From e5808d85f75140aeb51abd1edff20c12e70ed0d0 Mon Sep 17 00:00:00 2001 From: skpratt Date: Thu, 14 Sep 2023 12:40:54 -0500 Subject: [PATCH] register traffic permission and workload identity types (#18704) * add workload identity and traffic permission protos * register new types * add generated pb code * fix exports.go path * add proto newlines * fix type name Co-authored-by: Eric Haberkorn * address review * fix protos and add tests * fix validation constraints * add tests --------- Co-authored-by: Eric Haberkorn --- agent/consul/type_registry.go | 2 + internal/auth/exports.go | 41 + .../types/computed_traffic_permissions.go | 33 + internal/auth/internal/types/errors.go | 12 + .../internal/types/traffic_permissions.go | 144 ++ .../types/traffic_permissions_test.go | 262 ++++ internal/auth/internal/types/types.go | 20 + .../auth/internal/types/workload_identity.go | 33 + .../computed_traffic_permissions.pb.binary.go | 18 + .../computed_traffic_permissions.pb.go | 188 +++ .../computed_traffic_permissions.proto | 10 + .../v1alpha1/traffic_permissions.pb.binary.go | 108 ++ .../pbauth/v1alpha1/traffic_permissions.pb.go | 1191 +++++++++++++++++ .../pbauth/v1alpha1/traffic_permissions.proto | 124 ++ .../v1alpha1/workload_identity.pb.binary.go | 18 + .../pbauth/v1alpha1/workload_identity.pb.go | 152 +++ .../pbauth/v1alpha1/workload_identity.proto | 5 + 17 files changed, 2361 insertions(+) create mode 100644 internal/auth/exports.go create mode 100644 internal/auth/internal/types/computed_traffic_permissions.go create mode 100644 internal/auth/internal/types/errors.go create mode 100644 internal/auth/internal/types/traffic_permissions.go create mode 100644 internal/auth/internal/types/traffic_permissions_test.go create mode 100644 internal/auth/internal/types/types.go create mode 100644 internal/auth/internal/types/workload_identity.go create mode 100644 proto-public/pbauth/v1alpha1/computed_traffic_permissions.pb.binary.go create mode 100644 proto-public/pbauth/v1alpha1/computed_traffic_permissions.pb.go create mode 100644 proto-public/pbauth/v1alpha1/computed_traffic_permissions.proto create mode 100644 proto-public/pbauth/v1alpha1/traffic_permissions.pb.binary.go create mode 100644 proto-public/pbauth/v1alpha1/traffic_permissions.pb.go create mode 100644 proto-public/pbauth/v1alpha1/traffic_permissions.proto create mode 100644 proto-public/pbauth/v1alpha1/workload_identity.pb.binary.go create mode 100644 proto-public/pbauth/v1alpha1/workload_identity.pb.go create mode 100644 proto-public/pbauth/v1alpha1/workload_identity.proto diff --git a/agent/consul/type_registry.go b/agent/consul/type_registry.go index 90bf76576f..a23f72b9b2 100644 --- a/agent/consul/type_registry.go +++ b/agent/consul/type_registry.go @@ -4,6 +4,7 @@ package consul import ( + "github.com/hashicorp/consul/internal/auth" "github.com/hashicorp/consul/internal/catalog" "github.com/hashicorp/consul/internal/mesh" "github.com/hashicorp/consul/internal/resource" @@ -23,6 +24,7 @@ func NewTypeRegistry() resource.Registry { demo.RegisterTypes(registry) mesh.RegisterTypes(registry) catalog.RegisterTypes(registry) + auth.RegisterTypes(registry) return registry } diff --git a/internal/auth/exports.go b/internal/auth/exports.go new file mode 100644 index 0000000000..5dc4935461 --- /dev/null +++ b/internal/auth/exports.go @@ -0,0 +1,41 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package auth + +import ( + "github.com/hashicorp/consul/internal/auth/internal/types" + "github.com/hashicorp/consul/internal/resource" +) + +var ( + // API Group Information + + APIGroup = types.GroupName + VersionV1Alpha1 = types.VersionV1Alpha1 + CurrentVersion = types.CurrentVersion + + // Resource Kind Names. + + WorkloadIdentity = types.WorkloadIdentityKind + TrafficPermissions = types.TrafficPermissionsKind + ComputedTrafficPermissions = types.ComputedTrafficPermissionsKind + + // Resource Types for the v1alpha1 version. + + WorkloadIdentityV1Alpha1Type = types.WorkloadIdentityV1Alpha1Type + TrafficPermissionsV1Alpha1Type = types.TrafficPermissionsV1Alpha1Type + ComputedTrafficPermissionsV1Alpha1Type = types.ComputedTrafficPermissionsV1Alpha1Type + + // Resource Types for the latest version. + + WorkloadIdentityType = types.WorkloadIdentityType + TrafficPermissionsType = types.TrafficPermissionsType + ComputedTrafficPermissionsType = types.ComputedTrafficPermissionsType +) + +// RegisterTypes adds all resource types within the "catalog" API group +// to the given type registry +func RegisterTypes(r resource.Registry) { + types.Register(r) +} diff --git a/internal/auth/internal/types/computed_traffic_permissions.go b/internal/auth/internal/types/computed_traffic_permissions.go new file mode 100644 index 0000000000..753d875f8b --- /dev/null +++ b/internal/auth/internal/types/computed_traffic_permissions.go @@ -0,0 +1,33 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "github.com/hashicorp/consul/internal/resource" + pbauth "github.com/hashicorp/consul/proto-public/pbauth/v1alpha1" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +const ( + ComputedTrafficPermissionsKind = "ComputedTrafficPermission" +) + +var ( + ComputedTrafficPermissionsV1Alpha1Type = &pbresource.Type{ + Group: GroupName, + GroupVersion: VersionV1Alpha1, + Kind: ComputedTrafficPermissionsKind, + } + + ComputedTrafficPermissionsType = ComputedTrafficPermissionsV1Alpha1Type +) + +func RegisterComputedTrafficPermission(r resource.Registry) { + r.Register(resource.Registration{ + Type: ComputedTrafficPermissionsV1Alpha1Type, + Proto: &pbauth.ComputedTrafficPermissions{}, + Scope: resource.ScopeNamespace, + Validate: nil, + }) +} diff --git a/internal/auth/internal/types/errors.go b/internal/auth/internal/types/errors.go new file mode 100644 index 0000000000..a1aab5b419 --- /dev/null +++ b/internal/auth/internal/types/errors.go @@ -0,0 +1,12 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import "errors" + +var ( + errInvalidAction = errors.New("action must be either allow or deny") + errSourcesTenancy = errors.New("permissions sources may not specify partitions, peers, and sameness_groups together") + errInvalidPrefixValues = errors.New("prefix values, regex values, and explicit names must not combined") +) diff --git a/internal/auth/internal/types/traffic_permissions.go b/internal/auth/internal/types/traffic_permissions.go new file mode 100644 index 0000000000..7fa60c5cf2 --- /dev/null +++ b/internal/auth/internal/types/traffic_permissions.go @@ -0,0 +1,144 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "github.com/hashicorp/go-multierror" + + "github.com/hashicorp/consul/internal/resource" + pbauth "github.com/hashicorp/consul/proto-public/pbauth/v1alpha1" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +const ( + TrafficPermissionsKind = "TrafficPermissions" +) + +var ( + TrafficPermissionsV1Alpha1Type = &pbresource.Type{ + Group: GroupName, + GroupVersion: VersionV1Alpha1, + Kind: TrafficPermissionsKind, + } + + TrafficPermissionsType = TrafficPermissionsV1Alpha1Type +) + +func RegisterTrafficPermissions(r resource.Registry) { + r.Register(resource.Registration{ + Type: TrafficPermissionsV1Alpha1Type, + Proto: &pbauth.TrafficPermissions{}, + Scope: resource.ScopeNamespace, + Validate: ValidateTrafficPermissions, + }) +} + +func ValidateTrafficPermissions(res *pbresource.Resource) error { + var tp pbauth.TrafficPermissions + + if err := res.Data.UnmarshalTo(&tp); err != nil { + return resource.NewErrDataParse(&tp, err) + } + + var err error + + if tp.Action == pbauth.Action_ACTION_UNSPECIFIED { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "data.action", + Wrapped: errInvalidAction, + }) + } + if tp.Destination == nil || (len(tp.Destination.IdentityName) == 0) { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "data.destination", + Wrapped: resource.ErrEmpty, + }) + } + // Validate permissions + for i, permission := range tp.Permissions { + wrapPermissionErr := func(err error) error { + return resource.ErrInvalidListElement{ + Name: "permissions", + Index: i, + Wrapped: err, + } + } + for s, src := range permission.Sources { + wrapSrcErr := func(err error) error { + return wrapPermissionErr(resource.ErrInvalidListElement{ + Name: "sources", + Index: s, + Wrapped: err, + }) + } + if (len(src.Partition) > 0 && len(src.Peer) > 0) || + (len(src.Partition) > 0 && len(src.SamenessGroup) > 0) || + (len(src.Peer) > 0 && len(src.SamenessGroup) > 0) { + err = multierror.Append(err, wrapSrcErr(resource.ErrInvalidListElement{ + Name: "source", + Wrapped: errSourcesTenancy, + })) + } + if len(src.Exclude) > 0 { + for e, d := range