istio.io/istio@v0.0.0-20240520182934-d79c90f27776/pkg/workloadapi/security/authorization.pb.go (about) 1 // Copyright Istio Authors 2 // 3 // Licensed under the Apache License, Version 2.0 (the "License"); 4 // you may not use this file except in compliance with the License. 5 // You may obtain a copy of the License at 6 // 7 // http://www.apache.org/licenses/LICENSE-2.0 8 // 9 // Unless required by applicable law or agreed to in writing, software 10 // distributed under the License is distributed on an "AS IS" BASIS, 11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 // See the License for the specific language governing permissions and 13 // limitations under the License. 14 15 // Code generated by protoc-gen-go. DO NOT EDIT. 16 // versions: 17 // protoc-gen-go v1.33.0 18 // protoc (unknown) 19 // source: workloadapi/security/authorization.proto 20 21 package security 22 23 import ( 24 protoreflect "google.golang.org/protobuf/reflect/protoreflect" 25 protoimpl "google.golang.org/protobuf/runtime/protoimpl" 26 emptypb "google.golang.org/protobuf/types/known/emptypb" 27 reflect "reflect" 28 sync "sync" 29 ) 30 31 const ( 32 // Verify that this generated code is sufficiently up-to-date. 33 _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) 34 // Verify that runtime/protoimpl is sufficiently up-to-date. 35 _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) 36 ) 37 38 type Scope int32 39 40 const ( 41 // ALL means that the authorization policy will be applied to all workloads 42 // in the mesh (any namespace). 43 Scope_GLOBAL Scope = 0 44 // NAMESPACE means that the policy will only be applied to workloads in a 45 // specific namespace. 46 Scope_NAMESPACE Scope = 1 47 // WORKLOAD_SELECTOR means that the policy will only be applied to specific 48 // workloads that were selected by their labels. 49 Scope_WORKLOAD_SELECTOR Scope = 2 50 ) 51 52 // Enum value maps for Scope. 53 var ( 54 Scope_name = map[int32]string{ 55 0: "GLOBAL", 56 1: "NAMESPACE", 57 2: "WORKLOAD_SELECTOR", 58 } 59 Scope_value = map[string]int32{ 60 "GLOBAL": 0, 61 "NAMESPACE": 1, 62 "WORKLOAD_SELECTOR": 2, 63 } 64 ) 65 66 func (x Scope) Enum() *Scope { 67 p := new(Scope) 68 *p = x 69 return p 70 } 71 72 func (x Scope) String() string { 73 return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) 74 } 75 76 func (Scope) Descriptor() protoreflect.EnumDescriptor { 77 return file_workloadapi_security_authorization_proto_enumTypes[0].Descriptor() 78 } 79 80 func (Scope) Type() protoreflect.EnumType { 81 return &file_workloadapi_security_authorization_proto_enumTypes[0] 82 } 83 84 func (x Scope) Number() protoreflect.EnumNumber { 85 return protoreflect.EnumNumber(x) 86 } 87 88 // Deprecated: Use Scope.Descriptor instead. 89 func (Scope) EnumDescriptor() ([]byte, []int) { 90 return file_workloadapi_security_authorization_proto_rawDescGZIP(), []int{0} 91 } 92 93 type Action int32 94 95 const ( 96 // Allow the request if it matches with the rules. 97 Action_ALLOW Action = 0 98 // Deny the request if it matches with the rules. 99 Action_DENY Action = 1 100 ) 101 102 // Enum value maps for Action. 103 var ( 104 Action_name = map[int32]string{ 105 0: "ALLOW", 106 1: "DENY", 107 } 108 Action_value = map[string]int32{ 109 "ALLOW": 0, 110 "DENY": 1, 111 } 112 ) 113 114 func (x Action) Enum() *Action { 115 p := new(Action) 116 *p = x 117 return p 118 } 119 120 func (x Action) String() string { 121 return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) 122 } 123 124 func (Action) Descriptor() protoreflect.EnumDescriptor { 125 return file_workloadapi_security_authorization_proto_enumTypes[1].Descriptor() 126 } 127 128 func (Action) Type() protoreflect.EnumType { 129 return &file_workloadapi_security_authorization_proto_enumTypes[1] 130 } 131 132 func (x Action) Number() protoreflect.EnumNumber { 133 return protoreflect.EnumNumber(x) 134 } 135 136 // Deprecated: Use Action.Descriptor instead. 