From 90cd56c5c32f60b3e75b78b69a4bac59fa5bd95e Mon Sep 17 00:00:00 2001 From: John Murret Date: Fri, 22 Dec 2023 11:34:44 -0700 Subject: [PATCH] NET-4774 - replace usage of deprecated Envoy field match_subject_alt_names (#19954) --- .changelog/19954.txt | 3 + agent/xds/clusters.go | 14 +- ...uthz-http-local-grpc-service.latest.golden | 19 +- ...uthz-http-local-http-service.latest.golden | 19 +- ...z-http-upstream-grpc-service.latest.golden | 19 +- ...z-http-upstream-http-service.latest.golden | 19 +- ...authz-tcp-local-grpc-service.latest.golden | 19 +- ...hz-tcp-upstream-grpc-service.latest.golden | 19 +- ...lambda-and-lua-connect-proxy.latest.golden | 12 +- ...-connect-proxy-opposite-meta.latest.golden | 12 +- .../lambda-connect-proxy-tproxy.latest.golden | 26 +- ...terminating-gateway-upstream.latest.golden | 19 +- .../lambda-connect-proxy.latest.golden | 12 +- ...terminating-gateway-upstream.latest.golden | 19 +- ...a-inbound-applies-to-inbound.latest.golden | 19 +- ...snt-apply-to-local-upstreams.latest.golden | 19 +- ...es-to-local-upstreams-tproxy.latest.golden | 47 +++- ...d-applies-to-local-upstreams.latest.golden | 19 +- ...ound-doesnt-apply-to-inbound.latest.golden | 19 +- ...-consul-constraint-violation.latest.golden | 19 +- ...h-envoy-constraint-violation.latest.golden | 19 +- .../otel-access-logging-http.latest.golden | 19 +- ...opertyoverride-add-keepalive.latest.golden | 19 +- ...d-outlier-detection-multiple.latest.golden | 19 +- ...erride-add-outlier-detection.latest.golden | 19 +- ...de-add-round-robin-lb-config.latest.golden | 19 +- ...-load-assignment-inbound-add.latest.golden | 19 +- ...load-assignment-outbound-add.latest.golden | 19 +- ...und-doesnt-apply-to-outbound.latest.golden | 19 +- ...verride-listener-inbound-add.latest.golden | 19 +- ...erride-listener-outbound-add.latest.golden | 19 +- ...ound-doesnt-apply-to-inbound.latest.golden | 19 +- ...ic-upstream-service-failover.latest.golden | 26 +- ...ic-upstream-service-splitter.latest.golden | 26 +- ...ch-specific-upstream-service.latest.golden | 26 +- ...ide-remove-outlier-detection.latest.golden | 19 +- .../wasm-http-local-file.latest.golden | 19 +- .../wasm-http-remote-file.latest.golden | 19 +- ...wasm-tcp-local-file-outbound.latest.golden | 19 +- .../wasm-tcp-local-file.latest.golden | 19 +- ...asm-tcp-remote-file-outbound.latest.golden | 19 +- .../wasm-tcp-remote-file.latest.golden | 19 +- .../access-logs-defaults.latest.golden | 19 +- .../access-logs-json-file.latest.golden | 19 +- ...t-stderr-disablelistenerlogs.latest.golden | 19 +- ...ttp-listener-with-http-route.latest.golden | 7 +- ...ener-with-tcp-and-http-route.latest.golden | 14 +- ...-tcp-listener-with-tcp-route.latest.golden | 7 +- ...-route-timeoutfilter-one-set.latest.golden | 7 +- .../api-gateway-with-http-route.latest.golden | 7 +- ...eway-with-multiple-hostnames.latest.golden | 14 +- ...multiple-inline-certificates.latest.golden | 7 +- ...route-and-inline-certificate.latest.golden | 7 +- ...connect-proxy-lb-in-resolver.latest.golden | 26 +- ...nnect-proxy-resolver-with-lb.latest.golden | 19 +- ...t-proxy-route-to-lb-resolver.latest.golden | 26 +- ...ct-proxy-splitter-overweight.latest.golden | 33 ++- ...nect-proxy-upstream-defaults.latest.golden | 19 +- ...and-failover-to-cluster-peer.latest.golden | 26 +- ...roxy-with-chain-and-failover.latest.golden | 26 +- ...oxy-with-chain-and-overrides.latest.golden | 19 +- ...and-redirect-to-cluster-peer.latest.golden | 19 +- ...-proxy-with-chain-and-router.latest.golden | 222 +++++++++++++----- ...roxy-with-chain-and-splitter.latest.golden | 40 +++- ...roxy-with-chain-external-sni.latest.golden | 19 +- ...nnect-proxy-with-chain-http2.latest.golden | 19 +- .../connect-proxy-with-chain.latest.golden | 19 +- ...ult-chain-and-custom-cluster.latest.golden | 19 +- ...onnect-proxy-with-grpc-chain.latest.golden | 19 +- ...nnect-proxy-with-grpc-router.latest.golden | 26 +- ...onnect-proxy-with-http-chain.latest.golden | 19 +- ...nnect-proxy-with-http2-chain.latest.golden | 19 +- ...-jwt-config-entry-with-local.latest.golden | 19 +- ...onfig-entry-with-remote-jwks.latest.golden | 19 +- ...d-upstreams-escape-overrides.latest.golden | 14 +- ...-with-peered-upstreams-http2.latest.golden | 14 +- ...-proxy-with-peered-upstreams.latest.golden | 14 +- ...ough-local-gateway-triggered.latest.golden | 33 ++- ...ilover-through-local-gateway.latest.golden | 33 ++- ...ugh-remote-gateway-triggered.latest.golden | 33 ++- ...lover-through-remote-gateway.latest.golden | 33 ++- ...ough-local-gateway-triggered.latest.golden | 26 +- ...ilover-through-local-gateway.latest.golden | 26 +- ...ugh-remote-gateway-triggered.latest.golden | 26 +- ...lover-through-remote-gateway.latest.golden | 26 +- ...connect-proxy-with-tcp-chain.latest.golden | 19 +- ...h-tls-incoming-cipher-suites.latest.golden | 19 +- ...ith-tls-incoming-max-version.latest.golden | 19 +- ...ith-tls-incoming-min-version.latest.golden | 19 +- ...h-tls-outgoing-cipher-suites.latest.golden | 19 +- ...ith-tls-outgoing-max-version.latest.golden | 19 +- ...ls-outgoing-min-version-auto.latest.golden | 19 +- ...ith-tls-outgoing-min-version.latest.golden | 19 +- ...h-tproxy-and-permissive-mtls.latest.golden | 19 +- ...t-tproxy-and-permissive-mtls.latest.golden | 19 +- ...-limits-max-connections-only.latest.golden | 19 +- .../custom-limits-set-to-zero.latest.golden | 19 +- .../clusters/custom-limits.latest.golden | 19 +- .../clusters/custom-local-app.latest.golden | 19 +- ...stom-max-inbound-connections.latest.golden | 19 +- ...thcheck-zero-consecutive_5xx.latest.golden | 19 +- .../custom-passive-healthcheck.latest.golden | 19 +- ...ustom-public-listener-http-2.latest.golden | 19 +- ...public-listener-http-missing.latest.golden | 19 +- .../custom-public-listener-http.latest.golden | 19 +- .../custom-public-listener.latest.golden | 19 +- .../clusters/custom-timeouts.latest.golden | 19 +- .../custom-trace-listener.latest.golden | 19 +- ...ustom-upstream-default-chain.latest.golden | 19 +- ...eam-ignored-with-disco-chain.latest.golden | 26 +- ...upstream-with-prepared-query.latest.golden | 12 +- .../clusters/custom-upstream.latest.golden | 19 +- .../testdata/clusters/defaults.latest.golden | 19 +- ...am-service-with-unix-sockets.latest.golden | 19 +- .../grpc-public-listener.latest.golden | 19 +- .../http-listener-with-timeouts.latest.golden | 19 +- ...http-public-listener-no-xfcc.latest.golden | 19 +- .../http-public-listener.latest.golden | 19 +- .../clusters/http-upstream.latest.golden | 19 +- .../http2-public-listener.latest.golden | 19 +- .../ingress-gateway-bind-addrs.latest.golden | 7 +- ...h-tls-outgoing-cipher-suites.latest.golden | 7 +- ...ith-tls-outgoing-max-version.latest.golden | 7 +- ...ith-tls-outgoing-min-version.latest.golden | 7 +- .../clusters/ingress-gateway.latest.golden | 7 +- ...gress-grpc-multiple-services.latest.golden | 14 +- ...gress-http-multiple-services.latest.golden | 28 ++- .../ingress-lb-in-resolver.latest.golden | 14 +- ...-listeners-duplicate-service.latest.golden | 14 +- ...itter-with-resolver-redirect.latest.golden | 14 +- ...and-failover-to-cluster-peer.latest.golden | 14 +- ...ress-with-chain-and-failover.latest.golden | 14 +- ...hain-and-router-header-manip.latest.golden | 210 ++++++++++++----- ...ngress-with-chain-and-router.latest.golden | 210 ++++++++++++----- ...ress-with-chain-and-splitter.latest.golden | 29 ++- ...ress-with-chain-external-sni.latest.golden | 7 +- .../clusters/ingress-with-chain.latest.golden | 7 +- ...efaults-passive-health-check.latest.golden | 7 +- ...ults-service-max-connections.latest.golden | 7 +- .../ingress-with-grpc-router.latest.golden | 14 +- ...ith-grpc-single-tls-listener.latest.golden | 14 +- ...d-grpc-multiple-tls-listener.latest.golden | 14 +- ...th-http2-single-tls-listener.latest.golden | 14 +- ...efaults-passive-health-check.latest.golden | 7 +- ...ults-service-max-connections.latest.golden | 7 +- ...h-sds-listener+service-level.latest.golden | 14 +- ...h-sds-listener-gw-level-http.latest.golden | 7 +- ...-listener-gw-level-mixed-tls.latest.golden | 14 +- ...s-with-sds-listener-gw-level.latest.golden | 7 +- ...-sds-listener-level-wildcard.latest.golden | 14 +- ...ress-with-sds-listener-level.latest.golden | 14 +- ...-sds-listener-listener-level.latest.golden | 7 +- ...ess-with-sds-service-level-2.latest.golden | 14 +- ...s-service-level-mixed-no-tls.latest.golden | 14 +- ...-sds-service-level-mixed-tls.latest.golden | 14 +- ...gress-with-sds-service-level.latest.golden | 14 +- ...with-service-max-connections.latest.golden | 7 +- ...service-passive-health-check.latest.golden | 7 +- ...ess-with-single-tls-listener.latest.golden | 14 +- ...ough-local-gateway-triggered.latest.golden | 21 +- ...ilover-through-local-gateway.latest.golden | 21 +- ...ugh-remote-gateway-triggered.latest.golden | 21 +- ...lover-through-remote-gateway.latest.golden | 21 +- ...ough-local-gateway-triggered.latest.golden | 14 +- ...ilover-through-local-gateway.latest.golden | 14 +- ...ugh-remote-gateway-triggered.latest.golden | 14 +- ...lover-through-remote-gateway.latest.golden | 14 +- ...h-tls-listener-cipher-suites.latest.golden | 7 +- ...ith-tls-listener-max-version.latest.golden | 7 +- ...ith-tls-listener-min-version.latest.golden | 7 +- .../ingress-with-tls-listener.latest.golden | 7 +- ...n-listeners-gateway-defaults.latest.golden | 28 ++- ...ixed-cipher-suites-listeners.latest.golden | 14 +- ...ess-with-tls-mixed-listeners.latest.golden | 14 +- ...-mixed-max-version-listeners.latest.golden | 21 +- ...-mixed-min-version-listeners.latest.golden | 21 +- ...-balance-inbound-connections.latest.golden | 19 +- ...tbound-connections-bind-port.latest.golden | 19 +- .../listener-bind-address-port.latest.golden | 19 +- .../listener-bind-address.latest.golden | 19 +- .../clusters/listener-bind-port.latest.golden | 19 +- ...ener-max-inbound-connections.latest.golden | 19 +- .../listener-unix-domain-socket.latest.golden | 19 +- ...ateway-with-peered-upstreams.latest.golden | 14 +- ...ed-services-http-with-router.latest.golden | 21 +- ...xported-peered-services-http.latest.golden | 21 +- ...itter-with-resolver-redirect.latest.golden | 26 +- .../telemetry-collector.latest.golden | 26 +- .../terminating-gateway-sni.latest.golden | 14 +- ...xy-catalog-destinations-only.latest.golden | 33 ++- ...arent-proxy-destination-http.latest.golden | 47 +++- ...ransparent-proxy-destination.latest.golden | 47 +++- ...roxy-dial-instances-directly.latest.golden | 47 +++- ...nsparent-proxy-http-upstream.latest.golden | 33 ++- ...ng-gateway-destinations-only.latest.golden | 7 +- ...nt-proxy-terminating-gateway.latest.golden | 33 ++- ...-proxy-with-peered-upstreams.latest.golden | 14 +- ...h-resolver-redirect-upstream.latest.golden | 26 +- .../clusters/transparent-proxy.latest.golden | 33 ++- ...meout-ms-ingress-with-router.latest.golden | 210 ++++++++++++----- ...fetch-timeout-ms-mgw-peering.latest.golden | 21 +- ...xds-fetch-timeout-ms-sidecar.latest.golden | 222 +++++++++++++----- ...meout-ms-tproxy-http-peering.latest.golden | 14 +- ...imeout-ms-tproxy-passthrough.latest.golden | 47 +++- agent/xdsv2/listener_resources.go | 15 +- ...it-and-explicit-destinations-tproxy.golden | 14 +- .../destination/l4-multi-destination.golden | 28 ++- ...ltiple-implicit-destinations-tproxy.golden | 14 +- ...le-destination-ip-port-bind-address.golden | 14 +- ...estination-unix-socket-bind-address.golden | 7 +- ...-single-implicit-destination-tproxy.golden | 7 +- .../mixed-multi-destination.golden | 35 ++- ...ltiple-implicit-destinations-tproxy.golden | 42 +++- ...-single-implicit-destination-tproxy.golden | 21 +- ...tion-with-multiple-workloads-tproxy.golden | 21 +- troubleshoot/proxy/testdata/config.json | 14 +- 216 files changed, 3620 insertions(+), 1376 deletions(-) create mode 100644 .changelog/19954.txt diff --git a/.changelog/19954.txt b/.changelog/19954.txt new file mode 100644 index 0000000000..a465088a82 --- /dev/null +++ b/.changelog/19954.txt @@ -0,0 +1,3 @@ +```release-note:improvement +connect: Remove usage of deprecated Envoy field `match_subject_alt_names` in favor of `match_typed_subject_alt_names`. +``` \ No newline at end of file diff --git a/agent/xds/clusters.go b/agent/xds/clusters.go index bcec8eedd1..d677d20607 100644 --- a/agent/xds/clusters.go +++ b/agent/xds/clusters.go @@ -1620,17 +1620,19 @@ func injectSANMatcher(tlsContext *envoy_tls_v3.CommonTlsContext, matchStrings .. tlsContext.ValidationContextType) } - var matchers []*envoy_matcher_v3.StringMatcher + var matchers []*envoy_tls_v3.SubjectAltNameMatcher for _, m := range matchStrings { - matchers = append(matchers, &envoy_matcher_v3.StringMatcher{ - MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ - Exact: m, + matchers = append(matchers, &envoy_tls_v3.SubjectAltNameMatcher{ + SanType: envoy_tls_v3.SubjectAltNameMatcher_URI, + Matcher: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ + Exact: m, + }, }, }) } - //nolint:staticcheck - validationCtx.ValidationContext.MatchSubjectAltNames = matchers + validationCtx.ValidationContext.MatchTypedSubjectAltNames = matchers return nil } diff --git a/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-grpc-service.latest.golden b/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-grpc-service.latest.golden index f790cfd0df..534f810ec7 100644 --- a/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-grpc-service.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-grpc-service.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-http-service.latest.golden b/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-http-service.latest.golden index 75698e9394..937f0432c7 100644 --- a/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-http-service.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-local-http-service.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-upstream-grpc-service.latest.golden b/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-upstream-grpc-service.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-upstream-grpc-service.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-upstream-grpc-service.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-upstream-http-service.latest.golden b/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-upstream-http-service.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-upstream-http-service.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/ext-authz-http-upstream-http-service.