istio
/
api
mirror of https://github.com/istio/api.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add subject_alt_names field in ServiceEntry (#785) 

* Add service_accounts field in ServiceEntry

* Ran make proto-commit

* Added example with format

* Rename to subject_alt_names

* Move example out of the message definition

* Added a period

* Remove hide_from_docs
This commit is contained in:
Andra Cismaru 2019-02-05 13:26:00 -08:00 committed by Wencheng Lu
parent e3015e7a46
commit 3094619c84
7 changed files with 228 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
networking/v1alpha3/destination_rule.pb.go generated
View File

@ -1228,6 +1228,8 @@ type TLSSettings struct {
// A list of alternate names to verify the subject identity in the
// certificate. If specified, the proxy will verify that the server
// certificate's subject alt name matches one of the specified values.
// If specified, this list overrides the value of subject_alt_names
// from the ServiceEntry.
SubjectAltNames []string `protobuf:"bytes,5,rep,name=subject_alt_names,json=subjectAltNames" json:"subject_alt_names,omitempty"`
// SNI string to present to the server during TLS handshake.
Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"`

2
networking/v1alpha3/destination_rule.proto
View File

@ -577,6 +577,8 @@ message TLSSettings {
// A list of alternate names to verify the subject identity in the
// certificate. If specified, the proxy will verify that the server
// certificate's subject alt name matches one of the specified values.
// If specified, this list overrides the value of subject_alt_names
// from the ServiceEntry.
repeated string subject_alt_names = 5;
// SNI string to present to the server during TLS handshake.

42
networking/v1alpha3/istio.networking.v1alpha3.pb.html generated
View File

@ -3386,6 +3386,32 @@ spec:
specified above. In other words, a call to <code>http://foo.bar.com/baz</code> would
be translated to <code>http://uk.foo.bar.com/baz</code>.</p>
<p>The following example illustrates the usage of a ServiceEntry
containing a subject alternate name
whose format conforms to the SPIFEE standard
<a href="https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md">https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md</a>:</p>
<pre><code class="language-yaml">apiVersion: networking.istio.io/v1alpha3
kind: ServiceEntry
metadata:
name: httpbin
namespace : httpbin-ns
spec:
hosts:
- httpbin.com
location: MESH_INTERNAL
ports:
- number: 80
name: http
protocol: HTTP
resolution: STATIC
endpoints:
- address: 2.2.2.2
- address: 3.3.3.3
subjectAltNames:
- &quot;spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account&quot;
</code></pre>
<table class="message-fields">
<thead>
<tr>
@ -3465,6 +3491,18 @@ said port will be allowed (i.e. 0.0.0.0:<port>).</p>
<td>
<p>One or more endpoints associated with the service.</p>
</td>
</tr>
<tr id="ServiceEntry-subject_alt_names">
<td><code>subjectAltNames</code></td>
<td><code>string[]</code></td>
<td>
<p>The list of subject alternate names allowed for workloads that
implement this service. This information is used to enforce
secure-naming <a href="https://istio.io/docs/concepts/security/#secure-naming">https://istio.io/docs/concepts/security/#secure-naming</a>.
If specified, the proxy will verify that the server
certificate&rsquo;s subject alternate name matches one of the specified values.</p>
</td>
</tr>
</tbody>
@ -4193,7 +4231,9 @@ Should be empty if mode is <code>ISTIO_MUTUAL</code>.</p>
<td>
<p>A list of alternate names to verify the subject identity in the
certificate. If specified, the proxy will verify that the server
certificate&rsquo;s subject alt name matches one of the specified values.</p>
certificate&rsquo;s subject alt name matches one of the specified values.
If specified, this list overrides the value of subject<em>alt</em>names
from the ServiceEntry.</p>
</td>
</tr>

