diff --git a/authenticate/authenticate.go b/authenticate/authenticate.go index 5e6cf714f..1986ebc6c 100644 --- a/authenticate/authenticate.go +++ b/authenticate/authenticate.go @@ -40,9 +40,6 @@ func ValidateOptions(o *config.Options) error { if o.AuthenticateCallbackPath == "" { return errors.New("authenticate: 'AUTHENTICATE_CALLBACK_PATH' is required") } - if err := urlutil.ValidateURL(o.DataBrokerURL); err != nil { - return fmt.Errorf("authenticate: invalid 'DATABROKER_SERVICE_URL': %w", err) - } return nil } diff --git a/authenticate/authenticate_test.go b/authenticate/authenticate_test.go index 680e323e7..54aabc977 100644 --- a/authenticate/authenticate_test.go +++ b/authenticate/authenticate_test.go @@ -86,8 +86,8 @@ func TestNew(t *testing.T) { badProvider.Provider = "" badProvider.CookieName = "C" badGRPCConn := newTestOptions(t) - badGRPCConn.DataBrokerURL = nil badGRPCConn.CookieName = "D" + badGRPCConn.DataBrokerURLString = "BAD" emptyProviderURL := newTestOptions(t) emptyProviderURL.Provider = "oidc" diff --git a/authenticate/state.go b/authenticate/state.go index d1a67fcdf..aa0e856d8 100644 --- a/authenticate/state.go +++ b/authenticate/state.go @@ -118,8 +118,13 @@ func newAuthenticateStateFromConfig(cfg *config.Config) (*authenticateState, err sharedKey, _ := base64.StdEncoding.DecodeString(cfg.Options.SharedKey) + urls, err := cfg.Options.GetDataBrokerURLs() + if err != nil { + return nil, err + } + dataBrokerConn, err := grpc.GetGRPCClientConn("databroker", &grpc.Options{ - Addr: cfg.Options.DataBrokerURL, + Addrs: urls, OverrideCertificateName: cfg.Options.OverrideCertificateName, CA: cfg.Options.CA, CAFile: cfg.Options.CAFile, diff --git a/authorize/authorize.go b/authorize/authorize.go index 88cadc54d..040740ed1 100644 --- a/authorize/authorize.go +++ b/authorize/authorize.go @@ -68,9 +68,6 @@ func validateOptions(o *config.Options) error { if err := urlutil.ValidateURL(o.AuthenticateURL); err != nil { return fmt.Errorf("authorize: invalid 'AUTHENTICATE_SERVICE_URL': %w", err) } - if err := urlutil.ValidateURL(o.DataBrokerURL); err != nil { - return fmt.Errorf("authorize: invalid 'DATABROKER_SERVICE_URL': %w", err) - } return nil } diff --git a/authorize/authorize_test.go b/authorize/authorize_test.go index 2c73e00c4..27287d89e 100644 --- a/authorize/authorize_test.go +++ b/authorize/authorize_test.go @@ -1,7 +1,6 @@ package authorize import ( - "net/url" "testing" "github.com/stretchr/testify/assert" @@ -21,40 +20,40 @@ func TestNew(t *testing.T) { { "good", config.Options{ - AuthenticateURL: mustParseURL("https://authN.example.com"), - DataBrokerURL: mustParseURL("https://databroker.example.com"), - SharedKey: "2p/Wi2Q6bYDfzmoSEbKqYKtg+DUoLWTEHHs7vOhvL7w=", - Policies: policies, + AuthenticateURL: mustParseURL("https://authN.example.com"), + DataBrokerURLString: "https://databroker.example.com", + SharedKey: "2p/Wi2Q6bYDfzmoSEbKqYKtg+DUoLWTEHHs7vOhvL7w=", + Policies: policies, }, false, }, { "bad shared secret", config.Options{ - AuthenticateURL: mustParseURL("https://authN.example.com"), - DataBrokerURL: mustParseURL("https://databroker.example.com"), - SharedKey: "AZA85podM73CjLCjViDNz1EUvvejKpWp7Hysr0knXA==", - Policies: policies, + AuthenticateURL: mustParseURL("https://authN.example.com"), + DataBrokerURLString: "https://databroker.example.com", + SharedKey: "AZA85podM73CjLCjViDNz1EUvvejKpWp7Hysr0knXA==", + Policies: policies, }, true, }, { "really bad shared secret", config.Options{ - AuthenticateURL: mustParseURL("https://authN.example.com"), - DataBrokerURL: mustParseURL("https://databroker.example.com"), - SharedKey: "sup", - Policies: policies, + AuthenticateURL: mustParseURL("https://authN.example.com"), + DataBrokerURLString: "https://databroker.example.com", + SharedKey: "sup", + Policies: policies, }, true, }, { "validation error, short secret", config.Options{ - AuthenticateURL: mustParseURL("https://authN.example.com"), - DataBrokerURL: mustParseURL("https://databroker.example.com"), - SharedKey: "AZA85podM73CjLCjViDNz1EUvvejKpWp7Hysr0knXA==", - Policies: policies, + AuthenticateURL: mustParseURL("https://authN.example.com"), + DataBrokerURLString: "https://databroker.example.com", + SharedKey: "AZA85podM73CjLCjViDNz1EUvvejKpWp7Hysr0knXA==", + Policies: policies, }, true, }, @@ -62,10 +61,10 @@ func TestNew(t *testing.T) { { "bad databroker url", config.Options{ - AuthenticateURL: mustParseURL("https://authN.example.com"), - DataBrokerURL: &url.URL{}, - SharedKey: "AZA85podM73CjLCjViDNz1EUvvejKpWp7Hysr0knXA==", - Policies: policies, + AuthenticateURL: mustParseURL("https://authN.example.com"), + DataBrokerURLString: "BAD", + SharedKey: "AZA85podM73CjLCjViDNz1EUvvejKpWp7Hysr0knXA==", + Policies: policies, }, true, }, @@ -100,10 +99,10 @@ func TestAuthorize_OnConfigChange(t *testing.T) { t.Run(tc.name, func(t *testing.T) { t.Parallel() o := &config.Options{ - AuthenticateURL: mustParseURL("https://authN.example.com"), - DataBrokerURL: mustParseURL("https://databroker.example.com"), - SharedKey: tc.SharedKey, - Policies: tc.Policies, + AuthenticateURL: mustParseURL("https://authN.example.com"), + DataBrokerURLString: "https://databroker.example.com", + SharedKey: tc.SharedKey, + Policies: tc.Policies, } a, err := New(&config.Config{Options: o}) require.NoError(t, err) diff --git a/authorize/grpc_test.go b/authorize/grpc_test.go index 77210683e..d11a0f29d 100644 --- a/authorize/grpc_test.go +++ b/authorize/grpc_test.go @@ -361,10 +361,10 @@ func TestSync(t *testing.T) { }, } o := &config.Options{ - AuthenticateURL: mustParseURL("https://authN.example.com"), - DataBrokerURL: mustParseURL("https://databroker.example.com"), - SharedKey: "gXK6ggrlIW2HyKyUF9rUO4azrDgxhDPWqw9y+lJU7B8=", - Policies: testPolicies(t), + AuthenticateURL: mustParseURL("https://authN.example.com"), + DataBrokerURLString: "https://databroker.example.com", + SharedKey: "gXK6ggrlIW2HyKyUF9rUO4azrDgxhDPWqw9y+lJU7B8=", + Policies: testPolicies(t), } ctx := context.Background() @@ -464,7 +464,7 @@ func (m mockDataBrokerServiceClient) Get(ctx context.Context, in *databroker.Get func TestAuthorize_Check(t *testing.T) { opt := config.NewDefaultOptions() opt.AuthenticateURL = mustParseURL("https://authenticate.example.com") - opt.DataBrokerURL = mustParseURL("https://databroker.example.com") + opt.DataBrokerURLString = "https://databroker.example.com" opt.SharedKey = "E8wWIMnihUx+AUfRegAQDNs8eRb3UrB5G3zlJW9XJDM=" a, err := New(&config.Config{Options: opt}) if err != nil { diff --git a/authorize/state.go b/authorize/state.go index 018a0ce43..5e8c2eeae 100644 --- a/authorize/state.go +++ b/authorize/state.go @@ -39,9 +39,13 @@ func newAuthorizeStateFromConfig(cfg *config.Config, store *evaluator.Store) (*a } sharedKey, _ := base64.StdEncoding.DecodeString(cfg.Options.SharedKey) + urls, err := cfg.Options.GetDataBrokerURLs() + if err != nil { + return nil, err + } cc, err := grpc.GetGRPCClientConn("databroker", &grpc.Options{ - Addr: cfg.Options.DataBrokerURL, + Addrs: urls, OverrideCertificateName: cfg.Options.OverrideCertificateName, CA: cfg.Options.CA, CAFile: cfg.Options.CAFile, diff --git a/config/options.go b/config/options.go index e7f2c4f3b..c5401cb13 100644 --- a/config/options.go +++ b/config/options.go @@ -156,11 +156,11 @@ type Options struct { // https://openid.net/specs/openid-connect-basic-1_0.html#RequestParameters RequestParams map[string]string `mapstructure:"idp_request_params" yaml:"idp_request_params,omitempty"` - // AuthorizeURL is the routable destination of the authorize service's + // AuthorizeURLString is the routable destination of the authorize service's // gRPC endpoint. NOTE: As many load balancers do not support // externally routed gRPC so this may be an internal location. - AuthorizeURLString string `mapstructure:"authorize_service_url" yaml:"authorize_service_url,omitempty"` - AuthorizeURL *url.URL `yaml:",omitempty"` + AuthorizeURLString string `mapstructure:"authorize_service_url" yaml:"authorize_service_url,omitempty"` + AuthorizeURLStrings []string `mapstructure:"authorize_service_urls" yaml:"authorize_service_urls,omitempty"` // Settings to enable custom behind-the-ingress service communication OverrideCertificateName string `mapstructure:"override_certificate_name" yaml:"override_certificate_name,omitempty"` @@ -245,9 +245,9 @@ type Options struct { ForwardAuthURLString string `mapstructure:"forward_auth_url" yaml:"forward_auth_url,omitempty"` ForwardAuthURL *url.URL `yaml:",omitempty"` - // DataBrokerURL is the routable destination of the databroker service's gRPC endpiont. - DataBrokerURLString string `mapstructure:"databroker_service_url" yaml:"databroker_service_url,omitempty"` - DataBrokerURL *url.URL `yaml:",omitempty"` + // DataBrokerURLString is the routable destination of the databroker service's gRPC endpiont. + DataBrokerURLString string `mapstructure:"databroker_service_url" yaml:"databroker_service_url,omitempty"` + DataBrokerURLStrings []string `mapstructure:"databroker_service_urls" yaml:"databroker_service_urls,omitempty"` // DataBrokerStorageType is the storage backend type that databroker will use. // Supported type: memory, redis DataBrokerStorageType string `mapstructure:"databroker_storage_type" yaml:"databroker_storage_type,omitempty"` @@ -509,10 +509,10 @@ func (o *Options) Validate() error { o.GRPCAddr = DefaultAlternativeAddr } // and we can set the corresponding client - if o.AuthorizeURLString == "" { + if o.AuthorizeURLString == "" && len(o.AuthorizeURLStrings) == 0 { o.AuthorizeURLString = "http://127.0.0.1" + DefaultAlternativeAddr } - if o.DataBrokerURLString == "" { + if o.DataBrokerURLString == "" && len(o.DataBrokerURLStrings) == 0 { o.DataBrokerURLString = "http://127.0.0.1" + DefaultAlternativeAddr } } @@ -562,19 +562,17 @@ func (o *Options) Validate() error { } if o.AuthorizeURLString != "" { - u, err := urlutil.ParseAndValidateURL(o.AuthorizeURLString) + _, err := urlutil.ParseAndValidateURL(o.AuthorizeURLString) if err != nil { return fmt.Errorf("config: bad authorize-url %s : %w", o.AuthorizeURLString, err) } - o.AuthorizeURL = u } if o.DataBrokerURLString != "" { - u, err := urlutil.ParseAndValidateURL(o.DataBrokerURLString) + _, err := urlutil.ParseAndValidateURL(o.DataBrokerURLString) if err != nil { return fmt.Errorf("config: bad databroker service url %s : %w", o.DataBrokerURLString, err) } - o.DataBrokerURL = u } if o.ForwardAuthURLString != "" { @@ -745,20 +743,35 @@ func (o *Options) GetAuthenticateURL() (*url.URL, error) { return url.Parse("https://127.0.0.1") } -// GetAuthorizeURL returns the AuthorizeURL in the options or 127.0.0.1:5443. -func (o *Options) GetAuthorizeURL() (*url.URL, error) { - if o != nil && o.AuthorizeURL != nil { - return o.AuthorizeURL, nil - } - return url.Parse("http://127.0.0.1" + DefaultAlternativeAddr) +// GetAuthorizeURLs returns the AuthorizeURLs in the options or 127.0.0.1:5443. +func (o *Options) GetAuthorizeURLs() ([]*url.URL, error) { + return o.getURLs(append([]string{o.AuthorizeURLString}, o.AuthorizeURLStrings...)