From 54a17dfb34ab90fe6746aef1ff1cd6247a21b242 Mon Sep 17 00:00:00 2001 From: stringhandler Date: Mon, 4 Mar 2024 12:44:27 +0200 Subject: [PATCH 1/3] fix: add allow list instead of deny list (#6179) Co-authored-by: Stan Bondi --- applications/minotari_node/src/cli.rs | 6 ++ applications/minotari_node/src/config.rs | 16 ++--- .../src/grpc/base_node_grpc_server.rs | 19 +++++- applications/minotari_node/src/lib.rs | 1 + .../c_base_node_b_mining_deny_methods.toml | 58 ++++++++----------- ...c_base_node_b_non_mining_deny_methods.toml | 38 +----------- integration_tests/src/base_node_process.rs | 40 ++++++++++++- 7 files changed, 93 insertions(+), 85 deletions(-) diff --git a/applications/minotari_node/src/cli.rs b/applications/minotari_node/src/cli.rs index d180fed2e5..f4eb4da533 100644 --- a/applications/minotari_node/src/cli.rs +++ b/applications/minotari_node/src/cli.rs @@ -49,6 +49,8 @@ pub struct Cli { pub grpc_enabled: bool, #[clap(long, env = "MINOTARI_NODE_ENABLE_MINING", alias = "enable-mining")] pub mining_enabled: bool, + #[clap(long, env = "MINOTARI_NODE_SECOND_LAYER_GRPC_ENABLED", alias = "enable-second-layer")] + pub second_layer_grpc_enabled: bool, } impl ConfigOverrideProvider for Cli { @@ -67,6 +69,10 @@ impl ConfigOverrideProvider for Cli { overrides.push(("base_node.grpc_enabled".to_string(), "true".to_string())); overrides.push(("base_node.mining_enabled".to_string(), "true".to_string())); } + if self.second_layer_grpc_enabled { + overrides.push(("base_node.grpc_enabled".to_string(), "true".to_string())); + overrides.push(("base_node.second_layer_grpc_enabled".to_string(), "true".to_string())); + } overrides } } diff --git a/applications/minotari_node/src/config.rs b/applications/minotari_node/src/config.rs index 494dbf868b..a9de89dea3 100644 --- a/applications/minotari_node/src/config.rs +++ b/applications/minotari_node/src/config.rs @@ -89,13 +89,15 @@ pub struct BaseNodeConfig { /// GRPC address of base node pub grpc_address: Option, /// GRPC server config - which methods are active and which not - pub grpc_server_deny_methods: Vec, + pub grpc_server_allow_methods: Vec, /// GRPC authentication mode pub grpc_authentication: GrpcAuthentication, /// GRPC tls enabled pub grpc_tls_enabled: bool, /// Enable mining on the base node, overriding other settings regarding mining pub mining_enabled: bool, + /// Enable second layer specific grpc methods. + pub second_layer_grpc_enabled: bool, /// A path to the file that stores the base node identity and secret key pub identity_file: PathBuf, /// Spin up and use a built-in Tor instance. This only works on macos/linux - requires that the wallet was built @@ -154,19 +156,11 @@ impl Default for BaseNodeConfig { network: Network::default(), grpc_enabled: true, grpc_address: None, - grpc_server_deny_methods: vec![ - // These gRPC server methods share sensitive information, thus disabled by default - GrpcMethod::GetVersion, - GrpcMethod::CheckForUpdates, - GrpcMethod::GetSyncInfo, - GrpcMethod::GetSyncProgress, - GrpcMethod::GetTipInfo, - GrpcMethod::Identify, - GrpcMethod::GetNetworkStatus, - ], + grpc_server_allow_methods: vec![GrpcMethod::GetVersion], grpc_authentication: GrpcAuthentication::default(), grpc_tls_enabled: false, mining_enabled: false, + second_layer_grpc_enabled: false, identity_file: PathBuf::from("config/base_node_id.json"), use_libtor: true, tor_identity_file: PathBuf::from("config/base_node_tor_id.json"), diff --git a/applications/minotari_node/src/grpc/base_node_grpc_server.rs b/applications/minotari_node/src/grpc/base_node_grpc_server.rs index 32369f4312..468bc0f537 100644 --- a/applications/minotari_node/src/grpc/base_node_grpc_server.rs +++ b/applications/minotari_node/src/grpc/base_node_grpc_server.rs @@ -121,6 +121,7 @@ impl BaseNodeGrpcServer { fn is_method_enabled(&self, grpc_method: GrpcMethod) -> bool { let mining_method = vec![ + GrpcMethod::GetVersion, GrpcMethod::GetNewBlockTemplate, GrpcMethod::GetNewBlock, GrpcMethod::GetNewBlockBlob, @@ -128,10 +129,26 @@ impl BaseNodeGrpcServer { GrpcMethod::SubmitBlockBlob, GrpcMethod::GetTipInfo, ]; + + let second_layer_methods = vec![ + GrpcMethod::GetVersion, + GrpcMethod::GetConstants, + GrpcMethod::GetMempoolTransactions, + GrpcMethod::GetTipInfo, + GrpcMethod::GetActiveValidatorNodes, + GrpcMethod::GetShardKey, + GrpcMethod::GetTemplateRegistrations, + GrpcMethod::GetHeaderByHash, + GrpcMethod::GetSideChainUtxos, + ]; if self.config.mining_enabled && mining_method.contains(&grpc_method) { return true; } - !self.config.grpc_server_deny_methods.contains(&grpc_method) + if self.config.second_layer_grpc_enabled && second_layer_methods.contains(&grpc_method) { + return true; + } + + self.config.grpc_server_allow_methods.contains(&grpc_method) } } diff --git a/applications/minotari_node/src/lib.rs b/applications/minotari_node/src/lib.rs index 83fd991cdd..d6b8b0596d 100644 --- a/applications/minotari_node/src/lib.rs +++ b/applications/minotari_node/src/lib.rs @@ -88,6 +88,7 @@ pub async fn run_base_node( profile_with_tokio_console: false, grpc_enabled: false, mining_enabled: false, + second_layer_grpc_enabled: false, }; run_base_node_with_cli(node_identity, config, cli, shutdown).await diff --git a/common/config/presets/c_base_node_b_mining_deny_methods.toml b/common/config/presets/c_base_node_b_mining_deny_methods.toml index f0f1d5fcf2..f84606b787 100644 --- a/common/config/presets/c_base_node_b_mining_deny_methods.toml +++ b/common/config/presets/c_base_node_b_mining_deny_methods.toml @@ -1,5 +1,6 @@ - [base_node] +#mining_enabled = false +#second_layer_grpc_enabled = false # Set to false to disable the base node GRPC server (default = true) grpc_enabled = true @@ -13,39 +14,26 @@ grpc_enabled = true #grpc_tls_enabled = false # Uncomment all gRPC server methods that should be denied default (only active when `grpc_enabled = true`) -grpc_server_deny_methods = [ +grpc_server_allow_methods = [ "get_version", - "check_for_updates", - "get_sync_info", - "get_sync_progress", - #"get_tip_info", - "identify", - "get_network_status", - #"list_headers", - "get_header_by_hash", - "get_blocks", - "get_block_timing", - "get_constants", - "get_block_size", - "get_block_fees", - #"get_tokens_in_circulation", - #"get_network_difficulty", - #"get_new_block_template", - #"get_new_block", - #"get_new_block_blob", - #"submit_block", - #"submit_block_blob", - #"submit_transaction", - #"search_kernels", - #"search_utxos", - #"fetch_matching_utxos", - "get_peers", - "get_mempool_transactions", - #"transaction_state", - #"list_connected_peers", - #"get_mempool_stats", - #"get_active_validator_nodes", - #"get_shard_key", - #"get_template_registrations", - #"get_side_chain_utxos", + "get_tip_info", + "list_headers", + "get_tokens_in_circulation", + "get_network_difficulty", + "get_new_block_template", + "get_new_block", + "get_new_block_blob", + "submit_block", + "submit_block_blob", + "submit_transaction", + "search_kernels", + "search_utxos", + "fetch_matching_utxos", + "transaction_state", + "list_connected_peers", + "get_mempool_stats", + "get_active_validator_nodes", + "get_shard_key", + "get_template_registrations", + "get_side_chain_utxos", ] diff --git a/common/config/presets/c_base_node_b_non_mining_deny_methods.toml b/common/config/presets/c_base_node_b_non_mining_deny_methods.toml index 0dfcc8d0f6..cc3bed4ec6 100644 --- a/common/config/presets/c_base_node_b_non_mining_deny_methods.toml +++ b/common/config/presets/c_base_node_b_non_mining_deny_methods.toml @@ -1,5 +1,6 @@ - [base_node] +#mining_enabled = false +#second_layer_grpc_enabled = false # Set to false to disable the base node GRPC server (default = true) grpc_enabled = false @@ -13,39 +14,6 @@ grpc_enabled = false #grpc_tls_enabled = false # Uncomment all gRPC server methods that should be denied default (only active when `grpc_enabled = true`) -grpc_server_deny_methods = [ +grpc_server_allow_methods = [ "get_version", - "check_for_updates", - "get_sync_info", - "get_sync_progress", - "get_tip_info", - "identify", - "get_network_status", - "list_headers", - "get_header_by_hash", - "get_blocks", - "get_block_timing", - "get_constants", - "get_block_size", - "get_block_fees", - "get_tokens_in_circulation", - "get_network_difficulty", - "get_new_block_template", - "get_new_block", - "get_new_block_blob", - "submit_block", - "submit_block_blob", - "submit_transaction", - "search_kernels", - "search_utxos", - "fetch_matching_utxos", - "get_peers", - "get_mempool_transactions", - "transaction_state", - "list_connected_peers", - "get_mempool_stats", - "get_active_validator_nodes", - "get_shard_key", - "get_template_registrations", - "get_side_chain_utxos", ] diff --git a/integration_tests/src/base_node_process.rs b/integration_tests/src/base_node_process.rs index 10d838ad85..d24e16fb29 100644 --- a/integration_tests/src/base_node_process.rs +++ b/integration_tests/src/base_node_process.rs @@ -30,7 +30,7 @@ use std::{ }; use minotari_app_utilities::identity_management::save_as_json; -use minotari_node::{run_base_node, BaseNodeConfig, MetricsConfig}; +use minotari_node::{config::GrpcMethod, run_base_node, BaseNodeConfig, MetricsConfig}; use minotari_node_grpc_client::BaseNodeGrpcClient; use rand::rngs::OsRng; use tari_common::{ @@ -190,8 +190,42 @@ pub async fn spawn_base_node_with_config( if base_node_config.base_node.storage.pruning_horizon != 0 { base_node_config.base_node.storage.pruning_interval = 1; }; - - base_node_config.base_node.grpc_server_deny_methods = vec![]; + base_node_config.base_node.grpc_server_allow_methods = vec![ + GrpcMethod::ListHeaders, + GrpcMethod::GetHeaderByHash, + GrpcMethod::GetBlocks, + GrpcMethod::GetBlockTiming, + GrpcMethod::GetConstants, + GrpcMethod::GetBlockSize, + GrpcMethod::GetBlockFees, + GrpcMethod::GetVersion, + GrpcMethod::CheckForUpdates, + GrpcMethod::GetTokensInCirculation, + GrpcMethod::GetNetworkDifficulty, + GrpcMethod::GetNewBlockTemplate, + GrpcMethod::GetNewBlock, + GrpcMethod::GetNewBlockBlob, + GrpcMethod::SubmitBlock, + GrpcMethod::SubmitBlockBlob, + GrpcMethod::SubmitTransaction, + GrpcMethod::GetSyncInfo, + GrpcMethod::GetSyncProgress, + GrpcMethod::GetTipInfo, + GrpcMethod::SearchKernels, + GrpcMethod::SearchUtxos, + GrpcMethod::FetchMatchingUtxos, + GrpcMethod::GetPeers, + GrpcMethod::GetMempoolTransactions, + GrpcMethod::TransactionState, + GrpcMethod::Identify, + GrpcMethod::GetNetworkStatus, + GrpcMethod::ListConnectedPeers, + GrpcMethod::GetMempoolStats, + GrpcMethod::GetActiveValidatorNodes, + GrpcMethod::GetShardKey, + GrpcMethod::GetTemplateRegistrations, + GrpcMethod::GetSideChainUtxos, + ]; // Heirachically set the base path for all configs base_node_config.base_node.set_base_path(temp_dir_path.clone()); From 8b85be12ee81ff1a69bf342caabb3cc509f61db1 Mon Sep 17 00:00:00 2001 From: SW van Heerden Date: Thu, 14 Mar 2024 14:18:09 +0200 Subject: [PATCH 2/3] change config --- .../src/run_merge_miner.rs | 4 +- applications/minotari_miner/src/run_miner.rs | 6 +-- applications/minotari_node/src/config.rs | 14 ++--- ...