NotificationsYou must be signed in to change notification settings
Fork909
Star10k

Commit172e523

authored

feat(agent): wire up agentssh server to allow exec into container (#16638)

Builds on top of#16623 and wires upthe ReconnectingPTY server. This does nothing to wire up the webterminal yet but the added test demonstrates the functionality working.Other changes:* Refactors and moves the `SystemEnvInfo` interface to the`agent/usershell` package to address follow-up from#16623 (comment)* Marks `usershellinfo.Get` as deprecated. Consumers should use the`EnvInfoer` interface instead.---------Co-authored-by: Mathias Fredriksson <mafredri@gmail.com>Co-authored-by: Danny Kopping <danny@coder.com>

1 parenta322339 commit172e523Copy full SHA for 172e523

File tree

15 files changed

+260

-82

lines changed

agent
- agent.go
- agent_test.go
- agentcontainers
  - containers_dockercli.go
  - containers_internal_test.go
- agentssh
  - agentssh.go
  - agentssh_test.go
- reconnectingpty
  - server.go
- usershell
cli
- agent.go
coderd/workspaceapps
- proxy.go
codersdk/workspacesdk
- agentconn.go
- workspacesdk.go

15 files changed

+260

-82

lines changed

`‎agent/agent.go`

Lines changed: 9 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -88,6 +88,8 @@ type Options struct {`
`88`	`88`	`BlockFileTransferbool`
`89`	`89`	`Execer agentexec.Execer`
`90`	`90`	`ContainerLister agentcontainers.Lister`
	`91`	`+`
	`92`	`+ExperimentalContainersEnabledbool`
`91`	`93`	`}`
`92`	`94`
`93`	`95`	`typeClientinterface {`
`@@ -188,6 +190,8 @@ func New(options Options) Agent {`
`188`	`190`	`metrics:newAgentMetrics(prometheusRegistry),`
`189`	`191`	`execer:options.Execer,`
`190`	`192`	`lister:options.ContainerLister,`
	`193`	`+`
	`194`	`+experimentalDevcontainersEnabled:options.ExperimentalContainersEnabled,`
`191`	`195`	`}`
`192`	`196`	`// Initially, we have a closed channel, reflecting the fact that we are not initially connected.`
`193`	`197`	`// Each time we connect we replace the channel (while holding the closeMutex) with a new one`
`@@ -258,6 +262,8 @@ type agent struct {`
`258`	`262`	`metrics*agentMetrics`
`259`	`263`	`execer agentexec.Execer`
`260`	`264`	`lister agentcontainers.Lister`
	`265`	`+`
	`266`	`+experimentalDevcontainersEnabledbool`
`261`	`267`	`}`
`262`	`268`
`263`	`269`	`func (aagent)TailnetConn()tailnet.Conn {`
`@@ -297,6 +303,9 @@ func (a *agent) init() {`
`297`	`303`	`a.sshServer,`
`298`	`304`	`a.metrics.connectionsTotal,a.metrics.reconnectingPTYErrors,`
`299`	`305`	`a.reconnectingPTYTimeout,`
	`306`	`+func(s*reconnectingpty.Server) {`
	`307`	`+s.ExperimentalContainersEnabled=a.experimentalDevcontainersEnabled`
	`308`	`+},`
`300`	`309`	`)`
`301`	`310`	`goa.runLoop()`
`302`	`311`	`}`

