From b524b1eb292237dfe01889b8049dca10310999db Mon Sep 17 00:00:00 2001 From: Louis Ryan Date: Mon, 28 Jan 2019 12:31:48 -0800 Subject: [PATCH 01/15] Replace 'scope' with 'export_to' namespace (#758) * Replace public/private scoping with namespace scoped exports Add flags to control scopeTo defaults Update doc for locality weighted LB * Hide from docs and other misc fixes --- mesh/v1alpha1/config.pb.go | 579 ++++++++++++++---- mesh/v1alpha1/config.proto | 151 ++++- mesh/v1alpha1/istio.mesh.v1alpha1.pb.html | 98 +-- networking/v1alpha3/destination_rule.pb.go | 238 +++---- networking/v1alpha3/destination_rule.proto | 11 +- .../istio.networking.v1alpha3.pb.html | 89 +-- networking/v1alpha3/service_entry.pb.go | 157 +++-- networking/v1alpha3/service_entry.proto | 42 +- networking/v1alpha3/sidecar.pb.go | 95 +-- networking/v1alpha3/sidecar.proto | 14 - networking/v1alpha3/virtual_service.pb.go | 296 +++++---- networking/v1alpha3/virtual_service.proto | 20 +- proto.lock | 61 +- python/istio_api/mesh/v1alpha1/config_pb2.py | 92 ++- .../v1alpha3/destination_rule_pb2.py | 76 ++- .../networking/v1alpha3/service_entry_pb2.py | 36 +- .../networking/v1alpha3/sidecar_pb2.py | 32 +- .../v1alpha3/virtual_service_pb2.py | 144 +++-- 18 files changed, 1354 insertions(+), 877 deletions(-) diff --git a/mesh/v1alpha1/config.pb.go b/mesh/v1alpha1/config.pb.go index f981795b62..b5116ae9d1 100644 --- a/mesh/v1alpha1/config.pb.go +++ b/mesh/v1alpha1/config.pb.go @@ -24,7 +24,7 @@ import proto "github.com/gogo/protobuf/proto" import fmt "fmt" import math "math" import google_protobuf "github.com/gogo/protobuf/types" -import istio_networking_v1alpha33 "istio.io/api/networking/v1alpha3" +import istio_networking_v1alpha31 "istio.io/api/networking/v1alpha3" import io "io" @@ -190,7 +190,7 @@ type MeshConfig struct { // Connection timeout used by Envoy. (MUST BE >=1ms) ConnectTimeout *google_protobuf.Duration `protobuf:"bytes,6,opt,name=connect_timeout,json=connectTimeout" json:"connect_timeout,omitempty"` // If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives. - TcpKeepalive *istio_networking_v1alpha33.ConnectionPoolSettings_TCPSettings_TcpKeepalive `protobuf:"bytes,28,opt,name=tcp_keepalive,json=tcpKeepalive" json:"tcp_keepalive,omitempty"` + TcpKeepalive *istio_networking_v1alpha31.ConnectionPoolSettings_TCPSettings_TcpKeepalive `protobuf:"bytes,28,opt,name=tcp_keepalive,json=tcpKeepalive" json:"tcp_keepalive,omitempty"` // Class of ingress resources to be processed by Istio ingress // controller. This corresponds to the value of // "kubernetes.io/ingress.class" annotation. @@ -243,8 +243,6 @@ type MeshConfig struct { // rules, and other Istio configuration artifacts. Multiple data sources // can be configured for a single control plane. ConfigSources []*ConfigSource `protobuf:"bytes,22,rep,name=config_sources,json=configSources" json:"config_sources,omitempty"` - // Locality based load balancing distribution or failover settings. - LocalityLbSetting *LocalityLoadBalancerSetting `protobuf:"bytes,31,opt,name=locality_lb_setting,json=localityLbSetting" json:"locality_lb_setting,omitempty"` // $hide_from_docs // This flag is used by secret discovery service(SDS). // If set to true(prerequisite: https://kubernetes.io/docs/concepts/storage/volumes/#projected), Istio will inject volumes mount @@ -264,6 +262,64 @@ type MeshConfig struct { // Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain // Fallback to old identity format(without trust domain) if not set. TrustDomain string `protobuf:"bytes,26,opt,name=trust_domain,json=trustDomain,proto3" json:"trust_domain,omitempty"` + // $hide_from_docs + // The default value for the ServiceEntry.export_to field and services + // imported through container registry integrations, e.g. this applies to + // Kubernetes Service resources. The value is a list of namespace names and + // reserved namespace aliases. The allowed namespace aliases are: + // + // * - All Namespaces + // . - Current Namespace + // ~ - No Namespace + // + // If not set the system will use "*" as the default value which implies that + // services are exported to all namespaces. + // + // 'All namespaces' is a reasonable default for implementations that don't + // need to restrict access or visibility of services across namespace + // boundaries. If that requirement is present it is generally good practice to + // make the default 'Current namespace' so that services are only visible + // within their own namespaces by default. Operators can then expand the + // visibility of services to other namespaces as needed. Use of 'No Namespace' + // is expected to be rare but can have utility for deployments where + // dependency management needs to be precise even within the scope of a single + // namespace. + // + // For further discussion see the reference documentation for ServiceEntry, + // Sidecar, and Gateway. + DefaultServiceExportTo []string `protobuf:"bytes,31,rep,name=default_service_export_to,json=defaultServiceExportTo" json:"default_service_export_to,omitempty"` + // $hide_from_docs + // The default value for the VirtualService.export_to field. Has the same + // syntax as 'default_service_export_to'. + // + // If not set the system will use "*" as the default value which implies that + // virtual services are exported to all namespaces + DefaultVirtualServiceExportTo []string `protobuf:"bytes,32,rep,name=default_virtual_service_export_to,json=defaultVirtualServiceExportTo" json:"default_virtual_service_export_to,omitempty"` + // $hide_from_docs + // The default value for the DestinationRule.export_to field. Has the same + // syntax as 'default_service_export_to'. + // + // If not set the system will use "*" as the default value which implies that + // destination rules are exported to all namespaces + DefaultDestinationRuleExportTo []string `protobuf:"bytes,33,rep,name=default_destination_rule_export_to,json=defaultDestinationRuleExportTo" json:"default_destination_rule_export_to,omitempty"` + // $hide_from_docs + // The namespace to treat as the administrative root namespace for + // istio configuration. When processing a leaf namespace Istio will search for + // declarations in that namespace first and if none are found it will + // search in the root namespace. Any matching declaration found in the root + // namespace is processed as if it were declared in the leaf namespace. + // + // The precise semantics of this processing are documented on each resource + // type. + // + // There is no default value for this flag in 1.1 but in later releases it + // is expected to default to a new namespace, "istio-config", which is + // maintained separately from the "istio-system" namespace where an instance + // of the control plane runtime is deployed. This separates the concerns of + // configuring the control-plane runtime from configuration of the mesh. + RootNamespace string `protobuf:"bytes,34,opt,name=root_namespace,json=rootNamespace,proto3" json:"root_namespace,omitempty"` + // Locality based load balancing distribution or failover settings. + LocalityLbSetting *LocalityLoadBalancerSetting `protobuf:"bytes,35,opt,name=locality_lb_setting,json=localityLbSetting" json:"locality_lb_setting,omitempty"` } func (m *MeshConfig) Reset() { *m = MeshConfig{} } @@ -327,7 +383,7 @@ func (m *MeshConfig) GetConnectTimeout() *google_protobuf.Duration { return nil } -func (m *MeshConfig) GetTcpKeepalive() *istio_networking_v1alpha33.ConnectionPoolSettings_TCPSettings_TcpKeepalive { +func (m *MeshConfig) GetTcpKeepalive() *istio_networking_v1alpha31.ConnectionPoolSettings_TCPSettings_TcpKeepalive { if m != nil { return m.TcpKeepalive } @@ -446,13 +502,6 @@ func (m *MeshConfig) GetConfigSources() []*ConfigSource { return nil } -func (m *MeshConfig) GetLocalityLbSetting() *LocalityLoadBalancerSetting { - if m != nil { - return m.LocalityLbSetting - } - return nil -} - func (m *MeshConfig) GetEnableSdsTokenMount() bool { if m != nil { return m.EnableSdsTokenMount @@ -474,6 +523,41 @@ func (m *MeshConfig) GetTrustDomain() string { return "" } +func (m *MeshConfig) GetDefaultServiceExportTo() []string { + if m != nil { + return m.DefaultServiceExportTo + } + return nil +} + +func (m *MeshConfig) GetDefaultVirtualServiceExportTo() []string { + if m != nil { + return m.DefaultVirtualServiceExportTo + } + return nil +} + +func (m *MeshConfig) GetDefaultDestinationRuleExportTo() []string { + if m != nil { + return m.DefaultDestinationRuleExportTo + } + return nil +} + +func (m *MeshConfig) GetRootNamespace() string { + if m != nil { + return m.RootNamespace + } + return "" +} + +func (m *MeshConfig) GetLocalityLbSetting() *LocalityLoadBalancerSetting { + if m != nil { + return m.LocalityLbSetting + } + return nil +} + type MeshConfig_OutboundTrafficPolicy struct { Mode MeshConfig_OutboundTrafficPolicy_Mode `protobuf:"varint,1,opt,name=mode,proto3,enum=istio.mesh.v1alpha1.MeshConfig_OutboundTrafficPolicy_Mode" json:"mode,omitempty"` } @@ -503,7 +587,7 @@ type ConfigSource struct { // Use the tls_settings to specify the tls mode to use. If the MCP server // uses Istio MTLS and shares the root CA with Pilot, specify the TLS // mode as ISTIO_MUTUAL. - TlsSettings *istio_networking_v1alpha33.TLSSettings `protobuf:"bytes,2,opt,name=tls_settings,json=tlsSettings" json:"tls_settings,omitempty"` + TlsSettings *istio_networking_v1alpha31.TLSSettings `protobuf:"bytes,2,opt,name=tls_settings,json=tlsSettings" json:"tls_settings,omitempty"` } func (m *ConfigSource) Reset() { *m = ConfigSource{} } @@ -518,44 +602,62 @@ func (m *ConfigSource) GetAddress() string { return "" } -func (m *ConfigSource) GetTlsSettings() *istio_networking_v1alpha33.TLSSettings { +func (m *ConfigSource) GetTlsSettings() *istio_networking_v1alpha31.TLSSettings { if m != nil { return m.TlsSettings } return nil } -// The following example sets up locality weight for mesh wide service -// Assume a service resides in "region1/zone1/*" and "region1/zone2/*", -// and originating clusters also reside in "region1/zone1/*" and "region1/zone2/*". -// This example specifies when clusters from "region1/zone1/*" accessing the service, 80% of the traffic -// is shipped to "region1/zone1/*" ratings service endpoints, and the rest 20% to "region1/zone2/*". +// Locality-weighted load balancing allows administrators to control the +// distribution of traffic to endpoints based on the localities of where the +// traffic originates and where it will terminate. These localities are +// specified using arbitrary labels that designate a hierarchy of localities in +// {region}/{zone}/{sub-zone} form. For additional detail refer to +// https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing/locality_weight +// The following example shows how to setup locality weights mesh-wide. +// +// Given a mesh with workloads and their service deployed to "us-west/zone1/*" +// and "us-west/zone2/*". This example specifies that when traffic accessing a +// service originates from workloads in "us-west/zone1/*", 80% of the traffic +// will be sent to endpoints in "us-west/zone1/*", i.e the same zone, and the +// remaining 20% will go to endpoints in "us-west/zone2/*". This setup is +// intended to favor routing traffic to endpoints in the same locality. +// A similar setting is specified for traffic originating in "us-west/zone2/*". // // ```yaml // distribute: -// - from: region1/zone1/* +// - from: us-west/zone1/* // to: -// "region1/zone1/*": 80 -// "region1/zone2/*": 20 -// - from: region1/zone2/* +// "us-west/zone1/*": 80 +// "us-west/zone2/*": 20 +// - from: us-west/zone2/* // to: -// "region1/zone1/*": 20 -// "region1/zone2/*": 80 +// "us-west/zone1/*": 20 +// "us-west/zone2/*": 80 // ``` // -// The following example sets up locality failover policy for the ratings service -// Assume a service resides in "region1" "region2" and "region3", -// This example specifies when clusters from "region1/zone1" accessing the service, -// if endpoints in "region1" becomes unhealthy, traffic will begin to trickle to "region2". +// If the goal of the operator is not to distribute load across zones and +// regions but rather to restrict the regionality of failover to meet other +// operational requirements an operator can set a 'failover' policy instead of +// a 'distribute' policy. +// +// The following example sets up a locality failover policy for regions. +// Assume a service resides in zones within us-east, us-west & eu-west +// this example specifies that when endpoints within us-east become unhealthy +// traffic should failover to endpoints in any zone or sub-zone within eu-west +// and similarly us-west should failover to us-east. // // ```yaml // failover: -// - from: region1 -// to: region2 +// - from: us-east +// to: eu-west +// - from: us-west +// to: us-east // ``` // Locality load balancing settings. type LocalityLoadBalancerSetting struct { - // Optional: only distribute or failover can be set. + // Optional: only one of distribute or failover can be set. // Explicitly specify loadbalancing weight across different zones and geographical locations. // Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing.html?highlight=load_balancing_weight#locality-weighted-load-balancing) // If empty, the locality weight is set according to the endpoints number within it. @@ -588,15 +690,19 @@ func (m *LocalityLoadBalancerSetting) GetFailover() []*LocalityLoadBalancerSetti return nil } -// Originating -> upstream cluster locality weight set, support wildcard matching '*' -// '*' matches all localities -// 'region1/*' matches all zones in region1 +// Describes how traffic originating in the 'from' zone or sub-zone is +// distributed over a set of 'to' zones. Syntax for specifying a zone is +// {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any +// segment of the specification. Examples: +// * - matches all localities +// us-west/* - all zones and sub-zones within the us-west region +// us-west/zone-1/* - all sub-zones within us-west/zone-1 type LocalityLoadBalancerSetting_Distribute struct { // Originating locality, '/' separated, e.g. 'region/zone/sub_zone'. From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` - // Upstream locality to loadbalancing weight map. The sum of all weights should be == 100. - // Should assign load balancing weight for all localities, otherwise the traffic are not routed - // following the percentage of weight. + // Map of upstream localities to traffic distribution weights. The sum of + // all weights should be == 100. Any locality not assigned a weight will + // receive no traffic. To map[string]uint32 `protobuf:"bytes,2,rep,name=to" json:"to,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` } @@ -623,12 +729,18 @@ func (m *LocalityLoadBalancerSetting_Distribute) GetTo() map[string]uint32 { return nil } -// Specify the traffic failover policy. -// As zone and sub_zone failover is supported by default, only region can be specified here. +// Specify the traffic failover policy across regions. Since zone and sub-zone +// failover is supported by default this only needs to be specified for +// regions when the operator needs to constrain traffic failover so that +// the default behavior of failing over to any endpoint globally does not +// apply. This is useful when failing over traffic across regions would not +// improve service health or may need to be restricted for other reasons +// like regulatory controls. type LocalityLoadBalancerSetting_Failover struct { // Originating region. From string `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` - // Destination region the traffic will fail over to when endpoints in local region becomes unhealthy. + // Destination region the traffic will fail over to when endpoints in + // the 'from' region becomes unhealthy. To string `protobuf:"bytes,2,opt,name=to,proto3" json:"to,omitempty"` } @@ -929,10 +1041,69 @@ func (m *MeshConfig) MarshalTo(dAtA []byte) (int, error) { } i++ } + if len(m.DefaultServiceExportTo) > 0 { + for _, s := range m.DefaultServiceExportTo { + dAtA[i] = 0xfa + i++ + dAtA[i] = 0x1 + i++ + l = len(s) + for l >= 1<<7 { + dAtA[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + dAtA[i] = uint8(l) + i++ + i += copy(dAtA[i:], s) + } + } + if len(m.DefaultVirtualServiceExportTo) > 0 { + for _, s := range m.DefaultVirtualServiceExportTo { + dAtA[i] = 0x82 + i++ + dAtA[i] = 0x2 + i++ + l = len(s) + for l >= 1<<7 { + dAtA[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + dAtA[i] = uint8(l) + i++ + i += copy(dAtA[i:], s) + } + } + if len(m.DefaultDestinationRuleExportTo) > 0 { + for _, s := range m.DefaultDestinationRuleExportTo { + dAtA[i] = 0x8a + i++ + dAtA[i] = 0x2 + i++ + l = len(s) + for l >= 1<<7 { + dAtA[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + dAtA[i] = uint8(l) + i++ + i += copy(dAtA[i:], s) + } + } + if len(m.RootNamespace) > 0 { + dAtA[i] = 0x92 + i++ + dAtA[i] = 0x2 + i++ + i = encodeVarintConfig(dAtA, i, uint64(len(m.RootNamespace))) + i += copy(dAtA[i:], m.RootNamespace) + } if m.LocalityLbSetting != nil { - dAtA[i] = 0xfa + dAtA[i] = 0x9a i++ - dAtA[i] = 0x1 + dAtA[i] = 0x2 i++ i = encodeVarintConfig(dAtA, i, uint64(m.LocalityLbSetting.Size())) n7, err := m.LocalityLbSetting.MarshalTo(dAtA[i:]) @@ -1227,6 +1398,28 @@ func (m *MeshConfig) Size() (n int) { if m.SidecarToTelemetrySessionAffinity { n += 3 } + if len(m.DefaultServiceExportTo) > 0 { + for _, s := range m.DefaultServiceExportTo { + l = len(s) + n += 2 + l + sovConfig(uint64(l)) + } + } + if len(m.DefaultVirtualServiceExportTo) > 0 { + for _, s := range m.DefaultVirtualServiceExportTo { + l = len(s) + n += 2 + l + sovConfig(uint64(l)) + } + } + if len(m.DefaultDestinationRuleExportTo) > 0 { + for _, s := range m.DefaultDestinationRuleExportTo { + l = len(s) + n += 2 + l + sovConfig(uint64(l)) + } + } + l = len(m.RootNamespace) + if l > 0 { + n += 2 + l + sovConfig(uint64(l)) + } if m.LocalityLbSetting != nil { l = m.LocalityLbSetting.Size() n += 2 + l + sovConfig(uint64(l)) @@ -2028,7 +2221,7 @@ func (m *MeshConfig) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } if m.TcpKeepalive == nil { - m.TcpKeepalive = &istio_networking_v1alpha33.ConnectionPoolSettings_TCPSettings_TcpKeepalive{} + m.TcpKeepalive = &istio_networking_v1alpha31.ConnectionPoolSettings_TCPSettings_TcpKeepalive{} } if err := m.TcpKeepalive.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err @@ -2075,6 +2268,122 @@ func (m *MeshConfig) Unmarshal(dAtA []byte) error { } m.SidecarToTelemetrySessionAffinity = bool(v != 0) case 31: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DefaultServiceExportTo", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowConfig + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthConfig + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DefaultServiceExportTo = append(m.DefaultServiceExportTo, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 32: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DefaultVirtualServiceExportTo", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowConfig + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthConfig + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DefaultVirtualServiceExportTo = append(m.DefaultVirtualServiceExportTo, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 33: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field DefaultDestinationRuleExportTo", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowConfig + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthConfig + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.DefaultDestinationRuleExportTo = append(m.DefaultDestinationRuleExportTo, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex + case 34: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field RootNamespace", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowConfig + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthConfig + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.RootNamespace = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 35: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field LocalityLbSetting", wireType) } @@ -2282,7 +2591,7 @@ func (m *ConfigSource) Unmarshal(dAtA []byte) error { return io.ErrUnexpectedEOF } if m.TlsSettings == nil { - m.TlsSettings = &istio_networking_v1alpha33.TLSSettings{} + m.TlsSettings = &istio_networking_v1alpha31.TLSSettings{} } if err := m.TlsSettings.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { return err @@ -2823,91 +3132,97 @@ var ( func init() { proto.RegisterFile("mesh/v1alpha1/config.proto", fileDescriptorConfig) } var fileDescriptorConfig = []byte{ - // 1367 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0xef, 0x72, 0xd3, 0x48, - 0x12, 0x8f, 0x1c, 0x43, 0x4c, 0xfb, 0x4f, 0xe4, 0x09, 0x01, 0x61, 0xee, 0x82, 0xf1, 0x15, 0x90, - 0x4a, 0x5d, 0x39, 0x47, 0x52, 0x54, 0x01, 0xf7, 0x29, 0x71, 0x1c, 0x48, 0x70, 0xe2, 0x94, 0xac, - 0x70, 0xc7, 0xdd, 0x87, 0xd9, 0x89, 0x34, 0xb6, 0x67, 0x23, 0x6b, 0x54, 0x9a, 0x51, 0xc0, 0xef, - 0xb4, 0x5b, 0xb5, 0x8f, 0xb1, 0x1f, 0xf7, 0x11, 0xb6, 0x78, 0x83, 0x7d, 0x83, 0xad, 0x99, 0x91, - 0x12, 0x03, 0x2e, 0xb2, 0xec, 0x7e, 0xd3, 0xfc, 0xfa, 0xd7, 0xdd, 0xd3, 0xbf, 0xee, 0x19, 0x0d, - 0x34, 0x26, 0x54, 0x8c, 0x37, 0x2f, 0x9e, 0x92, 0x30, 0x1e, 0x93, 0xa7, 0x9b, 0x3e, 0x8f, 0x86, - 0x6c, 0xd4, 0x8e, 0x13, 0x2e, 0x39, 0x5a, 0x61, 0x42, 0x32, 0xde, 0x56, 0x8c, 0x76, 0xce, 0x68, - 0xac, 0x8d, 0x38, 0x1f, 0x85, 0x74, 0x53, 0x53, 0xce, 0xd2, 0xe1, 0x66, 0x90, 0x26, 0x44, 0x32, - 0x1e, 0x19, 0xa7, 0xc6, 0xbd, 0x4f, 0x03, 0xc6, 0x09, 0xff, 0x30, 0xcd, 0x4c, 0x1b, 0x11, 0x95, - 0xef, 0x79, 0x72, 0xce, 0xa2, 0x51, 0x4e, 0xd8, 0xde, 0x0c, 0xa8, 0x90, 0x2c, 0xd2, 0x11, 0x70, - 0x92, 0x86, 0xd4, 0x70, 0x5b, 0xbf, 0xd9, 0x00, 0x47, 0x54, 0x8c, 0x3b, 0x7a, 0x43, 0xe8, 0x9f, - 0x80, 0x26, 0xec, 0x03, 0x4d, 0xb0, 0x3f, 0xa6, 0xfe, 0x39, 0x16, 0x34, 0xb9, 0xa0, 0x89, 0x63, - 0x35, 0xad, 0xf5, 0x5b, 0xae, 0xad, 0x2d, 0x1d, 0x65, 0x18, 0x68, 0x1c, 0xb5, 0x61, 0xc5, 0xb0, - 0x13, 0x1a, 0xf3, 0x44, 0xe6, 0xf4, 0x82, 0xa6, 0xd7, 0xb5, 0xc9, 0xd5, 0x96, 0x8c, 0xbf, 0x05, - 0xab, 0x01, 0x13, 0xe4, 0x2c, 0xa4, 0x38, 0xe6, 0x21, 0xf3, 0xa7, 0x26, 0x8d, 0x70, 0x16, 0x9b, - 0xd6, 0x7a, 0xc9, 0x5d, 0xc9, 0x8c, 0x27, 0xda, 0xa6, 0x13, 0x09, 0xb4, 0x01, 0x75, 0x5d, 0x1b, - 0x0e, 0x99, 0x90, 0x34, 0xc2, 0x2a, 0x9c, 0x53, 0x6c, 0x5a, 0xeb, 0x37, 0xdc, 0x65, 0x6d, 0xe8, - 0x69, 0xfc, 0x84, 0x27, 0x12, 0x3d, 0x06, 0x03, 0xe1, 0xb1, 0x94, 0xb1, 0x61, 0xde, 0xd0, 0xcc, - 0xaa, 0x86, 0x5f, 0x4b, 0x19, 0x6b, 0xde, 0x2e, 0x2c, 0xfb, 0x3c, 0x8a, 0xa8, 0x2f, 0xb1, 0x64, - 0x13, 0xca, 0x53, 0xe9, 0xdc, 0x6c, 0x5a, 0xeb, 0xe5, 0xad, 0x7b, 0x6d, 0xa3, 0x7a, 0x3b, 0x57, - 0xbd, 0xbd, 0x97, 0xa9, 0xee, 0xd6, 0x32, 0x0f, 0xcf, 0x38, 0xa0, 0x7f, 0x40, 0x95, 0x45, 0xa3, - 0x84, 0x0a, 0x81, 0xfd, 0x90, 0x08, 0xe1, 0x2c, 0xe9, 0xaa, 0x2b, 0x19, 0xd8, 0x51, 0x18, 0x7a, - 0x02, 0xcb, 0x39, 0x49, 0x69, 0xc3, 0x7c, 0xea, 0x94, 0x34, 0xad, 0x96, 0xc1, 0x03, 0x83, 0xa2, - 0x09, 0xdc, 0xbd, 0x8c, 0xc6, 0x23, 0x99, 0xf0, 0x30, 0xa4, 0x09, 0x9e, 0xf0, 0x80, 0x3a, 0xb7, - 0x9a, 0xd6, 0x7a, 0x6d, 0xeb, 0x59, 0x7b, 0xce, 0x90, 0xb4, 0xaf, 0x3a, 0xd7, 0x3e, 0xc8, 0xf2, - 0x5e, 0x7a, 0x1f, 0xf1, 0x80, 0xba, 0xab, 0x6c, 0x1e, 0x8c, 0xfa, 0x50, 0x26, 0xa9, 0x1c, 0x67, - 0x5d, 0x70, 0x40, 0xa7, 0xd8, 0xb8, 0x2e, 0xc5, 0x4e, 0x2a, 0xc7, 0xa6, 0x37, 0xbb, 0x05, 0xc7, - 0x72, 0x81, 0x5c, 0xae, 0xd1, 0x01, 0xd4, 0x93, 0x40, 0xe0, 0x84, 0x0e, 0x13, 0x2a, 0xc6, 0x38, - 0xa0, 0x21, 0x99, 0x3a, 0xe5, 0x6b, 0x34, 0xd5, 0x51, 0x96, 0x93, 0x40, 0xb8, 0xc6, 0x6d, 0x4f, - 0x79, 0xa1, 0x47, 0x50, 0xa3, 0x91, 0x9e, 0x11, 0x99, 0x10, 0x9f, 0x45, 0x23, 0xa7, 0xa2, 0xa7, - 0xa3, 0x6a, 0x50, 0xcf, 0x80, 0xaa, 0xd7, 0xc4, 0xf7, 0x95, 0x60, 0x21, 0x1f, 0xe1, 0x21, 0x0b, - 0xa9, 0x53, 0xd5, 0xd2, 0x56, 0x0d, 0xdc, 0xe3, 0xa3, 0x7d, 0x16, 0x52, 0xf4, 0x0a, 0x6a, 0x01, - 0x1d, 0x92, 0x34, 0x94, 0xd8, 0x1c, 0x3a, 0xa7, 0xa6, 0xb7, 0xd5, 0x9c, 0x5b, 0xed, 0x89, 0x9a, - 0x13, 0x53, 0xae, 0x5b, 0xcd, 0xfc, 0xb2, 0xa3, 0xf1, 0x04, 0xaa, 0x66, 0xd8, 0x49, 0x10, 0x28, - 0x49, 0x1d, 0x5b, 0xa5, 0xd3, 0x35, 0x54, 0xb4, 0x61, 0xc7, 0xe0, 0xaa, 0x97, 0x3c, 0x95, 0x67, - 0x3c, 0x8d, 0x02, 0x55, 0xc2, 0x70, 0xc8, 0xfc, 0x5c, 0xe8, 0xba, 0x4e, 0x7d, 0x6d, 0x2f, 0xfb, - 0x99, 0xbb, 0x67, 0xbc, 0x8d, 0xc6, 0xee, 0x2a, 0x9f, 0x07, 0xa3, 0x3d, 0x78, 0x90, 0xe9, 0xe5, - 0x87, 0x8c, 0x46, 0x12, 0x0b, 0x16, 0x7c, 0x7a, 0xbe, 0x9c, 0x15, 0x2d, 0xe0, 0x7d, 0x43, 0xeb, - 0x68, 0xd6, 0x80, 0x05, 0xb3, 0xe7, 0x0c, 0x35, 0xa1, 0x22, 0x02, 0x81, 0xd3, 0x40, 0xe0, 0x98, - 0xc8, 0xb1, 0x73, 0x5b, 0x6b, 0x09, 0x22, 0x10, 0xa7, 0x81, 0x38, 0x21, 0x72, 0xac, 0x5a, 0x2c, - 0xbe, 0x68, 0xf1, 0xea, 0x1f, 0x6a, 0xb1, 0xf8, 0xac, 0xc5, 0xaf, 0xa1, 0x66, 0x7a, 0x81, 0x05, - 0x4f, 0x13, 0x9f, 0x0a, 0xe7, 0x4e, 0x73, 0x71, 0xbd, 0xbc, 0xf5, 0x70, 0xae, 0x30, 0x46, 0x94, - 0x81, 0x66, 0xba, 0x55, 0x7f, 0x66, 0x25, 0xd0, 0x36, 0xdc, 0xc9, 0x8a, 0x57, 0x7b, 0x93, 0xfc, - 0x9c, 0x46, 0x78, 0xc2, 0xd3, 0x48, 0x3a, 0x77, 0xcd, 0x95, 0x62, 0xac, 0x83, 0x40, 0x78, 0xca, - 0x76, 0xa4, 0x4c, 0xea, 0x4a, 0x99, 0x1d, 0x1d, 0x9e, 0x4c, 0x88, 0x74, 0x1c, 0x5d, 0xf0, 0xf2, - 0xd5, 0xf0, 0x68, 0x58, 0x25, 0x98, 0x95, 0x12, 0x0f, 0x09, 0x0b, 0x31, 0x8f, 0x69, 0xe4, 0xdc, - 0x33, 0x09, 0xe2, 0x2b, 0x11, 0xf7, 0x09, 0x0b, 0xfb, 0x31, 0x8d, 0xd0, 0x43, 0xa8, 0xc8, 0x24, - 0x15, 0x12, 0x07, 0x7c, 0x42, 0x58, 0xe4, 0x34, 0x74, 0xec, 0xb2, 0xc6, 0xf6, 0x34, 0x84, 0x08, - 0xac, 0xcc, 0xec, 0x81, 0x46, 0x3e, 0x0f, 0xd4, 0xa8, 0xdf, 0xd7, 0x27, 0xf1, 0xe9, 0xb5, 0x27, - 0x31, 0xdf, 0x65, 0x37, 0x73, 0x74, 0xeb, 0xe4, 0x73, 0x08, 0x71, 0xa8, 0x4a, 0x3f, 0xc6, 0xe7, - 0x94, 0xc6, 0x24, 0x64, 0x17, 0xd4, 0xf9, 0x9b, 0x6e, 0xd6, 0x61, 0x16, 0xfc, 0xea, 0x27, 0x91, - 0xa7, 0xd8, 0x56, 0x52, 0xab, 0x3b, 0x8e, 0xf1, 0xe8, 0x84, 0xf3, 0x70, 0x40, 0xa5, 0x64, 0xd1, - 0x48, 0xb4, 0xbd, 0xce, 0xc9, 0xd5, 0xb7, 0x1f, 0xbf, 0xc9, 0x23, 0xba, 0x15, 0x39, 0xb3, 0x42, - 0x1b, 0x80, 0xf4, 0x0c, 0x09, 0x8a, 0xcf, 0x9f, 0x0b, 0x2c, 0x08, 0xfe, 0xfe, 0xbd, 0x74, 0xfe, - 0xae, 0x75, 0xaa, 0xa9, 0x49, 0x12, 0xf4, 0xcd, 0x73, 0x31, 0x20, 0x87, 0xef, 0x25, 0x3a, 0x81, - 0x47, 0x6a, 0x4e, 0x7d, 0x92, 0x60, 0xc9, 0xb1, 0xa4, 0x21, 0x9d, 0x50, 0x99, 0x4c, 0xb1, 0xa0, - 0x42, 0xa8, 0x5f, 0x94, 0x9a, 0xf0, 0x88, 0xc9, 0xa9, 0xb3, 0xa6, 0xdd, 0x1f, 0x66, 0x64, 0x8f, - 0x7b, 0x39, 0x75, 0x60, 0x98, 0x3b, 0x19, 0x11, 0x7d, 0x07, 0x2b, 0x21, 0xf7, 0x49, 0xc8, 0xe4, - 0x14, 0x87, 0x67, 0x58, 0x98, 0x0d, 0x3b, 0x0f, 0x74, 0xd1, 0xff, 0x9a, 0xab, 0x68, 0x2f, 0xe3, - 0xf7, 0x38, 0x09, 0x76, 0x49, 0x48, 0x22, 0x9f, 0x26, 0x59, 0xa1, 0x6e, 0x3d, 0x0f, 0xd6, 0x3b, - 0xcb, 0xa0, 0xc6, 0x8f, 0x16, 0xac, 0xce, 0x3d, 0x9a, 0xe8, 0x18, 0x8a, 0xfa, 0xae, 0xb6, 0x74, - 0xfb, 0x5e, 0xfe, 0xa9, 0xf3, 0xdd, 0xd6, 0x17, 0xb6, 0x8e, 0xd3, 0xda, 0x83, 0xa2, 0xbe, 0xa7, - 0xeb, 0x50, 0x75, 0xbb, 0xaf, 0x0e, 0x06, 0x9e, 0xfb, 0x0e, 0xf7, 0x8f, 0x7b, 0xef, 0xec, 0x05, - 0x54, 0x85, 0x5b, 0x3b, 0xbd, 0x5e, 0xff, 0x3f, 0x78, 0xe7, 0xf8, 0x9d, 0x6d, 0xb5, 0x8a, 0xa5, - 0x82, 0x5d, 0xd8, 0xb8, 0xfd, 0xf6, 0xc0, 0xf5, 0x4e, 0x77, 0x7a, 0x78, 0xd0, 0x75, 0xdf, 0x1e, - 0x74, 0xba, 0x9a, 0xdc, 0x7a, 0x01, 0xab, 0x73, 0xff, 0x0a, 0x68, 0x09, 0x16, 0xfb, 0xfb, 0xfb, - 0xf6, 0x02, 0x2a, 0xc3, 0xd2, 0x5e, 0x77, 0x7f, 0xe7, 0xb4, 0xe7, 0xd9, 0x16, 0x02, 0xb8, 0x39, - 0xf0, 0xdc, 0x83, 0x8e, 0x67, 0x17, 0x5a, 0x8f, 0x01, 0xae, 0x6e, 0x7b, 0x54, 0x82, 0xe2, 0x71, - 0xff, 0xb8, 0x6b, 0x2f, 0xa0, 0x1a, 0xc0, 0xd1, 0xa9, 0xce, 0xe4, 0xf5, 0x06, 0xb6, 0xd5, 0x7a, - 0x02, 0xf5, 0x2f, 0x66, 0x51, 0xd1, 0xbd, 0xee, 0x7f, 0x3d, 0x7b, 0x41, 0x7d, 0x1d, 0x0e, 0xfa, - 0xc7, 0xb6, 0x75, 0x58, 0x2c, 0x2d, 0xdb, 0xf6, 0x61, 0xb1, 0x84, 0xec, 0x95, 0x96, 0x80, 0xca, - 0xec, 0x99, 0x46, 0x0e, 0x2c, 0xe5, 0x77, 0xaa, 0x79, 0x69, 0xe4, 0x4b, 0x74, 0x00, 0x15, 0x19, - 0x8a, 0xbc, 0x97, 0x42, 0xbf, 0x2c, 0xca, 0x5b, 0x8f, 0xbf, 0x32, 0xc1, 0x5e, 0x6f, 0x90, 0x8f, - 0xaa, 0x5b, 0x96, 0xa1, 0xc8, 0x17, 0xad, 0x9f, 0x16, 0xe1, 0xfe, 0x57, 0xfa, 0x8d, 0xfe, 0x0f, - 0x10, 0x30, 0x21, 0x13, 0x76, 0x96, 0x4a, 0xd5, 0x48, 0x75, 0x1f, 0xfd, 0xfb, 0x5b, 0xa7, 0xa6, - 0xbd, 0x77, 0x19, 0xc2, 0x9d, 0x09, 0x87, 0x4e, 0xa1, 0xa4, 0x2e, 0x0e, 0x6e, 0x5e, 0x47, 0x2a, - 0xf4, 0x8b, 0x6f, 0x0e, 0xbd, 0x9f, 0x05, 0x70, 0x2f, 0x43, 0x35, 0x7e, 0xb0, 0x00, 0xae, 0x32, - 0x22, 0x04, 0xc5, 0x61, 0xc2, 0x27, 0x99, 0x88, 0xfa, 0x1b, 0x0d, 0xa0, 0x20, 0x79, 0x96, 0xb3, - 0xf3, 0x17, 0xca, 0x69, 0x7b, 0xbc, 0x1b, 0xc9, 0x64, 0xea, 0x16, 0x24, 0x6f, 0x3c, 0x83, 0xa5, - 0x6c, 0x89, 0x6c, 0x58, 0x3c, 0xa7, 0xd3, 0x2c, 0xa5, 0xfa, 0x44, 0xb7, 0xe1, 0xc6, 0x05, 0x09, - 0x53, 0xaa, 0x9b, 0x55, 0x75, 0xcd, 0xe2, 0x65, 0xe1, 0xb9, 0xd5, 0x68, 0x43, 0x29, 0x2f, 0x62, - 0xee, 0x5e, 0x6b, 0xd9, 0x5e, 0x15, 0x52, 0x90, 0x7c, 0x77, 0xfd, 0xe7, 0x8f, 0x6b, 0xd6, 0x2f, - 0x1f, 0xd7, 0xac, 0x5f, 0x3f, 0xae, 0x59, 0xff, 0x6b, 0x98, 0xcd, 0x33, 0xbe, 0x49, 0x62, 0xb6, - 0xf9, 0xc9, 0xeb, 0xf7, 0xec, 0xa6, 0xfe, 0xf1, 0x6c, 0xff, 0x1e, 0x00, 0x00, 0xff, 0xff, 0x31, - 0xb4, 0x42, 0x7f, 0x66, 0x0b, 0x00, 0x00, + // 1463 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x56, 0xdd, 0x72, 0xdb, 0xb8, + 0x15, 0x0e, 0x65, 0x27, 0x76, 0x8e, 0x7e, 0x4c, 0xc1, 0x71, 0x96, 0x51, 0xba, 0x5e, 0x59, 0x3b, + 0x49, 0x34, 0x9e, 0x8e, 0xdc, 0x38, 0xb3, 0x33, 0xc9, 0xf6, 0xca, 0x91, 0xe4, 0x8d, 0xbd, 0x8a, + 0xe5, 0xa1, 0xe8, 0xb4, 0x69, 0x2f, 0x50, 0x98, 0x84, 0x24, 0xd4, 0x14, 0xc1, 0x21, 0x40, 0x27, + 0x7a, 0xa7, 0x76, 0xa6, 0x8f, 0xd1, 0xcb, 0x3e, 0x42, 0x27, 0x77, 0x7d, 0x8b, 0x0e, 0x7e, 0x68, + 0x29, 0x59, 0xcd, 0xba, 0xdb, 0xbd, 0x23, 0xbe, 0xf3, 0x9d, 0xef, 0x00, 0xe7, 0x1c, 0xe0, 0x10, + 0x1a, 0x33, 0x2a, 0xa6, 0x07, 0xd7, 0xcf, 0x49, 0x9c, 0x4e, 0xc9, 0xf3, 0x83, 0x90, 0x27, 0x63, + 0x36, 0xe9, 0xa4, 0x19, 0x97, 0x1c, 0x6d, 0x33, 0x21, 0x19, 0xef, 0x28, 0x46, 0xa7, 0x60, 0x34, + 0x76, 0x27, 0x9c, 0x4f, 0x62, 0x7a, 0xa0, 0x29, 0x97, 0xf9, 0xf8, 0x20, 0xca, 0x33, 0x22, 0x19, + 0x4f, 0x8c, 0x53, 0xe3, 0xd1, 0xe7, 0x82, 0x69, 0xc6, 0x3f, 0xce, 0xad, 0x69, 0x3f, 0xa1, 0xf2, + 0x03, 0xcf, 0xae, 0x58, 0x32, 0x29, 0x08, 0x2f, 0x0e, 0x22, 0x2a, 0x24, 0x4b, 0xb4, 0x02, 0xce, + 0xf2, 0x98, 0x1a, 0x6e, 0xeb, 0x3f, 0x08, 0xe0, 0x2d, 0x15, 0xd3, 0xae, 0xde, 0x10, 0xfa, 0x2d, + 0xa0, 0x19, 0xfb, 0x48, 0x33, 0x1c, 0x4e, 0x69, 0x78, 0x85, 0x05, 0xcd, 0xae, 0x69, 0xe6, 0x39, + 0x4d, 0xa7, 0x7d, 0xdf, 0x77, 0xb5, 0xa5, 0xab, 0x0c, 0x23, 0x8d, 0xa3, 0x0e, 0x6c, 0x1b, 0x76, + 0x46, 0x53, 0x9e, 0xc9, 0x82, 0x5e, 0xd2, 0xf4, 0xba, 0x36, 0xf9, 0xda, 0x62, 0xf9, 0x87, 0xb0, + 0x13, 0x31, 0x41, 0x2e, 0x63, 0x8a, 0x53, 0x1e, 0xb3, 0x70, 0x6e, 0xc2, 0x08, 0x6f, 0xad, 0xe9, + 0xb4, 0x37, 0xfd, 0x6d, 0x6b, 0x3c, 0xd7, 0x36, 0x1d, 0x48, 0xa0, 0x7d, 0xa8, 0xeb, 0xb3, 0xe1, + 0x98, 0x09, 0x49, 0x13, 0xac, 0xe4, 0xbc, 0xf5, 0xa6, 0xd3, 0xbe, 0xeb, 0x6f, 0x69, 0xc3, 0x40, + 0xe3, 0xe7, 0x3c, 0x93, 0xe8, 0x29, 0x18, 0x08, 0x4f, 0xa5, 0x4c, 0x0d, 0xf3, 0xae, 0x66, 0x56, + 0x35, 0xfc, 0x46, 0xca, 0x54, 0xf3, 0x5e, 0xc3, 0x56, 0xc8, 0x93, 0x84, 0x86, 0x12, 0x4b, 0x36, + 0xa3, 0x3c, 0x97, 0xde, 0xbd, 0xa6, 0xd3, 0x2e, 0x1f, 0x3e, 0xea, 0x98, 0xac, 0x77, 0x8a, 0xac, + 0x77, 0x7a, 0x36, 0xeb, 0x7e, 0xcd, 0x7a, 0x04, 0xc6, 0x01, 0x7d, 0x0b, 0x55, 0x96, 0x4c, 0x32, + 0x2a, 0x04, 0x0e, 0x63, 0x22, 0x84, 0xb7, 0xa1, 0x4f, 0x5d, 0xb1, 0x60, 0x57, 0x61, 0xe8, 0x19, + 0x6c, 0x15, 0x24, 0x95, 0x1b, 0x16, 0x52, 0x6f, 0x53, 0xd3, 0x6a, 0x16, 0x1e, 0x19, 0x14, 0xcd, + 0xe0, 0xab, 0x1b, 0x35, 0x9e, 0xc8, 0x8c, 0xc7, 0x31, 0xcd, 0xf0, 0x8c, 0x47, 0xd4, 0xbb, 0xdf, + 0x74, 0xda, 0xb5, 0xc3, 0xef, 0x3a, 0x2b, 0x9a, 0xa4, 0xb3, 0xa8, 0x5c, 0xe7, 0xc4, 0xc6, 0xbd, + 0xf1, 0x7e, 0xcb, 0x23, 0xea, 0xef, 0xb0, 0x55, 0x30, 0x1a, 0x42, 0x99, 0xe4, 0x72, 0x6a, 0xab, + 0xe0, 0x81, 0x0e, 0xb1, 0x7f, 0x5b, 0x88, 0xa3, 0x5c, 0x4e, 0x4d, 0x6d, 0x5e, 0x97, 0x3c, 0xc7, + 0x07, 0x72, 0xb3, 0x46, 0x27, 0x50, 0xcf, 0x22, 0x81, 0x33, 0x3a, 0xce, 0xa8, 0x98, 0xe2, 0x88, + 0xc6, 0x64, 0xee, 0x95, 0x6f, 0xc9, 0xa9, 0x56, 0xd9, 0xca, 0x22, 0xe1, 0x1b, 0xb7, 0x9e, 0xf2, + 0x42, 0x4f, 0xa0, 0x46, 0x13, 0xdd, 0x23, 0x32, 0x23, 0x21, 0x4b, 0x26, 0x5e, 0x45, 0x77, 0x47, + 0xd5, 0xa0, 0x81, 0x01, 0x55, 0xad, 0x49, 0x18, 0xaa, 0x84, 0xc5, 0x7c, 0x82, 0xc7, 0x2c, 0xa6, + 0x5e, 0x55, 0xa7, 0xb6, 0x6a, 0xe0, 0x01, 0x9f, 0x1c, 0xb3, 0x98, 0xa2, 0x1f, 0xa0, 0x16, 0xd1, + 0x31, 0xc9, 0x63, 0x89, 0xcd, 0xa5, 0xf3, 0x6a, 0x7a, 0x5b, 0xcd, 0x95, 0xa7, 0x3d, 0x57, 0x7d, + 0x62, 0x8e, 0xeb, 0x57, 0xad, 0x9f, 0xbd, 0x1a, 0xcf, 0xa0, 0x6a, 0x9a, 0x9d, 0x44, 0x91, 0x4a, + 0xa9, 0xe7, 0xaa, 0x70, 0xfa, 0x0c, 0x15, 0x6d, 0x38, 0x32, 0xb8, 0xaa, 0x25, 0xcf, 0xe5, 0x25, + 0xcf, 0x93, 0x48, 0x1d, 0x61, 0x3c, 0x66, 0x61, 0x91, 0xe8, 0xba, 0x0e, 0x7d, 0x6b, 0x2d, 0x87, + 0xd6, 0x3d, 0x30, 0xde, 0x26, 0xc7, 0xfe, 0x0e, 0x5f, 0x05, 0xa3, 0x1e, 0x7c, 0x63, 0xf3, 0x15, + 0xc6, 0x8c, 0x26, 0x12, 0x0b, 0x16, 0x7d, 0x7e, 0xbf, 0xbc, 0x6d, 0x9d, 0xc0, 0xc7, 0x86, 0xd6, + 0xd5, 0xac, 0x11, 0x8b, 0x96, 0xef, 0x19, 0x6a, 0x42, 0x45, 0x44, 0x02, 0xe7, 0x91, 0xc0, 0x29, + 0x91, 0x53, 0xef, 0x81, 0xce, 0x25, 0x88, 0x48, 0x5c, 0x44, 0xe2, 0x9c, 0xc8, 0xa9, 0x2a, 0xb1, + 0xf8, 0x49, 0x89, 0x77, 0xfe, 0xa7, 0x12, 0x8b, 0x2f, 0x4a, 0xfc, 0x06, 0x6a, 0xa6, 0x16, 0x58, + 0xf0, 0x3c, 0x0b, 0xa9, 0xf0, 0x1e, 0x36, 0xd7, 0xda, 0xe5, 0xc3, 0xbd, 0x95, 0x89, 0x31, 0x49, + 0x19, 0x69, 0xa6, 0x5f, 0x0d, 0x97, 0x56, 0x02, 0xbd, 0x80, 0x87, 0xf6, 0xf0, 0x6a, 0x6f, 0x92, + 0x5f, 0xd1, 0x04, 0xcf, 0x78, 0x9e, 0x48, 0xef, 0x2b, 0xf3, 0xa4, 0x18, 0xeb, 0x28, 0x12, 0x81, + 0xb2, 0xbd, 0x55, 0x26, 0xf5, 0xa4, 0x2c, 0xb7, 0x0e, 0xcf, 0x66, 0x44, 0x7a, 0x9e, 0x3e, 0xf0, + 0xd6, 0xa2, 0x79, 0x34, 0xac, 0x02, 0x2c, 0xa7, 0x12, 0x8f, 0x09, 0x8b, 0x31, 0x4f, 0x69, 0xe2, + 0x3d, 0x32, 0x01, 0xd2, 0x45, 0x12, 0x8f, 0x09, 0x8b, 0x87, 0x29, 0x4d, 0xd0, 0x1e, 0x54, 0x64, + 0x96, 0x0b, 0x89, 0x23, 0x3e, 0x23, 0x2c, 0xf1, 0x1a, 0x5a, 0xbb, 0xac, 0xb1, 0x9e, 0x86, 0x10, + 0x81, 0xed, 0xa5, 0x3d, 0xd0, 0x24, 0xe4, 0x91, 0x6a, 0xf5, 0xc7, 0xfa, 0x26, 0x3e, 0xbf, 0xf5, + 0x26, 0x16, 0xbb, 0xec, 0x5b, 0x47, 0xbf, 0x4e, 0xbe, 0x84, 0x10, 0x87, 0xaa, 0x0c, 0x53, 0x7c, + 0x45, 0x69, 0x4a, 0x62, 0x76, 0x4d, 0xbd, 0xdf, 0xe8, 0x62, 0x9d, 0x5a, 0xf1, 0xc5, 0x90, 0x28, + 0x42, 0xbc, 0x50, 0xa9, 0x56, 0x6f, 0x1c, 0xe3, 0xc9, 0x39, 0xe7, 0xf1, 0x88, 0x4a, 0xc9, 0x92, + 0x89, 0xe8, 0x04, 0xdd, 0xf3, 0xc5, 0x77, 0x98, 0xfe, 0x58, 0x28, 0xfa, 0x15, 0xb9, 0xb4, 0x42, + 0xfb, 0x80, 0x74, 0x0f, 0x09, 0x8a, 0xaf, 0x5e, 0x0a, 0x2c, 0x08, 0xfe, 0xeb, 0x07, 0xe9, 0x7d, + 0xad, 0xf3, 0x54, 0x53, 0x9d, 0x24, 0xe8, 0x8f, 0x2f, 0xc5, 0x88, 0x9c, 0x7e, 0x90, 0xe8, 0x1c, + 0x9e, 0xa8, 0x3e, 0x0d, 0x49, 0x86, 0x25, 0xc7, 0x92, 0xc6, 0x74, 0x46, 0x65, 0x36, 0xc7, 0x82, + 0x0a, 0xa1, 0x46, 0x94, 0xea, 0xf0, 0x84, 0xc9, 0xb9, 0xb7, 0xab, 0xdd, 0xf7, 0x2c, 0x39, 0xe0, + 0x41, 0x41, 0x1d, 0x19, 0xe6, 0x91, 0x25, 0xa2, 0x57, 0xf0, 0xa8, 0xb8, 0xe8, 0xf6, 0xad, 0xc5, + 0xf4, 0xa3, 0x1e, 0x4b, 0x92, 0x7b, 0xdf, 0x34, 0xd7, 0xda, 0xf7, 0xfd, 0x87, 0x96, 0x60, 0x5f, + 0xdd, 0xbe, 0x36, 0x07, 0x1c, 0xbd, 0x81, 0xbd, 0xc2, 0xf5, 0x9a, 0x65, 0x32, 0x27, 0xf1, 0x0a, + 0x89, 0xa6, 0x96, 0xf8, 0xda, 0x12, 0xdf, 0x19, 0xde, 0x97, 0x4a, 0xa7, 0xd0, 0x2a, 0x94, 0xbe, + 0x1c, 0xb8, 0x4b, 0x52, 0x7b, 0x5a, 0x6a, 0xd7, 0x32, 0x7b, 0x0b, 0xa2, 0x9f, 0xc7, 0x0b, 0xad, + 0x27, 0x50, 0xcb, 0x38, 0x97, 0x38, 0x21, 0x33, 0x2a, 0x52, 0x12, 0x52, 0xaf, 0x65, 0x1e, 0x38, + 0x85, 0x9e, 0x15, 0x20, 0xfa, 0x0b, 0x6c, 0xc7, 0x3c, 0x24, 0x31, 0x93, 0x73, 0x1c, 0x5f, 0x62, + 0x61, 0x0a, 0xe5, 0x7d, 0xab, 0x8b, 0xfd, 0xbb, 0x95, 0x9d, 0x34, 0xb0, 0xfc, 0x01, 0x27, 0xd1, + 0x6b, 0x12, 0x93, 0x24, 0xa4, 0x99, 0x2d, 0xb0, 0x5f, 0x2f, 0xc4, 0x06, 0x97, 0x16, 0x6a, 0xfc, + 0xdd, 0x81, 0x9d, 0x95, 0x4f, 0x12, 0x3a, 0x83, 0x75, 0x3d, 0xa3, 0x1c, 0xdd, 0xb6, 0xdf, 0xff, + 0x5f, 0xef, 0x5a, 0x47, 0x0f, 0x2a, 0xad, 0xd3, 0xea, 0xc1, 0xba, 0x9e, 0x4f, 0x75, 0xa8, 0xfa, + 0xfd, 0x1f, 0x4e, 0x46, 0x81, 0xff, 0x1e, 0x0f, 0xcf, 0x06, 0xef, 0xdd, 0x3b, 0xa8, 0x0a, 0xf7, + 0x8f, 0x06, 0x83, 0xe1, 0x1f, 0xf0, 0xd1, 0xd9, 0x7b, 0xd7, 0x69, 0xad, 0x6f, 0x96, 0xdc, 0xd2, + 0xfe, 0x83, 0x77, 0x27, 0x7e, 0x70, 0x71, 0x34, 0xc0, 0xa3, 0xbe, 0xff, 0xee, 0xa4, 0xdb, 0xd7, + 0xe4, 0xd6, 0x2b, 0xd8, 0x59, 0x39, 0x0d, 0xd1, 0x06, 0xac, 0x0d, 0x8f, 0x8f, 0xdd, 0x3b, 0xa8, + 0x0c, 0x1b, 0xbd, 0xfe, 0xf1, 0xd1, 0xc5, 0x20, 0x70, 0x1d, 0x04, 0x70, 0x6f, 0x14, 0xf8, 0x27, + 0xdd, 0xc0, 0x2d, 0xb5, 0x9e, 0x02, 0x2c, 0xa6, 0x1c, 0xda, 0x84, 0xf5, 0xb3, 0xe1, 0x59, 0xdf, + 0xbd, 0x83, 0x6a, 0x00, 0x6f, 0x2f, 0x74, 0xa4, 0x60, 0x30, 0x72, 0x9d, 0xd6, 0x33, 0xa8, 0xff, + 0xe4, 0x0e, 0x2a, 0x7a, 0xd0, 0xff, 0x63, 0xe0, 0xde, 0x51, 0x5f, 0xa7, 0xa3, 0xe1, 0x99, 0xeb, + 0x9c, 0xae, 0x6f, 0x6e, 0xb9, 0xee, 0xe9, 0xfa, 0x26, 0x72, 0xb7, 0x5b, 0x02, 0x2a, 0xcb, 0x6f, + 0x19, 0xf2, 0x60, 0xa3, 0x98, 0x25, 0xe6, 0x0f, 0xab, 0x58, 0xa2, 0x13, 0xa8, 0xc8, 0x58, 0x14, + 0xb5, 0x14, 0xfa, 0x8f, 0xaa, 0x7c, 0xf8, 0xf4, 0x67, 0x6e, 0x6e, 0x30, 0x18, 0x15, 0x57, 0xd4, + 0x2f, 0xcb, 0x58, 0x14, 0x8b, 0xd6, 0x3f, 0xd6, 0xe0, 0xf1, 0xcf, 0xd4, 0x1b, 0xfd, 0x19, 0x20, + 0x62, 0x42, 0x66, 0xec, 0x32, 0x97, 0xaa, 0x90, 0xea, 0x1d, 0xfe, 0xfd, 0x2f, 0xed, 0x9a, 0x4e, + 0xef, 0x46, 0xc2, 0x5f, 0x92, 0x43, 0x17, 0xb0, 0xa9, 0x1e, 0x4c, 0x6e, 0xfe, 0x0a, 0x95, 0xf4, + 0xab, 0x5f, 0x2c, 0x7d, 0x6c, 0x05, 0xfc, 0x1b, 0xa9, 0xc6, 0xdf, 0x1c, 0x80, 0x45, 0x44, 0x84, + 0x60, 0x7d, 0x9c, 0xf1, 0x99, 0x4d, 0xa2, 0xfe, 0x46, 0x23, 0x28, 0x49, 0x6e, 0x63, 0x76, 0x7f, + 0xc5, 0x71, 0x3a, 0x01, 0xef, 0x27, 0x32, 0x9b, 0xfb, 0x25, 0xc9, 0x1b, 0xdf, 0xc1, 0x86, 0x5d, + 0x22, 0x17, 0xd6, 0xae, 0xe8, 0xdc, 0x86, 0x54, 0x9f, 0xe8, 0x01, 0xdc, 0xbd, 0x26, 0x71, 0x4e, + 0x75, 0xb1, 0xaa, 0xbe, 0x59, 0x7c, 0x5f, 0x7a, 0xe9, 0x34, 0x3a, 0xb0, 0x59, 0x1c, 0x62, 0xe5, + 0x5e, 0x6b, 0x76, 0xaf, 0x0a, 0x29, 0x49, 0xfe, 0xba, 0xfd, 0xcf, 0x4f, 0xbb, 0xce, 0xbf, 0x3e, + 0xed, 0x3a, 0xff, 0xfe, 0xb4, 0xeb, 0xfc, 0xa9, 0x61, 0x36, 0xcf, 0xf8, 0x01, 0x49, 0xd9, 0xc1, + 0x67, 0x7f, 0xfd, 0x97, 0xf7, 0xf4, 0xc0, 0x7d, 0xf1, 0xdf, 0x00, 0x00, 0x00, 0xff, 0xff, 0xe4, + 0xc5, 0xfa, 0x45, 0x5e, 0x0c, 0x00, 0x00, } diff --git a/mesh/v1alpha1/config.proto b/mesh/v1alpha1/config.proto index ba2c909cc3..d3154a03bd 100644 --- a/mesh/v1alpha1/config.proto +++ b/mesh/v1alpha1/config.proto @@ -195,9 +195,6 @@ message MeshConfig { // can be configured for a single control plane. repeated ConfigSource config_sources = 22; - // Locality based load balancing distribution or failover settings. - LocalityLoadBalancerSetting locality_lb_setting = 31; - // $hide_from_docs // This flag is used by secret discovery service(SDS). // If set to true(prerequisite: https://kubernetes.io/docs/concepts/storage/volumes/#projected), Istio will inject volumes mount @@ -221,7 +218,71 @@ message MeshConfig { string trust_domain = 26; // $hide_from_docs - // Next available field number: 32 + // The default value for the ServiceEntry.export_to field and services + // imported through container registry integrations, e.g. this applies to + // Kubernetes Service resources. The value is a list of namespace names and + // reserved namespace aliases. The allowed namespace aliases are: + // + // * - All Namespaces + // . - Current Namespace + // ~ - No Namespace + // + // If not set the system will use "*" as the default value which implies that + // services are exported to all namespaces. + // + // 'All namespaces' is a reasonable default for implementations that don't + // need to restrict access or visibility of services across namespace + // boundaries. If that requirement is present it is generally good practice to + // make the default 'Current namespace' so that services are only visible + // within their own namespaces by default. Operators can then expand the + // visibility of services to other namespaces as needed. Use of 'No Namespace' + // is expected to be rare but can have utility for deployments where + // dependency management needs to be precise even within the scope of a single + // namespace. + // + // For further discussion see the reference documentation for ServiceEntry, + // Sidecar, and Gateway. + repeated string default_service_export_to = 31; + + // $hide_from_docs + // The default value for the VirtualService.export_to field. Has the same + // syntax as 'default_service_export_to'. + // + // If not set the system will use "*" as the default value which implies that + // virtual services are exported to all namespaces + repeated string default_virtual_service_export_to = 32; + + // $hide_from_docs + // The default value for the DestinationRule.export_to field. Has the same + // syntax as 'default_service_export_to'. + // + // If not set the system will use "*" as the default value which implies that + // destination rules are exported to all namespaces + repeated string default_destination_rule_export_to = 33; + + // $hide_from_docs + // The namespace to treat as the administrative root namespace for + // istio configuration. When processing a leaf namespace Istio will search for + // declarations in that namespace first and if none are found it will + // search in the root namespace. Any matching declaration found in the root + // namespace is processed as if it were declared in the leaf namespace. + // + // The precise semantics of this processing are documented on each resource + // type. + // + // There is no default value for this flag in 1.1 but in later releases it + // is expected to default to a new namespace, "istio-config", which is + // maintained separately from the "istio-system" namespace where an instance + // of the control plane runtime is deployed. This separates the concerns of + // configuring the control-plane runtime from configuration of the mesh. + string root_namespace = 34; + + // Locality based load balancing distribution or failover settings. + LocalityLoadBalancerSetting locality_lb_setting = 35; + + + // $hide_from_docs + // Next available field number: 36 } // ConfigSource describes information about a configuration store inside a @@ -240,60 +301,88 @@ message ConfigSource { } -// The following example sets up locality weight for mesh wide service -// Assume a service resides in "region1/zone1/*" and "region1/zone2/*", -// and originating clusters also reside in "region1/zone1/*" and "region1/zone2/*". -// This example specifies when clusters from "region1/zone1/*" accessing the service, 80% of the traffic -// is shipped to "region1/zone1/*" ratings service endpoints, and the rest 20% to "region1/zone2/*". +// Locality-weighted load balancing allows administrators to control the +// distribution of traffic to endpoints based on the localities of where the +// traffic originates and where it will terminate. These localities are +// specified using arbitrary labels that designate a hierarchy of localities in +// {region}/{zone}/{sub-zone} form. For additional detail refer to +// https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing/locality_weight +// The following example shows how to setup locality weights mesh-wide. +// +// Given a mesh with workloads and their service deployed to "us-west/zone1/*" +// and "us-west/zone2/*". This example specifies that when traffic accessing a +// service originates from workloads in "us-west/zone1/*", 80% of the traffic +// will be sent to endpoints in "us-west/zone1/*", i.e the same zone, and the +// remaining 20% will go to endpoints in "us-west/zone2/*". This setup is +// intended to favor routing traffic to endpoints in the same locality. +// A similar setting is specified for traffic originating in "us-west/zone2/*". // // ```yaml // distribute: -// - from: region1/zone1/* +// - from: us-west/zone1/* // to: -// "region1/zone1/*": 80 -// "region1/zone2/*": 20 -// - from: region1/zone2/* +// "us-west/zone1/*": 80 +// "us-west/zone2/*": 20 +// - from: us-west/zone2/* // to: -// "region1/zone1/*": 20 -// "region1/zone2/*": 80 +// "us-west/zone1/*": 20 +// "us-west/zone2/*": 80 // ``` // -// The following example sets up locality failover policy for the ratings service -// Assume a service resides in "region1" "region2" and "region3", -// This example specifies when clusters from "region1/zone1" accessing the service, -// if endpoints in "region1" becomes unhealthy, traffic will begin to trickle to "region2". +// If the goal of the operator is not to distribute load across zones and +// regions but rather to restrict the regionality of failover to meet other +// operational requirements an operator can set a 'failover' policy instead of +// a 'distribute' policy. +// +// The following example sets up a locality failover policy for regions. +// Assume a service resides in zones within us-east, us-west & eu-west +// this example specifies that when endpoints within us-east become unhealthy +// traffic should failover to endpoints in any zone or sub-zone within eu-west +// and similarly us-west should failover to us-east. // // ```yaml // failover: -// - from: region1 -// to: region2 +// - from: us-east +// to: eu-west +// - from: us-west +// to: us-east // ``` // Locality load balancing settings. message LocalityLoadBalancerSetting{ - // Originating -> upstream cluster locality weight set, support wildcard matching '*' - // '*' matches all localities - // 'region1/*' matches all zones in region1 + // Describes how traffic originating in the 'from' zone or sub-zone is + // distributed over a set of 'to' zones. Syntax for specifying a zone is + // {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any + // segment of the specification. Examples: + // * - matches all localities + // us-west/* - all zones and sub-zones within the us-west region + // us-west/zone-1/* - all sub-zones within us-west/zone-1 message Distribute{ // Originating locality, '/' separated, e.g. 'region/zone/sub_zone'. string from = 1; - // Upstream locality to loadbalancing weight map. The sum of all weights should be == 100. - // Should assign load balancing weight for all localities, otherwise the traffic are not routed - // following the percentage of weight. + // Map of upstream localities to traffic distribution weights. The sum of + // all weights should be == 100. Any locality not assigned a weight will + // receive no traffic. map to = 2; }; - // Specify the traffic failover policy. - // As zone and sub_zone failover is supported by default, only region can be specified here. + // Specify the traffic failover policy across regions. Since zone and sub-zone + // failover is supported by default this only needs to be specified for + // regions when the operator needs to constrain traffic failover so that + // the default behavior of failing over to any endpoint globally does not + // apply. This is useful when failing over traffic across regions would not + // improve service health or may need to be restricted for other reasons + // like regulatory controls. message Failover{ // Originating region. string from = 1; - // Destination region the traffic will fail over to when endpoints in local region becomes unhealthy. + // Destination region the traffic will fail over to when endpoints in + // the 'from' region becomes unhealthy. string to = 2; }; - // Optional: only distribute or failover can be set. + // Optional: only one of distribute or failover can be set. // Explicitly specify loadbalancing weight across different zones and geographical locations. // Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing.html?highlight=load_balancing_weight#locality-weighted-load-balancing) // If empty, the locality weight is set according to the endpoints number within it. diff --git a/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html b/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html index b2d788735e..5b63b96c6e 100644 --- a/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html +++ b/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html @@ -86,31 +86,49 @@

ConfigSource

LocalityLoadBalancerSetting

-

The following example sets up locality weight for mesh wide service -Assume a service resides in “region1/zone1/” and “region1/zone2/”, -and originating clusters also reside in “region1/zone1/” and “region1/zone2/”. -This example specifies when clusters from “region1/zone1/” accessing the service, 80% of the traffic -is shipped to “region1/zone1/” ratings service endpoints, and the rest 20% to “region1/zone2/*”.

+

Locality-weighted load balancing allows administrators to control the +distribution of traffic to endpoints based on the localities of where the +traffic originates and where it will terminate. These localities are +specified using arbitrary labels that designate a hierarchy of localities in +{region}/{zone}/{sub-zone} form. For additional detail refer to +https://www.envoyproxy.io/docs/envoy/latest/intro/archoverview/loadbalancing/locality_weight +The following example shows how to setup locality weights mesh-wide.

+ +

Given a mesh with workloads and their service deployed to “us-west/zone1/” +and “us-west/zone2/”. This example specifies that when traffic accessing a +service originates from workloads in “us-west/zone1/”, 80% of the traffic +will be sent to endpoints in “us-west/zone1/”, i.e the same zone, and the +remaining 20% will go to endpoints in “us-west/zone2/”. This setup is +intended to favor routing traffic to endpoints in the same locality. +A similar setting is specified for traffic originating in “us-west/zone2/”.

  distribute:
-    - from: region1/zone1/*
+    - from: us-west/zone1/*
       to:
-        "region1/zone1/*": 80
-        "region1/zone2/*": 20
-    - from: region1/zone2/*
+        "us-west/zone1/*": 80
+        "us-west/zone2/*": 20
+    - from: us-west/zone2/*
       to:
-        "region1/zone1/*": 20
-        "region1/zone2/*": 80
+        "us-west/zone1/*": 20
+        "us-west/zone2/*": 80
-

The following example sets up locality failover policy for the ratings service -Assume a service resides in “region1” “region2” and “region3”, -This example specifies when clusters from “region1/zone1” accessing the service, -if endpoints in “region1” becomes unhealthy, traffic will begin to trickle to “region2”.

+

If the goal of the operator is not to distribute load across zones and +regions but rather to restrict the regionality of failover to meet other +operational requirements an operator can set a ‘failover’ policy instead of +a ‘distribute’ policy.

+ +

The following example sets up a locality failover policy for regions. +Assume a service resides in zones within us-east, us-west & eu-west +this example specifies that when endpoints within us-east become unhealthy +traffic should failover to endpoints in any zone or sub-zone within eu-west +and similarly us-west should failover to us-east.

 failover:
-   - from: region1
-     to: region2
+   - from: us-east
+     to: eu-west
+   - from: us-west
+     to: us-east

Locality load balancing settings.

@@ -128,7 +146,7 @@

LocalityLoadBalancerSetting

distribute LocalityLoadBalancerSetting.Distribute[] -

Optional: only distribute or failover can be set. +

Optional: only one of distribute or failover can be set. Explicitly specify loadbalancing weight across different zones and geographical locations. Refer to Locality weighted load balancing If empty, the locality weight is set according to the endpoints number within it.

@@ -151,9 +169,13 @@

LocalityLoadBalancerSetting

LocalityLoadBalancerSetting.Distribute

-

Originating -> upstream cluster locality weight set, support wildcard matching ‘’ -‘’ matches all localities -‘region1/*’ matches all zones in region1

+

Describes how traffic originating in the ‘from’ zone or sub-zone is +distributed over a set of ‘to’ zones. Syntax for specifying a zone is +{region}/{zone}/{sub-zone} and terminal wildcards are allowed on any +segment of the specification. Examples: +* - matches all localities +us-west/* - all zones and sub-zones within the us-west region +us-west/zone-1/* - all sub-zones within us-west/zone-1

@@ -176,9 +198,9 @@

LocalityLoadBalancerSetting.Dist

@@ -187,8 +209,13 @@

LocalityLoadBalancerSetting.Dist

LocalityLoadBalancerSetting.Failover

-

Specify the traffic failover policy. -As zone and sub_zone failover is supported by default, only region can be specified here.

+

Specify the traffic failover policy across regions. Since zone and sub-zone +failover is supported by default this only needs to be specified for +regions when the operator needs to constrain traffic failover so that +the default behavior of failing over to any endpoint globally does not +apply. This is useful when failing over traffic across regions would not +improve service health or may need to be restricted for other reasons +like regulatory controls.

to map<string, uint32> -

Upstream locality to loadbalancing weight map. The sum of all weights should be == 100. -Should assign load balancing weight for all localities, otherwise the traffic are not routed -following the percentage of weight.

+

Map of upstream localities to traffic distribution weights. The sum of +all weights should be == 100. Any locality not assigned a weight will +receive no traffic.
@@ -211,7 +238,8 @@

LocalityLoadBalancerSetting.Failov

@@ -438,14 +466,6 @@

MeshConfig

rules, and other Istio configuration artifacts. Multiple data sources can be configured for a single control plane.

- - - - - - @@ -456,6 +476,14 @@

MeshConfig

Refer to https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md#21-trust-domain Fallback to old identity format(without trust domain) if not set.

