diff --git a/networking/v1alpha3/gateway.pb.go b/networking/v1alpha3/gateway.pb.go
index 10483edacd..3eeb4ff276 100644
--- a/networking/v1alpha3/gateway.pb.go
+++ b/networking/v1alpha3/gateway.pb.go
@@ -409,13 +409,10 @@ type Server_TLSOptions struct {
Mode Server_TLSOptions_TLSmode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.networking.v1alpha3.Server_TLSOptions_TLSmode" json:"mode,omitempty"`
// REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file
// holding the server-side TLS certificate to use.
- // Deprecated. Use
ServerCertificate string `protobuf:"bytes,3,opt,name=server_certificate,json=serverCertificate,proto3" json:"server_certificate,omitempty"`
// REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file
// holding the server's private key.
PrivateKey string `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
- // REQUIRED if the mode is `SIMPLE` or `MUTUAL`.
- CredentialStore *Server_TLSOptions_CredentialStore `protobuf:"bytes,10,opt,name=credential_store,json=credentialStore" json:"credential_store,omitempty"`
// REQUIRED if mode is `MUTUAL`. The path to a file containing
// certificate authority certificates to use in verifying a presented
// client side certificate.
@@ -430,6 +427,12 @@ type Server_TLSOptions struct {
// Optional: If specified, only support the specified cipher list.
// Otherwise default to the default cipher list supported by Envoy.
CipherSuites []string `protobuf:"bytes,9,rep,name=cipher_suites,json=cipherSuites" json:"cipher_suites,omitempty"`
+ // Optional: If specified, the gateway controllers (with SDS enabled)
+ // use the specified name as the SDS secret config name to call the SDS
+ // server, to retrieve the key and certificates. Otherwise, the gateway
+ // controllers (with SDS enabled) use the first value in the hosts as
+ // the SDS secret config name to call the SDS server.
+ SdsName string `protobuf:"bytes,10,opt,name=sds_name,json=sdsName,proto3" json:"sds_name,omitempty"`
}
func (m *Server_TLSOptions) Reset() { *m = Server_TLSOptions{} }
@@ -465,13 +468,6 @@ func (m *Server_TLSOptions) GetPrivateKey() string {
return ""
}
-func (m *Server_TLSOptions) GetCredentialStore() *Server_TLSOptions_CredentialStore {
- if m != nil {
- return m.CredentialStore
- }
- return nil
-}
-
func (m *Server_TLSOptions) GetCaCertificates() string {
if m != nil {
return m.CaCertificates
@@ -507,212 +503,13 @@ func (m *Server_TLSOptions) GetCipherSuites() []string {
return nil
}
-// The file backend specifies the file system paths where the
-// server's public and private keys can be obtained.
-type Server_TLSOptions_CredentialStoreFileBackend struct {
- // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file
- // holding the server-side TLS certificate to use.
- ServerCertificate string `protobuf:"bytes,3,opt,name=server_certificate,json=serverCertificate,proto3" json:"server_certificate,omitempty"`
- // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file
- // holding the server's private key.
- PrivateKey string `protobuf:"bytes,4,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"`
-}
-
-func (m *Server_TLSOptions_CredentialStoreFileBackend) Reset() {
- *m = Server_TLSOptions_CredentialStoreFileBackend{}
-}
-func (m *Server_TLSOptions_CredentialStoreFileBackend) String() string {
- return proto.CompactTextString(m)
-}
-func (*Server_TLSOptions_CredentialStoreFileBackend) ProtoMessage() {}
-func (*Server_TLSOptions_CredentialStoreFileBackend) Descriptor() ([]byte, []int) {
- return fileDescriptorGateway, []int{1, 0, 0}
-}
-
-func (m *Server_TLSOptions_CredentialStoreFileBackend) GetServerCertificate() string {
- if m != nil {
- return m.ServerCertificate
- }
- return ""
-}
-
-func (m *Server_TLSOptions_CredentialStoreFileBackend) GetPrivateKey() string {
- if m != nil {
- return m.PrivateKey
- }
- return ""
-}
-
-// The remote backend provides information about the remote secret
-// management server that contains the server's public and private keys.
-type Server_TLSOptions_CredentialStoreRemoteBackend struct {
- // REQUIRED the name of the resource that the credential server can
- // use to identify the certificates associated with the gateway
- // server. In kubernetes, this should correspond to the name of the
- // secret that contains the server-side TLS certificate and the
- // server's private key. Note that the secret should contain both the
- // public and private keys associated with the server port.
- //
- // It is possible to use the same resourceName across several servers
- // on different ports, if these servers share the same credentials.
- ResourceName string `protobuf:"bytes,1,opt,name=resource_name,json=resourceName,proto3" json:"resource_name,omitempty"`
- // The address where the credential store server can be reached.
- // If omitted, will default to unix:/var/run/gateway/sds
- ServerAddress string `protobuf:"bytes,2,opt,name=server_address,json=serverAddress,proto3" json:"server_address,omitempty"`
-}
-
-func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Reset() {
- *m = Server_TLSOptions_CredentialStoreRemoteBackend{}
-}
-func (m *Server_TLSOptions_CredentialStoreRemoteBackend) String() string {
- return proto.CompactTextString(m)
-}
-func (*Server_TLSOptions_CredentialStoreRemoteBackend) ProtoMessage() {}
-func (*Server_TLSOptions_CredentialStoreRemoteBackend) Descriptor() ([]byte, []int) {
- return fileDescriptorGateway, []int{1, 0, 1}
-}
-
-func (m *Server_TLSOptions_CredentialStoreRemoteBackend) GetResourceName() string {
- if m != nil {
- return m.ResourceName
- }
- return ""
-}
-
-func (m *Server_TLSOptions_CredentialStoreRemoteBackend) GetServerAddress() string {
+func (m *Server_TLSOptions) GetSdsName() string {
if m != nil {
- return m.ServerAddress
+ return m.SdsName
}
return ""
}
-type Server_TLSOptions_CredentialStore struct {
- // Types that are valid to be assigned to CredentialStore:
- // *Server_TLSOptions_CredentialStore_Files
- // *Server_TLSOptions_CredentialStore_Remote
- CredentialStore isServer_TLSOptions_CredentialStore_CredentialStore `protobuf_oneof:"credential_store"`
-}
-
-func (m *Server_TLSOptions_CredentialStore) Reset() { *m = Server_TLSOptions_CredentialStore{} }
-func (m *Server_TLSOptions_CredentialStore) String() string { return proto.CompactTextString(m) }
-func (*Server_TLSOptions_CredentialStore) ProtoMessage() {}
-func (*Server_TLSOptions_CredentialStore) Descriptor() ([]byte, []int) {
- return fileDescriptorGateway, []int{1, 0, 2}
-}
-
-type isServer_TLSOptions_CredentialStore_CredentialStore interface {
- isServer_TLSOptions_CredentialStore_CredentialStore()
- MarshalTo([]byte) (int, error)
- Size() int
-}
-
-type Server_TLSOptions_CredentialStore_Files struct {
- Files *Server_TLSOptions_CredentialStoreFileBackend `protobuf:"bytes,1,opt,name=files,oneof"`
-}
-type Server_TLSOptions_CredentialStore_Remote struct {
- Remote *Server_TLSOptions_CredentialStoreRemoteBackend `protobuf:"bytes,2,opt,name=remote,oneof"`
-}
-
-func (*Server_TLSOptions_CredentialStore_Files) isServer_TLSOptions_CredentialStore_CredentialStore() {
-}
-func (*Server_TLSOptions_CredentialStore_Remote) isServer_TLSOptions_CredentialStore_CredentialStore() {
-}
-
-func (m *Server_TLSOptions_CredentialStore) GetCredentialStore() isServer_TLSOptions_CredentialStore_CredentialStore {
- if m != nil {
- return m.CredentialStore
- }
- return nil
-}
-
-func (m *Server_TLSOptions_CredentialStore) GetFiles() *Server_TLSOptions_CredentialStoreFileBackend {
- if x, ok := m.GetCredentialStore().(*Server_TLSOptions_CredentialStore_Files); ok {
- return x.Files
- }
- return nil
-}
-
-func (m *Server_TLSOptions_CredentialStore) GetRemote() *Server_TLSOptions_CredentialStoreRemoteBackend {
- if x, ok := m.GetCredentialStore().(*Server_TLSOptions_CredentialStore_Remote); ok {
- return x.Remote
- }
- return nil
-}
-
-// XXX_OneofFuncs is for the internal use of the proto package.
