From caf39ff1a1fb73e41f5fa5c9dcefe0f76ea24794 Mon Sep 17 00:00:00 2001
From: Piotr Sikora <piotrsikora@google.com>
Date: Thu, 16 Jan 2020 11:40:26 -0800
Subject: [PATCH] api: redact more fields. (#9692)

Signed-off-by: Piotr Sikora <piotrsikora@google.com>
---
 api/envoy/api/v2/auth/cert.proto                            | 4 ++--
 api/envoy/api/v2/core/grpc_service.proto                    | 4 +++-
 api/envoy/config/core/v3/grpc_service.proto                 | 3 ++-
 .../config/filter/network/redis_proxy/v2/redis_proxy.proto  | 6 ++++--
 api/envoy/config/grpc_credential/v2alpha/BUILD              | 5 ++++-
 .../grpc_credential/v2alpha/file_based_metadata.proto       | 4 +++-
 .../config/grpc_credential/v3/file_based_metadata.proto     | 3 ++-
 .../filters/network/redis_proxy/v3/redis_proxy.proto        | 5 +++--
 api/envoy/extensions/transport_sockets/tls/v3/cert.proto    | 2 +-
 generated_api_shadow/envoy/api/v2/auth/cert.proto           | 4 ++--
 generated_api_shadow/envoy/api/v2/core/grpc_service.proto   | 4 +++-
 .../envoy/config/core/v3/grpc_service.proto                 | 3 ++-
 .../config/filter/network/redis_proxy/v2/redis_proxy.proto  | 6 ++++--
 .../envoy/config/grpc_credential/v2alpha/BUILD              | 5 ++++-
 .../grpc_credential/v2alpha/file_based_metadata.proto       | 4 +++-
 .../config/grpc_credential/v3/file_based_metadata.proto     | 3 ++-
 .../filters/network/redis_proxy/v3/redis_proxy.proto        | 5 +++--
 .../envoy/extensions/transport_sockets/tls/v3/cert.proto    | 5 +++--
 18 files changed, 50 insertions(+), 25 deletions(-)

diff --git a/api/envoy/api/v2/auth/cert.proto b/api/envoy/api/v2/auth/cert.proto
index b0d328b61ea8..0daf5acace74 100644
--- a/api/envoy/api/v2/auth/cert.proto
+++ b/api/envoy/api/v2/auth/cert.proto
@@ -118,9 +118,9 @@ message PrivateKeyProvider {
 
   // Private key method provider specific configuration.
   oneof config_type {
-    google.protobuf.Struct config = 2 [deprecated = true];
+    google.protobuf.Struct config = 2 [deprecated = true, (udpa.annotations.sensitive) = true];
 
-    google.protobuf.Any typed_config = 3;
+    google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true];
   }
 }
 
diff --git a/api/envoy/api/v2/core/grpc_service.proto b/api/envoy/api/v2/core/grpc_service.proto
index 01fa83557013..17f769b14e8c 100644
--- a/api/envoy/api/v2/core/grpc_service.proto
+++ b/api/envoy/api/v2/core/grpc_service.proto
@@ -9,6 +9,8 @@ import "google/protobuf/duration.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/struct.proto";
 
+import "udpa/annotations/sensitive.proto";
+
 import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
@@ -38,7 +40,7 @@ message GrpcService {
       DataSource root_certs = 1;
 
       // PEM encoded client private key.
-      DataSource private_key = 2;
+      DataSource private_key = 2 [(udpa.annotations.sensitive) = true];
 
       // PEM encoded client certificate chain.
       DataSource cert_chain = 3;
diff --git a/api/envoy/config/core/v3/grpc_service.proto b/api/envoy/config/core/v3/grpc_service.proto
index ab9e3df4ad8e..06d76098f483 100644
--- a/api/envoy/config/core/v3/grpc_service.proto
+++ b/api/envoy/config/core/v3/grpc_service.proto
@@ -9,6 +9,7 @@ import "google/protobuf/duration.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/struct.proto";
 
