1// Code generated by protoc-gen-gogo. DO NOT EDIT. 2// source: authentication/v1alpha1/policy.proto 3 4// This package defines user-facing authentication policy. 5 6package v1alpha1 7 8import ( 9 fmt "fmt" 10 proto "github.com/gogo/protobuf/proto" 11 io "io" 12 _ "istio.io/gogo-genproto/googleapis/google/api" 13 math "math" 14 math_bits "math/bits" 15) 16 17// Reference imports to suppress errors if they are not otherwise used. 18var _ = proto.Marshal 19var _ = fmt.Errorf 20var _ = math.Inf 21 22// This is a compile-time assertion to ensure that this generated file 23// is compatible with the proto package it is being compiled against. 24// A compilation error at this line likely means your copy of the 25// proto package needs to be updated. 26const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package 27 28// $hide_from_docs 29// Deprecated. When using security/v1beta1/RequestAuthentication, the request principal always 30// comes from request authentication (i.e JWT). 31// Associates authentication with request principal. 32type PrincipalBinding int32 33 34const ( 35 // Principal will be set to the identity from peer authentication. 36 PrincipalBinding_USE_PEER PrincipalBinding = 0 37 // Principal will be set to the identity from origin authentication. 38 PrincipalBinding_USE_ORIGIN PrincipalBinding = 1 39) 40 41var PrincipalBinding_name = map[int32]string{ 42 0: "USE_PEER", 43 1: "USE_ORIGIN", 44} 45 46var PrincipalBinding_value = map[string]int32{ 47 "USE_PEER": 0, 48 "USE_ORIGIN": 1, 49} 50 51func (x PrincipalBinding) String() string { 52 return proto.EnumName(PrincipalBinding_name, int32(x)) 53} 54 55func (PrincipalBinding) EnumDescriptor() ([]byte, []int) { 56 return fileDescriptor_30ec3f7cef93301a, []int{0} 57} 58 59// $hide_from_docs 60// Defines the acceptable connection TLS mode. 61type MutualTls_Mode int32 62 63const ( 64 // Client cert must be presented, connection is in TLS. 65 MutualTls_STRICT MutualTls_Mode = 0 66 // Connection can be either plaintext or TLS with Client cert. 67 MutualTls_PERMISSIVE MutualTls_Mode = 1 68) 69 70var MutualTls_Mode_name = map[int32]string{ 71 0: "STRICT", 72 1: "PERMISSIVE", 73} 74 75var MutualTls_Mode_value = map[string]int32{ 76 "STRICT": 0, 77 "PERMISSIVE": 1, 78} 79 80func (x MutualTls_Mode) String() string { 81 return proto.EnumName(MutualTls_Mode_name, int32(x)) 82} 83 84func (MutualTls_Mode) EnumDescriptor() ([]byte, []int) { 85 return fileDescriptor_30ec3f7cef93301a, []int{1, 0} 86} 87 88// $hide_from_docs 89// Describes how to match a given string. Match is case-sensitive. 90type StringMatch struct { 91 // Types that are valid to be assigned to MatchType: 92 // *StringMatch_Exact 93 // *StringMatch_Prefix 94 // *StringMatch_Suffix 95 // *StringMatch_Regex 96 MatchType isStringMatch_MatchType `protobuf_oneof:"match_type"` 97 XXX_NoUnkeyedLiteral struct{} `json:"-"` 98 XXX_unrecognized []byte `json:"-"` 99 XXX_sizecache int32 `json:"-"` 100} 101 102func (m *StringMatch) Reset() { *m = StringMatch{} } 103func (m *StringMatch) String() string { return proto.CompactTextString(m) } 104func (*StringMatch) ProtoMessage() {} 105func (*StringMatch) Descriptor() ([]byte, []int) { 106 return fileDescriptor_30ec3f7cef93301a, []int{0} 107} 108func (m *StringMatch) XXX_Unmarshal(b []byte) error { 109 return m.Unmarshal(b) 110} 111func (m *StringMatch) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { 112 if deterministic { 113 return xxx_messageInfo_StringMatch.Marshal(b, m, deterministic) 114 } else { 115 b = b[:cap(b)] 116 n, err := m.MarshalToSizedBuffer(b) 117 if err != nil { 118 return nil, err 119 } 120 return b[:n], nil 121 } 122} 123func (m *StringMatch) XXX_Merge(src proto.Message) { 124 xxx_messageInfo_StringMatch.Merge(m, src) 125} 126func (m *StringMatch) XXX_Size() int { 127 return m.Size() 128} 129func (m *StringMatch) XXX_DiscardUnknown() { 130 xxx_messageInfo_StringMatch.DiscardUnknown(m) 131} 132 133var xxx_messageInfo_StringMatch proto.InternalMessageInfo 134 135type isStringMatch_MatchType interface { 136 isStringMatch_MatchType() 137 MarshalTo([]byte) (int, error) 138 Size() int 139} 140 141type StringMatch_Exact struct { 142 Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"` 143} 144type StringMatch_Prefix struct { 145 Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"` 146} 147type StringMatch_Suffix struct { 148 Suffix string `protobuf:"bytes,3,opt,name=suffix,proto3,oneof"` 149} 150type StringMatch_Regex struct { 151 Regex string `protobuf:"bytes,4,opt,name=regex,proto3,oneof"` 152} 153 154func (*StringMatch_Exact) isStringMatch_MatchType() {} 155func (*StringMatch_Prefix) isStringMatch_MatchType() {} 156func (*StringMatch_Suffix) isStringMatch_MatchType() {} 157func (*StringMatch_Regex) isStringMatch_MatchType() {} 158 159func (m *StringMatch) GetMatchType() isStringMatch_MatchType { 160 if m != nil { 161 return m.MatchType 162 } 163 return nil 164} 165 166func (m *StringMatch) GetExact() string { 167 if x, ok := m.GetMatchType().(*StringMatch_Exact); ok { 168 return x.Exact 169 } 170 return "" 171} 172 173func (m *StringMatch) GetPrefix() string { 174 if x, ok := m.GetMatchType().(*StringMatch_Prefix); ok { 175 return x.Prefix 176 } 177 return "" 178} 179 180func (m *StringMatch) GetSuffix() string { 181 if x, ok := m.GetMatchType().(*StringMatch_Suffix); ok { 182 return x.Suffix 183 } 184 return "" 185} 186 187func (m *StringMatch) GetRegex() string { 188 if x, ok := m.GetMatchType().(*StringMatch_Regex); ok { 189 return x.Regex 190 } 191 return "" 192} 193 194// XXX_OneofWrappers is for the internal use of the proto package. 195func (*StringMatch) XXX_OneofWrappers() []interface{} { 196 return []interface{}{ 197 (*StringMatch_Exact)(nil), 198 (*StringMatch_Prefix)(nil), 199 (*StringMatch_Suffix)(nil), 200 (*StringMatch_Regex)(nil), 201 } 202} 203 204// $hide_from_docs 205// Deprecated. Please use security/v1beta1/PeerAuthentication instead. 206// TLS authentication params. 207type MutualTls struct { 208 // Deprecated. Please use mode = PERMISSIVE instead. 209 // If set, will translate to `TLS_PERMISSIVE` mode. 210 // Set this flag to true to allow regular TLS (i.e without client x509 211 // certificate). If request carries client certificate, identity will be 212 // extracted and used (set to peer identity). Otherwise, peer identity will 213 // be left unset. 214 // When the flag is false (default), request must have client certificate. 215 AllowTls bool `protobuf:"varint,1,opt,name=allow_tls,json=allowTls,proto3" json:"allow_tls,omitempty"` // Deprecated: Do not use. 216 // Defines the mode of mTLS authentication. 217 Mode MutualTls_Mode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.authentication.v1alpha1.MutualTls_Mode" json:"mode,omitempty"` 218 XXX_NoUnkeyedLiteral struct{} `json:"-"` 219 XXX_unrecognized []byte `json:"-"` 220 XXX_sizecache int32 `json:"-"` 221} 222 223func (m *MutualTls) Reset() { *m = MutualTls{} } 224func (m *MutualTls) String() string { return proto.CompactTextString(m) } 225func (*MutualTls) ProtoMessage() {} 226func (*MutualTls) Descriptor() ([]byte, []int) { 227 return fileDescriptor_30ec3f7cef93301a, []int{1} 228} 229func (m *MutualTls) XXX_Unmarshal(b []byte) error { 230 return m.Unmarshal(b) 231} 232func (m *MutualTls) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { 233 if deterministic { 234 return xxx_messageInfo_MutualTls.Marshal(b, m, deterministic) 235 } else { 236 b = b[:cap(b)] 237 n, err := m.MarshalToSizedBuffer(b) 238 if err != nil { 239 return nil, err 240 } 241 return b[:n], nil 242 } 243} 244func (m *MutualTls) XXX_Merge(src proto.Message) { 245 xxx_messageInfo_MutualTls.Merge(m, src) 246} 247func (m *MutualTls) XXX_Size() int { 248 return m.Size() 249} 250func (m *MutualTls) XXX_DiscardUnknown() { 251 xxx_messageInfo_MutualTls.DiscardUnknown(m) 252} 253 254var xxx_messageInfo_MutualTls proto.InternalMessageInfo 255 256// Deprecated: Do not use. 257func (m *MutualTls) GetAllowTls() bool { 258 if m != nil { 259 return m.AllowTls 260 } 261 return false 262} 263 264func (m *MutualTls) GetMode() MutualTls_Mode { 265 if m != nil { 266 return m.Mode 267 } 268 return MutualTls_STRICT 269} 270 271// $hide_from_docs 272// Deprecated. Please use security/v1beta1/RequestAuthentication instead. 273// JSON Web Token (JWT) token format for authentication as defined by 274// [RFC 7519](https://tools.ietf.org/html/rfc7519). See [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and 275// [OIDC 1.0](http://openid.net/connect) for how this is used in the whole 276// authentication flow. 277// 278// For example: 279// 280// A JWT for any requests: 281// 282// ```yaml 283// issuer: https://example.com 284// audiences: 285// - bookstore_android.apps.googleusercontent.com 286// bookstore_web.apps.googleusercontent.com 287// jwksUri: https://example.com/.well-known/jwks.json 288// ``` 289// 290// A JWT for all requests except request at path `/health_check` and path with 291// prefix `/status/`. This is useful to expose some paths for public access but 292// keep others JWT validated. 293// 294// ```yaml 295// issuer: https://example.com 296// jwksUri: https://example.com/.well-known/jwks.json 297// triggerRules: 298// - excludedPaths: 299// - exact: /health_check 300// - prefix: /status/ 301// ``` 302// 303// A JWT only for requests at path `/admin`. This is useful to only require JWT 304// validation on a specific set of paths but keep others public accessible. 305// 306// ```yaml 307// issuer: https://example.com 308// jwksUri: https://example.com/.well-known/jwks.json 309// triggerRules: 310// - includedPaths: 311// - prefix: /admin 312// ``` 313// 314// A JWT only for requests at path of prefix `/status/` but except the path of 315// `/status/version`. This means for any request path with prefix `/status/` except 316// `/status/version` will require a valid JWT to proceed. 317// 318// ```yaml 319// issuer: https://example.com 320// jwksUri: https://example.com/.well-known/jwks.json 321// triggerRules: 322// - excludedPaths: 323// - exact: /status/version 324// includedPaths: 325// - prefix: /status/ 326// ``` 327type Jwt struct { 328 // Identifies the issuer that issued the JWT. See 329 // [issuer](https://tools.ietf.org/html/rfc7519#section-4.1.1) 330 // Usually a URL or an email address. 331 // 332 // Example: https://securetoken.google.com 333 // Example: 1234567-compute@developer.gserviceaccount.com 334 Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"` 335 // The list of JWT 336 // [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3). 337 // that are allowed to access. A JWT containing any of these 338 // audiences will be accepted. 339 // 340 // The service name will be accepted if audiences is empty. 341 // 342 // Example: 343 // 344 // ```yaml 345 // audiences: 346 // - bookstore_android.apps.googleusercontent.com 347 // bookstore_web.apps.googleusercontent.com 348 // ``` 349 Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"` 350 // URL of the provider's public key set to validate signature of the 351 // JWT. See [OpenID Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). 352 // 353 // Optional if the key set document can either (a) be retrieved from 354 // [OpenID 355 // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of 356 // the issuer or (b) inferred from the email domain of the issuer (e.g. a 357 // Google service account). 358 // 359 // Example: `https://www.googleapis.com/oauth2/v1/certs` 360 // 361 // Note: Only one of jwks_uri and jwks should be used. 362 JwksUri string `protobuf:"bytes,3,opt,name=jwks_uri,json=jwksUri,proto3" json:"jwks_uri,omitempty"` 363 // JSON Web Key Set of public keys to validate signature of the JWT. 364 // See https://auth0.com/docs/jwks. 365 // 366 // Note: Only one of jwks_uri and jwks should be used. 367 Jwks string `protobuf:"bytes,10,opt,name=jwks,proto3" json:"jwks,omitempty"` 368 // JWT is sent in a request header. `header` represents the 369 // header name. 370 // 371 // For example, if `header=x-goog-iap-jwt-assertion`, the header 372 // format will be `x-goog-iap-jwt-assertion: <JWT>`. 373 JwtHeaders []string `protobuf:"bytes,6,rep,name=jwt_headers,json=jwtHeaders,proto3" json:"jwt_headers,omitempty"` 374 // JWT is sent in a query parameter. `query` represents the 375 // query parameter name. 376 // 377 // For example, `query=jwt_token`. 