NotificationsYou must be signed in to change notification settings
Fork1.1k
Star11.6k

Commit1a3816c

committed

feat: set DNS hostnames in workspace updates controller

1 parentbebc38e commit1a3816cCopy full SHA for 1a3816c

File tree

5 files changed

+199

-91

lines changed

tailnet

5 files changed

+199

-91

lines changed

`‎tailnet/configmaps.go‎`

Lines changed: 0 additions & 20 deletions

Original file line number	Diff line number	Diff line change
`@@ -277,16 +277,6 @@ func (c *configMaps) setAddresses(ips []netip.Prefix) {`
`277`	`277`	`c.Broadcast()`
`278`	`278`	`}`
`279`	`279`
`280`		`-func (c*configMaps)addHosts(hostsmap[dnsname.FQDN][]netip.Addr) {`
`281`		`-c.L.Lock()`
`282`		`-deferc.L.Unlock()`
`283`		`-forname,addrs:=rangehosts {`
`284`		`-c.hosts[name]=slices.Clone(addrs)`
`285`		`-}`
`286`		`-c.netmapDirty=true`
`287`		`-c.Broadcast()`
`288`		`-}`
`289`		`-`
`290`	`280`	`func (c*configMaps)setHosts(hostsmap[dnsname.FQDN][]netip.Addr) {`
`291`	`281`	`c.L.Lock()`
`292`	`282`	`deferc.L.Unlock()`
`@@ -298,16 +288,6 @@ func (c *configMaps) setHosts(hosts map[dnsname.FQDN][]netip.Addr) {`
`298`	`288`	`c.Broadcast()`
`299`	`289`	`}`
`300`	`290`
`301`		`-func (c*configMaps)removeHosts(names []dnsname.FQDN) {`
`302`		`-c.L.Lock()`
`303`		`-deferc.L.Unlock()`
`304`		`-for_,name:=rangenames {`
`305`		`-delete(c.hosts,name)`
`306`		`-}`
`307`		`-c.netmapDirty=true`
`308`		`-c.Broadcast()`
`309`		`-}`
`310`		`-`
`311`	`291`	`// setBlockEndpoints sets whether we should block configuring endpoints we learn`
`312`	`292`	`// from peers. It triggers a configuration of the engine if the value changes.`
`313`	`293`	`// nolint: revive`

