Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify ForwardClientCertDetails comments #3315

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Clarify ForwardClientCertDetails comments #3315

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
59f7479
Clarify ForwardClientCertDetails comments
leosarra Sep 20, 2024
4d13e1d
update gen files
leosarra Sep 20, 2024
8e87169
fix typo
leosarra Sep 20, 2024
77492ae
remove mention of gateway proxy
leosarra Sep 20, 2024
0460566
fix default value for gw
leosarra Sep 20, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions mesh/v1alpha1/istio.mesh.v1alpha1.pb.html
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions mesh/v1alpha1/proxy.pb.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

8 changes: 4 additions & 4 deletions mesh/v1alpha1/proxy.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -273,26 +273,26 @@ message Topology {
}

// ForwardClientCertDetails controls how the x-forwarded-client-cert (XFCC)
// header is handled by the gateway proxy.
// header is handled by a proxy.
// See [Envoy XFCC](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/filters/network/http_connection_manager/v3/http_connection_manager.proto.html#enum-extensions-filters-network-http-connection-manager-v3-httpconnectionmanager-forwardclientcertdetails)
// header handling for more details.
enum ForwardClientCertDetails {
// Field is not set
UNDEFINED = 0;

// Do not send the XFCC header to the next hop. This is the default value.
// Do not send the XFCC header to the next hop.
SANITIZE = 1;

// When the client connection is mTLS (Mutual TLS), forward the XFCC header
// in the request.
FORWARD_ONLY = 2;

// When the client connection is mTLS, append the client certificate
// information to the request’s XFCC header and forward it.
// information to the request’s XFCC header and forward it. This is the default value for sidecar proxies.
APPEND_FORWARD = 3;

// When the client connection is mTLS, reset the XFCC header with the client
// certificate information and send it to the next hop.
// certificate information and send it to the next hop. This is the default value for gateway proxies.
SANITIZE_SET = 4;

// Always forward the XFCC header in the request, regardless of whether the
Expand Down