+ + + + + + diff --git a/networking/v1alpha3/destination_rule.pb.go b/networking/v1alpha3/destination_rule.pb.go index d857346f74..1dd22cc9fc 100644 --- a/networking/v1alpha3/destination_rule.pb.go +++ b/networking/v1alpha3/destination_rule.pb.go @@ -250,11 +250,11 @@ type DestinationRule struct { // One or more named sets that represent individual versions of a // service. Traffic policies can be overridden at subset level. Subsets []*Subset `protobuf:"bytes,3,rep,name=subsets" json:"subsets,omitempty"` - // The visibility setting associated with this DestinationRule. Set to - // PRIVATE if this destination rule should not be exported, i.e. restrict - // the applicability of this destination rule to only workloads in the same - // namespace as the destination rule. - ConfigScope ConfigScope `protobuf:"varint,4,opt,name=config_scope,json=configScope,proto3,enum=istio.networking.v1alpha3.ConfigScope" json:"config_scope,omitempty"` + // $hide_from_docs + // The resolution of a DestinationRule to apply to a service occurs in the + // context of a hierarchy of namespaces. This rule controls whether those + // namespaces are allowed to select this rule. + ExportTo []string `protobuf:"bytes,4,rep,name=export_to,json=exportTo" json:"export_to,omitempty"` } func (m *DestinationRule) Reset() { *m = DestinationRule{} } @@ -283,11 +283,11 @@ func (m *DestinationRule) GetSubsets() []*Subset { return nil } -func (m *DestinationRule) GetConfigScope() ConfigScope { +func (m *DestinationRule) GetExportTo() []string { if m != nil { - return m.ConfigScope + return m.ExportTo } - return ConfigScope_PUBLIC + return nil } // Traffic policies to apply for a specific destination, across all @@ -1340,10 +1340,20 @@ func (m *DestinationRule) MarshalTo(dAtA []byte) (int, error) { i += n } } - if m.ConfigScope != 0 { - dAtA[i] = 0x20 - i++ - i = encodeVarintDestinationRule(dAtA, i, uint64(m.ConfigScope)) + if len(m.ExportTo) > 0 { + for _, s := range m.ExportTo { + dAtA[i] = 0x22 + i++ + l = len(s) + for l >= 1<<7 { + dAtA[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + dAtA[i] = uint8(l) + i++ + i += copy(dAtA[i:], s) + } } return i, nil } @@ -1990,8 +2000,11 @@ func (m *DestinationRule) Size() (n int) { n += 1 + l + sovDestinationRule(uint64(l)) } } - if m.ConfigScope != 0 { - n += 1 + sovDestinationRule(uint64(m.ConfigScope)) + if len(m.ExportTo) > 0 { + for _, s := range m.ExportTo { + l = len(s) + n += 1 + l + sovDestinationRule(uint64(l)) + } } return n } @@ -2404,10 +2417,10 @@ func (m *DestinationRule) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 4: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ConfigScope", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ExportTo", wireType) } - m.ConfigScope = 0 + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowDestinationRule @@ -2417,11 +2430,21 @@ func (m *DestinationRule) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.ConfigScope |= (ConfigScope(b) & 0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthDestinationRule + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ExportTo = append(m.ExportTo, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipDestinationRule(dAtA[iNdEx:]) @@ -4504,94 +4527,93 @@ func init() { } var fileDescriptorDestinationRule = []byte{ - // 1418 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0xcd, 0x6e, 0x1b, 0xb7, - 0x16, 0xb6, 0x7e, 0x63, 0x1f, 0xd9, 0xb2, 0xcc, 0x6b, 0xe4, 0x2a, 0xba, 0x80, 0xe3, 0x08, 0x17, - 0x37, 0xbe, 0x69, 0x33, 0xaa, 0x1d, 0x14, 0x48, 0x13, 0xa4, 0x88, 0x65, 0x1b, 0x91, 0x1b, 0xd9, - 0x12, 0x28, 0x19, 0x28, 0xb2, 0x19, 0x50, 0x23, 0x5a, 0x62, 0x3c, 0x1a, 0x4e, 0x49, 0x8e, 0x6a, - 0xe7, 0x19, 0xba, 0x0e, 0xba, 0xed, 0xa6, 0xcf, 0x52, 0x74, 0xd5, 0x6d, 0xbb, 0x69, 0x91, 0x17, - 0xe8, 0xaa, 0x9b, 0x2e, 0x8a, 0x82, 0x1c, 0xea, 0xc7, 0x89, 0x23, 0xc7, 0x48, 0xb3, 0x23, 0x79, - 0xbe, 0xef, 0x90, 0x3c, 0xe7, 0x9b, 0x73, 0x38, 0x70, 0x27, 0xa0, 0xea, 0x6b, 0x2e, 0x4e, 0x58, - 0xd0, 0xab, 0x0c, 0x37, 0x89, 0x1f, 0xf6, 0xc9, 0xbd, 0x4a, 0x97, 0x4a, 0xc5, 0x02, 0xa2, 0x18, - 0x0f, 0x5c, 0x11, 0xf9, 0xd4, 0x09, 0x05, 0x57, 0x1c, 0xdd, 0x60, 0x52, 0x31, 0xee, 0x4c, 0x18, - 0xce, 0x88, 0x51, 0x5a, 0xeb, 0x71, 0xde, 0xf3, 0x69, 0xc5, 0x00, 0x3b, 0xd1, 0x71, 0xa5, 0x1b, - 0x09, 0xc3, 0x8f, 0xa9, 0xa5, 0xff, 0x5f, 0xb4, 0xcd, 0x90, 0x09, 0x15, 0x11, 0xdf, 0x95, 0x54, - 0x0c, 0x99, 0x67, 0x77, 0x29, 0xdd, 0xba, 0x08, 0x2a, 0x59, 0x97, 0x7a, 0x44, 0x58, 0xc8, 0x6a, - 0x8f, 0xf7, 0xb8, 0x19, 0x56, 0xf4, 0x28, 0x5e, 0x2d, 0xff, 0x95, 0x80, 0xe5, 0xdd, 0xc9, 0xc9, - 0x71, 0xe4, 0x53, 0x84, 0x20, 0xdd, 0xe7, 0x52, 0x15, 0x13, 0xeb, 0x89, 0x8d, 0x05, 0x6c, 0xc6, - 0xa8, 0x01, 0x79, 0x25, 0xc8, 0xf1, 0x31, 0xf3, 0xdc, 0x90, 0xfb, 0xcc, 0x3b, 0x2b, 0x26, 0xd7, - 0x13, 0x1b, 0xb9, 0xad, 0x0d, 0xe7, 0xad, 0xf7, 0x73, 0xda, 0x31, 0xa1, 0x69, 0xf0, 0x78, 0x49, - 0x4d, 0x4f, 0xd1, 0x43, 0xb8, 0x26, 0xa3, 0x8e, 0xa4, 0x4a, 0x16, 0x53, 0xeb, 0xa9, 0x8d, 0xdc, - 0xd6, 0xad, 0x19, 0x9e, 0x5a, 0x06, 0x89, 0x47, 0x0c, 0xb4, 0x0f, 0x8b, 0x1e, 0x0f, 0x8e, 0x59, - 0xcf, 0x95, 0x1e, 0x0f, 0x69, 0x31, 0xbd, 0x9e, 0xd8, 0xc8, 0x6f, 0xfd, 0x6f, 0x86, 0x87, 0x1d, - 0x03, 0x6f, 0x69, 0x34, 0xce, 0x79, 0x93, 0x49, 0xf9, 0x97, 0x2c, 0x2c, 0x9d, 0x3b, 0x28, 0x6a, - 0xc3, 0x92, 0xcf, 0x49, 0xd7, 0xed, 0x10, 0x9f, 0x04, 0x1e, 0x15, 0x26, 0x0e, 0xb9, 0xad, 0xca, - 0x0c, 0xef, 0x75, 0x4e, 0xba, 0x55, 0x0b, 0x6f, 0x51, 0xa5, 0x58, 0xd0, 0x93, 0x78, 0xd1, 0x9f, - 0x5a, 0x45, 0xcf, 0x60, 0xd9, 0xe3, 0x41, 0x40, 0x3d, 0x23, 0x90, 0x90, 0x73, 0xdf, 0x46, 0x70, - 0x73, 0xf6, 0xa9, 0x2d, 0xa3, 0xc9, 0xb9, 0x3f, 0xf6, 0x9c, 0xf7, 0xce, 0xad, 0xa3, 0x2f, 0x61, - 0x85, 0x47, 0xca, 0x67, 0x54, 0xb8, 0x5d, 0xaa, 0x62, 0x43, 0x31, 0x65, 0xbc, 0x7f, 0x34, 0xc3, - 0x7b, 0x23, 0xe6, 0xec, 0x8e, 0x28, 0xb8, 0xc0, 0x5f, 0x5b, 0x41, 0xf7, 0x21, 0xa5, 0x7c, 0x69, - 0xe2, 0x9b, 0x9b, 0x19, 0xdf, 0x76, 0xbd, 0x35, 0x3e, 0x9e, 0xa6, 0xa0, 0xe7, 0xf0, 0xaf, 0x90, - 0x0b, 0xe5, 0xfa, 0x74, 0x48, 0xb5, 0x5a, 0x63, 0x5b, 0x31, 0x63, 0x72, 0xfd, 0xe0, 0x5d, 0x55, - 0xe3, 0x34, 0xb9, 0x50, 0xe7, 0x75, 0xb4, 0xa2, 0xdd, 0xd6, 0xb5, 0xd7, 0xd1, 0x86, 0xa5, 0x97, - 0x29, 0x58, 0x79, 0x03, 0x88, 0x1e, 0x42, 0x5a, 0x43, 0x6d, 0xfa, 0x6e, 0xcf, 0xd8, 0x52, 0x73, - 0x5b, 0xd4, 0xa7, 0x9e, 0xe2, 0x02, 0x1b, 0xd2, 0x9b, 0x22, 0x48, 0x7e, 0x20, 0x11, 0xa4, 0x3e, - 0xa8, 0x08, 0xd2, 0xff, 0xa0, 0x08, 0x32, 0x57, 0x16, 0x41, 0xf9, 0xf7, 0x04, 0x64, 0xe3, 0x6f, - 0x57, 0x17, 0x95, 0x80, 0x0c, 0xe8, 0xa8, 0xa8, 0xe8, 0x31, 0xda, 0x83, 0xac, 0x4f, 0x3a, 0xd4, - 0x97, 0xc5, 0xa4, 0x91, 0xc5, 0xdd, 0x4b, 0x4b, 0x80, 0x53, 0x37, 0xf8, 0xbd, 0x40, 0x89, 0x33, - 0x6c, 0xc9, 0x17, 0xd4, 0xa6, 0xd4, 0x7b, 0xd5, 0xa6, 0xd2, 0x67, 0x90, 0x9b, 0xda, 0x07, 0x15, - 0x20, 0x75, 0x42, 0xcf, 0xec, 0xc9, 0xf5, 0x10, 0xad, 0x42, 0x66, 0x48, 0xfc, 0x88, 0x1a, 0x55, - 0x2c, 0xe0, 0x78, 0xf2, 0x20, 0x79, 0x3f, 0x51, 0xfe, 0x3e, 0x03, 0xab, 0x17, 0x09, 0x01, 0x61, - 0xc8, 0x4a, 0x36, 0x08, 0xfd, 0x38, 0x02, 0xf9, 0xad, 0xfb, 0x57, 0x54, 0x92, 0xd3, 0x32, 0xec, - 0x7a, 0xb5, 0x36, 0x87, 0xad, 0x27, 0x74, 0x62, 0xe4, 0x24, 0x99, 0x54, 0x34, 0x50, 0x6e, 0x9f, - 0xc8, 0xbe, 0x95, 0xe9, 0xe3, 0xab, 0x3a, 0xdf, 0x19, 0xbb, 0xa9, 0x11, 0xd9, 0x37, 0x9b, 0xe4, - 0xbd, 0x73, 0x6b, 0xa5, 0x3f, 0x92, 0x50, 0x78, 0x1d, 0x86, 0xee, 0x40, 0xa1, 0xaf, 0x54, 0xe8, - 0xf6, 0x29, 0xe9, 0x52, 0xe1, 0x4e, 0x32, 0xac, 0x1d, 0x68, 0x4b, 0xcd, 0x18, 0x0e, 0x75, 0xb6, - 0x03, 0xc8, 0x19, 0xac, 0xc7, 0xf9, 0x09, 0xa3, 0xf6, 0xa4, 0x4f, 0xdf, 0xf7, 0xa4, 0x4e, 0xad, - 0xdd, 0x6e, 0xee, 0x18, 0x97, 0xb5, 0x39, 0x0c, 0x7a, 0x87, 0x78, 0x86, 0xfe, 0x0b, 0x4b, 0x91, - 0xa4, 0xae, 0xe4, 0x91, 0xf0, 0xa8, 0xcb, 0x42, 0xa3, 0x8a, 0xf9, 0xda, 0x1c, 0xce, 0x45, 0x92, - 0xb6, 0xcc, 0xea, 0x7e, 0x88, 0xee, 0xc0, 0xca, 0x80, 0x05, 0x6c, 0x10, 0x0d, 0x5c, 0xc1, 0x82, - 0x9e, 0x2b, 0xd9, 0x8b, 0xb8, 0x9f, 0xa4, 0xf1, 0xb2, 0x35, 0x60, 0x16, 0xf4, 0x5a, 0xec, 0x05, - 0x2d, 0xf5, 0x00, 0x26, 0xbb, 0x5d, 0xa8, 0x68, 0x04, 0xe9, 0x90, 0xa8, 0xbe, 0xd5, 0x85, 0x19, - 0xa3, 0x4d, 0x48, 0x29, 0x35, 0xfa, 0xd0, 0x6f, 0x38, 0x71, 0xd3, 0x77, 0x46, 0x4d, 0xdf, 0xd9, - 0xb5, 0x4d, 0xbf, 0x9a, 0xfe, 0xf6, 0xd7, 0x9b, 0x09, 0xac, 0xb1, 0x55, 0x80, 0x79, 0x9d, 0x4d, - 0xf7, 0x84, 0x9e, 0x95, 0x6b, 0x30, 0x3f, 0x4a, 0x3d, 0x5a, 0x86, 0x1c, 0x6e, 0x1c, 0x1d, 0xee, - 0xba, 0xb8, 0x51, 0xdd, 0x3f, 0x2c, 0xcc, 0xa1, 0x3c, 0x40, 0x7d, 0x6f, 0xbb, 0xd5, 0x76, 0x77, - 0x1a, 0x87, 0x87, 0x85, 0x04, 0x02, 0xc8, 0xe2, 0xed, 0xc3, 0xdd, 0xc6, 0x41, 0x21, 0xa9, 0xc1, - 0xcd, 0xed, 0x56, 0xab, 0x5d, 0xc3, 0x8d, 0xa3, 0x27, 0xb5, 0x42, 0xaa, 0x9a, 0x83, 0x05, 0xbf, - 0x63, 0x3f, 0x91, 0xf2, 0xcb, 0x2c, 0x5c, 0xbf, 0xb8, 0xb2, 0xa0, 0x06, 0xa4, 0x94, 0x17, 0xda, - 0xba, 0xf9, 0xe8, 0xca, 0x95, 0xc9, 0x69, 0xef, 0x34, 0xa7, 0xca, 0x80, 0x17, 0x22, 0x0c, 0x69, - 0x9d, 0x17, 0x9b, 0xf2, 0xcf, 0xaf, 0xee, 0x51, 0x47, 0x7d, 0xec, 0xd2, 0xf8, 0x2a, 0xfd, 0x99, - 0x84, 0xdc, 0xd4, 0x46, 0xe8, 0x36, 0x2c, 0x0f, 0xc8, 0xa9, 0x3b, 0x29, 0x8a, 0xd2, 0x5c, 0x20, - 0x83, 0xf3, 0x03, 0x72, 0x3a, 0x71, 0x2b, 0x51, 0x75, 0x5c, 0x83, 0x5d, 0xc5, 0x06, 0x94, 0x47, - 0xca, 0x9e, 0xeb, 0xed, 0xa9, 0x19, 0xd7, 0xda, 0x76, 0x4c, 0x40, 0x1c, 0x96, 0x94, 0x17, 0xba, - 0x27, 0x94, 0x86, 0xc4, 0x67, 0x43, 0x6a, 0x93, 0xfb, 0xc5, 0x7b, 0xc5, 0xca, 0x69, 0x7b, 0xe1, - 0xd3, 0x91, 0x47, 0xbc, 0xa8, 0xa6, 0x66, 0xa5, 0x6f, 0x12, 0xb0, 0x38, 0x6d, 0x46, 0xd7, 0x21, - 0x1b, 0x0a, 0xde, 0xa1, 0xf1, 0x2d, 0x97, 0xb0, 0x9d, 0xa1, 0xbb, 0x90, 0xd6, 0xb7, 0xba, 0xfc, - 0x4a, 0x06, 0x86, 0x3e, 0x85, 0x79, 0x16, 0x28, 0x2a, 0x86, 0xe4, 0x72, 0x81, 0xe2, 0x31, 0xb4, - 0xf4, 0x73, 0x02, 0x16, 0xa7, 0x73, 0x82, 0x1e, 0x42, 0x49, 0x67, 0x65, 0xd3, 0xd5, 0x39, 0x08, - 0x69, 0xd0, 0xd5, 0x9f, 0x92, 0xa0, 0x5f, 0x45, 0x54, 0xaa, 0x51, 0x22, 0xfe, 0x6d, 0x10, 0x07, - 0xe4, 0xb4, 0x19, 0xdb, 0xb1, 0x35, 0xa3, 0x8f, 0x01, 0x69, 0xd3, 0x96, 0x21, 0x8f, 0x49, 0x49, - 0x43, 0x32, 0xe5, 0x65, 0xeb, 0x80, 0x9c, 0x8e, 0xd1, 0x8f, 0xe0, 0x3f, 0xd3, 0x38, 0x37, 0xa4, - 0x62, 0x2a, 0xeb, 0xe6, 0x16, 0x19, 0x5c, 0x1c, 0x4c, 0x18, 0x4d, 0x2a, 0x26, 0xc1, 0x47, 0x37, - 0x21, 0x17, 0xd3, 0x95, 0x60, 0x34, 0x7e, 0xd9, 0x64, 0x30, 0x18, 0xb8, 0x59, 0x29, 0x7f, 0x97, - 0x84, 0xc2, 0xeb, 0x4d, 0x11, 0xdd, 0x05, 0xa4, 0xcb, 0x21, 0xf5, 0x22, 0xc5, 0x86, 0xd4, 0xa5, - 0x42, 0x70, 0x31, 0xba, 0xd7, 0xca, 0x94, 0x65, 0xcf, 0x18, 0xce, 0x85, 0x35, 0xf9, 0xce, 0x61, - 0x45, 0x4f, 0x00, 0x75, 0x88, 0xa4, 0x2e, 0x7d, 0x6e, 0x5f, 0x08, 0x26, 0x95, 0x97, 0xe6, 0xa5, - 0xa0, 0x49, 0x7b, 0x96, 0xa3, 0x25, 0x8a, 0x3e, 0x81, 0x55, 0x7d, 0xc9, 0xb1, 0x9f, 0x90, 0x0a, - 0x8f, 0x06, 0xca, 0xde, 0x16, 0x0d, 0xc8, 0xe9, 0x08, 0xde, 0x8c, 0x2d, 0x3a, 0x07, 0x03, 0x16, - 0xe8, 0x3a, 0xee, 0xab, 0xfe, 0x18, 0x9f, 0x89, 0x73, 0x30, 0x60, 0x41, 0xcd, 0x18, 0x2c, 0xba, - 0xfc, 0xa3, 0xfe, 0xf8, 0x26, 0xcd, 0x1e, 0x55, 0x21, 0x3d, 0xe0, 0xdd, 0x51, 0x6b, 0x73, 0xde, - 0xed, 0x89, 0xa0, 0xc7, 0x9a, 0x85, 0x0d, 0xd7, 0x84, 0xd8, 0x67, 0xba, 0x91, 0x79, 0x54, 0x28, - 0x76, 0xcc, 0x3c, 0xa2, 0x46, 0x0d, 0x76, 0x25, 0xb6, 0xec, 0x4c, 0x0c, 0x3a, 0x8f, 0xa1, 0x60, - 0x43, 0xa2, 0xa8, 0xae, 0x92, 0x26, 0x48, 0x0b, 0x18, 0xec, 0xd2, 0x53, 0x7a, 0xa6, 0x0b, 0x82, - 0x47, 0xa6, 0x7d, 0xc5, 0xc9, 0x5e, 0xc0, 0x79, 0x8f, 0x4c, 0x39, 0x92, 0xba, 0x03, 0xc8, 0xa8, - 0xa3, 0xe3, 0xe1, 0x12, 0x5f, 0x99, 0x1e, 0x16, 0xbf, 0x53, 0x17, 0xf0, 0xb2, 0x35, 0x6c, 0xfb, - 0x4a, 0xb7, 0x30, 0xa9, 0x9f, 0x02, 0x32, 0x60, 0xc5, 0x6c, 0xfc, 0x14, 0x90, 0x01, 0x2b, 0x3f, - 0x86, 0x6b, 0xf6, 0x1e, 0x28, 0x07, 0xd7, 0x76, 0xf7, 0x5b, 0xdb, 0xd5, 0xfa, 0x5e, 0x61, 0x4e, - 0x57, 0xe2, 0xd6, 0xfe, 0x41, 0xb3, 0xbe, 0x17, 0x57, 0xe5, 0x83, 0xa3, 0xf6, 0xd1, 0x76, 0xbd, - 0x90, 0x44, 0x05, 0x58, 0xdc, 0x6f, 0xb5, 0xf7, 0x1b, 0xae, 0x5d, 0x49, 0x55, 0x9d, 0x1f, 0x5e, - 0xad, 0x25, 0x7e, 0x7a, 0xb5, 0x96, 0xf8, 0xed, 0xd5, 0x5a, 0xe2, 0xd9, 0x7a, 0x1c, 0x3b, 0xc6, - 0x2b, 0x24, 0x64, 0x95, 0x0b, 0x7e, 0xeb, 0x3a, 0x59, 0xa3, 0x80, 0x7b, 0x7f, 0x07, 0x00, 0x00, - 0xff, 0xff, 0x4e, 0xda, 0x16, 0xb0, 0x86, 0x0e, 0x00, 0x00, + // 1396 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x57, 0xcf, 0x6e, 0x1b, 0xb7, + 0x13, 0xb6, 0xfe, 0xc6, 0x1a, 0xd9, 0xb2, 0xcc, 0x9f, 0x91, 0x9f, 0xa2, 0x00, 0x8e, 0x2b, 0x14, + 0x8d, 0x9b, 0x36, 0xab, 0xda, 0x41, 0x81, 0x34, 0x41, 0x8a, 0x58, 0xb6, 0x10, 0xb9, 0x91, 0x2d, + 0x81, 0x92, 0x81, 0x22, 0x97, 0x05, 0xb5, 0xa2, 0x25, 0xc6, 0xab, 0xe5, 0x76, 0xc9, 0x55, 0xed, + 0x3c, 0x43, 0xcf, 0x41, 0xaf, 0xbd, 0xf4, 0x59, 0x8a, 0x9e, 0x72, 0x6d, 0x2f, 0x2d, 0xf2, 0x02, + 0x3d, 0xf5, 0xd2, 0x53, 0x41, 0x2e, 0x57, 0x92, 0x13, 0xc7, 0x8e, 0xe1, 0xe6, 0xc6, 0xe5, 0xcc, + 0xf7, 0x91, 0x9c, 0x6f, 0x38, 0xc3, 0x85, 0x3b, 0x1e, 0x95, 0xdf, 0xf3, 0xe0, 0x88, 0x79, 0x83, + 0xea, 0x78, 0x83, 0xb8, 0xfe, 0x90, 0xdc, 0xab, 0xf6, 0xa9, 0x90, 0xcc, 0x23, 0x92, 0x71, 0xcf, + 0x0e, 0x42, 0x97, 0x5a, 0x7e, 0xc0, 0x25, 0x47, 0x37, 0x98, 0x90, 0x8c, 0x5b, 0x53, 0x84, 0x15, + 0x23, 0xca, 0xab, 0x03, 0xce, 0x07, 0x2e, 0xad, 0x6a, 0xc7, 0x5e, 0x78, 0x58, 0xed, 0x87, 0x81, + 0xc6, 0x47, 0xd0, 0xf2, 0xa7, 0x67, 0x2d, 0x33, 0x66, 0x81, 0x0c, 0x89, 0x6b, 0x0b, 0x1a, 0x8c, + 0x99, 0x63, 0x56, 0x29, 0xaf, 0x0c, 0xf8, 0x80, 0xeb, 0x61, 0x55, 0x8d, 0xa2, 0xd9, 0xca, 0xab, + 0x04, 0x2c, 0xed, 0x4c, 0xb7, 0x85, 0x43, 0x97, 0x22, 0x04, 0xe9, 0x21, 0x17, 0xb2, 0x94, 0x58, + 0x4b, 0xac, 0xe7, 0xb0, 0x1e, 0xa3, 0x16, 0x14, 0x64, 0x40, 0x0e, 0x0f, 0x99, 0x63, 0xfb, 0xdc, + 0x65, 0xce, 0x49, 0x29, 0xb9, 0x96, 0x58, 0xcf, 0x6f, 0xae, 0x5b, 0xef, 0xdc, 0xbc, 0xd5, 0x8d, + 0x00, 0x6d, 0xed, 0x8f, 0x17, 0xe5, 0xec, 0x27, 0x7a, 0x08, 0xd7, 0x44, 0xd8, 0x13, 0x54, 0x8a, + 0x52, 0x6a, 0x2d, 0xb5, 0x9e, 0xdf, 0xfc, 0xe8, 0x1c, 0xa6, 0x8e, 0xf6, 0xc4, 0x31, 0x02, 0xdd, + 0x84, 0x1c, 0x3d, 0xf6, 0x79, 0x20, 0x6d, 0xc9, 0x4b, 0xe9, 0xb5, 0xd4, 0x7a, 0x0e, 0xcf, 0x47, + 0x13, 0x5d, 0x5e, 0xf9, 0x3d, 0x0b, 0x8b, 0xa7, 0x96, 0x46, 0x5d, 0x58, 0x74, 0x39, 0xe9, 0xdb, + 0x3d, 0xe2, 0x12, 0xcf, 0xa1, 0x81, 0x3e, 0x59, 0x7e, 0xb3, 0x7a, 0xce, 0x8a, 0x4d, 0x4e, 0xfa, + 0x35, 0xe3, 0xde, 0xa1, 0x52, 0x32, 0x6f, 0x20, 0xf0, 0x82, 0x3b, 0x33, 0x8b, 0x9e, 0xc1, 0x92, + 0xc3, 0x3d, 0x8f, 0x3a, 0x5a, 0x4f, 0x9f, 0x73, 0xd7, 0xc4, 0x64, 0xe3, 0x1c, 0xde, 0xed, 0x09, + 0xa2, 0xcd, 0xb9, 0x3b, 0x61, 0x2e, 0x38, 0xa7, 0xe6, 0xd1, 0xb7, 0xb0, 0xcc, 0x43, 0xe9, 0x32, + 0x1a, 0xd8, 0x7d, 0x2a, 0x23, 0x43, 0x29, 0xa5, 0xd9, 0x3f, 0x3b, 0x87, 0xbd, 0x15, 0x61, 0x76, + 0x62, 0x08, 0x2e, 0xf2, 0x37, 0x66, 0xd0, 0x7d, 0x48, 0x49, 0x57, 0x94, 0xd2, 0x9a, 0xeb, 0x93, + 0xf3, 0xd4, 0x6b, 0x76, 0x26, 0xdb, 0x53, 0x10, 0xf4, 0x1c, 0xfe, 0xa7, 0x43, 0xee, 0xd2, 0x31, + 0x55, 0xc9, 0x15, 0xd9, 0x4a, 0x19, 0xad, 0xde, 0x83, 0xf7, 0xcd, 0x03, 0xab, 0xad, 0x54, 0x3a, + 0x95, 0x19, 0xcb, 0x8a, 0xb6, 0xa9, 0x58, 0xe3, 0x05, 0xcb, 0x2f, 0x53, 0xb0, 0xfc, 0x96, 0x23, + 0x7a, 0x08, 0x69, 0xe5, 0x6a, 0xe4, 0xbb, 0x7d, 0xce, 0x92, 0x0a, 0xdb, 0xa1, 0x2e, 0x75, 0x24, + 0x0f, 0xb0, 0x06, 0xbd, 0x9d, 0x04, 0xc9, 0x0f, 0x94, 0x04, 0xa9, 0x0f, 0x9a, 0x04, 0xe9, 0xff, + 0x30, 0x09, 0x32, 0x97, 0x4e, 0x82, 0xca, 0x5f, 0x09, 0xc8, 0x46, 0xb7, 0x51, 0x95, 0x09, 0x8f, + 0x8c, 0x68, 0x5c, 0x26, 0xd4, 0x18, 0xd5, 0x21, 0xeb, 0x92, 0x1e, 0x75, 0x45, 0x29, 0xa9, 0xd3, + 0xe2, 0xee, 0x85, 0x97, 0xda, 0x6a, 0x6a, 0xff, 0xba, 0x27, 0x83, 0x13, 0x6c, 0xc0, 0x67, 0x54, + 0x9b, 0xd4, 0x95, 0xaa, 0x4d, 0xf9, 0x2b, 0xc8, 0xcf, 0xac, 0x83, 0x8a, 0x90, 0x3a, 0xa2, 0x27, + 0x66, 0xe7, 0x6a, 0x88, 0x56, 0x20, 0x33, 0x26, 0x6e, 0x48, 0x75, 0x56, 0xe4, 0x70, 0xf4, 0xf1, + 0x20, 0x79, 0x3f, 0x51, 0xf9, 0x39, 0x03, 0x2b, 0x67, 0x25, 0x02, 0xc2, 0x90, 0x15, 0x6c, 0xe4, + 0xbb, 0x51, 0x04, 0x0a, 0x9b, 0xf7, 0x2f, 0x99, 0x49, 0x56, 0x47, 0xa3, 0x9b, 0xb5, 0xc6, 0x1c, + 0x36, 0x4c, 0xe8, 0x48, 0xa7, 0x93, 0x60, 0x42, 0x52, 0x4f, 0xda, 0x43, 0x22, 0x86, 0x26, 0x4d, + 0x1f, 0x5f, 0x96, 0x7c, 0x7b, 0x42, 0xd3, 0x20, 0x62, 0xa8, 0x17, 0x29, 0x38, 0xa7, 0xe6, 0xca, + 0x7f, 0x27, 0xa1, 0xf8, 0xa6, 0x1b, 0xba, 0x03, 0xc5, 0xa1, 0x94, 0xbe, 0x3d, 0xa4, 0xa4, 0x4f, + 0x03, 0x7b, 0xaa, 0xb0, 0x22, 0x50, 0x96, 0x86, 0x36, 0xec, 0x2b, 0xb5, 0x3d, 0xc8, 0x6b, 0x5f, + 0x87, 0xf3, 0x23, 0x46, 0xcd, 0x4e, 0x9f, 0x5e, 0x75, 0xa7, 0x56, 0xa3, 0xdb, 0x6d, 0x6f, 0x6b, + 0xca, 0xc6, 0x1c, 0x06, 0xb5, 0x42, 0xf4, 0x85, 0x3e, 0x86, 0xc5, 0x50, 0x50, 0x5b, 0xf0, 0x30, + 0x70, 0xa8, 0xcd, 0x7c, 0x9d, 0x15, 0xf3, 0x8d, 0x39, 0x9c, 0x0f, 0x05, 0xed, 0xe8, 0xd9, 0x5d, + 0x1f, 0xdd, 0x81, 0xe5, 0x11, 0xf3, 0xd8, 0x28, 0x1c, 0xd9, 0x01, 0xf3, 0x06, 0xb6, 0x60, 0x2f, + 0xa8, 0xbe, 0x36, 0x69, 0xbc, 0x64, 0x0c, 0x98, 0x79, 0x83, 0x0e, 0x7b, 0x41, 0xcb, 0x03, 0x80, + 0xe9, 0x6a, 0x67, 0x66, 0x34, 0x82, 0xb4, 0x4f, 0xe4, 0xd0, 0xe4, 0x85, 0x1e, 0xa3, 0x0d, 0x48, + 0x49, 0x19, 0x5f, 0xf4, 0x1b, 0x56, 0xd4, 0xa3, 0xad, 0xb8, 0x47, 0x5b, 0x3b, 0xa6, 0x47, 0xd7, + 0xd2, 0x3f, 0xfe, 0x71, 0x2b, 0x81, 0x95, 0x6f, 0x0d, 0x60, 0x5e, 0xa9, 0x69, 0x1f, 0xd1, 0x93, + 0x4a, 0x03, 0xe6, 0x63, 0xe9, 0xd1, 0x12, 0xe4, 0x71, 0xeb, 0x60, 0x7f, 0xc7, 0xc6, 0xad, 0xda, + 0xee, 0x7e, 0x71, 0x0e, 0x15, 0x00, 0x9a, 0xf5, 0xad, 0x4e, 0xd7, 0xde, 0x6e, 0xed, 0xef, 0x17, + 0x13, 0x08, 0x20, 0x8b, 0xb7, 0xf6, 0x77, 0x5a, 0x7b, 0xc5, 0xa4, 0x72, 0x6e, 0x6f, 0x75, 0x3a, + 0xdd, 0x06, 0x6e, 0x1d, 0x3c, 0x69, 0x14, 0x53, 0xb5, 0x3c, 0xe4, 0xdc, 0x9e, 0xb9, 0x22, 0x95, + 0x97, 0x59, 0xb8, 0x7e, 0x76, 0x65, 0x41, 0x2d, 0x48, 0x49, 0xc7, 0x37, 0x75, 0xf3, 0xd1, 0xa5, + 0x2b, 0x93, 0xd5, 0xdd, 0x6e, 0xcf, 0x94, 0x01, 0xc7, 0x47, 0x18, 0xd2, 0x4a, 0x17, 0x23, 0xf9, + 0xd7, 0x97, 0x67, 0x54, 0x51, 0x9f, 0x50, 0x6a, 0xae, 0xf2, 0x3f, 0x49, 0xc8, 0xcf, 0x2c, 0x84, + 0x6e, 0xc3, 0xd2, 0x88, 0x1c, 0xdb, 0xd3, 0xa2, 0x28, 0xf4, 0x01, 0x32, 0xb8, 0x30, 0x22, 0xc7, + 0x53, 0x5a, 0x81, 0x6a, 0x93, 0x1a, 0x6c, 0x4b, 0x36, 0xa2, 0x3c, 0x94, 0x66, 0x5f, 0xef, 0x96, + 0x66, 0x52, 0x6b, 0xbb, 0x11, 0x00, 0x71, 0x58, 0x94, 0x8e, 0x6f, 0x1f, 0x51, 0xea, 0x13, 0x97, + 0x8d, 0xa9, 0x11, 0xf7, 0x9b, 0x2b, 0xc5, 0xca, 0xea, 0x3a, 0xfe, 0xd3, 0x98, 0x11, 0x2f, 0xc8, + 0x99, 0xaf, 0xf2, 0x0f, 0x09, 0x58, 0x98, 0x35, 0xa3, 0xeb, 0x90, 0xf5, 0x03, 0xde, 0xa3, 0xd1, + 0x29, 0x17, 0xb1, 0xf9, 0x42, 0x77, 0x21, 0xad, 0x4e, 0x75, 0xf1, 0x91, 0xb4, 0x1b, 0xfa, 0x12, + 0xe6, 0x99, 0x27, 0x69, 0x30, 0x26, 0x17, 0x27, 0x28, 0x9e, 0xb8, 0x96, 0x7f, 0x4b, 0xc0, 0xc2, + 0xac, 0x26, 0xe8, 0x21, 0x94, 0x95, 0x2a, 0x1b, 0xb6, 0xd2, 0xc0, 0xa7, 0x5e, 0x5f, 0x5d, 0xa5, + 0x80, 0x7e, 0x17, 0x52, 0x21, 0x63, 0x21, 0xfe, 0xaf, 0x3d, 0xf6, 0xc8, 0x71, 0x3b, 0xb2, 0x63, + 0x63, 0x46, 0x9f, 0x03, 0x52, 0xa6, 0x4d, 0x0d, 0x9e, 0x80, 0x92, 0x1a, 0xa4, 0xcb, 0xcb, 0xe6, + 0x1e, 0x39, 0x9e, 0x78, 0x3f, 0x82, 0x9b, 0xb3, 0x7e, 0xb6, 0x4f, 0x83, 0x19, 0xd5, 0xf5, 0x29, + 0x32, 0xb8, 0x34, 0x9a, 0x22, 0xda, 0x34, 0x98, 0x06, 0x1f, 0xdd, 0x82, 0x7c, 0x04, 0x97, 0x01, + 0xa3, 0xd1, 0xcb, 0x26, 0x83, 0x41, 0xbb, 0xeb, 0x99, 0xca, 0x4f, 0x49, 0x28, 0xbe, 0xd9, 0x14, + 0xd1, 0x5d, 0x40, 0xaa, 0x1c, 0x52, 0x27, 0x94, 0x6c, 0x4c, 0x6d, 0x1a, 0x04, 0x3c, 0x88, 0xcf, + 0xb5, 0x3c, 0x63, 0xa9, 0x6b, 0xc3, 0xa9, 0xb0, 0x26, 0xdf, 0x3b, 0xac, 0xe8, 0x09, 0xa0, 0x1e, + 0x11, 0xd4, 0xa6, 0xcf, 0xcd, 0x0b, 0x41, 0x4b, 0x79, 0xa1, 0x2e, 0x45, 0x05, 0xaa, 0x1b, 0x8c, + 0x4a, 0x51, 0xf4, 0x05, 0xac, 0xa8, 0x43, 0x4e, 0x78, 0x7c, 0x1a, 0x38, 0xd4, 0x93, 0xe6, 0xb4, + 0x68, 0x44, 0x8e, 0x63, 0xf7, 0x76, 0x64, 0x51, 0x1a, 0x8c, 0x98, 0xa7, 0xea, 0xb8, 0x2b, 0x87, + 0x13, 0xff, 0x4c, 0xa4, 0xc1, 0x88, 0x79, 0x0d, 0x6d, 0x30, 0xde, 0x95, 0x5f, 0xd5, 0xe5, 0x9b, + 0x36, 0x7b, 0x54, 0x83, 0xf4, 0x88, 0xf7, 0xe3, 0xd6, 0x66, 0xbd, 0xdf, 0x13, 0x41, 0x8d, 0x15, + 0x0a, 0x6b, 0xac, 0x0e, 0xb1, 0xcb, 0x54, 0x23, 0x73, 0x68, 0x20, 0xd9, 0x21, 0x73, 0x88, 0x8c, + 0x1b, 0xec, 0x72, 0x64, 0xd9, 0x9e, 0x1a, 0x94, 0x8e, 0x7e, 0xc0, 0xc6, 0x44, 0x52, 0x55, 0x25, + 0x75, 0x90, 0x72, 0x18, 0xcc, 0xd4, 0x53, 0x7a, 0xa2, 0x0a, 0x82, 0x43, 0x66, 0xb9, 0x22, 0xb1, + 0x73, 0xb8, 0xe0, 0x90, 0x19, 0x22, 0xa1, 0x3a, 0x80, 0x08, 0x7b, 0x2a, 0x1e, 0x36, 0x71, 0xa5, + 0xee, 0x61, 0xd1, 0x3b, 0x35, 0x87, 0x97, 0x8c, 0x61, 0xcb, 0x95, 0xaa, 0x85, 0x09, 0xf5, 0x14, + 0x10, 0x1e, 0x2b, 0x65, 0xa3, 0xa7, 0x80, 0xf0, 0x58, 0xe5, 0x31, 0x5c, 0x33, 0xe7, 0x40, 0x79, + 0xb8, 0xb6, 0xb3, 0xdb, 0xd9, 0xaa, 0x35, 0xeb, 0xc5, 0x39, 0x55, 0x89, 0x3b, 0xbb, 0x7b, 0xed, + 0x66, 0x3d, 0xaa, 0xca, 0x7b, 0x07, 0xdd, 0x83, 0xad, 0x66, 0x31, 0x89, 0x8a, 0xb0, 0xb0, 0xdb, + 0xe9, 0xee, 0xb6, 0x6c, 0x33, 0x93, 0xaa, 0x59, 0xbf, 0xbc, 0x5e, 0x4d, 0xbc, 0x7a, 0xbd, 0x9a, + 0xf8, 0xf3, 0xf5, 0x6a, 0xe2, 0xd9, 0x5a, 0x14, 0x3b, 0xc6, 0xab, 0xc4, 0x67, 0xd5, 0x33, 0x7e, + 0xd8, 0x7a, 0x59, 0x9d, 0x01, 0xf7, 0xfe, 0x0d, 0x00, 0x00, 0xff, 0xff, 0xfd, 0x7d, 0x30, 0x94, + 0x35, 0x0e, 0x00, 0x00, } diff --git a/networking/v1alpha3/destination_rule.proto b/networking/v1alpha3/destination_rule.proto index 6d54f7a7cc..f622a2670e 100644 --- a/networking/v1alpha3/destination_rule.proto +++ b/networking/v1alpha3/destination_rule.proto @@ -15,7 +15,6 @@ syntax = "proto3"; import "google/protobuf/duration.proto"; import "networking/v1alpha3/virtual_service.proto"; -import "networking/v1alpha3/sidecar.proto"; import "gogoproto/gogo.proto"; package istio.networking.v1alpha3; @@ -119,11 +118,11 @@ message DestinationRule { // service. Traffic policies can be overridden at subset level. repeated Subset subsets = 3; - // The visibility setting associated with this DestinationRule. Set to - // PRIVATE if this destination rule should not be exported, i.e. restrict - // the applicability of this destination rule to only workloads in the same - // namespace as the destination rule. - ConfigScope config_scope = 4; + // $hide_from_docs + // The resolution of a DestinationRule to apply to a service occurs in the + // context of a hierarchy of namespaces. This rule controls whether those + // namespaces are allowed to select this rule. + repeated string export_to = 4; } // Traffic policies to apply for a specific destination, across all diff --git a/networking/v1alpha3/istio.networking.v1alpha3.pb.html b/networking/v1alpha3/istio.networking.v1alpha3.pb.html index 3076ae350c..d4b3616627 100644 --- a/networking/v1alpha3/istio.networking.v1alpha3.pb.html +++ b/networking/v1alpha3/istio.networking.v1alpha3.pb.html @@ -6,7 +6,7 @@ generator: protoc-gen-docs aliases: - /docs/reference/config/istio.routing.v1alpha1/ -number_of_entries: 61 +number_of_entries: 60 ---

Configuration affecting traffic routing. Here are a few terms useful to define in the context of traffic routing.

@@ -73,40 +73,6 @@

CaptureMode

to ensure that the listener port is not in use by other processes on the host.

- - - -
to string -

Destination region the traffic will fail over to when endpoints in local region becomes unhealthy.

+

Destination region the traffic will fail over to when endpoints in +the ‘from’ region becomes unhealthy.
localityLbSettingLocalityLoadBalancerSetting -

Locality based load balancing distribution or failover settings.

-
localityLbSettingLocalityLoadBalancerSetting +

Locality based load balancing distribution or failover settings.

+
-
-

ConfigScope

-
-

ConfigScope defines the visibility of an Istio configuration artifact in -a namespace when the namespace is imported. By default all -configuration artifacts are public. Configurations with private scope -will not be imported when the namespace containing the configuration is -imported in a Sidecar.

- - - - - - - - - - - - - - - - @@ -703,17 +669,6 @@

DestinationRule

One or more named sets that represent individual versions of a service. Traffic policies can be overridden at subset level.

- - - - - - @@ -3266,15 +3221,23 @@

ServiceEntry

The following example demonstrates the use of a dedicated egress gateway -through which all external service traffic is forwarded.

+through which all external service traffic is forwarded. +The ‘export_to’ field allows for control over the visibility of a service +declaration to other namespaces in the mesh. By default a service is exported +to all namespaces. The following example restricts the visibility to the +current namespace, represented by “.”, so that it cannot be used by other +namespaces.

apiVersion: networking.istio.io/v1alpha3
 kind: ServiceEntry
 metadata:
   name: external-svc-httpbin
+  namespace : egress
 spec:
   hosts:
   - httpbin.com
+  export_to:
+  - .
   location: MESH_EXTERNAL
   ports:
   - number: 80
@@ -3289,6 +3252,7 @@ 
ServiceEntry

 kind: Gateway
 metadata:
  name: istio-egressgateway
+ namespace: egress
 spec:
  selector:
    istio: egressgateway
@@ -3303,15 +3267,21 @@ 
ServiceEntry

 
 
And the associated VirtualService to route from the sidecar to the
 gateway service (istio-egressgateway.istio-system.svc.cluster.local), as
-well as route from the gateway to the external service.

+well as route from the gateway to the external service. Note that the
+virtual service is exported to all namespaces enabling them to route traffic
+through the gateway to the external service. Forcing traffic to go through
+a managed middle proxy like this is a common practice.

 
 
apiVersion: networking.istio.io/v1alpha3
 kind: VirtualService
 metadata:
   name: gateway-routing
+  namespace: egress
 spec:
   hosts:
   - httpbin.com
+  export_to:
+  - *
   gateways:
   - mesh
   - istio-egressgateway
@@ -3490,18 +3460,6 @@ 
ServiceEntry
- - - - - @@ -4567,17 +4525,6 @@

VirtualService

be applied to any port that is not a HTTP or TLS port. The first rule matching an incoming request is used.

