Chiebot-Mirror
/
data-plane-api
mirror of https://github.com/envoyproxy/data-plane-api.git
8
0
Fork 0
Code Issues Projects Releases Wiki Activity

api: redact more fields. (#9692)

Browse Source 
Signed-off-by: Piotr Sikora <piotrsikora@google.com>

Mirrored from https://github.com/envoyproxy/envoy @ caf39ff1a1fb73e41f5fa5c9dcefe0f76ea24794
master-ci-test
data-plane-api(CircleCI) 5 years ago
parent 28e1cf6029
commit f9f81d3bbb
9 changed files with 24 additions and 12 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      envoy/api/v2/auth/cert.proto
  2. 4
      envoy/api/v2/core/grpc_service.proto
  3. 3
      envoy/config/core/v3/grpc_service.proto
  4. 6
      envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto
  5. 5
      envoy/config/grpc_credential/v2alpha/BUILD
  6. 4
      envoy/config/grpc_credential/v2alpha/file_based_metadata.proto
  7. 3
      envoy/config/grpc_credential/v3/file_based_metadata.proto
  8. 5
      envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
  9. 2
      envoy/extensions/transport_sockets/tls/v3/cert.proto

4
envoy/api/v2/auth/cert.proto
Unescape View File

@ -118,9 +118,9 @@ message PrivateKeyProvider {
// Private key method provider specific configuration.
oneof config_type {
google.protobuf.Struct config = 2 [deprecated = true];
google.protobuf.Struct config = 2 [deprecated = true, (udpa.annotations.sensitive) = true];
google.protobuf.Any typed_config = 3;
google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true];
}
}

4
envoy/api/v2/core/grpc_service.proto
Unescape View File

@ -9,6 +9,8 @@ import "google/protobuf/duration.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/struct.proto";
import "udpa/annotations/sensitive.proto";
import "udpa/annotations/migrate.proto";
import "validate/validate.proto";
@ -38,7 +40,7 @@ message GrpcService {
DataSource root_certs = 1;
// PEM encoded client private key.
DataSource private_key = 2;
DataSource private_key = 2 [(udpa.annotations.sensitive) = true];
// PEM encoded client certificate chain.
DataSource cert_chain = 3;

3
envoy/config/core/v3/grpc_service.proto
Unescape View File

@ -9,6 +9,7 @@ import "google/protobuf/duration.proto";
import "google/protobuf/empty.proto";
import "google/protobuf/struct.proto";
import "udpa/annotations/sensitive.proto";
import "udpa/annotations/versioning.proto";
import "validate/validate.proto";
@ -49,7 +50,7 @@ message GrpcService {
DataSource root_certs = 1;
// PEM encoded client private key.
DataSource private_key = 2;
DataSource private_key = 2 [(udpa.annotations.sensitive) = true];
// PEM encoded client certificate chain.
DataSource cert_chain = 3;

6
envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto
Unescape View File

@ -7,6 +7,8 @@ import "envoy/api/v2/core/base.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/sensitive.proto";
import "envoy/annotations/deprecation.proto";
import "udpa/annotations/migrate.proto";
import "validate/validate.proto";
@ -229,7 +231,7 @@ message RedisProxy {
// password is set, then a "NOAUTH Authentication required." error response will be sent to the
// client. If an AUTH command is received when the password is not set, then an "ERR Client sent
// AUTH, but no password is set" error will be returned.
api.v2.core.DataSource downstream_auth_password = 6;
api.v2.core.DataSource downstream_auth_password = 6 [(udpa.annotations.sensitive) = true];
}
// RedisProtocolOptions specifies Redis upstream protocol options. This object is used in
@ -238,5 +240,5 @@ message RedisProxy {
message RedisProtocolOptions {
// Upstream server password as defined by the `requirepass` directive
// <https://redis.io/topics/config>`_ in the server's configuration file.
api.v2.core.DataSource auth_password = 1;
api.v2.core.DataSource auth_password = 1 [(udpa.annotations.sensitive) = true];
}

5
envoy/config/grpc_credential/v2alpha/BUILD
Unescape View File

@ -5,5 +5,8 @@ load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
licenses(["notice"]) # Apache 2
api_proto_package(
deps = ["//envoy/api/v2/core:pkg"],
deps = [
"//envoy/api/v2/core:pkg",
"@com_github_cncf_udpa//udpa/annotations:pkg",
],
)

4
envoy/config/grpc_credential/v2alpha/file_based_metadata.proto
Unescape View File

@ -4,6 +4,8 @@ package envoy.config.grpc_credential.v2alpha;
import "envoy/api/v2/core/base.proto";
import "udpa/annotations/sensitive.proto";
option java_package = "io.envoyproxy.envoy.config.grpc_credential.v2alpha";
option java_outer_classname = "FileBasedMetadataProto";
option java_multiple_files = true;
@ -15,7 +17,7 @@ option java_multiple_files = true;
message FileBasedMetadataConfig {
// Location or inline data of secret to use for authentication of the Google gRPC connection
// this secret will be attached to a header of the gRPC connection
api.v2.core.DataSource secret_data = 1;
api.v2.core.DataSource secret_data = 1 [(udpa.annotations.sensitive) = true];
// Metadata header key to use for sending the secret data
// if no header key is set, "authorization" header will be used

3
envoy/config/grpc_credential/v3/file_based_metadata.proto
Unescape View File

@ -4,6 +4,7 @@ package envoy.config.grpc_credential.v3;
import "envoy/config/core/v3/base.proto";
import "udpa/annotations/sensitive.proto";
import "udpa/annotations/versioning.proto";
option java_package = "io.envoyproxy.envoy.config.grpc_credential.v3";
@ -20,7 +21,7 @@ message FileBasedMetadataConfig {
// Location or inline data of secret to use for authentication of the Google gRPC connection
// this secret will be attached to a header of the gRPC connection
core.v3.DataSource secret_data = 1;
core.v3.DataSource secret_data = 1 [(udpa.annotations.sensitive) = true];
// Metadata header key to use for sending the secret data
// if no header key is set, "authorization" header will be used

5
envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
Unescape View File

@ -7,6 +7,7 @@ import "envoy/config/core/v3/base.proto";
import "google/protobuf/duration.proto";
import "google/protobuf/wrappers.proto";
import "udpa/annotations/sensitive.proto";
import "udpa/annotations/versioning.proto";
import "envoy/annotations/deprecation.proto";
@ -231,7 +232,7 @@ message RedisProxy {
// password is set, then a "NOAUTH Authentication required." error response will be sent to the
// client. If an AUTH command is received when the password is not set, then an "ERR Client sent
// AUTH, but no password is set" error will be returned.
config.core.v3.DataSource downstream_auth_password = 6;
config.core.v3.DataSource downstream_auth_password = 6 [(udpa.annotations.sensitive) = true];
}
// RedisProtocolOptions specifies Redis upstream protocol options. This object is used in
@ -243,5 +244,5 @@ message RedisProtocolOptions {
// Upstream server password as defined by the `requirepass` directive
// <https://redis.io/topics/config>`_ in the server's configuration file.
config.core.v3.DataSource auth_password = 1;
config.core.v3.DataSource auth_password = 1 [(udpa.annotations.sensitive) = true];
}

2
envoy/extensions/transport_sockets/tls/v3/cert.proto
Unescape View File

@ -125,7 +125,7 @@ message PrivateKeyProvider {
// Private key method provider specific configuration.
oneof config_type {
google.protobuf.Any typed_config = 3;
google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true];
}
}

Write Preview
Loading…
Cancel
Save