package coderd_test import ( "bufio" "context" "encoding/json" "fmt" "net" "net/http" "net/http/httptest" "regexp" "runtime" "strconv" "strings" "testing" "time" "github.com/google/uuid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" "golang.org/x/oauth2" "cdr.dev/slog" "cdr.dev/slog/sloggers/slogtest" "github.com/coder/coder/agent" "github.com/coder/coder/coderd/coderdtest" "github.com/coder/coder/coderd/database" "github.com/coder/coder/coderd/gitauth" "github.com/coder/coder/codersdk" "github.com/coder/coder/codersdk/agentsdk" "github.com/coder/coder/provisioner/echo" "github.com/coder/coder/provisionersdk/proto" "github.com/coder/coder/testutil" ) func TestWorkspaceAgent(t *testing.T) { t.Parallel() t.Run("Connect", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() tmpDir := t.TempDir() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Directory: tmpDir, Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() workspace, err := client.Workspace(ctx, workspace.ID) require.NoError(t, err) require.Equal(t, tmpDir, workspace.LatestBuild.Resources[0].Agents[0].Directory) _, err = client.WorkspaceAgent(ctx, workspace.LatestBuild.Resources[0].Agents[0].ID) require.NoError(t, err) }) t.Run("HasFallbackTroubleshootingURL", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() tmpDir := t.TempDir() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Directory: tmpDir, Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitMedium) defer cancel() workspace, err := client.Workspace(ctx, workspace.ID) require.NoError(t, err) require.NotEmpty(t, workspace.LatestBuild.Resources[0].Agents[0].TroubleshootingURL) t.Log(workspace.LatestBuild.Resources[0].Agents[0].TroubleshootingURL) }) t.Run("Timeout", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() tmpDir := t.TempDir() wantTroubleshootingURL := "https://example.com/troubleshoot" version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Directory: tmpDir, Auth: &proto.Agent_Token{ Token: authToken, }, ConnectionTimeoutSeconds: 1, TroubleshootingUrl: wantTroubleshootingURL, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitMedium) defer cancel() var err error testutil.Eventually(ctx, t, func(ctx context.Context) (done bool) { workspace, err = client.Workspace(ctx, workspace.ID) if !assert.NoError(t, err) { return false } return workspace.LatestBuild.Resources[0].Agents[0].Status == codersdk.WorkspaceAgentTimeout }, testutil.IntervalMedium, "agent status timeout") require.Equal(t, wantTroubleshootingURL, workspace.LatestBuild.Resources[0].Agents[0].TroubleshootingURL) }) } func TestWorkspaceAgentListen(t *testing.T) { t.Parallel() t.Run("Connect", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) agentCloser := agent.New(agent.Options{ Client: agentClient, Logger: slogtest.Make(t, nil).Named("agent").Leveled(slog.LevelDebug), }) defer func() { _ = agentCloser.Close() }() ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID) conn, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, nil) require.NoError(t, err) defer func() { _ = conn.Close() }() conn.AwaitReachable(ctx) }) t.Run("FailNonLatestBuild", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) version = coderdtest.UpdateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: uuid.NewString(), }, }}, }}, }, }, }}, }, template.