Skip to content

Commit

Permalink
xds: make certificate provider instance name required (#36441)
Browse files Browse the repository at this point in the history
Commit Message: xds: make certificate provider instance name required
Additional Description: The comment saying that there is a default value
for this field is misleading. All existing gRPC implementations have
this as a required field. Note that this change does not affect Envoy,
since Envoy does not yet support this field. However, I've added a PGV
annotation (used by Envoy but not by gRPC) to avoid confusion when Envoy
eventually adds support for this field.
Risk Level: Low
Testing: N/A
Docs Changes: Included in PR
Release Notes: N/A
Platform Specific Features: N/A
Signed-off-by: Mark D. Roth <[email protected]>
  • Loading branch information
markdroth authored Oct 4, 2024
1 parent 847e2a7 commit 42068a5
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions api/envoy/extensions/transport_sockets/tls/v3/common.proto
Original file line number Diff line number Diff line change
Expand Up @@ -290,12 +290,12 @@ message TlsSessionTicketKeys {
// respect to the TLS handshake.
// [#not-implemented-hide:]
message CertificateProviderPluginInstance {
// Provider instance name. If not present, defaults to "default".
// Provider instance name.
//
// Instance names should generally be defined not in terms of the underlying provider
// implementation (e.g., "file_watcher") but rather in terms of the function of the
// certificates (e.g., "foo_deployment_identity").
string instance_name = 1;
string instance_name = 1 [(validate.rules).string = {min_len: 1}];

// Opaque name used to specify certificate instances or types. For example, "ROOTCA" to specify
// a root-certificate (validation context) or "example.com" to specify a certificate for a
Expand Down

0 comments on commit 42068a5

Please sign in to comment.