istio
/
api
mirror of https://github.com/istio/api.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

authz: remove alpha RBAC API (#1427) 

* authz: remove alpha RBAC API

* update
This commit is contained in:
Yangmin Zhu 2020-05-18 17:58:11 -07:00 committed by GitHub
parent 6d29a38039
commit d98da5d2d0
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 513 additions and 6581 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Makefile.core.mk
View File

@ -98,7 +98,6 @@ gen: \
generate-operator \
generate-mixer \
generate-networking \
generate-rbac \
generate-authn \
generate-security \
generate-envoy \
@ -353,30 +352,6 @@ clean-networking:
@rm -fr $(networking_v1alpha3_pb_gos) $(networking_v1alpha3_pb_docs) $(networking_v1alpha3_pb_pythons) $(networking_v1alpha3_k8s_gos) \
$(networking_v1beta1_pb_gos) $(networking_v1beta1_pb_docs) $(networking_v1beta1_pb_pythons) $(networking_v1beta1_k8s_gos)
#####################
# rbac/...
#####################
rbac_v1alpha1_path := rbac/v1alpha1
rbac_v1alpha1_protos := $(wildcard $(rbac_v1alpha1_path)/*.proto)
rbac_v1alpha1_pb_gos := $(rbac_v1alpha1_protos:.proto=.pb.go)
rbac_v1alpha1_pb_pythons := $(patsubst $(rbac_v1alpha1_path)/%.proto,$(python_output_path)/$(rbac_v1alpha1_path)/%_pb2.py,$(rbac_v1alpha1_protos))
rbac_v1alpha1_pb_doc := $(rbac_v1alpha1_path)/istio.rbac.v1alpha1.pb.html
rbac_v1alpha1_openapi := $(rbac_v1alpha1_path)/istio.rbac.v1alpha1.gen.json
rbac_v1alpha1_k8s_gos := \
$(patsubst $(rbac_v1alpha1_path)/%.proto,$(rbac_v1alpha1_path)/%_json.gen.go,$(shell grep -l "^ *oneof " $(rbac_v1alpha1_protos))) \
$(patsubst $(rbac_v1alpha1_path)/%.proto,$(rbac_v1alpha1_path)/%_deepcopy.gen.go,$(shell grep -l "+kubetype-gen" $(rbac_v1alpha1_protos)))
$(rbac_v1alpha1_pb_gos) $(rbac_v1alpha1_pb_doc) $(rbac_v1alpha1_pb_pythons) $(rbac_v1alpha1_k8s_gos): $(rbac_v1alpha1_protos)
@$(protolock) status
@$(protoc) $(gogofast_plugin) $(protoc_gen_k8s_support_plugins) $(protoc_gen_docs_plugin)$(rbac_v1alpha1_path) $(protoc_gen_python_plugin) $^
@cp -r /tmp/istio.io/api/rbac/* rbac
generate-rbac: $(rbac_v1alpha1_pb_gos) $(rbac_v1alpha1_pb_doc) $(rbac_v1alpha1_protos) $(rbac_v1alpha1_k8s_gos)
clean-rbac:
@rm -fr $(rbac_v1alpha1_pb_gos) $(rbac_v1alpha1_pb_doc) $(rbac_v1alpha1_pb_pythons) $(rbac_v1alpha1_k8s_gos)
#####################
# authentication/...
#####################
@ -499,7 +474,6 @@ all_protos := \
$(mixer_adapter_model_v1beta1_protos) \
$(networking_v1alpha3_protos) \
$(networking_v1beta1_protos) \
$(rbac_v1alpha1_protos) \
$(authn_v1alpha1_protos) \
$(security_v1beta1_protos) \
$(type_v1beta1_protos)
@ -515,7 +489,6 @@ all_openapi := \
$(mixer_adapter_model_v1beta1_openapi) \
$(networking_v1alpha3_openapi) \
$(networking_v1beta1_openapi) \
$(rbac_v1alpha1_openapi) \
$(authn_v1alpha1_openapi) \
$(security_v1beta1_openapi) \
$(type_v1beta1_openapi)
@ -550,7 +523,6 @@ clean: \
clean-operator \
clean-mixer \
clean-networking \
clean-rbac \
clean-authn \
clean-envoy \
clean-policy \

2
cue.yaml
View File

@ -29,8 +29,6 @@ directories:
- mode: perFile
policy/v1beta1:
- mode: all
rbac/v1alpha1:
- mode: all
security/v1beta1:
- mode: perFile

500
kubernetes/customresourcedefinitions.gen.yaml generated
View File

@ -4010,506 +4010,6 @@ spec:
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: istio-pilot
chart: istio
heritage: Tiller
istio: rbac
release: istio
name: clusterrbacconfigs.rbac.istio.io
spec:
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: ClusterRbacConfig
listKind: ClusterRbacConfigList
plural: clusterrbacconfigs
singular: clusterrbacconfig
preserveUnknownFields: false
scope: Cluster
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'See more details at:'
properties:
enforcementMode:
enum:
- ENFORCED
- PERMISSIVE
type: string
exclusion:
description: A list of services or namespaces that should not be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
inclusion:
description: A list of services or namespaces that should be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
mode:
description: Istio RBAC mode.
enum:
- "OFF"
- "ON"
- ON_WITH_INCLUSION
- ON_WITH_EXCLUSION
type: string
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: mixer
chart: istio
heritage: Tiller
istio: rbac
package: istio.io.mixer
release: istio
name: rbacconfigs.rbac.istio.io
spec:
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: RbacConfig
listKind: RbacConfigList
plural: rbacconfigs
singular: rbacconfig
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'See more details at:'
properties:
enforcementMode:
enum:
- ENFORCED
- PERMISSIVE
type: string
exclusion:
description: A list of services or namespaces that should not be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
inclusion:
description: A list of services or namespaces that should be enforced
by Istio RBAC policies.
properties:
namespaces:
description: A list of namespaces.
items:
format: string
type: string
type: array
services:
description: A list of services.
items:
format: string
type: string
type: array
type: object
mode:
description: Istio RBAC mode.
enum:
- "OFF"
- "ON"
- ON_WITH_INCLUSION
- ON_WITH_EXCLUSION
type: string
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: mixer
chart: istio
heritage: Tiller
istio: rbac
package: istio.io.mixer
release: istio
name: serviceroles.rbac.istio.io
spec:
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: ServiceRole
listKind: ServiceRoleList
plural: serviceroles
singular: servicerole
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'See more details at:'
properties:
rules:
description: The set of access rules (permissions) that the role has.
items:
properties:
constraints:
description: Optional.
items:
properties:
key:
description: Key of the constraint.
format: string
type: string
values:
description: List of valid values for the constraint.
items:
format: string
type: string
type: array
type: object
type: array
hosts:
items:
format: string
type: string
type: array
methods:
description: Optional.
items:
format: string
type: string
type: array
notHosts:
items:
format: string
type: string
type: array
notMethods:
items:
format: string
type: string
type: array
notPaths:
items:
format: string
type: string
type: array
notPorts:
items:
format: int32
type: integer
type: array
paths:
description: Optional.
items:
format: string
type: string
type: array
ports:
items:
format: int32
type: integer
type: array
services:
description: A list of service names.
items:
format: string
type: string
type: array
type: object
type: array
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
annotations:
"helm.sh/resource-policy": keep
labels:
app: mixer
chart: istio
heritage: Tiller
istio: rbac
package: istio.io.mixer
release: istio
name: servicerolebindings.rbac.istio.io
spec:
additionalPrinterColumns:
- JSONPath: .spec.roleRef.name
description: The name of the ServiceRole object being referenced
name: Reference
type: string
- JSONPath: .metadata.creationTimestamp
description: 'CreationTimestamp is a timestamp representing the server time when
this object was created. It is not guaranteed to be set in happens-before order
across separate operations. Clients may not set this value. It is represented
in RFC3339 form and is in UTC. Populated by the system. Read-only. Null for
lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata'
name: Age
type: date
group: rbac.istio.io
names:
categories:
- istio-io
- rbac-istio-io
kind: ServiceRoleBinding
listKind: ServiceRoleBindingList
plural: servicerolebindings
singular: servicerolebinding
preserveUnknownFields: false
scope: Namespaced
subresources:
status: {}
validation:
openAPIV3Schema:
properties:
spec:
description: 'See more details at:'
properties:
actions:
items:
properties:
constraints:
description: Optional.
items:
properties:
key:
description: Key of the constraint.
format: string
type: string
values:
description: List of valid values for the constraint.
items:
format: string
type: string
type: array
type: object
type: array
hosts:
items:
format: string
type: string
type: array
methods:
description: Optional.
items:
format: string
type: string
type: array
notHosts:
items:
format: string
type: string
type: array
notMethods:
items:
format: string
type: string
type: array
notPaths:
items:
format: string
type: string
type: array
notPorts:
items:
format: int32
type: integer
type: array
paths:
description: Optional.
items:
format: string
type: string
type: array
ports:
items:
format: int32
type: integer
type: array
services:
description: A list of service names.
items:
format: string
type: string
type: array
type: object
type: array
mode:
enum:
- ENFORCED
- PERMISSIVE
type: string
role:
format: string
type: string
roleRef:
description: Reference to the ServiceRole object.
properties:
kind:
description: The type of the role being referenced.
format: string
type: string
name:
description: The name of the ServiceRole object being referenced.
format: string
type: string
type: object
subjects:
description: List of subjects that are assigned the ServiceRole object.
items:
properties:
group:
format: string
type: string
groups:
items:
format: string
type: string
type: array
ips:
items:
format: string
type: string
type: array
names:
items:
format: string
type: string
type: array
namespaces:
items:
format: string
type: string
type: array
notGroups:
items:
format: string
type: string
type: array
notIps:
items:
format: string
type: string
type: array
notNames:
items:
format: string
type: string
type: array
notNamespaces:
items:
format: string
type: string
type: array
properties:
additionalProperties:
format: string
type: string
description: Optional.
type: object
user:
description: Optional.
format: string
type: string
type: object
type: array
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
versions:
- name: v1alpha1
served: true
storage: true
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition

366
proto.lock
View File

@ -43188,6 +43188,11 @@
"name": "cni",
"type": "ComponentSpec"
},
{
"id": 39,
"name": "istiod_remote",
"type": "ComponentSpec"
},
{
"id": 40,
"name": "ingress_gateways",
@ -45575,367 +45580,6 @@
]
}
},
{
"protopath": "rbac:/:v1alpha1:/:rbac.proto",
"def": {
"enums": [
{
"name": "EnforcementMode",
"enum_fields": [
{
"name": "ENFORCED"
},
{
"name": "PERMISSIVE",
"integer": 1
}
]
},
{
"name": "RbacConfig.Mode",
"enum_fields": [
{
"name": "OFF"
},
{
"name": "ON",
"integer": 1
},
{
"name": "ON_WITH_INCLUSION",
"integer": 2
},
{
"name": "ON_WITH_EXCLUSION",
"integer": 3
}
]
}
],
"messages": [
{
"name": "ServiceRole",
"fields": [
{
"id": 1,
"name": "rules",
"type": "AccessRule",
"is_repeated": true,
"options": [
{
"name": "(google.api.field_behavior)",
"value": "REQUIRED"
}
]
}
]
},
{
"name": "AccessRule",
"fields": [
{
"id": 1,
"name": "services",
"type": "string",
"is_repeated": true,
"options": [
{
"name": "(google.api.field_behavior)",
"value": "REQUIRED"
}
]
},
{
"id": 5,
"name": "hosts",
"type": "string",
"is_repeated": true
},
{
"id": 6,
"name": "not_hosts",
"type": "string",
"is_repeated": true
},
{
"id": 2,
"name": "paths",
"type": "string",
"is_repeated": true
},
{
"id": 7,
"name": "not_paths",
"type": "string",
"is_repeated": true
},
{
"id": 3,
"name": "methods",
"type": "string",
"is_repeated": true
},
{
"id": 8,
"name": "not_methods",
"type": "string",
"is_repeated": true
},
{
"id": 9,
"name": "ports",
"type": "int32",
"is_repeated": true
},
{
"id": 10,
"name": "not_ports",
"type": "int32",
"is_repeated": true
},
{
"id": 4,
"name": "constraints",
"type": "Constraint",
"is_repeated": true
}
],
"messages": [
{
"name": "Constraint",
"fields": [
{
"id": 1,
"name": "key",
"type": "string"
},
{
"id": 2,
"name": "values",
"type": "string",
"is_repeated": true
}
]
}
]
},
{
"name": "ServiceRoleBinding",
"fields": [
{
"id": 1,
"name": "subjects",
"type": "Subject",
"is_repeated": true,
"options": [
{
"name": "(google.api.field_behavior)",
"value": "REQUIRED"
}
]
},
{
"id": 2,
"name": "roleRef",
"type": "RoleRef",
"options": [
{
"name": "(google.api.field_behavior)",
"value": "REQUIRED"
}
]
},
{
"id": 3,
"name": "mode",
"type": "EnforcementMode"
},
{
"id": 4,
"name": "actions",
"type": "AccessRule",
"is_repeated": true,
"options": [
{
"name": "(google.api.field_behavior)",
"value": "REQUIRED"
}
]
},
{
"id": 5,
"name": "role",
"type": "string"
}
]
},
{
"name": "Subject",
"fields": [
{
"id": 1,
"name": "user",
"type": "string"
},
{
"id": 4,
"name": "names",
"type": "string",
"is_repeated": true
},
{
"id": 5,
"name": "not_names",
"type": "string",
"is_repeated": true
},
{
"id": 2,
"name": "group",
"type": "string",
"options": [
{
"name": "deprecated",
"value": "true"
}
]
},
{
"id": 6,
"name": "groups",
"type": "string",
"is_repeated": true
},
{
"id": 7,
"name": "not_groups",
"type": "string",
"is_repeated": true
},
{
"id": 8,
"name": "namespaces",
"type": "string",
"is_repeated": true
},
{
"id": 9,
"name": "not_namespaces",
"type": "string",
"is_repeated": true
},
{
"id": 10,
"name": "ips",
"type": "string",
"is_repeated": true
},
{
"id": 11,
"name": "not_ips",
"type": "string",
"is_repeated": true
}
],
"maps": [
{
"key_type": "string",
"field": {
"id": 3,
"name": "properties",
"type": "string"
}
}
]
},
{
"name": "RoleRef",
"fields": [
{
"id": 1,
"name": "kind",
"type": "string",
"options": [
{
"name": "(google.api.field_behavior)",
"value": "REQUIRED"
}
]
},
{
"id": 2,
"name": "name",
"type": "string",
"options": [
{
"name": "(google.api.field_behavior)",
"value": "REQUIRED"
}
]
}
]
},
{
"name": "RbacConfig",
"fields": [
{
"id": 1,
"name": "mode",
"type": "Mode"
},
{
"id": 2,
"name": "inclusion",
"type": "Target"
},
{
"id": 3,
"name": "exclusion",
"type": "Target"
},
{
"id": 4,
"name": "enforcement_mode",
"type": "EnforcementMode"
}
],
"messages": [
{
"name": "Target",
"fields": [
{
"id": 1,
"name": "services",
"type": "string",
"is_repeated": true
},
{
"id": 2,
"name": "namespaces",
"type": "string",
"is_repeated": true
}
]
}
]
}
],
"imports": [
{
"path": "google/api/field_behavior.proto"
}
],
"package": {
"name": "istio.rbac.v1alpha1"
},
"options": [
{
"name": "go_package",
"value": "istio.io/api/rbac/v1alpha1"
}
]
}
},
{
"protopath": "security:/:v1beta1:/:authorization.proto",
"def": {

1
prototool.yaml
View File

@ -15,7 +15,6 @@ lint:
files:
- operator/v1alpha1/component.proto
- operator/v1alpha1/kubernetes.proto
- rbac/v1alpha1/rbac.proto
- id: ENUM_FIELD_NAMES_UPPER_SNAKE_CASE
files:
- networking/v1alpha3/gateway.proto

