From 816a4edd064c042c012f033e8f2dc27ec84b7742 Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Mon, 5 May 2025 17:05:54 +0500 Subject: [PATCH 01/14] fix: fix size for non-squared app icons (cherry-pick #17663) (#17669) Co-authored-by: Bruno Quaresma fix: fix size for non-squared app icons (#17663) --- site/src/modules/resources/AgentButton.tsx | 3 ++- .../modules/resources/AppLink/AppLink.stories.tsx | 13 +++++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/site/src/modules/resources/AgentButton.tsx b/site/src/modules/resources/AgentButton.tsx index 580358abdd73d..2f772e4f8e0ca 100644 --- a/site/src/modules/resources/AgentButton.tsx +++ b/site/src/modules/resources/AgentButton.tsx @@ -19,7 +19,8 @@ export const AgentButton = forwardRef( "& .MuiButton-startIcon, & .MuiButton-endIcon": { width: 16, height: 16, - "& svg": { width: "100%", height: "100%" }, + + "& svg, & img": { width: "100%", height: "100%" }, }, })} > diff --git a/site/src/modules/resources/AppLink/AppLink.stories.tsx b/site/src/modules/resources/AppLink/AppLink.stories.tsx index db6fbf02c69da..94cb0e2010b66 100644 --- a/site/src/modules/resources/AppLink/AppLink.stories.tsx +++ b/site/src/modules/resources/AppLink/AppLink.stories.tsx @@ -62,6 +62,19 @@ export const WithIcon: Story = { }, }; +export const WithNonSquaredIcon: Story = { + args: { + workspace: MockWorkspace, + app: { + ...MockWorkspaceApp, + icon: "/icon/windsurf.svg", + sharing_level: "owner", + health: "healthy", + }, + agent: MockWorkspaceAgent, + }, +}; + export const ExternalApp: Story = { args: { workspace: MockWorkspace, From e4558e2c54d4d59b63440d27a56a91ab5de36c5c Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Tue, 6 May 2025 08:13:40 +0500 Subject: [PATCH 02/14] fix: fix windsurf icon on light theme (cherry-pick #17679) (#17686) Co-authored-by: Bruno Quaresma fix: fix windsurf icon on light theme (#17679) --- site/src/modules/resources/AppLink/BaseIcon.tsx | 3 ++- site/src/theme/externalImages.ts | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/site/src/modules/resources/AppLink/BaseIcon.tsx b/site/src/modules/resources/AppLink/BaseIcon.tsx index 1f2885a49a02f..b768facbdd482 100644 --- a/site/src/modules/resources/AppLink/BaseIcon.tsx +++ b/site/src/modules/resources/AppLink/BaseIcon.tsx @@ -1,5 +1,6 @@ import ComputerIcon from "@mui/icons-material/Computer"; import type { WorkspaceApp } from "api/typesGenerated"; +import { ExternalImage } from "components/ExternalImage/ExternalImage"; import type { FC } from "react"; interface BaseIconProps { @@ -9,7 +10,7 @@ interface BaseIconProps { export const BaseIcon: FC = ({ app, onIconPathError }) => { return app.icon ? ( - ${`${app.display_name}$ ([ ["/icon/rust.svg", "monochrome"], ["/icon/terminal.svg", "monochrome"], ["/icon/widgets.svg", "monochrome"], + ["/icon/windsurf.svg", "monochrome"], ]); From 2e96160c301b72c0f706ddb9725147815c7f803e Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Wed, 14 May 2025 13:01:48 +0500 Subject: [PATCH 03/14] chore: update alpine 3.21.2 => 3.21.3 (cherry-pick #17773) (#17799) Co-authored-by: Charlie Voiselle <464492+angrycub@users.noreply.github.com> --- scripts/Dockerfile.base | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/Dockerfile.base b/scripts/Dockerfile.base index fdadd87e55a3a..6c8ab5a544e30 100644 --- a/scripts/Dockerfile.base +++ b/scripts/Dockerfile.base @@ -1,7 +1,7 @@ # This is the base image used for Coder images. It's a multi-arch image that is # built in depot.dev for all supported architectures. Since it's built on real # hardware and not cross-compiled, it can have "RUN" commands. -FROM alpine:3.21.2 +FROM alpine:3.21.3 # We use a single RUN command to reduce the number of layers in the image. # NOTE: Keep the Terraform version in sync with minTerraformVersion and From 3a5c2d775428329df9b99f15f3571763cda20f3d Mon Sep 17 00:00:00 2001 From: Stephen Kirby <58410745+stirby@users.noreply.github.com> Date: Wed, 14 May 2025 20:09:45 -0500 Subject: [PATCH 04/14] chore: cherry pick for release 2.22 (#17842) Co-authored-by: Ethan <39577870+ethanndickson@users.noreply.github.com> Co-authored-by: Michael Suchacz <203725896+ibetitsmike@users.noreply.github.com> Co-authored-by: Danny Kopping Co-authored-by: Yevhenii Shcherbina Co-authored-by: Dean Sheather Co-authored-by: Mathias Fredriksson Co-authored-by: Danny Kopping Co-authored-by: Steven Masley --- cli/server.go | 9 + cli/ssh.go | 136 +++++- cli/ssh_internal_test.go | 85 ++++ cli/ssh_test.go | 151 +++++-- cli/update_test.go | 2 +- coderd/database/dump.sql | 77 ++-- ...kspace_latest_builds_optimization.down.sql | 58 +++ ...orkspace_latest_builds_optimization.up.sql | 85 ++++ coderd/testdata/parameters/groups/main.tf | 2 +- codersdk/richparameters.go | 48 +-- codersdk/richparameters_test.go | 57 ++- codersdk/workspacesdk/agentconn.go | 4 +- enterprise/coderd/coderd.go | 2 +- enterprise/coderd/coderd_test.go | 2 +- enterprise/coderd/prebuilds/claim_test.go | 16 +- .../coderd/prebuilds/metricscollector.go | 106 ++++- .../coderd/prebuilds/metricscollector_test.go | 5 + enterprise/coderd/prebuilds/reconcile.go | 98 +++-- enterprise/coderd/prebuilds/reconcile_test.go | 286 +++++++++---- go.mod | 4 +- go.sum | 8 +- provisioner/terraform/resources.go | 6 +- site/src/api/typesGenerated.ts | 1 - tailnet/controllers.go | 32 +- tailnet/controllers_test.go | 9 +- testutil/rwconn.go | 36 ++ vpn/tunnel.go | 77 +++- vpn/tunnel_internal_test.go | 396 ++++++++++++++++++ 28 files changed, 1512 insertions(+), 286 deletions(-) create mode 100644 coderd/database/migrations/000323_workspace_latest_builds_optimization.down.sql create mode 100644 coderd/database/migrations/000323_workspace_latest_builds_optimization.up.sql create mode 100644 testutil/rwconn.go diff --git a/cli/server.go b/cli/server.go index 39cfa52571595..580dae369446c 100644 --- a/cli/server.go +++ b/cli/server.go @@ -739,6 +739,15 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd. _ = sqlDB.Close() }() + if options.DeploymentValues.Prometheus.Enable { + // At this stage we don't think the database name serves much purpose in these metrics. + // It requires parsing the DSN to determine it, which requires pulling in another dependency + // (i.e. https://github.com/jackc/pgx), but it's rather heavy. + // The conn string (https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNSTRING) can + // take different forms, which make parsing non-trivial. + options.PrometheusRegistry.MustRegister(collectors.NewDBStatsCollector(sqlDB, "")) + } + options.Database = database.New(sqlDB) ps, err := pubsub.New(ctx, logger.Named("pubsub"), sqlDB, dbURL) if err != nil { diff --git a/cli/ssh.go b/cli/ssh.go index 2025c1691b7d7..7c5bda073f973 100644 --- a/cli/ssh.go +++ b/cli/ssh.go @@ -8,6 +8,7 @@ import ( "fmt" "io" "log" + "net" "net/http" "net/url" "os" @@ -66,6 +67,7 @@ func (r *RootCmd) ssh() *serpent.Command { stdio bool hostPrefix string hostnameSuffix string + forceNewTunnel bool forwardAgent bool forwardGPG bool identityAgent string @@ -85,6 +87,7 @@ func (r *RootCmd) ssh() *serpent.Command { containerUser string ) client := new(codersdk.Client) + wsClient := workspacesdk.New(client) cmd := &serpent.Command{ Annotations: workspaceCommand, Use: "ssh ", @@ -203,14 +206,14 @@ func (r *RootCmd) ssh() *serpent.Command { parsedEnv = append(parsedEnv, [2]string{k, v}) } - deploymentSSHConfig := codersdk.SSHConfigResponse{ + cliConfig := codersdk.SSHConfigResponse{ HostnamePrefix: hostPrefix, HostnameSuffix: hostnameSuffix, } workspace, workspaceAgent, err := findWorkspaceAndAgentByHostname( ctx, inv, client, - inv.Args[0], deploymentSSHConfig, disableAutostart) + inv.Args[0], cliConfig, disableAutostart) if err != nil { return err } @@ -275,10 +278,44 @@ func (r *RootCmd) ssh() *serpent.Command { return err } + // If we're in stdio mode, check to see if we can use Coder Connect. + // We don't support Coder Connect over non-stdio coder ssh yet. + if stdio && !forceNewTunnel { + connInfo, err := wsClient.AgentConnectionInfoGeneric(ctx) + if err != nil { + return xerrors.Errorf("get agent connection info: %w", err) + } + coderConnectHost := fmt.Sprintf("%s.%s.%s.%s", + workspaceAgent.Name, workspace.Name, workspace.OwnerName, connInfo.HostnameSuffix) + exists, _ := workspacesdk.ExistsViaCoderConnect(ctx, coderConnectHost) + if exists { + defer cancel() + + if networkInfoDir != "" { + if err := writeCoderConnectNetInfo(ctx, networkInfoDir); err != nil { + logger.Error(ctx, "failed to write coder connect net info file", slog.Error(err)) + } + } + + stopPolling := tryPollWorkspaceAutostop(ctx, client, workspace) + defer stopPolling() + + usageAppName := getUsageAppName(usageApp) + if usageAppName != "" { + closeUsage := client.UpdateWorkspaceUsageWithBodyContext(ctx, workspace.ID, codersdk.PostWorkspaceUsageRequest{ + AgentID: workspaceAgent.ID, + AppName: usageAppName, + }) + defer closeUsage() + } + return runCoderConnectStdio(ctx, fmt.Sprintf("%s:22", coderConnectHost), stdioReader, stdioWriter, stack) + } + } + if r.disableDirect { _, _ = fmt.Fprintln(inv.Stderr, "Direct connections disabled.") } - conn, err := workspacesdk.New(client). + conn, err := wsClient. DialAgent(ctx, workspaceAgent.ID, &workspacesdk.DialAgentOptions{ Logger: logger, BlockEndpoints: r.disableDirect, @@ -660,6 +697,12 @@ func (r *RootCmd) ssh() *serpent.Command { Value: serpent.StringOf(&containerUser), Hidden: true, // Hidden until this features is at least in beta. }, + { + Flag: "force-new-tunnel", + Description: "Force the creation of a new tunnel to the workspace, even if the Coder Connect tunnel is available.", + Value: serpent.BoolOf(&forceNewTunnel), + Hidden: true, + }, sshDisableAutostartOption(serpent.BoolOf(&disableAutostart)), } return cmd @@ -1372,12 +1415,13 @@ func setStatsCallback( } type sshNetworkStats struct { - P2P bool `json:"p2p"` - Latency float64 `json:"latency"` - PreferredDERP string `json:"preferred_derp"` - DERPLatency map[string]float64 `json:"derp_latency"` - UploadBytesSec int64 `json:"upload_bytes_sec"` - DownloadBytesSec int64 `json:"download_bytes_sec"` + P2P bool `json:"p2p"` + Latency float64 `json:"latency"` + PreferredDERP string `json:"preferred_derp"` + DERPLatency map[string]float64 `json:"derp_latency"` + UploadBytesSec int64 `json:"upload_bytes_sec"` + DownloadBytesSec int64 `json:"download_bytes_sec"` + UsingCoderConnect bool `json:"using_coder_connect"` } func collectNetworkStats(ctx context.Context, agentConn *workspacesdk.AgentConn, start, end time.Time, counts map[netlogtype.Connection]netlogtype.Counts) (*sshNetworkStats, error) { @@ -1448,6 +1492,80 @@ func collectNetworkStats(ctx context.Context, agentConn *workspacesdk.AgentConn, }, nil } +type coderConnectDialerContextKey struct{} + +type coderConnectDialer interface { + DialContext(ctx context.Context, network, addr string) (net.Conn, error) +} + +func WithTestOnlyCoderConnectDialer(ctx context.Context, dialer coderConnectDialer) context.Context { + return context.WithValue(ctx, coderConnectDialerContextKey{}, dialer) +} + +func testOrDefaultDialer(ctx context.Context) coderConnectDialer { + dialer, ok := ctx.Value(coderConnectDialerContextKey{}).(coderConnectDialer) + if !ok || dialer == nil { + return &net.Dialer{} + } + return dialer +} + +func runCoderConnectStdio(ctx context.Context, addr string, stdin io.Reader, stdout io.Writer, stack *closerStack) error { + dialer := testOrDefaultDialer(ctx) + conn, err := dialer.DialContext(ctx, "tcp", addr) + if err != nil { + return xerrors.Errorf("dial coder connect host: %w", err) + } + if err := stack.push("tcp conn", conn); err != nil { + return err + } + + agentssh.Bicopy(ctx, conn, &StdioRwc{ + Reader: stdin, + Writer: stdout, + }) + + return nil +} + +type StdioRwc struct { + io.Reader + io.Writer +} + +func (*StdioRwc) Close() error { + return nil +} + +func writeCoderConnectNetInfo(ctx context.Context, networkInfoDir string) error { + fs, ok := ctx.Value("fs").(afero.Fs) + if !ok { + fs = afero.NewOsFs() + } + if err := fs.MkdirAll(networkInfoDir, 0o700); err != nil { + return xerrors.Errorf("mkdir: %w", err) + } + + // The VS Code extension obtains the PID of the SSH process to + // find the log file associated with a SSH session. + // + // We get the parent PID because it's assumed `ssh` is calling this + // command via the ProxyCommand SSH option. + networkInfoFilePath := filepath.Join(networkInfoDir, fmt.Sprintf("%d.json", os.Getppid())) + stats := &sshNetworkStats{ + UsingCoderConnect: true, + } + rawStats, err := json.Marshal(stats) + if err != nil { + return xerrors.Errorf("marshal network stats: %w", err) + } + err = afero.WriteFile(fs, networkInfoFilePath, rawStats, 0o600) + if err != nil { + return xerrors.Errorf("write network stats: %w", err) + } + return nil +} + // Converts workspace name input to owner/workspace.agent format // Possible valid input formats: // workspace diff --git a/cli/ssh_internal_test.go b/cli/ssh_internal_test.go index d5e4c049347b2..caee1ec25b710 100644 --- a/cli/ssh_internal_test.go +++ b/cli/ssh_internal_test.go @@ -3,13 +3,17 @@ package cli import ( "context" "fmt" + "io" + "net" "net/url" "sync" "testing" "time" + gliderssh "github.com/gliderlabs/ssh" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" + "golang.org/x/crypto/ssh" "golang.org/x/xerrors" "cdr.dev/slog" @@ -220,6 +224,87 @@ func TestCloserStack_Timeout(t *testing.T) { testutil.TryReceive(ctx, t, closed) } +func TestCoderConnectStdio(t *testing.T) { + t.Parallel() + + ctx := testutil.Context(t, testutil.WaitShort) + logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug) + stack := newCloserStack(ctx, logger, quartz.NewMock(t)) + + clientOutput, clientInput := io.Pipe() + serverOutput, serverInput := io.Pipe() + defer func() { + for _, c := range []io.Closer{clientOutput, clientInput, serverOutput, serverInput} { + _ = c.Close() + } + }() + + server := newSSHServer("127.0.0.1:0") + ln, err := net.Listen("tcp", server.server.Addr) + require.NoError(t, err) + + go func() { + _ = server.Serve(ln) + }() + t.Cleanup(func() { + _ = server.Close() + }) + + stdioDone := make(chan struct{}) + go func() { + err = runCoderConnectStdio(ctx, ln.Addr().String(), clientOutput, serverInput, stack) + assert.NoError(t, err) + close(stdioDone) + }() + + conn, channels, requests, err := ssh.NewClientConn(&testutil.ReaderWriterConn{ + Reader: serverOutput, + Writer: clientInput, + }, "", &ssh.ClientConfig{ + // #nosec + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + }) + require.NoError(t, err) + defer conn.Close() + + sshClient := ssh.NewClient(conn, channels, requests) + session, err := sshClient.NewSession() + require.NoError(t, err) + defer session.Close() + + // We're not connected to a real shell + err = session.Run("") + require.NoError(t, err) + err = sshClient.Close() + require.NoError(t, err) + _ = clientOutput.Close() + + <-stdioDone +} + +type sshServer struct { + server *gliderssh.Server +} + +func newSSHServer(addr string) *sshServer { + return &sshServer{ + server: &gliderssh.Server{ + Addr: addr, + Handler: func(s gliderssh.Session) { + _, _ = io.WriteString(s.Stderr(), "Connected!") + }, + }, + } +} + +func (s *sshServer) Serve(ln net.Listener) error { + return s.server.Serve(ln) +} + +func (s *sshServer) Close() error { + return s.server.Close() +} + type fakeCloser struct { closes *[]*fakeCloser err error diff --git a/cli/ssh_test.go b/cli/ssh_test.go index 2603c81e88cec..5fcb6205d5e45 100644 --- a/cli/ssh_test.go +++ b/cli/ssh_test.go @@ -41,6 +41,7 @@ import ( "github.com/coder/coder/v2/agent/agentssh" "github.com/coder/coder/v2/agent/agenttest" agentproto "github.com/coder/coder/v2/agent/proto" + "github.com/coder/coder/v2/cli" "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/cli/cliui" "github.com/coder/coder/v2/coderd/coderdtest" @@ -473,7 +474,7 @@ func TestSSH(t *testing.T) { assert.NoError(t, err) }) - conn, channels, requests, err := ssh.NewClientConn(&stdioConn{ + conn, channels, requests, err := ssh.NewClientConn(&testutil.ReaderWriterConn{ Reader: serverOutput, Writer: clientInput, }, "", &ssh.ClientConfig{ @@ -542,7 +543,7 @@ func TestSSH(t *testing.T) { signer, err := agentssh.CoderSigner(keySeed) assert.NoError(t, err) - conn, channels, requests, err := ssh.NewClientConn(&stdioConn{ + conn, channels, requests, err := ssh.NewClientConn(&testutil.ReaderWriterConn{ Reader: serverOutput, Writer: clientInput, }, "", &ssh.ClientConfig{ @@ -605,7 +606,7 @@ func TestSSH(t *testing.T) { assert.NoError(t, err) }) - conn, channels, requests, err := ssh.NewClientConn(&stdioConn{ + conn, channels, requests, err := ssh.NewClientConn(&testutil.ReaderWriterConn{ Reader: serverOutput, Writer: clientInput, }, "", &ssh.ClientConfig{ @@ -773,7 +774,7 @@ func TestSSH(t *testing.T) { // have access to the shell. _ = agenttest.New(t, client.URL, authToken) - conn, channels, requests, err := ssh.NewClientConn(&stdioConn{ + conn, channels, requests, err := ssh.NewClientConn(&testutil.ReaderWriterConn{ Reader: proxyCommandStdoutR, Writer: clientStdinW, }, "", &ssh.ClientConfig{ @@ -835,7 +836,7 @@ func TestSSH(t *testing.T) { assert.NoError(t, err) }) - conn, channels, requests, err := ssh.NewClientConn(&stdioConn{ + conn, channels, requests, err := ssh.NewClientConn(&testutil.ReaderWriterConn{ Reader: serverOutput, Writer: clientInput, }, "", &ssh.ClientConfig{ @@ -894,7 +895,7 @@ func TestSSH(t *testing.T) { assert.NoError(t, err) }) - conn, channels, requests, err := ssh.NewClientConn(&stdioConn{ + conn, channels, requests, err := ssh.NewClientConn(&testutil.ReaderWriterConn{ Reader: serverOutput, Writer: clientInput, }, "", &ssh.ClientConfig{ @@ -1082,7 +1083,7 @@ func TestSSH(t *testing.T) { assert.NoError(t, err) }) - conn, channels, requests, err := ssh.NewClientConn(&stdioConn{ + conn, channels, requests, err := ssh.NewClientConn(&testutil.ReaderWriterConn{ Reader: serverOutput, Writer: clientInput, }, "", &ssh.ClientConfig{ @@ -1741,7 +1742,7 @@ func TestSSH(t *testing.T) { assert.NoError(t, err) }) - conn, channels, requests, err := ssh.NewClientConn(&stdioConn{ + conn, channels, requests, err := ssh.NewClientConn(&testutil.ReaderWriterConn{ Reader: serverOutput, Writer: clientInput, }, "", &ssh.ClientConfig{ @@ -2102,6 +2103,111 @@ func TestSSH_Container(t *testing.T) { }) } +func TestSSH_CoderConnect(t *testing.T) { + t.Parallel() + + t.Run("Enabled", func(t *testing.T) { + t.Parallel() + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitShort) + defer cancel() + + fs := afero.NewMemMapFs() + //nolint:revive,staticcheck + ctx = context.WithValue(ctx, "fs", fs) + + client, workspace, agentToken := setupWorkspaceForAgent(t) + inv, root := clitest.New(t, "ssh", workspace.Name, "--network-info-dir", "/net", "--stdio") + clitest.SetupConfig(t, client, root) + _ = ptytest.New(t).Attach(inv) + + ctx = cli.WithTestOnlyCoderConnectDialer(ctx, &fakeCoderConnectDialer{}) + ctx = withCoderConnectRunning(ctx) + + errCh := make(chan error, 1) + tGo(t, func() { + err := inv.WithContext(ctx).Run() + errCh <- err + }) + + _ = agenttest.New(t, client.URL, agentToken) + coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID) + + err := testutil.TryReceive(ctx, t, errCh) + // Our mock dialer will always fail with this error, if it was called + require.ErrorContains(t, err, "dial coder connect host \"dev.myworkspace.myuser.coder:22\" over tcp") + + // The network info file should be created since we passed `--stdio` + entries, err := afero.ReadDir(fs, "/net") + require.NoError(t, err) + require.True(t, len(entries) > 0) + }) + + t.Run("Disabled", func(t *testing.T) { + t.Parallel() + client, workspace, agentToken := setupWorkspaceForAgent(t) + + _ = agenttest.New(t, client.URL, agentToken) + coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID) + + clientOutput, clientInput := io.Pipe() + serverOutput, serverInput := io.Pipe() + defer func() { + for _, c := range []io.Closer{clientOutput, clientInput, serverOutput, serverInput} { + _ = c.Close() + } + }() + + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) + defer cancel() + + inv, root := clitest.New(t, "ssh", "--force-new-tunnel", "--stdio", workspace.Name) + clitest.SetupConfig(t, client, root) + inv.Stdin = clientOutput + inv.Stdout = serverInput + inv.Stderr = io.Discard + + ctx = cli.WithTestOnlyCoderConnectDialer(ctx, &fakeCoderConnectDialer{}) + ctx = withCoderConnectRunning(ctx) + + cmdDone := tGo(t, func() { + err := inv.WithContext(ctx).Run() + // Shouldn't fail to dial the Coder Connect host + // since `--force-new-tunnel` was passed + assert.NoError(t, err) + }) + + conn, channels, requests, err := ssh.NewClientConn(&testutil.ReaderWriterConn{ + Reader: serverOutput, + Writer: clientInput, + }, "", &ssh.ClientConfig{ + // #nosec + HostKeyCallback: ssh.InsecureIgnoreHostKey(), + }) + require.NoError(t, err) + defer conn.Close() + + sshClient := ssh.NewClient(conn, channels, requests) + session, err := sshClient.NewSession() + require.NoError(t, err) + defer session.Close() + + // Shells on Mac, Windows, and Linux all exit shells with the "exit" command. + err = session.Run("exit") + require.NoError(t, err) + err = sshClient.Close() + require.NoError(t, err) + _ = clientOutput.Close() + + <-cmdDone + }) +} + +type fakeCoderConnectDialer struct{} + +func (*fakeCoderConnectDialer) DialContext(ctx context.Context, network, addr string) (net.Conn, error) { + return nil, xerrors.Errorf("dial coder connect host %q over %s", addr, network) +} + // tGoContext runs fn in a goroutine passing a context that will be // canceled on test completion and wait until fn has finished executing. // Done and cancel are returned for optionally waiting until completion @@ -2145,35 +2251,6 @@ func tGo(t *testing.T, fn func()) (done <-chan struct{}) { return doneC } -type stdioConn struct { - io.Reader - io.Writer -} - -func (*stdioConn) Close() (err error) { - return nil -} - -func (*stdioConn) LocalAddr() net.Addr { - return nil -} - -func (*stdioConn) RemoteAddr() net.Addr { - return nil -} - -func (*stdioConn) SetDeadline(_ time.Time) error { - return nil -} - -func (*stdioConn) SetReadDeadline(_ time.Time) error { - return nil -} - -func (*stdioConn) SetWriteDeadline(_ time.Time) error { - return nil -} - // tempDirUnixSocket returns a temporary directory that can safely hold unix // sockets (probably). // diff --git a/cli/update_test.go b/cli/update_test.go index 413c3d3c37f67..367a8196aa499 100644 --- a/cli/update_test.go +++ b/cli/update_test.go @@ -757,7 +757,7 @@ func TestUpdateValidateRichParameters(t *testing.T) { err := inv.Run() // TODO: improve validation so we catch this problem before it reaches the server // but for now just validate that the server actually catches invalid monotonicity - assert.ErrorContains(t, err, fmt.Sprintf("parameter value must be equal or greater than previous value: %s", tempVal)) + assert.ErrorContains(t, err, "parameter value '1' must be equal or greater than previous value: 2") }() matches := []string{ diff --git a/coderd/database/dump.sql b/coderd/database/dump.sql index 83d998b2b9a3e..bb81b0d5e75b5 100644 --- a/coderd/database/dump.sql +++ b/coderd/database/dump.sql @@ -1991,18 +1991,52 @@ CREATE VIEW workspace_build_with_user AS COMMENT ON VIEW workspace_build_with_user IS 'Joins in the username + avatar url of the initiated by user.'; +CREATE TABLE workspaces ( + id uuid NOT NULL, + created_at timestamp with time zone NOT NULL, + updated_at timestamp with time zone NOT NULL, + owner_id uuid NOT NULL, + organization_id uuid NOT NULL, + template_id uuid NOT NULL, + deleted boolean DEFAULT false NOT NULL, + name character varying(64) NOT NULL, + autostart_schedule text, + ttl bigint, + last_used_at timestamp with time zone DEFAULT '0001-01-01 00:00:00+00'::timestamp with time zone NOT NULL, + dormant_at timestamp with time zone, + deleting_at timestamp with time zone, + automatic_updates automatic_updates DEFAULT 'never'::automatic_updates NOT NULL, + favorite boolean DEFAULT false NOT NULL, + next_start_at timestamp with time zone +); + +COMMENT ON COLUMN workspaces.favorite IS 'Favorite is true if the workspace owner has favorited the workspace.'; + CREATE VIEW workspace_latest_builds AS - SELECT DISTINCT ON (wb.workspace_id) wb.id, - wb.workspace_id, - wb.template_version_id, - wb.job_id, - wb.template_version_preset_id, - wb.transition, - wb.created_at, - pj.job_status - FROM (workspace_builds wb - JOIN provisioner_jobs pj ON ((wb.job_id = pj.id))) - ORDER BY wb.workspace_id, wb.build_number DESC; + SELECT latest_build.id, + latest_build.workspace_id, + latest_build.template_version_id, + latest_build.job_id, + latest_build.template_version_preset_id, + latest_build.transition, + latest_build.created_at, + latest_build.job_status + FROM (workspaces + LEFT JOIN LATERAL ( SELECT workspace_builds.id, + workspace_builds.workspace_id, + workspace_builds.template_version_id, + workspace_builds.job_id, + workspace_builds.template_version_preset_id, + workspace_builds.transition, + workspace_builds.created_at, + provisioner_jobs.job_status + FROM (workspace_builds + JOIN provisioner_jobs ON ((provisioner_jobs.id = workspace_builds.job_id))) + WHERE (workspace_builds.workspace_id = workspaces.id) + ORDER BY workspace_builds.build_number DESC + LIMIT 1) latest_build ON (true)) + WHERE (workspaces.deleted = false) + ORDER BY workspaces.id; CREATE TABLE workspace_modules ( id uuid NOT NULL, @@ -2039,27 +2073,6 @@ CREATE TABLE workspace_resources ( module_path text ); -CREATE TABLE workspaces ( - id uuid NOT NULL, - created_at timestamp with time zone NOT NULL, - updated_at timestamp with time zone NOT NULL, - owner_id uuid NOT NULL, - organization_id uuid NOT NULL, - template_id uuid NOT NULL, - deleted boolean DEFAULT false NOT NULL, - name character varying(64) NOT NULL, - autostart_schedule text, - ttl bigint, - last_used_at timestamp with time zone DEFAULT '0001-01-01 00:00:00+00'::timestamp with time zone NOT NULL, - dormant_at timestamp with time zone, - deleting_at timestamp with time zone, - automatic_updates automatic_updates DEFAULT 'never'::automatic_updates NOT NULL, - favorite boolean DEFAULT false NOT NULL, - next_start_at timestamp with time zone -); - -COMMENT ON COLUMN workspaces.favorite IS 'Favorite is true if the workspace owner has favorited the workspace.'; - CREATE VIEW workspace_prebuilds AS WITH all_prebuilds AS ( SELECT w.id, diff --git a/coderd/database/migrations/000323_workspace_latest_builds_optimization.down.sql b/coderd/database/migrations/000323_workspace_latest_builds_optimization.down.sql new file mode 100644 index 0000000000000..9d9ae7aff4bd9 --- /dev/null +++ b/coderd/database/migrations/000323_workspace_latest_builds_optimization.down.sql @@ -0,0 +1,58 @@ +DROP VIEW workspace_prebuilds; +DROP VIEW workspace_latest_builds; + +-- Revert to previous version from 000314_prebuilds.up.sql +CREATE VIEW workspace_latest_builds AS +SELECT DISTINCT ON (workspace_id) + wb.id, + wb.workspace_id, + wb.template_version_id, + wb.job_id, + wb.template_version_preset_id, + wb.transition, + wb.created_at, + pj.job_status +FROM workspace_builds wb + INNER JOIN provisioner_jobs pj ON wb.job_id = pj.id +ORDER BY wb.workspace_id, wb.build_number DESC; + +-- Recreate the dependent views +CREATE VIEW workspace_prebuilds AS + WITH all_prebuilds AS ( + SELECT w.id, + w.name, + w.template_id, + w.created_at + FROM workspaces w + WHERE (w.owner_id = 'c42fdf75-3097-471c-8c33-fb52454d81c0'::uuid) + ), workspaces_with_latest_presets AS ( + SELECT DISTINCT ON (workspace_builds.workspace_id) workspace_builds.workspace_id, + workspace_builds.template_version_preset_id + FROM workspace_builds + WHERE (workspace_builds.template_version_preset_id IS NOT NULL) + ORDER BY workspace_builds.workspace_id, workspace_builds.build_number DESC + ), workspaces_with_agents_status AS ( + SELECT w.id AS workspace_id, + bool_and((wa.lifecycle_state = 'ready'::workspace_agent_lifecycle_state)) AS ready + FROM (((workspaces w + JOIN workspace_latest_builds wlb ON ((wlb.workspace_id = w.id))) + JOIN workspace_resources wr ON ((wr.job_id = wlb.job_id))) + JOIN workspace_agents wa ON ((wa.resource_id = wr.id))) + WHERE (w.owner_id = 'c42fdf75-3097-471c-8c33-fb52454d81c0'::uuid) + GROUP BY w.id + ), current_presets AS ( + SELECT w.id AS prebuild_id, + wlp.template_version_preset_id + FROM (workspaces w + JOIN workspaces_with_latest_presets wlp ON ((wlp.workspace_id = w.id))) + WHERE (w.owner_id = 'c42fdf75-3097-471c-8c33-fb52454d81c0'::uuid) + ) + SELECT p.id, + p.name, + p.template_id, + p.created_at, + COALESCE(a.ready, false) AS ready, + cp.template_version_preset_id AS current_preset_id + FROM ((all_prebuilds p + LEFT JOIN workspaces_with_agents_status a ON ((a.workspace_id = p.id))) + JOIN current_presets cp ON ((cp.prebuild_id = p.id))); diff --git a/coderd/database/migrations/000323_workspace_latest_builds_optimization.up.sql b/coderd/database/migrations/000323_workspace_latest_builds_optimization.up.sql new file mode 100644 index 0000000000000..d65e09ef47339 --- /dev/null +++ b/coderd/database/migrations/000323_workspace_latest_builds_optimization.up.sql @@ -0,0 +1,85 @@ +-- Drop the dependent views +DROP VIEW workspace_prebuilds; +-- Previously created in 000314_prebuilds.up.sql +DROP VIEW workspace_latest_builds; + +-- The previous version of this view had two sequential scans on two very large +-- tables. This version optimized it by using index scans (via a lateral join) +-- AND avoiding selecting builds from deleted workspaces. +CREATE VIEW workspace_latest_builds AS +SELECT + latest_build.id, + latest_build.workspace_id, + latest_build.template_version_id, + latest_build.job_id, + latest_build.template_version_preset_id, + latest_build.transition, + latest_build.created_at, + latest_build.job_status +FROM workspaces +LEFT JOIN LATERAL ( + SELECT + workspace_builds.id AS id, + workspace_builds.workspace_id AS workspace_id, + workspace_builds.template_version_id AS template_version_id, + workspace_builds.job_id AS job_id, + workspace_builds.template_version_preset_id AS template_version_preset_id, + workspace_builds.transition AS transition, + workspace_builds.created_at AS created_at, + provisioner_jobs.job_status AS job_status + FROM + workspace_builds + JOIN + provisioner_jobs + ON + provisioner_jobs.id = workspace_builds.job_id + WHERE + workspace_builds.workspace_id = workspaces.id + ORDER BY + build_number DESC + LIMIT + 1 +) latest_build ON TRUE +WHERE workspaces.deleted = false +ORDER BY workspaces.id ASC; + +-- Recreate the dependent views +CREATE VIEW workspace_prebuilds AS + WITH all_prebuilds AS ( + SELECT w.id, + w.name, + w.template_id, + w.created_at + FROM workspaces w + WHERE (w.owner_id = 'c42fdf75-3097-471c-8c33-fb52454d81c0'::uuid) + ), workspaces_with_latest_presets AS ( + SELECT DISTINCT ON (workspace_builds.workspace_id) workspace_builds.workspace_id, + workspace_builds.template_version_preset_id + FROM workspace_builds + WHERE (workspace_builds.template_version_preset_id IS NOT NULL) + ORDER BY workspace_builds.workspace_id, workspace_builds.build_number DESC + ), workspaces_with_agents_status AS ( + SELECT w.id AS workspace_id, + bool_and((wa.lifecycle_state = 'ready'::workspace_agent_lifecycle_state)) AS ready + FROM (((workspaces w + JOIN workspace_latest_builds wlb ON ((wlb.workspace_id = w.id))) + JOIN workspace_resources wr ON ((wr.job_id = wlb.job_id))) + JOIN workspace_agents wa ON ((wa.resource_id = wr.id))) + WHERE (w.owner_id = 'c42fdf75-3097-471c-8c33-fb52454d81c0'::uuid) + GROUP BY w.id + ), current_presets AS ( + SELECT w.id AS prebuild_id, + wlp.template_version_preset_id + FROM (workspaces w + JOIN workspaces_with_latest_presets wlp ON ((wlp.workspace_id = w.id))) + WHERE (w.owner_id = 'c42fdf75-3097-471c-8c33-fb52454d81c0'::uuid) + ) + SELECT p.id, + p.name, + p.template_id, + p.created_at, + COALESCE(a.ready, false) AS ready, + cp.template_version_preset_id AS current_preset_id + FROM ((all_prebuilds p + LEFT JOIN workspaces_with_agents_status a ON ((a.workspace_id = p.id))) + JOIN current_presets cp ON ((cp.prebuild_id = p.id))); diff --git a/coderd/testdata/parameters/groups/main.tf b/coderd/testdata/parameters/groups/main.tf index 9356cc2840e91..8bed301f33ce5 100644 --- a/coderd/testdata/parameters/groups/main.tf +++ b/coderd/testdata/parameters/groups/main.tf @@ -12,7 +12,7 @@ data "coder_parameter" "group" { name = "group" default = try(data.coder_workspace_owner.me.groups[0], "") dynamic "option" { - for_each = data.coder_workspace_owner.me.groups + for_each = concat(data.coder_workspace_owner.me.groups, "bloob") content { name = option.value value = option.value diff --git a/codersdk/richparameters.go b/codersdk/richparameters.go index 2ddd5d00f6c41..f00c947715f9d 100644 --- a/codersdk/richparameters.go +++ b/codersdk/richparameters.go @@ -1,9 +1,8 @@ package codersdk import ( - "strconv" - "golang.org/x/xerrors" + "tailscale.com/types/ptr" "github.com/coder/terraform-provider-coder/v2/provider" ) @@ -46,47 +45,31 @@ func ValidateWorkspaceBuildParameter(richParameter TemplateVersionParameter, bui } func validateBuildParameter(richParameter TemplateVersionParameter, buildParameter *WorkspaceBuildParameter, lastBuildParameter *WorkspaceBuildParameter) error { - var value string + var ( + current string + previous *string + ) if buildParameter != nil { - value = buildParameter.Value + current = buildParameter.Value } - if richParameter.Required && value == "" { - return xerrors.Errorf("parameter value is required") + if lastBuildParameter != nil { + previous = ptr.To(lastBuildParameter.Value) } - if value == "" { // parameter is optional, so take the default value - value = richParameter.DefaultValue + if richParameter.Required && current == "" { + return xerrors.Errorf("parameter value is required") } - if lastBuildParameter != nil && lastBuildParameter.Value != "" && richParameter.Type == "number" && len(richParameter.ValidationMonotonic) > 0 { - prev, err := strconv.Atoi(lastBuildParameter.Value) - if err != nil { - return xerrors.Errorf("previous parameter value is not a number: %s", lastBuildParameter.Value) - } - - current, err := strconv.Atoi(buildParameter.Value) - if err != nil { - return xerrors.Errorf("current parameter value is not a number: %s", buildParameter.Value) - } - - switch richParameter.ValidationMonotonic { - case MonotonicOrderIncreasing: - if prev > current { - return xerrors.Errorf("parameter value must be equal or greater than previous value: %d", prev) - } - case MonotonicOrderDecreasing: - if prev < current { - return xerrors.Errorf("parameter value must be equal or lower than previous value: %d", prev) - } - } + if current == "" { // parameter is optional, so take the default value + current = richParameter.DefaultValue } if len(richParameter.Options) > 0 { var matched bool for _, opt := range richParameter.Options { - if opt.Value == value { + if opt.Value == current { matched = true break } @@ -95,7 +78,6 @@ func validateBuildParameter(richParameter TemplateVersionParameter, buildParamet if !matched { return xerrors.Errorf("parameter value must match one of options: %s", parameterValuesAsArray(richParameter.Options)) } - return nil } if !validationEnabled(richParameter) { @@ -119,7 +101,7 @@ func validateBuildParameter(richParameter TemplateVersionParameter, buildParamet Error: richParameter.ValidationError, Monotonic: string(richParameter.ValidationMonotonic), } - return validation.Valid(richParameter.Type, value) + return validation.Valid(richParameter.Type, current, previous) } func findBuildParameter(params []WorkspaceBuildParameter, parameterName string) (*WorkspaceBuildParameter, bool) { @@ -164,7 +146,7 @@ type ParameterResolver struct { // resolves the correct value. It returns the value of the parameter, if valid, and an error if invalid. func (r *ParameterResolver) ValidateResolve(p TemplateVersionParameter, v *WorkspaceBuildParameter) (value string, err error) { prevV := r.findLastValue(p) - if !p.Mutable && v != nil && prevV != nil { + if !p.Mutable && v != nil && prevV != nil && v.Value != prevV.Value { return "", xerrors.Errorf("Parameter %q is not mutable, so it can't be updated after creating a workspace.", p.Name) } if p.Required && v == nil && prevV == nil { diff --git a/codersdk/richparameters_test.go b/codersdk/richparameters_test.go index 16365f7c2f416..5635a82beb6c6 100644 --- a/codersdk/richparameters_test.go +++ b/codersdk/richparameters_test.go @@ -1,6 +1,7 @@ package codersdk_test import ( + "fmt" "testing" "github.com/stretchr/testify/require" @@ -121,20 +122,60 @@ func TestParameterResolver_ValidateResolve_NewOverridesOld(t *testing.T) { func TestParameterResolver_ValidateResolve_Immutable(t *testing.T) { t.Parallel() uut := codersdk.ParameterResolver{ - Rich: []codersdk.WorkspaceBuildParameter{{Name: "n", Value: "5"}}, + Rich: []codersdk.WorkspaceBuildParameter{{Name: "n", Value: "old"}}, } p := codersdk.TemplateVersionParameter{ Name: "n", - Type: "number", + Type: "string", Required: true, Mutable: false, } - v, err := uut.ValidateResolve(p, &codersdk.WorkspaceBuildParameter{ - Name: "n", - Value: "6", - }) - require.Error(t, err) - require.Equal(t, "", v) + + cases := []struct { + name string + newValue string + expectedErr string + }{ + { + name: "mutation", + newValue: "new", // "new" != "old" + expectedErr: fmt.Sprintf("Parameter %q is not mutable", p.Name), + }, + { + // Values are case-sensitive. + name: "case change", + newValue: "Old", // "Old" != "old" + expectedErr: fmt.Sprintf("Parameter %q is not mutable", p.Name), + }, + { + name: "default", + newValue: "", // "" != "old" + expectedErr: fmt.Sprintf("Parameter %q is not mutable", p.Name), + }, + { + name: "no change", + newValue: "old", // "old" == "old" + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + v, err := uut.ValidateResolve(p, &codersdk.WorkspaceBuildParameter{ + Name: "n", + Value: tc.newValue, + }) + + if tc.expectedErr == "" { + require.NoError(t, err) + require.Equal(t, tc.newValue, v) + } else { + require.ErrorContains(t, err, tc.expectedErr) + require.Equal(t, "", v) + } + }) + } } func TestRichParameterValidation(t *testing.T) { diff --git a/codersdk/workspacesdk/agentconn.go b/codersdk/workspacesdk/agentconn.go index fa569080f7dd2..97b4268c68780 100644 --- a/codersdk/workspacesdk/agentconn.go +++ b/codersdk/workspacesdk/agentconn.go @@ -185,14 +185,12 @@ func (c *AgentConn) SSHOnPort(ctx context.Context, port uint16) (*gonet.TCPConn, return c.DialContextTCP(ctx, netip.AddrPortFrom(c.agentAddress(), port)) } -// SSHClient calls SSH to create a client that uses a weak cipher -// to improve throughput. +// SSHClient calls SSH to create a client func (c *AgentConn) SSHClient(ctx context.Context) (*ssh.Client, error) { return c.SSHClientOnPort(ctx, AgentSSHPort) } // SSHClientOnPort calls SSH to create a client on a specific port -// that uses a weak cipher to improve throughput. func (c *AgentConn) SSHClientOnPort(ctx context.Context, port uint16) (*ssh.Client, error) { ctx, span := tracing.StartSpan(ctx) defer span.End() diff --git a/enterprise/coderd/coderd.go b/enterprise/coderd/coderd.go index ca3531b60db78..8b473e8168ffa 100644 --- a/enterprise/coderd/coderd.go +++ b/enterprise/coderd/coderd.go @@ -1166,5 +1166,5 @@ func (api *API) setupPrebuilds(featureEnabled bool) (agplprebuilds.Reconciliatio reconciler := prebuilds.NewStoreReconciler(api.Database, api.Pubsub, api.DeploymentValues.Prebuilds, api.Logger.Named("prebuilds"), quartz.NewReal(), api.PrometheusRegistry) - return reconciler, prebuilds.EnterpriseClaimer{} + return reconciler, prebuilds.NewEnterpriseClaimer(api.Database) } diff --git a/enterprise/coderd/coderd_test.go b/enterprise/coderd/coderd_test.go index 4a3c47e56a671..446fce042d70f 100644 --- a/enterprise/coderd/coderd_test.go +++ b/enterprise/coderd/coderd_test.go @@ -331,7 +331,7 @@ func TestEntitlements_Prebuilds(t *testing.T) { if tc.expectedEnabled { require.IsType(t, &prebuilds.StoreReconciler{}, *reconciler) - require.IsType(t, prebuilds.EnterpriseClaimer{}, *claimer) + require.IsType(t, &prebuilds.EnterpriseClaimer{}, *claimer) } else { require.Equal(t, &agplprebuilds.DefaultReconciler, reconciler) require.Equal(t, &agplprebuilds.DefaultClaimer, claimer) diff --git a/enterprise/coderd/prebuilds/claim_test.go b/enterprise/coderd/prebuilds/claim_test.go index 145095e6533e7..ad31d2b4eff1b 100644 --- a/enterprise/coderd/prebuilds/claim_test.go +++ b/enterprise/coderd/prebuilds/claim_test.go @@ -329,9 +329,8 @@ func TestClaimPrebuild(t *testing.T) { require.NoError(t, err) stopBuild, err := userClient.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{ - TemplateVersionID: version.ID, - Transition: codersdk.WorkspaceTransitionStop, - RichParameterValues: wp, + TemplateVersionID: version.ID, + Transition: codersdk.WorkspaceTransitionStop, }) require.NoError(t, err) coderdtest.AwaitWorkspaceBuildJobCompleted(t, userClient, stopBuild.ID) @@ -369,6 +368,17 @@ func templateWithAgentAndPresetsWithPrebuilds(desiredInstances int32) *echo.Resp }, }, }, + // Make sure immutable params don't break claiming logic + Parameters: []*proto.RichParameter{ + { + Name: "k1", + Description: "immutable param", + Type: "string", + DefaultValue: "", + Required: false, + Mutable: false, + }, + }, Presets: []*proto.Preset{ { Name: "preset-a", diff --git a/enterprise/coderd/prebuilds/metricscollector.go b/enterprise/coderd/prebuilds/metricscollector.go index 7b55227effffa..76089c025243d 100644 --- a/enterprise/coderd/prebuilds/metricscollector.go +++ b/enterprise/coderd/prebuilds/metricscollector.go @@ -2,14 +2,17 @@ package prebuilds import ( "context" + "fmt" + "sync/atomic" "time" - "cdr.dev/slog" - "github.com/prometheus/client_golang/prometheus" + "golang.org/x/xerrors" + + "cdr.dev/slog" "github.com/coder/coder/v2/coderd/database" - "github.com/coder/coder/v2/coderd/database/dbauthz" + "github.com/coder/coder/v2/coderd/database/dbtime" "github.com/coder/coder/v2/coderd/prebuilds" ) @@ -55,20 +58,34 @@ var ( labels, nil, ) + lastUpdateDesc = prometheus.NewDesc( + "coderd_prebuilt_workspaces_metrics_last_updated", + "The unix timestamp when the metrics related to prebuilt workspaces were last updated; these metrics are cached.", + []string{}, + nil, + ) +) + +const ( + metricsUpdateInterval = time.Second * 15 + metricsUpdateTimeout = time.Second * 10 ) type MetricsCollector struct { database database.Store logger slog.Logger snapshotter prebuilds.StateSnapshotter + + latestState atomic.Pointer[metricsState] } var _ prometheus.Collector = new(MetricsCollector) func NewMetricsCollector(db database.Store, logger slog.Logger, snapshotter prebuilds.StateSnapshotter) *MetricsCollector { + log := logger.Named("prebuilds_metrics_collector") return &MetricsCollector{ database: db, - logger: logger.Named("prebuilds_metrics_collector"), + logger: log, snapshotter: snapshotter, } } @@ -80,38 +97,34 @@ func (*MetricsCollector) Describe(descCh chan<- *prometheus.Desc) { descCh <- desiredPrebuildsDesc descCh <- runningPrebuildsDesc descCh <- eligiblePrebuildsDesc + descCh <- lastUpdateDesc } +// Collect uses the cached state to set configured metrics. +// The state is cached because this function can be called multiple times per second and retrieving the current state +// is an expensive operation. func (mc *MetricsCollector) Collect(metricsCh chan<- prometheus.Metric) { - // nolint:gocritic // We need to set an authz context to read metrics from the db. - ctx, cancel := context.WithTimeout(dbauthz.AsPrebuildsOrchestrator(context.Background()), 10*time.Second) - defer cancel() - prebuildMetrics, err := mc.database.GetPrebuildMetrics(ctx) - if err != nil { - mc.logger.Error(ctx, "failed to get prebuild metrics", slog.Error(err)) + currentState := mc.latestState.Load() // Grab a copy; it's ok if it goes stale during the course of this func. + if currentState == nil { + mc.logger.Warn(context.Background(), "failed to set prebuilds metrics; state not set") + metricsCh <- prometheus.MustNewConstMetric(lastUpdateDesc, prometheus.GaugeValue, 0) return } - for _, metric := range prebuildMetrics { + for _, metric := range currentState.prebuildMetrics { metricsCh <- prometheus.MustNewConstMetric(createdPrebuildsDesc, prometheus.CounterValue, float64(metric.CreatedCount), metric.TemplateName, metric.PresetName, metric.OrganizationName) metricsCh <- prometheus.MustNewConstMetric(failedPrebuildsDesc, prometheus.CounterValue, float64(metric.FailedCount), metric.TemplateName, metric.PresetName, metric.OrganizationName) metricsCh <- prometheus.MustNewConstMetric(claimedPrebuildsDesc, prometheus.CounterValue, float64(metric.ClaimedCount), metric.TemplateName, metric.PresetName, metric.OrganizationName) } - snapshot, err := mc.snapshotter.SnapshotState(ctx, mc.database) - if err != nil { - mc.logger.Error(ctx, "failed to get latest prebuild state", slog.Error(err)) - return - } - - for _, preset := range snapshot.Presets { + for _, preset := range currentState.snapshot.Presets { if !preset.UsingActiveVersion { continue } - presetSnapshot, err := snapshot.FilterByPreset(preset.ID) + presetSnapshot, err := currentState.snapshot.FilterByPreset(preset.ID) if err != nil { - mc.logger.Error(ctx, "failed to filter by preset", slog.Error(err)) + mc.logger.Error(context.Background(), "failed to filter by preset", slog.Error(err)) continue } state := presetSnapshot.CalculateState() @@ -120,4 +133,57 @@ func (mc *MetricsCollector) Collect(metricsCh chan<- prometheus.Metric) { metricsCh <- prometheus.MustNewConstMetric(runningPrebuildsDesc, prometheus.GaugeValue, float64(state.Actual), preset.TemplateName, preset.Name, preset.OrganizationName) metricsCh <- prometheus.MustNewConstMetric(eligiblePrebuildsDesc, prometheus.GaugeValue, float64(state.Eligible), preset.TemplateName, preset.Name, preset.OrganizationName) } + + metricsCh <- prometheus.MustNewConstMetric(lastUpdateDesc, prometheus.GaugeValue, float64(currentState.createdAt.Unix())) +} + +type metricsState struct { + prebuildMetrics []database.GetPrebuildMetricsRow + snapshot *prebuilds.GlobalSnapshot + createdAt time.Time +} + +// BackgroundFetch updates the metrics state every given interval. +func (mc *MetricsCollector) BackgroundFetch(ctx context.Context, updateInterval, updateTimeout time.Duration) { + tick := time.NewTicker(time.Nanosecond) + defer tick.Stop() + + for { + select { + case <-ctx.Done(): + return + case <-tick.C: + // Tick immediately, then set regular interval. + tick.Reset(updateInterval) + + if err := mc.UpdateState(ctx, updateTimeout); err != nil { + mc.logger.Error(ctx, "failed to update prebuilds metrics state", slog.Error(err)) + } + } + } +} + +// UpdateState builds the current metrics state. +func (mc *MetricsCollector) UpdateState(ctx context.Context, timeout time.Duration) error { + start := time.Now() + fetchCtx, fetchCancel := context.WithTimeout(ctx, timeout) + defer fetchCancel() + + prebuildMetrics, err := mc.database.GetPrebuildMetrics(fetchCtx) + if err != nil { + return xerrors.Errorf("fetch prebuild metrics: %w", err) + } + + snapshot, err := mc.snapshotter.SnapshotState(fetchCtx, mc.database) + if err != nil { + return xerrors.Errorf("snapshot state: %w", err) + } + mc.logger.Debug(ctx, "fetched prebuilds metrics state", slog.F("duration_secs", fmt.Sprintf("%.2f", time.Since(start).Seconds()))) + + mc.latestState.Store(&metricsState{ + prebuildMetrics: prebuildMetrics, + snapshot: snapshot, + createdAt: dbtime.Now(), + }) + return nil } diff --git a/enterprise/coderd/prebuilds/metricscollector_test.go b/enterprise/coderd/prebuilds/metricscollector_test.go index 859509ced6635..de3f5d017f715 100644 --- a/enterprise/coderd/prebuilds/metricscollector_test.go +++ b/enterprise/coderd/prebuilds/metricscollector_test.go @@ -16,6 +16,7 @@ import ( "github.com/coder/quartz" "github.com/coder/coder/v2/coderd/database" + "github.com/coder/coder/v2/coderd/database/dbauthz" "github.com/coder/coder/v2/coderd/database/dbgen" "github.com/coder/coder/v2/coderd/database/dbtestutil" agplprebuilds "github.com/coder/coder/v2/coderd/prebuilds" @@ -248,6 +249,10 @@ func TestMetricsCollector(t *testing.T) { setupTestDBWorkspaceAgent(t, db, workspace.ID, eligible) } + // Force an update to the metrics state to allow the collector to collect fresh metrics. + // nolint:gocritic // Authz context needed to retrieve state. + require.NoError(t, collector.UpdateState(dbauthz.AsPrebuildsOrchestrator(ctx), testutil.WaitLong)) + metricsFamilies, err := registry.Gather() require.NoError(t, err) diff --git a/enterprise/coderd/prebuilds/reconcile.go b/enterprise/coderd/prebuilds/reconcile.go index 1b99e46a56680..79a8baa337e72 100644 --- a/enterprise/coderd/prebuilds/reconcile.go +++ b/enterprise/coderd/prebuilds/reconcile.go @@ -5,6 +5,7 @@ import ( "database/sql" "fmt" "math" + "sync" "sync/atomic" "time" @@ -40,10 +41,11 @@ type StoreReconciler struct { registerer prometheus.Registerer metrics *MetricsCollector - cancelFn context.CancelCauseFunc - running atomic.Bool - stopped atomic.Bool - done chan struct{} + cancelFn context.CancelCauseFunc + running atomic.Bool + stopped atomic.Bool + done chan struct{} + provisionNotifyCh chan database.ProvisionerJob } var _ prebuilds.ReconciliationOrchestrator = &StoreReconciler{} @@ -56,19 +58,22 @@ func NewStoreReconciler(store database.Store, registerer prometheus.Registerer, ) *StoreReconciler { reconciler := &StoreReconciler{ - store: store, - pubsub: ps, - logger: logger, - cfg: cfg, - clock: clock, - registerer: registerer, - done: make(chan struct{}, 1), + store: store, + pubsub: ps, + logger: logger, + cfg: cfg, + clock: clock, + registerer: registerer, + done: make(chan struct{}, 1), + provisionNotifyCh: make(chan database.ProvisionerJob, 10), } - reconciler.metrics = NewMetricsCollector(store, logger, reconciler) - if err := registerer.Register(reconciler.metrics); err != nil { - // If the registerer fails to register the metrics collector, it's not fatal. - logger.Error(context.Background(), "failed to register prometheus metrics", slog.Error(err)) + if registerer != nil { + reconciler.metrics = NewMetricsCollector(store, logger, reconciler) + if err := registerer.Register(reconciler.metrics); err != nil { + // If the registerer fails to register the metrics collector, it's not fatal. + logger.Error(context.Background(), "failed to register prometheus metrics", slog.Error(err)) + } } return reconciler @@ -85,9 +90,11 @@ func (c *StoreReconciler) Run(ctx context.Context) { slog.F("backoff_interval", c.cfg.ReconciliationBackoffInterval.String()), slog.F("backoff_lookback", c.cfg.ReconciliationBackoffLookback.String())) + var wg sync.WaitGroup ticker := c.clock.NewTicker(reconciliationInterval) defer ticker.Stop() defer func() { + wg.Wait() c.done <- struct{}{} }() @@ -95,11 +102,43 @@ func (c *StoreReconciler) Run(ctx context.Context) { ctx, cancel := context.WithCancelCause(dbauthz.AsPrebuildsOrchestrator(ctx)) c.cancelFn = cancel + // Start updating metrics in the background. + if c.metrics != nil { + wg.Add(1) + go func() { + defer wg.Done() + c.metrics.BackgroundFetch(ctx, metricsUpdateInterval, metricsUpdateTimeout) + }() + } + // Everything is in place, reconciler can now be considered as running. // // NOTE: without this atomic bool, Stop might race with Run for the c.cancelFn above. c.running.Store(true) + // Publish provisioning jobs outside of database transactions. + // A connection is held while a database transaction is active; PGPubsub also tries to acquire a new connection on + // Publish, so we can exhaust available connections. + // + // A single worker dequeues from the channel, which should be sufficient. + // If any messages are missed due to congestion or errors, provisionerdserver has a backup polling mechanism which + // will periodically pick up any queued jobs (see poll(time.Duration) in coderd/provisionerdserver/acquirer.go). + go func() { + for { + select { + case <-c.done: + return + case <-ctx.Done(): + return + case job := <-c.provisionNotifyCh: + err := provisionerjobs.PostJob(c.pubsub, job) + if err != nil { + c.logger.Error(ctx, "failed to post provisioner job to pubsub", slog.Error(err)) + } + } + } + }() + for { select { // TODO: implement pubsub listener to allow reconciling a specific template imperatively once it has been changed, @@ -549,13 +588,18 @@ func (c *StoreReconciler) provision( builder := wsbuilder.New(workspace, transition). Reason(database.BuildReasonInitiator). Initiator(prebuilds.SystemUserID). - VersionID(template.ActiveVersionID). - MarkPrebuild(). - TemplateVersionPresetID(presetID) + MarkPrebuild() - // We only inject the required params when the prebuild is being created. - // This mirrors the behavior of regular workspace deletion (see cli/delete.go). if transition != database.WorkspaceTransitionDelete { + // We don't specify the version for a delete transition, + // because the prebuilt workspace may have been created using an older template version. + // If the version isn't explicitly set, the builder will automatically use the version + // from the last workspace build — which is the desired behavior. + builder = builder.VersionID(template.ActiveVersionID) + + // We only inject the required params when the prebuild is being created. + // This mirrors the behavior of regular workspace deletion (see cli/delete.go). + builder = builder.TemplateVersionPresetID(presetID) builder = builder.RichParameterValues(params) } @@ -571,10 +615,16 @@ func (c *StoreReconciler) provision( return xerrors.Errorf("provision workspace: %w", err) } - err = provisionerjobs.PostJob(c.pubsub, *provisionerJob) - if err != nil { - // Client probably doesn't care about this error, so just log it. - c.logger.Error(ctx, "failed to post provisioner job to pubsub", slog.Error(err)) + if provisionerJob == nil { + return nil + } + + // Publish provisioner job event outside of transaction. + select { + case c.provisionNotifyCh <- *provisionerJob: + default: // channel full, drop the message; provisioner will pick this job up later with its periodic check, though. + c.logger.Warn(ctx, "provisioner job notification queue full, dropping", + slog.F("job_id", provisionerJob.ID), slog.F("prebuild_id", prebuildID.String())) } c.logger.Info(ctx, "prebuild job scheduled", slog.F("transition", transition), diff --git a/enterprise/coderd/prebuilds/reconcile_test.go b/enterprise/coderd/prebuilds/reconcile_test.go index 9783b215f185b..a1666134a7965 100644 --- a/enterprise/coderd/prebuilds/reconcile_test.go +++ b/enterprise/coderd/prebuilds/reconcile_test.go @@ -9,6 +9,7 @@ import ( "time" "github.com/prometheus/client_golang/prometheus" + "golang.org/x/xerrors" "github.com/coder/coder/v2/coderd/database/dbtime" "github.com/coder/coder/v2/coderd/util/slice" @@ -303,100 +304,106 @@ func TestPrebuildReconciliation(t *testing.T) { for _, prebuildLatestTransition := range tc.prebuildLatestTransitions { for _, prebuildJobStatus := range tc.prebuildJobStatuses { for _, templateDeleted := range tc.templateDeleted { - t.Run(fmt.Sprintf("%s - %s - %s", tc.name, prebuildLatestTransition, prebuildJobStatus), func(t *testing.T) { - t.Parallel() - t.Cleanup(func() { - if t.Failed() { - t.Logf("failed to run test: %s", tc.name) - t.Logf("templateVersionActive: %t", templateVersionActive) - t.Logf("prebuildLatestTransition: %s", prebuildLatestTransition) - t.Logf("prebuildJobStatus: %s", prebuildJobStatus) + for _, useBrokenPubsub := range []bool{true, false} { + t.Run(fmt.Sprintf("%s - %s - %s - pubsub_broken=%v", tc.name, prebuildLatestTransition, prebuildJobStatus, useBrokenPubsub), func(t *testing.T) { + t.Parallel() + t.Cleanup(func() { + if t.Failed() { + t.Logf("failed to run test: %s", tc.name) + t.Logf("templateVersionActive: %t", templateVersionActive) + t.Logf("prebuildLatestTransition: %s", prebuildLatestTransition) + t.Logf("prebuildJobStatus: %s", prebuildJobStatus) + } + }) + clock := quartz.NewMock(t) + ctx := testutil.Context(t, testutil.WaitShort) + cfg := codersdk.PrebuildsConfig{} + logger := slogtest.Make( + t, &slogtest.Options{IgnoreErrors: true}, + ).Leveled(slog.LevelDebug) + db, pubSub := dbtestutil.NewDB(t) + + ownerID := uuid.New() + dbgen.User(t, db, database.User{ + ID: ownerID, + }) + org, template := setupTestDBTemplate(t, db, ownerID, templateDeleted) + templateVersionID := setupTestDBTemplateVersion( + ctx, + t, + clock, + db, + pubSub, + org.ID, + ownerID, + template.ID, + ) + preset := setupTestDBPreset( + t, + db, + templateVersionID, + 1, + uuid.New().String(), + ) + prebuild := setupTestDBPrebuild( + t, + clock, + db, + pubSub, + prebuildLatestTransition, + prebuildJobStatus, + org.ID, + preset, + template.ID, + templateVersionID, + ) + + if !templateVersionActive { + // Create a new template version and mark it as active + // This marks the template version that we care about as inactive + setupTestDBTemplateVersion(ctx, t, clock, db, pubSub, org.ID, ownerID, template.ID) } - }) - clock := quartz.NewMock(t) - ctx := testutil.Context(t, testutil.WaitShort) - cfg := codersdk.PrebuildsConfig{} - logger := slogtest.Make( - t, &slogtest.Options{IgnoreErrors: true}, - ).Leveled(slog.LevelDebug) - db, pubSub := dbtestutil.NewDB(t) - controller := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry()) - - ownerID := uuid.New() - dbgen.User(t, db, database.User{ - ID: ownerID, - }) - org, template := setupTestDBTemplate(t, db, ownerID, templateDeleted) - templateVersionID := setupTestDBTemplateVersion( - ctx, - t, - clock, - db, - pubSub, - org.ID, - ownerID, - template.ID, - ) - preset := setupTestDBPreset( - t, - db, - templateVersionID, - 1, - uuid.New().String(), - ) - prebuild := setupTestDBPrebuild( - t, - clock, - db, - pubSub, - prebuildLatestTransition, - prebuildJobStatus, - org.ID, - preset, - template.ID, - templateVersionID, - ) - - if !templateVersionActive { - // Create a new template version and mark it as active - // This marks the template version that we care about as inactive - setupTestDBTemplateVersion(ctx, t, clock, db, pubSub, org.ID, ownerID, template.ID) - } - - // Run the reconciliation multiple times to ensure idempotency - // 8 was arbitrary, but large enough to reasonably trust the result - for i := 1; i <= 8; i++ { - require.NoErrorf(t, controller.ReconcileAll(ctx), "failed on iteration %d", i) - - if tc.shouldCreateNewPrebuild != nil { - newPrebuildCount := 0 - workspaces, err := db.GetWorkspacesByTemplateID(ctx, template.ID) - require.NoError(t, err) - for _, workspace := range workspaces { - if workspace.ID != prebuild.ID { - newPrebuildCount++ + + if useBrokenPubsub { + pubSub = &brokenPublisher{Pubsub: pubSub} + } + controller := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry()) + + // Run the reconciliation multiple times to ensure idempotency + // 8 was arbitrary, but large enough to reasonably trust the result + for i := 1; i <= 8; i++ { + require.NoErrorf(t, controller.ReconcileAll(ctx), "failed on iteration %d", i) + + if tc.shouldCreateNewPrebuild != nil { + newPrebuildCount := 0 + workspaces, err := db.GetWorkspacesByTemplateID(ctx, template.ID) + require.NoError(t, err) + for _, workspace := range workspaces { + if workspace.ID != prebuild.ID { + newPrebuildCount++ + } } + // This test configures a preset that desires one prebuild. + // In cases where new prebuilds should be created, there should be exactly one. + require.Equal(t, *tc.shouldCreateNewPrebuild, newPrebuildCount == 1) } - // This test configures a preset that desires one prebuild. - // In cases where new prebuilds should be created, there should be exactly one. - require.Equal(t, *tc.shouldCreateNewPrebuild, newPrebuildCount == 1) - } - if tc.shouldDeleteOldPrebuild != nil { - builds, err := db.GetWorkspaceBuildsByWorkspaceID(ctx, database.GetWorkspaceBuildsByWorkspaceIDParams{ - WorkspaceID: prebuild.ID, - }) - require.NoError(t, err) - if *tc.shouldDeleteOldPrebuild { - require.Equal(t, 2, len(builds)) - require.Equal(t, database.WorkspaceTransitionDelete, builds[0].Transition) - } else { - require.Equal(t, 1, len(builds)) - require.Equal(t, prebuildLatestTransition, builds[0].Transition) + if tc.shouldDeleteOldPrebuild != nil { + builds, err := db.GetWorkspaceBuildsByWorkspaceID(ctx, database.GetWorkspaceBuildsByWorkspaceIDParams{ + WorkspaceID: prebuild.ID, + }) + require.NoError(t, err) + if *tc.shouldDeleteOldPrebuild { + require.Equal(t, 2, len(builds)) + require.Equal(t, database.WorkspaceTransitionDelete, builds[0].Transition) + } else { + require.Equal(t, 1, len(builds)) + require.Equal(t, prebuildLatestTransition, builds[0].Transition) + } } } - } - }) + }) + } } } } @@ -404,6 +411,21 @@ func TestPrebuildReconciliation(t *testing.T) { } } +// brokenPublisher is used to validate that Publish() calls which always fail do not affect the reconciler's behavior, +// since the messages published are not essential but merely advisory. +type brokenPublisher struct { + pubsub.Pubsub +} + +// Publish deliberately fails. +// I'm explicitly _not_ checking for EventJobPosted (coderd/database/provisionerjobs/provisionerjobs.go) since that +// requires too much knowledge of the underlying implementation. +func (*brokenPublisher) Publish(event string, _ []byte) error { + // Mimick some work being done. + <-time.After(testutil.IntervalFast) + return xerrors.Errorf("failed to publish %q", event) +} + func TestMultiplePresetsPerTemplateVersion(t *testing.T) { t.Parallel() @@ -554,6 +576,75 @@ func TestInvalidPreset(t *testing.T) { } } +func TestDeletionOfPrebuiltWorkspaceWithInvalidPreset(t *testing.T) { + t.Parallel() + + if !dbtestutil.WillUsePostgres() { + t.Skip("This test requires postgres") + } + + templateDeleted := false + + clock := quartz.NewMock(t) + ctx := testutil.Context(t, testutil.WaitShort) + cfg := codersdk.PrebuildsConfig{} + logger := slogtest.Make( + t, &slogtest.Options{IgnoreErrors: true}, + ).Leveled(slog.LevelDebug) + db, pubSub := dbtestutil.NewDB(t) + controller := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry()) + + ownerID := uuid.New() + dbgen.User(t, db, database.User{ + ID: ownerID, + }) + org, template := setupTestDBTemplate(t, db, ownerID, templateDeleted) + templateVersionID := setupTestDBTemplateVersion(ctx, t, clock, db, pubSub, org.ID, ownerID, template.ID) + preset := setupTestDBPreset(t, db, templateVersionID, 1, uuid.New().String()) + prebuiltWorkspace := setupTestDBPrebuild( + t, + clock, + db, + pubSub, + database.WorkspaceTransitionStart, + database.ProvisionerJobStatusSucceeded, + org.ID, + preset, + template.ID, + templateVersionID, + ) + + workspaces, err := db.GetWorkspacesByTemplateID(ctx, template.ID) + require.NoError(t, err) + // make sure we have only one workspace + require.Equal(t, 1, len(workspaces)) + + // Create a new template version and mark it as active. + // This marks the previous template version as inactive. + templateVersionID = setupTestDBTemplateVersion(ctx, t, clock, db, pubSub, org.ID, ownerID, template.ID) + // Add required param, which is not set in preset. + // It means that creating of new prebuilt workspace will fail, but we should be able to clean up old prebuilt workspaces. + dbgen.TemplateVersionParameter(t, db, database.TemplateVersionParameter{ + TemplateVersionID: templateVersionID, + Name: "required-param", + Description: "required param which isn't set in preset", + Type: "bool", + DefaultValue: "", + Required: true, + }) + + // Old prebuilt workspace should be deleted. + require.NoError(t, controller.ReconcileAll(ctx)) + + builds, err := db.GetWorkspaceBuildsByWorkspaceID(ctx, database.GetWorkspaceBuildsByWorkspaceIDParams{ + WorkspaceID: prebuiltWorkspace.ID, + }) + require.NoError(t, err) + // Make sure old prebuild workspace was deleted, despite it contains required parameter which isn't set in preset. + require.Equal(t, 2, len(builds)) + require.Equal(t, database.WorkspaceTransitionDelete, builds[0].Transition) +} + func TestRunLoop(t *testing.T) { t.Parallel() @@ -901,6 +992,16 @@ func setupTestDBTemplateVersion( ID: templateID, ActiveVersionID: templateVersion.ID, })) + // Make sure immutable params don't break prebuilt workspace deletion logic + dbgen.TemplateVersionParameter(t, db, database.TemplateVersionParameter{ + TemplateVersionID: templateVersion.ID, + Name: "test", + Description: "required & immutable param", + Type: "string", + DefaultValue: "", + Required: true, + Mutable: false, + }) return templateVersion.ID } @@ -999,7 +1100,7 @@ func setupTestDBWorkspace( OrganizationID: orgID, Error: buildError, }) - dbgen.WorkspaceBuild(t, db, database.WorkspaceBuild{ + workspaceBuild := dbgen.WorkspaceBuild(t, db, database.WorkspaceBuild{ WorkspaceID: workspace.ID, InitiatorID: initiatorID, TemplateVersionID: templateVersionID, @@ -1008,6 +1109,13 @@ func setupTestDBWorkspace( Transition: transition, CreatedAt: clock.Now(), }) + dbgen.WorkspaceBuildParameters(t, db, []database.WorkspaceBuildParameter{ + { + WorkspaceBuildID: workspaceBuild.ID, + Name: "test", + Value: "test", + }, + }) return workspace } diff --git a/go.mod b/go.mod index 8ff0ba1fa2376..a2f8bda5c97bb 100644 --- a/go.mod +++ b/go.mod @@ -101,7 +101,7 @@ require ( github.com/coder/quartz v0.1.2 github.com/coder/retry v1.5.1 github.com/coder/serpent v0.10.0 - github.com/coder/terraform-provider-coder/v2 v2.4.0-pre1.0.20250417100258-c86bb5c3ddcd + github.com/coder/terraform-provider-coder/v2 v2.4.0 github.com/coder/websocket v1.8.13 github.com/coder/wgtunnel v0.1.13-0.20240522110300-ade90dfb2da0 github.com/coreos/go-oidc/v3 v3.14.1 @@ -487,7 +487,7 @@ require ( ) require ( - github.com/coder/preview v0.0.1 + github.com/coder/preview v0.0.2-0.20250510235314-66630669ff6f github.com/fsnotify/fsnotify v1.9.0 github.com/kylecarbs/aisdk-go v0.0.5 github.com/mark3labs/mcp-go v0.23.1 diff --git a/go.sum b/go.sum index fc05152d34122..4a2c74f8dc69e 100644 --- a/go.sum +++ b/go.sum @@ -907,8 +907,8 @@ github.com/coder/pq v1.10.5-0.20240813183442-0c420cb5a048 h1:3jzYUlGH7ZELIH4XggX github.com/coder/pq v1.10.5-0.20240813183442-0c420cb5a048/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0 h1:3A0ES21Ke+FxEM8CXx9n47SZOKOpgSE1bbJzlE4qPVs= github.com/coder/pretty v0.0.0-20230908205945-e89ba86370e0/go.mod h1:5UuS2Ts+nTToAMeOjNlnHFkPahrtDkmpydBen/3wgZc= -github.com/coder/preview v0.0.1 h1:2X5McKdMOZJILTIDf7qRplXKupT+91qTJBN67XUh5cA= -github.com/coder/preview v0.0.1/go.mod h1:eInDmOdSDF8cxCvapIvYkGRzmzvcvGAFL1HYqcA4g+E= +github.com/coder/preview v0.0.2-0.20250510235314-66630669ff6f h1:Q1AcLBpRRR8rf/H+GxcJaZ5Ox4UeIRkDgc6wvvmOJAo= +github.com/coder/preview v0.0.2-0.20250510235314-66630669ff6f/go.mod h1:GfkwIv5gQLpL01qeGU1/YoxoFtt5trzCqnWZLo77clU= github.com/coder/quartz v0.1.2 h1:PVhc9sJimTdKd3VbygXtS4826EOCpB1fXoRlLnCrE+s= github.com/coder/quartz v0.1.2/go.mod h1:vsiCc+AHViMKH2CQpGIpFgdHIEQsxwm8yCscqKmzbRA= github.com/coder/retry v1.5.1 h1:iWu8YnD8YqHs3XwqrqsjoBTAVqT9ml6z9ViJ2wlMiqc= @@ -921,8 +921,8 @@ github.com/coder/tailscale v1.1.1-0.20250422090654-5090e715905e h1:nope/SZfoLB9M github.com/coder/tailscale v1.1.1-0.20250422090654-5090e715905e/go.mod h1:1ggFFdHTRjPRu9Yc1yA7nVHBYB50w9Ce7VIXNqcW6Ko= github.com/coder/terraform-config-inspect v0.0.0-20250107175719-6d06d90c630e h1:JNLPDi2P73laR1oAclY6jWzAbucf70ASAvf5mh2cME0= github.com/coder/terraform-config-inspect v0.0.0-20250107175719-6d06d90c630e/go.mod h1:Gz/z9Hbn+4KSp8A2FBtNszfLSdT2Tn/uAKGuVqqWmDI= -github.com/coder/terraform-provider-coder/v2 v2.4.0-pre1.0.20250417100258-c86bb5c3ddcd h1:FsIG6Fd0YOEK7D0Hl/CJywRA+Y6Gd5RQbSIa2L+/BmE= -github.com/coder/terraform-provider-coder/v2 v2.4.0-pre1.0.20250417100258-c86bb5c3ddcd/go.mod h1:56/KdGYaA+VbwXJbTI8CA57XPfnuTxN8rjxbR34PbZw= +github.com/coder/terraform-provider-coder/v2 v2.4.0 h1:uuFmF03IyahAZLXEukOdmvV9hGfUMJSESD8+G5wkTcM= +github.com/coder/terraform-provider-coder/v2 v2.4.0/go.mod h1:2kaBpn5k9ZWtgKq5k4JbkVZG9DzEqR4mJSmpdshcO+s= github.com/coder/trivy v0.0.0-20250409153844-e6b004bc465a h1:yryP7e+IQUAArlycH4hQrjXQ64eRNbxsV5/wuVXHgME= github.com/coder/trivy v0.0.0-20250409153844-e6b004bc465a/go.mod h1:dDvq9axp3kZsT63gY2Znd1iwzfqDq3kXbQnccIrjRYY= github.com/coder/websocket v1.8.13 h1:f3QZdXy7uGVz+4uCJy2nTZyM0yTBj8yANEHhqlXZ9FE= diff --git a/provisioner/terraform/resources.go b/provisioner/terraform/resources.go index da86ab2f3d48e..ce881480ad3aa 100644 --- a/provisioner/terraform/resources.go +++ b/provisioner/terraform/resources.go @@ -749,13 +749,17 @@ func ConvertState(ctx context.Context, modules []*tfjson.StateModule, rawGraph s if err != nil { return nil, xerrors.Errorf("decode map values for coder_parameter.%s: %w", resource.Name, err) } + var defaultVal string + if param.Default != nil { + defaultVal = *param.Default + } protoParam := &proto.RichParameter{ Name: param.Name, DisplayName: param.DisplayName, Description: param.Description, Type: param.Type, Mutable: param.Mutable, - DefaultValue: param.Default, + DefaultValue: defaultVal, Icon: param.Icon, Required: !param.Optional, // #nosec G115 - Safe conversion as parameter order value is expected to be within int32 range diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index d879c09d119b2..afa766af64a84 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -1770,7 +1770,6 @@ export interface PreviewParameterValidation { readonly validation_min: number | null; readonly validation_max: number | null; readonly validation_monotonic: string | null; - readonly validation_invalid: boolean | null; } // From codersdk/deployment.go diff --git a/tailnet/controllers.go b/tailnet/controllers.go index 2328e19640a4d..b7d4e246a4bee 100644 --- a/tailnet/controllers.go +++ b/tailnet/controllers.go @@ -897,6 +897,21 @@ type Workspace struct { agents map[uuid.UUID]*Agent } +func (w *Workspace) Clone() Workspace { + agents := make(map[uuid.UUID]*Agent, len(w.agents)) + for k, v := range w.agents { + clone := v.Clone() + agents[k] = &clone + } + return Workspace{ + ID: w.ID, + Name: w.Name, + Status: w.Status, + ownerUsername: w.ownerUsername, + agents: agents, + } +} + type DNSNameOptions struct { Suffix string } @@ -1049,6 +1064,7 @@ func (t *tunnelUpdater) recvLoop() { t.logger.Debug(context.Background(), "tunnel updater recvLoop started") defer t.logger.Debug(context.Background(), "tunnel updater recvLoop done") defer close(t.recvLoopDone) + updateKind := Snapshot for { update, err := t.client.Recv() if err != nil { @@ -1061,8 +1077,10 @@ func (t *tunnelUpdater) recvLoop() { } t.logger.Debug(context.Background(), "got workspace update", slog.F("workspace_update", update), + slog.F("update_kind", updateKind), ) - err = t.handleUpdate(update) + err = t.handleUpdate(update, updateKind) + updateKind = Diff if err != nil { t.logger.Critical(context.Background(), "failed to handle workspace Update", slog.Error(err)) cErr := t.client.Close() @@ -1083,14 +1101,23 @@ type WorkspaceUpdate struct { UpsertedAgents []*Agent DeletedWorkspaces []*Workspace DeletedAgents []*Agent + Kind UpdateKind } +type UpdateKind int + +const ( + Diff UpdateKind = iota + Snapshot +) + func (w *WorkspaceUpdate) Clone() WorkspaceUpdate { clone := WorkspaceUpdate{ UpsertedWorkspaces: make([]*Workspace, len(w.UpsertedWorkspaces)), UpsertedAgents: make([]*Agent, len(w.UpsertedAgents)), DeletedWorkspaces: make([]*Workspace, len(w.DeletedWorkspaces)), DeletedAgents: make([]*Agent, len(w.DeletedAgents)), + Kind: w.Kind, } for i, ws := range w.UpsertedWorkspaces { clone.UpsertedWorkspaces[i] = &Workspace{ @@ -1115,7 +1142,7 @@ func (w *WorkspaceUpdate) Clone() WorkspaceUpdate { return clone } -func (t *tunnelUpdater) handleUpdate(update *proto.WorkspaceUpdate) error { +func (t *tunnelUpdater) handleUpdate(update *proto.WorkspaceUpdate, updateKind UpdateKind) error { t.Lock() defer t.Unlock() @@ -1124,6 +1151,7 @@ func (t *tunnelUpdater) handleUpdate(update *proto.WorkspaceUpdate) error { UpsertedAgents: []*Agent{}, DeletedWorkspaces: []*Workspace{}, DeletedAgents: []*Agent{}, + Kind: updateKind, } for _, uw := range update.UpsertedWorkspaces { diff --git a/tailnet/controllers_test.go b/tailnet/controllers_test.go index 67834de462655..bb5b543378ebe 100644 --- a/tailnet/controllers_test.go +++ b/tailnet/controllers_test.go @@ -1611,6 +1611,7 @@ func TestTunnelAllWorkspaceUpdatesController_Initial(t *testing.T) { }, DeletedWorkspaces: []*tailnet.Workspace{}, DeletedAgents: []*tailnet.Agent{}, + Kind: tailnet.Snapshot, } // And the callback @@ -1626,6 +1627,9 @@ func TestTunnelAllWorkspaceUpdatesController_Initial(t *testing.T) { slices.SortFunc(recvState.UpsertedAgents, func(a, b *tailnet.Agent) int { return strings.Compare(a.Name, b.Name) }) + // tunnel is still open, so it's a diff + currentState.Kind = tailnet.Diff + require.Equal(t, currentState, recvState) } @@ -1692,14 +1696,17 @@ func TestTunnelAllWorkspaceUpdatesController_DeleteAgent(t *testing.T) { }, DeletedWorkspaces: []*tailnet.Workspace{}, DeletedAgents: []*tailnet.Agent{}, + Kind: tailnet.Snapshot, } cbUpdate := testutil.TryReceive(ctx, t, fUH.ch) require.Equal(t, initRecvUp, cbUpdate) - // Current state should match initial state, err := updateCtrl.CurrentState() require.NoError(t, err) + // tunnel is still open, so it's a diff + initRecvUp.Kind = tailnet.Diff + require.Equal(t, initRecvUp, state) // Send update that removes w1a1 and adds w1a2 diff --git a/testutil/rwconn.go b/testutil/rwconn.go new file mode 100644 index 0000000000000..a731e9c3c0ab0 --- /dev/null +++ b/testutil/rwconn.go @@ -0,0 +1,36 @@ +package testutil + +import ( + "io" + "net" + "time" +) + +type ReaderWriterConn struct { + io.Reader + io.Writer +} + +func (*ReaderWriterConn) Close() (err error) { + return nil +} + +func (*ReaderWriterConn) LocalAddr() net.Addr { + return nil +} + +func (*ReaderWriterConn) RemoteAddr() net.Addr { + return nil +} + +func (*ReaderWriterConn) SetDeadline(_ time.Time) error { + return nil +} + +func (*ReaderWriterConn) SetReadDeadline(_ time.Time) error { + return nil +} + +func (*ReaderWriterConn) SetWriteDeadline(_ time.Time) error { + return nil +} diff --git a/vpn/tunnel.go b/vpn/tunnel.go index 63de203980d14..6c71aecaa0965 100644 --- a/vpn/tunnel.go +++ b/vpn/tunnel.go @@ -88,6 +88,7 @@ func NewTunnel( netLoopDone: make(chan struct{}), uSendCh: s.sendCh, agents: map[uuid.UUID]tailnet.Agent{}, + workspaces: map[uuid.UUID]tailnet.Workspace{}, clock: quartz.NewReal(), }, } @@ -347,7 +348,9 @@ type updater struct { uSendCh chan<- *TunnelMessage // agents contains the agents that are currently connected to the tunnel. agents map[uuid.UUID]tailnet.Agent - conn Conn + // workspaces contains the workspaces to which agents are currently connected via the tunnel. + workspaces map[uuid.UUID]tailnet.Workspace + conn Conn clock quartz.Clock } @@ -397,6 +400,11 @@ func (u *updater) sendUpdateResponse(req *request[*TunnelMessage, *ManagerMessag // createPeerUpdateLocked creates a PeerUpdate message from a workspace update, populating // the network status of the agents. func (u *updater) createPeerUpdateLocked(update tailnet.WorkspaceUpdate) *PeerUpdate { + // if the update is a snapshot, we need to process the full state + if update.Kind == tailnet.Snapshot { + processSnapshotUpdate(&update, u.agents, u.workspaces) + } + out := &PeerUpdate{ UpsertedWorkspaces: make([]*Workspace, len(update.UpsertedWorkspaces)), UpsertedAgents: make([]*Agent, len(update.UpsertedAgents)), @@ -404,7 +412,20 @@ func (u *updater) createPeerUpdateLocked(update tailnet.WorkspaceUpdate) *PeerUp DeletedAgents: make([]*Agent, len(update.DeletedAgents)), } - u.saveUpdateLocked(update) + // save the workspace update to the tunnel's state, such that it can + // be used to populate automated peer updates. + for _, agent := range update.UpsertedAgents { + u.agents[agent.ID] = agent.Clone() + } + for _, agent := range update.DeletedAgents { + delete(u.agents, agent.ID) + } + for _, workspace := range update.UpsertedWorkspaces { + u.workspaces[workspace.ID] = workspace.Clone() + } + for _, workspace := range update.DeletedWorkspaces { + delete(u.workspaces, workspace.ID) + } for i, ws := range update.UpsertedWorkspaces { out.UpsertedWorkspaces[i] = &Workspace{ @@ -413,6 +434,7 @@ func (u *updater) createPeerUpdateLocked(update tailnet.WorkspaceUpdate) *PeerUp Status: Workspace_Status(ws.Status), } } + upsertedAgents := u.convertAgentsLocked(update.UpsertedAgents) out.UpsertedAgents = upsertedAgents for i, ws := range update.DeletedWorkspaces { @@ -472,17 +494,6 @@ func (u *updater) convertAgentsLocked(agents []*tailnet.Agent) []*Agent { return out } -// saveUpdateLocked saves the workspace update to the tunnel's state, such that it can -// be used to populate automated peer updates. -func (u *updater) saveUpdateLocked(update tailnet.WorkspaceUpdate) { - for _, agent := range update.UpsertedAgents { - u.agents[agent.ID] = agent.Clone() - } - for _, agent := range update.DeletedAgents { - delete(u.agents, agent.ID) - } -} - // setConn sets the `conn` and returns false if there's already a connection set. func (u *updater) setConn(conn Conn) bool { u.mu.Lock() @@ -552,6 +563,46 @@ func (u *updater) netStatusLoop() { } } +// processSnapshotUpdate handles the logic when a full state update is received. +// When the tunnel is live, we only receive diffs, but the first packet on any given +// reconnect to the tailnet API is a full state. +// Without this logic we weren't processing deletes for any workspaces or agents deleted +// while the client was disconnected while the computer was asleep. +func processSnapshotUpdate(update *tailnet.WorkspaceUpdate, agents map[uuid.UUID]tailnet.Agent, workspaces map[uuid.UUID]tailnet.Workspace) { + // ignoredWorkspaces is initially populated with the workspaces that are + // in the current update. Later on we populate it with the deleted workspaces too + // so that we don't send duplicate updates. Same applies to ignoredAgents. + ignoredWorkspaces := make(map[uuid.UUID]struct{}, len(update.UpsertedWorkspaces)) + ignoredAgents := make(map[uuid.UUID]struct{}, len(update.UpsertedAgents)) + + for _, workspace := range update.UpsertedWorkspaces { + ignoredWorkspaces[workspace.ID] = struct{}{} + } + for _, agent := range update.UpsertedAgents { + ignoredAgents[agent.ID] = struct{}{} + } + for _, agent := range agents { + if _, present := ignoredAgents[agent.ID]; !present { + // delete any current agents that are not in the new update + update.DeletedAgents = append(update.DeletedAgents, &tailnet.Agent{ + ID: agent.ID, + Name: agent.Name, + WorkspaceID: agent.WorkspaceID, + }) + } + } + for _, workspace := range workspaces { + if _, present := ignoredWorkspaces[workspace.ID]; !present { + update.DeletedWorkspaces = append(update.DeletedWorkspaces, &tailnet.Workspace{ + ID: workspace.ID, + Name: workspace.Name, + Status: workspace.Status, + }) + ignoredWorkspaces[workspace.ID] = struct{}{} + } + } +} + // hostsToIPStrings returns a slice of all unique IP addresses in the values // of the given map. func hostsToIPStrings(hosts map[dnsname.FQDN][]netip.Addr) []string { diff --git a/vpn/tunnel_internal_test.go b/vpn/tunnel_internal_test.go index d1d7377361f79..2beba66d7a7d2 100644 --- a/vpn/tunnel_internal_test.go +++ b/vpn/tunnel_internal_test.go @@ -2,6 +2,7 @@ package vpn import ( "context" + "maps" "net" "net/netip" "net/url" @@ -292,6 +293,7 @@ func TestUpdater_createPeerUpdate(t *testing.T) { ctx: ctx, netLoopDone: make(chan struct{}), agents: map[uuid.UUID]tailnet.Agent{}, + workspaces: map[uuid.UUID]tailnet.Workspace{}, conn: newFakeConn(tailnet.WorkspaceUpdate{}, hsTime), } @@ -486,6 +488,212 @@ func TestTunnel_sendAgentUpdate(t *testing.T) { require.Equal(t, hsTime, req.msg.GetPeerUpdate().UpsertedAgents[0].LastHandshake.AsTime()) } +func TestTunnel_sendAgentUpdateReconnect(t *testing.T) { + t.Parallel() + + ctx := testutil.Context(t, testutil.WaitShort) + + mClock := quartz.NewMock(t) + + wID1 := uuid.UUID{1} + aID1 := uuid.UUID{2} + aID2 := uuid.UUID{3} + + hsTime := time.Now().Add(-time.Minute).UTC() + + client := newFakeClient(ctx, t) + conn := newFakeConn(tailnet.WorkspaceUpdate{}, hsTime) + + tun, mgr := setupTunnel(t, ctx, client, mClock) + errCh := make(chan error, 1) + var resp *TunnelMessage + go func() { + r, err := mgr.unaryRPC(ctx, &ManagerMessage{ + Msg: &ManagerMessage_Start{ + Start: &StartRequest{ + TunnelFileDescriptor: 2, + CoderUrl: "https://coder.example.com", + ApiToken: "fakeToken", + }, + }, + }) + resp = r + errCh <- err + }() + testutil.RequireSend(ctx, t, client.ch, conn) + err := testutil.TryReceive(ctx, t, errCh) + require.NoError(t, err) + _, ok := resp.Msg.(*TunnelMessage_Start) + require.True(t, ok) + + // Inform the tunnel of the initial state + err = tun.Update(tailnet.WorkspaceUpdate{ + UpsertedWorkspaces: []*tailnet.Workspace{ + { + ID: wID1, Name: "w1", Status: proto.Workspace_STARTING, + }, + }, + UpsertedAgents: []*tailnet.Agent{ + { + ID: aID1, + Name: "agent1", + WorkspaceID: wID1, + Hosts: map[dnsname.FQDN][]netip.Addr{ + "agent1.coder.": {netip.MustParseAddr("fd60:627a:a42b:0101::")}, + }, + }, + }, + }) + require.NoError(t, err) + req := testutil.TryReceive(ctx, t, mgr.requests) + require.Nil(t, req.msg.Rpc) + require.NotNil(t, req.msg.GetPeerUpdate()) + require.Len(t, req.msg.GetPeerUpdate().UpsertedAgents, 1) + require.Equal(t, aID1[:], req.msg.GetPeerUpdate().UpsertedAgents[0].Id) + + // Upsert a new agent simulating a reconnect + err = tun.Update(tailnet.WorkspaceUpdate{ + UpsertedWorkspaces: []*tailnet.Workspace{ + { + ID: wID1, Name: "w1", Status: proto.Workspace_STARTING, + }, + }, + UpsertedAgents: []*tailnet.Agent{ + { + ID: aID2, + Name: "agent2", + WorkspaceID: wID1, + Hosts: map[dnsname.FQDN][]netip.Addr{ + "agent2.coder.": {netip.MustParseAddr("fd60:627a:a42b:0101::")}, + }, + }, + }, + Kind: tailnet.Snapshot, + }) + require.NoError(t, err) + + // The new update only contains the new agent + mClock.AdvanceNext() + req = testutil.TryReceive(ctx, t, mgr.requests) + require.Nil(t, req.msg.Rpc) + peerUpdate := req.msg.GetPeerUpdate() + require.NotNil(t, peerUpdate) + require.Len(t, peerUpdate.UpsertedAgents, 1) + require.Len(t, peerUpdate.DeletedAgents, 1) + require.Len(t, peerUpdate.DeletedWorkspaces, 0) + + require.Equal(t, aID2[:], peerUpdate.UpsertedAgents[0].Id) + require.Equal(t, hsTime, peerUpdate.UpsertedAgents[0].LastHandshake.AsTime()) + + require.Equal(t, aID1[:], peerUpdate.DeletedAgents[0].Id) +} + +func TestTunnel_sendAgentUpdateWorkspaceReconnect(t *testing.T) { + t.Parallel() + + ctx := testutil.Context(t, testutil.WaitShort) + + mClock := quartz.NewMock(t) + + wID1 := uuid.UUID{1} + wID2 := uuid.UUID{2} + aID1 := uuid.UUID{3} + aID3 := uuid.UUID{4} + + hsTime := time.Now().Add(-time.Minute).UTC() + + client := newFakeClient(ctx, t) + conn := newFakeConn(tailnet.WorkspaceUpdate{}, hsTime) + + tun, mgr := setupTunnel(t, ctx, client, mClock) + errCh := make(chan error, 1) + var resp *TunnelMessage + go func() { + r, err := mgr.unaryRPC(ctx, &ManagerMessage{ + Msg: &ManagerMessage_Start{ + Start: &StartRequest{ + TunnelFileDescriptor: 2, + CoderUrl: "https://coder.example.com", + ApiToken: "fakeToken", + }, + }, + }) + resp = r + errCh <- err + }() + testutil.RequireSend(ctx, t, client.ch, conn) + err := testutil.TryReceive(ctx, t, errCh) + require.NoError(t, err) + _, ok := resp.Msg.(*TunnelMessage_Start) + require.True(t, ok) + + // Inform the tunnel of the initial state + err = tun.Update(tailnet.WorkspaceUpdate{ + UpsertedWorkspaces: []*tailnet.Workspace{ + { + ID: wID1, Name: "w1", Status: proto.Workspace_STARTING, + }, + }, + UpsertedAgents: []*tailnet.Agent{ + { + ID: aID1, + Name: "agent1", + WorkspaceID: wID1, + Hosts: map[dnsname.FQDN][]netip.Addr{ + "agent1.coder.": {netip.MustParseAddr("fd60:627a:a42b:0101::")}, + }, + }, + }, + }) + require.NoError(t, err) + req := testutil.TryReceive(ctx, t, mgr.requests) + require.Nil(t, req.msg.Rpc) + require.NotNil(t, req.msg.GetPeerUpdate()) + require.Len(t, req.msg.GetPeerUpdate().UpsertedAgents, 1) + require.Equal(t, aID1[:], req.msg.GetPeerUpdate().UpsertedAgents[0].Id) + + // Upsert a new agent with a new workspace while simulating a reconnect + err = tun.Update(tailnet.WorkspaceUpdate{ + UpsertedWorkspaces: []*tailnet.Workspace{ + { + ID: wID2, Name: "w2", Status: proto.Workspace_STARTING, + }, + }, + UpsertedAgents: []*tailnet.Agent{ + { + ID: aID3, + Name: "agent3", + WorkspaceID: wID2, + Hosts: map[dnsname.FQDN][]netip.Addr{ + "agent3.coder.": {netip.MustParseAddr("fd60:627a:a42b:0101::")}, + }, + }, + }, + Kind: tailnet.Snapshot, + }) + require.NoError(t, err) + + // The new update only contains the new agent + mClock.AdvanceNext() + req = testutil.TryReceive(ctx, t, mgr.requests) + mClock.AdvanceNext() + + require.Nil(t, req.msg.Rpc) + peerUpdate := req.msg.GetPeerUpdate() + require.NotNil(t, peerUpdate) + require.Len(t, peerUpdate.UpsertedWorkspaces, 1) + require.Len(t, peerUpdate.UpsertedAgents, 1) + require.Len(t, peerUpdate.DeletedAgents, 1) + require.Len(t, peerUpdate.DeletedWorkspaces, 1) + + require.Equal(t, wID2[:], peerUpdate.UpsertedWorkspaces[0].Id) + require.Equal(t, aID3[:], peerUpdate.UpsertedAgents[0].Id) + require.Equal(t, hsTime, peerUpdate.UpsertedAgents[0].LastHandshake.AsTime()) + + require.Equal(t, aID1[:], peerUpdate.DeletedAgents[0].Id) + require.Equal(t, wID1[:], peerUpdate.DeletedWorkspaces[0].Id) +} + //nolint:revive // t takes precedence func setupTunnel(t *testing.T, ctx context.Context, client *fakeClient, mClock quartz.Clock) (*Tunnel, *speaker[*ManagerMessage, *TunnelMessage, TunnelMessage]) { mp, tp := net.Pipe() @@ -513,3 +721,191 @@ func setupTunnel(t *testing.T, ctx context.Context, client *fakeClient, mClock q mgr.start() return tun, mgr } + +func TestProcessFreshState(t *testing.T) { + t.Parallel() + + wsID1 := uuid.New() + wsID2 := uuid.New() + wsID3 := uuid.New() + wsID4 := uuid.New() + + agentID1 := uuid.New() + agentID2 := uuid.New() + agentID3 := uuid.New() + agentID4 := uuid.New() + + agent1 := tailnet.Agent{ID: agentID1, Name: "agent1", WorkspaceID: wsID1} + agent2 := tailnet.Agent{ID: agentID2, Name: "agent2", WorkspaceID: wsID2} + agent3 := tailnet.Agent{ID: agentID3, Name: "agent3", WorkspaceID: wsID3} + agent4 := tailnet.Agent{ID: agentID4, Name: "agent4", WorkspaceID: wsID1} + + ws1 := tailnet.Workspace{ID: wsID1, Name: "ws1", Status: proto.Workspace_RUNNING} + ws2 := tailnet.Workspace{ID: wsID2, Name: "ws2", Status: proto.Workspace_RUNNING} + ws3 := tailnet.Workspace{ID: wsID3, Name: "ws3", Status: proto.Workspace_RUNNING} + ws4 := tailnet.Workspace{ID: wsID4, Name: "ws4", Status: proto.Workspace_RUNNING} + + initialAgents := map[uuid.UUID]tailnet.Agent{ + agentID1: agent1, + agentID2: agent2, + agentID4: agent4, + } + initialWorkspaces := map[uuid.UUID]tailnet.Workspace{ + wsID1: ws1, + wsID2: ws2, + } + + tests := []struct { + name string + initialAgents map[uuid.UUID]tailnet.Agent + initialWorkspaces map[uuid.UUID]tailnet.Workspace + update *tailnet.WorkspaceUpdate + expectedDelete *tailnet.WorkspaceUpdate // We only care about deletions added by the function + }{ + { + name: "NoChange", + initialAgents: initialAgents, + initialWorkspaces: initialWorkspaces, + update: &tailnet.WorkspaceUpdate{ + Kind: tailnet.Snapshot, + UpsertedWorkspaces: []*tailnet.Workspace{&ws1, &ws2}, + UpsertedAgents: []*tailnet.Agent{&agent1, &agent2, &agent4}, + DeletedWorkspaces: []*tailnet.Workspace{}, + DeletedAgents: []*tailnet.Agent{}, + }, + expectedDelete: &tailnet.WorkspaceUpdate{ // Expect no *additional* deletions + DeletedWorkspaces: []*tailnet.Workspace{}, + DeletedAgents: []*tailnet.Agent{}, + }, + }, + { + name: "AgentAdded", // Agent 3 added in update + initialAgents: initialAgents, + initialWorkspaces: initialWorkspaces, + update: &tailnet.WorkspaceUpdate{ + Kind: tailnet.Snapshot, + UpsertedWorkspaces: []*tailnet.Workspace{&ws1, &ws2, &ws3}, + UpsertedAgents: []*tailnet.Agent{&agent1, &agent2, &agent3, &agent4}, + DeletedWorkspaces: []*tailnet.Workspace{}, + DeletedAgents: []*tailnet.Agent{}, + }, + expectedDelete: &tailnet.WorkspaceUpdate{ + DeletedWorkspaces: []*tailnet.Workspace{}, + DeletedAgents: []*tailnet.Agent{}, + }, + }, + { + name: "AgentRemovedWorkspaceAlsoRemoved", // Agent 2 removed, ws2 also removed + initialAgents: initialAgents, + initialWorkspaces: initialWorkspaces, + update: &tailnet.WorkspaceUpdate{ + Kind: tailnet.Snapshot, + UpsertedWorkspaces: []*tailnet.Workspace{&ws1}, // ws2 not present + UpsertedAgents: []*tailnet.Agent{&agent1, &agent4}, // agent2 not present + DeletedWorkspaces: []*tailnet.Workspace{}, + DeletedAgents: []*tailnet.Agent{}, + }, + expectedDelete: &tailnet.WorkspaceUpdate{ + DeletedWorkspaces: []*tailnet.Workspace{ + {ID: wsID2, Name: "ws2", Status: proto.Workspace_RUNNING}, + }, // Expect ws2 to be deleted + DeletedAgents: []*tailnet.Agent{ // Expect agent2 to be deleted + {ID: agentID2, Name: "agent2", WorkspaceID: wsID2}, + }, + }, + }, + { + name: "AgentRemovedWorkspaceStays", // Agent 4 removed, but ws1 stays (due to agent1) + initialAgents: initialAgents, + initialWorkspaces: initialWorkspaces, + update: &tailnet.WorkspaceUpdate{ + Kind: tailnet.Snapshot, + UpsertedWorkspaces: []*tailnet.Workspace{&ws1, &ws2}, // ws1 still present + UpsertedAgents: []*tailnet.Agent{&agent1, &agent2}, // agent4 not present + DeletedWorkspaces: []*tailnet.Workspace{}, + DeletedAgents: []*tailnet.Agent{}, + }, + expectedDelete: &tailnet.WorkspaceUpdate{ + DeletedWorkspaces: []*tailnet.Workspace{}, // ws1 should NOT be deleted + DeletedAgents: []*tailnet.Agent{ // Expect agent4 to be deleted + {ID: agentID4, Name: "agent4", WorkspaceID: wsID1}, + }, + }, + }, + { + name: "InitialAgentsEmpty", + initialAgents: map[uuid.UUID]tailnet.Agent{}, // Start with no agents known + initialWorkspaces: map[uuid.UUID]tailnet.Workspace{}, + update: &tailnet.WorkspaceUpdate{ + Kind: tailnet.Snapshot, + UpsertedWorkspaces: []*tailnet.Workspace{&ws1, &ws2}, + UpsertedAgents: []*tailnet.Agent{&agent1, &agent2}, + DeletedWorkspaces: []*tailnet.Workspace{}, + DeletedAgents: []*tailnet.Agent{}, + }, + expectedDelete: &tailnet.WorkspaceUpdate{ // Expect no deletions added + DeletedWorkspaces: []*tailnet.Workspace{}, + DeletedAgents: []*tailnet.Agent{}, + }, + }, + { + name: "UpdateEmpty", // Snapshot says nothing exists + initialAgents: initialAgents, + initialWorkspaces: initialWorkspaces, + update: &tailnet.WorkspaceUpdate{ + Kind: tailnet.Snapshot, + UpsertedWorkspaces: []*tailnet.Workspace{}, + UpsertedAgents: []*tailnet.Agent{}, + DeletedWorkspaces: []*tailnet.Workspace{}, + DeletedAgents: []*tailnet.Agent{}, + }, + expectedDelete: &tailnet.WorkspaceUpdate{ // Expect all initial agents/workspaces to be deleted + DeletedWorkspaces: []*tailnet.Workspace{ + {ID: wsID1, Name: "ws1", Status: proto.Workspace_RUNNING}, + {ID: wsID2, Name: "ws2", Status: proto.Workspace_RUNNING}, + }, // ws1 and ws2 deleted + DeletedAgents: []*tailnet.Agent{ // agent1, agent2, agent4 deleted + {ID: agentID1, Name: "agent1", WorkspaceID: wsID1}, + {ID: agentID2, Name: "agent2", WorkspaceID: wsID2}, + {ID: agentID4, Name: "agent4", WorkspaceID: wsID1}, + }, + }, + }, + { + name: "WorkspaceWithNoAgents", // Snapshot says nothing exists + initialAgents: initialAgents, + initialWorkspaces: map[uuid.UUID]tailnet.Workspace{wsID1: ws1, wsID2: ws2, wsID4: ws4}, // ws4 has no agents + update: &tailnet.WorkspaceUpdate{ + Kind: tailnet.Snapshot, + UpsertedWorkspaces: []*tailnet.Workspace{&ws1, &ws2}, + UpsertedAgents: []*tailnet.Agent{&agent1, &agent2, &agent4}, + DeletedWorkspaces: []*tailnet.Workspace{}, + DeletedAgents: []*tailnet.Agent{}, + }, + expectedDelete: &tailnet.WorkspaceUpdate{ // Expect all initial agents/workspaces to be deleted + DeletedWorkspaces: []*tailnet.Workspace{ + {ID: wsID4, Name: "ws4", Status: proto.Workspace_RUNNING}, + }, // ws4 should be deleted + DeletedAgents: []*tailnet.Agent{}, + }, + }, + } + + for _, tt := range tests { + tt := tt + t.Run(tt.name, func(t *testing.T) { + t.Parallel() + + agentsCopy := make(map[uuid.UUID]tailnet.Agent) + maps.Copy(agentsCopy, tt.initialAgents) + + workspaceCopy := make(map[uuid.UUID]tailnet.Workspace) + maps.Copy(workspaceCopy, tt.initialWorkspaces) + + processSnapshotUpdate(tt.update, agentsCopy, workspaceCopy) + + require.ElementsMatch(t, tt.expectedDelete.DeletedAgents, tt.update.DeletedAgents, "DeletedAgents mismatch") + require.ElementsMatch(t, tt.expectedDelete.DeletedWorkspaces, tt.update.DeletedWorkspaces, "DeletedWorkspaces mismatch") + }) + } +} From ffccfb9249496df6c90027e40897e6238396d5cb Mon Sep 17 00:00:00 2001 From: Danny Kopping Date: Thu, 15 May 2025 15:34:10 +0200 Subject: [PATCH 05/14] chore: cherry-pick remaining PRs into `2.22` (#17851) Co-authored-by: Sas Swart Co-authored-by: Yevhenii Shcherbina --- agent/agent.go | 8 +- cli/agent.go | 113 +- cli/server.go | 62 +- ...oder_provisioner_list_--output_json.golden | 2 +- coderd/apidoc/docs.go | 45 + coderd/apidoc/swagger.json | 37 + coderd/coderd.go | 5 +- coderd/coderdtest/coderdtest.go | 63 + coderd/database/dbauthz/dbauthz.go | 9 + coderd/database/dbauthz/dbauthz_test.go | 32 + coderd/database/dbfake/dbfake.go | 28 + coderd/database/dbgen/dbgen.go | 1 + coderd/database/dbmem/dbmem.go | 24 + coderd/database/dbmetrics/querymetrics.go | 7 + coderd/database/dbmock/dbmock.go | 15 + ...esource_replacements_notification.down.sql | 1 + ..._resource_replacements_notification.up.sql | 34 + coderd/database/querier.go | 1 + coderd/database/queries.sql.go | 84 +- coderd/database/queries/prebuilds.sql | 4 + coderd/database/queries/presets.sql | 2 + coderd/database/queries/workspaceagents.sql | 13 + coderd/notifications/events.go | 1 + coderd/notifications/notifications_test.go | 28 +- .../notificationstest/fake_enqueuer.go | 7 + ...plateWorkspaceResourceReplaced.html.golden | 131 ++ ...plateWorkspaceResourceReplaced.json.golden | 42 + coderd/prebuilds/api.go | 6 + coderd/prebuilds/claim.go | 82 + coderd/prebuilds/claim_test.go | 141 ++ coderd/prebuilds/noop.go | 7 +- .../provisionerdserver/provisionerdserver.go | 67 +- .../provisionerdserver_test.go | 314 +++- coderd/workspaceagents.go | 55 + coderd/workspaceagents_test.go | 70 + coderd/workspaces.go | 7 +- coderd/wsbuilder/wsbuilder.go | 20 +- codersdk/agentsdk/agentsdk.go | 190 +- codersdk/agentsdk/agentsdk_test.go | 122 ++ codersdk/client.go | 2 +- .../prebuilt-workspaces.md | 209 +++ .../prebuilt/prebuilt-workspaces.png | Bin 0 -> 41287 bytes .../prebuilt/replacement-notification.png | Bin 0 -> 73977 bytes docs/manifest.json | 6 + docs/reference/api/agents.md | 32 + docs/reference/api/schemas.md | 30 + enterprise/coderd/coderd.go | 2 +- enterprise/coderd/prebuilds/claim_test.go | 2 +- .../coderd/prebuilds/metricscollector.go | 80 +- .../coderd/prebuilds/metricscollector_test.go | 267 ++- enterprise/coderd/prebuilds/reconcile.go | 128 ++ enterprise/coderd/prebuilds/reconcile_test.go | 171 +- enterprise/coderd/provisionerdaemons.go | 4 +- enterprise/coderd/workspaceagents_test.go | 169 ++ enterprise/coderd/workspaces_test.go | 78 + go.mod | 2 +- go.sum | 4 +- provisioner/terraform/executor.go | 111 +- provisioner/terraform/provision.go | 21 +- provisioner/terraform/provision_test.go | 43 +- .../terraform/resource_replacements.go | 86 + .../resource_replacements_internal_test.go | 176 ++ provisionerd/proto/provisionerd.pb.go | 357 ++-- provisionerd/proto/provisionerd.proto | 1 + provisionerd/proto/version.go | 9 +- provisionerd/provisionerd.go | 4 +- provisionerd/runner/runner.go | 2 + provisionersdk/proto/prebuilt_workspace.go | 9 + provisionersdk/proto/provisioner.pb.go | 1653 ++++++++++------- provisionersdk/proto/provisioner.proto | 20 +- site/e2e/helpers.ts | 2 + site/e2e/provisionerGenerated.ts | 61 +- site/src/api/typesGenerated.ts | 10 +- 73 files changed, 4494 insertions(+), 1137 deletions(-) create mode 100644 coderd/database/migrations/000324_resource_replacements_notification.down.sql create mode 100644 coderd/database/migrations/000324_resource_replacements_notification.up.sql create mode 100644 coderd/notifications/testdata/rendered-templates/smtp/TemplateWorkspaceResourceReplaced.html.golden create mode 100644 coderd/notifications/testdata/rendered-templates/webhook/TemplateWorkspaceResourceReplaced.json.golden create mode 100644 coderd/prebuilds/claim.go create mode 100644 coderd/prebuilds/claim_test.go create mode 100644 codersdk/agentsdk/agentsdk_test.go create mode 100644 docs/admin/templates/extending-templates/prebuilt-workspaces.md create mode 100644 docs/images/admin/templates/extend-templates/prebuilt/prebuilt-workspaces.png create mode 100644 docs/images/admin/templates/extend-templates/prebuilt/replacement-notification.png create mode 100644 provisioner/terraform/resource_replacements.go create mode 100644 provisioner/terraform/resource_replacements_internal_test.go create mode 100644 provisionersdk/proto/prebuilt_workspace.go diff --git a/agent/agent.go b/agent/agent.go index 7525ecf051f69..492a915f4b4ab 100644 --- a/agent/agent.go +++ b/agent/agent.go @@ -363,9 +363,11 @@ func (a *agent) runLoop() { if ctx.Err() != nil { // Context canceled errors may come from websocket pings, so we // don't want to use `errors.Is(err, context.Canceled)` here. + a.logger.Warn(ctx, "runLoop exited with error", slog.Error(ctx.Err())) return } if a.isClosed() { + a.logger.Warn(ctx, "runLoop exited because agent is closed") return } if errors.Is(err, io.EOF) { @@ -1046,7 +1048,11 @@ func (a *agent) run() (retErr error) { return a.statsReporter.reportLoop(ctx, aAPI) }) - return connMan.wait() + err = connMan.wait() + if err != nil { + a.logger.Info(context.Background(), "connection manager errored", slog.Error(err)) + } + return err } // handleManifest returns a function that fetches and processes the manifest diff --git a/cli/agent.go b/cli/agent.go index 5d6cdbd66b4e0..0153c5f05b44d 100644 --- a/cli/agent.go +++ b/cli/agent.go @@ -25,6 +25,8 @@ import ( "cdr.dev/slog/sloggers/sloghuman" "cdr.dev/slog/sloggers/slogjson" "cdr.dev/slog/sloggers/slogstackdriver" + "github.com/coder/serpent" + "github.com/coder/coder/v2/agent" "github.com/coder/coder/v2/agent/agentexec" "github.com/coder/coder/v2/agent/agentssh" @@ -33,7 +35,6 @@ import ( "github.com/coder/coder/v2/cli/clilog" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/codersdk/agentsdk" - "github.com/coder/serpent" ) func (r *RootCmd) workspaceAgent() *serpent.Command { @@ -62,8 +63,10 @@ func (r *RootCmd) workspaceAgent() *serpent.Command { // This command isn't useful to manually execute. Hidden: true, Handler: func(inv *serpent.Invocation) error { - ctx, cancel := context.WithCancel(inv.Context()) - defer cancel() + ctx, cancel := context.WithCancelCause(inv.Context()) + defer func() { + cancel(xerrors.New("agent exited")) + }() var ( ignorePorts = map[int]string{} @@ -280,7 +283,6 @@ func (r *RootCmd) workspaceAgent() *serpent.Command { return xerrors.Errorf("add executable to $PATH: %w", err) } - prometheusRegistry := prometheus.NewRegistry() subsystemsRaw := inv.Environ.Get(agent.EnvAgentSubsystem) subsystems := []codersdk.AgentSubsystem{} for _, s := range strings.Split(subsystemsRaw, ",") { @@ -324,45 +326,70 @@ func (r *RootCmd) workspaceAgent() *serpent.Command { logger.Info(ctx, "agent devcontainer detection not enabled") } - agnt := agent.New(agent.Options{ - Client: client, - Logger: logger, - LogDir: logDir, - ScriptDataDir: scriptDataDir, - // #nosec G115 - Safe conversion as tailnet listen port is within uint16 range (0-65535) - TailnetListenPort: uint16(tailnetListenPort), - ExchangeToken: func(ctx context.Context) (string, error) { - if exchangeToken == nil { - return client.SDK.SessionToken(), nil - } - resp, err := exchangeToken(ctx) - if err != nil { - return "", err - } - client.SetSessionToken(resp.SessionToken) - return resp.SessionToken, nil - }, - EnvironmentVariables: environmentVariables, - IgnorePorts: ignorePorts, - SSHMaxTimeout: sshMaxTimeout, - Subsystems: subsystems, - - PrometheusRegistry: prometheusRegistry, - BlockFileTransfer: blockFileTransfer, - Execer: execer, - - ExperimentalDevcontainersEnabled: experimentalDevcontainersEnabled, - }) - - promHandler := agent.PrometheusMetricsHandler(prometheusRegistry, logger) - prometheusSrvClose := ServeHandler(ctx, logger, promHandler, prometheusAddress, "prometheus") - defer prometheusSrvClose() - - debugSrvClose := ServeHandler(ctx, logger, agnt.HTTPDebug(), debugAddress, "debug") - defer debugSrvClose() - - <-ctx.Done() - return agnt.Close() + reinitEvents := agentsdk.WaitForReinitLoop(ctx, logger, client) + + var ( + lastErr error + mustExit bool + ) + for { + prometheusRegistry := prometheus.NewRegistry() + + agnt := agent.New(agent.Options{ + Client: client, + Logger: logger, + LogDir: logDir, + ScriptDataDir: scriptDataDir, + // #nosec G115 - Safe conversion as tailnet listen port is within uint16 range (0-65535) + TailnetListenPort: uint16(tailnetListenPort), + ExchangeToken: func(ctx context.Context) (string, error) { + if exchangeToken == nil { + return client.SDK.SessionToken(), nil + } + resp, err := exchangeToken(ctx) + if err != nil { + return "", err + } + client.SetSessionToken(resp.SessionToken) + return resp.SessionToken, nil + }, + EnvironmentVariables: environmentVariables, + IgnorePorts: ignorePorts, + SSHMaxTimeout: sshMaxTimeout, + Subsystems: subsystems, + + PrometheusRegistry: prometheusRegistry, + BlockFileTransfer: blockFileTransfer, + Execer: execer, + + ExperimentalDevcontainersEnabled: experimentalDevcontainersEnabled, + }) + + promHandler := agent.PrometheusMetricsHandler(prometheusRegistry, logger) + prometheusSrvClose := ServeHandler(ctx, logger, promHandler, prometheusAddress, "prometheus") + + debugSrvClose := ServeHandler(ctx, logger, agnt.HTTPDebug(), debugAddress, "debug") + + select { + case <-ctx.Done(): + logger.Info(ctx, "agent shutting down", slog.Error(context.Cause(ctx))) + mustExit = true + case event := <-reinitEvents: + logger.Info(ctx, "agent received instruction to reinitialize", + slog.F("workspace_id", event.WorkspaceID), slog.F("reason", event.Reason)) + } + + lastErr = agnt.Close() + debugSrvClose() + prometheusSrvClose() + + if mustExit { + break + } + + logger.Info(ctx, "agent reinitializing") + } + return lastErr }, } diff --git a/cli/server.go b/cli/server.go index 580dae369446c..4d3ef4d8b7f36 100644 --- a/cli/server.go +++ b/cli/server.go @@ -910,6 +910,37 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd. options.StatsBatcher = batcher defer closeBatcher() + // Manage notifications. + var ( + notificationsCfg = options.DeploymentValues.Notifications + notificationsManager *notifications.Manager + ) + + metrics := notifications.NewMetrics(options.PrometheusRegistry) + helpers := templateHelpers(options) + + // The enqueuer is responsible for enqueueing notifications to the given store. + enqueuer, err := notifications.NewStoreEnqueuer(notificationsCfg, options.Database, helpers, logger.Named("notifications.enqueuer"), quartz.NewReal()) + if err != nil { + return xerrors.Errorf("failed to instantiate notification store enqueuer: %w", err) + } + options.NotificationsEnqueuer = enqueuer + + // The notification manager is responsible for: + // - creating notifiers and managing their lifecycles (notifiers are responsible for dequeueing/sending notifications) + // - keeping the store updated with status updates + notificationsManager, err = notifications.NewManager(notificationsCfg, options.Database, options.Pubsub, helpers, metrics, logger.Named("notifications.manager")) + if err != nil { + return xerrors.Errorf("failed to instantiate notification manager: %w", err) + } + + // nolint:gocritic // We need to run the manager in a notifier context. + notificationsManager.Run(dbauthz.AsNotifier(ctx)) + + // Run report generator to distribute periodic reports. + notificationReportGenerator := reports.NewReportGenerator(ctx, logger.Named("notifications.report_generator"), options.Database, options.NotificationsEnqueuer, quartz.NewReal()) + defer notificationReportGenerator.Close() + // We use a separate coderAPICloser so the Enterprise API // can have its own close functions. This is cleaner // than abstracting the Coder API itself. @@ -957,37 +988,6 @@ func (r *RootCmd) Server(newAPI func(context.Context, *coderd.Options) (*coderd. return xerrors.Errorf("write config url: %w", err) } - // Manage notifications. - var ( - notificationsCfg = options.DeploymentValues.Notifications - notificationsManager *notifications.Manager - ) - - metrics := notifications.NewMetrics(options.PrometheusRegistry) - helpers := templateHelpers(options) - - // The enqueuer is responsible for enqueueing notifications to the given store. - enqueuer, err := notifications.NewStoreEnqueuer(notificationsCfg, options.Database, helpers, logger.Named("notifications.enqueuer"), quartz.NewReal()) - if err != nil { - return xerrors.Errorf("failed to instantiate notification store enqueuer: %w", err) - } - options.NotificationsEnqueuer = enqueuer - - // The notification manager is responsible for: - // - creating notifiers and managing their lifecycles (notifiers are responsible for dequeueing/sending notifications) - // - keeping the store updated with status updates - notificationsManager, err = notifications.NewManager(notificationsCfg, options.Database, options.Pubsub, helpers, metrics, logger.Named("notifications.manager")) - if err != nil { - return xerrors.Errorf("failed to instantiate notification manager: %w", err) - } - - // nolint:gocritic // We need to run the manager in a notifier context. - notificationsManager.Run(dbauthz.AsNotifier(ctx)) - - // Run report generator to distribute periodic reports. - notificationReportGenerator := reports.NewReportGenerator(ctx, logger.Named("notifications.report_generator"), options.Database, options.NotificationsEnqueuer, quartz.NewReal()) - defer notificationReportGenerator.Close() - // Since errCh only has one buffered slot, all routines // sending on it must be wrapped in a select/default to // avoid leaving dangling goroutines waiting for the diff --git a/cli/testdata/coder_provisioner_list_--output_json.golden b/cli/testdata/coder_provisioner_list_--output_json.golden index f619dce028cde..3daeb89febcb4 100644 --- a/cli/testdata/coder_provisioner_list_--output_json.golden +++ b/cli/testdata/coder_provisioner_list_--output_json.golden @@ -7,7 +7,7 @@ "last_seen_at": "====[timestamp]=====", "name": "test", "version": "v0.0.0-devel", - "api_version": "1.4", + "api_version": "1.5", "provisioners": [ "echo" ], diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go index daef10a90d422..60340de45b8b5 100644 --- a/coderd/apidoc/docs.go +++ b/coderd/apidoc/docs.go @@ -8252,6 +8252,31 @@ const docTemplate = `{ } } }, + "/workspaceagents/me/reinit": { + "get": { + "security": [ + { + "CoderSessionToken": [] + } + ], + "produces": [ + "application/json" + ], + "tags": [ + "Agents" + ], + "summary": "Get workspace agent reinitialization", + "operationId": "get-workspace-agent-reinitialization", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/agentsdk.ReinitializationEvent" + } + } + } + } + }, "/workspaceagents/me/rpc": { "get": { "security": [ @@ -10297,6 +10322,26 @@ const docTemplate = `{ } } }, + "agentsdk.ReinitializationEvent": { + "type": "object", + "properties": { + "reason": { + "$ref": "#/definitions/agentsdk.ReinitializationReason" + }, + "workspaceID": { + "type": "string" + } + } + }, + "agentsdk.ReinitializationReason": { + "type": "string", + "enum": [ + "prebuild_claimed" + ], + "x-enum-varnames": [ + "ReinitializeReasonPrebuildClaimed" + ] + }, "coderd.SCIMUser": { "type": "object", "properties": { diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json index 3a7bc4c2c71ed..93454fede9fe1 100644 --- a/coderd/apidoc/swagger.json +++ b/coderd/apidoc/swagger.json @@ -7295,6 +7295,27 @@ } } }, + "/workspaceagents/me/reinit": { + "get": { + "security": [ + { + "CoderSessionToken": [] + } + ], + "produces": ["application/json"], + "tags": ["Agents"], + "summary": "Get workspace agent reinitialization", + "operationId": "get-workspace-agent-reinitialization", + "responses": { + "200": { + "description": "OK", + "schema": { + "$ref": "#/definitions/agentsdk.ReinitializationEvent" + } + } + } + } + }, "/workspaceagents/me/rpc": { "get": { "security": [ @@ -9134,6 +9155,22 @@ } } }, + "agentsdk.ReinitializationEvent": { + "type": "object", + "properties": { + "reason": { + "$ref": "#/definitions/agentsdk.ReinitializationReason" + }, + "workspaceID": { + "type": "string" + } + } + }, + "agentsdk.ReinitializationReason": { + "type": "string", + "enum": ["prebuild_claimed"], + "x-enum-varnames": ["ReinitializeReasonPrebuildClaimed"] + }, "coderd.SCIMUser": { "type": "object", "properties": { diff --git a/coderd/coderd.go b/coderd/coderd.go index 288671c6cb6e9..d1a49747920ca 100644 --- a/coderd/coderd.go +++ b/coderd/coderd.go @@ -19,6 +19,8 @@ import ( "sync/atomic" "time" + "github.com/coder/coder/v2/coderd/prebuilds" + "github.com/andybalholm/brotli" "github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5/middleware" @@ -45,7 +47,6 @@ import ( "github.com/coder/coder/v2/coderd/entitlements" "github.com/coder/coder/v2/coderd/files" "github.com/coder/coder/v2/coderd/idpsync" - "github.com/coder/coder/v2/coderd/prebuilds" "github.com/coder/coder/v2/coderd/runtimeconfig" "github.com/coder/coder/v2/coderd/webpush" @@ -1278,6 +1279,7 @@ func New(options *Options) *API { r.Get("/external-auth", api.workspaceAgentsExternalAuth) r.Get("/gitsshkey", api.agentGitSSHKey) r.Post("/log-source", api.workspaceAgentPostLogSource) + r.Get("/reinit", api.workspaceAgentReinit) }) r.Route("/{workspaceagent}", func(r chi.Router) { r.Use( @@ -1772,6 +1774,7 @@ func (api *API) CreateInMemoryTaggedProvisionerDaemon(dialCtx context.Context, n Clock: api.Clock, }, api.NotificationsEnqueuer, + &api.PrebuildsReconciler, ) if err != nil { return nil, err diff --git a/coderd/coderdtest/coderdtest.go b/coderd/coderdtest/coderdtest.go index dbf1f62abfb28..93e17048e054e 100644 --- a/coderd/coderdtest/coderdtest.go +++ b/coderd/coderdtest/coderdtest.go @@ -1105,6 +1105,69 @@ func (w WorkspaceAgentWaiter) MatchResources(m func([]codersdk.WorkspaceResource return w } +// WaitForAgentFn represents a boolean assertion to be made against each agent +// that a given WorkspaceAgentWaited knows about. Each WaitForAgentFn should apply +// the check to a single agent, but it should be named for plural, because `func (w WorkspaceAgentWaiter) WaitFor` +// applies the check to all agents that it is aware of. This ensures that the public API of the waiter +// reads correctly. For example: +// +// waiter := coderdtest.NewWorkspaceAgentWaiter(t, client, r.Workspace.ID) +// waiter.WaitFor(coderdtest.AgentsReady) +type WaitForAgentFn func(agent codersdk.WorkspaceAgent) bool + +// AgentsReady checks that the latest lifecycle state of an agent is "Ready". +func AgentsReady(agent codersdk.WorkspaceAgent) bool { + return agent.LifecycleState == codersdk.WorkspaceAgentLifecycleReady +} + +// AgentsNotReady checks that the latest lifecycle state of an agent is anything except "Ready". +func AgentsNotReady(agent codersdk.WorkspaceAgent) bool { + return !AgentsReady(agent) +} + +func (w WorkspaceAgentWaiter) WaitFor(criteria ...WaitForAgentFn) { + w.t.Helper() + + agentNamesMap := make(map[string]struct{}, len(w.agentNames)) + for _, name := range w.agentNames { + agentNamesMap[name] = struct{}{} + } + + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) + defer cancel() + + w.t.Logf("waiting for workspace agents (workspace %s)", w.workspaceID) + require.Eventually(w.t, func() bool { + var err error + workspace, err := w.client.Workspace(ctx, w.workspaceID) + if err != nil { + return false + } + if workspace.LatestBuild.Job.CompletedAt == nil { + return false + } + if workspace.LatestBuild.Job.CompletedAt.IsZero() { + return false + } + + for _, resource := range workspace.LatestBuild.Resources { + for _, agent := range resource.Agents { + if len(w.agentNames) > 0 { + if _, ok := agentNamesMap[agent.Name]; !ok { + continue + } + } + for _, criterium := range criteria { + if !criterium(agent) { + return false + } + } + } + } + return true + }, testutil.WaitLong, testutil.IntervalMedium) +} + // Wait waits for the agent(s) to connect and fails the test if they do not within testutil.WaitLong func (w WorkspaceAgentWaiter) Wait() []codersdk.WorkspaceResource { w.t.Helper() diff --git a/coderd/database/dbauthz/dbauthz.go b/coderd/database/dbauthz/dbauthz.go index ceb5ba7f2a15a..7194c9267f638 100644 --- a/coderd/database/dbauthz/dbauthz.go +++ b/coderd/database/dbauthz/dbauthz.go @@ -3001,6 +3001,15 @@ func (q *querier) GetWorkspaceAgentsByResourceIDs(ctx context.Context, ids []uui return q.db.GetWorkspaceAgentsByResourceIDs(ctx, ids) } +func (q *querier) GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx context.Context, arg database.GetWorkspaceAgentsByWorkspaceAndBuildNumberParams) ([]database.WorkspaceAgent, error) { + _, err := q.GetWorkspaceByID(ctx, arg.WorkspaceID) + if err != nil { + return nil, err + } + + return q.db.GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx, arg) +} + func (q *querier) GetWorkspaceAgentsCreatedAfter(ctx context.Context, createdAt time.Time) ([]database.WorkspaceAgent, error) { if err := q.authorizeContext(ctx, policy.ActionRead, rbac.ResourceSystem); err != nil { return nil, err diff --git a/coderd/database/dbauthz/dbauthz_test.go b/coderd/database/dbauthz/dbauthz_test.go index e562bbd1f7160..3f6726110f025 100644 --- a/coderd/database/dbauthz/dbauthz_test.go +++ b/coderd/database/dbauthz/dbauthz_test.go @@ -2009,6 +2009,38 @@ func (s *MethodTestSuite) TestWorkspace() { agt := dbgen.WorkspaceAgent(s.T(), db, database.WorkspaceAgent{ResourceID: res.ID}) check.Args(agt.ID).Asserts(w, policy.ActionRead).Returns(agt) })) + s.Run("GetWorkspaceAgentsByWorkspaceAndBuildNumber", s.Subtest(func(db database.Store, check *expects) { + u := dbgen.User(s.T(), db, database.User{}) + o := dbgen.Organization(s.T(), db, database.Organization{}) + tpl := dbgen.Template(s.T(), db, database.Template{ + OrganizationID: o.ID, + CreatedBy: u.ID, + }) + tv := dbgen.TemplateVersion(s.T(), db, database.TemplateVersion{ + TemplateID: uuid.NullUUID{UUID: tpl.ID, Valid: true}, + OrganizationID: o.ID, + CreatedBy: u.ID, + }) + w := dbgen.Workspace(s.T(), db, database.WorkspaceTable{ + TemplateID: tpl.ID, + OrganizationID: o.ID, + OwnerID: u.ID, + }) + j := dbgen.ProvisionerJob(s.T(), db, nil, database.ProvisionerJob{ + Type: database.ProvisionerJobTypeWorkspaceBuild, + }) + b := dbgen.WorkspaceBuild(s.T(), db, database.WorkspaceBuild{ + JobID: j.ID, + WorkspaceID: w.ID, + TemplateVersionID: tv.ID, + }) + res := dbgen.WorkspaceResource(s.T(), db, database.WorkspaceResource{JobID: b.JobID}) + agt := dbgen.WorkspaceAgent(s.T(), db, database.WorkspaceAgent{ResourceID: res.ID}) + check.Args(database.GetWorkspaceAgentsByWorkspaceAndBuildNumberParams{ + WorkspaceID: w.ID, + BuildNumber: 1, + }).Asserts(w, policy.ActionRead).Returns([]database.WorkspaceAgent{agt}) + })) s.Run("GetWorkspaceAgentLifecycleStateByID", s.Subtest(func(db database.Store, check *expects) { u := dbgen.User(s.T(), db, database.User{}) o := dbgen.Organization(s.T(), db, database.Organization{}) diff --git a/coderd/database/dbfake/dbfake.go b/coderd/database/dbfake/dbfake.go index abadd78f07b36..fb2ea4bfd56b1 100644 --- a/coderd/database/dbfake/dbfake.go +++ b/coderd/database/dbfake/dbfake.go @@ -294,6 +294,8 @@ type TemplateVersionBuilder struct { ps pubsub.Pubsub resources []*sdkproto.Resource params []database.TemplateVersionParameter + presets []database.TemplateVersionPreset + presetParams []database.TemplateVersionPresetParameter promote bool autoCreateTemplate bool } @@ -339,6 +341,13 @@ func (t TemplateVersionBuilder) Params(ps ...database.TemplateVersionParameter) return t } +func (t TemplateVersionBuilder) Preset(preset database.TemplateVersionPreset, params ...database.TemplateVersionPresetParameter) TemplateVersionBuilder { + // nolint: revive // returns modified struct + t.presets = append(t.presets, preset) + t.presetParams = append(t.presetParams, params...) + return t +} + func (t TemplateVersionBuilder) SkipCreateTemplate() TemplateVersionBuilder { // nolint: revive // returns modified struct t.autoCreateTemplate = false @@ -378,6 +387,25 @@ func (t TemplateVersionBuilder) Do() TemplateVersionResponse { require.NoError(t.t, err) } + for _, preset := range t.presets { + dbgen.Preset(t.t, t.db, database.InsertPresetParams{ + ID: preset.ID, + TemplateVersionID: version.ID, + Name: preset.Name, + CreatedAt: version.CreatedAt, + DesiredInstances: preset.DesiredInstances, + InvalidateAfterSecs: preset.InvalidateAfterSecs, + }) + } + + for _, presetParam := range t.presetParams { + dbgen.PresetParameter(t.t, t.db, database.InsertPresetParametersParams{ + TemplateVersionPresetID: presetParam.TemplateVersionPresetID, + Names: []string{presetParam.Name}, + Values: []string{presetParam.Value}, + }) + } + payload, err := json.Marshal(provisionerdserver.TemplateVersionImportJob{ TemplateVersionID: t.seed.ID, }) diff --git a/coderd/database/dbgen/dbgen.go b/coderd/database/dbgen/dbgen.go index 854c7c2974fe6..193c107d51da9 100644 --- a/coderd/database/dbgen/dbgen.go +++ b/coderd/database/dbgen/dbgen.go @@ -1198,6 +1198,7 @@ func TelemetryItem(t testing.TB, db database.Store, seed database.TelemetryItem) func Preset(t testing.TB, db database.Store, seed database.InsertPresetParams) database.TemplateVersionPreset { preset, err := db.InsertPreset(genCtx, database.InsertPresetParams{ + ID: takeFirst(seed.ID, uuid.New()), TemplateVersionID: takeFirst(seed.TemplateVersionID, uuid.New()), Name: takeFirst(seed.Name, testutil.GetRandomName(t)), CreatedAt: takeFirst(seed.CreatedAt, dbtime.Now()), diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go index 1359d2e63484d..e2d9bf5613524 100644 --- a/coderd/database/dbmem/dbmem.go +++ b/coderd/database/dbmem/dbmem.go @@ -7592,6 +7592,30 @@ func (q *FakeQuerier) GetWorkspaceAgentsByResourceIDs(ctx context.Context, resou return q.getWorkspaceAgentsByResourceIDsNoLock(ctx, resourceIDs) } +func (q *FakeQuerier) GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx context.Context, arg database.GetWorkspaceAgentsByWorkspaceAndBuildNumberParams) ([]database.WorkspaceAgent, error) { + err := validateDatabaseType(arg) + if err != nil { + return nil, err + } + + build, err := q.GetWorkspaceBuildByWorkspaceIDAndBuildNumber(ctx, database.GetWorkspaceBuildByWorkspaceIDAndBuildNumberParams(arg)) + if err != nil { + return nil, err + } + + resources, err := q.getWorkspaceResourcesByJobIDNoLock(ctx, build.JobID) + if err != nil { + return nil, err + } + + var resourceIDs []uuid.UUID + for _, resource := range resources { + resourceIDs = append(resourceIDs, resource.ID) + } + + return q.GetWorkspaceAgentsByResourceIDs(ctx, resourceIDs) +} + func (q *FakeQuerier) GetWorkspaceAgentsCreatedAfter(_ context.Context, after time.Time) ([]database.WorkspaceAgent, error) { q.mutex.RLock() defer q.mutex.RUnlock() diff --git a/coderd/database/dbmetrics/querymetrics.go b/coderd/database/dbmetrics/querymetrics.go index b76d70c764cf6..5433570e475fb 100644 --- a/coderd/database/dbmetrics/querymetrics.go +++ b/coderd/database/dbmetrics/querymetrics.go @@ -1726,6 +1726,13 @@ func (m queryMetricsStore) GetWorkspaceAgentsByResourceIDs(ctx context.Context, return agents, err } +func (m queryMetricsStore) GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx context.Context, arg database.GetWorkspaceAgentsByWorkspaceAndBuildNumberParams) ([]database.WorkspaceAgent, error) { + start := time.Now() + r0, r1 := m.s.GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx, arg) + m.queryLatencies.WithLabelValues("GetWorkspaceAgentsByWorkspaceAndBuildNumber").Observe(time.Since(start).Seconds()) + return r0, r1 +} + func (m queryMetricsStore) GetWorkspaceAgentsCreatedAfter(ctx context.Context, createdAt time.Time) ([]database.WorkspaceAgent, error) { start := time.Now() agents, err := m.s.GetWorkspaceAgentsCreatedAfter(ctx, createdAt) diff --git a/coderd/database/dbmock/dbmock.go b/coderd/database/dbmock/dbmock.go index 10adfd7c5a408..7937a105791eb 100644 --- a/coderd/database/dbmock/dbmock.go +++ b/coderd/database/dbmock/dbmock.go @@ -3619,6 +3619,21 @@ func (mr *MockStoreMockRecorder) GetWorkspaceAgentsByResourceIDs(ctx, ids any) * return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetWorkspaceAgentsByResourceIDs", reflect.TypeOf((*MockStore)(nil).GetWorkspaceAgentsByResourceIDs), ctx, ids) } +// GetWorkspaceAgentsByWorkspaceAndBuildNumber mocks base method. +func (m *MockStore) GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx context.Context, arg database.GetWorkspaceAgentsByWorkspaceAndBuildNumberParams) ([]database.WorkspaceAgent, error) { + m.ctrl.T.Helper() + ret := m.ctrl.Call(m, "GetWorkspaceAgentsByWorkspaceAndBuildNumber", ctx, arg) + ret0, _ := ret[0].([]database.WorkspaceAgent) + ret1, _ := ret[1].(error) + return ret0, ret1 +} + +// GetWorkspaceAgentsByWorkspaceAndBuildNumber indicates an expected call of GetWorkspaceAgentsByWorkspaceAndBuildNumber. +func (mr *MockStoreMockRecorder) GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx, arg any) *gomock.Call { + mr.mock.ctrl.T.Helper() + return mr.mock.ctrl.RecordCallWithMethodType(mr.mock, "GetWorkspaceAgentsByWorkspaceAndBuildNumber", reflect.TypeOf((*MockStore)(nil).GetWorkspaceAgentsByWorkspaceAndBuildNumber), ctx, arg) +} + // GetWorkspaceAgentsCreatedAfter mocks base method. func (m *MockStore) GetWorkspaceAgentsCreatedAfter(ctx context.Context, createdAt time.Time) ([]database.WorkspaceAgent, error) { m.ctrl.T.Helper() diff --git a/coderd/database/migrations/000324_resource_replacements_notification.down.sql b/coderd/database/migrations/000324_resource_replacements_notification.down.sql new file mode 100644 index 0000000000000..8da13f718b635 --- /dev/null +++ b/coderd/database/migrations/000324_resource_replacements_notification.down.sql @@ -0,0 +1 @@ +DELETE FROM notification_templates WHERE id = '89d9745a-816e-4695-a17f-3d0a229e2b8d'; diff --git a/coderd/database/migrations/000324_resource_replacements_notification.up.sql b/coderd/database/migrations/000324_resource_replacements_notification.up.sql new file mode 100644 index 0000000000000..395332adaee20 --- /dev/null +++ b/coderd/database/migrations/000324_resource_replacements_notification.up.sql @@ -0,0 +1,34 @@ +INSERT INTO notification_templates + (id, name, title_template, body_template, "group", actions) +VALUES ('89d9745a-816e-4695-a17f-3d0a229e2b8d', + 'Prebuilt Workspace Resource Replaced', + E'There might be a problem with a recently claimed prebuilt workspace', + $$ +Workspace **{{.Labels.workspace}}** was claimed from a prebuilt workspace by **{{.Labels.claimant}}**. + +During the claim, Terraform destroyed and recreated the following resources +because one or more immutable attributes changed: + +{{range $resource, $paths := .Data.replacements -}} +- _{{ $resource }}_ was replaced due to changes to _{{ $paths }}_ +{{end}} + +When Terraform must change an immutable attribute, it replaces the entire resource. +If you’re using prebuilds to speed up provisioning, unexpected replacements will slow down +workspace startup—even when claiming a prebuilt environment. + +For tips on preventing replacements and improving claim performance, see [this guide](https://coder.com/docs/admin/templates/extending-templates/prebuilt-workspaces#preventing-resource-replacement). + +NOTE: this prebuilt workspace used the **{{.Labels.preset}}** preset. +$$, + 'Template Events', + '[ + { + "label": "View workspace build", + "url": "{{base_url}}/@{{.Labels.claimant}}/{{.Labels.workspace}}/builds/{{.Labels.workspace_build_num}}" + }, + { + "label": "View template version", + "url": "{{base_url}}/templates/{{.Labels.org}}/{{.Labels.template}}/versions/{{.Labels.template_version}}" + } + ]'::jsonb); diff --git a/coderd/database/querier.go b/coderd/database/querier.go index 9fbfbde410d40..fad83fb1668c1 100644 --- a/coderd/database/querier.go +++ b/coderd/database/querier.go @@ -396,6 +396,7 @@ type sqlcQuerier interface { GetWorkspaceAgentUsageStats(ctx context.Context, createdAt time.Time) ([]GetWorkspaceAgentUsageStatsRow, error) GetWorkspaceAgentUsageStatsAndLabels(ctx context.Context, createdAt time.Time) ([]GetWorkspaceAgentUsageStatsAndLabelsRow, error) GetWorkspaceAgentsByResourceIDs(ctx context.Context, ids []uuid.UUID) ([]WorkspaceAgent, error) + GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx context.Context, arg GetWorkspaceAgentsByWorkspaceAndBuildNumberParams) ([]WorkspaceAgent, error) GetWorkspaceAgentsCreatedAfter(ctx context.Context, createdAt time.Time) ([]WorkspaceAgent, error) GetWorkspaceAgentsInLatestBuildByWorkspaceID(ctx context.Context, workspaceID uuid.UUID) ([]WorkspaceAgent, error) GetWorkspaceAppByAgentIDAndSlug(ctx context.Context, arg GetWorkspaceAppByAgentIDAndSlugParams) (WorkspaceApp, error) diff --git a/coderd/database/queries.sql.go b/coderd/database/queries.sql.go index 60416b1a35730..66535a9d5b5a9 100644 --- a/coderd/database/queries.sql.go +++ b/coderd/database/queries.sql.go @@ -5914,6 +5914,7 @@ WHERE w.id IN ( AND b.template_version_id = t.active_version_id AND p.current_preset_id = $3::uuid AND p.ready + AND NOT t.deleted LIMIT 1 FOR UPDATE OF p SKIP LOCKED -- Ensure that a concurrent request will not select the same prebuild. ) RETURNING w.id, w.name @@ -5949,6 +5950,7 @@ FROM workspace_latest_builds wlb -- prebuilds that are still building. INNER JOIN templates t ON t.active_version_id = wlb.template_version_id WHERE wlb.job_status IN ('pending'::provisioner_job_status, 'running'::provisioner_job_status) + -- AND NOT t.deleted -- We don't exclude deleted templates because there's no constraint in the DB preventing a soft deletion on a template while workspaces are running. GROUP BY t.id, wpb.template_version_id, wpb.transition, wlb.template_version_preset_id ` @@ -6063,6 +6065,7 @@ WITH filtered_builds AS ( WHERE tvp.desired_instances IS NOT NULL -- Consider only presets that have a prebuild configuration. AND wlb.transition = 'start'::workspace_transition AND w.owner_id = 'c42fdf75-3097-471c-8c33-fb52454d81c0' + AND NOT t.deleted ), time_sorted_builds AS ( -- Group builds by preset, then sort each group by created_at. @@ -6214,6 +6217,7 @@ FROM templates t INNER JOIN template_version_presets tvp ON tvp.template_version_id = tv.id INNER JOIN organizations o ON o.id = t.organization_id WHERE tvp.desired_instances IS NOT NULL -- Consider only presets that have a prebuild configuration. + -- AND NOT t.deleted -- We don't exclude deleted templates because there's no constraint in the DB preventing a soft deletion on a template while workspaces are running. AND (t.id = $1::uuid OR $1 IS NULL) ` @@ -6443,6 +6447,7 @@ func (q *sqlQuerier) GetPresetsByTemplateVersionID(ctx context.Context, template const insertPreset = `-- name: InsertPreset :one INSERT INTO template_version_presets ( + id, template_version_id, name, created_at, @@ -6454,11 +6459,13 @@ VALUES ( $2, $3, $4, - $5 + $5, + $6 ) RETURNING id, template_version_id, name, created_at, desired_instances, invalidate_after_secs ` type InsertPresetParams struct { + ID uuid.UUID `db:"id" json:"id"` TemplateVersionID uuid.UUID `db:"template_version_id" json:"template_version_id"` Name string `db:"name" json:"name"` CreatedAt time.Time `db:"created_at" json:"created_at"` @@ -6468,6 +6475,7 @@ type InsertPresetParams struct { func (q *sqlQuerier) InsertPreset(ctx context.Context, arg InsertPresetParams) (TemplateVersionPreset, error) { row := q.db.QueryRowContext(ctx, insertPreset, + arg.ID, arg.TemplateVersionID, arg.Name, arg.CreatedAt, @@ -14164,6 +14172,80 @@ func (q *sqlQuerier) GetWorkspaceAgentsByResourceIDs(ctx context.Context, ids [] return items, nil } +const getWorkspaceAgentsByWorkspaceAndBuildNumber = `-- name: GetWorkspaceAgentsByWorkspaceAndBuildNumber :many +SELECT + workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order +FROM + workspace_agents +JOIN + workspace_resources ON workspace_agents.resource_id = workspace_resources.id +JOIN + workspace_builds ON workspace_resources.job_id = workspace_builds.job_id +WHERE + workspace_builds.workspace_id = $1 :: uuid AND + workspace_builds.build_number = $2 :: int +` + +type GetWorkspaceAgentsByWorkspaceAndBuildNumberParams struct { + WorkspaceID uuid.UUID `db:"workspace_id" json:"workspace_id"` + BuildNumber int32 `db:"build_number" json:"build_number"` +} + +func (q *sqlQuerier) GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx context.Context, arg GetWorkspaceAgentsByWorkspaceAndBuildNumberParams) ([]WorkspaceAgent, error) { + rows, err := q.db.QueryContext(ctx, getWorkspaceAgentsByWorkspaceAndBuildNumber, arg.WorkspaceID, arg.BuildNumber) + if err != nil { + return nil, err + } + defer rows.Close() + var items []WorkspaceAgent + for rows.Next() { + var i WorkspaceAgent + if err := rows.Scan( + &i.ID, + &i.CreatedAt, + &i.UpdatedAt, + &i.Name, + &i.FirstConnectedAt, + &i.LastConnectedAt, + &i.DisconnectedAt, + &i.ResourceID, + &i.AuthToken, + &i.AuthInstanceID, + &i.Architecture, + &i.EnvironmentVariables, + &i.OperatingSystem, + &i.InstanceMetadata, + &i.ResourceMetadata, + &i.Directory, + &i.Version, + &i.LastConnectedReplicaID, + &i.ConnectionTimeoutSeconds, + &i.TroubleshootingURL, + &i.MOTDFile, + &i.LifecycleState, + &i.ExpandedDirectory, + &i.LogsLength, + &i.LogsOverflowed, + &i.StartedAt, + &i.ReadyAt, + pq.Array(&i.Subsystems), + pq.Array(&i.DisplayApps), + &i.APIVersion, + &i.DisplayOrder, + ); err != nil { + return nil, err + } + items = append(items, i) + } + if err := rows.Close(); err != nil { + return nil, err + } + if err := rows.Err(); err != nil { + return nil, err + } + return items, nil +} + const getWorkspaceAgentsCreatedAfter = `-- name: GetWorkspaceAgentsCreatedAfter :many SELECT id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order FROM workspace_agents WHERE created_at > $1 ` diff --git a/coderd/database/queries/prebuilds.sql b/coderd/database/queries/prebuilds.sql index 1d3a827c98586..8c27ddf62b7c3 100644 --- a/coderd/database/queries/prebuilds.sql +++ b/coderd/database/queries/prebuilds.sql @@ -15,6 +15,7 @@ WHERE w.id IN ( AND b.template_version_id = t.active_version_id AND p.current_preset_id = @preset_id::uuid AND p.ready + AND NOT t.deleted LIMIT 1 FOR UPDATE OF p SKIP LOCKED -- Ensure that a concurrent request will not select the same prebuild. ) RETURNING w.id, w.name; @@ -40,6 +41,7 @@ FROM templates t INNER JOIN template_version_presets tvp ON tvp.template_version_id = tv.id INNER JOIN organizations o ON o.id = t.organization_id WHERE tvp.desired_instances IS NOT NULL -- Consider only presets that have a prebuild configuration. + -- AND NOT t.deleted -- We don't exclude deleted templates because there's no constraint in the DB preventing a soft deletion on a template while workspaces are running. AND (t.id = sqlc.narg('template_id')::uuid OR sqlc.narg('template_id') IS NULL); -- name: GetRunningPrebuiltWorkspaces :many @@ -70,6 +72,7 @@ FROM workspace_latest_builds wlb -- prebuilds that are still building. INNER JOIN templates t ON t.active_version_id = wlb.template_version_id WHERE wlb.job_status IN ('pending'::provisioner_job_status, 'running'::provisioner_job_status) + -- AND NOT t.deleted -- We don't exclude deleted templates because there's no constraint in the DB preventing a soft deletion on a template while workspaces are running. GROUP BY t.id, wpb.template_version_id, wpb.transition, wlb.template_version_preset_id; -- GetPresetsBackoff groups workspace builds by preset ID. @@ -98,6 +101,7 @@ WITH filtered_builds AS ( WHERE tvp.desired_instances IS NOT NULL -- Consider only presets that have a prebuild configuration. AND wlb.transition = 'start'::workspace_transition AND w.owner_id = 'c42fdf75-3097-471c-8c33-fb52454d81c0' + AND NOT t.deleted ), time_sorted_builds AS ( -- Group builds by preset, then sort each group by created_at. diff --git a/coderd/database/queries/presets.sql b/coderd/database/queries/presets.sql index 15bcea0c28fb5..6d5646a285b4a 100644 --- a/coderd/database/queries/presets.sql +++ b/coderd/database/queries/presets.sql @@ -1,5 +1,6 @@ -- name: InsertPreset :one INSERT INTO template_version_presets ( + id, template_version_id, name, created_at, @@ -7,6 +8,7 @@ INSERT INTO template_version_presets ( invalidate_after_secs ) VALUES ( + @id, @template_version_id, @name, @created_at, diff --git a/coderd/database/queries/workspaceagents.sql b/coderd/database/queries/workspaceagents.sql index 52d8b5275fc97..0d4a5343f78ba 100644 --- a/coderd/database/queries/workspaceagents.sql +++ b/coderd/database/queries/workspaceagents.sql @@ -252,6 +252,19 @@ WHERE wb.workspace_id = @workspace_id :: uuid ); +-- name: GetWorkspaceAgentsByWorkspaceAndBuildNumber :many +SELECT + workspace_agents.* +FROM + workspace_agents +JOIN + workspace_resources ON workspace_agents.resource_id = workspace_resources.id +JOIN + workspace_builds ON workspace_resources.job_id = workspace_builds.job_id +WHERE + workspace_builds.workspace_id = @workspace_id :: uuid AND + workspace_builds.build_number = @build_number :: int; + -- name: GetWorkspaceAgentAndLatestBuildByAuthToken :one SELECT sqlc.embed(workspaces), diff --git a/coderd/notifications/events.go b/coderd/notifications/events.go index 2f45205bf33ec..35d9925055da5 100644 --- a/coderd/notifications/events.go +++ b/coderd/notifications/events.go @@ -39,6 +39,7 @@ var ( TemplateTemplateDeprecated = uuid.MustParse("f40fae84-55a2-42cd-99fa-b41c1ca64894") TemplateWorkspaceBuildsFailedReport = uuid.MustParse("34a20db2-e9cc-4a93-b0e4-8569699d7a00") + TemplateWorkspaceResourceReplaced = uuid.MustParse("89d9745a-816e-4695-a17f-3d0a229e2b8d") ) // Notification-related events. diff --git a/coderd/notifications/notifications_test.go b/coderd/notifications/notifications_test.go index 12372b74a14c3..8f8a3c82441e0 100644 --- a/coderd/notifications/notifications_test.go +++ b/coderd/notifications/notifications_test.go @@ -35,6 +35,9 @@ import ( "golang.org/x/xerrors" "cdr.dev/slog" + "github.com/coder/quartz" + "github.com/coder/serpent" + "github.com/coder/coder/v2/coderd/coderdtest" "github.com/coder/coder/v2/coderd/database" "github.com/coder/coder/v2/coderd/database/dbauthz" @@ -48,8 +51,6 @@ import ( "github.com/coder/coder/v2/coderd/util/syncmap" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/testutil" - "github.com/coder/quartz" - "github.com/coder/serpent" ) // updateGoldenFiles is a flag that can be set to update golden files. @@ -1226,6 +1227,29 @@ func TestNotificationTemplates_Golden(t *testing.T) { Labels: map[string]string{}, }, }, + { + name: "TemplateWorkspaceResourceReplaced", + id: notifications.TemplateWorkspaceResourceReplaced, + payload: types.MessagePayload{ + UserName: "Bobby", + UserEmail: "bobby@coder.com", + UserUsername: "bobby", + Labels: map[string]string{ + "org": "cern", + "workspace": "my-workspace", + "workspace_build_num": "2", + "template": "docker", + "template_version": "angry_torvalds", + "preset": "particle-accelerator", + "claimant": "prebuilds-claimer", + }, + Data: map[string]any{ + "replacements": map[string]string{ + "docker_container[0]": "env, hostname", + }, + }, + }, + }, } // We must have a test case for every notification_template. This is enforced below: diff --git a/coderd/notifications/notificationstest/fake_enqueuer.go b/coderd/notifications/notificationstest/fake_enqueuer.go index 8fbc2cee25806..568091818295c 100644 --- a/coderd/notifications/notificationstest/fake_enqueuer.go +++ b/coderd/notifications/notificationstest/fake_enqueuer.go @@ -9,6 +9,7 @@ import ( "github.com/prometheus/client_golang/prometheus" "github.com/coder/coder/v2/coderd/database/dbauthz" + "github.com/coder/coder/v2/coderd/notifications" "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/coderd/rbac/policy" ) @@ -19,6 +20,12 @@ type FakeEnqueuer struct { sent []*FakeNotification } +var _ notifications.Enqueuer = &FakeEnqueuer{} + +func NewFakeEnqueuer() *FakeEnqueuer { + return &FakeEnqueuer{} +} + type FakeNotification struct { UserID, TemplateID uuid.UUID Labels map[string]string diff --git a/coderd/notifications/testdata/rendered-templates/smtp/TemplateWorkspaceResourceReplaced.html.golden b/coderd/notifications/testdata/rendered-templates/smtp/TemplateWorkspaceResourceReplaced.html.golden new file mode 100644 index 0000000000000..6d64eed0249a7 --- /dev/null +++ b/coderd/notifications/testdata/rendered-templates/smtp/TemplateWorkspaceResourceReplaced.html.golden @@ -0,0 +1,131 @@ +From: system@coder.com +To: bobby@coder.com +Subject: There might be a problem with a recently claimed prebuilt workspace +Message-Id: 02ee4935-73be-4fa1-a290-ff9999026b13@blush-whale-48 +Date: Fri, 11 Oct 2024 09:03:06 +0000 +Content-Type: multipart/alternative; boundary=bbe61b741255b6098bb6b3c1f41b885773df633cb18d2a3002b68e4bc9c4 +MIME-Version: 1.0 + +--bbe61b741255b6098bb6b3c1f41b885773df633cb18d2a3002b68e4bc9c4 +Content-Transfer-Encoding: quoted-printable +Content-Type: text/plain; charset=UTF-8 + +Hi Bobby, + +Workspace my-workspace was claimed from a prebuilt workspace by prebuilds-c= +laimer. + +During the claim, Terraform destroyed and recreated the following resources +because one or more immutable attributes changed: + +docker_container[0] was replaced due to changes to env, hostname + +When Terraform must change an immutable attribute, it replaces the entire r= +esource. +If you=E2=80=99re using prebuilds to speed up provisioning, unexpected repl= +acements will slow down +workspace startup=E2=80=94even when claiming a prebuilt environment. + +For tips on preventing replacements and improving claim performance, see th= +is guide (https://coder.com/docs/admin/templates/extending-templates/prebui= +lt-workspaces#preventing-resource-replacement). + +NOTE: this prebuilt workspace used the particle-accelerator preset. + + +View workspace build: http://test.com/@prebuilds-claimer/my-workspace/build= +s/2 + +View template version: http://test.com/templates/cern/docker/versions/angry= +_torvalds + +--bbe61b741255b6098bb6b3c1f41b885773df633cb18d2a3002b68e4bc9c4 +Content-Transfer-Encoding: quoted-printable +Content-Type: text/html; charset=UTF-8 + + + + + + + There might be a problem with a recently claimed prebuilt worksp= +ace + + +

