feat: Use environment variables and startup script in agent (#1147)

kylecarbs · web-flow · commit a2dd61884915 · 2022-04-25T18:30:39.000Z
These values were ignored. Environment variables are applied to
new sessions, and are refreshed on reconnect. This is cool because
a workspace could be updated with new environment variables without
requiring a complete start/stop.

The startup script is only ran once regardless of changes, which
feels like the expected behavior.
diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -16,6 +16,7 @@
     "gographviz",
     "goleak",
     "gossh",
+    "gsyslog",
     "hashicorp",
     "hclsyntax",
     "httpmw",
diff --git a/agent/agent.go b/agent/agent.go
@@ -11,9 +11,13 @@ import (
 	"os"
 	"os/exec"
 	"os/user"
+	"runtime"
 	"sync"
 	"time"
 
+	gsyslog "github.com/hashicorp/go-syslog"
+	"go.uber.org/atomic"
+
 	"cdr.dev/slog"
 	"github.com/coder/coder/agent/usershell"
 	"github.com/coder/coder/peer"
@@ -29,10 +33,11 @@ import (
 )
 
 type Options struct {
-	Logger slog.Logger
+	EnvironmentVariables map[string]string
+	StartupScript        string
 }
 
-type Dialer func(ctx context.Context, logger slog.Logger) (*peerbroker.Listener, error)
+type Dialer func(ctx context.Context, logger slog.Logger) (*Options, *peerbroker.Listener, error)
 
 func New(dialer Dialer, logger slog.Logger) io.Closer {
 	ctx, cancelFunc := context.WithCancel(context.Background())
@@ -55,16 +60,21 @@ type agent struct {
 	closeMutex    sync.Mutex
 	closed        chan struct{}
 
-	sshServer *ssh.Server
+	// Environment variables sent by Coder to inject for shell sessions.
+	// This is atomic because values can change after reconnect.
+	envVars       atomic.Value
+	startupScript atomic.Bool
+	sshServer     *ssh.Server
 }
 
 func (a *agent) run(ctx context.Context) {
+	var options *Options
 	var peerListener *peerbroker.Listener
 	var err error
 	// An exponential back-off occurs when the connection is failing to dial.
 	// This is to prevent server spam in case of a coderd outage.
 	for retrier := retry.New(50*time.Millisecond, 10*time.Second); retrier.Wait(ctx); {
-		peerListener, err = a.dialer(ctx, a.logger)
+		options, peerListener, err = a.dialer(ctx, a.logger)
 		if err != nil {
 			if errors.Is(err, context.Canceled) {
 				return
@@ -83,6 +93,20 @@ func (a *agent) run(ctx context.Context) {
 		return
 	default:
 	}
+	a.envVars.Store(options.EnvironmentVariables)
+
+	if a.startupScript.CAS(false, true) {
+		// The startup script has not ran yet!
+		go func() {
+			err := a.runStartupScript(ctx, options.StartupScript)
+			if errors.Is(err, context.Canceled) {
+				return
+			}
+			if err != nil {
+				a.logger.Warn(ctx, "agent script failed", slog.Error(err))
+			}
+		}()
+	}
 
 	for {
 		conn, err := peerListener.Accept()
@@ -101,6 +125,48 @@ func (a *agent) run(ctx context.Context) {
 	}
 }
 
+func (*agent) runStartupScript(ctx context.Context, script string) error {
+	if script == "" {
+		return nil
+	}
+	currentUser, err := user.Current()
+	if err != nil {
+		return xerrors.Errorf("get current user: %w", err)
+	}
+	username := currentUser.Username
+
+	shell, err := usershell.Get(username)
+	if err != nil {
+		return xerrors.Errorf("get user shell: %w", err)
+	}
+
+	var writer io.WriteCloser
+	// Attempt to use the syslog to write startup information.
+	writer, err = gsyslog.NewLogger(gsyslog.LOG_INFO, "USER", "coder-startup-script")
+	if err != nil {
+		// If the syslog isn't supported or cannot be created, use a text file in temp.
+		writer, err = os.CreateTemp("", "coder-startup-script.txt")
+		if err != nil {
+			return xerrors.Errorf("open startup script log file: %w", err)
+		}
+	}
+	defer func() {
+		_ = writer.Close()
+	}()
+	caller := "-c"
+	if runtime.GOOS == "windows" {
+		caller = "/c"
+	}
+	cmd := exec.CommandContext(ctx, shell, caller, script)
+	cmd.Stdout = writer
+	cmd.Stderr = writer
+	err = cmd.Run()
+	if err != nil {
+		return xerrors.Errorf("run: %w", err)
+	}
+	return nil
+}
+
 func (a *agent) handlePeerConn(ctx context.Context, conn *peer.Conn) {
 	go func() {
 		select {
@@ -230,8 +296,24 @@ func (a *agent) handleSSHSession(session ssh.Session) error {
 