-func (*Server_TLSOptions_CredentialStore) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
- return _Server_TLSOptions_CredentialStore_OneofMarshaler, _Server_TLSOptions_CredentialStore_OneofUnmarshaler, _Server_TLSOptions_CredentialStore_OneofSizer, []interface{}{
- (*Server_TLSOptions_CredentialStore_Files)(nil),
- (*Server_TLSOptions_CredentialStore_Remote)(nil),
- }
-}
-
-func _Server_TLSOptions_CredentialStore_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
- m := msg.(*Server_TLSOptions_CredentialStore)
- // credential_store
- switch x := m.CredentialStore.(type) {
- case *Server_TLSOptions_CredentialStore_Files:
- _ = b.EncodeVarint(1<<3 | proto.WireBytes)
- if err := b.EncodeMessage(x.Files); err != nil {
- return err
- }
- case *Server_TLSOptions_CredentialStore_Remote:
- _ = b.EncodeVarint(2<<3 | proto.WireBytes)
- if err := b.EncodeMessage(x.Remote); err != nil {
- return err
- }
- case nil:
- default:
- return fmt.Errorf("Server_TLSOptions_CredentialStore.CredentialStore has unexpected type %T", x)
- }
- return nil
-}
-
-func _Server_TLSOptions_CredentialStore_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
- m := msg.(*Server_TLSOptions_CredentialStore)
- switch tag {
- case 1: // credential_store.files
- if wire != proto.WireBytes {
- return true, proto.ErrInternalBadWireType
- }
- msg := new(Server_TLSOptions_CredentialStoreFileBackend)
- err := b.DecodeMessage(msg)
- m.CredentialStore = &Server_TLSOptions_CredentialStore_Files{msg}
- return true, err
- case 2: // credential_store.remote
- if wire != proto.WireBytes {
- return true, proto.ErrInternalBadWireType
- }
- msg := new(Server_TLSOptions_CredentialStoreRemoteBackend)
- err := b.DecodeMessage(msg)
- m.CredentialStore = &Server_TLSOptions_CredentialStore_Remote{msg}
- return true, err
- default:
- return false, nil
- }
-}
-
-func _Server_TLSOptions_CredentialStore_OneofSizer(msg proto.Message) (n int) {
- m := msg.(*Server_TLSOptions_CredentialStore)
- // credential_store
- switch x := m.CredentialStore.(type) {
- case *Server_TLSOptions_CredentialStore_Files:
- s := proto.Size(x.Files)
- n += proto.SizeVarint(1<<3 | proto.WireBytes)
- n += proto.SizeVarint(uint64(s))
- n += s
- case *Server_TLSOptions_CredentialStore_Remote:
- s := proto.Size(x.Remote)
- n += proto.SizeVarint(2<<3 | proto.WireBytes)
- n += proto.SizeVarint(uint64(s))
- n += s
- case nil:
- default:
- panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
- }
- return n
-}
-
// Port describes the properties of a specific port of a service.
type Port struct {
// REQUIRED: A valid non-negative integer port number.
@@ -756,9 +553,6 @@ func init() {
proto.RegisterType((*Gateway)(nil), "istio.networking.v1alpha3.Gateway")
proto.RegisterType((*Server)(nil), "istio.networking.v1alpha3.Server")
proto.RegisterType((*Server_TLSOptions)(nil), "istio.networking.v1alpha3.Server.TLSOptions")
- proto.RegisterType((*Server_TLSOptions_CredentialStoreFileBackend)(nil), "istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend")
- proto.RegisterType((*Server_TLSOptions_CredentialStoreRemoteBackend)(nil), "istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend")
- proto.RegisterType((*Server_TLSOptions_CredentialStore)(nil), "istio.networking.v1alpha3.Server.TLSOptions.CredentialStore")
proto.RegisterType((*Port)(nil), "istio.networking.v1alpha3.Port")
proto.RegisterEnum("istio.networking.v1alpha3.Server_TLSOptions_TLSmode", Server_TLSOptions_TLSmode_name, Server_TLSOptions_TLSmode_value)
proto.RegisterEnum("istio.networking.v1alpha3.Server_TLSOptions_TLSProtocol", Server_TLSOptions_TLSProtocol_name, Server_TLSOptions_TLSProtocol_value)
@@ -963,132 +757,15 @@ func (m *Server_TLSOptions) MarshalTo(dAtA []byte) (int, error) {
i += copy(dAtA[i:], s)
}
}
- if m.CredentialStore != nil {
+ if len(m.SdsName) > 0 {
dAtA[i] = 0x52
i++
- i = encodeVarintGateway(dAtA, i, uint64(m.CredentialStore.Size()))
- n3, err := m.CredentialStore.MarshalTo(dAtA[i:])
- if err != nil {
- return 0, err
- }
- i += n3
- }
- return i, nil
-}
-
-func (m *Server_TLSOptions_CredentialStoreFileBackend) Marshal() (dAtA []byte, err error) {
- size := m.Size()
- dAtA = make([]byte, size)
- n, err := m.MarshalTo(dAtA)
- if err != nil {
- return nil, err
- }
- return dAtA[:n], nil
-}
-
-func (m *Server_TLSOptions_CredentialStoreFileBackend) MarshalTo(dAtA []byte) (int, error) {
- var i int
- _ = i
- var l int
- _ = l
- if len(m.ServerCertificate) > 0 {
- dAtA[i] = 0x1a
- i++
- i = encodeVarintGateway(dAtA, i, uint64(len(m.ServerCertificate)))
- i += copy(dAtA[i:], m.ServerCertificate)
- }
- if len(m.PrivateKey) > 0 {
- dAtA[i] = 0x22
- i++
- i = encodeVarintGateway(dAtA, i, uint64(len(m.PrivateKey)))
- i += copy(dAtA[i:], m.PrivateKey)
- }
- return i, nil
-}
-
-func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Marshal() (dAtA []byte, err error) {
- size := m.Size()
- dAtA = make([]byte, size)
- n, err := m.MarshalTo(dAtA)
- if err != nil {
- return nil, err
- }
- return dAtA[:n], nil
-}
-
-func (m *Server_TLSOptions_CredentialStoreRemoteBackend) MarshalTo(dAtA []byte) (int, error) {
- var i int
- _ = i
- var l int
- _ = l
- if len(m.ResourceName) > 0 {
- dAtA[i] = 0xa
- i++
- i = encodeVarintGateway(dAtA, i, uint64(len(m.ResourceName)))
- i += copy(dAtA[i:], m.ResourceName)
- }
- if len(m.ServerAddress) > 0 {
- dAtA[i] = 0x12
- i++
- i = encodeVarintGateway(dAtA, i, uint64(len(m.ServerAddress)))
- i += copy(dAtA[i:], m.ServerAddress)
- }
- return i, nil
-}
-
-func (m *Server_TLSOptions_CredentialStore) Marshal() (dAtA []byte, err error) {
- size := m.Size()
- dAtA = make([]byte, size)
- n, err := m.MarshalTo(dAtA)
- if err != nil {
- return nil, err
- }
- return dAtA[:n], nil
-}
-
-func (m *Server_TLSOptions_CredentialStore) MarshalTo(dAtA []byte) (int, error) {
- var i int
- _ = i
- var l int
- _ = l
- if m.CredentialStore != nil {
- nn4, err := m.CredentialStore.MarshalTo(dAtA[i:])
- if err != nil {
- return 0, err
- }
- i += nn4
+ i = encodeVarintGateway(dAtA, i, uint64(len(m.SdsName)))
+ i += copy(dAtA[i:], m.SdsName)
}
return i, nil
}
-func (m *Server_TLSOptions_CredentialStore_Files) MarshalTo(dAtA []byte) (int, error) {
