istio
/
api
mirror of https://github.com/istio/api.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
api/security/v1beta1/authorization.pb.go

2292 lines
56 KiB
Go
Raw Blame History

// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: security/v1beta1/authorization.proto
// Istio Authorization Policy enables access control on workloads in the mesh.
//
// For example, the following authorization policy applies to workloads matched with
// label selector "app: httpbin, version: v1".
//
// It allows requests from:
// - service account "cluster.local/ns/default/sa/sleep" or
// - namespace "test"
// to access the workload with:
// - "GET" method at paths of prefix "/info" or,
// - "POST" method at path "/data".
// when the request has a valid JWT token issued by "https://accounts.google.com".
//
// Any other requests will be rejected.
//
// ```yaml
// apiVersion: security.istio.io/v1beta1
// kind: AuthorizationPolicy
// metadata:
// name: httpbin
// namespace: foo
// spec:
// selector:
// matchLabels:
// app: httpbin
// version: v1
// rules:
// - from:
// - source:
// principals: ["cluster.local/ns/default/sa/sleep"]
// - source:
// namespaces: ["test"]
// to:
// - operation:
// methods: ["GET"]
// paths: ["/info*"]
// - operation:
// methods: ["POST"]
// paths: ["/data"]
// when:
// - key: request.auth.claims[iss]
// values: ["https://accounts.google.com"]
// ```
//
// Access control is enabled on a workload if there is any authorization policies selecting
// the workload. When access control is enabled, the default behavior is deny (deny-by-default)
// which means requests to the workload will be rejected if the request is not allowed by any of
// the authorization policies selecting the workload.
//
// Currently AuthorizationPolicy only supports "ALLOW" action. This means that
// if multiple authorization policies apply to the same workload, the effect is additive.
//
// Authorization Policy scope (target) is determined by "metadata/namespace" and
// an optional "selector".
// - "metadata/namespace" tells which namespace the policy applies. If set to root
// namespace, the policy applies to all namespaces in a mesh.
// - workload "selector" can be used to further restrict where a policy applies.
//
// For example,
//
// The following authorization policy applies to workloads containing label
// "app: httpbin" in namespace bar.
//
// ```yaml
// apiVersion: security.istio.io/v1beta1
// kind: AuthorizationPolicy
// metadata:
// name: policy
// namespace: bar
// spec:
// selector:
// matchLabels:
// app: httpbin
// ```
//
// The following authorization policy applies to all workloads in namespace foo.
//
// ```yaml
// apiVersion: security.istio.io/v1beta1
// kind: AuthorizationPolicy
// metadata:
// name: policy
// namespace: foo
// spec:
// ```
//
// The following authorization policy applies to workloads containing label
// "version: v1" in all namespaces in the mesh. (Assuming the root namespace is
// configured to "istio-config").
//
// ```yaml
// apiVersion: security.istio.io/v1beta1
// kind: AuthorizationPolicy
// metadata:
// name: policy
// namespace: istio-config
// spec:
// selector:
// matchLabels:
// version: v1
// ```
package v1beta1
import (
fmt "fmt"
proto "github.com/gogo/protobuf/proto"
io "io"
v1beta1 "istio.io/api/type/v1beta1"
math "math"
math_bits "math/bits"
)
// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf
// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package
// AuthorizationPolicy enables access control on workloads.
//
// For example, the following authorization policy denies all requests to workloads
// in namespace foo.
//
// ```yaml
// apiVersion: security.istio.io/v1beta1
// kind: AuthorizationPolicy
// metadata:
// name: deny-all
// namespace: foo
// spec:
// ```
//
// The following authorization policy allows all requests to workloads in namespace
// foo.
//
// ```yaml
// apiVersion: security.istio.io/v1beta1
// kind: AuthorizationPolicy
// metadata:
// name: allow-all
// namespace: foo
// spec:
// rules:
// - {}
// ```
type AuthorizationPolicy struct {
// Optional. Workload selector decides where to apply the authorization policy.
// If not set, the authorization policy will be applied to all workloads in the
// same namespace as the authorization policy.
Selector *v1beta1.WorkloadSelector `protobuf:"bytes,1,opt,name=selector,proto3" json:"selector,omitempty"`
// Optional. A list of rules to specify the allowed access to the workload.
//
// If not set, access is denied unless explicitly allowed by other authorization policy.
