From 515df8dbc3a3324bcf8aecd31d9a5d3479219461 Mon Sep 17 00:00:00 2001
From: Faseela K <faseela.k@est.tech>
Date: Tue, 5 Dec 2023 17:34:53 +0100
Subject: [PATCH] Fix env variable name for VerifyCertAtClient (#3012)

Signed-off-by: Faseela K <faseela.k@est.tech>
---
 kubernetes/customresourcedefinitions.gen.yaml | 44 ++++++++++---------
 networking/v1alpha3/destination_rule.pb.go    | 10 ++---
 networking/v1alpha3/destination_rule.pb.html  | 10 ++---
 networking/v1alpha3/destination_rule.proto    | 10 ++---
 networking/v1beta1/destination_rule.pb.go     | 10 ++---
 networking/v1beta1/destination_rule.proto     | 10 ++---
 6 files changed, 49 insertions(+), 45 deletions(-)

diff --git a/kubernetes/customresourcedefinitions.gen.yaml b/kubernetes/customresourcedefinitions.gen.yaml
index e0f7007b43b..643cf4939a2 100644
--- a/kubernetes/customresourcedefinitions.gen.yaml
+++ b/kubernetes/customresourcedefinitions.gen.yaml
@@ -883,10 +883,10 @@ spec:
                                       certificates.
                                     type: string
                                   insecureSkipVerify:
-                                    description: InsecureSkipVerify specifies whether
+                                    description: '`insecureSkipVerify` specifies whether
                                       the proxy should skip verifying the CA signature
                                       and SAN for the server certificate corresponding
-                                      to the host.
+                                      to the host.'
                                     nullable: true
                                     type: boolean
                                   mode:
@@ -941,9 +941,10 @@ spec:
                                 certs for the client including the CA certificates.
                               type: string
                             insecureSkipVerify:
-                              description: InsecureSkipVerify specifies whether the
-                                proxy should skip verifying the CA signature and SAN
-                                for the server certificate corresponding to the host.
+                              description: '`insecureSkipVerify` specifies whether
+                                the proxy should skip verifying the CA signature and
+                                SAN for the server certificate corresponding to the
+                                host.'
                               nullable: true
                               type: boolean
                             mode:
@@ -1578,9 +1579,10 @@ spec:
                                 certs for the client including the CA certificates.
                               type: string
                             insecureSkipVerify:
-                              description: InsecureSkipVerify specifies whether the
-                                proxy should skip verifying the CA signature and SAN
-                                for the server certificate corresponding to the host.
+                              description: '`insecureSkipVerify` specifies whether
+                                the proxy should skip verifying the CA signature and
+                                SAN for the server certificate corresponding to the
+                                host.'
                               nullable: true
                               type: boolean
                             mode:
@@ -1635,9 +1637,9 @@ spec:
                           for the client including the CA certificates.
                         type: string
                       insecureSkipVerify:
-                        description: InsecureSkipVerify specifies whether the proxy
+                        description: '`insecureSkipVerify` specifies whether the proxy
                           should skip verifying the CA signature and SAN for the server
-                          certificate corresponding to the host.
+                          certificate corresponding to the host.'
                         nullable: true
                         type: boolean
                       mode:
@@ -2350,10 +2352,10 @@ spec:
                                       certificates.
                                     type: string
                                   insecureSkipVerify:
-                                    description: InsecureSkipVerify specifies whether
+                                    description: '`insecureSkipVerify` specifies whether
                                       the proxy should skip verifying the CA signature
                                       and SAN for the server certificate corresponding
-                                      to the host.
+                                      to the host.'
                                     nullable: true
                                     type: boolean
                                   mode:
@@ -2408,9 +2410,10 @@ spec:
                                 certs for the client including the CA certificates.
                               type: string
                             insecureSkipVerify:
-                              description: InsecureSkipVerify specifies whether the
-                                proxy should skip verifying the CA signature and SAN
-                                for the server certificate corresponding to the host.
+                              description: '`insecureSkipVerify` specifies whether
+                                the proxy should skip verifying the CA signature and
