pkg/api/external/istio/authorization/v1alpha1/policy.pb.go

// Code generated by protoc-gen-gogo. DO NOT EDIT.
// source: github.com/solo-io/supergloo/api/external/istio/authorization/v1alpha1/policy.proto

// This package defines user-facing authentication policy.

package v1alpha1

import (
	bytes "bytes"
	fmt "fmt"
	math "math"

	_ "github.com/gogo/protobuf/gogoproto"
	proto "github.com/gogo/protobuf/proto"
	core "github.com/solo-io/solo-kit/pkg/api/v1/resources/core"
)

// Reference imports to suppress errors if they are not otherwise used.
var _ = proto.Marshal
var _ = fmt.Errorf
var _ = math.Inf

// This is a compile-time assertion to ensure that this generated file
// is compatible with the proto package it is being compiled against.
// A compilation error at this line likely means your copy of the
// proto package needs to be updated.
const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package

// Associates authentication with request principal.
type PrincipalBinding int32

const (
	// Principal will be set to the identity from peer authentication.
	PrincipalBinding_USE_PEER PrincipalBinding = 0
	// Principal will be set to the identity from origin authentication.
	PrincipalBinding_USE_ORIGIN PrincipalBinding = 1
)

var PrincipalBinding_name = map[int32]string{
	0: "USE_PEER",
	1: "USE_ORIGIN",
}

var PrincipalBinding_value = map[string]int32{
	"USE_PEER":   0,
	"USE_ORIGIN": 1,
}

func (x PrincipalBinding) String() string {
	return proto.EnumName(PrincipalBinding_name, int32(x))
}

func (PrincipalBinding) EnumDescriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{0}
}

// Defines the acceptable connection TLS mode.
type MutualTls_Mode int32

const (
	// Client cert must be presented, connection is in TLS.
	MutualTls_STRICT MutualTls_Mode = 0
	// Connection can be either plaintext or TLS, and client cert can be omitted.
	MutualTls_PERMISSIVE MutualTls_Mode = 1
)

var MutualTls_Mode_name = map[int32]string{
	0: "STRICT",
	1: "PERMISSIVE",
}

var MutualTls_Mode_value = map[string]int32{
	"STRICT":     0,
	"PERMISSIVE": 1,
}

func (x MutualTls_Mode) String() string {
	return proto.EnumName(MutualTls_Mode_name, int32(x))
}

func (MutualTls_Mode) EnumDescriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{1, 0}
}

// Describes how to match a given string. Match is case-sensitive.
type StringMatch struct {
	// Types that are valid to be assigned to MatchType:
	//	*StringMatch_Exact
	//	*StringMatch_Prefix
	//	*StringMatch_Suffix
	//	*StringMatch_Regex
	MatchType            isStringMatch_MatchType `protobuf_oneof:"match_type"`
	XXX_NoUnkeyedLiteral struct{}                `json:"-"`
	XXX_unrecognized     []byte                  `json:"-"`
	XXX_sizecache        int32                   `json:"-"`
}

func (m *StringMatch) Reset()         { *m = StringMatch{} }
func (m *StringMatch) String() string { return proto.CompactTextString(m) }
func (*StringMatch) ProtoMessage()    {}
func (*StringMatch) Descriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{0}
}
func (m *StringMatch) XXX_Unmarshal(b []byte) error {
	return xxx_messageInfo_StringMatch.Unmarshal(m, b)
}
func (m *StringMatch) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
	return xxx_messageInfo_StringMatch.Marshal(b, m, deterministic)
}
func (m *StringMatch) XXX_Merge(src proto.Message) {
	xxx_messageInfo_StringMatch.Merge(m, src)
}
func (m *StringMatch) XXX_Size() int {
	return xxx_messageInfo_StringMatch.Size(m)
}
func (m *StringMatch) XXX_DiscardUnknown() {
	xxx_messageInfo_StringMatch.DiscardUnknown(m)
}

var xxx_messageInfo_StringMatch proto.InternalMessageInfo

type isStringMatch_MatchType interface {
	isStringMatch_MatchType()
	Equal(interface{}) bool
}

type StringMatch_Exact struct {
	Exact string `protobuf:"bytes,1,opt,name=exact,proto3,oneof"`
}
type StringMatch_Prefix struct {
	Prefix string `protobuf:"bytes,2,opt,name=prefix,proto3,oneof"`
}
type StringMatch_Suffix struct {
	Suffix string `protobuf:"bytes,3,opt,name=suffix,proto3,oneof"`
}
type StringMatch_Regex struct {
	Regex string `protobuf:"bytes,4,opt,name=regex,proto3,oneof"`
}

func (*StringMatch_Exact) isStringMatch_MatchType()  {}
func (*StringMatch_Prefix) isStringMatch_MatchType() {}
func (*StringMatch_Suffix) isStringMatch_MatchType() {}
func (*StringMatch_Regex) isStringMatch_MatchType()  {}

func (m *StringMatch) GetMatchType() isStringMatch_MatchType {
	if m != nil {
		return m.MatchType
	}
	return nil
}

func (m *StringMatch) GetExact() string {
	if x, ok := m.GetMatchType().(*StringMatch_Exact); ok {
		return x.Exact
	}
	return ""
}

func (m *StringMatch) GetPrefix() string {
	if x, ok := m.GetMatchType().(*StringMatch_Prefix); ok {
		return x.Prefix
	}
	return ""
}

func (m *StringMatch) GetSuffix() string {
	if x, ok := m.GetMatchType().(*StringMatch_Suffix); ok {
		return x.Suffix
	}
	return ""
}

func (m *StringMatch) GetRegex() string {
	if x, ok := m.GetMatchType().(*StringMatch_Regex); ok {
		return x.Regex
	}
	return ""
}

// XXX_OneofFuncs is for the internal use of the proto package.
func (*StringMatch) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
	return _StringMatch_OneofMarshaler, _StringMatch_OneofUnmarshaler, _StringMatch_OneofSizer, []interface{}{
		(*StringMatch_Exact)(nil),
		(*StringMatch_Prefix)(nil),
		(*StringMatch_Suffix)(nil),
		(*StringMatch_Regex)(nil),
	}
}

func _StringMatch_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
	m := msg.(*StringMatch)
	// match_type
	switch x := m.MatchType.(type) {
	case *StringMatch_Exact:
		_ = b.EncodeVarint(1<<3 | proto.WireBytes)
		_ = b.EncodeStringBytes(x.Exact)
	case *StringMatch_Prefix:
		_ = b.EncodeVarint(2<<3 | proto.WireBytes)
		_ = b.EncodeStringBytes(x.Prefix)
	case *StringMatch_Suffix:
		_ = b.EncodeVarint(3<<3 | proto.WireBytes)
		_ = b.EncodeStringBytes(x.Suffix)
	case *StringMatch_Regex:
		_ = b.EncodeVarint(4<<3 | proto.WireBytes)
		_ = b.EncodeStringBytes(x.Regex)
	case nil:
	default:
		return fmt.Errorf("StringMatch.MatchType has unexpected type %T", x)
	}
	return nil
}

func _StringMatch_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
	m := msg.(*StringMatch)
	switch tag {
	case 1: // match_type.exact
		if wire != proto.WireBytes {
			return true, proto.ErrInternalBadWireType
		}
		x, err := b.DecodeStringBytes()
		m.MatchType = &StringMatch_Exact{x}
		return true, err
	case 2: // match_type.prefix
		if wire != proto.WireBytes {
			return true, proto.ErrInternalBadWireType
		}
		x, err := b.DecodeStringBytes()
		m.MatchType = &StringMatch_Prefix{x}
		return true, err
	case 3: // match_type.suffix
		if wire != proto.WireBytes {
			return true, proto.ErrInternalBadWireType
		}
		x, err := b.DecodeStringBytes()
		m.MatchType = &StringMatch_Suffix{x}
		return true, err
	case 4: // match_type.regex
		if wire != proto.WireBytes {
			return true, proto.ErrInternalBadWireType
		}
		x, err := b.DecodeStringBytes()
		m.MatchType = &StringMatch_Regex{x}
		return true, err
	default:
		return false, nil
	}
}

func _StringMatch_OneofSizer(msg proto.Message) (n int) {
	m := msg.(*StringMatch)
	// match_type
	switch x := m.MatchType.(type) {
	case *StringMatch_Exact:
		n += 1 // tag and wire
		n += proto.SizeVarint(uint64(len(x.Exact)))
		n += len(x.Exact)
	case *StringMatch_Prefix:
		n += 1 // tag and wire
		n += proto.SizeVarint(uint64(len(x.Prefix)))
		n += len(x.Prefix)
	case *StringMatch_Suffix:
		n += 1 // tag and wire
		n += proto.SizeVarint(uint64(len(x.Suffix)))
		n += len(x.Suffix)
	case *StringMatch_Regex:
		n += 1 // tag and wire
		n += proto.SizeVarint(uint64(len(x.Regex)))
		n += len(x.Regex)
	case nil:
	default:
		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
	}
	return n
}

