Skip to content

Commit

Permalink
Merge d0fa205 into backport/export-terminating-gw-service/gratefully-…
Browse files Browse the repository at this point in the history
…welcome-panther
  • Loading branch information
hc-github-team-consul-core authored Apr 3, 2024
2 parents bc1fe92 + d0fa205 commit 59a284c
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 22 deletions.
28 changes: 10 additions & 18 deletions agent/xds/resources_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,6 @@ import (
"github.com/hashicorp/consul/agent/xds/testcommon"
"github.com/hashicorp/consul/agent/xdsv2"
"github.com/hashicorp/consul/envoyextensions/xdscommon"
"github.com/hashicorp/consul/proto/private/pbpeering"
"github.com/hashicorp/consul/sdk/testutil"
"github.com/hashicorp/consul/types"
)
Expand Down Expand Up @@ -2281,32 +2280,25 @@ func getTerminatingGatewayPeeringGoldenTestCases() []goldenTestCase {
{
name: "terminating-gateway-with-peer-trust-bundle",
create: func(t testinf.T) *proxycfg.ConfigSnapshot {
roots, _ := proxycfg.TestCerts(t)
bundles := proxycfg.TestPeerTrustBundles(t)
return proxycfg.TestConfigSnapshotTerminatingGateway(t, true, nil, []proxycfg.UpdateEvent{
{
CorrelationID: "peer-trust-bundle:web",
Result: &pbpeering.TrustBundleListByServiceResponse{
Bundles: []*pbpeering.PeeringTrustBundle{
{
TrustDomain: "foo.bar.gov",
PeerName: "dc2",
Partition: "default",
RootPEMs: []string{
roots.Roots[0].RootCert,
},
ExportedPartition: "default",
CreateIndex: 0,
ModifyIndex: 0,
},
},
},
Result: bundles,
},
{
CorrelationID: "service-intentions:web",
Result: structs.SimplifiedIntentions{
{
SourceName: "source",
SourcePeer: "dc2",
SourcePeer: bundles.Bundles[0].PeerName,
DestinationName: "web",
DestinationPartition: "default",
Action: structs.IntentionActionAllow,
},
{
SourceName: "source",
SourcePeer: bundles.Bundles[1].PeerName,
DestinationName: "web",
DestinationPartition: "default",
Action: structs.IntentionActionAllow,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,8 @@
"filterChainMatch": {
"serverNames": [
"web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul",
"web.default.default.dc2.external.11111111-2222-3333-4444-555555555555.consul"
"web.default.default.peer-a.external.11111111-2222-3333-4444-555555555555.consul",
"web.default.default.peer-b.external.11111111-2222-3333-4444-555555555555.consul"
]
},
"filters": [
Expand All @@ -185,7 +186,16 @@
"authenticated": {
"principalName": {
"safeRegex": {
"regex": "^spiffe://foo.bar.gov/ns/default/dc/[^/]+/svc/source$"
"regex": "^spiffe://1c053652-8512-4373-90cf-5a7f6263a994.consul/ns/default/dc/[^/]+/svc/source$"
}
}
}
},
{
"authenticated": {
"principalName": {
"safeRegex": {
"regex": "^spiffe://d89ac423-e95a-475d-94f2-1c557c57bf31.consul/ns/default/dc/[^/]+/svc/source$"
}
}
}
Expand Down Expand Up @@ -235,9 +245,15 @@
}
},
{
"name": "foo.bar.gov",
"name": "1c053652-8512-4373-90cf-5a7f6263a994.consul",
