NotificationsYou must be signed in to change notification settings
Fork914
Star10.1k

Commit3e0e7f8

authored

feat: check agent API version on connection (#11696)

fixes#10531Adds a check for `version` on connection to the Agent API websocket endpoint. This is primarily for future-proofing, so that up-level agents get a sensible error if they connect to a back-level Coderd.It also refactors the location of the `CurrentVersion` variables, to be part of the `proto` packages, since the versions refer to the APIs defined therein.

1 parenteb12fd7 commit3e0e7f8Copy full SHA for 3e0e7f8

File tree

11 files changed

+58

-18

lines changed

agent/proto
- version.go
coderd
- workspaceagents.go
- workspaceagentsrpc.go
codersdk
- agentsdk
  - agentsdk.go
- workspaceagents.go
enterprise
- coderd
  - workspaceproxycoordinate.go
- wsproxy/wsproxysdk
  - wsproxysdk.go
  - wsproxysdk_test.go
tailnet
- coordinator_test.go
- proto
  - version.go
- service.go

11 files changed

+58

-18

lines changed

`‎agent/proto/version.go`

Lines changed: 10 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,10 @@`
	`1`	`+package proto`
	`2`	`+`
	`3`	`+import (`
	`4`	`+"github.com/coder/coder/v2/tailnet/proto"`
	`5`	`+)`
	`6`	`+`
	`7`	`+// CurrentVersion is the current version of the agent API. It is tied to the`
	`8`	`+// tailnet API version to avoid confusion, since agents connect to the tailnet`
	`9`	`+// API over the same websocket.`
	`10`	`+varCurrentVersion=proto.CurrentVersion`

`‎coderd/workspaceagents.go`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -43,6 +43,7 @@ import (`
`43`	`43`	`"github.com/coder/coder/v2/codersdk"`
`44`	`44`	`"github.com/coder/coder/v2/codersdk/agentsdk"`
`45`	`45`	`"github.com/coder/coder/v2/tailnet"`
	`46`	`+"github.com/coder/coder/v2/tailnet/proto"`
`46`	`47`	`)`
`47`	`48`
`48`	`49`	`// @Summary Get workspace agent by ID`
`@@ -1162,7 +1163,7 @@ func (api API) workspaceAgentClientCoordinate(rw http.ResponseWriter, r http.R`
`1162`	`1163`	`ifqv!="" {`
`1163`	`1164`	`version=qv`
`1164`	`1165`	`}`
`1165`		`-iferr:=tailnet.CurrentVersion.Validate(version);err!=nil {`
	`1166`	`+iferr:=proto.CurrentVersion.Validate(version);err!=nil {`
`1166`	`1167`	`httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
`1167`	`1168`	`Message:"Unknown or unsupported API version",`
`1168`	`1169`	`Validations: []codersdk.ValidationError{`

`‎coderd/workspaceagentsrpc.go`

Lines changed: 18 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -16,6 +16,7 @@ import (`
`16`	`16`	`"nhooyr.io/websocket"`
`17`	`17`
`18`	`18`	`"cdr.dev/slog"`
	`19`	`+"github.com/coder/coder/v2/agent/proto"`
`19`	`20`	`"github.com/coder/coder/v2/coderd/agentapi"`
`20`	`21`	`"github.com/coder/coder/v2/coderd/database"`
`21`	`22`	`"github.com/coder/coder/v2/coderd/database/dbauthz"`
`@@ -37,6 +38,23 @@ import (`
`37`	`38`	`func (apiAPI)workspaceAgentRPC(rw http.ResponseWriter,rhttp.Request) {`
`38`	`39`	`ctx:=r.Context()`
`39`	`40`
	`41`	`+version:=r.URL.Query().Get("version")`
	`42`	`+ifversion=="" {`
	`43`	`+httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
	`44`	`+Message:"Missing required query parameter: version",`
	`45`	`+})`
	`46`	`+return`
	`47`	`+}`
	`48`	`+iferr:=proto.CurrentVersion.Validate(version);err!=nil {`
	`49`	`+httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
	`50`	`+Message:"Unknown or unsupported API version",`
	`51`	`+Validations: []codersdk.ValidationError{`
	`52`	`+{Field:"version",Detail:err.Error()},`
	`53`	`+},`
	`54`	`+})`
	`55`	`+return`
	`56`	`+}`
	`57`	`+`
`40`	`58`	`api.WebsocketWaitMutex.Lock()`
`41`	`59`	`api.WebsocketWaitGroup.Add(1)`
`42`	`60`	`api.WebsocketWaitMutex.Unlock()`