137 func (Action) EnumDescriptor() ([]byte, []int) { 138 return file_workloadapi_security_authorization_proto_rawDescGZIP(), []int{1} 139 } 140 141 type Authorization struct { 142 state protoimpl.MessageState 143 sizeCache protoimpl.SizeCache 144 unknownFields protoimpl.UnknownFields 145 146 Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` 147 Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` 148 // Determine the scope of this RBAC policy. 149 // If set to NAMESPACE, the 'namespace' field value will be used. 150 Scope Scope `protobuf:"varint,3,opt,name=scope,proto3,enum=istio.security.Scope" json:"scope,omitempty"` 151 // The action to take if the request is matched with the rules. 152 // Default is ALLOW if not specified. 153 Action Action `protobuf:"varint,4,opt,name=action,proto3,enum=istio.security.Action" json:"action,omitempty"` 154 // Set of RBAC policy groups each containing its rules. 155 // If at least one of the groups is matched the policy action will 156 // take place. 157 // Groups are OR-ed. 158 Groups []*Group `protobuf:"bytes,5,rep,name=groups,proto3" json:"groups,omitempty"` 159 } 160 161 func (x *Authorization) Reset() { 162 *x = Authorization{} 163 if protoimpl.UnsafeEnabled { 164 mi := &file_workloadapi_security_authorization_proto_msgTypes[0] 165 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 166 ms.StoreMessageInfo(mi) 167 } 168 } 169 170 func (x *Authorization) String() string { 171 return protoimpl.X.MessageStringOf(x) 172 } 173 174 func (*Authorization) ProtoMessage() {} 175 176 func (x *Authorization) ProtoReflect() protoreflect.Message { 177 mi := &file_workloadapi_security_authorization_proto_msgTypes[0] 178 if protoimpl.UnsafeEnabled && x != nil { 179 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 180 if ms.LoadMessageInfo() == nil { 181 ms.StoreMessageInfo(mi) 182 } 183 return ms 184 } 185 return mi.MessageOf(x) 186 } 187 188 // Deprecated: Use Authorization.ProtoReflect.Descriptor instead. 189 func (*Authorization) Descriptor() ([]byte, []int) { 190 return file_workloadapi_security_authorization_proto_rawDescGZIP(), []int{0} 191 } 192 193 func (x *Authorization) GetName() string { 194 if x != nil { 195 return x.Name 196 } 197 return "" 198 } 199 200 func (x *Authorization) GetNamespace() string { 201 if x != nil { 202 return x.Namespace 203 } 204 return "" 205 } 206 207 func (x *Authorization) GetScope() Scope { 208 if x != nil { 209 return x.Scope 210 } 211 return Scope_GLOBAL 212 } 213 214 func (x *Authorization) GetAction() Action { 215 if x != nil { 216 return x.Action 217 } 218 return Action_ALLOW 219 } 220 221 func (x *Authorization) GetGroups() []*Group { 222 if x != nil { 223 return x.Groups 224 } 225 return nil 226 } 227 228 type Group struct { 229 state protoimpl.MessageState 230 sizeCache protoimpl.SizeCache 231 unknownFields protoimpl.UnknownFields 232 233 // Rules are OR-ed (e.g. ANY rule can match) 234 // This is a generic form of the authz policy's to, from and when 235 Rules []*Rules `protobuf:"bytes,1,rep,name=rules,proto3" json:"rules,omitempty"` 236 } 237 238 func (x *Group) Reset() { 239 *x = Group{} 240 if protoimpl.UnsafeEnabled { 241 mi := &file_workloadapi_security_authorization_proto_msgTypes[1] 242 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 243 ms.StoreMessageInfo(mi) 244 } 245 } 246 247 func (x *Group) String() string { 248 return protoimpl.X.MessageStringOf(x) 249 } 250 251 func (*Group) ProtoMessage() {} 252 253 func (x *Group) ProtoReflect() protoreflect.Message { 254 mi := &file_workloadapi_security_authorization_proto_msgTypes[1] 255 if protoimpl.UnsafeEnabled && x != nil { 256 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 257 if ms.LoadMessageInfo() == nil { 258 ms.StoreMessageInfo(mi) 259 } 260 return ms 261 } 262 return mi.MessageOf(x) 263 } 264 265 // Deprecated: Use Group.ProtoReflect.Descriptor instead. 