+import "udpa/annotations/sensitive.proto";
 import "udpa/annotations/versioning.proto";
 
 import "validate/validate.proto";
@@ -49,7 +50,7 @@ message GrpcService {
       DataSource root_certs = 1;
 
       // PEM encoded client private key.
-      DataSource private_key = 2;
+      DataSource private_key = 2 [(udpa.annotations.sensitive) = true];
 
       // PEM encoded client certificate chain.
       DataSource cert_chain = 3;
diff --git a/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto b/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto
index 98f7384bc330..3eac388c904b 100644
--- a/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto
+++ b/api/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto
@@ -7,6 +7,8 @@ import "envoy/api/v2/core/base.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
+import "udpa/annotations/sensitive.proto";
+
 import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
@@ -229,7 +231,7 @@ message RedisProxy {
   // password is set, then a "NOAUTH Authentication required." error response will be sent to the
   // client. If an AUTH command is received when the password is not set, then an "ERR Client sent
   // AUTH, but no password is set" error will be returned.
-  api.v2.core.DataSource downstream_auth_password = 6;
+  api.v2.core.DataSource downstream_auth_password = 6 [(udpa.annotations.sensitive) = true];
 }
 
 // RedisProtocolOptions specifies Redis upstream protocol options. This object is used in
@@ -238,5 +240,5 @@ message RedisProxy {
 message RedisProtocolOptions {
   // Upstream server password as defined by the `requirepass` directive
   // <https://redis.io/topics/config>`_ in the server's configuration file.
-  api.v2.core.DataSource auth_password = 1;
+  api.v2.core.DataSource auth_password = 1 [(udpa.annotations.sensitive) = true];
 }
diff --git a/api/envoy/config/grpc_credential/v2alpha/BUILD b/api/envoy/config/grpc_credential/v2alpha/BUILD
index 97eb16ccddad..69168ad0cf24 100644
--- a/api/envoy/config/grpc_credential/v2alpha/BUILD
+++ b/api/envoy/config/grpc_credential/v2alpha/BUILD
@@ -5,5 +5,8 @@ load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
 licenses(["notice"])  # Apache 2
 
 api_proto_package(
-    deps = ["//envoy/api/v2/core:pkg"],
+    deps = [
+        "//envoy/api/v2/core:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
 )
diff --git a/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto b/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto
index cbb754a27a50..c5c6a4d980b9 100644
--- a/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto
+++ b/api/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto
@@ -4,6 +4,8 @@ package envoy.config.grpc_credential.v2alpha;
 
 import "envoy/api/v2/core/base.proto";
 
+import "udpa/annotations/sensitive.proto";
+
 option java_package = "io.envoyproxy.envoy.config.grpc_credential.v2alpha";
 option java_outer_classname = "FileBasedMetadataProto";
 option java_multiple_files = true;
@@ -15,7 +17,7 @@ option java_multiple_files = true;
 message FileBasedMetadataConfig {
   // Location or inline data of secret to use for authentication of the Google gRPC connection
   // this secret will be attached to a header of the gRPC connection
-  api.v2.core.DataSource secret_data = 1;
+  api.v2.core.DataSource secret_data = 1 [(udpa.annotations.sensitive) = true];
 
   // Metadata header key to use for sending the secret data
   // if no header key is set, "authorization" header will be used
diff --git a/api/envoy/config/grpc_credential/v3/file_based_metadata.proto b/api/envoy/config/grpc_credential/v3/file_based_metadata.proto
index a596790fa7c1..bee16939d7e8 100644
--- a/api/envoy/config/grpc_credential/v3/file_based_metadata.proto
+++ b/api/envoy/config/grpc_credential/v3/file_based_metadata.proto
@@ -4,6 +4,7 @@ package envoy.config.grpc_credential.v3;
 
 import "envoy/config/core/v3/base.proto";
 
+import "udpa/annotations/sensitive.proto";
 import "udpa/annotations/versioning.proto";
 
 option java_package = "io.envoyproxy.envoy.config.grpc_credential.v3";
@@ -20,7 +21,7 @@ message FileBasedMetadataConfig {
 
