diff options
| author | mo khan <mo@mokhan.ca> | 2025-07-15 16:37:08 -0600 |
|---|---|---|
| committer | mo khan <mo@mokhan.ca> | 2025-07-17 16:30:22 -0600 |
| commit | 45df4d0d9b577fecee798d672695fe24ff57fb1b (patch) | |
| tree | 1b99bf645035b58e0d6db08c7a83521f41f7a75b /vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth | |
| parent | f94f79608393d4ab127db63cc41668445ef6b243 (diff) | |
feat: migrate from Cedar to SpiceDB authorization system
This is a major architectural change that replaces the Cedar policy-based
authorization system with SpiceDB's relation-based authorization.
Key changes:
- Migrate from Rust to Go implementation
- Replace Cedar policies with SpiceDB schema and relationships
- Switch from envoy `ext_authz` with Cedar to SpiceDB permission checks
- Update build system and dependencies for Go ecosystem
- Maintain Envoy integration for external authorization
This change enables more flexible permission modeling through SpiceDB's
Google Zanzibar inspired relation-based system, supporting complex
hierarchical permissions that were difficult to express in Cedar.
Breaking change: Existing Cedar policies and Rust-based configuration
will no longer work and need to be migrated to SpiceDB schema.
Diffstat (limited to 'vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth')
7 files changed, 4533 insertions, 0 deletions
diff --git a/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/attribute_context.pb.go b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/attribute_context.pb.go new file mode 100644 index 00000000..21d32c13 --- /dev/null +++ b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/attribute_context.pb.go @@ -0,0 +1,846 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.30.0 +// protoc v5.29.3 +// source: envoy/service/auth/v3/attribute_context.proto + +package authv3 + +import ( + _ "github.com/cncf/xds/go/udpa/annotations" + v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + timestamppb "google.golang.org/protobuf/types/known/timestamppb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// An attribute is a piece of metadata that describes an activity on a network. +// For example, the size of an HTTP request, or the status code of an HTTP response. +// +// Each attribute has a type and a name, which is logically defined as a proto message field +// of the “AttributeContext“. The “AttributeContext“ is a collection of individual attributes +// supported by Envoy authorization system. +// [#comment: The following items are left out of this proto +// Request.Auth field for jwt tokens +// Request.Api for api management +// Origin peer that originated the request +// Caching Protocol +// request_context return values to inject back into the filter chain +// peer.claims -- from X.509 extensions +// Configuration +// - field mask to send +// - which return values from request_context are copied back +// - which return values are copied into request_headers] +// [#next-free-field: 14] +type AttributeContext struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The source of a network activity, such as starting a TCP connection. + // In a multi hop network activity, the source represents the sender of the + // last hop. + Source *AttributeContext_Peer `protobuf:"bytes,1,opt,name=source,proto3" json:"source,omitempty"` + // The destination of a network activity, such as accepting a TCP connection. + // In a multi hop network activity, the destination represents the receiver of + // the last hop. + Destination *AttributeContext_Peer `protobuf:"bytes,2,opt,name=destination,proto3" json:"destination,omitempty"` + // Represents a network request, such as an HTTP request. + Request *AttributeContext_Request `protobuf:"bytes,4,opt,name=request,proto3" json:"request,omitempty"` + // This is analogous to http_request.headers, however these contents will not be sent to the + // upstream server. Context_extensions provide an extension mechanism for sending additional + // information to the auth server without modifying the proto definition. It maps to the + // internal opaque context in the filter chain. + ContextExtensions map[string]string `protobuf:"bytes,10,rep,name=context_extensions,json=contextExtensions,proto3" json:"context_extensions,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // Dynamic metadata associated with the request. + MetadataContext *v3.Metadata `protobuf:"bytes,11,opt,name=metadata_context,json=metadataContext,proto3" json:"metadata_context,omitempty"` + // Metadata associated with the selected route. + RouteMetadataContext *v3.Metadata `protobuf:"bytes,13,opt,name=route_metadata_context,json=routeMetadataContext,proto3" json:"route_metadata_context,omitempty"` + // TLS session details of the underlying connection. + // This is not populated by default and will be populated only if the ext_authz filter has + // been specifically configured to include this information. + // For HTTP ext_authz, that requires :ref:`include_tls_session <config_http_filters_ext_authz>` + // to be set to true. + // For network ext_authz, that requires :ref:`include_tls_session <config_network_filters_ext_authz>` + // to be set to true. + TlsSession *AttributeContext_TLSSession `protobuf:"bytes,12,opt,name=tls_session,json=tlsSession,proto3" json:"tls_session,omitempty"` +} + +func (x *AttributeContext) Reset() { + *x = AttributeContext{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_service_auth_v3_attribute_context_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AttributeContext) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AttributeContext) ProtoMessage() {} + +func (x *AttributeContext) ProtoReflect() protoreflect.Message { + mi := &file_envoy_service_auth_v3_attribute_context_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AttributeContext.ProtoReflect.Descriptor instead. +func (*AttributeContext) Descriptor() ([]byte, []int) { + return file_envoy_service_auth_v3_attribute_context_proto_rawDescGZIP(), []int{0} +} + +func (x *AttributeContext) GetSource() *AttributeContext_Peer { + if x != nil { + return x.Source + } + return nil +} + +func (x *AttributeContext) GetDestination() *AttributeContext_Peer { + if x != nil { + return x.Destination + } + return nil +} + +func (x *AttributeContext) GetRequest() *AttributeContext_Request { + if x != nil { + return x.Request + } + return nil +} + +func (x *AttributeContext) GetContextExtensions() map[string]string { + if x != nil { + return x.ContextExtensions + } + return nil +} + +func (x *AttributeContext) GetMetadataContext() *v3.Metadata { + if x != nil { + return x.MetadataContext + } + return nil +} + +func (x *AttributeContext) GetRouteMetadataContext() *v3.Metadata { + if x != nil { + return x.RouteMetadataContext + } + return nil +} + +func (x *AttributeContext) GetTlsSession() *AttributeContext_TLSSession { + if x != nil { + return x.TlsSession + } + return nil +} + +// This message defines attributes for a node that handles a network request. +// The node can be either a service or an application that sends, forwards, +// or receives the request. Service peers should fill in the “service“, +// “principal“, and “labels“ as appropriate. +// [#next-free-field: 6] +type AttributeContext_Peer struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The address of the peer, this is typically the IP address. + // It can also be UDS path, or others. + Address *v3.Address `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` + // The canonical service name of the peer. + // It should be set to :ref:`the HTTP x-envoy-downstream-service-cluster + // <config_http_conn_man_headers_downstream-service-cluster>` + // If a more trusted source of the service name is available through mTLS/secure naming, it + // should be used. + Service string `protobuf:"bytes,2,opt,name=service,proto3" json:"service,omitempty"` + // The labels associated with the peer. + // These could be pod labels for Kubernetes or tags for VMs. + // The source of the labels could be an X.509 certificate or other configuration. + Labels map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // The authenticated identity of this peer. + // For example, the identity associated with the workload such as a service account. + // If an X.509 certificate is used to assert the identity this field should be sourced from + // “URI Subject Alternative Names“, “DNS Subject Alternate Names“ or “Subject“ in that order. + // The primary identity should be the principal. The principal format is issuer specific. + // + // Examples: + // + // - SPIFFE format is “spiffe://trust-domain/path“. + // - Google account format is “https://accounts.google.com/{userid}“. + Principal string `protobuf:"bytes,4,opt,name=principal,proto3" json:"principal,omitempty"` + // The X.509 certificate used to authenticate the identify of this peer. + // When present, the certificate contents are encoded in URL and PEM format. + Certificate string `protobuf:"bytes,5,opt,name=certificate,proto3" json:"certificate,omitempty"` +} + +func (x *AttributeContext_Peer) Reset() { + *x = AttributeContext_Peer{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_service_auth_v3_attribute_context_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AttributeContext_Peer) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AttributeContext_Peer) ProtoMessage() {} + +func (x *AttributeContext_Peer) ProtoReflect() protoreflect.Message { + mi := &file_envoy_service_auth_v3_attribute_context_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AttributeContext_Peer.ProtoReflect.Descriptor instead. +func (*AttributeContext_Peer) Descriptor() ([]byte, []int) { + return file_envoy_service_auth_v3_attribute_context_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *AttributeContext_Peer) GetAddress() *v3.Address { + if x != nil { + return x.Address + } + return nil +} + +func (x *AttributeContext_Peer) GetService() string { + if x != nil { + return x.Service + } + return "" +} + +func (x *AttributeContext_Peer) GetLabels() map[string]string { + if x != nil { + return x.Labels + } + return nil +} + +func (x *AttributeContext_Peer) GetPrincipal() string { + if x != nil { + return x.Principal + } + return "" +} + +func (x *AttributeContext_Peer) GetCertificate() string { + if x != nil { + return x.Certificate + } + return "" +} + +// Represents a network request, such as an HTTP request. +type AttributeContext_Request struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The timestamp when the proxy receives the first byte of the request. + Time *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=time,proto3" json:"time,omitempty"` + // Represents an HTTP request or an HTTP-like request. + Http *AttributeContext_HttpRequest `protobuf:"bytes,2,opt,name=http,proto3" json:"http,omitempty"` +} + +func (x *AttributeContext_Request) Reset() { + *x = AttributeContext_Request{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_service_auth_v3_attribute_context_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AttributeContext_Request) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AttributeContext_Request) ProtoMessage() {} + +func (x *AttributeContext_Request) ProtoReflect() protoreflect.Message { + mi := &file_envoy_service_auth_v3_attribute_context_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AttributeContext_Request.ProtoReflect.Descriptor instead. +func (*AttributeContext_Request) Descriptor() ([]byte, []int) { + return file_envoy_service_auth_v3_attribute_context_proto_rawDescGZIP(), []int{0, 1} +} + +func (x *AttributeContext_Request) GetTime() *timestamppb.Timestamp { + if x != nil { + return x.Time + } + return nil +} + +func (x *AttributeContext_Request) GetHttp() *AttributeContext_HttpRequest { + if x != nil { + return x.Http + } + return nil +} + +// This message defines attributes for an HTTP request. +// HTTP/1.x, HTTP/2, gRPC are all considered as HTTP requests. +// [#next-free-field: 14] +type AttributeContext_HttpRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The unique ID for a request, which can be propagated to downstream + // systems. The ID should have low probability of collision + // within a single day for a specific service. + // For HTTP requests, it should be X-Request-ID or equivalent. + Id string `protobuf:"bytes,1,opt,name=id,proto3" json:"id,omitempty"` + // The HTTP request method, such as “GET“, “POST“. + Method string `protobuf:"bytes,2,opt,name=method,proto3" json:"method,omitempty"` + // The HTTP request headers. If multiple headers share the same key, they + // must be merged according to the HTTP spec. All header keys must be + // lower-cased, because HTTP header keys are case-insensitive. + // Header value is encoded as UTF-8 string. Non-UTF-8 characters will be replaced by "!". + // This field will not be set if + // :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>` + // is set to true. + Headers map[string]string `protobuf:"bytes,3,rep,name=headers,proto3" json:"headers,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` + // A list of the raw HTTP request headers. This is used instead of + // :ref:`headers <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.headers>` when + // :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>` + // is set to true. + // + // Note that this is not actually a map type. “header_map“ contains a single repeated field + // “headers“. + // + // Here, only the “key“ and “raw_value“ fields will be populated for each HeaderValue, and + // that is only when + // :ref:`encode_raw_headers <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.ExtAuthz.encode_raw_headers>` + // is set to true. + // + // Also, unlike the + // :ref:`headers <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.headers>` + // field, headers with the same key are not combined into a single comma separated header. + HeaderMap *v3.HeaderMap `protobuf:"bytes,13,opt,name=header_map,json=headerMap,proto3" json:"header_map,omitempty"` + // The request target, as