src.Exclude { + wrapExclSrcErr := func(err error) error { + return wrapPermissionErr(resource.ErrInvalidListElement{ + Name: "exclude_sources", + Index: e, + Wrapped: err, + }) + } + if (len(d.Partition) > 0 && len(d.Peer) > 0) || + (len(d.Partition) > 0 && len(d.SamenessGroup) > 0) || + (len(d.Peer) > 0 && len(d.SamenessGroup) > 0) { + err = multierror.Append(err, wrapExclSrcErr(resource.ErrInvalidListElement{ + Name: "exclude_source", + Wrapped: errSourcesTenancy, + })) + } + } + } + } + if len(permission.DestinationRules) > 0 { + for d, dest := range permission.DestinationRules { + wrapDestRuleErr := func(err error) error { + return wrapPermissionErr(resource.ErrInvalidListElement{ + Name: "destination_rules", + Index: d, + Wrapped: err, + }) + } + if (len(dest.PathExact) > 0 && len(dest.PathPrefix) > 0) || + (len(dest.PathRegex) > 0 && len(dest.PathExact) > 0) || + (len(dest.PathRegex) > 0 && len(dest.PathPrefix) > 0) { + err = multierror.Append(err, wrapDestRuleErr(resource.ErrInvalidListElement{ + Name: "destination_rule", + Wrapped: errInvalidPrefixValues, + })) + } + if len(dest.Exclude) > 0 { + for e, excl := range dest.Exclude { + wrapExclPermRuleErr := func(err error) error { + return wrapPermissionErr(resource.ErrInvalidListElement{ + Name: "exclude_permission_rules", + Index: e, + Wrapped: err, + }) + } + if (len(excl.PathExact) > 0 && len(excl.PathPrefix) > 0) || + (len(excl.PathRegex) > 0 && len(excl.PathExact) > 0) || + (len(excl.PathRegex) > 0 && len(excl.PathPrefix) > 0) { + err = multierror.Append(err, wrapExclPermRuleErr(resource.ErrInvalidListElement{ + Name: "exclude_permission_rule", + Wrapped: errInvalidPrefixValues, + })) + } + } + } + } + } + } + + return err +} diff --git a/internal/auth/internal/types/traffic_permissions_test.go b/internal/auth/internal/types/traffic_permissions_test.go new file mode 100644 index 0000000000..09138a78f8 --- /dev/null +++ b/internal/auth/internal/types/traffic_permissions_test.go @@ -0,0 +1,262 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "testing" + + "github.com/stretchr/testify/require" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/types/known/anypb" + + "github.com/hashicorp/consul/internal/resource" + pbauth "github.com/hashicorp/consul/proto-public/pbauth/v1alpha1" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +func createTrafficPermissionsResource(t *testing.T, data protoreflect.ProtoMessage) *pbresource.Resource { + res := &pbresource.Resource{ + Id: &pbresource.ID{ + Type: TrafficPermissionsType, + Tenancy: &pbresource.Tenancy{ + Partition: "default", + Namespace: "default", + PeerName: "local", + }, + Name: "test-traffic-permissions", + }, + } + + var err error + res.Data, err = anypb.New(data) + require.NoError(t, err) + return res +} + +func TestTrafficPermissions_OkMinimal(t *testing.T) { + data := &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{IdentityName: "wi-1"}, + Action: pbauth.Action_ACTION_ALLOW, + } + + res := createTrafficPermissionsResource(t, data) + + err := ValidateTrafficPermissions(res) + require.NoError(t, err) +} + +func TestTrafficPermissions_OkFull(t *testing.T) { + data := &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "w1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{ + { + Sources: nil, + DestinationRules: []*pbauth.DestinationRule{ + { + PathPrefix: "foo", + Exclude: []*pbauth.ExcludePermissionRule{ + { + PathExact: "baz", + }, + }, + }, + { + PathPrefix: "bar", + }, + }, + }, + { + Sources: []*pbauth.Source{ + { + IdentityName: "wi-3", + Peer: "p1", + }, + }, + }, + }, + } + + res := createTrafficPermissionsResource(t, data) + + err := ValidateTrafficPermissions(res) + require.NoError(t, err) +} + +func TestValidateTrafficPermissions_ParseError(t *testing.T) { + // Any type other than the TrafficPermissions type would work + // to cause the error we are expecting + data := &pbauth.ComputedTrafficPermissions{AllowPermissions: nil} + + res := createTrafficPermissionsResource(t, data) + + err := ValidateTrafficPermissions(res) + require.Error(t, err) + require.ErrorAs(t, err, &resource.ErrDataParse{}) +} + +func TestValidateTrafficPermissions_UnsupportedAction(t *testing.T) { + data := &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "wi1", + }, + Action: pbauth.Action_ACTION_UNSPECIFIED, + Permissions: nil, + } + + res := createTrafficPermissionsResource(t, data) + + err := ValidateTrafficPermissions(res) + require.Error(t, err) + expected := resource.ErrInvalidField{ + Name: "data.action", + Wrapped: errInvalidAction, + } + var actual resource.ErrInvalidField + require.ErrorAs(t, err, &actual) + require.Equal(t, expected, actual) +} + +func TestValidateTrafficPermissions_DestinationRulePathPrefixRegex(t *testing.T) { + data := &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "w1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{ + { + Sources: nil, + DestinationRules: []*pbauth.DestinationRule{ + { + PathExact: "wi2", + PathPrefix: "wi", + PathRegex: "wi.*", + }, + }, + }, + }, + } + + res := createTrafficPermissionsResource(t, data) + + err := ValidateTrafficPermissions(res) + require.Error(t, err) + expected := resource.ErrInvalidListElement{ + Name: "destination_rule", + Wrapped: errInvalidPrefixValues, + } + var actual resource.ErrInvalidListElement + require.ErrorAs(t, err, &actual) + require.Equal(t, "permissions", actual.Name) + err = actual.Unwrap() + require.ErrorAs(t, err, &actual) + require.ErrorIs(t, expected, actual.Unwrap()) +} + +func TestValidateTrafficPermissions_NoDestination(t *testing.T) { + data := &pbauth.TrafficPermissions{ + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{ + { + Sources: nil, + DestinationRules: []*pbauth.DestinationRule{ + { + PathExact: "wi2", + }, + }, + }, + }, + } + + res := createTrafficPermissionsResource(t, data) + + err := ValidateTrafficPermissions(res) + require.Error(t, err) + expected := resource.ErrInvalidField{ + Name: "data.destination", + Wrapped: resource.ErrEmpty, + } + var actual resource.ErrInvalidField + require.ErrorAs(t, err, &actual) + require.Equal(t, "data.destination", actual.Name) + require.Equal(t, expected, actual) +} + +func TestValidateTrafficPermissions_SourceTenancy(t *testing.T) { + data := &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "w1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{ + { + Sources: []*pbauth.Source{ + { + Partition: "ap1", + Peer: "cl1", + SamenessGroup: "sg1", + }, + }, + DestinationRules: nil, + }, + }, + } + + res := createTrafficPermissionsResource(t, data) + + err := ValidateTrafficPermissions(res) + require.Error(t, err) + expected := resource.ErrInvalidListElement{ + Name: "source", + Wrapped: errSourcesTenancy, + } + var actual resource.ErrInvalidListElement + require.ErrorAs(t, err, &actual) + require.Equal(t, "permissions", actual.Name) + err = actual.Unwrap() + require.ErrorAs(t, err, &actual) + require.ErrorIs(t, expected, actual.Unwrap()) +} + +func TestValidateTrafficPermissions_ExcludeSourceTenancy(t *testing.T) { + data := &pbauth.TrafficPermissions{ + Destination: &pbauth.Destination{ + IdentityName: "w1", + }, + Action: pbauth.Action_ACTION_ALLOW, + Permissions: []*pbauth.Permission{ + { + Sources: []*pbauth.Source{ + { + Namespace: "ns1", + Exclude: []*pbauth.ExcludeSource{ + { + Partition: "ap1", + Peer: "cl1", + SamenessGroup: "sg1", + }, + }, + }, + }, + }, + }, + } + + res := createTrafficPermissionsResource(t, data) + + err := ValidateTrafficPermissions(res) + require.Error(t, err) + expected := resource.ErrInvalidListElement{ + Name: "exclude_source", + Wrapped: errSourcesTenancy, + } + var actual resource.ErrInvalidListElement + require.ErrorAs(t, err, &actual) + require.Equal(t, "permissions", actual.Name) + err = actual.Unwrap() + require.ErrorAs(t, err, &actual) + require.ErrorIs(t, expected, actual.Unwrap()) +} diff --git a/internal/auth/internal/types/types.go b/internal/auth/internal/types/types.go new file mode 100644 index 0000000000..c40812a125 --- /dev/null +++ b/internal/auth/internal/types/types.go @@ -0,0 +1,20 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "github.com/hashicorp/consul/internal/resource" +) + +const ( + GroupName = "auth" + VersionV1Alpha1 = "v1alpha1" + CurrentVersion = VersionV1Alpha1 +) + +func Register(r resource.Registry) { + RegisterWorkloadIdentity(r) + RegisterTrafficPermissions(r) + RegisterComputedTrafficPermission(r) +} diff --git a/internal/auth/internal/types/workload_identity.go b/internal/auth/internal/types/workload_identity.go new file mode 100644 index 0000000000..9b036d5c39 --- /dev/null +++ b/internal/auth/internal/types/workload_identity.go @@ -0,0 +1,33 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "github.com/hashicorp/consul/internal/resource" + pbauth "github.com/hashicorp/consul/proto-public/pbauth/v1alpha1" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +const ( + WorkloadIdentityKind = "WorkloadIdentity" +) + +var ( + WorkloadIdentityV1Alpha1Type = &pbresource.Type{ + Group: GroupName, + GroupVersion: VersionV1Alpha1, + Kind: WorkloadIdentityKind, + } + + WorkloadIdentityType = WorkloadIdentityV1Alpha1Type +) + +func RegisterWorkloadIdentity(r resource.Registry) { + r.Register(resource.Registration{ + Type: WorkloadIdentityV1Alpha1Type, + Proto: &pbauth.WorkloadIdentity{}, + Scope: resource.ScopeNamespace, + Validate: nil, + }) +} diff --git a/proto-public/pbauth/v1alpha1/computed_traffic_permissions.pb.binary.go b/proto-public/pbauth/v1alpha1/computed_traffic_permissions.pb.binary.go new file mode 100644 index 0000000000..30e21ec220 --- /dev/null +++ b/proto-public/pbauth/v1alpha1/computed_traffic_permissions.pb.binary.go @@ -0,0 +1,18 @@ +// Code generated by protoc-gen-go-binary. DO NOT EDIT. +// source: pbauth/v1alpha1/computed_traffic_permissions.proto + +package authv1alpha1 + +import ( + "google.golang.org/protobuf/proto" +) + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ComputedTrafficPermissions) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ComputedTrafficPermissions) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto-public/pbauth/v1alpha1/computed_traffic_permissions.pb.go b/proto-public/pbauth/v1alpha1/computed_traffic_permissions.pb.go new file mode 100644 index 0000000000..9d816be90e --- /dev/null +++ b/proto-public/pbauth/v1alpha1/computed_traffic_permissions.pb.go @@ -0,0 +1,188 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.30.0 +// protoc (unknown) +// source: pbauth/v1alpha1/computed_traffic_permissions.proto + +package authv1alpha1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type ComputedTrafficPermissions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + AllowPermissions []*Permission `protobuf:"bytes,1,rep,name=allow_permissions,json=allowPermissions,proto3" json:"allow_permissions,omitempty"` + DenyPermissions []*Permission `protobuf:"bytes,2,rep,name=deny_permissions,json=denyPermissions,proto3" json:"deny_permissions,omitempty"` +} + +func (x *ComputedTrafficPermissions) Reset() { + *x = ComputedTrafficPermissions{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_computed_traffic_permissions_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ComputedTrafficPermissions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ComputedTrafficPermissions) ProtoMessage() {} + +func (x *ComputedTrafficPermissions) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_computed_traffic_permissions_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ComputedTrafficPermissions.ProtoReflect.Descriptor instead. +func (*ComputedTrafficPermissions) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDescGZIP(), []int{0} +} + +func (x *ComputedTrafficPermissions) GetAllowPermissions() []*Permission { + if x != nil { + return x.AllowPermissions + } + return nil +} + +func (x *ComputedTrafficPermissions) GetDenyPermissions() []*Permission { + if x != nil { + return x.DenyPermissions + } + return nil +} + +var File_pbauth_v1alpha1_computed_traffic_permissions_proto protoreflect.FileDescriptor + +var file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDesc = []byte{ + 0x0a, 0x32, 0x70, 0x62, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2f, 0x63, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x5f, 0x74, 0x72, 0x61, 0x66, 0x66, + 0x69, 0x63, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x1a, 0x29, 0x70, 0x62, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x65, + 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0xcc, 0x01, 0x0a, 0x1a, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x54, 0x72, 0x61, 0x66, + 0x66, 0x69, 0x63, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x57, + 0x0a, 0x11, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, + 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, + 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, + 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x50, 0x65, 0x72, 0x6d, + 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x55, 0x0a, 0x10, 0x64, 0x65, 0x6e, 0x79, 0x5f, + 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0f, 0x64, + 0x65, 0x6e, 0x79, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x42, 0xa7, + 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x1f, 0x43, 0x6f, 0x6d, 0x70, 0x75, 0x74, 0x65, 0x64, 0x54, + 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, + 0x73, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, + 0x69, 0x63, 0x2f, 0x70, 0x62, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x3b, 0x61, 0x75, 0x74, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, + 0x02, 0x03, 0x48, 0x43, 0x41, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, + 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x2e, 0x56, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x5c, 0x56, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x5c, + 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x41, 0x75, 0x74, 0x68, 0x3a, 0x3a, + 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDescOnce sync.Once + file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDescData = file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDesc +) + +func file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDescGZIP() []byte { + file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDescOnce.Do(func() { + file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDescData) + }) + return file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDescData +} + +var file_pbauth_v1alpha1_computed_traffic_permissions_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_pbauth_v1alpha1_computed_traffic_permissions_proto_goTypes = []interface{}{ + (*ComputedTrafficPermissions)(nil), // 0: hashicorp.consul.auth.v1alpha1.ComputedTrafficPermissions + (*Permission)(nil), // 1: hashicorp.consul.auth.v1alpha1.Permission +} +var file_pbauth_v1alpha1_computed_traffic_permissions_proto_depIdxs = []int32{ + 1, // 0: hashicorp.consul.auth.v1alpha1.ComputedTrafficPermissions.allow_permissions:type_name -> hashicorp.consul.auth.v1alpha1.Permission + 1, // 1: hashicorp.consul.auth.v1alpha1.ComputedTrafficPermissions.deny_permissions:type_name -> hashicorp.consul.auth.v1alpha1.Permission + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_pbauth_v1alpha1_computed_traffic_permissions_proto_init() } +func file_pbauth_v1alpha1_computed_traffic_permissions_proto_init() { + if File_pbauth_v1alpha1_computed_traffic_permissions_proto != nil { + return + } + file_pbauth_v1alpha1_traffic_permissions_proto_init() + if !protoimpl.UnsafeEnabled { + file_pbauth_v1alpha1_computed_traffic_permissions_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ComputedTrafficPermissions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_pbauth_v1alpha1_computed_traffic_permissions_proto_goTypes, + DependencyIndexes: file_pbauth_v1alpha1_computed_traffic_permissions_proto_depIdxs, + MessageInfos: file_pbauth_v1alpha1_computed_traffic_permissions_proto_msgTypes, + }.Build() + File_pbauth_v1alpha1_computed_traffic_permissions_proto = out.File + file_pbauth_v1alpha1_computed_traffic_permissions_proto_rawDesc = nil + file_pbauth_v1alpha1_computed_traffic_permissions_proto_goTypes = nil + file_pbauth_v1alpha1_computed_traffic_permissions_proto_depIdxs = nil +} diff --git a/proto-public/pbauth/v1alpha1/computed_traffic_permissions.proto b/proto-public/pbauth/v1alpha1/computed_traffic_permissions.proto new file mode 100644 index 0000000000..fb43f553fe --- /dev/null +++ b/proto-public/pbauth/v1alpha1/computed_traffic_permissions.proto @@ -0,0 +1,10 @@ +syntax = "proto3"; + +package hashicorp.consul.auth.v1alpha1; + +import "pbauth/v1alpha1/traffic_permissions.proto"; + +message ComputedTrafficPermissions { + repeated Permission allow_permissions = 1; + repeated Permission deny_permissions = 2; +} diff --git a/proto-public/pbauth/v1alpha1/traffic_permissions.pb.binary.go b/proto-public/pbauth/v1alpha1/traffic_permissions.pb.binary.go new file mode 100644 index 0000000000..4ae5d3d17c --- /dev/null +++ b/proto-public/pbauth/v1alpha1/traffic_permissions.pb.binary.go @@ -0,0 +1,108 @@ +// Code generated by protoc-gen-go-binary. DO NOT EDIT. +// source: pbauth/v1alpha1/traffic_permissions.proto + +package authv1alpha1 + +import ( + "google.golang.org/protobuf/proto" +) + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *TrafficPermissions) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *TrafficPermissions) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *NamespaceTrafficPermissions) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *NamespaceTrafficPermissions) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *PartitionTrafficPermissions) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *PartitionTrafficPermissions) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *Destination) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *Destination) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *Permission) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *Permission) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *Source) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *Source) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ExcludeSource) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ExcludeSource) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *DestinationRule) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *DestinationRule) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *ExcludePermissionRule) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *ExcludePermissionRule) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *DestinationRuleHeader) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *DestinationRuleHeader) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto-public/pbauth/v1alpha1/traffic_permissions.pb.go b/proto-public/pbauth/v1alpha1/traffic_permissions.pb.go new file mode 100644 index 0000000000..1966c4a1c8 --- /dev/null +++ b/proto-public/pbauth/v1alpha1/traffic_permissions.pb.go @@ -0,0 +1,1191 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.30.0 +// protoc (unknown) +// source: pbauth/v1alpha1/traffic_permissions.proto + +package authv1alpha1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Action int32 + +const ( + Action_ACTION_UNSPECIFIED Action = 0 + Action_ACTION_DENY Action = 1 + Action_ACTION_ALLOW Action = 2 +) + +// Enum value maps for Action. +var ( + Action_name = map[int32]string{ + 0: "ACTION_UNSPECIFIED", + 1: "ACTION_DENY", + 2: "ACTION_ALLOW", + } + Action_value = map[string]int32{ + "ACTION_UNSPECIFIED": 0, + "ACTION_DENY": 1, + "ACTION_ALLOW": 2, + } +) + +func (x Action) Enum() *Action { + p := new(Action) + *p = x + return p +} + +func (x Action) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (Action) Descriptor() protoreflect.EnumDescriptor { + return file_pbauth_v1alpha1_traffic_permissions_proto_enumTypes[0].Descriptor() +} + +func (Action) Type() protoreflect.EnumType { + return &file_pbauth_v1alpha1_traffic_permissions_proto_enumTypes[0] +} + +func (x Action) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use Action.Descriptor instead. +func (Action) EnumDescriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP(), []int{0} +} + +type TrafficPermissions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // destination is a configuration of the destination proxies + // where these traffic permissions should apply. + Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` + // Action can be either allow or deny for the entire object. It will default to allow. + // + // If action is allow, + // we will allow the connection if one of the rules in Rules matches, in other words, we will deny + // all requests except for the ones that match Rules. If Consul is in default allow mode, then allow + // actions have no effect without a deny permission as everything is allowed by default. + // + // If action is deny, + // we will deny the connection if one of the rules in Rules match, in other words, + // we will allow all requests except for the ones that match Rules. If Consul is default deny mode, + // then deny permissions have no effect without an allow permission as everything is denied by default. + // + // Action unspecified is reserved for compatibility with the addition of future actions. + Action Action `protobuf:"varint,2,opt,name=action,proto3,enum=hashicorp.consul.auth.v1alpha1.Action" json:"action,omitempty"` + // permissions is a list of permissions to match on. + // They are applied using OR semantics. + Permissions []*Permission `protobuf:"bytes,3,rep,name=permissions,proto3" json:"permissions,omitempty"` +} + +func (x *TrafficPermissions) Reset() { + *x = TrafficPermissions{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TrafficPermissions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TrafficPermissions) ProtoMessage() {} + +func (x *TrafficPermissions) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TrafficPermissions.ProtoReflect.Descriptor instead. +func (*TrafficPermissions) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP(), []int{0} +} + +func (x *TrafficPermissions) GetDestination() *Destination { + if x != nil { + return x.Destination + } + return nil +} + +func (x *TrafficPermissions) GetAction() Action { + if x != nil { + return x.Action + } + return Action_ACTION_UNSPECIFIED +} + +func (x *TrafficPermissions) GetPermissions() []*Permission { + if x != nil { + return x.Permissions + } + return nil +} + +type NamespaceTrafficPermissions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Action Action `protobuf:"varint,1,opt,name=action,proto3,enum=hashicorp.consul.auth.v1alpha1.Action" json:"action,omitempty"` + Permissions []*Permission `protobuf:"bytes,2,rep,name=permissions,proto3" json:"permissions,omitempty"` +} + +func (x *NamespaceTrafficPermissions) Reset() { + *x = NamespaceTrafficPermissions{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *NamespaceTrafficPermissions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*NamespaceTrafficPermissions) ProtoMessage() {} + +func (x *NamespaceTrafficPermissions) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use NamespaceTrafficPermissions.ProtoReflect.Descriptor instead. +func (*NamespaceTrafficPermissions) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP(), []int{1} +} + +func (x *NamespaceTrafficPermissions) GetAction() Action { + if x != nil { + return x.Action + } + return Action_ACTION_UNSPECIFIED +} + +func (x *NamespaceTrafficPermissions) GetPermissions() []*Permission { + if x != nil { + return x.Permissions + } + return nil +} + +type PartitionTrafficPermissions struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Action Action `protobuf:"varint,1,opt,name=action,proto3,enum=hashicorp.consul.auth.v1alpha1.Action" json:"action,omitempty"` + Permissions []*Permission `protobuf:"bytes,2,rep,name=permissions,proto3" json:"permissions,omitempty"` +} + +func (x *PartitionTrafficPermissions) Reset() { + *x = PartitionTrafficPermissions{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *PartitionTrafficPermissions) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PartitionTrafficPermissions) ProtoMessage() {} + +func (x *PartitionTrafficPermissions) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PartitionTrafficPermissions.ProtoReflect.Descriptor instead. +func (*PartitionTrafficPermissions) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP(), []int{2} +} + +func (x *PartitionTrafficPermissions) GetAction() Action { + if x != nil { + return x.Action + } + return Action_ACTION_UNSPECIFIED +} + +func (x *PartitionTrafficPermissions) GetPermissions() []*Permission { + if x != nil { + return x.Permissions + } + return nil +} + +// Destination contains the name or name-prefix of the WorkloadIdentity. +// The WorkloadIdentity resource must +// be in the same tenancy as the TrafficPermissions resource. +type Destination struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + IdentityName string `protobuf:"bytes,1,opt,name=identity_name,json=identityName,proto3" json:"identity_name,omitempty"` + IdentityPrefix string `protobuf:"bytes,2,opt,name=identity_prefix,json=identityPrefix,proto3" json:"identity_prefix,omitempty"` +} + +func (x *Destination) Reset() { + *x = Destination{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Destination) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Destination) ProtoMessage() {} + +func (x *Destination) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Destination.ProtoReflect.Descriptor instead. +func (*Destination) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP(), []int{3} +} + +func (x *Destination) GetIdentityName() string { + if x != nil { + return x.IdentityName + } + return "" +} + +func (x *Destination) GetIdentityPrefix() string { + if x != nil { + return x.IdentityPrefix + } + return "" +} + +// permissions