Skip to content

Commit b8bc41d

Browse files
coadlercoadler
committed
fix(coderd): pass block endpoints into servertailnet
1 parent fbd436c commit b8bc41d

File tree

8 files changed

+62
-2
lines changed

8 files changed

+62
-2
lines changed

coderd/coderd.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -485,6 +485,7 @@ func New(options *Options) *API {
485485
func(context.Context) (tailnet.MultiAgentConn, error) {
486486
return (*api.TailnetCoordinator.Load()).ServeMultiAgent(uuid.New()), nil
487487
},
488+
options.DeploymentValues.DERP.Config.BlockDirect.Value(),
488489
api.TracerProvider,
489490
)
490491
if err != nil {

coderd/tailnet.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,13 +49,15 @@ func NewServerTailnet(
4949
derpMapFn func() *tailcfg.DERPMap,
5050
derpForceWebSockets bool,
5151
getMultiAgent func(context.Context) (tailnet.MultiAgentConn, error),
52+
blockEndpoints bool,
5253
traceProvider trace.TracerProvider,
5354
) (*ServerTailnet, error) {
5455
logger = logger.Named("servertailnet")
5556
conn, err := tailnet.NewConn(&tailnet.Options{
5657
Addresses: []netip.Prefix{netip.PrefixFrom(tailnet.IP(), 128)},
5758
DERPForceWebSockets: derpForceWebSockets,
5859
Logger: logger,
60+
BlockEndpoints: blockEndpoints,
5961
})
6062
if err != nil {
6163
return nil, xerrors.Errorf("create tailnet conn: %w", err)
@@ -166,6 +168,12 @@ func NewServerTailnet(
166168
return tn, nil
167169
}
168170

171+
// Conn is used to access the underlying tailnet conn of the ServerTailnet. It
172+
// should only be used for read-only purposes.
173+
func (s *ServerTailnet) Conn() *tailnet.Conn {
174+
return s.conn
175+
}
176+
169177
func (s *ServerTailnet) nodeCallback(node *tailnet.Node) {
170178
pn, err := tailnet.NodeToProto(node)
171179
if err != nil {

coderd/tailnet_test.go

Lines changed: 31 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -303,6 +303,36 @@ func TestServerTailnet_ReverseProxy(t *testing.T) {
303303

304304
assert.Equal(t, expectedResponseCode, res.StatusCode)
305305
})
306+
307+
t.Run("BlockEndpoints", func(t *testing.T) {
308+
t.Parallel()
309+
310+
ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
311+
defer cancel()
312+
313+
agents, serverTailnet := setupServerTailnetAgent(t, 1, tailnettest.DisableSTUN)
314+
a := agents[0]
315+
316+
require.True(t, serverTailnet.Conn().GetBlockEndpoints(), "expected BlockEndpoints to be set")
317+
318+
u, err := url.Parse(fmt.Sprintf("http://127.0.0.1:%d", codersdk.WorkspaceAgentHTTPAPIServerPort))
319+
require.NoError(t, err)
320+
321+
rp := serverTailnet.ReverseProxy(u, u, a.id)
322+
323+
rw := httptest.NewRecorder()
324+
req := httptest.NewRequest(
325+
http.MethodGet,
326+
u.String(),
327+
nil,
328+
).WithContext(ctx)
329+
330+
rp.ServeHTTP(rw, req)
331+
res := rw.Result()
332+
defer res.Body.Close()
333+
334+
assert.Equal(t, http.StatusOK, res.StatusCode)
335+
})
306336
}
307337

308338
type wrappedListener struct {
@@ -375,6 +405,7 @@ func setupServerTailnetAgent(t *testing.T, agentNum int, opts ...tailnettest.DER
375405
func() *tailcfg.DERPMap { return derpMap },
376406
false,
377407
func(context.Context) (tailnet.MultiAgentConn, error) { return coord.ServeMultiAgent(uuid.New()), nil },
408+
!derpMap.HasSTUN(),
378409
trace.NewNoopTracerProvider(),
379410
)
380411
require.NoError(t, err)

enterprise/derpmesh/derpmesh.go

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,8 @@ import (
1212
"tailscale.com/derp/derphttp"
1313
"tailscale.com/types/key"
1414

15-
"github.com/coder/coder/v2/tailnet"
16-
1715
"cdr.dev/slog"
16+
"github.com/coder/coder/v2/tailnet"
1817
)
1918

2019
// New constructs a new mesh for DERP servers.

enterprise/wsproxy/wsproxy.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -250,6 +250,7 @@ func New(ctx context.Context, opts *Options) (*Server, error) {
250250
},
251251
regResp.DERPForceWebSockets,
252252
s.DialCoordinator,
253+
false, // TODO: this will be covered in a subsequent pr.
253254
s.TracerProvider,
254255
)
255256
if err != nil {

tailnet/configmaps.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -254,6 +254,14 @@ func (c *configMaps) setBlockEndpoints(blockEndpoints bool) {
254254
c.Broadcast()
255255
}
256256

257+
// getBlockEndpoints returns the value of the most recent setBlockEndpoints
258+
// call.
259+
func (c *configMaps) getBlockEndpoints() bool {
260+
c.L.Lock()
261+
defer c.L.Unlock()
262+
return c.blockEndpoints
263+
}
264+
257265
// setDERPMap sets the DERP map, triggering a configuration of the engine if it has changed.
258266
// c.L MUST NOT be held.
259267
func (c *configMaps) setDERPMap(derpMap *tailcfg.DERPMap) {

tailnet/conn.go

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -310,6 +310,10 @@ type Conn struct {
310310
trafficStats *connstats.Statistics
311311
}
312312

313+
func (c *Conn) GetBlockEndpoints() bool {
314+
return c.configMaps.getBlockEndpoints() && c.nodeUpdater.getBlockEndpoints()
315+
}
316+
313317
func (c *Conn) InstallCaptureHook(f capture.Callback) {
314318
c.mutex.Lock()
315319
defer c.mutex.Unlock()

tailnet/node.go

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -228,3 +228,11 @@ func (u *nodeUpdater) setBlockEndpoints(blockEndpoints bool) {
228228
u.blockEndpoints = blockEndpoints
229229
u.Broadcast()
230230
}
231+
232+
// getBlockEndpoints returns the value of the most recent setBlockEndpoints
233+
// call.
234+
func (u *nodeUpdater) getBlockEndpoints() bool {
235+
u.L.Lock()
236+
defer u.L.Unlock()
237+
return u.blockEndpoints
238+
}

0 commit comments

Comments
 (0)