it appears in the first line of the HTTP request. This includes + // the URL path and query-string. No decoding is performed. + Path string `protobuf:"bytes,4,opt,name=path,proto3" json:"path,omitempty"` + // The HTTP request “Host“ or “:authority“ header value. + Host string `protobuf:"bytes,5,opt,name=host,proto3" json:"host,omitempty"` + // The HTTP URL scheme, such as “http“ and “https“. + Scheme string `protobuf:"bytes,6,opt,name=scheme,proto3" json:"scheme,omitempty"` + // This field is always empty, and exists for compatibility reasons. The HTTP URL query is + // included in “path“ field. + Query string `protobuf:"bytes,7,opt,name=query,proto3" json:"query,omitempty"` + // This field is always empty, and exists for compatibility reasons. The URL fragment is + // not submitted as part of HTTP requests; it is unknowable. + Fragment string `protobuf:"bytes,8,opt,name=fragment,proto3" json:"fragment,omitempty"` + // The HTTP request size in bytes. If unknown, it must be -1. + Size int64 `protobuf:"varint,9,opt,name=size,proto3" json:"size,omitempty"` + // The network protocol used with the request, such as "HTTP/1.0", "HTTP/1.1", or "HTTP/2". + // + // See :repo:`headers.h:ProtocolStrings <source/common/http/headers.h>` for a list of all + // possible values. + Protocol string `protobuf:"bytes,10,opt,name=protocol,proto3" json:"protocol,omitempty"` + // The HTTP request body. + Body string `protobuf:"bytes,11,opt,name=body,proto3" json:"body,omitempty"` + // The HTTP request body in bytes. This is used instead of + // :ref:`body <envoy_v3_api_field_service.auth.v3.AttributeContext.HttpRequest.body>` when + // :ref:`pack_as_bytes <envoy_v3_api_field_extensions.filters.http.ext_authz.v3.BufferSettings.pack_as_bytes>` + // is set to true. + RawBody []byte `protobuf:"bytes,12,opt,name=raw_body,json=rawBody,proto3" json:"raw_body,omitempty"` +} + +func (x *AttributeContext_HttpRequest) Reset() { + *x = AttributeContext_HttpRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_service_auth_v3_attribute_context_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AttributeContext_HttpRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AttributeContext_HttpRequest) ProtoMessage() {} + +func (x *AttributeContext_HttpRequest) ProtoReflect() protoreflect.Message { + mi := &file_envoy_service_auth_v3_attribute_context_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AttributeContext_HttpRequest.ProtoReflect.Descriptor instead. +func (*AttributeContext_HttpRequest) Descriptor() ([]byte, []int) { + return file_envoy_service_auth_v3_attribute_context_proto_rawDescGZIP(), []int{0, 2} +} + +func (x *AttributeContext_HttpRequest) GetId() string { + if x != nil { + return x.Id + } + return "" +} + +func (x *AttributeContext_HttpRequest) GetMethod() string { + if x != nil { + return x.Method + } + return "" +} + +func (x *AttributeContext_HttpRequest) GetHeaders() map[string]string { + if x != nil { + return x.Headers + } + return nil +} + +func (x *AttributeContext_HttpRequest) GetHeaderMap() *v3.HeaderMap { + if x != nil { + return x.HeaderMap + } + return nil +} + +func (x *AttributeContext_HttpRequest) GetPath() string { + if x != nil { + return x.Path + } + return "" +} + +func (x *AttributeContext_HttpRequest) GetHost() string { + if x != nil { + return x.Host + } + return "" +} + +func (x *AttributeContext_HttpRequest) GetScheme() string { + if x != nil { + return x.Scheme + } + return "" +} + +func (x *AttributeContext_HttpRequest) GetQuery() string { + if x != nil { + return x.Query + } + return "" +} + +func (x *AttributeContext_HttpRequest) GetFragment() string { + if x != nil { + return x.Fragment + } + return "" +} + +func (x *AttributeContext_HttpRequest) GetSize() int64 { + if x != nil { + return x.Size + } + return 0 +} + +func (x *AttributeContext_HttpRequest) GetProtocol() string { + if x != nil { + return x.Protocol + } + return "" +} + +func (x *AttributeContext_HttpRequest) GetBody() string { + if x != nil { + return x.Body + } + return "" +} + +func (x *AttributeContext_HttpRequest) GetRawBody() []byte { + if x != nil { + return x.RawBody + } + return nil +} + +// This message defines attributes for the underlying TLS session. +type AttributeContext_TLSSession struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // SNI used for TLS session. + Sni string `protobuf:"bytes,1,opt,name=sni,proto3" json:"sni,omitempty"` +} + +func (x *AttributeContext_TLSSession) Reset() { + *x = AttributeContext_TLSSession{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_service_auth_v3_attribute_context_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *AttributeContext_TLSSession) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AttributeContext_TLSSession) ProtoMessage() {} + +func (x *AttributeContext_TLSSession) ProtoReflect() protoreflect.Message { + mi := &file_envoy_service_auth_v3_attribute_context_proto_msgTypes[4] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AttributeContext_TLSSession.ProtoReflect.Descriptor instead. +func (*AttributeContext_TLSSession) Descriptor() ([]byte, []int) { + return file_envoy_service_auth_v3_attribute_context_proto_rawDescGZIP(), []int{0, 3} +} + +func (x *AttributeContext_TLSSession) GetSni() string { + if x != nil { + return x.Sni + } + return "" +} + +var File_envoy_service_auth_v3_attribute_context_proto protoreflect.FileDescriptor + +var file_envoy_service_auth_v3_attribute_context_proto_rawDesc = []byte{ + 0x0a, 0x2d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, + 0x61, 0x75, 0x74, 0x68, 0x2f, 0x76, 0x33, 0x2f, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, + 0x15, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, + 0x75, 0x74, 0x68, 0x2e, 0x76, 0x33, 0x1a, 0x22, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x33, 0x2f, 0x61, 0x64, 0x64, + 0x72, 0x65, 0x73, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, + 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x33, + 0x2f, 0x62, 0x61, 0x73, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, + 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x75, 0x64, + 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x6d, + 0x69, 0x67, 0x72, 0x61, 0x74, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x75, 0x64, + 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x73, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x75, 0x64, 0x70, + 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xce, + 0x0e, 0x0a, 0x10, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, + 0x65, 0x78, 0x74, 0x12, 0x44, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x33, 0x2e, 0x41, 0x74, 0x74, 0x72, + 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x50, 0x65, 0x65, + 0x72, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x4e, 0x0a, 0x0b, 0x64, 0x65, 0x73, + 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, + 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, + 0x75, 0x74, 0x68, 0x2e, 0x76, 0x33, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, + 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x52, 0x0b, 0x64, 0x65, + 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x49, 0x0a, 0x07, 0x72, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x65, 0x6e, 0x76, + 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, + 0x76, 0x33, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, + 0x65, 0x78, 0x74, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x07, 0x72, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x6d, 0x0a, 0x12, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, + 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x3e, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x33, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, + 0x74, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x11, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, + 0x6f, 0x6e, 0x73, 0x12, 0x49, 0x0a, 0x10, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x5f, + 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, 0x2e, + 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, + 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x0f, 0x6d, + 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x12, 0x54, + 0x0a, 0x16, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1e, + 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, + 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x14, + 0x72, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x43, 0x6f, 0x6e, + 0x74, 0x65, 0x78, 0x74, 0x12, 0x53, 0x0a, 0x0b, 0x74, 0x6c, 0x73, 0x5f, 0x73, 0x65, 0x73, 0x73, + 0x69, 0x6f, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x65, 0x6e, 0x76, 0x6f, + 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, + 0x33, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, + 0x78, 0x74, 0x2e, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x74, + 0x6c, 0x73, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x1a, 0xda, 0x02, 0x0a, 0x04, 0x50, 0x65, + 0x65, 0x72, 0x12, 0x37, 0x0a, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x41, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x52, 0x07, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x50, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, + 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x33, 0x2e, 0x41, 0x74, + 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x50, + 0x65, 0x65, 0x72, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x1c, 0x0a, 0x09, 0x70, 0x72, 0x69, 0x6e, 0x63, + 0x69, 0x70, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x70, 0x72, 0x69, 0x6e, + 0x63, 0x69, 0x70, 0x61, 0x6c, 0x12, 0x20, 0x0a, 0x0b, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, + 0x63, 0x61, 0x74, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x63, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, + 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, + 0x38, 0x01, 0x3a, 0x32, 0x9a, 0xc5, 0x88, 0x1e, 0x2d, 0x0a, 0x2b, 0x65, 0x6e, 0x76, 0x6f, 0x79, + 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x32, + 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, + 0x74, 0x2e, 0x50, 0x65, 0x65, 0x72, 0x1a, 0xb9, 0x01, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x2e, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x04, 0x74, 0x69, + 0x6d, 0x65, 0x12, 0x47, 0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x33, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x33, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x3a, 0x35, 0x9a, 0xc5, 0x88, + 0x1e, 0x30, 0x0a, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0xc5, 0x04, 0x0a, 0x0b, 0x48, 0x74, 0x74, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, + 0x69, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x70, 0x0a, 0x07, 0x68, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, + 0x2e, 0x76, 0x33, 0x2e, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, + 0x74, 0x65, 0x78, 0x74, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, 0x14, 0xf2, + 0x98, 0xfe, 0x8f, 0x05, 0x0e, 0x12, 0x0c, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x54, 0x0a, 0x0a, + 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6d, 0x61, 0x70, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, + 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, 0x61, + 0x70, 0x42, 0x14, 0xf2, 0x98, 0xfe, 0x8f, 0x05, 0x0e, 0x12, 0x0c, 0x68, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x52, 0x09, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x4d, + 0x61, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, + 0x68, 0x65, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, + 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x71, 0x75, 0x65, 0x72, 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x66, 0x72, 0x61, 0x67, + 0x6d, 0x65, 0x6e, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x66, 0x72, 0x61, 0x67, + 0x6d, 0x65, 0x6e, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x09, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x04, 0x73, 0x69, 0x7a, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x0b, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x12, 0x19, 0x0a, 0x08, 0x72, 0x61, 0x77, 0x5f, + 0x62, 0x6f, 0x64, 0x79, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x72, 0x61, 0x77, 0x42, + 0x6f, 0x64, 0x79, 0x1a, 0x3a, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x3a, + 0x39, 0x9a, 0xc5, 0x88, 0x1e, 0x34, 0x0a, 0x32, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x32, 0x2e, 0x41, 0x74, + 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x48, + 0x74, 0x74, 0x70, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1e, 0x0a, 0x0a, 0x54, 0x4c, + 0x53, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x1a, 0x44, 0x0a, 0x16, 0x43, 0x6f, + 0x6e, 0x74, 0x65, 0x78, 0x74, 0x45, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x3a, 0x2d, 0x9a, 0xc5, 0x88, 0x1e, 0x28, 0x0a, 0x26, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x32, 0x2e, 0x41, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x42, + 0x8b, 0x01, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x02, 0x0a, 0x23, 0x69, 0x6f, 0x2e, 0x65, + 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x33, 0x42, + 0x15, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, + 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x43, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, + 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, + 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, 0x61, + 0x75, 0x74, 0x68, 0x2f, 0x76, 0x33, 0x3b, 0x61, 0x75, 0x74, 0x68, 0x76, 0x33, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_envoy_service_auth_v3_attribute_context_proto_rawDescOnce sync.Once + file_envoy_service_auth_v3_attribute_context_proto_rawDescData = file_envoy_service_auth_v3_attribute_context_proto_rawDesc +) + +func file_envoy_service_auth_v3_attribute_context_proto_rawDescGZIP() []byte { + file_envoy_service_auth_v3_attribute_context_proto_rawDescOnce.Do(func() { + file_envoy_service_auth_v3_attribute_context_proto_rawDescData = protoimpl.X.CompressGZIP(file_envoy_service_auth_v3_attribute_context_proto_rawDescData) + }) + return file_envoy_service_auth_v3_attribute_context_proto_rawDescData +} + +var file_envoy_service_auth_v3_attribute_context_proto_msgTypes = make([]protoimpl.MessageInfo, 8) +var file_envoy_service_auth_v3_attribute_context_proto_goTypes = []interface{}{ + (*AttributeContext)(nil), // 0: envoy.service.auth.v3.AttributeContext + (*AttributeContext_Peer)(nil), // 1: envoy.service.auth.v3.AttributeContext.Peer + (*AttributeContext_Request)(nil), // 2: envoy.service.auth.v3.AttributeContext.Request + (*AttributeContext_HttpRequest)(nil), // 3: envoy.service.auth.v3.AttributeContext.HttpRequest + (*AttributeContext_TLSSession)(nil), // 4: envoy.service.auth.v3.AttributeContext.TLSSession + nil, // 5: envoy.service.auth.v3.AttributeContext.ContextExtensionsEntry + nil, // 6: envoy.service.auth.v3.AttributeContext.Peer.LabelsEntry + nil, // 7: envoy.service.auth.v3.AttributeContext.HttpRequest.HeadersEntry + (*v3.Metadata)(nil), // 8: envoy.config.core.v3.Metadata + (*v3.Address)(nil), // 9: envoy.config.core.v3.Address + (*timestamppb.Timestamp)(nil), // 10: google.protobuf.Timestamp + (*v3.HeaderMap)(nil), // 11: envoy.config.core.v3.HeaderMap +} +var file_envoy_service_auth_v3_attribute_context_proto_depIdxs = []int32{ + 1, // 0: envoy.service.auth.v3.AttributeContext.source:type_name -> envoy.service.auth.v3.AttributeContext.Peer + 1, // 1: envoy.service.auth.v3.AttributeContext.destination:type_name -> envoy.service.auth.v3.AttributeContext.Peer + 2, // 2: envoy.service.auth.v3.AttributeContext.request:type_name -> envoy.service.auth.v3.AttributeContext.Request + 5, // 3: envoy.service.auth.v3.AttributeContext.context_extensions:type_name -> envoy.service.auth.v3.AttributeContext.ContextExtensionsEntry + 8, // 4: envoy.service.auth.v3.AttributeContext.metadata_context:type_name -> envoy.config.core.v3.Metadata + 8, // 5: envoy.service.auth.v3.AttributeContext.route_metadata_context:type_name -> envoy.config.core.v3.Metadata + 4, // 6: envoy.service.auth.v3.AttributeContext.tls_session:type_name -> envoy.service.auth.v3.AttributeContext.TLSSession + 9, // 7: envoy.service.auth.v3.AttributeContext.Peer.address:type_name -> envoy.config.core.v3.Address + 6, // 8: envoy.service.auth.v3.AttributeContext.Peer.labels:type_name -> envoy.service.auth.v3.AttributeContext.Peer.LabelsEntry + 10, // 9: envoy.service.auth.v3.AttributeContext.Request.time:type_name -> google.protobuf.Timestamp + 3, // 10: envoy.service.auth.v3.AttributeContext.Request.http:type_name -> envoy.service.auth.v3.AttributeContext.HttpRequest + 7, // 11: envoy.service.auth.v3.AttributeContext.HttpRequest.headers:type_name -> envoy.service.auth.v3.AttributeContext.HttpRequest.HeadersEntry + 11, // 12: envoy.service.auth.v3.AttributeContext.HttpRequest.header_map:type_name -> envoy.config.core.v3.HeaderMap + 13, // [13:13] is the sub-list for method output_type + 13, // [13:13] is the sub-list for method input_type + 13, // [13:13] is the sub-list for extension type_name + 13, // [13:13] is the sub-list for extension extendee + 0, // [0:13] is the sub-list for field type_name +} + +func init() { file_envoy_service_auth_v3_attribute_context_proto_init() } +func file_envoy_service_auth_v3_attribute_context_proto_init() { + if File_envoy_service_auth_v3_attribute_context_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_envoy_service_auth_v3_attribute_context_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AttributeContext); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_envoy_service_auth_v3_attribute_context_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AttributeContext_Peer); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_envoy_service_auth_v3_attribute_context_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AttributeContext_Request); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_envoy_service_auth_v3_attribute_context_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AttributeContext_HttpRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_envoy_service_auth_v3_attribute_context_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*AttributeContext_TLSSession); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_envoy_service_auth_v3_attribute_context_proto_rawDesc, + NumEnums: 0, + NumMessages: 8, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_envoy_service_auth_v3_attribute_context_proto_goTypes, + DependencyIndexes: file_envoy_service_auth_v3_attribute_context_proto_depIdxs, + MessageInfos: file_envoy_service_auth_v3_attribute_context_proto_msgTypes, + }.Build() + File_envoy_service_auth_v3_attribute_context_proto = out.File + file_envoy_service_auth_v3_attribute_context_proto_rawDesc = nil + file_envoy_service_auth_v3_attribute_context_proto_goTypes = nil + file_envoy_service_auth_v3_attribute_context_proto_depIdxs = nil +} diff --git a/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/attribute_context.pb.validate.go b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/attribute_context.pb.validate.go new file mode 100644 index 00000000..320ba190 --- /dev/null +++ b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/attribute_context.pb.validate.go @@ -0,0 +1,873 @@ +//go:build !disable_pgv +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: envoy/service/auth/v3/attribute_context.proto + +package authv3 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on AttributeContext with the rules defined +// in the proto definition for this message. If any rules are violated, the +// first error encountered is returned, or nil if there are no violations. +func (m *AttributeContext) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on AttributeContext with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// AttributeContextMultiError, or nil if none found. +func (m *AttributeContext) ValidateAll() error { + return m.validate(true) +} + +func (m *AttributeContext) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetSource()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "Source", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "Source", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetSource()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AttributeContextValidationError{ + field: "Source", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetDestination()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "Destination", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "Destination", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetDestination()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AttributeContextValidationError{ + field: "Destination", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetRequest()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "Request", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "Request", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetRequest()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AttributeContextValidationError{ + field: "Request", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for ContextExtensions + + if all { + switch v := interface{}(m.GetMetadataContext()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "MetadataContext", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "MetadataContext", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetMetadataContext()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AttributeContextValidationError{ + field: "MetadataContext", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetRouteMetadataContext()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "RouteMetadataContext", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "RouteMetadataContext", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetRouteMetadataContext()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AttributeContextValidationError{ + field: "RouteMetadataContext", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetTlsSession()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "TlsSession", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AttributeContextValidationError{ + field: "TlsSession", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTlsSession()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AttributeContextValidationError{ + field: "TlsSession", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return AttributeContextMultiError(errors) + } + + return nil +} + +// AttributeContextMultiError is an error wrapping multiple validation errors +// returned by AttributeContext.ValidateAll() if the designated constraints +// aren't met. +type AttributeContextMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m AttributeContextMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m AttributeContextMultiError) AllErrors() []error { return m } + +// AttributeContextValidationError is the validation error returned by +// AttributeContext.Validate if the designated constraints aren't met. +type AttributeContextValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e AttributeContextValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e AttributeContextValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e AttributeContextValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e AttributeContextValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e AttributeContextValidationError) ErrorName() string { return "AttributeContextValidationError" } + +// Error satisfies the builtin error interface +func (e AttributeContextValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sAttributeContext.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = AttributeContextValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = AttributeContextValidationError{} + +// Validate checks the field values on AttributeContext_Peer with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *AttributeContext_Peer) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on AttributeContext_Peer with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// AttributeContext_PeerMultiError, or nil if none found. +func (m *AttributeContext_Peer) ValidateAll() error { + return m.validate(true) +} + +func (m *AttributeContext_Peer) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetAddress()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AttributeContext_PeerValidationError{ + field: "Address", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AttributeContext_PeerValidationError{ + field: "Address", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetAddress()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AttributeContext_PeerValidationError{ + field: "Address", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for Service + + // no validation rules for Labels + + // no validation rules for Principal + + // no validation rules for Certificate + + if len(errors) > 0 { + return AttributeContext_PeerMultiError(errors) + } + + return nil +} + +// AttributeContext_PeerMultiError is an error wrapping multiple validation +// errors returned by AttributeContext_Peer.ValidateAll() if the designated +// constraints aren't met. +type AttributeContext_PeerMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m AttributeContext_PeerMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m AttributeContext_PeerMultiError) AllErrors() []error { return m } + +// AttributeContext_PeerValidationError is the validation error returned by +// AttributeContext_Peer.Validate if the designated constraints aren't met. +type AttributeContext_PeerValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e AttributeContext_PeerValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e AttributeContext_PeerValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e AttributeContext_PeerValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e AttributeContext_PeerValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e AttributeContext_PeerValidationError) ErrorName() string { + return "AttributeContext_PeerValidationError" +} + +// Error satisfies the builtin error interface +func (e AttributeContext_PeerValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sAttributeContext_Peer.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = AttributeContext_PeerValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = AttributeContext_PeerValidationError{} + +// Validate checks the field values on AttributeContext_Request with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *AttributeContext_Request) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on AttributeContext_Request with the +// rules defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// AttributeContext_RequestMultiError, or nil if none found. +func (m *AttributeContext_Request) ValidateAll() error { + return m.validate(true) +} + +func (m *AttributeContext_Request) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetTime()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AttributeContext_RequestValidationError{ + field: "Time", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AttributeContext_RequestValidationError{ + field: "Time", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetTime()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AttributeContext_RequestValidationError{ + field: "Time", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetHttp()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AttributeContext_RequestValidationError{ + field: "Http", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AttributeContext_RequestValidationError{ + field: "Http", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetHttp()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AttributeContext_RequestValidationError{ + field: "Http", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return AttributeContext_RequestMultiError(errors) + } + + return nil +} + +// AttributeContext_RequestMultiError is an error wrapping multiple validation +// errors returned by AttributeContext_Request.ValidateAll() if the designated +// constraints aren't met. +type AttributeContext_RequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m AttributeContext_RequestMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m AttributeContext_RequestMultiError) AllErrors() []error { return m } + +// AttributeContext_RequestValidationError is the validation error returned by +// AttributeContext_Request.Validate if the designated constraints aren't met. +type AttributeContext_RequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e AttributeContext_RequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e AttributeContext_RequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e AttributeContext_RequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e AttributeContext_RequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e AttributeContext_RequestValidationError) ErrorName() string { + return "AttributeContext_RequestValidationError" +} + +// Error satisfies the builtin error interface +func (e AttributeContext_RequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sAttributeContext_Request.