ext authz: add dns san support for ext authz service (#7948)

Adds support for DNS SAN in ext authz peer validation Risk Level: Low Testing: Added Docs Changes: Added Release Notes: N/A Signed-off-by: Rama Chavali <rama.rao@salesforce.com> Mirrored from https://github.com/envoyproxy/envoy @ d4dc0a5b74acd42aafaaef8bb9c4ebed832674bd
6 years ago · 920b31b5be
parent ecc0d1551d
commit 920b31b5be
1 changed files with 2 additions and 2 deletions
--- a/envoy/service/auth/v2/attribute_context.proto
+++ b/envoy/service/auth/v2/attribute_context.proto
@ -50,8 +50,8 @@ message AttributeContext {
    // The authenticated identity of this peer.
    // For example, the identity associated with the workload such as a service account.
    // If an X.509 certificate is used to assert the identity this field should be sourced from
-    // `Subject` or `Subject Alternative Names`. The primary identity should be the principal.
-    // The principal format is issuer specific.
+    // `URI Subject Alternative Names`, `DNS Subject Alternate Names` or `Subject` in that order.
+    // The primary identity should be the principal. The principal format is issuer specific.
    //
    // Example:
    // *    SPIFFE format is `spiffe://trust-domain/path`