transport socket: api and implementation for startTls transport socket (#13112)
Signed-off-by: Christoph Pakulski <christoph@tetrate.io> Mirrored from https://github.com/envoyproxy/envoy @ 98e8bf3f09fa2af3735217bfc7046517250cdfd2pull/623/head
parent
03d8074efc
commit
179de71a10
6 changed files with 108 additions and 0 deletions
@ -0,0 +1,13 @@ |
|||||||
|
# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. |
||||||
|
|
||||||
|
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") |
||||||
|
|
||||||
|
licenses(["notice"]) # Apache 2 |
||||||
|
|
||||||
|
api_proto_package( |
||||||
|
deps = [ |
||||||
|
"//envoy/extensions/transport_sockets/raw_buffer/v3:pkg", |
||||||
|
"//envoy/extensions/transport_sockets/tls/v3:pkg", |
||||||
|
"@com_github_cncf_udpa//udpa/annotations:pkg", |
||||||
|
], |
||||||
|
) |
@ -0,0 +1,38 @@ |
|||||||
|
syntax = "proto3"; |
||||||
|
|
||||||
|
package envoy.extensions.transport_sockets.starttls.v3; |
||||||
|
|
||||||
|
import "envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto"; |
||||||
|
import "envoy/extensions/transport_sockets/tls/v3/tls.proto"; |
||||||
|
|
||||||
|
import "google/protobuf/wrappers.proto"; |
||||||
|
|
||||||
|
import "udpa/annotations/status.proto"; |
||||||
|
import "udpa/annotations/versioning.proto"; |
||||||
|
import "validate/validate.proto"; |
||||||
|
|
||||||
|
option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.starttls.v3"; |
||||||
|
option java_outer_classname = "StarttlsProto"; |
||||||
|
option java_multiple_files = true; |
||||||
|
option (udpa.annotations.file_status).package_version_status = ACTIVE; |
||||||
|
|
||||||
|
// [#protodoc-title: StartTls] |
||||||
|
// [#extension: envoy.transport_sockets.starttls] |
||||||
|
|
||||||
|
// StartTls transport socket addresses situations when a protocol starts in clear-text and |
||||||
|
// negotiates an in-band switch to TLS. StartTls transport socket is protocol agnostic and requires |
||||||
|
// a network filter which understands protocol exchange and a state machine to signal to the StartTls |
||||||
|
// transport socket when a switch to TLS is required. |
||||||
|
|
||||||
|
// Configuration for StartTls transport socket. |
||||||
|
// StartTls transport socket wraps two sockets: |
||||||
|
// - raw_buffer socket which is used at the beginning of the session |
||||||
|
// - TLS socket used when a protocol negotiates a switch to encrypted traffic. |
||||||
|
message StartTlsConfig { |
||||||
|
// (optional) Configuration for clear-text socket used at the beginning of the session. |
||||||
|
raw_buffer.v3.RawBuffer cleartext_socket_config = 1; |
||||||
|
|
||||||
|
// Configuration for TLS socket. |
||||||
|
transport_sockets.tls.v3.DownstreamTlsContext tls_socket_config = 2 |
||||||
|
[(validate.rules).message = {required: true}]; |
||||||
|
} |
@ -0,0 +1,14 @@ |
|||||||
|
# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. |
||||||
|
|
||||||
|
load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") |
||||||
|
|
||||||
|
licenses(["notice"]) # Apache 2 |
||||||
|
|
||||||
|
api_proto_package( |
||||||
|
deps = [ |
||||||
|
"//envoy/extensions/transport_sockets/raw_buffer/v3:pkg", |
||||||
|
"//envoy/extensions/transport_sockets/starttls/v3:pkg", |
||||||
|
"//envoy/extensions/transport_sockets/tls/v4alpha:pkg", |
||||||
|
"@com_github_cncf_udpa//udpa/annotations:pkg", |
||||||
|
], |
||||||
|
) |
@ -0,0 +1,41 @@ |
|||||||
|
syntax = "proto3"; |
||||||
|
|
||||||
|
package envoy.extensions.transport_sockets.starttls.v4alpha; |
||||||
|
|
||||||
|
import "envoy/extensions/transport_sockets/raw_buffer/v3/raw_buffer.proto"; |
||||||
|
import "envoy/extensions/transport_sockets/tls/v4alpha/tls.proto"; |
||||||
|
|
||||||
|
import "google/protobuf/wrappers.proto"; |
||||||
|
|
||||||
|
import "udpa/annotations/status.proto"; |
||||||
|
import "udpa/annotations/versioning.proto"; |
||||||
|
import "validate/validate.proto"; |
||||||
|
|
||||||
|
option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.starttls.v4alpha"; |
||||||
|
option java_outer_classname = "StarttlsProto"; |
||||||
|
option java_multiple_files = true; |
||||||
|
option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; |
||||||
|
|
||||||
|
// [#protodoc-title: StartTls] |
||||||
|
// [#extension: envoy.transport_sockets.starttls] |
||||||
|
|
||||||
|
// StartTls transport socket addresses situations when a protocol starts in clear-text and |
||||||
|
// negotiates an in-band switch to TLS. StartTls transport socket is protocol agnostic and requires |
||||||
|
// a network filter which understands protocol exchange and a state machine to signal to the StartTls |
||||||
|
// transport socket when a switch to TLS is required. |
||||||
|
|
||||||
|
// Configuration for StartTls transport socket. |
||||||
|
// StartTls transport socket wraps two sockets: |
||||||
|
// - raw_buffer socket which is used at the beginning of the session |
||||||
|
// - TLS socket used when a protocol negotiates a switch to encrypted traffic. |
||||||
|
message StartTlsConfig { |
||||||
|
option (udpa.annotations.versioning).previous_message_type = |
||||||
|
"envoy.extensions.transport_sockets.starttls.v3.StartTlsConfig"; |
||||||
|
|
||||||
|
// (optional) Configuration for clear-text socket used at the beginning of the session. |
||||||
|
raw_buffer.v3.RawBuffer cleartext_socket_config = 1; |
||||||
|
|
||||||
|
// Configuration for TLS socket. |
||||||
|
transport_sockets.tls.v4alpha.DownstreamTlsContext tls_socket_config = 2 |
||||||
|
[(validate.rules).message = {required: true}]; |
||||||
|
} |
Loading…
Reference in new issue