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = AttributeContext_RequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = AttributeContext_RequestValidationError{} + +// Validate checks the field values on AttributeContext_HttpRequest with the +// rules defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *AttributeContext_HttpRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on AttributeContext_HttpRequest with the +// rules defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// AttributeContext_HttpRequestMultiError, or nil if none found. +func (m *AttributeContext_HttpRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *AttributeContext_HttpRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Id + + // no validation rules for Method + + // no validation rules for Headers + + if all { + switch v := interface{}(m.GetHeaderMap()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, AttributeContext_HttpRequestValidationError{ + field: "HeaderMap", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, AttributeContext_HttpRequestValidationError{ + field: "HeaderMap", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetHeaderMap()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return AttributeContext_HttpRequestValidationError{ + field: "HeaderMap", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for Path + + // no validation rules for Host + + // no validation rules for Scheme + + // no validation rules for Query + + // no validation rules for Fragment + + // no validation rules for Size + + // no validation rules for Protocol + + // no validation rules for Body + + // no validation rules for RawBody + + if len(errors) > 0 { + return AttributeContext_HttpRequestMultiError(errors) + } + + return nil +} + +// AttributeContext_HttpRequestMultiError is an error wrapping multiple +// validation errors returned by AttributeContext_HttpRequest.ValidateAll() if +// the designated constraints aren't met. +type AttributeContext_HttpRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m AttributeContext_HttpRequestMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m AttributeContext_HttpRequestMultiError) AllErrors() []error { return m } + +// AttributeContext_HttpRequestValidationError is the validation error returned +// by AttributeContext_HttpRequest.Validate if the designated constraints +// aren't met. +type AttributeContext_HttpRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e AttributeContext_HttpRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e AttributeContext_HttpRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e AttributeContext_HttpRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e AttributeContext_HttpRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e AttributeContext_HttpRequestValidationError) ErrorName() string { + return "AttributeContext_HttpRequestValidationError" +} + +// Error satisfies the builtin error interface +func (e AttributeContext_HttpRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sAttributeContext_HttpRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = AttributeContext_HttpRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = AttributeContext_HttpRequestValidationError{} + +// Validate checks the field values on AttributeContext_TLSSession with the +// rules defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *AttributeContext_TLSSession) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on AttributeContext_TLSSession with the +// rules defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// AttributeContext_TLSSessionMultiError, or nil if none found. +func (m *AttributeContext_TLSSession) ValidateAll() error { + return m.validate(true) +} + +func (m *AttributeContext_TLSSession) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + // no validation rules for Sni + + if len(errors) > 0 { + return AttributeContext_TLSSessionMultiError(errors) + } + + return nil +} + +// AttributeContext_TLSSessionMultiError is an error wrapping multiple +// validation errors returned by AttributeContext_TLSSession.ValidateAll() if +// the designated constraints aren't met. +type AttributeContext_TLSSessionMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m AttributeContext_TLSSessionMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m AttributeContext_TLSSessionMultiError) AllErrors() []error { return m } + +// AttributeContext_TLSSessionValidationError is the validation error returned +// by AttributeContext_TLSSession.Validate if the designated constraints +// aren't met. +type AttributeContext_TLSSessionValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e AttributeContext_TLSSessionValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e AttributeContext_TLSSessionValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e AttributeContext_TLSSessionValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e AttributeContext_TLSSessionValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e AttributeContext_TLSSessionValidationError) ErrorName() string { + return "AttributeContext_TLSSessionValidationError" +} + +// Error satisfies the builtin error interface +func (e AttributeContext_TLSSessionValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sAttributeContext_TLSSession.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = AttributeContext_TLSSessionValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = AttributeContext_TLSSessionValidationError{} diff --git a/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/attribute_context_vtproto.pb.go b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/attribute_context_vtproto.pb.go new file mode 100644 index 00000000..484da3f8 --- /dev/null +++ b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/attribute_context_vtproto.pb.go @@ -0,0 +1,691 @@ +//go:build vtprotobuf +// +build vtprotobuf + +// Code generated by protoc-gen-go-vtproto. DO NOT EDIT. +// source: envoy/service/auth/v3/attribute_context.proto + +package authv3 + +import ( + protohelpers "github.com/planetscale/vtprotobuf/protohelpers" + timestamppb "github.com/planetscale/vtprotobuf/types/known/timestamppb" + proto "google.golang.org/protobuf/proto" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +func (m *AttributeContext_Peer) MarshalVTStrict() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVTStrict(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AttributeContext_Peer) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *AttributeContext_Peer) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if len(m.Certificate) > 0 { + i -= len(m.Certificate) + copy(dAtA[i:], m.Certificate) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Certificate))) + i-- + dAtA[i] = 0x2a + } + if len(m.Principal) > 0 { + i -= len(m.Principal) + copy(dAtA[i:], m.Principal) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Principal))) + i-- + dAtA[i] = 0x22 + } + if len(m.Labels) > 0 { + for k := range m.Labels { + v := m.Labels[k] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(k) + copy(dAtA[i:], k) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = protohelpers.EncodeVarint(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x1a + } + } + if len(m.Service) > 0 { + i -= len(m.Service) + copy(dAtA[i:], m.Service) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Service))) + i-- + dAtA[i] = 0x12 + } + if m.Address != nil { + if vtmsg, ok := interface{}(m.Address).(interface { + MarshalToSizedBufferVTStrict([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.Address) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *AttributeContext_Request) MarshalVTStrict() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVTStrict(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AttributeContext_Request) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *AttributeContext_Request) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if m.Http != nil { + size, err := m.Http.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x12 + } + if m.Time != nil { + size, err := (*timestamppb.Timestamp)(m.Time).MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *AttributeContext_HttpRequest) MarshalVTStrict() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVTStrict(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AttributeContext_HttpRequest) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *AttributeContext_HttpRequest) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if m.HeaderMap != nil { + if vtmsg, ok := interface{}(m.HeaderMap).(interface { + MarshalToSizedBufferVTStrict([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.HeaderMap) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0x6a + } + if len(m.RawBody) > 0 { + i -= len(m.RawBody) + copy(dAtA[i:], m.RawBody) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.RawBody))) + i-- + dAtA[i] = 0x62 + } + if len(m.Body) > 0 { + i -= len(m.Body) + copy(dAtA[i:], m.Body) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Body))) + i-- + dAtA[i] = 0x5a + } + if len(m.Protocol) > 0 { + i -= len(m.Protocol) + copy(dAtA[i:], m.Protocol) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Protocol))) + i-- + dAtA[i] = 0x52 + } + if m.Size != 0 { + i = protohelpers.EncodeVarint(dAtA, i, uint64(m.Size)) + i-- + dAtA[i] = 0x48 + } + if len(m.Fragment) > 0 { + i -= len(m.Fragment) + copy(dAtA[i:], m.Fragment) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Fragment))) + i-- + dAtA[i] = 0x42 + } + if len(m.Query) > 0 { + i -= len(m.Query) + copy(dAtA[i:], m.Query) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Query))) + i-- + dAtA[i] = 0x3a + } + if len(m.Scheme) > 0 { + i -= len(m.Scheme) + copy(dAtA[i:], m.Scheme) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Scheme))) + i-- + dAtA[i] = 0x32 + } + if len(m.Host) > 0 { + i -= len(m.Host) + copy(dAtA[i:], m.Host) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Host))) + i-- + dAtA[i] = 0x2a + } + if len(m.Path) > 0 { + i -= len(m.Path) + copy(dAtA[i:], m.Path) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Path))) + i-- + dAtA[i] = 0x22 + } + if len(m.Headers) > 0 { + for k := range m.Headers { + v := m.Headers[k] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(k) + copy(dAtA[i:], k) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = protohelpers.EncodeVarint(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x1a + } + } + if len(m.Method) > 0 { + i -= len(m.Method) + copy(dAtA[i:], m.Method) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Method))) + i-- + dAtA[i] = 0x12 + } + if len(m.Id) > 0 { + i -= len(m.Id) + copy(dAtA[i:], m.Id) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Id))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *AttributeContext_TLSSession) MarshalVTStrict() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVTStrict(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AttributeContext_TLSSession) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *AttributeContext_TLSSession) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if len(m.Sni) > 0 { + i -= len(m.Sni) + copy(dAtA[i:], m.Sni) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Sni))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *AttributeContext) MarshalVTStrict() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVTStrict(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AttributeContext) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *AttributeContext) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if m.RouteMetadataContext != nil { + if vtmsg, ok := interface{}(m.RouteMetadataContext).(interface { + MarshalToSizedBufferVTStrict([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.RouteMetadataContext) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0x6a + } + if m.TlsSession != nil { + size, err := m.TlsSession.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x62 + } + if m.MetadataContext != nil { + if vtmsg, ok := interface{}(m.MetadataContext).(interface { + MarshalToSizedBufferVTStrict([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.MetadataContext) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0x5a + } + if len(m.ContextExtensions) > 0 { + for k := range m.ContextExtensions { + v := m.ContextExtensions[k] + baseI := i + i -= len(v) + copy(dAtA[i:], v) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(v))) + i-- + dAtA[i] = 0x12 + i -= len(k) + copy(dAtA[i:], k) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(k))) + i-- + dAtA[i] = 0xa + i = protohelpers.EncodeVarint(dAtA, i, uint64(baseI-i)) + i-- + dAtA[i] = 0x52 + } + } + if m.Request != nil { + size, err := m.Request.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x22 + } + if m.Destination != nil { + size, err := m.Destination.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x12 + } + if m.Source != nil { + size, err := m.Source.