- - - - - - diff --git a/networking/v1alpha3/service_entry.pb.go b/networking/v1alpha3/service_entry.pb.go index 47f0813a73..b1125abe5f 100644 --- a/networking/v1alpha3/service_entry.pb.go +++ b/networking/v1alpha3/service_entry.pb.go @@ -213,15 +213,23 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { // // The following example demonstrates the use of a dedicated egress gateway // through which all external service traffic is forwarded. +// The 'export_to' field allows for control over the visibility of a service +// declaration to other namespaces in the mesh. By default a service is exported +// to all namespaces. The following example restricts the visibility to the +// current namespace, represented by ".", so that it cannot be used by other +// namespaces. // // ```yaml // apiVersion: networking.istio.io/v1alpha3 // kind: ServiceEntry // metadata: // name: external-svc-httpbin +// namespace : egress // spec: // hosts: // - httpbin.com +// export_to: +// - . // location: MESH_EXTERNAL // ports: // - number: 80 @@ -237,6 +245,7 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { // kind: Gateway // metadata: // name: istio-egressgateway +// namespace: egress // spec: // selector: // istio: egressgateway @@ -251,16 +260,22 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { // // And the associated VirtualService to route from the sidecar to the // gateway service (istio-egressgateway.istio-system.svc.cluster.local), as -// well as route from the gateway to the external service. +// well as route from the gateway to the external service. Note that the +// virtual service is exported to all namespaces enabling them to route traffic +// through the gateway to the external service. Forcing traffic to go through +// a managed middle proxy like this is a common practice. // // ```yaml // apiVersion: networking.istio.io/v1alpha3 // kind: VirtualService // metadata: // name: gateway-routing +// namespace: egress // spec: // hosts: // - httpbin.com +// export_to: +// - * // gateways: // - mesh // - istio-egressgateway @@ -400,12 +415,24 @@ type ServiceEntry struct { Resolution ServiceEntry_Resolution `protobuf:"varint,5,opt,name=resolution,proto3,enum=istio.networking.v1alpha3.ServiceEntry_Resolution" json:"resolution,omitempty"` // One or more endpoints associated with the service. Endpoints []*ServiceEntry_Endpoint `protobuf:"bytes,6,rep,name=endpoints" json:"endpoints,omitempty"` - // The visibility setting associated with this service entry. Set to - // PRIVATE if this service should not be visible outside the namespace - // where the service entry was added. The default scope is public, - // i.e. the service added by the service entry will be visible to - // workloads in the entire mesh. - ConfigScope ConfigScope `protobuf:"varint,7,opt,name=config_scope,json=configScope,proto3,enum=istio.networking.v1alpha3.ConfigScope" json:"config_scope,omitempty"` + // $hide_from_docs + // A list of namespaces to which this service is exported. Exporting a service + // allows it to used by sidecars, gateways and virtual services defined in + // other namespaces. This feature provides a mechanism for service owners + // and mesh administrators to control the visibility of services across + // namespace boundaries. + // + // If no namespaces are specified then the service is exported to all + // namespaces by default. + // + // The value "." is reserved and defines an export to the same namespace that + // the service is declared in, similarly the value "*" is reserved and + // defines an export to all namespaces. + // + // For a Kubernetes Service the equivalent effect can be achieved by setting + // the annotation "networking.istio.io/export_to" to a comma-separated list + // of namespace names. + ExportTo []string `protobuf:"bytes,7,rep,name=export_to,json=exportTo" json:"export_to,omitempty"` } func (m *ServiceEntry) Reset() { *m = ServiceEntry{} } @@ -455,11 +482,11 @@ func (m *ServiceEntry) GetEndpoints() []*ServiceEntry_Endpoint { return nil } -func (m *ServiceEntry) GetConfigScope() ConfigScope { +func (m *ServiceEntry) GetExportTo() []string { if m != nil { - return m.ConfigScope + return m.ExportTo } - return ConfigScope_PUBLIC + return nil } // Endpoint defines a network address (IP or hostname) associated with @@ -642,10 +669,20 @@ func (m *ServiceEntry) MarshalTo(dAtA []byte) (int, error) { i += n } } - if m.ConfigScope != 0 { - dAtA[i] = 0x38 - i++ - i = encodeVarintServiceEntry(dAtA, i, uint64(m.ConfigScope)) + if len(m.ExportTo) > 0 { + for _, s := range m.ExportTo { + dAtA[i] = 0x3a + i++ + l = len(s) + for l >= 1<<7 { + dAtA[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + dAtA[i] = uint8(l) + i++ + i += copy(dAtA[i:], s) + } } return i, nil } @@ -766,8 +803,11 @@ func (m *ServiceEntry) Size() (n int) { n += 1 + l + sovServiceEntry(uint64(l)) } } - if m.ConfigScope != 0 { - n += 1 + sovServiceEntry(uint64(m.ConfigScope)) + if len(m.ExportTo) > 0 { + for _, s := range m.ExportTo { + l = len(s) + n += 1 + l + sovServiceEntry(uint64(l)) + } } return n } @@ -1010,10 +1050,10 @@ func (m *ServiceEntry) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 7: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ConfigScope", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ExportTo", wireType) } - m.ConfigScope = 0 + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowServiceEntry @@ -1023,11 +1063,21 @@ func (m *ServiceEntry) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.ConfigScope |= (ConfigScope(b) & 0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthServiceEntry + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ExportTo = append(m.ExportTo, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipServiceEntry(dAtA[iNdEx:]) @@ -1538,38 +1588,37 @@ var ( func init() { proto.RegisterFile("networking/v1alpha3/service_entry.proto", fileDescriptorServiceEntry) } var fileDescriptorServiceEntry = []byte{ - // 521 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x53, 0xcd, 0x6e, 0xd3, 0x4c, - 0x14, 0xed, 0xc4, 0x8d, 0x13, 0xdf, 0xb4, 0x9f, 0xf2, 0x8d, 0x10, 0x1a, 0x22, 0x14, 0x4c, 0x16, - 0x10, 0x09, 0xc9, 0x29, 0xa9, 0x90, 0xca, 0xcf, 0xa6, 0x14, 0x4b, 0x44, 0x0a, 0x06, 0x26, 0x59, - 0x20, 0x36, 0xd1, 0xd4, 0x19, 0x92, 0x51, 0x2d, 0x8f, 0xe5, 0x99, 0x26, 0xca, 0x5b, 0xf0, 0x18, - 0x3c, 0x0a, 0x4b, 0x1e, 0x01, 0xe5, 0x49, 0x50, 0xc6, 0x76, 0x9c, 0x45, 0x28, 0xed, 0xce, 0xe7, - 0xfa, 0x9c, 0x73, 0xcf, 0xcc, 0xbd, 0x03, 0x4f, 0x63, 0xae, 0x97, 0x32, 0xbd, 0x12, 0xf1, 0xac, - 0xb7, 0x78, 0xce, 0xa2, 0x64, 0xce, 0x4e, 0x7b, 0x8a, 0xa7, 0x0b, 0x11, 0xf2, 0x09, 0x8f, 0x75, - 0xba, 0xf2, 0x92, 0x54, 0x6a, 0x89, 0x1f, 0x08, 0xa5, 0x85, 0xf4, 0x4a, 0xba, 0x57, 0xd0, 0x5b, - 0x8f, 0xf7, 0x79, 0xcc, 0x98, 0xe6, 0x4b, 0x96, 0xab, 0xf7, 0x53, 0x94, 0x98, 0xf2, 0x90, 0xa5, - 0x19, 0xa5, 0xf3, 0xa3, 0x06, 0x47, 0xa3, 0xac, 0xb1, 0xbf, 0xe9, 0x8b, 0xef, 0x41, 0x75, 0x2e, - 0x95, 0x56, 0x04, 0xb9, 0x56, 0xd7, 0xa1, 0x19, 0xc0, 0x0f, 0xc1, 0x61, 0xd3, 0x69, 0xca, 0x95, - 0xe2, 0x8a, 0x54, 0xcc, 0x9f, 0xb2, 0x80, 0x5f, 0x40, 0x35, 0x91, 0xa9, 0x56, 0xc4, 0x72, 0xad, - 0x6e, 0xa3, 0xff, 0xc8, 0xfb, 0x6b, 0x6a, 0xef, 0x93, 0x4c, 0x35, 0xcd, 0xd8, 0x78, 0x08, 0xf5, - 0x48, 0x86, 0x4c, 0x0b, 0x19, 0x93, 0x43, 0x17, 0x75, 0xff, 0xeb, 0x9f, 0xdc, 0xa0, 0xdc, 0x4d, - 0xe9, 0x0d, 0x73, 0x1d, 0xdd, 0x3a, 0x60, 0x0a, 0x90, 0x72, 0x25, 0xa3, 0x6b, 0xe3, 0x57, 0x35, - 0x7e, 0xfd, 0xdb, 0xfa, 0xd1, 0xad, 0x92, 0xee, 0xb8, 0xe0, 0x00, 0x1c, 0x1e, 0x4f, 0x13, 0x29, - 0x62, 0xad, 0x88, 0x6d, 0x0e, 0x77, 0xeb, 0x88, 0x7e, 0x2e, 0xa4, 0xa5, 0x05, 0x1e, 0xc0, 0x51, - 0x28, 0xe3, 0x6f, 0x62, 0x36, 0x51, 0xa1, 0x4c, 0x38, 0xa9, 0x99, 0x94, 0x4f, 0x6e, 0xb0, 0xbc, - 0x30, 0xf4, 0xd1, 0x86, 0x4d, 0x1b, 0x61, 0x09, 0x5a, 0xdf, 0x2d, 0xa8, 0x17, 0x2d, 0x30, 0x81, - 0x5a, 0x3e, 0x0d, 0x82, 0x5c, 0xd4, 0x75, 0x68, 0x01, 0xf1, 0xe7, 0x62, 0x34, 0x15, 0x93, 0xfe, - 0xf5, 0x5d, 0xd3, 0x9b, 0x81, 0x29, 0x53, 0x2b, 0xc6, 0x36, 0x06, 0x3b, 0x62, 0x97, 0x3c, 0x2a, - 0xc6, 0xfd, 0xe6, 0xce, 0x9e, 0x43, 0x23, 0xcf, 0x4c, 0x73, 0xaf, 0xcd, 0x11, 0x72, 0x03, 0xb3, - 0x0b, 0x0e, 0x2d, 0x20, 0x6e, 0x65, 0x6b, 0x12, 0x09, 0xbd, 0x32, 0x63, 0x75, 0xe8, 0x16, 0xe3, - 0xfb, 0x60, 0x2f, 0xb9, 0x98, 0xcd, 0x35, 0xb1, 0x5d, 0xd4, 0x3d, 0xa6, 0x39, 0x6a, 0x9d, 0x01, - 0x94, 0xc1, 0x71, 0x13, 0xac, 0x2b, 0xbe, 0xca, 0xaf, 0x66, 0xf3, 0xb9, 0xd9, 0xf2, 0x05, 0x8b, - 0xae, 0x39, 0xa9, 0x18, 0x59, 0x06, 0x5e, 0x55, 0xce, 0x50, 0xeb, 0x25, 0x34, 0x76, 0xe2, 0xfd, - 0x4b, 0xea, 0xec, 0x48, 0x3b, 0x27, 0x50, 0x2f, 0xf6, 0x12, 0xff, 0x0f, 0xc7, 0x1f, 0xfc, 0xd1, - 0xfb, 0x89, 0xff, 0x65, 0xec, 0xd3, 0xe0, 0x7c, 0xd8, 0x3c, 0xd8, 0x96, 0x06, 0x41, 0x5e, 0x42, - 0x9d, 0x67, 0x00, 0xe5, 0xe6, 0xe1, 0x3a, 0x1c, 0x06, 0x1f, 0x03, 0xbf, 0x79, 0x80, 0x01, 0xec, - 0xd1, 0xf8, 0x7c, 0x3c, 0xb8, 0x68, 0x22, 0x5c, 0x03, 0xeb, 0x5d, 0x30, 0x6a, 0x56, 0xde, 0x7a, - 0x3f, 0xd7, 0x6d, 0xf4, 0x6b, 0xdd, 0x46, 0xbf, 0xd7, 0x6d, 0xf4, 0xd5, 0xcd, 0x2e, 0x5d, 0xc8, - 0x1e, 0x4b, 0x44, 0x6f, 0xcf, 0x43, 0xbf, 0xb4, 0xcd, 0x0b, 0x3f, 0xfd, 0x13, 0x00, 0x00, 0xff, - 0xff, 0x52, 0x1f, 0x71, 0x64, 0x6d, 0x04, 0x00, 0x00, + // 497 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x93, 0xdf, 0x6e, 0xd3, 0x30, + 0x14, 0xc6, 0xe7, 0x66, 0x4b, 0x93, 0x33, 0x86, 0x82, 0x85, 0x90, 0x09, 0xa8, 0x84, 0xde, 0x10, + 0x09, 0x29, 0x1d, 0x9d, 0x90, 0xc6, 0x9f, 0x9b, 0x01, 0x91, 0x98, 0x54, 0x02, 0xb8, 0xb9, 0x40, + 0xdc, 0x54, 0xd9, 0x6a, 0xb5, 0xd6, 0xa2, 0x38, 0x8a, 0xbd, 0x96, 0xbe, 0x05, 0x8f, 0xc5, 0x25, + 0x8f, 0x80, 0xfa, 0x18, 0x5c, 0xa1, 0x38, 0x49, 0xd3, 0x8b, 0x01, 0xdb, 0x5d, 0xce, 0x89, 0xbf, + 0x9f, 0x3e, 0x9f, 0xef, 0x18, 0x9e, 0x64, 0x4c, 0x2d, 0x45, 0x71, 0xc1, 0xb3, 0xd9, 0x60, 0xf1, + 0x2c, 0x49, 0xf3, 0x79, 0x72, 0x34, 0x90, 0xac, 0x58, 0xf0, 0x73, 0x36, 0x61, 0x99, 0x2a, 0x56, + 0x41, 0x5e, 0x08, 0x25, 0xf0, 0x7d, 0x2e, 0x15, 0x17, 0x41, 0x7b, 0x3c, 0x68, 0x8e, 0xbb, 0x8f, + 0xaf, 0x62, 0xcc, 0x12, 0xc5, 0x96, 0x49, 0xad, 0xee, 0xff, 0x36, 0xe1, 0xd6, 0xb8, 0xa2, 0x86, + 0x25, 0x14, 0xdf, 0x85, 0xbd, 0xb9, 0x90, 0x4a, 0x12, 0xe4, 0x19, 0xbe, 0x4d, 0xab, 0x02, 0x3f, + 0x04, 0x3b, 0x99, 0x4e, 0x0b, 0x26, 0x25, 0x93, 0xa4, 0xa3, 0xff, 0xb4, 0x0d, 0xfc, 0x1c, 0xf6, + 0x72, 0x51, 0x28, 0x49, 0x0c, 0xcf, 0xf0, 0xf7, 0x87, 0x8f, 0x82, 0xbf, 0x5a, 0x0a, 0x3e, 0x89, + 0x42, 0xd1, 0xea, 0x34, 0x1e, 0x81, 0x95, 0x8a, 0xf3, 0x44, 0x71, 0x91, 0x91, 0x5d, 0x0f, 0xf9, + 0xb7, 0x87, 0x87, 0xff, 0x50, 0x6e, 0xbb, 0x0c, 0x46, 0xb5, 0x8e, 0x6e, 0x08, 0x98, 0x02, 0x14, + 0x4c, 0x8a, 0xf4, 0x52, 0xf3, 0xf6, 0x34, 0x6f, 0x78, 0x5d, 0x1e, 0xdd, 0x28, 0xe9, 0x16, 0x05, + 0x47, 0x60, 0xb3, 0x6c, 0x9a, 0x0b, 0x9e, 0x29, 0x49, 0x4c, 0x7d, 0xb9, 0x6b, 0x5b, 0x0c, 0x6b, + 0x21, 0x6d, 0x11, 0xf8, 0x01, 0xd8, 0xec, 0x5b, 0x79, 0xf9, 0x89, 0x12, 0xa4, 0xab, 0xc7, 0x68, + 0x55, 0x8d, 0x58, 0xb8, 0xdf, 0x0d, 0xb0, 0x1a, 0x11, 0x26, 0xd0, 0xad, 0xe7, 0x4b, 0x90, 0x87, + 0x7c, 0x9b, 0x36, 0x25, 0xfe, 0xdc, 0x0c, 0xbb, 0xa3, 0xfd, 0xbc, 0xba, 0xa9, 0x1f, 0x1d, 0x81, + 0xd4, 0xbd, 0x26, 0x88, 0x18, 0xcc, 0x34, 0x39, 0x63, 0x69, 0x13, 0xe0, 0xeb, 0x1b, 0x33, 0x47, + 0x5a, 0x5e, 0x41, 0x6b, 0x56, 0x79, 0x85, 0x1a, 0xa0, 0xd3, 0xb5, 0x69, 0x53, 0x62, 0xb7, 0x0a, + 0x3e, 0xe5, 0x6a, 0xa5, 0x83, 0xb2, 0xe9, 0xa6, 0xc6, 0xf7, 0xc0, 0x5c, 0x32, 0x3e, 0x9b, 0x2b, + 0x62, 0x7a, 0xc8, 0x3f, 0xa0, 0x75, 0xe5, 0x1e, 0x03, 0xb4, 0xc6, 0xb1, 0x03, 0xc6, 0x05, 0x5b, + 0xd5, 0xa3, 0x29, 0x3f, 0xcb, 0xbd, 0x5d, 0x24, 0xe9, 0x25, 0x23, 0x1d, 0x2d, 0xab, 0x8a, 0x97, + 0x9d, 0x63, 0xe4, 0xbe, 0x80, 0xfd, 0x2d, 0x7b, 0xff, 0x93, 0xda, 0x5b, 0xd2, 0xfe, 0x21, 0x58, + 0xcd, 0xa6, 0xe1, 0x3b, 0x70, 0xf0, 0x21, 0x1c, 0xbf, 0x9f, 0x84, 0x5f, 0xe2, 0x90, 0x46, 0x27, + 0x23, 0x67, 0x67, 0xd3, 0x3a, 0x8d, 0xea, 0x16, 0xea, 0x3f, 0x05, 0x68, 0x77, 0x09, 0x5b, 0xb0, + 0x1b, 0x7d, 0x8c, 0x42, 0x67, 0x07, 0x03, 0x98, 0xe3, 0xf8, 0x24, 0x3e, 0x7d, 0xeb, 0x20, 0xdc, + 0x05, 0xe3, 0x5d, 0x34, 0x76, 0x3a, 0x6f, 0x82, 0x1f, 0xeb, 0x1e, 0xfa, 0xb9, 0xee, 0xa1, 0x5f, + 0xeb, 0x1e, 0xfa, 0xea, 0x55, 0x43, 0xe7, 0x62, 0x90, 0xe4, 0x7c, 0x70, 0xc5, 0xd3, 0x3d, 0x33, + 0xf5, 0x9b, 0x3d, 0xfa, 0x13, 0x00, 0x00, 0xff, 0xff, 0xbf, 0xab, 0x5c, 0x44, 0x1c, 0x04, 0x00, + 0x00, } diff --git a/networking/v1alpha3/service_entry.proto b/networking/v1alpha3/service_entry.proto index 7c200a59aa..63b9cb52fd 100644 --- a/networking/v1alpha3/service_entry.proto +++ b/networking/v1alpha3/service_entry.proto @@ -15,7 +15,6 @@ syntax = "proto3"; import "networking/v1alpha3/gateway.proto"; -import "networking/v1alpha3/sidecar.proto"; package istio.networking.v1alpha3; @@ -135,15 +134,23 @@ option go_package = "istio.io/api/networking/v1alpha3"; // // The following example demonstrates the use of a dedicated egress gateway // through which all external service traffic is forwarded. +// The 'export_to' field allows for control over the visibility of a service +// declaration to other namespaces in the mesh. By default a service is exported +// to all namespaces. The following example restricts the visibility to the +// current namespace, represented by ".", so that it cannot be used by other +// namespaces. // // ```yaml // apiVersion: networking.istio.io/v1alpha3 // kind: ServiceEntry // metadata: // name: external-svc-httpbin +// namespace : egress // spec: // hosts: // - httpbin.com +// export_to: +// - . // location: MESH_EXTERNAL // ports: // - number: 80 @@ -159,6 +166,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // kind: Gateway // metadata: // name: istio-egressgateway +// namespace: egress // spec: // selector: // istio: egressgateway @@ -173,16 +181,22 @@ option go_package = "istio.io/api/networking/v1alpha3"; // // And the associated VirtualService to route from the sidecar to the // gateway service (istio-egressgateway.istio-system.svc.cluster.local), as -// well as route from the gateway to the external service. +// well as route from the gateway to the external service. Note that the +// virtual service is exported to all namespaces enabling them to route traffic +// through the gateway to the external service. Forcing traffic to go through +// a managed middle proxy like this is a common practice. // // ```yaml // apiVersion: networking.istio.io/v1alpha3 // kind: VirtualService // metadata: // name: gateway-routing +// namespace: egress // spec: // hosts: // - httpbin.com +// export_to: +// - * // gateways: // - mesh // - istio-egressgateway @@ -429,10 +443,22 @@ message ServiceEntry { // One or more endpoints associated with the service. repeated Endpoint endpoints = 6; - // The visibility setting associated with this service entry. Set to - // PRIVATE if this service should not be visible outside the namespace - // where the service entry was added. The default scope is public, - // i.e. the service added by the service entry will be visible to - // workloads in the entire mesh. - ConfigScope config_scope = 7; + // $hide_from_docs + // A list of namespaces to which this service is exported. Exporting a service + // allows it to used by sidecars, gateways and virtual services defined in + // other namespaces. This feature provides a mechanism for service owners + // and mesh administrators to control the visibility of services across + // namespace boundaries. + // + // If no namespaces are specified then the service is exported to all + // namespaces by default. + // + // The value "." is reserved and defines an export to the same namespace that + // the service is declared in, similarly the value "*" is reserved and + // defines an export to all namespaces. + // + // For a Kubernetes Service the equivalent effect can be achieved by setting + // the annotation "networking.istio.io/export_to" to a comma-separated list + // of namespace names. + repeated string export_to = 7; } diff --git a/networking/v1alpha3/sidecar.pb.go b/networking/v1alpha3/sidecar.pb.go index 0c2afe181a..261089983c 100644 --- a/networking/v1alpha3/sidecar.pb.go +++ b/networking/v1alpha3/sidecar.pb.go @@ -14,35 +14,6 @@ var _ = proto.Marshal var _ = fmt.Errorf var _ = math.Inf -// ConfigScope defines the visibility of an Istio configuration artifact in -// a namespace when the namespace is imported. By default all -// configuration artifacts are public. Configurations with private scope -// will not be imported when the namespace containing the configuration is -// imported in a Sidecar. -type ConfigScope int32 - -const ( - // Config with this scope are visible to all workloads in the mesh - ConfigScope_PUBLIC ConfigScope = 0 - // Configs with this scope are visible to only workloads in the same - // namespace as the configuration resource. - ConfigScope_PRIVATE ConfigScope = 1 -) - -var ConfigScope_name = map[int32]string{ - 0: "PUBLIC", - 1: "PRIVATE", -} -var ConfigScope_value = map[string]int32{ - "PUBLIC": 0, - "PRIVATE": 1, -} - -func (x ConfigScope) String() string { - return proto.EnumName(ConfigScope_name, int32(x)) -} -func (ConfigScope) EnumDescriptor() ([]byte, []int) { return fileDescriptorSidecar, []int{0} } - // CaptureMode describes how traffic to a listener is expected to be // captured. Applicable only when the listener is bound to an IP. type CaptureMode int32 @@ -74,7 +45,7 @@ var CaptureMode_value = map[string]int32{ func (x CaptureMode) String() string { return proto.EnumName(CaptureMode_name, int32(x)) } -func (CaptureMode) EnumDescriptor() ([]byte, []int) { return fileDescriptorSidecar, []int{1} } +func (CaptureMode) EnumDescriptor() ([]byte, []int) { return fileDescriptorSidecar, []int{0} } // `Sidecar` describes the configuration of the sidecar proxy that mediates // inbound and outbound communication to the workload it is attached to. By @@ -367,7 +338,6 @@ func init() { proto.RegisterType((*IstioIngressListener)(nil), "istio.networking.v1alpha3.IstioIngressListener") proto.RegisterType((*IstioEgressListener)(nil), "istio.networking.v1alpha3.IstioEgressListener") proto.RegisterType((*WorkloadSelector)(nil), "istio.networking.v1alpha3.WorkloadSelector") - proto.RegisterEnum("istio.networking.v1alpha3.ConfigScope", ConfigScope_name, ConfigScope_value) proto.RegisterEnum("istio.networking.v1alpha3.CaptureMode", CaptureMode_name, CaptureMode_value) } func (m *Sidecar) Marshal() (dAtA []byte, err error) { @@ -1399,36 +1369,35 @@ var ( func init() { proto.RegisterFile("networking/v1alpha3/sidecar.proto", fileDescriptorSidecar) } var fileDescriptorSidecar = []byte{ - // 496 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x93, 0x3f, 0x6f, 0xd3, 0x40, - 0x18, 0xc6, 0x7b, 0xb1, 0x49, 0x9a, 0xd7, 0x15, 0x98, 0xa3, 0x83, 0xe9, 0x10, 0x4c, 0x86, 0xca, - 0x14, 0xc9, 0x16, 0xc9, 0xc0, 0x9f, 0x2d, 0x09, 0xae, 0x64, 0xc9, 0xb4, 0x91, 0x93, 0x02, 0x62, - 0x89, 0x2e, 0xf6, 0x35, 0x3d, 0xd5, 0xf8, 0xac, 0xf3, 0xa5, 0x51, 0xbe, 0x0c, 0x5f, 0x85, 0x95, - 0x91, 0x85, 0x1d, 0xe5, 0x43, 0x30, 0x23, 0xff, 0xa9, 0x5a, 0xa2, 0x10, 0xc4, 0xd6, 0xed, 0xde, - 0xf7, 0x9e, 0xe7, 0xf7, 0xfa, 0xf1, 0xdd, 0xc1, 0xd3, 0x84, 0xca, 0x05, 0x17, 0x97, 0x2c, 0x99, - 0x39, 0x57, 0x2f, 0x48, 0x9c, 0x5e, 0x90, 0xae, 0x93, 0xb1, 0x88, 0x86, 0x44, 0xd8, 0xa9, 0xe0, - 0x92, 0xe3, 0xc7, 0x2c, 0x93, 0x8c, 0xdb, 0x37, 0x42, 0xfb, 0x5a, 0x78, 0xb0, 0xd1, 0x3d, 0x23, - 0x92, 0x2e, 0xc8, 0xb2, 0x74, 0xb7, 0x7f, 0x21, 0x68, 0x8c, 0x4a, 0x1e, 0xfe, 0x08, 0x0f, 0x73, - 0x75, 0xcc, 0x49, 0x34, 0xc9, 0x68, 0x4c, 0x43, 0xc9, 0x85, 0x81, 0x4c, 0x64, 0x69, 0x9d, 0xe7, - 0xf6, 0x5f, 0xa7, 0xd8, 0x1f, 0x2a, 0xcf, 0xa8, 0xb2, 0x04, 0xfa, 0x62, 0xad, 0x83, 0x3d, 0x68, - 0xb0, 0x64, 0x26, 0x68, 0x96, 0x19, 0x35, 0x53, 0xb1, 0xb4, 0x8e, 0xb3, 0x85, 0xe7, 0xe5, 0x3b, - 0x5e, 0x29, 0xf7, 0x59, 0x26, 0x69, 0x42, 0x45, 0x70, 0xed, 0xc7, 0xc7, 0x50, 0xa7, 0x25, 0x49, - 0x29, 0x48, 0xf6, 0xbf, 0x48, 0xee, 0x9f, 0xa0, 0xca, 0xdd, 0xfe, 0x81, 0x60, 0x7f, 0xd3, 0x24, - 0xdc, 0x05, 0x35, 0xe5, 0x42, 0x56, 0xc1, 0x9f, 0x6c, 0xc1, 0x0f, 0xb9, 0x90, 0x41, 0x21, 0xc6, - 0x18, 0xd4, 0x29, 0x4b, 0x22, 0xa3, 0x66, 0x22, 0xab, 0x19, 0x14, 0x6b, 0xec, 0xc1, 0x5e, 0x48, - 0x52, 0x39, 0x17, 0x74, 0xf2, 0x99, 0x47, 0xd4, 0x50, 0x4c, 0x64, 0xdd, 0xef, 0x1c, 0x6e, 0x01, - 0x0e, 0x4a, 0xf9, 0x3b, 0x1e, 0xd1, 0x40, 0x0b, 0x6f, 0x0a, 0xfc, 0x0c, 0xf4, 0x88, 0x9e, 0x93, - 0x79, 0x2c, 0x27, 0x34, 0x89, 0x52, 0xce, 0x12, 0x69, 0xa8, 0xc5, 0xa8, 0x07, 0x55, 0xdf, 0xad, - 0xda, 0xed, 0xaf, 0x08, 0x1e, 0x6d, 0xc8, 0x7d, 0x27, 0x63, 0xed, 0xc3, 0xbd, 0x0b, 0x9e, 0xc9, - 0xcc, 0x50, 0x4d, 0xc5, 0x6a, 0x06, 0x65, 0xd1, 0xfe, 0x82, 0x40, 0x5f, 0xbf, 0x53, 0xf8, 0x14, - 0xea, 0x31, 0x99, 0xd2, 0x38, 0x33, 0x50, 0x71, 0xec, 0x2f, 0xff, 0xe3, 0x42, 0xda, 0x7e, 0xe1, - 0x74, 0x13, 0x29, 0x96, 0x41, 0x85, 0x39, 0x78, 0x0d, 0xda, 0xad, 0x36, 0xd6, 0x41, 0xb9, 0xa4, - 0xcb, 0xe2, 0xef, 0x34, 0x83, 0x7c, 0x99, 0x7f, 0xdc, 0x15, 0x89, 0xe7, 0xb4, 0x0a, 0x5f, 0x16, - 0x6f, 0x6a, 0xaf, 0xd0, 0xd1, 0x21, 0x68, 0x03, 0x9e, 0x9c, 0xb3, 0xd9, 0x28, 0xe4, 0x29, 0xc5, - 0x00, 0xf5, 0xe1, 0x59, 0xdf, 0xf7, 0x06, 0xfa, 0x0e, 0xd6, 0xa0, 0x31, 0x0c, 0xbc, 0xf7, 0xbd, - 0xb1, 0xab, 0xa3, 0xa3, 0x0e, 0x68, 0xb7, 0xa2, 0xe7, 0x7b, 0x6f, 0xdd, 0xe3, 0xde, 0x99, 0x3f, - 0xd6, 0x77, 0xf0, 0x1e, 0xec, 0x7a, 0xc3, 0x71, 0xaf, 0xef, 0xbb, 0x23, 0x1d, 0xe1, 0x5d, 0x50, - 0x4f, 0x4e, 0x4f, 0x5c, 0xbd, 0xd6, 0xb7, 0xbf, 0xad, 0x5a, 0xe8, 0xfb, 0xaa, 0x85, 0x7e, 0xae, - 0x5a, 0xe8, 0x93, 0x59, 0x86, 0x64, 0xdc, 0x21, 0x29, 0x73, 0x36, 0xbc, 0xe6, 0x69, 0xbd, 0x78, - 0xc6, 0xdd, 0xdf, 0x01, 0x00, 0x00, 0xff, 0xff, 0x62, 0xef, 0x1c, 0x27, 0x29, 0x04, 0x00, 0x00, + // 465 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x93, 0x4f, 0x6f, 0xd3, 0x30, + 0x18, 0xc6, 0x71, 0x13, 0xda, 0xf5, 0xcd, 0x04, 0xc1, 0xec, 0x10, 0x76, 0x28, 0xa1, 0x07, 0x14, + 0x40, 0x4a, 0x44, 0x7b, 0xe0, 0xcf, 0x6d, 0x83, 0x4c, 0x8a, 0x54, 0xb6, 0x29, 0x1d, 0x02, 0x71, + 0xa9, 0xdc, 0xe6, 0xa5, 0xb3, 0x16, 0xe2, 0xc8, 0x76, 0x57, 0xf5, 0xcb, 0xf0, 0x55, 0xb8, 0x72, + 0xe4, 0xc2, 0x1d, 0xf5, 0x43, 0x70, 0x46, 0x4d, 0x3c, 0x6d, 0x4c, 0xa5, 0x88, 0x1b, 0x37, 0xbf, + 0x6f, 0x9e, 0xe7, 0xf7, 0xfa, 0x89, 0x6d, 0x78, 0x50, 0xa0, 0x9e, 0x0b, 0x79, 0xc6, 0x8b, 0x69, + 0x74, 0xfe, 0x94, 0xe5, 0xe5, 0x29, 0xeb, 0x47, 0x8a, 0x67, 0x38, 0x61, 0x32, 0x2c, 0xa5, 0xd0, + 0x82, 0xde, 0xe3, 0x4a, 0x73, 0x11, 0x5e, 0x0a, 0xc3, 0x0b, 0xe1, 0xee, 0x5a, 0xf7, 0x94, 0x69, + 0x9c, 0xb3, 0x45, 0xed, 0xee, 0xfe, 0x24, 0xd0, 0x1a, 0xd6, 0x3c, 0xfa, 0x1e, 0xee, 0xac, 0xd4, + 0xb9, 0x60, 0xd9, 0x48, 0x61, 0x8e, 0x13, 0x2d, 0xa4, 0x47, 0x7c, 0x12, 0x38, 0xbd, 0x27, 0xe1, + 0x1f, 0xa7, 0x84, 0xef, 0x8c, 0x67, 0x68, 0x2c, 0xa9, 0x3b, 0xbf, 0xd6, 0xa1, 0x09, 0xb4, 0x78, + 0x31, 0x95, 0xa8, 0x94, 0xd7, 0xf0, 0xad, 0xc0, 0xe9, 0x45, 0x1b, 0x78, 0xc9, 0xea, 0x4b, 0x52, + 0xcb, 0x07, 0x5c, 0x69, 0x2c, 0x50, 0xa6, 0x17, 0x7e, 0x7a, 0x00, 0x4d, 0xac, 0x49, 0x56, 0x45, + 0x0a, 0xff, 0x46, 0x8a, 0x7f, 0x07, 0x19, 0x77, 0xf7, 0x3b, 0x81, 0x9d, 0x75, 0x93, 0x68, 0x1f, + 0xec, 0x52, 0x48, 0x6d, 0x82, 0xdf, 0xdf, 0x80, 0x3f, 0x16, 0x52, 0xa7, 0x95, 0x98, 0x52, 0xb0, + 0xc7, 0xbc, 0xc8, 0xbc, 0x86, 0x4f, 0x82, 0x76, 0x5a, 0xad, 0x69, 0x02, 0xdb, 0x13, 0x56, 0xea, + 0x99, 0xc4, 0xd1, 0x27, 0x91, 0xa1, 0x67, 0xf9, 0x24, 0xb8, 0xd5, 0x7b, 0xb8, 0x01, 0xf8, 0xaa, + 0x96, 0xbf, 0x11, 0x19, 0xa6, 0xce, 0xe4, 0xb2, 0xa0, 0x8f, 0xc0, 0xcd, 0xf0, 0x23, 0x9b, 0xe5, + 0x7a, 0x84, 0x45, 0x56, 0x0a, 0x5e, 0x68, 0xcf, 0xae, 0x46, 0xdd, 0x36, 0xfd, 0xd8, 0xb4, 0xbb, + 0x5f, 0x08, 0xdc, 0x5d, 0x93, 0xfb, 0xbf, 0x8c, 0xb5, 0x03, 0x37, 0x4f, 0x85, 0xd2, 0xca, 0xb3, + 0x7d, 0x2b, 0x68, 0xa7, 0x75, 0xd1, 0xfd, 0x4c, 0xc0, 0xbd, 0x7e, 0xa7, 0xe8, 0x11, 0x34, 0x73, + 0x36, 0xc6, 0x5c, 0x79, 0xa4, 0x3a, 0xf6, 0x67, 0xff, 0x70, 0x21, 0xc3, 0x41, 0xe5, 0x8c, 0x0b, + 0x2d, 0x17, 0xa9, 0xc1, 0xec, 0xbe, 0x00, 0xe7, 0x4a, 0x9b, 0xba, 0x60, 0x9d, 0xe1, 0xa2, 0xfa, + 0x3b, 0xed, 0x74, 0xb5, 0x5c, 0x6d, 0xee, 0x9c, 0xe5, 0x33, 0x34, 0xe1, 0xeb, 0xe2, 0x65, 0xe3, + 0x39, 0x79, 0xdc, 0x03, 0xe7, 0x4a, 0x24, 0xea, 0x40, 0xeb, 0x75, 0x7c, 0xb0, 0xf7, 0x76, 0x70, + 0xe2, 0xde, 0xa0, 0xdb, 0xb0, 0x95, 0x1c, 0x9f, 0xec, 0xed, 0x0f, 0xe2, 0xa1, 0x4b, 0xe8, 0x16, + 0xd8, 0x87, 0x47, 0x87, 0xb1, 0xdb, 0xd8, 0x0f, 0xbf, 0x2e, 0x3b, 0xe4, 0xdb, 0xb2, 0x43, 0x7e, + 0x2c, 0x3b, 0xe4, 0x83, 0x5f, 0x6f, 0x9e, 0x8b, 0x88, 0x95, 0x3c, 0x5a, 0xf3, 0x4a, 0xc7, 0xcd, + 0xea, 0x79, 0xf6, 0x7f, 0x05, 0x00, 0x00, 0xff, 0xff, 0x32, 0x9f, 0xa8, 0x1c, 0x01, 0x04, 0x00, + 0x00, } diff --git a/networking/v1alpha3/sidecar.proto b/networking/v1alpha3/sidecar.proto index f927fe919c..efd9d80863 100644 --- a/networking/v1alpha3/sidecar.proto +++ b/networking/v1alpha3/sidecar.proto @@ -195,20 +195,6 @@ message IstioEgressListener { repeated string hosts = 4; } -// ConfigScope defines the visibility of an Istio configuration artifact in -// a namespace when the namespace is imported. By default all -// configuration artifacts are public. Configurations with private scope -// will not be imported when the namespace containing the configuration is -// imported in a Sidecar. -enum ConfigScope { - // Config with this scope are visible to all workloads in the mesh - PUBLIC = 0; - - // Configs with this scope are visible to only workloads in the same - // namespace as the configuration resource. - PRIVATE = 1; -} - // WorkloadSelector specifies the criteria used to determine if the Gateway // or Sidecar resource can be applied to a proxy. The matching criteria // includes the metadata associated with a proxy, workload info such as diff --git a/networking/v1alpha3/virtual_service.pb.go b/networking/v1alpha3/virtual_service.pb.go index f5ddde8588..46799d78cf 100644 --- a/networking/v1alpha3/virtual_service.pb.go +++ b/networking/v1alpha3/virtual_service.pb.go @@ -134,11 +134,20 @@ type VirtualService struct { // be applied to any port that is not a HTTP or TLS port. The first rule // matching an incoming request is used. Tcp []*TCPRoute `protobuf:"bytes,4,rep,name=tcp" json:"tcp,omitempty"` - // The visibility setting associated with this VirtualService. Set to - // PRIVATE if this virtual service should not be exported, i.e. restrict - // the applicability of this virtual service to only workloads in the same - // namespace as the virtual service. - ConfigScope ConfigScope `protobuf:"varint,6,opt,name=config_scope,json=configScope,proto3,enum=istio.networking.v1alpha3.ConfigScope" json:"config_scope,omitempty"` + // $hide_from_docs + // A list of namespaces to which this virtual service is exported. Exporting a + // virtual service allows it to used by sidecars and gateways defined in + // other namespaces. This feature provides a mechanism for service owners + // and mesh administrators to control the visibility of virtual services + // across namespace boundaries. + // + // If no namespaces are specified then the virtual service is exported to all + // namespaces by default. + // + // The value "." is reserved and defines an export to the same namespace that + // the virtual service is declared in, similarly the value "*" is reserved and + // defines an export to all namespaces. + ExportTo []string `protobuf:"bytes,6,rep,name=export_to,json=exportTo" json:"export_to,omitempty"` } func (m *VirtualService) Reset() { *m = VirtualService{} } @@ -181,11 +190,11 @@ func (m *VirtualService) GetTcp() []*TCPRoute { return nil } -func (m *VirtualService) GetConfigScope() ConfigScope { +func (m *VirtualService) GetExportTo() []string { if m != nil { - return m.ConfigScope + return m.ExportTo } - return ConfigScope_PUBLIC + return nil } // Destination indicates the network addressable service to which the @@ -2263,10 +2272,20 @@ func (m *VirtualService) MarshalTo(dAtA []byte) (int, error) { i += n } } - if m.ConfigScope != 0 { - dAtA[i] = 0x30 - i++ - i = encodeVarintVirtualService(dAtA, i, uint64(m.ConfigScope)) + if len(m.ExportTo) > 0 { + for _, s := range m.ExportTo { + dAtA[i] = 0x32 + i++ + l = len(s) + for l >= 1<<7 { + dAtA[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + dAtA[i] = uint8(l) + i++ + i += copy(dAtA[i:], s) + } } return i, nil } @@ -3666,8 +3685,11 @@ func (m *VirtualService) Size() (n int) { n += 1 + l + sovVirtualService(uint64(l)) } } - if m.ConfigScope != 0 { - n += 1 + sovVirtualService(uint64(m.ConfigScope)) + if len(m.ExportTo) > 0 { + for _, s := range m.ExportTo { + l = len(s) + n += 1 + l + sovVirtualService(uint64(l)) + } } return n } @@ -4461,10 +4483,10 @@ func (m *VirtualService) Unmarshal(dAtA []byte) error { } iNdEx = postIndex case 6: - if wireType != 0 { - return fmt.Errorf("proto: wrong wireType = %d for field ConfigScope", wireType) + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ExportTo", wireType) } - m.ConfigScope = 0 + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowVirtualService @@ -4474,11 +4496,21 @@ func (m *VirtualService) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - m.ConfigScope |= (ConfigScope(b) & 0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthVirtualService + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ExportTo = append(m.ExportTo, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipVirtualService(dAtA[iNdEx:]) @@ -9131,119 +9163,117 @@ func init() { } var fileDescriptorVirtualService = []byte{ - // 1812 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x59, 0x4f, 0x73, 0x1b, 0x49, - 0x15, 0xcf, 0x48, 0x1a, 0xfd, 0x79, 0x92, 0x1d, 0xbb, 0xf1, 0x66, 0x27, 0x62, 0x2b, 0x38, 0x5a, - 0x76, 0x31, 0xb5, 0xac, 0x5c, 0x28, 0xb0, 0xb8, 0x96, 0x6c, 0x76, 0x6d, 0x27, 0x59, 0x85, 0x4a, - 0x88, 0x6b, 0x64, 0xf6, 0xc0, 0x65, 0xaa, 0x35, 0xd3, 0x96, 0x86, 0x8c, 0x66, 0x86, 0xee, 0x1e, - 0xdb, 0x2a, 0x8e, 0xfc, 0xb9, 0x43, 0x71, 0xa5, 0xf8, 0x14, 0x5c, 0xb8, 0x70, 0xe5, 0x44, 0xf1, - 0x09, 0xa8, 0x54, 0x0e, 0x5c, 0xf9, 0x0a, 0x54, 0xff, 0x99, 0xd1, 0xd8, 0xb2, 0x35, 0x92, 0x09, - 0x14, 0x27, 0xab, 0xbb, 0xdf, 0xef, 0xf5, 0xeb, 0xd7, 0xfd, 0xde, 0xfb, 0xcd, 0x33, 0x7c, 0x3b, - 0x24, 0xfc, 0x2c, 0xa2, 0xaf, 0xfc, 0x70, 0xb4, 0x7b, 0xfa, 0x5d, 0x1c, 0xc4, 0x63, 0xfc, 0x60, - 0xf7, 0xd4, 0xa7, 0x3c, 0xc1, 0x81, 0xc3, 0x08, 0x3d, 0xf5, 0x5d, 0xd2, 0x8d, 0x69, 0xc4, 0x23, - 0x74, 0xd7, 0x67, 0xdc, 0x8f, 0xba, 0x33, 0x40, 0x37, 0x05, 0xb4, 0xef, 0x8d, 0xa2, 0x68, 0x14, - 0x90, 0x5d, 0x29, 0x38, 0x4c, 0x4e, 0x76, 0xbd, 0x84, 0x62, 0xee, 0x47, 0xa1, 0x82, 0xce, 0xaf, - 0x9f, 0x51, 0x1c, 0xc7, 0x84, 0x32, 0xbd, 0x7e, 0xff, 0x2a, 0x2b, 0x98, 0xef, 0x11, 0x17, 0x53, - 0x25, 0xd2, 0xf9, 0x53, 0x09, 0xd6, 0xbf, 0x52, 0x76, 0x0d, 0x94, 0x59, 0x68, 0x0b, 0xcc, 0x71, - 0xc4, 0x38, 0xb3, 0x8c, 0xed, 0xf2, 0x4e, 0xc3, 0x56, 0x03, 0xd4, 0x86, 0xfa, 0x08, 0x73, 0x72, - 0x86, 0xa7, 0xcc, 0x2a, 0xc9, 0x85, 0x6c, 0x8c, 0xf6, 0xa0, 0x32, 0xe6, 0x3c, 0xb6, 0xca, 0xdb, - 0xe5, 0x9d, 0x66, 0xef, 0x9b, 0xdd, 0x6b, 0x4f, 0xd4, 0xed, 0x1f, 0x1f, 0x1f, 0xd9, 0x51, 0xc2, - 0x89, 0x2d, 0x11, 0xe8, 0xfb, 0x50, 0xe6, 0x6e, 0x6c, 0x55, 0x24, 0xf0, 0xfd, 0x05, 0xc0, 0xe3, - 0x43, 0x8d, 0x13, 0xf2, 0x12, 0x16, 0x30, 0xcb, 0x2c, 0x86, 0x3d, 0x1f, 0xa4, 0xb0, 0x80, 0xa1, - 0x67, 0xd0, 0x72, 0xa3, 0xf0, 0xc4, 0x1f, 0x39, 0xcc, 0x8d, 0x62, 0x62, 0x55, 0xb7, 0x8d, 0x9d, - 0xf5, 0xde, 0x87, 0x0b, 0xf0, 0x87, 0x52, 0x7c, 0x20, 0xa4, 0xed, 0xa6, 0x3b, 0x1b, 0x74, 0x4e, - 0xa1, 0xf9, 0x98, 0x30, 0xee, 0x87, 0xf2, 0x3e, 0x10, 0x82, 0x8a, 0x70, 0x93, 0x65, 0x6c, 0x1b, - 0x3b, 0x0d, 0x5b, 0xfe, 0x46, 0x77, 0xa0, 0xca, 0x92, 0x21, 0x23, 0xdc, 0x2a, 0xc9, 0x59, 0x3d, - 0x42, 0x3f, 0x84, 0x4a, 0x1c, 0x51, 0x6e, 0x95, 0xb7, 0x8d, 0x9d, 0x66, 0xef, 0x5b, 0x0b, 0x76, - 0x3f, 0x8a, 0x28, 0x1f, 0x90, 0x80, 0xb8, 0x3c, 0xa2, 0xb6, 0x04, 0x75, 0xfe, 0x05, 0xd0, 0xc8, - 0x9c, 0x88, 0xf6, 0xc1, 0x9c, 0x60, 0xee, 0x8e, 0xe5, 0x55, 0x35, 0x7b, 0x1f, 0x15, 0x78, 0xfe, - 0x85, 0x90, 0xb5, 0xc9, 0xcf, 0x13, 0xc2, 0xb8, 0xad, 0x90, 0xe8, 0x09, 0x98, 0x54, 0xe8, 0x92, - 0x97, 0xda, 0xec, 0xed, 0x2e, 0x73, 0x79, 0xb9, 0x93, 0xdb, 0x0a, 0x8d, 0x0e, 0xa1, 0x4e, 0x89, - 0xe7, 0x53, 0xe2, 0x2e, 0x73, 0x30, 0xa9, 0x49, 0x8b, 0xdb, 0x19, 0x10, 0x7d, 0x01, 0x35, 0x4a, - 0xce, 0xa8, 0xcf, 0x89, 0x55, 0x91, 0x3a, 0x3e, 0x2c, 0xd4, 0x21, 0xa5, 0xed, 0x14, 0x86, 0x3e, - 0x82, 0xcd, 0x33, 0x32, 0x64, 0x91, 0xfb, 0x8a, 0x70, 0x27, 0x89, 0x47, 0x14, 0x7b, 0xc4, 0x32, - 0xb7, 0x8d, 0x9d, 0xba, 0xbd, 0x91, 0x2d, 0xfc, 0x44, 0xcd, 0xa3, 0x07, 0x50, 0xe3, 0xfe, 0x84, - 0x44, 0x09, 0x97, 0x2f, 0xa1, 0xd9, 0xbb, 0xdb, 0x55, 0x01, 0xd5, 0x4d, 0x03, 0xaa, 0xfb, 0x58, - 0x07, 0x9c, 0x9d, 0x4a, 0xa2, 0x47, 0xc2, 0x46, 0x4e, 0x7d, 0xc2, 0xac, 0x9a, 0x04, 0x15, 0x3e, - 0x77, 0xc2, 0xe9, 0xd4, 0x4e, 0x41, 0xe8, 0x10, 0xcc, 0x13, 0x9c, 0x04, 0xdc, 0xaa, 0x4b, 0xf4, - 0xc7, 0x05, 0xe8, 0xa7, 0x42, 0xf6, 0x59, 0xf8, 0x33, 0xe2, 0x2a, 0x6f, 0x4b, 0x2c, 0x7a, 0x04, - 0xd5, 0x89, 0x4f, 0x69, 0x44, 0xad, 0x46, 0xa1, 0x9f, 0xf2, 0x97, 0xa5, 0x51, 0xe8, 0x29, 0x34, - 0xdd, 0x88, 0x32, 0x27, 0x8e, 0x02, 0xdf, 0x9d, 0x5a, 0x20, 0x95, 0x7c, 0xb0, 0x30, 0x0e, 0x28, - 0x3b, 0x92, 0xc2, 0x36, 0xb8, 0xd9, 0x6f, 0x34, 0x84, 0x75, 0x91, 0x70, 0x42, 0xcf, 0x19, 0x13, - 0xec, 0x11, 0xca, 0xac, 0xa6, 0x7c, 0x45, 0x3f, 0x58, 0xe6, 0x15, 0x75, 0xf7, 0x25, 0xb4, 0xaf, - 0x90, 0x4f, 0x42, 0x4e, 0xa7, 0x07, 0x25, 0xcb, 0xb0, 0xd7, 0x70, 0x7e, 0x1e, 0x7d, 0x0a, 0xef, - 0x52, 0x32, 0x89, 0x4e, 0x89, 0x43, 0x09, 0x8b, 0xa3, 0x90, 0x91, 0x6c, 0xb3, 0x96, 0xc8, 0x43, - 0x12, 0xf3, 0x8e, 0x12, 0xb1, 0xb5, 0x44, 0x8a, 0xfd, 0x05, 0xbc, 0xab, 0xed, 0x9b, 0xc3, 0xae, - 0x49, 0x43, 0x3f, 0x5f, 0xc1, 0xd0, 0x4b, 0xca, 0x67, 0x06, 0xbf, 0x83, 0xaf, 0x5a, 0x47, 0x7b, - 0x70, 0x27, 0x33, 0x5c, 0x86, 0x5c, 0xb6, 0xf7, 0x7a, 0x66, 0xf7, 0x56, 0x6a, 0xb7, 0x14, 0x48, - 0x91, 0xe7, 0x70, 0x27, 0x33, 0xfb, 0x22, 0xf2, 0xb6, 0xb4, 0xfa, 0xd1, 0x4a, 0x56, 0xe7, 0x55, - 0xcf, 0x8c, 0xde, 0xc2, 0x57, 0x2c, 0xa3, 0x87, 0x50, 0x4b, 0xb7, 0xda, 0x90, 0x8f, 0xa2, 0xb3, - 0x68, 0x2b, 0x25, 0x69, 0xa7, 0x90, 0xf6, 0x17, 0x80, 0xe6, 0xef, 0x14, 0x6d, 0x40, 0xf9, 0x15, - 0x99, 0xea, 0xd4, 0x28, 0x7e, 0x8a, 0x0a, 0x73, 0x8a, 0x83, 0x84, 0xe8, 0xc4, 0xa8, 0x06, 0x9f, - 0x96, 0xf6, 0x8c, 0x76, 0x1f, 0xda, 0xd7, 0x3b, 0x7b, 0x25, 0x4d, 0x5f, 0xc2, 0xdd, 0x6b, 0x1d, - 0xb0, 0x8a, 0xa2, 0xce, 0x3f, 0xcb, 0x50, 0x4b, 0xdd, 0xf3, 0x42, 0x04, 0xbf, 0x54, 0x27, 0xb1, - 0xcd, 0xde, 0x83, 0x62, 0xf7, 0xe8, 0xbf, 0x2f, 0x63, 0xa2, 0x52, 0x09, 0xb3, 0x53, 0x1d, 0xe8, - 0xa5, 0x48, 0x9a, 0xea, 0x9c, 0x72, 0xdf, 0x1b, 0xea, 0xcb, 0x94, 0xb4, 0xff, 0x5c, 0x82, 0x8d, - 0xcb, 0xcb, 0xe8, 0xc7, 0x50, 0x16, 0x45, 0x48, 0x95, 0x88, 0x87, 0x37, 0xd8, 0xa0, 0x3b, 0x20, - 0x5c, 0xfa, 0xcd, 0x16, 0x8a, 0x84, 0x3e, 0xec, 0x79, 0xba, 0x5e, 0xdc, 0x48, 0xdf, 0xbe, 0xe7, - 0x69, 0x7d, 0xd8, 0xf3, 0x44, 0x9d, 0x54, 0x51, 0x20, 0xf9, 0x43, 0xc3, 0xd6, 0xa3, 0xf6, 0x27, - 0x50, 0x4f, 0x37, 0x5e, 0xe9, 0xe6, 0x3f, 0x81, 0x7a, 0xba, 0xc1, 0x4a, 0x17, 0xfd, 0x3b, 0x03, - 0xea, 0x29, 0x5f, 0x10, 0x69, 0x3a, 0x5f, 0x59, 0x3f, 0x5e, 0xcc, 0x31, 0x64, 0x61, 0xdd, 0xe7, - 0x9c, 0xfa, 0xc3, 0x84, 0x13, 0x96, 0xd6, 0xd6, 0xfd, 0x8b, 0xb5, 0x75, 0x51, 0x79, 0xbe, 0xa6, - 0xae, 0x76, 0x7e, 0x2b, 0x8c, 0xd2, 0xdc, 0x07, 0x1d, 0x5c, 0x34, 0xea, 0x3b, 0x0b, 0xf4, 0x3d, - 0xff, 0xde, 0x7f, 0xcf, 0xa6, 0x3f, 0x9a, 0xb0, 0x71, 0x99, 0x4e, 0xa0, 0x3d, 0x28, 0x27, 0xd4, - 0xd7, 0x61, 0xb1, 0xa8, 0x1e, 0x0d, 0x38, 0xf5, 0xc3, 0x91, 0xc2, 0x0a, 0x88, 0x28, 0x66, 0xcc, - 0x1d, 0x93, 0x49, 0x1a, 0x03, 0xcb, 0x82, 0x35, 0x4a, 0x16, 0x43, 0xc2, 0xc7, 0x91, 0xa7, 0x89, - 0xc7, 0xd2, 0x78, 0x85, 0x42, 0x8f, 0xa1, 0x81, 0x13, 0x3e, 0x8e, 0xa8, 0xcf, 0xa7, 0x4b, 0xf0, - 0x8e, 0xbc, 0x8a, 0x19, 0x10, 0xd9, 0xb3, 0xcc, 0xa9, 0x68, 0xe9, 0xde, 0x0a, 0x64, 0xac, 0x9b, - 0xcf, 0x4e, 0x59, 0x3e, 0x15, 0xac, 0x52, 0x32, 0x45, 0xc1, 0x4e, 0xd6, 0x14, 0x01, 0x44, 0x43, - 0x58, 0x63, 0x51, 0x42, 0x5d, 0xe2, 0x04, 0x78, 0x48, 0x02, 0xc1, 0x42, 0xc4, 0x6e, 0x9f, 0xad, - 0xb2, 0xdb, 0x40, 0x2a, 0x78, 0x2e, 0xf1, 0x6a, 0xcb, 0x16, 0xcb, 0x4d, 0x5d, 0xe0, 0xfa, 0xf5, - 0x8b, 0x5c, 0xbf, 0x3d, 0x84, 0x56, 0x41, 0x2a, 0x7d, 0x98, 0x8f, 0xb0, 0xe5, 0x7d, 0x99, 0x8b, - 0xe0, 0xcf, 0x61, 0x73, 0xce, 0xc4, 0x95, 0x42, 0xf9, 0x6f, 0x26, 0x6c, 0x5d, 0xc5, 0x56, 0x51, - 0x1f, 0x9a, 0xde, 0x6c, 0xb8, 0xc4, 0x6b, 0xcd, 0x3f, 0xff, 0x3c, 0x54, 0x64, 0xad, 0x33, 0xe2, - 0x8f, 0xc6, 0x8a, 0xdd, 0x9b, 0xb6, 0x1e, 0x2d, 0xa2, 0x2b, 0xe5, 0x22, 0xba, 0xf2, 0x1b, 0xe3, - 0x7a, 0xbe, 0xa2, 0x3e, 0x91, 0x7e, 0xb4, 0x22, 0x3d, 0x7f, 0xeb, 0xd4, 0xc5, 0x2c, 0xa0, 0x2e, - 0xbf, 0x34, 0xae, 0xe5, 0x2e, 0x55, 0x79, 0x82, 0x67, 0x37, 0x3d, 0xc1, 0x0d, 0x69, 0x4c, 0x6d, - 0x75, 0x1a, 0xf3, 0x7f, 0x48, 0x42, 0x38, 0x6c, 0xfc, 0xef, 0xdf, 0x72, 0xe7, 0x2f, 0x25, 0xd8, - 0x9c, 0x2b, 0x24, 0x68, 0x17, 0xbe, 0x96, 0x03, 0x3b, 0x2c, 0x19, 0x86, 0x24, 0xeb, 0x16, 0xa0, - 0xdc, 0xd2, 0x40, 0xad, 0x64, 0x69, 0xac, 0x94, 0x4b, 0x63, 0xef, 0x67, 0x69, 0x4c, 0xe1, 0x65, - 0xee, 0x6e, 0xa4, 0x79, 0x48, 0x21, 0x91, 0x7b, 0x39, 0xd7, 0x55, 0x0a, 0xe9, 0xef, 0x9c, 0xb9, - 0x2b, 0x25, 0x3b, 0xf3, 0x52, 0xb2, 0xfb, 0x8f, 0x13, 0xd1, 0x3f, 0x4a, 0x80, 0xe6, 0xf9, 0x01, - 0xfa, 0x3a, 0x34, 0x58, 0xe8, 0x3b, 0xf9, 0x36, 0x4b, 0x9d, 0x85, 0x7e, 0x5f, 0x76, 0x5a, 0xae, - 0xf1, 0x6f, 0xa9, 0xd0, 0xbf, 0xe5, 0x45, 0xfe, 0xad, 0x5c, 0xe1, 0x5f, 0xef, 0xb2, 0x7f, 0xcd, - 0xc2, 0x8f, 0xa2, 0xf9, 0xc3, 0xac, 0xe4, 0xe0, 0xea, 0xdb, 0x76, 0xf0, 0x23, 0x68, 0xe5, 0x9b, - 0x09, 0x02, 0x9b, 0xd2, 0x90, 0x86, 0xa2, 0x17, 0xef, 0xe5, 0xcb, 0xbb, 0xc2, 0xcf, 0x26, 0x3a, - 0x9f, 0x41, 0x33, 0xd7, 0x48, 0x58, 0x19, 0x4e, 0xa0, 0x99, 0xab, 0x61, 0xe8, 0x0e, 0x98, 0xe4, - 0x1c, 0xbb, 0xba, 0x0f, 0xd4, 0xbf, 0x65, 0xab, 0x21, 0xb2, 0xa0, 0x1a, 0x53, 0x72, 0xe2, 0x9f, - 0x2b, 0x0d, 0xfd, 0x5b, 0xb6, 0x1e, 0x0b, 0x04, 0x25, 0x23, 0x72, 0xae, 0xde, 0xbf, 0x40, 0xc8, - 0xe1, 0x41, 0x0b, 0x40, 0xf2, 0x35, 0x87, 0x4f, 0x63, 0xd2, 0xf9, 0xb5, 0xa1, 0xbb, 0x3e, 0x44, - 0xf8, 0xa7, 0x0d, 0x75, 0xcc, 0x39, 0x99, 0xc4, 0xf2, 0xf1, 0x88, 0x80, 0xcd, 0xc6, 0x68, 0x1f, - 0x6e, 0xc7, 0x84, 0x3a, 0x9c, 0x4e, 0x9d, 0xb4, 0xb7, 0x51, 0x2a, 0xea, 0x6d, 0xac, 0xc5, 0x84, - 0x1e, 0xd3, 0xe9, 0xb1, 0xee, 0x70, 0xdc, 0x15, 0x5f, 0x25, 0x42, 0x41, 0x14, 0xea, 0xa8, 0x94, - 0xcd, 0x8b, 0xe9, 0xcb, 0xb0, 0xf3, 0x87, 0x12, 0xc0, 0xac, 0x15, 0x80, 0xee, 0x43, 0x0b, 0x07, - 0x41, 0x74, 0xe6, 0x44, 0xd4, 0x1f, 0xf9, 0xa1, 0x7e, 0xc9, 0x4d, 0x39, 0xf7, 0x52, 0x4e, 0x89, - 0x77, 0xa8, 0x44, 0x14, 0xd9, 0x4a, 0x9f, 0xb1, 0xc2, 0xbd, 0x50, 0x73, 0x33, 0xa1, 0x0b, 0x95, - 0x52, 0x0b, 0xa5, 0x39, 0xfd, 0x03, 0x58, 0x27, 0xe7, 0x71, 0x74, 0xa9, 0x24, 0x36, 0xec, 0x35, - 0x35, 0x9b, 0x8a, 0xf5, 0xa0, 0x36, 0xc1, 0xe7, 0x0e, 0x1e, 0xa9, 0xbe, 0xcf, 0xc2, 0x83, 0x57, - 0x27, 0xf8, 0x7c, 0x7f, 0x44, 0xd0, 0x97, 0xb0, 0xa9, 0xf6, 0x77, 0x29, 0xf1, 0x48, 0xc8, 0x7d, - 0x1c, 0x30, 0xdd, 0x12, 0x6a, 0xcf, 0xa1, 0x0f, 0xa2, 0x28, 0xf8, 0x4a, 0xbc, 0x3f, 0x7b, 0x43, - 0x82, 0x0e, 0x67, 0x98, 0xce, 0xef, 0x4d, 0x40, 0xf3, 0x5d, 0x1b, 0xf4, 0x0c, 0x4c, 0x8f, 0x04, - 0x78, 0xba, 0xcc, 0x47, 0xe3, 0x1c, 0xba, 0xfb, 0x58, 0x40, 0x6d, 0xa5, 0x41, 0xa8, 0xc2, 0xc3, - 0x34, 0x99, 0xae, 0xac, 0x6a, 0x5f, 0x40, 0x6d, 0xa5, 0xa1, 0xfd, 0xab, 0x12, 0x98, 0x52, 0x37, - 0x7a, 0x0f, 0x6a, 0x31, 0xa1, 0x2e, 0x09, 0xd5, 0xc3, 0x35, 0x65, 0x65, 0x4d, 0xa7, 0xd0, 0x43, - 0x68, 0x9e, 0xf8, 0xe7, 0xc4, 0x73, 0xd4, 0x19, 0x8a, 0x9e, 0x53, 0xff, 0x96, 0x0d, 0x52, 0x5e, - 0xe9, 0xee, 0xc3, 0xa6, 0xb8, 0xa0, 0x50, 0xb9, 0x48, 0xeb, 0x28, 0x17, 0xeb, 0xd8, 0xc8, 0xa1, - 0x94, 0xa6, 0x03, 0x00, 0x6d, 0xd2, 0xec, 0x72, 0x17, 0xd5, 0xf5, 0x23, 0x25, 0x6c, 0xe7, 0x50, - 0x07, 0x9b, 0x70, 0x7b, 0xcc, 0x79, 0xac, 0xcc, 0x90, 0xb1, 0xd5, 0x7e, 0x6d, 0x80, 0x29, 0xfd, - 0x52, 0xe0, 0x86, 0xfb, 0xd0, 0x94, 0x50, 0xc6, 0x31, 0x4f, 0x98, 0xaa, 0x94, 0xe2, 0xac, 0x62, - 0x72, 0x20, 0xe7, 0x84, 0xc8, 0x88, 0xc6, 0x6e, 0x2a, 0x92, 0x86, 0x34, 0x88, 0xc9, 0x99, 0x88, - 0x00, 0xf4, 0x1c, 0x22, 0xdb, 0x77, 0x95, 0x54, 0x44, 0x4e, 0x3e, 0x91, 0xcd, 0xb9, 0xb7, 0x71, - 0xce, 0x16, 0x80, 0xdc, 0x40, 0xa5, 0x8f, 0xa7, 0xd0, 0xca, 0xb7, 0x92, 0x45, 0x3a, 0x0a, 0x93, - 0xc9, 0x90, 0x50, 0x79, 0xce, 0x35, 0x91, 0x8e, 0xd4, 0x18, 0x6d, 0x41, 0x25, 0xc4, 0xfa, 0x4b, - 0x4c, 0xd8, 0x25, 0x47, 0x07, 0x55, 0x55, 0x60, 0x3a, 0xdf, 0x80, 0x9a, 0xde, 0x6c, 0x96, 0x91, - 0x85, 0x06, 0x43, 0x67, 0xe4, 0x83, 0xee, 0x5f, 0xdf, 0xdc, 0x33, 0xfe, 0xfe, 0xe6, 0x9e, 0xf1, - 0xfa, 0xcd, 0x3d, 0xe3, 0xa7, 0xdb, 0xca, 0x66, 0x3f, 0xda, 0xc5, 0xb1, 0xbf, 0x7b, 0xc5, 0xff, - 0x22, 0x86, 0x55, 0x79, 0xf3, 0x0f, 0xfe, 0x1d, 0x00, 0x00, 0xff, 0xff, 0x2f, 0xaf, 0xea, 0xb9, - 0x2f, 0x19, 0x00, 0x00, + // 1785 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xcc, 0x59, 0x4f, 0x73, 0xe3, 0x48, + 0x15, 0x1f, 0xd9, 0x96, 0xff, 0x3c, 0x3b, 0x19, 0xa7, 0xc9, 0x66, 0x15, 0xef, 0x56, 0xc8, 0x7a, + 0x59, 0x08, 0xb5, 0xac, 0x5d, 0x24, 0xb0, 0xa4, 0x96, 0x6c, 0x76, 0xed, 0x64, 0x66, 0x3d, 0xd4, + 0x0c, 0x49, 0xc9, 0x61, 0x0e, 0x5c, 0x54, 0xb2, 0xd4, 0xb1, 0xc5, 0xc8, 0x6a, 0xd1, 0x6a, 0x25, + 0x76, 0x71, 0xe4, 0xdf, 0x19, 0x8a, 0x2b, 0xc5, 0xf7, 0xe0, 0xc2, 0x95, 0x13, 0xc5, 0x27, 0xa0, + 0xa6, 0xe6, 0xc0, 0x95, 0xaf, 0x40, 0x75, 0xb7, 0x24, 0x2b, 0x71, 0x62, 0xd9, 0x61, 0xa0, 0x38, + 0xc5, 0xdd, 0xfd, 0x7e, 0xbf, 0x7e, 0xfd, 0xba, 0xfb, 0xbd, 0x9f, 0x3a, 0xf0, 0x6d, 0x0f, 0xb3, + 0x6b, 0x42, 0x5f, 0x39, 0xde, 0xb0, 0x7d, 0xf5, 0x5d, 0xd3, 0xf5, 0x47, 0xe6, 0x41, 0xfb, 0xca, + 0xa1, 0x2c, 0x34, 0x5d, 0x23, 0xc0, 0xf4, 0xca, 0xb1, 0x70, 0xcb, 0xa7, 0x84, 0x11, 0xb4, 0xed, + 0x04, 0xcc, 0x21, 0xad, 0x19, 0xa0, 0x15, 0x03, 0x1a, 0x3b, 0x43, 0x42, 0x86, 0x2e, 0x6e, 0x0b, + 0xc3, 0x41, 0x78, 0xd9, 0xb6, 0x43, 0x6a, 0x32, 0x87, 0x78, 0x12, 0x3a, 0x3f, 0x7e, 0x4d, 0x4d, + 0xdf, 0xc7, 0x34, 0x90, 0xe3, 0xcd, 0xdf, 0xe6, 0x60, 0xfd, 0xa5, 0x9c, 0xb4, 0x2f, 0xe7, 0x44, + 0x9b, 0xa0, 0x8e, 0x48, 0xc0, 0x02, 0x4d, 0xd9, 0xcd, 0xef, 0x55, 0x74, 0xd9, 0x40, 0x0d, 0x28, + 0x0f, 0x4d, 0x86, 0xaf, 0xcd, 0x69, 0xa0, 0xe5, 0xc4, 0x40, 0xd2, 0x46, 0x87, 0x50, 0x18, 0x31, + 0xe6, 0x6b, 0xf9, 0xdd, 0xfc, 0x5e, 0x75, 0xff, 0x1b, 0xad, 0x7b, 0xdd, 0x6d, 0xf5, 0x2e, 0x2e, + 0xce, 0x75, 0x12, 0x32, 0xac, 0x0b, 0x04, 0xfa, 0x3e, 0xe4, 0x99, 0xe5, 0x6b, 0x05, 0x01, 0xfc, + 0x70, 0x01, 0xf0, 0xe2, 0x24, 0xc2, 0x71, 0x7b, 0x01, 0x73, 0x03, 0x4d, 0xcd, 0x86, 0x3d, 0xef, + 0xc7, 0x30, 0x37, 0x40, 0xef, 0x41, 0x05, 0x4f, 0x7c, 0x42, 0x99, 0xc1, 0x88, 0x56, 0x94, 0x8b, + 0x90, 0x1d, 0x17, 0xa4, 0x79, 0x05, 0xd5, 0x53, 0x1c, 0x30, 0xc7, 0x13, 0xe1, 0x43, 0x08, 0x0a, + 0x7c, 0xe1, 0x9a, 0xb2, 0xab, 0xec, 0x55, 0x74, 0xf1, 0x1b, 0x6d, 0x41, 0x31, 0x08, 0x07, 0x01, + 0x66, 0x5a, 0x4e, 0xf4, 0x46, 0x2d, 0xf4, 0x43, 0x28, 0x70, 0x12, 0x2d, 0xbf, 0xab, 0xec, 0x55, + 0xf7, 0xbf, 0xb5, 0xc0, 0x9f, 0x73, 0x42, 0x59, 0x1f, 0xbb, 0xd8, 0x62, 0x84, 0xea, 0x02, 0xd4, + 0xfc, 0x17, 0x40, 0x25, 0x09, 0x0b, 0xea, 0x80, 0x3a, 0x36, 0x99, 0x35, 0x12, 0xc1, 0xaf, 0xee, + 0x7f, 0x9c, 0x11, 0xcb, 0x17, 0xdc, 0x56, 0xc7, 0x3f, 0x0f, 0x71, 0xc0, 0x74, 0x89, 0x44, 0x4f, + 0x40, 0xa5, 0x9c, 0x4b, 0x6c, 0x53, 0x75, 0xbf, 0xbd, 0xcc, 0x76, 0xa4, 0x56, 0xae, 0x4b, 0x34, + 0x3a, 0x81, 0x32, 0xc5, 0xb6, 0x43, 0xb1, 0xb5, 0xcc, 0xc2, 0x04, 0x53, 0x64, 0xae, 0x27, 0x40, + 0xf4, 0x25, 0x94, 0x28, 0xbe, 0xa6, 0x0e, 0xc3, 0x5a, 0x41, 0x70, 0x7c, 0x33, 0x93, 0x43, 0x58, + 0xeb, 0x31, 0x0c, 0x7d, 0x0c, 0x1b, 0xd7, 0x78, 0x10, 0x10, 0xeb, 0x15, 0x66, 0x46, 0xe8, 0x0f, + 0xa9, 0x69, 0x63, 0x4d, 0xdd, 0x55, 0xf6, 0xca, 0x7a, 0x3d, 0x19, 0xf8, 0x89, 0xec, 0x47, 0x07, + 0x50, 0x62, 0xce, 0x18, 0x93, 0x90, 0x69, 0x45, 0x31, 0xdd, 0x76, 0x4b, 0x9e, 0xff, 0x56, 0x7c, + 0xfe, 0x5b, 0xa7, 0xd1, 0xfd, 0xd0, 0x63, 0x4b, 0x74, 0xcc, 0x7d, 0x64, 0xd4, 0xc1, 0x81, 0x56, + 0x12, 0xa0, 0xcc, 0x03, 0x8c, 0x19, 0x9d, 0xea, 0x31, 0x08, 0x9d, 0x80, 0x7a, 0x69, 0x86, 0x2e, + 0xd3, 0xca, 0x02, 0xfd, 0x49, 0x06, 0xfa, 0x29, 0xb7, 0x7d, 0xe6, 0xfd, 0x0c, 0x5b, 0x32, 0xda, + 0x02, 0x8b, 0x8e, 0xa1, 0x38, 0x76, 0x28, 0x25, 0x54, 0xab, 0x64, 0xc6, 0x29, 0xbd, 0x59, 0x11, + 0x0a, 0x3d, 0x85, 0xaa, 0x45, 0x68, 0x60, 0xf8, 0xc4, 0x75, 0xac, 0xa9, 0x06, 0x82, 0xe4, 0xa3, + 0x05, 0x24, 0x27, 0x84, 0x06, 0xe7, 0xc2, 0x58, 0x07, 0x2b, 0xf9, 0x8d, 0x06, 0xb0, 0xce, 0xf3, + 0x83, 0x67, 0x1b, 0x23, 0x6c, 0xda, 0x98, 0x06, 0x5a, 0x55, 0x9c, 0xa2, 0x1f, 0x2c, 0x73, 0x8a, + 0x5a, 0x1d, 0x01, 0xed, 0x49, 0xe4, 0x13, 0x8f, 0xd1, 0x69, 0x37, 0xa7, 0x29, 0xfa, 0x9a, 0x99, + 0xee, 0x47, 0x9f, 0xc1, 0xbb, 0x14, 0x8f, 0xc9, 0x15, 0x36, 0x28, 0x0e, 0x7c, 0xe2, 0x05, 0x38, + 0x99, 0xac, 0xc6, 0x2f, 0xa5, 0xc0, 0xbc, 0x23, 0x4d, 0xf4, 0xc8, 0x22, 0xc6, 0xfe, 0x02, 0xde, + 0x8d, 0xfc, 0x9b, 0xc3, 0xae, 0x09, 0x47, 0xbf, 0x58, 0xc1, 0xd1, 0x5b, 0xe4, 0x33, 0x87, 0xdf, + 0x31, 0xef, 0x1a, 0x47, 0x87, 0xb0, 0x95, 0x38, 0x2e, 0xae, 0x5c, 0x32, 0xf7, 0x7a, 0xe2, 0xf7, + 0x66, 0xec, 0xb7, 0x30, 0x88, 0x91, 0x13, 0xd8, 0x4a, 0xdc, 0xbe, 0x89, 0x7c, 0x2c, 0xbc, 0x3e, + 0x5e, 0xc9, 0xeb, 0x34, 0xf5, 0xcc, 0xe9, 0x4d, 0xf3, 0x8e, 0x61, 0x74, 0x04, 0xa5, 0x78, 0xaa, + 0xba, 0x38, 0x14, 0xcd, 0x45, 0x53, 0x49, 0x4b, 0x3d, 0x86, 0x34, 0xbe, 0x04, 0x34, 0xbf, 0xa7, + 0xa8, 0x0e, 0xf9, 0x57, 0x78, 0x1a, 0xa5, 0x46, 0xfe, 0x93, 0xd7, 0x8c, 0x2b, 0xd3, 0x0d, 0x71, + 0x94, 0x18, 0x65, 0xe3, 0xb3, 0xdc, 0xa1, 0xd2, 0xe8, 0x41, 0xe3, 0xfe, 0x60, 0xaf, 0xc4, 0xf4, + 0x15, 0x6c, 0xdf, 0x1b, 0x80, 0x55, 0x88, 0x9a, 0xff, 0xcc, 0x43, 0x29, 0x0e, 0xcf, 0x0b, 0x7e, + 0xf9, 0x05, 0x9d, 0xc0, 0x56, 0xf7, 0x0f, 0xb2, 0xc3, 0x13, 0xfd, 0x3d, 0xf3, 0xb1, 0x4c, 0x25, + 0x81, 0x1e, 0x73, 0xa0, 0x33, 0x9e, 0x34, 0xe5, 0x3a, 0xc5, 0xbc, 0x0f, 0xe4, 0x4b, 0x48, 0x1a, + 0x7f, 0xce, 0x41, 0xfd, 0xf6, 0x30, 0xfa, 0x31, 0xe4, 0x79, 0x11, 0x92, 0x25, 0xe2, 0xe8, 0x01, + 0x13, 0xb4, 0xfa, 0x98, 0x89, 0xb8, 0xe9, 0x9c, 0x88, 0xf3, 0x99, 0xb6, 0x1d, 0xd5, 0x8b, 0x07, + 0xf1, 0x75, 0x6c, 0x3b, 0xe2, 0x33, 0x6d, 0x9b, 0xd7, 0x49, 0x79, 0x0b, 0x84, 0x22, 0xa8, 0xe8, + 0x51, 0xab, 0xf1, 0x29, 0x94, 0xe3, 0x89, 0x57, 0xda, 0xf9, 0x4f, 0xa1, 0x1c, 0x4f, 0xb0, 0xd2, + 0x46, 0xff, 0x5e, 0x81, 0x72, 0xac, 0x00, 0x78, 0x9a, 0x4e, 0x57, 0xd6, 0x4f, 0x16, 0xab, 0x06, + 0x51, 0x58, 0x3b, 0x8c, 0x51, 0x67, 0x10, 0x32, 0x1c, 0xc4, 0xb5, 0xb5, 0x73, 0xb3, 0xb6, 0x2e, + 0x2a, 0xcf, 0xf7, 0xd4, 0xd5, 0xe6, 0xef, 0xb8, 0x53, 0x91, 0x9a, 0x41, 0xdd, 0x9b, 0x4e, 0x7d, + 0x67, 0x01, 0xdf, 0xf3, 0xef, 0xfd, 0xf7, 0x7c, 0xfa, 0x93, 0x0a, 0xf5, 0xdb, 0x72, 0x02, 0x1d, + 0x42, 0x3e, 0xa4, 0x4e, 0x74, 0x2d, 0x16, 0xd5, 0xa3, 0x3e, 0xa3, 0x8e, 0x37, 0x94, 0x58, 0x0e, + 0xe1, 0xc5, 0x2c, 0xb0, 0x46, 0x78, 0x1c, 0xdf, 0x81, 0x65, 0xc1, 0x11, 0x4a, 0x14, 0x43, 0xcc, + 0x46, 0xc4, 0x8e, 0x84, 0xc7, 0xd2, 0x78, 0x89, 0x42, 0xa7, 0x50, 0x31, 0x43, 0x36, 0x22, 0xd4, + 0x61, 0xd3, 0x25, 0x74, 0x47, 0x9a, 0x62, 0x06, 0x44, 0xfa, 0x2c, 0x73, 0x4a, 0xa1, 0x79, 0xb8, + 0x82, 0x18, 0x6b, 0xa5, 0xb3, 0x53, 0x92, 0x4f, 0xb9, 0xaa, 0x14, 0x4a, 0x91, 0xab, 0x93, 0x35, + 0x29, 0x00, 0xd1, 0x00, 0xd6, 0x02, 0x12, 0x52, 0x0b, 0x1b, 0xae, 0x39, 0xc0, 0x2e, 0x57, 0x21, + 0x7c, 0xb6, 0xcf, 0x57, 0x99, 0xad, 0x2f, 0x08, 0x9e, 0x0b, 0xbc, 0x9c, 0xb2, 0x16, 0xa4, 0xba, + 0x6e, 0xa8, 0xf7, 0xf2, 0x4d, 0xf5, 0xde, 0x18, 0x40, 0x2d, 0x23, 0x95, 0x1e, 0xa5, 0x6f, 0xd8, + 0xf2, 0xb1, 0x4c, 0xdd, 0xe0, 0x2f, 0x60, 0x63, 0xce, 0xc5, 0x95, 0xae, 0xf2, 0xdf, 0x54, 0xd8, + 0xbc, 0x4b, 0xad, 0xa2, 0x1e, 0x54, 0xed, 0x59, 0x73, 0x89, 0xd3, 0x9a, 0x3e, 0xfe, 0x69, 0x28, + 0xcf, 0x5a, 0xd7, 0xd8, 0x19, 0x8e, 0xa4, 0xba, 0x57, 0xf5, 0xa8, 0xb5, 0x48, 0xae, 0xe4, 0xb3, + 0xe4, 0xca, 0x6f, 0x94, 0xfb, 0xf5, 0x8a, 0xfc, 0xe8, 0xf9, 0xd1, 0x8a, 0xf2, 0xfc, 0xad, 0x4b, + 0x17, 0x35, 0x43, 0xba, 0xfc, 0x52, 0xb9, 0x57, 0xbb, 0x14, 0xc5, 0x0a, 0x9e, 0x3d, 0x74, 0x05, + 0x0f, 0x94, 0x31, 0xa5, 0xd5, 0x65, 0xcc, 0xff, 0xa1, 0x08, 0x61, 0x50, 0xff, 0xdf, 0x9f, 0xe5, + 0xe6, 0x5f, 0x72, 0xb0, 0x31, 0x57, 0x48, 0x50, 0x1b, 0xbe, 0x96, 0x02, 0x1b, 0x41, 0x38, 0xf0, + 0x70, 0xf2, 0xfd, 0x8f, 0x52, 0x43, 0x7d, 0x39, 0x92, 0xa4, 0xb1, 0x5c, 0x2a, 0x8d, 0x7d, 0x98, + 0xa4, 0x31, 0x89, 0x17, 0xb9, 0xbb, 0x12, 0xe7, 0x21, 0x89, 0x44, 0xd6, 0xed, 0x5c, 0x57, 0xc8, + 0x94, 0xbf, 0x73, 0xee, 0xae, 0x94, 0xec, 0xd4, 0x5b, 0xc9, 0xee, 0x3f, 0x4e, 0x44, 0xff, 0xc8, + 0x01, 0x9a, 0xd7, 0x07, 0xe8, 0x3d, 0xa8, 0x04, 0x9e, 0x63, 0xa4, 0x1f, 0x4e, 0xca, 0x81, 0xe7, + 0xf4, 0xc4, 0xdb, 0xc9, 0x3d, 0xf1, 0xcd, 0x65, 0xc6, 0x37, 0xbf, 0x28, 0xbe, 0x85, 0x3b, 0xe2, + 0x6b, 0xdf, 0x8e, 0xaf, 0x9a, 0xf9, 0x51, 0x34, 0xbf, 0x98, 0x95, 0x02, 0x5c, 0x7c, 0xdb, 0x01, + 0x3e, 0x86, 0x5a, 0xfa, 0x31, 0x81, 0x63, 0x63, 0x19, 0x52, 0x91, 0xf2, 0xe2, 0xfd, 0x74, 0x79, + 0x97, 0xf8, 0x59, 0x47, 0xf3, 0x73, 0xa8, 0xa6, 0x1e, 0x12, 0x56, 0x86, 0x63, 0xa8, 0xa6, 0x6a, + 0x18, 0xda, 0x02, 0x15, 0x4f, 0x4c, 0x2b, 0x7a, 0x07, 0xea, 0x3d, 0xd2, 0x65, 0x13, 0x69, 0x50, + 0xf4, 0x29, 0xbe, 0x74, 0x26, 0x92, 0xa1, 0xf7, 0x48, 0x8f, 0xda, 0x1c, 0x41, 0xf1, 0x10, 0x4f, + 0xe4, 0xf9, 0xe7, 0x08, 0xd1, 0xec, 0xd6, 0x00, 0x84, 0x5e, 0x33, 0xd8, 0xd4, 0xc7, 0xcd, 0x5f, + 0x2b, 0xd1, 0xab, 0x0f, 0xe6, 0xf1, 0x69, 0x40, 0xd9, 0x64, 0x0c, 0x8f, 0x7d, 0x71, 0x78, 0xf8, + 0x85, 0x4d, 0xda, 0xa8, 0x03, 0x8f, 0x7d, 0x4c, 0x0d, 0x46, 0xa7, 0x46, 0xfc, 0xb6, 0x91, 0xcb, + 0x7a, 0xdb, 0x58, 0xf3, 0x31, 0xbd, 0xa0, 0xd3, 0x8b, 0xe8, 0x85, 0x63, 0x9b, 0x7f, 0x95, 0x70, + 0x02, 0xe2, 0x45, 0xb7, 0x52, 0x3c, 0x5e, 0x4c, 0xcf, 0xbc, 0xe6, 0x1f, 0x73, 0x00, 0xb3, 0xa7, + 0x00, 0xf4, 0x01, 0xd4, 0x4c, 0xd7, 0x25, 0xd7, 0x06, 0xa1, 0xce, 0xd0, 0xf1, 0xa2, 0x93, 0x5c, + 0x15, 0x7d, 0x67, 0xa2, 0x8b, 0x9f, 0x43, 0x69, 0x22, 0xc5, 0x56, 0x7c, 0x8c, 0x25, 0xee, 0x85, + 0xec, 0x9b, 0x19, 0xdd, 0xa8, 0x94, 0x91, 0x51, 0x9c, 0xd3, 0x3f, 0x82, 0x75, 0x3c, 0xf1, 0xc9, + 0xad, 0x92, 0x58, 0xd1, 0xd7, 0x64, 0x6f, 0x6c, 0xb6, 0x0f, 0xa5, 0xb1, 0x39, 0x31, 0xcc, 0xa1, + 0x7c, 0xf7, 0x59, 0xb8, 0xf0, 0xe2, 0xd8, 0x9c, 0x74, 0x86, 0x18, 0x7d, 0x05, 0x1b, 0x72, 0x7e, + 0x8b, 0x62, 0x1b, 0x7b, 0xcc, 0x31, 0xdd, 0x20, 0x7a, 0x12, 0x6a, 0xcc, 0xa1, 0xbb, 0x84, 0xb8, + 0x2f, 0xf9, 0xf9, 0xd3, 0xeb, 0x02, 0x74, 0x32, 0xc3, 0x34, 0xff, 0xa0, 0x02, 0x9a, 0x7f, 0xb5, + 0x41, 0xcf, 0x40, 0xb5, 0xb1, 0x6b, 0x4e, 0x97, 0xf9, 0x68, 0x9c, 0x43, 0xb7, 0x4e, 0x39, 0x54, + 0x97, 0x0c, 0x9c, 0xca, 0x1c, 0xc4, 0xc9, 0x74, 0x65, 0xaa, 0x0e, 0x87, 0xea, 0x92, 0xa1, 0xf1, + 0xab, 0x1c, 0xa8, 0x82, 0x1b, 0xbd, 0x0f, 0x25, 0x1f, 0x53, 0x0b, 0x7b, 0xf2, 0xe0, 0xaa, 0xa2, + 0xb2, 0xc6, 0x5d, 0xe8, 0x08, 0xaa, 0x97, 0xce, 0x04, 0xdb, 0x86, 0x5c, 0x43, 0xd6, 0x71, 0xea, + 0x3d, 0xd2, 0x41, 0xd8, 0x4b, 0xee, 0x1e, 0x6c, 0xf0, 0x0d, 0xf2, 0x64, 0x88, 0x22, 0x8e, 0x7c, + 0x36, 0x47, 0x3d, 0x85, 0x92, 0x4c, 0x5d, 0x80, 0xc8, 0xa5, 0xd9, 0xe6, 0x2e, 0xaa, 0xeb, 0xe7, + 0xd2, 0x58, 0x4f, 0xa1, 0xba, 0x1b, 0xf0, 0x78, 0xc4, 0x98, 0x2f, 0xdd, 0x10, 0x77, 0xab, 0xf1, + 0x5a, 0x01, 0x55, 0xc4, 0x25, 0x23, 0x0c, 0x1f, 0x40, 0x55, 0x40, 0x03, 0x66, 0xb2, 0x30, 0x90, + 0x95, 0x92, 0xaf, 0x95, 0x77, 0xf6, 0x45, 0x1f, 0x37, 0x19, 0x52, 0xdf, 0x8a, 0x4d, 0xe2, 0x2b, + 0x0d, 0xbc, 0x73, 0x66, 0xc2, 0x01, 0xfb, 0x06, 0x16, 0xcf, 0x77, 0x85, 0xd8, 0x44, 0x74, 0x3e, + 0x11, 0x8f, 0x73, 0x6f, 0x63, 0x9d, 0x35, 0x00, 0x31, 0x81, 0x4c, 0x1f, 0x4f, 0xa1, 0x96, 0x7e, + 0x4a, 0xe6, 0xe9, 0xc8, 0x0b, 0xc7, 0x03, 0x4c, 0xc5, 0x3a, 0xd7, 0x78, 0x3a, 0x92, 0x6d, 0xb4, + 0x09, 0x05, 0xcf, 0x8c, 0xbe, 0xc4, 0xb8, 0x5f, 0xa2, 0xd5, 0x2d, 0xca, 0x02, 0xd3, 0xfc, 0x3a, + 0x94, 0xa2, 0xc9, 0x66, 0x19, 0x99, 0x33, 0x28, 0x51, 0x46, 0xee, 0xb6, 0xfe, 0xfa, 0x66, 0x47, + 0xf9, 0xfb, 0x9b, 0x1d, 0xe5, 0xf5, 0x9b, 0x1d, 0xe5, 0xa7, 0xbb, 0xd2, 0x67, 0x87, 0xb4, 0x4d, + 0xdf, 0x69, 0xdf, 0xf1, 0x0f, 0x8c, 0x41, 0x51, 0xec, 0xfc, 0xc1, 0xbf, 0x03, 0x00, 0x00, 0xff, + 0xff, 0x3d, 0x3a, 0x29, 0x1e, 0xde, 0x18, 0x00, 0x00, } diff --git a/networking/v1alpha3/virtual_service.proto b/networking/v1alpha3/virtual_service.proto index 9efd014cea..925cd58bcd 100644 --- a/networking/v1alpha3/virtual_service.proto +++ b/networking/v1alpha3/virtual_service.proto @@ -16,7 +16,6 @@ syntax = "proto3"; import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; -import "networking/v1alpha3/sidecar.proto"; // $title: Traffic Routing // $description: Configuration affecting traffic routing. @@ -177,11 +176,20 @@ message VirtualService { // matching an incoming request is used. repeated TCPRoute tcp = 4; - // The visibility setting associated with this VirtualService. Set to - // PRIVATE if this virtual service should not be exported, i.e. restrict - // the applicability of this virtual service to only workloads in the same - // namespace as the virtual service. - ConfigScope config_scope = 6; + // $hide_from_docs + // A list of namespaces to which this virtual service is exported. Exporting a + // virtual service allows it to used by sidecars and gateways defined in + // other namespaces. This feature provides a mechanism for service owners + // and mesh administrators to control the visibility of virtual services + // across namespace boundaries. + // + // If no namespaces are specified then the virtual service is exported to all + // namespaces by default. + // + // The value "." is reserved and defines an export to the same namespace that + // the virtual service is declared in, similarly the value "*" is reserved and + // defines an export to all namespaces. + repeated string export_to = 6; } // Destination indicates the network addressable service to which the diff --git a/proto.lock b/proto.lock index 8ec68701a8..c0b4dd150f 100644 --- a/proto.lock +++ b/proto.lock @@ -958,11 +958,6 @@ "type": "ConfigSource", "is_repeated": true }, - { - "id": 31, - "name": "locality_lb_setting", - "type": "LocalityLoadBalancerSetting" - }, { "id": 23, "name": "enable_sds_token_mount", @@ -977,6 +972,34 @@ "id": 26, "name": "trust_domain", "type": "string" + }, + { + "id": 31, + "name": "default_service_export_to", + "type": "string", + "is_repeated": true + }, + { + "id": 32, + "name": "default_virtual_service_export_to", + "type": "string", + "is_repeated": true + }, + { + "id": 33, + "name": "default_destination_rule_export_to", + "type": "string", + "is_repeated": true + }, + { + "id": 34, + "name": "root_namespace", + "type": "string" + }, + { + "id": 35, + "name": "locality_lb_setting", + "type": "LocalityLoadBalancerSetting" } ], "reserved_ids": [ @@ -2655,8 +2678,9 @@ }, { "id": 4, - "name": "config_scope", - "type": "ConfigScope" + "name": "export_to", + "type": "string", + "is_repeated": true } ] }, @@ -3410,8 +3434,9 @@ }, { "id": 7, - "name": "config_scope", - "type": "ConfigScope" + "name": "export_to", + "type": "string", + "is_repeated": true } ], "messages": [ @@ -3467,19 +3492,6 @@ "protopath": "networking:/:v1alpha3:/:sidecar.proto", "def": { "enums": [ - { - "name": "ConfigScope", - "enum_fields": [ - { - "name": "PUBLIC", - "integer": 0 - }, - { - "name": "PRIVATE", - "integer": 1 - } - ] - }, { "name": "CaptureMode", "enum_fields": [ @@ -3627,8 +3639,9 @@ }, { "id": 6, - "name": "config_scope", - "type": "ConfigScope" + "name": "export_to", + "type": "string", + "is_repeated": true } ] }, diff --git a/python/istio_api/mesh/v1alpha1/config_pb2.py b/python/istio_api/mesh/v1alpha1/config_pb2.py index 54e8726de4..b8d0290a1b 100644 --- a/python/istio_api/mesh/v1alpha1/config_pb2.py +++ b/python/istio_api/mesh/v1alpha1/config_pb2.py @@ -22,7 +22,7 @@ name='mesh/v1alpha1/config.proto', package='istio.mesh.v1alpha1', syntax='proto3', - serialized_pb=_b('\n\x1amesh/v1alpha1/config.proto\x12\x13istio.mesh.v1alpha1\x1a\x1egoogle/protobuf/duration.proto\x1a\x19mesh/v1alpha1/proxy.proto\x1a*networking/v1alpha3/destination_rule.proto\"\xe5\x0c\n\nMeshConfig\x12\x1a\n\x12mixer_check_server\x18\x01 \x01(\t\x12\x1b\n\x13mixer_report_server\x18\x02 \x01(\t\x12\x1d\n\x15\x64isable_policy_checks\x18\x03 \x01(\x08\x12\x1e\n\x16policy_check_fail_open\x18\x19 \x01(\x08\x12-\n%sidecar_to_telemetry_session_affinity\x18\x1e \x01(\x08\x12\x19\n\x11proxy_listen_port\x18\x04 \x01(\x05\x12\x17\n\x0fproxy_http_port\x18\x05 \x01(\x05\x12\x32\n\x0f\x63onnect_timeout\x18\x06 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x61\n\rtcp_keepalive\x18\x1c \x01(\x0b\x32J.istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive\x12\x15\n\ringress_class\x18\x07 \x01(\t\x12\x17\n\x0fingress_service\x18\x08 \x01(\t\x12V\n\x17ingress_controller_mode\x18\t \x01(\x0e\x32\x35.istio.mesh.v1alpha1.MeshConfig.IngressControllerMode\x12\x43\n\x0b\x61uth_policy\x18\n \x01(\x0e\x32*.istio.mesh.v1alpha1.MeshConfig.AuthPolicyB\x02\x18\x01\x12\x38\n\x11rds_refresh_delay\x18\x0b \x01(\x0b\x32\x19.google.protobuf.DurationB\x02\x18\x01\x12\x16\n\x0e\x65nable_tracing\x18\x0c \x01(\x08\x12\x17\n\x0f\x61\x63\x63\x65ss_log_file\x18\r \x01(\t\x12\x19\n\x11\x61\x63\x63\x65ss_log_format\x18\x18 \x01(\t\x12N\n\x13\x61\x63\x63\x65ss_log_encoding\x18\x1b \x01(\x0e\x32\x31.istio.mesh.v1alpha1.MeshConfig.AccessLogEncoding\x12\x38\n\x0e\x64\x65\x66\x61ult_config\x18\x0e \x01(\x0b\x32 .istio.mesh.v1alpha1.ProxyConfig\x12\x19\n\rmixer_address\x18\x10 \x01(\tB\x02\x18\x01\x12V\n\x17outbound_traffic_policy\x18\x11 \x01(\x0b\x32\x35.istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy\x12\'\n\x1f\x65nable_client_side_policy_check\x18\x13 \x01(\x08\x12\x14\n\x0csds_uds_path\x18\x14 \x01(\t\x12\x38\n\x11sds_refresh_delay\x18\x15 \x01(\x0b\x32\x19.google.protobuf.DurationB\x02\x18\x01\x12\x39\n\x0e\x63onfig_sources\x18\x16 \x03(\x0b\x32!.istio.mesh.v1alpha1.ConfigSource\x12M\n\x13locality_lb_setting\x18\x1f \x01(\x0b\x32\x30.istio.mesh.v1alpha1.LocalityLoadBalancerSetting\x12\x1e\n\x16\x65nable_sds_token_mount\x18\x17 \x01(\x08\x12\x1a\n\x12sds_use_k8s_sa_jwt\x18\x1d \x01(\x08\x12\x14\n\x0ctrust_domain\x18\x1a \x01(\t\x1a\xa7\x01\n\x15OutboundTrafficPolicy\x12H\n\x04mode\x18\x01 \x01(\x0e\x32:.istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy.Mode\"D\n\x04Mode\x12\x11\n\rREGISTRY_ONLY\x10\x00\x12\r\n\tALLOW_ANY\x10\x01\"\x04\x08\x02\x10\x02*\x14VIRTUAL_SERVICE_ONLY\"9\n\x15IngressControllerMode\x12\x07\n\x03OFF\x10\x00\x12\x0b\n\x07\x44\x45\x46\x41ULT\x10\x01\x12\n\n\x06STRICT\x10\x02\"&\n\nAuthPolicy\x12\x08\n\x04NONE\x10\x00\x12\x0e\n\nMUTUAL_TLS\x10\x01\"\'\n\x11\x41\x63\x63\x65ssLogEncoding\x12\x08\n\x04TEXT\x10\x00\x12\x08\n\x04JSON\x10\x01J\x04\x08\x0f\x10\x10J\x04\x08\x12\x10\x13\"]\n\x0c\x43onfigSource\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12<\n\x0ctls_settings\x18\x02 \x01(\x0b\x32&.istio.networking.v1alpha3.TLSSettings\"\xfa\x02\n\x1bLocalityLoadBalancerSetting\x12O\n\ndistribute\x18\x01 \x03(\x0b\x32;.istio.mesh.v1alpha1.LocalityLoadBalancerSetting.Distribute\x12K\n\x08\x66\x61ilover\x18\x02 \x03(\x0b\x32\x39.istio.mesh.v1alpha1.LocalityLoadBalancerSetting.Failover\x1a\x96\x01\n\nDistribute\x12\x0c\n\x04\x66rom\x18\x01 \x01(\t\x12O\n\x02to\x18\x02 \x03(\x0b\x32\x43.istio.mesh.v1alpha1.LocalityLoadBalancerSetting.Distribute.ToEntry\x1a)\n\x07ToEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\r:\x02\x38\x01\x1a$\n\x08\x46\x61ilover\x12\x0c\n\x04\x66rom\x18\x01 \x01(\t\x12\n\n\x02to\x18\x02 \x01(\tB\x1cZ\x1aistio.io/api/mesh/v1alpha1b\x06proto3') + serialized_pb=_b('\n\x1amesh/v1alpha1/config.proto\x12\x13istio.mesh.v1alpha1\x1a\x1egoogle/protobuf/duration.proto\x1a\x19mesh/v1alpha1/proxy.proto\x1a*networking/v1alpha3/destination_rule.proto\"\xf7\r\n\nMeshConfig\x12\x1a\n\x12mixer_check_server\x18\x01 \x01(\t\x12\x1b\n\x13mixer_report_server\x18\x02 \x01(\t\x12\x1d\n\x15\x64isable_policy_checks\x18\x03 \x01(\x08\x12\x1e\n\x16policy_check_fail_open\x18\x19 \x01(\x08\x12-\n%sidecar_to_telemetry_session_affinity\x18\x1e \x01(\x08\x12\x19\n\x11proxy_listen_port\x18\x04 \x01(\x05\x12\x17\n\x0fproxy_http_port\x18\x05 \x01(\x05\x12\x32\n\x0f\x63onnect_timeout\x18\x06 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x61\n\rtcp_keepalive\x18\x1c \x01(\x0b\x32J.istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive\x12\x15\n\ringress_class\x18\x07 \x01(\t\x12\x17\n\x0fingress_service\x18\x08 \x01(\t\x12V\n\x17ingress_controller_mode\x18\t \x01(\x0e\x32\x35.istio.mesh.v1alpha1.MeshConfig.IngressControllerMode\x12\x43\n\x0b\x61uth_policy\x18\n \x01(\x0e\x32*.istio.mesh.v1alpha1.MeshConfig.AuthPolicyB\x02\x18\x01\x12\x38\n\x11rds_refresh_delay\x18\x0b \x01(\x0b\x32\x19.google.protobuf.DurationB\x02\x18\x01\x12\x16\n\x0e\x65nable_tracing\x18\x0c \x01(\x08\x12\x17\n\x0f\x61\x63\x63\x65ss_log_file\x18\r \x01(\t\x12\x19\n\x11\x61\x63\x63\x65ss_log_format\x18\x18 \x01(\t\x12N\n\x13\x61\x63\x63\x65ss_log_encoding\x18\x1b \x01(\x0e\x32\x31.istio.mesh.v1alpha1.MeshConfig.AccessLogEncoding\x12\x38\n\x0e\x64\x65\x66\x61ult_config\x18\x0e \x01(\x0b\x32 .istio.mesh.v1alpha1.ProxyConfig\x12\x19\n\rmixer_address\x18\x10 \x01(\tB\x02\x18\x01\x12V\n\x17outbound_traffic_policy\x18\x11 \x01(\x0b\x32\x35.istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy\x12\'\n\x1f\x65nable_client_side_policy_check\x18\x13 \x01(\x08\x12\x14\n\x0csds_uds_path\x18\x14 \x01(\t\x12\x38\n\x11sds_refresh_delay\x18\x15 \x01(\x0b\x32\x19.google.protobuf.DurationB\x02\x18\x01\x12\x39\n\x0e\x63onfig_sources\x18\x16 \x03(\x0b\x32!.istio.mesh.v1alpha1.ConfigSource\x12\x1e\n\x16\x65nable_sds_token_mount\x18\x17 \x01(\x08\x12\x1a\n\x12sds_use_k8s_sa_jwt\x18\x1d \x01(\x08\x12\x14\n\x0ctrust_domain\x18\x1a \x01(\t\x12!\n\x19\x64\x65\x66\x61ult_service_export_to\x18\x1f \x03(\t\x12)\n!default_virtual_service_export_to\x18 \x03(\t\x12*\n\"default_destination_rule_export_to\x18! \x03(\t\x12\x16\n\x0eroot_namespace\x18\" \x01(\t\x12M\n\x13locality_lb_setting\x18# \x01(\x0b\x32\x30.istio.mesh.v1alpha1.LocalityLoadBalancerSetting\x1a\xa7\x01\n\x15OutboundTrafficPolicy\x12H\n\x04mode\x18\x01 \x01(\x0e\x32:.istio.mesh.v1alpha1.MeshConfig.OutboundTrafficPolicy.Mode\"D\n\x04Mode\x12\x11\n\rREGISTRY_ONLY\x10\x00\x12\r\n\tALLOW_ANY\x10\x01\"\x04\x08\x02\x10\x02*\x14VIRTUAL_SERVICE_ONLY\"9\n\x15IngressControllerMode\x12\x07\n\x03OFF\x10\x00\x12\x0b\n\x07\x44\x45\x46\x41ULT\x10\x01\x12\n\n\x06STRICT\x10\x02\"&\n\nAuthPolicy\x12\x08\n\x04NONE\x10\x00\x12\x0e\n\nMUTUAL_TLS\x10\x01\"\'\n\x11\x41\x63\x63\x65ssLogEncoding\x12\x08\n\x04TEXT\x10\x00\x12\x08\n\x04JSON\x10\x01J\x04\x08\x0f\x10\x10J\x04\x08\x12\x10\x13\"]\n\x0c\x43onfigSource\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12<\n\x0ctls_settings\x18\x02 \x01(\x0b\x32&.istio.networking.v1alpha3.TLSSettings\"\xfa\x02\n\x1bLocalityLoadBalancerSetting\x12O\n\ndistribute\x18\x01 \x03(\x0b\x32;.istio.mesh.v1alpha1.LocalityLoadBalancerSetting.Distribute\x12K\n\x08\x66\x61ilover\x18\x02 \x03(\x0b\x32\x39.istio.mesh.v1alpha1.LocalityLoadBalancerSetting.Failover\x1a\x96\x01\n\nDistribute\x12\x0c\n\x04\x66rom\x18\x01 \x01(\t\x12O\n\x02to\x18\x02 \x03(\x0b\x32\x43.istio.mesh.v1alpha1.LocalityLoadBalancerSetting.Distribute.ToEntry\x1a)\n\x07ToEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\r:\x02\x38\x01\x1a$\n\x08\x46\x61ilover\x12\x0c\n\x04\x66rom\x18\x01 \x01(\t\x12\n\n\x02to\x18\x02 \x01(\tB\x1cZ\x1aistio.io/api/mesh/v1alpha1b\x06proto3') , dependencies=[google_dot_protobuf_dot_duration__pb2.DESCRIPTOR,mesh_dot_v1alpha1_dot_proxy__pb2.DESCRIPTOR,networking_dot_v1alpha3_dot_destination__rule__pb2.DESCRIPTOR,]) @@ -45,8 +45,8 @@ ], containing_type=None, options=None, - serialized_start=1572, - serialized_end=1640, + serialized_start=1718, + serialized_end=1786, ) _sym_db.RegisterEnumDescriptor(_MESHCONFIG_OUTBOUNDTRAFFICPOLICY_MODE) @@ -71,8 +71,8 @@ ], containing_type=None, options=None, - serialized_start=1642, - serialized_end=1699, + serialized_start=1788, + serialized_end=1845, ) _sym_db.RegisterEnumDescriptor(_MESHCONFIG_INGRESSCONTROLLERMODE) @@ -93,8 +93,8 @@ ], containing_type=None, options=None, - serialized_start=1701, - serialized_end=1739, + serialized_start=1847, + serialized_end=1885, ) _sym_db.RegisterEnumDescriptor(_MESHCONFIG_AUTHPOLICY) @@ -115,8 +115,8 @@ ], containing_type=None, options=None, - serialized_start=1741, - serialized_end=1780, + serialized_start=1887, + serialized_end=1926, ) _sym_db.RegisterEnumDescriptor(_MESHCONFIG_ACCESSLOGENCODING) @@ -148,8 +148,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1473, - serialized_end=1640, + serialized_start=1619, + serialized_end=1786, ) _MESHCONFIG = _descriptor.Descriptor( @@ -335,33 +335,61 @@ is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='locality_lb_setting', full_name='istio.mesh.v1alpha1.MeshConfig.locality_lb_setting', index=25, - number=31, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None, file=DESCRIPTOR), - _descriptor.FieldDescriptor( - name='enable_sds_token_mount', full_name='istio.mesh.v1alpha1.MeshConfig.enable_sds_token_mount', index=26, + name='enable_sds_token_mount', full_name='istio.mesh.v1alpha1.MeshConfig.enable_sds_token_mount', index=25, number=23, type=8, cpp_type=7, label=1, has_default_value=False, default_value=False, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='sds_use_k8s_sa_jwt', full_name='istio.mesh.v1alpha1.MeshConfig.sds_use_k8s_sa_jwt', index=27, + name='sds_use_k8s_sa_jwt', full_name='istio.mesh.v1alpha1.MeshConfig.sds_use_k8s_sa_jwt', index=26, number=29, type=8, cpp_type=7, label=1, has_default_value=False, default_value=False, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='trust_domain', full_name='istio.mesh.v1alpha1.MeshConfig.trust_domain', index=28, + name='trust_domain', full_name='istio.mesh.v1alpha1.MeshConfig.trust_domain', index=27, number=26, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='default_service_export_to', full_name='istio.mesh.v1alpha1.MeshConfig.default_service_export_to', index=28, + number=31, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='default_virtual_service_export_to', full_name='istio.mesh.v1alpha1.MeshConfig.default_virtual_service_export_to', index=29, + number=32, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='default_destination_rule_export_to', full_name='istio.mesh.v1alpha1.MeshConfig.default_destination_rule_export_to', index=30, + number=33, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='root_namespace', full_name='istio.mesh.v1alpha1.MeshConfig.root_namespace', index=31, + number=34, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='locality_lb_setting', full_name='istio.mesh.v1alpha1.MeshConfig.locality_lb_setting', index=32, + number=35, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -378,7 +406,7 @@ oneofs=[ ], serialized_start=155, - serialized_end=1792, + serialized_end=1938, ) @@ -415,8 +443,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1794, - serialized_end=1887, + serialized_start=1940, + serialized_end=2033, ) @@ -453,8 +481,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2189, - serialized_end=2230, + serialized_start=2335, + serialized_end=2376, ) _LOCALITYLOADBALANCERSETTING_DISTRIBUTE = _descriptor.Descriptor( @@ -490,8 +518,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2080, - serialized_end=2230, + serialized_start=2226, + serialized_end=2376, ) _LOCALITYLOADBALANCERSETTING_FAILOVER = _descriptor.Descriptor( @@ -527,8 +555,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2232, - serialized_end=2268, + serialized_start=2378, + serialized_end=2414, ) _LOCALITYLOADBALANCERSETTING = _descriptor.Descriptor( @@ -564,8 +592,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1890, - serialized_end=2268, + serialized_start=2036, + serialized_end=2414, ) _MESHCONFIG_OUTBOUNDTRAFFICPOLICY.fields_by_name['mode'].enum_type = _MESHCONFIG_OUTBOUNDTRAFFICPOLICY_MODE diff --git a/python/istio_api/networking/v1alpha3/destination_rule_pb2.py b/python/istio_api/networking/v1alpha3/destination_rule_pb2.py index 3a54fdf1f0..0ce0d8c602 100644 --- a/python/istio_api/networking/v1alpha3/destination_rule_pb2.py +++ b/python/istio_api/networking/v1alpha3/destination_rule_pb2.py @@ -15,7 +15,6 @@ from google.protobuf import duration_pb2 as google_dot_protobuf_dot_duration__pb2 from networking.v1alpha3 import virtual_service_pb2 as networking_dot_v1alpha3_dot_virtual__service__pb2 -from networking.v1alpha3 import sidecar_pb2 as networking_dot_v1alpha3_dot_sidecar__pb2 from gogoproto import gogo_pb2 as gogoproto_dot_gogo__pb2 @@ -23,9 +22,9 @@ name='networking/v1alpha3/destination_rule.proto', package='istio.networking.v1alpha3', syntax='proto3', - serialized_pb=_b('\n*networking/v1alpha3/destination_rule.proto\x12\x19istio.networking.v1alpha3\x1a\x1egoogle/protobuf/duration.proto\x1a)networking/v1alpha3/virtual_service.proto\x1a!networking/v1alpha3/sidecar.proto\x1a\x14gogoproto/gogo.proto\"\xd3\x01\n\x0f\x44\x65stinationRule\x12\x0c\n\x04host\x18\x01 \x01(\t\x12@\n\x0etraffic_policy\x18\x02 \x01(\x0b\x32(.istio.networking.v1alpha3.TrafficPolicy\x12\x32\n\x07subsets\x18\x03 \x03(\x0b\x32!.istio.networking.v1alpha3.Subset\x12<\n\x0c\x63onfig_scope\x18\x04 \x01(\x0e\x32&.istio.networking.v1alpha3.ConfigScope\"\xd7\x05\n\rTrafficPolicy\x12\x46\n\rload_balancer\x18\x01 \x01(\x0b\x32/.istio.networking.v1alpha3.LoadBalancerSettings\x12J\n\x0f\x63onnection_pool\x18\x02 \x01(\x0b\x32\x31.istio.networking.v1alpha3.ConnectionPoolSettings\x12\x46\n\x11outlier_detection\x18\x03 \x01(\x0b\x32+.istio.networking.v1alpha3.OutlierDetection\x12\x33\n\x03tls\x18\x04 \x01(\x0b\x32&.istio.networking.v1alpha3.TLSSettings\x12W\n\x13port_level_settings\x18\x05 \x03(\x0b\x32:.istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy\x1a\xdb\x02\n\x11PortTrafficPolicy\x12\x35\n\x04port\x18\x01 \x01(\x0b\x32\'.istio.networking.v1alpha3.PortSelector\x12\x46\n\rload_balancer\x18\x02 \x01(\x0b\x32/.istio.networking.v1alpha3.LoadBalancerSettings\x12J\n\x0f\x63onnection_pool\x18\x03 \x01(\x0b\x32\x31.istio.networking.v1alpha3.ConnectionPoolSettings\x12\x46\n\x11outlier_detection\x18\x04 \x01(\x0b\x32+.istio.networking.v1alpha3.OutlierDetection\x12\x33\n\x03tls\x18\x05 \x01(\x0b\x32&.istio.networking.v1alpha3.TLSSettings\"\xc6\x01\n\x06Subset\x12\x0c\n\x04name\x18\x01 \x01(\t\x12=\n\x06labels\x18\x02 \x03(\x0b\x32-.istio.networking.v1alpha3.Subset.LabelsEntry\x12@\n\x0etraffic_policy\x18\x03 \x01(\x0b\x32(.istio.networking.v1alpha3.TrafficPolicy\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xc3\x04\n\x14LoadBalancerSettings\x12J\n\x06simple\x18\x01 \x01(\x0e\x32\x38.istio.networking.v1alpha3.LoadBalancerSettings.SimpleLBH\x00\x12[\n\x0f\x63onsistent_hash\x18\x02 \x01(\x0b\x32@.istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLBH\x00\x1a\xaa\x02\n\x10\x43onsistentHashLB\x12\x1a\n\x10http_header_name\x18\x01 \x01(\tH\x00\x12\x62\n\x0bhttp_cookie\x18\x02 \x01(\x0b\x32K.istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookieH\x00\x12\x17\n\ruse_source_ip\x18\x03 \x01(\x08H\x00\x12\x19\n\x11minimum_ring_size\x18\x04 \x01(\x04\x1aV\n\nHTTPCookie\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0c\n\x04path\x18\x02 \x01(\t\x12,\n\x03ttl\x18\x03 \x01(\x0b\x32\x19.google.protobuf.DurationB\x04\x98\xdf\x1f\x01\x42\n\n\x08hash_key\"H\n\x08SimpleLB\x12\x0f\n\x0bROUND_ROBIN\x10\x00\x12\x0e\n\nLEAST_CONN\x10\x01\x12\n\n\x06RANDOM\x10\x02\x12\x0f\n\x0bPASSTHROUGH\x10\x03\x42\x0b\n\tlb_policy\"\xf3\x04\n\x16\x43onnectionPoolSettings\x12J\n\x03tcp\x18\x01 \x01(\x0b\x32=.istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings\x12L\n\x04http\x18\x02 \x01(\x0b\x32>.istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings\x1a\xb3\x02\n\x0bTCPSettings\x12\x17\n\x0fmax_connections\x18\x01 \x01(\x05\x12\x32\n\x0f\x63onnect_timeout\x18\x02 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x61\n\rtcp_keepalive\x18\x03 \x01(\x0b\x32J.istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive\x1at\n\x0cTcpKeepalive\x12\x0e\n\x06probes\x18\x01 \x01(\r\x12\'\n\x04time\x18\x02 \x01(\x0b\x32\x19.google.protobuf.Duration\x12+\n\x08interval\x18\x03 \x01(\x0b\x32\x19.google.protobuf.Duration\x1a\x88\x01\n\x0cHTTPSettings\x12\"\n\x1ahttp1_max_pending_requests\x18\x01 \x01(\x05\x12\x1a\n\x12http2_max_requests\x18\x02 \x01(\x05\x12#\n\x1bmax_requests_per_connection\x18\x03 \x01(\x05\x12\x13\n\x0bmax_retries\x18\x04 \x01(\x05\"\xcc\x01\n\x10OutlierDetection\x12\x1a\n\x12\x63onsecutive_errors\x18\x01 \x01(\x05\x12+\n\x08interval\x18\x02 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x35\n\x12\x62\x61se_ejection_time\x18\x03 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x1c\n\x14max_ejection_percent\x18\x04 \x01(\x05\x12\x1a\n\x12min_health_percent\x18\x05 \x01(\x05\"\xff\x01\n\x0bTLSSettings\x12<\n\x04mode\x18\x01 \x01(\x0e\x32..istio.networking.v1alpha3.TLSSettings.TLSmode\x12\x1a\n\x12\x63lient_certificate\x18\x02 \x01(\t\x12\x13\n\x0bprivate_key\x18\x03 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x04 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x05 \x03(\t\x12\x0b\n\x03sni\x18\x06 \x01(\t\"@\n\x07TLSmode\x12\x0b\n\x07\x44ISABLE\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x10\n\x0cISTIO_MUTUAL\x10\x03\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3') + serialized_pb=_b('\n*networking/v1alpha3/destination_rule.proto\x12\x19istio.networking.v1alpha3\x1a\x1egoogle/protobuf/duration.proto\x1a)networking/v1alpha3/virtual_service.proto\x1a\x14gogoproto/gogo.proto\"\xa8\x01\n\x0f\x44\x65stinationRule\x12\x0c\n\x04host\x18\x01 \x01(\t\x12@\n\x0etraffic_policy\x18\x02 \x01(\x0b\x32(.istio.networking.v1alpha3.TrafficPolicy\x12\x32\n\x07subsets\x18\x03 \x03(\x0b\x32!.istio.networking.v1alpha3.Subset\x12\x11\n\texport_to\x18\x04 \x03(\t\"\xd7\x05\n\rTrafficPolicy\x12\x46\n\rload_balancer\x18\x01 \x01(\x0b\x32/.istio.networking.v1alpha3.LoadBalancerSettings\x12J\n\x0f\x63onnection_pool\x18\x02 \x01(\x0b\x32\x31.istio.networking.v1alpha3.ConnectionPoolSettings\x12\x46\n\x11outlier_detection\x18\x03 \x01(\x0b\x32+.istio.networking.v1alpha3.OutlierDetection\x12\x33\n\x03tls\x18\x04 \x01(\x0b\x32&.istio.networking.v1alpha3.TLSSettings\x12W\n\x13port_level_settings\x18\x05 \x03(\x0b\x32:.istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy\x1a\xdb\x02\n\x11PortTrafficPolicy\x12\x35\n\x04port\x18\x01 \x01(\x0b\x32\'.istio.networking.v1alpha3.PortSelector\x12\x46\n\rload_balancer\x18\x02 \x01(\x0b\x32/.istio.networking.v1alpha3.LoadBalancerSettings\x12J\n\x0f\x63onnection_pool\x18\x03 \x01(\x0b\x32\x31.istio.networking.v1alpha3.ConnectionPoolSettings\x12\x46\n\x11outlier_detection\x18\x04 \x01(\x0b\x32+.istio.networking.v1alpha3.OutlierDetection\x12\x33\n\x03tls\x18\x05 \x01(\x0b\x32&.istio.networking.v1alpha3.TLSSettings\"\xc6\x01\n\x06Subset\x12\x0c\n\x04name\x18\x01 \x01(\t\x12=\n\x06labels\x18\x02 \x03(\x0b\x32-.istio.networking.v1alpha3.Subset.LabelsEntry\x12@\n\x0etraffic_policy\x18\x03 \x01(\x0b\x32(.istio.networking.v1alpha3.TrafficPolicy\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xc3\x04\n\x14LoadBalancerSettings\x12J\n\x06simple\x18\x01 \x01(\x0e\x32\x38.istio.networking.v1alpha3.LoadBalancerSettings.SimpleLBH\x00\x12[\n\x0f\x63onsistent_hash\x18\x02 \x01(\x0b\x32@.istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLBH\x00\x1a\xaa\x02\n\x10\x43onsistentHashLB\x12\x1a\n\x10http_header_name\x18\x01 \x01(\tH\x00\x12\x62\n\x0bhttp_cookie\x18\x02 \x01(\x0b\x32K.istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookieH\x00\x12\x17\n\ruse_source_ip\x18\x03 \x01(\x08H\x00\x12\x19\n\x11minimum_ring_size\x18\x04 \x01(\x04\x1aV\n\nHTTPCookie\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0c\n\x04path\x18\x02 \x01(\t\x12,\n\x03ttl\x18\x03 \x01(\x0b\x32\x19.google.protobuf.DurationB\x04\x98\xdf\x1f\x01\x42\n\n\x08hash_key\"H\n\x08SimpleLB\x12\x0f\n\x0bROUND_ROBIN\x10\x00\x12\x0e\n\nLEAST_CONN\x10\x01\x12\n\n\x06RANDOM\x10\x02\x12\x0f\n\x0bPASSTHROUGH\x10\x03\x42\x0b\n\tlb_policy\"\xf3\x04\n\x16\x43onnectionPoolSettings\x12J\n\x03tcp\x18\x01 \x01(\x0b\x32=.istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings\x12L\n\x04http\x18\x02 \x01(\x0b\x32>.istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings\x1a\xb3\x02\n\x0bTCPSettings\x12\x17\n\x0fmax_connections\x18\x01 \x01(\x05\x12\x32\n\x0f\x63onnect_timeout\x18\x02 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x61\n\rtcp_keepalive\x18\x03 \x01(\x0b\x32J.istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive\x1at\n\x0cTcpKeepalive\x12\x0e\n\x06probes\x18\x01 \x01(\r\x12\'\n\x04time\x18\x02 \x01(\x0b\x32\x19.google.protobuf.Duration\x12+\n\x08interval\x18\x03 \x01(\x0b\x32\x19.google.protobuf.Duration\x1a\x88\x01\n\x0cHTTPSettings\x12\"\n\x1ahttp1_max_pending_requests\x18\x01 \x01(\x05\x12\x1a\n\x12http2_max_requests\x18\x02 \x01(\x05\x12#\n\x1bmax_requests_per_connection\x18\x03 \x01(\x05\x12\x13\n\x0bmax_retries\x18\x04 \x01(\x05\"\xcc\x01\n\x10OutlierDetection\x12\x1a\n\x12\x63onsecutive_errors\x18\x01 \x01(\x05\x12+\n\x08interval\x18\x02 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x35\n\x12\x62\x61se_ejection_time\x18\x03 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x1c\n\x14max_ejection_percent\x18\x04 \x01(\x05\x12\x1a\n\x12min_health_percent\x18\x05 \x01(\x05\"\xff\x01\n\x0bTLSSettings\x12<\n\x04mode\x18\x01 \x01(\x0e\x32..istio.networking.v1alpha3.TLSSettings.TLSmode\x12\x1a\n\x12\x63lient_certificate\x18\x02 \x01(\t\x12\x13\n\x0bprivate_key\x18\x03 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x04 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x05 \x03(\t\x12\x0b\n\x03sni\x18\x06 \x01(\t\"@\n\x07TLSmode\x12\x0b\n\x07\x44ISABLE\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x10\n\x0cISTIO_MUTUAL\x10\x03\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3') , - dependencies=[google_dot_protobuf_dot_duration__pb2.DESCRIPTOR,networking_dot_v1alpha3_dot_virtual__service__pb2.DESCRIPTOR,networking_dot_v1alpha3_dot_sidecar__pb2.DESCRIPTOR,gogoproto_dot_gogo__pb2.DESCRIPTOR,]) + dependencies=[google_dot_protobuf_dot_duration__pb2.DESCRIPTOR,networking_dot_v1alpha3_dot_virtual__service__pb2.DESCRIPTOR,gogoproto_dot_gogo__pb2.DESCRIPTOR,]) @@ -54,8 +53,8 @@ ], containing_type=None, options=None, - serialized_start=1845, - serialized_end=1917, + serialized_start=1767, + serialized_end=1839, ) _sym_db.RegisterEnumDescriptor(_LOADBALANCERSETTINGS_SIMPLELB) @@ -84,8 +83,8 @@ ], containing_type=None, options=None, - serialized_start=2961, - serialized_end=3025, + serialized_start=2883, + serialized_end=2947, ) _sym_db.RegisterEnumDescriptor(_TLSSETTINGS_TLSMODE) @@ -119,9 +118,9 @@ is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='config_scope', full_name='istio.networking.v1alpha3.DestinationRule.config_scope', index=3, - number=4, type=14, cpp_type=8, label=1, - has_default_value=False, default_value=0, + name='export_to', full_name='istio.networking.v1alpha3.DestinationRule.export_to', index=3, + number=4, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), @@ -137,8 +136,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=206, - serialized_end=417, + serialized_start=171, + serialized_end=339, ) @@ -196,8 +195,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=800, - serialized_end=1147, + serialized_start=722, + serialized_end=1069, ) _TRAFFICPOLICY = _descriptor.Descriptor( @@ -254,8 +253,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=420, - serialized_end=1147, + serialized_start=342, + serialized_end=1069, ) @@ -292,8 +291,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1303, - serialized_end=1348, + serialized_start=1225, + serialized_end=1270, ) _SUBSET = _descriptor.Descriptor( @@ -336,8 +335,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1150, - serialized_end=1348, + serialized_start=1072, + serialized_end=1270, ) @@ -381,8 +380,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1745, - serialized_end=1831, + serialized_start=1667, + serialized_end=1753, ) _LOADBALANCERSETTINGS_CONSISTENTHASHLB = _descriptor.Descriptor( @@ -435,8 +434,8 @@ name='hash_key', full_name='istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.hash_key', index=0, containing_type=None, fields=[]), ], - serialized_start=1545, - serialized_end=1843, + serialized_start=1467, + serialized_end=1765, ) _LOADBALANCERSETTINGS = _descriptor.Descriptor( @@ -476,8 +475,8 @@ name='lb_policy', full_name='istio.networking.v1alpha3.LoadBalancerSettings.lb_policy', index=0, containing_type=None, fields=[]), ], - serialized_start=1351, - serialized_end=1930, + serialized_start=1273, + serialized_end=1852, ) @@ -521,8 +520,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2305, - serialized_end=2421, + serialized_start=2227, + serialized_end=2343, ) _CONNECTIONPOOLSETTINGS_TCPSETTINGS = _descriptor.Descriptor( @@ -565,8 +564,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2114, - serialized_end=2421, + serialized_start=2036, + serialized_end=2343, ) _CONNECTIONPOOLSETTINGS_HTTPSETTINGS = _descriptor.Descriptor( @@ -616,8 +615,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2424, - serialized_end=2560, + serialized_start=2346, + serialized_end=2482, ) _CONNECTIONPOOLSETTINGS = _descriptor.Descriptor( @@ -653,8 +652,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1933, - serialized_end=2560, + serialized_start=1855, + serialized_end=2482, ) @@ -712,8 +711,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2563, - serialized_end=2767, + serialized_start=2485, + serialized_end=2689, ) @@ -779,13 +778,12 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2770, - serialized_end=3025, + serialized_start=2692, + serialized_end=2947, ) _DESTINATIONRULE.fields_by_name['traffic_policy'].message_type = _TRAFFICPOLICY _DESTINATIONRULE.fields_by_name['subsets'].message_type = _SUBSET -_DESTINATIONRULE.fields_by_name['config_scope'].enum_type = networking_dot_v1alpha3_dot_sidecar__pb2._CONFIGSCOPE _TRAFFICPOLICY_PORTTRAFFICPOLICY.fields_by_name['port'].message_type = networking_dot_v1alpha3_dot_virtual__service__pb2._PORTSELECTOR _TRAFFICPOLICY_PORTTRAFFICPOLICY.fields_by_name['load_balancer'].message_type = _LOADBALANCERSETTINGS _TRAFFICPOLICY_PORTTRAFFICPOLICY.fields_by_name['connection_pool'].message_type = _CONNECTIONPOOLSETTINGS diff --git a/python/istio_api/networking/v1alpha3/service_entry_pb2.py b/python/istio_api/networking/v1alpha3/service_entry_pb2.py index 0375749f9a..98a378aafd 100644 --- a/python/istio_api/networking/v1alpha3/service_entry_pb2.py +++ b/python/istio_api/networking/v1alpha3/service_entry_pb2.py @@ -14,16 +14,15 @@ from networking.v1alpha3 import gateway_pb2 as networking_dot_v1alpha3_dot_gateway__pb2 -from networking.v1alpha3 import sidecar_pb2 as networking_dot_v1alpha3_dot_sidecar__pb2 DESCRIPTOR = _descriptor.FileDescriptor( name='networking/v1alpha3/service_entry.proto', package='istio.networking.v1alpha3', syntax='proto3', - serialized_pb=_b('\n\'networking/v1alpha3/service_entry.proto\x12\x19istio.networking.v1alpha3\x1a!networking/v1alpha3/gateway.proto\x1a!networking/v1alpha3/sidecar.proto\"\x96\x06\n\x0cServiceEntry\x12\r\n\x05hosts\x18\x01 \x03(\t\x12\x11\n\taddresses\x18\x02 \x03(\t\x12.\n\x05ports\x18\x03 \x03(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x42\n\x08location\x18\x04 \x01(\x0e\x32\x30.istio.networking.v1alpha3.ServiceEntry.Location\x12\x46\n\nresolution\x18\x05 \x01(\x0e\x32\x32.istio.networking.v1alpha3.ServiceEntry.Resolution\x12\x43\n\tendpoints\x18\x06 \x03(\x0b\x32\x30.istio.networking.v1alpha3.ServiceEntry.Endpoint\x12<\n\x0c\x63onfig_scope\x18\x07 \x01(\x0e\x32&.istio.networking.v1alpha3.ConfigScope\x1a\xc5\x02\n\x08\x45ndpoint\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12J\n\x05ports\x18\x02 \x03(\x0b\x32;.istio.networking.v1alpha3.ServiceEntry.Endpoint.PortsEntry\x12L\n\x06labels\x18\x03 \x03(\x0b\x32<.istio.networking.v1alpha3.ServiceEntry.Endpoint.LabelsEntry\x12\x0f\n\x07network\x18\x04 \x01(\t\x12\x10\n\x08locality\x18\x05 \x01(\t\x12\x0e\n\x06weight\x18\x06 \x01(\r\x1a,\n\nPortsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\r:\x02\x38\x01\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"0\n\x08Location\x12\x11\n\rMESH_EXTERNAL\x10\x00\x12\x11\n\rMESH_INTERNAL\x10\x01\"+\n\nResolution\x12\x08\n\x04NONE\x10\x00\x12\n\n\x06STATIC\x10\x01\x12\x07\n\x03\x44NS\x10\x02\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3') + serialized_pb=_b('\n\'networking/v1alpha3/service_entry.proto\x12\x19istio.networking.v1alpha3\x1a!networking/v1alpha3/gateway.proto\"\xeb\x05\n\x0cServiceEntry\x12\r\n\x05hosts\x18\x01 \x03(\t\x12\x11\n\taddresses\x18\x02 \x03(\t\x12.\n\x05ports\x18\x03 \x03(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x42\n\x08location\x18\x04 \x01(\x0e\x32\x30.istio.networking.v1alpha3.ServiceEntry.Location\x12\x46\n\nresolution\x18\x05 \x01(\x0e\x32\x32.istio.networking.v1alpha3.ServiceEntry.Resolution\x12\x43\n\tendpoints\x18\x06 \x03(\x0b\x32\x30.istio.networking.v1alpha3.ServiceEntry.Endpoint\x12\x11\n\texport_to\x18\x07 \x03(\t\x1a\xc5\x02\n\x08\x45ndpoint\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12J\n\x05ports\x18\x02 \x03(\x0b\x32;.istio.networking.v1alpha3.ServiceEntry.Endpoint.PortsEntry\x12L\n\x06labels\x18\x03 \x03(\x0b\x32<.istio.networking.v1alpha3.ServiceEntry.Endpoint.LabelsEntry\x12\x0f\n\x07network\x18\x04 \x01(\t\x12\x10\n\x08locality\x18\x05 \x01(\t\x12\x0e\n\x06weight\x18\x06 \x01(\r\x1a,\n\nPortsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\r:\x02\x38\x01\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"0\n\x08Location\x12\x11\n\rMESH_EXTERNAL\x10\x00\x12\x11\n\rMESH_INTERNAL\x10\x01\"+\n\nResolution\x12\x08\n\x04NONE\x10\x00\x12\n\n\x06STATIC\x10\x01\x12\x07\n\x03\x44NS\x10\x02\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3') , - dependencies=[networking_dot_v1alpha3_dot_gateway__pb2.DESCRIPTOR,networking_dot_v1alpha3_dot_sidecar__pb2.DESCRIPTOR,]) + dependencies=[networking_dot_v1alpha3_dot_gateway__pb2.DESCRIPTOR,]) @@ -44,8 +43,8 @@ ], containing_type=None, options=None, - serialized_start=838, - serialized_end=886, + serialized_start=760, + serialized_end=808, ) _sym_db.RegisterEnumDescriptor(_SERVICEENTRY_LOCATION) @@ -70,8 +69,8 @@ ], containing_type=None, options=None, - serialized_start=888, - serialized_end=931, + serialized_start=810, + serialized_end=853, ) _sym_db.RegisterEnumDescriptor(_SERVICEENTRY_RESOLUTION) @@ -109,8 +108,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=745, - serialized_end=789, + serialized_start=667, + serialized_end=711, ) _SERVICEENTRY_ENDPOINT_LABELSENTRY = _descriptor.Descriptor( @@ -146,8 +145,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=791, - serialized_end=836, + serialized_start=713, + serialized_end=758, ) _SERVICEENTRY_ENDPOINT = _descriptor.Descriptor( @@ -211,8 +210,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=511, - serialized_end=836, + serialized_start=433, + serialized_end=758, ) _SERVICEENTRY = _descriptor.Descriptor( @@ -265,9 +264,9 @@ is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='config_scope', full_name='istio.networking.v1alpha3.ServiceEntry.config_scope', index=6, - number=7, type=14, cpp_type=8, label=1, - has_default_value=False, default_value=0, + name='export_to', full_name='istio.networking.v1alpha3.ServiceEntry.export_to', index=6, + number=7, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), @@ -285,8 +284,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=141, - serialized_end=931, + serialized_start=106, + serialized_end=853, ) _SERVICEENTRY_ENDPOINT_PORTSENTRY.containing_type = _SERVICEENTRY_ENDPOINT @@ -298,7 +297,6 @@ _SERVICEENTRY.fields_by_name['location'].enum_type = _SERVICEENTRY_LOCATION _SERVICEENTRY.fields_by_name['resolution'].enum_type = _SERVICEENTRY_RESOLUTION _SERVICEENTRY.fields_by_name['endpoints'].message_type = _SERVICEENTRY_ENDPOINT -_SERVICEENTRY.fields_by_name['config_scope'].enum_type = networking_dot_v1alpha3_dot_sidecar__pb2._CONFIGSCOPE _SERVICEENTRY_LOCATION.containing_type = _SERVICEENTRY _SERVICEENTRY_RESOLUTION.containing_type = _SERVICEENTRY DESCRIPTOR.message_types_by_name['ServiceEntry'] = _SERVICEENTRY diff --git a/python/istio_api/networking/v1alpha3/sidecar_pb2.py b/python/istio_api/networking/v1alpha3/sidecar_pb2.py index 33b4779367..7d6f2ae801 100644 --- a/python/istio_api/networking/v1alpha3/sidecar_pb2.py +++ b/python/istio_api/networking/v1alpha3/sidecar_pb2.py @@ -21,33 +21,10 @@ name='networking/v1alpha3/sidecar.proto', package='istio.networking.v1alpha3', syntax='proto3', - serialized_pb=_b('\n!networking/v1alpha3/sidecar.proto\x12\x19istio.networking.v1alpha3\x1a!networking/v1alpha3/gateway.proto\"\xd3\x01\n\x07Sidecar\x12\x46\n\x11workload_selector\x18\x01 \x01(\x0b\x32+.istio.networking.v1alpha3.WorkloadSelector\x12@\n\x07ingress\x18\x02 \x03(\x0b\x32/.istio.networking.v1alpha3.IstioIngressListener\x12>\n\x06\x65gress\x18\x03 \x03(\x0b\x32..istio.networking.v1alpha3.IstioEgressListener\"\xab\x01\n\x14IstioIngressListener\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x02 \x01(\t\x12<\n\x0c\x63\x61pture_mode\x18\x03 \x01(\x0e\x32&.istio.networking.v1alpha3.CaptureMode\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x04 \x01(\t\"\x9f\x01\n\x13IstioEgressListener\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x02 \x01(\t\x12<\n\x0c\x63\x61pture_mode\x18\x03 \x01(\x0e\x32&.istio.networking.v1alpha3.CaptureMode\x12\r\n\x05hosts\x18\x04 \x03(\t\"\x8a\x01\n\x10WorkloadSelector\x12G\n\x06labels\x18\x01 \x03(\x0b\x32\x37.istio.networking.v1alpha3.WorkloadSelector.LabelsEntry\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01*&\n\x0b\x43onfigScope\x12\n\n\x06PUBLIC\x10\x00\x12\x0b\n\x07PRIVATE\x10\x01*2\n\x0b\x43\x61ptureMode\x12\x0b\n\x07\x44\x45\x46\x41ULT\x10\x00\x12\x0c\n\x08IPTABLES\x10\x01\x12\x08\n\x04NONE\x10\x02\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3') + serialized_pb=_b('\n!networking/v1alpha3/sidecar.proto\x12\x19istio.networking.v1alpha3\x1a!networking/v1alpha3/gateway.proto\"\xd3\x01\n\x07Sidecar\x12\x46\n\x11workload_selector\x18\x01 \x01(\x0b\x32+.istio.networking.v1alpha3.WorkloadSelector\x12@\n\x07ingress\x18\x02 \x03(\x0b\x32/.istio.networking.v1alpha3.IstioIngressListener\x12>\n\x06\x65gress\x18\x03 \x03(\x0b\x32..istio.networking.v1alpha3.IstioEgressListener\"\xab\x01\n\x14IstioIngressListener\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x02 \x01(\t\x12<\n\x0c\x63\x61pture_mode\x18\x03 \x01(\x0e\x32&.istio.networking.v1alpha3.CaptureMode\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x04 \x01(\t\"\x9f\x01\n\x13IstioEgressListener\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x02 \x01(\t\x12<\n\x0c\x63\x61pture_mode\x18\x03 \x01(\x0e\x32&.istio.networking.v1alpha3.CaptureMode\x12\r\n\x05hosts\x18\x04 \x03(\t\"\x8a\x01\n\x10WorkloadSelector\x12G\n\x06labels\x18\x01 \x03(\x0b\x32\x37.istio.networking.v1alpha3.WorkloadSelector.LabelsEntry\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01*2\n\x0b\x43\x61ptureMode\x12\x0b\n\x07\x44\x45\x46\x41ULT\x10\x00\x12\x0c\n\x08IPTABLES\x10\x01\x12\x08\n\x04NONE\x10\x02\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3') , dependencies=[networking_dot_v1alpha3_dot_gateway__pb2.DESCRIPTOR,]) -_CONFIGSCOPE = _descriptor.EnumDescriptor( - name='ConfigScope', - full_name='istio.networking.v1alpha3.ConfigScope', - filename=None, - file=DESCRIPTOR, - values=[ - _descriptor.EnumValueDescriptor( - name='PUBLIC', index=0, number=0, - options=None, - type=None), - _descriptor.EnumValueDescriptor( - name='PRIVATE', index=1, number=1, - options=None, - type=None), - ], - containing_type=None, - options=None, - serialized_start=790, - serialized_end=828, -) -_sym_db.RegisterEnumDescriptor(_CONFIGSCOPE) - -ConfigScope = enum_type_wrapper.EnumTypeWrapper(_CONFIGSCOPE) _CAPTUREMODE = _descriptor.EnumDescriptor( name='CaptureMode', full_name='istio.networking.v1alpha3.CaptureMode', @@ -69,14 +46,12 @@ ], containing_type=None, options=None, - serialized_start=830, - serialized_end=880, + serialized_start=790, + serialized_end=840, ) _sym_db.RegisterEnumDescriptor(_CAPTUREMODE) CaptureMode = enum_type_wrapper.EnumTypeWrapper(_CAPTUREMODE) -PUBLIC = 0 -PRIVATE = 1 DEFAULT = 0 IPTABLES = 1 NONE = 2 @@ -312,7 +287,6 @@ DESCRIPTOR.message_types_by_name['IstioIngressListener'] = _ISTIOINGRESSLISTENER DESCRIPTOR.message_types_by_name['IstioEgressListener'] = _ISTIOEGRESSLISTENER DESCRIPTOR.message_types_by_name['WorkloadSelector'] = _WORKLOADSELECTOR -DESCRIPTOR.enum_types_by_name['ConfigScope'] = _CONFIGSCOPE DESCRIPTOR.enum_types_by_name['CaptureMode'] = _CAPTUREMODE _sym_db.RegisterFileDescriptor(DESCRIPTOR) diff --git a/python/istio_api/networking/v1alpha3/virtual_service_pb2.py b/python/istio_api/networking/v1alpha3/virtual_service_pb2.py index 4bff1527b2..d23e70d230 100644 --- a/python/istio_api/networking/v1alpha3/virtual_service_pb2.py +++ b/python/istio_api/networking/v1alpha3/virtual_service_pb2.py @@ -15,16 +15,15 @@ from google.protobuf import duration_pb2 as google_dot_protobuf_dot_duration__pb2 from google.protobuf import wrappers_pb2 as google_dot_protobuf_dot_wrappers__pb2 -from networking.v1alpha3 import sidecar_pb2 as networking_dot_v1alpha3_dot_sidecar__pb2 DESCRIPTOR = _descriptor.FileDescriptor( name='networking/v1alpha3/virtual_service.proto', package='istio.networking.v1alpha3', syntax='proto3', - serialized_pb=_b('\n)networking/v1alpha3/virtual_service.proto\x12\x19istio.networking.v1alpha3\x1a\x1egoogle/protobuf/duration.proto\x1a\x1egoogle/protobuf/wrappers.proto\x1a!networking/v1alpha3/sidecar.proto\"\x87\x02\n\x0eVirtualService\x12\r\n\x05hosts\x18\x01 \x03(\t\x12\x10\n\x08gateways\x18\x02 \x03(\t\x12\x32\n\x04http\x18\x03 \x03(\x0b\x32$.istio.networking.v1alpha3.HTTPRoute\x12\x30\n\x03tls\x18\x05 \x03(\x0b\x32#.istio.networking.v1alpha3.TLSRoute\x12\x30\n\x03tcp\x18\x04 \x03(\x0b\x32#.istio.networking.v1alpha3.TCPRoute\x12<\n\x0c\x63onfig_scope\x18\x06 \x01(\x0e\x32&.istio.networking.v1alpha3.ConfigScope\"b\n\x0b\x44\x65stination\x12\x0c\n\x04host\x18\x01 \x01(\t\x12\x0e\n\x06subset\x18\x02 \x01(\t\x12\x35\n\x04port\x18\x03 \x01(\x0b\x32\'.istio.networking.v1alpha3.PortSelector\"\xf9\x08\n\tHTTPRoute\x12:\n\x05match\x18\x01 \x03(\x0b\x32+.istio.networking.v1alpha3.HTTPMatchRequest\x12>\n\x05route\x18\x02 \x03(\x0b\x32/.istio.networking.v1alpha3.HTTPRouteDestination\x12\x39\n\x08redirect\x18\x03 \x01(\x0b\x32\'.istio.networking.v1alpha3.HTTPRedirect\x12\x37\n\x07rewrite\x18\x04 \x01(\x0b\x32&.istio.networking.v1alpha3.HTTPRewrite\x12\x19\n\x11websocket_upgrade\x18\x05 \x01(\x08\x12*\n\x07timeout\x18\x06 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x35\n\x07retries\x18\x07 \x01(\x0b\x32$.istio.networking.v1alpha3.HTTPRetry\x12<\n\x05\x66\x61ult\x18\x08 \x01(\x0b\x32-.istio.networking.v1alpha3.HTTPFaultInjection\x12\x36\n\x06mirror\x18\t \x01(\x0b\x32&.istio.networking.v1alpha3.Destination\x12:\n\x0b\x63ors_policy\x18\n \x01(\x0b\x32%.istio.networking.v1alpha3.CorsPolicy\x12S\n\x0e\x61ppend_headers\x18\x0b \x03(\x0b\x32\x37.istio.networking.v1alpha3.HTTPRoute.AppendHeadersEntryB\x02\x18\x01\x12#\n\x17remove_response_headers\x18\x0c \x03(\tB\x02\x18\x01\x12\x64\n\x17\x61ppend_response_headers\x18\r \x03(\x0b\x32?.istio.networking.v1alpha3.HTTPRoute.AppendResponseHeadersEntryB\x02\x18\x01\x12\"\n\x16remove_request_headers\x18\x0e \x03(\tB\x02\x18\x01\x12\x62\n\x16\x61ppend_request_headers\x18\x0f \x03(\x0b\x32>.istio.networking.v1alpha3.HTTPRoute.AppendRequestHeadersEntryB\x02\x18\x01\x12\x33\n\x07headers\x18\x10 \x01(\x0b\x32\".istio.networking.v1alpha3.Headers\x1a\x34\n\x12\x41ppendHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\x1a<\n\x1a\x41ppendResponseHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\x1a;\n\x19\x41ppendRequestHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xa9\x03\n\x07Headers\x12\x44\n\x07request\x18\x01 \x01(\x0b\x32\x33.istio.networking.v1alpha3.Headers.HeaderOperations\x12\x45\n\x08response\x18\x02 \x01(\x0b\x32\x33.istio.networking.v1alpha3.Headers.HeaderOperations\x1a\x90\x02\n\x10HeaderOperations\x12I\n\x03set\x18\x01 \x03(\x0b\x32<.istio.networking.v1alpha3.Headers.HeaderOperations.SetEntry\x12I\n\x03\x61\x64\x64\x18\x02 \x03(\x0b\x32<.istio.networking.v1alpha3.Headers.HeaderOperations.AddEntry\x12\x0e\n\x06remove\x18\x03 \x03(\t\x1a*\n\x08SetEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\x1a*\n\x08\x41\x64\x64\x45ntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\x84\x01\n\x08TLSRoute\x12<\n\x05match\x18\x01 \x03(\x0b\x32-.istio.networking.v1alpha3.TLSMatchAttributes\x12:\n\x05route\x18\x02 \x03(\x0b\x32+.istio.networking.v1alpha3.RouteDestination\"\x83\x01\n\x08TCPRoute\x12;\n\x05match\x18\x01 \x03(\x0b\x32,.istio.networking.v1alpha3.L4MatchAttributes\x12:\n\x05route\x18\x02 \x03(\x0b\x32+.istio.networking.v1alpha3.RouteDestination\"\xc0\x04\n\x10HTTPMatchRequest\x12\x33\n\x03uri\x18\x01 \x01(\x0b\x32&.istio.networking.v1alpha3.StringMatch\x12\x36\n\x06scheme\x18\x02 \x01(\x0b\x32&.istio.networking.v1alpha3.StringMatch\x12\x36\n\x06method\x18\x03 \x01(\x0b\x32&.istio.networking.v1alpha3.StringMatch\x12\x39\n\tauthority\x18\x04 \x01(\x0b\x32&.istio.networking.v1alpha3.StringMatch\x12I\n\x07headers\x18\x05 \x03(\x0b\x32\x38.istio.networking.v1alpha3.HTTPMatchRequest.HeadersEntry\x12\x0c\n\x04port\x18\x06 \x01(\r\x12T\n\rsource_labels\x18\x07 \x03(\x0b\x32=.istio.networking.v1alpha3.HTTPMatchRequest.SourceLabelsEntry\x12\x10\n\x08gateways\x18\x08 \x03(\t\x1aV\n\x0cHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x35\n\x05value\x18\x02 \x01(\x0b\x32&.istio.networking.v1alpha3.StringMatch:\x02\x38\x01\x1a\x33\n\x11SourceLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xbc\x04\n\x14HTTPRouteDestination\x12;\n\x0b\x64\x65stination\x18\x01 \x01(\x0b\x32&.istio.networking.v1alpha3.Destination\x12\x0e\n\x06weight\x18\x02 \x01(\x05\x12#\n\x17remove_response_headers\x18\x03 \x03(\tB\x02\x18\x01\x12o\n\x17\x61ppend_response_headers\x18\x04 \x03(\x0b\x32J.istio.networking.v1alpha3.HTTPRouteDestination.AppendResponseHeadersEntryB\x02\x18\x01\x12\"\n\x16remove_request_headers\x18\x05 \x03(\tB\x02\x18\x01\x12m\n\x16\x61ppend_request_headers\x18\x06 \x03(\x0b\x32I.istio.networking.v1alpha3.HTTPRouteDestination.AppendRequestHeadersEntryB\x02\x18\x01\x12\x33\n\x07headers\x18\x07 \x01(\x0b\x32\".istio.networking.v1alpha3.Headers\x1a<\n\x1a\x41ppendResponseHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\x1a;\n\x19\x41ppendRequestHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"_\n\x10RouteDestination\x12;\n\x0b\x64\x65stination\x18\x01 \x01(\x0b\x32&.istio.networking.v1alpha3.Destination\x12\x0e\n\x06weight\x18\x02 \x01(\x05\"\xf3\x01\n\x11L4MatchAttributes\x12\x1b\n\x13\x64\x65stination_subnets\x18\x01 \x03(\t\x12\x0c\n\x04port\x18\x02 \x01(\r\x12\x15\n\rsource_subnet\x18\x03 \x01(\t\x12U\n\rsource_labels\x18\x04 \x03(\x0b\x32>.istio.networking.v1alpha3.L4MatchAttributes.SourceLabelsEntry\x12\x10\n\x08gateways\x18\x05 \x03(\t\x1a\x33\n\x11SourceLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\x88\x02\n\x12TLSMatchAttributes\x12\x11\n\tsni_hosts\x18\x01 \x03(\t\x12\x1b\n\x13\x64\x65stination_subnets\x18\x02 \x03(\t\x12\x0c\n\x04port\x18\x03 \x01(\r\x12\x15\n\rsource_subnet\x18\x04 \x01(\t\x12V\n\rsource_labels\x18\x05 \x03(\x0b\x32?.istio.networking.v1alpha3.TLSMatchAttributes.SourceLabelsEntry\x12\x10\n\x08gateways\x18\x06 \x03(\t\x1a\x33\n\x11SourceLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\".\n\x0cHTTPRedirect\x12\x0b\n\x03uri\x18\x01 \x01(\t\x12\x11\n\tauthority\x18\x02 \x01(\t\"-\n\x0bHTTPRewrite\x12\x0b\n\x03uri\x18\x01 \x01(\t\x12\x11\n\tauthority\x18\x02 \x01(\t\"O\n\x0bStringMatch\x12\x0f\n\x05\x65xact\x18\x01 \x01(\tH\x00\x12\x10\n\x06prefix\x18\x02 \x01(\tH\x00\x12\x0f\n\x05regex\x18\x03 \x01(\tH\x00\x42\x0c\n\nmatch_type\"c\n\tHTTPRetry\x12\x10\n\x08\x61ttempts\x18\x01 \x01(\x05\x12\x32\n\x0fper_try_timeout\x18\x02 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x10\n\x08retry_on\x18\x03 \x01(\t\"\xcb\x01\n\nCorsPolicy\x12\x14\n\x0c\x61llow_origin\x18\x01 \x03(\t\x12\x15\n\rallow_methods\x18\x02 \x03(\t\x12\x15\n\rallow_headers\x18\x03 \x03(\t\x12\x16\n\x0e\x65xpose_headers\x18\x04 \x03(\t\x12*\n\x07max_age\x18\x05 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x35\n\x11\x61llow_credentials\x18\x06 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x9a\x04\n\x12HTTPFaultInjection\x12\x42\n\x05\x64\x65lay\x18\x01 \x01(\x0b\x32\x33.istio.networking.v1alpha3.HTTPFaultInjection.Delay\x12\x42\n\x05\x61\x62ort\x18\x02 \x01(\x0b\x32\x33.istio.networking.v1alpha3.HTTPFaultInjection.Abort\x1a\xd1\x01\n\x05\x44\x65lay\x12\x13\n\x07percent\x18\x01 \x01(\x05\x42\x02\x18\x01\x12\x30\n\x0b\x66ixed_delay\x18\x02 \x01(\x0b\x32\x19.google.protobuf.DurationH\x00\x12\x36\n\x11\x65xponential_delay\x18\x03 \x01(\x0b\x32\x19.google.protobuf.DurationH\x00\x12\x36\n\npercentage\x18\x05 \x01(\x0b\x32\".istio.networking.v1alpha3.PercentB\x11\n\x0fhttp_delay_type\x1a\xa7\x01\n\x05\x41\x62ort\x12\x13\n\x07percent\x18\x01 \x01(\x05\x42\x02\x18\x01\x12\x15\n\x0bhttp_status\x18\x02 \x01(\x05H\x00\x12\x15\n\x0bgrpc_status\x18\x03 \x01(\tH\x00\x12\x15\n\x0bhttp2_error\x18\x04 \x01(\tH\x00\x12\x36\n\npercentage\x18\x05 \x01(\x0b\x32\".istio.networking.v1alpha3.PercentB\x0c\n\nerror_type\"8\n\x0cPortSelector\x12\x10\n\x06number\x18\x01 \x01(\rH\x00\x12\x0e\n\x04name\x18\x02 \x01(\tH\x00\x42\x06\n\x04port\"\x18\n\x07Percent\x12\r\n\x05value\x18\x01 \x01(\x01\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3') + serialized_pb=_b('\n)networking/v1alpha3/virtual_service.proto\x12\x19istio.networking.v1alpha3\x1a\x1egoogle/protobuf/duration.proto\x1a\x1egoogle/protobuf/wrappers.proto\"\xdc\x01\n\x0eVirtualService\x12\r\n\x05hosts\x18\x01 \x03(\t\x12\x10\n\x08gateways\x18\x02 \x03(\t\x12\x32\n\x04http\x18\x03 \x03(\x0b\x32$.istio.networking.v1alpha3.HTTPRoute\x12\x30\n\x03tls\x18\x05 \x03(\x0b\x32#.istio.networking.v1alpha3.TLSRoute\x12\x30\n\x03tcp\x18\x04 \x03(\x0b\x32#.istio.networking.v1alpha3.TCPRoute\x12\x11\n\texport_to\x18\x06 \x03(\t\"b\n\x0b\x44\x65stination\x12\x0c\n\x04host\x18\x01 \x01(\t\x12\x0e\n\x06subset\x18\x02 \x01(\t\x12\x35\n\x04port\x18\x03 \x01(\x0b\x32\'.istio.networking.v1alpha3.PortSelector\"\xf9\x08\n\tHTTPRoute\x12:\n\x05match\x18\x01 \x03(\x0b\x32+.istio.networking.v1alpha3.HTTPMatchRequest\x12>\n\x05route\x18\x02 \x03(\x0b\x32/.istio.networking.v1alpha3.HTTPRouteDestination\x12\x39\n\x08redirect\x18\x03 \x01(\x0b\x32\'.istio.networking.v1alpha3.HTTPRedirect\x12\x37\n\x07rewrite\x18\x04 \x01(\x0b\x32&.istio.networking.v1alpha3.HTTPRewrite\x12\x19\n\x11websocket_upgrade\x18\x05 \x01(\x08\x12*\n\x07timeout\x18\x06 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x35\n\x07retries\x18\x07 \x01(\x0b\x32$.istio.networking.v1alpha3.HTTPRetry\x12<\n\x05\x66\x61ult\x18\x08 \x01(\x0b\x32-.istio.networking.v1alpha3.HTTPFaultInjection\x12\x36\n\x06mirror\x18\t \x01(\x0b\x32&.istio.networking.v1alpha3.Destination\x12:\n\x0b\x63ors_policy\x18\n \x01(\x0b\x32%.istio.networking.v1alpha3.CorsPolicy\x12S\n\x0e\x61ppend_headers\x18\x0b \x03(\x0b\x32\x37.istio.networking.v1alpha3.HTTPRoute.AppendHeadersEntryB\x02\x18\x01\x12#\n\x17remove_response_headers\x18\x0c \x03(\tB\x02\x18\x01\x12\x64\n\x17\x61ppend_response_headers\x18\r \x03(\x0b\x32?.istio.networking.v1alpha3.HTTPRoute.AppendResponseHeadersEntryB\x02\x18\x01\x12\"\n\x16remove_request_headers\x18\x0e \x03(\tB\x02\x18\x01\x12\x62\n\x16\x61ppend_request_headers\x18\x0f \x03(\x0b\x32>.istio.networking.v1alpha3.HTTPRoute.AppendRequestHeadersEntryB\x02\x18\x01\x12\x33\n\x07headers\x18\x10 \x01(\x0b\x32\".istio.networking.v1alpha3.Headers\x1a\x34\n\x12\x41ppendHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\x1a<\n\x1a\x41ppendResponseHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\x1a;\n\x19\x41ppendRequestHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xa9\x03\n\x07Headers\x12\x44\n\x07request\x18\x01 \x01(\x0b\x32\x33.istio.networking.v1alpha3.Headers.HeaderOperations\x12\x45\n\x08response\x18\x02 \x01(\x0b\x32\x33.istio.networking.v1alpha3.Headers.HeaderOperations\x1a\x90\x02\n\x10HeaderOperations\x12I\n\x03set\x18\x01 \x03(\x0b\x32<.istio.networking.v1alpha3.Headers.HeaderOperations.SetEntry\x12I\n\x03\x61\x64\x64\x18\x02 \x03(\x0b\x32<.istio.networking.v1alpha3.Headers.HeaderOperations.AddEntry\x12\x0e\n\x06remove\x18\x03 \x03(\t\x1a*\n\x08SetEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\x1a*\n\x08\x41\x64\x64\x45ntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\x84\x01\n\x08TLSRoute\x12<\n\x05match\x18\x01 \x03(\x0b\x32-.istio.networking.v1alpha3.TLSMatchAttributes\x12:\n\x05route\x18\x02 \x03(\x0b\x32+.istio.networking.v1alpha3.RouteDestination\"\x83\x01\n\x08TCPRoute\x12;\n\x05match\x18\x01 \x03(\x0b\x32,.istio.networking.v1alpha3.L4MatchAttributes\x12:\n\x05route\x18\x02 \x03(\x0b\x32+.istio.networking.v1alpha3.RouteDestination\"\xc0\x04\n\x10HTTPMatchRequest\x12\x33\n\x03uri\x18\x01 \x01(\x0b\x32&.istio.networking.v1alpha3.StringMatch\x12\x36\n\x06scheme\x18\x02 \x01(\x0b\x32&.istio.networking.v1alpha3.StringMatch\x12\x36\n\x06method\x18\x03 \x01(\x0b\x32&.istio.networking.v1alpha3.StringMatch\x12\x39\n\tauthority\x18\x04 \x01(\x0b\x32&.istio.networking.v1alpha3.StringMatch\x12I\n\x07headers\x18\x05 \x03(\x0b\x32\x38.istio.networking.v1alpha3.HTTPMatchRequest.HeadersEntry\x12\x0c\n\x04port\x18\x06 \x01(\r\x12T\n\rsource_labels\x18\x07 \x03(\x0b\x32=.istio.networking.v1alpha3.HTTPMatchRequest.SourceLabelsEntry\x12\x10\n\x08gateways\x18\x08 \x03(\t\x1aV\n\x0cHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x35\n\x05value\x18\x02 \x01(\x0b\x32&.istio.networking.v1alpha3.StringMatch:\x02\x38\x01\x1a\x33\n\x11SourceLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xbc\x04\n\x14HTTPRouteDestination\x12;\n\x0b\x64\x65stination\x18\x01 \x01(\x0b\x32&.istio.networking.v1alpha3.Destination\x12\x0e\n\x06weight\x18\x02 \x01(\x05\x12#\n\x17remove_response_headers\x18\x03 \x03(\tB\x02\x18\x01\x12o\n\x17\x61ppend_response_headers\x18\x04 \x03(\x0b\x32J.istio.networking.v1alpha3.HTTPRouteDestination.AppendResponseHeadersEntryB\x02\x18\x01\x12\"\n\x16remove_request_headers\x18\x05 \x03(\tB\x02\x18\x01\x12m\n\x16\x61ppend_request_headers\x18\x06 \x03(\x0b\x32I.istio.networking.v1alpha3.HTTPRouteDestination.AppendRequestHeadersEntryB\x02\x18\x01\x12\x33\n\x07headers\x18\x07 \x01(\x0b\x32\".istio.networking.v1alpha3.Headers\x1a<\n\x1a\x41ppendResponseHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\x1a;\n\x19\x41ppendRequestHeadersEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"_\n\x10RouteDestination\x12;\n\x0b\x64\x65stination\x18\x01 \x01(\x0b\x32&.istio.networking.v1alpha3.Destination\x12\x0e\n\x06weight\x18\x02 \x01(\x05\"\xf3\x01\n\x11L4MatchAttributes\x12\x1b\n\x13\x64\x65stination_subnets\x18\x01 \x03(\t\x12\x0c\n\x04port\x18\x02 \x01(\r\x12\x15\n\rsource_subnet\x18\x03 \x01(\t\x12U\n\rsource_labels\x18\x04 \x03(\x0b\x32>.istio.networking.v1alpha3.L4MatchAttributes.SourceLabelsEntry\x12\x10\n\x08gateways\x18\x05 \x03(\t\x1a\x33\n\x11SourceLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\x88\x02\n\x12TLSMatchAttributes\x12\x11\n\tsni_hosts\x18\x01 \x03(\t\x12\x1b\n\x13\x64\x65stination_subnets\x18\x02 \x03(\t\x12\x0c\n\x04port\x18\x03 \x01(\r\x12\x15\n\rsource_subnet\x18\x04 \x01(\t\x12V\n\rsource_labels\x18\x05 \x03(\x0b\x32?.istio.networking.v1alpha3.TLSMatchAttributes.SourceLabelsEntry\x12\x10\n\x08gateways\x18\x06 \x03(\t\x1a\x33\n\x11SourceLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\".\n\x0cHTTPRedirect\x12\x0b\n\x03uri\x18\x01 \x01(\t\x12\x11\n\tauthority\x18\x02 \x01(\t\"-\n\x0bHTTPRewrite\x12\x0b\n\x03uri\x18\x01 \x01(\t\x12\x11\n\tauthority\x18\x02 \x01(\t\"O\n\x0bStringMatch\x12\x0f\n\x05\x65xact\x18\x01 \x01(\tH\x00\x12\x10\n\x06prefix\x18\x02 \x01(\tH\x00\x12\x0f\n\x05regex\x18\x03 \x01(\tH\x00\x42\x0c\n\nmatch_type\"c\n\tHTTPRetry\x12\x10\n\x08\x61ttempts\x18\x01 \x01(\x05\x12\x32\n\x0fper_try_timeout\x18\x02 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x10\n\x08retry_on\x18\x03 \x01(\t\"\xcb\x01\n\nCorsPolicy\x12\x14\n\x0c\x61llow_origin\x18\x01 \x03(\t\x12\x15\n\rallow_methods\x18\x02 \x03(\t\x12\x15\n\rallow_headers\x18\x03 \x03(\t\x12\x16\n\x0e\x65xpose_headers\x18\x04 \x03(\t\x12*\n\x07max_age\x18\x05 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x35\n\x11\x61llow_credentials\x18\x06 \x01(\x0b\x32\x1a.google.protobuf.BoolValue\"\x9a\x04\n\x12HTTPFaultInjection\x12\x42\n\x05\x64\x65lay\x18\x01 \x01(\x0b\x32\x33.istio.networking.v1alpha3.HTTPFaultInjection.Delay\x12\x42\n\x05\x61\x62ort\x18\x02 \x01(\x0b\x32\x33.istio.networking.v1alpha3.HTTPFaultInjection.Abort\x1a\xd1\x01\n\x05\x44\x65lay\x12\x13\n\x07percent\x18\x01 \x01(\x05\x42\x02\x18\x01\x12\x30\n\x0b\x66ixed_delay\x18\x02 \x01(\x0b\x32\x19.google.protobuf.DurationH\x00\x12\x36\n\x11\x65xponential_delay\x18\x03 \x01(\x0b\x32\x19.google.protobuf.DurationH\x00\x12\x36\n\npercentage\x18\x05 \x01(\x0b\x32\".istio.networking.v1alpha3.PercentB\x11\n\x0fhttp_delay_type\x1a\xa7\x01\n\x05\x41\x62ort\x12\x13\n\x07percent\x18\x01 \x01(\x05\x42\x02\x18\x01\x12\x15\n\x0bhttp_status\x18\x02 \x01(\x05H\x00\x12\x15\n\x0bgrpc_status\x18\x03 \x01(\tH\x00\x12\x15\n\x0bhttp2_error\x18\x04 \x01(\tH\x00\x12\x36\n\npercentage\x18\x05 \x01(\x0b\x32\".istio.networking.v1alpha3.PercentB\x0c\n\nerror_type\"8\n\x0cPortSelector\x12\x10\n\x06number\x18\x01 \x01(\rH\x00\x12\x0e\n\x04name\x18\x02 \x01(\tH\x00\x42\x06\n\x04port\"\x18\n\x07Percent\x12\r\n\x05value\x18\x01 \x01(\x01\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3') , - dependencies=[google_dot_protobuf_dot_duration__pb2.DESCRIPTOR,google_dot_protobuf_dot_wrappers__pb2.DESCRIPTOR,networking_dot_v1alpha3_dot_sidecar__pb2.DESCRIPTOR,]) + dependencies=[google_dot_protobuf_dot_duration__pb2.DESCRIPTOR,google_dot_protobuf_dot_wrappers__pb2.DESCRIPTOR,]) @@ -72,9 +71,9 @@ is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='config_scope', full_name='istio.networking.v1alpha3.VirtualService.config_scope', index=5, - number=6, type=14, cpp_type=8, label=1, - has_default_value=False, default_value=0, + name='export_to', full_name='istio.networking.v1alpha3.VirtualService.export_to', index=5, + number=6, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), @@ -90,8 +89,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=172, - serialized_end=435, + serialized_start=137, + serialized_end=357, ) @@ -135,8 +134,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=437, - serialized_end=535, + serialized_start=359, + serialized_end=457, ) @@ -173,8 +172,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1508, - serialized_end=1560, + serialized_start=1430, + serialized_end=1482, ) _HTTPROUTE_APPENDRESPONSEHEADERSENTRY = _descriptor.Descriptor( @@ -210,8 +209,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1562, - serialized_end=1622, + serialized_start=1484, + serialized_end=1544, ) _HTTPROUTE_APPENDREQUESTHEADERSENTRY = _descriptor.Descriptor( @@ -247,8 +246,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1624, - serialized_end=1683, + serialized_start=1546, + serialized_end=1605, ) _HTTPROUTE = _descriptor.Descriptor( @@ -382,8 +381,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=538, - serialized_end=1683, + serialized_start=460, + serialized_end=1605, ) @@ -420,8 +419,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2025, - serialized_end=2067, + serialized_start=1947, + serialized_end=1989, ) _HEADERS_HEADEROPERATIONS_ADDENTRY = _descriptor.Descriptor( @@ -457,8 +456,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2069, - serialized_end=2111, + serialized_start=1991, + serialized_end=2033, ) _HEADERS_HEADEROPERATIONS = _descriptor.Descriptor( @@ -501,8 +500,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1839, - serialized_end=2111, + serialized_start=1761, + serialized_end=2033, ) _HEADERS = _descriptor.Descriptor( @@ -538,8 +537,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1686, - serialized_end=2111, + serialized_start=1608, + serialized_end=2033, ) @@ -576,8 +575,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2114, - serialized_end=2246, + serialized_start=2036, + serialized_end=2168, ) @@ -614,8 +613,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2249, - serialized_end=2380, + serialized_start=2171, + serialized_end=2302, ) @@ -652,8 +651,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2820, - serialized_end=2906, + serialized_start=2742, + serialized_end=2828, ) _HTTPMATCHREQUEST_SOURCELABELSENTRY = _descriptor.Descriptor( @@ -689,8 +688,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2908, - serialized_end=2959, + serialized_start=2830, + serialized_end=2881, ) _HTTPMATCHREQUEST = _descriptor.Descriptor( @@ -768,8 +767,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2383, - serialized_end=2959, + serialized_start=2305, + serialized_end=2881, ) @@ -806,8 +805,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1562, - serialized_end=1622, + serialized_start=1484, + serialized_end=1544, ) _HTTPROUTEDESTINATION_APPENDREQUESTHEADERSENTRY = _descriptor.Descriptor( @@ -843,8 +842,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1624, - serialized_end=1683, + serialized_start=1546, + serialized_end=1605, ) _HTTPROUTEDESTINATION = _descriptor.Descriptor( @@ -915,8 +914,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2962, - serialized_end=3534, + serialized_start=2884, + serialized_end=3456, ) @@ -953,8 +952,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=3536, - serialized_end=3631, + serialized_start=3458, + serialized_end=3553, ) @@ -991,8 +990,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2908, - serialized_end=2959, + serialized_start=2830, + serialized_end=2881, ) _L4MATCHATTRIBUTES = _descriptor.Descriptor( @@ -1049,8 +1048,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=3634, - serialized_end=3877, + serialized_start=3556, + serialized_end=3799, ) @@ -1087,8 +1086,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2908, - serialized_end=2959, + serialized_start=2830, + serialized_end=2881, ) _TLSMATCHATTRIBUTES = _descriptor.Descriptor( @@ -1152,8 +1151,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=3880, - serialized_end=4144, + serialized_start=3802, + serialized_end=4066, ) @@ -1190,8 +1189,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4146, - serialized_end=4192, + serialized_start=4068, + serialized_end=4114, ) @@ -1228,8 +1227,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4194, - serialized_end=4239, + serialized_start=4116, + serialized_end=4161, ) @@ -1276,8 +1275,8 @@ name='match_type', full_name='istio.networking.v1alpha3.StringMatch.match_type', index=0, containing_type=None, fields=[]), ], - serialized_start=4241, - serialized_end=4320, + serialized_start=4163, + serialized_end=4242, ) @@ -1321,8 +1320,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4322, - serialized_end=4421, + serialized_start=4244, + serialized_end=4343, ) @@ -1387,8 +1386,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4424, - serialized_end=4627, + serialized_start=4346, + serialized_end=4549, ) @@ -1442,8 +1441,8 @@ name='http_delay_type', full_name='istio.networking.v1alpha3.HTTPFaultInjection.Delay.http_delay_type', index=0, containing_type=None, fields=[]), ], - serialized_start=4789, - serialized_end=4998, + serialized_start=4711, + serialized_end=4920, ) _HTTPFAULTINJECTION_ABORT = _descriptor.Descriptor( @@ -1503,8 +1502,8 @@ name='error_type', full_name='istio.networking.v1alpha3.HTTPFaultInjection.Abort.error_type', index=0, containing_type=None, fields=[]), ], - serialized_start=5001, - serialized_end=5168, + serialized_start=4923, + serialized_end=5090, ) _HTTPFAULTINJECTION = _descriptor.Descriptor( @@ -1540,8 +1539,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=4630, - serialized_end=5168, + serialized_start=4552, + serialized_end=5090, ) @@ -1581,8 +1580,8 @@ name='port', full_name='istio.networking.v1alpha3.PortSelector.port', index=0, containing_type=None, fields=[]), ], - serialized_start=5170, - serialized_end=5226, + serialized_start=5092, + serialized_end=5148, ) @@ -1612,14 +1611,13 @@ extension_ranges=[], oneofs=[ ], - serialized_start=5228, - serialized_end=5252, + serialized_start=5150, + serialized_end=5174, ) _VIRTUALSERVICE.fields_by_name['http'].message_type = _HTTPROUTE _VIRTUALSERVICE.fields_by_name['tls'].message_type = _TLSROUTE _VIRTUALSERVICE.fields_by_name['tcp'].message_type = _TCPROUTE -_VIRTUALSERVICE.fields_by_name['config_scope'].enum_type = networking_dot_v1alpha3_dot_sidecar__pb2._CONFIGSCOPE _DESTINATION.fields_by_name['port'].message_type = _PORTSELECTOR _HTTPROUTE_APPENDHEADERSENTRY.containing_type = _HTTPROUTE _HTTPROUTE_APPENDRESPONSEHEADERSENTRY.containing_type = _HTTPROUTE From 3c7e31a64853dade01bfd5019bfa0f983a073db4 Mon Sep 17 00:00:00 2001 From: Shriram Rajagopalan Date: Tue, 29 Jan 2019 19:38:36 -0500 Subject: [PATCH 02/15] Enabling SDS in the gateway (#778) * Enabling SDS in the gateway Signed-off-by: Shriram Rajagopalan * lint Signed-off-by: Shriram Rajagopalan --- networking/v1alpha3/gateway.pb.go | 847 ++++++++++++++++-- networking/v1alpha3/gateway.proto | 53 +- .../istio.networking.v1alpha3.pb.html | 122 ++- proto.lock | 53 +- .../networking/v1alpha3/gateway_pb2.py | 200 ++++- 5 files changed, 1166 insertions(+), 109 deletions(-) diff --git a/networking/v1alpha3/gateway.pb.go b/networking/v1alpha3/gateway.pb.go index 3eeb4ff276..10483edacd 100644 --- a/networking/v1alpha3/gateway.pb.go +++ b/networking/v1alpha3/gateway.pb.go @@ -409,10 +409,13 @@ type Server_TLSOptions struct { Mode Server_TLSOptions_TLSmode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.networking.v1alpha3.Server_TLSOptions_TLSmode" json:"mode,omitempty"` // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file // holding the server-side TLS certificate to use. + // Deprecated. Use ServerCertificate string `protobuf:"bytes,3,opt,name=server_certificate,json=serverCertificate,proto3" json:"server_certificate,omitempty"` // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file // holding the server's private key. PrivateKey string `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` + // REQUIRED if the mode is `SIMPLE` or `MUTUAL`. + CredentialStore *Server_TLSOptions_CredentialStore `protobuf:"bytes,10,opt,name=credential_store,json=credentialStore" json:"credential_store,omitempty"` // REQUIRED if mode is `MUTUAL`. The path to a file containing // certificate authority certificates to use in verifying a presented // client side certificate. @@ -427,12 +430,6 @@ type Server_TLSOptions struct { // Optional: If specified, only support the specified cipher list. // Otherwise default to the default cipher list supported by Envoy. CipherSuites []string `protobuf:"bytes,9,rep,name=cipher_suites,json=cipherSuites" json:"cipher_suites,omitempty"` - // Optional: If specified, the gateway controllers (with SDS enabled) - // use the specified name as the SDS secret config name to call the SDS - // server, to retrieve the key and certificates. Otherwise, the gateway - // controllers (with SDS enabled) use the first value in the hosts as - // the SDS secret config name to call the SDS server. - SdsName string `protobuf:"bytes,10,opt,name=sds_name,json=sdsName,proto3" json:"sds_name,omitempty"` } func (m *Server_TLSOptions) Reset() { *m = Server_TLSOptions{} } @@ -468,6 +465,13 @@ func (m *Server_TLSOptions) GetPrivateKey() string { return "" } +func (m *Server_TLSOptions) GetCredentialStore() *Server_TLSOptions_CredentialStore { + if m != nil { + return m.CredentialStore + } + return nil +} + func (m *Server_TLSOptions) GetCaCertificates() string { if m != nil { return m.CaCertificates @@ -503,13 +507,212 @@ func (m *Server_TLSOptions) GetCipherSuites() []string { return nil } -func (m *Server_TLSOptions) GetSdsName() string { +// The file backend specifies the file system paths where the +// server's public and private keys can be obtained. +type Server_TLSOptions_CredentialStoreFileBackend struct { + // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file + // holding the server-side TLS certificate to use. + ServerCertificate string `protobuf:"bytes,3,opt,name=server_certificate,json=serverCertificate,proto3" json:"server_certificate,omitempty"` + // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file + // holding the server's private key. + PrivateKey string `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` +} + +func (m *Server_TLSOptions_CredentialStoreFileBackend) Reset() { + *m = Server_TLSOptions_CredentialStoreFileBackend{} +} +func (m *Server_TLSOptions_CredentialStoreFileBackend) String() string { + return proto.CompactTextString(m) +} +func (*Server_TLSOptions_CredentialStoreFileBackend) ProtoMessage() {} +func (*Server_TLSOptions_CredentialStoreFileBackend) Descriptor() ([]byte, []int) { + return fileDescriptorGateway, []int{1, 0, 0} +} + +func (m *Server_TLSOptions_CredentialStoreFileBackend) GetServerCertificate() string { + if m != nil { + return m.ServerCertificate + } + return "" +} + +func (m *Server_TLSOptions_CredentialStoreFileBackend) GetPrivateKey() string { + if m != nil { + return m.PrivateKey + } + return "" +} + +// The remote backend provides information about the remote secret +// management server that contains the server's public and private keys. +type Server_TLSOptions_CredentialStoreRemoteBackend struct { + // REQUIRED the name of the resource that the credential server can + // use to identify the certificates associated with the gateway + // server. In kubernetes, this should correspond to the name of the + // secret that contains the server-side TLS certificate and the + // server's private key. Note that the secret should contain both the + // public and private keys associated with the server port. + // + // It is possible to use the same resourceName across several servers + // on different ports, if these servers share the same credentials. + ResourceName string `protobuf:"bytes,1,opt,name=resource_name,json=resourceName,proto3" json:"resource_name,omitempty"` + // The address where the credential store server can be reached. + // If omitted, will default to unix:/var/run/gateway/sds + ServerAddress string `protobuf:"bytes,2,opt,name=server_address,json=serverAddress,proto3" json:"server_address,omitempty"` +} + +func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Reset() { + *m = Server_TLSOptions_CredentialStoreRemoteBackend{} +} +func (m *Server_TLSOptions_CredentialStoreRemoteBackend) String() string { + return proto.CompactTextString(m) +} +func (*Server_TLSOptions_CredentialStoreRemoteBackend) ProtoMessage() {} +func (*Server_TLSOptions_CredentialStoreRemoteBackend) Descriptor() ([]byte, []int) { + return fileDescriptorGateway, []int{1, 0, 1} +} + +func (m *Server_TLSOptions_CredentialStoreRemoteBackend) GetResourceName() string { + if m != nil { + return m.ResourceName + } + return "" +} + +func (m *Server_TLSOptions_CredentialStoreRemoteBackend) GetServerAddress() string { if m != nil { - return m.SdsName + return m.ServerAddress } return "" } +type Server_TLSOptions_CredentialStore struct { + // Types that are valid to be assigned to CredentialStore: + // *Server_TLSOptions_CredentialStore_Files + // *Server_TLSOptions_CredentialStore_Remote + CredentialStore isServer_TLSOptions_CredentialStore_CredentialStore `protobuf_oneof:"credential_store"` +} + +func (m *Server_TLSOptions_CredentialStore) Reset() { *m = Server_TLSOptions_CredentialStore{} } +func (m *Server_TLSOptions_CredentialStore) String() string { return proto.CompactTextString(m) } +func (*Server_TLSOptions_CredentialStore) ProtoMessage() {} +func (*Server_TLSOptions_CredentialStore) Descriptor() ([]byte, []int) { + return fileDescriptorGateway, []int{1, 0, 2} +} + +type isServer_TLSOptions_CredentialStore_CredentialStore interface { + isServer_TLSOptions_CredentialStore_CredentialStore() + MarshalTo([]byte) (int, error) + Size() int +} + +type Server_TLSOptions_CredentialStore_Files struct { + Files *Server_TLSOptions_CredentialStoreFileBackend `protobuf:"bytes,1,opt,name=files,oneof"` +} +type Server_TLSOptions_CredentialStore_Remote struct { + Remote *Server_TLSOptions_CredentialStoreRemoteBackend `protobuf:"bytes,2,opt,name=remote,oneof"` +} + +func (*Server_TLSOptions_CredentialStore_Files) isServer_TLSOptions_CredentialStore_CredentialStore() { +} +func (*Server_TLSOptions_CredentialStore_Remote) isServer_TLSOptions_CredentialStore_CredentialStore() { +} + +func (m *Server_TLSOptions_CredentialStore) GetCredentialStore() isServer_TLSOptions_CredentialStore_CredentialStore { + if m != nil { + return m.CredentialStore + } + return nil +} + +func (m *Server_TLSOptions_CredentialStore) GetFiles() *Server_TLSOptions_CredentialStoreFileBackend { + if x, ok := m.GetCredentialStore().(*Server_TLSOptions_CredentialStore_Files); ok { + return x.Files + } + return nil +} + +func (m *Server_TLSOptions_CredentialStore) GetRemote() *Server_TLSOptions_CredentialStoreRemoteBackend { + if x, ok := m.GetCredentialStore().(*Server_TLSOptions_CredentialStore_Remote); ok { + return x.Remote + } + return nil +} + +// XXX_OneofFuncs is for the internal use of the proto package. +func (*Server_TLSOptions_CredentialStore) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { + return _Server_TLSOptions_CredentialStore_OneofMarshaler, _Server_TLSOptions_CredentialStore_OneofUnmarshaler, _Server_TLSOptions_CredentialStore_OneofSizer, []interface{}{ + (*Server_TLSOptions_CredentialStore_Files)(nil), + (*Server_TLSOptions_CredentialStore_Remote)(nil), + } +} + +func _Server_TLSOptions_CredentialStore_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { + m := msg.(*Server_TLSOptions_CredentialStore) + // credential_store + switch x := m.CredentialStore.(type) { + case *Server_TLSOptions_CredentialStore_Files: + _ = b.EncodeVarint(1<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.Files); err != nil { + return err + } + case *Server_TLSOptions_CredentialStore_Remote: + _ = b.EncodeVarint(2<<3 | proto.WireBytes) + if err := b.EncodeMessage(x.Remote); err != nil { + return err + } + case nil: + default: + return fmt.Errorf("Server_TLSOptions_CredentialStore.CredentialStore has unexpected type %T", x) + } + return nil +} + +func _Server_TLSOptions_CredentialStore_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { + m := msg.(*Server_TLSOptions_CredentialStore) + switch tag { + case 1: // credential_store.files + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(Server_TLSOptions_CredentialStoreFileBackend) + err := b.DecodeMessage(msg) + m.CredentialStore = &Server_TLSOptions_CredentialStore_Files{msg} + return true, err + case 2: // credential_store.remote + if wire != proto.WireBytes { + return true, proto.ErrInternalBadWireType + } + msg := new(Server_TLSOptions_CredentialStoreRemoteBackend) + err := b.DecodeMessage(msg) + m.CredentialStore = &Server_TLSOptions_CredentialStore_Remote{msg} + return true, err + default: + return false, nil + } +} + +func _Server_TLSOptions_CredentialStore_OneofSizer(msg proto.Message) (n int) { + m := msg.(*Server_TLSOptions_CredentialStore) + // credential_store + switch x := m.CredentialStore.(type) { + case *Server_TLSOptions_CredentialStore_Files: + s := proto.Size(x.Files) + n += proto.SizeVarint(1<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case *Server_TLSOptions_CredentialStore_Remote: + s := proto.Size(x.Remote) + n += proto.SizeVarint(2<<3 | proto.WireBytes) + n += proto.SizeVarint(uint64(s)) + n += s + case nil: + default: + panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) + } + return n +} + // Port describes the properties of a specific port of a service. type Port struct { // REQUIRED: A valid non-negative integer port number. @@ -553,6 +756,9 @@ func init() { proto.RegisterType((*Gateway)(nil), "istio.networking.v1alpha3.Gateway") proto.RegisterType((*Server)(nil), "istio.networking.v1alpha3.Server") proto.RegisterType((*Server_TLSOptions)(nil), "istio.networking.v1alpha3.Server.TLSOptions") + proto.RegisterType((*Server_TLSOptions_CredentialStoreFileBackend)(nil), "istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend") + proto.RegisterType((*Server_TLSOptions_CredentialStoreRemoteBackend)(nil), "istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend") + proto.RegisterType((*Server_TLSOptions_CredentialStore)(nil), "istio.networking.v1alpha3.Server.TLSOptions.CredentialStore") proto.RegisterType((*Port)(nil), "istio.networking.v1alpha3.Port") proto.RegisterEnum("istio.networking.v1alpha3.Server_TLSOptions_TLSmode", Server_TLSOptions_TLSmode_name, Server_TLSOptions_TLSmode_value) proto.RegisterEnum("istio.networking.v1alpha3.Server_TLSOptions_TLSProtocol", Server_TLSOptions_TLSProtocol_name, Server_TLSOptions_TLSProtocol_value) @@ -757,15 +963,132 @@ func (m *Server_TLSOptions) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } - if len(m.SdsName) > 0 { + if m.CredentialStore != nil { dAtA[i] = 0x52 i++ - i = encodeVarintGateway(dAtA, i, uint64(len(m.SdsName))) - i += copy(dAtA[i:], m.SdsName) + i = encodeVarintGateway(dAtA, i, uint64(m.CredentialStore.Size())) + n3, err := m.CredentialStore.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n3 + } + return i, nil +} + +func (m *Server_TLSOptions_CredentialStoreFileBackend) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Server_TLSOptions_CredentialStoreFileBackend) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.ServerCertificate) > 0 { + dAtA[i] = 0x1a + i++ + i = encodeVarintGateway(dAtA, i, uint64(len(m.ServerCertificate))) + i += copy(dAtA[i:], m.ServerCertificate) + } + if len(m.PrivateKey) > 0 { + dAtA[i] = 0x22 + i++ + i = encodeVarintGateway(dAtA, i, uint64(len(m.PrivateKey))) + i += copy(dAtA[i:], m.PrivateKey) + } + return i, nil +} + +func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Server_TLSOptions_CredentialStoreRemoteBackend) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.ResourceName) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintGateway(dAtA, i, uint64(len(m.ResourceName))) + i += copy(dAtA[i:], m.ResourceName) + } + if len(m.ServerAddress) > 0 { + dAtA[i] = 0x12 + i++ + i = encodeVarintGateway(dAtA, i, uint64(len(m.ServerAddress))) + i += copy(dAtA[i:], m.ServerAddress) + } + return i, nil +} + +func (m *Server_TLSOptions_CredentialStore) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Server_TLSOptions_CredentialStore) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if m.CredentialStore != nil { + nn4, err := m.CredentialStore.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += nn4 } return i, nil } +func (m *Server_TLSOptions_CredentialStore_Files) MarshalTo(dAtA []byte) (int, error) { + i := 0 + if m.Files != nil { + dAtA[i] = 0xa + i++ + i = encodeVarintGateway(dAtA, i, uint64(m.Files.Size())) + n5, err := m.Files.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n5 + } + return i, nil +} +func (m *Server_TLSOptions_CredentialStore_Remote) MarshalTo(dAtA []byte) (int, error) { + i := 0 + if m.Remote != nil { + dAtA[i] = 0x12 + i++ + i = encodeVarintGateway(dAtA, i, uint64(m.Remote.Size())) + n6, err := m.Remote.MarshalTo(dAtA[i:]) + if err != nil { + return 0, err + } + i += n6 + } + return i, nil +} func (m *Port) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -897,13 +1220,68 @@ func (m *Server_TLSOptions) Size() (n int) { n += 1 + l + sovGateway(uint64(l)) } } - l = len(m.SdsName) + if m.CredentialStore != nil { + l = m.CredentialStore.Size() + n += 1 + l + sovGateway(uint64(l)) + } + return n +} + +func (m *Server_TLSOptions_CredentialStoreFileBackend) Size() (n int) { + var l int + _ = l + l = len(m.ServerCertificate) + if l > 0 { + n += 1 + l + sovGateway(uint64(l)) + } + l = len(m.PrivateKey) + if l > 0 { + n += 1 + l + sovGateway(uint64(l)) + } + return n +} + +func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Size() (n int) { + var l int + _ = l + l = len(m.ResourceName) + if l > 0 { + n += 1 + l + sovGateway(uint64(l)) + } + l = len(m.ServerAddress) if l > 0 { n += 1 + l + sovGateway(uint64(l)) } return n } +func (m *Server_TLSOptions_CredentialStore) Size() (n int) { + var l int + _ = l + if m.CredentialStore != nil { + n += m.CredentialStore.Size() + } + return n +} + +func (m *Server_TLSOptions_CredentialStore_Files) Size() (n int) { + var l int + _ = l + if m.Files != nil { + l = m.Files.Size() + n += 1 + l + sovGateway(uint64(l)) + } + return n +} +func (m *Server_TLSOptions_CredentialStore_Remote) Size() (n int) { + var l int + _ = l + if m.Remote != nil { + l = m.Remote.Size() + n += 1 + l + sovGateway(uint64(l)) + } + return n +} func (m *Port) Size() (n int) { var l int _ = l @@ -1589,9 +1967,9 @@ func (m *Server_TLSOptions) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SdsName", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field CredentialStore", wireType) } - var stringLen uint64 + var msglen int for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGateway @@ -1601,20 +1979,354 @@ func (m *Server_TLSOptions) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift + msglen |= (int(b) & 0x7F) << shift if b < 0x80 { break } } - intStringLen := int(stringLen) - if intStringLen < 0 { + if msglen < 0 { return ErrInvalidLengthGateway } - postIndex := iNdEx + intStringLen + postIndex := iNdEx + msglen if postIndex > l { return io.ErrUnexpectedEOF } - m.SdsName = string(dAtA[iNdEx:postIndex]) + if m.CredentialStore == nil { + m.CredentialStore = &Server_TLSOptions_CredentialStore{} + } + if err := m.CredentialStore.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGateway(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGateway + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Server_TLSOptions_CredentialStoreFileBackend) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGateway + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CredentialStoreFileBackend: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CredentialStoreFileBackend: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerCertificate", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGateway + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGateway + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ServerCertificate = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PrivateKey", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGateway + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGateway + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.PrivateKey = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGateway(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGateway + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGateway + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CredentialStoreRemoteBackend: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CredentialStoreRemoteBackend: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ResourceName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGateway + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGateway + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ResourceName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerAddress", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGateway + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGateway + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ServerAddress = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipGateway(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthGateway + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *Server_TLSOptions_CredentialStore) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGateway + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: CredentialStore: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: CredentialStore: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Files", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGateway + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGateway + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &Server_TLSOptions_CredentialStoreFileBackend{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.CredentialStore = &Server_TLSOptions_CredentialStore_Files{v} + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Remote", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGateway + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthGateway + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + v := &Server_TLSOptions_CredentialStoreRemoteBackend{} + if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + m.CredentialStore = &Server_TLSOptions_CredentialStore_Remote{v} iNdEx = postIndex default: iNdEx = preIndex @@ -1872,48 +2584,57 @@ var ( func init() { proto.RegisterFile("networking/v1alpha3/gateway.proto", fileDescriptorGateway) } var fileDescriptorGateway = []byte{ - // 673 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x54, 0x4d, 0x4f, 0xdb, 0x4c, - 0x10, 0xc6, 0x49, 0xc8, 0xc7, 0x84, 0x10, 0xb3, 0x42, 0xaf, 0x0c, 0x07, 0x3e, 0xf2, 0xea, 0xd5, - 0x4b, 0xab, 0xd6, 0x81, 0xa4, 0x07, 0x54, 0xa4, 0x4a, 0x69, 0x85, 0x48, 0xd5, 0x40, 0x22, 0x3b, - 0xe1, 0xd0, 0x8b, 0xb5, 0x71, 0x16, 0xb2, 0xe0, 0x78, 0xad, 0xdd, 0x4d, 0x20, 0x7f, 0xa9, 0xbf, - 0xa4, 0xc7, 0xf6, 0xd0, 0x7b, 0xc5, 0x2f, 0xa9, 0x76, 0xed, 0x90, 0xf4, 0x8b, 0x0a, 0xf5, 0x36, - 0xf3, 0xcc, 0xcc, 0x33, 0x33, 0xcf, 0xac, 0x0d, 0xbb, 0x21, 0x91, 0x37, 0x8c, 0x5f, 0xd3, 0xf0, - 0xb2, 0x3a, 0x39, 0xc0, 0x41, 0x34, 0xc4, 0xf5, 0xea, 0x25, 0x96, 0xe4, 0x06, 0x4f, 0xed, 0x88, - 0x33, 0xc9, 0xd0, 0x06, 0x15, 0x92, 0x32, 0x7b, 0x9e, 0x68, 0xcf, 0x12, 0x2b, 0x9f, 0x0d, 0xc8, - 0x9d, 0xc4, 0xc9, 0xe8, 0x08, 0x72, 0x82, 0xf0, 0x09, 0xe1, 0xc2, 0x32, 0x76, 0xd2, 0x7b, 0xc5, - 0xda, 0xae, 0xfd, 0xdb, 0x42, 0xdb, 0xd5, 0x99, 0xce, 0xac, 0x02, 0xb5, 0x20, 0x2f, 0x48, 0x40, - 0x7c, 0xc9, 0xb8, 0x95, 0xd2, 0xd5, 0xfb, 0x0f, 0x54, 0x27, 0x2d, 0x6d, 0x37, 0x29, 0x39, 0x0e, - 0x25, 0x9f, 0x3a, 0xf7, 0x0c, 0x9b, 0x47, 0x50, 0xfa, 0x2e, 0x84, 0x4c, 0x48, 0x5f, 0x93, 0xa9, - 0x65, 0xec, 0x18, 0x7b, 0x05, 0x47, 0x99, 0x68, 0x1d, 0x96, 0x27, 0x38, 0x18, 0x13, 0x2b, 0xa5, - 0xb1, 0xd8, 0x79, 0x99, 0x3a, 0x34, 0x2a, 0x1f, 0x72, 0x90, 0x8d, 0xc7, 0x43, 0x75, 0xc8, 0x44, - 0x8c, 0x4b, 0x5d, 0x57, 0xac, 0x6d, 0x3f, 0x30, 0x51, 0x87, 0x71, 0xe9, 0xe8, 0x64, 0xc5, 0x3c, - 0x64, 0x42, 0x0a, 0xbd, 0x47, 0xc1, 0x89, 0x1d, 0xf4, 0x0a, 0xd2, 0x32, 0x10, 0x56, 0x5a, 0x33, - 0x3d, 0xfb, 0xa3, 0x32, 0x76, 0xb7, 0xe5, 0xb6, 0x23, 0x49, 0x59, 0x28, 0x1c, 0x55, 0x88, 0x10, - 0x64, 0xfa, 0x34, 0x1c, 0x58, 0x19, 0x3d, 0xae, 0xb6, 0xd1, 0x13, 0x30, 0x07, 0xe4, 0x02, 0x8f, - 0x03, 0xe9, 0x91, 0x70, 0x10, 0x31, 0x1a, 0x4a, 0x6b, 0x59, 0xc7, 0xcb, 0x09, 0x7e, 0x9c, 0xc0, - 0x9b, 0x5f, 0x96, 0x01, 0xe6, 0x94, 0xe8, 0x3f, 0x58, 0x1d, 0x4a, 0x19, 0x09, 0x8f, 0x93, 0x01, - 0xe5, 0xc4, 0x8f, 0x57, 0xcc, 0x3b, 0x25, 0x8d, 0x3a, 0x09, 0x88, 0x9a, 0x90, 0x19, 0xb1, 0x41, - 0xac, 0xd1, 0x6a, 0xed, 0xc5, 0x63, 0xa6, 0x56, 0xa6, 0xaa, 0x75, 0x34, 0x03, 0x7a, 0x0e, 0x28, - 0x3e, 0xb5, 0xe7, 0x13, 0x2e, 0xe9, 0x05, 0xf5, 0xb1, 0x24, 0x5a, 0x8d, 0x82, 0xb3, 0x16, 0x47, - 0xde, 0xcc, 0x03, 0x68, 0x1b, 0x8a, 0x11, 0xa7, 0x13, 0x2c, 0x89, 0xa7, 0xee, 0x16, 0x2f, 0x0d, - 0x09, 0xf4, 0x8e, 0x4c, 0xd1, 0xff, 0x50, 0xf6, 0xf1, 0x22, 0x97, 0x48, 0x36, 0x5f, 0xf5, 0xf1, - 0x02, 0x91, 0x40, 0x4f, 0x61, 0x4d, 0x8c, 0xfb, 0x57, 0xc4, 0x97, 0x1e, 0x0e, 0xa4, 0x17, 0xe2, - 0x11, 0x11, 0x56, 0x56, 0x5f, 0xa6, 0x9c, 0x04, 0x1a, 0x81, 0x3c, 0x53, 0x30, 0xba, 0x82, 0xf5, - 0x11, 0x0d, 0x3d, 0xfd, 0xea, 0x7d, 0x16, 0x78, 0xea, 0x65, 0x52, 0x16, 0x5a, 0x39, 0xbd, 0xfe, - 0xe1, 0x63, 0xd7, 0xef, 0x24, 0x3c, 0x0e, 0x1a, 0xd1, 0x70, 0xe6, 0x9c, 0xc7, 0x9c, 0xba, 0x17, - 0xbe, 0xfd, 0xb9, 0x57, 0xfe, 0xaf, 0x7b, 0xe1, 0xdb, 0x1f, 0x7b, 0xfd, 0x0b, 0x25, 0x9f, 0x46, - 0x43, 0xc2, 0x3d, 0x31, 0xa6, 0x4a, 0xaa, 0x82, 0xde, 0x7f, 0x25, 0x06, 0x5d, 0x8d, 0xa1, 0x0d, - 0xc8, 0x8b, 0x81, 0xd0, 0x02, 0x59, 0xa0, 0xa5, 0xcc, 0x89, 0x81, 0x50, 0xc2, 0x54, 0x9a, 0x90, - 0x4b, 0xae, 0x89, 0xca, 0x50, 0xec, 0x34, 0x5c, 0xb7, 0xdb, 0x74, 0xda, 0xbd, 0x93, 0xa6, 0xb9, - 0x84, 0x00, 0xb2, 0xee, 0xdb, 0xd3, 0x4e, 0xeb, 0xd8, 0x34, 0x94, 0x7d, 0xda, 0xeb, 0xf6, 0x1a, - 0x2d, 0x33, 0x85, 0xd6, 0xc1, 0x6c, 0xf4, 0xba, 0x6d, 0x6f, 0x31, 0x3b, 0x5d, 0x69, 0x43, 0x71, - 0x61, 0x58, 0xb4, 0x02, 0xf9, 0x6e, 0xcb, 0xf5, 0x54, 0xa2, 0xb9, 0x84, 0x8a, 0xba, 0xcd, 0xf9, - 0x81, 0xb7, 0x6f, 0x1a, 0x73, 0xe7, 0xc0, 0x4c, 0xcd, 0x9d, 0x9a, 0x99, 0x9e, 0x3b, 0x75, 0x33, - 0x53, 0x39, 0x83, 0x8c, 0xfa, 0xf4, 0xd0, 0x3f, 0x90, 0x0d, 0xc7, 0xa3, 0x3e, 0xe1, 0xfa, 0x21, - 0x97, 0x9c, 0xc4, 0x43, 0x9b, 0x90, 0x9f, 0x49, 0x9c, 0x7c, 0xe9, 0xf7, 0xbe, 0xfa, 0xa4, 0xf4, - 0xb6, 0xf1, 0x2b, 0xd4, 0xf6, 0x6b, 0xfb, 0xe3, 0xdd, 0x96, 0xf1, 0xe9, 0x6e, 0xcb, 0xf8, 0x7a, - 0xb7, 0x65, 0xbc, 0xdf, 0x89, 0xaf, 0x40, 0x59, 0x15, 0x47, 0xb4, 0xfa, 0x8b, 0x3f, 0x65, 0x3f, - 0xab, 0xd9, 0xea, 0xdf, 0x02, 0x00, 0x00, 0xff, 0xff, 0x20, 0x65, 0xa6, 0x2f, 0x47, 0x05, 0x00, - 0x00, + // 819 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0x5d, 0x6f, 0xdb, 0x36, + 0x14, 0x8d, 0x6c, 0xc7, 0xb1, 0xaf, 0xe2, 0x58, 0x25, 0x82, 0x41, 0x33, 0x86, 0x34, 0x75, 0x30, + 0xac, 0x1b, 0x36, 0xa5, 0x71, 0xf6, 0x50, 0xac, 0xc3, 0x00, 0xa7, 0xc8, 0xe2, 0x62, 0x6e, 0x13, + 0x50, 0x4e, 0x1f, 0xf6, 0x22, 0x30, 0x12, 0x93, 0x30, 0x91, 0x45, 0x81, 0xa4, 0xdd, 0xfa, 0x1f, + 0xf6, 0x71, 0xfb, 0x07, 0x43, 0x5e, 0xf7, 0xb8, 0x3f, 0x30, 0x90, 0xa2, 0x3f, 0xea, 0xa6, 0x29, + 0x82, 0xbc, 0xf1, 0x1e, 0xde, 0x7b, 0xee, 0xe5, 0xe1, 0x11, 0x05, 0x4f, 0x32, 0xaa, 0xde, 0x71, + 0x71, 0xcd, 0xb2, 0x8b, 0xdd, 0xf1, 0x1e, 0x49, 0xf3, 0x4b, 0xb2, 0xbf, 0x7b, 0x41, 0x14, 0x7d, + 0x47, 0x26, 0x41, 0x2e, 0xb8, 0xe2, 0xe8, 0x6b, 0x26, 0x15, 0xe3, 0xc1, 0x3c, 0x31, 0x98, 0x26, + 0xb6, 0xff, 0x76, 0x60, 0xed, 0xa8, 0x48, 0x46, 0x2f, 0x60, 0x4d, 0x52, 0x31, 0xa6, 0x42, 0xfa, + 0xce, 0x76, 0xf9, 0xa9, 0xdb, 0x79, 0x12, 0x7c, 0xb6, 0x30, 0x08, 0x4d, 0x26, 0x9e, 0x56, 0xa0, + 0x3e, 0xd4, 0x24, 0x4d, 0x69, 0xac, 0xb8, 0xf0, 0x4b, 0xa6, 0xfa, 0xd9, 0x1d, 0xd5, 0xb6, 0x65, + 0x10, 0xda, 0x92, 0xc3, 0x4c, 0x89, 0x09, 0x9e, 0x31, 0xb4, 0x5e, 0x40, 0xe3, 0xa3, 0x2d, 0xe4, + 0x41, 0xf9, 0x9a, 0x4e, 0x7c, 0x67, 0xdb, 0x79, 0x5a, 0xc7, 0x7a, 0x89, 0x36, 0x61, 0x75, 0x4c, + 0xd2, 0x11, 0xf5, 0x4b, 0x06, 0x2b, 0x82, 0x5f, 0x4a, 0xcf, 0x9d, 0xf6, 0x07, 0x17, 0xaa, 0xc5, + 0x78, 0x68, 0x1f, 0x2a, 0x39, 0x17, 0xca, 0xd4, 0xb9, 0x9d, 0xc7, 0x77, 0x4c, 0x74, 0xc2, 0x85, + 0xc2, 0x26, 0x59, 0x33, 0x5f, 0x72, 0xa9, 0xa4, 0x39, 0x47, 0x1d, 0x17, 0x01, 0xfa, 0x0d, 0xca, + 0x2a, 0x95, 0x7e, 0xd9, 0x30, 0xfd, 0xf8, 0x45, 0x65, 0x82, 0x41, 0x3f, 0x3c, 0xce, 0x15, 0xe3, + 0x99, 0xc4, 0xba, 0x10, 0x21, 0xa8, 0x9c, 0xb1, 0x2c, 0xf1, 0x2b, 0x66, 0x5c, 0xb3, 0x46, 0xdf, + 0x83, 0x97, 0xd0, 0x73, 0x32, 0x4a, 0x55, 0x44, 0xb3, 0x24, 0xe7, 0x2c, 0x53, 0xfe, 0xaa, 0xd9, + 0x6f, 0x5a, 0xfc, 0xd0, 0xc2, 0xad, 0xff, 0xea, 0x00, 0x73, 0x4a, 0xf4, 0x2d, 0x6c, 0x5c, 0x2a, + 0x95, 0xcb, 0x48, 0xd0, 0x84, 0x09, 0x1a, 0x17, 0x47, 0xac, 0xe1, 0x86, 0x41, 0xb1, 0x05, 0x51, + 0x0f, 0x2a, 0x43, 0x9e, 0x14, 0x1a, 0x6d, 0x74, 0x7e, 0xbe, 0xcf, 0xd4, 0x7a, 0xa9, 0x6b, 0xb1, + 0x61, 0x40, 0x7b, 0x80, 0x8a, 0xab, 0x8e, 0x62, 0x2a, 0x14, 0x3b, 0x67, 0x31, 0x51, 0xd4, 0xa8, + 0x51, 0x3f, 0x28, 0xf9, 0x0e, 0x7e, 0x54, 0xec, 0xbe, 0x9c, 0x6f, 0xa2, 0x1d, 0x70, 0x73, 0xc1, + 0xc6, 0x44, 0xd1, 0x48, 0xdf, 0x5d, 0x65, 0x96, 0x0b, 0x16, 0xfe, 0x83, 0x4e, 0xd0, 0x77, 0xd0, + 0x8c, 0xc9, 0x22, 0xa7, 0xb4, 0x0a, 0x6c, 0xc4, 0x64, 0x81, 0x4c, 0xa2, 0x1f, 0xe0, 0x91, 0x1c, + 0x9d, 0x5d, 0xd1, 0x58, 0x45, 0x24, 0x55, 0x51, 0x46, 0x86, 0x54, 0xfa, 0x55, 0x73, 0x43, 0x4d, + 0xbb, 0xd1, 0x4d, 0xd5, 0x1b, 0x0d, 0xa3, 0x2b, 0xd8, 0x1c, 0xb2, 0x2c, 0x32, 0xee, 0x8f, 0x79, + 0x1a, 0x69, 0x87, 0x32, 0x9e, 0xf9, 0x6b, 0x46, 0x86, 0xe7, 0xf7, 0x95, 0xe1, 0xc4, 0xf2, 0x60, + 0x34, 0x64, 0xd9, 0x34, 0x78, 0x5b, 0x70, 0x9a, 0x5e, 0xe4, 0xfd, 0xa7, 0xbd, 0x6a, 0x0f, 0xee, + 0x45, 0xde, 0x2f, 0xf7, 0xda, 0x81, 0x46, 0xcc, 0xf2, 0x4b, 0x2a, 0x22, 0x39, 0x62, 0x5a, 0xaa, + 0xba, 0x39, 0xff, 0x7a, 0x01, 0x86, 0x06, 0x43, 0x17, 0xe0, 0xc5, 0x82, 0x26, 0x34, 0x53, 0x8c, + 0xa4, 0x91, 0x54, 0x5c, 0x50, 0x1f, 0x8c, 0x6b, 0x7f, 0xbd, 0xd7, 0x30, 0x2f, 0x67, 0x24, 0xa1, + 0xe6, 0xc0, 0xcd, 0xf8, 0x63, 0xa0, 0x95, 0x42, 0x6b, 0x29, 0xe7, 0x77, 0x96, 0xd2, 0x03, 0x12, + 0x5f, 0xd3, 0x2c, 0x41, 0x3f, 0x7d, 0xde, 0x30, 0xb7, 0x99, 0xe5, 0xf1, 0x2d, 0x66, 0x59, 0x34, + 0x4a, 0xeb, 0x0a, 0xbe, 0x59, 0x9e, 0x88, 0x0e, 0xb9, 0x9a, 0xf5, 0xdb, 0x81, 0x86, 0xa0, 0x92, + 0x8f, 0x44, 0x4c, 0x8d, 0x39, 0xec, 0x5b, 0xb1, 0x3e, 0x05, 0xb5, 0x33, 0xf4, 0x67, 0x63, 0x87, + 0x22, 0x49, 0x22, 0xa8, 0x94, 0xf6, 0xf5, 0x68, 0x14, 0x68, 0xb7, 0x00, 0x5b, 0xff, 0x3a, 0xd0, + 0x5c, 0x6a, 0x86, 0x22, 0x58, 0x3d, 0x67, 0x29, 0x95, 0xf6, 0x2d, 0x39, 0x7a, 0x88, 0x96, 0x0b, + 0x3a, 0xf5, 0x56, 0x70, 0xc1, 0x8b, 0x62, 0xa8, 0x0a, 0x73, 0x22, 0x33, 0x93, 0xdb, 0x79, 0xf5, + 0xa0, 0xdb, 0x5a, 0xd4, 0xa6, 0xb7, 0x82, 0x2d, 0xf5, 0x01, 0xfa, 0xd4, 0x1c, 0xed, 0x1e, 0xac, + 0xd9, 0x6f, 0x1d, 0x35, 0xc1, 0x3d, 0xe9, 0x86, 0xe1, 0xa0, 0x87, 0x8f, 0x4f, 0x8f, 0x7a, 0xde, + 0x0a, 0x02, 0xa8, 0x86, 0xaf, 0x5e, 0x9f, 0xf4, 0x0f, 0x3d, 0x47, 0xaf, 0x5f, 0x9f, 0x0e, 0x4e, + 0xbb, 0x7d, 0xaf, 0x84, 0x36, 0xc1, 0xeb, 0x9e, 0x0e, 0x8e, 0xa3, 0xc5, 0xec, 0x72, 0xfb, 0x18, + 0xdc, 0x05, 0x0b, 0xa3, 0x75, 0xa8, 0x0d, 0xfa, 0x61, 0xa4, 0x13, 0xbd, 0x15, 0xe4, 0x9a, 0x36, + 0x6f, 0xf7, 0xa2, 0x67, 0x9e, 0x33, 0x0f, 0xf6, 0xbc, 0xd2, 0x3c, 0xe8, 0x78, 0xe5, 0x79, 0xb0, + 0xef, 0x55, 0xda, 0x6f, 0xa0, 0xa2, 0x1f, 0x66, 0xf4, 0x15, 0x54, 0xb3, 0xd1, 0xf0, 0x8c, 0x0a, + 0xa3, 0x7e, 0x03, 0xdb, 0x08, 0xb5, 0xa0, 0x36, 0xfd, 0xf0, 0xec, 0x4d, 0xce, 0x62, 0xfd, 0xe0, + 0x1a, 0x1f, 0x14, 0x96, 0x33, 0xeb, 0x83, 0xe0, 0xc3, 0xcd, 0x96, 0xf3, 0xd7, 0xcd, 0x96, 0xf3, + 0xcf, 0xcd, 0x96, 0xf3, 0xe7, 0x76, 0x21, 0x30, 0xe3, 0xbb, 0x24, 0x67, 0xbb, 0xb7, 0xfc, 0x47, + 0xcf, 0xaa, 0x86, 0x6d, 0xff, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0x35, 0xd5, 0xf3, 0x8a, 0x65, + 0x07, 0x00, 0x00, } diff --git a/networking/v1alpha3/gateway.proto b/networking/v1alpha3/gateway.proto index ad9f22791b..cdc0334ace 100644 --- a/networking/v1alpha3/gateway.proto +++ b/networking/v1alpha3/gateway.proto @@ -291,13 +291,55 @@ message Server { // enforced. TLSmode mode = 2; + // The file backend specifies the file system paths where the + // server's public and private keys can be obtained. + message CredentialStoreFileBackend { + // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file + // holding the server-side TLS certificate to use. + string server_certificate = 3; + + // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file + // holding the server's private key. + string private_key = 4; + }; + + // The remote backend provides information about the remote secret + // management server that contains the server's public and private keys. + message CredentialStoreRemoteBackend { + // REQUIRED the name of the resource that the credential server can + // use to identify the certificates associated with the gateway + // server. In kubernetes, this should correspond to the name of the + // secret that contains the server-side TLS certificate and the + // server's private key. Note that the secret should contain both the + // public and private keys associated with the server port. + // + // It is possible to use the same resourceName across several servers + // on different ports, if these servers share the same credentials. + string resource_name = 1; + + // The address where the credential store server can be reached. + // If omitted, will default to unix:/var/run/gateway/sds + string server_address = 2; + }; + // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file // holding the server-side TLS certificate to use. - string server_certificate = 3; + // Deprecated. Use + string server_certificate = 3 [deprecated=true]; // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file // holding the server's private key. - string private_key = 4; + string private_key = 4 [deprecated=true]; + + message CredentialStore { + oneof credential_store { + CredentialStoreFileBackend files = 1; + CredentialStoreRemoteBackend remote = 2; + } + } + + // REQUIRED if the mode is `SIMPLE` or `MUTUAL`. + CredentialStore credential_store = 10; // REQUIRED if mode is `MUTUAL`. The path to a file containing // certificate authority certificates to use in verifying a presented @@ -335,13 +377,6 @@ message Server { // Optional: If specified, only support the specified cipher list. // Otherwise default to the default cipher list supported by Envoy. repeated string cipher_suites = 9; - - // Optional: If specified, the gateway controllers (with SDS enabled) - // use the specified name as the SDS secret config name to call the SDS - // server, to retrieve the key and certificates. Otherwise, the gateway - // controllers (with SDS enabled) use the first value in the hosts as - // the SDS secret config name to call the SDS server. - string sds_name = 10; } // Set of TLS related options that govern the server's behavior. Use diff --git a/networking/v1alpha3/istio.networking.v1alpha3.pb.html b/networking/v1alpha3/istio.networking.v1alpha3.pb.html index d4b3616627..aff9a57773 100644 --- a/networking/v1alpha3/istio.networking.v1alpha3.pb.html +++ b/networking/v1alpha3/istio.networking.v1alpha3.pb.html @@ -6,7 +6,7 @@ generator: protoc-gen-docs aliases: - /docs/reference/config/istio.routing.v1alpha1/ -number_of_entries: 60 +number_of_entries: 63 ---

