diff --git a/api/bazel/repository_locations.bzl b/api/bazel/repository_locations.bzl index 77539ee9b109..225497125c61 100644 --- a/api/bazel/repository_locations.bzl +++ b/api/bazel/repository_locations.bzl @@ -33,7 +33,7 @@ REPOSITORY_LOCATIONS = dict( urls = ["https://github.com/envoyproxy/protoc-gen-validate/archive/" + PGV_GIT_SHA + ".tar.gz"], ), com_google_googleapis = dict( - # TODO(dio): Consider writing a Skylark macro for importing Google API proto. + # TODO(dio): Consider writing a Starlark macro for importing Google API proto. sha256 = GOOGLEAPIS_SHA, strip_prefix = "googleapis-" + GOOGLEAPIS_GIT_SHA, urls = ["https://github.com/googleapis/googleapis/archive/" + GOOGLEAPIS_GIT_SHA + ".tar.gz"], diff --git a/api/envoy/extensions/transport_sockets/tls/v3/meshca.proto b/api/envoy/extensions/transport_sockets/tls/v3/meshca.proto new file mode 100644 index 000000000000..bcdf3ad74a0a --- /dev/null +++ b/api/envoy/extensions/transport_sockets/tls/v3/meshca.proto @@ -0,0 +1,56 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.tls.v3; + +import "envoy/config/core/v3/config_source.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v3"; +option java_outer_classname = "MeshcaProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: GoogleMeshCA Configuration] +// GoogleMeshCaConfig contains all configuration parameters required by the +// MeshCA CertificateProvider plugin implementation. +// [#next-free-field: 7] +message GoogleMeshCaConfig { + // Type of key to be embedded in CSRs sent to the MeshCA. + enum KeyType { + KEY_TYPE_UNKNOWN = 0; + KEY_TYPE_RSA = 1; + } + + // GoogleMeshCA server endpoint to get CSRs signed via the *CreateCertificate* + // unary call. This must have :ref:`api_type + // ` :ref:`GRPC + // `. + // STS based call credentials need to be supplied in :ref:`call_credentials + // `. + // If :ref:`timeout envoy_api_field_config.core.v3.GrpcService.timeout` is + // left unspecified, a default value of 10s will be used. + config.core.v3.ApiConfigSource server = 1; + + // Certificate lifetime to request in CSRs sent to the MeshCA. + // A default value of 24h will be used if left unspecified. + google.protobuf.Duration certificate_lifetime = 2; + + // How long before certificate expiration to renew the certificate. + // A default value of 12h will be used if left unspecified. + google.protobuf.Duration renewal_grace_period = 3; + + // Type of key. + // RSA keys will be used if left unspecified. + KeyType key_type = 4; + + // Size of the key in bits. + // 2048 bit keys will be used if left unspecified. + uint32 key_size = 5; + + // GCE zone where the workload is located. + // GCE/GKE Metadata Server will be contacted if left unspecified. + string gce_compute_zone = 6; +} diff --git a/api/envoy/extensions/transport_sockets/tls/v4alpha/meshca.proto b/api/envoy/extensions/transport_sockets/tls/v4alpha/meshca.proto new file mode 100644 index 000000000000..13c6a96e96a8 --- /dev/null +++ b/api/envoy/extensions/transport_sockets/tls/v4alpha/meshca.proto @@ -0,0 +1,60 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.tls.v4alpha; + +import "envoy/config/core/v4alpha/config_source.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v4alpha"; +option java_outer_classname = "MeshcaProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: GoogleMeshCA Configuration] +// GoogleMeshCaConfig contains all configuration parameters required by the +// MeshCA CertificateProvider plugin implementation. +// [#next-free-field: 7] +message GoogleMeshCaConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.GoogleMeshCaConfig"; + + // Type of key to be embedded in CSRs sent to the MeshCA. + enum KeyType { + KEY_TYPE_UNKNOWN = 0; + KEY_TYPE_RSA = 1; + } + + // GoogleMeshCA server endpoint to get CSRs signed via the *CreateCertificate* + // unary call. This must have :ref:`api_type + // ` :ref:`GRPC + // `. + // STS based call credentials need to be supplied in :ref:`call_credentials + // `. + // If :ref:`timeout envoy_api_field_config.core.v3.GrpcService.timeout` is + // left unspecified, a default value of 10s will be used. + config.core.v4alpha.ApiConfigSource server = 1; + + // Certificate lifetime to request in CSRs sent to the MeshCA. + // A default value of 24h will be used if left unspecified. + google.protobuf.Duration certificate_lifetime = 2; + + // How long before certificate expiration to renew the certificate. + // A default value of 12h will be used if left unspecified. + google.protobuf.Duration renewal_grace_period = 3; + + // Type of