 	// OpenSSH executes all commands with the users current shell.
 	// We replicate that behavior for IDE support.
-	cmd := exec.CommandContext(session.Context(), shell, "-c", command)
+	caller := "-c"
+	if runtime.GOOS == "windows" {
+		caller = "/c"
+	}
+	cmd := exec.CommandContext(session.Context(), shell, caller, command)
 	cmd.Env = append(os.Environ(), session.Environ()...)
+
+	// Load environment variables passed via the agent.
+	envVars := a.envVars.Load()
+	if envVars != nil {
+		envVarMap, ok := envVars.(map[string]string)
+		if ok {
+			for key, value := range envVarMap {
+				cmd.Env = append(cmd.Env, fmt.Sprintf("%s=%s", key, value))
+			}
+		}
+	}
+
 	executablePath, err := os.Executable()
 	if err != nil {
 		return xerrors.Errorf("getting os executable: %w", err)
diff --git a/agent/agent_test.go b/agent/agent_test.go
@@ -12,12 +12,15 @@ import (
 	"strconv"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/pion/webrtc/v3"
 	"github.com/pkg/sftp"
 	"github.com/stretchr/testify/require"
 	"go.uber.org/goleak"
 	"golang.org/x/crypto/ssh"
+	"golang.org/x/text/encoding/unicode"
+	"golang.org/x/text/transform"
 
 	"cdr.dev/slog"
 	"cdr.dev/slog/sloggers/slogtest"
@@ -37,7 +40,7 @@ func TestAgent(t *testing.T) {
 	t.Parallel()
 	t.Run("SessionExec", func(t *testing.T) {
 		t.Parallel()
-		session := setupSSHSession(t)
+		session := setupSSHSession(t, nil)
 
 		command := "echo test"
 		if runtime.GOOS == "windows" {
@@ -50,7 +53,7 @@ func TestAgent(t *testing.T) {
 
 	t.Run("GitSSH", func(t *testing.T) {
 		t.Parallel()
-		session := setupSSHSession(t)
+		session := setupSSHSession(t, nil)
 		command := "sh -c 'echo $GIT_SSH_COMMAND'"
 		if runtime.GOOS == "windows" {
 			command = "cmd.exe /c echo %GIT_SSH_COMMAND%"
@@ -68,7 +71,7 @@ func TestAgent(t *testing.T) {
 			// it seems like it could be either.
 			t.Skip("ConPTY appears to be inconsistent on Windows.")
 		}
-		session := setupSSHSession(t)
+		session := setupSSHSession(t, nil)
 		command := "bash"
 		if runtime.GOOS == "windows" {
 			command = "cmd.exe"
@@ -128,7 +131,7 @@ func TestAgent(t *testing.T) {
 
 	t.Run("SFTP", func(t *testing.T) {
 		t.Parallel()
-		sshClient, err := setupAgent(t).SSHClient()
+		sshClient, err := setupAgent(t, nil).SSHClient()
 		require.NoError(t, err)
 		client, err := sftp.NewClient(sshClient)
 		require.NoError(t, err)
@@ -140,10 +143,52 @@ func TestAgent(t *testing.T) {
 		_, err = os.Stat(tempFile)
 		require.NoError(t, err)
 	})
+
+	t.Run("EnvironmentVariables", func(t *testing.T) {
+		t.Parallel()
+		key := "EXAMPLE"
+		value := "value"
+		session := setupSSHSession(t, &agent.Options{
+			EnvironmentVariables: map[string]string{
+				key: value,
+			},
+		})
+		command := "sh -c 'echo $" + key + "'"
+		if runtime.GOOS == "windows" {
+			command = "cmd.exe /c echo %" + key + "%"
+		}
+		output, err := session.Output(command)
+		require.NoError(t, err)
+		require.Equal(t, value, strings.TrimSpace(string(output)))
+	})
+
+	t.Run("StartupScript", func(t *testing.T) {
+		t.Parallel()
+		tempPath := filepath.Join(os.TempDir(), "content.txt")
+		content := "somethingnice"
+		setupAgent(t, &agent.Options{
+			StartupScript: "echo " + content + " > " + tempPath,
+		})
+		var gotContent string
+		require.Eventually(t, func() bool {
+			content, err := os.ReadFile(tempPath)
+			if err != nil {
+				return false
+			}
+			if runtime.GOOS == "windows" {
+				// Windows uses UTF16! 🪟🪟🪟
+				content, _, err = transform.Bytes(unicode.UTF16(unicode.LittleEndian, unicode.UseBOM).NewDecoder(), content)
+				require.NoError(t, err)
+			}
+			gotContent = string(content)
+			return true
+		}, 15*time.Second, 100*time.Millisecond)
+		require.Equal(t, content, strings.TrimSpace(gotContent))
+	})
 }
 
 func setupSSHCommand(t *testing.T, beforeArgs []string, afterArgs []string) *exec.Cmd {
-	agentConn := setupAgent(t)
+	agentConn := setupAgent(t, nil)
 	listener, err := net.Listen("tcp", "127.0.0.1:0")
 	require.NoError(t, err)
 	go func() {
@@ -171,18 +216,22 @@ func setupSSHCommand(t *testing.T, beforeArgs []string, afterArgs []string) *exe
 	return exec.Command("ssh", args...)
 }
 
