NotificationsYou must be signed in to change notification settings
Fork924
Star10.1k

Commit59ab505

authored

fix: return error if agent init script fails to download valid binary (#13280)

1 parente176867 commit59ab505Copy full SHA for 59ab505

File tree

6 files changed

+153

-29

lines changed

provisionersdk
scripts
- check_site_icons.sh

6 files changed

+153

-29

lines changed

`‎provisionersdk/agent.go`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -39,9 +39,9 @@ var (`
`39`	`39`	`}`
`40`	`40`	`)`
`41`	`41`
`42`		`-// AgentScriptEnv returns a key-pair of scripts that are consumed`
`43`		`-//by the Coder Terraform Provider. See:`
`44`		`-//https://github.com/coder/terraform-provider-coder/blob/main/internal/provider/provider.go#L97`
	`42`	`+// AgentScriptEnv returns a key-pair of scripts that are consumed by the Coder Terraform Provider.`
	`43`	`+//https://github.com/coder/terraform-provider-coder/blob/main/provider/agent.go (updateInitScript)`
	`44`	`+//performs additional string substitutions.`
`45`	`45`	`funcAgentScriptEnv()map[string]string {`
`46`	`46`	`env:=map[string]string{}`
`47`	`47`	`foroperatingSystem,scripts:=rangeagentScripts {`

