Skip to content

feat: add agent acks to in-memory coordinator #12786

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Apr 10, 2024
+878 −122
Merged

feat: add agent acks to in-memory coordinator #12786

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
1c287b2
feat: add agent acks to in-memory coordinator
coadler Mar 27, 2024
4b14af0
spike comments
coadler Mar 29, 2024
7e2d1bb
fixup! spike comments
coadler Mar 29, 2024
3557c11
additional tests
coadler Mar 29, 2024
1347370
prevent clients from sending `ready_for_handshake`
coadler Mar 29, 2024
2896d6b
rename
coadler Mar 29, 2024
214d380
comments
coadler Apr 2, 2024
4aaa0e2
fixup! comments
coadler Apr 2, 2024
5660e03
add auth to in-memory coordinator
coadler Apr 2, 2024
298655b
fixup! add auth to in-memory coordinator
coadler Apr 2, 2024
88416d2
comments
coadler Apr 3, 2024
bfda37e
make gen
coadler Apr 3, 2024
2ee3c51
don't kill agent connection on invalid RFH
coadler Apr 3, 2024
cae734d
fix no permission test
coadler Apr 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
add auth to in-memory coordinator
  • Loading branch information
@coadler
coadler committed Apr 10, 2024
commit 5660e03d02c73bedada4082d627208a078b5c92a
4 changes: 4 additions & 0 deletions tailnet/coordinator.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -711,6 +711,10 @@ func (c *core) handleReadyForHandshakeLocked(src *peer, rfhs []*proto.Coordinate
return xerrors.Errorf("unable to convert bytes to UUID: %w", err)
}

if !c.tunnels.tunnelExists(src.id, dstID) {
return xerrors.Errorf("tunnel does not exist between %s and %s", src.id.String(), dstID.String())
}

dst, ok := c.peers[dstID]
if ok {
select {
Expand Down
62 changes: 60 additions & 2 deletions tailnet/coordinator_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -422,8 +422,28 @@ func TestCoordinator(t *testing.T) {
clientID := uuid.New()
agentID := uuid.New()

aReq, _ := coordinator.Coordinate(ctx, agentID, agentID.String(), tailnet.AgentCoordinateeAuth{ID: agentID})
_, cRes := coordinator.Coordinate(ctx, clientID, clientID.String(), tailnet.ClientCoordinateeAuth{AgentID: agentID})
aReq, aRes := coordinator.Coordinate(ctx, agentID, agentID.String(), tailnet.AgentCoordinateeAuth{ID: agentID})
cReq, cRes := coordinator.Coordinate(ctx, clientID, clientID.String(), tailnet.ClientCoordinateeAuth{AgentID: agentID})

{
nk, err := key.NewNode().Public().MarshalBinary()
require.NoError(t, err)
dk, err := key.NewDisco().Public().MarshalText()
require.NoError(t, err)
cReq <- &proto.CoordinateRequest{UpdateSelf: &proto.CoordinateRequest_UpdateSelf{
Node: &proto.Node{
Id: 3,
Key: nk,
Disco: string(dk),
},
}}
}

cReq <- &proto.CoordinateRequest{AddTunnel: &proto.CoordinateRequest_Tunnel{
Id: agentID[:],
}}

testutil.RequireRecvCtx(ctx, t, aRes)

aReq <- &proto.CoordinateRequest{ReadyForHandshake: []*proto.CoordinateRequest_ReadyForHandshake{{
Id: clientID[:],
Expand All @@ -434,6 +454,44 @@ func TestCoordinator(t *testing.T) {
require.Equal(t, proto.CoordinateResponse_PeerUpdate_READY_FOR_HANDSHAKE, ack.PeerUpdates[0].Kind)
require.Equal(t, agentID[:], ack.PeerUpdates[0].Id)
})

t.Run("AgentAck_NoPermission", func(t *testing.T) {
t.Parallel()
logger := slogtest.Make(t, &slogtest.Options{IgnoreErrors: true}).Leveled(slog.LevelDebug)
coordinator := tailnet.NewCoordinator(logger)
ctx := testutil.Context(t, testutil.WaitShort)

clientID := uuid.New()
agentID := uuid.New()

aReq, _ := coordinator.Coordinate(ctx, agentID, agentID.String(), tailnet.AgentCoordinateeAuth{ID: agentID})
_, _ = coordinator.Coordinate(ctx, clientID, clientID.String(), tailnet.ClientCoordinateeAuth{AgentID: agentID})

nk, err := key.NewNode().Public().MarshalBinary()
require.NoError(t, err)
dk, err := key.NewDisco().Public().MarshalText()
require.NoError(t, err)
aReq <- &proto.CoordinateRequest{UpdateSelf: &proto.CoordinateRequest_UpdateSelf{
Node: &proto.Node{
Id: 3,
Key: nk,
Disco: string(dk),
},
}}

require.Eventually(t, func() bool {
return coordinator.Node(agentID) != nil
}, testutil.WaitShort, testutil.IntervalFast)

aReq <- &proto.CoordinateRequest{ReadyForHandshake: []*proto.CoordinateRequest_ReadyForHandshake{{
Id: clientID[:],
}}}

// The agent node should disappear, indicating it was booted off.
require.Eventually(t, func() bool {
return coordinator.Node(agentID) == nil
}, testutil.WaitShort, testutil.IntervalFast)
})
}

// TestCoordinator_AgentUpdateWhileClientConnects tests for regression on
Expand Down
6 changes: 6 additions & 0 deletions tailnet/tunnel.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,12 @@ func (s *tunnelStore) findTunnelPeers(id uuid.UUID) []uuid.UUID {
return out
}

func (s *tunnelStore) tunnelExists(src, dst uuid.UUID) bool {
_, srcOK := s.bySrc[src][dst]
_, dstOK := s.byDst[src][dst]
return srcOK || dstOK
}

func (s *tunnelStore) htmlDebug() []HTMLTunnel {
out := make([]HTMLTunnel, 0)
for src, dsts := range s.bySrc {
Expand Down
15 changes: 15 additions & 0 deletions tailnet/tunnel_internal_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,3 +43,18 @@ func TestTunnelStore_RemoveAll(t *testing.T) {
require.Len(t, uut.findTunnelPeers(p2), 0)
require.Len(t, uut.findTunnelPeers(p3), 0)
}

func TestTunnelStore_TunnelExists(t *testing.T) {
t.Parallel()
p1 := uuid.UUID{1}
p2 := uuid.UUID{2}
uut := newTunnelStore()
require.False(t, uut.tunnelExists(p1, p2))
require.False(t, uut.tunnelExists(p2, p1))
uut.add(p1, p2)
require.True(t, uut.tunnelExists(p1, p2))
require.True(t, uut.tunnelExists(p2, p1))
uut.remove(p1, p2)
require.False(t, uut.tunnelExists(p1, p2))
require.False(t, uut.tunnelExists(p2, p1))
}