Update cloud_controller_ng for mTLS app-to-app routing (RFC draft)#625
Draft
Update cloud_controller_ng for mTLS app-to-app routing (RFC draft)#625
Conversation
Points to feature/app-to-app-mtls-routing branch which includes: - mtls_allowed_sources route option for authorization - GUID existence validation for apps, spaces, and orgs - Mutual exclusivity enforcement for 'any' vs specific GUIDs - Feature flag gating via app_to_app_mtls_routing
This was referenced Mar 5, 2026
Updates cloud_controller_ng submodule to commit fa02d7877 which completes the terminology shift from 'access rules' to 'route policies' and 'selector' to 'source' for identity-aware routing RFC-0027. This aligns with existing CF network policies terminology and C2C network policy conventions (source → destination).
Updates submodule to commit bfd79bef4 which fixes all CI/CD test failures by completing the terminology rebrand in test files. Fixes: - Rubocop style violations (indentation) - Test require statements - All test references to old terminology - Table names in test error messages
…e route policy terminology - a9c550558: Fix route_policies_spec to use 'Source' and 'sources' query param - 1a34dfe16: Revert incorrect label_selector→label_source rename This fixes 13+ test failures caused by accidentally renaming the legitimate label_selector query parameter during the route policy terminology rebrand.
…ypes support Rebased feature/app-to-app-mtls-routing onto origin/main to include: - 9c338b321: Use storage-cli types instead of legacy fog provider names - Adds support for native storage-cli types: azurebs, s3, gcs, alioss - Maintains backward compatibility with legacy fog names: AzureRM, AWS, Google, aliyun - Explicitly blocks webdav/dav provider (not fully implemented yet) This fixes production deployment error where capi-release templates (latest) generate native storage-cli type names (e.g., azurebs) but cloud_controller_ng code (feature branch) only accepted legacy fog provider names (e.g., AzureRM). Rebase also brings in recent upstream changes: - Dependency updates (rubocop, syslog, mime-types, etc.) - Performance improvements (reduce db calls in process presenter) - Bug fixes and refactoring Feature branch commits (29 total) cleanly rebased with no conflicts.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Updates cloud_controller_ng submodule to include mTLS app-to-app routing support.
Note: This PR is a draft because the RFC for App-to-App mTLS Routing has not been approved yet.
Changes
Updates
src/cloud_controller_ngsubmodule to branchfeature/app-to-app-mtls-routingwhich adds:mtls_allowed_apps,mtls_allowed_spaces,mtls_allowed_orgs,mtls_allow_anyapp_to_app_mtls_routingRelated PRs