feat: add debug server for tailnet coordinators

coadler · coadler · commit 3a7ae831c7b2 · 2023-01-25T14:46:02.000-06:00
Resolves: #5845
diff --git a/agent/agent_test.go b/agent/agent_test.go
@@ -1193,7 +1193,7 @@ func (c *client) ListenWorkspaceAgent(_ context.Context) (net.Conn, error) {
 	}
 	c.t.Cleanup(c.lastWorkspaceAgent)
 	go func() {
-		_ = c.coordinator.ServeAgent(serverConn, c.agentID)
+		_ = c.coordinator.ServeAgent(serverConn, c.agentID, "")
 		close(closed)
 	}()
 	return clientConn, nil
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -613,6 +613,27 @@ func New(options *Options) *API {
 				r.Get("/", api.workspaceApplicationAuth)
 			})
 		})
+
+		r.Route("/debug", func(r chi.Router) {
+			r.Use(
+				apiKeyMiddleware,
+				// Ensure only owners can access debug endpoints.
+				func(next http.Handler) http.Handler {
+					return http.HandlerFunc(func(rw http.ResponseWriter, r *http.Request) {
+						if !api.Authorize(r, rbac.ActionRead, rbac.ResourceDebugInfo) {
+							httpapi.ResourceNotFound(rw)
+							return
+						}
+
+						next.ServeHTTP(rw, r)
+					})
+				},
+			)
+
+			r.HandleFunc("/coordinator", func(w http.ResponseWriter, r *http.Request) {
+				(*api.TailnetCoordinator.Load()).ServeHTTPDebug(w, r)
+			})
+		})
 	})
 
 	if options.SwaggerEndpoint {
diff --git a/coderd/coderdtest/authorize.go b/coderd/coderdtest/authorize.go
@@ -272,6 +272,11 @@ func AGPLRoutes(a *AuthTester) (map[string]string, map[string]RouteCheck) {
 			AssertAction: rbac.ActionRead,
 			AssertObject: rbac.ResourceTemplate,
 		},
+
+		"GET:/api/v2/debug/coordinator": {
+			AssertAction: rbac.ActionRead,
+			AssertObject: rbac.ResourceDebugInfo,
+		},
 	}
 
 	// Routes like proxy routes support all HTTP methods. A helper func to expand
diff --git a/coderd/rbac/object.go b/coderd/rbac/object.go
@@ -150,6 +150,11 @@ var (
 	ResourceReplicas = Object{
 		Type: "replicas",
 	}
+
+	// ResourceDebugInfo controls access to the debug routes `/api/v2/debug/*`.
+	ResourceDebugInfo = Object{
+		Type: "debug_info",
+	}
 )
 
 // Object is used to create objects for authz checks when you have none in
diff --git a/coderd/workspaceagents.go b/coderd/workspaceagents.go
@@ -521,6 +521,16 @@ func (api *API) workspaceAgentCoordinate(rw http.ResponseWriter, r *http.Request
 		})
 		return
 	}
+
+	workspace, err := api.Database.GetWorkspaceByID(ctx, build.WorkspaceID)
+	if err != nil {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Internal error fetching workspace.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+
 	// Ensure the resource is still valid!
 	// We only accept agents for resources on the latest build.
 	ensureLatestBuild := func() error {
@@ -618,7 +628,7 @@ func (api *API) workspaceAgentCoordinate(rw http.ResponseWriter, r *http.Request
 	closeChan := make(chan struct{})
 	go func() {
 		defer close(closeChan)
-		err := (*api.TailnetCoordinator.Load()).ServeAgent(wsNetConn, workspaceAgent.ID)
+		err := (*api.TailnetCoordinator.Load()).ServeAgent(wsNetConn, workspaceAgent.ID, fmt.Sprintf("%s-%s", workspace.Name, workspaceAgent.Name))
 		if err != nil {
 			api.Logger.Warn(ctx, "tailnet coordinator agent error", slog.Error(err))
 			_ = conn.Close(websocket.StatusInternalError, err.Error())
diff --git a/coderd/wsconncache/wsconncache_test.go b/coderd/wsconncache/wsconncache_test.go
@@ -207,7 +207,7 @@ func (c *client) ListenWorkspaceAgent(_ context.Context) (net.Conn, error) {
 		<-closed
 	})
 	go func() {
-		_ = c.coordinator.ServeAgent(serverConn, c.agentID)
+		_ = c.coordinator.ServeAgent(serverConn, c.agentID, "")
 		close(closed)
 	}()
 	return clientConn, nil
diff --git a/enterprise/tailnet/coordinator.go b/enterprise/tailnet/coordinator.go
@@ -5,8 +5,10 @@ import (
 	"context"
 	"encoding/json"
 	"errors"
+	"fmt"
 	"io"
 	"net"
+	"net/http"
 	"sync"
 	"time"
 