// TLS authentication params.
type MutualTls struct {
	// WILL BE DEPRECATED, if set, will translates to `TLS_PERMISSIVE` mode.
	// Set this flag to true to allow regular TLS (i.e without client x509
	// certificate). If request carries client certificate, identity will be
	// extracted and used (set to peer identity). Otherwise, peer identity will
	// be left unset.
	// When the flag is false (default), request must have client certificate.
	AllowTls bool `protobuf:"varint,1,opt,name=allow_tls,json=allowTls,proto3" json:"allow_tls,omitempty"`
	// Defines the mode of mTLS authentication.
	Mode                 MutualTls_Mode `protobuf:"varint,2,opt,name=mode,proto3,enum=istio.authentication.v1alpha1.MutualTls_Mode" json:"mode,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

func (m *MutualTls) Reset()         { *m = MutualTls{} }
func (m *MutualTls) String() string { return proto.CompactTextString(m) }
func (*MutualTls) ProtoMessage()    {}
func (*MutualTls) Descriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{1}
}
func (m *MutualTls) XXX_Unmarshal(b []byte) error {
	return xxx_messageInfo_MutualTls.Unmarshal(m, b)
}
func (m *MutualTls) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
	return xxx_messageInfo_MutualTls.Marshal(b, m, deterministic)
}
func (m *MutualTls) XXX_Merge(src proto.Message) {
	xxx_messageInfo_MutualTls.Merge(m, src)
}
func (m *MutualTls) XXX_Size() int {
	return xxx_messageInfo_MutualTls.Size(m)
}
func (m *MutualTls) XXX_DiscardUnknown() {
	xxx_messageInfo_MutualTls.DiscardUnknown(m)
}

var xxx_messageInfo_MutualTls proto.InternalMessageInfo

func (m *MutualTls) GetAllowTls() bool {
	if m != nil {
		return m.AllowTls
	}
	return false
}

func (m *MutualTls) GetMode() MutualTls_Mode {
	if m != nil {
		return m.Mode
	}
	return MutualTls_STRICT
}

// JSON Web Token (JWT) token format for authentication as defined by
// https://tools.ietf.org/html/rfc7519. See [OAuth
// 2.0](https://tools.ietf.org/html/rfc6749) and [OIDC
// 1.0](http://openid.net/connect) for how this is used in the whole
// authentication flow.
//
// For example:
//
// A JWT for any requests:
//
// ```yaml
// issuer: https://example.com
// audiences:
// - bookstore_android.apps.googleusercontent.com
//   bookstore_web.apps.googleusercontent.com
// jwksUri: https://example.com/.well-known/jwks.json
// ```
//
// A JWT for all requests except request at path `/health_check` and path with
// prefix `/status/`. This is useful to expose some paths for public access but
// keep others JWT validated.
//
// ```yaml
// issuer: https://example.com
// jwks_uri: https://example.com/.well-known/jwks.json
// trigger_rules:
// - excluded_paths:
//   - exact: /health_check
//   - prefix: /status/
// ```
//
// A JWT only for requests at path `/admin`. This is useful to only require JWT
// validation on a specific set of paths but keep others public accessible.
//
// ```yaml
// issuer: https://example.com
// jwks_uri: https://example.com/.well-known/jwks.json
// trigger_rules:
// - included_paths:
//   - prefix: /admin
// ```
//
// A JWT only for requests at path of prefix `/status/` but except the path of
// `/status/version`. This means for any request path with prefix `/status/` except
// `/status/version` will require a valid JWT to proceed.
//
// ```yaml
// issuer: https://example.com
// jwks_uri: https://example.com/.well-known/jwks.json
// trigger_rules:
// - excluded_paths:
//   - exact: /status/version
//   included_paths:
//   - prefix: /status/
// ```
type Jwt struct {
	// Identifies the issuer that issued the JWT. See
	// [issuer](https://tools.ietf.org/html/rfc7519#section-4.1.1)
	// Usually a URL or an email address.
	//
	// Example: https://securetoken.google.com
	// Example: 1234567-compute@developer.gserviceaccount.com
	Issuer string `protobuf:"bytes,1,opt,name=issuer,proto3" json:"issuer,omitempty"`
	// The list of JWT
	// [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3).
	// that are allowed to access. A JWT containing any of these
	// audiences will be accepted.
	//
	// The service name will be accepted if audiences is empty.
	//
	// Example:
	//
	// ```yaml
	// audiences:
	// - bookstore_android.apps.googleusercontent.com
	//   bookstore_web.apps.googleusercontent.com
	// ```
	Audiences []string `protobuf:"bytes,2,rep,name=audiences,proto3" json:"audiences,omitempty"`
	// URL of the provider's public key set to validate signature of the
	// JWT. See [OpenID
	// Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata).
	//
	// Optional if the key set document can either (a) be retrieved from
	// [OpenID
	// Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of
	// the issuer or (b) inferred from the email domain of the issuer (e.g. a
	// Google service account).
	//
	// Example: https://www.googleapis.com/oauth2/v1/certs
	JwksUri string `protobuf:"bytes,3,opt,name=jwks_uri,json=jwksUri,proto3" json:"jwks_uri,omitempty"`
	// JWT is sent in a request header. `header` represents the
	// header name.
	//
	// For example, if `header=x-goog-iap-jwt-assertion`, the header
	// format will be x-goog-iap-jwt-assertion: <JWT>.
	JwtHeaders []string `protobuf:"bytes,6,rep,name=jwt_headers,json=jwtHeaders,proto3" json:"jwt_headers,omitempty"`
	// JWT is sent in a query parameter. `query` represents the
	// query parameter name.
	//
	// For example, `query=jwt_token`.
	JwtParams []string `protobuf:"bytes,7,rep,name=jwt_params,json=jwtParams,proto3" json:"jwt_params,omitempty"`
	// List of trigger rules to decide if this JWT should be used to validate the
	// request. The JWT validation happens if any one of the rules matched.
	// If the list is not empty and none of the rules matched, authentication will
	// skip the JWT validation.
	// Leave this empty to always trigger the JWT validation.
	TriggerRules         []*Jwt_TriggerRule `protobuf:"bytes,9,rep,name=trigger_rules,json=triggerRules,proto3" json:"trigger_rules,omitempty"`
	XXX_NoUnkeyedLiteral struct{}           `json:"-"`
	XXX_unrecognized     []byte             `json:"-"`
	XXX_sizecache        int32              `json:"-"`
}

func (m *Jwt) Reset()         { *m = Jwt{} }
func (m *Jwt) String() string { return proto.CompactTextString(m) }
func (*Jwt) ProtoMessage()    {}
func (*Jwt) Descriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{2}
}
func (m *Jwt) XXX_Unmarshal(b []byte) error {
	return xxx_messageInfo_Jwt.Unmarshal(m, b)
}
func (m *Jwt) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
	return xxx_messageInfo_Jwt.Marshal(b, m, deterministic)
}
func (m *Jwt) XXX_Merge(src proto.Message) {
	xxx_messageInfo_Jwt.Merge(m, src)
}
func (m *Jwt) XXX_Size() int {
	return xxx_messageInfo_Jwt.Size(m)
}
func (m *Jwt) XXX_DiscardUnknown() {
	xxx_messageInfo_Jwt.DiscardUnknown(m)
}

var xxx_messageInfo_Jwt proto.InternalMessageInfo

func (m *Jwt) GetIssuer() string {
	if m != nil {
		return m.Issuer
	}
	return ""
}

func (m *Jwt) GetAudiences() []string {
	if m != nil {
		return m.Audiences
	}
	return nil
}

func (m *Jwt) GetJwksUri() string {
	if m != nil {
		return m.JwksUri
	}
	return ""
}

func (m *Jwt) GetJwtHeaders() []string {
	if m != nil {
		return m.JwtHeaders
	}
	return nil
}

func (m *Jwt) GetJwtParams() []string {
	if m != nil {
		return m.JwtParams
	}
	return nil
}

func (m *Jwt) GetTriggerRules() []*Jwt_TriggerRule {
	if m != nil {
		return m.TriggerRules
	}
	return nil
}

