Skip to content

feat: add flag to disable all direct connections instance-wide #7936

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
Jun 21, 2023
Merged

feat: add flag to disable all direct connections instance-wide #7936

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
4657899
feat: add flag to disable all direct connections
deansheather Jun 9, 2023
f17bee7
block coderd -> workspace direct too
deansheather Jun 9, 2023
76e2200
z
deansheather Jun 10, 2023
43f12cd
fixup! z
deansheather Jun 10, 2023
c444a41
Merge branch 'main' into dean/disable-direct
deansheather Jun 10, 2023
aa3cdda
fixup! Merge branch 'main' into dean/disable-direct
deansheather Jun 10, 2023
e4da9fc
Merge branch 'main' into dean/disable-direct
deansheather Jun 13, 2023
bd107bc
rename flag and fields
deansheather Jun 21, 2023
9e7c5e1
fixup! rename flag and fields
deansheather Jun 21, 2023
f70642b
Merge branch 'main' into dean/disable-direct
deansheather Jun 21, 2023
92fdc5e
fixup! Merge branch 'main' into dean/disable-direct
deansheather Jun 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fixup! rename flag and fields
  • Loading branch information
@deansheather
deansheather committed Jun 21, 2023
commit 9e7c5e17ca297bc05bc45cd891494056a4953b5e
14 changes: 7 additions & 7 deletions coderd/apidoc/docs.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

14 changes: 7 additions & 7 deletions coderd/apidoc/swagger.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

6 changes: 3 additions & 3 deletions docs/api/agents.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,6 @@ curl -X GET http://coder-server:8080/api/v2/workspaceagents/me/manifest \

```json
{
"allow_direct_connections": true,
"apps": [
{
"command": "string",
Expand Down Expand Up @@ -364,6 +363,7 @@ curl -X GET http://coder-server:8080/api/v2/workspaceagents/me/manifest \
}
},
"directory": "string",
"disable_direct_connections": true,
"environment_variables": {
"property1": "string",
"property2": "string"
Expand Down Expand Up @@ -516,7 +516,6 @@ curl -X GET http://coder-server:8080/api/v2/workspaceagents/{workspaceagent}/con

```json
{
"allow_direct_connections": true,
"derp_map": {
"omitDefaultRegions": true,
"regions": {
Expand Down Expand Up @@ -567,7 +566,8 @@ curl -X GET http://coder-server:8080/api/v2/workspaceagents/{workspaceagent}/con
"regionName": "string"
}
}
}
},
"disable_direct_connections": true
}
```

Expand Down
2 changes: 1 addition & 1 deletion docs/api/general.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ curl -X GET http://coder-server:8080/api/v2/deployment/config \
},
"derp": {
"config": {
"disable_direct": true,
"block_direct": true,
"path": "string",
"url": "string"
},
Expand Down
64 changes: 32 additions & 32 deletions docs/api/schemas.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -161,7 +161,6 @@

```json
{
"allow_direct_connections": true,
"apps": [
{
"command": "string",
Expand Down Expand Up @@ -233,6 +232,7 @@
}
},
"directory": "string",
"disable_direct_connections": true,
"environment_variables": {
"property1": "string",
"property2": "string"
Expand All @@ -258,22 +258,22 @@

### Properties

| Name | Type | Required | Restrictions | Description |
| -------------------------- | ------------------------------------------------------------------------------------------------- | -------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `allow_direct_connections` | boolean | false | | |
| `apps` | array of [codersdk.WorkspaceApp](#codersdkworkspaceapp) | false | | |
| `derpmap` | [tailcfg.DERPMap](#tailcfgderpmap) | false | | |
| `directory` | string | false | | |
| `environment_variables` | object | false | | |
| » `[any property]` | string | false | | |
| `git_auth_configs` | integer | false | | Git auth configs stores the number of Git configurations the Coder deployment has. If this number is >0, we set up special configuration in the workspace. |
| `metadata` | array of [codersdk.WorkspaceAgentMetadataDescription](#codersdkworkspaceagentmetadatadescription) | false | | |
| `motd_file` | string | false | | |
| `shutdown_script` | string | false | | |
| `shutdown_script_timeout` | integer | false | | |
| `startup_script` | string | false | | |
| `startup_script_timeout` | integer | false | | |
| `vscode_port_proxy_uri` | string | false | | |
| Name | Type | Required | Restrictions | Description |
| ---------------------------- | ------------------------------------------------------------------------------------------------- | -------- | ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `apps` | array of [codersdk.WorkspaceApp](#codersdkworkspaceapp) | false | | |
| `derpmap` | [tailcfg.DERPMap](#tailcfgderpmap) | false | | |
| `directory` | string | false | | |
| `disable_direct_connections` | boolean | false | | |
| `environment_variables` | object | false | | |
| » `[any property]` | string | false | | |
| `git_auth_configs` | integer | false | | Git auth configs stores the number of Git configurations the Coder deployment has. If this number is >0, we set up special configuration in the workspace. |
| `metadata` | array of [codersdk.WorkspaceAgentMetadataDescription](#codersdkworkspaceagentmetadatadescription) | false | | |
| `motd_file` | string | false | | |
| `shutdown_script` | string | false | | |
| `shutdown_script_timeout` | integer | false | | |
| `startup_script` | string | false | | |
| `startup_script_timeout` | integer | false | | |
| `vscode_port_proxy_uri` | string | false | | |