378 JwtParams []string `protobuf:"bytes,7,rep,name=jwt_params,json=jwtParams,proto3" json:"jwt_params,omitempty"` 379 // List of trigger rules to decide if this JWT should be used to validate the 380 // request. The JWT validation happens if any one of the rules matched. 381 // If the list is not empty and none of the rules matched, authentication will 382 // skip the JWT validation. 383 // Leave this empty to always trigger the JWT validation. 384 TriggerRules []*Jwt_TriggerRule `protobuf:"bytes,9,rep,name=trigger_rules,json=triggerRules,proto3" json:"trigger_rules,omitempty"` 385 XXX_NoUnkeyedLiteral struct{} `json:"-"` 386 XXX_unrecognized []byte `json:"-"` 387 XXX_sizecache int32 `json:"-"` 388} 389 390func (m *Jwt) Reset() { *m = Jwt{} } 391func (m *Jwt) String() string { return proto.CompactTextString(m) } 392func (*Jwt) ProtoMessage() {} 393func (*Jwt) Descriptor() ([]byte, []int) { 394 return fileDescriptor_30ec3f7cef93301a, []int{2} 395} 396func (m *Jwt) XXX_Unmarshal(b []byte) error { 397 return m.Unmarshal(b) 398} 399func (m *Jwt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { 400 if deterministic { 401 return xxx_messageInfo_Jwt.Marshal(b, m, deterministic) 402 } else { 403 b = b[:cap(b)] 404 n, err := m.MarshalToSizedBuffer(b) 405 if err != nil { 406 return nil, err 407 } 408 return b[:n], nil 409 } 410} 411func (m *Jwt) XXX_Merge(src proto.Message) { 412 xxx_messageInfo_Jwt.Merge(m, src) 413} 414func (m *Jwt) XXX_Size() int { 415 return m.Size() 416} 417func (m *Jwt) XXX_DiscardUnknown() { 418 xxx_messageInfo_Jwt.DiscardUnknown(m) 419} 420 421var xxx_messageInfo_Jwt proto.InternalMessageInfo 422 423func (m *Jwt) GetIssuer() string { 424 if m != nil { 425 return m.Issuer 426 } 427 return "" 428} 429 430func (m *Jwt) GetAudiences() []string { 431 if m != nil { 432 return m.Audiences 433 } 434 return nil 435} 436 437func (m *Jwt) GetJwksUri() string { 438 if m != nil { 439 return m.JwksUri 440 } 441 return "" 442} 443 444func (m *Jwt) GetJwks() string { 445 if m != nil { 446 return m.Jwks 447 } 448 return "" 449} 450 451func (m *Jwt) GetJwtHeaders() []string { 452 if m != nil { 453 return m.JwtHeaders 454 } 455 return nil 456} 457 458func (m *Jwt) GetJwtParams() []string { 459 if m != nil { 460 return m.JwtParams 461 } 462 return nil 463} 464 465func (m *Jwt) GetTriggerRules() []*Jwt_TriggerRule { 466 if m != nil { 467 return m.TriggerRules 468 } 469 return nil 470} 471 472// $hide_from_docs 473// Trigger rule to match against a request. The trigger rule is satisfied if 474// and only if both rules, excluded_paths and include_paths are satisfied. 475type Jwt_TriggerRule struct { 476 // List of paths to be excluded from the request. The rule is satisfied if 477 // request path does not match to any of the path in this list. 478 ExcludedPaths []*StringMatch `protobuf:"bytes,1,rep,name=excluded_paths,json=excludedPaths,proto3" json:"excluded_paths,omitempty"` 479 // List of paths that the request must include. If the list is not empty, the 480 // rule is satisfied if request path matches at least one of the path in the list. 481 // If the list is empty, the rule is ignored, in other words the rule is always satisfied. 482 IncludedPaths []*StringMatch `protobuf:"bytes,2,rep,name=included_paths,json=includedPaths,proto3" json:"included_paths,omitempty"` 483 XXX_NoUnkeyedLiteral struct{} `json:"-"` 484 XXX_unrecognized []byte `json:"-"` 485 XXX_sizecache int32 `json:"-"` 486} 487 488func (m *Jwt_TriggerRule) Reset() { *m = Jwt_TriggerRule{} } 489func (m *Jwt_TriggerRule) String() string { return proto.CompactTextString(m) } 490func (*Jwt_TriggerRule) ProtoMessage() {} 491func (*Jwt_TriggerRule) Descriptor() ([]byte, []int) { 492 return fileDescriptor_30ec3f7cef93301a, []int{2, 0} 493} 494func (m *Jwt_TriggerRule) XXX_Unmarshal(b []byte) error { 495 return m.Unmarshal(b) 496} 497func (m *Jwt_TriggerRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { 498 if deterministic { 499 return xxx_messageInfo_Jwt_TriggerRule.Marshal(b, m, deterministic) 500 } else { 501 b = b[:cap(b)] 502 n, err := m.MarshalToSizedBuffer(b) 503 if err != nil { 504 return nil, err 505 } 506 return b[:n], nil 507 } 508} 509func (m *Jwt_TriggerRule) XXX_Merge(src proto.Message) { 510 xxx_messageInfo_Jwt_TriggerRule.Merge(m, src) 511} 512func (m *Jwt_TriggerRule) XXX_Size() int { 513 return m.Size() 514} 515func (m *Jwt_TriggerRule) XXX_DiscardUnknown() { 516 xxx_messageInfo_Jwt_TriggerRule.DiscardUnknown(m) 517} 518 519var xxx_messageInfo_Jwt_TriggerRule proto.InternalMessageInfo 520 521func (m *Jwt_TriggerRule) GetExcludedPaths() []*StringMatch { 522 if m != nil { 523 return m.ExcludedPaths 524 } 525 return nil 526} 527 528func (m *Jwt_TriggerRule) GetIncludedPaths() []*StringMatch { 529 if m != nil { 530 return m.IncludedPaths 531 } 532 return nil 533} 534 535// $hide_from_docs 536// Deprecated. Please use security/v1beta1/PeerAuthentication instead. 537// PeerAuthenticationMethod defines one particular type of authentication. Only mTLS is supported 538// at the moment. 539// The type can be progammatically determine by checking the type of the 540// "params" field. 541type PeerAuthenticationMethod struct { 542 // $hide_from_docs 543 // 544 // Types that are valid to be assigned to Params: 545 // *PeerAuthenticationMethod_Mtls 546 // *PeerAuthenticationMethod_Jwt 547 Params isPeerAuthenticationMethod_Params `protobuf_oneof:"params"` 548 XXX_NoUnkeyedLiteral struct{} `json:"-"` 549 XXX_unrecognized []byte `json:"-"` 550 XXX_sizecache int32 `json:"-"` 551} 552 553func (m *PeerAuthenticationMethod) Reset() { *m = PeerAuthenticationMethod{} } 554func (m *PeerAuthenticationMethod) String() string { return proto.CompactTextString(m) } 555func (*PeerAuthenticationMethod) ProtoMessage() {} 556func (*PeerAuthenticationMethod) Descriptor() ([]byte, []int) { 557 return fileDescriptor_30ec3f7cef93301a, []int{3} 558} 559func (m *PeerAuthenticationMethod) XXX_Unmarshal(b []byte) error { 560 return m.Unmarshal(b) 561} 562func (m *PeerAuthenticationMethod) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { 563 if deterministic { 564 return xxx_messageInfo_PeerAuthenticationMethod.Marshal(b, m, deterministic) 565 } else { 566 b = b[:cap(b)] 567 n, err := m.MarshalToSizedBuffer(b) 568 if err != nil { 569 return nil, err 570 } 571 return b[:n], nil 572 } 573} 574func (m *PeerAuthenticationMethod) XXX_Merge(src proto.Message) { 575 xxx_messageInfo_PeerAuthenticationMethod.Merge(m, src) 576} 577func (m *PeerAuthenticationMethod) XXX_Size() int { 578 return m.Size() 579} 580func (m *PeerAuthenticationMethod) XXX_DiscardUnknown() { 581 xxx_messageInfo_PeerAuthenticationMethod.DiscardUnknown(m) 582} 583 584var xxx_messageInfo_PeerAuthenticationMethod proto.InternalMessageInfo 585 586type isPeerAuthenticationMethod_Params interface { 587 isPeerAuthenticationMethod_Params() 588 MarshalTo([]byte) (int, error) 589 Size() int 590} 591 592type PeerAuthenticationMethod_Mtls struct { 593 Mtls *MutualTls `protobuf:"bytes,1,opt,name=mtls,proto3,oneof"` 594} 595type PeerAuthenticationMethod_Jwt struct { 596 Jwt *Jwt `protobuf:"bytes,2,opt,name=jwt,proto3,oneof"` 597} 598 599func (*PeerAuthenticationMethod_Mtls) isPeerAuthenticationMethod_Params() {} 600func (*PeerAuthenticationMethod_Jwt) isPeerAuthenticationMethod_Params() {} 601 602func (m *PeerAuthenticationMethod) GetParams() isPeerAuthenticationMethod_Params { 603 if m != nil { 604 return m.Params 605 } 606 return nil 607} 608 609func (m *PeerAuthenticationMethod) GetMtls() *MutualTls { 610 if x, ok := m.GetParams().(*PeerAuthenticationMethod_Mtls); ok { 611 return x.Mtls 612 } 613 return nil 614} 615 616// Deprecated: Do not use. 617func (m *PeerAuthenticationMethod) GetJwt() *Jwt { 618 if x, ok := m.GetParams().(*PeerAuthenticationMethod_Jwt); ok { 619 return x.Jwt 620 } 621 return nil 622} 623 624// XXX_OneofWrappers is for the internal use of the proto package. 625func (*PeerAuthenticationMethod) XXX_OneofWrappers() []interface{} { 626 return []interface{}{ 627 (*PeerAuthenticationMethod_Mtls)(nil), 628 (*PeerAuthenticationMethod_Jwt)(nil), 629 } 630} 631 632// $hide_from_docs 633// Deprecated. Please use security/v1beta1/RequestAuthentication instead. 634// OriginAuthenticationMethod defines authentication method/params for origin 635// authentication. Origin could be end-user, device, delegate service etc. 636// Currently, only JWT is supported for origin authentication. 637type OriginAuthenticationMethod struct { 638 // Jwt params for the method. 639 Jwt *Jwt `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"` 640 XXX_NoUnkeyedLiteral struct{} `json:"-"` 641 XXX_unrecognized []byte `json:"-"` 642 XXX_sizecache int32 `json:"-"` 643} 644 645func (m *OriginAuthenticationMethod) Reset() { *m = OriginAuthenticationMethod{} } 646func (m *OriginAuthenticationMethod) String() string { return proto.CompactTextString(m) } 647func (*OriginAuthenticationMethod) ProtoMessage() {} 648func (*OriginAuthenticationMethod) Descriptor() ([]byte, []int) { 649 return fileDescriptor_30ec3f7cef93301a, []int{4} 650} 651func (m *OriginAuthenticationMethod) XXX_Unmarshal(b []byte) error { 652 return m.Unmarshal(b) 653} 654func (m *OriginAuthenticationMethod) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { 655 if deterministic { 656 return xxx_messageInfo_OriginAuthenticationMethod.Marshal(b, m, deterministic) 657 } else { 658 b = b[:cap(b)] 659 n, err := m.MarshalToSizedBuffer(b) 660 if err != nil { 661 return nil, err 662 } 663 return b[:n], nil 664 } 665} 666func (m *OriginAuthenticationMethod) XXX_Merge(src proto.Message) { 667 xxx_messageInfo_OriginAuthenticationMethod.Merge(m, src) 668} 669func (m *OriginAuthenticationMethod) XXX_Size() int { 670 return m.Size() 671} 672func (m *OriginAuthenticationMethod) XXX_DiscardUnknown() { 673 xxx_messageInfo_OriginAuthenticationMethod.DiscardUnknown(m) 674} 675 676var xxx_messageInfo_OriginAuthenticationMethod proto.InternalMessageInfo 677 678func (m *OriginAuthenticationMethod) GetJwt() *Jwt { 679 if m != nil { 680 return m.Jwt 681 } 682 return nil 683} 684 685// $hide_from_docs 686// Policy defines what authentication methods can be accepted on workload(s), 687// and if authenticated, which method/certificate will set the request principal 688// (i.e request.auth.principal attribute). 689// 690// Authentication policy is composed of 2-part authentication: 691// - peer: verify caller service credentials. This part will set source.user 692// (peer identity). 693// - origin: verify the origin credentials. This part will set request.auth.user 694// (origin identity), as well as other attributes like request.auth.presenter, 695// request.auth.audiences and raw claims. Note that the identity could be 696// end-user, service account, device etc. 697// 698// Last but not least, the principal binding rule defines which identity (peer 699// or origin) should be used as principal. By default, it uses peer. 700// 701// Examples: 702// 703// Policy to enable mTLS for all services in namespace frod. The policy name must be 704// `default`, and it contains no rule for `targets`. 705// 706// ```yaml 707// apiVersion: authentication.istio.io/v1alpha1 708// kind: Policy 709// metadata: 710// name: default 711// namespace: frod 712// spec: 713// peers: 714// - mtls: 715// ``` 716// Policy to disable mTLS for "productpage" service 717// 718// ```yaml 719// apiVersion: authentication.istio.io/v1alpha1 720// kind: Policy 721// metadata: 722// name: productpage-mTLS-disable 723// namespace: frod 724// spec: 725// targets: 726// - name: productpage 727// ``` 728// Policy to require mTLS for peer authentication, and JWT for origin authentication 729// for productpage:9000 except the path '/health_check' . Principal is set from origin identity. 730// 731// ```yaml 732// apiVersion: authentication.istio.io/v1alpha1 733// kind: Policy 734// metadata: 735// name: productpage-mTLS-with-JWT 736// namespace: frod 737// spec: 738// targets: 739// - name: productpage 740// ports: 741// - number: 9000 742// peers: 743// - mtls: 744// origins: 745// - jwt: 746// issuer: "https://securetoken.google.com" 747// audiences: 748// - "productpage" 749// jwksUri: "https://www.googleapis.com/oauth2/v1/certs" 750// jwtHeaders: 751// - "x-goog-iap-jwt-assertion" 752// triggerRules: 753// - excludedPaths: 754// - exact: /health_check 755// principalBinding: USE_ORIGIN 756// ``` 757type Policy struct { 758 // Deprecated. Only mesh-level and namespace-level policies are supported. 