linkerd
/
linkerd2
mirror of https://github.com/linkerd/linkerd2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linkerd2/controller/tap
History
Paul Balogh b5e39bcbf7 Utilize Common Name or Subject Alternate Name for access checks (#3459) (#3949) 
Subject
Utilize Common Name or Subject Alternate Name for access checks (#3459)

Problem
When access restrictions to API server have been enabled with the requestheader-allowed-names configuration, only the Common Name of the requestor certificate is being checked. This check should include the use of Subject Alternate Name attributes.

Solution
API server will now check the SAN attributes (DNS Names, Email Addresses, IP Addresses, and URIs) when determining accessibility for allowed names.

Fixes issue #3459

Signed-off-by: Paul Balogh <javaducky@gmail.com>
 		2020-01-22 08:58:19 +02:00
..
apiserver.go Utilize Common Name or Subject Alternate Name for access checks (#3459) (#3949) 2020-01-22 08:58:19 +02:00
apiserver_test.go Utilize Common Name or Subject Alternate Name for access checks (#3459) (#3949) 2020-01-22 08:58:19 +02:00
client.go Enable lint check for comments (#2023) 2019-01-02 14:03:59 -08:00
handlers.go Upgrade prometheus to v1.2.1 (#3541) 2019-12-11 15:26:16 -08:00
handlers_test.go Update tap authz error with doc URL (#3196) 2019-08-06 08:56:41 -07:00
server.go Fixed bad identity string for target pod in tap (#3675) 2019-11-05 15:57:41 -05:00
server_test.go If tap source IP matches many running pods then only show the IP (#3513) 2019-10-25 12:38:11 -05:00