mirror of
https://github.com/status-im/consul.git
synced 2025-01-15 00:04:47 +00:00
12be06f8e5
Add support for TCP traffic permissions
56 lines
2.9 KiB
Protocol Buffer
56 lines
2.9 KiB
Protocol Buffer
// Copyright (c) HashiCorp, Inc.
|
|
// SPDX-License-Identifier: MPL-2.0
|
|
|
|
syntax = "proto3";
|
|
|
|
package hashicorp.consul.mesh.v1alpha1;
|
|
|
|
import "pbmesh/v1alpha1/pbproxystate/access_logs.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/cluster.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/endpoints.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/escape_hatches.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/listener.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/references.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/route.proto";
|
|
import "pbmesh/v1alpha1/pbproxystate/transport_socket.proto";
|
|
import "pbresource/resource.proto";
|
|
|
|
message ProxyStateTemplate {
|
|
// proxy_state is the partially filled out ProxyState resource. The Endpoints, LeafCertificates and TrustBundles fields will need filling in after the resource is stored.
|
|
ProxyState proxy_state = 1;
|
|
|
|
// required_endpoints is a map of arbitrary string names to endpoint refs that need fetching by the proxy state controller.
|
|
map<string, pbproxystate.EndpointRef> required_endpoints = 2;
|
|
|
|
// required_leaf_certificates is a map of arbitrary string names to leaf certificates that need fetching/generation by the proxy state controller.
|
|
map<string, pbproxystate.LeafCertificateRef> required_leaf_certificates = 3;
|
|
|
|
// required_trust_bundles is a map of arbitrary string names to trust bundle refs that need fetching by the proxy state controller.
|
|
map<string, pbproxystate.TrustBundleRef> required_trust_bundles = 4;
|
|
}
|
|
|
|
message ProxyState {
|
|
// identity is a reference to the identity of the workload this proxy is for.
|
|
hashicorp.consul.resource.Reference identity = 1;
|
|
// listeners is a list of listeners for this proxy.
|
|
repeated pbproxystate.Listener listeners = 2;
|
|
// clusters is a map from cluster name to clusters. The keys are referenced from listeners or routes.
|
|
map<string, pbproxystate.Cluster> clusters = 3;
|
|
// routes is a map from route name to routes. The keys are referenced from listeners.
|
|
map<string, pbproxystate.Route> routes = 4;
|
|
// endpoints is a map from cluster name to endpoints.
|
|
map<string, pbproxystate.Endpoints> endpoints = 5;
|
|
// leaf certificates is a map from UUID to leaf certificates.
|
|
map<string, pbproxystate.LeafCertificate> leaf_certificates = 6;
|
|
// trust bundles is a map from peer name to trust bundles.
|
|
map<string, pbproxystate.TrustBundle> trust_bundles = 7;
|
|
// tls has TLS configuration for this proxy.
|
|
pbproxystate.TLS tls = 8;
|
|
// traffic_permission_default_allow is the default action for traffic permissions. This determines how the Envoy RBAC filters are generated.
|
|
bool traffic_permission_default_allow = 9;
|
|
// escape defines top level escape hatches. These are user configured json strings that configure an entire piece of listener or cluster Envoy configuration.
|
|
pbproxystate.EscapeHatches escape = 10;
|
|
// access_logs configures access logging for this proxy.
|
|
pbproxystate.AccessLogs access_logs = 11;
|
|
}
|