feat: check agent API version on connection

spikecurtis · spikecurtis · commit 5fa6879866e9 · 2024-01-22T16:46:14.000+04:00
diff --git a/Makefile b/Makefile
@@ -507,7 +507,7 @@ gen/mark-fresh:
 		examples/examples.gen.json \
 		tailnet/tailnettest/coordinatormock.go \
 		tailnet/tailnettest/coordinateemock.go \
-		tailnet/tailnettest/multiagentmockmock.go \
+		tailnet/tailnettest/multiagentmock.go \
 	"
 	for file in $$files; do
 		echo "$$file"
diff --git a/agent/proto/version.go b/agent/proto/version.go
@@ -0,0 +1,10 @@
+package proto
+
+import (
+	"github.com/coder/coder/v2/tailnet/proto"
+)
+
+// CurrentVersion is the current version of the agent API.  It is tied to the
+// tailnet API version to avoid confusion, since agents connect to the tailnet
+// API over the same websocket.
+var CurrentVersion = proto.CurrentVersion
diff --git a/coderd/workspaceagents.go b/coderd/workspaceagents.go
@@ -43,6 +43,7 @@ import (
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/codersdk/agentsdk"
 	"github.com/coder/coder/v2/tailnet"
+	"github.com/coder/coder/v2/tailnet/proto"
 )
 
 // @Summary Get workspace agent by ID
@@ -1162,7 +1163,7 @@ func (api *API) workspaceAgentClientCoordinate(rw http.ResponseWriter, r *http.R
 	if qv != "" {
 		version = qv
 	}
-	if err := tailnet.CurrentVersion.Validate(version); err != nil {
+	if err := proto.CurrentVersion.Validate(version); err != nil {
 		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
 			Message: "Unknown or unsupported API version",
 			Validations: []codersdk.ValidationError{
diff --git a/coderd/workspaceagentsrpc.go b/coderd/workspaceagentsrpc.go
@@ -16,6 +16,7 @@ import (
 	"nhooyr.io/websocket"
 
 	"cdr.dev/slog"
+	"github.com/coder/coder/v2/agent/proto"
 	"github.com/coder/coder/v2/coderd/agentapi"
 	"github.com/coder/coder/v2/coderd/database"
 	"github.com/coder/coder/v2/coderd/database/dbauthz"
@@ -37,6 +38,23 @@ import (
 func (api *API) workspaceAgentRPC(rw http.ResponseWriter, r *http.Request) {
 	ctx := r.Context()
 
+	version := r.URL.Query().Get("version")
+	if version == "" {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Missing required query parameter: version",
+		})
+		return
+	}
+	if err := proto.CurrentVersion.Validate(version); err != nil {
+		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Unknown or unsupported API version",
+			Validations: []codersdk.ValidationError{
+				{Field: "version", Detail: err.Error()},
+			},
+		})
+		return
+	}
+
 	api.WebsocketWaitMutex.Lock()
 	api.WebsocketWaitGroup.Add(1)
 	api.WebsocketWaitMutex.Unlock()
diff --git a/codersdk/agentsdk/agentsdk.go b/codersdk/agentsdk/agentsdk.go
@@ -21,6 +21,7 @@ import (
 	"tailscale.com/tailcfg"
 
 	"cdr.dev/slog"
+	"github.com/coder/coder/v2/agent/proto"
 	"github.com/coder/coder/v2/codersdk"
 	drpcsdk "github.com/coder/coder/v2/codersdk/drpc"
 	"github.com/coder/retry"
@@ -281,18 +282,22 @@ func (c *Client) DERPMapUpdates(ctx context.Context) (<-chan DERPMapUpdate, io.C
 	}, nil
 }
 