266 func (*Group) Descriptor() ([]byte, []int) { 267 return file_workloadapi_security_authorization_proto_rawDescGZIP(), []int{1} 268 } 269 270 func (x *Group) GetRules() []*Rules { 271 if x != nil { 272 return x.Rules 273 } 274 return nil 275 } 276 277 type Rules struct { 278 state protoimpl.MessageState 279 sizeCache protoimpl.SizeCache 280 unknownFields protoimpl.UnknownFields 281 282 // Conditions within a rule are AND-ed (e.g. ALL conditions must be true) 283 Matches []*Match `protobuf:"bytes,2,rep,name=matches,proto3" json:"matches,omitempty"` 284 } 285 286 func (x *Rules) Reset() { 287 *x = Rules{} 288 if protoimpl.UnsafeEnabled { 289 mi := &file_workloadapi_security_authorization_proto_msgTypes[2] 290 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 291 ms.StoreMessageInfo(mi) 292 } 293 } 294 295 func (x *Rules) String() string { 296 return protoimpl.X.MessageStringOf(x) 297 } 298 299 func (*Rules) ProtoMessage() {} 300 301 func (x *Rules) ProtoReflect() protoreflect.Message { 302 mi := &file_workloadapi_security_authorization_proto_msgTypes[2] 303 if protoimpl.UnsafeEnabled && x != nil { 304 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 305 if ms.LoadMessageInfo() == nil { 306 ms.StoreMessageInfo(mi) 307 } 308 return ms 309 } 310 return mi.MessageOf(x) 311 } 312 313 // Deprecated: Use Rules.ProtoReflect.Descriptor instead. 314 func (*Rules) Descriptor() ([]byte, []int) { 315 return file_workloadapi_security_authorization_proto_rawDescGZIP(), []int{2} 316 } 317 318 func (x *Rules) GetMatches() []*Match { 319 if x != nil { 320 return x.Matches 321 } 322 return nil 323 } 324 325 type Match struct { 326 state protoimpl.MessageState 327 sizeCache protoimpl.SizeCache 328 unknownFields protoimpl.UnknownFields 329 330 Namespaces []*StringMatch `protobuf:"bytes,1,rep,name=namespaces,proto3" json:"namespaces,omitempty"` 331 NotNamespaces []*StringMatch `protobuf:"bytes,2,rep,name=not_namespaces,json=notNamespaces,proto3" json:"not_namespaces,omitempty"` 332 Principals []*StringMatch `protobuf:"bytes,3,rep,name=principals,proto3" json:"principals,omitempty"` 333 NotPrincipals []*StringMatch `protobuf:"bytes,4,rep,name=not_principals,json=notPrincipals,proto3" json:"not_principals,omitempty"` 334 SourceIps []*Address `protobuf:"bytes,5,rep,name=source_ips,json=sourceIps,proto3" json:"source_ips,omitempty"` 335 NotSourceIps []*Address `protobuf:"bytes,6,rep,name=not_source_ips,json=notSourceIps,proto3" json:"not_source_ips,omitempty"` 336 DestinationIps []*Address `protobuf:"bytes,7,rep,name=destination_ips,json=destinationIps,proto3" json:"destination_ips,omitempty"` 337 NotDestinationIps []*Address `protobuf:"bytes,8,rep,name=not_destination_ips,json=notDestinationIps,proto3" json:"not_destination_ips,omitempty"` 338 DestinationPorts []uint32 `protobuf:"varint,9,rep,packed,name=destination_ports,json=destinationPorts,proto3" json:"destination_ports,omitempty"` 339 NotDestinationPorts []uint32 `protobuf:"varint,10,rep,packed,name=not_destination_ports,json=notDestinationPorts,proto3" json:"not_destination_ports,omitempty"` 340 } 341 342 func (x *Match) Reset() { 343 *x = Match{} 344 if protoimpl.UnsafeEnabled { 345 mi := &file_workloadapi_security_authorization_proto_msgTypes[3] 346 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 347 ms.StoreMessageInfo(mi) 348 } 349 } 350 351 func (x *Match) String() string { 352 return protoimpl.X.MessageStringOf(x) 353 } 354 355 func (*Match) ProtoMessage() {} 356 357 func (x *Match) ProtoReflect() protoreflect.Message { 358 mi := &file_workloadapi_security_authorization_proto_msgTypes[3] 359 if protoimpl.UnsafeEnabled && x != nil { 360 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 361 if ms.LoadMessageInfo() == nil { 362 ms.StoreMessageInfo(mi) 363 } 364 return ms 365 } 366 return mi.MessageOf(x) 367 } 368 369 // Deprecated: Use Match.ProtoReflect.Descriptor instead. 