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() stopBuild, err := client.CreateWorkspaceBuild(ctx, workspace.ID, codersdk.CreateWorkspaceBuildRequest{ TemplateVersionID: version.ID, Transition: codersdk.WorkspaceTransitionStop, }) require.NoError(t, err) coderdtest.AwaitWorkspaceBuildJob(t, client, stopBuild.ID) agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) _, err = agentClient.Listen(ctx) require.Error(t, err) require.ErrorContains(t, err, "build is outdated") }) } func TestWorkspaceAgentTailnet(t *testing.T) { t.Parallel() client, daemonCloser := coderdtest.NewWithProvisionerCloser(t, nil) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) daemonCloser.Close() agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) agentCloser := agent.New(agent.Options{ Client: agentClient, Logger: slogtest.Make(t, nil).Named("agent").Leveled(slog.LevelDebug), }) defer agentCloser.Close() resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID) ctx, cancelFunc := context.WithCancel(context.Background()) defer cancelFunc() conn, err := client.DialWorkspaceAgent(ctx, resources[0].Agents[0].ID, &codersdk.DialWorkspaceAgentOptions{ Logger: slogtest.Make(t, nil).Named("client").Leveled(slog.LevelDebug), }) require.NoError(t, err) defer conn.Close() sshClient, err := conn.SSHClient(ctx) require.NoError(t, err) session, err := sshClient.NewSession() require.NoError(t, err) output, err := session.CombinedOutput("echo test") require.NoError(t, err) _ = session.Close() _ = sshClient.Close() _ = conn.Close() require.Equal(t, "test", strings.TrimSpace(string(output))) } func TestWorkspaceAgentPTY(t *testing.T) { t.Parallel() if runtime.GOOS == "windows" { // This might be our implementation, or ConPTY itself. // It's difficult to find extensive tests for it, so // it seems like it could be either. t.Skip("ConPTY appears to be inconsistent on Windows.") } client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) agentCloser := agent.New(agent.Options{ Client: agentClient, Logger: slogtest.Make(t, nil).Named("agent").Leveled(slog.LevelDebug), }) defer func() { _ = agentCloser.Close() }() resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() conn, err := client.WorkspaceAgentReconnectingPTY(ctx, resources[0].Agents[0].ID, uuid.New(), 80, 80, "/bin/bash") require.NoError(t, err) defer conn.Close() // First attempt to resize the TTY. // The websocket will close if it fails! data, err := json.Marshal(codersdk.ReconnectingPTYRequest{ Height: 250, Width: 250, }) require.NoError(t, err) _, err = conn.Write(data) require.NoError(t, err) bufRead := bufio.NewReader(conn) // Brief pause to reduce the likelihood that we send keystrokes while // the shell is simultaneously sending a prompt. time.Sleep(100 * time.Millisecond) data, err = json.Marshal(codersdk.ReconnectingPTYRequest{ Data: "echo test\r\n", }) require.NoError(t, err) _, err = conn.Write(data) require.NoError(t, err) expectLine := func(matcher func(string) bool) { for { line, err := bufRead.ReadString('\n') require.NoError(t, err) if matcher(line) { break } } } matchEchoCommand := func(line string) bool { return strings.Contains(line, "echo test") } matchEchoOutput := func(line string) bool { return strings.Contains(line, "test") && !strings.Contains(line, "echo") } expectLine(matchEchoCommand) expectLine(matchEchoOutput) } func TestWorkspaceAgentListeningPorts(t *testing.T) { t.Parallel() setup := func(t *testing.T, apps []*proto.App) (*codersdk.Client, uint16, uuid.UUID) { t.Helper() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) coderdPort, err := strconv.Atoi(client.URL.Port()) require.NoError(t, err) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, Apps: apps, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) agentCloser := agent.New(agent.Options{ Client: agentClient, Logger: slogtest.Make(t, nil).Named("agent").Leveled(slog.LevelDebug), }) t.Cleanup(func() { _ = agentCloser.Close() }) resources := coderdtest.AwaitWorkspaceAgents(t, client, workspace.ID) return client, uint16(coderdPort), resources[0].Agents[0].ID } willFilterPort := func(port int) bool { if port < codersdk.WorkspaceAgentMinimumListeningPort || port > 65535 { return true } if _, ok := codersdk.WorkspaceAgentIgnoredListeningPorts[uint16(port)]; ok { return true } return false } generateUnfilteredPort := func(t *testing.T) (net.Listener, uint16) { var ( l net.Listener port uint16 ) require.Eventually(t, func() bool { var err error l, err = net.Listen("tcp", "localhost:0") if err != nil { return false } tcpAddr, _ := l.Addr().