Merge pull request #1785 from loft-sh/feature/tailscale-network-rewrite

Feature/tailscale network rewrite

Author: pascalbreuninger

.github/workflows/release.yaml

@@ -112,7 +112,7 @@ jobs:
             target: x86_64-unknown-linux-gnu
             os: linux
             arch: amd64
-            cli_only: false
+            cli_only: true
           - host: ubuntu-22.04
             target: aarch64-unknown-linux-gnu
             os: linux
@@ -241,6 +241,7 @@ jobs:
           APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
           APPLE_ID: ${{ secrets.APPLE_ID }}
           APPLE_PASSWORD: ${{ secrets.APPLE_PASSWORD }}
+          CI: false # https://github.com/tauri-apps/tauri-action/issues/740
 
       - name: Build linux tar.gz
         if: matrix.settings.host == 'ubuntu-22.04' && matrix.settings.cli_only == false

.gitignore

@@ -2,11 +2,11 @@
 .DS_Store
 /test
 /e2e/bin
-devpod
-devpod.exe
-devpod-cli
+/devpod
+/devpod.exe
+/devpod-cli
 # Unit test targets
-main
-profile.out
-package-lock.json
-tags
+/main
+/profile.out
+/package-lock.json
+/tags

Makefile

@@ -1,15 +1,28 @@
 GOOS := $(shell go env GOOS)
 GOARCH := $(shell go env GOARCH)
 
+# Platform host
+PLATFORM_HOST := localhost:8080
+
 # Build the CLI and Desktop
 .PHONY: build
 build:
-	BUILD_PLATFORMS=$(GOOS) ./hack/rebuild.sh
+	BUILD_PLATFORMS=$(GOOS) BUILD_ARCHS=$(GOARCH) ./hack/rebuild.sh
+
+# Run the desktop app
+.PHONY: run-desktop
+run-desktop: build
+	cd desktop && yarn desktop:dev
+
+# Run the daemon against loft host
+.PHONY: run-daemon
+run-daemon: build
+	devpod pro daemon start --host $(PLATFORM_HOST) 
 
 # Copy the devpod binary to the platform pod
 .PHONY: cp-to-platform
 cp-to-platform:
-	SKIP_INSTALL=true BUILD_PLATFORMS=linux ./hack/rebuild.sh
+	SKIP_INSTALL=true BUILD_PLATFORMS=linux BUILD_ARCHS=$(GOARCH) ./hack/rebuild.sh
 	POD=$$(kubectl get pod -n loft -l app=loft,release=loft -o jsonpath='{.items[0].metadata.name}'); \
 	echo "Copying ./test/devpod-linux-$(GOARCH) to pod $$POD"; \
 	kubectl cp -n loft ./test/devpod-linux-$(GOARCH) $$POD:/usr/local/bin/devpod 

cmd/agent/container/container.go

@@ -18,5 +18,6 @@ func NewContainerCmd(flags *flags.GlobalFlags) *cobra.Command {
 	containerCmd.AddCommand(NewOpenVSCodeAsyncCmd())
 	containerCmd.AddCommand(NewCredentialsServerCmd(flags))
 	containerCmd.AddCommand(NewSetupLoftPlatformAccessCmd(flags))
+	containerCmd.AddCommand(NewSSHServerCmd(flags))
 	return containerCmd
 }

cmd/agent/container/credentials_server.go

@@ -1,13 +1,11 @@
 package container
 
 import (
-	"bytes"
 	"context"
 	"encoding/base64"
 	"encoding/json"
 	"fmt"
 	"net"
-	"net/http"
 	"os"
 	"strconv"
 
@@ -18,7 +16,6 @@ import (
 	"github.com/loft-sh/devpod/pkg/dockercredentials"
 	"github.com/loft-sh/devpod/pkg/gitcredentials"
 	"github.com/loft-sh/devpod/pkg/gitsshsigning"
-	devpodhttp "github.com/loft-sh/devpod/pkg/http"
 	"github.com/loft-sh/devpod/pkg/netstat"
 	portpkg "github.com/loft-sh/devpod/pkg/port"
 	"github.com/loft-sh/log"
@@ -38,7 +35,6 @@ type CredentialsServerCmd struct {
 