-func setupSSHSession(t *testing.T) *ssh.Session {
-	sshClient, err := setupAgent(t).SSHClient()
+func setupSSHSession(t *testing.T, options *agent.Options) *ssh.Session {
+	sshClient, err := setupAgent(t, options).SSHClient()
 	require.NoError(t, err)
 	session, err := sshClient.NewSession()
 	require.NoError(t, err)
 	return session
 }
 
-func setupAgent(t *testing.T) *agent.Conn {
+func setupAgent(t *testing.T, options *agent.Options) *agent.Conn {
+	if options == nil {
+		options = &agent.Options{}
+	}
 	client, server := provisionersdk.TransportPipe()
-	closer := agent.New(func(ctx context.Context, logger slog.Logger) (*peerbroker.Listener, error) {
-		return peerbroker.Listen(server, nil)
+	closer := agent.New(func(ctx context.Context, logger slog.Logger) (*agent.Options, *peerbroker.Listener, error) {
+		listener, err := peerbroker.Listen(server, nil)
+		return options, listener, err
 	}, slogtest.Make(t, nil).Leveled(slog.LevelDebug))
 	t.Cleanup(func() {
 		_ = client.Close()
diff --git a/cli/gitssh.go b/cli/gitssh.go
@@ -7,10 +7,11 @@ import (
 	"os/exec"
 	"strings"
 
-	"github.com/coder/coder/cli/cliui"
-	"github.com/coder/coder/codersdk"
 	"github.com/spf13/cobra"
 	"golang.org/x/xerrors"
+
+	"github.com/coder/coder/cli/cliui"
+	"github.com/coder/coder/codersdk"
 )
 
 func gitssh() *cobra.Command {
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -197,7 +197,8 @@ func New(options *Options) (http.Handler, func()) {
 			r.Post("/google-instance-identity", api.postWorkspaceAuthGoogleInstanceIdentity)
 			r.Route("/me", func(r chi.Router) {
 				r.Use(httpmw.ExtractWorkspaceAgent(options.Database))
-				r.Get("/", api.workspaceAgentListen)
+				r.Get("/", api.workspaceAgentMe)
+				r.Get("/listen", api.workspaceAgentListen)
 				r.Get("/gitsshkey", api.agentGitSSHKey)
 				r.Get("/turn", api.workspaceAgentTurn)
 				r.Get("/iceservers", api.workspaceAgentICEServers)
diff --git a/coderd/workspaceagents.go b/coderd/workspaceagents.go
@@ -88,6 +88,18 @@ func (api *api) workspaceAgentDial(rw http.ResponseWriter, r *http.Request) {
 	}
 }
 
+func (api *api) workspaceAgentMe(rw http.ResponseWriter, r *http.Request) {
+	agent := httpmw.WorkspaceAgent(r)
+	apiAgent, err := convertWorkspaceAgent(agent, api.AgentConnectionUpdateFrequency)
+	if err != nil {
+		httpapi.Write(rw, http.StatusInternalServerError, httpapi.Response{
+			Message: fmt.Sprintf("convert workspace agent: %s", err),
+		})
+		return
+	}
+	httpapi.Write(rw, http.StatusOK, apiAgent)
+}
+
 func (api *api) workspaceAgentListen(rw http.ResponseWriter, r *http.Request) {
 	api.websocketWaitMutex.Lock()
 	api.websocketWaitGroup.Add(1)
diff --git a/coderd/workspaceagents_test.go b/coderd/workspaceagents_test.go
@@ -102,6 +102,8 @@ func TestWorkspaceAgentListen(t *testing.T) {
 	})
 	_, err = conn.Ping()
 	require.NoError(t, err)
+	_, err = agentClient.WorkspaceAgent(context.Background(), codersdk.Me)
+	require.NoError(t, err)
 }
 
 func TestWorkspaceAgentTURN(t *testing.T) {
diff --git a/codersdk/workspaceagents.go b/codersdk/workspaceagents.go
diff --git a/go.mod b/go.mod
diff --git a/go.sum b/go.sum

Original file line number	Diff line number	Diff line change
`@@ -102,6 +102,8 @@ func TestWorkspaceAgentListen(t *testing.T) {`
`102`	`102`	`})`
`103`	`103`	`_, err = conn.Ping()`
`104`	`104`	`require.NoError(t, err)`
	`105`	`+ _, err = agentClient.WorkspaceAgent(context.Background(), codersdk.Me)`
	`106`	`+ require.NoError(t, err)`
`105`	`107`	`}`
`106`	`108`
`107`	`109`	`func TestWorkspaceAgentTURN(t *testing.T) {`