674
python/istio_api/rbac/v1alpha1/rbac_pb2.py generated
View File

@ -1,674 +0,0 @@
# -*- coding: utf-8 -*-
# Generated by the protocol buffer compiler. DO NOT EDIT!
# source: rbac/v1alpha1/rbac.proto
import sys
_b=sys.version_info[0]<3 and (lambda x:x) or (lambda x:x.encode('latin1'))
from google.protobuf.internal import enum_type_wrapper
from google.protobuf import descriptor as _descriptor
from google.protobuf import message as _message
from google.protobuf import reflection as _reflection
from google.protobuf import symbol_database as _symbol_database
# @@protoc_insertion_point(imports)
_sym_db = _symbol_database.Default()
from google.api import field_behavior_pb2 as google_dot_api_dot_field__behavior__pb2
DESCRIPTOR = _descriptor.FileDescriptor(
name='rbac/v1alpha1/rbac.proto',
package='istio.rbac.v1alpha1',
syntax='proto3',
serialized_options=_b('Z\032istio.io/api/rbac/v1alpha1'),
serialized_pb=_b('\n\x18rbac/v1alpha1/rbac.proto\x12\x13istio.rbac.v1alpha1\x1a\x1fgoogle/api/field_behavior.proto\"B\n\x0bServiceRole\x12\x33\n\x05rules\x18\x01 \x03(\x0b\x32\x1f.istio.rbac.v1alpha1.AccessRuleB\x03\xe0\x41\x02\"\x9b\x02\n\nAccessRule\x12\x15\n\x08services\x18\x01 \x03(\tB\x03\xe0\x41\x02\x12\r\n\x05hosts\x18\x05 \x03(\t\x12\x11\n\tnot_hosts\x18\x06 \x03(\t\x12\r\n\x05paths\x18\x02 \x03(\t\x12\x11\n\tnot_paths\x18\x07 \x03(\t\x12\x0f\n\x07methods\x18\x03 \x03(\t\x12\x13\n\x0bnot_methods\x18\x08 \x03(\t\x12\r\n\x05ports\x18\t \x03(\x05\x12\x11\n\tnot_ports\x18\n \x03(\x05\x12?\n\x0b\x63onstraints\x18\x04 \x03(\x0b\x32*.istio.rbac.v1alpha1.AccessRule.Constraint\x1a)\n\nConstraint\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\x0e\n\x06values\x18\x02 \x03(\t\"\xf6\x01\n\x12ServiceRoleBinding\x12\x33\n\x08subjects\x18\x01 \x03(\x0b\x32\x1c.istio.rbac.v1alpha1.SubjectB\x03\xe0\x41\x02\x12\x32\n\x07roleRef\x18\x02 \x01(\x0b\x32\x1c.istio.rbac.v1alpha1.RoleRefB\x03\xe0\x41\x02\x12\x32\n\x04mode\x18\x03 \x01(\x0e\x32$.istio.rbac.v1alpha1.EnforcementMode\x12\x35\n\x07\x61\x63tions\x18\x04 \x03(\x0b\x32\x1f.istio.rbac.v1alpha1.AccessRuleB\x03\xe0\x41\x02\x12\x0c\n\x04role\x18\x05 \x01(\t\"\xaf\x02\n\x07Subject\x12\x0c\n\x04user\x18\x01 \x01(\t\x12\r\n\x05names\x18\x04 \x03(\t\x12\x11\n\tnot_names\x18\x05 \x03(\t\x12\x11\n\x05group\x18\x02 \x01(\tB\x02\x18\x01\x12\x0e\n\x06groups\x18\x06 \x03(\t\x12\x12\n\nnot_groups\x18\x07 \x03(\t\x12\x12\n\nnamespaces\x18\x08 \x03(\t\x12\x16\n\x0enot_namespaces\x18\t \x03(\t\x12\x0b\n\x03ips\x18\n \x03(\t\x12\x0f\n\x07not_ips\x18\x0b \x03(\t\x12@\n\nproperties\x18\x03 \x03(\x0b\x32,.istio.rbac.v1alpha1.Subject.PropertiesEntry\x1a\x31\n\x0fPropertiesEntry\x12\x0b\n\x03key\x18\x01 \x01(\t\x12\r\n\x05value\x18\x02 \x01(\t:\x02\x38\x01\"/\n\x07RoleRef\x12\x11\n\x04kind\x18\x01 \x01(\tB\x03\xe0\x41\x02\x12\x11\n\x04name\x18\x02 \x01(\tB\x03\xe0\x41\x02\"\xed\x02\n\nRbacConfig\x12\x32\n\x04mode\x18\x01 \x01(\x0e\x32$.istio.rbac.v1alpha1.RbacConfig.Mode\x12\x39\n\tinclusion\x18\x02 \x01(\x0b\x32&.istio.rbac.v1alpha1.RbacConfig.Target\x12\x39\n\texclusion\x18\x03 \x01(\x0b\x32&.istio.rbac.v1alpha1.RbacConfig.Target\x12>\n\x10\x65nforcement_mode\x18\x04 \x01(\x0e\x32$.istio.rbac.v1alpha1.EnforcementMode\x1a.\n\x06Target\x12\x10\n\x08services\x18\x01 \x03(\t\x12\x12\n\nnamespaces\x18\x02 \x03(\t\"E\n\x04Mode\x12\x07\n\x03OFF\x10\x00\x12\x06\n\x02ON\x10\x01\x12\x15\n\x11ON_WITH_INCLUSION\x10\x02\x12\x15\n\x11ON_WITH_EXCLUSION\x10\x03*/\n\x0f\x45nforcementMode\x12\x0c\n\x08\x45NFORCED\x10\x00\x12\x0e\n\nPERMISSIVE\x10\x01\x42\x1cZ\x1aistio.io/api/rbac/v1alpha1b\x06proto3')
,
dependencies=[google_dot_api_dot_field__behavior__pb2.DESCRIPTOR,])
_ENFORCEMENTMODE = _descriptor.EnumDescriptor(
name='EnforcementMode',
full_name='istio.rbac.v1alpha1.EnforcementMode',
filename=None,
file=DESCRIPTOR,
values=[
_descriptor.EnumValueDescriptor(
name='ENFORCED', index=0, number=0,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='PERMISSIVE', index=1, number=1,
serialized_options=None,
type=None),
],
containing_type=None,
serialized_options=None,
serialized_start=1408,
serialized_end=1455,
)
_sym_db.RegisterEnumDescriptor(_ENFORCEMENTMODE)
EnforcementMode = enum_type_wrapper.EnumTypeWrapper(_ENFORCEMENTMODE)
ENFORCED = 0
PERMISSIVE = 1
_RBACCONFIG_MODE = _descriptor.EnumDescriptor(
name='Mode',
full_name='istio.rbac.v1alpha1.RbacConfig.Mode',
filename=None,
file=DESCRIPTOR,
values=[
_descriptor.EnumValueDescriptor(
name='OFF', index=0, number=0,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='ON', index=1, number=1,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='ON_WITH_INCLUSION', index=2, number=2,
serialized_options=None,
type=None),
_descriptor.EnumValueDescriptor(
name='ON_WITH_EXCLUSION', index=3, number=3,
serialized_options=None,
type=None),
],
containing_type=None,
serialized_options=None,
serialized_start=1337,
serialized_end=1406,
)
_sym_db.RegisterEnumDescriptor(_RBACCONFIG_MODE)
_SERVICEROLE = _descriptor.Descriptor(
name='ServiceRole',
full_name='istio.rbac.v1alpha1.ServiceRole',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='rules', full_name='istio.rbac.v1alpha1.ServiceRole.rules', index=0,
number=1, type=11, cpp_type=10, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=_b('\340A\002'), file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=82,
serialized_end=148,
)
_ACCESSRULE_CONSTRAINT = _descriptor.Descriptor(
name='Constraint',
full_name='istio.rbac.v1alpha1.AccessRule.Constraint',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='key', full_name='istio.rbac.v1alpha1.AccessRule.Constraint.key', index=0,
number=1, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='values', full_name='istio.rbac.v1alpha1.AccessRule.Constraint.values', index=1,
number=2, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=393,
serialized_end=434,
)
_ACCESSRULE = _descriptor.Descriptor(
name='AccessRule',
full_name='istio.rbac.v1alpha1.AccessRule',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='services', full_name='istio.rbac.v1alpha1.AccessRule.services', index=0,
number=1, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=_b('\340A\002'), file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='hosts', full_name='istio.rbac.v1alpha1.AccessRule.hosts', index=1,
number=5, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='not_hosts', full_name='istio.rbac.v1alpha1.AccessRule.not_hosts', index=2,
number=6, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='paths', full_name='istio.rbac.v1alpha1.AccessRule.paths', index=3,
number=2, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='not_paths', full_name='istio.rbac.v1alpha1.AccessRule.not_paths', index=4,
number=7, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='methods', full_name='istio.rbac.v1alpha1.AccessRule.methods', index=5,
number=3, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='not_methods', full_name='istio.rbac.v1alpha1.AccessRule.not_methods', index=6,
number=8, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='ports', full_name='istio.rbac.v1alpha1.AccessRule.ports', index=7,
number=9, type=5, cpp_type=1, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='not_ports', full_name='istio.rbac.v1alpha1.AccessRule.not_ports', index=8,
number=10, type=5, cpp_type=1, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='constraints', full_name='istio.rbac.v1alpha1.AccessRule.constraints', index=9,
number=4, type=11, cpp_type=10, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[_ACCESSRULE_CONSTRAINT, ],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=151,
serialized_end=434,
)
_SERVICEROLEBINDING = _descriptor.Descriptor(
name='ServiceRoleBinding',
full_name='istio.rbac.v1alpha1.ServiceRoleBinding',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='subjects', full_name='istio.rbac.v1alpha1.ServiceRoleBinding.subjects', index=0,
number=1, type=11, cpp_type=10, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=_b('\340A\002'), file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='roleRef', full_name='istio.rbac.v1alpha1.ServiceRoleBinding.roleRef', index=1,
number=2, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=_b('\340A\002'), file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='mode', full_name='istio.rbac.v1alpha1.ServiceRoleBinding.mode', index=2,
number=3, type=14, cpp_type=8, label=1,
has_default_value=False, default_value=0,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='actions', full_name='istio.rbac.v1alpha1.ServiceRoleBinding.actions', index=3,
number=4, type=11, cpp_type=10, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=_b('\340A\002'), file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='role', full_name='istio.rbac.v1alpha1.ServiceRoleBinding.role', index=4,
number=5, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=437,
serialized_end=683,
)
_SUBJECT_PROPERTIESENTRY = _descriptor.Descriptor(
name='PropertiesEntry',
full_name='istio.rbac.v1alpha1.Subject.PropertiesEntry',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='key', full_name='istio.rbac.v1alpha1.Subject.PropertiesEntry.key', index=0,
number=1, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='value', full_name='istio.rbac.v1alpha1.Subject.PropertiesEntry.value', index=1,
number=2, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=_b('8\001'),
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=940,
serialized_end=989,
)
_SUBJECT = _descriptor.Descriptor(
name='Subject',
full_name='istio.rbac.v1alpha1.Subject',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='user', full_name='istio.rbac.v1alpha1.Subject.user', index=0,
number=1, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='names', full_name='istio.rbac.v1alpha1.Subject.names', index=1,
number=4, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='not_names', full_name='istio.rbac.v1alpha1.Subject.not_names', index=2,
number=5, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='group', full_name='istio.rbac.v1alpha1.Subject.group', index=3,
number=2, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=_b('\030\001'), file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='groups', full_name='istio.rbac.v1alpha1.Subject.groups', index=4,
number=6, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='not_groups', full_name='istio.rbac.v1alpha1.Subject.not_groups', index=5,
number=7, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='namespaces', full_name='istio.rbac.v1alpha1.Subject.namespaces', index=6,
number=8, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='not_namespaces', full_name='istio.rbac.v1alpha1.Subject.not_namespaces', index=7,
number=9, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='ips', full_name='istio.rbac.v1alpha1.Subject.ips', index=8,
number=10, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='not_ips', full_name='istio.rbac.v1alpha1.Subject.not_ips', index=9,
number=11, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='properties', full_name='istio.rbac.v1alpha1.Subject.properties', index=10,
number=3, type=11, cpp_type=10, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[_SUBJECT_PROPERTIESENTRY, ],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=686,
serialized_end=989,
)
_ROLEREF = _descriptor.Descriptor(
name='RoleRef',
full_name='istio.rbac.v1alpha1.RoleRef',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='kind', full_name='istio.rbac.v1alpha1.RoleRef.kind', index=0,
number=1, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=_b('\340A\002'), file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='name', full_name='istio.rbac.v1alpha1.RoleRef.name', index=1,
number=2, type=9, cpp_type=9, label=1,
has_default_value=False, default_value=_b("").decode('utf-8'),
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=_b('\340A\002'), file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=991,
serialized_end=1038,
)
_RBACCONFIG_TARGET = _descriptor.Descriptor(
name='Target',
full_name='istio.rbac.v1alpha1.RbacConfig.Target',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='services', full_name='istio.rbac.v1alpha1.RbacConfig.Target.services', index=0,
number=1, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='namespaces', full_name='istio.rbac.v1alpha1.RbacConfig.Target.namespaces', index=1,
number=2, type=9, cpp_type=9, label=3,
has_default_value=False, default_value=[],
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[],
enum_types=[
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=1289,
serialized_end=1335,
)
_RBACCONFIG = _descriptor.Descriptor(
name='RbacConfig',
full_name='istio.rbac.v1alpha1.RbacConfig',
filename=None,
file=DESCRIPTOR,
containing_type=None,
fields=[
_descriptor.FieldDescriptor(
name='mode', full_name='istio.rbac.v1alpha1.RbacConfig.mode', index=0,
number=1, type=14, cpp_type=8, label=1,
has_default_value=False, default_value=0,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='inclusion', full_name='istio.rbac.v1alpha1.RbacConfig.inclusion', index=1,
number=2, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='exclusion', full_name='istio.rbac.v1alpha1.RbacConfig.exclusion', index=2,
number=3, type=11, cpp_type=10, label=1,
has_default_value=False, default_value=None,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
_descriptor.FieldDescriptor(
name='enforcement_mode', full_name='istio.rbac.v1alpha1.RbacConfig.enforcement_mode', index=3,
number=4, type=14, cpp_type=8, label=1,
has_default_value=False, default_value=0,
message_type=None, enum_type=None, containing_type=None,
is_extension=False, extension_scope=None,
serialized_options=None, file=DESCRIPTOR),
],
extensions=[
],
nested_types=[_RBACCONFIG_TARGET, ],
enum_types=[
_RBACCONFIG_MODE,
],
serialized_options=None,
is_extendable=False,
syntax='proto3',
extension_ranges=[],
oneofs=[
],
serialized_start=1041,
serialized_end=1406,
)
_SERVICEROLE.fields_by_name['rules'].message_type = _ACCESSRULE
_ACCESSRULE_CONSTRAINT.containing_type = _ACCESSRULE
_ACCESSRULE.fields_by_name['constraints'].message_type = _ACCESSRULE_CONSTRAINT
_SERVICEROLEBINDING.fields_by_name['subjects'].message_type = _SUBJECT
_SERVICEROLEBINDING.fields_by_name['roleRef'].message_type = _ROLEREF
_SERVICEROLEBINDING.fields_by_name['mode'].enum_type = _ENFORCEMENTMODE
_SERVICEROLEBINDING.fields_by_name['actions'].message_type = _ACCESSRULE
_SUBJECT_PROPERTIESENTRY.containing_type = _SUBJECT
_SUBJECT.fields_by_name['properties'].message_type = _SUBJECT_PROPERTIESENTRY
_RBACCONFIG_TARGET.containing_type = _RBACCONFIG
_RBACCONFIG.fields_by_name['mode'].enum_type = _RBACCONFIG_MODE
_RBACCONFIG.fields_by_name['inclusion'].message_type = _RBACCONFIG_TARGET
_RBACCONFIG.fields_by_name['exclusion'].message_type = _RBACCONFIG_TARGET
_RBACCONFIG.fields_by_name['enforcement_mode'].enum_type = _ENFORCEMENTMODE
_RBACCONFIG_MODE.containing_type = _RBACCONFIG
DESCRIPTOR.message_types_by_name['ServiceRole'] = _SERVICEROLE
DESCRIPTOR.message_types_by_name['AccessRule'] = _ACCESSRULE
DESCRIPTOR.message_types_by_name['ServiceRoleBinding'] = _SERVICEROLEBINDING
DESCRIPTOR.message_types_by_name['Subject'] = _SUBJECT
DESCRIPTOR.message_types_by_name['RoleRef'] = _ROLEREF
DESCRIPTOR.message_types_by_name['RbacConfig'] = _RBACCONFIG
DESCRIPTOR.enum_types_by_name['EnforcementMode'] = _ENFORCEMENTMODE
_sym_db.RegisterFileDescriptor(DESCRIPTOR)
ServiceRole = _reflection.GeneratedProtocolMessageType('ServiceRole', (_message.Message,), {
'DESCRIPTOR' : _SERVICEROLE,
'__module__' : 'rbac.v1alpha1.rbac_pb2'
# @@protoc_insertion_point(class_scope:istio.rbac.v1alpha1.ServiceRole)
})
_sym_db.RegisterMessage(ServiceRole)
AccessRule = _reflection.GeneratedProtocolMessageType('AccessRule', (_message.Message,), {
'Constraint' : _reflection.GeneratedProtocolMessageType('Constraint', (_message.Message,), {
'DESCRIPTOR' : _ACCESSRULE_CONSTRAINT,
'__module__' : 'rbac.v1alpha1.rbac_pb2'
# @@protoc_insertion_point(class_scope:istio.rbac.v1alpha1.AccessRule.Constraint)
})
,
'DESCRIPTOR' : _ACCESSRULE,
'__module__' : 'rbac.v1alpha1.rbac_pb2'
# @@protoc_insertion_point(class_scope:istio.rbac.v1alpha1.AccessRule)
})
_sym_db.RegisterMessage(AccessRule)
_sym_db.RegisterMessage(AccessRule.Constraint)
ServiceRoleBinding = _reflection.GeneratedProtocolMessageType('ServiceRoleBinding', (_message.Message,), {
'DESCRIPTOR' : _SERVICEROLEBINDING,
'__module__' : 'rbac.v1alpha1.rbac_pb2'
# @@protoc_insertion_point(class_scope:istio.rbac.v1alpha1.ServiceRoleBinding)
})
_sym_db.RegisterMessage(ServiceRoleBinding)
Subject = _reflection.GeneratedProtocolMessageType('Subject', (_message.Message,), {
'PropertiesEntry' : _reflection.GeneratedProtocolMessageType('PropertiesEntry', (_message.Message,), {
'DESCRIPTOR' : _SUBJECT_PROPERTIESENTRY,
'__module__' : 'rbac.v1alpha1.rbac_pb2'
# @@protoc_insertion_point(class_scope:istio.rbac.v1alpha1.Subject.PropertiesEntry)
})
,
'DESCRIPTOR' : _SUBJECT,
'__module__' : 'rbac.v1alpha1.rbac_pb2'
# @@protoc_insertion_point(class_scope:istio.rbac.v1alpha1.Subject)
})
_sym_db.RegisterMessage(Subject)
_sym_db.RegisterMessage(Subject.PropertiesEntry)
RoleRef = _reflection.GeneratedProtocolMessageType('RoleRef', (_message.Message,), {
'DESCRIPTOR' : _ROLEREF,
'__module__' : 'rbac.v1alpha1.rbac_pb2'
# @@protoc_insertion_point(class_scope:istio.rbac.v1alpha1.RoleRef)
})
_sym_db.RegisterMessage(RoleRef)
RbacConfig = _reflection.GeneratedProtocolMessageType('RbacConfig', (_message.Message,), {
'Target' : _reflection.GeneratedProtocolMessageType('Target', (_message.Message,), {
'DESCRIPTOR' : _RBACCONFIG_TARGET,
'__module__' : 'rbac.v1alpha1.rbac_pb2'
# @@protoc_insertion_point(class_scope:istio.rbac.v1alpha1.RbacConfig.Target)
})
,
'DESCRIPTOR' : _RBACCONFIG,
'__module__' : 'rbac.v1alpha1.rbac_pb2'
# @@protoc_insertion_point(class_scope:istio.rbac.v1alpha1.RbacConfig)
})
_sym_db.RegisterMessage(RbacConfig)
_sym_db.RegisterMessage(RbacConfig.Target)
DESCRIPTOR._options = None
_SERVICEROLE.fields_by_name['rules']._options = None
_ACCESSRULE.fields_by_name['services']._options = None
_SERVICEROLEBINDING.fields_by_name['subjects']._options = None
_SERVICEROLEBINDING.fields_by_name['roleRef']._options = None
_SERVICEROLEBINDING.fields_by_name['actions']._options = None
_SUBJECT_PROPERTIESENTRY._options = None
_SUBJECT.fields_by_name['group']._options = None
_ROLEREF.fields_by_name['kind']._options = None
_ROLEREF.fields_by_name['name']._options = None
# @@protoc_insertion_point(module_scope)

