consul/agent/xds/testdata/rbac
Chris S. Kim a02e9abcc1
Update RBAC to handle imported services (#13404)
When converting from Consul intentions to xds RBAC rules, services imported from other peers must encode additional data like partition (from the remote cluster) and trust domain.

This PR updates the PeeringTrustBundle to hold the sending side's local partition as ExportedPartition. It also updates RBAC code to encode SpiffeIDs of imported services with the ExportedPartition and TrustDomain.
2022-06-10 17:15:22 -04:00
..
default-allow-deny-all-and-path-allow--httpfilter.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-allow-deny-all-and-path-allow.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-allow-deny-all-and-path-deny--httpfilter.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-allow-deny-all-and-path-deny.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-allow-kitchen-sink--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-allow-kitchen-sink.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-allow-one-deny--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-allow-one-deny.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-allow-path-allow--httpfilter.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-allow-path-allow.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-allow-path-deny--httpfilter.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-allow-path-deny.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-allow-service-wildcard-deny--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-allow-service-wildcard-deny.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-allow-single-intention-with-kitchen-sink-perms--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-allow-single-intention-with-kitchen-sink-perms.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-allow-two-path-deny-and-path-allow--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-allow-two-path-deny-and-path-allow.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-allow-deny--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-allow-deny.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-deny-all-and-path-allow--httpfilter.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-deny-deny-all-and-path-allow.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-deny-deny-all-and-path-deny--httpfilter.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-deny-deny-all-and-path-deny.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-deny-kitchen-sink--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-kitchen-sink.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-mixed-precedence--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-mixed-precedence.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-one-allow--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-one-allow.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-path-allow--httpfilter.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-deny-path-allow.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-deny-path-deny--httpfilter.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-deny-path-deny.golden xds: ensure single L7 deny intention with default deny policy does not result in allow action (CVE-2021-36213) (#10619) 2021-07-15 10:09:00 -05:00
default-deny-peered-kitchen-sink--httpfilter.golden Update RBAC to handle imported services (#13404) 2022-06-10 17:15:22 -04:00
default-deny-peered-kitchen-sink.golden Update RBAC to handle imported services (#13404) 2022-06-10 17:15:22 -04:00
default-deny-service-wildcard-allow--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-service-wildcard-allow.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-single-intention-with-kitchen-sink-perms--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-single-intention-with-kitchen-sink-perms.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-two-path-deny-and-path-allow--httpfilter.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00
default-deny-two-path-deny-and-path-allow.golden xds: default to speaking xDS v3, but allow for v2 to be spoken upon request (#9658) 2021-02-26 16:23:15 -06:00