- i := 0
- if m.Files != nil {
- dAtA[i] = 0xa
- i++
- i = encodeVarintGateway(dAtA, i, uint64(m.Files.Size()))
- n5, err := m.Files.MarshalTo(dAtA[i:])
- if err != nil {
- return 0, err
- }
- i += n5
- }
- return i, nil
-}
-func (m *Server_TLSOptions_CredentialStore_Remote) MarshalTo(dAtA []byte) (int, error) {
- i := 0
- if m.Remote != nil {
- dAtA[i] = 0x12
- i++
- i = encodeVarintGateway(dAtA, i, uint64(m.Remote.Size()))
- n6, err := m.Remote.MarshalTo(dAtA[i:])
- if err != nil {
- return 0, err
- }
- i += n6
- }
- return i, nil
-}
func (m *Port) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
@@ -1220,68 +897,13 @@ func (m *Server_TLSOptions) Size() (n int) {
n += 1 + l + sovGateway(uint64(l))
}
}
- if m.CredentialStore != nil {
- l = m.CredentialStore.Size()
- n += 1 + l + sovGateway(uint64(l))
- }
- return n
-}
-
-func (m *Server_TLSOptions_CredentialStoreFileBackend) Size() (n int) {
- var l int
- _ = l
- l = len(m.ServerCertificate)
- if l > 0 {
- n += 1 + l + sovGateway(uint64(l))
- }
- l = len(m.PrivateKey)
- if l > 0 {
- n += 1 + l + sovGateway(uint64(l))
- }
- return n
-}
-
-func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Size() (n int) {
- var l int
- _ = l
- l = len(m.ResourceName)
- if l > 0 {
- n += 1 + l + sovGateway(uint64(l))
- }
- l = len(m.ServerAddress)
+ l = len(m.SdsName)
if l > 0 {
n += 1 + l + sovGateway(uint64(l))
}
return n
}
-func (m *Server_TLSOptions_CredentialStore) Size() (n int) {
- var l int
- _ = l
- if m.CredentialStore != nil {
- n += m.CredentialStore.Size()
- }
- return n
-}
-
-func (m *Server_TLSOptions_CredentialStore_Files) Size() (n int) {
- var l int
- _ = l
- if m.Files != nil {
- l = m.Files.Size()
- n += 1 + l + sovGateway(uint64(l))
- }
- return n
-}
-func (m *Server_TLSOptions_CredentialStore_Remote) Size() (n int) {
- var l int
- _ = l
- if m.Remote != nil {
- l = m.Remote.Size()
- n += 1 + l + sovGateway(uint64(l))
- }
- return n
-}
func (m *Port) Size() (n int) {
var l int
_ = l
@@ -1967,9 +1589,9 @@ func (m *Server_TLSOptions) Unmarshal(dAtA []byte) error {
iNdEx = postIndex
case 10:
if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field CredentialStore", wireType)
+ return fmt.Errorf("proto: wrong wireType = %d for field SdsName", wireType)
}
- var msglen int
+ var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowGateway
@@ -1979,354 +1601,20 @@ func (m *Server_TLSOptions) Unmarshal(dAtA []byte) error {
}
b := dAtA[iNdEx]
iNdEx++
- msglen |= (int(b) & 0x7F) << shift
+ stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
- if msglen < 0 {
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
return ErrInvalidLengthGateway
}
- postIndex := iNdEx + msglen
+ postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
- if m.CredentialStore == nil {
- m.CredentialStore = &Server_TLSOptions_CredentialStore{}
- }
- if err := m.CredentialStore.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
- return err
- }
- iNdEx = postIndex
- default:
- iNdEx = preIndex
- skippy, err := skipGateway(dAtA[iNdEx:])
- if err != nil {
- return err
- }
- if skippy < 0 {
- return ErrInvalidLengthGateway
- }
- if (iNdEx + skippy) > l {
- return io.ErrUnexpectedEOF
- }
- iNdEx += skippy
- }
- }
-
- if iNdEx > l {
- return io.ErrUnexpectedEOF
- }
- return nil
-}
-func (m *Server_TLSOptions_CredentialStoreFileBackend) Unmarshal(dAtA []byte) error {
- l := len(dAtA)
- iNdEx := 0
- for iNdEx < l {
- preIndex := iNdEx
- var wire uint64
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowGateway
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- wire |= (uint64(b) & 0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- fieldNum := int32(wire >> 3)
- wireType := int(wire & 0x7)
- if wireType == 4 {
- return fmt.Errorf("proto: CredentialStoreFileBackend: wiretype end group for non-group")
- }
- if fieldNum <= 0 {
- return fmt.Errorf("proto: CredentialStoreFileBackend: illegal tag %d (wire type %d)", fieldNum, wire)
- }
- switch fieldNum {
- case 3:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field ServerCertificate", wireType)
- }
- var stringLen uint64
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowGateway
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- stringLen |= (uint64(b) & 0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- intStringLen := int(stringLen)
- if intStringLen < 0 {
- return ErrInvalidLengthGateway
- }
- postIndex := iNdEx + intStringLen
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- m.ServerCertificate = string(dAtA[iNdEx:postIndex])
- iNdEx = postIndex
- case 4:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field PrivateKey", wireType)
- }
- var stringLen uint64
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowGateway
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- stringLen |= (uint64(b) & 0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- intStringLen := int(stringLen)
- if intStringLen < 0 {
- return ErrInvalidLengthGateway
- }
- postIndex := iNdEx + intStringLen
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- m.PrivateKey = string(dAtA[iNdEx:postIndex])
- iNdEx = postIndex
- default:
- iNdEx = preIndex
- skippy, err := skipGateway(dAtA[iNdEx:])
- if err != nil {
- return err
- }
- if skippy < 0 {
- return ErrInvalidLengthGateway
- }
- if (iNdEx + skippy) > l {
- return io.ErrUnexpectedEOF
- }
- iNdEx += skippy
- }
- }
-
- if iNdEx > l {
- return io.ErrUnexpectedEOF
- }
- return nil
-}
-func (m *Server_TLSOptions_CredentialStoreRemoteBackend) Unmarshal(dAtA []byte) error {
- l := len(dAtA)
- iNdEx := 0
- for iNdEx < l {
- preIndex := iNdEx
- var wire uint64
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowGateway
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- wire |= (uint64(b) & 0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- fieldNum := int32(wire >> 3)
- wireType := int(wire & 0x7)
- if wireType == 4 {
- return fmt.Errorf("proto: CredentialStoreRemoteBackend: wiretype end group for non-group")
- }
- if fieldNum <= 0 {
- return fmt.Errorf("proto: CredentialStoreRemoteBackend: illegal tag %d (wire type %d)", fieldNum, wire)
- }
- switch fieldNum {