+                                SAN for the server certificate corresponding to the
+                                host.'
                               nullable: true
                               type: boolean
                             mode:
@@ -3045,9 +3048,10 @@ spec:
                                 certs for the client including the CA certificates.
                               type: string
                             insecureSkipVerify:
-                              description: InsecureSkipVerify specifies whether the
-                                proxy should skip verifying the CA signature and SAN
-                                for the server certificate corresponding to the host.
+                              description: '`insecureSkipVerify` specifies whether
+                                the proxy should skip verifying the CA signature and
+                                SAN for the server certificate corresponding to the
+                                host.'
                               nullable: true
                               type: boolean
                             mode:
@@ -3102,9 +3106,9 @@ spec:
                           for the client including the CA certificates.
                         type: string
                       insecureSkipVerify:
-                        description: InsecureSkipVerify specifies whether the proxy
+                        description: '`insecureSkipVerify` specifies whether the proxy
                           should skip verifying the CA signature and SAN for the server
-                          certificate corresponding to the host.
+                          certificate corresponding to the host.'
                         nullable: true
                         type: boolean
                       mode:
diff --git a/networking/v1alpha3/destination_rule.pb.go b/networking/v1alpha3/destination_rule.pb.go
index ef263fe7027..d71a77ba891 100644
--- a/networking/v1alpha3/destination_rule.pb.go
+++ b/networking/v1alpha3/destination_rule.pb.go
@@ -1623,16 +1623,16 @@ type ClientTLSSettings struct {
 	// host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI`
 	// environmental variable is set to `true`.
 	Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"`
-	// InsecureSkipVerify specifies whether the proxy should skip verifying the
+	// `insecureSkipVerify` specifies whether the proxy should skip verifying the
 	// CA signature and SAN for the server certificate corresponding to the host.
 	// This flag should only be set if global CA signature verification is
-	// enabled, `VerifyCertAtClient` environmental variable is set to `true`,
+	// enabled, `VERIFY_CERTIFICATE_AT_CLIENT` environmental variable is set to `true`,
 	// but no verification is desired for a specific host. If enabled with or
-	// without `VerifyCertAtClient` enabled, verification of the CA signature and
+	// without `VERIFY_CERTIFICATE_AT_CLIENT` enabled, verification of the CA signature and
 	// SAN will be skipped.
 	//
-	// `InsecureSkipVerify` is `false` by default.
-	// `VerifyCertAtClient` is `false` by default in Istio version 1.9 but will
+	// `insecureSkipVerify` is `false` by default.
+	// `VERIFY_CERTIFICATE_AT_CLIENT` is `false` by default in Istio version 1.9 but will
 	// be `true` by default in a later version where, going forward, it will be
 	// enabled by default.
 	InsecureSkipVerify *wrappers.BoolValue `protobuf:"bytes,8,opt,name=insecure_skip_verify,json=insecureSkipVerify,proto3" json:"insecure_skip_verify,omitempty"`
diff --git a/networking/v1alpha3/destination_rule.pb.html b/networking/v1alpha3/destination_rule.pb.html
index 944924ded6a..f6743f277e2 100644
--- a/networking/v1alpha3/destination_rule.pb.html
+++ b/networking/v1alpha3/destination_rule.pb.html
@@ -1131,15 +1131,15 @@ <h2 id="ClientTLSSettings">ClientTLSSettings</h2>
 <td><code>insecureSkipVerify</code></td>
 <td><code><a href="https://developers.google.com/protocol-buffers/docs/reference/google.protobuf#boolvalue">BoolValue</a></code></td>
 <td>
-<p>InsecureSkipVerify specifies whether the proxy should skip verifying the
+<p><code>insecureSkipVerify</code> specifies whether the proxy should skip verifying the
 CA signature and SAN for the server certificate corresponding to the host.
 This flag should only be set if global CA signature verification is
-enabled, <code>VerifyCertAtClient</code> environmental variable is set to <code>true</code>,
+enabled, <code>VERIFY_CERTIFICATE_AT_CLIENT</code> environmental variable is set to <code>true</code>,
 but no verification is desired for a specific host. If enabled with or
-without <code>VerifyCertAtClient</code> enabled, verification of the CA signature and
+without <code>VERIFY_CERTIFICATE_AT_CLIENT</code> enabled, verification of the CA signature and
 SAN will be skipped.</p>
-<p><code>InsecureSkipVerify</code> is <code>false</code> by default.
-<code>VerifyCertAtClient</code> is <code>false</code> by default in Istio version 1.9 but will
+<p><code>insecureSkipVerify</code> is <code>false</code> by default.
+<code>VERIFY_CERTIFICATE_AT_CLIENT</code> is <code>false</code> by default in Istio version 1.9 but will
 be <code>true</code> by default in a later version where, going forward, it will be
 enabled by default.</p>
 
diff --git a/networking/v1alpha3/destination_rule.proto b/networking/v1alpha3/destination_rule.proto
index 395bc8f8017..6e773f3d55e 100644
--- a/networking/v1alpha3/destination_rule.proto
+++ b/networking/v1alpha3/destination_rule.proto
@@ -1151,16 +1151,16 @@ message ClientTLSSettings {
   // environmental variable is set to `true`.
   string sni = 6;
 
