diff --git a/authentication/v1alpha1/policy.pb.go b/authentication/v1alpha1/policy.pb.go index c5a8a66419..dd8e1fa157 100644 --- a/authentication/v1alpha1/policy.pb.go +++ b/authentication/v1alpha1/policy.pb.go @@ -786,6 +786,11 @@ type TargetSelector struct { // REQUIRED. The name must be a short name from the service registry. The // fully qualified domain name will be resolved in a platform specific manner. Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // $hide_from_docs + // $not-implemented-hide + // Select workload by labels. + // Once implemented, this is a prefer way over using service name. + Labels map[string]string `protobuf:"bytes,3,rep,name=labels" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // Specifies the ports. Note that this is the port(s) exposed by the service, not workload ports. // For example, if a service is defined as below, then `8000` should be used, not `9000`. // ``` @@ -816,6 +821,13 @@ func (m *TargetSelector) GetName() string { return "" } +func (m *TargetSelector) GetLabels() map[string]string { + if m != nil { + return m.Labels + } + return nil +} + func (m *TargetSelector) GetPorts() []*PortSelector { if m != nil { return m.Ports @@ -1365,6 +1377,23 @@ func (m *TargetSelector) MarshalTo(dAtA []byte) (int, error) { i += n } } + if len(m.Labels) > 0 { + for k, _ := range m.Labels { + dAtA[i] = 0x1a + i++ + v := m.Labels[k] + mapSize := 1 + len(k) + sovPolicy(uint64(len(k))) + 1 + len(v) + sovPolicy(uint64(len(v))) + i = encodeVarintPolicy(dAtA, i, uint64(mapSize)) + dAtA[i] = 0xa + i++ + i = encodeVarintPolicy(dAtA, i, uint64(len(k))) + i += copy(dAtA[i:], k) + dAtA[i] = 0x12 + i++ + i = encodeVarintPolicy(dAtA, i, uint64(len(v))) + i += copy(dAtA[i:], v) + } + } return i, nil } @@ -1605,6 +1634,14 @@ func (m *TargetSelector) Size() (n int) { n += 1 + l + sovPolicy(uint64(l)) } } + if len(m.Labels) > 0 { + for k, v := range m.Labels { + _ = k + _ = v + mapEntrySize := 1 + len(k) + sovPolicy(uint64(len(k))) + 1 + len(v) + sovPolicy(uint64(len(v))) + n += mapEntrySize + 1 + sovPolicy(uint64(mapEntrySize)) + } + } return n } @@ -2725,6 +2762,124 @@ func (m *TargetSelector) Unmarshal(dAtA []byte) error { return err } iNdEx = postIndex + case 3: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Labels", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowPolicy + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthPolicy + } + postIndex := iNdEx + msglen + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Labels == nil { + m.Labels = make(map[string]string) + } + var mapkey string + var mapvalue string + for iNdEx < postIndex { + entryPreIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowPolicy + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + if fieldNum == 1 { + var stringLenmapkey uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowPolicy + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapkey |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapkey := int(stringLenmapkey) + if intStringLenmapkey < 0 { + return ErrInvalidLengthPolicy + } + postStringIndexmapkey := iNdEx + intStringLenmapkey + if postStringIndexmapkey > l { + return io.ErrUnexpectedEOF + } + mapkey = string(dAtA[iNdEx:postStringIndexmapkey]) + iNdEx = postStringIndexmapkey + } else if fieldNum == 2 { + var stringLenmapvalue uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowPolicy + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLenmapvalue |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLenmapvalue := int(stringLenmapvalue) + if intStringLenmapvalue < 0 { + return ErrInvalidLengthPolicy + } + postStringIndexmapvalue := iNdEx + intStringLenmapvalue + if postStringIndexmapvalue > l { + return io.ErrUnexpectedEOF + } + mapvalue = string(dAtA[iNdEx:postStringIndexmapvalue]) + iNdEx = postStringIndexmapvalue + } else { + iNdEx = entryPreIndex + skippy, err := skipPolicy(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthPolicy + } + if (iNdEx + skippy) > postIndex { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + m.Labels[mapkey] = mapvalue + iNdEx = postIndex default: iNdEx = preIndex skippy, err := skipPolicy(dAtA[iNdEx:]) @@ -2953,54 +3108,58 @@ var ( func init() { proto.RegisterFile("authentication/v1alpha1/policy.proto", fileDescriptorPolicy) } var fileDescriptorPolicy = []byte{ - // 779 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x55, 0x41, 0x8f, 0xe3, 0x34, - 0x14, 0x6e, 0xa6, 0x6d, 0xda, 0xbe, 0x76, 0xaa, 0x62, 0xa1, 0x55, 0x58, 0xd8, 0x61, 0x14, 0xed, - 0xa1, 0x5a, 0x20, 0x65, 0x0b, 0x02, 0x71, 0x41, 0x9a, 0xa2, 0xb2, 0xed, 0x4a, 0x65, 0x8a, 0xd3, - 0xe5, 0x80, 0x90, 0x22, 0x4f, 0xe2, 0x4d, 0x5d, 0xd2, 0x24, 0x72, 0x1c, 0xd2, 0x39, 0xf1, 0x13, - 0xf8, 0x03, 0x5c, 0x38, 0x73, 0xe4, 0x4f, 0x70, 0xe4, 0x27, 0xa0, 0xf9, 0x25, 0xc8, 0x76, 0xc3, - 0xb4, 0x23, 0x86, 0xcc, 0xde, 0xfc, 0xbd, 0xe7, 0xef, 0x7b, 0x2f, 0x9f, 0xed, 0x17, 0x78, 0x4a, - 0x72, 0xb1, 0xa6, 0xb1, 0x60, 0x3e, 0x11, 0x2c, 0x89, 0x47, 0x3f, 0x3d, 0x27, 0x51, 0xba, 0x26, - 0xcf, 0x47, 0x69, 0x12, 0x31, 0xff, 0xda, 0x49, 0x79, 0x22, 0x12, 0xf4, 0x84, 0x65, 0x82, 0x25, - 0xce, 0xf1, 0x5e, 0xa7, 0xdc, 0x6b, 0xff, 0x0c, 0x5d, 0x57, 0x70, 0x16, 0x87, 0x0b, 0x22, 0xfc, - 0x35, 0x7a, 0x04, 0x4d, 0xba, 0x23, 0xbe, 0xb0, 0x8c, 0x73, 0x63, 0xd8, 0x99, 0xd5, 0xb0, 0x86, - 0xc8, 0x02, 0x33, 0xe5, 0xf4, 0x35, 0xdb, 0x59, 0x27, 0xfb, 0xc4, 0x1e, 0xcb, 0x4c, 0x96, 0xbf, - 0x96, 0x99, 0x7a, 0x99, 0xd1, 0x58, 0x6a, 0x71, 0x1a, 0xd2, 0x9d, 0xd5, 0x28, 0xb5, 0x14, 0x9c, - 0xf4, 0x00, 0xb6, 0xb2, 0x98, 0x27, 0xae, 0x53, 0x6a, 0xff, 0x62, 0x40, 0x67, 0x91, 0x8b, 0x9c, - 0x44, 0xab, 0x28, 0x43, 0xef, 0x42, 0x87, 0x44, 0x51, 0x52, 0x78, 0x22, 0xca, 0x54, 0x0f, 0x6d, - 0xdc, 0x56, 0x01, 0x99, 0xbc, 0x80, 0xc6, 0x36, 0x09, 0xa8, 0x6a, 0xa1, 0x3f, 0xfe, 0xc8, 0xf9, - 0xdf, 0x2f, 0x73, 0xfe, 0x15, 0x75, 0x16, 0x49, 0x40, 0xb1, 0xa2, 0xda, 0x36, 0x34, 0x24, 0x42, - 0x00, 0xa6, 0xbb, 0xc2, 0xf3, 0xaf, 0x56, 0x83, 0x1a, 0xea, 0x03, 0x2c, 0xa7, 0x78, 0x31, 0x77, - 0xdd, 0xf9, 0x77, 0xd3, 0x81, 0x61, 0xff, 0x56, 0x87, 0xfa, 0xcb, 0x42, 0xa0, 0x47, 0x60, 0xb2, - 0x2c, 0xcb, 0x29, 0xd7, 0x66, 0xe0, 0x3d, 0x42, 0xef, 0x41, 0x87, 0xe4, 0x01, 0xa3, 0xb1, 0x4f, - 0x33, 0xeb, 0xe4, 