   // Location or inline data of secret to use for authentication of the Google gRPC connection
   // this secret will be attached to a header of the gRPC connection
-  core.v3.DataSource secret_data = 1;
+  core.v3.DataSource secret_data = 1 [(udpa.annotations.sensitive) = true];
 
   // Metadata header key to use for sending the secret data
   // if no header key is set, "authorization" header will be used
diff --git a/api/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto b/api/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
index c918370541d9..9b2d30c30e80 100644
--- a/api/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
+++ b/api/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
@@ -7,6 +7,7 @@ import "envoy/config/core/v3/base.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
+import "udpa/annotations/sensitive.proto";
 import "udpa/annotations/versioning.proto";
 
 import "envoy/annotations/deprecation.proto";
@@ -231,7 +232,7 @@ message RedisProxy {
   // password is set, then a "NOAUTH Authentication required." error response will be sent to the
   // client. If an AUTH command is received when the password is not set, then an "ERR Client sent
   // AUTH, but no password is set" error will be returned.
-  config.core.v3.DataSource downstream_auth_password = 6;
+  config.core.v3.DataSource downstream_auth_password = 6 [(udpa.annotations.sensitive) = true];
 }
 
 // RedisProtocolOptions specifies Redis upstream protocol options. This object is used in
@@ -243,5 +244,5 @@ message RedisProtocolOptions {
 
   // Upstream server password as defined by the `requirepass` directive
   // <https://redis.io/topics/config>`_ in the server's configuration file.
-  config.core.v3.DataSource auth_password = 1;
+  config.core.v3.DataSource auth_password = 1 [(udpa.annotations.sensitive) = true];
 }
diff --git a/api/envoy/extensions/transport_sockets/tls/v3/cert.proto b/api/envoy/extensions/transport_sockets/tls/v3/cert.proto
index f3e6361abb1f..eaa29e59d43b 100644
--- a/api/envoy/extensions/transport_sockets/tls/v3/cert.proto
+++ b/api/envoy/extensions/transport_sockets/tls/v3/cert.proto
@@ -125,7 +125,7 @@ message PrivateKeyProvider {
 
   // Private key method provider specific configuration.
   oneof config_type {
-    google.protobuf.Any typed_config = 3;
+    google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true];
   }
 }
 
diff --git a/generated_api_shadow/envoy/api/v2/auth/cert.proto b/generated_api_shadow/envoy/api/v2/auth/cert.proto
index b0d328b61ea8..0daf5acace74 100644
--- a/generated_api_shadow/envoy/api/v2/auth/cert.proto
+++ b/generated_api_shadow/envoy/api/v2/auth/cert.proto
@@ -118,9 +118,9 @@ message PrivateKeyProvider {
 
   // Private key method provider specific configuration.
   oneof config_type {
-    google.protobuf.Struct config = 2 [deprecated = true];
+    google.protobuf.Struct config = 2 [deprecated = true, (udpa.annotations.sensitive) = true];
 
-    google.protobuf.Any typed_config = 3;
+    google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true];
   }
 }
 
diff --git a/generated_api_shadow/envoy/api/v2/core/grpc_service.proto b/generated_api_shadow/envoy/api/v2/core/grpc_service.proto
index 01fa83557013..17f769b14e8c 100644
--- a/generated_api_shadow/envoy/api/v2/core/grpc_service.proto
+++ b/generated_api_shadow/envoy/api/v2/core/grpc_service.proto
@@ -9,6 +9,8 @@ import "google/protobuf/duration.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/struct.proto";
 
+import "udpa/annotations/sensitive.proto";
+
 import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
 
@@ -38,7 +40,7 @@ message GrpcService {
       DataSource root_certs = 1;
 
       // PEM encoded client private key.
-      DataSource private_key = 2;
+      DataSource private_key = 2 [(udpa.annotations.sensitive) = true];
 