`‎provisionersdk/agent_test.go`

Lines changed: 116 additions & 21 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,57 +7,152 @@`
`7`	`7`	`package provisionersdk_test`
`8`	`8`
`9`	`9`	`import (`
	`10`	`+"bytes"`
	`11`	`+"context"`
	`12`	`+"errors"`
`10`	`13`	`"fmt"`
`11`	`14`	`"net/http"`
`12`	`15`	`"net/http/httptest"`
`13`	`16`	`"net/url"`
`14`	`17`	`"os/exec"`
`15`	`18`	`"runtime"`
`16`	`19`	`"strings"`
	`20`	`+"sync"`
`17`	`21`	`"testing"`
	`22`	`+"time"`
`18`	`23`
`19`	`24`	`"github.com/go-chi/render"`
`20`	`25`	`"github.com/stretchr/testify/require"`
`21`	`26`
	`27`	`+"github.com/coder/coder/v2/testutil"`
	`28`	`+`
`22`	`29`	`"github.com/coder/coder/v2/provisionersdk"`
`23`	`30`	`)`
`24`	`31`
	`32`	`+// mimicking the --version output which we use to test the binary (see provisionersdk/scripts/bootstrap_*).`
	`33`	+constversionOutput=`Coder v2.11.0+8979bfe Tue May 7 17:30:19 UTC 2024`
	`34`	`+`
`25`	`35`	// bashEcho is a script that calls the local `echo` with the arguments. This is preferable to
`26`	`36`	// sending the real `echo` binary since macOS 14.4+ immediately sigkills `echo` if it is copied to
`27`	`37`	`// another directory and run locally.`
`28`	`38`	constbashEcho=`#!/usr/bin/env bash
`29`		-echo $@`
	`39`	+echo "`+versionOutput+`"`
	`40`	`+`
	`41`	+constunexpectedEcho=`#!/usr/bin/env bash
	`42`	+echo "this is not the agent you are looking for"`
`30`	`43`
`31`	`44`	`funcTestAgentScript(t*testing.T) {`
`32`	`45`	`t.Parallel()`
`33`		`-t.Run("Run",func(t*testing.T) {`
	`46`	`+`
	`47`	`+t.Run("Valid",func(t*testing.T) {`
`34`	`48`	`t.Parallel()`
`35`		`-srv:=httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter,r*http.Request) {`
`36`		`-render.Status(r,http.StatusOK)`
`37`		`-render.Data(rw,r, []byte(bashEcho))`
`38`		`-}))`
`39`		`-defersrv.Close()`
`40`		`-srvURL,err:=url.Parse(srv.URL)`
`41`		`-require.NoError(t,err)`
`42`	`49`
`43`		`-script,exists:=provisionersdk.AgentScriptEnv()[fmt.Sprintf("CODER_AGENT_SCRIPT_%s_%s",runtime.GOOS,runtime.GOARCH)]`
`44`		`-if!exists {`
`45`		`-t.Skip("Agent not supported...")`
`46`		`-return`
`47`		`-}`
`48`		`-script=strings.ReplaceAll(script,"${ACCESS_URL}",srvURL.String()+"/")`
`49`		`-script=strings.ReplaceAll(script,"${AUTH_TYPE}","token")`
	`50`	`+script:=serveScript(t,bashEcho)`
	`51`	`+`
	`52`	`+ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitShort)`
	`53`	`+t.Cleanup(cancel)`
	`54`	`+`
	`55`	`+varoutput bytes.Buffer`
`50`	`56`	`// This is intentionally ran in single quotes to mimic how a customer may`
`51`	`57`	`// embed our script. Our scripts should not include any single quotes.`
`52`	`58`	`// nolint:gosec`
`53`		`-output,err:=exec.Command("sh","-c","sh -c '"+script+"'").CombinedOutput()`
`54`		`-t.Log(string(output))`
	`59`	`+cmd:=exec.CommandContext(ctx,"sh","-c","sh -c '"+script+"'")`
	`60`	`+cmd.Stdout=&output`
	`61`	`+cmd.Stderr=&output`
	`62`	`+require.NoError(t,cmd.Start())`
	`63`	`+`
	`64`	`+err:=cmd.Wait()`
	`65`	`+iferr!=nil {`
	`66`	`+varexitErr*exec.ExitError`
	`67`	`+iferrors.As(err,&exitErr) {`
	`68`	`+require.Equal(t,0,exitErr.ExitCode())`
	`69`	`+}else {`
	`70`	`+t.Fatalf("unexpected err: %s",err)`
	`71`	`+}`
	`72`	`+}`
	`73`	`+`
	`74`	`+t.Log(output.String())`
`55`	`75`	`require.NoError(t,err)`
`56`	`76`	// Ignore debug output from `set -x`, we're only interested in the last line.
`57`		`-lines:=strings.Split(strings.TrimSpace(string(output)),"\n")`
	`77`	`+lines:=strings.Split(strings.TrimSpace(output.String()),"\n")`
`58`	`78`	`lastLine:=lines[len(lines)-1]`
`59`		`-//Because we use the "echo" binary, we should expect the arguments provided`
	`79`	`+//When we use the "bashEcho" binary, we should expect the arguments provided`
`60`	`80`	`// as the response to executing our script.`
`61`		`-require.Equal(t,"agent",lastLine)`
	`81`	`+require.Equal(t,versionOutput,lastLine)`
`62`	`82`	`})`
	`83`	`+`
	`84`	`+t.Run("Invalid",func(t*testing.T) {`
	`85`	`+t.Parallel()`
	`86`	`+`
	`87`	`+script:=serveScript(t,unexpectedEcho)`
	`88`	`+`
	`89`	`+ctx,cancel:=context.WithTimeout(context.Background(),testutil.WaitShort)`
	`90`	`+t.Cleanup(cancel)`
	`91`	`+`
	`92`	`+varoutput bytes.Buffer`
	`93`	`+// This is intentionally ran in single quotes to mimic how a customer may`
	`94`	`+// embed our script. Our scripts should not include any single quotes.`
	`95`	`+// nolint:gosec`
	`96`	`+cmd:=exec.CommandContext(ctx,"sh","-c","sh -c '"+script+"'")`
	`97`	`+cmd.WaitDelay=time.Second`
	`98`	`+cmd.Stdout=&output`
	`99`	`+cmd.Stderr=&output`
	`100`	`+require.NoError(t,cmd.Start())`
	`101`	`+`
	`102`	`+done:=make(chanerror,1)`
	`103`	`+varwg sync.WaitGroup`
	`104`	`+wg.Add(1)`
	`105`	`+gofunc() {`
	`106`	`+deferwg.Done()`
	`107`	`+`
	`108`	`+// The bootstrap scripts trap exit codes to allow operators to view the script logs and debug the process`
	`109`	`+// while it is still running. We do not expect Wait() to complete.`
	`110`	`+err:=cmd.Wait()`
	`111`	`+done<-err`
	`112`	`+}()`
	`113`	`+`
	`114`	`+select {`
	`115`	`+case<-ctx.Done():`
	`116`	`+// Timeout.`
	`117`	`+break`
	`118`	`+caseerr:=<-done:`
	`119`	`+// If done signals before context times out, script behaved in an unexpected way.`
	`120`	`+iferr!=nil {`
	`121`	`+t.Fatalf("unexpected err: %s",err)`
	`122`	`+}`
	`123`	`+}`
	`124`	`+`
	`125`	`+// Kill the command, wait for the command to yield.`
	`126`	`+require.NoError(t,cmd.Cancel())`
	`127`	`+wg.Wait()`
	`128`	`+`
	`129`	`+t.Log(output.String())`
	`130`	`+`
	`131`	`+require.Eventually(t,func()bool {`
	`132`	`+returnbytes.Contains(output.Bytes(), []byte("ERROR: Downloaded agent binary returned unexpected version output"))`
	`133`	`+},testutil.WaitShort,testutil.IntervalSlow)`
	`134`	`+})`
	`135`	`+}`
	`136`	`+`
	`137`	`+// serveScript creates a fake HTTP server which serves a requested "agent binary" (which is actually the given input string)`
	`138`	`+// which will be attempted to run to verify that it is correct.`
	`139`	`+funcserveScript(t*testing.T,instring)string {`
	`140`	`+t.Helper()`
	`141`	`+`
	`142`	`+srv:=httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter,r*http.Request) {`
	`143`	`+render.Status(r,http.StatusOK)`
	`144`	`+render.Data(rw,r, []byte(in))`
	`145`	`+}))`
	`146`	`+t.Cleanup(srv.Close)`
	`147`	`+srvURL,err:=url.Parse(srv.URL)`
	`148`	`+require.NoError(t,err)`
	`149`	`+`
	`150`	`+script,exists:=provisionersdk.AgentScriptEnv()[fmt.Sprintf("CODER_AGENT_SCRIPT_%s_%s",runtime.GOOS,runtime.GOARCH)]`
	`151`	`+if!exists {`
	`152`	`+t.Skip("Agent not supported...")`
	`153`	`+return""`
	`154`	`+}`
	`155`	`+script=strings.ReplaceAll(script,"${ACCESS_URL}",srvURL.String()+"/")`
	`156`	`+script=strings.ReplaceAll(script,"${AUTH_TYPE}","token")`
	`157`	`+returnscript`
`63`	`158`	`}`

