diff --git a/changelog/v1.10.0-beta2/add-tls-timeout.yaml b/changelog/v1.10.0-beta2/add-tls-timeout.yaml new file mode 100644 index 000000000000..5da43554c9bf --- /dev/null +++ b/changelog/v1.10.0-beta2/add-tls-timeout.yaml @@ -0,0 +1,5 @@ +changelog: + - type: NEW_FEATURE + issueLink: https://github.com/solo-io/gloo/issues/5438 + resolvesIssue: true + description: TLS handshake timeout is now configurable. \ No newline at end of file diff --git a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/ssl.proto.sk.md b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/ssl.proto.sk.md index a37c5f647c4f..a896e90d6e71 100644 --- a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/ssl.proto.sk.md +++ b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/ssl.proto.sk.md @@ -45,6 +45,7 @@ SslConfig contains the options necessary to configure a virtual host or listener "alpnProtocols": []string "oneWayTls": .google.protobuf.BoolValue "disableTlsSessionResumption": .google.protobuf.BoolValue +"transportSocketConnectTimeout": .google.protobuf.Duration ``` @@ -59,6 +60,7 @@ SslConfig contains the options necessary to configure a virtual host or listener | `alpnProtocols` | `[]string` | Set Application Level Protocol Negotiation If empty, defaults to ["h2", "http/1.1"]. | | `oneWayTls` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | If the SSL config has the ca.crt (root CA) provided, Gloo uses it to perform mTLS by default. Set oneWayTls to true to disable mTLS in favor of server-only TLS (one-way TLS), even if Gloo has the root CA. If unset, defaults to false. | | `disableTlsSessionResumption` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | If set to true, the TLS session resumption will be deactivated, note that it deactivates only the tickets based tls session resumption (not the cache). | +| `transportSocketConnectTimeout` | [.google.protobuf.Duration](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/duration) | If present and nonzero, the amount of time to allow incoming connections to complete any transport socket negotiations. If this expires before the transport reports connection establishment, the connection is summarily closed. | diff --git a/install/helm/gloo/crds/gateway.solo.io_v1_Gateway.yaml b/install/helm/gloo/crds/gateway.solo.io_v1_Gateway.yaml index b1d9f49a8924..b16b0da2c958 100644 --- a/install/helm/gloo/crds/gateway.solo.io_v1_Gateway.yaml +++ b/install/helm/gloo/crds/gateway.solo.io_v1_Gateway.yaml @@ -2133,6 +2133,8 @@ spec: tlsKey: type: string type: object + transportSocketConnectTimeout: + type: string verifySubjectAltName: items: type: string diff --git a/install/helm/gloo/crds/gateway.solo.io_v1_VirtualService.yaml b/install/helm/gloo/crds/gateway.solo.io_v1_VirtualService.yaml index 1e5cda5acc82..9917de2e1d0c 100644 --- a/install/helm/gloo/crds/gateway.solo.io_v1_VirtualService.yaml +++ b/install/helm/gloo/crds/gateway.solo.io_v1_VirtualService.yaml @@ -102,6 +102,8 @@ spec: tlsKey: type: string type: object + transportSocketConnectTimeout: + type: string verifySubjectAltName: items: type: string diff --git a/install/helm/gloo/crds/gloo.solo.io_v1_Proxy.yaml b/install/helm/gloo/crds/gloo.solo.io_v1_Proxy.yaml index 1f683899fd8e..fef7f2335475 100644 --- a/install/helm/gloo/crds/gloo.solo.io_v1_Proxy.yaml +++ b/install/helm/gloo/crds/gloo.solo.io_v1_Proxy.yaml @@ -5166,6 +5166,8 @@ spec: tlsKey: type: string type: object + transportSocketConnectTimeout: + type: string verifySubjectAltName: items: type: string @@ -6569,6 +6571,8 @@ spec: tlsKey: type: string type: object + transportSocketConnectTimeout: + type: string verifySubjectAltName: items: type: string diff --git a/projects/gloo/api/v1/ssl.proto b/projects/gloo/api/v1/ssl.proto index ff9f72482706..88df3aee7449 100644 --- a/projects/gloo/api/v1/ssl.proto +++ b/projects/gloo/api/v1/ssl.proto @@ -2,6 +2,7 @@ syntax = "proto3"; package gloo.solo.io; option go_package = "github.com/solo-io/gloo/projects/gloo/pkg/api/v1"; +import "google/protobuf/duration.proto"; import "google/protobuf/wrappers.proto"; import "extproto/ext.proto"; @@ -41,6 +42,11 @@ message SslConfig { // If set to true, the TLS session resumption will be deactivated, note that it deactivates only the tickets based tls session resumption (not the cache). google.protobuf.BoolValue disable_tls_session_resumption = 9; + + // If present and nonzero, the amount of time to allow incoming connections to complete any + // transport socket negotiations. If this expires before the transport reports connection + // establishment, the connection is summarily closed. + google.protobuf.Duration transport_socket_connect_timeout = 10; } // SSLFiles reference paths to certificates which can be read by the proxy off of its local filesystem diff --git a/projects/gloo/pkg/api/v1/ssl.pb.equal.go b/projects/gloo/pkg/api/v1/ssl.pb.equal.go index 8e0fabf769d8..6bcb78ad5541 100644 --- a/projects/gloo/pkg/api/v1/ssl.pb.equal.go +++ b/projects/gloo/pkg/api/v1/ssl.pb.equal.go @@ -109,6 +109,16 @@ func (m *SslConfig) Equal(that interface{}) bool { } } + if h, ok := interface{}(m.GetTransportSocketConnectTimeout()).(equality.Equalizer); ok { + if !h.Equal(target.GetTransportSocketConnectTimeout()) { + return false + } + } else { + if !proto.Equal(m.GetTransportSocketConnectTimeout(), target.GetTransportSocketConnectTimeout()) { + return false + } + } + switch m.SslSecrets.(type) { case *SslConfig_SecretRef: diff --git a/projects/gloo/pkg/api/v1/ssl.pb.go b/projects/gloo/pkg/api/v1/ssl.pb.go index af1991aa81cc..11f1b62e55cb 100644 --- a/projects/gloo/pkg/api/v1/ssl.pb.go +++ b/projects/gloo/pkg/api/v1/ssl.pb.go @@ -10,6 +10,7 @@ import ( reflect "reflect" sync "sync" + duration "github.com/golang/protobuf/ptypes/duration" wrappers "github.com/golang/protobuf/ptypes/wrappers" _ "github.com/solo-io/protoc-gen-ext/extproto" core "github.com/solo-io/solo-kit/pkg/api/v1/resources/core" @@ -110,6 +111,10 @@ type SslConfig struct { OneWayTls *wrappers.BoolValue `protobuf:"bytes,8,opt,name=one_way_tls,json=oneWayTls,proto3" json:"one_way_tls,omitempty"` // If set to true, the TLS session resumption will be deactivated, note that it deactivates only the tickets based tls session resumption (not the cache). DisableTlsSessionResumption *wrappers.BoolValue `protobuf:"bytes,9,opt,name=disable_tls_session_resumption,json=disableTlsSessionResumption,proto3" json:"disable_tls_session_resumption,omitempty"` + // If present and nonzero, the amount of time to allow incoming connections to complete any + // transport socket negotiations. If this expires before the transport reports connection + // establishment, the connection is summarily closed. + TransportSocketConnectTimeout *duration.Duration `protobuf:"bytes,10,opt,name=transport_socket_connect_timeout,json=transportSocketConnectTimeout,proto3" json:"transport_socket_connect_timeout,omitempty"` } func (x *SslConfig) Reset() { @@ -214,6 +219,13 @@ func (x *SslConfig) GetDisableTlsSessionResumption() *wrappers.BoolValue { return nil } +func (x *SslConfig) GetTransportSocketConnectTimeout() *duration.Duration { + if x != nil { + return x.TransportSocketConnectTimeout + } + return nil +} + type isSslConfig_SslSecrets interface { isSslConfig_SslSecrets() } @@ -736,12 +748,14 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_ssl_proto_rawDesc = []byte 0x74, 0x73, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x73, 0x73, 0x6c, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x0c, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x12, 0x65, 0x78, 0x74, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x65, 0x78, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x6f, 0x6c, 0x6f, 0x2d, 0x69, 0x6f, 0x2f, 0x73, 0x6f, 0x6c, 0x6f, 0x2d, 0x6b, 0x69, 0x74, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x2f, 0x72, - 0x65, 0x66, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x93, 0x04, 0x0a, 0x09, 0x53, 0x73, 0x6c, + 0x65, 0x66, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf7, 0x04, 0x0a, 0x09, 0x53, 0x73, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3a, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, @@ -773,96 +787,103 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_ssl_proto_rawDesc = []byte 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x1b, 0x64, 0x69, 0x73, 0x61, 0x62, 0x6c, 0x65, 0x54, 0x6c, 0x73, 0x53, 0x65, - 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x42, - 0x0d, 0x0a, 0x0b, 0x73, 0x73, 0x6c, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x22, 0x57, - 0x0a, 0x08, 0x53, 0x53, 0x4c, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x74, 0x6c, - 0x73, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x74, 