// Trigger rule to match against a request. The trigger rule is satisfied if
// and only if both rules, excluded_paths and include_paths are satisfied.
type Jwt_TriggerRule struct {
	// List of paths to be excluded from the request. The rule is satisfied if
	// request path does not match to any of the path in this list.
	ExcludedPaths []*StringMatch `protobuf:"bytes,1,rep,name=excluded_paths,json=excludedPaths,proto3" json:"excluded_paths,omitempty"`
	// List of paths that the request must include. If the list is not empty, the
	// rule is satisfied if request path matches at least one of the path in the list.
	// If the list is empty, the rule is ignored, in other words the rule is always satisfied.
	IncludedPaths        []*StringMatch `protobuf:"bytes,2,rep,name=included_paths,json=includedPaths,proto3" json:"included_paths,omitempty"`
	XXX_NoUnkeyedLiteral struct{}       `json:"-"`
	XXX_unrecognized     []byte         `json:"-"`
	XXX_sizecache        int32          `json:"-"`
}

func (m *Jwt_TriggerRule) Reset()         { *m = Jwt_TriggerRule{} }
func (m *Jwt_TriggerRule) String() string { return proto.CompactTextString(m) }
func (*Jwt_TriggerRule) ProtoMessage()    {}
func (*Jwt_TriggerRule) Descriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{2, 0}
}
func (m *Jwt_TriggerRule) XXX_Unmarshal(b []byte) error {
	return xxx_messageInfo_Jwt_TriggerRule.Unmarshal(m, b)
}
func (m *Jwt_TriggerRule) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
	return xxx_messageInfo_Jwt_TriggerRule.Marshal(b, m, deterministic)
}
func (m *Jwt_TriggerRule) XXX_Merge(src proto.Message) {
	xxx_messageInfo_Jwt_TriggerRule.Merge(m, src)
}
func (m *Jwt_TriggerRule) XXX_Size() int {
	return xxx_messageInfo_Jwt_TriggerRule.Size(m)
}
func (m *Jwt_TriggerRule) XXX_DiscardUnknown() {
	xxx_messageInfo_Jwt_TriggerRule.DiscardUnknown(m)
}

var xxx_messageInfo_Jwt_TriggerRule proto.InternalMessageInfo

func (m *Jwt_TriggerRule) GetExcludedPaths() []*StringMatch {
	if m != nil {
		return m.ExcludedPaths
	}
	return nil
}

func (m *Jwt_TriggerRule) GetIncludedPaths() []*StringMatch {
	if m != nil {
		return m.IncludedPaths
	}
	return nil
}

// PeerAuthenticationMethod defines one particular type of authentication, e.g
// mutual TLS, JWT etc, (no authentication is one type by itself) that can
// be used for peer authentication.
// The type can be progammatically determine by checking the type of the
// "params" field.
type PeerAuthenticationMethod struct {
	// Types that are valid to be assigned to Params:
	//	*PeerAuthenticationMethod_Mtls
	//	*PeerAuthenticationMethod_Jwt
	Params               isPeerAuthenticationMethod_Params `protobuf_oneof:"params"`
	XXX_NoUnkeyedLiteral struct{}                          `json:"-"`
	XXX_unrecognized     []byte                            `json:"-"`
	XXX_sizecache        int32                             `json:"-"`
}

func (m *PeerAuthenticationMethod) Reset()         { *m = PeerAuthenticationMethod{} }
func (m *PeerAuthenticationMethod) String() string { return proto.CompactTextString(m) }
func (*PeerAuthenticationMethod) ProtoMessage()    {}
func (*PeerAuthenticationMethod) Descriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{3}
}
func (m *PeerAuthenticationMethod) XXX_Unmarshal(b []byte) error {
	return xxx_messageInfo_PeerAuthenticationMethod.Unmarshal(m, b)
}
func (m *PeerAuthenticationMethod) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
	return xxx_messageInfo_PeerAuthenticationMethod.Marshal(b, m, deterministic)
}
func (m *PeerAuthenticationMethod) XXX_Merge(src proto.Message) {
	xxx_messageInfo_PeerAuthenticationMethod.Merge(m, src)
}
func (m *PeerAuthenticationMethod) XXX_Size() int {
	return xxx_messageInfo_PeerAuthenticationMethod.Size(m)
}
func (m *PeerAuthenticationMethod) XXX_DiscardUnknown() {
	xxx_messageInfo_PeerAuthenticationMethod.DiscardUnknown(m)
}

var xxx_messageInfo_PeerAuthenticationMethod proto.InternalMessageInfo

type isPeerAuthenticationMethod_Params interface {
	isPeerAuthenticationMethod_Params()
	Equal(interface{}) bool
}

type PeerAuthenticationMethod_Mtls struct {
	Mtls *MutualTls `protobuf:"bytes,1,opt,name=mtls,proto3,oneof"`
}
type PeerAuthenticationMethod_Jwt struct {
	Jwt *Jwt `protobuf:"bytes,2,opt,name=jwt,proto3,oneof"`
}

func (*PeerAuthenticationMethod_Mtls) isPeerAuthenticationMethod_Params() {}
func (*PeerAuthenticationMethod_Jwt) isPeerAuthenticationMethod_Params()  {}

func (m *PeerAuthenticationMethod) GetParams() isPeerAuthenticationMethod_Params {
	if m != nil {
		return m.Params
	}
	return nil
}

func (m *PeerAuthenticationMethod) GetMtls() *MutualTls {
	if x, ok := m.GetParams().(*PeerAuthenticationMethod_Mtls); ok {
		return x.Mtls
	}
	return nil
}

func (m *PeerAuthenticationMethod) GetJwt() *Jwt {
	if x, ok := m.GetParams().(*PeerAuthenticationMethod_Jwt); ok {
		return x.Jwt
	}
	return nil
}

// XXX_OneofFuncs is for the internal use of the proto package.
func (*PeerAuthenticationMethod) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
	return _PeerAuthenticationMethod_OneofMarshaler, _PeerAuthenticationMethod_OneofUnmarshaler, _PeerAuthenticationMethod_OneofSizer, []interface{}{
		(*PeerAuthenticationMethod_Mtls)(nil),
		(*PeerAuthenticationMethod_Jwt)(nil),
	}
}

func _PeerAuthenticationMethod_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
	m := msg.(*PeerAuthenticationMethod)
	// params
	switch x := m.Params.(type) {
	case *PeerAuthenticationMethod_Mtls:
		_ = b.EncodeVarint(1<<3 | proto.WireBytes)
		if err := b.EncodeMessage(x.Mtls); err != nil {
			return err
		}
	case *PeerAuthenticationMethod_Jwt:
		_ = b.EncodeVarint(2<<3 | proto.WireBytes)
		if err := b.EncodeMessage(x.Jwt); err != nil {
			return err
		}
	case nil:
	default:
		return fmt.Errorf("PeerAuthenticationMethod.Params has unexpected type %T", x)
	}
	return nil
}

func _PeerAuthenticationMethod_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
	m := msg.(*PeerAuthenticationMethod)
	switch tag {
	case 1: // params.mtls
		if wire != proto.WireBytes {
			return true, proto.ErrInternalBadWireType
		}
		msg := new(MutualTls)
		err := b.DecodeMessage(msg)
		m.Params = &PeerAuthenticationMethod_Mtls{msg}
		return true, err
	case 2: // params.jwt
		if wire != proto.WireBytes {
			return true, proto.ErrInternalBadWireType
		}
		msg := new(Jwt)
		err := b.DecodeMessage(msg)
		m.Params = &PeerAuthenticationMethod_Jwt{msg}
		return true, err
	default:
		return false, nil
	}
}

func _PeerAuthenticationMethod_OneofSizer(msg proto.Message) (n int) {
	m := msg.(*PeerAuthenticationMethod)
	// params
	switch x := m.Params.(type) {
	case *PeerAuthenticationMethod_Mtls:
		s := proto.Size(x.Mtls)
		n += 1 // tag and wire
		n += proto.SizeVarint(uint64(s))
		n += s
	case *PeerAuthenticationMethod_Jwt:
		s := proto.Size(x.Jwt)
		n += 1 // tag and wire
		n += proto.SizeVarint(uint64(s))
		n += s
	case nil:
	default:
		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
	}
	return n
}

// OriginAuthenticationMethod defines authentication method/params for origin
// authentication. Origin could be end-user, device, delegate service etc.
// Currently, only JWT is supported for origin authentication.
type OriginAuthenticationMethod struct {
	// Jwt params for the method.
	Jwt                  *Jwt     `protobuf:"bytes,1,opt,name=jwt,proto3" json:"jwt,omitempty"`
	XXX_NoUnkeyedLiteral struct{} `json:"-"`
	XXX_unrecognized     []byte   `json:"-"`
	XXX_sizecache        int32    `json:"-"`
}

func (m *OriginAuthenticationMethod) Reset()         { *m = OriginAuthenticationMethod{} }
func (m *OriginAuthenticationMethod) String() string { return proto.CompactTextString(m) }
func (*OriginAuthenticationMethod) ProtoMessage()    {}
func (*OriginAuthenticationMethod) Descriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{4}
}
func (m *OriginAuthenticationMethod) XXX_Unmarshal(b []byte) error {
	return xxx_messageInfo_OriginAuthenticationMethod.Unmarshal(m, b)
}
func (m *OriginAuthenticationMethod) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
	return xxx_messageInfo_OriginAuthenticationMethod.Marshal(b, m, deterministic)
}
func (m *OriginAuthenticationMethod) XXX_Merge(src proto.Message) {
	xxx_messageInfo_OriginAuthenticationMethod.Merge(m, src)
}
func (m *OriginAuthenticationMethod) XXX_Size() int {
	return xxx_messageInfo_OriginAuthenticationMethod.Size(m)
}
func (m *OriginAuthenticationMethod) XXX_DiscardUnknown() {
	xxx_messageInfo_OriginAuthenticationMethod.DiscardUnknown(m)
}

var xxx_messageInfo_OriginAuthenticationMethod proto.InternalMessageInfo

func (m *OriginAuthenticationMethod) GetJwt() *Jwt {
	if m != nil {
		return m.Jwt
	}
	return nil
}