157
networking/v1alpha3/service_entry.pb.go generated
View File

@ -378,6 +378,33 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) {
// specified above. In other words, a call to `http://foo.bar.com/baz` would
// be translated to `http://uk.foo.bar.com/baz`.
//
// The following example illustrates the usage of a ServiceEntry
// containing a subject alternate name
// whose format conforms to the SPIFEE standard
// <https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md>:
//
// ```yaml
// apiVersion: networking.istio.io/v1alpha3
// kind: ServiceEntry
// metadata:
// name: httpbin
// namespace : httpbin-ns
// spec:
// hosts:
// - httpbin.com
// location: MESH_INTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// resolution: STATIC
// endpoints:
// - address: 2.2.2.2
// - address: 3.3.3.3
// subjectAltNames:
// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account"
// ```
//
type ServiceEntry struct {
// REQUIRED. The hosts associated with the ServiceEntry. Could be a DNS
// name with wildcard prefix (external services only). DNS names in hosts
@ -433,6 +460,12 @@ type ServiceEntry struct {
// the annotation "networking.istio.io/export_to" to a comma-separated list
// of namespace names.
ExportTo []string `protobuf:"bytes,7,rep,name=export_to,json=exportTo" json:"export_to,omitempty"`
// The list of subject alternate names allowed for workloads that
// implement this service. This information is used to enforce
// secure-naming <https://istio.io/docs/concepts/security/#secure-naming>.
// If specified, the proxy will verify that the server
// certificate's subject alternate name matches one of the specified values.
SubjectAltNames []string `protobuf:"bytes,8,rep,name=subject_alt_names,json=subjectAltNames" json:"subject_alt_names,omitempty"`
}
func (m *ServiceEntry) Reset() { *m = ServiceEntry{} }
@ -489,6 +522,13 @@ func (m *ServiceEntry) GetExportTo() []string {
return nil
}
func (m *ServiceEntry) GetSubjectAltNames() []string {
if m != nil {
return m.SubjectAltNames
}
return nil
}
// Endpoint defines a network address (IP or hostname) associated with
// the mesh service.
type ServiceEntry_Endpoint struct {
@ -684,6 +724,21 @@ func (m *ServiceEntry) MarshalTo(dAtA []byte) (int, error) {
i += copy(dAtA[i:], s)
}
}
if len(m.SubjectAltNames) > 0 {
for _, s := range m.SubjectAltNames {
dAtA[i] = 0x42
i++
l = len(s)
for l >= 1<<7 {
dAtA[i] = uint8(uint64(l)&0x7f | 0x80)
