NotificationsYou must be signed in to change notification settings
Fork1k
Star11.1k

Commit1354d84

authored

chore: refactor instance identity to be a SessionTokenProvider (#19566)

Refactors Agent instance identity to be a SessionTokenProvider.Refactors the CLI to create Agent clients via a centralized function, rather than add-hoc via individual command handlers and their flags.This allows commands besides `coder agent`, but which still use the agent identity, to support instance identity authentication.Fixes#19111 by unifying all API requests to go thru the SessionTokenProvider for auth credentials.

1 parentee35ad3 commit1354d84Copy full SHA for 1354d84

File tree

35 files changed

+632

-470

lines changed

agent
- agent.go
- agent_test.go
- agenttest
  - agent.go
  - client.go
cli
coderd
- externalauth_test.go
- gitsshkey_test.go
- insights_test.go
- prometheusmetrics
  - insights
    - metricscollector_test.go
  - prometheusmetrics_test.go
- workspaceagents_test.go
- workspaceagentsrpc_test.go
- workspaceapps/apptest
  - setup.go
- workspaceresourceauth_test.go
codersdk
- agentsdk
- toolsdk
  - toolsdk_test.go
docs/reference/cli
- external-auth_access-token.md
enterprise/coderd
scaletest
- createworkspaces
  - run_test.go
- workspacebuild
  - run_test.go