       // PEM encoded client certificate chain.
       DataSource cert_chain = 3;
diff --git a/generated_api_shadow/envoy/config/core/v3/grpc_service.proto b/generated_api_shadow/envoy/config/core/v3/grpc_service.proto
index 35dadfd006e5..82c991b6348e 100644
--- a/generated_api_shadow/envoy/config/core/v3/grpc_service.proto
+++ b/generated_api_shadow/envoy/config/core/v3/grpc_service.proto
@@ -9,6 +9,7 @@ import "google/protobuf/duration.proto";
 import "google/protobuf/empty.proto";
 import "google/protobuf/struct.proto";
 
+import "udpa/annotations/sensitive.proto";
 import "udpa/annotations/versioning.proto";
 
 import "validate/validate.proto";
@@ -49,7 +50,7 @@ message GrpcService {
       DataSource root_certs = 1;
 
       // PEM encoded client private key.
-      DataSource private_key = 2;
+      DataSource private_key = 2 [(udpa.annotations.sensitive) = true];
 
       // PEM encoded client certificate chain.
       DataSource cert_chain = 3;
diff --git a/generated_api_shadow/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto b/generated_api_shadow/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto
index 98f7384bc330..3eac388c904b 100644
--- a/generated_api_shadow/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto
+++ b/generated_api_shadow/envoy/config/filter/network/redis_proxy/v2/redis_proxy.proto
@@ -7,6 +7,8 @@ import "envoy/api/v2/core/base.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
+import "udpa/annotations/sensitive.proto";
+
 import "envoy/annotations/deprecation.proto";
 import "udpa/annotations/migrate.proto";
 import "validate/validate.proto";
@@ -229,7 +231,7 @@ message RedisProxy {
   // password is set, then a "NOAUTH Authentication required." error response will be sent to the
   // client. If an AUTH command is received when the password is not set, then an "ERR Client sent
   // AUTH, but no password is set" error will be returned.
-  api.v2.core.DataSource downstream_auth_password = 6;
+  api.v2.core.DataSource downstream_auth_password = 6 [(udpa.annotations.sensitive) = true];
 }
 
 // RedisProtocolOptions specifies Redis upstream protocol options. This object is used in
@@ -238,5 +240,5 @@ message RedisProxy {
 message RedisProtocolOptions {
   // Upstream server password as defined by the `requirepass` directive
   // <https://redis.io/topics/config>`_ in the server's configuration file.
-  api.v2.core.DataSource auth_password = 1;
+  api.v2.core.DataSource auth_password = 1 [(udpa.annotations.sensitive) = true];
 }
diff --git a/generated_api_shadow/envoy/config/grpc_credential/v2alpha/BUILD b/generated_api_shadow/envoy/config/grpc_credential/v2alpha/BUILD
index 97eb16ccddad..69168ad0cf24 100644
--- a/generated_api_shadow/envoy/config/grpc_credential/v2alpha/BUILD
+++ b/generated_api_shadow/envoy/config/grpc_credential/v2alpha/BUILD
@@ -5,5 +5,8 @@ load("@envoy_api//bazel:api_build_system.bzl", "api_proto_package")
 licenses(["notice"])  # Apache 2
 
 api_proto_package(
-    deps = ["//envoy/api/v2/core:pkg"],
+    deps = [
+        "//envoy/api/v2/core:pkg",
+        "@com_github_cncf_udpa//udpa/annotations:pkg",
+    ],
 )
diff --git a/generated_api_shadow/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto b/generated_api_shadow/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto
index cbb754a27a50..c5c6a4d980b9 100644
--- a/generated_api_shadow/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto
+++ b/generated_api_shadow/envoy/config/grpc_credential/v2alpha/file_based_metadata.proto
@@ -4,6 +4,8 @@ package envoy.config.grpc_credential.v2alpha;
 
 import "envoy/api/v2/core/base.proto";
 
+import "udpa/annotations/sensitive.proto";
+
 option java_package = "io.envoyproxy.envoy.config.grpc_credential.v2alpha";
 option java_outer_classname = "FileBasedMetadataProto";
 option java_multiple_files = true;
@@ -15,7 +17,7 @@ option java_multiple_files = true;
 message FileBasedMetadataConfig {
   // Location or inline data of secret to use for authentication of the Google gRPC connection
   // this secret will be attached to a header of the gRPC connection
-  api.v2.core.DataSource secret_data = 1;
+  api.v2.core.DataSource secret_data = 1 [(udpa.annotations.sensitive) = true];
 