"trustBundle": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICczCCAdwCCQC3BLnEmLCrSjANBgkqhkiG9w0BAQsFADB+MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQVoxEjAQBgNVBAcMCUZsYWdzdGFmZjEMMAoGA1UECgwDRm9v\nMRAwDgYDVQQLDAdleGFtcGxlMQ8wDQYDVQQDDAZwZWVyLWExHTAbBgkqhkiG9w0B\nCQEWDmZvb0BwZWVyLWEuY29tMB4XDTIyMDUyNjAxMDQ0NFoXDTIzMDUyNjAxMDQ0\nNFowfjELMAkGA1UEBhMCVVMxCzAJBgNVBAgMAkFaMRIwEAYDVQQHDAlGbGFnc3Rh\nZmYxDDAKBgNVBAoMA0ZvbzEQMA4GA1UECwwHZXhhbXBsZTEPMA0GA1UEAwwGcGVl\nci1hMR0wGwYJKoZIhvcNAQkBFg5mb29AcGVlci1hLmNvbTCBnzANBgkqhkiG9w0B\nAQEFAAOBjQAwgYkCgYEA2zFYGTbXDAntT5pLTpZ2+VTiqx4J63VRJH1kdu11f0FV\nc2jl1pqCuYDbQXknDU0Pv1Q5y0+nSAihD2KqGS571r+vHQiPtKYPYRqPEe9FzAhR\n2KhWH6v/tk5DG1HqOjV9/zWRKB12gdFNZZqnw/e7NjLNq3wZ2UAwxXip5uJ8uwMC\nAwEAATANBgkqhkiG9w0BAQsFAAOBgQC/CJ9Syf4aL91wZizKTejwouRYoWv4gRAk\nyto45ZcNMHfJ0G2z+XAMl9ZbQsLgXmzAx4IM6y5Jckq8pKC4PEijCjlKTktLHlEy\n0ggmFxtNB1tid2NC8dOzcQ3l45+gDjDqdILhAvLDjlAIebdkqVqb2CfFNW/I2CQH\nZAuKN1aoKA==\n-----END CERTIFICATE-----\n"
}
},
{
"name": "d89ac423-e95a-475d-94f2-1c557c57bf31.consul",
"trustBundle": {
"inlineString": "-----BEGIN CERTIFICATE-----\nMIIB4DCCAYagAwIBAgIIJRydRWIBZ/0wCgYIKoZIzj0EAwIwFjEUMBIGA1UEAxML\nVGVzdCBDQSAzNDEwHhcNMjQwMjA4MTYxMDI4WhcNMzQwMjA4MTYxMDI4WjAWMRQw\nEgYDVQQDEwtUZXN0IENBIDM0MTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABPhl\newcSudWYzKuobsiXUwsHc4PuzmDEKWqRF0RRCkKPnZfui3gLMKR6a9F2fYTmx9Ba\n+C7dCTq9Iqo9MDBNfFejgb0wgbowDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQF\nMAMBAf8wKQYDVR0OBCIEIH3eL4bcaHvbHYoNlU4YsqHSRSqLIbolaLzbgSbyKlpY\nMCsGA1UdIwQkMCKAIH3eL4bcaHvbHYoNlU4YsqHSRSqLIbolaLzbgSbyKlpYMD8G\nA1UdEQQ4MDaGNHNwaWZmZTovLzExMTExMTExLTIyMjItMzMzMy00NDQ0LTU1NTU1\nNTU1NTU1NS5jb25zdWwwCgYIKoZIzj0EAwIDSAAwRQIgDZiUOpWgVjYjGp8mkXmx\n8hJkB7sumvk6pw+zY4S4omsCIQD1VIaJe88Uo3yoP8a6LYORDlU5d8VcLqmdNggd\neWNHUA==\n-----END CERTIFICATE-----\n"
"inlineString": "-----BEGIN CERTIFICATE-----\nMIICcTCCAdoCCQDyGxC08cD0BDANBgkqhkiG9w0BAQsFADB9MQswCQYDVQQGEwJV\nUzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCENhcmxzYmFkMQwwCgYDVQQKDANGb28x\nEDAOBgNVBAsMB2V4YW1wbGUxDzANBgNVBAMMBnBlZXItYjEdMBsGCSqGSIb3DQEJ\nARYOZm9vQHBlZXItYi5jb20wHhcNMjIwNTI2MDExNjE2WhcNMjMwNTI2MDExNjE2\nWjB9MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExETAPBgNVBAcMCENhcmxzYmFk\nMQwwCgYDVQQKDANGb28xEDAOBgNVBAsMB2V4YW1wbGUxDzANBgNVBAMMBnBlZXIt\nYjEdMBsGCSqGSIb3DQEJARYOZm9vQHBlZXItYi5jb20wgZ8wDQYJKoZIhvcNAQEB\nBQADgY0AMIGJAoGBAL4i5erdZ5vKk3mzW9Qt6Wvw/WN/IpMDlL0a28wz9oDCtMLN\ncD/XQB9yT5jUwb2s4mD1lCDZtee8MHeD8zygICozufWVB+u2KvMaoA50T9GMQD0E\nz/0nz/Z703I4q13VHeTpltmEpYcfxw/7nJ3leKA34+Nj3zteJ70iqvD/TNBBAgMB\nAAEwDQYJKoZIhvcNAQELBQADgYEAbL04gicH+EIznDNhZJEb1guMBtBBJ8kujPyU\nao8xhlUuorDTLwhLpkKsOhD8619oSS8KynjEBichidQRkwxIaze0a2mrGT+tGBMf\npVz6UeCkqpde6bSJ/ozEe/2seQzKqYvRT1oUjLwYvY7OIh2DzYibOAxh6fewYAmU\n5j5qNLc=\n-----END CERTIFICATE-----\n"
}
}
]
Expand Down

0 comments on commit 59a284c

Please sign in to comment.