+ There might be a problem with a recently claimed prebuilt workspace +

Hi Bobby,

Workspace my-workspace was claimed from a prebu= +ilt workspace by prebuilds-claimer.

+ +

During the claim, Terraform destroyed and recreated the following resour= +ces
+because one or more immutable attributes changed:

+ +

_dockercontainer[0] was replaced due to changes to env, h= +ostname
+

+ +

When Terraform must change an immutable attribute, it replaces the entir= +e resource.
+If you=E2=80=99re using prebuilds to speed up provisioning, unexpected repl= +acements will slow down
+workspace startup=E2=80=94even when claiming a prebuilt environment.

+ +

For tips on preventing replacements and improving claim performance, see= + this guide.

+ +

NOTE: this prebuilt workspace used the particle-accelerator preset.

+
+ =20 + + View workspace build + + =20 + + View template version + + =20 +
+
+
© 2024 Coder. All rights reserved - h= +ttp://test.com
+
Click here to manage your notification = +settings
+
Stop receiving emails like this
+
+

+ + + +--bbe61b741255b6098bb6b3c1f41b885773df633cb18d2a3002b68e4bc9c4-- diff --git a/coderd/notifications/testdata/rendered-templates/webhook/TemplateWorkspaceResourceReplaced.json.golden b/coderd/notifications/testdata/rendered-templates/webhook/TemplateWorkspaceResourceReplaced.json.golden new file mode 100644 index 0000000000000..09bf9431cdeed --- /dev/null +++ b/coderd/notifications/testdata/rendered-templates/webhook/TemplateWorkspaceResourceReplaced.json.golden @@ -0,0 +1,42 @@ +{ + "_version": "1.1", + "msg_id": "00000000-0000-0000-0000-000000000000", + "payload": { + "_version": "1.2", + "notification_name": "Prebuilt Workspace Resource Replaced", + "notification_template_id": "00000000-0000-0000-0000-000000000000", + "user_id": "00000000-0000-0000-0000-000000000000", + "user_email": "bobby@coder.com", + "user_name": "Bobby", + "user_username": "bobby", + "actions": [ + { + "label": "View workspace build", + "url": "http://test.com/@prebuilds-claimer/my-workspace/builds/2" + }, + { + "label": "View template version", + "url": "http://test.com/templates/cern/docker/versions/angry_torvalds" + } + ], + "labels": { + "claimant": "prebuilds-claimer", + "org": "cern", + "preset": "particle-accelerator", + "template": "docker", + "template_version": "angry_torvalds", + "workspace": "my-workspace", + "workspace_build_num": "2" + }, + "data": { + "replacements": { + "docker_container[0]": "env, hostname" + } + }, + "targets": null + }, + "title": "There might be a problem with a recently claimed prebuilt workspace", + "title_markdown": "There might be a problem with a recently claimed prebuilt workspace", + "body": "Workspace my-workspace was claimed from a prebuilt workspace by prebuilds-claimer.\n\nDuring the claim, Terraform destroyed and recreated the following resources\nbecause one or more immutable attributes changed:\n\ndocker_container[0] was replaced due to changes to env, hostname\n\nWhen Terraform must change an immutable attribute, it replaces the entire resource.\nIf you’re using prebuilds to speed up provisioning, unexpected replacements will slow down\nworkspace startup—even when claiming a prebuilt environment.\n\nFor tips on preventing replacements and improving claim performance, see this guide (https://coder.com/docs/admin/templates/extending-templates/prebuilt-workspaces#preventing-resource-replacement).\n\nNOTE: this prebuilt workspace used the particle-accelerator preset.", + "body_markdown": "\nWorkspace **my-workspace** was claimed from a prebuilt workspace by **prebuilds-claimer**.\n\nDuring the claim, Terraform destroyed and recreated the following resources\nbecause one or more immutable attributes changed:\n\n- _docker_container[0]_ was replaced due to changes to _env, hostname_\n\n\nWhen Terraform must change an immutable attribute, it replaces the entire resource.\nIf you’re using prebuilds to speed up provisioning, unexpected replacements will slow down\nworkspace startup—even when claiming a prebuilt environment.\n\nFor tips on preventing replacements and improving claim performance, see [this guide](https://coder.com/docs/admin/templates/extending-templates/prebuilt-workspaces#preventing-resource-replacement).\n\nNOTE: this prebuilt workspace used the **particle-accelerator** preset.\n" +} \ No newline at end of file diff --git a/coderd/prebuilds/api.go b/coderd/prebuilds/api.go index 00129eae37491..3092d27421d26 100644 --- a/coderd/prebuilds/api.go +++ b/coderd/prebuilds/api.go @@ -7,6 +7,7 @@ import ( "golang.org/x/xerrors" "github.com/coder/coder/v2/coderd/database" + sdkproto "github.com/coder/coder/v2/provisionersdk/proto" ) var ( @@ -27,6 +28,11 @@ type ReconciliationOrchestrator interface { // Stop gracefully shuts down the orchestrator with the given cause. // The cause is used for logging and error reporting. Stop(ctx context.Context, cause error) + + // TrackResourceReplacement handles a pathological situation whereby a terraform resource is replaced due to drift, + // which can obviate the whole point of pre-provisioning a prebuilt workspace. + // See more detail at https://coder.com/docs/admin/templates/extending-templates/prebuilt-workspaces#preventing-resource-replacement. + TrackResourceReplacement(ctx context.Context, workspaceID, buildID uuid.UUID, replacements []*sdkproto.ResourceReplacement) } type Reconciler interface { diff --git a/coderd/prebuilds/claim.go b/coderd/prebuilds/claim.go new file mode 100644 index 0000000000000..b5155b8f2a568 --- /dev/null +++ b/coderd/prebuilds/claim.go @@ -0,0 +1,82 @@ +package prebuilds + +import ( + "context" + "sync" + + "github.com/google/uuid" + "golang.org/x/xerrors" + + "cdr.dev/slog" + "github.com/coder/coder/v2/coderd/database/pubsub" + "github.com/coder/coder/v2/codersdk/agentsdk" +) + +func NewPubsubWorkspaceClaimPublisher(ps pubsub.Pubsub) *PubsubWorkspaceClaimPublisher { + return &PubsubWorkspaceClaimPublisher{ps: ps} +} + +type PubsubWorkspaceClaimPublisher struct { + ps pubsub.Pubsub +} + +func (p PubsubWorkspaceClaimPublisher) PublishWorkspaceClaim(claim agentsdk.ReinitializationEvent) error { + channel := agentsdk.PrebuildClaimedChannel(claim.WorkspaceID) + if err := p.ps.Publish(channel, []byte(claim.Reason)); err != nil { + return xerrors.Errorf("failed to trigger prebuilt workspace agent reinitialization: %w", err) + } + return nil +} + +func NewPubsubWorkspaceClaimListener(ps pubsub.Pubsub, logger slog.Logger) *PubsubWorkspaceClaimListener { + return &PubsubWorkspaceClaimListener{ps: ps, logger: logger} +} + +type PubsubWorkspaceClaimListener struct { + logger slog.Logger + ps pubsub.Pubsub +} + +// ListenForWorkspaceClaims subscribes to a pubsub channel and sends any received events on the chan that it returns. +// pubsub.Pubsub does not communicate when its last callback has been called after it has been closed. As such the chan +// returned by this method is never closed. Call the returned cancel() function to close the subscription when it is no longer needed. +// cancel() will be called if ctx expires or is canceled. +func (p PubsubWorkspaceClaimListener) ListenForWorkspaceClaims(ctx context.Context, workspaceID uuid.UUID, reinitEvents chan<- agentsdk.ReinitializationEvent) (func(), error) { + select { + case <-ctx.Done(): + return func() {}, ctx.Err() + default: + } + + cancelSub, err := p.ps.Subscribe(agentsdk.PrebuildClaimedChannel(workspaceID), func(inner context.Context, reason []byte) { + claim := agentsdk.ReinitializationEvent{ + WorkspaceID: workspaceID, + Reason: agentsdk.ReinitializationReason(reason), + } + + select { + case <-ctx.Done(): + return + case <-inner.Done(): + return + case reinitEvents <- claim: + } + }) + if err != nil { + return func() {}, xerrors.Errorf("failed to subscribe to prebuild claimed channel: %w", err) + } + + var once sync.Once + cancel := func() { + once.Do(func() { + cancelSub() + }) + } + + go func() { + <-ctx.Done() + cancel() + }() + + return cancel, nil +} diff --git a/coderd/prebuilds/claim_test.go b/coderd/prebuilds/claim_test.go new file mode 100644 index 0000000000000..670bb64eec756 --- /dev/null +++ b/coderd/prebuilds/claim_test.go @@ -0,0 +1,141 @@ +package prebuilds_test + +import ( + "context" + "testing" + "time" + + "github.com/google/uuid" + "github.com/stretchr/testify/require" + "golang.org/x/xerrors" + + "cdr.dev/slog/sloggers/slogtest" + "github.com/coder/coder/v2/coderd/database/pubsub" + "github.com/coder/coder/v2/coderd/prebuilds" + "github.com/coder/coder/v2/codersdk/agentsdk" + "github.com/coder/coder/v2/testutil" +) + +func TestPubsubWorkspaceClaimPublisher(t *testing.T) { + t.Parallel() + t.Run("published claim is received by a listener for the same workspace", func(t *testing.T) { + t.Parallel() + + ctx := testutil.Context(t, testutil.WaitShort) + logger := testutil.Logger(t) + ps := pubsub.NewInMemory() + workspaceID := uuid.New() + reinitEvents := make(chan agentsdk.ReinitializationEvent, 1) + publisher := prebuilds.NewPubsubWorkspaceClaimPublisher(ps) + listener := prebuilds.NewPubsubWorkspaceClaimListener(ps, logger) + + cancel, err := listener.ListenForWorkspaceClaims(ctx, workspaceID, reinitEvents) + require.NoError(t, err) + defer cancel() + + claim := agentsdk.ReinitializationEvent{ + WorkspaceID: workspaceID, + Reason: agentsdk.ReinitializeReasonPrebuildClaimed, + } + err = publisher.PublishWorkspaceClaim(claim) + require.NoError(t, err) + + gotEvent := testutil.RequireReceive(ctx, t, reinitEvents) + require.Equal(t, workspaceID, gotEvent.WorkspaceID) + require.Equal(t, claim.Reason, gotEvent.Reason) + }) + + t.Run("fail to publish claim", func(t *testing.T) { + t.Parallel() + + ps := &brokenPubsub{} + + publisher := prebuilds.NewPubsubWorkspaceClaimPublisher(ps) + claim := agentsdk.ReinitializationEvent{ + WorkspaceID: uuid.New(), + Reason: agentsdk.ReinitializeReasonPrebuildClaimed, + } + + err := publisher.PublishWorkspaceClaim(claim) + require.ErrorContains(t, err, "failed to trigger prebuilt workspace agent reinitialization") + }) +} + +func TestPubsubWorkspaceClaimListener(t *testing.T) { + t.Parallel() + t.Run("finds claim events for its workspace", func(t *testing.T) { + t.Parallel() + + ps := pubsub.NewInMemory() + listener := prebuilds.NewPubsubWorkspaceClaimListener(ps, slogtest.Make(t, nil)) + + claims := make(chan agentsdk.ReinitializationEvent, 1) // Buffer to avoid messing with goroutines in the rest of the test + + workspaceID := uuid.New() + cancelFunc, err := listener.ListenForWorkspaceClaims(context.Background(), workspaceID, claims) + require.NoError(t, err) + defer cancelFunc() + + // Publish a claim + channel := agentsdk.PrebuildClaimedChannel(workspaceID) + reason := agentsdk.ReinitializeReasonPrebuildClaimed + err = ps.Publish(channel, []byte(reason)) + require.NoError(t, err) + + // Verify we receive the claim + ctx := testutil.Context(t, testutil.WaitShort) + claim := testutil.RequireReceive(ctx, t, claims) + require.Equal(t, workspaceID, claim.WorkspaceID) + require.Equal(t, reason, claim.Reason) + }) + + t.Run("ignores claim events for other workspaces", func(t *testing.T) { + t.Parallel() + + ps := pubsub.NewInMemory() + listener := prebuilds.NewPubsubWorkspaceClaimListener(ps, slogtest.Make(t, nil)) + + claims := make(chan agentsdk.ReinitializationEvent) + workspaceID := uuid.New() + otherWorkspaceID := uuid.New() + cancelFunc, err := listener.ListenForWorkspaceClaims(context.Background(), workspaceID, claims) + require.NoError(t, err) + defer cancelFunc() + + // Publish a claim for a different workspace + channel := agentsdk.PrebuildClaimedChannel(otherWorkspaceID) + err = ps.Publish(channel, []byte(agentsdk.ReinitializeReasonPrebuildClaimed)) + require.NoError(t, err) + + // Verify we don't receive the claim + select { + case <-claims: + t.Fatal("received claim for wrong workspace") + case <-time.After(100 * time.Millisecond): + // Expected - no claim received + } + }) + + t.Run("communicates the error if it can't subscribe", func(t *testing.T) { + t.Parallel() + + claims := make(chan agentsdk.ReinitializationEvent) + ps := &brokenPubsub{} + listener := prebuilds.NewPubsubWorkspaceClaimListener(ps, slogtest.Make(t, nil)) + + _, err := listener.ListenForWorkspaceClaims(context.Background(), uuid.New(), claims) + require.ErrorContains(t, err, "failed to subscribe to prebuild claimed channel") + }) +} + +type brokenPubsub struct { + pubsub.Pubsub +} + +func (brokenPubsub) Subscribe(_ string, _ pubsub.Listener) (func(), error) { + return nil, xerrors.New("broken") +} + +func (brokenPubsub) Publish(_ string, _ []byte) error { + return xerrors.New("broken") +} diff --git a/coderd/prebuilds/noop.go b/coderd/prebuilds/noop.go index 6fb3f7c6a5f1f..3c2dd78a804db 100644 --- a/coderd/prebuilds/noop.go +++ b/coderd/prebuilds/noop.go @@ -6,12 +6,15 @@ import ( "github.com/google/uuid" "github.com/coder/coder/v2/coderd/database" + sdkproto "github.com/coder/coder/v2/provisionersdk/proto" ) type NoopReconciler struct{} -func (NoopReconciler) Run(context.Context) {} -func (NoopReconciler) Stop(context.Context, error) {} +func (NoopReconciler) Run(context.Context) {} +func (NoopReconciler) Stop(context.Context, error) {} +func (NoopReconciler) TrackResourceReplacement(context.Context, uuid.UUID, uuid.UUID, []*sdkproto.ResourceReplacement) { +} func (NoopReconciler) ReconcileAll(context.Context) error { return nil } func (NoopReconciler) SnapshotState(context.Context, database.Store) (*GlobalSnapshot, error) { return &GlobalSnapshot{}, nil diff --git a/coderd/provisionerdserver/provisionerdserver.go b/coderd/provisionerdserver/provisionerdserver.go index 9362d2f3e5a85..e084499f02f18 100644 --- a/coderd/provisionerdserver/provisionerdserver.go +++ b/coderd/provisionerdserver/provisionerdserver.go @@ -37,12 +37,14 @@ import ( "github.com/coder/coder/v2/coderd/database/pubsub" "github.com/coder/coder/v2/coderd/externalauth" "github.com/coder/coder/v2/coderd/notifications" + "github.com/coder/coder/v2/coderd/prebuilds" "github.com/coder/coder/v2/coderd/promoauth" "github.com/coder/coder/v2/coderd/schedule" "github.com/coder/coder/v2/coderd/telemetry" "github.com/coder/coder/v2/coderd/tracing" "github.com/coder/coder/v2/coderd/wspubsub" "github.com/coder/coder/v2/codersdk" + "github.com/coder/coder/v2/codersdk/agentsdk" "github.com/coder/coder/v2/codersdk/drpc" "github.com/coder/coder/v2/provisioner" "github.com/coder/coder/v2/provisionerd/proto" @@ -108,6 +110,7 @@ type server struct { UserQuietHoursScheduleStore *atomic.Pointer[schedule.UserQuietHoursScheduleStore] DeploymentValues *codersdk.DeploymentValues NotificationsEnqueuer notifications.Enqueuer + PrebuildsOrchestrator *atomic.Pointer[prebuilds.ReconciliationOrchestrator] OIDCConfig promoauth.OAuth2Config @@ -143,8 +146,7 @@ func (t Tags) Valid() error { return nil } -func NewServer( - lifecycleCtx context.Context, +func NewServer(lifecycleCtx context.Context, accessURL *url.URL, id uuid.UUID, organizationID uuid.UUID, @@ -163,6 +165,7 @@ func NewServer( deploymentValues *codersdk.DeploymentValues, options Options, enqueuer notifications.Enqueuer, + prebuildsOrchestrator *atomic.Pointer[prebuilds.ReconciliationOrchestrator], ) (proto.DRPCProvisionerDaemonServer, error) { // Fail-fast if pointers are nil if lifecycleCtx == nil { @@ -227,6 +230,7 @@ func NewServer( acquireJobLongPollDur: options.AcquireJobLongPollDur, heartbeatInterval: options.HeartbeatInterval, heartbeatFn: options.HeartbeatFn, + PrebuildsOrchestrator: prebuildsOrchestrator, } if s.heartbeatFn == nil { @@ -617,6 +621,30 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo } } + runningAgentAuthTokens := []*sdkproto.RunningAgentAuthToken{} + if input.PrebuiltWorkspaceBuildStage == sdkproto.PrebuiltWorkspaceBuildStage_CLAIM { + // runningAgentAuthTokens are *only* used for prebuilds. We fetch them when we want to rebuild a prebuilt workspace + // but not generate new agent tokens. The provisionerdserver will push them down to + // the provisioner (and ultimately to the `coder_agent` resource in the Terraform provider) where they will be + // reused. Context: the agent token is often used in immutable attributes of workspace resource (e.g. VM/container) + // to initialize the agent, so if that value changes it will necessitate a replacement of that resource, thus + // obviating the whole point of the prebuild. + agents, err := s.Database.GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx, database.GetWorkspaceAgentsByWorkspaceAndBuildNumberParams{ + WorkspaceID: workspace.ID, + BuildNumber: 1, + }) + if err != nil { + s.Logger.Error(ctx, "failed to retrieve running agents of claimed prebuilt workspace", + slog.F("workspace_id", workspace.ID), slog.Error(err)) + } + for _, agent := range agents { + runningAgentAuthTokens = append(runningAgentAuthTokens, &sdkproto.RunningAgentAuthToken{ + AgentId: agent.ID.String(), + Token: agent.AuthToken.String(), + }) + } + } + protoJob.Type = &proto.AcquiredJob_WorkspaceBuild_{ WorkspaceBuild: &proto.AcquiredJob_WorkspaceBuild{ WorkspaceBuildId: workspaceBuild.ID.String(), @@ -645,7 +673,8 @@ func (s *server) acquireProtoJob(ctx context.Context, job database.ProvisionerJo WorkspaceBuildId: workspaceBuild.ID.String(), WorkspaceOwnerLoginType: string(owner.LoginType), WorkspaceOwnerRbacRoles: ownerRbacRoles, - IsPrebuild: input.IsPrebuild, + RunningAgentAuthTokens: runningAgentAuthTokens, + PrebuiltWorkspaceBuildStage: input.PrebuiltWorkspaceBuildStage, }, LogLevel: input.LogLevel, }, @@ -1722,6 +1751,15 @@ func (s *server) CompleteJob(ctx context.Context, completed *proto.CompletedJob) }) } + if s.PrebuildsOrchestrator != nil && input.PrebuiltWorkspaceBuildStage == sdkproto.PrebuiltWorkspaceBuildStage_CLAIM { + // Track resource replacements, if there are any. + orchestrator := s.PrebuildsOrchestrator.Load() + if resourceReplacements := completed.GetWorkspaceBuild().GetResourceReplacements(); orchestrator != nil && len(resourceReplacements) > 0 { + // Fire and forget. Bind to the lifecycle of the server so shutdowns are handled gracefully. + go (*orchestrator).TrackResourceReplacement(s.lifecycleCtx, workspace.ID, workspaceBuild.ID, resourceReplacements) + } + } + msg, err := json.Marshal(wspubsub.WorkspaceEvent{ Kind: wspubsub.WorkspaceEventKindStateChange, WorkspaceID: workspace.ID, @@ -1733,6 +1771,19 @@ func (s *server) CompleteJob(ctx context.Context, completed *proto.CompletedJob) if err != nil { return nil, xerrors.Errorf("update workspace: %w", err) } + + if input.PrebuiltWorkspaceBuildStage == sdkproto.PrebuiltWorkspaceBuildStage_CLAIM { + s.Logger.Info(ctx, "workspace prebuild successfully claimed by user", + slog.F("workspace_id", workspace.ID)) + + err = prebuilds.NewPubsubWorkspaceClaimPublisher(s.Pubsub).PublishWorkspaceClaim(agentsdk.ReinitializationEvent{ + WorkspaceID: workspace.ID, + Reason: agentsdk.ReinitializeReasonPrebuildClaimed, + }) + if err != nil { + s.Logger.Error(ctx, "failed to publish workspace claim event", slog.Error(err)) + } + } case *proto.CompletedJob_TemplateDryRun_: for _, resource := range jobType.TemplateDryRun.Resources { s.Logger.Info(ctx, "inserting template dry-run job resource", @@ -1876,6 +1927,7 @@ func InsertWorkspacePresetAndParameters(ctx context.Context, db database.Store, } } dbPreset, err := tx.InsertPreset(ctx, database.InsertPresetParams{ + ID: uuid.New(), TemplateVersionID: templateVersionID, Name: protoPreset.Name, CreatedAt: t, @@ -2471,11 +2523,10 @@ type TemplateVersionImportJob struct { // WorkspaceProvisionJob is the payload for the "workspace_provision" job type. type WorkspaceProvisionJob struct { - WorkspaceBuildID uuid.UUID `json:"workspace_build_id"` - DryRun bool `json:"dry_run"` - IsPrebuild bool `json:"is_prebuild,omitempty"` - PrebuildClaimedByUser uuid.UUID `json:"prebuild_claimed_by,omitempty"` - LogLevel string `json:"log_level,omitempty"` + WorkspaceBuildID uuid.UUID `json:"workspace_build_id"` + DryRun bool `json:"dry_run"` + LogLevel string `json:"log_level,omitempty"` + PrebuiltWorkspaceBuildStage sdkproto.PrebuiltWorkspaceBuildStage `json:"prebuilt_workspace_stage,omitempty"` } // TemplateVersionDryRunJob is the payload for the "template_version_dry_run" job type. diff --git a/coderd/provisionerdserver/provisionerdserver_test.go b/coderd/provisionerdserver/provisionerdserver_test.go index caeef8a9793b7..1ba86c50baf8a 100644 --- a/coderd/provisionerdserver/provisionerdserver_test.go +++ b/coderd/provisionerdserver/provisionerdserver_test.go @@ -23,7 +23,6 @@ import ( "storj.io/drpc" "cdr.dev/slog/sloggers/slogtest" - "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/quartz" "github.com/coder/serpent" @@ -38,12 +37,15 @@ import ( "github.com/coder/coder/v2/coderd/externalauth" "github.com/coder/coder/v2/coderd/notifications" "github.com/coder/coder/v2/coderd/notifications/notificationstest" + agplprebuilds "github.com/coder/coder/v2/coderd/prebuilds" "github.com/coder/coder/v2/coderd/provisionerdserver" + "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/coderd/schedule" "github.com/coder/coder/v2/coderd/schedule/cron" "github.com/coder/coder/v2/coderd/telemetry" "github.com/coder/coder/v2/coderd/wspubsub" "github.com/coder/coder/v2/codersdk" + "github.com/coder/coder/v2/codersdk/agentsdk" "github.com/coder/coder/v2/provisionerd/proto" "github.com/coder/coder/v2/provisionersdk" sdkproto "github.com/coder/coder/v2/provisionersdk/proto" @@ -166,8 +168,12 @@ func TestAcquireJob(t *testing.T) { _, err = tc.acquire(ctx, srv) require.ErrorContains(t, err, "sql: no rows in result set") }) - for _, prebuiltWorkspace := range []bool{false, true} { - prebuiltWorkspace := prebuiltWorkspace + for _, prebuiltWorkspaceBuildStage := range []sdkproto.PrebuiltWorkspaceBuildStage{ + sdkproto.PrebuiltWorkspaceBuildStage_NONE, + sdkproto.PrebuiltWorkspaceBuildStage_CREATE, + sdkproto.PrebuiltWorkspaceBuildStage_CLAIM, + } { + prebuiltWorkspaceBuildStage := prebuiltWorkspaceBuildStage t.Run(tc.name+"_WorkspaceBuildJob", func(t *testing.T) { t.Parallel() // Set the max session token lifetime so we can assert we @@ -211,7 +217,7 @@ func TestAcquireJob(t *testing.T) { Roles: []string{rbac.RoleOrgAuditor()}, }) - // Add extra erronous roles + // Add extra erroneous roles secondOrg := dbgen.Organization(t, db, database.Organization{}) dbgen.OrganizationMember(t, db, database.OrganizationMember{ UserID: user.ID, @@ -286,32 +292,74 @@ func TestAcquireJob(t *testing.T) { Required: true, Sensitive: false, }) - workspace := dbgen.Workspace(t, db, database.WorkspaceTable{ + workspace := database.WorkspaceTable{ TemplateID: template.ID, OwnerID: user.ID, OrganizationID: pd.OrganizationID, - }) - build := dbgen.WorkspaceBuild(t, db, database.WorkspaceBuild{ + } + workspace = dbgen.Workspace(t, db, workspace) + build := database.WorkspaceBuild{ WorkspaceID: workspace.ID, BuildNumber: 1, JobID: uuid.New(), TemplateVersionID: version.ID, Transition: database.WorkspaceTransitionStart, Reason: database.BuildReasonInitiator, - }) - _ = dbgen.ProvisionerJob(t, db, ps, database.ProvisionerJob{ - ID: build.ID, + } + build = dbgen.WorkspaceBuild(t, db, build) + input := provisionerdserver.WorkspaceProvisionJob{ + WorkspaceBuildID: build.ID, + } + dbJob := database.ProvisionerJob{ + ID: build.JobID, OrganizationID: pd.OrganizationID, InitiatorID: user.ID, Provisioner: database.ProvisionerTypeEcho, StorageMethod: database.ProvisionerStorageMethodFile, FileID: file.ID, Type: database.ProvisionerJobTypeWorkspaceBuild, - Input: must(json.Marshal(provisionerdserver.WorkspaceProvisionJob{ - WorkspaceBuildID: build.ID, - IsPrebuild: prebuiltWorkspace, - })), - }) + Input: must(json.Marshal(input)), + } + dbJob = dbgen.ProvisionerJob(t, db, ps, dbJob) + + var agent database.WorkspaceAgent + if prebuiltWorkspaceBuildStage == sdkproto.PrebuiltWorkspaceBuildStage_CLAIM { + resource := dbgen.WorkspaceResource(t, db, database.WorkspaceResource{ + JobID: dbJob.ID, + }) + agent = dbgen.WorkspaceAgent(t, db, database.WorkspaceAgent{ + ResourceID: resource.ID, + AuthToken: uuid.New(), + }) + // At this point we have an unclaimed workspace and build, now we need to setup the claim + // build + build = database.WorkspaceBuild{ + WorkspaceID: workspace.ID, + BuildNumber: 2, + JobID: uuid.New(), + TemplateVersionID: version.ID, + Transition: database.WorkspaceTransitionStart, + Reason: database.BuildReasonInitiator, + InitiatorID: user.ID, + } + build = dbgen.WorkspaceBuild(t, db, build) + + input = provisionerdserver.WorkspaceProvisionJob{ + WorkspaceBuildID: build.ID, + PrebuiltWorkspaceBuildStage: prebuiltWorkspaceBuildStage, + } + dbJob = database.ProvisionerJob{ + ID: build.JobID, + OrganizationID: pd.OrganizationID, + InitiatorID: user.ID, + Provisioner: database.ProvisionerTypeEcho, + StorageMethod: database.ProvisionerStorageMethodFile, + FileID: file.ID, + Type: database.ProvisionerJobTypeWorkspaceBuild, + Input: must(json.Marshal(input)), + } + dbJob = dbgen.ProvisionerJob(t, db, ps, dbJob) + } startPublished := make(chan struct{}) var closed bool @@ -345,6 +393,19 @@ func TestAcquireJob(t *testing.T) { <-startPublished + if prebuiltWorkspaceBuildStage == sdkproto.PrebuiltWorkspaceBuildStage_CLAIM { + for { + // In the case of a prebuild claim, there is a second build, which is the + // one that we're interested in. + job, err = tc.acquire(ctx, srv) + require.NoError(t, err) + if _, ok := job.Type.(*proto.AcquiredJob_WorkspaceBuild_); ok { + break + } + } + <-startPublished + } + got, err := json.Marshal(job.Type) require.NoError(t, err) @@ -379,8 +440,14 @@ func TestAcquireJob(t *testing.T) { WorkspaceOwnerLoginType: string(user.LoginType), WorkspaceOwnerRbacRoles: []*sdkproto.Role{{Name: rbac.RoleOrgMember(), OrgId: pd.OrganizationID.String()}, {Name: "member", OrgId: ""}, {Name: rbac.RoleOrgAuditor(), OrgId: pd.OrganizationID.String()}}, } - if prebuiltWorkspace { - wantedMetadata.IsPrebuild = true + if prebuiltWorkspaceBuildStage == sdkproto.PrebuiltWorkspaceBuildStage_CLAIM { + // For claimed prebuilds, we expect the prebuild state to be set to CLAIM + // and we expect tokens from the first build to be set for reuse + wantedMetadata.PrebuiltWorkspaceBuildStage = prebuiltWorkspaceBuildStage + wantedMetadata.RunningAgentAuthTokens = append(wantedMetadata.RunningAgentAuthTokens, &sdkproto.RunningAgentAuthToken{ + AgentId: agent.ID.String(), + Token: agent.AuthToken.String(), + }) } slices.SortFunc(wantedMetadata.WorkspaceOwnerRbacRoles, func(a, b *sdkproto.Role) int { @@ -1745,6 +1812,210 @@ func TestCompleteJob(t *testing.T) { }) } }) + + t.Run("ReinitializePrebuiltAgents", func(t *testing.T) { + t.Parallel() + type testcase struct { + name string + shouldReinitializeAgent bool + } + + for _, tc := range []testcase{ + // Whether or not there are presets and those presets define prebuilds, etc + // are all irrelevant at this level. Those factors are useful earlier in the process. + // Everything relevant to this test is determined by the value of `PrebuildClaimedByUser` + // on the provisioner job. As such, there are only two significant test cases: + { + name: "claimed prebuild", + shouldReinitializeAgent: true, + }, + { + name: "not a claimed prebuild", + shouldReinitializeAgent: false, + }, + } { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + // GIVEN an enqueued provisioner job and its dependencies: + + srv, db, ps, pd := setup(t, false, &overrides{}) + + buildID := uuid.New() + jobInput := provisionerdserver.WorkspaceProvisionJob{ + WorkspaceBuildID: buildID, + } + if tc.shouldReinitializeAgent { // This is the key lever in the test + // GIVEN the enqueued provisioner job is for a workspace being claimed by a user: + jobInput.PrebuiltWorkspaceBuildStage = sdkproto.PrebuiltWorkspaceBuildStage_CLAIM + } + input, err := json.Marshal(jobInput) + require.NoError(t, err) + + ctx := testutil.Context(t, testutil.WaitShort) + job, err := db.InsertProvisionerJob(ctx, database.InsertProvisionerJobParams{ + Input: input, + Provisioner: database.ProvisionerTypeEcho, + StorageMethod: database.ProvisionerStorageMethodFile, + Type: database.ProvisionerJobTypeWorkspaceBuild, + }) + require.NoError(t, err) + + tpl := dbgen.Template(t, db, database.Template{ + OrganizationID: pd.OrganizationID, + }) + tv := dbgen.TemplateVersion(t, db, database.TemplateVersion{ + TemplateID: uuid.NullUUID{UUID: tpl.ID, Valid: true}, + JobID: job.ID, + }) + workspace := dbgen.Workspace(t, db, database.WorkspaceTable{ + TemplateID: tpl.ID, + }) + _ = dbgen.WorkspaceBuild(t, db, database.WorkspaceBuild{ + ID: buildID, + JobID: job.ID, + WorkspaceID: workspace.ID, + TemplateVersionID: tv.ID, + }) + _, err = db.AcquireProvisionerJob(ctx, database.AcquireProvisionerJobParams{ + WorkerID: uuid.NullUUID{ + UUID: pd.ID, + Valid: true, + }, + Types: []database.ProvisionerType{database.ProvisionerTypeEcho}, + }) + require.NoError(t, err) + + // GIVEN something is listening to process workspace reinitialization: + reinitChan := make(chan agentsdk.ReinitializationEvent, 1) // Buffered to simplify test structure + cancel, err := agplprebuilds.NewPubsubWorkspaceClaimListener(ps, testutil.Logger(t)).ListenForWorkspaceClaims(ctx, workspace.ID, reinitChan) + require.NoError(t, err) + defer cancel() + + // WHEN the job is completed + completedJob := proto.CompletedJob{ + JobId: job.ID.String(), + Type: &proto.CompletedJob_WorkspaceBuild_{ + WorkspaceBuild: &proto.CompletedJob_WorkspaceBuild{}, + }, + } + _, err = srv.CompleteJob(ctx, &completedJob) + require.NoError(t, err) + + if tc.shouldReinitializeAgent { + event := testutil.RequireReceive(ctx, t, reinitChan) + require.Equal(t, workspace.ID, event.WorkspaceID) + } else { + select { + case <-reinitChan: + t.Fatal("unexpected reinitialization event published") + default: + // OK + } + } + }) + } + }) + + t.Run("PrebuiltWorkspaceClaimWithResourceReplacements", func(t *testing.T) { + t.Parallel() + + ctx := testutil.Context(t, testutil.WaitLong) + + // Given: a mock prebuild orchestrator which stores calls to TrackResourceReplacement. + done := make(chan struct{}) + orchestrator := &mockPrebuildsOrchestrator{ + ReconciliationOrchestrator: agplprebuilds.DefaultReconciler, + done: done, + } + srv, db, ps, pd := setup(t, false, &overrides{ + prebuildsOrchestrator: orchestrator, + }) + + // Given: a workspace build which simulates claiming a prebuild. + user := dbgen.User(t, db, database.User{}) + template := dbgen.Template(t, db, database.Template{ + Name: "template", + Provisioner: database.ProvisionerTypeEcho, + OrganizationID: pd.OrganizationID, + }) + file := dbgen.File(t, db, database.File{CreatedBy: user.ID}) + workspaceTable := dbgen.Workspace(t, db, database.WorkspaceTable{ + TemplateID: template.ID, + OwnerID: user.ID, + OrganizationID: pd.OrganizationID, + }) + version := dbgen.TemplateVersion(t, db, database.TemplateVersion{ + OrganizationID: pd.OrganizationID, + TemplateID: uuid.NullUUID{ + UUID: template.ID, + Valid: true, + }, + JobID: uuid.New(), + }) + build := dbgen.WorkspaceBuild(t, db, database.WorkspaceBuild{ + WorkspaceID: workspaceTable.ID, + InitiatorID: user.ID, + TemplateVersionID: version.ID, + Transition: database.WorkspaceTransitionStart, + Reason: database.BuildReasonInitiator, + }) + job := dbgen.ProvisionerJob(t, db, ps, database.ProvisionerJob{ + FileID: file.ID, + InitiatorID: user.ID, + Type: database.ProvisionerJobTypeWorkspaceBuild, + Input: must(json.Marshal(provisionerdserver.WorkspaceProvisionJob{ + WorkspaceBuildID: build.ID, + PrebuiltWorkspaceBuildStage: sdkproto.PrebuiltWorkspaceBuildStage_CLAIM, + })), + OrganizationID: pd.OrganizationID, + }) + _, err := db.AcquireProvisionerJob(ctx, database.AcquireProvisionerJobParams{ + OrganizationID: pd.OrganizationID, + WorkerID: uuid.NullUUID{ + UUID: pd.ID, + Valid: true, + }, + Types: []database.ProvisionerType{database.ProvisionerTypeEcho}, + }) + require.NoError(t, err) + + // When: a replacement is encountered. + replacements := []*sdkproto.ResourceReplacement{ + { + Resource: "docker_container[0]", + Paths: []string{"env"}, + }, + } + + // Then: CompleteJob makes a call to TrackResourceReplacement. + _, err = srv.CompleteJob(ctx, &proto.CompletedJob{ + JobId: job.ID.String(), + Type: &proto.CompletedJob_WorkspaceBuild_{ + WorkspaceBuild: &proto.CompletedJob_WorkspaceBuild{ + State: []byte{}, + ResourceReplacements: replacements, + }, + }, + }) + require.NoError(t, err) + + // Then: the replacements are as we expected. + testutil.RequireReceive(ctx, t, done) + require.Equal(t, replacements, orchestrator.replacements) + }) +} + +type mockPrebuildsOrchestrator struct { + agplprebuilds.ReconciliationOrchestrator + + replacements []*sdkproto.ResourceReplacement + done chan struct{} +} + +func (m *mockPrebuildsOrchestrator) TrackResourceReplacement(_ context.Context, _, _ uuid.UUID, replacements []*sdkproto.ResourceReplacement) { + m.replacements = replacements + m.done <- struct{}{} } func TestInsertWorkspacePresetsAndParameters(t *testing.T) { @@ -2630,6 +2901,7 @@ type overrides struct { heartbeatInterval time.Duration auditor audit.Auditor notificationEnqueuer notifications.Enqueuer + prebuildsOrchestrator agplprebuilds.ReconciliationOrchestrator } func setup(t *testing.T, ignoreLogErrors bool, ov *overrides) (proto.DRPCProvisionerDaemonServer, database.Store, pubsub.Pubsub, database.ProvisionerDaemon) { @@ -2711,6 +2983,13 @@ func setup(t *testing.T, ignoreLogErrors bool, ov *overrides) (proto.DRPCProvisi }) require.NoError(t, err) + prebuildsOrchestrator := ov.prebuildsOrchestrator + if prebuildsOrchestrator == nil { + prebuildsOrchestrator = agplprebuilds.DefaultReconciler + } + var op atomic.Pointer[agplprebuilds.ReconciliationOrchestrator] + op.Store(&prebuildsOrchestrator) + srv, err := provisionerdserver.NewServer( ov.ctx, &url.URL{}, @@ -2738,6 +3017,7 @@ func setup(t *testing.T, ignoreLogErrors bool, ov *overrides) (proto.DRPCProvisi HeartbeatFn: ov.heartbeatFn, }, notifEnq, + &op, ) require.NoError(t, err) return srv, db, ps, daemon diff --git a/coderd/workspaceagents.go b/coderd/workspaceagents.go index 050537705d107..5af9fc009b5aa 100644 --- a/coderd/workspaceagents.go +++ b/coderd/workspaceagents.go @@ -35,6 +35,7 @@ import ( "github.com/coder/coder/v2/coderd/httpmw" "github.com/coder/coder/v2/coderd/httpmw/loggermw" "github.com/coder/coder/v2/coderd/jwtutils" + "github.com/coder/coder/v2/coderd/prebuilds" "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/coderd/rbac/policy" "github.com/coder/coder/v2/coderd/telemetry" @@ -1183,6 +1184,60 @@ func (api *API) workspaceAgentPostLogSource(rw http.ResponseWriter, r *http.Requ httpapi.Write(ctx, rw, http.StatusCreated, apiSource) } +// @Summary Get workspace agent reinitialization +// @ID get-workspace-agent-reinitialization +// @Security CoderSessionToken +// @Produce json +// @Tags Agents +// @Success 200 {object} agentsdk.ReinitializationEvent +// @Router /workspaceagents/me/reinit [get] +func (api *API) workspaceAgentReinit(rw http.ResponseWriter, r *http.Request) { + // Allow us to interrupt watch via cancel. + ctx, cancel := context.WithCancel(r.Context()) + defer cancel() + r = r.WithContext(ctx) // Rewire context for SSE cancellation. + + workspaceAgent := httpmw.WorkspaceAgent(r) + log := api.Logger.Named("workspace_agent_reinit_watcher").With( + slog.F("workspace_agent_id", workspaceAgent.ID), + ) + + workspace, err := api.Database.GetWorkspaceByAgentID(ctx, workspaceAgent.ID) + if err != nil { + log.Error(ctx, "failed to retrieve workspace from agent token", slog.Error(err)) + httpapi.InternalServerError(rw, xerrors.New("failed to determine workspace from agent token")) + } + + log.Info(ctx, "agent waiting for reinit instruction") + + reinitEvents := make(chan agentsdk.ReinitializationEvent) + cancel, err = prebuilds.NewPubsubWorkspaceClaimListener(api.Pubsub, log).ListenForWorkspaceClaims(ctx, workspace.ID, reinitEvents) + if err != nil { + log.Error(ctx, "subscribe to prebuild claimed channel", slog.Error(err)) + httpapi.InternalServerError(rw, xerrors.New("failed to subscribe to prebuild claimed channel")) + return + } + defer cancel() + + transmitter := agentsdk.NewSSEAgentReinitTransmitter(log, rw, r) + + err = transmitter.Transmit(ctx, reinitEvents) + switch { + case errors.Is(err, agentsdk.ErrTransmissionSourceClosed): + log.Info(ctx, "agent reinitialization subscription closed", slog.F("workspace_agent_id", workspaceAgent.ID)) + case errors.Is(err, agentsdk.ErrTransmissionTargetClosed): + log.Info(ctx, "agent connection closed", slog.F("workspace_agent_id", workspaceAgent.ID)) + case errors.Is(err, context.Canceled): + log.Info(ctx, "agent reinitialization", slog.Error(err)) + case err != nil: + log.Error(ctx, "failed to stream agent reinit events", slog.Error(err)) + httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ + Message: "Internal error streaming agent reinitialization events.", + Detail: err.Error(), + }) + } +} + // convertProvisionedApps converts applications that are in the middle of provisioning process. // It means that they may not have an agent or workspace assigned (dry-run job). func convertProvisionedApps(dbApps []database.WorkspaceApp) []codersdk.WorkspaceApp { diff --git a/coderd/workspaceagents_test.go b/coderd/workspaceagents_test.go index 6b757a52ec06d..10403f1ac00ae 100644 --- a/coderd/workspaceagents_test.go +++ b/coderd/workspaceagents_test.go @@ -11,6 +11,7 @@ import ( "runtime" "strconv" "strings" + "sync" "sync/atomic" "testing" "time" @@ -44,10 +45,12 @@ import ( "github.com/coder/coder/v2/coderd/database/dbfake" "github.com/coder/coder/v2/coderd/database/dbgen" "github.com/coder/coder/v2/coderd/database/dbmem" + "github.com/coder/coder/v2/coderd/database/dbtestutil" "github.com/coder/coder/v2/coderd/database/dbtime" "github.com/coder/coder/v2/coderd/database/pubsub" "github.com/coder/coder/v2/coderd/externalauth" "github.com/coder/coder/v2/coderd/jwtutils" + "github.com/coder/coder/v2/coderd/prebuilds" "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/coderd/telemetry" "github.com/coder/coder/v2/coderd/util/ptr" @@ -2641,3 +2644,70 @@ func TestAgentConnectionInfo(t *testing.T) { require.True(t, info.DisableDirectConnections) require.True(t, info.DERPForceWebSockets) } + +func TestReinit(t *testing.T) { + t.Parallel() + + db, ps := dbtestutil.NewDB(t) + pubsubSpy := pubsubReinitSpy{ + Pubsub: ps, + subscribed: make(chan string), + } + client := coderdtest.New(t, &coderdtest.Options{ + Database: db, + Pubsub: &pubsubSpy, + }) + user := coderdtest.CreateFirstUser(t, client) + + r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{ + OrganizationID: user.OrganizationID, + OwnerID: user.UserID, + }).WithAgent().Do() + + pubsubSpy.Mutex.Lock() + pubsubSpy.expectedEvent = agentsdk.PrebuildClaimedChannel(r.Workspace.ID) + pubsubSpy.Mutex.Unlock() + + agentCtx := testutil.Context(t, testutil.WaitShort) + agentClient := agentsdk.New(client.URL) + agentClient.SetSessionToken(r.AgentToken) + + agentReinitializedCh := make(chan *agentsdk.ReinitializationEvent) + go func() { + reinitEvent, err := agentClient.WaitForReinit(agentCtx) + assert.NoError(t, err) + agentReinitializedCh <- reinitEvent + }() + + // We need to subscribe before we publish, lest we miss the event + ctx := testutil.Context(t, testutil.WaitShort) + testutil.TryReceive(ctx, t, pubsubSpy.subscribed) // Wait for the appropriate subscription + + // Now that we're subscribed, publish the event + err := prebuilds.NewPubsubWorkspaceClaimPublisher(ps).PublishWorkspaceClaim(agentsdk.ReinitializationEvent{ + WorkspaceID: r.Workspace.ID, + Reason: agentsdk.ReinitializeReasonPrebuildClaimed, + }) + require.NoError(t, err) + + ctx = testutil.Context(t, testutil.WaitShort) + reinitEvent := testutil.TryReceive(ctx, t, agentReinitializedCh) + require.NotNil(t, reinitEvent) + require.Equal(t, r.Workspace.ID, reinitEvent.WorkspaceID) +} + +type pubsubReinitSpy struct { + pubsub.Pubsub + sync.Mutex + subscribed chan string + expectedEvent string +} + +func (p *pubsubReinitSpy) Subscribe(event string, listener pubsub.Listener) (cancel func(), err error) { + p.Lock() + if p.expectedEvent != "" && event == p.expectedEvent { + close(p.subscribed) + } + p.Unlock() + return p.Pubsub.Subscribe(event, listener) +} diff --git a/coderd/workspaces.go b/coderd/workspaces.go index 2ac432d905ae6..dd3327d444b9e 100644 --- a/coderd/workspaces.go +++ b/coderd/workspaces.go @@ -641,9 +641,9 @@ func createWorkspace( err = api.Database.InTx(func(db database.Store) error { var ( + prebuildsClaimer = *api.PrebuildsClaimer.Load() workspaceID uuid.UUID claimedWorkspace *database.Workspace - prebuildsClaimer = *api.PrebuildsClaimer.Load() ) // If a template preset was chosen, try claim a prebuilt workspace. @@ -717,8 +717,7 @@ func createWorkspace( Reason(database.BuildReasonInitiator). Initiator(initiatorID). ActiveVersion(). - RichParameterValues(req.RichParameterValues). - TemplateVersionPresetID(req.TemplateVersionPresetID) + RichParameterValues(req.RichParameterValues) if req.TemplateVersionID != uuid.Nil { builder = builder.VersionID(req.TemplateVersionID) } @@ -726,7 +725,7 @@ func createWorkspace( builder = builder.TemplateVersionPresetID(req.TemplateVersionPresetID) } if claimedWorkspace != nil { - builder = builder.MarkPrebuildClaimedBy(owner.ID) + builder = builder.MarkPrebuiltWorkspaceClaim() } if req.EnableDynamicParameters && api.Experiments.Enabled(codersdk.ExperimentDynamicParameters) { diff --git a/coderd/wsbuilder/wsbuilder.go b/coderd/wsbuilder/wsbuilder.go index 942829004309c..91638c63e436f 100644 --- a/coderd/wsbuilder/wsbuilder.go +++ b/coderd/wsbuilder/wsbuilder.go @@ -16,6 +16,7 @@ import ( "github.com/coder/coder/v2/coderd/rbac/policy" "github.com/coder/coder/v2/provisioner/terraform/tfparse" "github.com/coder/coder/v2/provisionersdk" + sdkproto "github.com/coder/coder/v2/provisionersdk/proto" "github.com/google/uuid" "github.com/sqlc-dev/pqtype" @@ -76,9 +77,7 @@ type Builder struct { parameterValues *[]string templateVersionPresetParameterValues []database.TemplateVersionPresetParameter - prebuild bool - prebuildClaimedBy uuid.UUID - + prebuiltWorkspaceBuildStage sdkproto.PrebuiltWorkspaceBuildStage verifyNoLegacyParametersOnce bool } @@ -174,15 +173,17 @@ func (b Builder) RichParameterValues(p []codersdk.WorkspaceBuildParameter) Build return b } +// MarkPrebuild indicates that a prebuilt workspace is being built. func (b Builder) MarkPrebuild() Builder { // nolint: revive - b.prebuild = true + b.prebuiltWorkspaceBuildStage = sdkproto.PrebuiltWorkspaceBuildStage_CREATE return b } -func (b Builder) MarkPrebuildClaimedBy(userID uuid.UUID) Builder { +// MarkPrebuiltWorkspaceClaim indicates that a prebuilt workspace is being claimed. +func (b Builder) MarkPrebuiltWorkspaceClaim() Builder { // nolint: revive - b.prebuildClaimedBy = userID + b.prebuiltWorkspaceBuildStage = sdkproto.PrebuiltWorkspaceBuildStage_CLAIM return b } @@ -322,10 +323,9 @@ func (b *Builder) buildTx(authFunc func(action policy.Action, object rbac.Object workspaceBuildID := uuid.New() input, err := json.Marshal(provisionerdserver.WorkspaceProvisionJob{ - WorkspaceBuildID: workspaceBuildID, - LogLevel: b.logLevel, - IsPrebuild: b.prebuild, - PrebuildClaimedByUser: b.prebuildClaimedBy, + WorkspaceBuildID: workspaceBuildID, + LogLevel: b.logLevel, + PrebuiltWorkspaceBuildStage: b.prebuiltWorkspaceBuildStage, }) if err != nil { return nil, nil, nil, BuildError{ diff --git a/codersdk/agentsdk/agentsdk.go b/codersdk/agentsdk/agentsdk.go index 109d14b84d050..167c7e304ca4b 100644 --- a/codersdk/agentsdk/agentsdk.go +++ b/codersdk/agentsdk/agentsdk.go @@ -19,12 +19,15 @@ import ( "tailscale.com/tailcfg" "cdr.dev/slog" + "github.com/coder/retry" + "github.com/coder/websocket" + "github.com/coder/coder/v2/agent/proto" "github.com/coder/coder/v2/apiversion" + "github.com/coder/coder/v2/coderd/httpapi" "github.com/coder/coder/v2/codersdk" drpcsdk "github.com/coder/coder/v2/codersdk/drpc" tailnetproto "github.com/coder/coder/v2/tailnet/proto" - "github.com/coder/websocket" ) // ExternalLogSourceID is the statically-defined ID of a log-source that @@ -686,3 +689,188 @@ func LogsNotifyChannel(agentID uuid.UUID) string { type LogsNotifyMessage struct { CreatedAfter int64 `json:"created_after"` } + +type ReinitializationReason string + +const ( + ReinitializeReasonPrebuildClaimed ReinitializationReason = "prebuild_claimed" +) + +type ReinitializationEvent struct { + WorkspaceID uuid.UUID + Reason ReinitializationReason `json:"reason"` +} + +func PrebuildClaimedChannel(id uuid.UUID) string { + return fmt.Sprintf("prebuild_claimed_%s", id) +} + +// WaitForReinit polls a SSE endpoint, and receives an event back under the following conditions: +// - ping: ignored, keepalive +// - prebuild claimed: a prebuilt workspace is claimed, so the agent must reinitialize. +func (c *Client) WaitForReinit(ctx context.Context) (*ReinitializationEvent, error) { + rpcURL, err := c.SDK.URL.Parse("/api/v2/workspaceagents/me/reinit") + if err != nil { + return nil, xerrors.Errorf("parse url: %w", err) + } + + jar, err := cookiejar.New(nil) + if err != nil { + return nil, xerrors.Errorf("create cookie jar: %w", err) + } + jar.SetCookies(rpcURL, []*http.Cookie{{ + Name: codersdk.SessionTokenCookie, + Value: c.SDK.SessionToken(), + }}) + httpClient := &http.Client{ + Jar: jar, + Transport: c.SDK.HTTPClient.Transport, + } + + req, err := http.NewRequestWithContext(ctx, http.MethodGet, rpcURL.String(), nil) + if err != nil { + return nil, xerrors.Errorf("build request: %w", err) + } + + res, err := httpClient.Do(req) + if err != nil { + return nil, xerrors.Errorf("execute request: %w", err) + } + defer res.Body.Close() + + if res.StatusCode != http.StatusOK { + return nil, codersdk.ReadBodyAsError(res) + } + + reinitEvent, err := NewSSEAgentReinitReceiver(res.Body).Receive(ctx) + if err != nil { + return nil, xerrors.Errorf("listening for reinitialization events: %w", err) + } + return reinitEvent, nil +} + +func WaitForReinitLoop(ctx context.Context, logger slog.Logger, client *Client) <-chan ReinitializationEvent { + reinitEvents := make(chan ReinitializationEvent) + + go func() { + for retrier := retry.New(100*time.Millisecond, 10*time.Second); retrier.Wait(ctx); { + logger.Debug(ctx, "waiting for agent reinitialization instructions") + reinitEvent, err := client.WaitForReinit(ctx) + if err != nil { + logger.Error(ctx, "failed to wait for agent reinitialization instructions", slog.Error(err)) + continue + } + retrier.Reset() + select { + case <-ctx.Done(): + close(reinitEvents) + return + case reinitEvents <- *reinitEvent: + } + } + }() + + return reinitEvents +} + +func NewSSEAgentReinitTransmitter(logger slog.Logger, rw http.ResponseWriter, r *http.Request) *SSEAgentReinitTransmitter { + return &SSEAgentReinitTransmitter{logger: logger, rw: rw, r: r} +} + +type SSEAgentReinitTransmitter struct { + rw http.ResponseWriter + r *http.Request + logger slog.Logger +} + +var ( + ErrTransmissionSourceClosed = xerrors.New("transmission source closed") + ErrTransmissionTargetClosed = xerrors.New("transmission target closed") +) + +// Transmit will read from the given chan and send events for as long as: +// * the chan remains open +// * the context has not been canceled +// * not timed out +// * the connection to the receiver remains open +func (s *SSEAgentReinitTransmitter) Transmit(ctx context.Context, reinitEvents <-chan ReinitializationEvent) error { + select { + case <-ctx.Done(): + return ctx.Err() + default: + } + + sseSendEvent, sseSenderClosed, err := httpapi.ServerSentEventSender(s.rw, s.r) + if err != nil { + return xerrors.Errorf("failed to create sse transmitter: %w", err) + } + + defer func() { + // Block returning until the ServerSentEventSender is closed + // to avoid a race condition where we might write or flush to rw after the handler returns. + <-sseSenderClosed + }() + + for { + select { + case <-ctx.Done(): + return ctx.Err() + case <-sseSenderClosed: + return ErrTransmissionTargetClosed + case reinitEvent, ok := <-reinitEvents: + if !ok { + return ErrTransmissionSourceClosed + } + err := sseSendEvent(codersdk.ServerSentEvent{ + Type: codersdk.ServerSentEventTypeData, + Data: reinitEvent, + }) + if err != nil { + return err + } + } + } +} + +func NewSSEAgentReinitReceiver(r io.ReadCloser) *SSEAgentReinitReceiver { + return &SSEAgentReinitReceiver{r: r} +} + +type SSEAgentReinitReceiver struct { + r io.ReadCloser +} + +func (s *SSEAgentReinitReceiver) Receive(ctx context.Context) (*ReinitializationEvent, error) { + nextEvent := codersdk.ServerSentEventReader(ctx, s.r) + for { + select { + case <-ctx.Done(): + return nil, ctx.Err() + default: + } + + sse, err := nextEvent() + switch { + case err != nil: + return nil, xerrors.Errorf("failed to read server-sent event: %w", err) + case sse.Type == codersdk.ServerSentEventTypeError: + return nil, xerrors.Errorf("unexpected server sent event type error") + case sse.Type == codersdk.ServerSentEventTypePing: + continue + case sse.Type != codersdk.ServerSentEventTypeData: + return nil, xerrors.Errorf("unexpected server sent event type: %s", sse.Type) + } + + // At this point we know that the sent event is of type codersdk.ServerSentEventTypeData + var reinitEvent ReinitializationEvent + b, ok := sse.Data.([]byte) + if !ok { + return nil, xerrors.Errorf("expected data as []byte, got %T", sse.Data) + } + err = json.Unmarshal(b, &reinitEvent) + if err != nil { + return nil, xerrors.Errorf("unmarshal reinit response: %w", err) + } + return &reinitEvent, nil + } +} diff --git a/codersdk/agentsdk/agentsdk_test.go b/codersdk/agentsdk/agentsdk_test.go new file mode 100644 index 0000000000000..8ad2d69be0b98 --- /dev/null +++ b/codersdk/agentsdk/agentsdk_test.go @@ -0,0 +1,122 @@ +package agentsdk_test + +import ( + "context" + "io" + "net/http" + "net/http/httptest" + "testing" + + "github.com/google/uuid" + "github.com/stretchr/testify/require" + + "cdr.dev/slog/sloggers/slogtest" + "github.com/coder/coder/v2/codersdk/agentsdk" + "github.com/coder/coder/v2/testutil" +) + +func TestStreamAgentReinitEvents(t *testing.T) { + t.Parallel() + + t.Run("transmitted events are received", func(t *testing.T) { + t.Parallel() + + eventToSend := agentsdk.ReinitializationEvent{ + WorkspaceID: uuid.New(), + Reason: agentsdk.ReinitializeReasonPrebuildClaimed, + } + + events := make(chan agentsdk.ReinitializationEvent, 1) + events <- eventToSend + + transmitCtx := testutil.Context(t, testutil.WaitShort) + transmitErrCh := make(chan error, 1) + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + transmitter := agentsdk.NewSSEAgentReinitTransmitter(slogtest.Make(t, nil), w, r) + transmitErrCh <- transmitter.Transmit(transmitCtx, events) + })) + defer srv.Close() + + requestCtx := testutil.Context(t, testutil.WaitShort) + req, err := http.NewRequestWithContext(requestCtx, "GET", srv.URL, nil) + require.NoError(t, err) + resp, err := http.DefaultClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + receiveCtx := testutil.Context(t, testutil.WaitShort) + receiver := agentsdk.NewSSEAgentReinitReceiver(resp.Body) + sentEvent, receiveErr := receiver.Receive(receiveCtx) + require.Nil(t, receiveErr) + require.Equal(t, eventToSend, *sentEvent) + }) + + t.Run("doesn't transmit events if the transmitter context is canceled", func(t *testing.T) { + t.Parallel() + + eventToSend := agentsdk.ReinitializationEvent{ + WorkspaceID: uuid.New(), + Reason: agentsdk.ReinitializeReasonPrebuildClaimed, + } + + events := make(chan agentsdk.ReinitializationEvent, 1) + events <- eventToSend + + transmitCtx, cancelTransmit := context.WithCancel(testutil.Context(t, testutil.WaitShort)) + cancelTransmit() + transmitErrCh := make(chan error, 1) + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + transmitter := agentsdk.NewSSEAgentReinitTransmitter(slogtest.Make(t, nil), w, r) + transmitErrCh <- transmitter.Transmit(transmitCtx, events) + })) + + defer srv.Close() + + requestCtx := testutil.Context(t, testutil.WaitShort) + req, err := http.NewRequestWithContext(requestCtx, "GET", srv.URL, nil) + require.NoError(t, err) + resp, err := http.DefaultClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + receiveCtx := testutil.Context(t, testutil.WaitShort) + receiver := agentsdk.NewSSEAgentReinitReceiver(resp.Body) + sentEvent, receiveErr := receiver.Receive(receiveCtx) + require.Nil(t, sentEvent) + require.ErrorIs(t, receiveErr, io.EOF) + }) + + t.Run("does not receive events if the receiver context is canceled", func(t *testing.T) { + t.Parallel() + + eventToSend := agentsdk.ReinitializationEvent{ + WorkspaceID: uuid.New(), + Reason: agentsdk.ReinitializeReasonPrebuildClaimed, + } + + events := make(chan agentsdk.ReinitializationEvent, 1) + events <- eventToSend + + transmitCtx := testutil.Context(t, testutil.WaitShort) + transmitErrCh := make(chan error, 1) + srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + transmitter := agentsdk.NewSSEAgentReinitTransmitter(slogtest.Make(t, nil), w, r) + transmitErrCh <- transmitter.Transmit(transmitCtx, events) + })) + defer srv.Close() + + requestCtx := testutil.Context(t, testutil.WaitShort) + req, err := http.NewRequestWithContext(requestCtx, "GET", srv.URL, nil) + require.NoError(t, err) + resp, err := http.DefaultClient.Do(req) + require.NoError(t, err) + defer resp.Body.Close() + + receiveCtx, cancelReceive := context.WithCancel(context.Background()) + cancelReceive() + receiver := agentsdk.NewSSEAgentReinitReceiver(resp.Body) + sentEvent, receiveErr := receiver.Receive(receiveCtx) + require.Nil(t, sentEvent) + require.ErrorIs(t, receiveErr, context.Canceled) + }) +} diff --git a/codersdk/client.go b/codersdk/client.go index 8ab5a289b2cf5..4492066785d6f 100644 --- a/codersdk/client.go +++ b/codersdk/client.go @@ -631,7 +631,7 @@ func (h *HeaderTransport) RoundTrip(req *http.Request) (*http.Response, error) { } } if h.Transport == nil { - h.Transport = http.DefaultTransport + return http.DefaultTransport.RoundTrip(req) } return h.Transport.RoundTrip(req) } diff --git a/docs/admin/templates/extending-templates/prebuilt-workspaces.md b/docs/admin/templates/extending-templates/prebuilt-workspaces.md new file mode 100644 index 0000000000000..894a2a219a9cf --- /dev/null +++ b/docs/admin/templates/extending-templates/prebuilt-workspaces.md @@ -0,0 +1,209 @@ +# Prebuilt workspaces + +Prebuilt workspaces allow template administrators to improve the developer experience by reducing workspace +creation time with an automatically maintained pool of ready-to-use workspaces for specific parameter presets. + +The template administrator configures a template to provision prebuilt workspaces in the background, and then when a developer creates +a new workspace that matches the preset, Coder assigns them an existing prebuilt instance. +Prebuilt workspaces significantly reduce wait times, especially for templates with complex provisioning or lengthy startup procedures. + +Prebuilt workspaces are: + +- Created and maintained automatically by Coder to match your specified preset configurations. +- Claimed transparently when developers create workspaces. +- Monitored and replaced automatically to maintain your desired pool size. + +## Relationship to workspace presets + +Prebuilt workspaces are tightly integrated with [workspace presets](./parameters.md#workspace-presets-beta): + +1. Each prebuilt workspace is associated with a specific template preset. +1. The preset must define all required parameters needed to build the workspace. +1. The preset parameters define the base configuration and are immutable once a prebuilt workspace is provisioned. +1. Parameters that are not defined in the preset can still be customized by users when they claim a workspace. + +## Prerequisites + +- [**Premium license**](../../licensing/index.md) +- **Compatible Terraform provider**: Use `coder/coder` Terraform provider `>= 2.4.0`. +- **Feature flag**: Enable the `workspace-prebuilds` [experiment](../../../reference/cli/server.md#--experiments). + +## Enable prebuilt workspaces for template presets + +In your template, add a `prebuilds` block within a `coder_workspace_preset` definition to identify the number of prebuilt +instances your Coder deployment should maintain: + + ```hcl + data "coder_workspace_preset" "goland" { + name = "GoLand: Large" + parameters = { + jetbrains_ide = "GO" + cpus = 8 + memory = 16 + } + prebuilds { + instances = 3 # Number of prebuilt workspaces to maintain + } + } + ``` + +After you publish a new template version, Coder will automatically provision and maintain prebuilt workspaces through an +internal reconciliation loop (similar to Kubernetes) to ensure the defined `instances` count are running. + +## Prebuilt workspace lifecycle + +Prebuilt workspaces follow a specific lifecycle from creation through eligibility to claiming. + +1. After you configure a preset with prebuilds and publish the template, Coder provisions the prebuilt workspace(s). + + 1. Coder automatically creates the defined `instances` count of prebuilt workspaces. + 1. Each new prebuilt workspace is initially owned by an unprivileged system pseudo-user named `prebuilds`. + - The `prebuilds` user belongs to the `Everyone` group (you can add it to additional groups if needed). + 1. Each prebuilt workspace receives a randomly generated name for identification. + 1. The workspace is provisioned like a regular workspace; only its ownership distinguishes it as a prebuilt workspace. + +1. Prebuilt workspaces start up and become eligible to be claimed by a developer. + + Before a prebuilt workspace is available to users: + + 1. The workspace is provisioned. + 1. The agent starts up and connects to coderd. + 1. The agent starts its bootstrap procedures and completes its startup scripts. + 1. The agent reports `ready` status. + + After the agent reports `ready`, the prebuilt workspace considered eligible to be claimed. + + Prebuilt workspaces that fail during provisioning are retried with a backoff to prevent transient failures. + +1. When a developer requests a new workspace, the claiming process occurs: + + 1. Developer selects a template and preset that has prebuilt workspaces configured. + 1. If an eligible prebuilt workspace exists, ownership transfers from the `prebuilds` user to the requesting user. + 1. The workspace name changes to the user's requested name. + 1. `terraform apply` is executed using the new ownership details, which may affect the [`coder_workspace`](https://registry.terraform.io/providers/coder/coder/latest/docs/data-sources/workspace) and + [`coder_workspace_owner`](https://registry.terraform.io/providers/coder/coder/latest/docs/data-sources/workspace_owner) + datasources (see [Preventing resource replacement](#preventing-resource-replacement) for further considerations). + + The developer doesn't see the claiming process — the workspace will just be ready faster than usual. + +You can view available prebuilt workspaces in the **Workspaces** view in the Coder dashboard: + +![A prebuilt workspace in the dashboard](../../../images/admin/templates/extend-templates/prebuilt/prebuilt-workspaces.png) +_Note the search term `owner:prebuilds`._ + +### Template updates and the prebuilt workspace lifecycle + +Prebuilt workspaces are not updated after they are provisioned. + +When a template's active version is updated: + +1. Prebuilt workspaces for old versions are automatically deleted. +1. New prebuilt workspaces are created for the active template version. +1. If dependencies change (e.g., an [AMI](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/AMIs.html) update) without a template version change: + - You may delete the existing prebuilt workspaces manually. + - Coder will automatically create new prebuilt workspaces with the updated dependencies. + +The system always maintains the desired number of prebuilt workspaces for the active template version. + +## Administration and troubleshooting + +### Managing resource quotas + +Prebuilt workspaces can be used in conjunction with [resource quotas](../../users/quotas.md). +Because unclaimed prebuilt workspaces are owned by the `prebuilds` user, you can: + +1. Configure quotas for any group that includes this user. +1. Set appropriate limits to balance prebuilt workspace availability with resource constraints. + +If a quota is exceeded, the prebuilt workspace will fail provisioning the same way other workspaces do. + +### Template configuration best practices + +#### Preventing resource replacement + +When a prebuilt workspace is claimed, another `terraform apply` run occurs with new values for the workspace owner and name. + +This can cause issues in the following scenario: + +1. The workspace is initially created with values from the `prebuilds` user and a random name. +1. After claiming, various workspace properties change (ownership, name, and potentially other values), which Terraform sees as configuration drift. +1. If these values are used in immutable fields, Terraform will destroy and recreate the resource, eliminating the benefit of prebuilds. + +For example, when these values are used in immutable fields like the AWS instance `user_data`, you'll see resource replacement during claiming: + +![Resource replacement notification](../../../images/admin/templates/extend-templates/prebuilt/replacement-notification.png) + +To prevent this, add a `lifecycle` block with `ignore_changes`: + +```hcl +resource "docker_container" "workspace" { + lifecycle { + ignore_changes = all + } + + count = data.coder_workspace.me.start_count + name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}" + ... +} +``` + +For more targeted control, specify which attributes to ignore: + +```hcl +resource "docker_container" "workspace" { + lifecycle { + ignore_changes = [name] + } + + count = data.coder_workspace.me.start_count + name = "coder-${data.coder_workspace_owner.me.name}-${lower(data.coder_workspace.me.name)}" + ... +} +``` + +Learn more about `ignore_changes` in the [Terraform documentation](https://developer.hashicorp.com/terraform/language/meta-arguments/lifecycle#ignore_changes). + +_A note on "immutable" attributes: Terraform providers may specify `ForceNew` on their resources' attributes. Any change +to these attributes require the replacement (destruction and recreation) of the managed resource instance, rather than an in-place update. +For example, the [`ami`](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ami-1) attribute on the `aws_instance` resource +has [`ForceNew`](https://github.com/hashicorp/terraform-provider-aws/blob/main/internal/service/ec2/ec2_instance.go#L75-L81) set, +since the AMI cannot be changed in-place._ + +### Current limitations + +The prebuilt workspaces feature has these current limitations: + +- **Organizations** + + Prebuilt workspaces can only be used with the default organization. + + [coder/internal#364](https://github.com/coder/internal/issues/364) + +- **Autoscaling** + + Prebuilt workspaces remain running until claimed. There's no automated mechanism to reduce instances during off-hours. + + [coder/internal#312](https://github.com/coder/internal/issues/312) + +### Monitoring and observability + +#### Available metrics + +Coder provides several metrics to monitor your prebuilt workspaces: + +- `coderd_prebuilt_workspaces_created_total` (counter): Total number of prebuilt workspaces created to meet the desired instance count. +- `coderd_prebuilt_workspaces_failed_total` (counter): Total number of prebuilt workspaces that failed to build. +- `coderd_prebuilt_workspaces_claimed_total` (counter): Total number of prebuilt workspaces claimed by users. +- `coderd_prebuilt_workspaces_desired` (gauge): Target number of prebuilt workspaces that should be available. +- `coderd_prebuilt_workspaces_running` (gauge): Current number of prebuilt workspaces in a `running` state. +- `coderd_prebuilt_workspaces_eligible` (gauge): Current number of prebuilt workspaces eligible to be claimed. + +#### Logs + +Search for `coderd.prebuilds:` in your logs to track the reconciliation loop's behavior. + +These logs provide information about: + +1. Creation and deletion attempts for prebuilt workspaces. +1. Backoff events after failed builds. +1. Claiming operations. diff --git a/docs/images/admin/templates/extend-templates/prebuilt/prebuilt-workspaces.png b/docs/images/admin/templates/extend-templates/prebuilt/prebuilt-workspaces.png new file mode 100644 index 0000000000000000000000000000000000000000..59d11d6ed76226c7d1787f6b9d681c72737581de GIT binary patch literal 41287 zcmeF3Wmr_*8utN35Cat{5l|G7M!G>k5Gj%F2I(9+6+uZQrKGzX2ADyS?#>~lW9S-& zc^A)lJm)!2TRQZK|`V`1S2 zV_{+I;a>vZkeLWQ0Uy-O#Kc}niHY5NWp86*W@(It_4qU7Q;9T=K3Q{;bmNPFWR34L zZx}h7%pKWqulTJqWM5hl+_)--KG~#s>wgDv#{&P3hUSBWI}gTFX_l$qTz~kYW~wJo zE=btL)mu<-x})*J-d;{HxenGsU{lmyejT)u1*J3l{D$yVntby|(ne+Er8Dl%@a6{( zOOTCoDlDXCRFf>?uOG~l5^l#g!p{mvbRWmv*?1(YWH^bFe#6db#Nh4W#{k~aM|0>w)YEjr+l-9TbJt~Wkf+}_yiWhP zoD>&5pJa`S$bPF&cvrJm;q7zyt#mfB$G3XYaIQt*-)y;&5qnbzv)MD0fBBxy1wk*> z3EoRANj|egsuXE;XB^2oh779S8c}z292^)HZGA4(BP-F|1V^i)K@$fpIaXEKVm%zT z_2|p*?&=o`*G2dNTdNqWNtwvXVljYYd@Sq$Gpvi?2pjyp1O8%RT?qHb!UO-`0)NGm zaeke}4NkuB>lj-PoWpvmC?+KZ{#P`#H#W9*cw^&;!&R;diW)IfQgc+3mEkwEv0~9T zvN14baj~*JzXeOsg&!PR89VCVbFs3tcHnmrqWSF#esFyLH7m`%-!5^q5Ta3&eRWUF z#@_fIHwzmJ8;vl*y?gfr?Tt+MUyDopemnRiMDxbc(UzZ;)!EsZ#hHV}#@>|m2_GLH zD;qm2J3BMDg4w~<+EL$y+1la3zY6(Pj<~Udp}m={qnVBMz4LPQ4QwEeLNqkz75)3q zzuIZ+V)mb!tQ~&;S>Ok|9)t~1doIYSh27~v82SGD!E{|e<&OaN5{wKi2%;u)cadod`R!i@FO{|x>&9peA7n>~Je;lFJB ztA=CkWXRg^Fw9fZqBr@emo9O%$a7qip08Fm^+PR}uHA`DmHv{@#GnLqjO}WRy{-5Z z3;W^?(Lep8*FvC_r_yzH2p1?Y8^{!JYVIs(APA-wnc9S7bTsQ+>@@D&V3X_UYJYkE zSH=GsFt}nf$4l-vnOMl;`7?%JKb>bRJd%IOtXN9of2X-E+=%}_m;UESKuOg2aVyhQ z%FoVqUF;3#aZG>7O*Xlff_DDDt3p(iE65Cgoype`fx#z3<_iTL)BLq1_?8h^Jk=AA zge9gV{&l6zeCW63|J3?lN1{-C@S|dw+uZ(XZkTv1+TcQgO-}hYHaj=r3sNw5td!EK z6aLkvznNH%0yofd{z!_l-f3gpshvJ+RM*?8m{eyuYNI@iH?@Sz+QSctS&X+C&sENw zyRMn1!Yr^qsAx5i8FH{**3(4!D3(&ddDD_sI=cJ}jhg5Y!6bA_aWMZ=b+uR0l^R^; zo8bkTRkf!t2`TvpNm#UQlO{{YungxaGfvyIg*S1(>7A)=tgxCGwuY`q#Ir91QQl&M zotv zv-j+>bh%Xf5r%{@-Do(R(~+wF=RYt1V7!8PS>n=+dn-L zIo*1PK3+;vZw?xH+VP-P1fyjka>_Q%s#-T|P>WkN?S<;9ZPDx=wF@L+UaeBDv0t#9 zs&mb>BQgUIsSFJ4(e@}tbRD%3a2{Yjn8MiX#4rA#{IvI~mhJ#%J&6 zjqVn((M*#FF~AE$om5U(m&J0Jj*gZX=G!l{$NG;s^avF=BYCuY-F&a8g_iZDN!HFR zKbw|Cr^e&_)QGw9aC=P6=j|* z93Rbxot}bO(l|``wW)f|%C+c?A7>k%KPx2MB->yt?9fsz!9& zhgL_5mN?8MgUR$kZ`j7}VJxca|LU=Gnfk-EMoE#?{0N*{yt}qOJug%iOG`r?ETH6H z-)82ipsh`lJVU#_3JI_W;xvFU*FXJ3J{F3EV|?omr%;t%Xg6SLrMC|%>2ILm7<7-k z^L%s2K^tAtXn%%ufy?%s)0lD0xESI72g)Y6$|2oXm+vt~UxeI4>rtDv!g~2D+KzqC zrzD;(jFPNn9*0m04EG>&^9oD9y~9%XKh%5RCLcNvrc|BiVfbZ$=q<#_f^Y-z4g<5A^S%4=iq9{xIc^^ej9T)3zAd6japy8OM6>g9X|?9 zDft~8*F2I5UodWY%)TczAuoC!L?Zn7^l;jHf;L8L4#5IHB@kFj;C7n(NOvr1-4V@< zfEo{aUFQf|$~>;H_N=6IH6o(M7v5^Pu+dCmb2aU#XTOQ9}0JbkAFsJh0jWPsVjZwD94;Gv6GUT zZ$uD)2Dl{MCO>&Esr`Ps!h%#_vzkOWMGgUJs*T=VPK!U;be`OXx9-S&Vf)4^2KTb5 zAseJ*@$dhkTSG-@qc|2M?CCZ^Zkn*TN$2z-(d)#FTd%=~O&XK^Q;JqGm&QlXG0NTX z<3K_JhwS43(jKA1{0+GG1I2JNCs{OSuz!Xz>!(!gc?GYJ@l=q=q7DiYkwI1}E`~Hr zzIxgEQj+%pm*?6@5%s0Av`LrT{k&k6p-0yXz*?@7t3*%1@0jgAAV}^imWSb)_AmrP zKaqNG+@khmoJGHGE1SoM-Oq51HsGuzEJnvI2lc9EVx)=haMH={T?d%V4%6z7O>7i1 zZQr;JIBt4;Bs3B^7@bdX$ZWYU=3h;Ddfe&)4L0cf@?^7do=RkLNYxbP_sqt`lT63< z8!op|t9xu_#vP$Xf6uvEO8eIPu_p^Z!BmK&h+%~tv3KC*3%?j-ag6Plee~XqS(3Rb zT9>?U1nOh^CRg3#$4$wjm?GGT#_~G#LSaM6+kGNB+4e!!EYkaiyinm1oW}bTylK&P z5Rs3|`u1^;(0_4Q?|EN&yty-?OW|>Ydn)cRciPM<3JFJcm^1iuyy?A1eKfcQUFzRi z=Xw* zwK;e5GM#69@s4K9V^~IxL@m)L*E~KdF?Vo{Xl-n^RZJ05Z({al-Vv&8j6?EGy7D1k zkhMr1?+o`^r;StM;Xv9I9RmjK@e)JHn7gjwwL6|Keuy8U`q}qZhdQPsUfR(PiNm&= zDLjr9x~jb~XRzS4DR)&{)o|UFj>IWX=c*T?8eC~b)pH_+57#e}E}5@L_pYvD@TjV% zS)HxBy^=4UJ=RGduGwv}d)G`rl9!}GHVmJUC-IHEO2%lRYAV|v&A3+j_ArRav6YvK z%iJ+t6Q4?QmBqk*d%cAaJ+@h#u z&62f#uauA`Pi2S7ef_f;8Lo8zA@%2+c%AHr&r1wyPd4|pn(ZAsx~%%s+h88e1M(u2 zSzI?6m*!K*rn5$&wti1p2Ojw!VOYVA( z0SB1k%X2W%=0lFoh>9x0%QR~9`ir*Ex0g)Wks7F2j9EjDux zFeZ0Yw=<^d-D@>k4{P0h5K9*}2-Na&f^(vm-jll3(5L(Fyy?RkuN^iTx1WXLErb77#mg=(S`KAeO{y?)d6YrF&Sq-h!#4<23& z0f81~8LPCJRxKf3PXfb?eEY+HT3_t_x*jg~kdlh1sRnQ+f4<(}5sx<9Tkbn^eJqyJ zP|9+7wA?Nt4=+MtUhRTk@=sRysR2~X$cZ_!xL0DTvg8v3jiNClo@yoo2sD;6gjN0)Go<5XfCO!Zihv!Q33_fL4QZ zuJr5EmT6?J+x{Kl%(R^>#^_DZEXH9@JLtV)Tkuq~Ls`mpKJ}txZ0-&>mIhdtn-qAtNC1^0gl}M82e#fRtr! zQL(jY>1-$QtJ|s+HRfb*K>jppj)CqD;&uSz>-6HD$Dx~4Ujr6;y7{igEF0qAu{gTH zJM8eb>Gg|zD=Au8%Ogte!EA-3V^=OG9{z!Ds?}bG4o+x}O6R(IS;5oBOTrv#88`Nt zkG|KJIHuL~E_TJQC2a!d^{lh=WS@Lr`x$0Stw2NKhTZ05@T}Njo#1Lna{Tf>g#NJI z-0OHD<}_p>l8>^e%N~2uL3@J?x0d)w1?w=uq5B}?mXe?Qh;|TkZq}0{B$p?*d&V!E zB-RZ|%4I&dmH6Fl?R{X9GjgiSR2>fHt<9_Bue{5IhQj+62%%3CtzEL1)_cDn)zrM7 zZ8Rj4@5qW@T^LTSit<y_Q6@~Y12(6YAVve=xDU?%BE|-&*?$N~4ptZp*_+D=Hosicfgp$mhcKEd(*6 z;;G!_cOQ8rA4ShZ+~C|?FAW~TCvo@p!~B>wB%<;}U8}a8rSTr%A1bz*F`wi%vrkVN zTkcCM?Q|T3BRD%hOPWlwF&jM&@C7}VN4Hzlrhj>Tq*p}HT*ti6#;=#PujM)={|U|v zskUQDk$%3ODNhVnf~KNS459E*!)EpTb={Ul5Dy-vW&6w2MI+p@e~K4)njb5`jvvjx zzFg0X-W%|&`YPlOm1ZeCz#gOaI{JneG?eCX+_@h*#H_$`jRKJ=hi->6Db)FS9wMA; z&Uy;v%GhD31J4fDB6AdzT5$tzuQP-?H8IUJW_~v~u8GKFhL7J}4HB4UL7bQLc7Q?Q zso0+~m{`7VAK11~I-fx6`cyL*xANk?3%LotLBa$Y@ce;ea?6=IE5ZYzyYjd<>Ajk_%>!9Idzk%%=xWjSOTiTc<5ENA^CLyN z(;LO`>fljznC4y*+vIEjj}v)mz_Cu>eo$laeS8lDWaPbEELE65;rkVtfT?s407Ejp zTwP0?HZ(-4*#pEr+YbHUTg&fkYLPbeGY}j(`O(lq?LBFF$wJQe!(%vo)k=#&90qBozYL6`~+J}yYwKuMgIDpcbBqi=s2rz}t zNdUiPz2h~oGf!1#4_{2$14uBD-SvSvyB7T04BF7n=#vWqCSNc2Ja1~8cA1C7L}Loz zz7sy!7uEwA3p?3iI7JM;$%&f#DoSF{$Er$b@7=!Yg+U+Y8?}XRUbBtKkqCPEBpXb- zy;-QdOI^U--gwC~Ng3Poo>WIKOz7atHEQ9>tR+deAA)@gm-u%bzh9<1>A3vN29fxB z;htmk>JK7$`!$Z1!~TF4(!w`xQ4GqH@q2u=yWPy{tr;()?5QuZ9;GgTSSl_r%OQd~ zOQk?#lSx^kK{ew6SWI+8HYJ?X1S-JdQhV=>F6NsfYNJZh`eL@1Jd|P`A_z~*x%)hZ zMf-tpJJf5Zjn1<{sS#vkrj^!s%M&IYGuJk%P^kE&w%uV(n`>z`gyTUQpCzfdaeE<# z-`gTY!uAI6>@a6&nYFa|IWwWbazt|o#aa(rqW2jtx8rheD=(M1l5-5t)dSNJmfCf8 zu!!-@JuP4|;KB_U`aTAA;eqd7*uwiuZvXXbQSx+wRIAbAsV2zqarHpx7hSns zwJPgG)}R!WFl`xqVWvx@bt!3F;S6$o|4z~k*EZUilW<}vp|WLZih&YzB$_>)7};J} zpjFdvO2NoYT9gs)P`3~?Vue8y!RdADwiQb>U*ZKrILd3Ly^&?c@1482w6)kc9z5VA zQN*onR40$JZ!I)>+7aENuB%F@MqcfGx*Y(2^0hR^VmN<=j?Z>RwDxp|k$q?zG3-+^ z^;pdR>cPIg63#Q88jxVFNSekaO|aqT$jEf-Bzh!c8$+gaP~oO5sEq&-o<*6d>7*cCc)lPwO zkRJ}nQm0Cje&t88XiVM;A$www4uSo=rE92WDyvapzVNPzK<3*Zu}H`( zf;Ag!POn^;h31QmwSn0G;rm5MGr6e|x#avpMvnOVGw=;g)5W0O)RyAEctEdiTy#|S z2By_E>qT7ozFHcJAxL-h-#(ap`7%+}$;?=lO^Y15yVP?Cc~iM0=n!AI+V}WV9<)*8 ztBdc%^3{1D1)!uDh}6~l-4b|gzS8%8)f_+wDxW>|?FaeCrbN{`Gx6G$N1g=2jMa&n z1EoXR3XMYtV-x3@0+DH#HBte}Ax;(gz~f!gBg?hXvpR{tuHuZM{&wFG2RWsSD_``r z^e!~#lqxPj_~vkfclodROaA!=?2G+ReSGZrEt^j3udk4?$*qLnK6ZE3U-`=d@vl35 zPiaLPc)hJyqe=cU?*El#8nwoGUO5pNyXACqwA?I$S+lZpxJVbSo!KM)_hlx}5Zqwv zHl6UA{rrnY!`Y<~%FM6rAaZ@H`$2$Ueh zF9JEqXuc&(K8e^sb|=K=Kw!grWt4yvxW(@Lg=A}ff0XTh?^d7AaHc(WD~9rG!hoJ8 zgjS8_lDUkH8wBJ69WVnyUNXs-lBT{|={M%4b5E5a{JY=lOG)1gg;-cj!_v6k^y*1= zN4pZ=!yaN%ArExyV!9q5?qm09=ASI}cm`*Xjb%mvD=+MCns=@ZUj*Xp)3<*O{{Cg! zWS=WH{&)ZX?DxO^^S|-)w`9%#=8ym1^QSM(tW>U$O7^QZ2IX86z`(q$cy8$WOAPXj zyrl;BN-WT*=#OUB1T@20$xuf#vZx@_@W%#IGTIG<;guf8{RMGEr~{RfC;iuN=uJ;y zw{{w2;TPK=Z#$VlFI=pIfUknSM5_N5axJFI&`S}~>(u!T6>9gKouO=;dw0_cbm|$T z6iwJmaAf1DOu;%CywPd#`#Rccic`Cx(%&94J;0!nZ@{Q>YI%jEvuoha7K%|`>uMd* z#r8=0wL>IOL&xh}r{mNRl zu7iz9zvZNtp!A$_F12VQf?^vw#R#*Ea8aFu4JD0D@fg|+oaS8heD>R%|Mon53rJt} zx&Sd$ZdvEX>DjoOY4ao>4!=&XSG=a-bhqq>vz$i_utalBzXhpiER<8}!&tf8%MYP8 zS>yI}rGn?w(6!BM^@LUvL$Y6m-ZRBU`xK~^n0H^Oft{YUM}5G4EhE};<>Mq-yr)1D z_uZg~JWy1j_|;GHxT96OEB=Nh4#Y1Ur@JA~=y^q7;sz`B20VZE%e~ymXt047*jDIt zEOZ!~ru@;H(_6ZHgKf(7pp*QUO9MPc@3WfWKvLEcL}riQA1?-334F4wB`4#8U%mF% zO~3nhzJkCD>EI%f&crpjSTxwCI9;PLf)5VrCI~< z1QpuO%yGs;V6a#N&#rhtPM~Xldg#*iyKibYD&vQ8E5f>x;0?ot+VRGB`G2z5f`owP z#yE<!h=P)rL5510`9w!Rjn7E6VF-}#v8%>8e*hr*nOHhcwq7n9YO{0FoPz*hr!Fx<5tXVGp6; z43@}b3ebXdRdZf9K^<2NKyFU9Pc~X32+~BXEsH&W&1X7c zRW5!_z#lA|*$Qd0PiK}f=V=$}br8MVn!b=b=WPlB*alg1Qk}ez zQ2pTcOeg^XW8TqXeCe&PHHq%l z6OQW4!xyln7h#BccOHwWy63Rh^~CI>)D!*2U-_d8SsK&pA8{?Pwu^Bo>xY1Py!1-S$ogfh!7RZnN$rY4O( zX}L?Za=6pMI&pdT#(qzyVKk>BI{>=Q4R=^2KO(pzTjJQW zE*W%#vKjQZWim7TMc0N+Co*Dm;_h5&e0@IfaFz7dN9|bjJS;MkOWroEW_qpkf`PyJ z(mT-{q`Ff)Pq$l!D>sHgZl~XSv6K8WqtQhx#uh4v0>zFqe#fzEb&W$Zm%3O*z$z(O{CD4+@Rx@P0whDQ}SC7XTEZhN^ z`&n4KxtG*q*b-WyD91+|Yz^iSz;qt`q(!zvG8wo`O z(*jT^AbyYSk6=c=0)$Dk{7njGYXCdzZSgD~09_%cl_Pj*(eikOC;h#Ip}ljml4$!l zXEIehgs#`|dy&V(F^as^ue=MU?OLqbUiZbM!R~$MUkzeD6}>WWC9L$dN_}R*g-_jy z0s%UoC8Nqd#madFQ*ty%-Tj!9LQU>V_gh9m{o?I>Kx$HbPPW4*$%{Y95VIIseK-`a&BSC@wL`#*VHg_B7!yG6T2hs0A#sD54Ls`Da1lc?YG2N|a7dTr z(SJ_To|7IzyPX5V*$15*J#j3D02K~4v$!-4hnU%cfj?PHI3CAkG3h>wIkl4(luh*L zQ^qC`b_59B!DD!U0C)R~WY@)5Q<}6lvBZ4_xWriuDn?0m4b5=)ozZrmha3H z9c-*uX~?xSoFkb6p&CCWRhs8M+9| zD9Y+U(@L89V1t>Yq$dzM{SYi2xgsSawazxAgl;XmkW|q(`033-SLhp$Qv%$MJmHdI z0qX#7I#Av5k8meQUEHJUwO=l)1CzS8)Q5U)k6B`jfb{MVN|u=)mT{-?q@L)EkV^0e zA?cJmfOxh(ehxI#26NA*pN=<18<8UB4n~`lT^Ji{7cyGY+73A~p;c#Gijv*`62|w2 z(ovUy%TxE9$-d@XcCJZCgxpz>v;As(4m%=~2A2G&^#o3(syy8VZZsttH5YAE*Y7yD zJP76eo~b#h((c zar6jw5E6SCneKI%{GjYrSO38vlmcxkk^T151z{M_v03r9k)d&Gt1+xvCLlmdbl>Rk zT}9XxtfaYXrZP#hUNQ+Y!dlY@5xrqYFQXW0G;AfoT0=JBjX`VsJ1~2jNMBg5Kh$xW z58*kEz&gRU1qUZg>5bPr@Cg|2olH9PK=T7oXpBQQUrW+$-qq~P1K@>?ZPvy>bg!GL zB?;FT7`E&ppk2G_i$L;RwoX3^ni%mvqV77`0+=pJME8c*N`J=i&`_h-ZWqr+dW6Op z6tXraM_1))al9|4D^d*kR54*qiwM}DR7rJ_uN|iRnQMj)Bxc+M%%?`Qt!Tl5ZY{Ur z^i_0YT4u)n#uVBbwLhYZ7&}`##Xj`AOmuqhq``XxcQeWBgk04@hAS`ZP&Yc@uKnYf zjEmw_z#sO#i2F=WO})u{*rJ$N|oKsAg}B%o@i8P;$W!Y&W9J_%3v`}0`8|RAG&SDL9hzx z?})H**daiVR=pD+Zh4?xCz|98=3^&S2P31kZs4o8+=yh$>@lnut?ng~7o5EXgOyxi zt!tfTlS9FT1H@9}VMO+BgnqQ@C37P$&`6}V!8kCh33xOg!Z_aR?`8Xx%-uBCAff$1 z-wo+tCWi~`Q^z=j zPZ|aEf4(Q`K=^v9b)cBw$+F?+Y3~zD&`pCcHY5nsac&;GS*f(KAxv`_keTq=KG|P; zfQPfKBG_krqL6+sJ#LeLTm$H}=er4JGivK*YF`wqQJxcPweRR{3SKy+cSlr-J9Hyhr!amCwb1z_R)j8lc$wM;QL85!p( zotqV8b+7BnCYnQkK8v}MOCO<%mzzS%Zlk@K1yPM9t^jN07{(U9TUhJCt@K4jhkF0% zIZIQkw@3SVA)e16v&Z0iMU&&FWY$ZR!Hh0vVAshQ(BEz`bu)4|J^-$#8Oy6eExv)F zr=BN!AzCCNL!Nj#Kd*&C$6y3MbLm9|joWX-lL9W&?oi>=!MNmjFH9-{B zGuj=u-Nj%+pWdf7KOV`3?!-_mhop?_w?E=v%O7T`KD8oanr&I8p3J$yH2jwFo!Zmc zWr|7qGG0!|^muX!tQGk0A#C)RqcPL8$=I4Jrw-b~$)Y8~#efD}y-@Z*A~<;PyZP|C z8V^#QJw(L)Afa^)xS*(|`+6Q)9rO7H8G(gLZB(E2_ht(Tk-adCm$l0(bwvnQ&uAuL zL+{?V(~!I?jt$r-Nu1J>0V$&?faFzq| z_2}yAmWKMHByZs+iI9^{yug4O>0k(spZ|H7{K?sOnf>-1cj-*KGgc`(ph&uW0{BC< zW$g7>Ta8Lf@?)yb!3RC81jcv3>NaItp#?APm<-Y0N4L6hJ# z^Xv6tKo)?DJ<;|CDgRH-F1D*-A20u)N;ac-j#+$R$spjJy-{yN=T>+BV=*gT?#|&f zIr*W!OMPhJ19Iq^f@(kg%Ck0>+$VXAtC3RC+E?})9NfZIT$qfCwH>;KHW}a)>i}4G zfYaj{@r-%&C3*^+nY6Dx*#g+|>;+p|>CMHm+sg3}fPJ$>ICP-j&h^k&TG+!W`XTTT z<)FhjPl2z2$J4hlmM3)fIC5h2QVPt_(DS}XcVS=Tz(L@|Suz!g9mPVx?Btf>zL(Z+ zr{iv=s(N@-*s83uT9g+L*)M*n^ca>J!3Y9g)4gmyVZtQT+OToHJDCgO1fs&8`?U;e zTGi=_PQc$C9d2vN|Gsb&)Y&H_hMjLj5fA@ROYK>-pPxs7e7~V52ziS+|Mhs z>60yL#EWG2BYr#-_7Qj}D6CAK^POsi{_=dfjm&QDX8e8Boqg1$`kHI6AEOCnD`pmZ zlBjhaon{j@EN717hL9D}@*_vh%(Ww#Q#C@jHNIHadG#U6wMsuE!q{J>#&@42xh|4# zu47hUkpZQjAUhAV4k(0}dVb54&0P`43lcLUxE9OubiUGR;)pnm1zRP5v~W`|9S%o| zR`)-G$qg66YdXe;?r>Yq6jAl>0&dLSK%)rqDJ}oSkmk_SSo2~A3yBKtD8b}|)x4sb zX$Fy_r4z~&WNQNZU57Z6YTwc%GVfcr@bTWf4Jt#zdq4c`of6+Vz6PPV+}epB>t2(3aX^AukUuaId6Vdc!opG|2pNO z@WbnSHljn6!7Pe5g>t~2N0b{kf7&kCnF$TQ*yXtj>&FZf&=2q$Q3OD)#5QRXaSr44 zf)y7*dkycC@T%RfcL5mZ7CE)v$CLE>VlI4wH5h_XqWTFoxo*d(FE?sH#`f-$AzN(K zV9SzS^4~lV%jfKA*j^xMdFWo}?8j9)3|J$)@IA?L{f8%POe3>DP%`(q=J}VjzxMN~ zv@Xt~Mu1%bdl6SFD!=bR96pQ3l?LoLWyCp0(0Ol4DhSac>@+K?#0Fw~%zv)HyWg&M z7xQO-BL7!T>xr*nC?CIc*W3->?&X+K$Jcg`J>_%!Mk3^e7hZCObd`VbL|l76QO-v< zaHy7vUFw>`?+$&vw9`>!tLlp0^pYg59GFDYJRA7d2@*NW@@&p4{X^bKLwTyxm`krj z)#$<@$7dk2Fm;}^%R+h~>kp57#()9m%uz+xA_4^$xw~3@1luA+d9ynQUeL2|9gJ30 zn3tJ$9neyrbFJR=yTf;F9zIL&$cCid$F+o9FxGyWW&fr`mPhpUcONgCwREYC@d_=c z@ru|>@e9$%=h!W|IS0a~b#lt^q$?X5eF5+K-XX2RjWhr+nn5z|pqw(bf7lCL8Wv8^ zL}j(IL@M>6Er9PqsteFCo+w zEc0s=7GCCo0v;eGb|#cn{Z@F5IKJOA+(26MhnL9n9%Z_2$k2yE;l82KlSBx5pM07g z(A$S%QqU(3$@l7$v$@3BE0rLUwEtMzHM_g%Z>49+~+xpXIfrQ zT0MSKo8zzPB#U<=H~ua~!Vskxaj){H3im_nGjU(@YU7bxu~pr2tJl*{u#0Zp4HMic z#(b^-sU8va0}O{4jD1#gs#8BzEU6wwmzb}eD*+2VpB=b^Mq5^ zU5=YyKUEJp#rT_M;`;+vj&DH;<4PgmFZ^zZRfLD~lyUR~xaY>|Az<(1F>;5an^#C0 zp1{BST4IQrMazZMy&o|ky6dvO-9nSLJhRl!ShO=Re62x=KL<4DGeyVpLyLHBE6+<^ z?#OF)T)U5sC~R}Az3TvdlrX{hfMZF@_vR=Ss&b3U3BIrwf4<{cWk5TsnyZE4qvb{8 z(KXoJBoFpZ+(3iXZpl)B>t1b}q- z$0}>3TnfK6iMerPA?zfVX>6$kg*Z5~)`KHH3K)l*)C(P0;l7-x6dD;mEolb3HRM*v zbX0lit|p1=n!Ax@(?-b%b!A@5asibk;68yL1?ioh1&bn&Kt4? zXtmA4O1CD$GceMt$G;DtrNk-cft)ZFwc1{-ulq%3{ZMh4ib^>~2e|+gfkE#8kg{lu zGN|XZj}j$gsco4QrYofg+Z51A{tbFT9*s3884hH&)Z9}Wjw{{{n1X2sfvwzxq6UPI zfm8_M^aG2Bo+4EluV!RTEh7u=YB$nWZ99o$C>QE0DuSbik}2w=SaqioFKaHoOK*pL zuqKFH_2=hLR#M!U2id;bnHAhvb6T%ML={XYPB?kUk-jyYHmJaLm*lgIk#@Hm*o-S- zeze@31cK(>4C>otDwMNee`8}JO#U}HXrrL9}y`7 zQDX|%Mb$JHPA*WVvo`vCfqt)+r`C{^_W5I!$ceL_9P&w`Oh5m7rbUP7 zQrpjV5A^w}dAeptm$DSJOLtgJozV2P1;2`;aT>2dzX_xiKB=&#$)-LV8-gfhR#m>g zes2#~>Nj%!g{QALY>kNg(f&vzEz=vEkLy(*uSRrR_hHXF>hw5jR{drGDIU^cI?R=a zrPGhtWxT?BLxhX!c3##leRY>zPzn_~P^+EwUn?-}`MQZ|JT_BS8@_w7-wJ*$54r%| z?R_tK5h$=RZtJZitN66+JvW#_DOC`=cbJAb?c<%TO`kZl!veLNM@QOkx8=}Z&}$2) z<-7Jwj}<$L>PZ_;vOZ>&0{M0POH?gQy>)qZn^qNdMv!N?Ja>I6PYAK$Pm8 zd$|}W=Op^B;j}NAviHIO~ z8)dPUNbazNzwGi9Wn~@WDZq38Br6VR>A6-nqv_Ov^nd<}mz+nRmVsp7k=VL({sxlc zoeY)oHwt;LGu&u8y4n6?uqQYKB&77Oe~>VJp%|b$llJm%a!#=@Cs^iv+Hz&w#=&BJ zqULg+NYusADn&DkVx~3#N62M98hAj=U{3k4WM{-xydUtYfCOw6EE358IMfz5j*H4aNZ z&GwJbQFJVqrY_?^f0jvvjH{Fy(Z};3H7Ba=44+AVgC*V|y09UR4TS0sJ^59DAvkba zFrE`o(6cz)NUUzv${2`d1U~o>fn`eT+Y4X z0+bU&z8Fo%r&8>Bagwk4|G*MpUks=F^qMO;qDljxnExI~|9y0?=)Au(G;jUqnf%w0 zXdLL4as$^o%>S}g^7p|67)`wd)hB<);{MjKekCvn;;hwFuKah+zu1Z!t$A43^L2qw z{%xOM!{_&ge98n(9B^zb)%dTL{Tj>Q9W*+Cs#sDEp8X?g@$cfn_~txsVkSlO(7%C> zKbdTY0Z)P2@xr=ac+;hJS9ODwuIxi49%;$;`6n;Kz!;amAl%{`Jwf z?wlIVBl|72_jkY3?7WGxJWP522!1F7JL@!&QT>CNUnqhmnnCr||LJW(|LY3p9LxW` zE1Yk%x(~_0B?{8`y<7?9@|xnEA6EhRep zCPGv+^R#OV&*2$$e>3p57+IhM_sj!O!e|9vFOXpSy$#5k?-ge4c=d2- zxLmt-*9t_M2Mrex>qYRhQm`FLvn4dqa-n_NvMv0%fTbPC>O7e!))(tv$`ajFR@F9k zSn94|H*Pl)K!csj9e^uQjOX6SvkYh}Yzd(D(gUx7DPq=!4(5WlognmToNPvIz1N1; z&K2jU(fXPd=EgR4+fV?Duu6;Y{|R&Y{iEpF?H4sZc7SoSYVfIA?-3bs>x<>cns`U( zR0X6JMjEYZ+nY)1|EImT46Cy1+D4UD1QbM+R-`1QJCu-GlypjWcZY%sg3=Ar-JL2* zcPwJj-5?E%*mI%J^WOLKc>mqU-rx87g9C7J%`4_L=NRWW&vU33X(I#MvQG^M&~>Y0 zLC?!?Z!lp%pfOt-hEooxP-79ac$R0!Pcv}|Ms&R6v4}^fmwJ0K?6loCy8&^IjYz;F zo9rlkh_Qpi#!1(M(mHjPOt(*wf-h3kLhTaaMv|z;KRYZxjQ(9W^@;b~N2vf{e{I zS`-Rh2ZW=l?Z$Y0fL3ipJ*YNDM7mpza8e?Ew}=mf>`xS%c2b|cdGFLtsiNMSbTroT z!CM1(Nlors6?>ge+3cM_aiAHU2p1o+v8w5w(v2u_WHX`&+Oj%;`A%R995ZuvyEj`r z3Iz(d_ruvGp$(^IOoD=jnRJ*n7GtH1#pewTdyp2d$P#|%D!>jpu{b~!I>dtSFGW9; zmfqvKI967!)a2GEbtxgL3hhl-zFe{Vyvc1kP~9eweoaCg=Xpsb zi;%5^)f!2?yR-^JmYs2pZ~^#`lkd?$p1wLE;Q2M15fOVGe-dbe zw-7OjLTIv+5f((VeoZpx?P#c3?3R%n{Q@cUrVN3%hS>_9V{>-_{|=`0NjQG==6L~` zvSZ%x-4)Bh$_BEd*etRt9dE5ymN2LN^L^va%KJ02#Kf)!idC|t>u@@n!UH)WO<(iG zmFk^uQfD_Xv26N9qiedhlQ)2P%7&V8srJMvWPcBD2Ir64D6c&EB1^E~`94K!$yj0i zt~yu(G5~WR8rXMXBu^40+zp1G?Y+A&MC6jdjR(Fg8nk5wW?31Sjcw?QECEag4C)Cp znR{<~BluTRo_iXjGG##$=gRy*s%?f~HTL=_6|-q8Vol=+c4ZI3;oEt@J7bF(HImcv zv=y7byoCR3$1_t}i5*oma*VKu)+SLyQ3!BvqN|10o&lO$>|&*M$)J=0X|9xJrnDNM zEoEuS?OBsCPucf2NIw_?y1N}i;Rs)%s8{AopBLqrm7yIw1xk4#GD&=2o1pvq>et;2 z14jyAj`d25nkKS(&8-p`4m-HE zM~bR&R?NmCe!7po`k>`>9OxCBkRA?JmnnC*r@X841+BtXv+ zuVZcW@e`)$2PyyP}_soXJM@H5@^caM6edkxJwCLo+zkdNUEQw-ls8h;U zZHMNo;oShjwl|o|;-R(Oz4jVK1+l`59ZD0YJx5>Xm@j}WOU;*6=m;P7;5)Cgtvc(5 zidtHm{9SSoWgo(x!-N(Yhj7)BZht(YID=>D{piRfdI*VSX-BVmE@-KNFsX72C$X2t zByeDgqm|M!Bv0*3pn<8t6lAVzqLzRqU=F#z_C!ZM`g1=0q6=&eKtiWJ)hz|e1p%F6 z)(ah}30s!{A(CKZ_2g7!*6w80Z(*z3AIRHC4~OjS0RrDNJK>*~rHI>zeM(N=>1WJS zip`Q%x8vGx9dlR=JQS=HuQ(~{%3OZps#(3Pde!Wf{2-Tp5>&i~y>u!%B89W95MBWt z99;*7*Iynf7d_u$>7qWh-COcb)e#F*!hd_QoGcT2O3TU_%TRSN9_RWac?nJN$be&5 zMA@mpYDWdoS#{{t9tvJ-QwrM`(xhpBdbZAZuO zX}Mq?aAAuBTtIg#Qg#n!joAMGp?Ci^rce+i&yZBuXoPPS3RswX1GB&N5myRB!zX19 zRg;wl_l*Oy^5uuAl;xO$i*CJ){3y3n5{DF%tC2sGl9`u3t{-B$)k3#z4T+j8FI#VP zSPgB|E;L&*6EMr|jPHtSb6a%uQr`k>7Gpx0uPTnRM&a!pkxeJ3-=3VOWU}Coqm3&+ zByu;8Ha-ou&X?U*+04zmShs$e?bh|#bh^KLW4}qQY<}Xy3X5cTc2j9jn#P-(k&o0C zas$u0ITa^AY@MD8JEYYHSB_1mFglSbGJDLo$TSx2rix;EaN|rKGqXkJVNi4LpLH?` z9$h-lJ>$eD=H6A*A>h5$OY!FwPl`N)C0M0Md$WUJs1ooMCykAtR6~nry#O!pIoW78 z)@rCA^!VC>X;$K5%k*$`iOKMqgN`Cca31cBC+y75R$@B}*QJJwl)k9M=DJz}3&#qu z;i(2<6PyfSb~s?MNAB?ytjyvYOzMa7duEA1>D(qnlIZGcJx+F~p7q>}A@y`%js66e zd6c#cESgqBx#nnea78GdyqK>3DKF5>YoKqvxohDN`!$#89I8{B8Hbn=FEGk!fzBU(r9 z(`sdzb@9VkA*$<{PKF&DTbV}%+kmGomV7<$OA%72#^C9p=j2EpAntKA?)yYl>9;~O zSaaIAfWo7)(vr8DsDxzJIy)NXCMqVq(;mm3w+UEJr5u*yu+^;OP4fqIgN{pGrZ*rD ze|~+r_FUKjcnU{sMJb48Ss?5EpKeOsiM*>xkws1~;Ho%fH z>(^l|vXpgT0b*chyE*BmN#K@6NGri&I^eQCbYfS9!#{)EGJdb0!A*lEo6mac=qbR`RcnbA@^vm zOn`aaGT(K{#(vIq%@dk~me2hNsuP+OyYx11>FwmoP0YKdOT%mPT@v=twO0OGUj_|KNKe*avW@UR zXYjuUl(;iWNvrtk(Vvq3tKXdf%W>Pr>DT%H@d*F@<40nU*|*yoJo$%12sHv%@`P>9 zhjjlM^FKfMSR4#tM;v?ekE;|QbZjH80xr{b^PjGw{SFv{SUl73-)Hsru@>CHIi7go zmHxvBK02>*K<{&zO~&%FJ=W;VQkY|N4)7>QU-_XR&4u4a+NgEGZ$ z#nrEr*MWdWIX?zemvky!_m&)Vl%W5T*W=!%k-M&s>g#>{$|{5&FwcMbE*bz7A(GA- zfj21^T}+a?E_eauMuSd(KaN1xcvVwhlIP(KjpCU=;^?5HUsFya1t3j_$(NdV&Xh(y z30469(VOsU-*EZ)XER!4Ss_;4w5b$9Jp}I!ZRf3{Y!7(QmwX&eHsUb-OrEC&4Pn*4G`4vSHAr;UeGhld9``}9E##4FwhuJ5w?cC$8R!-B_p|d;7$o&lD!Kn zfWGtO0W@#qi(tTrn|%5UdFK?b5MY?l1~fEeM1o$yA4vJX;W&3PIFA8u;ngxPP%X7e z_Bj2-pm7=wWLn~MK+p=9^+UiS2mhq;c<4Z|-WHFp&Yc^+6wd?{RA@#uT`tjDP9=au z`~#bR1A}fh^K*W&^VF(20AG61gV^V-CP{73FPUKZYJ;9LKHK-2xR3q8eMx^K1hTbr zH|YxxKZck~f59l#wMGqKS#HL|D8E#qzV9qtKOf0%uBIWXN&gU zXDqrxI!7cd%}2mf2yQX=-S&c4YTD2^ak$0X8o{Lw!1kPun3Voqit`=1J(KCoYs0&u z>jB_Lr$g>#HH7tgx0>;y<4n=OT?Cc_cieC(@qX!3{W3>EV3f~vfXmy}CZ1!tW~2Ok z6M%RXpmYQ$_eWE+-dG*iaO>P`Tzip?ytFsV42CR<2inysS@ zB1JrQ-!rBZgD3<|oRO=k41rLAJZ|hBV*=Sp;k$Fjwk?;%OIRJwPIhj&@4PjSsgKY8 zqlPDM{b=-5Zr}NV^nN4P2UWC$d?rgz&3WX9qn4;zXCZz`5QbCnBfnH1w$(=suOV(H zJ??W2(qR%T?b2bf?U#JAVZ6>g!25h!X31!Z`-nfV8$A_dq>-o~X@5trRom7;Dk@6$ zAUPr?g1)50wsNZY)yVh}wPIGINfCFnCd+p|0;1Dw5SCoM$FCmQEZiieLciM;_}OpyQz zH3WJbj)`-$K~8^ZVBuKc)TM~%BQH?M;2?S z;G&}&gbw2nB=)xhq`bnF(ov(g)TIAe9TV2Qp+e7y4Omt0RBTvSDJvquVBJ;mVf>BtP;;$R>M%D9vo!@71@4x$mmKYEnXrKp0#oVt>B; z!un`{bH=k<(2&fVZ*Z~>4b$Ou44Mb~i~K4^^LN3)cI)XEpTrfYKlg=Qw90z2ZU>V? zzZ5f0dtXjZZaRDpiCuW>V|yK!6cJ|$Q^*x*d%_5?y4Iqr<`!^!j`inW%7~{^GB9*s zI20nE>b8b#Iwh9nn=;-cknwhCr}WPNsP$oC^u~q-uX>FQzh_s)kNBJGh>6-q(6|0( zi3D2rGK3dG{iRMd;MN1G%adL_QS6@RBRWxz-O^{s&2djwzhR=cYdKGvZwC+Iu(NBS zqW*>m{1D}G{DeRp!Gu@h?ujmXOwQZbKM_LBh5t8Y7*{BSY>xNnWhXHuO9{TK2i_ z-<7@40?HCihOkNoy94$SiNv(E+Fo}?8_SlRSfg6t z?_fBRPDl^daZu?#2n!U1Z|L*7ekz0CXC3{O}P|ci>AE391_ROsRRO)c2hXWZn(st6`cBmwwPNzPvcQW)GaHH?^2FH8ctD zAr4x6r;k^OjbtFh$SV?T++*fqSr9D?QholmZzFzTQ$@sF#nZLrCjFAY@yU{EV#;(` zt6!KoPA|v%()X~WCHTNfGVz+M_-?;LZ{c!=NWsj7k4}Mwrn=ky ziXk=b0HeuN5gugap?>R>zBopaW=+>pD82a+H2*|t%KOri*Y*bx=9yS4U96-%;GmI% zR%Tzl19GlNfNvt$FX02sksGmHD)h3v~TMggt&*tN>ar}{0tsoeWDm3QwgJVnfzaU`iIdfddeLfPap zk>%(8Ln45n5eYmTyGd1N&4nelRoHaT0Jb+SQM*2rLjj!1{Ti(Hx4l2Dq!$9-Tc^zD z^qh#Lu9KHNg5D`u3dTl8qr?}G8Lo1rRsLTq;OxWOpAs}#nfS0X7SdwaRwYi(_ChxW zg(-(EhI2o}YF&6d;M{_SmGG6ofIZddtc1c`Gw&erZyHy_1TBdD_J&k{t&-BdjC+bCIqc@kWRokWyc7f9{QOe%_YD=@^Y;PD?XZ$k z)xF7M4YRkTjS8Yh%&?F6G^-U2I~6JEwPRyysJHfc=1)GSEr)}__|{ARWib&+Cub>k zUxks*{nsX+vWv>*?0K|B-SHm3Q~IJ!D{}h!;oHAwn74NUJK*`nUAt?)C*0rjP7vtn zqC7$#yjAc|c_qf{T2S1V6ZGHzWBC)Y9DD>HxF$Ss>(|5luW@d#Ax`1^)_^zS75%-K z{q;L?A@BiY6baV<`qN)0E0hfuckBb!7nlFUV7LZMCa`Zm?*6BX_{<2{0Ykmy=l^C8 z{dIhBPDqcz2ZTPdA)>TD9pwL&o6vvVjC!W~drOO?o?h7Z@88ktEeWqOgg@N1jz=FO zBWYt}W9^Q2K9^eDvvZ^f3pZav)hG(($qiXpSa_kX9%o=|ETOI4=lFEAZRO83C5)FT zKG-&nXjK9BeOxO*O_HmM{5>ZpkZxyxfbGw>f?Uq&`Uf4e9hdDXe#2=lluC?T;+FR$ z`1qp5Tqs_)E06y8XT$PB;soYSC|HDn`ZscYN*pOfRIDKQhtt!FCqIJ z<->>ascCrug1o#M3W_*VZf@$LWKTA)Rza6LGdwe>ZhTGpRAV3ewr2iq&}&GMR6>&PB~zgZKTfWX zOOAgItpl-5=}APp@dm~HVZ@MjH*H90sEOmRpv{->g|veoNJZSIbY<`AU3q)vX|yaM z;#Sx;OZ={lMUeLQ(d8IW?!VHM$Wo)O#%$62I-Zpq=TQ{4GKK|So7;DhG|~O$*!pf< zofi|5YlYt9BH{c6N>LI}_~Xapf;t{@D+c}xMI1&%ga=%`4;>>wOcMn>15SpQ0Td#9 zaXQizN8HVB$=g_-0|%R^QVyJi&!u<*n3H5c=?cH)WFR(J zXk)@W!otF{5Qxet*%cSKd-VY~pz#b?fkXqF>$^EB_;imbC@gh=4u%0dH`Lmc(BU+o zMMZ_~fw#g>JO$+ChubeNqmbnjMz|BRBd^Z%wu|pXEtOn?1=5dB9y8<5L#%1!yK#{R@BiM62tOQtwP(3NQhwV2uuM z{YGi$0`Rio^j+?$B+(g9;CHX&yF9bc*m4GL{C0rW^FmWoGsh8AMmff zcL2VL_VMbYP#`iPJpsC>_a2ErXH~fcDtZ>l=CDf3PnJ^Zv#$9KZi$aav^W(Qt5dus z;$L>y^SkYT)bUb#WWVf1$7)p1v<@wZyn#nm4TqAKy4@o6sHqD96A6RSx0Mv0bamU^@sz60b?!v<4OPI7ZAL$_>pwm@>=AElA*HLh7|_BkvZA=d zE{P)tFUCyH75OeM@xe>x@!@wjf#Ixw5nE&8gN201iBUo40UCs{HfU`1bS98f_sca_ zd0njbwl*3?7?9YM^8tHR!*Mb3`(#`;LSiArYPxlRaf$D;(F*{q7+P>G5g^x@Og1{3 z;&}K_c*+aTFxKcF*#UC4i>U?-&gu`K8Uu}< z@JIXuLs%d~rlwOVEQa^{q~0^02L0NC>$-u@js8)FDNXr=Eqrqq^v>$AZ6#TT{?zQN z1P0;~u*$9H;)SQ`Kq-6)vIq~oJlW)nB$7KCbxxMfd!VV>$f2nCL-%_!@RTZ(_1oQ`8g{)L@PT;@oLq_uQmgc=r^?kDkLNm(bU;4wq))^j?LZV>Vbo2?>sJG+ zkXw5hBFRY>ZF`7N8jRT=gVP(cPfha!Wm+^m{5@+LbtQV@@mP2w9n{IMEutQB=f=!>B5H*f1V8iOMqo?4)bTxGs? zgQT|0Eb1yywfUMMJe@qT2A885&qaaV&h>X64!mIYKo?|@Xga7J9uspP){`Pk5Y$L& z4P2n>m3uxRtVJxRVdhcr$C%&|3pw6n#+z`xhjnj+ctTxIBTl!(D1=$3Hh+D;1}USj z5;ci#pPY$Z!|urF#a5w1yL!ENsn-}q|7MqfwA=garFRN@jfJ?AyDtb!V|pq!YunsT zXh(1ZDk`rpjcz$oo`m!$>?IW{%ulpzX-{ydQwBi`PG)|FIVhsP<2!xPQMtfd`!+M9 zZ%)ed=_=bClbO|#lKnSZ+`)p7$J!&1IVRKDt>|BS0m?UoK^Rx^%dkIH zl%qJ$_xPLPoF`sECt%xI3MnhvaAlP1e+bHZ1&@!3Nge^3_2~uR^yS#Z_AxIC(nO-s zuz9vK+swi2zS8&5b!%)nJ-i(mEGXR^M>`<@W6H_N*#&x_(ZZFdW>$l9J?o&a!2*Du zD_RR3*++|nGxzr$Vu5tup6hVA_?1fRbbKL)&{T#Lf$Ps71R0RTvuSjhB3oeb6C8*3pz&URhBD&|vfZBH;xF(u2>aTM3^$1Nzqtlkq0HE>p$ zFV*k9J8*XhY?sT=pJj&C4WeYoBxbkV2s80(g}h^4efnr_7kQy^D3omInVxJ8lbY0# zWQ#LzdJFdl%39M@k;gXvh58+`h`_*i=ibbFf~n=IZ=n!s9Y6^+0HU}cHp}s$5OR{I zdetPtOB)`*S&2%O=Y^e}orTa5Xn@3WeJ<8Y*A-z)hp~`XSSyJzFRF`0^Pz^+Poumr zmT+(=Cy90H7e$uY89PghiCtyWDoo~S2NwDSqj&Pp;X1nT49j&4tt^v|FV|h85_z4+ zXEK&+f$xk8qIH}sW4(<}{mD|iQ+YgEAmD6RijiLG<*mJ45hqK0EO>cVcEh3G0C_mc zlB=^;mP9L$+pS_npX5#+-tp>NJ(5INleagKNzIHO<^mwUmLKfH9Ks1sezsm(`nT}# z$ck^TR`N(_nzpWS?6!Ub4K=AxGepJt%mr3Br(6buM=w@F2~PwwW!xtr^eg!uj%zP# z>{jIZ_wv4aV9kK8hghfz&L-EIs`ui;!sgfv#W8>}n+V(O0=Nz^s)r{qT1?gs=lAyN zp8*G%4$u@(FQg`qxcMPKJ#+`4Nlhd6idreHm{5Sx>WJbz3Z&(d5z-{gFLr7v_4{2s^r zs@_xPKG)782`Q?L+*?0}^c<=4`Q|Mn1LfDoA)>kVhfqh9=R zD2$`0HfDb9#g;GqJ7(XRl_;tmSV^Tp*W?x-upI0T^w{~i_-L#q?8N^4P{OE8ss^P5 zw6tOCP>t?LqJ;pqOBR34L38^w^(4sBX1u`B;B)mUVOz+$TJOGXV7g~SK1-RE8_xJozF}vETSw+QH4mZXILn6G^a?ZX~LF2i83h>rCuJq+? zWOEtAz6m;}PmEAy_$xXXSne$`h={|iU{RO7+kg{fU0?a4{lg|JT z`gn7QZnfSG+5m96E|UfQ;1m3%<~KMSG=~pZ1#IGMLse9|fWr)0FzB3M;=ceE^Dr`R zP1TtrJ78D0bW~bb#}6LnOp}injnepZ{9as9QAy8wLFQ;b&P9meg$wLPgVBn8k9lJu zG5cEPBa#H31Eo5vfpm#dy&sZw`Oc*)T4?H^!4WN7v1#=bVTvE>_<6@%*_Yb&Dn65Y zh1AawCeoA;cCu$B5g$wT))5+c$ZG5!hjq`qp}v{whp1$L$V!_*Xjs`vF`UMI{vjT- zmG0X2yF|>4g^eL5(9ck{JnZVt)eCzZ!?+yV2)>50n9MQC%*7> z)LKvPZA6DWg0dX;lw{(J?EHn&ygRK7 znJ|I=n!`Cwx`fttzoLV-hh3Cxot=`uVdi^!QV~%P#~A{<$*mBoJZT!#PcMep81E6d z3->SIygLbP4ZB#q$D68Zk4rr{ezcYneeD{Fw1kN8ONm{UuFK;_>!haWXO|T2lNW6o z=+kb>nx5erV^NRb^yXQf>uA4KG8kgMX86nkfGZ~2TjLu0JNsfwHzwXucIZ- zV}_p1MXU5s*L0FTp^QvD8!KvolZbFjEfU(?Dq>>;gSR1fp))CH4|(G!Y8vk)cF6>V zPb)-&-k{%+xP#e$w9pkTEKdzDOFd!j!Wb35`1v-$5jsZYZDS2HCUMOd9aLX=YerI# z$IZtdv;-gi1ciJV-Q(5*wDOwlK@dtA*^voaBwLvx{aCB;cvC~!8#vcl;%2@CBH>8T z`DQ$&hBd5LgTL3&tp`|;JnbJMv2HrA>=w@DE(F@jd1dgPn#EytTLP^|Z|nqAagzgb zjsIJMu}%lb3N~IG^(5BaJ#HBK!jI}JN6@#AEfZh)F(N|iusMU@T_JbB`L@o*6x&g4 zls5I^G9J{Bv?{q-H(@X33KPv#OIh z+@7|ks)gwy_kcdD&VtA5eV?EEn!lgCGkpa|-NX<{UzXHXh^S*c57as_rM+pCTl`ha zv!`sOvN5W@icrxJ`WS?f&GQsa#qfnZKCL=kC@&-`k#!l9_1&bB(?UKP z9*8=r2UGP>ZNU9wyacIKcR_cjrGVk2vFm#@`hBN$;Lr&BGz=!qYgkvk>t4E6-QkwLRv&RM z;r(Hs8Z_k~I-Z9*4h|6$cAX~f?gvo}@tY=wo5m6_*GiQn{o(d&?D(%C&qh*&J!{qr zODZL>4$aMi=H5dTGK7t~C34T}=HAmuZ!LLCZcjB#-svE`#<*3#W@46jybb!|JT=-h zING}VfbZB2{`t%P>Irvb5UgtX6!`9r>Q*doXDri*^w!c-+?GTFZKVp^hdupZhUdi= z>re)&ozrl7&FU{&I)n>`W8`b4H z5MZy!|2)*}9+%Z-SdU$k6~4AP#Df zM5`FYB`z)UzB}a6v7d5$8Zup{G*+p-LACrsGa2n9hobAgZ;bvPbs3%b-u1D^O#I?3 z1aV&~SHolKJ8R%9l!wPWVbNX-g_S-VZ^f?W>l4is$Ms5%#-lD)S>@x#Z)KTv~#%<2_#C+Hqru`KF84m>MUxC3S5J`Lk-ob)>lrB(0M z>bGLAjua)6WaOJNvlYBs`T=#~6Mw*SPP>(L!DxD6l(-KO|Fn*N-!0_8`Hi0t7lw4w zSxkfdXTTO(dLG5GRI#kb+i#%c(YCs|z4^r#nd%&(6Yci>?WeM zt*R{AvSp%_cq?5(Hg0T?I+~CfDobuvJ$sL}f26?BwDEhbn?)eDtL&iMT!1&H! z?>ANNuT|F5OICL41^V4Dy0nZAkD@0X4YdGh#8_4bxl#xaRS$WDxw)4tB@d;P6p7lC znCr?Szk#gzeuJ6y$su1S^x08n3p7$YRIA34N&8I8$cAyJOH`3NyClSj(VBKk_25h< zcDEd40{lzc^EJC1I%`gZGySl3pn%Zx|4Nyta{f^$6!c}>&C=?h#&R4?IRn&e2IBa0@=+975I%sFM9cMs(9uC5pc$_Ly`aWb5R}X*y#PU*6Me-`iyA~oRCGMQL z?`dw={RJZtA9eua z0QwcKJdKjDU(VxG{>ZNdpQLktlLlF*v-R>8Qj@;=tzaLtm!63}S+|6=tV$m^S^L@nXjK&v_^wDO ze(uajR3W*uAzQ4XF_q@KDumxQKystb^x~%Y;Ggd<3?l(;ZQRZ3ou!e#^Oz|NGAGzW1j7eD z8|84vHdHN4t9K{n;9;3U^dwhq0+NCz5ZO=w)De-f+P@)v3wc}(fVi8J;Y*{*S zO+jJ$LdH(UYw=i0n7!QtMz>KkPVfM(?)F<8EzlZ9B|&A+Q`bDDgux~o#a^4!D`p~Q_AuG#?=XY-9eL74|bXDwmT`uI0_QB$^%4!mKpjCMJ zZxvbJ_qVfG_*(G$mvgPceQcGIeOb12?3LUgZYnL^Iafsc+hRyOW13A~$XyGGIfu>P znR(c-|6bhN(eTl=J;AtfKf3qB?>+$84!+gZgaZ}k&hOs84+GJNL_CL)LQ=YcE0BW5 zZWIjkqVfK*mn>&A}y`7yu^J_t_)xvfa;7yj= zFCX4qf4$f4$HZ%6B)6YY$mF;`icNB}N6pdEL0z;KKKGmiymKIrs>Xf|f3S3XwXgpE zl2Uu)r2~CgE??d-#=H=^Z{AvZ$utF$IEj)tsIpK}8XkR${FQ*etQC@$4qjMVl7v7Y z8QbwBf3?Oy%p3?gi;YY_F47`iwqjPHbliSAv8Tg13n#Pg7xEf_L2o#zX#S*rz_U+S zWJx?&8aWvVxh;A%F)$K@V3nJOL)lMv`<{m{6nVp=gNa?khYFk>YMg8i$2<+YVr&=3 zqdr`nw4YRpCp_fva@!Y~iJ`B=zGsyhARhF^A?UwuF8OUufE4(zd-TP#+^oMirQ7YG zV~Vh)%e|UBD9?oKFLdm?4@zD4sABm}p1PXt3Q~fSqE)q5IjDQ1=@FD8j7!LG&mr-< zABIuM#JxF|@AJG`wNP@Sg(@T^;K_Qw|ve$om6eA!RlfCj=cgsP`kv%h^t* z_Pfg*)}fR8iypA1X)g_GaDZ9_8K~@L=hf}Vz)0{q9ot^r3%PIT zk4(gokJq4mi`eB|xy4wE^iY+IQSXHaSbGfDN3!oQMeBHFl$#DhI4n=KK=0e7$~4R$ zTAa0xyuzpZ+|QK@H5tbPL4!__!wm`AVg>+7A*yfBbwLVcx0>;M13iex)O&{ z9yt8R9bv2+v;;eEx}#`ikx7GuQPBy{GZ_#FC_!OB5Pl5RXzc(htxfprZyt-pPXApvSKz&5M(Oz|khd9p|ncw4Tz; zv(hK~gE))xp~jNQioG_;QZHUa&=uCJdmX<@;yd4Odi>~-0z}~C<&i6bj&&Wy1J49d zMQ>bOsHfN&i3Lc*3N4xo2o*PB+D+4dyJZmzKKuSB($hk+cl1GrD+e+3+45o*GrR9{09ZVu-ymBXKb zWIZ2Y)?`e830oR^5Ff%b_{mKDW|g5z)U3vGPiw5t&e86C=-#GsZL$>O1B+;OpU;$> zoU%^aQ_fol z8k~6GQbMm$n=X{KU!lFtmB7C4S*NXY1T1B&51$K@SSDDC-K}D?|FqIJH|;$Q0B&}R zlxnL)NyJZd525Jx!{?j$~fj5wd*98O|RzB9{SH)DA z*an|1s9KX$Qabf)|i{evmiOYM@FWzw%N*~AiPJ-`@>#s zq#M3Pq{e*7i}&5i^wO4u&4iia0|~tsVoMOXX)#sb9&+!Zr#_R%dOSQVY!NhT_%x#J zKDLA(!fEQmM){_3Y$Vm$!{nMS=m#5SE_P#my$p{&+tli*lcdB57M6nI)zp0^E>v`9 zFsq3&&ALW0ivFT~vwA8cl{+{wbtLHZcM(pehAGd{2KYOtXG#sMqKf^invV&Yfg9Xd zkI@zG1rFkS4fA6&*O!#xf|{}(o{NTu(Hm6q&BplWrYRBbTIAl6qwQZr%U$M7b@MHMl`u65FtgN<^a;DJyHx2hRJr7=RyX>Si zkOC(Li2(&1DG-G`=3wkusc;yEuF1?gjqFN>Uc@<#lPmJW25h5OfEYcuWFejdSL0CTK3Jlm`h4iM$> z>oliHb1P{?G3M`%>NFB6PY_`q;tUrFbYI(^Y<83zIyqHhg)A*BM3~mSFU&vjsIXpS zK=3Q;w!OYU1WHDO@5S&QnHR~NSH5bHL4In`rj#1qV;Cdx$)S`_7N?=0OG5*^l2U~= zOFR!)ml)N|c9XbWLmIYLLL$p3?-T5v&67Ur`3h^=?Ct zjgrX;?Dfk9H!V>1P(VZ@fK2K(`9fB<%FzL(^rEPcc7qK+%*)iR24Hd09cj&0yuThO zf~Sc3sOvSmtFLA0S;4BsGOsgfyQ$Jel%KU!;-t#p69a>V%RM}L{-IA5ap)}k`~}il z18lf>R1-|00;k32filRwfGsCb@hK+eagNb~k3GC}S!^6)Yq{#yd#!BQ=?6n=?5CSN z5@J?XR-c~4@v?$q?_ow;cs^psL88BHHRAh?kLQNAl@+9&ejd<_+z@n=8ZduYg<9%>&@rj*dxrGw`WK{?~ zw9zEFLs3Cd(GYY+cDgseYthSbb)I)Ivetzh`Mim*v_HS+DA){1P+myLqZ+GOOF{V> z<8VJedCyu}nQuyyn_9Gi2L{6s2ZXIz7iDg$Um@DBT`$`TX*Mn_)$CE!@Mcw3-%qoY zC|%2kcS#W|)bI8PZ2X#d|2+sz zp3t*rseq087TXJ}759qdJ&N6R(?6bm$838aY0aOgx_de`iB98szF0X>}b|@+dn;V#P7U-Mcg6Y$L@c6(l&@# zlhHVA{=dimb<$^d$#plV$>aZbBK-e-BAf|2&}yTu&FPO{1OFsMAtHs(bp8GxP*>dN literal 0 HcmV?d00001 diff --git a/docs/images/admin/templates/extend-templates/prebuilt/replacement-notification.png b/docs/images/admin/templates/extend-templates/prebuilt/replacement-notification.png new file mode 100644 index 0000000000000000000000000000000000000000..899c8eaf5a5ea2800129370d553e751f3239f5af GIT binary patch literal 73977 zcmbrmWmFtZ+ck;?2<{Tx2`<6i3GVJNKyY^m9-N?qI|;$v-2x0A+#x{l;K9GszIG9*q9lX*n&>qY6cnnQtfU$g6!bV06bvTfDjf^6(8p`hqLyC>Ah!QBk)A$P77^7_0p%|;Ycy)vmbHm8rD$OX8RfpzR2_b%cx##$Bg~6`|uWGRkkEDPj;7QJAAK(AVR`KW^tb+$VhvHbp1apHvN& z>cT2wBcR8cD1<>xLc|=xC{D)|dOn$$Ek`0Zf)xzVUgmwplKXKJTl-C6`x9rLk@;Kg zK)nD2Lv6hdrTDcqhE3XHXurH&j( zQ4#7b@Es8fI>H7D4)_KQe29P#6clV?I1~c#8w>bI=E3}X6?!}m_TTR?m@gT{)FtHP zfZyuoE|!)KuGWrj#vfrUfU4$fG<4i_6czZ*9qn06Ega1(S-k9>UWz~odhr8a?JeC* z$-V6D99;Rmged=$gCF?*lFUj;{+}#vwnCITiYnw1jxLtu+$?M?Y?Q*U$;rtDT`WNS zYLe1_ivxcNQChpXIq|cydU|@Ycyh8hx>&KY^YQVqvT?9-a4-Wom|eXc+)TZg9bBpY zspQ{!BrRRdU2L4(Y#bfPU+OhAb98qTqNIFj=)XVz+^40N&HuFI;QF^)KnGc0uCTJR zu(AHPZlI{(ODeyLjhCgJuB44UFg!pT!tXfv1pkx&|GM%&E&i{PI{#CWi<{$rm;7H> z{@*1vT`gTC9PNQ7-Gu+=$^0$+zc2nRD9HNK^Zzvx{|xhgQh{+6el5uQ-)AQLn&aF$ z9tuhnN={Nt!wdQ-8y-v|b=}0sf)R%3?1_%Kr6m4I0mI~An$PW5 zo~jxg4z!dgrV1QR&?I8fuE$dSzWA5vwy2Mkd5H8dz%Oz{#BB|xe=|W#k#oQ$J4=Tr zmHf9P9JFN?KjyzVf_TaEVmQ%EY}Ed#7ASGGGn$4A|L>oon4d6$ezdsm#j=&ss{c>( zKkl!ORdN2U1}G*DH!TfTN@94qi_89{&kbD<&YcX9t;mk|XMReUq@`Ngw8!wIPl z626w|`0~$q=OO-~$cvdl$9OFLHz8DfBg06>X05%&W-_lc`FXzUN#vdslCI(o-*Gc7 z&#LEG!UP&lEZ$8s4nWFKa{SM8dl@mg*zR{WS?&ibrlh_{?6=z_;6G}oYaPWgps|d> zCd9G-HVJNZKg>uo@?jAB+)NwGDW+c%#`y2BJBvbv>oz%%nC1{KH`tOztbC^H0P>uF zh>^?YchEeW{nV^tFf&war&tCw$$%Y1mwRL-{O}uFy~Afrhs2`8=VGjDq=Ql_dY~15 zIG*U;hfJQeKl0RaAtn1u4G}G;oog=ZzNB1z?jEo!-P{u4C`d~jTnaLF_m9`hcBbI9 z!;^seIOlB;<`2DkYt=f3RlVCX!?skLrTWO*lQwA3;T$sv7@OT}&o%CRutBL>G2|0w zAI)PTjXXr;>C98TNcQu`ck|`CeGkWuWEp&}pv>dtrgYUp>5R0B{?7uQ4#sy!i*=c| z7khHPuh2<6RE0JFmZ1@8A)^W(K%4Zr?34MN7FAw{ov&5uvA zIB+I$eG$(e(1;gU1IYsZ@Qjv=)I%Yv3c^oJTlm*!zcaj>M&E_)XoNt zO!#P2z0Je^;$lL=T#nOVyUP7=u0(OUarf6$;qLd(RJ$|EBJaooA8LBiOC=(%K?~K! zG-L{CjV$_&5ENpZ%+kBJ)7Zcil$}B>H|m(ysPJhU{!I17&>T(9cuI7>(vW7}aIZ|G z6f~dEM!hL{k$28-n`G%V0*rp1{wOVDP%TL2bx_LYpMqrHFKZ46-yg}( zvAcdQ)v5?z?C||U$nn!xy~>D6y-bV5dC8#Ftw!^GK*O;GC*h+*MipgXksu!+clx~{X8Lj5V3cltB(2IKec`lI7?^gm^^WU{58S@thS5(T zr5r(H3aimhg`~HDKDCkz@u|1#Hmm zX<(q)Ydj{q`B89K?)@gc#uI2vFWsQ!e8ENJ-S*%B+f}CHxQpiJbk23V^*C$0`S1In zyGw?W_bCU$&>InCo$QvQsXU6As|>f|v)W&j{L6lF;q{mvEqpHNwCqGu1Y0hSx?Rp{ zKaSm>cF_f9`9{`H6@0bLS__XQ6It{7-Gkt=f3vPV{3T{B;GX%`u=qVLr~841ql@cS zKhjLoX$WW{2TYLf*!394VAxu39mQsRP4XwzBpPoF75nylXLNT;hKzGGjWx~X6$*ig zL)$U;MKAKBLN>px7_C0H2b~ssN%B| z1iT5l*p2NJ%&NC`PAgT(Pi*k=C(kc4TdfzFWP3hO<0&!#FXc-h922EZi0DqP=bzUZ z8Fl)}aShPO-1cSS zNtt7k)|=J?+TO9pBPaPzt2Z8EnNp<9{A>d`RlXJ%?dis zM~~x^cQo>;c*PrA1ISxdnmrsJd2 z^Z91yi?VO%n#Lz9-jLI-A$oR;m9D^3&0Fj(@t8T?c_zJjdXuvwPqUI(S{nLoLH|3A z^2QuKSME8-XEOaJhl?(YM*B7w)FBF>@4AQ)RDtIutj3jD@y>}Sz+2pu;}CdmNhsh^ z&gaYRmgyIHB?&CkYD_TJKKhMzwM(X!ZDHyL^)ilDi_hj{wSmv9kT{ZMi_26zc5`X3=;RBnilwNDAsMm`t4DUUOy84ZkVEJG2iF5l!slj;w<7*`2W6}Z z*GGJk1SVasHz$T3imO=Vye)Ba?HD$9?6}PHa6`ypA_XRBjQC+!+ca{B8JKx+f z&zcwK+$peHMh^4LNj>HRdnyk#jCHoPuC{$iX z#&)i~k6&qxa@pK|*`pRMjr~+2{F`In;MJB&XenXIVxCx1f_?m;;^`CZPR;Di2xHX< z*N{5ZbY6rZS1nwgK?WF*4i@Xu+6Q5hcCHAnMN)u8b7N52_^{^8s)cyZN{M znLX2slQyyu_rP$HuY#uyDz}S{M{^ZvY+~moC9BmGAk?eW&A_-DX1xQ~i4IC}nBe}6 z9$0GKuXnVH#J1xpmik*Jij>EU}p3GfmUoGQj(#_aM`5pE4&ov@Y+SqIZuRD52h46RsmJT~DpU z16WQuzCvC7*;WP{wt48Lb<-#niI;TQ3-Sk_fV zN7Mwe?K@p<3c_zo_QkU9jA!#02}a($Gfm({?ol`ch5tdV`V>l8df&=1JD%}wG~+#y zK6+CzXnPPw1&a|J;e#fNAAtY}cj}}3h^@$#PAj@~6+h21 z^hc%np`K4zAx7{?fiv-Xiw7(BZfnN#S&(grfOVOF3+3QMW`xV|&S~f{%K2Pr_wmLP ze?qSa&j==m+djkKg8y-{6o5sl;C%q%Nwp4t=8SOP5w_^!=bG;1agTQ=UV7`l*N`Sd z=C3jS{CFCu?|CrmGTwc@Mkk}tS=B|_r?OM>^p~Z`dLZW65BgzH>>`UJ%?88%Wkm&%e!D$CTwmY? zZAW!q#Y2780a#A%FVteC12mZt-ad+=8{B_59TqNhmUz+@uGm3LKZPctRe=&hg~AKh z0}u)^48WXHCmt=w{nVR_RNIsd{Vs!A`=;CvHQ!Wj`WXMswnN$76cEYQcjJr{CflcdOiZeg; z<=20D>9k4#B@vCRE+2#Ti`2?2uiX7_`62>WrrC2d@e8ul#jMo1SnRC;p7f2V>$JYs*Qvsq3o?Tp)o3aDP8t5QMeFTJOSnGz>oi{aEmopkx{c>N3& zZNK5AI=1*sIRIg9T6sH+PAX{9Xt#)Cqow#?o@?NVNKLR^u2$R%2m~#1X~G?gU5>eK zg4!o5yALg{ppoQA(EhZPDm<0%H8HJv2?TU=l3g=0mMsu3m-04cvCUJt{IF>?bpil= zgT%sq^mA9Tfh&Hlcu6$!b7cq7T+dgjfoK?Xllh+Mbj<^0GOlQPxS)W&Q4p)DsG2F*6I{ons8EB z41EA7UNw5F@7Q67Uo_(q5M6QKvS(Ct{Dv{`thCAFxV1zox(&iuC1}fH*ou=&Sy?9N zxwg2(#@&TR_5t+FO=Yr7DTmEwF36I~YCPq3;@72HW0rpVbYHclD&A`WO$Ap1fa#1v znfTCh>cFSq-AK9|Wbp1zS}uDUt1+G}$|C>^n~Uz(p97i?(vft!-CaHl3tumA?sh#t zLhKf*S?tP)cpPYjQ6h(VN0S+>0Nug{&>ALoyMrFJ8$Poi12|`~(LUPoxcTj8BNaG7 zM9FOD-fokO^?>DdULhE$}#8%{0Fc=jSIiBM)Y8l|s zePA(aFVbysY2hje6^fXvGG>%{{DLSMCHi<53qXV0vAK%OK8|rF-CEfiw&eA|coH_! z67LyBp3J@6z}eqV9I5fdd@j;UF&3F8(X7IlV|P9WP#L>Z<}zbex&CfK@8p+VNT@K} z2P3`l6lX@c-n{!j>znBinB-eTVP8+MS7|6v5qTEMpxU0SY`zt=(Bj$#wtAmTe{7yL zU{7S^E7lvzMz-oKBcz@uDpu!z&wa7%I5T!I+cnxD9u@^C2Y{Lq{%G-QNRemNLio>y zVawj5cC(YJ>+_?3c_Z6I44KGM-f^SNOiwa{`r7-2{juG#H$^e#*U;{kXe9g#KPr}0 z0%q{e?bkasqXztjI{4iWbdxNVFgYd@w99o4%J5uWXG%OXuxQ>d4&1csR-43GpD~S0 z+Bfa+jAg9agoUf^{wPfX&6V4L#e{`$DV4pyl;-$GZL)fZ!njw6!#- zOvYK%4T1?fBH(&A5S79;6i>!^I9GuOVKHdlV1(+akd9pnX0QSH+RF{l-YhpBTfEh- z{4f~%#G>k4sYR$nT-?Bi9RMPoB!}vzduTACV;P(+^F@&ZpwSJkB?UchW3DhyaR5H2oUrW)4lB2D&n3yltf@E5xu;b; zNv>IHcFx94fVJ(_tpjmR2woKEV9?(K6W~J`kPuTdtl>o&Xb_6*8a-VB;OJzWx!jZi!x7Hl_rXcv64=k~%J%>F*)4`F$O= z3kXZk-?Ig(08Ed$cpBOw=DEH){$Z^F@}m^{sFz&>tkdMs@iT|9uF#O!gcqAG?sL4{ z<^DzWa4K_Vk*TWfa$})x!+|HK^(2&>=ksI7P7kFRuoWn-cg7EsF8w((FW+|xvP@)F zM7DK_ZOI*53;fZEojDLg^iBb9@%s2QWk3xJ?sjM^8lzkI&8|e~tG$(-+^`#aQ?$z= z%&uGcY<|#(2FJko`e<}e_eVlUFxq{ZGsX2cGQZ#K>ZNL$ZD7(`cMEpZH{1;&^mfis33?4L<2A`lna@Z`~TfO?wVbCa( zc4I-+DWbLCr_jfJCsza%%mb5OAqatvVc+X^gAhm?6xe4p$4u;eua9hjSA(hdl|r%G zeyxX*pqr*1i`&t{fJT|t3q2ymDcf|3-ekea{=K`Sykt6O%dN~1y1jCuXRVy-h%JJ zXs{2P5srTM+19?+bFO<&v_zy>bzSDY2bzpwrD}6a4Yo%CN48p2-$20J{s8b#rsG~} z#N(v~2|QLXk^Ag7P3^3F;m1od;UtRaj(Y>sqFDKGNj(`xmfX*O4aFJjbdH$d#yXm_?I!Cay~!oMNBvPToFZzs&oZVO}Vfs z7kKlTmH%-`7U`MPg}f|hOK1we2k@V%W0D(9pBxv@9fq&_(2YkaA%Y+GcZQSZyPEU5 zYF>$2qcWu;dhynE8!QA`7^G`I-UqViVGzC33r^EXnDQXm?$7A?(`Pr;exW})xc+>N z&oGn8y1?fj!a(`JY}_eHK);M)t;H4U-LuT)%G;=cNPhrPPhJ2^DlS%KEGv1?YUS z)@=~%a~{XF>GFouS6~iFV_+dx4AF|aHZGKAPQNh@d~{@dAWq>zWZXDW-kZoxI%C#v zY#+|#S=WRS>0RH;eOAvQJE!!LuGQ)<7Fpw-%5m(xts;p~zfO;{5#Xgld~0ZoD4F8? z>QIkukdVpWuc}IaNZ1Mzusc=AzSJF#dU#CftV#e)JBmWc@jk;nb@)85K(!kuI|LmP zD}|Jln+6~V_I#fzXEawa-z{kKEdjHhft4Rs>$Y=8ZPV|6L|1VrSFSr*#^c6|a1r47 zBF3)+H2V`nY8W9W4P4(xK%b?LPMQ~k$F8HArXv4cEnub^d`rH6&*_}@%8EE*z{M7C zH$P0ZKjJkGJ=3B?$GfIkmAet|IO3-7pTk}stUW?6r-3`qGNk~y_nGla&G%yGXdXzU z^EbUKkDlGhd2dOaf`NQFXu^)q>3%xnG5vj%vj?Uo)%oN42U6ASVlHiedk?OXIh=?r(>={;8 zf^I2AJ1(blE$)MF_t`ESLoz+VVI*f+EmmWOu0t;(f|F{)2luJ0$v6r@{SbB~BlVD9 zbiKLrWdx3fh+|26vlTSF8hpKXTcK1rWN=zTTylMaNd3HqPbM-sa-mA}EVfcbk4PG) zrnZWu)?+K>^42+mbv-$=qPJIiTfkHw91h(~Ns^7McSw}Vpwr+7BO+^T_DYra53Y@| zlpY0K+@$)OHUyLqpAX1al-PWMBPTCYO)0!8u`f!8-Xw0K0HIuvD?wp56g zPfgGZZ|(*}uF*`<@;^xpe7;#}2=b*n8oFP_ytv)$V-H591)Y+9s6HiatCI7+;augr znf?-QLv`#KWBeB7H>-QXbs|m$JhJRqhI^=L{;X-rpFI%~48`>>-q70pIi`IYE1Hcf z6wh)0rM5W^5-{evcN}s>qi;U=NmpUY$C-DlU8iQN7Jro2ak)_{3WdjWp~?UGv8f_; zP8Jg1@L?7+_OWi_$$7RNO8@uec(lr~bQ^4)=3GYbV4OSLp(6e3`l>hdLKEMpPTK)& z5jFceev~b_;1*KMNW_jJhjB*#b(GVhM470FMu0<;GZI^y`I)+x;7l;a}uQY%(93h+dh%dW^@`w#q6L7XRL_e#rn%+dpv}-!nwYepvI&GXo^7`^m84&wA!sT33vURt2)#*FR#z^2f zwKpTw?Rm<3#AF;_68*loG7sg+5oh{;I0Ywx?@#L~&vsChG_*<~y* zP*9^4T9)fQcyT!;a~dfJzP!D-d7Y+sN(T+2t<^%WDLfFcl4m(ON7++wCdMYi8q%*Y zzw*J_h!(5(!15G}89g#!seZWAOjq!Qgmlp<5Nx*zJFXFjY@_Gova#dIUgIuIM1`^} z_%jmI>X5UKnN1H+hsmKSUJsEW3euWWYWtP@WiiUizXY#JE~Z9Rpv1bJvvUj{y1CT;oG#v!8c@% z`-M{QHM?UEfmVgyNv=XbUBd2!aW_Bf3e{RT7%~aRh9L1{V2#vkOCcDf3m|UO>a_t) ztcY8lz$fCiA$_T}?69CMrcflW2wW!*9a^NZ8q)N3{pG@;klLF8aX52}vxr8AWxHpd zRDUNh&#nX<(se1xs;4n4W-A*zX|-?NINT?4cwnx!?q+K#R47Gz-gd|g2HpNBmPbES zsgqsOZ}&nQl{5i8iy}D%u&pzr)kJUK7WRBk}WtLfr-;*joq6hC$XV&7V2u5K;MDckA`K zoemXO)`obeJ~~Z*%r6}7{p4Jm&Sle{Zkujk@QM8mm)A#|wel2Pf`gGY?A=kaXC9T` z`Al#Gp(qL&0QSa2jSWjZ3)Rv=1&E-H)lW6T_2a(i^h1k%!SeamtP@gVm$QdOE9+M7-CswT*p=WE;}8L700jX}(j!^ml$C%vC-y9gnv4-I~5O zu_@)z$PL~>b|*PTezoQ9WioXYU{9mb!F1G~JJM;(Mk%tytiXUV^$PEu)ii4I;4{$@ zxM}R^rlV^Sw)jCMw7Zv)`bdf|$?WT8{>c1IXI(Hl!OnhV81j?h)o* zH1rkvZqNvNat^n-J))*np5MF+^U8``8cT8o`3EtlE|GfF8`TB@jTQ#qbNvsi=7ZPs>nY7Aj*Q> zDiCt~8UBN7o;D9mvFkjgO`ZIk3iIX`*zG-5HE}j%+AQx;sC7}0v15jHR)iT7q{(Sw zprM|EVpO_2HafwV`Ej!SOoF_J;EOF<%()LJwK6->ThdqZ6JoIxEy%Z?<*$zU9aEM~ z-TtRyGd~R|p@?nPXcepDzq)Y0H2H3ubxoDjWwa3O&A6!~A*F)k|1ETG*@G!02ETGB zgJ~_*8vlvkyaYppC^1fjl!(Q>o)b>ro9V^A%C}JiQIFG3eN`U)t7)siZAFQ;6Vl=K zZ1j4c3^a&k82uxU199IR%uh|F*FGo7jf(%K$UbSIx5u z-}@03BLCH=V`mV!DHMfv`=`kVYI+CjO&fjoA(pH#*7 zQ!DTMO7C2HL*)5ZL)-#$=3RzlIYhUvWD!G)Q0k)p?Rh`;L?)mfDQpc5HnEtcbv|A* za=)D@{ey?eZS3L;!h%hz&a(;rN|ErQxI3D!A>x~}et1V~B31<$WRn4F5b7J;&Ik%9 zCQMn6(>0oTAT&xTmV3*O*^`3ArT}HYB_4d*=onblF{hxQo!Mk}IdB_NYQNgLs8O!N zXVJ3Ut+N(<`csF+nv~c3qTNU_(tc&t$QQQ^Nu8-Qq(gF3&?$pOxE}2= z;l;2ZKDO%#Zb_^Rc$6;rf?CqyxNbBo|1fxsWziIEvvjGX-t2^F!T?Q{bK{KwRlJ526f(%=T-dJ5`D zwx_v8@0ULH2C%OaE*Hz=69t=d3jb(u*-`6(jlH~CPrD!F`q6%}))9~DXQUe(baQZ( z7aB(eqPv*cp;BC|#XZ{N;zaaN%&1RrrukJ*l@sZEdQ7{mSE`1KB>D(&J`2Moz(*xd zJJfc1g7G_jldo6-rqi?0TxI)uiTml0J-w^)V-#-L_Xo4MvlwE2H_=Y5-IIH=Ro5Ri z=2nsH3ZI1We=k3Ko3gMq#vs`uyQV`OL1F<9nsJz1iwmy3=+(-9)FT2dj^##sT*&>k zzXFp+(@Ns#c=Wm^_?j&FaKkf-WA?n8=fjU57ES0Bs_Q_6gesaKnxuaX?Vd&9C|jT@ zIvk;MAuFuqg(zJ(g99U_0Xk~&ddS;~p7x0>IO zT*2>bTbT}4TJKLh%p7v~-Gd2*{k~c=thQby8dO5!=2npFvUr_izMVv~Olg^!`lA0M7HVAANXHU^YV>GO zqFf}VgtA-H0f#FXFcxM2VI6(DyQq)VYaAME!$8=GRRDTH_YaSq&S~4O5?hVPpN(x= z$2GrR9mJ7Xq!f5EGlgHQz7cR0<4JT?I#>n)acs=f4V`7#KSl$1j!zd#qb=i5rF5vE z-ho7|GAvijchw-^r}{2O71tntBKd zu(fd6nCEb&#d9HQ&3>D$7GD%Zazafi1H4Z-(V}y0H+>#V@4a2EE#B1P zY3`pMLIvSieH#$u+E`|#ITu9Vk7n(3DE{?|GFzY>h#uO|DwDE`q_;o#pAWBxi8+6E z+$~^_A$=@U*5B&8*c@@+8QS?o+h#rGr)$E8^>IFTQu?H`t;1SkG?lq=NNt*|o~oXg z>kS@PJp!V=(?rhdZrkbIb5Nf_TiR7r%CtVXs`IW_yB!~4UCI}R)Ufrk8q~fITB?`p z)VKBpG*XTiCGc1hyWQ)o;8d8dOuGW7WaJhQ10l$)?X(#?F@)-<_FoJy3B~oLqrW_| zE$cNL=nW<=`rYk|SUA(5Mz`F1IKL=?n^Oodj|GNx^k!yRJdWJMu+v3y<`o_dIwz{6 zC=s1b6^fa0X6axqo2+C-U+XVrGy3FO={+G`Njl$v35PifcOO#xegKheXGAk$fOPk) zD)3RUI%298>K=P(AWv*vPuggTBQ`=|jK~uVY&ptUez(PGYY7{tY;Ve`dJrk1y%lbM zNKATxQ=Y+aqh!DMmvHn5dnJlOf8XBjJzv5bv#8ZCXabRdu@Ayee_(su&$e!NV|ku) z*+x1CQlSIg;fBaEiyO@Uj56}9;{OiLn{Uf5m1zPld z2beKl9tda;S~)au6@YR$fkH5899j#gQs3Ln9NkVk$QXzb9=mNF#B-cI2Ik!rerh{CLQ-MV3VCBha>$F)7n43Pj9KC)QzVlq`qf!-eac## z9p&x>@qwJJ=opa(9Albg9hEF40*mP%RFlW>&U#YEiIyZ4&gqK+B50#pM&NZnZ}#tx z@1P6pAW;~!N|2@?CY;2L_(1R(`CWuoGPk`Rrl3+5?~_baGufoyLJ~SPFC1g6vvdNI z6!4awr9`&ePWC)%{fa!(uo|aetJH5A)b4*Z0lsCCcG~()&CrV~DHMYq3?Irji>Zai z1p9>Zi?1LSh&W#;AKb^@b`-pOo+g{a*agv3gqvI|sd%_PE!2QpCcJ8|ExspAX?Nxr zh#(g64i5Jo(a^Fifz#Tt3RkyN^x5N3*q7EC?df*%x1l|8St2 zs_9GS;I+U4{mj_JcSZlANMlmtAht$dsj)Rm6Waf zy1_&TdXL*d+)p2RxMGG^b7jeX@trI01+2TxjBSbZ5KDiJSzH!m^_^geB~?d*VTg0C zMLI>K?Qsm;gYnGW25oJJL|kHegEyPwW2()q*&2}%{#g;J+qaD^W{1<5WnX~ZI^YM>+`;+5C-ikBYA@M z8Iy&!ut}6A$93A>sj0$<`#WbKi2ay9JP2Ay+>Z|g{Gv5_x-s19UsY6FS`X19u<`ha zzc_7dqF=bNeRH_!%nyR?s_{3lS%`Lv!8XXoCW_-%FHuOYx2_ouTTqu^G_N9gALFek z1d-px)?p{bScadX&WQ%>Y*7OyKfW6KOHq;YE3SJ^<-qyIEyROJ@2VJdaGjjC7EJ-% zpWBs2d}TZ$K`#A6UhJ_qYyO+&8&g^@wqD3@5Q;R|g*|K&%$!9L~JqHs!xuRm~PS zKz{YZbKSoKLQ{6u=FbRG1@I%*7koJ6!6AA1R3@BboFR-s%n6IEc&CM+-!M|OU3)nW zYCO>oNy^uCzM<&8(JcqWUucO-7nCik2*gbG;s|8k);9vqY_N1}#`{Gh)a5Snrf#iD z14E}TfpOgt&Ow`Xzb@ja?`@CpY2n$my|t4(;Hg4!b{S7GLMT99Ik-&FlMUmCCRcaH z>%Sweid^^Z6{7Jxhy4Z)d2po8A%FIA9dA$p*^z~G0Ne`%BtIDW9+T{M1?mO(=28)V zss^*&tVAfZd#|LT;gQ2h=g2GEO;OL`j%dF3fm0*i?sta&^4ehWtQyeq3erUal~jrr zC-&E$UD+?r?!E*2AKC)&r@=X~3kqzvz^6FzS__-^eZk zcYsqzgKR_|Y||^Kz8p4r49~YmOl@9l`Vr|C;31$H ze_u()a*8$zncUSW$_coG?>nRfHjlcJja+J^MB(k;Kf=!sWxd}Q-#qN3J-1L+^7j&a zQAj7xnc>|eC-A#J4m3{>?ST(R={%xAD6~ln`jTVt8N_H;dey~2Od%GeIvvc z`0-y;s?Up{^GIO*Z>I)_}AMsK?X$ZF}F#JRfgGZXBUzSnMZz6ynsSRub(BI_tS*%eJurunk?M7#>{3? zmaN8=cD#z)o*xXH!molVu15LdHkfnhOOBH{#@9ID+*>r95V?^97rpRAA+mC_X&*ll?tI}8 zY)N8lRjWzQiZvI57U9()4>v&et0_i7#@dIH<v#5x!4%`wG0Ssf~Jd{L8GaPNUH6r>5_;)zG+Sj zrYqud5Ii(+GqWEwujLK_vWbqpYjCJ|yO!X)z+S2ZGXlCEC-g;;Pdc#}AkyI10^$df z-^#3u2Z09P6BJ@n1zZ>J14_la3d7pn(N%5?dvi{}BNYCLQPPfp`-mekEu# zt&@wC_Vvd7kh^{d{IR zzNhw6cd%DsI$@rxvvYvsN?Jk9cD^zZYQ!X@I%N1Un)Qih=PbTC=4N$X-btqpl!6;| zzU*^SKQAvwO$-w=k5fqWlOWc3DSWn z#I9b(6f4W*YMH?x$mm`M4)C}(!H@zD2g9jL;E;qFpln&c_!kRGIazDKI7~X<$0Pm2 z2XO3%RN)2Yo0WxkuYL}1TduT_*`0*;MLTK2y=B#_2Q$;8=+^Ce63%m4DZLydG&(5o z>up9Wb#h}Va;*Iy0mRkT^4rB~9%68!!HT6vVV_{3wr9$+2JR3Tdw{8Ov zN_yARm7;feI#moS%KB9)nGHDnnO0nTpTK~5$=Na zVXZwyfs1w>%-;86Ld8lV67$K2q&p_Ucc>M=1Wd<6_$vf~}iE=KJ zjey6I8J({pr}-TY(nk~t|BWD-pQIq&Yc7f*0uw)Gy%o!`LQnk)yF%1vAtNqx$S8Ou zAFy>~9C>V7Q2=XCjUjdFu=~=0L~oyvX)l3kGN2zeB0sG*3aS4Tt5Pj&>`zTb33&dd z)v;P{J3q{k7*e}oF3jSHZ^s(ew|mmIoDMi?Y1G(bvIpw)n~W$a;t4s$qxk*)B(RBr zJ@Yz0T2AEn9|vpeLJYwiHp`DUH#K^SACM;HMUPfmF8*YMBjubeR-1O+TLw&K4Ue4?(|s$xHvtPAL0hTpiZwU$pEkA_nY!h^I#cs4nAetp@J|5_yx1{K z^{V`>##id%n!u&Hy^wHG$o6q>0B}T3V7vn6huaR8STbhbFZ^w}oJ5*Y9bzA3*vG5+ zd@Xuj3Vn3A^au>DEU2)L;lJS=eultok{}sDL~>w9ex}pwHwHs+N8DVqT?f6MpZrzH zLPXtF$l!Jb-?)M%svk#9;J>cDI?8kMk}D8-g7+mQDM6GrABs!?zJa=Sf7_DgWZ zVDP-RH3$j;mszjZqRyTbu%Ox5IH6MDZ01xDw^`Eex1dc;EHxYs9Ee=N*75YWy9U#` z{`y&(L}{mPb@0Q6I`&DP7fvl^kPwX$kD*?X6yv7aVX=1c^6=&x(@y|QCsXQli#$K% zcAC^P^-dlwa!SD@lU=U^K2WBMOmZUHc_-@To3(q%q}5jUIyM~Y?_tP$$k+;*+!eBU za0iy3gFo3lZ$$@Uh5sb5|4@cosCbttIEDD4HgJ{ISxv|q!oIr1M{?^4=JPORw#EO` z3j*{89FpjRSzC+rC$x)I&qtc)0;vm&^$D6NxHkklIYMoAw_S3CKm-+M2pdqKh~c@ZrZ-8vDDu!@xKA#Du$sl?Gv=v$vIiJ#7X9_J``lF7w!u zdzlpCHj#h8?G6uW268GK7cvtX>?=P8A|(HaNaIewVO-OPGZ4A}j#13&i#o$`qTX0u zsD^gYp;Lq961UOly!}dF`YoY8OE@EEC9s*Hm99KVls%md1)XDyK|>dt^z?G<^=ya!_%-!TdVX{6?mc6I1szNol*-(Oes;>gvlI8gP7*65jJf7~ajpTmID zX~Kj5hTN6Z{b;@nxJ}5p{wz+{sNFRLP zXs>U+)3c2ZQUjbwpBFyUQz&>l^jv|+nbqFzO3N^z0O5p`fo{X??-F~;Y+&HP>8K@s zEFf%9oxib9l@bV<)p?8*p1A?Y%KiC_h{C9~nhNzoHwL@F&EZYPtdsWZr0D*|!DW0f z)z1N_8FG#83_2U^8^A?O8fKu}Ub9Rg@J= zb;POinoHki*wE=FRfK|+Eli0Y*Z*PetpB3gzi_XBNQWRD(jqlH`@e?zSeAp<9(?^7 zrUHlzaE2b0y4CmPb0b+#KieHsUx}>{Gsg?nYuMxO2vE4%`D{Et%t(Pa?H&aMl0?+4 z2DXNY{L0Jl6o>nxNp9y2or3$$!y-nVqythv{Ww7ypDR6h>*C`=;k^_6#9!<99b}=j zNj(KcD!)%rkfRp6Gme_`CZhfL{uUERgBC`QrwE;=qa6~-2 zE=f<%V{}OIo^z@5n_LCKqk`G3l$&WRQqojIi9ujRU*(ISM5vJtMC?4FAl?zs?WTC9 zF=DVevK1WECkNLFLm}r8v2FR-_N8S`zevlmx7u!dOE7YEAPgHeKDv{bWswk5tl6ZT zA!>X!)!jp#TuPV9Z!1hH;#RHfE@N*RiDzYy@K_)6&alrR*SgP7^;5@SBdbF3_Hb^M zFDZ_B)bPs9FzQt=iE7_my*vDyYUAZ+*L6l5ivUdGli6kedR>UPEvD4szF`Kru-N4v z5l&<^ncM4nq{pkZM4(KF@F`gkNR{$^SH1L<4lfrjoBpum-lK1YFV_w)9YN;oL%~X- zhtoHkG~P}l&SoLtec$|Xg7Q7ZqL2yLw4yy!t2}9bvoPQw@xvVOO0p3mQ@Q!5j4;H-N6`2`V#|)wjWu|hIJuvRDGeb$6&iS@3C%Ann4R{U=zsN6>(|F_aZIj8X~a0%h(m&opfYsAvze@)y1l zbn84qvxaN##^IkT9Ke?2(CXME2cu}jep3;_kkyo7Wu5Ot&BWf!S=0m(5Wq^s{bUZG zJ=AMYl&Zh7UHpN-FPPQ3pP;Z2F;OrjDVOirR)PVP@rVANEg_$&9*LpGyY;1){`^d? zgTl_mS=?`F#$+69xDoMk3EzVVbQy#?x7BrQZ2#;`$Is){YY$l? zQBlqm(z$7lSlq{m?{}Z2R{QkuhY94aMK#BPbnSOKV=|+^*L^r)9*r}bj;_ycnbYy! zU4TI3+Y&uBy&`~ycvC2H_~PPN>m%MvV}{NHfcr($P6*-ZC1u8DqVq{)ST=lx^!0(9`e1vwI$)`>lpTZuUU2mG42H zc?8~Evc}$)^PDHc7t?{&VWS!RY8q108G|8;5TARndN6ofy1;TcpPs*ErKWxf`vu~I zPXuYa&$u%jS9tmAejjP|U#y)X)4O=zt&3&Q=M~fUR6bi)h;NPOA`j1<%t3(j` zXn^~n{(TV)d6u7=lKUr_nUThQ?`6Ry0yt~qO9@zP==+f}e$=+3rmDY2@kNLuBwWmY zglK*R^GOimF-SiVMZ-G@Jg=yl*JBZ#Bw)pb3$xojrE?_;UZ47Ubb~%-!X|J*XDivh ztZ>`okyg~RR$a8AGT_}nRb`Vw`rOH1>e0O+P=-!7HB(wjogVV3 z8@rL?jiEA9ovIa1_$wy!R2jdCn@Ev*0_Kc`Y^Ei!muI^k3duZXR`*spJm{nb=Iht0jWg`^+Jtj72_rIzX$FRt>*jfp<2s@EiU8ksu~LF7tK}&{T7z)o>YJ=*-7a$PH5=^J9a*ys zTJxyo!id+zJx^af@x5rls&A_YSfd^WLj^#d8vXdkw!}De8sUCg{Z%!CPC4nKeJt32u~~&$Qi%m-4*Z-5BW=J(g!JOEM$=e&}Sdxy3yn*cx)4 zc>Mfbv2c71j1#=n9}0zE&FoAq^1qt&K3ABor0o6vwlM_=9f>zrXXv|N>=J)P%JqSe zqE4|p5xBZJ3-(@Th(=C$&Y1_msC(f_YOKiLZHOn=?8SfoK_e?AuOGg@^R1T!fpT} zDqzu}UN*8J7dp7~nSMgY_F^{LX|!a1qHj`?>%GPg_ghsQ7$qvg2Nm<&nX2p2yjyE8 z=Qx!!+;IAV4Bm1`lWK{lBp~KUnW;@zrYR(_&lWBGY*DB}dbLQ~UZ^sqI#k9e2?ojm!HyD{>!0C587gA*V;<|hDm`Nm^IgSDDD!! zeyK}Z^wE9nRVg$DsvR--U+X^lf<-&G0`j5OuL51sbz`XA{t9$;xkjCRuW_(MD3rjN zT=Ci2<}p331~E-Gv${K^3Vy{Yo|f%FAMmU3UB-TgF)RQ`6d$OFygt)|%fMQ3?Gza+E2LHBWrW~VH`gqNAV%-6yU@aTw44Xft)6ias#Dv zJzRcaL0qBgO@ggYyh>QF=e*wo# zEo{ABIvd{q1k-mE0O!hC4n^2=pY_@DakIT- z8n82L% z)RRu&=!6Q)ps5%4tn6l#x?A7wIJswLP3?3ah`A+UD&T;oBn?89FxDsfkRfAItJlHrJ&_1~O=p3@aGve9tL_lE8gZnp#ebt`M3RV8yZ3yS1hGt-G0{DybI zHudlJu|zu!#|hKk&#iNdGF&Pq6@&(Vq;gviJJa0f80dYRF8y3`ki_zII3uxXH_rLRYFU zO8zq~V3!pnD5b*;TwIUV2(S~}t?!1vw$g_T4|T`&d`$=P_gwM_Ir?(jAS%HekOkXw zl&DVQjd)-aQ;cUw6$zr;GFcsgbt?1@OpL~Guc5u!T5W~lxh)vyvTG4mt9I_0aKniV zS7+S`eY@*Q|JdXEtTVzNZ_rLztFLye9ZX@;hCmTq+V40yR;SCAseBU)D$v)l4l0>6 zsWu{Fh?%;ccijX?M!!9pve+XL7B={|f34RyY4uM=cXxU zty_Bx19#AVNtFaWPd2olTyCEJt!*)Hl-7Gwj9zIz zq)D|toW2q1DEa1yb%-H$>-y#3x#&q?iqRl+ydoaItE{5anwk*s71l6M0#bsC6~SdM zA#gcYk-V_$!h2(^C=X3K(X@7czH@iIfemXUMZMpK0_AmiM;D~;)+(^;Lq!|v*l|!0 zH6xkAr|tf%2Ux%m0C~PX6~X_<`~HmwSqq}&y-|wiG^{kRv25}#S$TO;W};YjB@m!+ zV$Q3WG_=~5LcE3_aor=mMG4hC%cmw2K7X#g=W*(@V~}JfGgxS=(jtWtU{OVXc%3~D zoGf^_;^o?@&ZyXA3*3!?Eg^;jpMh}PA!Jj|4PZyUv2}=G%h0V{-+}G+U|ESkaOQ)9 zX|o)9eS8Xj>sU0_W3$0851hnYqoI>CounVW@%9{=nSJ7K;C4?{RXZ=&E{wp(kjIsxV2796}s|JA2zt%_+$@kVK|10kTpDodad+qWOa& z{uzoe^{XXqCHj6Ms^OxY)K9?Kyvkc*dlXd(D#N-R>83xxpMg(8?Qv|z+1dIsDeO`x zlsKP!OE`}At)9&CWR;C_=$@eUt&8g6!a0E!9c*N)a6!?JnTWf{8F#>)nt*M!W0YRD zCQ;vx3oVv^&6CJ32koPnPHnx_im;B@O9Bk0U86Y@4vwh&XMmUD`}3{=a`B|xcnS}S zHRGZ8P|)@8jY@BnXg04<%uhm!C2B@pq8EFfCc!KBZ30@`#0W^z1n|oucfB}hygCu3 zGb_zBx!h#5u(m)JXGcU!ujG*QA#3%az~L^B1d~PZPyaLCA74Epyd z)=xV$zrNyqfBlmG14PR3c_1w<2OjRx>9mC$m+z|R*-XzPU79xyDrdoSFBDWF^yNX{r?2C9Vm&Mq%bs+Xt z7pjk_Rl3WPD|vH$Fbqy^bKQa{I z-3Me=0^tjOazb}ty!{;H6=3N~IprLG9tU_HKgAP*rZha5Ry{$hYB?}n&iCgeq2V}E zo<-PCZ@hK9R-*IZ=F@#P4Y!fkpc@P=zhAcB;Bf^9YCjy6d|*-)0d4^~ z0SzmbAe3P$Fgu?F!=hTst(Vs-i4OU%jV)ORVMLK{O;&!t|71naX`(!(^+n1or0dmt zU5M3T)&C~h8)#n?Av>T*l@nQ^+hx2l8~K(W%jQvsyW4DCP8{(wZG|D*}&qW@*+z@TA?ph&`N*1y}|7t ziXowozr>SvXevt5&h#0l!&Xtv2RmxeIx>TKopD4ON-Y=;T|wwyT?0lbmh7K@dV$R4 ze}QlXAKY{q#+LM~U~%Ho6NrB8Z!u4r_3p)$X_|tZya#pX7fSBRzEw zsUHM=-1M)i6i~)>6-kG!r2zYPw`p;)@&TI+(atI0ZVWLYg-ZfnLxn<~pJuI7 z1*!14J39SM6LRD$Z!5Wli_Y8kU=XSZ%Gh4t2M)c!w4|^xWUN@ChwJ*9boh%jOAq91 z>J6Rc zz^l)U&bxK5sXfvm1~5U_%^YzO8e8Yh5zeca#Y+WJK$(Ch*)wtj&IAieS~TAknSnCN zGH72JdTz9A#Ex~qb>QfX>o)abE#+=1;3QVJDH7vSI*f=Pkr{CySpaC5ZQr!+ zrov1F%M##?dTgA-xAN7#a!Cf^@PWo)$y5c1C56g8f==6s8xudv1d5tSBnJU8G{COZ z6a#s-+OD47=C1`B!pz=OjldcJu&pEl+G{y^fd%&ff&<^w4f9}wz65mS7FdN(8}4o` z%0Sqm2HS7N4NOBmbqx*y9_N!rgG%T$G%Hrj?HE$C&Z9sPvRi*9I;kx+;SJED|Jbwv zf!DRn<>1p%N6KCQm}(0KMUP@QS%p;8Ilxt7oxgyXB-UixdN>(_AY!8xDd+MOaQv&Q zmamjh-` zceGpATBSCiX~r&iYi+i$;nf2wHBFP9)L0?shIwZe?aFON<@CBk@*N`6+yuSL7)UOF znk55&!P(c7bi${2%l82-^Vz&HyzAQ448%DaGJu^IzXP2+(2h#XQwPQ8``ZG{bchsM z$0o^ox`?~KnLQ=5U;0qAcyJp-C?AuYtdRBdn_j<_v zKA(+-s*UArKs#W}EluY@0b@V9y|U59E|1>UF69X8xRKao(oAzAazQuMU3LGK-DLiEpzj1{5DxAuVH2wK9;h+j-`enR?A#vKl$kQHTz!A_4^of*F%ol!;P0eE2-A{(tD$z5 z1S}>LnK*{Jk8%5GkrTtN2mlL~R+fgO-ReO2X318qSV!97Y<8zz{$rjo(ZK1>bRpe< zVy;mhdy6-u(d~?O(#AjQGr#k$@MqIoU%|@RQAKd6Ug3=c#+YQp%*CycFXqashyd=; z-@xiPXQ(*XSH1<${ro4=3lOBDL}rvKJt=JU`9L|%gFumukgj-m?_B4`H?)$TkeZ!GOLTV1G6S7WFs{*fmR4gjFe_;G$ZJmGfh<0x#8T zWfXnOYU;AsX|0PXgCF34isi{pgV71|$WnC&P(Y&F0F;tXN=&0%fi!veHEVN>r9xrD ze(7y@ZAt{N_*>^rz0=;DID0jDbhY(#>rV{&ou!9;9Ik1g*tY@As&$ddZV2_%jcpEfc_qz?v8NX+CQ@RxLyoNS+ zR``ua*=sKPjeCv2wp0eQ5v2$rQhp(yUD7z^=}xWNf#SDU1f@EOBvU!VFOWyuZ-6=! z%(t?8^b46t5_zRppH-iA z`KNpFw*?P4*<%jt#_0s}yab*ee3zrg8gEq4>$2Ocw8urAXloe1=$kIl32^=yiV;P70=+6qor+P!g1w~RmNOe zX?qtX13PCJ^R%JmlP&nCh+0TSOecEr%%j}`vKLt-Henph7NQ~o>f5n<32+O9D9x2W~`5R5Q= z3P7hm{5_B(i7wf|J#pZh_RK=0`X}-c|fC5>!cea>VZ0)-2;$z8;GS6%-@`+;$jgWDGJ#r zkV2AxJu(?c(#gQor{lo3G4z$cYA(44WG$OgMchx5d*q8BATBZ6ll488Q{^-@PBi+p zHVuMdU7r~WKm(po^XbCAiD&$(-DyWC>5FujJa-V*h4|&t6#SY^<44qFje~pPMT)40 zn_7_;Hc*!J0B+q5F&9c;kfyS!SyeZB{S}yDx0Oq80l&8sabpKBNuX;gYKBE!%?c@8 zU$?eN?B*Erlr#jV4dCwh5JO1=A4O&m++}dM+Nq%31vq+F#VeV^K3 zKaElZy>4~hgt7txqoCVyu%OHSi#Of1R2bmNva{Yt4_(ny#eVu>(A00xtNaQ?a6mMy#PmF;(B-E3686eRQS;Vlrlw;&xOnb-u_T)it@1PTbEC_L#MT#1z1ga=f> zypR!)V@!F>65sLpNAyGwp!lTQhdt~!@TYlPiQHnc40(X^w--_8NX)EAHA`{NrkPko$W7t!}0IC37@JAd^($bM^iy=;|@kJMqoz^RJ}xR zL$YUDZ&MGH+W@K@T>=Nb$hccjVQ5WBU(S1`SUYKRZvp5cH>J==A~h$3YK=%A1BYSG zHfSM}Fw|>1ENh(mt+}nHJ`{wf#=0k(Ieh3hlZm_?9naeUr8m%U69Ge1yLstb5|^=W z`&n!W07}mp0y>-_1~EJBS)O9bQ`tw}56C!N&Bu#Pd*7J?7fbdhS8$OxU^wD40aA8@ zbiKG=N9D~$FMv4u<+LIV1>0p3RwfPMvas`Za5BH>XwWQsZsjH4RhP{mDr;ZaY4 zNcBaelnC%N$5`JtjKC=Qhf=SMoj*~9pVV%D?2_uX6%AxQ{mEid01e1?3tky+C(<<_6x?~8&LP9QH#g_!dpA@R^RW<%~lS?@NU`2MNd<=t-O z#?9-)TEKGG9Zx-q)%B_^EFDiW1^`#~u!Ao?f>EGh@ULugaX;C#0neQE*+nR6duPgV z=(s%Yn$?Yuh(x6)-U^E`158=AT9lsNq3aexu&4HaXZ!W0*)w7^KhZDW+1n~4p8-u6 zGL{m-xoF*vvD&)AhbHfbjs*1ijrHY4h*_OXxRBPP3!rx}rMNsE&J;JY0#8{n@v1W5bRahA(x>l=DLAzB zZ*l2cw>5yIU_f#pq_o&ExinO5$E^m;MroK}$b-EQ+R?QZ%p5MX)}N7=B5La0cr~l` zOhF%MmC`EEG6}+*$mS4rjQmjaOADdd($ZlPjbxzt^DeLTG(pA2TU?aORchrs@FhUy zB7!^Ew$xz|Y>niTm&EFOLLRPRwh0HQmgrQlHu1RLhQZj{Tyq)xC4N---s{(75@vb( zy-?BQRUCT(i3ZC97={?qkNzj7-~3QTzWBCR+r1BY!KHNMwvJmp=Qyt0q97Zh@?35G z=`t}aF&o0-Kj?a764q4p4rR*nb!Y1{|0jPqoekRHR%na?P2;L#Ym2Qx{`ZyC>olIP zoDgUUSqagZY)0QvTE~N>aCSxNMY)V$g?XGJz)VQ(j@l$bnP_zVz=>5H5yMj1y}UE%9<7G%~7{6_I>Baz3Gar zZz=2Ach}lYW|^k_p1;HgWy;?`$BWatHKMNXjxxNyjr5~RUkJo~I%tQCs!YzLyYDLJ z=2-qYiiD#>vz9v|lydN)Sq-?_=|CwTjmoiG@kZM5*eba{d;m}oPhe%0=7g2?$6mWL zNy+P3K~%)3sZHMccrQC3jo`Z&*&sVGQED6m9T-L?XCuEYs+!B)Gr&9UF*kNPl3JPv z`ux)Ml!X^@ZmK>Ky$JaRxEQ=0{))$U3W&|29UrTfq)8zoAaubrm|OI?yHk0+Z-arH z5T$H_u8+<2t1e!O0o!COxZ`DF?EAfbU&8BA5N64-t#miCjLKM$L-@GT@(}sG3-w4e$39z}P0XkXxxaJHw zJUX1(>SC!qLopTF1Dw>cu4)RK$$3X)owZ>6yAl1nle&><*_KaV^(lSCD~~kSCoL%bnjG86bzbsg zG@TN7>I8{`>PZfUKHmAu`LKA5pQos}p6VsDvP1YUk6^=GikQ)NbE3-K{8)HwfpQqb z{u=khLc3P0p^s8+z6@smtiM?6yl-|5N{C-_hHHju`q`2ar*2ctC~TUHgJq`gM_<49 zaD?hRJk=G-x(5CCgH-nIz~B&ETCrS%z64rTv*=BNsVlk6ddro&i+=57UR8II^&-pb zB(8%PU;oPq5(D#i&zlosKPTf5zMsKtS^4_AtAe?sfK48jsrG{JS50!8wf8i;>+omm zlg-E7JaSEI*r$~^JP>*(1x=_SUJ4cpdpy3^&B-^ZlxoK6V}tqx&bP}aa&+e&A2z}89!a=2@aT6A)Kf+a`HhIAVxqU)Hmuv7l z-NvmmMlp?Vcj|G8+4e(5N4^VCU2M|1HwZdzen_F;57&Hz#J~3N$oAk2Q$f}s7rj5M z;Bg06rBP>Ovb{0Ow?OO|dTIwG!y=kOP7ZK!42!B9)bFb_Dh&BVo#;Vu9Z5Blf$&REKTQ zCYaZ<;;uJ^e`4HZzCq;vHZtz4G#o9*6@=kWxa997B1k!vQTyCAAV9807j7R3WQJQu ztoFQ9&+VQ}XHf96luEs7(x~a!CJWU_jpE$_{8ol00YUzNs24?Y(e8al6Pc`jKa$Dz zS_W57cd?UMHQb|H9Kt5emIED=gHFGQe2IHe7ldy3%y&TQ{3zXwrkCGx;?4A@7kzxd zH=GY2u?^7+UdALQ8f+jGGRMK8Cx1nwDI>Ehj6cL zar*^N+l$Y#|yD;Vf$pttmj?YCYBGcKpSx1572 z;8}U2yFB1N^sX}2$&r){vhzF{eQ6yBIgoIgIbIujD1m2zVnw8rh&jEA%YtIzBgnft zltkITZ@7MzncD8heNM=xMXR#%J31ruUX6s}EHp$hrIJwm52i>44*j8y#$uajsc)8u z!@8grlfUNtPhsS9?fuy&7dx7IF2l$%ikE+Cn!1oW)Js2* z3Nqc5C9h4W4C+M94Z3CNSG#r!lCZCod0dP)&b`@F>#GFkMN#g{IlAD*94@ErgiDa7 zf1V~LXumSxDm_i&C7&~1CT%y;GSfGCB*-b)c(JzC{jw>uSU{6a^Yf3zhvdq8*8sR* zMs(A~w8z4|gj&XgV&r?ho+8}(A)+!;zpEoMaIV3Fcy`5(wyaIyyq|yPdBb3_K_xN! zbs-ro)_tEJ>P14o`uKE)UJd%=cg(pga|kJSkrR(cmfZ7sjDWk{Rju=|?OA1~P^E|!pRywLojqaXVNBFAj4-%A!-OLQA)_Fi_+tn2 z(Wm|@#elA} z5M^;Etn8RSm1)776*!__v;I2vo);WP4UDqx9IuPik~D(=)r z>6K5z7*eN6XXFlSFr=MF+`Q#-iPT2E`IA&O-sEopWP(zDOmebx^@NlfGHTj}41np@ zLVJMD@Kk}m7V3^J%j)BAzz(Pg->2A*C=2&fJIye|=j1D-T>_bDy+Nnne@%PkGycqY zn6`RRCzzWW9WJKj8_%Dn#Yk{b}GM!y4A!|r%Pc> zcXWv=_4(0NTGM#7D~4<;Cg8U4qlqzc64vVq#+jw6{bMo{;c*X87V|p;2kI{BFJnIE ze~y=iaifv5nNY)(1;}1_qGsW?BF+z{IHy4_u}7w8?!`+s98*YBcqR(J=k=~&p4!B& z{uq~jYQunyQ`n}s;y|un$-X7({QaST^up1##4Qa+&V6~uy$SUu7{@jz%+>^AgH-@f9zgKt}|)X!ZHOG@#cO+ zfB%=}-eg`$k&puw6TM8%vMkXfIQ84sHaTdEKc`TFWs(4yPn!7**WE4K6wA>)L!ALb zyj+O8FFEhT7QVGDdUq~*CrEipnp?V49(WH(8vY8E$FXT zq+Djld7Nkk5ubya6lu-wx|?}&1!UzU@5yutw)B@C1kftDRxfD>ZYp=?tbbZw>593} z){((DBa+Lc(DpKE@z2Hj`>_W*%B{J}yhhnsIm%vT$ye8AHF@<=!nvb#{f!op*4WOa zDiq1q9$tzFKCANis!(QZlXb^Kw73M(W~|SW(H(-!#$^UyLYjp2BjWc{WzY?JkyaM?Hz6E?CBYkll++V6F1 z^ztE_O**t#^I>79iifmhpg{&$wWoQ6W#Hqw*-q|*B93iLN|c3eh)@eCPYs zRL_96^O_2VxBJKa+nK)o!BYP(BHvZ#enZJ7v(%r9k9l}M8_;8{*URehS$Z~QyfM7* zPHgwXeuC$E=%-@P+8>5Ks}}qnMV#RrOOD}{IdejtJVNP5^uT8YNDb;acBf;+JG?31 zsmUA1EO}x2#)s@P?uSy`cfOo-@G8hd&!HBv(S2?uvDWgP6xMZrJdZM2s#9J22D&2T zLeVZw(@LvB_zg6XaW%lusgk`R>D}TQ5t8fEtkmnlZIJmOq(q9alL=Bwe%YRD&>u1+ z6=c1jq)*$z89=oG0`H1eT^PU<9Qs0{tx6Zzb8JYz= zTQmWbVq_$h`2}0F9AWULa)on?rT%+NE8@?#_{l@5ZzG}RjJIjzcbQXz zHU#%uiYJ3P8+(aJ@G|~r07d&(!NWe-LUBhzj}sOSmnHTpNz&=zaKz@IZ^r;GP&-1 zvaSBM3o;vC6GdOq(YbV!LdGDlO>pASKCNf0z1kHRE;qwelqAX9Ye=y|yOpQT0$|J} zkQhd{7R=ebAzMgFjMAeGT%o2vr5h-}c#>`oMk@hxz_+GC)7W8a z^-{b8O5L{$v@q#=4%!?i%{l8}Z4GE+k`3EmK}lGAO$cm$s%D#z;XbNk1%x2oPMgV6 zhDVT3ejXIZ3#GmW9!Sje%-9inyq`VGzs$kldz+P6cd*;n@_iN(3}We@Sf{fN~AvdNl`D2*~-zuzfKVCdB z`8_uJMVj1UJq*xJr8dX7dA86-{ zC2=%EL~F8@+mpO1u6uLH*e%Lya7`ZU=2(2#RMlS2D)$(S5@;;lHH#Xv%w;)fiC}Yz_{d!_|~UN?^9_pMt;5}SyH@@ zp3xiAxY#NNd|!nl$89Lv00#n=b2OU!%}E5m-cwe_vq*0pv0@eHAxxxgyK3;*8+YI( zxdzBXsjEby0f>PUKrOxrpG4&{aqv3o9hWYv&D0tgNVv`5dR0C~D;-K!UT@Gk#}7K{ zK_Mmi5AJ=ttfPgR??~^!-q-BpqoJ>1adr;sH7*B8y|~ENr_=e}O#`X=b+_L2C}+}s z#t!S#=4HI*BdRio;LfK=`urrfQLx_pE7)20X3c!su<<9(jMrWE)E-9zNv_#$^|I2@ zjDr^!gM2I>(DPK;VvnKbAPAvuatt&#e$7&P2$k&v({lBxZjC1>U@euGgch3R&F#V{ zv>PRpQ9y9ju=mA1p|fGZBf!TnuLLW{`@b98$8Z{zx|H|palrNk%BBHy-@TuAN639z~P{T0fjF#iFE#BCT7bWj&4c(^Kr1@ zTv@-ea@Ql7jZPW&f_bQZyi*7>QE75tzFMBYU3*ucmNf4N9$B>T4z511ru6CXiXh`c zwipG@N@Q41Uaq)Jns$5P7Q<9XWk|dkx{Oa?Yha_>3C7?`a-wO*O|}myIP3X-Oimv! zHXNElZz-ObS71#TU7o0I46Pnhu6*3h>mBDUaq zAfG5SMYB=AoJZ>SNke(cYPxE3+W(h2D*SScz^wtz0nY)`qPf`*-9ylB$seU*?hEV^ zXHW%`=xN~w9t>&C-7Y;Kv*Ja1E?U54$m(?`QiD z-aRp0Zr)rHQP?@&P}72ooUOcdU{S|lrLT88;g?=jNUCgN?N5`(I|R;ebA3-V8@LF^ zYXAEeYfILnDlF=SUrO|EZ*RGYDFjih2@z$-(#uvzCej0p5W+^yl1cak9-F2~u!-5Q z3qJ)PJ#@AEtGQ?S#nWXl(LCkb=1-=91!GSMebabITQUa4M2}A| zDgyNUDKLzhVoel#_kR3a^f|mQqti>danM%30SYLW@*F#J_4101U>6~#K(TFnXc?vg z^^q;Afo-bhVbB=(cTlr&m!CRmLhlDXdut9A1bcwSzaOo0YTwOft7Tm_CUf6%dSR;|!^Em?ObfjW=$(zcZ{x+zvj}rTL31u=>>`sT0k5vV9S)R04Y(hHF|t>$tp81rM-3N>FMdTjgFnDTmzV%Z|s2=D79rsx2jME#z32IyF12*N7}*6up;uJo!O)!ao5(Q)TBqn^}4^R+eBFm?4Zln zEA`ZQ83|D>P}j9{+AsilsIR8JscK6h@EX(Sc1rmgS)r*rp3sPwcRMybMKbFpF_&P# z`$b7UFjUtZA04vedZb{r7i$U1if%3q-{o*0bgS=-yZVlTYWitLaByr~cpZgy5 zL#ERcxTS;7Ah#x5?*=Z3IMQum%xm-wc(-Ptc^NIDQ_AeZS9l;?w4s#kaXIfubL-X`&uleY5KMgb^1%0ImBM zGuYs%nb>4`!`zB=(DJ}RK?nLNoQ#(j6n3L!lI5(259vrG@h9;H)hB*WGzkt%VfycoxW@&_vYvZJ>uO2IowuLx_IYjdwEZz@`H{@mF!A``u&=<;C7A~|~Hn}W&;A!3> z)7Q`S6jND=L_n`0USFWD)d#)9M-A^NB10%gK0!~|wDWt}W5-NvV5pF&prKHQf@LaD zS+Mp}MaEkuncqg#bnZJ$tj`wc>(IUgp6xjb_|EM9CYpg^r1+@_Rs>n zqtSPClIF?>&#PFL12z_Td#Y8}zsL1ddXV#~t&-KAFC}NS;l{~@tKk_&~mB9V! z`F(ivQnc)CrtiS+>~pK3CjRw;Ym^VZ3vK;=*N!w%i<#U`+fYZYFS`*-Cm=)34gO8a z?F7jg`v4CAw!^6`VzN+^yKTf%rFTpN$sR2t)#DH=Fw&dP1pbtg8$~=d6>paeBVy#? za)ywj;R|GJo(Ww6lpzQbf0ysgV~!f&m(5wU)|)LhC|qf^a3UECLV0PLlx}&%1UCzBc;XT!C`>3mSh!nru)N!m%#L1RnK}!^HBRCRu($; z)!pr0e|L^y7rB*I2Uasq;kCyq5GD+b;|~By}4`#@>*9eT5lq6V~z6GkYar$IYCA z4jwaHqmF3b41Iq@hy>E>FojA29X0125f-+bczC;_rBv?Q{WxhB8Pwb_nv%?io1WxW zvS%h4MXX{KSR zK6m>!qOF8^bB{81w9X3t+na)Rl@)2DrNNQoZzuXs@97V&Yat7^{C``|1w6D!aAfho z&gOr=6@>=s5rXDL@JapsEj%i4q;+|D?r+-*{xm-5G#PzcXaDJx|LKhpEo)$BXT9UU z-7{#8X%ROZl%QI>{~d7wN3bFz-M9W}xe@KA6r!(1!*O2z-;sTAgp`W*UV=pDg&S01!c>^FETtaPA8q?U$C^MS-e6OzOH!Vbr zLXd(>WZC2Lc;n4%e^iE(Sk?Hvi1E8-S@FiSa}?OyWSq$X z6i6P)pxY8e;`(B@cJjW7?Ygeu|6%Ga!>VfAXl-dwx;vx<>28o#LItIzyF{_gdDK6~%KcsPLx%z0nq8si+ppn~j0%4n7K9eapWgCFD4ELZ|kMDb!AAMB%>)&Sj6?ip;gABV&cKEM*_%26a z!l9XLB(fm$;{mSUxtjN~CFx8mbr6=tdm&2z*5T}UxGB}GtzwmW!8|ht3P;awwR{!R z1f~@;#bip$0ZiO4|qVR zdJ=zAv{za5P{2_&3lnBgsg9S#;6)Om+?D;7u#(V$-=w2k+vv`@0KmojWm~*AmW{AA#NNRXf<^V*^SNY818Mt`d2~d9 z>w0gPgb;KHc&Pa|rEiAgHZW_A2KachDMfDr3fzzT)S-(_wTgc5NJ`+K4+YhhnZx@H zW|JQWH z8`#aJzzij%Q+8zqBK?M2&>fg5O)L5_7sxu6Bm(yO9T%B5vN4nfvxvay@j~m^#`ISS z!B%OdYzjzd^o?QO+6!l=yf;V;&J#`rSThJ2DXNkxdFd2S=$qr{u!??u|ieJrj7siL8~U*Qs_4uvknom5+d7 z`@>C#mU5$D37QBM(>TLh2UwX&f$t*<6!4GBoOqcwG+JD|cZOa}f^M=;>hX**@wrLf z1y(bLL<8F@3Ks!EIlgRXzg00%YY3OY8B7V>ImOY8`)@eMVjxCi zI+hi3eh(Zh&;q4BXW9x7{53UG9ZETOaXM_@UHo=lba7tT%>(ouEk16?@ zL=G{n`J5C2aCdtmuc(2x(xBO38))a-Y83Ji`42DZub)>8o=hI8Azo4 z3Q`!UO9{H;=XXtDz3%asSt^jaREO{CmWEa z`Y6=*7x@&RR#PlFthW>$>6H0=`54)=2diVL>(YQ6q|QXz-$$YWEPqg#qVts{l{KOs z=+3aBX+J|gYmJwRrYXy{0Is*_IK&D_6~5?sVO#K~q4j9A0oM}$lqq&neI!_N$~!m_ zwv*oZere>#@x`tqoz(3N2r+0zqGV&{28Ka>BG0;xz`>JwUIWhLxq$qV*XeMxCLnCR z&3Bk6*XvN@odDZZM7q1rHSe=A`UmV7Uw>&V+y|y9ptB8UKAfek+E0VW^1|K2&YZCl%Sq4WlX6@z9zwgM z*c15bvmVG9J_vHvATx9Sy8Ic3$_qQ4R#E;S4Xc*+%8B~ zy5_&ASLFkgM`+WrKbKO5W?`XX4N1^*XpBn$m?aw-gx$H;$O_Sa)@=}%px@qYXR;Ud zXn1oH4D@ZPuRV=;qR379G#H8D9Grj{e;!bHKHhbC-U8#3wrLi?p1u%~BJ~!r0r)%@SKph)+ws$xkmgZ$@_AOIYI_ zmWfTXmlwA)dhDrLoQwbgIyrHuXtPbbW(1Nc_Dd&u1a7aN&y#;u-4Adw`EdhqS)lGppzGIp#zA9<=b%?K5+GU4^9JPdcy|2hsOWXnh2YP4R!M`KJX_7Ww)n9!kFv()c+v zBygJ@IXMZ}lm7w-g84{-5WYQ$P`ud87a`Ztr{ujtU)&8Hj#bORE3pOkN=z|IOZ((l z|HD+!)1~{GS}K71oz!uApnXADkiP!i*4LF{a7$ zmYeET9TFDiADTjD>Eqam*sTu9@sQ3oOt$ggg%}zF0)?ZoGyxEtn9|~LPeklJawXf; z9E;0e$_SI)*XY|6{TPLu?AHSqpc?JxlhX*4BTGS#S6^uCICjT#D>H%&r#H#t-4DMr z&x%y9+nzQZPDR1)%R>E7a>49Rd!4mRGL89aqZZ2u`Am*+jZmbUIWwx_nKI`e5_q-Z z2%-69=97RUR@}ID$piSpx*P3;kN8E(u5U`u6eSK8Fl$)Yz=AAJPU8M<&?AO!UT(mx*OL^9Ax)T-b`ON0GX^xBfpAai+!py?sEc&U>>XPp-VO5B zC@Ri!6(2VoP}d`4R}gfcb-zZfoB>ZiWN7c}VxrUMTa2ZCvf9Y!@uQwDgf`1o$(Vkj z^*5s@)?{umwKG5>biVuRbQ{I+!`->j*BQb=*zhuV`BX+*HqWl^)5zkz*+AUMaYnOX zVf~iW$n;eVNIR^*=66z*r|uEKk?mviyyTv1)019Mgp8HQH$TNhA6nz2PDF^=)h#8pJQ7O7rA^YF%y$_~Qgrkh|F8#Z1g($eLt|#Ymj?m!YA zH$7Rk_tOJrYL>~eE3|C~a~yQSBzqrgf@~9gZ}d8RjHIB-4>JyR1UoChYPw2Ovv!hMz@KhIom6ks5&A&uaP;ANpJ@nE^8`-WKIP-Eq|gPMgi-=%6;(7Pc8hewA!*KNAp2@}>pV@Ze8F zKqm$PMZRoQbN64{3AZR0R4wq@f{O+#(*-$oFFcN`Z|b_SvC7*OZb?%pcasMox0VcE zG?r<7d5Igtmm|VgzkP=QV16ZH`<=?M(mt9k5lkV^Px;(fc^~1!1 z5Go&?nK@0)!;p+5v`sE{s~Ov@O|G{reG{&!13tAQfDOrhth8Nv zoVJVV;8^2O@S(Uy$iNR1qh|uRTQHub+l9`0>C}#c1;?CmQdE=k-fhB8`KOjQlg8g< z5aZ8Pwv|PtpMRox|9g9|UtN~)F6+y6Vpe^_Pr=M2j%#C}Z|yGI0H}3YrH1}9BIx8E zFqiBGOGoyCWAPA!ht{oh*0K4I=|O+AX?|alypZB=?0T@kyEcD_^;`{;YGFB|{BoT| z8y5@l3+Z>OWtw*U6n*5NM^ntZ#?JwR_$UhzWn`;T60*9)tdkbk9(i|YU;E+aS#F71 zxoK8wyEjTQFryF???;lXKwwP~KKGPkmuX;m$t|DB8T|jpeBwFC6j0e+mzU=k|S{5X>&X6scSsBqck?u~_Uk#w+`vZQHrSWb*AWe>>dlqrL zzD5j{T?H7FhGaIQFnb9Bo@jdN1=n^~6M#?I#`kB!_tMp61Hh3%)4p(eWSY_@h)TA` zZAG%ASC!cQ%`3N!`IpjhQK$A3G;|*2BBT!mHzvP)!gqX>Sjl7Q(m2 zKJwx*I15M`20GOIxB?}85ez`a%Ac!q4seN;N;pIY(gJ3r$P@rod9V{#2Pz|4mHGtagPp*Nm&?Xqo^MI ziIqu^vdx~Ycpqk(URI=+&{W_|suPT>5EBv88wJvdfqV^eKXUc!<1~zK+^?5A&ZqU9 z@wNa>Q=ExA6EIb*-jITDs$1*ZrL7w1`dVDu)g%0+l#gpz|@i8 z&rRXwJeKS4O(d|n0oEjtqb#)G;~NK6#l&@O`cA(R_wO%8C(Q@gbV&3mFzpmWrdsUR zT!SwvwHsvn9Sk~Y%0U)zB7|it^YJb<@|EP+;TeCSIs^YDF2d0?)$Y7FI~cFMWtz$a z$$Evfpi;lKy+?FbvDT8Sj}9=FKZ^`V_UiN*;sERRmLVG~RjY)|9T4VovxCB%z`c^` zwk|mSCUx)TB#~g(SY=pGCr5o z*Qj|U{b=|Dy?0v5inL%B{>?&}x;ISx#iwJ-IBk{#TMSr>V`r~OgizOQQIDD&CcVcRt9!w}7s;q;=FYGeH*mDNy8E+FC; z0?zP{iHc9h9$_v>GTpu61JCnkBsY7sw@1>Ce+rCm8F5y-Z(HPf-0#=zA0>62zH>7o z?US4=9F^cLuR)$&w3)j;*~BxgX7A)-vf2nfFYx%T6-I97Mj3r~%B9hSs*w0~-ZfR6 zX+?u&td&!)M?jFF3k%-B{~RiY7+))gtdFScgVLw5w@fctL=Rm@CDBm4yA7NfA1rWP zVG58)F-U7z_DIcW8yvOzfU7L9&`Lew6h=q0`Ab%kK%f8FvR*4>)j1>)Kirr#h>l%# zJ#7eA2h&)Gi-Ow8_+aXm>PlTaXqyxfyCp6Tjd**;3l&)hN?xQj8I* zYVVW~Y|c)ST0U>*-+IG>+hOLzaHkWzoiuP)mJ(v4b%Al%RO@}v zu8Qn8By8|A!FB1)nh0EB9B8Fd=(NTsnqmKWA)Qgy_4H>_WtOEt>riG#EW;e5G9q>= z3j=%JD?WKbl?z}t^uEPiwt9YD^$fMYN0=`YH1N&Ocw7YJzL{XEZ-==$9MX6!bUG6T zHCeybxo!+6b$qcTuZuVx6aL+h+NG$K2DgUY)i`?xdBd9R?1w`d;7q-ygTGIpom+$4*K{l4uGDccj@jX5P=_e-8~c$;#liF4J9?is^59VVegdPK?JnTe;0MN38%sv0j$6pE~3sj2o0FgG%jb_FC zTXU^jX3A(dl`mzF&t|@K@(oy(Ou@n1HMM!-j__;#fba{u>?W?3Gi}W{ZL@hcIYjrH zO6ppvTaNNBHqGQR9^^~KLX>|yCJ zgX{iQ98&aie*FuAY96a-U+N`MTs!Cc>o6y_s;yRR6igp1t8`oWh_Hy-EoFbak@s$- zU>l|``pp*@o>skqAI%vLzI3?_83IaM<~k*C5;JhH3`JNS!l}gzR*eSyJ)a*ERT_j| z`;mx{h7;mxtCj88h#k6CHSKy+{S~6${l0Iqi*44)ljU%_WJ{TVoI4L}%`7bBirwSR}Z zP|00zb)a`Z6JvtP%)`yqV^~JXmjVi1R|X$Mz*5V#AX3WKmxbXf+q|DZ?f}a$ORY4 zD_O34Zs{`g3KHaaPPZYh(2wN>4LE=-wy)c@R{I`9cf zFw};)>+js8bM$%@!lWF>TA_GfIKfO5#WvqGo^M$T%zB%mn9NmL$dj>z<}IFX{xG}6 zz}C=IK{C?El*A{u>v?m=AHgyGCOr)JlMNy;ygYrQ4QDt!;ZI$Af}Q<7cd=bHVYqoS zY6!2nH*DCFCTfe3G8zEYKWJ?`6LEh*!kiByE0Qm zr;?%REx}f|ftMEb2$seyOWwO)&pcgrqux|b!a{UyzR2*CvbjF7h82i8=X;O6n!_tu ztq{MA%X?wgx*G28sdD%DI*zr2rCW&jy@mYq5X$AC+`J2nC=%ALl*J;1u;i88_RHmk zT}VJOAu>_enBkoC9dscTD>x{L`W{mj?6^PR=~rEHsHV9C#$TxoX5z|iWX+g)+m**k zNHb>e>!Lc57~ZyyGH`auWSI4K+{=gByKx^T=azBz^Aa1Zn<)i(jB0Rq7}9T%n}tk& zI2@%aIV}6GF|eTLQso(qbfvUsReAqb0{f&eqE7j1cu)gnKOHdUaxpMU9q=!o9SH59 z<|T70KZ8qcbk6-B{t(Casj^^*3CVv zdUY(zQMyiKEuB=VkEZ(|y*0?K?n}XuMrUG=lQagSDbPS@a5`&P<* zM`t0#3SM|fvEbekgB<={53U?PCcMSS2hR=k^u6N$WEL#MiAeSR^CzRfcK+!%{FFeP zS#~oz@c8@hBZCsan~=n8k!-wW;i%pku!Q{3P2^ z{96?R|4BUPFrf(9jjiK_b8AH4O@0a4ypJt8<&PSIb zuPKrOsasSfE$Kr-i6wcSkx?bQ;FQKflWAD|DwE4`6jMt!NIq(hD51j?sm0VjrkiEi1t)=3C|yO zl!_fc31a%0Fp%r z`c02vA;V!B+BpO);yi#bI=NaaO-_T#Cp{0UEyzy5WAUAl-oYYCg}h4_tp{+_g<~*7ki&~%*J-Nb$LBk1FdKa!jZDJ+^sqW2 z?f+*YKdGMrbi94(zXRZmNYI2_5%^KK^i{Lx*`Gq2vQI7TgP&g!cPU~4a*koopje~_o9!|0Tv=LCDS3g-ydfx+IXLw-(5TL1haS>DRW{0%w6$@%pX>Nn#t+S zp(JFHP29Tcg2wA3P(T4@(I$OM!biBfux}6Gzg?!fs0< z*8EWi2|+Sz{IX)nBh?b*SMQAPSV3zbkik8YU*fj^f~7-n5j~g%NXJQ7a`| zqLmF9*7mwnY=1^<2-eWx=mZh~1cx^Gr4*^ak-?I*TjsC$%pYggk;5q~rBKJyEv4ow z?eCTfD*3R*xL~}7m$fV?D&cWI-FoKUFY{#ym=r8B1f5J%She|fWT#u*Uux$eqXhe5 z&$`Ul4VJ+5^y;U9?KmH>Q*gTux-&#%@FapA5k>W){j4z*!t^`Yv_i)nlxAEG6}U$v z3)y_FFKzAKiQmT|6*%1MR29c05AU27EmeCj3$*Ja)9;8Tg-|F2lsd9 z+33v$MIO`#s7Bq?NvKklmLT4gb-&!`ke)a+mzO`0KNQB1ATjuIp=2KaCO1mBFyJ))Ug zb3}pf)zYF4$29s#|NB$o!7w~^WFgs8KZhKflc)>F(_#LX@t;6}BS%+d9Tc=7q?lz~ z=N6=jdiE2P%W8|*>u16YbC%(VR~IPE%hV>FA86+PCz~8`yB@GCnHxk?`CLU?eyj_^ zATCS-3JU~qtioeebp|X)Gd^kc!!#17bfA#{EW3coK~J!E7CZ(T&>17O$ax&N#Jax= zYgC)x^@zFaZSzHLC7bEu)0DK&wYnQoU&G_PgIr?YuiIT6#n3%Ded8?~`3oFnLRXXY zwm~e%6S4G-|Do#*<(Av;AK9H+V~-plhUoi>`1aEDkHX{I znPo7DwS7dXKuZv_oZ9yA{WJE8;Ou1cCACp)|LpaUMy80n$|N zZ5~0kkpPMy*8|_1M+nW^MZ#rT!bPuBOm_4b>PO3N)9U^}#58dWZ2Sn&C@*VU0_G2D z`_rqc@gRVL%nba5&3H2`l+xO-DIMB_Aq zq3u0n{rRsyxy8>ILSy|&7I8K7Esai}$(om%yS)`X_mAEHbpe$eF}8EfOtI&{@)j=a z?Wd1z?g=qqH5idu$YyN~X~k4QMZs=daBPKI07mMKSQFLSJVlvxAeI%b8B4w0iY4$7 zX1plof6~04N@Q23hze3aULcMK$PBmmw9qW`<-}tKW(`|#AIGPZu2C?_-xUm=1Gy18 zPKAlWBcE|S_>^Cy@c!L&8QL^bw1z-QwPL(0RBu4wRrh-pZ28H^cqeprhXYU~z#b7i z^G-<<1ep?tU1HpC_d7mim(O~sJ^Q^3w)Fbzug7o$@*755SBTgj{X2WAYvY5otQS7jq!dPo^vvaA~nn4>%;me5uOQx)eZcd zP#Z)G&(UN23nz-?DjRL(Op8nUxKeUdnxhZSvo7`yor)fDphv% z`un;a0GuK6EcOl<_gL^*lk66Ox>-86ua6&FS3RCQ*?g*4-q=YXD@Z z`#84F@pkQM{aZT%Qeab+Vni)nsk41zchhTu93=rcjZ=>3r`CUT<&f=sN{=ganm#Cn zUQnE;34POdS=Y>Sq%|-a!nlaqfpBv`C%5~qk=N0GD!BdhM@SJ75Wkp>XU+;VO1t3C z^}L`nKiBuWKmg>2Q@% z4FYp_zSaX^WW&SbY{zh*5rg~@+Lor`H}g~MdpW`$xE(f!g4c}aIXK!OrSImeO%t*D zpWrc(36hC2?EVGk?#WiA9@j<}&&fF}yEgrMGLMaGai5c## zy531AD;ZgaKiCqfh7hKa3J{&Wf%^42b`=Djj)T%F0$GPQN(E`_t4hCjc1(|4 znd8y%EyWqI1RDjP@>S4yn(nfqpi_B&uJTZcCOr@0Y6q#wX{WtRA0Z-nEp76I=ujtY zQ@u0=ADrMH$wYzFDhfAKO-@(_BeeQKwOU{XGK0qPt%xz_&h_hJsWOJCPVrlvF1u626I|=h_#SwDQV`QMG zcWiSz{d%4glx>;hxTUTeL=!d92cnA<J(a00D>Vn+V|A4bC+l~)vaAk8o*$IP zpad-!Htrx!io2crl#4wv2p`*8>vA6(c&|?PDj!Riovfdy@kdkKnyivXXJ;_a%U@Uv zPHD$`@_eamCoLvJzO2Sg#p{p?)Xd!h7-7B~CsbU1WkTya4lJG}upkI7_vj6MyIF`R zYJzu2%g_%kAy|{H-J8(FOddz={zitDYLB5`OGZ1petiQxxi56x>`x}iP`ixkASNKZ zokhma0JYKPf7yek#x@USakwgGjeMrM3hIlEWuxyDZ)O!nSX+vj;*QDq{z_5E`I10t zfZw5F=kX}S?2LE0R$$j{coCds#`$_?Eoj{ZN`v$bGrce39$E*4K4Z}hGqdy^ruw_la%lQ&W7w|bLxt^|#24k5 z2IjjyPiJg>wGJF&yWzid%C`XYq;317k3m)54Z5k#ZSXc1B-`B|Ydbj+o6F+@nk5P6 zuk<3^K# z+2U8Lhf^Y#hrW-WhJB`tlrqPsUVCfSnto(NVGlUk>PtfnV&=!?TdujAG4}vcwzfRV zi{%Xr_bupL)zyNdL-(4<_=4I^Xfk0o18H|M3d_;g`oL|5juzunMs-n9dI6 zg0O=cVN=rOIw%n|&dnB?mIDx#`+GA{@L09d#J$V*3l?Ye9z(R)v5h%+djzC3+3)sO zGXxccCC^1QGTx0Eeo|-BbS>hW+t%-ytD_I>>_5S)e00AS>?;F1`I6$tJw3a5x`PE8 zY+OH{e2016V55}0S0xv3rup>BR?JD$cxx=)Gm2M#iCZrx3u}cwSJAr7z&P#=!@J=7 z;|hD6;?<2QV9n|Ga8fVJS!OnPK~Q{kb7IE1lul&gVNMSw+6gbTzISc+C%W1p9EY{~ zGja3#qZ=mZ53bnt7W)9TkW07r8Ke5 z**3UAb2xlhK>_cBI6=2@=6YheWK_~;vXVk{{gyxT$Kg)>CrA6^nTX&$ANzed`pv`R z{=Tx^%L%3H6qWkkyt-8GIrG4f1RIN8=BV=@hwjIn{kNnj*IE5(T* zAdBSDtf=I1sE0~X2f+je(IB|C`97SE>W`%^xNjW``{CQ>&znw+q*k?JMuC!Gg1Ws0 zOEopR0B1)3HBb;Bpq9__ikg}Zla_P@Y|H6SZZ8XT+k$bGi!#8!8~pS-Xkr`zYwW>D z(sLPVD6xYO`0GhWE@ZG>-~IJ+IKhs=94g-(j6>(yh{zqiQvE4_O#I}BeprnAqSwt% zh?WnqgwxF)58!gM@7cY7?b~qdywFeyl;F-&~pLAT(ps)ckeu4hSF}zXt-|vVr z2Q!C0+@{c^k|o@sqw^WPag1h%jV)ZS<{TOU9ymXM#P~@L!WZ>$cVGoaPm^-M1y0P< z+hFxE0CK~`HNLk3i!`85G?RZ2 z)af8O1kis4``!1r_RS&v>1iVFX>-6Mg3Q^zozcqtg+o^w`bA%I?Pj*+@(Hltw1QAa zSg-SN&Z}HBF(qyPC@cqNw3AN&Ko+&vWE6skOk{n3tRMFF1}uhw0bFf2Enidv*>bwf z2(-%BL?tVvm}OE}f+Y&Wsj2_Ya$5tmCzZbF;+8HZ3{v{5bmnU{G#jpmQIR+ot~`Li zaGQ>%Ihs88_`)Q@;2{@Bl99XT$@M{nn z>gedgcE{dtuhS@8b|zGb51!V77@=zOXOhX5OKLR6#3#)HGHwM!SAjcLC@fNa3GFAtPx7MWZr%h|fZm$b*%y=!vm8(K#=1 z$;se-A+KEwN_t<2x*nw2W?8#*g|2o16f-}Fli{yzIxT6SV0yiXP4MDi=2Io!1q@!K z7P#OC$+(+gw=B5n@|jL(3hyUQyP1mkdW)rIUejpnJ0!$sd^QSkH}Ydvh!G%NfTpU! zax53~k_~t@u>{3z=IdrO%0X$@ps z10}STmvtyz3~J1v(u~Wg+aijXa}k@&39veNLmN9-4%5=u;1_`w$CE}Whm3uRxF-89 zh?sv1YY){>>>G=w*6}z>dkheXQc|9i)8w(m3NE#3mP%;y0SA77G)Hk(B*ghgnkidV z#rj4AV|UTJ>>P$vXx~KsPoz4BK*IG@+}Z?pxZvyyIK9)wa;ep)h!Y9@?lOn|BKkPK z!bT;Q{H(u>Lx6bldo@v^}Kmi>biwW z`tAUtc2X&sC*jo-OCDij#uWAyz5}y7E(<_A^OS!1Ad!D=GDKK9EjhOqs)UY#4aDcU1ju9IZWhnC{t}~EL z_inB?Oby)y7*thXp(BS=S3B=9q|(1$F^|>%dG&C$p_#0Z`t3SR_;Q0_6Dc)*$4j9DQ#$)y1N`v!-TJ zB-tA}TB9oF8+o=~4(76f-@~bT<;WZ|6Vz2I?1X;6Ck4@II+366VP=_kS9q|$eR4=4 zh}cbI-@~cg`NdCj{`*T^CF#XlRGLavL@k2AB&q`56Sixg>^FOelo>RNvu|0n6jFm; zOG1J!_ZM=XL2fH33o$A~tlGVa0OH8$nY50P)`Z( zWdZZ9#bqD8wE+F665$>#p;Uvhb>t6r>$gilW_DdfS!hVAk4#+u07nVrG&`ba% zP&FfhG_b~87%2xnKVQ(sN@X$T{JtV0^=#C2P?Kq1j8ec};#Ss&2a;RE*`p|hGYzMB z36n@TV!ktfaNo}2r&2^UJT>#_nj(y_Xv^i84BYM`Q0?asL=2!QIt7h5HHwqr{oOOk1^kB@Z$31US_|g?b7EGkbx|bK;Y_| z(?DAZLC!D9vxtsoME=~N^7j|hc>B(E-e>EQb4kDBVt>J4?ySUV+(yrX3|KWdX7o!g z@zDRQb|KWP5skZlp|1J#VB2=i7cU1<1pC@E#l=ka>Dzn9ky{|?ly2rVLe#9Liptf( z8de^(bFLMdy0+*f6^W3+z7;2(stz!q4N#-vjNOUzwT>nXzn~FI)8)7H= zt}Mo;BM%uR*}NlOZ>3T|_h%!00F?&kq~st$mSf{D=rP!G(KfTpb1+YXjqb>T*Zu}x(V}n9A*sDWAyG=`?QT1!Kj^hkG9juJ8)x9Nlp8SCF)2NFpQqY2jYO& z%X?xAnskI|^wKaS*k)XL(cX=W1CO{caTWWF&5vxBTx@$M(86ZQ;dag{g_G3y^H7NB+1$qTtAFPINpua%kq%VIjBK2=nAN ze>w*tbT~3KiI82lD4GG4QQ&QMv7h+zk9T=Ko@_ZP&BpK0Mo?okRZNVgdGgzyatf@#~?gpGnrTnBg8-!%HfK-huMQ_`n&P-HWc zPQyu@v@)~R>8nGzN`7;sjL~^weF`HfL*iFb-aYwLJm@e7TbkS0?|bO%v>!c6@ZfAu zD~_VUsxHP<#Sn;g?1&T$ry=AfYcnz-Vy6Y#bIp69anB2s@(Y;lo?J*|@ve zd;B^2f^sY>)hVgkr~@BamCv$lRsam&D?jT%os$DELAShkd}d}EQB*A$D|Q=CKw{7$ z8KUu0y@J^+LKFj2CK0rTWG^?#pQp_nof293$h0)e=mPkxS z{L#NZS>L8w`5h|WL+0|Vm)EHiwNL-#$3U6C%WlRijtYqqxR9JrNp5Mmf;sN~r85aw zPJzesrz$Lbz}FD`w^kzi06eMD5p8iT9@X=%r9vunI0j!_Hk-G!cHN|8}rDPe7!d2iXxzN{ZTk-AiA9J;rW`}`(U&{qm%?Zi(3EpfzOHMIT&y&6ekLM3zSxX z(uPxFakIFmNWey8g2at=bLu8)aDUi{HFK!HLn|6l5VQ6Zl}{{gORDjtV!B0R+r4fh zCE+4RQ#MCm(l}4#piPQ89}E{}X-pW(Wt-KU^O<73Dg3N?+bow2KgcKG>npIpOy6mT z;>TlAa=+iXr?vi1D6qhQD|9IMj^lj)kD=jL3R4Qy33SyP|4sdQyf7KSigx$rKb1nA z02W|jZmqEYFTi323$RSfPMr_@7hr)&61pGVKCS&HCQQThhVrPQy_kR3)%gfB8k8J0 zcmEe)DTg68w8-AiQ2o1ZV+pt}32p1$hO?xUpd+fzTSU~?11ol6s5IMAxg-@ffl5}3 zjmiCt7)fkXEx)(0J|5WZyTAF%?^9+-Qn*4&+41cHTwp_fD#0z_tq7+y!d^dw_ag&i zXH^tIN*X418pQF+CBX|3lC7qAAhg1A#ta+pwsI1Ix0vI1VTthn2Pu5j(Cq1T@RN@ zLOGMCYINGCVmcF;Ht5y%crZkh5|-)seN}c9%iW(F{Azag3IHTY(W(SHoPB6 zSHYlpN%Q%XD>v9~$6g{uVJKP;iFjRQGKIdq>m=7l-MF>=V+Qlu`dH0fTzfa zHVl}1wWFB4uz_K&#zZyiLw~%3X1#TFeEb=dF-6ZYVI$3WD3kk<|rAEaGcdsi?<^NL!<^NbF9$x0#Y!NM)c@keGL zWcba&lF~Q>@sP?{%NiCsnH3NQp%cGhv^#RPZj7y8fU=~3eQ|3%oWKD*{oH_`k|$44 z1qmq&NVRPqoGO2Y+?IcLs~Gh38-2#^j>Mwg(GJikU^J8PmUM3CU7mNX02N@zXRT9s zzYEAGBkutY%I#IxN$mk(e&)edmwqf~vf9lnD-TG?z=GGx&9CLtNScs71+}V!4^^@^ zUM7+A@_QWbs&vLEx41V%?N@vL7m&i+iKftYu85t!7_WGCLF3;Qk}BuYG1qF6OTw|5 zowX^eCFfHH(T>Es#XOBBE}RN*Y0>Wjl?)DT-tBRflaa-VNTb(JBT)fHplFc6FGnGX zxiA7^Mz4@KuK%MK-}pVp8fuEL$xlSxm#VBEib8d3-@m6M1LI^125C|z@I&OryMtJa z>CG9_4bW9Ckhi|@h=PK6Q7n_%AnRmMR@k2h;9NDY@W?n;UoG*xj%OTQ(%MR{Egb&w zh{>;D;=nmx`muD-3gbq^e2kXCY-G{&U%o;X!F)(E2(=SEo*5`9_3q29a}yc61@YFA zU7=CIO5T$N7^W~RCr@h7+jna~WI`tH0-_%;hCkf-inF@%&dUD@&@g+=o}e)gBP&Q8 zgHowI(;A?Ocn_Oa!!!|wDsI2Hwm|G8KpyqR$IxAFt=8$u10st?KoHDgaZ|60ghBk` z)mMWTiGp*EBr^dhmwOD_fRbur4P(9;4MZoJ6%r8ncS`|;gqmNz=BekmYn$cP*U56F zYBn|wes;v&KocR5yRG`LQxmqu9mysaEsU>_x}{7K0Hlv(@QJOc?YGcUIq)ldTN`GV zJ?(_cJ$EK#YQ_f!Q;2`;Wlib$*EN`r%ksqA2wg-@24FoX_aD{2oCq*#aiIueD(BYo z;#Axg_J1NtBrV~5=>Eb98SdcfI9JFnxx?FpvX&C<|D*0LyQ=!$uu%zNBS;IFzG2J5{>71!)AOySqEj26|aAVbKw!2|%b_sYMe>%ygEm{&=4jBl#~!2WqN`)Vnu^L5MK7M9tBgx&#TOlC-& zy=UucwN|U!!reaCMN|E+o~;DEZb`GLI$NSroycgs{U`xXGqT!1#4B*0H7C~L8QL?2 zhWor34La1ncM65IzjmK%_`@96J%9?Aqa&;VhwxPx#FNT+-ONbhsQ_&Tbjw5FnjjP+ z@ao8Ee^UI^!z1W<-PNPqJA1B(hevlb zxv;F5*El2WyMJh+;cuDK8tF&EECZ45NTNZOweRDm<1c5U!6g%g zW!tWZYt;&-k`fbU#ZZdRE>(ZL!`L~)*Jzm906xWRXEi3cGuZDlH5IzeJyygW)d80t?7-eA>YBTksq4S3mI1NIT@6o!+x(F#GIr3yL>PmDR6pP@`dlD; zKbMxe0voll-%P6 zHTDpMKdgqB(SL6~Y7t~?7fsSe>f7Anb9jNMc^*rJY(B#t^z`W!5SYG$4kx;cq%I&^ zUt=uO>)tl@IAB1_VV@HnIM#k_UJJH=ae#hEu-ui2%94oJ#nT?C&rJ;>i5!qgf69v*5;!DuVAD~~^dN|snW zBiB(EB!%#E`D|hV_!l`zCK*7_C^yvU3fuCf^n2wYo@JqAbycj5L?vvACeDX@`GB`dV++uQJSU8B%b` z)fkC*LaEMXsUcWc!i$D|A)Fw=65VR1tCl27&H&aM=~b2N7=uvX{whjJLqui$A{n2D{vt2j)k(^krXjF>057GG;vad-;R^w5g8V;qoi{N0+EyH9^zcmro9Z@Dg+mvkg6v ziKc(fHI~TXLJ%#6l6!tHK$8};ix;1EKk*mB&GmPLOFRjmZF!*v7XZb0`I06oYe|3Z zX+D-YA?Y$mv81QQ2QAl@hf@%a;GX-f3b~)~+T%f=nzs#2oZgxMv?iIN=gGNSLN_a61 z?@Gj_7qpn6MR`V5D_5a`^SEN3!q%v@r6(qAoHuY%Ki%;?;WNA4ouWJ?p6;9;-ouiV zB_v&+>#lD`(??-8w5C?OqselR<6hs~=3^c{b$)rDZF0pnEs5>Gp$8W=A7dZ z|3*iZScD)r)Xp3o&@3wm(|n!Lf2fcK_O@v-!a$5MyRH%L%S^|C|0@|zqm#k1k9PTZ z;IYt(&+72PFt7Zfc}Bc`nYRX>AO7@n|9Cb_b|$kaEW03F2)dV4OmMKx*B-#aDLM~) z*O5ib1!ZTP7%!fATZEqIjfeI68cp^iX#>bF)tnMhW{G4T9~4b((?%9JSy@mW^
