tests

ethanndickson · ethanndickson · commit 79f824cdd0d0 · 2024-11-22T05:27:30.000Z
diff --git a/cli/vpndaemon_windows.go b/cli/vpndaemon_windows.go
@@ -60,7 +60,7 @@ func (r *RootCmd) vpnDaemonRun() *serpent.Command {
 			defer pipe.Close()
 
 			logger.Info(ctx, "starting tunnel")
-			tunnel, err := vpn.NewTunnel(ctx, logger, pipe)
+			tunnel, err := vpn.NewTunnel(ctx, logger, pipe, vpn.NewClient())
 			if err != nil {
 				return xerrors.Errorf("create new tunnel for client: %w", err)
 			}
diff --git a/vpn/client.go b/vpn/client.go
@@ -11,6 +11,8 @@ import (
 	"tailscale.com/net/dns"
 	"tailscale.com/wgengine/router"
 
+	"github.com/tailscale/wireguard-go/tun"
+
 	"cdr.dev/slog"
 	"github.com/coder/coder/v2/codersdk"
 	"github.com/coder/coder/v2/codersdk/workspacesdk"
@@ -57,7 +59,7 @@ type Options struct {
 	Logger            slog.Logger
 	DNSConfigurator   dns.OSConfigurator
 	Router            router.Router
-	TUNFileDescriptor int
+	TUNFileDescriptor *int
 	UpdateHandler     tailnet.UpdatesHandler
 }
 
@@ -66,10 +68,17 @@ func (*client) NewConn(initCtx context.Context, serverURL *url.URL, token string
 		options = &Options{}
 	}
 
-	// No-op on non-Darwin platforms.
-	dev, err := makeTUN(options.TUNFileDescriptor)
-	if err != nil {
-		return nil, xerrors.Errorf("make TUN: %w", err)
+	if options.Headers == nil {
+		options.Headers = http.Header{}
+	}
+
+	var dev tun.Device
+	if options.TUNFileDescriptor != nil {
+		// No-op on non-Darwin platforms.
+		dev, err = makeTUN(*options.TUNFileDescriptor)
+		if err != nil {
+			return nil, xerrors.Errorf("make TUN: %w", err)
+		}
 	}
 