321
rbac/v1alpha1/istio.rbac.v1alpha1.gen.json
View File

@ -1,321 +0,0 @@
{
"openapi": "3.0.0",
"info": {
"title": "",
"version": "v1alpha1"
},
"components": {
"schemas": {
"istio.rbac.v1alpha1.ServiceRole": {
"description": "ServiceRole specification contains a list of access rules (permissions).",
"type": "object",
"properties": {
"rules": {
"description": "The set of access rules (permissions) that the role has.",
"type": "array",
"items": {
"$ref": "#/components/schemas/istio.rbac.v1alpha1.AccessRule"
}
}
}
},
"istio.rbac.v1alpha1.AccessRule": {
"description": "AccessRule defines a permission to access a list of services.",
"type": "object",
"properties": {
"services": {
"description": "A list of service names. Exact match, prefix match, and suffix match are supported for service names. For example, the service name \"bookstore.mtv.cluster.local\" matches \"bookstore.mtv.cluster.local\" (exact match), or \"bookstore\\*\" (prefix match), or \"\\*.mtv.cluster.local\" (suffix match). If set to [\"\\*\"], it refers to all services in the namespace.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"hosts": {
"description": "Optional. A list of HTTP hosts. This is matched against the HOST header in a HTTP request. Exact match, prefix match and suffix match are supported. For example, the host \"test.abc.com\" matches \"test.abc.com\" (exact match), or \"\\*.abc.com\" (prefix match), or \"test.abc.\\*\" (suffix match). If not specified, it matches to any host. This field should not be set for TCP services. The policy will be ignored.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notHosts": {
"description": "Optional. A list of HTTP hosts that must not be matched.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"paths": {
"description": "Optional. A list of HTTP paths or gRPC methods. gRPC methods must be presented as fully-qualified name in the form of \"/packageName.serviceName/methodName\" and are case sensitive. Exact match, prefix match, and suffix match are supported. For example, the path \"/books/review\" matches \"/books/review\" (exact match), or \"/books/\\*\" (prefix match), or \"\\*/review\" (suffix match). If not specified, it matches to any path. This field should not be set for TCP services. The policy will be ignored.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notPaths": {
"description": "Optional. A list of HTTP paths or gRPC methods that must not be matched.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"methods": {
"description": "Optional. A list of HTTP methods (e.g., \"GET\", \"POST\"). If not specified or specified as \"\\*\", it matches to any methods. This field should not be set for TCP services. The policy will be ignored. For gRPC services, only `POST` is allowed; other methods will result in denying services.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notMethods": {
"description": "Optional. A list of HTTP methods that must not be matched. Note: It's an error to set methods and not_methods at the same time.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"ports": {
"description": "Optional. A list of port numbers of the request. If not specified, it matches to any port number. Note: It's an error to set ports and not_ports at the same time.",
"type": "array",
"items": {
"type": "integer",
"format": "int32"
}
},
"notPorts": {
"description": "Optional. A list of port numbers that must not be matched. Note: It's an error to set ports and not_ports at the same time.",
"type": "array",
"items": {
"type": "integer",
"format": "int32"
}
},
"constraints": {
"description": "Optional. Extra constraints in the ServiceRole specification.",
"type": "array",
"items": {
"$ref": "#/components/schemas/istio.rbac.v1alpha1.AccessRule.Constraint"
}
}
}
},
"istio.rbac.v1alpha1.AccessRule.Constraint": {
"description": "Definition of a custom constraint. The supported keys are listed in the \"constraint and properties\" page.",
"type": "object",
"properties": {
"key": {
"description": "Key of the constraint.",
"type": "string",
"format": "string"
},
"values": {
"description": "List of valid values for the constraint. Exact match, prefix match, and suffix match are supported. For example, the value \"v1alpha2\" matches \"v1alpha2\" (exact match), or \"v1\\*\" (prefix match), or \"\\*alpha2\" (suffix match).",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
}
}
},
"istio.rbac.v1alpha1.EnforcementMode": {
"description": "RBAC ServiceRoleBinding enforcement mode, used to verify new ServiceRoleBinding configs work as expected before rolling to production. RBAC engine only logs results from configs that are in permissive mode, and discards result before returning to the user.",
"type": "string",
"enum": [
"ENFORCED",
"PERMISSIVE"
]
},
"istio.rbac.v1alpha1.ServiceRoleBinding": {
"description": "ServiceRoleBinding assigns a ServiceRole to a list of subjects.",
"type": "object",
"properties": {
"subjects": {
"description": "List of subjects that are assigned the ServiceRole object.",
"type": "array",
"items": {
"$ref": "#/components/schemas/istio.rbac.v1alpha1.Subject"
}
},
"roleRef": {
"$ref": "#/components/schemas/istio.rbac.v1alpha1.RoleRef"
},
"mode": {
"$ref": "#/components/schemas/istio.rbac.v1alpha1.EnforcementMode"
},
"actions": {
"description": "Inline role definition. An inline role is a role that is defined inside an authorization policy, instead of explicitly defined in a ServiceRole object. Inline roles can be used for the role definitions that are not intended to be reused in other bindings, while explicit roles are reusable. Both inline roles (defined in \"actions\" field) and explicit roles (defined in ServiceRole) are supported. Users should use only one of them in a single binding. For example, the following \"product-frontend\" AuthorizationPolicy allows \"frontend\" service to view \"product\" service on \"/info\" path. ```yaml apiVersion: \"rbac.istio.io/v1alpha1\" kind: AuthorizationPolicy metadata: name: product-frontend namespace: ns1 spec: selector: labels: app: product allow: - subjects: - names: [\"cluster.local/ns/default/sa/frontend\"] actions: - paths: [\"/info\"] methods: [\"GET\"] The set of access rules (permissions) that the role has.",
"type": "array",
"items": {
"$ref": "#/components/schemas/istio.rbac.v1alpha1.AccessRule"
}
},
"role": {
"description": "A `role` inside a ServiceRoleBinding refers to the ServiceRole that this ServiceRoleBinding binds to. A ServiceRoleBinding can bind to a ServiceRole in the same namespace or the root namespace. A ServiceRole in the root namespace represents a mesh global ServiceRole. The value of `role` is the name of the ServiceRole, and it can start with or without a forward slash (\"/\"). When a `role` starts with \"/\", e.g. \"/service-viewer\", it means that this ServiceRoleBinding refers to the ServiceRole in the configurable Istio root namespace. When a `role` starts without \"/\", this ServiceRoleBinding refers to the ServiceRole in the same namespace as the AuthorizationPolicy's, which contains said ServiceRoleBinding.",
"type": "string",
"format": "string"
}
}
},
"istio.rbac.v1alpha1.Subject": {
"description": "Subject defines an identity. The identity is either a user or identified by a set of `properties`. The supported keys in `properties` are listed in \"constraint and properties\" page.",
"type": "object",
"properties": {
"user": {
"description": "Optional. The user name/ID that the subject represents.",
"type": "string",
"format": "string"
},
"names": {
"description": "Optional. A list of subject names. This is matched to the `source.principal` attribute. If one of subject names is \"\\*\", it matches to a subject with any name. Prefix and suffix matches are supported.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notNames": {
"description": "Optional. A list of subject names that must not be matched.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"group": {
"description": "Optional. The group that the subject belongs to. Deprecated. Use groups and not_groups instead.",
"type": "string",
"format": "string",
"deprecated": true
},
"groups": {
"description": "Optional. A list of groups that the subject represents. This is matched to the `request.auth.claims[groups]` attribute. If not specified, it applies to any groups.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notGroups": {
"description": "Optional. A list of groups that must not be matched.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"namespaces": {
"description": "Optional. A list of namespaces that the subject represents. This is matched to the `source.namespace` attribute. If not specified, it applies to any namespaces.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notNamespaces": {
"description": "Optional. A list of namespaces that must not be matched.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"ips": {
"description": "Optional. A list of IP address or CIDR ranges that the subject represents. E.g. 192.168.100.2 or 10.1.0.0/16. If not specified, it applies to any IP addresses.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"notIps": {
"description": "Optional. A list of IP addresses or CIDR ranges that must not be matched.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"properties": {
"description": "Optional. The set of properties that identify the subject.",
"type": "object",
"additionalProperties": {
"type": "string",
"format": "string"
}
}
}
},
"istio.rbac.v1alpha1.RoleRef": {
"description": "RoleRef refers to a role object.",
"type": "object",
"properties": {
"name": {
"description": "The name of the ServiceRole object being referenced. The ServiceRole object must be in the same namespace as the ServiceRoleBinding object.",
"type": "string",
"format": "string"
},
"kind": {
"description": "The type of the role being referenced. Currently, \"ServiceRole\" is the only supported value for \"kind\".",
"type": "string",
"format": "string"
}
}
},
"istio.rbac.v1alpha1.RbacConfig": {
"description": "RbacConfig implements the ClusterRbacConfig Custom Resource Definition for controlling Istio RBAC behavior. The ClusterRbacConfig Custom Resource is a singleton where only one ClusterRbacConfig should be created globally in the mesh and the namespace should be the same to other Istio components, which usually is `istio-system`.",
"type": "object",
"properties": {
"mode": {
"$ref": "#/components/schemas/istio.rbac.v1alpha1.RbacConfig.Mode"
},
"inclusion": {
"$ref": "#/components/schemas/istio.rbac.v1alpha1.RbacConfig.Target"
},
"exclusion": {
"$ref": "#/components/schemas/istio.rbac.v1alpha1.RbacConfig.Target"
},
"enforcementMode": {
"$ref": "#/components/schemas/istio.rbac.v1alpha1.EnforcementMode"
}
}
},
"istio.rbac.v1alpha1.RbacConfig.Mode": {
"type": "string",
"enum": [
"OFF",
"ON",
"ON_WITH_INCLUSION",
"ON_WITH_EXCLUSION"
]
},
"istio.rbac.v1alpha1.RbacConfig.Target": {
"description": "Target defines a list of services or namespaces.",
"type": "object",
"properties": {
"services": {
"description": "A list of services.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
},
"namespaces": {
"description": "A list of namespaces.",
"type": "array",
"items": {
"type": "string",
"format": "string"
}
}
}
}
}
}
}