`‎tailnet/configmaps_internal_test.go‎`

Lines changed: 4 additions & 35 deletions

Original file line number	Diff line number	Diff line change
`@@ -10,7 +10,6 @@ import (`
`10`	`10`	`"github.com/google/uuid"`
`11`	`11`	`"github.com/stretchr/testify/assert"`
`12`	`12`	`"github.com/stretchr/testify/require"`
`13`		`-"golang.org/x/exp/maps"`
`14`	`13`	`"tailscale.com/ipn/ipnstate"`
`15`	`14`	`"tailscale.com/net/dns"`
`16`	`15`	`"tailscale.com/tailcfg"`
`@@ -1177,8 +1176,8 @@ func TestConfigMaps_addRemoveHosts(t *testing.T) {`
`1177`	`1176`	`addr3:=CoderServicePrefix.AddrFromUUID(uuid.New())`
`1178`	`1177`	`addr4:=CoderServicePrefix.AddrFromUUID(uuid.New())`
`1179`	`1178`
`1180`		`-// WHEN: weadd two hosts`
`1181`		`-uut.addHosts(map[dnsname.FQDN][]netip.Addr{`
	`1179`	`+// WHEN: weset two hosts`
	`1180`	`+uut.setHosts(map[dnsname.FQDN][]netip.Addr{`
`1182`	`1181`	`"agent.myws.me.coder.": {`
`1183`	`1182`	`addr1,`
`1184`	`1183`	`},`
`@@ -1207,36 +1206,6 @@ func TestConfigMaps_addRemoveHosts(t *testing.T) {`
`1207`	`1206`	`OnlyIPv6:true,`
`1208`	`1207`	`})`
`1209`	`1208`
`1210`		`-// WHEN: we add a new host`
`1211`		`-newHost:=map[dnsname.FQDN][]netip.Addr{`
`1212`		`-"agent2.myws.me.coder.": {`
`1213`		`-addr4,`
`1214`		`-},`
`1215`		`-}`
`1216`		`-uut.addHosts(newHost)`
`1217`		`-`
`1218`		`-// THEN: the engine is reconfigured with both the old and new hosts`
`1219`		`-_=testutil.RequireRecvCtx(ctx,t,fEng.setNetworkMap)`
`1220`		`-req=testutil.RequireRecvCtx(ctx,t,fEng.reconfig)`
`1221`		`-require.Equal(t,req.dnsCfg,&dns.Config{`
`1222`		`-Routes:map[dnsname.FQDN][]*dnstype.Resolver{`
`1223`		`-CoderDNSSuffix:nil,`
`1224`		`-},`
`1225`		`-Hosts:map[dnsname.FQDN][]netip.Addr{`
`1226`		`-"agent.myws.me.coder.": {`
`1227`		`-addr1,`
`1228`		`-},`
`1229`		`-"dev.main.me.coder.": {`
`1230`		`-addr2,`
`1231`		`-addr3,`
`1232`		`-},`
`1233`		`-"agent2.myws.me.coder.": {`
`1234`		`-addr4,`
`1235`		`-},`
`1236`		`-},`
`1237`		`-OnlyIPv6:true,`
`1238`		`-})`
`1239`		`-`
`1240`	`1209`	`// WHEN: We replace the hosts with a new set`
`1241`	`1210`	`uut.setHosts(map[dnsname.FQDN][]netip.Addr{`
`1242`	`1211`	`"newagent.myws.me.coder.": {`
`@@ -1265,8 +1234,8 @@ func TestConfigMaps_addRemoveHosts(t *testing.T) {`
`1265`	`1234`	`OnlyIPv6:true,`
`1266`	`1235`	`})`
`1267`	`1236`
`1268`		`-// WHEN: we remove all the hosts, and a bad host`
`1269`		`-uut.removeHosts(append(maps.Keys(req.dnsCfg.Hosts),"badhostname"))`
	`1237`	`+// WHEN: we remove all the hosts`
	`1238`	`+uut.setHosts(map[dnsname.FQDN][]netip.Addr{})`
`1270`	`1239`	`_=testutil.RequireRecvCtx(ctx,t,fEng.setNetworkMap)`
`1271`	`1240`	`req=testutil.RequireRecvCtx(ctx,t,fEng.reconfig)`
`1272`	`1241`

`‎tailnet/conn.go‎`

Lines changed: 0 additions & 16 deletions

Original file line number	Diff line number	Diff line change
`@@ -451,22 +451,6 @@ func (c *Conn) SetAddresses(ips []netip.Prefix) error {`
`451`	`451`	`returnnil`
`452`	`452`	`}`
`453`	`453`
`454`		`-func (c*Conn)AddDNSHosts(hostsmap[dnsname.FQDN][]netip.Addr)error {`
`455`		`-ifc.dnsConfigurator==nil {`
`456`		`-returnxerrors.New("no DNSConfigurator set")`
`457`		`-}`
`458`		`-c.configMaps.addHosts(hosts)`
`459`		`-returnnil`
`460`		`-}`
`461`		`-`
`462`		`-func (c*Conn)RemoveDNSHosts(names []dnsname.FQDN)error {`
`463`		`-ifc.dnsConfigurator==nil {`
`464`		`-returnxerrors.New("no DNSConfigurator set")`
`465`		`-}`
`466`		`-c.configMaps.removeHosts(names)`
`467`		`-returnnil`
`468`		`-}`
`469`		`-`
`470`	`454`	`// SetDNSHosts replaces the map of DNS hosts for the connection.`
`471`	`455`	`func (c*Conn)SetDNSHosts(hostsmap[dnsname.FQDN][]netip.Addr)error {`
`472`	`456`	`ifc.dnsConfigurator==nil {`