35 files changed

+632

-470

lines changed

`‎agent/agent.go‎`

Lines changed: 4 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,6 @@ type Options struct {`
`74`	`74`	`LogDirstring`
`75`	`75`	`TempDirstring`
`76`	`76`	`ScriptDataDirstring`
`77`		`-ExchangeTokenfunc(ctx context.Context) (string,error)`
`78`	`77`	`ClientClient`
`79`	`78`	`ReconnectingPTYTimeout time.Duration`
`80`	`79`	`EnvironmentVariablesmap[string]string`
`@@ -99,6 +98,7 @@ type Client interface {`
`99`	`98`	`proto.DRPCAgentClient26, tailnetproto.DRPCTailnetClient26,error,`
`100`	`99`	`)`
`101`	`100`	`tailnet.DERPMapRewriter`
	`101`	`+agentsdk.RefreshableSessionTokenProvider`
`102`	`102`	`}`
`103`	`103`
`104`	`104`	`typeAgentinterface {`
`@@ -131,11 +131,6 @@ func New(options Options) Agent {`
`131`	`131`	`}`
`132`	`132`	`options.ScriptDataDir=options.TempDir`
`133`	`133`	`}`
`134`		`-ifoptions.ExchangeToken==nil {`
`135`		`-options.ExchangeToken=func(_ context.Context) (string,error) {`
`136`		`-return"",nil`
`137`		`-}`
`138`		`-}`
`139`	`134`	`ifoptions.ReportMetadataInterval==0 {`
`140`	`135`	`options.ReportMetadataInterval=time.Second`
`141`	`136`	`}`
`@@ -172,7 +167,6 @@ func New(options Options) Agent {`
`172`	`167`	`coordDisconnected:make(chanstruct{}),`
`173`	`168`	`environmentVariables:options.EnvironmentVariables,`
`174`	`169`	`client:options.Client,`
`175`		`-exchangeToken:options.ExchangeToken,`
`176`	`170`	`filesystem:options.Filesystem,`
`177`	`171`	`logDir:options.LogDir,`
`178`	`172`	`tempDir:options.TempDir,`
`@@ -203,7 +197,6 @@ func New(options Options) Agent {`
`203`	`197`	`// coordinator during shut down.`
`204`	`198`	`close(a.coordDisconnected)`
`205`	`199`	`a.announcementBanners.Store(new([]codersdk.BannerConfig))`
`206`		`-a.sessionToken.Store(new(string))`
`207`	`200`	`a.init()`
`208`	`201`	`returna`
`209`	`202`	`}`
`@@ -212,7 +205,6 @@ type agent struct {`
`212`	`205`	`clock quartz.Clock`
`213`	`206`	`logger slog.Logger`
`214`	`207`	`clientClient`
`215`		`-exchangeTokenfunc(ctx context.Context) (string,error)`
`216`	`208`	`tailnetListenPortuint16`
`217`	`209`	`filesystem afero.Fs`
`218`	`210`	`logDirstring`
`@@ -254,7 +246,6 @@ type agent struct {`
`254`	`246`	`scriptRunner*agentscripts.Runner`
`255`	`247`	`announcementBanners atomic.Pointer[[]codersdk.BannerConfig]// announcementBanners is atomic because it is periodically updated.`
`256`	`248`	`announcementBannersRefreshInterval time.Duration`
`257`		`-sessionToken atomic.Pointer[string]`
`258`	`249`	`sshServer*agentssh.Server`
`259`	`250`	`sshMaxTimeout time.Duration`
`260`	`251`	`blockFileTransferbool`
`@@ -916,11 +907,10 @@ func (a *agent) run() (retErr error) {`
`916`	`907`	`// This allows the agent to refresh its token if necessary.`
`917`	`908`	`// For instance identity this is required, since the instance`
`918`	`909`	`// may not have re-provisioned, but a new agent ID was created.`
`919`		`-sessionToken,err:=a.exchangeToken(a.hardCtx)`
	`910`	`+err:=a.client.RefreshToken(a.hardCtx)`
`920`	`911`	`iferr!=nil {`
`921`		`-returnxerrors.Errorf("exchange token: %w",err)`
	`912`	`+returnxerrors.Errorf("refresh token: %w",err)`
`922`	`913`	`}`
`923`		`-a.sessionToken.Store(&sessionToken)`
`924`	`914`
`925`	`915`	`// ConnectRPC returns the dRPC connection we use for the Agent and Tailnet v2+ APIs`
`926`	`916`	`aAPI,tAPI,err:=a.client.ConnectRPC26(a.hardCtx)`
`@@ -1359,7 +1349,7 @@ func (a *agent) updateCommandEnv(current []string) (updated []string, err error)`
`1359`	`1349`	`"CODER_WORKSPACE_OWNER_NAME":manifest.OwnerName,`
`1360`	`1350`
`1361`	`1351`	`// Specific Coder subcommands require the agent token exposed!`
`1362`		`-"CODER_AGENT_TOKEN":*a.sessionToken.Load(),`
	`1352`	`+"CODER_AGENT_TOKEN":a.client.GetSessionToken(),`
`1363`	`1353`
`1364`	`1354`	`// Git on Windows resolves with UNIX-style paths.`
`1365`	`1355`	`// If using backslashes, it's unable to find the executable.`