-// Listen connects to the workspace agent coordinate WebSocket
+// Listen connects to the workspace agent API WebSocket
 // that handles connection negotiation.
 func (c *Client) Listen(ctx context.Context) (drpc.Conn, error) {
-	coordinateURL, err := c.SDK.URL.Parse("/api/v2/workspaceagents/me/rpc")
+	rpcURL, err := c.SDK.URL.Parse("/api/v2/workspaceagents/me/rpc")
 	if err != nil {
 		return nil, xerrors.Errorf("parse url: %w", err)
 	}
+	q := rpcURL.Query()
+	q.Add("version", proto.CurrentVersion.String())
+	rpcURL.RawQuery = q.Encode()
+
 	jar, err := cookiejar.New(nil)
 	if err != nil {
 		return nil, xerrors.Errorf("create cookie jar: %w", err)
 	}
-	jar.SetCookies(coordinateURL, []*http.Cookie{{
+	jar.SetCookies(rpcURL, []*http.Cookie{{
 		Name:  codersdk.SessionTokenCookie,
 		Value: c.SDK.SessionToken(),
 	}})
@@ -301,7 +306,7 @@ func (c *Client) Listen(ctx context.Context) (drpc.Conn, error) {
 		Transport: c.SDK.HTTPClient.Transport,
 	}
 	// nolint:bodyclose
-	conn, res, err := websocket.Dial(ctx, coordinateURL.String(), &websocket.DialOptions{
+	conn, res, err := websocket.Dial(ctx, rpcURL.String(), &websocket.DialOptions{
 		HTTPClient: httpClient,
 	})
 	if err != nil {
diff --git a/codersdk/workspaceagents.go b/codersdk/workspaceagents.go
@@ -22,6 +22,7 @@ import (
 	"cdr.dev/slog"
 	"github.com/coder/coder/v2/coderd/tracing"
 	"github.com/coder/coder/v2/tailnet"
+	"github.com/coder/coder/v2/tailnet/proto"
 	"github.com/coder/retry"
 )
 
@@ -314,7 +315,7 @@ func (c *Client) DialWorkspaceAgent(dialCtx context.Context, agentID uuid.UUID,
 		return nil, xerrors.Errorf("parse url: %w", err)
 	}
 	q := coordinateURL.Query()
-	q.Add("version", tailnet.CurrentVersion.String())
+	q.Add("version", proto.CurrentVersion.String())
 	coordinateURL.RawQuery = q.Encode()
 	closedCoordinator := make(chan struct{})
 	// Must only ever be used once, send error OR close to avoid
diff --git a/enterprise/coderd/workspaceproxycoordinate.go b/enterprise/coderd/workspaceproxycoordinate.go
@@ -11,7 +11,7 @@ import (
 	"github.com/coder/coder/v2/coderd/util/apiversion"
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/enterprise/wsproxy/wsproxysdk"
-	agpl "github.com/coder/coder/v2/tailnet"
+	"github.com/coder/coder/v2/tailnet/proto"
 )
 
 // @Summary Agent is legacy
@@ -59,7 +59,7 @@ func (api *API) workspaceProxyCoordinate(rw http.ResponseWriter, r *http.Request
 	if qv != "" {
 		version = qv
 	}
-	if err := agpl.CurrentVersion.Validate(version); err != nil {
+	if err := proto.CurrentVersion.Validate(version); err != nil {
 		httpapi.Write(ctx, rw, http.StatusBadRequest, codersdk.Response{
 			Message: "Unknown or unsupported API version",
 			Validations: []codersdk.ValidationError{
diff --git a/enterprise/wsproxy/wsproxysdk/wsproxysdk.go b/enterprise/wsproxy/wsproxysdk/wsproxysdk.go
@@ -439,7 +439,7 @@ func (c *Client) DialCoordinator(ctx context.Context) (agpl.MultiAgentConn, erro
 		return nil, xerrors.Errorf("parse url: %w", err)
 	}
 	q := coordinateURL.Query()
-	q.Add("version", agpl.CurrentVersion.String())
+	q.Add("version", proto.CurrentVersion.String())
 	coordinateURL.RawQuery = q.Encode()
 	coordinateHeaders := make(http.Header)
 	tokenHeader := codersdk.SessionTokenHeader
diff --git a/enterprise/wsproxy/wsproxysdk/wsproxysdk_test.go b/enterprise/wsproxy/wsproxysdk/wsproxysdk_test.go
@@ -194,7 +194,7 @@ func TestDialCoordinator(t *testing.T) {
 				return
 			}
 			version := r.URL.Query().Get("version")
-			if !assert.Equal(t, version, agpl.CurrentVersion.String()) {
+			if !assert.Equal(t, version, proto.CurrentVersion.String()) {
 				return
 			}
 			nc := websocket.NetConn(r.Context(), conn, websocket.MessageBinary)
diff --git a/tailnet/coordinator_test.go b/tailnet/coordinator_test.go
@@ -460,7 +460,7 @@ func TestRemoteCoordination(t *testing.T) {
 