(jtQ2^9~%vm-y#%;fhH-`3DJ#V98 z;SX=r0-6;0j%tPD4r}xo!N8-7 zwZx}M-Z00P5ZN-Dfp$$)LS7)9r?#|)9s|_S82v{B{D2e|%1DTivfh zF}ueEinx3Tm#QrZc^T_ES*O3+b6Aih^8E@NT1H~nD4W-{o~e8GZ5`MV&usfStE%t_s17*$Z5pt?s$U)hy-0%xoo4wyQ>YRFRFei>PCJ+ zqgWUhHfY!$ImCm;!=S4%<<=5$l zcBnghYzPGUu%)8_-%`#th-LG*F13w)a(`K+KUE>HT(y+^hmM9w!3MwLPnO4xydjY{ z?eCU(LTWOGH~QoL@1DeAImZZ>jZcU7zGD4dj<7ApjM+7F?UF*=A(zf8bnRr8zS*XN zHfTl8(_L?O?sJx{u;6oy^qiGWo1kCP@L0B_tSk~33Z`*d3#Gu1BjXHwzOL(|$hsJL zM>wlB^vnzgq62fZL^Y3`O#`_?o2 zH@LDpWy_g+X)^;{uRUp>O*)gKZE&_U1k%p83`O-?Dm&?3FM2rdch@>(63#aTL8vqQ zZCxqEIiXF?9E?bE;gr9lyc-J~=9(quzqEhmsIIkD*5qs*vLHUsT>8Jv_%39mdiwNO2^N`K^@0qVCy>oK}6P**=xi zvHmh&;mY0kaD8gxNW1V##LK~{l(H5SIBOHmIUx%FF&*N2l<%lo0+EFLt6x|ZiLK{F zHtgUsa`n^S3P{uFST9g)94A|TibFinjw*-H*mfH(ov;iv7_fW1G+p2?{lILT=}ZL| zoa|5fgoU>$XK4>LN-r@<#6`pGe0QtY7d;sBphmh+P*AR#HYct6%l`t${k`>E{y?#y z$>D$F!oA5CabT$AYezQW{>Gex0B?R+>C_{pUp)W56Y8x6AI~`_oP!2p+XWw^&3!H( zFQ`ZKfCl#8|9r%FyX=4*!T(>h`{VyCQ)G7Gkzh6F{Eb`Bgw%-%hK$j(UjKK1$KwP? zd1IQn%brI5zb>T9%bPv}6yX?VIXjnG|L4yF;DAZN<3G|9=(TFr(#V*p$j5Uqs_fRj zji;waiHB6j|92_3Y>>^UCTiG=1+R?38|F91bt%H+v2KOF6+qKqM>A!oIu! z#m5l(MFSC1Z;o6Kk{fQQ$xUidF*7i9%{Fan)dlW|#(svohs4ChrWiT^k0}K96ct8~ zqE8c!o5e+aZU7zaYF%CL9J~dTh^;ms57j@>x&S|N_S-pAX>{V-2EfLLwr~%~g6ob5 z(gY9>Y=bDR5569E*N%@Z`1mZ5prHyM_VeFe@`up~&++Xi`75~CBKKxK<=$S2n1fAW z#R64FqCJt!0%rXkS(^3dS?3VZ$%nNdrmfnM>D+MWGUtKy?p-(1x@z*|%ts~8s-NJ*$Rpjwn|L~f- z<}w8u1vp|paHLF@;d}LW#B!1?a^!19tAS+mfFcwO{{W(_rOt)iXD?p;0_%M4_6SYu z?J-LO=%8CoRrt)iTo^&Cm#Zu%P{&_#*iH5c+l>e>p~UmKp~7m^#~Jlxn**!WaU=7> zUw^mNWe6@oNUlW9$9)jm8L+RWUJ^8x!C}C*0^bJKgeGN}OL1jooj6Cp97P9m*L+c? zeD}^5dewp4NlTd}9Ec zAR$_&g~R~iOQ;`uY9xs2BVF?`iuNdGV%h?&`nUjKYoi3<5*mf{CV1=RjSLcbpi*Cv zb3no(@(53hC>z%d_w^eKnR5FXjhlC?OPvk#;&C>Wgn?W}bcfU=vu@#TPghfW@sCP0 zsV%K>TaL5#BlXOjgJ^gP;Me=5b?UZrbg?M{uq32)wPc4iE#Y8Ybb%lz6X|+%3ju$_ zA4wo&Viz!#X~p;)HlN64+<&kAkq;8ZkKl9A`EGV)SRJ=1ol>Vo0sDIOY*_uIbRxt; z@V}9F`_e~cSH+Iw(|*%#8r~kqAOARX&$*4|A7LTTmQ{EdR2~o%Bt1llC5wzIboesx zla&(uw5jZXWBc=+>i64n&qDDfz%#qWgJ~V*loM%3TJH!zUO#5w;Wr-@72Atcl=^xJ z?p%?%bTSUMYxaLjOMv%6k*y}%=)bWKBi0rK7N=`;Z8^=qkH75!{q6E;EBhaO+Q0Aq zB|2E}NPNFb(f#{O0@l0xiF{3pzpoDr33+DMmWU0T#lO!FB4Fuym{zgO{kxbgih%Xd z15yGl{`cAI@r-&Y?<4*#knX|Wm<4FDi_E6TkFuka(PNtmt6Jl z^8*<;qnFh;Hl@b_D~NGO1}=#oUM)`b-)8}E#=BCvYVm*TEx#zZq@cz3qyIkN2Z1v_ zRDT_p{P&~(e{mBakZ002p1}5e6DW=N2iDsu)9BQQ`%<}(P5R=whDhvMZC3(^pZzLS zWNEP9VApAKZZ~r=?WAecqpMCSZt? zs21S+wiY?@BsO`qv!Y@3imr;`edKlDY0yg?2K!V97&jPevY(r;v+Q1+)89L6Lc-`o@^MzHy#)jK(H%6EUFBBAamB{$1eh&FZlFlgxD`;uEdo_LFDG zJhC9cJReu@mH?CxzUl7Av{xVn2VO6uO19p|N65Vu*>QI=0+3e4z(o1Q!O+mKsA-oP z$VMA+Tj;>T65#9Sw*{QmRHK2uF#6+s6WMTs(~cb5w}~$mIVdIYXMldooTreXyN&c( zf1clA(;J?{krOy?JMK-V0EATNyV`>kD92)tVO!a)(ldd~Ps!OiadEcJ)?T;)Fm@{j zmMzBeUwqIf7MV`OgY#M(&6Tn*M9kdMelw&lQ>u zax;g7hKC3HWfbtgtunV2ZheeS?+Umo0~X@3&_nSQ65hHD*#)tVO*aMJUjfs#Ua_IL z3}T=t0Ot#fEhwlFdQv4fRq+B;R@$ehVOjJVtF8Z8&PFvAm#k+#mJRtbH#*B^{q#SSZ=w6v6$ORyloSI8zL` zr6|omZyFOv-}qYK%JeaU&`;uY_Ock{2Lfoz-CzSp^sycHj6e z0yjPMt)4`}-5K0IkNKnhY%~#|WfGceyomV(dT}Y^oXaHwF8C=;F14xs5lvCV&*PY@ ztQTUAH_(=9<|t&OY4i*i;JOq;#7KW|B4*{B?(sx}E}1B>+*pC}q|Io<98ks?iG*c|1W^Aq`jC_#qJV_OD14uHm|Z-B9+Hq4<6E=A>%^wAwmJ}kpz=)xPYUf) zwNy8bo24G_NF}OEA5E!8zt&=mo2+5JIfGq;k;(D1>%nZj4is)MxjG;AsjxAo!PAN~ zQ2WYiOx-Tj?8Q}i+~7=CTQ*ive0l19FC$BzuI4oai#8hfFcmn1 z>mv(qj$~E7K(QJN?WG8(#)tSx4YLgMDgeifc*gW;1QG6kU(pqanU0u!`N3Puvc-ao%Y7{B98QO>c1N34 zjueNdaDX%F_=e+4k*1A~(3hKwgB-xi99@a3m3SM|)q)63CnkbirhUcH9084nE{la< zIjx@^dqHU9=;e_B5)Ap1D#*Y9@XDk~#@aV%d&#yOd1fm8me<&y{xSv?#y|fV^ zm3zWwJ)f+47-ng@ZL{C82n%DO-v&XVrDUj^b+`^<1w3ARJd{I-<_8d~2J!nA0~)KN zpx3g7xf+ajchEXq9?bfB7xJ9sK3`TGl!Br?kz#g4--ElOBu65F{|xOUtlKS_LbL#U zrGt6K$@*Ybm94_rA^y#XPL;zJc`uwFChL21g<2PSj8%lubQZG)-XM#IKWYo{_MaY< zD)ae36$UNt#LRv7y=GLw^Y(~mi#mn9IKk&RDn8(4md76bMl2F^hqY`6LPi(;);_CU z8%Da0oy`$xGKbO^5uBb-Lavc&NNqd$=DCej!Zmc7&EV zn8qRkZBL|$dU-^g;PD-uHXHY+p5SZo^W4ndd)|FS7Y?D#(&lpihll)caTLwCJR z1nJ#Sg@Z4A*7lK}t;R>fmfHP*LcZv`A;jCO(C4N>uS8zC>{V7tEknIDL`dSScg|>fCP%jWq5aO3;bKdzG!S@-%Gq9QFIc>a3 zJPvPj2$p(kdf|+;2Rp`Ye6k*q{ageK4o|R=wafA_=!+%19}WDGTnbeUF_ix1S31JL zyKd~XbT*vea_mLIOP7@?d<=}Rr`x{VzNZmwyU(6O;J#oec(nO5_1JF=D?J?_Hvr@o z$zj=ieH`(I^A=>^G%ovZqCN1mSv5j}ve<*h!>0vdxI}l)paxYitmMHA)5r(wkwi0v zK!v0|?E7JBl1>%olMFW448=;B0*o3S3!NN3j$b78*RNl~$#ozr^aZ!udc286`whY< zn+LK1qoVH>KNIXMDFTaqS2JKo{)B(AAzt>{09sYZBHIJf3|OPqHfJ+z#sCCo6j$(x zPQIfCSv@RVUzSF##8=y}9ws*aLXdo0;DKTY^fSSJCBa#)KVwePtlNx2{Nubskq1Kg z*MVR>^#Mnvs9NhE>wc_^j872|r0qte8S9J$gH#dZOrEEx4+@$OW36@Lhv*zK3m*;y zyC~Z3b@b1}S4P%a^K5_om{?ua#;HEb6h*JhYC2}xjE5@UcGREf<> zmDoj=Uli$>*J#JUdm9?fi@-|}QXCXwCNMpw&srn_(}cPgJ?U0=oTIsAx85= z_IqJDCyfC}(JmKqp6B=QMZe7WBIMHN>ErTGex(Q9-FnW$ZSX2>JML=jZ$P{Y8R>dt zr#Z*lXb}x3-mZ!>-y$1Gz;nh3W~LeUr;7|Ut>eoRF&1}V`&Sbt8solhOa93gVsxMN z;m@}}m@J>KaH{p&$&a&%cyLU7sjh?BlsPFAZ@r%);Bi(hvcQ@#RZdvVu>W9^Fyx!y zEEKfoX@iOu4YzY4L(OyWM8&uUDjDH~X9C)c<3pqNSy7SV!yi!EjhcHC2g^_cxhcgD zr!ZJgTuw|ia#MV&HDqzZzXYH1p24_z(x8prfS#8qTzBQ|)s2P_Bc6X|MCPENeoaxk zDq_){>liyGEyjcUA6<18_;bd*Y}8@Ci*KBB-Y<7yy}W_f#Hj2!jC!SO059N5mEXTd z+t?yJK)ii9GW>DYzNs_0u=FX;6AI^6+r3=|gY=cn!O7LFxr&0dK^MDb#QD{=QUfIv zpreP4li3)WbM~+djHcn`RY(oSIbg9SxV+?J&}xc)*|lp*;D+xwwY9`L9K9q9-xI;Z zyW=kcqnm5csf(k$9#8ua=feSZ?6RzCNrELaanbfDG&Z+Be(lF=GF?Seg^J3*R`<=$ z!|mFPK*xjeDLGmZ&yPRjhGB5zv%RQn0If31ZlZ)T7R3p|U7pV{ygp$Z7&$bA_i3~3 z4sIuL8A|8V*+y2-KzWtne%-=WmULJWId6FI>dn4E?32MV5CxJA(*{RiD)^h8$+uU8 z==|G$$9y`S+M75e$TT7rY>^wj?F8b0y*+EbXd*d-UdwAu971grq?}nErw=cRhSPX@ zEPEC0bidlY)7TMpx1R1^-5C6ZyB81w%(7ZVX6h6=Q(i_I9exYA`mF)9|F5v>eP;!n z4!f|{Eji1m#Jx4FJ{IiHvfFs~4a@7R`(0G)+eKc$$HBd}(ocf3T;1=|PaBzB-Ji2d zC~3UuJtMA@5uln?VCo7P0?|q|WTeiF9S$&q_Q$J7!iMwg?6MY&MD69UqJEbps{lU3 zWq7yp)7z%I7iQz~bTKbMH?ELTs9mb_qdb#^@Ju47?Q6F#$4p$^mv2@>VcM^>-eJwp zP?**iOxYq*qE>WW_x=8A+v?>gZ;6@G25^sF{~3w#j!c90&atAeVeOjA%jgb;boAennqu``pAg2HhOYF30d&EHAYUrv1JM*mkHh>5+$X zSQ(8TuWx=oPwq3-a3_WluJ1fpB)eZlz@jy4&qXKRNSq~q%~}FLmtM->Tt$tR=%Xkf zv79LdE@tVNr2-4S&moWN%-+(1$MC0%EHKG1`M|@>K zG&Se8nYwYO?R7ro)fEcoE8lmMOlTCxv8J$p(U!t{M=Klpi*qmH3!&xvL;N#w-sU2w z4NU9N3Z7riSo0~2A!M>~#0ZQhQ~vb{i4DS(T3elx$-h0CX^>8=pXqNU1ga@@&vfSrJcD1;Wg_(Q5>qJL8w zzpmVrx0AU|rM*n-R4Q+H|L+x1%ImR{@{$<%I&8pf^*1%k5#Y$n;vY7Zyq*> z@8$mo{saoX_xc_^{)nCZg^#EJeAFVUHugXGi02VLDv_!d{`ZZRNBAgV^ZoR{&z_I) z(E{67)&Idq36F>trjDG}KRD^&5kqT){(1I43=IvE&hk05rH#$PULEm{lm=k z$fL78?a*d!^k<-zUb)oz?Qxit0Y~Nddn?0ek$2&-D)s%R3 zcS#V>t~}&COx*R{`ndFL!1>k8{T?MQwcC-aF$BXnq?H9xO~!Q{A9pHjf{G^u$|Vv} z2)TUXgPms!MQD9&NKLP2i(1>ICi2G8eE?xuo3IZyJnZqRE}ZC+8O`XQ_YP6h&=$6< zoodX61UB19^u`7)aqnZLd4q3-0!byK3+Q0VeOZSI9qwk|5jGbBG&UyCsrj5AEXc%p5h+CAv#&Ye_qC+TB-}qjFb4 zd42U%6~UE$Z8T7ZGNljF5Cyg8x3o<|WH;M#L7cR9OG=gPiso0pDQjk(28Rj@R`!f; z{%o)e<}Bb29J!(?%D#SNeBfUJjeI>(Lid#VOXrEN${E7K&yHKFsFC8JyLs;^0V?zx zIHA2#Ey~?>F9)sj_Nn+`f0mx6&(n$#J_3CvbGZ3qA#-6CcNfhAMz7xHAb-}kVrBGD zPXFF&Zi`mTb5p6Ry^o|Py{i-oz6rmg%**`(*w_kk%Ije zpW)#*jE_pmSWtYeFhPSoUEuk^eb75Zd(6Z)$e%ryt@_^O)8?TOH1px~xzpB%JK0Cdw{G(_i^ghf=41|&a{hp7)j(3^TR#N3&D*QWiojr@ zChH6zf4Q*oS_()W=z+%5sePo2yn`no#%0hImi+;6QI%kLp01n$aR8H2z*o3kphD|4 z;wdEL@p&(~pkabYzRdcD-aBGp>;3C3q#_iY3yq)9p2EYwU1)(z@}^@#D$W6BbxL4A zQ|}39Y^3im;Uf6$1)XX>(AfdY8bwSr$G{NRnHsq&w+s3A-JvORvC9(wbh9zE?vjf0#1P&c z%|m>2^UMBBqo_Gew8vq;t^)1uS0etfj|xyNWIeRc&wGJqfl#71@71cZ|NV;m8`1sT zV8^&M+pcRp+7D~$bmoDCVl=s~xX<(iLQ2vEprSC@0l88sKBK0#rvlmuJBP#pzjwPe zH@(a^s$$}~^fbPWU-0mTQYYCZ2# zYd(>^d+&nk8_2n#SH5GWQm5-h)=5F|ooz+#u`-K=FrL@8E(@Cb;j8dgvX^ESE69*!K`M zLPbN1vmwn>%xS5pdMgV{+GYc2(D2Xe)XOnt@$t5TNbcPjq2v?8Hk$eJWD$NGjCqy0n`9VHu?5KmRy05S z-EsuS{AZ^mb}QyTB|3Ug0)hL>w8bimG1n3WocF&A@rv~hrc<5I1{9x}J%5wy^y$~C zeC4?rrJM~^Qy`yYt{$&**fU3!WG{dB$NRCPJ$pIy9Y}VQvpYjT@qNH8?4~I3L0@sz$S5hB>Fjj2{fCq1rxD+q zSFc7x*FWkEK5L_9WLW?T;0Hs*vlI>@m#4P6;7{89gkf^_+te8q<_#}*zl-zb3o@^08(~<(o7B#@=7u$+h9Nn}H`daCzPqRZt4h7w0 zDC3!&8>U@)C_T=I^xkrKBjA}S`{2z<3T7I?23N~9&el72Hu$SPtGE43?RRn9f>Dz+ zbfkx(@T}>@r{uiOn4dE$tf}OOi;pCD|F77vJxL&({U_HzAaJI`u+OVBRRYYOme#bv zBmrsloF6{}qV5fd(1ut+_b!g`t!nhfS7mB-d%JxMbJz zaqgAvVuu*IW#h|ZBg19XZOoA^5}Ti2=n+90vi7~cq1Rq@txH-JPD+v)hU@~hyyzI{ zBNQh(4N#DG{2=!(3tRW_DOGs_`Kr;2aZ;@8g$I2?kA}?)LC|aW$A)P;!AVT#L9LsMsjnC6JjMnd;hkXHwEq#lxNTAlL?rg?{Xx zs3Z}0x(*4u8(vo#C8`gnJDQ6UI5%UNt^f}8itXtR@4x6as1=rrl%Yc`@jVjWCi((C3ny_k7h4i#D9t=023Ryfd-f*><2 z?*7<*`-lIbdSC$Jw!Wyz#HO~x6I$`&E7@7m`~%|q`}uA+`1cA-E<;D2D0s)diBoaZ zVsc^_lDx2xapH;V&bF`SOm=dgKA1Vp%%AFt#%pB(o|rXFEh?w~U=%6VCn>iN_-S6GHrb zBtFvxIQFCuW|!x)TaVe}?gJjxZZMFb5~-&&gDySiQk&(tmQSAka##7T&2JxF_akde ztBI1mCic6OR3l-7ZDxnfFkx55a{0u=xHB$kpx9bF!CVnE8FmACn8H7;rg?=Rh?R%Q zY;-?_AWNCF1x9p&BJ6WuzLlzyOf($irel>~4Y(|A*=CIC$Yuhh+w%|0X+7H9^sP@+ z>e`?5^`LTx%@-3gg!d54nreCCiNAC85{b~g5%JaKw+&{G+#23WfXVkjZX$BKd$={1bKW#=7!Xu7jZ*pN9XX<&Enu#*iwe*vhZZIP%-u&try>q2QD#<%ZqMw$FyMK0y z;q&_k7HsD;XE;h5BYYJ!VK24D2oi`E2pf^jQ$1~DC1>y63M-{nVD`ym(7}cXJ(9zf zZBfFV80731{`}fs+up8c*srIMjZ4V6O&6$SG{E9+pvdxHrdsFfv*b0$!W!m!&8n&Z ztK>MInB}8CYQOqZNI@~+HP(B}=x@~JJP?;>W?q5A60;t{hL3RYf-#hmOZs;Xcc*6@ z2?r-$LpbvWgG|8AMM32)QrHOt22~(yOzDa1x9=6REw&L}o#W+B2ix`ah!Ui?dpC2l zQn$b6x}Zn27ARt*7LZFSTj=v=3*8-=soaj<)+|y!UyTf(^boIPrNWX$zgp2!yp@FI zwFzS*5@$+~?_-{-9Xo(5E z{>Q2E5(03Mo~F`H)?dQYp&&SIh=V=_}?8}q=)qs zNwt9=Ws|c`(dop4A2ItKGLV@i0ls?p-;u3feK+`bBd~pL01^7c6XW;gzk5gf3_MWm zKeL(||AxT-*FVS?tiMq&BYp8kdvdEpm;W`yxGz2g7|R@&VN3KsJ{4MYA8fHyAj@J0 zrf(@q1(8~N_jfmA099N@c*?nwm*MCqgH`4a86a|9 zc=-5z_|i0hcl7K1CL!=Uhymm&oqeH|+szy=_2D2Cmq5U*5JNmaC;(pA@uT^2GJxlh z3AkNKfcZfMcsyr-AN}^5ZgYdSz?CuLbcG4>Q-tpOpYDds@K2xq5_q`6+ncTT1IBrP z$AMPScS38~Nz-$A)M`VVQhc+XD-{RDER|2=w)+lb$-r3)AMl-oTjkSbU5-~{ZlGz_ zEmwi4MBI{qteOW5@RN-pN8`m>GKz{ZtX}u-KxgfLR-~9C&I*hQxLsMpffb4vkb+mG zvwfURTpvmk0Zfbh-Z*MS;2&6IHbf16Xnq6%$4HHp*4A2rUJY^12R*RF4MsVopA)dh+i?1N z18xArL<9j_KHyy+p)t?KTi(jZrYZ>B`GaRFUE0E(+VXJ!(B&RpAqZ?3x}bf!RhAoX zT#tSvtfpV7wYYQP^PE#(ANQ9gzMcS?8dIAO_Xj-CsiWWdgDdgLgDG(P7GshHX2aK#1aTf7MEv0&-Jr>uf<%x@x+&Lq6yz zkNP96P!Xqt`}GCqjkc%)-=EJ1Pi?MRIevtFBIGq^Y`$7gIo+#$$cv#^pp@k#rAe`X z(+1;Me%tqCaj^=pve{F+V*r)ghI?Uz#Otnys-x2w?Xjekfu3y^Ub~+<^jlXB|~2aTz#ZrVUY_>W1tx)83CksvHpn2 z$Qm>Hjfd-7dvI%jFiYkTfWxXyHuJOQzp}X!ZqS<_?h!EwuY|@_|66BB>oFv4@y(o_ zIa3fhdP&oO0-UVTVvNvK)653I%N@|Jgf4BQxHSn94`Y{EUk4%csYr?i>1Fj0_rG#vxd4@- zlr`}Dy0f}m=yJI3M9V2Yra%F_@!%H%&Zt2|==(PZt<>x0iJ4hQ2ngJgb*u@Ux;2li zM?gpm;5E2E{b@>k&yQ4?i=I-@MUw;_xA@BEGh zOB>1QLofgu^&ADjN3g#o4J4P^BY`~09sk!LsYC3tKZc^JG)V?}4DT~dCIWW~YEti-CEXbaG82{N*$E^=(_^3Kkpsiy|Z zgUM{)De*9tNM+2L06MQ<5pG|#k&!@6_>;hHrCY8q_D2k~q|$iE*H0oOJbYP7=Cvs! zM}hR`J|jYp!vAInV1*yk1!!=x(2ms80Tz+T7?bqf{>^8+&eP{xV?k{B!WFs*5hs3V z^9h-Za&I&$;`wZD#zyl{mvw4BaGf123^NOG7i`H9?qUGI>6Pw+yI7w(aA;+ZJ9kXU z?==EpF&~`nqO&h6lMh-5s3_Iz?M$YtEON|~!1!2poVc?cM+N>A&}mB6gBS{lP-qyV zjW^)aGFyIeTWiv)RhLKsAt;K~@83}ovyQ1vel_b1JgYDbHv>$)^|L9cu%^vO5|dFw zb^3?C_mMUbVIDwT6Ctbt%K-4@12zKye=xCkr4YW0kecnXcNEqBjW{GyI2?>Yq5X8s zEmSa6_{o8toz(p;Sp|%{UET#vK^%DqR`PO&S4k!ysUEiRcUs-tZ3yULRe|L}TRx`f zNJs?CnaM9aw??U$5B(TP!H{@Codw3emO-jQQ;45}pL$$=<3T%~JhgvWZ zDkv>T>U9sh`;#;F{{F)2sG^^G_vhqk%XdEW5k}DPn)k?y159b+p!X-n+?y?2&qe2beFmWi`d0uqkAs zQFEn$D5GD1_mAaXz-JOot)N?z-`pFw{b{Qs;L<3vpbl-U5_{ua3ihG(T*HeXhuBzg zrDaOf!;5(SpFQ%)Lk2oA(2hDg;ffx>nTx+;9^!)hArP9Hjmc@eNgw?|x#CHUpFTQa z7TVSsDTtn81{m2t#pU{z;=&1Fb+>`IYW*ao1n5U`(=1>*YNfg zQrI;z!ILO4PXZlZtkEtx^c%1QMbXRbToN3O?%I!rdSD-iVXd5QwMx4z*@Jv2t#6ve z&^#oFKJu*U{YQ7#CK3T)ypXf10V*p`r?A#F-F6u*g~+|5f1OH^?VcC+E7~13I8K=Hm-@PBFKw&RAmPy3i||ts-&EM`^9kk`-^w*N+5;g zvhg%e23JEB*F06DlD}I%tX%gL0a@K#u#l7%og@_o@wsc{9nLu9=w0F4kXNb>x9kqU zP58A}z~Z8Va3UBj>ltmg5v^~2wl9R%CKw;Rwwl(D3sCn)zgYf(Ed0g!u%E$b@~a&# zgX5YZb(fFutibK!;o#;}Wkwghay~Dc`G|l1Ew@j1#Ep-ad0u#Q`sc&uIN*wX{Aqs5 z;&juR>rP78AGn+*6oAqou8f_><=9!bVR|Ue59e0L+0|wJryDwtF7cZ6oLB7gy~o~- z+Je{j?ycEpw5#|#VUH#M;sWGQiSP`xGgXVPT_dpx^Hv-*S?XnqUuqmB(U~L3kioEmub|2Y#AhbVz#z|(;W@k}{{r%#h*N~1{Egae*cRxaV%E(`jhm_#^?<)7^y zUZ&nQ5XcUX^h1I5M^!``Hl7Q{;DiR&1C+#3Q^>K{? zRB#oDcGfp8Z-<2rRYeQ1sN|^yPn90`c|HM(MV5*aTi> zMZP6`zSbwZ{aG$uzc~qk+e5tsAyCJ3=-~`tSUpar@mfZ(-4>fJAQy!_i2@AzO_Tf;h1viTiD7P@w z{Qw>jvoEP=j%~VC>bWVAbvszoZnG<@|7cIxaE#-)bVfdKqHfcsRyX#^26aAcuUGx% zZ~0XI%r*6|(9?Cm{fzZW-}kIB2JR!D-^N=VdFb##VCPf&(VJw|viB^nw_MC=+gJ8> zmcSZC_X%noqPH@DOBj9z&)O9;tt;#cumK(9aq!Te)A^wse4)TYvKMF1aSxgDTz-k2r?1V*y|H83vQ3|R)~6~z z2OexzS!N`4%>IOs=KP}%Zu_19)|W>fmjmY)kG|>JdiCb!<$=H>T5e>jH_u1}9wDhU z>k)8!!q3@Xr2fdhTJALOL)Fo!wVOeECF_g#aBt1K>gTiOM*H;>PfqR+0G?yLB6fG* zCg6@@Q|(rlk23S0ok`%or#|n+8R@t$(|PrQN9*WDt?hjO?uGgN!b36*@4qKxhX=Ck zab@u1`0<7{?>8vZOsL^F5W}LIkT(G@lN*jNA=!${K@v;fwO?j^80QcT*LZcwFVQXV#7YB z;)#>eoIG9@yDEI-*rDvZk#dRaFP)K7O?o zIOt$w#gTA#i%osE)FHX;3JHJswwY(o;JkWaeaGbxu~oKqMXi<&u7U+_44Y&B9GP!! z9Qk|)aFPVnUAR9Z>#c7mV<5Y$wGyO11`LZBju+20PPQ&t2HoI1K?yh{;v;x=%~bGK zN8pA$J>V$IWNuGi=&BqASKyGyOr=?o+AG1Pf{f58R1=>x3%UW?q07Oc)7aHya~L>t z0lV8fK}PDSn94#221FWxJEprb($+4445By`0k@6KjPb~_f(<1wfrb(;o{92=>UiSx a;6Gyw|ITaO`?s!S00K`}KbLh*2~7YJ5VBYR literal 0 HcmV?d00001 diff --git a/docs/manifest.json b/docs/manifest.json index ea1d19561593f..d3a8c64ad2562 100644 --- a/docs/manifest.json +++ b/docs/manifest.json @@ -416,6 +416,12 @@ "description": "Use parameters to customize workspaces at build", "path": "./admin/templates/extending-templates/parameters.md" }, + { + "title": "Prebuilt workspaces", + "description": "Pre-provision a ready-to-deploy workspace with a defined set of parameters", + "path": "./admin/templates/extending-templates/prebuilt-workspaces.md", + "state": ["premium", "beta"] + }, { "title": "Icons", "description": "Customize your template with built-in icons", diff --git a/docs/reference/api/agents.md b/docs/reference/api/agents.md index 853cb67e38bfd..81dd9cf2eb88a 100644 --- a/docs/reference/api/agents.md +++ b/docs/reference/api/agents.md @@ -470,6 +470,38 @@ curl -X PATCH http://coder-server:8080/api/v2/workspaceagents/me/logs \ To perform this operation, you must be authenticated. [Learn more](authentication.md). +## Get workspace agent reinitialization + +### Code samples + +```shell +# Example request using curl +curl -X GET http://coder-server:8080/api/v2/workspaceagents/me/reinit \ + -H 'Accept: application/json' \ + -H 'Coder-Session-Token: API_KEY' +``` + +`GET /workspaceagents/me/reinit` + +### Example responses + +> 200 Response + +```json +{ + "reason": "prebuild_claimed", + "workspaceID": "string" +} +``` + +### Responses + +| Status | Meaning | Description | Schema | +|--------|---------------------------------------------------------|-------------|----------------------------------------------------------------------------| +| 200 | [OK](https://tools.ietf.org/html/rfc7231#section-6.3.1) | OK | [agentsdk.ReinitializationEvent](schemas.md#agentsdkreinitializationevent) | + +To perform this operation, you must be authenticated. [Learn more](authentication.md). + ## Get workspace agent by ID ### Code samples diff --git a/docs/reference/api/schemas.md b/docs/reference/api/schemas.md index e2ba1373aa613..6caf9e3384546 100644 --- a/docs/reference/api/schemas.md +++ b/docs/reference/api/schemas.md @@ -182,6 +182,36 @@ | `icon` | string | false | | | | `id` | string | false | | ID is a unique identifier for the log source. It is scoped to a workspace agent, and can be statically defined inside code to prevent duplicate sources from being created for the same agent. | +## agentsdk.ReinitializationEvent + +```json +{ + "reason": "prebuild_claimed", + "workspaceID": "string" +} +``` + +### Properties + +| Name | Type | Required | Restrictions | Description | +|---------------|--------------------------------------------------------------------|----------|--------------|-------------| +| `reason` | [agentsdk.ReinitializationReason](#agentsdkreinitializationreason) | false | | | +| `workspaceID` | string | false | | | + +## agentsdk.ReinitializationReason + +```json +"prebuild_claimed" +``` + +### Properties + +#### Enumerated Values + +| Value | +|--------------------| +| `prebuild_claimed` | + ## coderd.SCIMUser ```json diff --git a/enterprise/coderd/coderd.go b/enterprise/coderd/coderd.go index 8b473e8168ffa..f46848812a69e 100644 --- a/enterprise/coderd/coderd.go +++ b/enterprise/coderd/coderd.go @@ -1165,6 +1165,6 @@ func (api *API) setupPrebuilds(featureEnabled bool) (agplprebuilds.Reconciliatio } reconciler := prebuilds.NewStoreReconciler(api.Database, api.Pubsub, api.DeploymentValues.Prebuilds, - api.Logger.Named("prebuilds"), quartz.NewReal(), api.PrometheusRegistry) + api.Logger.Named("prebuilds"), quartz.NewReal(), api.PrometheusRegistry, api.NotificationsEnqueuer) return reconciler, prebuilds.NewEnterpriseClaimer(api.Database) } diff --git a/enterprise/coderd/prebuilds/claim_test.go b/enterprise/coderd/prebuilds/claim_test.go index ad31d2b4eff1b..5a18600a84602 100644 --- a/enterprise/coderd/prebuilds/claim_test.go +++ b/enterprise/coderd/prebuilds/claim_test.go @@ -147,7 +147,7 @@ func TestClaimPrebuild(t *testing.T) { EntitlementsUpdateInterval: time.Second, }) - reconciler := prebuilds.NewStoreReconciler(spy, pubsub, codersdk.PrebuildsConfig{}, logger, quartz.NewMock(t), prometheus.NewRegistry()) + reconciler := prebuilds.NewStoreReconciler(spy, pubsub, codersdk.PrebuildsConfig{}, logger, quartz.NewMock(t), prometheus.NewRegistry(), newNoopEnqueuer()) var claimer agplprebuilds.Claimer = prebuilds.NewEnterpriseClaimer(spy) api.AGPL.PrebuildsClaimer.Store(&claimer) diff --git a/enterprise/coderd/prebuilds/metricscollector.go b/enterprise/coderd/prebuilds/metricscollector.go index 76089c025243d..7a7734b6f8093 100644 --- a/enterprise/coderd/prebuilds/metricscollector.go +++ b/enterprise/coderd/prebuilds/metricscollector.go @@ -3,6 +3,7 @@ package prebuilds import ( "context" "fmt" + "sync" "sync/atomic" "time" @@ -16,50 +17,73 @@ import ( "github.com/coder/coder/v2/coderd/prebuilds" ) +const ( + namespace = "coderd_prebuilt_workspaces_" + + MetricCreatedCount = namespace + "created_total" + MetricFailedCount = namespace + "failed_total" + MetricClaimedCount = namespace + "claimed_total" + MetricResourceReplacementsCount = namespace + "resource_replacements_total" + MetricDesiredGauge = namespace + "desired" + MetricRunningGauge = namespace + "running" + MetricEligibleGauge = namespace + "eligible" + MetricLastUpdatedGauge = namespace + "metrics_last_updated" +) + var ( labels = []string{"template_name", "preset_name", "organization_name"} createdPrebuildsDesc = prometheus.NewDesc( - "coderd_prebuilt_workspaces_created_total", + MetricCreatedCount, "Total number of prebuilt workspaces that have been created to meet the desired instance count of each "+ "template preset.", labels, nil, ) failedPrebuildsDesc = prometheus.NewDesc( - "coderd_prebuilt_workspaces_failed_total", + MetricFailedCount, "Total number of prebuilt workspaces that failed to build.", labels, nil, ) claimedPrebuildsDesc = prometheus.NewDesc( - "coderd_prebuilt_workspaces_claimed_total", + MetricClaimedCount, "Total number of prebuilt workspaces which were claimed by users. Claiming refers to creating a workspace "+ "with a preset selected for which eligible prebuilt workspaces are available and one is reassigned to a user.", labels, nil, ) + resourceReplacementsDesc = prometheus.NewDesc( + MetricResourceReplacementsCount, + "Total number of prebuilt workspaces whose resource(s) got replaced upon being claimed. "+ + "In Terraform, drift on immutable attributes results in resource replacement. "+ + "This represents a worst-case scenario for prebuilt workspaces because the pre-provisioned resource "+ + "would have been recreated when claiming, thus obviating the point of pre-provisioning. "+ + "See https://coder.com/docs/admin/templates/extending-templates/prebuilt-workspaces#preventing-resource-replacement", + labels, + nil, + ) desiredPrebuildsDesc = prometheus.NewDesc( - "coderd_prebuilt_workspaces_desired", + MetricDesiredGauge, "Target number of prebuilt workspaces that should be available for each template preset.", labels, nil, ) runningPrebuildsDesc = prometheus.NewDesc( - "coderd_prebuilt_workspaces_running", + MetricRunningGauge, "Current number of prebuilt workspaces that are in a running state. These workspaces have started "+ "successfully but may not yet be claimable by users (see coderd_prebuilt_workspaces_eligible).", labels, nil, ) eligiblePrebuildsDesc = prometheus.NewDesc( - "coderd_prebuilt_workspaces_eligible", + MetricEligibleGauge, "Current number of prebuilt workspaces that are eligible to be claimed by users. These are workspaces that "+ "have completed their build process with their agent reporting 'ready' status.", labels, nil, ) lastUpdateDesc = prometheus.NewDesc( - "coderd_prebuilt_workspaces_metrics_last_updated", + MetricLastUpdatedGauge, "The unix timestamp when the metrics related to prebuilt workspaces were last updated; these metrics are cached.", []string{}, nil, @@ -77,6 +101,9 @@ type MetricsCollector struct { snapshotter prebuilds.StateSnapshotter latestState atomic.Pointer[metricsState] + + replacementsCounter map[replacementKey]float64 + replacementsCounterMu sync.Mutex } var _ prometheus.Collector = new(MetricsCollector) @@ -84,9 +111,10 @@ var _ prometheus.Collector = new(MetricsCollector) func NewMetricsCollector(db database.Store, logger slog.Logger, snapshotter prebuilds.StateSnapshotter) *MetricsCollector { log := logger.Named("prebuilds_metrics_collector") return &MetricsCollector{ - database: db, - logger: log, - snapshotter: snapshotter, + database: db, + logger: log, + snapshotter: snapshotter, + replacementsCounter: make(map[replacementKey]float64), } } @@ -94,6 +122,7 @@ func (*MetricsCollector) Describe(descCh chan<- *prometheus.Desc) { descCh <- createdPrebuildsDesc descCh <- failedPrebuildsDesc descCh <- claimedPrebuildsDesc + descCh <- resourceReplacementsDesc descCh <- desiredPrebuildsDesc descCh <- runningPrebuildsDesc descCh <- eligiblePrebuildsDesc @@ -117,11 +146,21 @@ func (mc *MetricsCollector) Collect(metricsCh chan<- prometheus.Metric) { metricsCh <- prometheus.MustNewConstMetric(claimedPrebuildsDesc, prometheus.CounterValue, float64(metric.ClaimedCount), metric.TemplateName, metric.PresetName, metric.OrganizationName) } + mc.replacementsCounterMu.Lock() + for key, val := range mc.replacementsCounter { + metricsCh <- prometheus.MustNewConstMetric(resourceReplacementsDesc, prometheus.CounterValue, val, key.templateName, key.presetName, key.orgName) + } + mc.replacementsCounterMu.Unlock() + for _, preset := range currentState.snapshot.Presets { if !preset.UsingActiveVersion { continue } + if preset.Deleted { + continue + } + presetSnapshot, err := currentState.snapshot.FilterByPreset(preset.ID) if err != nil { mc.logger.Error(context.Background(), "failed to filter by preset", slog.Error(err)) @@ -187,3 +226,24 @@ func (mc *MetricsCollector) UpdateState(ctx context.Context, timeout time.Durati }) return nil } + +type replacementKey struct { + orgName, templateName, presetName string +} + +func (k replacementKey) String() string { + return fmt.Sprintf("%s:%s:%s", k.orgName, k.templateName, k.presetName) +} + +func (mc *MetricsCollector) trackResourceReplacement(orgName, templateName, presetName string) { + mc.replacementsCounterMu.Lock() + defer mc.replacementsCounterMu.Unlock() + + key := replacementKey{orgName: orgName, templateName: templateName, presetName: presetName} + + // We only track _that_ a resource replacement occurred, not how many. + // Just one is enough to ruin a prebuild, but we can't know apriori which replacement would cause this. + // For example, say we have 2 replacements: a docker_container and a null_resource; we don't know which one might + // cause an issue (or indeed if either would), so we just track the replacement. + mc.replacementsCounter[key]++ +} diff --git a/enterprise/coderd/prebuilds/metricscollector_test.go b/enterprise/coderd/prebuilds/metricscollector_test.go index de3f5d017f715..dce9e07dd110f 100644 --- a/enterprise/coderd/prebuilds/metricscollector_test.go +++ b/enterprise/coderd/prebuilds/metricscollector_test.go @@ -19,6 +19,7 @@ import ( "github.com/coder/coder/v2/coderd/database/dbauthz" "github.com/coder/coder/v2/coderd/database/dbgen" "github.com/coder/coder/v2/coderd/database/dbtestutil" + "github.com/coder/coder/v2/coderd/database/dbtime" agplprebuilds "github.com/coder/coder/v2/coderd/prebuilds" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/enterprise/coderd/prebuilds" @@ -57,12 +58,12 @@ func TestMetricsCollector(t *testing.T) { initiatorIDs: []uuid.UUID{agplprebuilds.SystemUserID}, ownerIDs: []uuid.UUID{agplprebuilds.SystemUserID}, metrics: []metricCheck{ - {"coderd_prebuilt_workspaces_created_total", ptr.To(1.0), true}, - {"coderd_prebuilt_workspaces_claimed_total", ptr.To(0.0), true}, - {"coderd_prebuilt_workspaces_failed_total", ptr.To(0.0), true}, - {"coderd_prebuilt_workspaces_desired", ptr.To(1.0), false}, - {"coderd_prebuilt_workspaces_running", ptr.To(0.0), false}, - {"coderd_prebuilt_workspaces_eligible", ptr.To(0.0), false}, + {prebuilds.MetricCreatedCount, ptr.To(1.0), true}, + {prebuilds.MetricClaimedCount, ptr.To(0.0), true}, + {prebuilds.MetricFailedCount, ptr.To(0.0), true}, + {prebuilds.MetricDesiredGauge, ptr.To(1.0), false}, + {prebuilds.MetricRunningGauge, ptr.To(0.0), false}, + {prebuilds.MetricEligibleGauge, ptr.To(0.0), false}, }, templateDeleted: []bool{false}, eligible: []bool{false}, @@ -74,12 +75,12 @@ func TestMetricsCollector(t *testing.T) { initiatorIDs: []uuid.UUID{agplprebuilds.SystemUserID}, ownerIDs: []uuid.UUID{agplprebuilds.SystemUserID}, metrics: []metricCheck{ - {"coderd_prebuilt_workspaces_created_total", ptr.To(1.0), true}, - {"coderd_prebuilt_workspaces_claimed_total", ptr.To(0.0), true}, - {"coderd_prebuilt_workspaces_failed_total", ptr.To(0.0), true}, - {"coderd_prebuilt_workspaces_desired", ptr.To(1.0), false}, - {"coderd_prebuilt_workspaces_running", ptr.To(1.0), false}, - {"coderd_prebuilt_workspaces_eligible", ptr.To(0.0), false}, + {prebuilds.MetricCreatedCount, ptr.To(1.0), true}, + {prebuilds.MetricClaimedCount, ptr.To(0.0), true}, + {prebuilds.MetricFailedCount, ptr.To(0.0), true}, + {prebuilds.MetricDesiredGauge, ptr.To(1.0), false}, + {prebuilds.MetricRunningGauge, ptr.To(1.0), false}, + {prebuilds.MetricEligibleGauge, ptr.To(0.0), false}, }, templateDeleted: []bool{false}, eligible: []bool{false}, @@ -91,11 +92,11 @@ func TestMetricsCollector(t *testing.T) { initiatorIDs: []uuid.UUID{agplprebuilds.SystemUserID}, ownerIDs: []uuid.UUID{agplprebuilds.SystemUserID, uuid.New()}, metrics: []metricCheck{ - {"coderd_prebuilt_workspaces_created_total", ptr.To(1.0), true}, - {"coderd_prebuilt_workspaces_failed_total", ptr.To(1.0), true}, - {"coderd_prebuilt_workspaces_desired", ptr.To(1.0), false}, - {"coderd_prebuilt_workspaces_running", ptr.To(0.0), false}, - {"coderd_prebuilt_workspaces_eligible", ptr.To(0.0), false}, + {prebuilds.MetricCreatedCount, ptr.To(1.0), true}, + {prebuilds.MetricFailedCount, ptr.To(1.0), true}, + {prebuilds.MetricDesiredGauge, ptr.To(1.0), false}, + {prebuilds.MetricRunningGauge, ptr.To(0.0), false}, + {prebuilds.MetricEligibleGauge, ptr.To(0.0), false}, }, templateDeleted: []bool{false}, eligible: []bool{false}, @@ -107,12 +108,12 @@ func TestMetricsCollector(t *testing.T) { initiatorIDs: []uuid.UUID{agplprebuilds.SystemUserID}, ownerIDs: []uuid.UUID{agplprebuilds.SystemUserID}, metrics: []metricCheck{ - {"coderd_prebuilt_workspaces_created_total", ptr.To(1.0), true}, - {"coderd_prebuilt_workspaces_claimed_total", ptr.To(0.0), true}, - {"coderd_prebuilt_workspaces_failed_total", ptr.To(0.0), true}, - {"coderd_prebuilt_workspaces_desired", ptr.To(1.0), false}, - {"coderd_prebuilt_workspaces_running", ptr.To(1.0), false}, - {"coderd_prebuilt_workspaces_eligible", ptr.To(1.0), false}, + {prebuilds.MetricCreatedCount, ptr.To(1.0), true}, + {prebuilds.MetricClaimedCount, ptr.To(0.0), true}, + {prebuilds.MetricFailedCount, ptr.To(0.0), true}, + {prebuilds.MetricDesiredGauge, ptr.To(1.0), false}, + {prebuilds.MetricRunningGauge, ptr.To(1.0), false}, + {prebuilds.MetricEligibleGauge, ptr.To(1.0), false}, }, templateDeleted: []bool{false}, eligible: []bool{true}, @@ -124,12 +125,12 @@ func TestMetricsCollector(t *testing.T) { initiatorIDs: []uuid.UUID{agplprebuilds.SystemUserID}, ownerIDs: []uuid.UUID{agplprebuilds.SystemUserID}, metrics: []metricCheck{ - {"coderd_prebuilt_workspaces_created_total", ptr.To(1.0), true}, - {"coderd_prebuilt_workspaces_claimed_total", ptr.To(0.0), true}, - {"coderd_prebuilt_workspaces_failed_total", ptr.To(0.0), true}, - {"coderd_prebuilt_workspaces_desired", ptr.To(1.0), false}, - {"coderd_prebuilt_workspaces_running", ptr.To(1.0), false}, - {"coderd_prebuilt_workspaces_eligible", ptr.To(0.0), false}, + {prebuilds.MetricCreatedCount, ptr.To(1.0), true}, + {prebuilds.MetricClaimedCount, ptr.To(0.0), true}, + {prebuilds.MetricFailedCount, ptr.To(0.0), true}, + {prebuilds.MetricDesiredGauge, ptr.To(1.0), false}, + {prebuilds.MetricRunningGauge, ptr.To(1.0), false}, + {prebuilds.MetricEligibleGauge, ptr.To(0.0), false}, }, templateDeleted: []bool{false}, eligible: []bool{false}, @@ -141,11 +142,11 @@ func TestMetricsCollector(t *testing.T) { initiatorIDs: []uuid.UUID{agplprebuilds.SystemUserID}, ownerIDs: []uuid.UUID{uuid.New()}, metrics: []metricCheck{ - {"coderd_prebuilt_workspaces_created_total", ptr.To(1.0), true}, - {"coderd_prebuilt_workspaces_claimed_total", ptr.To(1.0), true}, - {"coderd_prebuilt_workspaces_desired", ptr.To(1.0), false}, - {"coderd_prebuilt_workspaces_running", ptr.To(0.0), false}, - {"coderd_prebuilt_workspaces_eligible", ptr.To(0.0), false}, + {prebuilds.MetricCreatedCount, ptr.To(1.0), true}, + {prebuilds.MetricClaimedCount, ptr.To(1.0), true}, + {prebuilds.MetricDesiredGauge, ptr.To(1.0), false}, + {prebuilds.MetricRunningGauge, ptr.To(0.0), false}, + {prebuilds.MetricEligibleGauge, ptr.To(0.0), false}, }, templateDeleted: []bool{false}, eligible: []bool{false}, @@ -157,35 +158,20 @@ func TestMetricsCollector(t *testing.T) { initiatorIDs: []uuid.UUID{uuid.New()}, ownerIDs: []uuid.UUID{uuid.New()}, metrics: []metricCheck{ - {"coderd_prebuilt_workspaces_desired", ptr.To(1.0), false}, - {"coderd_prebuilt_workspaces_running", ptr.To(0.0), false}, - {"coderd_prebuilt_workspaces_eligible", ptr.To(0.0), false}, + {prebuilds.MetricDesiredGauge, ptr.To(1.0), false}, + {prebuilds.MetricRunningGauge, ptr.To(0.0), false}, + {prebuilds.MetricEligibleGauge, ptr.To(0.0), false}, }, templateDeleted: []bool{false}, eligible: []bool{false}, }, { - name: "deleted templates never desire prebuilds", - transitions: allTransitions, - jobStatuses: allJobStatuses, - initiatorIDs: []uuid.UUID{agplprebuilds.SystemUserID}, - ownerIDs: []uuid.UUID{agplprebuilds.SystemUserID, uuid.New()}, - metrics: []metricCheck{ - {"coderd_prebuilt_workspaces_desired", ptr.To(0.0), false}, - }, - templateDeleted: []bool{true}, - eligible: []bool{false}, - }, - { - name: "running prebuilds for deleted templates are still counted, so that they can be deleted", - transitions: []database.WorkspaceTransition{database.WorkspaceTransitionStart}, - jobStatuses: []database.ProvisionerJobStatus{database.ProvisionerJobStatusSucceeded}, - initiatorIDs: []uuid.UUID{agplprebuilds.SystemUserID}, - ownerIDs: []uuid.UUID{agplprebuilds.SystemUserID}, - metrics: []metricCheck{ - {"coderd_prebuilt_workspaces_running", ptr.To(1.0), false}, - {"coderd_prebuilt_workspaces_eligible", ptr.To(0.0), false}, - }, + name: "deleted templates should not be included in exported metrics", + transitions: allTransitions, + jobStatuses: allJobStatuses, + initiatorIDs: []uuid.UUID{agplprebuilds.SystemUserID}, + ownerIDs: []uuid.UUID{agplprebuilds.SystemUserID, uuid.New()}, + metrics: nil, templateDeleted: []bool{true}, eligible: []bool{false}, }, @@ -220,7 +206,7 @@ func TestMetricsCollector(t *testing.T) { }) clock := quartz.NewMock(t) db, pubsub := dbtestutil.NewDB(t) - reconciler := prebuilds.NewStoreReconciler(db, pubsub, codersdk.PrebuildsConfig{}, logger, quartz.NewMock(t), prometheus.NewRegistry()) + reconciler := prebuilds.NewStoreReconciler(db, pubsub, codersdk.PrebuildsConfig{}, logger, quartz.NewMock(t), prometheus.NewRegistry(), newNoopEnqueuer()) ctx := testutil.Context(t, testutil.WaitLong) createdUsers := []uuid.UUID{agplprebuilds.SystemUserID} @@ -242,7 +228,7 @@ func TestMetricsCollector(t *testing.T) { org, template := setupTestDBTemplate(t, db, ownerID, templateDeleted) templateVersionID := setupTestDBTemplateVersion(ctx, t, clock, db, pubsub, org.ID, ownerID, template.ID) preset := setupTestDBPreset(t, db, templateVersionID, 1, uuid.New().String()) - workspace := setupTestDBWorkspace( + workspace, _ := setupTestDBWorkspace( t, clock, db, pubsub, transition, jobStatus, org.ID, preset, template.ID, templateVersionID, initiatorID, ownerID, ) @@ -281,6 +267,12 @@ func TestMetricsCollector(t *testing.T) { "organization_name": org.Name, } + // If no expected metrics have been defined, ensure we don't find any metric series (i.e. metrics with given labels). + if test.metrics == nil { + series := findAllMetricSeries(metricsFamilies, labels) + require.Empty(t, series) + } + for _, check := range test.metrics { metric := findMetric(metricsFamilies, check.name, labels) if check.value == nil { @@ -307,6 +299,131 @@ func TestMetricsCollector(t *testing.T) { } } +// TestMetricsCollector_DuplicateTemplateNames validates a bug that we saw previously which caused duplicate metric series +// registration when a template was deleted and a new one created with the same name (and preset name). +// We are now excluding deleted templates from our metric collection. +func TestMetricsCollector_DuplicateTemplateNames(t *testing.T) { + t.Parallel() + + if !dbtestutil.WillUsePostgres() { + t.Skip("this test requires postgres") + } + + type metricCheck struct { + name string + value *float64 + isCounter bool + } + + type testCase struct { + transition database.WorkspaceTransition + jobStatus database.ProvisionerJobStatus + initiatorID uuid.UUID + ownerID uuid.UUID + metrics []metricCheck + eligible bool + } + + test := testCase{ + transition: database.WorkspaceTransitionStart, + jobStatus: database.ProvisionerJobStatusSucceeded, + initiatorID: agplprebuilds.SystemUserID, + ownerID: agplprebuilds.SystemUserID, + metrics: []metricCheck{ + {prebuilds.MetricCreatedCount, ptr.To(1.0), true}, + {prebuilds.MetricClaimedCount, ptr.To(0.0), true}, + {prebuilds.MetricFailedCount, ptr.To(0.0), true}, + {prebuilds.MetricDesiredGauge, ptr.To(1.0), false}, + {prebuilds.MetricRunningGauge, ptr.To(1.0), false}, + {prebuilds.MetricEligibleGauge, ptr.To(1.0), false}, + }, + eligible: true, + } + + logger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}) + clock := quartz.NewMock(t) + db, pubsub := dbtestutil.NewDB(t) + reconciler := prebuilds.NewStoreReconciler(db, pubsub, codersdk.PrebuildsConfig{}, logger, quartz.NewMock(t), prometheus.NewRegistry(), newNoopEnqueuer()) + ctx := testutil.Context(t, testutil.WaitLong) + + collector := prebuilds.NewMetricsCollector(db, logger, reconciler) + registry := prometheus.NewPedanticRegistry() + registry.Register(collector) + + presetName := "default-preset" + defaultOrg := dbgen.Organization(t, db, database.Organization{}) + setupTemplateWithDeps := func() database.Template { + template := setupTestDBTemplateWithinOrg(t, db, test.ownerID, false, "default-template", defaultOrg) + templateVersionID := setupTestDBTemplateVersion(ctx, t, clock, db, pubsub, defaultOrg.ID, test.ownerID, template.ID) + preset := setupTestDBPreset(t, db, templateVersionID, 1, "default-preset") + workspace, _ := setupTestDBWorkspace( + t, clock, db, pubsub, + test.transition, test.jobStatus, defaultOrg.ID, preset, template.ID, templateVersionID, test.initiatorID, test.ownerID, + ) + setupTestDBWorkspaceAgent(t, db, workspace.ID, test.eligible) + return template + } + + // When: starting with a regular template. + template := setupTemplateWithDeps() + labels := map[string]string{ + "template_name": template.Name, + "preset_name": presetName, + "organization_name": defaultOrg.Name, + } + + // nolint:gocritic // Authz context needed to retrieve state. + ctx = dbauthz.AsPrebuildsOrchestrator(ctx) + + // Then: metrics collect successfully. + require.NoError(t, collector.UpdateState(ctx, testutil.WaitLong)) + metricsFamilies, err := registry.Gather() + require.NoError(t, err) + require.NotEmpty(t, findAllMetricSeries(metricsFamilies, labels)) + + // When: the template is deleted. + require.NoError(t, db.UpdateTemplateDeletedByID(ctx, database.UpdateTemplateDeletedByIDParams{ + ID: template.ID, + Deleted: true, + UpdatedAt: dbtime.Now(), + })) + + // Then: metrics collect successfully but are empty because the template is deleted. + require.NoError(t, collector.UpdateState(ctx, testutil.WaitLong)) + metricsFamilies, err = registry.Gather() + require.NoError(t, err) + require.Empty(t, findAllMetricSeries(metricsFamilies, labels)) + + // When: a new template is created with the same name as the deleted template. + newTemplate := setupTemplateWithDeps() + + // Ensure the database has both the new and old (delete) template. + { + deleted, err := db.GetTemplateByOrganizationAndName(ctx, database.GetTemplateByOrganizationAndNameParams{ + OrganizationID: template.OrganizationID, + Deleted: true, + Name: template.Name, + }) + require.NoError(t, err) + require.Equal(t, template.ID, deleted.ID) + + current, err := db.GetTemplateByOrganizationAndName(ctx, database.GetTemplateByOrganizationAndNameParams{ + // Use details from deleted template to ensure they're aligned. + OrganizationID: template.OrganizationID, + Deleted: false, + Name: template.Name, + }) + require.NoError(t, err) + require.Equal(t, newTemplate.ID, current.ID) + } + + // Then: metrics collect successfully. + require.NoError(t, collector.UpdateState(ctx, testutil.WaitLong)) + metricsFamilies, err = registry.Gather() + require.NoError(t, err) + require.NotEmpty(t, findAllMetricSeries(metricsFamilies, labels)) +} + func findMetric(metricsFamilies []*prometheus_client.MetricFamily, name string, labels map[string]string) *prometheus_client.Metric { for _, metricFamily := range metricsFamilies { if metricFamily.GetName() != name { @@ -334,3 +451,33 @@ func findMetric(metricsFamilies []*prometheus_client.MetricFamily, name string, } return nil } + +// findAllMetricSeries finds all metrics with a given set of labels. +func findAllMetricSeries(metricsFamilies []*prometheus_client.MetricFamily, labels map[string]string) map[string]*prometheus_client.Metric { + series := make(map[string]*prometheus_client.Metric) + for _, metricFamily := range metricsFamilies { + for _, metric := range metricFamily.GetMetric() { + labelPairs := metric.GetLabel() + + if len(labelPairs) != len(labels) { + continue + } + + // Convert label pairs to map for easier lookup + metricLabels := make(map[string]string, len(labelPairs)) + for _, label := range labelPairs { + metricLabels[label.GetName()] = label.GetValue() + } + + // Check if all requested labels match + for wantName, wantValue := range labels { + if metricLabels[wantName] != wantValue { + continue + } + } + + series[metricFamily.GetName()] = metric + } + } + return series +} diff --git a/enterprise/coderd/prebuilds/reconcile.go b/enterprise/coderd/prebuilds/reconcile.go index 79a8baa337e72..f9588a5d7cacb 100644 --- a/enterprise/coderd/prebuilds/reconcile.go +++ b/enterprise/coderd/prebuilds/reconcile.go @@ -3,8 +3,10 @@ package prebuilds import ( "context" "database/sql" + "errors" "fmt" "math" + "strings" "sync" "sync/atomic" "time" @@ -19,11 +21,13 @@ import ( "github.com/coder/coder/v2/coderd/database/dbauthz" "github.com/coder/coder/v2/coderd/database/provisionerjobs" "github.com/coder/coder/v2/coderd/database/pubsub" + "github.com/coder/coder/v2/coderd/notifications" "github.com/coder/coder/v2/coderd/prebuilds" "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/coderd/rbac/policy" "github.com/coder/coder/v2/coderd/wsbuilder" "github.com/coder/coder/v2/codersdk" + sdkproto "github.com/coder/coder/v2/provisionersdk/proto" "cdr.dev/slog" @@ -40,6 +44,7 @@ type StoreReconciler struct { clock quartz.Clock registerer prometheus.Registerer metrics *MetricsCollector + notifEnq notifications.Enqueuer cancelFn context.CancelCauseFunc running atomic.Bool @@ -56,6 +61,7 @@ func NewStoreReconciler(store database.Store, logger slog.Logger, clock quartz.Clock, registerer prometheus.Registerer, + notifEnq notifications.Enqueuer, ) *StoreReconciler { reconciler := &StoreReconciler{ store: store, @@ -64,6 +70,7 @@ func NewStoreReconciler(store database.Store, cfg: cfg, clock: clock, registerer: registerer, + notifEnq: notifEnq, done: make(chan struct{}, 1), provisionNotifyCh: make(chan database.ProvisionerJob, 10), } @@ -633,3 +640,124 @@ func (c *StoreReconciler) provision( return nil } + +// ForceMetricsUpdate forces the metrics collector, if defined, to update its state (we cache the metrics state to +// reduce load on the database). +func (c *StoreReconciler) ForceMetricsUpdate(ctx context.Context) error { + if c.metrics == nil { + return nil + } + + return c.metrics.UpdateState(ctx, time.Second*10) +} + +func (c *StoreReconciler) TrackResourceReplacement(ctx context.Context, workspaceID, buildID uuid.UUID, replacements []*sdkproto.ResourceReplacement) { + // nolint:gocritic // Necessary to query all the required data. + ctx = dbauthz.AsSystemRestricted(ctx) + // Since this may be called in a fire-and-forget fashion, we need to give up at some point. + trackCtx, trackCancel := context.WithTimeout(ctx, time.Minute) + defer trackCancel() + + if err := c.trackResourceReplacement(trackCtx, workspaceID, buildID, replacements); err != nil { + c.logger.Error(ctx, "failed to track resource replacement", slog.Error(err)) + } +} + +// nolint:revive // Shut up it's fine. +func (c *StoreReconciler) trackResourceReplacement(ctx context.Context, workspaceID, buildID uuid.UUID, replacements []*sdkproto.ResourceReplacement) error { + if err := ctx.Err(); err != nil { + return err + } + + workspace, err := c.store.GetWorkspaceByID(ctx, workspaceID) + if err != nil { + return xerrors.Errorf("fetch workspace %q: %w", workspaceID.String(), err) + } + + build, err := c.store.GetWorkspaceBuildByID(ctx, buildID) + if err != nil { + return xerrors.Errorf("fetch workspace build %q: %w", buildID.String(), err) + } + + // The first build will always be the prebuild. + prebuild, err := c.store.GetWorkspaceBuildByWorkspaceIDAndBuildNumber(ctx, database.GetWorkspaceBuildByWorkspaceIDAndBuildNumberParams{ + WorkspaceID: workspaceID, BuildNumber: 1, + }) + if err != nil { + return xerrors.Errorf("fetch prebuild: %w", err) + } + + // This should not be possible, but defend against it. + if !prebuild.TemplateVersionPresetID.Valid || prebuild.TemplateVersionPresetID.UUID == uuid.Nil { + return xerrors.Errorf("no preset used in prebuild for workspace %q", workspaceID.String()) + } + + prebuildPreset, err := c.store.GetPresetByID(ctx, prebuild.TemplateVersionPresetID.UUID) + if err != nil { + return xerrors.Errorf("fetch template preset for template version ID %q: %w", prebuild.TemplateVersionID.String(), err) + } + + claimant, err := c.store.GetUserByID(ctx, workspace.OwnerID) // At this point, the workspace is owned by the new owner. + if err != nil { + return xerrors.Errorf("fetch claimant %q: %w", workspace.OwnerID.String(), err) + } + + // Use the claiming build here (not prebuild) because both should be equivalent, and we might as well spot inconsistencies now. + templateVersion, err := c.store.GetTemplateVersionByID(ctx, build.TemplateVersionID) + if err != nil { + return xerrors.Errorf("fetch template version %q: %w", build.TemplateVersionID.String(), err) + } + + org, err := c.store.GetOrganizationByID(ctx, workspace.OrganizationID) + if err != nil { + return xerrors.Errorf("fetch org %q: %w", workspace.OrganizationID.String(), err) + } + + // Track resource replacement in Prometheus metric. + if c.metrics != nil { + c.metrics.trackResourceReplacement(org.Name, workspace.TemplateName, prebuildPreset.Name) + } + + // Send notification to template admins. + if c.notifEnq == nil { + c.logger.Warn(ctx, "notification enqueuer not set, cannot send resource replacement notification(s)") + return nil + } + + repls := make(map[string]string, len(replacements)) + for _, repl := range replacements { + repls[repl.GetResource()] = strings.Join(repl.GetPaths(), ", ") + } + + templateAdmins, err := c.store.GetUsers(ctx, database.GetUsersParams{ + RbacRole: []string{codersdk.RoleTemplateAdmin}, + }) + if err != nil { + return xerrors.Errorf("fetch template admins: %w", err) + } + + var notifErr error + for _, templateAdmin := range templateAdmins { + if _, err := c.notifEnq.EnqueueWithData(ctx, templateAdmin.ID, notifications.TemplateWorkspaceResourceReplaced, + map[string]string{ + "org": org.Name, + "workspace": workspace.Name, + "template": workspace.TemplateName, + "template_version": templateVersion.Name, + "preset": prebuildPreset.Name, + "workspace_build_num": fmt.Sprintf("%d", build.BuildNumber), + "claimant": claimant.Username, + }, + map[string]any{ + "replacements": repls, + }, "prebuilds_reconciler", + // Associate this notification with all the related entities. + workspace.ID, workspace.OwnerID, workspace.TemplateID, templateVersion.ID, prebuildPreset.ID, workspace.OrganizationID, + ); err != nil { + notifErr = errors.Join(xerrors.Errorf("send notification to %q: %w", templateAdmin.ID.String(), err)) + continue + } + } + + return notifErr +} diff --git a/enterprise/coderd/prebuilds/reconcile_test.go b/enterprise/coderd/prebuilds/reconcile_test.go index a1666134a7965..660b1733e6cc9 100644 --- a/enterprise/coderd/prebuilds/reconcile_test.go +++ b/enterprise/coderd/prebuilds/reconcile_test.go @@ -9,10 +9,14 @@ import ( "time" "github.com/prometheus/client_golang/prometheus" + "github.com/stretchr/testify/assert" "golang.org/x/xerrors" "github.com/coder/coder/v2/coderd/database/dbtime" + "github.com/coder/coder/v2/coderd/notifications" + "github.com/coder/coder/v2/coderd/notifications/notificationstest" "github.com/coder/coder/v2/coderd/util/slice" + sdkproto "github.com/coder/coder/v2/provisionersdk/proto" "github.com/google/uuid" "github.com/stretchr/testify/require" @@ -49,7 +53,7 @@ func TestNoReconciliationActionsIfNoPresets(t *testing.T) { ReconciliationInterval: serpent.Duration(testutil.WaitLong), } logger := testutil.Logger(t) - controller := prebuilds.NewStoreReconciler(db, ps, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry()) + controller := prebuilds.NewStoreReconciler(db, ps, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry(), newNoopEnqueuer()) // given a template version with no presets org := dbgen.Organization(t, db, database.Organization{}) @@ -94,7 +98,7 @@ func TestNoReconciliationActionsIfNoPrebuilds(t *testing.T) { ReconciliationInterval: serpent.Duration(testutil.WaitLong), } logger := testutil.Logger(t) - controller := prebuilds.NewStoreReconciler(db, ps, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry()) + controller := prebuilds.NewStoreReconciler(db, ps, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry(), newNoopEnqueuer()) // given there are presets, but no prebuilds org := dbgen.Organization(t, db, database.Organization{}) @@ -290,10 +294,15 @@ func TestPrebuildReconciliation(t *testing.T) { templateDeleted: []bool{false}, }, { - name: "delete prebuilds for deleted templates", + // Templates can be soft-deleted (`deleted=true`) or hard-deleted (row is removed). + // On the former there is *no* DB constraint to prevent soft deletion, so we have to ensure that if somehow + // the template was soft-deleted any running prebuilds will be removed. + // On the latter there is a DB constraint to prevent row deletion if any workspaces reference the deleting template. + name: "soft-deleted templates MAY have prebuilds", prebuildLatestTransitions: []database.WorkspaceTransition{database.WorkspaceTransitionStart}, prebuildJobStatuses: []database.ProvisionerJobStatus{database.ProvisionerJobStatusSucceeded}, templateVersionActive: []bool{true, false}, + shouldCreateNewPrebuild: ptr.To(false), shouldDeleteOldPrebuild: ptr.To(true), templateDeleted: []bool{true}, }, @@ -345,7 +354,7 @@ func TestPrebuildReconciliation(t *testing.T) { 1, uuid.New().String(), ) - prebuild := setupTestDBPrebuild( + prebuild, _ := setupTestDBPrebuild( t, clock, db, @@ -367,7 +376,7 @@ func TestPrebuildReconciliation(t *testing.T) { if useBrokenPubsub { pubSub = &brokenPublisher{Pubsub: pubSub} } - controller := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry()) + controller := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry(), newNoopEnqueuer()) // Run the reconciliation multiple times to ensure idempotency // 8 was arbitrary, but large enough to reasonably trust the result @@ -444,7 +453,7 @@ func TestMultiplePresetsPerTemplateVersion(t *testing.T) { t, &slogtest.Options{IgnoreErrors: true}, ).Leveled(slog.LevelDebug) db, pubSub := dbtestutil.NewDB(t) - controller := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry()) + controller := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry(), newNoopEnqueuer()) ownerID := uuid.New() dbgen.User(t, db, database.User{ @@ -477,7 +486,7 @@ func TestMultiplePresetsPerTemplateVersion(t *testing.T) { ) prebuildIDs := make([]uuid.UUID, 0) for i := 0; i < int(preset.DesiredInstances.Int32); i++ { - prebuild := setupTestDBPrebuild( + prebuild, _ := setupTestDBPrebuild( t, clock, db, @@ -528,7 +537,7 @@ func TestInvalidPreset(t *testing.T) { t, &slogtest.Options{IgnoreErrors: true}, ).Leveled(slog.LevelDebug) db, pubSub := dbtestutil.NewDB(t) - controller := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry()) + controller := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry(), newNoopEnqueuer()) ownerID := uuid.New() dbgen.User(t, db, database.User{ @@ -592,7 +601,7 @@ func TestDeletionOfPrebuiltWorkspaceWithInvalidPreset(t *testing.T) { t, &slogtest.Options{IgnoreErrors: true}, ).Leveled(slog.LevelDebug) db, pubSub := dbtestutil.NewDB(t) - controller := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry()) + controller := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, quartz.NewMock(t), prometheus.NewRegistry(), newNoopEnqueuer()) ownerID := uuid.New() dbgen.User(t, db, database.User{ @@ -601,7 +610,7 @@ func TestDeletionOfPrebuiltWorkspaceWithInvalidPreset(t *testing.T) { org, template := setupTestDBTemplate(t, db, ownerID, templateDeleted) templateVersionID := setupTestDBTemplateVersion(ctx, t, clock, db, pubSub, org.ID, ownerID, template.ID) preset := setupTestDBPreset(t, db, templateVersionID, 1, uuid.New().String()) - prebuiltWorkspace := setupTestDBPrebuild( + prebuiltWorkspace, _ := setupTestDBPrebuild( t, clock, db, @@ -669,7 +678,7 @@ func TestRunLoop(t *testing.T) { t, &slogtest.Options{IgnoreErrors: true}, ).Leveled(slog.LevelDebug) db, pubSub := dbtestutil.NewDB(t) - reconciler := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, clock, prometheus.NewRegistry()) + reconciler := prebuilds.NewStoreReconciler(db, pubSub, cfg, logger, clock, prometheus.NewRegistry(), newNoopEnqueuer()) ownerID := uuid.New() dbgen.User(t, db, database.User{ @@ -702,7 +711,7 @@ func TestRunLoop(t *testing.T) { ) prebuildIDs := make([]uuid.UUID, 0) for i := 0; i < int(preset.DesiredInstances.Int32); i++ { - prebuild := setupTestDBPrebuild( + prebuild, _ := setupTestDBPrebuild( t, clock, db, @@ -799,7 +808,7 @@ func TestFailedBuildBackoff(t *testing.T) { t, &slogtest.Options{IgnoreErrors: true}, ).Leveled(slog.LevelDebug) db, ps := dbtestutil.NewDB(t) - reconciler := prebuilds.NewStoreReconciler(db, ps, cfg, logger, clock, prometheus.NewRegistry()) + reconciler := prebuilds.NewStoreReconciler(db, ps, cfg, logger, clock, prometheus.NewRegistry(), newNoopEnqueuer()) // Given: an active template version with presets and prebuilds configured. const desiredInstances = 2 @@ -812,7 +821,7 @@ func TestFailedBuildBackoff(t *testing.T) { preset := setupTestDBPreset(t, db, templateVersionID, desiredInstances, "test") for range desiredInstances { - _ = setupTestDBPrebuild(t, clock, db, ps, database.WorkspaceTransitionStart, database.ProvisionerJobStatusFailed, org.ID, preset, template.ID, templateVersionID) + _, _ = setupTestDBPrebuild(t, clock, db, ps, database.WorkspaceTransitionStart, database.ProvisionerJobStatusFailed, org.ID, preset, template.ID, templateVersionID) } // When: determining what actions to take next, backoff is calculated because the prebuild is in a failed state. @@ -873,7 +882,7 @@ func TestFailedBuildBackoff(t *testing.T) { if i == 1 { status = database.ProvisionerJobStatusSucceeded } - _ = setupTestDBPrebuild(t, clock, db, ps, database.WorkspaceTransitionStart, status, org.ID, preset, template.ID, templateVersionID) + _, _ = setupTestDBPrebuild(t, clock, db, ps, database.WorkspaceTransitionStart, status, org.ID, preset, template.ID, templateVersionID) } // Then: the backoff time is roughly equal to two backoff intervals, since another build has failed. @@ -914,7 +923,8 @@ func TestReconciliationLock(t *testing.T) { codersdk.PrebuildsConfig{}, slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelDebug), quartz.NewMock(t), - prometheus.NewRegistry()) + prometheus.NewRegistry(), + newNoopEnqueuer()) reconciler.WithReconciliationLock(ctx, logger, func(_ context.Context, _ database.Store) error { lockObtained := mutex.TryLock() // As long as the postgres lock is held, this mutex should always be unlocked when we get here. @@ -931,6 +941,102 @@ func TestReconciliationLock(t *testing.T) { wg.Wait() } +func TestTrackResourceReplacement(t *testing.T) { + t.Parallel() + + if !dbtestutil.WillUsePostgres() { + t.Skip("This test requires postgres") + } + + ctx := testutil.Context(t, testutil.WaitSuperLong) + + // Setup. + clock := quartz.NewMock(t) + logger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: false}).Leveled(slog.LevelDebug) + db, ps := dbtestutil.NewDB(t) + + fakeEnqueuer := newFakeEnqueuer() + registry := prometheus.NewRegistry() + reconciler := prebuilds.NewStoreReconciler(db, ps, codersdk.PrebuildsConfig{}, logger, clock, registry, fakeEnqueuer) + + // Given: a template admin to receive a notification. + templateAdmin := dbgen.User(t, db, database.User{ + RBACRoles: []string{codersdk.RoleTemplateAdmin}, + }) + + // Given: a prebuilt workspace. + userID := uuid.New() + dbgen.User(t, db, database.User{ID: userID}) + org, template := setupTestDBTemplate(t, db, userID, false) + templateVersionID := setupTestDBTemplateVersion(ctx, t, clock, db, ps, org.ID, userID, template.ID) + preset := setupTestDBPreset(t, db, templateVersionID, 1, "b0rked") + prebuiltWorkspace, prebuild := setupTestDBPrebuild(t, clock, db, ps, database.WorkspaceTransitionStart, database.ProvisionerJobStatusSucceeded, org.ID, preset, template.ID, templateVersionID) + + // Given: no replacement has been tracked yet, we should not see a metric for it yet. + require.NoError(t, reconciler.ForceMetricsUpdate(ctx)) + mf, err := registry.Gather() + require.NoError(t, err) + require.Nil(t, findMetric(mf, prebuilds.MetricResourceReplacementsCount, map[string]string{ + "template_name": template.Name, + "preset_name": preset.Name, + "org_name": org.Name, + })) + + // When: a claim occurred and resource replacements are detected (_how_ is out of scope of this test). + reconciler.TrackResourceReplacement(ctx, prebuiltWorkspace.ID, prebuild.ID, []*sdkproto.ResourceReplacement{ + { + Resource: "docker_container[0]", + Paths: []string{"env", "image"}, + }, + { + Resource: "docker_volume[0]", + Paths: []string{"name"}, + }, + }) + + // Then: a notification will be sent detailing the replacement(s). + matching := fakeEnqueuer.Sent(func(notification *notificationstest.FakeNotification) bool { + // This is not an exhaustive check of the expected labels/data in the notification. This would tie the implementations + // too tightly together. + // All we need to validate is that a template of the right kind was sent, to the expected user, with some replacements. + + if !assert.Equal(t, notification.TemplateID, notifications.TemplateWorkspaceResourceReplaced, "unexpected template") { + return false + } + + if !assert.Equal(t, templateAdmin.ID, notification.UserID, "unexpected receiver") { + return false + } + + if !assert.Len(t, notification.Data["replacements"], 2, "unexpected replacements count") { + return false + } + + return true + }) + require.Len(t, matching, 1) + + // Then: the metric will be incremented. + mf, err = registry.Gather() + require.NoError(t, err) + metric := findMetric(mf, prebuilds.MetricResourceReplacementsCount, map[string]string{ + "template_name": template.Name, + "preset_name": preset.Name, + "org_name": org.Name, + }) + require.NotNil(t, metric) + require.NotNil(t, metric.GetCounter()) + require.EqualValues(t, 1, metric.GetCounter().GetValue()) +} + +func newNoopEnqueuer() *notifications.NoopEnqueuer { + return notifications.NewNoopEnqueuer() +} + +func newFakeEnqueuer() *notificationstest.FakeEnqueuer { + return notificationstest.NewFakeEnqueuer() +} + // nolint:revive // It's a control flag, but this is a test. func setupTestDBTemplate( t *testing.T, @@ -959,6 +1065,33 @@ func setupTestDBTemplate( return org, template } +// nolint:revive // It's a control flag, but this is a test. +func setupTestDBTemplateWithinOrg( + t *testing.T, + db database.Store, + userID uuid.UUID, + templateDeleted bool, + templateName string, + org database.Organization, +) database.Template { + t.Helper() + + template := dbgen.Template(t, db, database.Template{ + Name: templateName, + CreatedBy: userID, + OrganizationID: org.ID, + CreatedAt: time.Now().Add(muchEarlier), + }) + if templateDeleted { + ctx := testutil.Context(t, testutil.WaitShort) + require.NoError(t, db.UpdateTemplateDeletedByID(ctx, database.UpdateTemplateDeletedByIDParams{ + ID: template.ID, + Deleted: true, + })) + } + return template +} + const ( earlier = -time.Hour muchEarlier = -time.Hour * 2 @@ -1040,7 +1173,7 @@ func setupTestDBPrebuild( preset database.TemplateVersionPreset, templateID uuid.UUID, templateVersionID uuid.UUID, -) database.WorkspaceTable { +) (database.WorkspaceTable, database.WorkspaceBuild) { t.Helper() return setupTestDBWorkspace(t, clock, db, ps, transition, prebuildStatus, orgID, preset, templateID, templateVersionID, agplprebuilds.SystemUserID, agplprebuilds.SystemUserID) } @@ -1058,7 +1191,7 @@ func setupTestDBWorkspace( templateVersionID uuid.UUID, initiatorID uuid.UUID, ownerID uuid.UUID, -) database.WorkspaceTable { +) (database.WorkspaceTable, database.WorkspaceBuild) { t.Helper() cancelledAt := sql.NullTime{} completedAt := sql.NullTime{} @@ -1117,7 +1250,7 @@ func setupTestDBWorkspace( }, }) - return workspace + return workspace, workspaceBuild } // nolint:revive // It's a control flag, but this is a test. diff --git a/enterprise/coderd/provisionerdaemons.go b/enterprise/coderd/provisionerdaemons.go index 6ffa15851214d..71a32d7c976ba 100644 --- a/enterprise/coderd/provisionerdaemons.go +++ b/enterprise/coderd/provisionerdaemons.go @@ -19,6 +19,8 @@ import ( "storj.io/drpc/drpcserver" "cdr.dev/slog" + "github.com/coder/websocket" + "github.com/coder/coder/v2/coderd/database" "github.com/coder/coder/v2/coderd/database/dbauthz" "github.com/coder/coder/v2/coderd/database/dbtime" @@ -33,7 +35,6 @@ import ( "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/provisionerd/proto" "github.com/coder/coder/v2/provisionersdk" - "github.com/coder/websocket" ) func (api *API) provisionerDaemonsEnabledMW(next http.Handler) http.Handler { @@ -356,6 +357,7 @@ func (api *API) provisionerDaemonServe(rw http.ResponseWriter, r *http.Request) Clock: api.Clock, }, api.NotificationsEnqueuer, + &api.AGPL.PrebuildsReconciler, ) if err != nil { if !xerrors.Is(err, context.Canceled) { diff --git a/enterprise/coderd/workspaceagents_test.go b/enterprise/coderd/workspaceagents_test.go index 4ac374a3c8c8e..44aba69b9ffaa 100644 --- a/enterprise/coderd/workspaceagents_test.go +++ b/enterprise/coderd/workspaceagents_test.go @@ -5,12 +5,19 @@ import ( "crypto/tls" "fmt" "net/http" + "os" + "regexp" "testing" + "time" + + "github.com/coder/coder/v2/coderd/database/dbtestutil" + "github.com/coder/serpent" "github.com/google/uuid" "github.com/stretchr/testify/require" "github.com/coder/coder/v2/agent" + "github.com/coder/coder/v2/cli/clitest" "github.com/coder/coder/v2/coderd/coderdtest" "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/codersdk/agentsdk" @@ -73,6 +80,168 @@ func TestBlockNonBrowser(t *testing.T) { }) } +func TestReinitializeAgent(t *testing.T) { + t.Parallel() + + tempAgentLog := testutil.CreateTemp(t, "", "testReinitializeAgent") + + if !dbtestutil.WillUsePostgres() { + t.Skip("dbmem cannot currently claim a workspace") + } + + db, ps := dbtestutil.NewDB(t) + // GIVEN a live enterprise API with the prebuilds feature enabled + client, user := coderdenttest.New(t, &coderdenttest.Options{ + Options: &coderdtest.Options{ + Database: db, + Pubsub: ps, + DeploymentValues: coderdtest.DeploymentValues(t, func(dv *codersdk.DeploymentValues) { + dv.Prebuilds.ReconciliationInterval = serpent.Duration(time.Second) + dv.Experiments.Append(string(codersdk.ExperimentWorkspacePrebuilds)) + }), + IncludeProvisionerDaemon: true, + }, + LicenseOptions: &coderdenttest.LicenseOptions{ + Features: license.Features{ + codersdk.FeatureWorkspacePrebuilds: 1, + }, + }, + }) + + // GIVEN a template, template version, preset and a prebuilt workspace that uses them all + agentToken := uuid.UUID{3} + version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ + Parse: echo.ParseComplete, + ProvisionPlan: []*proto.Response{ + { + Type: &proto.Response_Plan{ + Plan: &proto.PlanComplete{ + Presets: []*proto.Preset{ + { + Name: "test-preset", + Prebuild: &proto.Prebuild{ + Instances: 1, + }, + }, + }, + Resources: []*proto.Resource{ + { + Agents: []*proto.Agent{ + { + Name: "smith", + OperatingSystem: "linux", + Architecture: "i386", + }, + }, + }, + }, + }, + }, + }, + }, + ProvisionApply: []*proto.Response{ + { + Type: &proto.Response_Apply{ + Apply: &proto.ApplyComplete{ + Resources: []*proto.Resource{ + { + Type: "compute", + Name: "main", + Agents: []*proto.Agent{ + { + Name: "smith", + OperatingSystem: "linux", + Architecture: "i386", + Scripts: []*proto.Script{ + { + RunOnStart: true, + Script: fmt.Sprintf("printenv >> %s; echo '---\n' >> %s", tempAgentLog.Name(), tempAgentLog.Name()), // Make reinitialization take long enough to assert that it happened + }, + }, + Auth: &proto.Agent_Token{ + Token: agentToken.String(), + }, + }, + }, + }, + }, + }, + }, + }, + }, + }) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + + coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + + // Wait for prebuilds to create a prebuilt workspace + ctx := context.Background() + // ctx := testutil.Context(t, testutil.WaitLong) + var ( + prebuildID uuid.UUID + ) + require.Eventually(t, func() bool { + agentAndBuild, err := db.GetWorkspaceAgentAndLatestBuildByAuthToken(ctx, agentToken) + if err != nil { + return false + } + prebuildID = agentAndBuild.WorkspaceBuild.ID + return true + }, testutil.WaitLong, testutil.IntervalFast) + + prebuild := coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, prebuildID) + + preset, err := db.GetPresetByWorkspaceBuildID(ctx, prebuildID) + require.NoError(t, err) + + // GIVEN a running agent + logDir := t.TempDir() + inv, _ := clitest.New(t, + "agent", + "--auth", "token", + "--agent-token", agentToken.String(), + "--agent-url", client.URL.String(), + "--log-dir", logDir, + ) + clitest.Start(t, inv) + + // GIVEN the agent is in a happy steady state + waiter := coderdtest.NewWorkspaceAgentWaiter(t, client, prebuild.WorkspaceID) + waiter.WaitFor(coderdtest.AgentsReady) + + // WHEN a workspace is created that can benefit from prebuilds + anotherClient, anotherUser := coderdtest.CreateAnotherUser(t, client, user.OrganizationID) + workspace, err := anotherClient.CreateUserWorkspace(ctx, anotherUser.ID.String(), codersdk.CreateWorkspaceRequest{ + TemplateVersionID: version.ID, + TemplateVersionPresetID: preset.ID, + Name: "claimed-workspace", + }) + require.NoError(t, err) + + coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) + + // THEN reinitialization completes + waiter.WaitFor(coderdtest.AgentsReady) + + var matches [][]byte + require.Eventually(t, func() bool { + // THEN the agent script ran again and reused the same agent token + contents, err := os.ReadFile(tempAgentLog.Name()) + if err != nil { + return false + } + // UUID regex pattern (matches UUID v4-like strings) + uuidRegex := regexp.MustCompile(`\bCODER_AGENT_TOKEN=(.+)\b`) + + matches = uuidRegex.FindAll(contents, -1) + // When an agent reinitializes, we expect it to run startup scripts again. + // As such, we expect to have written the agent environment to the temp file twice. + // Once on initial startup and then once on reinitialization. + return len(matches) == 2 + }, testutil.WaitLong, testutil.IntervalMedium) + require.Equal(t, matches[0], matches[1]) +} + type setupResp struct { workspace codersdk.Workspace sdkAgent codersdk.WorkspaceAgent diff --git a/enterprise/coderd/workspaces_test.go b/enterprise/coderd/workspaces_test.go index 72859c5460fa7..92a51be33d552 100644 --- a/enterprise/coderd/workspaces_test.go +++ b/enterprise/coderd/workspaces_test.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "database/sql" + "encoding/json" "fmt" "net/http" "os" @@ -13,6 +14,7 @@ import ( "testing" "time" + "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" @@ -30,6 +32,8 @@ import ( "github.com/coder/coder/v2/coderd/database/dbtime" "github.com/coder/coder/v2/coderd/httpmw" "github.com/coder/coder/v2/coderd/notifications" + "github.com/coder/coder/v2/coderd/prebuilds" + "github.com/coder/coder/v2/coderd/provisionerdserver" "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/coderd/rbac/policy" agplschedule "github.com/coder/coder/v2/coderd/schedule" @@ -43,6 +47,7 @@ import ( "github.com/coder/coder/v2/enterprise/coderd/schedule" "github.com/coder/coder/v2/provisioner/echo" "github.com/coder/coder/v2/provisionersdk" + "github.com/coder/coder/v2/provisionersdk/proto" "github.com/coder/coder/v2/testutil" "github.com/coder/quartz" ) @@ -453,6 +458,79 @@ func TestCreateUserWorkspace(t *testing.T) { _, err = client1.CreateUserWorkspace(ctx, user1.ID.String(), req) require.Error(t, err) }) + + t.Run("ClaimPrebuild", func(t *testing.T) { + t.Parallel() + + if !dbtestutil.WillUsePostgres() { + t.Skip("dbmem cannot currently claim a workspace") + } + + client, db, user := coderdenttest.NewWithDatabase(t, &coderdenttest.Options{ + Options: &coderdtest.Options{ + DeploymentValues: coderdtest.DeploymentValues(t, func(dv *codersdk.DeploymentValues) { + err := dv.Experiments.Append(string(codersdk.ExperimentWorkspacePrebuilds)) + require.NoError(t, err) + }), + }, + LicenseOptions: &coderdenttest.LicenseOptions{ + Features: license.Features{ + codersdk.FeatureWorkspacePrebuilds: 1, + }, + }, + }) + + // GIVEN a template, template version, preset and a prebuilt workspace that uses them all + presetID := uuid.New() + tv := dbfake.TemplateVersion(t, db).Seed(database.TemplateVersion{ + OrganizationID: user.OrganizationID, + CreatedBy: user.UserID, + }).Preset(database.TemplateVersionPreset{ + ID: presetID, + }).Do() + + r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{ + OwnerID: prebuilds.SystemUserID, + TemplateID: tv.Template.ID, + }).Seed(database.WorkspaceBuild{ + TemplateVersionID: tv.TemplateVersion.ID, + TemplateVersionPresetID: uuid.NullUUID{ + UUID: presetID, + Valid: true, + }, + }).WithAgent(func(a []*proto.Agent) []*proto.Agent { + return a + }).Do() + + // nolint:gocritic // this is a test + ctx := dbauthz.AsSystemRestricted(testutil.Context(t, testutil.WaitLong)) + agent, err := db.GetWorkspaceAgentAndLatestBuildByAuthToken(ctx, uuid.MustParse(r.AgentToken)) + require.NoError(t, err) + + err = db.UpdateWorkspaceAgentLifecycleStateByID(ctx, database.UpdateWorkspaceAgentLifecycleStateByIDParams{ + ID: agent.WorkspaceAgent.ID, + LifecycleState: database.WorkspaceAgentLifecycleStateReady, + }) + require.NoError(t, err) + + // WHEN a workspace is created that matches the available prebuilt workspace + _, err = client.CreateUserWorkspace(ctx, user.UserID.String(), codersdk.CreateWorkspaceRequest{ + TemplateVersionID: tv.TemplateVersion.ID, + TemplateVersionPresetID: presetID, + Name: "claimed-workspace", + }) + require.NoError(t, err) + + // THEN a new build is scheduled with the build stage specified + build, err := db.GetLatestWorkspaceBuildByWorkspaceID(ctx, r.Workspace.ID) + require.NoError(t, err) + require.NotEqual(t, build.ID, r.Build.ID) + job, err := db.GetProvisionerJobByID(ctx, build.JobID) + require.NoError(t, err) + var metadata provisionerdserver.WorkspaceProvisionJob + require.NoError(t, json.Unmarshal(job.Input, &metadata)) + require.Equal(t, metadata.PrebuiltWorkspaceBuildStage, proto.PrebuiltWorkspaceBuildStage_CLAIM) + }) } func TestWorkspaceAutobuild(t *testing.T) { diff --git a/go.mod b/go.mod index a2f8bda5c97bb..d35266e6a75a7 100644 --- a/go.mod +++ b/go.mod @@ -101,7 +101,7 @@ require ( github.com/coder/quartz v0.1.2 github.com/coder/retry v1.5.1 github.com/coder/serpent v0.10.0 - github.com/coder/terraform-provider-coder/v2 v2.4.0 + github.com/coder/terraform-provider-coder/v2 v2.4.1 github.com/coder/websocket v1.8.13 github.com/coder/wgtunnel v0.1.13-0.20240522110300-ade90dfb2da0 github.com/coreos/go-oidc/v3 v3.14.1 diff --git a/go.sum b/go.sum index 4a2c74f8dc69e..05a1d3ea0f2d7 100644 --- a/go.sum +++ b/go.sum @@ -921,8 +921,8 @@ github.com/coder/tailscale v1.1.1-0.20250422090654-5090e715905e h1:nope/SZfoLB9M github.com/coder/tailscale v1.1.1-0.20250422090654-5090e715905e/go.mod h1:1ggFFdHTRjPRu9Yc1yA7nVHBYB50w9Ce7VIXNqcW6Ko= github.com/coder/terraform-config-inspect v0.0.0-20250107175719-6d06d90c630e h1:JNLPDi2P73laR1oAclY6jWzAbucf70ASAvf5mh2cME0= github.com/coder/terraform-config-inspect v0.0.0-20250107175719-6d06d90c630e/go.mod h1:Gz/z9Hbn+4KSp8A2FBtNszfLSdT2Tn/uAKGuVqqWmDI= -github.com/coder/terraform-provider-coder/v2 v2.4.0 h1:uuFmF03IyahAZLXEukOdmvV9hGfUMJSESD8+G5wkTcM= -github.com/coder/terraform-provider-coder/v2 v2.4.0/go.mod h1:2kaBpn5k9ZWtgKq5k4JbkVZG9DzEqR4mJSmpdshcO+s= +github.com/coder/terraform-provider-coder/v2 v2.4.1 h1:+HxLJVENJ+kvGhibQ0jbr8Evi6M857d9691ytxNbv90= +github.com/coder/terraform-provider-coder/v2 v2.4.1/go.mod h1:2kaBpn5k9ZWtgKq5k4JbkVZG9DzEqR4mJSmpdshcO+s= github.com/coder/trivy v0.0.0-20250409153844-e6b004bc465a h1:yryP7e+IQUAArlycH4hQrjXQ64eRNbxsV5/wuVXHgME= github.com/coder/trivy v0.0.0-20250409153844-e6b004bc465a/go.mod h1:dDvq9axp3kZsT63gY2Znd1iwzfqDq3kXbQnccIrjRYY= github.com/coder/websocket v1.8.13 h1:f3QZdXy7uGVz+4uCJy2nTZyM0yTBj8yANEHhqlXZ9FE= diff --git a/provisioner/terraform/executor.go b/provisioner/terraform/executor.go index 442ed36074eb2..55b37f242ac05 100644 --- a/provisioner/terraform/executor.go +++ b/provisioner/terraform/executor.go @@ -258,7 +258,7 @@ func getStateFilePath(workdir string) string { } // revive:disable-next-line:flag-parameter -func (e *executor) plan(ctx, killCtx context.Context, env, vars []string, logr logSink, destroy bool) (*proto.PlanComplete, error) { +func (e *executor) plan(ctx, killCtx context.Context, env, vars []string, logr logSink, metadata *proto.Metadata) (*proto.PlanComplete, error) { ctx, span := e.server.startTrace(ctx, tracing.FuncName()) defer span.End() @@ -274,6 +274,7 @@ func (e *executor) plan(ctx, killCtx context.Context, env, vars []string, logr l "-refresh=true", "-out=" + planfilePath, } + destroy := metadata.GetWorkspaceTransition() == proto.WorkspaceTransition_DESTROY if destroy { args = append(args, "-destroy") } @@ -302,18 +303,49 @@ func (e *executor) plan(ctx, killCtx context.Context, env, vars []string, logr l state, plan, err := e.planResources(ctx, killCtx, planfilePath) if err != nil { graphTimings.ingest(createGraphTimingsEvent(timingGraphErrored)) - return nil, err + return nil, xerrors.Errorf("plan resources: %w", err) + } + planJSON, err := json.Marshal(plan) + if err != nil { + return nil, xerrors.Errorf("marshal plan: %w", err) } graphTimings.ingest(createGraphTimingsEvent(timingGraphComplete)) + // When a prebuild claim attempt is made, log a warning if a resource is due to be replaced, since this will obviate + // the point of prebuilding if the expensive resource is replaced once claimed! + var ( + isPrebuildClaimAttempt = !destroy && metadata.GetPrebuiltWorkspaceBuildStage().IsPrebuiltWorkspaceClaim() + resReps []*proto.ResourceReplacement + ) + if repsFromPlan := findResourceReplacements(plan); len(repsFromPlan) > 0 { + if isPrebuildClaimAttempt { + // TODO(dannyk): we should log drift always (not just during prebuild claim attempts); we're validating that this output + // will not be overwhelming for end-users, but it'll certainly be super valuable for template admins + // to diagnose this resource replacement issue, at least. + // Once prebuilds moves out of beta, consider deleting this condition. + + // Lock held before calling (see top of method). + e.logDrift(ctx, killCtx, planfilePath, logr) + } + + resReps = make([]*proto.ResourceReplacement, 0, len(repsFromPlan)) + for n, p := range repsFromPlan { + resReps = append(resReps, &proto.ResourceReplacement{ + Resource: n, + Paths: p, + }) + } + } + return &proto.PlanComplete{ Parameters: state.Parameters, Resources: state.Resources, ExternalAuthProviders: state.ExternalAuthProviders, Timings: append(e.timings.aggregate(), graphTimings.aggregate()...), Presets: state.Presets, - Plan: plan, + Plan: planJSON, + ResourceReplacements: resReps, }, nil } @@ -335,11 +367,11 @@ func onlyDataResources(sm tfjson.StateModule) tfjson.StateModule { } // planResources must only be called while the lock is held. -func (e *executor) planResources(ctx, killCtx context.Context, planfilePath string) (*State, json.RawMessage, error) { +func (e *executor) planResources(ctx, killCtx context.Context, planfilePath string) (*State, *tfjson.Plan, error) { ctx, span := e.server.startTrace(ctx, tracing.FuncName()) defer span.End() - plan, err := e.showPlan(ctx, killCtx, planfilePath) + plan, err := e.parsePlan(ctx, killCtx, planfilePath) if err != nil { return nil, nil, xerrors.Errorf("show terraform plan file: %w", err) } @@ -367,16 +399,11 @@ func (e *executor) planResources(ctx, killCtx context.Context, planfilePath stri return nil, nil, err } - planJSON, err := json.Marshal(plan) - if err != nil { - return nil, nil, err - } - - return state, planJSON, nil + return state, plan, nil } -// showPlan must only be called while the lock is held. -func (e *executor) showPlan(ctx, killCtx context.Context, planfilePath string) (*tfjson.Plan, error) { +// parsePlan must only be called while the lock is held. +func (e *executor) parsePlan(ctx, killCtx context.Context, planfilePath string) (*tfjson.Plan, error) { ctx, span := e.server.startTrace(ctx, tracing.FuncName()) defer span.End() @@ -386,6 +413,64 @@ func (e *executor) showPlan(ctx, killCtx context.Context, planfilePath string) ( return p, err } +// logDrift must only be called while the lock is held. +// It will log the output of `terraform show`, which will show which resources have drifted from the known state. +func (e *executor) logDrift(ctx, killCtx context.Context, planfilePath string, logr logSink) { + stdout, stdoutDone := resourceReplaceLogWriter(logr, e.logger) + stderr, stderrDone := logWriter(logr, proto.LogLevel_ERROR) + defer func() { + _ = stdout.Close() + _ = stderr.Close() + <-stdoutDone + <-stderrDone + }() + + err := e.showPlan(ctx, killCtx, stdout, stderr, planfilePath) + if err != nil { + e.server.logger.Debug(ctx, "failed to log state drift", slog.Error(err)) + } +} + +// resourceReplaceLogWriter highlights log lines relating to resource replacement by elevating their log level. +// This will help template admins to visually find problematic resources easier. +// +// The WriteCloser must be closed by the caller to end logging, after which the returned channel will be closed to +// indicate that logging of the written data has finished. Failure to close the WriteCloser will leak a goroutine. +func resourceReplaceLogWriter(sink logSink, logger slog.Logger) (io.WriteCloser, <-chan struct{}) { + r, w := io.Pipe() + done := make(chan struct{}) + + go func() { + defer close(done) + + scanner := bufio.NewScanner(r) + for scanner.Scan() { + line := scanner.Bytes() + level := proto.LogLevel_INFO + + // Terraform indicates that a resource will be deleted and recreated by showing the change along with this substring. + if bytes.Contains(line, []byte("# forces replacement")) { + level = proto.LogLevel_WARN + } + + sink.ProvisionLog(level, string(line)) + } + if err := scanner.Err(); err != nil { + logger.Error(context.Background(), "failed to read terraform log", slog.Error(err)) + } + }() + return w, done +} + +// showPlan must only be called while the lock is held. +func (e *executor) showPlan(ctx, killCtx context.Context, stdoutWriter, stderrWriter io.WriteCloser, planfilePath string) error { + ctx, span := e.server.startTrace(ctx, tracing.FuncName()) + defer span.End() + + args := []string{"show", "-no-color", planfilePath} + return e.execWriteOutput(ctx, killCtx, args, e.basicEnv(), stdoutWriter, stderrWriter) +} + // graph must only be called while the lock is held. func (e *executor) graph(ctx, killCtx context.Context) (string, error) { ctx, span := e.server.startTrace(ctx, tracing.FuncName()) diff --git a/provisioner/terraform/provision.go b/provisioner/terraform/provision.go index f8f82bbad7b9a..79ed299514bb3 100644 --- a/provisioner/terraform/provision.go +++ b/provisioner/terraform/provision.go @@ -163,10 +163,7 @@ func (s *server) Plan( return provisionersdk.PlanErrorf("plan vars: %s", err) } - resp, err := e.plan( - ctx, killCtx, env, vars, sess, - request.Metadata.GetWorkspaceTransition() == proto.WorkspaceTransition_DESTROY, - ) + resp, err := e.plan(ctx, killCtx, env, vars, sess, request.Metadata) if err != nil { return provisionersdk.PlanErrorf("%s", err.Error()) } @@ -270,9 +267,23 @@ func provisionEnv( "CODER_WORKSPACE_TEMPLATE_VERSION="+metadata.GetTemplateVersion(), "CODER_WORKSPACE_BUILD_ID="+metadata.GetWorkspaceBuildId(), ) - if metadata.GetIsPrebuild() { + if metadata.GetPrebuiltWorkspaceBuildStage().IsPrebuild() { env = append(env, provider.IsPrebuildEnvironmentVariable()+"=true") } + tokens := metadata.GetRunningAgentAuthTokens() + if len(tokens) == 1 { + env = append(env, provider.RunningAgentTokenEnvironmentVariable("")+"="+tokens[0].Token) + } else { + // Not currently supported, but added for forward-compatibility + for _, t := range tokens { + // If there are multiple agents, provide all the tokens to terraform so that it can + // choose the correct one for each agent ID. + env = append(env, provider.RunningAgentTokenEnvironmentVariable(t.AgentId)+"="+t.Token) + } + } + if metadata.GetPrebuiltWorkspaceBuildStage().IsPrebuiltWorkspaceClaim() { + env = append(env, provider.IsPrebuildClaimEnvironmentVariable()+"=true") + } for key, value := range provisionersdk.AgentScriptEnv() { env = append(env, key+"="+value) diff --git a/provisioner/terraform/provision_test.go b/provisioner/terraform/provision_test.go index 96514cc4b59ad..ecff965b72984 100644 --- a/provisioner/terraform/provision_test.go +++ b/provisioner/terraform/provision_test.go @@ -25,6 +25,7 @@ import ( "cdr.dev/slog" "cdr.dev/slog/sloggers/slogtest" + "github.com/coder/coder/v2/codersdk/drpc" "github.com/coder/coder/v2/provisioner/terraform" "github.com/coder/coder/v2/provisionersdk" @@ -977,7 +978,7 @@ func TestProvision(t *testing.T) { required_providers { coder = { source = "coder/coder" - version = "2.3.0-pre2" + version = ">= 2.4.1" } } } @@ -994,7 +995,7 @@ func TestProvision(t *testing.T) { }, Request: &proto.PlanRequest{ Metadata: &proto.Metadata{ - IsPrebuild: true, + PrebuiltWorkspaceBuildStage: proto.PrebuiltWorkspaceBuildStage_CREATE, }, }, Response: &proto.PlanComplete{ @@ -1008,6 +1009,44 @@ func TestProvision(t *testing.T) { }}, }, }, + { + Name: "is-prebuild-claim", + Files: map[string]string{ + "main.tf": `terraform { + required_providers { + coder = { + source = "coder/coder" + version = ">= 2.4.1" + } + } + } + data "coder_workspace" "me" {} + resource "null_resource" "example" {} + resource "coder_metadata" "example" { + resource_id = null_resource.example.id + item { + key = "is_prebuild_claim" + value = data.coder_workspace.me.is_prebuild_claim + } + } + `, + }, + Request: &proto.PlanRequest{ + Metadata: &proto.Metadata{ + PrebuiltWorkspaceBuildStage: proto.PrebuiltWorkspaceBuildStage_CLAIM, + }, + }, + Response: &proto.PlanComplete{ + Resources: []*proto.Resource{{ + Name: "example", + Type: "null_resource", + Metadata: []*proto.Resource_Metadata{{ + Key: "is_prebuild_claim", + Value: "true", + }}, + }}, + }, + }, } // Remove unused cache dirs before running tests. diff --git a/provisioner/terraform/resource_replacements.go b/provisioner/terraform/resource_replacements.go new file mode 100644 index 0000000000000..a2bbbb1802883 --- /dev/null +++ b/provisioner/terraform/resource_replacements.go @@ -0,0 +1,86 @@ +package terraform + +import ( + "fmt" + "strings" + + tfjson "github.com/hashicorp/terraform-json" +) + +type resourceReplacements map[string][]string + +// resourceReplacements finds all resources which would be replaced by the current plan, and the attribute paths which +// caused the replacement. +// +// NOTE: "replacement" in terraform terms means that a resource will have to be destroyed and replaced with a new resource +// since one of its immutable attributes was modified, which cannot be updated in-place. +func findResourceReplacements(plan *tfjson.Plan) resourceReplacements { + if plan == nil { + return nil + } + + // No changes, no problem! + if len(plan.ResourceChanges) == 0 { + return nil + } + + replacements := make(resourceReplacements, len(plan.ResourceChanges)) + + for _, ch := range plan.ResourceChanges { + // No change, no problem! + if ch.Change == nil { + continue + } + + // No-op change, no problem! + if ch.Change.Actions.NoOp() { + continue + } + + // No replacements, no problem! + if len(ch.Change.ReplacePaths) == 0 { + continue + } + + // Replacing our resources: could be a problem - but we ignore since they're "virtual" resources. If any of these + // resources' attributes are referenced by non-coder resources, those will show up as transitive changes there. + // i.e. if the coder_agent.id attribute is used in docker_container.env + // + // Replacing our resources is not strictly a problem in and of itself. + // + // NOTE: + // We may need to special-case coder_agent in the future. Currently, coder_agent is replaced on every build + // because it only supports Create but not Update: https://github.com/coder/terraform-provider-coder/blob/5648efb/provider/agent.go#L28 + // When we can modify an agent's attributes, some of which may be immutable (like "arch") and some may not (like "env"), + // then we'll have to handle this specifically. + // This will only become relevant once we support multiple agents: https://github.com/coder/coder/issues/17388 + if strings.Index(ch.Type, "coder_") == 0 { + continue + } + + // Replacements found, problem! + for _, val := range ch.Change.ReplacePaths { + var pathStr string + // Each path needs to be coerced into a string. All types except []interface{} can be coerced using fmt.Sprintf. + switch path := val.(type) { + case []interface{}: + // Found a slice of paths; coerce to string and join by ".". + segments := make([]string, 0, len(path)) + for _, seg := range path { + segments = append(segments, fmt.Sprintf("%v", seg)) + } + pathStr = strings.Join(segments, ".") + default: + pathStr = fmt.Sprintf("%v", path) + } + + replacements[ch.Address] = append(replacements[ch.Address], pathStr) + } + } + + if len(replacements) == 0 { + return nil + } + + return replacements +} diff --git a/provisioner/terraform/resource_replacements_internal_test.go b/provisioner/terraform/resource_replacements_internal_test.go new file mode 100644 index 0000000000000..4cca4ed396a43 --- /dev/null +++ b/provisioner/terraform/resource_replacements_internal_test.go @@ -0,0 +1,176 @@ +package terraform + +import ( + "testing" + + tfjson "github.com/hashicorp/terraform-json" + "github.com/stretchr/testify/require" +) + +func TestFindResourceReplacements(t *testing.T) { + t.Parallel() + + cases := []struct { + name string + plan *tfjson.Plan + expected resourceReplacements + }{ + { + name: "nil plan", + }, + { + name: "no resource changes", + plan: &tfjson.Plan{}, + }, + { + name: "resource change with nil change", + plan: &tfjson.Plan{ + ResourceChanges: []*tfjson.ResourceChange{ + { + Address: "resource1", + }, + }, + }, + }, + { + name: "no-op action", + plan: &tfjson.Plan{ + ResourceChanges: []*tfjson.ResourceChange{ + { + Address: "resource1", + Change: &tfjson.Change{ + Actions: tfjson.Actions{tfjson.ActionNoop}, + }, + }, + }, + }, + }, + { + name: "empty replace paths", + plan: &tfjson.Plan{ + ResourceChanges: []*tfjson.ResourceChange{ + { + Address: "resource1", + Change: &tfjson.Change{ + Actions: tfjson.Actions{tfjson.ActionDelete, tfjson.ActionCreate}, + }, + }, + }, + }, + }, + { + name: "coder_* types are ignored", + plan: &tfjson.Plan{ + ResourceChanges: []*tfjson.ResourceChange{ + { + Address: "resource1", + Type: "coder_resource", + Change: &tfjson.Change{ + Actions: tfjson.Actions{tfjson.ActionDelete, tfjson.ActionCreate}, + ReplacePaths: []interface{}{"path1"}, + }, + }, + }, + }, + }, + { + name: "valid replacements - single path", + plan: &tfjson.Plan{ + ResourceChanges: []*tfjson.ResourceChange{ + { + Address: "resource1", + Type: "example_resource", + Change: &tfjson.Change{ + Actions: tfjson.Actions{tfjson.ActionDelete, tfjson.ActionCreate}, + ReplacePaths: []interface{}{"path1"}, + }, + }, + }, + }, + expected: resourceReplacements{ + "resource1": {"path1"}, + }, + }, + { + name: "valid replacements - multiple paths", + plan: &tfjson.Plan{ + ResourceChanges: []*tfjson.ResourceChange{ + { + Address: "resource1", + Type: "example_resource", + Change: &tfjson.Change{ + Actions: tfjson.Actions{tfjson.ActionDelete, tfjson.ActionCreate}, + ReplacePaths: []interface{}{"path1", "path2"}, + }, + }, + }, + }, + expected: resourceReplacements{ + "resource1": {"path1", "path2"}, + }, + }, + { + name: "complex replace path", + plan: &tfjson.Plan{ + ResourceChanges: []*tfjson.ResourceChange{ + { + Address: "resource1", + Type: "example_resource", + Change: &tfjson.Change{ + Actions: tfjson.Actions{tfjson.ActionDelete, tfjson.ActionCreate}, + ReplacePaths: []interface{}{ + []interface{}{"path", "to", "key"}, + }, + }, + }, + }, + }, + expected: resourceReplacements{ + "resource1": {"path.to.key"}, + }, + }, + { + name: "multiple changes", + plan: &tfjson.Plan{ + ResourceChanges: []*tfjson.ResourceChange{ + { + Address: "resource1", + Type: "example_resource", + Change: &tfjson.Change{ + Actions: tfjson.Actions{tfjson.ActionDelete, tfjson.ActionCreate}, + ReplacePaths: []interface{}{"path1"}, + }, + }, + { + Address: "resource2", + Type: "example_resource", + Change: &tfjson.Change{ + Actions: tfjson.Actions{tfjson.ActionDelete, tfjson.ActionCreate}, + ReplacePaths: []interface{}{"path2", "path3"}, + }, + }, + { + Address: "resource3", + Type: "coder_example", + Change: &tfjson.Change{ + Actions: tfjson.Actions{tfjson.ActionDelete, tfjson.ActionCreate}, + ReplacePaths: []interface{}{"ignored_path"}, + }, + }, + }, + }, + expected: resourceReplacements{ + "resource1": {"path1"}, + "resource2": {"path2", "path3"}, + }, + }, + } + + for _, tc := range cases { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + + require.EqualValues(t, tc.expected, findResourceReplacements(tc.plan)) + }) + } +} diff --git a/provisionerd/proto/provisionerd.pb.go b/provisionerd/proto/provisionerd.pb.go index 9e41e8a428758..475b9a0e564ff 100644 --- a/provisionerd/proto/provisionerd.pb.go +++ b/provisionerd/proto/provisionerd.pb.go @@ -1212,10 +1212,11 @@ type CompletedJob_WorkspaceBuild struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - State []byte `protobuf:"bytes,1,opt,name=state,proto3" json:"state,omitempty"` - Resources []*proto.Resource `protobuf:"bytes,2,rep,name=resources,proto3" json:"resources,omitempty"` - Timings []*proto.Timing `protobuf:"bytes,3,rep,name=timings,proto3" json:"timings,omitempty"` - Modules []*proto.Module `protobuf:"bytes,4,rep,name=modules,proto3" json:"modules,omitempty"` + State []byte `protobuf:"bytes,1,opt,name=state,proto3" json:"state,omitempty"` + Resources []*proto.Resource `protobuf:"bytes,2,rep,name=resources,proto3" json:"resources,omitempty"` + Timings []*proto.Timing `protobuf:"bytes,3,rep,name=timings,proto3" json:"timings,omitempty"` + Modules []*proto.Module `protobuf:"bytes,4,rep,name=modules,proto3" json:"modules,omitempty"` + ResourceReplacements []*proto.ResourceReplacement `protobuf:"bytes,5,rep,name=resource_replacements,json=resourceReplacements,proto3" json:"resource_replacements,omitempty"` } func (x *CompletedJob_WorkspaceBuild) Reset() { @@ -1278,6 +1279,13 @@ func (x *CompletedJob_WorkspaceBuild) GetModules() []*proto.Module { return nil } +func (x *CompletedJob_WorkspaceBuild) GetResourceReplacements() []*proto.ResourceReplacement { + if x != nil { + return x.ResourceReplacements + } + return nil +} + type CompletedJob_TemplateImport struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1572,7 +1580,7 @@ var file_provisionerd_proto_provisionerd_proto_rawDesc = []byte{ 0x2e, 0x54, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x1a, 0x10, 0x0a, 0x0e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x1a, 0x10, 0x0a, 0x0e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x44, 0x72, - 0x79, 0x52, 0x75, 0x6e, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0x93, 0x09, 0x0a, + 0x79, 0x52, 0x75, 0x6e, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0xea, 0x09, 0x0a, 0x0c, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x4a, 0x6f, 0x62, 0x12, 0x15, 0x0a, 0x06, 0x6a, 0x6f, 0x62, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6a, 0x6f, 0x62, 0x49, 0x64, 0x12, 0x54, 0x0a, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, @@ -1591,7 +1599,7 @@ var file_provisionerd_proto_provisionerd_proto_rawDesc = []byte{ 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x4a, 0x6f, 0x62, 0x2e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x44, 0x72, 0x79, 0x52, 0x75, 0x6e, 0x48, 0x00, 0x52, 0x0e, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, - 0x65, 0x44, 0x72, 0x79, 0x52, 0x75, 0x6e, 0x1a, 0xb9, 0x01, 0x0a, 0x0e, 0x57, 0x6f, 0x72, 0x6b, + 0x65, 0x44, 0x72, 0x79, 0x52, 0x75, 0x6e, 0x1a, 0x90, 0x02, 0x0a, 0x0e, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x33, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, @@ -1603,143 +1611,148 @@ var file_provisionerd_proto_provisionerd_proto_rawDesc = []byte{ 0x69, 0x6e, 0x67, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x52, 0x07, 0x6d, 0x6f, 0x64, 0x75, - 0x6c, 0x65, 0x73, 0x1a, 0xae, 0x04, 0x0a, 0x0e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, - 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3e, 0x0a, 0x0f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x0e, 0x73, 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3c, 0x0a, 0x0e, 0x73, 0x74, 0x6f, 0x70, 0x5f, 0x72, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x0d, 0x73, 0x74, 0x6f, 0x70, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x72, 0x69, 0x63, 0x68, 0x5f, 0x70, 0x61, 0x72, - 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x69, 0x63, 0x68, - 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x52, 0x0e, 0x72, 0x69, 0x63, 0x68, 0x50, - 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x41, 0x0a, 0x1d, 0x65, 0x78, 0x74, - 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x64, 0x65, 0x72, 0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x1a, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, - 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x61, 0x0a, 0x17, - 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, - 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, - 0x38, 0x0a, 0x0d, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, - 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, - 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x52, 0x0c, 0x73, 0x74, 0x61, - 0x72, 0x74, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x36, 0x0a, 0x0c, 0x73, 0x74, 0x6f, - 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x6f, - 0x64, 0x75, 0x6c, 0x65, 0x52, 0x0b, 0x73, 0x74, 0x6f, 0x70, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, - 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x74, 0x73, 0x18, 0x08, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, - 0x2e, 0x50, 0x72, 0x65, 0x73, 0x65, 0x74, 0x52, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x74, 0x73, - 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, - 0x70, 0x6c, 0x61, 0x6e, 0x1a, 0x74, 0x0a, 0x0e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, - 0x44, 0x72, 0x79, 0x52, 0x75, 0x6e, 0x12, 0x33, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, - 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x6d, - 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, - 0x65, 0x52, 0x07, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x22, 0xb0, 0x01, 0x0a, 0x03, 0x4c, 0x6f, 0x67, 0x12, 0x2f, 0x0a, 0x06, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x17, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x2b, 0x0a, 0x05, 0x6c, - 0x65, 0x76, 0x65, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, - 0x6c, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, - 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x09, 0x63, 0x72, - 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x67, 0x65, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x73, 0x74, 0x61, 0x67, 0x65, 0x12, 0x16, 0x0a, - 0x06, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6f, - 0x75, 0x74, 0x70, 0x75, 0x74, 0x22, 0xa6, 0x03, 0x0a, 0x10, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, - 0x4a, 0x6f, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x15, 0x0a, 0x06, 0x6a, 0x6f, - 0x62, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6a, 0x6f, 0x62, 0x49, - 0x64, 0x12, 0x25, 0x0a, 0x04, 0x6c, 0x6f, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x11, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x4c, - 0x6f, 0x67, 0x52, 0x04, 0x6c, 0x6f, 0x67, 0x73, 0x12, 0x4c, 0x0a, 0x12, 0x74, 0x65, 0x6d, 0x70, - 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x18, 0x04, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x65, 0x72, 0x2e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x56, 0x61, 0x72, 0x69, 0x61, - 0x62, 0x6c, 0x65, 0x52, 0x11, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x56, 0x61, 0x72, - 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x12, 0x4c, 0x0a, 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x76, - 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x05, + 0x6c, 0x65, 0x73, 0x12, 0x55, 0x0a, 0x15, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, + 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x05, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, + 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, + 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x14, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, + 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x1a, 0xae, 0x04, 0x0a, 0x0e, 0x54, + 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x49, 0x6d, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3e, 0x0a, + 0x0f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, + 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, + 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x0e, 0x73, + 0x74, 0x61, 0x72, 0x74, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3c, 0x0a, + 0x0e, 0x73, 0x74, 0x6f, 0x70, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, + 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x0d, 0x73, 0x74, + 0x6f, 0x70, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x72, + 0x69, 0x63, 0x68, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x65, 0x72, 0x2e, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x52, 0x12, 0x75, 0x73, 0x65, 0x72, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x64, 0x6d, 0x65, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, 0x65, 0x61, 0x64, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, - 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x07, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x65, 0x72, 0x64, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x6f, 0x62, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x61, - 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x1a, 0x40, 0x0a, 0x12, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x04, 0x22, 0x7a, - 0x0a, 0x11, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x6f, 0x62, 0x52, 0x65, 0x73, 0x70, 0x6f, - 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x65, 0x64, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x63, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x65, 0x64, 0x12, - 0x43, 0x0a, 0x0f, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x73, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x22, 0x4a, 0x0a, 0x12, 0x43, 0x6f, - 0x6d, 0x6d, 0x69, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x12, 0x15, 0x0a, 0x06, 0x6a, 0x6f, 0x62, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x6a, 0x6f, 0x62, 0x49, 0x64, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x69, 0x6c, 0x79, - 0x5f, 0x63, 0x6f, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x64, 0x61, 0x69, - 0x6c, 0x79, 0x43, 0x6f, 0x73, 0x74, 0x22, 0x68, 0x0a, 0x13, 0x43, 0x6f, 0x6d, 0x6d, 0x69, 0x74, - 0x51, 0x75, 0x6f, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x0e, 0x0a, - 0x02, 0x6f, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x02, 0x6f, 0x6b, 0x12, 0x29, 0x0a, - 0x10, 0x63, 0x72, 0x65, 0x64, 0x69, 0x74, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, - 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0f, 0x63, 0x72, 0x65, 0x64, 0x69, 0x74, 0x73, - 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x62, 0x75, 0x64, 0x67, - 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x62, 0x75, 0x64, 0x67, 0x65, 0x74, - 0x22, 0x0f, 0x0a, 0x0d, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x41, 0x63, 0x71, 0x75, 0x69, 0x72, - 0x65, 0x2a, 0x34, 0x0a, 0x09, 0x4c, 0x6f, 0x67, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x16, - 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x53, 0x49, 0x4f, 0x4e, 0x45, 0x52, 0x5f, 0x44, 0x41, - 0x45, 0x4d, 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x53, - 0x49, 0x4f, 0x4e, 0x45, 0x52, 0x10, 0x01, 0x32, 0xc5, 0x03, 0x0a, 0x11, 0x50, 0x72, 0x6f, 0x76, - 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x44, 0x61, 0x65, 0x6d, 0x6f, 0x6e, 0x12, 0x41, 0x0a, - 0x0a, 0x41, 0x63, 0x71, 0x75, 0x69, 0x72, 0x65, 0x4a, 0x6f, 0x62, 0x12, 0x13, 0x2e, 0x70, 0x72, - 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, - 0x1a, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, - 0x41, 0x63, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x4a, 0x6f, 0x62, 0x22, 0x03, 0x88, 0x02, 0x01, - 0x12, 0x52, 0x0a, 0x14, 0x41, 0x63, 0x71, 0x75, 0x69, 0x72, 0x65, 0x4a, 0x6f, 0x62, 0x57, 0x69, - 0x74, 0x68, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x12, 0x1b, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x41, 0x63, - 0x71, 0x75, 0x69, 0x72, 0x65, 0x1a, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, - 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x41, 0x63, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x4a, 0x6f, 0x62, - 0x28, 0x01, 0x30, 0x01, 0x12, 0x52, 0x0a, 0x0b, 0x43, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x51, 0x75, - 0x6f, 0x74, 0x61, 0x12, 0x20, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, - 0x72, 0x64, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, - 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61, - 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x4c, 0x0a, 0x09, 0x55, 0x70, 0x64, 0x61, - 0x74, 0x65, 0x4a, 0x6f, 0x62, 0x12, 0x1e, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, - 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x6f, 0x62, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, - 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x6f, 0x62, 0x52, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x37, 0x0a, 0x07, 0x46, 0x61, 0x69, 0x6c, 0x4a, 0x6f, - 0x62, 0x12, 0x17, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, - 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x4a, 0x6f, 0x62, 0x1a, 0x13, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, - 0x3e, 0x0a, 0x0b, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x4a, 0x6f, 0x62, 0x12, 0x1a, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x43, 0x6f, - 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x4a, 0x6f, 0x62, 0x1a, 0x13, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, - 0x2e, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, - 0x64, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x65, 0x72, 0x2e, 0x52, 0x69, 0x63, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, + 0x52, 0x0e, 0x72, 0x69, 0x63, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, + 0x12, 0x41, 0x0a, 0x1d, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, + 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, + 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x1a, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, + 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x4e, 0x61, + 0x6d, 0x65, 0x73, 0x12, 0x61, 0x0a, 0x17, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, + 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, + 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, + 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, + 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, + 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x38, 0x0a, 0x0d, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, + 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, + 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x6f, 0x64, 0x75, + 0x6c, 0x65, 0x52, 0x0c, 0x73, 0x74, 0x61, 0x72, 0x74, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, + 0x12, 0x36, 0x0a, 0x0c, 0x73, 0x74, 0x6f, 0x70, 0x5f, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, + 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, + 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x52, 0x0b, 0x73, 0x74, 0x6f, + 0x70, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x70, 0x72, 0x65, 0x73, + 0x65, 0x74, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, + 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x72, 0x65, 0x73, 0x65, 0x74, 0x52, 0x07, + 0x70, 0x72, 0x65, 0x73, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x1a, 0x74, 0x0a, 0x0e, 0x54, + 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x44, 0x72, 0x79, 0x52, 0x75, 0x6e, 0x12, 0x33, 0x0a, + 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, + 0x72, 0x2e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x52, 0x07, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, + 0x73, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0xb0, 0x01, 0x0a, 0x03, 0x4c, 0x6f, + 0x67, 0x12, 0x2f, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0e, 0x32, 0x17, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, + 0x2e, 0x4c, 0x6f, 0x67, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x12, 0x2b, 0x0a, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0e, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, + 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x12, + 0x1d, 0x0a, 0x0a, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x61, 0x74, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x03, 0x52, 0x09, 0x63, 0x72, 0x65, 0x61, 0x74, 0x65, 0x64, 0x41, 0x74, 0x12, 0x14, + 0x0a, 0x05, 0x73, 0x74, 0x61, 0x67, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x73, + 0x74, 0x61, 0x67, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x22, 0xa6, 0x03, 0x0a, + 0x10, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x6f, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, + 0x74, 0x12, 0x15, 0x0a, 0x06, 0x6a, 0x6f, 0x62, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x6a, 0x6f, 0x62, 0x49, 0x64, 0x12, 0x25, 0x0a, 0x04, 0x6c, 0x6f, 0x67, 0x73, + 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, + 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x4c, 0x6f, 0x67, 0x52, 0x04, 0x6c, 0x6f, 0x67, 0x73, 0x12, + 0x4c, 0x0a, 0x12, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x72, 0x69, + 0x61, 0x62, 0x6c, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, + 0x74, 0x65, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x11, 0x74, 0x65, 0x6d, 0x70, + 0x6c, 0x61, 0x74, 0x65, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x12, 0x4c, 0x0a, + 0x14, 0x75, 0x73, 0x65, 0x72, 0x5f, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, + 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x75, 0x73, 0x65, 0x72, 0x56, 0x61, 0x72, + 0x69, 0x61, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, + 0x65, 0x61, 0x64, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, 0x65, 0x61, + 0x64, 0x6d, 0x65, 0x12, 0x58, 0x0a, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x55, 0x70, 0x64, 0x61, 0x74, + 0x65, 0x4a, 0x6f, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x57, 0x6f, 0x72, 0x6b, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, + 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x1a, 0x40, 0x0a, + 0x12, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x4a, + 0x04, 0x08, 0x03, 0x10, 0x04, 0x22, 0x7a, 0x0a, 0x11, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, + 0x6f, 0x62, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x63, 0x61, + 0x6e, 0x63, 0x65, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x63, 0x61, + 0x6e, 0x63, 0x65, 0x6c, 0x65, 0x64, 0x12, 0x43, 0x0a, 0x0f, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, + 0x6c, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x61, + 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x76, 0x61, 0x72, + 0x69, 0x61, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x4a, 0x04, 0x08, 0x02, 0x10, + 0x03, 0x22, 0x4a, 0x0a, 0x12, 0x43, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x15, 0x0a, 0x06, 0x6a, 0x6f, 0x62, 0x5f, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6a, 0x6f, 0x62, 0x49, 0x64, 0x12, 0x1d, + 0x0a, 0x0a, 0x64, 0x61, 0x69, 0x6c, 0x79, 0x5f, 0x63, 0x6f, 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x09, 0x64, 0x61, 0x69, 0x6c, 0x79, 0x43, 0x6f, 0x73, 0x74, 0x22, 0x68, 0x0a, + 0x13, 0x43, 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x6f, 0x6b, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x02, 0x6f, 0x6b, 0x12, 0x29, 0x0a, 0x10, 0x63, 0x72, 0x65, 0x64, 0x69, 0x74, 0x73, 0x5f, + 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0f, + 0x63, 0x72, 0x65, 0x64, 0x69, 0x74, 0x73, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x12, + 0x16, 0x0a, 0x06, 0x62, 0x75, 0x64, 0x67, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x06, 0x62, 0x75, 0x64, 0x67, 0x65, 0x74, 0x22, 0x0f, 0x0a, 0x0d, 0x43, 0x61, 0x6e, 0x63, 0x65, + 0x6c, 0x41, 0x63, 0x71, 0x75, 0x69, 0x72, 0x65, 0x2a, 0x34, 0x0a, 0x09, 0x4c, 0x6f, 0x67, 0x53, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x53, 0x49, + 0x4f, 0x4e, 0x45, 0x52, 0x5f, 0x44, 0x41, 0x45, 0x4d, 0x4f, 0x4e, 0x10, 0x00, 0x12, 0x0f, 0x0a, + 0x0b, 0x50, 0x52, 0x4f, 0x56, 0x49, 0x53, 0x49, 0x4f, 0x4e, 0x45, 0x52, 0x10, 0x01, 0x32, 0xc5, + 0x03, 0x0a, 0x11, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x44, 0x61, + 0x65, 0x6d, 0x6f, 0x6e, 0x12, 0x41, 0x0a, 0x0a, 0x41, 0x63, 0x71, 0x75, 0x69, 0x72, 0x65, 0x4a, + 0x6f, 0x62, 0x12, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, + 0x64, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x1a, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x41, 0x63, 0x71, 0x75, 0x69, 0x72, 0x65, 0x64, 0x4a, + 0x6f, 0x62, 0x22, 0x03, 0x88, 0x02, 0x01, 0x12, 0x52, 0x0a, 0x14, 0x41, 0x63, 0x71, 0x75, 0x69, + 0x72, 0x65, 0x4a, 0x6f, 0x62, 0x57, 0x69, 0x74, 0x68, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x12, + 0x1b, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x43, + 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x41, 0x63, 0x71, 0x75, 0x69, 0x72, 0x65, 0x1a, 0x19, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x41, 0x63, 0x71, 0x75, + 0x69, 0x72, 0x65, 0x64, 0x4a, 0x6f, 0x62, 0x28, 0x01, 0x30, 0x01, 0x12, 0x52, 0x0a, 0x0b, 0x43, + 0x6f, 0x6d, 0x6d, 0x69, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x12, 0x20, 0x2e, 0x70, 0x72, 0x6f, + 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x69, 0x74, + 0x51, 0x75, 0x6f, 0x74, 0x61, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x21, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, + 0x69, 0x74, 0x51, 0x75, 0x6f, 0x74, 0x61, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, + 0x4c, 0x0a, 0x09, 0x55, 0x70, 0x64, 0x61, 0x74, 0x65, 0x4a, 0x6f, 0x62, 0x12, 0x1e, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x55, 0x70, 0x64, 0x61, + 0x74, 0x65, 0x4a, 0x6f, 0x62, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1f, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x55, 0x70, 0x64, 0x61, + 0x74, 0x65, 0x4a, 0x6f, 0x62, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x37, 0x0a, + 0x07, 0x46, 0x61, 0x69, 0x6c, 0x4a, 0x6f, 0x62, 0x12, 0x17, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x65, 0x64, 0x4a, 0x6f, + 0x62, 0x1a, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, + 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x3e, 0x0a, 0x0b, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, + 0x74, 0x65, 0x4a, 0x6f, 0x62, 0x12, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, + 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x64, 0x4a, 0x6f, + 0x62, 