 	ForwardPorts      bool
 	GitUserSigningKey string
-	Runner            bool
 }
 
 // NewCredentialsServerCmd creates a new command
@@ -51,20 +47,12 @@ func NewCredentialsServerCmd(flags *flags.GlobalFlags) *cobra.Command {
 		Short: "Starts a credentials server",
 		Args:  cobra.NoArgs,
 		RunE: func(c *cobra.Command, args []string) error {
-			runnerPort, err := credentials.GetRunnerPort()
-			if err != nil {
-				return err
-			}
-			if cmd.Runner {
-				return cmd.RunRunner(c.Context(), runnerPort)
-			}
-
 			port, err := credentials.GetPort()
 			if err != nil {
 				return err
 			}
 
-			return cmd.Run(c.Context(), port, runnerPort)
+			return cmd.Run(c.Context(), port)
 		},
 	}
 	credentialsServerCmd.Flags().BoolVar(&cmd.ConfigureGitHelper, "configure-git-helper", false, "If true will configure git helper")
@@ -73,13 +61,12 @@ func NewCredentialsServerCmd(flags *flags.GlobalFlags) *cobra.Command {
 	credentialsServerCmd.Flags().StringVar(&cmd.GitUserSigningKey, "git-user-signing-key", "", "")
 	credentialsServerCmd.Flags().StringVar(&cmd.User, "user", "", "The user to use")
 	_ = credentialsServerCmd.MarkFlagRequired("user")
-	credentialsServerCmd.Flags().BoolVar(&cmd.Runner, "runner", false, "If true will create a credentials server connected to the runner")
 
 	return credentialsServerCmd
 }
 
 // Run runs the command logic
-func (cmd *CredentialsServerCmd) Run(ctx context.Context, port int, runnerPort int) error {
+func (cmd *CredentialsServerCmd) Run(ctx context.Context, port int) error {
 	// create a grpc client
 	tunnelClient, err := tunnelserver.NewTunnelClient(os.Stdin, os.Stdout, true, ExitCodeIO)
 	if err != nil {
@@ -112,10 +99,8 @@ func (cmd *CredentialsServerCmd) Run(ctx context.Context, port int, runnerPort i
 		return nil
 	}
 
-	runnerAddr := checkRunnerCredentialServer(runnerPort)
-
 	// configure docker credential helper
-	if cmd.ConfigureDockerHelper && dockerCredentialsAllowed(runnerAddr) {
+	if cmd.ConfigureDockerHelper {
 		err = dockercredentials.ConfigureCredentialsContainer(cmd.User, port, log)
 		if err != nil {
 			return err
@@ -130,7 +115,7 @@ func (cmd *CredentialsServerCmd) Run(ctx context.Context, port int, runnerPort i
 	}
 
 	// configure git credential helper
-	if cmd.ConfigureGitHelper && gitCredentialsAllowed(runnerAddr) {
+	if cmd.ConfigureGitHelper {
 		binaryPath, err := os.Executable()
 		if err != nil {
 			return err
@@ -163,86 +148,7 @@ func (cmd *CredentialsServerCmd) Run(ctx context.Context, port int, runnerPort i
 		}(cmd.User)
 	}
 