`‎provisionersdk/scripts/bootstrap_darwin.sh`

Lines changed: 10 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ set -eux`
`4`	`4`	`# This is to allow folks to exec into a failed workspace and poke around to`
`5`	`5`	`# troubleshoot.`
`6`	`6`	`waitonexit() {`
`7`		`-echo"=== Agent script exited with non-zero code. Sleeping 24h to preserve logs..."`
	`7`	`+echo"=== Agent script exited with non-zero code ($?). Sleeping 24h to preserve logs..."`
`8`	`8`	`sleep 86400`
`9`	`9`	`}`
`10`	`10`	`trap waitonexit EXIT`
`@@ -31,4 +31,12 @@ fi`
`31`	`31`
`32`	`32`	`export CODER_AGENT_AUTH="${AUTH_TYPE}"`
`33`	`33`	`export CODER_AGENT_URL="${ACCESS_URL}"`
`34`		`-exec ./$BINARY_NAME agent`
	`34`	`+`
	`35`	`+output=$(./${BINARY_NAME} --version\| head -n1)`
	`36`	`+if!echo"${output}"\| grep -q Coder;then`
	`37`	`+echo>&2"ERROR: Downloaded agent binary returned unexpected version output"`
	`38`	`+echo>&2"${BINARY_NAME} --version output:\"${output}\""`
	`39`	`+exit 2`
	`40`	`+fi`
	`41`	`+`
	`42`	`+exec ./${BINARY_NAME} agent`