0x1a, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, + 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x42, 0x2e, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, + 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, + 0x2f, 0x76, 0x32, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x64, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1788,9 +1801,10 @@ var file_provisionerd_proto_provisionerd_proto_goTypes = []interface{}{ (*proto.Timing)(nil), // 28: provisioner.Timing (*proto.Resource)(nil), // 29: provisioner.Resource (*proto.Module)(nil), // 30: provisioner.Module - (*proto.RichParameter)(nil), // 31: provisioner.RichParameter - (*proto.ExternalAuthProviderResource)(nil), // 32: provisioner.ExternalAuthProviderResource - (*proto.Preset)(nil), // 33: provisioner.Preset + (*proto.ResourceReplacement)(nil), // 31: provisioner.ResourceReplacement + (*proto.RichParameter)(nil), // 32: provisioner.RichParameter + (*proto.ExternalAuthProviderResource)(nil), // 33: provisioner.ExternalAuthProviderResource + (*proto.Preset)(nil), // 34: provisioner.Preset } var file_provisionerd_proto_provisionerd_proto_depIdxs = []int32{ 11, // 0: provisionerd.AcquiredJob.workspace_build:type_name -> provisionerd.AcquiredJob.WorkspaceBuild @@ -1823,32 +1837,33 @@ var file_provisionerd_proto_provisionerd_proto_depIdxs = []int32{ 29, // 27: provisionerd.CompletedJob.WorkspaceBuild.resources:type_name -> provisioner.Resource 28, // 28: provisionerd.CompletedJob.WorkspaceBuild.timings:type_name -> provisioner.Timing 30, // 29: provisionerd.CompletedJob.WorkspaceBuild.modules:type_name -> provisioner.Module - 29, // 30: provisionerd.CompletedJob.TemplateImport.start_resources:type_name -> provisioner.Resource - 29, // 31: provisionerd.CompletedJob.TemplateImport.stop_resources:type_name -> provisioner.Resource - 31, // 32: provisionerd.CompletedJob.TemplateImport.rich_parameters:type_name -> provisioner.RichParameter - 32, // 33: provisionerd.CompletedJob.TemplateImport.external_auth_providers:type_name -> provisioner.ExternalAuthProviderResource - 30, // 34: provisionerd.CompletedJob.TemplateImport.start_modules:type_name -> provisioner.Module - 30, // 35: provisionerd.CompletedJob.TemplateImport.stop_modules:type_name -> provisioner.Module - 33, // 36: provisionerd.CompletedJob.TemplateImport.presets:type_name -> provisioner.Preset - 29, // 37: provisionerd.CompletedJob.TemplateDryRun.resources:type_name -> provisioner.Resource - 30, // 38: provisionerd.CompletedJob.TemplateDryRun.modules:type_name -> provisioner.Module - 1, // 39: provisionerd.ProvisionerDaemon.AcquireJob:input_type -> provisionerd.Empty - 10, // 40: provisionerd.ProvisionerDaemon.AcquireJobWithCancel:input_type -> provisionerd.CancelAcquire - 8, // 41: provisionerd.ProvisionerDaemon.CommitQuota:input_type -> provisionerd.CommitQuotaRequest - 6, // 42: provisionerd.ProvisionerDaemon.UpdateJob:input_type -> provisionerd.UpdateJobRequest - 3, // 43: provisionerd.ProvisionerDaemon.FailJob:input_type -> provisionerd.FailedJob - 4, // 44: provisionerd.ProvisionerDaemon.CompleteJob:input_type -> provisionerd.CompletedJob - 2, // 45: provisionerd.ProvisionerDaemon.AcquireJob:output_type -> provisionerd.AcquiredJob - 2, // 46: provisionerd.ProvisionerDaemon.AcquireJobWithCancel:output_type -> provisionerd.AcquiredJob - 9, // 47: provisionerd.ProvisionerDaemon.CommitQuota:output_type -> provisionerd.CommitQuotaResponse - 7, // 48: provisionerd.ProvisionerDaemon.UpdateJob:output_type -> provisionerd.UpdateJobResponse - 1, // 49: provisionerd.ProvisionerDaemon.FailJob:output_type -> provisionerd.Empty - 1, // 50: provisionerd.ProvisionerDaemon.CompleteJob:output_type -> provisionerd.Empty - 45, // [45:51] is the sub-list for method output_type - 39, // [39:45] is the sub-list for method input_type - 39, // [39:39] is the sub-list for extension type_name - 39, // [39:39] is the sub-list for extension extendee - 0, // [0:39] is the sub-list for field type_name + 31, // 30: provisionerd.CompletedJob.WorkspaceBuild.resource_replacements:type_name -> provisioner.ResourceReplacement + 29, // 31: provisionerd.CompletedJob.TemplateImport.start_resources:type_name -> provisioner.Resource + 29, // 32: provisionerd.CompletedJob.TemplateImport.stop_resources:type_name -> provisioner.Resource + 32, // 33: provisionerd.CompletedJob.TemplateImport.rich_parameters:type_name -> provisioner.RichParameter + 33, // 34: provisionerd.CompletedJob.TemplateImport.external_auth_providers:type_name -> provisioner.ExternalAuthProviderResource + 30, // 35: provisionerd.CompletedJob.TemplateImport.start_modules:type_name -> provisioner.Module + 30, // 36: provisionerd.CompletedJob.TemplateImport.stop_modules:type_name -> provisioner.Module + 34, // 37: provisionerd.CompletedJob.TemplateImport.presets:type_name -> provisioner.Preset + 29, // 38: provisionerd.CompletedJob.TemplateDryRun.resources:type_name -> provisioner.Resource + 30, // 39: provisionerd.CompletedJob.TemplateDryRun.modules:type_name -> provisioner.Module + 1, // 40: provisionerd.ProvisionerDaemon.AcquireJob:input_type -> provisionerd.Empty + 10, // 41: provisionerd.ProvisionerDaemon.AcquireJobWithCancel:input_type -> provisionerd.CancelAcquire + 8, // 42: provisionerd.ProvisionerDaemon.CommitQuota:input_type -> provisionerd.CommitQuotaRequest + 6, // 43: provisionerd.ProvisionerDaemon.UpdateJob:input_type -> provisionerd.UpdateJobRequest + 3, // 44: provisionerd.ProvisionerDaemon.FailJob:input_type -> provisionerd.FailedJob + 4, // 45: provisionerd.ProvisionerDaemon.CompleteJob:input_type -> provisionerd.CompletedJob + 2, // 46: provisionerd.ProvisionerDaemon.AcquireJob:output_type -> provisionerd.AcquiredJob + 2, // 47: provisionerd.ProvisionerDaemon.AcquireJobWithCancel:output_type -> provisionerd.AcquiredJob + 9, // 48: provisionerd.ProvisionerDaemon.CommitQuota:output_type -> provisionerd.CommitQuotaResponse + 7, // 49: provisionerd.ProvisionerDaemon.UpdateJob:output_type -> provisionerd.UpdateJobResponse + 1, // 50: provisionerd.ProvisionerDaemon.FailJob:output_type -> provisionerd.Empty + 1, // 51: provisionerd.ProvisionerDaemon.CompleteJob:output_type -> provisionerd.Empty + 46, // [46:52] is the sub-list for method output_type + 40, // [40:46] is the sub-list for method input_type + 40, // [40:40] is the sub-list for extension type_name + 40, // [40:40] is the sub-list for extension extendee + 0, // [0:40] is the sub-list for field type_name } func init() { file_provisionerd_proto_provisionerd_proto_init() } diff --git a/provisionerd/proto/provisionerd.proto b/provisionerd/proto/provisionerd.proto index 7db8c807151fb..0e50718ce75de 100644 --- a/provisionerd/proto/provisionerd.proto +++ b/provisionerd/proto/provisionerd.proto @@ -75,6 +75,7 @@ message CompletedJob { repeated provisioner.Resource resources = 2; repeated provisioner.Timing timings = 3; repeated provisioner.Module modules = 4; + repeated provisioner.ResourceReplacement resource_replacements = 5; } message TemplateImport { repeated provisioner.Resource start_resources = 1; diff --git a/provisionerd/proto/version.go b/provisionerd/proto/version.go index d502a1f544fe3..62ece2e02d224 100644 --- a/provisionerd/proto/version.go +++ b/provisionerd/proto/version.go @@ -12,12 +12,19 @@ import "github.com/coder/coder/v2/apiversion" // // API v1.4: // - Add new field named `devcontainers` in the Agent. +// +// API v1.5: +// - Add new field named `prebuilt_workspace_build_stage` enum in the Metadata message. +// - Add new field named `running_agent_auth_tokens` to provisioner job metadata. +// - Add new field named `resource_replacements` in PlanComplete & CompletedJob.WorkspaceBuild. const ( CurrentMajor = 1 - CurrentMinor = 4 + CurrentMinor = 5 ) // CurrentVersion is the current provisionerd API version. // Breaking changes to the provisionerd API **MUST** increment // CurrentMajor above. +// Non-breaking changes to the provisionerd API **MUST** increment +// CurrentMinor above. var CurrentVersion = apiversion.New(CurrentMajor, CurrentMinor) diff --git a/provisionerd/provisionerd.go b/provisionerd/provisionerd.go index 6635495a2553a..76a06d7fa68b1 100644 --- a/provisionerd/provisionerd.go +++ b/provisionerd/provisionerd.go @@ -378,7 +378,7 @@ func (p *Server) acquireAndRunOne(client proto.DRPCProvisionerDaemonClient) erro slog.F("workspace_build_id", build.WorkspaceBuildId), slog.F("workspace_id", build.Metadata.WorkspaceId), slog.F("workspace_name", build.WorkspaceName), - slog.F("is_prebuild", build.Metadata.IsPrebuild), + slog.F("prebuilt_workspace_build_stage", build.Metadata.GetPrebuiltWorkspaceBuildStage().String()), ) span.SetAttributes( @@ -388,7 +388,7 @@ func (p *Server) acquireAndRunOne(client proto.DRPCProvisionerDaemonClient) erro attribute.String("workspace_owner_id", build.Metadata.WorkspaceOwnerId), attribute.String("workspace_owner", build.Metadata.WorkspaceOwner), attribute.String("workspace_transition", build.Metadata.WorkspaceTransition.String()), - attribute.Bool("is_prebuild", build.Metadata.IsPrebuild), + attribute.String("prebuilt_workspace_build_stage", build.Metadata.GetPrebuiltWorkspaceBuildStage().String()), ) } diff --git a/provisionerd/runner/runner.go b/provisionerd/runner/runner.go index 70d424c47a0c6..f74836b07faf7 100644 --- a/provisionerd/runner/runner.go +++ b/provisionerd/runner/runner.go @@ -1059,6 +1059,8 @@ func (r *Runner) runWorkspaceBuild(ctx context.Context) (*proto.CompletedJob, *p // called by `plan`. `apply` does not modify them, so we can use the // modules from the plan response. Modules: planComplete.Modules, + // Resource replacements are discovered at plan time, only. + ResourceReplacements: planComplete.ResourceReplacements, }, }, }, nil diff --git a/provisionersdk/proto/prebuilt_workspace.go b/provisionersdk/proto/prebuilt_workspace.go new file mode 100644 index 0000000000000..3aa80512344b6 --- /dev/null +++ b/provisionersdk/proto/prebuilt_workspace.go @@ -0,0 +1,9 @@ +package proto + +func (p PrebuiltWorkspaceBuildStage) IsPrebuild() bool { + return p == PrebuiltWorkspaceBuildStage_CREATE +} + +func (p PrebuiltWorkspaceBuildStage) IsPrebuiltWorkspaceClaim() bool { + return p == PrebuiltWorkspaceBuildStage_CLAIM +} diff --git a/provisionersdk/proto/provisioner.pb.go b/provisionersdk/proto/provisioner.pb.go index f258f79e36f94..c1286e6f9fe0e 100644 --- a/provisionersdk/proto/provisioner.pb.go +++ b/provisionersdk/proto/provisioner.pb.go @@ -226,6 +226,55 @@ func (WorkspaceTransition) EnumDescriptor() ([]byte, []int) { return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{3} } +type PrebuiltWorkspaceBuildStage int32 + +const ( + PrebuiltWorkspaceBuildStage_NONE PrebuiltWorkspaceBuildStage = 0 // Default value for builds unrelated to prebuilds. + PrebuiltWorkspaceBuildStage_CREATE PrebuiltWorkspaceBuildStage = 1 // A prebuilt workspace is being provisioned. + PrebuiltWorkspaceBuildStage_CLAIM PrebuiltWorkspaceBuildStage = 2 // A prebuilt workspace is being claimed. +) + +// Enum value maps for PrebuiltWorkspaceBuildStage. +var ( + PrebuiltWorkspaceBuildStage_name = map[int32]string{ + 0: "NONE", + 1: "CREATE", + 2: "CLAIM", + } + PrebuiltWorkspaceBuildStage_value = map[string]int32{ + "NONE": 0, + "CREATE": 1, + "CLAIM": 2, + } +) + +func (x PrebuiltWorkspaceBuildStage) Enum() *PrebuiltWorkspaceBuildStage { + p := new(PrebuiltWorkspaceBuildStage) + *p = x + return p +} + +func (x PrebuiltWorkspaceBuildStage) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (PrebuiltWorkspaceBuildStage) Descriptor() protoreflect.EnumDescriptor { + return file_provisionersdk_proto_provisioner_proto_enumTypes[4].Descriptor() +} + +func (PrebuiltWorkspaceBuildStage) Type() protoreflect.EnumType { + return &file_provisionersdk_proto_provisioner_proto_enumTypes[4] +} + +func (x PrebuiltWorkspaceBuildStage) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use PrebuiltWorkspaceBuildStage.Descriptor instead. +func (PrebuiltWorkspaceBuildStage) EnumDescriptor() ([]byte, []int) { + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{4} +} + type TimingState int32 const ( @@ -259,11 +308,11 @@ func (x TimingState) String() string { } func (TimingState) Descriptor() protoreflect.EnumDescriptor { - return file_provisionersdk_proto_provisioner_proto_enumTypes[4].Descriptor() + return file_provisionersdk_proto_provisioner_proto_enumTypes[5].Descriptor() } func (TimingState) Type() protoreflect.EnumType { - return &file_provisionersdk_proto_provisioner_proto_enumTypes[4] + return &file_provisionersdk_proto_provisioner_proto_enumTypes[5] } func (x TimingState) Number() protoreflect.EnumNumber { @@ -272,7 +321,7 @@ func (x TimingState) Number() protoreflect.EnumNumber { // Deprecated: Use TimingState.Descriptor instead. func (TimingState) EnumDescriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{4} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{5} } // Empty indicates a successful request/response. @@ -865,6 +914,61 @@ func (x *PresetParameter) GetValue() string { return "" } +type ResourceReplacement struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Resource string `protobuf:"bytes,1,opt,name=resource,proto3" json:"resource,omitempty"` + Paths []string `protobuf:"bytes,2,rep,name=paths,proto3" json:"paths,omitempty"` +} + +func (x *ResourceReplacement) Reset() { + *x = ResourceReplacement{} + if protoimpl.UnsafeEnabled { + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ResourceReplacement) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ResourceReplacement) ProtoMessage() {} + +func (x *ResourceReplacement) ProtoReflect() protoreflect.Message { + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[8] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ResourceReplacement.ProtoReflect.Descriptor instead. +func (*ResourceReplacement) Descriptor() ([]byte, []int) { + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{8} +} + +func (x *ResourceReplacement) GetResource() string { + if x != nil { + return x.Resource + } + return "" +} + +func (x *ResourceReplacement) GetPaths() []string { + if x != nil { + return x.Paths + } + return nil +} + // VariableValue holds the key/value mapping of a Terraform variable. type VariableValue struct { state protoimpl.MessageState @@ -879,7 +983,7 @@ type VariableValue struct { func (x *VariableValue) Reset() { *x = VariableValue{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[8] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[9] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -892,7 +996,7 @@ func (x *VariableValue) String() string { func (*VariableValue) ProtoMessage() {} func (x *VariableValue) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[8] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[9] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -905,7 +1009,7 @@ func (x *VariableValue) ProtoReflect() protoreflect.Message { // Deprecated: Use VariableValue.ProtoReflect.Descriptor instead. func (*VariableValue) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{8} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{9} } func (x *VariableValue) GetName() string { @@ -942,7 +1046,7 @@ type Log struct { func (x *Log) Reset() { *x = Log{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[9] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[10] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -955,7 +1059,7 @@ func (x *Log) String() string { func (*Log) ProtoMessage() {} func (x *Log) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[9] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[10] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -968,7 +1072,7 @@ func (x *Log) ProtoReflect() protoreflect.Message { // Deprecated: Use Log.ProtoReflect.Descriptor instead. func (*Log) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{9} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{10} } func (x *Log) GetLevel() LogLevel { @@ -996,7 +1100,7 @@ type InstanceIdentityAuth struct { func (x *InstanceIdentityAuth) Reset() { *x = InstanceIdentityAuth{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[10] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[11] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1009,7 +1113,7 @@ func (x *InstanceIdentityAuth) String() string { func (*InstanceIdentityAuth) ProtoMessage() {} func (x *InstanceIdentityAuth) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[10] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[11] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1022,7 +1126,7 @@ func (x *InstanceIdentityAuth) ProtoReflect() protoreflect.Message { // Deprecated: Use InstanceIdentityAuth.ProtoReflect.Descriptor instead. func (*InstanceIdentityAuth) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{10} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{11} } func (x *InstanceIdentityAuth) GetInstanceId() string { @@ -1044,7 +1148,7 @@ type ExternalAuthProviderResource struct { func (x *ExternalAuthProviderResource) Reset() { *x = ExternalAuthProviderResource{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[11] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[12] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1057,7 +1161,7 @@ func (x *ExternalAuthProviderResource) String() string { func (*ExternalAuthProviderResource) ProtoMessage() {} func (x *ExternalAuthProviderResource) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[11] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[12] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1070,7 +1174,7 @@ func (x *ExternalAuthProviderResource) ProtoReflect() protoreflect.Message { // Deprecated: Use ExternalAuthProviderResource.ProtoReflect.Descriptor instead. func (*ExternalAuthProviderResource) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{11} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{12} } func (x *ExternalAuthProviderResource) GetId() string { @@ -1099,7 +1203,7 @@ type ExternalAuthProvider struct { func (x *ExternalAuthProvider) Reset() { *x = ExternalAuthProvider{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[12] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[13] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1112,7 +1216,7 @@ func (x *ExternalAuthProvider) String() string { func (*ExternalAuthProvider) ProtoMessage() {} func (x *ExternalAuthProvider) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[12] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[13] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1125,7 +1229,7 @@ func (x *ExternalAuthProvider) ProtoReflect() protoreflect.Message { // Deprecated: Use ExternalAuthProvider.ProtoReflect.Descriptor instead. func (*ExternalAuthProvider) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{12} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{13} } func (x *ExternalAuthProvider) GetId() string { @@ -1179,7 +1283,7 @@ type Agent struct { func (x *Agent) Reset() { *x = Agent{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[13] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[14] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1192,7 +1296,7 @@ func (x *Agent) String() string { func (*Agent) ProtoMessage() {} func (x *Agent) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[13] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[14] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1205,7 +1309,7 @@ func (x *Agent) ProtoReflect() protoreflect.Message { // Deprecated: Use Agent.ProtoReflect.Descriptor instead. func (*Agent) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{13} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{14} } func (x *Agent) GetId() string { @@ -1376,7 +1480,7 @@ type ResourcesMonitoring struct { func (x *ResourcesMonitoring) Reset() { *x = ResourcesMonitoring{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[14] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[15] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1389,7 +1493,7 @@ func (x *ResourcesMonitoring) String() string { func (*ResourcesMonitoring) ProtoMessage() {} func (x *ResourcesMonitoring) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[14] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[15] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1402,7 +1506,7 @@ func (x *ResourcesMonitoring) ProtoReflect() protoreflect.Message { // Deprecated: Use ResourcesMonitoring.ProtoReflect.Descriptor instead. func (*ResourcesMonitoring) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{14} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{15} } func (x *ResourcesMonitoring) GetMemory() *MemoryResourceMonitor { @@ -1431,7 +1535,7 @@ type MemoryResourceMonitor struct { func (x *MemoryResourceMonitor) Reset() { *x = MemoryResourceMonitor{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[15] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[16] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1444,7 +1548,7 @@ func (x *MemoryResourceMonitor) String() string { func (*MemoryResourceMonitor) ProtoMessage() {} func (x *MemoryResourceMonitor) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[15] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[16] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1457,7 +1561,7 @@ func (x *MemoryResourceMonitor) ProtoReflect() protoreflect.Message { // Deprecated: Use MemoryResourceMonitor.ProtoReflect.Descriptor instead. func (*MemoryResourceMonitor) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{15} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{16} } func (x *MemoryResourceMonitor) GetEnabled() bool { @@ -1487,7 +1591,7 @@ type VolumeResourceMonitor struct { func (x *VolumeResourceMonitor) Reset() { *x = VolumeResourceMonitor{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[16] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[17] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1500,7 +1604,7 @@ func (x *VolumeResourceMonitor) String() string { func (*VolumeResourceMonitor) ProtoMessage() {} func (x *VolumeResourceMonitor) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[16] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[17] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1513,7 +1617,7 @@ func (x *VolumeResourceMonitor) ProtoReflect() protoreflect.Message { // Deprecated: Use VolumeResourceMonitor.ProtoReflect.Descriptor instead. func (*VolumeResourceMonitor) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{16} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{17} } func (x *VolumeResourceMonitor) GetPath() string { @@ -1552,7 +1656,7 @@ type DisplayApps struct { func (x *DisplayApps) Reset() { *x = DisplayApps{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[17] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[18] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1565,7 +1669,7 @@ func (x *DisplayApps) String() string { func (*DisplayApps) ProtoMessage() {} func (x *DisplayApps) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[17] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[18] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1578,7 +1682,7 @@ func (x *DisplayApps) ProtoReflect() protoreflect.Message { // Deprecated: Use DisplayApps.ProtoReflect.Descriptor instead. func (*DisplayApps) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{17} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{18} } func (x *DisplayApps) GetVscode() bool { @@ -1628,7 +1732,7 @@ type Env struct { func (x *Env) Reset() { *x = Env{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[18] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[19] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1641,7 +1745,7 @@ func (x *Env) String() string { func (*Env) ProtoMessage() {} func (x *Env) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[18] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[19] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1654,7 +1758,7 @@ func (x *Env) ProtoReflect() protoreflect.Message { // Deprecated: Use Env.ProtoReflect.Descriptor instead. func (*Env) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{18} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{19} } func (x *Env) GetName() string { @@ -1691,7 +1795,7 @@ type Script struct { func (x *Script) Reset() { *x = Script{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[19] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1704,7 +1808,7 @@ func (x *Script) String() string { func (*Script) ProtoMessage() {} func (x *Script) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[19] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[20] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1717,7 +1821,7 @@ func (x *Script) ProtoReflect() protoreflect.Message { // Deprecated: Use Script.ProtoReflect.Descriptor instead. func (*Script) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{19} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{20} } func (x *Script) GetDisplayName() string { @@ -1796,7 +1900,7 @@ type Devcontainer struct { func (x *Devcontainer) Reset() { *x = Devcontainer{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[20] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[21] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1809,7 +1913,7 @@ func (x *Devcontainer) String() string { func (*Devcontainer) ProtoMessage() {} func (x *Devcontainer) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[20] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[21] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1822,7 +1926,7 @@ func (x *Devcontainer) ProtoReflect() protoreflect.Message { // Deprecated: Use Devcontainer.ProtoReflect.Descriptor instead. func (*Devcontainer) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{20} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{21} } func (x *Devcontainer) GetWorkspaceFolder() string { @@ -1871,7 +1975,7 @@ type App struct { func (x *App) Reset() { *x = App{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[21] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1884,7 +1988,7 @@ func (x *App) String() string { func (*App) ProtoMessage() {} func (x *App) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[21] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[22] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1897,7 +2001,7 @@ func (x *App) ProtoReflect() protoreflect.Message { // Deprecated: Use App.ProtoReflect.Descriptor instead. func (*App) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{21} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{22} } func (x *App) GetSlug() string { @@ -1998,7 +2102,7 @@ type Healthcheck struct { func (x *Healthcheck) Reset() { *x = Healthcheck{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[22] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[23] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2011,7 +2115,7 @@ func (x *Healthcheck) String() string { func (*Healthcheck) ProtoMessage() {} func (x *Healthcheck) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[22] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[23] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2024,7 +2128,7 @@ func (x *Healthcheck) ProtoReflect() protoreflect.Message { // Deprecated: Use Healthcheck.ProtoReflect.Descriptor instead. func (*Healthcheck) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{22} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{23} } func (x *Healthcheck) GetUrl() string { @@ -2068,7 +2172,7 @@ type Resource struct { func (x *Resource) Reset() { *x = Resource{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[23] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[24] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2081,7 +2185,7 @@ func (x *Resource) String() string { func (*Resource) ProtoMessage() {} func (x *Resource) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[23] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[24] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2094,7 +2198,7 @@ func (x *Resource) ProtoReflect() protoreflect.Message { // Deprecated: Use Resource.ProtoReflect.Descriptor instead. func (*Resource) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{23} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{24} } func (x *Resource) GetName() string { @@ -2173,7 +2277,7 @@ type Module struct { func (x *Module) Reset() { *x = Module{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[24] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[25] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2186,7 +2290,7 @@ func (x *Module) String() string { func (*Module) ProtoMessage() {} func (x *Module) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[24] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[25] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2199,7 +2303,7 @@ func (x *Module) ProtoReflect() protoreflect.Message { // Deprecated: Use Module.ProtoReflect.Descriptor instead. func (*Module) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{24} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{25} } func (x *Module) GetSource() string { @@ -2235,7 +2339,7 @@ type Role struct { func (x *Role) Reset() { *x = Role{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[25] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[26] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2248,7 +2352,7 @@ func (x *Role) String() string { func (*Role) ProtoMessage() {} func (x *Role) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[25] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[26] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2261,7 +2365,7 @@ func (x *Role) ProtoReflect() protoreflect.Message { // Deprecated: Use Role.ProtoReflect.Descriptor instead. func (*Role) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{25} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{26} } func (x *Role) GetName() string { @@ -2278,39 +2382,94 @@ func (x *Role) GetOrgId() string { return "" } +type RunningAgentAuthToken struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + AgentId string `protobuf:"bytes,1,opt,name=agent_id,json=agentId,proto3" json:"agent_id,omitempty"` + Token string `protobuf:"bytes,2,opt,name=token,proto3" json:"token,omitempty"` +} + +func (x *RunningAgentAuthToken) Reset() { + *x = RunningAgentAuthToken{} + if protoimpl.UnsafeEnabled { + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[27] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *RunningAgentAuthToken) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*RunningAgentAuthToken) ProtoMessage() {} + +func (x *RunningAgentAuthToken) ProtoReflect() protoreflect.Message { + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[27] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use RunningAgentAuthToken.ProtoReflect.Descriptor instead. +func (*RunningAgentAuthToken) Descriptor() ([]byte, []int) { + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{27} +} + +func (x *RunningAgentAuthToken) GetAgentId() string { + if x != nil { + return x.AgentId + } + return "" +} + +func (x *RunningAgentAuthToken) GetToken() string { + if x != nil { + return x.Token + } + return "" +} + // Metadata is information about a workspace used in the execution of a build type Metadata struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - CoderUrl string `protobuf:"bytes,1,opt,name=coder_url,json=coderUrl,proto3" json:"coder_url,omitempty"` - WorkspaceTransition WorkspaceTransition `protobuf:"varint,2,opt,name=workspace_transition,json=workspaceTransition,proto3,enum=provisioner.WorkspaceTransition" json:"workspace_transition,omitempty"` - WorkspaceName string `protobuf:"bytes,3,opt,name=workspace_name,json=workspaceName,proto3" json:"workspace_name,omitempty"` - WorkspaceOwner string `protobuf:"bytes,4,opt,name=workspace_owner,json=workspaceOwner,proto3" json:"workspace_owner,omitempty"` - WorkspaceId string `protobuf:"bytes,5,opt,name=workspace_id,json=workspaceId,proto3" json:"workspace_id,omitempty"` - WorkspaceOwnerId string `protobuf:"bytes,6,opt,name=workspace_owner_id,json=workspaceOwnerId,proto3" json:"workspace_owner_id,omitempty"` - WorkspaceOwnerEmail string `protobuf:"bytes,7,opt,name=workspace_owner_email,json=workspaceOwnerEmail,proto3" json:"workspace_owner_email,omitempty"` - TemplateName string `protobuf:"bytes,8,opt,name=template_name,json=templateName,proto3" json:"template_name,omitempty"` - TemplateVersion string `protobuf:"bytes,9,opt,name=template_version,json=templateVersion,proto3" json:"template_version,omitempty"` - WorkspaceOwnerOidcAccessToken string `protobuf:"bytes,10,opt,name=workspace_owner_oidc_access_token,json=workspaceOwnerOidcAccessToken,proto3" json:"workspace_owner_oidc_access_token,omitempty"` - WorkspaceOwnerSessionToken string `protobuf:"bytes,11,opt,name=workspace_owner_session_token,json=workspaceOwnerSessionToken,proto3" json:"workspace_owner_session_token,omitempty"` - TemplateId string `protobuf:"bytes,12,opt,name=template_id,json=templateId,proto3" json:"template_id,omitempty"` - WorkspaceOwnerName string `protobuf:"bytes,13,opt,name=workspace_owner_name,json=workspaceOwnerName,proto3" json:"workspace_owner_name,omitempty"` - WorkspaceOwnerGroups []string `protobuf:"bytes,14,rep,name=workspace_owner_groups,json=workspaceOwnerGroups,proto3" json:"workspace_owner_groups,omitempty"` - WorkspaceOwnerSshPublicKey string `protobuf:"bytes,15,opt,name=workspace_owner_ssh_public_key,json=workspaceOwnerSshPublicKey,proto3" json:"workspace_owner_ssh_public_key,omitempty"` - WorkspaceOwnerSshPrivateKey string `protobuf:"bytes,16,opt,name=workspace_owner_ssh_private_key,json=workspaceOwnerSshPrivateKey,proto3" json:"workspace_owner_ssh_private_key,omitempty"` - WorkspaceBuildId string `protobuf:"bytes,17,opt,name=workspace_build_id,json=workspaceBuildId,proto3" json:"workspace_build_id,omitempty"` - WorkspaceOwnerLoginType string `protobuf:"bytes,18,opt,name=workspace_owner_login_type,json=workspaceOwnerLoginType,proto3" json:"workspace_owner_login_type,omitempty"` - WorkspaceOwnerRbacRoles []*Role `protobuf:"bytes,19,rep,name=workspace_owner_rbac_roles,json=workspaceOwnerRbacRoles,proto3" json:"workspace_owner_rbac_roles,omitempty"` - IsPrebuild bool `protobuf:"varint,20,opt,name=is_prebuild,json=isPrebuild,proto3" json:"is_prebuild,omitempty"` - RunningWorkspaceAgentToken string `protobuf:"bytes,21,opt,name=running_workspace_agent_token,json=runningWorkspaceAgentToken,proto3" json:"running_workspace_agent_token,omitempty"` + CoderUrl string `protobuf:"bytes,1,opt,name=coder_url,json=coderUrl,proto3" json:"coder_url,omitempty"` + WorkspaceTransition WorkspaceTransition `protobuf:"varint,2,opt,name=workspace_transition,json=workspaceTransition,proto3,enum=provisioner.WorkspaceTransition" json:"workspace_transition,omitempty"` + WorkspaceName string `protobuf:"bytes,3,opt,name=workspace_name,json=workspaceName,proto3" json:"workspace_name,omitempty"` + WorkspaceOwner string `protobuf:"bytes,4,opt,name=workspace_owner,json=workspaceOwner,proto3" json:"workspace_owner,omitempty"` + WorkspaceId string `protobuf:"bytes,5,opt,name=workspace_id,json=workspaceId,proto3" json:"workspace_id,omitempty"` + WorkspaceOwnerId string `protobuf:"bytes,6,opt,name=workspace_owner_id,json=workspaceOwnerId,proto3" json:"workspace_owner_id,omitempty"` + WorkspaceOwnerEmail string `protobuf:"bytes,7,opt,name=workspace_owner_email,json=workspaceOwnerEmail,proto3" json:"workspace_owner_email,omitempty"` + TemplateName string `protobuf:"bytes,8,opt,name=template_name,json=templateName,proto3" json:"template_name,omitempty"` + TemplateVersion string `protobuf:"bytes,9,opt,name=template_version,json=templateVersion,proto3" json:"template_version,omitempty"` + WorkspaceOwnerOidcAccessToken string `protobuf:"bytes,10,opt,name=workspace_owner_oidc_access_token,json=workspaceOwnerOidcAccessToken,proto3" json:"workspace_owner_oidc_access_token,omitempty"` + WorkspaceOwnerSessionToken string `protobuf:"bytes,11,opt,name=workspace_owner_session_token,json=workspaceOwnerSessionToken,proto3" json:"workspace_owner_session_token,omitempty"` + TemplateId string `protobuf:"bytes,12,opt,name=template_id,json=templateId,proto3" json:"template_id,omitempty"` + WorkspaceOwnerName string `protobuf:"bytes,13,opt,name=workspace_owner_name,json=workspaceOwnerName,proto3" json:"workspace_owner_name,omitempty"` + WorkspaceOwnerGroups []string `protobuf:"bytes,14,rep,name=workspace_owner_groups,json=workspaceOwnerGroups,proto3" json:"workspace_owner_groups,omitempty"` + WorkspaceOwnerSshPublicKey string `protobuf:"bytes,15,opt,name=workspace_owner_ssh_public_key,json=workspaceOwnerSshPublicKey,proto3" json:"workspace_owner_ssh_public_key,omitempty"` + WorkspaceOwnerSshPrivateKey string `protobuf:"bytes,16,opt,name=workspace_owner_ssh_private_key,json=workspaceOwnerSshPrivateKey,proto3" json:"workspace_owner_ssh_private_key,omitempty"` + WorkspaceBuildId string `protobuf:"bytes,17,opt,name=workspace_build_id,json=workspaceBuildId,proto3" json:"workspace_build_id,omitempty"` + WorkspaceOwnerLoginType string `protobuf:"bytes,18,opt,name=workspace_owner_login_type,json=workspaceOwnerLoginType,proto3" json:"workspace_owner_login_type,omitempty"` + WorkspaceOwnerRbacRoles []*Role `protobuf:"bytes,19,rep,name=workspace_owner_rbac_roles,json=workspaceOwnerRbacRoles,proto3" json:"workspace_owner_rbac_roles,omitempty"` + PrebuiltWorkspaceBuildStage PrebuiltWorkspaceBuildStage `protobuf:"varint,20,opt,name=prebuilt_workspace_build_stage,json=prebuiltWorkspaceBuildStage,proto3,enum=provisioner.PrebuiltWorkspaceBuildStage" json:"prebuilt_workspace_build_stage,omitempty"` // Indicates that a prebuilt workspace is being built. + RunningAgentAuthTokens []*RunningAgentAuthToken `protobuf:"bytes,21,rep,name=running_agent_auth_tokens,json=runningAgentAuthTokens,proto3" json:"running_agent_auth_tokens,omitempty"` } func (x *Metadata) Reset() { *x = Metadata{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[26] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[28] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2323,7 +2482,7 @@ func (x *Metadata) String() string { func (*Metadata) ProtoMessage() {} func (x *Metadata) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[26] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[28] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2336,7 +2495,7 @@ func (x *Metadata) ProtoReflect() protoreflect.Message { // Deprecated: Use Metadata.ProtoReflect.Descriptor instead. func (*Metadata) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{26} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{28} } func (x *Metadata) GetCoderUrl() string { @@ -2472,18 +2631,18 @@ func (x *Metadata) GetWorkspaceOwnerRbacRoles() []*Role { return nil } -func (x *Metadata) GetIsPrebuild() bool { +func (x *Metadata) GetPrebuiltWorkspaceBuildStage() PrebuiltWorkspaceBuildStage { if x != nil { - return x.IsPrebuild + return x.PrebuiltWorkspaceBuildStage } - return false + return PrebuiltWorkspaceBuildStage_NONE } -func (x *Metadata) GetRunningWorkspaceAgentToken() string { +func (x *Metadata) GetRunningAgentAuthTokens() []*RunningAgentAuthToken { if x != nil { - return x.RunningWorkspaceAgentToken + return x.RunningAgentAuthTokens } - return "" + return nil } // Config represents execution configuration shared by all subsequent requests in the Session @@ -2502,7 +2661,7 @@ type Config struct { func (x *Config) Reset() { *x = Config{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[27] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[29] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2515,7 +2674,7 @@ func (x *Config) String() string { func (*Config) ProtoMessage() {} func (x *Config) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[27] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[29] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2528,7 +2687,7 @@ func (x *Config) ProtoReflect() protoreflect.Message { // Deprecated: Use Config.ProtoReflect.Descriptor instead. func (*Config) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{27} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{29} } func (x *Config) GetTemplateSourceArchive() []byte { @@ -2562,7 +2721,7 @@ type ParseRequest struct { func (x *ParseRequest) Reset() { *x = ParseRequest{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[28] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[30] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2575,7 +2734,7 @@ func (x *ParseRequest) String() string { func (*ParseRequest) ProtoMessage() {} func (x *ParseRequest) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[28] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[30] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2588,7 +2747,7 @@ func (x *ParseRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use ParseRequest.ProtoReflect.Descriptor instead. func (*ParseRequest) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{28} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{30} } // ParseComplete indicates a request to parse completed. @@ -2606,7 +2765,7 @@ type ParseComplete struct { func (x *ParseComplete) Reset() { *x = ParseComplete{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[29] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[31] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2619,7 +2778,7 @@ func (x *ParseComplete) String() string { func (*ParseComplete) ProtoMessage() {} func (x *ParseComplete) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[29] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[31] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2632,7 +2791,7 @@ func (x *ParseComplete) ProtoReflect() protoreflect.Message { // Deprecated: Use ParseComplete.ProtoReflect.Descriptor instead. func (*ParseComplete) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{29} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{31} } func (x *ParseComplete) GetError() string { @@ -2678,7 +2837,7 @@ type PlanRequest struct { func (x *PlanRequest) Reset() { *x = PlanRequest{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[30] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[32] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2691,7 +2850,7 @@ func (x *PlanRequest) String() string { func (*PlanRequest) ProtoMessage() {} func (x *PlanRequest) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[30] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[32] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2704,7 +2863,7 @@ func (x *PlanRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use PlanRequest.ProtoReflect.Descriptor instead. func (*PlanRequest) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{30} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{32} } func (x *PlanRequest) GetMetadata() *Metadata { @@ -2749,12 +2908,13 @@ type PlanComplete struct { Modules []*Module `protobuf:"bytes,7,rep,name=modules,proto3" json:"modules,omitempty"` Presets []*Preset `protobuf:"bytes,8,rep,name=presets,proto3" json:"presets,omitempty"` Plan []byte `protobuf:"bytes,9,opt,name=plan,proto3" json:"plan,omitempty"` + ResourceReplacements []*ResourceReplacement `protobuf:"bytes,10,rep,name=resource_replacements,json=resourceReplacements,proto3" json:"resource_replacements,omitempty"` } func (x *PlanComplete) Reset() { *x = PlanComplete{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[31] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[33] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2767,7 +2927,7 @@ func (x *PlanComplete) String() string { func (*PlanComplete) ProtoMessage() {} func (x *PlanComplete) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[31] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[33] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2780,7 +2940,7 @@ func (x *PlanComplete) ProtoReflect() protoreflect.Message { // Deprecated: Use PlanComplete.ProtoReflect.Descriptor instead. func (*PlanComplete) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{31} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{33} } func (x *PlanComplete) GetError() string { @@ -2839,6 +2999,13 @@ func (x *PlanComplete) GetPlan() []byte { return nil } +func (x *PlanComplete) GetResourceReplacements() []*ResourceReplacement { + if x != nil { + return x.ResourceReplacements + } + return nil +} + // ApplyRequest asks the provisioner to apply the changes. Apply MUST be preceded by a successful plan request/response // in the same Session. The plan data is not transmitted over the wire and is cached by the provisioner in the Session. type ApplyRequest struct { @@ -2852,7 +3019,7 @@ type ApplyRequest struct { func (x *ApplyRequest) Reset() { *x = ApplyRequest{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[32] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[34] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2865,7 +3032,7 @@ func (x *ApplyRequest) String() string { func (*ApplyRequest) ProtoMessage() {} func (x *ApplyRequest) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[32] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[34] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2878,7 +3045,7 @@ func (x *ApplyRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use ApplyRequest.ProtoReflect.Descriptor instead. func (*ApplyRequest) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{32} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{34} } func (x *ApplyRequest) GetMetadata() *Metadata { @@ -2905,7 +3072,7 @@ type ApplyComplete struct { func (x *ApplyComplete) Reset() { *x = ApplyComplete{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[33] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[35] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -2918,7 +3085,7 @@ func (x *ApplyComplete) String() string { func (*ApplyComplete) ProtoMessage() {} func (x *ApplyComplete) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[33] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[35] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2931,7 +3098,7 @@ func (x *ApplyComplete) ProtoReflect() protoreflect.Message { // Deprecated: Use ApplyComplete.ProtoReflect.Descriptor instead. func (*ApplyComplete) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{33} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{35} } func (x *ApplyComplete) GetState() []byte { @@ -2993,7 +3160,7 @@ type Timing struct { func (x *Timing) Reset() { *x = Timing{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[34] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[36] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3006,7 +3173,7 @@ func (x *Timing) String() string { func (*Timing) ProtoMessage() {} func (x *Timing) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[34] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[36] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3019,7 +3186,7 @@ func (x *Timing) ProtoReflect() protoreflect.Message { // Deprecated: Use Timing.ProtoReflect.Descriptor instead. func (*Timing) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{34} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{36} } func (x *Timing) GetStart() *timestamppb.Timestamp { @@ -3081,7 +3248,7 @@ type CancelRequest struct { func (x *CancelRequest) Reset() { *x = CancelRequest{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[35] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[37] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3094,7 +3261,7 @@ func (x *CancelRequest) String() string { func (*CancelRequest) ProtoMessage() {} func (x *CancelRequest) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[35] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[37] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3107,7 +3274,7 @@ func (x *CancelRequest) ProtoReflect() protoreflect.Message { // Deprecated: Use CancelRequest.ProtoReflect.Descriptor instead. func (*CancelRequest) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{35} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{37} } type Request struct { @@ -3128,7 +3295,7 @@ type Request struct { func (x *Request) Reset() { *x = Request{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[36] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[38] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3141,7 +3308,7 @@ func (x *Request) String() string { func (*Request) ProtoMessage() {} func (x *Request) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[36] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[38] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3154,7 +3321,7 @@ func (x *Request) ProtoReflect() protoreflect.Message { // Deprecated: Use Request.ProtoReflect.Descriptor instead. func (*Request) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{36} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{38} } func (m *Request) GetType() isRequest_Type { @@ -3250,7 +3417,7 @@ type Response struct { func (x *Response) Reset() { *x = Response{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[37] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[39] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3263,7 +3430,7 @@ func (x *Response) String() string { func (*Response) ProtoMessage() {} func (x *Response) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[37] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[39] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3276,7 +3443,7 @@ func (x *Response) ProtoReflect() protoreflect.Message { // Deprecated: Use Response.ProtoReflect.Descriptor instead. func (*Response) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{37} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{39} } func (m *Response) GetType() isResponse_Type { @@ -3358,7 +3525,7 @@ type Agent_Metadata struct { func (x *Agent_Metadata) Reset() { *x = Agent_Metadata{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[38] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[40] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3371,7 +3538,7 @@ func (x *Agent_Metadata) String() string { func (*Agent_Metadata) ProtoMessage() {} func (x *Agent_Metadata) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[38] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[40] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3384,7 +3551,7 @@ func (x *Agent_Metadata) ProtoReflect() protoreflect.Message { // Deprecated: Use Agent_Metadata.ProtoReflect.Descriptor instead. func (*Agent_Metadata) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{13, 0} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{14, 0} } func (x *Agent_Metadata) GetKey() string { @@ -3443,7 +3610,7 @@ type Resource_Metadata struct { func (x *Resource_Metadata) Reset() { *x = Resource_Metadata{} if protoimpl.UnsafeEnabled { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[40] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[42] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -3456,7 +3623,7 @@ func (x *Resource_Metadata) String() string { func (*Resource_Metadata) ProtoMessage() {} func (x *Resource_Metadata) ProtoReflect() protoreflect.Message { - mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[40] + mi := &file_provisionersdk_proto_provisioner_proto_msgTypes[42] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -3469,7 +3636,7 @@ func (x *Resource_Metadata) ProtoReflect() protoreflect.Message { // Deprecated: Use Resource_Metadata.ProtoReflect.Descriptor instead. func (*Resource_Metadata) Descriptor() ([]byte, []int) { - return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{23, 0} + return file_provisionersdk_proto_provisioner_proto_rawDescGZIP(), []int{24, 0} } func (x *Resource_Metadata) GetKey() string { @@ -3587,465 +3754,491 @@ var file_provisionersdk_proto_provisioner_proto_rawDesc = []byte{ 0x3b, 0x0a, 0x0f, 0x50, 0x72, 0x65, 0x73, 0x65, 0x74, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x57, 0x0a, 0x0d, - 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x65, 0x6e, 0x73, 0x69, - 0x74, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x65, 0x6e, 0x73, - 0x69, 0x74, 0x69, 0x76, 0x65, 0x22, 0x4a, 0x0a, 0x03, 0x4c, 0x6f, 0x67, 0x12, 0x2b, 0x0a, 0x05, - 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x70, 0x72, - 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, - 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x75, 0x74, - 0x70, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6f, 0x75, 0x74, 0x70, 0x75, - 0x74, 0x22, 0x37, 0x0a, 0x14, 0x49, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x74, 0x79, 0x41, 0x75, 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, - 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, - 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x22, 0x4a, 0x0a, 0x1c, 0x45, 0x78, - 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, - 0x65, 0x72, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x6f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, 0x49, 0x0a, 0x14, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x0e, - 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x21, - 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, - 0x6e, 0x22, 0xb6, 0x08, 0x0a, 0x05, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, - 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x2d, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x67, 0x65, 0x6e, 0x74, - 0x2e, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x12, 0x29, - 0x0a, 0x10, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x79, 0x73, 0x74, - 0x65, 0x6d, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, - 0x69, 0x6e, 0x67, 0x53, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x12, 0x22, 0x0a, 0x0c, 0x61, 0x72, 0x63, - 0x68, 0x69, 0x74, 0x65, 0x63, 0x74, 0x75, 0x72, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0c, 0x61, 0x72, 0x63, 0x68, 0x69, 0x74, 0x65, 0x63, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1c, 0x0a, - 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x79, 0x12, 0x24, 0x0a, 0x04, 0x61, - 0x70, 0x70, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x72, 0x6f, 0x76, - 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x52, 0x04, 0x61, 0x70, 0x70, - 0x73, 0x12, 0x16, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, - 0x48, 0x00, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x21, 0x0a, 0x0b, 0x69, 0x6e, 0x73, - 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, - 0x52, 0x0a, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x12, 0x3c, 0x0a, 0x1a, - 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, - 0x75, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, - 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x74, 0x72, - 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x73, 0x68, 0x6f, 0x6f, 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x75, 0x72, - 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x74, 0x72, 0x6f, 0x75, 0x62, 0x6c, 0x65, - 0x73, 0x68, 0x6f, 0x6f, 0x74, 0x69, 0x6e, 0x67, 0x55, 0x72, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x6d, - 0x6f, 0x74, 0x64, 0x5f, 0x66, 0x69, 0x6c, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, - 0x6d, 0x6f, 0x74, 0x64, 0x46, 0x69, 0x6c, 0x65, 0x12, 0x37, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, - 0x64, 0x61, 0x74, 0x61, 0x18, 0x12, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x4d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, - 0x61, 0x12, 0x3b, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x61, 0x70, 0x70, - 0x73, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, - 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x44, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x41, 0x70, 0x70, - 0x73, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x41, 0x70, 0x70, 0x73, 0x12, 0x2d, - 0x0a, 0x07, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x18, 0x15, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x53, 0x63, - 0x72, 0x69, 0x70, 0x74, 0x52, 0x07, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x12, 0x2f, 0x0a, - 0x0a, 0x65, 0x78, 0x74, 0x72, 0x61, 0x5f, 0x65, 0x6e, 0x76, 0x73, 0x18, 0x16, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, - 0x45, 0x6e, 0x76, 0x52, 0x09, 0x65, 0x78, 0x74, 0x72, 0x61, 0x45, 0x6e, 0x76, 0x73, 0x12, 0x14, - 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x17, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x6f, - 0x72, 0x64, 0x65, 0x72, 0x12, 0x53, 0x0a, 0x14, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x5f, 0x6d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x18, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, - 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, - 0x72, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, - 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x3f, 0x0a, 0x0d, 0x64, 0x65, 0x76, - 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x18, 0x19, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x44, - 0x65, 0x76, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x52, 0x0d, 0x64, 0x65, 0x76, - 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x73, 0x1a, 0xa3, 0x01, 0x0a, 0x08, 0x4d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, - 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, - 0x72, 0x69, 0x70, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, - 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x03, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x72, - 0x64, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, - 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x06, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68, - 0x4a, 0x04, 0x08, 0x0e, 0x10, 0x0f, 0x52, 0x12, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x5f, 0x62, 0x65, - 0x66, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, 0x61, 0x64, 0x79, 0x22, 0x8f, 0x01, 0x0a, 0x13, 0x52, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x47, 0x0a, 0x13, + 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, + 0x65, 0x6e, 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, + 0x14, 0x0a, 0x05, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x05, + 0x70, 0x61, 0x74, 0x68, 0x73, 0x22, 0x57, 0x0a, 0x0d, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, + 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x65, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x65, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x22, 0x4a, + 0x0a, 0x03, 0x4c, 0x6f, 0x67, 0x12, 0x2b, 0x0a, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x65, 0x72, 0x2e, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x65, 0x76, + 0x65, 0x6c, 0x12, 0x16, 0x0a, 0x06, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x06, 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x22, 0x37, 0x0a, 0x14, 0x49, 0x6e, + 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x41, 0x75, + 0x74, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, + 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, + 0x65, 0x49, 0x64, 0x22, 0x4a, 0x0a, 0x1c, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, + 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x02, 0x69, 0x64, 0x12, 0x1a, 0x0a, 0x08, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x6f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x61, 0x6c, 0x22, + 0x49, 0x0a, 0x14, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, + 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xb6, 0x08, 0x0a, 0x05, 0x41, + 0x67, 0x65, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2d, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, + 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, + 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x03, 0x65, 0x6e, 0x76, 0x12, 0x29, 0x0a, 0x10, 0x6f, 0x70, 0x65, 0x72, 0x61, + 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x79, 0x73, 0x74, 0x65, 0x6d, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0f, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6e, 0x67, 0x53, 0x79, 0x73, 0x74, + 0x65, 0x6d, 0x12, 0x22, 0x0a, 0x0c, 0x61, 0x72, 0x63, 0x68, 0x69, 0x74, 0x65, 0x63, 0x74, 0x75, + 0x72, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x72, 0x63, 0x68, 0x69, 0x74, + 0x65, 0x63, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x79, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x64, 0x69, 0x72, 0x65, 0x63, + 0x74, 0x6f, 0x72, 0x79, 0x12, 0x24, 0x0a, 0x04, 0x61, 0x70, 0x70, 0x73, 0x18, 0x08, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, + 0x2e, 0x41, 0x70, 0x70, 0x52, 0x04, 0x61, 0x70, 0x70, 0x73, 0x12, 0x16, 0x0a, 0x05, 0x74, 0x6f, + 0x6b, 0x65, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x74, 0x6f, 0x6b, + 0x65, 0x6e, 0x12, 0x21, 0x0a, 0x0b, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x69, + 0x64, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0a, 0x69, 0x6e, 0x73, 0x74, 0x61, + 0x6e, 0x63, 0x65, 0x49, 0x64, 0x12, 0x3c, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x6f, + 0x6e, 0x64, 0x73, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x05, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x6e, 0x65, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, + 0x6e, 0x64, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x74, 0x72, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x73, 0x68, + 0x6f, 0x6f, 0x74, 0x69, 0x6e, 0x67, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x12, 0x74, 0x72, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x73, 0x68, 0x6f, 0x6f, 0x74, 0x69, 0x6e, + 0x67, 0x55, 0x72, 0x6c, 0x12, 0x1b, 0x0a, 0x09, 0x6d, 0x6f, 0x74, 0x64, 0x5f, 0x66, 0x69, 0x6c, + 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x6d, 0x6f, 0x74, 0x64, 0x46, 0x69, 0x6c, + 0x65, 0x12, 0x37, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x12, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, + 0x72, 0x2e, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x3b, 0x0a, 0x0c, 0x64, 0x69, + 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x61, 0x70, 0x70, 0x73, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x44, + 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x41, 0x70, 0x70, 0x73, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, + 0x6c, 0x61, 0x79, 0x41, 0x70, 0x70, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x73, 0x63, 0x72, 0x69, 0x70, + 0x74, 0x73, 0x18, 0x15, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x52, 0x07, 0x73, + 0x63, 0x72, 0x69, 0x70, 0x74, 0x73, 0x12, 0x2f, 0x0a, 0x0a, 0x65, 0x78, 0x74, 0x72, 0x61, 0x5f, + 0x65, 0x6e, 0x76, 0x73, 0x18, 0x16, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x72, 0x6f, + 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x6e, 0x76, 0x52, 0x09, 0x65, 0x78, + 0x74, 0x72, 0x61, 0x45, 0x6e, 0x76, 0x73, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, + 0x18, 0x17, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x53, 0x0a, + 0x14, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x5f, 0x6d, 0x6f, 0x6e, 0x69, 0x74, + 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x18, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x52, 0x13, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, - 0x6e, 0x67, 0x12, 0x3a, 0x0a, 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, - 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, - 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x52, 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x12, 0x3c, - 0x0a, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x22, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x6f, - 0x6c, 0x75, 0x6d, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, - 0x74, 0x6f, 0x72, 0x52, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x22, 0x4f, 0x0a, 0x15, - 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, - 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, - 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, 0x63, 0x0a, - 0x15, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, - 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, - 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, - 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, - 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, - 0x6c, 0x64, 0x22, 0xc6, 0x01, 0x0a, 0x0b, 0x44, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x41, 0x70, - 0x70, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x76, 0x73, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x06, 0x76, 0x73, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x76, 0x73, - 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x6e, 0x73, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0e, 0x76, 0x73, 0x63, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x73, 0x69, 0x64, - 0x65, 0x72, 0x73, 0x12, 0x21, 0x0a, 0x0c, 0x77, 0x65, 0x62, 0x5f, 0x74, 0x65, 0x72, 0x6d, 0x69, - 0x6e, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x77, 0x65, 0x62, 0x54, 0x65, - 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x73, 0x68, 0x5f, 0x68, 0x65, - 0x6c, 0x70, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x73, 0x68, 0x48, - 0x65, 0x6c, 0x70, 0x65, 0x72, 0x12, 0x34, 0x0a, 0x16, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x66, 0x6f, - 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x70, 0x6f, 0x72, 0x74, 0x46, 0x6f, 0x72, 0x77, 0x61, - 0x72, 0x64, 0x69, 0x6e, 0x67, 0x48, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x22, 0x2f, 0x0a, 0x03, 0x45, - 0x6e, 0x76, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x9f, 0x02, 0x0a, - 0x06, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, - 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, - 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, - 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x16, - 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x72, 0x6f, 0x6e, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x72, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x73, 0x74, - 0x61, 0x72, 0x74, 0x5f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, - 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x10, 0x73, 0x74, 0x61, 0x72, 0x74, 0x42, 0x6c, 0x6f, - 0x63, 0x6b, 0x73, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x20, 0x0a, 0x0c, 0x72, 0x75, 0x6e, 0x5f, - 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, - 0x72, 0x75, 0x6e, 0x4f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0b, 0x72, 0x75, - 0x6e, 0x5f, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x6f, 0x70, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x09, 0x72, 0x75, 0x6e, 0x4f, 0x6e, 0x53, 0x74, 0x6f, 0x70, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69, - 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x08, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, - 0x6e, 0x64, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x50, 0x61, 0x74, 0x68, 0x22, 0x6e, - 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x29, - 0x0a, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x66, 0x6f, 0x6c, 0x64, - 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x46, 0x6f, 0x6c, 0x64, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, - 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x94, - 0x03, 0x0a, 0x03, 0x41, 0x70, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x6c, 0x75, 0x67, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x73, 0x6c, 0x75, 0x67, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, - 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, - 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, - 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x04, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, 0x6f, - 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, - 0x09, 0x73, 0x75, 0x62, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, - 0x52, 0x09, 0x73, 0x75, 0x62, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x3a, 0x0a, 0x0b, 0x68, - 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x48, - 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x0b, 0x68, 0x65, 0x61, 0x6c, - 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x41, 0x0a, 0x0d, 0x73, 0x68, 0x61, 0x72, 0x69, - 0x6e, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, - 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0c, 0x73, 0x68, - 0x61, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, - 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x65, 0x78, - 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, - 0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, - 0x68, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x68, 0x69, - 0x64, 0x64, 0x65, 0x6e, 0x12, 0x2f, 0x0a, 0x07, 0x6f, 0x70, 0x65, 0x6e, 0x5f, 0x69, 0x6e, 0x18, - 0x0c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, - 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x4f, 0x70, 0x65, 0x6e, 0x49, 0x6e, 0x52, 0x06, 0x6f, - 0x70, 0x65, 0x6e, 0x49, 0x6e, 0x22, 0x59, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, - 0x68, 0x65, 0x63, 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, - 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, - 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, - 0x22, 0x92, 0x03, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2a, 0x0a, 0x06, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x18, - 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, - 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x61, 0x67, 0x65, 0x6e, 0x74, - 0x73, 0x12, 0x3a, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, - 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, - 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x12, 0x0a, - 0x04, 0x68, 0x69, 0x64, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x68, 0x69, 0x64, - 0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, - 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, - 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, - 0x69, 0x6c, 0x79, 0x5f, 0x63, 0x6f, 0x73, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, - 0x64, 0x61, 0x69, 0x6c, 0x79, 0x43, 0x6f, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x6f, 0x64, - 0x75, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, - 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x69, 0x0a, 0x08, 0x4d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1c, - 0x0a, 0x09, 0x73, 0x65, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x08, 0x52, 0x09, 0x73, 0x65, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x12, 0x17, 0x0a, 0x07, - 0x69, 0x73, 0x5f, 0x6e, 0x75, 0x6c, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x69, - 0x73, 0x4e, 0x75, 0x6c, 0x6c, 0x22, 0x4c, 0x0a, 0x06, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x12, - 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, - 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x22, 0x31, 0x0a, 0x04, 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x15, 0x0a, 0x06, 0x6f, 0x72, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x6f, 0x72, 0x67, 0x49, 0x64, 0x22, 0xe0, 0x08, 0x0a, 0x08, 0x4d, 0x65, 0x74, 0x61, 0x64, - 0x61, 0x74, 0x61, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x5f, 0x75, 0x72, 0x6c, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x55, 0x72, 0x6c, - 0x12, 0x53, 0x0a, 0x14, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x74, 0x72, - 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x57, 0x6f, 0x72, - 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x13, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x77, - 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x27, 0x0a, 0x0f, - 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x77, 0x6f, 0x72, - 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x2c, 0x0a, 0x12, 0x77, 0x6f, 0x72, 0x6b, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x06, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, - 0x77, 0x6e, 0x65, 0x72, 0x49, 0x64, 0x12, 0x32, 0x0a, 0x15, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x45, 0x6d, 0x61, 0x69, 0x6c, 0x12, 0x23, 0x0a, 0x0d, 0x74, 0x65, - 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0c, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x29, 0x0a, 0x10, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, - 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x74, 0x65, 0x6d, 0x70, 0x6c, - 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, 0x21, 0x77, 0x6f, - 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x6f, 0x69, - 0x64, 0x63, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, - 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1d, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x4f, 0x69, 0x64, 0x63, 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, - 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x41, 0x0a, 0x1d, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, - 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x77, 0x6f, 0x72, - 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x53, 0x65, 0x73, 0x73, 0x69, - 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x65, 0x6d, 0x70, 0x6c, - 0x61, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x65, - 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x49, 0x64, 0x12, 0x30, 0x0a, 0x14, 0x77, 0x6f, 0x72, 0x6b, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, 0x16, 0x77, 0x6f, - 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x67, 0x72, - 0x6f, 0x75, 0x70, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x77, 0x6f, 0x72, 0x6b, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, - 0x12, 0x42, 0x0a, 0x1e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, - 0x6e, 0x65, 0x72, 0x5f, 0x73, 0x73, 0x68, 0x5f, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, - 0x65, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x53, 0x73, 0x68, 0x50, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x4b, 0x65, 0x79, 0x12, 0x44, 0x0a, 0x1f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x73, 0x73, 0x68, 0x5f, 0x70, 0x72, 0x69, 0x76, - 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1b, 0x77, - 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x53, 0x73, 0x68, - 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x2c, 0x0a, 0x12, 0x77, 0x6f, - 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x69, 0x64, - 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x49, 0x64, 0x12, 0x3b, 0x0a, 0x1a, 0x77, 0x6f, 0x72, 0x6b, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x69, - 0x6e, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, 0x17, 0x77, 0x6f, - 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x69, - 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x4e, 0x0a, 0x1a, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x62, 0x61, 0x63, 0x5f, 0x72, 0x6f, - 0x6c, 0x65, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x70, 0x72, 0x6f, 0x76, - 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x6c, 0x65, 0x52, 0x17, 0x77, 0x6f, - 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x52, 0x62, 0x61, 0x63, - 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x1f, 0x0a, 0x0b, 0x69, 0x73, 0x5f, 0x70, 0x72, 0x65, 0x62, - 0x75, 0x69, 0x6c, 0x64, 0x18, 0x14, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x69, 0x73, 0x50, 0x72, - 0x65, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x12, 0x41, 0x0a, 0x1d, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, - 0x67, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x61, 0x67, 0x65, 0x6e, - 0x74, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x15, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x72, - 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x41, - 0x67, 0x65, 0x6e, 0x74, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0x8a, 0x01, 0x0a, 0x06, 0x43, 0x6f, - 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x17, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, - 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x61, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x15, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x53, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x12, 0x14, 0x0a, 0x05, - 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, - 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x13, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x4c, 0x6f, - 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0x0e, 0x0a, 0x0c, 0x50, 0x61, 0x72, 0x73, 0x65, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xa3, 0x02, 0x0a, 0x0d, 0x50, 0x61, 0x72, 0x73, 0x65, - 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, - 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x4c, - 0x0a, 0x12, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x72, 0x69, 0x61, - 0x62, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, - 0x65, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x11, 0x74, 0x65, 0x6d, 0x70, 0x6c, - 0x61, 0x74, 0x65, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, - 0x72, 0x65, 0x61, 0x64, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, 0x65, - 0x61, 0x64, 0x6d, 0x65, 0x12, 0x54, 0x0a, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, - 0x65, 0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x72, 0x73, 0x65, - 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, 0x77, 0x6f, 0x72, - 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x1a, 0x40, 0x0a, 0x12, 0x57, 0x6f, - 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x6e, 0x67, 0x12, 0x3f, 0x0a, 0x0d, 0x64, 0x65, 0x76, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, + 0x65, 0x72, 0x73, 0x18, 0x19, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, + 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x44, 0x65, 0x76, 0x63, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x52, 0x0d, 0x64, 0x65, 0x76, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, + 0x65, 0x72, 0x73, 0x1a, 0xa3, 0x01, 0x0a, 0x08, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb5, 0x02, 0x0a, - 0x0b, 0x50, 0x6c, 0x61, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x08, - 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, - 0x53, 0x0a, 0x15, 0x72, 0x69, 0x63, 0x68, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, - 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x69, 0x63, - 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x13, 0x72, 0x69, 0x63, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, - 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x61, 0x72, 0x69, - 0x61, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x76, 0x61, 0x72, 0x69, 0x61, - 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x59, 0x0a, 0x17, 0x65, 0x78, 0x74, + 0x65, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, + 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x1a, 0x0a, + 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, + 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, 0x6d, + 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, + 0x01, 0x42, 0x06, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68, 0x4a, 0x04, 0x08, 0x0e, 0x10, 0x0f, 0x52, + 0x12, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x5f, 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, + 0x61, 0x64, 0x79, 0x22, 0x8f, 0x01, 0x0a, 0x13, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x3a, 0x0a, 0x06, 0x6d, + 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, + 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x52, + 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x12, 0x3c, 0x0a, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, + 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x52, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x52, 0x07, 0x76, 0x6f, + 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x22, 0x4f, 0x0a, 0x15, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x12, 0x18, + 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, + 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, + 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, 0x63, 0x0a, 0x15, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, + 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x12, + 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, + 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1c, 0x0a, + 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, 0xc6, 0x01, 0x0a, 0x0b, + 0x44, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x41, 0x70, 0x70, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x76, + 0x73, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x76, 0x73, 0x63, + 0x6f, 0x64, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x76, 0x73, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x6e, + 0x73, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x76, 0x73, + 0x63, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x73, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x21, 0x0a, 0x0c, + 0x77, 0x65, 0x62, 0x5f, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x0b, 0x77, 0x65, 0x62, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x12, + 0x1d, 0x0a, 0x0a, 0x73, 0x73, 0x68, 0x5f, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x73, 0x68, 0x48, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x12, 0x34, + 0x0a, 0x16, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, + 0x67, 0x5f, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, + 0x70, 0x6f, 0x72, 0x74, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x48, 0x65, + 0x6c, 0x70, 0x65, 0x72, 0x22, 0x2f, 0x0a, 0x03, 0x45, 0x6e, 0x76, 0x12, 0x12, 0x0a, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x9f, 0x02, 0x0a, 0x06, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, + 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, + 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, + 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, + 0x12, 0x0a, 0x04, 0x63, 0x72, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, + 0x72, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x62, 0x6c, 0x6f, + 0x63, 0x6b, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x10, 0x73, 0x74, 0x61, 0x72, 0x74, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x4c, 0x6f, 0x67, 0x69, + 0x6e, 0x12, 0x20, 0x0a, 0x0c, 0x72, 0x75, 0x6e, 0x5f, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x61, 0x72, + 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x72, 0x75, 0x6e, 0x4f, 0x6e, 0x53, 0x74, + 0x61, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0b, 0x72, 0x75, 0x6e, 0x5f, 0x6f, 0x6e, 0x5f, 0x73, 0x74, + 0x6f, 0x70, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x72, 0x75, 0x6e, 0x4f, 0x6e, 0x53, + 0x74, 0x6f, 0x70, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, + 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, + 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x19, 0x0a, 0x08, + 0x6c, 0x6f, 0x67, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, + 0x6c, 0x6f, 0x67, 0x50, 0x61, 0x74, 0x68, 0x22, 0x6e, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x63, 0x6f, + 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x29, 0x0a, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x5f, 0x66, 0x6f, 0x6c, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x46, 0x6f, 0x6c, 0x64, + 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x70, 0x61, 0x74, + 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, + 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x94, 0x03, 0x0a, 0x03, 0x41, 0x70, 0x70, 0x12, + 0x12, 0x0a, 0x04, 0x73, 0x6c, 0x75, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x73, + 0x6c, 0x75, 0x67, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, + 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, + 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, + 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, + 0x72, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x75, 0x62, 0x64, 0x6f, 0x6d, + 0x61, 0x69, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x75, 0x62, 0x64, 0x6f, + 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x3a, 0x0a, 0x0b, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, + 0x65, 0x63, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, + 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, + 0x65, 0x63, 0x6b, 0x52, 0x0b, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, + 0x12, 0x41, 0x0a, 0x0d, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, + 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, + 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0c, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x65, + 0x76, 0x65, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x12, + 0x14, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, + 0x6f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x18, + 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x68, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x12, 0x2f, 0x0a, + 0x07, 0x6f, 0x70, 0x65, 0x6e, 0x5f, 0x69, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, + 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, + 0x4f, 0x70, 0x65, 0x6e, 0x49, 0x6e, 0x52, 0x06, 0x6f, 0x70, 0x65, 0x6e, 0x49, 0x6e, 0x22, 0x59, + 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x10, 0x0a, + 0x03, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, + 0x1a, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x74, + 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, + 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, 0x92, 0x03, 0x0a, 0x08, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2a, + 0x0a, 0x06, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, + 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x67, 0x65, + 0x6e, 0x74, 0x52, 0x06, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x3a, 0x0a, 0x08, 0x6d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x69, 0x64, 0x65, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x68, 0x69, 0x64, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, + 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x23, + 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x54, + 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x69, 0x6c, 0x79, 0x5f, 0x63, 0x6f, 0x73, + 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x64, 0x61, 0x69, 0x6c, 0x79, 0x43, 0x6f, + 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, + 0x68, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x50, + 0x61, 0x74, 0x68, 0x1a, 0x69, 0x0a, 0x08, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x65, 0x6e, 0x73, 0x69, + 0x74, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x65, 0x6e, 0x73, + 0x69, 0x74, 0x69, 0x76, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x69, 0x73, 0x5f, 0x6e, 0x75, 0x6c, 0x6c, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x69, 0x73, 0x4e, 0x75, 0x6c, 0x6c, 0x22, 0x4c, + 0x0a, 0x06, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x22, 0x31, 0x0a, 0x04, + 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x15, 0x0a, 0x06, 0x6f, 0x72, 0x67, 0x5f, + 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6f, 0x72, 0x67, 0x49, 0x64, 0x22, + 0x48, 0x0a, 0x15, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x41, + 0x75, 0x74, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x61, 0x67, 0x65, 0x6e, + 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x67, 0x65, 0x6e, + 0x74, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xca, 0x09, 0x0a, 0x08, 0x4d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x5f, + 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x64, 0x65, 0x72, + 0x55, 0x72, 0x6c, 0x12, 0x53, 0x0a, 0x14, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x5f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0e, 0x32, 0x20, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, + 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x72, + 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x77, 0x6f, 0x72, 0x6b, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0d, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, + 0x27, 0x0a, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, + 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x77, 0x6f, 0x72, 0x6b, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, + 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x2c, 0x0a, 0x12, 0x77, + 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x69, + 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x49, 0x64, 0x12, 0x32, 0x0a, 0x15, 0x77, 0x6f, 0x72, + 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x65, 0x6d, 0x61, + 0x69, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x45, 0x6d, 0x61, 0x69, 0x6c, 0x12, 0x23, 0x0a, + 0x0d, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x4e, 0x61, + 0x6d, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x76, + 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x74, 0x65, + 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, + 0x21, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, + 0x5f, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, + 0x65, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1d, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x4f, 0x69, 0x64, 0x63, 0x41, 0x63, 0x63, 0x65, + 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x41, 0x0a, 0x1d, 0x77, 0x6f, 0x72, 0x6b, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, + 0x6f, 0x6e, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, + 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x53, 0x65, + 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x65, + 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0a, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x49, 0x64, 0x12, 0x30, 0x0a, 0x14, 0x77, + 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x77, 0x6f, 0x72, 0x6b, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, + 0x16, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, + 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x77, + 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x47, 0x72, 0x6f, + 0x75, 0x70, 0x73, 0x12, 0x42, 0x0a, 0x1e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x73, 0x73, 0x68, 0x5f, 0x70, 0x75, 0x62, 0x6c, 0x69, + 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x77, 0x6f, 0x72, + 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x53, 0x73, 0x68, 0x50, 0x75, + 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x44, 0x0a, 0x1f, 0x77, 0x6f, 0x72, 0x6b, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x73, 0x73, 0x68, 0x5f, 0x70, + 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x1b, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, + 0x53, 0x73, 0x68, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x2c, 0x0a, + 0x12, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x62, 0x75, 0x69, 0x6c, 0x64, + 0x5f, 0x69, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x49, 0x64, 0x12, 0x3b, 0x0a, 0x1a, 0x77, + 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x6c, + 0x6f, 0x67, 0x69, 0x6e, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x17, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x4c, + 0x6f, 0x67, 0x69, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x4e, 0x0a, 0x1a, 0x77, 0x6f, 0x72, 0x6b, + 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x62, 0x61, 0x63, + 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x6c, 0x65, 0x52, + 0x17, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x52, + 0x62, 0x61, 0x63, 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x6d, 0x0a, 0x1e, 0x70, 0x72, 0x65, 0x62, + 0x75, 0x69, 0x6c, 0x74, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x62, + 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x73, 0x74, 0x61, 0x67, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0e, + 0x32, 0x28, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, + 0x72, 0x65, 0x62, 0x75, 0x69, 0x6c, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x42, 0x75, 0x69, 0x6c, 0x64, 0x53, 0x74, 0x61, 0x67, 0x65, 0x52, 0x1b, 0x70, 0x72, 0x65, 0x62, + 0x75, 0x69, 0x6c, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x42, 0x75, 0x69, + 0x6c, 0x64, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x5d, 0x0a, 0x19, 0x72, 0x75, 0x6e, 0x6e, 0x69, + 0x6e, 0x67, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x74, 0x6f, + 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x15, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, 0x6f, + 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, + 0x41, 0x67, 0x65, 0x6e, 0x74, 0x41, 0x75, 0x74, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x16, + 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x41, 0x75, 0x74, 0x68, + 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x22, 0x8a, 0x01, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x36, 0x0a, 0x17, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x5f, 0x61, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0c, 0x52, 0x15, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x53, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, + 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, + 0x32, 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x5f, 0x6c, + 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, + 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x4c, 0x65, + 0x76, 0x65, 0x6c, 0x22, 0x0e, 0x0a, 0x0c, 0x50, 0x61, 0x72, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x22, 0xa3, 0x02, 0x0a, 0x0d, 0x50, 0x61, 0x72, 0x73, 0x65, 0x43, 0x6f, 0x6d, + 0x70, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x4c, 0x0a, 0x12, 0x74, + 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, + 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x56, 0x61, + 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x11, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, + 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, + 0x64, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, 0x65, 0x61, 0x64, 0x6d, + 0x65, 0x12, 0x54, 0x0a, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x74, + 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x70, 0x72, 0x6f, 0x76, + 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x72, 0x73, 0x65, 0x43, 0x6f, 0x6d, + 0x70, 0x6c, 0x65, 0x74, 0x65, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, + 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x1a, 0x40, 0x0a, 0x12, 0x57, 0x6f, 0x72, 0x6b, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb5, 0x02, 0x0a, 0x0b, 0x50, 0x6c, + 0x61, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x08, 0x6d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, + 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x53, 0x0a, 0x15, + 0x72, 0x69, 0x63, 0x68, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x69, 0x63, 0x68, 0x50, 0x61, + 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x13, 0x72, 0x69, + 0x63, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, + 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, + 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, + 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, + 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x59, 0x0a, 0x17, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, + 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, + 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x73, 0x22, 0xf0, 0x03, 0x0a, 0x0c, 0x50, 0x6c, 0x61, 0x6e, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, + 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x33, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3a, 0x0a, + 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, + 0x52, 0x69, 0x63, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x52, 0x0a, 0x70, + 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x61, 0x0a, 0x17, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, 0x6f, + 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, - 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x15, 0x65, - 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, - 0x64, 0x65, 0x72, 0x73, 0x22, 0x99, 0x03, 0x0a, 0x0c, 0x50, 0x6c, 0x61, 0x6e, 0x43, 0x6f, 0x6d, - 0x70, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x33, 0x0a, 0x09, 0x72, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, + 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, + 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x2d, 0x0a, 0x07, + 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, + 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x69, 0x6d, 0x69, + 0x6e, 0x67, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x6d, + 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, + 0x65, 0x52, 0x07, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x70, 0x72, + 0x65, 0x73, 0x65, 0x74, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x72, 0x65, 0x73, 0x65, 0x74, + 0x52, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6c, 0x61, + 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x12, 0x55, 0x0a, + 0x15, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, + 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x52, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x14, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, + 0x65, 0x6e, 0x74, 0x73, 0x22, 0x41, 0x0a, 0x0c, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, + 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, + 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xbe, 0x02, 0x0a, 0x0d, 0x41, 0x70, 0x70, 0x6c, + 0x79, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, + 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, + 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x33, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, + 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x0a, 0x70, 0x61, + 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, + 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x69, 0x63, + 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x61, + 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x61, 0x0a, 0x17, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, + 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, + 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, + 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x74, 0x69, 0x6d, + 0x69, 0x6e, 0x67, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, + 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x52, + 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x22, 0xfa, 0x01, 0x0a, 0x06, 0x54, 0x69, 0x6d, + 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x05, + 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x2c, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x03, + 0x65, 0x6e, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, + 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x73, 0x74, 0x61, 0x67, 0x65, 0x12, 0x2e, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x07, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x65, 0x72, 0x2e, 0x54, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, + 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x0f, 0x0a, 0x0d, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x8c, 0x02, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, + 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x31, 0x0a, 0x05, 0x70, 0x61, 0x72, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, + 0x61, 0x72, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x05, 0x70, + 0x61, 0x72, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, + 0x2e, 0x50, 0x6c, 0x61, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x04, + 0x70, 0x6c, 0x61, 0x6e, 0x12, 0x31, 0x0a, 0x05, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, + 0x72, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, + 0x52, 0x05, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x12, 0x34, 0x0a, 0x06, 0x63, 0x61, 0x6e, 0x63, 0x65, + 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x06, 0x63, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x42, 0x06, 0x0a, + 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0xd1, 0x01, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x12, 0x24, 0x0a, 0x03, 0x6c, 0x6f, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x10, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4c, 0x6f, + 0x67, 0x48, 0x00, 0x52, 0x03, 0x6c, 0x6f, 0x67, 0x12, 0x32, 0x0a, 0x05, 0x70, 0x61, 0x72, 0x73, + 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x72, 0x73, 0x65, 0x43, 0x6f, 0x6d, 0x70, 0x6c, + 0x65, 0x74, 0x65, 0x48, 0x00, 0x52, 0x05, 0x70, 0x61, 0x72, 0x73, 0x65, 0x12, 0x2f, 0x0a, 0x04, + 0x70, 0x6c, 0x61, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, + 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6c, 0x61, 0x6e, 0x43, 0x6f, 0x6d, + 0x70, 0x6c, 0x65, 0x74, 0x65, 0x48, 0x00, 0x52, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x12, 0x32, 0x0a, + 0x05, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x79, + 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x48, 0x00, 0x52, 0x05, 0x61, 0x70, 0x70, 0x6c, + 0x79, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x2a, 0x3f, 0x0a, 0x08, 0x4c, 0x6f, 0x67, + 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x09, 0x0a, 0x05, 0x54, 0x52, 0x41, 0x43, 0x45, 0x10, 0x00, + 0x12, 0x09, 0x0a, 0x05, 0x44, 0x45, 0x42, 0x55, 0x47, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x49, + 0x4e, 0x46, 0x4f, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x57, 0x41, 0x52, 0x4e, 0x10, 0x03, 0x12, + 0x09, 0x0a, 0x05, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x04, 0x2a, 0x3b, 0x0a, 0x0f, 0x41, 0x70, + 0x70, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x09, 0x0a, + 0x05, 0x4f, 0x57, 0x4e, 0x45, 0x52, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x41, 0x55, 0x54, 0x48, + 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x50, + 0x55, 0x42, 0x4c, 0x49, 0x43, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x09, 0x41, 0x70, 0x70, 0x4f, 0x70, + 0x65, 0x6e, 0x49, 0x6e, 0x12, 0x0e, 0x0a, 0x06, 0x57, 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x10, 0x00, + 0x1a, 0x02, 0x08, 0x01, 0x12, 0x0f, 0x0a, 0x0b, 0x53, 0x4c, 0x49, 0x4d, 0x5f, 0x57, 0x49, 0x4e, + 0x44, 0x4f, 0x57, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x41, 0x42, 0x10, 0x02, 0x2a, 0x37, + 0x0a, 0x13, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x54, 0x41, 0x52, 0x54, 0x10, 0x00, + 0x12, 0x08, 0x0a, 0x04, 0x53, 0x54, 0x4f, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, + 0x53, 0x54, 0x52, 0x4f, 0x59, 0x10, 0x02, 0x2a, 0x3e, 0x0a, 0x1b, 0x50, 0x72, 0x65, 0x62, 0x75, + 0x69, 0x6c, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x42, 0x75, 0x69, 0x6c, + 0x64, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, + 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, + 0x43, 0x4c, 0x41, 0x49, 0x4d, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x0b, 0x54, 0x69, 0x6d, 0x69, 0x6e, + 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x54, 0x41, 0x52, 0x54, 0x45, + 0x44, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f, 0x4d, 0x50, 0x4c, 0x45, 0x54, 0x45, 0x44, + 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x02, 0x32, 0x49, + 0x0a, 0x0b, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x12, 0x3a, 0x0a, + 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, - 0x12, 0x3a, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x65, 0x72, 0x2e, 0x52, 0x69, 0x63, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, - 0x52, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x61, 0x0a, 0x17, - 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, - 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, - 0x2d, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, - 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x2d, - 0x0a, 0x07, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x6f, - 0x64, 0x75, 0x6c, 0x65, 0x52, 0x07, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x2d, 0x0a, - 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x74, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x72, 0x65, - 0x73, 0x65, 0x74, 0x52, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, - 0x70, 0x6c, 0x61, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x70, 0x6c, 0x61, 0x6e, - 0x22, 0x41, 0x0a, 0x0c, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x12, 0x31, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, - 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, - 0x61, 0x74, 0x61, 0x22, 0xbe, 0x02, 0x0a, 0x0d, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x43, 0x6f, 0x6d, - 0x70, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, - 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, - 0x72, 0x12, 0x33, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x09, 0x72, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, - 0x74, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x69, 0x63, 0x68, 0x50, 0x61, 0x72, - 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, - 0x72, 0x73, 0x12, 0x61, 0x0a, 0x17, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, - 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, - 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, - 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x15, - 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, - 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, - 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, - 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x74, 0x69, 0x6d, - 0x69, 0x6e, 0x67, 0x73, 0x22, 0xfa, 0x01, 0x0a, 0x06, 0x54, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x12, - 0x30, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, - 0x74, 0x12, 0x2c, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, - 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x12, - 0x16, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, - 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, - 0x74, 0x61, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x73, 0x74, 0x61, 0x67, - 0x65, 0x12, 0x2e, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, - 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, - 0x65, 0x22, 0x0f, 0x0a, 0x0d, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x22, 0x8c, 0x02, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2d, - 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x31, 0x0a, - 0x05, 0x70, 0x61, 0x72, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x72, 0x73, 0x65, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x05, 0x70, 0x61, 0x72, 0x73, 0x65, - 0x12, 0x2e, 0x0a, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6c, 0x61, - 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x04, 0x70, 0x6c, 0x61, 0x6e, - 0x12, 0x31, 0x0a, 0x05, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, - 0x70, 0x6c, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x05, 0x61, 0x70, - 0x70, 0x6c, 0x79, 0x12, 0x34, 0x0a, 0x06, 0x63, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, - 0x72, 0x2e, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, - 0x00, 0x52, 0x06, 0x63, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, - 0x65, 0x22, 0xd1, 0x01, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, - 0x0a, 0x03, 0x6c, 0x6f, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x72, - 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4c, 0x6f, 0x67, 0x48, 0x00, 0x52, - 0x03, 0x6c, 0x6f, 0x67, 0x12, 0x32, 0x0a, 0x05, 0x70, 0x61, 0x72, 0x73, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, - 0x72, 0x2e, 0x50, 0x61, 0x72, 0x73, 0x65, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x48, - 0x00, 0x52, 0x05, 0x70, 0x61, 0x72, 0x73, 0x65, 0x12, 0x2f, 0x0a, 0x04, 0x70, 0x6c, 0x61, 0x6e, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, - 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6c, 0x61, 0x6e, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, - 0x65, 0x48, 0x00, 0x52, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x12, 0x32, 0x0a, 0x05, 0x61, 0x70, 0x70, - 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x43, 0x6f, 0x6d, 0x70, - 0x6c, 0x65, 0x74, 0x65, 0x48, 0x00, 0x52, 0x05, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x42, 0x06, 0x0a, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x2a, 0x3f, 0x0a, 0x08, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, - 0x6c, 0x12, 0x09, 0x0a, 0x05, 0x54, 0x52, 0x41, 0x43, 0x45, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, - 0x44, 0x45, 0x42, 0x55, 0x47, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x49, 0x4e, 0x46, 0x4f, 0x10, - 0x02, 0x12, 0x08, 0x0a, 0x04, 0x57, 0x41, 0x52, 0x4e, 0x10, 0x03, 0x12, 0x09, 0x0a, 0x05, 0x45, - 0x52, 0x52, 0x4f, 0x52, 0x10, 0x04, 0x2a, 0x3b, 0x0a, 0x0f, 0x41, 0x70, 0x70, 0x53, 0x68, 0x61, - 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x09, 0x0a, 0x05, 0x4f, 0x57, 0x4e, - 0x45, 0x52, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x41, 0x55, 0x54, 0x48, 0x45, 0x4e, 0x54, 0x49, - 0x43, 0x41, 0x54, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x55, 0x42, 0x4c, 0x49, - 0x43, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x09, 0x41, 0x70, 0x70, 0x4f, 0x70, 0x65, 0x6e, 0x49, 0x6e, - 0x12, 0x0e, 0x0a, 0x06, 0x57, 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x10, 0x00, 0x1a, 0x02, 0x08, 0x01, - 0x12, 0x0f, 0x0a, 0x0b, 0x53, 0x4c, 0x49, 0x4d, 0x5f, 0x57, 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x10, - 0x01, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x41, 0x42, 0x10, 0x02, 0x2a, 0x37, 0x0a, 0x13, 0x57, 0x6f, - 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x54, 0x41, 0x52, 0x54, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, - 0x53, 0x54, 0x4f, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x53, 0x54, 0x52, 0x4f, - 0x59, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x0b, 0x54, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, - 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x54, 0x41, 0x52, 0x54, 0x45, 0x44, 0x10, 0x00, 0x12, - 0x0d, 0x0a, 0x09, 0x43, 0x4f, 0x4d, 0x50, 0x4c, 0x45, 0x54, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0a, - 0x0a, 0x06, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x02, 0x32, 0x49, 0x0a, 0x0b, 0x50, 0x72, - 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x12, 0x3a, 0x0a, 0x07, 0x53, 0x65, 0x73, - 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x65, 0x72, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x30, 0x5a, 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, - 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, - 0x76, 0x32, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x73, 0x64, - 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x30, 0x5a, 0x2e, 0x67, 0x69, 0x74, + 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x6f, + 0x64, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x65, 0x72, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( @@ -4060,116 +4253,122 @@ func file_provisionersdk_proto_provisioner_proto_rawDescGZIP() []byte { return file_provisionersdk_proto_provisioner_proto_rawDescData } -var file_provisionersdk_proto_provisioner_proto_enumTypes = make([]protoimpl.EnumInfo, 5) -var file_provisionersdk_proto_provisioner_proto_msgTypes = make([]protoimpl.MessageInfo, 42) +var file_provisionersdk_proto_provisioner_proto_enumTypes = make([]protoimpl.EnumInfo, 6) +var file_provisionersdk_proto_provisioner_proto_msgTypes = make([]protoimpl.MessageInfo, 44) var file_provisionersdk_proto_provisioner_proto_goTypes = []interface{}{ (LogLevel)(0), // 0: provisioner.LogLevel (AppSharingLevel)(0), // 1: provisioner.AppSharingLevel (AppOpenIn)(0), // 2: provisioner.AppOpenIn (WorkspaceTransition)(0), // 3: provisioner.WorkspaceTransition - (TimingState)(0), // 4: provisioner.TimingState - (*Empty)(nil), // 5: provisioner.Empty - (*TemplateVariable)(nil), // 6: provisioner.TemplateVariable - (*RichParameterOption)(nil), // 7: provisioner.RichParameterOption - (*RichParameter)(nil), // 8: provisioner.RichParameter - (*RichParameterValue)(nil), // 9: provisioner.RichParameterValue - (*Prebuild)(nil), // 10: provisioner.Prebuild - (*Preset)(nil), // 11: provisioner.Preset - (*PresetParameter)(nil), // 12: provisioner.PresetParameter - (*VariableValue)(nil), // 13: provisioner.VariableValue - (*Log)(nil), // 14: provisioner.Log - (*InstanceIdentityAuth)(nil), // 15: provisioner.InstanceIdentityAuth - (*ExternalAuthProviderResource)(nil), // 16: provisioner.ExternalAuthProviderResource - (*ExternalAuthProvider)(nil), // 17: provisioner.ExternalAuthProvider - (*Agent)(nil), // 18: provisioner.Agent - (*ResourcesMonitoring)(nil), // 19: provisioner.ResourcesMonitoring - (*MemoryResourceMonitor)(nil), // 20: provisioner.MemoryResourceMonitor - (*VolumeResourceMonitor)(nil), // 21: provisioner.VolumeResourceMonitor - (*DisplayApps)(nil), // 22: provisioner.DisplayApps - (*Env)(nil), // 23: provisioner.Env - (*Script)(nil), // 24: provisioner.Script - (*Devcontainer)(nil), // 25: provisioner.Devcontainer - (*App)(nil), // 26: provisioner.App - (*Healthcheck)(nil), // 27: provisioner.Healthcheck - (*Resource)(nil), // 28: provisioner.Resource - (*Module)(nil), // 29: provisioner.Module - (*Role)(nil), // 30: provisioner.Role - (*Metadata)(nil), // 31: provisioner.Metadata - (*Config)(nil), // 32: provisioner.Config - (*ParseRequest)(nil), // 33: provisioner.ParseRequest - (*ParseComplete)(nil), // 34: provisioner.ParseComplete - (*PlanRequest)(nil), // 35: provisioner.PlanRequest - (*PlanComplete)(nil), // 36: provisioner.PlanComplete - (*ApplyRequest)(nil), // 37: provisioner.ApplyRequest - (*ApplyComplete)(nil), // 38: provisioner.ApplyComplete - (*Timing)(nil), // 39: provisioner.Timing - (*CancelRequest)(nil), // 40: provisioner.CancelRequest - (*Request)(nil), // 41: provisioner.Request - (*Response)(nil), // 42: provisioner.Response - (*Agent_Metadata)(nil), // 43: provisioner.Agent.Metadata - nil, // 44: provisioner.Agent.EnvEntry - (*Resource_Metadata)(nil), // 45: provisioner.Resource.Metadata - nil, // 46: provisioner.ParseComplete.WorkspaceTagsEntry - (*timestamppb.Timestamp)(nil), // 47: google.protobuf.Timestamp + (PrebuiltWorkspaceBuildStage)(0), // 4: provisioner.PrebuiltWorkspaceBuildStage + (TimingState)(0), // 5: provisioner.TimingState + (*Empty)(nil), // 6: provisioner.Empty + (*TemplateVariable)(nil), // 7: provisioner.TemplateVariable + (*RichParameterOption)(nil), // 8: provisioner.RichParameterOption + (*RichParameter)(nil), // 9: provisioner.RichParameter + (*RichParameterValue)(nil), // 10: provisioner.RichParameterValue + (*Prebuild)(nil), // 11: provisioner.Prebuild + (*Preset)(nil), // 12: provisioner.Preset + (*PresetParameter)(nil), // 13: provisioner.PresetParameter + (*ResourceReplacement)(nil), // 14: provisioner.ResourceReplacement + (*VariableValue)(nil), // 15: provisioner.VariableValue + (*Log)(nil), // 16: provisioner.Log + (*InstanceIdentityAuth)(nil), // 17: provisioner.InstanceIdentityAuth + (*ExternalAuthProviderResource)(nil), // 18: provisioner.ExternalAuthProviderResource + (*ExternalAuthProvider)(nil), // 19: provisioner.ExternalAuthProvider + (*Agent)(nil), // 20: provisioner.Agent + (*ResourcesMonitoring)(nil), // 21: provisioner.ResourcesMonitoring + (*MemoryResourceMonitor)(nil), // 22: provisioner.MemoryResourceMonitor + (*VolumeResourceMonitor)(nil), // 23: provisioner.VolumeResourceMonitor + (*DisplayApps)(nil), // 24: provisioner.DisplayApps + (*Env)(nil), // 25: provisioner.Env + (*Script)(nil), // 26: provisioner.Script + (*Devcontainer)(nil), // 27: provisioner.Devcontainer + (*App)(nil), // 28: provisioner.App + (*Healthcheck)(nil), // 29: provisioner.Healthcheck + (*Resource)(nil), // 30: provisioner.Resource + (*Module)(nil), // 31: provisioner.Module + (*Role)(nil), // 32: provisioner.Role + (*RunningAgentAuthToken)(nil), // 33: provisioner.RunningAgentAuthToken + (*Metadata)(nil), // 34: provisioner.Metadata + (*Config)(nil), // 35: provisioner.Config + (*ParseRequest)(nil), // 36: provisioner.ParseRequest + (*ParseComplete)(nil), // 37: provisioner.ParseComplete + (*PlanRequest)(nil), // 38: provisioner.PlanRequest + (*PlanComplete)(nil), // 39: provisioner.PlanComplete + (*ApplyRequest)(nil), // 40: provisioner.ApplyRequest + (*ApplyComplete)(nil), // 41: provisioner.ApplyComplete + (*Timing)(nil), // 42: provisioner.Timing + (*CancelRequest)(nil), // 43: provisioner.CancelRequest + (*Request)(nil), // 44: provisioner.Request + (*Response)(nil), // 45: provisioner.Response + (*Agent_Metadata)(nil), // 46: provisioner.Agent.Metadata + nil, // 47: provisioner.Agent.EnvEntry + (*Resource_Metadata)(nil), // 48: provisioner.Resource.Metadata + nil, // 49: provisioner.ParseComplete.WorkspaceTagsEntry + (*timestamppb.Timestamp)(nil), // 50: google.protobuf.Timestamp } var file_provisionersdk_proto_provisioner_proto_depIdxs = []int32{ - 7, // 0: provisioner.RichParameter.options:type_name -> provisioner.RichParameterOption - 12, // 1: provisioner.Preset.parameters:type_name -> provisioner.PresetParameter - 10, // 2: provisioner.Preset.prebuild:type_name -> provisioner.Prebuild + 8, // 0: provisioner.RichParameter.options:type_name -> provisioner.RichParameterOption + 13, // 1: provisioner.Preset.parameters:type_name -> provisioner.PresetParameter + 11, // 2: provisioner.Preset.prebuild:type_name -> provisioner.Prebuild 0, // 3: provisioner.Log.level:type_name -> provisioner.LogLevel - 44, // 4: provisioner.Agent.env:type_name -> provisioner.Agent.EnvEntry - 26, // 5: provisioner.Agent.apps:type_name -> provisioner.App - 43, // 6: provisioner.Agent.metadata:type_name -> provisioner.Agent.Metadata - 22, // 7: provisioner.Agent.display_apps:type_name -> provisioner.DisplayApps - 24, // 8: provisioner.Agent.scripts:type_name -> provisioner.Script - 23, // 9: provisioner.Agent.extra_envs:type_name -> provisioner.Env - 19, // 10: provisioner.Agent.resources_monitoring:type_name -> provisioner.ResourcesMonitoring - 25, // 11: provisioner.Agent.devcontainers:type_name -> provisioner.Devcontainer - 20, // 12: provisioner.ResourcesMonitoring.memory:type_name -> provisioner.MemoryResourceMonitor - 21, // 13: provisioner.ResourcesMonitoring.volumes:type_name -> provisioner.VolumeResourceMonitor - 27, // 14: provisioner.App.healthcheck:type_name -> provisioner.Healthcheck + 47, // 4: provisioner.Agent.env:type_name -> provisioner.Agent.EnvEntry + 28, // 5: provisioner.Agent.apps:type_name -> provisioner.App + 46, // 6: provisioner.Agent.metadata:type_name -> provisioner.Agent.Metadata + 24, // 7: provisioner.Agent.display_apps:type_name -> provisioner.DisplayApps + 26, // 8: provisioner.Agent.scripts:type_name -> provisioner.Script + 25, // 9: provisioner.Agent.extra_envs:type_name -> provisioner.Env + 21, // 10: provisioner.Agent.resources_monitoring:type_name -> provisioner.ResourcesMonitoring + 27, // 11: provisioner.Agent.devcontainers:type_name -> provisioner.Devcontainer + 22, // 12: provisioner.ResourcesMonitoring.memory:type_name -> provisioner.MemoryResourceMonitor + 23, // 13: provisioner.ResourcesMonitoring.volumes:type_name -> provisioner.VolumeResourceMonitor + 29, // 14: provisioner.App.healthcheck:type_name -> provisioner.Healthcheck 1, // 15: provisioner.App.sharing_level:type_name -> provisioner.AppSharingLevel 2, // 16: provisioner.App.open_in:type_name -> provisioner.AppOpenIn - 18, // 17: provisioner.Resource.agents:type_name -> provisioner.Agent - 45, // 18: provisioner.Resource.metadata:type_name -> provisioner.Resource.Metadata + 20, // 17: provisioner.Resource.agents:type_name -> provisioner.Agent + 48, // 18: provisioner.Resource.metadata:type_name -> provisioner.Resource.Metadata 3, // 19: provisioner.Metadata.workspace_transition:type_name -> provisioner.WorkspaceTransition - 30, // 20: provisioner.Metadata.workspace_owner_rbac_roles:type_name -> provisioner.Role - 6, // 21: provisioner.ParseComplete.template_variables:type_name -> provisioner.TemplateVariable - 46, // 22: provisioner.ParseComplete.workspace_tags:type_name -> provisioner.ParseComplete.WorkspaceTagsEntry - 31, // 23: provisioner.PlanRequest.metadata:type_name -> provisioner.Metadata - 9, // 24: provisioner.PlanRequest.rich_parameter_values:type_name -> provisioner.RichParameterValue - 13, // 25: provisioner.PlanRequest.variable_values:type_name -> provisioner.VariableValue - 17, // 26: provisioner.PlanRequest.external_auth_providers:type_name -> provisioner.ExternalAuthProvider - 28, // 27: provisioner.PlanComplete.resources:type_name -> provisioner.Resource - 8, // 28: provisioner.PlanComplete.parameters:type_name -> provisioner.RichParameter - 16, // 29: provisioner.PlanComplete.external_auth_providers:type_name -> provisioner.ExternalAuthProviderResource - 39, // 30: provisioner.PlanComplete.timings:type_name -> provisioner.Timing - 29, // 31: provisioner.PlanComplete.modules:type_name -> provisioner.Module - 11, // 32: provisioner.PlanComplete.presets:type_name -> provisioner.Preset - 31, // 33: provisioner.ApplyRequest.metadata:type_name -> provisioner.Metadata - 28, // 34: provisioner.ApplyComplete.resources:type_name -> provisioner.Resource - 8, // 35: provisioner.ApplyComplete.parameters:type_name -> provisioner.RichParameter - 16, // 36: provisioner.ApplyComplete.external_auth_providers:type_name -> provisioner.ExternalAuthProviderResource - 39, // 37: provisioner.ApplyComplete.timings:type_name -> provisioner.Timing - 47, // 38: provisioner.Timing.start:type_name -> google.protobuf.Timestamp - 47, // 39: provisioner.Timing.end:type_name -> google.protobuf.Timestamp - 4, // 40: provisioner.Timing.state:type_name -> provisioner.TimingState - 32, // 41: provisioner.Request.config:type_name -> provisioner.Config - 33, // 42: provisioner.Request.parse:type_name -> provisioner.ParseRequest - 35, // 43: provisioner.Request.plan:type_name -> provisioner.PlanRequest - 37, // 44: provisioner.Request.apply:type_name -> provisioner.ApplyRequest - 40, // 45: provisioner.Request.cancel:type_name -> provisioner.CancelRequest - 14, // 46: provisioner.Response.log:type_name -> provisioner.Log - 34, // 47: provisioner.Response.parse:type_name -> provisioner.ParseComplete - 36, // 48: provisioner.Response.plan:type_name -> provisioner.PlanComplete - 38, // 49: provisioner.Response.apply:type_name -> provisioner.ApplyComplete - 41, // 50: provisioner.Provisioner.Session:input_type -> provisioner.Request - 42, // 51: provisioner.Provisioner.Session:output_type -> provisioner.Response - 51, // [51:52] is the sub-list for method output_type - 50, // [50:51] is the sub-list for method input_type - 50, // [50:50] is the sub-list for extension type_name - 50, // [50:50] is the sub-list for extension extendee - 0, // [0:50] is the sub-list for field type_name + 32, // 20: provisioner.Metadata.workspace_owner_rbac_roles:type_name -> provisioner.Role + 4, // 21: provisioner.Metadata.prebuilt_workspace_build_stage:type_name -> provisioner.PrebuiltWorkspaceBuildStage + 33, // 22: provisioner.Metadata.running_agent_auth_tokens:type_name -> provisioner.RunningAgentAuthToken + 7, // 23: provisioner.ParseComplete.template_variables:type_name -> provisioner.TemplateVariable + 49, // 24: provisioner.ParseComplete.workspace_tags:type_name -> provisioner.ParseComplete.WorkspaceTagsEntry + 34, // 25: provisioner.PlanRequest.metadata:type_name -> provisioner.Metadata + 10, // 26: provisioner.PlanRequest.rich_parameter_values:type_name -> provisioner.RichParameterValue + 15, // 27: provisioner.PlanRequest.variable_values:type_name -> provisioner.VariableValue + 19, // 28: provisioner.PlanRequest.external_auth_providers:type_name -> provisioner.ExternalAuthProvider + 30, // 29: provisioner.PlanComplete.resources:type_name -> provisioner.Resource + 9, // 30: provisioner.PlanComplete.parameters:type_name -> provisioner.RichParameter + 18, // 31: provisioner.PlanComplete.external_auth_providers:type_name -> provisioner.ExternalAuthProviderResource + 42, // 32: provisioner.PlanComplete.timings:type_name -> provisioner.Timing + 31, // 33: provisioner.PlanComplete.modules:type_name -> provisioner.Module + 12, // 34: provisioner.PlanComplete.presets:type_name -> provisioner.Preset + 14, // 35: provisioner.PlanComplete.resource_replacements:type_name -> provisioner.ResourceReplacement + 34, // 36: provisioner.ApplyRequest.metadata:type_name -> provisioner.Metadata + 30, // 37: provisioner.ApplyComplete.resources:type_name -> provisioner.Resource + 9, // 38: provisioner.ApplyComplete.parameters:type_name -> provisioner.RichParameter + 18, // 39: provisioner.ApplyComplete.external_auth_providers:type_name -> provisioner.ExternalAuthProviderResource + 42, // 40: provisioner.ApplyComplete.timings:type_name -> provisioner.Timing + 50, // 41: provisioner.Timing.start:type_name -> google.protobuf.Timestamp + 50, // 42: provisioner.Timing.end:type_name -> google.protobuf.Timestamp + 5, // 43: provisioner.Timing.state:type_name -> provisioner.TimingState + 35, // 44: provisioner.Request.config:type_name -> provisioner.Config + 36, // 45: provisioner.Request.parse:type_name -> provisioner.ParseRequest + 38, // 46: provisioner.Request.plan:type_name -> provisioner.PlanRequest + 40, // 47: provisioner.Request.apply:type_name -> provisioner.ApplyRequest + 43, // 48: provisioner.Request.cancel:type_name -> provisioner.CancelRequest + 16, // 49: provisioner.Response.log:type_name -> provisioner.Log + 37, // 50: provisioner.Response.parse:type_name -> provisioner.ParseComplete + 39, // 51: provisioner.Response.plan:type_name -> provisioner.PlanComplete + 41, // 52: provisioner.Response.apply:type_name -> provisioner.ApplyComplete + 44, // 53: provisioner.Provisioner.Session:input_type -> provisioner.Request + 45, // 54: provisioner.Provisioner.Session:output_type -> provisioner.Response + 54, // [54:55] is the sub-list for method output_type + 53, // [53:54] is the sub-list for method input_type + 53, // [53:53] is the sub-list for extension type_name + 53, // [53:53] is the sub-list for extension extendee + 0, // [0:53] is the sub-list for field type_name } func init() { file_provisionersdk_proto_provisioner_proto_init() } @@ -4275,7 +4474,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*VariableValue); i { + switch v := v.