 	serveErr := make(chan error, 1)
 	go func() {
-		err := svc.ServeClient(ctx, tailnet.CurrentVersion.String(), sC, clientID, agentID)
+		err := svc.ServeClient(ctx, proto.CurrentVersion.String(), sC, clientID, agentID)
 		serveErr <- err
 	}()
 
diff --git a/tailnet/proto/version.go b/tailnet/proto/version.go
@@ -0,0 +1,12 @@
+package proto
+
+import (
+	"github.com/coder/coder/v2/coderd/util/apiversion"
+)
+
+const (
+	CurrentMajor = 2
+	CurrentMinor = 0
+)
+
+var CurrentVersion = apiversion.New(CurrentMajor, CurrentMinor).WithBackwardCompat(1)
diff --git a/tailnet/service.go b/tailnet/service.go
@@ -20,13 +20,6 @@ import (
 	"golang.org/x/xerrors"
 )
 
-const (
-	CurrentMajor = 2
-	CurrentMinor = 0
-)
-
-var CurrentVersion = apiversion.New(CurrentMajor, CurrentMinor).WithBackwardCompat(1)
-
 type streamIDContextKey struct{}
 
 // StreamID identifies the caller of the CoordinateTailnet RPC.  We store this

Original file line number	Diff line number	Diff line change
`@@ -507,7 +507,7 @@ gen/mark-fresh:`
`507`	`507`	`examples/examples.gen.json \`
`508`	`508`	`tailnet/tailnettest/coordinatormock.go \`
`509`	`509`	`tailnet/tailnettest/coordinateemock.go \`
`510`		`- tailnet/tailnettest/multiagentmockmock.go \`
	`510`	`+ tailnet/tailnettest/multiagentmock.go \`
`511`	`511`	`"`
`512`	`512`	`for file in $$files; do`
`513`	`513`	`echo "$$file"`
Original file line number	Diff line number	Diff line change
`@@ -439,7 +439,7 @@ func (c *Client) DialCoordinator(ctx context.Context) (agpl.MultiAgentConn, erro`
`439`	`439`	`return nil, xerrors.Errorf("parse url: %w", err)`
`440`	`440`	`}`
`441`	`441`	`q := coordinateURL.Query()`
`442`		`- q.Add("version", agpl.CurrentVersion.String())`
	`442`	`+ q.Add("version", proto.CurrentVersion.String())`
`443`	`443`	`coordinateURL.RawQuery = q.Encode()`
`444`	`444`	`coordinateHeaders := make(http.Header)`
`445`	`445`	`tokenHeader := codersdk.SessionTokenHeader`
Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,7 @@ func TestDialCoordinator(t *testing.T) {`
`194`	`194`	`return`
`195`	`195`	`}`
`196`	`196`	`version := r.URL.Query().Get("version")`
`197`		`- if !assert.Equal(t, version, agpl.CurrentVersion.String()) {`
	`197`	`+ if !assert.Equal(t, version, proto.CurrentVersion.String()) {`
`198`	`198`	`return`
`199`	`199`	`}`
`200`	`200`	`nc := websocket.NetConn(r.Context(), conn, websocket.MessageBinary)`