Configuration affecting traffic routing. Here are a few terms useful to define in the context of traffic routing.

@@ -2928,22 +2928,31 @@

Server.TLSOptions

- + - + + + + + + @@ -2990,15 +2999,106 @@

Server.TLSOptions

 - - + +
NameDescription
PUBLIC -

Config with this scope are visible to all workloads in the mesh

- -
PRIVATE -

Configs with this scope are visible to only workloads in the same -namespace as the configuration resource.

-
configScopeConfigScope -

The visibility setting associated with this DestinationRule. Set to -PRIVATE if this destination rule should not be exported, i.e. restrict -the applicability of this destination rule to only workloads in the same -namespace as the destination rule.

-

One or more endpoints associated with the service.

-
configScopeConfigScope -

The visibility setting associated with this service entry. Set to -PRIVATE if this service should not be visible outside the namespace -where the service entry was added. The default scope is public, -i.e. the service added by the service entry will be visible to -workloads in the entire mesh.

-
configScopeConfigScope -

The visibility setting associated with this VirtualService. Set to -PRIVATE if this virtual service should not be exported, i.e. restrict -the applicability of this virtual service to only workloads in the same -namespace as the virtual service.

-
serverCertificate string

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file -holding the server-side TLS certificate to use.

+holding the server-side TLS certificate to use. +Deprecated. Use
privateKey string

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file holding the server’s private key.

+
credentialStoreServer.TLSOptions.CredentialStore +

REQUIRED if the mode is SIMPLE or MUTUAL.

+
sdsName
+
+

Server.TLSOptions.CredentialStore

+
+ + + + + + + + + + + + + + + + + + + + +
FieldTypeDescription
filesServer.TLSOptions.CredentialStoreFileBackend (oneof) +
remoteServer.TLSOptions.CredentialStoreRemoteBackend (oneof) +
+
+

Server.TLSOptions.CredentialStoreFileBackend

+
+

The file backend specifies the file system paths where the +server’s public and private keys can be obtained.

+ + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescription
serverCertificatestring +

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file +holding the server-side TLS certificate to use.

+ +
privateKeystring +

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file +holding the server’s private key.

+ +
+
+

Server.TLSOptions.CredentialStoreRemoteBackend

+
+

The remote backend provides information about the remote secret +management server that contains the server’s public and private keys.