l >>= 7
i++
}
dAtA[i] = uint8(l)
i++
i += copy(dAtA[i:], s)
}
}
return i, nil
}
@ -809,6 +864,12 @@ func (m *ServiceEntry) Size() (n int) {
n += 1 + l + sovServiceEntry(uint64(l))
}
}
if len(m.SubjectAltNames) > 0 {
for _, s := range m.SubjectAltNames {
l = len(s)
n += 1 + l + sovServiceEntry(uint64(l))
}
}
return n
}
@ -1078,6 +1139,35 @@ func (m *ServiceEntry) Unmarshal(dAtA []byte) error {
}
m.ExportTo = append(m.ExportTo, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 8:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field SubjectAltNames", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowServiceEntry
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthServiceEntry
}
postIndex := iNdEx + intStringLen
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.SubjectAltNames = append(m.SubjectAltNames, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipServiceEntry(dAtA[iNdEx:])
@ -1588,37 +1678,38 @@ var (
func init() { proto.RegisterFile("networking/v1alpha3/service_entry.proto", fileDescriptorServiceEntry) }
var fileDescriptorServiceEntry = []byte{
// 497 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x93, 0xdf, 0x6e, 0xd3, 0x30,
0x14, 0xc6, 0xe7, 0x66, 0x4b, 0x93, 0x33, 0x86, 0x82, 0x85, 0x90, 0x09, 0xa8, 0x84, 0xde, 0x10,
0x09, 0x29, 0x1d, 0x9d, 0x90, 0xc6, 0x9f, 0x9b, 0x01, 0x91, 0x98, 0x54, 0x02, 0xb8, 0xb9, 0x40,
0xdc, 0x54, 0xd9, 0x6a, 0xb5, 0xd6, 0xa2, 0x38, 0x8a, 0xbd, 0x96, 0xbe, 0x05, 0x8f, 0xc5, 0x25,
0x8f, 0x80, 0xfa, 0x18, 0x5c, 0xa1, 0x38, 0x49, 0xd3, 0x8b, 0x01, 0xdb, 0x5d, 0xce, 0x89, 0xbf,
0x9f, 0x3e, 0x9f, 0xef, 0x18, 0x9e, 0x64, 0x4c, 0x2d, 0x45, 0x71, 0xc1, 0xb3, 0xd9, 0x60, 0xf1,
0x2c, 0x49, 0xf3, 0x79, 0x72, 0x34, 0x90, 0xac, 0x58, 0xf0, 0x73, 0x36, 0x61, 0x99, 0x2a, 0x56,
0x41, 0x5e, 0x08, 0x25, 0xf0, 0x7d, 0x2e, 0x15, 0x17, 0x41, 0x7b, 0x3c, 0x68, 0x8e, 0xbb, 0x8f,
0xaf, 0x62, 0xcc, 0x12, 0xc5, 0x96, 0x49, 0xad, 0xee, 0xff, 0x36, 0xe1, 0xd6, 0xb8, 0xa2, 0x86,
0x25, 0x14, 0xdf, 0x85, 0xbd, 0xb9, 0x90, 0x4a, 0x12, 0xe4, 0x19, 0xbe, 0x4d, 0xab, 0x02, 0x3f,
0x04, 0x3b, 0x99, 0x4e, 0x0b, 0x26, 0x25, 0x93, 0xa4, 0xa3, 0xff, 0xb4, 0x0d, 0xfc, 0x1c, 0xf6,
0x72, 0x51, 0x28, 0x49, 0x0c, 0xcf, 0xf0, 0xf7, 0x87, 0x8f, 0x82, 0xbf, 0x5a, 0x0a, 0x3e, 0x89,
0x42, 0xd1, 0xea, 0x34, 0x1e, 0x81, 0x95, 0x8a, 0xf3, 0x44, 0x71, 0x91, 0x91, 0x5d, 0x0f, 0xf9,
0xb7, 0x87, 0x87, 0xff, 0x50, 0x6e, 0xbb, 0x0c, 0x46, 0xb5, 0x8e, 0x6e, 0x08, 0x98, 0x02, 0x14,