370 func (*Match) Descriptor() ([]byte, []int) { 371 return file_workloadapi_security_authorization_proto_rawDescGZIP(), []int{3} 372 } 373 374 func (x *Match) GetNamespaces() []*StringMatch { 375 if x != nil { 376 return x.Namespaces 377 } 378 return nil 379 } 380 381 func (x *Match) GetNotNamespaces() []*StringMatch { 382 if x != nil { 383 return x.NotNamespaces 384 } 385 return nil 386 } 387 388 func (x *Match) GetPrincipals() []*StringMatch { 389 if x != nil { 390 return x.Principals 391 } 392 return nil 393 } 394 395 func (x *Match) GetNotPrincipals() []*StringMatch { 396 if x != nil { 397 return x.NotPrincipals 398 } 399 return nil 400 } 401 402 func (x *Match) GetSourceIps() []*Address { 403 if x != nil { 404 return x.SourceIps 405 } 406 return nil 407 } 408 409 func (x *Match) GetNotSourceIps() []*Address { 410 if x != nil { 411 return x.NotSourceIps 412 } 413 return nil 414 } 415 416 func (x *Match) GetDestinationIps() []*Address { 417 if x != nil { 418 return x.DestinationIps 419 } 420 return nil 421 } 422 423 func (x *Match) GetNotDestinationIps() []*Address { 424 if x != nil { 425 return x.NotDestinationIps 426 } 427 return nil 428 } 429 430 func (x *Match) GetDestinationPorts() []uint32 { 431 if x != nil { 432 return x.DestinationPorts 433 } 434 return nil 435 } 436 437 func (x *Match) GetNotDestinationPorts() []uint32 { 438 if x != nil { 439 return x.NotDestinationPorts 440 } 441 return nil 442 } 443 444 type Address struct { 445 state protoimpl.MessageState 446 sizeCache protoimpl.SizeCache 447 unknownFields protoimpl.UnknownFields 448 449 Address []byte `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` 450 Length uint32 `protobuf:"varint,2,opt,name=length,proto3" json:"length,omitempty"` 451 } 452 453 func (x *Address) Reset() { 454 *x = Address{} 455 if protoimpl.UnsafeEnabled { 456 mi := &file_workloadapi_security_authorization_proto_msgTypes[4] 457 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 458 ms.StoreMessageInfo(mi) 459 } 460 } 461 462 func (x *Address) String() string { 463 return protoimpl.X.MessageStringOf(x) 464 } 465 466 func (*Address) ProtoMessage() {} 467 468 func (x *Address) ProtoReflect() protoreflect.Message { 469 mi := &file_workloadapi_security_authorization_proto_msgTypes[4] 470 if protoimpl.UnsafeEnabled && x != nil { 471 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 472 if ms.LoadMessageInfo() == nil { 473 ms.StoreMessageInfo(mi) 474 } 475 return ms 476 } 477 return mi.MessageOf(x) 478 } 479 480 // Deprecated: Use Address.ProtoReflect.Descriptor instead. 481 func (*Address) Descriptor() ([]byte, []int) { 482 return file_workloadapi_security_authorization_proto_rawDescGZIP(), []int{4} 483 } 484 485 func (x *Address) GetAddress() []byte { 486 if x != nil { 487 return x.Address 488 } 489 return nil 490 } 491 492 func (x *Address) GetLength() uint32 { 493 if x != nil { 494 return x.Length 495 } 496 return 0 497 } 498 499 type StringMatch struct { 500 state protoimpl.MessageState 501 sizeCache protoimpl.SizeCache 502 unknownFields protoimpl.UnknownFields 503 504 // Types that are assignable to MatchType: 505 // 506 // *StringMatch_Exact 507 // *StringMatch_Prefix 508 // *StringMatch_Suffix 509 // *StringMatch_Presence 510 MatchType isStringMatch_MatchType `protobuf_oneof:"match_type"` 511 } 512 513 func (x *StringMatch) Reset() { 514 *x = StringMatch{} 515 if protoimpl.UnsafeEnabled { 516 mi := &file_workloadapi_security_authorization_proto_msgTypes[5] 517 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 518 ms.StoreMessageInfo(mi) 519 } 520 } 521 522 func (x *StringMatch) String() string { 523 return protoimpl.X.MessageStringOf(x) 524 } 525 526 func (*StringMatch) ProtoMessage() {} 527 528 func (x *StringMatch) ProtoReflect() protoreflect.Message { 529 mi := &file_workloadapi_security_authorization_proto_msgTypes[5] 530 if protoimpl.UnsafeEnabled && x != nil { 531 ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) 532 if ms.LoadMessageInfo() == nil { 533 ms.StoreMessageInfo(mi) 534 } 535 return ms 536 } 537 return mi.MessageOf(x) 538 } 539 540 // Deprecated: Use StringMatch.ProtoReflect.Descriptor instead. 