|
|
|
syntax = "proto3";
|
|
|
|
|
|
|
|
package envoy.extensions.transport_sockets.tls.v4alpha;
|
|
|
|
|
|
|
|
import "envoy/config/core/v4alpha/base.proto";
|
|
|
|
import "envoy/config/core/v4alpha/config_source.proto";
|
|
|
|
import "envoy/extensions/transport_sockets/tls/v4alpha/common.proto";
|
|
|
|
|
|
|
|
import "udpa/core/v1/resource_locator.proto";
|
|
|
|
|
|
|
|
import "udpa/annotations/sensitive.proto";
|
|
|
|
import "udpa/annotations/status.proto";
|
|
|
|
import "udpa/annotations/versioning.proto";
|
|
|
|
|
|
|
|
option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v4alpha";
|
|
|
|
option java_outer_classname = "SecretProto";
|
|
|
|
option java_multiple_files = true;
|
|
|
|
option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE;
|
|
|
|
|
|
|
|
// [#protodoc-title: Secrets configuration]
|
|
|
|
|
|
|
|
message GenericSecret {
|
|
|
|
option (udpa.annotations.versioning).previous_message_type =
|
|
|
|
"envoy.extensions.transport_sockets.tls.v3.GenericSecret";
|
|
|
|
|
|
|
|
// Secret of generic type and is available to filters.
|
|
|
|
config.core.v4alpha.DataSource secret = 1 [(udpa.annotations.sensitive) = true];
|
|
|
|
}
|
|
|
|
|
|
|
|
message SdsSecretConfig {
|
|
|
|
option (udpa.annotations.versioning).previous_message_type =
|
|
|
|
"envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig";
|
|
|
|
|
|
|
|
oneof name_specifier {
|
|
|
|
// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
|
|
|
|
// When both name and config are specified, then secret can be fetched and/or reloaded via
|
|
|
|
// SDS. When only name is specified, then secret will be loaded from static resources.
|
|
|
|
string name = 1;
|
|
|
|
|
|
|
|
// Resource locator for SDS. This is mutually exclusive to *name*.
|
|
|
|
// [#not-implemented-hide:]
|
|
|
|
udpa.core.v1.ResourceLocator sds_resource_locator = 3;
|
|
|
|
}
|
|
|
|
|
|
|
|
config.core.v4alpha.ConfigSource sds_config = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// [#next-free-field: 6]
|
|
|
|
message Secret {
|
|
|
|
option (udpa.annotations.versioning).previous_message_type =
|
|
|
|
"envoy.extensions.transport_sockets.tls.v3.Secret";
|
|
|
|
|
|
|
|
// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
|
|
|
|
string name = 1;
|
|
|
|
|
|
|
|
oneof type {
|
|
|
|
TlsCertificate tls_certificate = 2;
|
|
|
|
|
|
|
|
TlsSessionTicketKeys session_ticket_keys = 3;
|
|
|
|
|
|
|
|
CertificateValidationContext validation_context = 4;
|
|
|
|
|
|
|
|
GenericSecret generic_secret = 5;
|
|
|
|
}
|
|
|
|
}
|