Rules []*Rule `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *AuthorizationPolicy) Reset() { *m = AuthorizationPolicy{} }
func (m *AuthorizationPolicy) String() string { return proto.CompactTextString(m) }
func (*AuthorizationPolicy) ProtoMessage() {}
func (*AuthorizationPolicy) Descriptor() ([]byte, []int) {
return fileDescriptor_b72f4bc212a83269, []int{0}
}
func (m *AuthorizationPolicy) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *AuthorizationPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_AuthorizationPolicy.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *AuthorizationPolicy) XXX_Merge(src proto.Message) {
xxx_messageInfo_AuthorizationPolicy.Merge(m, src)
}
func (m *AuthorizationPolicy) XXX_Size() int {
return m.Size()
}
func (m *AuthorizationPolicy) XXX_DiscardUnknown() {
xxx_messageInfo_AuthorizationPolicy.DiscardUnknown(m)
}
var xxx_messageInfo_AuthorizationPolicy proto.InternalMessageInfo
func (m *AuthorizationPolicy) GetSelector() *v1beta1.WorkloadSelector {
if m != nil {
return m.Selector
}
return nil
}
func (m *AuthorizationPolicy) GetRules() []*Rule {
if m != nil {
return m.Rules
}
return nil
}
// Rule allows access from a list of sources to perform a list of operations when
// the condition is matched.
//
// Any string field in the rule supports Exact, Prefix, Suffix and Presence match:
// - Exact match: "abc" will match on value "abc".
// - Prefix match: "abc*" will match on value "abc" and "abcd".
// - Suffix match: "*abc" will match on value "abc" and "xabc".
// - Presence match: "*" will match when value is not empty.
type Rule struct {
// Optional. from specifies the source of a request.
//
// If not set, any source is allowed.
From []*Rule_From `protobuf:"bytes,1,rep,name=from,proto3" json:"from,omitempty"`
// Optional. to specifies the operation of a request.
//
// If not set, any operation is allowed.
To []*Rule_To `protobuf:"bytes,2,rep,name=to,proto3" json:"to,omitempty"`
// Optional. when specifies a list of additional conditions of a request.
//
// If not set, any condition is allowed.
When []*Condition `protobuf:"bytes,3,rep,name=when,proto3" json:"when,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Rule) Reset() { *m = Rule{} }
func (m *Rule) String() string { return proto.CompactTextString(m) }
func (*Rule) ProtoMessage() {}
func (*Rule) Descriptor() ([]byte, []int) {
return fileDescriptor_b72f4bc212a83269, []int{1}
}
func (m *Rule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Rule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Rule.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Rule) XXX_Merge(src proto.Message) {
xxx_messageInfo_Rule.Merge(m, src)
}
func (m *Rule) XXX_Size() int {
return m.Size()
}
func (m *Rule) XXX_DiscardUnknown() {
xxx_messageInfo_Rule.DiscardUnknown(m)
}
var xxx_messageInfo_Rule proto.InternalMessageInfo
func (m *Rule) GetFrom() []*Rule_From {
if m != nil {
return m.From
}
return nil
}
func (m *Rule) GetTo() []*Rule_To {
if m != nil {
return m.To
}
return nil
}
func (m *Rule) GetWhen() []*Condition {
if m != nil {
return m.When
}
return nil
}
// From includes a list or sources.
type Rule_From struct {
// Source specifies the source of a request.
Source *Source `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Rule_From) Reset() { *m = Rule_From{} }
func (m *Rule_From) String() string { return proto.CompactTextString(m) }
func (*Rule_From) ProtoMessage() {}
func (*Rule_From) Descriptor() ([]byte, []int) {
return fileDescriptor_b72f4bc212a83269, []int{1, 0}
}
func (m *Rule_From) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Rule_From) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Rule_From.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Rule_From) XXX_Merge(src proto.Message) {
xxx_messageInfo_Rule_From.Merge(m, src)
}
func (m *Rule_From) XXX_Size() int {
return m.Size()
}
func (m *Rule_From) XXX_DiscardUnknown() {
xxx_messageInfo_Rule_From.DiscardUnknown(m)
}
var xxx_messageInfo_Rule_From proto.InternalMessageInfo
func (m *Rule_From) GetSource() *Source {
if m != nil {
return m.Source
}
return nil
}
// To includes a list or operations.
type Rule_To struct {
// Operation specifies the operation of a request.
