From 3c8adef3d2647cf574adac80205d695cd241c3bb Mon Sep 17 00:00:00 2001 From: Tavish Vaidya Date: Mon, 26 Apr 2021 17:46:35 +0000 Subject: [PATCH 1/5] Config proto for Secure Session Agent (S2A) transport socket extension. Signed-off-by: Tavish Vaidya --- api/BUILD | 1 + .../transport_sockets/s2a/v3alpha/BUILD | 9 ++++++++ .../transport_sockets/s2a/v3alpha/s2a.proto | 23 +++++++++++++++++++ api/versioning/BUILD | 1 + generated_api_shadow/BUILD | 1 + .../transport_sockets/s2a/v3alpha/BUILD | 9 ++++++++ .../transport_sockets/s2a/v3alpha/s2a.proto | 23 +++++++++++++++++++ 7 files changed, 67 insertions(+) create mode 100644 api/envoy/extensions/transport_sockets/s2a/v3alpha/BUILD create mode 100644 api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto create mode 100644 generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/BUILD create mode 100644 generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto diff --git a/api/BUILD b/api/BUILD index 409498da974c..9506cb8d0254 100644 --- a/api/BUILD +++ b/api/BUILD @@ -263,6 +263,7 @@ proto_library( "//envoy/extensions/transport_sockets/proxy_protocol/v3:pkg", "//envoy/extensions/transport_sockets/quic/v3:pkg", "//envoy/extensions/transport_sockets/raw_buffer/v3:pkg", + "//envoy/extensions/transport_sockets/s2a/v3alpha:pkg", "//envoy/extensions/transport_sockets/starttls/v3:pkg", "//envoy/extensions/transport_sockets/tap/v3:pkg", "//envoy/extensions/transport_sockets/tls/v3:pkg", diff --git a/api/envoy/extensions/transport_sockets/s2a/v3alpha/BUILD b/api/envoy/extensions/transport_sockets/s2a/v3alpha/BUILD new file mode 100644 index 000000000000..ee92fb652582 --- /dev/null +++ b/api/envoy/extensions/transport_sockets/s2a/v3alpha/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto b/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto new file mode 100644 index 000000000000..e2b1d8ce05d7 --- /dev/null +++ b/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto @@ -0,0 +1,23 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.s2a.v3alpha; + +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.s2a.v3alpha"; +option java_outer_classname = "S2aProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).work_in_progress = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Secure Session Agent (S2A)] +// [#extension: envoy.transport_sockets.s2a] + +// Configuration for S2A transport socket. This allows Envoy clients to +// configure how to offload mTLS handshakes to the S2A service. +message S2AConfiguration { + // The address of the S2A. This can be an IP address or a hostname. + string s2a_address = 1 [(validate.rules).string = {min_len: 1}]; +} diff --git a/api/versioning/BUILD b/api/versioning/BUILD index e48ac24faf07..822e07f07ca8 100644 --- a/api/versioning/BUILD +++ b/api/versioning/BUILD @@ -146,6 +146,7 @@ proto_library( "//envoy/extensions/transport_sockets/proxy_protocol/v3:pkg", "//envoy/extensions/transport_sockets/quic/v3:pkg", "//envoy/extensions/transport_sockets/raw_buffer/v3:pkg", + "//envoy/extensions/transport_sockets/s2a/v3alpha:pkg", "//envoy/extensions/transport_sockets/starttls/v3:pkg", "//envoy/extensions/transport_sockets/tap/v3:pkg", "//envoy/extensions/transport_sockets/tls/v3:pkg", diff --git a/generated_api_shadow/BUILD b/generated_api_shadow/BUILD index 409498da974c..9506cb8d0254 100644 --- a/generated_api_shadow/BUILD +++ b/generated_api_shadow/BUILD @@ -263,6 +263,7 @@ proto_library( "//envoy/extensions/transport_sockets/proxy_protocol/v3:pkg", "//envoy/extensions/transport_sockets/quic/v3:pkg", "//envoy/extensions/transport_sockets/raw_buffer/v3:pkg", + "//envoy/extensions/transport_sockets/s2a/v3alpha:pkg", "//envoy/extensions/transport_sockets/starttls/v3:pkg", "//envoy/extensions/transport_sockets/tap/v3:pkg", "//envoy/extensions/transport_sockets/tls/v3:pkg", diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/BUILD b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/BUILD new file mode 100644 index 000000000000..ee92fb652582 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/BUILD @@ -0,0 +1,9 @@ +# DO NOT EDIT. This file is generated by tools/proto_format/proto_sync.py. + +load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package") + +licenses(["notice"]) # Apache 2 + +api_proto_package( + deps = ["@com_github_cncf_udpa//udpa/annotations:pkg"], +) diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto new file mode 100644 index 000000000000..e2b1d8ce05d7 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto @@ -0,0 +1,23 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.s2a.v3alpha; + +import "udpa/annotations/migrate.proto"; +import "udpa/annotations/status.proto"; +import "validate/validate.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.s2a.v3alpha"; +option java_outer_classname = "S2aProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).work_in_progress = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: Secure Session Agent (S2A)] +// [#extension: envoy.transport_sockets.s2a] + +// Configuration for S2A transport socket. This allows Envoy clients to +// configure how to offload mTLS handshakes to the S2A service. +message S2AConfiguration { + // The address of the S2A. This can be an IP address or a hostname. + string s2a_address = 1 [(validate.rules).string = {min_len: 1}]; +} From c1daeb20417763b36c2554b60990f195bb60cf85 Mon Sep 17 00:00:00 2001 From: Tavish Vaidya Date: Wed, 28 Apr 2021 05:39:07 +0000 Subject: [PATCH 2/5] Removed migrate.proto import as it is not needed. Signed-off-by: Tavish Vaidya --- api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto | 1 - .../envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto b/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto index 41da0f5a20ed..1ce3a19fced9 100644 --- a/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto +++ b/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto @@ -2,7 +2,6 @@ syntax = "proto3"; package envoy.extensions.transport_sockets.s2a.v3alpha; -import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; import "validate/validate.proto"; diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto index e2b1d8ce05d7..1ce3a19fced9 100644 --- a/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto +++ b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto @@ -2,7 +2,6 @@ syntax = "proto3"; package envoy.extensions.transport_sockets.s2a.v3alpha; -import "udpa/annotations/migrate.proto"; import "udpa/annotations/status.proto"; import "validate/validate.proto"; @@ -18,6 +17,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // Configuration for S2A transport socket. This allows Envoy clients to // configure how to offload mTLS handshakes to the S2A service. message S2AConfiguration { - // The address of the S2A. This can be an IP address or a hostname. + // The address of the S2A. This can be an IP address or a hostname, + // followed by a port number. string s2a_address = 1 [(validate.rules).string = {min_len: 1}]; } From b0e51522dbc2deff123496296b35992a40a2720e Mon Sep 17 00:00:00 2001 From: Tavish Vaidya Date: Wed, 28 Apr 2021 16:28:17 +0000 Subject: [PATCH 3/5] Adds not-implemented-hide protodoc annotation. Signed-off-by: Tavish Vaidya --- api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto | 1 + .../envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto | 1 + 2 files changed, 2 insertions(+) diff --git a/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto b/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto index 1ce3a19fced9..3ba886572e70 100644 --- a/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto +++ b/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto @@ -12,6 +12,7 @@ option (udpa.annotations.file_status).work_in_progress = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Secure Session Agent (S2A)] +// [#not-implemented-hide:] // [#extension: envoy.transport_sockets.s2a] // Configuration for S2A transport socket. This allows Envoy clients to diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto index 1ce3a19fced9..3ba886572e70 100644 --- a/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto +++ b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto @@ -12,6 +12,7 @@ option (udpa.annotations.file_status).work_in_progress = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#protodoc-title: Secure Session Agent (S2A)] +// [#not-implemented-hide:] // [#extension: envoy.transport_sockets.s2a] // Configuration for S2A transport socket. This allows Envoy clients to From b0b657f846c857bbe316bf2dc99e0339a0d4576b Mon Sep 17 00:00:00 2001 From: Tavish Vaidya Date: Wed, 28 Apr 2021 20:03:20 +0000 Subject: [PATCH 4/5] Removes #extension: envoy.transport_sockets.s2a comment. * This was causing the protodoc presubmit to fail. Signed-off-by: Tavish Vaidya --- api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto | 3 --- .../envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto | 3 --- 2 files changed, 6 deletions(-) diff --git a/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto b/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto index 3ba886572e70..bdf3f724d796 100644 --- a/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto +++ b/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto @@ -11,10 +11,7 @@ option java_multiple_files = true; option (udpa.annotations.file_status).work_in_progress = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; -// [#protodoc-title: Secure Session Agent (S2A)] // [#not-implemented-hide:] -// [#extension: envoy.transport_sockets.s2a] - // Configuration for S2A transport socket. This allows Envoy clients to // configure how to offload mTLS handshakes to the S2A service. message S2AConfiguration { diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto index 3ba886572e70..bdf3f724d796 100644 --- a/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto +++ b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto @@ -11,10 +11,7 @@ option java_multiple_files = true; option (udpa.annotations.file_status).work_in_progress = true; option (udpa.annotations.file_status).package_version_status = ACTIVE; -// [#protodoc-title: Secure Session Agent (S2A)] // [#not-implemented-hide:] -// [#extension: envoy.transport_sockets.s2a] - // Configuration for S2A transport socket. This allows Envoy clients to // configure how to offload mTLS handshakes to the S2A service. message S2AConfiguration { From 31542d59bdab2caffaa296c9153bc1bb975c1335 Mon Sep 17 00:00:00 2001 From: Tavish Vaidya Date: Thu, 29 Apr 2021 23:01:19 +0000 Subject: [PATCH 5/5] Adds link to public S2A documentation. Signed-off-by: Tavish Vaidya --- api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto | 1 + .../envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto | 1 + 2 files changed, 2 insertions(+) diff --git a/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto b/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto index bdf3f724d796..b32b84653e69 100644 --- a/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto +++ b/api/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto @@ -14,6 +14,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#not-implemented-hide:] // Configuration for S2A transport socket. This allows Envoy clients to // configure how to offload mTLS handshakes to the S2A service. +// https://github.com/google/s2a-core#readme message S2AConfiguration { // The address of the S2A. This can be an IP address or a hostname, // followed by a port number. diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto index bdf3f724d796..b32b84653e69 100644 --- a/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto +++ b/generated_api_shadow/envoy/extensions/transport_sockets/s2a/v3alpha/s2a.proto @@ -14,6 +14,7 @@ option (udpa.annotations.file_status).package_version_status = ACTIVE; // [#not-implemented-hide:] // Configuration for S2A transport socket. This allows Envoy clients to // configure how to offload mTLS handshakes to the S2A service. +// https://github.com/google/s2a-core#readme message S2AConfiguration { // The address of the S2A. This can be an IP address or a hostname, // followed by a port number.