consul/command
R.B. Boyer 31b95c747b
xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629)
When the protocol is http-like, and an intention has a peered source
then the normal RBAC mTLS SAN field check is replaces with a joint combo
of:

    mTLS SAN field must be the service's local mesh gateway leaf cert
      AND
    the first XFCC header (from the MGW) must have a URI field that matches the original intention source

Also:

- Update the regex program limit to be much higher than the teeny
  defaults, since the RBAC regex constructions are more complicated now.

- Fix a few stray panics in xds generation.
2022-06-29 10:29:54 -05:00
..
acl Fix namespace default field names in expanded token output 2022-04-13 16:46:39 -07:00
agent Fixup agent startup 2022-06-09 17:04:05 -07:00
catalog re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
cli cmd: introduce a shim to expose Stdout/Stderr writers 2021-06-02 16:51:34 -04:00
config update gateway-services table with endpoints (#13217) 2022-05-31 16:20:12 -04:00
connect xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 2022-06-29 10:29:54 -05:00
debug debug: update CLI docs 2022-02-15 18:16:12 -05:00
event testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
exec Replace use of 'sane' where appropriate 2021-07-02 12:18:46 -04:00
flags bulk rewrite using this script 2022-01-20 10:46:23 -06:00
forceleave agent: add variation of force-leave that exclusively works on the WAN (#11722) 2021-12-02 17:15:10 -06:00
helpers
info testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
intention bulk rewrite using this script 2022-01-20 10:46:23 -06:00
join partitions: various refactors to support partitioning the serf LAN pool (#11568) 2021-11-15 09:51:14 -06:00
keygen
keyring Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
kv KV refactoring, part 2 (#11512) 2021-11-08 11:43:21 -05:00
leave testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
lock re-run gofmt on 1.17 (#11579) 2021-11-16 12:04:01 -06:00
login Add IAM Auth Method (#12583) 2022-03-31 10:18:48 -05:00
logout acl: gRPC login and logout endpoints (#12935) 2022-05-04 17:38:45 +01:00
maint Fix maint test 2021-07-30 12:58:46 -04:00
members Fixup acl.EnterpriseMeta 2022-04-05 15:11:49 -07:00
monitor fix monitor to only start the monitor in json format when requested (#10358) 2021-06-07 12:08:48 -04:00
operator testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
reload testing: skip slow tests with -short 2020-12-07 13:42:55 -05:00
rtt catalog: compare node names case insensitively in more places (#12444) 2022-02-24 16:54:47 -06:00
services bulk rewrite using this script 2022-01-20 10:46:23 -06:00
snapshot Vendor in rpc mono repo for net/rpc fork, go-msgpack, msgpackrpc. (#12311) 2022-02-14 09:45:45 -08:00
tls Merge pull request #11884 from assareh/patch-1 2022-01-04 15:17:32 -05:00
validate config: replace calls to config.NewBuilder with config.Load 2021-01-27 17:34:43 -05:00
version Fix issue with consul version tests 2022-06-09 17:04:05 -07:00
watch cli: Test API access using /status/leader in consul watch (#10795) 2021-08-09 09:00:33 -07:00
registry.go Refactor some functions for better enterprise use (#13280) 2022-05-30 09:46:55 -04:00
registry_oss.go Add build tag for oss (#13279) 2022-05-27 11:39:58 -04:00