Operation *Operation `protobuf:"bytes,1,opt,name=operation,proto3" json:"operation,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Rule_To) Reset() { *m = Rule_To{} }
func (m *Rule_To) String() string { return proto.CompactTextString(m) }
func (*Rule_To) ProtoMessage() {}
func (*Rule_To) Descriptor() ([]byte, []int) {
return fileDescriptor_b72f4bc212a83269, []int{1, 1}
}
func (m *Rule_To) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Rule_To) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Rule_To.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Rule_To) XXX_Merge(src proto.Message) {
xxx_messageInfo_Rule_To.Merge(m, src)
}
func (m *Rule_To) XXX_Size() int {
return m.Size()
}
func (m *Rule_To) XXX_DiscardUnknown() {
xxx_messageInfo_Rule_To.DiscardUnknown(m)
}
var xxx_messageInfo_Rule_To proto.InternalMessageInfo
func (m *Rule_To) GetOperation() *Operation {
if m != nil {
return m.Operation
}
return nil
}
// Source specifies the source identities of a request.
type Source struct {
// Optional. A list of source peer identities (i.e. service account), which
// matches to the "source.principal" attribute.
//
// If not set, any principal is allowed.
Principals []string `protobuf:"bytes,1,rep,name=principals,proto3" json:"principals,omitempty"`
// Optional. A list of request identities (i.e. "iss/sub" claims), which
// matches to the "request.auth.principal" attribute.
//
// If not set, any request principal is allowed.
RequestPrincipals []string `protobuf:"bytes,2,rep,name=request_principals,json=requestPrincipals,proto3" json:"request_principals,omitempty"`
// Optional. A list of namespaces, which matches to the "source.namespace"
// attribute.
//
// If not set, any namespace is allowed.
Namespaces []string `protobuf:"bytes,3,rep,name=namespaces,proto3" json:"namespaces,omitempty"`
// Optional. A list of IP blocks, which matches to the "source.ip" attribute.
// Single IP (e.g. "1.2.3.4") and CIDR (e.g. "1.2.3.0/24") are supported.
//
// If not set, any IP is allowed.
IpBlocks []string `protobuf:"bytes,4,rep,name=ip_blocks,json=ipBlocks,proto3" json:"ip_blocks,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Source) Reset() { *m = Source{} }
func (m *Source) String() string { return proto.CompactTextString(m) }
func (*Source) ProtoMessage() {}
func (*Source) Descriptor() ([]byte, []int) {
return fileDescriptor_b72f4bc212a83269, []int{2}
}
func (m *Source) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Source) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Source.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Source) XXX_Merge(src proto.Message) {
xxx_messageInfo_Source.Merge(m, src)
}
func (m *Source) XXX_Size() int {
return m.Size()
}
func (m *Source) XXX_DiscardUnknown() {
xxx_messageInfo_Source.DiscardUnknown(m)
}
var xxx_messageInfo_Source proto.InternalMessageInfo
func (m *Source) GetPrincipals() []string {
if m != nil {
return m.Principals
}
return nil
}
func (m *Source) GetRequestPrincipals() []string {
if m != nil {
return m.RequestPrincipals
}
return nil
}
func (m *Source) GetNamespaces() []string {
if m != nil {
return m.Namespaces
}
return nil
}
func (m *Source) GetIpBlocks() []string {
if m != nil {
return m.IpBlocks
}
return nil
}
// Operation specifies the operations of a request.
type Operation struct {
// Optional. A list of hosts, which matches to the "request.host" attribute.
//
// If not set, any host is allowed. Must be used only with HTTP.
Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"`
// Optional. A list of ports, which matches to the "destination.port" attribute.
//
// If not set, any port is allowed.
Ports []string `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty"`
// Optional. A list of methods, which matches to the "request.method" attribute.
// For gRPC service, this should be the fully-qualified name in the form of
// "/package.service/method"
//
// If not set, any method is allowed. Must be used only with HTTP or gRPC.
Methods []string `protobuf:"bytes,3,rep,name=methods,proto3" json:"methods,omitempty"`
// Optional. A list of paths, which matches to the "request.url_path" attribute.
//
// If not set, any path is allowed. Must be used only with HTTP.
