fix(coderd): pass block endpoints into servertailnet

coadler · coadler · commit cc569a760a92 · 2024-02-15T00:27:03.000Z
diff --git a/coderd/coderd.go b/coderd/coderd.go
@@ -485,6 +485,7 @@ func New(options *Options) *API {
 		func(context.Context) (tailnet.MultiAgentConn, error) {
 			return (*api.TailnetCoordinator.Load()).ServeMultiAgent(uuid.New()), nil
 		},
+		options.DeploymentValues.DERP.Config.BlockDirect.Value(),
 		api.TracerProvider,
 	)
 	if err != nil {
diff --git a/coderd/tailnet.go b/coderd/tailnet.go
@@ -49,6 +49,7 @@ func NewServerTailnet(
 	derpMapFn func() *tailcfg.DERPMap,
 	derpForceWebSockets bool,
 	getMultiAgent func(context.Context) (tailnet.MultiAgentConn, error),
+	blockEndpoints bool,
 	traceProvider trace.TracerProvider,
 ) (*ServerTailnet, error) {
 	logger = logger.Named("servertailnet")
@@ -58,6 +59,7 @@ func NewServerTailnet(
 		DERPMap:             originalDerpMap,
 		DERPForceWebSockets: derpForceWebSockets,
 		Logger:              logger,
+		BlockEndpoints:      blockEndpoints,
 	})
 	if err != nil {
 		return nil, xerrors.Errorf("create tailnet conn: %w", err)
diff --git a/coderd/tailnet_test.go b/coderd/tailnet_test.go
@@ -40,7 +40,7 @@ func TestServerTailnet_AgentConn_OK(t *testing.T) {
 	defer cancel()
 
 	// Connect through the ServerTailnet
-	agents, serverTailnet := setupServerTailnetAgent(t, 1)
+	agents, serverTailnet := setupServerTailnetAgent(t, 1, false)
 	a := agents[0]
 
 	conn, release, err := serverTailnet.AgentConn(ctx, a.id)
@@ -59,7 +59,7 @@ func TestServerTailnet_ReverseProxy(t *testing.T) {
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 		defer cancel()
 
-		agents, serverTailnet := setupServerTailnetAgent(t, 1)
+		agents, serverTailnet := setupServerTailnetAgent(t, 1, false)
 		a := agents[0]
 
 		u, err := url.Parse(fmt.Sprintf("http://127.0.0.1:%d", codersdk.WorkspaceAgentHTTPAPIServerPort))
@@ -87,7 +87,7 @@ func TestServerTailnet_ReverseProxy(t *testing.T) {
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 		defer cancel()
 
-		agents, serverTailnet := setupServerTailnetAgent(t, 1)
+		agents, serverTailnet := setupServerTailnetAgent(t, 1, false)
 		a := agents[0]
 
 		registry := prometheus.NewRegistry()
@@ -124,7 +124,7 @@ func TestServerTailnet_ReverseProxy(t *testing.T) {
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 		defer cancel()
 
-		agents, serverTailnet := setupServerTailnetAgent(t, 1)
+		agents, serverTailnet := setupServerTailnetAgent(t, 1, false)
 		a := agents[0]
 
 		u, err := url.Parse(fmt.Sprintf("http://127.0.0.1:%d", codersdk.WorkspaceAgentHTTPAPIServerPort))
@@ -149,7 +149,7 @@ func TestServerTailnet_ReverseProxy(t *testing.T) {
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 		defer cancel()
 
-		agents, serverTailnet := setupServerTailnetAgent(t, 1)
+		agents, serverTailnet := setupServerTailnetAgent(t, 1, false)
 		a := agents[0]
 		port := ":4444"
 		ln, err := a.TailnetConn().Listen("tcp", port)
@@ -202,7 +202,7 @@ func TestServerTailnet_ReverseProxy(t *testing.T) {
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 		defer cancel()
 
-		agents, serverTailnet := setupServerTailnetAgent(t, 2)
+		agents, serverTailnet := setupServerTailnetAgent(t, 2, false)
 		port := ":4444"
 
 		for i, ag := range agents {
@@ -257,7 +257,7 @@ func TestServerTailnet_ReverseProxy(t *testing.T) {
 		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
 		defer cancel()
 
-		agents, serverTailnet := setupServerTailnetAgent(t, 1)
+		agents, serverTailnet := setupServerTailnetAgent(t, 1, false)
 		a := agents[0]
 
 		const expectedResponseCode = 209
@@ -285,6 +285,36 @@ func TestServerTailnet_ReverseProxy(t *testing.T) {
 
 		assert.Equal(t, expectedResponseCode, res.StatusCode)
 	})
+
+	t.Run("BlockEndpoints", func(t *testing.T) {
+		t.Parallel()
+
+		ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong)
+		defer cancel()
+
+		agents, serverTailnet := setupServerTailnetAgent(t, 1, true)
+		a := agents[0]
+
+		require.True(t, a.TailnetConn().GetBlockEndpoints(), "expected BlockEndpoints to be set")
+
+		u, err := url.Parse(fmt.Sprintf("http://127.0.0.1:%d", codersdk.WorkspaceAgentHTTPAPIServerPort))
+		require.NoError(t, err)
+
+		rp := serverTailnet.ReverseProxy(u, u, a.id)
+
+		rw := httptest.NewRecorder()
+		req := httptest.NewRequest(
+			http.MethodGet,
+			u.String(),
+			nil,
+		).WithContext(ctx)
+
+		rp.ServeHTTP(rw, req)
+		res := rw.Result()
+		defer res.Body.Close()
+
+		assert.Equal(t, http.StatusOK, res.StatusCode)
+	})
 }
 
 type wrappedListener struct {
@@ -311,7 +341,7 @@ type agentWithID struct {
 	agent.Agent
 }
 