0xbc, 0x3e, 0xec, 0xe0, 0xdb, 0x00, 0x7a, 0x07, 0xda, 0x9b, 0xe2, 0xc7, 0xcc, - 0xcb, 0x39, 0xd3, 0x8e, 0xe0, 0x96, 0xc4, 0xaf, 0x38, 0x43, 0xef, 0x43, 0x77, 0x53, 0x08, 0x6f, - 0x4d, 0x49, 0x40, 0x79, 0x66, 0x99, 0x8a, 0x0a, 0x9b, 0x42, 0xcc, 0x74, 0x04, 0x3d, 0x01, 0x89, - 0xbc, 0x94, 0x70, 0xb2, 0xcd, 0xac, 0x96, 0x96, 0xde, 0x14, 0x62, 0xa9, 0x02, 0xc8, 0x85, 0x53, - 0xc1, 0x59, 0x18, 0x52, 0xee, 0xf1, 0x3c, 0xa2, 0x99, 0xd5, 0x39, 0xaf, 0x0f, 0xbb, 0x63, 0xa7, - 0xc2, 0x88, 0x97, 0x85, 0x70, 0x56, 0x9a, 0x87, 0xf3, 0x88, 0xe2, 0x9e, 0xb8, 0x05, 0xd9, 0xe3, - 0x3f, 0x0c, 0xe8, 0x1e, 0x64, 0xd1, 0xb7, 0xd0, 0xa7, 0x3b, 0x3f, 0xca, 0x03, 0x1a, 0x78, 0x29, - 0x11, 0x6b, 0x79, 0x0c, 0xb2, 0xca, 0xb3, 0x8a, 0x2a, 0x07, 0xb7, 0x08, 0x9f, 0x96, 0x0a, 0x4b, - 0x29, 0x20, 0x25, 0x59, 0x7c, 0x24, 0x79, 0xf2, 0xe6, 0x92, 0xa5, 0x82, 0x92, 0xb4, 0x7f, 0x35, - 0xc0, 0x5a, 0x52, 0xca, 0x2f, 0x8e, 0xa8, 0x0b, 0x2a, 0xd6, 0x49, 0x80, 0xbe, 0x84, 0xc6, 0xb6, - 0xbc, 0x3f, 0xdd, 0xf1, 0xf0, 0xa1, 0xf7, 0x64, 0x56, 0xc3, 0x8a, 0x87, 0x3e, 0x83, 0xfa, 0xa6, - 0x10, 0xea, 0x9a, 0x75, 0xc7, 0x76, 0xb5, 0xbb, 0xb3, 0x1a, 0x96, 0x84, 0x49, 0x1b, 0x4c, 0x7d, - 0x74, 0x36, 0x86, 0xc7, 0x97, 0x9c, 0x85, 0x2c, 0xfe, 0xcf, 0xfe, 0x3e, 0xd5, 0xfa, 0xc6, 0x43, - 0xf5, 0x95, 0xba, 0xfd, 0x7b, 0x1d, 0xcc, 0xa5, 0x7a, 0xd9, 0xe8, 0x05, 0xb4, 0x04, 0xe1, 0x21, - 0x15, 0xe5, 0xe1, 0x54, 0xbd, 0x85, 0x95, 0xda, 0xed, 0xd2, 0x88, 0xfa, 0x22, 0xe1, 0xb8, 0x64, - 0xa3, 0x05, 0x34, 0x53, 0x2a, 0xef, 0xa2, 0x3e, 0x90, 0xcf, 0x2b, 0x64, 0xee, 0x73, 0x1c, 0x6b, - 0x15, 0x34, 0x84, 0x81, 0x5c, 0x78, 0x2c, 0xf3, 0x92, 0x54, 0xa6, 0x49, 0xa4, 0xde, 0x40, 0x1b, - 0xf7, 0x65, 0x7c, 0x9e, 0x5d, 0xee, 0xa3, 0xc8, 0x85, 0x56, 0xa2, 0x0c, 0xca, 0xac, 0x86, 0x2a, - 0xfd, 0x45, 0x45, 0xe9, 0xfb, 0xed, 0xc4, 0xa5, 0x12, 0xfa, 0x10, 0x90, 0x5e, 0x1e, 0x35, 0xd0, - 0x54, 0x0d, 0x0c, 0x74, 0xe6, 0xa0, 0x85, 0x1f, 0xe0, 0xad, 0x94, 0xb3, 0xd8, 0x67, 0x29, 0x89, - 0xbc, 0x2b, 0x16, 0x07, 0x2c, 0x0e, 0x2d, 0x53, 0x8d, 0x96, 0x51, 0x95, 0x0f, 0x25, 0x6f, 0xa2, - 0x69, 0x78, 0x90, 0xde, 0x89, 0xd8, 0x21, 0xf4, 0x8f, 0x4d, 0x47, 0x08, 0x1a, 0x31, 0xd9, 0xd2, - 0xfd, 0x30, 0x51, 0x6b, 0x74, 0x01, 0xcd, 0x34, 0xe1, 0xa2, 0xf4, 0xff, 0x83, 0xaa, 0xba, 0x09, - 0xbf, 0x3d, 0x44, 0xcd, 0xb4, 0xbf, 0x86, 0xde, 0x61, 0x58, 0xce, 0xe3, 0x38, 0xdf, 0x5e, 0xed, - 0xa7, 0xd6, 0xa9, 0x9c, 0xc7, 0x1a, 0xa3, 0xb7, 0xf7, 0x0d, 0x94, 0x13, 0x5c, 0xa1, 0x89, 0x09, - 0x0d, 0x29, 0xf4, 0xec, 0x63, 0x18, 0xdc, 0xfd, 0x2c, 0xd4, 0x83, 0xf6, 0x2b, 0x77, 0xea, 0x2d, - 0xa7, 0x53, 0xac, 0xe7, 0xa4, 0x44, 0x97, 0x78, 0xfe, 0x62, 0xfe, 0xcd, 0xc0, 0x98, 0x8c, 0xff, - 0xbc, 0x39, 0x33, 0xfe, 0xba, 0x39, 0x33, 0xfe, 0xbe, 0x39, 0x33, 0xbe, 0x7f, 0xaa, 0x5b, 0x67, - 0xc9, 0x88, 0xa4, 0x6c, 0x74, 0xcf, 0xaf, 0xe9, 0xca, 0x54, 0x3f, 0xa5, 0x4f, 0xfe, 0x09, 0x00, - 0x00, 0xff, 0xff, 0x9e, 0x76, 0x95, 0xa9, 0xbc, 0x06, 0x00, 0x00, + // 839 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x55, 0x4f, 0x6f, 0xe3, 0x44, + 0x14, 0xaf, 0xeb, 0xc4, 0x4d, 0x5e, 0xda, 0x28, 0x8c, 0x56, 0x2b, 0x53, 0xd8, 0x52, 0x59, 0x7b, + 0x88, 0x16, 0x70, 