From 21e6cedf6800861fa4f08b92745ead33f74fc5be Mon Sep 17 00:00:00 2001
From: "update-envoy[bot]"
 <135279899+update-envoy[bot]@users.noreply.github.com>
Date: Fri, 1 Sep 2023 06:46:34 +0000
Subject: [PATCH] api: introduce the private key provider list field (#28215)

Signed-off-by: He Jie Xu <hejie.xu@intel.com>

Mirrored from https://github.com/envoyproxy/envoy @ b24ea1e75aea899d5106f2a10ddc8f3ef975fe20
---
 .../transport_sockets/tls/v3/common.proto     | 29 ++++++++++++++++++-
 1 file changed, 28 insertions(+), 1 deletion(-)

diff --git a/envoy/extensions/transport_sockets/tls/v3/common.proto b/envoy/extensions/transport_sockets/tls/v3/common.proto
index 66c8c797..e031fa1b 100644
--- a/envoy/extensions/transport_sockets/tls/v3/common.proto
+++ b/envoy/extensions/transport_sockets/tls/v3/common.proto
@@ -180,7 +180,21 @@ message PrivateKeyProvider {
   }
 }
 
-// [#next-free-field: 9]
+// [#not-implemented-hide:]
+// Provides a list of private key providers. Envoy will find out an available private
+// key provider from the list on order. If there is none of available private key provider,
+// it may fallback to BoringSSL default implementation based on the `fallback` fallback.
+message PrivateKeyProviderList {
+  // A list of private key providers, and at least one private key provider provided.
+  repeated PrivateKeyProvider private_key_provider = 1 [(validate.rules).repeated = {min_items: 1}];
+
+  // If there is no available private key provider from the list, Envoy will fallback to
+  // the BoringSSL default implementation when the `fallback` is true. The default value
+  // is `false`.
+  bool fallback = 2;
+}
+
+// [#next-free-field: 10]
 message TlsCertificate {
   option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.TlsCertificate";
 
@@ -235,6 +249,19 @@ message TlsCertificate {
   // error.
   PrivateKeyProvider private_key_provider = 6;
 
+  // [#not-implemented-hide:]
+  // This provides a list of BoringSSL private key method provider. Envoy will find out
+  // an available private key method provider. It may fallback to BoringSSL default implementation
+  // when there is no available one. All the private key provider will share the same private key
+  // in the :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field,
+  // so the :ref:`private_key <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key>` field
+  // must be specified when the `proviate_key_provider_list` field is used. The old :ref:`private_key_provider
+  // <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` field will be
+  // deprecated. If both :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>`
+  // and `private_key_provider_list` are provided, the old
+  // :ref:`private_key_provider <envoy_v3_api_field_extensions.transport_sockets.tls.v3.TlsCertificate.private_key_provider>` will be ignored.
+  PrivateKeyProviderList private_key_provider_list = 9;
+
   // The password to decrypt the TLS private key. If this field is not set, it is assumed that the
   // TLS private key is not password encrypted.
   config.core.v3.DataSource password = 3 [(udpa.annotations.sensitive) = true];