+ + + + + + + + + + + + + + + + + diff --git a/proto.lock b/proto.lock index c0b4dd150f..f0cb8b6af0 100644 --- a/proto.lock +++ b/proto.lock @@ -3300,6 +3300,11 @@ "name": "private_key", "type": "string" }, + { + "id": 10, + "name": "credential_store", + "type": "CredentialStore" + }, { "id": 5, "name": "ca_certificates", @@ -3326,11 +3331,53 @@ "name": "cipher_suites", "type": "string", "is_repeated": true + } + ], + "messages": [ + { + "name": "CredentialStoreFileBackend", + "fields": [ + { + "id": 3, + "name": "server_certificate", + "type": "string" + }, + { + "id": 4, + "name": "private_key", + "type": "string" + } + ] }, { - "id": 10, - "name": "sds_name", - "type": "string" + "name": "CredentialStoreRemoteBackend", + "fields": [ + { + "id": 1, + "name": "resource_name", + "type": "string" + }, + { + "id": 2, + "name": "server_address", + "type": "string" + } + ] + }, + { + "name": "CredentialStore", + "fields": [ + { + "id": 1, + "name": "files", + "type": "CredentialStoreFileBackend" + }, + { + "id": 2, + "name": "remote", + "type": "CredentialStoreRemoteBackend" + } + ] } ] } diff --git a/python/istio_api/networking/v1alpha3/gateway_pb2.py b/python/istio_api/networking/v1alpha3/gateway_pb2.py index 77c9a04a9d..6be5efb3a0 100644 --- a/python/istio_api/networking/v1alpha3/gateway_pb2.py +++ b/python/istio_api/networking/v1alpha3/gateway_pb2.py @@ -19,7 +19,7 @@ name='networking/v1alpha3/gateway.proto', package='istio.networking.v1alpha3', syntax='proto3', - serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xed\x05\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x04 \x01(\t\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x05 \x01(\t\x1a\xc1\x04\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\x12\x10\n\x08sds_name\x18\n \x01(\t\"H\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x14\n\x10\x41UTO_PASSTHROUGH\x10\x03\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSV1_0\x10\x01\x12\x0b\n\x07TLSV1_1\x10\x02\x12\x0b\n\x07TLSV1_2\x10\x03\x12\x0b\n\x07TLSV1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3') + serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xb8\t\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x04 \x01(\t\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x05 \x01(\t\x1a\x8c\x08\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1e\n\x12server_certificate\x18\x03 \x01(\tB\x02\x18\x01\x12\x17\n\x0bprivate_key\x18\x04 \x01(\tB\x02\x18\x01\x12V\n\x10\x63redential_store\x18\n \x01(\x0b\x32<.istio.networking.v1alpha3.Server.TLSOptions.CredentialStore\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\x1aM\n\x1a\x43redentialStoreFileBackend\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x1aM\n\x1c\x43redentialStoreRemoteBackend\x12\x15\n\rresource_name\x18\x01 \x01(\t\x12\x16\n\x0eserver_address\x18\x02 \x01(\t\x1a\xdc\x01\n\x0f\x43redentialStore\x12X\n\x05\x66iles\x18\x01 \x01(\x0b\x32G.istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackendH\x00\x12[\n\x06remote\x18\x02 \x01(\x0b\x32I.istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackendH\x00\x42\x12\n\x10\x63redential_store\"H\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x14\n\x10\x41UTO_PASSTHROUGH\x10\x03\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSV1_0\x10\x01\x12\x0b\n\x07TLSV1_1\x10\x02\x12\x0b\n\x07TLSV1_2\x10\x03\x12\x0b\n\x07TLSV1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3') ) @@ -49,8 +49,8 @@ ], containing_type=None, options=None, - serialized_start=842, - serialized_end=914, + serialized_start=1301, + serialized_end=1373, ) _sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSMODE) @@ -83,8 +83,8 @@ ], containing_type=None, options=None, - serialized_start=916, - serialized_end=995, + serialized_start=1375, + serialized_end=1454, ) _sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSPROTOCOL) @@ -164,6 +164,120 @@ ) +_SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND = _descriptor.Descriptor( + name='CredentialStoreFileBackend', + full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='server_certificate', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend.server_certificate', index=0, + number=3, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='private_key', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend.private_key', index=1, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=920, + serialized_end=997, +) + +_SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND = _descriptor.Descriptor( + name='CredentialStoreRemoteBackend', + full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='resource_name', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend.resource_name', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='server_address', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend.server_address', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=999, + serialized_end=1076, +) + +_SERVER_TLSOPTIONS_CREDENTIALSTORE = _descriptor.Descriptor( + name='CredentialStore', + full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='files', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore.files', index=0, + number=1, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='remote', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore.remote', index=1, + number=2, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=None, + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + _descriptor.OneofDescriptor( + name='credential_store', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore.credential_store', + index=0, containing_type=None, fields=[]), + ], + serialized_start=1079, + serialized_end=1299, +) + _SERVER_TLSOPTIONS = _descriptor.Descriptor( name='TLSOptions', full_name='istio.networking.v1alpha3.Server.TLSOptions', @@ -191,60 +305,60 @@ has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, - options=None, file=DESCRIPTOR), + options=_descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')), file=DESCRIPTOR), _descriptor.FieldDescriptor( name='private_key', full_name='istio.networking.v1alpha3.Server.TLSOptions.private_key', index=3, number=4, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, + options=_descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')), file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='credential_store', full_name='istio.networking.v1alpha3.Server.TLSOptions.credential_store', index=4, + number=10, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='ca_certificates', full_name='istio.networking.v1alpha3.Server.TLSOptions.ca_certificates', index=4, + name='ca_certificates', full_name='istio.networking.v1alpha3.Server.TLSOptions.ca_certificates', index=5, number=5, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='subject_alt_names', full_name='istio.networking.v1alpha3.Server.TLSOptions.subject_alt_names', index=5, + name='subject_alt_names', full_name='istio.networking.v1alpha3.Server.TLSOptions.subject_alt_names', index=6, number=6, type=9, cpp_type=9, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='min_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.min_protocol_version', index=6, + name='min_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.min_protocol_version', index=7, number=7, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='max_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.max_protocol_version', index=7, + name='max_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.max_protocol_version', index=8, number=8, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='cipher_suites', full_name='istio.networking.v1alpha3.Server.TLSOptions.cipher_suites', index=8, + name='cipher_suites', full_name='istio.networking.v1alpha3.Server.TLSOptions.cipher_suites', index=9, number=9, type=9, cpp_type=9, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), - _descriptor.FieldDescriptor( - name='sds_name', full_name='istio.networking.v1alpha3.Server.TLSOptions.sds_name', index=9, - number=10, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None, file=DESCRIPTOR), ], extensions=[ ], - nested_types=[], + nested_types=[_SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND, _SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND, _SERVER_TLSOPTIONS_CREDENTIALSTORE, ], enum_types=[ _SERVER_TLSOPTIONS_TLSMODE, _SERVER_TLSOPTIONS_TLSPROTOCOL, @@ -256,7 +370,7 @@ oneofs=[ ], serialized_start=418, - serialized_end=995, + serialized_end=1454, ) _SERVER = _descriptor.Descriptor( @@ -314,7 +428,7 @@ oneofs=[ ], serialized_start=246, - serialized_end=995, + serialized_end=1454, ) @@ -358,14 +472,26 @@ extension_ranges=[], oneofs=[ ], - serialized_start=997, - serialized_end=1051, + serialized_start=1456, + serialized_end=1510, ) _GATEWAY_SELECTORENTRY.containing_type = _GATEWAY _GATEWAY.fields_by_name['servers'].message_type = _SERVER _GATEWAY.fields_by_name['selector'].message_type = _GATEWAY_SELECTORENTRY +_SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND.containing_type = _SERVER_TLSOPTIONS +_SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND.containing_type = _SERVER_TLSOPTIONS +_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['files'].message_type = _SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND +_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['remote'].message_type = _SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND +_SERVER_TLSOPTIONS_CREDENTIALSTORE.containing_type = _SERVER_TLSOPTIONS +_SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store'].fields.append( + _SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['files']) +_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['files'].containing_oneof = _SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store'] +_SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store'].fields.append( + _SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['remote']) +_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['remote'].containing_oneof = _SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store'] _SERVER_TLSOPTIONS.fields_by_name['mode'].enum_type = _SERVER_TLSOPTIONS_TLSMODE +_SERVER_TLSOPTIONS.fields_by_name['credential_store'].message_type = _SERVER_TLSOPTIONS_CREDENTIALSTORE _SERVER_TLSOPTIONS.fields_by_name['min_protocol_version'].enum_type = _SERVER_TLSOPTIONS_TLSPROTOCOL _SERVER_TLSOPTIONS.fields_by_name['max_protocol_version'].enum_type = _SERVER_TLSOPTIONS_TLSPROTOCOL _SERVER_TLSOPTIONS.containing_type = _SERVER @@ -396,6 +522,27 @@ Server = _reflection.GeneratedProtocolMessageType('Server', (_message.Message,), dict( TLSOptions = _reflection.GeneratedProtocolMessageType('TLSOptions', (_message.Message,), dict( + + CredentialStoreFileBackend = _reflection.GeneratedProtocolMessageType('CredentialStoreFileBackend', (_message.Message,), dict( + DESCRIPTOR = _SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND, + __module__ = 'networking.v1alpha3.gateway_pb2' + # @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend) + )) + , + + CredentialStoreRemoteBackend = _reflection.GeneratedProtocolMessageType('CredentialStoreRemoteBackend', (_message.Message,), dict( + DESCRIPTOR = _SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND, + __module__ = 'networking.v1alpha3.gateway_pb2' + # @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend) + )) + , + + CredentialStore = _reflection.GeneratedProtocolMessageType('CredentialStore', (_message.Message,), dict( + DESCRIPTOR = _SERVER_TLSOPTIONS_CREDENTIALSTORE, + __module__ = 'networking.v1alpha3.gateway_pb2' + # @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions.CredentialStore) + )) + , DESCRIPTOR = _SERVER_TLSOPTIONS, __module__ = 'networking.v1alpha3.gateway_pb2' # @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions) @@ -407,6 +554,9 @@ )) _sym_db.RegisterMessage(Server) _sym_db.RegisterMessage(Server.TLSOptions) +_sym_db.RegisterMessage(Server.TLSOptions.CredentialStoreFileBackend) +_sym_db.RegisterMessage(Server.TLSOptions.CredentialStoreRemoteBackend) +_sym_db.RegisterMessage(Server.TLSOptions.CredentialStore) Port = _reflection.GeneratedProtocolMessageType('Port', (_message.Message,), dict( DESCRIPTOR = _PORT, @@ -420,4 +570,8 @@ DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('Z istio.io/api/networking/v1alpha3')) _GATEWAY_SELECTORENTRY.has_options = True _GATEWAY_SELECTORENTRY._options = _descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')) +_SERVER_TLSOPTIONS.fields_by_name['server_certificate'].has_options = True +_SERVER_TLSOPTIONS.fields_by_name['server_certificate']._options = _descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')) +_SERVER_TLSOPTIONS.fields_by_name['private_key'].has_options = True +_SERVER_TLSOPTIONS.fields_by_name['private_key']._options = _descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')) # @@protoc_insertion_point(module_scope) From 5c6aec28ebf756d66e3b6c44208c79d194ce8cdb Mon Sep 17 00:00:00 2001 From: Shriram Rajagopalan Date: Tue, 29 Jan 2019 19:40:38 -0500 Subject: [PATCH 03/15] Revert "Enabling SDS in the gateway (#778)" (#779) This reverts commit 3c7e31a64853dade01bfd5019bfa0f983a073db4. --- networking/v1alpha3/gateway.pb.go | 847 ++---------------- networking/v1alpha3/gateway.proto | 53 +- .../istio.networking.v1alpha3.pb.html | 122 +-- proto.lock | 53 +- .../networking/v1alpha3/gateway_pb2.py | 200 +---- 5 files changed, 109 insertions(+), 1166 deletions(-) diff --git a/networking/v1alpha3/gateway.pb.go b/networking/v1alpha3/gateway.pb.go index 10483edacd..3eeb4ff276 100644 --- a/networking/v1alpha3/gateway.pb.go +++ b/networking/v1alpha3/gateway.pb.go @@ -409,13 +409,10 @@ type Server_TLSOptions struct { Mode Server_TLSOptions_TLSmode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.networking.v1alpha3.Server_TLSOptions_TLSmode" json:"mode,omitempty"` // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file // holding the server-side TLS certificate to use. - // Deprecated. Use ServerCertificate string `protobuf:"bytes,3,opt,name=server_certificate,json=serverCertificate,proto3" json:"server_certificate,omitempty"` // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file // holding the server's private key. PrivateKey string `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` - // REQUIRED if the mode is `SIMPLE` or `MUTUAL`. - CredentialStore *Server_TLSOptions_CredentialStore `protobuf:"bytes,10,opt,name=credential_store,json=credentialStore" json:"credential_store,omitempty"` // REQUIRED if mode is `MUTUAL`. The path to a file containing // certificate authority certificates to use in verifying a presented // client side certificate. @@ -430,6 +427,12 @@ type Server_TLSOptions struct { // Optional: If specified, only support the specified cipher list. // Otherwise default to the default cipher list supported by Envoy. CipherSuites []string `protobuf:"bytes,9,rep,name=cipher_suites,json=cipherSuites" json:"cipher_suites,omitempty"` + // Optional: If specified, the gateway controllers (with SDS enabled) + // use the specified name as the SDS secret config name to call the SDS + // server, to retrieve the key and certificates. Otherwise, the gateway + // controllers (with SDS enabled) use the first value in the hosts as + // the SDS secret config name to call the SDS server. + SdsName string `protobuf:"bytes,10,opt,name=sds_name,json=sdsName,proto3" json:"sds_name,omitempty"` } func (m *Server_TLSOptions) Reset() { *m = Server_TLSOptions{} } @@ -465,13 +468,6 @@ func (m *Server_TLSOptions) GetPrivateKey() string { return "" } -func (m *Server_TLSOptions) GetCredentialStore() *Server_TLSOptions_CredentialStore { - if m != nil { - return m.CredentialStore - } - return nil -} - func (m *Server_TLSOptions) GetCaCertificates() string { if m != nil { return m.CaCertificates @@ -507,212 +503,13 @@ func (m *Server_TLSOptions) GetCipherSuites() []string { return nil } -// The file backend specifies the file system paths where the -// server's public and private keys can be obtained. -type Server_TLSOptions_CredentialStoreFileBackend struct { - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server-side TLS certificate to use. - ServerCertificate string `protobuf:"bytes,3,opt,name=server_certificate,json=serverCertificate,proto3" json:"server_certificate,omitempty"` - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server's private key. - PrivateKey string `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` -} - -func (m *Server_TLSOptions_CredentialStoreFileBackend) Reset() { - *m = Server_TLSOptions_CredentialStoreFileBackend{} -} -func (m *Server_TLSOptions_CredentialStoreFileBackend) String() string { - return proto.CompactTextString(m) -} -func (*Server_TLSOptions_CredentialStoreFileBackend) ProtoMessage() {} -func (*Server_TLSOptions_CredentialStoreFileBackend) Descriptor() ([]byte, []int) { - return fileDescriptorGateway, []int{1, 0, 0} -} - -func (m *Server_TLSOptions_CredentialStoreFileBackend) GetServerCertificate() string { - if m != nil { - return m.ServerCertificate - } - return "" -} - -func (m *Server_TLSOptions_CredentialStoreFileBackend) GetPrivateKey() string { - if m != nil { - return m.PrivateKey - } - return "" -} - -// The remote backend provides information about the remote secret -// management server that contains the server's public and private keys. -type Server_TLSOptions_CredentialStoreRemoteBackend struct { - // REQUIRED the name of the resource that the credential server can - // use to identify the certificates associated with the gateway - // server. In kubernetes, this should correspond to the name of the - // secret that contains the server-side TLS certificate and the - // server's private key. Note that the secret should contain both the - // public and private keys associated with the server port. - // - // It is possible to use the same resourceName across several servers - // on different ports, if these servers share the same credentials. - ResourceName string `protobuf:"bytes,1,opt,name=resource_name,json=resourceName,proto3" json:"resource_name,omitempty"` - // The address where the credential store server can be reached. - // If omitted, will default to unix:/var/run/gateway/sds - ServerAddress string `protobuf:"bytes,2,opt,name=server_address,json=serverAddress,proto3" json:"server_address,omitempty"` -} - -func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Reset() { - *m = Server_TLSOptions_CredentialStoreRemoteBackend{} -} -func (m *Server_TLSOptions_CredentialStoreRemoteBackend) String() string { - return proto.CompactTextString(m) -} -func (*Server_TLSOptions_CredentialStoreRemoteBackend) ProtoMessage() {} -func (*Server_TLSOptions_CredentialStoreRemoteBackend) Descriptor() ([]byte, []int) { - return fileDescriptorGateway, []int{1, 0, 1} -} - -func (m *Server_TLSOptions_CredentialStoreRemoteBackend) GetResourceName() string { - if m != nil { - return m.ResourceName - } - return "" -} - -func (m *Server_TLSOptions_CredentialStoreRemoteBackend) GetServerAddress() string { +func (m *Server_TLSOptions) GetSdsName() string { if m != nil { - return m.ServerAddress + return m.SdsName } return "" } -type Server_TLSOptions_CredentialStore struct { - // Types that are valid to be assigned to CredentialStore: - // *Server_TLSOptions_CredentialStore_Files - // *Server_TLSOptions_CredentialStore_Remote - CredentialStore isServer_TLSOptions_CredentialStore_CredentialStore `protobuf_oneof:"credential_store"` -} - -func (m *Server_TLSOptions_CredentialStore) Reset() { *m = Server_TLSOptions_CredentialStore{} } -func (m *Server_TLSOptions_CredentialStore) String() string { return proto.CompactTextString(m) } -func (*Server_TLSOptions_CredentialStore) ProtoMessage() {} -func (*Server_TLSOptions_CredentialStore) Descriptor() ([]byte, []int) { - return fileDescriptorGateway, []int{1, 0, 2} -} - -type isServer_TLSOptions_CredentialStore_CredentialStore interface { - isServer_TLSOptions_CredentialStore_CredentialStore() - MarshalTo([]byte) (int, error) - Size() int -} - -type Server_TLSOptions_CredentialStore_Files struct { - Files *Server_TLSOptions_CredentialStoreFileBackend `protobuf:"bytes,1,opt,name=files,oneof"` -} -type Server_TLSOptions_CredentialStore_Remote struct { - Remote *Server_TLSOptions_CredentialStoreRemoteBackend `protobuf:"bytes,2,opt,name=remote,oneof"` -} - -func (*Server_TLSOptions_CredentialStore_Files) isServer_TLSOptions_CredentialStore_CredentialStore() { -} -func (*Server_TLSOptions_CredentialStore_Remote) isServer_TLSOptions_CredentialStore_CredentialStore() { -} - -func (m *Server_TLSOptions_CredentialStore) GetCredentialStore() isServer_TLSOptions_CredentialStore_CredentialStore { - if m != nil { - return m.CredentialStore - } - return nil -} - -func (m *Server_TLSOptions_CredentialStore) GetFiles() *Server_TLSOptions_CredentialStoreFileBackend { - if x, ok := m.GetCredentialStore().(*Server_TLSOptions_CredentialStore_Files); ok { - return x.Files - } - return nil -} - -func (m *Server_TLSOptions_CredentialStore) GetRemote() *Server_TLSOptions_CredentialStoreRemoteBackend { - if x, ok := m.GetCredentialStore().(*Server_TLSOptions_CredentialStore_Remote); ok { - return x.Remote - } - return nil -} - -// XXX_OneofFuncs is for the internal use of the proto package. -func (*Server_TLSOptions_CredentialStore) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { - return _Server_TLSOptions_CredentialStore_OneofMarshaler, _Server_TLSOptions_CredentialStore_OneofUnmarshaler, _Server_TLSOptions_CredentialStore_OneofSizer, []interface{}{ - (*Server_TLSOptions_CredentialStore_Files)(nil), - (*Server_TLSOptions_CredentialStore_Remote)(nil), - } -} - -func _Server_TLSOptions_CredentialStore_OneofMarshaler(msg proto.Message, b *proto.Buffer) error { - m := msg.(*Server_TLSOptions_CredentialStore) - // credential_store - switch x := m.CredentialStore.(type) { - case *Server_TLSOptions_CredentialStore_Files: - _ = b.EncodeVarint(1<<3 | proto.WireBytes) - if err := b.EncodeMessage(x.Files); err != nil { - return err - } - case *Server_TLSOptions_CredentialStore_Remote: - _ = b.EncodeVarint(2<<3 | proto.WireBytes) - if err := b.EncodeMessage(x.Remote); err != nil { - return err - } - case nil: - default: - return fmt.Errorf("Server_TLSOptions_CredentialStore.CredentialStore has unexpected type %T", x) - } - return nil -} - -func _Server_TLSOptions_CredentialStore_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) { - m := msg.(*Server_TLSOptions_CredentialStore) - switch tag { - case 1: // credential_store.files - if wire != proto.WireBytes { - return true, proto.ErrInternalBadWireType - } - msg := new(Server_TLSOptions_CredentialStoreFileBackend) - err := b.DecodeMessage(msg) - m.CredentialStore = &Server_TLSOptions_CredentialStore_Files{msg} - return true, err - case 2: // credential_store.remote - if wire != proto.WireBytes { - return true, proto.ErrInternalBadWireType - } - msg := new(Server_TLSOptions_CredentialStoreRemoteBackend) - err := b.DecodeMessage(msg) - m.CredentialStore = &Server_TLSOptions_CredentialStore_Remote{msg} - return true, err - default: - return false, nil - } -} - -func _Server_TLSOptions_CredentialStore_OneofSizer(msg proto.Message) (n int) { - m := msg.(*Server_TLSOptions_CredentialStore) - // credential_store - switch x := m.CredentialStore.(type) { - case *Server_TLSOptions_CredentialStore_Files: - s := proto.Size(x.Files) - n += proto.SizeVarint(1<<3 | proto.WireBytes) - n += proto.SizeVarint(uint64(s)) - n += s - case *Server_TLSOptions_CredentialStore_Remote: - s := proto.Size(x.Remote) - n += proto.SizeVarint(2<<3 | proto.WireBytes) - n += proto.SizeVarint(uint64(s)) - n += s - case nil: - default: - panic(fmt.Sprintf("proto: unexpected type %T in oneof", x)) - } - return n -} - // Port describes the properties of a specific port of a service. type Port struct { // REQUIRED: A valid non-negative integer port number. @@ -756,9 +553,6 @@ func init() { proto.RegisterType((*Gateway)(nil), "istio.networking.v1alpha3.Gateway") proto.RegisterType((*Server)(nil), "istio.networking.v1alpha3.Server") proto.RegisterType((*Server_TLSOptions)(nil), "istio.networking.v1alpha3.Server.TLSOptions") - proto.RegisterType((*Server_TLSOptions_CredentialStoreFileBackend)(nil), "istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend") - proto.RegisterType((*Server_TLSOptions_CredentialStoreRemoteBackend)(nil), "istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend") - proto.RegisterType((*Server_TLSOptions_CredentialStore)(nil), "istio.networking.v1alpha3.Server.TLSOptions.CredentialStore") proto.RegisterType((*Port)(nil), "istio.networking.v1alpha3.Port") proto.RegisterEnum("istio.networking.v1alpha3.Server_TLSOptions_TLSmode", Server_TLSOptions_TLSmode_name, Server_TLSOptions_TLSmode_value) proto.RegisterEnum("istio.networking.v1alpha3.Server_TLSOptions_TLSProtocol", Server_TLSOptions_TLSProtocol_name, Server_TLSOptions_TLSProtocol_value) @@ -963,132 +757,15 @@ func (m *Server_TLSOptions) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } - if m.CredentialStore != nil { + if len(m.SdsName) > 0 { dAtA[i] = 0x52 i++ - i = encodeVarintGateway(dAtA, i, uint64(m.CredentialStore.Size())) - n3, err := m.CredentialStore.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n3 - } - return i, nil -} - -func (m *Server_TLSOptions_CredentialStoreFileBackend) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Server_TLSOptions_CredentialStoreFileBackend) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.ServerCertificate) > 0 { - dAtA[i] = 0x1a - i++ - i = encodeVarintGateway(dAtA, i, uint64(len(m.ServerCertificate))) - i += copy(dAtA[i:], m.ServerCertificate) - } - if len(m.PrivateKey) > 0 { - dAtA[i] = 0x22 - i++ - i = encodeVarintGateway(dAtA, i, uint64(len(m.PrivateKey))) - i += copy(dAtA[i:], m.PrivateKey) - } - return i, nil -} - -func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Server_TLSOptions_CredentialStoreRemoteBackend) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.ResourceName) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintGateway(dAtA, i, uint64(len(m.ResourceName))) - i += copy(dAtA[i:], m.ResourceName) - } - if len(m.ServerAddress) > 0 { - dAtA[i] = 0x12 - i++ - i = encodeVarintGateway(dAtA, i, uint64(len(m.ServerAddress))) - i += copy(dAtA[i:], m.ServerAddress) - } - return i, nil -} - -func (m *Server_TLSOptions_CredentialStore) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Server_TLSOptions_CredentialStore) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if m.CredentialStore != nil { - nn4, err := m.CredentialStore.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += nn4 + i = encodeVarintGateway(dAtA, i, uint64(len(m.SdsName))) + i += copy(dAtA[i:], m.SdsName) } return i, nil } -func (m *Server_TLSOptions_CredentialStore_Files) MarshalTo(dAtA []byte) (int, error) { - i := 0 - if m.Files != nil { - dAtA[i] = 0xa - i++ - i = encodeVarintGateway(dAtA, i, uint64(m.Files.Size())) - n5, err := m.Files.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n5 - } - return i, nil -} -func (m *Server_TLSOptions_CredentialStore_Remote) MarshalTo(dAtA []byte) (int, error) { - i := 0 - if m.Remote != nil { - dAtA[i] = 0x12 - i++ - i = encodeVarintGateway(dAtA, i, uint64(m.Remote.Size())) - n6, err := m.Remote.MarshalTo(dAtA[i:]) - if err != nil { - return 0, err - } - i += n6 - } - return i, nil -} func (m *Port) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) @@ -1220,68 +897,13 @@ func (m *Server_TLSOptions) Size() (n int) { n += 1 + l + sovGateway(uint64(l)) } } - if m.CredentialStore != nil { - l = m.CredentialStore.Size() - n += 1 + l + sovGateway(uint64(l)) - } - return n -} - -func (m *Server_TLSOptions_CredentialStoreFileBackend) Size() (n int) { - var l int - _ = l - l = len(m.ServerCertificate) - if l > 0 { - n += 1 + l + sovGateway(uint64(l)) - } - l = len(m.PrivateKey) - if l > 0 { - n += 1 + l + sovGateway(uint64(l)) - } - return n -} - -func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Size() (n int) { - var l int - _ = l - l = len(m.ResourceName) - if l > 0 { - n += 1 + l + sovGateway(uint64(l)) - } - l = len(m.ServerAddress) + l = len(m.SdsName) if l > 0 { n += 1 + l + sovGateway(uint64(l)) } return n } -func (m *Server_TLSOptions_CredentialStore) Size() (n int) { - var l int - _ = l - if m.CredentialStore != nil { - n += m.CredentialStore.Size() - } - return n -} - -func (m *Server_TLSOptions_CredentialStore_Files) Size() (n int) { - var l int - _ = l - if m.Files != nil { - l = m.Files.Size() - n += 1 + l + sovGateway(uint64(l)) - } - return n -} -func (m *Server_TLSOptions_CredentialStore_Remote) Size() (n int) { - var l int - _ = l - if m.Remote != nil { - l = m.Remote.Size() - n += 1 + l + sovGateway(uint64(l)) - } - return n -} func (m *Port) Size() (n int) { var l int _ = l @@ -1967,9 +1589,9 @@ func (m *Server_TLSOptions) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 10: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field CredentialStore", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field SdsName", wireType) } - var msglen int + var stringLen uint64 for shift := uint(0); ; shift += 7 { if shift >= 64 { return ErrIntOverflowGateway @@ -1979,354 +1601,20 @@ func (m *Server_TLSOptions) Unmarshal(dAtA []byte) error { } b := dAtA[iNdEx] iNdEx++ - msglen |= (int(b) & 0x7F) << shift + stringLen |= (uint64(b) & 0x7F) << shift if b < 0x80 { break } } - if msglen < 0 { + intStringLen := int(stringLen) + if intStringLen < 0 { return ErrInvalidLengthGateway } - postIndex := iNdEx + msglen + postIndex := iNdEx + intStringLen if postIndex > l { return io.ErrUnexpectedEOF } - if m.CredentialStore == nil { - m.CredentialStore = &Server_TLSOptions_CredentialStore{} - } - if err := m.CredentialStore.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGateway(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthGateway - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Server_TLSOptions_CredentialStoreFileBackend) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGateway - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CredentialStoreFileBackend: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CredentialStoreFileBackend: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 3: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerCertificate", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGateway - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGateway - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ServerCertificate = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 4: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field PrivateKey", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGateway - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGateway - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.PrivateKey = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGateway(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthGateway - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGateway - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CredentialStoreRemoteBackend: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CredentialStoreRemoteBackend: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ResourceName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGateway - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGateway - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ResourceName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ServerAddress", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGateway - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGateway - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ServerAddress = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipGateway(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthGateway - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func (m *Server_TLSOptions_CredentialStore) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGateway - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: CredentialStore: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: CredentialStore: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Files", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGateway - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGateway - } - postIndex := iNdEx + msglen - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &Server_TLSOptions_CredentialStoreFileBackend{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.CredentialStore = &Server_TLSOptions_CredentialStore_Files{v} - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Remote", wireType) - } - var msglen int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGateway - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - msglen |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - if msglen < 0 { - return ErrInvalidLengthGateway - } - postIndex := iNdEx + msglen - if postIndex > l { - return io.ErrUnexpectedEOF - } - v := &Server_TLSOptions_CredentialStoreRemoteBackend{} - if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { - return err - } - m.CredentialStore = &Server_TLSOptions_CredentialStore_Remote{v} + m.SdsName = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex default: iNdEx = preIndex @@ -2584,57 +1872,48 @@ var ( func init() { proto.RegisterFile("networking/v1alpha3/gateway.proto", fileDescriptorGateway) } var fileDescriptorGateway = []byte{ - // 819 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0x5d, 0x6f, 0xdb, 0x36, - 0x14, 0x8d, 0x6c, 0xc7, 0xb1, 0xaf, 0xe2, 0x58, 0x25, 0x82, 0x41, 0x33, 0x86, 0x34, 0x75, 0x30, - 0xac, 0x1b, 0x36, 0xa5, 0x71, 0xf6, 0x50, 0xac, 0xc3, 0x00, 0xa7, 0xc8, 0xe2, 0x62, 0x6e, 0x13, - 0x50, 0x4e, 0x1f, 0xf6, 0x22, 0x30, 0x12, 0x93, 0x30, 0x91, 0x45, 0x81, 0xa4, 0xdd, 0xfa, 0x1f, - 0xf6, 0x71, 0xfb, 0x07, 0x43, 0x5e, 0xf7, 0xb8, 0x3f, 0x30, 0x90, 0xa2, 0x3f, 0xea, 0xa6, 0x29, - 0x82, 0xbc, 0xf1, 0x1e, 0xde, 0x7b, 0xee, 0xe5, 0xe1, 0x11, 0x05, 0x4f, 0x32, 0xaa, 0xde, 0x71, - 0x71, 0xcd, 0xb2, 0x8b, 0xdd, 0xf1, 0x1e, 0x49, 0xf3, 0x4b, 0xb2, 0xbf, 0x7b, 0x41, 0x14, 0x7d, - 0x47, 0x26, 0x41, 0x2e, 0xb8, 0xe2, 0xe8, 0x6b, 0x26, 0x15, 0xe3, 0xc1, 0x3c, 0x31, 0x98, 0x26, - 0xb6, 0xff, 0x76, 0x60, 0xed, 0xa8, 0x48, 0x46, 0x2f, 0x60, 0x4d, 0x52, 0x31, 0xa6, 0x42, 0xfa, - 0xce, 0x76, 0xf9, 0xa9, 0xdb, 0x79, 0x12, 0x7c, 0xb6, 0x30, 0x08, 0x4d, 0x26, 0x9e, 0x56, 0xa0, - 0x3e, 0xd4, 0x24, 0x4d, 0x69, 0xac, 0xb8, 0xf0, 0x4b, 0xa6, 0xfa, 0xd9, 0x1d, 0xd5, 0xb6, 0x65, - 0x10, 0xda, 0x92, 0xc3, 0x4c, 0x89, 0x09, 0x9e, 0x31, 0xb4, 0x5e, 0x40, 0xe3, 0xa3, 0x2d, 0xe4, - 0x41, 0xf9, 0x9a, 0x4e, 0x7c, 0x67, 0xdb, 0x79, 0x5a, 0xc7, 0x7a, 0x89, 0x36, 0x61, 0x75, 0x4c, - 0xd2, 0x11, 0xf5, 0x4b, 0x06, 0x2b, 0x82, 0x5f, 0x4a, 0xcf, 0x9d, 0xf6, 0x07, 0x17, 0xaa, 0xc5, - 0x78, 0x68, 0x1f, 0x2a, 0x39, 0x17, 0xca, 0xd4, 0xb9, 0x9d, 0xc7, 0x77, 0x4c, 0x74, 0xc2, 0x85, - 0xc2, 0x26, 0x59, 0x33, 0x5f, 0x72, 0xa9, 0xa4, 0x39, 0x47, 0x1d, 0x17, 0x01, 0xfa, 0x0d, 0xca, - 0x2a, 0x95, 0x7e, 0xd9, 0x30, 0xfd, 0xf8, 0x45, 0x65, 0x82, 0x41, 0x3f, 0x3c, 0xce, 0x15, 0xe3, - 0x99, 0xc4, 0xba, 0x10, 0x21, 0xa8, 0x9c, 0xb1, 0x2c, 0xf1, 0x2b, 0x66, 0x5c, 0xb3, 0x46, 0xdf, - 0x83, 0x97, 0xd0, 0x73, 0x32, 0x4a, 0x55, 0x44, 0xb3, 0x24, 0xe7, 0x2c, 0x53, 0xfe, 0xaa, 0xd9, - 0x6f, 0x5a, 0xfc, 0xd0, 0xc2, 0xad, 0xff, 0xea, 0x00, 0x73, 0x4a, 0xf4, 0x2d, 0x6c, 0x5c, 0x2a, - 0x95, 0xcb, 0x48, 0xd0, 0x84, 0x09, 0x1a, 0x17, 0x47, 0xac, 0xe1, 0x86, 0x41, 0xb1, 0x05, 0x51, - 0x0f, 0x2a, 0x43, 0x9e, 0x14, 0x1a, 0x6d, 0x74, 0x7e, 0xbe, 0xcf, 0xd4, 0x7a, 0xa9, 0x6b, 0xb1, - 0x61, 0x40, 0x7b, 0x80, 0x8a, 0xab, 0x8e, 0x62, 0x2a, 0x14, 0x3b, 0x67, 0x31, 0x51, 0xd4, 0xa8, - 0x51, 0x3f, 0x28, 0xf9, 0x0e, 0x7e, 0x54, 0xec, 0xbe, 0x9c, 0x6f, 0xa2, 0x1d, 0x70, 0x73, 0xc1, - 0xc6, 0x44, 0xd1, 0x48, 0xdf, 0x5d, 0x65, 0x96, 0x0b, 0x16, 0xfe, 0x83, 0x4e, 0xd0, 0x77, 0xd0, - 0x8c, 0xc9, 0x22, 0xa7, 0xb4, 0x0a, 0x6c, 0xc4, 0x64, 0x81, 0x4c, 0xa2, 0x1f, 0xe0, 0x91, 0x1c, - 0x9d, 0x5d, 0xd1, 0x58, 0x45, 0x24, 0x55, 0x51, 0x46, 0x86, 0x54, 0xfa, 0x55, 0x73, 0x43, 0x4d, - 0xbb, 0xd1, 0x4d, 0xd5, 0x1b, 0x0d, 0xa3, 0x2b, 0xd8, 0x1c, 0xb2, 0x2c, 0x32, 0xee, 0x8f, 0x79, - 0x1a, 0x69, 0x87, 0x32, 0x9e, 0xf9, 0x6b, 0x46, 0x86, 0xe7, 0xf7, 0x95, 0xe1, 0xc4, 0xf2, 0x60, - 0x34, 0x64, 0xd9, 0x34, 0x78, 0x5b, 0x70, 0x9a, 0x5e, 0xe4, 0xfd, 0xa7, 0xbd, 0x6a, 0x0f, 0xee, - 0x45, 0xde, 0x2f, 0xf7, 0xda, 0x81, 0x46, 0xcc, 0xf2, 0x4b, 0x2a, 0x22, 0x39, 0x62, 0x5a, 0xaa, - 0xba, 0x39, 0xff, 0x7a, 0x01, 0x86, 0x06, 0x43, 0x17, 0xe0, 0xc5, 0x82, 0x26, 0x34, 0x53, 0x8c, - 0xa4, 0x91, 0x54, 0x5c, 0x50, 0x1f, 0x8c, 0x6b, 0x7f, 0xbd, 0xd7, 0x30, 0x2f, 0x67, 0x24, 0xa1, - 0xe6, 0xc0, 0xcd, 0xf8, 0x63, 0xa0, 0x95, 0x42, 0x6b, 0x29, 0xe7, 0x77, 0x96, 0xd2, 0x03, 0x12, - 0x5f, 0xd3, 0x2c, 0x41, 0x3f, 0x7d, 0xde, 0x30, 0xb7, 0x99, 0xe5, 0xf1, 0x2d, 0x66, 0x59, 0x34, - 0x4a, 0xeb, 0x0a, 0xbe, 0x59, 0x9e, 0x88, 0x0e, 0xb9, 0x9a, 0xf5, 0xdb, 0x81, 0x86, 0xa0, 0x92, - 0x8f, 0x44, 0x4c, 0x8d, 0x39, 0xec, 0x5b, 0xb1, 0x3e, 0x05, 0xb5, 0x33, 0xf4, 0x67, 0x63, 0x87, - 0x22, 0x49, 0x22, 0xa8, 0x94, 0xf6, 0xf5, 0x68, 0x14, 0x68, 0xb7, 0x00, 0x5b, 0xff, 0x3a, 0xd0, - 0x5c, 0x6a, 0x86, 0x22, 0x58, 0x3d, 0x67, 0x29, 0x95, 0xf6, 0x2d, 0x39, 0x7a, 0x88, 0x96, 0x0b, - 0x3a, 0xf5, 0x56, 0x70, 0xc1, 0x8b, 0x62, 0xa8, 0x0a, 0x73, 0x22, 0x33, 0x93, 0xdb, 0x79, 0xf5, - 0xa0, 0xdb, 0x5a, 0xd4, 0xa6, 0xb7, 0x82, 0x2d, 0xf5, 0x01, 0xfa, 0xd4, 0x1c, 0xed, 0x1e, 0xac, - 0xd9, 0x6f, 0x1d, 0x35, 0xc1, 0x3d, 0xe9, 0x86, 0xe1, 0xa0, 0x87, 0x8f, 0x4f, 0x8f, 0x7a, 0xde, - 0x0a, 0x02, 0xa8, 0x86, 0xaf, 0x5e, 0x9f, 0xf4, 0x0f, 0x3d, 0x47, 0xaf, 0x5f, 0x9f, 0x0e, 0x4e, - 0xbb, 0x7d, 0xaf, 0x84, 0x36, 0xc1, 0xeb, 0x9e, 0x0e, 0x8e, 0xa3, 0xc5, 0xec, 0x72, 0xfb, 0x18, - 0xdc, 0x05, 0x0b, 0xa3, 0x75, 0xa8, 0x0d, 0xfa, 0x61, 0xa4, 0x13, 0xbd, 0x15, 0xe4, 0x9a, 0x36, - 0x6f, 0xf7, 0xa2, 0x67, 0x9e, 0x33, 0x0f, 0xf6, 0xbc, 0xd2, 0x3c, 0xe8, 0x78, 0xe5, 0x79, 0xb0, - 0xef, 0x55, 0xda, 0x6f, 0xa0, 0xa2, 0x1f, 0x66, 0xf4, 0x15, 0x54, 0xb3, 0xd1, 0xf0, 0x8c, 0x0a, - 0xa3, 0x7e, 0x03, 0xdb, 0x08, 0xb5, 0xa0, 0x36, 0xfd, 0xf0, 0xec, 0x4d, 0xce, 0x62, 0xfd, 0xe0, - 0x1a, 0x1f, 0x14, 0x96, 0x33, 0xeb, 0x83, 0xe0, 0xc3, 0xcd, 0x96, 0xf3, 0xd7, 0xcd, 0x96, 0xf3, - 0xcf, 0xcd, 0x96, 0xf3, 0xe7, 0x76, 0x21, 0x30, 0xe3, 0xbb, 0x24, 0x67, 0xbb, 0xb7, 0xfc, 0x47, - 0xcf, 0xaa, 0x86, 0x6d, 0xff, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0x35, 0xd5, 0xf3, 0x8a, 0x65, - 0x07, 0x00, 0x00, + // 673 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x54, 0x4d, 0x4f, 0xdb, 0x4c, + 0x10, 0xc6, 0x49, 0xc8, 0xc7, 0x84, 0x10, 0xb3, 0x42, 0xaf, 0x0c, 0x07, 0x3e, 0xf2, 0xea, 0xd5, + 0x4b, 0xab, 0xd6, 0x81, 0xa4, 0x07, 0x54, 0xa4, 0x4a, 0x69, 0x85, 0x48, 0xd5, 0x40, 0x22, 0x3b, + 0xe1, 0xd0, 0x8b, 0xb5, 0x71, 0x16, 0xb2, 0xe0, 0x78, 0xad, 0xdd, 0x4d, 0x20, 0x7f, 0xa9, 0xbf, + 0xa4, 0xc7, 0xf6, 0xd0, 0x7b, 0xc5, 0x2f, 0xa9, 0x76, 0xed, 0x90, 0xf4, 0x8b, 0x0a, 0xf5, 0x36, + 0xf3, 0xcc, 0xcc, 0x33, 0x33, 0xcf, 0xac, 0x0d, 0xbb, 0x21, 0x91, 0x37, 0x8c, 0x5f, 0xd3, 0xf0, + 0xb2, 0x3a, 0x39, 0xc0, 0x41, 0x34, 0xc4, 0xf5, 0xea, 0x25, 0x96, 0xe4, 0x06, 0x4f, 0xed, 0x88, + 0x33, 0xc9, 0xd0, 0x06, 0x15, 0x92, 0x32, 0x7b, 0x9e, 0x68, 0xcf, 0x12, 0x2b, 0x9f, 0x0d, 0xc8, + 0x9d, 0xc4, 0xc9, 0xe8, 0x08, 0x72, 0x82, 0xf0, 0x09, 0xe1, 0xc2, 0x32, 0x76, 0xd2, 0x7b, 0xc5, + 0xda, 0xae, 0xfd, 0xdb, 0x42, 0xdb, 0xd5, 0x99, 0xce, 0xac, 0x02, 0xb5, 0x20, 0x2f, 0x48, 0x40, + 0x7c, 0xc9, 0xb8, 0x95, 0xd2, 0xd5, 0xfb, 0x0f, 0x54, 0x27, 0x2d, 0x6d, 0x37, 0x29, 0x39, 0x0e, + 0x25, 0x9f, 0x3a, 0xf7, 0x0c, 0x9b, 0x47, 0x50, 0xfa, 0x2e, 0x84, 0x4c, 0x48, 0x5f, 0x93, 0xa9, + 0x65, 0xec, 0x18, 0x7b, 0x05, 0x47, 0x99, 0x68, 0x1d, 0x96, 0x27, 0x38, 0x18, 0x13, 0x2b, 0xa5, + 0xb1, 0xd8, 0x79, 0x99, 0x3a, 0x34, 0x2a, 0x1f, 0x72, 0x90, 0x8d, 0xc7, 0x43, 0x75, 0xc8, 0x44, + 0x8c, 0x4b, 0x5d, 0x57, 0xac, 0x6d, 0x3f, 0x30, 0x51, 0x87, 0x71, 0xe9, 0xe8, 0x64, 0xc5, 0x3c, + 0x64, 0x42, 0x0a, 0xbd, 0x47, 0xc1, 0x89, 0x1d, 0xf4, 0x0a, 0xd2, 0x32, 0x10, 0x56, 0x5a, 0x33, + 0x3d, 0xfb, 0xa3, 0x32, 0x76, 0xb7, 0xe5, 0xb6, 0x23, 0x49, 0x59, 0x28, 0x1c, 0x55, 0x88, 0x10, + 0x64, 0xfa, 0x34, 0x1c, 0x58, 0x19, 0x3d, 0xae, 0xb6, 0xd1, 0x13, 0x30, 0x07, 0xe4, 0x02, 0x8f, + 0x03, 0xe9, 0x91, 0x70, 0x10, 0x31, 0x1a, 0x4a, 0x6b, 0x59, 0xc7, 0xcb, 0x09, 0x7e, 0x9c, 0xc0, + 0x9b, 0x5f, 0x96, 0x01, 0xe6, 0x94, 0xe8, 0x3f, 0x58, 0x1d, 0x4a, 0x19, 0x09, 0x8f, 0x93, 0x01, + 0xe5, 0xc4, 0x8f, 0x57, 0xcc, 0x3b, 0x25, 0x8d, 0x3a, 0x09, 0x88, 0x9a, 0x90, 0x19, 0xb1, 0x41, + 0xac, 0xd1, 0x6a, 0xed, 0xc5, 0x63, 0xa6, 0x56, 0xa6, 0xaa, 0x75, 0x34, 0x03, 0x7a, 0x0e, 0x28, + 0x3e, 0xb5, 0xe7, 0x13, 0x2e, 0xe9, 0x05, 0xf5, 0xb1, 0x24, 0x5a, 0x8d, 0x82, 0xb3, 0x16, 0x47, + 0xde, 0xcc, 0x03, 0x68, 0x1b, 0x8a, 0x11, 0xa7, 0x13, 0x2c, 0x89, 0xa7, 0xee, 0x16, 0x2f, 0x0d, + 0x09, 0xf4, 0x8e, 0x4c, 0xd1, 0xff, 0x50, 0xf6, 0xf1, 0x22, 0x97, 0x48, 0x36, 0x5f, 0xf5, 0xf1, + 0x02, 0x91, 0x40, 0x4f, 0x61, 0x4d, 0x8c, 0xfb, 0x57, 0xc4, 0x97, 0x1e, 0x0e, 0xa4, 0x17, 0xe2, + 0x11, 0x11, 0x56, 0x56, 0x5f, 0xa6, 0x9c, 0x04, 0x1a, 0x81, 0x3c, 0x53, 0x30, 0xba, 0x82, 0xf5, + 0x11, 0x0d, 0x3d, 0xfd, 0xea, 0x7d, 0x16, 0x78, 0xea, 0x65, 0x52, 0x16, 0x5a, 0x39, 0xbd, 0xfe, + 0xe1, 0x63, 0xd7, 0xef, 0x24, 0x3c, 0x0e, 0x1a, 0xd1, 0x70, 0xe6, 0x9c, 0xc7, 0x9c, 0xba, 0x17, + 0xbe, 0xfd, 0xb9, 0x57, 0xfe, 0xaf, 0x7b, 0xe1, 0xdb, 0x1f, 0x7b, 0xfd, 0x0b, 0x25, 0x9f, 0x46, + 0x43, 0xc2, 0x3d, 0x31, 0xa6, 0x4a, 0xaa, 0x82, 0xde, 0x7f, 0x25, 0x06, 0x5d, 0x8d, 0xa1, 0x0d, + 0xc8, 0x8b, 0x81, 0xd0, 0x02, 0x59, 0xa0, 0xa5, 0xcc, 0x89, 0x81, 0x50, 0xc2, 0x54, 0x9a, 0x90, + 0x4b, 0xae, 0x89, 0xca, 0x50, 0xec, 0x34, 0x5c, 0xb7, 0xdb, 0x74, 0xda, 0xbd, 0x93, 0xa6, 0xb9, + 0x84, 0x00, 0xb2, 0xee, 0xdb, 0xd3, 0x4e, 0xeb, 0xd8, 0x34, 0x94, 0x7d, 0xda, 0xeb, 0xf6, 0x1a, + 0x2d, 0x33, 0x85, 0xd6, 0xc1, 0x6c, 0xf4, 0xba, 0x6d, 0x6f, 0x31, 0x3b, 0x5d, 0x69, 0x43, 0x71, + 0x61, 0x58, 0xb4, 0x02, 0xf9, 0x6e, 0xcb, 0xf5, 0x54, 0xa2, 0xb9, 0x84, 0x8a, 0xba, 0xcd, 0xf9, + 0x81, 0xb7, 0x6f, 0x1a, 0x73, 0xe7, 0xc0, 0x4c, 0xcd, 0x9d, 0x9a, 0x99, 0x9e, 0x3b, 0x75, 0x33, + 0x53, 0x39, 0x83, 0x8c, 0xfa, 0xf4, 0xd0, 0x3f, 0x90, 0x0d, 0xc7, 0xa3, 0x3e, 0xe1, 0xfa, 0x21, + 0x97, 0x9c, 0xc4, 0x43, 0x9b, 0x90, 0x9f, 0x49, 0x9c, 0x7c, 0xe9, 0xf7, 0xbe, 0xfa, 0xa4, 0xf4, + 0xb6, 0xf1, 0x2b, 0xd4, 0xf6, 0x6b, 0xfb, 0xe3, 0xdd, 0x96, 0xf1, 0xe9, 0x6e, 0xcb, 0xf8, 0x7a, + 0xb7, 0x65, 0xbc, 0xdf, 0x89, 0xaf, 0x40, 0x59, 0x15, 0x47, 0xb4, 0xfa, 0x8b, 0x3f, 0x65, 0x3f, + 0xab, 0xd9, 0xea, 0xdf, 0x02, 0x00, 0x00, 0xff, 0xff, 0x20, 0x65, 0xa6, 0x2f, 0x47, 0x05, 0x00, + 0x00, } diff --git a/networking/v1alpha3/gateway.proto b/networking/v1alpha3/gateway.proto index cdc0334ace..ad9f22791b 100644 --- a/networking/v1alpha3/gateway.proto +++ b/networking/v1alpha3/gateway.proto @@ -291,55 +291,13 @@ message Server { // enforced. TLSmode mode = 2; - // The file backend specifies the file system paths where the - // server's public and private keys can be obtained. - message CredentialStoreFileBackend { - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server-side TLS certificate to use. - string server_certificate = 3; - - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file - // holding the server's private key. - string private_key = 4; - }; - - // The remote backend provides information about the remote secret - // management server that contains the server's public and private keys. - message CredentialStoreRemoteBackend { - // REQUIRED the name of the resource that the credential server can - // use to identify the certificates associated with the gateway - // server. In kubernetes, this should correspond to the name of the - // secret that contains the server-side TLS certificate and the - // server's private key. Note that the secret should contain both the - // public and private keys associated with the server port. - // - // It is possible to use the same resourceName across several servers - // on different ports, if these servers share the same credentials. - string resource_name = 1; - - // The address where the credential store server can be reached. - // If omitted, will default to unix:/var/run/gateway/sds - string server_address = 2; - }; - // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file // holding the server-side TLS certificate to use. - // Deprecated. Use - string server_certificate = 3 [deprecated=true]; + string server_certificate = 3; // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file // holding the server's private key. - string private_key = 4 [deprecated=true]; - - message CredentialStore { - oneof credential_store { - CredentialStoreFileBackend files = 1; - CredentialStoreRemoteBackend remote = 2; - } - } - - // REQUIRED if the mode is `SIMPLE` or `MUTUAL`. - CredentialStore credential_store = 10; + string private_key = 4; // REQUIRED if mode is `MUTUAL`. The path to a file containing // certificate authority certificates to use in verifying a presented @@ -377,6 +335,13 @@ message Server { // Optional: If specified, only support the specified cipher list. // Otherwise default to the default cipher list supported by Envoy. repeated string cipher_suites = 9; + + // Optional: If specified, the gateway controllers (with SDS enabled) + // use the specified name as the SDS secret config name to call the SDS + // server, to retrieve the key and certificates. Otherwise, the gateway + // controllers (with SDS enabled) use the first value in the hosts as + // the SDS secret config name to call the SDS server. + string sds_name = 10; } // Set of TLS related options that govern the server's behavior. Use diff --git a/networking/v1alpha3/istio.networking.v1alpha3.pb.html b/networking/v1alpha3/istio.networking.v1alpha3.pb.html index aff9a57773..d4b3616627 100644 --- a/networking/v1alpha3/istio.networking.v1alpha3.pb.html +++ b/networking/v1alpha3/istio.networking.v1alpha3.pb.html @@ -6,7 +6,7 @@ generator: protoc-gen-docs aliases: - /docs/reference/config/istio.routing.v1alpha1/ -number_of_entries: 63 +number_of_entries: 60 ---

Configuration affecting traffic routing. Here are a few terms useful to define in the context of traffic routing.

@@ -2928,31 +2928,22 @@

Server.TLSOptions

- + - + - - - - - @@ -2999,106 +2990,15 @@

Server.TLSOptions

- -
FieldTypeDescription
resourceNamestring +

REQUIRED the name of the resource that the credential server can +use to identify the certificates associated with the gateway +server. In kubernetes, this should correspond to the name of the +secret that contains the server-side TLS certificate and the +server’s private key. Note that the secret should contain both the +public and private keys associated with the server port.

+ +

It is possible to use the same resourceName across several servers +on different ports, if these servers share the same credentials.

+ +
serverAddress string -

Optional: If specified, the gateway controllers (with SDS enabled) -use the specified name as the SDS secret config name to call the SDS -server, to retrieve the key and certificates. Otherwise, the gateway -controllers (with SDS enabled) use the first value in the hosts as -the SDS secret config name to call the SDS server.

+

The address where the credential store server can be reached. +If omitted, will default to unix:/var/run/gateway/sds
serverCertificate string

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file -holding the server-side TLS certificate to use. -Deprecated. Use

+holding the server-side TLS certificate to use.
privateKey string

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file holding the server’s private key.

-
credentialStoreServer.TLSOptions.CredentialStore -

REQUIRED if the mode is SIMPLE or MUTUAL.

-
-
-

Server.TLSOptions.CredentialStore

-
- - - - - - - - - - - - - - - - - - - - -
FieldTypeDescription
filesServer.TLSOptions.CredentialStoreFileBackend (oneof) -
remoteServer.TLSOptions.CredentialStoreRemoteBackend (oneof) -
-
-

Server.TLSOptions.CredentialStoreFileBackend

-
-

The file backend specifies the file system paths where the -server’s public and private keys can be obtained.

- - - - - - - - - - - - - - - - - - - - - -
FieldTypeDescription
serverCertificatestring -

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file -holding the server-side TLS certificate to use.

- -
privateKeystring -

REQUIRED if mode is SIMPLE or MUTUAL. The path to the file -holding the server’s private key.

- -
-
-

Server.TLSOptions.CredentialStoreRemoteBackend

-
-

The remote backend provides information about the remote secret -management server that contains the server’s public and private keys.

- - - - - - - - - - - - - - - - - + + diff --git a/proto.lock b/proto.lock index f0cb8b6af0..c0b4dd150f 100644 --- a/proto.lock +++ b/proto.lock @@ -3300,11 +3300,6 @@ "name": "private_key", "type": "string" }, - { - "id": 10, - "name": "credential_store", - "type": "CredentialStore" - }, { "id": 5, "name": "ca_certificates", @@ -3331,53 +3326,11 @@ "name": "cipher_suites", "type": "string", "is_repeated": true - } - ], - "messages": [ - { - "name": "CredentialStoreFileBackend", - "fields": [ - { - "id": 3, - "name": "server_certificate", - "type": "string" - }, - { - "id": 4, - "name": "private_key", - "type": "string" - } - ] - }, - { - "name": "CredentialStoreRemoteBackend", - "fields": [ - { - "id": 1, - "name": "resource_name", - "type": "string" - }, - { - "id": 2, - "name": "server_address", - "type": "string" - } - ] }, { - "name": "CredentialStore", - "fields": [ - { - "id": 1, - "name": "files", - "type": "CredentialStoreFileBackend" - }, - { - "id": 2, - "name": "remote", - "type": "CredentialStoreRemoteBackend" - } - ] + "id": 10, + "name": "sds_name", + "type": "string" } ] } diff --git a/python/istio_api/networking/v1alpha3/gateway_pb2.py b/python/istio_api/networking/v1alpha3/gateway_pb2.py index 6be5efb3a0..77c9a04a9d 100644 --- a/python/istio_api/networking/v1alpha3/gateway_pb2.py +++ b/python/istio_api/networking/v1alpha3/gateway_pb2.py @@ -19,7 +19,7 @@ name='networking/v1alpha3/gateway.proto', package='istio.networking.v1alpha3', syntax='proto3', - serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xb8\t\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x04 \x01(\t\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x05 \x01(\t\x1a\x8c\x08\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1e\n\x12server_certificate\x18\x03 \x01(\tB\x02\x18\x01\x12\x17\n\x0bprivate_key\x18\x04 \x01(\tB\x02\x18\x01\x12V\n\x10\x63redential_store\x18\n \x01(\x0b\x32<.istio.networking.v1alpha3.Server.TLSOptions.CredentialStore\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\x1aM\n\x1a\x43redentialStoreFileBackend\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x1aM\n\x1c\x43redentialStoreRemoteBackend\x12\x15\n\rresource_name\x18\x01 \x01(\t\x12\x16\n\x0eserver_address\x18\x02 \x01(\t\x1a\xdc\x01\n\x0f\x43redentialStore\x12X\n\x05\x66iles\x18\x01 \x01(\x0b\x32G.istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackendH\x00\x12[\n\x06remote\x18\x02 \x01(\x0b\x32I.istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackendH\x00\x42\x12\n\x10\x63redential_store\"H\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x14\n\x10\x41UTO_PASSTHROUGH\x10\x03\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSV1_0\x10\x01\x12\x0b\n\x07TLSV1_1\x10\x02\x12\x0b\n\x07TLSV1_2\x10\x03\x12\x0b\n\x07TLSV1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3') + serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xed\x05\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x04 \x01(\t\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x05 \x01(\t\x1a\xc1\x04\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\x12\x10\n\x08sds_name\x18\n \x01(\t\"H\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x14\n\x10\x41UTO_PASSTHROUGH\x10\x03\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSV1_0\x10\x01\x12\x0b\n\x07TLSV1_1\x10\x02\x12\x0b\n\x07TLSV1_2\x10\x03\x12\x0b\n\x07TLSV1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3') ) @@ -49,8 +49,8 @@ ], containing_type=None, options=None, - serialized_start=1301, - serialized_end=1373, + serialized_start=842, + serialized_end=914, ) _sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSMODE) @@ -83,8 +83,8 @@ ], containing_type=None, options=None, - serialized_start=1375, - serialized_end=1454, + serialized_start=916, + serialized_end=995, ) _sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSPROTOCOL) @@ -164,120 +164,6 @@ ) -_SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND = _descriptor.Descriptor( - name='CredentialStoreFileBackend', - full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend', - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name='server_certificate', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend.server_certificate', index=0, - number=3, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None, file=DESCRIPTOR), - _descriptor.FieldDescriptor( - name='private_key', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend.private_key', index=1, - number=4, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None, file=DESCRIPTOR), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=920, - serialized_end=997, -) - -_SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND = _descriptor.Descriptor( - name='CredentialStoreRemoteBackend', - full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend', - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name='resource_name', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend.resource_name', index=0, - number=1, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None, file=DESCRIPTOR), - _descriptor.FieldDescriptor( - name='server_address', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend.server_address', index=1, - number=2, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None, file=DESCRIPTOR), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - ], - serialized_start=999, - serialized_end=1076, -) - -_SERVER_TLSOPTIONS_CREDENTIALSTORE = _descriptor.Descriptor( - name='CredentialStore', - full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore', - filename=None, - file=DESCRIPTOR, - containing_type=None, - fields=[ - _descriptor.FieldDescriptor( - name='files', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore.files', index=0, - number=1, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None, file=DESCRIPTOR), - _descriptor.FieldDescriptor( - name='remote', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore.remote', index=1, - number=2, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None, file=DESCRIPTOR), - ], - extensions=[ - ], - nested_types=[], - enum_types=[ - ], - options=None, - is_extendable=False, - syntax='proto3', - extension_ranges=[], - oneofs=[ - _descriptor.OneofDescriptor( - name='credential_store', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore.credential_store', - index=0, containing_type=None, fields=[]), - ], - serialized_start=1079, - serialized_end=1299, -) - _SERVER_TLSOPTIONS = _descriptor.Descriptor( name='TLSOptions', full_name='istio.networking.v1alpha3.Server.TLSOptions', @@ -305,60 +191,60 @@ has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, - options=_descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')), file=DESCRIPTOR), + options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( name='private_key', full_name='istio.networking.v1alpha3.Server.TLSOptions.private_key', index=3, number=4, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, - options=_descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')), file=DESCRIPTOR), - _descriptor.FieldDescriptor( - name='credential_store', full_name='istio.networking.v1alpha3.Server.TLSOptions.credential_store', index=4, - number=10, type=11, cpp_type=10, label=1, - has_default_value=False, default_value=None, - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='ca_certificates', full_name='istio.networking.v1alpha3.Server.TLSOptions.ca_certificates', index=5, + name='ca_certificates', full_name='istio.networking.v1alpha3.Server.TLSOptions.ca_certificates', index=4, number=5, type=9, cpp_type=9, label=1, has_default_value=False, default_value=_b("").decode('utf-8'), message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='subject_alt_names', full_name='istio.networking.v1alpha3.Server.TLSOptions.subject_alt_names', index=6, + name='subject_alt_names', full_name='istio.networking.v1alpha3.Server.TLSOptions.subject_alt_names', index=5, number=6, type=9, cpp_type=9, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='min_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.min_protocol_version', index=7, + name='min_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.min_protocol_version', index=6, number=7, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='max_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.max_protocol_version', index=8, + name='max_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.max_protocol_version', index=7, number=8, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='cipher_suites', full_name='istio.networking.v1alpha3.Server.TLSOptions.cipher_suites', index=9, + name='cipher_suites', full_name='istio.networking.v1alpha3.Server.TLSOptions.cipher_suites', index=8, number=9, type=9, cpp_type=9, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='sds_name', full_name='istio.networking.v1alpha3.Server.TLSOptions.sds_name', index=9, + number=10, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), ], extensions=[ ], - nested_types=[_SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND, _SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND, _SERVER_TLSOPTIONS_CREDENTIALSTORE, ], + nested_types=[], enum_types=[ _SERVER_TLSOPTIONS_TLSMODE, _SERVER_TLSOPTIONS_TLSPROTOCOL, @@ -370,7 +256,7 @@ oneofs=[ ], serialized_start=418, - serialized_end=1454, + serialized_end=995, ) _SERVER = _descriptor.Descriptor( @@ -428,7 +314,7 @@ oneofs=[ ], serialized_start=246, - serialized_end=1454, + serialized_end=995, ) @@ -472,26 +358,14 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1456, - serialized_end=1510, + serialized_start=997, + serialized_end=1051, ) _GATEWAY_SELECTORENTRY.containing_type = _GATEWAY _GATEWAY.fields_by_name['servers'].message_type = _SERVER _GATEWAY.fields_by_name['selector'].message_type = _GATEWAY_SELECTORENTRY -_SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND.containing_type = _SERVER_TLSOPTIONS -_SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND.containing_type = _SERVER_TLSOPTIONS -_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['files'].message_type = _SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND -_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['remote'].message_type = _SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND -_SERVER_TLSOPTIONS_CREDENTIALSTORE.containing_type = _SERVER_TLSOPTIONS -_SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store'].fields.append( - _SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['files']) -_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['files'].containing_oneof = _SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store'] -_SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store'].fields.append( - _SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['remote']) -_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['remote'].containing_oneof = _SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store'] _SERVER_TLSOPTIONS.fields_by_name['mode'].enum_type = _SERVER_TLSOPTIONS_TLSMODE -_SERVER_TLSOPTIONS.fields_by_name['credential_store'].message_type = _SERVER_TLSOPTIONS_CREDENTIALSTORE _SERVER_TLSOPTIONS.fields_by_name['min_protocol_version'].enum_type = _SERVER_TLSOPTIONS_TLSPROTOCOL _SERVER_TLSOPTIONS.fields_by_name['max_protocol_version'].enum_type = _SERVER_TLSOPTIONS_TLSPROTOCOL _SERVER_TLSOPTIONS.containing_type = _SERVER @@ -522,27 +396,6 @@ Server = _reflection.GeneratedProtocolMessageType('Server', (_message.Message,), dict( TLSOptions = _reflection.GeneratedProtocolMessageType('TLSOptions', (_message.Message,), dict( - - CredentialStoreFileBackend = _reflection.GeneratedProtocolMessageType('CredentialStoreFileBackend', (_message.Message,), dict( - DESCRIPTOR = _SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND, - __module__ = 'networking.v1alpha3.gateway_pb2' - # @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend) - )) - , - - CredentialStoreRemoteBackend = _reflection.GeneratedProtocolMessageType('CredentialStoreRemoteBackend', (_message.Message,), dict( - DESCRIPTOR = _SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND, - __module__ = 'networking.v1alpha3.gateway_pb2' - # @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend) - )) - , - - CredentialStore = _reflection.GeneratedProtocolMessageType('CredentialStore', (_message.Message,), dict( - DESCRIPTOR = _SERVER_TLSOPTIONS_CREDENTIALSTORE, - __module__ = 'networking.v1alpha3.gateway_pb2' - # @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions.CredentialStore) - )) - , DESCRIPTOR = _SERVER_TLSOPTIONS, __module__ = 'networking.v1alpha3.gateway_pb2' # @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions) @@ -554,9 +407,6 @@ )) _sym_db.RegisterMessage(Server) _sym_db.RegisterMessage(Server.TLSOptions) -_sym_db.RegisterMessage(Server.TLSOptions.CredentialStoreFileBackend) -_sym_db.RegisterMessage(Server.TLSOptions.CredentialStoreRemoteBackend) -_sym_db.RegisterMessage(Server.TLSOptions.CredentialStore) Port = _reflection.GeneratedProtocolMessageType('Port', (_message.Message,), dict( DESCRIPTOR = _PORT, @@ -570,8 +420,4 @@ DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('Z istio.io/api/networking/v1alpha3')) _GATEWAY_SELECTORENTRY.has_options = True _GATEWAY_SELECTORENTRY._options = _descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')) -_SERVER_TLSOPTIONS.fields_by_name['server_certificate'].has_options = True -_SERVER_TLSOPTIONS.fields_by_name['server_certificate']._options = _descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')) -_SERVER_TLSOPTIONS.fields_by_name['private_key'].has_options = True -_SERVER_TLSOPTIONS.fields_by_name['private_key']._options = _descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')) # @@protoc_insertion_point(module_scope) From 1b0a0346319495e50178c2e62addefa845056365 Mon Sep 17 00:00:00 2001 From: Douglas Reid Date: Wed, 30 Jan 2019 11:02:42 -0800 Subject: [PATCH 04/15] Add way to signal encoding used for CompressedAttributes to Mixer (#770) * Add mechanism to signal encoding used for CompressedAttributes to mixer proto * Update proto.lock --- mixer/v1/istio.mixer.v1.pb.html | 53 ++++-- mixer/v1/mixer.pb.go | 226 ++++++++++++++++--------- mixer/v1/mixer.proto | 30 ++-- proto.lock | 18 ++ python/istio_api/mixer/v1/mixer_pb2.py | 48 +++++- 5 files changed, 262 insertions(+), 113 deletions(-) diff --git a/mixer/v1/istio.mixer.v1.pb.html b/mixer/v1/istio.mixer.v1.pb.html index 43ed3b88a8..5d73b79eee 100644 --- a/mixer/v1/istio.mixer.v1.pb.html +++ b/mixer/v1/istio.mixer.v1.pb.html @@ -2,7 +2,7 @@ title: istio.mixer.v1 layout: protoc-gen-docs generator: protoc-gen-docs -number_of_entries: 20 +number_of_entries: 21 ---

This package defines the Mixer API that the sidecar proxy uses to perform precondition checks, manage quotas, and report telemetry.

@@ -754,16 +754,13 @@

ReportRequest

can be provided in a single message in order to improve communication efficiency. The client can accumulate a set of actions and send them all in one single message.

-

Although each Attributes message is semantically treated as an independent -stand-alone entity unrelated to the other attributes within the message, this -message format leverages delta-encoding between attribute messages in order to -substantially reduce the request size and improve end-to-end efficiency. Each -individual set of attributes is used to modify the previous set. This eliminates -the need to redundantly send the same attributes multiple times over within -a single request.

- -

If a client is not sophisticated and doesn’t want to use delta-encoding, -a degenerate case is to include all attributes in every individual message.

+ + + + + + @@ -787,6 +784,40 @@

ReportRequest

The number of words in the global dictionary. To detect global dictionary out of sync between client and server.

+ + + +
FieldTypeDescription
resourceNamestring -

REQUIRED the name of the resource that the credential server can -use to identify the certificates associated with the gateway -server. In kubernetes, this should correspond to the name of the -secret that contains the server-side TLS certificate and the -server’s private key. Note that the secret should contain both the -public and private keys associated with the server port.

- -

It is possible to use the same resourceName across several servers -on different ports, if these servers share the same credentials.

- -
serverAddress
sdsName string -

The address where the credential store server can be reached. -If omitted, will default to unix:/var/run/gateway/sds

+

Optional: If specified, the gateway controllers (with SDS enabled) +use the specified name as the SDS secret config name to call the SDS +server, to retrieve the key and certificates. Otherwise, the gateway +controllers (with SDS enabled) use the first value in the hosts as +the SDS secret config name to call the SDS server.
repeatedAttributesSemanticsReportRequest.RepeatedAttributesSemantics +

Indicates how to decode the attributes sets in this request.
+
+

ReportRequest.RepeatedAttributesSemantics

+
+

Used to signal how the sets of compressed attributes should be reconstitued server-side.

+ + + + + + + + + + + + + + + + diff --git a/mixer/v1/mixer.pb.go b/mixer/v1/mixer.pb.go index 915e3b31e2..c413a36f50 100644 --- a/mixer/v1/mixer.pb.go +++ b/mixer/v1/mixer.pb.go @@ -82,6 +82,34 @@ func (HeaderOperation_Operation) EnumDescriptor() ([]byte, []int) { return fileDescriptorMixer, []int{3, 0} } +// Used to signal how the sets of compressed attributes should be reconstitued server-side. +type ReportRequest_RepeatedAttributesSemantics int32 + +const ( + // Use delta encoding between sets of compressed attributes to reduce the overall on-wire + // request size. Each individual set of attributes is used to modify the previous set. + // NOTE: There is no way with this encoding to specify attribute value deletion. This + // option should be used with extreme caution. + DELTA_ENCODING ReportRequest_RepeatedAttributesSemantics = 0 + // Treat each set of compressed attributes as complete - independent from other sets + // in this request. This will result in on-wire duplication of attributes and values, but + // will allow for proper accounting of absent values in overall encoding. + INDEPENDENT_ENCODING ReportRequest_RepeatedAttributesSemantics = 1 +) + +var ReportRequest_RepeatedAttributesSemantics_name = map[int32]string{ + 0: "DELTA_ENCODING", + 1: "INDEPENDENT_ENCODING", +} +var ReportRequest_RepeatedAttributesSemantics_value = map[string]int32{ + "DELTA_ENCODING": 0, + "INDEPENDENT_ENCODING": 1, +} + +func (ReportRequest_RepeatedAttributesSemantics) EnumDescriptor() ([]byte, []int) { + return fileDescriptorMixer, []int{5, 0} +} + // Used to get a thumbs-up/thumbs-down before performing an action. type CheckRequest struct { // The attributes to use for this request. @@ -255,18 +283,9 @@ type ReportRequest struct { // Each `Attributes` element represents the state of a single action. Multiple actions // can be provided in a single message in order to improve communication efficiency. The // client can accumulate a set of actions and send them all in one single message. - // - // Although each `Attributes` message is semantically treated as an independent - // stand-alone entity unrelated to the other attributes within the message, this - // message format leverages delta-encoding between attribute messages in order to - // substantially reduce the request size and improve end-to-end efficiency. Each - // individual set of attributes is used to modify the previous set. This eliminates - // the need to redundantly send the same attributes multiple times over within - // a single request. - // - // If a client is not sophisticated and doesn't want to use delta-encoding, - // a degenerate case is to include all attributes in every individual message. Attributes []CompressedAttributes `protobuf:"bytes,1,rep,name=attributes" json:"attributes"` + // Indicates how to decode the attributes sets in this request. + RepeatedAttributesSemantics ReportRequest_RepeatedAttributesSemantics `protobuf:"varint,4,opt,name=repeated_attributes_semantics,json=repeatedAttributesSemantics,proto3,enum=istio.mixer.v1.ReportRequest_RepeatedAttributesSemantics" json:"repeated_attributes_semantics,omitempty"` // The default message-level dictionary for all the attributes. // Individual attribute messages can have their own dictionaries, but if they don't // then this set of words, if it is provided, is used instead. @@ -305,6 +324,7 @@ func init() { proto.RegisterType((*ReportResponse)(nil), "istio.mixer.v1.ReportResponse") proto.RegisterEnum("istio.mixer.v1.ReferencedAttributes_Condition", ReferencedAttributes_Condition_name, ReferencedAttributes_Condition_value) proto.RegisterEnum("istio.mixer.v1.HeaderOperation_Operation", HeaderOperation_Operation_name, HeaderOperation_Operation_value) + proto.RegisterEnum("istio.mixer.v1.ReportRequest_RepeatedAttributesSemantics", ReportRequest_RepeatedAttributesSemantics_name, ReportRequest_RepeatedAttributesSemantics_value) } func (x ReferencedAttributes_Condition) String() string { s, ok := ReferencedAttributes_Condition_name[int32(x)] @@ -320,6 +340,13 @@ func (x HeaderOperation_Operation) String() string { } return strconv.Itoa(int(x)) } +func (x ReportRequest_RepeatedAttributesSemantics) String() string { + s, ok := ReportRequest_RepeatedAttributesSemantics_name[int32(x)] + if ok { + return s + } + return strconv.Itoa(int(x)) +} // Reference imports to suppress errors if they are not otherwise used. var _ context.Context @@ -903,6 +930,11 @@ func (m *ReportRequest) MarshalTo(dAtA []byte) (int, error) { i++ i = encodeVarintMixer(dAtA, i, uint64(m.GlobalWordCount)) } + if m.RepeatedAttributesSemantics != 0 { + dAtA[i] = 0x20 + i++ + i = encodeVarintMixer(dAtA, i, uint64(m.RepeatedAttributesSemantics)) + } return i, nil } @@ -1117,6 +1149,9 @@ func (m *ReportRequest) Size() (n int) { if m.GlobalWordCount != 0 { n += 1 + sovMixer(uint64(m.GlobalWordCount)) } + if m.RepeatedAttributesSemantics != 0 { + n += 1 + sovMixer(uint64(m.RepeatedAttributesSemantics)) + } return n } @@ -1277,6 +1312,7 @@ func (this *ReportRequest) String() string { `Attributes:` + strings.Replace(strings.Replace(fmt.Sprintf("%v", this.Attributes), "CompressedAttributes", "CompressedAttributes", 1), `&`, ``, 1) + `,`, `DefaultWords:` + fmt.Sprintf("%v", this.DefaultWords) + `,`, `GlobalWordCount:` + fmt.Sprintf("%v", this.GlobalWordCount) + `,`, + `RepeatedAttributesSemantics:` + fmt.Sprintf("%v", this.RepeatedAttributesSemantics) + `,`, `}`, }, "") return s @@ -2810,6 +2846,25 @@ func (m *ReportRequest) Unmarshal(dAtA []byte) error { break } } + case 4: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field RepeatedAttributesSemantics", wireType) + } + m.RepeatedAttributesSemantics = 0 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowMixer + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + m.RepeatedAttributesSemantics |= (ReportRequest_RepeatedAttributesSemantics(b) & 0x7F) << shift + if b < 0x80 { + break + } + } default: iNdEx = preIndex skippy, err := skipMixer(dAtA[iNdEx:]) @@ -2989,76 +3044,81 @@ var ( func init() { proto.RegisterFile("mixer/v1/mixer.proto", fileDescriptorMixer) } var fileDescriptorMixer = []byte{ - // 1133 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0xbf, 0x73, 0xe3, 0x44, - 0x14, 0xb6, 0x2c, 0xdb, 0x89, 0x9f, 0x63, 0xc7, 0xd9, 0x71, 0x88, 0xe3, 0xe1, 0x94, 0x8c, 0xf9, - 0x31, 0x3e, 0x0a, 0x39, 0x97, 0x6b, 0x18, 0x0a, 0x18, 0xc7, 0x51, 0x82, 0xc3, 0x25, 0x31, 0xca, - 0x1d, 0x77, 0x5c, 0xa3, 0x91, 0xa5, 0xb5, 0xa3, 0x39, 0xdb, 0xab, 0x5b, 0x49, 0xe1, 0xd2, 0xdd, - 0x0c, 0xff, 0x00, 0x25, 0x43, 0x47, 0xc3, 0x50, 0x50, 0x53, 0xf1, 0x07, 0xa4, 0xbc, 0x92, 0x0a, - 0x88, 0x81, 0x19, 0xca, 0x2b, 0x29, 0x19, 0xed, 0xae, 0x14, 0x3b, 0x76, 0x72, 0x01, 0xae, 0xdb, - 0xdd, 0xf7, 0xde, 0xf7, 0xde, 0xfb, 0xf4, 0xbe, 0xd5, 0x42, 0x69, 0xe0, 0x3c, 0xc3, 0xb4, 0x7e, - 0x72, 0xa7, 0xce, 0x16, 0xaa, 0x4b, 0x89, 0x4f, 0x50, 0xc1, 0xf1, 0x7c, 0x87, 0xa8, 0xfc, 0xe8, - 0xe4, 0x4e, 0xa5, 0xd4, 0x23, 0x3d, 0xc2, 0x4c, 0xf5, 0x70, 0xc5, 0xbd, 0x2a, 0x4a, 0x8f, 0x90, - 0x5e, 0x1f, 0xd7, 0xd9, 0xae, 0x13, 0x74, 0xeb, 0x76, 0x40, 0x4d, 0xdf, 0x21, 0x43, 0x61, 0x5f, - 0x11, 0x76, 0xea, 0x5a, 0x75, 0xcf, 0x37, 0xfd, 0xc0, 0x13, 0x86, 0xd5, 0x38, 0xa9, 0xe9, 0xfb, - 0xd4, 0xe9, 0x04, 0x3e, 0x16, 0xa6, 0xea, 0x77, 0x32, 0x2c, 0x34, 0x8f, 0xb1, 0xf5, 0x44, 0xc7, - 0x4f, 0x03, 0xec, 0xf9, 0x68, 0x0f, 0xe0, 0xc2, 0xa9, 0x2c, 0xad, 0x4b, 0xb5, 0xdc, 0xe6, 0xdb, - 0xea, 0x64, 0x7d, 0x6a, 0x93, 0x0c, 0x5c, 0x8a, 0x3d, 0x0f, 0xdb, 0x8d, 0xd8, 0x77, 0x2b, 0x75, - 0xf6, 0xcb, 0x5a, 0x42, 0x1f, 0x8b, 0x46, 0xef, 0xc1, 0x52, 0xaf, 0x4f, 0x3a, 0x66, 0xdf, 0xf8, - 0x82, 0x50, 0xdb, 0xb0, 0x48, 0x30, 0xf4, 0xcb, 0xc9, 0x75, 0xa9, 0x96, 0xd7, 0x17, 0xb9, 0xe1, - 0x21, 0xa1, 0x76, 0x33, 0x3c, 0x46, 0xb7, 0xa1, 0x68, 0x63, 0x3b, 0x70, 0xfb, 0x8e, 0xc5, 0x7a, - 0x32, 0x1c, 0xbb, 0x2c, 0xaf, 0x4b, 0xb5, 0xac, 0xbe, 0x38, 0x71, 0xde, 0xb2, 0xd1, 0x0e, 0x64, - 0x9e, 0x06, 0xc4, 0x37, 0xbd, 0x72, 0x6a, 0x5d, 0xae, 0xe5, 0x36, 0x6b, 0x53, 0xe5, 0x8d, 0x35, - 0xa4, 0x7e, 0xca, 0x5c, 0xb5, 0xa1, 0x4f, 0x4f, 0x45, 0x89, 0x22, 0xba, 0xb2, 0x03, 0x39, 0x66, - 0x6c, 0x9b, 0xd4, 0x1c, 0x78, 0xe8, 0x0d, 0xc8, 0x98, 0x03, 0x56, 0x62, 0xd8, 0xb5, 0xac, 0x8b, - 0x1d, 0x5a, 0x83, 0x5c, 0x07, 0x7b, 0xbe, 0x81, 0xbb, 0x5d, 0x42, 0x79, 0xfd, 0xf3, 0x3a, 0x84, - 0x47, 0x1a, 0x3b, 0xa9, 0x58, 0x02, 0x87, 0x27, 0x41, 0x45, 0x90, 0x9f, 0xe0, 0x53, 0x06, 0x92, - 0xd5, 0xc3, 0x25, 0xfa, 0x10, 0xd2, 0x27, 0x66, 0x3f, 0xc0, 0x2c, 0xf6, 0x46, 0xf5, 0xf2, 0x92, - 0x74, 0x1e, 0xf6, 0x41, 0xf2, 0x7d, 0xa9, 0xfa, 0x67, 0x06, 0xf2, 0xc2, 0xcf, 0x73, 0xc9, 0xd0, - 0xc3, 0xe8, 0x31, 0x2c, 0xb8, 0x14, 0x5b, 0x64, 0x68, 0x3b, 0x21, 0x31, 0x02, 0x7c, 0xe3, 0x0a, - 0x70, 0x1e, 0xa4, 0xb6, 0xc7, 0x22, 0x74, 0xec, 0x05, 0x7d, 0x5f, 0x90, 0x32, 0x81, 0x85, 0x76, - 0x63, 0x8a, 0x65, 0x46, 0xf1, 0xed, 0xeb, 0x51, 0xaf, 0xe6, 0xf8, 0x8f, 0x24, 0xa0, 0xe9, 0x9c, - 0x68, 0x03, 0x32, 0x7c, 0x42, 0xc5, 0x84, 0x21, 0x95, 0xcf, 0xae, 0x4a, 0x5d, 0x4b, 0x3d, 0x62, - 0x96, 0x08, 0x88, 0xfb, 0xa1, 0x3d, 0x28, 0x9c, 0x98, 0x7d, 0xc7, 0x36, 0xa2, 0xa1, 0x17, 0xfd, - 0xae, 0x46, 0x91, 0x91, 0x2a, 0xd4, 0x6d, 0xe1, 0xb0, 0x35, 0x1f, 0x02, 0x7c, 0xfd, 0xeb, 0x9a, - 0xa4, 0xe7, 0x59, 0x68, 0x64, 0x40, 0xef, 0xc2, 0x22, 0xc7, 0x0a, 0x3c, 0x2c, 0xa6, 0x32, 0x1c, - 0xb5, 0xb4, 0xf0, 0x7b, 0xe0, 0x61, 0x3e, 0x93, 0x9f, 0xc3, 0x32, 0xc5, 0x5d, 0x4c, 0xf1, 0xd0, - 0xc2, 0xb6, 0x31, 0x26, 0x8b, 0xf4, 0x6c, 0x59, 0xe8, 0xb1, 0xf3, 0x85, 0x2c, 0xf4, 0x12, 0x9d, - 0x71, 0x8a, 0x76, 0x61, 0x91, 0x92, 0xc0, 0xc7, 0x86, 0xed, 0x50, 0x6c, 0xf9, 0xce, 0x09, 0x2e, - 0x67, 0x18, 0xa8, 0x32, 0x05, 0x1a, 0xba, 0x6d, 0x47, 0x5e, 0x7a, 0x81, 0x4e, 0xec, 0xf7, 0x52, - 0xf3, 0xa9, 0x62, 0xba, 0x72, 0x2e, 0x89, 0x19, 0x14, 0xfc, 0x4e, 0xb3, 0x25, 0xfd, 0x67, 0xb6, - 0xde, 0x81, 0x42, 0x8f, 0x9a, 0x43, 0x3f, 0xa4, 0x60, 0x10, 0x4b, 0x58, 0xd6, 0xf3, 0xe2, 0xb4, - 0xc1, 0x65, 0x62, 0xbc, 0x06, 0xb2, 0xc4, 0x37, 0x9f, 0x49, 0x59, 0xc5, 0x7e, 0x95, 0xcc, 0x3e, - 0x9a, 0x94, 0xd9, 0x4d, 0x66, 0x96, 0xd3, 0x35, 0xae, 0xb3, 0x2f, 0x65, 0x28, 0xcd, 0x2a, 0x0d, - 0x95, 0x20, 0x1d, 0xde, 0x62, 0xe1, 0xc4, 0xca, 0xb5, 0xac, 0xce, 0x37, 0xa8, 0x0b, 0x4b, 0x71, - 0xab, 0xc6, 0xc0, 0xf4, 0xad, 0x63, 0xec, 0x95, 0x93, 0x4c, 0x33, 0x77, 0x6f, 0xd2, 0xb1, 0x1a, - 0x2f, 0xf7, 0xc3, 0x60, 0x41, 0x40, 0xd1, 0x9c, 0x38, 0xc5, 0x5e, 0xe5, 0x5b, 0x09, 0x0a, 0x93, - 0xae, 0x08, 0x41, 0x6a, 0x68, 0x0e, 0x30, 0x63, 0x60, 0x49, 0x67, 0x6b, 0x74, 0x0f, 0xb2, 0x93, - 0x17, 0x42, 0x61, 0x53, 0xbd, 0x51, 0x19, 0xcd, 0x58, 0xa0, 0x17, 0x00, 0x61, 0xcb, 0x14, 0xf7, - 0xf0, 0x33, 0x71, 0x11, 0xf3, 0x0d, 0x5a, 0x81, 0xb9, 0x81, 0xe9, 0x1a, 0x21, 0xf9, 0x29, 0x96, - 0x3a, 0x33, 0x30, 0xdd, 0x4f, 0xf0, 0x69, 0xb5, 0x05, 0xd9, 0x18, 0x06, 0xad, 0xc2, 0x72, 0xf3, - 0xf0, 0x60, 0xbb, 0x75, 0xbf, 0x75, 0x78, 0x60, 0x3c, 0x38, 0x38, 0x6a, 0x6b, 0xcd, 0xd6, 0x4e, - 0x4b, 0xdb, 0x2e, 0x26, 0x50, 0x0e, 0xe6, 0x1a, 0x5b, 0x47, 0xda, 0x41, 0x53, 0x2b, 0x4a, 0x28, - 0x0b, 0x69, 0xed, 0x51, 0xa3, 0x79, 0xbf, 0x98, 0x0c, 0x97, 0xba, 0xb6, 0xab, 0x3d, 0x2a, 0xca, - 0xd5, 0x1f, 0x25, 0x58, 0xfc, 0x18, 0x9b, 0x36, 0xa6, 0x87, 0x2e, 0x16, 0x73, 0x38, 0xde, 0x6f, - 0x56, 0xf4, 0x5b, 0x1a, 0xff, 0xe4, 0x59, 0xf1, 0x1d, 0xd1, 0x2e, 0x64, 0x49, 0x14, 0xc6, 0x6a, - 0x2f, 0x4c, 0x0f, 0xc3, 0x25, 0x74, 0x35, 0x5e, 0xe9, 0x17, 0xb1, 0xd5, 0x0d, 0xc8, 0x5e, 0xe4, - 0xcf, 0xc1, 0x9c, 0xae, 0xb5, 0xef, 0x35, 0x9a, 0x5a, 0x31, 0x81, 0x00, 0x32, 0xba, 0xb6, 0x7f, - 0xf8, 0x59, 0xd8, 0x02, 0x40, 0xa6, 0xd1, 0x6e, 0x6b, 0x07, 0xdb, 0xc5, 0x64, 0xf5, 0xa7, 0x24, - 0x14, 0x26, 0x15, 0x8b, 0x4c, 0x58, 0xa5, 0xfc, 0x6e, 0x37, 0x8e, 0x59, 0x52, 0x23, 0x4e, 0xc0, - 0x87, 0x29, 0xb7, 0xb9, 0xf6, 0x8a, 0xea, 0xc4, 0x58, 0xac, 0x08, 0x9c, 0x4b, 0x56, 0x0f, 0x59, - 0x50, 0xa1, 0x62, 0xae, 0x67, 0xe4, 0x48, 0xfe, 0x9b, 0x1c, 0xe5, 0x08, 0x68, 0x2a, 0xc9, 0x06, - 0x94, 0xf8, 0x65, 0x65, 0xc4, 0xb9, 0x2c, 0x62, 0x63, 0x46, 0x70, 0x5e, 0x47, 0xdc, 0x16, 0xc9, - 0xab, 0x49, 0x6c, 0x3c, 0x2b, 0xa2, 0x43, 0x6c, 0x3e, 0x36, 0xd9, 0xcb, 0x11, 0x5b, 0xc4, 0x3e, - 0xad, 0xfe, 0x20, 0x41, 0x5e, 0xc7, 0x2e, 0xa1, 0xfe, 0x55, 0xef, 0x11, 0xf9, 0x7f, 0xbc, 0x47, - 0xde, 0x82, 0xbc, 0x8d, 0xbb, 0x66, 0xd0, 0xf7, 0x0d, 0x2e, 0xe5, 0x24, 0x93, 0xf2, 0x82, 0x38, - 0x7c, 0xc8, 0x14, 0x3d, 0xf3, 0xd1, 0x22, 0xcf, 0x7c, 0xb4, 0x54, 0x8b, 0x50, 0x88, 0xaa, 0xe5, - 0x4d, 0x6c, 0x7e, 0x23, 0x41, 0x7a, 0x3f, 0x2c, 0x0b, 0xed, 0x40, 0x9a, 0x5d, 0x38, 0xe8, 0xcd, - 0xeb, 0x7e, 0xf7, 0x95, 0x5b, 0xd7, 0xde, 0x52, 0xd5, 0x04, 0x6a, 0x41, 0x86, 0xe7, 0x40, 0xb7, - 0xa6, 0x95, 0x3c, 0xc6, 0x54, 0x45, 0xb9, 0xca, 0x1c, 0x41, 0x6d, 0xed, 0x9f, 0x9d, 0x2b, 0x89, - 0x17, 0xe7, 0x4a, 0xe2, 0xe7, 0x73, 0x25, 0xf1, 0xf2, 0x5c, 0x49, 0x3c, 0x1f, 0x29, 0xd2, 0xf7, - 0x23, 0x25, 0x71, 0x36, 0x52, 0xa4, 0x17, 0x23, 0x45, 0xfa, 0x6d, 0xa4, 0x48, 0x7f, 0x8d, 0x94, - 0xc4, 0xcb, 0x91, 0x22, 0x7d, 0xf5, 0xbb, 0x92, 0x78, 0xbc, 0xcc, 0x21, 0x1d, 0x52, 0x37, 0x5d, - 0xa7, 0x1e, 0x3d, 0x23, 0x9f, 0x4b, 0xd2, 0xdf, 0x92, 0xd4, 0xc9, 0xb0, 0x9f, 0xc8, 0xdd, 0x7f, - 0x02, 0x00, 0x00, 0xff, 0xff, 0x06, 0x71, 0x2e, 0x4b, 0xd4, 0x0a, 0x00, 0x00, + // 1209 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x56, 0x4d, 0x73, 0xdb, 0x44, + 0x18, 0x96, 0xac, 0xd8, 0xad, 0x5f, 0xd7, 0x8e, 0xba, 0xe3, 0x52, 0xc7, 0xa5, 0x4a, 0xc6, 0x7c, + 0x4c, 0xca, 0x41, 0x4e, 0xd3, 0x0b, 0x70, 0x80, 0x71, 0x6c, 0x25, 0xb8, 0x6d, 0x9c, 0xa0, 0xa4, + 0xb4, 0xf4, 0xa2, 0x51, 0xa4, 0xb5, 0xab, 0xa9, 0xed, 0x55, 0x57, 0x52, 0x68, 0x0e, 0xcc, 0x74, + 0x86, 0x3f, 0xc0, 0x91, 0xe1, 0xc6, 0x85, 0xe1, 0x17, 0x70, 0xe2, 0x07, 0xf4, 0xd8, 0x23, 0x27, + 0x20, 0x06, 0x66, 0x38, 0xf6, 0xd8, 0x23, 0xa3, 0xdd, 0x95, 0x6c, 0xc7, 0x4e, 0x1a, 0x3e, 0x6e, + 0xbb, 0xfb, 0xbe, 0xef, 0xf3, 0x7e, 0xe8, 0x79, 0x56, 0x0b, 0xe5, 0x81, 0xf7, 0x14, 0xd3, 0xfa, + 0xe1, 0xcd, 0x3a, 0x5b, 0xe8, 0x3e, 0x25, 0x21, 0x41, 0x25, 0x2f, 0x08, 0x3d, 0xa2, 0xf3, 0xa3, + 0xc3, 0x9b, 0xd5, 0x72, 0x8f, 0xf4, 0x08, 0x33, 0xd5, 0xe3, 0x15, 0xf7, 0xaa, 0x6a, 0x3d, 0x42, + 0x7a, 0x7d, 0x5c, 0x67, 0xbb, 0x83, 0xa8, 0x5b, 0x77, 0x23, 0x6a, 0x87, 0x1e, 0x19, 0x0a, 0xfb, + 0x55, 0x61, 0xa7, 0xbe, 0x53, 0x0f, 0x42, 0x3b, 0x8c, 0x02, 0x61, 0x58, 0x4a, 0x93, 0xda, 0x61, + 0x48, 0xbd, 0x83, 0x28, 0xc4, 0xc2, 0x54, 0xfb, 0x5e, 0x81, 0x4b, 0xcd, 0x47, 0xd8, 0x79, 0x6c, + 0xe2, 0x27, 0x11, 0x0e, 0x42, 0x74, 0x1b, 0x60, 0xec, 0x54, 0x91, 0x57, 0xe4, 0xd5, 0xc2, 0xfa, + 0xdb, 0xfa, 0x74, 0x7d, 0x7a, 0x93, 0x0c, 0x7c, 0x8a, 0x83, 0x00, 0xbb, 0x8d, 0xd4, 0x77, 0x63, + 0xe1, 0xf9, 0x2f, 0xcb, 0x92, 0x39, 0x11, 0x8d, 0xde, 0x83, 0xcb, 0xbd, 0x3e, 0x39, 0xb0, 0xfb, + 0xd6, 0x17, 0x84, 0xba, 0x96, 0x43, 0xa2, 0x61, 0x58, 0xc9, 0xac, 0xc8, 0xab, 0x45, 0x73, 0x91, + 0x1b, 0xee, 0x13, 0xea, 0x36, 0xe3, 0x63, 0x74, 0x03, 0x54, 0x17, 0xbb, 0x91, 0xdf, 0xf7, 0x1c, + 0xd6, 0x93, 0xe5, 0xb9, 0x15, 0x65, 0x45, 0x5e, 0xcd, 0x9b, 0x8b, 0x53, 0xe7, 0x6d, 0x17, 0x6d, + 0x42, 0xee, 0x49, 0x44, 0x42, 0x3b, 0xa8, 0x2c, 0xac, 0x28, 0xab, 0x85, 0xf5, 0xd5, 0x99, 0xf2, + 0x26, 0x1a, 0xd2, 0x3f, 0x65, 0xae, 0xc6, 0x30, 0xa4, 0x47, 0xa2, 0x44, 0x11, 0x5d, 0xdd, 0x84, + 0x02, 0x33, 0xee, 0xda, 0xd4, 0x1e, 0x04, 0xe8, 0x0d, 0xc8, 0xd9, 0x03, 0x56, 0x62, 0xdc, 0xb5, + 0x62, 0x8a, 0x1d, 0x5a, 0x86, 0xc2, 0x01, 0x0e, 0x42, 0x0b, 0x77, 0xbb, 0x84, 0xf2, 0xfa, 0x2f, + 0x9a, 0x10, 0x1f, 0x19, 0xec, 0xa4, 0xea, 0x08, 0x1c, 0x9e, 0x04, 0xa9, 0xa0, 0x3c, 0xc6, 0x47, + 0x0c, 0x24, 0x6f, 0xc6, 0x4b, 0xf4, 0x11, 0x64, 0x0f, 0xed, 0x7e, 0x84, 0x59, 0xec, 0xb9, 0xea, + 0xe5, 0x25, 0x99, 0x3c, 0xec, 0xc3, 0xcc, 0xfb, 0x72, 0xed, 0xcf, 0x1c, 0x14, 0x85, 0x5f, 0xe0, + 0x93, 0x61, 0x80, 0xd1, 0x43, 0xb8, 0xe4, 0x53, 0xec, 0x90, 0xa1, 0xeb, 0xc5, 0x83, 0x11, 0xe0, + 0x6b, 0xa7, 0x80, 0xf3, 0x20, 0x7d, 0x77, 0x22, 0xc2, 0xc4, 0x41, 0xd4, 0x0f, 0xc5, 0x50, 0xa6, + 0xb0, 0xd0, 0x56, 0x3a, 0x62, 0x85, 0x8d, 0xf8, 0xc6, 0xd9, 0xa8, 0xa7, 0xcf, 0xf8, 0x8f, 0x0c, + 0xa0, 0xd9, 0x9c, 0x68, 0x0d, 0x72, 0x9c, 0xa1, 0x82, 0x61, 0x48, 0xe7, 0xdc, 0xd5, 0xa9, 0xef, + 0xe8, 0x7b, 0xcc, 0x92, 0x00, 0x71, 0x3f, 0x74, 0x1b, 0x4a, 0x87, 0x76, 0xdf, 0x73, 0xad, 0x84, + 0xf4, 0xa2, 0xdf, 0xa5, 0x24, 0x32, 0x51, 0x85, 0xde, 0x12, 0x0e, 0x1b, 0x17, 0x63, 0x80, 0x6f, + 0x7e, 0x5d, 0x96, 0xcd, 0x22, 0x0b, 0x4d, 0x0c, 0xe8, 0x5d, 0x58, 0xe4, 0x58, 0x51, 0x80, 0x05, + 0x2b, 0x63, 0xaa, 0x65, 0x85, 0xdf, 0xbd, 0x00, 0x73, 0x4e, 0x7e, 0x0e, 0x57, 0x28, 0xee, 0x62, + 0x8a, 0x87, 0x0e, 0x76, 0xad, 0x09, 0x59, 0x64, 0xe7, 0xcb, 0xc2, 0x4c, 0x9d, 0xc7, 0xb2, 0x30, + 0xcb, 0x74, 0xce, 0x29, 0xda, 0x82, 0x45, 0x4a, 0xa2, 0x10, 0x5b, 0xae, 0x47, 0xb1, 0x13, 0x7a, + 0x87, 0xb8, 0x92, 0x63, 0xa0, 0xda, 0x0c, 0x68, 0xec, 0xd6, 0x4a, 0xbc, 0xcc, 0x12, 0x9d, 0xda, + 0xdf, 0x5e, 0xb8, 0xb8, 0xa0, 0x66, 0xab, 0xc7, 0xb2, 0xe0, 0xa0, 0x98, 0xef, 0xec, 0xb4, 0xe4, + 0x7f, 0x3d, 0xad, 0x77, 0xa0, 0xd4, 0xa3, 0xf6, 0x30, 0x8c, 0x47, 0x30, 0x48, 0x25, 0xac, 0x98, + 0x45, 0x71, 0xda, 0xe0, 0x32, 0xb1, 0xfe, 0x87, 0x61, 0x89, 0x6f, 0x3e, 0x77, 0x64, 0x55, 0xf7, + 0x75, 0x32, 0xfb, 0x78, 0x5a, 0x66, 0xe7, 0xe1, 0x2c, 0x1f, 0xd7, 0xa4, 0xce, 0xbe, 0x52, 0xa0, + 0x3c, 0xaf, 0x34, 0x54, 0x86, 0x6c, 0x7c, 0x8b, 0xc5, 0x8c, 0x55, 0x56, 0xf3, 0x26, 0xdf, 0xa0, + 0x2e, 0x5c, 0x4e, 0x5b, 0xb5, 0x06, 0x76, 0xe8, 0x3c, 0xc2, 0x41, 0x25, 0xc3, 0x34, 0x73, 0xeb, + 0x3c, 0x1d, 0xeb, 0xe9, 0x72, 0x3b, 0x0e, 0x16, 0x03, 0x50, 0xed, 0xa9, 0x53, 0x1c, 0x54, 0xbf, + 0x93, 0xa1, 0x34, 0xed, 0x8a, 0x10, 0x2c, 0x0c, 0xed, 0x01, 0x66, 0x13, 0xb8, 0x6c, 0xb2, 0x35, + 0xba, 0x0b, 0xf9, 0xe9, 0x0b, 0xa1, 0xb4, 0xae, 0x9f, 0xab, 0x8c, 0x66, 0x2a, 0xd0, 0x31, 0x40, + 0xdc, 0x32, 0xc5, 0x3d, 0xfc, 0x54, 0x5c, 0xc4, 0x7c, 0x83, 0xae, 0xc2, 0x85, 0x81, 0xed, 0x5b, + 0xf1, 0xf0, 0x17, 0x58, 0xea, 0xdc, 0xc0, 0xf6, 0xef, 0xe0, 0xa3, 0x5a, 0x1b, 0xf2, 0x29, 0x0c, + 0x5a, 0x82, 0x2b, 0xcd, 0x9d, 0x4e, 0xab, 0xbd, 0xdf, 0xde, 0xe9, 0x58, 0xf7, 0x3a, 0x7b, 0xbb, + 0x46, 0xb3, 0xbd, 0xd9, 0x36, 0x5a, 0xaa, 0x84, 0x0a, 0x70, 0xa1, 0xb1, 0xb1, 0x67, 0x74, 0x9a, + 0x86, 0x2a, 0xa3, 0x3c, 0x64, 0x8d, 0x07, 0x8d, 0xe6, 0xbe, 0x9a, 0x89, 0x97, 0xa6, 0xb1, 0x65, + 0x3c, 0x50, 0x95, 0xda, 0x8f, 0x32, 0x2c, 0x7e, 0x82, 0x6d, 0x17, 0xd3, 0x1d, 0x1f, 0x0b, 0x1e, + 0x4e, 0xf6, 0x9b, 0x17, 0xfd, 0x96, 0x27, 0x3f, 0x79, 0x5e, 0x7c, 0x47, 0xb4, 0x05, 0x79, 0x92, + 0x84, 0xb1, 0xda, 0x4b, 0xb3, 0x64, 0x38, 0x81, 0xae, 0xa7, 0x2b, 0x73, 0x1c, 0x5b, 0x5b, 0x83, + 0xfc, 0x38, 0x7f, 0x01, 0x2e, 0x98, 0xc6, 0xee, 0xdd, 0x46, 0xd3, 0x50, 0x25, 0x04, 0x90, 0x33, + 0x8d, 0xed, 0x9d, 0xcf, 0xe2, 0x16, 0x00, 0x72, 0x8d, 0xdd, 0x5d, 0xa3, 0xd3, 0x52, 0x33, 0xb5, + 0x9f, 0x32, 0x50, 0x9a, 0x56, 0x2c, 0xb2, 0x61, 0x89, 0xf2, 0xbb, 0xdd, 0x7a, 0xc4, 0x92, 0x5a, + 0x69, 0x02, 0x4e, 0xa6, 0xc2, 0xfa, 0xf2, 0x6b, 0xaa, 0x13, 0xb4, 0xb8, 0x2a, 0x70, 0x4e, 0x58, + 0x03, 0xe4, 0x40, 0x95, 0x0a, 0x5e, 0xcf, 0xc9, 0x91, 0xf9, 0x27, 0x39, 0x2a, 0x09, 0xd0, 0x4c, + 0x92, 0x35, 0x28, 0xf3, 0xcb, 0xca, 0x4a, 0x73, 0x39, 0xc4, 0xc5, 0x6c, 0xc0, 0x45, 0x13, 0x71, + 0x5b, 0x22, 0xaf, 0x26, 0x71, 0xf1, 0xbc, 0x88, 0x03, 0xe2, 0x72, 0xda, 0xe4, 0x4f, 0x46, 0x6c, + 0x10, 0xf7, 0xa8, 0xf6, 0x2a, 0x03, 0x45, 0x13, 0xfb, 0x84, 0x86, 0xa7, 0xbd, 0x47, 0x94, 0xff, + 0xf0, 0x1e, 0x79, 0x0b, 0x8a, 0x2e, 0xee, 0xda, 0x51, 0x3f, 0xb4, 0xb8, 0x94, 0x33, 0x4c, 0xca, + 0x97, 0xc4, 0xe1, 0x7d, 0xa6, 0xe8, 0xb9, 0x8f, 0x16, 0x65, 0xfe, 0xa3, 0xe5, 0x4b, 0xb8, 0x4e, + 0xb1, 0x8f, 0xed, 0x70, 0xea, 0xc6, 0xb3, 0x02, 0x3c, 0xb0, 0x87, 0xa1, 0xe7, 0x04, 0xac, 0xd3, + 0xd2, 0xfa, 0x07, 0xb3, 0x12, 0x9c, 0x68, 0x31, 0xde, 0x31, 0x88, 0x71, 0xed, 0x7b, 0x09, 0x80, + 0x79, 0x8d, 0x9e, 0x6e, 0xac, 0xdd, 0x81, 0x6b, 0x67, 0xc4, 0x22, 0x04, 0xa5, 0x96, 0x71, 0x77, + 0xbf, 0x61, 0x19, 0x9d, 0xe6, 0x4e, 0xab, 0xdd, 0xd9, 0x52, 0x25, 0x54, 0x81, 0x72, 0xbb, 0xd3, + 0x32, 0x62, 0xb6, 0x1a, 0x9d, 0xfd, 0xb1, 0x45, 0xae, 0xa9, 0x50, 0x4a, 0xca, 0xe2, 0x1f, 0x64, + 0xfd, 0x5b, 0x19, 0xb2, 0xdb, 0x71, 0xc9, 0x68, 0x13, 0xb2, 0xec, 0xf2, 0x44, 0x6f, 0x9e, 0xf5, + 0x74, 0xa9, 0x5e, 0x3f, 0xf3, 0xc6, 0xad, 0x49, 0xa8, 0x0d, 0x39, 0x9e, 0x03, 0x5d, 0x3f, 0x73, + 0x24, 0x55, 0xed, 0x34, 0x73, 0x02, 0xb5, 0xb1, 0xfd, 0xfc, 0x58, 0x93, 0x5e, 0x1c, 0x6b, 0xd2, + 0xcf, 0xc7, 0x9a, 0xf4, 0xf2, 0x58, 0x93, 0x9e, 0x8d, 0x34, 0xf9, 0x87, 0x91, 0x26, 0x3d, 0x1f, + 0x69, 0xf2, 0x8b, 0x91, 0x26, 0xff, 0x36, 0xd2, 0xe4, 0xbf, 0x46, 0x9a, 0xf4, 0x72, 0xa4, 0xc9, + 0x5f, 0xff, 0xae, 0x49, 0x0f, 0xaf, 0x70, 0x48, 0x8f, 0xd4, 0x6d, 0xdf, 0xab, 0x27, 0x4f, 0xe2, + 0x67, 0xb2, 0xfc, 0x4a, 0x96, 0x0f, 0x72, 0xec, 0x87, 0x78, 0xeb, 0xef, 0x00, 0x00, 0x00, 0xff, + 0xff, 0x7a, 0xa2, 0x01, 0x40, 0xa0, 0x0b, 0x00, 0x00, } diff --git a/mixer/v1/mixer.proto b/mixer/v1/mixer.proto index 461d3e2a35..04ace6793a 100644 --- a/mixer/v1/mixer.proto +++ b/mixer/v1/mixer.proto @@ -221,24 +221,32 @@ message RouteDirective { // Used to report telemetry after performing one or more actions. message ReportRequest { + // next value: 5 + + // Used to signal how the sets of compressed attributes should be reconstitued server-side. + enum RepeatedAttributesSemantics { + // Use delta encoding between sets of compressed attributes to reduce the overall on-wire + // request size. Each individual set of attributes is used to modify the previous set. + // NOTE: There is no way with this encoding to specify attribute value deletion. This + // option should be used with extreme caution. + DELTA_ENCODING = 0; + + // Treat each set of compressed attributes as complete - independent from other sets + // in this request. This will result in on-wire duplication of attributes and values, but + // will allow for proper accounting of absent values in overall encoding. + INDEPENDENT_ENCODING = 1; + } + // The attributes to use for this request. // // Each `Attributes` element represents the state of a single action. Multiple actions // can be provided in a single message in order to improve communication efficiency. The // client can accumulate a set of actions and send them all in one single message. - // - // Although each `Attributes` message is semantically treated as an independent - // stand-alone entity unrelated to the other attributes within the message, this - // message format leverages delta-encoding between attribute messages in order to - // substantially reduce the request size and improve end-to-end efficiency. Each - // individual set of attributes is used to modify the previous set. This eliminates - // the need to redundantly send the same attributes multiple times over within - // a single request. - // - // If a client is not sophisticated and doesn't want to use delta-encoding, - // a degenerate case is to include all attributes in every individual message. repeated CompressedAttributes attributes = 1 [(gogoproto.nullable) = false]; + // Indicates how to decode the attributes sets in this request. + RepeatedAttributesSemantics repeated_attributes_semantics = 4; + // The default message-level dictionary for all the attributes. // Individual attribute messages can have their own dictionaries, but if they don't // then this set of words, if it is provided, is used instead. diff --git a/proto.lock b/proto.lock index c0b4dd150f..9292184119 100644 --- a/proto.lock +++ b/proto.lock @@ -2348,6 +2348,19 @@ "integer": 2 } ] + }, + { + "name": "ReportRequest.RepeatedAttributesSemantics", + "enum_fields": [ + { + "name": "DELTA_ENCODING", + "integer": 0 + }, + { + "name": "INDEPENDENT_ENCODING", + "integer": 1 + } + ] } ], "messages": [ @@ -2573,6 +2586,11 @@ "type": "CompressedAttributes", "is_repeated": true }, + { + "id": 4, + "name": "repeated_attributes_semantics", + "type": "RepeatedAttributesSemantics" + }, { "id": 2, "name": "default_words", diff --git a/python/istio_api/mixer/v1/mixer_pb2.py b/python/istio_api/mixer/v1/mixer_pb2.py index 1741dfbdb7..7abd991287 100644 --- a/python/istio_api/mixer/v1/mixer_pb2.py +++ b/python/istio_api/mixer/v1/mixer_pb2.py @@ -23,7 +23,7 @@ name='mixer/v1/mixer.proto', package='istio.mixer.v1', syntax='proto3', - serialized_pb=_b('\n\x14mixer/v1/mixer.proto\x12\x0eistio.mixer.v1\x1a\x14gogoproto/gogo.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x17google/rpc/status.proto\x1a\x19mixer/v1/attributes.proto\"\xd0\x02\n\x0c\x43heckRequest\x12>\n\nattributes\x18\x01 \x01(\x0b\x32$.istio.mixer.v1.CompressedAttributesB\x04\xc8\xde\x1f\x00\x12\x19\n\x11global_word_count\x18\x02 \x01(\r\x12\x18\n\x10\x64\x65\x64uplication_id\x18\x03 \x01(\t\x12>\n\x06quotas\x18\x04 \x03(\x0b\x32(.istio.mixer.v1.CheckRequest.QuotasEntryB\x04\xc8\xde\x1f\x00\x1a\x32\n\x0bQuotaParams\x12\x0e\n\x06\x61mount\x18\x01 \x01(\x03\x12\x13\n\x0b\x62\x65st_effort\x18\x02 \x01(\x08\x1aW\n\x0bQuotasEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x37\n\x05value\x18\x02 \x01(\x0b\x32(.istio.mixer.v1.CheckRequest.QuotaParams:\x02\x38\x01\"\xc3\x05\n\rCheckResponse\x12L\n\x0cprecondition\x18\x02 \x01(\x0b\x32\x30.istio.mixer.v1.CheckResponse.PreconditionResultB\x04\xc8\xde\x1f\x00\x12?\n\x06quotas\x18\x03 \x03(\x0b\x32).istio.mixer.v1.CheckResponse.QuotasEntryB\x04\xc8\xde\x1f\x00\x1a\x98\x02\n\x12PreconditionResult\x12(\n\x06status\x18\x01 \x01(\x0b\x32\x12.google.rpc.StatusB\x04\xc8\xde\x1f\x00\x12;\n\x0evalid_duration\x18\x02 \x01(\x0b\x32\x19.google.protobuf.DurationB\x08\xc8\xde\x1f\x00\x98\xdf\x1f\x01\x12\x17\n\x0fvalid_use_count\x18\x03 \x01(\x05\x12\x43\n\x15referenced_attributes\x18\x05 \x01(\x0b\x32$.istio.mixer.v1.ReferencedAttributes\x12\x37\n\x0froute_directive\x18\x06 \x01(\x0b\x32\x1e.istio.mixer.v1.RouteDirectiveJ\x04\x08\x04\x10\x05\x1a\xad\x01\n\x0bQuotaResult\x12;\n\x0evalid_duration\x18\x01 \x01(\x0b\x32\x19.google.protobuf.DurationB\x08\xc8\xde\x1f\x00\x98\xdf\x1f\x01\x12\x16\n\x0egranted_amount\x18\x02 \x01(\x03\x12I\n\x15referenced_attributes\x18\x05 \x01(\x0b\x32$.istio.mixer.v1.ReferencedAttributesB\x04\xc8\xde\x1f\x00\x1aX\n\x0bQuotasEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x38\n\x05value\x18\x02 \x01(\x0b\x32).istio.mixer.v1.CheckResponse.QuotaResult:\x02\x38\x01\"\xca\x02\n\x14ReferencedAttributes\x12\r\n\x05words\x18\x01 \x03(\t\x12T\n\x11\x61ttribute_matches\x18\x02 \x03(\x0b\x32\x33.istio.mixer.v1.ReferencedAttributes.AttributeMatchB\x04\xc8\xde\x1f\x00\x1a\x81\x01\n\x0e\x41ttributeMatch\x12\x0c\n\x04name\x18\x01 \x01(\x11\x12\x41\n\tcondition\x18\x02 \x01(\x0e\x32..istio.mixer.v1.ReferencedAttributes.Condition\x12\r\n\x05regex\x18\x03 \x01(\t\x12\x0f\n\x07map_key\x18\x04 \x01(\x11\"I\n\tCondition\x12\x19\n\x15\x43ONDITION_UNSPECIFIED\x10\x00\x12\x0b\n\x07\x41\x42SENCE\x10\x01\x12\t\n\x05\x45XACT\x10\x02\x12\t\n\x05REGEX\x10\x03\"\x9e\x01\n\x0fHeaderOperation\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t\x12<\n\toperation\x18\x03 \x01(\x0e\x32).istio.mixer.v1.HeaderOperation.Operation\"0\n\tOperation\x12\x0b\n\x07REPLACE\x10\x00\x12\n\n\x06REMOVE\x10\x01\x12\n\n\x06\x41PPEND\x10\x02\"\xe1\x01\n\x0eRouteDirective\x12H\n\x19request_header_operations\x18\x01 \x03(\x0b\x32\x1f.istio.mixer.v1.HeaderOperationB\x04\xc8\xde\x1f\x00\x12I\n\x1aresponse_header_operations\x18\x02 \x03(\x0b\x32\x1f.istio.mixer.v1.HeaderOperationB\x04\xc8\xde\x1f\x00\x12\x1c\n\x14\x64irect_response_code\x18\x03 \x01(\r\x12\x1c\n\x14\x64irect_response_body\x18\x04 \x01(\t\"\x81\x01\n\rReportRequest\x12>\n\nattributes\x18\x01 \x03(\x0b\x32$.istio.mixer.v1.CompressedAttributesB\x04\xc8\xde\x1f\x00\x12\x15\n\rdefault_words\x18\x02 \x03(\t\x12\x19\n\x11global_word_count\x18\x03 \x01(\r\"\x10\n\x0eReportResponse2\x9a\x01\n\x05Mixer\x12\x46\n\x05\x43heck\x12\x1c.istio.mixer.v1.CheckRequest\x1a\x1d.istio.mixer.v1.CheckResponse\"\x00\x12I\n\x06Report\x12\x1d.istio.mixer.v1.ReportRequest\x1a\x1e.istio.mixer.v1.ReportResponse\"\x00\x42)Z\x15istio.io/api/mixer/v1\x80\x01\x01\xf8\x01\x01\xc8\xe1\x1e\x00\xa8\xe2\x1e\x00\xf0\xe1\x1e\x00\x62\x06proto3') + serialized_pb=_b('\n\x14mixer/v1/mixer.proto\x12\x0eistio.mixer.v1\x1a\x14gogoproto/gogo.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x17google/rpc/status.proto\x1a\x19mixer/v1/attributes.proto\"\xd0\x02\n\x0c\x43heckRequest\x12>\n\nattributes\x18\x01 \x01(\x0b\x32$.istio.mixer.v1.CompressedAttributesB\x04\xc8\xde\x1f\x00\x12\x19\n\x11global_word_count\x18\x02 \x01(\r\x12\x18\n\x10\x64\x65\x64uplication_id\x18\x03 \x01(\t\x12>\n\x06quotas\x18\x04 \x03(\x0b\x32(.istio.mixer.v1.CheckRequest.QuotasEntryB\x04\xc8\xde\x1f\x00\x1a\x32\n\x0bQuotaParams\x12\x0e\n\x06\x61mount\x18\x01 \x01(\x03\x12\x13\n\x0b\x62\x65st_effort\x18\x02 \x01(\x08\x1aW\n\x0bQuotasEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x37\n\x05value\x18\x02 \x01(\x0b\x32(.istio.mixer.v1.CheckRequest.QuotaParams:\x02\x38\x01\"\xc3\x05\n\rCheckResponse\x12L\n\x0cprecondition\x18\x02 \x01(\x0b\x32\x30.istio.mixer.v1.CheckResponse.PreconditionResultB\x04\xc8\xde\x1f\x00\x12?\n\x06quotas\x18\x03 \x03(\x0b\x32).istio.mixer.v1.CheckResponse.QuotasEntryB\x04\xc8\xde\x1f\x00\x1a\x98\x02\n\x12PreconditionResult\x12(\n\x06status\x18\x01 \x01(\x0b\x32\x12.google.rpc.StatusB\x04\xc8\xde\x1f\x00\x12;\n\x0evalid_duration\x18\x02 \x01(\x0b\x32\x19.google.protobuf.DurationB\x08\xc8\xde\x1f\x00\x98\xdf\x1f\x01\x12\x17\n\x0fvalid_use_count\x18\x03 \x01(\x05\x12\x43\n\x15referenced_attributes\x18\x05 \x01(\x0b\x32$.istio.mixer.v1.ReferencedAttributes\x12\x37\n\x0froute_directive\x18\x06 \x01(\x0b\x32\x1e.istio.mixer.v1.RouteDirectiveJ\x04\x08\x04\x10\x05\x1a\xad\x01\n\x0bQuotaResult\x12;\n\x0evalid_duration\x18\x01 \x01(\x0b\x32\x19.google.protobuf.DurationB\x08\xc8\xde\x1f\x00\x98\xdf\x1f\x01\x12\x16\n\x0egranted_amount\x18\x02 \x01(\x03\x12I\n\x15referenced_attributes\x18\x05 \x01(\x0b\x32$.istio.mixer.v1.ReferencedAttributesB\x04\xc8\xde\x1f\x00\x1aX\n\x0bQuotasEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x38\n\x05value\x18\x02 \x01(\x0b\x32).istio.mixer.v1.CheckResponse.QuotaResult:\x02\x38\x01\"\xca\x02\n\x14ReferencedAttributes\x12\r\n\x05words\x18\x01 \x03(\t\x12T\n\x11\x61ttribute_matches\x18\x02 \x03(\x0b\x32\x33.istio.mixer.v1.ReferencedAttributes.AttributeMatchB\x04\xc8\xde\x1f\x00\x1a\x81\x01\n\x0e\x41ttributeMatch\x12\x0c\n\x04name\x18\x01 \x01(\x11\x12\x41\n\tcondition\x18\x02 \x01(\x0e\x32..istio.mixer.v1.ReferencedAttributes.Condition\x12\r\n\x05regex\x18\x03 \x01(\t\x12\x0f\n\x07map_key\x18\x04 \x01(\x11\"I\n\tCondition\x12\x19\n\x15\x43ONDITION_UNSPECIFIED\x10\x00\x12\x0b\n\x07\x41\x42SENCE\x10\x01\x12\t\n\x05\x45XACT\x10\x02\x12\t\n\x05REGEX\x10\x03\"\x9e\x01\n\x0fHeaderOperation\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t\x12<\n\toperation\x18\x03 \x01(\x0e\x32).istio.mixer.v1.HeaderOperation.Operation\"0\n\tOperation\x12\x0b\n\x07REPLACE\x10\x00\x12\n\n\x06REMOVE\x10\x01\x12\n\n\x06\x41PPEND\x10\x02\"\xe1\x01\n\x0eRouteDirective\x12H\n\x19request_header_operations\x18\x01 \x03(\x0b\x32\x1f.istio.mixer.v1.HeaderOperationB\x04\xc8\xde\x1f\x00\x12I\n\x1aresponse_header_operations\x18\x02 \x03(\x0b\x32\x1f.istio.mixer.v1.HeaderOperationB\x04\xc8\xde\x1f\x00\x12\x1c\n\x14\x64irect_response_code\x18\x03 \x01(\r\x12\x1c\n\x14\x64irect_response_body\x18\x04 \x01(\t\"\xb0\x02\n\rReportRequest\x12>\n\nattributes\x18\x01 \x03(\x0b\x32$.istio.mixer.v1.CompressedAttributesB\x04\xc8\xde\x1f\x00\x12`\n\x1drepeated_attributes_semantics\x18\x04 \x01(\x0e\x32\x39.istio.mixer.v1.ReportRequest.RepeatedAttributesSemantics\x12\x15\n\rdefault_words\x18\x02 \x03(\t\x12\x19\n\x11global_word_count\x18\x03 \x01(\r\"K\n\x1bRepeatedAttributesSemantics\x12\x12\n\x0e\x44\x45LTA_ENCODING\x10\x00\x12\x18\n\x14INDEPENDENT_ENCODING\x10\x01\"\x10\n\x0eReportResponse2\x9a\x01\n\x05Mixer\x12\x46\n\x05\x43heck\x12\x1c.istio.mixer.v1.CheckRequest\x1a\x1d.istio.mixer.v1.CheckResponse\"\x00\x12I\n\x06Report\x12\x1d.istio.mixer.v1.ReportRequest\x1a\x1e.istio.mixer.v1.ReportResponse\"\x00\x42)Z\x15istio.io/api/mixer/v1\x80\x01\x01\xf8\x01\x01\xc8\xe1\x1e\x00\xa8\xe2\x1e\x00\xf0\xe1\x1e\x00\x62\x06proto3') , dependencies=[gogoproto_dot_gogo__pb2.DESCRIPTOR,google_dot_protobuf_dot_duration__pb2.DESCRIPTOR,google_dot_rpc_dot_status__pb2.DESCRIPTOR,mixer_dot_v1_dot_attributes__pb2.DESCRIPTOR,]) @@ -85,6 +85,28 @@ ) _sym_db.RegisterEnumDescriptor(_HEADEROPERATION_OPERATION) +_REPORTREQUEST_REPEATEDATTRIBUTESSEMANTICS = _descriptor.EnumDescriptor( + name='RepeatedAttributesSemantics', + full_name='istio.mixer.v1.ReportRequest.RepeatedAttributesSemantics', + filename=None, + file=DESCRIPTOR, + values=[ + _descriptor.EnumValueDescriptor( + name='DELTA_ENCODING', index=0, number=0, + options=None, + type=None), + _descriptor.EnumValueDescriptor( + name='INDEPENDENT_ENCODING', index=1, number=1, + options=None, + type=None), + ], + containing_type=None, + options=None, + serialized_start=2147, + serialized_end=2222, +) +_sym_db.RegisterEnumDescriptor(_REPORTREQUEST_REPEATEDATTRIBUTESSEMANTICS) + _CHECKREQUEST_QUOTAPARAMS = _descriptor.Descriptor( name='QuotaParams', @@ -592,14 +614,21 @@ is_extension=False, extension_scope=None, options=_descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\310\336\037\000')), file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='default_words', full_name='istio.mixer.v1.ReportRequest.default_words', index=1, + name='repeated_attributes_semantics', full_name='istio.mixer.v1.ReportRequest.repeated_attributes_semantics', index=1, + number=4, type=14, cpp_type=8, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='default_words', full_name='istio.mixer.v1.ReportRequest.default_words', index=2, number=2, type=9, cpp_type=9, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='global_word_count', full_name='istio.mixer.v1.ReportRequest.global_word_count', index=2, + name='global_word_count', full_name='istio.mixer.v1.ReportRequest.global_word_count', index=3, number=3, type=13, cpp_type=3, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, @@ -610,6 +639,7 @@ ], nested_types=[], enum_types=[ + _REPORTREQUEST_REPEATEDATTRIBUTESSEMANTICS, ], options=None, is_extendable=False, @@ -618,7 +648,7 @@ oneofs=[ ], serialized_start=1918, - serialized_end=2047, + serialized_end=2222, ) @@ -641,8 +671,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2049, - serialized_end=2065, + serialized_start=2224, + serialized_end=2240, ) _CHECKREQUEST_QUOTAPARAMS.containing_type = _CHECKREQUEST @@ -671,6 +701,8 @@ _ROUTEDIRECTIVE.fields_by_name['request_header_operations'].message_type = _HEADEROPERATION _ROUTEDIRECTIVE.fields_by_name['response_header_operations'].message_type = _HEADEROPERATION _REPORTREQUEST.fields_by_name['attributes'].message_type = mixer_dot_v1_dot_attributes__pb2._COMPRESSEDATTRIBUTES +_REPORTREQUEST.fields_by_name['repeated_attributes_semantics'].enum_type = _REPORTREQUEST_REPEATEDATTRIBUTESSEMANTICS +_REPORTREQUEST_REPEATEDATTRIBUTESSEMANTICS.containing_type = _REPORTREQUEST DESCRIPTOR.message_types_by_name['CheckRequest'] = _CHECKREQUEST DESCRIPTOR.message_types_by_name['CheckResponse'] = _CHECKRESPONSE DESCRIPTOR.message_types_by_name['ReferencedAttributes'] = _REFERENCEDATTRIBUTES @@ -815,8 +847,8 @@ file=DESCRIPTOR, index=0, options=None, - serialized_start=2068, - serialized_end=2222, + serialized_start=2243, + serialized_end=2397, methods=[ _descriptor.MethodDescriptor( name='Check', From d5da499b61ddc6a85248edee2f214a2104364953 Mon Sep 17 00:00:00 2001 From: Shriram Rajagopalan Date: Wed, 30 Jan 2019 20:15:20 -0500 Subject: [PATCH 05/15] revert sds name (#781) Signed-off-by: Shriram Rajagopalan --- networking/v1alpha3/gateway.pb.go | 137 ++++++------------ networking/v1alpha3/gateway.proto | 7 - .../istio.networking.v1alpha3.pb.html | 12 -- proto.lock | 5 - .../networking/v1alpha3/gateway_pb2.py | 25 ++-- 5 files changed, 51 insertions(+), 135 deletions(-) diff --git a/networking/v1alpha3/gateway.pb.go b/networking/v1alpha3/gateway.pb.go index 3eeb4ff276..37c3bcf532 100644 --- a/networking/v1alpha3/gateway.pb.go +++ b/networking/v1alpha3/gateway.pb.go @@ -427,12 +427,6 @@ type Server_TLSOptions struct { // Optional: If specified, only support the specified cipher list. // Otherwise default to the default cipher list supported by Envoy. CipherSuites []string `protobuf:"bytes,9,rep,name=cipher_suites,json=cipherSuites" json:"cipher_suites,omitempty"` - // Optional: If specified, the gateway controllers (with SDS enabled) - // use the specified name as the SDS secret config name to call the SDS - // server, to retrieve the key and certificates. Otherwise, the gateway - // controllers (with SDS enabled) use the first value in the hosts as - // the SDS secret config name to call the SDS server. - SdsName string `protobuf:"bytes,10,opt,name=sds_name,json=sdsName,proto3" json:"sds_name,omitempty"` } func (m *Server_TLSOptions) Reset() { *m = Server_TLSOptions{} } @@ -503,13 +497,6 @@ func (m *Server_TLSOptions) GetCipherSuites() []string { return nil } -func (m *Server_TLSOptions) GetSdsName() string { - if m != nil { - return m.SdsName - } - return "" -} - // Port describes the properties of a specific port of a service. type Port struct { // REQUIRED: A valid non-negative integer port number. @@ -757,12 +744,6 @@ func (m *Server_TLSOptions) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } - if len(m.SdsName) > 0 { - dAtA[i] = 0x52 - i++ - i = encodeVarintGateway(dAtA, i, uint64(len(m.SdsName))) - i += copy(dAtA[i:], m.SdsName) - } return i, nil } @@ -897,10 +878,6 @@ func (m *Server_TLSOptions) Size() (n int) { n += 1 + l + sovGateway(uint64(l)) } } - l = len(m.SdsName) - if l > 0 { - n += 1 + l + sovGateway(uint64(l)) - } return n } @@ -1587,35 +1564,6 @@ func (m *Server_TLSOptions) Unmarshal(dAtA []byte) error { } m.CipherSuites = append(m.CipherSuites, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex - case 10: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field SdsName", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowGateway - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthGateway - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.SdsName = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGateway(dAtA[iNdEx:]) @@ -1872,48 +1820,47 @@ var ( func init() { proto.RegisterFile("networking/v1alpha3/gateway.proto", fileDescriptorGateway) } var fileDescriptorGateway = []byte{ - // 673 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x54, 0x4d, 0x4f, 0xdb, 0x4c, - 0x10, 0xc6, 0x49, 0xc8, 0xc7, 0x84, 0x10, 0xb3, 0x42, 0xaf, 0x0c, 0x07, 0x3e, 0xf2, 0xea, 0xd5, - 0x4b, 0xab, 0xd6, 0x81, 0xa4, 0x07, 0x54, 0xa4, 0x4a, 0x69, 0x85, 0x48, 0xd5, 0x40, 0x22, 0x3b, - 0xe1, 0xd0, 0x8b, 0xb5, 0x71, 0x16, 0xb2, 0xe0, 0x78, 0xad, 0xdd, 0x4d, 0x20, 0x7f, 0xa9, 0xbf, - 0xa4, 0xc7, 0xf6, 0xd0, 0x7b, 0xc5, 0x2f, 0xa9, 0x76, 0xed, 0x90, 0xf4, 0x8b, 0x0a, 0xf5, 0x36, - 0xf3, 0xcc, 0xcc, 0x33, 0x33, 0xcf, 0xac, 0x0d, 0xbb, 0x21, 0x91, 0x37, 0x8c, 0x5f, 0xd3, 0xf0, - 0xb2, 0x3a, 0x39, 0xc0, 0x41, 0x34, 0xc4, 0xf5, 0xea, 0x25, 0x96, 0xe4, 0x06, 0x4f, 0xed, 0x88, - 0x33, 0xc9, 0xd0, 0x06, 0x15, 0x92, 0x32, 0x7b, 0x9e, 0x68, 0xcf, 0x12, 0x2b, 0x9f, 0x0d, 0xc8, - 0x9d, 0xc4, 0xc9, 0xe8, 0x08, 0x72, 0x82, 0xf0, 0x09, 0xe1, 0xc2, 0x32, 0x76, 0xd2, 0x7b, 0xc5, - 0xda, 0xae, 0xfd, 0xdb, 0x42, 0xdb, 0xd5, 0x99, 0xce, 0xac, 0x02, 0xb5, 0x20, 0x2f, 0x48, 0x40, - 0x7c, 0xc9, 0xb8, 0x95, 0xd2, 0xd5, 0xfb, 0x0f, 0x54, 0x27, 0x2d, 0x6d, 0x37, 0x29, 0x39, 0x0e, - 0x25, 0x9f, 0x3a, 0xf7, 0x0c, 0x9b, 0x47, 0x50, 0xfa, 0x2e, 0x84, 0x4c, 0x48, 0x5f, 0x93, 0xa9, - 0x65, 0xec, 0x18, 0x7b, 0x05, 0x47, 0x99, 0x68, 0x1d, 0x96, 0x27, 0x38, 0x18, 0x13, 0x2b, 0xa5, - 0xb1, 0xd8, 0x79, 0x99, 0x3a, 0x34, 0x2a, 0x1f, 0x72, 0x90, 0x8d, 0xc7, 0x43, 0x75, 0xc8, 0x44, - 0x8c, 0x4b, 0x5d, 0x57, 0xac, 0x6d, 0x3f, 0x30, 0x51, 0x87, 0x71, 0xe9, 0xe8, 0x64, 0xc5, 0x3c, - 0x64, 0x42, 0x0a, 0xbd, 0x47, 0xc1, 0x89, 0x1d, 0xf4, 0x0a, 0xd2, 0x32, 0x10, 0x56, 0x5a, 0x33, - 0x3d, 0xfb, 0xa3, 0x32, 0x76, 0xb7, 0xe5, 0xb6, 0x23, 0x49, 0x59, 0x28, 0x1c, 0x55, 0x88, 0x10, - 0x64, 0xfa, 0x34, 0x1c, 0x58, 0x19, 0x3d, 0xae, 0xb6, 0xd1, 0x13, 0x30, 0x07, 0xe4, 0x02, 0x8f, - 0x03, 0xe9, 0x91, 0x70, 0x10, 0x31, 0x1a, 0x4a, 0x6b, 0x59, 0xc7, 0xcb, 0x09, 0x7e, 0x9c, 0xc0, - 0x9b, 0x5f, 0x96, 0x01, 0xe6, 0x94, 0xe8, 0x3f, 0x58, 0x1d, 0x4a, 0x19, 0x09, 0x8f, 0x93, 0x01, - 0xe5, 0xc4, 0x8f, 0x57, 0xcc, 0x3b, 0x25, 0x8d, 0x3a, 0x09, 0x88, 0x9a, 0x90, 0x19, 0xb1, 0x41, - 0xac, 0xd1, 0x6a, 0xed, 0xc5, 0x63, 0xa6, 0x56, 0xa6, 0xaa, 0x75, 0x34, 0x03, 0x7a, 0x0e, 0x28, - 0x3e, 0xb5, 0xe7, 0x13, 0x2e, 0xe9, 0x05, 0xf5, 0xb1, 0x24, 0x5a, 0x8d, 0x82, 0xb3, 0x16, 0x47, - 0xde, 0xcc, 0x03, 0x68, 0x1b, 0x8a, 0x11, 0xa7, 0x13, 0x2c, 0x89, 0xa7, 0xee, 0x16, 0x2f, 0x0d, - 0x09, 0xf4, 0x8e, 0x4c, 0xd1, 0xff, 0x50, 0xf6, 0xf1, 0x22, 0x97, 0x48, 0x36, 0x5f, 0xf5, 0xf1, - 0x02, 0x91, 0x40, 0x4f, 0x61, 0x4d, 0x8c, 0xfb, 0x57, 0xc4, 0x97, 0x1e, 0x0e, 0xa4, 0x17, 0xe2, - 0x11, 0x11, 0x56, 0x56, 0x5f, 0xa6, 0x9c, 0x04, 0x1a, 0x81, 0x3c, 0x53, 0x30, 0xba, 0x82, 0xf5, - 0x11, 0x0d, 0x3d, 0xfd, 0xea, 0x7d, 0x16, 0x78, 0xea, 0x65, 0x52, 0x16, 0x5a, 0x39, 0xbd, 0xfe, - 0xe1, 0x63, 0xd7, 0xef, 0x24, 0x3c, 0x0e, 0x1a, 0xd1, 0x70, 0xe6, 0x9c, 0xc7, 0x9c, 0xba, 0x17, - 0xbe, 0xfd, 0xb9, 0x57, 0xfe, 0xaf, 0x7b, 0xe1, 0xdb, 0x1f, 0x7b, 0xfd, 0x0b, 0x25, 0x9f, 0x46, - 0x43, 0xc2, 0x3d, 0x31, 0xa6, 0x4a, 0xaa, 0x82, 0xde, 0x7f, 0x25, 0x06, 0x5d, 0x8d, 0xa1, 0x0d, - 0xc8, 0x8b, 0x81, 0xd0, 0x02, 0x59, 0xa0, 0xa5, 0xcc, 0x89, 0x81, 0x50, 0xc2, 0x54, 0x9a, 0x90, - 0x4b, 0xae, 0x89, 0xca, 0x50, 0xec, 0x34, 0x5c, 0xb7, 0xdb, 0x74, 0xda, 0xbd, 0x93, 0xa6, 0xb9, - 0x84, 0x00, 0xb2, 0xee, 0xdb, 0xd3, 0x4e, 0xeb, 0xd8, 0x34, 0x94, 0x7d, 0xda, 0xeb, 0xf6, 0x1a, - 0x2d, 0x33, 0x85, 0xd6, 0xc1, 0x6c, 0xf4, 0xba, 0x6d, 0x6f, 0x31, 0x3b, 0x5d, 0x69, 0x43, 0x71, - 0x61, 0x58, 0xb4, 0x02, 0xf9, 0x6e, 0xcb, 0xf5, 0x54, 0xa2, 0xb9, 0x84, 0x8a, 0xba, 0xcd, 0xf9, - 0x81, 0xb7, 0x6f, 0x1a, 0x73, 0xe7, 0xc0, 0x4c, 0xcd, 0x9d, 0x9a, 0x99, 0x9e, 0x3b, 0x75, 0x33, - 0x53, 0x39, 0x83, 0x8c, 0xfa, 0xf4, 0xd0, 0x3f, 0x90, 0x0d, 0xc7, 0xa3, 0x3e, 0xe1, 0xfa, 0x21, - 0x97, 0x9c, 0xc4, 0x43, 0x9b, 0x90, 0x9f, 0x49, 0x9c, 0x7c, 0xe9, 0xf7, 0xbe, 0xfa, 0xa4, 0xf4, - 0xb6, 0xf1, 0x2b, 0xd4, 0xf6, 0x6b, 0xfb, 0xe3, 0xdd, 0x96, 0xf1, 0xe9, 0x6e, 0xcb, 0xf8, 0x7a, - 0xb7, 0x65, 0xbc, 0xdf, 0x89, 0xaf, 0x40, 0x59, 0x15, 0x47, 0xb4, 0xfa, 0x8b, 0x3f, 0x65, 0x3f, - 0xab, 0xd9, 0xea, 0xdf, 0x02, 0x00, 0x00, 0xff, 0xff, 0x20, 0x65, 0xa6, 0x2f, 0x47, 0x05, 0x00, + // 657 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x54, 0xcb, 0x4e, 0xdb, 0x4c, + 0x14, 0xc6, 0x49, 0xc8, 0xe5, 0x84, 0x10, 0x33, 0x42, 0xbf, 0xfc, 0xb3, 0xe0, 0x92, 0xaa, 0x2a, + 0xad, 0x5a, 0x07, 0x92, 0x2e, 0x50, 0x91, 0x2a, 0xa5, 0x15, 0x22, 0x55, 0x03, 0x89, 0xec, 0x84, + 0x45, 0x37, 0xd6, 0xc4, 0x19, 0xc8, 0x80, 0xe3, 0xb1, 0x66, 0x26, 0x81, 0x3c, 0x45, 0xdf, 0xa7, + 0x4f, 0xd0, 0x65, 0xfb, 0x06, 0x15, 0x4f, 0x52, 0xcd, 0xd8, 0x21, 0xe9, 0x8d, 0x0a, 0x75, 0x77, + 0xce, 0x77, 0xce, 0xf7, 0x9d, 0xdb, 0xd8, 0xb0, 0x13, 0x12, 0x79, 0xcd, 0xf8, 0x15, 0x0d, 0x2f, + 0xaa, 0x93, 0x7d, 0x1c, 0x44, 0x43, 0x5c, 0xaf, 0x5e, 0x60, 0x49, 0xae, 0xf1, 0xd4, 0x8e, 0x38, + 0x93, 0x0c, 0xfd, 0x4f, 0x85, 0xa4, 0xcc, 0x9e, 0x27, 0xda, 0xb3, 0xc4, 0xca, 0x57, 0x03, 0x72, + 0xc7, 0x71, 0x32, 0x3a, 0x84, 0x9c, 0x20, 0x7c, 0x42, 0xb8, 0xb0, 0x8c, 0xed, 0xf4, 0x6e, 0xb1, + 0xb6, 0x63, 0xff, 0x91, 0x68, 0xbb, 0x3a, 0xd3, 0x99, 0x31, 0x50, 0x0b, 0xf2, 0x82, 0x04, 0xc4, + 0x97, 0x8c, 0x5b, 0x29, 0xcd, 0xde, 0xbb, 0x87, 0x9d, 0x94, 0xb4, 0xdd, 0x84, 0x72, 0x14, 0x4a, + 0x3e, 0x75, 0xee, 0x14, 0x36, 0x0e, 0xa1, 0xf4, 0x43, 0x08, 0x99, 0x90, 0xbe, 0x22, 0x53, 0xcb, + 0xd8, 0x36, 0x76, 0x0b, 0x8e, 0x32, 0xd1, 0x3a, 0x2c, 0x4f, 0x70, 0x30, 0x26, 0x56, 0x4a, 0x63, + 0xb1, 0xf3, 0x2a, 0x75, 0x60, 0x54, 0x3e, 0xe6, 0x20, 0x1b, 0xb7, 0x87, 0xea, 0x90, 0x89, 0x18, + 0x97, 0x9a, 0x57, 0xac, 0x6d, 0xdd, 0xd3, 0x51, 0x87, 0x71, 0xe9, 0xe8, 0x64, 0xa5, 0x3c, 0x64, + 0x42, 0x0a, 0x3d, 0x47, 0xc1, 0x89, 0x1d, 0xf4, 0x1a, 0xd2, 0x32, 0x10, 0x56, 0x5a, 0x2b, 0x3d, + 0xff, 0xeb, 0x66, 0xec, 0x6e, 0xcb, 0x6d, 0x47, 0x92, 0xb2, 0x50, 0x38, 0x8a, 0x88, 0x10, 0x64, + 0xfa, 0x34, 0x1c, 0x58, 0x19, 0xdd, 0xae, 0xb6, 0xd1, 0x53, 0x30, 0x07, 0xe4, 0x1c, 0x8f, 0x03, + 0xe9, 0x91, 0x70, 0x10, 0x31, 0x1a, 0x4a, 0x6b, 0x59, 0xc7, 0xcb, 0x09, 0x7e, 0x94, 0xc0, 0x1b, + 0x9f, 0x96, 0x01, 0xe6, 0x92, 0xe8, 0x31, 0xac, 0x0e, 0xa5, 0x8c, 0x84, 0xc7, 0xc9, 0x80, 0x72, + 0xe2, 0xc7, 0x23, 0xe6, 0x9d, 0x92, 0x46, 0x9d, 0x04, 0x44, 0x4d, 0xc8, 0x8c, 0xd8, 0x20, 0xde, + 0xd1, 0x6a, 0xed, 0xe5, 0x43, 0xba, 0x56, 0xa6, 0xe2, 0x3a, 0x5a, 0x01, 0xbd, 0x00, 0x14, 0x9f, + 0xda, 0xf3, 0x09, 0x97, 0xf4, 0x9c, 0xfa, 0x58, 0x12, 0xbd, 0x8d, 0x82, 0xb3, 0x16, 0x47, 0xde, + 0xce, 0x03, 0x68, 0x0b, 0x8a, 0x11, 0xa7, 0x13, 0x2c, 0x89, 0xa7, 0xee, 0x16, 0x0f, 0x0d, 0x09, + 0xf4, 0x9e, 0x4c, 0xd1, 0x13, 0x28, 0xfb, 0x78, 0x51, 0x4b, 0x24, 0x93, 0xaf, 0xfa, 0x78, 0x41, + 0x48, 0xa0, 0x67, 0xb0, 0x26, 0xc6, 0xfd, 0x4b, 0xe2, 0x4b, 0x0f, 0x07, 0xd2, 0x0b, 0xf1, 0x88, + 0x08, 0x2b, 0xab, 0x2f, 0x53, 0x4e, 0x02, 0x8d, 0x40, 0x9e, 0x2a, 0x18, 0x5d, 0xc2, 0xfa, 0x88, + 0x86, 0x9e, 0x7e, 0xf5, 0x3e, 0x0b, 0x3c, 0xf5, 0x32, 0x29, 0x0b, 0xad, 0x9c, 0x1e, 0xff, 0xe0, + 0xa1, 0xe3, 0x77, 0x12, 0x1d, 0x07, 0x8d, 0x68, 0x38, 0x73, 0xce, 0x62, 0x4d, 0x5d, 0x0b, 0xdf, + 0xfc, 0x5a, 0x2b, 0xff, 0xcf, 0xb5, 0xf0, 0xcd, 0xcf, 0xb5, 0x1e, 0x41, 0xc9, 0xa7, 0xd1, 0x90, + 0x70, 0x4f, 0x8c, 0xa9, 0x5a, 0x55, 0x41, 0xcf, 0xbf, 0x12, 0x83, 0xae, 0xc6, 0x2a, 0x4d, 0xc8, + 0x25, 0x27, 0x43, 0x65, 0x28, 0x76, 0x1a, 0xae, 0xdb, 0x6d, 0x3a, 0xed, 0xde, 0x71, 0xd3, 0x5c, + 0x42, 0x00, 0x59, 0xf7, 0xdd, 0x49, 0xa7, 0x75, 0x64, 0x1a, 0xca, 0x3e, 0xe9, 0x75, 0x7b, 0x8d, + 0x96, 0x99, 0x42, 0xeb, 0x60, 0x36, 0x7a, 0xdd, 0xb6, 0xb7, 0x98, 0x9d, 0xae, 0xb4, 0xa1, 0xb8, + 0xd0, 0x11, 0x5a, 0x81, 0x7c, 0xb7, 0xe5, 0x7a, 0x2a, 0xd1, 0x5c, 0x42, 0x45, 0x5d, 0xe6, 0x6c, + 0xdf, 0xdb, 0x33, 0x8d, 0xb9, 0xb3, 0x6f, 0xa6, 0xe6, 0x4e, 0xcd, 0x4c, 0xcf, 0x9d, 0xba, 0x99, + 0xa9, 0x9c, 0x42, 0x46, 0x7d, 0x5f, 0xe8, 0x3f, 0xc8, 0x86, 0xe3, 0x51, 0x9f, 0x70, 0xfd, 0x5a, + 0x4b, 0x4e, 0xe2, 0xa1, 0x0d, 0xc8, 0xcf, 0xf6, 0x98, 0x7c, 0xce, 0x77, 0xbe, 0xfa, 0x6e, 0xd4, + 0xcd, 0x93, 0xa7, 0xa6, 0xed, 0x37, 0xf6, 0xe7, 0xdb, 0x4d, 0xe3, 0xcb, 0xed, 0xa6, 0xf1, 0xed, + 0x76, 0xd3, 0xf8, 0xb0, 0x1d, 0xaf, 0x9a, 0xb2, 0x2a, 0x8e, 0x68, 0xf5, 0x37, 0xbf, 0xc3, 0x7e, + 0x56, 0xab, 0xd5, 0xbf, 0x07, 0x00, 0x00, 0xff, 0xff, 0x3a, 0x88, 0xe5, 0x6d, 0x2c, 0x05, 0x00, 0x00, } diff --git a/networking/v1alpha3/gateway.proto b/networking/v1alpha3/gateway.proto index ad9f22791b..0cfb8bcefc 100644 --- a/networking/v1alpha3/gateway.proto +++ b/networking/v1alpha3/gateway.proto @@ -335,13 +335,6 @@ message Server { // Optional: If specified, only support the specified cipher list. // Otherwise default to the default cipher list supported by Envoy. repeated string cipher_suites = 9; - - // Optional: If specified, the gateway controllers (with SDS enabled) - // use the specified name as the SDS secret config name to call the SDS - // server, to retrieve the key and certificates. Otherwise, the gateway - // controllers (with SDS enabled) use the first value in the hosts as - // the SDS secret config name to call the SDS server. - string sds_name = 10; } // Set of TLS related options that govern the server's behavior. Use diff --git a/networking/v1alpha3/istio.networking.v1alpha3.pb.html b/networking/v1alpha3/istio.networking.v1alpha3.pb.html index d4b3616627..8344b1b4de 100644 --- a/networking/v1alpha3/istio.networking.v1alpha3.pb.html +++ b/networking/v1alpha3/istio.networking.v1alpha3.pb.html @@ -2988,18 +2988,6 @@

