1syntax = "proto3"; 2 3package xds.annotations.v3; 4 5import "xds/annotations/v3/status.proto"; 6 7import "google/protobuf/descriptor.proto"; 8 9option go_package = "github.com/cncf/xds/go/xds/annotations/v3"; 10 11// All annotations in this file are experimental and subject to change. Their 12// only consumer today is the Envoy APIs and SecuritAnnotationValidator protoc 13// plugin in this repository. 14option (xds.annotations.v3.file_status).work_in_progress = true; 15 16extend google.protobuf.FieldOptions { 17 // Magic number is the 28 most significant bits in the sha256sum of 18 // "xds.annotations.v3.security". 19 FieldSecurityAnnotation security = 99044135; 20} 21 22// These annotations indicate metadata for the purpose of understanding the 23// security significance of fields. 24message FieldSecurityAnnotation { 25 // Field should be set in the presence of untrusted downstreams. 26 bool configure_for_untrusted_downstream = 1; 27 28 // Field should be set in the presence of untrusted upstreams. 29 bool configure_for_untrusted_upstream = 2; 30} 31