- case 1:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field ResourceName", wireType)
- }
- var stringLen uint64
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowGateway
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- stringLen |= (uint64(b) & 0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- intStringLen := int(stringLen)
- if intStringLen < 0 {
- return ErrInvalidLengthGateway
- }
- postIndex := iNdEx + intStringLen
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- m.ResourceName = string(dAtA[iNdEx:postIndex])
- iNdEx = postIndex
- case 2:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field ServerAddress", wireType)
- }
- var stringLen uint64
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowGateway
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- stringLen |= (uint64(b) & 0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- intStringLen := int(stringLen)
- if intStringLen < 0 {
- return ErrInvalidLengthGateway
- }
- postIndex := iNdEx + intStringLen
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- m.ServerAddress = string(dAtA[iNdEx:postIndex])
- iNdEx = postIndex
- default:
- iNdEx = preIndex
- skippy, err := skipGateway(dAtA[iNdEx:])
- if err != nil {
- return err
- }
- if skippy < 0 {
- return ErrInvalidLengthGateway
- }
- if (iNdEx + skippy) > l {
- return io.ErrUnexpectedEOF
- }
- iNdEx += skippy
- }
- }
-
- if iNdEx > l {
- return io.ErrUnexpectedEOF
- }
- return nil
-}
-func (m *Server_TLSOptions_CredentialStore) Unmarshal(dAtA []byte) error {
- l := len(dAtA)
- iNdEx := 0
- for iNdEx < l {
- preIndex := iNdEx
- var wire uint64
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowGateway
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- wire |= (uint64(b) & 0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- fieldNum := int32(wire >> 3)
- wireType := int(wire & 0x7)
- if wireType == 4 {
- return fmt.Errorf("proto: CredentialStore: wiretype end group for non-group")
- }
- if fieldNum <= 0 {
- return fmt.Errorf("proto: CredentialStore: illegal tag %d (wire type %d)", fieldNum, wire)
- }
- switch fieldNum {
- case 1:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Files", wireType)
- }
- var msglen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowGateway
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- msglen |= (int(b) & 0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if msglen < 0 {
- return ErrInvalidLengthGateway
- }
- postIndex := iNdEx + msglen
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- v := &Server_TLSOptions_CredentialStoreFileBackend{}
- if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
- return err
- }
- m.CredentialStore = &Server_TLSOptions_CredentialStore_Files{v}
- iNdEx = postIndex
- case 2:
- if wireType != 2 {
- return fmt.Errorf("proto: wrong wireType = %d for field Remote", wireType)
- }
- var msglen int
- for shift := uint(0); ; shift += 7 {
- if shift >= 64 {
- return ErrIntOverflowGateway
- }
- if iNdEx >= l {
- return io.ErrUnexpectedEOF
- }
- b := dAtA[iNdEx]
- iNdEx++
- msglen |= (int(b) & 0x7F) << shift
- if b < 0x80 {
- break
- }
- }
- if msglen < 0 {
- return ErrInvalidLengthGateway
- }
- postIndex := iNdEx + msglen
- if postIndex > l {
- return io.ErrUnexpectedEOF
- }
- v := &Server_TLSOptions_CredentialStoreRemoteBackend{}
- if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
- return err
- }
- m.CredentialStore = &Server_TLSOptions_CredentialStore_Remote{v}
+ m.SdsName = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
default:
iNdEx = preIndex
@@ -2584,57 +1872,48 @@ var (
func init() { proto.RegisterFile("networking/v1alpha3/gateway.proto", fileDescriptorGateway) }
var fileDescriptorGateway = []byte{
- // 819 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0x5d, 0x6f, 0xdb, 0x36,
- 0x14, 0x8d, 0x6c, 0xc7, 0xb1, 0xaf, 0xe2, 0x58, 0x25, 0x82, 0x41, 0x33, 0x86, 0x34, 0x75, 0x30,
- 0xac, 0x1b, 0x36, 0xa5, 0x71, 0xf6, 0x50, 0xac, 0xc3, 0x00, 0xa7, 0xc8, 0xe2, 0x62, 0x6e, 0x13,
- 0x50, 0x4e, 0x1f, 0xf6, 0x22, 0x30, 0x12, 0x93, 0x30, 0x91, 0x45, 0x81, 0xa4, 0xdd, 0xfa, 0x1f,
- 0xf6, 0x71, 0xfb, 0x07, 0x43, 0x5e, 0xf7, 0xb8, 0x3f, 0x30, 0x90, 0xa2, 0x3f, 0xea, 0xa6, 0x29,
- 0x82, 0xbc, 0xf1, 0x1e, 0xde, 0x7b, 0xee, 0xe5, 0xe1, 0x11, 0x05, 0x4f, 0x32, 0xaa, 0xde, 0x71,
- 0x71, 0xcd, 0xb2, 0x8b, 0xdd, 0xf1, 0x1e, 0x49, 0xf3, 0x4b, 0xb2, 0xbf, 0x7b, 0x41, 0x14, 0x7d,
- 0x47, 0x26, 0x41, 0x2e, 0xb8, 0xe2, 0xe8, 0x6b, 0x26, 0x15, 0xe3, 0xc1, 0x3c, 0x31, 0x98, 0x26,
- 0xb6, 0xff, 0x76, 0x60, 0xed, 0xa8, 0x48, 0x46, 0x2f, 0x60, 0x4d, 0x52, 0x31, 0xa6, 0x42, 0xfa,
- 0xce, 0x76, 0xf9, 0xa9, 0xdb, 0x79, 0x12, 0x7c, 0xb6, 0x30, 0x08, 0x4d, 0x26, 0x9e, 0x56, 0xa0,
- 0x3e, 0xd4, 0x24, 0x4d, 0x69, 0xac, 0xb8, 0xf0, 0x4b, 0xa6, 0xfa, 0xd9, 0x1d, 0xd5, 0xb6, 0x65,
- 0x10, 0xda, 0x92, 0xc3, 0x4c, 0x89, 0x09, 0x9e, 0x31, 0xb4, 0x5e, 0x40, 0xe3, 0xa3, 0x2d, 0xe4,
- 0x41, 0xf9, 0x9a, 0x4e, 0x7c, 0x67, 0xdb, 0x79, 0x5a, 0xc7, 0x7a, 0x89, 0x36, 0x61, 0x75, 0x4c,
- 0xd2, 0x11, 0xf5, 0x4b, 0x06, 0x2b, 0x82, 0x5f, 0x4a, 0xcf, 0x9d, 0xf6, 0x07, 0x17, 0xaa, 0xc5,
- 0x78, 0x68, 0x1f, 0x2a, 0x39, 0x17, 0xca, 0xd4, 0xb9, 0x9d, 0xc7, 0x77, 0x4c, 0x74, 0xc2, 0x85,
- 0xc2, 0x26, 0x59, 0x33, 0x5f, 0x72, 0xa9, 0xa4, 0x39, 0x47, 0x1d, 0x17, 0x01, 0xfa, 0x0d, 0xca,
- 0x2a, 0x95, 0x7e, 0xd9, 0x30, 0xfd, 0xf8, 0x45, 0x65, 0x82, 0x41, 0x3f, 0x3c, 0xce, 0x15, 0xe3,
- 0x99, 0xc4, 0xba, 0x10, 0x21, 0xa8, 0x9c, 0xb1, 0x2c, 0xf1, 0x2b, 0x66, 0x5c, 0xb3, 0x46, 0xdf,
- 0x83, 0x97, 0xd0, 0x73, 0x32, 0x4a, 0x55, 0x44, 0xb3, 0x24, 0xe7, 0x2c, 0x53, 0xfe, 0xaa, 0xd9,
- 0x6f, 0x5a, 0xfc, 0xd0, 0xc2, 0xad, 0xff, 0xea, 0x00, 0x73, 0x4a, 0xf4, 0x2d, 0x6c, 0x5c, 0x2a,
- 0x95, 0xcb, 0x48, 0xd0, 0x84, 0x09, 0x1a, 0x17, 0x47, 0xac, 0xe1, 0x86, 0x41, 0xb1, 0x05, 0x51,
- 0x0f, 0x2a, 0x43, 0x9e, 0x14, 0x1a, 0x6d, 0x74, 0x7e, 0xbe, 0xcf, 0xd4, 0x7a, 0xa9, 0x6b, 0xb1,
- 0x61, 0x40, 0x7b, 0x80, 0x8a, 0xab, 0x8e, 0x62, 0x2a, 0x14, 0x3b, 0x67, 0x31, 0x51, 0xd4, 0xa8,
- 0x51, 0x3f, 0x28, 0xf9, 0x0e, 0x7e, 0x54, 0xec, 0xbe, 0x9c, 0x6f, 0xa2, 0x1d, 0x70, 0x73, 0xc1,
- 0xc6, 0x44, 0xd1, 0x48, 0xdf, 0x5d, 0x65, 0x96, 0x0b, 0x16, 0xfe, 0x83, 0x4e, 0xd0, 0x77, 0xd0,