key. + // RSA keys will be used if left unspecified. + KeyType key_type = 4; + + // Size of the key in bits. + // 2048 bit keys will be used if left unspecified. + uint32 key_size = 5; + + // GCE zone where the workload is located. + // GCE/GKE Metadata Server will be contacted if left unspecified. + string gce_compute_zone = 6; +} diff --git a/bazel/envoy_library.bzl b/bazel/envoy_library.bzl index 6f8c56497093..40cd6683836e 100644 --- a/bazel/envoy_library.bzl +++ b/bazel/envoy_library.bzl @@ -21,7 +21,7 @@ def tcmalloc_external_deps(repository): # Envoy C++ library targets that need no transformations or additional dependencies before being # passed to cc_library should be specified with this function. Note: this exists to ensure that -# all envoy targets pass through an envoy-declared skylark function where they can be modified +# all envoy targets pass through an envoy-declared starlark function where they can be modified # before being passed to a native bazel function. def envoy_basic_cc_library(name, deps = [], external_deps = [], **kargs): cc_library( diff --git a/bazel/genrule_repository.bzl b/bazel/genrule_repository.bzl index ff4e6fe9dcaa..28f37adfe55c 100644 --- a/bazel/genrule_repository.bzl +++ b/bazel/genrule_repository.bzl @@ -68,7 +68,7 @@ def _genrule_cc_deps(ctx): genrule_cc_deps = rule( attrs = { "deps": attr.label_list( - providers = [], # CcSkylarkApiProvider + providers = [], # CcStarlarkApiProvider mandatory = True, allow_empty = False, ), diff --git a/generated_api_shadow/bazel/repository_locations.bzl b/generated_api_shadow/bazel/repository_locations.bzl index 77539ee9b109..225497125c61 100644 --- a/generated_api_shadow/bazel/repository_locations.bzl +++ b/generated_api_shadow/bazel/repository_locations.bzl @@ -33,7 +33,7 @@ REPOSITORY_LOCATIONS = dict( urls = ["https://github.com/envoyproxy/protoc-gen-validate/archive/" + PGV_GIT_SHA + ".tar.gz"], ), com_google_googleapis = dict( - # TODO(dio): Consider writing a Skylark macro for importing Google API proto. + # TODO(dio): Consider writing a Starlark macro for importing Google API proto. sha256 = GOOGLEAPIS_SHA, strip_prefix = "googleapis-" + GOOGLEAPIS_GIT_SHA, urls = ["https://github.com/googleapis/googleapis/archive/" + GOOGLEAPIS_GIT_SHA + ".tar.gz"], diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/tls/v3/meshca.proto b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v3/meshca.proto new file mode 100644 index 000000000000..bcdf3ad74a0a --- /dev/null +++ b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v3/meshca.proto @@ -0,0 +1,56 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.tls.v3; + +import "envoy/config/core/v3/config_source.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v3"; +option java_outer_classname = "MeshcaProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = ACTIVE; + +// [#protodoc-title: GoogleMeshCA Configuration] +// GoogleMeshCaConfig contains all configuration parameters required by the +// MeshCA CertificateProvider plugin implementation. +// [#next-free-field: 7] +message GoogleMeshCaConfig { + // Type of key to be embedded in CSRs sent to the MeshCA. + enum KeyType { + KEY_TYPE_UNKNOWN = 0; + KEY_TYPE_RSA = 1; + } + + // GoogleMeshCA server endpoint to get CSRs signed via the *CreateCertificate* + // unary call. This must have :ref:`api_type + // ` :ref:`GRPC + // `. + // STS based call credentials need to be supplied in :ref:`call_credentials + // `. + // If :ref:`timeout envoy_api_field_config.core.v3.GrpcService.timeout` is + // left unspecified, a default value of 10s will be used. + config.core.v3.ApiConfigSource server = 1; + + // Certificate lifetime to request in CSRs sent to the MeshCA. + // A default value of 24h will be used if left unspecified. + google.protobuf.Duration certificate_lifetime = 2; + + // How long before certificate expiration to renew the certificate. + // A default value of 12h will be used if left unspecified. + google.protobuf.Duration renewal_grace_period = 3; + + // Type of key. + // RSA keys will be used if left unspecified. + KeyType key_type = 4; + + // Size of the key in bits. + // 2048 bit keys will be used if left unspecified. + uint32 key_size = 5; + + // GCE zone where the workload is located. + // GCE/GKE Metadata Server will be contacted if left unspecified. + string gce_compute_zone = 6; +} diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/tls/v4alpha/meshca.proto b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v4alpha/meshca.proto new file mode 100644 index 