`‎codersdk/agentsdk/agentsdk.go`

Lines changed: 9 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,7 @@ import (`
`21`	`21`	`"tailscale.com/tailcfg"`
`22`	`22`
`23`	`23`	`"cdr.dev/slog"`
	`24`	`+"github.com/coder/coder/v2/agent/proto"`
`24`	`25`	`"github.com/coder/coder/v2/codersdk"`
`25`	`26`	`drpcsdk"github.com/coder/coder/v2/codersdk/drpc"`
`26`	`27`	`"github.com/coder/retry"`
`@@ -281,18 +282,22 @@ func (c *Client) DERPMapUpdates(ctx context.Context) (<-chan DERPMapUpdate, io.C`
`281`	`282`	`},nil`
`282`	`283`	`}`
`283`	`284`
`284`		`-// Listen connects to the workspace agentcoordinate WebSocket`
	`285`	`+// Listen connects to the workspace agentAPI WebSocket`
`285`	`286`	`// that handles connection negotiation.`
`286`	`287`	`func (c*Client)Listen(ctx context.Context) (drpc.Conn,error) {`
`287`		`-coordinateURL,err:=c.SDK.URL.Parse("/api/v2/workspaceagents/me/rpc")`
	`288`	`+rpcURL,err:=c.SDK.URL.Parse("/api/v2/workspaceagents/me/rpc")`
`288`	`289`	`iferr!=nil {`
`289`	`290`	`returnnil,xerrors.Errorf("parse url: %w",err)`
`290`	`291`	`}`
	`292`	`+q:=rpcURL.Query()`
	`293`	`+q.Add("version",proto.CurrentVersion.String())`
	`294`	`+rpcURL.RawQuery=q.Encode()`
	`295`	`+`
`291`	`296`	`jar,err:=cookiejar.New(nil)`
`292`	`297`	`iferr!=nil {`
`293`	`298`	`returnnil,xerrors.Errorf("create cookie jar: %w",err)`
`294`	`299`	`}`
`295`		`-jar.SetCookies(coordinateURL, []*http.Cookie{{`
	`300`	`+jar.SetCookies(rpcURL, []*http.Cookie{{`
`296`	`301`	`Name:codersdk.SessionTokenCookie,`
`297`	`302`	`Value:c.SDK.SessionToken(),`
`298`	`303`	`}})`
`@@ -301,7 +306,7 @@ func (c *Client) Listen(ctx context.Context) (drpc.Conn, error) {`
`301`	`306`	`Transport:c.SDK.HTTPClient.Transport,`
`302`	`307`	`}`
`303`	`308`	`// nolint:bodyclose`
`304`		`-conn,res,err:=websocket.Dial(ctx,coordinateURL.String(),&websocket.DialOptions{`
	`309`	`+conn,res,err:=websocket.Dial(ctx,rpcURL.String(),&websocket.DialOptions{`
`305`	`310`	`HTTPClient:httpClient,`
`306`	`311`	`})`
`307`	`312`	`iferr!=nil {`

`‎codersdk/workspaceagents.go`

Lines changed: 2 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -22,6 +22,7 @@ import (`
`22`	`22`	`"cdr.dev/slog"`
`23`	`23`	`"github.com/coder/coder/v2/coderd/tracing"`
`24`	`24`	`"github.com/coder/coder/v2/tailnet"`
	`25`	`+"github.com/coder/coder/v2/tailnet/proto"`
`25`	`26`	`"github.com/coder/retry"`
`26`	`27`	`)`
`27`	`28`
`@@ -314,7 +315,7 @@ func (c *Client) DialWorkspaceAgent(dialCtx context.Context, agentID uuid.UUID,`
`314`	`315`	`returnnil,xerrors.Errorf("parse url: %w",err)`
`315`	`316`	`}`
`316`	`317`	`q:=coordinateURL.Query()`
`317`		`-q.Add("version",tailnet.CurrentVersion.String())`
	`318`	`+q.Add("version",proto.CurrentVersion.String())`
`318`	`319`	`coordinateURL.RawQuery=q.Encode()`
`319`	`320`	`closedCoordinator:=make(chanstruct{})`
`320`	`321`	`// Must only ever be used once, send error OR close to avoid`