759 // List rules to select workloads that the policy should be applied on. 760 // If empty, policy will be used on all workloads in the same namespace. 761 Targets []*TargetSelector `protobuf:"bytes,1,rep,name=targets,proto3" json:"targets,omitempty"` // Deprecated: Do not use. 762 // $hide_from_docs 763 // Deprecated. Please use security/v1beta1/PeerAuthentication instead. 764 // List of authentication methods that can be used for peer authentication. 765 // They will be evaluated in order; the first validate one will be used to 766 // set peer identity (source.user) and other peer attributes. If none of 767 // these methods pass, request will be rejected with authentication failed error (401). 768 // Leave the list empty if peer authentication is not required 769 Peers []*PeerAuthenticationMethod `protobuf:"bytes,2,rep,name=peers,proto3" json:"peers,omitempty"` 770 // Deprecated. Should set mTLS to PERMISSIVE instead. 771 // Set this flag to true to accept request (for peer authentication perspective), 772 // even when none of the peer authentication methods defined above satisfied. 773 // Typically, this is used to delay the rejection decision to next layer (e.g 774 // authorization). 775 // This flag is ignored if no authentication defined for peer (peers field is empty). 776 PeerIsOptional bool `protobuf:"varint,3,opt,name=peer_is_optional,json=peerIsOptional,proto3" json:"peer_is_optional,omitempty"` // Deprecated: Do not use. 777 // Deprecated. Please use security/v1beta1/RequestAuthentication instead. 778 // List of authentication methods that can be used for origin authentication. 779 // Similar to peers, these will be evaluated in order; the first validate one 780 // will be used to set origin identity and attributes (i.e request.auth.user, 781 // request.auth.issuer etc). If none of these methods pass, request will be 782 // rejected with authentication failed error (401). 783 // A method may be skipped, depends on its trigger rule. If all of these methods 784 // are skipped, origin authentication will be ignored, as if it is not defined. 785 // Leave the list empty if origin authentication is not required. 786 Origins []*OriginAuthenticationMethod `protobuf:"bytes,4,rep,name=origins,proto3" json:"origins,omitempty"` // Deprecated: Do not use. 787 // Deprecated. Please use security/v1beta1/RequestAuthentication instead. 788 // Set this flag to true to accept request (for origin authentication perspective), 789 // even when none of the origin authentication methods defined above satisfied. 790 // Typically, this is used to delay the rejection decision to next layer (e.g 791 // authorization). 792 // This flag is ignored if no authentication defined for origin (origins field is empty). 793 OriginIsOptional bool `protobuf:"varint,5,opt,name=origin_is_optional,json=originIsOptional,proto3" json:"origin_is_optional,omitempty"` // Deprecated: Do not use. 794 // Deprecated. Source principal is always from peer, and request principal is always from 795 // RequestAuthentication. 796 // Define whether peer or origin identity should be use for principal. Default 797 // value is USE_PEER. 798 // If peer (or origin) identity is not available, either because of peer/origin 799 // authentication is not defined, or failed, principal will be left unset. 800 // In other words, binding rule does not affect the decision to accept or 801 // reject request. 802 PrincipalBinding PrincipalBinding `protobuf:"varint,6,opt,name=principal_binding,json=principalBinding,proto3,enum=istio.authentication.v1alpha1.PrincipalBinding" json:"principal_binding,omitempty"` // Deprecated: Do not use. 803 XXX_NoUnkeyedLiteral struct{} `json:"-"` 804 XXX_unrecognized []byte `json:"-"` 805 XXX_sizecache int32 `json:"-"` 806} 807 808func (m *Policy) Reset() { *m = Policy{} } 809func (m *Policy) String() string { return proto.CompactTextString(m) } 810func (*Policy) ProtoMessage() {} 811func (*Policy) Descriptor() ([]byte, []int) { 812 return fileDescriptor_30ec3f7cef93301a, []int{5} 813} 814func (m *Policy) XXX_Unmarshal(b []byte) error { 815 return m.Unmarshal(b) 816} 817func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { 818 if deterministic { 819 return xxx_messageInfo_Policy.Marshal(b, m, deterministic) 820 } else { 821 b = b[:cap(b)] 822 n, err := m.MarshalToSizedBuffer(b) 823 if err != nil { 824 return nil, err 825 } 826 return b[:n], nil 827 } 828} 829func (m *Policy) XXX_Merge(src proto.Message) { 830 xxx_messageInfo_Policy.Merge(m, src) 831} 832func (m *Policy) XXX_Size() int { 833 return m.Size() 834} 835func (m *Policy) XXX_DiscardUnknown() { 836 xxx_messageInfo_Policy.DiscardUnknown(m) 837} 838 839var xxx_messageInfo_Policy proto.InternalMessageInfo 840 841// Deprecated: Do not use. 842func (m *Policy) GetTargets() []*TargetSelector { 843 if m != nil { 844 return m.Targets 845 } 846 return nil 847} 848 849func (m *Policy) GetPeers() []*PeerAuthenticationMethod { 850 if m != nil { 851 return m.Peers 852 } 853 return nil 854} 855 856// Deprecated: Do not use. 857func (m *Policy) GetPeerIsOptional() bool { 858 if m != nil { 859 return m.PeerIsOptional 860 } 861 return false 862} 863 864// Deprecated: Do not use. 865func (m *Policy) GetOrigins() []*OriginAuthenticationMethod { 866 if m != nil { 867 return m.Origins 868 } 869 return nil 870} 871 872// Deprecated: Do not use. 873func (m *Policy) GetOriginIsOptional() bool { 874 if m != nil { 875 return m.OriginIsOptional 876 } 877 return false 878} 879 880// Deprecated: Do not use. 881func (m *Policy) GetPrincipalBinding() PrincipalBinding { 882 if m != nil { 883 return m.PrincipalBinding 884 } 885 return PrincipalBinding_USE_PEER 886} 887 888// $hide_from_docs 889// Deprecated. Only support mesh and namespace level policy in the future. 890// TargetSelector defines a matching rule to a workload. A workload is selected 891// if it is associated with the service name and service port(s) specified in the selector rule. 892type TargetSelector struct { 893 // The name must be a short name from the service registry. The 894 // fully qualified domain name will be resolved in a platform specific manner. 895 Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` 896 // Specifies the ports. Note that this is the port(s) exposed by the service, not workload instance ports. 897 // For example, if a service is defined as below, then `8000` should be used, not `9000`. 898 // ```yaml 899 // kind: Service 900 // metadata: 901 // ... 902 // spec: 903 // ports: 904 // - name: http 905 // port: 8000 906 // targetPort: 9000 907 // selector: 908 // app: backend 909 // ``` 910 //Leave empty to match all ports that are exposed. 911 Ports []*PortSelector `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty"` 912 XXX_NoUnkeyedLiteral struct{} `json:"-"` 913 XXX_unrecognized []byte `json:"-"` 914 XXX_sizecache int32 `json:"-"` 915} 916 917func (m *TargetSelector) Reset() { *m = TargetSelector{} } 918func (m *TargetSelector) String() string { return proto.CompactTextString(m) } 919func (*TargetSelector) ProtoMessage() {} 920func (*TargetSelector) Descriptor() ([]byte, []int) { 921 return fileDescriptor_30ec3f7cef93301a, []int{6} 922} 923func (m *TargetSelector) XXX_Unmarshal(b []byte) error { 924 return m.Unmarshal(b) 925} 926func (m *TargetSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { 927 if deterministic { 928 return xxx_messageInfo_TargetSelector.Marshal(b, m, deterministic) 929 } else { 930 b = b[:cap(b)] 931 n, err := m.MarshalToSizedBuffer(b) 932 if err != nil { 933 return nil, err 934 } 935 return b[:n], nil 936 } 937} 938func (m *TargetSelector) XXX_Merge(src proto.Message) { 939 xxx_messageInfo_TargetSelector.Merge(m, src) 940} 941func (m *TargetSelector) XXX_Size() int { 942 return m.Size() 943} 944func (m *TargetSelector) XXX_DiscardUnknown() { 945 xxx_messageInfo_TargetSelector.DiscardUnknown(m) 946} 947 948var xxx_messageInfo_TargetSelector proto.InternalMessageInfo 949 950func (m *TargetSelector) GetName() string { 951 if m != nil { 952 return m.Name 953 } 954 return "" 955} 956 957func (m *TargetSelector) GetPorts() []*PortSelector { 958 if m != nil { 959 return m.Ports 960 } 961 return nil 962} 963 964// $hide_from_docs 965// Deprecated. Only support mesh and namespace level policy in the future. 966// PortSelector specifies the name or number of a port to be used for 967// matching targets for authentication policy. This is copied from 968// networking API to avoid dependency. 969type PortSelector struct { 970 // Types that are valid to be assigned to Port: 971 // *PortSelector_Number 972 // *PortSelector_Name 973 Port isPortSelector_Port `protobuf_oneof:"port"` 974 XXX_NoUnkeyedLiteral struct{} `json:"-"` 975 XXX_unrecognized []byte `json:"-"` 976 XXX_sizecache int32 `json:"-"` 977} 978 979func (m *PortSelector) Reset() { *m = PortSelector{} } 980func (m *PortSelector) String() string { return proto.CompactTextString(m) } 981func (*PortSelector) ProtoMessage() {} 982func (*PortSelector) Descriptor() ([]byte, []int) { 983 return fileDescriptor_30ec3f7cef93301a, []int{7} 984} 985func (m *PortSelector) XXX_Unmarshal(b []byte) error { 986 return m.Unmarshal(b) 987} 988func (m *PortSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { 989 if deterministic { 990 return xxx_messageInfo_PortSelector.Marshal(b, m, deterministic) 991 } else { 992 b = b[:cap(b)] 993 n, err := m.MarshalToSizedBuffer(b) 994 if err != nil { 995 return nil, err 996 } 997 return b[:n], nil 998 } 999} 1000func (m *PortSelector) XXX_Merge(src proto.Message) { 1001 xxx_messageInfo_PortSelector.Merge(m, src) 1002} 1003func (m *PortSelector) XXX_Size() int { 1004 return m.Size() 1005} 1006func (m *PortSelector) XXX_DiscardUnknown() { 1007 xxx_messageInfo_PortSelector.DiscardUnknown(m) 1008} 1009 1010var xxx_messageInfo_PortSelector proto.InternalMessageInfo 1011 1012type isPortSelector_Port interface { 1013 isPortSelector_Port() 1014 MarshalTo([]byte) (int, error) 1015 Size() int 1016} 1017 1018type PortSelector_Number struct { 1019 Number uint32 `protobuf:"varint,1,opt,name=number,proto3,oneof"` 1020} 1021type PortSelector_Name struct { 1022 Name string `protobuf:"bytes,2,opt,name=name,proto3,oneof"` 1023} 1024 1025func (*PortSelector_Number) isPortSelector_Port() {} 1026func (*PortSelector_Name) isPortSelector_Port() {} 1027 1028func (m *PortSelector) GetPort() isPortSelector_Port { 1029 if m != nil { 1030 return m.Port 1031 } 1032 return nil 1033} 1034 1035func (m *PortSelector) GetNumber() uint32 { 1036 if x, ok := m.GetPort().(*PortSelector_Number); ok { 1037 return x.Number 1038 } 1039 return 0 1040} 1041 1042func (m *PortSelector) GetName() string { 1043 if x, ok := m.GetPort().(*PortSelector_Name); ok { 1044 return x.Name 1045 } 1046 return "" 1047} 1048 1049// XXX_OneofWrappers is for the internal use of the proto package. 