mirror of
https://github.com/status-im/consul.git
synced 2025-01-10 13:55:55 +00:00
a33001f4d4
Also, change the ProxyState.id to identity. This is because we already have the id of this proxy from the resource, and this id should be name-aligned with the workload it represents. It should also have the owner ref set to the workload ID if we need that. And so the id field seems unnecessary. We do, however, need a reference to workload identity so that we can authorize the proxy when it initially connects to the xDS server.
57 lines
2.9 KiB
Protocol Buffer
57 lines
2.9 KiB
Protocol Buffer
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
syntax = "proto3";
|
|
|
|
package hashicorp.consul.mesh.v1alpha1;
|
|
|
|
import "pbmesh/v1alpha1/pbproxystate/access_logs.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/cluster.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/endpoints.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/escape_hatches.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/listener.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/references.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/route.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/transport_socket.proto";
|
|
import "pbresource/resource.proto";
|
|
|
|
message ProxyStateTemplate {
|
|
// proxy_state is the partially filled out ProxyState resource. The Endpoints, LeafCertificates and TrustBundles fields will need filling in after the resource is stored.
|
|
ProxyState proxy_state = 1;
|
|
|
|
// required_endpoints is a map of arbitrary string names to endpoint refs that need fetching by the proxy state controller.
|
|
map<string, pbproxystate.EndpointRef> required_endpoints = 2;
|
|
|
|
// required_leaf_certificates is a map of arbitrary string names to leaf certificates that need fetching/generation by the proxy state controller.
|
|
map<string, pbproxystate.LeafCertificateRef> required_leaf_certificates = 3;
|
|
|
|
// required_trust_bundles is a map of arbitrary string names to trust bundle refs that need fetching by the proxy state controller.
|
|
map<string, pbproxystate.TrustBundleRef> required_trust_bundles = 4;
|
|
}
|
|
|
|
message ProxyState {
|
|
// id is this proxy's identity. This should correspond to the workload identity that this proxy of
|
|
// the workload this proxy represents.
|
|
hashicorp.consul.resource.Reference identity = 1;
|
|
// listeners is a list of listeners for this proxy.
|
|
repeated pbproxystate.Listener listeners = 2;
|
|
// clusters is a map from cluster name to clusters. The keys are referenced from listeners or routes.
|
|
map<string, pbproxystate.Cluster> clusters = 3;
|
|
// routes is a map from route name to routes. The keys are referenced from listeners.
|
|
map<string, pbproxystate.Route> routes = 4;
|
|
// endpoints is a map from cluster name to endpoints.
|
|
map<string, pbproxystate.Endpoints> endpoints = 5;
|
|
// leaf certificates is a map from UUID to leaf certificates.
|
|
map<string, pbproxystate.LeafCertificate> leaf_certificates = 6;
|
|
// trust bundles is a map from peer name to trust bundles.
|
|
map<string, pbproxystate.TrustBundle> trust_bundles = 7;
|
|
// tls has TLS configuration for this proxy.
|
|
pbproxystate.TLS tls = 8;
|
|
// intention_default_allow is the default action for intentions. This determines how the Envoy RBAC filters are generated.
|
|
bool intention_default_allow = 9;
|
|
// escape defines top level escape hatches. These are user configured json strings that configure an entire piece of listener or cluster Envoy configuration.
|
|
pbproxystate.EscapeHatches escape = 10;
|
|
// access_logs configures access logging for this proxy.
|
|
pbproxystate.AccessLogs access_logs = 11;
|
|
}
|