Server.TLSOptions

Optional: If specified, only support the specified cipher list. Otherwise default to the default cipher list supported by Envoy.

- - - - - - diff --git a/proto.lock b/proto.lock index 9292184119..f4f1a34af8 100644 --- a/proto.lock +++ b/proto.lock @@ -3344,11 +3344,6 @@ "name": "cipher_suites", "type": "string", "is_repeated": true - }, - { - "id": 10, - "name": "sds_name", - "type": "string" } ] } diff --git a/python/istio_api/networking/v1alpha3/gateway_pb2.py b/python/istio_api/networking/v1alpha3/gateway_pb2.py index 77c9a04a9d..991c4f8169 100644 --- a/python/istio_api/networking/v1alpha3/gateway_pb2.py +++ b/python/istio_api/networking/v1alpha3/gateway_pb2.py @@ -19,7 +19,7 @@ name='networking/v1alpha3/gateway.proto', package='istio.networking.v1alpha3', syntax='proto3', - serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xed\x05\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x04 \x01(\t\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x05 \x01(\t\x1a\xc1\x04\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\x12\x10\n\x08sds_name\x18\n \x01(\t\"H\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x14\n\x10\x41UTO_PASSTHROUGH\x10\x03\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSV1_0\x10\x01\x12\x0b\n\x07TLSV1_1\x10\x02\x12\x0b\n\x07TLSV1_2\x10\x03\x12\x0b\n\x07TLSV1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3') + serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xdb\x05\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x04 \x01(\t\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x05 \x01(\t\x1a\xaf\x04\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\"H\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x14\n\x10\x41UTO_PASSTHROUGH\x10\x03\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSV1_0\x10\x01\x12\x0b\n\x07TLSV1_1\x10\x02\x12\x0b\n\x07TLSV1_2\x10\x03\x12\x0b\n\x07TLSV1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3') ) @@ -49,8 +49,8 @@ ], containing_type=None, options=None, - serialized_start=842, - serialized_end=914, + serialized_start=824, + serialized_end=896, ) _sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSMODE) @@ -83,8 +83,8 @@ ], containing_type=None, options=None, - serialized_start=916, - serialized_end=995, + serialized_start=898, + serialized_end=977, ) _sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSPROTOCOL) @@ -234,13 +234,6 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), - _descriptor.FieldDescriptor( - name='sds_name', full_name='istio.networking.v1alpha3.Server.TLSOptions.sds_name', index=9, - number=10, type=9, cpp_type=9, label=1, - has_default_value=False, default_value=_b("").decode('utf-8'), - message_type=None, enum_type=None, containing_type=None, - is_extension=False, extension_scope=None, - options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -256,7 +249,7 @@ oneofs=[ ], serialized_start=418, - serialized_end=995, + serialized_end=977, ) _SERVER = _descriptor.Descriptor( @@ -314,7 +307,7 @@ oneofs=[ ], serialized_start=246, - serialized_end=995, + serialized_end=977, ) @@ -358,8 +351,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=997, - serialized_end=1051, + serialized_start=979, + serialized_end=1033, ) _GATEWAY_SELECTORENTRY.containing_type = _GATEWAY From e3015e7a46e52cbc44c8ed60bde57318eb7a2dd9 Mon Sep 17 00:00:00 2001 From: Shriram Rajagopalan Date: Thu, 31 Jan 2019 18:56:14 -0500 Subject: [PATCH 06/15] Fixing SDS field/semantics in the gateway (#780) * Enabling SDS in the gateway Signed-off-by: Shriram Rajagopalan * lint Signed-off-by: Shriram Rajagopalan * nits Signed-off-by: Shriram Rajagopalan * cleanups Signed-off-by: Shriram Rajagopalan * update Signed-off-by: Shriram Rajagopalan * updates Signed-off-by: Shriram Rajagopalan * protolock Signed-off-by: Shriram Rajagopalan --- networking/v1alpha3/gateway.pb.go | 144 ++++++++++++------ networking/v1alpha3/gateway.proto | 12 ++ .../istio.networking.v1alpha3.pb.html | 17 +++ proto.lock | 5 + .../networking/v1alpha3/gateway_pb2.py | 33 ++-- 5 files changed, 155 insertions(+), 56 deletions(-) diff --git a/networking/v1alpha3/gateway.pb.go b/networking/v1alpha3/gateway.pb.go index 37c3bcf532..58fff44ccb 100644 --- a/networking/v1alpha3/gateway.pb.go +++ b/networking/v1alpha3/gateway.pb.go @@ -417,6 +417,17 @@ type Server_TLSOptions struct { // certificate authority certificates to use in verifying a presented // client side certificate. CaCertificates string `protobuf:"bytes,5,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` + // The credentialName stands for a unique identifier that can be used + // to identify the serverCertificate, the privateKey and the + // CaCertificates associated with this server. Gateway workloads + // capable of fetching credentials from a remote credential store will + // be configured to retrive the credentials using this name, instead of + // using the file system paths specified above. The semantics of the + // name are platform dependent. In Kubernetes, the default Istio + // supplied credentail server expects the credentialName to match the + // name of the Kubernetes secret that holds the server certificate, the + // private key, and the CA certificate (if using mutual TLS). + CredentialName string `protobuf:"bytes,10,opt,name=credential_name,json=credentialName,proto3" json:"credential_name,omitempty"` // A list of alternate names to verify the subject identity in the // certificate presented by the client. SubjectAltNames []string `protobuf:"bytes,6,rep,name=subject_alt_names,json=subjectAltNames" json:"subject_alt_names,omitempty"` @@ -469,6 +480,13 @@ func (m *Server_TLSOptions) GetCaCertificates() string { return "" } +func (m *Server_TLSOptions) GetCredentialName() string { + if m != nil { + return m.CredentialName + } + return "" +} + func (m *Server_TLSOptions) GetSubjectAltNames() []string { if m != nil { return m.SubjectAltNames @@ -744,6 +762,12 @@ func (m *Server_TLSOptions) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } + if len(m.CredentialName) > 0 { + dAtA[i] = 0x52 + i++ + i = encodeVarintGateway(dAtA, i, uint64(len(m.CredentialName))) + i += copy(dAtA[i:], m.CredentialName) + } return i, nil } @@ -878,6 +902,10 @@ func (m *Server_TLSOptions) Size() (n int) { n += 1 + l + sovGateway(uint64(l)) } } + l = len(m.CredentialName) + if l > 0 { + n += 1 + l + sovGateway(uint64(l)) + } return n } @@ -1564,6 +1592,35 @@ func (m *Server_TLSOptions) Unmarshal(dAtA []byte) error { } m.CipherSuites = append(m.CipherSuites, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 10: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field CredentialName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowGateway + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthGateway + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.CredentialName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipGateway(dAtA[iNdEx:]) @@ -1820,47 +1877,48 @@ var ( func init() { proto.RegisterFile("networking/v1alpha3/gateway.proto", fileDescriptorGateway) } var fileDescriptorGateway = []byte{ - // 657 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x54, 0xcb, 0x4e, 0xdb, 0x4c, - 0x14, 0xc6, 0x49, 0xc8, 0xe5, 0x84, 0x10, 0x33, 0x42, 0xbf, 0xfc, 0xb3, 0xe0, 0x92, 0xaa, 0x2a, - 0xad, 0x5a, 0x07, 0x92, 0x2e, 0x50, 0x91, 0x2a, 0xa5, 0x15, 0x22, 0x55, 0x03, 0x89, 0xec, 0x84, - 0x45, 0x37, 0xd6, 0xc4, 0x19, 0xc8, 0x80, 0xe3, 0xb1, 0x66, 0x26, 0x81, 0x3c, 0x45, 0xdf, 0xa7, - 0x4f, 0xd0, 0x65, 0xfb, 0x06, 0x15, 0x4f, 0x52, 0xcd, 0xd8, 0x21, 0xe9, 0x8d, 0x0a, 0x75, 0x77, - 0xce, 0x77, 0xce, 0xf7, 0x9d, 0xdb, 0xd8, 0xb0, 0x13, 0x12, 0x79, 0xcd, 0xf8, 0x15, 0x0d, 0x2f, - 0xaa, 0x93, 0x7d, 0x1c, 0x44, 0x43, 0x5c, 0xaf, 0x5e, 0x60, 0x49, 0xae, 0xf1, 0xd4, 0x8e, 0x38, - 0x93, 0x0c, 0xfd, 0x4f, 0x85, 0xa4, 0xcc, 0x9e, 0x27, 0xda, 0xb3, 0xc4, 0xca, 0x57, 0x03, 0x72, - 0xc7, 0x71, 0x32, 0x3a, 0x84, 0x9c, 0x20, 0x7c, 0x42, 0xb8, 0xb0, 0x8c, 0xed, 0xf4, 0x6e, 0xb1, - 0xb6, 0x63, 0xff, 0x91, 0x68, 0xbb, 0x3a, 0xd3, 0x99, 0x31, 0x50, 0x0b, 0xf2, 0x82, 0x04, 0xc4, - 0x97, 0x8c, 0x5b, 0x29, 0xcd, 0xde, 0xbb, 0x87, 0x9d, 0x94, 0xb4, 0xdd, 0x84, 0x72, 0x14, 0x4a, - 0x3e, 0x75, 0xee, 0x14, 0x36, 0x0e, 0xa1, 0xf4, 0x43, 0x08, 0x99, 0x90, 0xbe, 0x22, 0x53, 0xcb, - 0xd8, 0x36, 0x76, 0x0b, 0x8e, 0x32, 0xd1, 0x3a, 0x2c, 0x4f, 0x70, 0x30, 0x26, 0x56, 0x4a, 0x63, - 0xb1, 0xf3, 0x2a, 0x75, 0x60, 0x54, 0x3e, 0xe6, 0x20, 0x1b, 0xb7, 0x87, 0xea, 0x90, 0x89, 0x18, - 0x97, 0x9a, 0x57, 0xac, 0x6d, 0xdd, 0xd3, 0x51, 0x87, 0x71, 0xe9, 0xe8, 0x64, 0xa5, 0x3c, 0x64, - 0x42, 0x0a, 0x3d, 0x47, 0xc1, 0x89, 0x1d, 0xf4, 0x1a, 0xd2, 0x32, 0x10, 0x56, 0x5a, 0x2b, 0x3d, - 0xff, 0xeb, 0x66, 0xec, 0x6e, 0xcb, 0x6d, 0x47, 0x92, 0xb2, 0x50, 0x38, 0x8a, 0x88, 0x10, 0x64, - 0xfa, 0x34, 0x1c, 0x58, 0x19, 0xdd, 0xae, 0xb6, 0xd1, 0x53, 0x30, 0x07, 0xe4, 0x1c, 0x8f, 0x03, - 0xe9, 0x91, 0x70, 0x10, 0x31, 0x1a, 0x4a, 0x6b, 0x59, 0xc7, 0xcb, 0x09, 0x7e, 0x94, 0xc0, 0x1b, - 0x9f, 0x96, 0x01, 0xe6, 0x92, 0xe8, 0x31, 0xac, 0x0e, 0xa5, 0x8c, 0x84, 0xc7, 0xc9, 0x80, 0x72, - 0xe2, 0xc7, 0x23, 0xe6, 0x9d, 0x92, 0x46, 0x9d, 0x04, 0x44, 0x4d, 0xc8, 0x8c, 0xd8, 0x20, 0xde, - 0xd1, 0x6a, 0xed, 0xe5, 0x43, 0xba, 0x56, 0xa6, 0xe2, 0x3a, 0x5a, 0x01, 0xbd, 0x00, 0x14, 0x9f, - 0xda, 0xf3, 0x09, 0x97, 0xf4, 0x9c, 0xfa, 0x58, 0x12, 0xbd, 0x8d, 0x82, 0xb3, 0x16, 0x47, 0xde, - 0xce, 0x03, 0x68, 0x0b, 0x8a, 0x11, 0xa7, 0x13, 0x2c, 0x89, 0xa7, 0xee, 0x16, 0x0f, 0x0d, 0x09, - 0xf4, 0x9e, 0x4c, 0xd1, 0x13, 0x28, 0xfb, 0x78, 0x51, 0x4b, 0x24, 0x93, 0xaf, 0xfa, 0x78, 0x41, - 0x48, 0xa0, 0x67, 0xb0, 0x26, 0xc6, 0xfd, 0x4b, 0xe2, 0x4b, 0x0f, 0x07, 0xd2, 0x0b, 0xf1, 0x88, - 0x08, 0x2b, 0xab, 0x2f, 0x53, 0x4e, 0x02, 0x8d, 0x40, 0x9e, 0x2a, 0x18, 0x5d, 0xc2, 0xfa, 0x88, - 0x86, 0x9e, 0x7e, 0xf5, 0x3e, 0x0b, 0x3c, 0xf5, 0x32, 0x29, 0x0b, 0xad, 0x9c, 0x1e, 0xff, 0xe0, - 0xa1, 0xe3, 0x77, 0x12, 0x1d, 0x07, 0x8d, 0x68, 0x38, 0x73, 0xce, 0x62, 0x4d, 0x5d, 0x0b, 0xdf, - 0xfc, 0x5a, 0x2b, 0xff, 0xcf, 0xb5, 0xf0, 0xcd, 0xcf, 0xb5, 0x1e, 0x41, 0xc9, 0xa7, 0xd1, 0x90, - 0x70, 0x4f, 0x8c, 0xa9, 0x5a, 0x55, 0x41, 0xcf, 0xbf, 0x12, 0x83, 0xae, 0xc6, 0x2a, 0x4d, 0xc8, - 0x25, 0x27, 0x43, 0x65, 0x28, 0x76, 0x1a, 0xae, 0xdb, 0x6d, 0x3a, 0xed, 0xde, 0x71, 0xd3, 0x5c, - 0x42, 0x00, 0x59, 0xf7, 0xdd, 0x49, 0xa7, 0x75, 0x64, 0x1a, 0xca, 0x3e, 0xe9, 0x75, 0x7b, 0x8d, - 0x96, 0x99, 0x42, 0xeb, 0x60, 0x36, 0x7a, 0xdd, 0xb6, 0xb7, 0x98, 0x9d, 0xae, 0xb4, 0xa1, 0xb8, - 0xd0, 0x11, 0x5a, 0x81, 0x7c, 0xb7, 0xe5, 0x7a, 0x2a, 0xd1, 0x5c, 0x42, 0x45, 0x5d, 0xe6, 0x6c, - 0xdf, 0xdb, 0x33, 0x8d, 0xb9, 0xb3, 0x6f, 0xa6, 0xe6, 0x4e, 0xcd, 0x4c, 0xcf, 0x9d, 0xba, 0x99, - 0xa9, 0x9c, 0x42, 0x46, 0x7d, 0x5f, 0xe8, 0x3f, 0xc8, 0x86, 0xe3, 0x51, 0x9f, 0x70, 0xfd, 0x5a, - 0x4b, 0x4e, 0xe2, 0xa1, 0x0d, 0xc8, 0xcf, 0xf6, 0x98, 0x7c, 0xce, 0x77, 0xbe, 0xfa, 0x6e, 0xd4, - 0xcd, 0x93, 0xa7, 0xa6, 0xed, 0x37, 0xf6, 0xe7, 0xdb, 0x4d, 0xe3, 0xcb, 0xed, 0xa6, 0xf1, 0xed, - 0x76, 0xd3, 0xf8, 0xb0, 0x1d, 0xaf, 0x9a, 0xb2, 0x2a, 0x8e, 0x68, 0xf5, 0x37, 0xbf, 0xc3, 0x7e, - 0x56, 0xab, 0xd5, 0xbf, 0x07, 0x00, 0x00, 0xff, 0xff, 0x3a, 0x88, 0xe5, 0x6d, 0x2c, 0x05, 0x00, - 0x00, + // 674 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x54, 0xdb, 0x4e, 0xdb, 0x4c, + 0x10, 0xc6, 0x49, 0xc8, 0x61, 0x42, 0x88, 0x59, 0xa1, 0x5f, 0xfe, 0xb9, 0xe0, 0x90, 0xaa, 0x2a, + 0xad, 0x5a, 0x07, 0x92, 0x5e, 0xa0, 0x22, 0x55, 0x4a, 0x2b, 0x44, 0xaa, 0x06, 0x12, 0xd9, 0x09, + 0x17, 0xbd, 0xb1, 0x36, 0xce, 0x42, 0x16, 0x1c, 0xaf, 0xb5, 0xbb, 0x09, 0xe4, 0xcd, 0xfa, 0x08, + 0xbd, 0x6c, 0xdf, 0xa0, 0xa2, 0x2f, 0x52, 0xed, 0xda, 0x21, 0xe9, 0x89, 0x0a, 0xf5, 0x6e, 0xe6, + 0x9b, 0x99, 0x6f, 0x66, 0xbe, 0x59, 0x1b, 0x76, 0x42, 0x22, 0xaf, 0x19, 0xbf, 0xa2, 0xe1, 0x45, + 0x75, 0xb2, 0x8f, 0x83, 0x68, 0x88, 0xeb, 0xd5, 0x0b, 0x2c, 0xc9, 0x35, 0x9e, 0xda, 0x11, 0x67, + 0x92, 0xa1, 0xff, 0xa9, 0x90, 0x94, 0xd9, 0xf3, 0x44, 0x7b, 0x96, 0x58, 0xf9, 0x62, 0x40, 0xee, + 0x38, 0x4e, 0x46, 0x87, 0x90, 0x13, 0x84, 0x4f, 0x08, 0x17, 0x96, 0xb1, 0x9d, 0xde, 0x2d, 0xd6, + 0x76, 0xec, 0x3f, 0x16, 0xda, 0xae, 0xce, 0x74, 0x66, 0x15, 0xa8, 0x05, 0x79, 0x41, 0x02, 0xe2, + 0x4b, 0xc6, 0xad, 0x94, 0xae, 0xde, 0xbb, 0xa7, 0x3a, 0x69, 0x69, 0xbb, 0x49, 0xc9, 0x51, 0x28, + 0xf9, 0xd4, 0xb9, 0x63, 0xd8, 0x38, 0x84, 0xd2, 0x0f, 0x21, 0x64, 0x42, 0xfa, 0x8a, 0x4c, 0x2d, + 0x63, 0xdb, 0xd8, 0x2d, 0x38, 0xca, 0x44, 0xeb, 0xb0, 0x3c, 0xc1, 0xc1, 0x98, 0x58, 0x29, 0x8d, + 0xc5, 0xce, 0xab, 0xd4, 0x81, 0x51, 0xf9, 0x98, 0x83, 0x6c, 0x3c, 0x1e, 0xaa, 0x43, 0x26, 0x62, + 0x5c, 0xea, 0xba, 0x62, 0x6d, 0xeb, 0x9e, 0x89, 0x3a, 0x8c, 0x4b, 0x47, 0x27, 0x2b, 0xe6, 0x21, + 0x13, 0x52, 0xe8, 0x3d, 0x0a, 0x4e, 0xec, 0xa0, 0xd7, 0x90, 0x96, 0x81, 0xb0, 0xd2, 0x9a, 0xe9, + 0xf9, 0x5f, 0x95, 0xb1, 0xbb, 0x2d, 0xb7, 0x1d, 0x49, 0xca, 0x42, 0xe1, 0xa8, 0x42, 0x84, 0x20, + 0xd3, 0xa7, 0xe1, 0xc0, 0xca, 0xe8, 0x71, 0xb5, 0x8d, 0x9e, 0x82, 0x39, 0x20, 0xe7, 0x78, 0x1c, + 0x48, 0x8f, 0x84, 0x83, 0x88, 0xd1, 0x50, 0x5a, 0xcb, 0x3a, 0x5e, 0x4e, 0xf0, 0xa3, 0x04, 0xde, + 0xf8, 0xb6, 0x0c, 0x30, 0xa7, 0x44, 0x8f, 0x61, 0x75, 0x28, 0x65, 0x24, 0x3c, 0x4e, 0x06, 0x94, + 0x13, 0x3f, 0x5e, 0x31, 0xef, 0x94, 0x34, 0xea, 0x24, 0x20, 0x6a, 0x42, 0x66, 0xc4, 0x06, 0xb1, + 0x46, 0xab, 0xb5, 0x97, 0x0f, 0x99, 0x5a, 0x99, 0xaa, 0xd6, 0xd1, 0x0c, 0xe8, 0x05, 0xa0, 0xf8, + 0xd4, 0x9e, 0x4f, 0xb8, 0xa4, 0xe7, 0xd4, 0xc7, 0x92, 0x68, 0x35, 0x0a, 0xce, 0x5a, 0x1c, 0x79, + 0x3b, 0x0f, 0xa0, 0x2d, 0x28, 0x46, 0x9c, 0x4e, 0xb0, 0x24, 0x9e, 0xba, 0x5b, 0xbc, 0x34, 0x24, + 0xd0, 0x7b, 0x32, 0x45, 0x4f, 0xa0, 0xec, 0xe3, 0x45, 0x2e, 0x91, 0x6c, 0xbe, 0xea, 0xe3, 0x05, + 0x22, 0x81, 0x9e, 0xc1, 0x9a, 0x18, 0xf7, 0x2f, 0x89, 0x2f, 0x3d, 0x1c, 0x48, 0x2f, 0xc4, 0x23, + 0x22, 0xac, 0xac, 0xbe, 0x4c, 0x39, 0x09, 0x34, 0x02, 0x79, 0xaa, 0x60, 0x74, 0x09, 0xeb, 0x23, + 0x1a, 0x7a, 0xfa, 0xd5, 0xfb, 0x2c, 0xf0, 0xd4, 0xcb, 0xa4, 0x2c, 0xb4, 0x72, 0x7a, 0xfd, 0x83, + 0x87, 0xae, 0xdf, 0x49, 0x78, 0x1c, 0x34, 0xa2, 0xe1, 0xcc, 0x39, 0x8b, 0x39, 0x75, 0x2f, 0x7c, + 0xf3, 0x6b, 0xaf, 0xfc, 0x3f, 0xf7, 0xc2, 0x37, 0x3f, 0xf7, 0x7a, 0x04, 0x25, 0x9f, 0x46, 0x43, + 0xc2, 0x3d, 0x31, 0xa6, 0x4a, 0xaa, 0x82, 0xde, 0x7f, 0x25, 0x06, 0x5d, 0x8d, 0x69, 0x45, 0x39, + 0x19, 0x90, 0x50, 0x52, 0x1c, 0x68, 0x9d, 0x2c, 0x48, 0x14, 0xbd, 0x83, 0x95, 0x4c, 0x95, 0x26, + 0xe4, 0x92, 0xdb, 0xa2, 0x32, 0x14, 0x3b, 0x0d, 0xd7, 0xed, 0x36, 0x9d, 0x76, 0xef, 0xb8, 0x69, + 0x2e, 0x21, 0x80, 0xac, 0xfb, 0xee, 0xa4, 0xd3, 0x3a, 0x32, 0x0d, 0x65, 0x9f, 0xf4, 0xba, 0xbd, + 0x46, 0xcb, 0x4c, 0xa1, 0x75, 0x30, 0x1b, 0xbd, 0x6e, 0xdb, 0x5b, 0xcc, 0x4e, 0x57, 0xda, 0x50, + 0x5c, 0x18, 0x1d, 0xad, 0x40, 0xbe, 0xdb, 0x72, 0x3d, 0x95, 0x68, 0x2e, 0xa1, 0xa2, 0x6e, 0x73, + 0xb6, 0xef, 0xed, 0x99, 0xc6, 0xdc, 0xd9, 0x37, 0x53, 0x73, 0xa7, 0x66, 0xa6, 0xe7, 0x4e, 0xdd, + 0xcc, 0x54, 0x4e, 0x21, 0xa3, 0x3e, 0x44, 0xf4, 0x1f, 0x64, 0xc3, 0xf1, 0xa8, 0x4f, 0xb8, 0x7e, + 0xd6, 0x25, 0x27, 0xf1, 0xd0, 0x06, 0xe4, 0x67, 0x82, 0x27, 0xdf, 0xfd, 0x9d, 0xaf, 0x3e, 0x30, + 0xbd, 0x74, 0xfc, 0x26, 0xb5, 0xfd, 0xc6, 0xfe, 0x74, 0xbb, 0x69, 0x7c, 0xbe, 0xdd, 0x34, 0xbe, + 0xde, 0x6e, 0x1a, 0x1f, 0xb6, 0xe3, 0x9b, 0x50, 0x56, 0xc5, 0x11, 0xad, 0xfe, 0xe6, 0xbf, 0xd9, + 0xcf, 0x6a, 0xb6, 0xfa, 0xf7, 0x00, 0x00, 0x00, 0xff, 0xff, 0xaa, 0xbd, 0x84, 0xff, 0x55, 0x05, + 0x00, 0x00, } diff --git a/networking/v1alpha3/gateway.proto b/networking/v1alpha3/gateway.proto index 0cfb8bcefc..4e00c4eadc 100644 --- a/networking/v1alpha3/gateway.proto +++ b/networking/v1alpha3/gateway.proto @@ -304,6 +304,18 @@ message Server { // client side certificate. string ca_certificates = 5; + // The credentialName stands for a unique identifier that can be used + // to identify the serverCertificate, the privateKey and the + // CaCertificates associated with this server. Gateway workloads + // capable of fetching credentials from a remote credential store will + // be configured to retrive the credentials using this name, instead of + // using the file system paths specified above. The semantics of the + // name are platform dependent. In Kubernetes, the default Istio + // supplied credentail server expects the credentialName to match the + // name of the Kubernetes secret that holds the server certificate, the + // private key, and the CA certificate (if using mutual TLS). + string credential_name = 10; + // A list of alternate names to verify the subject identity in the // certificate presented by the client. repeated string subject_alt_names = 6; diff --git a/networking/v1alpha3/istio.networking.v1alpha3.pb.html b/networking/v1alpha3/istio.networking.v1alpha3.pb.html index 8344b1b4de..e83d3b10fc 100644 --- a/networking/v1alpha3/istio.networking.v1alpha3.pb.html +++ b/networking/v1alpha3/istio.networking.v1alpha3.pb.html @@ -2954,6 +2954,23 @@

Server.TLSOptions

certificate authority certificates to use in verifying a presented client side certificate.

+ + + + + + diff --git a/proto.lock b/proto.lock index f4f1a34af8..18877af34a 100644 --- a/proto.lock +++ b/proto.lock @@ -3323,6 +3323,11 @@ "name": "ca_certificates", "type": "string" }, + { + "id": 10, + "name": "credential_name", + "type": "string" + }, { "id": 6, "name": "subject_alt_names", diff --git a/python/istio_api/networking/v1alpha3/gateway_pb2.py b/python/istio_api/networking/v1alpha3/gateway_pb2.py index 991c4f8169..6626cc2cac 100644 --- a/python/istio_api/networking/v1alpha3/gateway_pb2.py +++ b/python/istio_api/networking/v1alpha3/gateway_pb2.py @@ -19,7 +19,7 @@ name='networking/v1alpha3/gateway.proto', package='istio.networking.v1alpha3', syntax='proto3', - serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xdb\x05\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x04 \x01(\t\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x05 \x01(\t\x1a\xaf\x04\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\"H\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x14\n\x10\x41UTO_PASSTHROUGH\x10\x03\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSV1_0\x10\x01\x12\x0b\n\x07TLSV1_1\x10\x02\x12\x0b\n\x07TLSV1_2\x10\x03\x12\x0b\n\x07TLSV1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3') + serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xf4\x05\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x04 \x01(\t\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x05 \x01(\t\x1a\xc8\x04\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x17\n\x0f\x63redential_name\x18\n \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\"H\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x14\n\x10\x41UTO_PASSTHROUGH\x10\x03\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSV1_0\x10\x01\x12\x0b\n\x07TLSV1_1\x10\x02\x12\x0b\n\x07TLSV1_2\x10\x03\x12\x0b\n\x07TLSV1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3') ) @@ -49,8 +49,8 @@ ], containing_type=None, options=None, - serialized_start=824, - serialized_end=896, + serialized_start=849, + serialized_end=921, ) _sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSMODE) @@ -83,8 +83,8 @@ ], containing_type=None, options=None, - serialized_start=898, - serialized_end=977, + serialized_start=923, + serialized_end=1002, ) _sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSPROTOCOL) @@ -207,28 +207,35 @@ is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='subject_alt_names', full_name='istio.networking.v1alpha3.Server.TLSOptions.subject_alt_names', index=5, + name='credential_name', full_name='istio.networking.v1alpha3.Server.TLSOptions.credential_name', index=5, + number=10, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='subject_alt_names', full_name='istio.networking.v1alpha3.Server.TLSOptions.subject_alt_names', index=6, number=6, type=9, cpp_type=9, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='min_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.min_protocol_version', index=6, + name='min_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.min_protocol_version', index=7, number=7, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='max_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.max_protocol_version', index=7, + name='max_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.max_protocol_version', index=8, number=8, type=14, cpp_type=8, label=1, has_default_value=False, default_value=0, message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='cipher_suites', full_name='istio.networking.v1alpha3.Server.TLSOptions.cipher_suites', index=8, + name='cipher_suites', full_name='istio.networking.v1alpha3.Server.TLSOptions.cipher_suites', index=9, number=9, type=9, cpp_type=9, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, @@ -249,7 +256,7 @@ oneofs=[ ], serialized_start=418, - serialized_end=977, + serialized_end=1002, ) _SERVER = _descriptor.Descriptor( @@ -307,7 +314,7 @@ oneofs=[ ], serialized_start=246, - serialized_end=977, + serialized_end=1002, ) @@ -351,8 +358,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=979, - serialized_end=1033, + serialized_start=1004, + serialized_end=1058, ) _GATEWAY_SELECTORENTRY.containing_type = _GATEWAY From 3094619c84733caef53723bfc96fa63ceb58cd57 Mon Sep 17 00:00:00 2001 From: Andra Cismaru Date: Tue, 5 Feb 2019 13:26:00 -0800 Subject: [PATCH 07/15] Add subject_alt_names field in ServiceEntry (#785) * Add service_accounts field in ServiceEntry * Ran make proto-commit * Added example with format * Rename to subject_alt_names * Move example out of the message definition * Added a period * Remove hide_from_docs --- networking/v1alpha3/destination_rule.pb.go | 2 + networking/v1alpha3/destination_rule.proto | 2 + .../istio.networking.v1alpha3.pb.html | 42 ++++- networking/v1alpha3/service_entry.pb.go | 157 ++++++++++++++---- networking/v1alpha3/service_entry.proto | 34 ++++ proto.lock | 6 + .../networking/v1alpha3/service_entry_pb2.py | 31 ++-- 7 files changed, 228 insertions(+), 46 deletions(-) diff --git a/networking/v1alpha3/destination_rule.pb.go b/networking/v1alpha3/destination_rule.pb.go index 1dd22cc9fc..229e1934c1 100644 --- a/networking/v1alpha3/destination_rule.pb.go +++ b/networking/v1alpha3/destination_rule.pb.go @@ -1228,6 +1228,8 @@ type TLSSettings struct { // A list of alternate names to verify the subject identity in the // certificate. If specified, the proxy will verify that the server // certificate's subject alt name matches one of the specified values. + // If specified, this list overrides the value of subject_alt_names + // from the ServiceEntry. SubjectAltNames []string `protobuf:"bytes,5,rep,name=subject_alt_names,json=subjectAltNames" json:"subject_alt_names,omitempty"` // SNI string to present to the server during TLS handshake. Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"` diff --git a/networking/v1alpha3/destination_rule.proto b/networking/v1alpha3/destination_rule.proto index f622a2670e..ff7b277d2c 100644 --- a/networking/v1alpha3/destination_rule.proto +++ b/networking/v1alpha3/destination_rule.proto @@ -577,6 +577,8 @@ message TLSSettings { // A list of alternate names to verify the subject identity in the // certificate. If specified, the proxy will verify that the server // certificate's subject alt name matches one of the specified values. + // If specified, this list overrides the value of subject_alt_names + // from the ServiceEntry. repeated string subject_alt_names = 5; // SNI string to present to the server during TLS handshake. diff --git a/networking/v1alpha3/istio.networking.v1alpha3.pb.html b/networking/v1alpha3/istio.networking.v1alpha3.pb.html index e83d3b10fc..5f32305833 100644 --- a/networking/v1alpha3/istio.networking.v1alpha3.pb.html +++ b/networking/v1alpha3/istio.networking.v1alpha3.pb.html @@ -3386,6 +3386,32 @@

ServiceEntry

specified above. In other words, a call to http://foo.bar.com/baz would be translated to http://uk.foo.bar.com/baz.

+

The following example illustrates the usage of a ServiceEntry +containing a subject alternate name +whose format conforms to the SPIFEE standard +https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md:

+ +
apiVersion: networking.istio.io/v1alpha3
+kind: ServiceEntry
+metadata:
+  name: httpbin
+  namespace : httpbin-ns
+spec:
+  hosts:
+  - httpbin.com
+  location: MESH_INTERNAL
+  ports:
+  - number: 80
+    name: http
+    protocol: HTTP
+  resolution: STATIC
+  endpoints:
+  - address: 2.2.2.2
+  - address: 3.3.3.3
+  subjectAltNames:
+  - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account"
+
+
NameDescription
DELTA_ENCODING +

Use delta encoding between sets of compressed attributes to reduce the overall on-wire +request size. Each individual set of attributes is used to modify the previous set. +NOTE: There is no way with this encoding to specify attribute value deletion. This +option should be used with extreme caution.

+ +
INDEPENDENT_ENCODING +

Treat each set of compressed attributes as complete - independent from other sets +in this request. This will result in on-wire duplication of attributes and values, but +will allow for proper accounting of absent values in overall encoding.

+
sdsNamestring -

Optional: If specified, the gateway controllers (with SDS enabled) -use the specified name as the SDS secret config name to call the SDS -server, to retrieve the key and certificates. Otherwise, the gateway -controllers (with SDS enabled) use the first value in the hosts as -the SDS secret config name to call the SDS server.

-
credentialNamestring +

The credentialName stands for a unique identifier that can be used +to identify the serverCertificate, the privateKey and the +CaCertificates associated with this server. Gateway workloads +capable of fetching credentials from a remote credential store will +be configured to retrive the credentials using this name, instead of +using the file system paths specified above. The semantics of the +name are platform dependent. In Kubernetes, the default Istio +supplied credentail server expects the credentialName to match the +name of the Kubernetes secret that holds the server certificate, the +private key, and the CA certificate (if using mutual TLS).

+
@@ -3465,6 +3491,18 @@

ServiceEntry

+ + + + + @@ -4193,7 +4231,9 @@

TLSSettings

diff --git a/networking/v1alpha3/service_entry.pb.go b/networking/v1alpha3/service_entry.pb.go index b1125abe5f..fec6204361 100644 --- a/networking/v1alpha3/service_entry.pb.go +++ b/networking/v1alpha3/service_entry.pb.go @@ -378,6 +378,33 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { // specified above. In other words, a call to `http://foo.bar.com/baz` would // be translated to `http://uk.foo.bar.com/baz`. // +// The following example illustrates the usage of a ServiceEntry +// containing a subject alternate name +// whose format conforms to the SPIFEE standard +// : +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: ServiceEntry +// metadata: +// name: httpbin +// namespace : httpbin-ns +// spec: +// hosts: +// - httpbin.com +// location: MESH_INTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: STATIC +// endpoints: +// - address: 2.2.2.2 +// - address: 3.3.3.3 +// subjectAltNames: +// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" +// ``` +// type ServiceEntry struct { // REQUIRED. The hosts associated with the ServiceEntry. Could be a DNS // name with wildcard prefix (external services only). DNS names in hosts @@ -433,6 +460,12 @@ type ServiceEntry struct { // the annotation "networking.istio.io/export_to" to a comma-separated list // of namespace names. ExportTo []string `protobuf:"bytes,7,rep,name=export_to,json=exportTo" json:"export_to,omitempty"` + // The list of subject alternate names allowed for workloads that + // implement this service. This information is used to enforce + // secure-naming . + // If specified, the proxy will verify that the server + // certificate's subject alternate name matches one of the specified values. + SubjectAltNames []string `protobuf:"bytes,8,rep,name=subject_alt_names,json=subjectAltNames" json:"subject_alt_names,omitempty"` } func (m *ServiceEntry) Reset() { *m = ServiceEntry{} } @@ -489,6 +522,13 @@ func (m *ServiceEntry) GetExportTo() []string { return nil } +func (m *ServiceEntry) GetSubjectAltNames() []string { + if m != nil { + return m.SubjectAltNames + } + return nil +} + // Endpoint defines a network address (IP or hostname) associated with // the mesh service. type ServiceEntry_Endpoint struct { @@ -684,6 +724,21 @@ func (m *ServiceEntry) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } + if len(m.SubjectAltNames) > 0 { + for _, s := range m.SubjectAltNames { + dAtA[i] = 0x42 + i++ + l = len(s) + for l >= 1<<7 { + dAtA[i] = uint8(uint64(l)&0x7f | 0x80) + l >>= 7 + i++ + } + dAtA[i] = uint8(l) + i++ + i += copy(dAtA[i:], s) + } + } return i, nil } @@ -809,6 +864,12 @@ func (m *ServiceEntry) Size() (n int) { n += 1 + l + sovServiceEntry(uint64(l)) } } + if len(m.SubjectAltNames) > 0 { + for _, s := range m.SubjectAltNames { + l = len(s) + n += 1 + l + sovServiceEntry(uint64(l)) + } + } return n } @@ -1078,6 +1139,35 @@ func (m *ServiceEntry) Unmarshal(dAtA []byte) error { } m.ExportTo = append(m.ExportTo, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex + case 8: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field SubjectAltNames", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowServiceEntry + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthServiceEntry + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.SubjectAltNames = append(m.SubjectAltNames, string(dAtA[iNdEx:postIndex])) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipServiceEntry(dAtA[iNdEx:]) @@ -1588,37 +1678,38 @@ var ( func init() { proto.RegisterFile("networking/v1alpha3/service_entry.proto", fileDescriptorServiceEntry) } var fileDescriptorServiceEntry = []byte{ - // 497 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x93, 0xdf, 0x6e, 0xd3, 0x30, - 0x14, 0xc6, 0xe7, 0x66, 0x4b, 0x93, 0x33, 0x86, 0x82, 0x85, 0x90, 0x09, 0xa8, 0x84, 0xde, 0x10, - 0x09, 0x29, 0x1d, 0x9d, 0x90, 0xc6, 0x9f, 0x9b, 0x01, 0x91, 0x98, 0x54, 0x02, 0xb8, 0xb9, 0x40, - 0xdc, 0x54, 0xd9, 0x6a, 0xb5, 0xd6, 0xa2, 0x38, 0x8a, 0xbd, 0x96, 0xbe, 0x05, 0x8f, 0xc5, 0x25, - 0x8f, 0x80, 0xfa, 0x18, 0x5c, 0xa1, 0x38, 0x49, 0xd3, 0x8b, 0x01, 0xdb, 0x5d, 0xce, 0x89, 0xbf, - 0x9f, 0x3e, 0x9f, 0xef, 0x18, 0x9e, 0x64, 0x4c, 0x2d, 0x45, 0x71, 0xc1, 0xb3, 0xd9, 0x60, 0xf1, - 0x2c, 0x49, 0xf3, 0x79, 0x72, 0x34, 0x90, 0xac, 0x58, 0xf0, 0x73, 0x36, 0x61, 0x99, 0x2a, 0x56, - 0x41, 0x5e, 0x08, 0x25, 0xf0, 0x7d, 0x2e, 0x15, 0x17, 0x41, 0x7b, 0x3c, 0x68, 0x8e, 0xbb, 0x8f, - 0xaf, 0x62, 0xcc, 0x12, 0xc5, 0x96, 0x49, 0xad, 0xee, 0xff, 0x36, 0xe1, 0xd6, 0xb8, 0xa2, 0x86, - 0x25, 0x14, 0xdf, 0x85, 0xbd, 0xb9, 0x90, 0x4a, 0x12, 0xe4, 0x19, 0xbe, 0x4d, 0xab, 0x02, 0x3f, - 0x04, 0x3b, 0x99, 0x4e, 0x0b, 0x26, 0x25, 0x93, 0xa4, 0xa3, 0xff, 0xb4, 0x0d, 0xfc, 0x1c, 0xf6, - 0x72, 0x51, 0x28, 0x49, 0x0c, 0xcf, 0xf0, 0xf7, 0x87, 0x8f, 0x82, 0xbf, 0x5a, 0x0a, 0x3e, 0x89, - 0x42, 0xd1, 0xea, 0x34, 0x1e, 0x81, 0x95, 0x8a, 0xf3, 0x44, 0x71, 0x91, 0x91, 0x5d, 0x0f, 0xf9, - 0xb7, 0x87, 0x87, 0xff, 0x50, 0x6e, 0xbb, 0x0c, 0x46, 0xb5, 0x8e, 0x6e, 0x08, 0x98, 0x02, 0x14, - 0x4c, 0x8a, 0xf4, 0x52, 0xf3, 0xf6, 0x34, 0x6f, 0x78, 0x5d, 0x1e, 0xdd, 0x28, 0xe9, 0x16, 0x05, - 0x47, 0x60, 0xb3, 0x6c, 0x9a, 0x0b, 0x9e, 0x29, 0x49, 0x4c, 0x7d, 0xb9, 0x6b, 0x5b, 0x0c, 0x6b, - 0x21, 0x6d, 0x11, 0xf8, 0x01, 0xd8, 0xec, 0x5b, 0x79, 0xf9, 0x89, 0x12, 0xa4, 0xab, 0xc7, 0x68, - 0x55, 0x8d, 0x58, 0xb8, 0xdf, 0x0d, 0xb0, 0x1a, 0x11, 0x26, 0xd0, 0xad, 0xe7, 0x4b, 0x90, 0x87, - 0x7c, 0x9b, 0x36, 0x25, 0xfe, 0xdc, 0x0c, 0xbb, 0xa3, 0xfd, 0xbc, 0xba, 0xa9, 0x1f, 0x1d, 0x81, - 0xd4, 0xbd, 0x26, 0x88, 0x18, 0xcc, 0x34, 0x39, 0x63, 0x69, 0x13, 0xe0, 0xeb, 0x1b, 0x33, 0x47, - 0x5a, 0x5e, 0x41, 0x6b, 0x56, 0x79, 0x85, 0x1a, 0xa0, 0xd3, 0xb5, 0x69, 0x53, 0x62, 0xb7, 0x0a, - 0x3e, 0xe5, 0x6a, 0xa5, 0x83, 0xb2, 0xe9, 0xa6, 0xc6, 0xf7, 0xc0, 0x5c, 0x32, 0x3e, 0x9b, 0x2b, - 0x62, 0x7a, 0xc8, 0x3f, 0xa0, 0x75, 0xe5, 0x1e, 0x03, 0xb4, 0xc6, 0xb1, 0x03, 0xc6, 0x05, 0x5b, - 0xd5, 0xa3, 0x29, 0x3f, 0xcb, 0xbd, 0x5d, 0x24, 0xe9, 0x25, 0x23, 0x1d, 0x2d, 0xab, 0x8a, 0x97, - 0x9d, 0x63, 0xe4, 0xbe, 0x80, 0xfd, 0x2d, 0x7b, 0xff, 0x93, 0xda, 0x5b, 0xd2, 0xfe, 0x21, 0x58, - 0xcd, 0xa6, 0xe1, 0x3b, 0x70, 0xf0, 0x21, 0x1c, 0xbf, 0x9f, 0x84, 0x5f, 0xe2, 0x90, 0x46, 0x27, - 0x23, 0x67, 0x67, 0xd3, 0x3a, 0x8d, 0xea, 0x16, 0xea, 0x3f, 0x05, 0x68, 0x77, 0x09, 0x5b, 0xb0, - 0x1b, 0x7d, 0x8c, 0x42, 0x67, 0x07, 0x03, 0x98, 0xe3, 0xf8, 0x24, 0x3e, 0x7d, 0xeb, 0x20, 0xdc, - 0x05, 0xe3, 0x5d, 0x34, 0x76, 0x3a, 0x6f, 0x82, 0x1f, 0xeb, 0x1e, 0xfa, 0xb9, 0xee, 0xa1, 0x5f, - 0xeb, 0x1e, 0xfa, 0xea, 0x55, 0x43, 0xe7, 0x62, 0x90, 0xe4, 0x7c, 0x70, 0xc5, 0xd3, 0x3d, 0x33, - 0xf5, 0x9b, 0x3d, 0xfa, 0x13, 0x00, 0x00, 0xff, 0xff, 0xbf, 0xab, 0x5c, 0x44, 0x1c, 0x04, 0x00, - 0x00, + // 527 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x93, 0xdf, 0x8e, 0xd2, 0x40, + 0x14, 0xc6, 0x77, 0xe8, 0x52, 0xda, 0xb3, 0xae, 0xb2, 0x13, 0x63, 0x46, 0x34, 0x58, 0xb9, 0x91, + 0x68, 0x52, 0x56, 0x36, 0x26, 0xeb, 0x9f, 0x1b, 0xd4, 0x26, 0x6e, 0x82, 0x55, 0x07, 0x2e, 0x8c, + 0x37, 0x64, 0x80, 0x09, 0xd4, 0xad, 0x1d, 0xd2, 0x19, 0x40, 0xde, 0xc2, 0xa7, 0xf0, 0x59, 0xbc, + 0xf4, 0x11, 0x0c, 0x4f, 0x62, 0x3a, 0x9d, 0x02, 0x17, 0xab, 0xbb, 0x7b, 0xd7, 0x73, 0xe6, 0x7c, + 0xbf, 0x7e, 0x73, 0xce, 0x19, 0x78, 0x94, 0x70, 0xb5, 0x14, 0xe9, 0x79, 0x94, 0x4c, 0x5a, 0x8b, + 0xa7, 0x2c, 0x9e, 0x4d, 0xd9, 0x49, 0x4b, 0xf2, 0x74, 0x11, 0x8d, 0xf8, 0x80, 0x27, 0x2a, 0x5d, + 0xf9, 0xb3, 0x54, 0x28, 0x81, 0xef, 0x46, 0x52, 0x45, 0xc2, 0xdf, 0x96, 0xfb, 0x45, 0x79, 0xed, + 0xe1, 0x45, 0x8c, 0x09, 0x53, 0x7c, 0xc9, 0x8c, 0xba, 0xf1, 0xb3, 0x02, 0x37, 0x7a, 0x39, 0x35, + 0xc8, 0xa0, 0xf8, 0x36, 0x94, 0xa7, 0x42, 0x2a, 0x49, 0x90, 0x67, 0x35, 0x5d, 0x9a, 0x07, 0xf8, + 0x3e, 0xb8, 0x6c, 0x3c, 0x4e, 0xb9, 0x94, 0x5c, 0x92, 0x92, 0x3e, 0xd9, 0x26, 0xf0, 0x33, 0x28, + 0xcf, 0x44, 0xaa, 0x24, 0xb1, 0x3c, 0xab, 0x79, 0xd0, 0x7e, 0xe0, 0xff, 0xd3, 0x92, 0xff, 0x51, + 0xa4, 0x8a, 0xe6, 0xd5, 0xb8, 0x0b, 0x4e, 0x2c, 0x46, 0x4c, 0x45, 0x22, 0x21, 0xfb, 0x1e, 0x6a, + 0xde, 0x6c, 0x1f, 0xff, 0x47, 0xb9, 0xeb, 0xd2, 0xef, 0x1a, 0x1d, 0xdd, 0x10, 0x30, 0x05, 0x48, + 0xb9, 0x14, 0xf1, 0x5c, 0xf3, 0xca, 0x9a, 0xd7, 0xbe, 0x2a, 0x8f, 0x6e, 0x94, 0x74, 0x87, 0x82, + 0x43, 0x70, 0x79, 0x32, 0x9e, 0x89, 0x28, 0x51, 0x92, 0xd8, 0xfa, 0x72, 0x57, 0xb6, 0x18, 0x18, + 0x21, 0xdd, 0x22, 0xf0, 0x3d, 0x70, 0xf9, 0xf7, 0xec, 0xf2, 0x03, 0x25, 0x48, 0x45, 0xb7, 0xd1, + 0xc9, 0x13, 0x7d, 0x81, 0x1f, 0xc3, 0x91, 0x9c, 0x0f, 0xbf, 0xf2, 0x91, 0x1a, 0xb0, 0x58, 0x0d, + 0x12, 0xf6, 0x8d, 0x4b, 0xe2, 0xe8, 0xa2, 0x5b, 0xe6, 0xa0, 0x13, 0xab, 0x30, 0x4b, 0xd7, 0x7e, + 0x58, 0xe0, 0x14, 0x3f, 0xc0, 0x04, 0x2a, 0x66, 0x16, 0x04, 0x79, 0xa8, 0xe9, 0xd2, 0x22, 0xc4, + 0x9f, 0x8a, 0xc1, 0x94, 0xb4, 0xf7, 0x97, 0xd7, 0xf5, 0xae, 0xc7, 0x25, 0x75, 0xae, 0x18, 0x5a, + 0x1f, 0xec, 0x98, 0x0d, 0x79, 0x5c, 0x0c, 0xfb, 0xd5, 0xb5, 0x99, 0x5d, 0x2d, 0xcf, 0xa1, 0x86, + 0x95, 0x5d, 0xc1, 0x00, 0xf4, 0x26, 0xb8, 0xb4, 0x08, 0x71, 0x2d, 0x5f, 0x92, 0x38, 0x52, 0x2b, + 0x3d, 0x54, 0x97, 0x6e, 0x62, 0x7c, 0x07, 0xec, 0x25, 0x8f, 0x26, 0x53, 0x45, 0x6c, 0x0f, 0x35, + 0x0f, 0xa9, 0x89, 0x6a, 0xa7, 0x00, 0x5b, 0xe3, 0xb8, 0x0a, 0xd6, 0x39, 0x5f, 0x99, 0xd6, 0x64, + 0x9f, 0xd9, 0x8e, 0x2f, 0x58, 0x3c, 0xe7, 0xa4, 0xa4, 0x65, 0x79, 0xf0, 0xa2, 0x74, 0x8a, 0x6a, + 0xcf, 0xe1, 0x60, 0xc7, 0xde, 0x65, 0x52, 0x77, 0x47, 0xda, 0x38, 0x06, 0xa7, 0xd8, 0x4a, 0x7c, + 0x04, 0x87, 0xef, 0x83, 0xde, 0xbb, 0x41, 0xf0, 0xb9, 0x1f, 0xd0, 0xb0, 0xd3, 0xad, 0xee, 0x6d, + 0x52, 0x67, 0xa1, 0x49, 0xa1, 0xc6, 0x13, 0x80, 0xed, 0xde, 0x61, 0x07, 0xf6, 0xc3, 0x0f, 0x61, + 0x50, 0xdd, 0xc3, 0x00, 0x76, 0xaf, 0xdf, 0xe9, 0x9f, 0xbd, 0xa9, 0x22, 0x5c, 0x01, 0xeb, 0x6d, + 0xd8, 0xab, 0x96, 0x5e, 0xfb, 0xbf, 0xd6, 0x75, 0xf4, 0x7b, 0x5d, 0x47, 0x7f, 0xd6, 0x75, 0xf4, + 0xc5, 0xcb, 0x9b, 0x1e, 0x89, 0x16, 0x9b, 0x45, 0xad, 0x0b, 0x9e, 0xf9, 0xd0, 0xd6, 0xef, 0xfb, + 0xe4, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x10, 0x53, 0xa9, 0xc0, 0x48, 0x04, 0x00, 0x00, } diff --git a/networking/v1alpha3/service_entry.proto b/networking/v1alpha3/service_entry.proto index 63b9cb52fd..94d4e92a42 100644 --- a/networking/v1alpha3/service_entry.proto +++ b/networking/v1alpha3/service_entry.proto @@ -299,6 +299,33 @@ option go_package = "istio.io/api/networking/v1alpha3"; // specified above. In other words, a call to `http://foo.bar.com/baz` would // be translated to `http://uk.foo.bar.com/baz`. // +// The following example illustrates the usage of a ServiceEntry +// containing a subject alternate name +// whose format conforms to the SPIFEE standard +// : +// +// ```yaml +// apiVersion: networking.istio.io/v1alpha3 +// kind: ServiceEntry +// metadata: +// name: httpbin +// namespace : httpbin-ns +// spec: +// hosts: +// - httpbin.com +// location: MESH_INTERNAL +// ports: +// - number: 80 +// name: http +// protocol: HTTP +// resolution: STATIC +// endpoints: +// - address: 2.2.2.2 +// - address: 3.3.3.3 +// subjectAltNames: +// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" +// ``` +// message ServiceEntry { // REQUIRED. The hosts associated with the ServiceEntry. Could be a DNS // name with wildcard prefix (external services only). DNS names in hosts @@ -461,4 +488,11 @@ message ServiceEntry { // the annotation "networking.istio.io/export_to" to a comma-separated list // of namespace names. repeated string export_to = 7; + + // The list of subject alternate names allowed for workloads that + // implement this service. This information is used to enforce + // secure-naming . + // If specified, the proxy will verify that the server + // certificate's subject alternate name matches one of the specified values. + repeated string subject_alt_names = 8; } diff --git a/proto.lock b/proto.lock index 18877af34a..408a2f7fa6 100644 --- a/proto.lock +++ b/proto.lock @@ -3455,6 +3455,12 @@ "name": "export_to", "type": "string", "is_repeated": true + }, + { + "id": 8, + "name": "subject_alt_names", + "type": "string", + "is_repeated": true } ], "messages": [ diff --git a/python/istio_api/networking/v1alpha3/service_entry_pb2.py b/python/istio_api/networking/v1alpha3/service_entry_pb2.py index 98a378aafd..c70404326d 100644 --- a/python/istio_api/networking/v1alpha3/service_entry_pb2.py +++ b/python/istio_api/networking/v1alpha3/service_entry_pb2.py @@ -20,7 +20,7 @@ name='networking/v1alpha3/service_entry.proto', package='istio.networking.v1alpha3', syntax='proto3', - serialized_pb=_b('\n\'networking/v1alpha3/service_entry.proto\x12\x19istio.networking.v1alpha3\x1a!networking/v1alpha3/gateway.proto\"\xeb\x05\n\x0cServiceEntry\x12\r\n\x05hosts\x18\x01 \x03(\t\x12\x11\n\taddresses\x18\x02 \x03(\t\x12.\n\x05ports\x18\x03 \x03(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x42\n\x08location\x18\x04 \x01(\x0e\x32\x30.istio.networking.v1alpha3.ServiceEntry.Location\x12\x46\n\nresolution\x18\x05 \x01(\x0e\x32\x32.istio.networking.v1alpha3.ServiceEntry.Resolution\x12\x43\n\tendpoints\x18\x06 \x03(\x0b\x32\x30.istio.networking.v1alpha3.ServiceEntry.Endpoint\x12\x11\n\texport_to\x18\x07 \x03(\t\x1a\xc5\x02\n\x08\x45ndpoint\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12J\n\x05ports\x18\x02 \x03(\x0b\x32;.istio.networking.v1alpha3.ServiceEntry.Endpoint.PortsEntry\x12L\n\x06labels\x18\x03 \x03(\x0b\x32<.istio.networking.v1alpha3.ServiceEntry.Endpoint.LabelsEntry\x12\x0f\n\x07network\x18\x04 \x01(\t\x12\x10\n\x08locality\x18\x05 \x01(\t\x12\x0e\n\x06weight\x18\x06 \x01(\r\x1a,\n\nPortsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\r:\x02\x38\x01\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"0\n\x08Location\x12\x11\n\rMESH_EXTERNAL\x10\x00\x12\x11\n\rMESH_INTERNAL\x10\x01\"+\n\nResolution\x12\x08\n\x04NONE\x10\x00\x12\n\n\x06STATIC\x10\x01\x12\x07\n\x03\x44NS\x10\x02\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3') + serialized_pb=_b('\n\'networking/v1alpha3/service_entry.proto\x12\x19istio.networking.v1alpha3\x1a!networking/v1alpha3/gateway.proto\"\x86\x06\n\x0cServiceEntry\x12\r\n\x05hosts\x18\x01 \x03(\t\x12\x11\n\taddresses\x18\x02 \x03(\t\x12.\n\x05ports\x18\x03 \x03(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x42\n\x08location\x18\x04 \x01(\x0e\x32\x30.istio.networking.v1alpha3.ServiceEntry.Location\x12\x46\n\nresolution\x18\x05 \x01(\x0e\x32\x32.istio.networking.v1alpha3.ServiceEntry.Resolution\x12\x43\n\tendpoints\x18\x06 \x03(\x0b\x32\x30.istio.networking.v1alpha3.ServiceEntry.Endpoint\x12\x11\n\texport_to\x18\x07 \x03(\t\x12\x19\n\x11subject_alt_names\x18\x08 \x03(\t\x1a\xc5\x02\n\x08\x45ndpoint\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12J\n\x05ports\x18\x02 \x03(\x0b\x32;.istio.networking.v1alpha3.ServiceEntry.Endpoint.PortsEntry\x12L\n\x06labels\x18\x03 \x03(\x0b\x32<.istio.networking.v1alpha3.ServiceEntry.Endpoint.LabelsEntry\x12\x0f\n\x07network\x18\x04 \x01(\t\x12\x10\n\x08locality\x18\x05 \x01(\t\x12\x0e\n\x06weight\x18\x06 \x01(\r\x1a,\n\nPortsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\r:\x02\x38\x01\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"0\n\x08Location\x12\x11\n\rMESH_EXTERNAL\x10\x00\x12\x11\n\rMESH_INTERNAL\x10\x01\"+\n\nResolution\x12\x08\n\x04NONE\x10\x00\x12\n\n\x06STATIC\x10\x01\x12\x07\n\x03\x44NS\x10\x02\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3') , dependencies=[networking_dot_v1alpha3_dot_gateway__pb2.DESCRIPTOR,]) @@ -43,8 +43,8 @@ ], containing_type=None, options=None, - serialized_start=760, - serialized_end=808, + serialized_start=787, + serialized_end=835, ) _sym_db.RegisterEnumDescriptor(_SERVICEENTRY_LOCATION) @@ -69,8 +69,8 @@ ], containing_type=None, options=None, - serialized_start=810, - serialized_end=853, + serialized_start=837, + serialized_end=880, ) _sym_db.RegisterEnumDescriptor(_SERVICEENTRY_RESOLUTION) @@ -108,8 +108,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=667, - serialized_end=711, + serialized_start=694, + serialized_end=738, ) _SERVICEENTRY_ENDPOINT_LABELSENTRY = _descriptor.Descriptor( @@ -145,8 +145,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=713, - serialized_end=758, + serialized_start=740, + serialized_end=785, ) _SERVICEENTRY_ENDPOINT = _descriptor.Descriptor( @@ -210,8 +210,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=433, - serialized_end=758, + serialized_start=460, + serialized_end=785, ) _SERVICEENTRY = _descriptor.Descriptor( @@ -270,6 +270,13 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='subject_alt_names', full_name='istio.networking.v1alpha3.ServiceEntry.subject_alt_names', index=7, + number=8, type=9, cpp_type=9, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -285,7 +292,7 @@ oneofs=[ ], serialized_start=106, - serialized_end=853, + serialized_end=880, ) _SERVICEENTRY_ENDPOINT_PORTSENTRY.containing_type = _SERVICEENTRY_ENDPOINT From 1a129f07e6f27235eebb70bab75f2cd6cffdddf5 Mon Sep 17 00:00:00 2001 From: Jimmy Chen <28548492+JimmyCYJ@users.noreply.github.com> Date: Wed, 6 Feb 2019 13:53:57 -0800 Subject: [PATCH 08/15] Update comment for credentialName (#786) * Update comment for credentialName * Update comment --- networking/v1alpha3/gateway.pb.go | 21 +++++++++++-------- networking/v1alpha3/gateway.proto | 21 +++++++++++-------- .../istio.networking.v1alpha3.pb.html | 21 +++++++++++-------- 3 files changed, 36 insertions(+), 27 deletions(-) diff --git a/networking/v1alpha3/gateway.pb.go b/networking/v1alpha3/gateway.pb.go index 58fff44ccb..0bb2c9e736 100644 --- a/networking/v1alpha3/gateway.pb.go +++ b/networking/v1alpha3/gateway.pb.go @@ -418,15 +418,18 @@ type Server_TLSOptions struct { // client side certificate. CaCertificates string `protobuf:"bytes,5,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` // The credentialName stands for a unique identifier that can be used - // to identify the serverCertificate, the privateKey and the - // CaCertificates associated with this server. Gateway workloads - // capable of fetching credentials from a remote credential store will - // be configured to retrive the credentials using this name, instead of - // using the file system paths specified above. The semantics of the - // name are platform dependent. In Kubernetes, the default Istio - // supplied credentail server expects the credentialName to match the - // name of the Kubernetes secret that holds the server certificate, the - // private key, and the CA certificate (if using mutual TLS). + // to identify the serverCertificate and the privateKey. The credentialName + // appended with suffix "-cacert" is used to identify the CaCertificates + // associated with this server. Gateway workloads capable of fetching + // credentials from a remote credential store will be configured to retrieve + // the serverCertificate and the privateKey using credentialName, instead of + // using the file system paths specified above. If using mutual TLS, + // gateway workloads will retrieve the CaCertificates using + // credentialName-cacert. The semantics of the name are platform dependent. + // In Kubernetes, the default Istio supplied credential server expects the + // credentialName to match the name of the Kubernetes secret that holds the + // server certificate, the private key, and the CA certificate + // (if using mutual TLS). CredentialName string `protobuf:"bytes,10,opt,name=credential_name,json=credentialName,proto3" json:"credential_name,omitempty"` // A list of alternate names to verify the subject identity in the // certificate presented by the client. diff --git a/networking/v1alpha3/gateway.proto b/networking/v1alpha3/gateway.proto index 4e00c4eadc..bc567376bd 100644 --- a/networking/v1alpha3/gateway.proto +++ b/networking/v1alpha3/gateway.proto @@ -305,15 +305,18 @@ message Server { string ca_certificates = 5; // The credentialName stands for a unique identifier that can be used - // to identify the serverCertificate, the privateKey and the - // CaCertificates associated with this server. Gateway workloads - // capable of fetching credentials from a remote credential store will - // be configured to retrive the credentials using this name, instead of - // using the file system paths specified above. The semantics of the - // name are platform dependent. In Kubernetes, the default Istio - // supplied credentail server expects the credentialName to match the - // name of the Kubernetes secret that holds the server certificate, the - // private key, and the CA certificate (if using mutual TLS). + // to identify the serverCertificate and the privateKey. The credentialName + // appended with suffix "-cacert" is used to identify the CaCertificates + // associated with this server. Gateway workloads capable of fetching + // credentials from a remote credential store will be configured to retrieve + // the serverCertificate and the privateKey using credentialName, instead of + // using the file system paths specified above. If using mutual TLS, + // gateway workloads will retrieve the CaCertificates using + // credentialName-cacert. The semantics of the name are platform dependent. + // In Kubernetes, the default Istio supplied credential server expects the + // credentialName to match the name of the Kubernetes secret that holds the + // server certificate, the private key, and the CA certificate + // (if using mutual TLS). string credential_name = 10; // A list of alternate names to verify the subject identity in the diff --git a/networking/v1alpha3/istio.networking.v1alpha3.pb.html b/networking/v1alpha3/istio.networking.v1alpha3.pb.html index 5f32305833..8fb3574c83 100644 --- a/networking/v1alpha3/istio.networking.v1alpha3.pb.html +++ b/networking/v1alpha3/istio.networking.v1alpha3.pb.html @@ -2961,15 +2961,18 @@

Server.TLSOptions

 From 9883956e6ed2269123e1f488ebbe2e7e248de0bd Mon Sep 17 00:00:00 2001 From: Martin Taillefer Date: Fri, 8 Feb 2019 08:01:46 -0800 Subject: [PATCH 09/15] Doc fixes (#788) --- authentication/v1alpha1/istio.authentication.v1alpha1.pb.html | 2 +- authentication/v1alpha1/policy.pb.go | 2 +- authentication/v1alpha1/policy.proto | 2 +- mixer/v1/attributes.pb.go | 2 +- mixer/v1/attributes.proto | 2 +- mixer/v1/config/client/istio.mixer.v1.config.client.pb.html | 2 +- mixer/v1/istio.mixer.v1.pb.html | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/authentication/v1alpha1/istio.authentication.v1alpha1.pb.html b/authentication/v1alpha1/istio.authentication.v1alpha1.pb.html index c310c37acc..12aa2f3395 100644 --- a/authentication/v1alpha1/istio.authentication.v1alpha1.pb.html +++ b/authentication/v1alpha1/istio.authentication.v1alpha1.pb.html @@ -615,7 +615,7 @@

TargetSelector

Specifies the ports. Note that this is the port(s) exposed by the service, not workload ports. For example, if a service is defined as below, then 8000 should be used, not 9000.

