Skip to content

Commit

Permalink
backport of commit 1fffd23
Browse files Browse the repository at this point in the history
  • Loading branch information
Thomas Eckert committed Oct 6, 2023
1 parent 2f54aff commit 17134b9
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 5 deletions.
11 changes: 7 additions & 4 deletions agent/xds/listeners_test.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -934,12 +934,12 @@ func TestListenersFromSnapshot(t *testing.T) {
Bundles: []*pbpeering.PeeringTrustBundle{
{
TrustDomain: "foo.bar.gov",
PeerName: "dc1",
PeerName: "dc2",
Partition: "default",
RootPEMs: []string{
roots.Roots[0].RootCert,
},
ExportedPartition: "dc1",
ExportedPartition: "default",
CreateIndex: 0,
ModifyIndex: 0,
},
Expand All @@ -950,8 +950,11 @@ func TestListenersFromSnapshot(t *testing.T) {
CorrelationID: "service-intentions:web",
Result: structs.Intentions{
{
SourceName: "*",
DestinationName: "web",
SourceName: "source",
SourcePeer: "dc2",
DestinationName: "web",
DestinationPartition: "default",
Action: structs.IntentionActionAllow,
},
},
},
Expand Down
24 changes: 23 additions & 1 deletion agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,29 @@
"name": "envoy.filters.network.rbac",
"typedConfig": {
"@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
"rules": {},
"rules": {
"policies": {
"consul-intentions-layer4": {
"permissions": [
{
"any": true
}
],
"principals": [
{
"authenticated": {
"principalName": {
"safeRegex": {
"googleRe2": {},
"regex": "^spiffe://foo.bar.gov/ns/default/dc/[^/]+/svc/source$"
}
}
}
}
]
}
}
},
"statPrefix": "connect_authz"
}
},
Expand Down

0 comments on commit 17134b9

Please sign in to comment.