is a list of permissions to match on. +type Permission struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // sources is a list of sources in this traffic permission. + Sources []*Source `protobuf:"bytes,1,rep,name=sources,proto3" json:"sources,omitempty"` + // destination_rules is a list of rules to apply for matching sources in this Permission. + // These rules are specific to the request or connection that is going to the destination(s) + // selected by the TrafficPermissions resource. + DestinationRules []*DestinationRule `protobuf:"bytes,2,rep,name=destination_rules,json=destinationRules,proto3" json:"destination_rules,omitempty"` +} + +func (x *Permission) Reset() { + *x = Permission{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Permission) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Permission) ProtoMessage() {} + +func (x *Permission) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Permission.ProtoReflect.Descriptor instead. +func (*Permission) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP(), []int{4} +} + +func (x *Permission) GetSources() []*Source { + if x != nil { + return x.Sources + } + return nil +} + +func (x *Permission) GetDestinationRules() []*DestinationRule { + if x != nil { + return x.DestinationRules + } + return nil +} + +// Source represents the source identity. +// To specify any of the wildcard sources, the specific fields need to be omitted. +// For example, for a wildcard namespace, identity_name should be omitted. +type Source struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + IdentityName string `protobuf:"bytes,1,opt,name=identity_name,json=identityName,proto3" json:"identity_name,omitempty"` + Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` + Partition string `protobuf:"bytes,3,opt,name=partition,proto3" json:"partition,omitempty"` + Peer string `protobuf:"bytes,4,opt,name=peer,proto3" json:"peer,omitempty"` + SamenessGroup string `protobuf:"bytes,5,opt,name=sameness_group,json=samenessGroup,proto3" json:"sameness_group,omitempty"` + // exclude is a list of sources to exclude from this source. + Exclude []*ExcludeSource `protobuf:"bytes,6,rep,name=exclude,proto3" json:"exclude,omitempty"` +} + +func (x *Source) Reset() { + *x = Source{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Source) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Source) ProtoMessage() {} + +func (x *Source) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[5] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Source.ProtoReflect.Descriptor instead. +func (*Source) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP(), []int{5} +} + +func (x *Source) GetIdentityName() string { + if x != nil { + return x.IdentityName + } + return "" +} + +func (x *Source) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *Source) GetPartition() string { + if x != nil { + return x.Partition + } + return "" +} + +func (x *Source) GetPeer() string { + if x != nil { + return x.Peer + } + return "" +} + +func (x *Source) GetSamenessGroup() string { + if x != nil { + return x.SamenessGroup + } + return "" +} + +func (x *Source) GetExclude() []*ExcludeSource { + if x != nil { + return x.Exclude + } + return nil +} + +// ExcludeSource is almost the same as source but it prevents the addition of +// matchiing sources. +type ExcludeSource struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + IdentityName string `protobuf:"bytes,1,opt,name=identity_name,json=identityName,proto3" json:"identity_name,omitempty"` + Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` + Partition string `protobuf:"bytes,3,opt,name=partition,proto3" json:"partition,omitempty"` + Peer string `protobuf:"bytes,4,opt,name=peer,proto3" json:"peer,omitempty"` + SamenessGroup string `protobuf:"bytes,5,opt,name=sameness_group,json=samenessGroup,proto3" json:"sameness_group,omitempty"` +} + +func (x *ExcludeSource) Reset() { + *x = ExcludeSource{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExcludeSource) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExcludeSource) ProtoMessage() {} + +func (x *ExcludeSource) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[6] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExcludeSource.ProtoReflect.Descriptor instead. +func (*ExcludeSource) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP(), []int{6} +} + +func (x *ExcludeSource) GetIdentityName() string { + if x != nil { + return x.IdentityName + } + return "" +} + +func (x *ExcludeSource) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *ExcludeSource) GetPartition() string { + if x != nil { + return x.Partition + } + return "" +} + +func (x *ExcludeSource) GetPeer() string { + if x != nil { + return x.Peer + } + return "" +} + +func (x *ExcludeSource) GetSamenessGroup() string { + if x != nil { + return x.SamenessGroup + } + return "" +} + +// DestinationRule contains rules rules to apply to the incoming connection. +type DestinationRule struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + PathExact string `protobuf:"bytes,1,opt,name=path_exact,json=pathExact,proto3" json:"path_exact,omitempty"` + PathPrefix string `protobuf:"bytes,2,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"` + PathRegex string `protobuf:"bytes,3,opt,name=path_regex,json=pathRegex,proto3" json:"path_regex,omitempty"` + // methods is the list of HTTP methods. If no methods are specified, + // this rule will apply to all methods. + Methods []string `protobuf:"bytes,4,rep,name=methods,proto3" json:"methods,omitempty"` + Header *DestinationRuleHeader `protobuf:"bytes,5,opt,name=header,proto3" json:"header,omitempty"` + PortNames []string `protobuf:"bytes,6,rep,name=port_names,json=portNames,proto3" json:"port_names,omitempty"` + // exclude contains a list of rules to exclude when evaluating rules for the incoming connection. + Exclude []*ExcludePermissionRule `protobuf:"bytes,7,rep,name=exclude,proto3" json:"exclude,omitempty"` +} + +func (x *DestinationRule) Reset() { + *x = DestinationRule{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DestinationRule) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DestinationRule) ProtoMessage() {} + +func (x *DestinationRule) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[7] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DestinationRule.ProtoReflect.Descriptor instead. +func (*DestinationRule) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP(), []int{7} +} + +func (x *DestinationRule) GetPathExact() string { + if x != nil { + return x.PathExact + } + return "" +} + +func (x *DestinationRule) GetPathPrefix() string { + if x != nil { + return x.PathPrefix + } + return "" +} + +func (x *DestinationRule) GetPathRegex() string { + if x != nil { + return x.PathRegex + } + return "" +} + +func (x *DestinationRule) GetMethods() []string { + if x != nil { + return x.Methods + } + return nil +} + +func (x *DestinationRule) GetHeader() *DestinationRuleHeader { + if x != nil { + return x.Header + } + return nil +} + +func (x *DestinationRule) GetPortNames() []string { + if x != nil { + return x.PortNames + } + return nil +} + +func (x *DestinationRule) GetExclude() []*ExcludePermissionRule { + if x != nil { + return x.Exclude + } + return nil +} + +type ExcludePermissionRule struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + PathExact string `protobuf:"bytes,1,opt,name=path_exact,json=pathExact,proto3" json:"path_exact,omitempty"` + PathPrefix string `protobuf:"bytes,2,opt,name=path_prefix,json=pathPrefix,proto3" json:"path_prefix,omitempty"` + PathRegex string `protobuf:"bytes,3,opt,name=path_regex,json=pathRegex,proto3" json:"path_regex,omitempty"` + // methods is the list of HTTP methods. + Methods []string `protobuf:"bytes,4,rep,name=methods,proto3" json:"methods,omitempty"` + Header *DestinationRuleHeader `protobuf:"bytes,5,opt,name=header,proto3" json:"header,omitempty"` + // port_names is a list of workload ports to apply this rule to. The ports specified here + // must be the ports used in the connection. + PortNames []string `protobuf:"bytes,6,rep,name=port_names,json=portNames,proto3" json:"port_names,omitempty"` +} + +func (x *ExcludePermissionRule) Reset() { + *x = ExcludePermissionRule{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ExcludePermissionRule) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ExcludePermissionRule) ProtoMessage() {} + +func (x *ExcludePermissionRule) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ExcludePermissionRule.ProtoReflect.Descriptor instead. +func (*ExcludePermissionRule) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP(), []int{8} +} + +func (x *ExcludePermissionRule) GetPathExact() string { + if x != nil { + return x.PathExact + } + return "" +} + +func (x *ExcludePermissionRule) GetPathPrefix() string { + if x != nil { + return x.PathPrefix + } + return "" +} + +func (x *ExcludePermissionRule) GetPathRegex() string { + if x != nil { + return x.PathRegex + } + return "" +} + +func (x *ExcludePermissionRule) GetMethods() []string { + if x != nil { + return x.Methods + } + return nil +} + +func (x *ExcludePermissionRule) GetHeader() *DestinationRuleHeader { + if x != nil { + return x.Header + } + return nil +} + +func (x *ExcludePermissionRule) GetPortNames() []string { + if x != nil { + return x.PortNames + } + return nil +} + +type DestinationRuleHeader struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + Present bool `protobuf:"varint,2,opt,name=present,proto3" json:"present,omitempty"` + Exact string `protobuf:"bytes,3,opt,name=exact,proto3" json:"exact,omitempty"` + Prefix string `protobuf:"bytes,4,opt,name=prefix,proto3" json:"prefix,omitempty"` + Suffix string `protobuf:"bytes,5,opt,name=suffix,proto3" json:"suffix,omitempty"` + Regex string `protobuf:"bytes,6,opt,name=regex,proto3" json:"regex,omitempty"` + Invert bool `protobuf:"varint,7,opt,name=invert,proto3" json:"invert,omitempty"` +} + +func (x *DestinationRuleHeader) Reset() { + *x = DestinationRuleHeader{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DestinationRuleHeader) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DestinationRuleHeader) ProtoMessage() {} + +func (x *DestinationRuleHeader) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DestinationRuleHeader.ProtoReflect.Descriptor instead. +func (*DestinationRuleHeader) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP(), []int{9} +} + +func (x *DestinationRuleHeader) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *DestinationRuleHeader) GetPresent() bool { + if x != nil { + return x.Present + } + return false +} + +func (x *DestinationRuleHeader) GetExact() string { + if x != nil { + return x.Exact + } + return "" +} + +func (x *DestinationRuleHeader) GetPrefix() string { + if x != nil { + return x.Prefix + } + return "" +} + +func (x *DestinationRuleHeader) GetSuffix() string { + if x != nil { + return x.Suffix + } + return "" +} + +func (x *DestinationRuleHeader) GetRegex() string { + if x != nil { + return x.Regex + } + return "" +} + +func (x *DestinationRuleHeader) GetInvert() bool { + if x != nil { + return x.Invert + } + return false +} + +var File_pbauth_v1alpha1_traffic_permissions_proto protoreflect.FileDescriptor + +var file_pbauth_v1alpha1_traffic_permissions_proto_rawDesc = []byte{ + 0x0a, 0x29, 0x70, 0x62, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2f, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, + 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, + 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0xf1, 0x01, 0x0a, 0x12, + 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, + 0x6e, 0x73, 0x12, 0x4d, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x3e, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0e, 0x32, 0x26, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x4c, 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, + 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, + 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, + 0x6f, 0x6e, 0x52, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, + 0xab, 0x01, 0x0a, 0x1b, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x72, 0x61, + 0x66, 0x66, 0x69, 0x63, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, + 0x3e, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x26, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x4c, 0x0a, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, + 0x52, 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0xab, 0x01, + 0x0a, 0x1b, 0x50, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x72, 0x61, 0x66, 0x66, + 0x69, 0x63, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3e, 0x0a, + 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x41, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, + 0x0b, 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x2a, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2e, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0b, + 0x70, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x22, 0x5b, 0x0a, 0x0b, 0x44, + 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x64, + 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0c, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, + 0x27, 0x0a, 0x0f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x70, 0x72, 0x65, 0x66, + 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x74, 0x79, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x22, 0xac, 0x01, 0x0a, 0x0a, 0x50, 0x65, 0x72, + 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x40, 0x0a, 0x07, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x52, 0x07, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x5c, 0x0a, 0x11, 0x64, 0x65, 0x73, + 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x22, 0xed, 0x01, 0x0a, 0x06, 0x53, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x74, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x65, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x70, 0x65, 0x65, 0x72, 0x12, 0x25, 0x0a, 0x0e, 0x73, 0x61, 0x6d, 0x65, 0x6e, + 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0d, 0x73, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x47, + 0x0a, 0x07, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x2d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x2e, 0x45, 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x07, + 0x65, 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x22, 0xab, 0x01, 0x0a, 0x0d, 0x45, 0x78, 0x63, 0x6c, + 0x75, 0x64, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0c, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x1c, + 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x1c, 0x0a, 0x09, + 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x70, 0x61, 0x72, 0x74, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x65, + 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x65, 0x65, 0x72, 0x12, 0x25, + 0x0a, 0x0e, 0x73, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x73, 0x61, 0x6d, 0x65, 0x6e, 0x65, 0x73, 0x73, + 0x47, 0x72, 0x6f, 0x75, 0x70, 0x22, 0xc9, 0x02, 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x74, + 0x68, 0x5f, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, + 0x61, 0x74, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x61, 0x74, 0x68, + 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, + 0x61, 0x74, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x61, 0x74, + 0x68, 0x5f, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, + 0x61, 0x74, 0x68, 0x52, 0x65, 0x67, 0x65, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x74, 0x68, + 0x6f, 0x64, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x74, 0x68, 0x6f, + 0x64, 0x73, 0x12, 0x4d, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x75, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, + 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x70, 0x6f, 0x72, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, + 0x12, 0x4f, 0x0a, 0x07, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x18, 0x07, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x45, 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, + 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x75, 0x6c, 0x65, 0x52, 0x07, 0x65, 0x78, 0x63, 0x6c, 0x75, 0x64, + 0x65, 0x22, 0xfe, 0x01, 0x0a, 0x15, 0x45, 0x78, 0x63, 0x6c, 0x75, 0x64, 0x65, 0x50, 0x65, 0x72, + 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x70, + 0x61, 0x74, 0x68, 0x5f, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x70, 0x61, 0x74, 0x68, 0x45, 0x78, 0x61, 0x63, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x61, + 0x74, 0x68, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x70, 0x61, 0x74, 0x68, 0x50, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x1d, 0x0a, 0x0a, 0x70, + 0x61, 0x74, 0x68, 0x5f, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x70, 0x61, 0x74, 0x68, 0x52, 0x65, 0x67, 0x65, 0x78, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, + 0x74, 0x68, 0x6f, 0x64, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x74, + 0x68, 0x6f, 0x64, 0x73, 0x12, 0x4d, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x75, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x06, 0x68, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x12, 