@@ -174,7 +176,7 @@ func (c *haCoordinator) handleNextClientMessage(id, agent uuid.UUID, decoder *js
 
 // ServeAgent accepts a WebSocket connection to an agent that listens to
 // incoming connections and publishes node updates.
-func (c *haCoordinator) ServeAgent(conn net.Conn, id uuid.UUID) error {
+func (c *haCoordinator) ServeAgent(conn net.Conn, id uuid.UUID, _ string) error {
 	// Tell clients on other instances to send a callmemaybe to us.
 	err := c.publishAgentHello(id)
 	if err != nil {
@@ -573,3 +575,9 @@ func (c *haCoordinator) formatAgentUpdate(id uuid.UUID, node *agpl.Node) ([]byte
 
 	return buf.Bytes(), nil
 }
+
+func (*haCoordinator) ServeHTTPDebug(w http.ResponseWriter, _ *http.Request) {
+	w.Header().Set("Content-Type", "text/html; charset=utf-8")
+	fmt.Fprintf(w, "<h1>coordinator</h1>")
+	fmt.Fprintf(w, "<h2>ha debug coming soon</h2>")
+}
diff --git a/enterprise/tailnet/coordinator_test.go b/enterprise/tailnet/coordinator_test.go
@@ -60,7 +60,7 @@ func TestCoordinatorSingle(t *testing.T) {
 		id := uuid.New()
 		closeChan := make(chan struct{})
 		go func() {
-			err := coordinator.ServeAgent(server, id)
+			err := coordinator.ServeAgent(server, id, "")
 			assert.NoError(t, err)
 			close(closeChan)
 		}()
@@ -91,7 +91,7 @@ func TestCoordinatorSingle(t *testing.T) {
 		agentID := uuid.New()
 		closeAgentChan := make(chan struct{})
 		go func() {
-			err := coordinator.ServeAgent(agentServerWS, agentID)
+			err := coordinator.ServeAgent(agentServerWS, agentID, "")
 			assert.NoError(t, err)
 			close(closeAgentChan)
 		}()
@@ -142,7 +142,7 @@ func TestCoordinatorSingle(t *testing.T) {
 		})
 		closeAgentChan = make(chan struct{})
 		go func() {
-			err := coordinator.ServeAgent(agentServerWS, agentID)
+			err := coordinator.ServeAgent(agentServerWS, agentID, "")
 			assert.NoError(t, err)
 			close(closeAgentChan)
 		}()
@@ -184,7 +184,7 @@ func TestCoordinatorHA(t *testing.T) {
 		agentID := uuid.New()
 		closeAgentChan := make(chan struct{})
 		go func() {
-			err := coordinator1.ServeAgent(agentServerWS, agentID)
+			err := coordinator1.ServeAgent(agentServerWS, agentID, "")
 			assert.NoError(t, err)
 			close(closeAgentChan)
 		}()
@@ -240,7 +240,7 @@ func TestCoordinatorHA(t *testing.T) {
 		})
 		closeAgentChan = make(chan struct{})
 		go func() {
-			err := coordinator1.ServeAgent(agentServerWS, agentID)
+			err := coordinator1.ServeAgent(agentServerWS, agentID, "")
 			assert.NoError(t, err)
 			close(closeAgentChan)
 		}()
diff --git a/tailnet/coordinator.go b/tailnet/coordinator.go
diff --git a/tailnet/coordinator_test.go b/tailnet/coordinator_test.go

Original file line number	Diff line number	Diff line change
`@@ -1193,7 +1193,7 @@ func (c *client) ListenWorkspaceAgent(_ context.Context) (net.Conn, error) {`
`1193`	`1193`	`}`
`1194`	`1194`	`c.t.Cleanup(c.lastWorkspaceAgent)`
`1195`	`1195`	`go func() {`
`1196`		`- _ = c.coordinator.ServeAgent(serverConn, c.agentID)`
	`1196`	`+ _ = c.coordinator.ServeAgent(serverConn, c.agentID, "")`
`1197`	`1197`	`close(closed)`
`1198`	`1198`	`}()`
`1199`	`1199`	`return clientConn, nil`
Original file line number	Diff line number	Diff line change
`@@ -150,6 +150,11 @@ var (`
`150`	`150`	`ResourceReplicas = Object{`
`151`	`151`	`Type: "replicas",`
`152`	`152`	`}`
	`153`	`+`
	`154`	+ // ResourceDebugInfo controls access to the debug routes `/api/v2/debug/*`.
	`155`	`+ ResourceDebugInfo = Object{`
	`156`	`+ Type: "debug_info",`
	`157`	`+ }`
`153`	`158`	`)`
`154`	`159`
`155`	`160`	`// Object is used to create objects for authz checks when you have none in`