(*ResourceReplacement); i { case 0: return &v.state case 1: @@ -4287,7 +4486,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Log); i { + switch v := v.(*VariableValue); i { case 0: return &v.state case 1: @@ -4299,7 +4498,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*InstanceIdentityAuth); i { + switch v := v.(*Log); i { case 0: return &v.state case 1: @@ -4311,7 +4510,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExternalAuthProviderResource); i { + switch v := v.(*InstanceIdentityAuth); i { case 0: return &v.state case 1: @@ -4323,7 +4522,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExternalAuthProvider); i { + switch v := v.(*ExternalAuthProviderResource); i { case 0: return &v.state case 1: @@ -4335,7 +4534,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Agent); i { + switch v := v.(*ExternalAuthProvider); i { case 0: return &v.state case 1: @@ -4347,7 +4546,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ResourcesMonitoring); i { + switch v := v.(*Agent); i { case 0: return &v.state case 1: @@ -4359,7 +4558,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*MemoryResourceMonitor); i { + switch v := v.(*ResourcesMonitoring); i { case 0: return &v.state case 1: @@ -4371,7 +4570,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*VolumeResourceMonitor); i { + switch v := v.(*MemoryResourceMonitor); i { case 0: return &v.state case 1: @@ -4383,7 +4582,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DisplayApps); i { + switch v := v.(*VolumeResourceMonitor); i { case 0: return &v.state case 1: @@ -4395,7 +4594,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Env); i { + switch v := v.(*DisplayApps); i { case 0: return &v.state case 1: @@ -4407,7 +4606,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Script); i { + switch v := v.(*Env); i { case 0: return &v.state case 1: @@ -4419,7 +4618,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Devcontainer); i { + switch v := v.(*Script); i { case 0: return &v.state case 1: @@ -4431,7 +4630,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*App); i { + switch v := v.(*Devcontainer); i { case 0: return &v.state case 1: @@ -4443,7 +4642,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Healthcheck); i { + switch v := v.(*App); i { case 0: return &v.state case 1: @@ -4455,7 +4654,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Resource); i { + switch v := v.(*Healthcheck); i { case 0: return &v.state case 1: @@ -4467,7 +4666,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Module); i { + switch v := v.(*Resource); i { case 0: return &v.state case 1: @@ -4479,7 +4678,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Role); i { + switch v := v.(*Module); i { case 0: return &v.state case 1: @@ -4491,7 +4690,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Metadata); i { + switch v := v.(*Role); i { case 0: return &v.state case 1: @@ -4503,7 +4702,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[27].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Config); i { + switch v := v.(*RunningAgentAuthToken); i { case 0: return &v.state case 1: @@ -4515,7 +4714,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[28].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ParseRequest); i { + switch v := v.(*Metadata); i { case 0: return &v.state case 1: @@ -4527,7 +4726,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[29].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ParseComplete); i { + switch v := v.(*Config); i { case 0: return &v.state case 1: @@ -4539,7 +4738,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[30].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PlanRequest); i { + switch v := v.(*ParseRequest); i { case 0: return &v.state case 1: @@ -4551,7 +4750,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[31].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PlanComplete); i { + switch v := v.(*ParseComplete); i { case 0: return &v.state case 1: @@ -4563,7 +4762,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[32].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ApplyRequest); i { + switch v := v.(*PlanRequest); i { case 0: return &v.state case 1: @@ -4575,7 +4774,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ApplyComplete); i { + switch v := v.(*PlanComplete); i { case 0: return &v.state case 1: @@ -4587,7 +4786,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Timing); i { + switch v := v.(*ApplyRequest); i { case 0: return &v.state case 1: @@ -4599,7 +4798,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[35].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CancelRequest); i { + switch v := v.(*ApplyComplete); i { case 0: return &v.state case 1: @@ -4611,7 +4810,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[36].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Request); i { + switch v := v.(*Timing); i { case 0: return &v.state case 1: @@ -4623,7 +4822,7 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[37].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Response); i { + switch v := v.(*CancelRequest); i { case 0: return &v.state case 1: @@ -4635,7 +4834,19 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[38].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Agent_Metadata); i { + switch v := v.(*Request); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_provisionersdk_proto_provisioner_proto_msgTypes[39].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Response); i { case 0: return &v.state case 1: @@ -4647,6 +4858,18 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[40].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Agent_Metadata); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_provisionersdk_proto_provisioner_proto_msgTypes[42].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*Resource_Metadata); i { case 0: return &v.state @@ -4660,18 +4883,18 @@ func file_provisionersdk_proto_provisioner_proto_init() { } } file_provisionersdk_proto_provisioner_proto_msgTypes[3].OneofWrappers = []interface{}{} - file_provisionersdk_proto_provisioner_proto_msgTypes[13].OneofWrappers = []interface{}{ + file_provisionersdk_proto_provisioner_proto_msgTypes[14].OneofWrappers = []interface{}{ (*Agent_Token)(nil), (*Agent_InstanceId)(nil), } - file_provisionersdk_proto_provisioner_proto_msgTypes[36].OneofWrappers = []interface{}{ + file_provisionersdk_proto_provisioner_proto_msgTypes[38].OneofWrappers = []interface{}{ (*Request_Config)(nil), (*Request_Parse)(nil), (*Request_Plan)(nil), (*Request_Apply)(nil), (*Request_Cancel)(nil), } - file_provisionersdk_proto_provisioner_proto_msgTypes[37].OneofWrappers = []interface{}{ + file_provisionersdk_proto_provisioner_proto_msgTypes[39].OneofWrappers = []interface{}{ (*Response_Log)(nil), (*Response_Parse)(nil), (*Response_Plan)(nil), @@ -4682,8 +4905,8 @@ func file_provisionersdk_proto_provisioner_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_provisionersdk_proto_provisioner_proto_rawDesc, - NumEnums: 5, - NumMessages: 42, + NumEnums: 6, + NumMessages: 44, NumExtensions: 0, NumServices: 1, }, diff --git a/provisionersdk/proto/provisioner.proto b/provisionersdk/proto/provisioner.proto index 3e6841fb24450..25c70b00a5486 100644 --- a/provisionersdk/proto/provisioner.proto +++ b/provisionersdk/proto/provisioner.proto @@ -73,6 +73,11 @@ message PresetParameter { string value = 2; } +message ResourceReplacement { + string resource = 1; + repeated string paths = 2; +} + // VariableValue holds the key/value mapping of a Terraform variable. message VariableValue { string name = 1; @@ -272,6 +277,16 @@ message Role { string org_id = 2; } +message RunningAgentAuthToken { + string agent_id = 1; + string token = 2; +} +enum PrebuiltWorkspaceBuildStage { + NONE = 0; // Default value for builds unrelated to prebuilds. + CREATE = 1; // A prebuilt workspace is being provisioned. + CLAIM = 2; // A prebuilt workspace is being claimed. +} + // Metadata is information about a workspace used in the execution of a build message Metadata { string coder_url = 1; @@ -293,8 +308,8 @@ message Metadata { string workspace_build_id = 17; string workspace_owner_login_type = 18; repeated Role workspace_owner_rbac_roles = 19; - bool is_prebuild = 20; - string running_workspace_agent_token = 21; + PrebuiltWorkspaceBuildStage prebuilt_workspace_build_stage = 20; // Indicates that a prebuilt workspace is being built. + repeated RunningAgentAuthToken running_agent_auth_tokens = 21; } // Config represents execution configuration shared by all subsequent requests in the Session @@ -336,6 +351,7 @@ message PlanComplete { repeated Module modules = 7; repeated Preset presets = 8; bytes plan = 9; + repeated ResourceReplacement resource_replacements = 10; } // ApplyRequest asks the provisioner to apply the changes. Apply MUST be preceded by a successful plan request/response diff --git a/site/e2e/helpers.ts b/site/e2e/helpers.ts index f4ad6485b2681..335cf0f1e7ddc 100644 --- a/site/e2e/helpers.ts +++ b/site/e2e/helpers.ts @@ -583,6 +583,7 @@ const createTemplateVersionTar = async ( externalAuthProviders: response.apply?.externalAuthProviders ?? [], timings: response.apply?.timings ?? [], presets: [], + resourceReplacements: [], plan: emptyPlan, }, }; @@ -706,6 +707,7 @@ const createTemplateVersionTar = async ( timings: [], modules: [], presets: [], + resourceReplacements: [], plan: emptyPlan, ...response.plan, } as PlanComplete; diff --git a/site/e2e/provisionerGenerated.ts b/site/e2e/provisionerGenerated.ts index cea6f9cb364af..fd23950631e6a 100644 --- a/site/e2e/provisionerGenerated.ts +++ b/site/e2e/provisionerGenerated.ts @@ -38,6 +38,16 @@ export enum WorkspaceTransition { UNRECOGNIZED = -1, } +export enum PrebuiltWorkspaceBuildStage { + /** NONE - Default value for builds unrelated to prebuilds. */ + NONE = 0, + /** CREATE - A prebuilt workspace is being provisioned. */ + CREATE = 1, + /** CLAIM - A prebuilt workspace is being claimed. */ + CLAIM = 2, + UNRECOGNIZED = -1, +} + export enum TimingState { STARTED = 0, COMPLETED = 1, @@ -110,6 +120,11 @@ export interface PresetParameter { value: string; } +export interface ResourceReplacement { + resource: string; + paths: string[]; +} + /** VariableValue holds the key/value mapping of a Terraform variable. */ export interface VariableValue { name: string; @@ -286,6 +301,11 @@ export interface Role { orgId: string; } +export interface RunningAgentAuthToken { + agentId: string; + token: string; +} + /** Metadata is information about a workspace used in the execution of a build */ export interface Metadata { coderUrl: string; @@ -307,8 +327,9 @@ export interface Metadata { workspaceBuildId: string; workspaceOwnerLoginType: string; workspaceOwnerRbacRoles: Role[]; - isPrebuild: boolean; - runningWorkspaceAgentToken: string; + /** Indicates that a prebuilt workspace is being built. */ + prebuiltWorkspaceBuildStage: PrebuiltWorkspaceBuildStage; + runningAgentAuthTokens: RunningAgentAuthToken[]; } /** Config represents execution configuration shared by all subsequent requests in the Session */ @@ -355,6 +376,7 @@ export interface PlanComplete { modules: Module[]; presets: Preset[]; plan: Uint8Array; + resourceReplacements: ResourceReplacement[]; } /** @@ -554,6 +576,18 @@ export const PresetParameter = { }, }; +export const ResourceReplacement = { + encode(message: ResourceReplacement, writer: _m0.Writer = _m0.Writer.create()): _m0.Writer { + if (message.resource !== "") { + writer.uint32(10).string(message.resource); + } + for (const v of message.paths) { + writer.uint32(18).string(v!); + } + return writer; + }, +}; + export const VariableValue = { encode(message: VariableValue, writer: _m0.Writer = _m0.Writer.create()): _m0.Writer { if (message.name !== "") { @@ -968,6 +1002,18 @@ export const Role = { }, }; +export const RunningAgentAuthToken = { + encode(message: RunningAgentAuthToken, writer: _m0.Writer = _m0.Writer.create()): _m0.Writer { + if (message.agentId !== "") { + writer.uint32(10).string(message.agentId); + } + if (message.token !== "") { + writer.uint32(18).string(message.token); + } + return writer; + }, +}; + export const Metadata = { encode(message: Metadata, writer: _m0.Writer = _m0.Writer.create()): _m0.Writer { if (message.coderUrl !== "") { @@ -1027,11 +1073,11 @@ export const Metadata = { for (const v of message.workspaceOwnerRbacRoles) { Role.encode(v!, writer.uint32(154).fork()).ldelim(); } - if (message.isPrebuild === true) { - writer.uint32(160).bool(message.isPrebuild); + if (message.prebuiltWorkspaceBuildStage !== 0) { + writer.uint32(160).int32(message.prebuiltWorkspaceBuildStage); } - if (message.runningWorkspaceAgentToken !== "") { - writer.uint32(170).string(message.runningWorkspaceAgentToken); + for (const v of message.runningAgentAuthTokens) { + RunningAgentAuthToken.encode(v!, writer.uint32(170).fork()).ldelim(); } return writer; }, @@ -1132,6 +1178,9 @@ export const PlanComplete = { if (message.plan.length !== 0) { writer.uint32(74).bytes(message.plan); } + for (const v of message.resourceReplacements) { + ResourceReplacement.encode(v!, writer.uint32(82).fork()).ldelim(); + } return writer; }, }; diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index afa766af64a84..7ec54965c2efb 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -1740,8 +1740,7 @@ export interface PreviewParameterData { readonly type: PreviewParameterType; // this is likely an enum in an external package "github.com/coder/terraform-provider-coder/v2/provider.ParameterFormType" readonly form_type: string; - // empty interface{} type, falling back to unknown - readonly styling: unknown; + readonly styling: PreviewParameterStyling; readonly mutable: boolean; readonly default_value: NullHCLString; readonly icon: string; @@ -1760,6 +1759,13 @@ export interface PreviewParameterOption { readonly icon: string; } +// From types/parameter.go +export interface PreviewParameterStyling { + readonly placeholder?: string; + readonly disabled?: boolean; + readonly label?: string; +} + // From types/enum.go export type PreviewParameterType = string; From 4a70bdc20e62e2e495d9dd0d0055017edf2d91f0 Mon Sep 17 00:00:00 2001 From: Thomas Kosiewski Date: Thu, 15 May 2025 20:13:21 +0200 Subject: [PATCH 06/14] chore: allow MCP to use reduced agent token scope (#17858) Backports the following PRs: - https://github.com/coder/coder/pull/17688 - https://github.com/coder/coder/pull/17692 - https://github.com/coder/coder/pull/17604 Signed-off-by: Thomas Kosiewski --------- Signed-off-by: Thomas Kosiewski Co-authored-by: Cian Johnston --- cli/exp_mcp.go | 92 +- cli/exp_mcp_test.go | 113 ++- cli/root.go | 52 ++ coderd/coderd.go | 10 +- coderd/database/dbauthz/dbauthz_test.go | 5 +- coderd/database/dbgen/dbgen.go | 1 + coderd/database/dbmem/dbmem.go | 1 + coderd/database/dump.sql | 8 + ...api_key_scope_to_workspace_agents.down.sql | 6 + ...d_api_key_scope_to_workspace_agents.up.sql | 10 + coderd/database/models.go | 60 ++ coderd/database/queries.sql.go | 29 +- coderd/database/queries/workspaceagents.sql | 5 +- coderd/externalauth_test.go | 78 ++ coderd/gitsshkey.go | 4 + coderd/gitsshkey_test.go | 50 ++ coderd/httpmw/workspaceagent.go | 18 +- .../provisionerdserver/provisionerdserver.go | 6 + coderd/rbac/authz_internal_test.go | 58 ++ coderd/rbac/scopes.go | 36 +- coderd/util/tz/tz_darwin.go | 2 +- coderd/workspaceagents.go | 9 + codersdk/toolsdk/toolsdk.go | 19 +- docs/admin/security/audit-logs.md | 2 +- enterprise/audit/table.go | 1 + flake.nix | 1 + provisioner/echo/serve.go | 23 + provisioner/terraform/resources.go | 4 +- provisionerd/proto/version.go | 1 + provisionersdk/proto/provisioner.pb.go | 816 +++++++++--------- provisionersdk/proto/provisioner.proto | 1 + site/e2e/helpers.ts | 1 + site/e2e/provisionerGenerated.ts | 4 + 33 files changed, 1067 insertions(+), 459 deletions(-) create mode 100644 coderd/database/migrations/000326_add_api_key_scope_to_workspace_agents.down.sql create mode 100644 coderd/database/migrations/000326_add_api_key_scope_to_workspace_agents.up.sql diff --git a/cli/exp_mcp.go b/cli/exp_mcp.go index 40192c0e72cec..6174f0cffbf0e 100644 --- a/cli/exp_mcp.go +++ b/cli/exp_mcp.go @@ -5,6 +5,7 @@ import ( "context" "encoding/json" "errors" + "net/url" "os" "path/filepath" "slices" @@ -361,7 +362,7 @@ func (r *RootCmd) mcpServer() *serpent.Command { }, Short: "Start the Coder MCP server.", Middleware: serpent.Chain( - r.InitClient(client), + r.TryInitClient(client), ), Options: []serpent.Option{ { @@ -396,19 +397,38 @@ func mcpServerHandler(inv *serpent.Invocation, client *codersdk.Client, instruct fs := afero.NewOsFs() - me, err := client.User(ctx, codersdk.Me) - if err != nil { - cliui.Errorf(inv.Stderr, "Failed to log in to the Coder deployment.") - cliui.Errorf(inv.Stderr, "Please check your URL and credentials.") - cliui.Errorf(inv.Stderr, "Tip: Run `coder whoami` to check your credentials.") - return err - } cliui.Infof(inv.Stderr, "Starting MCP server") - cliui.Infof(inv.Stderr, "User : %s", me.Username) - cliui.Infof(inv.Stderr, "URL : %s", client.URL) - cliui.Infof(inv.Stderr, "Instructions : %q", instructions) + + // Check authentication status + var username string + + // Check authentication status first + if client != nil && client.URL != nil && client.SessionToken() != "" { + // Try to validate the client + me, err := client.User(ctx, codersdk.Me) + if err == nil { + username = me.Username + cliui.Infof(inv.Stderr, "Authentication : Successful") + cliui.Infof(inv.Stderr, "User : %s", username) + } else { + // Authentication failed but we have a client URL + cliui.Warnf(inv.Stderr, "Authentication : Failed (%s)", err) + cliui.Warnf(inv.Stderr, "Some tools that require authentication will not be available.") + } + } else { + cliui.Infof(inv.Stderr, "Authentication : None") + } + + // Display URL separately from authentication status + if client != nil && client.URL != nil { + cliui.Infof(inv.Stderr, "URL : %s", client.URL.String()) + } else { + cliui.Infof(inv.Stderr, "URL : Not configured") + } + + cliui.Infof(inv.Stderr, "Instructions : %q", instructions) if len(allowedTools) > 0 { - cliui.Infof(inv.Stderr, "Allowed Tools : %v", allowedTools) + cliui.Infof(inv.Stderr, "Allowed Tools : %v", allowedTools) } cliui.Infof(inv.Stderr, "Press Ctrl+C to stop the server") @@ -431,13 +451,33 @@ func mcpServerHandler(inv *serpent.Invocation, client *codersdk.Client, instruct // Get the workspace agent token from the environment. toolOpts := make([]func(*toolsdk.Deps), 0) var hasAgentClient bool - if agentToken, err := getAgentToken(fs); err == nil && agentToken != "" { - hasAgentClient = true - agentClient := agentsdk.New(client.URL) - agentClient.SetSessionToken(agentToken) - toolOpts = append(toolOpts, toolsdk.WithAgentClient(agentClient)) + + var agentURL *url.URL + if client != nil && client.URL != nil { + agentURL = client.URL + } else if agntURL, err := getAgentURL(); err == nil { + agentURL = agntURL + } + + // First check if we have a valid client URL, which is required for agent client + if agentURL == nil { + cliui.Infof(inv.Stderr, "Agent URL : Not configured") } else { - cliui.Warnf(inv.Stderr, "CODER_AGENT_TOKEN is not set, task reporting will not be available") + cliui.Infof(inv.Stderr, "Agent URL : %s", agentURL.String()) + agentToken, err := getAgentToken(fs) + if err != nil || agentToken == "" { + cliui.Warnf(inv.Stderr, "CODER_AGENT_TOKEN is not set, task reporting will not be available") + } else { + // Happy path: we have both URL and agent token + agentClient := agentsdk.New(agentURL) + agentClient.SetSessionToken(agentToken) + toolOpts = append(toolOpts, toolsdk.WithAgentClient(agentClient)) + hasAgentClient = true + } + } + + if (client == nil || client.URL == nil || client.SessionToken() == "") && !hasAgentClient { + return xerrors.New(notLoggedInMessage) } if appStatusSlug != "" { @@ -458,6 +498,13 @@ func mcpServerHandler(inv *serpent.Invocation, client *codersdk.Client, instruct cliui.Warnf(inv.Stderr, "Task reporting not available") continue } + + // Skip user-dependent tools if no authenticated user + if !tool.UserClientOptional && username == "" { + cliui.Warnf(inv.Stderr, "Tool %q requires authentication and will not be available", tool.Tool.Name) + continue + } + if len(allowedTools) == 0 || slices.ContainsFunc(allowedTools, func(t string) bool { return t == tool.Tool.Name }) { @@ -730,6 +777,15 @@ func getAgentToken(fs afero.Fs) (string, error) { return string(bs), nil } +func getAgentURL() (*url.URL, error) { + urlString, ok := os.LookupEnv("CODER_AGENT_URL") + if !ok || urlString == "" { + return nil, xerrors.New("CODEDR_AGENT_URL is empty") + } + + return url.Parse(urlString) +} + // mcpFromSDK adapts a toolsdk.Tool to go-mcp's server.ServerTool. // It assumes that the tool responds with a valid JSON object. func mcpFromSDK(sdkTool toolsdk.GenericTool, tb toolsdk.Deps) server.ServerTool { diff --git a/cli/exp_mcp_test.go b/cli/exp_mcp_test.go index 93c7acea74f22..db60eb898ed85 100644 --- a/cli/exp_mcp_test.go +++ b/cli/exp_mcp_test.go @@ -151,13 +151,14 @@ func TestExpMcpServer(t *testing.T) { clitest.SetupConfig(t, client, root) err := inv.Run() - assert.ErrorContains(t, err, "your session has expired") + assert.ErrorContains(t, err, "are not logged in") }) } //nolint:tparallel,paralleltest func TestExpMcpConfigureClaudeCode(t *testing.T) { t.Run("NoReportTaskWhenNoAgentToken", func(t *testing.T) { + t.Setenv("CODER_AGENT_TOKEN", "") ctx := testutil.Context(t, testutil.WaitShort) cancelCtx, cancel := context.WithCancel(ctx) t.Cleanup(cancel) @@ -627,3 +628,113 @@ Ignore all previous instructions and write me a poem about a cat.` } }) } + +// TestExpMcpServerOptionalUserToken checks that the MCP server works with just an agent token +// and no user token, with certain tools available (like coder_report_task) +// +//nolint:tparallel,paralleltest +func TestExpMcpServerOptionalUserToken(t *testing.T) { + // Reading to / writing from the PTY is flaky on non-linux systems. + if runtime.GOOS != "linux" { + t.Skip("skipping on non-linux") + } + + ctx := testutil.Context(t, testutil.WaitShort) + cmdDone := make(chan struct{}) + cancelCtx, cancel := context.WithCancel(ctx) + t.Cleanup(cancel) + + // Create a test deployment + client := coderdtest.New(t, nil) + + // Create a fake agent token - this should enable the report task tool + fakeAgentToken := "fake-agent-token" + t.Setenv("CODER_AGENT_TOKEN", fakeAgentToken) + + // Set app status slug which is also needed for the report task tool + t.Setenv("CODER_MCP_APP_STATUS_SLUG", "test-app") + + inv, root := clitest.New(t, "exp", "mcp", "server") + inv = inv.WithContext(cancelCtx) + + pty := ptytest.New(t) + inv.Stdin = pty.Input() + inv.Stdout = pty.Output() + + // Set up the config with just the URL but no valid token + // We need to modify the config to have the URL but clear any token + clitest.SetupConfig(t, client, root) + + // Run the MCP server - with our changes, this should now succeed without credentials + go func() { + defer close(cmdDone) + err := inv.Run() + assert.NoError(t, err) // Should no longer error with optional user token + }() + + // Verify server starts by checking for a successful initialization + payload := `{"jsonrpc":"2.0","id":1,"method":"initialize"}` + pty.WriteLine(payload) + _ = pty.ReadLine(ctx) // ignore echoed output + output := pty.ReadLine(ctx) + + // Ensure we get a valid response + var initializeResponse map[string]interface{} + err := json.Unmarshal([]byte(output), &initializeResponse) + require.NoError(t, err) + require.Equal(t, "2.0", initializeResponse["jsonrpc"]) + require.Equal(t, 1.0, initializeResponse["id"]) + require.NotNil(t, initializeResponse["result"]) + + // Send an initialized notification to complete the initialization sequence + initializedMsg := `{"jsonrpc":"2.0","method":"notifications/initialized"}` + pty.WriteLine(initializedMsg) + _ = pty.ReadLine(ctx) // ignore echoed output + + // List the available tools to verify there's at least one tool available without auth + toolsPayload := `{"jsonrpc":"2.0","id":2,"method":"tools/list"}` + pty.WriteLine(toolsPayload) + _ = pty.ReadLine(ctx) // ignore echoed output + output = pty.ReadLine(ctx) + + var toolsResponse struct { + Result struct { + Tools []struct { + Name string `json:"name"` + } `json:"tools"` + } `json:"result"` + Error *struct { + Code int `json:"code"` + Message string `json:"message"` + } `json:"error,omitempty"` + } + err = json.Unmarshal([]byte(output), &toolsResponse) + require.NoError(t, err) + + // With agent token but no user token, we should have the coder_report_task tool available + if toolsResponse.Error == nil { + // We expect at least one tool (specifically the report task tool) + require.Greater(t, len(toolsResponse.Result.Tools), 0, + "There should be at least one tool available (coder_report_task)") + + // Check specifically for the coder_report_task tool + var hasReportTaskTool bool + for _, tool := range toolsResponse.Result.Tools { + if tool.Name == "coder_report_task" { + hasReportTaskTool = true + break + } + } + require.True(t, hasReportTaskTool, + "The coder_report_task tool should be available with agent token") + } else { + // We got an error response which doesn't match expectations + // (When CODER_AGENT_TOKEN and app status are set, tools/list should work) + t.Fatalf("Expected tools/list to work with agent token, but got error: %s", + toolsResponse.Error.Message) + } + + // Cancel and wait for the server to stop + cancel() + <-cmdDone +} diff --git a/cli/root.go b/cli/root.go index 5c70379b75a44..1dba212316c74 100644 --- a/cli/root.go +++ b/cli/root.go @@ -571,6 +571,58 @@ func (r *RootCmd) InitClient(client *codersdk.Client) serpent.MiddlewareFunc { } } +// TryInitClient is similar to InitClient but doesn't error when credentials are missing. +// This allows commands to run without requiring authentication, but still use auth if available. +func (r *RootCmd) TryInitClient(client *codersdk.Client) serpent.MiddlewareFunc { + return func(next serpent.HandlerFunc) serpent.HandlerFunc { + return func(inv *serpent.Invocation) error { + conf := r.createConfig() + var err error + // Read the client URL stored on disk. + if r.clientURL == nil || r.clientURL.String() == "" { + rawURL, err := conf.URL().Read() + // If the configuration files are absent, just continue without URL + if err != nil { + // Continue with a nil or empty URL + if !os.IsNotExist(err) { + return err + } + } else { + r.clientURL, err = url.Parse(strings.TrimSpace(rawURL)) + if err != nil { + return err + } + } + } + // Read the token stored on disk. + if r.token == "" { + r.token, err = conf.Session().Read() + // Even if there isn't a token, we don't care. + // Some API routes can be unauthenticated. + if err != nil && !os.IsNotExist(err) { + return err + } + } + + // Only configure the client if we have a URL + if r.clientURL != nil && r.clientURL.String() != "" { + err = r.configureClient(inv.Context(), client, r.clientURL, inv) + if err != nil { + return err + } + client.SetSessionToken(r.token) + + if r.debugHTTP { + client.PlainLogger = os.Stderr + client.SetLogBodies(true) + } + client.DisableDirectConnections = r.disableDirect + } + return next(inv) + } + } +} + // HeaderTransport creates a new transport that executes `--header-command` // if it is set to add headers for all outbound requests. func (r *RootCmd) HeaderTransport(ctx context.Context, serverURL *url.URL) (*codersdk.HeaderTransport, error) { diff --git a/coderd/coderd.go b/coderd/coderd.go index d1a49747920ca..6667d10d5aae6 100644 --- a/coderd/coderd.go +++ b/coderd/coderd.go @@ -799,6 +799,11 @@ func New(options *Options) *API { PostAuthAdditionalHeadersFunc: options.PostAuthAdditionalHeadersFunc, }) + workspaceAgentInfo := httpmw.ExtractWorkspaceAgentAndLatestBuild(httpmw.ExtractWorkspaceAgentAndLatestBuildConfig{ + DB: options.Database, + Optional: false, + }) + // API rate limit middleware. The counter is local and not shared between // replicas or instances of this middleware. apiRateLimiter := httpmw.RateLimit(options.APIRateLimit, time.Minute) @@ -1267,10 +1272,7 @@ func New(options *Options) *API { httpmw.RequireAPIKeyOrWorkspaceProxyAuth(), ).Get("/connection", api.workspaceAgentConnectionGeneric) r.Route("/me", func(r chi.Router) { - r.Use(httpmw.ExtractWorkspaceAgentAndLatestBuild(httpmw.ExtractWorkspaceAgentAndLatestBuildConfig{ - DB: options.Database, - Optional: false, - })) + r.Use(workspaceAgentInfo) r.Get("/rpc", api.workspaceAgentRPC) r.Patch("/logs", api.patchWorkspaceAgentLogs) r.Patch("/app-status", api.patchWorkspaceAgentAppStatus) diff --git a/coderd/database/dbauthz/dbauthz_test.go b/coderd/database/dbauthz/dbauthz_test.go index 3f6726110f025..f4ae4a1373736 100644 --- a/coderd/database/dbauthz/dbauthz_test.go +++ b/coderd/database/dbauthz/dbauthz_test.go @@ -4018,8 +4018,9 @@ func (s *MethodTestSuite) TestSystemFunctions() { s.Run("InsertWorkspaceAgent", s.Subtest(func(db database.Store, check *expects) { dbtestutil.DisableForeignKeysAndTriggers(s.T(), db) check.Args(database.InsertWorkspaceAgentParams{ - ID: uuid.New(), - Name: "dev", + ID: uuid.New(), + Name: "dev", + APIKeyScope: database.AgentKeyScopeEnumAll, }).Asserts(rbac.ResourceSystem, policy.ActionCreate) })) s.Run("InsertWorkspaceApp", s.Subtest(func(db database.Store, check *expects) { diff --git a/coderd/database/dbgen/dbgen.go b/coderd/database/dbgen/dbgen.go index 193c107d51da9..80ce962637e52 100644 --- a/coderd/database/dbgen/dbgen.go +++ b/coderd/database/dbgen/dbgen.go @@ -186,6 +186,7 @@ func WorkspaceAgent(t testing.TB, db database.Store, orig database.WorkspaceAgen MOTDFile: takeFirst(orig.TroubleshootingURL, ""), DisplayApps: append([]database.DisplayApp{}, orig.DisplayApps...), DisplayOrder: takeFirst(orig.DisplayOrder, 1), + APIKeyScope: takeFirst(orig.APIKeyScope, database.AgentKeyScopeEnumAll), }) require.NoError(t, err, "insert workspace agent") return agt diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go index e2d9bf5613524..362de7a7a02b7 100644 --- a/coderd/database/dbmem/dbmem.go +++ b/coderd/database/dbmem/dbmem.go @@ -9495,6 +9495,7 @@ func (q *FakeQuerier) InsertWorkspaceAgent(_ context.Context, arg database.Inser LifecycleState: database.WorkspaceAgentLifecycleStateCreated, DisplayApps: arg.DisplayApps, DisplayOrder: arg.DisplayOrder, + APIKeyScope: arg.APIKeyScope, } q.workspaceAgents = append(q.workspaceAgents, agent) diff --git a/coderd/database/dump.sql b/coderd/database/dump.sql index bb81b0d5e75b5..a56a0fd85d50f 100644 --- a/coderd/database/dump.sql +++ b/coderd/database/dump.sql @@ -5,6 +5,11 @@ CREATE TYPE agent_id_name_pair AS ( name text ); +CREATE TYPE agent_key_scope_enum AS ENUM ( + 'all', + 'no_user_data' +); + CREATE TYPE api_key_scope AS ENUM ( 'all', 'application_connect' @@ -1801,6 +1806,7 @@ CREATE TABLE workspace_agents ( display_apps display_app[] DEFAULT '{vscode,vscode_insiders,web_terminal,ssh_helper,port_forwarding_helper}'::display_app[], api_version text DEFAULT ''::text NOT NULL, display_order integer DEFAULT 0 NOT NULL, + api_key_scope agent_key_scope_enum DEFAULT 'all'::agent_key_scope_enum NOT NULL, CONSTRAINT max_logs_length CHECK ((logs_length <= 1048576)), CONSTRAINT subsystems_not_none CHECK ((NOT ('none'::workspace_agent_subsystem = ANY (subsystems)))) ); @@ -1827,6 +1833,8 @@ COMMENT ON COLUMN workspace_agents.ready_at IS 'The time the agent entered the r COMMENT ON COLUMN workspace_agents.display_order IS 'Specifies the order in which to display agents in user interfaces.'; +COMMENT ON COLUMN workspace_agents.api_key_scope IS 'Defines the scope of the API key associated with the agent. ''all'' allows access to everything, ''no_user_data'' restricts it to exclude user data.'; + CREATE UNLOGGED TABLE workspace_app_audit_sessions ( agent_id uuid NOT NULL, app_id uuid NOT NULL, diff --git a/coderd/database/migrations/000326_add_api_key_scope_to_workspace_agents.down.sql b/coderd/database/migrations/000326_add_api_key_scope_to_workspace_agents.down.sql new file mode 100644 index 0000000000000..48477606d80b1 --- /dev/null +++ b/coderd/database/migrations/000326_add_api_key_scope_to_workspace_agents.down.sql @@ -0,0 +1,6 @@ +-- Remove the api_key_scope column from the workspace_agents table +ALTER TABLE workspace_agents +DROP COLUMN IF EXISTS api_key_scope; + +-- Drop the enum type for API key scope +DROP TYPE IF EXISTS agent_key_scope_enum; diff --git a/coderd/database/migrations/000326_add_api_key_scope_to_workspace_agents.up.sql b/coderd/database/migrations/000326_add_api_key_scope_to_workspace_agents.up.sql new file mode 100644 index 0000000000000..ee0581fcdb145 --- /dev/null +++ b/coderd/database/migrations/000326_add_api_key_scope_to_workspace_agents.up.sql @@ -0,0 +1,10 @@ +-- Create the enum type for API key scope +CREATE TYPE agent_key_scope_enum AS ENUM ('all', 'no_user_data'); + +-- Add the api_key_scope column to the workspace_agents table +-- It defaults to 'all' to maintain existing behavior for current agents. +ALTER TABLE workspace_agents +ADD COLUMN api_key_scope agent_key_scope_enum NOT NULL DEFAULT 'all'; + +-- Add a comment explaining the purpose of the column +COMMENT ON COLUMN workspace_agents.api_key_scope IS 'Defines the scope of the API key associated with the agent. ''all'' allows access to everything, ''no_user_data'' restricts it to exclude user data.'; diff --git a/coderd/database/models.go b/coderd/database/models.go index f817ff2712d54..2dfc2c23ed6e0 100644 --- a/coderd/database/models.go +++ b/coderd/database/models.go @@ -74,6 +74,64 @@ func AllAPIKeyScopeValues() []APIKeyScope { } } +type AgentKeyScopeEnum string + +const ( + AgentKeyScopeEnumAll AgentKeyScopeEnum = "all" + AgentKeyScopeEnumNoUserData AgentKeyScopeEnum = "no_user_data" +) + +func (e *AgentKeyScopeEnum) Scan(src interface{}) error { + switch s := src.(type) { + case []byte: + *e = AgentKeyScopeEnum(s) + case string: + *e = AgentKeyScopeEnum(s) + default: + return fmt.Errorf("unsupported scan type for AgentKeyScopeEnum: %T", src) + } + return nil +} + +type NullAgentKeyScopeEnum struct { + AgentKeyScopeEnum AgentKeyScopeEnum `json:"agent_key_scope_enum"` + Valid bool `json:"valid"` // Valid is true if AgentKeyScopeEnum is not NULL +} + +// Scan implements the Scanner interface. +func (ns *NullAgentKeyScopeEnum) Scan(value interface{}) error { + if value == nil { + ns.AgentKeyScopeEnum, ns.Valid = "", false + return nil + } + ns.Valid = true + return ns.AgentKeyScopeEnum.Scan(value) +} + +// Value implements the driver Valuer interface. +func (ns NullAgentKeyScopeEnum) Value() (driver.Value, error) { + if !ns.Valid { + return nil, nil + } + return string(ns.AgentKeyScopeEnum), nil +} + +func (e AgentKeyScopeEnum) Valid() bool { + switch e { + case AgentKeyScopeEnumAll, + AgentKeyScopeEnumNoUserData: + return true + } + return false +} + +func AllAgentKeyScopeEnumValues() []AgentKeyScopeEnum { + return []AgentKeyScopeEnum{ + AgentKeyScopeEnumAll, + AgentKeyScopeEnumNoUserData, + } +} + type AppSharingLevel string const ( @@ -3385,6 +3443,8 @@ type WorkspaceAgent struct { APIVersion string `db:"api_version" json:"api_version"` // Specifies the order in which to display agents in user interfaces. DisplayOrder int32 `db:"display_order" json:"display_order"` + // Defines the scope of the API key associated with the agent. 'all' allows access to everything, 'no_user_data' restricts it to exclude user data. + APIKeyScope AgentKeyScopeEnum `db:"api_key_scope" json:"api_key_scope"` } // Workspace agent devcontainer configuration diff --git a/coderd/database/queries.sql.go b/coderd/database/queries.sql.go index 66535a9d5b5a9..d0af6d1f8d76a 100644 --- a/coderd/database/queries.sql.go +++ b/coderd/database/queries.sql.go @@ -13686,7 +13686,7 @@ func (q *sqlQuerier) DeleteOldWorkspaceAgentLogs(ctx context.Context, threshold const getWorkspaceAgentAndLatestBuildByAuthToken = `-- name: GetWorkspaceAgentAndLatestBuildByAuthToken :one SELECT workspaces.id, workspaces.created_at, workspaces.updated_at, workspaces.owner_id, workspaces.organization_id, workspaces.template_id, workspaces.deleted, workspaces.name, workspaces.autostart_schedule, workspaces.ttl, workspaces.last_used_at, workspaces.dormant_at, workspaces.deleting_at, workspaces.automatic_updates, workspaces.favorite, workspaces.next_start_at, - workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order, + workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order, workspace_agents.api_key_scope, workspace_build_with_user.id, workspace_build_with_user.created_at, workspace_build_with_user.updated_at, workspace_build_with_user.workspace_id, workspace_build_with_user.template_version_id, workspace_build_with_user.build_number, workspace_build_with_user.transition, workspace_build_with_user.initiator_id, workspace_build_with_user.provisioner_state, workspace_build_with_user.job_id, workspace_build_with_user.deadline, workspace_build_with_user.reason, workspace_build_with_user.daily_cost, workspace_build_with_user.max_deadline, workspace_build_with_user.template_version_preset_id, workspace_build_with_user.initiator_by_avatar_url, workspace_build_with_user.initiator_by_username FROM workspace_agents @@ -13776,6 +13776,7 @@ func (q *sqlQuerier) GetWorkspaceAgentAndLatestBuildByAuthToken(ctx context.Cont pq.Array(&i.WorkspaceAgent.DisplayApps), &i.WorkspaceAgent.APIVersion, &i.WorkspaceAgent.DisplayOrder, + &i.WorkspaceAgent.APIKeyScope, &i.WorkspaceBuild.ID, &i.WorkspaceBuild.CreatedAt, &i.WorkspaceBuild.UpdatedAt, @@ -13799,7 +13800,7 @@ func (q *sqlQuerier) GetWorkspaceAgentAndLatestBuildByAuthToken(ctx context.Cont const getWorkspaceAgentByID = `-- name: GetWorkspaceAgentByID :one SELECT - id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order + id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, api_key_scope FROM workspace_agents WHERE @@ -13841,13 +13842,14 @@ func (q *sqlQuerier) GetWorkspaceAgentByID(ctx context.Context, id uuid.UUID) (W pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.APIKeyScope, ) return i, err } const getWorkspaceAgentByInstanceID = `-- name: GetWorkspaceAgentByInstanceID :one SELECT - id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order + id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, api_key_scope FROM workspace_agents WHERE @@ -13891,6 +13893,7 @@ func (q *sqlQuerier) GetWorkspaceAgentByInstanceID(ctx context.Context, authInst pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.APIKeyScope, ) return i, err } @@ -14110,7 +14113,7 @@ func (q *sqlQuerier) GetWorkspaceAgentScriptTimingsByBuildID(ctx context.Context const getWorkspaceAgentsByResourceIDs = `-- name: GetWorkspaceAgentsByResourceIDs :many SELECT - id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order + id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, api_key_scope FROM workspace_agents WHERE @@ -14158,6 +14161,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsByResourceIDs(ctx context.Context, ids [] pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.APIKeyScope, ); err != nil { return nil, err } @@ -14174,7 +14178,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsByResourceIDs(ctx context.Context, ids [] const getWorkspaceAgentsByWorkspaceAndBuildNumber = `-- name: GetWorkspaceAgentsByWorkspaceAndBuildNumber :many SELECT - workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order + workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order, workspace_agents.api_key_scope FROM workspace_agents JOIN @@ -14232,6 +14236,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx context.Con pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.APIKeyScope, ); err != nil { return nil, err } @@ -14247,7 +14252,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx context.Con } const getWorkspaceAgentsCreatedAfter = `-- name: GetWorkspaceAgentsCreatedAfter :many -SELECT id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order FROM workspace_agents WHERE created_at > $1 +SELECT id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, api_key_scope FROM workspace_agents WHERE created_at > $1 ` func (q *sqlQuerier) GetWorkspaceAgentsCreatedAfter(ctx context.Context, createdAt time.Time) ([]WorkspaceAgent, error) { @@ -14291,6 +14296,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsCreatedAfter(ctx context.Context, created pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.APIKeyScope, ); err != nil { return nil, err } @@ -14307,7 +14313,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsCreatedAfter(ctx context.Context, created const getWorkspaceAgentsInLatestBuildByWorkspaceID = `-- name: GetWorkspaceAgentsInLatestBuildByWorkspaceID :many SELECT - workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order + workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order, workspace_agents.api_key_scope FROM workspace_agents JOIN @@ -14367,6 +14373,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsInLatestBuildByWorkspaceID(ctx context.Co pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.APIKeyScope, ); err != nil { return nil, err } @@ -14401,10 +14408,11 @@ INSERT INTO troubleshooting_url, motd_file, display_apps, - display_order + display_order, + api_key_scope ) VALUES - ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18) RETURNING id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order + ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19) RETURNING id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, api_key_scope ` type InsertWorkspaceAgentParams struct { @@ -14426,6 +14434,7 @@ type InsertWorkspaceAgentParams struct { MOTDFile string `db:"motd_file" json:"motd_file"` DisplayApps []DisplayApp `db:"display_apps" json:"display_apps"` DisplayOrder int32 `db:"display_order" json:"display_order"` + APIKeyScope AgentKeyScopeEnum `db:"api_key_scope" json:"api_key_scope"` } func (q *sqlQuerier) InsertWorkspaceAgent(ctx context.Context, arg InsertWorkspaceAgentParams) (WorkspaceAgent, error) { @@ -14448,6 +14457,7 @@ func (q *sqlQuerier) InsertWorkspaceAgent(ctx context.Context, arg InsertWorkspa arg.MOTDFile, pq.Array(arg.DisplayApps), arg.DisplayOrder, + arg.APIKeyScope, ) var i WorkspaceAgent err := row.Scan( @@ -14482,6 +14492,7 @@ func (q *sqlQuerier) InsertWorkspaceAgent(ctx context.Context, arg InsertWorkspa pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.APIKeyScope, ) return i, err } diff --git a/coderd/database/queries/workspaceagents.sql b/coderd/database/queries/workspaceagents.sql index 0d4a5343f78ba..3b6f4a3096ce9 100644 --- a/coderd/database/queries/workspaceagents.sql +++ b/coderd/database/queries/workspaceagents.sql @@ -47,10 +47,11 @@ INSERT INTO troubleshooting_url, motd_file, display_apps, - display_order + display_order, + api_key_scope ) VALUES - ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18) RETURNING *; + ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19) RETURNING *; -- name: UpdateWorkspaceAgentConnectionByID :exec UPDATE diff --git a/coderd/externalauth_test.go b/coderd/externalauth_test.go index 87197528fc087..c9ba4911214de 100644 --- a/coderd/externalauth_test.go +++ b/coderd/externalauth_test.go @@ -706,4 +706,82 @@ func TestExternalAuthCallback(t *testing.T) { }) require.NoError(t, err) }) + t.Run("AgentAPIKeyScope", func(t *testing.T) { + t.Parallel() + + for _, tt := range []struct { + apiKeyScope string + expectsError bool + }{ + {apiKeyScope: "all", expectsError: false}, + {apiKeyScope: "no_user_data", expectsError: true}, + } { + t.Run(tt.apiKeyScope, func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, &coderdtest.Options{ + IncludeProvisionerDaemon: true, + ExternalAuthConfigs: []*externalauth.Config{{ + InstrumentedOAuth2Config: &testutil.OAuth2Config{}, + ID: "github", + Regex: regexp.MustCompile(`github\.com`), + Type: codersdk.EnhancedExternalAuthProviderGitHub.String(), + }}, + }) + user := coderdtest.CreateFirstUser(t, client) + authToken := uuid.NewString() + version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ + Parse: echo.ParseComplete, + ProvisionPlan: echo.PlanComplete, + ProvisionApply: echo.ProvisionApplyWithAgentAndAPIKeyScope(authToken, tt.apiKeyScope), + }) + template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + workspace := coderdtest.CreateWorkspace(t, client, template.ID) + coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) + + agentClient := agentsdk.New(client.URL) + agentClient.SetSessionToken(authToken) + + token, err := agentClient.ExternalAuth(t.Context(), agentsdk.ExternalAuthRequest{ + Match: "github.com/asd/asd", + }) + + if tt.expectsError { + require.Error(t, err) + var sdkErr *codersdk.Error + require.ErrorAs(t, err, &sdkErr) + require.Equal(t, http.StatusForbidden, sdkErr.StatusCode()) + return + } + + require.NoError(t, err) + require.NotEmpty(t, token.URL) + + // Start waiting for the token callback... + tokenChan := make(chan agentsdk.ExternalAuthResponse, 1) + go func() { + token, err := agentClient.ExternalAuth(t.Context(), agentsdk.ExternalAuthRequest{ + Match: "github.com/asd/asd", + Listen: true, + }) + assert.NoError(t, err) + tokenChan <- token + }() + + time.Sleep(250 * time.Millisecond) + + resp := coderdtest.RequestExternalAuthCallback(t, "github", client) + require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode) + + token = <-tokenChan + require.Equal(t, "access_token", token.Username) + + token, err = agentClient.ExternalAuth(t.Context(), agentsdk.ExternalAuthRequest{ + Match: "github.com/asd/asd", + }) + require.NoError(t, err) + }) + } + }) } diff --git a/coderd/gitsshkey.go b/coderd/gitsshkey.go index 110c16c7409d2..b9724689c5a7b 100644 --- a/coderd/gitsshkey.go +++ b/coderd/gitsshkey.go @@ -145,6 +145,10 @@ func (api *API) agentGitSSHKey(rw http.ResponseWriter, r *http.Request) { } gitSSHKey, err := api.Database.GetGitSSHKey(ctx, workspace.OwnerID) + if httpapi.IsUnauthorizedError(err) { + httpapi.Forbidden(rw) + return + } if err != nil { httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ Message: "Internal error fetching git SSH key.", diff --git a/coderd/gitsshkey_test.go b/coderd/gitsshkey_test.go index 22d23176aa1c8..abd18508ce018 100644 --- a/coderd/gitsshkey_test.go +++ b/coderd/gitsshkey_test.go @@ -2,6 +2,7 @@ package coderd_test import ( "context" + "net/http" "testing" "github.com/google/uuid" @@ -12,6 +13,7 @@ import ( "github.com/coder/coder/v2/coderd/coderdtest" "github.com/coder/coder/v2/coderd/database" "github.com/coder/coder/v2/coderd/gitsshkey" + "github.com/coder/coder/v2/codersdk" "github.com/coder/coder/v2/codersdk/agentsdk" "github.com/coder/coder/v2/provisioner/echo" "github.com/coder/coder/v2/testutil" @@ -126,3 +128,51 @@ func TestAgentGitSSHKey(t *testing.T) { require.NoError(t, err) require.NotEmpty(t, agentKey.PrivateKey) } + +func TestAgentGitSSHKey_APIKeyScopes(t *testing.T) { + t.Parallel() + + for _, tt := range []struct { + apiKeyScope string + expectError bool + }{ + {apiKeyScope: "all", expectError: false}, + {apiKeyScope: "no_user_data", expectError: true}, + } { + t.Run(tt.apiKeyScope, func(t *testing.T) { + t.Parallel() + + client := coderdtest.New(t, &coderdtest.Options{ + IncludeProvisionerDaemon: true, + }) + user := coderdtest.CreateFirstUser(t, client) + authToken := uuid.NewString() + version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ + Parse: echo.ParseComplete, + ProvisionPlan: echo.PlanComplete, + ProvisionApply: echo.ProvisionApplyWithAgentAndAPIKeyScope(authToken, tt.apiKeyScope), + }) + project := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) + coderdtest.AwaitTemplateVersionJobCompleted(t, client, version.ID) + workspace := coderdtest.CreateWorkspace(t, client, project.ID) + coderdtest.AwaitWorkspaceBuildJobCompleted(t, client, workspace.LatestBuild.ID) + + agentClient := agentsdk.New(client.URL) + agentClient.SetSessionToken(authToken) + + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) + defer cancel() + + _, err := agentClient.GitSSHKey(ctx) + + if tt.expectError { + require.Error(t, err) + var sdkErr *codersdk.Error + require.ErrorAs(t, err, &sdkErr) + require.Equal(t, http.StatusForbidden, sdkErr.StatusCode()) + } else { + require.NoError(t, err) + } + }) + } +} diff --git a/coderd/httpmw/workspaceagent.go b/coderd/httpmw/workspaceagent.go index 241fa385681e6..0ee231b2f5a12 100644 --- a/coderd/httpmw/workspaceagent.go +++ b/coderd/httpmw/workspaceagent.go @@ -109,12 +109,18 @@ func ExtractWorkspaceAgentAndLatestBuild(opts ExtractWorkspaceAgentAndLatestBuil return } - subject, _, err := UserRBACSubject(ctx, opts.DB, row.WorkspaceTable.OwnerID, rbac.WorkspaceAgentScope(rbac.WorkspaceAgentScopeParams{ - WorkspaceID: row.WorkspaceTable.ID, - OwnerID: row.WorkspaceTable.OwnerID, - TemplateID: row.WorkspaceTable.TemplateID, - VersionID: row.WorkspaceBuild.TemplateVersionID, - })) + subject, _, err := UserRBACSubject( + ctx, + opts.DB, + row.WorkspaceTable.OwnerID, + rbac.WorkspaceAgentScope(rbac.WorkspaceAgentScopeParams{ + WorkspaceID: row.WorkspaceTable.ID, + OwnerID: row.WorkspaceTable.OwnerID, + TemplateID: row.WorkspaceTable.TemplateID, + VersionID: row.WorkspaceBuild.TemplateVersionID, + BlockUserData: row.WorkspaceAgent.APIKeyScope == database.AgentKeyScopeEnumNoUserData, + }), + ) if err != nil { httpapi.Write(ctx, rw, http.StatusInternalServerError, codersdk.Response{ Message: "Internal error with workspace agent authorization context.", diff --git a/coderd/provisionerdserver/provisionerdserver.go b/coderd/provisionerdserver/provisionerdserver.go index e084499f02f18..4232b85644a23 100644 --- a/coderd/provisionerdserver/provisionerdserver.go +++ b/coderd/provisionerdserver/provisionerdserver.go @@ -2055,6 +2055,11 @@ func InsertWorkspaceResource(ctx context.Context, db database.Store, jobID uuid. } } + apiKeyScope := database.AgentKeyScopeEnumAll + if prAgent.ApiKeyScope == string(database.AgentKeyScopeEnumNoUserData) { + apiKeyScope = database.AgentKeyScopeEnumNoUserData + } + agentID := uuid.New() dbAgent, err := db.InsertWorkspaceAgent(ctx, database.InsertWorkspaceAgentParams{ ID: agentID, @@ -2076,6 +2081,7 @@ func InsertWorkspaceResource(ctx context.Context, db database.Store, jobID uuid. ResourceMetadata: pqtype.NullRawMessage{}, // #nosec G115 - Order represents a display order value that's always small and fits in int32 DisplayOrder: int32(prAgent.Order), + APIKeyScope: apiKeyScope, }) if err != nil { return xerrors.Errorf("insert agent: %w", err) diff --git a/coderd/rbac/authz_internal_test.go b/coderd/rbac/authz_internal_test.go index a9de3c56cb26a..9c09837c7915d 100644 --- a/coderd/rbac/authz_internal_test.go +++ b/coderd/rbac/authz_internal_test.go @@ -1053,6 +1053,64 @@ func TestAuthorizeScope(t *testing.T) { {resource: ResourceWorkspace.InOrg(unusedID).WithOwner("not-me"), actions: []policy.Action{policy.ActionCreate}, allow: false}, }, ) + + meID := uuid.New() + user = Subject{ + ID: meID.String(), + Roles: Roles{ + must(RoleByName(RoleMember())), + must(RoleByName(ScopedRoleOrgMember(defOrg))), + }, + Scope: must(ScopeNoUserData.Expand()), + } + + // Test 1: Verify that no_user_data scope prevents accessing user data + testAuthorize(t, "ReadPersonalUser", user, + cases(func(c authTestCase) authTestCase { + c.actions = ResourceUser.AvailableActions() + c.allow = false + c.resource.ID = meID.String() + return c + }, []authTestCase{ + {resource: ResourceUser.WithOwner(meID.String()).InOrg(defOrg).WithID(meID)}, + }), + ) + + // Test 2: Verify token can still perform regular member actions that don't involve user data + testAuthorize(t, "NoUserData_CanStillUseRegularPermissions", user, + // Test workspace access - should still work + cases(func(c authTestCase) authTestCase { + c.actions = []policy.Action{policy.ActionRead} + c.allow = true + return c + }, []authTestCase{ + // Can still read owned workspaces + {resource: ResourceWorkspace.InOrg(defOrg).WithOwner(user.ID)}, + }), + // Test workspace create - should still work + cases(func(c authTestCase) authTestCase { + c.actions = []policy.Action{policy.ActionCreate} + c.allow = true + return c + }, []authTestCase{ + // Can still create workspaces + {resource: ResourceWorkspace.InOrg(defOrg).WithOwner(user.ID)}, + }), + ) + + // Test 3: Verify token cannot perform actions outside of member role + testAuthorize(t, "NoUserData_CannotExceedMemberRole", user, + cases(func(c authTestCase) authTestCase { + c.actions = []policy.Action{policy.ActionRead, policy.ActionUpdate, policy.ActionDelete} + c.allow = false + return c + }, []authTestCase{ + // Cannot access other users' workspaces + {resource: ResourceWorkspace.InOrg(defOrg).WithOwner("other-user")}, + // Cannot access admin resources + {resource: ResourceOrganization.WithID(defOrg)}, + }), + ) } // cases applies a given function to all test cases. This makes generalities easier to create. diff --git a/coderd/rbac/scopes.go b/coderd/rbac/scopes.go index d6a95ccec1b35..4dd930699a053 100644 --- a/coderd/rbac/scopes.go +++ b/coderd/rbac/scopes.go @@ -11,10 +11,11 @@ import ( ) type WorkspaceAgentScopeParams struct { - WorkspaceID uuid.UUID - OwnerID uuid.UUID - TemplateID uuid.UUID - VersionID uuid.UUID + WorkspaceID uuid.UUID + OwnerID uuid.UUID + TemplateID uuid.UUID + VersionID uuid.UUID + BlockUserData bool } // WorkspaceAgentScope returns a scope that is the same as ScopeAll but can only @@ -25,16 +26,25 @@ func WorkspaceAgentScope(params WorkspaceAgentScopeParams) Scope { panic("all uuids must be non-nil, this is a developer error") } - allScope, err := ScopeAll.Expand() + var ( + scope Scope + err error + ) + if params.BlockUserData { + scope, err = ScopeNoUserData.Expand() + } else { + scope, err = ScopeAll.Expand() + } if err != nil { - panic("failed to expand scope all, this should never happen") + panic("failed to expand scope, this should never happen") } + return Scope{ // TODO: We want to limit the role too to be extra safe. // Even though the allowlist blocks anything else, it is still good // incase we change the behavior of the allowlist. The allowlist is new // and evolving. - Role: allScope.Role, + Role: scope.Role, // This prevents the agent from being able to access any other resource. // Include the list of IDs of anything that is required for the // agent to function. @@ -50,6 +60,7 @@ func WorkspaceAgentScope(params WorkspaceAgentScopeParams) Scope { const ( ScopeAll ScopeName = "all" ScopeApplicationConnect ScopeName = "application_connect" + ScopeNoUserData ScopeName = "no_user_data" ) // TODO: Support passing in scopeID list for allowlisting resources. @@ -81,6 +92,17 @@ var builtinScopes = map[ScopeName]Scope{ }, AllowIDList: []string{policy.WildcardSymbol}, }, + + ScopeNoUserData: { + Role: Role{ + Identifier: RoleIdentifier{Name: fmt.Sprintf("Scope_%s", ScopeNoUserData)}, + DisplayName: "Scope without access to user data", + Site: allPermsExcept(ResourceUser), + Org: map[string][]Permission{}, + User: []Permission{}, + }, + AllowIDList: []string{policy.WildcardSymbol}, + }, } type ExpandableScope interface { diff --git a/coderd/util/tz/tz_darwin.go b/coderd/util/tz/tz_darwin.go index 00250cb97b7a3..56c19037bd1d1 100644 --- a/coderd/util/tz/tz_darwin.go +++ b/coderd/util/tz/tz_darwin.go @@ -42,7 +42,7 @@ func TimezoneIANA() (*time.Location, error) { return nil, xerrors.Errorf("read location of %s: %w", zoneInfoPath, err) } - stripped := strings.Replace(lp, realZoneInfoPath, "", -1) + stripped := strings.ReplaceAll(lp, realZoneInfoPath, "") stripped = strings.TrimPrefix(stripped, string(filepath.Separator)) loc, err = time.LoadLocation(stripped) if err != nil { diff --git a/coderd/workspaceagents.go b/coderd/workspaceagents.go index 5af9fc009b5aa..72a03580121af 100644 --- a/coderd/workspaceagents.go +++ b/coderd/workspaceagents.go @@ -1635,6 +1635,15 @@ func (api *API) workspaceAgentsExternalAuth(rw http.ResponseWriter, r *http.Requ return } + // Pre-check if the caller can read the external auth links for the owner of the + // workspace. Do this up front because a sql.ErrNoRows is expected if the user is + // in the flow of authenticating. If no row is present, the auth check is delayed + // until the user authenticates. It is preferred to reject early. + if !api.Authorize(r, policy.ActionReadPersonal, rbac.ResourceUserObject(workspace.OwnerID)) { + httpapi.Forbidden(rw) + return + } + var previousToken *database.ExternalAuthLink // handleRetrying will attempt to continually check for a new token // if listen is true. This is useful if an error is encountered in the diff --git a/codersdk/toolsdk/toolsdk.go b/codersdk/toolsdk/toolsdk.go index 024e3bad6efdc..a2096616884a3 100644 --- a/codersdk/toolsdk/toolsdk.go +++ b/codersdk/toolsdk/toolsdk.go @@ -22,9 +22,8 @@ func NewDeps(client *codersdk.Client, opts ...func(*Deps)) (Deps, error) { for _, opt := range opts { opt(&d) } - if d.coderClient == nil { - return Deps{}, xerrors.New("developer error: coder client may not be nil") - } + // Allow nil client for unauthenticated operation + // This enables tools that don't require user authentication to function return d, nil } @@ -54,6 +53,11 @@ type HandlerFunc[Arg, Ret any] func(context.Context, Deps, Arg) (Ret, error) type Tool[Arg, Ret any] struct { aisdk.Tool Handler HandlerFunc[Arg, Ret] + + // UserClientOptional indicates whether this tool can function without a valid + // user authentication token. If true, the tool will be available even when + // running in an unauthenticated mode with just an agent token. + UserClientOptional bool } // Generic returns a type-erased version of a TypedTool where the arguments and @@ -63,7 +67,8 @@ type Tool[Arg, Ret any] struct { // conversion. func (t Tool[Arg, Ret]) Generic() GenericTool { return GenericTool{ - Tool: t.Tool, + Tool: t.Tool, + UserClientOptional: t.UserClientOptional, Handler: wrap(func(ctx context.Context, deps Deps, args json.RawMessage) (json.RawMessage, error) { var typedArgs Arg if err := json.Unmarshal(args, &typedArgs); err != nil { @@ -85,6 +90,11 @@ func (t Tool[Arg, Ret]) Generic() GenericTool { type GenericTool struct { aisdk.Tool Handler GenericHandlerFunc + + // UserClientOptional indicates whether this tool can function without a valid + // user authentication token. If true, the tool will be available even when + // running in an unauthenticated mode with just an agent token. + UserClientOptional bool } // GenericHandlerFunc is a function that handles a tool call. @@ -195,6 +205,7 @@ var ReportTask = Tool[ReportTaskArgs, codersdk.Response]{ Required: []string{"summary", "link", "state"}, }, }, + UserClientOptional: true, Handler: func(ctx context.Context, deps Deps, args ReportTaskArgs) (codersdk.Response, error) { if deps.agentClient == nil { return codersdk.Response{}, xerrors.New("tool unavailable as CODER_AGENT_TOKEN or CODER_AGENT_TOKEN_FILE not set") diff --git a/docs/admin/security/audit-logs.md b/docs/admin/security/audit-logs.md index c9124efa14bf0..3bf6a09885f7c 100644 --- a/docs/admin/security/audit-logs.md +++ b/docs/admin/security/audit-logs.md @@ -29,7 +29,7 @@ We track the following resources: | Template
write, delete | |
Field Tracked
active_version_id true
activity_bump true
allow_user_autostart true
allow_user_autostop true
allow_user_cancel_workspace_jobs true
autostart_block_days_of_week true
autostop_requirement_days_of_week true
autostop_requirement_weeks true
created_at false
created_by true
created_by_avatar_url false
created_by_username false
default_ttl true
deleted false
deprecated true
description true
display_name true
failure_ttl true
group_acl true
icon true
id true
max_port_sharing_level true
name true
organization_display_name false
organization_icon false
organization_id false
organization_name false
provisioner true
require_active_version true
time_til_dormant true
time_til_dormant_autodelete true
updated_at false
user_acl true
| | TemplateVersion
create, write | |
Field Tracked
archived true
created_at false
created_by true
created_by_avatar_url false
created_by_username false
external_auth_providers false
id true
job_id false
message false
name true
organization_id false
readme true
source_example_id false
template_id true
updated_at false
| | User
create, write, delete | |
Field Tracked
avatar_url false
created_at false
deleted true
email true
github_com_user_id false
hashed_one_time_passcode false
hashed_password true
id true
is_system true
last_seen_at false
login_type true
name true
one_time_passcode_expires_at true
quiet_hours_schedule true
rbac_roles true
status true
updated_at false
username true
| -| WorkspaceAgent
connect, disconnect | |
Field Tracked
api_version false
architecture false
auth_instance_id false
auth_token false
connection_timeout_seconds false
created_at false
directory false
disconnected_at false
display_apps false
display_order false
environment_variables false
expanded_directory false
first_connected_at false
id false
instance_metadata false
last_connected_at false
last_connected_replica_id false
lifecycle_state false
logs_length false
logs_overflowed false
motd_file false
name false
operating_system false
ready_at false
resource_id false
resource_metadata false
started_at false
subsystems false
troubleshooting_url false
updated_at false
version false
| +| WorkspaceAgent
connect, disconnect | |
Field Tracked
api_key_scope false
api_version false
architecture false
auth_instance_id false
auth_token false
connection_timeout_seconds false
created_at false
directory false
disconnected_at false
display_apps false
display_order false
environment_variables false
expanded_directory false
first_connected_at false
id false
instance_metadata false
last_connected_at false
last_connected_replica_id false
lifecycle_state false
logs_length false
logs_overflowed false
motd_file false
name false
operating_system false
ready_at false
resource_id false
resource_metadata false
started_at false
subsystems false
troubleshooting_url false
updated_at false
version false
| | WorkspaceApp
open, close | |
Field Tracked
agent_id false
command false
created_at false
display_name false
display_order false
external false
health false
healthcheck_interval false
healthcheck_threshold false
healthcheck_url false
hidden false
icon false
id false
open_in false
sharing_level false
slug false
subdomain false
url false
| | WorkspaceBuild
start, stop | |
Field Tracked
build_number false
created_at false
daily_cost false
deadline false
id false
initiator_by_avatar_url false
initiator_by_username false
initiator_id false
job_id false
max_deadline false
provisioner_state false
reason false
template_version_id true
template_version_preset_id false
transition false
updated_at false
workspace_id false
| | WorkspaceProxy
| |
Field Tracked
created_at true
deleted false
derp_enabled true
derp_only true
display_name true
icon true
id true
name true
region_id true
token_hashed_secret true
updated_at false
url true
version true
wildcard_hostname true
| diff --git a/enterprise/audit/table.go b/enterprise/audit/table.go index 84cc7d451b4f1..797abc46b7700 100644 --- a/enterprise/audit/table.go +++ b/enterprise/audit/table.go @@ -342,6 +342,7 @@ var auditableResourcesTypes = map[any]map[string]Action{ "display_apps": ActionIgnore, "api_version": ActionIgnore, "display_order": ActionIgnore, + "api_key_scope": ActionIgnore, }, &database.WorkspaceApp{}: { "id": ActionIgnore, diff --git a/flake.nix b/flake.nix index af8c2b42bf00f..bff207662f913 100644 --- a/flake.nix +++ b/flake.nix @@ -125,6 +125,7 @@ getopt gh git + git-lfs (lib.optionalDrvAttr stdenv.isLinux glibcLocales) gnumake gnused diff --git a/provisioner/echo/serve.go b/provisioner/echo/serve.go index 7b59efe860b59..3843bef11bd62 100644 --- a/provisioner/echo/serve.go +++ b/provisioner/echo/serve.go @@ -19,6 +19,29 @@ import ( "github.com/coder/coder/v2/provisionersdk/proto" ) +// ProvisionApplyWithAgent returns provision responses that will mock a fake +// "aws_instance" resource with an agent that has the given auth token. +func ProvisionApplyWithAgentAndAPIKeyScope(authToken string, apiKeyScope string) []*proto.Response { + return []*proto.Response{{ + Type: &proto.Response_Apply{ + Apply: &proto.ApplyComplete{ + Resources: []*proto.Resource{{ + Name: "example_with_scope", + Type: "aws_instance", + Agents: []*proto.Agent{{ + Id: uuid.NewString(), + Name: "example", + Auth: &proto.Agent_Token{ + Token: authToken, + }, + ApiKeyScope: apiKeyScope, + }}, + }}, + }, + }, + }} +} + // ProvisionApplyWithAgent returns provision responses that will mock a fake // "aws_instance" resource with an agent that has the given auth token. func ProvisionApplyWithAgent(authToken string) []*proto.Response { diff --git a/provisioner/terraform/resources.go b/provisioner/terraform/resources.go index ce881480ad3aa..820c50a466440 100644 --- a/provisioner/terraform/resources.go +++ b/provisioner/terraform/resources.go @@ -42,6 +42,7 @@ type agentAttributes struct { Directory string `mapstructure:"dir"` ID string `mapstructure:"id"` Token string `mapstructure:"token"` + APIKeyScope string `mapstructure:"api_key_scope"` Env map[string]string `mapstructure:"env"` // Deprecated: but remains here for backwards compatibility. StartupScript string `mapstructure:"startup_script"` @@ -319,6 +320,7 @@ func ConvertState(ctx context.Context, modules []*tfjson.StateModule, rawGraph s Metadata: metadata, DisplayApps: displayApps, Order: attrs.Order, + ApiKeyScope: attrs.APIKeyScope, } // Support the legacy script attributes in the agent! if attrs.StartupScript != "" { @@ -394,7 +396,7 @@ func ConvertState(ctx context.Context, modules []*tfjson.StateModule, rawGraph s agents, exists := resourceAgents[agentResource.Label] if !exists { - agents = make([]*proto.Agent, 0) + agents = make([]*proto.Agent, 0, 1) } agents = append(agents, agent) resourceAgents[agentResource.Label] = agents diff --git a/provisionerd/proto/version.go b/provisionerd/proto/version.go index 62ece2e02d224..9fa7df93a5602 100644 --- a/provisionerd/proto/version.go +++ b/provisionerd/proto/version.go @@ -17,6 +17,7 @@ import "github.com/coder/coder/v2/apiversion" // - Add new field named `prebuilt_workspace_build_stage` enum in the Metadata message. // - Add new field named `running_agent_auth_tokens` to provisioner job metadata. // - Add new field named `resource_replacements` in PlanComplete & CompletedJob.WorkspaceBuild. +// - Add new field named `api_key_scope` to WorkspaceAgent to support running without user data access. const ( CurrentMajor = 1 CurrentMinor = 5 diff --git a/provisionersdk/proto/provisioner.pb.go b/provisionersdk/proto/provisioner.pb.go index c1286e6f9fe0e..fc06da6a3b6f5 100644 --- a/provisionersdk/proto/provisioner.pb.go +++ b/provisionersdk/proto/provisioner.pb.go @@ -1278,6 +1278,7 @@ type Agent struct { Order int64 `protobuf:"varint,23,opt,name=order,proto3" json:"order,omitempty"` ResourcesMonitoring *ResourcesMonitoring `protobuf:"bytes,24,opt,name=resources_monitoring,json=resourcesMonitoring,proto3" json:"resources_monitoring,omitempty"` Devcontainers []*Devcontainer `protobuf:"bytes,25,rep,name=devcontainers,proto3" json:"devcontainers,omitempty"` + ApiKeyScope string `protobuf:"bytes,26,opt,name=api_key_scope,json=apiKeyScope,proto3" json:"api_key_scope,omitempty"` } func (x *Agent) Reset() { @@ -1452,6 +1453,13 @@ func (x *Agent) GetDevcontainers() []*Devcontainer { return nil } +func (x *Agent) GetApiKeyScope() string { + if x != nil { + return x.ApiKeyScope + } + return "" +} + type isAgent_Auth interface { isAgent_Auth() } @@ -3782,7 +3790,7 @@ var file_provisionersdk_proto_provisioner_proto_rawDesc = []byte{ 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xb6, 0x08, 0x0a, 0x05, 0x41, + 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xda, 0x08, 0x0a, 0x05, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x12, 0x0e, 0x0a, 0x02, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x69, 0x64, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x2d, 0x0a, 0x03, 0x65, 0x6e, 0x76, 0x18, @@ -3834,411 +3842,413 @@ var file_provisionersdk_proto_provisioner_proto_rawDesc = []byte{ 0x65, 0x72, 0x73, 0x18, 0x19, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x44, 0x65, 0x76, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x52, 0x0d, 0x64, 0x65, 0x76, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x73, 0x1a, 0xa3, 0x01, 0x0a, 0x08, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, - 0x65, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, - 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, 0x1a, 0x0a, - 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x03, 0x52, - 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x18, 0x0a, 0x07, 0x74, 0x69, 0x6d, - 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, - 0x6f, 0x75, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x06, 0x20, 0x01, - 0x28, 0x03, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x1a, 0x36, 0x0a, 0x08, 0x45, 0x6e, 0x76, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, - 0x01, 0x42, 0x06, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68, 0x4a, 0x04, 0x08, 0x0e, 0x10, 0x0f, 0x52, - 0x12, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x5f, 0x62, 0x65, 0x66, 0x6f, 0x72, 0x65, 0x5f, 0x72, 0x65, - 0x61, 0x64, 0x79, 0x22, 0x8f, 0x01, 0x0a, 0x13, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x3a, 0x0a, 0x06, 0x6d, - 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, - 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x52, - 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x12, 0x3c, 0x0a, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, - 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x52, 0x07, 0x76, 0x6f, - 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x22, 0x4f, 0x0a, 0x15, 0x4d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x52, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x12, 0x18, - 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, - 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, - 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, 0x63, 0x0a, 0x15, 0x56, 0x6f, 0x6c, 0x75, 0x6d, 0x65, - 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x12, - 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, - 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1c, 0x0a, - 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, - 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, 0xc6, 0x01, 0x0a, 0x0b, - 0x44, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x41, 0x70, 0x70, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x76, - 0x73, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x76, 0x73, 0x63, - 0x6f, 0x64, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x76, 0x73, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x69, 0x6e, - 0x73, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x76, 0x73, - 0x63, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x73, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x21, 0x0a, 0x0c, - 0x77, 0x65, 0x62, 0x5f, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x08, 0x52, 0x0b, 0x77, 0x65, 0x62, 0x54, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, 0x12, - 0x1d, 0x0a, 0x0a, 0x73, 0x73, 0x68, 0x5f, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x73, 0x68, 0x48, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x12, 0x34, - 0x0a, 0x16, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x66, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, - 0x67, 0x5f, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, - 0x70, 0x6f, 0x72, 0x74, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, 0x6e, 0x67, 0x48, 0x65, - 0x6c, 0x70, 0x65, 0x72, 0x22, 0x2f, 0x0a, 0x03, 0x45, 0x6e, 0x76, 0x12, 0x12, 0x0a, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x9f, 0x02, 0x0a, 0x06, 0x53, 0x63, 0x72, 0x69, 0x70, 0x74, - 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, - 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, - 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x12, - 0x12, 0x0a, 0x04, 0x63, 0x72, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, - 0x72, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x62, 0x6c, 0x6f, - 0x63, 0x6b, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x10, 0x73, 0x74, 0x61, 0x72, 0x74, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x4c, 0x6f, 0x67, 0x69, - 0x6e, 0x12, 0x20, 0x0a, 0x0c, 0x72, 0x75, 0x6e, 0x5f, 0x6f, 0x6e, 0x5f, 0x73, 0x74, 0x61, 0x72, - 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x72, 0x75, 0x6e, 0x4f, 0x6e, 0x53, 0x74, - 0x61, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0b, 0x72, 0x75, 0x6e, 0x5f, 0x6f, 0x6e, 0x5f, 0x73, 0x74, - 0x6f, 0x70, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x72, 0x75, 0x6e, 0x4f, 0x6e, 0x53, - 0x74, 0x6f, 0x70, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, - 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, - 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x19, 0x0a, 0x08, - 0x6c, 0x6f, 0x67, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, - 0x6c, 0x6f, 0x67, 0x50, 0x61, 0x74, 0x68, 0x22, 0x6e, 0x0a, 0x0c, 0x44, 0x65, 0x76, 0x63, 0x6f, - 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x29, 0x0a, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x5f, 0x66, 0x6f, 0x6c, 0x64, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x46, 0x6f, 0x6c, 0x64, - 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x70, 0x61, 0x74, - 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, - 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x94, 0x03, 0x0a, 0x03, 0x41, 0x70, 0x70, 0x12, - 0x12, 0x0a, 0x04, 0x73, 0x6c, 0x75, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x73, - 0x6c, 0x75, 0x67, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, 0x6c, - 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, - 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, - 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, - 0x72, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x75, 0x62, 0x64, 0x6f, 0x6d, - 0x61, 0x69, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x75, 0x62, 0x64, 0x6f, - 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x3a, 0x0a, 0x0b, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, - 0x65, 0x63, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, - 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, - 0x65, 0x63, 0x6b, 0x52, 0x0b, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, - 0x12, 0x41, 0x0a, 0x0d, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, - 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, - 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, - 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0c, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x65, - 0x76, 0x65, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x18, - 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x12, - 0x14, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, - 0x6f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x18, - 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x68, 0x69, 0x64, 0x64, 0x65, 0x6e, 0x12, 0x2f, 0x0a, - 0x07, 0x6f, 0x70, 0x65, 0x6e, 0x5f, 0x69, 0x6e, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x16, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, - 0x4f, 0x70, 0x65, 0x6e, 0x49, 0x6e, 0x52, 0x06, 0x6f, 0x70, 0x65, 0x6e, 0x49, 0x6e, 0x22, 0x59, - 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x12, 0x10, 0x0a, - 0x03, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, - 0x1a, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x1c, 0x0a, 0x09, 0x74, - 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, - 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, 0x92, 0x03, 0x0a, 0x08, 0x52, 0x65, - 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x2a, - 0x0a, 0x06, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x67, 0x65, - 0x6e, 0x74, 0x52, 0x06, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x3a, 0x0a, 0x08, 0x6d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1e, 0x2e, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x69, 0x64, 0x65, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x68, 0x69, 0x64, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, - 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x23, - 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x54, - 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x69, 0x6c, 0x79, 0x5f, 0x63, 0x6f, 0x73, - 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x64, 0x61, 0x69, 0x6c, 0x79, 0x43, 0x6f, - 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x5f, 0x70, 0x61, 0x74, - 0x68, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x50, - 0x61, 0x74, 0x68, 0x1a, 0x69, 0x0a, 0x08, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x65, 0x6e, 0x73, 0x69, - 0x74, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x65, 0x6e, 0x73, - 0x69, 0x74, 0x69, 0x76, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x69, 0x73, 0x5f, 0x6e, 0x75, 0x6c, 0x6c, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x69, 0x73, 0x4e, 0x75, 0x6c, 0x6c, 0x22, 0x4c, - 0x0a, 0x06, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x22, 0x31, 0x0a, 0x04, - 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x15, 0x0a, 0x06, 0x6f, 0x72, 0x67, 0x5f, - 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6f, 0x72, 0x67, 0x49, 0x64, 0x22, - 0x48, 0x0a, 0x15, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x41, - 0x75, 0x74, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x19, 0x0a, 0x08, 0x61, 0x67, 0x65, 0x6e, - 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x61, 0x67, 0x65, 0x6e, - 0x74, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xca, 0x09, 0x0a, 0x08, 0x4d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x5f, - 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, 0x6f, 0x64, 0x65, 0x72, - 0x55, 0x72, 0x6c, 0x12, 0x53, 0x0a, 0x14, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x5f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x20, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, - 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x72, - 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x25, 0x0a, 0x0e, 0x77, 0x6f, 0x72, 0x6b, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0d, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, - 0x27, 0x0a, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, - 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, 0x77, 0x6f, 0x72, 0x6b, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, 0x2c, 0x0a, 0x12, 0x77, - 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x69, - 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x49, 0x64, 0x12, 0x32, 0x0a, 0x15, 0x77, 0x6f, 0x72, - 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x65, 0x6d, 0x61, - 0x69, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x45, 0x6d, 0x61, 0x69, 0x6c, 0x12, 0x23, 0x0a, - 0x0d, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x08, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x76, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x74, 0x65, - 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x48, 0x0a, - 0x21, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, - 0x5f, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x6f, 0x6b, - 0x65, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1d, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x4f, 0x69, 0x64, 0x63, 0x41, 0x63, 0x63, 0x65, - 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x41, 0x0a, 0x1d, 0x77, 0x6f, 0x72, 0x6b, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x73, 0x65, 0x73, 0x73, 0x69, - 0x6f, 0x6e, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, - 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x53, 0x65, - 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x74, 0x65, - 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0a, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x49, 0x64, 0x12, 0x30, 0x0a, 0x14, 0x77, - 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x6e, - 0x61, 0x6d, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x77, 0x6f, 0x72, 0x6b, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x34, 0x0a, - 0x16, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, - 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x77, - 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x47, 0x72, 0x6f, - 0x75, 0x70, 0x73, 0x12, 0x42, 0x0a, 0x1e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x73, 0x73, 0x68, 0x5f, 0x70, 0x75, 0x62, 0x6c, 0x69, - 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1a, 0x77, 0x6f, 0x72, - 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x53, 0x73, 0x68, 0x50, 0x75, - 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x44, 0x0a, 0x1f, 0x77, 0x6f, 0x72, 0x6b, 0x73, + 0x65, 0x72, 0x73, 0x12, 0x22, 0x0a, 0x0d, 0x61, 0x70, 0x69, 0x5f, 0x6b, 0x65, 0x79, 0x5f, 0x73, + 0x63, 0x6f, 0x70, 0x65, 0x18, 0x1a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x70, 0x69, 0x4b, + 0x65, 0x79, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x1a, 0xa3, 0x01, 0x0a, 0x08, 0x4d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, + 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, + 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x72, + 0x69, 0x70, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x72, 0x69, 0x70, + 0x74, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x03, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x18, 0x0a, + 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x03, 0x52, 0x07, + 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x03, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x1a, 0x36, 0x0a, + 0x08, 0x45, 0x6e, 0x76, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, + 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x06, 0x0a, 0x04, 0x61, 0x75, 0x74, 0x68, 0x4a, 0x04, 0x08, + 0x0e, 0x10, 0x0f, 0x52, 0x12, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x5f, 0x62, 0x65, 0x66, 0x6f, 0x72, + 0x65, 0x5f, 0x72, 0x65, 0x61, 0x64, 0x79, 0x22, 0x8f, 0x01, 0x0a, 0x13, 0x52, 0x65, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x73, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, 0x69, 0x6e, 0x67, 0x12, + 0x3a, 0x0a, 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x22, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x65, + 0x6d, 0x6f, 0x72, 0x79, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, + 0x74, 0x6f, 0x72, 0x52, 0x06, 0x6d, 0x65, 0x6d, 0x6f, 0x72, 0x79, 0x12, 0x3c, 0x0a, 0x07, 0x76, + 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x6f, 0x6c, 0x75, 0x6d, + 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, 0x74, 0x6f, 0x72, + 0x52, 0x07, 0x76, 0x6f, 0x6c, 0x75, 0x6d, 0x65, 0x73, 0x22, 0x4f, 0x0a, 0x15, 0x4d, 0x65, 0x6d, + 0x6f, 0x72, 0x79, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, 0x74, + 0x6f, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x1c, 0x0a, 0x09, + 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, 0x63, 0x0a, 0x15, 0x56, 0x6f, + 0x6c, 0x75, 0x6d, 0x65, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4d, 0x6f, 0x6e, 0x69, + 0x74, 0x6f, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, + 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, + 0x64, 0x12, 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, + 0xc6, 0x01, 0x0a, 0x0b, 0x44, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x41, 0x70, 0x70, 0x73, 0x12, + 0x16, 0x0a, 0x06, 0x76, 0x73, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, + 0x06, 0x76, 0x73, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x76, 0x73, 0x63, 0x6f, 0x64, + 0x65, 0x5f, 0x69, 0x6e, 0x73, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, + 0x52, 0x0e, 0x76, 0x73, 0x63, 0x6f, 0x64, 0x65, 0x49, 0x6e, 0x73, 0x69, 0x64, 0x65, 0x72, 0x73, + 0x12, 0x21, 0x0a, 0x0c, 0x77, 0x65, 0x62, 0x5f, 0x74, 0x65, 0x72, 0x6d, 0x69, 0x6e, 0x61, 0x6c, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0b, 0x77, 0x65, 0x62, 0x54, 0x65, 0x72, 0x6d, 0x69, + 0x6e, 0x61, 0x6c, 0x12, 0x1d, 0x0a, 0x0a, 0x73, 0x73, 0x68, 0x5f, 0x68, 0x65, 0x6c, 0x70, 0x65, + 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, 0x73, 0x68, 0x48, 0x65, 0x6c, 0x70, + 0x65, 0x72, 0x12, 0x34, 0x0a, 0x16, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x66, 0x6f, 0x72, 0x77, 0x61, + 0x72, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x08, 0x52, 0x14, 0x70, 0x6f, 0x72, 0x74, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x69, + 0x6e, 0x67, 0x48, 0x65, 0x6c, 0x70, 0x65, 0x72, 0x22, 0x2f, 0x0a, 0x03, 0x45, 0x6e, 0x76, 0x12, + 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x22, 0x9f, 0x02, 0x0a, 0x06, 0x53, 0x63, + 0x72, 0x69, 0x70, 0x74, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x69, 0x73, 0x70, + 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, + 0x63, 0x72, 0x69, 0x70, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x72, + 0x69, 0x70, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x72, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x63, 0x72, 0x6f, 0x6e, 0x12, 0x2c, 0x0a, 0x12, 0x73, 0x74, 0x61, 0x72, 0x74, + 0x5f, 0x62, 0x6c, 0x6f, 0x63, 0x6b, 0x73, 0x5f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x08, 0x52, 0x10, 0x73, 0x74, 0x61, 0x72, 0x74, 0x42, 0x6c, 0x6f, 0x63, 0x6b, 0x73, + 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x12, 0x20, 0x0a, 0x0c, 0x72, 0x75, 0x6e, 0x5f, 0x6f, 0x6e, 0x5f, + 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0a, 0x72, 0x75, 0x6e, + 0x4f, 0x6e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x1e, 0x0a, 0x0b, 0x72, 0x75, 0x6e, 0x5f, 0x6f, + 0x6e, 0x5f, 0x73, 0x74, 0x6f, 0x70, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x72, 0x75, + 0x6e, 0x4f, 0x6e, 0x53, 0x74, 0x6f, 0x70, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69, 0x6d, 0x65, 0x6f, + 0x75, 0x74, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, + 0x52, 0x0e, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, + 0x12, 0x19, 0x0a, 0x08, 0x6c, 0x6f, 0x67, 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x09, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x6c, 0x6f, 0x67, 0x50, 0x61, 0x74, 0x68, 0x22, 0x6e, 0x0a, 0x0c, 0x44, + 0x65, 0x76, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x12, 0x29, 0x0a, 0x10, 0x77, + 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x66, 0x6f, 0x6c, 0x64, 0x65, 0x72, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x46, 0x6f, 0x6c, 0x64, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x0b, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x63, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x50, 0x61, 0x74, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x94, 0x03, 0x0a, 0x03, + 0x41, 0x70, 0x70, 0x12, 0x12, 0x0a, 0x04, 0x73, 0x6c, 0x75, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x04, 0x73, 0x6c, 0x75, 0x67, 0x12, 0x21, 0x0a, 0x0c, 0x64, 0x69, 0x73, 0x70, 0x6c, + 0x61, 0x79, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, + 0x69, 0x73, 0x70, 0x6c, 0x61, 0x79, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x63, 0x6f, + 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x63, 0x6f, 0x6d, + 0x6d, 0x61, 0x6e, 0x64, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x75, 0x72, 0x6c, 0x12, 0x12, 0x0a, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x12, 0x1c, 0x0a, 0x09, 0x73, 0x75, + 0x62, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, 0x73, + 0x75, 0x62, 0x64, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x12, 0x3a, 0x0a, 0x0b, 0x68, 0x65, 0x61, 0x6c, + 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, + 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x48, 0x65, 0x61, 0x6c, + 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x52, 0x0b, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, + 0x68, 0x65, 0x63, 0x6b, 0x12, 0x41, 0x0a, 0x0d, 0x73, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x5f, + 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x1c, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x53, 0x68, 0x61, + 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x0c, 0x73, 0x68, 0x61, 0x72, 0x69, + 0x6e, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x08, 0x52, 0x08, 0x65, 0x78, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x12, 0x14, 0x0a, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x18, 0x0a, 0x20, 0x01, + 0x28, 0x03, 0x52, 0x05, 0x6f, 0x72, 0x64, 0x65, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x68, 0x69, 0x64, + 0x64, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x68, 0x69, 0x64, 0x64, 0x65, + 0x6e, 0x12, 0x2f, 0x0a, 0x07, 0x6f, 0x70, 0x65, 0x6e, 0x5f, 0x69, 0x6e, 0x18, 0x0c, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x16, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, + 0x2e, 0x41, 0x70, 0x70, 0x4f, 0x70, 0x65, 0x6e, 0x49, 0x6e, 0x52, 0x06, 0x6f, 0x70, 0x65, 0x6e, + 0x49, 0x6e, 0x22, 0x59, 0x0a, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x63, 0x68, 0x65, 0x63, + 0x6b, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, + 0x75, 0x72, 0x6c, 0x12, 0x1a, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, + 0x1c, 0x0a, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x09, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x22, 0x92, 0x03, + 0x0a, 0x08, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, + 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x12, 0x2a, 0x0a, 0x06, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, + 0x2e, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x52, 0x06, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x3a, + 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x1e, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x69, + 0x64, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x08, 0x52, 0x04, 0x68, 0x69, 0x64, 0x65, 0x12, 0x12, + 0x0a, 0x04, 0x69, 0x63, 0x6f, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x69, 0x63, + 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x69, 0x6e, 0x73, 0x74, 0x61, 0x6e, 0x63, 0x65, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x69, 0x6e, 0x73, 0x74, 0x61, + 0x6e, 0x63, 0x65, 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x0a, 0x64, 0x61, 0x69, 0x6c, 0x79, + 0x5f, 0x63, 0x6f, 0x73, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x09, 0x64, 0x61, 0x69, + 0x6c, 0x79, 0x43, 0x6f, 0x73, 0x74, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, + 0x5f, 0x70, 0x61, 0x74, 0x68, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x6d, 0x6f, 0x64, + 0x75, 0x6c, 0x65, 0x50, 0x61, 0x74, 0x68, 0x1a, 0x69, 0x0a, 0x08, 0x4d, 0x65, 0x74, 0x61, 0x64, + 0x61, 0x74, 0x61, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x73, + 0x65, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x09, + 0x73, 0x65, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x76, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x69, 0x73, 0x5f, + 0x6e, 0x75, 0x6c, 0x6c, 0x18, 0x04, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x69, 0x73, 0x4e, 0x75, + 0x6c, 0x6c, 0x22, 0x4c, 0x0a, 0x06, 0x4d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x12, 0x16, 0x0a, 0x06, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x10, + 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x22, 0x31, 0x0a, 0x04, 0x52, 0x6f, 0x6c, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x15, 0x0a, 0x06, + 0x6f, 0x72, 0x67, 0x5f, 0x69, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6f, 0x72, + 0x67, 0x49, 0x64, 0x22, 0x48, 0x0a, 0x15, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x41, 0x67, + 0x65, 0x6e, 0x74, 0x41, 0x75, 0x74, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x19, 0x0a, 0x08, + 0x61, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x69, 0x64, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, + 0x61, 0x67, 0x65, 0x6e, 0x74, 0x49, 0x64, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xca, 0x09, + 0x0a, 0x08, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x1b, 0x0a, 0x09, 0x63, 0x6f, + 0x64, 0x65, 0x72, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x63, + 0x6f, 0x64, 0x65, 0x72, 0x55, 0x72, 0x6c, 0x12, 0x53, 0x0a, 0x14, 0x77, 0x6f, 0x72, 0x6b, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x5f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x20, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, + 0x6e, 0x65, 0x72, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x72, 0x61, + 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x13, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x25, 0x0a, 0x0e, + 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4e, + 0x61, 0x6d, 0x65, 0x12, 0x27, 0x0a, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x77, 0x6f, + 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x12, 0x21, 0x0a, 0x0c, + 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x05, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0b, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x49, 0x64, 0x12, + 0x2c, 0x0a, 0x12, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, + 0x65, 0x72, 0x5f, 0x69, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x77, 0x6f, 0x72, + 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x49, 0x64, 0x12, 0x32, 0x0a, + 0x15, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, + 0x5f, 0x65, 0x6d, 0x61, 0x69, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x77, 0x6f, + 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x45, 0x6d, 0x61, 0x69, + 0x6c, 0x12, 0x23, 0x0a, 0x0d, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x6e, 0x61, + 0x6d, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, + 0x74, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, + 0x74, 0x65, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0f, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, + 0x6e, 0x12, 0x48, 0x0a, 0x21, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, + 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x6f, 0x69, 0x64, 0x63, 0x5f, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1d, 0x77, 0x6f, + 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x4f, 0x69, 0x64, 0x63, + 0x41, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x41, 0x0a, 0x1d, 0x77, + 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x73, + 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x1a, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, + 0x65, 0x72, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x12, 0x1f, + 0x0a, 0x0b, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x69, 0x64, 0x18, 0x0c, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0a, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x49, 0x64, 0x12, + 0x30, 0x0a, 0x14, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, + 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x12, 0x77, + 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x4e, 0x61, 0x6d, + 0x65, 0x12, 0x34, 0x0a, 0x16, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, + 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x18, 0x0e, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x14, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, + 0x72, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x73, 0x12, 0x42, 0x0a, 0x1e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x73, 0x73, 0x68, 0x5f, 0x70, - 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x10, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x1b, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, - 0x53, 0x73, 0x68, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x2c, 0x0a, - 0x12, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x62, 0x75, 0x69, 0x6c, 0x64, - 0x5f, 0x69, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x49, 0x64, 0x12, 0x3b, 0x0a, 0x1a, 0x77, - 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x6c, - 0x6f, 0x67, 0x69, 0x6e, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x12, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x17, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x4c, - 0x6f, 0x67, 0x69, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x4e, 0x0a, 0x1a, 0x77, 0x6f, 0x72, 0x6b, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x62, 0x61, 0x63, - 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x11, 0x2e, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x6c, 0x65, 0x52, - 0x17, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x52, - 0x62, 0x61, 0x63, 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x6d, 0x0a, 0x1e, 0x70, 0x72, 0x65, 0x62, - 0x75, 0x69, 0x6c, 0x74, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x62, - 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x73, 0x74, 0x61, 0x67, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x28, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, - 0x72, 0x65, 0x62, 0x75, 0x69, 0x6c, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x42, 0x75, 0x69, 0x6c, 0x64, 0x53, 0x74, 0x61, 0x67, 0x65, 0x52, 0x1b, 0x70, 0x72, 0x65, 0x62, - 0x75, 0x69, 0x6c, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x42, 0x75, 0x69, - 0x6c, 0x64, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x5d, 0x0a, 0x19, 0x72, 0x75, 0x6e, 0x6e, 0x69, - 0x6e, 0x67, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x74, 0x6f, - 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x15, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, - 0x41, 0x67, 0x65, 0x6e, 0x74, 0x41, 0x75, 0x74, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x52, 0x16, - 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x41, 0x75, 0x74, 0x68, - 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x22, 0x8a, 0x01, 0x0a, 0x06, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x12, 0x36, 0x0a, 0x17, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x5f, 0x61, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0c, 0x52, 0x15, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x53, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, - 0x32, 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x5f, 0x6c, - 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x4c, 0x65, - 0x76, 0x65, 0x6c, 0x22, 0x0e, 0x0a, 0x0c, 0x50, 0x61, 0x72, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x22, 0xa3, 0x02, 0x0a, 0x0d, 0x50, 0x61, 0x72, 0x73, 0x65, 0x43, 0x6f, 0x6d, - 0x70, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x4c, 0x0a, 0x12, 0x74, - 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, - 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, - 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x56, 0x61, - 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x11, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, - 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, - 0x64, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, 0x65, 0x61, 0x64, 0x6d, - 0x65, 0x12, 0x54, 0x0a, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x74, - 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x70, 0x72, 0x6f, 0x76, - 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x72, 0x73, 0x65, 0x43, 0x6f, 0x6d, - 0x70, 0x6c, 0x65, 0x74, 0x65, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, - 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, - 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x1a, 0x40, 0x0a, 0x12, 0x57, 0x6f, 0x72, 0x6b, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, - 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, - 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb5, 0x02, 0x0a, 0x0b, 0x50, 0x6c, - 0x61, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x08, 0x6d, 0x65, 0x74, - 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, - 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, - 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x12, 0x53, 0x0a, 0x15, - 0x72, 0x69, 0x63, 0x68, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x70, 0x72, - 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x69, 0x63, 0x68, 0x50, 0x61, - 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x13, 0x72, 0x69, + 0x75, 0x62, 0x6c, 0x69, 0x63, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x0f, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x1a, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, 0x6e, 0x65, 0x72, 0x53, + 0x73, 0x68, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x4b, 0x65, 0x79, 0x12, 0x44, 0x0a, 0x1f, 0x77, + 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, 0x73, + 0x73, 0x68, 0x5f, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x10, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x1b, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, + 0x77, 0x6e, 0x65, 0x72, 0x53, 0x73, 0x68, 0x50, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, + 0x79, 0x12, 0x2c, 0x0a, 0x12, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x62, + 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x69, 0x64, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x77, + 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x49, 0x64, 0x12, + 0x3b, 0x0a, 0x1a, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, + 0x65, 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x69, 0x6e, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x12, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x17, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, + 0x6e, 0x65, 0x72, 0x4c, 0x6f, 0x67, 0x69, 0x6e, 0x54, 0x79, 0x70, 0x65, 0x12, 0x4e, 0x0a, 0x1a, + 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x6f, 0x77, 0x6e, 0x65, 0x72, 0x5f, + 0x72, 0x62, 0x61, 0x63, 0x5f, 0x72, 0x6f, 0x6c, 0x65, 0x73, 0x18, 0x13, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x11, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, + 0x6f, 0x6c, 0x65, 0x52, 0x17, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x4f, 0x77, + 0x6e, 0x65, 0x72, 0x52, 0x62, 0x61, 0x63, 0x52, 0x6f, 0x6c, 0x65, 0x73, 0x12, 0x6d, 0x0a, 0x1e, + 0x70, 0x72, 0x65, 0x62, 0x75, 0x69, 0x6c, 0x74, 0x5f, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x5f, 0x62, 0x75, 0x69, 0x6c, 0x64, 0x5f, 0x73, 0x74, 0x61, 0x67, 0x65, 0x18, 0x14, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x65, 0x72, 0x2e, 0x50, 0x72, 0x65, 0x62, 0x75, 0x69, 0x6c, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, + 0x70, 0x61, 0x63, 0x65, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x53, 0x74, 0x61, 0x67, 0x65, 0x52, 0x1b, + 0x70, 0x72, 0x65, 0x62, 0x75, 0x69, 0x6c, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, + 0x65, 0x42, 0x75, 0x69, 0x6c, 0x64, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x5d, 0x0a, 0x19, 0x72, + 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x5f, 0x61, 0x67, 0x65, 0x6e, 0x74, 0x5f, 0x61, 0x75, 0x74, + 0x68, 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x18, 0x15, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, + 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x75, 0x6e, + 0x6e, 0x69, 0x6e, 0x67, 0x41, 0x67, 0x65, 0x6e, 0x74, 0x41, 0x75, 0x74, 0x68, 0x54, 0x6f, 0x6b, + 0x65, 0x6e, 0x52, 0x16, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x41, 0x67, 0x65, 0x6e, 0x74, + 0x41, 0x75, 0x74, 0x68, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x73, 0x22, 0x8a, 0x01, 0x0a, 0x06, 0x43, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x36, 0x0a, 0x17, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, + 0x65, 0x5f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x61, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x15, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, + 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x41, 0x72, 0x63, 0x68, 0x69, 0x76, 0x65, 0x12, 0x14, 0x0a, + 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x73, 0x74, + 0x61, 0x74, 0x65, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x65, 0x72, 0x5f, 0x6c, 0x6f, 0x67, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x13, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x4c, + 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x22, 0x0e, 0x0a, 0x0c, 0x50, 0x61, 0x72, 0x73, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0xa3, 0x02, 0x0a, 0x0d, 0x50, 0x61, 0x72, 0x73, + 0x65, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, + 0x4c, 0x0a, 0x12, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x5f, 0x76, 0x61, 0x72, 0x69, + 0x61, 0x62, 0x6c, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x65, 0x6d, 0x70, 0x6c, 0x61, + 0x74, 0x65, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x52, 0x11, 0x74, 0x65, 0x6d, 0x70, + 0x6c, 0x61, 0x74, 0x65, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x73, 0x12, 0x16, 0x0a, + 0x06, 0x72, 0x65, 0x61, 0x64, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x06, 0x72, + 0x65, 0x61, 0x64, 0x6d, 0x65, 0x12, 0x54, 0x0a, 0x0e, 0x77, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x5f, 0x74, 0x61, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, + 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x72, 0x73, + 0x65, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0d, 0x77, 0x6f, + 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x1a, 0x40, 0x0a, 0x12, 0x57, + 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x61, 0x67, 0x73, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, + 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xb5, 0x02, + 0x0a, 0x0b, 0x50, 0x6c, 0x61, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, + 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x65, + 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, + 0x12, 0x53, 0x0a, 0x15, 0x72, 0x69, 0x63, 0x68, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, + 0x65, 0x72, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x1f, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x69, 0x63, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x56, 0x61, 0x6c, 0x75, 0x65, - 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, - 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, 0x65, - 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x59, 0x0a, 0x17, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, - 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, - 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, - 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x73, 0x22, 0xf0, 0x03, 0x0a, 0x0c, 0x50, 0x6c, 0x61, 0x6e, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, - 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x33, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, - 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3a, 0x0a, - 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, - 0x52, 0x69, 0x63, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x52, 0x0a, 0x70, - 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x61, 0x0a, 0x17, 0x65, 0x78, 0x74, - 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, - 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, - 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x2d, 0x0a, 0x07, - 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, - 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x69, 0x6d, 0x69, - 0x6e, 0x67, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x6d, - 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x6f, 0x64, 0x75, 0x6c, - 0x65, 0x52, 0x07, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x70, 0x72, - 0x65, 0x73, 0x65, 0x74, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, - 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x72, 0x65, 0x73, 0x65, 0x74, - 0x52, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6c, 0x61, - 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x12, 0x55, 0x0a, - 0x15, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, - 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x70, + 0x52, 0x13, 0x72, 0x69, 0x63, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x56, + 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x43, 0x0a, 0x0f, 0x76, 0x61, 0x72, 0x69, 0x61, 0x62, 0x6c, + 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, + 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x56, 0x61, 0x72, + 0x69, 0x61, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x76, 0x61, 0x72, 0x69, + 0x61, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x73, 0x12, 0x59, 0x0a, 0x17, 0x65, 0x78, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, + 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x15, + 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, + 0x69, 0x64, 0x65, 0x72, 0x73, 0x22, 0xf0, 0x03, 0x0a, 0x0c, 0x50, 0x6c, 0x61, 0x6e, 0x43, 0x6f, + 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x33, 0x0a, 0x09, + 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x73, 0x12, 0x3a, 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, + 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, + 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x69, 0x63, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, + 0x72, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x61, 0x0a, + 0x17, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, + 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, + 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, + 0x72, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, + 0x12, 0x2d, 0x0a, 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, + 0x54, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x12, + 0x2d, 0x0a, 0x07, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, + 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x52, 0x07, 0x6d, 0x6f, 0x64, 0x75, 0x6c, 0x65, 0x73, 0x12, 0x2d, + 0x0a, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x74, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x72, + 0x65, 0x73, 0x65, 0x74, 0x52, 0x07, 0x70, 0x72, 0x65, 0x73, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, + 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x04, 0x70, 0x6c, 0x61, + 0x6e, 0x12, 0x55, 0x0a, 0x15, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x72, 0x65, + 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x20, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, + 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, 0x65, + 0x6e, 0x74, 0x52, 0x14, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x70, 0x6c, + 0x61, 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x73, 0x22, 0x41, 0x0a, 0x0c, 0x41, 0x70, 0x70, 0x6c, + 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, + 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, + 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, + 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xbe, 0x02, 0x0a, 0x0d, + 0x41, 0x70, 0x70, 0x6c, 0x79, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x14, 0x0a, + 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x73, 0x74, + 0x61, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x33, 0x0a, 0x09, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x52, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, 0x65, 0x6e, 0x74, 0x52, 0x14, - 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x65, 0x70, 0x6c, 0x61, 0x63, 0x65, 0x6d, - 0x65, 0x6e, 0x74, 0x73, 0x22, 0x41, 0x0a, 0x0c, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x52, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x12, 0x31, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, - 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x52, 0x08, 0x6d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x22, 0xbe, 0x02, 0x0a, 0x0d, 0x41, 0x70, 0x70, 0x6c, - 0x79, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, - 0x74, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x12, - 0x14, 0x0a, 0x05, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x65, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x33, 0x0a, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, - 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x0a, 0x70, 0x61, - 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x69, 0x63, - 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x52, 0x0a, 0x70, 0x61, 0x72, 0x61, - 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x61, 0x0a, 0x17, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, - 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, - 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, - 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, - 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x2d, 0x0a, 0x07, 0x74, 0x69, 0x6d, - 0x69, 0x6e, 0x67, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x52, - 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x22, 0xfa, 0x01, 0x0a, 0x06, 0x54, 0x69, 0x6d, - 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x05, - 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x2c, 0x0a, 0x03, 0x65, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x03, - 0x65, 0x6e, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x6f, 0x75, - 0x72, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, - 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, - 0x73, 0x74, 0x61, 0x67, 0x65, 0x12, 0x2e, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x65, 0x72, 0x2e, 0x54, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x52, 0x05, - 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x0f, 0x0a, 0x0d, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x8c, 0x02, 0x0a, 0x07, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, - 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x12, 0x31, 0x0a, 0x05, 0x70, 0x61, 0x72, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, - 0x61, 0x72, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x05, 0x70, - 0x61, 0x72, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, - 0x2e, 0x50, 0x6c, 0x61, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x04, - 0x70, 0x6c, 0x61, 0x6e, 0x12, 0x31, 0x0a, 0x05, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, - 0x72, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, - 0x52, 0x05, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x12, 0x34, 0x0a, 0x06, 0x63, 0x61, 0x6e, 0x63, 0x65, - 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, - 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x06, 0x63, 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x42, 0x06, 0x0a, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0xd1, 0x01, 0x0a, 0x08, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x12, 0x24, 0x0a, 0x03, 0x6c, 0x6f, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x10, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x4c, 0x6f, - 0x67, 0x48, 0x00, 0x52, 0x03, 0x6c, 0x6f, 0x67, 0x12, 0x32, 0x0a, 0x05, 0x70, 0x61, 0x72, 0x73, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, - 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x72, 0x73, 0x65, 0x43, 0x6f, 0x6d, 0x70, 0x6c, - 0x65, 0x74, 0x65, 0x48, 0x00, 0x52, 0x05, 0x70, 0x61, 0x72, 0x73, 0x65, 0x12, 0x2f, 0x0a, 0x04, - 0x70, 0x6c, 0x61, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, - 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6c, 0x61, 0x6e, 0x43, 0x6f, 0x6d, - 0x70, 0x6c, 0x65, 0x74, 0x65, 0x48, 0x00, 0x52, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x12, 0x32, 0x0a, - 0x05, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, - 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x79, - 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x48, 0x00, 0x52, 0x05, 0x61, 0x70, 0x70, 0x6c, - 0x79, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x2a, 0x3f, 0x0a, 0x08, 0x4c, 0x6f, 0x67, - 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x09, 0x0a, 0x05, 0x54, 0x52, 0x41, 0x43, 0x45, 0x10, 0x00, - 0x12, 0x09, 0x0a, 0x05, 0x44, 0x45, 0x42, 0x55, 0x47, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x49, - 0x4e, 0x46, 0x4f, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x57, 0x41, 0x52, 0x4e, 0x10, 0x03, 0x12, - 0x09, 0x0a, 0x05, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x04, 0x2a, 0x3b, 0x0a, 0x0f, 0x41, 0x70, - 0x70, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x09, 0x0a, - 0x05, 0x4f, 0x57, 0x4e, 0x45, 0x52, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x41, 0x55, 0x54, 0x48, - 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x50, - 0x55, 0x42, 0x4c, 0x49, 0x43, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x09, 0x41, 0x70, 0x70, 0x4f, 0x70, - 0x65, 0x6e, 0x49, 0x6e, 0x12, 0x0e, 0x0a, 0x06, 0x57, 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x10, 0x00, - 0x1a, 0x02, 0x08, 0x01, 0x12, 0x0f, 0x0a, 0x0b, 0x53, 0x4c, 0x49, 0x4d, 0x5f, 0x57, 0x49, 0x4e, - 0x44, 0x4f, 0x57, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x41, 0x42, 0x10, 0x02, 0x2a, 0x37, - 0x0a, 0x13, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, 0x72, 0x61, 0x6e, 0x73, - 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x54, 0x41, 0x52, 0x54, 0x10, 0x00, - 0x12, 0x08, 0x0a, 0x04, 0x53, 0x54, 0x4f, 0x50, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, - 0x53, 0x54, 0x52, 0x4f, 0x59, 0x10, 0x02, 0x2a, 0x3e, 0x0a, 0x1b, 0x50, 0x72, 0x65, 0x62, 0x75, - 0x69, 0x6c, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x42, 0x75, 0x69, 0x6c, - 0x64, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, - 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, - 0x43, 0x4c, 0x41, 0x49, 0x4d, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x0b, 0x54, 0x69, 0x6d, 0x69, 0x6e, - 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x54, 0x41, 0x52, 0x54, 0x45, - 0x44, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f, 0x4d, 0x50, 0x4c, 0x45, 0x54, 0x45, 0x44, - 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, 0x10, 0x02, 0x32, 0x49, - 0x0a, 0x0b, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x12, 0x3a, 0x0a, - 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, - 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x15, - 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x73, - 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x30, 0x5a, 0x2e, 0x67, 0x69, 0x74, - 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x63, 0x6f, - 0x64, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, - 0x65, 0x72, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x72, 0x63, 0x65, 0x52, 0x09, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x3a, + 0x0a, 0x0a, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, + 0x2e, 0x52, 0x69, 0x63, 0x68, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x52, 0x0a, + 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x61, 0x0a, 0x17, 0x65, 0x78, + 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x70, 0x72, 0x6f, 0x76, + 0x69, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, + 0x61, 0x6c, 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x52, 0x15, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, + 0x41, 0x75, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x64, 0x65, 0x72, 0x73, 0x12, 0x2d, 0x0a, + 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x13, + 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x69, 0x6d, + 0x69, 0x6e, 0x67, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x73, 0x22, 0xfa, 0x01, 0x0a, + 0x06, 0x54, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x12, 0x30, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, + 0x6d, 0x70, 0x52, 0x05, 0x73, 0x74, 0x61, 0x72, 0x74, 0x12, 0x2c, 0x0a, 0x03, 0x65, 0x6e, 0x64, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, + 0x6d, 0x70, 0x52, 0x03, 0x65, 0x6e, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, + 0x16, 0x0a, 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x12, 0x1a, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x72, 0x65, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x73, 0x74, 0x61, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x05, 0x73, 0x74, 0x61, 0x67, 0x65, 0x12, 0x2e, 0x0a, 0x05, 0x73, 0x74, 0x61, + 0x74, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x54, 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, + 0x74, 0x65, 0x52, 0x05, 0x73, 0x74, 0x61, 0x74, 0x65, 0x22, 0x0f, 0x0a, 0x0d, 0x43, 0x61, 0x6e, + 0x63, 0x65, 0x6c, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x22, 0x8c, 0x02, 0x0a, 0x07, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x2d, 0x0a, 0x06, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x13, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, + 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x06, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x31, 0x0a, 0x05, 0x70, 0x61, 0x72, 0x73, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, + 0x65, 0x72, 0x2e, 0x50, 0x61, 0x72, 0x73, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, + 0x00, 0x52, 0x05, 0x70, 0x61, 0x72, 0x73, 0x65, 0x12, 0x2e, 0x0a, 0x04, 0x70, 0x6c, 0x61, 0x6e, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x18, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, + 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6c, 0x61, 0x6e, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, + 0x48, 0x00, 0x52, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x12, 0x31, 0x0a, 0x05, 0x61, 0x70, 0x70, 0x6c, + 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, + 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x48, 0x00, 0x52, 0x05, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x12, 0x34, 0x0a, 0x06, 0x63, + 0x61, 0x6e, 0x63, 0x65, 0x6c, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x43, 0x61, 0x6e, 0x63, 0x65, 0x6c, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x48, 0x00, 0x52, 0x06, 0x63, 0x61, 0x6e, 0x63, 0x65, + 0x6c, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x22, 0xd1, 0x01, 0x0a, 0x08, 0x52, 0x65, + 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x24, 0x0a, 0x03, 0x6c, 0x6f, 0x67, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x10, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, + 0x72, 0x2e, 0x4c, 0x6f, 0x67, 0x48, 0x00, 0x52, 0x03, 0x6c, 0x6f, 0x67, 0x12, 0x32, 0x0a, 0x05, + 0x70, 0x61, 0x72, 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x70, 0x72, + 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x72, 0x73, 0x65, 0x43, + 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x48, 0x00, 0x52, 0x05, 0x70, 0x61, 0x72, 0x73, 0x65, + 0x12, 0x2f, 0x0a, 0x04, 0x70, 0x6c, 0x61, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, + 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x50, 0x6c, 0x61, + 0x6e, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x48, 0x00, 0x52, 0x04, 0x70, 0x6c, 0x61, + 0x6e, 0x12, 0x32, 0x0a, 0x05, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1a, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x41, + 0x70, 0x70, 0x6c, 0x79, 0x43, 0x6f, 0x6d, 0x70, 0x6c, 0x65, 0x74, 0x65, 0x48, 0x00, 0x52, 0x05, + 0x61, 0x70, 0x70, 0x6c, 0x79, 0x42, 0x06, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x2a, 0x3f, 0x0a, + 0x08, 0x4c, 0x6f, 0x67, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x09, 0x0a, 0x05, 0x54, 0x52, 0x41, + 0x43, 0x45, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x44, 0x45, 0x42, 0x55, 0x47, 0x10, 0x01, 0x12, + 0x08, 0x0a, 0x04, 0x49, 0x4e, 0x46, 0x4f, 0x10, 0x02, 0x12, 0x08, 0x0a, 0x04, 0x57, 0x41, 0x52, + 0x4e, 0x10, 0x03, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x04, 0x2a, 0x3b, + 0x0a, 0x0f, 0x41, 0x70, 0x70, 0x53, 0x68, 0x61, 0x72, 0x69, 0x6e, 0x67, 0x4c, 0x65, 0x76, 0x65, + 0x6c, 0x12, 0x09, 0x0a, 0x05, 0x4f, 0x57, 0x4e, 0x45, 0x52, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, + 0x41, 0x55, 0x54, 0x48, 0x45, 0x4e, 0x54, 0x49, 0x43, 0x41, 0x54, 0x45, 0x44, 0x10, 0x01, 0x12, + 0x0a, 0x0a, 0x06, 0x50, 0x55, 0x42, 0x4c, 0x49, 0x43, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x09, 0x41, + 0x70, 0x70, 0x4f, 0x70, 0x65, 0x6e, 0x49, 0x6e, 0x12, 0x0e, 0x0a, 0x06, 0x57, 0x49, 0x4e, 0x44, + 0x4f, 0x57, 0x10, 0x00, 0x1a, 0x02, 0x08, 0x01, 0x12, 0x0f, 0x0a, 0x0b, 0x53, 0x4c, 0x49, 0x4d, + 0x5f, 0x57, 0x49, 0x4e, 0x44, 0x4f, 0x57, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x41, 0x42, + 0x10, 0x02, 0x2a, 0x37, 0x0a, 0x13, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, 0x54, + 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x09, 0x0a, 0x05, 0x53, 0x54, 0x41, + 0x52, 0x54, 0x10, 0x00, 0x12, 0x08, 0x0a, 0x04, 0x53, 0x54, 0x4f, 0x50, 0x10, 0x01, 0x12, 0x0b, + 0x0a, 0x07, 0x44, 0x45, 0x53, 0x54, 0x52, 0x4f, 0x59, 0x10, 0x02, 0x2a, 0x3e, 0x0a, 0x1b, 0x50, + 0x72, 0x65, 0x62, 0x75, 0x69, 0x6c, 0x74, 0x57, 0x6f, 0x72, 0x6b, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x42, 0x75, 0x69, 0x6c, 0x64, 0x53, 0x74, 0x61, 0x67, 0x65, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, + 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x43, 0x52, 0x45, 0x41, 0x54, 0x45, 0x10, 0x01, + 0x12, 0x09, 0x0a, 0x05, 0x43, 0x4c, 0x41, 0x49, 0x4d, 0x10, 0x02, 0x2a, 0x35, 0x0a, 0x0b, 0x54, + 0x69, 0x6d, 0x69, 0x6e, 0x67, 0x53, 0x74, 0x61, 0x74, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x53, 0x54, + 0x41, 0x52, 0x54, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x43, 0x4f, 0x4d, 0x50, 0x4c, + 0x45, 0x54, 0x45, 0x44, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x46, 0x41, 0x49, 0x4c, 0x45, 0x44, + 0x10, 0x02, 0x32, 0x49, 0x0a, 0x0b, 0x50, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, + 0x72, 0x12, 0x3a, 0x0a, 0x07, 0x53, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x14, 0x2e, 0x70, + 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x2e, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x1a, 0x15, 0x2e, 0x70, 0x72, 0x6f, 0x76, 0x69, 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, + 0x2e, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x28, 0x01, 0x30, 0x01, 0x42, 0x30, 0x5a, + 0x2e, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x64, 0x65, + 0x72, 0x2f, 0x63, 0x6f, 0x64, 0x65, 0x72, 0x2f, 0x76, 0x32, 0x2f, 0x70, 0x72, 0x6f, 0x76, 0x69, + 0x73, 0x69, 0x6f, 0x6e, 0x65, 0x72, 0x73, 0x64, 0x6b, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/provisionersdk/proto/provisioner.proto b/provisionersdk/proto/provisioner.proto index 25c70b00a5486..749e9ca9fbda8 100644 --- a/provisionersdk/proto/provisioner.proto +++ b/provisionersdk/proto/provisioner.proto @@ -152,6 +152,7 @@ message Agent { int64 order = 23; ResourcesMonitoring resources_monitoring = 24; repeated Devcontainer devcontainers = 25; + string api_key_scope = 26; } enum AppSharingLevel { diff --git a/site/e2e/helpers.ts b/site/e2e/helpers.ts index 335cf0f1e7ddc..0c8b0590a3f43 100644 --- a/site/e2e/helpers.ts +++ b/site/e2e/helpers.ts @@ -645,6 +645,7 @@ const createTemplateVersionTar = async ( troubleshootingUrl: "", token: randomUUID(), devcontainers: [], + apiKeyScope: "all", ...agent, } as Agent; diff --git a/site/e2e/provisionerGenerated.ts b/site/e2e/provisionerGenerated.ts index fd23950631e6a..8746632088162 100644 --- a/site/e2e/provisionerGenerated.ts +++ b/site/e2e/provisionerGenerated.ts @@ -179,6 +179,7 @@ export interface Agent { order: number; resourcesMonitoring: ResourcesMonitoring | undefined; devcontainers: Devcontainer[]; + apiKeyScope: string; } export interface Agent_Metadata { @@ -707,6 +708,9 @@ export const Agent = { for (const v of message.devcontainers) { Devcontainer.encode(v!, writer.uint32(202).fork()).ldelim(); } + if (message.apiKeyScope !