## agentsdk.PatchStartupLogs

Expand Down Expand Up @@ -1663,7 +1663,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in
```json
{
"config": {
"disable_direct": true,
"block_direct": true,
"path": "string",
"url": "string"
},
Expand Down Expand Up @@ -1701,19 +1701,19 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in

```json
{
"disable_direct": true,
"block_direct": true,
"path": "string",
"url": "string"
}
```

### Properties

| Name | Type | Required | Restrictions | Description |
| ---------------- | ------- | -------- | ------------ | ----------- |
| `disable_direct` | boolean | false | | |
| `path` | string | false | | |
| `url` | string | false | | |
| Name | Type | Required | Restrictions | Description |
| -------------- | ------- | -------- | ------------ | ----------- |
| `block_direct` | boolean | false | | |
| `path` | string | false | | |
| `url` | string | false | | |

## codersdk.DERPRegion

Expand Down Expand Up @@ -1836,7 +1836,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in
},
"derp": {
"config": {
"disable_direct": true,
"block_direct": true,
"path": "string",
"url": "string"
},
Expand Down Expand Up @@ -2164,7 +2164,7 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in
},
"derp": {
"config": {
"disable_direct": true,
"block_direct": true,
"path": "string",
"url": "string"
},
Expand Down Expand Up @@ -4692,7 +4692,6 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in

```json
{
"allow_direct_connections": true,
"derp_map": {
"omitDefaultRegions": true,
"regions": {
Expand Down Expand Up @@ -4743,16 +4742,17 @@ AuthorizationObject can represent a "set" of objects, such as: all workspaces in
"regionName": "string"
}
}
}
},
"disable_direct_connections": true
}
```

### Properties

| Name | Type | Required | Restrictions | Description |
| -------------------------- | ---------------------------------- | -------- | ------------ | ----------- |
| `allow_direct_connections` | boolean | false | | |
| `derp_map` | [tailcfg.DERPMap](#tailcfgderpmap) | false | | |
| Name | Type | Required | Restrictions | Description |
| ---------------------------- | ---------------------------------- | -------- | ------------ | ----------- |
| `derp_map` | [tailcfg.DERPMap](#tailcfgderpmap) | false | | |
| `disable_direct_connections` | boolean | false | | |

## codersdk.WorkspaceAgentLifecycle

Expand Down
20 changes: 10 additions & 10 deletions docs/cli/server.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,16 @@ coder server [flags]

The URL that users will use to access the Coder deployment.

### --block-direct-connections

| | |
| ----------- | ---------------------------------------- |
| Type | <code>bool</code> |
| Environment | <code>$CODER_BLOCK_DIRECT</code> |
| YAML | <code>networking.derp.blockDirect</code> |

Block peer-to-peer (aka. direct) workspace connections. All workspace connections from the CLI will be proxied through Coder (or custom configured DERP servers) and will never be peer-to-peer when enabled. Workspaces may still reach out to STUN servers to get their address until they are restarted after this change has been made, but new connections will still be proxied regardless.

### --browser-only

| | |
Expand Down Expand Up @@ -173,16 +183,6 @@ An HTTP URL that is accessible by other replicas to relay DERP traffic. Required

Addresses for STUN servers to establish P2P connections. Use special value 'disable' to turn off STUN.

### --disable-direct

| | |
| ----------- | ------------------------------------------ |
| Type | <code>bool</code> |
| Environment | <code>$CODER_DISABLE_DIRECT</code> |
| YAML | <code>networking.derp.disableDirect</code> |

Disable peer-to-peer (aka. direct) workspace connections. All workspace connections from the CLI will be proxied through Coder (or custom configured DERP servers) and will never be peer-to-peer when enabled. Workspaces may still reach out to STUN servers to get their address until they are restarted after this change has been made, but new connections will still be proxied regardless.

### --disable-owner-workspace-access

| | |
Expand Down
2 changes: 1 addition & 1 deletion site/src/api/typesGenerated.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -278,7 +278,7 @@ export interface DERP {

// From codersdk/deployment.go
export interface DERPConfig {
readonly disable_direct: boolean
readonly block_direct: boolean
readonly url: string
readonly path: string
}
Expand Down