mirror of
https://github.com/status-im/consul.git
synced 2025-01-09 21:35:52 +00:00
31b95c747b
When the protocol is http-like, and an intention has a peered source
then the normal RBAC mTLS SAN field check is replaces with a joint combo
of:
mTLS SAN field must be the service's local mesh gateway leaf cert
AND
the first XFCC header (from the MGW) must have a URI field that matches the original intention source
Also:
- Update the regex program limit to be much higher than the teeny
defaults, since the RBAC regex constructions are more complicated now.
- Fix a few stray panics in xds generation.
89 lines
1.8 KiB
Plaintext
89 lines
1.8 KiB
Plaintext
{
|
|
"admin": {
|
|
"access_log_path": "/dev/null",
|
|
"address": {
|
|
"socket_address": {
|
|
"address": "127.0.0.1",
|
|
"port_value": 19000
|
|
}
|
|
}
|
|
},
|
|
"node": {
|
|
"cluster": "test",
|
|
"id": "test-proxy",
|
|
"metadata": {
|
|
"namespace": "default",
|
|
"partition": "default"
|
|
}
|
|
},
|
|
"layered_runtime": {
|
|
"layers": [
|
|
{
|
|
"name": "base",
|
|
"static_layer": {
|
|
"re2.max_program_size.error_level": 1048576
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"static_resources": {
|
|
"clusters": [
|
|
{
|
|
"name": "local_agent",
|
|
"ignore_health_on_host_removal": false,
|
|
"connect_timeout": "1s",
|
|
"type": "STATIC",
|
|
"http2_protocol_options": {},
|
|
"loadAssignment": {
|
|
"clusterName": "local_agent",
|
|
"endpoints": [
|
|
{
|
|
"lbEndpoints": [
|
|
{
|
|
"endpoint": {
|
|
"address": {
|
|
"socket_address": {
|
|
"address": "127.0.0.1",
|
|
"port_value": 8502
|
|
}
|
|
}
|
|
}
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"stats_config": {
|
|
"name": "fake_config"
|
|
},
|
|
"dynamic_resources": {
|
|
"lds_config": {
|
|
"ads": {},
|
|
"resource_api_version": "V3"
|
|
},
|
|
"cds_config": {
|
|
"ads": {},
|
|
"resource_api_version": "V3"
|
|
},
|
|
"ads_config": {
|
|
"api_type": "DELTA_GRPC",
|
|
"transport_api_version": "V3",
|
|
"grpc_services": {
|
|
"initial_metadata": [
|
|
{
|
|
"key": "x-consul-token",
|
|
"value": ""
|
|
}
|
|
],
|
|
"envoy_grpc": {
|
|
"cluster_name": "local_agent"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|