`‎enterprise/coderd/workspaceproxycoordinate.go`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -11,7 +11,7 @@ import (`
`11`	`11`	`"github.com/coder/coder/v2/coderd/util/apiversion"`
`12`	`12`	`"github.com/coder/coder/v2/codersdk"`
`13`	`13`	`"github.com/coder/coder/v2/enterprise/wsproxy/wsproxysdk"`
`14`		`-agpl"github.com/coder/coder/v2/tailnet"`
	`14`	`+"github.com/coder/coder/v2/tailnet/proto"`
`15`	`15`	`)`
`16`	`16`
`17`	`17`	`// @Summary Agent is legacy`
`@@ -59,7 +59,7 @@ func (api API) workspaceProxyCoordinate(rw http.ResponseWriter, r http.Request`
`59`	`59`	`ifqv!="" {`
`60`	`60`	`version=qv`
`61`	`61`	`}`
`62`		`-iferr:=agpl.CurrentVersion.Validate(version);err!=nil {`
	`62`	`+iferr:=proto.CurrentVersion.Validate(version);err!=nil {`
`63`	`63`	`httpapi.Write(ctx,rw,http.StatusBadRequest, codersdk.Response{`
`64`	`64`	`Message:"Unknown or unsupported API version",`
`65`	`65`	`Validations: []codersdk.ValidationError{`

`‎enterprise/wsproxy/wsproxysdk/wsproxysdk.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -439,7 +439,7 @@ func (c *Client) DialCoordinator(ctx context.Context) (agpl.MultiAgentConn, erro`
`439`	`439`	`returnnil,xerrors.Errorf("parse url: %w",err)`
`440`	`440`	`}`
`441`	`441`	`q:=coordinateURL.Query()`
`442`		`-q.Add("version",agpl.CurrentVersion.String())`
	`442`	`+q.Add("version",proto.CurrentVersion.String())`
`443`	`443`	`coordinateURL.RawQuery=q.Encode()`
`444`	`444`	`coordinateHeaders:=make(http.Header)`
`445`	`445`	`tokenHeader:=codersdk.SessionTokenHeader`

`‎enterprise/wsproxy/wsproxysdk/wsproxysdk_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -194,7 +194,7 @@ func TestDialCoordinator(t *testing.T) {`
`194`	`194`	`return`
`195`	`195`	`}`
`196`	`196`	`version:=r.URL.Query().Get("version")`
`197`		`-if!assert.Equal(t,version,agpl.CurrentVersion.String()) {`
	`197`	`+if!assert.Equal(t,version,proto.CurrentVersion.String()) {`
`198`	`198`	`return`
`199`	`199`	`}`
`200`	`200`	`nc:=websocket.NetConn(r.Context(),conn,websocket.MessageBinary)`

`‎tailnet/coordinator_test.go`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -460,7 +460,7 @@ func TestRemoteCoordination(t *testing.T) {`
`460`	`460`
`461`	`461`	`serveErr:=make(chanerror,1)`
`462`	`462`	`gofunc() {`
`463`		`-err:=svc.ServeClient(ctx,tailnet.CurrentVersion.String(),sC,clientID,agentID)`
	`463`	`+err:=svc.ServeClient(ctx,proto.CurrentVersion.String(),sC,clientID,agentID)`
`464`	`464`	`serveErr<-err`
`465`	`465`	`}()`
`466`	`466`

`‎tailnet/proto/version.go`

Lines changed: 12 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,12 @@`
	`1`	`+package proto`
	`2`	`+`
	`3`	`+import (`
	`4`	`+"github.com/coder/coder/v2/coderd/util/apiversion"`
	`5`	`+)`
	`6`	`+`
	`7`	`+const (`
	`8`	`+CurrentMajor=2`
	`9`	`+CurrentMinor=0`
	`10`	`+)`
	`11`	`+`
	`12`	`+varCurrentVersion=apiversion.New(CurrentMajor,CurrentMinor).WithBackwardCompat(1)`

`‎tailnet/service.go`

Lines changed: 0 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -20,13 +20,6 @@ import (`
`20`	`20`	`"golang.org/x/xerrors"`
`21`	`21`	`)`
`22`	`22`
`23`		`-const (`
`24`		`-CurrentMajor=2`
`25`		`-CurrentMinor=0`
`26`		`-)`
`27`		`-`
`28`		`-varCurrentVersion=apiversion.New(CurrentMajor,CurrentMinor).WithBackwardCompat(1)`
`29`		`-`
`30`	`23`	`typestreamIDContextKeystruct{}`
`31`	`24`
`32`	`25`	`// StreamID identifies the caller of the CoordinateTailnet RPC. We store this`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit3e0e7f8

File tree

11 files changed

11 files changed

`‎agent/proto/version.go`

`‎coderd/workspaceagents.go`

`‎coderd/workspaceagentsrpc.go`

`‎codersdk/agentsdk/agentsdk.go`

`‎codersdk/workspaceagents.go`

`‎enterprise/coderd/workspaceproxycoordinate.go`

`‎enterprise/wsproxy/wsproxysdk/wsproxysdk.go`

`‎enterprise/wsproxy/wsproxysdk/wsproxysdk_test.go`

`‎tailnet/coordinator_test.go`

`‎tailnet/proto/version.go`

`‎tailnet/service.go`

0 commit comments