Add warnings for HA

kylecarbs · kylecarbs · commit 186a5e2623d3 · 2022-10-13T20:27:32.000Z
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -19,6 +19,7 @@
     "derphttp",
     "derpmap",
     "devel",
+    "dflags",
     "drpc",
     "drpcconn",
     "drpcmux",
@@ -88,6 +89,7 @@
     "replicasync",
     "retrier",
     "rpty",
+    "SCIM",
     "sdkproto",
     "sdktrace",
     "Signup",
diff --git a/cli/deployment/flags.go b/cli/deployment/flags.go
@@ -130,14 +130,6 @@ func Flags() *codersdk.DeploymentFlags {
 			Description: "The bind address to serve pprof.",
 			Default:     "127.0.0.1:6060",
 		},
-		HighAvailability: &codersdk.BoolFlag{
-			Name:        "High Availability",
-			Flag:        "high-availability",
-			EnvVar:      "CODER_HIGH_AVAILABILITY",
-			Description: "Specifies whether high availability is enabled.",
-			Default:     true,
-			Enterprise:  true,
-		},
 		CacheDir: &codersdk.StringFlag{
 			Name:        "Cache Directory",
 			Flag:        "cache-dir",
diff --git a/codersdk/deployment.go b/codersdk/deployment.go
@@ -0,0 +1,26 @@
+package codersdk
+
+import (
+	"time"
+
+	"github.com/google/uuid"
+)
+
+type DeploymentInfo struct {
+	Replicas []Replica `json:"replicas"`
+}
+
+type Replica struct {
+	// ID is the unique identifier for the replica.
+	ID uuid.UUID `json:"id"`
+	// Hostname is the hostname of the replica.
+	Hostname string `json:"hostname"`
+	// CreatedAt is when the replica was first seen.
+	CreatedAt time.Time `json:"created_at"`
+	// Active determines whether the replica is online.
+	Active bool `json:"active"`
+	// RelayAddress is the accessible address to relay DERP connections.
+	RelayAddress string `json:"relay_address"`
+	// Error is the error.
+	Error string `json:"error"`
+}
diff --git a/codersdk/flags.go b/codersdk/flags.go
@@ -60,7 +60,6 @@ type DeploymentFlags struct {
 	Verbose                          *BoolFlag        `json:"verbose" typescript:",notnull"`
 	AuditLogging                     *BoolFlag        `json:"audit_logging" typescript:",notnull"`
 	BrowserOnly                      *BoolFlag        `json:"browser_only" typescript:",notnull"`
-	HighAvailability                 *BoolFlag        `json:"high_availability" typescript:",notnull"`
 	SCIMAuthHeader                   *StringFlag      `json:"scim_auth_header" typescript:",notnull"`
 	UserWorkspaceQuota               *IntFlag         `json:"user_workspace_quota" typescript:",notnull"`
 }
diff --git a/enterprise/cli/server.go b/enterprise/cli/server.go
@@ -2,9 +2,11 @@ package cli
 
 import (
 	"context"
+	"net/url"
 
 	"github.com/google/uuid"
 	"github.com/spf13/cobra"
+	"golang.org/x/xerrors"
 
 	"cdr.dev/slog"
 
@@ -20,22 +22,35 @@ func server() *cobra.Command {
 	dflags := deployment.Flags()
 	cmd := agpl.Server(dflags, func(ctx context.Context, cfg config.Root, options *agplcoderd.Options) (*agplcoderd.API, error) {
 		replicaIDRaw, err := cfg.ReplicaID().Read()
+		generatedReplicaID := false
 		if err != nil {
 			replicaIDRaw = uuid.NewString()
+			generatedReplicaID = true
 		}
 		replicaID, err := uuid.Parse(replicaIDRaw)
 		if err != nil {
 			options.Logger.Warn(ctx, "failed to parse replica id", slog.Error(err), slog.F("replica_id", replicaIDRaw))
 			replicaID = uuid.New()
+			generatedReplicaID = true
+		}
+		if generatedReplicaID {
+			// Make sure we save it to be reused later!
+			_ = cfg.ReplicaID().Write(replicaID.String())
+		}
+
+		if dflags.DerpServerRelayAddress.Value != "" {
+			_, err := url.Parse(dflags.DerpServerRelayAddress.Value)
+			if err != nil {
+				return nil, xerrors.Errorf("derp-server-relay-address must be a valid HTTP URL: %w", err)
+			}
 		}
-		o := &coderd.Options{
-			AuditLogging:       dflags.AuditLogging.Value,
-			BrowserOnly:        dflags.BrowserOnly.Value,
-			SCIMAPIKey:         []byte(dflags.SCIMAuthHeader.Value),
-			UserWorkspaceQuota: dflags.UserWorkspaceQuota.Value,
-			RBAC:               true,
-			HighAvailability:   dflags.HighAvailability.Value,
 