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/ext-authz-tcp-local-grpc-service.latest.golden b/agent/xds/testdata/builtin_extension/clusters/ext-authz-tcp-local-grpc-service.latest.golden index f790cfd0df..534f810ec7 100644 --- a/agent/xds/testdata/builtin_extension/clusters/ext-authz-tcp-local-grpc-service.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/ext-authz-tcp-local-grpc-service.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/ext-authz-tcp-upstream-grpc-service.latest.golden b/agent/xds/testdata/builtin_extension/clusters/ext-authz-tcp-upstream-grpc-service.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/ext-authz-tcp-upstream-grpc-service.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/ext-authz-tcp-upstream-grpc-service.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lambda-and-lua-connect-proxy.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lambda-and-lua-connect-proxy.latest.golden index 81032f1d2d..6516d48f9e 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lambda-and-lua-connect-proxy.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lambda-and-lua-connect-proxy.latest.golden @@ -70,12 +70,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-opposite-meta.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-opposite-meta.latest.golden index 81032f1d2d..6516d48f9e 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-opposite-meta.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-opposite-meta.latest.golden @@ -70,12 +70,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-tproxy.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-tproxy.latest.golden index bc6a584cb2..954f23ef10 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-tproxy.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-tproxy.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -194,9 +203,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/no-endpoints" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/no-endpoints" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-with-terminating-gateway-upstream.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-with-terminating-gateway-upstream.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-with-terminating-gateway-upstream.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy-with-terminating-gateway-upstream.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy.latest.golden index 81032f1d2d..6516d48f9e 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lambda-connect-proxy.latest.golden @@ -70,12 +70,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lua-connect-proxy-with-terminating-gateway-upstream.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lua-connect-proxy-with-terminating-gateway-upstream.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lua-connect-proxy-with-terminating-gateway-upstream.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lua-connect-proxy-with-terminating-gateway-upstream.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lua-inbound-applies-to-inbound.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lua-inbound-applies-to-inbound.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lua-inbound-applies-to-inbound.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lua-inbound-applies-to-inbound.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lua-inbound-doesnt-apply-to-local-upstreams.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lua-inbound-doesnt-apply-to-local-upstreams.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lua-inbound-doesnt-apply-to-local-upstreams.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lua-inbound-doesnt-apply-to-local-upstreams.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-applies-to-local-upstreams-tproxy.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-applies-to-local-upstreams-tproxy.latest.golden index 43ffe1773a..e98cd3f5b5 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-applies-to-local-upstreams-tproxy.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-applies-to-local-upstreams-tproxy.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -81,9 +84,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + } } ], "trustedCa": { @@ -128,9 +134,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + } } ], "trustedCa": { @@ -175,9 +184,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + } } ], "trustedCa": { @@ -222,9 +234,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + } } ], "trustedCa": { @@ -266,12 +281,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-applies-to-local-upstreams.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-applies-to-local-upstreams.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-applies-to-local-upstreams.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-applies-to-local-upstreams.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-inbound.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-inbound.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-inbound.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-inbound.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-consul-constraint-violation.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/lua-outbound-doesnt-apply-to-local-upstreams-with-envoy-constraint-violation.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/otel-access-logging-http.latest.golden b/agent/xds/testdata/builtin_extension/clusters/otel-access-logging-http.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/otel-access-logging-http.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/otel-access-logging-http.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-keepalive.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-keepalive.latest.golden index cb4e0cec1e..1c361056aa 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-keepalive.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-keepalive.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -83,12 +86,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-outlier-detection-multiple.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-outlier-detection-multiple.latest.golden index eb17f11f48..ea3fbe6e16 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-outlier-detection-multiple.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-outlier-detection-multiple.latest.golden @@ -37,9 +37,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -84,12 +87,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-outlier-detection.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-outlier-detection.latest.golden index 9432eb1b72..dd72465b70 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-outlier-detection.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-outlier-detection.latest.golden @@ -36,9 +36,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -82,12 +85,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-round-robin-lb-config.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-round-robin-lb-config.latest.golden index 680271c723..cea925675a 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-round-robin-lb-config.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-add-round-robin-lb-config.latest.golden @@ -35,9 +35,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -80,12 +83,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-cluster-load-assignment-inbound-add.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-cluster-load-assignment-inbound-add.latest.golden index 7362f44a57..46cd9a064b 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-cluster-load-assignment-inbound-add.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-cluster-load-assignment-inbound-add.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-cluster-load-assignment-outbound-add.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-cluster-load-assignment-outbound-add.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-cluster-load-assignment-outbound-add.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-cluster-load-assignment-outbound-add.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-inbound-doesnt-apply-to-outbound.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-inbound-doesnt-apply-to-outbound.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-inbound-doesnt-apply-to-outbound.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-inbound-doesnt-apply-to-outbound.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-listener-inbound-add.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-listener-inbound-add.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-listener-inbound-add.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-listener-inbound-add.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-listener-outbound-add.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-listener-outbound-add.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-listener-outbound-add.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-listener-outbound-add.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-outbound-doesnt-apply-to-inbound.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-outbound-doesnt-apply-to-inbound.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-outbound-doesnt-apply-to-inbound.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-outbound-doesnt-apply-to-inbound.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service-failover.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service-failover.latest.golden index 4b9c162775..cef7fbd13c 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service-failover.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service-failover.latest.golden @@ -56,9 +56,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -106,9 +109,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/fail" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/fail" + } } ], "trustedCa": { @@ -150,12 +156,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service-splitter.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service-splitter.latest.golden index 0dcc1ca752..a68e790ae8 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service-splitter.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service-splitter.latest.golden @@ -30,12 +30,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -108,9 +114,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -158,9 +167,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service.latest.golden index 2f37bfe304..0832200489 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-patch-specific-upstream-service.latest.golden @@ -55,9 +55,12 @@ "trustedCa": { "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ] } @@ -103,9 +106,12 @@ "trustedCa": { "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/fail" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/fail" + } } ] } @@ -147,12 +153,18 @@ "trustedCa": { "inlineString": "-----BEGIN CERTIFICATE-----\nMIICXDCCAgKgAwIBAgIICpZq70Z9LyUwCgYIKoZIzj0EAwIwFDESMBAGA1UEAxMJ\nVGVzdCBDQSAyMB4XDTE5MDMyMjEzNTgyNloXDTI5MDMyMjEzNTgyNlowFDESMBAG\nA1UEAxMJVGVzdCBDQSAyMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIhywH1gx\nAsMwuF3ukAI5YL2jFxH6Usnma1HFSfVyxbXX1/uoZEYrj8yCAtdU2yoHETyd+Zx2\nThhRLP79pYegCaOCATwwggE4MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTAD\nAQH/MGgGA1UdDgRhBF9kMToxMToxMTphYzoyYTpiYTo5NzpiMjozZjphYzo3Yjpi\nZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1ZTo0MTo2ZjpmMjo3\nMzo5NTo1ODowYzpkYjBqBgNVHSMEYzBhgF9kMToxMToxMTphYzoyYTpiYTo5Nzpi\nMjozZjphYzo3YjpiZDpkYTpiZTpiMTo4YTpmYzo5YTpiYTpiNTpiYzo4MzplNzo1\nZTo0MTo2ZjpmMjo3Mzo5NTo1ODowYzpkYjA/BgNVHREEODA2hjRzcGlmZmU6Ly8x\nMTExMTExMS0yMjIyLTMzMzMtNDQ0NC01NTU1NTU1NTU1NTUuY29uc3VsMAoGCCqG\nSM49BAMCA0gAMEUCICOY0i246rQHJt8o8Oya0D5PLL1FnmsQmQqIGCi31RwnAiEA\noR5f6Ku+cig2Il8T8LJujOp2/2A72QcHZA57B13y+8o=\n-----END CERTIFICATE-----\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ] } diff --git a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-remove-outlier-detection.latest.golden b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-remove-outlier-detection.latest.golden index fe41565d6e..efe753226c 100644 --- a/agent/xds/testdata/builtin_extension/clusters/propertyoverride-remove-outlier-detection.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/propertyoverride-remove-outlier-detection.latest.golden @@ -33,9 +33,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -76,12 +79,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/wasm-http-local-file.latest.golden b/agent/xds/testdata/builtin_extension/clusters/wasm-http-local-file.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/wasm-http-local-file.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/wasm-http-local-file.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/wasm-http-remote-file.latest.golden b/agent/xds/testdata/builtin_extension/clusters/wasm-http-remote-file.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/wasm-http-remote-file.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/wasm-http-remote-file.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-local-file-outbound.latest.golden b/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-local-file-outbound.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-local-file-outbound.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-local-file-outbound.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-local-file.latest.golden b/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-local-file.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-local-file.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-local-file.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-remote-file-outbound.latest.golden b/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-remote-file-outbound.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-remote-file-outbound.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-remote-file-outbound.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-remote-file.latest.golden b/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-remote-file.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-remote-file.latest.golden +++ b/agent/xds/testdata/builtin_extension/clusters/wasm-tcp-remote-file.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/access-logs-defaults.latest.golden b/agent/xds/testdata/clusters/access-logs-defaults.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/access-logs-defaults.latest.golden +++ b/agent/xds/testdata/clusters/access-logs-defaults.