`‎agent/agent_test.go‎`

Lines changed: 12 additions & 22 deletions

Original file line number	Diff line number	Diff line change
`@@ -22,7 +22,6 @@ import (`
`22`	`22`	`"slices"`
`23`	`23`	`"strconv"`
`24`	`24`	`"strings"`
`25`		`-"sync/atomic"`
`26`	`25`	`"testing"`
`27`	`26`	`"time"`
`28`	`27`
`@@ -2926,11 +2925,11 @@ func TestAgent_Speedtest(t *testing.T) {`
`2926`	`2925`
`2927`	`2926`	`funcTestAgent_Reconnect(t*testing.T) {`
`2928`	`2927`	`t.Parallel()`
	`2928`	`+ctx:=testutil.Context(t,testutil.WaitShort)`
`2929`	`2929`	`logger:=testutil.Logger(t)`
`2930`	`2930`	`// After the agent is disconnected from a coordinator, it's supposed`
`2931`	`2931`	`// to reconnect!`
`2932`		`-coordinator:=tailnet.NewCoordinator(logger)`
`2933`		`-defercoordinator.Close()`
	`2932`	`+fCoordinator:=tailnettest.NewFakeCoordinator()`
`2934`	`2933`
`2935`	`2934`	`agentID:=uuid.New()`
`2936`	`2935`	`statsCh:=make(chan*proto.Stats,50)`
`@@ -2942,27 +2941,24 @@ func TestAgent_Reconnect(t *testing.T) {`
`2942`	`2941`	`DERPMap:derpMap,`
`2943`	`2942`	`},`
`2944`	`2943`	`statsCh,`
`2945`		`-coordinator,`
	`2944`	`+fCoordinator,`
`2946`	`2945`	`)`
`2947`	`2946`	`deferclient.Close()`
`2948`		`-initialized:= atomic.Int32{}`
	`2947`	`+`
`2949`	`2948`	`closer:=agent.New(agent.Options{`
`2950`		`-ExchangeToken:func(ctx context.Context) (string,error) {`
`2951`		`-initialized.Add(1)`
`2952`		`-return"",nil`
`2953`		`-},`
`2954`	`2949`	`Client:client,`
`2955`	`2950`	`Logger:logger.Named("agent"),`
`2956`	`2951`	`})`
`2957`	`2952`	`defercloser.Close()`
`2958`	`2953`
`2959`		`-require.Eventually(t,func()bool {`
`2960`		`-returncoordinator.Node(agentID)!=nil`
`2961`		`-},testutil.WaitShort,testutil.IntervalFast)`
`2962`		`-client.LastWorkspaceAgent()`
`2963`		`-require.Eventually(t,func()bool {`
`2964`		`-returninitialized.Load()==2`
`2965`		`-},testutil.WaitShort,testutil.IntervalFast)`
	`2954`	`+call1:=testutil.RequireReceive(ctx,t,fCoordinator.CoordinateCalls)`
	`2955`	`+require.Equal(t,client.GetNumRefreshTokenCalls(),1)`
	`2956`	`+close(call1.Resps)// hang up`
	`2957`	`+// expect reconnect`
	`2958`	`+testutil.RequireReceive(ctx,t,fCoordinator.CoordinateCalls)`
	`2959`	`+// Check that the agent refreshes the token when it reconnects.`
	`2960`	`+require.Equal(t,client.GetNumRefreshTokenCalls(),2)`
	`2961`	`+closer.Close()`
`2966`	`2962`	`}`
`2967`	`2963`
`2968`	`2964`	`funcTestAgent_WriteVSCodeConfigs(t*testing.T) {`
`@@ -2984,9 +2980,6 @@ func TestAgent_WriteVSCodeConfigs(t *testing.T) {`
`2984`	`2980`	`deferclient.Close()`
`2985`	`2981`	`filesystem:=afero.NewMemMapFs()`
`2986`	`2982`	`closer:=agent.New(agent.Options{`
`2987`		`-ExchangeToken:func(ctx context.Context) (string,error) {`
`2988`		`-return"",nil`
`2989`		`-},`
`2990`	`2983`	`Client:client,`
`2991`	`2984`	`Logger:logger.Named("agent"),`
`2992`	`2985`	`Filesystem:filesystem,`
`@@ -3015,9 +3008,6 @@ func TestAgent_DebugServer(t *testing.T) {`
`3015`	`3008`	`conn,_,_,_,agnt:=setupAgent(t, agentsdk.Manifest{`
`3016`	`3009`	`DERPMap:derpMap,`
`3017`	`3010`	`},0,func(cagenttest.Client,oagent.Options) {`
`3018`		`-o.ExchangeToken=func(context.Context) (string,error) {`
`3019`		`-return"token",nil`
`3020`		`-}`
`3021`	`3011`	`o.LogDir=logDir`
`3022`	`3012`	`})`
`3023`	`3013`