Paths []string `protobuf:"bytes,4,rep,name=paths,proto3" json:"paths,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Operation) Reset() { *m = Operation{} }
func (m *Operation) String() string { return proto.CompactTextString(m) }
func (*Operation) ProtoMessage() {}
func (*Operation) Descriptor() ([]byte, []int) {
return fileDescriptor_b72f4bc212a83269, []int{3}
}
func (m *Operation) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Operation) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Operation.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Operation) XXX_Merge(src proto.Message) {
xxx_messageInfo_Operation.Merge(m, src)
}
func (m *Operation) XXX_Size() int {
return m.Size()
}
func (m *Operation) XXX_DiscardUnknown() {
xxx_messageInfo_Operation.DiscardUnknown(m)
}
var xxx_messageInfo_Operation proto.InternalMessageInfo
func (m *Operation) GetHosts() []string {
if m != nil {
return m.Hosts
}
return nil
}
func (m *Operation) GetPorts() []string {
if m != nil {
return m.Ports
}
return nil
}
func (m *Operation) GetMethods() []string {
if m != nil {
return m.Methods
}
return nil
}
func (m *Operation) GetPaths() []string {
if m != nil {
return m.Paths
}
return nil
}
// Condition specifies additional required attributes.
type Condition struct {
// Required. The name of an Istio attribute.
// Note: Check https://istio.io/docs/reference/config/ for the list of supported
// attribute name.
Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"`
// Required. The allowed values for the attribute.
Values []string `protobuf:"bytes,2,rep,name=values,proto3" json:"values,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
}
func (m *Condition) Reset() { *m = Condition{} }
func (m *Condition) String() string { return proto.CompactTextString(m) }
func (*Condition) ProtoMessage() {}
func (*Condition) Descriptor() ([]byte, []int) {
return fileDescriptor_b72f4bc212a83269, []int{4}
}
func (m *Condition) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
}
func (m *Condition) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
if deterministic {
return xxx_messageInfo_Condition.Marshal(b, m, deterministic)
} else {
b = b[:cap(b)]
n, err := m.MarshalToSizedBuffer(b)
if err != nil {
return nil, err
}
return b[:n], nil
}
}
func (m *Condition) XXX_Merge(src proto.Message) {
xxx_messageInfo_Condition.Merge(m, src)
}
func (m *Condition) XXX_Size() int {
return m.Size()
}
func (m *Condition) XXX_DiscardUnknown() {
xxx_messageInfo_Condition.DiscardUnknown(m)
}
var xxx_messageInfo_Condition proto.InternalMessageInfo
func (m *Condition) GetKey() string {
if m != nil {
return m.Key
}
return ""
}
func (m *Condition) GetValues() []string {
if m != nil {
return m.Values
}
return nil
}
func init() {
proto.RegisterType((*AuthorizationPolicy)(nil), "istio.security.v1beta1.AuthorizationPolicy")
proto.RegisterType((*Rule)(nil), "istio.security.v1beta1.Rule")
proto.RegisterType((*Rule_From)(nil), "istio.security.v1beta1.Rule.From")
proto.RegisterType((*Rule_To)(nil), "istio.security.v1beta1.Rule.To")
proto.RegisterType((*Source)(nil), "istio.security.v1beta1.Source")
proto.RegisterType((*Operation)(nil), "istio.security.v1beta1.Operation")
proto.RegisterType((*Condition)(nil), "istio.security.v1beta1.Condition")
}
func init() {
proto.RegisterFile("security/v1beta1/authorization.proto", fileDescriptor_b72f4bc212a83269)
}
var fileDescriptor_b72f4bc212a83269 = []byte{
// 468 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x7c, 0x93, 0xcf, 0x6e, 0xd3, 0x4c,
0x14, 0xc5, 0x65, 0x27, 0xcd, 0x57, 0xdf, 0x6e, 0x3e, 0x06, 0x54, 0x59, 0x29, 0x98, 0x62, 0x75,
0x51, 0x09, 0x61, 0xab, 0x41, 0x65, 0xc9, 0x9f, 0x22, 0xd8, 0x52, 0x4d, 0x2b, 0x21, 0xb1, 0xa9,
0x26, 0xce, 0x05, 0x8f, 0xe2, 0xf8, 0x0e, 0x33, 0xe3, 0xa2, 0xf0, 0x0a, 0x6c, 0x79, 0x0c, 0x1e,
0x84, 0x25, 0x8f, 0x80, 0xf2, 0x24, 0xc8, 0x63, 0x4f, 0x1a, 0x21, 0x9a, 0x9d, 0xef, 0xcc, 0xef,
0x9c, 0x73, 0x75, 0xac, 0x81, 0x23, 0x83, 0x45, 0xa3, 0xa5, 0x5d, 0xe6, 0xd7, 0x27, 0x53, 0xb4,
0xe2, 0x24, 0x17, 0x8d, 0x2d, 0x49, 0xcb, 0xaf, 0xc2, 0x4a, 0xaa, 0x33, 0xa5, 0xc9, 0x12, 0xdb,
0x97, 0xc6, 0x4a, 0xca, 0x3c, 0x9b, 0xf5, 0xec, 0xf8, 0xc0, 0x2e, 0x15, 0xae, 0x95, 0x06, 0x2b,
0x2c, 0x2c, 0xe9, 0x4e, 0x94, 0x7e, 0x0b, 0xe0, 0xee, 0xab, 0x4d, 0xb3, 0x73, 0xaa, 0x64, 0xb1,
0x64, 0x2f, 0x61, 0xd7, 0x93, 0x71, 0x70, 0x18, 0x1c, 0xef, 0x4d, 0x8e, 0xb2, 0xce, 0xbf, 0x75,
0xf3, 0xde, 0xd9, 0x7b, 0xd2, 0xf3, 0x8a, 0xc4, 0xec, 0xa2, 0x67, 0xf9, 0x5a, 0xc5, 0x26, 0xb0,
0xa3, 0x9b, 0x0a, 0x4d, 0x1c, 0x1e, 0x0e, 0x8e, 0xf7, 0x26, 0xf7, 0xb3, 0x7f, 0xaf, 0x97, 0xf1,