- 0x8c, 0xc9, 0x22, 0xa7, 0xb4, 0x0a, 0x6c, 0xc4, 0x64, 0x81, 0x4c, 0xa2, 0x1f, 0xe0, 0x91, 0x1c,
- 0x9d, 0x5d, 0xd1, 0x58, 0x45, 0x24, 0x55, 0x51, 0x46, 0x86, 0x54, 0xfa, 0x55, 0x73, 0x43, 0x4d,
- 0xbb, 0xd1, 0x4d, 0xd5, 0x1b, 0x0d, 0xa3, 0x2b, 0xd8, 0x1c, 0xb2, 0x2c, 0x32, 0xee, 0x8f, 0x79,
- 0x1a, 0x69, 0x87, 0x32, 0x9e, 0xf9, 0x6b, 0x46, 0x86, 0xe7, 0xf7, 0x95, 0xe1, 0xc4, 0xf2, 0x60,
- 0x34, 0x64, 0xd9, 0x34, 0x78, 0x5b, 0x70, 0x9a, 0x5e, 0xe4, 0xfd, 0xa7, 0xbd, 0x6a, 0x0f, 0xee,
- 0x45, 0xde, 0x2f, 0xf7, 0xda, 0x81, 0x46, 0xcc, 0xf2, 0x4b, 0x2a, 0x22, 0x39, 0x62, 0x5a, 0xaa,
- 0xba, 0x39, 0xff, 0x7a, 0x01, 0x86, 0x06, 0x43, 0x17, 0xe0, 0xc5, 0x82, 0x26, 0x34, 0x53, 0x8c,
- 0xa4, 0x91, 0x54, 0x5c, 0x50, 0x1f, 0x8c, 0x6b, 0x7f, 0xbd, 0xd7, 0x30, 0x2f, 0x67, 0x24, 0xa1,
- 0xe6, 0xc0, 0xcd, 0xf8, 0x63, 0xa0, 0x95, 0x42, 0x6b, 0x29, 0xe7, 0x77, 0x96, 0xd2, 0x03, 0x12,
- 0x5f, 0xd3, 0x2c, 0x41, 0x3f, 0x7d, 0xde, 0x30, 0xb7, 0x99, 0xe5, 0xf1, 0x2d, 0x66, 0x59, 0x34,
- 0x4a, 0xeb, 0x0a, 0xbe, 0x59, 0x9e, 0x88, 0x0e, 0xb9, 0x9a, 0xf5, 0xdb, 0x81, 0x86, 0xa0, 0x92,
- 0x8f, 0x44, 0x4c, 0x8d, 0x39, 0xec, 0x5b, 0xb1, 0x3e, 0x05, 0xb5, 0x33, 0xf4, 0x67, 0x63, 0x87,
- 0x22, 0x49, 0x22, 0xa8, 0x94, 0xf6, 0xf5, 0x68, 0x14, 0x68, 0xb7, 0x00, 0x5b, 0xff, 0x3a, 0xd0,
- 0x5c, 0x6a, 0x86, 0x22, 0x58, 0x3d, 0x67, 0x29, 0x95, 0xf6, 0x2d, 0x39, 0x7a, 0x88, 0x96, 0x0b,
- 0x3a, 0xf5, 0x56, 0x70, 0xc1, 0x8b, 0x62, 0xa8, 0x0a, 0x73, 0x22, 0x33, 0x93, 0xdb, 0x79, 0xf5,
- 0xa0, 0xdb, 0x5a, 0xd4, 0xa6, 0xb7, 0x82, 0x2d, 0xf5, 0x01, 0xfa, 0xd4, 0x1c, 0xed, 0x1e, 0xac,
- 0xd9, 0x6f, 0x1d, 0x35, 0xc1, 0x3d, 0xe9, 0x86, 0xe1, 0xa0, 0x87, 0x8f, 0x4f, 0x8f, 0x7a, 0xde,
- 0x0a, 0x02, 0xa8, 0x86, 0xaf, 0x5e, 0x9f, 0xf4, 0x0f, 0x3d, 0x47, 0xaf, 0x5f, 0x9f, 0x0e, 0x4e,
- 0xbb, 0x7d, 0xaf, 0x84, 0x36, 0xc1, 0xeb, 0x9e, 0x0e, 0x8e, 0xa3, 0xc5, 0xec, 0x72, 0xfb, 0x18,
- 0xdc, 0x05, 0x0b, 0xa3, 0x75, 0xa8, 0x0d, 0xfa, 0x61, 0xa4, 0x13, 0xbd, 0x15, 0xe4, 0x9a, 0x36,
- 0x6f, 0xf7, 0xa2, 0x67, 0x9e, 0x33, 0x0f, 0xf6, 0xbc, 0xd2, 0x3c, 0xe8, 0x78, 0xe5, 0x79, 0xb0,
- 0xef, 0x55, 0xda, 0x6f, 0xa0, 0xa2, 0x1f, 0x66, 0xf4, 0x15, 0x54, 0xb3, 0xd1, 0xf0, 0x8c, 0x0a,
- 0xa3, 0x7e, 0x03, 0xdb, 0x08, 0xb5, 0xa0, 0x36, 0xfd, 0xf0, 0xec, 0x4d, 0xce, 0x62, 0xfd, 0xe0,
- 0x1a, 0x1f, 0x14, 0x96, 0x33, 0xeb, 0x83, 0xe0, 0xc3, 0xcd, 0x96, 0xf3, 0xd7, 0xcd, 0x96, 0xf3,
- 0xcf, 0xcd, 0x96, 0xf3, 0xe7, 0x76, 0x21, 0x30, 0xe3, 0xbb, 0x24, 0x67, 0xbb, 0xb7, 0xfc, 0x47,
- 0xcf, 0xaa, 0x86, 0x6d, 0xff, 0xff, 0x00, 0x00, 0x00, 0xff, 0xff, 0x35, 0xd5, 0xf3, 0x8a, 0x65,
- 0x07, 0x00, 0x00,
+ // 673 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x54, 0x4d, 0x4f, 0xdb, 0x4c,
+ 0x10, 0xc6, 0x49, 0xc8, 0xc7, 0x84, 0x10, 0xb3, 0x42, 0xaf, 0x0c, 0x07, 0x3e, 0xf2, 0xea, 0xd5,
+ 0x4b, 0xab, 0xd6, 0x81, 0xa4, 0x07, 0x54, 0xa4, 0x4a, 0x69, 0x85, 0x48, 0xd5, 0x40, 0x22, 0x3b,
+ 0xe1, 0xd0, 0x8b, 0xb5, 0x71, 0x16, 0xb2, 0xe0, 0x78, 0xad, 0xdd, 0x4d, 0x20, 0x7f, 0xa9, 0xbf,
+ 0xa4, 0xc7, 0xf6, 0xd0, 0x7b, 0xc5, 0x2f, 0xa9, 0x76, 0xed, 0x90, 0xf4, 0x8b, 0x0a, 0xf5, 0x36,
+ 0xf3, 0xcc, 0xcc, 0x33, 0x33, 0xcf, 0xac, 0x0d, 0xbb, 0x21, 0x91, 0x37, 0x8c, 0x5f, 0xd3, 0xf0,
+ 0xb2, 0x3a, 0x39, 0xc0, 0x41, 0x34, 0xc4, 0xf5, 0xea, 0x25, 0x96, 0xe4, 0x06, 0x4f, 0xed, 0x88,
+ 0x33, 0xc9, 0xd0, 0x06, 0x15, 0x92, 0x32, 0x7b, 0x9e, 0x68, 0xcf, 0x12, 0x2b, 0x9f, 0x0d, 0xc8,
+ 0x9d, 0xc4, 0xc9, 0xe8, 0x08, 0x72, 0x82, 0xf0, 0x09, 0xe1, 0xc2, 0x32, 0x76, 0xd2, 0x7b, 0xc5,
+ 0xda, 0xae, 0xfd, 0xdb, 0x42, 0xdb, 0xd5, 0x99, 0xce, 0xac, 0x02, 0xb5, 0x20, 0x2f, 0x48, 0x40,
+ 0x7c, 0xc9, 0xb8, 0x95, 0xd2, 0xd5, 0xfb, 0x0f, 0x54, 0x27, 0x2d, 0x6d, 0x37, 0x29, 0x39, 0x0e,
+ 0x25, 0x9f, 0x3a, 0xf7, 0x0c, 0x9b, 0x47, 0x50, 0xfa, 0x2e, 0x84, 0x4c, 0x48, 0x5f, 0x93, 0xa9,
+ 0x65, 0xec, 0x18, 0x7b, 0x05, 0x47, 0x99, 0x68, 0x1d, 0x96, 0x27, 0x38, 0x18, 0x13, 0x2b, 0xa5,
+ 0xb1, 0xd8, 0x79, 0x99, 0x3a, 0x34, 0x2a, 0x1f, 0x72, 0x90, 0x8d, 0xc7, 0x43, 0x75, 0xc8, 0x44,
+ 0x8c, 0x4b, 0x5d, 0x57, 0xac, 0x6d, 0x3f, 0x30, 0x51, 0x87, 0x71, 0xe9, 0xe8, 0x64, 0xc5, 0x3c,
+ 0x64, 0x42, 0x0a, 0xbd, 0x47, 0xc1, 0x89, 0x1d, 0xf4, 0x0a, 0xd2, 0x32, 0x10, 0x56, 0x5a, 0x33,
+ 0x3d, 0xfb, 0xa3, 0x32, 0x76, 0xb7, 0xe5, 0xb6, 0x23, 0x49, 0x59, 0x28, 0x1c, 0x55, 0x88, 0x10,
+ 0x64, 0xfa, 0x34, 0x1c, 0x58, 0x19, 0x3d, 0xae, 0xb6, 0xd1, 0x13, 0x30, 0x07, 0xe4, 0x02, 0x8f,
+ 0x03, 0xe9, 0x91, 0x70, 0x10, 0x31, 0x1a, 0x4a, 0x6b, 0x59, 0xc7, 0xcb, 0x09, 0x7e, 0x9c, 0xc0,
+ 0x9b, 0x5f, 0x96, 0x01, 0xe6, 0x94, 0xe8, 0x3f, 0x58, 0x1d, 0x4a, 0x19, 0x09, 0x8f, 0x93, 0x01,
+ 0xe5, 0xc4, 0x8f, 0x57, 0xcc, 0x3b, 0x25, 0x8d, 0x3a, 0x09, 0x88, 0x9a, 0x90, 0x19, 0xb1, 0x41,
+ 0xac, 0xd1, 0x6a, 0xed, 0xc5, 0x63, 0xa6, 0x56, 0xa6, 0xaa, 0x75, 0x34, 0x03, 0x7a, 0x0e, 0x28,
+ 0x3e, 0xb5, 0xe7, 0x13, 0x2e, 0xe9, 0x05, 0xf5, 0xb1, 0x24, 0x5a, 0x8d, 0x82, 0xb3, 0x16, 0x47,
+ 0xde, 0xcc, 0x03, 0x68, 0x1b, 0x8a, 0x11, 0xa7, 0x13, 0x2c, 0x89, 0xa7, 0xee, 0x16, 0x2f, 0x0d,
+ 0x09, 0xf4, 0x8e, 0x4c, 0xd1, 0xff, 0x50, 0xf6, 0xf1, 0x22, 0x97, 0x48, 0x36, 0x5f, 0xf5, 0xf1,
+ 0x02, 0x91, 0x40, 0x4f, 0x61, 0x4d, 0x8c, 0xfb, 0x57, 0xc4, 0x97, 0x1e, 0x0e, 0xa4, 0x17, 0xe2,
+ 0x11, 0x11, 0x56, 0x56, 0x5f, 0xa6, 0x9c, 0x04, 0x1a, 0x81, 0x3c, 0x53, 0x30, 0xba, 0x82, 0xf5,
+ 0x11, 0x0d, 0x3d, 0xfd, 0xea, 0x7d, 0x16, 0x78, 0xea, 0x65, 0x52, 0x16, 0x5a, 0x39, 0xbd, 0xfe,
+ 0xe1, 0x63, 0xd7, 0xef, 0x24, 0x3c, 0x0e, 0x1a, 0xd1, 0x70, 0xe6, 0x9c, 0xc7, 0x9c, 0xba, 0x17,
+ 0xbe, 0xfd, 0xb9, 0x57, 0xfe, 0xaf, 0x7b, 0xe1, 0xdb, 0x1f, 0x7b, 0xfd, 0x0b, 0x25, 0x9f, 0x46,
+ 0x43, 0xc2, 0x3d, 0x31, 0xa6, 0x4a, 0xaa, 0x82, 0xde, 0x7f, 0x25, 0x06, 0x5d, 0x8d, 0xa1, 0x0d,
+ 0xc8, 0x8b, 0x81, 0xd0, 0x02, 0x59, 0xa0, 0xa5, 0xcc, 0x89, 0x81, 0x50, 0xc2, 0x54, 0x9a, 0x90,
+ 0x4b, 0xae, 0x89, 0xca, 0x50, 0xec, 0x34, 0x5c, 0xb7, 0xdb, 0x74, 0xda, 0xbd, 0x93, 0xa6, 0xb9,
+ 0x84, 0x00, 0xb2, 0xee, 0xdb, 0xd3, 0x4e, 0xeb, 0xd8, 0x34, 0x94, 0x7d, 0xda, 0xeb, 0xf6, 0x1a,
+ 0x2d, 0x33, 0x85, 0xd6, 0xc1, 0x6c, 0xf4, 0xba, 0x6d, 0x6f, 0x31, 0x3b, 0x5d, 0x69, 0x43, 0x71,
+ 0x61, 0x58, 0xb4, 0x02, 0xf9, 0x6e, 0xcb, 0xf5, 0x54, 0xa2, 0xb9, 0x84, 0x8a, 0xba, 0xcd, 0xf9,