0x6c, - 0x73, 0x43, 0x65, 0x72, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x6c, 0x73, 0x5f, 0x6b, 0x65, 0x79, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x6c, 0x73, 0x4b, 0x65, 0x79, 0x12, 0x17, - 0x0a, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x63, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x06, 0x72, 0x6f, 0x6f, 0x74, 0x43, 0x61, 0x22, 0xef, 0x02, 0x0a, 0x11, 0x55, 0x70, 0x73, 0x74, - 0x72, 0x65, 0x61, 0x6d, 0x53, 0x73, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x3a, 0x0a, - 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, - 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, 0x48, 0x00, 0x52, 0x09, - 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x35, 0x0a, 0x09, 0x73, 0x73, 0x6c, - 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, - 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x53, 0x53, 0x4c, 0x46, - 0x69, 0x6c, 0x65, 0x73, 0x48, 0x00, 0x52, 0x08, 0x73, 0x73, 0x6c, 0x46, 0x69, 0x6c, 0x65, 0x73, - 0x12, 0x2b, 0x0a, 0x03, 0x73, 0x64, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, - 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x53, 0x44, 0x53, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x03, 0x73, 0x64, 0x73, 0x12, 0x10, 0x0a, - 0x03, 0x73, 0x6e, 0x69, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, - 0x35, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x14, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x53, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, - 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x3b, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, - 0x74, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6c, 0x6f, - 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x53, 0x73, 0x6c, 0x50, 0x61, 0x72, - 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, - 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x70, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x61, 0x6c, 0x70, - 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x42, 0x0d, 0x0a, 0x0b, 0x73, 0x73, - 0x6c, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x22, 0x9c, 0x02, 0x0a, 0x09, 0x53, 0x44, - 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x74, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x55, 0x72, 0x69, 0x12, 0x4a, 0x0a, 0x10, 0x63, 0x61, 0x6c, 0x6c, 0x5f, 0x63, - 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1d, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x43, 0x61, 0x6c, 0x6c, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x48, - 0x00, 0x52, 0x0f, 0x63, 0x61, 0x6c, 0x6c, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, - 0x6c, 0x73, 0x12, 0x23, 0x0a, 0x0c, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x5f, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, 0x63, 0x6c, 0x75, 0x73, - 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x18, 0x63, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x63, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4e, 0x61, 0x6d, - 0x65, 0x12, 0x36, 0x0a, 0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, - 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x15, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x43, 0x6f, - 0x6e, 0x74, 0x65, 0x78, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x0d, 0x0a, 0x0b, 0x73, 0x64, 0x73, - 0x5f, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x65, 0x72, 0x22, 0xd3, 0x01, 0x0a, 0x0f, 0x43, 0x61, 0x6c, - 0x6c, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x12, 0x68, 0x0a, 0x16, - 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x32, 0x2e, 0x67, - 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x43, 0x61, 0x6c, 0x6c, - 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, 0x46, 0x69, 0x6c, 0x65, - 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x52, 0x14, 0x66, 0x69, 0x6c, 0x65, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, - 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x1a, 0x56, 0x0a, 0x14, 0x46, 0x69, 0x6c, 0x65, 0x43, 0x72, - 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x26, - 0x0a, 0x0f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x46, 0x69, - 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x22, 0xf8, - 0x02, 0x0a, 0x0d, 0x53, 0x73, 0x6c, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, - 0x12, 0x65, 0x0a, 0x18, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, - 0x6f, 0x2e, 0x53, 0x73, 0x6c, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x2e, - 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, - 0x16, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, - 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x65, 0x0a, 0x18, 0x6d, 0x61, 0x78, 0x69, 0x6d, - 0x75, 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, - 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x53, 0x73, 0x6c, 0x50, 0x61, 0x72, 0x61, - 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x16, 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, - 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, - 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, - 0x74, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x63, 0x64, 0x68, 0x5f, 0x63, 0x75, 0x72, 0x76, - 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x63, 0x64, 0x68, 0x43, 0x75, - 0x72, 0x76, 0x65, 0x73, 0x22, 0x53, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, - 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x0c, 0x0a, 0x08, 0x54, 0x4c, 0x53, 0x5f, 0x41, - 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 0x30, - 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 0x31, 0x10, 0x02, 0x12, - 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 0x32, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, - 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x42, 0x3a, 0x5a, 0x30, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x6f, 0x6c, 0x6f, 0x2d, 0x69, 0x6f, 0x2f, - 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x67, 0x6c, - 0x6f, 0x6f, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0xc0, 0xf5, 0x04, - 0x01, 0xb8, 0xf5, 0x04, 0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x65, 0x73, 0x75, 0x6d, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x62, 0x0a, 0x20, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x73, 0x6f, 0x63, + 0x6b, 0x65, 0x74, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x1d, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x53, + 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x42, 0x0d, 0x0a, 0x0b, 0x73, 0x73, 0x6c, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, + 0x74, 0x73, 0x22, 0x57, 0x0a, 0x08, 0x53, 0x53, 0x4c, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x12, 0x19, + 0x0a, 0x08, 0x74, 0x6c, 0x73, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x74, 0x6c, 0x73, 0x43, 0x65, 0x72, 0x74, 0x12, 0x17, 0x0a, 0x07, 0x74, 0x6c, 0x73, + 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x74, 0x6c, 0x73, 0x4b, + 0x65, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x72, 0x6f, 0x6f, 0x74, 0x5f, 0x63, 0x61, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x6f, 0x6f, 0x74, 0x43, 0x61, 0x22, 0xef, 0x02, 0x0a, 0x11, + 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x53, 0x73, 0x6c, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x3a, 0x0a, 0x0a, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x63, 0x6f, 0x72, 0x65, 0x2e, 0x73, 0x6f, 0x6c, + 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x66, + 0x48, 0x00, 0x52, 0x09, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x52, 0x65, 0x66, 0x12, 0x35, 0x0a, + 0x09, 0x73, 0x73, 0x6c, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x16, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, + 0x53, 0x53, 0x4c, 0x46, 0x69, 0x6c, 0x65, 0x73, 0x48, 0x00, 0x52, 0x08, 0x73, 0x73, 0x6c, 0x46, + 0x69, 0x6c, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x03, 0x73, 0x64, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, + 0x2e, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x03, 0x73, 0x64, + 0x73, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, + 0x73, 0x6e, 0x69, 0x12, 0x35, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x73, 0x75, + 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x53, 0x75, 0x62, 0x6a, + 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x3b, 0x0a, 0x0a, 0x70, 0x61, + 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1b, + 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x53, 0x73, + 0x6c, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x0a, 0x70, 0x61, 0x72, + 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x61, 0x6c, 0x70, 0x6e, 0x5f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x0d, 0x61, 0x6c, 