0xa6, 0x42, 0xde, 0xa1, 0xe9, 0x8f, 0x10, 0x86, 0xed, 0xcc, 0x4e, 0x61, 0xf8, 0x51, 0xd3, 0x22,
0x0e, 0x9c, 0xf6, 0xd1, 0x36, 0x6d, 0xf6, 0x56, 0xd3, 0x82, 0x3b, 0x9c, 0xe5, 0x10, 0x5a, 0xea,
0x03, 0x1f, 0x6e, 0x15, 0x5d, 0x12, 0x0f, 0x2d, 0xb5, 0x39, 0x5f, 0x4a, 0xac, 0xe3, 0xc1, 0xf6,
0x9c, 0xd7, 0x54, 0xcf, 0x64, 0xdb, 0x0e, 0x77, 0xf8, 0xf8, 0x39, 0x0c, 0xdb, 0x54, 0xf6, 0x0c,
0x46, 0x86, 0x1a, 0x5d, 0x60, 0xdf, 0x51, 0x72, 0x9b, 0xc1, 0x85, 0xa3, 0x78, 0x4f, 0x8f, 0xdf,
0x40, 0x78, 0x49, 0xec, 0x05, 0x44, 0xa4, 0x50, 0xbb, 0xda, 0x7b, 0x83, 0x5b, 0x37, 0x78, 0xe7,
0x41, 0x7e, 0xa3, 0x49, 0xbf, 0x07, 0x30, 0xea, 0x9c, 0x59, 0x02, 0xa0, 0xb4, 0xac, 0x0b, 0xa9,
0x44, 0x65, 0x5c, 0x6d, 0x11, 0xdf, 0x38, 0x61, 0x4f, 0x80, 0x69, 0xfc, 0xdc, 0xa0, 0xb1, 0x57,
0x1b, 0x5c, 0xe8, 0xb8, 0x3b, 0xfd, 0xcd, 0xf9, 0x0d, 0x9e, 0x00, 0xd4, 0x62, 0x81, 0x46, 0x89,
0x02, 0x8d, 0x6b, 0x27, 0xe2, 0x1b, 0x27, 0xec, 0x00, 0x22, 0xa9, 0xae, 0xa6, 0x15, 0x15, 0x73,
0x13, 0x0f, 0xdd, 0xf5, 0xae, 0x54, 0x67, 0x6e, 0x4e, 0x3f, 0x41, 0xb4, 0x5e, 0x97, 0xdd, 0x83,
0x9d, 0x92, 0x8c, 0xf5, 0x3b, 0x75, 0x43, 0x7b, 0xaa, 0x48, 0x5b, 0xbf, 0x41, 0x37, 0xb0, 0x18,
0xfe, 0x5b, 0xa0, 0x2d, 0x69, 0xe6, 0x23, 0xfd, 0xe8, 0x78, 0x61, 0x4b, 0x9f, 0xd5, 0x0d, 0xe9,
0x29, 0x44, 0xeb, 0x3f, 0xc3, 0xfe, 0x87, 0xc1, 0x1c, 0x97, 0xae, 0xc7, 0x88, 0xb7, 0x9f, 0x6c,
0x1f, 0x46, 0xd7, 0xa2, 0x6a, 0xd0, 0xa7, 0xf4, 0xd3, 0xd9, 0xe3, 0x9f, 0xab, 0x24, 0xf8, 0xb5,
0x4a, 0x82, 0xdf, 0xab, 0x24, 0xf8, 0xf0, 0xa0, 0x6b, 0x5c, 0x52, 0x2e, 0x94, 0xcc, 0xff, 0x7e,
0x69, 0xd3, 0x91, 0x7b, 0x27, 0x4f, 0xff, 0x04, 0x00, 0x00, 0xff, 0xff, 0x24, 0xd9, 0xf9, 0xdc,
0x84, 0x03, 0x00, 0x00,
}
func (m *AuthorizationPolicy) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *AuthorizationPolicy) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *AuthorizationPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Rules) > 0 {
for iNdEx := len(m.Rules) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.Rules[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintAuthorization(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if m.Selector != nil {
{
size, err := m.Selector.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintAuthorization(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Rule) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Rule) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Rule) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.When) > 0 {
for iNdEx := len(m.When) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.When[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintAuthorization(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x1a
}
}
if len(m.To) > 0 {
for iNdEx := len(m.To) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.To[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintAuthorization(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0x12
}
}
if len(m.From) > 0 {
for iNdEx := len(m.From) - 1; iNdEx >= 0; iNdEx-- {
{
size, err := m.From[iNdEx].MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintAuthorization(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *Rule_From) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Rule_From) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Rule_From) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Source != nil {
{
size, err := m.Source.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintAuthorization(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Rule_To) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Rule_To) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Rule_To) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if m.Operation != nil {
{
size, err := m.Operation.MarshalToSizedBuffer(dAtA[:i])
if err != nil {
return 0, err
}
i -= size
i = encodeVarintAuthorization(dAtA, i, uint64(size))
}
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func (m *Source) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Source) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Source) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.IpBlocks) > 0 {
for iNdEx := len(m.IpBlocks) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.IpBlocks[iNdEx])
copy(dAtA[i:], m.IpBlocks[iNdEx])
i = encodeVarintAuthorization(dAtA, i, uint64(len(m.IpBlocks[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.Namespaces) > 0 {
for iNdEx := len(m.Namespaces) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Namespaces[iNdEx])