...) } -// GetDataBrokerURL returns the DataBrokerURL in the options or 127.0.0.1:5443. -func (o *Options) GetDataBrokerURL() (*url.URL, error) { - if o != nil && o.DataBrokerURL != nil { - return o.DataBrokerURL, nil +// GetDataBrokerURLs returns the DataBrokerURLs in the options or 127.0.0.1:5443. +func (o *Options) GetDataBrokerURLs() ([]*url.URL, error) { + return o.getURLs(append([]string{o.DataBrokerURLString}, o.DataBrokerURLStrings...)...) +} + +func (o *Options) getURLs(strs ...string) ([]*url.URL, error) { + var urls []*url.URL + if o != nil { + for _, str := range strs { + if str == "" { + continue + } + u, err := urlutil.ParseAndValidateURL(str) + if err != nil { + return nil, err + } + urls = append(urls, u) + } } - return url.Parse("http://127.0.0.1" + DefaultAlternativeAddr) + if len(urls) == 0 { + u, _ := url.Parse("http://127.0.0.1" + DefaultAlternativeAddr) + urls = append(urls, u) + } + return urls, nil } // GetForwardAuthURL returns the ForwardAuthURL in the options or 127.0.0.1. @@ -942,8 +955,8 @@ func (o *Options) ApplySettings(settings *config.Settings) { if settings.RequestParams != nil && len(settings.RequestParams) > 0 { o.RequestParams = settings.RequestParams } - if settings.AuthorizeServiceUrl != nil { - o.AuthorizeURLString = settings.GetAuthorizeServiceUrl() + if len(settings.AuthorizeServiceUrls) > 0 { + o.AuthorizeURLStrings = settings.GetAuthorizeServiceUrls() } if settings.OverrideCertificateName != nil { o.OverrideCertificateName = settings.GetOverrideCertificateName() @@ -1023,8 +1036,8 @@ func (o *Options) ApplySettings(settings *config.Settings) { if settings.ForwardAuthUrl != nil { o.ForwardAuthURLString = settings.GetForwardAuthUrl() } - if settings.DatabrokerServiceUrl != nil { - o.DataBrokerURLString = settings.GetDatabrokerServiceUrl() + if len(settings.DatabrokerServiceUrls) > 0 { + o.DataBrokerURLStrings = settings.GetDatabrokerServiceUrls() } if settings.ClientCa != nil { o.ClientCA = settings.GetClientCa() diff --git a/config/options_test.go b/config/options_test.go index 5c185d4aa..53e83a9ca 100644 --- a/config/options_test.go +++ b/config/options_test.go @@ -236,7 +236,7 @@ func Test_Checksum(t *testing.T) { func TestOptionsFromViper(t *testing.T) { opts := []cmp.Option{ - cmpopts.IgnoreFields(Options{}, "CookieSecret", "GRPCInsecure", "GRPCAddr", "DataBrokerURLString", "DataBrokerURL", "AuthorizeURL", "AuthorizeURLString", "DefaultUpstreamTimeout", "CookieExpire", "Services", "Addr", "RefreshCooldown", "LogLevel", "KeyFile", "CertFile", "SharedKey", "ReadTimeout", "IdleTimeout", "GRPCClientTimeout", "GRPCClientDNSRoundRobin", "TracingSampleRate"), + cmpopts.IgnoreFields(Options{}, "CookieSecret", "GRPCInsecure", "GRPCAddr", "DataBrokerURLString", "DataBrokerURLStrings", "AuthorizeURLString", "AuthorizeURLStrings", "DefaultUpstreamTimeout", "CookieExpire", "Services", "Addr", "RefreshCooldown", "LogLevel", "KeyFile", "CertFile", "SharedKey", "ReadTimeout", "IdleTimeout", "GRPCClientTimeout", "GRPCClientDNSRoundRobin", "TracingSampleRate"), cmpopts.IgnoreFields(Policy{}, "Source", "EnvoyOpts"), cmpOptIgnoreUnexported, } @@ -502,12 +502,24 @@ func TestCompareByteSliceSlice(t *testing.T) { func TestOptions_DefaultURL(t *testing.T) { t.Parallel() + firstURL := func(f func() ([]*url.URL, error)) func() (*url.URL, error) { + return func() (*url.URL, error) { + urls, err := f() + if err != nil { + return nil, err + } else if len(urls) == 0 { + return nil, fmt.Errorf("no url defined") + } + return urls[0], nil + } + } + defaultOptions := &Options{} opts := &Options{ - AuthenticateURL: mustParseURL("https://authenticate.example.com"), - AuthorizeURL: mustParseURL("https://authorize.example.com"), - DataBrokerURL: mustParseURL("https://databroker.example.com"), - ForwardAuthURL: mustParseURL("https://forwardauth.example.com"), + AuthenticateURL: mustParseURL("https://authenticate.example.com"), + AuthorizeURLString: "https://authorize.example.com", + DataBrokerURLString: "https://databroker.example.com", + ForwardAuthURL: mustParseURL("https://forwardauth.example.com"), } tests := []struct { name string @@ -519,8 +531,8 @@ func TestOptions_DefaultURL(t *testing.T) { {"default databroker url", defaultOptions.GetAuthenticateURL, "https://127.0.0.1"}, {"default forward auth url", defaultOptions.GetAuthenticateURL, "https://127.0.0.1"}, {"good authenticate url", opts.GetAuthenticateURL, "https://authenticate.example.com"}, - {"good authorize url", opts.GetAuthorizeURL, "https://authorize.example.com"}, - {"good databroker url", opts.GetDataBrokerURL, "https://databroker.example.com"}, + {"good authorize url", firstURL(opts.GetAuthorizeURLs), "https://authorize.example.com"}, + {"good databroker url", firstURL(opts.GetDataBrokerURLs), "https://databroker.example.com"}, {"good forward auth url", opts.GetForwardAuthURL, "https://forwardauth.example.com"}, } diff --git a/databroker/cache.go b/databroker/cache.go index 3283141a2..e25b49bc1 100644 --- a/databroker/cache.go +++ b/databroker/cache.go @@ -20,7 +20,6 @@ import ( "github.com/pomerium/pomerium/internal/identity/manager" "github.com/pomerium/pomerium/internal/log" "github.com/pomerium/pomerium/internal/telemetry" - "github.com/pomerium/pomerium/internal/urlutil" "github.com/pomerium/pomerium/internal/version" "github.com/pomerium/pomerium/pkg/cryptutil" "github.com/pomerium/pomerium/pkg/grpc/databroker" @@ -81,7 +80,7 @@ func New(cfg *config.Config) (*DataBroker, error) { } dataBrokerServer := newDataBrokerServer(cfg) - dataBrokerURL, err := cfg.Options.GetDataBrokerURL() + dataBrokerURLs, err := cfg.Options.GetDataBrokerURLs() if err != nil { return nil, err } @@ -91,7 +90,7 @@ func New(cfg *config.Config) (*DataBroker, error) { localListener: localListener, localGRPCServer: localGRPCServer, localGRPCConnection: localGRPCConnection, - deprecatedCacheClusterDomain: dataBrokerURL.Hostname(), + deprecatedCacheClusterDomain: dataBrokerURLs[0].Hostname(), dataBrokerStorageType: cfg.Options.DataBrokerStorageType, } c.Register(c.localGRPCServer) @@ -189,8 +188,5 @@ func validate(o *config.Options) error { if _, err := cryptutil.NewAEADCipherFromBase64(o.SharedKey); err != nil { return fmt.Errorf("invalid 'SHARED_SECRET': %w", err) } - if err := urlutil.ValidateURL(o.DataBrokerURL); err != nil { - return fmt.Errorf("invalid 'DATA_BROKER_SERVICE_URL': %w", err) - } return nil } diff --git a/databroker/cache_test.go b/databroker/cache_test.go index c3a513016..f92db7f37 100644 --- a/databroker/cache_test.go +++ b/databroker/cache_test.go @@ -3,7 +3,6 @@ package databroker import ( "io/ioutil" "log" - "net/url" "os" "testing" @@ -23,9 +22,9 @@ func TestNew(t *testing.T) { opts config.Options wantErr bool }{ - {"good", config.Options{SharedKey: cryptutil.NewBase64Key(), DataBrokerURL: &url.URL{Scheme: "http", Host: "example"}}, false}, - {"bad shared secret", config.Options{SharedKey: string([]byte(cryptutil.NewBase64Key())[:31]), DataBrokerURL: &url.URL{Scheme: "http", Host: "example"}}, true}, - {"bad databroker url", config.Options{SharedKey: cryptutil.NewBase64Key(), DataBrokerURL: &url.URL{}}, true}, + {"good", config.Options{SharedKey: cryptutil.NewBase64Key(), DataBrokerURLString: "http://example"}, false}, + {"bad shared secret", config.Options{SharedKey: string([]byte(cryptutil.NewBase64Key())[:31]), DataBrokerURLString: "http://example"}, true}, + {"bad databroker url", config.Options{SharedKey: cryptutil.NewBase64Key(), DataBrokerURLString: "BAD"}, true}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { diff --git a/docs/reference/readme.md b/docs/reference/readme.md index fbdebc4be..8d66f73a9 100644 --- a/docs/reference/readme.md +++ b/docs/reference/readme.md @@ -913,13 +913,13 @@ The databroker service is used for storing user session data. ### Data Broker Service URL -- Environmental Variable: `DATABROKER_SERVICE_URL` -- Config File Key: `databroker_service_url` +- Environmental Variable: `DATABROKER_SERVICE_URL` or `DATABROKER_SERVICE_URLS` +- Config File Key: `databroker_service_url` or `databroker_service_urls` - Type: `URL` - Example: `https://databroker.corp.example.com` - Default: in all-in-one mode, `http://localhost:5443` -The data broker service URL points to a data broker which is responsible for storing associated authorization context (e.g. sessions, users and user groups). +The data broker service URL points to a data broker which is responsible for storing associated authorization context (e.g. sessions, users and user groups). Multiple URLs can be specified with `databroker_service_url`. By default, the `databroker` service uses an in-memory databroker. @@ -1502,13 +1502,13 @@ If set, enables proxying of websocket connections. ## Authorize Service ### Authorize Service URL -- Environmental Variable: `AUTHORIZE_SERVICE_URL` -- Config File Key: `authorize_service_url` +- Environmental Variable: `AUTHORIZE_SERVICE_URL` or `AUTHORIZE_SERVICE_URLS` +- Config File Key: `authorize_service_url` or `authorize_service_urls` - Type: `URL` - Required - Example: `https://authorize.corp.example.com` -Authorize Service URL is the location of the internally accessible authorize service. +Authorize Service URL is the location of the internally accessible authorize service. Multiple URLs can be specified with `authorize_service_url`. ### Google Cloud Serverless Authentication Service Account diff --git a/docs/reference/settings.yaml b/docs/reference/settings.yaml index d9efe4d7d..4f91e2be8 100644 --- a/docs/reference/settings.yaml +++ b/docs/reference/settings.yaml @@ -1033,13 +1033,13 @@ settings: - name: "Data Broker Service URL" keys: ["databroker_service_url"] attributes: | - - Environmental Variable: `DATABROKER_SERVICE_URL` - - Config File Key: `databroker_service_url` + - Environmental Variable: `DATABROKER_SERVICE_URL` or `DATABROKER_SERVICE_URLS` + - Config File Key: `databroker_service_url` or `databroker_service_urls` - Type: `URL` - Example: `https://databroker.corp.example.com` - Default: in all-in-one mode, `http://localhost:5443` doc: | - The data broker service URL points to a data broker which is responsible for storing associated authorization context (e.g. sessions, users and user groups). + The data broker service URL points to a data broker which is responsible for storing associated authorization context (e.g. sessions, users and user groups). Multiple URLs can be specified with `databroker_service_url`. By default, the `databroker` service uses an in-memory databroker. @@ -1645,13 +1645,13 @@ settings: - name: "Authorize Service URL" keys: ["authorize_service_url"] attributes: | - - Environmental Variable: `AUTHORIZE_SERVICE_URL` - - Config File Key: `authorize_service_url` + - Environmental Variable: `AUTHORIZE_SERVICE_URL` or `AUTHORIZE_SERVICE_URLS` + - Config File Key: `authorize_service_url` or `authorize_service_urls` - Type: `URL` - Required - Example: `https://authorize.corp.example.com` doc: | - Authorize Service URL is the location of the internally accessible authorize service. + Authorize Service URL is the location of the internally accessible authorize service. Multiple URLs can be specified with `authorize_service_url`. shortdoc: | Authorize Service URL is the location of the internally accessible authorize service. - name: "Google Cloud Serverless Authentication Service Account" diff --git a/internal/controlplane/constants.go b/internal/controlplane/constants.go index 77f1d89bd..a269cf774 100644 --- a/internal/controlplane/constants.go +++ b/internal/controlplane/constants.go @@ -8,10 +8,6 @@ import ( "github.com/golang/protobuf/ptypes" ) -var ( - noLbWeight uint32 = 0 -) - var ( errNoEndpoints = errors.New("cluster must have endpoints") defaultConnectionTimeout = ptypes.DurationProto(time.Second * 10) diff --git a/internal/controlplane/xds_clusters.go b/internal/controlplane/xds_clusters.go index c94b5f66d..005dc40d1 100644 --- a/internal/controlplane/xds_clusters.go +++ b/internal/controlplane/xds_clusters.go @@ -31,12 +31,12 @@ type Endpoint struct { } // NewEndpoint creates a new Endpoint. -func NewEndpoint(u url.URL, ts *envoy_config_core_v3.TransportSocket, weight uint32) Endpoint { +func NewEndpoint(u *url.URL, ts *envoy_config_core_v3.TransportSocket, weight uint32) Endpoint { var w *wrappers.UInt32Value if weight > 0 { w = &wrappers.UInt32Value{Value: weight} } - return Endpoint{url: u, transportSocket: ts, loadBalancerWeight: w} + return Endpoint{url: *u, transportSocket: ts, loadBalancerWeight: w} } // TransportSocketName return the name for this endpoint. @@ -49,28 +49,28 @@ func (e Endpoint) TransportSocketName() string { } func (srv *Server) buildClusters(options *config.Options) ([]*envoy_config_cluster_v3.Cluster, error) { - grpcURL := url.URL{ + grpcURL := &url.URL{ Scheme: "http", Host: srv.GRPCListener.Addr().String(), } - httpURL := url.URL{ + httpURL := &url.URL{ Scheme: "http", Host: srv.HTTPListener.Addr().String(), } - authzURL, err := options.GetAuthorizeURL() + authzURLs, err := options.GetAuthorizeURLs() if err != nil { return nil, err } - controlGRPC, err := srv.buildInternalCluster(options, "pomerium-control-plane-grpc", grpcURL, true) + controlGRPC, err := srv.buildInternalCluster(options, "pomerium-control-plane-grpc", []*url.URL{grpcURL}, true) if err != nil { return nil, err } - controlHTTP, err := srv.buildInternalCluster(options, "pomerium-control-plane-http", httpURL, false) + controlHTTP, err := srv.buildInternalCluster(options, "pomerium-control-plane-http", []*url.URL{httpURL}, false) if err != nil { return nil, err } - authZ, err := srv.buildInternalCluster(options, authzURL.Host, *authzURL, true) + authZ, err := srv.buildInternalCluster(options, "pomerium-authorize", authzURLs, true) if err != nil { return nil, err } @@ -104,12 +104,16 @@ func (srv *Server) buildClusters(options *config.Options) ([]*envoy_config_clust return clusters, nil } -func (srv *Server) buildInternalCluster(options *config.Options, name string, dst url.URL, forceHTTP2 bool) (*envoy_config_cluster_v3.Cluster, error) { +func (srv *Server) buildInternalCluster(options *config.Options, name string, dsts []*url.URL, forceHTTP2 bool) (*envoy_config_cluster_v3.Cluster, error) { cluster := newDefaultEnvoyClusterConfig() cluster.DnsLookupFamily = config.GetEnvoyDNSLookupFamily(options.DNSLookupFamily) - endpoints, err := srv.buildInternalEndpoints(options, dst) - if err != nil { - return nil, err + var endpoints []Endpoint + for _, dst := range dsts { + ts, err := srv.buildInternalTransportSocket(options, dst) + if err != nil { + return nil, err + } + endpoints = append(endpoints, NewEndpoint(dst, ts, 1)) } if err := srv.buildCluster(cluster, name, endpoints, forceHTTP2); err != nil { return nil, err @@ -144,16 +148,6 @@ func (srv *Server) buildPolicyCluster(options *config.Options, policy *config.Po return cluster, nil } -func (srv *Server) buildInternalEndpoints(options *config.Options, dst url.URL) ([]Endpoint, error) { - var endpoints []Endpoint - ts, err := srv.buildInternalTransportSocket(options, dst) - if err != nil { - return nil, err - } - endpoints = append(endpoints, NewEndpoint(dst, ts, noLbWeight)) - return endpoints, nil -} - func (srv *Server) buildPolicyEndpoints(policy *config.Policy) ([]Endpoint, error) { var endpoints []Endpoint for _, dst := range policy.To { @@ -161,12 +155,12 @@ func (srv *Server) buildPolicyEndpoints(policy *config.Policy) ([]Endpoint, erro if err != nil { return nil, err } - endpoints = append(endpoints, NewEndpoint(dst.URL, ts, dst.LbWeight)) + endpoints = append(endpoints, NewEndpoint(&dst.URL, ts, dst.LbWeight)) } return endpoints, nil } -func (srv *Server) buildInternalTransportSocket(options *config.Options, endpoint url.URL) (*envoy_config_core_v3.TransportSocket, error) { +func (srv *Server) buildInternalTransportSocket(options *config.Options, endpoint *url.URL) (*envoy_config_core_v3.TransportSocket, error) { if endpoint.Scheme != "https" { return nil, nil } diff --git a/internal/controlplane/xds_listeners.go b/internal/controlplane/xds_listeners.go index 50b506bd8..df6ff4a79 100644 --- a/internal/controlplane/xds_listeners.go +++ b/internal/controlplane/xds_listeners.go @@ -30,18 +30,20 @@ import ( "github.com/pomerium/pomerium/pkg/cryptutil" ) -var disableExtAuthz *any.Any -var tlsParams = &envoy_extensions_transport_sockets_tls_v3.TlsParameters{ - CipherSuites: []string{ - "ECDHE-ECDSA-AES256-GCM-SHA384", - "ECDHE-RSA-AES256-GCM-SHA384", - "ECDHE-ECDSA-AES128-GCM-SHA256", - "ECDHE-RSA-AES128-GCM-SHA256", - "ECDHE-ECDSA-CHACHA20-POLY1305", - "ECDHE-RSA-CHACHA20-POLY1305", - }, - TlsMinimumProtocolVersion: envoy_extensions_transport_sockets_tls_v3.TlsParameters_TLSv1_2, -} +var ( + disableExtAuthz *any.Any + tlsParams = &envoy_extensions_transport_sockets_tls_v3.TlsParameters{ + CipherSuites: []string{ + "ECDHE-ECDSA-AES256-GCM-SHA384", + "ECDHE-RSA-AES256-GCM-SHA384", + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", + "ECDHE-ECDSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305", + }, + TlsMinimumProtocolVersion: envoy_extensions_transport_sockets_tls_v3.TlsParameters_TLSv1_2, + } +) func init() { disableExtAuthz = marshalAny(&envoy_extensions_filters_http_ext_authz_v3.ExtAuthzPerRoute{ @@ -273,12 +275,12 @@ func (srv *Server) buildMainHTTPConnectionManagerFilter( domains []string, tlsDomain string, ) (*envoy_config_listener_v3.Filter, error) { - authorizeURL, err := options.GetAuthorizeURL() + authorizeURLs, err := options.GetAuthorizeURLs() if err != nil { return nil, err } - dataBrokerURL, err := options.GetDataBrokerURL() + dataBrokerURLs, err := options.GetDataBrokerURLs() if err != nil { return nil, err } @@ -292,8 +294,8 @@ func (srv *Server) buildMainHTTPConnectionManagerFilter( if options.Addr == options.GRPCAddr { // if this is a gRPC service domain and we're supposed to handle that, add those routes - if (config.IsAuthorize(options.Services) && hostMatchesDomain(authorizeURL, domain)) || - (config.IsDataBroker(options.Services) && hostMatchesDomain(dataBrokerURL, domain)) { + if (config.IsAuthorize(options.Services) && hostsMatchDomain(authorizeURLs, domain)) || + (config.IsDataBroker(options.Services) && hostsMatchDomain(dataBrokerURLs, domain)) { rs, err := srv.buildGRPCRoutes() if err != nil { return nil, err @@ -354,7 +356,7 @@ func (srv *Server) buildMainHTTPConnectionManagerFilter( Timeout: grpcClientTimeout, TargetSpecifier: &envoy_config_core_v3.GrpcService_EnvoyGrpc_{ EnvoyGrpc: &envoy_config_core_v3.GrpcService_EnvoyGrpc{ - ClusterName: authorizeURL.Host, + ClusterName: "pomerium-authorize", }, }, }, @@ -651,12 +653,12 @@ func getAllRouteableDomains(options *config.Options, addr string) ([]string, err return nil, err } - authorizeURL, err := options.GetAuthorizeURL() + authorizeURLs, err := options.GetAuthorizeURLs() if err != nil { return nil, err } - dataBrokerURL, err := options.GetDataBrokerURL() + dataBrokerURLs, err := options.GetDataBrokerURLs() if err != nil { return nil, err } @@ -673,13 +675,17 @@ func getAllRouteableDomains(options *config.Options, addr string) ([]string, err } } if config.IsAuthorize(options.Services) && addr == options.GRPCAddr { - for _, h := range urlutil.GetDomainsForURL(*authorizeURL) { - lookup[h] = struct{}{} + for _, u := range authorizeURLs { + for _, h := range urlutil.GetDomainsForURL(*u) { + lookup[h] = struct{}{} + } } } if config.IsDataBroker(options.Services) && addr == options.GRPCAddr { - for _, h := range urlutil.GetDomainsForURL(*dataBrokerURL) { - lookup[h] = struct{}{} + for _, u := range dataBrokerURLs { + for _, h := range urlutil.GetDomainsForURL(*u) { + lookup[h] = struct{}{} + } } } if config.IsProxy(options.Services) && addr == options.Addr { @@ -728,6 +734,15 @@ func getAllTLSDomains(options *config.Options, addr string) ([]string, error) { return domains, nil } +func hostsMatchDomain(urls []*url.URL, host string) bool { + for _, u := range urls { + if hostMatchesDomain(u, host) { + return true + } + } + return false +} + func hostMatchesDomain(u *url.URL, host string) bool { var defaultPort string if u.Scheme == "http" { diff --git a/internal/controlplane/xds_listeners_test.go b/internal/controlplane/xds_listeners_test.go index d93373fac..1f452c2e3 100644 --- a/internal/controlplane/xds_listeners_test.go +++ b/internal/controlplane/xds_listeners_test.go @@ -149,7 +149,7 @@ func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) { "@type": "type.googleapis.com/envoy.extensions.filters.http.ext_authz.v3.ExtAuthz", "grpcService": { "envoyGrpc": { - "clusterName": "127.0.0.1:5443" + "clusterName": "pomerium-authorize" }, "timeout": "10s" }, @@ -582,12 +582,12 @@ func Test_buildDownstreamTLSContext(t *testing.T) { func Test_getAllDomains(t *testing.T) { options := &config.Options{ - Addr: "127.0.0.1:9000", - GRPCAddr: "127.0.0.1:9001", - Services: "all", - AuthenticateURL: mustParseURL(t, "https://authenticate.example.com"), - AuthorizeURL: mustParseURL(t, "https://authorize.example.com:9001"), - DataBrokerURL: mustParseURL(t, "https://cache.example.com:9001"), + Addr: "127.0.0.1:9000", + GRPCAddr: "127.0.0.1:9001", + Services: "all", + AuthenticateURL: mustParseURL(t, "https://authenticate.example.com"), + AuthorizeURLString: "https://authorize.example.com:9001", + DataBrokerURLString: "https://cache.example.com:9001", Policies: []config.Policy{ {Source: &config.StringURL{URL: mustParseURL(t, "http://a.example.com")}}, {Source: &config.StringURL{URL: mustParseURL(t, "https://b.example.com")}}, diff --git a/internal/databroker/config_source.go b/internal/databroker/config_source.go index ca1a8c111..e23baa844 100644 --- a/internal/databroker/config_source.go +++ b/internal/databroker/config_source.go @@ -137,9 +137,15 @@ func (src *ConfigSource) rebuild(firstTime bool) { } func (src *ConfigSource) runUpdater(cfg *config.Config) { + urls, err := cfg.Options.GetDataBrokerURLs() + if err != nil { + log.Fatal().Err(err).Send() + return + } + sharedKey, _ := base64.StdEncoding.DecodeString(cfg.Options.SharedKey) connectionOptions := &grpc.Options{ - Addr: cfg.Options.DataBrokerURL, + Addrs: urls, OverrideCertificateName: cfg.Options.OverrideCertificateName, CA: cfg.Options.CA, CAFile: cfg.Options.CAFile, diff --git a/internal/databroker/config_source_test.go b/internal/databroker/config_source_test.go index 23035eece..3031badee 100644 --- a/internal/databroker/config_source_test.go +++ b/internal/databroker/config_source_test.go @@ -3,7 +3,6 @@ package databroker import ( "context" "net" - "net/url" "testing" "time" @@ -34,7 +33,7 @@ func TestConfigSource(t *testing.T) { cfgs := make(chan *config.Config, 10) base := config.NewDefaultOptions() - base.DataBrokerURL = mustParse("http://" + li.Addr().String()) + base.DataBrokerURLString = "http://" + li.Addr().String() base.InsecureServer = true base.GRPCInsecure = true @@ -78,11 +77,3 @@ func TestConfigSource(t *testing.T) { assert.Len(t, cfg.Options.AdditionalPolicies, 1) } } - -func mustParse(raw string) *url.URL { - u, err := url.Parse(raw) - if err != nil { - panic(err) - } - return u -} diff --git a/internal/registry/reporter.go b/internal/registry/reporter.go index 05863cee7..1ab46307b 100644 --- a/internal/registry/reporter.go +++ b/internal/registry/reporter.go @@ -40,8 +40,14 @@ func (r *Reporter) OnConfigChange(cfg *config.Config) { return } + urls, err := cfg.Options.GetDataBrokerURLs() + if err != nil { + log.Error().Err(err).Msg("invalid databroker urls") + return + } + registryConn, err := grpc.GetGRPCClientConn("databroker", &grpc.Options{ - Addr: cfg.Options.DataBrokerURL, + Addrs: urls, OverrideCertificateName: cfg.Options.OverrideCertificateName, CA: cfg.Options.CA, CAFile: cfg.Options.CAFile, diff --git a/pkg/grpc/client.go b/pkg/grpc/client.go index 4abdfb8c2..d29dedf47 100644 --- a/pkg/grpc/client.go +++ b/pkg/grpc/client.go @@ -7,6 +7,7 @@ import ( "net" "net/url" "strconv" + "strings" "sync" "time" @@ -28,8 +29,8 @@ const ( // Options contains options for connecting to a pomerium rpc service. type Options struct { - // Addr is the location of the service. e.g. "service.corp.example:8443" - Addr *url.URL + // Addrs is the location of the service. e.g. "service.corp.example:8443" + Addrs []*url.URL // OverrideCertificateName overrides the server name used to verify the hostname on the // returned certificates from the server. gRPC internals also use it to override the virtual // hosting name if it is set. @@ -56,21 +57,25 @@ type Options struct { // NewGRPCClientConn returns a new gRPC pomerium service client connection. func NewGRPCClientConn(opts *Options) (*grpc.ClientConn, error) { - if opts.Addr == nil { + if len(opts.Addrs) == 0 { return nil, errors.New("internal/grpc: connection address required") } - connAddr := opts.Addr.Host - // no colon exists in the connection string, assume one must be added manually - if _, _, err := net.SplitHostPort(connAddr); err != nil { - if opts.Addr.Scheme == "https" { - connAddr = net.JoinHostPort(connAddr, strconv.Itoa(defaultGRPCSecurePort)) - } else { - connAddr = net.JoinHostPort(connAddr, strconv.Itoa(defaultGRPCInsecurePort)) + var addrs []string + for _, u := range opts.Addrs { + hostport := u.Host + // no colon exists in the connection string, assume one must be added manually + if _, _, err := net.SplitHostPort(hostport); err != nil { + if u.Scheme == "https" { + hostport = net.JoinHostPort(hostport, strconv.Itoa(defaultGRPCSecurePort)) + } else { + hostport = net.JoinHostPort(hostport, strconv.Itoa(defaultGRPCInsecurePort)) + } } + addrs = append(addrs, hostport) } - connAddr = "pomerium:///" + connAddr + connAddr := "pomerium:///" + strings.Join(addrs, ",") clientStatsHandler := telemetry.NewGRPCClientStatsHandler(opts.ServiceName) diff --git a/pkg/grpc/client_test.go b/pkg/grpc/client_test.go index 0515a5de8..0fd5ffc94 100644 --- a/pkg/grpc/client_test.go +++ b/pkg/grpc/client_test.go @@ -47,18 +47,18 @@ func TestNewGRPC(t *testing.T) { wantErrStr string wantTarget string }{ - {"empty connection", &Options{Addr: nil}, true, "proxy/authenticator: connection address required", ""}, - {"both internal and addr empty", &Options{Addr: nil}, true, "proxy/authenticator: connection address required", ""}, - {"addr with port", &Options{Addr: &url.URL{Scheme: "https", Host: "localhost.example:8443"}}, false, "", "pomerium:///localhost.example:8443"}, - {"secure addr without port", &Options{Addr: &url.URL{Scheme: "https", Host: "localhost.example"}}, false, "", "pomerium:///localhost.example:443"}, - {"insecure addr without port", &Options{Addr: &url.URL{Scheme: "http", Host: "localhost.example"}}, false, "", "pomerium:///localhost.example:80"}, - {"cert override", &Options{Addr: &url.URL{Scheme: "https", Host: "localhost.example:443"}, OverrideCertificateName: "*.local"}, false, "", "pomerium:///localhost.example:443"}, - {"custom ca", &Options{Addr: &url.URL{Scheme: "https", Host: "localhost.example:443"}, OverrideCertificateName: "*.local", CA: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWZrQ0ZBWHhneFg5K0hjWlBVVVBEK0laV0NGNUEvVTdNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1FVXgKQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbApjbTVsZENCWGFXUm5hWFJ6SUZCMGVTQk1kR1F3SGhjTk1Ua3dNakk0TVRnMU1EQTNXaGNOTWprd01qSTFNVGcxCk1EQTNXakJGTVFzd0NRWURWUVFHRXdKQlZURVRNQkVHQTFVRUNBd0tVMjl0WlMxVGRHRjBaVEVoTUI4R0ExVUUKQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwY3lCUWRIa2dUSFJrTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQwpBUThBTUlJQkNnS0NBUUVBOVRFMEFiaTdnMHhYeURkVUtEbDViNTBCT05ZVVVSc3F2THQrSWkwdlpjMzRRTHhOClJrT0hrOFZEVUgzcUt1N2UrNGVubUdLVVNUdzRPNFlkQktiSWRJTFpnb3o0YitNL3FVOG5adVpiN2pBVTdOYWkKajMzVDVrbXB3L2d4WHNNUzNzdUpXUE1EUDB3Z1BUZUVRK2J1bUxVWmpLdUVIaWNTL0l5dmtaVlBzRlE4NWlaUwpkNXE2a0ZGUUdjWnFXeFg0dlhDV25Sd3E3cHY3TThJd1RYc1pYSVRuNXB5Z3VTczNKb29GQkg5U3ZNTjRKU25GCmJMK0t6ekduMy9ScXFrTXpMN3FUdkMrNWxVT3UxUmNES21mZXBuVGVaN1IyVnJUQm42NndWMjVHRnBkSDIzN00KOXhJVkJrWEd1U2NvWHVPN1lDcWFrZkt6aXdoRTV4UmRaa3gweXdJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQQpBNElCQVFCaHRWUEI0OCs4eFZyVmRxM1BIY3k5QkxtVEtrRFl6N2Q0ODJzTG1HczBuVUdGSTFZUDdmaFJPV3ZxCktCTlpkNEI5MUpwU1NoRGUrMHpoNno4WG5Ha01mYnRSYWx0NHEwZ3lKdk9hUWhqQ3ZCcSswTFk5d2NLbXpFdnMKcTRiNUZ5NXNpRUZSekJLTmZtTGwxTTF2cW1hNmFCVnNYUUhPREdzYS83dE5MalZ2ay9PYm52cFg3UFhLa0E3cQpLMTQvV0tBRFBJWm9mb00xMzB4Q1RTYXVpeXROajlnWkx1WU9leEZhblVwNCt2MHBYWS81OFFSNTk2U0ROVTlKClJaeDhwTzBTaUYvZXkxVUZXbmpzdHBjbTQzTFVQKzFwU1hFeVhZOFJrRTI2QzNvdjNaTFNKc2pMbC90aXVqUlgKZUJPOWorWDdzS0R4amdtajBPbWdpVkpIM0YrUAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="}, false, "", "pomerium:///localhost.example:443"}, - {"bad ca encoding", &Options{Addr: &url.URL{Scheme: "https", Host: "localhost.example:443"}, OverrideCertificateName: "*.local", CA: "^"}, true, "", "pomerium:///localhost.example:443"}, - {"custom ca file", &Options{Addr: &url.URL{Scheme: "https", Host: "localhost.example:443"}, OverrideCertificateName: "*.local", CAFile: "testdata/example.crt"}, false, "", "pomerium:///localhost.example:443"}, - {"bad custom ca file", &Options{Addr: &url.URL{Scheme: "https", Host: "localhost.example:443"}, OverrideCertificateName: "*.local", CAFile: "testdata/example.crt2"}, true, "", "pomerium:///localhost.example:443"}, - {"valid with insecure", &Options{Addr: &url.URL{Scheme: "https", Host: "localhost.example:8443"}, WithInsecure: true}, false, "", "pomerium:///localhost.example:8443"}, - {"valid client round robin", &Options{Addr: &url.URL{Scheme: "https", Host: "localhost.example:8443"}, ClientDNSRoundRobin: true}, false, "", "pomerium:///localhost.example:8443"}, + {"empty connection", &Options{Addrs: nil}, true, "proxy/authenticator: connection address required", ""}, + {"both internal and addr empty", &Options{Addrs: nil}, true, "proxy/authenticator: connection address required", ""}, + {"addr with port", &Options{Addrs: []*url.URL{{Scheme: "https", Host: "localhost.example:8443"}}}, false, "", "pomerium:///localhost.example:8443"}, + {"secure addr without port", &Options{Addrs: []*url.URL{{Scheme: "https", Host: "localhost.example"}}}, false, "", "pomerium:///localhost.example:443"}, + {"insecure addr without port", &Options{Addrs: []*url.URL{{Scheme: "http", Host: "localhost.example"}}}, false, "", "pomerium:///localhost.example:80"}, + {"cert override", &Options{Addrs: []*url.URL{{Scheme: "https", Host: "localhost.example:443"}}, OverrideCertificateName: "*.local"}, false, "", "pomerium:///localhost.example:443"}, + {"custom ca", &Options{Addrs: []*url.URL{{Scheme: "https", Host: "localhost.example:443"}}, OverrideCertificateName: "*.local", CA: "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFVENDQWZrQ0ZBWHhneFg5K0hjWlBVVVBEK0laV0NGNUEvVTdNQTBHQ1NxR1NJYjNEUUVCQ3dVQU1FVXgKQ3pBSkJnTlZCQVlUQWtGVk1STXdFUVlEVlFRSURBcFRiMjFsTFZOMFlYUmxNU0V3SHdZRFZRUUtEQmhKYm5SbApjbTVsZENCWGFXUm5hWFJ6SUZCMGVTQk1kR1F3SGhjTk1Ua3dNakk0TVRnMU1EQTNXaGNOTWprd01qSTFNVGcxCk1EQTNXakJGTVFzd0NRWURWUVFHRXdKQlZURVRNQkVHQTFVRUNBd0tVMjl0WlMxVGRHRjBaVEVoTUI4R0ExVUUKQ2d3WVNXNTBaWEp1WlhRZ1YybGtaMmwwY3lCUWRIa2dUSFJrTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQwpBUThBTUlJQkNnS0NBUUVBOVRFMEFiaTdnMHhYeURkVUtEbDViNTBCT05ZVVVSc3F2THQrSWkwdlpjMzRRTHhOClJrT0hrOFZEVUgzcUt1N2UrNGVubUdLVVNUdzRPNFlkQktiSWRJTFpnb3o0YitNL3FVOG5adVpiN2pBVTdOYWkKajMzVDVrbXB3L2d4WHNNUzNzdUpXUE1EUDB3Z1BUZUVRK2J1bUxVWmpLdUVIaWNTL0l5dmtaVlBzRlE4NWlaUwpkNXE2a0ZGUUdjWnFXeFg0dlhDV25Sd3E3cHY3TThJd1RYc1pYSVRuNXB5Z3VTczNKb29GQkg5U3ZNTjRKU25GCmJMK0t6ekduMy9ScXFrTXpMN3FUdkMrNWxVT3UxUmNES21mZXBuVGVaN1IyVnJUQm42NndWMjVHRnBkSDIzN00KOXhJVkJrWEd1U2NvWHVPN1lDcWFrZkt6aXdoRTV4UmRaa3gweXdJREFRQUJNQTBHQ1NxR1NJYjNEUUVCQ3dVQQpBNElCQVFCaHRWUEI0OCs4eFZyVmRxM1BIY3k5QkxtVEtrRFl6N2Q0ODJzTG1HczBuVUdGSTFZUDdmaFJPV3ZxCktCTlpkNEI5MUpwU1NoRGUrMHpoNno4WG5Ha01mYnRSYWx0NHEwZ3lKdk9hUWhqQ3ZCcSswTFk5d2NLbXpFdnMKcTRiNUZ5NXNpRUZSekJLTmZtTGwxTTF2cW1hNmFCVnNYUUhPREdzYS83dE5MalZ2ay9PYm52cFg3UFhLa0E3cQpLMTQvV0tBRFBJWm9mb00xMzB4Q1RTYXVpeXROajlnWkx1WU9leEZhblVwNCt2MHBYWS81OFFSNTk2U0ROVTlKClJaeDhwTzBTaUYvZXkxVUZXbmpzdHBjbTQzTFVQKzFwU1hFeVhZOFJrRTI2QzNvdjNaTFNKc2pMbC90aXVqUlgKZUJPOWorWDdzS0R4amdtajBPbWdpVkpIM0YrUAotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg=="}, false, "", "pomerium:///localhost.example:443"}, + {"bad ca encoding", &Options{Addrs: []*url.URL{{Scheme: "https", Host: "localhost.example:443"}}, OverrideCertificateName: "*.local", CA: "^"}, true, "", "pomerium:///localhost.example:443"}, + {"custom ca file", &Options{Addrs: []*url.URL{{Scheme: "https", Host: "localhost.example:443"}}, OverrideCertificateName: "*.local", CAFile: "testdata/example.crt"}, false, "", "pomerium:///localhost.example:443"}, + {"bad custom ca file", &Options{Addrs: []*url.URL{{Scheme: "https", Host: "localhost.example:443"}}, OverrideCertificateName: "*.local", CAFile: "testdata/example.crt2"}, true, "", "pomerium:///localhost.example:443"}, + {"valid with insecure", &Options{Addrs: []*url.URL{{Scheme: "https", Host: "localhost.example:8443"}}, WithInsecure: true}, false, "", "pomerium:///localhost.example:8443"}, + {"valid client round robin", &Options{Addrs: []*url.URL{{Scheme: "https", Host: "localhost.example:8443"}}, ClientDNSRoundRobin: true}, false, "", "pomerium:///localhost.example:8443"}, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -78,14 +78,14 @@ func TestNewGRPC(t *testing.T) { func TestGetGRPC(t *testing.T) { cc1, err := GetGRPCClientConn("example", &Options{ - Addr: mustParseURL("https://localhost.example"), + Addrs: mustParseURLs("https://localhost.example"), }) if !assert.NoError(t, err) { return } cc2, err := GetGRPCClientConn("example", &Options{ - Addr: mustParseURL("https://localhost.example"), + Addrs: mustParseURLs("https://localhost.example"), }) if !assert.NoError(t, err) { return @@ -94,7 +94,7 @@ func TestGetGRPC(t *testing.T) { assert.Same(t, cc1, cc2, "GetGRPCClientConn should return the same connection when there are no changes") cc3, err := GetGRPCClientConn("example", &Options{ - Addr: mustParseURL("http://localhost.example"), + Addrs: mustParseURLs("http://localhost.example"), WithInsecure: true, }) if !assert.NoError(t, err) { @@ -104,10 +104,14 @@ func TestGetGRPC(t *testing.T) { assert.NotSame(t, cc1, cc3, "GetGRPCClientConn should return a new connection when there are changes") } -func mustParseURL(rawurl string) *url.URL { - u, err := url.Parse(rawurl) - if err != nil { - panic(err) +func mustParseURLs(rawurls ...string) []*url.URL { + var urls []*url.URL + for _, rawurl := range rawurls { + u, err := url.Parse(rawurl) + if err != nil { + panic(err) + } + urls = append(urls, u) } - return u + return urls } diff --git a/pkg/grpc/config/config.pb.go b/pkg/grpc/config/config.pb.go index aba6ddbf9..304a8aea1 100644 --- a/pkg/grpc/config/config.pb.go +++ b/pkg/grpc/config/config.pb.go @@ -680,7 +680,7 @@ type Settings struct { IdpRefreshDirectoryTimeout *durationpb.Duration `protobuf:"bytes,28,opt,name=idp_refresh_directory_timeout,json=idpRefreshDirectoryTimeout,proto3,oneof" json:"idp_refresh_directory_timeout,omitempty"` IdpRefreshDirectoryInterval *durationpb.Duration `protobuf:"bytes,29,opt,name=idp_refresh_directory_interval,json=idpRefreshDirectoryInterval,proto3,oneof" json:"idp_refresh_directory_interval,omitempty"` RequestParams map[string]string `protobuf:"bytes,30,rep,name=request_params,json=requestParams,proto3" json:"request_params,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` - AuthorizeServiceUrl *string `protobuf:"bytes,32,opt,name=authorize_service_url,json=authorizeServiceUrl,proto3,oneof" json:"authorize_service_url,omitempty"` + AuthorizeServiceUrls []string `protobuf:"bytes,32,rep,name=authorize_service_urls,json=authorizeServiceUrls,proto3" json:"authorize_service_urls,omitempty"` OverrideCertificateName *string `protobuf:"bytes,33,opt,name=override_certificate_name,json=overrideCertificateName,proto3,oneof" json:"override_certificate_name,omitempty"` CertificateAuthority *string `protobuf:"bytes,34,opt,name=certificate_authority,json=certificateAuthority,proto3,oneof" json:"certificate_authority,omitempty"` CertificateAuthorityFile *string `protobuf:"bytes,35,opt,name=certificate_authority_file,json=certificateAuthorityFile,proto3,oneof" json:"certificate_authority_file,omitempty"` @@ -705,7 +705,7 @@ type Settings struct { GrpcServerMaxConnectionAge *durationpb.Duration `protobuf:"bytes,48,opt,name=grpc_server_max_connection_age,json=grpcServerMaxConnectionAge,proto3" json:"grpc_server_max_connection_age,omitempty"` GrpcServerMaxConnectionAgeGrace *durationpb.Duration `protobuf:"bytes,49,opt,name=grpc_server_max_connection_age_grace,json=grpcServerMaxConnectionAgeGrace,proto3" json:"grpc_server_max_connection_age_grace,omitempty"` ForwardAuthUrl *string `protobuf:"bytes,50,opt,name=forward_auth_url,json=forwardAuthUrl,proto3,oneof" json:"forward_auth_url,omitempty"` - DatabrokerServiceUrl *string `protobuf:"bytes,52,opt,name=databroker_service_url,json=databrokerServiceUrl,proto3,oneof" json:"databroker_service_url,omitempty"` + DatabrokerServiceUrls []string `protobuf:"bytes,52,rep,name=databroker_service_urls,json=databrokerServiceUrls,proto3" json:"databroker_service_urls,omitempty"` ClientCa *string `protobuf:"bytes,53,opt,name=client_ca,json=clientCa,proto3,oneof" json:"client_ca,omitempty"` ClientCaFile *string `protobuf:"bytes,54,opt,name=client_ca_file,json=clientCaFile,proto3,oneof" json:"client_ca_file,omitempty"` GoogleCloudServerlessAuthenticationServiceAccount *string `protobuf:"bytes,55,opt,name=google_cloud_serverless_authentication_service_account,json=googleCloudServerlessAuthenticationServiceAccount,proto3,oneof" json:"google_cloud_serverless_authentication_service_account,omitempty"` @@ -958,11 +958,11 @@ func (x *Settings) GetRequestParams() map[string]string { return nil } -func (x *Settings) GetAuthorizeServiceUrl() string { - if x != nil && x.AuthorizeServiceUrl != nil { - return *x.AuthorizeServiceUrl +func (x *Settings) GetAuthorizeServiceUrls() []string { + if x != nil { + return x.AuthorizeServiceUrls } - return "" + return nil } func (x *Settings) GetOverrideCertificateName() string { @@ -1126,11 +1126,11 @@ func (x *Settings) GetForwardAuthUrl() string { return "" } -func (x *Settings) GetDatabrokerServiceUrl() string { - if x != nil && x.DatabrokerServiceUrl != nil { - return *x.DatabrokerServiceUrl +func (x *Settings) GetDatabrokerServiceUrls() []string { + if x != nil { + return x.DatabrokerServiceUrls } - return "" + return nil } func (x *Settings) GetClientCa() string { @@ -1459,7 +1459,7 @@ var file_config_proto_rawDesc = []byte{ 0x30, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb6, 0x28, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, + 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xfb, 0x27, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x19, 0x0a, 0x05, 0x64, 0x65, 0x62, 0x75, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, 0x05, 0x64, 0x65, 0x62, 0x75, 0x67, 0x88, 0x01, 0x01, 0x12, 0x20, 0x0a, 0x09, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, @@ -1559,186 +1559,184 @@ var file_config_proto_rawDesc = []byte{ 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x50, 0x61, 0x72, - 0x61, 0x6d, 0x73, 0x12, 0x37, 0x0a, 0x15, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, - 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x20, 0x20, 0x01, - 0x28, 0x09, 0x48, 0x1b, 0x52, 0x13, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x53, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x88, 0x01, 0x01, 0x12, 0x3f, 0x0a, 0x19, - 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x21, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x1c, 0x52, 0x17, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x88, 0x01, 0x01, 0x12, 0x38, 0x0a, - 0x15, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, - 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x22, 0x20, 0x01, 0x28, 0x09, 0x48, 0x1d, 0x52, 0x14, - 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, - 0x72, 0x69, 0x74, 0x79, 0x88, 0x01, 0x01, 0x12, 0x41, 0x0a, 0x1a, 0x63, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x23, 0x20, 0x01, 0x28, 0x09, 0x48, 0x1e, 0x52, 0x18, 0x63, - 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, - 0x69, 0x74, 0x79, 0x46, 0x69, 0x6c, 0x65, 0x88, 0x01, 0x01, 0x12, 0x24, 0x0a, 0x0b, 0x73, 0x69, - 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x24, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x1f, 0x52, 0x0a, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x88, 0x01, 0x01, - 0x12, 0x37, 0x0a, 0x15, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x5f, - 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x20, 0x52, 0x13, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, - 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x88, 0x01, 0x01, 0x12, 0x5d, 0x0a, 0x12, 0x6a, 0x77, 0x74, - 0x5f, 0x63, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, - 0x3f, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, - 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x2e, 0x4a, 0x77, 0x74, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10, 0x6a, 0x77, 0x74, 0x43, 0x6c, 0x61, 0x69, 0x6d, - 0x73, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x49, 0x0a, 0x10, 0x72, 0x65, 0x66, 0x72, - 0x65, 0x73, 0x68, 0x5f, 0x63, 0x6f, 0x6f, 0x6c, 0x64, 0x6f, 0x77, 0x6e, 0x18, 