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/access-logs-json-file.latest.golden b/agent/xds/testdata/clusters/access-logs-json-file.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/access-logs-json-file.latest.golden +++ b/agent/xds/testdata/clusters/access-logs-json-file.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/access-logs-text-stderr-disablelistenerlogs.latest.golden b/agent/xds/testdata/clusters/access-logs-text-stderr-disablelistenerlogs.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/access-logs-text-stderr-disablelistenerlogs.latest.golden +++ b/agent/xds/testdata/clusters/access-logs-text-stderr-disablelistenerlogs.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/api-gateway-http-listener-with-http-route.latest.golden b/agent/xds/testdata/clusters/api-gateway-http-listener-with-http-route.latest.golden index a03e0e29fc..119ca359b5 100644 --- a/agent/xds/testdata/clusters/api-gateway-http-listener-with-http-route.latest.golden +++ b/agent/xds/testdata/clusters/api-gateway-http-listener-with-http-route.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/http-service" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/http-service" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden b/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden index 83c3cae4e8..c6eaa8c5d8 100644 --- a/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden +++ b/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-and-http-route.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/http-service" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/http-service" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/tcp-service" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/tcp-service" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-route.latest.golden b/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-route.latest.golden index c1a9d880f9..44e42d764f 100644 --- a/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-route.latest.golden +++ b/agent/xds/testdata/clusters/api-gateway-tcp-listener-with-tcp-route.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/tcp-service" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/tcp-service" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden index 6ffbd421e0..4de66f3506 100644 --- a/agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden +++ b/agent/xds/testdata/clusters/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-http-route.latest.golden index 6ffbd421e0..4de66f3506 100644 --- a/agent/xds/testdata/clusters/api-gateway-with-http-route.latest.golden +++ b/agent/xds/testdata/clusters/api-gateway-with-http-route.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/api-gateway-with-multiple-hostnames.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-multiple-hostnames.latest.golden index 216574da82..fd1bb67fe4 100644 --- a/agent/xds/testdata/clusters/api-gateway-with-multiple-hostnames.latest.golden +++ b/agent/xds/testdata/clusters/api-gateway-with-multiple-hostnames.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/backend" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/backend" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/frontend" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/frontend" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden index 6ffbd421e0..4de66f3506 100644 --- a/agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden +++ b/agent/xds/testdata/clusters/api-gateway-with-multiple-inline-certificates.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/api-gateway-with-tcp-route-and-inline-certificate.latest.golden b/agent/xds/testdata/clusters/api-gateway-with-tcp-route-and-inline-certificate.latest.golden index 6ffbd421e0..4de66f3506 100644 --- a/agent/xds/testdata/clusters/api-gateway-with-tcp-route-and-inline-certificate.latest.golden +++ b/agent/xds/testdata/clusters/api-gateway-with-tcp-route-and-inline-certificate.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/service" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-lb-in-resolver.latest.golden b/agent/xds/testdata/clusters/connect-proxy-lb-in-resolver.latest.golden index dc004b4e22..1bd8716ef5 100644 --- a/agent/xds/testdata/clusters/connect-proxy-lb-in-resolver.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-lb-in-resolver.latest.golden @@ -39,9 +39,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -83,12 +86,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -159,9 +168,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/something-else" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/something-else" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-resolver-with-lb.latest.golden b/agent/xds/testdata/clusters/connect-proxy-resolver-with-lb.latest.golden index ff832d784b..852f75ea9e 100644 --- a/agent/xds/testdata/clusters/connect-proxy-resolver-with-lb.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-resolver-with-lb.latest.golden @@ -39,9 +39,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -83,12 +86,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-route-to-lb-resolver.latest.golden b/agent/xds/testdata/clusters/connect-proxy-route-to-lb-resolver.latest.golden index 4235b653fa..8b1b3340bf 100644 --- a/agent/xds/testdata/clusters/connect-proxy-route-to-lb-resolver.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-route-to-lb-resolver.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -159,9 +168,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-splitter-overweight.latest.golden b/agent/xds/testdata/clusters/connect-proxy-splitter-overweight.latest.golden index 4f4e0d2144..48df6287b5 100644 --- a/agent/xds/testdata/clusters/connect-proxy-splitter-overweight.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-splitter-overweight.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -129,9 +138,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + } } ], "trustedCa": { @@ -177,9 +189,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-upstream-defaults.latest.golden b/agent/xds/testdata/clusters/connect-proxy-upstream-defaults.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/connect-proxy-upstream-defaults.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-upstream-defaults.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover-to-cluster-peer.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover-to-cluster-peer.latest.golden index 9a7a84c48b..f136f26999 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover-to-cluster-peer.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover-to-cluster-peer.latest.golden @@ -51,9 +51,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -99,9 +102,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -143,12 +149,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover.latest.golden index a6c7b69749..bc59491c86 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-failover.latest.golden @@ -51,9 +51,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -99,9 +102,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/fail" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/fail" + } } ], "trustedCa": { @@ -143,12 +149,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden index d438330c60..9eb5bad5ee 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-overrides.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -86,12 +89,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-redirect-to-cluster-peer.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-redirect-to-cluster-peer.latest.golden index 820039ff13..bee55cf805 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-redirect-to-cluster-peer.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-redirect-to-cluster-peer.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-router.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-router.latest.golden index 013e86137f..8efdba48f5 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-router.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-router.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -130,9 +136,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" + } } ], "trustedCa": { @@ -178,9 +187,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" + } } ], "trustedCa": { @@ -226,9 +238,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" + } } ], "trustedCa": { @@ -270,12 +285,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -321,9 +342,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + } } ], "trustedCa": { @@ -369,9 +393,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" + } } ], "trustedCa": { @@ -417,9 +444,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" + } } ], "trustedCa": { @@ -465,9 +495,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" + } } ], "trustedCa": { @@ -513,9 +546,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" + } } ], "trustedCa": { @@ -561,9 +597,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" + } } ], "trustedCa": { @@ -609,9 +648,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" + } } ], "trustedCa": { @@ -657,9 +699,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" + } } ], "trustedCa": { @@ -705,9 +750,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" + } } ], "trustedCa": { @@ -753,9 +801,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" + } } ], "trustedCa": { @@ -801,9 +852,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" + } } ], "trustedCa": { @@ -849,9 +903,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + } } ], "trustedCa": { @@ -922,9 +979,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" + } } ], "trustedCa": { @@ -970,9 +1030,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" + } } ], "trustedCa": { @@ -1018,9 +1081,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" + } } ], "trustedCa": { @@ -1066,9 +1132,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + } } ], "trustedCa": { @@ -1114,9 +1183,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" + } } ], "trustedCa": { @@ -1162,9 +1234,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" + } } ], "trustedCa": { @@ -1210,9 +1285,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" + } } ], "trustedCa": { @@ -1258,9 +1336,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" + } } ], "trustedCa": { @@ -1306,9 +1387,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" + } } ], "trustedCa": { @@ -1354,9 +1438,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" + } } ], "trustedCa": { @@ -1402,9 +1489,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" + } } ], "trustedCa": { @@ -1450,9 +1540,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" + } } ], "trustedCa": { @@ -1498,9 +1591,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-splitter.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-splitter.latest.golden index 1d7410172c..a6781d241e 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain-and-splitter.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-and-splitter.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -126,12 +132,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -177,9 +189,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + } } ], "trustedCa": { @@ -225,9 +240,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-external-sni.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-external-sni.latest.golden index 26f0e47777..35b7e902bb 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain-external-sni.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-external-sni.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden index f03d8c0ffc..d2c192ac1f 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-chain-http2.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -86,12 +89,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-chain.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-chain.latest.golden index 69904e61ca..b89067c7a6 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-chain.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-chain.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-default-chain-and-custom-cluster.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-default-chain-and-custom-cluster.latest.golden index 8ec7314419..da534e7c1f 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-default-chain-and-custom-cluster.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-default-chain-and-custom-cluster.latest.golden @@ -30,12 +30,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -113,9 +119,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-grpc-chain.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-grpc-chain.latest.golden index f03d8c0ffc..d2c192ac1f 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-grpc-chain.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-grpc-chain.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -86,12 +89,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-grpc-router.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-grpc-router.latest.golden index a594d0b7ce..5082a3ec7a 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-grpc-router.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-grpc-router.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -86,12 +89,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -162,9 +171,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-http-chain.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-http-chain.latest.golden index 69904e61ca..b89067c7a6 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-http-chain.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-http-chain.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-http2-chain.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-http2-chain.latest.golden index f03d8c0ffc..d2c192ac1f 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-http2-chain.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-http2-chain.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -86,12 +89,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-local.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-local.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-local.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-local.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden index b3aeed5b63..3005cc463d 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-jwt-config-entry-with-remote-jwks.