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *AttributeContext_Peer) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Address != nil { + if size, ok := interface{}(m.Address).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(m.Address) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.Service) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if len(m.Labels) > 0 { + for k, v := range m.Labels { + _ = k + _ = v + mapEntrySize := 1 + len(k) + protohelpers.SizeOfVarint(uint64(len(k))) + 1 + len(v) + protohelpers.SizeOfVarint(uint64(len(v))) + n += mapEntrySize + 1 + protohelpers.SizeOfVarint(uint64(mapEntrySize)) + } + } + l = len(m.Principal) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.Certificate) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + n += len(m.unknownFields) + return n +} + +func (m *AttributeContext_Request) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Time != nil { + l = (*timestamppb.Timestamp)(m.Time).SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if m.Http != nil { + l = m.Http.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + n += len(m.unknownFields) + return n +} + +func (m *AttributeContext_HttpRequest) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Id) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.Method) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if len(m.Headers) > 0 { + for k, v := range m.Headers { + _ = k + _ = v + mapEntrySize := 1 + len(k) + protohelpers.SizeOfVarint(uint64(len(k))) + 1 + len(v) + protohelpers.SizeOfVarint(uint64(len(v))) + n += mapEntrySize + 1 + protohelpers.SizeOfVarint(uint64(mapEntrySize)) + } + } + l = len(m.Path) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.Host) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.Scheme) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.Query) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.Fragment) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if m.Size != 0 { + n += 1 + protohelpers.SizeOfVarint(uint64(m.Size)) + } + l = len(m.Protocol) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.Body) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + l = len(m.RawBody) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if m.HeaderMap != nil { + if size, ok := interface{}(m.HeaderMap).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(m.HeaderMap) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + n += len(m.unknownFields) + return n +} + +func (m *AttributeContext_TLSSession) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Sni) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + n += len(m.unknownFields) + return n +} + +func (m *AttributeContext) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Source != nil { + l = m.Source.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if m.Destination != nil { + l = m.Destination.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if m.Request != nil { + l = m.Request.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if len(m.ContextExtensions) > 0 { + for k, v := range m.ContextExtensions { + _ = k + _ = v + mapEntrySize := 1 + len(k) + protohelpers.SizeOfVarint(uint64(len(k))) + 1 + len(v) + protohelpers.SizeOfVarint(uint64(len(v))) + n += mapEntrySize + 1 + protohelpers.SizeOfVarint(uint64(mapEntrySize)) + } + } + if m.MetadataContext != nil { + if size, ok := interface{}(m.MetadataContext).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(m.MetadataContext) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if m.TlsSession != nil { + l = m.TlsSession.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if m.RouteMetadataContext != nil { + if size, ok := interface{}(m.RouteMetadataContext).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(m.RouteMetadataContext) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + n += len(m.unknownFields) + return n +} diff --git a/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth.pb.go b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth.pb.go new file mode 100644 index 00000000..6c59a0ef --- /dev/null +++ b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth.pb.go @@ -0,0 +1,628 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.30.0 +// protoc v5.29.3 +// source: envoy/service/auth/v3/external_auth.proto + +package authv3 + +import ( + _ "github.com/cncf/xds/go/udpa/annotations" + _ "github.com/envoyproxy/go-control-plane/envoy/annotations" + v31 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" + v3 "github.com/envoyproxy/go-control-plane/envoy/type/v3" + status "google.golang.org/genproto/googleapis/rpc/status" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + structpb "google.golang.org/protobuf/types/known/structpb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type CheckRequest struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The request attributes. + Attributes *AttributeContext `protobuf:"bytes,1,opt,name=attributes,proto3" json:"attributes,omitempty"` +} + +func (x *CheckRequest) Reset() { + *x = CheckRequest{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_service_auth_v3_external_auth_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CheckRequest) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CheckRequest) ProtoMessage() {} + +func (x *CheckRequest) ProtoReflect() protoreflect.Message { + mi := &file_envoy_service_auth_v3_external_auth_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CheckRequest.ProtoReflect.Descriptor instead. +func (*CheckRequest) Descriptor() ([]byte, []int) { + return file_envoy_service_auth_v3_external_auth_proto_rawDescGZIP(), []int{0} +} + +func (x *CheckRequest) GetAttributes() *AttributeContext { + if x != nil { + return x.Attributes + } + return nil +} + +// HTTP attributes for a denied response. +type DeniedHttpResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // This field allows the authorization service to send an HTTP response status code to the + // downstream client. If not set, Envoy sends “403 Forbidden“ HTTP status code by default. + Status *v3.HttpStatus `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"` + // This field allows the authorization service to send HTTP response headers + // to the downstream client. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to + // false when used in this message. + Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"` + // This field allows the authorization service to send a response body data + // to the downstream client. + Body string `protobuf:"bytes,3,opt,name=body,proto3" json:"body,omitempty"` +} + +func (x *DeniedHttpResponse) Reset() { + *x = DeniedHttpResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_service_auth_v3_external_auth_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DeniedHttpResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DeniedHttpResponse) ProtoMessage() {} + +func (x *DeniedHttpResponse) ProtoReflect() protoreflect.Message { + mi := &file_envoy_service_auth_v3_external_auth_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DeniedHttpResponse.ProtoReflect.Descriptor instead. +func (*DeniedHttpResponse) Descriptor() ([]byte, []int) { + return file_envoy_service_auth_v3_external_auth_proto_rawDescGZIP(), []int{1} +} + +func (x *DeniedHttpResponse) GetStatus() *v3.HttpStatus { + if x != nil { + return x.Status + } + return nil +} + +func (x *DeniedHttpResponse) GetHeaders() []*v31.HeaderValueOption { + if x != nil { + return x.Headers + } + return nil +} + +func (x *DeniedHttpResponse) GetBody() string { + if x != nil { + return x.Body + } + return "" +} + +// HTTP attributes for an OK response. +// [#next-free-field: 9] +type OkHttpResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // HTTP entity headers in addition to the original request headers. This allows the authorization + // service to append, to add or to override headers from the original request before + // dispatching it to the upstream. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` defaults to + // false when used in this message. By setting the “append“ field to “true“, + // the filter will append the correspondent header value to the matched request header. + // By leaving “append“ as false, the filter will either add a new header, or override an existing + // one if there is a match. + Headers []*v31.HeaderValueOption `protobuf:"bytes,2,rep,name=headers,proto3" json:"headers,omitempty"` + // HTTP entity headers to remove from the original request before dispatching + // it to the upstream. This allows the authorization service to act on auth + // related headers (like “Authorization“), process them, and consume them. + // Under this model, the upstream will either receive the request (if it's + // authorized) or not receive it (if it's not), but will not see headers + // containing authorization credentials. + // + // Pseudo headers (such as “:authority“, “:method“, “:path“ etc), as well as + // the header “Host“, may not be removed as that would make the request + // malformed. If mentioned in “headers_to_remove“ these special headers will + // be ignored. + // + // When using the HTTP service this must instead be set by the HTTP + // authorization service as a comma separated list like so: + // “x-envoy-auth-headers-to-remove: one-auth-header, another-auth-header“. + HeadersToRemove []string `protobuf:"bytes,5,rep,name=headers_to_remove,json=headersToRemove,proto3" json:"headers_to_remove,omitempty"` + // This field has been deprecated in favor of :ref:`CheckResponse.dynamic_metadata + // <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. Until it is removed, + // setting this field overrides :ref:`CheckResponse.dynamic_metadata + // <envoy_v3_api_field_service.auth.v3.CheckResponse.dynamic_metadata>`. + // + // Deprecated: Marked as deprecated in envoy/service/auth/v3/external_auth.proto. + DynamicMetadata *structpb.Struct `protobuf:"bytes,3,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"` + // This field allows the authorization service to send HTTP response headers + // to the downstream client on success. Note that the :ref:`append field in HeaderValueOption <envoy_v3_api_field_config.core.v3.HeaderValueOption.append>` + // defaults to false when used in this message. + ResponseHeadersToAdd []*v31.HeaderValueOption `protobuf:"bytes,6,rep,name=response_headers_to_add,json=responseHeadersToAdd,proto3" json:"response_headers_to_add,omitempty"` + // This field allows the authorization service to set (and overwrite) query + // string parameters on the original request before it is sent upstream. + QueryParametersToSet []*v31.QueryParameter `protobuf:"bytes,7,rep,name=query_parameters_to_set,json=queryParametersToSet,proto3" json:"query_parameters_to_set,omitempty"` + // This field allows the authorization service to specify which query parameters + // should be removed from the original request before it is sent upstream. Each + // element in this list is a case-sensitive query parameter name to be removed. + QueryParametersToRemove []string `protobuf:"bytes,8,rep,name=query_parameters_to_remove,json=queryParametersToRemove,proto3" json:"query_parameters_to_remove,omitempty"` +} + +func (x *OkHttpResponse) Reset() { + *x = OkHttpResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_service_auth_v3_external_auth_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *OkHttpResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*OkHttpResponse) ProtoMessage() {} + +func (x *OkHttpResponse) ProtoReflect() protoreflect.Message { + mi := &file_envoy_service_auth_v3_external_auth_proto_msgTypes[2] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use OkHttpResponse.ProtoReflect.Descriptor instead. +func (*OkHttpResponse) Descriptor() ([]byte, []int) { + return file_envoy_service_auth_v3_external_auth_proto_rawDescGZIP(), []int{2} +} + +func (x *OkHttpResponse) GetHeaders() []*v31.HeaderValueOption { + if x != nil { + return x.Headers + } + return nil +} + +func (x *OkHttpResponse) GetHeadersToRemove() []string { + if x != nil { + return x.HeadersToRemove + } + return nil +} + +// Deprecated: Marked as deprecated in envoy/service/auth/v3/external_auth.proto. +func (x *OkHttpResponse) GetDynamicMetadata() *structpb.Struct { + if x != nil { + return x.DynamicMetadata + } + return nil +} + +func (x *OkHttpResponse) GetResponseHeadersToAdd() []*v31.HeaderValueOption { + if x != nil { + return x.ResponseHeadersToAdd + } + return nil +} + +func (x *OkHttpResponse) GetQueryParametersToSet() []*v31.QueryParameter { + if x != nil { + return x.QueryParametersToSet + } + return nil +} + +func (x *OkHttpResponse) GetQueryParametersToRemove() []string { + if x != nil { + return x.QueryParametersToRemove + } + return nil +} + +// Intended for gRPC and Network Authorization servers “only“. +type CheckResponse struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Status “OK“ allows the request. Any other status indicates the request should be denied, and + // for HTTP filter, if not overridden by :ref:`denied HTTP response status <envoy_v3_api_field_service.auth.v3.DeniedHttpResponse.status>` + // Envoy sends “403 Forbidden“ HTTP status code by default. + Status *status.Status `protobuf:"bytes,1,opt,name=status,proto3" json:"status,omitempty"` + // An message that contains HTTP response attributes. This message is + // used when the authorization service needs to send custom responses to the + // downstream client or, to modify/add request headers being dispatched to the upstream. + // + // Types that are assignable to HttpResponse: + // + // *CheckResponse_DeniedResponse + // *CheckResponse_OkResponse + HttpResponse isCheckResponse_HttpResponse `protobuf_oneof:"http_response"` + // Optional response metadata that will be emitted as dynamic metadata to be consumed by the next + // filter. This metadata lives in a namespace specified by the canonical name of extension filter + // that requires it: + // + // - :ref:`envoy.filters.http.ext_authz <config_http_filters_ext_authz_dynamic_metadata>` for HTTP filter. + // - :ref:`envoy.filters.network.ext_authz <config_network_filters_ext_authz_dynamic_metadata>` for network filter. + DynamicMetadata *structpb.Struct `protobuf:"bytes,4,opt,name=dynamic_metadata,json=dynamicMetadata,proto3" json:"dynamic_metadata,omitempty"` +} + +func (x *CheckResponse) Reset() { + *x = CheckResponse{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_service_auth_v3_external_auth_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *CheckResponse) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*CheckResponse) ProtoMessage() {} + +func (x *CheckResponse) ProtoReflect() protoreflect.Message { + mi := &file_envoy_service_auth_v3_external_auth_proto_msgTypes[3] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use CheckResponse.ProtoReflect.Descriptor instead. +func (*CheckResponse) Descriptor() ([]byte, []int) { + return file_envoy_service_auth_v3_external_auth_proto_rawDescGZIP(), []int{3} +} + +func (x *CheckResponse) GetStatus() *status.Status { + if x != nil { + return x.Status + } + return nil +} + +func (m *CheckResponse) GetHttpResponse() isCheckResponse_HttpResponse { + if m != nil { + return m.HttpResponse + } + return nil +} + +func (x *CheckResponse) GetDeniedResponse() *DeniedHttpResponse { + if x, ok := x.GetHttpResponse().