copy(dAtA[i:], m.Namespaces[iNdEx])
i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Namespaces[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.RequestPrincipals) > 0 {
for iNdEx := len(m.RequestPrincipals) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.RequestPrincipals[iNdEx])
copy(dAtA[i:], m.RequestPrincipals[iNdEx])
i = encodeVarintAuthorization(dAtA, i, uint64(len(m.RequestPrincipals[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Principals) > 0 {
for iNdEx := len(m.Principals) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Principals[iNdEx])
copy(dAtA[i:], m.Principals[iNdEx])
i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Principals[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *Operation) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Operation) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Operation) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Paths) > 0 {
for iNdEx := len(m.Paths) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Paths[iNdEx])
copy(dAtA[i:], m.Paths[iNdEx])
i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Paths[iNdEx])))
i--
dAtA[i] = 0x22
}
}
if len(m.Methods) > 0 {
for iNdEx := len(m.Methods) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Methods[iNdEx])
copy(dAtA[i:], m.Methods[iNdEx])
i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Methods[iNdEx])))
i--
dAtA[i] = 0x1a
}
}
if len(m.Ports) > 0 {
for iNdEx := len(m.Ports) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Ports[iNdEx])
copy(dAtA[i:], m.Ports[iNdEx])
i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Ports[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Hosts) > 0 {
for iNdEx := len(m.Hosts) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Hosts[iNdEx])
copy(dAtA[i:], m.Hosts[iNdEx])
i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Hosts[iNdEx])))
i--
dAtA[i] = 0xa
}
}
return len(dAtA) - i, nil
}
func (m *Condition) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
n, err := m.MarshalToSizedBuffer(dAtA[:size])
if err != nil {
return nil, err
}
return dAtA[:n], nil
}
func (m *Condition) MarshalTo(dAtA []byte) (int, error) {
size := m.Size()
return m.MarshalToSizedBuffer(dAtA[:size])
}
func (m *Condition) MarshalToSizedBuffer(dAtA []byte) (int, error) {
i := len(dAtA)
_ = i
var l int
_ = l
if m.XXX_unrecognized != nil {
i -= len(m.XXX_unrecognized)
copy(dAtA[i:], m.XXX_unrecognized)
}
if len(m.Values) > 0 {
for iNdEx := len(m.Values) - 1; iNdEx >= 0; iNdEx-- {
i -= len(m.Values[iNdEx])
copy(dAtA[i:], m.Values[iNdEx])
i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Values[iNdEx])))
i--
dAtA[i] = 0x12
}
}
if len(m.Key) > 0 {
i -= len(m.Key)
copy(dAtA[i:], m.Key)
i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Key)))
i--
dAtA[i] = 0xa
}
return len(dAtA) - i, nil
}
func encodeVarintAuthorization(dAtA []byte, offset int, v uint64) int {
offset -= sovAuthorization(v)
base := offset
for v >= 1<<7 {
dAtA[offset] = uint8(v&0x7f | 0x80)
v >>= 7
offset++
}
dAtA[offset] = uint8(v)
return base
}
func (m *AuthorizationPolicy) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Selector != nil {
l = m.Selector.Size()
n += 1 + l + sovAuthorization(uint64(l))
}
if len(m.Rules) > 0 {
for _, e := range m.Rules {
l = e.Size()
n += 1 + l + sovAuthorization(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Rule) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.From) > 0 {
for _, e := range m.From {
l = e.Size()
n += 1 + l + sovAuthorization(uint64(l))
}
}
if len(m.To) > 0 {
for _, e := range m.To {
l = e.Size()
n += 1 + l + sovAuthorization(uint64(l))
}
}
if len(m.When) > 0 {
for _, e := range m.When {
l = e.Size()
n += 1 + l + sovAuthorization(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Rule_From) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Source != nil {
l = m.Source.Size()
n += 1 + l + sovAuthorization(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Rule_To) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if m.Operation != nil {
l = m.Operation.Size()
n += 1 + l + sovAuthorization(uint64(l))
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Source) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Principals) > 0 {
for _, s := range m.Principals {
l = len(s)
n += 1 + l + sovAuthorization(uint64(l))
}
}
if len(m.RequestPrincipals) > 0 {
for _, s := range m.RequestPrincipals {
l = len(s)
n += 1 + l + sovAuthorization(uint64(l))
}
}
if len(m.Namespaces) > 0 {
for _, s := range m.Namespaces {
l = len(s)