   // Metadata header key to use for sending the secret data
   // if no header key is set, "authorization" header will be used
diff --git a/generated_api_shadow/envoy/config/grpc_credential/v3/file_based_metadata.proto b/generated_api_shadow/envoy/config/grpc_credential/v3/file_based_metadata.proto
index a596790fa7c1..bee16939d7e8 100644
--- a/generated_api_shadow/envoy/config/grpc_credential/v3/file_based_metadata.proto
+++ b/generated_api_shadow/envoy/config/grpc_credential/v3/file_based_metadata.proto
@@ -4,6 +4,7 @@ package envoy.config.grpc_credential.v3;
 
 import "envoy/config/core/v3/base.proto";
 
+import "udpa/annotations/sensitive.proto";
 import "udpa/annotations/versioning.proto";
 
 option java_package = "io.envoyproxy.envoy.config.grpc_credential.v3";
@@ -20,7 +21,7 @@ message FileBasedMetadataConfig {
 
   // Location or inline data of secret to use for authentication of the Google gRPC connection
   // this secret will be attached to a header of the gRPC connection
-  core.v3.DataSource secret_data = 1;
+  core.v3.DataSource secret_data = 1 [(udpa.annotations.sensitive) = true];
 
   // Metadata header key to use for sending the secret data
   // if no header key is set, "authorization" header will be used
diff --git a/generated_api_shadow/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto b/generated_api_shadow/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
index 9b1bf0a1fcd6..bc6dd71a4fae 100644
--- a/generated_api_shadow/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
+++ b/generated_api_shadow/envoy/extensions/filters/network/redis_proxy/v3/redis_proxy.proto
@@ -7,6 +7,7 @@ import "envoy/config/core/v3/base.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 
+import "udpa/annotations/sensitive.proto";
 import "udpa/annotations/versioning.proto";
 
 import "envoy/annotations/deprecation.proto";
@@ -245,7 +246,7 @@ message RedisProxy {
   // password is set, then a "NOAUTH Authentication required." error response will be sent to the
   // client. If an AUTH command is received when the password is not set, then an "ERR Client sent
   // AUTH, but no password is set" error will be returned.
-  config.core.v3.DataSource downstream_auth_password = 6;
+  config.core.v3.DataSource downstream_auth_password = 6 [(udpa.annotations.sensitive) = true];
 }
 
 // RedisProtocolOptions specifies Redis upstream protocol options. This object is used in
@@ -257,5 +258,5 @@ message RedisProtocolOptions {
 
   // Upstream server password as defined by the `requirepass` directive
   // <https://redis.io/topics/config>`_ in the server's configuration file.
-  config.core.v3.DataSource auth_password = 1;
+  config.core.v3.DataSource auth_password = 1 [(udpa.annotations.sensitive) = true];
 }
diff --git a/generated_api_shadow/envoy/extensions/transport_sockets/tls/v3/cert.proto b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v3/cert.proto
index 5d05316cf2fb..eaa27cad959e 100644
--- a/generated_api_shadow/envoy/extensions/transport_sockets/tls/v3/cert.proto
+++ b/generated_api_shadow/envoy/extensions/transport_sockets/tls/v3/cert.proto
@@ -121,9 +121,10 @@ message PrivateKeyProvider {
 
   // Private key method provider specific configuration.
   oneof config_type {
-    google.protobuf.Struct hidden_envoy_deprecated_config = 2 [deprecated = true];
+    google.protobuf.Struct hidden_envoy_deprecated_config = 2
+        [deprecated = true, (udpa.annotations.sensitive) = true];
 
-    google.protobuf.Any typed_config = 3;
+    google.protobuf.Any typed_config = 3 [(udpa.annotations.sensitive) = true];
   }
 }