Don't hardcode local credentials server prot

Author: janekbaraniewski

cmd/agent/container/credentials_server.go

@@ -13,7 +13,6 @@ import (
 	"github.com/loft-sh/devpod/pkg/agent/tunnel"
 	"github.com/loft-sh/devpod/pkg/agent/tunnelserver"
 	"github.com/loft-sh/devpod/pkg/credentials"
-	locald "github.com/loft-sh/devpod/pkg/daemon/local"
 	"github.com/loft-sh/devpod/pkg/dockercredentials"
 	"github.com/loft-sh/devpod/pkg/gitcredentials"
 	"github.com/loft-sh/devpod/pkg/gitsshsigning"
@@ -24,14 +23,18 @@ import (
 	"github.com/spf13/cobra"
 )
 
-const ExitCodeIO int = 64
+const (
+	ExitCodeIO     int    = 64
+	DefaultLogFile string = "/tmp/devpod-credentials-server.log"
+)
 
 // CredentialsServerCmd holds the cmd flags
 type CredentialsServerCmd struct {
 	*flags.GlobalFlags
 
 	User   string
 	Client string
+	Port   int
 
 	ConfigureGitHelper    bool
 	ConfigureDockerHelper bool
@@ -65,6 +68,7 @@ func NewCredentialsServerCmd(flags *flags.GlobalFlags) *cobra.Command {
 	credentialsServerCmd.Flags().StringVar(&cmd.User, "user", "", "The user to use")
 	_ = credentialsServerCmd.MarkFlagRequired("user")
 	credentialsServerCmd.Flags().StringVar(&cmd.Client, "client", "", "client host")
+	credentialsServerCmd.Flags().IntVar(&cmd.Port, "port", 0, "port of credentials server running locally on client machine to connect to")
 
 	return credentialsServerCmd
 }
@@ -73,12 +77,12 @@ func NewCredentialsServerCmd(flags *flags.GlobalFlags) *cobra.Command {
 func (cmd *CredentialsServerCmd) Run(ctx context.Context, port int) error {
 	var tunnelClient tunnel.TunnelClient
 	var err error
-	fileLogger := log.NewFileLogger("/tmp/credentials_server_cmd.log", logrus.DebugLevel)
+	fileLogger := log.NewFileLogger(DefaultLogFile, logrus.DebugLevel)
 	// create a grpc client
 	// if we have client address, lets use the http client
 	if cmd.Client != "" {
 		// address := ts.EnsureURL(cmd.Client, locald.LocalCredentialsServerPort)
-		tunnelClient, err = tunnelserver.NewHTTPTunnelClient(cmd.Client, fmt.Sprintf("%d", locald.LocalCredentialsServerPort), fileLogger)
+		tunnelClient, err = tunnelserver.NewHTTPTunnelClient(cmd.Client, fmt.Sprintf("%d", cmd.Port), fileLogger)
 		if err != nil {
 			return fmt.Errorf("error creating tunnel client: %w", err)
 		}

pkg/agent/tunnelserver/client.go

@@ -7,6 +7,7 @@ import (
 	"net"
 
 	"github.com/loft-sh/devpod/pkg/agent/tunnel"
+	locald "github.com/loft-sh/devpod/pkg/daemon/local"
 	"github.com/loft-sh/devpod/pkg/daemon/workspace/network"
 	"github.com/loft-sh/devpod/pkg/stdio"
 	"github.com/loft-sh/log"
@@ -55,6 +56,7 @@ func NewHTTPTunnelClient(targetHost string, targetPort string, log log.Logger) (
 	) error {
 		md := metadata.New(map[string]string{
 			"x-target-host": targetHost,
+			"x-proxy-port":  fmt.Sprintf("%d", locald.LocalCredentialsServerPort),
 			"x-target-port": targetPort,
 		})
 		// Create a new outgoing context with the metadata attached.

pkg/agent/tunnelserver/tunnelserver.go

@@ -33,18 +33,23 @@ import (
 )
 
 // GetListener returns correct listener for services server - either stdio or tcp
-func GetListener(client string, reader io.Reader, writer io.WriteCloser, exitOnClose bool, log log.Logger) (net.Listener, error) {
+func GetListener(client string, reader io.Reader, writer io.WriteCloser, exitOnClose bool, log log.Logger) (net.Listener, int, error) {
 	if client == "" {
-		log.Info("GetListener - returning stdio listener")
-		return stdio.NewStdioListener(reader, writer, exitOnClose), nil
+		log.Debug("GetListener - returning stdio listener")
+		return stdio.NewStdioListener(reader, writer, exitOnClose), 0, nil
 	}
-	log.Info("GetListener - returning tcp listener")
-	listener, err := net.Listen("tcp", ":4795") // FIXME
+	log.Debug("GetListener - returning tcp listener")
+	listener, err := net.Listen("tcp", ":0")
 	if err != nil {
-		return nil, err
+		return nil, 0, err
 	}
 
