[X.509] Backward Compatibility

## Summary

Verify that existing AuthConfig mTLS behavior is not broken by the new `x509.source` field changes.

> **Priority: High** — Should be implemented early.

The existing tests use `TLSEnvoy` gateway with `hostname.client(verify=envoy_authority, cert=valid_cert)` pattern. The new tests use `KuadrantGateway` with XFCC-based cert extraction. These are fundamentally different gateway setups, so new tests will likely be needed rather than adapting existing ones.

## Setup

- AuthPolicy without `source` field (legacy behavior — expects cert in `attributes.source.certificate`)

## Tests

- Verify existing behavior is not broken

## References

- Parent issue: #885
- [RFC 0015](https://github.com/Kuadrant/architecture/pull/141)
- [Existing mTLS tests](https://github.com/Kuadrant/testsuite/tree/main/testsuite/tests/singlecluster/authorino/operator/tls/mtls)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[X.509] Backward Compatibility #896

Summary

Setup

Tests

References

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[X.509] Backward Compatibility #896

Description

Summary

Setup

Tests

References

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions