R.B. Boyer
201d1458c3
xds: mesh gateways now have their own leaf certificate when involved in a peering ( #13460 )
...
This is only configured in xDS when a service with an L7 protocol is
exported.
They also load any relevant trust bundles for the peered services to
eventually use for L7 SPIFFE validation during mTLS termination.
2022-06-15 14:36:18 -05:00
R.B. Boyer
db91cbf484
auto-config: ensure the feature works properly with partitions ( #11699 )
2021-12-01 13:32:34 -06:00
jkirschner-hashicorp
5f73de6fbc
Merge pull request #10560 from jkirschner-hashicorp/change-sane-to-reasonable
...
Replace use of 'sane' where appropriate
2021-07-06 11:46:04 -04:00
Jared Kirschner
bd536151e1
Replace use of 'sane' where appropriate
...
HashiCorp voice, style, and language guidelines recommend avoiding ableist
language unless its reference to ability is accurate in a particular use.
2021-07-02 12:18:46 -04:00
R.B. Boyer
ed8a901be7
connect: include optional partition prefixes in SPIFFE identifiers ( #10507 )
...
NOTE: this does not include any intentions enforcement changes yet
2021-06-25 16:47:47 -05:00
freddygv
31e757de2a
Replace CertURI.Authorize() calls.
...
AuthorizeIntentionTarget is a generalized version of the old function,
and can be evaluated against sources or destinations.
2021-03-15 18:06:04 -06:00
Hans Hasselberg
33a7df3330
tls: auto_encrypt enables automatic RPC cert provisioning for consul clients ( #5597 )
2019-06-27 22:22:07 +02:00
R.B. Boyer
f4a3b9d518
fix typos reported by golangci-lint:misspell ( #5434 )
2019-03-06 11:13:28 -06:00
Paul Banks
1909a95118
xDS Server Implementation ( #4731 )
...
* Vendor updates for gRPC and xDS server
* xDS server implementation for serving Envoy as a Connect proxy
* Address initial review comments
* consistent envoy package aliases; typos fixed; override TLS and authz for custom listeners
* Moar Typos
* Moar typos
2018-10-10 16:55:34 +01:00
Mitchell Hashimoto
3ef0b93159
agent/connect: Authorize for CertURI
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
ffe4cdfc15
agent/connect: support any values in the URL
2018-06-14 09:41:54 -07:00
Mitchell Hashimoto
75bf0e1638
agent/connect: support SpiffeIDSigning
2018-06-14 09:41:53 -07:00
Mitchell Hashimoto
17ca8ad083
agent/connect: rename SpiffeID to CertURI
2018-06-14 09:41:53 -07:00