1050func (*PortSelector) XXX_OneofWrappers() []interface{} { 1051 return []interface{}{ 1052 (*PortSelector_Number)(nil), 1053 (*PortSelector_Name)(nil), 1054 } 1055} 1056 1057func init() { 1058 proto.RegisterEnum("istio.authentication.v1alpha1.PrincipalBinding", PrincipalBinding_name, PrincipalBinding_value) 1059 proto.RegisterEnum("istio.authentication.v1alpha1.MutualTls_Mode", MutualTls_Mode_name, MutualTls_Mode_value) 1060 proto.RegisterType((*StringMatch)(nil), "istio.authentication.v1alpha1.StringMatch") 1061 proto.RegisterType((*MutualTls)(nil), "istio.authentication.v1alpha1.MutualTls") 1062 proto.RegisterType((*Jwt)(nil), "istio.authentication.v1alpha1.Jwt") 1063 proto.RegisterType((*Jwt_TriggerRule)(nil), "istio.authentication.v1alpha1.Jwt.TriggerRule") 1064 proto.RegisterType((*PeerAuthenticationMethod)(nil), "istio.authentication.v1alpha1.PeerAuthenticationMethod") 1065 proto.RegisterType((*OriginAuthenticationMethod)(nil), "istio.authentication.v1alpha1.OriginAuthenticationMethod") 1066 proto.RegisterType((*Policy)(nil), "istio.authentication.v1alpha1.Policy") 1067 proto.RegisterType((*TargetSelector)(nil), "istio.authentication.v1alpha1.TargetSelector") 1068 proto.RegisterType((*PortSelector)(nil), "istio.authentication.v1alpha1.PortSelector") 1069} 1070 1071func init() { 1072 proto.RegisterFile("authentication/v1alpha1/policy.proto", fileDescriptor_30ec3f7cef93301a) 1073} 1074 1075var fileDescriptor_30ec3f7cef93301a = []byte{ 1076 // 838 bytes of a gzipped FileDescriptorProto 1077 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x94, 0x55, 0x4f, 0x6f, 0x23, 0x35, 1078 0x14, 0xef, 0x64, 0xa6, 0xd3, 0xe4, 0xa5, 0x8d, 0x82, 0x85, 0x96, 0xa1, 0x62, 0xdb, 0x6a, 0xb4, 1079 0x87, 0x6a, 0x81, 0x64, 0x37, 0x20, 0x21, 0x38, 0x20, 0x35, 0x28, 0xd0, 0x14, 0x85, 0x06, 0x27, 1080 0x0b, 0x12, 0x97, 0xc1, 0xc9, 0xb8, 0x13, 0x07, 0x67, 0x3c, 0xf2, 0x78, 0x36, 0x5d, 0x2e, 0x7c, 1081 0x08, 0xbe, 0x00, 0xdf, 0x01, 0x71, 0xe6, 0xca, 0x91, 0x8f, 0xb0, 0xea, 0x27, 0x41, 0xb6, 0x33, 1082 0xdd, 0x66, 0x45, 0x99, 0xe5, 0xe6, 0xdf, 0xfb, 0xf3, 0x7b, 0xcf, 0xef, 0x3d, 0x3f, 0xc3, 0x23, 1083 0x52, 0xa8, 0x05, 0x4d, 0x15, 0x9b, 0x13, 0xc5, 0x44, 0xda, 0x7d, 0xfe, 0x94, 0xf0, 0x6c, 0x41, 1084 0x9e, 0x76, 0x33, 0xc1, 0xd9, 0xfc, 0x45, 0x27, 0x93, 0x42, 0x09, 0xf4, 0x90, 0xe5, 0x8a, 0x89, 1085 0xce, 0xb6, 0x6d, 0xa7, 0xb4, 0x3d, 0x3c, 0x4e, 0x84, 0x48, 0x38, 0xed, 0x92, 0x8c, 0x75, 0xaf, 1086 0x18, 0xe5, 0x71, 0x34, 0xa3, 0x0b, 0xf2, 0x9c, 0x09, 0x69, 0xfd, 0xc3, 0x5f, 0xa0, 0x39, 0x51, 1087 0x92, 0xa5, 0xc9, 0x88, 0xa8, 0xf9, 0x02, 0x3d, 0x80, 0x5d, 0x7a, 0x4d, 0xe6, 0x2a, 0x70, 0x4e, 1088 0x9c, 0xd3, 0xc6, 0xf9, 0x0e, 0xb6, 0x10, 0x05, 0xe0, 0x67, 0x92, 0x5e, 0xb1, 0xeb, 0xa0, 0xb6, 1089 0x51, 0x6c, 0xb0, 0xd6, 0xe4, 0xc5, 0x95, 0xd6, 0xb8, 0xa5, 0xc6, 0x62, 0xcd, 0x25, 0x69, 0x42, 1090 0xaf, 0x03, 0xaf, 0xe4, 0x32, 0xb0, 0xbf, 0x0f, 0xb0, 0xd2, 0xc1, 0x22, 0xf5, 0x22, 0xa3, 0xe1, 1091 0xaf, 0x0e, 0x34, 0x46, 0x85, 0x2a, 0x08, 0x9f, 0xf2, 0x1c, 0x1d, 0x43, 0x83, 0x70, 0x2e, 0xd6, 1092 0x91, 0xe2, 0xb9, 0xc9, 0xa1, 0xde, 0xaf, 0x05, 0x0e, 0xae, 0x1b, 0xa1, 0x36, 0x38, 0x03, 0x6f, 1093 0x25, 0x62, 0x6a, 0xd2, 0x68, 0xf5, 0x3e, 0xec, 0xfc, 0xe7, 0xf5, 0x3b, 0xb7, 0xc4, 0x9d, 0x91, 1094 0x88, 0x29, 0x36, 0xae, 0x61, 0x08, 0x9e, 0x46, 0x08, 0xc0, 0x9f, 0x4c, 0xf1, 0xf0, 0x8b, 0x69, 1095 0x7b, 0x07, 0xb5, 0x00, 0xc6, 0x03, 0x3c, 0x1a, 0x4e, 0x26, 0xc3, 0xef, 0x06, 0x6d, 0x27, 0xfc, 1096 0xc3, 0x05, 0xf7, 0x62, 0xad, 0xd0, 0x03, 0xf0, 0x59, 0x9e, 0x17, 0x54, 0xda, 0x82, 0xe0, 0x0d, 1097 0x42, 0xef, 0x41, 0x83, 0x14, 0x31, 0xa3, 0xe9, 0x9c, 0xe6, 0x41, 0xed, 0xc4, 0x3d, 0x6d, 0xe0, 1098 0x57, 0x02, 0xf4, 0x2e, 0xd4, 0x97, 0xeb, 0x9f, 0xf2, 0xa8, 0x90, 0xcc, 0x56, 0x05, 0xef, 0x69, 1099 0xfc, 0x4c, 0x32, 0x84, 0xc0, 0xd3, 0xc7, 0x00, 0x8c, 0xd8, 0x9c, 0xd1, 0x31, 0x34, 0x97, 0x6b, 1100 0x15, 0x2d, 0x28, 0x89, 0xa9, 0xcc, 0x03, 0xdf, 0xd0, 0xc1, 0x72, 0xad, 0xce, 0xad, 0x04, 0x3d, 1101 0x04, 0x8d, 0xa2, 0x8c, 0x48, 0xb2, 0xca, 0x83, 0x3d, 0x1b, 0x6e, 0xb9, 0x56, 0x63, 0x23, 0x40, 1102 0x13, 0x38, 0x50, 0x92, 0x25, 0x09, 0x95, 0x91, 0x2c, 0x38, 0xcd, 0x83, 0xc6, 0x89, 0x7b, 0xda, 1103 0xec, 0x75, 0x2a, 0x8a, 0x73, 0xb1, 0x56, 0x9d, 0xa9, 0xf5, 0xc3, 0x05, 0xa7, 0x78, 0x5f, 0xbd, 1104 0x02, 0xf9, 0xe1, 0xef, 0x0e, 0x34, 0xef, 0x68, 0xd1, 0xb7, 0xd0, 0xa2, 0xd7, 0x73, 0x5e, 0xc4, 1105 0x34, 0x8e, 0x32, 0xa2, 0x16, 0xba, 0x3d, 0x3a, 0xca, 0xe3, 0x8a, 0x28, 0x77, 0xa6, 0x0b, 0x1f, 1106 0x94, 0x0c, 0x63, 0x4d, 0xa0, 0x29, 0x59, 0xba, 0x45, 0x59, 0xfb, 0xff, 0x94, 0x25, 0x83, 0xa1, 1107 0x0c, 0x7f, 0x73, 0x20, 0x18, 0x53, 0x2a, 0xcf, 0xb6, 0x5c, 0x47, 0x54, 0x2d, 0x44, 0x8c, 0x3e, 1108 0x07, 0x6f, 0x55, 0xce, 0x55, 0xb3, 0x77, 0xfa, 0xa6, 0xb3, 0x73, 0xbe, 0x83, 0x8d, 0x1f, 0xfa, 1109 0x0c, 0xdc, 0xe5, 0x5a, 0x99, 0xd1, 0x6b, 0xf6, 0xc2, 0xea, 0xea, 0xea, 0xd1, 0x3d, 0xdf, 0xc1, 1110 0xda, 0xa9, 0x5f, 0x07, 0xdf, 0xb6, 0x2f, 0xc4, 0x70, 0x78, 0x29, 0x59, 0xc2, 0xd2, 0x7f, 0xcd, 1111 0xf1, 0x63, 0x1b, 0xc3, 0x79, 0xd3, 0x18, 0x86, 0x3d, 0xfc, 0xd3, 0x05, 0x7f, 0x6c, 0xd6, 0x02, 1112 0xfa, 0x1a, 0xf6, 0x14, 0x91, 0x09, 0x55, 0x65, 0x83, 0xaa, 0xde, 0xc8, 0xd4, 0x58, 0x4f, 0x28, 1113 0xa7, 0x73, 0x25, 0xa4, 0x79, 0x6e, 0x25, 0x03, 0x1a, 0xc1, 0x6e, 0x46, 0xf5, 0x4c, 0xda, 0xc6, 1114 0x7c, 0x52, 0x41, 0x75, 0x5f, 0xe5, 0xb1, 0x65, 0x41, 0x1f, 0x40, 0x5b, 0x1f, 0x22, 0x96, 0x47, 1115 0x22, 0xd3, 0x6a, 0xc2, 0xcd, 0xfb, 0xb0, 0x8f, 0xbc, 0xa5, 0x75, 0xc3, 0xfc, 0x72, 0xa3, 0x41, 1116 0xdf, 0xc3, 0x9e, 0x30, 0x85, 0xca, 0x03, 0xcf, 0x84, 0xff, 0xb4, 0x22, 0xfc, 0xfd, 0x65, 0xb5, 1117 0xb7, 0xda, 0xb0, 0xa1, 0x27, 0x80, 0xec, 0x71, 0x2b, 0x91, 0xdd, 0xdb, 0x44, 0xda, 0x56, 0x7b, 1118 0x27, 0x95, 0x1f, 0xe1, 0xad, 0x4c, 0xb2, 0x74, 0xce, 0x32, 0xc2, 0xa3, 0x19, 0x4b, 0x63, 0x96, 1119 0x26, 0x81, 0x6f, 0x56, 0x50, 0xb7, 0xaa, 0x26, 0xa5, 0x5f, 0xdf, 0xba, 0xd9, 0x08, 0xd9, 0x6b, 1120 0xd2, 0xf0, 0x67, 0x68, 0x6d, 0x37, 0x02, 0xbd, 0x03, 0x5e, 0x4a, 0x56, 0xd4, 0x2e, 0x9e, 0xbe, 1121 0xfb, 0xf2, 0xac, 0x86, 0x8d, 0x00, 0x9d, 0xc1, 0x6e, 0x26, 0xa4, 0x2a, 0x9b, 0xf2, 0x7e, 0x55, 1122 0x02, 0x42, 0xde, 0x92, 0x62, 0xeb, 0x79, 0xe1, 0xd5, 0xdd, 0xb6, 0x87, 0x7d, 0x4e, 0x66, 0x94, 1123 0xe7, 0xe1, 0x97, 0xb0, 0x7f, 0xd7, 0x48, 0xaf, 0xf4, 0xb4, 0x58, 0xcd, 0x36, 0x4b, 0xef, 0x40, 1124 0xaf, 0x74, 0x8b, 0xd1, 0xdb, 0x9b, 0x9c, 0xca, 0x4f, 0xc0, 0xa0, 0xbe, 0x0f, 0x9e, 0xa6, 0x7d, 1125 0xfc, 0x04, 0xda, 0xaf, 0xdf, 0x16, 0xed, 0x43, 0xfd, 0xd9, 0x64, 0x10, 0x8d, 0x07, 0x03, 0x6c, 1126 0xd7, 0xac, 0x46, 0x97, 0x78, 0xf8, 0xd5, 0xf0, 0x9b, 0xb6, 0xd3, 0xef, 0xfd, 0x75, 0x73, 0xe4, 1127 0xfc, 0x7d, 0x73, 0xe4, 0xbc, 0xbc, 0x39, 0x72, 0x7e, 0x78, 0x64, 0x2f, 0xc2, 0x84, 0xf9, 0xae, 1128 0xee, 0xf9, 0xfe, 0x66, 0xbe, 0xf9, 0xb8, 0x3e, 0xfa, 0x27, 0x00, 0x00, 0xff, 0xff, 0x6c, 0x72, 1129 0x28, 0x5c, 0x20, 0x07, 0x00, 0x00, 1130} 1131 1132func (m *StringMatch) Marshal() (dAtA []byte, err error) { 1133 size := m.Size() 1134 dAtA = make([]byte, size) 1135 n, err := m.MarshalToSizedBuffer(dAtA[:size]) 1136 if err != nil { 1137 return nil, err 1138 } 1139 return dAtA[:n], nil 1140} 1141 1142func (m *StringMatch) MarshalTo(dAtA []byte) (int, error) { 1143 size := m.Size() 1144 return m.MarshalToSizedBuffer(dAtA[:size]) 1145} 1146 1147func (m *StringMatch) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1148 i := len(dAtA) 1149 _ = i 1150 var l int 1151 _ = l 1152 if m.XXX_unrecognized != nil { 1153 i -= len(m.XXX_unrecognized) 1154 copy(dAtA[i:], m.XXX_unrecognized) 1155 } 1156 if m.MatchType != nil { 1157 { 1158 size := m.MatchType.Size() 1159 i -= size 1160 if _, err := m.MatchType.MarshalTo(dAtA[i:]); err != nil { 1161 return 0, err 1162 } 1163 } 1164 } 1165 return len(dAtA) - i, nil 1166} 1167 1168func (m *StringMatch_Exact) MarshalTo(dAtA []byte) (int, error) { 1169 return m.MarshalToSizedBuffer(dAtA[:m.Size()]) 1170} 1171 1172func (m *StringMatch_Exact) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1173 i := len(dAtA) 1174 i -= len(m.Exact) 1175 copy(dAtA[i:], m.Exact) 1176 i = encodeVarintPolicy(dAtA, i, uint64(len(m.Exact))) 1177 i-- 1178 dAtA[i] = 0xa 1179 return len(dAtA) - i, nil 1180} 1181func (m *StringMatch_Prefix) MarshalTo(dAtA []byte) (int, error) { 1182 return m.MarshalToSizedBuffer(dAtA[:m.Size()]) 1183} 1184 1185func (m *StringMatch_Prefix) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1186 i := len(dAtA) 1187 i -= len(m.Prefix) 1188 copy(dAtA[i:], m.Prefix) 1189 i = encodeVarintPolicy(dAtA, i, uint64(len(m.Prefix))) 1190 i-- 1191 dAtA[i] = 0x12 1192 return len(dAtA) - i, nil 1193} 1194func (m *StringMatch_Suffix) MarshalTo(dAtA []byte) (int, error) { 1195 return m.MarshalToSizedBuffer(dAtA[:m.Size()]) 1196} 1197 1198func (m *StringMatch_Suffix) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1199 i := len(dAtA) 1200 i -= len(m.Suffix) 1201 copy(dAtA[i:], m.Suffix) 1202 i = encodeVarintPolicy(dAtA, i, uint64(len(m.Suffix))) 1203 i-- 1204 dAtA[i] = 0x1a 1205 return len(dAtA) - i, nil 1206} 1207func (m *StringMatch_Regex) MarshalTo(dAtA []byte) (int, error) { 1208 return m.MarshalToSizedBuffer(dAtA[:m.Size()]) 1209} 1210 1211func (m *StringMatch_Regex) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1212 i := len(dAtA) 1213 i -= len(m.Regex) 1214 copy(dAtA[i:], m.Regex) 1215 i = encodeVarintPolicy(dAtA, i, uint64(len(m.Regex))) 1216 i-- 1217 dAtA[i] = 0x22 1218 return len(dAtA) - i, nil 1219} 1220func (m *MutualTls) Marshal() (dAtA []byte, err error) { 1221 size := m.Size() 1222 dAtA = make([]byte, size) 1223 n, err := m.MarshalToSizedBuffer(dAtA[:size]) 1224 if err != nil { 1225 return nil, err 1226 } 1227 return dAtA[:n], nil 1228} 1229 1230func (m *MutualTls) MarshalTo(dAtA []byte) (int, error) { 1231 size := m.Size() 1232 return m.MarshalToSizedBuffer(dAtA[:size]) 1233} 1234 1235func (m *MutualTls) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1236 i := len(dAtA) 1237 _ = i 1238 var l int 1239 _ = l 1240 if m.XXX_unrecognized != nil { 1241 i -= len(m.XXX_unrecognized) 1242 copy(dAtA[i:], m.XXX_unrecognized) 1243 } 1244 if m.Mode != 0 { 1245 i = encodeVarintPolicy(dAtA, i, uint64(m.Mode)) 1246 i-- 1247 dAtA[i] = 0x10 1248 } 1249 if m.AllowTls { 1250 i-- 1251 if m.AllowTls { 1252 dAtA[i] = 1 1253 } else { 1254 dAtA[i] = 0 1255 } 1256 i-- 1257 dAtA[i] = 0x8 1258 } 1259 return len(dAtA) - i, nil 1260} 1261 1262func (m *Jwt) Marshal() (dAtA []byte, err error) { 1263 size := m.Size() 1264 dAtA = make([]byte, size) 1265 n, err := m.MarshalToSizedBuffer(dAtA[:size]) 1266 if err != nil { 1267 return nil, err 1268 } 1269 return dAtA[:n], nil 1270} 1271 1272func (m *Jwt) MarshalTo(dAtA []byte) (int, error) { 1273 size := m.Size() 1274 return m.MarshalToSizedBuffer(dAtA[:size]) 1275} 1276 1277func (m *Jwt) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1278 i := len(dAtA) 1279 _ = i 1280 var l int 1281 _ = l 1282 if m.XXX_unrecognized != nil { 1283 i -= len(m.XXX_unrecognized) 1284 copy(dAtA[i:], m.XXX_unrecognized) 1285 } 1286 if len(m.Jwks) > 0 { 1287 i -= len(m.Jwks) 1288 copy(dAtA[i:], m.Jwks) 1289 i = encodeVarintPolicy(dAtA, i, uint64(len(m.Jwks))) 1290 i-- 1291 dAtA[i] = 0x52 1292 } 1293 if len(m.TriggerRules) > 0 { 1294 for iNdEx := len(m.TriggerRules) - 1; iNdEx >= 0; iNdEx-- { 1295 { 1296 size, err := m.TriggerRules[iNdEx].MarshalToSizedBuffer(dAtA[:i]) 1297 if err != nil { 1298 return 0, err 1299 } 1300 i -= size 1301 i = encodeVarintPolicy(dAtA, i, uint64(size)) 1302 } 1303 i-- 1304 dAtA[i] = 0x4a 1305 } 1306 } 1307 if len(m.JwtParams) > 0 { 1308 for iNdEx := len(m.JwtParams) - 1; iNdEx >= 0; iNdEx-- { 1309 i -= len(m.JwtParams[iNdEx]) 1310 copy(dAtA[i:], m.JwtParams[iNdEx]) 1311 i = encodeVarintPolicy(dAtA, i, uint64(len(m.JwtParams[iNdEx]))) 1312 i-- 1313 dAtA[i] = 0x3a 1314 } 1315 } 1316 if len(m.JwtHeaders) > 0 { 1317 for iNdEx := len(m.JwtHeaders) - 1; iNdEx >= 0; iNdEx-- { 1318 i -= len(m.JwtHeaders[iNdEx]) 1319 copy(dAtA[i:], m.JwtHeaders[iNdEx]) 1320 i = encodeVarintPolicy(dAtA, i, uint64(len(m.JwtHeaders[iNdEx]))) 1321 i-- 1322 dAtA[i] = 0x32 1323 } 1324 } 1325 if len(m.JwksUri) > 0 { 1326 i -= len(m.JwksUri) 1327 copy(dAtA[i:], m.JwksUri) 1328 i = encodeVarintPolicy(dAtA, i, uint64(len(m.JwksUri))) 1329 i-- 1330 dAtA[i] = 0x1a 1331 } 1332 if len(m.Audiences) > 0 { 1333 for iNdEx := len(m.Audiences) - 1; iNdEx >= 0; iNdEx-- { 1334 i -= len(m.Audiences[iNdEx]) 1335 copy(dAtA[i:], m.Audiences[iNdEx]) 1336 i = encodeVarintPolicy(dAtA, i, uint64(len(m.Audiences[iNdEx]))) 1337 i-- 1338 dAtA[i] = 0x12 1339 } 1340 } 1341 if len(m.Issuer) > 0 { 1342 i -= len(m.Issuer) 1343 copy(dAtA[i:], m.Issuer) 1344 i = encodeVarintPolicy(dAtA, i, uint64(len(m.Issuer))) 1345 i-- 1346 dAtA[i] = 0xa 1347 } 1348 return len(dAtA) - i, nil 1349} 1350 1351func (m *Jwt_TriggerRule) Marshal() (dAtA []byte, err error) { 1352 size := m.Size() 1353 dAtA = make([]byte, size) 1354 n, err := m.MarshalToSizedBuffer(dAtA[:size]) 1355 if err != nil { 1356 return nil, err 1357 } 1358 return dAtA[:n], nil 1359} 1360 1361func (m *Jwt_TriggerRule) MarshalTo(dAtA []byte) (int, error) { 1362 size := m.Size() 1363 return m.MarshalToSizedBuffer(dAtA[:size]) 1364} 1365 1366func (m *Jwt_TriggerRule) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1367 i := len(dAtA) 1368 _ = i 1369 var l int 1370 _ = l 1371 if m.XXX_unrecognized != nil { 1372 i -= len(m.XXX_unrecognized) 1373 copy(dAtA[i:], m.XXX_unrecognized) 1374 } 1375 if len(m.IncludedPaths) > 0 { 1376 for iNdEx := len(m.IncludedPaths) - 1; iNdEx >= 0; iNdEx-- { 1377 { 1378 size, err := m.IncludedPaths[iNdEx].MarshalToSizedBuffer(dAtA[:i]) 1379 if err != nil { 1380 return 0, err 1381 } 1382 i -= size 1383 i = encodeVarintPolicy(dAtA, i, uint64(size)) 1384 } 1385 i-- 1386 dAtA[i] = 0x12 1387 } 1388 } 1389 if len(m.ExcludedPaths) > 0 { 1390 for iNdEx := len(m.ExcludedPaths) - 1; iNdEx >= 0; iNdEx-- { 1391 { 1392 size, err := m.ExcludedPaths[iNdEx].MarshalToSizedBuffer(dAtA[:i]) 1393 if err != nil { 1394 return 0, err 1395 } 1396 i -= size 1397 i = encodeVarintPolicy(dAtA, i, uint64(size)) 1398 } 1399 i-- 1400 dAtA[i] = 0xa 1401 } 1402 } 1403 return len(dAtA) - i, nil 1404} 1405 1406func (m *PeerAuthenticationMethod) Marshal() (dAtA []byte, err error) { 1407 size := m.Size() 1408 dAtA = make([]byte, size) 1409 n, err := m.MarshalToSizedBuffer(dAtA[:size]) 1410 if err != nil { 1411 return nil, err 1412 } 1413 return dAtA[:n], nil 1414} 1415 1416func (m *PeerAuthenticationMethod) MarshalTo(dAtA []byte) (int, error) { 1417 size := m.Size() 1418 return m.MarshalToSizedBuffer(dAtA[:size]) 1419} 1420 1421func (m *PeerAuthenticationMethod) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1422 i := len(dAtA) 1423 _ = i 1424 var l int 1425 _ = l 1426 if m.XXX_unrecognized != nil { 1427 i -= len(m.XXX_unrecognized) 1428 copy(dAtA[i:], m.XXX_unrecognized) 1429 } 1430 if m.Params != nil { 1431 { 1432 size := m.Params.Size() 1433 i -= size 1434 if _, err := m.Params.MarshalTo(dAtA[i:]); err != nil { 1435 return 0, err 1436 } 1437 } 1438 } 1439 return len(dAtA) - i, nil 1440} 1441 1442func (m *PeerAuthenticationMethod_Mtls) MarshalTo(dAtA []byte) (int, error) { 1443 return m.MarshalToSizedBuffer(dAtA[:m.Size()]) 1444} 1445 1446func (m *PeerAuthenticationMethod_Mtls) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1447 i := len(dAtA) 1448 if m.Mtls != nil { 1449 { 1450 size, err := m.Mtls.MarshalToSizedBuffer(dAtA[:i]) 1451 if err != nil { 1452 return 0, err 1453 } 1454 i -= size 1455 i = encodeVarintPolicy(dAtA, i, uint64(size)) 1456 } 1457 i-- 1458 dAtA[i] = 0xa 1459 } 1460 return len(dAtA) - i, nil 1461} 1462func (m *PeerAuthenticationMethod_Jwt) MarshalTo(dAtA []byte) (int, error) { 1463 return m.MarshalToSizedBuffer(dAtA[:m.Size()]) 1464} 1465 1466func (m *PeerAuthenticationMethod_Jwt) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1467 i := len(dAtA) 1468 if m.Jwt != nil { 1469 { 1470 size, err := m.Jwt.MarshalToSizedBuffer(dAtA[:i]) 1471 if err != nil { 1472 return 0, err 1473 } 1474 i -= size 1475 i = encodeVarintPolicy(dAtA, i, uint64(size)) 1476 } 1477 i-- 1478 dAtA[i] = 0x12 1479 } 1480 return len(dAtA) - i, nil 1481} 1482func (m *OriginAuthenticationMethod) Marshal() (dAtA []byte, err error) { 1483 size := m.Size() 1484 dAtA = make([]byte, size) 1485 n, err := m.MarshalToSizedBuffer(dAtA[:size]) 1486 if err != nil { 1487 return nil, err 1488 } 1489 return dAtA[:n], nil 1490} 1491 1492func (m *OriginAuthenticationMethod) MarshalTo(dAtA []byte) (int, error) { 1493 size := m.Size() 1494 return m.MarshalToSizedBuffer(dAtA[:size]) 1495} 1496 1497func (m *OriginAuthenticationMethod) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1498 i := len(dAtA) 1499 _ = i 1500 var l int 1501 _ = l 1502 if m.XXX_unrecognized != nil { 1503 i -= len(m.XXX_unrecognized) 1504 copy(dAtA[i:], m.XXX_unrecognized) 1505 } 1506 if m.Jwt != nil { 1507 { 1508 size, err := m.Jwt.MarshalToSizedBuffer(dAtA[:i]) 1509 if err != nil { 1510 return 0, err 1511 } 1512 i -= size 1513 i = encodeVarintPolicy(dAtA, i, uint64(size)) 1514 } 1515 i-- 1516 dAtA[i] = 0xa 1517 } 1518 return len(dAtA) - i, nil 1519} 1520 1521func (m *Policy) Marshal() (dAtA []byte, err error) { 1522 size := m.Size() 1523 dAtA = make([]byte, size) 1524 n, err := m.MarshalToSizedBuffer(dAtA[:size]) 1525 if err != nil { 1526 return nil, err 1527 } 1528 return dAtA[:n], nil 1529} 1530 1531func (m *Policy) MarshalTo(dAtA []byte) (int, error) { 1532 size := m.Size() 1533 return m.MarshalToSizedBuffer(dAtA[:size]) 1534} 1535 1536func (m *Policy) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1537 i := len(dAtA) 1538 _ = i 1539 var l int 1540 _ = l 1541 if m.XXX_unrecognized != nil { 1542 i -= len(m.XXX_unrecognized) 1543 copy(dAtA[i:], m.XXX_unrecognized) 1544 } 1545 if m.PrincipalBinding != 0 { 1546 i = encodeVarintPolicy(dAtA, i, uint64(m.PrincipalBinding)) 1547 i-- 1548 dAtA[i] = 0x30 1549 } 1550 if m.OriginIsOptional { 1551 i-- 1552 if m.OriginIsOptional { 1553 dAtA[i] = 1 1554 } else { 1555 dAtA[i] = 0 1556 } 1557 i-- 1558 dAtA[i] = 0x28 1559 } 1560 if len(m.Origins) > 0 { 1561 for iNdEx := len(m.Origins) - 1; iNdEx >= 0; iNdEx-- { 1562 { 1563 size, err := m.Origins[iNdEx].MarshalToSizedBuffer(dAtA[:i]) 1564 if err != nil { 1565 return 0, err 1566 } 1567 i -= size 1568 i = encodeVarintPolicy(dAtA, i, uint64(size)) 1569 } 1570 i-- 1571 dAtA[i] = 0x22 1572 } 1573 } 1574 if m.PeerIsOptional { 1575 i-- 1576 if m.PeerIsOptional { 1577 dAtA[i] = 1 1578 } else { 1579 dAtA[i] = 0 1580 } 1581 i-- 1582 dAtA[i] = 0x18 1583 } 1584 if len(m.Peers) > 0 { 1585 for iNdEx := len(m.Peers) - 1; iNdEx >= 0; iNdEx-- { 1586 { 1587 size, err := m.Peers[iNdEx].MarshalToSizedBuffer(dAtA[:i]) 1588 if err != nil { 1589 return 0, err 1590 } 1591 i -= size 1592 i = encodeVarintPolicy(dAtA, i, uint64(size)) 1593 } 1594 i-- 1595 dAtA[i] = 0x12 1596 } 1597 } 1598 if len(m.Targets) > 0 { 1599 for iNdEx := len(m.Targets) - 1; iNdEx >= 0; iNdEx-- { 1600 { 1601 size, err := m.Targets[iNdEx].MarshalToSizedBuffer(dAtA[:i]) 1602 if err != nil { 1603 return 0, err 1604 } 1605 i -= size 1606 i = encodeVarintPolicy(dAtA, i, uint64(size)) 1607 } 1608 i-- 1609 dAtA[i] = 0xa 1610 } 1611 } 1612 return len(dAtA) - i, nil 1613} 1614 1615func (m *TargetSelector) Marshal() (dAtA []byte, err error) { 1616 size := m.Size() 1617 dAtA = make([]byte, size) 1618 n, err := m.MarshalToSizedBuffer(dAtA[:size]) 1619 if err != nil { 1620 return nil, err 1621 } 1622 return dAtA[:n], nil 1623} 1624 1625func (m *TargetSelector) MarshalTo(dAtA []byte) (int, error) { 1626 size := m.Size() 1627 return m.MarshalToSizedBuffer(dAtA[:size]) 1628} 1629 1630func (m *TargetSelector) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1631 i := len(dAtA) 1632 _ = i 1633 var l int 1634 _ = l 1635 if m.XXX_unrecognized != nil { 1636 i -= len(m.XXX_unrecognized) 1637 copy(dAtA[i:], m.XXX_unrecognized) 1638 } 1639 if len(m.Ports) > 0 { 1640 for iNdEx := len(m.Ports) - 1; iNdEx >= 0; iNdEx-- { 1641 { 1642 size, err := m.Ports[iNdEx].MarshalToSizedBuffer(dAtA[:i]) 1643 if err != nil { 1644 return 0, err 1645 } 1646 i -= size 1647 i = encodeVarintPolicy(dAtA, i, uint64(size)) 1648 } 1649 i-- 1650 dAtA[i] = 0x12 1651 } 1652 } 1653 if len(m.Name) > 0 { 1654 i -= len(m.Name) 1655 copy(dAtA[i:], m.Name) 1656 i = encodeVarintPolicy(dAtA, i, uint64(len(m.Name))) 1657 i-- 1658 dAtA[i] = 0xa 1659 } 1660 return len(dAtA) - i, nil 1661} 1662 1663func (m *PortSelector) Marshal() (dAtA []byte, err error) { 1664 size := m.Size() 1665 dAtA = make([]byte, size) 1666 n, err := m.MarshalToSizedBuffer(dAtA[:size]) 1667 if err != nil { 1668 return nil, err 1669 } 1670 return dAtA[:n], nil 1671} 1672 1673func (m *PortSelector) MarshalTo(dAtA []byte) (int, error) { 1674 size := m.Size() 1675 return m.MarshalToSizedBuffer(dAtA[:size]) 1676} 1677 1678func (m *PortSelector) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1679 i := len(dAtA) 1680 _ = i 1681 var l int 1682 _ = l 1683 if m.XXX_unrecognized != nil { 1684 i -= len(m.XXX_unrecognized) 1685 copy(dAtA[i:], m.XXX_unrecognized) 1686 } 1687 if m.Port != nil { 1688 { 1689 size := m.Port.Size() 1690 i -= size 1691 if _, err := m.Port.MarshalTo(dAtA[i:]); err != nil { 1692 return 0, err 1693 } 1694 } 1695 } 1696 return len(dAtA) - i, nil 1697} 1698 1699func (m *PortSelector_Number) MarshalTo(dAtA []byte) (int, error) { 1700 return m.MarshalToSizedBuffer(dAtA[:m.Size()]) 1701} 1702 1703func (m *PortSelector_Number) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1704 i := len(dAtA) 1705 i = encodeVarintPolicy(dAtA, i, uint64(m.Number)) 1706 i-- 1707 dAtA[i] = 0x8 1708 return len(dAtA) - i, nil 1709} 1710func (m *PortSelector_Name) MarshalTo(dAtA []byte) (int, error) { 1711 return m.MarshalToSizedBuffer(dAtA[:m.Size()]) 1712} 1713 1714func (m *PortSelector_Name) MarshalToSizedBuffer(dAtA []byte) (int, error) { 1715 i := len(dAtA) 1716 i -= len(m.Name) 1717 copy(dAtA[i:], m.Name) 1718 i = encodeVarintPolicy(dAtA, i, uint64(len(m.Name))) 1719 i-- 1720 dAtA[i] = 0x12 1721 return len(dAtA) - i, nil 1722} 1723func encodeVarintPolicy(dAtA []byte, offset int, v uint64) int { 1724 offset -= sovPolicy(v) 1725 base := offset 1726 for v >= 1<<7 { 1727 dAtA[offset] = uint8(v&0x7f | 0x80) 1728 v >>= 7 1729 offset++ 1730 } 1731 dAtA[offset] = uint8(v) 1732 return base 1733} 1734func (m *StringMatch) Size() (n int) { 1735 if m == nil { 1736 return 0 1737 } 1738 var l int 1739 _ = l 1740 if m.MatchType != nil { 1741 n += m.MatchType.Size() 1742 } 1743 if m.XXX_unrecognized != nil { 1744 n += len(m.XXX_unrecognized) 1745 } 1746 return n 1747} 1748 1749func (m *StringMatch_Exact) Size() (n int) { 1750 if m == nil { 1751 return 0 1752 } 1753 var l int 1754 _ = l 1755 l = len(m.Exact) 1756 n += 1 + l + sovPolicy(uint64(l)) 1757 return n 1758} 1759func (m *StringMatch_Prefix) Size() (n int) { 1760 if m == nil { 1761 return 0 1762 } 1763 var l int 1764 _ = l 1765 l = len(m.Prefix) 1766 n += 1 + l + sovPolicy(uint64(l)) 1767 return n 1768} 1769func (m *StringMatch_Suffix) Size() (n int) { 1770 if m == nil { 1771 return 0 1772 } 1773 var l int 1774 _ = l 1775 l = len(m.Suffix) 1776 n += 1 + l + sovPolicy(uint64(l)) 1777 return n 1778} 1779func (m *StringMatch_Regex) Size() (n int) { 1780 if m == nil { 1781 return 0 1782 } 1783 var l int 1784 _ = l 1785 l = len(m.Regex) 1786 n += 1 + l + sovPolicy(uint64(l)) 1787 return n 1788} 1789func (m *MutualTls) Size() (n int) { 1790 if m == nil { 1791 return 0 1792 } 1793 var l int 1794 _ = l 1795 if m.AllowTls { 1796 n += 2 1797 } 1798 if m.Mode != 0 { 1799 n += 1 + sovPolicy(uint64(m.Mode)) 1800 } 1801 if m.XXX_unrecognized != nil { 1802 n += len(m.XXX_unrecognized) 1803 } 1804 return n 1805} 1806 1807func (m *Jwt) Size() (n int) { 1808 if m == nil { 1809 return 0 1810 } 1811 var l int 1812 _ = l 1813 l = len(m.Issuer) 1814 if l > 0 { 1815 n += 1 + l + sovPolicy(uint64(l)) 1816 } 1817 if len(m.Audiences) > 0 { 1818 for _, s := range m.Audiences { 1819 l = len(s) 1820 n += 1 + l + sovPolicy(uint64(l)) 1821 } 1822 } 1823 l = len(m.JwksUri) 1824 if l > 0 { 1825 n += 1 + l + sovPolicy(uint64(l)) 1826 } 1827 if len(m.JwtHeaders) > 0 { 1828 for _, s := range m.JwtHeaders { 1829 l = len(s) 1830 n += 1 + l + sovPolicy(uint64(l)) 1831 } 1832 } 1833 if len(m.JwtParams) > 0 { 1834 for _, s := range m.JwtParams { 1835 l = len(s) 1836 n += 1 + l + sovPolicy(uint64(l)) 1837 } 1838 } 1839 if len(m.TriggerRules) > 0 { 1840 for _, e := range m.TriggerRules { 1841 l = e.Size() 1842 n += 1 + l + sovPolicy(uint64(l)) 1843 } 1844 } 1845 l = len(m.Jwks) 1846 if l > 0 { 1847 n += 1 + l + sovPolicy(uint64(l)) 1848 } 1849 if m.XXX_unrecognized != nil { 1850 n += len(m.XXX_unrecognized) 1851 } 1852 return n 1853} 1854 1855func (m *Jwt_TriggerRule) Size() (n int) { 1856 if m == nil { 1857 return 0 1858 } 1859 var l int 1860 _ = l 1861 if len(m.ExcludedPaths) > 0 { 1862 for _, e := range m.ExcludedPaths { 1863 l = e.Size() 1864 n += 1 + l + sovPolicy(uint64(l)) 1865 } 1866 } 1867 if len(m.IncludedPaths) > 0 { 1868 for _, e := range m.IncludedPaths { 1869 l = e.Size() 1870 n += 1 + l + sovPolicy(uint64(l)) 1871 } 1872 } 1873 if m.XXX_unrecognized != nil { 1874 n += len(m.XXX_unrecognized) 1875 } 1876 return n 1877} 1878 1879func (m *PeerAuthenticationMethod) Size() (n int) { 1880 if m == nil { 1881 return 0 1882 } 1883 var l int 1884 _ = l 1885 if m.Params != nil { 1886 n += m.Params.Size() 1887 } 1888 if m.XXX_unrecognized != nil { 1889 n += len(m.XXX_unrecognized) 1890 } 1891 return n 1892} 1893 1894func (m *PeerAuthenticationMethod_Mtls) Size() (n int) { 1895 if m == nil { 1896 return 0 1897 } 1898 var l int 1899 _ = l 1900 if m.Mtls != nil { 1901 l = m.Mtls.Size() 1902 n += 1 + l + sovPolicy(uint64(l)) 1903 } 1904 return n 1905} 1906func (m *PeerAuthenticationMethod_Jwt) Size() (n int) { 1907 if m == nil { 1908 return 0 1909 } 1910 var l int 1911 _ = l 1912 if m.Jwt != nil { 1913 l = m.Jwt.Size() 1914 n += 1 + l + sovPolicy(uint64(l)) 1915 } 