luxolus
/
open-consul
2
0
Fork 0
Code Issues 1 Pull Requests Packages Releases Wiki Activity
open-consul/command
History
R.B. Boyer 7672532b05
xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 
When the protocol is http-like, and an intention has a peered source
then the normal RBAC mTLS SAN field check is replaces with a joint combo
of:

    mTLS SAN field must be the service's local mesh gateway leaf cert
      AND
    the first XFCC header (from the MGW) must have a URI field that matches the original intention source

Also:

- Update the regex program limit to be much higher than the teeny
  defaults, since the RBAC regex constructions are more complicated now.

- Fix a few stray panics in xds generation.
 		2022-06-29 10:29:54 -05:00
..
acl Fix namespace default field names in expanded token output 2022-04-13 16:46:39 -07:00
agent Fixup agent startup 2022-06-09 17:04:05 -07:00
catalog
cli
config update gateway-services table with endpoints (#13217) 2022-05-31 16:20:12 -04:00
connect xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 2022-06-29 10:29:54 -05:00
debug debug: update CLI docs 2022-02-15 18:16:12 -05:00
event
exec
flags
forceleave
helpers
info
intention
join
keygen
keyring Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
kv
leave
lock
login Add IAM Auth Method (#12583) 2022-03-31 10:18:48 -05:00
logout acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
maint
members Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
monitor
operator
reload
rtt catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
services
snapshot
tls
validate
version Fix issue with consul version tests 2022-06-09 17:04:05 -07:00
watch
registry.go Refactor some functions for better enterprise use (#13280) 2022-05-30 09:46:55 -04:00
registry_oss.go Add build tag for oss (#13279) 2022-05-27 11:39:58 -04:00