(*net.TCPAddr) if willFilterPort(tcpAddr.Port) { _ = l.Close() return false } t.Cleanup(func() { _ = l.Close() }) port = uint16(tcpAddr.Port) return true }, testutil.WaitShort, testutil.IntervalFast) return l, port } generateFilteredPort := func(t *testing.T) (net.Listener, uint16) { var ( l net.Listener port uint16 ) require.Eventually(t, func() bool { for ignoredPort := range codersdk.WorkspaceAgentIgnoredListeningPorts { if ignoredPort < 1024 || ignoredPort == 5432 { continue } var err error l, err = net.Listen("tcp", fmt.Sprintf("localhost:%d", ignoredPort)) if err != nil { continue } t.Cleanup(func() { _ = l.Close() }) port = ignoredPort return true } return false }, testutil.WaitShort, testutil.IntervalFast) return l, port } t.Run("LinuxAndWindows", func(t *testing.T) { t.Parallel() if runtime.GOOS != "linux" && runtime.GOOS != "windows" { t.Skip("only runs on linux and windows") return } t.Run("OK", func(t *testing.T) { t.Parallel() client, coderdPort, agentID := setup(t, nil) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() // Generate a random unfiltered port. l, lPort := generateUnfilteredPort(t) // List ports and ensure that the port we expect to see is there. res, err := client.WorkspaceAgentListeningPorts(ctx, agentID) require.NoError(t, err) expected := map[uint16]bool{ // expect the listener we made lPort: false, // expect the coderdtest server coderdPort: false, } for _, port := range res.Ports { if port.Network == "tcp" { if val, ok := expected[port.Port]; ok { if val { t.Fatalf("expected to find TCP port %d only once in response", port.Port) } } expected[port.Port] = true } } for port, found := range expected { if !found { t.Fatalf("expected to find TCP port %d in response", port) } } // Close the listener and check that the port is no longer in the response. require.NoError(t, l.Close()) time.Sleep(2 * time.Second) // avoid cache res, err = client.WorkspaceAgentListeningPorts(ctx, agentID) require.NoError(t, err) for _, port := range res.Ports { if port.Network == "tcp" && port.Port == lPort { t.Fatalf("expected to not find TCP port %d in response", lPort) } } }) t.Run("Filter", func(t *testing.T) { t.Parallel() // Generate an unfiltered port that we will create an app for and // should not exist in the response. _, appLPort := generateUnfilteredPort(t) app := &proto.App{ Slug: "test-app", Url: fmt.Sprintf("http://localhost:%d", appLPort), } // Generate a filtered port that should not exist in the response. _, filteredLPort := generateFilteredPort(t) client, coderdPort, agentID := setup(t, []*proto.App{app}) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() res, err := client.WorkspaceAgentListeningPorts(ctx, agentID) require.NoError(t, err) sawCoderdPort := false for _, port := range res.Ports { if port.Network == "tcp" { if port.Port == appLPort { t.Fatalf("expected to not find TCP port (app port) %d in response", appLPort) } if port.Port == filteredLPort { t.Fatalf("expected to not find TCP port (filtered port) %d in response", filteredLPort) } if port.Port == coderdPort { sawCoderdPort = true } } } if !sawCoderdPort { t.Fatalf("expected to find TCP port (coderd port) %d in response", coderdPort) } }) }) t.Run("Darwin", func(t *testing.T) { t.Parallel() if runtime.GOOS != "darwin" { t.Skip("only runs on darwin") return } client, _, agentID := setup(t, nil) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() // Create a TCP listener on a random port. l, err := net.Listen("tcp", "localhost:0") require.NoError(t, err) defer l.Close() // List