Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

sds: support generic type secret (#9858)

Browse Source 
Description:
This PR adds support of generic secret type in secret manager. The goal is to enable filters to access generic secret.

Risk Level: Medium
Testing: Unit test, Integration test
Docs Changes: Changed
Release Notes: Changed

Signed-off-by: bennettdong <xiangfeid@gmail.com>

Mirrored from https://github.com/envoyproxy/envoy @ f64ade1d90d9209982008391f337ed76e7aca3d2
master-ci-test
data-plane-api(CircleCI) 5 years ago
parent c6e78802b7
commit 56c9010962
2 changed files with 18 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      envoy/api/v2/auth/cert.proto
  2. 10
      envoy/extensions/transport_sockets/tls/v3/cert.proto

8
envoy/api/v2/auth/cert.proto
Unescape View File

@ -435,6 +435,11 @@ message DownstreamTlsContext {
}];
}
message GenericSecret {
// Secret of generic type and is available to filters.
core.DataSource secret = 1 [(udpa.annotations.sensitive) = true];
}
message SdsSecretConfig {
// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
// When both name and config are specified, then secret can be fetched and/or reloaded via
@ -444,6 +449,7 @@ message SdsSecretConfig {
core.ConfigSource sds_config = 2;
}
// [#next-free-field: 6]
message Secret {
// Name (FQDN, UUID, SPKI, SHA256, etc.) by which the secret can be uniquely referred to.
string name = 1;
@ -454,5 +460,7 @@ message Secret {
TlsSessionTicketKeys session_ticket_keys = 3;
CertificateValidationContext validation_context = 4;
GenericSecret generic_secret = 5;
}
}

10
envoy/extensions/transport_sockets/tls/v3/cert.proto
Unescape View File

@ -453,6 +453,13 @@ message DownstreamTlsContext {
}];
}
message GenericSecret {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.GenericSecret";
// Secret of generic type and is available to filters.
config.core.v3.DataSource secret = 1 [(udpa.annotations.sensitive) = true];
}
message SdsSecretConfig {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.SdsSecretConfig";
@ -464,6 +471,7 @@ message SdsSecretConfig {
config.core.v3.ConfigSource sds_config = 2;
}
// [#next-free-field: 6]
message Secret {
option (udpa.annotations.versioning).previous_message_type = "envoy.api.v2.auth.Secret";
@ -476,5 +484,7 @@ message Secret {
TlsSessionTicketKeys session_ticket_keys = 3;
CertificateValidationContext validation_context = 4;
GenericSecret generic_secret = 5;
}
}

Write Preview
Loading…
Cancel
Save