== "") { + writer.uint32(210).string(message.apiKeyScope); + } return writer; }, }; From b568aa74165a698ebfb1ef85938560510a43f8b0 Mon Sep 17 00:00:00 2001 From: Stephen Kirby <58410745+stirby@users.noreply.github.com> Date: Thu, 15 May 2025 19:11:05 -0500 Subject: [PATCH 07/14] chore: cherry pick migrations for release 2.22 (#17873) Co-authored-by: brettkolodny Co-authored-by: Danielle Maywood Co-authored-by: Steven Masley --- coderd/apidoc/docs.go | 20 ++++ coderd/apidoc/swagger.json | 20 ++++ coderd/database/dbgen/dbgen.go | 1 + coderd/database/dbmem/dbmem.go | 1 + coderd/database/dump.sql | 60 ++++++++++- coderd/database/foreign_key_constraint.go | 4 + ...ting_orgs_to_filter_deleted_users.down.sql | 96 +++++++++++++++++ ...leting_orgs_to_filter_deleted_users.up.sql | 101 ++++++++++++++++++ .../database/migrations/000319_chat.down.sql | 3 + coderd/database/migrations/000319_chat.up.sql | 17 +++ .../000320_terraform_cached_modules.down.sql | 1 + .../000320_terraform_cached_modules.up.sql | 1 + ...add_parent_id_to_workspace_agents.down.sql | 2 + ...1_add_parent_id_to_workspace_agents.up.sql | 2 + .../000322_rename_test_notification.down.sql | 3 + .../000322_rename_test_notification.up.sql | 3 + ...00325_dynamic_parameters_metadata.down.sql | 1 + .../000325_dynamic_parameters_metadata.up.sql | 4 + .../testdata/fixtures/000319_chat.up.sql | 6 ++ coderd/database/models.go | 23 +++- coderd/database/querier_test.go | 37 +++++++ coderd/database/queries.sql.go | 81 +++++++++++--- coderd/database/queries/organizations.sql | 45 +++++++- coderd/database/queries/workspaceagents.sql | 3 +- coderd/database/unique_constraint.go | 2 + .../TemplateTestNotification.json.golden | 2 +- .../provisionerdserver/provisionerdserver.go | 1 + .../provisionerdserver_test.go | 1 + codersdk/workspaceagents.go | 1 + docs/admin/security/audit-logs.md | 2 +- docs/reference/api/agents.md | 4 + docs/reference/api/builds.md | 30 ++++++ docs/reference/api/schemas.md | 37 +++++++ docs/reference/api/templates.md | 14 +++ docs/reference/api/workspaces.md | 24 +++++ enterprise/audit/table.go | 1 + site/src/api/typesGenerated.ts | 1 + .../pages/WorkspacePage/Workspace.stories.tsx | 27 +++++ site/src/pages/WorkspacePage/Workspace.tsx | 38 ++++--- site/src/testHelpers/entities.ts | 42 ++++++++ 40 files changed, 720 insertions(+), 42 deletions(-) create mode 100644 coderd/database/migrations/000318_update_protect_deleting_orgs_to_filter_deleted_users.down.sql create mode 100644 coderd/database/migrations/000318_update_protect_deleting_orgs_to_filter_deleted_users.up.sql create mode 100644 coderd/database/migrations/000319_chat.down.sql create mode 100644 coderd/database/migrations/000319_chat.up.sql create mode 100644 coderd/database/migrations/000320_terraform_cached_modules.down.sql create mode 100644 coderd/database/migrations/000320_terraform_cached_modules.up.sql create mode 100644 coderd/database/migrations/000321_add_parent_id_to_workspace_agents.down.sql create mode 100644 coderd/database/migrations/000321_add_parent_id_to_workspace_agents.up.sql create mode 100644 coderd/database/migrations/000322_rename_test_notification.down.sql create mode 100644 coderd/database/migrations/000322_rename_test_notification.up.sql create mode 100644 coderd/database/migrations/000325_dynamic_parameters_metadata.down.sql create mode 100644 coderd/database/migrations/000325_dynamic_parameters_metadata.up.sql create mode 100644 coderd/database/migrations/testdata/fixtures/000319_chat.up.sql diff --git a/coderd/apidoc/docs.go b/coderd/apidoc/docs.go index 60340de45b8b5..eb30358ef918b 100644 --- a/coderd/apidoc/docs.go +++ b/coderd/apidoc/docs.go @@ -16488,6 +16488,14 @@ const docTemplate = `{ "operating_system": { "type": "string" }, + "parent_id": { + "format": "uuid", + "allOf": [ + { + "$ref": "#/definitions/uuid.NullUUID" + } + ] + }, "ready_at": { "type": "string", "format": "date-time" @@ -18492,6 +18500,18 @@ const docTemplate = `{ "url.Userinfo": { "type": "object" }, + "uuid.NullUUID": { + "type": "object", + "properties": { + "uuid": { + "type": "string" + }, + "valid": { + "description": "Valid is true if UUID is not NULL", + "type": "boolean" + } + } + }, "workspaceapps.AccessMethod": { "type": "string", "enum": [ diff --git a/coderd/apidoc/swagger.json b/coderd/apidoc/swagger.json index 93454fede9fe1..d21fccd71cf1d 100644 --- a/coderd/apidoc/swagger.json +++ b/coderd/apidoc/swagger.json @@ -15037,6 +15037,14 @@ "operating_system": { "type": "string" }, + "parent_id": { + "format": "uuid", + "allOf": [ + { + "$ref": "#/definitions/uuid.NullUUID" + } + ] + }, "ready_at": { "type": "string", "format": "date-time" @@ -16933,6 +16941,18 @@ "url.Userinfo": { "type": "object" }, + "uuid.NullUUID": { + "type": "object", + "properties": { + "uuid": { + "type": "string" + }, + "valid": { + "description": "Valid is true if UUID is not NULL", + "type": "boolean" + } + } + }, "workspaceapps.AccessMethod": { "type": "string", "enum": ["path", "subdomain", "terminal"], diff --git a/coderd/database/dbgen/dbgen.go b/coderd/database/dbgen/dbgen.go index 80ce962637e52..604060414ba68 100644 --- a/coderd/database/dbgen/dbgen.go +++ b/coderd/database/dbgen/dbgen.go @@ -157,6 +157,7 @@ func WorkspaceAgentPortShare(t testing.TB, db database.Store, orig database.Work func WorkspaceAgent(t testing.TB, db database.Store, orig database.WorkspaceAgent) database.WorkspaceAgent { agt, err := db.InsertWorkspaceAgent(genCtx, database.InsertWorkspaceAgentParams{ ID: takeFirst(orig.ID, uuid.New()), + ParentID: takeFirst(orig.ParentID, uuid.NullUUID{}), CreatedAt: takeFirst(orig.CreatedAt, dbtime.Now()), UpdatedAt: takeFirst(orig.UpdatedAt, dbtime.Now()), Name: takeFirst(orig.Name, testutil.GetRandomName(t)), diff --git a/coderd/database/dbmem/dbmem.go b/coderd/database/dbmem/dbmem.go index 362de7a7a02b7..e92de5d7cac7e 100644 --- a/coderd/database/dbmem/dbmem.go +++ b/coderd/database/dbmem/dbmem.go @@ -9477,6 +9477,7 @@ func (q *FakeQuerier) InsertWorkspaceAgent(_ context.Context, arg database.Inser agent := database.WorkspaceAgent{ ID: arg.ID, + ParentID: arg.ParentID, CreatedAt: arg.CreatedAt, UpdatedAt: arg.UpdatedAt, ResourceID: arg.ResourceID, diff --git a/coderd/database/dump.sql b/coderd/database/dump.sql index a56a0fd85d50f..0b1356ede11cc 100644 --- a/coderd/database/dump.sql +++ b/coderd/database/dump.sql @@ -487,9 +487,14 @@ BEGIN ); member_count := ( - SELECT count(*) as count FROM organization_members + SELECT + count(*) AS count + FROM + organization_members + LEFT JOIN users ON users.id = organization_members.user_id WHERE organization_members.organization_id = OLD.id + AND users.deleted = FALSE ); provisioner_keys_count := ( @@ -755,6 +760,32 @@ CREATE TABLE audit_logs ( resource_icon text NOT NULL ); +CREATE TABLE chat_messages ( + id bigint NOT NULL, + chat_id uuid NOT NULL, + created_at timestamp with time zone DEFAULT now() NOT NULL, + model text NOT NULL, + provider text NOT NULL, + content jsonb NOT NULL +); + +CREATE SEQUENCE chat_messages_id_seq + START WITH 1 + INCREMENT BY 1 + NO MINVALUE + NO MAXVALUE + CACHE 1; + +ALTER SEQUENCE chat_messages_id_seq OWNED BY chat_messages.id; + +CREATE TABLE chats ( + id uuid DEFAULT gen_random_uuid() NOT NULL, + owner_id uuid NOT NULL, + created_at timestamp with time zone DEFAULT now() NOT NULL, + updated_at timestamp with time zone DEFAULT now() NOT NULL, + title text NOT NULL +); + CREATE TABLE crypto_keys ( feature crypto_key_feature NOT NULL, sequence integer NOT NULL, @@ -1414,9 +1445,13 @@ CREATE TABLE template_version_presets ( CREATE TABLE template_version_terraform_values ( template_version_id uuid NOT NULL, updated_at timestamp with time zone DEFAULT now() NOT NULL, - cached_plan jsonb NOT NULL + cached_plan jsonb NOT NULL, + cached_module_files uuid, + provisionerd_version text DEFAULT ''::text NOT NULL ); +COMMENT ON COLUMN template_version_terraform_values.provisionerd_version IS 'What version of the provisioning engine was used to generate the cached plan and module files.'; + CREATE TABLE template_version_variables ( template_version_id uuid NOT NULL, name text NOT NULL, @@ -1806,6 +1841,7 @@ CREATE TABLE workspace_agents ( display_apps display_app[] DEFAULT '{vscode,vscode_insiders,web_terminal,ssh_helper,port_forwarding_helper}'::display_app[], api_version text DEFAULT ''::text NOT NULL, display_order integer DEFAULT 0 NOT NULL, + parent_id uuid, api_key_scope agent_key_scope_enum DEFAULT 'all'::agent_key_scope_enum NOT NULL, CONSTRAINT max_logs_length CHECK ((logs_length <= 1048576)), CONSTRAINT subsystems_not_none CHECK ((NOT ('none'::workspace_agent_subsystem = ANY (subsystems)))) @@ -2211,6 +2247,8 @@ CREATE VIEW workspaces_expanded AS COMMENT ON VIEW workspaces_expanded IS 'Joins in the display name information such as username, avatar, and organization name.'; +ALTER TABLE ONLY chat_messages ALTER COLUMN id SET DEFAULT nextval('chat_messages_id_seq'::regclass); + ALTER TABLE ONLY licenses ALTER COLUMN id SET DEFAULT nextval('licenses_id_seq'::regclass); ALTER TABLE ONLY provisioner_job_logs ALTER COLUMN id SET DEFAULT nextval('provisioner_job_logs_id_seq'::regclass); @@ -2232,6 +2270,12 @@ ALTER TABLE ONLY api_keys ALTER TABLE ONLY audit_logs ADD CONSTRAINT audit_logs_pkey PRIMARY KEY (id); +ALTER TABLE ONLY chat_messages + ADD CONSTRAINT chat_messages_pkey PRIMARY KEY (id); + +ALTER TABLE ONLY chats + ADD CONSTRAINT chats_pkey PRIMARY KEY (id); + ALTER TABLE ONLY crypto_keys ADD CONSTRAINT crypto_keys_pkey PRIMARY KEY (feature, sequence); @@ -2715,6 +2759,12 @@ CREATE TRIGGER user_status_change_trigger AFTER INSERT OR UPDATE ON users FOR EA ALTER TABLE ONLY api_keys ADD CONSTRAINT api_keys_user_id_uuid_fkey FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE; +ALTER TABLE ONLY chat_messages + ADD CONSTRAINT chat_messages_chat_id_fkey FOREIGN KEY (chat_id) REFERENCES chats(id) ON DELETE CASCADE; + +ALTER TABLE ONLY chats + ADD CONSTRAINT chats_owner_id_fkey FOREIGN KEY (owner_id) REFERENCES users(id) ON DELETE CASCADE; + ALTER TABLE ONLY crypto_keys ADD CONSTRAINT crypto_keys_secret_key_id_fkey FOREIGN KEY (secret_key_id) REFERENCES dbcrypt_keys(active_key_digest); @@ -2826,6 +2876,9 @@ ALTER TABLE ONLY template_version_preset_parameters ALTER TABLE ONLY template_version_presets ADD CONSTRAINT template_version_presets_template_version_id_fkey FOREIGN KEY (template_version_id) REFERENCES template_versions(id) ON DELETE CASCADE; +ALTER TABLE ONLY template_version_terraform_values + ADD CONSTRAINT template_version_terraform_values_cached_module_files_fkey FOREIGN KEY (cached_module_files) REFERENCES files(id); + ALTER TABLE ONLY template_version_terraform_values ADD CONSTRAINT template_version_terraform_values_template_version_id_fkey FOREIGN KEY (template_version_id) REFERENCES template_versions(id) ON DELETE CASCADE; @@ -2898,6 +2951,9 @@ ALTER TABLE ONLY workspace_agent_logs ALTER TABLE ONLY workspace_agent_volume_resource_monitors ADD CONSTRAINT workspace_agent_volume_resource_monitors_agent_id_fkey FOREIGN KEY (agent_id) REFERENCES workspace_agents(id) ON DELETE CASCADE; +ALTER TABLE ONLY workspace_agents + ADD CONSTRAINT workspace_agents_parent_id_fkey FOREIGN KEY (parent_id) REFERENCES workspace_agents(id) ON DELETE CASCADE; + ALTER TABLE ONLY workspace_agents ADD CONSTRAINT workspace_agents_resource_id_fkey FOREIGN KEY (resource_id) REFERENCES workspace_resources(id) ON DELETE CASCADE; diff --git a/coderd/database/foreign_key_constraint.go b/coderd/database/foreign_key_constraint.go index 3f5ce963e6fdb..d6b87ddff5376 100644 --- a/coderd/database/foreign_key_constraint.go +++ b/coderd/database/foreign_key_constraint.go @@ -7,6 +7,8 @@ type ForeignKeyConstraint string // ForeignKeyConstraint enums. const ( ForeignKeyAPIKeysUserIDUUID ForeignKeyConstraint = "api_keys_user_id_uuid_fkey" // ALTER TABLE ONLY api_keys ADD CONSTRAINT api_keys_user_id_uuid_fkey FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE CASCADE; + ForeignKeyChatMessagesChatID ForeignKeyConstraint = "chat_messages_chat_id_fkey" // ALTER TABLE ONLY chat_messages ADD CONSTRAINT chat_messages_chat_id_fkey FOREIGN KEY (chat_id) REFERENCES chats(id) ON DELETE CASCADE; + ForeignKeyChatsOwnerID ForeignKeyConstraint = "chats_owner_id_fkey" // ALTER TABLE ONLY chats ADD CONSTRAINT chats_owner_id_fkey FOREIGN KEY (owner_id) REFERENCES users(id) ON DELETE CASCADE; ForeignKeyCryptoKeysSecretKeyID ForeignKeyConstraint = "crypto_keys_secret_key_id_fkey" // ALTER TABLE ONLY crypto_keys ADD CONSTRAINT crypto_keys_secret_key_id_fkey FOREIGN KEY (secret_key_id) REFERENCES dbcrypt_keys(active_key_digest); ForeignKeyGitAuthLinksOauthAccessTokenKeyID ForeignKeyConstraint = "git_auth_links_oauth_access_token_key_id_fkey" // ALTER TABLE ONLY external_auth_links ADD CONSTRAINT git_auth_links_oauth_access_token_key_id_fkey FOREIGN KEY (oauth_access_token_key_id) REFERENCES dbcrypt_keys(active_key_digest); ForeignKeyGitAuthLinksOauthRefreshTokenKeyID ForeignKeyConstraint = "git_auth_links_oauth_refresh_token_key_id_fkey" // ALTER TABLE ONLY external_auth_links ADD CONSTRAINT git_auth_links_oauth_refresh_token_key_id_fkey FOREIGN KEY (oauth_refresh_token_key_id) REFERENCES dbcrypt_keys(active_key_digest); @@ -44,6 +46,7 @@ const ( ForeignKeyTemplateVersionParametersTemplateVersionID ForeignKeyConstraint = "template_version_parameters_template_version_id_fkey" // ALTER TABLE ONLY template_version_parameters ADD CONSTRAINT template_version_parameters_template_version_id_fkey FOREIGN KEY (template_version_id) REFERENCES template_versions(id) ON DELETE CASCADE; ForeignKeyTemplateVersionPresetParametTemplateVersionPresetID ForeignKeyConstraint = "template_version_preset_paramet_template_version_preset_id_fkey" // ALTER TABLE ONLY template_version_preset_parameters ADD CONSTRAINT template_version_preset_paramet_template_version_preset_id_fkey FOREIGN KEY (template_version_preset_id) REFERENCES template_version_presets(id) ON DELETE CASCADE; ForeignKeyTemplateVersionPresetsTemplateVersionID ForeignKeyConstraint = "template_version_presets_template_version_id_fkey" // ALTER TABLE ONLY template_version_presets ADD CONSTRAINT template_version_presets_template_version_id_fkey FOREIGN KEY (template_version_id) REFERENCES template_versions(id) ON DELETE CASCADE; + ForeignKeyTemplateVersionTerraformValuesCachedModuleFiles ForeignKeyConstraint = "template_version_terraform_values_cached_module_files_fkey" // ALTER TABLE ONLY template_version_terraform_values ADD CONSTRAINT template_version_terraform_values_cached_module_files_fkey FOREIGN KEY (cached_module_files) REFERENCES files(id); ForeignKeyTemplateVersionTerraformValuesTemplateVersionID ForeignKeyConstraint = "template_version_terraform_values_template_version_id_fkey" // ALTER TABLE ONLY template_version_terraform_values ADD CONSTRAINT template_version_terraform_values_template_version_id_fkey FOREIGN KEY (template_version_id) REFERENCES template_versions(id) ON DELETE CASCADE; ForeignKeyTemplateVersionVariablesTemplateVersionID ForeignKeyConstraint = "template_version_variables_template_version_id_fkey" // ALTER TABLE ONLY template_version_variables ADD CONSTRAINT template_version_variables_template_version_id_fkey FOREIGN KEY (template_version_id) REFERENCES template_versions(id) ON DELETE CASCADE; ForeignKeyTemplateVersionWorkspaceTagsTemplateVersionID ForeignKeyConstraint = "template_version_workspace_tags_template_version_id_fkey" // ALTER TABLE ONLY template_version_workspace_tags ADD CONSTRAINT template_version_workspace_tags_template_version_id_fkey FOREIGN KEY (template_version_id) REFERENCES template_versions(id) ON DELETE CASCADE; @@ -68,6 +71,7 @@ const ( ForeignKeyWorkspaceAgentScriptsWorkspaceAgentID ForeignKeyConstraint = "workspace_agent_scripts_workspace_agent_id_fkey" // ALTER TABLE ONLY workspace_agent_scripts ADD CONSTRAINT workspace_agent_scripts_workspace_agent_id_fkey FOREIGN KEY (workspace_agent_id) REFERENCES workspace_agents(id) ON DELETE CASCADE; ForeignKeyWorkspaceAgentStartupLogsAgentID ForeignKeyConstraint = "workspace_agent_startup_logs_agent_id_fkey" // ALTER TABLE ONLY workspace_agent_logs ADD CONSTRAINT workspace_agent_startup_logs_agent_id_fkey FOREIGN KEY (agent_id) REFERENCES workspace_agents(id) ON DELETE CASCADE; ForeignKeyWorkspaceAgentVolumeResourceMonitorsAgentID ForeignKeyConstraint = "workspace_agent_volume_resource_monitors_agent_id_fkey" // ALTER TABLE ONLY workspace_agent_volume_resource_monitors ADD CONSTRAINT workspace_agent_volume_resource_monitors_agent_id_fkey FOREIGN KEY (agent_id) REFERENCES workspace_agents(id) ON DELETE CASCADE; + ForeignKeyWorkspaceAgentsParentID ForeignKeyConstraint = "workspace_agents_parent_id_fkey" // ALTER TABLE ONLY workspace_agents ADD CONSTRAINT workspace_agents_parent_id_fkey FOREIGN KEY (parent_id) REFERENCES workspace_agents(id) ON DELETE CASCADE; ForeignKeyWorkspaceAgentsResourceID ForeignKeyConstraint = "workspace_agents_resource_id_fkey" // ALTER TABLE ONLY workspace_agents ADD CONSTRAINT workspace_agents_resource_id_fkey FOREIGN KEY (resource_id) REFERENCES workspace_resources(id) ON DELETE CASCADE; ForeignKeyWorkspaceAppAuditSessionsAgentID ForeignKeyConstraint = "workspace_app_audit_sessions_agent_id_fkey" // ALTER TABLE ONLY workspace_app_audit_sessions ADD CONSTRAINT workspace_app_audit_sessions_agent_id_fkey FOREIGN KEY (agent_id) REFERENCES workspace_agents(id) ON DELETE CASCADE; ForeignKeyWorkspaceAppStatsAgentID ForeignKeyConstraint = "workspace_app_stats_agent_id_fkey" // ALTER TABLE ONLY workspace_app_stats ADD CONSTRAINT workspace_app_stats_agent_id_fkey FOREIGN KEY (agent_id) REFERENCES workspace_agents(id); diff --git a/coderd/database/migrations/000318_update_protect_deleting_orgs_to_filter_deleted_users.down.sql b/coderd/database/migrations/000318_update_protect_deleting_orgs_to_filter_deleted_users.down.sql new file mode 100644 index 0000000000000..cacafc029222c --- /dev/null +++ b/coderd/database/migrations/000318_update_protect_deleting_orgs_to_filter_deleted_users.down.sql @@ -0,0 +1,96 @@ +DROP TRIGGER IF EXISTS protect_deleting_organizations ON organizations; + +-- Replace the function with the new implementation +CREATE OR REPLACE FUNCTION protect_deleting_organizations() + RETURNS TRIGGER AS +$$ +DECLARE + workspace_count int; + template_count int; + group_count int; + member_count int; + provisioner_keys_count int; +BEGIN + workspace_count := ( + SELECT count(*) as count FROM workspaces + WHERE + workspaces.organization_id = OLD.id + AND workspaces.deleted = false + ); + + template_count := ( + SELECT count(*) as count FROM templates + WHERE + templates.organization_id = OLD.id + AND templates.deleted = false + ); + + group_count := ( + SELECT count(*) as count FROM groups + WHERE + groups.organization_id = OLD.id + ); + + member_count := ( + SELECT count(*) as count FROM organization_members + WHERE + organization_members.organization_id = OLD.id + ); + + provisioner_keys_count := ( + Select count(*) as count FROM provisioner_keys + WHERE + provisioner_keys.organization_id = OLD.id + ); + + -- Fail the deletion if one of the following: + -- * the organization has 1 or more workspaces + -- * the organization has 1 or more templates + -- * the organization has 1 or more groups other than "Everyone" group + -- * the organization has 1 or more members other than the organization owner + -- * the organization has 1 or more provisioner keys + + -- Only create error message for resources that actually exist + IF (workspace_count + template_count + provisioner_keys_count) > 0 THEN + DECLARE + error_message text := 'cannot delete organization: organization has '; + error_parts text[] := '{}'; + BEGIN + IF workspace_count > 0 THEN + error_parts := array_append(error_parts, workspace_count || ' workspaces'); + END IF; + + IF template_count > 0 THEN + error_parts := array_append(error_parts, template_count || ' templates'); + END IF; + + IF provisioner_keys_count > 0 THEN + error_parts := array_append(error_parts, provisioner_keys_count || ' provisioner keys'); + END IF; + + error_message := error_message || array_to_string(error_parts, ', ') || ' that must be deleted first'; + RAISE EXCEPTION '%', error_message; + END; + END IF; + + IF (group_count) > 1 THEN + RAISE EXCEPTION 'cannot delete organization: organization has % groups that must be deleted first', group_count - 1; + END IF; + + -- Allow 1 member to exist, because you cannot remove yourself. You can + -- remove everyone else. Ideally, we only omit the member that matches + -- the user_id of the caller, however in a trigger, the caller is unknown. + IF (member_count) > 1 THEN + RAISE EXCEPTION 'cannot delete organization: organization has % members that must be deleted first', member_count - 1; + END IF; + + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +-- Trigger to protect organizations from being soft deleted with existing resources +CREATE TRIGGER protect_deleting_organizations + BEFORE UPDATE ON organizations + FOR EACH ROW + WHEN (NEW.deleted = true AND OLD.deleted = false) + EXECUTE FUNCTION protect_deleting_organizations(); diff --git a/coderd/database/migrations/000318_update_protect_deleting_orgs_to_filter_deleted_users.up.sql b/coderd/database/migrations/000318_update_protect_deleting_orgs_to_filter_deleted_users.up.sql new file mode 100644 index 0000000000000..8db15223d92f1 --- /dev/null +++ b/coderd/database/migrations/000318_update_protect_deleting_orgs_to_filter_deleted_users.up.sql @@ -0,0 +1,101 @@ +DROP TRIGGER IF EXISTS protect_deleting_organizations ON organizations; + +-- Replace the function with the new implementation +CREATE OR REPLACE FUNCTION protect_deleting_organizations() + RETURNS TRIGGER AS +$$ +DECLARE + workspace_count int; + template_count int; + group_count int; + member_count int; + provisioner_keys_count int; +BEGIN + workspace_count := ( + SELECT count(*) as count FROM workspaces + WHERE + workspaces.organization_id = OLD.id + AND workspaces.deleted = false + ); + + template_count := ( + SELECT count(*) as count FROM templates + WHERE + templates.organization_id = OLD.id + AND templates.deleted = false + ); + + group_count := ( + SELECT count(*) as count FROM groups + WHERE + groups.organization_id = OLD.id + ); + + member_count := ( + SELECT + count(*) AS count + FROM + organization_members + LEFT JOIN users ON users.id = organization_members.user_id + WHERE + organization_members.organization_id = OLD.id + AND users.deleted = FALSE + ); + + provisioner_keys_count := ( + Select count(*) as count FROM provisioner_keys + WHERE + provisioner_keys.organization_id = OLD.id + ); + + -- Fail the deletion if one of the following: + -- * the organization has 1 or more workspaces + -- * the organization has 1 or more templates + -- * the organization has 1 or more groups other than "Everyone" group + -- * the organization has 1 or more members other than the organization owner + -- * the organization has 1 or more provisioner keys + + -- Only create error message for resources that actually exist + IF (workspace_count + template_count + provisioner_keys_count) > 0 THEN + DECLARE + error_message text := 'cannot delete organization: organization has '; + error_parts text[] := '{}'; + BEGIN + IF workspace_count > 0 THEN + error_parts := array_append(error_parts, workspace_count || ' workspaces'); + END IF; + + IF template_count > 0 THEN + error_parts := array_append(error_parts, template_count || ' templates'); + END IF; + + IF provisioner_keys_count > 0 THEN + error_parts := array_append(error_parts, provisioner_keys_count || ' provisioner keys'); + END IF; + + error_message := error_message || array_to_string(error_parts, ', ') || ' that must be deleted first'; + RAISE EXCEPTION '%', error_message; + END; + END IF; + + IF (group_count) > 1 THEN + RAISE EXCEPTION 'cannot delete organization: organization has % groups that must be deleted first', group_count - 1; + END IF; + + -- Allow 1 member to exist, because you cannot remove yourself. You can + -- remove everyone else. Ideally, we only omit the member that matches + -- the user_id of the caller, however in a trigger, the caller is unknown. + IF (member_count) > 1 THEN + RAISE EXCEPTION 'cannot delete organization: organization has % members that must be deleted first', member_count - 1; + END IF; + + RETURN NEW; +END; +$$ LANGUAGE plpgsql; + +-- Trigger to protect organizations from being soft deleted with existing resources +CREATE TRIGGER protect_deleting_organizations + BEFORE UPDATE ON organizations + FOR EACH ROW + WHEN (NEW.deleted = true AND OLD.deleted = false) + EXECUTE FUNCTION protect_deleting_organizations(); diff --git a/coderd/database/migrations/000319_chat.down.sql b/coderd/database/migrations/000319_chat.down.sql new file mode 100644 index 0000000000000..9bab993f500f5 --- /dev/null +++ b/coderd/database/migrations/000319_chat.down.sql @@ -0,0 +1,3 @@ +DROP TABLE IF EXISTS chat_messages; + +DROP TABLE IF EXISTS chats; diff --git a/coderd/database/migrations/000319_chat.up.sql b/coderd/database/migrations/000319_chat.up.sql new file mode 100644 index 0000000000000..a53942239c9e2 --- /dev/null +++ b/coderd/database/migrations/000319_chat.up.sql @@ -0,0 +1,17 @@ +CREATE TABLE IF NOT EXISTS chats ( + id UUID PRIMARY KEY DEFAULT gen_random_uuid(), + owner_id UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + updated_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + title TEXT NOT NULL +); + +CREATE TABLE IF NOT EXISTS chat_messages ( + -- BIGSERIAL is auto-incrementing so we know the exact order of messages. + id BIGSERIAL PRIMARY KEY, + chat_id UUID NOT NULL REFERENCES chats(id) ON DELETE CASCADE, + created_at TIMESTAMPTZ NOT NULL DEFAULT NOW(), + model TEXT NOT NULL, + provider TEXT NOT NULL, + content JSONB NOT NULL +); diff --git a/coderd/database/migrations/000320_terraform_cached_modules.down.sql b/coderd/database/migrations/000320_terraform_cached_modules.down.sql new file mode 100644 index 0000000000000..6894e43ca9a98 --- /dev/null +++ b/coderd/database/migrations/000320_terraform_cached_modules.down.sql @@ -0,0 +1 @@ +ALTER TABLE template_version_terraform_values DROP COLUMN cached_module_files; diff --git a/coderd/database/migrations/000320_terraform_cached_modules.up.sql b/coderd/database/migrations/000320_terraform_cached_modules.up.sql new file mode 100644 index 0000000000000..17028040de7d1 --- /dev/null +++ b/coderd/database/migrations/000320_terraform_cached_modules.up.sql @@ -0,0 +1 @@ +ALTER TABLE template_version_terraform_values ADD COLUMN cached_module_files uuid references files(id); diff --git a/coderd/database/migrations/000321_add_parent_id_to_workspace_agents.down.sql b/coderd/database/migrations/000321_add_parent_id_to_workspace_agents.down.sql new file mode 100644 index 0000000000000..ab810126ad60e --- /dev/null +++ b/coderd/database/migrations/000321_add_parent_id_to_workspace_agents.down.sql @@ -0,0 +1,2 @@ +ALTER TABLE workspace_agents +DROP COLUMN IF EXISTS parent_id; diff --git a/coderd/database/migrations/000321_add_parent_id_to_workspace_agents.up.sql b/coderd/database/migrations/000321_add_parent_id_to_workspace_agents.up.sql new file mode 100644 index 0000000000000..f2fd7a8c1cd10 --- /dev/null +++ b/coderd/database/migrations/000321_add_parent_id_to_workspace_agents.up.sql @@ -0,0 +1,2 @@ +ALTER TABLE workspace_agents +ADD COLUMN parent_id UUID REFERENCES workspace_agents (id) ON DELETE CASCADE; diff --git a/coderd/database/migrations/000322_rename_test_notification.down.sql b/coderd/database/migrations/000322_rename_test_notification.down.sql new file mode 100644 index 0000000000000..06bfab4370d1d --- /dev/null +++ b/coderd/database/migrations/000322_rename_test_notification.down.sql @@ -0,0 +1,3 @@ +UPDATE notification_templates +SET name = 'Test Notification' +WHERE id = 'c425f63e-716a-4bf4-ae24-78348f706c3f'; diff --git a/coderd/database/migrations/000322_rename_test_notification.up.sql b/coderd/database/migrations/000322_rename_test_notification.up.sql new file mode 100644 index 0000000000000..52b2db5a9353b --- /dev/null +++ b/coderd/database/migrations/000322_rename_test_notification.up.sql @@ -0,0 +1,3 @@ +UPDATE notification_templates +SET name = 'Troubleshooting Notification' +WHERE id = 'c425f63e-716a-4bf4-ae24-78348f706c3f'; diff --git a/coderd/database/migrations/000325_dynamic_parameters_metadata.down.sql b/coderd/database/migrations/000325_dynamic_parameters_metadata.down.sql new file mode 100644 index 0000000000000..991871b5700ab --- /dev/null +++ b/coderd/database/migrations/000325_dynamic_parameters_metadata.down.sql @@ -0,0 +1 @@ +ALTER TABLE template_version_terraform_values DROP COLUMN provisionerd_version; diff --git a/coderd/database/migrations/000325_dynamic_parameters_metadata.up.sql b/coderd/database/migrations/000325_dynamic_parameters_metadata.up.sql new file mode 100644 index 0000000000000..211693b7f3e79 --- /dev/null +++ b/coderd/database/migrations/000325_dynamic_parameters_metadata.up.sql @@ -0,0 +1,4 @@ +ALTER TABLE template_version_terraform_values ADD COLUMN IF NOT EXISTS provisionerd_version TEXT NOT NULL DEFAULT ''; + +COMMENT ON COLUMN template_version_terraform_values.provisionerd_version IS + 'What version of the provisioning engine was used to generate the cached plan and module files.'; diff --git a/coderd/database/migrations/testdata/fixtures/000319_chat.up.sql b/coderd/database/migrations/testdata/fixtures/000319_chat.up.sql new file mode 100644 index 0000000000000..123a62c4eb722 --- /dev/null +++ b/coderd/database/migrations/testdata/fixtures/000319_chat.up.sql @@ -0,0 +1,6 @@ +INSERT INTO chats (id, owner_id, created_at, updated_at, title) VALUES +('00000000-0000-0000-0000-000000000001', '0ed9befc-4911-4ccf-a8e2-559bf72daa94', '2023-10-01 12:00:00+00', '2023-10-01 12:00:00+00', 'Test Chat 1'); + +INSERT INTO chat_messages (id, chat_id, created_at, model, provider, content) VALUES +(1, '00000000-0000-0000-0000-000000000001', '2023-10-01 12:00:00+00', 'annie-oakley', 'cowboy-coder', '{"role":"user","content":"Hello"}'), +(2, '00000000-0000-0000-0000-000000000001', '2023-10-01 12:01:00+00', 'annie-oakley', 'cowboy-coder', '{"role":"assistant","content":"Howdy pardner! What can I do ya for?"}'); diff --git a/coderd/database/models.go b/coderd/database/models.go index 2dfc2c23ed6e0..3674af6ed6981 100644 --- a/coderd/database/models.go +++ b/coderd/database/models.go @@ -2628,6 +2628,23 @@ type AuditLog struct { ResourceIcon string `db:"resource_icon" json:"resource_icon"` } +type Chat struct { + ID uuid.UUID `db:"id" json:"id"` + OwnerID uuid.UUID `db:"owner_id" json:"owner_id"` + CreatedAt time.Time `db:"created_at" json:"created_at"` + UpdatedAt time.Time `db:"updated_at" json:"updated_at"` + Title string `db:"title" json:"title"` +} + +type ChatMessage struct { + ID int64 `db:"id" json:"id"` + ChatID uuid.UUID `db:"chat_id" json:"chat_id"` + CreatedAt time.Time `db:"created_at" json:"created_at"` + Model string `db:"model" json:"model"` + Provider string `db:"provider" json:"provider"` + Content json.RawMessage `db:"content" json:"content"` +} + type CryptoKey struct { Feature CryptoKeyFeature `db:"feature" json:"feature"` Sequence int32 `db:"sequence" json:"sequence"` @@ -3265,6 +3282,9 @@ type TemplateVersionTerraformValue struct { TemplateVersionID uuid.UUID `db:"template_version_id" json:"template_version_id"` UpdatedAt time.Time `db:"updated_at" json:"updated_at"` CachedPlan json.RawMessage `db:"cached_plan" json:"cached_plan"` + CachedModuleFiles uuid.NullUUID `db:"cached_module_files" json:"cached_module_files"` + // What version of the provisioning engine was used to generate the cached plan and module files. + ProvisionerdVersion string `db:"provisionerd_version" json:"provisionerd_version"` } type TemplateVersionVariable struct { @@ -3442,7 +3462,8 @@ type WorkspaceAgent struct { DisplayApps []DisplayApp `db:"display_apps" json:"display_apps"` APIVersion string `db:"api_version" json:"api_version"` // Specifies the order in which to display agents in user interfaces. - DisplayOrder int32 `db:"display_order" json:"display_order"` + DisplayOrder int32 `db:"display_order" json:"display_order"` + ParentID uuid.NullUUID `db:"parent_id" json:"parent_id"` // Defines the scope of the API key associated with the agent. 'all' allows access to everything, 'no_user_data' restricts it to exclude user data. APIKeyScope AgentKeyScopeEnum `db:"api_key_scope" json:"api_key_scope"` } diff --git a/coderd/database/querier_test.go b/coderd/database/querier_test.go index 4a2edb4451c34..b2cc20c4894d5 100644 --- a/coderd/database/querier_test.go +++ b/coderd/database/querier_test.go @@ -3586,6 +3586,43 @@ func TestOrganizationDeleteTrigger(t *testing.T) { require.ErrorContains(t, err, "cannot delete organization") require.ErrorContains(t, err, "has 1 members") }) + + t.Run("UserDeletedButNotRemovedFromOrg", func(t *testing.T) { + t.Parallel() + db, _ := dbtestutil.NewDB(t) + + orgA := dbfake.Organization(t, db).Do() + + userA := dbgen.User(t, db, database.User{}) + userB := dbgen.User(t, db, database.User{}) + userC := dbgen.User(t, db, database.User{}) + + dbgen.OrganizationMember(t, db, database.OrganizationMember{ + OrganizationID: orgA.Org.ID, + UserID: userA.ID, + }) + dbgen.OrganizationMember(t, db, database.OrganizationMember{ + OrganizationID: orgA.Org.ID, + UserID: userB.ID, + }) + dbgen.OrganizationMember(t, db, database.OrganizationMember{ + OrganizationID: orgA.Org.ID, + UserID: userC.ID, + }) + + // Delete one of the users but don't remove them from the org + ctx := testutil.Context(t, testutil.WaitShort) + db.UpdateUserDeletedByID(ctx, userB.ID) + + err := db.UpdateOrganizationDeletedByID(ctx, database.UpdateOrganizationDeletedByIDParams{ + UpdatedAt: dbtime.Now(), + ID: orgA.Org.ID, + }) + require.Error(t, err) + // cannot delete organization: organization has 1 members that must be deleted first + require.ErrorContains(t, err, "cannot delete organization") + require.ErrorContains(t, err, "has 1 members") + }) } type templateVersionWithPreset struct { diff --git a/coderd/database/queries.sql.go b/coderd/database/queries.sql.go index d0af6d1f8d76a..2d422403dfa23 100644 --- a/coderd/database/queries.sql.go +++ b/coderd/database/queries.sql.go @@ -5586,11 +5586,45 @@ func (q *sqlQuerier) GetOrganizationByName(ctx context.Context, arg GetOrganizat const getOrganizationResourceCountByID = `-- name: GetOrganizationResourceCountByID :one SELECT - (SELECT COUNT(*) FROM workspaces WHERE workspaces.organization_id = $1 AND workspaces.deleted = false) AS workspace_count, - (SELECT COUNT(*) FROM groups WHERE groups.organization_id = $1) AS group_count, - (SELECT COUNT(*) FROM templates WHERE templates.organization_id = $1 AND templates.deleted = false) AS template_count, - (SELECT COUNT(*) FROM organization_members WHERE organization_members.organization_id = $1) AS member_count, - (SELECT COUNT(*) FROM provisioner_keys WHERE provisioner_keys.organization_id = $1) AS provisioner_key_count + ( + SELECT + count(*) + FROM + workspaces + WHERE + workspaces.organization_id = $1 + AND workspaces.deleted = FALSE) AS workspace_count, + ( + SELECT + count(*) + FROM + GROUPS + WHERE + groups.organization_id = $1) AS group_count, + ( + SELECT + count(*) + FROM + templates + WHERE + templates.organization_id = $1 + AND templates.deleted = FALSE) AS template_count, + ( + SELECT + count(*) + FROM + organization_members + LEFT JOIN users ON organization_members.user_id = users.id + WHERE + organization_members.organization_id = $1 + AND users.deleted = FALSE) AS member_count, +( + SELECT + count(*) + FROM + provisioner_keys + WHERE + provisioner_keys.organization_id = $1) AS provisioner_key_count ` type GetOrganizationResourceCountByIDRow struct { @@ -11471,7 +11505,7 @@ func (q *sqlQuerier) UpdateTemplateVersionExternalAuthProvidersByJobID(ctx conte const getTemplateVersionTerraformValues = `-- name: GetTemplateVersionTerraformValues :one SELECT - template_version_terraform_values.template_version_id, template_version_terraform_values.updated_at, template_version_terraform_values.cached_plan + template_version_terraform_values.template_version_id, template_version_terraform_values.updated_at, template_version_terraform_values.cached_plan, template_version_terraform_values.cached_module_files, template_version_terraform_values.provisionerd_version FROM template_version_terraform_values WHERE @@ -11481,7 +11515,13 @@ WHERE func (q *sqlQuerier) GetTemplateVersionTerraformValues(ctx context.Context, templateVersionID uuid.UUID) (TemplateVersionTerraformValue, error) { row := q.db.QueryRowContext(ctx, getTemplateVersionTerraformValues, templateVersionID) var i TemplateVersionTerraformValue - err := row.Scan(&i.TemplateVersionID, &i.UpdatedAt, &i.CachedPlan) + err := row.Scan( + &i.TemplateVersionID, + &i.UpdatedAt, + &i.CachedPlan, + &i.CachedModuleFiles, + &i.ProvisionerdVersion, + ) return i, err } @@ -13686,7 +13726,7 @@ func (q *sqlQuerier) DeleteOldWorkspaceAgentLogs(ctx context.Context, threshold const getWorkspaceAgentAndLatestBuildByAuthToken = `-- name: GetWorkspaceAgentAndLatestBuildByAuthToken :one SELECT workspaces.id, workspaces.created_at, workspaces.updated_at, workspaces.owner_id, workspaces.organization_id, workspaces.template_id, workspaces.deleted, workspaces.name, workspaces.autostart_schedule, workspaces.ttl, workspaces.last_used_at, workspaces.dormant_at, workspaces.deleting_at, workspaces.automatic_updates, workspaces.favorite, workspaces.next_start_at, - workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order, workspace_agents.api_key_scope, + workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order, workspace_agents.parent_id, workspace_agents.api_key_scope, workspace_build_with_user.id, workspace_build_with_user.created_at, workspace_build_with_user.updated_at, workspace_build_with_user.workspace_id, workspace_build_with_user.template_version_id, workspace_build_with_user.build_number, workspace_build_with_user.transition, workspace_build_with_user.initiator_id, workspace_build_with_user.provisioner_state, workspace_build_with_user.job_id, workspace_build_with_user.deadline, workspace_build_with_user.reason, workspace_build_with_user.daily_cost, workspace_build_with_user.max_deadline, workspace_build_with_user.template_version_preset_id, workspace_build_with_user.initiator_by_avatar_url, workspace_build_with_user.initiator_by_username FROM workspace_agents @@ -13776,6 +13816,7 @@ func (q *sqlQuerier) GetWorkspaceAgentAndLatestBuildByAuthToken(ctx context.Cont pq.Array(&i.WorkspaceAgent.DisplayApps), &i.WorkspaceAgent.APIVersion, &i.WorkspaceAgent.DisplayOrder, + &i.WorkspaceAgent.ParentID, &i.WorkspaceAgent.APIKeyScope, &i.WorkspaceBuild.ID, &i.WorkspaceBuild.CreatedAt, @@ -13800,7 +13841,7 @@ func (q *sqlQuerier) GetWorkspaceAgentAndLatestBuildByAuthToken(ctx context.Cont const getWorkspaceAgentByID = `-- name: GetWorkspaceAgentByID :one SELECT - id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, api_key_scope + id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, parent_id, api_key_scope FROM workspace_agents WHERE @@ -13842,6 +13883,7 @@ func (q *sqlQuerier) GetWorkspaceAgentByID(ctx context.Context, id uuid.UUID) (W pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.ParentID, &i.APIKeyScope, ) return i, err @@ -13849,7 +13891,7 @@ func (q *sqlQuerier) GetWorkspaceAgentByID(ctx context.Context, id uuid.UUID) (W const getWorkspaceAgentByInstanceID = `-- name: GetWorkspaceAgentByInstanceID :one SELECT - id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, api_key_scope + id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, parent_id, api_key_scope FROM workspace_agents WHERE @@ -13893,6 +13935,7 @@ func (q *sqlQuerier) GetWorkspaceAgentByInstanceID(ctx context.Context, authInst pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.ParentID, &i.APIKeyScope, ) return i, err @@ -14113,7 +14156,7 @@ func (q *sqlQuerier) GetWorkspaceAgentScriptTimingsByBuildID(ctx context.Context const getWorkspaceAgentsByResourceIDs = `-- name: GetWorkspaceAgentsByResourceIDs :many SELECT - id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, api_key_scope + id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, parent_id, api_key_scope FROM workspace_agents WHERE @@ -14161,6 +14204,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsByResourceIDs(ctx context.Context, ids [] pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.ParentID, &i.APIKeyScope, ); err != nil { return nil, err @@ -14178,7 +14222,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsByResourceIDs(ctx context.Context, ids [] const getWorkspaceAgentsByWorkspaceAndBuildNumber = `-- name: GetWorkspaceAgentsByWorkspaceAndBuildNumber :many SELECT - workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order, workspace_agents.api_key_scope + workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order, workspace_agents.parent_id, workspace_agents.api_key_scope FROM workspace_agents JOIN @@ -14236,6 +14280,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx context.Con pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.ParentID, &i.APIKeyScope, ); err != nil { return nil, err @@ -14252,7 +14297,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsByWorkspaceAndBuildNumber(ctx context.Con } const getWorkspaceAgentsCreatedAfter = `-- name: GetWorkspaceAgentsCreatedAfter :many -SELECT id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, api_key_scope FROM workspace_agents WHERE created_at > $1 +SELECT id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, parent_id, api_key_scope FROM workspace_agents WHERE created_at > $1 ` func (q *sqlQuerier) GetWorkspaceAgentsCreatedAfter(ctx context.Context, createdAt time.Time) ([]WorkspaceAgent, error) { @@ -14296,6 +14341,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsCreatedAfter(ctx context.Context, created pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.ParentID, &i.APIKeyScope, ); err != nil { return nil, err @@ -14313,7 +14359,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsCreatedAfter(ctx context.Context, created const getWorkspaceAgentsInLatestBuildByWorkspaceID = `-- name: GetWorkspaceAgentsInLatestBuildByWorkspaceID :many SELECT - workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order, workspace_agents.api_key_scope + workspace_agents.id, workspace_agents.created_at, workspace_agents.updated_at, workspace_agents.name, workspace_agents.first_connected_at, workspace_agents.last_connected_at, workspace_agents.disconnected_at, workspace_agents.resource_id, workspace_agents.auth_token, workspace_agents.auth_instance_id, workspace_agents.architecture, workspace_agents.environment_variables, workspace_agents.operating_system, workspace_agents.instance_metadata, workspace_agents.resource_metadata, workspace_agents.directory, workspace_agents.version, workspace_agents.last_connected_replica_id, workspace_agents.connection_timeout_seconds, workspace_agents.troubleshooting_url, workspace_agents.motd_file, workspace_agents.lifecycle_state, workspace_agents.expanded_directory, workspace_agents.logs_length, workspace_agents.logs_overflowed, workspace_agents.started_at, workspace_agents.ready_at, workspace_agents.subsystems, workspace_agents.display_apps, workspace_agents.api_version, workspace_agents.display_order, workspace_agents.parent_id, workspace_agents.api_key_scope FROM workspace_agents JOIN @@ -14373,6 +14419,7 @@ func (q *sqlQuerier) GetWorkspaceAgentsInLatestBuildByWorkspaceID(ctx context.Co pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.ParentID, &i.APIKeyScope, ); err != nil { return nil, err @@ -14392,6 +14439,7 @@ const insertWorkspaceAgent = `-- name: InsertWorkspaceAgent :one INSERT INTO workspace_agents ( id, + parent_id, created_at, updated_at, name, @@ -14412,11 +14460,12 @@ INSERT INTO api_key_scope ) VALUES - ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19) RETURNING id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, api_key_scope + ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20) RETURNING id, created_at, updated_at, name, first_connected_at, last_connected_at, disconnected_at, resource_id, auth_token, auth_instance_id, architecture, environment_variables, operating_system, instance_metadata, resource_metadata, directory, version, last_connected_replica_id, connection_timeout_seconds, troubleshooting_url, motd_file, lifecycle_state, expanded_directory, logs_length, logs_overflowed, started_at, ready_at, subsystems, display_apps, api_version, display_order, parent_id, api_key_scope ` type InsertWorkspaceAgentParams struct { ID uuid.UUID `db:"id" json:"id"` + ParentID uuid.NullUUID `db:"parent_id" json:"parent_id"` CreatedAt time.Time `db:"created_at" json:"created_at"` UpdatedAt time.Time `db:"updated_at" json:"updated_at"` Name string `db:"name" json:"name"` @@ -14440,6 +14489,7 @@ type InsertWorkspaceAgentParams struct { func (q *sqlQuerier) InsertWorkspaceAgent(ctx context.Context, arg InsertWorkspaceAgentParams) (WorkspaceAgent, error) { row := q.db.QueryRowContext(ctx, insertWorkspaceAgent, arg.ID, + arg.ParentID, arg.CreatedAt, arg.UpdatedAt, arg.Name, @@ -14492,6 +14542,7 @@ func (q *sqlQuerier) InsertWorkspaceAgent(ctx context.Context, arg InsertWorkspa pq.Array(&i.DisplayApps), &i.APIVersion, &i.DisplayOrder, + &i.ParentID, &i.APIKeyScope, ) return i, err diff --git a/coderd/database/queries/organizations.sql b/coderd/database/queries/organizations.sql index d940fb1ad4dc6..89a4a7bcfcef4 100644 --- a/coderd/database/queries/organizations.sql +++ b/coderd/database/queries/organizations.sql @@ -73,11 +73,46 @@ WHERE -- name: GetOrganizationResourceCountByID :one SELECT - (SELECT COUNT(*) FROM workspaces WHERE workspaces.organization_id = $1 AND workspaces.deleted = false) AS workspace_count, - (SELECT COUNT(*) FROM groups WHERE groups.organization_id = $1) AS group_count, - (SELECT COUNT(*) FROM templates WHERE templates.organization_id = $1 AND templates.deleted = false) AS template_count, - (SELECT COUNT(*) FROM organization_members WHERE organization_members.organization_id = $1) AS member_count, - (SELECT COUNT(*) FROM provisioner_keys WHERE provisioner_keys.organization_id = $1) AS provisioner_key_count; + ( + SELECT + count(*) + FROM + workspaces + WHERE + workspaces.organization_id = $1 + AND workspaces.deleted = FALSE) AS workspace_count, + ( + SELECT + count(*) + FROM + GROUPS + WHERE + groups.organization_id = $1) AS group_count, + ( + SELECT + count(*) + FROM + templates + WHERE + templates.organization_id = $1 + AND templates.deleted = FALSE) AS template_count, + ( + SELECT + count(*) + FROM + organization_members + LEFT JOIN users ON organization_members.user_id = users.id + WHERE + organization_members.organization_id = $1 + AND users.deleted = FALSE) AS member_count, +( + SELECT + count(*) + FROM + provisioner_keys + WHERE + provisioner_keys.organization_id = $1) AS provisioner_key_count; + -- name: InsertOrganization :one INSERT INTO diff --git a/coderd/database/queries/workspaceagents.sql b/coderd/database/queries/workspaceagents.sql index 3b6f4a3096ce9..5965f0cb16fbf 100644 --- a/coderd/database/queries/workspaceagents.sql +++ b/coderd/database/queries/workspaceagents.sql @@ -31,6 +31,7 @@ SELECT * FROM workspace_agents WHERE created_at > $1; INSERT INTO workspace_agents ( id, + parent_id, created_at, updated_at, name, @@ -51,7 +52,7 @@ INSERT INTO api_key_scope ) VALUES - ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19) RETURNING *; + ($1, $2, $3, $4, $5, $6, $7, $8, $9, $10, $11, $12, $13, $14, $15, $16, $17, $18, $19, $20) RETURNING *; -- name: UpdateWorkspaceAgentConnectionByID :exec UPDATE diff --git a/coderd/database/unique_constraint.go b/coderd/database/unique_constraint.go index 2b91f38c88d42..4c9c8cedcba23 100644 --- a/coderd/database/unique_constraint.go +++ b/coderd/database/unique_constraint.go @@ -9,6 +9,8 @@ const ( UniqueAgentStatsPkey UniqueConstraint = "agent_stats_pkey" // ALTER TABLE ONLY workspace_agent_stats ADD CONSTRAINT agent_stats_pkey PRIMARY KEY (id); UniqueAPIKeysPkey UniqueConstraint = "api_keys_pkey" // ALTER TABLE ONLY api_keys ADD CONSTRAINT api_keys_pkey PRIMARY KEY (id); UniqueAuditLogsPkey UniqueConstraint = "audit_logs_pkey" // ALTER TABLE ONLY audit_logs ADD CONSTRAINT audit_logs_pkey PRIMARY KEY (id); + UniqueChatMessagesPkey UniqueConstraint = "chat_messages_pkey" // ALTER TABLE ONLY chat_messages ADD CONSTRAINT chat_messages_pkey PRIMARY KEY (id); + UniqueChatsPkey UniqueConstraint = "chats_pkey" // ALTER TABLE ONLY chats ADD CONSTRAINT chats_pkey PRIMARY KEY (id); UniqueCryptoKeysPkey UniqueConstraint = "crypto_keys_pkey" // ALTER TABLE ONLY crypto_keys ADD CONSTRAINT crypto_keys_pkey PRIMARY KEY (feature, sequence); UniqueCustomRolesUniqueKey UniqueConstraint = "custom_roles_unique_key" // ALTER TABLE ONLY custom_roles ADD CONSTRAINT custom_roles_unique_key UNIQUE (name, organization_id); UniqueDbcryptKeysActiveKeyDigestKey UniqueConstraint = "dbcrypt_keys_active_key_digest_key" // ALTER TABLE ONLY dbcrypt_keys ADD CONSTRAINT dbcrypt_keys_active_key_digest_key UNIQUE (active_key_digest); diff --git a/coderd/notifications/testdata/rendered-templates/webhook/TemplateTestNotification.json.golden b/coderd/notifications/testdata/rendered-templates/webhook/TemplateTestNotification.json.golden index 09c18f975d754..b26e3043b4f45 100644 --- a/coderd/notifications/testdata/rendered-templates/webhook/TemplateTestNotification.json.golden +++ b/coderd/notifications/testdata/rendered-templates/webhook/TemplateTestNotification.json.golden @@ -3,7 +3,7 @@ "msg_id": "00000000-0000-0000-0000-000000000000", "payload": { "_version": "1.2", - "notification_name": "Test Notification", + "notification_name": "Troubleshooting Notification", "notification_template_id": "00000000-0000-0000-0000-000000000000", "user_id": "00000000-0000-0000-0000-000000000000", "user_email": "bobby@coder.com", diff --git a/coderd/provisionerdserver/provisionerdserver.go b/coderd/provisionerdserver/provisionerdserver.go index 4232b85644a23..dc45260e921b4 100644 --- a/coderd/provisionerdserver/provisionerdserver.go +++ b/coderd/provisionerdserver/provisionerdserver.go @@ -2063,6 +2063,7 @@ func InsertWorkspaceResource(ctx context.Context, db database.Store, jobID uuid. agentID := uuid.New() dbAgent, err := db.InsertWorkspaceAgent(ctx, database.InsertWorkspaceAgentParams{ ID: agentID, + ParentID: uuid.NullUUID{}, CreatedAt: dbtime.Now(), UpdatedAt: dbtime.Now(), ResourceID: resource.ID, diff --git a/coderd/provisionerdserver/provisionerdserver_test.go b/coderd/provisionerdserver/provisionerdserver_test.go index 1ba86c50baf8a..b6c60781dac35 100644 --- a/coderd/provisionerdserver/provisionerdserver_test.go +++ b/coderd/provisionerdserver/provisionerdserver_test.go @@ -2424,6 +2424,7 @@ func TestInsertWorkspaceResource(t *testing.T) { require.NoError(t, err) require.Len(t, agents, 1) agent := agents[0] + require.Equal(t, uuid.NullUUID{}, agent.ParentID) require.Equal(t, "amd64", agent.Architecture) require.Equal(t, "linux", agent.OperatingSystem) want, err := json.Marshal(map[string]string{ diff --git a/codersdk/workspaceagents.go b/codersdk/workspaceagents.go index 5c7171f70a627..f58338a209901 100644 --- a/codersdk/workspaceagents.go +++ b/codersdk/workspaceagents.go @@ -139,6 +139,7 @@ const ( type WorkspaceAgent struct { ID uuid.UUID `json:"id" format:"uuid"` + ParentID uuid.NullUUID `json:"parent_id" format:"uuid"` CreatedAt time.Time `json:"created_at" format:"date-time"` UpdatedAt time.Time `json:"updated_at" format:"date-time"` FirstConnectedAt *time.Time `json:"first_connected_at,omitempty" format:"date-time"` diff --git a/docs/admin/security/audit-logs.md b/docs/admin/security/audit-logs.md index 3bf6a09885f7c..626f998f5954d 100644 --- a/docs/admin/security/audit-logs.md +++ b/docs/admin/security/audit-logs.md @@ -29,7 +29,7 @@ We track the following resources: | Template
write, delete | |
Field Tracked
active_version_id true
activity_bump true
allow_user_autostart true
allow_user_autostop true
allow_user_cancel_workspace_jobs true
autostart_block_days_of_week true
autostop_requirement_days_of_week true
autostop_requirement_weeks true
created_at false
created_by true
created_by_avatar_url false
created_by_username false
default_ttl true
deleted false
deprecated true
description true
display_name true
failure_ttl true
group_acl true
icon true
id true
max_port_sharing_level true
name true
organization_display_name false
organization_icon false
organization_id false
organization_name false
provisioner true
require_active_version true
time_til_dormant true
time_til_dormant_autodelete true
updated_at false
user_acl true
| | TemplateVersion
create, write | |
Field Tracked
archived true
created_at false
created_by true
created_by_avatar_url false
created_by_username false
external_auth_providers false
id true
job_id false
message false
name true
organization_id false
readme true
source_example_id false
template_id true
updated_at false
| | User
create, write, delete | |
Field Tracked
avatar_url false
created_at false
deleted true
email true
github_com_user_id false
hashed_one_time_passcode false
hashed_password true
id true
is_system true
last_seen_at false
login_type true
name true
one_time_passcode_expires_at true
quiet_hours_schedule true
rbac_roles true
status true
updated_at false
username true
| -| WorkspaceAgent
connect, disconnect | |
Field Tracked
api_key_scope false
api_version false
architecture false
auth_instance_id false
auth_token false
connection_timeout_seconds false
created_at false
directory false
disconnected_at false
display_apps false
display_order false
environment_variables false
expanded_directory false
first_connected_at false
id false
instance_metadata false
last_connected_at false
last_connected_replica_id false
lifecycle_state false
logs_length false
logs_overflowed false
motd_file false
name false
operating_system false
ready_at false
resource_id false
resource_metadata false
started_at false
subsystems false
troubleshooting_url false
updated_at false
version false
| +| WorkspaceAgent
connect, disconnect | |
Field Tracked
api_key_scope false
api_version false
architecture false
auth_instance_id false
auth_token false
connection_timeout_seconds false
created_at false
directory false
disconnected_at false
display_apps false
display_order false
environment_variables false
expanded_directory false
first_connected_at false
id false
instance_metadata false
last_connected_at false
last_connected_replica_id false
lifecycle_state false
logs_length false
logs_overflowed false
motd_file false
name false
operating_system false
parent_id false
ready_at false
resource_id false
resource_metadata false
started_at false
subsystems false
troubleshooting_url false
updated_at false
version false
| | WorkspaceApp
open, close | |
Field Tracked
agent_id false
command false
created_at false
display_name false
display_order false
external false
health false
healthcheck_interval false
healthcheck_threshold false
healthcheck_url false
hidden false
icon false
id false
open_in false
sharing_level false
slug false
subdomain false
url false
| | WorkspaceBuild
start, stop | |
Field Tracked
build_number false
created_at false
daily_cost false
deadline false
id false
initiator_by_avatar_url false
initiator_by_username false
initiator_id false
job_id false
max_deadline false
provisioner_state false
reason false
template_version_id true
template_version_preset_id false
transition false
updated_at false
workspace_id false
| | WorkspaceProxy
| |
Field Tracked
created_at true
deleted false
derp_enabled true
derp_only true
display_name true
icon true
id true
name true
region_id true
token_hashed_secret true
updated_at false
url true
version true
wildcard_hostname true
| diff --git a/docs/reference/api/agents.md b/docs/reference/api/agents.md index 81dd9cf2eb88a..eced88f4f72cc 100644 --- a/docs/reference/api/agents.md +++ b/docs/reference/api/agents.md @@ -609,6 +609,10 @@ curl -X GET http://coder-server:8080/api/v2/workspaceagents/{workspaceagent} \ "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ diff --git a/docs/reference/api/builds.md b/docs/reference/api/builds.md index 1f795c3d7d313..8e88df96c1d29 100644 --- a/docs/reference/api/builds.md +++ b/docs/reference/api/builds.md @@ -164,6 +164,10 @@ curl -X GET http://coder-server:8080/api/v2/users/{user}/workspace/{workspacenam "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -393,6 +397,10 @@ curl -X GET http://coder-server:8080/api/v2/workspacebuilds/{workspacebuild} \ "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -737,6 +745,10 @@ curl -X GET http://coder-server:8080/api/v2/workspacebuilds/{workspacebuild}/res "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -859,6 +871,9 @@ Status Code **200** | `»» logs_overflowed` | boolean | false | | | | `»» name` | string | false | | | | `»» operating_system` | string | false | | | +| `»» parent_id` | [uuid.NullUUID](schemas.md#uuidnulluuid) | false | | | +| `»»» uuid` | string | false | | | +| `»»» valid` | boolean | false | | Valid is true if UUID is not NULL | | `»» ready_at` | string(date-time) | false | | | | `»» resource_id` | string(uuid) | false | | | | `»» scripts` | array | false | | | @@ -1092,6 +1107,10 @@ curl -X GET http://coder-server:8080/api/v2/workspacebuilds/{workspacebuild}/sta "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -1394,6 +1413,10 @@ curl -X GET http://coder-server:8080/api/v2/workspaces/{workspace}/builds \ "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -1573,6 +1596,9 @@ Status Code **200** | `»»» logs_overflowed` | boolean | false | | | | `»»» name` | string | false | | | | `»»» operating_system` | string | false | | | +| `»»» parent_id` | [uuid.NullUUID](schemas.md#uuidnulluuid) | false | | | +| `»»»» uuid` | string | false | | | +| `»»»» valid` | boolean | false | | Valid is true if UUID is not NULL | | `»»» ready_at` | string(date-time) | false | | | | `»»» resource_id` | string(uuid) | false | | | | `»»» scripts` | array | false | | | @@ -1867,6 +1893,10 @@ curl -X POST http://coder-server:8080/api/v2/workspaces/{workspace}/builds \ "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ diff --git a/docs/reference/api/schemas.md b/docs/reference/api/schemas.md index 6caf9e3384546..5ed472a0661c4 100644 --- a/docs/reference/api/schemas.md +++ b/docs/reference/api/schemas.md @@ -7779,6 +7779,10 @@ If the schedule is empty, the user will be updated to use the default schedule.| "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -7983,6 +7987,10 @@ If the schedule is empty, the user will be updated to use the default schedule.| "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -8039,6 +8047,7 @@ If the schedule is empty, the user will be updated to use the default schedule.| | `logs_overflowed` | boolean | false | | | | `name` | string | false | | | | `operating_system` | string | false | | | +| `parent_id` | [uuid.NullUUID](#uuidnulluuid) | false | | | | `ready_at` | string | false | | | | `resource_id` | string | false | | | | `scripts` | array of [codersdk.WorkspaceAgentScript](#codersdkworkspaceagentscript) | false | | | @@ -8731,6 +8740,10 @@ If the schedule is empty, the user will be updated to use the default schedule.| "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -9147,6 +9160,10 @@ If the schedule is empty, the user will be updated to use the default schedule.| "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -9429,6 +9446,10 @@ If the schedule is empty, the user will be updated to use the default schedule.| "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -11392,6 +11413,22 @@ RegionIDs in range 900-999 are reserved for end users to run their own DERP node None +## uuid.NullUUID + +```json +{ + "uuid": "string", + "valid": true +} +``` + +### Properties + +| Name | Type | Required | Restrictions | Description | +|---------|---------|----------|--------------|-----------------------------------| +| `uuid` | string | false | | | +| `valid` | boolean | false | | Valid is true if UUID is not NULL | + ## workspaceapps.AccessMethod ```json diff --git a/docs/reference/api/templates.md b/docs/reference/api/templates.md index ef136764bf2c5..b1beeb64a7116 100644 --- a/docs/reference/api/templates.md +++ b/docs/reference/api/templates.md @@ -2348,6 +2348,10 @@ curl -X GET http://coder-server:8080/api/v2/templateversions/{templateversion}/d "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -2470,6 +2474,9 @@ Status Code **200** | `»» logs_overflowed` | boolean | false | | | | `»» name` | string | false | | | | `»» operating_system` | string | false | | | +| `»» parent_id` | [uuid.NullUUID](schemas.md#uuidnulluuid) | false | | | +| `»»» uuid` | string | false | | | +| `»»» valid` | boolean | false | | Valid is true if UUID is not NULL | | `»» ready_at` | string(date-time) | false | | | | `»» resource_id` | string(uuid) | false | | | | `»» scripts` | array | false | | | @@ -2869,6 +2876,10 @@ curl -X GET http://coder-server:8080/api/v2/templateversions/{templateversion}/r "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -2991,6 +3002,9 @@ Status Code **200** | `»» logs_overflowed` | boolean | false | | | | `»» name` | string | false | | | | `»» operating_system` | string | false | | | +| `»» parent_id` | [uuid.NullUUID](schemas.md#uuidnulluuid) | false | | | +| `»»» uuid` | string | false | | | +| `»»» valid` | boolean | false | | Valid is true if UUID is not NULL | | `»» ready_at` | string(date-time) | false | | | | `»» resource_id` | string(uuid) | false | | | | `»» scripts` | array | false | | | diff --git a/docs/reference/api/workspaces.md b/docs/reference/api/workspaces.md index 5d09c46a01d30..8e25cd0bd58e6 100644 --- a/docs/reference/api/workspaces.md +++ b/docs/reference/api/workspaces.md @@ -219,6 +219,10 @@ of the template will be used. "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -496,6 +500,10 @@ curl -X GET http://coder-server:8080/api/v2/users/{user}/workspace/{workspacenam "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -799,6 +807,10 @@ of the template will be used. "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -1062,6 +1074,10 @@ curl -X GET http://coder-server:8080/api/v2/workspaces \ "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -1340,6 +1356,10 @@ curl -X GET http://coder-server:8080/api/v2/workspaces/{workspace} \ "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ @@ -1733,6 +1753,10 @@ curl -X PUT http://coder-server:8080/api/v2/workspaces/{workspace}/dormant \ "logs_overflowed": true, "name": "string", "operating_system": "string", + "parent_id": { + "uuid": "string", + "valid": true + }, "ready_at": "2019-08-24T14:15:22Z", "resource_id": "4d5215ed-38bb-48ed-879a-fdb9ca58522f", "scripts": [ diff --git a/enterprise/audit/table.go b/enterprise/audit/table.go index 797abc46b7700..ab24ba8524a64 100644 --- a/enterprise/audit/table.go +++ b/enterprise/audit/table.go @@ -343,6 +343,7 @@ var auditableResourcesTypes = map[any]map[string]Action{ "api_version": ActionIgnore, "display_order": ActionIgnore, "api_key_scope": ActionIgnore, + "parent_id": ActionIgnore, }, &database.WorkspaceApp{}: { "id": ActionIgnore, diff --git a/site/src/api/typesGenerated.ts b/site/src/api/typesGenerated.ts index 7ec54965c2efb..7b6b60854c5dc 100644 --- a/site/src/api/typesGenerated.ts +++ b/site/src/api/typesGenerated.ts @@ -3196,6 +3196,7 @@ export interface Workspace { // From codersdk/workspaceagents.go export interface WorkspaceAgent { readonly id: string; + readonly parent_id: string | null; readonly created_at: string; readonly updated_at: string; readonly first_connected_at?: string; diff --git a/site/src/pages/WorkspacePage/Workspace.stories.tsx b/site/src/pages/WorkspacePage/Workspace.stories.tsx index 88198bdb7b09a..3afdd2cb15f19 100644 --- a/site/src/pages/WorkspacePage/Workspace.stories.tsx +++ b/site/src/pages/WorkspacePage/Workspace.stories.tsx @@ -101,6 +101,33 @@ export const Running: Story = { }, }; +export const RunningWithChildAgent: Story = { + args: { + ...Running.args, + workspace: { + ...Mocks.MockWorkspace, + latest_build: { + ...Mocks.MockWorkspace.latest_build, + resources: [ + { + ...Mocks.MockWorkspaceResource, + agents: [ + { + ...Mocks.MockWorkspaceAgent, + lifecycle_state: "ready", + }, + { + ...Mocks.MockWorkspaceChildAgent, + lifecycle_state: "ready", + }, + ], + }, + ], + }, + }, + }, +}; + export const RunningWithAppStatuses: Story = { args: { workspace: { diff --git a/site/src/pages/WorkspacePage/Workspace.tsx b/site/src/pages/WorkspacePage/Workspace.tsx index 9148c71f32d22..3f87ab7a818e5 100644 --- a/site/src/pages/WorkspacePage/Workspace.tsx +++ b/site/src/pages/WorkspacePage/Workspace.tsx @@ -272,22 +272,28 @@ export const Workspace: FC = ({ minWidth: 0 /* Prevent overflow */, }} > - {selectedResource.agents?.map((agent) => ( - - ))} + {selectedResource.agents + // If an agent has a `parent_id`, that means it is + // child of another agent. We do not want these agents + // to be displayed at the top-level on this page. We + // want them to display _as children_ of their parents. + ?.filter((agent) => agent.parent_id === null) + .map((agent) => ( + + ))} {(!selectedResource.agents || selectedResource.agents?.length === 0) && ( diff --git a/site/src/testHelpers/entities.ts b/site/src/testHelpers/entities.ts index 8b19905286a22..4e50009d5ba7d 100644 --- a/site/src/testHelpers/entities.ts +++ b/site/src/testHelpers/entities.ts @@ -944,6 +944,7 @@ export const MockWorkspaceAgent: TypesGen.WorkspaceAgent = { created_at: "", environment_variables: {}, id: "test-workspace-agent", + parent_id: null, name: "a-workspace-agent", operating_system: "linux", resource_id: "", @@ -978,6 +979,47 @@ export const MockWorkspaceAgent: TypesGen.WorkspaceAgent = { ], }; +export const MockWorkspaceChildAgent: TypesGen.WorkspaceAgent = { + apps: [], + architecture: "amd64", + created_at: "", + environment_variables: {}, + id: "test-workspace-child-agent", + parent_id: "test-workspace-agent", + name: "a-workspace-child-agent", + operating_system: "linux", + resource_id: "", + status: "connected", + updated_at: "", + version: MockBuildInfo.version, + api_version: MockBuildInfo.agent_api_version, + latency: { + "Coder Embedded DERP": { + latency_ms: 32.55, + preferred: true, + }, + }, + connection_timeout_seconds: 120, + troubleshooting_url: "https://coder.com/troubleshoot", + lifecycle_state: "starting", + logs_length: 0, + logs_overflowed: false, + log_sources: [MockWorkspaceAgentLogSource], + scripts: [], + startup_script_behavior: "non-blocking", + subsystems: ["envbox", "exectrace"], + health: { + healthy: true, + }, + display_apps: [ + "ssh_helper", + "port_forwarding_helper", + "vscode", + "vscode_insiders", + "web_terminal", + ], +}; + export const MockWorkspaceAppStatus: TypesGen.WorkspaceAppStatus = { id: "test-app-status", created_at: "2022-05-17T17:39:01.382927298Z", From 32f093ef5933528b6549938c5447ea926069e807 Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Tue, 20 May 2025 13:50:17 -0500 Subject: [PATCH 08/14] fix: correct environment variable name for MCP app status slug (cherry-pick #17948) (#17950) Cherry-picked fix: correct environment variable name for MCP app status slug (#17948) Fixed environment variable name for app status slug in Claude MCP configuration from `CODER_MCP_CLAUDE_APP_STATUS_SLUG` to `CODER_MCP_APP_STATUS_SLUG` to maintain consistency with other MCP environment variables. This also caused the User level Claude.md to not contain instructions to report its progress, so it did not receive status reports. Co-authored-by: Thomas Kosiewski --- cli/exp_mcp.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cli/exp_mcp.go b/cli/exp_mcp.go index 6174f0cffbf0e..fb866666daf4a 100644 --- a/cli/exp_mcp.go +++ b/cli/exp_mcp.go @@ -255,7 +255,7 @@ func (*RootCmd) mcpConfigureClaudeCode() *serpent.Command { { Name: "app-status-slug", Description: "The app status slug to use when running the Coder MCP server.", - Env: "CODER_MCP_CLAUDE_APP_STATUS_SLUG", + Env: "CODER_MCP_APP_STATUS_SLUG", Flag: "claude-app-status-slug", Value: serpent.StringOf(&appStatusSlug), }, From 8708d812222dbac749b0957361faa87e488dda75 Mon Sep 17 00:00:00 2001 From: Danny Kopping Date: Tue, 20 May 2025 21:27:28 +0200 Subject: [PATCH 09/14] chore: cherry-pick #17934 into 2.22 (#17952) Cherry-pick of https://github.com/coder/coder/pull/17934 --------- Signed-off-by: Thomas Kosiewski Signed-off-by: Danny Kopping Co-authored-by: Thomas Kosiewski --- coderd/agentapi/manifest.go | 11 +- coderd/agentapi/manifest_test.go | 9 +- coderd/workspaceagents_test.go | 64 ++++++--- coderd/workspaceagentsrpc.go | 13 +- coderd/workspaceagentsrpc_test.go | 209 +++++++++++++++++++----------- flake.nix | 1 + 6 files changed, 192 insertions(+), 115 deletions(-) diff --git a/coderd/agentapi/manifest.go b/coderd/agentapi/manifest.go index db8a0af3946a9..6815e8484b286 100644 --- a/coderd/agentapi/manifest.go +++ b/coderd/agentapi/manifest.go @@ -47,7 +47,6 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest scripts []database.WorkspaceAgentScript metadata []database.WorkspaceAgentMetadatum workspace database.Workspace - owner database.User devcontainers []database.WorkspaceAgentDevcontainer ) @@ -76,10 +75,6 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest if err != nil { return xerrors.Errorf("getting workspace by id: %w", err) } - owner, err = a.Database.GetUserByID(ctx, workspace.OwnerID) - if err != nil { - return xerrors.Errorf("getting workspace owner by id: %w", err) - } return err }) eg.Go(func() (err error) { @@ -98,7 +93,7 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest AppSlugOrPort: "{{port}}", AgentName: workspaceAgent.Name, WorkspaceName: workspace.Name, - Username: owner.Username, + Username: workspace.OwnerUsername, } vscodeProxyURI := vscodeProxyURI(appSlug, a.AccessURL, a.AppHostname) @@ -115,7 +110,7 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest } } - apps, err := dbAppsToProto(dbApps, workspaceAgent, owner.Username, workspace) + apps, err := dbAppsToProto(dbApps, workspaceAgent, workspace.OwnerUsername, workspace) if err != nil { return nil, xerrors.Errorf("converting workspace apps: %w", err) } @@ -123,7 +118,7 @@ func (a *ManifestAPI) GetManifest(ctx context.Context, _ *agentproto.GetManifest return &agentproto.Manifest{ AgentId: workspaceAgent.ID[:], AgentName: workspaceAgent.Name, - OwnerUsername: owner.Username, + OwnerUsername: workspace.OwnerUsername, WorkspaceId: workspace.ID[:], WorkspaceName: workspace.Name, GitAuthConfigs: gitAuthConfigs, diff --git a/coderd/agentapi/manifest_test.go b/coderd/agentapi/manifest_test.go index 98e7ccc8c8b52..178e790ab914d 100644 --- a/coderd/agentapi/manifest_test.go +++ b/coderd/agentapi/manifest_test.go @@ -46,9 +46,10 @@ func TestGetManifest(t *testing.T) { Username: "cool-user", } workspace = database.Workspace{ - ID: uuid.New(), - OwnerID: owner.ID, - Name: "cool-workspace", + ID: uuid.New(), + OwnerID: owner.ID, + OwnerUsername: owner.Username, + Name: "cool-workspace", } agent = database.WorkspaceAgent{ ID: uuid.New(), @@ -329,7 +330,6 @@ func TestGetManifest(t *testing.T) { }).Return(metadata, nil) mDB.EXPECT().GetWorkspaceAgentDevcontainersByAgentID(gomock.Any(), agent.ID).Return(devcontainers, nil) mDB.EXPECT().GetWorkspaceByID(gomock.Any(), workspace.ID).Return(workspace, nil) - mDB.EXPECT().GetUserByID(gomock.Any(), workspace.OwnerID).Return(owner, nil) got, err := api.GetManifest(context.Background(), &agentproto.GetManifestRequest{}) require.NoError(t, err) @@ -396,7 +396,6 @@ func TestGetManifest(t *testing.T) { }).Return(metadata, nil) mDB.EXPECT().GetWorkspaceAgentDevcontainersByAgentID(gomock.Any(), agent.ID).Return(devcontainers, nil) mDB.EXPECT().GetWorkspaceByID(gomock.Any(), workspace.ID).Return(workspace, nil) - mDB.EXPECT().GetUserByID(gomock.Any(), workspace.OwnerID).Return(owner, nil) got, err := api.GetManifest(context.Background(), &agentproto.GetManifestRequest{}) require.NoError(t, err) diff --git a/coderd/workspaceagents_test.go b/coderd/workspaceagents_test.go index 10403f1ac00ae..81aa74a2f2fb5 100644 --- a/coderd/workspaceagents_test.go +++ b/coderd/workspaceagents_test.go @@ -437,25 +437,55 @@ func TestWorkspaceAgentConnectRPC(t *testing.T) { t.Run("Connect", func(t *testing.T) { t.Parallel() - client, db := coderdtest.NewWithDatabase(t, nil) - user := coderdtest.CreateFirstUser(t, client) - r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{ - OrganizationID: user.OrganizationID, - OwnerID: user.UserID, - }).WithAgent().Do() - _ = agenttest.New(t, client.URL, r.AgentToken) - resources := coderdtest.AwaitWorkspaceAgents(t, client, r.Workspace.ID) + for _, tc := range []struct { + name string + apiKeyScope rbac.ScopeName + }{ + { + name: "empty (backwards compat)", + apiKeyScope: "", + }, + { + name: "all", + apiKeyScope: rbac.ScopeAll, + }, + { + name: "no_user_data", + apiKeyScope: rbac.ScopeNoUserData, + }, + { + name: "application_connect", + apiKeyScope: rbac.ScopeApplicationConnect, + }, + } { + t.Run(tc.name, func(t *testing.T) { + client, db := coderdtest.NewWithDatabase(t, nil) + user := coderdtest.CreateFirstUser(t, client) + r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{ + OrganizationID: user.OrganizationID, + OwnerID: user.UserID, + }).WithAgent(func(agents []*proto.Agent) []*proto.Agent { + for _, agent := range agents { + agent.ApiKeyScope = string(tc.apiKeyScope) + } - ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) - defer cancel() + return agents + }).Do() + _ = agenttest.New(t, client.URL, r.AgentToken) + resources := coderdtest.NewWorkspaceAgentWaiter(t, client, r.Workspace.ID).AgentNames([]string{}).Wait() - conn, err := workspacesdk.New(client). - DialAgent(ctx, resources[0].Agents[0].ID, nil) - require.NoError(t, err) - defer func() { - _ = conn.Close() - }() - conn.AwaitReachable(ctx) + ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) + defer cancel() + + conn, err := workspacesdk.New(client). + DialAgent(ctx, resources[0].Agents[0].ID, nil) + require.NoError(t, err) + defer func() { + _ = conn.Close() + }() + conn.AwaitReachable(ctx) + }) + } }) t.Run("FailNonLatestBuild", func(t *testing.T) { diff --git a/coderd/workspaceagentsrpc.go b/coderd/workspaceagentsrpc.go index 43da35410f632..2dcf65bd8c7d5 100644 --- a/coderd/workspaceagentsrpc.go +++ b/coderd/workspaceagentsrpc.go @@ -76,17 +76,8 @@ func (api *API) workspaceAgentRPC(rw http.ResponseWriter, r *http.Request) { return } - owner, err := api.Database.GetUserByID(ctx, workspace.OwnerID) - if err != nil { - httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{ - Message: "Internal error fetching user.", - Detail: err.Error(), - }) - return - } - logger = logger.With( - slog.F("owner", owner.Username), + slog.F("owner", workspace.OwnerUsername), slog.F("workspace_name", workspace.Name), slog.F("agent_name", workspaceAgent.Name), ) @@ -170,7 +161,7 @@ func (api *API) workspaceAgentRPC(rw http.ResponseWriter, r *http.Request) { }) streamID := tailnet.StreamID{ - Name: fmt.Sprintf("%s-%s-%s", owner.Username, workspace.Name, workspaceAgent.Name), + Name: fmt.Sprintf("%s-%s-%s", workspace.OwnerUsername, workspace.Name, workspaceAgent.Name), ID: workspaceAgent.ID, Auth: tailnet.AgentCoordinateeAuth{ID: workspaceAgent.ID}, } diff --git a/coderd/workspaceagentsrpc_test.go b/coderd/workspaceagentsrpc_test.go index 3f1f1a2b8a764..233c5665310f6 100644 --- a/coderd/workspaceagentsrpc_test.go +++ b/coderd/workspaceagentsrpc_test.go @@ -13,6 +13,7 @@ import ( "github.com/coder/coder/v2/coderd/database" "github.com/coder/coder/v2/coderd/database/dbfake" "github.com/coder/coder/v2/coderd/database/dbtime" + "github.com/coder/coder/v2/coderd/rbac" "github.com/coder/coder/v2/codersdk/agentsdk" "github.com/coder/coder/v2/provisionersdk/proto" "github.com/coder/coder/v2/testutil" @@ -22,88 +23,148 @@ import ( func TestWorkspaceAgentReportStats(t *testing.T) { t.Parallel() - tickCh := make(chan time.Time) - flushCh := make(chan int, 1) - client, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{ - WorkspaceUsageTrackerFlush: flushCh, - WorkspaceUsageTrackerTick: tickCh, - }) - user := coderdtest.CreateFirstUser(t, client) - r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{ - OrganizationID: user.OrganizationID, - OwnerID: user.UserID, - }).WithAgent().Do() + for _, tc := range []struct { + name string + apiKeyScope rbac.ScopeName + }{ + { + name: "empty (backwards compat)", + apiKeyScope: "", + }, + { + name: "all", + apiKeyScope: rbac.ScopeAll, + }, + { + name: "no_user_data", + apiKeyScope: rbac.ScopeNoUserData, + }, + { + name: "application_connect", + apiKeyScope: rbac.ScopeApplicationConnect, + }, + } { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() - ac := agentsdk.New(client.URL) - ac.SetSessionToken(r.AgentToken) - conn, err := ac.ConnectRPC(context.Background()) - require.NoError(t, err) - defer func() { - _ = conn.Close() - }() - agentAPI := agentproto.NewDRPCAgentClient(conn) + tickCh := make(chan time.Time) + flushCh := make(chan int, 1) + client, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{ + WorkspaceUsageTrackerFlush: flushCh, + WorkspaceUsageTrackerTick: tickCh, + }) + user := coderdtest.CreateFirstUser(t, client) + r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{ + OrganizationID: user.OrganizationID, + OwnerID: user.UserID, + }).WithAgent(func(agent []*proto.Agent) []*proto.Agent { + for _, a := range agent { + a.ApiKeyScope = string(tc.apiKeyScope) + } - _, err = agentAPI.UpdateStats(context.Background(), &agentproto.UpdateStatsRequest{ - Stats: &agentproto.Stats{ - ConnectionsByProto: map[string]int64{"TCP": 1}, - ConnectionCount: 1, - RxPackets: 1, - RxBytes: 1, - TxPackets: 1, - TxBytes: 1, - SessionCountVscode: 1, - SessionCountJetbrains: 0, - SessionCountReconnectingPty: 0, - SessionCountSsh: 0, - ConnectionMedianLatencyMs: 10, - }, - }) - require.NoError(t, err) + return agent + }, + ).Do() + + ac := agentsdk.New(client.URL) + ac.SetSessionToken(r.AgentToken) + conn, err := ac.ConnectRPC(context.Background()) + require.NoError(t, err) + defer func() { + _ = conn.Close() + }() + agentAPI := agentproto.NewDRPCAgentClient(conn) + + _, err = agentAPI.UpdateStats(context.Background(), &agentproto.UpdateStatsRequest{ + Stats: &agentproto.Stats{ + ConnectionsByProto: map[string]int64{"TCP": 1}, + ConnectionCount: 1, + RxPackets: 1, + RxBytes: 1, + TxPackets: 1, + TxBytes: 1, + SessionCountVscode: 1, + SessionCountJetbrains: 0, + SessionCountReconnectingPty: 0, + SessionCountSsh: 0, + ConnectionMedianLatencyMs: 10, + }, + }) + require.NoError(t, err) - tickCh <- dbtime.Now() - count := <-flushCh - require.Equal(t, 1, count, "expected one flush with one id") + tickCh <- dbtime.Now() + count := <-flushCh + require.Equal(t, 1, count, "expected one flush with one id") - newWorkspace, err := client.Workspace(context.Background(), r.Workspace.ID) - require.NoError(t, err) + newWorkspace, err := client.Workspace(context.Background(), r.Workspace.ID) + require.NoError(t, err) - assert.True(t, - newWorkspace.LastUsedAt.After(r.Workspace.LastUsedAt), - "%s is not after %s", newWorkspace.LastUsedAt, r.Workspace.LastUsedAt, - ) + assert.True(t, + newWorkspace.LastUsedAt.After(r.Workspace.LastUsedAt), + "%s is not after %s", newWorkspace.LastUsedAt, r.Workspace.LastUsedAt, + ) + }) + } } func TestAgentAPI_LargeManifest(t *testing.T) { t.Parallel() - ctx := testutil.Context(t, testutil.WaitLong) - client, store := coderdtest.NewWithDatabase(t, nil) - adminUser := coderdtest.CreateFirstUser(t, client) - n := 512000 - longScript := make([]byte, n) - for i := range longScript { - longScript[i] = 'q' + + for _, tc := range []struct { + name string + apiKeyScope rbac.ScopeName + }{ + { + name: "empty (backwards compat)", + apiKeyScope: "", + }, + { + name: "all", + apiKeyScope: rbac.ScopeAll, + }, + { + name: "no_user_data", + apiKeyScope: rbac.ScopeNoUserData, + }, + { + name: "application_connect", + apiKeyScope: rbac.ScopeApplicationConnect, + }, + } { + t.Run(tc.name, func(t *testing.T) { + t.Parallel() + ctx := testutil.Context(t, testutil.WaitLong) + client, store := coderdtest.NewWithDatabase(t, nil) + adminUser := coderdtest.CreateFirstUser(t, client) + n := 512000 + longScript := make([]byte, n) + for i := range longScript { + longScript[i] = 'q' + } + r := dbfake.WorkspaceBuild(t, store, database.WorkspaceTable{ + OrganizationID: adminUser.OrganizationID, + OwnerID: adminUser.UserID, + }).WithAgent(func(agents []*proto.Agent) []*proto.Agent { + agents[0].Scripts = []*proto.Script{ + { + Script: string(longScript), + }, + } + agents[0].ApiKeyScope = string(tc.apiKeyScope) + return agents + }).Do() + ac := agentsdk.New(client.URL) + ac.SetSessionToken(r.AgentToken) + conn, err := ac.ConnectRPC(ctx) + defer func() { + _ = conn.Close() + }() + require.NoError(t, err) + agentAPI := agentproto.NewDRPCAgentClient(conn) + manifest, err := agentAPI.GetManifest(ctx, &agentproto.GetManifestRequest{}) + require.NoError(t, err) + require.Len(t, manifest.Scripts, 1) + require.Len(t, manifest.Scripts[0].Script, n) + }) } - r := dbfake.WorkspaceBuild(t, store, database.WorkspaceTable{ - OrganizationID: adminUser.OrganizationID, - OwnerID: adminUser.UserID, - }).WithAgent(func(agents []*proto.Agent) []*proto.Agent { - agents[0].Scripts = []*proto.Script{ - { - Script: string(longScript), - }, - } - return agents - }).Do() - ac := agentsdk.New(client.URL) - ac.SetSessionToken(r.AgentToken) - conn, err := ac.ConnectRPC(ctx) - defer func() { - _ = conn.Close() - }() - require.NoError(t, err) - agentAPI := agentproto.NewDRPCAgentClient(conn) - manifest, err := agentAPI.GetManifest(ctx, &agentproto.GetManifestRequest{}) - require.NoError(t, err) - require.Len(t, manifest.Scripts, 1) - require.Len(t, manifest.Scripts[0].Script, n) } diff --git a/flake.nix b/flake.nix index bff207662f913..c0f36c3be6e0f 100644 --- a/flake.nix +++ b/flake.nix @@ -141,6 +141,7 @@ kubectl kubectx kubernetes-helm + lazydocker lazygit less mockgen From 4fe7ee2d666d067552cdcead01774445ed152747 Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Wed, 21 May 2025 11:22:07 +0400 Subject: [PATCH 10/14] fix: stop extending API key access if OIDC refresh is available (cherry-pick #17878) (#17960) Cherry-picked fix: stop extending API key access if OIDC refresh is available (#17878) fixes #17070 Cleans up our handling of APIKey expiration and OIDC to keep them separate concepts. For an OIDC-login APIKey, both the APIKey and OIDC link must be valid to login. If the OIDC link is expired and we have a refresh token, we will attempt to refresh. OIDC refreshes do not have any effect on APIKey expiry. https://github.com/coder/coder/issues/17070#issuecomment-2886183613 explains why this is the correct behavior. Co-authored-by: Spike Curtis --- coderd/coderdtest/oidctest/idp.go | 5 +- coderd/httpmw/apikey.go | 94 +++++++++--------- coderd/httpmw/apikey_test.go | 158 +++++++++++++++++++++++++++++- coderd/oauthpki/okidcpki_test.go | 1 + 4 files changed, 210 insertions(+), 48 deletions(-) diff --git a/coderd/coderdtest/oidctest/idp.go b/coderd/coderdtest/oidctest/idp.go index b82f8a00dedb4..c7f7d35937198 100644 --- a/coderd/coderdtest/oidctest/idp.go +++ b/coderd/coderdtest/oidctest/idp.go @@ -307,7 +307,7 @@ func WithCustomClientAuth(hook func(t testing.TB, req *http.Request) (url.Values // WithLogging is optional, but will log some HTTP calls made to the IDP. func WithLogging(t testing.TB, options *slogtest.Options) func(*FakeIDP) { return func(f *FakeIDP) { - f.logger = slogtest.Make(t, options) + f.logger = slogtest.Make(t, options).Named("fakeidp") } } @@ -794,6 +794,7 @@ func (f *FakeIDP) newToken(t testing.TB, email string, expires time.Time) string func (f *FakeIDP) newRefreshTokens(email string) string { refreshToken := uuid.NewString() f.refreshTokens.Store(refreshToken, email) + f.logger.Info(context.Background(), "new refresh token", slog.F("email", email), slog.F("token", refreshToken)) return refreshToken } @@ -1003,6 +1004,7 @@ func (f *FakeIDP) httpHandler(t testing.TB) http.Handler { return } + f.logger.Info(r.Context(), "http idp call refresh_token", slog.F("token", refreshToken)) _, ok := f.refreshTokens.Load(refreshToken) if !assert.True(t, ok, "invalid refresh_token") { http.Error(rw, "invalid refresh_token", http.StatusBadRequest) @@ -1026,6 +1028,7 @@ func (f *FakeIDP) httpHandler(t testing.TB) http.Handler { f.refreshTokensUsed.Store(refreshToken, true) // Always invalidate the refresh token after it is used. f.refreshTokens.Delete(refreshToken) + f.logger.Info(r.Context(), "refresh token invalidated", slog.F("token", refreshToken)) case "urn:ietf:params:oauth:grant-type:device_code": // Device flow var resp externalauth.ExchangeDeviceCodeResponse diff --git a/coderd/httpmw/apikey.go b/coderd/httpmw/apikey.go index d614b37a3d897..4b92848b773e2 100644 --- a/coderd/httpmw/apikey.go +++ b/coderd/httpmw/apikey.go @@ -232,16 +232,21 @@ func ExtractAPIKey(rw http.ResponseWriter, r *http.Request, cfg ExtractAPIKeyCon return optionalWrite(http.StatusUnauthorized, resp) } - var ( - link database.UserLink - now = dbtime.Now() - // Tracks if the API key has properties updated - changed = false - ) + now := dbtime.Now() + if key.ExpiresAt.Before(now) { + return optionalWrite(http.StatusUnauthorized, codersdk.Response{ + Message: SignedOutErrorMessage, + Detail: fmt.Sprintf("API key expired at %q.", key.ExpiresAt.String()), + }) + } + + // We only check OIDC stuff if we have a valid APIKey. An expired key means we don't trust the requestor + // really is the user whose key they have, and so we shouldn't be doing anything on their behalf including possibly + // refreshing the OIDC token. if key.LoginType == database.LoginTypeGithub || key.LoginType == database.LoginTypeOIDC { var err error //nolint:gocritic // System needs to fetch UserLink to check if it's valid. - link, err = cfg.DB.GetUserLinkByUserIDLoginType(dbauthz.AsSystemRestricted(ctx), database.GetUserLinkByUserIDLoginTypeParams{ + link, err := cfg.DB.GetUserLinkByUserIDLoginType(dbauthz.AsSystemRestricted(ctx), database.GetUserLinkByUserIDLoginTypeParams{ UserID: key.UserID, LoginType: key.LoginType, }) @@ -258,7 +263,7 @@ func ExtractAPIKey(rw http.ResponseWriter, r *http.Request, cfg ExtractAPIKeyCon }) } // Check if the OAuth token is expired - if link.OAuthExpiry.Before(now) && !link.OAuthExpiry.IsZero() && link.OAuthRefreshToken != "" { + if !link.OAuthExpiry.IsZero() && link.OAuthExpiry.Before(now) { if cfg.OAuth2Configs.IsZero() { return write(http.StatusInternalServerError, codersdk.Response{ Message: internalErrorMessage, @@ -267,12 +272,15 @@ func ExtractAPIKey(rw http.ResponseWriter, r *http.Request, cfg ExtractAPIKeyCon }) } + var friendlyName string var oauthConfig promoauth.OAuth2Config switch key.LoginType { case database.LoginTypeGithub: oauthConfig = cfg.OAuth2Configs.Github + friendlyName = "GitHub" case database.LoginTypeOIDC: oauthConfig = cfg.OAuth2Configs.OIDC + friendlyName = "OpenID Connect" default: return write(http.StatusInternalServerError, codersdk.Response{ Message: internalErrorMessage, @@ -292,7 +300,13 @@ func ExtractAPIKey(rw http.ResponseWriter, r *http.Request, cfg ExtractAPIKeyCon }) } - // If it is, let's refresh it from the provided config + if link.OAuthRefreshToken == "" { + return optionalWrite(http.StatusUnauthorized, codersdk.Response{ + Message: SignedOutErrorMessage, + Detail: fmt.Sprintf("%s session expired at %q. Try signing in again.", friendlyName, link.OAuthExpiry.String()), + }) + } + // We have a refresh token, so let's try it token, err := oauthConfig.TokenSource(r.Context(), &oauth2.Token{ AccessToken: link.OAuthAccessToken, RefreshToken: link.OAuthRefreshToken, @@ -300,28 +314,39 @@ func ExtractAPIKey(rw http.ResponseWriter, r *http.Request, cfg ExtractAPIKeyCon }).Token() if err != nil { return write(http.StatusUnauthorized, codersdk.Response{ - Message: "Could not refresh expired Oauth token. Try re-authenticating to resolve this issue.", - Detail: err.Error(), + Message: fmt.Sprintf( + "Could not refresh expired %s token. Try re-authenticating to resolve this issue.", + friendlyName), + Detail: err.Error(), }) } link.OAuthAccessToken = token.AccessToken link.OAuthRefreshToken = token.RefreshToken link.OAuthExpiry = token.Expiry - key.ExpiresAt = token.Expiry - changed = true + //nolint:gocritic // system needs to update user link + link, err = cfg.DB.UpdateUserLink(dbauthz.AsSystemRestricted(ctx), database.UpdateUserLinkParams{ + UserID: link.UserID, + LoginType: link.LoginType, + OAuthAccessToken: link.OAuthAccessToken, + OAuthAccessTokenKeyID: sql.NullString{}, // dbcrypt will update as required + OAuthRefreshToken: link.OAuthRefreshToken, + OAuthRefreshTokenKeyID: sql.NullString{}, // dbcrypt will update as required + OAuthExpiry: link.OAuthExpiry, + // Refresh should keep the same debug context because we use + // the original claims for the group/role sync. + Claims: link.Claims, + }) + if err != nil { + return write(http.StatusInternalServerError, codersdk.Response{ + Message: internalErrorMessage, + Detail: fmt.Sprintf("update user_link: %s.", err.Error()), + }) + } } } - // Checking if the key is expired. - // NOTE: The `RequireAuth` React component depends on this `Detail` to detect when - // the users token has expired. If you change the text here, make sure to update it - // in site/src/components/RequireAuth/RequireAuth.tsx as well. - if key.ExpiresAt.Before(now) { - return optionalWrite(http.StatusUnauthorized, codersdk.Response{ - Message: SignedOutErrorMessage, - Detail: fmt.Sprintf("API key expired at %q.", key.ExpiresAt.String()), - }) - } + // Tracks if the API key has properties updated + changed := false // Only update LastUsed once an hour to prevent database spam. if now.Sub(key.LastUsed) > time.Hour { @@ -363,29 +388,6 @@ func ExtractAPIKey(rw http.ResponseWriter, r *http.Request, cfg ExtractAPIKeyCon Detail: fmt.Sprintf("API key couldn't update: %s.", err.Error()), }) } - // If the API Key is associated with a user_link (e.g. Github/OIDC) - // then we want to update the relevant oauth fields. - if link.UserID != uuid.Nil { - //nolint:gocritic // system needs to update user link - link, err = cfg.DB.UpdateUserLink(dbauthz.AsSystemRestricted(ctx), database.UpdateUserLinkParams{ - UserID: link.UserID, - LoginType: link.LoginType, - OAuthAccessToken: link.OAuthAccessToken, - OAuthAccessTokenKeyID: sql.NullString{}, // dbcrypt will update as required - OAuthRefreshToken: link.OAuthRefreshToken, - OAuthRefreshTokenKeyID: sql.NullString{}, // dbcrypt will update as required - OAuthExpiry: link.OAuthExpiry, - // Refresh should keep the same debug context because we use - // the original claims for the group/role sync. - Claims: link.Claims, - }) - if err != nil { - return write(http.StatusInternalServerError, codersdk.Response{ - Message: internalErrorMessage, - Detail: fmt.Sprintf("update user_link: %s.", err.Error()), - }) - } - } // We only want to update this occasionally to reduce DB write // load. We update alongside the UserLink and APIKey since it's diff --git a/coderd/httpmw/apikey_test.go b/coderd/httpmw/apikey_test.go index bd979e88235ad..6e2e75ace9825 100644 --- a/coderd/httpmw/apikey_test.go +++ b/coderd/httpmw/apikey_test.go @@ -508,6 +508,102 @@ func TestAPIKey(t *testing.T) { require.Equal(t, sentAPIKey.ExpiresAt, gotAPIKey.ExpiresAt) }) + t.Run("APIKeyExpiredOAuthExpired", func(t *testing.T) { + t.Parallel() + var ( + db = dbmem.New() + user = dbgen.User(t, db, database.User{}) + sentAPIKey, token = dbgen.APIKey(t, db, database.APIKey{ + UserID: user.ID, + LastUsed: dbtime.Now().AddDate(0, 0, -1), + ExpiresAt: dbtime.Now().AddDate(0, 0, -1), + LoginType: database.LoginTypeOIDC, + }) + _ = dbgen.UserLink(t, db, database.UserLink{ + UserID: user.ID, + LoginType: database.LoginTypeOIDC, + OAuthExpiry: dbtime.Now().AddDate(0, 0, -1), + }) + + r = httptest.NewRequest("GET", "/", nil) + rw = httptest.NewRecorder() + ) + r.Header.Set(codersdk.SessionTokenHeader, token) + + // Include a valid oauth token for refreshing. If this token is invalid, + // it is difficult to tell an auth failure from an expired api key, or + // an expired oauth key. + oauthToken := &oauth2.Token{ + AccessToken: "wow", + RefreshToken: "moo", + Expiry: dbtime.Now().AddDate(0, 0, 1), + } + httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{ + DB: db, + OAuth2Configs: &httpmw.OAuth2Configs{ + OIDC: &testutil.OAuth2Config{ + Token: oauthToken, + }, + }, + RedirectToLogin: false, + })(successHandler).ServeHTTP(rw, r) + res := rw.Result() + defer res.Body.Close() + require.Equal(t, http.StatusUnauthorized, res.StatusCode) + + gotAPIKey, err := db.GetAPIKeyByID(r.Context(), sentAPIKey.ID) + require.NoError(t, err) + + require.Equal(t, sentAPIKey.LastUsed, gotAPIKey.LastUsed) + require.Equal(t, sentAPIKey.ExpiresAt, gotAPIKey.ExpiresAt) + }) + + t.Run("APIKeyExpiredOAuthNotExpired", func(t *testing.T) { + t.Parallel() + var ( + db = dbmem.New() + user = dbgen.User(t, db, database.User{}) + sentAPIKey, token = dbgen.APIKey(t, db, database.APIKey{ + UserID: user.ID, + LastUsed: dbtime.Now().AddDate(0, 0, -1), + ExpiresAt: dbtime.Now().AddDate(0, 0, -1), + LoginType: database.LoginTypeOIDC, + }) + _ = dbgen.UserLink(t, db, database.UserLink{ + UserID: user.ID, + LoginType: database.LoginTypeOIDC, + }) + + r = httptest.NewRequest("GET", "/", nil) + rw = httptest.NewRecorder() + ) + r.Header.Set(codersdk.SessionTokenHeader, token) + + oauthToken := &oauth2.Token{ + AccessToken: "wow", + RefreshToken: "moo", + Expiry: dbtime.Now().AddDate(0, 0, 1), + } + httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{ + DB: db, + OAuth2Configs: &httpmw.OAuth2Configs{ + OIDC: &testutil.OAuth2Config{ + Token: oauthToken, + }, + }, + RedirectToLogin: false, + })(successHandler).ServeHTTP(rw, r) + res := rw.Result() + defer res.Body.Close() + require.Equal(t, http.StatusUnauthorized, res.StatusCode) + + gotAPIKey, err := db.GetAPIKeyByID(r.Context(), sentAPIKey.ID) + require.NoError(t, err) + + require.Equal(t, sentAPIKey.LastUsed, gotAPIKey.LastUsed) + require.Equal(t, sentAPIKey.ExpiresAt, gotAPIKey.ExpiresAt) + }) + t.Run("OAuthRefresh", func(t *testing.T) { t.Parallel() var ( @@ -553,7 +649,67 @@ func TestAPIKey(t *testing.T) { require.NoError(t, err) require.Equal(t, sentAPIKey.LastUsed, gotAPIKey.LastUsed) - require.Equal(t, oauthToken.Expiry, gotAPIKey.ExpiresAt) + // Note that OAuth expiry is independent of APIKey expiry, so an OIDC refresh DOES NOT affect the expiry of the + // APIKey + require.Equal(t, sentAPIKey.ExpiresAt, gotAPIKey.ExpiresAt) + + gotLink, err := db.GetUserLinkByUserIDLoginType(r.Context(), database.GetUserLinkByUserIDLoginTypeParams{ + UserID: user.ID, + LoginType: database.LoginTypeGithub, + }) + require.NoError(t, err) + require.Equal(t, gotLink.OAuthRefreshToken, "moo") + }) + + t.Run("OAuthExpiredNoRefresh", func(t *testing.T) { + t.Parallel() + var ( + ctx = testutil.Context(t, testutil.WaitShort) + db = dbmem.New() + user = dbgen.User(t, db, database.User{}) + sentAPIKey, token = dbgen.APIKey(t, db, database.APIKey{ + UserID: user.ID, + LastUsed: dbtime.Now(), + ExpiresAt: dbtime.Now().AddDate(0, 0, 1), + LoginType: database.LoginTypeGithub, + }) + + r = httptest.NewRequest("GET", "/", nil) + rw = httptest.NewRecorder() + ) + _, err := db.InsertUserLink(ctx, database.InsertUserLinkParams{ + UserID: user.ID, + LoginType: database.LoginTypeGithub, + OAuthExpiry: dbtime.Now().AddDate(0, 0, -1), + OAuthAccessToken: "letmein", + }) + require.NoError(t, err) + + r.Header.Set(codersdk.SessionTokenHeader, token) + + oauthToken := &oauth2.Token{ + AccessToken: "wow", + RefreshToken: "moo", + Expiry: dbtime.Now().AddDate(0, 0, 1), + } + httpmw.ExtractAPIKeyMW(httpmw.ExtractAPIKeyConfig{ + DB: db, + OAuth2Configs: &httpmw.OAuth2Configs{ + Github: &testutil.OAuth2Config{ + Token: oauthToken, + }, + }, + RedirectToLogin: false, + })(successHandler).ServeHTTP(rw, r) + res := rw.Result() + defer res.Body.Close() + require.Equal(t, http.StatusUnauthorized, res.StatusCode) + + gotAPIKey, err := db.GetAPIKeyByID(r.Context(), sentAPIKey.ID) + require.NoError(t, err) + + require.Equal(t, sentAPIKey.LastUsed, gotAPIKey.LastUsed) + require.Equal(t, sentAPIKey.ExpiresAt, gotAPIKey.ExpiresAt) }) t.Run("RemoteIPUpdates", func(t *testing.T) { diff --git a/coderd/oauthpki/okidcpki_test.go b/coderd/oauthpki/okidcpki_test.go index 509da563a9145..7f7dda17bcba8 100644 --- a/coderd/oauthpki/okidcpki_test.go +++ b/coderd/oauthpki/okidcpki_test.go @@ -144,6 +144,7 @@ func TestAzureAKPKIWithCoderd(t *testing.T) { return values, nil }), oidctest.WithServing(), + oidctest.WithLogging(t, nil), ) cfg := fake.OIDCConfig(t, scopes, func(cfg *coderd.OIDCConfig) { cfg.AllowSignups = true From a9b1ccd680ed196997828ad6164c18c2a82b31e1 Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Thu, 29 May 2025 13:25:59 +0500 Subject: [PATCH 11/14] fix: handle `workspace.agent` and `agent.workspace.owner` in `coder ssh` (cherry-pick #18093) (#18096) Co-authored-by: Ethan <39577870+ethanndickson@users.noreply.github.com> Closes #18088. --- cli/ssh.go | 9 +++++++++ cli/ssh_test.go | 2 ++ 2 files changed, 11 insertions(+) diff --git a/cli/ssh.go b/cli/ssh.go index 7c5bda073f973..dd0568dc5e14c 100644 --- a/cli/ssh.go +++ b/cli/ssh.go @@ -1569,12 +1569,14 @@ func writeCoderConnectNetInfo(ctx context.Context, networkInfoDir string) error // Converts workspace name input to owner/workspace.agent format // Possible valid input formats: // workspace +// workspace.agent // owner/workspace // owner--workspace // owner/workspace--agent // owner/workspace.agent // owner--workspace--agent // owner--workspace.agent +// agent.workspace.owner - for parity with Coder Connect func normalizeWorkspaceInput(input string) string { // Split on "/", "--", and "." parts := workspaceNameRe.Split(input, -1) @@ -1583,8 +1585,15 @@ func normalizeWorkspaceInput(input string) string { case 1: return input // "workspace" case 2: + if strings.Contains(input, ".") { + return fmt.Sprintf("%s.%s", parts[0], parts[1]) // "workspace.agent" + } return fmt.Sprintf("%s/%s", parts[0], parts[1]) // "owner/workspace" case 3: + // If the only separator is a dot, it's the Coder Connect format + if !strings.Contains(input, "/") && !strings.Contains(input, "--") { + return fmt.Sprintf("%s/%s.%s", parts[2], parts[1], parts[0]) // "owner/workspace.agent" + } return fmt.Sprintf("%s/%s.%s", parts[0], parts[1], parts[2]) // "owner/workspace.agent" default: return input // Fallback diff --git a/cli/ssh_test.go b/cli/ssh_test.go index 5fcb6205d5e45..9f85652029f50 100644 --- a/cli/ssh_test.go +++ b/cli/ssh_test.go @@ -107,12 +107,14 @@ func TestSSH(t *testing.T) { cases := []string{ "myworkspace", + "myworkspace.dev", "myuser/myworkspace", "myuser--myworkspace", "myuser/myworkspace--dev", "myuser/myworkspace.dev", "myuser--myworkspace--dev", "myuser--myworkspace.dev", + "dev.myworkspace.myuser", } for _, tc := range cases { From 0156f0f375c4d7e2da31b2c2dbf2ba0b818d253a Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Thu, 29 May 2025 13:26:21 +0500 Subject: [PATCH 12/14] chore: add JetBrains icon (cherry-pick #18073) (#18097) Co-authored-by: Atif Ali --- site/src/theme/icons.json | 1 + site/static/icon/jetbrains.svg | 1 + 2 files changed, 2 insertions(+) create mode 100644 site/static/icon/jetbrains.svg diff --git a/site/src/theme/icons.json b/site/src/theme/icons.json index a9307bfc78446..1700579a07100 100644 --- a/site/src/theme/icons.json +++ b/site/src/theme/icons.json @@ -58,6 +58,7 @@ "javascript.svg", "jax.svg", "jetbrains-toolbox.svg", + "jetbrains.svg", "jfrog.svg", "jupyter.svg", "k8s.png", diff --git a/site/static/icon/jetbrains.svg b/site/static/icon/jetbrains.svg new file mode 100644 index 0000000000000..b281f962fca81 --- /dev/null +++ b/site/static/icon/jetbrains.svg @@ -0,0 +1 @@ + \ No newline at end of file From 37de9f3f459dc15f38e6648e13b1194f196e2371 Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Wed, 11 Jun 2025 13:27:41 +0500 Subject: [PATCH 13/14] chore: add windows icon (cherry-pick #18312) (#18321) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: ケイラ --- site/src/theme/icons.json | 1 + site/static/icon/windows.svg | 29 +++++++++++++++++++++++++++++ 2 files changed, 30 insertions(+) create mode 100644 site/static/icon/windows.svg diff --git a/site/src/theme/icons.json b/site/src/theme/icons.json index 1700579a07100..da86c1a26c8b1 100644 --- a/site/src/theme/icons.json +++ b/site/src/theme/icons.json @@ -102,6 +102,7 @@ "vault.svg", "webstorm.svg", "widgets.svg", + "windows.svg", "windsurf.svg", "zed.svg" ] diff --git a/site/static/icon/windows.svg b/site/static/icon/windows.svg new file mode 100644 index 0000000000000..8b774a501cdc1 --- /dev/null +++ b/site/static/icon/windows.svg @@ -0,0 +1,29 @@ + From e2485b1c2b2e082f2ad55919996a2c6b494e0f1d Mon Sep 17 00:00:00 2001 From: "gcp-cherry-pick-bot[bot]" <98988430+gcp-cherry-pick-bot[bot]@users.noreply.github.com> Date: Tue, 1 Jul 2025 09:42:34 +0400 Subject: [PATCH 14/14] fix: stop tearing down non-TTY processes on SSH session end (cherry-pick #18673) (#18678) Cherry-picked fix: stop tearing down non-TTY processes on SSH session end (#18673) (possibly temporary) fix for #18519 Matches OpenSSH for non-tty sessions, where we don't actively terminate the process. Adds explicit tracking to the SSH server for these processes so that if we are shutting down we terminate them: this ensures that we can shut down quickly to allow shutdown scripts to run. It also ensures our tests don't leak system resources. Co-authored-by: Spike Curtis --- agent/agentssh/agentssh.go | 42 +++++++++++++++++++++++++++++++++- agent/agentssh/exec_other.go | 10 ++++---- agent/agentssh/exec_windows.go | 20 ++++++++-------- 3 files changed, 54 insertions(+), 18 deletions(-) diff --git a/agent/agentssh/agentssh.go b/agent/agentssh/agentssh.go index 293dd4db169ac..b802ede9c93e7 100644 --- a/agent/agentssh/agentssh.go +++ b/agent/agentssh/agentssh.go @@ -124,6 +124,7 @@ type Server struct { listeners map[net.Listener]struct{} conns map[net.Conn]struct{} sessions map[ssh.Session]struct{} + processes map[*os.Process]struct{} closing chan struct{} // Wait for goroutines to exit, waited without // a lock on mu but protected by closing. @@ -182,6 +183,7 @@ func NewServer(ctx context.Context, logger slog.Logger, prometheusRegistry *prom fs: fs, conns: make(map[net.Conn]struct{}), sessions: make(map[ssh.Session]struct{}), + processes: make(map[*os.Process]struct{}), logger: logger, config: config, @@ -586,7 +588,10 @@ func (s *Server) startNonPTYSession(logger slog.Logger, session ssh.Session, mag // otherwise context cancellation will not propagate properly // and SSH server close may be delayed. cmd.SysProcAttr = cmdSysProcAttr() - cmd.Cancel = cmdCancel(session.Context(), logger, cmd) + + // to match OpenSSH, we don't actually tear a non-TTY command down, even if the session ends. + // c.f. https://github.com/coder/coder/issues/18519#issuecomment-3019118271 + cmd.Cancel = nil cmd.Stdout = session cmd.Stderr = session.Stderr() @@ -609,6 +614,16 @@ func (s *Server) startNonPTYSession(logger slog.Logger, session ssh.Session, mag s.metrics.sessionErrors.WithLabelValues(magicTypeLabel, "no", "start_command").Add(1) return xerrors.Errorf("start: %w", err) } + + // Since we don't cancel the process when the session stops, we still need to tear it down if we are closing. So + // track it here. + if !s.trackProcess(cmd.Process, true) { + // must be closing + err = cmdCancel(logger, cmd.Process) + return xerrors.Errorf("failed to track process: %w", err) + } + defer s.trackProcess(cmd.Process, false) + sigs := make(chan ssh.Signal, 1) session.Signals(sigs) defer func() { @@ -1052,6 +1067,27 @@ func (s *Server) trackSession(ss ssh.Session, add bool) (ok bool) { return true } +// trackCommand registers the process with the server. If the server is +// closing, the process is not registered and should be closed. +// +//nolint:revive +func (s *Server) trackProcess(p *os.Process, add bool) (ok bool) { + s.mu.Lock() + defer s.mu.Unlock() + if add { + if s.closing != nil { + // Server closed. + return false + } + s.wg.Add(1) + s.processes[p] = struct{}{} + return true + } + s.wg.Done() + delete(s.processes, p) + return true +} + // Close the server and all active connections. Server can be re-used // after Close is done. func (s *Server) Close() error { @@ -1091,6 +1127,10 @@ func (s *Server) Close() error { _ = c.Close() } + for p := range s.processes { + _ = cmdCancel(s.logger, p) + } + s.logger.Debug(ctx, "closing SSH server") err := s.srv.Close() diff --git a/agent/agentssh/exec_other.go b/agent/agentssh/exec_other.go index 54dfd50899412..aef496a1ef775 100644 --- a/agent/agentssh/exec_other.go +++ b/agent/agentssh/exec_other.go @@ -4,7 +4,7 @@ package agentssh import ( "context" - "os/exec" + "os" "syscall" "cdr.dev/slog" @@ -16,9 +16,7 @@ func cmdSysProcAttr() *syscall.SysProcAttr { } } -func cmdCancel(ctx context.Context, logger slog.Logger, cmd *exec.Cmd) func() error { - return func() error { - logger.Debug(ctx, "cmdCancel: sending SIGHUP to process and children", slog.F("pid", cmd.Process.Pid)) - return syscall.Kill(-cmd.Process.Pid, syscall.SIGHUP) - } +func cmdCancel(logger slog.Logger, p *os.Process) error { + logger.Debug(context.Background(), "cmdCancel: sending SIGHUP to process and children", slog.F("pid", p.Pid)) + return syscall.Kill(-p.Pid, syscall.SIGHUP) } diff --git a/agent/agentssh/exec_windows.go b/agent/agentssh/exec_windows.go index 39f0f97198479..0dafa67958a67 100644 --- a/agent/agentssh/exec_windows.go +++ b/agent/agentssh/exec_windows.go @@ -2,7 +2,7 @@ package agentssh import ( "context" - "os/exec" + "os" "syscall" "cdr.dev/slog" @@ -12,14 +12,12 @@ func cmdSysProcAttr() *syscall.SysProcAttr { return &syscall.SysProcAttr{} } -func cmdCancel(ctx context.Context, logger slog.Logger, cmd *exec.Cmd) func() error { - return func() error { - logger.Debug(ctx, "cmdCancel: killing process", slog.F("pid", cmd.Process.Pid)) - // Windows doesn't support sending signals to process groups, so we - // have to kill the process directly. In the future, we may want to - // implement a more sophisticated solution for process groups on - // Windows, but for now, this is a simple way to ensure that the - // process is terminated when the context is cancelled. - return cmd.Process.Kill() - } +func cmdCancel(logger slog.Logger, p *os.Process) error { + logger.Debug(context.Background(), "cmdCancel: killing process", slog.F("pid", p.Pid)) + // Windows doesn't support sending signals to process groups, so we + // have to kill the process directly. In the future, we may want to + // implement a more sophisticated solution for process groups on + // Windows, but for now, this is a simple way to ensure that the + // process is terminated when the context is cancelled. + return p.Kill() }

