Use generic local grpc proxy in local daemon

Author: janekbaraniewski

cmd/agent/container/credentials_server.go

@@ -25,7 +25,7 @@ import (
 
 const (
 	ExitCodeIO     int    = 64
-	DefaultLogFile string = "/tmp/devpod-credentials-server.log"
+	DefaultLogFile string = "/var/devpod/credentials-server.log"
 )
 
 // CredentialsServerCmd holds the cmd flags
@@ -78,11 +78,12 @@ func (cmd *CredentialsServerCmd) Run(ctx context.Context, port int) error {
 	var tunnelClient tunnel.TunnelClient
 	var err error
 	fileLogger := log.NewFileLogger(DefaultLogFile, logrus.DebugLevel)
+
 	// create a grpc client
 	// if we have client address, lets use the http client
 	if cmd.Client != "" {
-		// address := ts.EnsureURL(cmd.Client, locald.LocalCredentialsServerPort)
-		tunnelClient, err = tunnelserver.NewHTTPTunnelClient(cmd.Client, fmt.Sprintf("%d", cmd.Port), fileLogger)
+		tunnelClient, err = tunnelserver.NewHTTPTunnelClient(
+			cmd.Client, fmt.Sprintf("%d", cmd.Port), fileLogger)
 		if err != nil {
 			return fmt.Errorf("error creating tunnel client: %w", err)
 		}
@@ -129,7 +130,7 @@ func (cmd *CredentialsServerCmd) Run(ctx context.Context, port int) error {
 	}
 
 	// configure git user
-	err = configureGitUserLocally(ctx, cmd.User, tunnelClient) // FIXME: still uses tunnel client for git creds
+	err = configureGitUserLocally(ctx, cmd.User, tunnelClient)
 	if err != nil {
 		log.Debugf("Error configuring git user: %v", err)
 		return err

pkg/agent/tunnelserver/client.go

@@ -43,9 +43,8 @@ func NewTunnelClient(reader io.Reader, writer io.WriteCloser, exitOnClose bool,
 // NewHTTPTunnelClient creates a new gRPC client that connects via the network proxy.
 func NewHTTPTunnelClient(targetHost string, targetPort string, log log.Logger) (tunnel.TunnelClient, error) {
 	resolver.SetDefaultScheme("passthrough")
-	log.Infof("Starting tunnel client targeting %s:%s via proxy", targetHost, targetPort)
+	log.Infof("Starting tunnel client targeting %s:%s", targetHost, targetPort)
 
-	// Create a unary interceptor to attach the target metadata.
 	unaryInterceptor := func(
 		ctx context.Context,
 		method string,
@@ -55,11 +54,11 @@ func NewHTTPTunnelClient(targetHost string, targetPort string, log log.Logger) (
 		opts ...grpc.CallOption,
 	) error {
 		md := metadata.New(map[string]string{
-			"x-target-host": targetHost,
-			"x-proxy-port":  fmt.Sprintf("%d", locald.LocalCredentialsServerPort),
-			"x-target-port": targetPort,
+			network.HeaderTargetHost: targetHost,
+			network.HeaderTargetPort: targetPort,
+			network.HeaderProxyPort:  fmt.Sprintf("%d", locald.DefaultGRPCProxyPort),
 		})
-		// Create a new outgoing context with the metadata attached.
+
 		ctx = metadata.NewOutgoingContext(ctx, md)
 		log.Debugf("Unary interceptor adding metadata: host=%s, port=%s", targetHost, targetPort)
 		return invoker(ctx, method, req, reply, cc, opts...)
@@ -74,22 +73,23 @@ func NewHTTPTunnelClient(targetHost string, targetPort string, log log.Logger) (
 		opts ...grpc.CallOption,
 	) (grpc.ClientStream, error) {
 		md := metadata.New(map[string]string{
-			"x-target-host": targetHost,
-			"x-target-port": targetPort,
+			network.HeaderTargetHost: targetHost,
+			network.HeaderTargetPort: targetPort,
+			network.HeaderProxyPort:  fmt.Sprintf("%d", locald.DefaultGRPCProxyPort),
 		})
-		// Create a new outgoing context with the metadata attached.
+
 		ctx = metadata.NewOutgoingContext(ctx, md)
 		log.Debugf("Stream interceptor adding metadata: host=%s, port=%s", targetHost, targetPort)
 		return streamer(ctx, desc, cc, method, opts...)
 	}
 
-	target := "passthrough:///proxy-socket-target"
+	target := "passthrough:///proxy-socket-target" // dummy target, our dialer is responsible for using socket
 
 	conn, err := grpc.NewClient(target,
-		grpc.WithTransportCredentials(insecure.NewCredentials()), // Connect to proxy socket without TLS
-		grpc.WithContextDialer(network.GetContextDialer()),       // Use our custom dialer
-		grpc.WithUnaryInterceptor(unaryInterceptor),              // Add metadata for unary calls
-		grpc.WithStreamInterceptor(streamInterceptor),            // Add metadata for streaming calls
+		grpc.WithTransportCredentials(insecure.NewCredentials()),
+		grpc.WithContextDialer(network.GetContextDialer()),
+		grpc.WithUnaryInterceptor(unaryInterceptor),
+		grpc.WithStreamInterceptor(streamInterceptor),
 	)
 	if err != nil {
 		log.Errorf("Failed to create gRPC client connection via proxy: %v", err)

pkg/credentials/server.go

@@ -8,14 +8,11 @@ import (
 	"net"
 	"net/http"
 	"os"
-	"path/filepath"
 	"strconv"
 
