Kenneth Jenkins 8d09567fd7 authorize: incorporate mTLS validation from Envoy (#4374) ... Configure Envoy to validate client certificates, using the union of all relevant client CA bundles (that is, a bundle of the main client CA setting together with all per-route client CAs). Pass the validation status from Envoy through to the authorize service, by configuring Envoy to use the newly-added SetClientCertificateMetadata filter, and by also adding the relevant metadata namespace to the ExtAuthz configuration. Remove the existing 'include_peer_certificate' setting from the ExtAuthz configuration, as the metadata from the Lua filter will include the full certificate chain (when it validates successfully by Envoy). Update policy evaluation to consider the validation status from Envoy, in addition to its own certificate chain validation. (Policy evaluation cannot rely solely on the Envoy validation status while we still support the per-route client CA setting.)		2023-07-21 12:17:01 -07:00
..
testdata	try pinning docker dependency (#3185)	2022-03-23 13:47:35 -06:00
gcs.go	autocert: add support for storage in gcs (#3794)	2022-12-09 08:22:32 -07:00
log.go	authorize: incorporate mTLS validation from Envoy (#4374)	2023-07-21 12:17:01 -07:00
minio.go	autocert: add support for storage in gcs (#3794)	2022-12-09 08:22:32 -07:00
postgres.go	postgres: upgrade to pgx v5 (#3826)	2022-12-19 12:47:35 -07:00
redis.go	databroker: support rotating shared secret (#3502)	2022-07-26 10:59:54 -06:00
testutil.go	config: remove source, remove deadcode, fix linting issues (#4118)	2023-04-21 17:25:11 -06:00