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden index d7aa33d71a..84e426aae8 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden @@ -66,9 +66,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments" + } } ], "trustedCa": { @@ -114,9 +117,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden index 091cbbb5aa..d156c75983 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams-http2.latest.golden @@ -77,9 +77,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments" + } } ], "trustedCa": { @@ -134,9 +137,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden index 018997d5d0..cf0a67cd63 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-peered-upstreams.latest.golden @@ -77,9 +77,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments" + } } ], "trustedCa": { @@ -126,9 +129,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden index eeff916358..a387dbedb4 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden @@ -52,9 +52,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -100,9 +103,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -148,9 +154,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + } } ], "trustedCa": { @@ -192,12 +201,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden index eeff916358..a387dbedb4 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-local-gateway.latest.golden @@ -52,9 +52,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -100,9 +103,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -148,9 +154,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + } } ], "trustedCa": { @@ -192,12 +201,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden index eeff916358..a387dbedb4 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden @@ -52,9 +52,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -100,9 +103,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -148,9 +154,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + } } ], "trustedCa": { @@ -192,12 +201,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden index eeff916358..a387dbedb4 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-double-failover-through-remote-gateway.latest.golden @@ -52,9 +52,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -100,9 +103,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -148,9 +154,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + } } ], "trustedCa": { @@ -192,12 +201,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden index e5c67ced91..542d4913da 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden @@ -51,9 +51,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -99,9 +102,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -143,12 +149,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden index e5c67ced91..542d4913da 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-local-gateway.latest.golden @@ -51,9 +51,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -99,9 +102,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -143,12 +149,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden index e5c67ced91..542d4913da 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden @@ -51,9 +51,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -99,9 +102,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -143,12 +149,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden index e5c67ced91..542d4913da 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain-failover-through-remote-gateway.latest.golden @@ -51,9 +51,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -99,9 +102,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -143,12 +149,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain.latest.golden index 69904e61ca..b89067c7a6 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tcp-chain.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-cipher-suites.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-cipher-suites.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-cipher-suites.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-cipher-suites.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-max-version.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-max-version.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-max-version.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-max-version.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-min-version.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-min-version.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-min-version.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tls-incoming-min-version.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden index 8f405e7dd3..9afa8a275a 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-cipher-suites.latest.golden @@ -39,9 +39,12 @@ ] }, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -88,12 +91,18 @@ ] }, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.latest.golden index 24554d780d..fd5906d643 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-max-version.latest.golden @@ -36,9 +36,12 @@ "tlsMaximumProtocolVersion": "TLSv1_2" }, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -82,12 +85,18 @@ "tlsMaximumProtocolVersion": "TLSv1_2" }, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version-auto.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.latest.golden index 29763283b9..8fabcfd1f8 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tls-outgoing-min-version.latest.golden @@ -36,9 +36,12 @@ "tlsMinimumProtocolVersion": "TLSv1_3" }, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -82,12 +85,18 @@ "tlsMinimumProtocolVersion": "TLSv1_3" }, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/clusters/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden index c8d1eb2d35..a36dfcbc0a 100644 --- a/agent/xds/testdata/clusters/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-with-tproxy-and-permissive-mtls.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden b/agent/xds/testdata/clusters/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden +++ b/agent/xds/testdata/clusters/connect-proxy-without-tproxy-and-permissive-mtls.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-limits-max-connections-only.latest.golden b/agent/xds/testdata/clusters/custom-limits-max-connections-only.latest.golden index f2f27cd06f..29b1666acb 100644 --- a/agent/xds/testdata/clusters/custom-limits-max-connections-only.latest.golden +++ b/agent/xds/testdata/clusters/custom-limits-max-connections-only.latest.golden @@ -40,9 +40,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -90,12 +93,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-limits-set-to-zero.latest.golden b/agent/xds/testdata/clusters/custom-limits-set-to-zero.latest.golden index d3e8277df9..54711b14d9 100644 --- a/agent/xds/testdata/clusters/custom-limits-set-to-zero.latest.golden +++ b/agent/xds/testdata/clusters/custom-limits-set-to-zero.latest.golden @@ -42,9 +42,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -94,12 +97,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-limits.latest.golden b/agent/xds/testdata/clusters/custom-limits.latest.golden index ac187b5ab0..5ae56712a1 100644 --- a/agent/xds/testdata/clusters/custom-limits.latest.golden +++ b/agent/xds/testdata/clusters/custom-limits.latest.golden @@ -42,9 +42,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -94,12 +97,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-local-app.latest.golden b/agent/xds/testdata/clusters/custom-local-app.latest.golden index 9e5f75c55b..66c013fd8b 100644 --- a/agent/xds/testdata/clusters/custom-local-app.latest.golden +++ b/agent/xds/testdata/clusters/custom-local-app.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-max-inbound-connections.latest.golden b/agent/xds/testdata/clusters/custom-max-inbound-connections.latest.golden index 8763544644..2199d1a248 100644 --- a/agent/xds/testdata/clusters/custom-max-inbound-connections.latest.golden +++ b/agent/xds/testdata/clusters/custom-max-inbound-connections.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden b/agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden index 7ccbda4590..f23ee6099a 100644 --- a/agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden +++ b/agent/xds/testdata/clusters/custom-passive-healthcheck-zero-consecutive_5xx.latest.golden @@ -40,9 +40,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -84,12 +87,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-passive-healthcheck.latest.golden b/agent/xds/testdata/clusters/custom-passive-healthcheck.latest.golden index 2f501e3ee8..be112e3957 100644 --- a/agent/xds/testdata/clusters/custom-passive-healthcheck.latest.golden +++ b/agent/xds/testdata/clusters/custom-passive-healthcheck.latest.golden @@ -40,9 +40,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -84,12 +87,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-public-listener-http-2.latest.golden b/agent/xds/testdata/clusters/custom-public-listener-http-2.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/custom-public-listener-http-2.latest.golden +++ b/agent/xds/testdata/clusters/custom-public-listener-http-2.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-public-listener-http-missing.latest.golden b/agent/xds/testdata/clusters/custom-public-listener-http-missing.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/custom-public-listener-http-missing.latest.golden +++ b/agent/xds/testdata/clusters/custom-public-listener-http-missing.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-public-listener-http.latest.golden b/agent/xds/testdata/clusters/custom-public-listener-http.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/custom-public-listener-http.latest.golden +++ b/agent/xds/testdata/clusters/custom-public-listener-http.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-public-listener.latest.golden b/agent/xds/testdata/clusters/custom-public-listener.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/custom-public-listener.latest.golden +++ b/agent/xds/testdata/clusters/custom-public-listener.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-timeouts.latest.golden b/agent/xds/testdata/clusters/custom-timeouts.latest.golden index 688adfb4c5..3a727d4403 100644 --- a/agent/xds/testdata/clusters/custom-timeouts.latest.golden +++ b/agent/xds/testdata/clusters/custom-timeouts.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-trace-listener.latest.golden b/agent/xds/testdata/clusters/custom-trace-listener.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/custom-trace-listener.latest.golden +++ b/agent/xds/testdata/clusters/custom-trace-listener.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-upstream-default-chain.latest.golden b/agent/xds/testdata/clusters/custom-upstream-default-chain.latest.golden index 8ec7314419..da534e7c1f 100644 --- a/agent/xds/testdata/clusters/custom-upstream-default-chain.latest.golden +++ b/agent/xds/testdata/clusters/custom-upstream-default-chain.latest.golden @@ -30,12 +30,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -113,9 +119,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-upstream-ignored-with-disco-chain.latest.golden b/agent/xds/testdata/clusters/custom-upstream-ignored-with-disco-chain.latest.golden index a6c7b69749..bc59491c86 100644 --- a/agent/xds/testdata/clusters/custom-upstream-ignored-with-disco-chain.latest.golden +++ b/agent/xds/testdata/clusters/custom-upstream-ignored-with-disco-chain.latest.golden @@ -51,9 +51,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -99,9 +102,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/fail" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/fail" + } } ], "trustedCa": { @@ -143,12 +149,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden b/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden index b82511b15e..132682626b 100644 --- a/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden +++ b/agent/xds/testdata/clusters/custom-upstream-with-prepared-query.latest.golden @@ -79,12 +79,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/custom-upstream.latest.golden b/agent/xds/testdata/clusters/custom-upstream.latest.golden index 8ec7314419..da534e7c1f 100644 --- a/agent/xds/testdata/clusters/custom-upstream.latest.golden +++ b/agent/xds/testdata/clusters/custom-upstream.latest.golden @@ -30,12 +30,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -113,9 +119,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/defaults.latest.golden b/agent/xds/testdata/clusters/defaults.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/defaults.latest.golden +++ b/agent/xds/testdata/clusters/defaults.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/downstream-service-with-unix-sockets.latest.golden b/agent/xds/testdata/clusters/downstream-service-with-unix-sockets.latest.golden index a6d0025aec..8193ef219c 100644 --- a/agent/xds/testdata/clusters/downstream-service-with-unix-sockets.latest.golden +++ b/agent/xds/testdata/clusters/downstream-service-with-unix-sockets.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/grpc-public-listener.latest.golden b/agent/xds/testdata/clusters/grpc-public-listener.latest.golden index a5bb1cfdea..70bf8607e4 100644 --- a/agent/xds/testdata/clusters/grpc-public-listener.latest.golden +++ b/agent/xds/testdata/clusters/grpc-public-listener.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/http-listener-with-timeouts.latest.golden b/agent/xds/testdata/clusters/http-listener-with-timeouts.latest.golden index 688adfb4c5..3a727d4403 100644 --- a/agent/xds/testdata/clusters/http-listener-with-timeouts.latest.golden +++ b/agent/xds/testdata/clusters/http-listener-with-timeouts.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/http-public-listener-no-xfcc.latest.golden b/agent/xds/testdata/clusters/http-public-listener-no-xfcc.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/http-public-listener-no-xfcc.latest.golden +++ b/agent/xds/testdata/clusters/http-public-listener-no-xfcc.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/http-public-listener.latest.golden b/agent/xds/testdata/clusters/http-public-listener.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/http-public-listener.latest.golden +++ b/agent/xds/testdata/clusters/http-public-listener.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/http-upstream.latest.golden b/agent/xds/testdata/clusters/http-upstream.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/http-upstream.latest.golden +++ b/agent/xds/testdata/clusters/http-upstream.