81
rbac/v1alpha1/istio.rbac.v1alpha1.pb.html generated
View File

@ -1,81 +0,0 @@
---
title: istio.rbac.v1alpha1
layout: protoc-gen-docs
generator: protoc-gen-docs
schema: istio.rbac.v1alpha1.RbacConfig
schema: istio.rbac.v1alpha1.ServiceRole
schema: istio.rbac.v1alpha1.ServiceRoleBinding
number_of_entries: 0
---
<p>Note: The v1alpha1 RBAC policy is deprecated by the v1beta1 Authorization policy.
This page is kept for migration purpose and will be removed in Istio 1.6.</p>
<p>Istio RBAC (Role Based Access Control) defines ServiceRole and ServiceRoleBinding
objects.</p>
<p>A ServiceRole specification includes a list of rules (permissions). Each rule has
the following standard fields:</p>
<ul>
<li>services: a list of services.</li>
<li>methods: A list of HTTP methods. You can set the value to <code>[&quot;*&quot;]</code> to include all HTTP methods.
This field should not be set for TCP services. The policy will be ignored.
For gRPC services, only <code>POST</code> is allowed; other methods will result in denying services.</li>
<li>paths: HTTP paths or gRPC methods. Note that gRPC methods should be
presented in the form of &ldquo;/packageName.serviceName/methodName&rdquo; and are case sensitive.</li>
</ul>
<p>In addition to the standard fields, operators can also use custom keys in the <code>constraints</code> field,
the supported keys are listed in the &ldquo;constraints and properties&rdquo; page.</p>
<p>Below is an example of ServiceRole object &ldquo;product-viewer&rdquo;, which has &ldquo;read&rdquo; (&ldquo;GET&rdquo; and &ldquo;HEAD&rdquo;)
access to &ldquo;products.svc.cluster.local&rdquo; service at versions &ldquo;v1&rdquo; and &ldquo;v2&rdquo;. &ldquo;path&rdquo; is not specified,
so it applies to any path in the service.</p>
<pre><code class="language-yaml">apiVersion: &quot;rbac.istio.io/v1alpha1&quot;
kind: ServiceRole
metadata:
name: products-viewer
namespace: default
spec:
rules:
- services: [&quot;products.svc.cluster.local&quot;]
methods: [&quot;GET&quot;, &quot;HEAD&quot;]
constraints:
- key: &quot;destination.labels[version]&quot;
values: [&quot;v1&quot;, &quot;v2&quot;]
</code></pre>
<p>A ServiceRoleBinding specification includes two parts:</p>
<ul>
<li>The <code>roleRef</code> field that refers to a ServiceRole object in the same namespace.</li>
<li>A list of <code>subjects</code> that are assigned the roles.</li>
</ul>
<p>In addition to a simple <code>user</code> field, operators can also use custom keys in the <code>properties</code> field,
the supported keys are listed in the &ldquo;constraints and properties&rdquo; page.</p>
<p>Below is an example of ServiceRoleBinding object &ldquo;test-binding-products&rdquo;, which binds two subjects
to ServiceRole &ldquo;product-viewer&rdquo;:</p>
<ul>
<li>User &ldquo;alice@yahoo.com&rdquo;</li>
<li>Services in &ldquo;abc&rdquo; namespace.</li>
</ul>
<pre><code class="language-yaml">apiVersion: &quot;rbac.istio.io/v1alpha1&quot;
kind: ServiceRoleBinding
metadata:
name: test-binding-products
namespace: default
spec:
subjects:
- user: alice@yahoo.com
- properties:
source.namespace: &quot;abc&quot;
roleRef:
kind: ServiceRole
name: &quot;products-viewer&quot;
</code></pre>

3874
rbac/v1alpha1/rbac.pb.go generated
View File

File diff suppressed because it is too large Load Diff

458
rbac/v1alpha1/rbac.proto
View File

@ -1,458 +0,0 @@
// Copyright 2019 Istio Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
syntax = "proto3";
import "google/api/field_behavior.proto";
// $schema: istio.rbac.v1alpha1.RbacConfig
// $schema: istio.rbac.v1alpha1.ServiceRole
// $schema: istio.rbac.v1alpha1.ServiceRoleBinding
// Note: The v1alpha1 RBAC policy is deprecated by the v1beta1 Authorization policy.
// This page is kept for migration purpose and will be removed in Istio 1.6.
//
// Istio RBAC (Role Based Access Control) defines ServiceRole and ServiceRoleBinding
// objects.
//
// A ServiceRole specification includes a list of rules (permissions). Each rule has
// the following standard fields:
//
// * services: a list of services.
// * methods: A list of HTTP methods. You can set the value to `["*"]` to include all HTTP methods.
// This field should not be set for TCP services. The policy will be ignored.
// For gRPC services, only `POST` is allowed; other methods will result in denying services.
// * paths: HTTP paths or gRPC methods. Note that gRPC methods should be
// presented in the form of "/packageName.serviceName/methodName" and are case sensitive.
//
// In addition to the standard fields, operators can also use custom keys in the `constraints` field,
// the supported keys are listed in the "constraints and properties" page.
//
// Below is an example of ServiceRole object "product-viewer", which has "read" ("GET" and "HEAD")
// access to "products.svc.cluster.local" service at versions "v1" and "v2". "path" is not specified,
// so it applies to any path in the service.
//
// ```yaml
// apiVersion: "rbac.istio.io/v1alpha1"
// kind: ServiceRole
// metadata:
// name: products-viewer
// namespace: default
// spec:
// rules:
// - services: ["products.svc.cluster.local"]
// methods: ["GET", "HEAD"]
// constraints:
// - key: "destination.labels[version]"
// values: ["v1", "v2"]
// ```
//
// A ServiceRoleBinding specification includes two parts:
//
// * The `roleRef` field that refers to a ServiceRole object in the same namespace.
// * A list of `subjects` that are assigned the roles.
//
// In addition to a simple `user` field, operators can also use custom keys in the `properties` field,
// the supported keys are listed in the "constraints and properties" page.
//
// Below is an example of ServiceRoleBinding object "test-binding-products", which binds two subjects
// to ServiceRole "product-viewer":
//
// * User "alice@yahoo.com"
// * Services in "abc" namespace.
//
// ```yaml
// apiVersion: "rbac.istio.io/v1alpha1"
// kind: ServiceRoleBinding
// metadata:
// name: test-binding-products
// namespace: default
// spec:
// subjects:
// - user: alice@yahoo.com
// - properties:
// source.namespace: "abc"
// roleRef:
// kind: ServiceRole
// name: "products-viewer"
// ```
package istio.rbac.v1alpha1;
option go_package="istio.io/api/rbac/v1alpha1";
// $hide_from_docs
// ServiceRole specification contains a list of access rules (permissions).
//
// <!-- crd generation tags
// +cue-gen:ServiceRole:groupName:rbac.istio.io
// +cue-gen:ServiceRole:version:v1alpha1
// +cue-gen:ServiceRole:storageVersion
// +cue-gen:ServiceRole:annotations:helm.sh/resource-policy=keep
// +cue-gen:ServiceRole:labels:app=mixer,chart=istio,heritage=Tiller,release=istio,package=istio.io.mixer,istio=rbac
// +cue-gen:ServiceRole:subresource:status
// +cue-gen:ServiceRole:scope:Namespaced
// +cue-gen:ServiceRole:resource:categories=istio-io,rbac-istio-io
// +cue-gen:ServiceRole:preserveUnknownFields:false
// -->
//
// <!-- go code generation tags
// +kubetype-gen
// +kubetype-gen:groupVersion=rbac.istio.io/v1alpha1
// +genclient
// +k8s:deepcopy-gen=true
// -->
message ServiceRole {
// The set of access rules (permissions) that the role has.
repeated AccessRule rules = 1 [(google.api.field_behavior) = REQUIRED];
}
// $hide_from_docs
// AccessRule defines a permission to access a list of services.
message AccessRule {
// A list of service names.
// Exact match, prefix match, and suffix match are supported for service names.
// For example, the service name "bookstore.mtv.cluster.local" matches
// "bookstore.mtv.cluster.local" (exact match), or "bookstore\*" (prefix match),
// or "\*.mtv.cluster.local" (suffix match).
// If set to ["\*"], it refers to all services in the namespace.
repeated string services = 1 [(google.api.field_behavior) = REQUIRED];
// $hide_from_docs
// Optional. A list of HTTP hosts. This is matched against the HOST header in
// a HTTP request. Exact match, prefix match and suffix match are supported.
// For example, the host "test.abc.com" matches "test.abc.com" (exact match),
// or "\*.abc.com" (prefix match), or "test.abc.\*" (suffix match).
// If not specified, it matches to any host.
// This field should not be set for TCP services. The policy will be ignored.
repeated string hosts = 5;
// $hide_from_docs
// Optional. A list of HTTP hosts that must not be matched.
repeated string not_hosts = 6;
// Optional. A list of HTTP paths or gRPC methods.
// gRPC methods must be presented as fully-qualified name in the form of
// "/packageName.serviceName/methodName" and are case sensitive.
// Exact match, prefix match, and suffix match are supported. For example,
// the path "/books/review" matches "/books/review" (exact match),
// or "/books/\*" (prefix match), or "\*/review" (suffix match).
// If not specified, it matches to any path.
// This field should not be set for TCP services. The policy will be ignored.
repeated string paths = 2;
// $hide_from_docs
// Optional. A list of HTTP paths or gRPC methods that must not be matched.
repeated string not_paths = 7;
// Optional. A list of HTTP methods (e.g., "GET", "POST").
// If not specified or specified as "\*", it matches to any methods.
// This field should not be set for TCP services. The policy will be ignored.
// For gRPC services, only `POST` is allowed; other methods will result in denying services.
repeated string methods = 3;
// $hide_from_docs
// Optional. A list of HTTP methods that must not be matched.
// Note: It's an error to set methods and not_methods at the same time.
repeated string not_methods = 8;
// $hide_from_docs
// Optional. A list of port numbers of the request. If not specified, it matches
// to any port number.
// Note: It's an error to set ports and not_ports at the same time.
repeated int32 ports = 9;
// $hide_from_docs
// Optional. A list of port numbers that must not be matched.
// Note: It's an error to set ports and not_ports at the same time.
repeated int32 not_ports = 10;
// $hide_from_docs
// Definition of a custom constraint. The supported keys are listed in the "constraint and properties" page.
message Constraint {
// Key of the constraint.
string key = 1;
// List of valid values for the constraint.
// Exact match, prefix match, and suffix match are supported.
// For example, the value "v1alpha2" matches "v1alpha2" (exact match),
// or "v1\*" (prefix match), or "\*alpha2" (suffix match).
repeated string values = 2;
}
// Optional. Extra constraints in the ServiceRole specification.
repeated Constraint constraints = 4;
// $hide_from_docs
// Next available field number: 11
}
// $hide_from_docs
// RBAC ServiceRoleBinding enforcement mode, used to verify new ServiceRoleBinding
// configs work as expected before rolling to production. RBAC engine only logs results
// from configs that are in permissive mode, and discards result before returning
// to the user.
enum EnforcementMode {
// Policy in ENFORCED mode has impact on user experience.
// Policy is in ENFORCED mode by default.
ENFORCED = 0;
// Policy in PERMISSIVE mode isn't enforced and has no impact on users.
// RBAC engine run policies in PERMISSIVE mode and logs stats.
PERMISSIVE = 1;
}
// $hide_from_docs
// ServiceRoleBinding assigns a ServiceRole to a list of subjects.
//
// <!-- crd generation tags
// +cue-gen:ServiceRoleBinding:groupName:rbac.istio.io
// +cue-gen:ServiceRoleBinding:version:v1alpha1
// +cue-gen:ServiceRoleBinding:storageVersion
// +cue-gen:ServiceRoleBinding:annotations:helm.sh/resource-policy=keep
// +cue-gen:ServiceRoleBinding:labels:app=mixer,chart=istio,heritage=Tiller,release=istio,package=istio.io.mixer,istio=rbac
// +cue-gen:ServiceRoleBinding:subresource:status
// +cue-gen:ServiceRoleBinding:scope:Namespaced
// +cue-gen:ServiceRoleBinding:resource:categories=istio-io,rbac-istio-io
// +cue-gen:ServiceRoleBinding:printerColumn:name=Reference,type=string,JSONPath=.spec.roleRef.name,description="The name of the ServiceRole object being referenced"
// +cue-gen:ServiceRoleBinding:printerColumn:name=Age,type=date,JSONPath=.metadata.creationTimestamp,description="CreationTimestamp is a timestamp
// representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations.
// Clients may not set this value. It is represented in RFC3339 form and is in UTC.
// Populated by the system. Read-only. Null for lists. More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata"
// +cue-gen:ServiceRoleBinding:preserveUnknownFields:false
// -->
//
// <!-- go code generation tags
// +kubetype-gen
// +kubetype-gen:groupVersion=rbac.istio.io/v1alpha1
// +genclient
// +k8s:deepcopy-gen=true
// -->
message ServiceRoleBinding {
// List of subjects that are assigned the ServiceRole object.
repeated Subject subjects = 1 [(google.api.field_behavior) = REQUIRED];
// Reference to the ServiceRole object.
RoleRef roleRef = 2 [(google.api.field_behavior) = REQUIRED];
// $hide_from_docs
// Indicates enforcement mode of the ServiceRoleBinding.
EnforcementMode mode = 3;
// $hide_from_docs
// Inline role definition. An inline role is a role that is defined inside an
// authorization policy, instead of explicitly defined in a ServiceRole object.
// Inline roles can be used for the role definitions that are not intended to
// be reused in other bindings, while explicit roles are reusable. Both inline
// roles (defined in "actions" field) and explicit roles (defined in ServiceRole)
// are supported. Users should use only one of them in a single binding.
// For example, the following "product-frontend" AuthorizationPolicy allows "frontend"
// service to view "product" service on "/info" path.
// ```yaml
// apiVersion: "rbac.istio.io/v1alpha1"
// kind: AuthorizationPolicy
// metadata:
// name: product-frontend
// namespace: ns1
// spec:
// selector:
// labels:
// app: product
// allow:
// - subjects:
// - names: ["cluster.local/ns/default/sa/frontend"]
// actions:
// - paths: ["/info"]
// methods: ["GET"]
// The set of access rules (permissions) that the role has.
repeated AccessRule actions = 4 [(google.api.field_behavior) = REQUIRED];
// $hide_from_docs
// A `role` inside a ServiceRoleBinding refers to the ServiceRole that this
// ServiceRoleBinding binds to. A ServiceRoleBinding can bind to a ServiceRole
// in the same namespace or the root namespace. A ServiceRole in the root namespace
// represents a mesh global ServiceRole.
// The value of `role` is the name of the ServiceRole, and it can start with or without a forward slash ("/").
// When a `role` starts with "/", e.g. "/service-viewer", it means that this ServiceRoleBinding
// refers to the ServiceRole in the configurable Istio root namespace.
// When a `role` starts without "/", this ServiceRoleBinding refers to the ServiceRole in the
// same namespace as the AuthorizationPolicy's, which contains said ServiceRoleBinding.
string role = 5;
}
// $hide_from_docs
// Subject defines an identity. The identity is either a user or identified by a set of `properties`.
// The supported keys in `properties` are listed in "constraint and properties" page.
message Subject {
// Optional. The user name/ID that the subject represents.
string user = 1;
// $hide_from_docs
// Optional. A list of subject names. This is matched to the
// `source.principal` attribute. If one of subject names is "\*", it matches to a subject with any name.
// Prefix and suffix matches are supported.
repeated string names = 4;
// $hide_from_docs
// Optional. A list of subject names that must not be matched.
repeated string not_names = 5;
// $hide_from_docs
// Optional. The group that the subject belongs to.
// Deprecated. Use groups and not_groups instead.
string group = 2 [deprecated = true];
// $hide_from_docs
// Optional. A list of groups that the subject represents. This is matched to the
// `request.auth.claims[groups]` attribute. If not specified, it applies to any groups.
repeated string groups = 6;
// $hide_from_docs
// Optional. A list of groups that must not be matched.
repeated string not_groups = 7;
// $hide_from_docs
// Optional. A list of namespaces that the subject represents. This is matched to
// the `source.namespace` attribute. If not specified, it applies to any namespaces.
repeated string namespaces = 8;
// $hide_from_docs
// Optional. A list of namespaces that must not be matched.
repeated string not_namespaces = 9;
// $hide_from_docs
// Optional. A list of IP address or CIDR ranges that the subject represents.
// E.g. 192.168.100.2 or 10.1.0.0/16. If not specified, it applies to any IP addresses.
repeated string ips = 10;
// $hide_from_docs
// Optional. A list of IP addresses or CIDR ranges that must not be matched.
repeated string not_ips = 11;
// Optional. The set of properties that identify the subject.
map<string, string> properties = 3;
// $hide_from_docs
// Next available field number: 12
}
// $hide_from_docs
// RoleRef refers to a role object.
message RoleRef {
// The type of the role being referenced.
// Currently, "ServiceRole" is the only supported value for "kind".
string kind = 1 [(google.api.field_behavior) = REQUIRED];
// The name of the ServiceRole object being referenced.
// The ServiceRole object must be in the same namespace as the ServiceRoleBinding object.
string name = 2 [(google.api.field_behavior) = REQUIRED];
}
// $hide_from_docs
// RbacConfig implements the ClusterRbacConfig Custom Resource Definition for controlling Istio RBAC behavior.
// The ClusterRbacConfig Custom Resource is a singleton where only one ClusterRbacConfig should be created
// globally in the mesh and the namespace should be the same to other Istio components, which usually is `istio-system`.
//
// Below is an example of an `ClusterRbacConfig` resource called `istio-rbac-config` which enables Istio RBAC for all
// services in the default namespace.
//
// ```yaml
// apiVersion: "rbac.istio.io/v1alpha1"
// kind: ClusterRbacConfig
// metadata:
// name: default
// namespace: istio-system
// spec:
// mode: ON_WITH_INCLUSION
// inclusion:
// namespaces: [ "default" ]
// ```
//
// <!-- crd generation tags
// +cue-gen:RbacConfig:groupName:rbac.istio.io
// +cue-gen:RbacConfig:version:v1alpha1
// +cue-gen:RbacConfig:storageVersion
// +cue-gen:RbacConfig:annotations:helm.sh/resource-policy=keep
// +cue-gen:RbacConfig:labels:app=mixer,chart=istio,istio=rbac,heritage=Tiller,release=istio,package=istio.io.mixer
// +cue-gen:RbacConfig:subresource:status
// +cue-gen:RbacConfig:scope:Namespaced
// +cue-gen:RbacConfig:resource:categories=istio-io,rbac-istio-io
// +cue-gen:RbacConfig:preserveUnknownFields:false
// -->
//
// <!-- crd generation tags
// +cue-gen:ClusterRbacConfig:groupName:rbac.istio.io
// +cue-gen:ClusterRbacConfig:version:v1alpha1
// +cue-gen:ClusterRbacConfig:storageVersion
// +cue-gen:ClusterRbacConfig:annotations:helm.sh/resource-policy=keep
// +cue-gen:ClusterRbacConfig:labels:app=istio-pilot,chart=istio,istio=rbac,heritage=Tiller,release=istio
// +cue-gen:ClusterRbacConfig:subresource:status
// +cue-gen:ClusterRbacConfig:scope:Cluster
// +cue-gen:ClusterRbacConfig:resource:categories=istio-io,rbac-istio-io
// +cue-gen:ClusterRbacConfig:preserveUnknownFields:false
// -->
//
// <!-- go code generation tags
// +kubetype-gen
// +kubetype-gen:groupVersion=rbac.istio.io/v1alpha1
// +kubetype-gen:kubeType=RbacConfig
// +kubetype-gen:kubeType=ClusterRbacConfig
// +kubetype-gen:ClusterRbacConfig:tag=genclient:nonNamespaced
// +genclient
// +k8s:deepcopy-gen=true
// -->
message RbacConfig {
// $hide_from_docs
enum Mode {
// Disable Istio RBAC completely, Istio RBAC policies will not be enforced.
OFF = 0;
// Enable Istio RBAC for all services and namespaces. Note Istio RBAC is deny-by-default
// which means all requests will be denied if it's not allowed by RBAC rules.
ON = 1;
// Enable Istio RBAC only for services and namespaces specified in the inclusion field. Any other
// services and namespaces not in the inclusion field will not be enforced by Istio RBAC policies.
ON_WITH_INCLUSION = 2;
// Enable Istio RBAC for all services and namespaces except those specified in the exclusion field. Any other
// services and namespaces not in the exclusion field will be enforced by Istio RBAC policies.
ON_WITH_EXCLUSION = 3;
}
// Istio RBAC mode.
Mode mode = 1;
// $hide_from_docs
// Target defines a list of services or namespaces.
message Target {
// A list of services.
repeated string services = 1;
// A list of namespaces.
repeated string namespaces = 2;
}
// A list of services or namespaces that should be enforced by Istio RBAC policies. Note: This field have
// effect only when mode is ON_WITH_INCLUSION and will be ignored for any other modes.
Target inclusion = 2;
// A list of services or namespaces that should not be enforced by Istio RBAC policies. Note: This field have
// effect only when mode is ON_WITH_EXCLUSION and will be ignored for any other modes.
Target exclusion = 3;
// $hide_from_docs
// Indicates enforcement mode of the RbacConfig, in ENFORCED mode by default.
// It's used to verify new RbacConfig work as expected before rolling to production.
// When setting as PERMISSIVE, RBAC isn't enforced and has no impact on users.
// RBAC engine run RbacConfig in PERMISSIVE mode and logs stats.
// Invalid to set RbacConfig in PERMISSIVE and ServiceRoleBinding in ENFORCED mode.
EnforcementMode enforcement_mode = 4;
}