+		o := &coderd.Options{
+			AuditLogging:           dflags.AuditLogging.Value,
+			BrowserOnly:            dflags.BrowserOnly.Value,
+			SCIMAPIKey:             []byte(dflags.SCIMAuthHeader.Value),
+			UserWorkspaceQuota:     dflags.UserWorkspaceQuota.Value,
+			RBAC:                   true,
 			ReplicaID:              replicaID,
 			DERPServerRelayAddress: dflags.DerpServerRelayAddress.Value,
 			DERPServerRegionID:     dflags.DerpServerRegionID.Value,
@@ -50,6 +65,5 @@ func server() *cobra.Command {
 	})
 
 	deployment.AttachFlags(cmd.Flags(), dflags, true)
-
 	return cmd
 }
diff --git a/enterprise/coderd/coderd.go b/enterprise/coderd/coderd.go
@@ -146,7 +146,6 @@ type Options struct {
 	BrowserOnly        bool
 	SCIMAPIKey         []byte
 	UserWorkspaceQuota int
-	HighAvailability   bool
 
 	// Used for high availability.
 	DERPServerRelayAddress string
@@ -182,12 +181,12 @@ func (api *API) updateEntitlements(ctx context.Context) error {
 	api.entitlementsMu.Lock()
 	defer api.entitlementsMu.Unlock()
 
-	entitlements, err := license.Entitlements(ctx, api.Database, api.Logger, api.Keys, map[string]bool{
+	entitlements, err := license.Entitlements(ctx, api.Database, api.Logger, len(api.replicaManager.All()), api.Keys, map[string]bool{
 		codersdk.FeatureAuditLog:         api.AuditLogging,
 		codersdk.FeatureBrowserOnly:      api.BrowserOnly,
 		codersdk.FeatureSCIM:             len(api.SCIMAPIKey) != 0,
 		codersdk.FeatureWorkspaceQuota:   api.UserWorkspaceQuota != 0,
-		codersdk.FeatureHighAvailability: api.HighAvailability,
+		codersdk.FeatureHighAvailability: api.DERPServerRelayAddress != "",
 		codersdk.FeatureTemplateRBAC:     api.RBAC,
 	})
 	if err != nil {
diff --git a/enterprise/coderd/coderdenttest/coderdenttest.go b/enterprise/coderd/coderdenttest/coderdenttest.go
@@ -63,14 +63,12 @@ func NewWithAPI(t *testing.T, options *Options) (*codersdk.Client, io.Closer, *c
 	}
 	srv, cancelFunc, oop := coderdtest.NewOptions(t, options.Options)
 	coderAPI, err := coderd.New(context.Background(), &coderd.Options{
-		RBAC:         true,
-		AuditLogging: options.AuditLogging,
-		BrowserOnly:  options.BrowserOnly,
-		SCIMAPIKey:   options.SCIMAPIKey,
-		// TODO: Kyle change this before merge!
-		DERPServerRelayAddress:     oop.AccessURL.String() + "/derp",
+		RBAC:                       true,
+		AuditLogging:               options.AuditLogging,
+		BrowserOnly:                options.BrowserOnly,
+		SCIMAPIKey:                 options.SCIMAPIKey,
+		DERPServerRelayAddress:     oop.AccessURL.String(),
 		DERPServerRegionID:         1,
-		HighAvailability:           true,
 		ReplicaID:                  uuid.New(),
 		UserWorkspaceQuota:         options.UserWorkspaceQuota,
 		Options:                    oop,
diff --git a/enterprise/coderd/license/license.go b/enterprise/coderd/license/license.go
@@ -21,6 +21,7 @@ func Entitlements(
 	ctx context.Context,
 	db database.Store,
 	logger slog.Logger,
+	replicaCount int,
 	keys map[string]ed25519.PublicKey,
 	enablements map[string]bool,
 ) (codersdk.Entitlements, error) {
@@ -144,6 +145,10 @@ func Entitlements(
 			if featureName == codersdk.FeatureUserLimit {
 				continue
 			}
+			// High availability has it's own warnings based on replica count!
+			if featureName == codersdk.FeatureHighAvailability {
+				continue
+			}
 			feature := entitlements.Features[featureName]
 			if !feature.Enabled {
 				continue
@@ -161,6 +166,24 @@ func Entitlements(
 		}
 	}
 