`‎provisionersdk/scripts/bootstrap_linux.sh`

Lines changed: 10 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -4,7 +4,7 @@ set -eux`
`4`	`4`	`# This is to allow folks to exec into a failed workspace and poke around to`
`5`	`5`	`# troubleshoot.`
`6`	`6`	`waitonexit() {`
`7`		`-echo"=== Agent script exited with non-zero code. Sleeping 24h to preserve logs..."`
	`7`	`+echo"=== Agent script exited with non-zero code ($?). Sleeping 24h to preserve logs..."`
`8`	`8`	`sleep 86400`
`9`	`9`	`}`
`10`	`10`	`trap waitonexit EXIT`
`@@ -86,4 +86,12 @@ fi`
`86`	`86`
`87`	`87`	`export CODER_AGENT_AUTH="${AUTH_TYPE}"`
`88`	`88`	`export CODER_AGENT_URL="${ACCESS_URL}"`
`89`		`-exec ./$BINARY_NAME agent`
	`89`	`+`
	`90`	`+output=$(./${BINARY_NAME} --version\| head -n1)`
	`91`	`+if!echo"${output}"\| grep -q Coder;then`
	`92`	`+echo>&2"ERROR: Downloaded agent binary returned unexpected version output"`
	`93`	`+echo>&2"${BINARY_NAME} --version output:\"${output}\""`
	`94`	`+exit 2`
	`95`	`+fi`
	`96`	`+`
	`97`	`+exec ./${BINARY_NAME} agent`

`‎provisionersdk/scripts/bootstrap_windows.ps1`

Lines changed: 13 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,19 @@ if (-not (Get-Command 'Set-MpPreference' -ErrorAction SilentlyContinue)) {`
`35`	`35`	`$env:CODER_AGENT_AUTH="${AUTH_TYPE}"`
`36`	`36`	`$env:CODER_AGENT_URL="${ACCESS_URL}"`
`37`	`37`
	`38`	`+$psi= [System.Diagnostics.ProcessStartInfo]::new("$env:TEMP\sshd.exe",'--version')`
	`39`	`+$psi.UseShellExecute=$false`
	`40`	`+$psi.RedirectStandardOutput=$true`
	`41`	`+$p= [System.Diagnostics.Process]::Start($psi)`
	`42`	`+$output=$p.StandardOutput.ReadToEnd()`
	`43`	`+$p.WaitForExit()`
	`44`	`+`
	`45`	`+if ($output-notlike"Coder") {`
	`46`	+Write-Output"$env:TEMP\sshd.exe --version output:`"$output"`"
	`47`	`+Write-Error"ERROR: Downloaded agent binary returned unexpected version output"`
	`48`	`+Throw"unexpected binary"`
	`49`	`+}`
	`50`	`+`
`38`	`51`	`# Check if we're running inside a Windows container!`
`39`	`52`	`$inContainer=$false`
`40`	`53`	`if ((Get-ItemProperty'HKLM:\SYSTEM\CurrentControlSet\Control'-Name'ContainerType'-ErrorAction SilentlyContinue)-ne$null) {`

`‎scripts/check_site_icons.sh`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-#!/bin/bash`
	`1`	`+#!/usr/bin/envbash`
`2`	`2`
`3`	`3`	`set -euo pipefail`
`4`	`4`	`# shellcheck source=scripts/lib.sh`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit59ab505

File tree

6 files changed

6 files changed

`‎provisionersdk/agent.go`

`‎provisionersdk/agent_test.go`

`‎provisionersdk/scripts/bootstrap_darwin.sh`

`‎provisionersdk/scripts/bootstrap_linux.sh`

`‎provisionersdk/scripts/bootstrap_windows.ps1`

`‎scripts/check_site_icons.sh`

0 commit comments