+ 0x81, 0xb7, 0x6f, 0x1a, 0x73, 0xe7, 0xc0, 0x4c, 0xcd, 0x9d, 0x9a, 0x99, 0x9e, 0x3b, 0x75, 0x33,
+ 0x53, 0x39, 0x83, 0x8c, 0xfa, 0xf4, 0xd0, 0x3f, 0x90, 0x0d, 0xc7, 0xa3, 0x3e, 0xe1, 0xfa, 0x21,
+ 0x97, 0x9c, 0xc4, 0x43, 0x9b, 0x90, 0x9f, 0x49, 0x9c, 0x7c, 0xe9, 0xf7, 0xbe, 0xfa, 0xa4, 0xf4,
+ 0xb6, 0xf1, 0x2b, 0xd4, 0xf6, 0x6b, 0xfb, 0xe3, 0xdd, 0x96, 0xf1, 0xe9, 0x6e, 0xcb, 0xf8, 0x7a,
+ 0xb7, 0x65, 0xbc, 0xdf, 0x89, 0xaf, 0x40, 0x59, 0x15, 0x47, 0xb4, 0xfa, 0x8b, 0x3f, 0x65, 0x3f,
+ 0xab, 0xd9, 0xea, 0xdf, 0x02, 0x00, 0x00, 0xff, 0xff, 0x20, 0x65, 0xa6, 0x2f, 0x47, 0x05, 0x00,
+ 0x00,
}
diff --git a/networking/v1alpha3/gateway.proto b/networking/v1alpha3/gateway.proto
index cdc0334ace..ad9f22791b 100644
--- a/networking/v1alpha3/gateway.proto
+++ b/networking/v1alpha3/gateway.proto
@@ -291,55 +291,13 @@ message Server {
// enforced.
TLSmode mode = 2;
- // The file backend specifies the file system paths where the
- // server's public and private keys can be obtained.
- message CredentialStoreFileBackend {
- // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file
- // holding the server-side TLS certificate to use.
- string server_certificate = 3;
-
- // REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file
- // holding the server's private key.
- string private_key = 4;
- };
-
- // The remote backend provides information about the remote secret
- // management server that contains the server's public and private keys.
- message CredentialStoreRemoteBackend {
- // REQUIRED the name of the resource that the credential server can
- // use to identify the certificates associated with the gateway
- // server. In kubernetes, this should correspond to the name of the
- // secret that contains the server-side TLS certificate and the
- // server's private key. Note that the secret should contain both the
- // public and private keys associated with the server port.
- //
- // It is possible to use the same resourceName across several servers
- // on different ports, if these servers share the same credentials.
- string resource_name = 1;
-
- // The address where the credential store server can be reached.
- // If omitted, will default to unix:/var/run/gateway/sds
- string server_address = 2;
- };
-
// REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file
// holding the server-side TLS certificate to use.
- // Deprecated. Use
- string server_certificate = 3 [deprecated=true];
+ string server_certificate = 3;
// REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file
// holding the server's private key.
- string private_key = 4 [deprecated=true];
-
- message CredentialStore {
- oneof credential_store {
- CredentialStoreFileBackend files = 1;
- CredentialStoreRemoteBackend remote = 2;
- }
- }
-
- // REQUIRED if the mode is `SIMPLE` or `MUTUAL`.
- CredentialStore credential_store = 10;
+ string private_key = 4;
// REQUIRED if mode is `MUTUAL`. The path to a file containing
// certificate authority certificates to use in verifying a presented
@@ -377,6 +335,13 @@ message Server {
// Optional: If specified, only support the specified cipher list.
// Otherwise default to the default cipher list supported by Envoy.
repeated string cipher_suites = 9;
+
+ // Optional: If specified, the gateway controllers (with SDS enabled)
+ // use the specified name as the SDS secret config name to call the SDS
+ // server, to retrieve the key and certificates. Otherwise, the gateway
+ // controllers (with SDS enabled) use the first value in the hosts as
+ // the SDS secret config name to call the SDS server.
+ string sds_name = 10;
}
// Set of TLS related options that govern the server's behavior. Use
diff --git a/networking/v1alpha3/istio.networking.v1alpha3.pb.html b/networking/v1alpha3/istio.networking.v1alpha3.pb.html
index aff9a57773..d4b3616627 100644
--- a/networking/v1alpha3/istio.networking.v1alpha3.pb.html
+++ b/networking/v1alpha3/istio.networking.v1alpha3.pb.html
@@ -6,7 +6,7 @@
generator: protoc-gen-docs
aliases:
- /docs/reference/config/istio.routing.v1alpha1/
-number_of_entries: 63
+number_of_entries: 60
---
Configuration affecting traffic routing. Here are a few terms useful to define
in the context of traffic routing.
@@ -2928,31 +2928,22 @@ Server.TLSOptions
-
+
serverCertificate |
string |
REQUIRED if mode is SIMPLE or MUTUAL. The path to the file
-holding the server-side TLS certificate to use.
-Deprecated. Use
+holding the server-side TLS certificate to use.
|
-
+
privateKey |
string |
REQUIRED if mode is SIMPLE or MUTUAL. The path to the file
holding the server’s private key.
- |
-
-
-credentialStore |
-Server.TLSOptions.CredentialStore |
-
- REQUIRED if the mode is SIMPLE or MUTUAL.
-
|
@@ -2999,106 +2990,15 @@ Server.TLSOptions
-
-
-
-Server.TLSOptions.CredentialStore
-
-Server.TLSOptions.CredentialStoreFileBackend
-
-The file backend specifies the file system paths where the
-server’s public and private keys can be obtained.
-
-
-
-
-| Field |
-Type |
-Description |
-
-
-
-
-serverCertificate |
-string |
-
- REQUIRED if mode is SIMPLE or MUTUAL. The path to the file
-holding the server-side TLS certificate to use.
-
- |
-
-
-privateKey |
-string |
-
- REQUIRED if mode is SIMPLE or MUTUAL. The path to the file
-holding the server’s private key.
-
- |
-
-
-
-
-Server.TLSOptions.CredentialStoreRemoteBackend
-
-The remote backend provides information about the remote secret
-management server that contains the server’s public and private keys.
-
-
-
-
-| Field |
-Type |
-Description |
-
-
-
-
-resourceName |
-string |
-
- REQUIRED the name of the resource that the credential server can
-use to identify the certificates associated with the gateway
-server. In kubernetes, this should correspond to the name of the
-secret that contains the server-side TLS certificate and the
-server’s private key. Note that the secret should contain both the
-public and private keys associated with the server port.
-
-It is possible to use the same resourceName across several servers
-on different ports, if these servers share the same credentials.
-
- |
-
-
-serverAddress |
+
+sdsName |
string |
- The address where the credential store server can be reached.
-If omitted, will default to unix:/var/run/gateway/sds
+Optional: If specified, the gateway controllers (with SDS enabled)
+use the specified name as the SDS secret config name to call the SDS
+server, to retrieve the key and certificates. Otherwise, the gateway
+controllers (with SDS enabled) use the first value in the hosts as
+the SDS secret config name to call the SDS server.
|
diff --git a/proto.lock b/proto.lock
index f0cb8b6af0..c0b4dd150f 100644
--- a/proto.lock
+++ b/proto.lock
@@ -3300,11 +3300,6 @@
"name": "private_key",
"type": "string"
},
- {
- "id": 10,
- "name": "credential_store",
- "type": "CredentialStore"
- },
{
"id": 5,
"name": "ca_certificates",
@@ -3331,53 +3326,11 @@
"name": "cipher_suites",
"type": "string",
"is_repeated": true
- }
- ],
- "messages": [
- {
- "name": "CredentialStoreFileBackend",
- "fields": [
- {
- "id": 3,
- "name": "server_certificate",
- "type": "string"
- },
- {
- "id": 4,
- "name": "private_key",
- "type": "string"
- }
- ]
- },
- {
- "name": "CredentialStoreRemoteBackend",
- "fields": [
- {
- "id": 1,
- "name": "resource_name",
- "type": "string"
- },
- {
- "id": 2,
- "name": "server_address",
- "type": "string"
- }
- ]
},
{
- "name": "CredentialStore",
- "fields": [
- {
- "id": 1,
- "name": "files",
- "type": "CredentialStoreFileBackend"
- },
- {
- "id": 2,
- "name": "remote",
- "type": "CredentialStoreRemoteBackend"
- }
- ]
+ "id": 10,
+ "name": "sds_name",
+ "type": "string"
}
]
}
diff --git a/python/istio_api/networking/v1alpha3/gateway_pb2.py b/python/istio_api/networking/v1alpha3/gateway_pb2.py
index 6be5efb3a0..77c9a04a9d 100644
--- a/python/istio_api/networking/v1alpha3/gateway_pb2.py
+++ b/python/istio_api/networking/v1alpha3/gateway_pb2.py
@@ -19,7 +19,7 @@
name='networking/v1alpha3/gateway.proto',
package='istio.networking.v1alpha3',
syntax='proto3',
- serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xb8\t\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x04 \x01(\t\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x05 \x01(\t\x1a\x8c\x08\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1e\n\x12server_certificate\x18\x03 \x01(\tB\x02\x18\x01\x12\x17\n\x0bprivate_key\x18\x04 \x01(\tB\x02\x18\x01\x12V\n\x10\x63redential_store\x18\n \x01(\x0b\x32<.istio.networking.v1alpha3.Server.TLSOptions.CredentialStore\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\x1aM\n\x1a\x43redentialStoreFileBackend\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x1aM\n\x1c\x43redentialStoreRemoteBackend\x12\x15\n\rresource_name\x18\x01 \x01(\t\x12\x16\n\x0eserver_address\x18\x02 \x01(\t\x1a\xdc\x01\n\x0f\x43redentialStore\x12X\n\x05\x66iles\x18\x01 \x01(\x0b\x32G.istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackendH\x00\x12[\n\x06remote\x18\x02 \x01(\x0b\x32I.istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackendH\x00\x42\x12\n\x10\x63redential_store\"H\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x14\n\x10\x41UTO_PASSTHROUGH\x10\x03\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSV1_0\x10\x01\x12\x0b\n\x07TLSV1_1\x10\x02\x12\x0b\n\x07TLSV1_2\x10\x03\x12\x0b\n\x07TLSV1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3')
+ serialized_pb=_b('\n!networking/v1alpha3/gateway.proto\x12\x19istio.networking.v1alpha3\"\xb2\x01\n\x07Gateway\x12\x32\n\x07servers\x18\x01 \x03(\x0b\x32!.istio.networking.v1alpha3.Server\x12\x42\n\x08selector\x18\x02 \x03(\x0b\x32\x30.istio.networking.v1alpha3.Gateway.SelectorEntry\x1a/\n\rSelectorEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"\xed\x05\n\x06Server\x12-\n\x04port\x18\x01 \x01(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x0c\n\x04\x62ind\x18\x04 \x01(\t\x12\r\n\x05hosts\x18\x02 \x03(\t\x12\x39\n\x03tls\x18\x03 \x01(\x0b\x32,.istio.networking.v1alpha3.Server.TLSOptions\x12\x18\n\x10\x64\x65\x66\x61ult_endpoint\x18\x05 \x01(\t\x1a\xc1\x04\n\nTLSOptions\x12\x16\n\x0ehttps_redirect\x18\x01 \x01(\x08\x12\x42\n\x04mode\x18\x02 \x01(\x0e\x32\x34.istio.networking.v1alpha3.Server.TLSOptions.TLSmode\x12\x1a\n\x12server_certificate\x18\x03 \x01(\t\x12\x13\n\x0bprivate_key\x18\x04 \x01(\t\x12\x17\n\x0f\x63\x61_certificates\x18\x05 \x01(\t\x12\x19\n\x11subject_alt_names\x18\x06 \x03(\t\x12V\n\x14min_protocol_version\x18\x07 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12V\n\x14max_protocol_version\x18\x08 \x01(\x0e\x32\x38.istio.networking.v1alpha3.Server.TLSOptions.TLSProtocol\x12\x15\n\rcipher_suites\x18\t \x03(\t\x12\x10\n\x08sds_name\x18\n \x01(\t\"H\n\x07TLSmode\x12\x0f\n\x0bPASSTHROUGH\x10\x00\x12\n\n\x06SIMPLE\x10\x01\x12\n\n\x06MUTUAL\x10\x02\x12\x14\n\x10\x41UTO_PASSTHROUGH\x10\x03\"O\n\x0bTLSProtocol\x12\x0c\n\x08TLS_AUTO\x10\x00\x12\x0b\n\x07TLSV1_0\x10\x01\x12\x0b\n\x07TLSV1_1\x10\x02\x12\x0b\n\x07TLSV1_2\x10\x03\x12\x0b\n\x07TLSV1_3\x10\x04\"6\n\x04Port\x12\x0e\n\x06number\x18\x01 \x01(\r\x12\x10\n\x08protocol\x18\x02 \x01(\t\x12\x0c\n\x04name\x18\x03 \x01(\tB\"Z istio.io/api/networking/v1alpha3b\x06proto3')
)
@@ -49,8 +49,8 @@
],
containing_type=None,
options=None,
- serialized_start=1301,
- serialized_end=1373,
+ serialized_start=842,
+ serialized_end=914,
)
_sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSMODE)
@@ -83,8 +83,8 @@
],
containing_type=None,
options=None,
- serialized_start=1375,
- serialized_end=1454,
+ serialized_start=916,
+ serialized_end=995,
)
_sym_db.RegisterEnumDescriptor(_SERVER_TLSOPTIONS_TLSPROTOCOL)
@@ -164,120 +164,6 @@
)
-_SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND = _descriptor.Descriptor(
- name='CredentialStoreFileBackend',
- full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend',
- filename=None,
- file=DESCRIPTOR,
- containing_type=None,
- fields=[
- _descriptor.FieldDescriptor(
- name='server_certificate', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend.server_certificate', index=0,
- number=3, type=9, cpp_type=9, label=1,
- has_default_value=False, default_value=_b("").decode('utf-8'),
- message_type=None, enum_type=None, containing_type=None,
- is_extension=False, extension_scope=None,
- options=None, file=DESCRIPTOR),
- _descriptor.FieldDescriptor(
- name='private_key', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend.private_key', index=1,
- number=4, type=9, cpp_type=9, label=1,
- has_default_value=False, default_value=_b("").decode('utf-8'),
- message_type=None, enum_type=None, containing_type=None,
- is_extension=False, extension_scope=None,
- options=None, file=DESCRIPTOR),
- ],
- extensions=[
- ],
- nested_types=[],
- enum_types=[
- ],
- options=None,
- is_extendable=False,
- syntax='proto3',
- extension_ranges=[],
- oneofs=[
- ],
- serialized_start=920,
- serialized_end=997,
-)
-
-_SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND = _descriptor.Descriptor(
- name='CredentialStoreRemoteBackend',
- full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend',
- filename=None,
- file=DESCRIPTOR,
- containing_type=None,
- fields=[
- _descriptor.FieldDescriptor(
- name='resource_name', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend.resource_name', index=0,
- number=1, type=9, cpp_type=9, label=1,
- has_default_value=False, default_value=_b("").decode('utf-8'),
- message_type=None, enum_type=None, containing_type=None,
- is_extension=False, extension_scope=None,
- options=None, file=DESCRIPTOR),
- _descriptor.FieldDescriptor(
- name='server_address', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend.server_address', index=1,
- number=2, type=9, cpp_type=9, label=1,
- has_default_value=False, default_value=_b("").decode('utf-8'),
- message_type=None, enum_type=None, containing_type=None,
- is_extension=False, extension_scope=None,
- options=None, file=DESCRIPTOR),
- ],
- extensions=[
- ],
- nested_types=[],
- enum_types=[
- ],
- options=None,
- is_extendable=False,
- syntax='proto3',
- extension_ranges=[],
- oneofs=[
- ],
- serialized_start=999,
- serialized_end=1076,
-)
-
-_SERVER_TLSOPTIONS_CREDENTIALSTORE = _descriptor.Descriptor(
- name='CredentialStore',
- full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore',
- filename=None,
- file=DESCRIPTOR,
- containing_type=None,
- fields=[
- _descriptor.FieldDescriptor(
- name='files', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore.files', index=0,
- number=1, type=11, cpp_type=10, label=1,
- has_default_value=False, default_value=None,
- message_type=None, enum_type=None, containing_type=None,
- is_extension=False, extension_scope=None,
- options=None, file=DESCRIPTOR),
- _descriptor.FieldDescriptor(
- name='remote', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore.remote', index=1,
- number=2, type=11, cpp_type=10, label=1,
- has_default_value=False, default_value=None,
- message_type=None, enum_type=None, containing_type=None,
- is_extension=False, extension_scope=None,
- options=None, file=DESCRIPTOR),
- ],
- extensions=[
- ],
- nested_types=[],
- enum_types=[
- ],
- options=None,
- is_extendable=False,
- syntax='proto3',
- extension_ranges=[],
- oneofs=[
- _descriptor.OneofDescriptor(
- name='credential_store', full_name='istio.networking.v1alpha3.Server.TLSOptions.CredentialStore.credential_store',
- index=0, containing_type=None, fields=[]),
- ],
- serialized_start=1079,
- serialized_end=1299,
-)
-
_SERVER_TLSOPTIONS = _descriptor.Descriptor(
name='TLSOptions',
full_name='istio.networking.v1alpha3.Server.TLSOptions',
@@ -305,60 +191,60 @@
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
- options=_descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')), file=DESCRIPTOR),
+ options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='private_key', full_name='istio.networking.v1alpha3.Server.TLSOptions.private_key', index=3,
number=4, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
- options=_descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001')), file=DESCRIPTOR),
- _descriptor.FieldDescriptor(
- name='credential_store', full_name='istio.networking.v1alpha3.Server.TLSOptions.credential_store', index=4,
- number=10, type=11, cpp_type=10, label=1,
- has_default_value=False, default_value=None,
- message_type=None, enum_type=None, containing_type=None,
- is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
- name='ca_certificates', full_name='istio.networking.v1alpha3.Server.TLSOptions.ca_certificates', index=5,
+ name='ca_certificates', full_name='istio.networking.v1alpha3.Server.TLSOptions.ca_certificates', index=4,
number=5, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
- name='subject_alt_names', full_name='istio.networking.v1alpha3.Server.TLSOptions.subject_alt_names', index=6,
+ name='subject_alt_names', full_name='istio.networking.v1alpha3.Server.TLSOptions.subject_alt_names', index=5,
number=6, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
- name='min_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.min_protocol_version', index=7,
+ name='min_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.min_protocol_version', index=6,
number=7, type=14, cpp_type=8, label=1,
has_default_value=False, default_value=0,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
- name='max_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.max_protocol_version', index=8,
+ name='max_protocol_version', full_name='istio.networking.v1alpha3.Server.TLSOptions.max_protocol_version', index=7,
number=8, type=14, cpp_type=8, label=1,
has_default_value=False, default_value=0,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
- name='cipher_suites', full_name='istio.networking.v1alpha3.Server.TLSOptions.cipher_suites', index=9,
+ name='cipher_suites', full_name='istio.networking.v1alpha3.Server.TLSOptions.cipher_suites', index=8,
number=9, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
+ _descriptor.FieldDescriptor(
+ name='sds_name', full_name='istio.networking.v1alpha3.Server.TLSOptions.sds_name', index=9,
+ number=10, type=9, cpp_type=9, label=1,
+ has_default_value=False, default_value=_b("").decode('utf-8'),
+ message_type=None, enum_type=None, containing_type=None,
+ is_extension=False, extension_scope=None,
+ options=None, file=DESCRIPTOR),
],
extensions=[
],
- nested_types=[_SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND, _SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND, _SERVER_TLSOPTIONS_CREDENTIALSTORE, ],
+ nested_types=[],
enum_types=[
_SERVER_TLSOPTIONS_TLSMODE,
_SERVER_TLSOPTIONS_TLSPROTOCOL,
@@ -370,7 +256,7 @@
oneofs=[
],
serialized_start=418,
- serialized_end=1454,
+ serialized_end=995,
)
_SERVER = _descriptor.Descriptor(
@@ -428,7 +314,7 @@
oneofs=[
],
serialized_start=246,
- serialized_end=1454,
+ serialized_end=995,
)
@@ -472,26 +358,14 @@
extension_ranges=[],
oneofs=[
],
- serialized_start=1456,
- serialized_end=1510,
+ serialized_start=997,
+ serialized_end=1051,
)
_GATEWAY_SELECTORENTRY.containing_type = _GATEWAY
_GATEWAY.fields_by_name['servers'].message_type = _SERVER
_GATEWAY.fields_by_name['selector'].message_type = _GATEWAY_SELECTORENTRY
-_SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND.containing_type = _SERVER_TLSOPTIONS
-_SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND.containing_type = _SERVER_TLSOPTIONS
-_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['files'].message_type = _SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND
-_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['remote'].message_type = _SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND
-_SERVER_TLSOPTIONS_CREDENTIALSTORE.containing_type = _SERVER_TLSOPTIONS
-_SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store'].fields.append(
- _SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['files'])
-_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['files'].containing_oneof = _SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store']
-_SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store'].fields.append(
- _SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['remote'])
-_SERVER_TLSOPTIONS_CREDENTIALSTORE.fields_by_name['remote'].containing_oneof = _SERVER_TLSOPTIONS_CREDENTIALSTORE.oneofs_by_name['credential_store']
_SERVER_TLSOPTIONS.fields_by_name['mode'].enum_type = _SERVER_TLSOPTIONS_TLSMODE
-_SERVER_TLSOPTIONS.fields_by_name['credential_store'].message_type = _SERVER_TLSOPTIONS_CREDENTIALSTORE
_SERVER_TLSOPTIONS.fields_by_name['min_protocol_version'].enum_type = _SERVER_TLSOPTIONS_TLSPROTOCOL
_SERVER_TLSOPTIONS.fields_by_name['max_protocol_version'].enum_type = _SERVER_TLSOPTIONS_TLSPROTOCOL
_SERVER_TLSOPTIONS.containing_type = _SERVER
@@ -522,27 +396,6 @@
Server = _reflection.GeneratedProtocolMessageType('Server', (_message.Message,), dict(
TLSOptions = _reflection.GeneratedProtocolMessageType('TLSOptions', (_message.Message,), dict(
-
- CredentialStoreFileBackend = _reflection.GeneratedProtocolMessageType('CredentialStoreFileBackend', (_message.Message,), dict(
- DESCRIPTOR = _SERVER_TLSOPTIONS_CREDENTIALSTOREFILEBACKEND,
- __module__ = 'networking.v1alpha3.gateway_pb2'
- # @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreFileBackend)
- ))
- ,
-
- CredentialStoreRemoteBackend = _reflection.GeneratedProtocolMessageType('CredentialStoreRemoteBackend', (_message.Message,), dict(
- DESCRIPTOR = _SERVER_TLSOPTIONS_CREDENTIALSTOREREMOTEBACKEND,
- __module__ = 'networking.v1alpha3.gateway_pb2'
- # @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions.CredentialStoreRemoteBackend)
- ))
- ,
-
- CredentialStore = _reflection.GeneratedProtocolMessageType('CredentialStore', (_message.Message,), dict(
- DESCRIPTOR = _SERVER_TLSOPTIONS_CREDENTIALSTORE,
- __module__ = 'networking.v1alpha3.gateway_pb2'
- # @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions.CredentialStore)
- ))
- ,
DESCRIPTOR = _SERVER_TLSOPTIONS,
__module__ = 'networking.v1alpha3.gateway_pb2'
# @@protoc_insertion_point(class_scope:istio.networking.v1alpha3.Server.TLSOptions)
@@ -554,9 +407,6 @@
))
_sym_db.RegisterMessage(Server)
_sym_db.RegisterMessage(Server.TLSOptions)
-_sym_db.RegisterMessage(Server.TLSOptions.CredentialStoreFileBackend)
-_sym_db.RegisterMessage(Server.TLSOptions.CredentialStoreRemoteBackend)
-_sym_db.RegisterMessage(Server.TLSOptions.CredentialStore)
Port = _reflection.GeneratedProtocolMessageType('Port', (_message.Message,), dict(
DESCRIPTOR = _PORT,
@@ -570,8 +420,4 @@
DESCRIPTOR._options = _descriptor._ParseOptions(descriptor_pb2.FileOptions(), _b('Z istio.io/api/networking/v1alpha3'))
_GATEWAY_SELECTORENTRY.has_options = True
_GATEWAY_SELECTORENTRY._options = _descriptor._ParseOptions(descriptor_pb2.MessageOptions(), _b('8\001'))
-_SERVER_TLSOPTIONS.fields_by_name['server_certificate'].has_options = True
-_SERVER_TLSOPTIONS.fields_by_name['server_certificate']._options = _descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001'))
-_SERVER_TLSOPTIONS.fields_by_name['private_key'].has_options = True
-_SERVER_TLSOPTIONS.fields_by_name['private_key']._options = _descriptor._ParseOptions(descriptor_pb2.FieldOptions(), _b('\030\001'))
# @@protoc_insertion_point(module_scope)