From be9486c239c9c89deb7c108599bc4d5a82d9fd2d Mon Sep 17 00:00:00 2001
From: Eliza Weisman <eliza@buoyant.io>
Date: Thu, 31 May 2018 11:48:25 -0700
Subject: [PATCH] proto: Add TLS identity to WeightedAddr message (#1041)

Required for #1008.

This PR adds the `TlsIdentity` message to the Destination service proto,
to describe what strategy the proxy should use for verifying an endpoint's TLS
certificates. It also adds a `TlsIdentity` field to the `WeightedAddr` message.

Currently, there is one possible variant for `TlsIdentity`, `KubernetesPodName`,
which consists of the Kubernetes pod name of the endpoint, the namespace of
the endpoint, and the namespace of that pod's Conduit control plane. The proxy
should attempt to connect over TLS if the control plane namespace matches its
own control plane namespace. The pod name and namespace are used to verify
the endpoint's TLS certificate.

See https://github.com/runconduit/conduit/issues/386#issuecomment-392948046.

This change was initially part of #1008, but I factored it out to make the diff
smaller.

Signed-off-by: Eliza Weisman <eliza@buoyant.io>
---
 proxy/tests/support/controller.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/proxy/tests/support/controller.rs b/proxy/tests/support/controller.rs
index 3a876e2e4..c538fdfae 100644
--- a/proxy/tests/support/controller.rs
+++ b/proxy/tests/support/controller.rs
@@ -181,6 +181,7 @@ pub fn destination_add_labeled(
                         }),
                         weight: 0,
                         metric_labels: addr_labels,
+                        ..Default::default()
                     },
                 ],
                 metric_labels: set_labels,