`‎agent/agenttest/agent.go‎`

Lines changed: 1 addition & 9 deletions

Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,6 @@`
`1`	`1`	`package agenttest`
`2`	`2`
`3`	`3`	`import (`
`4`		`-"context"`
`5`	`4`	`"net/url"`
`6`	`5`	`"testing"`
`7`	`6`
`@@ -31,18 +30,11 @@ func New(t testing.TB, coderURL url.URL, agentToken string, opts ...func(agent`
`31`	`30`	`}`
`32`	`31`
`33`	`32`	`ifo.Client==nil {`
`34`		`-agentClient:=agentsdk.New(coderURL)`
`35`		`-agentClient.SetSessionToken(agentToken)`
	`33`	`+agentClient:=agentsdk.New(coderURL,agentsdk.WithFixedToken(agentToken))`
`36`	`34`	`agentClient.SDK.SetLogger(log)`
`37`	`35`	`o.Client=agentClient`
`38`	`36`	`}`
`39`	`37`
`40`		`-ifo.ExchangeToken==nil {`
`41`		`-o.ExchangeToken=func(_ context.Context) (string,error) {`
`42`		`-returnagentToken,nil`
`43`		`-}`
`44`		`-}`
`45`		`-`
`46`	`38`	`ifo.LogDir=="" {`
`47`	`39`	`o.LogDir=t.TempDir()`
`48`	`40`	`}`

`‎agent/agenttest/client.go‎`

Lines changed: 30 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@ package agenttest`
`3`	`3`	`import (`
`4`	`4`	`"context"`
`5`	`5`	`"io"`
	`6`	`+"net/http"`
`6`	`7`	`"slices"`
`7`	`8`	`"sync"`
`8`	`9`	`"sync/atomic"`
`@@ -28,6 +29,7 @@ import (`
`28`	`29`	`"github.com/coder/coder/v2/tailnet"`
`29`	`30`	`"github.com/coder/coder/v2/tailnet/proto"`
`30`	`31`	`"github.com/coder/coder/v2/testutil"`
	`32`	`+"github.com/coder/websocket"`
`31`	`33`	`)`
`32`	`34`
`33`	`35`	`conststatsInterval=500*time.Millisecond`
`@@ -86,10 +88,34 @@ type Client struct {`
`86`	`88`	`fakeAgentAPI*FakeAgentAPI`
`87`	`89`	`LastWorkspaceAgentfunc()`
`88`	`90`
`89`		`-mu sync.Mutex// Protects following.`
`90`		`-logs []agentsdk.Log`
`91`		`-derpMapUpdateschan*tailcfg.DERPMap`
`92`		`-derpMapOnce sync.Once`
	`91`	`+mu sync.Mutex// Protects following.`
	`92`	`+logs []agentsdk.Log`
	`93`	`+derpMapUpdateschan*tailcfg.DERPMap`
	`94`	`+derpMapOnce sync.Once`
	`95`	`+refreshTokenCallsint`
	`96`	`+}`
	`97`	`+`
	`98`	`+func (*Client)AsRequestOption() codersdk.RequestOption {`
	`99`	`+returnfunc(_*http.Request) {}`
	`100`	`+}`
	`101`	`+`
	`102`	`+func (Client)SetDialOption(websocket.DialOptions) {}`
	`103`	`+`
	`104`	`+func (*Client)GetSessionToken()string {`
	`105`	`+return"agenttest-token"`
	`106`	`+}`
	`107`	`+`
	`108`	`+func (c*Client)RefreshToken(context.Context)error {`
	`109`	`+c.mu.Lock()`
	`110`	`+deferc.mu.Unlock()`
	`111`	`+c.refreshTokenCalls++`
	`112`	`+returnnil`
	`113`	`+}`
	`114`	`+`
	`115`	`+func (c*Client)GetNumRefreshTokenCalls()int {`
	`116`	`+c.mu.Lock()`
	`117`	`+deferc.mu.Unlock()`
	`118`	`+returnc.refreshTokenCalls`
`93`	`119`	`}`
`94`	`120`
`95`	`121`	`func (Client)RewriteDERPMap(tailcfg.DERPMap) {}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit1354d84

File tree

35 files changed

35 files changed

`‎agent/agent.go‎`

`‎agent/agent_test.go‎`

`‎agent/agenttest/agent.go‎`

`‎agent/agenttest/client.go‎`

0 commit comments