0x4c, 0x8a, 0xf4, 0x52, 0xf3, 0xf6, 0x34, 0x6f, 0x78, 0x5d, 0x1e, 0xdd, 0x28, 0xe9, 0x16, 0x05,
0x47, 0x60, 0xb3, 0x6c, 0x9a, 0x0b, 0x9e, 0x29, 0x49, 0x4c, 0x7d, 0xb9, 0x6b, 0x5b, 0x0c, 0x6b,
0x21, 0x6d, 0x11, 0xf8, 0x01, 0xd8, 0xec, 0x5b, 0x79, 0xf9, 0x89, 0x12, 0xa4, 0xab, 0xc7, 0x68,
0x55, 0x8d, 0x58, 0xb8, 0xdf, 0x0d, 0xb0, 0x1a, 0x11, 0x26, 0xd0, 0xad, 0xe7, 0x4b, 0x90, 0x87,
0x7c, 0x9b, 0x36, 0x25, 0xfe, 0xdc, 0x0c, 0xbb, 0xa3, 0xfd, 0xbc, 0xba, 0xa9, 0x1f, 0x1d, 0x81,
0xd4, 0xbd, 0x26, 0x88, 0x18, 0xcc, 0x34, 0x39, 0x63, 0x69, 0x13, 0xe0, 0xeb, 0x1b, 0x33, 0x47,
0x5a, 0x5e, 0x41, 0x6b, 0x56, 0x79, 0x85, 0x1a, 0xa0, 0xd3, 0xb5, 0x69, 0x53, 0x62, 0xb7, 0x0a,
0x3e, 0xe5, 0x6a, 0xa5, 0x83, 0xb2, 0xe9, 0xa6, 0xc6, 0xf7, 0xc0, 0x5c, 0x32, 0x3e, 0x9b, 0x2b,
0x62, 0x7a, 0xc8, 0x3f, 0xa0, 0x75, 0xe5, 0x1e, 0x03, 0xb4, 0xc6, 0xb1, 0x03, 0xc6, 0x05, 0x5b,
0xd5, 0xa3, 0x29, 0x3f, 0xcb, 0xbd, 0x5d, 0x24, 0xe9, 0x25, 0x23, 0x1d, 0x2d, 0xab, 0x8a, 0x97,
0x9d, 0x63, 0xe4, 0xbe, 0x80, 0xfd, 0x2d, 0x7b, 0xff, 0x93, 0xda, 0x5b, 0xd2, 0xfe, 0x21, 0x58,
0xcd, 0xa6, 0xe1, 0x3b, 0x70, 0xf0, 0x21, 0x1c, 0xbf, 0x9f, 0x84, 0x5f, 0xe2, 0x90, 0x46, 0x27,
0x23, 0x67, 0x67, 0xd3, 0x3a, 0x8d, 0xea, 0x16, 0xea, 0x3f, 0x05, 0x68, 0x77, 0x09, 0x5b, 0xb0,
0x1b, 0x7d, 0x8c, 0x42, 0x67, 0x07, 0x03, 0x98, 0xe3, 0xf8, 0x24, 0x3e, 0x7d, 0xeb, 0x20, 0xdc,
0x05, 0xe3, 0x5d, 0x34, 0x76, 0x3a, 0x6f, 0x82, 0x1f, 0xeb, 0x1e, 0xfa, 0xb9, 0xee, 0xa1, 0x5f,
0xeb, 0x1e, 0xfa, 0xea, 0x55, 0x43, 0xe7, 0x62, 0x90, 0xe4, 0x7c, 0x70, 0xc5, 0xd3, 0x3d, 0x33,
0xf5, 0x9b, 0x3d, 0xfa, 0x13, 0x00, 0x00, 0xff, 0xff, 0xbf, 0xab, 0x5c, 0x44, 0x1c, 0x04, 0x00,
0x00,
// 527 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x93, 0xdf, 0x8e, 0xd2, 0x40,
0x14, 0xc6, 0x77, 0xe8, 0x52, 0xda, 0xb3, 0xae, 0xb2, 0x13, 0x63, 0x46, 0x34, 0x58, 0xb9, 0x91,
0x68, 0x52, 0x56, 0x36, 0x26, 0xeb, 0x9f, 0x1b, 0xd4, 0x26, 0x6e, 0x82, 0x55, 0x07, 0x2e, 0x8c,
0x37, 0x64, 0x80, 0x09, 0xd4, 0xad, 0x1d, 0xd2, 0x19, 0x40, 0xde, 0xc2, 0xa7, 0xf0, 0x59, 0xbc,
0xf4, 0x11, 0x0c, 0x4f, 0x62, 0x3a, 0x9d, 0x02, 0x17, 0xab, 0xbb, 0x7b, 0xd7, 0x73, 0xe6, 0x7c,
0xbf, 0x7e, 0x73, 0xce, 0x19, 0x78, 0x94, 0x70, 0xb5, 0x14, 0xe9, 0x79, 0x94, 0x4c, 0x5a, 0x8b,
0xa7, 0x2c, 0x9e, 0x4d, 0xd9, 0x49, 0x4b, 0xf2, 0x74, 0x11, 0x8d, 0xf8, 0x80, 0x27, 0x2a, 0x5d,
0xf9, 0xb3, 0x54, 0x28, 0x81, 0xef, 0x46, 0x52, 0x45, 0xc2, 0xdf, 0x96, 0xfb, 0x45, 0x79, 0xed,