-
kind: Service
+
kind: Service
 metadata:
   ...
 spec:
diff --git a/authentication/v1alpha1/policy.pb.go b/authentication/v1alpha1/policy.pb.go
index dd8e1fa157..f0a7e54640 100644
--- a/authentication/v1alpha1/policy.pb.go
+++ b/authentication/v1alpha1/policy.pb.go
@@ -793,7 +793,7 @@ type TargetSelector struct {
 	Labels map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"`
 	// Specifies the ports. Note that this is the port(s) exposed by the service, not workload ports.
 	// For example, if a service is defined as below, then `8000` should be used, not `9000`.
-	// ```
+	// ```yaml
 	// kind: Service
 	// metadata:
 	//   ...
diff --git a/authentication/v1alpha1/policy.proto b/authentication/v1alpha1/policy.proto
index 5701835bed..55e82e946f 100644
--- a/authentication/v1alpha1/policy.proto
+++ b/authentication/v1alpha1/policy.proto
@@ -368,7 +368,7 @@ message TargetSelector {
 
   // Specifies the ports. Note that this is the port(s) exposed by the service, not workload ports.
   // For example, if a service is defined as below, then `8000` should be used, not `9000`.
-  // ```
+  // ```yaml
   // kind: Service
   // metadata:
   //   ...
diff --git a/mixer/v1/attributes.pb.go b/mixer/v1/attributes.pb.go
index 67c8b71078..4543320353 100644
--- a/mixer/v1/attributes.pb.go
+++ b/mixer/v1/attributes.pb.go
@@ -61,7 +61,7 @@ const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
 // of information such as the error code of an API request, the latency of an API request, or the
 // original IP address of a TCP connection. For example:
 //
-// ```
+// ```yaml
 // request.path: xyz/abc
 // request.size: 234
 // request.time: 12:34:56.789 04/17/2017
diff --git a/mixer/v1/attributes.proto b/mixer/v1/attributes.proto
index 37dd25c1ad..f04a583089 100644
--- a/mixer/v1/attributes.proto
+++ b/mixer/v1/attributes.proto
@@ -36,7 +36,7 @@ option cc_enable_arenas = true;
 // of information such as the error code of an API request, the latency of an API request, or the
 // original IP address of a TCP connection. For example:
 //
-// ```
+// ```yaml
 // request.path: xyz/abc
 // request.size: 234
 // request.time: 12:34:56.789 04/17/2017
diff --git a/mixer/v1/config/client/istio.mixer.v1.config.client.pb.html b/mixer/v1/config/client/istio.mixer.v1.config.client.pb.html
index ecddf589c3..9c34febb0e 100644
--- a/mixer/v1/config/client/istio.mixer.v1.config.client.pb.html
+++ b/mixer/v1/config/client/istio.mixer.v1.config.client.pb.html
@@ -1020,7 +1020,7 @@ 
istio.mixer.v1.Attributes

 of information such as the error code of an API request, the latency of an API request, or the
 original IP address of a TCP connection. For example:

 
-
request.path: xyz/abc
+
request.path: xyz/abc
 request.size: 234
 request.time: 12:34:56.789 04/17/2017
 source.ip: 192.168.0.1
diff --git a/mixer/v1/istio.mixer.v1.pb.html b/mixer/v1/istio.mixer.v1.pb.html
index 5d73b79eee..e2d446ab96 100644
--- a/mixer/v1/istio.mixer.v1.pb.html
+++ b/mixer/v1/istio.mixer.v1.pb.html
@@ -53,7 +53,7 @@ 
Attributes

 of information such as the error code of an API request, the latency of an API request, or the
 original IP address of a TCP connection. For example:

 
-
request.path: xyz/abc
+
request.path: xyz/abc
 request.size: 234
 request.time: 12:34:56.789 04/17/2017
 source.ip: 192.168.0.1

From 07829e06cab1186907a170f7478675b5b93457fc Mon Sep 17 00:00:00 2001
From: Joshua Blatt 
Date: Sun, 10 Feb 2019 18:19:52 -0800
Subject: [PATCH 10/15] Add transport error retry config to mixer client.
 (#792)

---
 mixer/v1/config/client/client_config.pb.go    | 305 +++++++++++++-----
 mixer/v1/config/client/client_config.proto    |  10 +
 .../istio.mixer.v1.config.client.pb.html      |  25 ++
 proto.lock                                    |  15 +
 .../v1/config/client/client_config_pb2.py     |  51 ++-
 5 files changed, 307 insertions(+), 99 deletions(-)

diff --git a/mixer/v1/config/client/client_config.pb.go b/mixer/v1/config/client/client_config.pb.go
index 10ea8946a1..dee422b03a 100644
--- a/mixer/v1/config/client/client_config.pb.go
+++ b/mixer/v1/config/client/client_config.pb.go
@@ -51,6 +51,13 @@ func (NetworkFailPolicy_FailPolicy) EnumDescriptor() ([]byte, []int) {
 type NetworkFailPolicy struct {
 	// Specifies the behavior when the client is unable to connect to Mixer.
 	Policy NetworkFailPolicy_FailPolicy `protobuf:"varint,1,opt,name=policy,proto3,enum=istio.mixer.v1.config.client.NetworkFailPolicy_FailPolicy" json:"policy,omitempty"`
+	// Max retries on transport error.
+	MaxRetry uint32 `protobuf:"varint,2,opt,name=max_retry,json=maxRetry,proto3" json:"max_retry,omitempty"`
+	// Base time to wait between retries.  Will be adjusted by exponential
+	// backoff and jitter.
+	BaseRetryWait *google_protobuf1.Duration `protobuf:"bytes,3,opt,name=base_retry_wait,json=baseRetryWait" json:"base_retry_wait,omitempty"`
+	// Max time to wait between retries.
+	MaxRetryWait *google_protobuf1.Duration `protobuf:"bytes,4,opt,name=max_retry_wait,json=maxRetryWait" json:"max_retry_wait,omitempty"`
 }
 
 func (m *NetworkFailPolicy) Reset()                    { *m = NetworkFailPolicy{} }
@@ -222,6 +229,31 @@ func (m *NetworkFailPolicy) MarshalTo(dAtA []byte) (int, error) {
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.Policy))
 	}
+	if m.MaxRetry != 0 {
+		dAtA[i] = 0x10
+		i++
+		i = encodeVarintClientConfig(dAtA, i, uint64(m.MaxRetry))
+	}
+	if m.BaseRetryWait != nil {
+		dAtA[i] = 0x1a
+		i++
+		i = encodeVarintClientConfig(dAtA, i, uint64(m.BaseRetryWait.Size()))
+		n1, err := m.BaseRetryWait.MarshalTo(dAtA[i:])
+		if err != nil {
+			return 0, err
+		}
+		i += n1
+	}
+	if m.MaxRetryWait != nil {
+		dAtA[i] = 0x22
+		i++
+		i = encodeVarintClientConfig(dAtA, i, uint64(m.MaxRetryWait.Size()))
+		n2, err := m.MaxRetryWait.MarshalTo(dAtA[i:])
+		if err != nil {
+			return 0, err
+		}
+		i += n2
+	}
 	return i, nil
 }
 
@@ -264,11 +296,11 @@ func (m *ServiceConfig) MarshalTo(dAtA []byte) (int, error) {
 		dAtA[i] = 0x1a
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.MixerAttributes.Size()))
-		n1, err := m.MixerAttributes.MarshalTo(dAtA[i:])
+		n3, err := m.MixerAttributes.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n1
+		i += n3
 	}
 	if len(m.HttpApiSpec) > 0 {
 		for _, msg := range m.HttpApiSpec {
@@ -298,21 +330,21 @@ func (m *ServiceConfig) MarshalTo(dAtA []byte) (int, error) {
 		dAtA[i] = 0x3a
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.NetworkFailPolicy.Size()))
-		n2, err := m.NetworkFailPolicy.MarshalTo(dAtA[i:])
+		n4, err := m.NetworkFailPolicy.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n2
+		i += n4
 	}
 	if m.ForwardAttributes != nil {
 		dAtA[i] = 0x42
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.ForwardAttributes.Size()))
-		n3, err := m.ForwardAttributes.MarshalTo(dAtA[i:])
+		n5, err := m.ForwardAttributes.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n3
+		i += n5
 	}
 	return i, nil
 }
@@ -366,21 +398,21 @@ func (m *TransportConfig) MarshalTo(dAtA []byte) (int, error) {
 		dAtA[i] = 0x22
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.NetworkFailPolicy.Size()))
-		n4, err := m.NetworkFailPolicy.MarshalTo(dAtA[i:])
+		n6, err := m.NetworkFailPolicy.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n4
+		i += n6
 	}
 	if m.StatsUpdateInterval != nil {
 		dAtA[i] = 0x2a
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.StatsUpdateInterval.Size()))
-		n5, err := m.StatsUpdateInterval.MarshalTo(dAtA[i:])
+		n7, err := m.StatsUpdateInterval.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n5
+		i += n7
 	}
 	if len(m.CheckCluster) > 0 {
 		dAtA[i] = 0x32
@@ -398,11 +430,11 @@ func (m *TransportConfig) MarshalTo(dAtA []byte) (int, error) {
 		dAtA[i] = 0x42
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.AttributesForMixerProxy.Size()))
-		n6, err := m.AttributesForMixerProxy.MarshalTo(dAtA[i:])
+		n8, err := m.AttributesForMixerProxy.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n6
+		i += n8
 	}
 	return i, nil
 }
@@ -426,11 +458,11 @@ func (m *HttpClientConfig) MarshalTo(dAtA []byte) (int, error) {
 		dAtA[i] = 0xa
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.Transport.Size()))
-		n7, err := m.Transport.MarshalTo(dAtA[i:])
+		n9, err := m.Transport.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n7
+		i += n9
 	}
 	if len(m.ServiceConfigs) > 0 {
 		for k, _ := range m.ServiceConfigs {
@@ -452,11 +484,11 @@ func (m *HttpClientConfig) MarshalTo(dAtA []byte) (int, error) {
 				dAtA[i] = 0x12
 				i++
 				i = encodeVarintClientConfig(dAtA, i, uint64(v.Size()))
-				n8, err := v.MarshalTo(dAtA[i:])
+				n10, err := v.MarshalTo(dAtA[i:])
 				if err != nil {
 					return 0, err
 				}
-				i += n8
+				i += n10
 			}
 		}
 	}
@@ -470,21 +502,21 @@ func (m *HttpClientConfig) MarshalTo(dAtA []byte) (int, error) {
 		dAtA[i] = 0x22
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.MixerAttributes.Size()))
-		n9, err := m.MixerAttributes.MarshalTo(dAtA[i:])
+		n11, err := m.MixerAttributes.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n9
+		i += n11
 	}
 	if m.ForwardAttributes != nil {
 		dAtA[i] = 0x2a
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.ForwardAttributes.Size()))
-		n10, err := m.ForwardAttributes.MarshalTo(dAtA[i:])
+		n12, err := m.ForwardAttributes.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n10
+		i += n12
 	}
 	return i, nil
 }
@@ -508,21 +540,21 @@ func (m *TcpClientConfig) MarshalTo(dAtA []byte) (int, error) {
 		dAtA[i] = 0xa
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.Transport.Size()))
-		n11, err := m.Transport.MarshalTo(dAtA[i:])
+		n13, err := m.Transport.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n11
+		i += n13
 	}
 	if m.MixerAttributes != nil {
 		dAtA[i] = 0x12
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.MixerAttributes.Size()))
-		n12, err := m.MixerAttributes.MarshalTo(dAtA[i:])
+		n14, err := m.MixerAttributes.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n12
+		i += n14
 	}
 	if m.DisableCheckCalls {
 		dAtA[i] = 0x18
@@ -548,21 +580,21 @@ func (m *TcpClientConfig) MarshalTo(dAtA []byte) (int, error) {
 		dAtA[i] = 0x2a
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.ConnectionQuotaSpec.Size()))
-		n13, err := m.ConnectionQuotaSpec.MarshalTo(dAtA[i:])
+		n15, err := m.ConnectionQuotaSpec.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n13
+		i += n15
 	}
 	if m.ReportInterval != nil {
 		dAtA[i] = 0x32
 		i++
 		i = encodeVarintClientConfig(dAtA, i, uint64(m.ReportInterval.Size()))
-		n14, err := m.ReportInterval.MarshalTo(dAtA[i:])
+		n16, err := m.ReportInterval.MarshalTo(dAtA[i:])
 		if err != nil {
 			return 0, err
 		}
-		i += n14
+		i += n16
 	}
 	return i, nil
 }
@@ -582,6 +614,17 @@ func (m *NetworkFailPolicy) Size() (n int) {
 	if m.Policy != 0 {
 		n += 1 + sovClientConfig(uint64(m.Policy))
 	}
+	if m.MaxRetry != 0 {
+		n += 1 + sovClientConfig(uint64(m.MaxRetry))
+	}
+	if m.BaseRetryWait != nil {
+		l = m.BaseRetryWait.Size()
+		n += 1 + l + sovClientConfig(uint64(l))
+	}
+	if m.MaxRetryWait != nil {
+		l = m.MaxRetryWait.Size()
+		n += 1 + l + sovClientConfig(uint64(l))
+	}
 	return n
 }
 
@@ -738,6 +781,9 @@ func (this *NetworkFailPolicy) String() string {
 	}
 	s := strings.Join([]string{`&NetworkFailPolicy{`,
 		`Policy:` + fmt.Sprintf("%v", this.Policy) + `,`,
+		`MaxRetry:` + fmt.Sprintf("%v", this.MaxRetry) + `,`,
+		`BaseRetryWait:` + strings.Replace(fmt.Sprintf("%v", this.BaseRetryWait), "Duration", "google_protobuf1.Duration", 1) + `,`,
+		`MaxRetryWait:` + strings.Replace(fmt.Sprintf("%v", this.MaxRetryWait), "Duration", "google_protobuf1.Duration", 1) + `,`,
 		`}`,
 	}, "")
 	return s
@@ -870,6 +916,91 @@ func (m *NetworkFailPolicy) Unmarshal(dAtA []byte) error {
 					break
 				}
 			}
+		case 2:
+			if wireType != 0 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MaxRetry", wireType)
+			}
+			m.MaxRetry = 0
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowClientConfig
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				m.MaxRetry |= (uint32(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+		case 3:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field BaseRetryWait", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowClientConfig
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthClientConfig
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.BaseRetryWait == nil {
+				m.BaseRetryWait = &google_protobuf1.Duration{}
+			}
+			if err := m.BaseRetryWait.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
+		case 4:
+			if wireType != 2 {
+				return fmt.Errorf("proto: wrong wireType = %d for field MaxRetryWait", wireType)
+			}
+			var msglen int
+			for shift := uint(0); ; shift += 7 {
+				if shift >= 64 {
+					return ErrIntOverflowClientConfig
+				}
+				if iNdEx >= l {
+					return io.ErrUnexpectedEOF
+				}
+				b := dAtA[iNdEx]
+				iNdEx++
+				msglen |= (int(b) & 0x7F) << shift
+				if b < 0x80 {
+					break
+				}
+			}
+			if msglen < 0 {
+				return ErrInvalidLengthClientConfig
+			}
+			postIndex := iNdEx + msglen
+			if postIndex > l {
+				return io.ErrUnexpectedEOF
+			}
+			if m.MaxRetryWait == nil {
+				m.MaxRetryWait = &google_protobuf1.Duration{}
+			}
+			if err := m.MaxRetryWait.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+				return err
+			}
+			iNdEx = postIndex
 		default:
 			iNdEx = preIndex
 			skippy, err := skipClientConfig(dAtA[iNdEx:])
@@ -2042,61 +2173,65 @@ func init() {
 }
 
 var fileDescriptorClientConfig = []byte{
-	// 887 bytes of a gzipped FileDescriptorProto
-	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x41, 0x6f, 0xdb, 0x36,
-	0x14, 0x96, 0x62, 0x27, 0xad, 0xe9, 0x39, 0x71, 0xe8, 0x16, 0x73, 0xbc, 0x41, 0x08, 0x5c, 0x14,
-	0xcb, 0x56, 0x4c, 0x5a, 0xbd, 0xcb, 0xd0, 0xc3, 0x00, 0xc7, 0x4d, 0xd0, 0x60, 0x4d, 0xeb, 0x29,
-	0x29, 0x06, 0x6c, 0x07, 0x82, 0x96, 0x69, 0x9b, 0xb0, 0x26, 0xaa, 0x14, 0xe5, 0x36, 0xb7, 0xfd,
-	0x82, 0x61, 0x87, 0xfd, 0x88, 0xfe, 0x94, 0x1e, 0x7b, 0xdc, 0x71, 0xf6, 0x2e, 0x3b, 0xe6, 0x38,
-	0x60, 0x97, 0x41, 0x24, 0x65, 0xc5, 0x8e, 0xed, 0xcc, 0xc3, 0x7a, 0x32, 0xf5, 0xde, 0xf7, 0x1e,
-	0xc9, 0xef, 0xbd, 0xf7, 0xd1, 0xe0, 0xb3, 0x1f, 0xe9, 0x6b, 0xc2, 0x9d, 0xd1, 0x43, 0xc7, 0x63,
-	0x41, 0x8f, 0xf6, 0x1d, 0xcf, 0xa7, 0x24, 0x10, 0xfa, 0x07, 0x29, 0xa3, 0x1d, 0x72, 0x26, 0x18,
-	0xfc, 0x98, 0x46, 0x82, 0x32, 0x5b, 0x46, 0xd8, 0xa3, 0x87, 0xb6, 0x76, 0x2a, 0x68, 0xed, 0x4e,
-	0x9f, 0xf5, 0x99, 0x04, 0x3a, 0xc9, 0x4a, 0xc5, 0xd4, 0xac, 0x3e, 0x63, 0x7d, 0x9f, 0x38, 0xf2,
-	0xab, 0x13, 0xf7, 0x9c, 0x6e, 0xcc, 0xb1, 0xa0, 0x2c, 0xd0, 0xfe, 0xbd, 0xe9, 0xfe, 0x58, 0x08,
-	0x4e, 0x3b, 0xb1, 0x20, 0x91, 0x76, 0xdd, 0x5f, 0x72, 0x34, 0x1c, 0x52, 0x14, 0x85, 0xc4, 0xd3,
-	0xb0, 0xfa, 0x12, 0xd8, 0xcb, 0x98, 0x09, 0xac, 0x30, 0xf5, 0x5f, 0x4d, 0xb0, 0xfb, 0x8c, 0x88,
-	0x57, 0x8c, 0x0f, 0x8f, 0x31, 0xf5, 0xdb, 0xcc, 0xa7, 0xde, 0x05, 0x74, 0xc1, 0x56, 0x28, 0x57,
-	0x55, 0x73, 0xdf, 0x3c, 0xd8, 0x6e, 0x3c, 0xb2, 0x57, 0x5d, 0xd0, 0xbe, 0x96, 0xc0, 0xce, 0x96,
-	0xae, 0xce, 0x54, 0x7f, 0x00, 0xc0, 0x95, 0x1d, 0x4a, 0xa0, 0x70, 0xdc, 0x3c, 0x79, 0x8a, 0x9e,
-	0xb7, 0x8f, 0x9e, 0x95, 0x0d, 0xb8, 0x0d, 0x80, 0xfc, 0x6c, 0x3d, 0x7d, 0x7e, 0x76, 0x54, 0x36,
-	0xeb, 0x7f, 0xe7, 0x40, 0xe9, 0x8c, 0xf0, 0x11, 0xf5, 0x48, 0x4b, 0x6e, 0x05, 0x6d, 0x50, 0xe9,
-	0xd2, 0x08, 0x77, 0x7c, 0x82, 0xbc, 0x01, 0xf1, 0x86, 0xc8, 0xc3, 0xbe, 0x1f, 0xc9, 0xf3, 0xdd,
-	0x76, 0x77, 0xb5, 0xab, 0x95, 0x78, 0x5a, 0x89, 0x03, 0x7e, 0x01, 0xee, 0xa4, 0x78, 0x4e, 0x42,
-	0xc6, 0x85, 0x0e, 0xd8, 0x90, 0x01, 0x50, 0xfb, 0x5c, 0xe9, 0x52, 0x11, 0x47, 0xa0, 0x2c, 0xef,
-	0x87, 0x32, 0xbe, 0xab, 0xb9, 0x7d, 0xf3, 0xa0, 0xd8, 0xa8, 0xcd, 0x5f, 0xbf, 0x39, 0x45, 0xb8,
-	0x3b, 0xd2, 0x98, 0x19, 0xe0, 0x29, 0x28, 0x0d, 0x84, 0x08, 0x51, 0x5a, 0x8c, 0x6a, 0x7e, 0x3f,
-	0x77, 0x50, 0x6c, 0x7c, 0xba, 0x9a, 0xc2, 0x27, 0xe7, 0xe7, 0xed, 0x66, 0xfb, 0xe4, 0x2c, 0x24,
-	0x9e, 0x5b, 0x4c, 0xe2, 0x9b, 0x21, 0x4d, 0x3e, 0xe0, 0x31, 0x00, 0xb2, 0x5e, 0x2a, 0xd7, 0xa6,
-	0xcc, 0xf5, 0xc9, 0xea, 0x5c, 0xdf, 0x26, 0x78, 0x99, 0xa9, 0xf0, 0x32, 0x5d, 0x42, 0x04, 0x2a,
-	0x81, 0x2a, 0x13, 0xea, 0x61, 0xea, 0x23, 0x5d, 0xdf, 0x5b, 0xf2, 0x82, 0xce, 0x9a, 0xf5, 0x75,
-	0x77, 0x83, 0x6b, 0x3d, 0x73, 0x02, 0x60, 0x8f, 0xf1, 0x57, 0x98, 0x77, 0xaf, 0x12, 0x78, 0xfb,
-	0x46, 0x02, 0x77, 0x75, 0x54, 0x66, 0xaa, 0xff, 0x95, 0x03, 0x3b, 0xe7, 0x1c, 0x07, 0x91, 0x2c,
-	0xce, 0xd2, 0xfa, 0x7b, 0x03, 0xb2, 0xb8, 0xfe, 0xde, 0x80, 0x5c, 0xc5, 0x2b, 0xfe, 0x14, 0x7e,
-	0x63, 0x06, 0x2f, 0x99, 0x52, 0xf8, 0xeb, 0xfd, 0xd2, 0xc1, 0xc2, 0x1b, 0xc8, 0x0e, 0x98, 0xef,
-	0x97, 0xc3, 0xc4, 0xb3, 0x8c, 0xd1, 0xfc, 0xff, 0xc6, 0xe8, 0x29, 0xb8, 0x1b, 0x09, 0x2c, 0x22,
-	0x14, 0x87, 0x5d, 0x2c, 0x08, 0xa2, 0x81, 0x20, 0x7c, 0x84, 0xfd, 0xea, 0xa6, 0xdc, 0x62, 0xcf,
-	0x56, 0x0a, 0x62, 0xa7, 0x0a, 0x62, 0x3f, 0xd6, 0x0a, 0xe2, 0x56, 0x64, 0xdc, 0x0b, 0x19, 0x76,
-	0xa2, 0xa3, 0xe0, 0x3d, 0x50, 0xd2, 0xcc, 0xf9, 0x71, 0x24, 0x08, 0xaf, 0x6e, 0xed, 0x9b, 0x07,
-	0x05, 0xf7, 0x03, 0x69, 0x6c, 0x29, 0x1b, 0xbc, 0x0f, 0xb6, 0xd3, 0x71, 0xd1, 0xa8, 0x5b, 0x12,
-	0x55, 0x52, 0xd6, 0x14, 0xf6, 0x1d, 0xa8, 0x65, 0x45, 0x46, 0x3d, 0xc6, 0x91, 0x1a, 0x9d, 0x90,
-	0xb3, 0xd7, 0x17, 0xff, 0xa2, 0xe8, 0x1f, 0x66, 0xd1, 0xc7, 0x8c, 0x9f, 0x26, 0x88, 0x76, 0x12,
-	0x5a, 0xff, 0x39, 0x0f, 0xca, 0x4f, 0x84, 0x08, 0x5b, 0x92, 0x27, 0x5d, 0xfb, 0x6f, 0x40, 0x41,
-	0xa4, 0xed, 0x20, 0x2b, 0x5e, 0x6c, 0x7c, 0xbe, 0x9a, 0xdf, 0xb9, 0xee, 0x71, 0xb3, 0x78, 0x38,
-	0x04, 0x3b, 0x91, 0x52, 0x16, 0xad, 0xe1, 0x89, 0x26, 0x24, 0x53, 0x75, 0x78, 0xc3, 0x84, 0xce,
-	0x9d, 0xca, 0x9e, 0xd1, 0xa7, 0xe8, 0x28, 0x10, 0xfc, 0xc2, 0xdd, 0x8e, 0x66, 0x8c, 0xf0, 0x6b,
-	0xf0, 0x51, 0x97, 0xf4, 0x70, 0xec, 0x0b, 0xd4, 0x25, 0x91, 0xa0, 0x81, 0xac, 0x0f, 0xd2, 0x28,
-	0xd9, 0x5c, 0x05, 0x77, 0x4f, 0x43, 0x1e, 0x67, 0x08, 0x9d, 0x7b, 0xa1, 0x26, 0xe5, 0xd7, 0xd7,
-	0xa4, 0xc5, 0xb3, 0xb9, 0xf9, 0x1f, 0x66, 0xb3, 0x16, 0x80, 0xca, 0x82, 0x8b, 0xc3, 0x32, 0xc8,
-	0x0d, 0x89, 0x7a, 0x2e, 0x0a, 0x6e, 0xb2, 0x84, 0x4d, 0xb0, 0x39, 0xc2, 0x7e, 0xac, 0x46, 0xae,
-	0xd8, 0x78, 0xb0, 0x9a, 0xdd, 0x99, 0x9c, 0xae, 0x8a, 0x7c, 0xb4, 0xf1, 0x95, 0x59, 0x7f, 0x93,
-	0x68, 0x81, 0xf7, 0x1e, 0xfb, 0x61, 0x11, 0xc5, 0x1b, 0xeb, 0x53, 0xbc, 0xe4, 0x7d, 0xca, 0xad,
-	0xfb, 0x3e, 0xe5, 0x97, 0xbe, 0x4f, 0x3f, 0x80, 0xbb, 0x1e, 0x0b, 0x02, 0xe2, 0xc9, 0x16, 0x9a,
-	0x79, 0x14, 0xcc, 0x75, 0x1e, 0x85, 0x4a, 0x96, 0x65, 0x6a, 0x84, 0x87, 0x60, 0x47, 0x1f, 0x63,
-	0xaa, 0x32, 0x5b, 0x37, 0xa9, 0x8c, 0x56, 0x8a, 0x54, 0x60, 0x0e, 0x5f, 0xbc, 0x1d, 0x5b, 0xc6,
-	0xbb, 0xb1, 0x65, 0xfc, 0x36, 0xb6, 0x8c, 0xcb, 0xb1, 0x65, 0xfc, 0x34, 0xb1, 0xcc, 0x37, 0x13,
-	0xcb, 0x78, 0x3b, 0xb1, 0xcc, 0x77, 0x13, 0xcb, 0xfc, 0x7d, 0x62, 0x99, 0x7f, 0x4e, 0x2c, 0xe3,
-	0x72, 0x62, 0x99, 0xbf, 0xfc, 0x61, 0x19, 0xdf, 0xdf, 0x53, 0x47, 0xa6, 0x2c, 0xf9, 0xeb, 0xe2,
-	0x2c, 0xfe, 0xbb, 0xd2, 0xd9, 0x92, 0x3b, 0x7f, 0xf9, 0x4f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x20,
-	0x16, 0x4a, 0x99, 0x91, 0x09, 0x00, 0x00,
+	// 945 bytes of a gzipped FileDescriptorProto
+	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xb4, 0x56, 0x4d, 0x6f, 0x1a, 0x47,
+	0x18, 0x66, 0x01, 0x3b, 0x66, 0x08, 0x1f, 0x1e, 0x12, 0x15, 0x93, 0x6a, 0x85, 0x88, 0xa2, 0xd2,
+	0x46, 0x5d, 0x1a, 0x7a, 0xa9, 0x72, 0x68, 0x85, 0x89, 0xad, 0x58, 0x8d, 0x13, 0xba, 0x76, 0x14,
+	0xa9, 0x3d, 0x8c, 0x86, 0x65, 0x80, 0x91, 0xd7, 0x3b, 0x9b, 0xd9, 0x01, 0xdb, 0xb7, 0xfe, 0x82,
+	0xaa, 0x3f, 0x23, 0x7f, 0xa0, 0xff, 0x21, 0xc7, 0x1c, 0x7b, 0xac, 0xe9, 0xa5, 0x47, 0x1f, 0x2b,
+	0xf5, 0x52, 0xed, 0xcc, 0x2c, 0x6b, 0x6c, 0x3e, 0x4a, 0xd5, 0x9e, 0x98, 0x7d, 0xdf, 0xe7, 0x79,
+	0x77, 0xf6, 0x79, 0x9f, 0x79, 0x07, 0xf0, 0xd9, 0x29, 0x3d, 0x27, 0xbc, 0x31, 0x7e, 0xd2, 0x70,
+	0x98, 0xd7, 0xa7, 0x83, 0x86, 0xe3, 0x52, 0xe2, 0x09, 0xfd, 0x83, 0x54, 0xd0, 0xf2, 0x39, 0x13,
+	0x0c, 0x7e, 0x4c, 0x03, 0x41, 0x99, 0x25, 0x19, 0xd6, 0xf8, 0x89, 0xa5, 0x93, 0x0a, 0x5a, 0xb9,
+	0x37, 0x60, 0x03, 0x26, 0x81, 0x8d, 0x70, 0xa5, 0x38, 0x15, 0x73, 0xc0, 0xd8, 0xc0, 0x25, 0x0d,
+	0xf9, 0xd4, 0x1d, 0xf5, 0x1b, 0xbd, 0x11, 0xc7, 0x82, 0x32, 0x4f, 0xe7, 0x77, 0xa6, 0xef, 0xc7,
+	0x42, 0x70, 0xda, 0x1d, 0x09, 0x12, 0xe8, 0xd4, 0xa3, 0x05, 0x5b, 0xc3, 0x3e, 0x45, 0x81, 0x4f,
+	0x1c, 0x0d, 0xab, 0x2d, 0x80, 0xbd, 0x1d, 0x31, 0x81, 0x15, 0xa6, 0xf6, 0x4b, 0x12, 0x6c, 0xbf,
+	0x24, 0xe2, 0x8c, 0xf1, 0x93, 0x7d, 0x4c, 0xdd, 0x0e, 0x73, 0xa9, 0x73, 0x01, 0x6d, 0xb0, 0xe9,
+	0xcb, 0x55, 0xd9, 0xa8, 0x1a, 0xf5, 0x7c, 0xf3, 0xa9, 0xb5, 0xec, 0x03, 0xad, 0x5b, 0x05, 0xac,
+	0x78, 0x69, 0xeb, 0x4a, 0xf0, 0x01, 0xc8, 0x9c, 0xe2, 0x73, 0xc4, 0x89, 0xe0, 0x17, 0xe5, 0x64,
+	0xd5, 0xa8, 0xe7, 0xec, 0xad, 0x53, 0x7c, 0x6e, 0x87, 0xcf, 0xb0, 0x05, 0x0a, 0x5d, 0x1c, 0x10,
+	0x95, 0x45, 0x67, 0x98, 0x8a, 0x72, 0xaa, 0x6a, 0xd4, 0xb3, 0xcd, 0x1d, 0x4b, 0xc9, 0x64, 0x45,
+	0x32, 0x59, 0xcf, 0xb4, 0x4c, 0x76, 0x2e, 0x64, 0x48, 0xfa, 0x1b, 0x4c, 0x05, 0xfc, 0x06, 0xe4,
+	0xa7, 0xf5, 0x55, 0x85, 0xf4, 0xaa, 0x0a, 0x77, 0xa3, 0xf7, 0x87, 0x05, 0x6a, 0x8f, 0x01, 0xb8,
+	0x26, 0x41, 0x0e, 0x64, 0xf6, 0x5b, 0x07, 0x2f, 0xd0, 0xab, 0xce, 0xde, 0xcb, 0x62, 0x02, 0xe6,
+	0x01, 0x90, 0x8f, 0xed, 0x17, 0xaf, 0x8e, 0xf6, 0x8a, 0x46, 0xed, 0xaf, 0x14, 0xc8, 0x1d, 0x11,
+	0x3e, 0xa6, 0x0e, 0x69, 0x4b, 0x2d, 0xa0, 0x05, 0x4a, 0x3d, 0x1a, 0xe0, 0xae, 0x4b, 0x90, 0x33,
+	0x24, 0xce, 0x09, 0x72, 0xb0, 0xeb, 0x06, 0x52, 0xc0, 0x2d, 0x7b, 0x5b, 0xa7, 0xda, 0x61, 0xa6,
+	0x1d, 0x26, 0xe0, 0x17, 0xe0, 0x5e, 0x84, 0xe7, 0xc4, 0x67, 0x5c, 0x68, 0x42, 0x52, 0x12, 0xa0,
+	0xce, 0xd9, 0x32, 0xa5, 0x18, 0x7b, 0xa0, 0x28, 0x1b, 0x80, 0x62, 0x43, 0x68, 0x95, 0x2a, 0x37,
+	0xfb, 0xd3, 0x9a, 0x22, 0xec, 0x82, 0x0c, 0xc6, 0x01, 0x78, 0x08, 0x72, 0x43, 0x21, 0x7c, 0x14,
+	0xb9, 0xa5, 0x9c, 0xae, 0xa6, 0xea, 0xd9, 0xe6, 0xa7, 0xcb, 0x7b, 0xfc, 0xfc, 0xf8, 0xb8, 0xd3,
+	0xea, 0x1c, 0x1c, 0xf9, 0xc4, 0xb1, 0xb3, 0x21, 0xbf, 0xe5, 0xd3, 0xf0, 0x01, 0xee, 0x03, 0x20,
+	0x0d, 0xa5, 0x6a, 0x6d, 0xc8, 0x5a, 0x9f, 0x2c, 0xaf, 0xf5, 0x5d, 0x88, 0x97, 0x95, 0x32, 0x6f,
+	0xa3, 0x25, 0x44, 0xa0, 0xe4, 0x29, 0x1f, 0xa1, 0x3e, 0xa6, 0x2e, 0xd2, 0x06, 0xbc, 0x23, 0x3f,
+	0xb0, 0xb1, 0xa6, 0x01, 0xed, 0x6d, 0xef, 0x96, 0xa9, 0x0f, 0x00, 0xec, 0x33, 0x7e, 0x86, 0x79,
+	0xef, 0xba, 0x80, 0x5b, 0x2b, 0x05, 0xdc, 0xd6, 0xac, 0x38, 0x54, 0xfb, 0x33, 0x05, 0x0a, 0xc7,
+	0x1c, 0x7b, 0x81, 0x6c, 0xce, 0xc2, 0xfe, 0x3b, 0x43, 0x32, 0xbf, 0xff, 0xce, 0x90, 0x5c, 0xc7,
+	0x2b, 0xfd, 0x14, 0x3e, 0x39, 0x83, 0x97, 0x4a, 0x29, 0xfc, 0x6d, 0xbf, 0x74, 0xb1, 0x70, 0x86,
+	0xd2, 0x01, 0x37, 0xfd, 0xb2, 0x1b, 0x66, 0x16, 0x29, 0x9a, 0xfe, 0xcf, 0x14, 0x3d, 0x04, 0xf7,
+	0x03, 0x81, 0x45, 0x80, 0x46, 0x7e, 0x0f, 0x0b, 0x82, 0xa8, 0x27, 0x08, 0x1f, 0x63, 0xb7, 0xbc,
+	0xb1, 0xea, 0xe4, 0x95, 0x24, 0xef, 0xb5, 0xa4, 0x1d, 0x68, 0x16, 0x7c, 0x08, 0x72, 0x5a, 0x39,
+	0x77, 0x14, 0x08, 0xc2, 0xcb, 0x9b, 0x55, 0xa3, 0x9e, 0xb1, 0xef, 0xca, 0x60, 0x5b, 0xc5, 0xe0,
+	0x23, 0x90, 0x8f, 0x8e, 0x8b, 0x46, 0xdd, 0x91, 0xa8, 0x9c, 0x8a, 0x46, 0xb0, 0x37, 0xa0, 0x12,
+	0x37, 0x19, 0xf5, 0x19, 0x47, 0xea, 0xe8, 0xf8, 0x9c, 0x9d, 0x5f, 0xfc, 0x83, 0xa6, 0x7f, 0x14,
+	0xb3, 0xf7, 0x19, 0x3f, 0x0c, 0x11, 0x9d, 0x90, 0x5a, 0xfb, 0x29, 0x0d, 0x8a, 0xcf, 0x85, 0xf0,
+	0xdb, 0x52, 0x27, 0xdd, 0xfb, 0x6f, 0x41, 0x46, 0x44, 0x76, 0x90, 0x1d, 0xcf, 0x36, 0x3f, 0x5f,
+	0xae, 0xef, 0x0d, 0xf7, 0xd8, 0x31, 0x1f, 0x9e, 0x80, 0x42, 0xa0, 0x26, 0x8b, 0xbe, 0x64, 0xc2,
+	0x99, 0x10, 0x9e, 0xaa, 0xdd, 0x15, 0x27, 0xf4, 0xc6, 0xae, 0xac, 0x99, 0xf9, 0x14, 0xec, 0x79,
+	0x82, 0x5f, 0xd8, 0xf9, 0x60, 0x26, 0x08, 0xbf, 0x06, 0x0f, 0x7a, 0xa4, 0x8f, 0x47, 0xae, 0x40,
+	0x3d, 0x12, 0x08, 0xea, 0xc9, 0xfe, 0x20, 0x8d, 0x92, 0xe6, 0xca, 0xd8, 0x3b, 0x1a, 0xf2, 0x2c,
+	0x46, 0xe8, 0xda, 0x73, 0x67, 0x52, 0x7a, 0xfd, 0x99, 0x34, 0xff, 0x6c, 0x6e, 0xfc, 0x8b, 0xb3,
+	0x59, 0xf1, 0x40, 0x69, 0xce, 0x87, 0xc3, 0x22, 0x48, 0x9d, 0x10, 0x75, 0x9f, 0x65, 0xec, 0x70,
+	0x09, 0x5b, 0x60, 0x63, 0x8c, 0xdd, 0x91, 0x3a, 0x72, 0xd9, 0xe6, 0xe3, 0xe5, 0xea, 0xce, 0xd4,
+	0xb4, 0x15, 0xf3, 0x69, 0xf2, 0x2b, 0xa3, 0xf6, 0x2e, 0x9c, 0x05, 0xce, 0xff, 0xe8, 0x87, 0x79,
+	0x12, 0x27, 0xd7, 0x97, 0x78, 0xc1, 0xfd, 0x94, 0x5a, 0xf7, 0x7e, 0x4a, 0x2f, 0xbc, 0x9f, 0x7e,
+	0x00, 0xf7, 0x1d, 0xe6, 0x79, 0xc4, 0x91, 0x16, 0x9a, 0xb9, 0x14, 0x8c, 0x75, 0x2e, 0x85, 0x52,
+	0x5c, 0x65, 0x1a, 0x84, 0xbb, 0xa0, 0xa0, 0xb7, 0x31, 0x9d, 0x32, 0x9b, 0xab, 0xa6, 0x8c, 0x9e,
+	0x14, 0xd1, 0x80, 0xd9, 0x7d, 0xfd, 0xfe, 0xd2, 0x4c, 0x7c, 0xb8, 0x34, 0x13, 0xbf, 0x5e, 0x9a,
+	0x89, 0xab, 0x4b, 0x33, 0xf1, 0xe3, 0xc4, 0x34, 0xde, 0x4d, 0xcc, 0xc4, 0xfb, 0x89, 0x69, 0x7c,
+	0x98, 0x98, 0xc6, 0x6f, 0x13, 0xd3, 0xf8, 0x63, 0x62, 0x26, 0xae, 0x26, 0xa6, 0xf1, 0xf3, 0xef,
+	0x66, 0xe2, 0xfb, 0x87, 0x6a, 0xcb, 0x94, 0x85, 0xff, 0xad, 0x1a, 0xf3, 0xff, 0x4f, 0x75, 0x37,
+	0xe5, 0x9b, 0xbf, 0xfc, 0x3b, 0x00, 0x00, 0xff, 0xff, 0x85, 0x74, 0xc6, 0xd6, 0x32, 0x0a, 0x00,
+	0x00,
 }
diff --git a/mixer/v1/config/client/client_config.proto b/mixer/v1/config/client/client_config.proto
index 534a0b6414..d5f0c603a9 100644
--- a/mixer/v1/config/client/client_config.proto
+++ b/mixer/v1/config/client/client_config.proto
@@ -46,6 +46,16 @@ message NetworkFailPolicy {
 
   // Specifies the behavior when the client is unable to connect to Mixer.
   FailPolicy policy = 1;
+
+  // Max retries on transport error.
+  uint32 max_retry = 2;
+
+  // Base time to wait between retries.  Will be adjusted by exponential
+  // backoff and jitter.
+  google.protobuf.Duration base_retry_wait = 3;
+
+  // Max time to wait between retries.
+  google.protobuf.Duration max_retry_wait = 4;
 }
 
 // Defines the per-service client configuration.
diff --git a/mixer/v1/config/client/istio.mixer.v1.config.client.pb.html b/mixer/v1/config/client/istio.mixer.v1.config.client.pb.html
index 9c34febb0e..bc27741ddd 100644
--- a/mixer/v1/config/client/istio.mixer.v1.config.client.pb.html
+++ b/mixer/v1/config/client/istio.mixer.v1.config.client.pb.html
@@ -517,6 +517,31 @@ 
NetworkFailPolicy
+ + + + + + + + + + + + + + + diff --git a/proto.lock b/proto.lock index 408a2f7fa6..32076425d7 100644 --- a/proto.lock +++ b/proto.lock @@ -1985,6 +1985,21 @@ "id": 1, "name": "policy", "type": "FailPolicy" + }, + { + "id": 2, + "name": "max_retry", + "type": "uint32" + }, + { + "id": 3, + "name": "base_retry_wait", + "type": "google.protobuf.Duration" + }, + { + "id": 4, + "name": "max_retry_wait", + "type": "google.protobuf.Duration" } ] }, diff --git a/python/istio_api/mixer/v1/config/client/client_config_pb2.py b/python/istio_api/mixer/v1/config/client/client_config_pb2.py index f857591431..d384b645e1 100644 --- a/python/istio_api/mixer/v1/config/client/client_config_pb2.py +++ b/python/istio_api/mixer/v1/config/client/client_config_pb2.py @@ -24,7 +24,7 @@ name='mixer/v1/config/client/client_config.proto', package='istio.mixer.v1.config.client', syntax='proto3', - serialized_pb=_b('\n*mixer/v1/config/client/client_config.proto\x12\x1cistio.mixer.v1.config.client\x1a\x14gogoproto/gogo.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x19mixer/v1/attributes.proto\x1a%mixer/v1/config/client/api_spec.proto\x1a\"mixer/v1/config/client/quota.proto\"\x8c\x01\n\x11NetworkFailPolicy\x12J\n\x06policy\x18\x01 \x01(\x0e\x32:.istio.mixer.v1.config.client.NetworkFailPolicy.FailPolicy\"+\n\nFailPolicy\x12\r\n\tFAIL_OPEN\x10\x00\x12\x0e\n\nFAIL_CLOSE\x10\x01\"\x85\x03\n\rServiceConfig\x12\x1b\n\x13\x64isable_check_calls\x18\x01 \x01(\x08\x12\x1c\n\x14\x64isable_report_calls\x18\x02 \x01(\x08\x12\x34\n\x10mixer_attributes\x18\x03 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\x12@\n\rhttp_api_spec\x18\x04 \x03(\x0b\x32).istio.mixer.v1.config.client.HTTPAPISpec\x12;\n\nquota_spec\x18\x05 \x03(\x0b\x32\'.istio.mixer.v1.config.client.QuotaSpec\x12L\n\x13network_fail_policy\x18\x07 \x01(\x0b\x32/.istio.mixer.v1.config.client.NetworkFailPolicy\x12\x36\n\x12\x66orward_attributes\x18\x08 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\"\xe0\x02\n\x0fTransportConfig\x12\x1b\n\x13\x64isable_check_cache\x18\x01 \x01(\x08\x12\x1b\n\x13\x64isable_quota_cache\x18\x02 \x01(\x08\x12\x1c\n\x14\x64isable_report_batch\x18\x03 \x01(\x08\x12L\n\x13network_fail_policy\x18\x04 \x01(\x0b\x32/.istio.mixer.v1.config.client.NetworkFailPolicy\x12\x38\n\x15stats_update_interval\x18\x05 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x15\n\rcheck_cluster\x18\x06 \x01(\t\x12\x16\n\x0ereport_cluster\x18\x07 \x01(\t\x12>\n\x1a\x61ttributes_for_mixer_proxy\x18\x08 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\"\xa8\x03\n\x10HttpClientConfig\x12@\n\ttransport\x18\x01 \x01(\x0b\x32-.istio.mixer.v1.config.client.TransportConfig\x12[\n\x0fservice_configs\x18\x02 \x03(\x0b\x32\x42.istio.mixer.v1.config.client.HttpClientConfig.ServiceConfigsEntry\x12#\n\x1b\x64\x65\x66\x61ult_destination_service\x18\x03 \x01(\t\x12\x34\n\x10mixer_attributes\x18\x04 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\x12\x36\n\x12\x66orward_attributes\x18\x05 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\x1a\x62\n\x13ServiceConfigsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12:\n\x05value\x18\x02 \x01(\x0b\x32+.istio.mixer.v1.config.client.ServiceConfig:\x02\x38\x01\"\xc0\x02\n\x0fTcpClientConfig\x12@\n\ttransport\x18\x01 \x01(\x0b\x32-.istio.mixer.v1.config.client.TransportConfig\x12\x34\n\x10mixer_attributes\x18\x02 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\x12\x1b\n\x13\x64isable_check_calls\x18\x03 \x01(\x08\x12\x1c\n\x14\x64isable_report_calls\x18\x04 \x01(\x08\x12\x46\n\x15\x63onnection_quota_spec\x18\x05 \x01(\x0b\x32\'.istio.mixer.v1.config.client.QuotaSpec\x12\x32\n\x0freport_interval\x18\x06 \x01(\x0b\x32\x19.google.protobuf.DurationB1Z#istio.io/api/mixer/v1/config/client\xc8\xe1\x1e\x00\xa8\xe2\x1e\x00\xf0\xe1\x1e\x00\x62\x06proto3') + serialized_pb=_b('\n*mixer/v1/config/client/client_config.proto\x12\x1cistio.mixer.v1.config.client\x1a\x14gogoproto/gogo.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x19mixer/v1/attributes.proto\x1a%mixer/v1/config/client/api_spec.proto\x1a\"mixer/v1/config/client/quota.proto\"\x86\x02\n\x11NetworkFailPolicy\x12J\n\x06policy\x18\x01 \x01(\x0e\x32:.istio.mixer.v1.config.client.NetworkFailPolicy.FailPolicy\x12\x11\n\tmax_retry\x18\x02 \x01(\r\x12\x32\n\x0f\x62\x61se_retry_wait\x18\x03 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x31\n\x0emax_retry_wait\x18\x04 \x01(\x0b\x32\x19.google.protobuf.Duration\"+\n\nFailPolicy\x12\r\n\tFAIL_OPEN\x10\x00\x12\x0e\n\nFAIL_CLOSE\x10\x01\"\x85\x03\n\rServiceConfig\x12\x1b\n\x13\x64isable_check_calls\x18\x01 \x01(\x08\x12\x1c\n\x14\x64isable_report_calls\x18\x02 \x01(\x08\x12\x34\n\x10mixer_attributes\x18\x03 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\x12@\n\rhttp_api_spec\x18\x04 \x03(\x0b\x32).istio.mixer.v1.config.client.HTTPAPISpec\x12;\n\nquota_spec\x18\x05 \x03(\x0b\x32\'.istio.mixer.v1.config.client.QuotaSpec\x12L\n\x13network_fail_policy\x18\x07 \x01(\x0b\x32/.istio.mixer.v1.config.client.NetworkFailPolicy\x12\x36\n\x12\x66orward_attributes\x18\x08 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\"\xe0\x02\n\x0fTransportConfig\x12\x1b\n\x13\x64isable_check_cache\x18\x01 \x01(\x08\x12\x1b\n\x13\x64isable_quota_cache\x18\x02 \x01(\x08\x12\x1c\n\x14\x64isable_report_batch\x18\x03 \x01(\x08\x12L\n\x13network_fail_policy\x18\x04 \x01(\x0b\x32/.istio.mixer.v1.config.client.NetworkFailPolicy\x12\x38\n\x15stats_update_interval\x18\x05 \x01(\x0b\x32\x19.google.protobuf.Duration\x12\x15\n\rcheck_cluster\x18\x06 \x01(\t\x12\x16\n\x0ereport_cluster\x18\x07 \x01(\t\x12>\n\x1a\x61ttributes_for_mixer_proxy\x18\x08 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\"\xa8\x03\n\x10HttpClientConfig\x12@\n\ttransport\x18\x01 \x01(\x0b\x32-.istio.mixer.v1.config.client.TransportConfig\x12[\n\x0fservice_configs\x18\x02 \x03(\x0b\x32\x42.istio.mixer.v1.config.client.HttpClientConfig.ServiceConfigsEntry\x12#\n\x1b\x64\x65\x66\x61ult_destination_service\x18\x03 \x01(\t\x12\x34\n\x10mixer_attributes\x18\x04 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\x12\x36\n\x12\x66orward_attributes\x18\x05 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\x1a\x62\n\x13ServiceConfigsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12:\n\x05value\x18\x02 \x01(\x0b\x32+.istio.mixer.v1.config.client.ServiceConfig:\x02\x38\x01\"\xc0\x02\n\x0fTcpClientConfig\x12@\n\ttransport\x18\x01 \x01(\x0b\x32-.istio.mixer.v1.config.client.TransportConfig\x12\x34\n\x10mixer_attributes\x18\x02 \x01(\x0b\x32\x1a.istio.mixer.v1.Attributes\x12\x1b\n\x13\x64isable_check_calls\x18\x03 \x01(\x08\x12\x1c\n\x14\x64isable_report_calls\x18\x04 \x01(\x08\x12\x46\n\x15\x63onnection_quota_spec\x18\x05 \x01(\x0b\x32\'.istio.mixer.v1.config.client.QuotaSpec\x12\x32\n\x0freport_interval\x18\x06 \x01(\x0b\x32\x19.google.protobuf.DurationB1Z#istio.io/api/mixer/v1/config/client\xc8\xe1\x1e\x00\xa8\xe2\x1e\x00\xf0\xe1\x1e\x00\x62\x06proto3') , dependencies=[gogoproto_dot_gogo__pb2.DESCRIPTOR,google_dot_protobuf_dot_duration__pb2.DESCRIPTOR,mixer_dot_v1_dot_attributes__pb2.DESCRIPTOR,mixer_dot_v1_dot_config_dot_client_dot_api__spec__pb2.DESCRIPTOR,mixer_dot_v1_dot_config_dot_client_dot_quota__pb2.DESCRIPTOR,]) @@ -47,8 +47,8 @@ ], containing_type=None, options=None, - serialized_start=330, - serialized_end=373, + serialized_start=452, + serialized_end=495, ) _sym_db.RegisterEnumDescriptor(_NETWORKFAILPOLICY_FAILPOLICY) @@ -67,6 +67,27 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='max_retry', full_name='istio.mixer.v1.config.client.NetworkFailPolicy.max_retry', index=1, + number=2, type=13, cpp_type=3, label=1, + has_default_value=False, default_value=0, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='base_retry_wait', full_name='istio.mixer.v1.config.client.NetworkFailPolicy.base_retry_wait', index=2, + number=3, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='max_retry_wait', full_name='istio.mixer.v1.config.client.NetworkFailPolicy.max_retry_wait', index=3, + number=4, type=11, cpp_type=10, label=1, + has_default_value=False, default_value=None, + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -81,7 +102,7 @@ oneofs=[ ], serialized_start=233, - serialized_end=373, + serialized_end=495, ) @@ -153,8 +174,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=376, - serialized_end=765, + serialized_start=498, + serialized_end=887, ) @@ -233,8 +254,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=768, - serialized_end=1120, + serialized_start=890, + serialized_end=1242, ) @@ -271,8 +292,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1449, - serialized_end=1547, + serialized_start=1571, + serialized_end=1669, ) _HTTPCLIENTCONFIG = _descriptor.Descriptor( @@ -329,8 +350,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1123, - serialized_end=1547, + serialized_start=1245, + serialized_end=1669, ) @@ -395,11 +416,13 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1550, - serialized_end=1870, + serialized_start=1672, + serialized_end=1992, ) _NETWORKFAILPOLICY.fields_by_name['policy'].enum_type = _NETWORKFAILPOLICY_FAILPOLICY +_NETWORKFAILPOLICY.fields_by_name['base_retry_wait'].message_type = google_dot_protobuf_dot_duration__pb2._DURATION +_NETWORKFAILPOLICY.fields_by_name['max_retry_wait'].message_type = google_dot_protobuf_dot_duration__pb2._DURATION _NETWORKFAILPOLICY_FAILPOLICY.containing_type = _NETWORKFAILPOLICY _SERVICECONFIG.fields_by_name['mixer_attributes'].message_type = mixer_dot_v1_dot_attributes__pb2._ATTRIBUTES _SERVICECONFIG.fields_by_name['http_api_spec'].message_type = mixer_dot_v1_dot_config_dot_client_dot_api__spec__pb2._HTTPAPISPEC From 27010bf6b4f37f5252561e544e99c1f910e5110b Mon Sep 17 00:00:00 2001 From: Limin Wang Date: Mon, 11 Feb 2019 09:56:00 -0800 Subject: [PATCH 11/15] Rename "principals" to "names". (#791) * Rename "principals" to "names". Since this is defined under "subjects", we are basically referring to the "name" of a subject. * Update comments. --- proto.lock | 4 +- rbac/v1alpha1/rbac.pb.go | 159 ++++++++++++++++++++------------------- rbac/v1alpha1/rbac.proto | 11 +-- 3 files changed, 88 insertions(+), 86 deletions(-) diff --git a/proto.lock b/proto.lock index 32076425d7..6432feeae8 100644 --- a/proto.lock +++ b/proto.lock @@ -5362,13 +5362,13 @@ }, { "id": 4, - "name": "principals", + "name": "names", "type": "string", "is_repeated": true }, { "id": 5, - "name": "not_principals", + "name": "not_names", "type": "string", "is_repeated": true }, diff --git a/rbac/v1alpha1/rbac.pb.go b/rbac/v1alpha1/rbac.pb.go index b194986bed..87a6b890f0 100644 --- a/rbac/v1alpha1/rbac.pb.go +++ b/rbac/v1alpha1/rbac.pb.go @@ -445,12 +445,13 @@ type Subject struct { // Optional. The user name/ID that the subject represents. User string `protobuf:"bytes,1,opt,name=user,proto3" json:"user,omitempty"` // $hide_from_docs - // Optional. A list of principals that the subject represents. This is matched to the - // `source.principal` attribute. If not specified, it applies to any principals. - Principals []string `protobuf:"bytes,4,rep,name=principals" json:"principals,omitempty"` + // Optional. A list of subject names. This is matched to the + // `source.principal` attribute. If one of subject names is "*", it matches to a subject with any name. + // Prefix and suffix matches are supported. + Names []string `protobuf:"bytes,4,rep,name=names" json:"names,omitempty"` // $hide_from_docs - // Optional. A list of principals that must not be matched. - NotPrincipals []string `protobuf:"bytes,5,rep,name=not_principals,json=notPrincipals" json:"not_principals,omitempty"` + // Optional. A list of subject names that must not be matched. + NotNames []string `protobuf:"bytes,5,rep,name=not_names,json=notNames" json:"not_names,omitempty"` // $hide_from_docs // Optional. The group that the subject belongs to. // Deprecated. Use groups and not_groups instead. @@ -492,16 +493,16 @@ func (m *Subject) GetUser() string { return "" } -func (m *Subject) GetPrincipals() []string { +func (m *Subject) GetNames() []string { if m != nil { - return m.Principals + return m.Names } return nil } -func (m *Subject) GetNotPrincipals() []string { +func (m *Subject) GetNotNames() []string { if m != nil { - return m.NotPrincipals + return m.NotNames } return nil } @@ -1117,8 +1118,8 @@ func (m *Subject) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], v) } } - if len(m.Principals) > 0 { - for _, s := range m.Principals { + if len(m.Names) > 0 { + for _, s := range m.Names { dAtA[i] = 0x22 i++ l = len(s) @@ -1132,8 +1133,8 @@ func (m *Subject) MarshalTo(dAtA []byte) (int, error) { i += copy(dAtA[i:], s) } } - if len(m.NotPrincipals) > 0 { - for _, s := range m.NotPrincipals { + if len(m.NotNames) > 0 { + for _, s := range m.NotNames { dAtA[i] = 0x2a i++ l = len(s) @@ -1551,14 +1552,14 @@ func (m *Subject) Size() (n int) { n += mapEntrySize + 1 + sovRbac(uint64(mapEntrySize)) } } - if len(m.Principals) > 0 { - for _, s := range m.Principals { + if len(m.Names) > 0 { + for _, s := range m.Names { l = len(s) n += 1 + l + sovRbac(uint64(l)) } } - if len(m.NotPrincipals) > 0 { - for _, s := range m.NotPrincipals { + if len(m.NotNames) > 0 { + for _, s := range m.NotNames { l = len(s) n += 1 + l + sovRbac(uint64(l)) } @@ -2892,7 +2893,7 @@ func (m *Subject) Unmarshal(dAtA []byte) error { iNdEx = postIndex case 4: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field Principals", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field Names", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -2917,11 +2918,11 @@ func (m *Subject) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.Principals = append(m.Principals, string(dAtA[iNdEx:postIndex])) + m.Names = append(m.Names, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex case 5: if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field NotPrincipals", wireType) + return fmt.Errorf("proto: wrong wireType = %d for field NotNames", wireType) } var stringLen uint64 for shift := uint(0); ; shift += 7 { @@ -2946,7 +2947,7 @@ func (m *Subject) Unmarshal(dAtA []byte) error { if postIndex > l { return io.ErrUnexpectedEOF } - m.NotPrincipals = append(m.NotPrincipals, string(dAtA[iNdEx:postIndex])) + m.NotNames = append(m.NotNames, string(dAtA[iNdEx:postIndex])) iNdEx = postIndex case 6: if wireType != 2 { @@ -3652,62 +3653,62 @@ var ( func init() { proto.RegisterFile("rbac/v1alpha1/rbac.proto", fileDescriptorRbac) } var fileDescriptorRbac = []byte{ - // 909 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0xdd, 0x6e, 0x23, 0x35, - 0x14, 0xde, 0xc9, 0xe4, 0xa7, 0x39, 0x81, 0x76, 0xea, 0x85, 0x65, 0x14, 0x20, 0x5b, 0x45, 0x2c, - 0x44, 0x2b, 0x94, 0xa8, 0x45, 0xac, 0x0a, 0xd2, 0x5e, 0x6c, 0xdb, 0x94, 0x8d, 0xd4, 0x26, 0x95, - 0x53, 0x58, 0xc4, 0x4d, 0x34, 0x99, 0xb8, 0x8d, 0xe9, 0xd4, 0x1e, 0xd9, 0x4e, 0x4b, 0xb9, 0xe4, - 0x86, 0x57, 0x40, 0x3c, 0x01, 0x0f, 0xc0, 0x03, 0x70, 0xc9, 0x25, 0x8f, 0x80, 0xfa, 0x24, 0xc8, - 0xf6, 0xfc, 0xa4, 0x69, 0xe8, 0xb6, 0x77, 0x3e, 0xdf, 0x39, 0xdf, 0x39, 0x9f, 0xed, 0xcf, 0x99, - 0x80, 0x2f, 0xc6, 0x41, 0xd8, 0xb9, 0xd8, 0x0c, 0xa2, 0x78, 0x1a, 0x6c, 0x76, 0x74, 0xd4, 0x8e, - 0x05, 0x57, 0x1c, 0x3d, 0xa6, 0x52, 0x51, 0xde, 0x36, 0x48, 0x9a, 0x6f, 0xfe, 0xe6, 0x80, 0xf7, - 0x86, 0x8b, 0xb3, 0x88, 0x07, 0x93, 0x21, 0x89, 0x48, 0xa8, 0xb8, 0x40, 0x3d, 0x28, 0x47, 0xc1, - 0x98, 0x44, 0xd2, 0x77, 0x36, 0xdc, 0x56, 0x6d, 0x6b, 0xb3, 0xbd, 0x84, 0xda, 0x5e, 0xa4, 0xb5, - 0x0f, 0x0c, 0xa7, 0xcb, 0x94, 0xb8, 0xc2, 0x49, 0x83, 0xfa, 0x57, 0x50, 0x9b, 0x83, 0x91, 0x07, - 0xee, 0x19, 0xb9, 0xf2, 0x9d, 0x0d, 0xa7, 0x55, 0xc5, 0x7a, 0x89, 0xde, 0x83, 0xd2, 0x45, 0x10, - 0xcd, 0x88, 0x5f, 0x30, 0x98, 0x0d, 0xbe, 0x2e, 0x6c, 0x3b, 0xcd, 0x3f, 0x1c, 0x78, 0xfc, 0x6a, - 0xa6, 0xa6, 0x5c, 0xd0, 0x9f, 0x03, 0x45, 0x39, 0x3b, 0xe2, 0x11, 0x0d, 0xaf, 0x10, 0x86, 0xf5, - 0xcb, 0x64, 0xf4, 0x48, 0x26, 0xb3, 0x4d, 0xc7, 0xda, 0xd6, 0xb3, 0x7b, 0x09, 0xc5, 0xde, 0xe5, - 0xe2, 0x8e, 0x5f, 0x42, 0x29, 0x88, 0x22, 0x7e, 0xe9, 0x17, 0xcc, 0x86, 0x3f, 0x5b, 0xda, 0x67, - 0x48, 0xc4, 0x05, 0x0d, 0x09, 0xe6, 0x11, 0xd9, 0xa1, 0x6c, 0x42, 0xd9, 0x29, 0xb6, 0xac, 0xe6, - 0x1e, 0xd4, 0xe6, 0x92, 0xe8, 0x4b, 0x28, 0x89, 0x59, 0x44, 0xd2, 0xe3, 0x7b, 0xba, 0xb4, 0xdb, - 0xab, 0x30, 0x24, 0x52, 0xe2, 0x59, 0x44, 0xb0, 0xad, 0x6e, 0xfe, 0xe2, 0x02, 0xe4, 0x28, 0xaa, - 0xc3, 0x8a, 0xb4, 0x4d, 0x6d, 0xa3, 0x2a, 0xce, 0x62, 0x7d, 0x6a, 0x71, 0xa0, 0xa6, 0xd2, 0xe8, - 0xad, 0x62, 0x1b, 0x20, 0x1f, 0x2a, 0xe7, 0x44, 0x4d, 0xf9, 0x44, 0xfa, 0xae, 0xc1, 0xd3, 0x10, - 0x1d, 0x40, 0x2d, 0xe4, 0x4c, 0x2a, 0x11, 0x50, 0xa6, 0xa4, 0x5f, 0x34, 0xba, 0x9e, 0xbf, 0x45, - 0x57, 0x7b, 0x37, 0xa3, 0xe0, 0x79, 0xba, 0x9e, 0x3e, 0xe5, 0x52, 0x49, 0xbf, 0x64, 0xa7, 0x9b, - 0x00, 0x7d, 0x08, 0x55, 0xc6, 0xd5, 0xc8, 0x66, 0xca, 0x56, 0x30, 0xe3, 0xea, 0xf5, 0x7c, 0xd2, - 0x8a, 0xae, 0x64, 0xc9, 0x23, 0xa3, 0xfb, 0x29, 0xd4, 0x74, 0x32, 0xd5, 0xbe, 0x62, 0xd2, 0xc0, - 0xb8, 0x3a, 0x4c, 0xe4, 0xeb, 0xed, 0x72, 0xa1, 0xa4, 0x5f, 0xdd, 0x70, 0x5b, 0x25, 0x6c, 0x83, - 0xac, 0xa7, 0xc9, 0x80, 0xc9, 0x98, 0x9e, 0x3a, 0xae, 0xbf, 0x00, 0xc8, 0xe5, 0x2f, 0xf1, 0xdd, - 0x13, 0x28, 0x1b, 0xab, 0xa5, 0x47, 0x98, 0x44, 0xcd, 0xbf, 0x1c, 0x40, 0xb7, 0x2f, 0x1a, 0x6d, - 0xc3, 0x8a, 0x9c, 0x8d, 0x7f, 0x24, 0xa1, 0x4a, 0x6f, 0xf5, 0xa3, 0xe5, 0x1e, 0xb1, 0x45, 0x38, - 0xab, 0x46, 0x2f, 0xa0, 0x22, 0x78, 0x44, 0x30, 0x39, 0x31, 0x16, 0xff, 0x3f, 0x22, 0xb6, 0x35, - 0x38, 0x2d, 0x46, 0xdb, 0x50, 0x3c, 0xe7, 0x13, 0xe2, 0xbb, 0x1b, 0x4e, 0x6b, 0x75, 0xeb, 0x93, - 0xa5, 0xa4, 0x2e, 0x3b, 0xe1, 0x22, 0x24, 0xe7, 0x84, 0xa9, 0x43, 0x3e, 0x21, 0xd8, 0x30, 0x9a, - 0x7f, 0xba, 0x50, 0x49, 0x74, 0x20, 0x04, 0xc5, 0x99, 0x24, 0x22, 0xd9, 0xb9, 0x59, 0x23, 0x1f, - 0x4a, 0xa7, 0x82, 0xcf, 0x62, 0xfb, 0xe4, 0x76, 0x0a, 0xbe, 0x83, 0x2d, 0x80, 0x0e, 0x00, 0x62, - 0xc1, 0x63, 0x22, 0x14, 0x25, 0xd6, 0x43, 0xb5, 0xad, 0xcf, 0xef, 0xda, 0x67, 0xfb, 0x28, 0x2b, - 0xb7, 0xef, 0x7e, 0x8e, 0x8f, 0x1a, 0xba, 0x1b, 0x65, 0x21, 0x8d, 0x83, 0xc8, 0x7a, 0xae, 0x8a, - 0xe7, 0x10, 0xf4, 0x0c, 0x56, 0xcd, 0xfd, 0xe5, 0x35, 0xd6, 0x4f, 0xef, 0xea, 0x4b, 0xcc, 0xcb, - 0x9e, 0x40, 0xd9, 0xa8, 0x4b, 0x4d, 0x95, 0x44, 0xe8, 0x63, 0xd0, 0x16, 0x19, 0x25, 0x39, 0xeb, - 0x29, 0x6d, 0x88, 0x6f, 0x6c, 0xba, 0x01, 0xc0, 0x82, 0x73, 0x22, 0xe3, 0x40, 0x3f, 0xa0, 0xd4, - 0x53, 0x19, 0x92, 0x4e, 0x9f, 0xab, 0xa9, 0x66, 0xd3, 0xfb, 0x79, 0x99, 0x07, 0x2e, 0x8d, 0xad, - 0xbd, 0xaa, 0x58, 0x2f, 0xd1, 0x07, 0x50, 0xd1, 0x44, 0x8d, 0xd6, 0xac, 0x20, 0xc6, 0x55, 0x2f, - 0x96, 0xf5, 0x97, 0xb0, 0xb6, 0x70, 0x1c, 0x0f, 0xfa, 0xbd, 0xdb, 0x84, 0x4a, 0x62, 0x02, 0x7d, - 0x6b, 0x67, 0x94, 0x4d, 0xd2, 0x5b, 0xd3, 0x6b, 0x8d, 0x69, 0xad, 0x09, 0xcf, 0xac, 0x9b, 0xbf, - 0x16, 0x01, 0xf0, 0x38, 0x08, 0x77, 0x39, 0x3b, 0xa1, 0xa7, 0x99, 0x65, 0x9c, 0x3b, 0x2c, 0x93, - 0x97, 0xb7, 0x73, 0xcb, 0xa0, 0x3d, 0xa8, 0x52, 0x16, 0x46, 0x33, 0x49, 0x39, 0x4b, 0x6c, 0xfa, - 0xe9, 0xdb, 0xe8, 0xc7, 0x81, 0x38, 0x25, 0x0a, 0xe7, 0x44, 0xdd, 0x85, 0xfc, 0x94, 0x76, 0x71, - 0x1f, 0xd6, 0x25, 0x23, 0xa2, 0x01, 0x78, 0x24, 0xf7, 0xf5, 0xc8, 0xec, 0xa8, 0xf8, 0x80, 0x47, - 0xb0, 0x46, 0x6e, 0x02, 0xf5, 0xdf, 0x1d, 0x28, 0xdb, 0x31, 0x77, 0xfe, 0xa6, 0xde, 0x34, 0x4c, - 0xe1, 0x96, 0x61, 0x8e, 0x01, 0xdd, 0xfa, 0xee, 0xa4, 0x8f, 0xe4, 0x9e, 0x1f, 0x9e, 0xf5, 0xc5, - 0x0f, 0x8f, 0x6c, 0x76, 0xa1, 0xa8, 0x45, 0xa2, 0x0a, 0xb8, 0x83, 0xfd, 0x7d, 0xef, 0x11, 0x2a, - 0x43, 0x61, 0xd0, 0xf7, 0x1c, 0xf4, 0x3e, 0xac, 0x0f, 0xfa, 0xa3, 0x37, 0xbd, 0xe3, 0xd7, 0xa3, - 0x5e, 0x7f, 0xf7, 0xe0, 0xdb, 0x61, 0x6f, 0xd0, 0xf7, 0x0a, 0xf3, 0x70, 0xf7, 0xfb, 0x14, 0x76, - 0x9f, 0x77, 0x60, 0x6d, 0xe1, 0x1c, 0xd0, 0x3b, 0xb0, 0xd2, 0xed, 0xef, 0x0f, 0xf0, 0x6e, 0x77, - 0xcf, 0x7b, 0x84, 0x56, 0x01, 0x8e, 0xba, 0xf8, 0xb0, 0x37, 0x1c, 0xf6, 0xbe, 0xeb, 0x7a, 0xce, - 0x4e, 0xeb, 0xef, 0xeb, 0x86, 0xf3, 0xcf, 0x75, 0xc3, 0xf9, 0xf7, 0xba, 0xe1, 0xfc, 0x50, 0xb7, - 0xf2, 0x29, 0xef, 0x04, 0x31, 0xed, 0xdc, 0xf8, 0x0b, 0x31, 0x2e, 0x9b, 0xbf, 0x0f, 0x5f, 0xfc, - 0x17, 0x00, 0x00, 0xff, 0xff, 0x6e, 0x5d, 0x8c, 0xf1, 0x5a, 0x08, 0x00, 0x00, + // 902 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x56, 0x4f, 0x6f, 0x23, 0x35, + 0x14, 0xdf, 0xc9, 0xe4, 0x4f, 0xe7, 0x05, 0xda, 0xa9, 0x17, 0x96, 0x51, 0x80, 0x6e, 0x15, 0xb1, + 0x10, 0xad, 0x50, 0xa2, 0x16, 0xb1, 0x2a, 0x48, 0x7b, 0xd8, 0xb6, 0x29, 0x1b, 0xa9, 0x4d, 0x2a, + 0xa7, 0xb0, 0x88, 0x4b, 0x34, 0x99, 0xb8, 0x8d, 0xe9, 0xc4, 0x1e, 0xd9, 0x4e, 0x4b, 0x39, 0x72, + 0xe1, 0x2b, 0x20, 0x4e, 0x1c, 0xf9, 0x18, 0x1c, 0x39, 0xf2, 0x11, 0x50, 0x3f, 0x09, 0xb2, 0x3d, + 0x33, 0x49, 0xd3, 0xd0, 0x6d, 0x6f, 0x7e, 0x7f, 0x7e, 0xef, 0xfd, 0x9e, 0xdf, 0xcf, 0x99, 0x40, + 0x20, 0x86, 0x61, 0xd4, 0xba, 0xd8, 0x0a, 0xe3, 0x64, 0x1c, 0x6e, 0xb5, 0xb4, 0xd5, 0x4c, 0x04, + 0x57, 0x1c, 0x3d, 0xa6, 0x52, 0x51, 0xde, 0x34, 0x9e, 0x2c, 0x5e, 0xff, 0xcd, 0x01, 0xff, 0x0d, + 0x17, 0xe7, 0x31, 0x0f, 0x47, 0x7d, 0x12, 0x93, 0x48, 0x71, 0x81, 0x3a, 0x50, 0x8e, 0xc3, 0x21, + 0x89, 0x65, 0xe0, 0x6c, 0xba, 0x8d, 0xea, 0xf6, 0x56, 0x73, 0x09, 0xb4, 0xb9, 0x08, 0x6b, 0x1e, + 0x1a, 0x4c, 0x9b, 0x29, 0x71, 0x85, 0xd3, 0x02, 0xb5, 0xaf, 0xa0, 0x3a, 0xe7, 0x46, 0x3e, 0xb8, + 0xe7, 0xe4, 0x2a, 0x70, 0x36, 0x9d, 0x86, 0x87, 0xf5, 0x11, 0xbd, 0x07, 0xa5, 0x8b, 0x30, 0x9e, + 0x92, 0xa0, 0x60, 0x7c, 0xd6, 0xf8, 0xba, 0xb0, 0xe3, 0xd4, 0xff, 0x74, 0xe0, 0xf1, 0xab, 0xa9, + 0x1a, 0x73, 0x41, 0x7f, 0x0e, 0x15, 0xe5, 0xec, 0x98, 0xc7, 0x34, 0xba, 0x42, 0x18, 0xd6, 0x2f, + 0xd3, 0xd6, 0x03, 0x99, 0xf6, 0x36, 0x15, 0xab, 0xdb, 0xcf, 0xee, 0x45, 0x14, 0xfb, 0x97, 0x8b, + 0x13, 0xbf, 0x84, 0x52, 0x18, 0xc7, 0xfc, 0x32, 0x28, 0x98, 0x81, 0x3f, 0x5b, 0x5a, 0xa7, 0x4f, + 0xc4, 0x05, 0x8d, 0x08, 0xe6, 0x31, 0xd9, 0xa5, 0x6c, 0x44, 0xd9, 0x19, 0xb6, 0xa8, 0xfa, 0x3e, + 0x54, 0xe7, 0x82, 0xe8, 0x4b, 0x28, 0x89, 0x69, 0x4c, 0xb2, 0xeb, 0x7b, 0xba, 0xb4, 0xda, 0xab, + 0x28, 0x22, 0x52, 0xe2, 0x69, 0x4c, 0xb0, 0xcd, 0xae, 0xff, 0xe2, 0x02, 0xcc, 0xbc, 0xa8, 0x06, + 0x2b, 0xd2, 0x16, 0xb5, 0x85, 0x3c, 0x9c, 0xdb, 0xfa, 0xd6, 0x92, 0x50, 0x8d, 0xa5, 0xe1, 0xeb, + 0x61, 0x6b, 0xa0, 0x00, 0x2a, 0x13, 0xa2, 0xc6, 0x7c, 0x24, 0x03, 0xd7, 0xf8, 0x33, 0x13, 0x1d, + 0x42, 0x35, 0xe2, 0x4c, 0x2a, 0x11, 0x52, 0xa6, 0x64, 0x50, 0x34, 0xbc, 0x9e, 0xbf, 0x85, 0x57, + 0x73, 0x2f, 0x87, 0xe0, 0x79, 0xb8, 0xee, 0x3e, 0xe6, 0x52, 0xc9, 0xa0, 0x64, 0xbb, 0x1b, 0x03, + 0x7d, 0x08, 0x1e, 0xe3, 0x6a, 0x60, 0x23, 0x65, 0x4b, 0x98, 0x71, 0xf5, 0x7a, 0x3e, 0x68, 0x49, + 0x57, 0xf2, 0xe0, 0xb1, 0xe1, 0xfd, 0x14, 0xaa, 0x3a, 0x98, 0x71, 0x5f, 0x31, 0x61, 0x60, 0x5c, + 0x1d, 0xa5, 0xf4, 0xf5, 0xb8, 0x5c, 0x28, 0x19, 0x78, 0x9b, 0x6e, 0xa3, 0x84, 0xad, 0x91, 0xd7, + 0x34, 0x11, 0x30, 0x11, 0x53, 0x53, 0xdb, 0xb5, 0x17, 0x00, 0x33, 0xfa, 0x4b, 0x74, 0xf7, 0x04, + 0xca, 0x46, 0x6a, 0xd9, 0x15, 0xa6, 0x56, 0xfd, 0x2f, 0x07, 0xd0, 0xed, 0x45, 0xa3, 0x1d, 0x58, + 0x91, 0xd3, 0xe1, 0x8f, 0x24, 0x52, 0xd9, 0x56, 0x3f, 0x5a, 0xae, 0x11, 0x9b, 0x84, 0xf3, 0x6c, + 0xf4, 0x02, 0x2a, 0x82, 0xc7, 0x04, 0x93, 0x53, 0x23, 0xf1, 0xff, 0x03, 0x62, 0x9b, 0x83, 0xb3, + 0x64, 0xb4, 0x03, 0xc5, 0x09, 0x1f, 0x91, 0xc0, 0xdd, 0x74, 0x1a, 0xab, 0xdb, 0x9f, 0x2c, 0x05, + 0xb5, 0xd9, 0x29, 0x17, 0x11, 0x99, 0x10, 0xa6, 0x8e, 0xf8, 0x88, 0x60, 0x83, 0xa8, 0xff, 0xe1, + 0x42, 0x25, 0xe5, 0x81, 0x10, 0x14, 0xa7, 0x92, 0x88, 0x74, 0x72, 0x73, 0x46, 0x01, 0x94, 0xce, + 0x04, 0x9f, 0x26, 0xf6, 0xc9, 0xed, 0x16, 0x02, 0x07, 0x5b, 0x07, 0x3a, 0x04, 0x48, 0x04, 0x4f, + 0x88, 0x50, 0x94, 0x58, 0x0d, 0x55, 0xb7, 0x3f, 0xbf, 0x6b, 0xce, 0xe6, 0x71, 0x9e, 0x6e, 0xdf, + 0xfd, 0x1c, 0x5e, 0x6f, 0x8d, 0x85, 0x13, 0x62, 0xe5, 0xe6, 0x61, 0x6b, 0x64, 0x5b, 0xb3, 0x91, + 0x52, 0xae, 0x84, 0xae, 0x09, 0x3e, 0x81, 0xb2, 0x61, 0x92, 0x09, 0x28, 0xb5, 0xd0, 0xc7, 0xa0, + 0xe5, 0x30, 0x48, 0x63, 0x56, 0x3f, 0xba, 0xcc, 0x37, 0x36, 0xbc, 0x01, 0x60, 0xea, 0x25, 0xa1, + 0x7e, 0x2c, 0x99, 0x7e, 0x72, 0x0f, 0x7a, 0x06, 0xab, 0x79, 0x4f, 0x9b, 0xe3, 0x99, 0x9c, 0x77, + 0xb3, 0xc6, 0x36, 0xcd, 0x07, 0x97, 0x26, 0x56, 0x4a, 0x1e, 0xd6, 0x47, 0xf4, 0x01, 0x54, 0x34, + 0x50, 0x7b, 0xab, 0x96, 0x10, 0xe3, 0xaa, 0x93, 0xc8, 0xda, 0x4b, 0x58, 0x5b, 0x18, 0xfd, 0x41, + 0xbf, 0x6d, 0x5b, 0x50, 0x49, 0x17, 0xae, 0x37, 0x74, 0x4e, 0xd9, 0x28, 0xdb, 0x90, 0x3e, 0x6b, + 0x9f, 0xe6, 0x9a, 0xe2, 0xcc, 0xb9, 0xfe, 0x6b, 0x11, 0x00, 0x0f, 0xc3, 0x68, 0x8f, 0xb3, 0x53, + 0x7a, 0x96, 0xcb, 0xc3, 0xb9, 0x43, 0x1e, 0xb3, 0xf4, 0xe6, 0x4c, 0x1e, 0x68, 0x1f, 0x3c, 0xca, + 0xa2, 0x78, 0x2a, 0x29, 0x67, 0xa9, 0x24, 0x3f, 0x7d, 0x1b, 0xfc, 0x24, 0x14, 0x67, 0x44, 0xe1, + 0x19, 0x50, 0x57, 0x21, 0x3f, 0x65, 0x55, 0xdc, 0x87, 0x55, 0xc9, 0x81, 0xa8, 0x07, 0x3e, 0x99, + 0x69, 0x78, 0x60, 0x26, 0x2a, 0x3e, 0x40, 0xf0, 0x6b, 0xe4, 0xa6, 0xa3, 0xf6, 0xbb, 0x03, 0x65, + 0xdb, 0xe6, 0xce, 0xdf, 0xcf, 0x9b, 0x82, 0x29, 0xdc, 0x12, 0xcc, 0x09, 0xa0, 0x5b, 0xdf, 0x98, + 0xec, 0x41, 0xdc, 0xf3, 0x23, 0xb3, 0xbe, 0xf8, 0x91, 0x91, 0xf5, 0x36, 0x14, 0x35, 0x49, 0x54, + 0x01, 0xb7, 0x77, 0x70, 0xe0, 0x3f, 0x42, 0x65, 0x28, 0xf4, 0xba, 0xbe, 0x83, 0xde, 0x87, 0xf5, + 0x5e, 0x77, 0xf0, 0xa6, 0x73, 0xf2, 0x7a, 0xd0, 0xe9, 0xee, 0x1d, 0x7e, 0xdb, 0xef, 0xf4, 0xba, + 0x7e, 0x61, 0xde, 0xdd, 0xfe, 0x3e, 0x73, 0xbb, 0xcf, 0x5b, 0xb0, 0xb6, 0x70, 0x0f, 0xe8, 0x1d, + 0x58, 0x69, 0x77, 0x0f, 0x7a, 0x78, 0xaf, 0xbd, 0xef, 0x3f, 0x42, 0xab, 0x00, 0xc7, 0x6d, 0x7c, + 0xd4, 0xe9, 0xf7, 0x3b, 0xdf, 0xb5, 0x7d, 0x67, 0xb7, 0xf1, 0xf7, 0xf5, 0x86, 0xf3, 0xcf, 0xf5, + 0x86, 0xf3, 0xef, 0xf5, 0x86, 0xf3, 0x43, 0xcd, 0xd2, 0xa7, 0xbc, 0x15, 0x26, 0xb4, 0x75, 0xe3, + 0xef, 0xc2, 0xb0, 0x6c, 0xfe, 0x2a, 0x7c, 0xf1, 0x5f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xd5, 0x1c, + 0xa3, 0xc1, 0x46, 0x08, 0x00, 0x00, } diff --git a/rbac/v1alpha1/rbac.proto b/rbac/v1alpha1/rbac.proto index 69c080cd5d..85ea2a666f 100644 --- a/rbac/v1alpha1/rbac.proto +++ b/rbac/v1alpha1/rbac.proto @@ -235,13 +235,14 @@ message Subject { string user = 1; // $hide_from_docs - // Optional. A list of principals that the subject represents. This is matched to the - // `source.principal` attribute. If not specified, it applies to any principals. - repeated string principals = 4; + // Optional. A list of subject names. This is matched to the + // `source.principal` attribute. If one of subject names is "*", it matches to a subject with any name. + // Prefix and suffix matches are supported. + repeated string names = 4; // $hide_from_docs - // Optional. A list of principals that must not be matched. - repeated string not_principals = 5; + // Optional. A list of subject names that must not be matched. + repeated string not_names = 5; // $hide_from_docs // Optional. The group that the subject belongs to. From 92b7ddc0f30b3aab6a5e82a861e54bf55fe249bd Mon Sep 17 00:00:00 2001 From: Martin Taillefer Date: Mon, 11 Feb 2019 16:51:25 -0800 Subject: [PATCH 12/15] Doc fix to have the mesh config show up on istio.io. (#794) --- mesh/v1alpha1/config.pb.go | 2 ++ mesh/v1alpha1/config.proto | 3 +-- mesh/v1alpha1/istio.mesh.v1alpha1.pb.html | 8 +++++--- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/mesh/v1alpha1/config.pb.go b/mesh/v1alpha1/config.pb.go index b5116ae9d1..871d88fce2 100644 --- a/mesh/v1alpha1/config.pb.go +++ b/mesh/v1alpha1/config.pb.go @@ -4,6 +4,8 @@ /* Package v1alpha1 is a generated protocol buffer package. + Configuration affecting the service mesh as a whole. + It is generated from these files: mesh/v1alpha1/config.proto mesh/v1alpha1/network.proto diff --git a/mesh/v1alpha1/config.proto b/mesh/v1alpha1/config.proto index d3154a03bd..8bc13a91a0 100644 --- a/mesh/v1alpha1/config.proto +++ b/mesh/v1alpha1/config.proto @@ -21,9 +21,8 @@ import "networking/v1alpha3/destination_rule.proto"; // $title: Service Mesh // $description: Configuration affecting the service mesh as a whole. // $location: https://istio.io/docs/reference/config/istio.mesh.v1alpha1.html -// $aliases: -// $ - /docs/reference/config/service-mesh.html +// Configuration affecting the service mesh as a whole. package istio.mesh.v1alpha1; option go_package="istio.io/api/mesh/v1alpha1"; diff --git a/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html b/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html index 5b63b96c6e..da9c8d856c 100644 --- a/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html +++ b/mesh/v1alpha1/istio.mesh.v1alpha1.pb.html @@ -1,11 +1,13 @@ --- -title: istio.mesh.v1alpha1 +title: Service Mesh +description: Configuration affecting the service mesh as a whole. +location: https://istio.io/docs/reference/config/istio.mesh.v1alpha1.html layout: protoc-gen-docs generator: protoc-gen-docs -aliases: - - /docs/reference/config/service-mesh.html number_of_entries: 19 --- +

Configuration affecting the service mesh as a whole.

