Skip to content

Commit

Permalink
destination: add UriLikeIdentity and server_name
Browse files Browse the repository at this point in the history
Signed-off-by: Zahari Dichev <zaharidichev@gmail.com>
  • Loading branch information
zaharidichev committed Dec 20, 2023
1 parent e759d1e commit eff6f41
Show file tree
Hide file tree
Showing 17 changed files with 468 additions and 258 deletions.
637 changes: 403 additions & 234 deletions go/destination/destination.pb.go

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion go/destination/destination_grpc.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion go/grpc_route/grpc_route.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion go/http_route/http_route.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion go/http_types/http_types.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion go/identity/identity.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion go/identity/identity_grpc.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 3 additions & 4 deletions go/inbound/inbound.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion go/inbound/inbound_grpc.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion go/meta/meta.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion go/net/net.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 3 additions & 4 deletions go/outbound/outbound.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion go/outbound/outbound_grpc.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion go/tap/tap.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

2 changes: 1 addition & 1 deletion go/tap/tap_grpc.pb.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

24 changes: 22 additions & 2 deletions proto/destination.proto
Original file line number Diff line number Diff line change
Expand Up @@ -103,12 +103,16 @@ message WeightedAddr {
AuthorityOverride authority_override = 7;
}

// Which strategy should be used for verifying TLS.
message TlsIdentity {
reserved 2;
reserved "k8s_pod_identity";

oneof strategy { DnsLikeIdentity dns_like_identity = 1; }
oneof strategy {
DnsLikeIdentity dns_like_identity = 1;
UriLikeIdentity uri_like_identity = 3;
}

ServerName server_name = 4;

// Verify the certificate based on the Kubernetes pod identity.
message DnsLikeIdentity {
Expand All @@ -118,6 +122,22 @@ message TlsIdentity {
// {name}.{namespace}.{type}.identity.{control-namespace}.{trust-domain...}
string name = 1;
}

// Verify the certificate based on an URI-like identity.
message UriLikeIdentity {
// A URI name that encodes workload identity.
//
// For example:
// spiffe://trust-domain/workload-dentifier
string uri = 1;
}

// The server name of the endpoint. This is the value that needs to be included
// by clients in the ClientHello SNI extension of the TLS handshake when they
// initiate TLS connections to servers.
message ServerName {
string name = 1;
}
}

message AuthorityOverride { string authority_override = 1; }
Expand Down
27 changes: 25 additions & 2 deletions src/gen/io.linkerd.proxy.destination.rs

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit eff6f41

Please sign in to comment.