1916 return n 1917} 1918func (m *OriginAuthenticationMethod) Size() (n int) { 1919 if m == nil { 1920 return 0 1921 } 1922 var l int 1923 _ = l 1924 if m.Jwt != nil { 1925 l = m.Jwt.Size() 1926 n += 1 + l + sovPolicy(uint64(l)) 1927 } 1928 if m.XXX_unrecognized != nil { 1929 n += len(m.XXX_unrecognized) 1930 } 1931 return n 1932} 1933 1934func (m *Policy) Size() (n int) { 1935 if m == nil { 1936 return 0 1937 } 1938 var l int 1939 _ = l 1940 if len(m.Targets) > 0 { 1941 for _, e := range m.Targets { 1942 l = e.Size() 1943 n += 1 + l + sovPolicy(uint64(l)) 1944 } 1945 } 1946 if len(m.Peers) > 0 { 1947 for _, e := range m.Peers { 1948 l = e.Size() 1949 n += 1 + l + sovPolicy(uint64(l)) 1950 } 1951 } 1952 if m.PeerIsOptional { 1953 n += 2 1954 } 1955 if len(m.Origins) > 0 { 1956 for _, e := range m.Origins { 1957 l = e.Size() 1958 n += 1 + l + sovPolicy(uint64(l)) 1959 } 1960 } 1961 if m.OriginIsOptional { 1962 n += 2 1963 } 1964 if m.PrincipalBinding != 0 { 1965 n += 1 + sovPolicy(uint64(m.PrincipalBinding)) 1966 } 1967 if m.XXX_unrecognized != nil { 1968 n += len(m.XXX_unrecognized) 1969 } 1970 return n 1971} 1972 1973func (m *TargetSelector) Size() (n int) { 1974 if m == nil { 1975 return 0 1976 } 1977 var l int 1978 _ = l 1979 l = len(m.Name) 1980 if l > 0 { 1981 n += 1 + l + sovPolicy(uint64(l)) 1982 } 1983 if len(m.Ports) > 0 { 1984 for _, e := range m.Ports { 1985 l = e.Size() 1986 n += 1 + l + sovPolicy(uint64(l)) 1987 } 1988 } 1989 if m.XXX_unrecognized != nil { 1990 n += len(m.XXX_unrecognized) 1991 } 1992 return n 1993} 1994 1995func (m *PortSelector) Size() (n int) { 1996 if m == nil { 1997 return 0 1998 } 1999 var l int 2000 _ = l 2001 if m.Port != nil { 2002 n += m.Port.Size() 2003 } 2004 if m.XXX_unrecognized != nil { 2005 n += len(m.XXX_unrecognized) 2006 } 2007 return n 2008} 2009 2010func (m *PortSelector_Number) Size() (n int) { 2011 if m == nil { 2012 return 0 2013 } 2014 var l int 2015 _ = l 2016 n += 1 + sovPolicy(uint64(m.Number)) 2017 return n 2018} 2019func (m *PortSelector_Name) Size() (n int) { 2020 if m == nil { 2021 return 0 2022 } 2023 var l int 2024 _ = l 2025 l = len(m.Name) 2026 n += 1 + l + sovPolicy(uint64(l)) 2027 return n 2028} 2029 2030func sovPolicy(x uint64) (n int) { 2031 return (math_bits.Len64(x|1) + 6) / 7 2032} 2033func sozPolicy(x uint64) (n int) { 2034 return sovPolicy(uint64((x << 1) ^ uint64((int64(x) >> 63)))) 2035} 2036func (m *StringMatch) Unmarshal(dAtA []byte) error { 2037 l := len(dAtA) 2038 iNdEx := 0 2039 for iNdEx < l { 2040 preIndex := iNdEx 2041 var wire uint64 2042 for shift := uint(0); ; shift += 7 { 2043 if shift >= 64 { 2044 return ErrIntOverflowPolicy 2045 } 2046 if iNdEx >= l { 2047 return io.ErrUnexpectedEOF 2048 } 2049 b := dAtA[iNdEx] 2050 iNdEx++ 2051 wire |= uint64(b&0x7F) << shift 2052 if b < 0x80 { 2053 break 2054 } 2055 } 2056 fieldNum := int32(wire >> 3) 2057 wireType := int(wire & 0x7) 2058 if wireType == 4 { 2059 return fmt.Errorf("proto: StringMatch: wiretype end group for non-group") 2060 } 2061 if fieldNum <= 0 { 2062 return fmt.Errorf("proto: StringMatch: illegal tag %d (wire type %d)", fieldNum, wire) 2063 } 2064 switch fieldNum { 2065 case 1: 2066 if wireType != 2 { 2067 return fmt.Errorf("proto: wrong wireType = %d for field Exact", wireType) 2068 } 2069 var stringLen uint64 2070 for shift := uint(0); ; shift += 7 { 2071 if shift >= 64 { 2072 return ErrIntOverflowPolicy 2073 } 2074 if iNdEx >= l { 2075 return io.ErrUnexpectedEOF 2076 } 2077 b := dAtA[iNdEx] 2078 iNdEx++ 2079 stringLen |= uint64(b&0x7F) << shift 2080 if b < 0x80 { 2081 break 2082 } 2083 } 2084 intStringLen := int(stringLen) 2085 if intStringLen < 0 { 2086 return ErrInvalidLengthPolicy 2087 } 2088 postIndex := iNdEx + intStringLen 2089 if postIndex < 0 { 2090 return ErrInvalidLengthPolicy 2091 } 2092 if postIndex > l { 2093 return io.ErrUnexpectedEOF 2094 } 2095 m.MatchType = &StringMatch_Exact{string(dAtA[iNdEx:postIndex])} 2096 iNdEx = postIndex 2097 case 2: 2098 if wireType != 2 { 2099 return fmt.Errorf("proto: wrong wireType = %d for field Prefix", wireType) 2100 } 2101 var stringLen uint64 2102 for shift := uint(0); ; shift += 7 { 2103 if shift >= 64 { 2104 return ErrIntOverflowPolicy 2105 } 2106 if iNdEx >= l { 2107 return io.ErrUnexpectedEOF 2108 } 2109 b := dAtA[iNdEx] 2110 iNdEx++ 2111 stringLen |= uint64(b&0x7F) << shift 2112 if b < 0x80 { 2113 break 2114 } 2115 } 2116 intStringLen := int(stringLen) 2117 if intStringLen < 0 { 2118 return ErrInvalidLengthPolicy 2119 } 2120 postIndex := iNdEx + intStringLen 2121 if postIndex < 0 { 2122 return ErrInvalidLengthPolicy 2123 } 2124 if postIndex > l { 2125 return io.ErrUnexpectedEOF 2126 } 2127 m.MatchType = &StringMatch_Prefix{string(dAtA[iNdEx:postIndex])} 2128 iNdEx = postIndex 2129 case 3: 2130 if wireType != 2 { 2131 return fmt.Errorf("proto: wrong wireType = %d for field Suffix", wireType) 2132 } 2133 var stringLen uint64 2134 for shift := uint(0); ; shift += 7 { 2135 if shift >= 64 { 2136 return ErrIntOverflowPolicy 2137 } 2138 if iNdEx >= l { 2139 return io.ErrUnexpectedEOF 2140 } 2141 b := dAtA[iNdEx] 2142 iNdEx++ 2143 stringLen |= uint64(b&0x7F) << shift 2144 if b < 0x80 { 2145 break 2146 } 2147 } 2148 intStringLen := int(stringLen) 2149 if intStringLen < 0 { 2150 return ErrInvalidLengthPolicy 2151 } 2152 postIndex := iNdEx + intStringLen 2153 if postIndex < 0 { 2154 return ErrInvalidLengthPolicy 2155 } 2156 if postIndex > l { 2157 return io.ErrUnexpectedEOF 2158 } 2159 m.MatchType = &StringMatch_Suffix{string(dAtA[iNdEx:postIndex])} 2160 iNdEx = postIndex 2161 case 4: 2162 if wireType != 2 { 2163 return fmt.Errorf("proto: wrong wireType = %d for field Regex", wireType) 2164 } 2165 var stringLen uint64 2166 for shift := uint(0); ; shift += 7 { 2167 if shift >= 64 { 2168 return ErrIntOverflowPolicy 2169 } 2170 if iNdEx >= l { 2171 return io.ErrUnexpectedEOF 2172 } 2173 b := dAtA[iNdEx] 2174 iNdEx++ 2175 stringLen |= uint64(b&0x7F) << shift 2176 if b < 0x80 { 2177 break 2178 } 2179 } 2180 intStringLen := int(stringLen) 2181 if intStringLen < 0 { 2182 return ErrInvalidLengthPolicy 2183 } 2184 postIndex := iNdEx + intStringLen 2185 if postIndex < 0 { 2186 return ErrInvalidLengthPolicy 2187 } 2188 if postIndex > l { 2189 return io.ErrUnexpectedEOF 2190 } 2191 m.MatchType = &StringMatch_Regex{string(dAtA[iNdEx:postIndex])} 2192 iNdEx = postIndex 2193 default: 2194 iNdEx = preIndex 2195 skippy, err := skipPolicy(dAtA[iNdEx:]) 2196 if err != nil { 2197 return err 2198 } 2199 if skippy < 0 { 2200 return ErrInvalidLengthPolicy 2201 } 2202 if (iNdEx + skippy) < 0 { 2203 return ErrInvalidLengthPolicy 2204 } 2205 if (iNdEx + skippy) > l { 2206 return io.ErrUnexpectedEOF 2207 } 2208 m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) 2209 iNdEx += skippy 2210 } 2211 } 2212 2213 if iNdEx > l { 2214 return io.ErrUnexpectedEOF 2215 } 2216 return nil 2217} 2218func (m *MutualTls) Unmarshal(dAtA []byte) error { 2219 l := len(dAtA) 2220 iNdEx := 0 2221 for iNdEx < l { 2222 preIndex := iNdEx 2223 var wire uint64 2224 for shift := uint(0); ; shift += 7 { 2225 if shift >= 64 { 2226 return ErrIntOverflowPolicy 2227 } 2228 if iNdEx >= l { 2229 return io.ErrUnexpectedEOF 2230 } 2231 b := dAtA[iNdEx] 2232 iNdEx++ 2233 wire |= uint64(b&0x7F) << shift 2234 if b < 0x80 { 2235 break 2236 } 2237 } 2238 fieldNum := int32(wire >> 3) 2239 wireType := int(wire & 0x7) 2240 if wireType == 4 { 2241 return fmt.Errorf("proto: MutualTls: wiretype end group for non-group") 2242 } 2243 if fieldNum <= 0 { 2244 return fmt.Errorf("proto: MutualTls: illegal tag %d (wire type %d)", fieldNum, wire) 2245 } 2246 switch fieldNum { 2247 case 1: 2248 if wireType != 0 { 2249 return fmt.Errorf("proto: wrong wireType = %d for field AllowTls", wireType) 2250 } 2251 var v int 2252 for shift := uint(0); ; shift += 7 { 2253 if shift >= 64 { 2254 return ErrIntOverflowPolicy 2255 } 2256 if iNdEx >= l { 2257 return io.ErrUnexpectedEOF 2258 } 2259 b := dAtA[iNdEx] 2260 iNdEx++ 2261 v |= int(b&0x7F) << shift 2262 if b < 0x80 { 2263 break 2264 } 2265 } 2266 m.AllowTls = bool(v != 0) 2267 case 2: 2268 if wireType != 0 { 2269 return fmt.Errorf("proto: wrong wireType = %d for field Mode", wireType) 2270 } 2271 m.Mode = 0 2272 for shift := uint(0); ; shift += 7 { 2273 if shift >= 64 { 2274 return ErrIntOverflowPolicy 2275 } 2276 if iNdEx >= l { 2277 return io.ErrUnexpectedEOF 2278 } 2279 b := dAtA[iNdEx] 2280 iNdEx++ 2281 m.Mode |= MutualTls_Mode(b&0x7F) << shift 2282 if b < 0x80 { 2283 break 2284 } 2285 } 2286 default: 2287 iNdEx = preIndex 2288 skippy, err := skipPolicy(dAtA[iNdEx:]) 2289 if err != nil { 2290 return err 2291 } 2292 if skippy < 0 { 2293 return ErrInvalidLengthPolicy 2294 } 2295 if (iNdEx + skippy) < 0 { 2296 return ErrInvalidLengthPolicy 2297 } 2298 if (iNdEx + skippy) > l { 2299 return io.ErrUnexpectedEOF 2300 } 2301 m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) 2302 iNdEx += skippy 2303 } 2304 } 2305 2306 if iNdEx > l { 2307 return io.ErrUnexpectedEOF 2308 } 2309 return nil 2310} 2311func (m *Jwt) Unmarshal(dAtA []byte) error { 2312 l := len(dAtA) 2313 iNdEx := 0 2314 for iNdEx < l { 2315 preIndex := iNdEx 2316 var wire uint64 2317 for shift := uint(0); ; shift += 7 { 2318 if shift >= 64 { 2319 return ErrIntOverflowPolicy 2320 } 2321 if iNdEx >= l { 2322 return io.ErrUnexpectedEOF 2323 } 2324 b := dAtA[iNdEx] 2325 iNdEx++ 2326 wire |= uint64(b&0x7F) << shift 2327 if b < 0x80 { 2328 break 2329 } 2330 } 2331 fieldNum := int32(wire >> 3) 2332 wireType := int(wire & 0x7) 2333 if wireType == 4 { 2334 return fmt.Errorf("proto: Jwt: wiretype end group for non-group") 2335 } 2336 if fieldNum <= 0 { 2337 return fmt.Errorf("proto: Jwt: illegal tag %d (wire type %d)", fieldNum, wire) 2338 } 2339 switch fieldNum { 2340 case 1: 2341 if wireType != 2 { 2342 return fmt.Errorf("proto: wrong wireType = %d for field Issuer", wireType) 2343 } 2344 var stringLen uint64 2345 for shift := uint(0); ; shift += 7 { 2346 if shift >= 64 { 2347 return ErrIntOverflowPolicy 2348 } 2349 if iNdEx >= l { 2350 return io.ErrUnexpectedEOF 2351 } 2352 b := dAtA[iNdEx] 2353 iNdEx++ 2354 stringLen |= uint64(b&0x7F) << shift 2355 if b < 0x80 { 2356 break 2357 } 2358 } 2359 intStringLen := int(stringLen) 2360 if intStringLen < 0 { 2361 return ErrInvalidLengthPolicy 2362 } 2363 postIndex := iNdEx + intStringLen 2364 if postIndex < 0 { 2365 return ErrInvalidLengthPolicy 2366 } 2367 if postIndex > l { 2368 return io.ErrUnexpectedEOF 2369 } 2370 m.Issuer = string(dAtA[iNdEx:postIndex]) 2371 iNdEx = postIndex 2372 case 2: 2373 if wireType != 2 { 2374 return fmt.Errorf("proto: wrong wireType = %d for field Audiences", wireType) 2375 } 2376 var stringLen uint64 2377 for shift := uint(0); ; shift += 7 { 2378 if shift >= 64 { 2379 return ErrIntOverflowPolicy 2380 } 2381 if iNdEx >= l { 2382 return io.ErrUnexpectedEOF 2383 } 2384 b := dAtA[iNdEx] 2385 iNdEx++ 2386 stringLen |= uint64(b&0x7F) << shift 2387 if b < 0x80 { 2388 break 2389 } 2390 } 2391 intStringLen := int(stringLen) 2392 if intStringLen < 0 { 2393 return ErrInvalidLengthPolicy 2394 } 2395 postIndex := iNdEx + intStringLen 2396 if postIndex < 0 { 2397 return ErrInvalidLengthPolicy 2398 } 2399 if postIndex > l { 2400 return io.ErrUnexpectedEOF 2401 } 2402 m.Audiences = append(m.Audiences, string(dAtA[iNdEx:postIndex])) 2403 iNdEx = postIndex 2404 case 3: 2405 if wireType != 2 { 2406 return fmt.Errorf("proto: wrong wireType = %d for field JwksUri", wireType) 2407 } 2408 var stringLen uint64 2409 for shift := uint(0); ; shift += 7 { 2410 if shift >= 64 { 2411 return ErrIntOverflowPolicy 2412 } 2413 if iNdEx >= l { 2414 return io.ErrUnexpectedEOF 2415 } 2416 b := dAtA[iNdEx] 2417 iNdEx++ 2418 stringLen |= uint64(b&0x7F) << shift 2419 if b < 0x80 { 2420 break 2421 } 2422 } 2423 intStringLen := int(stringLen) 2424 if intStringLen < 0 { 2425 return ErrInvalidLengthPolicy 2426 } 2427 postIndex := iNdEx + intStringLen 2428 if postIndex < 0 { 2429 return ErrInvalidLengthPolicy 2430 } 2431 if postIndex > l { 2432 return io.ErrUnexpectedEOF 2433 } 2434 m.JwksUri = string(dAtA[iNdEx:postIndex]) 2435 iNdEx = postIndex 2436 case 6: 2437 if wireType != 2 { 2438 return fmt.Errorf("proto: wrong wireType = %d for field JwtHeaders", wireType) 2439 } 2440 var stringLen uint64 2441 for shift := uint(0); ; shift += 7 { 2442 