0x26, 0x20, 0x01, + 0x61, 0x6d, 0x73, 0x12, 0x34, 0x0a, 0x16, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, + 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x73, 0x18, 0x20, 0x20, + 0x03, 0x28, 0x09, 0x52, 0x14, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x73, 0x12, 0x3f, 0x0a, 0x19, 0x6f, 0x76, 0x65, + 0x72, 0x72, 0x69, 0x64, 0x65, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, + 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x21, 0x20, 0x01, 0x28, 0x09, 0x48, 0x1b, 0x52, 0x17, + 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x88, 0x01, 0x01, 0x12, 0x38, 0x0a, 0x15, 0x63, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x18, 0x22, 0x20, 0x01, 0x28, 0x09, 0x48, 0x1c, 0x52, 0x14, 0x63, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, + 0x79, 0x88, 0x01, 0x01, 0x12, 0x41, 0x0a, 0x1a, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x66, 0x69, + 0x6c, 0x65, 0x18, 0x23, 0x20, 0x01, 0x28, 0x09, 0x48, 0x1d, 0x52, 0x18, 0x63, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x41, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, + 0x46, 0x69, 0x6c, 0x65, 0x88, 0x01, 0x01, 0x12, 0x24, 0x0a, 0x0b, 0x73, 0x69, 0x67, 0x6e, 0x69, + 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x24, 0x20, 0x01, 0x28, 0x09, 0x48, 0x1e, 0x52, 0x0a, + 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x88, 0x01, 0x01, 0x12, 0x37, 0x0a, + 0x15, 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x61, 0x6c, 0x67, + 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, 0x18, 0x3e, 0x20, 0x01, 0x28, 0x09, 0x48, 0x1f, 0x52, 0x13, + 0x73, 0x69, 0x67, 0x6e, 0x69, 0x6e, 0x67, 0x4b, 0x65, 0x79, 0x41, 0x6c, 0x67, 0x6f, 0x72, 0x69, + 0x74, 0x68, 0x6d, 0x88, 0x01, 0x01, 0x12, 0x5d, 0x0a, 0x12, 0x6a, 0x77, 0x74, 0x5f, 0x63, 0x6c, + 0x61, 0x69, 0x6d, 0x73, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x3f, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2e, 0x63, 0x6f, + 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x4a, 0x77, + 0x74, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x10, 0x6a, 0x77, 0x74, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x49, 0x0a, 0x10, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, + 0x5f, 0x63, 0x6f, 0x6f, 0x6c, 0x64, 0x6f, 0x77, 0x6e, 0x18, 0x26, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x20, 0x52, 0x0f, 0x72, 0x65, + 0x66, 0x72, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6f, 0x6c, 0x64, 0x6f, 0x77, 0x6e, 0x88, 0x01, 0x01, + 0x12, 0x58, 0x0a, 0x18, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x75, 0x70, 0x73, 0x74, + 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x27, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x21, 0x52, - 0x0f, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x43, 0x6f, 0x6f, 0x6c, 0x64, 0x6f, 0x77, 0x6e, - 0x88, 0x01, 0x01, 0x12, 0x58, 0x0a, 0x18, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x75, - 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, - 0x27, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x48, 0x22, 0x52, 0x16, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x55, 0x70, 0x73, 0x74, 0x72, - 0x65, 0x61, 0x6d, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x88, 0x01, 0x01, 0x12, 0x2c, 0x0a, - 0x0f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x18, 0x28, 0x20, 0x01, 0x28, 0x09, 0x48, 0x23, 0x52, 0x0e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, - 0x73, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x88, 0x01, 0x01, 0x12, 0x31, 0x0a, 0x12, 0x6d, - 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x69, 0x63, 0x5f, 0x61, 0x75, 0x74, - 0x68, 0x18, 0x40, 0x20, 0x01, 0x28, 0x09, 0x48, 0x24, 0x52, 0x10, 0x6d, 0x65, 0x74, 0x72, 0x69, - 0x63, 0x73, 0x42, 0x61, 0x73, 0x69, 0x63, 0x41, 0x75, 0x74, 0x68, 0x88, 0x01, 0x01, 0x12, 0x5b, - 0x0a, 0x13, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, - 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x41, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x70, 0x6f, - 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x48, 0x25, 0x52, 0x12, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x43, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x88, 0x01, 0x01, 0x12, 0x2f, 0x0a, 0x11, 0x6d, - 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, - 0x18, 0x42, 0x20, 0x01, 0x28, 0x09, 0x48, 0x26, 0x52, 0x0f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, - 0x73, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x61, 0x88, 0x01, 0x01, 0x12, 0x38, 0x0a, 0x16, - 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, - 0x61, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x43, 0x20, 0x01, 0x28, 0x09, 0x48, 0x27, 0x52, 0x13, - 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x61, 0x46, - 0x69, 0x6c, 0x65, 0x88, 0x01, 0x01, 0x12, 0x2e, 0x0a, 0x10, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, - 0x67, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09, - 0x48, 0x28, 0x52, 0x0f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x76, 0x69, - 0x64, 0x65, 0x72, 0x88, 0x01, 0x01, 0x12, 0x33, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, - 0x67, 0x5f, 0x73, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x72, 0x61, 0x74, 0x65, 0x18, 0x2a, 0x20, - 0x01, 0x28, 0x01, 0x48, 0x29, 0x52, 0x11, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x53, 0x61, - 0x6d, 0x70, 0x6c, 0x65, 0x52, 0x61, 0x74, 0x65, 0x88, 0x01, 0x01, 0x12, 0x4e, 0x0a, 0x21, 0x74, - 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x61, 0x65, 0x67, 0x65, 0x72, 0x5f, 0x63, 0x6f, - 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, - 0x18, 0x2b, 0x20, 0x01, 0x28, 0x09, 0x48, 0x2a, 0x52, 0x1e, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, - 0x67, 0x4a, 0x61, 0x65, 0x67, 0x65, 0x72, 0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, - 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x88, 0x01, 0x01, 0x12, 0x46, 0x0a, 0x1d, 0x74, - 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x61, 0x65, 0x67, 0x65, 0x72, 0x5f, 0x61, 0x67, - 0x65, 0x6e, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x2c, 0x20, 0x01, - 0x28, 0x09, 0x48, 0x2b, 0x52, 0x1a, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x61, 0x65, - 0x67, 0x65, 0x72, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, - 0x88, 0x01, 0x01, 0x12, 0x3b, 0x0a, 0x17, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x7a, - 0x69, 0x70, 0x6b, 0x69, 0x6e, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x2d, - 0x20, 0x01, 0x28, 0x09, 0x48, 0x2c, 0x52, 0x15, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5a, - 0x69, 0x70, 0x6b, 0x69, 0x6e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x88, 0x01, 0x01, - 0x12, 0x26, 0x0a, 0x0c, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x18, 0x2e, 0x20, 0x01, 0x28, 0x09, 0x48, 0x2d, 0x52, 0x0b, 0x67, 0x72, 0x70, 0x63, 0x41, 0x64, - 0x64, 0x72, 0x65, 0x73, 0x73, 0x88, 0x01, 0x01, 0x12, 0x28, 0x0a, 0x0d, 0x67, 0x72, 0x70, 0x63, - 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x2f, 0x20, 0x01, 0x28, 0x08, 0x48, - 0x2e, 0x52, 0x0c, 0x67, 0x72, 0x70, 0x63, 0x49, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x88, - 0x01, 0x01, 0x12, 0x5d, 0x0a, 0x1e, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x5f, 0x61, 0x67, 0x65, 0x18, 0x30, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1a, 0x67, 0x72, 0x70, 0x63, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x67, - 0x65, 0x12, 0x68, 0x0a, 0x24, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, - 0x61, 0x67, 0x65, 0x5f, 0x67, 0x72, 0x61, 0x63, 0x65, 0x18, 0x31, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1f, 0x67, 0x72, 0x70, 0x63, - 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x41, 0x67, 0x65, 0x47, 0x72, 0x61, 0x63, 0x65, 0x12, 0x2d, 0x0a, 0x10, 0x66, - 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x75, 0x72, 0x6c, 0x18, - 0x32, 0x20, 0x01, 0x28, 0x09, 0x48, 0x2f, 0x52, 0x0e, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, - 0x41, 0x75, 0x74, 0x68, 0x55, 0x72, 0x6c, 0x88, 0x01, 0x01, 0x12, 0x39, 0x0a, 0x16, 0x64, 0x61, - 0x74, 0x61, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x34, 0x20, 0x01, 0x28, 0x09, 0x48, 0x30, 0x52, 0x14, 0x64, 0x61, - 0x74, 0x61, 0x62, 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, - 0x72, 0x6c, 0x88, 0x01, 0x01, 0x12, 0x20, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, - 0x63, 0x61, 0x18, 0x35, 0x20, 0x01, 0x28, 0x09, 0x48, 0x31, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, - 0x6e, 0x74, 0x43, 0x61, 0x88, 0x01, 0x01, 0x12, 0x29, 0x0a, 0x0e, 0x63, 0x6c, 0x69, 0x65, 0x6e, - 0x74, 0x5f, 0x63, 0x61, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x36, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x32, 0x52, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x61, 0x46, 0x69, 0x6c, 0x65, 0x88, - 0x01, 0x01, 0x12, 0x76, 0x0a, 0x36, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5f, 0x63, 0x6c, 0x6f, - 0x75, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x6c, 0x65, 0x73, 0x73, 0x5f, 0x61, 0x75, - 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x37, 0x20, 0x01, - 0x28, 0x09, 0x48, 0x33, 0x52, 0x31, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x43, 0x6c, 0x6f, 0x75, - 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x6c, 0x65, 0x73, 0x73, 0x41, 0x75, 0x74, 0x68, 0x65, - 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x88, 0x01, 0x01, 0x12, 0x1f, 0x0a, 0x08, 0x61, 0x75, - 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x38, 0x20, 0x01, 0x28, 0x08, 0x48, 0x34, 0x52, 0x08, - 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x88, 0x01, 0x01, 0x12, 0x35, 0x0a, 0x14, 0x61, - 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x75, 0x73, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x67, - 0x69, 0x6e, 0x67, 0x18, 0x39, 0x20, 0x01, 0x28, 0x08, 0x48, 0x35, 0x52, 0x12, 0x61, 0x75, 0x74, - 0x6f, 0x63, 0x65, 0x72, 0x74, 0x55, 0x73, 0x65, 0x53, 0x74, 0x61, 0x67, 0x69, 0x6e, 0x67, 0x88, - 0x01, 0x01, 0x12, 0x35, 0x0a, 0x14, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x6d, - 0x75, 0x73, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x18, 0x3a, 0x20, 0x01, 0x28, 0x08, - 0x48, 0x36, 0x52, 0x12, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x4d, 0x75, 0x73, 0x74, - 0x53, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x88, 0x01, 0x01, 0x12, 0x26, 0x0a, 0x0c, 0x61, 0x75, 0x74, - 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x64, 0x69, 0x72, 0x18, 