// Policy defines what authentication methods can be accepted on workload(s),
// and if authenticated, which method/certificate will set the request principal
// (i.e request.auth.principal attribute).
//
// Authentication policy is composed of 2-part authentication:
// - peer: verify caller service credentials. This part will set source.user
// (peer identity).
// - origin: verify the origin credentials. This part will set request.auth.user
// (origin identity), as well as other attributes like request.auth.presenter,
// request.auth.audiences and raw claims. Note that the identity could be
// end-user, service account, device etc.
//
// Last but not least, the principal binding rule defines which identity (peer
// or origin) should be used as principal. By default, it uses peer.
//
// Examples:
//
// Policy to enable mTLS for all services in namespace frod
//
// ```yaml
// apiVersion: authentication.istio.io/v1alpha1
// kind: Policy
// metadata:
//   name: mTLS_enable
//   namespace: frod
// spec:
//   peers:
//   - mtls:
// ```
// Policy to disable mTLS for "productpage" service
//
// ```yaml
// apiVersion: authentication.istio.io/v1alpha1
// kind: Policy
// metadata:
//   name: mTLS_disable
//   namespace: frod
// spec:
//   targets:
//   - name: productpage
// ```
// Policy to require mTLS for peer authentication, and JWT for origin authentication
// for productpage:9000 except the path '/health_check' . Principal is set from origin identity.
//
// ```yaml
// apiVersion: authentication.istio.io/v1alpha1
// kind: Policy
// metadata:
//   name: mTLS_enable
//   namespace: frod
// spec:
//   targets:
//   - name: productpage
//     ports:
//     - number: 9000
//   peers:
//   - mtls:
//   origins:
//   - jwt:
//       issuer: "https://securetoken.google.com"
//       audiences:
//       - "productpage"
//       jwksUri: "https://www.googleapis.com/oauth2/v1/certs"
//       jwt_headers:
//       - "x-goog-iap-jwt-assertion"
//       trigger_rules:
//       - excluded_paths:
//         - exact: /health_check
//   principalBinding: USE_ORIGIN
// ```
type Policy struct {
	// Status indicates the validation status of this resource.
	// Status is read-only by clients, and set by supergloo during validation
	Status core.Status `protobuf:"bytes,100,opt,name=status,proto3" json:"status" testdiff:"ignore"`
	// Metadata contains the object metadata for this resource
	Metadata core.Metadata `protobuf:"bytes,101,opt,name=metadata,proto3" json:"metadata"`
	// List rules to select workloads that the policy should be applied on.
	// If empty, policy will be used on all workloads in the same namespace.
	Targets []*TargetSelector `protobuf:"bytes,1,rep,name=targets,proto3" json:"targets,omitempty"`
	// List of authentication methods that can be used for peer authentication.
	// They will be evaluated in order; the first validate one will be used to
	// set peer identity (source.user) and other peer attributes. If none of
	// these methods pass, request will be rejected with authentication failed error (401).
	// Leave the list empty if peer authentication is not required
	Peers []*PeerAuthenticationMethod `protobuf:"bytes,2,rep,name=peers,proto3" json:"peers,omitempty"`
	// Set this flag to true to accept request (for peer authentication perspective),
	// even when none of the peer authentication methods defined above satisfied.
	// Typically, this is used to delay the rejection decision to next layer (e.g
	// authorization).
	// This flag is ignored if no authentication defined for peer (peers field is empty).
	PeerIsOptional bool `protobuf:"varint,3,opt,name=peer_is_optional,json=peerIsOptional,proto3" json:"peer_is_optional,omitempty"`
	// List of authentication methods that can be used for origin authentication.
	// Similar to peers, these will be evaluated in order; the first validate one
	// will be used to set origin identity and attributes (i.e request.auth.user,
	// request.auth.issuer etc). If none of these methods pass, request will be
	// rejected with authentication failed error (401).
	// A method may be skipped, depends on its trigger rule. If all of these methods
	// are skipped, origin authentication will be ignored, as if it is not defined.
	// Leave the list empty if origin authentication is not required.
	Origins []*OriginAuthenticationMethod `protobuf:"bytes,4,rep,name=origins,proto3" json:"origins,omitempty"`
	// Set this flag to true to accept request (for origin authentication perspective),
	// even when none of the origin authentication methods defined above satisfied.
	// Typically, this is used to delay the rejection decision to next layer (e.g
	// authorization).
	// This flag is ignored if no authentication defined for origin (origins field is empty).
	OriginIsOptional bool `protobuf:"varint,5,opt,name=origin_is_optional,json=originIsOptional,proto3" json:"origin_is_optional,omitempty"`
	// Define whether peer or origin identity should be use for principal. Default
	// value is USE_PEER.
	// If peer (or origin) identity is not available, either because of peer/origin
	// authentication is not defined, or failed, principal will be left unset.
	// In other words, binding rule does not affect the decision to accept or
	// reject request.
	PrincipalBinding     PrincipalBinding `protobuf:"varint,6,opt,name=principal_binding,json=principalBinding,proto3,enum=istio.authentication.v1alpha1.PrincipalBinding" json:"principal_binding,omitempty"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

func (m *Policy) Reset()         { *m = Policy{} }
func (m *Policy) String() string { return proto.CompactTextString(m) }
func (*Policy) ProtoMessage()    {}
func (*Policy) Descriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{5}
}
func (m *Policy) XXX_Unmarshal(b []byte) error {
	return xxx_messageInfo_Policy.Unmarshal(m, b)
}
func (m *Policy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
	return xxx_messageInfo_Policy.Marshal(b, m, deterministic)
}
func (m *Policy) XXX_Merge(src proto.Message) {
	xxx_messageInfo_Policy.Merge(m, src)
}
func (m *Policy) XXX_Size() int {
	return xxx_messageInfo_Policy.Size(m)
}
func (m *Policy) XXX_DiscardUnknown() {
	xxx_messageInfo_Policy.DiscardUnknown(m)
}

var xxx_messageInfo_Policy proto.InternalMessageInfo

func (m *Policy) GetStatus() core.Status {
	if m != nil {
		return m.Status
	}
	return core.Status{}
}

func (m *Policy) GetMetadata() core.Metadata {
	if m != nil {
		return m.Metadata
	}
	return core.Metadata{}
}

func (m *Policy) GetTargets() []*TargetSelector {
	if m != nil {
		return m.Targets
	}
	return nil
}

func (m *Policy) GetPeers() []*PeerAuthenticationMethod {
	if m != nil {
		return m.Peers
	}
	return nil
}

func (m *Policy) GetPeerIsOptional() bool {
	if m != nil {
		return m.PeerIsOptional
	}
	return false
}

func (m *Policy) GetOrigins() []*OriginAuthenticationMethod {
	if m != nil {
		return m.Origins
	}
	return nil
}

func (m *Policy) GetOriginIsOptional() bool {
	if m != nil {
		return m.OriginIsOptional
	}
	return false
}

func (m *Policy) GetPrincipalBinding() PrincipalBinding {
	if m != nil {
		return m.PrincipalBinding
	}
	return PrincipalBinding_USE_PEER
}

