luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/agent/xds/testdata/routes
History
R.B. Boyer 7672532b05
xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 
When the protocol is http-like, and an intention has a peered source
then the normal RBAC mTLS SAN field check is replaces with a joint combo
of:

    mTLS SAN field must be the service's local mesh gateway leaf cert
      AND
    the first XFCC header (from the MGW) must have a URI field that matches the original intention source

Also:

- Update the regex program limit to be much higher than the teeny
  defaults, since the RBAC regex constructions are more complicated now.

- Fix a few stray panics in xds generation.
 		2022-06-29 10:29:54 -05:00
..
connect-proxy-exported-to-peers.latest.golden xds: begin refactor to always pass test snapshots through all xDS types (#13461) 2022-06-15 14:58:28 -05:00
connect-proxy-lb-in-resolver.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain-and-overrides.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain-and-router.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain-and-splitter.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain-external-sni.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-chain.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-grpc-router.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
connect-proxy-with-peered-upstreams.latest.golden xds: begin refactor to always pass test snapshots through all xDS types (#13461) 2022-06-15 14:58:28 -05:00
defaults.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-defaults-no-chain.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-grpc-multiple-services.latest.golden fix: multiple grpc/http2 services for ingress listeners 2022-05-26 10:43:58 -04:00
ingress-http-multiple-services.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-lb-in-resolver.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-splitter-with-resolver-redirect.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-chain-and-router-header-manip.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-chain-and-router.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-chain-and-splitter.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-chain-external-sni.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-chain.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-grpc-router.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-sds-listener-level-wildcard.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-sds-listener-level.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-sds-service-level-mixed-tls.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
ingress-with-sds-service-level.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
mesh-gateway-with-exported-peered-services-http-with-router.latest.golden xds: mesh gateways now correctly load up peer-exported discovery chains using L7 protocols (#13624) 2022-06-28 14:52:25 -05:00
mesh-gateway-with-exported-peered-services-http.latest.golden xds: mesh gateways now correctly load up peer-exported discovery chains using L7 protocols (#13624) 2022-06-28 14:52:25 -05:00
mesh-gateway-with-exported-peered-services.latest.golden xds: begin refactor to always pass test snapshots through all xDS types (#13461) 2022-06-15 14:58:28 -05:00
splitter-with-resolver-redirect.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00
terminating-gateway-lb-config.latest.golden connect: Add Envoy 1.21.1 to support matrix, remove 1.17.4 (#12777) 2022-04-14 10:44:42 -07:00