 	headers := options.Headers
diff --git a/vpn/client_internal_test.go b/vpn/client_internal_test.go
diff --git a/vpn/client_test.go b/vpn/client_test.go
@@ -0,0 +1,184 @@
+package vpn_test
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"net/url"
+	"sync/atomic"
+	"testing"
+	"time"
+
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+	"go.uber.org/mock/gomock"
+	"nhooyr.io/websocket"
+	"tailscale.com/net/dns"
+	"tailscale.com/tailcfg"
+
+	"github.com/coder/coder/v2/coderd/httpapi"
+	"github.com/coder/coder/v2/codersdk"
+	"github.com/coder/coder/v2/codersdk/workspacesdk"
+	"github.com/coder/coder/v2/tailnet"
+	"github.com/coder/coder/v2/tailnet/proto"
+	"github.com/coder/coder/v2/tailnet/tailnettest"
+	"github.com/coder/coder/v2/testutil"
+	"github.com/coder/coder/v2/vpn"
+)
+
+func TestClient_WorkspaceUpdates(t *testing.T) {
+	t.Parallel()
+
+	ctx := testutil.Context(t, testutil.WaitShort)
+	logger := testutil.Logger(t)
+
+	userID := uuid.UUID{1}
+	wsID := uuid.UUID{2}
+	peerID := uuid.UUID{3}
+
+	fCoord := tailnettest.NewFakeCoordinator()
+	var coord tailnet.Coordinator = fCoord
+	coordPtr := atomic.Pointer[tailnet.Coordinator]{}
+	coordPtr.Store(&coord)
+	ctrl := gomock.NewController(t)
+	mProvider := tailnettest.NewMockWorkspaceUpdatesProvider(ctrl)
+
+	mSub := tailnettest.NewMockSubscription(ctrl)
+	outUpdateCh := make(chan *proto.WorkspaceUpdate, 1)
+	inUpdateCh := make(chan *proto.WorkspaceUpdate, 1)
+	mProvider.EXPECT().Subscribe(gomock.Any(), userID).Times(1).Return(mSub, nil)
+	mSub.EXPECT().Updates().MinTimes(1).Return(outUpdateCh)
+	mSub.EXPECT().Close().Times(1).Return(nil)
+
+	svc, err := tailnet.NewClientService(tailnet.ClientServiceOptions{
+		Logger:                   logger,
+		CoordPtr:                 &coordPtr,
+		DERPMapUpdateFrequency:   time.Hour,
+		DERPMapFn:                func() *tailcfg.DERPMap { return &tailcfg.DERPMap{} },
+		WorkspaceUpdatesProvider: mProvider,
+		ResumeTokenProvider:      tailnet.NewInsecureTestResumeTokenProvider(),
+	})
+	require.NoError(t, err)
+
+	user := make(chan struct{})
+	connInfo := make(chan struct{})
+	serveErrCh := make(chan error)
+	server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		switch r.URL.Path {
+		case "/api/v2/users/me":
+			httpapi.Write(ctx, w, http.StatusOK, codersdk.User{
+				ReducedUser: codersdk.ReducedUser{
+					MinimalUser: codersdk.MinimalUser{
+						ID: userID,
+					},
+				},
+			})
+			user <- struct{}{}
+
+		case "/api/v2/workspaceagents/connection":
+			httpapi.Write(ctx, w, http.StatusOK, workspacesdk.AgentConnectionInfo{
+				DisableDirectConnections: false,
+			})
+			connInfo <- struct{}{}
+
+		case "/api/v2/tailnet":
+			// need 2.3 for WorkspaceUpdates RPC
+			cVer := r.URL.Query().Get("version")
+			assert.Equal(t, "2.3", cVer)
+
+			sws, err := websocket.Accept(w, r, nil)
+			if !assert.NoError(t, err) {
+				return
+			}
+			wsCtx, nc := codersdk.WebsocketNetConn(ctx, sws, websocket.MessageBinary)
+			serveErrCh <- svc.ServeConnV2(wsCtx, nc, tailnet.StreamID{
+				Name: "client",
+				ID:   peerID,
+				// Auth can be nil as we use a mock update provider
+				Auth: tailnet.ClientUserCoordinateeAuth{
+					Auth: nil,
+				},
+			})
+		default:
+			http.NotFound(w, r)
+		}
+	}))
+	t.Cleanup(server.Close)
+
+	svrURL, err := url.Parse(server.URL)
+	require.NoError(t, err)
+	connErrCh := make(chan error)
+	connCh := make(chan vpn.Conn)
+	go func() {
+		conn, err := vpn.NewClient().NewConn(ctx, svrURL, "fakeToken", &vpn.Options{
+			UpdateHandler: updateHandler(func(wu *proto.WorkspaceUpdate) error {
+				inUpdateCh <- wu
+				return nil
+			}),
+			DNSConfigurator: &noopConfigurator{},
+		})
+		connErrCh <- err
+		connCh <- conn
+	}()
+	testutil.RequireRecvCtx(ctx, t, user)
+	testutil.RequireRecvCtx(ctx, t, connInfo)
+	err = testutil.RequireRecvCtx(ctx, t, connErrCh)
+	require.NoError(t, err)
+	conn := testutil.RequireRecvCtx(ctx, t, connCh)
+
+	// Send a workspace update
+	update := &proto.WorkspaceUpdate{
+		UpsertedWorkspaces: []*proto.Workspace{
+			{
+				Id: wsID[:],
+			},
+		},
+	}
+	testutil.RequireSendCtx(ctx, t, outUpdateCh, update)
+
+	// It'll be received by the update handler
+	recvUpdate := testutil.RequireRecvCtx(ctx, t, inUpdateCh)
+	require.Len(t, recvUpdate.UpsertedWorkspaces, 1)
+	require.Equal(t, update.UpsertedWorkspaces[0].Id, recvUpdate.UpsertedWorkspaces[0].Id)
+
+	// And be reflected on the Conn's state
+	require.Equal(t, &proto.WorkspaceUpdate{
+		UpsertedWorkspaces: []*proto.Workspace{
+			{
+				Id: wsID[:],
+			},
+		},
+		UpsertedAgents: []*proto.Agent{},
+	}, conn.CurrentWorkspaceState())
+
+	// Close the conn
+	conn.Close()
+	err = testutil.RequireRecvCtx(ctx, t, serveErrCh)
+	require.NoError(t, err)
+}
+
+type updateHandler func(*proto.WorkspaceUpdate) error
+
+func (h updateHandler) Update(u *proto.WorkspaceUpdate) error {
+	return h(u)
+}
+
+type noopConfigurator struct{}
+
+func (*noopConfigurator) Close() error {
+	return nil
+}
+
+func (*noopConfigurator) GetBaseConfig() (dns.OSConfig, error) {
+	return dns.OSConfig{}, nil
+}
+
+func (*noopConfigurator) SetDNS(dns.OSConfig) error {
+	return nil
+}
+
+func (*noopConfigurator) SupportsSplitDNS() bool {
+	return true
+}
+
+var _ dns.OSConfigurator = (*noopConfigurator)(nil)
diff --git a/vpn/tunnel.go b/vpn/tunnel.go
@@ -15,6 +15,7 @@ import (
 