// MeshPolicy copied from Policy
type MeshPolicy struct {
	// Status indicates the validation status of this resource.
	// Status is read-only by clients, and set by supergloo during validation
	Status core.Status `protobuf:"bytes,100,opt,name=status,proto3" json:"status" testdiff:"ignore"`
	// Metadata contains the object metadata for this resource
	Metadata core.Metadata `protobuf:"bytes,101,opt,name=metadata,proto3" json:"metadata"`
	// List rules to select workloads that the policy should be applied on.
	// If empty, policy will be used on all workloads in the same namespace.
	Targets []*TargetSelector `protobuf:"bytes,1,rep,name=targets,proto3" json:"targets,omitempty"`
	// List of authentication methods that can be used for peer authentication.
	// They will be evaluated in order; the first validate one will be used to
	// set peer identity (source.user) and other peer attributes. If none of
	// these methods pass, request will be rejected with authentication failed error (401).
	// Leave the list empty if peer authentication is not required
	Peers []*PeerAuthenticationMethod `protobuf:"bytes,2,rep,name=peers,proto3" json:"peers,omitempty"`
	// Set this flag to true to accept request (for peer authentication perspective),
	// even when none of the peer authentication methods defined above satisfied.
	// Typically, this is used to delay the rejection decision to next layer (e.g
	// authorization).
	// This flag is ignored if no authentication defined for peer (peers field is empty).
	PeerIsOptional bool `protobuf:"varint,3,opt,name=peer_is_optional,json=peerIsOptional,proto3" json:"peer_is_optional,omitempty"`
	// List of authentication methods that can be used for origin authentication.
	// Similar to peers, these will be evaluated in order; the first validate one
	// will be used to set origin identity and attributes (i.e request.auth.user,
	// request.auth.issuer etc). If none of these methods pass, request will be
	// rejected with authentication failed error (401).
	// A method may be skipped, depends on its trigger rule. If all of these methods
	// are skipped, origin authentication will be ignored, as if it is not defined.
	// Leave the list empty if origin authentication is not required.
	Origins []*OriginAuthenticationMethod `protobuf:"bytes,4,rep,name=origins,proto3" json:"origins,omitempty"`
	// Set this flag to true to accept request (for origin authentication perspective),
	// even when none of the origin authentication methods defined above satisfied.
	// Typically, this is used to delay the rejection decision to next layer (e.g
	// authorization).
	// This flag is ignored if no authentication defined for origin (origins field is empty).
	OriginIsOptional bool `protobuf:"varint,5,opt,name=origin_is_optional,json=originIsOptional,proto3" json:"origin_is_optional,omitempty"`
	// Define whether peer or origin identity should be use for principal. Default
	// value is USE_PEER.
	// If peer (or origin) identity is not available, either because of peer/origin
	// authentication is not defined, or failed, principal will be left unset.
	// In other words, binding rule does not affect the decision to accept or
	// reject request.
	PrincipalBinding     PrincipalBinding `protobuf:"varint,6,opt,name=principal_binding,json=principalBinding,proto3,enum=istio.authentication.v1alpha1.PrincipalBinding" json:"principal_binding,omitempty"`
	XXX_NoUnkeyedLiteral struct{}         `json:"-"`
	XXX_unrecognized     []byte           `json:"-"`
	XXX_sizecache        int32            `json:"-"`
}

func (m *MeshPolicy) Reset()         { *m = MeshPolicy{} }
func (m *MeshPolicy) String() string { return proto.CompactTextString(m) }
func (*MeshPolicy) ProtoMessage()    {}
func (*MeshPolicy) Descriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{6}
}
func (m *MeshPolicy) XXX_Unmarshal(b []byte) error {
	return xxx_messageInfo_MeshPolicy.Unmarshal(m, b)
}
func (m *MeshPolicy) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
	return xxx_messageInfo_MeshPolicy.Marshal(b, m, deterministic)
}
func (m *MeshPolicy) XXX_Merge(src proto.Message) {
	xxx_messageInfo_MeshPolicy.Merge(m, src)
}
func (m *MeshPolicy) XXX_Size() int {
	return xxx_messageInfo_MeshPolicy.Size(m)
}
func (m *MeshPolicy) XXX_DiscardUnknown() {
	xxx_messageInfo_MeshPolicy.DiscardUnknown(m)
}

var xxx_messageInfo_MeshPolicy proto.InternalMessageInfo

func (m *MeshPolicy) GetStatus() core.Status {
	if m != nil {
		return m.Status
	}
	return core.Status{}
}

func (m *MeshPolicy) GetMetadata() core.Metadata {
	if m != nil {
		return m.Metadata
	}
	return core.Metadata{}
}

func (m *MeshPolicy) GetTargets() []*TargetSelector {
	if m != nil {
		return m.Targets
	}
	return nil
}

func (m *MeshPolicy) GetPeers() []*PeerAuthenticationMethod {
	if m != nil {
		return m.Peers
	}
	return nil
}

func (m *MeshPolicy) GetPeerIsOptional() bool {
	if m != nil {
		return m.PeerIsOptional
	}
	return false
}

func (m *MeshPolicy) GetOrigins() []*OriginAuthenticationMethod {
	if m != nil {
		return m.Origins
	}
	return nil
}

func (m *MeshPolicy) GetOriginIsOptional() bool {
	if m != nil {
		return m.OriginIsOptional
	}
	return false
}

func (m *MeshPolicy) GetPrincipalBinding() PrincipalBinding {
	if m != nil {
		return m.PrincipalBinding
	}
	return PrincipalBinding_USE_PEER
}

// TargetSelector defines a matching rule to a workload. A workload is selected
// if it is associated with the service name and service port(s) specified in the selector rule.
type TargetSelector struct {
	// REQUIRED. The name must be a short name from the service registry. The
	// fully qualified domain name will be resolved in a platform specific manner.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Specifies the ports. Note that this is the port(s) exposed by the service, not workload ports.
	// For example, if a service is defined as below, then `8000` should be used, not `9000`.
	// ```
	// kind: Service
	// metadata:
	//   ...
	// spec:
	//   ports:
	//   - name: http
	//     port: 8000
	//     targetPort: 9000
	//   selector:
	//     app: backend
	// ```
	//Leave empty to match all ports that are exposed.
	Ports                []*PortSelector `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty"`
	XXX_NoUnkeyedLiteral struct{}        `json:"-"`
	XXX_unrecognized     []byte          `json:"-"`
	XXX_sizecache        int32           `json:"-"`
}

func (m *TargetSelector) Reset()         { *m = TargetSelector{} }
func (m *TargetSelector) String() string { return proto.CompactTextString(m) }
func (*TargetSelector) ProtoMessage()    {}
func (*TargetSelector) Descriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{7}
}
func (m *TargetSelector) XXX_Unmarshal(b []byte) error {
	return xxx_messageInfo_TargetSelector.Unmarshal(m, b)
}
func (m *TargetSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
	return xxx_messageInfo_TargetSelector.Marshal(b, m, deterministic)
}
func (m *TargetSelector) XXX_Merge(src proto.Message) {
	xxx_messageInfo_TargetSelector.Merge(m, src)
}
func (m *TargetSelector) XXX_Size() int {
	return xxx_messageInfo_TargetSelector.Size(m)
}
func (m *TargetSelector) XXX_DiscardUnknown() {
	xxx_messageInfo_TargetSelector.DiscardUnknown(m)
}

var xxx_messageInfo_TargetSelector proto.InternalMessageInfo

func (m *TargetSelector) GetName() string {
	if m != nil {
		return m.Name
	}
	return ""
}

func (m *TargetSelector) GetPorts() []*PortSelector {
	if m != nil {
		return m.Ports
	}
	return nil
}

// PortSelector specifies the name or number of a port to be used for
// matching targets for authentication policy. This is copied from
// networking API to avoid dependency.
type PortSelector struct {
	// Types that are valid to be assigned to Port:
	//	*PortSelector_Number
	//	*PortSelector_Name
	Port                 isPortSelector_Port `protobuf_oneof:"port"`
	XXX_NoUnkeyedLiteral struct{}            `json:"-"`
	XXX_unrecognized     []byte              `json:"-"`
	XXX_sizecache        int32               `json:"-"`
}

func (m *PortSelector) Reset()         { *m = PortSelector{} }
func (m *PortSelector) String() string { return proto.CompactTextString(m) }
func (*PortSelector) ProtoMessage()    {}
func (*PortSelector) Descriptor() ([]byte, []int) {
	return fileDescriptor_096bd9e17712cba3, []int{8}
}
func (m *PortSelector) XXX_Unmarshal(b []byte) error {
	return xxx_messageInfo_PortSelector.Unmarshal(m, b)
}
func (m *PortSelector) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
	return xxx_messageInfo_PortSelector.Marshal(b, m, deterministic)
}
func (m *PortSelector) XXX_Merge(src proto.Message) {
	xxx_messageInfo_PortSelector.Merge(m, src)
}
func (m *PortSelector) XXX_Size() int {
	return xxx_messageInfo_PortSelector.Size(m)
}
func (m *PortSelector) XXX_DiscardUnknown() {
	xxx_messageInfo_PortSelector.DiscardUnknown(m)
}

var xxx_messageInfo_PortSelector proto.InternalMessageInfo

type isPortSelector_Port interface {
	isPortSelector_Port()
	Equal(interface{}) bool
}

type PortSelector_Number struct {
	Number uint32 `protobuf:"varint,1,opt,name=number,proto3,oneof"`
}
type PortSelector_Name struct {
	Name string `protobuf:"bytes,2,opt,name=name,proto3,oneof"`
}

func (*PortSelector_Number) isPortSelector_Port() {}
func (*PortSelector_Name) isPortSelector_Port()   {}

func (m *PortSelector) GetPort() isPortSelector_Port {
	if m != nil {
		return m.Port
	}
	return nil
}

func (m *PortSelector) GetNumber() uint32 {
	if x, ok := m.GetPort().(*PortSelector_Number); ok {
		return x.Number
	}
	return 0
}

func (m *PortSelector) GetName() string {
	if x, ok := m.GetPort().(*PortSelector_Name); ok {
		return x.Name
	}
	return ""
}