541 func (*StringMatch) Descriptor() ([]byte, []int) { 542 return file_workloadapi_security_authorization_proto_rawDescGZIP(), []int{5} 543 } 544 545 func (m *StringMatch) GetMatchType() isStringMatch_MatchType { 546 if m != nil { 547 return m.MatchType 548 } 549 return nil 550 } 551 552 func (x *StringMatch) GetExact() string { 553 if x, ok := x.GetMatchType().(*StringMatch_Exact); ok { 554 return x.Exact 555 } 556 return "" 557 } 558 559 func (x *StringMatch) GetPrefix() string { 560 if x, ok := x.GetMatchType().(*StringMatch_Prefix); ok { 561 return x.Prefix 562 } 563 return "" 564 } 565 566 func (x *StringMatch) GetSuffix() string { 567 if x, ok := x.GetMatchType().(*StringMatch_Suffix); ok { 568 return x.Suffix 569 } 570 return "" 571 } 572 573 func (x *StringMatch) GetPresence() *emptypb.Empty { 574 if x, ok := x.GetMatchType().(*StringMatch_Presence); ok { 575 return x.Presence 576 } 577 return nil 578 } 579 580 type isStringMatch_MatchType interface { 581 isStringMatch_MatchType() 582 } 583 584 type StringMatch_Exact struct { 585 // exact string match 586 Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"` 587 } 588 589 type StringMatch_Prefix struct { 590 // prefix-based match 591 Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"` 592 } 593 594 type StringMatch_Suffix struct { 595 // suffix-based match 596 Suffix string `protobuf:"bytes,3,opt,name=suffix,proto3,oneof"` 597 } 598 599 type StringMatch_Presence struct { 600 Presence *emptypb.Empty `protobuf:"bytes,4,opt,name=presence,proto3,oneof"` 601 } 602 603 func (*StringMatch_Exact) isStringMatch_MatchType() {} 604 605 func (*StringMatch_Prefix) isStringMatch_MatchType() {} 606 607 func (*StringMatch_Suffix) isStringMatch_MatchType() {} 608 609 func (*StringMatch_Presence) isStringMatch_MatchType() {} 610 611 var File_workloadapi_security_authorization_proto protoreflect.FileDescriptor 612 613 var file_workloadapi_security_authorization_proto_rawDesc = []byte{ 614 0x0a, 0x28, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x61, 0x70, 0x69, 0x2f, 0x73, 0x65, 615 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 616 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0e, 0x69, 0x73, 0x74, 0x69, 617 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 618 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 619 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xcd, 0x01, 0x0a, 0x0d, 0x41, 0x75, 0x74, 0x68, 620 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 621 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 622 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 623 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x2b, 0x0a, 0x05, 0x73, 624 0x63, 0x6f, 0x70, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x69, 0x73, 0x74, 625 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x53, 0x63, 0x6f, 0x70, 626 0x65, 0x52, 0x05, 0x73, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x2e, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 627 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 628 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 629 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2d, 0x0a, 0x06, 0x67, 0x72, 0x6f, 0x75, 630 0x70, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 631 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x52, 632 0x06, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x22, 0x34, 0x0a, 0x05, 0x47, 0x72, 