0x70, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x42, 0x0d, + 0x0a, 0x0b, 0x73, 0x73, 0x6c, 0x5f, 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x73, 0x22, 0x9c, 0x02, + 0x0a, 0x09, 0x53, 0x44, 0x53, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x1d, 0x0a, 0x0a, 0x74, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x09, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x55, 0x72, 0x69, 0x12, 0x4a, 0x0a, 0x10, 0x63, 0x61, + 0x6c, 0x6c, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, + 0x2e, 0x69, 0x6f, 0x2e, 0x43, 0x61, 0x6c, 0x6c, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, + 0x61, 0x6c, 0x73, 0x48, 0x00, 0x52, 0x0f, 0x63, 0x61, 0x6c, 0x6c, 0x43, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x12, 0x23, 0x0a, 0x0c, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, + 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0b, + 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x18, 0x63, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x5f, 0x73, 0x65, 0x63, 0x72, + 0x65, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x16, 0x63, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x53, 0x65, 0x63, 0x72, 0x65, + 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x36, 0x0a, 0x17, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x15, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x42, 0x0d, 0x0a, + 0x0b, 0x73, 0x64, 0x73, 0x5f, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x65, 0x72, 0x22, 0xd3, 0x01, 0x0a, + 0x0f, 0x43, 0x61, 0x6c, 0x6c, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, + 0x12, 0x68, 0x0a, 0x16, 0x66, 0x69, 0x6c, 0x65, 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, + 0x69, 0x61, 0x6c, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x32, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, + 0x43, 0x61, 0x6c, 0x6c, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2e, + 0x46, 0x69, 0x6c, 0x65, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x52, 0x14, 0x66, 0x69, 0x6c, 0x65, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x1a, 0x56, 0x0a, 0x14, 0x46, 0x69, + 0x6c, 0x65, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x53, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x12, 0x26, 0x0a, 0x0f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x5f, 0x66, 0x69, 0x6c, 0x65, + 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x74, 0x6f, 0x6b, + 0x65, 0x6e, 0x46, 0x69, 0x6c, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x68, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x22, 0xf8, 0x02, 0x0a, 0x0d, 0x53, 0x73, 0x6c, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, + 0x74, 0x65, 0x72, 0x73, 0x12, 0x65, 0x0a, 0x18, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, + 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x53, 0x73, 0x6c, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, + 0x65, 0x72, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x52, 0x16, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x50, 0x72, 0x6f, 0x74, + 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x65, 0x0a, 0x18, 0x6d, + 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, + 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, + 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x53, 0x73, 0x6c, + 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x52, 0x16, 0x6d, 0x61, 0x78, 0x69, + 0x6d, 0x75, 0x6d, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, + 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, + 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, + 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x65, 0x63, 0x64, 0x68, 0x5f, + 0x63, 0x75, 0x72, 0x76, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0a, 0x65, 0x63, + 0x64, 0x68, 0x43, 0x75, 0x72, 0x76, 0x65, 0x73, 0x22, 0x53, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x74, + 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x0c, 0x0a, 0x08, 0x54, + 0x4c, 0x53, 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, + 0x76, 0x31, 0x5f, 0x30, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, + 0x31, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 0x32, 0x10, 0x03, + 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x76, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x42, 0x3a, 0x5a, + 0x30, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x6f, 