-	return listener, nil
+	// Extract the actual TCP port the OS has bound to.
+	tcpAddr, ok := listener.Addr().(*net.TCPAddr)
+	if !ok {
+		return nil, 0, fmt.Errorf("listener.Addr() is not a *net.TCPAddr")
+	}
+	return listener, tcpAddr.Port, nil
 }
 
 func RunServicesServer(ctx context.Context, lis net.Listener, allowGitCredentials, allowDockerCredentials bool, forwarder netstat.Forwarder, workspace *provider2.Workspace, log log.Logger, options ...Option) error {

pkg/daemon/local/credentials_proxy.go

@@ -64,9 +64,7 @@ func (s *LocalCredentialsServerProxy) Listen(ctx context.Context) error {
 			s.log.Error("LocalCredentialsServerProxy: Director missing x-target-port metadata")
 			return nil, nil, status.Errorf(codes.InvalidArgument, "missing x-target-port metadata")
 		}
-		// targetPort := targetPorts[0]
-		targetPort := "4795" // FIXME
-
+		targetPort := targetPorts[0]
 		targetAddr := net.JoinHostPort(DefaultTargetHost, targetPort)
 
 		s.log.Infof("[LocalCredentialsServerProxy] [gRPC] Proxying call %q to target %s", fullMethodName, targetAddr)

pkg/daemon/workspace/network/network_proxy.go

@@ -63,16 +63,17 @@ func (s *NetworkProxyService) Start(ctx context.Context) error {
 
 		targetHosts := mdCopy.Get("x-target-host")
 		targetPorts := mdCopy.Get("x-target-port")
-		if len(targetHosts) == 0 || len(targetPorts) == 0 {
-			s.log.Errorf("[NetworkProxyService] [gRPC] Director missing x-target-host or x-target-port metadata for call %q", fullMethodName)
-			return nil, nil, status.Errorf(codes.InvalidArgument, "missing x-target-host or x-target-port metadata")
+		proxyPorts := mdCopy.Get("x-proxy-port")
+		if len(targetHosts) == 0 || len(targetPorts) == 0 || len(proxyPorts) == 0 {
+			s.log.Errorf("[NetworkProxyService] [gRPC] Director missing x-target-host, x-proxy-port or x-target-port metadata for call %q", fullMethodName)
+			return nil, nil, status.Errorf(codes.InvalidArgument, "missing x-target-host, x-proxy-port or x-target-port metadata")
 		}
 
-		port, err := strconv.Atoi(targetPorts[0])
+		proxyPort, err := strconv.Atoi(proxyPorts[0])
 		if err != nil {
 			return nil, nil, err
 		}
-		targetAddr := ts.EnsureURL(targetHosts[0], port)
+		targetAddr := ts.EnsureURL(targetHosts[0], proxyPort)
 
 		s.log.Infof("[NetworkProxyService] [gRPC] Proxying call %q to target %s", fullMethodName, targetAddr)
 

pkg/tunnel/services.go

@@ -88,15 +88,20 @@ func RunServices(
 			forwarder = newForwarder(containerClient, append(forwardedPorts, fmt.Sprintf("%d", openvscode.DefaultVSCodePort)), log)
 		}
 
+		// Create channels for the port and errors.
+		portChan := make(chan int, 1)
 		errChan := make(chan error, 1)
+
 		go func() {
 			defer cancel()
 			defer stdinWriter.Close()
-			listener, err := tunnelserver.GetListener(client, stdoutReader, stdinWriter, false, log)
+			listener, port, err := tunnelserver.GetListener(client, stdoutReader, stdinWriter, false, log)
 			if err != nil {
 				errChan <- errors.Wrap(err, "create tunnel server listener")
+				return
 			}
-			log.Infof("DEBUG GRPC - GOT LISTENER FOR LOCAL SERVER - %v\n", listener)
+			// Send the generated port back.
+			portChan <- port
 			defer listener.Close()
 
 			// Start local credentials server on clients machine and forward credentials to container
@@ -116,7 +121,16 @@ func RunServices(
 			close(errChan)
 		}()
 
-		// run credentials server
+		log.Infof("Waiting for credentials server port to be assigned...")
+		var port int
+		select {
+		case port = <-portChan:
+			log.Infof("Credentials server running on port %d\n", port)
+		case err = <-errChan:
+			return err
+		}
+
+		// Run credentials server process.
 		writer := log.ErrorStreamOnly().Writer(logrus.DebugLevel, false)
 		defer writer.Close()
 
@@ -129,6 +143,11 @@ func RunServices(
 		if configureGitCredentials {
 			command += " --configure-git-helper"
 		}
+
+		if port != 0 {
+			command += fmt.Sprintf(" --port %d", port)
+		}
+
 		if configureGitSSHSignatureHelper {
 			format, userSigningKey, err := gitsshsigning.ExtractGitConfiguration()
 			if err == nil && format == gitsshsigning.GPGFormatSSH && userSigningKey != "" {