102
rbac/v1alpha1/rbac_deepcopy.gen.go generated
View File

@ -1,102 +0,0 @@
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: rbac/v1alpha1/rbac.proto
// Note: The v1alpha1 RBAC policy is deprecated by the v1beta1 Authorization policy.
// This page is kept for migration purpose and will be removed in Istio 1.6.
//
// Istio RBAC (Role Based Access Control) defines ServiceRole and ServiceRoleBinding
// objects.
//
// A ServiceRole specification includes a list of rules (permissions). Each rule has
// the following standard fields:
//
// * services: a list of services.
// * methods: A list of HTTP methods. You can set the value to `["*"]` to include all HTTP methods.
// This field should not be set for TCP services. The policy will be ignored.
// For gRPC services, only `POST` is allowed; other methods will result in denying services.
// * paths: HTTP paths or gRPC methods. Note that gRPC methods should be
// presented in the form of "/packageName.serviceName/methodName" and are case sensitive.
//
// In addition to the standard fields, operators can also use custom keys in the `constraints` field,
// the supported keys are listed in the "constraints and properties" page.
//
// Below is an example of ServiceRole object "product-viewer", which has "read" ("GET" and "HEAD")
// access to "products.svc.cluster.local" service at versions "v1" and "v2". "path" is not specified,
// so it applies to any path in the service.
//
// ```yaml
// apiVersion: "rbac.istio.io/v1alpha1"
// kind: ServiceRole
// metadata:
// name: products-viewer
// namespace: default
// spec:
// rules:
// - services: ["products.svc.cluster.local"]
// methods: ["GET", "HEAD"]
// constraints:
// - key: "destination.labels[version]"
// values: ["v1", "v2"]
// ```
//
// A ServiceRoleBinding specification includes two parts:
//
// * The `roleRef` field that refers to a ServiceRole object in the same namespace.
// * A list of `subjects` that are assigned the roles.
//
// In addition to a simple `user` field, operators can also use custom keys in the `properties` field,
// the supported keys are listed in the "constraints and properties" page.
//
// Below is an example of ServiceRoleBinding object "test-binding-products", which binds two subjects
// to ServiceRole "product-viewer":
//
// * User "alice@yahoo.com"
// * Services in "abc" namespace.
//
// ```yaml
// apiVersion: "rbac.istio.io/v1alpha1"
// kind: ServiceRoleBinding
// metadata:
// name: test-binding-products
// namespace: default
// spec:
// subjects:
// - user: alice@yahoo.com
// - properties:
// source.namespace: "abc"
// roleRef:
// kind: ServiceRole
// name: "products-viewer"
// ```
package v1alpha1
import (
fmt "fmt"
proto "github.com/gogo/protobuf/proto"
_ "istio.io/gogo-genproto/googleapis/google/api"
math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// DeepCopyInto supports using ServiceRole within kubernetes types, where deepcopy-gen is used.
func (in *ServiceRole) DeepCopyInto(out *ServiceRole) {
p := proto.Clone(in).(*ServiceRole)
*out = *p
}
// DeepCopyInto supports using ServiceRoleBinding within kubernetes types, where deepcopy-gen is used.
func (in *ServiceRoleBinding) DeepCopyInto(out *ServiceRoleBinding) {
p := proto.Clone(in).(*ServiceRoleBinding)
*out = *p
}
// DeepCopyInto supports using RbacConfig within kubernetes types, where deepcopy-gen is used.
func (in *RbacConfig) DeepCopyInto(out *RbacConfig) {
p := proto.Clone(in).(*RbacConfig)
*out = *p
}