+	if replicaCount > 1 {
+		feature := entitlements.Features[codersdk.FeatureHighAvailability]
+
+		switch feature.Entitlement {
+		case codersdk.EntitlementNotEntitled:
+			if entitlements.HasLicense {
+				entitlements.Warnings = append(entitlements.Warnings,
+					"You have multiple replicas but your license is not entitled to high availability.")
+			} else {
+				entitlements.Warnings = append(entitlements.Warnings,
+					"You have multiple replicas but high availability is an Enterprise feature. Contact sales to get a license.")
+			}
+		case codersdk.EntitlementGracePeriod:
+			entitlements.Warnings = append(entitlements.Warnings,
+				"You have multiple replicas but your license for high availability is expired.")
+		}
+	}
+
 	for _, featureName := range codersdk.FeatureNames {
 		feature := entitlements.Features[featureName]
 		if feature.Entitlement == codersdk.EntitlementNotEntitled {
diff --git a/enterprise/coderd/license/license_test.go b/enterprise/coderd/license/license_test.go
@@ -31,7 +31,7 @@ func TestEntitlements(t *testing.T) {
 	t.Run("Defaults", func(t *testing.T) {
 		t.Parallel()
 		db := databasefake.New()
-		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, coderdenttest.Keys, all)
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, all)
 		require.NoError(t, err)
 		require.False(t, entitlements.HasLicense)
 		require.False(t, entitlements.Trial)
@@ -47,7 +47,7 @@ func TestEntitlements(t *testing.T) {
 			JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{}),
 			Exp: time.Now().Add(time.Hour),
 		})
-		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, coderdenttest.Keys, map[string]bool{})
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, map[string]bool{})
 		require.NoError(t, err)
 		require.True(t, entitlements.HasLicense)
 		require.False(t, entitlements.Trial)
@@ -71,7 +71,7 @@ func TestEntitlements(t *testing.T) {
 			}),
 			Exp: time.Now().Add(time.Hour),
 		})
-		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, coderdenttest.Keys, map[string]bool{})
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, map[string]bool{})
 		require.NoError(t, err)
 		require.True(t, entitlements.HasLicense)
 		require.False(t, entitlements.Trial)
@@ -96,14 +96,17 @@ func TestEntitlements(t *testing.T) {
 			}),
 			Exp: time.Now().Add(time.Hour),
 		})
-		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, coderdenttest.Keys, all)
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, all)
 		require.NoError(t, err)
 		require.True(t, entitlements.HasLicense)
 		require.False(t, entitlements.Trial)
 		for _, featureName := range codersdk.FeatureNames {
 			if featureName == codersdk.FeatureUserLimit {
 				continue
 			}
+			if featureName == codersdk.FeatureHighAvailability {
+				continue
+			}
 			niceName := strings.Title(strings.ReplaceAll(featureName, "_", " "))
 			require.Equal(t, codersdk.EntitlementGracePeriod, entitlements.Features[featureName].Entitlement)
 			require.Contains(t, entitlements.Warnings, fmt.Sprintf("%s is enabled but your license for this feature is expired.", niceName))
@@ -116,14 +119,17 @@ func TestEntitlements(t *testing.T) {
 			JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{}),
 			Exp: time.Now().Add(time.Hour),
 		})
-		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, coderdenttest.Keys, all)
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, all)
 		require.NoError(t, err)
 		require.True(t, entitlements.HasLicense)
 		require.False(t, entitlements.Trial)
 		for _, featureName := range codersdk.FeatureNames {
 			if featureName == codersdk.FeatureUserLimit {
 				continue
 			}
+			if featureName == codersdk.FeatureHighAvailability {
+				continue
+			}
 			niceName := strings.Title(strings.ReplaceAll(featureName, "_", " "))
 			// Ensures features that are not entitled are properly disabled.
 			require.False(t, entitlements.Features[featureName].Enabled)
@@ -142,7 +148,7 @@ func TestEntitlements(t *testing.T) {
 			}),
 			Exp: time.Now().Add(time.Hour),
 		})
-		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, coderdenttest.Keys, map[string]bool{})
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, map[string]bool{})
 		require.NoError(t, err)
 		require.True(t, entitlements.HasLicense)
 		require.Contains(t, entitlements.Warnings, "Your deployment has 2 active users but is only licensed for 1.")
@@ -164,7 +170,7 @@ func TestEntitlements(t *testing.T) {
 			}),
 			Exp: time.Now().Add(time.Hour),
 		})
-		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, coderdenttest.Keys, map[string]bool{})
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, map[string]bool{})
 		require.NoError(t, err)
 		require.True(t, entitlements.HasLicense)
 		require.Empty(t, entitlements.Warnings)
@@ -187,7 +193,7 @@ func TestEntitlements(t *testing.T) {
 			}),
 		})
 
