Skip to content

Commit

Permalink
NET-4774 - replace usage of deprecated Envoy field match_subject_alt_…
Browse files Browse the repository at this point in the history
…names
  • Loading branch information
jmurret committed Dec 22, 2023
1 parent b9ad0df commit 6f86e3d
Show file tree
Hide file tree
Showing 217 changed files with 3,621 additions and 1,377 deletions.
3 changes: 3 additions & 0 deletions .changelog/19954.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:improvement
connect: Remove usage of deprecated Envoy field `match_subject_alt_names` in favor of `match_typed_subject_alt_names`.
```
2 changes: 1 addition & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -68,7 +68,7 @@ GO_BUILD_TAG?=consul-build-go
UI_BUILD_TAG?=consul-build-ui
BUILD_CONTAINER_NAME?=consul-builder
CONSUL_IMAGE_VERSION?=latest
ENVOY_VERSION?='1.28.0'
ENVOY_VERSION?='1.25.4'
CONSUL_DATAPLANE_IMAGE := $(or $(CONSUL_DATAPLANE_IMAGE),"docker.io/hashicorppreview/consul-dataplane:1.3-dev-ubi")
DEPLOYER_CONSUL_DATAPLANE_IMAGE := $(or $(DEPLOYER_CONSUL_DATAPLANE_IMAGE), "docker.io/hashicorppreview/consul-dataplane:1.3-dev")

Expand Down
14 changes: 8 additions & 6 deletions agent/xds/clusters.go
Original file line number Diff line number Diff line change
Expand Up @@ -1620,17 +1620,19 @@ func injectSANMatcher(tlsContext *envoy_tls_v3.CommonTlsContext, matchStrings ..
tlsContext.ValidationContextType)
}

var matchers []*envoy_matcher_v3.StringMatcher
var matchers []*envoy_tls_v3.SubjectAltNameMatcher
for _, m := range matchStrings {
matchers = append(matchers, &envoy_matcher_v3.StringMatcher{
MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{
Exact: m,
matchers = append(matchers, &envoy_tls_v3.SubjectAltNameMatcher{
SanType: envoy_tls_v3.SubjectAltNameMatcher_URI,
Matcher: &envoy_matcher_v3.StringMatcher{
MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{
Exact: m,
},
},
})
}

//nolint:staticcheck
validationCtx.ValidationContext.MatchSubjectAltNames = matchers
validationCtx.ValidationContext.MatchTypedSubjectAltNames = matchers

return nil
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,12 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
}
}
],
"trustedCa": {
Expand Down Expand Up @@ -78,12 +81,18 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
}
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
}
}
],
"trustedCa": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,12 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
}
}
],
"trustedCa": {
Expand Down Expand Up @@ -78,12 +81,18 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
}
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
}
}
],
"trustedCa": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,12 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
}
}
],
"trustedCa": {
Expand Down Expand Up @@ -78,12 +81,18 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
}
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
}
}
],
"trustedCa": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,12 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
}
}
],
"trustedCa": {
Expand Down Expand Up @@ -78,12 +81,18 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
}
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
}
}
],
"trustedCa": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,12 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
}
}
],
"trustedCa": {
Expand Down Expand Up @@ -78,12 +81,18 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
}
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
}
}
],
"trustedCa": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,12 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
}
}
],
"trustedCa": {
Expand Down Expand Up @@ -78,12 +81,18 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
}
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
}
}
],
"trustedCa": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,12 +70,18 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
}
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
}
}
],
"trustedCa": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,12 +70,18 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
}
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
}
}
],
"trustedCa": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,12 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
}
}
],
"trustedCa": {
Expand Down Expand Up @@ -78,12 +81,18 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
}
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
}
}
],
"trustedCa": {
Expand Down Expand Up @@ -194,9 +203,12 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/no-endpoints"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/no-endpoints"
}
}
],
"trustedCa": {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,12 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/db"
}
}
],
"trustedCa": {
Expand Down Expand Up @@ -78,12 +81,18 @@
],
"tlsParams": {},
"validationContext": {
"matchSubjectAltNames": [
"matchTypedSubjectAltNames": [
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc1/svc/geo-cache-target"
}
},
{
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
"sanType": "URI",
"matcher": {
"exact": "spiffe://11111111-2222-3333-4444-555555555555.consul/ns/default/dc/dc2/svc/geo-cache-target"
}
}
],
"trustedCa": {
Expand Down
Loading

0 comments on commit 6f86e3d

Please sign in to comment.