0xe1, 0x45, 0x8c, 0x09, 0x53, 0x7c, 0xc9, 0x8c, 0xba, 0xf1, 0xb3, 0x02, 0x37, 0x7a, 0x39, 0x35,
0xc8, 0xa0, 0xf8, 0x36, 0x94, 0xa7, 0x42, 0x2a, 0x49, 0x90, 0x67, 0x35, 0x5d, 0x9a, 0x07, 0xf8,
0x3e, 0xb8, 0x6c, 0x3c, 0x4e, 0xb9, 0x94, 0x5c, 0x92, 0x92, 0x3e, 0xd9, 0x26, 0xf0, 0x33, 0x28,
0xcf, 0x44, 0xaa, 0x24, 0xb1, 0x3c, 0xab, 0x79, 0xd0, 0x7e, 0xe0, 0xff, 0xd3, 0x92, 0xff, 0x51,
0xa4, 0x8a, 0xe6, 0xd5, 0xb8, 0x0b, 0x4e, 0x2c, 0x46, 0x4c, 0x45, 0x22, 0x21, 0xfb, 0x1e, 0x6a,
0xde, 0x6c, 0x1f, 0xff, 0x47, 0xb9, 0xeb, 0xd2, 0xef, 0x1a, 0x1d, 0xdd, 0x10, 0x30, 0x05, 0x48,
0xb9, 0x14, 0xf1, 0x5c, 0xf3, 0xca, 0x9a, 0xd7, 0xbe, 0x2a, 0x8f, 0x6e, 0x94, 0x74, 0x87, 0x82,
0x43, 0x70, 0x79, 0x32, 0x9e, 0x89, 0x28, 0x51, 0x92, 0xd8, 0xfa, 0x72, 0x57, 0xb6, 0x18, 0x18,
0x21, 0xdd, 0x22, 0xf0, 0x3d, 0x70, 0xf9, 0xf7, 0xec, 0xf2, 0x03, 0x25, 0x48, 0x45, 0xb7, 0xd1,
0xc9, 0x13, 0x7d, 0x81, 0x1f, 0xc3, 0x91, 0x9c, 0x0f, 0xbf, 0xf2, 0x91, 0x1a, 0xb0, 0x58, 0x0d,
0x12, 0xf6, 0x8d, 0x4b, 0xe2, 0xe8, 0xa2, 0x5b, 0xe6, 0xa0, 0x13, 0xab, 0x30, 0x4b, 0xd7, 0x7e,
0x58, 0xe0, 0x14, 0x3f, 0xc0, 0x04, 0x2a, 0x66, 0x16, 0x04, 0x79, 0xa8, 0xe9, 0xd2, 0x22, 0xc4,
0x9f, 0x8a, 0xc1, 0x94, 0xb4, 0xf7, 0x97, 0xd7, 0xf5, 0xae, 0xc7, 0x25, 0x75, 0xae, 0x18, 0x5a,
0x1f, 0xec, 0x98, 0x0d, 0x79, 0x5c, 0x0c, 0xfb, 0xd5, 0xb5, 0x99, 0x5d, 0x2d, 0xcf, 0xa1, 0x86,
0x95, 0x5d, 0xc1, 0x00, 0xf4, 0x26, 0xb8, 0xb4, 0x08, 0x71, 0x2d, 0x5f, 0x92, 0x38, 0x52, 0x2b,
0x3d, 0x54, 0x97, 0x6e, 0x62, 0x7c, 0x07, 0xec, 0x25, 0x8f, 0x26, 0x53, 0x45, 0x6c, 0x0f, 0x35,
0x0f, 0xa9, 0x89, 0x6a, 0xa7, 0x00, 0x5b, 0xe3, 0xb8, 0x0a, 0xd6, 0x39, 0x5f, 0x99, 0xd6, 0x64,
0x9f, 0xd9, 0x8e, 0x2f, 0x58, 0x3c, 0xe7, 0xa4, 0xa4, 0x65, 0x79, 0xf0, 0xa2, 0x74, 0x8a, 0x6a,
0xcf, 0xe1, 0x60, 0xc7, 0xde, 0x65, 0x52, 0x77, 0x47, 0xda, 0x38, 0x06, 0xa7, 0xd8, 0x4a, 0x7c,
0x04, 0x87, 0xef, 0x83, 0xde, 0xbb, 0x41, 0xf0, 0xb9, 0x1f, 0xd0, 0xb0, 0xd3, 0xad, 0xee, 0x6d,
0x52, 0x67, 0xa1, 0x49, 0xa1, 0xc6, 0x13, 0x80, 0xed, 0xde, 0x61, 0x07, 0xf6, 0xc3, 0x0f, 0x61,
0x50, 0xdd, 0xc3, 0x00, 0x76, 0xaf, 0xdf, 0xe9, 0x9f, 0xbd, 0xa9, 0x22, 0x5c, 0x01, 0xeb, 0x6d,
0xd8, 0xab, 0x96, 0x5e, 0xfb, 0xbf, 0xd6, 0x75, 0xf4, 0x7b, 0x5d, 0x47, 0x7f, 0xd6, 0x75, 0xf4,
0xc5, 0xcb, 0x9b, 0x1e, 0x89, 0x16, 0x9b, 0x45, 0xad, 0x0b, 0x9e, 0xf9, 0xd0, 0xd6, 0xef, 0xfb,
0xe4, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0x10, 0x53, 0xa9, 0xc0, 0x48, 0x04, 0x00, 0x00,
}

