diff --git a/agent/structs/config_entry_test.go b/agent/structs/config_entry_test.go index 661a87ce90..3814dd4c53 100644 --- a/agent/structs/config_entry_test.go +++ b/agent/structs/config_entry_test.go @@ -1694,6 +1694,9 @@ func TestDecodeConfigEntry(t *testing.T) { ] } } + http { + sanitize_x_forwarded_client_cert = true + } `, camel: ` Kind = "mesh" @@ -1722,6 +1725,9 @@ func TestDecodeConfigEntry(t *testing.T) { ] } } + HTTP { + SanitizeXForwardedClientCert = true + } `, expect: &MeshConfigEntry{ Meta: map[string]string{ @@ -1749,6 +1755,9 @@ func TestDecodeConfigEntry(t *testing.T) { }, }, }, + HTTP: &MeshHTTPConfig{ + SanitizeXForwardedClientCert: true, + }, }, }, { diff --git a/api/config_entry_test.go b/api/config_entry_test.go index 0f38f62cdf..2f28dcd754 100644 --- a/api/config_entry_test.go +++ b/api/config_entry_test.go @@ -1278,6 +1278,9 @@ func TestDecodeConfigEntry(t *testing.T) { "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" ] } + }, + "HTTP": { + "SanitizeXForwardedClientCert": true } } `, @@ -1307,6 +1310,9 @@ func TestDecodeConfigEntry(t *testing.T) { }, }, }, + HTTP: &MeshHTTPConfig{ + SanitizeXForwardedClientCert: true, + }, }, }, } { diff --git a/command/config/write/config_write_test.go b/command/config/write/config_write_test.go index 679a3b77ec..fc297aa094 100644 --- a/command/config/write/config_write_test.go +++ b/command/config/write/config_write_test.go @@ -126,6 +126,9 @@ meta { transparent_proxy { mesh_destinations_only = true } +http { + sanitize_x_forwarded_client_cert = true +} `) ui := cli.NewMockUi() @@ -143,6 +146,9 @@ transparent_proxy { proxy, ok := entry.(*api.MeshConfigEntry) require.True(t, ok) require.Equal(t, map[string]string{"foo": "bar", "gir": "zim"}, proxy.Meta) + require.True(t, proxy.TransparentProxy.MeshDestinationsOnly) + + require.True(t, proxy.HTTP.SanitizeXForwardedClientCert) }) }