Update vendor/github.com/envoyproxy/go-control-plane to 0.12.0

1 files changed, 97 insertions, 88 deletions

diff --git a/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go b/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go
index dd98cec635..126084f32b 100644
--- a/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go
+++ b/vendor/github.com/envoyproxy/go-control-plane/envoy/config/rbac/v3/rbac.pb.go
@@ -1,7 +1,7 @@
 // Code generated by protoc-gen-go. DO NOT EDIT.
 // versions:
-// 	protoc-gen-go v1.28.1
-// 	protoc        v3.21.12
+// 	protoc-gen-go v1.30.0
+// 	protoc        v4.23.4
 // source: envoy/config/rbac/v3/rbac.proto
 
 package rbacv3
@@ -38,7 +38,7 @@ const (
 	// The policies deny access to principals. The rest are allowed. This is block-list style
 	// access control.
 	RBAC_DENY RBAC_Action = 1
-	// The policies set the ``access_log_hint`` dynamic metadata key based on if requests match.
+	// The policies set the “access_log_hint“ dynamic metadata key based on if requests match.
 	// All requests are allowed.
 	RBAC_LOG RBAC_Action = 2
 )
@@ -142,54 +142,63 @@ func (RBAC_AuditLoggingOptions_AuditCondition) EnumDescriptor() ([]byte, []int)
 }
 
 // Role Based Access Control (RBAC) provides service-level and method-level access control for a
-// service. Requests are allowed or denied based on the ``action`` and whether a matching policy is
+// service. Requests are allowed or denied based on the “action“ and whether a matching policy is
 // found. For instance, if the action is ALLOW and a matching policy is found the request should be
 // allowed.
 //
 // RBAC can also be used to make access logging decisions by communicating with access loggers
 // through dynamic metadata. When the action is LOG and at least one policy matches, the
-// ``access_log_hint`` value in the shared key namespace 'envoy.common' is set to ``true`` indicating
+// “access_log_hint“ value in the shared key namespace 'envoy.common' is set to “true“ indicating
 // the request should be logged.
 //
 // Here is an example of RBAC configuration. It has two policies:
 //
-// * Service account ``cluster.local/ns/default/sa/admin`` has full access to the service, and so
-//   does "cluster.local/ns/default/sa/superuser".
+//   - Service account “cluster.local/ns/default/sa/admin“ has full access to the service, and so
+//     does "cluster.local/ns/default/sa/superuser".
 //
-// * Any user can read (``GET``) the service at paths with prefix ``/products``, so long as the
-//   destination port is either 80 or 443.
+//   - Any user can read (“GET“) the service at paths with prefix “/products“, so long as the
+//     destination port is either 80 or 443.
 //
-//  .. code-block:: yaml
+//     .. code-block:: yaml
 //
-//   action: ALLOW
-//   policies:
+//     action: ALLOW
+//     policies:
 //     "service-admin":
-//       permissions:
-//         - any: true
-//       principals:
-//         - authenticated:
-//             principal_name:
-//               exact: "cluster.local/ns/default/sa/admin"
-//         - authenticated:
-//             principal_name:
-//               exact: "cluster.local/ns/default/sa/superuser"
+//     permissions:
+//
+//   - any: true
+//     principals:
+//
+//   - authenticated:
+//     principal_name:
+//     exact: "cluster.local/ns/default/sa/admin"
+//
+//   - authenticated:
+//     principal_name:
+//     exact: "cluster.local/ns/default/sa/superuser"
 //     "product-viewer":
-//       permissions:
-//           - and_rules:
-//               rules:
-//                 - header:
-//                     name: ":method"
-//                     string_match:
-//                       exact: "GET"
-//                 - url_path:
-//                     path: { prefix: "/products" }
-//                 - or_rules:
-//                     rules:
-//                       - destination_port: 80
-//                       - destination_port: 443
-//       principals:
-//         - any: true
+//     permissions:
+//
+//   - and_rules:
+//     rules:
+//
+//   - header:
+//     name: ":method"
+//     string_match:
+//     exact: "GET"
+//
+//   - url_path:
+//     path: { prefix: "/products" }
+//
+//   - or_rules:
+//     rules:
 //
+//   - destination_port: 80
+//
+//   - destination_port: 443
+//     principals:
+//
+//   - any: true
 type RBAC struct {
 	state         protoimpl.MessageState
 	sizeCache     protoimpl.SizeCache
@@ -200,15 +209,14 @@ type RBAC struct {
 	//
 	// Actions:
 	//
-	//  * ``ALLOW``: Allows the request if and only if there is a policy that matches
-	//    the request.
-	//  * ``DENY``: Allows the request if and only if there are no policies that
-	//    match the request.
-	//  * ``LOG``: Allows all requests. If at least one policy matches, the dynamic
-	//    metadata key ``access_log_hint`` is set to the value ``true`` under the shared
-	//    key namespace ``envoy.common``. If no policies match, it is set to ``false``.
-	//    Other actions do not modify this key.
-	//
+	//   - “ALLOW“: Allows the request if and only if there is a policy that matches
+	//     the request.
+	//   - “DENY“: Allows the request if and only if there are no policies that
+	//     match the request.
+	//   - “LOG“: Allows all requests. If at least one policy matches, the dynamic
+	//     metadata key “access_log_hint“ is set to the value “true“ under the shared
+	//     key namespace “envoy.common“. If no policies match, it is set to “false“.
+	//     Other actions do not modify this key.
 	Action RBAC_Action `protobuf:"varint,1,opt,name=action,proto3,enum=envoy.config.rbac.v3.RBAC_Action" json:"action,omitempty"`
 	// Maps from policy name to policy. A match occurs when at least one policy matches the request.
 	// The policies are evaluated in lexicographic order of the policy name.
@@ -284,11 +292,11 @@ type Policy struct {
 