34
networking/v1alpha3/service_entry.proto
View File

@ -299,6 +299,33 @@ option go_package = "istio.io/api/networking/v1alpha3";
// specified above. In other words, a call to `http://foo.bar.com/baz` would
// be translated to `http://uk.foo.bar.com/baz`.
//
// The following example illustrates the usage of a ServiceEntry
// containing a subject alternate name
// whose format conforms to the SPIFEE standard
// <https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md>:
//
// ```yaml
// apiVersion: networking.istio.io/v1alpha3
// kind: ServiceEntry
// metadata:
// name: httpbin
// namespace : httpbin-ns
// spec:
// hosts:
// - httpbin.com
// location: MESH_INTERNAL
// ports:
// - number: 80
// name: http
// protocol: HTTP
// resolution: STATIC
// endpoints:
// - address: 2.2.2.2
// - address: 3.3.3.3
// subjectAltNames:
// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account"
// ```
//
message ServiceEntry {
// REQUIRED. The hosts associated with the ServiceEntry. Could be a DNS
// name with wildcard prefix (external services only). DNS names in hosts
@ -461,4 +488,11 @@ message ServiceEntry {
// the annotation "networking.istio.io/export_to" to a comma-separated list
// of namespace names.
repeated string export_to = 7;
// The list of subject alternate names allowed for workloads that
// implement this service. This information is used to enforce
// secure-naming <https://istio.io/docs/concepts/security/#secure-naming>.
// If specified, the proxy will verify that the server
// certificate's subject alternate name matches one of the specified values.
repeated string subject_alt_names = 8;
}

6
proto.lock
View File

@ -3455,6 +3455,12 @@
"name": "export_to",
"type": "string",
"is_repeated": true
},
{
"id": 8,
"name": "subject_alt_names",
"type": "string",
"is_repeated": true
}
],
"messages": [

