consul/proto-public/pbmesh/v1alpha1/pbproxystate/traffic_permissions.proto

34 lines
940 B
Protocol Buffer
Raw Normal View History

// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: BUSL-1.1
syntax = "proto3";
package hashicorp.consul.mesh.v1alpha1.pbproxystate;
message TrafficPermissions {
repeated Permission allow_permissions = 1;
repeated Permission deny_permissions = 2;
}
message Permission {
repeated Principal principals = 1;
// We don't need destination rules here yet because they either apply to L7 features or multi-ports.
// In the case of multiple ports, the sidecar proxy controller is responsible for filtering
// per-port permissions.
}
message Principal {
Spiffe spiffe = 1;
repeated Spiffe exclude_spiffes = 2;
}
message Spiffe {
// regex is the regular expression for matching spiffe ids.
string regex = 1;
// xfcc_regex specifies that Envoy needs to find the spiffe id in an xfcc header.
// It is currently unused, but considering this is important for to avoid breaking changes.
string xfcc_regex = 2;
}