// Copyright (c) HashiCorp, Inc. // SPDX-License-Identifier: MPL-2.0 syntax = "proto3"; package hashicorp.consul.mesh.v1alpha1; import "pbmesh/v1alpha1/pbproxystate/access_logs.proto"; import "pbmesh/v1alpha1/pbproxystate/cluster.proto"; import "pbmesh/v1alpha1/pbproxystate/endpoints.proto"; import "pbmesh/v1alpha1/pbproxystate/escape_hatches.proto"; import "pbmesh/v1alpha1/pbproxystate/listener.proto"; import "pbmesh/v1alpha1/pbproxystate/references.proto"; import "pbmesh/v1alpha1/pbproxystate/route.proto"; import "pbmesh/v1alpha1/pbproxystate/transport_socket.proto"; import "pbresource/resource.proto"; message ProxyStateTemplate { // proxy_state is the partially filled out ProxyState resource. The Endpoints, LeafCertificates and TrustBundles fields will need filling in after the resource is stored. ProxyState proxy_state = 1; // required_endpoints is a map of arbitrary string names to endpoint refs that need fetching by the proxy state controller. map required_endpoints = 2; // required_leaf_certificates is a map of arbitrary string names to leaf certificates that need fetching/generation by the proxy state controller. map required_leaf_certificates = 3; // required_trust_bundles is a map of arbitrary string names to trust bundle refs that need fetching by the proxy state controller. map required_trust_bundles = 4; } message ProxyState { // id is this proxy's identity. This should correspond to the workload identity that this proxy of // the workload this proxy represents. hashicorp.consul.resource.Reference identity = 1; // listeners is a list of listeners for this proxy. repeated pbproxystate.Listener listeners = 2; // clusters is a map from cluster name to clusters. The keys are referenced from listeners or routes. map clusters = 3; // routes is a map from route name to routes. The keys are referenced from listeners. map routes = 4; // endpoints is a map from cluster name to endpoints. map endpoints = 5; // leaf certificates is a map from UUID to leaf certificates. map leaf_certificates = 6; // trust bundles is a map from peer name to trust bundles. map trust_bundles = 7; // tls has TLS configuration for this proxy. pbproxystate.TLS tls = 8; // intention_default_allow is the default action for intentions. This determines how the Envoy RBAC filters are generated. bool intention_default_allow = 9; // escape defines top level escape hatches. These are user configured json strings that configure an entire piece of listener or cluster Envoy configuration. pbproxystate.EscapeHatches escape = 10; // access_logs configures access logging for this proxy. pbproxystate.AccessLogs access_logs = 11; }