(*CheckResponse_DeniedResponse); ok { + return x.DeniedResponse + } + return nil +} + +func (x *CheckResponse) GetOkResponse() *OkHttpResponse { + if x, ok := x.GetHttpResponse().(*CheckResponse_OkResponse); ok { + return x.OkResponse + } + return nil +} + +func (x *CheckResponse) GetDynamicMetadata() *structpb.Struct { + if x != nil { + return x.DynamicMetadata + } + return nil +} + +type isCheckResponse_HttpResponse interface { + isCheckResponse_HttpResponse() +} + +type CheckResponse_DeniedResponse struct { + // Supplies http attributes for a denied response. + DeniedResponse *DeniedHttpResponse `protobuf:"bytes,2,opt,name=denied_response,json=deniedResponse,proto3,oneof"` +} + +type CheckResponse_OkResponse struct { + // Supplies http attributes for an ok response. + OkResponse *OkHttpResponse `protobuf:"bytes,3,opt,name=ok_response,json=okResponse,proto3,oneof"` +} + +func (*CheckResponse_DeniedResponse) isCheckResponse_HttpResponse() {} + +func (*CheckResponse_OkResponse) isCheckResponse_HttpResponse() {} + +var File_envoy_service_auth_v3_external_auth_proto protoreflect.FileDescriptor + +var file_envoy_service_auth_v3_external_auth_proto_rawDesc = []byte{ + 0x0a, 0x29, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2f, + 0x61, 0x75, 0x74, 0x68, 0x2f, 0x76, 0x33, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x5f, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x15, 0x65, 0x6e, 0x76, + 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, + 0x76, 0x33, 0x1a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x2f, 0x63, 0x6f, 0x72, 0x65, 0x2f, 0x76, 0x33, 0x2f, 0x62, 0x61, 0x73, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x2d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x76, 0x33, 0x2f, 0x61, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x1f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, + 0x33, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x17, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x72, 0x70, 0x63, 0x2f, 0x73, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x23, 0x65, 0x6e, 0x76, 0x6f, + 0x79, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x64, 0x65, + 0x70, 0x72, 0x65, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, + 0x1d, 0x75, 0x64, 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, + 0x75, 0x64, 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x2f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x22, 0x82, 0x01, 0x0a, 0x0c, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x47, 0x0a, 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x33, 0x2e, 0x41, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, + 0x0a, 0x61, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x3a, 0x29, 0x9a, 0xc5, 0x88, + 0x1e, 0x24, 0x0a, 0x22, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x32, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xcf, 0x01, 0x0a, 0x12, 0x44, 0x65, 0x6e, 0x69, 0x65, + 0x64, 0x48, 0x74, 0x74, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x31, 0x0a, + 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x48, 0x74, + 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x12, 0x41, 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x27, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x3a, 0x2f, 0x9a, 0xc5, 0x88, 0x1e, 0x2a, 0x0a, 0x28, + 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, + 0x74, 0x68, 0x2e, 0x76, 0x32, 0x2e, 0x44, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x48, 0x74, 0x74, 0x70, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0xf7, 0x03, 0x0a, 0x0e, 0x4f, 0x6b, 0x48, + 0x74, 0x74, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x41, 0x0a, 0x07, 0x68, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x65, + 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, + 0x2e, 0x76, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x2a, + 0x0a, 0x11, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x5f, 0x74, 0x6f, 0x5f, 0x72, 0x65, 0x6d, + 0x6f, 0x76, 0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x68, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x54, 0x6f, 0x52, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x12, 0x4f, 0x0a, 0x10, 0x64, 0x79, + 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x42, 0x0b, 0x92, + 0xc7, 0x86, 0xd8, 0x04, 0x03, 0x33, 0x2e, 0x30, 0x18, 0x01, 0x52, 0x0f, 0x64, 0x79, 0x6e, 0x61, + 0x6d, 0x69, 0x63, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x5e, 0x0a, 0x17, 0x72, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x5f, + 0x74, 0x6f, 0x5f, 0x61, 0x64, 0x64, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x65, + 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, + 0x2e, 0x76, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x4f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x14, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x48, + 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x54, 0x6f, 0x41, 0x64, 0x64, 0x12, 0x5b, 0x0a, 0x17, 0x71, + 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x5f, + 0x74, 0x6f, 0x5f, 0x73, 0x65, 0x74, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x65, + 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, + 0x2e, 0x76, 0x33, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, + 0x65, 0x72, 0x52, 0x14, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, + 0x65, 0x72, 0x73, 0x54, 0x6f, 0x53, 0x65, 0x74, 0x12, 0x3b, 0x0a, 0x1a, 0x71, 0x75, 0x65, 0x72, + 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x5f, 0x74, 0x6f, 0x5f, + 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x17, 0x71, 0x75, + 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x54, 0x6f, 0x52, + 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x3a, 0x2b, 0x9a, 0xc5, 0x88, 0x1e, 0x26, 0x0a, 0x24, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, + 0x2e, 0x76, 0x32, 0x2e, 0x4f, 0x6b, 0x48, 0x74, 0x74, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x22, 0xdc, 0x02, 0x0a, 0x0d, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x2a, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x72, 0x70, + 0x63, 0x2e, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x12, 0x54, 0x0a, 0x0f, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x65, 0x6e, 0x76, 0x6f, + 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, + 0x33, 0x2e, 0x44, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x48, 0x74, 0x74, 0x70, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x48, 0x00, 0x52, 0x0e, 0x64, 0x65, 0x6e, 0x69, 0x65, 0x64, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x48, 0x0a, 0x0b, 0x6f, 0x6b, 0x5f, 0x72, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, + 0x2e, 0x76, 0x33, 0x2e, 0x4f, 0x6b, 0x48, 0x74, 0x74, 0x70, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x48, 0x00, 0x52, 0x0a, 0x6f, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x12, 0x42, 0x0a, 0x10, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x6d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, + 0x75, 0x63, 0x74, 0x52, 0x0f, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0x3a, 0x2a, 0x9a, 0xc5, 0x88, 0x1e, 0x25, 0x0a, 0x23, 0x65, 0x6e, 0x76, + 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, + 0x76, 0x32, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, + 0x42, 0x0f, 0x0a, 0x0d, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x32, 0x65, 0x0a, 0x0d, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x54, 0x0a, 0x05, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x23, 0x2e, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x61, 0x75, 0x74, 0x68, + 0x2e, 0x76, 0x33, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x1a, 0x24, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x33, 0x2e, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x87, 0x01, 0xba, 0x80, 0xc8, 0xd1, 0x06, + 0x02, 0x10, 0x02, 0x0a, 0x23, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, + 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x2e, 0x61, 0x75, 0x74, 0x68, 0x2e, 0x76, 0x33, 0x42, 0x11, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x43, 0x67, + 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, + 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, + 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x2f, 0x61, 0x75, 0x74, 0x68, 0x2f, 0x76, 0x33, 0x3b, 0x61, 0x75, 0x74, 0x68, + 0x76, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_envoy_service_auth_v3_external_auth_proto_rawDescOnce sync.Once + file_envoy_service_auth_v3_external_auth_proto_rawDescData = file_envoy_service_auth_v3_external_auth_proto_rawDesc +) + +func file_envoy_service_auth_v3_external_auth_proto_rawDescGZIP() []byte { + file_envoy_service_auth_v3_external_auth_proto_rawDescOnce.Do(func() { + file_envoy_service_auth_v3_external_auth_proto_rawDescData = protoimpl.X.CompressGZIP(file_envoy_service_auth_v3_external_auth_proto_rawDescData) + }) + return file_envoy_service_auth_v3_external_auth_proto_rawDescData +} + +var file_envoy_service_auth_v3_external_auth_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_envoy_service_auth_v3_external_auth_proto_goTypes = []interface{}{ + (*CheckRequest)(nil), // 0: envoy.service.auth.v3.CheckRequest + (*DeniedHttpResponse)(nil), // 1: envoy.service.auth.v3.DeniedHttpResponse + (*OkHttpResponse)(nil), // 2: envoy.service.auth.v3.OkHttpResponse + (*CheckResponse)(nil), // 3: envoy.service.auth.v3.CheckResponse + (*AttributeContext)(nil), // 4: envoy.service.auth.v3.AttributeContext + (*v3.HttpStatus)(nil), // 5: envoy.type.v3.HttpStatus + (*v31.HeaderValueOption)(nil), // 6: envoy.config.core.v3.HeaderValueOption + (*structpb.Struct)(nil), // 7: google.protobuf.Struct + (*v31.QueryParameter)(nil), // 8: envoy.config.core.v3.QueryParameter + (*status.Status)(nil), // 9: google.rpc.Status +} +var file_envoy_service_auth_v3_external_auth_proto_depIdxs = []int32{ + 4, // 0: envoy.service.auth.v3.CheckRequest.attributes:type_name -> envoy.service.auth.v3.AttributeContext + 5, // 1: envoy.service.auth.v3.DeniedHttpResponse.status:type_name -> envoy.type.v3.HttpStatus + 6, // 2: envoy.service.auth.v3.DeniedHttpResponse.headers:type_name -> envoy.config.core.v3.HeaderValueOption + 6, // 3: envoy.service.auth.v3.OkHttpResponse.headers:type_name -> envoy.config.core.v3.HeaderValueOption + 7, // 4: envoy.service.auth.v3.OkHttpResponse.dynamic_metadata:type_name -> google.protobuf.Struct + 6, // 5: envoy.service.auth.v3.OkHttpResponse.response_headers_to_add:type_name -> envoy.config.core.v3.HeaderValueOption + 8, // 6: envoy.service.auth.v3.OkHttpResponse.query_parameters_to_set:type_name -> envoy.config.core.v3.QueryParameter + 9, // 7: envoy.service.auth.v3.CheckResponse.status:type_name -> google.rpc.Status + 1, // 8: envoy.service.auth.v3.CheckResponse.denied_response:type_name -> envoy.service.auth.v3.DeniedHttpResponse + 2, // 9: envoy.service.auth.v3.CheckResponse.ok_response:type_name -> envoy.service.auth.v3.OkHttpResponse + 7, // 10: envoy.service.auth.v3.CheckResponse.dynamic_metadata:type_name -> google.protobuf.Struct + 0, // 11: envoy.service.auth.v3.Authorization.Check:input_type -> envoy.service.auth.v3.CheckRequest + 3, // 12: envoy.service.auth.v3.Authorization.Check:output_type -> envoy.service.auth.v3.CheckResponse + 12, // [12:13] is the sub-list for method output_type + 11, // [11:12] is the sub-list for method input_type + 11, // [11:11] is the sub-list for extension type_name + 11, // [11:11] is the sub-list for extension extendee + 0, // [0:11] is the sub-list for field type_name +} + +func init() { file_envoy_service_auth_v3_external_auth_proto_init() } +func file_envoy_service_auth_v3_external_auth_proto_init() { + if File_envoy_service_auth_v3_external_auth_proto != nil { + return + } + file_envoy_service_auth_v3_attribute_context_proto_init() + if !protoimpl.UnsafeEnabled { + file_envoy_service_auth_v3_external_auth_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CheckRequest); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_envoy_service_auth_v3_external_auth_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DeniedHttpResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_envoy_service_auth_v3_external_auth_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*OkHttpResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_envoy_service_auth_v3_external_auth_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*CheckResponse); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + file_envoy_service_auth_v3_external_auth_proto_msgTypes[3].OneofWrappers = []interface{}{ + (*CheckResponse_DeniedResponse)(nil), + (*CheckResponse_OkResponse)(nil), + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_envoy_service_auth_v3_external_auth_proto_rawDesc, + NumEnums: 