-  // InsecureSkipVerify specifies whether the proxy should skip verifying the
+  // `insecureSkipVerify` specifies whether the proxy should skip verifying the
   // CA signature and SAN for the server certificate corresponding to the host.
   // This flag should only be set if global CA signature verification is
-  // enabled, `VerifyCertAtClient` environmental variable is set to `true`,
+  // enabled, `VERIFY_CERTIFICATE_AT_CLIENT` environmental variable is set to `true`,
   // but no verification is desired for a specific host. If enabled with or
-  // without `VerifyCertAtClient` enabled, verification of the CA signature and
+  // without `VERIFY_CERTIFICATE_AT_CLIENT` enabled, verification of the CA signature and
   // SAN will be skipped.
   //
-  // `InsecureSkipVerify` is `false` by default.
-  // `VerifyCertAtClient` is `false` by default in Istio version 1.9 but will
+  // `insecureSkipVerify` is `false` by default.
+  // `VERIFY_CERTIFICATE_AT_CLIENT` is `false` by default in Istio version 1.9 but will
   // be `true` by default in a later version where, going forward, it will be
   // enabled by default.
   google.protobuf.BoolValue insecure_skip_verify = 8;
diff --git a/networking/v1beta1/destination_rule.pb.go b/networking/v1beta1/destination_rule.pb.go
index 153bad7167b..753f672b2dd 100644
--- a/networking/v1beta1/destination_rule.pb.go
+++ b/networking/v1beta1/destination_rule.pb.go
@@ -1572,16 +1572,16 @@ type ClientTLSSettings struct {
 	// host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI`
 	// environmental variable is set to `true`.
 	Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"`
-	// InsecureSkipVerify specifies whether the proxy should skip verifying the
+	// `insecureSkipVerify` specifies whether the proxy should skip verifying the
 	// CA signature and SAN for the server certificate corresponding to the host.
 	// This flag should only be set if global CA signature verification is
-	// enabled, `VerifyCertAtClient` environmental variable is set to `true`,
+	// enabled, `VERIFY_CERTIFICATE_AT_CLIENT` environmental variable is set to `true`,
 	// but no verification is desired for a specific host. If enabled with or
-	// without `VerifyCertAtClient` enabled, verification of the CA signature and
+	// without `VERIFY_CERTIFICATE_AT_CLIENT` enabled, verification of the CA signature and
 	// SAN will be skipped.
 	//
-	// `InsecureSkipVerify` is `false` by default.
-	// `VerifyCertAtClient` is `false` by default in Istio version 1.9 but will
+	// `insecureSkipVerify` is `false` by default.
+	// `VERIFY_CERTIFICATE_AT_CLIENT` is `false` by default in Istio version 1.9 but will
 	// be `true` by default in a later version where, going forward, it will be
 	// enabled by default.
 	InsecureSkipVerify *wrappers.BoolValue `protobuf:"bytes,8,opt,name=insecure_skip_verify,json=insecureSkipVerify,proto3" json:"insecure_skip_verify,omitempty"`
diff --git a/networking/v1beta1/destination_rule.proto b/networking/v1beta1/destination_rule.proto
index e966852a17c..9f838d82ad0 100644
--- a/networking/v1beta1/destination_rule.proto
+++ b/networking/v1beta1/destination_rule.proto
@@ -1100,16 +1100,16 @@ message ClientTLSSettings {
   // environmental variable is set to `true`.
   string sni = 6;
 
-  // InsecureSkipVerify specifies whether the proxy should skip verifying the
+  // `insecureSkipVerify` specifies whether the proxy should skip verifying the
   // CA signature and SAN for the server certificate corresponding to the host.
   // This flag should only be set if global CA signature verification is
-  // enabled, `VerifyCertAtClient` environmental variable is set to `true`,
+  // enabled, `VERIFY_CERTIFICATE_AT_CLIENT` environmental variable is set to `true`,
   // but no verification is desired for a specific host. If enabled with or
-  // without `VerifyCertAtClient` enabled, verification of the CA signature and
+  // without `VERIFY_CERTIFICATE_AT_CLIENT` enabled, verification of the CA signature and
   // SAN will be skipped.
   //
-  // `InsecureSkipVerify` is `false` by default.
-  // `VerifyCertAtClient` is `false` by default in Istio version 1.9 but will
+  // `insecureSkipVerify` is `false` by default.
+  // `VERIFY_CERTIFICATE_AT_CLIENT` is `false` by default in Istio version 1.9 but will
   // be `true` by default in a later version where, going forward, it will be
   // enabled by default.
   google.protobuf.BoolValue insecure_skip_verify = 8;