alts: add ALTS config and integration test (#4559)

Last one for #3429, introduce ALTS config and add integration test. Risk Level: Low (extension) Testing: manual test, integration test, CI Docs Changes: Done Release Notes: Fixes #3429. Signed-off-by: JimmyCYJ <jimmychen.0102@gmail.com> Mirrored from https://github.com/envoyproxy/envoy @ f9edb521ce641ee16cd59e756604d201a8ad3526
6 years ago · 7533874008
parent 01db35d90b
commit 7533874008
2 changed files with 31 additions and 0 deletions
--- a/envoy/config/transport_socket/alts/v2alpha/BUILD
+++ b/envoy/config/transport_socket/alts/v2alpha/BUILD
@ -0,0 +1,11 @@
+load("//bazel:api_build_system.bzl", "api_proto_library")
+
+licenses(["notice"])  # Apache 2
+
+api_proto_library(
+    name = "alts",
+    srcs = ["alts.proto"],
+    deps = [
+        "//envoy/api/v2/core:base",
+    ],
+)
--- a/envoy/config/transport_socket/alts/v2alpha/alts.proto
+++ b/envoy/config/transport_socket/alts/v2alpha/alts.proto
@ -0,0 +1,20 @@
+syntax = "proto3";
+
+package envoy.config.transport_socket.alts.v2alpha;
+option go_package = "v2";
+
+// [#protodoc-title: ALTS]
+
+import "validate/validate.proto";
+
+// Configuration for ALTS transport socket. This provides Google's ALTS protocol to Envoy.
+// https://cloud.google.com/security/encryption-in-transit/application-layer-transport-security/
+message Alts {
+  // The location of a handshaker service, this is usually 169.254.169.254:8080
+  // on GCE.
+  string handshaker_service = 1 [(validate.rules).string.min_bytes = 1];
+
+  // The acceptable service accounts from peer, peers not in the list will be rejected in the
+  // handshake validation step. If empty, no validation will be performed.
+  repeated string peer_service_accounts = 2;
+}