0, + NumMessages: 4, + NumExtensions: 0, + NumServices: 1, + }, + GoTypes: file_envoy_service_auth_v3_external_auth_proto_goTypes, + DependencyIndexes: file_envoy_service_auth_v3_external_auth_proto_depIdxs, + MessageInfos: file_envoy_service_auth_v3_external_auth_proto_msgTypes, + }.Build() + File_envoy_service_auth_v3_external_auth_proto = out.File + file_envoy_service_auth_v3_external_auth_proto_rawDesc = nil + file_envoy_service_auth_v3_external_auth_proto_goTypes = nil + file_envoy_service_auth_v3_external_auth_proto_depIdxs = nil +} diff --git a/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth.pb.validate.go b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth.pb.validate.go new file mode 100644 index 00000000..40b2d028 --- /dev/null +++ b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth.pb.validate.go @@ -0,0 +1,808 @@ +//go:build !disable_pgv +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: envoy/service/auth/v3/external_auth.proto + +package authv3 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on CheckRequest with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *CheckRequest) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on CheckRequest with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in CheckRequestMultiError, or +// nil if none found. +func (m *CheckRequest) ValidateAll() error { + return m.validate(true) +} + +func (m *CheckRequest) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetAttributes()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CheckRequestValidationError{ + field: "Attributes", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CheckRequestValidationError{ + field: "Attributes", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetAttributes()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CheckRequestValidationError{ + field: "Attributes", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return CheckRequestMultiError(errors) + } + + return nil +} + +// CheckRequestMultiError is an error wrapping multiple validation errors +// returned by CheckRequest.ValidateAll() if the designated constraints aren't met. +type CheckRequestMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m CheckRequestMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m CheckRequestMultiError) AllErrors() []error { return m } + +// CheckRequestValidationError is the validation error returned by +// CheckRequest.Validate if the designated constraints aren't met. +type CheckRequestValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e CheckRequestValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e CheckRequestValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e CheckRequestValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e CheckRequestValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e CheckRequestValidationError) ErrorName() string { return "CheckRequestValidationError" } + +// Error satisfies the builtin error interface +func (e CheckRequestValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCheckRequest.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = CheckRequestValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = CheckRequestValidationError{} + +// Validate checks the field values on DeniedHttpResponse with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *DeniedHttpResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on DeniedHttpResponse with the rules +// defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// DeniedHttpResponseMultiError, or nil if none found. +func (m *DeniedHttpResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *DeniedHttpResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetStatus()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, DeniedHttpResponseValidationError{ + field: "Status", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, DeniedHttpResponseValidationError{ + field: "Status", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetStatus()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return DeniedHttpResponseValidationError{ + field: "Status", + reason: "embedded message failed validation", + cause: err, + } + } + } + + for idx, item := range m.GetHeaders() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, DeniedHttpResponseValidationError{ + field: fmt.Sprintf("Headers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, DeniedHttpResponseValidationError{ + field: fmt.Sprintf("Headers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return DeniedHttpResponseValidationError{ + field: fmt.Sprintf("Headers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + // no validation rules for Body + + if len(errors) > 0 { + return DeniedHttpResponseMultiError(errors) + } + + return nil +} + +// DeniedHttpResponseMultiError is an error wrapping multiple validation errors +// returned by DeniedHttpResponse.ValidateAll() if the designated constraints +// aren't met. +type DeniedHttpResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m DeniedHttpResponseMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m DeniedHttpResponseMultiError) AllErrors() []error { return m } + +// DeniedHttpResponseValidationError is the validation error returned by +// DeniedHttpResponse.Validate if the designated constraints aren't met. +type DeniedHttpResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e DeniedHttpResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e DeniedHttpResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e DeniedHttpResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e DeniedHttpResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e DeniedHttpResponseValidationError) ErrorName() string { + return "DeniedHttpResponseValidationError" +} + +// Error satisfies the builtin error interface +func (e DeniedHttpResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sDeniedHttpResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = DeniedHttpResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = DeniedHttpResponseValidationError{} + +// Validate checks the field values on OkHttpResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *OkHttpResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on OkHttpResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in OkHttpResponseMultiError, +// or nil if none found. +func (m *OkHttpResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *OkHttpResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + for idx, item := range m.GetHeaders() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, OkHttpResponseValidationError{ + field: fmt.Sprintf("Headers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, OkHttpResponseValidationError{ + field: fmt.Sprintf("Headers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return OkHttpResponseValidationError{ + field: fmt.Sprintf("Headers[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if all { + switch v := interface{}(m.GetDynamicMetadata()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, OkHttpResponseValidationError{ + field: "DynamicMetadata", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, OkHttpResponseValidationError{ + field: "DynamicMetadata", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetDynamicMetadata()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return OkHttpResponseValidationError{ + field: "DynamicMetadata", + reason: "embedded message failed validation", + cause: err, + } + } + } + + for idx, item := range m.GetResponseHeadersToAdd() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, OkHttpResponseValidationError{ + field: fmt.Sprintf("ResponseHeadersToAdd[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, OkHttpResponseValidationError{ + field: fmt.Sprintf("ResponseHeadersToAdd[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return OkHttpResponseValidationError{ + field: fmt.Sprintf("ResponseHeadersToAdd[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + for idx, item := range m.GetQueryParametersToSet() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, OkHttpResponseValidationError{ + field: fmt.Sprintf("QueryParametersToSet[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, OkHttpResponseValidationError{ + field: fmt.Sprintf("QueryParametersToSet[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return OkHttpResponseValidationError{ + field: fmt.Sprintf("QueryParametersToSet[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + if len(errors) > 0 { + return OkHttpResponseMultiError(errors) + } + + return nil +} + +// OkHttpResponseMultiError is an error wrapping multiple validation errors +// returned by OkHttpResponse.ValidateAll() if the designated constraints +// aren't met. +type OkHttpResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m OkHttpResponseMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m OkHttpResponseMultiError) AllErrors() []error { return m } + +// OkHttpResponseValidationError is the validation error returned by +// OkHttpResponse.Validate if the designated constraints aren't met. +type OkHttpResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e OkHttpResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e OkHttpResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e OkHttpResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e OkHttpResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e OkHttpResponseValidationError) ErrorName() string { return "OkHttpResponseValidationError" } + +// Error satisfies the builtin error interface +func (e OkHttpResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sOkHttpResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = OkHttpResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = OkHttpResponseValidationError{} + +// Validate checks the field values on CheckResponse with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *CheckResponse) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on CheckResponse with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in CheckResponseMultiError, or +// nil if none found. +func (m *CheckResponse) ValidateAll() error { + return m.validate(true) +} + +func (m *CheckResponse) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetStatus()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CheckResponseValidationError{ + field: "Status", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CheckResponseValidationError{ + field: "Status", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetStatus()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CheckResponseValidationError{ + field: "Status", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if all { + switch v := interface{}(m.GetDynamicMetadata()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CheckResponseValidationError{ + field: "DynamicMetadata", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CheckResponseValidationError{ + field: "DynamicMetadata", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetDynamicMetadata()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CheckResponseValidationError{ + field: "DynamicMetadata", + reason: "embedded message failed validation", + cause: err, + } + } + } + + switch v := m.HttpResponse.(type) { + case *CheckResponse_DeniedResponse: + if v == nil { + err := CheckResponseValidationError{ + field: "HttpResponse", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetDeniedResponse()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CheckResponseValidationError{ + field: "DeniedResponse", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CheckResponseValidationError{ + field: "DeniedResponse", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetDeniedResponse()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CheckResponseValidationError{ + field: "DeniedResponse", + reason: "embedded message failed validation", + cause: err, + } + } + } + + case *CheckResponse_OkResponse: + if v == nil { + err := CheckResponseValidationError{ + field: "HttpResponse", + reason: "oneof value cannot be a typed-nil", + } + if !all { + return err + } + errors = append(errors, err) + } + + if all { + switch v := interface{}(m.GetOkResponse()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, CheckResponseValidationError{ + field: "OkResponse", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, CheckResponseValidationError{ + field: "OkResponse", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetOkResponse()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return CheckResponseValidationError{ + field: "OkResponse", + reason: "embedded message failed validation", + cause: err, + } + } + } + + default: + _ = v // ensures v is used + } + + if len(errors) > 0 { + return CheckResponseMultiError(errors) + } + + return nil +} + +// CheckResponseMultiError is an error wrapping multiple validation errors +// returned by CheckResponse.ValidateAll() if the designated constraints +// aren't met. +type CheckResponseMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m CheckResponseMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m CheckResponseMultiError) AllErrors() []error { return m } + +// CheckResponseValidationError is the validation error returned by +// CheckResponse.Validate if the designated constraints aren't met. +type CheckResponseValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e CheckResponseValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e CheckResponseValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e CheckResponseValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e CheckResponseValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e CheckResponseValidationError) ErrorName() string { return "CheckResponseValidationError" } + +// Error satisfies the builtin error interface +func (e CheckResponseValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sCheckResponse.