if shift >= 64 { 2443 return ErrIntOverflowPolicy 2444 } 2445 if iNdEx >= l { 2446 return io.ErrUnexpectedEOF 2447 } 2448 b := dAtA[iNdEx] 2449 iNdEx++ 2450 stringLen |= uint64(b&0x7F) << shift 2451 if b < 0x80 { 2452 break 2453 } 2454 } 2455 intStringLen := int(stringLen) 2456 if intStringLen < 0 { 2457 return ErrInvalidLengthPolicy 2458 } 2459 postIndex := iNdEx + intStringLen 2460 if postIndex < 0 { 2461 return ErrInvalidLengthPolicy 2462 } 2463 if postIndex > l { 2464 return io.ErrUnexpectedEOF 2465 } 2466 m.JwtHeaders = append(m.JwtHeaders, string(dAtA[iNdEx:postIndex])) 2467 iNdEx = postIndex 2468 case 7: 2469 if wireType != 2 { 2470 return fmt.Errorf("proto: wrong wireType = %d for field JwtParams", wireType) 2471 } 2472 var stringLen uint64 2473 for shift := uint(0); ; shift += 7 { 2474 if shift >= 64 { 2475 return ErrIntOverflowPolicy 2476 } 2477 if iNdEx >= l { 2478 return io.ErrUnexpectedEOF 2479 } 2480 b := dAtA[iNdEx] 2481 iNdEx++ 2482 stringLen |= uint64(b&0x7F) << shift 2483 if b < 0x80 { 2484 break 2485 } 2486 } 2487 intStringLen := int(stringLen) 2488 if intStringLen < 0 { 2489 return ErrInvalidLengthPolicy 2490 } 2491 postIndex := iNdEx + intStringLen 2492 if postIndex < 0 { 2493 return ErrInvalidLengthPolicy 2494 } 2495 if postIndex > l { 2496 return io.ErrUnexpectedEOF 2497 } 2498 m.JwtParams = append(m.JwtParams, string(dAtA[iNdEx:postIndex])) 2499 iNdEx = postIndex 2500 case 9: 2501 if wireType != 2 { 2502 return fmt.Errorf("proto: wrong wireType = %d for field TriggerRules", wireType) 2503 } 2504 var msglen int 2505 for shift := uint(0); ; shift += 7 { 2506 if shift >= 64 { 2507 return ErrIntOverflowPolicy 2508 } 2509 if iNdEx >= l { 2510 return io.ErrUnexpectedEOF 2511 } 2512 b := dAtA[iNdEx] 2513 iNdEx++ 2514 msglen |= int(b&0x7F) << shift 2515 if b < 0x80 { 2516 break 2517 } 2518 } 2519 if msglen < 0 { 2520 return ErrInvalidLengthPolicy 2521 } 2522 postIndex := iNdEx + msglen 2523 if postIndex < 0 { 2524 return ErrInvalidLengthPolicy 2525 } 2526 if postIndex > l { 2527 return io.ErrUnexpectedEOF 2528 } 2529 m.TriggerRules = append(m.TriggerRules, &Jwt_TriggerRule{}) 2530 if err := m.TriggerRules[len(m.TriggerRules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 2531 return err 2532 } 2533 iNdEx = postIndex 2534 case 10: 2535 if wireType != 2 { 2536 return fmt.Errorf("proto: wrong wireType = %d for field Jwks", wireType) 2537 } 2538 var stringLen uint64 2539 for shift := uint(0); ; shift += 7 { 2540 if shift >= 64 { 2541 return ErrIntOverflowPolicy 2542 } 2543 if iNdEx >= l { 2544 return io.ErrUnexpectedEOF 2545 } 2546 b := dAtA[iNdEx] 2547 iNdEx++ 2548 stringLen |= uint64(b&0x7F) << shift 2549 if b < 0x80 { 2550 break 2551 } 2552 } 2553 intStringLen := int(stringLen) 2554 if intStringLen < 0 { 2555 return ErrInvalidLengthPolicy 2556 } 2557 postIndex := iNdEx + intStringLen 2558 if postIndex < 0 { 2559 return ErrInvalidLengthPolicy 2560 } 2561 if postIndex > l { 2562 return io.ErrUnexpectedEOF 2563 } 2564 m.Jwks = string(dAtA[iNdEx:postIndex]) 2565 iNdEx = postIndex 2566 default: 2567 iNdEx = preIndex 2568 skippy, err := skipPolicy(dAtA[iNdEx:]) 2569 if err != nil { 2570 return err 2571 } 2572 if skippy < 0 { 2573 return ErrInvalidLengthPolicy 2574 } 2575 if (iNdEx + skippy) < 0 { 2576 return ErrInvalidLengthPolicy 2577 } 2578 if (iNdEx + skippy) > l { 2579 return io.ErrUnexpectedEOF 2580 } 2581 m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) 2582 iNdEx += skippy 2583 } 2584 } 2585 2586 if iNdEx > l { 2587 return io.ErrUnexpectedEOF 2588 } 2589 return nil 2590} 2591func (m *Jwt_TriggerRule) Unmarshal(dAtA []byte) error { 2592 l := len(dAtA) 2593 iNdEx := 0 2594 for iNdEx < l { 2595 preIndex := iNdEx 2596 var wire uint64 2597 for shift := uint(0); ; shift += 7 { 2598 if shift >= 64 { 2599 return ErrIntOverflowPolicy 2600 } 2601 if iNdEx >= l { 2602 return io.ErrUnexpectedEOF 2603 } 2604 b := dAtA[iNdEx] 2605 iNdEx++ 2606 wire |= uint64(b&0x7F) << shift 2607 if b < 0x80 { 2608 break 2609 } 2610 } 2611 fieldNum := int32(wire >> 3) 2612 wireType := int(wire & 0x7) 2613 if wireType == 4 { 2614 return fmt.Errorf("proto: TriggerRule: wiretype end group for non-group") 2615 } 2616 if fieldNum <= 0 { 2617 return fmt.Errorf("proto: TriggerRule: illegal tag %d (wire type %d)", fieldNum, wire) 2618 } 2619 switch fieldNum { 2620 case 1: 2621 if wireType != 2 { 2622 return fmt.Errorf("proto: wrong wireType = %d for field ExcludedPaths", wireType) 2623 } 2624 var msglen int 2625 for shift := uint(0); ; shift += 7 { 2626 if shift >= 64 { 2627 return ErrIntOverflowPolicy 2628 } 2629 if iNdEx >= l { 2630 return io.ErrUnexpectedEOF 2631 } 2632 b := dAtA[iNdEx] 2633 iNdEx++ 2634 msglen |= int(b&0x7F) << shift 2635 if b < 0x80 { 2636 break 2637 } 2638 } 2639 if msglen < 0 { 2640 return ErrInvalidLengthPolicy 2641 } 2642 postIndex := iNdEx + msglen 2643 if postIndex < 0 { 2644 return ErrInvalidLengthPolicy 2645 } 2646 if postIndex > l { 2647 return io.ErrUnexpectedEOF 2648 } 2649 m.ExcludedPaths = append(m.ExcludedPaths, &StringMatch{}) 2650 if err := m.ExcludedPaths[len(m.ExcludedPaths)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 2651 return err 2652 } 2653 iNdEx = postIndex 2654 case 2: 2655 if wireType != 2 { 2656 return fmt.Errorf("proto: wrong wireType = %d for field IncludedPaths", wireType) 2657 } 2658 var msglen int 2659 for shift := uint(0); ; shift += 7 { 2660 if shift >= 64 { 2661 return ErrIntOverflowPolicy 2662 } 2663 if iNdEx >= l { 2664 return io.ErrUnexpectedEOF 2665 } 2666 b := dAtA[iNdEx] 2667 iNdEx++ 2668 msglen |= int(b&0x7F) << shift 2669 if b < 0x80 { 2670 break 2671 } 2672 } 2673 if msglen < 0 { 2674 return ErrInvalidLengthPolicy 2675 } 2676 postIndex := iNdEx + msglen 2677 if postIndex < 0 { 2678 return ErrInvalidLengthPolicy 2679 } 2680 if postIndex > l { 2681 return io.ErrUnexpectedEOF 2682 } 2683 m.IncludedPaths = append(m.IncludedPaths, &StringMatch{}) 2684 if err := m.IncludedPaths[len(m.IncludedPaths)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 2685 return err 2686 } 2687 iNdEx = postIndex 2688 default: 2689 iNdEx = preIndex 2690 skippy, err := skipPolicy(dAtA[iNdEx:]) 2691 if err != nil { 2692 return err 2693 } 2694 if skippy < 0 { 2695 return ErrInvalidLengthPolicy 2696 } 2697 if (iNdEx + skippy) < 0 { 2698 return ErrInvalidLengthPolicy 2699 } 2700 if (iNdEx + skippy) > l { 2701 return io.ErrUnexpectedEOF 2702 } 2703 m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) 2704 iNdEx += skippy 2705 } 2706 } 2707 2708 if iNdEx > l { 2709 return io.ErrUnexpectedEOF 2710 } 2711 return nil 2712} 2713func (m *PeerAuthenticationMethod) Unmarshal(dAtA []byte) error { 2714 l := len(dAtA) 2715 iNdEx := 0 2716 for iNdEx < l { 2717 preIndex := iNdEx 2718 var wire uint64 2719 for shift := uint(0); ; shift += 7 { 2720 if shift >= 64 { 2721 return ErrIntOverflowPolicy 2722 } 2723 if iNdEx >= l { 2724 return io.ErrUnexpectedEOF 2725 } 2726 b := dAtA[iNdEx] 2727 iNdEx++ 2728 wire |= uint64(b&0x7F) << shift 2729 if b < 0x80 { 2730 break 2731 } 2732 } 2733 fieldNum := int32(wire >> 3) 2734 wireType := int(wire & 0x7) 2735 if wireType == 4 { 2736 return fmt.Errorf("proto: PeerAuthenticationMethod: wiretype end group for non-group") 2737 } 2738 if fieldNum <= 0 { 2739 return fmt.Errorf("proto: PeerAuthenticationMethod: illegal tag %d (wire type %d)", fieldNum, wire) 2740 } 2741 switch fieldNum { 2742 case 1: 2743 if wireType != 2 { 2744 return fmt.Errorf("proto: wrong wireType = %d for field Mtls", wireType) 2745 } 2746 var msglen int 2747 for shift := uint(0); ; shift += 7 { 2748 if shift >= 64 { 2749 return ErrIntOverflowPolicy 2750 } 2751 if iNdEx >= l { 2752 return io.ErrUnexpectedEOF 2753 } 2754 b := dAtA[iNdEx] 2755 iNdEx++ 2756 msglen |= int(b&0x7F) << shift 2757 if b < 0x80 { 2758 break 2759 } 2760 } 2761 if msglen < 0 { 2762 return ErrInvalidLengthPolicy 2763 } 2764 postIndex := iNdEx + msglen 2765 if postIndex < 0 { 2766 return ErrInvalidLengthPolicy 2767 } 2768 if postIndex > l { 2769 return io.ErrUnexpectedEOF 2770 } 2771 v := &MutualTls{} 2772 if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 2773 return err 2774 } 2775 m.Params = &PeerAuthenticationMethod_Mtls{v} 2776 iNdEx = postIndex 2777 case 2: 2778 if wireType != 2 { 2779 return fmt.Errorf("proto: wrong wireType = %d for field Jwt", wireType) 2780 } 2781 var msglen int 2782 for shift := uint(0); ; shift += 7 { 2783 if shift >= 64 { 2784 return ErrIntOverflowPolicy 2785 } 2786 if iNdEx >= l { 2787 return io.ErrUnexpectedEOF 2788 } 2789 b := dAtA[iNdEx] 2790 iNdEx++ 2791 msglen |= int(b&0x7F) << shift 2792 if b < 0x80 { 2793 break 2794 } 2795 } 2796 if msglen < 0 { 2797 return ErrInvalidLengthPolicy 2798 } 2799 postIndex := iNdEx + msglen 2800 if postIndex < 0 { 2801 return ErrInvalidLengthPolicy 2802 } 2803 if postIndex > l { 2804 return io.ErrUnexpectedEOF 2805 } 2806 v := &Jwt{} 2807 if err := v.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 2808 return err 2809 } 2810 m.Params = &PeerAuthenticationMethod_Jwt{v} 2811 iNdEx = postIndex 2812 default: 2813 iNdEx = preIndex 2814 skippy, err := skipPolicy(dAtA[iNdEx:]) 2815 if err != nil { 2816 return err 2817 } 2818 if skippy < 0 { 2819 return ErrInvalidLengthPolicy 2820 } 2821 if (iNdEx + skippy) < 0 { 2822 return ErrInvalidLengthPolicy 2823 } 2824 if (iNdEx + skippy) > l { 2825 return io.ErrUnexpectedEOF 2826 } 2827 m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) 2828 iNdEx += skippy 2829 } 2830 } 2831 2832 if iNdEx > l { 2833 return io.ErrUnexpectedEOF 2834 } 2835 return nil 2836} 2837func (m *OriginAuthenticationMethod) Unmarshal(dAtA []byte) error { 2838 l := len(dAtA) 2839 iNdEx := 0 2840 for iNdEx < l { 2841 preIndex := iNdEx 2842 var wire uint64 2843 for shift := uint(0); ; shift += 7 { 2844 if shift >= 64 { 2845 return ErrIntOverflowPolicy 2846 } 2847 if iNdEx >= l { 2848 return io.ErrUnexpectedEOF 2849 } 2850 b := dAtA[iNdEx] 2851 iNdEx++ 2852 wire |= uint64(b&0x7F) << shift 2853 if b < 0x80 { 2854 break 2855 } 2856 } 2857 fieldNum := int32(wire >> 3) 2858 wireType := int(wire & 0x7) 2859 if wireType == 4 { 2860 return fmt.Errorf("proto: OriginAuthenticationMethod: wiretype end group for non-group") 2861 } 2862 if fieldNum <= 0 { 2863 return fmt.Errorf("proto: OriginAuthenticationMethod: illegal tag %d (wire type %d)", fieldNum, wire) 2864 } 2865 switch fieldNum { 2866 case 1: 2867 if wireType != 2 { 2868 return fmt.Errorf("proto: wrong wireType = %d for field Jwt", wireType) 2869 } 2870 var msglen int 2871 for shift := uint(0); ; shift += 7 { 2872 if shift >= 64 { 2873 return ErrIntOverflowPolicy 2874 } 2875 if iNdEx >= l { 2876 return io.ErrUnexpectedEOF 2877 } 2878 b := dAtA[iNdEx] 2879 iNdEx++ 2880 msglen |= int(b&0x7F) << shift 2881 if b < 0x80 { 2882 break 2883 } 2884 } 2885 if msglen < 0 { 2886 return ErrInvalidLengthPolicy 2887 } 2888 postIndex := iNdEx + msglen 2889 if postIndex < 0 { 2890 return ErrInvalidLengthPolicy 2891 } 2892 if postIndex > l { 2893 return io.ErrUnexpectedEOF 2894 } 2895 if m.Jwt == nil { 2896 m.Jwt = &Jwt{} 2897 } 2898 if err := m.Jwt.