Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity
[READ ONLY MIRROR] Envoy REST/proto API definitions and documentation. (grpc依赖)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1886 Commits
2 Branches
0 Tags
17 MiB
Tag: Branch: Tree: e2cfbc8b28
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'e2cfbc8b28'
${ noResults }
data-plane-api/envoy/extensions/transport_sockets/tls/v4alpha/secret.proto

59 lines
2.0 KiB
Raw Normal View History Unescape

tls/api: factor transport socket out of cert.proto. (#10910) This is necessary to provide TLS transport socket docs and to be able to have the TLS transport socket added to the threat model docs (via its security_posture tag). I did both v2/v3, since this is not technically a change to v2, justa file re-org, and the shadowing machinery prefers file consistency across versions. Risk level: Low (refactoring) Testing: Docs generation and manual inspection. Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ ab32f5fd01ca8b23ee16dcffb55b1276e55bf1fa
5 years ago
syntax = "proto3";
package envoy.extensions.transport_sockets.tls.v4alpha;
import "envoy/config/core/v4alpha/base.proto";
import "envoy/config/core/v4alpha/config_source.proto";
import "envoy/extensions/transport_sockets/tls/v4alpha/common.proto";
import "udpa/annotations/sensitive.proto";
import "udpa/annotations/status.proto";
import "udpa/annotations/versioning.proto";
[fuzz] Added validation for secrets (#13543) Signed-off-by: Zach <zasweq@google.com> Mirrored from https://github.com/envoyproxy/envoy @ bc5c44a1a842379daa6f810dc3841c71a513661b
4 years ago
import "validate/validate.proto";
tls/api: factor transport socket out of cert.proto. (#10910) This is necessary to provide TLS transport socket docs and to be able to have the TLS transport socket added to the threat model docs (via its security_posture tag). I did both v2/v3, since this is not technically a change to v2, justa file re-org, and the shadowing machinery prefers file consistency across versions. Risk level: Low (refactoring) Testing: Docs generation and manual inspection. Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ ab32f5fd01ca8b23ee16dcffb55b1276e55bf1fa
5 years ago
option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v4alpha";
option java_outer_classname = "SecretProto";
option java_multiple_files = true;
option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE;
// [#protodoc-title: Secrets configuration]
message GenericSecret {
option (udpa.annotations.versioning).previous_message_type =
"envoy.extensions.transport_sockets.tls.v3.GenericSecret";
// Secret of generic type and is available to filters.
config.core.v4alpha.DataSource secret = 1 [(udpa.annotations.sensitive) = true];
}
message SdsSecretConfig {
option (udpa.annotations.versioning).previous_message_type =
"envoy.extensions.transport_sockets.tls.v3.SdsSecretConfig";
xdstp: flatten resource locators/names to strings. (#14241) As per discussion summarized in #13555 (comment), we will not use structured xdstp:// names/locators in the API initially. Instead, we will re-use existing string fields for names and special case any name with a xdstp: prefix. We leave open the option of introducing structured representation, in particular for efficiency wins, at a later point. Risk level: Low (not in use yet) Testing: CI Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ d1ded6b381ca92cbacb2e0683adf997239b12272
4 years ago
// Name by which the secret can be uniquely referred to. When both name and config are specified,
// then secret can be fetched and/or reloaded via SDS. When only name is specified, then secret
// will be loaded from static resources.
string name = 1 [(validate.rules).string = {min_len: 1}];
tls/api: factor transport socket out of cert.proto. (#10910) This is necessary to provide TLS transport socket docs and to be able to have the TLS transport socket added to the threat model docs (via its security_posture tag). I did both v2/v3, since this is not technically a change to v2, justa file re-org, and the shadowing machinery prefers file consistency across versions. Risk level: Low (refactoring) Testing: Docs generation and manual inspection. Signed-off-by: Harvey Tuch <htuch@google.com> Mirrored from https://github.com/envoyproxy/envoy @ ab32f5fd01ca8b23ee16dcffb55b1276e55bf1fa
5 years ago
config.core.v4alpha.ConfigSource sds_config = 2;
}
// [#next-free-field: 6]
message Secret {
option (udpa.annotations.versioning).previous_message_type =
"envoy.extensions.transport_sockets.tls.v3.Secret";
// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
string name = 1;
oneof type {
TlsCertificate tls_certificate = 2;
TlsSessionTicketKeys session_ticket_keys = 3;
CertificateValidationContext validation_context = 4;
GenericSecret generic_secret = 5;
}
}