-func setupServerTailnetAgent(t *testing.T, agentNum int) ([]agentWithID, *coderd.ServerTailnet) {
+func setupServerTailnetAgent(t *testing.T, agentNum int, blockEndpoints bool) ([]agentWithID, *coderd.ServerTailnet) {
 	logger := slogtest.Make(t, nil).Leveled(slog.LevelDebug)
 	derpMap, derpServer := tailnettest.RunDERPAndSTUN(t)
 
@@ -357,6 +387,7 @@ func setupServerTailnetAgent(t *testing.T, agentNum int) ([]agentWithID, *coderd
 		func() *tailcfg.DERPMap { return derpMap },
 		false,
 		func(context.Context) (tailnet.MultiAgentConn, error) { return coord.ServeMultiAgent(uuid.New()), nil },
+		blockEndpoints,
 		trace.NewNoopTracerProvider(),
 	)
 	require.NoError(t, err)
diff --git a/enterprise/derpmesh/derpmesh.go b/enterprise/derpmesh/derpmesh.go
@@ -12,9 +12,8 @@ import (
 	"tailscale.com/derp/derphttp"
 	"tailscale.com/types/key"
 
-	"github.com/coder/coder/v2/tailnet"
-
 	"cdr.dev/slog"
+	"github.com/coder/coder/v2/tailnet"
 )
 
 // New constructs a new mesh for DERP servers.
diff --git a/enterprise/wsproxy/wsproxy.go b/enterprise/wsproxy/wsproxy.go
@@ -250,6 +250,7 @@ func New(ctx context.Context, opts *Options) (*Server, error) {
 		},
 		regResp.DERPForceWebSockets,
 		s.DialCoordinator,
+		false, // TODO: this will be covered in a subsequent pr.
 		s.TracerProvider,
 	)
 	if err != nil {
diff --git a/tailnet/configmaps.go b/tailnet/configmaps.go
@@ -253,6 +253,14 @@ func (c *configMaps) setBlockEndpoints(blockEndpoints bool) {
 	c.Broadcast()
 }
 
+// getBlockEndpoints returns the value of the most recent setBlockEndpoints
+// call.
+func (c *configMaps) getBlockEndpoints() bool {
+	c.L.Lock()
+	defer c.L.Unlock()
+	return c.blockEndpoints
+}
+
 // setDERPMap sets the DERP map, triggering a configuration of the engine if it has changed.
 // c.L MUST NOT be held.
 func (c *configMaps) setDERPMap(derpMap *tailcfg.DERPMap) {
diff --git a/tailnet/conn.go b/tailnet/conn.go
@@ -311,6 +311,10 @@ type Conn struct {
 	trafficStats *connstats.Statistics
 }
 
+func (c *Conn) GetBlockEndpoints() bool {
+	return c.configMaps.getBlockEndpoints() && c.nodeUpdater.getBlockEndpoints()
+}
+
 func (c *Conn) InstallCaptureHook(f capture.Callback) {
 	c.mutex.Lock()
 	defer c.mutex.Unlock()
diff --git a/tailnet/node.go b/tailnet/node.go
@@ -228,3 +228,11 @@ func (u *nodeUpdater) setBlockEndpoints(blockEndpoints bool) {
 	u.blockEndpoints = blockEndpoints
 	u.Broadcast()
 }
+
+// getBlockEndpoints returns the value of the most recent setBlockEndpoints
+// call.
+func (u *nodeUpdater) getBlockEndpoints() bool {
+	u.L.Lock()
+	defer u.L.Unlock()
+	return u.blockEndpoints
+}

Original file line number	Diff line number	Diff line change
`@@ -485,6 +485,7 @@ func New(options Options) API {`
`485`	`485`	`func(context.Context) (tailnet.MultiAgentConn, error) {`
`486`	`486`	`return (*api.TailnetCoordinator.Load()).ServeMultiAgent(uuid.New()), nil`
`487`	`487`	`},`
	`488`	`+ options.DeploymentValues.DERP.Config.BlockDirect.Value(),`
`488`	`489`	`api.TracerProvider,`
`489`	`490`	`)`
`490`	`491`	`if err != nil {`
Original file line number	Diff line number	Diff line change
`@@ -12,9 +12,8 @@ import (`
`12`	`12`	`"tailscale.com/derp/derphttp"`
`13`	`13`	`"tailscale.com/types/key"`
`14`	`14`
`15`		`- "github.com/coder/coder/v2/tailnet"`
`16`		`-`
`17`	`15`	`"cdr.dev/slog"`
	`16`	`+ "github.com/coder/coder/v2/tailnet"`
`18`	`17`	`)`
`19`	`18`
`20`	`19`	`// New constructs a new mesh for DERP servers.`
Original file line number	Diff line number	Diff line change
`@@ -250,6 +250,7 @@ func New(ctx context.Context, opts Options) (Server, error) {`
`250`	`250`	`},`
`251`	`251`	`regResp.DERPForceWebSockets,`
`252`	`252`	`s.DialCoordinator,`
	`253`	`+ false, // TODO: this will be covered in a subsequent pr.`
`253`	`254`	`s.TracerProvider,`
`254`	`255`	`)`
`255`	`256`	`if err != nil {`