- Notifications
You must be signed in to change notification settings - Fork1.1k
feat: add WorkspaceUpdates tailnet RPC#14847
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
ethanndickson commentedSep 27, 2024 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
This stack of pull requests is managed by Graphite.Learn more about stacking. Join@ethanndickson and the rest of your teammates on |
22985f7 todb04bcfCompareddc493e tod2d165eComparedb04bcf to50f874cCompared57f3e6 to8102c71Compare50f874c tofe1e8b5Compare8102c71 to4f57562Comparefe1e8b5 toaaf8e86Compareab7f678 tofb84465Comparebe7fa9e tocb5adf4Comparefb84465 to1a8392dComparecb5adf4 to2bc6e69Compare1a8392d to51cd615Compare2bc6e69 to54cbfafCompare51cd615 tode1435dCompare54cbfaf toaad36cfComparede1435d to398fa2dCompareaad36cf tob5f7529Compare398fa2d to077608bCompareb5f7529 tofabe2d1Compare077608b toc762ae8Comparefabe2d1 tod89d373Compare84730b8 tof3b74b7CompareUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| auth rbac.Authorizer | ||
| ctx context.Context | ||
| cancelFnfunc() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
ctx isn't used anywhere, so it andcancelFn are superfluous, which I think makesClose() on this superfluous.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
The intention was forsub to store a context who's parent isupdatesProvider's context, so that callingClose on the updates provider closes all the existing subscriptions - will fix.
enterprise/tailnet/connio.go Outdated
| func (c*connIO)handleRequest(req*proto.CoordinateRequest)error { | ||
| c.logger.Debug(c.peerCtx,"got request") | ||
| err:=c.auth.Authorize(req) | ||
| err:=c.auth.Authorize(c.coordCtx,req) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This needs to be thec.peerCtx ---coordCtx is the context of the Coordinator's lifetime.
You should add a test that adds a subject to a context you use to callCoordinate() and verify the subject is there on theAuthorize call. Same test for the AGPL implementation.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
e05b286 toa45a43cComparef3b74b7 tod1fac01Compare| _=testutil.RequireRecvCtx(ctx,t,ch) | ||
| // If we don't cancel the context, the coordinator close will wait until the | ||
| // peer request loop finishes, which will be after the timeout | ||
| peerCtxCancel() |
ethanndicksonOct 29, 2024 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This was actually passing without, but it would take the entire 10 seconds. Interestingly, the PGCoord doesn't have this behaviour
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Yeah, PGCoord is more aggressive with closing things down, forcibly booting anything still connected because it has contexts plumbed thru for background tasks like heartbeats. The AGPL coordinator is considerably simpler and has no coordinator-scoped context.
964bfe9 to494afa9Compare
spikecurtis left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
A few nits inline, but I don't need to review again
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| _=testutil.RequireRecvCtx(ctx,t,ch) | ||
| // If we don't cancel the context, the coordinator close will wait until the | ||
| // peer request loop finishes, which will be after the timeout | ||
| peerCtxCancel() |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Yeah, PGCoord is more aggressive with closing things down, forcibly booting anything still connected because it has contexts plumbed thru for background tasks like heartbeats. The AGPL coordinator is considerably simpler and has no coordinator-scoped context.
494afa9 tocdb4235Comparea45a43c to744633fComparecdb4235 to7d0a2b6Compare54ceea2 to8be52edCompare7d0a2b6 to33d6628Compare8be52ed tof941e78Compare33d6628 to7be63f5Compare7be63f5 tob509099Compareb1298a3 intomainUh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Closes#14716
Closes#14717
Adds a new user-scoped tailnet API endpoint (
api/v2/tailnet) with a new RPC stream for receiving updates on workspaces owned by a specific user, as defined in#14716.When a stream is started, the
WorkspaceUpdatesProviderwill begin listening on the user-scoped pubsub events implemented in#14964. When a relevant event type is seen (such as a workspace state transition), the provider will query the DB for all the workspaces (and agents) owned by the user. This gets compared against the result of the previous query to produce a set of workspace updates.Workspace updates can be requested for any user ID, however only workspaces the authorised user is permitted to
ActionReadwill have their updates streamed.Opening a tunnel to an agent requires that the user can perform
ActionSSHagainst the workspace containing it.