-	return credentials.RunCredentialsServer(ctx, port, tunnelClient, runnerAddr, log)
-}
-
-// RunRunner starts the runners credentials server
-// It's connected directly to a services server on the runner instead of on the origin developer machine
-//
-// The origin credentials server (default: port 12049) and the runner credentials server (default: port 12050)
-// communicate through https. Since both are connected to their respective peers over stdio, the default mode is
-// to always connect external tools (git, docker) to the origin instance. It is then responsible
-// for pinging the runners server first.
-// The runner will either send a valid response to use, an empty response meaning "no decision" or an error, indicating abortion.
-func (cmd *CredentialsServerCmd) RunRunner(ctx context.Context, port int) error {
-	// create a grpc client
-	tunnelClient, err := tunnelserver.NewTunnelClient(os.Stdin, os.Stdout, true, ExitCodeIO)
-	if err != nil {
-		return fmt.Errorf("error creating tunnel client: %w", err)
-	}
-
-	// this message serves as a ping to the client
-	_, err = tunnelClient.Ping(ctx, &tunnel.Empty{})
-	if err != nil {
-		return fmt.Errorf("ping client: %w", err)
-	}
-
-	// create debug logger
-	log := tunnelserver.NewTunnelLogger(ctx, tunnelClient, cmd.Debug)
-
-	addr := net.JoinHostPort("localhost", strconv.Itoa(port))
-	if ok, err := portpkg.IsAvailable(addr); !ok || err != nil {
-		log.Debugf("Port %d not available, exiting", port)
-		return nil
-	}
-
-	// We go through the same startup procedure the origin credentials server goes through as well
-	// This ensures we set up everything according to platform settings if we are in scenarios where we
-	// don't have an origin server, for example in web mode.
-
-	if cmd.ConfigureDockerHelper {
-		err = dockercredentials.ConfigureCredentialsContainer(cmd.User, port, log)
-		if err != nil {
-			return err
-		}
-	}
-
-	err = configureGitUserLocally(ctx, cmd.User, tunnelClient)
-	if err != nil {
-		log.Debugf("Error configuring git user: %v", err)
-	}
-
-	// configure git credential helper
-	if cmd.ConfigureGitHelper {
-		binaryPath, err := os.Executable()
-		if err != nil {
-			return err
-		}
-		err = gitcredentials.ConfigureHelper(binaryPath, cmd.User, port)
-		if err != nil {
-			return fmt.Errorf("configure git helper: %w", err)
-		}
-
-		// cleanup when we are done
-		defer func(userName string) {
-			_ = gitcredentials.RemoveHelper(userName)
-		}(cmd.User)
-	}
-
-	// configure git ssh signature helper
-	if cmd.GitUserSigningKey != "" {
-		err = gitsshsigning.ConfigureHelper(cmd.User, cmd.GitUserSigningKey, log)
-		if err != nil {
-			return fmt.Errorf("configure git ssh signature helper: %w", err)
-		}
-
-		// cleanup when we are done
-		defer func(userName string) {
-			_ = gitsshsigning.RemoveHelper(userName)
-		}(cmd.User)
-	}
-
-	return credentials.RunCredentialsServer(ctx, port, tunnelClient, "", log)
+	return credentials.RunCredentialsServer(ctx, port, tunnelClient, log)
 }
 
 func configureGitUserLocally(ctx context.Context, userName string, client tunnel.TunnelClient) error {
@@ -303,46 +209,3 @@ func (f *forwarder) StopForward(port string) error {
 	_, err := f.client.StopForwardPort(f.ctx, &tunnel.StopForwardPortRequest{Port: port})
 	return err
 }
-
-// dockerCredentialsAllowed checks if the runner allows docker credential forwarding
-// if we can connect to it
-func dockerCredentialsAllowed(runnerAddr string) bool {
-	if runnerAddr == "" {
-		return true
-	}
-
-	rawJSON, err := json.Marshal(&dockercredentials.Request{})
-	if err != nil {
-		return false
-	}
-	res, err := devpodhttp.GetHTTPClient().Post(fmt.Sprintf("http://%s/%s", runnerAddr, "docker-credentials"),
-		"application/json", bytes.NewReader(rawJSON))
-
-	return res.StatusCode == http.StatusOK && err == nil
-}
-
-// gitCredentialsAllowed checks if the runner allows git credential forwarding
-// if we can connect to it
-func gitCredentialsAllowed(runnerAddr string) bool {
-	if runnerAddr == "" {
-		return true
-	}
-
-	res, err := devpodhttp.GetHTTPClient().Post(fmt.Sprintf("http://%s/%s", runnerAddr, "git-credentials"),
-		"application/json", bytes.NewReader([]byte("")))
-
-	return res.StatusCode == http.StatusOK && err == nil
-}
-
-// checkRunnerCredentialServer tries to contact the runner credentials server
-// and returns it's host:port address if available
-func checkRunnerCredentialServer(runnerPort int) string {
-	runnerAddr := net.JoinHostPort("localhost", strconv.Itoa(runnerPort))
-	runnerAvailable, _ := portpkg.IsAvailable(runnerAddr)
-	if runnerAvailable {
-		// If the port is free we don't have to check in with runner server
-		return ""
-	}
-
-	return runnerAddr
-}