0x6f, 0x75, 0x70, 633 0x12, 0x2b, 0x0a, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 634 0x15, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 635 0x2e, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x52, 0x05, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x22, 0x38, 0x0a, 636 0x05, 0x52, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x07, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 637 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 638 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x07, 639 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x22, 0xec, 0x04, 0x0a, 0x05, 0x4d, 0x61, 0x74, 0x63, 640 0x68, 0x12, 0x3b, 0x0a, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x18, 641 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 642 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 643 0x63, 0x68, 0x52, 0x0a, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 0x12, 0x42, 644 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x73, 645 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 646 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 647 0x74, 0x63, 0x68, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 648 0x65, 0x73, 0x12, 0x3b, 0x0a, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 649 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 650 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 651 0x74, 0x63, 0x68, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 0x73, 0x12, 652 0x42, 0x0a, 0x0e, 0x6e, 0x6f, 0x74, 0x5f, 0x70, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 0x61, 0x6c, 653 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 654 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 655 0x61, 0x74, 0x63, 0x68, 0x52, 0x0d, 0x6e, 0x6f, 0x74, 0x50, 0x72, 0x69, 0x6e, 0x63, 0x69, 0x70, 656 0x61, 0x6c, 0x73, 0x12, 0x36, 0x0a, 0x0a, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 657 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 658 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 659 0x52, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x73, 0x12, 0x3d, 0x0a, 0x0e, 0x6e, 660 0x6f, 0x74, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x73, 0x18, 0x06, 0x20, 661 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 662 0x72, 0x69, 0x74, 0x79, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x52, 0x0c, 0x6e, 0x6f, 663 0x74, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x73, 0x12, 0x40, 0x0a, 0x0f, 0x64, 0x65, 664 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x69, 0x70, 0x73, 0x18, 0x07, 0x20, 665 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 666 0x72, 0x69, 0x74, 0x79, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x52, 0x0e, 0x64, 0x65, 667 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x49, 0x70, 0x73, 0x12, 0x47, 0x0a, 0x13, 668 0x6e, 0x6f, 0x74, 0x5f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 669 0x69, 0x70, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x69, 0x73, 0x74, 0x69, 670 0x6f, 0x2e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, 671 0x73, 0x73, 0x52, 0x11, 0x6e, 0x6f, 0x74, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 672 0x6f, 0x6e, 0x49, 0x70, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 673 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0d, 674 0x52, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 675 0x74, 0x73, 0x12, 0x32, 0x0a, 0x15, 0x6e, 0x6f, 0x74, 0x5f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 676 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 677 0x0d, 0x52, 0x13, 0x6e, 0x6f, 0x74, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 678 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x73, 0x22, 0x3b, 0x0a, 0x07, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 679 0x73, 0x12, 0x18, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 