 	// Required. The set of permissions that define a role. Each permission is
 	// matched with OR semantics. To match all actions for this policy, a single
-	// Permission with the ``any`` field set to true should be used.
+	// Permission with the “any“ field set to true should be used.
 	Permissions []*Permission `protobuf:"bytes,1,rep,name=permissions,proto3" json:"permissions,omitempty"`
 	// Required. The set of principals that are assigned/denied the role based on
 	// “action”. Each principal is matched with OR semantics. To match all
-	// downstreams for this policy, a single Principal with the ``any`` field set to
+	// downstreams for this policy, a single Principal with the “any“ field set to
 	// true should be used.
 	Principals []*Principal `protobuf:"bytes,2,rep,name=principals,proto3" json:"principals,omitempty"`
 	// An optional symbolic expression specifying an access control
@@ -370,6 +378,7 @@ type Permission struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to Rule:
+	//
 	//	*Permission_AndRules
 	//	*Permission_OrRules
 	//	*Permission_Any
@@ -530,7 +539,7 @@ type Permission_Any struct {
 type Permission_Header struct {
 	// A header (or pseudo-header such as :path or :method) on the incoming HTTP request. Only
 	// available for HTTP request.
-	// Note: the pseudo-header :path includes the query and fragment string. Use the ``url_path``
+	// Note: the pseudo-header :path includes the query and fragment string. Use the “url_path“
 	// field if you want to match the URL path without the query and fragment string.
 	Header *v3.HeaderMatcher `protobuf:"bytes,4,opt,name=header,proto3,oneof"`
 }
@@ -562,8 +571,8 @@ type Permission_Metadata struct {
 
 type Permission_NotRule struct {
 	// Negates matching the provided permission. For instance, if the value of
-	// ``not_rule`` would match, this permission would not match. Conversely, if
-	// the value of ``not_rule`` would not match, this permission would match.
+	// “not_rule“ would match, this permission would not match. Conversely, if
+	// the value of “not_rule“ would not match, this permission would match.
 	NotRule *Permission `protobuf:"bytes,8,opt,name=not_rule,json=notRule,proto3,oneof"`
 }
 