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/http2-public-listener.latest.golden b/agent/xds/testdata/clusters/http2-public-listener.latest.golden index a5bb1cfdea..70bf8607e4 100644 --- a/agent/xds/testdata/clusters/http2-public-listener.latest.golden +++ b/agent/xds/testdata/clusters/http2-public-listener.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-gateway-bind-addrs.latest.golden b/agent/xds/testdata/clusters/ingress-gateway-bind-addrs.latest.golden index 699ed14e9c..7d6753a098 100644 --- a/agent/xds/testdata/clusters/ingress-gateway-bind-addrs.latest.golden +++ b/agent/xds/testdata/clusters/ingress-gateway-bind-addrs.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden index 5451b36da4..2cc24d95b7 100644 --- a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden +++ b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-cipher-suites.latest.golden @@ -39,9 +39,12 @@ ] }, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.latest.golden b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.latest.golden index 6e1bd3beaf..5fedecd8b3 100644 --- a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.latest.golden +++ b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-max-version.latest.golden @@ -36,9 +36,12 @@ "tlsMaximumProtocolVersion": "TLSv1_2" }, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.latest.golden b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.latest.golden index 17b04f2d27..ef32beffda 100644 --- a/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.latest.golden +++ b/agent/xds/testdata/clusters/ingress-gateway-with-tls-outgoing-min-version.latest.golden @@ -36,9 +36,12 @@ "tlsMinimumProtocolVersion": "TLSv1_3" }, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-gateway.latest.golden b/agent/xds/testdata/clusters/ingress-gateway.latest.golden index 699ed14e9c..7d6753a098 100644 --- a/agent/xds/testdata/clusters/ingress-gateway.latest.golden +++ b/agent/xds/testdata/clusters/ingress-gateway.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-grpc-multiple-services.latest.golden b/agent/xds/testdata/clusters/ingress-grpc-multiple-services.latest.golden index 6fad08d9c3..cf46a7c991 100644 --- a/agent/xds/testdata/clusters/ingress-grpc-multiple-services.latest.golden +++ b/agent/xds/testdata/clusters/ingress-grpc-multiple-services.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" + } } ], "trustedCa": { @@ -90,9 +93,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-http-multiple-services.latest.golden b/agent/xds/testdata/clusters/ingress-http-multiple-services.latest.golden index f4ba7f1802..9d16f7dc03 100644 --- a/agent/xds/testdata/clusters/ingress-http-multiple-services.latest.golden +++ b/agent/xds/testdata/clusters/ingress-http-multiple-services.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/baz" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/baz" + } } ], "trustedCa": { @@ -130,9 +136,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + } } ], "trustedCa": { @@ -178,9 +187,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/qux" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/qux" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-lb-in-resolver.latest.golden b/agent/xds/testdata/clusters/ingress-lb-in-resolver.latest.golden index ff94a34cac..2f4c70a742 100644 --- a/agent/xds/testdata/clusters/ingress-lb-in-resolver.latest.golden +++ b/agent/xds/testdata/clusters/ingress-lb-in-resolver.latest.golden @@ -39,9 +39,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -87,9 +90,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/something-else" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/something-else" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-multiple-listeners-duplicate-service.latest.golden b/agent/xds/testdata/clusters/ingress-multiple-listeners-duplicate-service.latest.golden index 3d83307a00..b1345fb32f 100644 --- a/agent/xds/testdata/clusters/ingress-multiple-listeners-duplicate-service.latest.golden +++ b/agent/xds/testdata/clusters/ingress-multiple-listeners-duplicate-service.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-splitter-with-resolver-redirect.latest.golden b/agent/xds/testdata/clusters/ingress-splitter-with-resolver-redirect.latest.golden index 5280ee7a98..cbff0d03a6 100644 --- a/agent/xds/testdata/clusters/ingress-splitter-with-resolver-redirect.latest.golden +++ b/agent/xds/testdata/clusters/ingress-splitter-with-resolver-redirect.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-chain-and-failover-to-cluster-peer.latest.golden b/agent/xds/testdata/clusters/ingress-with-chain-and-failover-to-cluster-peer.latest.golden index 1764907150..cbdb10ec98 100644 --- a/agent/xds/testdata/clusters/ingress-with-chain-and-failover-to-cluster-peer.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-chain-and-failover-to-cluster-peer.latest.golden @@ -52,9 +52,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -100,9 +103,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-chain-and-failover.latest.golden b/agent/xds/testdata/clusters/ingress-with-chain-and-failover.latest.golden index 8a2f77a98f..85b04507a1 100644 --- a/agent/xds/testdata/clusters/ingress-with-chain-and-failover.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-chain-and-failover.latest.golden @@ -52,9 +52,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -100,9 +103,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/fail" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/fail" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-chain-and-router-header-manip.latest.golden b/agent/xds/testdata/clusters/ingress-with-chain-and-router-header-manip.latest.golden index 284cbeb37c..e0ed38dd7c 100644 --- a/agent/xds/testdata/clusters/ingress-with-chain-and-router-header-manip.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-chain-and-router-header-manip.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -130,9 +136,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" + } } ], "trustedCa": { @@ -178,9 +187,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" + } } ], "trustedCa": { @@ -226,9 +238,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" + } } ], "trustedCa": { @@ -274,9 +289,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + } } ], "trustedCa": { @@ -322,9 +340,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" + } } ], "trustedCa": { @@ -370,9 +391,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" + } } ], "trustedCa": { @@ -418,9 +442,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" + } } ], "trustedCa": { @@ -466,9 +493,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" + } } ], "trustedCa": { @@ -514,9 +544,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" + } } ], "trustedCa": { @@ -562,9 +595,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" + } } ], "trustedCa": { @@ -610,9 +646,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" + } } ], "trustedCa": { @@ -658,9 +697,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" + } } ], "trustedCa": { @@ -706,9 +748,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" + } } ], "trustedCa": { @@ -754,9 +799,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" + } } ], "trustedCa": { @@ -802,9 +850,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + } } ], "trustedCa": { @@ -850,9 +901,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" + } } ], "trustedCa": { @@ -898,9 +952,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" + } } ], "trustedCa": { @@ -946,9 +1003,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" + } } ], "trustedCa": { @@ -994,9 +1054,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + } } ], "trustedCa": { @@ -1042,9 +1105,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" + } } ], "trustedCa": { @@ -1090,9 +1156,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" + } } ], "trustedCa": { @@ -1138,9 +1207,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" + } } ], "trustedCa": { @@ -1186,9 +1258,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" + } } ], "trustedCa": { @@ -1234,9 +1309,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" + } } ], "trustedCa": { @@ -1282,9 +1360,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" + } } ], "trustedCa": { @@ -1330,9 +1411,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" + } } ], "trustedCa": { @@ -1378,9 +1462,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" + } } ], "trustedCa": { @@ -1426,9 +1513,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-chain-and-router.latest.golden b/agent/xds/testdata/clusters/ingress-with-chain-and-router.latest.golden index 284cbeb37c..e0ed38dd7c 100644 --- a/agent/xds/testdata/clusters/ingress-with-chain-and-router.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-chain-and-router.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -130,9 +136,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" + } } ], "trustedCa": { @@ -178,9 +187,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" + } } ], "trustedCa": { @@ -226,9 +238,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" + } } ], "trustedCa": { @@ -274,9 +289,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + } } ], "trustedCa": { @@ -322,9 +340,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" + } } ], "trustedCa": { @@ -370,9 +391,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" + } } ], "trustedCa": { @@ -418,9 +442,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" + } } ], "trustedCa": { @@ -466,9 +493,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" + } } ], "trustedCa": { @@ -514,9 +544,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" + } } ], "trustedCa": { @@ -562,9 +595,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" + } } ], "trustedCa": { @@ -610,9 +646,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" + } } ], "trustedCa": { @@ -658,9 +697,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" + } } ], "trustedCa": { @@ -706,9 +748,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" + } } ], "trustedCa": { @@ -754,9 +799,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" + } } ], "trustedCa": { @@ -802,9 +850,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + } } ], "trustedCa": { @@ -850,9 +901,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" + } } ], "trustedCa": { @@ -898,9 +952,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" + } } ], "trustedCa": { @@ -946,9 +1003,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" + } } ], "trustedCa": { @@ -994,9 +1054,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + } } ], "trustedCa": { @@ -1042,9 +1105,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" + } } ], "trustedCa": { @@ -1090,9 +1156,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" + } } ], "trustedCa": { @@ -1138,9 +1207,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" + } } ], "trustedCa": { @@ -1186,9 +1258,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" + } } ], "trustedCa": { @@ -1234,9 +1309,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" + } } ], "trustedCa": { @@ -1282,9 +1360,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" + } } ], "trustedCa": { @@ -1330,9 +1411,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" + } } ], "trustedCa": { @@ -1378,9 +1462,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" + } } ], "trustedCa": { @@ -1426,9 +1513,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-chain-and-splitter.latest.golden b/agent/xds/testdata/clusters/ingress-with-chain-and-splitter.latest.golden index 96bd14f953..cc0b58f3e6 100644 --- a/agent/xds/testdata/clusters/ingress-with-chain-and-splitter.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-chain-and-splitter.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + } } ], "trustedCa": { @@ -82,9 +85,13 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -130,9 +137,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + } } ], "trustedCa": { @@ -178,9 +188,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-chain-external-sni.latest.golden b/agent/xds/testdata/clusters/ingress-with-chain-external-sni.latest.golden index e1dedd23fc..d9c7ff5505 100644 --- a/agent/xds/testdata/clusters/ingress-with-chain-external-sni.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-chain-external-sni.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-chain.latest.golden b/agent/xds/testdata/clusters/ingress-with-chain.latest.golden index 3c3dec4ccf..c3df0a0821 100644 --- a/agent/xds/testdata/clusters/ingress-with-chain.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-chain.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden b/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden index 854e52edbd..98a2b6130b 100644 --- a/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-defaults-passive-health-check.latest.golden @@ -47,9 +47,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-defaults-service-max-connections.latest.golden b/agent/xds/testdata/clusters/ingress-with-defaults-service-max-connections.latest.golden index bd9ac9dcb6..56a49bc48a 100644 --- a/agent/xds/testdata/clusters/ingress-with-defaults-service-max-connections.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-defaults-service-max-connections.latest.golden @@ -42,9 +42,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-grpc-router.latest.golden b/agent/xds/testdata/clusters/ingress-with-grpc-router.latest.golden index 110fab806e..e4f5cd2170 100644 --- a/agent/xds/testdata/clusters/ingress-with-grpc-router.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-grpc-router.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-grpc-single-tls-listener.latest.golden b/agent/xds/testdata/clusters/ingress-with-grpc-single-tls-listener.latest.golden index f1a8500c6c..30514bedd4 100644 --- a/agent/xds/testdata/clusters/ingress-with-grpc-single-tls-listener.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-grpc-single-tls-listener.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -90,9 +93,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden b/agent/xds/testdata/clusters/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden index f1a8500c6c..30514bedd4 100644 --- a/agent/xds/testdata/clusters/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-http2-and-grpc-multiple-tls-listener.