syntax = "proto3"; package spire.api.types; option go_package = "github.com/spiffe/spire-api-sdk/proto/spire/api/types"; message FederatesWithMatch { enum MatchBehavior { // Indicates that the federated trust domains in this match are // equal to the candidate trust domains, independent of ordering. // Example: // Given: // - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]} // - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]} // - e3 { FederatesWith: ["spiffe://td1"]} // Operation: // - MATCH_EXACT ["spiffe://td1", "spiffe://td2"] // Entries that match: // - 'e2' MATCH_EXACT = 0; // Indicates that all candidates which have a non-empty subset // of the provided set of trust domains will match. // Example: // Given: // - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]} // - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]} // - e3 { FederatesWith: ["spiffe://td1"]} // Operation: // - MATCH_SUBSET ["spiffe://td1"] // Entries that match: // - 'e1' MATCH_SUBSET = 1; // Indicate that all candidates which are a superset // of the provided set of trust domains will match. // Example: // Given: // - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]} // - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]} // - e3 { FederatesWith: ["spiffe://td1"]} // Operation: // - MATCH_SUPERSET ["spiffe://td1", "spiffe://td2"] // Entries that match: // - 'e1' // - 'e2' MATCH_SUPERSET = 2; // Indicates that all candidates which have at least one // of the provided set of trust domains will match. // Example: // Given: // - e1 { FederatesWith: ["spiffe://td1", "spiffe://td2", "spiffe://td3"]} // - e2 { FederatesWith: ["spiffe://td1", "spiffe://td2"]} // - e3 { FederatesWith: ["spiffe://td1"]} // Operation: // - MATCH_ANY ["spiffe://td1"] // Entries that match: // - 'e1' // - 'e2' // - 'e3' MATCH_ANY = 3; } // The set of trust domain names to match on (e.g., "example.org"). repeated string trust_domains = 1; // How to match the trust domains. MatchBehavior match = 2; }