0x1d, 0x0a, 0x0a, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, + 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x09, 0x70, 0x6f, 0x72, 0x74, 0x4e, 0x61, 0x6d, + 0x65, 0x73, 0x22, 0xb9, 0x01, 0x0a, 0x15, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x75, 0x6c, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x12, 0x18, 0x0a, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x08, 0x52, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x78, + 0x61, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, + 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x75, 0x66, 0x66, + 0x69, 0x78, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, + 0x12, 0x14, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x12, 0x16, 0x0a, 0x06, 0x69, 0x6e, 0x76, 0x65, 0x72, 0x74, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x69, 0x6e, 0x76, 0x65, 0x72, 0x74, 0x2a, 0x43, + 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x12, 0x41, 0x43, 0x54, 0x49, + 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, + 0x12, 0x0f, 0x0a, 0x0b, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x44, 0x45, 0x4e, 0x59, 0x10, + 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x41, 0x43, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x41, 0x4c, 0x4c, 0x4f, + 0x57, 0x10, 0x02, 0x42, 0x9f, 0x02, 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, + 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x42, 0x17, 0x54, 0x72, 0x61, 0x66, + 0x66, 0x69, 0x63, 0x50, 0x65, 0x72, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, + 0x70, 0x62, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, + 0x61, 0x75, 0x74, 0x68, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, + 0x43, 0x41, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x41, 0x75, 0x74, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, + 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x41, 0x75, 0x74, 0x68, 0x5c, 0x56, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, + 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, + 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x41, 0x75, 0x74, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_pbauth_v1alpha1_traffic_permissions_proto_rawDescOnce sync.Once + file_pbauth_v1alpha1_traffic_permissions_proto_rawDescData = file_pbauth_v1alpha1_traffic_permissions_proto_rawDesc +) + +func file_pbauth_v1alpha1_traffic_permissions_proto_rawDescGZIP() []byte { + file_pbauth_v1alpha1_traffic_permissions_proto_rawDescOnce.Do(func() { + file_pbauth_v1alpha1_traffic_permissions_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbauth_v1alpha1_traffic_permissions_proto_rawDescData) + }) + return file_pbauth_v1alpha1_traffic_permissions_proto_rawDescData +} + +var file_pbauth_v1alpha1_traffic_permissions_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes = make([]protoimpl.MessageInfo, 10) +var file_pbauth_v1alpha1_traffic_permissions_proto_goTypes = []interface{}{ + (Action)(0), // 0: hashicorp.consul.auth.v1alpha1.Action + (*TrafficPermissions)(nil), // 1: hashicorp.consul.auth.v1alpha1.TrafficPermissions + (*NamespaceTrafficPermissions)(nil), // 2: hashicorp.consul.auth.v1alpha1.NamespaceTrafficPermissions + (*PartitionTrafficPermissions)(nil), // 3: hashicorp.consul.auth.v1alpha1.PartitionTrafficPermissions + (*Destination)(nil), // 4: hashicorp.consul.auth.v1alpha1.Destination + (*Permission)(nil), // 5: hashicorp.consul.auth.v1alpha1.Permission + (*Source)(nil), // 6: hashicorp.consul.auth.v1alpha1.Source + (*ExcludeSource)(nil), // 7: hashicorp.consul.auth.v1alpha1.ExcludeSource + (*DestinationRule)(nil), // 8: hashicorp.consul.auth.v1alpha1.DestinationRule + (*ExcludePermissionRule)(nil), // 9: hashicorp.consul.auth.v1alpha1.ExcludePermissionRule + (*DestinationRuleHeader)(nil), // 10: hashicorp.consul.auth.v1alpha1.DestinationRuleHeader +} +var file_pbauth_v1alpha1_traffic_permissions_proto_depIdxs = []int32{ + 4, // 0: hashicorp.consul.auth.v1alpha1.TrafficPermissions.destination:type_name -> hashicorp.consul.auth.v1alpha1.Destination + 0, // 1: hashicorp.consul.auth.v1alpha1.TrafficPermissions.action:type_name -> hashicorp.consul.auth.v1alpha1.Action + 5, // 2: hashicorp.consul.auth.v1alpha1.TrafficPermissions.permissions:type_name -> hashicorp.consul.auth.v1alpha1.Permission + 0, // 3: hashicorp.consul.auth.v1alpha1.NamespaceTrafficPermissions.action:type_name -> hashicorp.consul.auth.v1alpha1.Action + 5, // 4: hashicorp.consul.auth.v1alpha1.NamespaceTrafficPermissions.permissions:type_name -> hashicorp.consul.auth.v1alpha1.Permission + 0, // 5: hashicorp.consul.auth.v1alpha1.PartitionTrafficPermissions.action:type_name -> hashicorp.consul.auth.v1alpha1.Action + 5, // 6: hashicorp.consul.auth.v1alpha1.PartitionTrafficPermissions.permissions:type_name -> hashicorp.consul.auth.v1alpha1.Permission + 6, // 7: hashicorp.consul.auth.v1alpha1.Permission.sources:type_name -> hashicorp.consul.auth.v1alpha1.Source + 8, // 8: hashicorp.consul.auth.v1alpha1.Permission.destination_rules:type_name -> hashicorp.consul.auth.v1alpha1.DestinationRule + 7, // 9: hashicorp.consul.auth.v1alpha1.Source.exclude:type_name -> hashicorp.consul.auth.v1alpha1.ExcludeSource + 10, // 10: hashicorp.consul.auth.v1alpha1.DestinationRule.header:type_name -> hashicorp.consul.auth.v1alpha1.DestinationRuleHeader + 9, // 11: hashicorp.consul.auth.v1alpha1.DestinationRule.exclude:type_name -> hashicorp.consul.auth.v1alpha1.ExcludePermissionRule + 10, // 12: hashicorp.consul.auth.v1alpha1.ExcludePermissionRule.header:type_name -> hashicorp.consul.auth.v1alpha1.DestinationRuleHeader + 13, // [13:13] is the sub-list for method output_type + 13, // [13:13] is the sub-list for method input_type + 13, // [13:13] is the sub-list for extension type_name + 13, // [13:13] is the sub-list for extension extendee + 0, // [0:13] is the sub-list for field type_name +} + +func init() { file_pbauth_v1alpha1_traffic_permissions_proto_init() } +func file_pbauth_v1alpha1_traffic_permissions_proto_init() { + if File_pbauth_v1alpha1_traffic_permissions_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TrafficPermissions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*NamespaceTrafficPermissions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*PartitionTrafficPermissions); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Destination); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Permission); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Source); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ExcludeSource); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DestinationRule); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*ExcludePermissionRule); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DestinationRuleHeader); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pbauth_v1alpha1_traffic_permissions_proto_rawDesc, + NumEnums: 1, + NumMessages: 10, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_pbauth_v1alpha1_traffic_permissions_proto_goTypes, + DependencyIndexes: file_pbauth_v1alpha1_traffic_permissions_proto_depIdxs, + EnumInfos: file_pbauth_v1alpha1_traffic_permissions_proto_enumTypes, + MessageInfos: file_pbauth_v1alpha1_traffic_permissions_proto_msgTypes, + }.Build() + File_pbauth_v1alpha1_traffic_permissions_proto = out.File + file_pbauth_v1alpha1_traffic_permissions_proto_rawDesc = nil + file_pbauth_v1alpha1_traffic_permissions_proto_goTypes = nil + file_pbauth_v1alpha1_traffic_permissions_proto_depIdxs = nil +} diff --git a/proto-public/pbauth/v1alpha1/traffic_permissions.proto b/proto-public/pbauth/v1alpha1/traffic_permissions.proto new file mode 100644 index 0000000000..5567a70a6b --- /dev/null +++ b/proto-public/pbauth/v1alpha1/traffic_permissions.proto @@ -0,0 +1,124 @@ +syntax = "proto3"; + +package hashicorp.consul.auth.v1alpha1; + +message TrafficPermissions { + // destination is a configuration of the destination proxies + // where these traffic permissions should apply. + Destination destination = 1; + + // Action can be either allow or deny for the entire object. It will default to allow. + // + // If action is allow, + // we will allow the connection if one of the rules in Rules matches, in other words, we will deny + // all requests except for the ones that match Rules. If Consul is in default allow mode, then allow + // actions have no effect without a deny permission as everything is allowed by default. + // + // If action is deny, + // we will deny the connection if one of the rules in Rules match, in other words, + // we will allow all requests except for the ones that match Rules. If Consul is default