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = CheckResponseValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = CheckResponseValidationError{} diff --git a/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth_grpc.pb.go b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth_grpc.pb.go new file mode 100644 index 00000000..47980d4c --- /dev/null +++ b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth_grpc.pb.go @@ -0,0 +1,111 @@ +// Code generated by protoc-gen-go-grpc. DO NOT EDIT. +// versions: +// - protoc-gen-go-grpc v1.3.0 +// - protoc v5.29.3 +// source: envoy/service/auth/v3/external_auth.proto + +package authv3 + +import ( + context "context" + grpc "google.golang.org/grpc" + codes "google.golang.org/grpc/codes" + status "google.golang.org/grpc/status" +) + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the grpc package it is being compiled against. +// Requires gRPC-Go v1.32.0 or later. +const _ = grpc.SupportPackageIsVersion7 + +const ( + Authorization_Check_FullMethodName = "/envoy.service.auth.v3.Authorization/Check" +) + +// AuthorizationClient is the client API for Authorization service. +// +// For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. +type AuthorizationClient interface { + // Performs authorization check based on the attributes associated with the + // incoming request, and returns status `OK` or not `OK`. + Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) +} + +type authorizationClient struct { + cc grpc.ClientConnInterface +} + +func NewAuthorizationClient(cc grpc.ClientConnInterface) AuthorizationClient { + return &authorizationClient{cc} +} + +func (c *authorizationClient) Check(ctx context.Context, in *CheckRequest, opts ...grpc.CallOption) (*CheckResponse, error) { + out := new(CheckResponse) + err := c.cc.Invoke(ctx, Authorization_Check_FullMethodName, in, out, opts...) + if err != nil { + return nil, err + } + return out, nil +} + +// AuthorizationServer is the server API for Authorization service. +// All implementations should embed UnimplementedAuthorizationServer +// for forward compatibility +type AuthorizationServer interface { + // Performs authorization check based on the attributes associated with the + // incoming request, and returns status `OK` or not `OK`. + Check(context.Context, *CheckRequest) (*CheckResponse, error) +} + +// UnimplementedAuthorizationServer should be embedded to have forward compatible implementations. +type UnimplementedAuthorizationServer struct { +} + +func (UnimplementedAuthorizationServer) Check(context.Context, *CheckRequest) (*CheckResponse, error) { + return nil, status.Errorf(codes.Unimplemented, "method Check not implemented") +} + +// UnsafeAuthorizationServer may be embedded to opt out of forward compatibility for this service. +// Use of this interface is not recommended, as added methods to AuthorizationServer will +// result in compilation errors. +type UnsafeAuthorizationServer interface { + mustEmbedUnimplementedAuthorizationServer() +} + +func RegisterAuthorizationServer(s grpc.ServiceRegistrar, srv AuthorizationServer) { + s.RegisterService(&Authorization_ServiceDesc, srv) +} + +func _Authorization_Check_Handler(srv interface{}, ctx context.Context, dec func(interface{}) error, interceptor grpc.UnaryServerInterceptor) (interface{}, error) { + in := new(CheckRequest) + if err := dec(in); err != nil { + return nil, err + } + if interceptor == nil { + return srv.(AuthorizationServer).Check(ctx, in) + } + info := &grpc.UnaryServerInfo{ + Server: srv, + FullMethod: Authorization_Check_FullMethodName, + } + handler := func(ctx context.Context, req interface{}) (interface{}, error) { + return srv.(AuthorizationServer).Check(ctx, req.(*CheckRequest)) + } + return interceptor(ctx, in, info, handler) +} + +// Authorization_ServiceDesc is the grpc.ServiceDesc for Authorization service. +// It's only intended for direct use with grpc.RegisterService, +// and not to be introspected or modified (even as a copy) +var Authorization_ServiceDesc = grpc.ServiceDesc{ + ServiceName: "envoy.service.auth.v3.Authorization", + HandlerType: (*AuthorizationServer)(nil), + Methods: []grpc.MethodDesc{ + { + MethodName: "Check", + Handler: _Authorization_Check_Handler, + }, + }, + Streams: []grpc.StreamDesc{}, + Metadata: "envoy/service/auth/v3/external_auth.proto", +} diff --git a/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth_vtproto.pb.go b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth_vtproto.pb.go new file mode 100644 index 00000000..3357d3ae --- /dev/null +++ b/vendor/github.com/envoyproxy/go-control-plane/envoy/service/auth/v3/external_auth_vtproto.pb.go @@ -0,0 +1,576 @@ +//go:build vtprotobuf +// +build vtprotobuf + +// Code generated by protoc-gen-go-vtproto. DO NOT EDIT. +// source: envoy/service/auth/v3/external_auth.proto + +package authv3 + +import ( + protohelpers "github.com/planetscale/vtprotobuf/protohelpers" + structpb "github.com/planetscale/vtprotobuf/types/known/structpb" + proto "google.golang.org/protobuf/proto" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +func (m *CheckRequest) MarshalVTStrict() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVTStrict(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CheckRequest) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *CheckRequest) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if m.Attributes != nil { + size, err := m.Attributes.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *DeniedHttpResponse) MarshalVTStrict() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVTStrict(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *DeniedHttpResponse) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *DeniedHttpResponse) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if len(m.Body) > 0 { + i -= len(m.Body) + copy(dAtA[i:], m.Body) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.Body))) + i-- + dAtA[i] = 0x1a + } + if len(m.Headers) > 0 { + for iNdEx := len(m.Headers) - 1; iNdEx >= 0; iNdEx-- { + if vtmsg, ok := interface{}(m.Headers[iNdEx]).(interface { + MarshalToSizedBufferVTStrict([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.Headers[iNdEx]) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0x12 + } + } + if m.Status != nil { + if vtmsg, ok := interface{}(m.Status).(interface { + MarshalToSizedBufferVTStrict([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.Status) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *OkHttpResponse) MarshalVTStrict() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVTStrict(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *OkHttpResponse) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *OkHttpResponse) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if len(m.QueryParametersToRemove) > 0 { + for iNdEx := len(m.QueryParametersToRemove) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.QueryParametersToRemove[iNdEx]) + copy(dAtA[i:], m.QueryParametersToRemove[iNdEx]) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.QueryParametersToRemove[iNdEx]))) + i-- + dAtA[i] = 0x42 + } + } + if len(m.QueryParametersToSet) > 0 { + for iNdEx := len(m.QueryParametersToSet) - 1; iNdEx >= 0; iNdEx-- { + if vtmsg, ok := interface{}(m.QueryParametersToSet[iNdEx]).(interface { + MarshalToSizedBufferVTStrict([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.QueryParametersToSet[iNdEx]) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0x3a + } + } + if len(m.ResponseHeadersToAdd) > 0 { + for iNdEx := len(m.ResponseHeadersToAdd) - 1; iNdEx >= 0; iNdEx-- { + if vtmsg, ok := interface{}(m.ResponseHeadersToAdd[iNdEx]).(interface { + MarshalToSizedBufferVTStrict([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.ResponseHeadersToAdd[iNdEx]) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0x32 + } + } + if len(m.HeadersToRemove) > 0 { + for iNdEx := len(m.HeadersToRemove) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.HeadersToRemove[iNdEx]) + copy(dAtA[i:], m.HeadersToRemove[iNdEx]) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(m.HeadersToRemove[iNdEx]))) + i-- + dAtA[i] = 0x2a + } + } + if m.DynamicMetadata != nil { + size, err := (*structpb.Struct)(m.DynamicMetadata).MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x1a + } + if len(m.Headers) > 0 { + for iNdEx := len(m.Headers) - 1; iNdEx >= 0; iNdEx-- { + if vtmsg, ok := interface{}(m.Headers[iNdEx]).(interface { + MarshalToSizedBufferVTStrict([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.Headers[iNdEx]) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0x12 + } + } + return len(dAtA) - i, nil +} + +func (m *CheckResponse) MarshalVTStrict() (dAtA []byte, err error) { + if m == nil { + return nil, nil + } + size := m.SizeVT() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBufferVTStrict(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *CheckResponse) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *CheckResponse) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + if m == nil { + return 0, nil + } + i := len(dAtA) + _ = i + var l int + _ = l + if m.unknownFields != nil { + i -= len(m.unknownFields) + copy(dAtA[i:], m.unknownFields) + } + if m.DynamicMetadata != nil { + size, err := (*structpb.Struct)(m.DynamicMetadata).MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x22 + } + if msg, ok := m.HttpResponse.(*CheckResponse_OkResponse); ok { + size, err := msg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + } + if msg, ok := m.HttpResponse.(*CheckResponse_DeniedResponse); ok { + size, err := msg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + } + if m.Status != nil { + if vtmsg, ok := interface{}(m.Status).(interface { + MarshalToSizedBufferVTStrict([]byte) (int, error) + }); ok { + size, err := vtmsg.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + } else { + encoded, err := proto.Marshal(m.Status) + if err != nil { + return 0, err + } + i -= len(encoded) + copy(dAtA[i:], encoded) + i = protohelpers.EncodeVarint(dAtA, i, uint64(len(encoded))) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *CheckResponse_DeniedResponse) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *CheckResponse_DeniedResponse) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + i := len(dAtA) + if m.DeniedResponse != nil { + size, err := m.DeniedResponse.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x12 + } else { + i = protohelpers.EncodeVarint(dAtA, i, 0) + i-- + dAtA[i] = 0x12 + } + return len(dAtA) - i, nil +} +func (m *CheckResponse_OkResponse) MarshalToVTStrict(dAtA []byte) (int, error) { + size := m.SizeVT() + return m.MarshalToSizedBufferVTStrict(dAtA[:size]) +} + +func (m *CheckResponse_OkResponse) MarshalToSizedBufferVTStrict(dAtA []byte) (int, error) { + i := len(dAtA) + if m.OkResponse != nil { + size, err := m.OkResponse.MarshalToSizedBufferVTStrict(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = protohelpers.EncodeVarint(dAtA, i, uint64(size)) + i-- + dAtA[i] = 0x1a + } else { + i = protohelpers.EncodeVarint(dAtA, i, 0) + i-- + dAtA[i] = 0x1a + } + return len(dAtA) - i, nil +} +func (m *CheckRequest) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Attributes != nil { + l = m.Attributes.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + n += len(m.unknownFields) + return n +} + +func (m *DeniedHttpResponse) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Status != nil { + if size, ok := interface{}(m.Status).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(m.Status) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if len(m.Headers) > 0 { + for _, e := range m.Headers { + if size, ok := interface{}(e).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(e) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + } + l = len(m.Body) + if l > 0 { + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + n += len(m.unknownFields) + return n +} + +func (m *OkHttpResponse) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if len(m.Headers) > 0 { + for _, e := range m.Headers { + if size, ok := interface{}(e).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(e) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + } + if m.DynamicMetadata != nil { + l = (*structpb.Struct)(m.DynamicMetadata).SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if len(m.HeadersToRemove) > 0 { + for _, s := range m.HeadersToRemove { + l = len(s) + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + } + if len(m.ResponseHeadersToAdd) > 0 { + for _, e := range m.ResponseHeadersToAdd { + if size, ok := interface{}(e).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(e) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + } + if len(m.QueryParametersToSet) > 0 { + for _, e := range m.QueryParametersToSet { + if size, ok := interface{}(e).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(e) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + } + if len(m.QueryParametersToRemove) > 0 { + for _, s := range m.QueryParametersToRemove { + l = len(s) + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + } + n += len(m.unknownFields) + return n +} + +func (m *CheckResponse) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Status != nil { + if size, ok := interface{}(m.Status).(interface { + SizeVT() int + }); ok { + l = size.SizeVT() + } else { + l = proto.Size(m.Status) + } + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + if vtmsg, ok := m.HttpResponse.(interface{ SizeVT() int }); ok { + n += vtmsg.SizeVT() + } + if m.DynamicMetadata != nil { + l = (*structpb.Struct)(m.DynamicMetadata).SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } + n += len(m.unknownFields) + return n +} + +func (m *CheckResponse_DeniedResponse) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.DeniedResponse != nil { + l = m.DeniedResponse.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } else { + n += 2 + } + return n +} +func (m *CheckResponse_OkResponse) SizeVT() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.OkResponse != nil { + l = m.OkResponse.SizeVT() + n += 1 + l + protohelpers.SizeOfVarint(uint64(l)) + } else { + n += 2 + } + return n +} |