 	"github.com/loft-sh/devpod/pkg/agent/tunnel"
-	devpodlog "github.com/loft-sh/devpod/pkg/log"
 	"github.com/loft-sh/log"
 	"github.com/pkg/errors"
-	"github.com/sirupsen/logrus"
 )
 
 const (
@@ -32,37 +29,33 @@ func RunCredentialsServer(
 	clientHost string,
 	logger log.Logger,
 ) error {
-	logPath := filepath.Join("/tmp", CredentialsServerLogFile)
-	fileLogger := log.NewFileLogger(logPath, logrus.DebugLevel)
-	combinedLogger := devpodlog.NewCombinedLogger(logrus.DebugLevel, logger, fileLogger)
-
 	var handler http.Handler = http.HandlerFunc(func(writer http.ResponseWriter, request *http.Request) {
-		combinedLogger.Debugf("Incoming client connection at %s", request.URL.Path)
+		logger.Debugf("Incoming client connection at %s", request.URL.Path)
 		if request.URL.Path == "/git-credentials" {
-			err := handleGitCredentialsRequest(ctx, writer, request, client, clientHost, combinedLogger)
+			err := handleGitCredentialsRequest(ctx, writer, request, client, clientHost, logger)
 			if err != nil {
 				http.Error(writer, err.Error(), http.StatusInternalServerError)
 				return
 			}
 		} else if request.URL.Path == "/docker-credentials" {
-			err := handleDockerCredentialsRequest(ctx, writer, request, client, combinedLogger)
+			err := handleDockerCredentialsRequest(ctx, writer, request, client, logger)
 			if err != nil {
 				http.Error(writer, err.Error(), http.StatusInternalServerError)
 				return
 			}
 		} else if request.URL.Path == "/git-ssh-signature" {
-			err := handleGitSSHSignatureRequest(ctx, writer, request, client, combinedLogger)
+			err := handleGitSSHSignatureRequest(ctx, writer, request, client, logger)
 			if err != nil {
 				http.Error(writer, err.Error(), http.StatusInternalServerError)
 				return
 			}
 		} else if request.URL.Path == "/loft-platform-credentials" {
-			err := handleLoftPlatformCredentialsRequest(ctx, writer, request, client, combinedLogger)
+			err := handleLoftPlatformCredentialsRequest(ctx, writer, request, client, logger)
 			if err != nil {
 				http.Error(writer, err.Error(), http.StatusInternalServerError)
 			}
 		} else if request.URL.Path == "/gpg-public-keys" {
-			err := handleGPGPublicKeysRequest(ctx, writer, request, client, combinedLogger)
+			err := handleGPGPublicKeysRequest(ctx, writer, request, client, logger)
 			if err != nil {
 				http.Error(writer, err.Error(), http.StatusInternalServerError)
 			}
@@ -74,7 +67,7 @@ func RunCredentialsServer(
 
 	errChan := make(chan error, 1)
 	go func() {
-		combinedLogger.Debugf("Credentials server started on port %d...", port)
+		logger.Debugf("Credentials server started on port %d...", port)
 
 		// always returns error. ErrServerClosed on graceful close
 		if err := srv.ListenAndServe(); err != http.ErrServerClosed {

pkg/daemon/local/credentials_proxy.go

@@ -23,12 +23,12 @@ import (
 )
 
 type Daemon struct {
-	socketListener         net.Listener
-	tsServer               *tsnet.Server
-	localServer            *localServer
-	credentialsServerProxy *LocalCredentialsServerProxy
-	rootDir                string
-	log                    log.Logger
+	socketListener  net.Listener
+	tsServer        *tsnet.Server
+	localServer     *localServer
+	grpcServerProxy *LocalGRPCProxy
+	rootDir         string
+	log             log.Logger
 }
 
 type InitConfig struct {
@@ -63,18 +63,18 @@ func Init(ctx context.Context, config InitConfig) (*Daemon, error) {
 		return nil, fmt.Errorf("create local server: %w", err)
 	}
 
-	credentialsProxy, err := NewLocalCredentialsServerProxy(tsServer, log)
+	grpcProxy, err := NewLocalGRPCProxy(tsServer, log)
 	if err != nil {
 		return nil, fmt.Errorf("create local credentials server: %w", err)
 	}
 
 	return &Daemon{
-		socketListener:         socketListener,
-		tsServer:               tsServer,
-		localServer:            localServer,
-		credentialsServerProxy: credentialsProxy,
-		rootDir:                config.RootDir,
-		log:                    log,
+		socketListener:  socketListener,
+		tsServer:        tsServer,
+		localServer:     localServer,
+		grpcServerProxy: grpcProxy,
+		rootDir:         config.RootDir,
+		log:             log,
 	}, nil
 }
 func (d *Daemon) Start(ctx context.Context) error {
@@ -94,7 +94,7 @@ func (d *Daemon) Start(ctx context.Context) error {
 	}()
 	go func() {
 		d.log.Info("Start credentials server")
-		errChan <- d.credentialsServerProxy.Listen(ctx)
+		errChan <- d.grpcServerProxy.Listen(ctx)
 	}()
 	defer func() {
 		d.log.Info("Cleaning up daemon resources")