Revert "feature: disable provisionerd listen endpoint (#1612)"

dwahler · dwahler · commit 97052e0ccd32 · 2022-08-18T16:59:53.000Z
This reverts commit a03615a.
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -182,6 +182,9 @@ func New(options *Options) *API {
 				apiKeyMiddleware,
 			)
 			r.Get("/", api.provisionerDaemons)
+			r.Route("/me", func(r chi.Router) {
+				r.Get("/listen", api.provisionerDaemonsListen)
+			})
 		})
 		r.Route("/organizations", func(r chi.Router) {
 			r.Use(
diff --git a/coderd/coderd_test.go b/coderd/coderd_test.go
@@ -468,6 +468,9 @@ func TestAuthorizeAllEndpoints(t *testing.T) {
 		"PUT:/api/v2/organizations/{organization}/members/{user}/roles": {NoAuthorize: true},
 		"POST:/api/v2/workspaces/{workspace}/builds":                    {StatusCode: http.StatusBadRequest, NoAuthorize: true},
 		"POST:/api/v2/organizations/{organization}/templateversions":    {StatusCode: http.StatusBadRequest, NoAuthorize: true},
+
+		// TODO needs authorization
+		"GET:/api/v2/provisionerdaemons/me/listen": {NoAuthorize: true},
 	}
 
 	for k, v := range assertRoute {
diff --git a/coderd/provisionerdaemons.go b/coderd/provisionerdaemons.go
@@ -13,10 +13,12 @@ import (
 	"time"
 
 	"github.com/google/uuid"
+	"github.com/hashicorp/yamux"
 	"github.com/moby/moby/pkg/namesgenerator"
 	"github.com/tabbed/pqtype"
 	"golang.org/x/xerrors"
 	protobuf "google.golang.org/protobuf/proto"
+	"nhooyr.io/websocket"
 	"storj.io/drpc/drpcmux"
 	"storj.io/drpc/drpcserver"
 
@@ -62,6 +64,78 @@ func (api *API) provisionerDaemons(rw http.ResponseWriter, r *http.Request) {
 	httpapi.Write(rw, http.StatusOK, daemons)
 }
 
+// Serves the provisioner daemon protobuf API over a WebSocket.
+func (api *API) provisionerDaemonsListen(rw http.ResponseWriter, r *http.Request) {
+	api.websocketWaitMutex.Lock()
+	api.websocketWaitGroup.Add(1)
+	api.websocketWaitMutex.Unlock()
+	defer api.websocketWaitGroup.Done()
+
+	conn, err := websocket.Accept(rw, r, &websocket.AcceptOptions{
+		// Need to disable compression to avoid a data-race.
+		CompressionMode: websocket.CompressionDisabled,
+	})
+	if err != nil {
+		httpapi.Write(rw, http.StatusBadRequest, codersdk.Response{
+			Message: "Internal error accepting websocket connection.",
+			Detail:  err.Error(),
+		})
+		return
+	}
+	// Align with the frame size of yamux.
+	conn.SetReadLimit(256 * 1024)
+
+	daemon, err := api.Database.InsertProvisionerDaemon(r.Context(), database.InsertProvisionerDaemonParams{
+		ID:           uuid.New(),
+		CreatedAt:    database.Now(),
+		Name:         namesgenerator.GetRandomName(1),
+		Provisioners: []database.ProvisionerType{database.ProvisionerTypeEcho, database.ProvisionerTypeTerraform},
+	})
+	if err != nil {
+		_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("insert provisioner daemon: %s", err))
+		return
+	}
+
+	// Multiplexes the incoming connection using yamux.
+	// This allows multiple function calls to occur over
+	// the same connection.
+	config := yamux.DefaultConfig()
+	config.LogOutput = io.Discard
+	session, err := yamux.Server(websocket.NetConn(r.Context(), conn, websocket.MessageBinary), config)
+	if err != nil {
+		_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("multiplex server: %s", err))
+		return
+	}
+	mux := drpcmux.New()
+	err = proto.DRPCRegisterProvisionerDaemon(mux, &provisionerdServer{
+		AccessURL:    api.AccessURL,
+		ID:           daemon.ID,
+		Database:     api.Database,
+		Pubsub:       api.Pubsub,
+		Provisioners: daemon.Provisioners,
+		Logger:       api.Logger.Named(fmt.Sprintf("provisionerd-%s", daemon.Name)),
+	})
+	if err != nil {
+		_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("drpc register provisioner daemon: %s", err))
+		return
+	}
+	server := drpcserver.NewWithOptions(mux, drpcserver.Options{
+		Log: func(err error) {
+			if xerrors.Is(err, io.EOF) {
+				return
+			}
+			api.Logger.Debug(r.Context(), "drpc server error", slog.Error(err))
+		},
+	})
+	err = server.Serve(r.Context(), session)
+	if err != nil && !xerrors.Is(err, io.EOF) {
+		api.Logger.Debug(r.Context(), "provisioner daemon disconnected", slog.Error(err))
+		_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("serve: %s", err))
+		return
+	}
+	_ = conn.Close(websocket.StatusGoingAway, "")
+}
+
 // ListenProvisionerDaemon is an in-memory connection to a provisionerd.  Useful when starting coderd and provisionerd
 // in the same process.
 func (api *API) ListenProvisionerDaemon(ctx context.Context) (client proto.DRPCProvisionerDaemonClient, err error) {
diff --git a/codersdk/provisionerdaemons.go b/codersdk/provisionerdaemons.go
@@ -5,15 +5,20 @@ import (
 	"database/sql"
 	"encoding/json"
 	"fmt"
+	"io"
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
 	"strconv"
 	"time"
 