0xd8, 0x80, 0x80, 0xe5, 0x80, 0xd4, 0xa0, 0xb0, 0xcd, 0x8a, 0xd0, 0xec, 0x24, + 0xcb, 0x01, 0x21, 0x59, 0xd3, 0x64, 0x36, 0x99, 0xec, 0xc4, 0xb6, 0x66, 0xc6, 0x9b, 0xe6, 0xc4, + 0x47, 0xe0, 0x0b, 0x70, 0xe1, 0xcc, 0x91, 0x2f, 0xc1, 0x91, 0x8f, 0x80, 0xfa, 0x1d, 0xb8, 0xa3, + 0x99, 0xb1, 0x69, 0xb2, 0xa2, 0xb8, 0xdc, 0xe6, 0xf7, 0x9e, 0x7f, 0xbf, 0xf7, 0xfc, 0x7b, 0xf3, + 0x07, 0x1e, 0x92, 0x4c, 0x2d, 0x68, 0xac, 0xd8, 0x94, 0x28, 0x96, 0xc4, 0x9d, 0xd7, 0x8f, 0x09, + 0x4f, 0x17, 0xe4, 0x71, 0x27, 0x4d, 0x38, 0x9b, 0x6e, 0xc2, 0x54, 0x24, 0x2a, 0x41, 0x0f, 0x98, + 0x54, 0x2c, 0x09, 0x77, 0xbf, 0x0d, 0x8b, 0x6f, 0x83, 0x1f, 0xa1, 0x31, 0x56, 0x82, 0xc5, 0xf3, + 0x21, 0x51, 0xd3, 0x05, 0xba, 0x0f, 0x55, 0x7a, 0x45, 0xa6, 0xca, 0x77, 0x4e, 0x9d, 0x76, 0xfd, + 0x7c, 0x0f, 0x5b, 0x88, 0x7c, 0xf0, 0x52, 0x41, 0x5f, 0xb2, 0x2b, 0x7f, 0x3f, 0x4f, 0xe4, 0x58, + 0x67, 0x64, 0xf6, 0x52, 0x67, 0xdc, 0x22, 0x63, 0xb1, 0xd6, 0x12, 0x74, 0x4e, 0xaf, 0xfc, 0x4a, + 0xa1, 0x65, 0x60, 0xef, 0x10, 0x60, 0xa5, 0x8b, 0x45, 0x6a, 0x93, 0xd2, 0xe0, 0x27, 0x07, 0xea, + 0xc3, 0x4c, 0x65, 0x84, 0x4f, 0xb8, 0x44, 0xef, 0x40, 0x9d, 0x70, 0x9e, 0xac, 0x23, 0xc5, 0xa5, + 0xe9, 0xa1, 0x86, 0x6b, 0x26, 0xa0, 0x93, 0x67, 0x50, 0x59, 0x25, 0x33, 0x6a, 0x5a, 0x68, 0x76, + 0x3f, 0x0c, 0xff, 0xf3, 0xcf, 0xc2, 0x7f, 0x44, 0xc3, 0x61, 0x32, 0xa3, 0xd8, 0x50, 0x83, 0x00, + 0x2a, 0x1a, 0x21, 0x00, 0x6f, 0x3c, 0xc1, 0x83, 0xaf, 0x26, 0xad, 0x3d, 0xd4, 0x04, 0x18, 0xf5, + 0xf1, 0x70, 0x30, 0x1e, 0x0f, 0xbe, 0xeb, 0xb7, 0x9c, 0xe0, 0x17, 0x17, 0xdc, 0x67, 0x6b, 0x85, + 0xee, 0x83, 0xc7, 0xa4, 0xcc, 0xa8, 0xb0, 0x66, 0xe0, 0x1c, 0xa1, 0x77, 0xa1, 0x4e, 0xb2, 0x19, + 0xa3, 0xf1, 0x94, 0x4a, 0x7f, 0xff, 0xd4, 0x6d, 0xd7, 0xf1, 0x4d, 0x00, 0xbd, 0x0d, 0xb5, 0xe5, + 0xfa, 0x95, 0x8c, 0x32, 0xc1, 0xac, 0x23, 0xf8, 0x40, 0xe3, 0x17, 0x82, 0xa1, 0xf7, 0xa0, 0xb1, + 0x5c, 0xab, 0x68, 0x41, 0xc9, 0x8c, 0x0a, 0xe9, 0x7b, 0x86, 0x0a, 0xcb, 0xb5, 0x3a, 0xb7, 0x11, + 0xf4, 0x00, 0x34, 0x8a, 0x52, 0x22, 0xc8, 0x4a, 0xfa, 0x07, 0x56, 0x7a, 0xb9, 0x56, 0x23, 0x13, + 0x40, 0x63, 0x38, 0x52, 0x82, 0xcd, 0xe7, 0x54, 0x44, 0x22, 0xe3, 0x54, 0xfa, 0xf5, 0x53, 0xb7, + 0xdd, 0xe8, 0x86, 0x25, 0x46, 0x3c, 0x5b, 0xab, 0x70, 0x62, 0x79, 0x38, 0xe3, 0x14, 0x1f, 0xaa, + 0x1b, 0x20, 0x8f, 0x7f, 0x73, 0xa0, 0xb1, 0x95, 0x45, 0xcf, 0xa1, 0x49, 0xaf, 0xa6, 0x3c, 0x9b, + 0xd1, 0x59, 0x94, 0x12, 0xb5, 0xd0, 0x63, 0xd0, 0x55, 0x1e, 0x95, 0x54, 0xd9, 0xda, 0x45, 0xf8, + 0xa8, 0x50, 0x18, 0x69, 0x01, 0x2d, 0xc9, 0xe2, 0x1d, 0xc9, 0xfd, 0xff, 0x2f, 0x59, 0x28, 0x18, + 0xc9, 0xe0, 0x67, 0x07, 0xfc, 0x11, 0xa5, 0xe2, 0x6c, 0x87, 0x3a, 0xa4, 0x6a, 0x91, 0xcc, 0xd0, + 0x97, 0x50, 0x59, 0x15, 0xfb, 0xa7, 0xd1, 0x6d, 0xdf, 0x75, 0x9f, 0x9c, 0xef, 0x61, 0xc3, 0x43, + 0x9f, 0x82, 0xbb, 0x5c, 0x2b, 0xb3, 0xcd, 0x1a, 0xdd, 0xa0, 0xdc, 0xdd, 0xf3, 0x3d, 0xac, 0x09, + 0xbd, 0x1a, 0x78, 0x76, 0x74, 0x01, 0x86, 0xe3, 0x0b, 0xc1, 0xe6, 0x2c, 0xfe, 0xd7, 0xfe, 0x3e, + 0xb1, 0xfa, 0xce, 0x5d, 0xf5, 0x8d, 0x7a, 0xf0, 0xab, 0x0b, 0xde, 0xc8, 0x9c, 0x6c, 0xf4, 0x14, + 0x0e, 0x14, 0x11, 0x73, 0xaa, 0x8a, 0xe1, 0x94, 0x9d, 0x85, 0x89, 0xf9, 0x7a, 