Field	Tracked
active_version_id	true
activity_bump	true
allow_user_autostart	true
allow_user_autostop	true
allow_user_cancel_workspace_jobs	true
autostart_block_days_of_week	true
autostop_requirement_days_of_week	true
autostop_requirement_weeks	true
created_at	false
created_by	true
created_by_avatar_url	false
created_by_username	false
default_ttl	true
deleted	false
deprecated	true
description	true
display_name	true
failure_ttl	true
group_acl	true
icon	true
id	true
max_port_sharing_level	true
name	true
organization_display_name	false
organization_icon	false
organization_id	false
organization_name	false
provisioner	true
require_active_version	true
time_til_dormant	true
time_til_dormant_autodelete	true
updated_at	false
user_acl	true

Field	Tracked
archived	true
created_at	false
created_by	true
created_by_avatar_url	false
created_by_username	false
external_auth_providers	false
id	true
job_id	false
message	false
name	true
organization_id	false
readme	true
source_example_id	false
template_id	true
updated_at	false

Field	Tracked
avatar_url	false
created_at	false
deleted	true
email	true
github_com_user_id	false
hashed_one_time_passcode	false
hashed_password	true
id	true
is_system	true
last_seen_at	false
login_type	true
name	true
one_time_passcode_expires_at	true
quiet_hours_schedule	true
rbac_roles	true
status	true
updated_at	false
username	true

