(t *testing.T)
| 1169 | } |
| 1170 | |
| 1171 | func TestWorkspaceAgentTailnetDirectDisabled(t *testing.T) { |
| 1172 | t.Parallel() |
| 1173 | |
| 1174 | dv := coderdtest.DeploymentValues(t) |
| 1175 | err := dv.DERP.Config.BlockDirect.Set("true") |
| 1176 | require.NoError(t, err) |
| 1177 | require.True(t, dv.DERP.Config.BlockDirect.Value()) |
| 1178 | |
| 1179 | client, db := coderdtest.NewWithDatabase(t, &coderdtest.Options{ |
| 1180 | DeploymentValues: dv, |
| 1181 | }) |
| 1182 | user := coderdtest.CreateFirstUser(t, client) |
| 1183 | r := dbfake.WorkspaceBuild(t, db, database.WorkspaceTable{ |
| 1184 | OrganizationID: user.OrganizationID, |
| 1185 | OwnerID: user.UserID, |
| 1186 | }).WithAgent().Do() |
| 1187 | ctx := testutil.Context(t, testutil.WaitLong) |
| 1188 | |
| 1189 | // Verify that the manifest has DisableDirectConnections set to true. |
| 1190 | agentClient := agentsdk.New(client.URL, agentsdk.WithFixedToken(r.AgentToken)) |
| 1191 | rpc, err := agentClient.ConnectRPC(ctx) |
| 1192 | require.NoError(t, err) |
| 1193 | defer func() { |
| 1194 | cErr := rpc.Close() |
| 1195 | require.NoError(t, cErr) |
| 1196 | }() |
| 1197 | aAPI := agentproto.NewDRPCAgentClient(rpc) |
| 1198 | manifest := requireGetManifest(ctx, t, aAPI) |
| 1199 | require.True(t, manifest.DisableDirectConnections) |
| 1200 | |
| 1201 | _ = agenttest.New(t, client.URL, r.AgentToken) |
| 1202 | resources := coderdtest.AwaitWorkspaceAgents(t, client, r.Workspace.ID) |
| 1203 | agentID := resources[0].Agents[0].ID |
| 1204 | |
| 1205 | // Verify that the connection data has no STUN ports and |
| 1206 | // DisableDirectConnections set to true. |
| 1207 | res, err := client.Request(ctx, http.MethodGet, fmt.Sprintf("/api/v2/workspaceagents/%s/connection", agentID), nil) |
| 1208 | require.NoError(t, err) |
| 1209 | defer res.Body.Close() |
| 1210 | require.Equal(t, http.StatusOK, res.StatusCode) |
| 1211 | var connInfo workspacesdk.AgentConnectionInfo |
| 1212 | err = json.NewDecoder(res.Body).Decode(&connInfo) |
| 1213 | require.NoError(t, err) |
| 1214 | require.True(t, connInfo.DisableDirectConnections) |
| 1215 | for _, region := range connInfo.DERPMap.Regions { |
| 1216 | t.Logf("region %s (%v)", region.RegionCode, region.EmbeddedRelay) |
| 1217 | for _, node := range region.Nodes { |
| 1218 | t.Logf(" node %s (stun %d)", node.Name, node.STUNPort) |
| 1219 | require.EqualValues(t, -1, node.STUNPort) |
| 1220 | // tailnet.NewDERPMap() will create nodes with "stun" in the name, |
| 1221 | // but not if direct is disabled. |
| 1222 | require.NotContains(t, node.Name, "stun") |
| 1223 | require.False(t, node.STUNOnly) |
| 1224 | } |
| 1225 | } |
| 1226 | |
| 1227 | conn, err := workspacesdk.New(client). |
| 1228 | DialAgent(ctx, resources[0].Agents[0].ID, &workspacesdk.DialAgentOptions{ |
nothing calls this directly
no test coverage detected