769) 2023-03-24 15:40:19 -05:00
endpoints add enterprise xds tests (#16738) 2023-03-22 14:56:18 -04:00
listeners Permissive mTLS (#17035) 2023-04-19 14:45:00 -05:00
rbac xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 2022-06-29 10:29:54 -05:00
routes [API Gateway] Fix invalid cluster causing gateway programming delay (#16661) 2023-03-17 13:31:04 -04:00
secrets [API Gateway] Fix invalid cluster causing gateway programming delay (#16661) 2023-03-17 13:31:04 -04:00
alt-test-leaf-cert.golden Use golden files for gateway certs and fix listener test flakiness 2020-04-27 11:08:41 -06:00
alt-test-leaf-key.golden Use golden files for gateway certs and fix listener test flakiness 2020-04-27 11:08:41 -06:00
alt-test-root-cert.golden Use golden files for gateway certs and fix listener test flakiness 2020-04-27 11:08:41 -06:00
cache-test-leaf-cert.golden Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
cache-test-leaf-key.golden Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
db-test-leaf-cert.golden Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
db-test-leaf-key.golden Always return a gateway cluster (#8158) 2020-06-19 13:31:39 -06:00
test-leaf-cert.golden Connect: allow configuring Envoy for L7 Observability (#5558) 2019-04-29 17:27:57 +01:00
test-leaf-key.golden Connect: allow configuring Envoy for L7 Observability (#5558) 2019-04-29 17:27:57 +01:00
test-root-cert.golden Connect: allow configuring Envoy for L7 Observability (#5558) 2019-04-29 17:27:57 +01:00