diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go index fceefa4f1d..ff538342f7 100644 --- a/agent/xds/listeners_test.go +++ b/agent/xds/listeners_test.go @@ -1093,12 +1093,12 @@ func TestListenersFromSnapshot(t *testing.T) { Bundles: []*pbpeering.PeeringTrustBundle{ { TrustDomain: "foo.bar.gov", - PeerName: "dc1", + PeerName: "dc2", Partition: "default", RootPEMs: []string{ roots.Roots[0].RootCert, }, - ExportedPartition: "dc1", + ExportedPartition: "default", CreateIndex: 0, ModifyIndex: 0, }, @@ -1109,8 +1109,11 @@ func TestListenersFromSnapshot(t *testing.T) { CorrelationID: "service-intentions:web", Result: structs.SimplifiedIntentions{ { - SourceName: "*", - DestinationName: "web", + SourceName: "source", + SourcePeer: "dc2", + DestinationName: "web", + DestinationPartition: "default", + Action: structs.IntentionActionAllow, }, }, }, diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden index 45ad9d29a0..d4b5f84883 100644 --- a/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden +++ b/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden @@ -171,7 +171,29 @@ "name": "envoy.filters.network.rbac", "typedConfig": { "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": {}, + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ + { + "any": true + } + ], + "principals": [ + { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://foo.bar.gov/ns/default/dc/[^/]+/svc/source$" + } + } + } + } + ] + } + } + }, "statPrefix": "connect_authz" } },