deny mode, + // then deny permissions have no effect without an allow permission as everything is denied by default. + // + // Action unspecified is reserved for compatibility with the addition of future actions. + Action action = 2; + + // permissions is a list of permissions to match on. + // They are applied using OR semantics. + repeated Permission permissions = 3; +} + +message NamespaceTrafficPermissions { + Action action = 1; + repeated Permission permissions = 2; +} + +message PartitionTrafficPermissions { + Action action = 1; + repeated Permission permissions = 2; +} + +// Destination contains the name or name-prefix of the WorkloadIdentity. +// The WorkloadIdentity resource must +// be in the same tenancy as the TrafficPermissions resource. +message Destination { + string identity_name = 1; + string identity_prefix = 2; +} + +enum Action { + ACTION_UNSPECIFIED = 0; + ACTION_DENY = 1; + ACTION_ALLOW = 2; +} + +// permissions is a list of permissions to match on. +message Permission { + // sources is a list of sources in this traffic permission. + repeated Source sources = 1; + // destination_rules is a list of rules to apply for matching sources in this Permission. + // These rules are specific to the request or connection that is going to the destination(s) + // selected by the TrafficPermissions resource. + repeated DestinationRule destination_rules = 2; +} + +// Source represents the source identity. +// To specify any of the wildcard sources, the specific fields need to be omitted. +// For example, for a wildcard namespace, identity_name should be omitted. +message Source { + string identity_name = 1; + string namespace = 2; + string partition = 3; + string peer = 4; + string sameness_group = 5; + + // exclude is a list of sources to exclude from this source. + repeated ExcludeSource exclude = 6; +} + +// ExcludeSource is almost the same as source but it prevents the addition of +// matchiing sources. +message ExcludeSource { + string identity_name = 1; + string namespace = 2; + string partition = 3; + string peer = 4; + string sameness_group = 5; +} + +// DestinationRule contains rules rules to apply to the incoming connection. +message DestinationRule { + string path_exact = 1; + string path_prefix = 2; + string path_regex = 3; + // methods is the list of HTTP methods. If no methods are specified, + // this rule will apply to all methods. + repeated string methods = 4; + DestinationRuleHeader header = 5; + repeated string port_names = 6; + // exclude contains a list of rules to exclude when evaluating rules for the incoming connection. + repeated ExcludePermissionRule exclude = 7; +} + +message ExcludePermissionRule { + string path_exact = 1; + string path_prefix = 2; + string path_regex = 3; + // methods is the list of HTTP methods. + repeated string methods = 4; + + DestinationRuleHeader header = 5; + + // port_names is a list of workload ports to apply this rule to. The ports specified here + // must be the ports used in the connection. + repeated string port_names = 6; +} + +message DestinationRuleHeader { + string name = 1; + bool present = 2; + string exact = 3; + string prefix = 4; + string suffix = 5; + string regex = 6; + bool invert = 7; +} diff --git a/proto-public/pbauth/v1alpha1/workload_identity.pb.binary.go b/proto-public/pbauth/v1alpha1/workload_identity.pb.binary.go new file mode 100644 index 0000000000..1e17c55b0d --- /dev/null +++ b/proto-public/pbauth/v1alpha1/workload_identity.pb.binary.go @@ -0,0 +1,18 @@ +// Code generated by protoc-gen-go-binary. DO NOT EDIT. +// source: pbauth/v1alpha1/workload_identity.proto + +package authv1alpha1 + +import ( + "google.golang.org/protobuf/proto" +) + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *WorkloadIdentity) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *WorkloadIdentity) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto-public/pbauth/v1alpha1/workload_identity.pb.go b/proto-public/pbauth/v1alpha1/workload_identity.pb.go new file mode 100644 index 0000000000..854ef97cc5 --- /dev/null +++ b/proto-public/pbauth/v1alpha1/workload_identity.pb.go @@ -0,0 +1,152 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.30.0 +// protoc (unknown) +// source: pbauth/v1alpha1/workload_identity.proto + +package authv1alpha1 + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type WorkloadIdentity struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *WorkloadIdentity) Reset() { + *x = WorkloadIdentity{} + if protoimpl.UnsafeEnabled { + mi := &file_pbauth_v1alpha1_workload_identity_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *WorkloadIdentity) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WorkloadIdentity) ProtoMessage() {} + +func (x *WorkloadIdentity) ProtoReflect() protoreflect.Message { + mi := &file_pbauth_v1alpha1_workload_identity_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WorkloadIdentity.ProtoReflect.Descriptor instead. +func (*WorkloadIdentity) Descriptor() ([]byte, []int) { + return file_pbauth_v1alpha1_workload_identity_proto_rawDescGZIP(), []int{0} +} + +var File_pbauth_v1alpha1_workload_identity_proto protoreflect.FileDescriptor + +var file_pbauth_v1alpha1_workload_identity_proto_rawDesc = []byte{ + 0x0a, 0x27, 0x70, 0x62, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x22, 0x12, 0x0a, 0x10, 0x57, 0x6f, 0x72, + 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x42, 0x9d, 0x02, + 0x0a, 0x22, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x42, 0x15, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x49, 0x64, + 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x45, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x3b, 0x61, 0x75, 0x74, 0x68, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x41, 0xaa, 0x02, 0x1e, 0x48, 0x61, 0x73, + 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x41, 0x75, + 0x74, 0x68, 0x2e, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xca, 0x02, 0x1e, 0x48, 0x61, + 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x41, + 0x75, 0x74, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0xe2, 0x02, 0x2a, 0x48, + 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, + 0x41, 0x75, 0x74, 0x68, 0x5c, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x5c, 0x47, 0x50, + 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x21, 0x48, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x41, + 0x75, 0x74, 0x68, 0x3a, 0x3a, 0x56, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_pbauth_v1alpha1_workload_identity_proto_rawDescOnce sync.Once + file_pbauth_v1alpha1_workload_identity_proto_rawDescData = file_pbauth_v1alpha1_workload_identity_proto_rawDesc +) + +func file_pbauth_v1alpha1_workload_identity_proto_rawDescGZIP() []byte { + file_pbauth_v1alpha1_workload_identity_proto_rawDescOnce.Do(func() { + file_pbauth_v1alpha1_workload_identity_proto_rawDescData = protoimpl.X.CompressGZIP(file_pbauth_v1alpha1_workload_identity_proto_rawDescData) + }) + return file_pbauth_v1alpha1_workload_identity_proto_rawDescData +} + +var file_pbauth_v1alpha1_workload_identity_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_pbauth_v1alpha1_workload_identity_proto_goTypes = []interface{}{ + (*WorkloadIdentity)(nil), // 0: hashicorp.consul.auth.v1alpha1.WorkloadIdentity +} +var file_pbauth_v1alpha1_workload_identity_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_pbauth_v1alpha1_workload_identity_proto_init() } +func file_pbauth_v1alpha1_workload_identity_proto_init() { + if File_pbauth_v1alpha1_workload_identity_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_pbauth_v1alpha1_workload_identity_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*WorkloadIdentity); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_pbauth_v1alpha1_workload_identity_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_pbauth_v1alpha1_workload_identity_proto_goTypes, + DependencyIndexes: file_pbauth_v1alpha1_workload_identity_proto_depIdxs, + MessageInfos: file_pbauth_v1alpha1_workload_identity_proto_msgTypes, + }.Build() + File_pbauth_v1alpha1_workload_identity_proto = out.File + file_pbauth_v1alpha1_workload_identity_proto_rawDesc = nil + file_pbauth_v1alpha1_workload_identity_proto_goTypes = nil + file_pbauth_v1alpha1_workload_identity_proto_depIdxs = nil +} diff --git a/proto-public/pbauth/v1alpha1/workload_identity.proto b/proto-public/pbauth/v1alpha1/workload_identity.proto new file mode 100644 index 0000000000..7568706931 --- /dev/null +++ b/proto-public/pbauth/v1alpha1/workload_identity.proto @@ -0,0 +1,5 @@ +syntax = "proto3"; + +package hashicorp.consul.auth.v1alpha1; + +message WorkloadIdentity {}