// XXX_OneofFuncs is for the internal use of the proto package.
func (*PortSelector) XXX_OneofFuncs() (func(msg proto.Message, b *proto.Buffer) error, func(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error), func(msg proto.Message) (n int), []interface{}) {
	return _PortSelector_OneofMarshaler, _PortSelector_OneofUnmarshaler, _PortSelector_OneofSizer, []interface{}{
		(*PortSelector_Number)(nil),
		(*PortSelector_Name)(nil),
	}
}

func _PortSelector_OneofMarshaler(msg proto.Message, b *proto.Buffer) error {
	m := msg.(*PortSelector)
	// port
	switch x := m.Port.(type) {
	case *PortSelector_Number:
		_ = b.EncodeVarint(1<<3 | proto.WireVarint)
		_ = b.EncodeVarint(uint64(x.Number))
	case *PortSelector_Name:
		_ = b.EncodeVarint(2<<3 | proto.WireBytes)
		_ = b.EncodeStringBytes(x.Name)
	case nil:
	default:
		return fmt.Errorf("PortSelector.Port has unexpected type %T", x)
	}
	return nil
}

func _PortSelector_OneofUnmarshaler(msg proto.Message, tag, wire int, b *proto.Buffer) (bool, error) {
	m := msg.(*PortSelector)
	switch tag {
	case 1: // port.number
		if wire != proto.WireVarint {
			return true, proto.ErrInternalBadWireType
		}
		x, err := b.DecodeVarint()
		m.Port = &PortSelector_Number{uint32(x)}
		return true, err
	case 2: // port.name
		if wire != proto.WireBytes {
			return true, proto.ErrInternalBadWireType
		}
		x, err := b.DecodeStringBytes()
		m.Port = &PortSelector_Name{x}
		return true, err
	default:
		return false, nil
	}
}

func _PortSelector_OneofSizer(msg proto.Message) (n int) {
	m := msg.(*PortSelector)
	// port
	switch x := m.Port.(type) {
	case *PortSelector_Number:
		n += 1 // tag and wire
		n += proto.SizeVarint(uint64(x.Number))
	case *PortSelector_Name:
		n += 1 // tag and wire
		n += proto.SizeVarint(uint64(len(x.Name)))
		n += len(x.Name)
	case nil:
	default:
		panic(fmt.Sprintf("proto: unexpected type %T in oneof", x))
	}
	return n
}

func init() {
	proto.RegisterEnum("istio.authentication.v1alpha1.PrincipalBinding", PrincipalBinding_name, PrincipalBinding_value)
	proto.RegisterEnum("istio.authentication.v1alpha1.MutualTls_Mode", MutualTls_Mode_name, MutualTls_Mode_value)
	proto.RegisterType((*StringMatch)(nil), "istio.authentication.v1alpha1.StringMatch")
	proto.RegisterType((*MutualTls)(nil), "istio.authentication.v1alpha1.MutualTls")
	proto.RegisterType((*Jwt)(nil), "istio.authentication.v1alpha1.Jwt")
	proto.RegisterType((*Jwt_TriggerRule)(nil), "istio.authentication.v1alpha1.Jwt.TriggerRule")
	proto.RegisterType((*PeerAuthenticationMethod)(nil), "istio.authentication.v1alpha1.PeerAuthenticationMethod")
	proto.RegisterType((*OriginAuthenticationMethod)(nil), "istio.authentication.v1alpha1.OriginAuthenticationMethod")
	proto.RegisterType((*Policy)(nil), "istio.authentication.v1alpha1.Policy")
	proto.RegisterType((*MeshPolicy)(nil), "istio.authentication.v1alpha1.MeshPolicy")
	proto.RegisterType((*TargetSelector)(nil), "istio.authentication.v1alpha1.TargetSelector")
	proto.RegisterType((*PortSelector)(nil), "istio.authentication.v1alpha1.PortSelector")
}

func init() {
	proto.RegisterFile("github.com/solo-io/supergloo/api/external/istio/authorization/v1alpha1/policy.proto", fileDescriptor_096bd9e17712cba3)
}