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -90,9 +93,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-http2-single-tls-listener.latest.golden b/agent/xds/testdata/clusters/ingress-with-http2-single-tls-listener.latest.golden index f1a8500c6c..30514bedd4 100644 --- a/agent/xds/testdata/clusters/ingress-with-http2-single-tls-listener.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-http2-single-tls-listener.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -90,9 +93,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden b/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden index 63621f39f6..0063bcfb1e 100644 --- a/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-passive-health-check.latest.golden @@ -46,9 +46,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-service-max-connections.latest.golden b/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-service-max-connections.latest.golden index f38254450d..6c3f165917 100644 --- a/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-service-max-connections.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-overwrite-defaults-service-max-connections.latest.golden @@ -41,9 +41,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener+service-level.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener+service-level.latest.golden index 8a9c954b97..2429cd14ff 100644 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener+service-level.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-sds-listener+service-level.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-http.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-http.latest.golden index 64347312f9..42bfe2d69e 100644 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-http.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-http.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/http" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/http" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden index d168b6488e..d6c813eff5 100644 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level-mixed-tls.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/insecure" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/insecure" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/secure" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/secure" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level.latest.golden index 699ed14e9c..7d6753a098 100644 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-sds-listener-gw-level.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-level-wildcard.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-level-wildcard.latest.golden index d8aee80140..18e5cde875 100644 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-level-wildcard.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-sds-listener-level-wildcard.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-level.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-level.latest.golden index d8aee80140..18e5cde875 100644 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-level.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-sds-listener-level.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-sds-listener-listener-level.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-listener-listener-level.latest.golden index 699ed14e9c..7d6753a098 100644 --- a/agent/xds/testdata/clusters/ingress-with-sds-listener-listener-level.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-sds-listener-listener-level.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-sds-service-level-2.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-service-level-2.latest.golden index d8aee80140..18e5cde875 100644 --- a/agent/xds/testdata/clusters/ingress-with-sds-service-level-2.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-sds-service-level-2.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-no-tls.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-no-tls.latest.golden index 8a9c954b97..2429cd14ff 100644 --- a/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-no-tls.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-no-tls.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-tls.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-tls.latest.golden index d8aee80140..18e5cde875 100644 --- a/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-tls.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-sds-service-level-mixed-tls.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/web" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-sds-service-level.latest.golden b/agent/xds/testdata/clusters/ingress-with-sds-service-level.latest.golden index 8a9c954b97..2429cd14ff 100644 --- a/agent/xds/testdata/clusters/ingress-with-sds-service-level.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-sds-service-level.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-service-max-connections.latest.golden b/agent/xds/testdata/clusters/ingress-with-service-max-connections.latest.golden index e8c73c3b77..30d1aecd4a 100644 --- a/agent/xds/testdata/clusters/ingress-with-service-max-connections.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-service-max-connections.latest.golden @@ -40,9 +40,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden b/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden index 5bea45a575..3f1dfa5c6a 100644 --- a/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-service-passive-health-check.latest.golden @@ -44,9 +44,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-single-tls-listener.latest.golden b/agent/xds/testdata/clusters/ingress-with-single-tls-listener.latest.golden index 8a9c954b97..2429cd14ff 100644 --- a/agent/xds/testdata/clusters/ingress-with-single-tls-listener.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-single-tls-listener.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden index 36da92cce8..b83f7c4ad0 100644 --- a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway-triggered.latest.golden @@ -53,9 +53,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -101,9 +104,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -149,9 +155,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden index 36da92cce8..b83f7c4ad0 100644 --- a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-local-gateway.latest.golden @@ -53,9 +53,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -101,9 +104,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -149,9 +155,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden index 36da92cce8..b83f7c4ad0 100644 --- a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway-triggered.latest.golden @@ -53,9 +53,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -101,9 +104,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -149,9 +155,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden index 36da92cce8..b83f7c4ad0 100644 --- a/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tcp-chain-double-failover-through-remote-gateway.latest.golden @@ -53,9 +53,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -101,9 +104,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { @@ -149,9 +155,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc3/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden index 37a8bbfcdc..7351e2dbd6 100644 --- a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway-triggered.latest.golden @@ -52,9 +52,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -100,9 +103,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden index 37a8bbfcdc..7351e2dbd6 100644 --- a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-local-gateway.latest.golden @@ -52,9 +52,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -100,9 +103,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden index 37a8bbfcdc..7351e2dbd6 100644 --- a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway-triggered.latest.golden @@ -52,9 +52,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -100,9 +103,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden index 37a8bbfcdc..7351e2dbd6 100644 --- a/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tcp-chain-failover-through-remote-gateway.latest.golden @@ -52,9 +52,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -100,9 +103,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tls-listener-cipher-suites.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-listener-cipher-suites.latest.golden index 699ed14e9c..7d6753a098 100644 --- a/agent/xds/testdata/clusters/ingress-with-tls-listener-cipher-suites.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tls-listener-cipher-suites.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tls-listener-max-version.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-listener-max-version.latest.golden index 699ed14e9c..7d6753a098 100644 --- a/agent/xds/testdata/clusters/ingress-with-tls-listener-max-version.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tls-listener-max-version.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tls-listener-min-version.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-listener-min-version.latest.golden index 699ed14e9c..7d6753a098 100644 --- a/agent/xds/testdata/clusters/ingress-with-tls-listener-min-version.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tls-listener-min-version.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tls-listener.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-listener.latest.golden index 699ed14e9c..7d6753a098 100644 --- a/agent/xds/testdata/clusters/ingress-with-tls-listener.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tls-listener.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden index e911eee75c..45d27e53a2 100644 --- a/agent/xds/testdata/clusters/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tls-min-version-listeners-gateway-defaults.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { @@ -130,9 +136,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s3" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s3" + } } ], "trustedCa": { @@ -178,9 +187,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s4" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s4" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden index 8a9c954b97..2429cd14ff 100644 --- a/agent/xds/testdata/clusters/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tls-mixed-cipher-suites-listeners.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tls-mixed-listeners.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-mixed-listeners.latest.golden index 8a9c954b97..2429cd14ff 100644 --- a/agent/xds/testdata/clusters/ingress-with-tls-mixed-listeners.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tls-mixed-listeners.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tls-mixed-max-version-listeners.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-mixed-max-version-listeners.latest.golden index 4773f59818..4c33535c2f 100644 --- a/agent/xds/testdata/clusters/ingress-with-tls-mixed-max-version-listeners.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tls-mixed-max-version-listeners.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { @@ -130,9 +136,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s3" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s3" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/ingress-with-tls-mixed-min-version-listeners.latest.golden b/agent/xds/testdata/clusters/ingress-with-tls-mixed-min-version-listeners.latest.golden index 4773f59818..4c33535c2f 100644 --- a/agent/xds/testdata/clusters/ingress-with-tls-mixed-min-version-listeners.latest.golden +++ b/agent/xds/testdata/clusters/ingress-with-tls-mixed-min-version-listeners.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s1" + } } ], "trustedCa": { @@ -82,9 +85,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s2" + } } ], "trustedCa": { @@ -130,9 +136,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s3" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/s3" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/listener-balance-inbound-connections.latest.golden b/agent/xds/testdata/clusters/listener-balance-inbound-connections.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/listener-balance-inbound-connections.latest.golden +++ b/agent/xds/testdata/clusters/listener-balance-inbound-connections.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/listener-balance-outbound-connections-bind-port.latest.golden b/agent/xds/testdata/clusters/listener-balance-outbound-connections-bind-port.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/listener-balance-outbound-connections-bind-port.latest.golden +++ b/agent/xds/testdata/clusters/listener-balance-outbound-connections-bind-port.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/listener-bind-address-port.latest.golden b/agent/xds/testdata/clusters/listener-bind-address-port.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/listener-bind-address-port.latest.golden +++ b/agent/xds/testdata/clusters/listener-bind-address-port.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/listener-bind-address.latest.golden b/agent/xds/testdata/clusters/listener-bind-address.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/listener-bind-address.latest.golden +++ b/agent/xds/testdata/clusters/listener-bind-address.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/listener-bind-port.latest.golden b/agent/xds/testdata/clusters/listener-bind-port.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/listener-bind-port.latest.golden +++ b/agent/xds/testdata/clusters/listener-bind-port.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/listener-max-inbound-connections.latest.golden b/agent/xds/testdata/clusters/listener-max-inbound-connections.latest.golden index e7bd10da00..eb535dad76 100644 --- a/agent/xds/testdata/clusters/listener-max-inbound-connections.latest.golden +++ b/agent/xds/testdata/clusters/listener-max-inbound-connections.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/listener-unix-domain-socket.latest.golden b/agent/xds/testdata/clusters/listener-unix-domain-socket.latest.golden index 5a25e882ab..cbd67ae2c6 100644 --- a/agent/xds/testdata/clusters/listener-unix-domain-socket.latest.golden +++ b/agent/xds/testdata/clusters/listener-unix-domain-socket.