 	"golang.org/x/xerrors"
 
+	"github.com/coder/coder/v2/coderd/util/ptr"
 	"github.com/coder/coder/v2/tailnet/proto"
 
 	"cdr.dev/slog"
@@ -187,7 +188,7 @@ func (t *Tunnel) start(req *StartRequest) error {
 			Logger:            t.logger,
 			DNSConfigurator:   NewDNSConfigurator(t),
 			Router:            NewRouter(t),
-			TUNFileDescriptor: int(req.GetTunnelFileDescriptor()),
+			TUNFileDescriptor: ptr.Ref(int(req.GetTunnelFileDescriptor())),
 			UpdateHandler:     t,
 		},
 	)
diff --git a/vpn/tunnel_internal_test.go b/vpn/tunnel_internal_test.go
@@ -129,7 +129,6 @@ func TestTunnel_PeerUpdate(t *testing.T) {
 
 	errCh := make(chan error, 1)
 	var resp *TunnelMessage
-	// When: we start the tunnel
 	go func() {
 		r, err := mgr.unaryRPC(ctx, &ManagerMessage{
 			Msg: &ManagerMessage_Start{
@@ -143,9 +142,7 @@ func TestTunnel_PeerUpdate(t *testing.T) {
 		resp = r
 		errCh <- err
 	}()
-	// Then: `NewConn` is called,
 	testutil.RequireSendCtx(ctx, t, client.ch, conn)
-	// And: a response is received
 	err := testutil.RequireRecvCtx(ctx, t, errCh)
 	require.NoError(t, err)
 	_, ok := resp.Msg.(*TunnelMessage_Start)
@@ -185,22 +182,80 @@ func TestTunnel_PeerUpdate(t *testing.T) {
 	require.Equal(t, []byte("2"), resp.GetPeerUpdate().UpsertedWorkspaces[1].Id)
 }
 
