chore: replace wsconncache with a single tailnet (#8176)

2025-07-03 16:13:58 +00:00 · 2023-07-12 17:37:31 -05:00
parent 0a37dd20d6
commit c47b78c44b
36 changed files with 2004 additions and 763 deletions
--- a/coderd/workspaceapps/apptest/setup.go
+++ b/coderd/workspaceapps/apptest/setup.go
@ -399,7 +399,8 @@ func doWithRetries(t require.TestingT, client *codersdk.Client, req *http.Reques
 	return resp, err
 }

-func requestWithRetries(ctx context.Context, t require.TestingT, client *codersdk.Client, method, urlOrPath string, body interface{}, opts ...codersdk.RequestOption) (*http.Response, error) {
+func requestWithRetries(ctx context.Context, t testing.TB, client *codersdk.Client, method, urlOrPath string, body interface{}, opts ...codersdk.RequestOption) (*http.Response, error) {
+	t.Helper()
 	var resp *http.Response
 	var err error
 	require.Eventually(t, func() bool {
--- a/coderd/workspaceapps/proxy.go
+++ b/coderd/workspaceapps/proxy.go
@ -23,7 +23,6 @@ import (
 	"github.com/coder/coder/coderd/httpmw"
 	"github.com/coder/coder/coderd/tracing"
 	"github.com/coder/coder/coderd/util/slice"
-	"github.com/coder/coder/coderd/wsconncache"
 	"github.com/coder/coder/codersdk"
 	"github.com/coder/coder/site"
 )
@ -61,6 +60,22 @@ var nonCanonicalHeaders = map[string]string{
 	"Sec-Websocket-Version":    "Sec-WebSocket-Version",
 }

+type AgentProvider interface {
+	// ReverseProxy returns an httputil.ReverseProxy for proxying HTTP requests
+	// to the specified agent.
+	//
+	// TODO: after wsconncache is deleted this doesn't need to return an error.
+	ReverseProxy(targetURL, dashboardURL *url.URL, agentID uuid.UUID) (_ *httputil.ReverseProxy, release func(), _ error)
+
+	// AgentConn returns a new connection to the specified agent.
+	//
+	// TODO: after wsconncache is deleted this doesn't need to return a release
+	// func.
+	AgentConn(ctx context.Context, agentID uuid.UUID) (_ *codersdk.WorkspaceAgentConn, release func(), _ error)
+
+	Close() error
+}
+
 // Server serves workspace apps endpoints, including:
 // - Path-based apps
 // - Subdomain app middleware
@ -83,7 +98,6 @@ type Server struct {
 	RealIPConfig  *httpmw.RealIPConfig

 	SignedTokenProvider SignedTokenProvider
-	WorkspaceConnCache  *wsconncache.Cache
 	AppSecurityKey      SecurityKey

 	// DisablePathApps disables path-based apps. This is a security feature as path
@ -95,6 +109,8 @@ type Server struct {
 	DisablePathApps  bool
 	SecureAuthCookie bool

+	AgentProvider AgentProvider
+
 	websocketWaitMutex sync.Mutex
 	websocketWaitGroup sync.WaitGroup
 }
@ -106,8 +122,8 @@ func (s *Server) Close() error {
 	s.websocketWaitGroup.Wait()
 	s.websocketWaitMutex.Unlock()

-	// The caller must close the SignedTokenProvider (if necessary) and the
-	// wsconncache.
+	// The caller must close the SignedTokenProvider and the AgentProvider (if
+	// necessary).

 	return nil
 }
@ -517,18 +533,7 @@ func (s *Server) proxyWorkspaceApp(rw http.ResponseWriter, r *http.Request, appT
 	r.URL.Path = path
 	appURL.RawQuery = ""

-	proxy := httputil.NewSingleHostReverseProxy(appURL)
-	proxy.ErrorHandler = func(w http.ResponseWriter, r *http.Request, err error) {
-		site.RenderStaticErrorPage(rw, r, site.ErrorPageData{
-			Status:       http.StatusBadGateway,
-			Title:        "Bad Gateway",
-			Description:  "Failed to proxy request to application: " + err.Error(),
-			RetryEnabled: true,
-			DashboardURL: s.DashboardURL.String(),
-		})
-	}
-
-	conn, release, err := s.WorkspaceConnCache.Acquire(appToken.AgentID)
+	proxy, release, err := s.AgentProvider.ReverseProxy(appURL, s.DashboardURL, appToken.AgentID)
 	if err != nil {
 		site.RenderStaticErrorPage(rw, r, site.ErrorPageData{
 			Status:       http.StatusBadGateway,
@ -540,7 +545,6 @@ func (s *Server) proxyWorkspaceApp(rw http.ResponseWriter, r *http.Request, appT
 		return
 	}
 	defer release()
-	proxy.Transport = conn.HTTPTransport()

 	proxy.ModifyResponse = func(r *http.Response) error {
 		r.Header.Del(httpmw.AccessControlAllowOriginHeader)
@ -658,13 +662,14 @@ func (s *Server) workspaceAgentPTY(rw http.ResponseWriter, r *http.Request) {

 	go httpapi.Heartbeat(ctx, conn)

-	agentConn, release, err := s.WorkspaceConnCache.Acquire(appToken.AgentID)
+	agentConn, release, err := s.AgentProvider.AgentConn(ctx, appToken.AgentID)
 	if err != nil {
 		log.Debug(ctx, "dial workspace agent", slog.Error(err))
 		_ = conn.Close(websocket.StatusInternalError, httpapi.WebsocketCloseSprintf("dial workspace agent: %s", err))
 		return
 	}
 	defer release()
+	defer agentConn.Close()
 	log.Debug(ctx, "dialed workspace agent")
 	ptNetConn, err := agentConn.ReconnectingPTY(ctx, reconnect, uint16(height), uint16(width), r.URL.Query().Get("command"))
 	if err != nil {