`‎agent/agent_test.go`

Lines changed: 75 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -25,24 +25,28 @@ import (`
`25`	`25`	`"testing"`
`26`	`26`	`"time"`
`27`	`27`
	`28`	`+"go.uber.org/goleak"`
	`29`	`+"tailscale.com/net/speedtest"`
	`30`	`+"tailscale.com/tailcfg"`
	`31`	`+`
`28`	`32`	`"github.com/bramvdbogaerde/go-scp"`
`29`	`33`	`"github.com/google/uuid"`
	`34`	`+"github.com/ory/dockertest/v3"`
	`35`	`+"github.com/ory/dockertest/v3/docker"`
`30`	`36`	`"github.com/pion/udp"`
`31`	`37`	`"github.com/pkg/sftp"`
`32`	`38`	`"github.com/prometheus/client_golang/prometheus"`
`33`	`39`	`promgo"github.com/prometheus/client_model/go"`
`34`	`40`	`"github.com/spf13/afero"`
`35`	`41`	`"github.com/stretchr/testify/assert"`
`36`	`42`	`"github.com/stretchr/testify/require"`
`37`		`-"go.uber.org/goleak"`
`38`	`43`	`"golang.org/x/crypto/ssh"`
`39`	`44`	`"golang.org/x/exp/slices"`
`40`	`45`	`"golang.org/x/xerrors"`
`41`		`-"tailscale.com/net/speedtest"`
`42`		`-"tailscale.com/tailcfg"`
`43`	`46`
`44`	`47`	`"cdr.dev/slog"`
`45`	`48`	`"cdr.dev/slog/sloggers/slogtest"`
	`49`	`+`
`46`	`50`	`"github.com/coder/coder/v2/agent"`
`47`	`51`	`"github.com/coder/coder/v2/agent/agentssh"`
`48`	`52`	`"github.com/coder/coder/v2/agent/agenttest"`
`@@ -1761,6 +1765,74 @@ func TestAgent_ReconnectingPTY(t *testing.T) {`
`1761`	`1765`	`}`
`1762`	`1766`	`}`
`1763`	`1767`
	`1768`	`+// This tests end-to-end functionality of connecting to a running container`
	`1769`	`+// and executing a command. It creates a real Docker container and runs a`
	`1770`	`+// command. As such, it does not run by default in CI.`
	`1771`	`+// You can run it manually as follows:`
	`1772`	`+//`
	`1773`	`+// CODER_TEST_USE_DOCKER=1 go test -count=1 ./agent -run TestAgent_ReconnectingPTYContainer`
	`1774`	`+funcTestAgent_ReconnectingPTYContainer(t*testing.T) {`
	`1775`	`+t.Parallel()`
	`1776`	`+ifos.Getenv("CODER_TEST_USE_DOCKER")!="1" {`
	`1777`	`+t.Skip("Set CODER_TEST_USE_DOCKER=1 to run this test")`
	`1778`	`+}`
	`1779`	`+`
	`1780`	`+ctx:=testutil.Context(t,testutil.WaitLong)`
	`1781`	`+`
	`1782`	`+pool,err:=dockertest.NewPool("")`
	`1783`	`+require.NoError(t,err,"Could not connect to docker")`
	`1784`	`+ct,err:=pool.RunWithOptions(&dockertest.RunOptions{`
	`1785`	`+Repository:"busybox",`
	`1786`	`+Tag:"latest",`
	`1787`	`+Cmd: []string{"sleep","infnity"},`
	`1788`	`+},func(config*docker.HostConfig) {`
	`1789`	`+config.AutoRemove=true`
	`1790`	`+config.RestartPolicy= docker.RestartPolicy{Name:"no"}`
	`1791`	`+})`
	`1792`	`+require.NoError(t,err,"Could not start container")`
	`1793`	`+t.Cleanup(func() {`
	`1794`	`+err:=pool.Purge(ct)`
	`1795`	`+require.NoError(t,err,"Could not stop container")`
	`1796`	`+})`
	`1797`	`+// Wait for container to start`
	`1798`	`+require.Eventually(t,func()bool {`
	`1799`	`+ct,ok:=pool.ContainerByName(ct.Container.Name)`
	`1800`	`+returnok&&ct.Container.State.Running`
	`1801`	`+},testutil.WaitShort,testutil.IntervalSlow,"Container did not start in time")`
	`1802`	`+`
	`1803`	`+// nolint: dogsled`
	`1804`	`+conn,_,_,_,_:=setupAgent(t, agentsdk.Manifest{},0,func(_agenttest.Client,oagent.Options) {`
	`1805`	`+o.ExperimentalContainersEnabled=true`
	`1806`	`+})`
	`1807`	`+ac,err:=conn.ReconnectingPTY(ctx,uuid.New(),80,80,"/bin/sh",func(arp*workspacesdk.AgentReconnectingPTYInit) {`
	`1808`	`+arp.Container=ct.Container.ID`
	`1809`	`+})`
	`1810`	`+require.NoError(t,err,"failed to create ReconnectingPTY")`
	`1811`	`+deferac.Close()`
	`1812`	`+tr:=testutil.NewTerminalReader(t,ac)`
	`1813`	`+`
	`1814`	`+require.NoError(t,tr.ReadUntil(ctx,func(linestring)bool {`
	`1815`	`+returnstrings.Contains(line,"#")\|\|strings.Contains(line,"$")`
	`1816`	`+}),"find prompt")`
	`1817`	`+`
	`1818`	`+require.NoError(t,json.NewEncoder(ac).Encode(workspacesdk.ReconnectingPTYRequest{`
	`1819`	`+Data:"hostname\r",`
	`1820`	`+}),"write hostname")`
	`1821`	`+require.NoError(t,tr.ReadUntil(ctx,func(linestring)bool {`
	`1822`	`+returnstrings.Contains(line,"hostname")`
	`1823`	`+}),"find hostname command")`
	`1824`	`+`
	`1825`	`+require.NoError(t,tr.ReadUntil(ctx,func(linestring)bool {`
	`1826`	`+returnstrings.Contains(line,ct.Container.Config.Hostname)`
	`1827`	`+}),"find hostname output")`
	`1828`	`+require.NoError(t,json.NewEncoder(ac).Encode(workspacesdk.ReconnectingPTYRequest{`
	`1829`	`+Data:"exit\r",`
	`1830`	`+}),"write exit command")`
	`1831`	`+`
	`1832`	`+// Wait for the connection to close.`
	`1833`	`+require.ErrorIs(t,tr.ReadUntil(ctx,nil),io.EOF)`
	`1834`	`+}`
	`1835`	`+`
`1764`	`1836`	`funcTestAgent_Dial(t*testing.T) {`
`1765`	`1837`	`t.Parallel()`
`1766`	`1838`