000000000000..13c6a96e96a8 --- /dev/null +++ b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v4alpha/meshca.proto @@ -0,0 +1,60 @@ +syntax = "proto3"; + +package envoy.extensions.transport_sockets.tls.v4alpha; + +import "envoy/config/core/v4alpha/config_source.proto"; + +import "google/protobuf/duration.proto"; + +import "udpa/annotations/status.proto"; +import "udpa/annotations/versioning.proto"; + +option java_package = "io.envoyproxy.envoy.extensions.transport_sockets.tls.v4alpha"; +option java_outer_classname = "MeshcaProto"; +option java_multiple_files = true; +option (udpa.annotations.file_status).package_version_status = NEXT_MAJOR_VERSION_CANDIDATE; + +// [#protodoc-title: GoogleMeshCA Configuration] +// GoogleMeshCaConfig contains all configuration parameters required by the +// MeshCA CertificateProvider plugin implementation. +// [#next-free-field: 7] +message GoogleMeshCaConfig { + option (udpa.annotations.versioning).previous_message_type = + "envoy.extensions.transport_sockets.tls.v3.GoogleMeshCaConfig"; + + // Type of key to be embedded in CSRs sent to the MeshCA. + enum KeyType { + KEY_TYPE_UNKNOWN = 0; + KEY_TYPE_RSA = 1; + } + + // GoogleMeshCA server endpoint to get CSRs signed via the *CreateCertificate* + // unary call. This must have :ref:`api_type + // ` :ref:`GRPC + // `. + // STS based call credentials need to be supplied in :ref:`call_credentials + // `. + // If :ref:`timeout envoy_api_field_config.core.v3.GrpcService.timeout` is + // left unspecified, a default value of 10s will be used. + config.core.v4alpha.ApiConfigSource server = 1; + + // Certificate lifetime to request in CSRs sent to the MeshCA. + // A default value of 24h will be used if left unspecified. + google.protobuf.Duration certificate_lifetime = 2; + + // How long before certificate expiration to renew the certificate. + // A default value of 12h will be used if left unspecified. + google.protobuf.Duration renewal_grace_period = 3; + + // Type of key. + // RSA keys will be used if left unspecified. + KeyType key_type = 4; + + // Size of the key in bits. + // 2048 bit keys will be used if left unspecified. + uint32 key_size = 5; + + // GCE zone where the workload is located. + // GCE/GKE Metadata Server will be contacted if left unspecified. + string gce_compute_zone = 6; +} diff --git a/tools/protodoc/protodoc.bzl b/tools/protodoc/protodoc.bzl index b25ae7a3577d..0ed26121fe6a 100644 --- a/tools/protodoc/protodoc.bzl +++ b/tools/protodoc/protodoc.bzl @@ -3,7 +3,7 @@ load("//tools/api_proto_plugin:plugin.bzl", "api_proto_plugin_aspect", "api_prot def _protodoc_impl(target, ctx): return api_proto_plugin_impl(target, ctx, "rst", "protodoc", [".rst"]) -# Bazel aspect (https://docs.bazel.build/versions/master/skylark/aspects.html) +# Bazel aspect (https://docs.bazel.build/versions/master/starlark/aspects.html) # that can be invoked from the CLI to produce docs via //tools/protodoc for # proto_library targets. Example use: # diff --git a/tools/protoxform/protoxform.bzl b/tools/protoxform/protoxform.bzl index d3ea80534896..abdbac95b396 100644 --- a/tools/protoxform/protoxform.bzl +++ b/tools/protoxform/protoxform.bzl @@ -13,7 +13,7 @@ def _protoxform_impl(target, ctx): ], ) -# Bazel aspect (https://docs.bazel.build/versions/master/skylark/aspects.html) +# Bazel aspect (https://docs.bazel.build/versions/master/starlark/aspects.html) # that can be invoked from the CLI to perform API transforms via //tools/protoxform for # proto_library targets. Example use: # diff --git a/tools/spelling/spelling_dictionary.txt b/tools/spelling/spelling_dictionary.txt index de6d46a15875..18bdac91ebf0 100644 --- a/tools/spelling/spelling_dictionary.txt +++ b/tools/spelling/spelling_dictionary.txt @@ -116,6 +116,7 @@ GCM GCOVR GCP GETting +GKE GLB GOAWAY GRPC diff --git a/tools/type_whisperer/type_whisperer.bzl b/tools/type_whisperer/type_whisperer.bzl index 248b1752eeb6..b9df280829ad 100644 --- a/tools/type_whisperer/type_whisperer.bzl +++ b/tools/type_whisperer/type_whisperer.bzl @@ -3,7 +3,7 @@ load("//tools/api_proto_plugin:plugin.bzl", "api_proto_plugin_aspect", "api_prot def _type_whisperer_impl(target, ctx): return api_proto_plugin_impl(target, ctx, "types_pb_text", "TypeWhisperer", [".types.pb_text"]) -# Bazel aspect (https://docs.bazel.build/versions/master/skylark/aspects.html) +# Bazel aspect (https://docs.bazel.build/versions/master/starlark/aspects.html) # that can be invoked from the CLI to perform API type analysis via //tools/type_whisperer for # proto_library targets. Example use: #