secret: add CertificateValidationContext as a possible Secret. (#3482)

No functional changes, only API update. *Risk Level*: Low *Testing*: bazel test //test/... *Docs Changes*: n/a *Release Notes*: n/a Signed-off-by: Piotr Sikora <piotrsikora@google.com> Mirrored from https://github.com/envoyproxy/envoy @ 4eb09f86cbfff67404591cf812a7db8d7880c413
7 years ago · 3ff81a05c1
parent 2fd5e04777
commit 3ff81a05c1
1 changed files with 8 additions and 2 deletions
--- a/envoy/api/v2/auth/cert.proto
+++ b/envoy/api/v2/auth/cert.proto
@ -190,8 +190,13 @@ message CommonTlsContext {
  // [#not-implemented-hide:]
  repeated SdsSecretConfig tls_certificate_sds_secret_configs = 6;

-  // How to validate peer certificates.
-  CertificateValidationContext validation_context = 3;
+  oneof validation_context_type {
+    // How to validate peer certificates.
+    CertificateValidationContext validation_context = 3;
+
+    // [#not-implemented-hide:]
+    SdsSecretConfig validation_context_sds_secret_config = 7;
+  }

  // Supplies the list of ALPN protocols that the listener should expose. In
  // practice this is likely to be set to one of two values (see the
@ -262,5 +267,6 @@ message Secret {
  oneof type {
    TlsCertificate tls_certificate = 2;
    TlsSessionTicketKeys session_ticket_keys = 3;
+    CertificateValidationContext validation_context = 4;
  }
 }