> c_base_node_b_mining_allow_methods.toml} | 15 +++++- ..._base_node_b_non_mining_allow_methods.toml | 52 +++++++++++++++++++ ...c_base_node_b_non_mining_deny_methods.toml | 19 ------- common/src/configuration/utils.rs | 8 +-- 7 files changed, 82 insertions(+), 36 deletions(-) rename common/config/presets/{c_base_node_b_mining_deny_methods.toml => c_base_node_b_mining_allow_methods.toml} (71%) create mode 100644 common/config/presets/c_base_node_b_non_mining_allow_methods.toml delete mode 100644 common/config/presets/c_base_node_b_non_mining_deny_methods.toml diff --git a/applications/minotari_merge_mining_proxy/src/run_merge_miner.rs b/applications/minotari_merge_mining_proxy/src/run_merge_miner.rs index 676e96bf6a..ec076c94b6 100644 --- a/applications/minotari_merge_mining_proxy/src/run_merge_miner.rs +++ b/applications/minotari_merge_mining_proxy/src/run_merge_miner.rs @@ -79,8 +79,8 @@ pub async fn start_merge_miner(cli: Cli) -> Result<(), anyhow::Error> { if let MmProxyError::BaseNodeNotResponding(_) = e { error!(target: LOG_TARGET, "{}", e.to_string()); println!(); - let msg = "Are the base node's gRPC mining methods denied in its 'config.toml'? Please ensure these \ - methods are commented out:\n 'grpc_server_deny_methods': \"get_new_block_template\", \ + let msg = "Are the base node's gRPC mining methods allowed in its 'config.toml'? Please ensure these \ + methods are enabled in:\n 'grpc_server_allow_methods': \"get_new_block_template\", \ \"get_tip_info\", \"get_new_block\", \"submit_block\""; println!("{}", msg); println!(); diff --git a/applications/minotari_miner/src/run_miner.rs b/applications/minotari_miner/src/run_miner.rs index 4e856d549c..e3e41cd4e2 100644 --- a/applications/minotari_miner/src/run_miner.rs +++ b/applications/minotari_miner/src/run_miner.rs @@ -132,9 +132,9 @@ pub async fn start_miner(cli: Cli) -> Result<(), ExitError> { if let MinerError::BaseNodeNotResponding(_) = e { error!(target: LOG_TARGET, "{}", e.to_string()); println!(); - let msg = "Could not connect to the base node. \nAre the base node's gRPC mining methods denied in \ - its 'config.toml'? Please ensure these methods are commented out:\n \ - 'grpc_server_deny_methods': \"get_new_block_template\", \"get_tip_info\", \ + let msg = "Could not connect to the base node. \nAre the base node's gRPC mining methods allowed in \ + its 'config.toml'? Please ensure these methods are enabled in:\n \ + 'grpc_server_allow_methods': \"get_new_block_template\", \"get_tip_info\", \ \"get_new_block\", \"submit_block\""; println!("{}", msg); println!(); diff --git a/applications/minotari_node/src/config.rs b/applications/minotari_node/src/config.rs index a9de89dea3..aac19faacd 100644 --- a/applications/minotari_node/src/config.rs +++ b/applications/minotari_node/src/config.rs @@ -274,14 +274,14 @@ mod tests { #[derive(Clone, Serialize, Deserialize, Debug)] #[allow(clippy::struct_excessive_bools)] struct TestInnerConfig { - deny_methods: Vec, + allow_methods: Vec, } #[test] fn it_deserializes_enums() { let config_str = r#" name = "blockchain champion" - inner_config.deny_methods = [ + inner_config.allow_methods = [ "list_headers", "get_constants", # "get_blocks" @@ -292,10 +292,10 @@ mod tests { let config = toml::from_str::(config_str).unwrap(); // Enums in the config - assert!(config.inner_config.deny_methods.contains(&GrpcMethod::ListHeaders)); - assert!(config.inner_config.deny_methods.contains(&GrpcMethod::GetConstants)); - assert!(!config.inner_config.deny_methods.contains(&GrpcMethod::GetBlocks)); // commented out in the config - assert!(config.inner_config.deny_methods.contains(&GrpcMethod::Identify)); - assert!(!config.inner_config.deny_methods.contains(&GrpcMethod::GetShardKey)); // commented out in the config + assert!(config.inner_config.allow_methods.contains(&GrpcMethod::ListHeaders)); + assert!(config.inner_config.allow_methods.contains(&GrpcMethod::GetConstants)); + assert!(!config.inner_config.allow_methods.contains(&GrpcMethod::GetBlocks)); // commented out in the config + assert!(config.inner_config.allow_methods.contains(&GrpcMethod::Identify)); + assert!