680 0x28, 0x0c, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x6c, 681 0x65, 0x6e, 0x67, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6c, 0x65, 0x6e, 682 0x67, 0x74, 0x68, 0x22, 0x9d, 0x01, 0x0a, 0x0b, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 683 0x74, 0x63, 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 684 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x70, 685 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x70, 686 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x18, 687 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x75, 0x66, 0x66, 0x69, 0x78, 0x12, 688 0x34, 0x0a, 0x08, 0x70, 0x72, 0x65, 0x73, 0x65, 0x6e, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 689 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 690 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x48, 0x00, 0x52, 0x08, 0x70, 0x72, 0x65, 691 0x73, 0x65, 0x6e, 0x63, 0x65, 0x42, 0x0c, 0x0a, 0x0a, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x74, 692 0x79, 0x70, 0x65, 0x2a, 0x39, 0x0a, 0x05, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x12, 0x0a, 0x0a, 0x06, 693 0x47, 0x4c, 0x4f, 0x42, 0x41, 0x4c, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x4e, 0x41, 0x4d, 0x45, 694 0x53, 0x50, 0x41, 0x43, 0x45, 0x10, 0x01, 0x12, 0x15, 0x0a, 0x11, 0x57, 0x4f, 0x52, 0x4b, 0x4c, 695 0x4f, 0x41, 0x44, 0x5f, 0x53, 0x45, 0x4c, 0x45, 0x43, 0x54, 0x4f, 0x52, 0x10, 0x02, 0x2a, 0x1d, 696 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x4c, 0x4c, 0x4f, 697 0x57, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x44, 0x45, 0x4e, 0x59, 0x10, 0x01, 0x42, 0x1a, 0x5a, 698 0x18, 0x70, 0x6b, 0x67, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x61, 0x70, 0x69, 699 0x2f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 700 0x33, 701 } 702 703 var ( 704 file_workloadapi_security_authorization_proto_rawDescOnce sync.Once 705 file_workloadapi_security_authorization_proto_rawDescData = file_workloadapi_security_authorization_proto_rawDesc 706 ) 707 708 func file_workloadapi_security_authorization_proto_rawDescGZIP() []byte { 709 file_workloadapi_security_authorization_proto_rawDescOnce.Do(func() { 710 file_workloadapi_security_authorization_proto_rawDescData = protoimpl.X.CompressGZIP(file_workloadapi_security_authorization_proto_rawDescData) 711 }) 712 return file_workloadapi_security_authorization_proto_rawDescData 713 } 714 715 var file_workloadapi_security_authorization_proto_enumTypes = make([]protoimpl.EnumInfo, 2) 716 var file_workloadapi_security_authorization_proto_msgTypes = make([]protoimpl.MessageInfo, 6) 717 var file_workloadapi_security_authorization_proto_goTypes = []interface{}{ 718 (Scope)(0), // 0: istio.security.Scope 719 (Action)(0), // 1: istio.security.Action 720 (*Authorization)(nil), // 2: istio.security.Authorization 721 (*Group)(nil), // 3: istio.security.Group 722 (*Rules)(nil), // 4: istio.security.Rules 723 (*Match)(nil), // 5: istio.security.Match 724 (*Address)(nil), // 6: istio.security.Address 725 (*StringMatch)(nil), // 7: istio.security.StringMatch 726 (*emptypb.Empty)(nil), // 8: google.protobuf.Empty 727 } 728 var file_workloadapi_security_authorization_proto_depIdxs = []int32{ 729 0, // 0: istio.security.Authorization.scope:type_name -> istio.security.Scope 730 1, // 1: istio.security.Authorization.action:type_name -> istio.security.Action 731 3, // 2: istio.security.Authorization.groups:type_name -> istio.security.Group 732 4, // 3: istio.security.Group.rules:type_name -> istio.security.Rules 733 5, // 4: istio.security.Rules.matches:type_name -> istio.security.Match 734 7, // 5: istio.security.Match.namespaces:type_name -> istio.security.StringMatch 735 7, // 6: istio.security.Match.not_namespaces:type_name -> istio.security.StringMatch 736 7, // 7: istio.security.Match.principals:type_name -> istio.security.StringMatch 