status-im
/
consul
mirror of https://github.com/status-im/consul.git
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
consul/agent/xds
History
Derek Menteer 3e8ec8d18e
Fix SAN matching on terminating gateways (#20417) 
Fixes issue: hashicorp/consul#20360

A regression was introduced in hashicorp/consul#19954 where the SAN validation
matching was reduced from 4 potential types down to just the URI.

Terminating gateways will need to match on many fields depending on user
configuration, since they make egress calls outside of the cluster. Having more
than one matcher behaves like an OR operation, where any match is sufficient to
pass the certificate validation. To maintain backwards compatibility with the
old untyped `match_subject_alt_names` Envoy behavior, we should match on all 4
enum types.

https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto#enum-extensions-transport-sockets-tls-v3-subjectaltnamematcher-santype
 		2024-01-31 12:17:45 -06:00
..
accesslogs catalog,mesh,auth: Bump versions to v2beta1 (#18930) 2023-09-22 10:51:15 -06:00
config Fix ClusterLoadAssignment timeouts dropping endpoints. (#19871) 2023-12-11 09:25:11 -06:00
configfetcher chore: fix missing/incorrect license headers (#18555) 2023-08-22 17:23:54 -05:00
extensionruntime Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
naming [NET-4799] [OSS] xdsv2: listeners L4 support for connect proxies (#18436) 2023-08-15 11:57:07 -07:00
platform Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
proxystateconverter Remove V2 PeerName field from pbresource.Tenancy (#19865) 2024-01-29 15:08:31 -05:00
response Net 5092/internal l7 traffic permissions (#20276) 2024-01-23 20:07:58 -06:00
testcommon [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
testdata Fix SAN matching on terminating gateways (#20417) 2024-01-31 12:17:45 -06:00
validateupstream-test Fix ClusterLoadAssignment timeouts dropping endpoints. (#19871) 2023-12-11 09:25:11 -06:00
clusters.go Fix SAN matching on terminating gateways (#20417) 2024-01-31 12:17:45 -06:00
clusters_test.go Migrate remaining individual resource tests for service mesh to TestAllResourcesFromSnapshot (#19583) 2023-11-09 20:08:37 +00:00
delta.go Fix xDS missing endpoint race condition. (#19866) 2023-12-08 11:37:12 -06:00
delta_envoy_extender_ce_test.go Fix ClusterLoadAssignment timeouts dropping endpoints. (#19871) 2023-12-11 09:25:11 -06:00
delta_envoy_extender_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
delta_test.go Fix xDS missing endpoint race condition. (#19866) 2023-12-08 11:37:12 -06:00
endpoints.go [NET-6221] Ensure LB policy set for locality-aware routing (CE) (#19283) 2023-10-19 10:13:27 -04:00
endpoints_test.go Migrate individual resource tests for Mesh Gateway to TestAllResourcesFromSnapshot (#19502) 2023-11-09 16:39:16 +00:00
failover_policy.go Fix SAN matching on terminating gateways (#20417) 2024-01-31 12:17:45 -06:00
failover_policy_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
golden_test.go xds: update golden tests to be deterministic (#18707) 2023-09-11 11:40:19 -05:00
gw_per_route_filters_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
jwt_authn.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
jwt_authn_ce.go [NET-5457] Fix CE code for jwt multiple virtual hosts bug (#19123) 2023-10-10 16:25:36 -04:00
jwt_authn_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
listeners.go Fix ClusterLoadAssignment timeouts dropping endpoints. (#19871) 2023-12-11 09:25:11 -06:00
listeners_apigateway.go Fix ClusterLoadAssignment timeouts dropping endpoints. (#19871) 2023-12-11 09:25:11 -06:00
listeners_ingress.go Fix ClusterLoadAssignment timeouts dropping endpoints. (#19871) 2023-12-11 09:25:11 -06:00
listeners_test.go Migrate remaining individual resource tests for service mesh to TestAllResourcesFromSnapshot (#19583) 2023-11-09 20:08:37 +00:00
locality_policy.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
locality_policy_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
protocol_trace.go NET-5338 - NET-5338 - Run a v2 mode xds server (#18579) 2023-08-24 16:44:14 -06:00
rbac.go NET-6946 / NET-6941 - Replace usage of deprecated Envoy fields envoy.config.route.v3.HeaderMatcher.safe_regex_match and envoy.type.matcher.v3.RegexMatcher.google_re2 (#20013) 2024-01-03 09:53:39 -07:00
rbac_test.go Net 5092/internal l7 traffic permissions (#20276) 2024-01-23 20:07:58 -06:00
resources.go [NET-4799] [OSS] xdsv2: listeners L4 support for connect proxies (#18436) 2023-08-15 11:57:07 -07:00
resources_ce_test.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
resources_test.go Fix ClusterLoadAssignment timeouts dropping endpoints. (#19871) 2023-12-11 09:25:11 -06:00
routes.go Case sensitive route match (#19647) 2024-01-22 09:23:24 -06:00
routes_test.go Migrate individual resource tests for API Gateway to TestAllResourcesFromSnapshot (#19584) 2023-11-09 17:01:54 +00:00
secrets.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
server.go Watch the ProxyTracker from xDS controller (#18611) 2023-08-29 14:39:29 -07:00
server_ce.go Remove old build tags (#19128) 2023-10-10 10:58:06 -04:00
testing.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
xds.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00
xds_protocol_helpers_test.go Fix SAN matching on terminating gateways (#20417) 2024-01-31 12:17:45 -06:00
z_xds_packages.go Various bits of cleanup detected when using Go Workspaces (#17462) 2023-06-05 16:08:39 -04:00
z_xds_packages_test.go [COMPLIANCE] License changes (#18443) 2023-08-11 09:12:13 -04:00