Docs and changelog edits

Signed-off-by: Mark Anderson <[email protected]>
neuvector · May 4, 2022 · 05dc5a2 · 05dc5a2
1 parent fee6c7a
commit 05dc5a2
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 4 deletions.
diff --git a/.changelog/12878.txt b/.changelog/12878.txt
@@ -1,3 +1,3 @@
 ```release-note:improvement
-agent: Envoy now inserts x-forwarded-client-cert for incoming proxy connections
-```
+xds: Envoy now inserts x-forwarded-client-cert for incoming proxy connections
+```
diff --git a/agent/structs/config_entry_mesh.go b/agent/structs/config_entry_mesh.go
@@ -44,6 +44,10 @@ type MeshDirectionalTLSConfig struct {
 	CipherSuites []types.TLSCipherSuite `json:",omitempty" alias:"cipher_suites"`
 }
 
+type MeshHTTPConfig struct {
+	SanitizeXForwardedClientCert bool `alias:"sanitize_x_forwarded_client_cert"`
+}
+
 func (e *MeshConfigEntry) GetKind() string {
 	return MeshConfig
 }

diff --git a/website/content/docs/connect/config-entries/mesh.mdx b/website/content/docs/connect/config-entries/mesh.mdx
@@ -368,8 +368,9 @@ Note that the Kubernetes example does not include a `partition` field. Configura
           name: 'SanitizeXForwardedClientCert',
           yaml: false,
           type: 'bool: <optional>',
-          description: `Set the envoy forwardClientCertDetails to SANITIZE everywhere. Ordinarily Consul will configure Envoy to
-                        insert x-forwarded-client-cert headers where appropriate. This returns Consul to the pre 1.12.1 behavior`,
+          description: `Set the envoy \`forward_client_cert_details\` option to \`SANITIZE\` for all proxies. This
+                        configures Envoy to not send the \`x-forwarded-client-cert\` header to the next hop. If
+                        unspecified or \`false\`, the XFCC header is propagated to upstream applications.`,
         },
       ],
     },