Merge v2.10 into v3.0

pkg/provider/consulcatalog/connect_tls.go

@@ -3,7 +3,6 @@ package consulcatalog
 import (
 	"fmt"
 
-	"github.com/hashicorp/consul/agent/connect"
 	"github.com/traefik/traefik/v3/pkg/config/dynamic"
 	traefiktls "github.com/traefik/traefik/v3/pkg/tls"
 )
@@ -52,11 +51,11 @@ func (c *connectCert) equals(other *connectCert) bool {
 }
 
 func (c *connectCert) serversTransport(item itemData) *dynamic.ServersTransport {
-	spiffeIDService := connect.SpiffeIDService{
-		Namespace:  item.Namespace,
-		Datacenter: item.Datacenter,
-		Service:    item.Name,
-	}
+	spiffeID := fmt.Sprintf("spiffe:///ns/%s/dc/%s/svc/%s",
+		item.Namespace,
+		item.Datacenter,
+		item.Name,
+	)
 
 	return &dynamic.ServersTransport{
 		// This ensures that the config changes whenever the verifier function changes
@@ -67,16 +66,16 @@ func (c *connectCert) serversTransport(item itemData) *dynamic.ServersTransport
 		Certificates: traefiktls.Certificates{
 			c.getLeaf(),
 		},
-		PeerCertURI: spiffeIDService.URI().String(),
+		PeerCertURI: spiffeID,
 	}
 }
 
 func (c *connectCert) tcpServersTransport(item itemData) *dynamic.TCPServersTransport {
-	spiffeIDService := connect.SpiffeIDService{
-		Namespace:  item.Namespace,
-		Datacenter: item.Datacenter,
-		Service:    item.Name,
-	}
+	spiffeID := fmt.Sprintf("spiffe:///ns/%s/dc/%s/svc/%s",
+		item.Namespace,
+		item.Datacenter,
+		item.Name,
+	)
 
 	return &dynamic.TCPServersTransport{
 		TLS: &dynamic.TLSClientConfig{
@@ -88,7 +87,7 @@ func (c *connectCert) tcpServersTransport(item itemData) *dynamic.TCPServersTran
 			Certificates: traefiktls.Certificates{
 				c.getLeaf(),
 			},
-			PeerCertURI: spiffeIDService.URI().String(),
+			PeerCertURI: spiffeID,
 		},
 	}
 }