consul/command/connect
R.B. Boyer 31b95c747b
xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629)
When the protocol is http-like, and an intention has a peered source
then the normal RBAC mTLS SAN field check is replaces with a joint combo
of:

    mTLS SAN field must be the service's local mesh gateway leaf cert
      AND
    the first XFCC header (from the MGW) must have a URI field that matches the original intention source

Also:

- Update the regex program limit to be much higher than the teeny
  defaults, since the RBAC regex constructions are more complicated now.

- Fix a few stray panics in xds generation.
2022-06-29 10:29:54 -05:00
..
ca bulk rewrite using this script 2022-01-20 10:46:23 -06:00
envoy xds: modify rbac rules to use the XFCC header for peered L7 enforcement (#13629) 2022-06-29 10:29:54 -05:00
expose syncing changes back from enterprise (#12701) 2022-04-05 15:46:56 -05:00
proxy bulk rewrite using this script 2022-01-20 10:46:23 -06:00
redirecttraffic command/redirect_traffic: Redirect DNS requests to Consul if -consul-dns-ip is passed in (#11480) 2021-11-10 09:10:48 -05:00
connect.go Original proxy and connect.Client implementation. Working end to end. 2018-06-14 09:41:56 -07:00
connect_test.go Builtin tls helper (#5078) 2018-12-19 09:22:49 +01:00