Add DEFAULT to AuthenticationPolicy enum.

istio · Oct 30, 2017 · cb0354b · cb0354b
1 parent 49f4ba8
commit cb0354b
Showing 1 changed file with 30 additions and 18 deletions.
diff --git a/proxy/v1/config/proxy_mesh.proto b/proxy/v1/config/proxy_mesh.proto
@@ -18,7 +18,14 @@ import "google/protobuf/duration.proto";
 
 package istio.proxy.v1.config;
 
+// AuthenticationPolicy defines authentication policy. It can be defined at
+// the mesh level or per-service (and even lower, e.g per-deployment).
+// Policy from lower level, if know, will overrule those above it.
 enum AuthenticationPolicy {
+  // Indicate policy should be derived from 'parent'
+  // This should never be used for mesh's policy.
+  UNKNOWN = -1;
+
   // Do not encrypt Envoy to Envoy traffic.
   NONE = 0;
 
@@ -29,7 +36,8 @@ enum AuthenticationPolicy {
 // ProxyConfig defines variables for individual Envoy instances.
 message ProxyConfig {
   // Path to the generated configuration file directory.
-  // Proxy agent generates the actual configuration and stores it in this directory.
+  // Proxy agent generates the actual configuration and stores it in this
+  // directory.
   string config_path = 1;
 
   // Path to the proxy binary
@@ -62,7 +70,8 @@ message ProxyConfig {
   // Address of the discovery service exposing xDS (e.g. _istio-pilot:8080_).
   string discovery_address = 6;
 
-  // Polling interval for service discovery (used by EDS, CDS, LDS, but not RDS). (MUST BE >=1ms)
+  // Polling interval for service discovery (used by EDS, CDS, LDS, but not
+  // RDS). (MUST BE >=1ms)
   google.protobuf.Duration discovery_refresh_delay = 7;
 
   // Address of the Zipkin service (e.g. _zipkin:9411_).
@@ -76,29 +85,30 @@ message ProxyConfig {
 
   // Port on which Envoy should listen for administrative commands.
   int32 proxy_admin_port = 11;
-  
+
   // The availability zone where this Envoy instance is running. When running
   // Envoy as a sidecar in Kubernetes, this flag must be one of the availability
-  // zones assigned to a node using failure-domain.beta.kubernetes.io/zone annotation.
+  // zones assigned to a node using failure-domain.beta.kubernetes.io/zone
+  // annotation.
   string availability_zone = 12;
 
   // Authentication policy defines the global switch to control authentication
   // for Envoy-to-Envoy communication for istio components Mixer and Pilot.
   AuthenticationPolicy control_plane_auth_policy = 13;
-  
+
   // File path of custom proxy configuration, currently used by proxies
   // in front of Mixer and Pilot.
   string custom_config_file = 14;
 
-  // Maximum length of name field in Envoy's metrics. The length of the name field
-  // is determined by the length of a name field in a service and the set of labels that
-  // comprise a particular version of the service. The default value is set to 189 characters.
-  // Envoy's internal metrics take up 67 characters, for a total of 256 character name per metric.
-  // Increase the value of this field if you find that the metrics from Envoys are truncated.
+  // Maximum length of name field in Envoy's metrics. The length of the name
+  // field is determined by the length of a name field in a service and the set
+  // of labels that comprise a particular version of the service. The default
+  // value is set to 189 characters. Envoy's internal metrics take up 67
+  // characters, for a total of 256 character name per metric. Increase the
+  // value of this field if you find that the metrics from Envoys are truncated.
   int32 stat_name_length = 15;
 }
 
-
 // MeshConfig defines mesh-wide variables shared by all Envoy instances in the
 // Istio service mesh.
 message MeshConfig {
@@ -151,10 +161,12 @@ message MeshConfig {
     STRICT = 2;
   }
 
-  // Defines whether to use Istio ingress controller for annotated or all ingress resources.
+  // Defines whether to use Istio ingress controller for annotated or all
+  // ingress resources.
   IngressControllerMode ingress_controller_mode = 9;
 
-  // TODO AuthPolicy needs to be removed and merged with AuthPolicy defined above  
+  // TODO AuthPolicy needs to be removed and merged with AuthPolicy defined
+  // above
   enum AuthPolicy {
     // Do not encrypt Envoy to Envoy traffic.
     NONE = 0;
@@ -178,10 +190,10 @@ message MeshConfig {
   // Empty value disables access logging.
   string access_log_file = 13;
 
-  // Default proxy config used by the proxy injection mechanism operating in the mesh
-  // (e.g. Kubernetes admission controller)
-  // In case of Kubernetes, the proxy config is applied once during the injection process,
-  // and remain constant for the duration of the pod. The rest of the mesh config can be changed
-  // at runtime and config gets distributed dynamically.
+  // Default proxy config used by the proxy injection mechanism operating in the
+  // mesh (e.g. Kubernetes admission controller) In case of Kubernetes, the
+  // proxy config is applied once during the injection process, and remain
+  // constant for the duration of the pod. The rest of the mesh config can be
+  // changed at runtime and config gets distributed dynamically.
   ProxyConfig default_config = 14;
 }