0x6c, 0x6f, + 0x2d, 0x69, 0x6f, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, + 0x73, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, + 0x31, 0xc0, 0xf5, 0x04, 0x01, 0xb8, 0xf5, 0x04, 0x01, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( @@ -890,6 +911,7 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_ssl_proto_goTypes = []inte (*CallCredentials_FileCredentialSource)(nil), // 7: gloo.solo.io.CallCredentials.FileCredentialSource (*core.ResourceRef)(nil), // 8: core.solo.io.ResourceRef (*wrappers.BoolValue)(nil), // 9: google.protobuf.BoolValue + (*duration.Duration)(nil), // 10: google.protobuf.Duration } var file_github_com_solo_io_gloo_projects_gloo_api_v1_ssl_proto_depIdxs = []int32{ 8, // 0: gloo.solo.io.SslConfig.secret_ref:type_name -> core.solo.io.ResourceRef @@ -898,19 +920,20 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_ssl_proto_depIdxs = []int3 6, // 3: gloo.solo.io.SslConfig.parameters:type_name -> gloo.solo.io.SslParameters 9, // 4: gloo.solo.io.SslConfig.one_way_tls:type_name -> google.protobuf.BoolValue 9, // 5: gloo.solo.io.SslConfig.disable_tls_session_resumption:type_name -> google.protobuf.BoolValue - 8, // 6: gloo.solo.io.UpstreamSslConfig.secret_ref:type_name -> core.solo.io.ResourceRef - 2, // 7: gloo.solo.io.UpstreamSslConfig.ssl_files:type_name -> gloo.solo.io.SSLFiles - 4, // 8: gloo.solo.io.UpstreamSslConfig.sds:type_name -> gloo.solo.io.SDSConfig - 6, // 9: gloo.solo.io.UpstreamSslConfig.parameters:type_name -> gloo.solo.io.SslParameters - 5, // 10: gloo.solo.io.SDSConfig.call_credentials:type_name -> gloo.solo.io.CallCredentials - 7, // 11: gloo.solo.io.CallCredentials.file_credential_source:type_name -> gloo.solo.io.CallCredentials.FileCredentialSource - 0, // 12: gloo.solo.io.SslParameters.minimum_protocol_version:type_name -> gloo.solo.io.SslParameters.ProtocolVersion - 0, // 13: gloo.solo.io.SslParameters.maximum_protocol_version:type_name -> gloo.solo.io.SslParameters.ProtocolVersion - 14, // [14:14] is the sub-list for method output_type - 14, // [14:14] is the sub-list for method input_type - 14, // [14:14] is the sub-list for extension type_name - 14, // [14:14] is the sub-list for extension extendee - 0, // [0:14] is the sub-list for field type_name + 10, // 6: gloo.solo.io.SslConfig.transport_socket_connect_timeout:type_name -> google.protobuf.Duration + 8, // 7: gloo.solo.io.UpstreamSslConfig.secret_ref:type_name -> core.solo.io.ResourceRef + 2, // 8: gloo.solo.io.UpstreamSslConfig.ssl_files:type_name -> gloo.solo.io.SSLFiles + 4, // 9: gloo.solo.io.UpstreamSslConfig.sds:type_name -> gloo.solo.io.SDSConfig + 6, // 10: gloo.solo.io.UpstreamSslConfig.parameters:type_name -> gloo.solo.io.SslParameters + 5, // 11: gloo.solo.io.SDSConfig.call_credentials:type_name -> gloo.solo.io.CallCredentials + 7, // 12: gloo.solo.io.CallCredentials.file_credential_source:type_name -> gloo.solo.io.CallCredentials.FileCredentialSource + 0, // 13: gloo.solo.io.SslParameters.minimum_protocol_version:type_name -> gloo.solo.io.SslParameters.ProtocolVersion + 0, // 14: gloo.solo.io.SslParameters.maximum_protocol_version:type_name -> gloo.solo.io.SslParameters.ProtocolVersion + 15, // [15:15] is the sub-list for method output_type + 15, // [15:15] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name } func init() { file_github_com_solo_io_gloo_projects_gloo_api_v1_ssl_proto_init() } diff --git a/projects/gloo/pkg/api/v1/ssl.pb.hash.go b/projects/gloo/pkg/api/v1/ssl.pb.hash.go index a60a1f74bc4d..98ee952f9658 100644 --- a/projects/gloo/pkg/api/v1/ssl.pb.hash.go +++ b/projects/gloo/pkg/api/v1/ssl.pb.hash.go @@ -122,6 +122,26 @@ func (m *SslConfig) Hash(hasher hash.Hash64) (uint64, error) { } } + if h, ok := interface{}(m.GetTransportSocketConnectTimeout()).(safe_hasher.SafeHasher); ok { + if _, err = hasher.Write([]byte("TransportSocketConnectTimeout")); err != nil { + return 0, err + } + if _, err = h.Hash(hasher); err != nil { + return 0, err + } + } else { + if fieldValue, err := hashstructure.Hash(m.GetTransportSocketConnectTimeout(), nil); err != nil { + return 0, err + } else { + if _, err = hasher.Write([]byte("TransportSocketConnectTimeout")); err != nil { + return 0, err + } + if err := binary.Write(hasher, binary.LittleEndian, fieldValue); err != nil { + return 0, err + } + } + } + switch m.SslSecrets.