var fileDescriptor_096bd9e17712cba3 = []byte{
	// 986 bytes of a gzipped FileDescriptorProto
	0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x56, 0xcd, 0x6e, 0xe3, 0x36,
	0x10, 0x8e, 0x63, 0xc5, 0xb1, 0xc7, 0x89, 0xe1, 0x25, 0x82, 0x40, 0x9b, 0x76, 0x9b, 0x40, 0x27,
	0x63, 0xdb, 0x95, 0x9a, 0xb4, 0xe8, 0xcf, 0x1e, 0x0a, 0xc4, 0x45, 0x9a, 0x38, 0x80, 0x1b, 0x97,
	0xce, 0xf6, 0x50, 0x14, 0x10, 0x18, 0x8b, 0x91, 0x99, 0xc8, 0xa2, 0x40, 0x52, 0xeb, 0x6c, 0x2f,
	0x05, 0xf2, 0x02, 0x7d, 0x81, 0x5e, 0x7a, 0xeb, 0xbd, 0x2f, 0x51, 0xf4, 0x19, 0x8a, 0x3d, 0xf4,
	0x0d, 0xd2, 0x27, 0x28, 0x48, 0x4a, 0x49, 0xbc, 0xd8, 0x5d, 0xbb, 0xf7, 0x3d, 0x89, 0xdf, 0x0c,
	0xbf, 0x6f, 0x06, 0x9c, 0x21, 0x35, 0x30, 0x8c, 0x99, 0x1a, 0xe7, 0x67, 0xfe, 0x88, 0x4f, 0x02,
	0xc9, 0x13, 0xfe, 0x84, 0xf1, 0x40, 0xe6, 0x19, 0x15, 0x71, 0xc2, 0x79, 0x40, 0x32, 0x16, 0xd0,
	0x2b, 0x45, 0x45, 0x4a, 0x92, 0x80, 0x49, 0xc5, 0x78, 0x40, 0x72, 0x35, 0xe6, 0x82, 0xfd, 0x44,
	0x14, 0xe3, 0x69, 0xf0, 0x7c, 0x97, 0x24, 0xd9, 0x98, 0xec, 0x06, 0x19, 0x4f, 0xd8, 0xe8, 0x85,
	0x9f, 0x09, 0xae, 0x38, 0x7a, 0x64, 0xb6, 0xfa, 0x7a, 0x2b, 0x4d, 0x15, 0x1b, 0x99, 0xbd, 0x7e,
	0xb9, 0x77, 0x6b, 0xf7, 0x75, 0x31, 0xf5, 0xf7, 0x92, 0x29, 0x13, 0xf2, 0xf9, 0x6e, 0x30, 0xa1,
	0x8a, 0x44, 0x44, 0x11, 0xab, 0xb8, 0x15, 0x2c, 0x40, 0x91, 0x8a, 0xa8, 0x5c, 0x16, 0x84, 0x45,
	0x62, 0x94, 0xb8, 0xa0, 0x6c, 0xc4, 0x3c, 0xe6, 0x66, 0x19, 0xe8, 0x95, 0xb5, 0x7a, 0x3f, 0x43,
	0x73, 0xa8, 0x04, 0x4b, 0xe3, 0x3e, 0x51, 0xa3, 0x31, 0xda, 0x84, 0x15, 0x7a, 0x45, 0x46, 0xca,
	0xad, 0xec, 0x54, 0x3a, 0x8d, 0xa3, 0x25, 0x6c, 0x21, 0x72, 0xa1, 0x96, 0x09, 0x7a, 0xce, 0xae,
	0xdc, 0xe5, 0xc2, 0x51, 0x60, 0xed, 0x91, 0xf9, 0xb9, 0xf6, 0x54, 0x4b, 0x8f, 0xc5, 0x5a, 0x4b,
	0xd0, 0x98, 0x5e, 0xb9, 0x4e, 0xa9, 0x65, 0x60, 0x77, 0x0d, 0x60, 0xa2, 0x83, 0x85, 0xea, 0x45,
	0x46, 0xbd, 0x5f, 0x2a, 0xd0, 0xe8, 0xe7, 0x2a, 0x27, 0xc9, 0x69, 0x22, 0xd1, 0x7b, 0xd0, 0x20,
	0x49, 0xc2, 0xa7, 0xa1, 0x4a, 0xa4, 0xc9, 0xa1, 0x8e, 0xeb, 0xc6, 0xa0, 0x9d, 0xfb, 0xe0, 0x4c,
	0x78, 0x44, 0x4d, 0x0a, 0xad, 0xbd, 0x27, 0xfe, 0x5b, 0xcb, 0xe0, 0xdf, 0x8a, 0xfa, 0x7d, 0x1e,
	0x51, 0x6c, 0xa8, 0x9e, 0x07, 0x8e, 0x46, 0x08, 0xa0, 0x36, 0x3c, 0xc5, 0xbd, 0xaf, 0x4f, 0xdb,
	0x4b, 0xa8, 0x05, 0x30, 0x38, 0xc0, 0xfd, 0xde, 0x70, 0xd8, 0xfb, 0xfe, 0xa0, 0x5d, 0xf1, 0x7e,
	0xab, 0x42, 0xf5, 0x78, 0xaa, 0xd0, 0x26, 0xd4, 0x98, 0x94, 0x39, 0x15, 0xf6, 0x30, 0x70, 0x81,
	0xd0, 0xfb, 0xd0, 0x20, 0x79, 0xc4, 0x68, 0x3a, 0xa2, 0xd2, 0x5d, 0xde, 0xa9, 0x76, 0x1a, 0xf8,
	0xce, 0x80, 0x1e, 0x42, 0xfd, 0x62, 0x7a, 0x29, 0xc3, 0x5c, 0x30, 0x7b, 0x22, 0x78, 0x55, 0xe3,
	0x67, 0x82, 0xa1, 0x6d, 0x68, 0x5e, 0x4c, 0x55, 0x38, 0xa6, 0x24, 0xa2, 0x42, 0xba, 0x35, 0x43,
	0x85, 0x8b, 0xa9, 0x3a, 0xb2, 0x16, 0xf4, 0x08, 0x34, 0x0a, 0x33, 0x22, 0xc8, 0x44, 0xba, 0xab,
	0x56, 0xfa, 0x62, 0xaa, 0x06, 0xc6, 0x80, 0x86, 0xb0, 0xae, 0x04, 0x8b, 0x63, 0x2a, 0x42, 0x91,
	0x27, 0x54, 0xba, 0x8d, 0x9d, 0x6a, 0xa7, 0xb9, 0xe7, 0xcf, 0x39, 0x88, 0xe3, 0xa9, 0xf2, 0x4f,
	0x2d, 0x0f, 0xe7, 0x09, 0xc5, 0x6b, 0xea, 0x0e, 0xc8, 0xad, 0x3f, 0x2a, 0xd0, 0xbc, 0xe7, 0x45,
	0xdf, 0x41, 0x8b, 0x5e, 0x8d, 0x92, 0x3c, 0xa2, 0x51, 0x98, 0x11, 0x35, 0xd6, 0x65, 0xd0, 0x51,
	0x1e, 0xcf, 0x89, 0x72, 0xaf, 0x8b, 0xf0, 0x7a, 0xa9, 0x30, 0xd0, 0x02, 0x5a, 0x92, 0xa5, 0x33,
	0x92, 0xcb, 0xff, 0x5f, 0xb2, 0x54, 0x30, 0x92, 0xde, 0xaf, 0x15, 0x70, 0x07, 0x94, 0x8a, 0xfd,
	0x19, 0x6a, 0x9f, 0xaa, 0x31, 0x8f, 0xd0, 0x57, 0xe0, 0x4c, 0xca, 0xfe, 0x69, 0xee, 0x75, 0x16,
	0xed, 0x93, 0xa3, 0x25, 0x6c, 0x78, 0xe8, 0x33, 0xa8, 0x5e, 0x4c, 0x95, 0x69, 0xb3, 0xe6, 0x9e,
	0x37, 0xff, 0x74, 0x8f, 0x96, 0xb0, 0x26, 0x74, 0xeb, 0x50, 0xb3, 0xa5, 0xf3, 0x30, 0x6c, 0x9d,
	0x08, 0x16, 0xb3, 0xf4, 0xb5, 0xf9, 0x7d, 0x6a, 0xf5, 0x2b, 0x8b, 0xea, 0x1b, 0x75, 0xef, 0x2f,
	0x07, 0x6a, 0x03, 0xf3, 0x0c, 0xa1, 0x43, 0xa8, 0xd9, 0xd7, 0xc0, 0x8d, 0x8c, 0xc6, 0x86, 0x3f,
	0xe2, 0x82, 0xfa, 0xfa, 0xc2, 0xfb, 0x8c, 0xfb, 0x43, 0xe3, 0xeb, 0x3e, 0xfc, 0xf3, 0xe5, 0xf6,
	0xd2, 0xbf, 0x2f, 0xb7, 0x1f, 0x28, 0x2a, 0x55, 0xc4, 0xce, 0xcf, 0x9f, 0x7a, 0x2c, 0x4e, 0xb9,
	0xa0, 0x1e, 0x2e, 0xe8, 0xe8, 0x0b, 0xa8, 0x97, 0x2f, 0x91, 0x4b, 0x8d, 0xd4, 0xe6, 0xac, 0x54,
	0xbf, 0xf0, 0x76, 0x1d, 0x2d, 0x86, 0x6f, 0x77, 0xa3, 0x43, 0x58, 0x55, 0x44, 0xc4, 0x54, 0x95,
	0xfd, 0x31, 0xef, 0x3a, 0x9e, 0x9a, 0xdd, 0x43, 0x9a, 0xd0, 0x91, 0xe2, 0x02, 0x97, 0x6c, 0xd4,
	0x87, 0x95, 0x8c, 0xea, 0xeb, 0x60, 0x7b, 0xe2, 0xf3, 0x39, 0x32, 0x6f, 0x2a, 0x3a, 0xb6, 0x2a,
	0xa8, 0x03, 0x6d, 0xbd, 0x08, 0x99, 0x0c, 0x79, 0xa6, 0xdd, 0x24, 0x31, 0xd7, 0xb0, 0x8e, 0x5b,
	0xda, 0xde, 0x93, 0x27, 0x85, 0x15, 0x0d, 0x61, 0x95, 0x9b, 0x1a, 0x49, 0xd7, 0x31, 0xa1, 0xbf,
	0x9c, 0x13, 0xfa, 0xcd, 0x15, 0xc5, 0xa5, 0x12, 0xfa, 0x08, 0x90, 0x5d, 0xce, 0x24, 0xb0, 0x62,
	0x12, 0x68, 0x5b, 0xcf, 0xbd, 0x14, 0x7e, 0x84, 0x07, 0x99, 0x60, 0xe9, 0x88, 0x65, 0x24, 0x09,
	0xcf, 0x58, 0x1a, 0xb1, 0x34, 0x76, 0x6b, 0xe6, 0x75, 0x0b, 0xe6, 0x9d, 0x43, 0xc9, 0xeb, 0x5a,
	0x1a, 0x6e, 0x67, 0xaf, 0x58, 0x9e, 0x6e, 0x5d, 0xdf, 0x38, 0xba, 0x25, 0x4d, 0xcf, 0x5c, 0xdf,
	0x38, 0x80, 0xea, 0x66, 0xcd, 0xa8, 0xf4, 0xfe, 0x76, 0x00, 0xfa, 0x54, 0x8e, 0xdf, 0x35, 0xd4,
	0xbb, 0x86, 0x5a, 0xb8, 0xa1, 0x3a, 0xd7, 0x37, 0x8e, 0xfe, 0x79, 0x53, 0x39, 0xbe, 0x6d, 0xaa,
	0x16, 0x5a, 0xbb, 0xc5, 0x8c, 0xca, 0xeb, 0x1b, 0x67, 0xd9, 0xad, 0x78, 0x31, 0xb4, 0x66, 0xcb,
	0x83, 0x10, 0x38, 0x29, 0x99, 0xd0, 0xe2, 0x57, 0x6a, 0xd6, 0x68, 0x1f, 0x56, 0x32, 0x2e, 0x54,
	0x59, 0xa9, 0x0f, 0xe7, 0x65, 0xc8, 0xc5, 0x5d, 0xb9, 0x2d, 0xd3, 0xfb, 0x06, 0xd6, 0xee, 0x9b,
	0xf5, 0x34, 0x92, 0xe6, 0x93, 0xb3, 0xe2, 0x9f, 0xbd, 0xae, 0xa7, 0x11, 0x8b, 0xd1, 0x46, 0x91,
	0x40, 0x39, 0xbf, 0x18, 0xd4, 0xad, 0x81, 0xa3, 0x85, 0x1e, 0x7f, 0x0c, 0xed, 0x57, 0x0f, 0x00,
	0xad, 0x41, 0xfd, 0xd9, 0xf0, 0x20, 0x1c, 0x1c, 0x1c, 0x60, 0x3b, 0x25, 0x68, 0x74, 0x82, 0x7b,
	0x87, 0xbd, 0x6f, 0xdb, 0x95, 0xee, 0xe0, 0xf7, 0x7f, 0x3e, 0xa8, 0xfc, 0x70, 0xfc, 0xd6, 0xf9,
	0x32, 0xbb, 0x8c, 0x17, 0x9f, 0x31, 0xcf, 0x6a, 0x66, 0x22, 0xfb, 0xe4, 0xbf, 0x00, 0x00, 0x00,
	0xff, 0xff, 0x61, 0x22, 0xcb, 0x50, 0xb4, 0x0a, 0x00, 0x00,
}