737 7, // 8: istio.security.Match.not_principals:type_name -> istio.security.StringMatch 738 6, // 9: istio.security.Match.source_ips:type_name -> istio.security.Address 739 6, // 10: istio.security.Match.not_source_ips:type_name -> istio.security.Address 740 6, // 11: istio.security.Match.destination_ips:type_name -> istio.security.Address 741 6, // 12: istio.security.Match.not_destination_ips:type_name -> istio.security.Address 742 8, // 13: istio.security.StringMatch.presence:type_name -> google.protobuf.Empty 743 14, // [14:14] is the sub-list for method output_type 744 14, // [14:14] is the sub-list for method input_type 745 14, // [14:14] is the sub-list for extension type_name 746 14, // [14:14] is the sub-list for extension extendee 747 0, // [0:14] is the sub-list for field type_name 748 } 749 750 func init() { file_workloadapi_security_authorization_proto_init() } 751 func file_workloadapi_security_authorization_proto_init() { 752 if File_workloadapi_security_authorization_proto != nil { 753 return 754 } 755 if !protoimpl.UnsafeEnabled { 756 file_workloadapi_security_authorization_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { 757 switch v := v.(*Authorization); i { 758 case 0: 759 return &v.state 760 case 1: 761 return &v.sizeCache 762 case 2: 763 return &v.unknownFields 764 default: 765 return nil 766 } 767 } 768 file_workloadapi_security_authorization_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { 769 switch v := v.(*Group); i { 770 case 0: 771 return &v.state 772 case 1: 773 return &v.sizeCache 774 case 2: 775 return &v.unknownFields 776 default: 777 return nil 778 } 779 } 780 file_workloadapi_security_authorization_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { 781 switch v := v.(*Rules); i { 782 case 0: 783 return &v.state 784 case 1: 785 return &v.sizeCache 786 case 2: 787 return &v.unknownFields 788 default: 789 return nil 790 } 791 } 792 file_workloadapi_security_authorization_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { 793 switch v := v.(*Match); i { 794 case 0: 795 return &v.state 796 case 1: 797 return &v.sizeCache 798 case 2: 799 return &v.unknownFields 800 default: 801 return nil 802 } 803 } 804 file_workloadapi_security_authorization_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { 805 switch v := v.(*Address); i { 806 case 0: 807 return &v.state 808 case 1: 809 return &v.sizeCache 810 case 2: 811 return &v.unknownFields 812 default: 813 return nil 814 } 815 } 816 file_workloadapi_security_authorization_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { 817 switch v := v.(*StringMatch); i { 818 case 0: 819 return &v.state 820 case 1: 821 return &v.sizeCache 822 case 2: 823 return &v.unknownFields 824 default: 825 return nil 826 } 827 } 828 } 829 file_workloadapi_security_authorization_proto_msgTypes[5].OneofWrappers = []interface{}{ 830 (*StringMatch_Exact)(nil), 831 (*StringMatch_Prefix)(nil), 832 (*StringMatch_Suffix)(nil), 833 (*StringMatch_Presence)(nil), 834 } 835 type x struct{} 836 out := protoimpl.TypeBuilder{ 837 File: protoimpl.DescBuilder{ 838 GoPackagePath: reflect.TypeOf(x{}).PkgPath(), 839 RawDescriptor: file_workloadapi_security_authorization_proto_rawDesc, 840 NumEnums: 2, 841 NumMessages: 6, 842 NumExtensions: 0, 843 NumServices: 0, 844 }, 845 GoTypes: file_workloadapi_security_authorization_proto_goTypes, 846 DependencyIndexes: file_workloadapi_security_authorization_proto_depIdxs, 847 EnumInfos: file_workloadapi_security_authorization_proto_enumTypes, 848 MessageInfos: file_workloadapi_security_authorization_proto_msgTypes, 849 }.Build() 850 File_workloadapi_security_authorization_proto = out.File 851 file_workloadapi_security_authorization_proto_rawDesc = nil 852 file_workloadapi_security_authorization_proto_goTypes = nil 853 file_workloadapi_security_authorization_proto_depIdxs = nil 854 }