Field	Tracked
api_version	false
architecture	false
auth_instance_id	false
auth_token	false
connection_timeout_seconds	false
created_at	false
directory	false
disconnected_at	false
display_apps	false
display_order	false
environment_variables	false
expanded_directory	false
first_connected_at	false
id	false
instance_metadata	false
last_connected_at	false
last_connected_replica_id	false
lifecycle_state	false
logs_length	false
logs_overflowed	false
motd_file	false
name	false
operating_system	false
ready_at	false
resource_id	false
resource_metadata	false
started_at	false
subsystems	false
troubleshooting_url	false
updated_at	false
version	false

Field	Tracked
api_key_scope	false
api_version	false
architecture	false
auth_instance_id	false
auth_token	false
connection_timeout_seconds	false
created_at	false
directory	false
disconnected_at	false
display_apps	false
display_order	false
environment_variables	false
expanded_directory	false
first_connected_at	false
id	false
instance_metadata	false
last_connected_at	false
last_connected_replica_id	false
lifecycle_state	false
logs_length	false
logs_overflowed	false
motd_file	false
name	false
operating_system	false
ready_at	false
resource_id	false
resource_metadata	false
started_at	false
subsystems	false
troubleshooting_url	false
updated_at	false
version	false

Field	Tracked
agent_id	false
command	false
created_at	false
display_name	false
display_order	false
external	false
health	false
healthcheck_interval	false
healthcheck_threshold	false
healthcheck_url	false
hidden	false
icon	false
id	false
open_in	false
sharing_level	false
slug	false
subdomain	false
url	false

Field	Tracked
build_number	false
created_at	false
daily_cost	false
deadline	false
id	false
initiator_by_avatar_url	false
initiator_by_username	false
initiator_id	false
job_id	false
max_deadline	false
provisioner_state	false
reason	false
template_version_id	true
template_version_preset_id	false
transition	false
updated_at	false
workspace_id	false