0x4c, 0x39, 0x9d, + 0xaa, 0x44, 0xe0, 0x82, 0x8d, 0x86, 0x50, 0x4d, 0xa9, 0xde, 0x8b, 0x76, 0x20, 0x9f, 0x95, 0xc8, + 0xdc, 0xe6, 0x38, 0xb6, 0x2a, 0xa8, 0x0d, 0x2d, 0xbd, 0x88, 0x98, 0x8c, 0x92, 0x54, 0xa7, 0x09, + 0x37, 0x67, 0xa0, 0x86, 0x9b, 0x3a, 0x3e, 0x90, 0x17, 0x79, 0x14, 0x8d, 0xe1, 0x20, 0x31, 0x06, + 0x49, 0xbf, 0x62, 0x4a, 0x3f, 0x29, 0x29, 0x7d, 0xbb, 0x9d, 0xb8, 0x50, 0x42, 0x1f, 0x00, 0xb2, + 0xcb, 0x9d, 0x06, 0xaa, 0xa6, 0x81, 0x96, 0xcd, 0x6c, 0xb5, 0xf0, 0x03, 0xbc, 0x95, 0x0a, 0x16, + 0x4f, 0x59, 0x4a, 0x78, 0x74, 0xc9, 0xe2, 0x19, 0x8b, 0xe7, 0xbe, 0x67, 0xae, 0x96, 0x4e, 0x99, + 0x0f, 0x05, 0xaf, 0x67, 0x69, 0xb8, 0x95, 0xbe, 0x11, 0x09, 0xfe, 0x72, 0xa0, 0xb9, 0xeb, 0x3a, + 0x42, 0x50, 0x89, 0xc9, 0x8a, 0xe6, 0xb7, 0x89, 0x59, 0xa3, 0x33, 0xa8, 0xa6, 0x89, 0x50, 0xc5, + 0x00, 0xde, 0x2f, 0x2b, 0x9c, 0x88, 0x9b, 0x29, 0x5a, 0x26, 0x7a, 0x0e, 0x1e, 0x27, 0x97, 0x94, + 0x4b, 0xdf, 0xbd, 0x93, 0x93, 0xbb, 0x5d, 0x85, 0xdf, 0x18, 0x6e, 0x3f, 0x56, 0x62, 0x83, 0x73, + 0xa1, 0xe3, 0x27, 0xd0, 0xd8, 0x0a, 0xa3, 0x16, 0xb8, 0xaf, 0xe8, 0x26, 0xef, 0x5b, 0x2f, 0xd1, + 0x3d, 0xa8, 0xbe, 0x26, 0x3c, 0xb3, 0x57, 0x71, 0x1d, 0x5b, 0xf0, 0xc5, 0xfe, 0xe7, 0x4e, 0xf0, + 0x35, 0x1c, 0x6e, 0x37, 0xa9, 0x9f, 0x87, 0x38, 0x5b, 0x5d, 0xe6, 0x97, 0xe8, 0x91, 0x7e, 0x1e, + 0x2c, 0x46, 0xf7, 0x72, 0x3b, 0x8a, 0x07, 0xc5, 0xa0, 0x9e, 0x07, 0x15, 0xfd, 0x5b, 0x8f, 0x3e, + 0x82, 0xd6, 0x9b, 0x2e, 0xa3, 0x43, 0xa8, 0xbd, 0x18, 0xf7, 0xa3, 0x51, 0xbf, 0x8f, 0xed, 0xb5, + 0xad, 0xd1, 0x05, 0x1e, 0x3c, 0x1d, 0x7c, 0xdb, 0x72, 0x7a, 0xdd, 0xdf, 0xaf, 0x4f, 0x9c, 0x3f, + 0xae, 0x4f, 0x9c, 0x3f, 0xaf, 0x4f, 0x9c, 0xef, 0x1f, 0x5a, 0x13, 0x58, 0xd2, 0x21, 0x29, 0xeb, + 0xdc, 0xf2, 0x52, 0x5e, 0x7a, 0xe6, 0x8d, 0xfc, 0xf8, 0xef, 0x00, 0x00, 0x00, 0xff, 0xff, 0x46, + 0xc2, 0xaa, 0x6f, 0x4b, 0x07, 0x00, 0x00, } diff --git a/authentication/v1alpha1/policy.proto b/authentication/v1alpha1/policy.proto index 32a56ac0f5..5701835bed 100644 --- a/authentication/v1alpha1/policy.proto +++ b/authentication/v1alpha1/policy.proto @@ -360,6 +360,12 @@ message TargetSelector { // fully qualified domain name will be resolved in a platform specific manner. string name = 1; + // $hide_from_docs + // $not-implemented-hide + // Select workload by labels. + // Once implemented, this is a prefer way over using service name. + map labels = 3; + // Specifies the ports. Note that this is the port(s) exposed by the service, not workload ports. // For example, if a service is defined as below, then `8000` should be used, not `9000`. // ``` diff --git a/proto.lock b/proto.lock index 79d740c36d..67af790a4d 100644 --- a/proto.lock +++ b/proto.lock @@ -207,6 +207,16 @@ "type": "PortSelector", "is_repeated": true } + ], + "maps": [ + { + "key_type": "string", + "field": { + "id": 3, + "name": "labels", + "type": "string" + } + } ] }, { diff --git a/python/istio_api/authentication/v1alpha1/policy_pb2.py b/python/istio_api/authentication/v1alpha1/policy_pb2.py index 2ba26d5697..070cf8c75c 100644 --- a/python/istio_api/authentication/v1alpha1/policy_pb2.py +++ b/python/istio_api/authentication/v1alpha1/policy_pb2.py @@ -20,7 +20,7 @@ name='authentication/v1alpha1/policy.proto', package='istio.authentication.v1alpha1', syntax='proto3', - serialized_pb=_b('\n$authentication/v1alpha1/policy.proto\x12\x1distio.authentication.v1alpha1\"a\n\x0bStringMatch\x12\x0f\n\x05\x65xact\x18\x01 \x01(\tH\x00\x12\x10\n\x06prefix\x18\x02 \x01(\tH\x00\x12\x10\n\x06suffix\x18\x03 \x01(\tH\x00\x12\x0f\n\x05regex\x18\x04 \x01(\tH\x00\x42\x0c\n\nmatch_type\"\x7f\n\tMutualTls\x12\x11\n\tallow_tls\x18\x01 \x01(\x08\x12;\n\x04mode\x18\x02 \x01(\x0e\x32-.istio.authentication.v1alpha1.MutualTls.Mode\"\"\n\x04Mode\x12\n\n\x06STRICT\x10\x00\x12\x0e\n\nPERMISSIVE\x10\x01\"\xc2\x02\n\x03Jwt\x12\x0e\n\x06issuer\x18\x01 \x01(\t\x12\x11\n\taudiences\x18\x02 \x03(\t\x12\x10\n\x08jwks_uri\x18\x03 \x01(\t\x12\x13\n\x0bjwt_headers\x18\x06 \x03(\t\x12\x12\n\njwt_params\x18\x07 \x03(\t\x12\x45\n\rtrigger_rules\x18\t \x03(\x0b\x32..istio.authentication.v1alpha1.Jwt.TriggerRule\x1a\x95\x01\n\x0bTriggerRule\x12\x42\n\x0e\x65xcluded_paths\x18\x01 \x03(\x0b\x32*.istio.authentication.v1alpha1.StringMatch\x12\x42\n\x0eincluded_paths\x18\x02 \x03(\x0b\x32*.istio.authentication.v1alpha1.StringMatch\"\x91\x01\n\x18PeerAuthenticationMethod\x12\x38\n\x04mtls\x18\x01 \x01(\x0b\x32(.istio.authentication.v1alpha1.MutualTlsH\x00\x12\x31\n\x03jwt\x18\x02 \x01(\x0b\x32\".istio.authentication.v1alpha1.JwtH\x00\x42\x08\n\x06params\"M\n\x1aOriginAuthenticationMethod\x12/\n\x03jwt\x18\x01 \x01(\x0b\x32\".istio.authentication.v1alpha1.Jwt\"\xde\x02\n\x06Policy\x12>\n\x07targets\x18\x01 \x03(\x0b\x32-.istio.authentication.v1alpha1.TargetSelector\x12\x46\n\x05peers\x18\x02 \x03(\x0b\x32\x37.istio.authentication.v1alpha1.PeerAuthenticationMethod\x12\x18\n\x10peer_is_optional\x18\x03 \x01(\x08\x12J\n\x07origins\x18\x04 \x03(\x0b\x32\x39.istio.authentication.v1alpha1.OriginAuthenticationMethod\x12\x1a\n\x12origin_is_optional\x18\x05 \x01(\x08\x12J\n\x11principal_binding\x18\x06 \x01(\x0e\x32/.istio.authentication.v1alpha1.PrincipalBinding\"Z\n\x0eTargetSelector\x12\x0c\n\x04name\x18\x01 \x01(\t\x12:\n\x05ports\x18\x02 \x03(\x0b\x32+.istio.authentication.v1alpha1.PortSelector\"8\n\x0cPortSelector\x12\x10\n\x06number\x18\x01 \x01(\rH\x00\x12\x0e\n\x04name\x18\x02 \x01(\tH\x00\x42\x06\n\x04port*0\n\x10PrincipalBinding\x12\x0c\n\x08USE_PEER\x10\x00\x12\x0e\n\nUSE_ORIGIN\x10\x01\x42&Z$istio.io/api/authentication/v1alpha1b\x06proto3') + serialized_pb=_b('\n$authentication/v1alpha1/policy.proto\x12\x1distio.authentication.v1alpha1\"a\n\x0bStringMatch\x12\x0f\n\x05\x65xact\x18\x01 \x01(\tH\x00\x12\x10\n\x06prefix\x18\x02 \x01(\tH\x00\x12\x10\n\x06suffix\x18\x03 \x01(\tH\x00\x12\x0f\n\x05regex\x18\x04 \x01(\tH\x00\x42\x0c\n\nmatch_type\"\x7f\n\tMutualTls\x12\x11\n\tallow_tls\x18\x01 \x01(\x08\x12;\n\x04mode\x18\x02 \x01(\x0e\x32-.istio.authentication.v1alpha1.MutualTls.Mode\"\"\n\x04Mode\x12\n\n\x06STRICT\x10\x00\x12\x0e\n\nPERMISSIVE\x10\x01\"\xc2\x02\n\x03Jwt\x12\x0e\n\x06issuer\x18\x01 \x01(\t\x12\x11\n\taudiences\x18\x02 \x03(\t\x12\x10\n\x08jwks_uri\x18\x03 \x01(\t\x12\x13\n\x0bjwt_headers\x18\x06 \x03(\t\x12\x12\n\njwt_params\x18\x07 \x03(\t\x12\x45\n\rtrigger_rules\x18\t \x03(\x0b\x32..istio.authentication.v1alpha1.Jwt.TriggerRule\x1a\x95\x01\n\x0bTriggerRule\x12\x42\n\x0e\x65xcluded_paths\x18\x01 \x03(\x0b\x32*.istio.authentication.v1alpha1.StringMatch\x12\x42\n\x0eincluded_paths\x18\x02 \x03(\x0b\x32*.istio.authentication.v1alpha1.StringMatch\"\x91\x01\n\x18PeerAuthenticationMethod\x12\x38\n\x04mtls\x18\x01 \x01(\x0b\x32(.istio.authentication.v1alpha1.MutualTlsH\x00\x12\x31\n\x03jwt\x18\x02 \x01(\x0b\x32\".istio.authentication.v1alpha1.JwtH\x00\x42\x08\n\x06params\"M\n\x1aOriginAuthenticationMethod\x12/\n\x03jwt\x18\x01 \x01(\x0b\x32\".istio.authentication.v1alpha1.Jwt\"\xde\x02\n\x06Policy\x12>\n\x07targets\x18\x01 \x03(\x0b\x32-.istio.authentication.v1alpha1.TargetSelector\x12\x46\n\x05peers\x18\x02 \x03(\x0b\x32\x37.istio.authentication.v1alpha1.PeerAuthenticationMethod\x12\x18\n\x10peer_is_optional\x18\x03 \x01(\x08\x12J\n\x07origins\x18\x04 \x03(\x0b\x32\x39.istio.authentication.v1alpha1.OriginAuthenticationMethod\x12\x1a\n\x12origin_is_optional\x18\x05 \x01(\x08\x12J\n\x11principal_binding\x18\x06 \x01(\x0e\x32/.istio.authentication.v1alpha1.PrincipalBinding\"\xd4\x01\n\x0eTargetSelector\x12\x0c\n\x04name\x18\x01 \x01(\t\x12I\n\x06labels\x18\x03 \x03(\x0b\x32\x39.istio.authentication.v1alpha1.TargetSelector.LabelsEntry\x12:\n\x05ports\x18\x02 \x03(\x0b\x32+.istio.authentication.v1alpha1.PortSelector\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"8\n\x0cPortSelector\x12\x10\n\x06number\x18\x01 \x01(\rH\x00\x12\x0e\n\x04name\x18\x02 \x01(\tH\x00\x42\x06\n\x04port*0\n\x10PrincipalBinding\x12\x0c\n\x08USE_PEER\x10\x00\x12\x0e\n\nUSE_ORIGIN\x10\x01\x42&Z$istio.io/api/authentication/v1alpha1b\x06proto3') ) _PRINCIPALBINDING = _descriptor.EnumDescriptor( @@ -40,8 +40,8 @@ ], containing_type=None, options=None, - serialized_start=1354, - serialized_end=1402, + serialized_start=1477, + serialized_end=1525, ) _sym_db.RegisterEnumDescriptor(_PRINCIPALBINDING) @@ -408,6 +408,43 @@ ) +_TARGETSELECTOR_LABELSENTRY = _descriptor.Descriptor( + name='LabelsEntry', + full_name='istio.authentication.v1alpha1.TargetSelector.LabelsEntry', + filename=None, + file=DESCRIPTOR, + containing_type=None, + fields=[ + _descriptor.FieldDescriptor( + name='key', full_name='istio.authentication.v1alpha1.TargetSelector.LabelsEntry.key', index=0, + number=1, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='value', full_name='istio.authentication.v1alpha1.TargetSelector.LabelsEntry.value', index=1, + number=2, type=9, cpp_type=9, label=1, + has_default_value=False, default_value=_b("").decode('utf-8'), + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + ], + extensions=[ + ], + nested_types=[], + enum_types=[ + ], + options=_descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')), + is_extendable=False, + syntax='proto3', + extension_ranges=[], + oneofs=[ + ], + serialized_start=1372, + serialized_end=1417, +) + _TARGETSELECTOR = _descriptor.Descriptor( name='TargetSelector', full_name='istio.authentication.v1alpha1.TargetSelector', @@ -423,7 +460,14 @@ is_extension=False, extension_scope=None, options=None, file=DESCRIPTOR), _descriptor.FieldDescriptor( - name='ports', full_name='istio.authentication.v1alpha1.TargetSelector.ports', index=1, + name='labels', full_name='istio.authentication.v1alpha1.TargetSelector.labels', index=1, + number=3, type=11, cpp_type=10, label=3, + has_default_value=False, default_value=[], + message_type=None, enum_type=None, containing_type=None, + is_extension=False, extension_scope=None, + options=None, file=DESCRIPTOR), + _descriptor.FieldDescriptor( + name='ports', full_name='istio.authentication.v1alpha1.TargetSelector.ports', index=2, number=2, type=11, cpp_type=10, label=3, has_default_value=False, default_value=[], message_type=None, enum_type=None, containing_type=None, @@ -432,7 +476,7 @@ ], extensions=[ ], - nested_types=[], + nested_types=[_TARGETSELECTOR_LABELSENTRY, ], enum_types=[ ], options=None, @@ -441,8 +485,8 @@ extension_ranges=[], oneofs=[ ], - serialized_start=1204, - serialized_end=1294, + serialized_start=1205, + serialized_end=1417, ) @@ -482,8 +526,8 @@ name='port', full_name='istio.authentication.v1alpha1.PortSelector.port', index=0, containing_type=None, fields=[]), ], - serialized_start=1296, - serialized_end=1352, + serialized_start=1419, + serialized_end=1475, ) _STRINGMATCH.oneofs_by_name['match_type'].fields.append( @@ -517,6 +561,8 @@ _POLICY.fields_by_name['peers'].message_type = _PEERAUTHENTICATIONMETHOD _POLICY.fields_by_name['origins'].message_type = _ORIGINAUTHENTICATIONMETHOD _POLICY.fields_by_name['principal_binding'].enum_type = _PRINCIPALBINDING +_TARGETSELECTOR_LABELSENTRY.containing_type = _TARGETSELECTOR +_TARGETSELECTOR.fields_by_name['labels'].message_type = _TARGETSELECTOR_LABELSENTRY _TARGETSELECTOR.fields_by_name['ports'].message_type = _PORTSELECTOR _PORTSELECTOR.oneofs_by_name['port'].fields.append( _PORTSELECTOR.fields_by_name['number']) @@ -586,11 +632,19 @@ _sym_db.RegisterMessage(Policy) TargetSelector = _reflection.GeneratedProtocolMessageType('TargetSelector', (_message.Message,), dict( + + LabelsEntry = _reflection.GeneratedProtocolMessageType('LabelsEntry', (_message.Message,), dict( + DESCRIPTOR = _TARGETSELECTOR_LABELSENTRY, + __module__ = 'authentication.v1alpha1.policy_pb2' + # @@protoc_insertion_point(class_scope:istio.authentication.v1alpha1.TargetSelector.LabelsEntry) + )) + , DESCRIPTOR = _TARGETSELECTOR, __module__ = 'authentication.v1alpha1.policy_pb2' # @@protoc_insertion_point(class_scope:istio.authentication.v1alpha1.TargetSelector) )) _sym_db.RegisterMessage(TargetSelector) +_sym_db.RegisterMessage(TargetSelector.LabelsEntry) PortSelector = _reflection.GeneratedProtocolMessageType('PortSelector', (_message.Message,), dict( DESCRIPTOR = _PORTSELECTOR, @@ -602,4 +656,6 @@ DESCRIPTOR.has_options = True DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('Z$istio.io/api/authentication/v1alpha1')) +_TARGETSELECTOR_LABELSENTRY.has_options = True +_TARGETSELECTOR_LABELSENTRY._options = _descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001')) # @@protoc_insertion_point(module_scope)