179
rbac/v1alpha1/rbac_json.gen.go generated
View File

@ -1,179 +0,0 @@
// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: rbac/v1alpha1/rbac.proto
// Note: The v1alpha1 RBAC policy is deprecated by the v1beta1 Authorization policy.
// This page is kept for migration purpose and will be removed in Istio 1.6.
//
// Istio RBAC (Role Based Access Control) defines ServiceRole and ServiceRoleBinding
// objects.
//
// A ServiceRole specification includes a list of rules (permissions). Each rule has
// the following standard fields:
//
// * services: a list of services.
// * methods: A list of HTTP methods. You can set the value to `["*"]` to include all HTTP methods.
// This field should not be set for TCP services. The policy will be ignored.
// For gRPC services, only `POST` is allowed; other methods will result in denying services.
// * paths: HTTP paths or gRPC methods. Note that gRPC methods should be
// presented in the form of "/packageName.serviceName/methodName" and are case sensitive.
//
// In addition to the standard fields, operators can also use custom keys in the `constraints` field,
// the supported keys are listed in the "constraints and properties" page.
//
// Below is an example of ServiceRole object "product-viewer", which has "read" ("GET" and "HEAD")
// access to "products.svc.cluster.local" service at versions "v1" and "v2". "path" is not specified,
// so it applies to any path in the service.
//
// ```yaml
// apiVersion: "rbac.istio.io/v1alpha1"
// kind: ServiceRole
// metadata:
// name: products-viewer
// namespace: default
// spec:
// rules:
// - services: ["products.svc.cluster.local"]
// methods: ["GET", "HEAD"]
// constraints:
// - key: "destination.labels[version]"
// values: ["v1", "v2"]
// ```
//
// A ServiceRoleBinding specification includes two parts:
//
// * The `roleRef` field that refers to a ServiceRole object in the same namespace.
// * A list of `subjects` that are assigned the roles.
//
// In addition to a simple `user` field, operators can also use custom keys in the `properties` field,
// the supported keys are listed in the "constraints and properties" page.
//
// Below is an example of ServiceRoleBinding object "test-binding-products", which binds two subjects
// to ServiceRole "product-viewer":
//
// * User "alice@yahoo.com"
// * Services in "abc" namespace.
//
// ```yaml
// apiVersion: "rbac.istio.io/v1alpha1"
// kind: ServiceRoleBinding
// metadata:
// name: test-binding-products
// namespace: default
// spec:
// subjects:
// - user: alice@yahoo.com
// - properties:
// source.namespace: "abc"
// roleRef:
// kind: ServiceRole
// name: "products-viewer"
// ```
package v1alpha1
import (
bytes "bytes"
fmt "fmt"
github_com_gogo_protobuf_jsonpb "github.com/gogo/protobuf/jsonpb"
proto "github.com/gogo/protobuf/proto"
_ "istio.io/gogo-genproto/googleapis/google/api"
math "math"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// MarshalJSON is a custom marshaler for ServiceRole
func (this *ServiceRole) MarshalJSON() ([]byte, error) {
str, err := RbacMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ServiceRole
func (this *ServiceRole) UnmarshalJSON(b []byte) error {
return RbacUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for AccessRule
func (this *AccessRule) MarshalJSON() ([]byte, error) {
str, err := RbacMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for AccessRule
func (this *AccessRule) UnmarshalJSON(b []byte) error {
return RbacUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for AccessRule_Constraint
func (this *AccessRule_Constraint) MarshalJSON() ([]byte, error) {
str, err := RbacMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for AccessRule_Constraint
func (this *AccessRule_Constraint) UnmarshalJSON(b []byte) error {
return RbacUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for ServiceRoleBinding
func (this *ServiceRoleBinding) MarshalJSON() ([]byte, error) {
str, err := RbacMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for ServiceRoleBinding
func (this *ServiceRoleBinding) UnmarshalJSON(b []byte) error {
return RbacUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for Subject
func (this *Subject) MarshalJSON() ([]byte, error) {
str, err := RbacMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for Subject
func (this *Subject) UnmarshalJSON(b []byte) error {
return RbacUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for RoleRef
func (this *RoleRef) MarshalJSON() ([]byte, error) {
str, err := RbacMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for RoleRef
func (this *RoleRef) UnmarshalJSON(b []byte) error {
return RbacUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for RbacConfig
func (this *RbacConfig) MarshalJSON() ([]byte, error) {
str, err := RbacMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for RbacConfig
func (this *RbacConfig) UnmarshalJSON(b []byte) error {
return RbacUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
// MarshalJSON is a custom marshaler for RbacConfig_Target
func (this *RbacConfig_Target) MarshalJSON() ([]byte, error) {
str, err := RbacMarshaler.MarshalToString(this)
return []byte(str), err
}
// UnmarshalJSON is a custom unmarshaler for RbacConfig_Target
func (this *RbacConfig_Target) UnmarshalJSON(b []byte) error {
return RbacUnmarshaler.Unmarshal(bytes.NewReader(b), this)
}
var (
RbacMarshaler = &github_com_gogo_protobuf_jsonpb.Marshaler{}
RbacUnmarshaler = &github_com_gogo_protobuf_jsonpb.Unmarshaler{}
)

44
releaselocks/release-1.0/proto.lock.status
View File

@ -1,3 +1,11 @@
CONFLICT: "AccessRule" field: "constraints" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "services" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AuthenticationPolicy" field: "INHERIT" has been removed, but is not reserved [mesh/v1alpha1/config.proto]
CONFLICT: "AuthenticationPolicy" field: "MUTUAL_TLS" has been removed, but is not reserved [mesh/v1alpha1/config.proto]
CONFLICT: "AuthenticationPolicy" field: "NONE" has been removed, but is not reserved [mesh/v1alpha1/config.proto]
@ -25,6 +33,10 @@ CONFLICT: "DestinationWeight" field: "destination" has been removed, but is not
CONFLICT: "DestinationWeight" field: "weight" has been removed, but is not reserved [networking/v1alpha3/virtual_service.proto]
CONFLICT: "DestinationWeight" ID: "1" has been removed, but is not reserved [networking/v1alpha3/virtual_service.proto]
CONFLICT: "DestinationWeight" ID: "2" has been removed, but is not reserved [networking/v1alpha3/virtual_service.proto]
CONFLICT: "EnforcementMode" field: "ENFORCED" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" field: "PERMISSIVE" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Envelope" field: "metadata" has been removed, but is not reserved [mcp/v1alpha1/envelope.proto]
CONFLICT: "Envelope" field: "resource" has been removed, but is not reserved [mcp/v1alpha1/envelope.proto]
CONFLICT: "Envelope" ID: "1" has been removed, but is not reserved [mcp/v1alpha1/envelope.proto]
@ -123,6 +135,20 @@ CONFLICT: "ProxyConfig.InboundInterceptionMode" field: "TPROXY" has been removed
CONFLICT: "ProxyConfig.InboundInterceptionMode" integer: "0" has been removed, but is not reserved [mesh/v1alpha1/config.proto]
CONFLICT: "ProxyConfig.InboundInterceptionMode" integer: "1" has been removed, but is not reserved [mesh/v1alpha1/config.proto]
CONFLICT: "Quota" field: "charge" has a different type: int32, previously int64 [mixer/v1/config/client/quota.proto]
CONFLICT: "RbacConfig" field: "exclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "inclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "OFF" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_EXCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_INCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ReferencedAttributes" field: "attribute_matches" has been removed, but is not reserved [mixer/v1/check.proto]
CONFLICT: "ReferencedAttributes" field: "words" has been removed, but is not reserved [mixer/v1/check.proto]
CONFLICT: "ReferencedAttributes" ID: "1" has been removed, but is not reserved [mixer/v1/check.proto]
@ -141,6 +167,10 @@ CONFLICT: "ReportRequest" field: "global_word_count" has been removed, but is no
CONFLICT: "ReportRequest" ID: "1" has been removed, but is not reserved [mixer/v1/report.proto]
CONFLICT: "ReportRequest" ID: "2" has been removed, but is not reserved [mixer/v1/report.proto]
CONFLICT: "ReportRequest" ID: "3" has been removed, but is not reserved [mixer/v1/report.proto]
CONFLICT: "RoleRef" field: "kind" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" field: "name" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RouteDirective" field: "direct_response_body" has been removed, but is not reserved [mixer/v1/check.proto]
CONFLICT: "RouteDirective" field: "direct_response_code" has been removed, but is not reserved [mixer/v1/check.proto]
CONFLICT: "RouteDirective" field: "request_header_operations" has been removed, but is not reserved [mixer/v1/check.proto]
@ -151,6 +181,20 @@ CONFLICT: "RouteDirective" ID: "3" has been removed, but is not reserved [mixer/
CONFLICT: "RouteDirective" ID: "4" has been removed, but is not reserved [mixer/v1/check.proto]
CONFLICT: "Server" field: "tls" has a different type: ServerTLSSettings, previously TLSOptions [networking/v1alpha3/gateway.proto]
CONFLICT: "ServiceEntry" field: "endpoints" has a different type: WorkloadEntry, previously Endpoint [networking/v1alpha3/service_entry.proto]
CONFLICT: "ServiceRole" field: "rules" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRole" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "roleRef" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "subjects" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "group" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "properties" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "user" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "TCPRoute" field: "route" has a different type: RouteDestination, previously DestinationWeight [networking/v1alpha3/virtual_service.proto]
CONFLICT: "TLSOptions.TLSmode" field: "MUTUAL" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]
CONFLICT: "TLSOptions.TLSmode" field: "PASSTHROUGH" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]

74
releaselocks/release-1.1/proto.lock.status
View File

@ -1,8 +1,32 @@
CONFLICT: "AccessRule" field: "constraints" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "services" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AuthorizationPolicy" field: "allow" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AuthorizationPolicy" field: "workload_selector" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AuthorizationPolicy" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AuthorizationPolicy" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ConfigSource" field: "tls_settings" has a different type: istio.networking.v1alpha3.ClientTLSSettings, previously istio.networking.v1alpha3.TLSSettings [mesh/v1alpha1/config.proto]
CONFLICT: "EnforcementMode" field: "ENFORCED" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" field: "PERMISSIVE" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Filter.FilterType" field: "HTTP" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "Filter.FilterType" field: "INVALID" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "Filter.FilterType" field: "NETWORK" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
@ -44,8 +68,58 @@ CONFLICT: "MeshConfig.IngressControllerMode" field: "STRICT" has a different int
CONFLICT: "MeshConfig.IngressControllerMode" field: "UNSPECIFIED" integer: 0 has an updated name, previously "OFF" [mesh/v1alpha1/config.proto]
CONFLICT: "ProxyConfig" field: "concurrency" has a different type: google.protobuf.Int32Value, previously int32 [mesh/v1alpha1/proxy.proto]
CONFLICT: "Quota" field: "charge" has a different type: int32, previously int64 [mixer/v1/config/client/quota.proto]
CONFLICT: "RbacConfig" field: "enforcement_mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "exclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "inclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "OFF" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_EXCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_INCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" field: "kind" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" field: "name" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Server" field: "tls" has a different type: ServerTLSSettings, previously TLSOptions [networking/v1alpha3/gateway.proto]
CONFLICT: "ServiceEntry" field: "endpoints" has a different type: WorkloadEntry, previously Endpoint [networking/v1alpha3/service_entry.proto]
CONFLICT: "ServiceRole" field: "rules" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRole" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "roleRef" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "subjects" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "group" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "properties" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "user" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "11" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "TLSOptions.TLSmode" field: "AUTO_PASSTHROUGH" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]
CONFLICT: "TLSOptions.TLSmode" field: "MUTUAL" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]
CONFLICT: "TLSOptions.TLSmode" field: "PASSTHROUGH" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]