`‎agent/agentcontainers/containers_dockercli.go`

Lines changed: 4 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,7 +6,6 @@ import (`
`6`	`6`	`"context"`
`7`	`7`	`"encoding/json"`
`8`	`8`	`"fmt"`
`9`		`-"os"`
`10`	`9`	`"os/user"`
`11`	`10`	`"slices"`
`12`	`11`	`"sort"`
`@@ -15,6 +14,7 @@ import (`
`15`	`14`	`"time"`
`16`	`15`
`17`	`16`	`"github.com/coder/coder/v2/agent/agentexec"`
	`17`	`+"github.com/coder/coder/v2/agent/usershell"`
`18`	`18`	`"github.com/coder/coder/v2/codersdk"`
`19`	`19`
`20`	`20`	`"golang.org/x/exp/maps"`
`@@ -37,6 +37,7 @@ func NewDocker(execer agentexec.Execer) Lister {`
`37`	`37`	`// DockerEnvInfoer is an implementation of agentssh.EnvInfoer that returns`
`38`	`38`	`// information about a container.`
`39`	`39`	`typeDockerEnvInfoerstruct {`
	`40`	`+usershell.SystemEnvInfo`
`40`	`41`	`containerstring`
`41`	`42`	`user*user.User`
`42`	`43`	`userShellstring`
`@@ -122,26 +123,13 @@ func EnvInfo(ctx context.Context, execer agentexec.Execer, container, containerU`
`122`	`123`	`return&dei,nil`
`123`	`124`	`}`
`124`	`125`
`125`		`-func (deiDockerEnvInfoer)CurrentUser() (user.User,error) {`
	`126`	`+func (deiDockerEnvInfoer)User() (user.User,error) {`
`126`	`127`	`// Clone the user so that the caller can't modify it`
`127`	`128`	`u:=*dei.user`
`128`	`129`	`return&u,nil`
`129`	`130`	`}`
`130`	`131`
`131`		`-func (*DockerEnvInfoer)Environ() []string {`
`132`		`-// Return a clone of the environment so that the caller can't modify it`
`133`		`-returnos.Environ()`
`134`		`-}`
`135`		`-`
`136`		`-func (*DockerEnvInfoer)UserHomeDir() (string,error) {`
`137`		`-// We default the working directory of the command to the user's home`
`138`		`-// directory. Since this came from inside the container, we cannot guarantee`
`139`		`-// that this exists on the host. Return the "real" home directory of the user`
`140`		`-// instead.`
`141`		`-returnos.UserHomeDir()`
`142`		`-}`
`143`		`-`
`144`		`-func (dei*DockerEnvInfoer)UserShell(string) (string,error) {`
	`132`	`+func (dei*DockerEnvInfoer)Shell(string) (string,error) {`
`145`	`133`	`returndei.userShell,nil`
`146`	`134`	`}`
`147`	`135`