+func TestTunnel_NetworkSettings(t *testing.T) {
+	t.Parallel()
+
+	ctx := testutil.Context(t, testutil.WaitShort)
+
+	client := newFakeClient(ctx, t)
+	conn := newFakeConn(nil)
+
+	tun, mgr := setupTunnel(t, ctx, client)
+
+	errCh := make(chan error, 1)
+	var resp *TunnelMessage
+	go func() {
+		r, err := mgr.unaryRPC(ctx, &ManagerMessage{
+			Msg: &ManagerMessage_Start{
+				Start: &StartRequest{
+					TunnelFileDescriptor: 2,
+					CoderUrl:             "https://coder.example.com",
+					ApiToken:             "fakeToken",
+				},
+			},
+		})
+		resp = r
+		errCh <- err
+	}()
+	testutil.RequireSendCtx(ctx, t, client.ch, conn)
+	err := testutil.RequireRecvCtx(ctx, t, errCh)
+	require.NoError(t, err)
+	_, ok := resp.Msg.(*TunnelMessage_Start)
+	require.True(t, ok)
+
+	// When: we inform the tunnel of network settings
+	go func() {
+		err := tun.ApplyNetworkSettings(ctx, &NetworkSettingsRequest{
+			Mtu: 1200,
+		})
+		errCh <- err
+	}()
+	// Then: the tunnel sends a NetworkSettings message
+	req := testutil.RequireRecvCtx(ctx, t, mgr.requests)
+	require.NotNil(t, req.msg.Rpc)
+	require.Equal(t, uint32(1200), req.msg.GetNetworkSettings().Mtu)
+	go func() {
+		testutil.RequireSendCtx(ctx, t, mgr.sendCh, &ManagerMessage{
+			Rpc: &RPC{ResponseTo: req.msg.Rpc.MsgId},
+			Msg: &ManagerMessage_NetworkSettings{
+				NetworkSettings: &NetworkSettingsResponse{
+					Success: true,
+				},
+			},
+		})
+	}()
+	// And: `ApplyNetworkSettings` returns without error once the manager responds
+	err = testutil.RequireRecvCtx(ctx, t, errCh)
+	require.NoError(t, err)
+}
+
 //nolint:revive // t takes precedence
 func setupTunnel(t *testing.T, ctx context.Context, client *fakeClient) (*Tunnel, *speaker[*ManagerMessage, *TunnelMessage, TunnelMessage]) {
 	mp, tp := net.Pipe()
 	t.Cleanup(func() { _ = mp.Close() })
 	t.Cleanup(func() { _ = tp.Close() })
+	logger := testutil.Logger(t)
 
 	var tun *Tunnel
 	var mgr *speaker[*ManagerMessage, *TunnelMessage, TunnelMessage]
 	errCh := make(chan error, 2)
 	go func() {
-		tunnel, err := NewTunnel(ctx, testutil.Logger(t).Named("tunnel"), tp, client)
+		tunnel, err := NewTunnel(ctx, logger.Named("tunnel"), tp, client)
 		tun = tunnel
 		errCh <- err
 	}()
 	go func() {
-		manager, err := newSpeaker[*ManagerMessage, *TunnelMessage](ctx, testutil.Logger(t).Named("manager"), mp, SpeakerRoleManager, SpeakerRoleTunnel)
+		manager, err := newSpeaker[*ManagerMessage, *TunnelMessage](ctx, logger.Named("manager"), mp, SpeakerRoleManager, SpeakerRoleTunnel)
 		mgr = manager
 		errCh <- err
 	}()

Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ func (r RootCmd) vpnDaemonRun() serpent.Command {`
`60`	`60`	`defer pipe.Close()`
`61`	`61`
`62`	`62`	`logger.Info(ctx, "starting tunnel")`
`63`		`- tunnel, err := vpn.NewTunnel(ctx, logger, pipe)`
	`63`	`+ tunnel, err := vpn.NewTunnel(ctx, logger, pipe, vpn.NewClient())`
`64`	`64`	`if err != nil {`
`65`	`65`	`return xerrors.Errorf("create new tunnel for client: %w", err)`
`66`	`66`	`}`