(!config.inner_config.allow_methods.contains(&GrpcMethod::GetShardKey)); // commented out in the config } } diff --git a/common/config/presets/c_base_node_b_mining_deny_methods.toml b/common/config/presets/c_base_node_b_mining_allow_methods.toml similarity index 71% rename from common/config/presets/c_base_node_b_mining_deny_methods.toml rename to common/config/presets/c_base_node_b_mining_allow_methods.toml index f84606b787..f5089c640e 100644 --- a/common/config/presets/c_base_node_b_mining_deny_methods.toml +++ b/common/config/presets/c_base_node_b_mining_allow_methods.toml @@ -13,11 +13,22 @@ grpc_enabled = true # Use gRPC over TLS (default = false) #grpc_tls_enabled = false -# Uncomment all gRPC server methods that should be denied default (only active when `grpc_enabled = true`) +# Uncomment all gRPC server methods that should be denied (only active when `grpc_enabled = true`) grpc_server_allow_methods = [ "get_version", + #"check_for_updates", + #"get_sync_info", + #"get_sync_progress", "get_tip_info", + #"identify", + #"get_network_status", "list_headers", + #"get_header_by_hash", + #"get_blocks", + #"get_block_timing", + #"get_constants", + #"get_block_size", + #"get_block_fees", "get_tokens_in_circulation", "get_network_difficulty", "get_new_block_template", @@ -29,6 +40,8 @@ grpc_server_allow_methods = [ "search_kernels", "search_utxos", "fetch_matching_utxos", + #"get_peers", + #"get_mempool_transactions", "transaction_state", "list_connected_peers", "get_mempool_stats", diff --git a/common/config/presets/c_base_node_b_non_mining_allow_methods.toml b/common/config/presets/c_base_node_b_non_mining_allow_methods.toml new file mode 100644 index 0000000000..e088a8d62b --- /dev/null +++ b/common/config/presets/c_base_node_b_non_mining_allow_methods.toml @@ -0,0 +1,52 @@ +[base_node] +#mining_enabled = false +#second_layer_grpc_enabled = false +# Set to false to disable the base node GRPC server (default = true) +grpc_enabled = false + +# The socket to expose for the gRPC base node server (default = "/ip4/127.0.0.1/tcp/18142") +#grpc_address = "/ip4/127.0.0.1/tcp/18142" + +# gRPC authentication method (default = "none") +#grpc_authentication = { username = "admin", password = "xxxx" } + +# Use gRPC over TLS (default = false) +#grpc_tls_enabled = false + +# Uncomment all gRPC server methods that should be denied (only active when `grpc_enabled = true`) +grpc_server_allow_methods = [ + "get_version", + #"check_for_updates", + #"get_sync_info", + #"get_sync_progress", + #"get_tip_info", + #"identify", + #"get_network_status", + #"list_headers", + #"get_header_by_hash", + #"get_blocks", + #"get_block_timing", + #"get_constants", + #"get_block_size", + #"get_block_fees", + #"get_tokens_in_circulation", + #"get_network_difficulty", + #"get_new_block_template", + #"get_new_block", + #"get_new_block_blob", + #"submit_block", + #"submit_block_blob", + #"submit_transaction", + #"search_kernels", + #"search_utxos", + #"fetch_matching_utxos", + #"get_peers", + #"get_mempool_transactions", + #"transaction_state", + #"list_connected_peers", + #"get_mempool_stats", + #"get_active_validator_nodes", + #"get_shard_key", + #"get_template_registrations", + #"get_side_chain_utxos", +] diff --git a/common/config/presets/c_base_node_b_non_mining_deny_methods.toml b/common/config/presets/c_base_node_b_non_mining_deny_methods.toml deleted file mode 100644 index cc3bed4ec6..0000000000 --- a/common/config/presets/c_base_node_b_non_mining_deny_methods.toml +++ /dev/null @@ -1,19 +0,0 @@ -[base_node] -#mining_enabled = false -#second_layer_grpc_enabled = false -# Set to false to disable the base node GRPC server (default = true) -grpc_enabled = false - -# The socket to expose for the gRPC base node server (default = "/ip4/127.0.0.1/tcp/18142") -#grpc_address = "/ip4/127.0.0.1/tcp/18142" - -# gRPC authentication method (default = "none") -#grpc_authentication = { username = "admin", password = "xxxx" } - -# Use gRPC over TLS (default = false) -#grpc_tls_enabled = false - -# Uncomment all gRPC server methods that should be denied default (only active when `grpc_enabled = true`) -grpc_server_allow_methods = [ - "get_version", -] diff --git a/common/src/configuration/utils.rs b/common/src/configuration/utils.rs index 4e98f03ff2..cacd4cc0a6 100644 --- a/common/src/configuration/utils.rs +++ b/common/src/configuration/utils.rs @@ -119,10 +119,10 @@ pub fn prompt_default_config() -> [&'static str; 12] { /// Returns the default configuration file template in parts from the embedded presets. If use_mining_config is true, /// the base node configuration that enables mining is returned, otherwise the non-mining configuration is returned. pub fn get_default_config(use_mining_config: bool) -> [&'static str; 12] { - let base_node_deny_methods = if use_mining_config { - include_str!("../../config/presets/c_base_node_b_mining_deny_methods.toml") + let base_node_allow_methods = if use_mining_config { + include_str!("../../config/presets/c_base_node_b_mining_allow_methods.toml") } else { - include_str!("../../config/presets/c_base_node_b_non_mining_deny_methods.toml") + include_str!("../../config/presets/c_base_node_b_non_mining_allow_methods.toml") }; let common = include_str!("../../config/presets/a_common.toml"); @@ -130,7 +130,7 @@ pub fn get_default_config(use_mining_config: bool) -> [&'static str; 12] { common, include_str!("../../config/presets/b_peer_seeds.toml"), include_str!("../../config/presets/c_base_node_a.toml"), - base_node_deny_methods, + base_node_allow_methods, include_str!("../../config/presets/c_base_node_c.toml"), include_str!("../../config/presets/d_console_wallet.toml"), include_str!("../../config/presets/g_miner.toml"), From e16e3748feff92910d7eba44f562bee48a5fba33 Mon Sep 17 00:00:00 2001 From: SW van Heerden Date: Tue, 19 Mar 2024 10:29:41 +0200 Subject: [PATCH 3/3] Apply suggestions from code review Co-authored-by: Hansie Odendaal <39146854+hansieodendaal@users.noreply.github.com> --- common/config/presets/c_base_node_b_mining_allow_methods.toml | 2 +- .../config/presets/c_base_node_b_non_mining_allow_methods.toml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/common/config/presets/c_base_node_b_mining_allow_methods.toml b/common/config/presets/c_base_node_b_mining_allow_methods.toml index f5089c640e..8a2d6113dc 100644 --- a/common/config/presets/c_base_node_b_mining_allow_methods.toml +++ b/common/config/presets/c_base_node_b_mining_allow_methods.toml @@ -13,7 +13,7 @@ grpc_enabled = true # Use gRPC over TLS (default = false) #grpc_tls_enabled = false -# Uncomment all gRPC server methods that should be denied (only active when `grpc_enabled = true`) +# Uncomment all gRPC server methods that should be allowed (only active when `grpc_enabled = true`) grpc_server_allow_methods = [ "get_version", #"check_for_updates", diff --git a/common/config/presets/c_base_node_b_non_mining_allow_methods.toml b/common/config/presets/c_base_node_b_non_mining_allow_methods.toml index e088a8d62b..92ebf7cf34 100644 --- a/common/config/presets/c_base_node_b_non_mining_allow_methods.toml +++ b/common/config/presets/c_base_node_b_non_mining_allow_methods.toml @@ -13,7 +13,7 @@ grpc_enabled = false # Use gRPC over TLS (default = false) #grpc_tls_enabled = false -# Uncomment all gRPC server methods that should be denied (only active when `grpc_enabled = true`) +# Uncomment all gRPC server methods that should be allowed (only active when `grpc_enabled = true`) grpc_server_allow_methods = [ "get_version", #"check_for_updates",