78
releaselocks/release-1.2/proto.lock.status
View File

@ -1,8 +1,32 @@
CONFLICT: "AccessRule" field: "constraints" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "services" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AuthorizationPolicy" field: "allow" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AuthorizationPolicy" field: "workload_selector" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AuthorizationPolicy" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AuthorizationPolicy" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ConfigSource" field: "tls_settings" has a different type: istio.networking.v1alpha3.ClientTLSSettings, previously istio.networking.v1alpha3.TLSSettings [mesh/v1alpha1/config.proto]
CONFLICT: "EnforcementMode" field: "ENFORCED" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" field: "PERMISSIVE" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Filter.FilterType" field: "HTTP" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "Filter.FilterType" field: "INVALID" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "Filter.FilterType" field: "NETWORK" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
@ -44,8 +68,62 @@ CONFLICT: "MeshConfig.IngressControllerMode" field: "STRICT" has a different int
CONFLICT: "MeshConfig.IngressControllerMode" field: "UNSPECIFIED" integer: 0 has an updated name, previously "OFF" [mesh/v1alpha1/config.proto]
CONFLICT: "ProxyConfig" field: "concurrency" has a different type: google.protobuf.Int32Value, previously int32 [mesh/v1alpha1/proxy.proto]
CONFLICT: "Quota" field: "charge" has a different type: int32, previously int64 [mixer/v1/config/client/quota.proto]
CONFLICT: "RbacConfig" field: "enforcement_mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "exclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "inclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "OFF" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_EXCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_INCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" field: "kind" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" field: "name" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Server" field: "tls" has a different type: ServerTLSSettings, previously TLSOptions [networking/v1alpha3/gateway.proto]
CONFLICT: "ServiceEntry" field: "endpoints" has a different type: WorkloadEntry, previously Endpoint [networking/v1alpha3/service_entry.proto]
CONFLICT: "ServiceRole" field: "rules" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRole" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "actions" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "role" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "roleRef" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "subjects" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "group" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "properties" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "user" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "11" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "TLSOptions.TLSmode" field: "AUTO_PASSTHROUGH" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]
CONFLICT: "TLSOptions.TLSmode" field: "MUTUAL" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]
CONFLICT: "TLSOptions.TLSmode" field: "PASSTHROUGH" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]

78
releaselocks/release-1.3/proto.lock.status
View File

@ -1,3 +1,23 @@
CONFLICT: "AccessRule" field: "constraints" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "services" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AuthorizationPolicy" field: "selector" has a different type: istio.type.v1beta1.WorkloadSelector, previously istio.networking.v1alpha3.WorkloadSelector [security/v1beta1/authorization.proto]
CONFLICT: "ConfigSource" field: "tls_settings" has a different type: istio.networking.v1alpha3.ClientTLSSettings, previously istio.networking.v1alpha3.TLSSettings [mesh/v1alpha1/config.proto]
CONFLICT: "DeprecatedListenerMatch.ListenerProtocol" field: "ALL" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
@ -14,6 +34,10 @@ CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "0" has been removed,
CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "1" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "2" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "3" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "EnforcementMode" field: "ENFORCED" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" field: "PERMISSIVE" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Filter.FilterType" field: "HTTP" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "Filter.FilterType" field: "INVALID" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "Filter.FilterType" field: "NETWORK" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
@ -41,9 +65,63 @@ CONFLICT: "MeshConfig.IngressControllerMode" field: "STRICT" has a different int
CONFLICT: "MeshConfig.IngressControllerMode" field: "UNSPECIFIED" integer: 0 has an updated name, previously "OFF" [mesh/v1alpha1/config.proto]
CONFLICT: "ProxyConfig" field: "concurrency" has a different type: google.protobuf.Int32Value, previously int32 [mesh/v1alpha1/proxy.proto]
CONFLICT: "Quota" field: "charge" has a different type: int32, previously int64 [mixer/v1/config/client/quota.proto]
CONFLICT: "RbacConfig" field: "enforcement_mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "exclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "inclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "OFF" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_EXCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_INCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RemoteService" field: "tls_settings" has a different type: istio.networking.v1alpha3.ClientTLSSettings, previously istio.networking.v1alpha3.TLSSettings [mesh/v1alpha1/proxy.proto]
CONFLICT: "RoleRef" field: "kind" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" field: "name" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Server" field: "tls" has a different type: ServerTLSSettings, previously TLSOptions [networking/v1alpha3/gateway.proto]
CONFLICT: "ServiceEntry" field: "endpoints" has a different type: WorkloadEntry, previously Endpoint [networking/v1alpha3/service_entry.proto]
CONFLICT: "ServiceRole" field: "rules" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRole" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "actions" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "role" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "roleRef" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "subjects" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "group" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "properties" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "user" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "11" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "TLSOptions.TLSmode" field: "AUTO_PASSTHROUGH" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]
CONFLICT: "TLSOptions.TLSmode" field: "ISTIO_MUTUAL" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]
CONFLICT: "TLSOptions.TLSmode" field: "MUTUAL" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]

78
releaselocks/release-1.4/proto.lock.status
View File

@ -1,3 +1,23 @@
CONFLICT: "AccessRule" field: "constraints" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "services" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ConfigSource" field: "tls_settings" has a different type: istio.networking.v1alpha3.ClientTLSSettings, previously istio.networking.v1alpha3.TLSSettings [mesh/v1alpha1/config.proto]
CONFLICT: "DeprecatedListenerMatch.ListenerProtocol" field: "ALL" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "DeprecatedListenerMatch.ListenerProtocol" field: "HTTP" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
@ -13,6 +33,10 @@ CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "0" has been removed,
CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "1" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "2" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "3" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "EnforcementMode" field: "ENFORCED" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" field: "PERMISSIVE" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Filter.FilterType" field: "HTTP" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "Filter.FilterType" field: "INVALID" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "Filter.FilterType" field: "NETWORK" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
@ -39,9 +63,63 @@ CONFLICT: "MeshConfig.IngressControllerMode" field: "OFF" integer: 1 has an upda
CONFLICT: "MeshConfig.IngressControllerMode" field: "STRICT" has a different integer: 3, previously 2 [mesh/v1alpha1/config.proto]
CONFLICT: "MeshConfig.IngressControllerMode" field: "UNSPECIFIED" integer: 0 has an updated name, previously "OFF" [mesh/v1alpha1/config.proto]
CONFLICT: "ProxyConfig" field: "concurrency" has a different type: google.protobuf.Int32Value, previously int32 [mesh/v1alpha1/proxy.proto]
CONFLICT: "RbacConfig" field: "enforcement_mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "exclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "inclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "OFF" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_EXCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_INCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RemoteService" field: "tls_settings" has a different type: istio.networking.v1alpha3.ClientTLSSettings, previously istio.networking.v1alpha3.TLSSettings [mesh/v1alpha1/proxy.proto]
CONFLICT: "RoleRef" field: "kind" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" field: "name" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Server" field: "tls" has a different type: ServerTLSSettings, previously TLSOptions [networking/v1alpha3/gateway.proto]
CONFLICT: "ServiceEntry" field: "endpoints" has a different type: WorkloadEntry, previously Endpoint [networking/v1alpha3/service_entry.proto]
CONFLICT: "ServiceRole" field: "rules" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRole" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "actions" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "role" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "roleRef" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "subjects" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "group" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "properties" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "user" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "11" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "TLSOptions.TLSmode" field: "AUTO_PASSTHROUGH" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]
CONFLICT: "TLSOptions.TLSmode" field: "ISTIO_MUTUAL" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]
CONFLICT: "TLSOptions.TLSmode" field: "MUTUAL" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]

78
releaselocks/release-1.5/proto.lock.status
View File

@ -1,3 +1,23 @@
CONFLICT: "AccessRule" field: "constraints" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "services" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ConfigSource" field: "tls_settings" has a different type: istio.networking.v1alpha3.ClientTLSSettings, previously istio.networking.v1alpha3.TLSSettings [mesh/v1alpha1/config.proto]
CONFLICT: "DeprecatedListenerMatch.ListenerProtocol" field: "ALL" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "DeprecatedListenerMatch.ListenerProtocol" field: "HTTP" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
@ -13,6 +33,10 @@ CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "0" has been removed,
CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "1" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "2" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "DeprecatedListenerMatch.ListenerType" integer: "3" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "EnforcementMode" field: "ENFORCED" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" field: "PERMISSIVE" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Filter.FilterType" field: "HTTP" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "Filter.FilterType" field: "INVALID" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
CONFLICT: "Filter.FilterType" field: "NETWORK" has been removed, but is not reserved [networking/v1alpha3/envoy_filter.proto]
@ -37,7 +61,27 @@ CONFLICT: "MeshConfig.IngressControllerMode" field: "OFF" integer: 1 has an upda
CONFLICT: "MeshConfig.IngressControllerMode" field: "STRICT" has a different integer: 3, previously 2 [mesh/v1alpha1/config.proto]
CONFLICT: "MeshConfig.IngressControllerMode" field: "UNSPECIFIED" integer: 0 has an updated name, previously "OFF" [mesh/v1alpha1/config.proto]
CONFLICT: "ProxyConfig" field: "concurrency" has a different type: google.protobuf.Int32Value, previously int32 [mesh/v1alpha1/proxy.proto]
CONFLICT: "RbacConfig" field: "enforcement_mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "exclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "inclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "OFF" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_EXCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_INCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RemoteService" field: "tls_settings" has a different type: istio.networking.v1alpha3.ClientTLSSettings, previously istio.networking.v1alpha3.TLSSettings [mesh/v1alpha1/proxy.proto]
CONFLICT: "RoleRef" field: "kind" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" field: "name" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RollingUpdateDeployment" field: "maxSurge" has a different type: TypeInterface_kubernetes, previously TypeIntOrStringForPB [operator/v1alpha1/kubernetes.proto]
CONFLICT: "RollingUpdateDeployment" field: "maxUnavailable" has a different type: TypeInterface_kubernetes, previously TypeIntOrStringForPB [operator/v1alpha1/kubernetes.proto]
CONFLICT: "Server" field: "tls" has a different type: ServerTLSSettings, previously TLSOptions [networking/v1alpha3/gateway.proto]
@ -45,6 +89,40 @@ CONFLICT: "Server" field: "tls" has a different type: ServerTLSSettings, previou
CONFLICT: "ServiceEntry" field: "endpoints" has a different type: WorkloadEntry, previously Endpoint [networking/v1alpha3/service_entry.proto]
CONFLICT: "ServiceEntry" field: "endpoints" has a different type: WorkloadEntry, previously Endpoint [networking/v1beta1/service_entry.proto]
CONFLICT: "ServicePort" field: "targetPort" has a different type: TypeInterface_kubernetes, previously TypeIntOrStringForPB [operator/v1alpha1/kubernetes.proto]
CONFLICT: "ServiceRole" field: "rules" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRole" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "actions" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "role" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "roleRef" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "subjects" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "group" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "properties" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "user" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "11" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "TCPSocketAction" field: "port" has a different type: TypeInterface_kubernetes, previously TypeIntOrStringForPB [operator/v1alpha1/kubernetes.proto]
CONFLICT: "TLSOptions.TLSmode" field: "AUTO_PASSTHROUGH" has been removed, but is not reserved [networking/v1alpha3/gateway.proto]
CONFLICT: "TLSOptions.TLSmode" field: "AUTO_PASSTHROUGH" has been removed, but is not reserved [networking/v1beta1/gateway.proto]

78
releaselocks/release-1.6/proto.lock.status
View File

@ -1 +1,79 @@
CONFLICT: "AccessRule" field: "constraints" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_hosts" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_methods" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "not_ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "paths" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "ports" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" field: "services" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "AccessRule" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" field: "ENFORCED" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" field: "PERMISSIVE" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "EnforcementMode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ProxyConfig" field: "concurrency" has a different type: google.protobuf.Int32Value, previously int32 [mesh/v1alpha1/proxy.proto]
CONFLICT: "RbacConfig" field: "enforcement_mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "exclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "inclusion" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "OFF" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_EXCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" field: "ON_WITH_INCLUSION" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "0" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RbacConfig.Mode" integer: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" field: "kind" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" field: "name" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "RoleRef" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRole" field: "rules" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRole" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "actions" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "mode" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "role" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "roleRef" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" field: "subjects" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "ServiceRoleBinding" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "group" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_groups" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_ips" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_names" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "not_namespaces" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "properties" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" field: "user" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "1" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "10" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "11" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "2" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "3" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "4" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "5" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "6" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "7" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "8" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]
CONFLICT: "Subject" ID: "9" has been removed, but is not reserved [rbac/v1alpha1/rbac.proto]