`‎agent/agentcontainers/containers_internal_test.go`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -502,15 +502,15 @@ func TestDockerEnvInfoer(t *testing.T) {`
`502`	`502`	`dei,err:=EnvInfo(ctx,agentexec.DefaultExecer,ct.Container.ID,tt.containerUser)`
`503`	`503`	`require.NoError(t,err,"Expected no error from DockerEnvInfo()")`
`504`	`504`
`505`		`-u,err:=dei.CurrentUser()`
	`505`	`+u,err:=dei.User()`
`506`	`506`	`require.NoError(t,err,"Expected no error from CurrentUser()")`
`507`	`507`	`require.Equal(t,tt.expectedUsername,u.Username,"Expected username to match")`
`508`	`508`
`509`		`-hd,err:=dei.UserHomeDir()`
	`509`	`+hd,err:=dei.HomeDir()`
`510`	`510`	`require.NoError(t,err,"Expected no error from UserHomeDir()")`
`511`	`511`	`require.NotEmpty(t,hd,"Expected user homedir to be non-empty")`
`512`	`512`
`513`		`-sh,err:=dei.UserShell(tt.containerUser)`
	`513`	`+sh,err:=dei.Shell(tt.containerUser)`
`514`	`514`	`require.NoError(t,err,"Expected no error from UserShell()")`
`515`	`515`	`require.Equal(t,tt.expectedUserShell,sh,"Expected user shell to match")`
`516`	`516`

`‎agent/agentssh/agentssh.go`

Lines changed: 19 additions & 47 deletions

Original file line number	Diff line number	Diff line change
`@@ -698,63 +698,24 @@ func (s *Server) sftpHandler(logger slog.Logger, session ssh.Session) {`
`698`	`698`	`_=session.Exit(1)`
`699`	`699`	`}`
`700`	`700`
`701`		`-// EnvInfoer encapsulates external information required by CreateCommand.`
`702`		`-typeEnvInfoerinterface {`
`703`		`-// CurrentUser returns the current user.`
`704`		`-CurrentUser() (*user.User,error)`
`705`		`-// Environ returns the environment variables of the current process.`
`706`		`-Environ() []string`
`707`		`-// UserHomeDir returns the home directory of the current user.`
`708`		`-UserHomeDir() (string,error)`
`709`		`-// UserShell returns the shell of the given user.`
`710`		`-UserShell(usernamestring) (string,error)`
`711`		`-}`
`712`		`-`
`713`		`-typesystemEnvInfoerstruct{}`
`714`		`-`
`715`		`-vardefaultEnvInfoerEnvInfoer=&systemEnvInfoer{}`
`716`		`-`
`717`		`-// DefaultEnvInfoer returns a default implementation of`
`718`		`-// EnvInfoer. This reads information using the default Go`
`719`		`-// implementations.`
`720`		`-funcDefaultEnvInfoer()EnvInfoer {`
`721`		`-returndefaultEnvInfoer`
`722`		`-}`
`723`		`-`
`724`		`-func (systemEnvInfoer)CurrentUser() (*user.User,error) {`
`725`		`-returnuser.Current()`
`726`		`-}`
`727`		`-`
`728`		`-func (systemEnvInfoer)Environ() []string {`
`729`		`-returnos.Environ()`
`730`		`-}`
`731`		`-`
`732`		`-func (systemEnvInfoer)UserHomeDir() (string,error) {`
`733`		`-returnuserHomeDir()`
`734`		`-}`
`735`		`-`
`736`		`-func (systemEnvInfoer)UserShell(usernamestring) (string,error) {`
`737`		`-returnusershell.Get(username)`
`738`		`-}`
`739`		`-`
`740`	`701`	`// CreateCommand processes raw command input with OpenSSH-like behavior.`
`741`	`702`	`// If the script provided is empty, it will default to the users shell.`
`742`	`703`	`// This injects environment variables specified by the user at launch too.`
`743`	`704`	`// The final argument is an interface that allows the caller to provide`
`744`	`705`	`// alternative implementations for the dependencies of CreateCommand.`
`745`	`706`	`// This is useful when creating a command to be run in a separate environment`
`746`	`707`	`// (for example, a Docker container). Pass in nil to use the default.`
`747`		`-func (sServer)CreateCommand(ctx context.Context,scriptstring,env []string,depsEnvInfoer) (pty.Cmd,error) {`
`748`		`-ifdeps==nil {`
`749`		`-deps=DefaultEnvInfoer()`
	`708`	`+func (sServer)CreateCommand(ctx context.Context,scriptstring,env []string,ei usershell.EnvInfoer) (pty.Cmd,error) {`
	`709`	`+ifei==nil {`
	`710`	`+ei=&usershell.SystemEnvInfo{}`
`750`	`711`	`}`
`751`		`-currentUser,err:=deps.CurrentUser()`
	`712`	`+currentUser,err:=ei.User()`
`752`	`713`	`iferr!=nil {`
`753`	`714`	`returnnil,xerrors.Errorf("get current user: %w",err)`
`754`	`715`	`}`
`755`	`716`	`username:=currentUser.Username`
`756`	`717`
`757`		`-shell,err:=deps.UserShell(username)`
	`718`	`+shell,err:=ei.Shell(username)`
`758`	`719`	`iferr!=nil {`
`759`	`720`	`returnnil,xerrors.Errorf("get user shell: %w",err)`
`760`	`721`	`}`
`@@ -802,21 +763,32 @@ func (s *Server) CreateCommand(ctx context.Context, script string, env []string,`
`802`	`763`	`}`
`803`	`764`	`}`
`804`	`765`
`805`		`-cmd:=s.Execer.PTYCommandContext(ctx,name,args...)`
	`766`	`+// Modify command prior to execution. This will usually be a no-op, but not`
	`767`	`+// always. For example, to run a command in a Docker container, we need to`
	`768`	+// modify the command to be `docker exec -it <container> <command>`.
	`769`	`+modifiedName,modifiedArgs:=ei.ModifyCommand(name,args...)`
	`770`	`+// Log if the command was modified.`
	`771`	`+ifmodifiedName!=name&&slices.Compare(modifiedArgs,args)!=0 {`
	`772`	`+s.logger.Debug(ctx,"modified command",`
	`773`	`+slog.F("before",append([]string{name},args...)),`
	`774`	`+slog.F("after",append([]string{modifiedName},modifiedArgs...)),`
	`775`	`+)`
	`776`	`+}`
	`777`	`+cmd:=s.Execer.PTYCommandContext(ctx,modifiedName,modifiedArgs...)`
`806`	`778`	`cmd.Dir=s.config.WorkingDirectory()`
`807`	`779`
`808`	`780`	`// If the metadata directory doesn't exist, we run the command`
`809`	`781`	`// in the users home directory.`
`810`	`782`	`_,err=os.Stat(cmd.Dir)`
`811`	`783`	`ifcmd.Dir==""\|\|err!=nil {`
`812`	`784`	`// Default to user home if a directory is not set.`
`813`		`-homedir,err:=deps.UserHomeDir()`
	`785`	`+homedir,err:=ei.HomeDir()`
`814`	`786`	`iferr!=nil {`
`815`	`787`	`returnnil,xerrors.Errorf("get home dir: %w",err)`
`816`	`788`	`}`
`817`	`789`	`cmd.Dir=homedir`
`818`	`790`	`}`
`819`		`-cmd.Env=append(deps.Environ(),env...)`
	`791`	`+cmd.Env=append(ei.Environ(),env...)`
`820`	`792`	`cmd.Env=append(cmd.Env,fmt.Sprintf("USER=%s",username))`
`821`	`793`
`822`	`794`	`// Set SSH connection environment variables (these are also set by OpenSSH`