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/local-mesh-gateway-with-peered-upstreams.latest.golden b/agent/xds/testdata/clusters/local-mesh-gateway-with-peered-upstreams.latest.golden index 018997d5d0..cf0a67cd63 100644 --- a/agent/xds/testdata/clusters/local-mesh-gateway-with-peered-upstreams.latest.golden +++ b/agent/xds/testdata/clusters/local-mesh-gateway-with-peered-upstreams.latest.golden @@ -77,9 +77,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments" + } } ], "trustedCa": { @@ -126,9 +129,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden index f420e3236f..a1cd49975d 100644 --- a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden +++ b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden @@ -73,9 +73,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/alt" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/alt" + } } ], "trustedCa": { @@ -121,9 +124,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -169,9 +175,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/api" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/api" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http.latest.golden b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http.latest.golden index 3c41ffedbc..95d7b4defc 100644 --- a/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http.latest.golden +++ b/agent/xds/testdata/clusters/mesh-gateway-with-exported-peered-services-http.latest.golden @@ -47,9 +47,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" + } } ], "trustedCa": { @@ -95,9 +98,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + } } ], "trustedCa": { @@ -143,9 +149,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/gir" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/gir" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/splitter-with-resolver-redirect.latest.golden b/agent/xds/testdata/clusters/splitter-with-resolver-redirect.latest.golden index 72e8c720e9..9ffbfb9391 100644 --- a/agent/xds/testdata/clusters/splitter-with-resolver-redirect.latest.golden +++ b/agent/xds/testdata/clusters/splitter-with-resolver-redirect.latest.golden @@ -30,12 +30,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -106,9 +112,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -154,9 +163,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/telemetry-collector.latest.golden b/agent/xds/testdata/clusters/telemetry-collector.latest.golden index d9c8f4f8b8..28ce344d22 100644 --- a/agent/xds/testdata/clusters/telemetry-collector.latest.golden +++ b/agent/xds/testdata/clusters/telemetry-collector.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/consul-telemetry-collector" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/consul-telemetry-collector" + } } ], "trustedCa": { @@ -90,9 +93,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -134,12 +140,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/terminating-gateway-sni.latest.golden b/agent/xds/testdata/clusters/terminating-gateway-sni.latest.golden index 160e9bfdff..e3b9b57e91 100644 --- a/agent/xds/testdata/clusters/terminating-gateway-sni.latest.golden +++ b/agent/xds/testdata/clusters/terminating-gateway-sni.latest.golden @@ -46,9 +46,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "bar.com" + "sanType": "URI", + "matcher": { + "exact": "bar.com" + } } ], "trustedCa": { @@ -139,9 +142,12 @@ "commonTlsContext": { "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "foo.com" + "sanType": "URI", + "matcher": { + "exact": "foo.com" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/transparent-proxy-catalog-destinations-only.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-catalog-destinations-only.latest.golden index 3a3556a861..ec49fafae0 100644 --- a/agent/xds/testdata/clusters/transparent-proxy-catalog-destinations-only.latest.golden +++ b/agent/xds/testdata/clusters/transparent-proxy-catalog-destinations-only.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -129,9 +138,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + } } ], "trustedCa": { @@ -202,9 +214,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/no-endpoints" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/no-endpoints" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/transparent-proxy-destination-http.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-destination-http.latest.golden index 43ffe1773a..e98cd3f5b5 100644 --- a/agent/xds/testdata/clusters/transparent-proxy-destination-http.latest.golden +++ b/agent/xds/testdata/clusters/transparent-proxy-destination-http.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -81,9 +84,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + } } ], "trustedCa": { @@ -128,9 +134,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + } } ], "trustedCa": { @@ -175,9 +184,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + } } ], "trustedCa": { @@ -222,9 +234,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + } } ], "trustedCa": { @@ -266,12 +281,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/transparent-proxy-destination.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-destination.latest.golden index 3fdcc1c264..603a54f952 100644 --- a/agent/xds/testdata/clusters/transparent-proxy-destination.latest.golden +++ b/agent/xds/testdata/clusters/transparent-proxy-destination.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -81,9 +84,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + } } ], "trustedCa": { @@ -128,9 +134,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + } } ], "trustedCa": { @@ -175,9 +184,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + } } ], "trustedCa": { @@ -222,9 +234,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + } } ], "trustedCa": { @@ -266,12 +281,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.latest.golden index 490ef2d07c..9a9a0a7bb1 100644 --- a/agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.latest.golden +++ b/agent/xds/testdata/clusters/transparent-proxy-dial-instances-directly.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -129,9 +138,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + } } ], "trustedCa": { @@ -202,9 +214,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/mongo" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/mongo" + } } ], "trustedCa": { @@ -246,9 +261,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + } } ], "trustedCa": { @@ -283,9 +301,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/mongo" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/mongo" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/transparent-proxy-http-upstream.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-http-upstream.latest.golden index fdc8e77317..ef18c051c9 100644 --- a/agent/xds/testdata/clusters/transparent-proxy-http-upstream.latest.golden +++ b/agent/xds/testdata/clusters/transparent-proxy-http-upstream.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -129,9 +138,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + } } ], "trustedCa": { @@ -202,9 +214,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/no-endpoints" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/no-endpoints" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway-destinations-only.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway-destinations-only.latest.golden index 980d7f4ec7..a7bb651e2d 100644 --- a/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway-destinations-only.latest.golden +++ b/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway-destinations-only.latest.golden @@ -166,9 +166,12 @@ "commonTlsContext": { "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "api.test.com" + "sanType": "URI", + "matcher": { + "exact": "api.test.com" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway.latest.golden index 2b3ceabc61..d6914838eb 100644 --- a/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway.latest.golden +++ b/agent/xds/testdata/clusters/transparent-proxy-terminating-gateway.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -129,9 +138,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + } } ], "trustedCa": { @@ -177,9 +189,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden index 4e9ce5333b..027f481d3f 100644 --- a/agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden +++ b/agent/xds/testdata/clusters/transparent-proxy-with-peered-upstreams.latest.golden @@ -35,9 +35,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/api-a" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/api-a" + } } ], "trustedCa": { @@ -84,9 +87,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/db" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/transparent-proxy-with-resolver-redirect-upstream.latest.golden b/agent/xds/testdata/clusters/transparent-proxy-with-resolver-redirect-upstream.latest.golden index bf459c9ad9..774cfd2d09 100644 --- a/agent/xds/testdata/clusters/transparent-proxy-with-resolver-redirect-upstream.latest.golden +++ b/agent/xds/testdata/clusters/transparent-proxy-with-resolver-redirect-upstream.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -129,9 +138,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/transparent-proxy.latest.golden b/agent/xds/testdata/clusters/transparent-proxy.latest.golden index fdc8e77317..ef18c051c9 100644 --- a/agent/xds/testdata/clusters/transparent-proxy.latest.golden +++ b/agent/xds/testdata/clusters/transparent-proxy.latest.golden @@ -34,9 +34,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -78,12 +81,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -129,9 +138,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + } } ], "trustedCa": { @@ -202,9 +214,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/no-endpoints" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/no-endpoints" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/xds-fetch-timeout-ms-ingress-with-router.latest.golden b/agent/xds/testdata/clusters/xds-fetch-timeout-ms-ingress-with-router.latest.golden index 75d1532d5b..2fc2487f8b 100644 --- a/agent/xds/testdata/clusters/xds-fetch-timeout-ms-ingress-with-router.latest.golden +++ b/agent/xds/testdata/clusters/xds-fetch-timeout-ms-ingress-with-router.latest.golden @@ -35,9 +35,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + } } ], "trustedCa": { @@ -84,9 +87,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -133,9 +139,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" + } } ], "trustedCa": { @@ -182,9 +191,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" + } } ], "trustedCa": { @@ -231,9 +243,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" + } } ], "trustedCa": { @@ -280,9 +295,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + } } ], "trustedCa": { @@ -329,9 +347,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" + } } ], "trustedCa": { @@ -378,9 +399,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" + } } ], "trustedCa": { @@ -427,9 +451,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" + } } ], "trustedCa": { @@ -476,9 +503,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" + } } ], "trustedCa": { @@ -525,9 +555,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" + } } ], "trustedCa": { @@ -574,9 +607,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" + } } ], "trustedCa": { @@ -623,9 +659,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" + } } ], "trustedCa": { @@ -672,9 +711,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" + } } ], "trustedCa": { @@ -721,9 +763,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" + } } ], "trustedCa": { @@ -770,9 +815,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" + } } ], "trustedCa": { @@ -819,9 +867,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + } } ], "trustedCa": { @@ -868,9 +919,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" + } } ], "trustedCa": { @@ -917,9 +971,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" + } } ], "trustedCa": { @@ -966,9 +1023,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" + } } ], "trustedCa": { @@ -1015,9 +1075,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + } } ], "trustedCa": { @@ -1064,9 +1127,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" + } } ], "trustedCa": { @@ -1113,9 +1179,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" + } } ], "trustedCa": { @@ -1162,9 +1231,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" + } } ], "trustedCa": { @@ -1211,9 +1283,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" + } } ], "trustedCa": { @@ -1260,9 +1335,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" + } } ], "trustedCa": { @@ -1309,9 +1387,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" + } } ], "trustedCa": { @@ -1358,9 +1439,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" + } } ], "trustedCa": { @@ -1407,9 +1491,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" + } } ], "trustedCa": { @@ -1456,9 +1543,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/xds-fetch-timeout-ms-mgw-peering.latest.golden b/agent/xds/testdata/clusters/xds-fetch-timeout-ms-mgw-peering.latest.golden index ecc13b6005..d65f66f520 100644 --- a/agent/xds/testdata/clusters/xds-fetch-timeout-ms-mgw-peering.latest.golden +++ b/agent/xds/testdata/clusters/xds-fetch-timeout-ms-mgw-peering.latest.golden @@ -49,9 +49,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/bar" + } } ], "trustedCa": { @@ -98,9 +101,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/foo" + } } ], "trustedCa": { @@ -147,9 +153,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/gir" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/gir" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/xds-fetch-timeout-ms-sidecar.latest.golden b/agent/xds/testdata/clusters/xds-fetch-timeout-ms-sidecar.latest.golden index da22f6882d..9fe073c73c 100644 --- a/agent/xds/testdata/clusters/xds-fetch-timeout-ms-sidecar.latest.golden +++ b/agent/xds/testdata/clusters/xds-fetch-timeout-ms-sidecar.latest.golden @@ -35,9 +35,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/big-side" + } } ], "trustedCa": { @@ -84,9 +87,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -133,9 +139,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-1" + } } ], "trustedCa": { @@ -182,9 +191,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/empty-match-2" + } } ], "trustedCa": { @@ -231,9 +243,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/exact" + } } ], "trustedCa": { @@ -276,12 +291,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { @@ -328,9 +349,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/goldilocks-side" + } } ], "trustedCa": { @@ -377,9 +401,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact-with-method" + } } ], "trustedCa": { @@ -426,9 +453,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-exact" + } } ], "trustedCa": { @@ -475,9 +505,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-not-present" + } } ], "trustedCa": { @@ -524,9 +557,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-prefix" + } } ], "trustedCa": { @@ -573,9 +609,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-present" + } } ], "trustedCa": { @@ -622,9 +661,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-regex" + } } ], "trustedCa": { @@ -671,9 +713,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/hdr-suffix" + } } ], "trustedCa": { @@ -720,9 +765,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/header-manip" + } } ], "trustedCa": { @@ -769,9 +817,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/idle-timeout" + } } ], "trustedCa": { @@ -818,9 +869,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/just-methods" + } } ], "trustedCa": { @@ -867,9 +921,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/lil-bit-side" + } } ], "trustedCa": { @@ -941,9 +998,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/nil-match" + } } ], "trustedCa": { @@ -990,9 +1050,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-1" + } } ], "trustedCa": { @@ -1039,9 +1102,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix-rewrite-2" + } } ], "trustedCa": { @@ -1088,9 +1154,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prefix" + } } ], "trustedCa": { @@ -1137,9 +1206,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-exact" + } } ], "trustedCa": { @@ -1186,9 +1258,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-present" + } } ], "trustedCa": { @@ -1235,9 +1310,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/prm-regex" + } } ], "trustedCa": { @@ -1284,9 +1362,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/regex" + } } ], "trustedCa": { @@ -1333,9 +1414,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/req-timeout" + } } ], "trustedCa": { @@ -1382,9 +1466,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-all" + } } ], "trustedCa": { @@ -1431,9 +1518,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-codes" + } } ], "trustedCa": { @@ -1480,9 +1570,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-connect" + } } ], "trustedCa": { @@ -1529,9 +1622,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/retry-reset" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/xds-fetch-timeout-ms-tproxy-http-peering.latest.golden b/agent/xds/testdata/clusters/xds-fetch-timeout-ms-tproxy-http-peering.latest.golden index 44e1578fc0..ad09fc6f9e 100644 --- a/agent/xds/testdata/clusters/xds-fetch-timeout-ms-tproxy-http-peering.latest.golden +++ b/agent/xds/testdata/clusters/xds-fetch-timeout-ms-tproxy-http-peering.latest.golden @@ -77,9 +77,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/payments" + } } ], "trustedCa": { @@ -135,9 +138,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds" + "sanType": "URI", + "matcher": { + "exact": "spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/cloud-dc/svc/refunds" + } } ], "trustedCa": { diff --git a/agent/xds/testdata/clusters/xds-fetch-timeout-ms-tproxy-passthrough.latest.golden b/agent/xds/testdata/clusters/xds-fetch-timeout-ms-tproxy-passthrough.latest.golden index 447d8ff712..aed3225ab2 100644 --- a/agent/xds/testdata/clusters/xds-fetch-timeout-ms-tproxy-passthrough.latest.golden +++ b/agent/xds/testdata/clusters/xds-fetch-timeout-ms-tproxy-passthrough.latest.golden @@ -35,9 +35,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db" + } } ], "trustedCa": { @@ -83,9 +86,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka" + } } ], "trustedCa": { @@ -131,9 +137,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + } } ], "trustedCa": { @@ -179,9 +188,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/kafka2" + } } ], "trustedCa": { @@ -227,9 +239,12 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/google" + } } ], "trustedCa": { @@ -272,12 +287,18 @@ ], "tlsParams": {}, "validationContext": { - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target" + } }, { - "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + "sanType": "URI", + "matcher": { + "exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target" + } } ], "trustedCa": { diff --git a/agent/xdsv2/listener_resources.go b/agent/xdsv2/listener_resources.go index 29c0e42af0..2304484021 100644 --- a/agent/xdsv2/listener_resources.go +++ b/agent/xdsv2/listener_resources.go @@ -730,13 +730,16 @@ func (pr *ProxyResources) makeEnvoyTransportSocket(ts *pbproxystate.TransportSoc return nil, fmt.Errorf("failed to create transport socket: provided peer name does not exist in trust bundle map: %s", peerName) } - var matchers []*envoy_matcher_v3.StringMatcher + var matchers []*envoy_tls_v3.SubjectAltNameMatcher if len(om.ValidationContext.SpiffeIds) > 0 { - matchers = make([]*envoy_matcher_v3.StringMatcher, 0) + matchers = make([]*envoy_tls_v3.SubjectAltNameMatcher, 0) for _, m := range om.ValidationContext.SpiffeIds { - matchers = append(matchers, &envoy_matcher_v3.StringMatcher{ - MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ - Exact: m, + matchers = append(matchers, &envoy_tls_v3.SubjectAltNameMatcher{ + SanType: envoy_tls_v3.SubjectAltNameMatcher_URI, + Matcher: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ + Exact: m, + }, }, }) } @@ -749,7 +752,7 @@ func (pr *ProxyResources) makeEnvoyTransportSocket(ts *pbproxystate.TransportSoc InlineString: RootPEMsAsString(tb.Roots), }, }, - MatchSubjectAltNames: matchers, + MatchTypedSubjectAltNames: matchers, }, } diff --git a/agent/xdsv2/testdata/clusters/destination/l4-implicit-and-explicit-destinations-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/l4-implicit-and-explicit-destinations-tproxy.golden index 089bfb7c20..dce12e98c0 100644 --- a/agent/xdsv2/testdata/clusters/destination/l4-implicit-and-explicit-destinations-tproxy.golden +++ b/agent/xdsv2/testdata/clusters/destination/l4-implicit-and-explicit-destinations-tproxy.golden @@ -42,9 +42,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } } ] }, @@ -90,9 +93,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } } ] }, diff --git a/agent/xdsv2/testdata/clusters/destination/l4-multi-destination.golden b/agent/xdsv2/testdata/clusters/destination/l4-multi-destination.golden index c88d7770d8..c833ead80d 100644 --- a/agent/xdsv2/testdata/clusters/destination/l4-multi-destination.golden +++ b/agent/xdsv2/testdata/clusters/destination/l4-multi-destination.golden @@ -41,9 +41,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } } ] }, @@ -89,9 +92,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } } ] }, @@ -137,9 +143,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } } ] }, @@ -185,9 +194,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } } ] }, diff --git a/agent/xdsv2/testdata/clusters/destination/l4-multiple-implicit-destinations-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/l4-multiple-implicit-destinations-tproxy.golden index 089bfb7c20..dce12e98c0 100644 --- a/agent/xdsv2/testdata/clusters/destination/l4-multiple-implicit-destinations-tproxy.golden +++ b/agent/xdsv2/testdata/clusters/destination/l4-multiple-implicit-destinations-tproxy.golden @@ -42,9 +42,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } } ] }, @@ -90,9 +93,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } } ] }, diff --git a/agent/xdsv2/testdata/clusters/destination/l4-single-destination-ip-port-bind-address.golden b/agent/xdsv2/testdata/clusters/destination/l4-single-destination-ip-port-bind-address.golden index 293416e373..c19c10377e 100644 --- a/agent/xdsv2/testdata/clusters/destination/l4-single-destination-ip-port-bind-address.golden +++ b/agent/xdsv2/testdata/clusters/destination/l4-single-destination-ip-port-bind-address.golden @@ -41,9 +41,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } } ] }, @@ -89,9 +92,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } } ] }, diff --git a/agent/xdsv2/testdata/clusters/destination/l4-single-destination-unix-socket-bind-address.golden b/agent/xdsv2/testdata/clusters/destination/l4-single-destination-unix-socket-bind-address.golden index 742dbd0ea8..882d5366b4 100644 --- a/agent/xdsv2/testdata/clusters/destination/l4-single-destination-unix-socket-bind-address.golden +++ b/agent/xdsv2/testdata/clusters/destination/l4-single-destination-unix-socket-bind-address.golden @@ -35,9 +35,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } } ] }, diff --git a/agent/xdsv2/testdata/clusters/destination/l4-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/l4-single-implicit-destination-tproxy.golden index 0c86051ad7..370d4c9320 100644 --- a/agent/xdsv2/testdata/clusters/destination/l4-single-implicit-destination-tproxy.golden +++ b/agent/xdsv2/testdata/clusters/destination/l4-single-implicit-destination-tproxy.golden @@ -42,9 +42,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } } ] }, diff --git a/agent/xdsv2/testdata/clusters/destination/mixed-multi-destination.golden b/agent/xdsv2/testdata/clusters/destination/mixed-multi-destination.golden index b87031ba81..fd1a5e0bdd 100644 --- a/agent/xdsv2/testdata/clusters/destination/mixed-multi-destination.golden +++ b/agent/xdsv2/testdata/clusters/destination/mixed-multi-destination.golden @@ -35,9 +35,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } } ] }, @@ -83,9 +86,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/backup1-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/backup1-identity" + } } ] }, @@ -148,9 +154,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } } ] }, @@ -202,9 +211,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api1-identity" + } } ] }, @@ -250,9 +262,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api2-identity" + } } ] }, diff --git a/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden index ec39ef3578..16a2dd9fc8 100644 --- a/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden +++ b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-multiple-implicit-destinations-tproxy.golden @@ -35,9 +35,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } } ] }, @@ -83,9 +86,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + } } ] }, @@ -138,9 +144,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } } ] }, @@ -186,9 +195,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + } } ] }, @@ -234,9 +246,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } } ] }, @@ -282,9 +297,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app2-identity" + } } ] }, diff --git a/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden index d8cad46e79..bfebdfd7d2 100644 --- a/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden +++ b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-tproxy.golden @@ -35,9 +35,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } } ] }, @@ -90,9 +93,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } } ] }, @@ -138,9 +144,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } } ] }, diff --git a/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden index d8cad46e79..bfebdfd7d2 100644 --- a/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden +++ b/agent/xdsv2/testdata/clusters/destination/multiport-l4-and-l7-single-implicit-destination-with-multiple-workloads-tproxy.golden @@ -35,9 +35,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } } ] }, @@ -90,9 +93,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } } ] }, @@ -138,9 +144,12 @@ "trustedCa": { "inlineString": "some-root\nsome-other-root\n" }, - "matchSubjectAltNames": [ + "matchTypedSubjectAltNames": [ { - "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + "sanType": "URI", + "matcher": { + "exact": "spiffe://foo.consul/ap/default/ns/default/identity/api-app-identity" + } } ] }, diff --git a/troubleshoot/proxy/testdata/config.json b/troubleshoot/proxy/testdata/config.json index 9a2e88578b..bee06ec025 100644 --- a/troubleshoot/proxy/testdata/config.json +++ b/troubleshoot/proxy/testdata/config.json @@ -1962,9 +1962,12 @@ "trusted_ca": { "inline_string": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBCzAKBggqhkjOPQQDAjAxMS8wLQYDVQQDEyZwcmktYWRk\najM4YWsuY29uc3VsLmNhLjc4MzhiNGJkLmNvbnN1bDAeFw0yMzAxMjcxNzI2MjVa\nFw0zMzAxMjQxNzI2MjVaMDExLzAtBgNVBAMTJnByaS1hZGRqMzhhay5jb25zdWwu\nY2EuNzgzOGI0YmQuY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkCV2\nZ+2bi4uRGjiUye4K5CO8IhF/7nqsTFG+f4dRio7JLOkAUDzlGLKbH+mLqce0YLzb\nS9hpIJjSk3ge+q8EPaOBvTCBujAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw\nAwEB/zApBgNVHQ4EIgQgUYvu/s5FtHrW/Ilzfbe1QgkGOEKJjXvn7AiEQ8WS+pIw\nKwYDVR0jBCQwIoAgUYvu/s5FtHrW/Ilzfbe1QgkGOEKJjXvn7AiEQ8WS+pIwPwYD\nVR0RBDgwNoY0c3BpZmZlOi8vNzgzOGI0YmQtNThiMy04MTE3LTNkZjEtNjA1ODQ5\nMTA1NDFiLmNvbnN1bDAKBggqhkjOPQQDAgNHADBEAiAv+zXWDgQsI9dPeedNCvI6\ntSP0bFU6q1LiL2b6PPR55wIgftf6sS3lzp5dSwhm7VgksQRKzAV7ixmXP0nMWdwT\nbQo=\n-----END CERTIFICATE-----\n" }, - "match_subject_alt_names": [ + "match_typed_subject_alt_names": [ { - "exact": "spiffe://7838b4bd-58b3-8117-3df1-60584910541b.consul/ns/default/dc/dc1/svc/backend" + "san_type": "URI", + "matcher": { + "exact": "spiffe://7838b4bd-58b3-8117-3df1-60584910541b.consul/ns/default/dc/dc1/svc/backend" + } } ] } @@ -2014,9 +2017,12 @@ "trusted_ca": { "inline_string": "-----BEGIN CERTIFICATE-----\nMIICDjCCAbWgAwIBAgIBCzAKBggqhkjOPQQDAjAxMS8wLQYDVQQDEyZwcmktYWRk\najM4YWsuY29uc3VsLmNhLjc4MzhiNGJkLmNvbnN1bDAeFw0yMzAxMjcxNzI2MjVa\nFw0zMzAxMjQxNzI2MjVaMDExLzAtBgNVBAMTJnByaS1hZGRqMzhhay5jb25zdWwu\nY2EuNzgzOGI0YmQuY29uc3VsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEkCV2\nZ+2bi4uRGjiUye4K5CO8IhF/7nqsTFG+f4dRio7JLOkAUDzlGLKbH+mLqce0YLzb\nS9hpIJjSk3ge+q8EPaOBvTCBujAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUw\nAwEB/zApBgNVHQ4EIgQgUYvu/s5FtHrW/Ilzfbe1QgkGOEKJjXvn7AiEQ8WS+pIw\nKwYDVR0jBCQwIoAgUYvu/s5FtHrW/Ilzfbe1QgkGOEKJjXvn7AiEQ8WS+pIwPwYD\nVR0RBDgwNoY0c3BpZmZlOi8vNzgzOGI0YmQtNThiMy04MTE3LTNkZjEtNjA1ODQ5\nMTA1NDFiLmNvbnN1bDAKBggqhkjOPQQDAgNHADBEAiAv+zXWDgQsI9dPeedNCvI6\ntSP0bFU6q1LiL2b6PPR55wIgftf6sS3lzp5dSwhm7VgksQRKzAV7ixmXP0nMWdwT\nbQo=\n-----END CERTIFICATE-----\n" }, - "match_subject_alt_names": [ + "match_typed_subject_alt_names": [ { - "exact": "spiffe://7838b4bd-58b3-8117-3df1-60584910541b.consul/ns/default/dc/dc1/svc/backend2" + "san_type": "URI", + "matcher": { + "exact": "spiffe://7838b4bd-58b3-8117-3df1-60584910541b.consul/ns/default/dc/dc1/svc/backend" + } } ] }