@@ -573,18 +582,18 @@ type Permission_RequestedServerName struct {
 	//
 	// .. attention::
 	//
-	//   The behavior of this field may be affected by how Envoy is configured
-	//   as explained below.
+	//	The behavior of this field may be affected by how Envoy is configured
+	//	as explained below.
 	//
-	//   * If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>`
-	//     filter is not added, and if a ``FilterChainMatch`` is not defined for
-	//     the :ref:`server name
-	//     <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`,
-	//     a TLS connection's requested SNI server name will be treated as if it
-	//     wasn't present.
+	//	* If the :ref:`TLS Inspector <config_listener_filters_tls_inspector>`
+	//	  filter is not added, and if a ``FilterChainMatch`` is not defined for
+	//	  the :ref:`server name
+	//	  <envoy_v3_api_field_config.listener.v3.FilterChainMatch.server_names>`,
+	//	  a TLS connection's requested SNI server name will be treated as if it
+	//	  wasn't present.
 	//
-	//   * A :ref:`listener filter <arch_overview_listener_filters>` may
-	//     overwrite a connection's requested server name within Envoy.
+	//	* A :ref:`listener filter <arch_overview_listener_filters>` may
+	//	  overwrite a connection's requested server name within Envoy.
 	//
 	// Please refer to :ref:`this FAQ entry <faq_how_to_setup_sni>` to learn to
 	// setup SNI.
@@ -630,6 +639,7 @@ type Principal struct {
 	unknownFields protoimpl.UnknownFields
 
 	// Types that are assignable to Identifier:
+	//
 	//	*Principal_AndIds
 	//	*Principal_OrIds
 	//	*Principal_Any
@@ -712,7 +722,7 @@ func (x *Principal) GetAuthenticated() *Principal_Authenticated {
 	return nil
 }
 
-// Deprecated: Do not use.
+// Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto.
 func (x *Principal) GetSourceIp() *v32.CidrRange {
 	if x, ok := x.GetIdentifier().(*Principal_SourceIp); ok {
 		return x.SourceIp
@@ -804,7 +814,7 @@ type Principal_SourceIp struct {
 	// behavior, or use
 	// :ref:`direct_remote_ip <envoy_v3_api_field_config.rbac.v3.Principal.direct_remote_ip>`.
 	//
-	// Deprecated: Do not use.
+	// Deprecated: Marked as deprecated in envoy/config/rbac/v3/rbac.proto.
 	SourceIp *v32.CidrRange `protobuf:"bytes,5,opt,name=source_ip,json=sourceIp,proto3,oneof"`
 }
 
@@ -830,7 +840,7 @@ type Principal_RemoteIp struct {
 type Principal_Header struct {
 	// A header (or pseudo-header such as :path or :method) on the incoming HTTP
 	// request. Only available for HTTP request. Note: the pseudo-header :path
-	// includes the query and fragment string. Use the ``url_path`` field if you
+	// includes the query and fragment string. Use the “url_path“ field if you
 	// want to match the URL path without the query and fragment string.
 	Header *v3.HeaderMatcher `protobuf:"bytes,6,opt,name=header,proto3,oneof"`
 }
@@ -852,8 +862,8 @@ type Principal_FilterState struct {
 
 type Principal_NotId struct {
 	// Negates matching the provided principal. For instance, if the value of
-	// ``not_id`` would match, this principal would not match. Conversely, if the
-	// value of ``not_id`` would not match, this principal would match.
+	// “not_id“ would match, this principal would not match. Conversely, if the
+	// value of “not_id“ would not match, this principal would match.
 	NotId *Principal `protobuf:"bytes,8,opt,name=not_id,json=notId,proto3,oneof"`
 }
 
@@ -894,19 +904,18 @@ type Action struct {
 	//
 	// Actions:
 	//
-	//  * ``ALLOW``: If the request gets matched on ALLOW, it is permitted.
-	//  * ``DENY``: If the request gets matched on DENY, it is not permitted.
-	//  * ``LOG``: If the request gets matched on LOG, it is permitted. Besides, the
-	//    dynamic metadata key ``access_log_hint`` under the shared key namespace
-	//    ``envoy.common`` will be set to the value ``true``.
-	//  * If the request cannot get matched, it will fallback to ``DENY``.
+	//   - “ALLOW“: If the request gets matched on ALLOW, it is permitted.
+	//   - “DENY“: If the request gets matched on DENY, it is not permitted.
+	//   - “LOG“: If the request gets matched on LOG, it is permitted. Besides, the
+	//     dynamic metadata key “access_log_hint“ under the shared key namespace
+	//     “envoy.common“ will be set to the value “true“.
+	//   - If the request cannot get matched, it will fallback to “DENY“.
 	//
 	// Log behavior:
 	//
-	//  If the RBAC matcher contains at least one LOG action, the dynamic
-	//  metadata key ``access_log_hint`` will be set based on if the request
-	//  get matched on the LOG action.
-	//
+	//	If the RBAC matcher contains at least one LOG action, the dynamic
+	//	metadata key ``access_log_hint`` will be set based on if the request
+	//	get matched on the LOG action.
 	Action RBAC_Action `protobuf:"varint,2,opt,name=action,proto3,enum=envoy.config.rbac.v3.RBAC_Action" json:"action,omitempty"`
 }
 