31
python/istio_api/networking/v1alpha3/service_entry_pb2.py
View File

@ -20,7 +20,7 @@ DESCRIPTOR = _descriptor.FileDescriptor(
name='networking/v1alpha3/service_entry.proto',
package='istio.networking.v1alpha3',
syntax='proto3',
serialized_pb=_b('\n\'networking/v1alpha3/service_entry.proto\x12\x19istio.networking.v1alpha3\x1a!networking/v1alpha3/gateway.proto\"\xeb\x05\n\x0cServiceEntry\x12\r\n\x05hosts\x18\x01 \x03(\t\x12\x11\n\taddresses\x18\x02 \x03(\t\x12.\n\x05ports\x18\x03 \x03(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x42\n\x08location\x18\x04 \x01(\x0e\x32\x30.istio.networking.v1alpha3.ServiceEntry.Location\x12\x46\n\nresolution\x18\x05 \x01(\x0e\x32\x32.istio.networking.v1alpha3.ServiceEntry.Resolution\x12\x43\n\tendpoints\x18\x06 \x03(\x0b\x32\x30.istio.networking.v1alpha3.ServiceEntry.Endpoint\x12\x11\n\texport_to\x18\x07 \x03(\t\x1a\xc5\x02\n\x08\x45ndpoint\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12J\n\x05ports\x18\x02 \x03(\x0b\x32;.istio.networking.v1alpha3.ServiceEntry.Endpoint.PortsEntry\x12L\n\x06labels\x18\x03 \x03(\x0b\x32<.istio.networking.v1alpha3.ServiceEntry.Endpoint.LabelsEntry\x12\x0f\n\x07network\x18\x04 \x01(\t\x12\x10\n\x08locality\x18\x05 \x01(\t\x12\x0e\n\x06weight\x18\x06 \x01(\r\x1a,\n\nPortsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\r:\x02\x38\x01\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"0\n\x08Location\x12\x11\n\rMESH_EXTERNAL\x10\x00\x12\x11\n\rMESH_INTERNAL\x10\x01\"+\n\nResolution\x12\x08\n\x04NONE\x10\x00\x12\n\n\x06STATIC\x10\x01\x12\x07\n\x03\x44NS\x10\x02\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3')
serialized_pb=_b('\n\'networking/v1alpha3/service_entry.proto\x12\x19istio.networking.v1alpha3\x1a!networking/v1alpha3/gateway.proto\"\x86\x06\n\x0cServiceEntry\x12\r\n\x05hosts\x18\x01 \x03(\t\x12\x11\n\taddresses\x18\x02 \x03(\t\x12.\n\x05ports\x18\x03 \x03(\x0b\x32\x1f.istio.networking.v1alpha3.Port\x12\x42\n\x08location\x18\x04 \x01(\x0e\x32\x30.istio.networking.v1alpha3.ServiceEntry.Location\x12\x46\n\nresolution\x18\x05 \x01(\x0e\x32\x32.istio.networking.v1alpha3.ServiceEntry.Resolution\x12\x43\n\tendpoints\x18\x06 \x03(\x0b\x32\x30.istio.networking.v1alpha3.ServiceEntry.Endpoint\x12\x11\n\texport_to\x18\x07 \x03(\t\x12\x19\n\x11subject_alt_names\x18\x08 \x03(\t\x1a\xc5\x02\n\x08\x45ndpoint\x12\x0f\n\x07\x61\x64\x64ress\x18\x01 \x01(\t\x12J\n\x05ports\x18\x02 \x03(\x0b\x32;.istio.networking.v1alpha3.ServiceEntry.Endpoint.PortsEntry\x12L\n\x06labels\x18\x03 \x03(\x0b\x32<.istio.networking.v1alpha3.ServiceEntry.Endpoint.LabelsEntry\x12\x0f\n\x07network\x18\x04 \x01(\t\x12\x10\n\x08locality\x18\x05 \x01(\t\x12\x0e\n\x06weight\x18\x06 \x01(\r\x1a,\n\nPortsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\r:\x02\x38\x01\x1a-\n\x0bLabelsEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"0\n\x08Location\x12\x11\n\rMESH_EXTERNAL\x10\x00\x12\x11\n\rMESH_INTERNAL\x10\x01\"+\n\nResolution\x12\x08\n\x04NONE\x10\x00\x12\n\n\x06STATIC\x10\x01\x12\x07\n\x03\x44NS\x10\x02\x42\"Z istio.io/api/networking/v1alpha3b\x06proto3')
,
dependencies=[networking_dot_v1alpha3_dot_gateway__pb2.DESCRIPTOR,])
@ -43,8 +43,8 @@ _SERVICEENTRY_LOCATION = _descriptor.EnumDescriptor(
],
containing_type=None,
options=None,
serialized_start=760,
serialized_end=808,
serialized_start=787,
serialized_end=835,
)
_sym_db.RegisterEnumDescriptor(_SERVICEENTRY_LOCATION)
@ -69,8 +69,8 @@ _SERVICEENTRY_RESOLUTION = _descriptor.EnumDescriptor(
],
containing_type=None,
options=None,
serialized_start=810,
serialized_end=853,
serialized_start=837,
serialized_end=880,
)
_sym_db.RegisterEnumDescriptor(_SERVICEENTRY_RESOLUTION)
@ -108,8 +108,8 @@ _SERVICEENTRY_ENDPOINT_PORTSENTRY = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
serialized_start=667,
serialized_end=711,
serialized_start=694,
serialized_end=738,
)
_SERVICEENTRY_ENDPOINT_LABELSENTRY = _descriptor.Descriptor(
@ -145,8 +145,8 @@ _SERVICEENTRY_ENDPOINT_LABELSENTRY = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
serialized_start=713,
serialized_end=758,
serialized_start=740,
serialized_end=785,
)
_SERVICEENTRY_ENDPOINT = _descriptor.Descriptor(
@ -210,8 +210,8 @@ _SERVICEENTRY_ENDPOINT = _descriptor.Descriptor(
extension_ranges=[],
oneofs=[
],
serialized_start=433,
serialized_end=758,
serialized_start=460,
serialized_end=785,
)
_SERVICEENTRY = _descriptor.Descriptor(
@ -270,6 +270,13 @@ _SERVICEENTRY = _descriptor.Descriptor(
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='subject_alt_names', full_name='istio.networking.v1alpha3.ServiceEntry.subject_alt_names', index=7,
number=8, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
options=None, file=DESCRIPTOR),
],
extensions=[
],
@ -285,7 +292,7 @@ _SERVICEENTRY = _descriptor.Descriptor(
oneofs=[
],
serialized_start=106,
serialized_end=853,
serialized_end=880,
)
_SERVICEENTRY_ENDPOINT_PORTSENTRY.containing_type = _SERVICEENTRY_ENDPOINT