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 2899 return err 2900 } 2901 iNdEx = postIndex 2902 default: 2903 iNdEx = preIndex 2904 skippy, err := skipPolicy(dAtA[iNdEx:]) 2905 if err != nil { 2906 return err 2907 } 2908 if skippy < 0 { 2909 return ErrInvalidLengthPolicy 2910 } 2911 if (iNdEx + skippy) < 0 { 2912 return ErrInvalidLengthPolicy 2913 } 2914 if (iNdEx + skippy) > l { 2915 return io.ErrUnexpectedEOF 2916 } 2917 m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) 2918 iNdEx += skippy 2919 } 2920 } 2921 2922 if iNdEx > l { 2923 return io.ErrUnexpectedEOF 2924 } 2925 return nil 2926} 2927func (m *Policy) Unmarshal(dAtA []byte) error { 2928 l := len(dAtA) 2929 iNdEx := 0 2930 for iNdEx < l { 2931 preIndex := iNdEx 2932 var wire uint64 2933 for shift := uint(0); ; shift += 7 { 2934 if shift >= 64 { 2935 return ErrIntOverflowPolicy 2936 } 2937 if iNdEx >= l { 2938 return io.ErrUnexpectedEOF 2939 } 2940 b := dAtA[iNdEx] 2941 iNdEx++ 2942 wire |= uint64(b&0x7F) << shift 2943 if b < 0x80 { 2944 break 2945 } 2946 } 2947 fieldNum := int32(wire >> 3) 2948 wireType := int(wire & 0x7) 2949 if wireType == 4 { 2950 return fmt.Errorf("proto: Policy: wiretype end group for non-group") 2951 } 2952 if fieldNum <= 0 { 2953 return fmt.Errorf("proto: Policy: illegal tag %d (wire type %d)", fieldNum, wire) 2954 } 2955 switch fieldNum { 2956 case 1: 2957 if wireType != 2 { 2958 return fmt.Errorf("proto: wrong wireType = %d for field Targets", wireType) 2959 } 2960 var msglen int 2961 for shift := uint(0); ; shift += 7 { 2962 if shift >= 64 { 2963 return ErrIntOverflowPolicy 2964 } 2965 if iNdEx >= l { 2966 return io.ErrUnexpectedEOF 2967 } 2968 b := dAtA[iNdEx] 2969 iNdEx++ 2970 msglen |= int(b&0x7F) << shift 2971 if b < 0x80 { 2972 break 2973 } 2974 } 2975 if msglen < 0 { 2976 return ErrInvalidLengthPolicy 2977 } 2978 postIndex := iNdEx + msglen 2979 if postIndex < 0 { 2980 return ErrInvalidLengthPolicy 2981 } 2982 if postIndex > l { 2983 return io.ErrUnexpectedEOF 2984 } 2985 m.Targets = append(m.Targets, &TargetSelector{}) 2986 if err := m.Targets[len(m.Targets)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 2987 return err 2988 } 2989 iNdEx = postIndex 2990 case 2: 2991 if wireType != 2 { 2992 return fmt.Errorf("proto: wrong wireType = %d for field Peers", wireType) 2993 } 2994 var msglen int 2995 for shift := uint(0); ; shift += 7 { 2996 if shift >= 64 { 2997 return ErrIntOverflowPolicy 2998 } 2999 if iNdEx >= l { 3000 return io.ErrUnexpectedEOF 3001 } 3002 b := dAtA[iNdEx] 3003 iNdEx++ 3004 msglen |= int(b&0x7F) << shift 3005 if b < 0x80 { 3006 break 3007 } 3008 } 3009 if msglen < 0 { 3010 return ErrInvalidLengthPolicy 3011 } 3012 postIndex := iNdEx + msglen 3013 if postIndex < 0 { 3014 return ErrInvalidLengthPolicy 3015 } 3016 if postIndex > l { 3017 return io.ErrUnexpectedEOF 3018 } 3019 m.Peers = append(m.Peers, &PeerAuthenticationMethod{}) 3020 if err := m.Peers[len(m.Peers)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 3021 return err 3022 } 3023 iNdEx = postIndex 3024 case 3: 3025 if wireType != 0 { 3026 return fmt.Errorf("proto: wrong wireType = %d for field PeerIsOptional", wireType) 3027 } 3028 var v int 3029 for shift := uint(0); ; shift += 7 { 3030 if shift >= 64 { 3031 return ErrIntOverflowPolicy 3032 } 3033 if iNdEx >= l { 3034 return io.ErrUnexpectedEOF 3035 } 3036 b := dAtA[iNdEx] 3037 iNdEx++ 3038 v |= int(b&0x7F) << shift 3039 if b < 0x80 { 3040 break 3041 } 3042 } 3043 m.PeerIsOptional = bool(v != 0) 3044 case 4: 3045 if wireType != 2 { 3046 return fmt.Errorf("proto: wrong wireType = %d for field Origins", wireType) 3047 } 3048 var msglen int 3049 for shift := uint(0); ; shift += 7 { 3050 if shift >= 64 { 3051 return ErrIntOverflowPolicy 3052 } 3053 if iNdEx >= l { 3054 return io.ErrUnexpectedEOF 3055 } 3056 b := dAtA[iNdEx] 3057 iNdEx++ 3058 msglen |= int(b&0x7F) << shift 3059 if b < 0x80 { 3060 break 3061 } 3062 } 3063 if msglen < 0 { 3064 return ErrInvalidLengthPolicy 3065 } 3066 postIndex := iNdEx + msglen 3067 if postIndex < 0 { 3068 return ErrInvalidLengthPolicy 3069 } 3070 if postIndex > l { 3071 return io.ErrUnexpectedEOF 3072 } 3073 m.Origins = append(m.Origins, &OriginAuthenticationMethod{}) 3074 if err := m.Origins[len(m.Origins)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 3075 return err 3076 } 3077 iNdEx = postIndex 3078 case 5: 3079 if wireType != 0 { 3080 return fmt.Errorf("proto: wrong wireType = %d for field OriginIsOptional", wireType) 3081 } 3082 var v int 3083 for shift := uint(0); ; shift += 7 { 3084 if shift >= 64 { 3085 return ErrIntOverflowPolicy 3086 } 3087 if iNdEx >= l { 3088 return io.ErrUnexpectedEOF 3089 } 3090 b := dAtA[iNdEx] 3091 iNdEx++ 3092 v |= int(b&0x7F) << shift 3093 if b < 0x80 { 3094 break 3095 } 3096 } 3097 m.OriginIsOptional = bool(v != 0) 3098 case 6: 3099 if wireType != 0 { 3100 return fmt.Errorf("proto: wrong wireType = %d for field PrincipalBinding", wireType) 3101 } 3102 m.PrincipalBinding = 0 3103 for shift := uint(0); ; shift += 7 { 3104 if shift >= 64 { 3105 return ErrIntOverflowPolicy 3106 } 3107 if iNdEx >= l { 3108 return io.ErrUnexpectedEOF 3109 } 3110 b := dAtA[iNdEx] 3111 iNdEx++ 3112 m.PrincipalBinding |= PrincipalBinding(b&0x7F) << shift 3113 if b < 0x80 { 3114 break 3115 } 3116 } 3117 default: 3118 iNdEx = preIndex 3119 skippy, err := skipPolicy(dAtA[iNdEx:]) 3120 if err != nil { 3121 return err 3122 } 3123 if skippy < 0 { 3124 return ErrInvalidLengthPolicy 3125 } 3126 if (iNdEx + skippy) < 0 { 3127 return ErrInvalidLengthPolicy 3128 } 3129 if (iNdEx + skippy) > l { 3130 return io.ErrUnexpectedEOF 3131 } 3132 m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) 3133 iNdEx += skippy 3134 } 3135 } 3136 3137 if iNdEx > l { 3138 return io.ErrUnexpectedEOF 3139 } 3140 return nil 3141} 3142func (m *TargetSelector) Unmarshal(dAtA []byte) error { 3143 l := len(dAtA) 3144 iNdEx := 0 3145 for iNdEx < l { 3146 preIndex := iNdEx 3147 var wire uint64 3148 for shift := uint(0); ; shift += 7 { 3149 if shift >= 64 { 3150 return ErrIntOverflowPolicy 3151 } 3152 if iNdEx >= l { 3153 return io.ErrUnexpectedEOF 3154 } 3155 b := dAtA[iNdEx] 3156 iNdEx++ 3157 wire |= uint64(b&0x7F) << shift 3158 if b < 0x80 { 3159 break 3160 } 3161 } 3162 fieldNum := int32(wire >> 3) 3163 wireType := int(wire & 0x7) 3164 if wireType == 4 { 3165 return fmt.Errorf("proto: TargetSelector: wiretype end group for non-group") 3166 } 3167 if fieldNum <= 0 { 3168 return fmt.Errorf("proto: TargetSelector: illegal tag %d (wire type %d)", fieldNum, wire) 3169 } 3170 switch fieldNum { 3171 case 1: 3172 if wireType != 2 { 3173 return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) 3174 } 3175 var stringLen uint64 3176 for shift := uint(0); ; shift += 7 { 3177 if shift >= 64 { 3178 return ErrIntOverflowPolicy 3179 } 3180 if iNdEx >= l { 3181 return io.ErrUnexpectedEOF 3182 } 3183 b := dAtA[iNdEx] 3184 iNdEx++ 3185 stringLen |= uint64(b&0x7F) << shift 3186 if b < 0x80 { 3187 break 3188 } 3189 } 3190 intStringLen := int(stringLen) 3191 if intStringLen < 0 { 3192 return ErrInvalidLengthPolicy 3193 } 3194 postIndex := iNdEx + intStringLen 3195 if postIndex < 0 { 3196 return ErrInvalidLengthPolicy 3197 } 3198 if postIndex > l { 3199 return io.ErrUnexpectedEOF 3200 } 3201 m.Name = string(dAtA[iNdEx:postIndex]) 3202 iNdEx = postIndex 3203 case 2: 3204 if wireType != 2 { 3205 return fmt.Errorf("proto: wrong wireType = %d for field Ports", wireType) 3206 } 3207 var msglen int 3208 for shift := uint(0); ; shift += 7 { 3209 if shift >= 64 { 3210 return ErrIntOverflowPolicy 3211 } 3212 if iNdEx >= l { 3213 return io.ErrUnexpectedEOF 3214 } 3215 b := dAtA[iNdEx] 3216 iNdEx++ 3217 msglen |= int(b&0x7F) << shift 3218 if b < 0x80 { 3219 break 3220 } 3221 } 3222 if msglen < 0 { 3223 return ErrInvalidLengthPolicy 3224 } 3225 postIndex := iNdEx + msglen 3226 if postIndex < 0 { 3227 return ErrInvalidLengthPolicy 3228 } 3229 if postIndex > l { 3230 return io.ErrUnexpectedEOF 3231 } 3232 m.Ports = append(m.Ports, &PortSelector{}) 3233 if err := m.Ports[len(m.Ports)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { 3234 return err 3235 } 3236 iNdEx = postIndex 3237 default: 3238 iNdEx = preIndex 3239 skippy, err := skipPolicy(dAtA[iNdEx:]) 3240 if err != nil { 3241 return err 3242 } 3243 if skippy < 0 { 3244 return ErrInvalidLengthPolicy 3245 } 3246 if (iNdEx + skippy) < 0 { 3247 return ErrInvalidLengthPolicy 3248 } 3249 if (iNdEx + skippy) > l { 3250 return io.ErrUnexpectedEOF 3251 } 3252 m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) 3253 iNdEx += skippy 3254 } 3255 } 3256 3257 if iNdEx > l { 3258 return io.ErrUnexpectedEOF 3259 } 3260 return nil 3261} 3262func (m *PortSelector) Unmarshal(dAtA []byte) error { 3263 l := len(dAtA) 3264 iNdEx := 0 3265 for iNdEx < l { 3266 preIndex := iNdEx 3267 var wire uint64 3268 for shift := uint(0); ; shift += 7 { 3269 if shift >= 64 { 3270 return ErrIntOverflowPolicy 3271 } 3272 if iNdEx >= l { 3273 return io.ErrUnexpectedEOF 3274 } 3275 b := dAtA[iNdEx] 3276 iNdEx++ 3277 wire |= uint64(b&0x7F) << shift 3278 if b < 0x80 { 3279 break 3280 } 3281 } 3282 fieldNum := int32(wire >> 3) 3283 wireType := int(wire & 0x7) 3284 if wireType == 4 { 3285 return fmt.Errorf("proto: PortSelector: wiretype end group for non-group") 3286 } 3287 if fieldNum <= 0 { 3288 return fmt.Errorf("proto: PortSelector: illegal tag %d (wire type %d)", fieldNum, wire) 3289 } 3290 switch fieldNum { 3291 case 1: 3292 if wireType != 0 { 3293 return fmt.Errorf("proto: wrong wireType = %d for field Number", wireType) 3294 } 3295 var v uint32 3296 for shift := uint(0); ; shift += 7 { 3297 if shift >= 64 { 3298 return ErrIntOverflowPolicy 3299 } 3300 if iNdEx >= l { 3301 return io.ErrUnexpectedEOF 3302 } 3303 b := dAtA[iNdEx] 3304 iNdEx++ 3305 v |= uint32(b&0x7F) << shift 3306 if b < 0x80 { 3307 break 3308 } 3309 } 3310 m.Port = &PortSelector_Number{v} 3311 case 2: 3312 if wireType != 2 { 3313 return fmt.Errorf("proto: wrong wireType = %d for field Name", wireType) 3314 } 3315 var stringLen uint64 3316 for shift := uint(0); ; shift += 7 { 3317 if shift >= 64 { 3318 return ErrIntOverflowPolicy 3319 } 3320 if iNdEx >= l { 3321 return io.ErrUnexpectedEOF 3322 } 3323 b := dAtA[iNdEx] 3324 iNdEx++ 3325 stringLen |= uint64(b&0x7F) << shift 3326 if b < 0x80 { 3327 break 3328 } 3329 } 3330 intStringLen := int(stringLen) 3331 if intStringLen < 0 { 3332 return ErrInvalidLengthPolicy 3333 } 3334 postIndex := iNdEx + intStringLen 3335 if postIndex < 0 { 3336 return ErrInvalidLengthPolicy 3337 } 3338 if postIndex > l { 3339 return io.ErrUnexpectedEOF 3340 } 3341 m.Port = &PortSelector_Name{string(dAtA[iNdEx:postIndex])} 3342 iNdEx = postIndex 3343 default: 3344 iNdEx = preIndex 3345 skippy, err := skipPolicy(dAtA[iNdEx:]) 3346 if err != nil { 3347 return err 3348 } 3349 if skippy < 0 { 3350 return ErrInvalidLengthPolicy 3351 } 3352 if (iNdEx + skippy) < 0 { 3353 return ErrInvalidLengthPolicy 3354 } 3355 if (iNdEx + skippy) > l { 3356 return io.ErrUnexpectedEOF 3357 } 3358 m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) 3359 iNdEx += skippy 3360 } 3361 } 3362 3363 if iNdEx > l { 3364 return io.ErrUnexpectedEOF 3365 } 3366 return nil 3367} 3368func skipPolicy(dAtA []byte) (n int, err error) { 3369 l := len(dAtA) 3370 iNdEx := 0 3371 for iNdEx < l { 3372 var wire uint64 3373 for shift := uint(0); ; shift += 7 { 3374 if shift >= 64 { 3375 return 0, ErrIntOverflowPolicy 3376 } 3377 if iNdEx >= l { 3378 return 0, io.ErrUnexpectedEOF 3379 } 3380 b := dAtA[iNdEx] 3381 iNdEx++ 3382 wire |= (uint64(b) & 0x7F) << shift 3383 if b < 0x80 { 3384 break 3385 } 3386 } 3387 wireType := int(wire & 0x7) 3388 switch wireType { 3389 case 0: 3390 for shift := uint(0); ; shift += 7 { 3391 if shift >= 64 { 3392 return 0, ErrIntOverflowPolicy 3393 } 3394 if iNdEx >= l { 3395 return 0, io.ErrUnexpectedEOF 3396 } 3397 iNdEx++ 3398 if dAtA[iNdEx-1] < 0x80 { 3399 break 3400 } 3401 } 3402 return iNdEx, nil 3403 case 1: 3404 iNdEx += 8 3405 return iNdEx, nil 3406 case 2: 3407 var length int 3408 for shift := uint(0); ; shift += 7 { 3409 if shift >= 64 { 3410 return 0, ErrIntOverflowPolicy 3411 } 3412 if iNdEx >= l { 3413 return 0, io.ErrUnexpectedEOF 3414 } 3415 b := dAtA[iNdEx] 3416 iNdEx++ 3417 length |= (int(b) & 0x7F) << shift 3418 if b < 0x80 { 3419 break 3420 } 3421 } 3422 if length < 0 { 3423 return 0, ErrInvalidLengthPolicy 3424 } 3425 iNdEx += length 3426 if iNdEx < 0 { 3427 return 0, ErrInvalidLengthPolicy 3428 } 3429 return iNdEx, nil 3430 case 3: 3431 for { 3432 var innerWire uint64 3433 var start int = iNdEx 3434 for shift := uint(0); ; shift += 7 { 3435 if shift >= 64 { 3436 return 0, ErrIntOverflowPolicy 3437 } 3438 if iNdEx >= l { 3439 return 0, io.ErrUnexpectedEOF 3440 } 3441 b := dAtA[iNdEx] 3442 iNdEx++ 3443 innerWire |= (uint64(b) & 0x7F) << shift 3444 if b < 0x80 { 3445 break 3446 } 3447 } 3448 innerWireType := int(innerWire & 0x7) 3449 if innerWireType == 4 { 3450 break 3451 } 3452 next, err := skipPolicy(dAtA[start:]) 3453 if err != nil { 3454 return 0, err 3455 } 3456 iNdEx = start + next 3457 if iNdEx < 0 { 3458 return 0, ErrInvalidLengthPolicy 3459 } 3460 } 3461 return iNdEx, nil 3462 case 4: 3463 return iNdEx, nil 3464 case 5: 3465 iNdEx += 4 3466 return iNdEx, nil 3467 default: 3468 return 0, fmt.Errorf("proto: illegal wireType %d", wireType) 3469 } 3470 } 3471 panic("unreachable") 3472} 3473 3474var ( 3475 ErrInvalidLengthPolicy = fmt.Errorf("proto: negative length found during unmarshaling") 3476 ErrIntOverflowPolicy = fmt.Errorf("proto: integer overflow") 3477) 3478