`‎agent/agentssh/agentssh_test.go`

Lines changed: 7 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -124,22 +124,26 @@ type fakeEnvInfoer struct {`
`124`	`124`	`UserShellFnfunc(string) (string,error)`
`125`	`125`	`}`
`126`	`126`
`127`		`-func (ffakeEnvInfoer)CurrentUser() (uuser.User,errerror) {`
	`127`	`+func (ffakeEnvInfoer)User() (uuser.User,errerror) {`
`128`	`128`	`returnf.CurrentUserFn()`
`129`	`129`	`}`
`130`	`130`
`131`	`131`	`func (f*fakeEnvInfoer)Environ() []string {`
`132`	`132`	`returnf.EnvironFn()`
`133`	`133`	`}`
`134`	`134`
`135`		`-func (f*fakeEnvInfoer)UserHomeDir() (string,error) {`
	`135`	`+func (f*fakeEnvInfoer)HomeDir() (string,error) {`
`136`	`136`	`returnf.UserHomeDirFn()`
`137`	`137`	`}`
`138`	`138`
`139`		`-func (f*fakeEnvInfoer)UserShell(ustring) (string,error) {`
	`139`	`+func (f*fakeEnvInfoer)Shell(ustring) (string,error) {`
`140`	`140`	`returnf.UserShellFn(u)`
`141`	`141`	`}`
`142`	`142`
	`143`	`+func (*fakeEnvInfoer)ModifyCommand(cmdstring,args...string) (string, []string) {`
	`144`	`+returncmd,args`
	`145`	`+}`
	`146`	`+`
`143`	`147`	`funcTestNewServer_CloseActiveConnections(t*testing.T) {`
`144`	`148`	`t.Parallel()`
`145`	`149`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit172e523

File tree

15 files changed

15 files changed

`‎agent/agent.go`

`‎agent/agent_test.go`

`‎agent/agentcontainers/containers_dockercli.go`

`‎agent/agentcontainers/containers_internal_test.go`

`‎agent/agentssh/agentssh.go`

`‎agent/agentssh/agentssh_test.go`

0 commit comments