@@ -1078,7 +1087,7 @@ func (x *RBAC_AuditLoggingOptions_AuditLoggerConfig) GetIsOptional() bool {
 	return false
 }
 
-// Used in the ``and_rules`` and ``or_rules`` fields in the ``rule`` oneof. Depending on the context,
+// Used in the “and_rules“ and “or_rules“ fields in the “rule“ oneof. Depending on the context,
 // each are applied with the associated behavior.
 type Permission_Set struct {
 	state         protoimpl.MessageState
@@ -1127,7 +1136,7 @@ func (x *Permission_Set) GetRules() []*Permission {
 	return nil
 }
 
-// Used in the ``and_ids`` and ``or_ids`` fields in the ``identifier`` oneof.
+// Used in the “and_ids“ and “or_ids“ fields in the “identifier“ oneof.
 // Depending on the context, each are applied with the associated behavior.
 type Principal_Set struct {
 	state         protoimpl.MessageState
@@ -1427,8 +1436,8 @@ var file_envoy_config_rbac_v3_rbac_proto_rawDesc = []byte{
 	0x69, 0x63, 0x61, 0x74, 0x65, 0x64, 0x12, 0x4b, 0x0a, 0x09, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65,
 	0x5f, 0x69, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x65, 0x6e, 0x76, 0x6f,
 	0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x76, 0x33,
-	0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x42, 0x0b, 0x18, 0x01, 0x92, 0xc7,
-	0x86, 0xd8, 0x04, 0x03, 0x33, 0x2e, 0x30, 0x48, 0x00, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63,
+	0x2e, 0x43, 0x69, 0x64, 0x72, 0x52, 0x61, 0x6e, 0x67, 0x65, 0x42, 0x0b, 0x92, 0xc7, 0x86, 0xd8,
+	0x04, 0x03, 0x33, 0x2e, 0x30, 0x18, 0x01, 0x48, 0x00, 0x52, 0x08, 0x73, 0x6f, 0x75, 0x72, 0x63,
 	0x65, 0x49, 0x70, 0x12, 0x4b, 0x0a, 0x10, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x72, 0x65,
 	0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e,
 	0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x63, 0x6f, 0x72,
@@ -1485,15 +1494,15 @@ var file_envoy_config_rbac_v3_rbac_proto_rawDesc = []byte{
 	0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x21, 0x2e, 0x65, 0x6e,
 	0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e,
 	0x76, 0x33, 0x2e, 0x52, 0x42, 0x41, 0x43, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06,
-	0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x7d, 0x0a, 0x22, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76,
-	0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f,
-	0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61, 0x63, 0x2e, 0x76, 0x33, 0x42, 0x09, 0x52, 0x62,
-	0x61, 0x63, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x42, 0x67, 0x69, 0x74, 0x68, 0x75,
-	0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79,
-	0x2f, 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e,
-	0x65, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x72,
-	0x62, 0x61, 0x63, 0x2f, 0x76, 0x33, 0x3b, 0x72, 0x62, 0x61, 0x63, 0x76, 0x33, 0xba, 0x80, 0xc8,
-	0xd1, 0x06, 0x02, 0x10, 0x02, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
+	0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x7d, 0xba, 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x02,
+	0x0a, 0x22, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e,
+	0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x72, 0x62, 0x61,
+	0x63, 0x2e, 0x76, 0x33, 0x42, 0x09, 0x52, 0x62, 0x61, 0x63, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50,
+	0x01, 0x5a, 0x42, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x65, 0x6e,
+	0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, 0x2d, 0x63, 0x6f, 0x6e, 0x74,
+	0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f,
+	0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x72, 0x62, 0x61, 0x63, 0x2f, 0x76, 0x33, 0x3b, 0x72,
+	0x62, 0x61, 0x63, 0x76, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33,
 }
 
 var (