-		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, coderdenttest.Keys, map[string]bool{})
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, map[string]bool{})
 		require.NoError(t, err)
 		require.True(t, entitlements.HasLicense)
 		require.False(t, entitlements.Trial)
@@ -202,7 +208,7 @@ func TestEntitlements(t *testing.T) {
 				AllFeatures: true,
 			}),
 		})
-		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, coderdenttest.Keys, all)
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, all)
 		require.NoError(t, err)
 		require.True(t, entitlements.HasLicense)
 		require.False(t, entitlements.Trial)
@@ -214,4 +220,52 @@ func TestEntitlements(t *testing.T) {
 			require.Equal(t, codersdk.EntitlementEntitled, entitlements.Features[featureName].Entitlement)
 		}
 	})
+
+	t.Run("MultipleReplicasNoLicense", func(t *testing.T) {
+		t.Parallel()
+		db := databasefake.New()
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 2, coderdenttest.Keys, all)
+		require.NoError(t, err)
+		require.False(t, entitlements.HasLicense)
+		require.Len(t, entitlements.Warnings, 1)
+		require.Equal(t, "You have multiple replicas but high availability is an Enterprise feature. Contact sales to get a license.", entitlements.Warnings[0])
+	})
+
+	t.Run("MultipleReplicasNotEntitled", func(t *testing.T) {
+		t.Parallel()
+		db := databasefake.New()
+		db.InsertLicense(context.Background(), database.InsertLicenseParams{
+			Exp: time.Now().Add(time.Hour),
+			JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
+				AuditLog: true,
+			}),
+		})
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 2, coderdenttest.Keys, map[string]bool{
+			codersdk.FeatureHighAvailability: true,
+		})
+		require.NoError(t, err)
+		require.True(t, entitlements.HasLicense)
+		require.Len(t, entitlements.Warnings, 1)
+		require.Equal(t, "You have multiple replicas but your license is not entitled to high availability.", entitlements.Warnings[0])
+	})
+
+	t.Run("MultipleReplicasGrace", func(t *testing.T) {
+		t.Parallel()
+		db := databasefake.New()
+		db.InsertLicense(context.Background(), database.InsertLicenseParams{
+			JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
+				HighAvailability: true,
+				GraceAt:          time.Now().Add(-time.Hour),
+				ExpiresAt:        time.Now().Add(time.Hour),
+			}),
+			Exp: time.Now().Add(time.Hour),
+		})
+		entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 2, coderdenttest.Keys, map[string]bool{
+			codersdk.FeatureHighAvailability: true,
+		})
+		require.NoError(t, err)
+		require.True(t, entitlements.HasLicense)
+		require.Len(t, entitlements.Warnings, 1)
+		require.Equal(t, "You have multiple replicas but your license for high availability is expired.", entitlements.Warnings[0])
+	})
 }
diff --git a/enterprise/derpmesh/derpmesh.go b/enterprise/derpmesh/derpmesh.go
@@ -2,6 +2,7 @@ package derpmesh
 
 import (
 	"context"
+	"net/url"
 	"sync"
 
 	"golang.org/x/xerrors"
@@ -40,6 +41,18 @@ type Mesh struct {
 func (m *Mesh) SetAddresses(addresses []string) {
 	total := make(map[string]struct{}, 0)
 	for _, address := range addresses {
+		addressURL, err := url.Parse(address)
+		if err != nil {
+			m.logger.Error(m.ctx, "invalid address", slog.F("address", err), slog.Error(err))
+			continue
+		}
+		derpURL, err := addressURL.Parse("/derp")
+		if err != nil {
+			m.logger.Error(m.ctx, "parse derp", slog.F("address", err), slog.Error(err))
+			continue
+		}
+		address = derpURL.String()
+
 		total[address] = struct{}{}
 		added, err := m.addAddress(address)
 		if err != nil {

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,6 @@ type DeploymentFlags struct {`
`60`	`60`	Verbose *BoolFlag `json:"verbose" typescript:",notnull"`
`61`	`61`	AuditLogging *BoolFlag `json:"audit_logging" typescript:",notnull"`
`62`	`62`	BrowserOnly *BoolFlag `json:"browser_only" typescript:",notnull"`
`63`		- HighAvailability *BoolFlag `json:"high_availability" typescript:",notnull"`
`64`	`63`	SCIMAuthHeader *StringFlag `json:"scim_auth_header" typescript:",notnull"`
`65`	`64`	UserWorkspaceQuota *IntFlag `json:"user_workspace_quota" typescript:",notnull"`
`66`	`65`	`}`