n += 1 + l + sovAuthorization(uint64(l))
}
}
if len(m.IpBlocks) > 0 {
for _, s := range m.IpBlocks {
l = len(s)
n += 1 + l + sovAuthorization(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Operation) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
if len(m.Hosts) > 0 {
for _, s := range m.Hosts {
l = len(s)
n += 1 + l + sovAuthorization(uint64(l))
}
}
if len(m.Ports) > 0 {
for _, s := range m.Ports {
l = len(s)
n += 1 + l + sovAuthorization(uint64(l))
}
}
if len(m.Methods) > 0 {
for _, s := range m.Methods {
l = len(s)
n += 1 + l + sovAuthorization(uint64(l))
}
}
if len(m.Paths) > 0 {
for _, s := range m.Paths {
l = len(s)
n += 1 + l + sovAuthorization(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func (m *Condition) Size() (n int) {
if m == nil {
return 0
}
var l int
_ = l
l = len(m.Key)
if l > 0 {
n += 1 + l + sovAuthorization(uint64(l))
}
if len(m.Values) > 0 {
for _, s := range m.Values {
l = len(s)
n += 1 + l + sovAuthorization(uint64(l))
}
}
if m.XXX_unrecognized != nil {
n += len(m.XXX_unrecognized)
}
return n
}
func sovAuthorization(x uint64) (n int) {
return (math_bits.Len64(x|1) + 6) / 7
}
func sozAuthorization(x uint64) (n int) {
return sovAuthorization(uint64((x << 1) ^ uint64((int64(x) >> 63))))
}
func (m *AuthorizationPolicy) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: AuthorizationPolicy: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: AuthorizationPolicy: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Selector", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Selector == nil {
m.Selector = &v1beta1.WorkloadSelector{}
}
if err := m.Selector.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Rules = append(m.Rules, &Rule{})
if err := m.Rules[len(m.Rules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipAuthorization(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *Rule) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: Rule: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: Rule: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field From", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.From = append(m.From, &Rule_From{})
if err := m.From[len(m.From)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field To", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.To = append(m.To, &Rule_To{})
if err := m.To[len(m.To)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field When", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.When = append(m.When, &Condition{})
if err := m.When[len(m.When)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipAuthorization(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *Rule_From) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: From: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: From: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Source", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Source == nil {
m.Source = &Source{}
}
if err := m.Source.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipAuthorization(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *Rule_To) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: To: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: To: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Operation", wireType)
}
var msglen int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
msglen |= int(b&0x7F) << shift
if b < 0x80 {
break
}
}
if msglen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + msglen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
if m.Operation == nil {
m.Operation = &Operation{}
}
if err := m.Operation.Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
return err
}
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipAuthorization(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *Source) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: Source: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: Source: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Principals", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Principals = append(m.Principals, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field RequestPrincipals", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.RequestPrincipals = append(m.RequestPrincipals, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Namespaces", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Namespaces = append(m.Namespaces, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field IpBlocks", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.IpBlocks = append(m.IpBlocks, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipAuthorization(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *Operation) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: Operation: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: Operation: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Hosts", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Hosts = append(m.Hosts, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Ports", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Ports = append(m.Ports, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 3:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Methods", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Methods = append(m.Methods, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
case 4:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Paths", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Paths = append(m.Paths, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipAuthorization(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func (m *Condition) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
preIndex := iNdEx
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
fieldNum := int32(wire >> 3)
wireType := int(wire & 0x7)
if wireType == 4 {
return fmt.Errorf("proto: Condition: wiretype end group for non-group")
}
if fieldNum <= 0 {
return fmt.Errorf("proto: Condition: illegal tag %d (wire type %d)", fieldNum, wire)
}
switch fieldNum {
case 1:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Key = string(dAtA[iNdEx:postIndex])
iNdEx = postIndex
case 2:
if wireType != 2 {
return fmt.Errorf("proto: wrong wireType = %d for field Values", wireType)
}
var stringLen uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return ErrIntOverflowAuthorization
}
if iNdEx >= l {
return io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
stringLen |= uint64(b&0x7F) << shift
if b < 0x80 {
break
}
}
intStringLen := int(stringLen)
if intStringLen < 0 {
return ErrInvalidLengthAuthorization
}
postIndex := iNdEx + intStringLen
if postIndex < 0 {
return ErrInvalidLengthAuthorization
}
if postIndex > l {
return io.ErrUnexpectedEOF
}
m.Values = append(m.Values, string(dAtA[iNdEx:postIndex]))
iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipAuthorization(dAtA[iNdEx:])
if err != nil {
return err
}
if skippy < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) < 0 {
return ErrInvalidLengthAuthorization
}
if (iNdEx + skippy) > l {
return io.ErrUnexpectedEOF
}
m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...)
iNdEx += skippy
}
}
if iNdEx > l {
return io.ErrUnexpectedEOF
}
return nil
}
func skipAuthorization(dAtA []byte) (n int, err error) {
l := len(dAtA)
iNdEx := 0
for iNdEx < l {
var wire uint64
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowAuthorization
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
wire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
wireType := int(wire & 0x7)
switch wireType {
case 0:
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowAuthorization
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
iNdEx++
if dAtA[iNdEx-1] < 0x80 {
break
}
}
return iNdEx, nil
case 1:
iNdEx += 8
return iNdEx, nil
case 2:
var length int
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowAuthorization
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
length |= (int(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
if length < 0 {
return 0, ErrInvalidLengthAuthorization
}
iNdEx += length
if iNdEx < 0 {
return 0, ErrInvalidLengthAuthorization
}
return iNdEx, nil
case 3:
for {
var innerWire uint64
var start int = iNdEx
for shift := uint(0); ; shift += 7 {
if shift >= 64 {
return 0, ErrIntOverflowAuthorization
}
if iNdEx >= l {
return 0, io.ErrUnexpectedEOF
}
b := dAtA[iNdEx]
iNdEx++
innerWire |= (uint64(b) & 0x7F) << shift
if b < 0x80 {
break
}
}
innerWireType := int(innerWire & 0x7)
if innerWireType == 4 {
break
}
next, err := skipAuthorization(dAtA[start:])
if err != nil {
return 0, err
}
iNdEx = start + next
if iNdEx < 0 {
return 0, ErrInvalidLengthAuthorization
}
}
return iNdEx, nil
case 4:
return iNdEx, nil
case 5:
iNdEx += 4
return iNdEx, nil
default:
return 0, fmt.Errorf("proto: illegal wireType %d", wireType)
}
}
panic("unreachable")
}
var (
ErrInvalidLengthAuthorization = fmt.Errorf("proto: negative length found during unmarshaling")
ErrIntOverflowAuthorization = fmt.Errorf("proto: integer overflow")
)
Reference in New Issue View Git Blame Copy Permalink