func (this *StringMatch) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*StringMatch)
	if !ok {
		that2, ok := that.(StringMatch)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if that1.MatchType == nil {
		if this.MatchType != nil {
			return false
		}
	} else if this.MatchType == nil {
		return false
	} else if !this.MatchType.Equal(that1.MatchType) {
		return false
	}
	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
		return false
	}
	return true
}
func (this *StringMatch_Exact) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*StringMatch_Exact)
	if !ok {
		that2, ok := that.(StringMatch_Exact)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if this.Exact != that1.Exact {
		return false
	}
	return true
}
func (this *StringMatch_Prefix) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*StringMatch_Prefix)
	if !ok {
		that2, ok := that.(StringMatch_Prefix)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if this.Prefix != that1.Prefix {
		return false
	}
	return true
}
func (this *StringMatch_Suffix) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*StringMatch_Suffix)
	if !ok {
		that2, ok := that.(StringMatch_Suffix)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if this.Suffix != that1.Suffix {
		return false
	}
	return true
}
func (this *StringMatch_Regex) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*StringMatch_Regex)
	if !ok {
		that2, ok := that.(StringMatch_Regex)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if this.Regex != that1.Regex {
		return false
	}
	return true
}
func (this *MutualTls) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*MutualTls)
	if !ok {
		that2, ok := that.(MutualTls)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if this.AllowTls != that1.AllowTls {
		return false
	}
	if this.Mode != that1.Mode {
		return false
	}
	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
		return false
	}
	return true
}
func (this *Jwt) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*Jwt)
	if !ok {
		that2, ok := that.(Jwt)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if this.Issuer != that1.Issuer {
		return false
	}
	if len(this.Audiences) != len(that1.Audiences) {
		return false
	}
	for i := range this.Audiences {
		if this.Audiences[i] != that1.Audiences[i] {
			return false
		}
	}
	if this.JwksUri != that1.JwksUri {
		return false
	}
	if len(this.JwtHeaders) != len(that1.JwtHeaders) {
		return false
	}
	for i := range this.JwtHeaders {
		if this.JwtHeaders[i] != that1.JwtHeaders[i] {
			return false
		}
	}
	if len(this.JwtParams) != len(that1.JwtParams) {
		return false
	}
	for i := range this.JwtParams {
		if this.JwtParams[i] != that1.JwtParams[i] {
			return false
		}
	}
	if len(this.TriggerRules) != len(that1.TriggerRules) {
		return false
	}
	for i := range this.TriggerRules {
		if !this.TriggerRules[i].Equal(that1.TriggerRules[i]) {
			return false
		}
	}
	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
		return false
	}
	return true
}
func (this *Jwt_TriggerRule) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*Jwt_TriggerRule)
	if !ok {
		that2, ok := that.(Jwt_TriggerRule)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if len(this.ExcludedPaths) != len(that1.ExcludedPaths) {
		return false
	}
	for i := range this.ExcludedPaths {
		if !this.ExcludedPaths[i].Equal(that1.ExcludedPaths[i]) {
			return false
		}
	}
	if len(this.IncludedPaths) != len(that1.IncludedPaths) {
		return false
	}
	for i := range this.IncludedPaths {
		if !this.IncludedPaths[i].Equal(that1.IncludedPaths[i]) {
			return false
		}
	}
	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
		return false
	}
	return true
}
func (this *PeerAuthenticationMethod) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*PeerAuthenticationMethod)
	if !ok {
		that2, ok := that.(PeerAuthenticationMethod)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if that1.Params == nil {
		if this.Params != nil {
			return false
		}
	} else if this.Params == nil {
		return false
	} else if !this.Params.Equal(that1.Params) {
		return false
	}
	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
		return false
	}
	return true
}
func (this *PeerAuthenticationMethod_Mtls) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*PeerAuthenticationMethod_Mtls)
	if !ok {
		that2, ok := that.(PeerAuthenticationMethod_Mtls)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if !this.Mtls.Equal(that1.Mtls) {
		return false
	}
	return true
}
func (this *PeerAuthenticationMethod_Jwt) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*PeerAuthenticationMethod_Jwt)
	if !ok {
		that2, ok := that.(PeerAuthenticationMethod_Jwt)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if !this.Jwt.Equal(that1.Jwt) {
		return false
	}
	return true
}
func (this *OriginAuthenticationMethod) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*OriginAuthenticationMethod)
	if !ok {
		that2, ok := that.(OriginAuthenticationMethod)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if !this.Jwt.Equal(that1.Jwt) {
		return false
	}
	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
		return false
	}
	return true
}
func (this *Policy) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*Policy)
	if !ok {
		that2, ok := that.(Policy)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if !this.Status.Equal(&that1.Status) {
		return false
	}
	if !this.Metadata.Equal(&that1.Metadata) {
		return false
	}
	if len(this.Targets) != len(that1.Targets) {
		return false
	}
	for i := range this.Targets {
		if !this.Targets[i].Equal(that1.Targets[i]) {
			return false
		}
	}
	if len(this.Peers) != len(that1.Peers) {
		return false
	}
	for i := range this.Peers {
		if !this.Peers[i].Equal(that1.Peers[i]) {
			return false
		}
	}
	if this.PeerIsOptional != that1.PeerIsOptional {
		return false
	}
	if len(this.Origins) != len(that1.Origins) {
		return false
	}
	for i := range this.Origins {
		if !this.Origins[i].Equal(that1.Origins[i]) {
			return false
		}
	}
	if this.OriginIsOptional != that1.OriginIsOptional {
		return false
	}
	if this.PrincipalBinding != that1.PrincipalBinding {
		return false
	}
	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
		return false
	}
	return true
}
func (this *MeshPolicy) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*MeshPolicy)
	if !ok {
		that2, ok := that.(MeshPolicy)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if !this.Status.Equal(&that1.Status) {
		return false
	}
	if !this.Metadata.Equal(&that1.Metadata) {
		return false
	}
	if len(this.Targets) != len(that1.Targets) {
		return false
	}
	for i := range this.Targets {
		if !this.Targets[i].Equal(that1.Targets[i]) {
			return false
		}
	}
	if len(this.Peers) != len(that1.Peers) {
		return false
	}
	for i := range this.Peers {
		if !this.Peers[i].Equal(that1.Peers[i]) {
			return false
		}
	}
	if this.PeerIsOptional != that1.PeerIsOptional {
		return false
	}
	if len(this.Origins) != len(that1.Origins) {
		return false
	}
	for i := range this.Origins {
		if !this.Origins[i].Equal(that1.Origins[i]) {
			return false
		}
	}
	if this.OriginIsOptional != that1.OriginIsOptional {
		return false
	}
	if this.PrincipalBinding != that1.PrincipalBinding {
		return false
	}
	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
		return false
	}
	return true
}
func (this *TargetSelector) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*TargetSelector)
	if !ok {
		that2, ok := that.(TargetSelector)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if this.Name != that1.Name {
		return false
	}
	if len(this.Ports) != len(that1.Ports) {
		return false
	}
	for i := range this.Ports {
		if !this.Ports[i].Equal(that1.Ports[i]) {
			return false
		}
	}
	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
		return false
	}
	return true
}
func (this *PortSelector) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*PortSelector)
	if !ok {
		that2, ok := that.(PortSelector)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if that1.Port == nil {
		if this.Port != nil {
			return false
		}
	} else if this.Port == nil {
		return false
	} else if !this.Port.Equal(that1.Port) {
		return false
	}
	if !bytes.Equal(this.XXX_unrecognized, that1.XXX_unrecognized) {
		return false
	}
	return true
}
func (this *PortSelector_Number) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*PortSelector_Number)
	if !ok {
		that2, ok := that.(PortSelector_Number)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if this.Number != that1.Number {
		return false
	}
	return true
}
func (this *PortSelector_Name) Equal(that interface{}) bool {
	if that == nil {
		return this == nil
	}

	that1, ok := that.(*PortSelector_Name)
	if !ok {
		that2, ok := that.(PortSelector_Name)
		if ok {
			that1 = &that2
		} else {
			return false
		}
	}
	if that1 == nil {
		return this == nil
	} else if this == nil {
		return false
	}
	if this.Name != that1.Name {
		return false
	}
	return true
}