Golden File Tests for TermGW w/ Cluster Peering (#19096)

Thomas Eckert · web-flow · commit 76c60fdface5 · 2023-10-13T11:56:58.000-04:00
Add intention to create golden file for terminating gateway peered trust bundle
diff --git a/agent/xds/listeners_test.go b/agent/xds/listeners_test.go
@@ -1093,12 +1093,12 @@ func TestListenersFromSnapshot(t *testing.T) {
 							Bundles: []*pbpeering.PeeringTrustBundle{
 								{
 									TrustDomain: "foo.bar.gov",
-									PeerName:    "dc1",
+									PeerName:    "dc2",
 									Partition:   "default",
 									RootPEMs: []string{
 										roots.Roots[0].RootCert,
 									},
-									ExportedPartition: "dc1",
+									ExportedPartition: "default",
 									CreateIndex:       0,
 									ModifyIndex:       0,
 								},
@@ -1109,8 +1109,11 @@ func TestListenersFromSnapshot(t *testing.T) {
 						CorrelationID: "service-intentions:web",
 						Result: structs.SimplifiedIntentions{
 							{
-								SourceName:      "*",
-								DestinationName: "web",
+								SourceName:           "source",
+								SourcePeer:           "dc2",
+								DestinationName:      "web",
+								DestinationPartition: "default",
+								Action:               structs.IntentionActionAllow,
 							},
 						},
 					},
diff --git a/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden b/agent/xds/testdata/listeners/terminating-gateway-with-peer-trust-bundle.latest.golden
@@ -171,7 +171,29 @@
               "name": "envoy.filters.network.rbac",
               "typedConfig": {
                 "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC",
-                "rules": {},
+                "rules": {
+                  "policies": {
+                    "consul-intentions-layer4": {
+                      "permissions": [
+                        {
+                          "any": true
+                        }
+                      ],
+                      "principals": [
+                        {
+                          "authenticated": {
+                            "principalName": {
+                              "safeRegex": {
+                                "googleRe2": {},
+                                "regex": "^spiffe://foo.bar.gov/ns/default/dc/[^/]+/svc/source$"
+                              }
+                            }
+                          }
+                        }
+                      ]
+                    }
+                  }
+                },
                 "statPrefix": "connect_authz"
               }
             },
