[proxy] Introduce cloud::Api for communication with Neon Cloud

* `cloud::legacy` talks to Cloud API V1.
* `cloud::api` defines Cloud API v2.
* `cloud::local` mocks the Cloud API V2 using a local postgres instance.
* It's possible to choose between API versions using the `--api-version` flag.

proxy/src/auth/credentials.rs

@@ -1,7 +1,7 @@
 //! User credentials used in authentication.
 
 use super::AuthError;
-use crate::compute::DatabaseInfo;
+use crate::compute;
 use crate::config::ProxyConfig;
 use crate::error::UserFacingError;
 use crate::stream::PqStream;
@@ -18,12 +18,20 @@ pub enum ClientCredsParseError {
 impl UserFacingError for ClientCredsParseError {}
 
 /// Various client credentials which we use for authentication.
-#[derive(Debug, PartialEq, Eq)]
+/// Note that we don't store any kind of client key or password here.
+#[derive(Debug, Clone, PartialEq, Eq)]
 pub struct ClientCredentials {
     pub user: String,
     pub dbname: String,
 }
 
+impl ClientCredentials {
+    pub fn is_existing_user(&self) -> bool {
+        // This logic will likely change in the future.
+        self.user.ends_with("@zenith")
+    }
+}
+
 impl TryFrom<HashMap<String, String>> for ClientCredentials {
     type Error = ClientCredsParseError;
 
@@ -47,20 +55,8 @@ impl ClientCredentials {
         self,
         config: &ProxyConfig,
         client: &mut PqStream<impl AsyncRead + AsyncWrite + Unpin>,
-    ) -> Result<DatabaseInfo, AuthError> {
-        use crate::config::ClientAuthMethod::*;
-        use crate::config::RouterConfig::*;
-        match &config.router_config {
-            Static { host, port } => super::handle_static(host.clone(), *port, client, self).await,
-            Dynamic(Mixed) => {
-                if self.user.ends_with("@zenith") {
-                    super::handle_existing_user(config, client, self).await
-                } else {
-                    super::handle_new_user(config, client).await
-                }
-            }
-            Dynamic(Password) => super::handle_existing_user(config, client, self).await,
-            Dynamic(Link) => super::handle_new_user(config, client).await,
-        }
+    ) -> Result<compute::NodeInfo, AuthError> {
+        // This method is just a convenient facade for `handle_user`
+        super::handle_user(config, client, self).await
     }
 }

proxy/src/auth/flow.rs

@@ -27,19 +27,6 @@ impl AuthMethod for Scram<'_> {
     }
 }
 
-/// Use password-based auth in [`AuthFlow`].
-pub struct Md5(
-    /// Salt for client.
-    pub [u8; 4],
-);
-
-impl AuthMethod for Md5 {
-    #[inline(always)]
-    fn first_message(&self) -> BeMessage<'_> {
-        Be::AuthenticationMD5Password(self.0)
-    }
-}
-
 /// This wrapper for [`PqStream`] performs client authentication.
 #[must_use]
 pub struct AuthFlow<'a, Stream, State> {
@@ -70,19 +57,10 @@ impl<'a, S: AsyncWrite + Unpin> AuthFlow<'a, S, Begin> {
     }
 }
 
-/// Stream wrapper for handling simple MD5 password auth.
-impl<S: AsyncRead + AsyncWrite + Unpin> AuthFlow<'_, S, Md5> {
-    /// Perform user authentication. Raise an error in case authentication failed.
-    #[allow(unused)]
-    pub async fn authenticate(self) -> Result<(), AuthError> {
-        unimplemented!("MD5 auth flow is yet to be implemented");
-    }
-}
-
 /// Stream wrapper for handling [SCRAM](crate::scram) auth.
 impl<S: AsyncRead + AsyncWrite + Unpin> AuthFlow<'_, S, Scram<'_>> {
     /// Perform user authentication. Raise an error in case authentication failed.
-    pub async fn authenticate(self) -> Result<(), AuthError> {
+    pub async fn authenticate(self) -> Result<scram::ScramKey, AuthError> {
         // Initial client message contains the chosen auth method's name.
         let msg = self.stream.read_password_message().await?;
         let sasl = sasl::FirstMessage::parse(&msg).ok_or(AuthErrorImpl::MalformedPassword)?;
@@ -93,10 +71,10 @@ impl<S: AsyncRead + AsyncWrite + Unpin> AuthFlow<'_, S, Scram<'_>> {
         }
 
         let secret = self.state.0;
-        sasl::SaslStream::new(self.stream, sasl.message)
+        let key = sasl::SaslStream::new(self.stream, sasl.message)
             .authenticate(scram::Exchange::new(secret, rand::random, None))
             .await?;
 
-        Ok(())
+        Ok(key)
     }
 }