`‎tailnet/controllers.go‎`

Lines changed: 72 additions & 15 deletions

Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import (`
`6`	`6`	`"io"`
`7`	`7`	`"maps"`
`8`	`8`	`"math"`
	`9`	`+"net/netip"`
`9`	`10`	`"strings"`
`10`	`11`	`"sync"`
`11`	`12`	`"time"`
`@@ -15,6 +16,7 @@ import (`
`15`	`16`	`"storj.io/drpc"`
`16`	`17`	`"storj.io/drpc/drpcerr"`
`17`	`18`	`"tailscale.com/tailcfg"`
	`19`	`+"tailscale.com/util/dnsname"`
`18`	`20`
`19`	`21`	`"cdr.dev/slog"`
`20`	`22`	`"github.com/coder/coder/v2/codersdk"`
`@@ -104,6 +106,12 @@ type WorkspaceUpdatesController interface {`
`104`	`106`	`New(WorkspaceUpdatesClient)CloserWaiter`
`105`	`107`	`}`
`106`	`108`
	`109`	`+// DNSHostsSetter is something that you can set a mapping of DNS names to IPs on. It's the subset`
	`110`	`+// of the tailnet.Conn that we use to configure DNS records.`
	`111`	`+typeDNSHostsSetterinterface {`
	`112`	`+SetDNSHosts(hostsmap[dnsname.FQDN][]netip.Addr)error`
	`113`	`+}`
	`114`	`+`
`107`	`115`	`// ControlProtocolClients represents an abstract interface to the tailnet control plane via a set`
`108`	`116`	`// of protocol clients. The Closer should close all the clients (e.g. by closing the underlying`
`109`	`117`	`// connection).`
`@@ -835,8 +843,9 @@ func (r *basicResumeTokenRefresher) refresh() {`
`835`	`843`	`}`
`836`	`844`
`837`	`845`	`typetunnelAllWorkspaceUpdatesControllerstruct {`
`838`		`-coordCtrl*TunnelSrcCoordController`
`839`		`-logger slog.Logger`
	`846`	`+coordCtrl*TunnelSrcCoordController`
	`847`	`+dnsHostSetterDNSHostsSetter`
	`848`	`+logger slog.Logger`
`840`	`849`	`}`
`841`	`850`
`842`	`851`	`typeworkspacestruct {`
`@@ -845,30 +854,48 @@ type workspace struct {`
`845`	`854`	`agentsmap[uuid.UUID]agent`
`846`	`855`	`}`
`847`	`856`
	`857`	`+// addAllDNSNames adds names for all of its agents to the given map of names`
	`858`	`+func (wworkspace)addAllDNSNames(namesmap[dnsname.FQDN][]netip.Addr)error {`
	`859`	`+for_,a:=rangew.agents {`
	`860`	`+// TODO: technically, DNS labels cannot start with numbers, but the rules are often not`
	`861`	`+// strictly enforced.`
	`862`	`+// TODO: support <agent>.<workspace>.<username>.coder`
	`863`	`+fqdn,err:=dnsname.ToFQDN(fmt.Sprintf("%s.%s.me.coder.",a.name,w.name))`
	`864`	`+iferr!=nil {`
	`865`	`+returnerr`
	`866`	`+}`
	`867`	`+names[fqdn]= []netip.Addr{CoderServicePrefix.AddrFromUUID(a.id)}`
	`868`	`+}`
	`869`	`+// TODO: Possibly support <workspace>.coder. alias if there is only one agent`
	`870`	`+returnnil`
	`871`	`+}`
	`872`	`+`
`848`	`873`	`typeagentstruct {`
`849`	`874`	`id uuid.UUID`
`850`	`875`	`namestring`
`851`	`876`	`}`
`852`	`877`
`853`	`878`	`func (t*tunnelAllWorkspaceUpdatesController)New(clientWorkspaceUpdatesClient)CloserWaiter {`
`854`	`879`	`updater:=&tunnelUpdater{`
`855`		`-client:client,`
`856`		`-errChan:make(chanerror,1),`
`857`		`-logger:t.logger,`
`858`		`-coordCtrl:t.coordCtrl,`
`859`		`-recvLoopDone:make(chanstruct{}),`
`860`		`-workspaces:make(map[uuid.UUID]*workspace),`
	`880`	`+client:client,`
	`881`	`+errChan:make(chanerror,1),`
	`882`	`+logger:t.logger,`
	`883`	`+coordCtrl:t.coordCtrl,`
	`884`	`+dnsHostsSetter:t.dnsHostSetter,`
	`885`	`+recvLoopDone:make(chanstruct{}),`
	`886`	`+workspaces:make(map[uuid.UUID]*workspace),`
`861`	`887`	`}`