ports and ensure that the list is empty because we're on darwin. res, err := client.WorkspaceAgentListeningPorts(ctx, agentID) require.NoError(t, err) require.Len(t, res.Ports, 0) }) } func TestWorkspaceAgentAppHealth(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() apps := []*proto.App{ { Slug: "code-server", Command: "some-command", Url: "http://localhost:3000", Icon: "/code.svg", }, { Slug: "code-server-2", DisplayName: "code-server-2", Command: "some-command", Url: "http://localhost:3000", Icon: "/code.svg", Healthcheck: &proto.Healthcheck{ Url: "http://localhost:3000", Interval: 5, Threshold: 6, }, }, } version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, Apps: apps, }}, }}, }, }, }}, }) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) ctx, cancel := context.WithTimeout(context.Background(), testutil.WaitLong) defer cancel() agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) metadata, err := agentClient.Metadata(ctx) require.NoError(t, err) require.EqualValues(t, codersdk.WorkspaceAppHealthDisabled, metadata.Apps[0].Health) require.EqualValues(t, codersdk.WorkspaceAppHealthInitializing, metadata.Apps[1].Health) err = agentClient.PostAppHealth(ctx, agentsdk.PostAppHealthsRequest{}) require.Error(t, err) // empty err = agentClient.PostAppHealth(ctx, agentsdk.PostAppHealthsRequest{}) require.Error(t, err) // healthcheck disabled err = agentClient.PostAppHealth(ctx, agentsdk.PostAppHealthsRequest{ Healths: map[uuid.UUID]codersdk.WorkspaceAppHealth{ metadata.Apps[0].ID: codersdk.WorkspaceAppHealthInitializing, }, }) require.Error(t, err) // invalid value err = agentClient.PostAppHealth(ctx, agentsdk.PostAppHealthsRequest{ Healths: map[uuid.UUID]codersdk.WorkspaceAppHealth{ metadata.Apps[1].ID: codersdk.WorkspaceAppHealth("bad-value"), }, }) require.Error(t, err) // update to healthy err = agentClient.PostAppHealth(ctx, agentsdk.PostAppHealthsRequest{ Healths: map[uuid.UUID]codersdk.WorkspaceAppHealth{ metadata.Apps[1].ID: codersdk.WorkspaceAppHealthHealthy, }, }) require.NoError(t, err) metadata, err = agentClient.Metadata(ctx) require.NoError(t, err) require.EqualValues(t, codersdk.WorkspaceAppHealthHealthy, metadata.Apps[1].Health) // update to unhealthy err = agentClient.PostAppHealth(ctx, agentsdk.PostAppHealthsRequest{ Healths: map[uuid.UUID]codersdk.WorkspaceAppHealth{ metadata.Apps[1].ID: codersdk.WorkspaceAppHealthUnhealthy, }, }) require.NoError(t, err) metadata, err = agentClient.Metadata(ctx) require.NoError(t, err) require.EqualValues(t, codersdk.WorkspaceAppHealthUnhealthy, metadata.Apps[1].Health) } // nolint:bodyclose func TestWorkspaceAgentsGitAuth(t *testing.T) { t.Parallel() t.Run("NoMatchingConfig", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, GitAuthConfigs: []*gitauth.Config{}, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) _, err := agentClient.GitAuth(context.Background(), "github.com", false) var apiError *codersdk.Error require.ErrorAs(t, err, &apiError) require.Equal(t, http.StatusNotFound, apiError.StatusCode()) }) t.Run("ReturnsURL", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, GitAuthConfigs: []*gitauth.Config{{ OAuth2Config: &oauth2Config{}, ID: "github", Regex: regexp.MustCompile(`github\.com`), Type: codersdk.GitProviderGitHub, }}, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) token, err := agentClient.GitAuth(context.Background(), "github.com/asd/asd", false) require.NoError(t, err) require.True(t, strings.HasSuffix(token.URL, fmt.Sprintf("/gitauth/%s", "github"))) }) t.Run("UnauthorizedCallback", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, GitAuthConfigs: []*gitauth.Config{{ OAuth2Config: &oauth2Config{}, ID: "github", Regex: regexp.MustCompile(`github\.com`), Type: codersdk.GitProviderGitHub, }}, }) resp := coderdtest.RequestGitAuthCallback(t, "github", client) require.Equal(t, http.StatusUnauthorized, resp.StatusCode) }) t.Run("AuthorizedCallback", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, GitAuthConfigs: []*gitauth.Config{{ OAuth2Config: &oauth2Config{}, ID: "github", Regex: regexp.MustCompile(`github\.com`), Type: codersdk.GitProviderGitHub, }}, }) _ = coderdtest.CreateFirstUser(t, client) resp := coderdtest.RequestGitAuthCallback(t, "github", client) require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode) location, err := resp.Location() require.NoError(t, err) require.Equal(t, "/gitauth", location.Path) // Callback again to simulate updating the token. resp = coderdtest.RequestGitAuthCallback(t, "github", client) require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode) }) t.Run("ValidateURL", func(t *testing.T) { t.Parallel() ctx, cancelFunc := testutil.Context(t) defer cancelFunc() srv := httptest.NewServer(nil) defer srv.Close() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, GitAuthConfigs: []*gitauth.Config{{ ValidateURL: srv.URL, OAuth2Config: &oauth2Config{}, ID: "github", Regex: regexp.MustCompile(`github\.com`), Type: codersdk.GitProviderGitHub, }}, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) resp := coderdtest.RequestGitAuthCallback(t, "github", client) require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode) // If the validation URL says unauthorized, the callback // URL to re-authenticate should be returned. srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusUnauthorized) }) res, err := agentClient.GitAuth(ctx, "github.com/asd/asd", false) require.NoError(t, err) require.NotEmpty(t, res.URL) // If the validation URL gives a non-OK status code, this // should be treated as an internal server error. srv.Config.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.WriteHeader(http.StatusForbidden) w.Write([]byte("Something went wrong!")) }) _, err = agentClient.GitAuth(ctx, "github.com/asd/asd", false) var apiError *codersdk.Error require.ErrorAs(t, err, &apiError) require.Equal(t, http.StatusInternalServerError, apiError.StatusCode()) require.Equal(t, "validate git auth token: status 403: body: Something went wrong!", apiError.Detail) }) t.Run("ExpiredNoRefresh", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, GitAuthConfigs: []*gitauth.Config{{ OAuth2Config: &oauth2Config{ token: &oauth2.Token{ AccessToken: "token", RefreshToken: "something", Expiry: database.Now().Add(-time.Hour), }, }, ID: "github", Regex: regexp.MustCompile(`github\.com`), Type: codersdk.GitProviderGitHub, NoRefresh: true, }}, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) token, err := agentClient.GitAuth(context.Background(), "github.com/asd/asd", false) require.NoError(t, err) require.NotEmpty(t, token.URL) // In the configuration, we set our OAuth provider // to return an expired token. Coder consumes this // and stores it. resp := coderdtest.RequestGitAuthCallback(t, "github", client) require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode) // Because the token is expired and `NoRefresh` is specified, // a redirect URL should be returned again. token, err = agentClient.GitAuth(context.Background(), "github.com/asd/asd", false) require.NoError(t, err) require.NotEmpty(t, token.URL) }) t.Run("FullFlow", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, GitAuthConfigs: []*gitauth.Config{{ OAuth2Config: &oauth2Config{}, ID: "github", Regex: regexp.MustCompile(`github\.com`), Type: codersdk.GitProviderGitHub, }}, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) token, err := agentClient.GitAuth(context.Background(), "github.com/asd/asd", false) require.NoError(t, err) require.NotEmpty(t, token.URL) // Start waiting for the token callback... tokenChan := make(chan agentsdk.GitAuthResponse, 1) go func() { token, err := agentClient.GitAuth(context.Background(), "github.com/asd/asd", true) assert.NoError(t, err) tokenChan <- token }() time.Sleep(250 * time.Millisecond) resp := coderdtest.RequestGitAuthCallback(t, "github", client) require.Equal(t, http.StatusTemporaryRedirect, resp.StatusCode) token = <-tokenChan require.Equal(t, "token", token.Username) token, err = agentClient.GitAuth(context.Background(), "github.com/asd/asd", false) require.NoError(t, err) }) } func TestWorkspaceAgentReportStats(t *testing.T) { t.Parallel() t.Run("OK", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) _, err := agentClient.PostStats(context.Background(), &agentsdk.Stats{ ConnectionsByProto: map[string]int64{"TCP": 1}, ConnectionCount: 1, RxPackets: 1, RxBytes: 1, TxPackets: 1, TxBytes: 1, SessionCountVSCode: 1, SessionCountJetBrains: 1, SessionCountReconnectingPTY: 1, SessionCountSSH: 1, ConnectionMedianLatencyMS: 10, }) require.NoError(t, err) newWorkspace, err := client.Workspace(context.Background(), workspace.ID) require.NoError(t, err) assert.True(t, newWorkspace.LastUsedAt.After(workspace.LastUsedAt), "%s is not after %s", newWorkspace.LastUsedAt, workspace.LastUsedAt, ) }) } func TestWorkspaceAgent_LifecycleState(t *testing.T) { t.Parallel() t.Run("Set", func(t *testing.T) { t.Parallel() client := coderdtest.New(t, &coderdtest.Options{ IncludeProvisionerDaemon: true, }) user := coderdtest.CreateFirstUser(t, client) authToken := uuid.NewString() version := coderdtest.CreateTemplateVersion(t, client, user.OrganizationID, &echo.Responses{ Parse: echo.ParseComplete, ProvisionPlan: echo.ProvisionComplete, ProvisionApply: []*proto.Provision_Response{{ Type: &proto.Provision_Response_Complete{ Complete: &proto.Provision_Complete{ Resources: []*proto.Resource{{ Name: "example", Type: "aws_instance", Agents: []*proto.Agent{{ Id: uuid.NewString(), Auth: &proto.Agent_Token{ Token: authToken, }, }}, }}, }, }, }}, }) template := coderdtest.CreateTemplate(t, client, user.OrganizationID, version.ID) coderdtest.AwaitTemplateVersionJob(t, client, version.ID) workspace := coderdtest.CreateWorkspace(t, client, user.OrganizationID, template.ID) coderdtest.AwaitWorkspaceBuildJob(t, client, workspace.LatestBuild.ID) for _, res := range workspace.LatestBuild.Resources { for _, a := range res.Agents { require.Equal(t, codersdk.WorkspaceAgentLifecycleCreated, a.LifecycleState) } } agentClient := agentsdk.New(client.URL) agentClient.SetSessionToken(authToken) tests := []struct { state codersdk.WorkspaceAgentLifecycle wantErr bool }{ {codersdk.WorkspaceAgentLifecycleCreated, false}, {codersdk.WorkspaceAgentLifecycleStarting, false}, {codersdk.WorkspaceAgentLifecycleStartTimeout, false}, {codersdk.WorkspaceAgentLifecycleStartError, false}, {codersdk.WorkspaceAgentLifecycleReady, false}, {codersdk.WorkspaceAgentLifecycleShuttingDown, false}, {codersdk.WorkspaceAgentLifecycleShutdownTimeout, false}, {codersdk.WorkspaceAgentLifecycleShutdownError, false}, {codersdk.WorkspaceAgentLifecycleOff, false}, {codersdk.WorkspaceAgentLifecycle("nonexistent_state"), true}, {codersdk.WorkspaceAgentLifecycle(""), true}, } //nolint:paralleltest // No race between setting the state and getting the workspace. for _, tt := range tests { tt := tt t.Run(string(tt.state), func(t *testing.T) { ctx, _ := testutil.Context(t) err := agentClient.PostLifecycle(ctx, agentsdk.PostLifecycleRequest{ State: tt.state, }) if tt.wantErr { require.Error(t, err) return } require.NoError(t, err, "post lifecycle state %q", tt.state) workspace, err = client.Workspace(ctx, workspace.ID) require.NoError(t, err, "get workspace") for _, res := range workspace.LatestBuild.Resources { for _, agent := range res.Agents { require.Equal(t, tt.state, agent.LifecycleState) } } }) } }) }