0x3b, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x37, 0x52, 0x0b, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x44, 0x69, 0x72, 0x88, 0x01, - 0x01, 0x12, 0x2b, 0x0a, 0x0f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x78, 0x66, 0x66, 0x5f, 0x61, 0x70, - 0x70, 0x65, 0x6e, 0x64, 0x18, 0x3d, 0x20, 0x01, 0x28, 0x08, 0x48, 0x38, 0x52, 0x0d, 0x73, 0x6b, - 0x69, 0x70, 0x58, 0x66, 0x66, 0x41, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x88, 0x01, 0x01, 0x1a, 0x81, - 0x01, 0x0a, 0x0b, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, - 0x0a, 0x09, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x08, 0x63, 0x65, 0x72, 0x74, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6b, - 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6b, - 0x65, 0x79, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x62, - 0x79, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x63, 0x65, 0x72, 0x74, - 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x6b, 0x65, 0x79, 0x5f, 0x62, 0x79, 0x74, - 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x08, 0x6b, 0x65, 0x79, 0x42, 0x79, 0x74, - 0x65, 0x73, 0x1a, 0x40, 0x0a, 0x12, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x50, 0x61, 0x72, - 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x43, 0x0a, 0x15, 0x4a, 0x77, 0x74, 0x43, 0x6c, 0x61, 0x69, 0x6d, - 0x73, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x64, 0x65, - 0x62, 0x75, 0x67, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, - 0x6c, 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x6c, 0x6f, 0x67, 0x5f, - 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, - 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x73, 0x65, 0x72, 0x76, - 0x69, 0x63, 0x65, 0x73, 0x42, 0x0a, 0x0a, 0x08, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, - 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x42, 0x14, 0x0a, 0x12, 0x5f, 0x64, 0x6e, 0x73, 0x5f, 0x6c, 0x6f, 0x6f, - 0x6b, 0x75, 0x70, 0x5f, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x42, 0x15, 0x0a, 0x13, 0x5f, 0x68, - 0x74, 0x74, 0x70, 0x5f, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x64, 0x64, - 0x72, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x72, 0x65, - 0x61, 0x64, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x77, - 0x72, 0x69, 0x74, 0x65, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, - 0x5f, 0x69, 0x64, 0x6c, 0x65, 0x42, 0x1b, 0x0a, 0x19, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, - 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, - 0x72, 0x6c, 0x42, 0x1d, 0x0a, 0x1b, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, - 0x61, 0x74, 0x65, 0x5f, 0x63, 0x61, 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x5f, 0x70, 0x61, 0x74, - 0x68, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x6e, 0x61, 0x6d, - 0x65, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x73, 0x65, 0x63, - 0x72, 0x65, 0x74, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x64, - 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, - 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, - 0x69, 0x65, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x42, 0x10, 0x0a, 0x0e, - 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x42, 0x10, - 0x0a, 0x0e, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, - 0x42, 0x14, 0x0a, 0x12, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, - 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x69, 0x64, 0x70, 0x5f, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x5f, 0x75, 0x72, 0x6c, 0x42, 0x16, 0x0a, 0x14, - 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, - 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x20, 0x0a, 0x1e, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x72, 0x65, 0x66, - 0x72, 0x65, 0x73, 0x68, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x5f, 0x74, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x42, 0x21, 0x0a, 0x1f, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x72, - 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, - 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x42, 0x18, 0x0a, 0x16, 0x5f, 0x61, 0x75, - 0x74, 0x68, 0x6f, 0x72, 0x69, 0x7a, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, - 0x75, 0x72, 0x6c, 0x42, 0x1c, 0x0a, 0x1a, 0x5f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, + 0x16, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, + 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x88, 0x01, 0x01, 0x12, 0x2c, 0x0a, 0x0f, 0x6d, 0x65, + 0x74, 0x72, 0x69, 0x63, 0x73, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x28, 0x20, + 0x01, 0x28, 0x09, 0x48, 0x22, 0x52, 0x0e, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x41, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x88, 0x01, 0x01, 0x12, 0x31, 0x0a, 0x12, 0x6d, 0x65, 0x74, 0x72, + 0x69, 0x63, 0x73, 0x5f, 0x62, 0x61, 0x73, 0x69, 0x63, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x18, 0x40, + 0x20, 0x01, 0x28, 0x09, 0x48, 0x23, 0x52, 0x10, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x42, + 0x61, 0x73, 0x69, 0x63, 0x41, 0x75, 0x74, 0x68, 0x88, 0x01, 0x01, 0x12, 0x5b, 0x0a, 0x13, 0x6d, + 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x18, 0x41, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x70, 0x6f, 0x6d, 0x65, 0x72, + 0x69, 0x75, 0x6d, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, + 0x24, 0x52, 0x12, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, + 0x69, 0x63, 0x61, 0x74, 0x65, 0x88, 0x01, 0x01, 0x12, 0x2f, 0x0a, 0x11, 0x6d, 0x65, 0x74, 0x72, + 0x69, 0x63, 0x73, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x18, 0x42, 0x20, + 0x01, 0x28, 0x09, 0x48, 0x25, 0x52, 0x0f, 0x6d, 0x65, 0x74, 0x72, 0x69, 0x63, 0x73, 0x43, 0x6c, + 0x69, 0x65, 0x6e, 0x74, 0x43, 0x61, 0x88, 0x01, 0x01, 0x12, 0x38, 0x0a, 0x16, 0x6d, 0x65, 0x74, + 0x72, 0x69, 0x63, 0x73, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x5f, 0x66, + 0x69, 0x6c, 0x65, 0x18, 0x43, 0x20, 0x01, 0x28, 0x09, 0x48, 0x26, 0x52, 0x13, 0x6d, 0x65, 0x74, + 0x72, 0x69, 0x63, 0x73, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x61, 0x46, 0x69, 0x6c, 0x65, + 0x88, 0x01, 0x01, 0x12, 0x2e, 0x0a, 0x10, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x18, 0x29, 0x20, 0x01, 0x28, 0x09, 0x48, 0x27, 0x52, + 0x0f, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x88, 0x01, 0x01, 0x12, 0x33, 0x0a, 0x13, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x73, + 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x5f, 0x72, 0x61, 0x74, 0x65, 0x18, 0x2a, 0x20, 0x01, 0x28, 0x01, + 0x48, 0x28, 0x52, 0x11, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x53, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x52, 0x61, 0x74, 0x65, 0x88, 0x01, 0x01, 0x12, 0x4e, 0x0a, 0x21, 0x74, 0x72, 0x61, 0x63, + 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x61, 0x65, 0x67, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6c, 0x6c, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x2b, 0x20, + 0x01, 0x28, 0x09, 0x48, 0x29, 0x52, 0x1e, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x61, + 0x65, 0x67, 0x65, 0x72, 0x43, 0x6f, 0x6c, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x64, + 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x88, 0x01, 0x01, 0x12, 0x46, 0x0a, 0x1d, 0x74, 0x72, 0x61, 0x63, + 0x69, 0x6e, 0x67, 0x5f, 0x6a, 0x61, 0x65, 0x67, 0x65, 0x72, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, + 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x2c, 0x20, 0x01, 0x28, 0x09, 0x48, + 0x2a, 0x52, 0x1a, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x4a, 0x61, 0x65, 0x67, 0x65, 0x72, + 0x41, 0x67, 0x65, 0x6e, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x88, 0x01, 0x01, + 0x12, 0x3b, 0x0a, 0x17, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5f, 0x7a, 0x69, 0x70, 0x6b, + 0x69, 0x6e, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x2d, 0x20, 0x01, 0x28, + 0x09, 0x48, 0x2b, 0x52, 0x15, 0x74, 0x72, 0x61, 0x63, 0x69, 0x6e, 0x67, 0x5a, 0x69, 0x70, 0x6b, + 0x69, 0x6e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x88, 0x01, 0x01, 0x12, 0x26, 0x0a, + 0x0c, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x18, 0x2e, 0x20, + 0x01, 0x28, 0x09, 0x48, 0x2c, 0x52, 0x0b, 0x67, 0x72, 0x70, 0x63, 0x41, 0x64, 0x64, 0x72, 0x65, + 0x73, 0x73, 0x88, 0x01, 0x01, 0x12, 0x28, 0x0a, 0x0d, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x69, 0x6e, + 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x18, 0x2f, 0x20, 0x01, 0x28, 0x08, 0x48, 0x2d, 0x52, 0x0c, + 0x67, 0x72, 0x70, 0x63, 0x49, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x88, 0x01, 0x01, 0x12, + 0x5d, 0x0a, 0x1e, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6d, + 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x61, 0x67, + 0x65, 0x18, 0x30, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x1a, 0x67, 0x72, 0x70, 0x63, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x4d, 0x61, + 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x41, 0x67, 0x65, 0x12, 0x68, + 0x0a, 0x24, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x6d, 0x61, + 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x61, 0x67, 0x65, + 0x5f, 0x67, 0x72, 0x61, 0x63, 0x65, 0x18, 0x31, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1f, 0x67, 0x72, 0x70, 0x63, 0x53, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x4d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, + 0x41, 0x67, 0x65, 0x47, 0x72, 0x61, 0x63, 0x65, 0x12, 0x2d, 0x0a, 0x10, 0x66, 0x6f, 0x72, 0x77, + 0x61, 0x72, 0x64, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x32, 0x20, 0x01, + 0x28, 0x09, 0x48, 0x2e, 0x52, 0x0e, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x41, 0x75, 0x74, + 0x68, 0x55, 0x72, 0x6c, 0x88, 0x01, 0x01, 0x12, 0x36, 0x0a, 0x17, 0x64, 0x61, 0x74, 0x61, 0x62, + 0x72, 0x6f, 0x6b, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, + 0x6c, 0x73, 0x18, 0x34, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x64, 0x61, 0x74, 0x61, 0x62, 0x72, + 0x6f, 0x6b, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x55, 0x72, 0x6c, 0x73, 0x12, + 0x20, 0x0a, 0x09, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x18, 0x35, 0x20, 0x01, + 0x28, 0x09, 0x48, 0x2f, 0x52, 0x08, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x61, 0x88, 0x01, + 0x01, 0x12, 0x29, 0x0a, 0x0e, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x5f, 0x66, + 0x69, 0x6c, 0x65, 0x18, 0x36, 0x20, 0x01, 0x28, 0x09, 0x48, 0x30, 0x52, 0x0c, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x43, 