1syntax = "proto3"; 2 3package udpa.annotations; 4 5import "udpa/annotations/status.proto"; 6 7import "google/protobuf/any.proto"; 8import "google/protobuf/descriptor.proto"; 9 10import "validate/validate.proto"; 11 12// All annotations in this file are experimental and subject to change. Their 13// only consumer today is the Envoy APIs and SecuritAnnotationValidator protoc 14// plugin in this repository. 15option (udpa.annotations.file_status).work_in_progress = true; 16 17extend google.protobuf.FieldOptions { 18 // Magic number is the 28 most significant bits in the sha256sum of 19 // "udpa.annotations.security". 20 FieldSecurityAnnotation security = 11122993; 21} 22 23// These annotations indicate metadata for the purpose of understanding the 24// security significance of fields. 25message FieldSecurityAnnotation { 26 // Field should be set in the presence of untrusted downstreams. 27 bool configure_for_untrusted_downstream = 1; 28 29 // Field should be set in the presence of untrusted upstreams. 30 bool configure_for_untrusted_upstream = 2; 31} 32