+

AuthenticationPolicy

AuthenticationPolicy defines authentication policy. It can be set for From d817a1a3e29a0687920589181aec48b5a39daabb Mon Sep 17 00:00:00 2001 From: John Howard Date: Wed, 13 Feb 2019 10:43:21 -0800 Subject: [PATCH 13/15] Fix typos in sidecar.proto (1.1) (#796) --- networking/v1alpha3/istio.networking.v1alpha3.pb.html | 4 ++-- networking/v1alpha3/sidecar.pb.go | 4 ++-- networking/v1alpha3/sidecar.proto | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/networking/v1alpha3/istio.networking.v1alpha3.pb.html b/networking/v1alpha3/istio.networking.v1alpha3.pb.html index 8fb3574c83..8720593094 100644 --- a/networking/v1alpha3/istio.networking.v1alpha3.pb.html +++ b/networking/v1alpha3/istio.networking.v1alpha3.pb.html @@ -3728,7 +3728,7 @@

Sidecar

behavior of the system is undefined if two or more Sidecar resources with a workload selector select the same workload.

-

The example below delcares a Sidecar resource in the prod-us1 namespace +

The example below declares a Sidecar resource in the prod-us1 namespace that configures the sidecars in the namespace to allow egress traffic to public services in the prod-us1, prod-apis, and the istio-system namespaces.

@@ -3746,7 +3746,7 @@

Sidecar

- "istio-system/*" -

The example below delcares a Sidecar resource in the prod-us1 namespace +

The example below declares a Sidecar resource in the prod-us1 namespace that accepts inbound HTTP traffic on port 9080 and forwards it to the attached workload listening on a unix domain socket. In the egress direction, in addition to the istio-system namespace, the sidecar diff --git a/networking/v1alpha3/sidecar.pb.go b/networking/v1alpha3/sidecar.pb.go index 261089983c..81feff98ba 100644 --- a/networking/v1alpha3/sidecar.pb.go +++ b/networking/v1alpha3/sidecar.pb.go @@ -74,7 +74,7 @@ func (CaptureMode) EnumDescriptor() ([]byte, []int) { return fileDescriptorSidec // behavior of the system is undefined if two or more Sidecar resources // with a workload selector select the same workload. // -// The example below delcares a Sidecar resource in the prod-us1 namespace +// The example below declares a Sidecar resource in the prod-us1 namespace // that configures the sidecars in the namespace to allow egress traffic to // public services in the prod-us1, prod-apis, and the istio-system // namespaces. @@ -93,7 +93,7 @@ func (CaptureMode) EnumDescriptor() ([]byte, []int) { return fileDescriptorSidec // - "istio-system/*" // ``` // -// The example below delcares a Sidecar resource in the prod-us1 namespace +// The example below declares a Sidecar resource in the prod-us1 namespace // that accepts inbound HTTP traffic on port 9080 and forwards // it to the attached workload listening on a unix domain socket. In the // egress direction, in addition to the istio-system namespace, the sidecar diff --git a/networking/v1alpha3/sidecar.proto b/networking/v1alpha3/sidecar.proto index efd9d80863..d2e2776513 100644 --- a/networking/v1alpha3/sidecar.proto +++ b/networking/v1alpha3/sidecar.proto @@ -47,7 +47,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // behavior of the system is undefined if two or more Sidecar resources // with a workload selector select the same workload. // -// The example below delcares a Sidecar resource in the prod-us1 namespace +// The example below declares a Sidecar resource in the prod-us1 namespace // that configures the sidecars in the namespace to allow egress traffic to // public services in the prod-us1, prod-apis, and the istio-system // namespaces. @@ -66,7 +66,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // - "istio-system/*" // ``` // -// The example below delcares a Sidecar resource in the prod-us1 namespace +// The example below declares a Sidecar resource in the prod-us1 namespace // that accepts inbound HTTP traffic on port 9080 and forwards // it to the attached workload listening on a unix domain socket. In the // egress direction, in addition to the istio-system namespace, the sidecar From 5945a02236f53ad860d518772f730594709b1234 Mon Sep 17 00:00:00 2001 From: Pengyuan Bian Date: Fri, 15 Feb 2019 07:47:28 -0800 Subject: [PATCH 14/15] add server_name to mixer remote handler tls / mtls (#789) * add server_name to mixer remote handler tls / mtls * proto.lock --- policy/v1beta1/cfg.pb.go | 303 +++++++++++++------- policy/v1beta1/cfg.proto | 8 + policy/v1beta1/istio.policy.v1beta1.pb.html | 18 ++ proto.lock | 10 + python/istio_api/policy/v1beta1/cfg_pb2.py | 34 ++- 5 files changed, 266 insertions(+), 107 deletions(-) diff --git a/policy/v1beta1/cfg.pb.go b/policy/v1beta1/cfg.pb.go index e4ff2d1b4e..9cdb2f4a43 100644 --- a/policy/v1beta1/cfg.pb.go +++ b/policy/v1beta1/cfg.pb.go @@ -982,6 +982,9 @@ type Tls struct { // *Tls_AuthHeader_ // *Tls_CustomHeader TokenType isTls_TokenType `protobuf_oneof:"token_type"` + // Indicates the name of adapter backend which is useful for routing with + // proxy-fronted backend. + ServerName string `protobuf:"bytes,6,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"` } func (m *Tls) Reset() { *m = Tls{} } @@ -1067,6 +1070,13 @@ func (m *Tls) GetCustomHeader() string { return "" } +func (m *Tls) GetServerName() string { + if m != nil { + return m.ServerName + } + return "" +} + // XXX_OneofFuncs is for the internal use of the proto package. func (*Tls) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) { return _Tls_OneofMarshaler, _Tls_OneofUnmarshaler, _Tls_OneofSizer, []interface{}{ @@ -1245,6 +1255,9 @@ type Mutual struct { // verify the presented adapter certificates. By default mixer should already // include Istio CA certificates and system certificates in cert pool. CaCertificates string `protobuf:"bytes,3,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` + // Indicates the name of adapter backend server which is useful for routing with + // proxy-fronted backend. + ServerName string `protobuf:"bytes,4,opt,name=server_name,json=serverName,proto3" json:"server_name,omitempty"` } func (m *Mutual) Reset() { *m = Mutual{} } @@ -1272,6 +1285,13 @@ func (m *Mutual) GetCaCertificates() string { return "" } +func (m *Mutual) GetServerName() string { + if m != nil { + return m.ServerName + } + return "" +} + func init() { proto.RegisterType((*AttributeManifest)(nil), "istio.policy.v1beta1.AttributeManifest") proto.RegisterType((*AttributeManifest_AttributeInfo)(nil), "istio.policy.v1beta1.AttributeManifest.AttributeInfo") @@ -1842,6 +1862,9 @@ func (this *Tls) Equal(that interface{}) bool { } else if !this.TokenType.Equal(that1.TokenType) { return false } + if this.ServerName != that1.ServerName { + return false + } return true } func (this *Tls_TokenPath) Equal(that interface{}) bool { @@ -2014,6 +2037,9 @@ func (this *Mutual) Equal(that interface{}) bool { if this.CaCertificates != that1.CaCertificates { return false } + if this.ServerName != that1.ServerName { + return false + } return true } func (this *AttributeManifest) GoString() string { @@ -2241,7 +2267,7 @@ func (this *Tls) GoString() string { if this == nil { return "nil" } - s := make([]string, 0, 9) + s := make([]string, 0, 10) s = append(s, "&v1beta1.Tls{") s = append(s, "CaCertificates: "+fmt.Sprintf("%#v", this.CaCertificates)+",\n") if this.TokenSource != nil { @@ -2250,6 +2276,7 @@ func (this *Tls) GoString() string { if this.TokenType != nil { s = append(s, "TokenType: "+fmt.Sprintf("%#v", this.TokenType)+",\n") } + s = append(s, "ServerName: "+fmt.Sprintf("%#v", this.ServerName)+",\n") s = append(s, "}") return strings.Join(s, "") } @@ -2315,11 +2342,12 @@ func (this *Mutual) GoString() string { if this == nil { return "nil" } - s := make([]string, 0, 7) + s := make([]string, 0, 8) s = append(s, "&v1beta1.Mutual{") s = append(s, "PrivateKey: "+fmt.Sprintf("%#v", this.PrivateKey)+",\n") s = append(s, "ClientCertificate: "+fmt.Sprintf("%#v", this.ClientCertificate)+",\n") s = append(s, "CaCertificates: "+fmt.Sprintf("%#v", this.CaCertificates)+",\n") + s = append(s, "ServerName: "+fmt.Sprintf("%#v", this.ServerName)+",\n") s = append(s, "}") return strings.Join(s, "") } @@ -2990,6 +3018,12 @@ func (m *Tls) MarshalTo(dAtA []byte) (int, error) { } i += nn16 } + if len(m.ServerName) > 0 { + dAtA[i] = 0x32 + i++ + i = encodeVarintCfg(dAtA, i, uint64(len(m.ServerName))) + i += copy(dAtA[i:], m.ServerName) + } return i, nil } @@ -3131,6 +3165,12 @@ func (m *Mutual) MarshalTo(dAtA []byte) (int, error) { i = encodeVarintCfg(dAtA, i, uint64(len(m.CaCertificates))) i += copy(dAtA[i:], m.CaCertificates) } + if len(m.ServerName) > 0 { + dAtA[i] = 0x22 + i++ + i = encodeVarintCfg(dAtA, i, uint64(len(m.ServerName))) + i += copy(dAtA[i:], m.ServerName) + } return i, nil } @@ -3425,6 +3465,10 @@ func (m *Tls) Size() (n int) { if m.TokenType != nil { n += m.TokenType.Size() } + l = len(m.ServerName) + if l > 0 { + n += 1 + l + sovCfg(uint64(l)) + } return n } @@ -3504,6 +3548,10 @@ func (m *Mutual) Size() (n int) { if l > 0 { n += 1 + l + sovCfg(uint64(l)) } + l = len(m.ServerName) + if l > 0 { + n += 1 + l + sovCfg(uint64(l)) + } return n } @@ -3725,6 +3773,7 @@ func (this *Tls) String() string { `CaCertificates:` + fmt.Sprintf("%v", this.CaCertificates) + `,`, `TokenSource:` + fmt.Sprintf("%v", this.TokenSource) + `,`, `TokenType:` + fmt.Sprintf("%v", this.TokenType) + `,`, + `ServerName:` + fmt.Sprintf("%v", this.ServerName) + `,`, `}`, }, "") return s @@ -3801,6 +3850,7 @@ func (this *Mutual) String() string { `PrivateKey:` + fmt.Sprintf("%v", this.PrivateKey) + `,`, `ClientCertificate:` + fmt.Sprintf("%v", this.ClientCertificate) + `,`, `CaCertificates:` + fmt.Sprintf("%v", this.CaCertificates) + `,`, + `ServerName:` + fmt.Sprintf("%v", this.ServerName) + `,`, `}`, }, "") return s @@ -5983,6 +6033,35 @@ func (m *Tls) Unmarshal(dAtA []byte) error { } m.TokenType = &Tls_CustomHeader{string(dAtA[iNdEx:postIndex])} iNdEx = postIndex + case 6: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCfg + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCfg + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ServerName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipCfg(dAtA[iNdEx:]) @@ -6404,6 +6483,35 @@ func (m *Mutual) Unmarshal(dAtA []byte) error { } m.CaCertificates = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex + case 4: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ServerName", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowCfg + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthCfg + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ServerName = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipCfg(dAtA[iNdEx:]) @@ -6533,99 +6641,100 @@ var ( func init() { proto.RegisterFile("policy/v1beta1/cfg.proto", fileDescriptorCfg) } var fileDescriptorCfg = []byte{ - // 1489 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0xcd, 0x6f, 0x13, 0x47, - 0x1b, 0xf7, 0xc6, 0xb1, 0x13, 0x3f, 0x4e, 0x1c, 0x67, 0xc8, 0x0b, 0xc6, 0x20, 0x27, 0x32, 0xef, - 0x2b, 0x38, 0xbc, 0xd8, 0x10, 0xf4, 0xc2, 0x5b, 0x84, 0xaa, 0x3a, 0xc4, 0xd4, 0x11, 0x21, 0xb1, - 0x26, 0x0e, 0x6d, 0xb9, 0xac, 0x26, 0xbb, 0x93, 0x64, 0xc5, 0x7a, 0x76, 0xd9, 0x9d, 0x8d, 0xc8, - 0xad, 0x95, 0xda, 0x3b, 0xc7, 0x4a, 0xfd, 0x07, 0xda, 0x53, 0x8f, 0xbd, 0xf5, 0x5a, 0x8e, 0x48, - 0x5c, 0x38, 0xb5, 0x25, 0xbd, 0xf4, 0x52, 0x89, 0x43, 0xff, 0x80, 0x6a, 0x3e, 0x76, 0xd7, 0x49, - 0xd6, 0xa8, 0xe9, 0x6d, 0xe7, 0xf9, 0x9a, 0xe7, 0xf7, 0x7c, 0xce, 0x42, 0xcd, 0xf7, 0x5c, 0xc7, - 0x3a, 0x6c, 0x1f, 0xdc, 0xdc, 0xa1, 0x9c, 0xdc, 0x6c, 0x5b, 0xbb, 0x7b, 0x2d, 0x3f, 0xf0, 0xb8, - 0x87, 0x16, 0x9c, 0x90, 0x3b, 0x5e, 0x4b, 0xf1, 0x5b, 0x9a, 0x5f, 0x5f, 0xd8, 0xf3, 0xf6, 0x3c, - 0x29, 0xd0, 0x16, 0x5f, 0x4a, 0xb6, 0x7e, 0x79, 0xcf, 0xf3, 0xf6, 0x5c, 0xda, 0x96, 0xa7, 0x9d, - 0x68, 0xb7, 0x1d, 0xf2, 0x20, 0xb2, 0xb8, 0xe6, 0x36, 0x4e, 0x72, 0xed, 0x28, 0x20, 0xdc, 0xf1, - 0x98, 0xe6, 0x2f, 0x9e, 0xf0, 0xe1, 0x80, 0xb8, 0x11, 0x35, 0xf9, 0xa1, 0x4f, 0x95, 0x40, 0xf3, - 0xab, 0x3c, 0xcc, 0x77, 0x38, 0x0f, 0x9c, 0x9d, 0x88, 0xd3, 0x47, 0x84, 0x39, 0xbb, 0x34, 0xe4, - 0xa8, 0x0e, 0xd3, 0x01, 0x3d, 0x70, 0x42, 0xc7, 0x63, 0x35, 0x63, 0xc9, 0xb8, 0x56, 0xc2, 0xc9, - 0x19, 0x21, 0x98, 0x64, 0x64, 0x48, 0x6b, 0x13, 0x92, 0x2e, 0xbf, 0xd1, 0x27, 0x00, 0x24, 0x36, - 0x12, 0xd6, 0xf2, 0x4b, 0xf9, 0x6b, 0xe5, 0xe5, 0x3b, 0xad, 0x2c, 0x94, 0xad, 0x53, 0x97, 0xa5, - 0x94, 0xb0, 0xcb, 0x78, 0x70, 0x88, 0x47, 0x4c, 0xd5, 0x9f, 0xc1, 0x6c, 0xc2, 0x5e, 0x63, 0xbb, - 0x1e, 0x5a, 0x82, 0xb2, 0x4d, 0x43, 0x2b, 0x70, 0x7c, 0x9e, 0x3a, 0x37, 0x4a, 0x42, 0x1f, 0x02, - 0xa4, 0x28, 0xa5, 0x97, 0x95, 0xe5, 0xc5, 0x6c, 0x5f, 0x1e, 0x0b, 0xb9, 0xc1, 0xa1, 0x4f, 0x71, - 0xe9, 0x20, 0xfe, 0xac, 0x73, 0x98, 0x3b, 0xe1, 0x11, 0xaa, 0x42, 0xfe, 0x29, 0x3d, 0xd4, 0x97, - 0x89, 0x4f, 0xf4, 0x10, 0x0a, 0x52, 0x43, 0xda, 0x2f, 0x2f, 0xff, 0xef, 0xcc, 0x58, 0x05, 0x18, - 0xac, 0x6c, 0xdc, 0x9d, 0xf8, 0xbf, 0xd1, 0x7c, 0x39, 0x09, 0x93, 0x38, 0x72, 0x29, 0x5a, 0x80, - 0xc2, 0x90, 0x70, 0x6b, 0x5f, 0xdf, 0xa6, 0x0e, 0xe8, 0x36, 0x4c, 0x11, 0x4b, 0xc0, 0x0b, 0x6b, - 0x13, 0x32, 0xba, 0x97, 0xc7, 0xdc, 0x28, 0x85, 0x70, 0x2c, 0x8c, 0x18, 0x5c, 0x0c, 0xe8, 0xb3, - 0x88, 0x86, 0xdc, 0xdc, 0xa7, 0xc4, 0xa6, 0x81, 0xe9, 0xf9, 0x54, 0x55, 0x48, 0x9c, 0xa7, 0xe5, - 0x6c, 0x4b, 0xc2, 0x99, 0x56, 0x4f, 0xea, 0x6c, 0xc6, 0x2a, 0x03, 0x3a, 0xf4, 0x5d, 0xc2, 0x29, - 0xbe, 0xa0, 0x8d, 0x9e, 0xe0, 0x87, 0xc8, 0x87, 0x7a, 0x40, 0x43, 0xdf, 0x63, 0x21, 0xcd, 0xb8, - 0x70, 0xf2, 0x1f, 0x5f, 0x58, 0x8b, 0xad, 0x9e, 0xba, 0xf1, 0x2e, 0x4c, 0x87, 0x64, 0xe8, 0xbb, - 0x0e, 0xdb, 0xab, 0x15, 0x64, 0x32, 0x1a, 0xd9, 0xf6, 0xb7, 0xb4, 0x14, 0x4e, 0xe4, 0xeb, 0xaf, - 0x0d, 0xb8, 0x30, 0xe6, 0xc6, 0xa4, 0xcc, 0x8d, 0x91, 0x32, 0x3f, 0x0f, 0x45, 0x99, 0x31, 0x95, - 0x84, 0x12, 0xd6, 0x27, 0xf4, 0x04, 0x4a, 0x09, 0xca, 0x5a, 0x5e, 0x56, 0xdc, 0xbd, 0xb3, 0x83, - 0x6c, 0x25, 0x14, 0x9c, 0x9a, 0x6b, 0xde, 0x80, 0x52, 0x42, 0x47, 0x65, 0x98, 0xc2, 0xdd, 0xfe, - 0x7a, 0xe7, 0x7e, 0xb7, 0x9a, 0x43, 0x00, 0x45, 0xdc, 0x7d, 0xb4, 0xf9, 0xb8, 0x5b, 0x35, 0xc4, - 0x77, 0xa7, 0xdf, 0xef, 0x6e, 0xac, 0x56, 0x27, 0x9a, 0x03, 0x28, 0xaa, 0x32, 0x40, 0x35, 0x98, - 0xda, 0x27, 0xcc, 0x76, 0x69, 0xa0, 0xbb, 0x35, 0x3e, 0xa2, 0xcb, 0x50, 0x72, 0x58, 0xc8, 0x09, - 0xb3, 0x74, 0xbf, 0x96, 0x70, 0x4a, 0x48, 0xb0, 0x4f, 0xa6, 0xd8, 0x9b, 0x3f, 0x4d, 0xc0, 0xf4, - 0x9a, 0x96, 0xc8, 0x0c, 0x4e, 0x1d, 0xa6, 0xb9, 0x46, 0xa2, 0x6f, 0x4b, 0xce, 0xa8, 0x0d, 0x45, - 0x9f, 0x04, 0x64, 0x18, 0xca, 0xe8, 0x94, 0x97, 0x2f, 0xb4, 0xd4, 0xdc, 0x6a, 0xc5, 0x73, 0xab, - 0xb5, 0x25, 0xa7, 0x1a, 0xd6, 0x62, 0xc8, 0x06, 0x94, 0x4c, 0x01, 0x73, 0xc7, 0x61, 0xb6, 0xc3, - 0xf6, 0xe2, 0xfa, 0x19, 0xd3, 0x6c, 0xb1, 0x73, 0x69, 0x8f, 0xad, 0x68, 0x3d, 0x35, 0x56, 0xe6, - 0xc9, 0x49, 0x3a, 0x6a, 0xc1, 0xbc, 0xe5, 0x0d, 0x7d, 0xc7, 0xa5, 0xb6, 0x99, 0xf8, 0xfe, 0xe7, - 0x1f, 0xdf, 0x2d, 0x49, 0xf7, 0xab, 0x31, 0x2f, 0x4e, 0x50, 0x7d, 0x15, 0xce, 0x67, 0x1b, 0xcf, - 0x98, 0x10, 0x0b, 0xa3, 0x13, 0xa2, 0x34, 0xda, 0xea, 0x6f, 0x0c, 0x98, 0xea, 0xe9, 0x3c, 0x64, - 0x05, 0xb2, 0x06, 0x53, 0xc4, 0x26, 0x3e, 0x4f, 0xb3, 0xa6, 0x8f, 0x67, 0x0f, 0xe3, 0x47, 0x00, - 0x96, 0xc7, 0x18, 0x95, 0xe5, 0x20, 0xd3, 0x59, 0x5e, 0x5e, 0xca, 0x0e, 0xdf, 0xfd, 0x44, 0x0e, - 0x8f, 0xe8, 0xa0, 0xff, 0x42, 0x12, 0x06, 0x33, 0xf6, 0x2a, 0x89, 0xd0, 0x5c, 0xcc, 0xea, 0x28, - 0x4e, 0xf3, 0x7b, 0x03, 0x20, 0x35, 0xa4, 0x90, 0xd8, 0x01, 0x0d, 0xc3, 0x14, 0x89, 0x3c, 0xa2, - 0x0f, 0x60, 0x8a, 0x3b, 0x43, 0xea, 0x45, 0x5c, 0x43, 0xb9, 0x78, 0x0a, 0xca, 0xaa, 0xde, 0x64, - 0x2b, 0x93, 0x5f, 0xff, 0xb2, 0x68, 0xe0, 0x58, 0x1e, 0xad, 0x43, 0x85, 0x44, 0x7c, 0x9f, 0x32, - 0xee, 0x58, 0x64, 0x04, 0xd7, 0xbf, 0xc7, 0x4c, 0xc4, 0x63, 0xb2, 0xf8, 0x84, 0x6e, 0xf3, 0x85, - 0x01, 0xd3, 0xf1, 0x64, 0x40, 0xf7, 0xa0, 0x18, 0x10, 0x66, 0x7b, 0x43, 0x99, 0x8f, 0xb1, 0x26, - 0xb1, 0x94, 0x49, 0xe6, 0x89, 0xd6, 0x41, 0x0f, 0x00, 0x02, 0xc2, 0xa9, 0xe9, 0x3a, 0x43, 0x87, - 0xeb, 0xc5, 0x70, 0x75, 0x9c, 0x05, 0x4e, 0xd7, 0x85, 0x58, 0x62, 0xa4, 0x14, 0xc4, 0xa4, 0xe6, - 0x6b, 0x03, 0x2a, 0xc7, 0xaf, 0x40, 0x37, 0x61, 0x21, 0x6d, 0x07, 0xfa, 0xdc, 0x17, 0x31, 0x4c, - 0xd7, 0xdf, 0xb9, 0x84, 0xd7, 0x4d, 0x58, 0xa8, 0x0f, 0x73, 0x3e, 0x0d, 0x2c, 0xca, 0xb8, 0x29, - 0xe7, 0x1d, 0xb5, 0xdf, 0xef, 0xd2, 0x83, 0x40, 0xed, 0x0c, 0xe2, 0xf6, 0x95, 0x1a, 0xae, 0x68, - 0xfd, 0x2d, 0xa5, 0x8e, 0xee, 0x41, 0x3d, 0x0a, 0xa9, 0xe9, 0x30, 0x9b, 0xfa, 0x94, 0xd9, 0xc2, - 0xb2, 0x42, 0xce, 0x44, 0x82, 0x45, 0x1a, 0xa7, 0x71, 0x2d, 0x0a, 0xe9, 0x5a, 0x2a, 0x80, 0x13, - 0x7e, 0xf3, 0x47, 0x03, 0xe6, 0x4f, 0xc1, 0x46, 0x7d, 0x98, 0x8f, 0xa7, 0xb1, 0x19, 0x3f, 0x5d, - 0x74, 0xf0, 0xdf, 0x53, 0x11, 0xd3, 0x2f, 0x7f, 0x5e, 0xcc, 0xc9, 0xaa, 0xa8, 0xc6, 0xda, 0x31, - 0x0f, 0x2d, 0xc3, 0xbf, 0x86, 0xe4, 0xb9, 0x19, 0x31, 0x8d, 0xda, 0xa4, 0x8c, 0x07, 0x0e, 0x55, - 0x15, 0x98, 0xc7, 0xe7, 0x86, 0xe4, 0xf9, 0x76, 0xcc, 0xeb, 0x2a, 0x16, 0xba, 0x02, 0xb3, 0x89, - 0x17, 0x22, 0x0f, 0x12, 0x4c, 0x1e, 0xcf, 0xc4, 0x44, 0xe1, 0xb7, 0x04, 0x70, 0x2a, 0x48, 0x62, - 0x90, 0xb2, 0x68, 0x28, 0xe6, 0xb3, 0x17, 0x48, 0xc7, 0x67, 0x71, 0x4a, 0x40, 0x9f, 0x89, 0xd7, - 0x0a, 0xf3, 0x86, 0x0e, 0x93, 0x7c, 0xf5, 0x18, 0xb9, 0xf3, 0x37, 0x13, 0xd0, 0x5a, 0x4d, 0x55, - 0xe5, 0x23, 0x65, 0xd4, 0x56, 0xf3, 0x06, 0xcc, 0x9d, 0xe0, 0x8b, 0xed, 0xd0, 0xdb, 0xde, 0x58, - 0xc5, 0xdd, 0xd5, 0x6a, 0x0e, 0x55, 0x61, 0x66, 0xd0, 0xdd, 0x30, 0x07, 0xbd, 0xcd, 0xed, 0xad, - 0xce, 0xc6, 0x6a, 0xd5, 0x68, 0x7e, 0x69, 0x40, 0xe5, 0x78, 0x37, 0xa0, 0xeb, 0x90, 0xe7, 0x6e, - 0x98, 0x04, 0x3c, 0xd3, 0xaf, 0x81, 0x1b, 0xf6, 0x72, 0x58, 0xc8, 0xa1, 0xdb, 0x50, 0x1c, 0x46, - 0x3c, 0x22, 0xae, 0x2e, 0xa5, 0x31, 0x8f, 0x90, 0x47, 0x52, 0xa6, 0x97, 0xc3, 0x5a, 0x7a, 0xa5, - 0x0c, 0x25, 0xd1, 0x76, 0xf2, 0x45, 0xd6, 0xfc, 0x61, 0x02, 0xf2, 0x03, 0x37, 0x44, 0x57, 0x61, - 0xce, 0x22, 0xa6, 0x45, 0x03, 0xee, 0xec, 0x0a, 0x7f, 0x68, 0xa8, 0xcb, 0xb9, 0x62, 0x91, 0xfb, - 0x23, 0x54, 0xb4, 0x08, 0xc0, 0xbd, 0xa7, 0x94, 0x99, 0x3e, 0xe1, 0xfb, 0x6a, 0x90, 0xf4, 0x72, - 0xb8, 0x24, 0x69, 0x7d, 0xc2, 0xf7, 0xd1, 0x2d, 0x28, 0x78, 0xc2, 0xbe, 0x1e, 0x25, 0x97, 0xb2, - 0xbd, 0xda, 0x14, 0xd8, 0x7b, 0x39, 0xac, 0x64, 0xd1, 0xc7, 0x50, 0x96, 0x3e, 0xa9, 0x57, 0x8a, - 0x9c, 0x21, 0x95, 0x71, 0x0d, 0x3f, 0x70, 0x43, 0x39, 0x47, 0xd4, 0xe2, 0xee, 0x19, 0x18, 0x48, - 0x72, 0x42, 0xff, 0x81, 0x59, 0x2b, 0x0a, 0xb9, 0x37, 0x8c, 0x4d, 0x15, 0xa4, 0x87, 0x06, 0x9e, - 0x51, 0x64, 0x25, 0xd6, 0xbc, 0x02, 0x90, 0x9a, 0x40, 0x25, 0x28, 0xf4, 0xd7, 0x3b, 0x6b, 0x1b, - 0x6a, 0x8d, 0xaf, 0x74, 0x3b, 0xb8, 0x8b, 0xab, 0xc6, 0x4a, 0x05, 0x66, 0x14, 0xd4, 0xd0, 0x8b, - 0x02, 0x8b, 0xae, 0xcc, 0xc4, 0xd0, 0x65, 0xe4, 0xbe, 0x99, 0x80, 0x82, 0x44, 0x81, 0x2e, 0x41, - 0xc9, 0x72, 0x1d, 0xd1, 0x81, 0x8e, 0x1d, 0x3f, 0xd0, 0x15, 0x61, 0xcd, 0x16, 0xd5, 0xac, 0x99, - 0x21, 0xb5, 0x02, 0xca, 0xf5, 0xec, 0x9d, 0x51, 0xc4, 0x2d, 0x49, 0x13, 0x16, 0x94, 0xe5, 0x28, - 0x70, 0x65, 0xdc, 0xc4, 0xba, 0x16, 0x84, 0xed, 0xc0, 0x15, 0xef, 0x9c, 0xd0, 0xf2, 0x7c, 0xaa, - 0x36, 0x6e, 0x09, 0xeb, 0x13, 0xfa, 0x14, 0xe6, 0x28, 0xb3, 0x7d, 0xcf, 0x61, 0xdc, 0xd4, 0x8b, - 0xa8, 0x20, 0x57, 0x72, 0xfb, 0x3d, 0x21, 0x6f, 0x75, 0xb5, 0x4a, 0x5f, 0x6a, 0xa8, 0x65, 0x5c, - 0xa1, 0xc7, 0x88, 0xf5, 0x0e, 0x9c, 0xcb, 0x10, 0x3b, 0xd3, 0x5a, 0xfd, 0xc2, 0x80, 0xa2, 0xaa, - 0x3c, 0xb4, 0x08, 0x65, 0x3f, 0x70, 0x0e, 0xc4, 0x30, 0x4e, 0xd5, 0x41, 0x93, 0x1e, 0xd2, 0x43, - 0x74, 0x1d, 0x90, 0x0e, 0xd1, 0x48, 0xfd, 0x69, 0x93, 0xf3, 0x8a, 0x33, 0x52, 0x82, 0x59, 0xa5, - 0x9a, 0xcf, 0x2a, 0xd5, 0x95, 0xb5, 0x57, 0x6f, 0x1b, 0xb9, 0x37, 0x6f, 0x1b, 0xb9, 0x77, 0x6f, - 0x1b, 0xc6, 0xe7, 0x47, 0x0d, 0xe3, 0xdb, 0xa3, 0x86, 0xf1, 0xf2, 0xa8, 0x61, 0xbc, 0x3a, 0x6a, - 0x18, 0xbf, 0x1e, 0x35, 0x8c, 0xdf, 0x8f, 0x1a, 0xb9, 0x77, 0x47, 0x0d, 0xe3, 0xc5, 0x6f, 0x8d, - 0xdc, 0x93, 0x4b, 0x2a, 0x68, 0x8e, 0xd7, 0x26, 0xbe, 0xd3, 0x3e, 0xfe, 0xa7, 0xb6, 0x53, 0x94, - 0x63, 0xef, 0xd6, 0x5f, 0x01, 0x00, 0x00, 0xff, 0xff, 0xf4, 0x86, 0x6e, 0xed, 0x46, 0x0e, 0x00, - 0x00, + // 1513 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x57, 0x3f, 0x6f, 0x1b, 0x47, + 0x16, 0xe7, 0x8a, 0x22, 0x25, 0x3e, 0x4a, 0x14, 0x35, 0xd6, 0xd9, 0x34, 0x6d, 0x50, 0x02, 0x7d, + 0x07, 0xbb, 0x38, 0x93, 0xb6, 0x8c, 0xb3, 0xef, 0x0c, 0xe3, 0x70, 0x94, 0x45, 0x1f, 0x05, 0xcb, + 0x12, 0x31, 0xa2, 0x7c, 0x17, 0x37, 0x8b, 0xd1, 0xee, 0x48, 0x5a, 0x78, 0x77, 0x76, 0xbd, 0x3b, + 0x2b, 0x58, 0x5d, 0x8a, 0xa4, 0x77, 0x19, 0x20, 0x5d, 0xaa, 0xa4, 0xca, 0x37, 0x48, 0x1b, 0x97, + 0x06, 0xdc, 0xb8, 0x4a, 0x62, 0xa5, 0x49, 0x13, 0xc0, 0x45, 0x3e, 0x40, 0x30, 0x7f, 0x76, 0x97, + 0xa2, 0x48, 0x23, 0x4a, 0xb7, 0xf3, 0xfe, 0xff, 0xde, 0x7b, 0xf3, 0xde, 0x2c, 0xd4, 0x02, 0xdf, + 0x75, 0xac, 0xe3, 0xf6, 0xd1, 0xed, 0x3d, 0xca, 0xc9, 0xed, 0xb6, 0xb5, 0x7f, 0xd0, 0x0a, 0x42, + 0x9f, 0xfb, 0x68, 0xc9, 0x89, 0xb8, 0xe3, 0xb7, 0x14, 0xbf, 0xa5, 0xf9, 0xf5, 0xa5, 0x03, 0xff, + 0xc0, 0x97, 0x02, 0x6d, 0xf1, 0xa5, 0x64, 0xeb, 0x57, 0x0f, 0x7c, 0xff, 0xc0, 0xa5, 0x6d, 0x79, + 0xda, 0x8b, 0xf7, 0xdb, 0x11, 0x0f, 0x63, 0x8b, 0x6b, 0x6e, 0x63, 0x94, 0x6b, 0xc7, 0x21, 0xe1, + 0x8e, 0xcf, 0x34, 0x7f, 0x79, 0x24, 0x86, 0x23, 0xe2, 0xc6, 0xd4, 0xe4, 0xc7, 0x01, 0x55, 0x02, + 0xcd, 0xcf, 0xf3, 0xb0, 0xd8, 0xe1, 0x3c, 0x74, 0xf6, 0x62, 0x4e, 0x9f, 0x10, 0xe6, 0xec, 0xd3, + 0x88, 0xa3, 0x3a, 0xcc, 0x86, 0xf4, 0xc8, 0x89, 0x1c, 0x9f, 0xd5, 0x8c, 0x15, 0xe3, 0x46, 0x09, + 0xa7, 0x67, 0x84, 0x60, 0x9a, 0x11, 0x8f, 0xd6, 0xa6, 0x24, 0x5d, 0x7e, 0xa3, 0xff, 0x01, 0x90, + 0xc4, 0x48, 0x54, 0xcb, 0xaf, 0xe4, 0x6f, 0x94, 0x57, 0xef, 0xb5, 0xc6, 0xa1, 0x6c, 0x9d, 0x71, + 0x96, 0x51, 0xa2, 0x2e, 0xe3, 0xe1, 0x31, 0x1e, 0x32, 0x55, 0x7f, 0x01, 0xf3, 0x29, 0x7b, 0x83, + 0xed, 0xfb, 0x68, 0x05, 0xca, 0x36, 0x8d, 0xac, 0xd0, 0x09, 0x78, 0x16, 0xdc, 0x30, 0x09, 0xfd, + 0x1b, 0x20, 0x43, 0x29, 0xa3, 0xac, 0xac, 0x2e, 0x8f, 0x8f, 0xe5, 0xa9, 0x90, 0x1b, 0x1c, 0x07, + 0x14, 0x97, 0x8e, 0x92, 0xcf, 0x3a, 0x87, 0x85, 0x91, 0x88, 0x50, 0x15, 0xf2, 0xcf, 0xe9, 0xb1, + 0x76, 0x26, 0x3e, 0xd1, 0x63, 0x28, 0x48, 0x0d, 0x69, 0xbf, 0xbc, 0xfa, 0x8f, 0x73, 0x63, 0x15, + 0x60, 0xb0, 0xb2, 0x71, 0x7f, 0xea, 0x9f, 0x46, 0xf3, 0xf5, 0x34, 0x4c, 0xe3, 0xd8, 0xa5, 0x68, + 0x09, 0x0a, 0x1e, 0xe1, 0xd6, 0xa1, 0xf6, 0xa6, 0x0e, 0xe8, 0x2e, 0xcc, 0x10, 0x4b, 0xc0, 0x8b, + 0x6a, 0x53, 0x32, 0xbb, 0x57, 0x27, 0x78, 0x94, 0x42, 0x38, 0x11, 0x46, 0x0c, 0x2e, 0x87, 0xf4, + 0x45, 0x4c, 0x23, 0x6e, 0x1e, 0x52, 0x62, 0xd3, 0xd0, 0xf4, 0x03, 0xaa, 0x3a, 0x24, 0xa9, 0xd3, + 0xea, 0x78, 0x4b, 0x22, 0x98, 0x56, 0x4f, 0xea, 0x6c, 0x27, 0x2a, 0x03, 0xea, 0x05, 0x2e, 0xe1, + 0x14, 0x5f, 0xd2, 0x46, 0x47, 0xf8, 0x11, 0x0a, 0xa0, 0x1e, 0xd2, 0x28, 0xf0, 0x59, 0x44, 0xc7, + 0x38, 0x9c, 0xfe, 0xd3, 0x0e, 0x6b, 0x89, 0xd5, 0x33, 0x1e, 0xef, 0xc3, 0x6c, 0x44, 0xbc, 0xc0, + 0x75, 0xd8, 0x41, 0xad, 0x20, 0x8b, 0xd1, 0x18, 0x6f, 0x7f, 0x47, 0x4b, 0xe1, 0x54, 0xbe, 0xfe, + 0xd6, 0x80, 0x4b, 0x13, 0x3c, 0xa6, 0x6d, 0x6e, 0x0c, 0xb5, 0xf9, 0x45, 0x28, 0xca, 0x8a, 0xa9, + 0x22, 0x94, 0xb0, 0x3e, 0xa1, 0x67, 0x50, 0x4a, 0x51, 0xd6, 0xf2, 0xb2, 0xe3, 0x1e, 0x9c, 0x1f, + 0x64, 0x2b, 0xa5, 0xe0, 0xcc, 0x5c, 0xf3, 0x16, 0x94, 0x52, 0x3a, 0x2a, 0xc3, 0x0c, 0xee, 0xf6, + 0x37, 0x3b, 0x0f, 0xbb, 0xd5, 0x1c, 0x02, 0x28, 0xe2, 0xee, 0x93, 0xed, 0xa7, 0xdd, 0xaa, 0x21, + 0xbe, 0x3b, 0xfd, 0x7e, 0x77, 0x6b, 0xbd, 0x3a, 0xd5, 0x1c, 0x40, 0x51, 0xb5, 0x01, 0xaa, 0xc1, + 0xcc, 0x21, 0x61, 0xb6, 0x4b, 0x43, 0x7d, 0x5b, 0x93, 0x23, 0xba, 0x0a, 0x25, 0x87, 0x45, 0x9c, + 0x30, 0x4b, 0xdf, 0xd7, 0x12, 0xce, 0x08, 0x29, 0xf6, 0xe9, 0x0c, 0x7b, 0xf3, 0xfb, 0x29, 0x98, + 0xdd, 0xd0, 0x12, 0x63, 0x93, 0x53, 0x87, 0x59, 0xae, 0x91, 0x68, 0x6f, 0xe9, 0x19, 0xb5, 0xa1, + 0x18, 0x90, 0x90, 0x78, 0x91, 0xcc, 0x4e, 0x79, 0xf5, 0x52, 0x4b, 0xcd, 0xad, 0x56, 0x32, 0xb7, + 0x5a, 0x3b, 0x72, 0xaa, 0x61, 0x2d, 0x86, 0x6c, 0x40, 0xe9, 0x14, 0x30, 0xf7, 0x1c, 0x66, 0x3b, + 0xec, 0x20, 0xe9, 0x9f, 0x09, 0x97, 0x2d, 0x09, 0x2e, 0xbb, 0x63, 0x6b, 0x5a, 0x4f, 0x8d, 0x95, + 0x45, 0x32, 0x4a, 0x47, 0x2d, 0x58, 0xb4, 0x7c, 0x2f, 0x70, 0x5c, 0x6a, 0x9b, 0x69, 0xec, 0xbf, + 0xfd, 0xfa, 0xcd, 0x8a, 0x0c, 0xbf, 0x9a, 0xf0, 0x92, 0x02, 0xd5, 0xd7, 0xe1, 0xe2, 0x78, 0xe3, + 0x63, 0x26, 0xc4, 0xd2, 0xf0, 0x84, 0x28, 0x0d, 0x5f, 0xf5, 0x77, 0x06, 0xcc, 0xf4, 0x74, 0x1d, + 0xc6, 0x25, 0xb2, 0x06, 0x33, 0xc4, 0x26, 0x01, 0xcf, 0xaa, 0xa6, 0x8f, 0xe7, 0x4f, 0xe3, 0x7f, + 0x00, 0x2c, 0x9f, 0x31, 0x2a, 0xdb, 0x41, 0x96, 0xb3, 0xbc, 0xba, 0x32, 0x3e, 0x7d, 0x0f, 0x53, + 0x39, 0x3c, 0xa4, 0x83, 0xfe, 0x0e, 0x69, 0x1a, 0xcc, 0x24, 0xaa, 0x34, 0x43, 0x0b, 0x09, 0xab, + 0xa3, 0x38, 0xcd, 0x6f, 0x0d, 0x80, 0xcc, 0x90, 0x42, 0x62, 0x87, 0x34, 0x8a, 0x32, 0x24, 0xf2, + 0x88, 0xfe, 0x05, 0x33, 0xdc, 0xf1, 0xa8, 0x1f, 0x73, 0x0d, 0xe5, 0xf2, 0x19, 0x28, 0xeb, 0x7a, + 0x93, 0xad, 0x4d, 0x7f, 0xf1, 0xe3, 0xb2, 0x81, 0x13, 0x79, 0xb4, 0x09, 0x15, 0x12, 0xf3, 0x43, + 0xca, 0xb8, 0x63, 0x91, 0x21, 0x5c, 0x7f, 0x9d, 0x30, 0x11, 0x4f, 0xc9, 0xe2, 0x11, 0xdd, 0xe6, + 0x2b, 0x03, 0x66, 0x93, 0xc9, 0x80, 0x1e, 0x40, 0x31, 0x24, 0xcc, 0xf6, 0x3d, 0x59, 0x8f, 0x89, + 0x26, 0xb1, 0x94, 0x49, 0xe7, 0x89, 0xd6, 0x41, 0x8f, 0x00, 0x42, 0xc2, 0xa9, 0xe9, 0x3a, 0x9e, + 0xc3, 0xf5, 0x62, 0xb8, 0x3e, 0xc9, 0x02, 0xa7, 0x9b, 0x42, 0x2c, 0x35, 0x52, 0x0a, 0x13, 0x52, + 0xf3, 0xad, 0x01, 0x95, 0xd3, 0x2e, 0xd0, 0x6d, 0x58, 0xca, 0xae, 0x03, 0x7d, 0x19, 0x88, 0x1c, + 0x66, 0xeb, 0xef, 0x42, 0xca, 0xeb, 0xa6, 0x2c, 0xd4, 0x87, 0x85, 0x80, 0x86, 0x16, 0x65, 0xdc, + 0x94, 0xf3, 0x8e, 0xda, 0x1f, 0x0f, 0xe9, 0x51, 0xa8, 0x76, 0x06, 0x71, 0xfb, 0x4a, 0x0d, 0x57, + 0xb4, 0xfe, 0x8e, 0x52, 0x47, 0x0f, 0xa0, 0x1e, 0x47, 0xd4, 0x74, 0x98, 0x4d, 0x03, 0xca, 0x6c, + 0x61, 0x59, 0x21, 0x67, 0xa2, 0xc0, 0xa2, 0x8c, 0xb3, 0xb8, 0x16, 0x47, 0x74, 0x23, 0x13, 0xc0, + 0x29, 0xbf, 0xf9, 0x9d, 0x01, 0x8b, 0x67, 0x60, 0xa3, 0x3e, 0x2c, 0x26, 0xd3, 0xd8, 0x4c, 0x9e, + 0x2e, 0x3a, 0xf9, 0x1f, 0xe9, 0x88, 0xd9, 0xd7, 0x3f, 0x2c, 0xe7, 0x64, 0x57, 0x54, 0x13, 0xed, + 0x84, 0x87, 0x56, 0xe1, 0x2f, 0x1e, 0x79, 0x69, 0xc6, 0x4c, 0xa3, 0x36, 0x29, 0xe3, 0xa1, 0x43, + 0x55, 0x07, 0xe6, 0xf1, 0x05, 0x8f, 0xbc, 0xdc, 0x4d, 0x78, 0x5d, 0xc5, 0x42, 0xd7, 0x60, 0x3e, + 0x8d, 0x42, 0xd4, 0x41, 0x82, 0xc9, 0xe3, 0xb9, 0x84, 0x28, 0xe2, 0x96, 0x00, 0xce, 0x24, 0x49, + 0x0c, 0x52, 0x16, 0x7b, 0x62, 0x3e, 0xfb, 0xa1, 0x0c, 0x7c, 0x1e, 0x67, 0x04, 0xf4, 0x89, 0x78, + 0xad, 0x30, 0xdf, 0x73, 0x98, 0xe4, 0xab, 0xc7, 0xc8, 0xbd, 0x3f, 0x58, 0x80, 0xd6, 0x7a, 0xa6, + 0x2a, 0x1f, 0x29, 0xc3, 0xb6, 0x9a, 0xb7, 0x60, 0x61, 0x84, 0x2f, 0xb6, 0x43, 0x6f, 0x77, 0x6b, + 0x1d, 0x77, 0xd7, 0xab, 0x39, 0x54, 0x85, 0xb9, 0x41, 0x77, 0xcb, 0x1c, 0xf4, 0xb6, 0x77, 0x77, + 0x3a, 0x5b, 0xeb, 0x55, 0xa3, 0xf9, 0x99, 0x01, 0x95, 0xd3, 0xb7, 0x01, 0xdd, 0x84, 0x3c, 0x77, + 0xa3, 0x34, 0xe1, 0x63, 0xe3, 0x1a, 0xb8, 0x51, 0x2f, 0x87, 0x85, 0x1c, 0xba, 0x0b, 0x45, 0x2f, + 0xe6, 0x31, 0x71, 0x75, 0x2b, 0x4d, 0x78, 0x84, 0x3c, 0x91, 0x32, 0xbd, 0x1c, 0xd6, 0xd2, 0x6b, + 0x65, 0x28, 0x89, 0x6b, 0x27, 0x5f, 0x64, 0xcd, 0x77, 0x53, 0x90, 0x1f, 0xb8, 0x11, 0xba, 0x0e, + 0x0b, 0x16, 0x31, 0x2d, 0x1a, 0x72, 0x67, 0x5f, 0xc4, 0x43, 0x23, 0xdd, 0xce, 0x15, 0x8b, 0x3c, + 0x1c, 0xa2, 0xa2, 0x65, 0x00, 0xee, 0x3f, 0xa7, 0xcc, 0x0c, 0x08, 0x3f, 0x54, 0x83, 0xa4, 0x97, + 0xc3, 0x25, 0x49, 0xeb, 0x13, 0x7e, 0x88, 0xee, 0x40, 0xc1, 0x17, 0xf6, 0xf5, 0x28, 0xb9, 0x32, + 0x3e, 0xaa, 0x6d, 0x81, 0xbd, 0x97, 0xc3, 0x4a, 0x16, 0xfd, 0x17, 0xca, 0x32, 0x26, 0xf5, 0x4a, + 0x91, 0x33, 0xa4, 0x32, 0xe9, 0xc2, 0x0f, 0xdc, 0x48, 0xce, 0x11, 0xb5, 0xb8, 0x7b, 0x06, 0x06, + 0x92, 0x9e, 0xd0, 0xdf, 0x60, 0xde, 0x8a, 0x23, 0xee, 0x7b, 0x89, 0xa9, 0x82, 0x8c, 0xd0, 0xc0, + 0x73, 0x8a, 0xac, 0xc5, 0x96, 0xa1, 0x1c, 0xd1, 0xf0, 0x88, 0x86, 0xa6, 0x1c, 0xf8, 0x45, 0x09, + 0x15, 0x14, 0x69, 0x4b, 0x2c, 0xd8, 0x6b, 0x00, 0x99, 0x0f, 0x54, 0x82, 0x42, 0x7f, 0xb3, 0xb3, + 0xb1, 0xa5, 0xf6, 0xfc, 0x5a, 0xb7, 0x83, 0xbb, 0xb8, 0x6a, 0xac, 0x55, 0x60, 0x4e, 0xe5, 0x22, + 0xf2, 0xe3, 0xd0, 0xa2, 0x6b, 0x73, 0x49, 0x6e, 0x64, 0x6a, 0xbf, 0x9c, 0x82, 0x82, 0x84, 0x89, + 0xae, 0x40, 0xc9, 0x72, 0x1d, 0x71, 0x45, 0x1d, 0x3b, 0x79, 0xc1, 0x2b, 0xc2, 0x86, 0x2d, 0xda, + 0x5d, 0x33, 0x23, 0x6a, 0x85, 0x94, 0xeb, 0xe1, 0x3c, 0xa7, 0x88, 0x3b, 0x92, 0x26, 0x2c, 0x28, + 0xcb, 0x71, 0xe8, 0xca, 0xc4, 0x8a, 0x7d, 0x2e, 0x08, 0xbb, 0xa1, 0x2b, 0x1e, 0x42, 0x91, 0xe5, + 0x07, 0x54, 0xad, 0xe4, 0x12, 0xd6, 0x27, 0xf4, 0x7f, 0x58, 0xa0, 0xcc, 0x0e, 0x7c, 0x87, 0x71, + 0x53, 0x6f, 0xaa, 0x82, 0xdc, 0xd9, 0xed, 0x8f, 0xd4, 0xa4, 0xd5, 0xd5, 0x2a, 0x7d, 0xa9, 0xa1, + 0xb6, 0x75, 0x85, 0x9e, 0x22, 0xd6, 0x3b, 0x70, 0x61, 0x8c, 0xd8, 0xb9, 0xf6, 0xee, 0x57, 0x06, + 0x14, 0x55, 0x6b, 0x8a, 0x62, 0x04, 0xa1, 0x73, 0x24, 0xa6, 0x75, 0xa6, 0x0e, 0x9a, 0xf4, 0x98, + 0x1e, 0xa3, 0x9b, 0x80, 0x74, 0x8a, 0x86, 0x1a, 0x54, 0x9b, 0x5c, 0x54, 0x9c, 0xa1, 0x1e, 0x1d, + 0xd7, 0xcb, 0xf9, 0x09, 0xbd, 0x7c, 0xaa, 0x0b, 0xa6, 0x47, 0xbb, 0x60, 0x6d, 0xe3, 0xcd, 0xfb, + 0x46, 0xee, 0xdd, 0xfb, 0x46, 0xee, 0xc3, 0xfb, 0x86, 0xf1, 0xe9, 0x49, 0xc3, 0xf8, 0xfa, 0xa4, + 0x61, 0xbc, 0x3e, 0x69, 0x18, 0x6f, 0x4e, 0x1a, 0xc6, 0x4f, 0x27, 0x0d, 0xe3, 0x97, 0x93, 0x46, + 0xee, 0xc3, 0x49, 0xc3, 0x78, 0xf5, 0x73, 0x23, 0xf7, 0xec, 0x8a, 0xca, 0xaa, 0xe3, 0xb7, 0x49, + 0xe0, 0xb4, 0x4f, 0xff, 0xeb, 0xed, 0x15, 0xe5, 0xe0, 0xbc, 0xf3, 0x7b, 0x00, 0x00, 0x00, 0xff, + 0xff, 0xa6, 0xbe, 0xc2, 0x69, 0x88, 0x0e, 0x00, 0x00, } diff --git a/policy/v1beta1/cfg.proto b/policy/v1beta1/cfg.proto index e346755bea..7719ea2666 100644 --- a/policy/v1beta1/cfg.proto +++ b/policy/v1beta1/cfg.proto @@ -490,6 +490,10 @@ message Tls { // passed as what it is. string custom_header = 5; } + + // Indicates the name of adapter backend which is useful for routing with + // proxy-fronted backend. + string server_name = 6; } // OAuth let operator specify config to fetch access token via oauth when using @@ -526,4 +530,8 @@ message Mutual { // verify the presented adapter certificates. By default mixer should already // include Istio CA certificates and system certificates in cert pool. string ca_certificates = 3; + + // Indicates the name of adapter backend server which is useful for routing with + // proxy-fronted backend. + string server_name = 4; } diff --git a/policy/v1beta1/istio.policy.v1beta1.pb.html b/policy/v1beta1/istio.policy.v1beta1.pb.html index 8f0e37473f..945156d22c 100644 --- a/policy/v1beta1/istio.policy.v1beta1.pb.html +++ b/policy/v1beta1/istio.policy.v1beta1.pb.html @@ -1006,6 +1006,15 @@

Mutual

verify the presented adapter certificates. By default mixer should already include Istio CA certificates and system certificates in cert pool.

+ + +
 + + + @@ -1313,6 +1322,15 @@

Tls

Customized header key to hold access token, e.g. x-api-key. Token will be passed as what it is.

+ + + + + + diff --git a/proto.lock b/proto.lock index 6432feeae8..f4c207dcf9 100644 --- a/proto.lock +++ b/proto.lock @@ -4657,6 +4657,11 @@ "id": 5, "name": "custom_header", "type": "string" + }, + { + "id": 6, + "name": "server_name", + "type": "string" } ] }, @@ -4713,6 +4718,11 @@ "id": 3, "name": "ca_certificates", "type": "string" + }, + { + "id": 4, + "name": "server_name", + "type": "string" } ] } diff --git a/python/istio_api/policy/v1beta1/cfg_pb2.py b/python/istio_api/policy/v1beta1/cfg_pb2.py index 2fbed5dcd2..f621ef347b 100644 --- a/python/istio_api/policy/v1beta1/cfg_pb2.py +++ b/python/istio_api/policy/v1beta1/cfg_pb2.py @@ -23,7 +23,7 @@ name='policy/v1beta1/cfg.proto', package='istio.policy.v1beta1', syntax='proto3', - serialized_pb=_b('\n\x18policy/v1beta1/cfg.proto\x12\x14istio.policy.v1beta1\x1a\x14gogoproto/gogo.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x1fpolicy/v1beta1/value_type.proto\"\xc5\x02\n\x11\x41ttributeManifest\x12\x10\n\x08revision\x18\x01 \x01(\t\x12\x0c\n\x04name\x18\x02 \x01(\t\x12K\n\nattributes\x18\x03 \x03(\x0b\x32\x37.istio.policy.v1beta1.AttributeManifest.AttributesEntry\x1aY\n\rAttributeInfo\x12\x13\n\x0b\x64\x65scription\x18\x01 \x01(\t\x12\x33\n\nvalue_type\x18\x02 \x01(\x0e\x32\x1f.istio.policy.v1beta1.ValueType\x1ah\n\x0f\x41ttributesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x44\n\x05value\x18\x02 \x01(\x0b\x32\x35.istio.policy.v1beta1.AttributeManifest.AttributeInfo:\x02\x38\x01\"\xe2\x03\n\x04Rule\x12\r\n\x05match\x18\x01 \x01(\t\x12-\n\x07\x61\x63tions\x18\x02 \x03(\x0b\x32\x1c.istio.policy.v1beta1.Action\x12U\n\x19request_header_operations\x18\x03 \x03(\x0b\x32\x32.istio.policy.v1beta1.Rule.HeaderOperationTemplate\x12V\n\x1aresponse_header_operations\x18\x04 \x03(\x0b\x32\x32.istio.policy.v1beta1.Rule.HeaderOperationTemplate\x12\x30\n\x08sampling\x18\x05 \x01(\x0b\x32\x1e.istio.policy.v1beta1.Sampling\x1a\xba\x01\n\x17HeaderOperationTemplate\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0e\n\x06values\x18\x02 \x03(\t\x12O\n\toperation\x18\x03 \x01(\x0e\x32<.istio.policy.v1beta1.Rule.HeaderOperationTemplate.Operation\"0\n\tOperation\x12\x0b\n\x07REPLACE\x10\x00\x12\n\n\x06REMOVE\x10\x01\x12\n\n\x06\x41PPEND\x10\x02\":\n\x06\x41\x63tion\x12\x0f\n\x07handler\x18\x02 \x01(\t\x12\x11\n\tinstances\x18\x03 \x03(\t\x12\x0c\n\x04name\x18\x04 \x01(\t\"\xfe\x01\n\x08Instance\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x1c\n\x11\x63ompiled_template\x18\xf4\xed\xa9 \x01(\t\x12\x10\n\x08template\x18\x02 \x01(\t\x12\'\n\x06params\x18\x03 \x01(\x0b\x32\x17.google.protobuf.Struct\x12Q\n\x12\x61ttribute_bindings\x18\x04 \x03(\x0b\x32\x35.istio.policy.v1beta1.Instance.AttributeBindingsEntry\x1a\x38\n\x16\x41ttributeBindingsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xa4\x01\n\x07Handler\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x1b\n\x10\x63ompiled_adapter\x18\xf4\xed\xa9 \x01(\t\x12\x0f\n\x07\x61\x64\x61pter\x18\x02 \x01(\t\x12\'\n\x06params\x18\x03 \x01(\x0b\x32\x17.google.protobuf.Struct\x12\x34\n\nconnection\x18\x04 \x01(\x0b\x32 .istio.policy.v1beta1.Connection\"\x8d\x01\n\nConnection\x12\x0f\n\x07\x61\x64\x64ress\x18\x02 \x01(\t\x12\x30\n\x07timeout\x18\x03 \x01(\x0b\x32\x19.google.protobuf.DurationB\x04\x98\xdf\x1f\x01\x12<\n\x0e\x61uthentication\x18\x04 \x01(\x0b\x32$.istio.policy.v1beta1.Authentication\"}\n\x08Sampling\x12\x34\n\x06random\x18\x01 \x01(\x0b\x32$.istio.policy.v1beta1.RandomSampling\x12;\n\nrate_limit\x18\x02 \x01(\x0b\x32\'.istio.policy.v1beta1.RateLimitSampling\"\x94\x01\n\x0eRandomSampling\x12\x1c\n\x14\x61ttribute_expression\x18\x01 \x01(\t\x12@\n\x0fpercent_sampled\x18\x02 \x01(\x0b\x32\'.istio.policy.v1beta1.FractionalPercent\x12\"\n\x1ause_independent_randomness\x18\x03 \x01(\x08\"\x89\x01\n\x11RateLimitSampling\x12>\n\x11sampling_duration\x18\x01 \x01(\x0b\x32\x19.google.protobuf.DurationB\x08\xc8\xde\x1f\x00\x98\xdf\x1f\x01\x12\x1d\n\x15max_unsampled_entries\x18\x02 \x01(\x03\x12\x15\n\rsampling_rate\x18\x03 \x01(\x03\"\xa6\x01\n\x11\x46ractionalPercent\x12\x11\n\tnumerator\x18\x01 \x01(\r\x12L\n\x0b\x64\x65nominator\x18\x02 \x01(\x0e\x32\x37.istio.policy.v1beta1.FractionalPercent.DenominatorType\"0\n\x0f\x44\x65nominatorType\x12\x0b\n\x07HUNDRED\x10\x00\x12\x10\n\x0cTEN_THOUSAND\x10\x01\"w\n\x0e\x41uthentication\x12(\n\x03tls\x18\x01 \x01(\x0b\x32\x19.istio.policy.v1beta1.TlsH\x00\x12.\n\x06mutual\x18\x02 \x01(\x0b\x32\x1c.istio.policy.v1beta1.MutualH\x00\x42\x0b\n\tauth_type\"\xfb\x01\n\x03Tls\x12\x17\n\x0f\x63\x61_certificates\x18\x01 \x01(\t\x12\x14\n\ntoken_path\x18\x02 \x01(\tH\x00\x12,\n\x05oauth\x18\x03 \x01(\x0b\x32\x1b.istio.policy.v1beta1.OAuthH\x00\x12;\n\x0b\x61uth_header\x18\x04 \x01(\x0e\x32$.istio.policy.v1beta1.Tls.AuthHeaderH\x01\x12\x17\n\rcustom_header\x18\x05 \x01(\tH\x01\"#\n\nAuthHeader\x12\t\n\x05PLAIN\x10\x00\x12\n\n\x06\x42\x45\x41RER\x10\x01\x42\x0e\n\x0ctoken_sourceB\x0c\n\ntoken_type\"\xd5\x01\n\x05OAuth\x12\x11\n\tclient_id\x18\x01 \x01(\t\x12\x15\n\rclient_secret\x18\x02 \x01(\t\x12\x11\n\ttoken_url\x18\x03 \x01(\t\x12\x0e\n\x06scopes\x18\x04 \x03(\t\x12H\n\x0f\x65ndpoint_params\x18\x05 \x03(\x0b\x32/.istio.policy.v1beta1.OAuth.EndpointParamsEntry\x1a\x35\n\x13\x45ndpointParamsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"R\n\x06Mutual\x12\x13\n\x0bprivate_key\x18\x01 \x01(\t\x12\x1a\n\x12\x63lient_certificate\x18\x02 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x03 \x01(\tB\x1dZ\x1bistio.io/api/policy/v1beta1b\x06proto3') + serialized_pb=_b('\n\x18policy/v1beta1/cfg.proto\x12\x14istio.policy.v1beta1\x1a\x14gogoproto/gogo.proto\x1a\x1cgoogle/protobuf/struct.proto\x1a\x1egoogle/protobuf/duration.proto\x1a\x1fpolicy/v1beta1/value_type.proto\"\xc5\x02\n\x11\x41ttributeManifest\x12\x10\n\x08revision\x18\x01 \x01(\t\x12\x0c\n\x04name\x18\x02 \x01(\t\x12K\n\nattributes\x18\x03 \x03(\x0b\x32\x37.istio.policy.v1beta1.AttributeManifest.AttributesEntry\x1aY\n\rAttributeInfo\x12\x13\n\x0b\x64\x65scription\x18\x01 \x01(\t\x12\x33\n\nvalue_type\x18\x02 \x01(\x0e\x32\x1f.istio.policy.v1beta1.ValueType\x1ah\n\x0f\x41ttributesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x44\n\x05value\x18\x02 \x01(\x0b\x32\x35.istio.policy.v1beta1.AttributeManifest.AttributeInfo:\x02\x38\x01\"\xe2\x03\n\x04Rule\x12\r\n\x05match\x18\x01 \x01(\t\x12-\n\x07\x61\x63tions\x18\x02 \x03(\x0b\x32\x1c.istio.policy.v1beta1.Action\x12U\n\x19request_header_operations\x18\x03 \x03(\x0b\x32\x32.istio.policy.v1beta1.Rule.HeaderOperationTemplate\x12V\n\x1aresponse_header_operations\x18\x04 \x03(\x0b\x32\x32.istio.policy.v1beta1.Rule.HeaderOperationTemplate\x12\x30\n\x08sampling\x18\x05 \x01(\x0b\x32\x1e.istio.policy.v1beta1.Sampling\x1a\xba\x01\n\x17HeaderOperationTemplate\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x0e\n\x06values\x18\x02 \x03(\t\x12O\n\toperation\x18\x03 \x01(\x0e\x32<.istio.policy.v1beta1.Rule.HeaderOperationTemplate.Operation\"0\n\tOperation\x12\x0b\n\x07REPLACE\x10\x00\x12\n\n\x06REMOVE\x10\x01\x12\n\n\x06\x41PPEND\x10\x02\":\n\x06\x41\x63tion\x12\x0f\n\x07handler\x18\x02 \x01(\t\x12\x11\n\tinstances\x18\x03 \x03(\t\x12\x0c\n\x04name\x18\x04 \x01(\t\"\xfe\x01\n\x08Instance\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x1c\n\x11\x63ompiled_template\x18\xf4\xed\xa9 \x01(\t\x12\x10\n\x08template\x18\x02 \x01(\t\x12\'\n\x06params\x18\x03 \x01(\x0b\x32\x17.google.protobuf.Struct\x12Q\n\x12\x61ttribute_bindings\x18\x04 \x03(\x0b\x32\x35.istio.policy.v1beta1.Instance.AttributeBindingsEntry\x1a\x38\n\x16\x41ttributeBindingsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xa4\x01\n\x07Handler\x12\x0c\n\x04name\x18\x01 \x01(\t\x12\x1b\n\x10\x63ompiled_adapter\x18\xf4\xed\xa9 \x01(\t\x12\x0f\n\x07\x61\x64\x61pter\x18\x02 \x01(\t\x12\'\n\x06params\x18\x03 \x01(\x0b\x32\x17.google.protobuf.Struct\x12\x34\n\nconnection\x18\x04 \x01(\x0b\x32 .istio.policy.v1beta1.Connection\"\x8d\x01\n\nConnection\x12\x0f\n\x07\x61\x64\x64ress\x18\x02 \x01(\t\x12\x30\n\x07timeout\x18\x03 \x01(\x0b\x32\x19.google.protobuf.DurationB\x04\x98\xdf\x1f\x01\x12<\n\x0e\x61uthentication\x18\x04 \x01(\x0b\x32$.istio.policy.v1beta1.Authentication\"}\n\x08Sampling\x12\x34\n\x06random\x18\x01 \x01(\x0b\x32$.istio.policy.v1beta1.RandomSampling\x12;\n\nrate_limit\x18\x02 \x01(\x0b\x32\'.istio.policy.v1beta1.RateLimitSampling\"\x94\x01\n\x0eRandomSampling\x12\x1c\n\x14\x61ttribute_expression\x18\x01 \x01(\t\x12@\n\x0fpercent_sampled\x18\x02 \x01(\x0b\x32\'.istio.policy.v1beta1.FractionalPercent\x12\"\n\x1ause_independent_randomness\x18\x03 \x01(\x08\"\x89\x01\n\x11RateLimitSampling\x12>\n\x11sampling_duration\x18\x01 \x01(\x0b\x32\x19.google.protobuf.DurationB\x08\xc8\xde\x1f\x00\x98\xdf\x1f\x01\x12\x1d\n\x15max_unsampled_entries\x18\x02 \x01(\x03\x12\x15\n\rsampling_rate\x18\x03 \x01(\x03\"\xa6\x01\n\x11\x46ractionalPercent\x12\x11\n\tnumerator\x18\x01 \x01(\r\x12L\n\x0b\x64\x65nominator\x18\x02 \x01(\x0e\x32\x37.istio.policy.v1beta1.FractionalPercent.DenominatorType\"0\n\x0f\x44\x65nominatorType\x12\x0b\n\x07HUNDRED\x10\x00\x12\x10\n\x0cTEN_THOUSAND\x10\x01\"w\n\x0e\x41uthentication\x12(\n\x03tls\x18\x01 \x01(\x0b\x32\x19.istio.policy.v1beta1.TlsH\x00\x12.\n\x06mutual\x18\x02 \x01(\x0b\x32\x1c.istio.policy.v1beta1.MutualH\x00\x42\x0b\n\tauth_type\"\x90\x02\n\x03Tls\x12\x17\n\x0f\x63\x61_certificates\x18\x01 \x01(\t\x12\x14\n\ntoken_path\x18\x02 \x01(\tH\x00\x12,\n\x05oauth\x18\x03 \x01(\x0b\x32\x1b.istio.policy.v1beta1.OAuthH\x00\x12;\n\x0b\x61uth_header\x18\x04 \x01(\x0e\x32$.istio.policy.v1beta1.Tls.AuthHeaderH\x01\x12\x17\n\rcustom_header\x18\x05 \x01(\tH\x01\x12\x13\n\x0bserver_name\x18\x06 \x01(\t\"#\n\nAuthHeader\x12\t\n\x05PLAIN\x10\x00\x12\n\n\x06\x42\x45\x41RER\x10\x01\x42\x0e\n\x0ctoken_sourceB\x0c\n\ntoken_type\"\xd5\x01\n\x05OAuth\x12\x11\n\tclient_id\x18\x01 \x01(\t\x12\x15\n\rclient_secret\x18\x02 \x01(\t\x12\x11\n\ttoken_url\x18\x03 \x01(\t\x12\x0e\n\x06scopes\x18\x04 \x03(\t\x12H\n\x0f\x65ndpoint_params\x18\x05 \x03(\x0b\x32/.istio.policy.v1beta1.OAuth.EndpointParamsEntry\x1a\x35\n\x13\x45ndpointParamsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"g\n\x06Mutual\x12\x13\n\x0bprivate_key\x18\x01 \x01(\t\x12\x1a\n\x12\x63lient_certificate\x18\x02 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x03 \x01(\t\x12\x13\n\x0bserver_name\x18\x04 \x01(\tB\x1dZ\x1bistio.io/api/policy/v1beta1b\x06proto3') , dependencies=[gogoproto_dot_gogo__pb2.DESCRIPTOR,google_dot_protobuf_dot_struct__pb2.DESCRIPTOR,google_dot_protobuf_dot_duration__pb2.DESCRIPTOR,policy_dot_v1beta1_dot_value__type__pb2.DESCRIPTOR,]) @@ -94,8 +94,8 @@ ], containing_type=None, options=None, - serialized_start=2503, - serialized_end=2538, + serialized_start=2524, + serialized_end=2559, ) _sym_db.RegisterEnumDescriptor(_TLS_AUTHHEADER) @@ -818,6 +818,13 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='server_name', full_name='istio.policy.v1beta1.Tls.server_name', index=5, + number=6, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -838,7 +845,7 @@ index=1, containing_type=None, fields=[]), ], serialized_start=2317, - serialized_end=2568, + serialized_end=2589, ) @@ -875,8 +882,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2731, - serialized_end=2784, + serialized_start=2752, + serialized_end=2805, ) _OAUTH = _descriptor.Descriptor( @@ -933,8 +940,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2571, - serialized_end=2784, + serialized_start=2592, + serialized_end=2805, ) @@ -966,6 +973,13 @@ message_type=None, enum_type=None, containing_type=None, is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='server_name', full_name='istio.policy.v1beta1.Mutual.server_name', index=3, + number=4, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), ], extensions=[ ], @@ -978,8 +992,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=2786, - serialized_end=2868, + serialized_start=2807, + serialized_end=2910, ) _ATTRIBUTEMANIFEST_ATTRIBUTEINFO.fields_by_name['value_type'].enum_type = policy_dot_v1beta1_dot_value__type__pb2._VALUETYPE From 1b39429492ff584547a70b6afa64dd38939e4777 Mon Sep 17 00:00:00 2001 From: Shriram Rajagopalan Date: Tue, 19 Feb 2019 12:53:26 -0500 Subject: [PATCH 15/15] doc fixes (#801) Signed-off-by: Shriram Rajagopalan --- networking/v1alpha3/destination_rule.pb.go | 1 - networking/v1alpha3/destination_rule.proto | 1 - .../istio.networking.v1alpha3.pb.html | 60 +++++++++++++++++-- networking/v1alpha3/service_entry.pb.go | 11 ++-- networking/v1alpha3/service_entry.proto | 11 ++-- networking/v1alpha3/virtual_service.pb.go | 1 - networking/v1alpha3/virtual_service.proto | 1 - 7 files changed, 66 insertions(+), 20 deletions(-) diff --git a/networking/v1alpha3/destination_rule.pb.go b/networking/v1alpha3/destination_rule.pb.go index 229e1934c1..9b263002db 100644 --- a/networking/v1alpha3/destination_rule.pb.go +++ b/networking/v1alpha3/destination_rule.pb.go @@ -250,7 +250,6 @@ type DestinationRule struct { // One or more named sets that represent individual versions of a // service. Traffic policies can be overridden at subset level. Subsets []*Subset `protobuf:"bytes,3,rep,name=subsets" json:"subsets,omitempty"` - // $hide_from_docs // The resolution of a DestinationRule to apply to a service occurs in the // context of a hierarchy of namespaces. This rule controls whether those // namespaces are allowed to select this rule. diff --git a/networking/v1alpha3/destination_rule.proto b/networking/v1alpha3/destination_rule.proto index ff7b277d2c..1c340f8bbf 100644 --- a/networking/v1alpha3/destination_rule.proto +++ b/networking/v1alpha3/destination_rule.proto @@ -118,7 +118,6 @@ message DestinationRule { // service. Traffic policies can be overridden at subset level. repeated Subset subsets = 3; - // $hide_from_docs // The resolution of a DestinationRule to apply to a service occurs in the // context of a hierarchy of namespaces. This rule controls whether those // namespaces are allowed to select this rule. diff --git a/networking/v1alpha3/istio.networking.v1alpha3.pb.html b/networking/v1alpha3/istio.networking.v1alpha3.pb.html index 8720593094..c523127b17 100644 --- a/networking/v1alpha3/istio.networking.v1alpha3.pb.html +++ b/networking/v1alpha3/istio.networking.v1alpha3.pb.html @@ -669,6 +669,16 @@

DestinationRule

One or more named sets that represent individual versions of a service. Traffic policies can be overridden at subset level.

+ + + + + + @@ -3230,7 +3240,7 @@

ServiceEntry

The following example demonstrates the use of a dedicated egress gateway through which all external service traffic is forwarded. -The ‘export_to’ field allows for control over the visibility of a service +The ‘exportTo’ field allows for control over the visibility of a service declaration to other namespaces in the mesh. By default a service is exported to all namespaces. The following example restricts the visibility to the current namespace, represented by “.”, so that it cannot be used by other @@ -3244,8 +3254,8 @@

ServiceEntry

spec: hosts: - httpbin.com - export_to: - - . + exportTo: + - "." location: MESH_EXTERNAL ports: - number: 80 @@ -3288,7 +3298,7 @@

ServiceEntry

spec: hosts: - httpbin.com - export_to: + exportTo: - * gateways: - mesh @@ -3494,6 +3504,29 @@

ServiceEntry

 + + + + + @@ -4573,6 +4606,25 @@

VirtualService

be applied to any port that is not a HTTP or TLS port. The first rule matching an incoming request is used.

+ + + + + + diff --git a/networking/v1alpha3/service_entry.pb.go b/networking/v1alpha3/service_entry.pb.go index fec6204361..091d09a45a 100644 --- a/networking/v1alpha3/service_entry.pb.go +++ b/networking/v1alpha3/service_entry.pb.go @@ -213,7 +213,7 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { // // The following example demonstrates the use of a dedicated egress gateway // through which all external service traffic is forwarded. -// The 'export_to' field allows for control over the visibility of a service +// The 'exportTo' field allows for control over the visibility of a service // declaration to other namespaces in the mesh. By default a service is exported // to all namespaces. The following example restricts the visibility to the // current namespace, represented by ".", so that it cannot be used by other @@ -228,8 +228,8 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { // spec: // hosts: // - httpbin.com -// export_to: -// - . +// exportTo: +// - "." // location: MESH_EXTERNAL // ports: // - number: 80 @@ -274,7 +274,7 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { // spec: // hosts: // - httpbin.com -// export_to: +// exportTo: // - * // gateways: // - mesh @@ -442,7 +442,6 @@ type ServiceEntry struct { Resolution ServiceEntry_Resolution `protobuf:"varint,5,opt,name=resolution,proto3,enum=istio.networking.v1alpha3.ServiceEntry_Resolution" json:"resolution,omitempty"` // One or more endpoints associated with the service. Endpoints []*ServiceEntry_Endpoint `protobuf:"bytes,6,rep,name=endpoints" json:"endpoints,omitempty"` - // $hide_from_docs // A list of namespaces to which this service is exported. Exporting a service // allows it to used by sidecars, gateways and virtual services defined in // other namespaces. This feature provides a mechanism for service owners @@ -457,7 +456,7 @@ type ServiceEntry struct { // defines an export to all namespaces. // // For a Kubernetes Service the equivalent effect can be achieved by setting - // the annotation "networking.istio.io/export_to" to a comma-separated list + // the annotation "networking.istio.io/exportTo" to a comma-separated list // of namespace names. ExportTo []string `protobuf:"bytes,7,rep,name=export_to,json=exportTo" json:"export_to,omitempty"` // The list of subject alternate names allowed for workloads that diff --git a/networking/v1alpha3/service_entry.proto b/networking/v1alpha3/service_entry.proto index 94d4e92a42..1527586f47 100644 --- a/networking/v1alpha3/service_entry.proto +++ b/networking/v1alpha3/service_entry.proto @@ -134,7 +134,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // // The following example demonstrates the use of a dedicated egress gateway // through which all external service traffic is forwarded. -// The 'export_to' field allows for control over the visibility of a service +// The 'exportTo' field allows for control over the visibility of a service // declaration to other namespaces in the mesh. By default a service is exported // to all namespaces. The following example restricts the visibility to the // current namespace, represented by ".", so that it cannot be used by other @@ -149,8 +149,8 @@ option go_package = "istio.io/api/networking/v1alpha3"; // spec: // hosts: // - httpbin.com -// export_to: -// - . +// exportTo: +// - "." // location: MESH_EXTERNAL // ports: // - number: 80 @@ -195,7 +195,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // spec: // hosts: // - httpbin.com -// export_to: +// exportTo: // - * // gateways: // - mesh @@ -470,7 +470,6 @@ message ServiceEntry { // One or more endpoints associated with the service. repeated Endpoint endpoints = 6; - // $hide_from_docs // A list of namespaces to which this service is exported. Exporting a service // allows it to used by sidecars, gateways and virtual services defined in // other namespaces. This feature provides a mechanism for service owners @@ -485,7 +484,7 @@ message ServiceEntry { // defines an export to all namespaces. // // For a Kubernetes Service the equivalent effect can be achieved by setting - // the annotation "networking.istio.io/export_to" to a comma-separated list + // the annotation "networking.istio.io/exportTo" to a comma-separated list // of namespace names. repeated string export_to = 7; diff --git a/networking/v1alpha3/virtual_service.pb.go b/networking/v1alpha3/virtual_service.pb.go index 46799d78cf..1d854732ba 100644 --- a/networking/v1alpha3/virtual_service.pb.go +++ b/networking/v1alpha3/virtual_service.pb.go @@ -134,7 +134,6 @@ type VirtualService struct { // be applied to any port that is not a HTTP or TLS port. The first rule // matching an incoming request is used. Tcp []*TCPRoute `protobuf:"bytes,4,rep,name=tcp" json:"tcp,omitempty"` - // $hide_from_docs // A list of namespaces to which this virtual service is exported. Exporting a // virtual service allows it to used by sidecars and gateways defined in // other namespaces. This feature provides a mechanism for service owners diff --git a/networking/v1alpha3/virtual_service.proto b/networking/v1alpha3/virtual_service.proto index 925cd58bcd..d654c46cf3 100644 --- a/networking/v1alpha3/virtual_service.proto +++ b/networking/v1alpha3/virtual_service.proto @@ -176,7 +176,6 @@ message VirtualService { // matching an incoming request is used. repeated TCPRoute tcp = 4; - // $hide_from_docs // A list of namespaces to which this virtual service is exported. Exporting a // virtual service allows it to used by sidecars and gateways defined in // other namespaces. This feature provides a mechanism for service owners

One or more endpoints associated with the service.

+
subjectAltNamesstring[] +

The list of subject alternate names allowed for workloads that +implement this service. This information is used to enforce +secure-naming https://istio.io/docs/concepts/security/#secure-naming. +If specified, the proxy will verify that the server +certificate’s subject alternate name matches one of the specified values.

+

A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server -certificate’s subject alt name matches one of the specified values.

+certificate’s subject alt name matches one of the specified values. +If specified, this list overrides the value of subjectaltnames +from the ServiceEntry.
string

The credentialName stands for a unique identifier that can be used -to identify the serverCertificate, the privateKey and the -CaCertificates associated with this server. Gateway workloads -capable of fetching credentials from a remote credential store will -be configured to retrive the credentials using this name, instead of -using the file system paths specified above. The semantics of the -name are platform dependent. In Kubernetes, the default Istio -supplied credentail server expects the credentialName to match the -name of the Kubernetes secret that holds the server certificate, the -private key, and the CA certificate (if using mutual TLS).

+to identify the serverCertificate and the privateKey. The credentialName +appended with suffix “-cacert” is used to identify the CaCertificates +associated with this server. Gateway workloads capable of fetching +credentials from a remote credential store will be configured to retrieve +the serverCertificate and the privateKey using credentialName, instead of +using the file system paths specified above. If using mutual TLS, +gateway workloads will retrieve the CaCertificates using +credentialName-cacert. The semantics of the name are platform dependent. +In Kubernetes, the default Istio supplied credential server expects the +credentialName to match the name of the Kubernetes secret that holds the +server certificate, the private key, and the CA certificate +(if using mutual TLS).

Specifies the behavior when the client is unable to connect to Mixer.

+
maxRetryuint32 +

Max retries on transport error.

+ +
baseRetryWaitgoogle.protobuf.Duration +

Base time to wait between retries. Will be adjusted by exponential +backoff and jitter.

+ +
maxRetryWaitgoogle.protobuf.Duration +

Max time to wait between retries.

+
serverNamestring +

Indicates the name of adapter backend server which is useful for routing with +proxy-fronted backend.

+
serverNamestring +

Indicates the name of adapter backend which is useful for routing with +proxy-fronted backend.

+
exportTostring[] +

The resolution of a DestinationRule to apply to a service occurs in the +context of a hierarchy of namespaces. This rule controls whether those +namespaces are allowed to select this rule.

+

One or more endpoints associated with the service.

+
exportTostring[] +

A list of namespaces to which this service is exported. Exporting a service +allows it to used by sidecars, gateways and virtual services defined in +other namespaces. This feature provides a mechanism for service owners +and mesh administrators to control the visibility of services across +namespace boundaries.

+ +

If no namespaces are specified then the service is exported to all +namespaces by default.

+ +

The value “.” is reserved and defines an export to the same namespace that +the service is declared in, similarly the value “*” is reserved and +defines an export to all namespaces.

+ +

For a Kubernetes Service the equivalent effect can be achieved by setting +the annotation “networking.istio.io/exportTo” to a comma-separated list +of namespace names.

+
exportTostring[] +

A list of namespaces to which this virtual service is exported. Exporting a +virtual service allows it to used by sidecars and gateways defined in +other namespaces. This feature provides a mechanism for service owners +and mesh administrators to control the visibility of virtual services +across namespace boundaries.

+ +

If no namespaces are specified then the virtual service is exported to all +namespaces by default.

+ +

The value “.” is reserved and defines an export to the same namespace that +the virtual service is declared in, similarly the value “*” is reserved and +defines an export to all namespaces.

+