(type) { case *SslConfig_SecretRef: diff --git a/projects/gloo/pkg/plugins/tcp/plugin.go b/projects/gloo/pkg/plugins/tcp/plugin.go index 8cb734333841..f2661cde119c 100644 --- a/projects/gloo/pkg/plugins/tcp/plugin.go +++ b/projects/gloo/pkg/plugins/tcp/plugin.go @@ -7,6 +7,7 @@ import ( envoyauth "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/protobuf/proto" + "github.com/golang/protobuf/ptypes/duration" "github.com/hashicorp/go-multierror" "github.com/rotisserie/eris" v1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" @@ -200,13 +201,14 @@ func (p *Plugin) computerTcpFilterChain( if err != nil { return nil, InvalidSecretsError(err, listener.GetName()) } - return p.newSslFilterChain(downstreamConfig, sslConfig.GetSniDomains(), listenerFilters), nil + return p.newSslFilterChain(downstreamConfig, sslConfig.GetSniDomains(), listenerFilters, sslConfig.GetTransportSocketConnectTimeout()), nil } func (p *Plugin) newSslFilterChain( downstreamConfig *envoyauth.DownstreamTlsContext, sniDomains []string, listenerFilters []*envoy_config_listener_v3.Filter, + timeout *duration.Duration, ) *envoy_config_listener_v3.FilterChain { // copy listenerFilter so we can modify filter chain later without changing the filters on all of them! @@ -224,6 +226,7 @@ func (p *Plugin) newSslFilterChain( Name: wellknown.TransportSocketTls, ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{TypedConfig: utils.MustMessageToAny(downstreamConfig)}, }, + TransportSocketConnectTimeout: timeout, } } diff --git a/projects/gloo/pkg/plugins/tcp/plugin_test.go b/projects/gloo/pkg/plugins/tcp/plugin_test.go index 847cd6c89ec9..766662a64a20 100644 --- a/projects/gloo/pkg/plugins/tcp/plugin_test.go +++ b/projects/gloo/pkg/plugins/tcp/plugin_test.go @@ -19,6 +19,7 @@ import ( "github.com/solo-io/solo-kit/pkg/api/v1/resources/core" "github.com/solo-io/solo-kit/pkg/utils/prototime" "github.com/solo-io/solo-kit/test/matchers" + "google.golang.org/protobuf/types/known/durationpb" ) var _ = Describe("Plugin", func() { @@ -276,6 +277,24 @@ var _ = Describe("Plugin", func() { Expect(cluster.Cluster).To(Equal("")) }) + It("should propagate proided `transport_socket_connect_timeout` to Envoy", func() { + sslConfig := &v1.SslConfig{ + SslSecrets: &v1.SslConfig_SecretRef{ + SecretRef: &core.ResourceRef{ + Name: "name", + Namespace: "namespace", + }, + }, + SniDomains: []string{"hello.world"}, + TransportSocketConnectTimeout: &durationpb.Duration{ + Seconds: 3, + Nanos: 0, + }, + } + + Expect(sslConfig.TransportSocketConnectTimeout.Seconds).To(Equal(int64(3))) + Expect(sslConfig.TransportSocketConnectTimeout.Nanos).To(Equal(int32(0))) + }) }) }) diff --git a/projects/gloo/pkg/translator/listener.go b/projects/gloo/pkg/translator/listener.go index ab198708c13a..1391e67b0a9d 100644 --- a/projects/gloo/pkg/translator/listener.go +++ b/projects/gloo/pkg/translator/listener.go @@ -10,6 +10,7 @@ import ( envoyauth "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" "github.com/envoyproxy/go-control-plane/pkg/wellknown" "github.com/golang/protobuf/proto" + "github.com/golang/protobuf/ptypes/duration" validationapi "github.com/solo-io/gloo/projects/gloo/pkg/api/grpc/validation" v1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" "github.com/solo-io/gloo/projects/gloo/pkg/plugins" @@ -164,7 +165,7 @@ func (t *translatorInstance) computeFilterChainsFromSslConfig( validationapi.ListenerReport_Error_SSLConfigError, err.Error()) continue } - filterChain := newSslFilterChain(downstreamConfig, sslConfig.GetSniDomains(), listenerFilters) + filterChain := newSslFilterChain(downstreamConfig, sslConfig.GetSniDomains(), listenerFilters, sslConfig.GetTransportSocketConnectTimeout()) secureFilterChains = append(secureFilterChains, filterChain) } @@ -244,6 +245,7 @@ func newSslFilterChain( downstreamConfig *envoyauth.DownstreamTlsContext, sniDomains []string, listenerFilters []*envoy_config_listener_v3.Filter, + timeout *duration.Duration, ) *envoy_config_listener_v3.FilterChain { // copy listenerFilter so we can modify filter chain later without changing the filters on all of them! @@ -262,6 +264,7 @@ func newSslFilterChain( Name: wellknown.TransportSocketTls, ConfigType: &envoy_config_core_v3.TransportSocket_TypedConfig{TypedConfig: utils.MustMessageToAny(downstreamConfig)}, }, + TransportSocketConnectTimeout: timeout, } }