Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit72b8701

Browse files
committed
chore: make workspace sdk dialer fail fast for authnz errors
1 parentb0ba798 commit72b8701

File tree

2 files changed

+68
-8
lines changed

2 files changed

+68
-8
lines changed

‎codersdk/workspacesdk/dialer.go‎

Lines changed: 28 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@ var permanentErrorStatuses = []int{
2424
http.StatusBadRequest,// returned if API mismatch
2525
http.StatusNotFound,// returned if user doesn't have permission or agent doesn't exist
2626
http.StatusInternalServerError,// returned if database is not reachable,
27+
http.StatusUnauthorized,// returned if user is not authenticated
28+
http.StatusForbidden,// returned if user is not authorized
2729
}
2830

2931
typeWebsocketDialerstruct {
@@ -39,6 +41,24 @@ type WebsocketDialer struct {
3941
isFirstbool
4042
}
4143

44+
// checkResumeTokenFailure checks if the parsed error indicates a resume token failure
45+
// and updates the resumeTokenFailed flag accordingly. Returns true if a resume token
46+
// failure was detected.
47+
func (w*WebsocketDialer)checkResumeTokenFailure(ctx context.Context,sdkErr*codersdk.Error)bool {
48+
ifsdkErr==nil {
49+
returnfalse
50+
}
51+
52+
for_,v:=rangesdkErr.Validations {
53+
ifv.Field=="resume_token" {
54+
w.logger.Warn(ctx,"failed to dial tailnet v2+ API: server replied invalid resume token; unsetting for next connection attempt")
55+
w.resumeTokenFailed=true
56+
returntrue
57+
}
58+
}
59+
returnfalse
60+
}
61+
4262
typeWebsocketDialerOptionfunc(*WebsocketDialer)
4363

4464
funcWithWorkspaceUpdates(req*proto.WorkspaceUpdatesRequest)WebsocketDialerOption {
@@ -82,9 +102,14 @@ func (w *WebsocketDialer) Dial(ctx context.Context, r tailnet.ResumeTokenControl
82102
ifw.isFirst {
83103
ifres!=nil&&slices.Contains(permanentErrorStatuses,res.StatusCode) {
84104
err=codersdk.ReadBodyAsError(res)
85-
// A bit more human-readable help in the case the API version was rejected
86105
varsdkErr*codersdk.Error
87106
ifxerrors.As(err,&sdkErr) {
107+
// Check for resume token failure first
108+
ifw.checkResumeTokenFailure(ctx,sdkErr) {
109+
return tailnet.ControlProtocolClients{},err
110+
}
111+
112+
// A bit more human-readable help in the case the API version was rejected
88113
ifsdkErr.Message==AgentAPIMismatchMessage&&
89114
sdkErr.StatusCode()==http.StatusBadRequest {
90115
sdkErr.Helper=fmt.Sprintf(
@@ -107,13 +132,8 @@ func (w *WebsocketDialer) Dial(ctx context.Context, r tailnet.ResumeTokenControl
107132
bodyErr:=codersdk.ReadBodyAsError(res)
108133
varsdkErr*codersdk.Error
109134
ifxerrors.As(bodyErr,&sdkErr) {
110-
for_,v:=rangesdkErr.Validations {
111-
ifv.Field=="resume_token" {
112-
// Unset the resume token for the next attempt
113-
w.logger.Warn(ctx,"failed to dial tailnet v2+ API: server replied invalid resume token; unsetting for next connection attempt")
114-
w.resumeTokenFailed=true
115-
return tailnet.ControlProtocolClients{},err
116-
}
135+
ifw.checkResumeTokenFailure(ctx,sdkErr) {
136+
return tailnet.ControlProtocolClients{},err
117137
}
118138
}
119139
if!errors.Is(err,context.Canceled) {

‎codersdk/workspacesdk/dialer_test.go‎

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -270,6 +270,46 @@ func TestWebsocketDialer_ResumeTokenFailure(t *testing.T) {
270270
require.Error(t,err)
271271
}
272272

273+
funcTestWebsocketDialer_UnauthenticatedFailFast(t*testing.T) {
274+
t.Parallel()
275+
ctx:=testutil.Context(t,testutil.WaitShort)
276+
logger:=slogtest.Make(t,&slogtest.Options{
277+
IgnoreErrors:true,
278+
}).Leveled(slog.LevelDebug)
279+
280+
svr:=httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter,r*http.Request) {
281+
httpapi.Write(ctx,w,http.StatusUnauthorized, codersdk.Response{})
282+
}))
283+
defersvr.Close()
284+
svrURL,err:=url.Parse(svr.URL)
285+
require.NoError(t,err)
286+
287+
uut:=workspacesdk.NewWebsocketDialer(logger,svrURL,&websocket.DialOptions{})
288+
289+
_,err=uut.Dial(ctx,nil)
290+
require.Error(t,err)
291+
}
292+
293+
funcTestWebsocketDialer_UnauthorizedFailFast(t*testing.T) {
294+
t.Parallel()
295+
ctx:=testutil.Context(t,testutil.WaitShort)
296+
logger:=slogtest.Make(t,&slogtest.Options{
297+
IgnoreErrors:true,
298+
}).Leveled(slog.LevelDebug)
299+
300+
svr:=httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter,r*http.Request) {
301+
httpapi.Write(ctx,w,http.StatusUnauthorized, codersdk.Response{})
302+
}))
303+
defersvr.Close()
304+
svrURL,err:=url.Parse(svr.URL)
305+
require.NoError(t,err)
306+
307+
uut:=workspacesdk.NewWebsocketDialer(logger,svrURL,&websocket.DialOptions{})
308+
309+
_,err=uut.Dial(ctx,nil)
310+
require.Error(t,err)
311+
}
312+
273313
funcTestWebsocketDialer_UplevelVersion(t*testing.T) {
274314
t.Parallel()
275315
ctx:=testutil.Context(t,testutil.WaitShort)

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp