mirror of
https://github.com/coder/coder.git
synced 2025-07-10 23:53:15 +00:00
2ba4a62a0d
* feat: HA tailnet coordinator * fixup! feat: HA tailnet coordinator * fixup! feat: HA tailnet coordinator * remove printlns * close all connections on coordinator * impelement high availability feature * fixup! impelement high availability feature * fixup! impelement high availability feature * fixup! impelement high availability feature * fixup! impelement high availability feature * Add replicas * Add DERP meshing to arbitrary addresses * Move packages to highavailability folder * Move coordinator to high availability package * Add flags for HA * Rename to replicasync * Denest packages for replicas * Add test for multiple replicas * Fix coordination test * Add HA to the helm chart * Rename function pointer * Add warnings for HA * Add the ability to block endpoints * Add flag to disable P2P connections * Wow, I made the tests pass * Add replicas endpoint * Ensure close kills replica * Update sql * Add database latency to high availability * Pipe TLS to DERP mesh * Fix DERP mesh with TLS * Add tests for TLS * Fix replica sync TLS * Fix RootCA for replica meshing * Remove ID from replicasync * Fix getting certificates for meshing * Remove excessive locking * Fix linting * Store mesh key in the database * Fix replica key for tests * Fix types gen * Fix unlocking unlocked * Fix race in tests * Update enterprise/derpmesh/derpmesh.go Co-authored-by: Colin Adler <colin1adler@gmail.com> * Rename to syncReplicas * Reuse http client * Delete old replicas on a CRON * Fix race condition in connection tests * Fix linting * Fix nil type * Move pubsub to in-memory for twenty test * Add comment for configuration tweaking * Fix leak with transport * Fix close leak in derpmesh * Fix race when creating server * Remove handler update * Skip test on Windows * Fix DERP mesh test * Wrap HTTP handler replacement in mutex * Fix error message for relay * Fix API handler for normal tests * Fix speedtest * Fix replica resend * Fix derpmesh send * Ping async * Increase wait time of template version jobd * Fix race when closing replica sync * Add name to client * Log the derpmap being used * Don't connect if DERP is empty * Improve agent coordinator logging * Fix lock in coordinator * Fix relay addr * Fix race when updating durations * Fix client publish race * Run pubsub loop in a queue * Store agent nodes in order * Fix coordinator locking * Check for closed pipe Co-authored-by: Colin Adler <colin1adler@gmail.com>
272 lines
10 KiB
Go
272 lines
10 KiB
Go
package license_test
|
|
|
|
import (
|
|
"context"
|
|
"fmt"
|
|
"strings"
|
|
"testing"
|
|
"time"
|
|
|
|
"github.com/stretchr/testify/require"
|
|
|
|
"cdr.dev/slog"
|
|
"github.com/coder/coder/coderd/database"
|
|
"github.com/coder/coder/coderd/database/databasefake"
|
|
"github.com/coder/coder/codersdk"
|
|
"github.com/coder/coder/enterprise/coderd/coderdenttest"
|
|
"github.com/coder/coder/enterprise/coderd/license"
|
|
)
|
|
|
|
func TestEntitlements(t *testing.T) {
|
|
t.Parallel()
|
|
all := map[string]bool{
|
|
codersdk.FeatureAuditLog: true,
|
|
codersdk.FeatureBrowserOnly: true,
|
|
codersdk.FeatureSCIM: true,
|
|
codersdk.FeatureWorkspaceQuota: true,
|
|
codersdk.FeatureHighAvailability: true,
|
|
codersdk.FeatureTemplateRBAC: true,
|
|
}
|
|
|
|
t.Run("Defaults", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, all)
|
|
require.NoError(t, err)
|
|
require.False(t, entitlements.HasLicense)
|
|
require.False(t, entitlements.Trial)
|
|
for _, featureName := range codersdk.FeatureNames {
|
|
require.False(t, entitlements.Features[featureName].Enabled)
|
|
require.Equal(t, codersdk.EntitlementNotEntitled, entitlements.Features[featureName].Entitlement)
|
|
}
|
|
})
|
|
t.Run("SingleLicenseNothing", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{}),
|
|
Exp: time.Now().Add(time.Hour),
|
|
})
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, map[string]bool{})
|
|
require.NoError(t, err)
|
|
require.True(t, entitlements.HasLicense)
|
|
require.False(t, entitlements.Trial)
|
|
for _, featureName := range codersdk.FeatureNames {
|
|
require.False(t, entitlements.Features[featureName].Enabled)
|
|
require.Equal(t, codersdk.EntitlementNotEntitled, entitlements.Features[featureName].Entitlement)
|
|
}
|
|
})
|
|
t.Run("SingleLicenseAll", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
|
|
UserLimit: 100,
|
|
AuditLog: true,
|
|
BrowserOnly: true,
|
|
SCIM: true,
|
|
WorkspaceQuota: true,
|
|
HighAvailability: true,
|
|
TemplateRBAC: true,
|
|
}),
|
|
Exp: time.Now().Add(time.Hour),
|
|
})
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, map[string]bool{})
|
|
require.NoError(t, err)
|
|
require.True(t, entitlements.HasLicense)
|
|
require.False(t, entitlements.Trial)
|
|
for _, featureName := range codersdk.FeatureNames {
|
|
require.Equal(t, codersdk.EntitlementEntitled, entitlements.Features[featureName].Entitlement)
|
|
}
|
|
})
|
|
t.Run("SingleLicenseGrace", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
|
|
UserLimit: 100,
|
|
AuditLog: true,
|
|
BrowserOnly: true,
|
|
SCIM: true,
|
|
WorkspaceQuota: true,
|
|
HighAvailability: true,
|
|
TemplateRBAC: true,
|
|
GraceAt: time.Now().Add(-time.Hour),
|
|
ExpiresAt: time.Now().Add(time.Hour),
|
|
}),
|
|
Exp: time.Now().Add(time.Hour),
|
|
})
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, all)
|
|
require.NoError(t, err)
|
|
require.True(t, entitlements.HasLicense)
|
|
require.False(t, entitlements.Trial)
|
|
for _, featureName := range codersdk.FeatureNames {
|
|
if featureName == codersdk.FeatureUserLimit {
|
|
continue
|
|
}
|
|
if featureName == codersdk.FeatureHighAvailability {
|
|
continue
|
|
}
|
|
niceName := strings.Title(strings.ReplaceAll(featureName, "_", " "))
|
|
require.Equal(t, codersdk.EntitlementGracePeriod, entitlements.Features[featureName].Entitlement)
|
|
require.Contains(t, entitlements.Warnings, fmt.Sprintf("%s is enabled but your license for this feature is expired.", niceName))
|
|
}
|
|
})
|
|
t.Run("SingleLicenseNotEntitled", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{}),
|
|
Exp: time.Now().Add(time.Hour),
|
|
})
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, all)
|
|
require.NoError(t, err)
|
|
require.True(t, entitlements.HasLicense)
|
|
require.False(t, entitlements.Trial)
|
|
for _, featureName := range codersdk.FeatureNames {
|
|
if featureName == codersdk.FeatureUserLimit {
|
|
continue
|
|
}
|
|
if featureName == codersdk.FeatureHighAvailability {
|
|
continue
|
|
}
|
|
niceName := strings.Title(strings.ReplaceAll(featureName, "_", " "))
|
|
// Ensures features that are not entitled are properly disabled.
|
|
require.False(t, entitlements.Features[featureName].Enabled)
|
|
require.Equal(t, codersdk.EntitlementNotEntitled, entitlements.Features[featureName].Entitlement)
|
|
require.Contains(t, entitlements.Warnings, fmt.Sprintf("%s is enabled but your license is not entitled to this feature.", niceName))
|
|
}
|
|
})
|
|
t.Run("TooManyUsers", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
db.InsertUser(context.Background(), database.InsertUserParams{})
|
|
db.InsertUser(context.Background(), database.InsertUserParams{})
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
|
|
UserLimit: 1,
|
|
}),
|
|
Exp: time.Now().Add(time.Hour),
|
|
})
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, map[string]bool{})
|
|
require.NoError(t, err)
|
|
require.True(t, entitlements.HasLicense)
|
|
require.Contains(t, entitlements.Warnings, "Your deployment has 2 active users but is only licensed for 1.")
|
|
})
|
|
t.Run("MaximizeUserLimit", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
db.InsertUser(context.Background(), database.InsertUserParams{})
|
|
db.InsertUser(context.Background(), database.InsertUserParams{})
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
|
|
UserLimit: 10,
|
|
}),
|
|
Exp: time.Now().Add(time.Hour),
|
|
})
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
|
|
UserLimit: 1,
|
|
}),
|
|
Exp: time.Now().Add(time.Hour),
|
|
})
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, map[string]bool{})
|
|
require.NoError(t, err)
|
|
require.True(t, entitlements.HasLicense)
|
|
require.Empty(t, entitlements.Warnings)
|
|
})
|
|
t.Run("MultipleLicenseEnabled", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
// One trial
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
Exp: time.Now().Add(time.Hour),
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
|
|
Trial: true,
|
|
}),
|
|
})
|
|
// One not
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
Exp: time.Now().Add(time.Hour),
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
|
|
Trial: false,
|
|
}),
|
|
})
|
|
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, map[string]bool{})
|
|
require.NoError(t, err)
|
|
require.True(t, entitlements.HasLicense)
|
|
require.False(t, entitlements.Trial)
|
|
})
|
|
|
|
t.Run("AllFeatures", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
Exp: time.Now().Add(time.Hour),
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
|
|
AllFeatures: true,
|
|
}),
|
|
})
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 1, coderdenttest.Keys, all)
|
|
require.NoError(t, err)
|
|
require.True(t, entitlements.HasLicense)
|
|
require.False(t, entitlements.Trial)
|
|
for _, featureName := range codersdk.FeatureNames {
|
|
if featureName == codersdk.FeatureUserLimit {
|
|
continue
|
|
}
|
|
require.True(t, entitlements.Features[featureName].Enabled)
|
|
require.Equal(t, codersdk.EntitlementEntitled, entitlements.Features[featureName].Entitlement)
|
|
}
|
|
})
|
|
|
|
t.Run("MultipleReplicasNoLicense", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 2, coderdenttest.Keys, all)
|
|
require.NoError(t, err)
|
|
require.False(t, entitlements.HasLicense)
|
|
require.Len(t, entitlements.Errors, 1)
|
|
require.Equal(t, "You have multiple replicas but high availability is an Enterprise feature. You will be unable to connect to workspaces.", entitlements.Errors[0])
|
|
})
|
|
|
|
t.Run("MultipleReplicasNotEntitled", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
Exp: time.Now().Add(time.Hour),
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
|
|
AuditLog: true,
|
|
}),
|
|
})
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 2, coderdenttest.Keys, map[string]bool{
|
|
codersdk.FeatureHighAvailability: true,
|
|
})
|
|
require.NoError(t, err)
|
|
require.True(t, entitlements.HasLicense)
|
|
require.Len(t, entitlements.Errors, 1)
|
|
require.Equal(t, "You have multiple replicas but your license is not entitled to high availability. You will be unable to connect to workspaces.", entitlements.Errors[0])
|
|
})
|
|
|
|
t.Run("MultipleReplicasGrace", func(t *testing.T) {
|
|
t.Parallel()
|
|
db := databasefake.New()
|
|
db.InsertLicense(context.Background(), database.InsertLicenseParams{
|
|
JWT: coderdenttest.GenerateLicense(t, coderdenttest.LicenseOptions{
|
|
HighAvailability: true,
|
|
GraceAt: time.Now().Add(-time.Hour),
|
|
ExpiresAt: time.Now().Add(time.Hour),
|
|
}),
|
|
Exp: time.Now().Add(time.Hour),
|
|
})
|
|
entitlements, err := license.Entitlements(context.Background(), db, slog.Logger{}, 2, coderdenttest.Keys, map[string]bool{
|
|
codersdk.FeatureHighAvailability: true,
|
|
})
|
|
require.NoError(t, err)
|
|
require.True(t, entitlements.HasLicense)
|
|
require.Len(t, entitlements.Warnings, 1)
|
|
require.Equal(t, "You have multiple replicas but your license for high availability is expired. Reduce to one replica or workspace connections will stop working.", entitlements.Warnings[0])
|
|
})
|
|
}
|