0x61, 0x46, 0x69, 0x6c, 0x65, 0x88, 0x01, 0x01, 0x12, 0x76, 0x0a, 0x36, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5f, 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x5f, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x6c, 0x65, 0x73, 0x73, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, + 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x18, 0x37, 0x20, 0x01, 0x28, 0x09, 0x48, 0x31, 0x52, 0x31, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x43, 0x6c, 0x6f, 0x75, 0x64, 0x53, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x6c, 0x65, 0x73, 0x73, 0x41, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x63, 0x63, 0x6f, 0x75, 0x6e, + 0x74, 0x88, 0x01, 0x01, 0x12, 0x1f, 0x0a, 0x08, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, + 0x18, 0x38, 0x20, 0x01, 0x28, 0x08, 0x48, 0x32, 0x52, 0x08, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, + 0x72, 0x74, 0x88, 0x01, 0x01, 0x12, 0x35, 0x0a, 0x14, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, + 0x74, 0x5f, 0x75, 0x73, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x67, 0x69, 0x6e, 0x67, 0x18, 0x39, 0x20, + 0x01, 0x28, 0x08, 0x48, 0x33, 0x52, 0x12, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x55, + 0x73, 0x65, 0x53, 0x74, 0x61, 0x67, 0x69, 0x6e, 0x67, 0x88, 0x01, 0x01, 0x12, 0x35, 0x0a, 0x14, + 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x6d, 0x75, 0x73, 0x74, 0x5f, 0x73, 0x74, + 0x61, 0x70, 0x6c, 0x65, 0x18, 0x3a, 0x20, 0x01, 0x28, 0x08, 0x48, 0x34, 0x52, 0x12, 0x61, 0x75, + 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x4d, 0x75, 0x73, 0x74, 0x53, 0x74, 0x61, 0x70, 0x6c, 0x65, + 0x88, 0x01, 0x01, 0x12, 0x26, 0x0a, 0x0c, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, + 0x64, 0x69, 0x72, 0x18, 0x3b, 0x20, 0x01, 0x28, 0x09, 0x48, 0x35, 0x52, 0x0b, 0x61, 0x75, 0x74, + 0x6f, 0x63, 0x65, 0x72, 0x74, 0x44, 0x69, 0x72, 0x88, 0x01, 0x01, 0x12, 0x2b, 0x0a, 0x0f, 0x73, + 0x6b, 0x69, 0x70, 0x5f, 0x78, 0x66, 0x66, 0x5f, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x18, 0x3d, + 0x20, 0x01, 0x28, 0x08, 0x48, 0x36, 0x52, 0x0d, 0x73, 0x6b, 0x69, 0x70, 0x58, 0x66, 0x66, 0x41, + 0x70, 0x70, 0x65, 0x6e, 0x64, 0x88, 0x01, 0x01, 0x1a, 0x81, 0x01, 0x0a, 0x0b, 0x43, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x65, 0x72, 0x74, + 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x65, 0x72, + 0x74, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x66, 0x69, 0x6c, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x46, 0x69, 0x6c, 0x65, + 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x63, 0x65, 0x72, 0x74, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, + 0x1b, 0x0a, 0x09, 0x6b, 0x65, 0x79, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0c, 0x52, 0x08, 0x6b, 0x65, 0x79, 0x42, 0x79, 0x74, 0x65, 0x73, 0x1a, 0x40, 0x0a, 0x12, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x43, + 0x0a, 0x15, 0x4a, 0x77, 0x74, 0x43, 0x6c, 0x61, 0x69, 0x6d, 0x73, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x42, 0x08, 0x0a, 0x06, 0x5f, 0x64, 0x65, 0x62, 0x75, 0x67, 0x42, 0x0c, 0x0a, + 0x0a, 0x5f, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x42, 0x12, 0x0a, 0x10, 0x5f, + 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x42, + 0x10, 0x0a, 0x0e, 0x5f, 0x73, 0x68, 0x61, 0x72, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, + 0x74, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x42, 0x0a, + 0x0a, 0x08, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x69, + 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, 0x14, + 0x0a, 0x12, 0x5f, 0x64, 0x6e, 0x73, 0x5f, 0x6c, 0x6f, 0x6f, 0x6b, 0x75, 0x70, 0x5f, 0x66, 0x61, + 0x6d, 0x69, 0x6c, 0x79, 0x42, 0x15, 0x0a, 0x13, 0x5f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x72, 0x65, + 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, + 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x72, 0x65, 0x61, 0x64, 0x42, 0x10, 0x0a, 0x0e, + 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x77, 0x72, 0x69, 0x74, 0x65, 0x42, 0x0f, + 0x0a, 0x0d, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x69, 0x64, 0x6c, 0x65, 0x42, + 0x1b, 0x0a, 0x19, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x42, 0x1d, 0x0a, 0x1b, + 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x63, 0x61, + 0x6c, 0x6c, 0x62, 0x61, 0x63, 0x6b, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x42, 0x0e, 0x0a, 0x0c, 0x5f, + 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0x10, 0x0a, 0x0e, 0x5f, + 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x42, 0x10, 0x0a, + 0x0e, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x42, + 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, + 0x65, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x5f, 0x68, 0x74, 0x74, + 0x70, 0x5f, 0x6f, 0x6e, 0x6c, 0x79, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, + 0x65, 0x5f, 0x65, 0x78, 0x70, 0x69, 0x72, 0x65, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x69, 0x64, 0x70, + 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x42, 0x14, 0x0a, 0x12, 0x5f, 0x69, + 0x64, 0x70, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, + 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, + 0x72, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, + 0x65, 0x72, 0x5f, 0x75, 0x72, 0x6c, 0x42, 0x16, 0x0a, 0x14, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x73, + 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x20, + 0x0a, 0x1e, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, 0x5f, 0x64, + 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x42, 0x21, 0x0a, 0x1f, 0x5f, 0x69, 0x64, 0x70, 0x5f, 0x72, 0x65, 0x66, 0x72, 0x65, 0x73, 0x68, + 0x5f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x5f, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x76, 0x61, 0x6c, 0x42, 0x1c, 0x0a, 0x1a, 0x5f, 0x6f, 0x76, 0x65, 0x72, 0x72, 0x69, 0x64, 0x65, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x42, 0x18, 0x0a, 0x16, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x42, 0x1d, 0x0a, 0x1b, 0x5f, @@ -1769,24 +1767,22 @@ var file_config_proto_rawDesc = []byte{ 0x67, 0x72, 0x70, 0x63, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x42, 0x10, 0x0a, 0x0e, 0x5f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x42, 0x13, 0x0a, 0x11, 0x5f, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, - 0x75, 0x72, 0x6c, 0x42, 0x19, 0x0a, 0x17, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x62, 0x72, 0x6f, 0x6b, - 0x65, 0x72, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x75, 0x72, 0x6c, 0x42, 0x0c, - 0x0a, 0x0a, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x42, 0x11, 0x0a, 0x0f, - 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x42, - 0x39, 0x0a, 0x37, 0x5f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5f, 0x63, 0x6c, 0x6f, 0x75, 0x64, - 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x6c, 0x65, 0x73, 0x73, 0x5f, 0x61, 0x75, 0x74, 0x68, - 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x42, 0x0b, 0x0a, 0x09, 0x5f, 0x61, - 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x42, 0x17, 0x0a, 0x15, 0x5f, 0x61, 0x75, 0x74, 0x6f, - 0x63, 0x65, 0x72, 0x74, 0x5f, 0x75, 0x73, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x67, 0x69, 0x6e, 0x67, - 0x42, 0x17, 0x0a, 0x15, 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x6d, 0x75, - 0x73, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x42, 0x0f, 0x0a, 0x0d, 0x5f, 0x61, 0x75, - 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x64, 0x69, 0x72, 0x42, 0x12, 0x0a, 0x10, 0x5f, 0x73, - 0x6b, 0x69, 0x70, 0x5f, 0x78, 0x66, 0x66, 0x5f, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x42, 0x2e, - 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x70, 0x6f, 0x6d, - 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2f, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2f, 0x70, - 0x6b, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x62, 0x06, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x75, 0x72, 0x6c, 0x42, 0x0c, 0x0a, 0x0a, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, + 0x61, 0x42, 0x11, 0x0a, 0x0f, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x61, 0x5f, + 0x66, 0x69, 0x6c, 0x65, 0x42, 0x39, 0x0a, 0x37, 0x5f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x5f, + 0x63, 0x6c, 0x6f, 0x75, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x6c, 0x65, 0x73, 0x73, + 0x5f, 0x61, 0x75, 0x74, 0x68, 0x65, 0x6e, 0x74, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, + 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x61, 0x63, 0x63, 0x6f, 0x75, 0x6e, 0x74, 0x42, + 0x0b, 0x0a, 0x09, 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x42, 0x17, 0x0a, 0x15, + 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x75, 0x73, 0x65, 0x5f, 0x73, 0x74, + 0x61, 0x67, 0x69, 0x6e, 0x67, 0x42, 0x17, 0x0a, 0x15, 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, + 0x72, 0x74, 0x5f, 0x6d, 0x75, 0x73, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x70, 0x6c, 0x65, 0x42, 0x0f, + 0x0a, 0x0d, 0x5f, 0x61, 0x75, 0x74, 0x6f, 0x63, 0x65, 0x72, 0x74, 0x5f, 0x64, 0x69, 0x72, 0x42, + 0x12, 0x0a, 0x10, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x78, 0x66, 0x66, 0x5f, 0x61, 0x70, 0x70, + 0x65, 0x6e, 0x64, 0x42, 0x2e, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x70, 0x6f, 0x6d, 0x65, 0x72, 0x69, 0x75, 0x6d, 0x2f, 0x70, 0x6f, 0x6d, 0x65, 0x72, + 0x69, 0x75, 0x6d, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/pkg/grpc/config/config.proto b/pkg/grpc/config/config.proto index de2a304db..cb2ffadd6 100644 --- a/pkg/grpc/config/config.proto +++ b/pkg/grpc/config/config.proto @@ -134,7 +134,7 @@ message Settings { optional google.protobuf.Duration idp_refresh_directory_timeout = 28; optional google.protobuf.Duration idp_refresh_directory_interval = 29; map request_params = 30; - optional string authorize_service_url = 32; + repeated string authorize_service_urls = 32; optional string override_certificate_name = 33; optional string certificate_authority = 34; optional string certificate_authority_file = 35; @@ -159,7 +159,7 @@ message Settings { google.protobuf.Duration grpc_server_max_connection_age = 48; google.protobuf.Duration grpc_server_max_connection_age_grace = 49; optional string forward_auth_url = 50; - optional string databroker_service_url = 52; + repeated string databroker_service_urls = 52; optional string client_ca = 53; optional string client_ca_file = 54; optional string google_cloud_serverless_authentication_service_account = 55;