`862`	`888`	`goupdater.recvLoop()`
`863`	`889`	`returnupdater`
`864`	`890`	`}`
`865`	`891`
`866`	`892`	`typetunnelUpdaterstruct {`
`867`		`-errChanchanerror`
`868`		`-logger slog.Logger`
`869`		`-clientWorkspaceUpdatesClient`
`870`		`-coordCtrl*TunnelSrcCoordController`
`871`		`-recvLoopDonechanstruct{}`
	`893`	`+errChanchanerror`
	`894`	`+logger slog.Logger`
	`895`	`+clientWorkspaceUpdatesClient`
	`896`	`+coordCtrl*TunnelSrcCoordController`
	`897`	`+dnsHostsSetterDNSHostsSetter`
	`898`	`+recvLoopDonechanstruct{}`
`872`	`899`
`873`	`900`	`// don't need the mutex since only manipulated by the recvLoop`
`874`	`901`	`workspacesmap[uuid.UUID]*workspace`
`@@ -991,6 +1018,16 @@ func (t tunnelUpdater) handleUpdate(update proto.WorkspaceUpdate) error {`
`991`	`1018`	`}`
`992`	`1019`	`allAgents:=t.allAgentIDs()`
`993`	`1020`	`t.coordCtrl.SyncDestinations(allAgents)`
	`1021`	`+ift.dnsHostsSetter!=nil {`
	`1022`	`+t.logger.Debug(context.Background(),"updating dns hosts")`
	`1023`	`+dnsNames:=t.allDNSNames()`
	`1024`	`+err:=t.dnsHostsSetter.SetDNSHosts(dnsNames)`
	`1025`	`+iferr!=nil {`
	`1026`	`+returnxerrors.Errorf("failed to set DNS hosts: %w",err)`
	`1027`	`+}`
	`1028`	`+}else {`
	`1029`	`+t.logger.Debug(context.Background(),"skipping setting DNS names because we have no setter")`
	`1030`	`+}`
`994`	`1031`	`returnnil`
`995`	`1032`	`}`
`996`	`1033`
`@@ -1035,10 +1072,30 @@ func (t *tunnelUpdater) allAgentIDs() []uuid.UUID {`
`1035`	`1072`	`returnout`
`1036`	`1073`	`}`
`1037`	`1074`
	`1075`	`+func (t*tunnelUpdater)allDNSNames()map[dnsname.FQDN][]netip.Addr {`
	`1076`	`+names:=make(map[dnsname.FQDN][]netip.Addr)`
	`1077`	`+for_,w:=ranget.workspaces {`
	`1078`	`+err:=w.addAllDNSNames(names)`
	`1079`	`+iferr!=nil {`
	`1080`	`+// This should never happen in production, because converting the FQDN only fails`
	`1081`	`+// if names are too long, and we put strict length limits on agent, workspace, and user`
	`1082`	`+// names.`
	`1083`	`+t.logger.Critical(context.Background(),`
	`1084`	`+"failed to include DNS name(s)",`
	`1085`	`+slog.F("workspace_id",w.id),`
	`1086`	`+slog.Error(err))`
	`1087`	`+}`
	`1088`	`+}`
	`1089`	`+returnnames`
	`1090`	`+}`
	`1091`	`+`
	`1092`	`+// NewTunnelAllWorkspaceUpdatesController creates a WorkspaceUpdatesController that creates tunnels`
	`1093`	`+// (via the TunnelSrcCoordController) to all agents received over the WorkspaceUpdates RPC. If a`
	`1094`	`+// DNSHostSetter is provided, it also programs DNS hosts based on the agent and workspace names.`
`1038`	`1095`	`funcNewTunnelAllWorkspaceUpdatesController(`
`1039`		`-logger slog.Logger,c*TunnelSrcCoordController,`
	`1096`	`+logger slog.Logger,c*TunnelSrcCoordController,dDNSHostsSetter,`
`1040`	`1097`	`)WorkspaceUpdatesController {`
`1041`		`-return&tunnelAllWorkspaceUpdatesController{logger:logger,coordCtrl:c}`
	`1098`	`+return&tunnelAllWorkspaceUpdatesController{logger:logger,coordCtrl:c,dnsHostSetter:d}`
`1042`	`1099`	`}`
`1043`	`1100`
`1044`	`1101`	`// NewController creates a new Controller without running it`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit1a3816c

File tree

5 files changed

5 files changed

`‎tailnet/configmaps.go‎`

`‎tailnet/configmaps_internal_test.go‎`

`‎tailnet/conn.go‎`

`‎tailnet/controllers.go‎`

0 commit comments