 	"github.com/google/uuid"
+	"github.com/hashicorp/yamux"
 	"golang.org/x/xerrors"
 	"nhooyr.io/websocket"
+
+	"github.com/coder/coder/provisionerd/proto"
+	"github.com/coder/coder/provisionersdk"
 )
 
 type LogSource string
@@ -82,6 +87,35 @@ type ProvisionerJobLog struct {
 	Output    string    `json:"output"`
 }
 
+// ListenProvisionerDaemon returns the gRPC service for a provisioner daemon implementation.
+func (c *Client) ListenProvisionerDaemon(ctx context.Context) (proto.DRPCProvisionerDaemonClient, error) {
+	serverURL, err := c.URL.Parse("/api/v2/provisionerdaemons/me/listen")
+	if err != nil {
+		return nil, xerrors.Errorf("parse url: %w", err)
+	}
+	conn, res, err := websocket.Dial(ctx, serverURL.String(), &websocket.DialOptions{
+		HTTPClient: c.HTTPClient,
+		// Need to disable compression to avoid a data-race.
+		CompressionMode: websocket.CompressionDisabled,
+	})
+	if err != nil {
+		if res == nil {
+			return nil, err
+		}
+		return nil, readBodyAsError(res)
+	}
+	// Align with the frame size of yamux.
+	conn.SetReadLimit(256 * 1024)
+
+	config := yamux.DefaultConfig()
+	config.LogOutput = io.Discard
+	session, err := yamux.Client(websocket.NetConn(ctx, conn, websocket.MessageBinary), config)
+	if err != nil {
+		return nil, xerrors.Errorf("multiplex client: %w", err)
+	}
+	return proto.NewDRPCProvisionerDaemonClient(provisionersdk.Conn(session)), nil
+}
+
 // provisionerJobLogsBefore provides log output that occurred before a time.
 // This is abstracted from a specific job type to provide consistency between
 // APIs. Logs is the only shared route between jobs.

Original file line number	Diff line number	Diff line change
`@@ -468,6 +468,9 @@ func TestAuthorizeAllEndpoints(t *testing.T) {`
`468`	`468`	`"PUT:/api/v2/organizations/{organization}/members/{user}/roles": {NoAuthorize: true},`
`469`	`469`	`"POST:/api/v2/workspaces/{workspace}/builds": {StatusCode: http.StatusBadRequest, NoAuthorize: true},`
`470`	`470`	`"POST:/api/v2/organizations/{organization}/templateversions": {StatusCode: http.StatusBadRequest, NoAuthorize: true},`
	`471`	`+`
	`472`	`+ // TODO needs authorization`
	`473`	`+ "GET:/api/v2/provisionerdaemons/me/listen": {NoAuthorize: true},`
`471`	`474`	`}`
`472`	`475`
`473`	`476`	`for k, v := range assertRoute {`