From aeb1b6fd61e6693818951d8cb6da9fa380052487 Mon Sep 17 00:00:00 2001
From: Dmitrii Kovalkov <dmitrii@neon.tech>
Date: Tue, 3 Jun 2025 10:55:29 +0200
Subject: [PATCH] Add grpc_auth_type check to pageserver

---
 pageserver/src/bin/pageserver.rs | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/pageserver/src/bin/pageserver.rs b/pageserver/src/bin/pageserver.rs
index fc74cee652..a678c00854 100644
--- a/pageserver/src/bin/pageserver.rs
+++ b/pageserver/src/bin/pageserver.rs
@@ -102,11 +102,10 @@ fn main() -> anyhow::Result<()> {
     let (conf, ignored) = initialize_config(&identity_file_path, &cfg_file_path, &workdir)?;
 
     if !conf.dev_mode {
-        if matches!(conf.http_auth_type, AuthType::Trust)
-            || matches!(conf.pg_auth_type, AuthType::Trust)
+        if [conf.http_auth_type, conf.pg_auth_type, conf.grpc_auth_type].contains(&AuthType::Trust)
         {
             bail!(
-                "Pageserver refuses to start with HTTP or PostgreSQL API authentication disabled.\n\
+                "Pageserver refuses to start with HTTP, PostgreSQL or GRPC API authentication disabled.\n\
                   Set dev_mode = true in pageserver.toml to allow running without authentication.\n\
                   This is insecure and should only be used in development environments."
             );